/** * Check if the password is correct * @param string $uid The username * @param string $password The password * @return false|string * * Check if the password is correct without logging in the user */ public function checkPassword($uid, $password) { $uid = $this->access->escapeFilterPart($uid); //find out dn of the user name $attrs = array($this->access->connection->ldapUserDisplayName, 'dn', 'uid', 'samaccountname'); $filter = \OCP\Util::mb_str_replace( '%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8'); $users = $this->access->fetchListOfUsers($filter, $attrs); if(count($users) < 1) { return false; } $dn = $users[0]['dn']; $user = $this->access->userManager->get($dn); if(!$user instanceof User) { \OCP\Util::writeLog('user_ldap', 'LDAP Login: Could not get user object for DN ' . $dn . '. Maybe the LDAP entry has no set display name attribute?', \OCP\Util::WARN); return false; } if($user->getUsername() !== false) { //are the credentials OK? if(!$this->access->areCredentialsValid($dn, $password)) { return false; } $user->markLogin(); if(isset($users[0][$this->access->connection->ldapUserDisplayName])) { $dpn = $users[0][$this->access->connection->ldapUserDisplayName]; $user->storeDisplayName($dpn); } if(isset($users[0]['uid'])) { $user->storeLDAPUserName($users[0]['uid']); } else if(isset($users[0]['samaccountname'])) { $user->storeLDAPUserName($users[0]['samaccountname']); } return $user->getUsername(); } return false; }
/** * @brief Check if the password is correct * @param $uid The username * @param $password The password * @returns true/false * * Check if the password is correct without logging in the user */ public function checkPassword($uid, $password) { //find out dn of the user name $filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->connection->ldapLoginFilter, 'UTF-8'); $ldap_users = $this->fetchListOfUsers($filter, 'dn'); if (count($ldap_users) < 1) { return false; } $dn = $ldap_users[0]; //are the credentials OK? if (!$this->areCredentialsValid($dn, $password)) { return false; } //do we have a username for him/her? $ocname = $this->dn2username($dn); if ($ocname) { //update some settings, if necessary $this->updateQuota($dn); $this->updateEmail($dn); //give back the display name return $ocname; } return false; }
/** * @param string $name * @return bool|mixed|string */ public function sanitizeUsername($name) { if ($this->connection->ldapIgnoreNamingRules) { return $name; } // Transliteration // latin characters to ASCII $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); // Replacements $name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8'); // Every remaining disallowed characters will be removed $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); return $name; }
/** * counts the users in LDAP * * @return int|bool */ public function countUsers() { $filter = \OCP\Util::mb_str_replace('%uid', '*', $this->access->connection->ldapLoginFilter, 'UTF-8'); $cacheKey = 'countUsers-' . $filter; if (!is_null($entries = $this->access->connection->getFromCache($cacheKey))) { return $entries; } $entries = $this->access->countUsers($filter); $this->access->connection->writeToCache($cacheKey, $entries); return $entries; }
/** * counts the users in LDAP * * @return int | bool */ public function countUsers() { $filter = \OCP\Util::mb_str_replace('%uid', '*', $this->access->connection->ldapLoginFilter, 'UTF-8'); $entries = $this->access->countUsers($filter); return $entries; }
/** * @return bool|WizardResult * @param string $loginName * @throws \Exception */ public function testLoginName($loginName) { if (!$this->checkRequirements(array('ldapHost', 'ldapPort', 'ldapBase', 'ldapLoginFilter'))) { return false; } $cr = $this->access->connection->getConnectionResource(); if (!$this->ldap->isResource($cr)) { throw new \Exception('connection error'); } if (mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8') === false) { throw new \Exception('missing placeholder'); } $users = $this->access->fetchUsersByLoginName($loginName); if ($this->ldap->errno($cr) !== 0) { throw new \Exception($this->ldap->error($cr)); } $filter = \OCP\Util::mb_str_replace('%uid', $loginName, $this->access->connection->ldapLoginFilter, 'UTF-8'); $this->result->addChange('ldap_test_loginname', count($users)); $this->result->addChange('ldap_test_effective_filter', $filter); return $this->result; }
/** * @brief get a list of all users in a group * @returns array with user ids */ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) { if (!$this->enabled) { return array(); } $cachekey = 'usersInGroup-' . $gid . '-' . $search . '-' . $limit . '-' . $offset; // check for cache of the exact query $groupUsers = $this->connection->getFromCache($cachekey); if (!is_null($groupUsers)) { return $groupUsers; } // check for cache of the query without limit and offset $groupUsers = $this->connection->getFromCache('usersInGroup-' . $gid . '-' . $search); if (!is_null($groupUsers)) { $groupUsers = array_slice($groupUsers, $offset, $limit); $this->connection->writeToCache($cachekey, $groupUsers); return $groupUsers; } if ($limit == -1) { $limit = null; } $groupDN = $this->groupname2dn($gid); if (!$groupDN) { // group couldn't be found, return empty resultset $this->connection->writeToCache($cachekey, array()); return array(); } $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr); if (!