From bec9690ff519d33d7ef3f0c8f8f8cf72b4ef059d Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 20 May 2013 14:52:36 -0400
Subject: [PATCH] Improve some options description
---
program/lib/Roundcube/rcube_ldap.php | 284 ++++++++++++++++++++++++++++++++------------------------
1 files changed, 160 insertions(+), 124 deletions(-)
diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php
index 700c6f6..70163b2 100644
--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -169,7 +169,7 @@
// Build sub_fields filter
if (!empty($this->prop['sub_fields']) && is_array($this->prop['sub_fields'])) {
$this->sub_filter = '';
- foreach ($this->prop['sub_fields'] as $attr => $class) {
+ foreach ($this->prop['sub_fields'] as $class) {
if (!empty($class)) {
$class = is_array($class) ? array_pop($class) : $class;
$this->sub_filter .= '(objectClass=' . $class . ')';
@@ -214,15 +214,16 @@
if (empty($this->prop['ldap_version']))
$this->prop['ldap_version'] = 3;
- foreach ($this->prop['hosts'] as $host)
- {
+ // try to connect + bind for every host configured
+ // with OpenLDAP 2.x ldap_connect() always succeeds but ldap_bind will fail if host isn't reachable
+ // see http://www.php.net/manual/en/function.ldap-connect.php
+ foreach ($this->prop['hosts'] as $host) {
$host = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
$hostname = $host.($this->prop['port'] ? ':'.$this->prop['port'] : '');
$this->_debug("C: Connect [$hostname] [{$this->prop['name']}]");
- if ($lc = @ldap_connect($host, $this->prop['port']))
- {
+ if ($lc = @ldap_connect($host, $this->prop['port'])) {
if ($this->prop['use_tls'] === true)
if (!ldap_start_tls($lc))
continue;
@@ -233,17 +234,117 @@
$this->prop['host'] = $host;
$this->conn = $lc;
+ if (!empty($this->prop['network_timeout']))
+ ldap_set_option($lc, LDAP_OPT_NETWORK_TIMEOUT, $this->prop['network_timeout']);
+
if (isset($this->prop['referrals']))
ldap_set_option($lc, LDAP_OPT_REFERRALS, $this->prop['referrals']);
+ }
+ else {
+ $this->_debug("S: NOT OK");
+ continue;
+ }
+
+ // See if the directory is writeable.
+ if ($this->prop['writable']) {
+ $this->readonly = false;
+ }
+
+ $bind_pass = $this->prop['bind_pass'];
+ $bind_user = $this->prop['bind_user'];
+ $bind_dn = $this->prop['bind_dn'];
+
+ $this->base_dn = $this->prop['base_dn'];
+ $this->groups_base_dn = ($this->prop['groups']['base_dn']) ?
+ $this->prop['groups']['base_dn'] : $this->base_dn;
+
+ // User specific access, generate the proper values to use.
+ if ($this->prop['user_specific']) {
+ // No password set, use the session password
+ if (empty($bind_pass)) {
+ $bind_pass = $rcube->get_user_password();
+ }
+
+ // Get the pieces needed for variable replacement.
+ if ($fu = $rcube->get_user_email())
+ list($u, $d) = explode('@', $fu);
+ else
+ $d = $this->mail_domain;
+
+ $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string
+
+ $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
+
+ if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
+ if (!empty($this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
+ $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
+ }
+
+ // Search for the dn to use to authenticate
+ $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
+ $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);
+
+ $this->_debug("S: searching with base {$this->prop['search_base_dn']} for {$this->prop['search_filter']}");
+
+ $res = @ldap_search($this->conn, $this->prop['search_base_dn'], $this->prop['search_filter'], array('uid'));
+ if ($res) {
+ if (($entry = ldap_first_entry($this->conn, $res))
+ && ($bind_dn = ldap_get_dn($this->conn, $entry))
+ ) {
+ $this->_debug("S: search returned dn: $bind_dn");
+ $dn = ldap_explode_dn($bind_dn, 1);
+ $replaces['%dn'] = $dn[0];
+ }
+ }
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
+ }
+
+ // DN not found
+ if (empty($replaces['%dn'])) {
+ if (!empty($this->prop['search_dn_default']))
+ $replaces['%dn'] = $this->prop['search_dn_default'];
+ else {
+ rcube::raise_error(array(
+ 'code' => 100, 'type' => 'ldap',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "DN not found using LDAP search."), true);
+ return false;
+ }
+ }
+ }
+
+ // Replace the bind_dn and base_dn variables.
