nextcloud · blizzz · Jul 28, 2016 · Jul 22, 2016 · Jul 22, 2016 · Jul 25, 2016
@@ -60,7 +60,7 @@
 	\OC::$server->getDatabaseConnection(),
 	\OC::$server->getUserManager());
 
-$access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager);
+$access = new \OCA\User_LDAP\Access($con, $ldapWrapper, $userManager, new \OCA\User_LDAP\Helper());
 
 $wizard = new \OCA\User_LDAP\Wizard($configuration, $ldapWrapper, $access);
 

@@ -44,7 +44,7 @@
 		\OC::$server->getUserManager()
 	);
 	$connector = new OCA\User_LDAP\Connection($ldapWrapper, $configPrefixes[0]);
-	$ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager);
+	$ldapAccess = new OCA\User_LDAP\Access($connector, $ldapWrapper, $userManager, $helper);
 
 	$ldapAccess->setUserMapper(new OCA\User_LDAP\Mapping\UserMapping($dbc));
 	$ldapAccess->setGroupMapper(new OCA\User_LDAP\Mapping\GroupMapping($dbc));

@@ -4,6 +4,7 @@
  *
  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  * @author Christopher Schäpers <kondou@ts.unde.re>
+ * @author Roger Szabo <roger.szabo@web.de>
  *
  * @license AGPL-3.0
  *
@@ -24,3 +25,6 @@
 if($state === 'doSet') {
 	OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
 }
+
+$helper = new \OCA\User_LDAP\Helper();
+$helper->setLDAPProvider();
@@ -0,0 +1,24 @@
+<?php
+/**
+ *
+ * @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+$helper = new \OCA\User_LDAP\Helper();
+$helper->setLDAPProvider();
@@ -20,6 +20,7 @@
  * @author Ralph Krimmel <rkrimme1@gwdg.de>
  * @author Renaud Fortier <Renaud.Fortier@fsaa.ulaval.ca>
  * @author Robin McCorkell <robin@mccorkell.me.uk>
+ * @author Roger Szabo <roger.szabo@web.de>
  *
  * @license AGPL-3.0
  *
@@ -77,13 +78,19 @@ class Access extends LDAPUtility implements IUserTools {
 	* @var AbstractMapping $userMapper
 	*/
 	protected $groupMapper;
+
+	/**
+	 * @var \OCA\User_LDAP\Helper
+	 */
+	private $helper;
 
 	public function __construct(Connection $connection, ILDAPWrapper $ldap,
-		Manager $userManager) {
+		Manager $userManager, Helper $helper) {
 		parent::__construct($ldap);
 		$this->connection = $connection;
 		$this->userManager = $userManager;
 		$this->userManager->setLdapAccess($this);
+		$this->helper = $helper;
 	}
 
 	/**
@@ -173,7 +180,7 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
 		// (cf. #12306), 500 is default for paging and should work everywhere.
 		$maxResults = $pagingSize > 20 ? $pagingSize : 500;
 		$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
-		$dn = $this->DNasBaseParameter($dn);
+		$dn = $this->helper->DNasBaseParameter($dn);
 		$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
 		if(!$this->ldap->isResource($rr)) {
 			if(!empty($attr)) {
@@ -201,7 +208,7 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
 			$values = array();
 			for($i=0;$i<$result[$attr]['count'];$i++) {
 				if($this->resemblesDN($attr)) {
-					$values[] = $this->sanitizeDN($result[$attr][$i]);
+					$values[] = $this->helper->sanitizeDN($result[$attr][$i]);
 				} elseif(strtolower($attr) === 'objectguid' || strtolower($attr) === 'guid') {
 					$values[] = $this->convertObjectGUID2Str($result[$attr][$i]);
 				} else {
@@ -242,49 +249,6 @@ public function stringResemblesDN($string) {
 		return (is_array($r) && count($r) > 1);
 	}
 
