Skip to content

[stable20] Avoid PHP errors when the LDAP attribute is not found #29314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
skjnldsv merged 5 commits into from
Nov 4, 2021
Merged

[stable20] Avoid PHP errors when the LDAP attribute is not found #29314

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
355bf52
Avoid PHP errors when the LDAP attribute is not found
come-nc Oct 12, 2021
3f8ea18
Use Psr\Log\LoggerInterface in OCA\User_LDAP\Access
come-nc Oct 12, 2021
63f29ca
Fix two mistakes in previous migration to LoggerInterface in OCA\User…
come-nc Oct 14, 2021
07c9dc0
Use Psr\Log\LoggerInterface where it can easily be used in user_ldap
come-nc Oct 14, 2021
349f4f6
Fix Access constructor call
come-nc Oct 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Use Psr\Log\LoggerInterface where it can easily be used in user_ldap 
Signed-off-by: Côme Chilliet <[email protected]>
  • Loading branch information
@come-nc @blizzz
come-nc authored and blizzz committed Oct 29, 2021
commit 07c9dc0e4ea399624dca58d46e93dd7128993bac
70 changes: 36 additions & 34 deletions apps/user_ldap/lib/Connection.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
namespace OCA\User_LDAP;

use OC\ServerNotAvailableException;
use OCP\ILogger;
use Psr\Log\LoggerInterface;

/**
* magic properties (incomplete)
Expand Down Expand Up @@ -104,6 +104,9 @@ class Connection extends LDAPUtility {

protected $bindResult = [];

/** @var LoggerInterface */
protected $logger;

/**
* Constructor
* @param ILDAPWrapper $ldap
Expand All @@ -123,6 +126,7 @@ public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID =
$helper = new Helper(\OC::$server->getConfig());
$this->doNotValidate = !in_array($this->configPrefix,
$helper->getServerConfigurationPrefixes());
$this->logger = \OC::$server->get(LoggerInterface::class);
}

public function __destruct() {
Expand Down Expand Up @@ -209,7 +213,10 @@ public function getConnectionResource() {
$this->establishConnection();
}
if (is_null($this->ldapConnectionRes)) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Connection to server ' . $this->configuration->ldapHost, ILogger::ERROR);
$this->logger->error(
'No LDAP Connection to server ' . $this->configuration->ldapHost,
['app' => 'user_ldap']
);
throw new ServerNotAvailableException('Connection to LDAP server could not be established');
}
return $this->ldapConnectionRes;
Expand Down Expand Up @@ -381,10 +388,10 @@ private function doSoftValidation() {
&& (!is_null($this->configID))) {
$this->configuration->$effectiveSetting = 'auto';
$this->configuration->saveConfiguration();
\OCP\Util::writeLog('user_ldap',
'Illegal value for the '.
$effectiveSetting.', '.'reset to '.
'autodetect.', ILogger::INFO);
$this->logger->info(
'Illegal value for the '.$effectiveSetting.', reset to autodetect.',
['app' => 'user_ldap']
);
}
}
}
Expand All @@ -407,10 +414,9 @@ private function doSoftValidation() {
if ((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
&& $this->configuration->ldapTLS) {
$this->configuration->ldapTLS = false;
\OCP\Util::writeLog(
'user_ldap',
$this->logger->info(
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
ILogger::INFO
['app' => 'user_ldap']
);
}
}
Expand Down Expand Up @@ -450,10 +456,9 @@ private function doCriticalValidation() {
break;
}
$configurationOK = false;
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
$errorStr.'No '.$subj.' given!',
ILogger::WARN
['app' => 'user_ldap']
);
}
}
Expand All @@ -465,11 +470,11 @@ private function doCriticalValidation() {
($agent === '' && $pwd !== '')
|| ($agent !== '' && $pwd === '')
) {
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
$errorStr.'either no password is given for the user ' .
'agent or a password is given, but not an LDAP agent.',
ILogger::WARN);
['app' => 'user_ldap']
);
$configurationOK = false;
}

Expand All @@ -478,20 +483,18 @@ private function doCriticalValidation() {
$baseGroups = $this->configuration->ldapBaseGroups;

if (empty($base) && empty($baseUsers) && empty($baseGroups)) {
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
$errorStr.'Not a single Base DN given.',
ILogger::WARN
['app' => 'user_ldap']
);
$configurationOK = false;
}

if (mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
=== false) {
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
$errorStr.'login filter does not contain %uid place holder.',
ILogger::WARN
['app' => 'user_ldap']
);
$configurationOK = false;
}
Expand Down Expand Up @@ -535,34 +538,32 @@ private function establishConnection() {
return false;
}
if (!$this->ignoreValidation && !$this->configured) {
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
'Configuration is invalid, cannot connect',
ILogger::WARN
['app' => 'user_ldap']
);
return false;
}
if (!$this->ldapConnectionRes) {
if (!$this->ldap->areLDAPFunctionsAvailable()) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog(
'user_ldap',
$this->logger->error(
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
ILogger::ERROR
['app' => 'user_ldap']
);

return false;
}
if ($this->configuration->turnOffCertCheck) {
if (putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap',
$this->logger->debug(
'Turned off SSL certificate validation successfully.',
ILogger::DEBUG);
['app' => 'user_ldap']
);
} else {
\OCP\Util::writeLog(
'user_ldap',
$this->logger->warning(
'Could not turn off SSL certificate validation.',
ILogger::WARN
['app' => 'user_ldap']
);
}
}
Expand Down Expand Up @@ -672,9 +673,10 @@ public function bind() {
if (!$ldapLogin) {
$errno = $this->ldap->errno($cr);

