Skip to content

[stable11] Add layer on top of LDAP methods to catch server disconnects and attempt re-connection #5128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
blizzz merged 4 commits into from
Jun 1, 2017
Merged

[stable11] Add layer on top of LDAP methods to catch server disconnects and attempt re-connection #5128

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3f176a7
special case for controlPagedResultResponse. It would be nice if ther…
bline May 20, 2017
1b4b7b6
moved to something a little less invasive. back to passing CR around.
bline May 21, 2017
973f9bf
make sure used ldap connection resource is always up to date
blizzz May 24, 2017
351204e
fix paging
blizzz May 26, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
moved to something a little less invasive. back to passing CR around. 
Signed-off-by: Arthur Schiwon <[email protected]>
  • Loading branch information
@bline @blizzz
bline authored and blizzz committed May 26, 2017
commit 1b4b7b639f46cc1076bf3fa67062db07513ff982
71 changes: 37 additions & 34 deletions apps/user_ldap/lib/Access.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,12 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
\OCP\Util::WARN);
return false;
}
$cr = $this->connection->getConnectionResource();
if(!$this->ldap->isResource($cr)) {
//LDAP not available
\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
return false;
}
//Cancel possibly running Paged Results operation, otherwise we run in
//LDAP protocol errors
$this->abandonPagedSearch();
Expand All @@ -180,7 +186,7 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
$maxResults = $pagingSize > 20 ? $pagingSize : 500;
$this->initPagedSearch($filter, array($dn), array($attr), $maxResults, 0);
$dn = $this->helper->DNasBaseParameter($dn);
$rr = @$this->invokeLDAPMethod('read', $dn, $filter, array($attr));
$rr = @$this->invokeLDAPMethod('read', $cr, $dn, $filter, array($attr));
if(!$this->ldap->isResource($rr)) {
if ($attr !== '') {
//do not throw this message on userExists check, irritates
Expand All @@ -189,18 +195,18 @@ public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
//in case an error occurs , e.g. object does not exist
return false;
}
if ($attr === '' && ($filter === 'objectclass=*' || $this->invokeLDAPMethod('countEntries', $rr) === 1)) {
if ($attr === '' && ($filter === 'objectclass=*' || $this->invokeLDAPMethod('countEntries', $cr, $rr) === 1)) {
\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
return array();
}
$er = $this->invokeLDAPMethod('firstEntry', $rr);
$er = $this->invokeLDAPMethod('firstEntry', $cr, $rr);
if(!$this->ldap->isResource($er)) {
//did not match the filter, return false
return false;
}
//LDAP attributes are not case sensitive
$result = \OCP\Util::mb_array_change_key_case(
$this->invokeLDAPMethod('getAttributes', $er), MB_CASE_LOWER, 'UTF-8');
$this->invokeLDAPMethod('getAttributes', $cr, $er), MB_CASE_LOWER, 'UTF-8');
$attr = mb_strtolower($attr, 'UTF-8');

if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
Expand Down Expand Up @@ -233,8 +239,14 @@ public function setPassword($userDN, $password) {
if(intval($this->connection->turnOnPasswordChange) !== 1) {
throw new \Exception('LDAP password changes are disabled.');
}
$cr = $this->connection->getConnectionResource();
if(!$this->ldap->isResource($cr)) {
//LDAP not available
\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
return false;
}
try {
return $this->invokeLDAPMethod('modReplace', $userDN, $password);
return $this->invokeLDAPMethod('modReplace', $cr, $userDN, $password);
} catch(ConstraintViolationException $e) {
throw new HintException('Password change rejected.', \OC::$server->getL10N('user_ldap')->t('Password change rejected. Hint: ').$e->getMessage(), $e->getCode());
}
Expand Down Expand Up @@ -823,21 +835,22 @@ public function countObjects($limit = null, $offset = null) {
return $this->count('objectclass=*', $this->connection->ldapBase, array('dn'), $limit, $offset);
}