-	/**
-	 * sanitizes a DN received from the LDAP server
-	 * @param array $dn the DN in question
-	 * @return array the sanitized DN
-	 */
-	private function sanitizeDN($dn) {
-		//treating multiple base DNs
-		if(is_array($dn)) {
-			$result = array();
-			foreach($dn as $singleDN) {
-				$result[] = $this->sanitizeDN($singleDN);
-			}
-			return $result;
-		}
-
-		//OID sometimes gives back DNs with whitespace after the comma
-		// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
-		$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
-
-		//make comparisons and everything work
-		$dn = mb_strtolower($dn, 'UTF-8');
-
-		//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
-		//to use the DN in search filters, \ needs to be escaped to \5c additionally
-		//to use them in bases, we convert them back to simple backslashes in readAttribute()
-		$replacements = array(
-			'\,' => '\5c2C',
-			'\=' => '\5c3D',
-			'\+' => '\5c2B',
-			'\<' => '\5c3C',
-			'\>' => '\5c3E',
-			'\;' => '\5c3B',
-			'\"' => '\5c22',
-			'\#' => '\5c23',
-			'('  => '\28',
-			')'  => '\29',
-			'*'  => '\2A',
-		);
-		$dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
-
-		return $dn;
-	}
-
 	/**
 	 * returns a DN-string that is cleaned from not domain parts, e.g.
 	 * cn=foo,cn=bar,dc=foobar,dc=server,dc=org
@@ -1071,10 +1035,10 @@ private function search($filter, $base, $attr = null, $limit = null, $offset = n
 						}
 						if($key !== 'dn') {
 							$selection[$i][$key] = $this->resemblesDN($key) ?
-								$this->sanitizeDN($item[$key])
+								$this->helper->sanitizeDN($item[$key])
 								: $item[$key];
 						} else {
-							$selection[$i][$key] = [$this->sanitizeDN($item[$key])];
+							$selection[$i][$key] = [$this->helper->sanitizeDN($item[$key])];
 						}
 					}
 
@@ -1298,7 +1262,7 @@ public function getFilterForUserCount() {
 	 * @return bool
 	 */
 	public function areCredentialsValid($name, $password) {
-		$name = $this->DNasBaseParameter($name);
+		$name = $this->helper->DNasBaseParameter($name);
 		$testConnection = clone $this->connection;
 		$credentials = array(
 			'ldapAgentName' => $name,
@@ -1569,15 +1533,6 @@ public function convertSID2Str($sid) {
 		return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
 	}
 
-	/**
-	 * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
-	 * @param string $dn the DN
-	 * @return string
-	 */
-	private function DNasBaseParameter($dn) {
-		return str_ireplace('\\5c', '\\', $dn);
-	}
-
 	/**
 	 * checks if the given DN is part of the given base DN(s)
 	 * @param string $dn the DN
@@ -1586,7 +1541,7 @@ private function DNasBaseParameter($dn) {
 	 */
 	public function isDNPartOfBase($dn, $bases) {
 		$belongsToBase = false;
-		$bases = $this->sanitizeDN($bases);
+		$bases = $this->helper->sanitizeDN($bases);
 
 		foreach($bases as $base) {
 			$belongsToBase = true;

@@ -11,6 +11,7 @@
  * @author Morris Jobke <hey@morrisjobke.de>
  * @author Robin Appelman <robin@icewind.nl>
  * @author Robin McCorkell <robin@mccorkell.me.uk>
+ * @author Roger Szabo <roger.szabo@web.de>
  *
  * @license AGPL-3.0
  *
@@ -52,6 +53,8 @@ class Connection extends LDAPUtility {
 	private $configID;
 	private $configured = false;
 	private $hasPagedResultSupport = true;
+	//whether connection should be kept on __destruct
+	private $dontDestruct = false;
 
 	/**
 	 * @var bool runtime flag that indicates whether supported primary groups are available
@@ -93,7 +96,7 @@ public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID =
 	}
 
 	public function __destruct() {
-		if($this->ldap->isResource($this->ldapConnectionRes)) {
+		if(!$this->dontDestruct && $this->ldap->isResource($this->ldapConnectionRes)) {
 			@$this->ldap->unbind($this->ldapConnectionRes);
 		};
 	}
@@ -105,6 +108,7 @@ public function __clone() {
 		$this->configuration = new Configuration($this->configPrefix,
 												 !is_null($this->configID));
 		$this->ldapConnectionRes = null;
+		$this->dontDestruct = true;
 	}
 