$members) { //in case users could not be retrieved, return empty resultset $this->connection->writeToCache($cachekey, array()); return array(); } $search = empty($search) ? '*' : '*' . $search . '*'; $groupUsers = array(); $isMemberUid = strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid'; foreach ($members as $member) { if ($isMemberUid) { //we got uids, need to get their DNs to 'tranlsate' them to usernames $filter = $this->combineFilterWithAnd(array(\OCP\Util::mb_str_replace('%uid', $member, $this->connection > ldapLoginFilter, 'UTF-8'), $this->connection->ldapUserDisplayName . '=' . $search)); $ldap_users = $this->fetchListOfUsers($filter, 'dn'); if (count($ldap_users) < 1) { continue; } $groupUsers[] = $this->dn2username($ldap_users[0]); } else { //we got DNs, check if we need to filter by search or we can give back all of them if ($search != '*') { if (!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName . '=' . $search)) { continue; } } // dn2username will also check if the users belong to the allowed base if ($ocname = $this->dn2username($member)) { $groupUsers[] = $ocname; } } } natsort($groupUsers); $this->connection->writeToCache('usersInGroup-' . $gid . '-' . $search, $groupUsers); $groupUsers = array_slice($groupUsers, $offset, $limit); $this->connection->writeToCache($cachekey, $groupUsers); return $groupUsers; }
/** * returns the number of users in a group, who match the search term * @param string $gid the internal group name * @param string $search optional, a search string * @return int|bool */ public function countUsersInGroup($gid, $search = '') { $cacheKey = 'countUsersInGroup-' . $gid . '-' . $search; if (!$this->enabled || !$this->groupExists($gid)) { return false; } $groupUsers = $this->access->connection->getFromCache($cacheKey); if (!is_null($groupUsers)) { return $groupUsers; } $groupDN = $this->access->groupname2dn($gid); if (!$groupDN) { // group couldn't be found, return empty result set $this->access->connection->writeToCache($cacheKey, false); return false; } $members = array_keys($this->_groupMembers($groupDN)); if (!$members) { //in case users could not be retrieved, return empty result set $this->access->connection->writeToCache($cacheKey, false); return false; } if (empty($search)) { $groupUsers = count($members); $this->access->connection->writeToCache($cacheKey, $groupUsers); return $groupUsers; } $isMemberUid = strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid'; //we need to apply the search filter //alternatives that need to be checked: //a) get all users by search filter and array_intersect them //b) a, but only when less than 1k 10k ?k users like it is //c) put all DNs|uids in a LDAP filter, combine with the search string // and let it count. //For now this is not important, because the only use of this method //does not supply a search string $groupUsers = array(); foreach ($members as $member) { if ($isMemberUid) { //we got uids, need to get their DNs to 'translate' them to user names $filter = $this->access->combineFilterWithAnd(array(\OCP\Util::mb_str_replace('%uid', $member, $this->access->connection->ldapLoginFilter, 'UTF-8'), $this->access->getFilterPartForUserSearch($search))); $ldap_users = $this->access->fetchListOfUsers($filter, 'dn'); if (count($ldap_users) < 1) { continue; } $groupUsers[] = $this->access->dn2username($ldap_users[0]); } else { //we need to apply the search filter now if (!$this->access->readAttribute($member, $this->access->connection->ldapUserDisplayName, $this->access->getFilterPartForUserSearch($search))) { continue; } // dn2username will also check if the users belong to the allowed base if ($ocname = $this->access->dn2username($member)) { $groupUsers[] = $ocname; } } } //and get users that have the group as primary $primaryUsers = $this->getUsersInPrimaryGroup($groupDN); $groupUsers = array_unique(array_merge($groupUsers, $primaryUsers)); return count($groupUsers); }
public function initializeUser($uuid) { //check backend status if (!$this->enabled) { return false; } $this->connect(); $uuid = $this->access->escapeFilterPart($uuid); $filter = \OCP\Util::mb_str_replace('%uid', $uuid, $this->access->connection->ldapLoginFilter, 'UTF-8'); $users = $this->getUsers($filter, 'dn'); if (count($users) === 1 && $users[0]['count'] === 1) { $dn = $users[0][0]; $this->ldap->dn2ocname($dn); //creates table entries and folders return true; } return false; }
/** * @brief get a list of all users in a group * @returns array with user ids */ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) { if (!$this->enabled) { return array(); } $this->groupSearch = $search; if ($this->connection->isCached('usersInGroup' . $gid)) { $groupUsers = $this->connection->getFromCache('usersInGroup' . $gid); if (!empty($this->groupSearch)) { $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter')); } if ($limit == -1) { $limit = null; } return array_slice($groupUsers, $offset, $limit); } $groupDN = $this->groupname2dn($gid); if (!$groupDN) { $this->connection->writeToCache('usersInGroup' . $gid, array()); return array(); } $members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr); if (!$members) { $this->connection->writeToCache('usersInGroup' . $gid, array()); return array(); } $result = array(); $isMemberUid = strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid'; foreach ($members as $member) { if ($isMemberUid) { $filter = \OCP\Util::mb_str_replace('%uid', $member, $this->connection->ldapLoginFilter, 'UTF-8'); $ldap_users = $this->fetchListOfUsers($filter, 'dn'); if (count($ldap_users) < 1) { continue; } $result[] = $this->dn2username($ldap_users[0]); continue; } else { if ($ocname = $this->dn2username($member)) { $result[] = $ocname; } } } if (!$isMemberUid) { $result = array_intersect($result, \OCP\User::getUsers()); } $groupUsers = array_unique($result, SORT_LOCALE_STRING); $this->connection->writeToCache('usersInGroup' . $gid, $groupUsers); if (!empty($this->groupSearch)) { $groupUsers = array_filter($groupUsers, array($this, 'groupMatchesFilter')); } if ($limit == -1) { $limit = null; } return array_slice($groupUsers, $offset, $limit); }