2013-06-03 17:02:08 +02:00
|
|
|
<?php
|
2016-02-08 15:41:00 +01:00
|
|
|
/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */
|
2013-06-03 17:02:08 +02:00
|
|
|
|
|
|
|
namespace Icinga\Protocol\Ldap;
|
2013-06-07 13:29:11 +02:00
|
|
|
|
2019-04-23 14:36:08 +02:00
|
|
|
use Icinga\Data\Filter\Filter;
|
2016-04-05 15:02:10 +02:00
|
|
|
use LogicException;
|
2015-05-04 11:26:27 +02:00
|
|
|
use Icinga\Data\SimpleQuery;
|
|
|
|
|
2013-07-12 13:41:48 +02:00
|
|
|
/**
|
2015-05-04 11:26:27 +02:00
|
|
|
* LDAP query class
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-06-24 09:14:25 +02:00
|
|
|
class LdapQuery extends SimpleQuery
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* The base dn being used for this query
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
2014-02-14 15:38:52 +01:00
|
|
|
protected $base;
|
2013-06-03 17:02:08 +02:00
|
|
|
|
|
|
|
/**
|
2015-05-04 11:26:27 +02:00
|
|
|
* Whether this query is permitted to utilize paged results
|
2013-06-03 17:02:08 +02:00
|
|
|
*
|
2015-05-04 11:26:27 +02:00
|
|
|
* @var bool
|
|
|
|
*/
|
|
|
|
protected $usePagedResults;
|
|
|
|
|
2015-09-29 09:47:30 +02:00
|
|
|
/**
|
|
|
|
* The name of the attribute used to unfold the result
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $unfoldAttribute;
|
|
|
|
|
2015-11-09 13:04:02 +01:00
|
|
|
/**
|
|
|
|
* This query's native LDAP filter
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $nativeFilter;
|
|
|
|
|
2016-04-05 15:02:10 +02:00
|
|
|
/**
|
|
|
|
* Only fetch the entry at the base of the search
|
|
|
|
*/
|
|
|
|
const SCOPE_BASE = 'base';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Fetch entries one below the base DN
|
|
|
|
*/
|
|
|
|
const SCOPE_ONE = 'one';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Fetch all entries below the base DN
|
|
|
|
*/
|
|
|
|
const SCOPE_SUB = 'sub';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* All available scopes
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
public static $scopes = array(
|
|
|
|
LdapQuery::SCOPE_BASE,
|
|
|
|
LdapQuery::SCOPE_ONE,
|
|
|
|
LdapQuery::SCOPE_SUB
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* LDAP search scope (default: SCOPE_SUB)
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
protected $scope = LdapQuery::SCOPE_SUB;
|
|
|
|
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* Initialize this query
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-05-04 11:26:27 +02:00
|
|
|
protected function init()
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-10-01 15:47:11 +02:00
|
|
|
$this->usePagedResults = false;
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|
|
|
|
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* Set the base dn to be used for this query
|
|
|
|
*
|
|
|
|
* @param string $base
|
|
|
|
*
|
|
|
|
* @return $this
|
|
|
|
*/
|
2014-02-14 15:38:52 +01:00
|
|
|
public function setBase($base)
|
|
|
|
{
|
|
|
|
$this->base = $base;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* Return the base dn being used for this query
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2014-02-14 15:38:52 +01:00
|
|
|
public function getBase()
|
|
|
|
{
|
|
|
|
return $this->base;
|
|
|
|
}
|
|
|
|
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* Set whether this query is permitted to utilize paged results
|
|
|
|
*
|
|
|
|
* @param bool $state
|
|
|
|
*
|
|
|
|
* @return $this
|
|
|
|
*/
|
2015-01-29 15:53:15 +01:00
|
|
|
public function setUsePagedResults($state = true)
|
|
|
|
{
|
2015-01-29 15:59:03 +01:00
|
|
|
$this->usePagedResults = (bool) $state;
|
2015-01-29 15:53:15 +01:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2015-05-04 11:26:27 +02:00
|
|
|
/**
|
|
|
|
* Return whether this query is permitted to utilize paged results
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2015-01-29 15:53:15 +01:00
|
|
|
public function getUsePagedResults()
|
|
|
|
{
|
|
|
|
return $this->usePagedResults;
|
|
|
|
}
|
|
|
|
|
2015-09-29 09:47:30 +02:00
|
|
|
/**
|
|
|
|
* Set the attribute to be used to unfold the result
|
|
|
|
*
|
|
|
|
* @param string $attributeName
|
|
|
|
*
|
|
|
|
* @return $this
|
|
|
|
*/
|
|
|
|
public function setUnfoldAttribute($attributeName)
|
|
|
|
{
|
|
|
|
$this->unfoldAttribute = $attributeName;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the attribute to use to unfold the result
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getUnfoldAttribute()
|
|
|
|
{
|
|
|
|
return $this->unfoldAttribute;
|
|
|
|
}
|
|
|
|
|
2015-11-09 13:04:02 +01:00
|
|
|
/**
|
|
|
|
* Set this query's native LDAP filter
|
|
|
|
*
|
|
|
|
* @param string $filter
|
|
|
|
*
|
|
|
|
* @return $this
|
|
|
|
*/
|
|
|
|
public function setNativeFilter($filter)
|
|
|
|
{
|
|
|
|
$this->nativeFilter = $filter;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return this query's native LDAP filter
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getNativeFilter()
|
|
|
|
{
|
|
|
|
return $this->nativeFilter;
|
|
|
|
}
|
|
|
|
|
2013-06-03 17:02:08 +02:00
|
|
|
/**
|
2015-05-04 11:26:27 +02:00
|
|
|
* Choose an objectClass and the columns you are interested in
|
2013-06-03 17:02:08 +02:00
|
|
|
*
|
2015-05-04 11:26:27 +02:00
|
|
|
* {@inheritdoc} This creates an objectClass filter.