 	/**

@@ -10,6 +10,7 @@
  * @author Morris Jobke <hey@morrisjobke.de>
  * @author Thomas Müller <thomas.mueller@tmit.eu>
  * @author Vincent Petry <pvince81@owncloud.com>
+ * @author Roger Szabo <roger.szabo@web.de>
  *
  * @license AGPL-3.0
  *
@@ -183,6 +184,70 @@ public function getDomainFromURL($url) {
 
 		return $domain;
 	}
+
+	/**
+	 *
+	 * Set the LDAPProvider in the config
+	 *
+	 */
+	public function setLDAPProvider() {
+		$current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null);
+		if(is_null($current)) {
+			\OC::$server->getConfig()->setSystemValue('ldapProviderFactory', '\\OCA\\User_LDAP\\LDAPProviderFactory');
+		}
+	}
+
+	/**
+	 * sanitizes a DN received from the LDAP server
+	 * @param array $dn the DN in question
+	 * @return array the sanitized DN
+	 */
+	public function sanitizeDN($dn) {
+		//treating multiple base DNs
+		if(is_array($dn)) {
+			$result = array();
+			foreach($dn as $singleDN) {
+				$result[] = $this->sanitizeDN($singleDN);
+			}
+			return $result;
+		}
+
+		//OID sometimes gives back DNs with whitespace after the comma
+		// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
+		$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
+
+		//make comparisons and everything work
+		$dn = mb_strtolower($dn, 'UTF-8');
+
+		//escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
+		//to use the DN in search filters, \ needs to be escaped to \5c additionally
+		//to use them in bases, we convert them back to simple backslashes in readAttribute()
+		$replacements = array(
+			'\,' => '\5c2C',
+			'\=' => '\5c3D',
+			'\+' => '\5c2B',
+			'\<' => '\5c3C',
+			'\>' => '\5c3E',
+			'\;' => '\5c3B',
+			'\"' => '\5c22',
+			'\#' => '\5c23',
+			'('  => '\28',
+			')'  => '\29',
+			'*'  => '\2A',
+		);
+		$dn = str_replace(array_keys($replacements), array_values($replacements), $dn);
+
+		return $dn;
+	}
+
+	/**
+	 * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
+	 * @param string $dn the DN
+	 * @return string
+	 */
+	public function DNasBaseParameter($dn) {
+		return str_ireplace('\\5c', '\\', $dn);
+	}
 
 	/**
 	 * listens to a hook thrown by server2server sharing and replaces the given

@@ -0,0 +1,49 @@
+<?php
+/**
+ *
+ * @copyright Copyright (c) 2016, Roger Szabo (roger.szabo@web.de)
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_LDAP;
+
+interface IUserLDAP {
+
+	//Functions used by LDAPProvider
+
+	/**
+	 * Return access for LDAP interaction.
+	 * @param string $uid
+	 * @return Access instance of Access for LDAP interaction
+	 */
+	public function getLDAPAccess($uid);
+
+	/**
+	 * Return a new LDAP connection for the specified user.
+	 * @param string $uid
+	 * @return resource of the LDAP connection
+	 */
+	public function getNewLDAPConnection($uid);
+
+	/**
+	 * Return the username for the given LDAP DN, if available.
+	 * @param string $dn
+	 * @return string|false with the username
+	 */
+	public function dn2UserName($dn);
+}
@@ -188,7 +188,7 @@ static private function getGroupBE() {
 				$dbc,
 				\OC::$server->getUserManager());
 			$connector = new Connection($ldapWrapper, $configPrefixes[0]);
-			$ldapAccess = new Access($connector, $ldapWrapper, $userManager);
+			$ldapAccess = new Access($connector, $ldapWrapper, $userManager, $helper);
 			$groupMapper = new GroupMapping($dbc);
 			$userMapper  = new UserMapping($dbc);
 			$ldapAccess->setGroupMapper($groupMapper);