+ $bind_dn = strtr($bind_dn, $replaces);
+ $this->base_dn = strtr($this->base_dn, $replaces);
+ $this->groups_base_dn = strtr($this->groups_base_dn, $replaces);
+
+ if (empty($bind_user)) {
+ $bind_user = $u;
+ }
+ }
+
+ if (empty($bind_pass)) {
+ $this->ready = true;
+ }
+ else {
+ if (!empty($bind_dn)) {
+ $this->ready = $this->bind($bind_dn, $bind_pass);
+ }
+ else if (!empty($this->prop['auth_cid'])) {
+ $this->ready = $this->sasl_bind($this->prop['auth_cid'], $bind_pass, $bind_user);
+ }
+ else {
+ $this->ready = $this->sasl_bind($bind_user, $bind_pass);
+ }
+ }
+
+ // connection established, we're done here
+ if ($this->ready) {
break;
}
- $this->_debug("S: NOT OK");
- }
- // See if the directory is writeable.
- if ($this->prop['writable']) {
- $this->readonly = false;
- }
+ } // end foreach hosts
if (!is_resource($this->conn)) {
rcube::raise_error(array('code' => 100, 'type' => 'ldap',
@@ -251,95 +352,6 @@
'message' => "Could not connect to any LDAP server, last tried $hostname"), true);
return false;
- }
-
- $bind_pass = $this->prop['bind_pass'];
- $bind_user = $this->prop['bind_user'];
- $bind_dn = $this->prop['bind_dn'];
-
- $this->base_dn = $this->prop['base_dn'];
- $this->groups_base_dn = ($this->prop['groups']['base_dn']) ?
- $this->prop['groups']['base_dn'] : $this->base_dn;
-
- // User specific access, generate the proper values to use.
- if ($this->prop['user_specific']) {
- // No password set, use the session password
- if (empty($bind_pass)) {
- $bind_pass = $rcube->get_user_password();
- }
-
- // Get the pieces needed for variable replacement.
- if ($fu = $rcube->get_user_email())
- list($u, $d) = explode('@', $fu);
- else
- $d = $this->mail_domain;
-
- $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string
-
- $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
-
- if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
- if (!empty($this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
- $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
- }
-
- // Search for the dn to use to authenticate
- $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
- $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);
-
- $this->_debug("S: searching with base {$this->prop['search_base_dn']} for {$this->prop['search_filter']}");
-
- $res = @ldap_search($this->conn, $this->prop['search_base_dn'], $this->prop['search_filter'], array('uid'));
- if ($res) {
- if (($entry = ldap_first_entry($this->conn, $res))
- && ($bind_dn = ldap_get_dn($this->conn, $entry))
- ) {
- $this->_debug("S: search returned dn: $bind_dn");
- $dn = ldap_explode_dn($bind_dn, 1);
- $replaces['%dn'] = $dn[0];
- }
- }
- else {
- $this->_debug("S: ".ldap_error($this->conn));
- }
-
- // DN not found
- if (empty($replaces['%dn'])) {
- if (!empty($this->prop['search_dn_default']))
- $replaces['%dn'] = $this->prop['search_dn_default'];
- else {
- rcube::raise_error(array(
- 'code' => 100, 'type' => 'ldap',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "DN not found using LDAP search."), true);
- return false;
- }
- }
- }
-
- // Replace the bind_dn and base_dn variables.
- $bind_dn = strtr($bind_dn, $replaces);
- $this->base_dn = strtr($this->base_dn, $replaces);
- $this->groups_base_dn = strtr($this->groups_base_dn, $replaces);
-
- if (empty($bind_user)) {
- $bind_user = $u;
- }
- }
-
- if (empty($bind_pass)) {
- $this->ready = true;
- }
- else {
- if (!empty($bind_dn)) {
- $this->ready = $this->bind($bind_dn, $bind_pass);
- }
- else if (!empty($this->prop['auth_cid'])) {
- $this->ready = $this->sasl_bind($this->prop['auth_cid'], $bind_pass, $bind_user);
- }
- else {
- $this->ready = $this->sasl_bind($bind_user, $bind_pass);
- }
}
return $this->ready;
@@ -1023,7 +1035,6 @@
$mail_field = $this->fieldmap['email'];
// try to extract surname and firstname from displayname
- $reverse_map = array_flip($this->fieldmap);
$name_parts = preg_split('/[\s,.]+/', $save_data['name']);
if ($sn_field && $missing[$sn_field]) {
@@ -1095,7 +1106,7 @@
// Remove attributes that need to be added separately (child objects)
$xfields = array();
if (!empty($this->prop['sub_fields']) && is_array($this->prop['sub_fields'])) {
- foreach ($this->prop['sub_fields'] as $xf => $xclass) {
+ foreach (array_keys($this->prop['sub_fields']) as $xf) {
if (!empty($newentry[$xf])) {
$xfields[$xf] = $newentry[$xf];
unset($newentry[$xf]);
@@ -1158,7 +1169,7 @@
}
}
- foreach ($this->fieldmap as $col => $fld) {