/**
* Returns the LDAP handler
* @throws \OC\ServerNotAvailableException
*/

/**
* @return mixed
* @throws \OC\ServerNotAvailableException
*/
private function invokeLDAPMethod() {
$arguments = func_get_args();
$command = array_shift($arguments);
$cr = array_shift($arguments);
if (!method_exists($this->ldap, $command)) {
return null;
}
$cr = $this->connection->getConnectionResource();
if(!$this->ldap->isResource($cr)) {
// Seems like we didn't find any resource.
\OCP\Util::writeLog('user_ldap', "Could not $command, because resource is missing.", \OCP\Util::DEBUG);
return false;
}
array_unshift($arguments, $cr);
// php no longer supports call-time pass-by-reference
// make special case for controlPagedResultResponse as the third argument is a reference
Expand Down Expand Up @@ -875,6 +888,7 @@ private function invokeLDAPMethod() {
* @param int $offset optional, a starting point
* @return array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful
* @throws \OC\ServerNotAvailableException
*/
private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
if(!is_null($attr) && !is_array($attr)) {
Expand All @@ -894,23 +908,7 @@ private function executeSearch($filter, $base, &$attr = null, $limit = null, $of
$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, intval($limit), $offset);

$linkResources = array_pad(array(), count($base), $cr);
try {
$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
} catch (ServerNotAvailableException $e) {
/* Server connection lost, attempt to reestablish it
* According to MS docs, LDAP cookies survive reconnects
*/
\OCP\Util::writeLog('user_ldap', "Connection lost on search, attempting to reestablish.", \OCP\Util::DEBUG);
$this->connection = clone $this->connection;
$cr = $this->connection->getConnectionResource();
if(!$this->ldap->isResource($cr)) {
// Seems like we didn't find any resource.
\OCP\Util::writeLog('user_ldap', "Could not search, because resource is missing.", \OCP\Util::DEBUG);
return false;
}
$linkResources = array_pad(array(), count($base), $cr);
$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
}
$sr = $this->invokeLDAPMethod('search', $linkResources, $base, $filter, $attr);
$error = $this->ldap->errno($cr);
if(!is_array($sr) || $error !== 0) {
\OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
Expand Down Expand Up @@ -938,7 +936,7 @@ private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $li
if($pagedSearchOK) {
$cr = $this->connection->getConnectionResource();
foreach($sr as $key => $res) {
if($this->invokeLDAPMethod('controlPagedResultResponse', $res, $cookie)) {
if($this->invokeLDAPMethod('controlPagedResultResponse', $cr, $res, $cookie)) {
$this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
}
}
Expand Down Expand Up @@ -1027,7 +1025,7 @@ private function countEntriesInSearchResults($searchResults) {
$counter = 0;

foreach($searchResults as $res) {
$count = intval($this->invokeLDAPMethod('countEntries', $res));
$count = intval($this->invokeLDAPMethod('countEntries', $cr, $res));
$counter += $count;
}

Expand Down Expand Up @@ -1077,7 +1075,7 @@ private function search($filter, $base, $attr = null, $limit = null, $offset = n
}

foreach($sr as $res) {
$findings = array_merge($findings, $this->invokeLDAPMethod('getEntries', $res));
$findings = array_merge($findings, $this->invokeLDAPMethod('getEntries', $cr, $res));
}

$continue = $this->processPagedSearchStatus($sr, $filter, $base, $findings['count'],
Expand Down Expand Up @@ -1639,7 +1637,8 @@ public function isDNPartOfBase($dn, $bases) {
*/
private function abandonPagedSearch() {
if($this->connection->hasPagedResultSupport) {
$this->invokeLDAPMethod('controlPagedResult', 0, false, $this->lastCookie);
$cr = $this->connection->getConnectionResource();
$this->invokeLDAPMethod('controlPagedResult', $cr, 0, false, $this->lastCookie);
$this->getPagedSearchResultState();
$this->lastCookie = '';
$this->cookies = array();
Expand Down Expand Up @@ -1765,7 +1764,9 @@ private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
if(!is_null($cookie)) {
//since offset = 0, this is a new search. We abandon other searches that might be ongoing.
$this->abandonPagedSearch();
$pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult', $limit, false, $cookie);
$pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult',
$this->connection->getConnectionResource(), $limit,
false, $cookie);
if(!$pagedSearchOK) {
return false;
}
Expand All @@ -1791,7 +1792,9 @@ private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
// in case someone set it to 0 … use 500, otherwise no results will
// be returned.
$pageSize = intval($this->connection->ldapPagingSize) > 0 ? intval($this->connection->ldapPagingSize) : 500;
$pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult', $pageSize, false, '');
$pagedSearchOK = $this->invokeLDAPMethod('controlPagedResult',
$this->connection->getConnectionResource(),
$pageSize, false, '');
}

return $pagedSearchOK;
Expand Down