\OCP\Util::writeLog('user_ldap',
$this->logger->warning(
'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
ILogger::WARN);
['app' => 'user_ldap']
);

// Set to failure mode, if LDAP error code is not one of
// - LDAP_SUCCESS (0)
Expand Down
6 changes: 3 additions & 3 deletions apps/user_ldap/lib/Group_LDAP.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
use OC\ServerNotAvailableException;
use OCP\Group\Backend\IGetDisplayNameBackend;
use OCP\GroupInterface;
use OCP\ILogger;
use Psr\Log\LoggerInterface;

class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
protected $enabled = false;
Expand All @@ -63,7 +63,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
protected $cachedNestedGroups;
/** @var GroupPluginManager */
protected $groupPluginManager;
/** @var ILogger */
/** @var LoggerInterface */
protected $logger;

/**
Expand All @@ -83,7 +83,7 @@ public function __construct(Access $access, GroupPluginManager $groupPluginManag
$this->cachedGroupsByMember = new CappedMemoryCache();
$this->cachedNestedGroups = new CappedMemoryCache();
$this->groupPluginManager = $groupPluginManager;
$this->logger = OC::$server->getLogger();
$this->logger = OC::$server->get(LoggerInterface::class);
$this->ldapGroupMemberAssocAttr = strtolower($gAssoc);
}

Expand Down
42 changes: 28 additions & 14 deletions apps/user_ldap/lib/User_LDAP.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,9 @@
use OCA\User_LDAP\User\OfflineUser;
use OCA\User_LDAP\User\User;
use OCP\IConfig;
use OCP\ILogger;
use OCP\IUserSession;
use OCP\Notification\IManager as INotificationManager;
use OCP\Util;
use Psr\Log\LoggerInterface;

class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP {
/** @var \OCP\IConfig */
Expand All @@ -61,6 +60,9 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
/** @var UserPluginManager */
protected $userPluginManager;

/** @var LoggerInterface */
protected $logger;

/**
* @param Access $access
* @param \OCP\IConfig $ocConfig
Expand All @@ -72,6 +74,7 @@ public function __construct(Access $access, IConfig $ocConfig, INotificationMana
$this->ocConfig = $ocConfig;
$this->notificationManager = $notificationManager;
$this->userPluginManager = $userPluginManager;
$this->logger = \OC::$server->get(LoggerInterface::class);
}

/**
Expand Down Expand Up @@ -173,17 +176,21 @@ public function checkPassword($uid, $password) {
try {
$ldapRecord = $this->getLDAPUserByLoginName($uid);
} catch (NotOnLDAP $e) {
\OC::$server->getLogger()->logException($e, ['app' => 'user_ldap', 'level' => ILogger::DEBUG]);
$this->logger->debug(
$e->getMessage(),
['app' => 'user_ldap', 'exception' => $e]
);
return false;
}
$dn = $ldapRecord['dn'][0];
$user = $this->access->userManager->get($dn);

if (!$user instanceof User) {
Util::writeLog('user_ldap',
$this->logger->warning(
'LDAP Login: Could not get user object for DN ' . $dn .
'. Maybe the LDAP entry has no set display name attribute?',
ILogger::WARN);
['app' => 'user_ldap']
);
return false;
}
if ($user->getUsername() !== false) {
Expand Down Expand Up @@ -266,16 +273,20 @@ public function getUsers($search = '', $limit = 10, $offset = 0) {
$this->access->getFilterPartForUserSearch($search)
]);

Util::writeLog('user_ldap',
$this->logger->debug(
'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
ILogger::DEBUG);
['app' => 'user_ldap']
);
//do the search and translate results to Nextcloud names
$ldap_users = $this->access->fetchListOfUsers(
$filter,
$this->access->userManager->getAttributes(true),
$limit, $offset);
$ldap_users = $this->access->nextcloudUserNames($ldap_users);
Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', ILogger::DEBUG);
$this->logger->debug(
'getUsers: '.count($ldap_users). ' Users found',
['app' => 'user_ldap']
);

$this->access->connection->writeToCache($cachekey, $ldap_users);
return $ldap_users;
Expand Down Expand Up @@ -353,8 +364,10 @@ public function userExists($uid) {
$user = $this->access->userManager->get($uid);

if (is_null($user)) {
Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '.
$this->access->connection->ldapHost, ILogger::DEBUG);
$this->logger->debug(
'No DN found for '.$uid.' on '.$this->access->connection->ldapHost,
['app' => 'user_ldap']
);
$this->access->connection->writeToCache('userExists'.$uid, false);
return false;
}
Expand All @@ -379,12 +392,13 @@ public function deleteUser($uid) {

$marked = $this->ocConfig->getUserValue($uid, 'user_ldap', 'isDeleted', 0);
if ((int)$marked === 0) {
\OC::$server->getLogger()->notice(
$this->logger->notice(
'User '.$uid . ' is not marked as deleted, not cleaning up.',
['app' => 'user_ldap']);
['app' => 'user_ldap']
);
return false;
}
\OC::$server->getLogger()->info('Cleaning up after user ' . $uid,
$this->logger->info('Cleaning up after user ' . $uid,
['app' => 'user_ldap']);

$this->access->getUserMapper()->unmap($uid); // we don't emit unassign signals here, since it is implicit to delete signals fired from core
Expand Down Expand Up @@ -619,7 +633,7 @@ public function createUser($username, $password) {
);
$this->access->cacheUserExists($username);
} else {
\OC::$server->getLogger()->warning(
$this->logger->warning(
'Failed to map created LDAP user with userid {userid}, because UUID could not be determined',
[
'app' => 'user_ldap',
Expand Down
Loading