+ foreach ($this->fieldmap as $fld) {
if ($fld) {
$val = $ldap_data[$fld];
$old = $old_data[$fld];
@@ -1384,6 +1395,10 @@
*/
protected function add_autovalues(&$attrs)
{
+ if (empty($this->prop['autovalues'])) {
+ return;
+ }
+
$attrvals = array();
foreach ($attrs as $k => $v) {
$attrvals['{'.$k.'}'] = is_array($v) ? $v[0] : $v;
@@ -1391,13 +1406,24 @@
foreach ((array)$this->prop['autovalues'] as $lf => $templ) {
if (empty($attrs[$lf])) {
- // replace {attr} placeholders with concrete attribute values
- $templ = preg_replace('/\{\w+\}/', '', strtr($templ, $attrvals));
+ if (strpos($templ, '(') !== false) {
+ // replace {attr} placeholders with (escaped!) attribute values to be safely eval'd
+ $code = preg_replace('/\{\w+\}/', '', strtr($templ, array_map('addslashes', $attrvals)));
+ $fn = create_function('', "return ($code);");
+ if (!$fn) {
+ rcube::raise_error(array(
+ 'code' => 505, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Expression parse error on: ($code)"), true, false);
+ continue;
+ }
- if (strpos($templ, '(') !== false)
- $attrs[$lf] = eval("return ($templ);");
- else
- $attrs[$lf] = $templ;
+ $attrs[$lf] = $fn();
+ }
+ else {
+ // replace {attr} placeholders with concrete attribute values
+ $attrs[$lf] = preg_replace('/\{\w+\}/', '', strtr($templ, $attrvals));
+ }
}
}
}
@@ -1703,9 +1729,14 @@
* List all active contact groups of this source
*
* @param string Optional search string to match group name
+ * @param int Matching mode:
+ * 0 - partial (*abc*),
+ * 1 - strict (=),
+ * 2 - prefix (abc*)
+ *
* @return array Indexed list of contact groups, each a hash array
*/
- function list_groups($search = null)
+ function list_groups($search = null, $mode = 0)
{
if (!$this->groups)
return array();
@@ -1717,10 +1748,10 @@
$groups = array();
if ($search) {
- $search = mb_strtolower($search);
foreach ($group_cache as $group) {
- if (strpos(mb_strtolower($group['name']), $search) !== false)
+ if ($this->compare_search_value('name', $group['name'], $search, $mode)) {
$groups[] = $group;
+ }
}
}
else
@@ -1751,7 +1782,7 @@
$vlv_active = $this->_vlv_set_controls($this->prop['groups'], $vlv_page+1, $page_size);
}
- $function = $this->_scope2func($this->prop['groups']['scope'], $ns_function);
+ $function = $this->_scope2func($this->prop['groups']['scope']);
$res = @$function($this->conn, $base_dn, $filter, array_unique(array('dn', 'objectClass', $name_attr, $email_attr, $sort_attr)));
if ($res === false)
{
@@ -1909,9 +1940,10 @@
/**
* Add the given contact records the a certain group
*
- * @param string Group identifier
- * @param array List of contact identifiers to be added
- * @return int Number of contacts added
+ * @param string Group identifier
+ * @param array|string List of contact identifiers to be added
+ *
+ * @return int Number of contacts added
*/
function add_to_group($group_id, $contact_ids)
{
@@ -1925,8 +1957,8 @@
$group_name = $group_cache[$group_id]['name'];
$member_attr = $group_cache[$group_id]['member_attr'];
$group_dn = "cn=$group_name,$base_dn";
+ $new_attrs = array();
- $new_attrs = array();
foreach ($contact_ids as $id)
$new_attrs[$member_attr][] = self::dn_decode($id);
@@ -1937,28 +1969,32 @@
$this->cache->remove('groups');
- return count($new_attrs['member']);
+ return count($new_attrs[$member_attr]);
}
/**
* Remove the given contact records from a certain group
*
- * @param string Group identifier
- * @param array List of contact identifiers to be removed
- * @return int Number of deleted group members
+ * @param string Group identifier
+ * @param array|string List of contact identifiers to be removed
+ *
+ * @return int Number of deleted group members
*/
function remove_from_group($group_id, $contact_ids)
{
if (($group_cache = $this->cache->get('groups')) === null)
$group_cache = $this->_fetch_groups();
+ if (!is_array($contact_ids))
+ $contact_ids = explode(',', $contact_ids);
+
$base_dn = $this->groups_base_dn;
$group_name = $group_cache[$group_id]['name'];
$member_attr = $group_cache[$group_id]['member_attr'];
$group_dn = "cn=$group_name,$base_dn";
+ $del_attrs = array();
- $del_attrs = array();
- foreach (explode(",", $contact_ids) as $id)
+ foreach ($contact_ids as $id)
$del_attrs[$member_attr][] = self::dn_decode($id);
if (!$this->ldap_mod_del($group_dn, $del_attrs)) {
@@ -1968,7 +2004,7 @@
$this->cache->remove('groups');
- return count($del_attrs['member']);
+ return count($del_attrs[$member_attr]);
}
/**
--
Gitblit v1.9.1