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-05-04 11:26:27 +02:00
|
|
|
public function from($target, array $fields = null)
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-11-09 15:59:48 +01:00
|
|
|
$this->where('objectClass', $target);
|
2015-05-04 11:26:27 +02:00
|
|
|
return parent::from($target, $fields);
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|
|
|
|
|
2019-04-23 14:36:08 +02:00
|
|
|
public function where($condition, $value = null)
|
|
|
|
{
|
|
|
|
$this->addFilter(Filter::expression($condition, '=', $value));
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function addFilter(Filter $filter)
|
|
|
|
{
|
|
|
|
$this->makeCaseInsensitive($filter);
|
|
|
|
return parent::addFilter($filter);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function setFilter(Filter $filter)
|
|
|
|
{
|
|
|
|
$this->makeCaseInsensitive($filter);
|
|
|
|
return parent::setFilter($filter);
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function makeCaseInsensitive(Filter $filter)
|
|
|
|
{
|
|
|
|
if ($filter->isExpression()) {
|
|
|
|
/** @var \Icinga\Data\Filter\FilterExpression $filter */
|
|
|
|
$filter->setCaseSensitive(false);
|
|
|
|
} else {
|
|
|
|
/** @var \Icinga\Data\Filter\FilterChain $filter */
|
|
|
|
foreach ($filter->filters() as $subFilter) {
|
|
|
|
$this->makeCaseInsensitive($subFilter);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-06-03 17:02:08 +02:00
|
|
|
/**
|
|
|
|
* Fetch result as tree
|
|
|
|
*
|
2015-05-04 11:26:27 +02:00
|
|
|
* @return Root
|
|
|
|
*
|
|
|
|
* @todo This is untested waste, not being used anywhere and ignores the query's order and base dn.
|
|
|
|
* Evaluate whether it's reasonable to properly implement and test it.
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
|
|
|
public function fetchTree()
|
|
|
|
{
|
|
|
|
$result = $this->fetchAll();
|
|
|
|
$sorted = array();
|
2015-06-23 15:16:53 +02:00
|
|
|
$quotedDn = preg_quote($this->ds->getDn(), '/');
|
2013-06-07 13:29:11 +02:00
|
|
|
foreach ($result as $key => & $item) {
|
|
|
|
$new_key = LdapUtils::implodeDN(
|
|
|
|
array_reverse(
|
|
|
|
LdapUtils::explodeDN(
|
2013-07-12 13:41:48 +02:00
|
|
|
preg_replace('/,' . $quotedDn . '$/', '', $key)
|
2013-06-07 13:29:11 +02:00
|
|
|
)
|
2013-06-03 17:02:08 +02:00
|
|
|
)
|
2013-06-07 13:29:11 +02:00
|
|
|
);
|
2013-06-03 17:02:08 +02:00
|
|
|
$sorted[$new_key] = $key;
|
|
|
|
}
|
|
|
|
unset($groups);
|
|
|
|
ksort($sorted);
|
|
|
|
|
2015-06-18 11:31:32 +02:00
|
|
|
$tree = Root::forConnection($this->ds);
|
2013-07-12 13:41:48 +02:00
|
|
|
$root_dn = $tree->getDN();
|
2013-06-03 17:02:08 +02:00
|
|
|
foreach ($sorted as $sort_key => & $key) {
|
2013-07-12 13:41:48 +02:00
|
|
|
if ($key === $root_dn) {
|
|
|
|
continue;
|
|
|
|
}
|
2013-06-03 17:02:08 +02:00
|
|
|
$tree->createChildByDN($key, $result[$key]);
|
|
|
|
}
|
|
|
|
return $tree;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-05-04 11:26:27 +02:00
|
|
|
* Fetch the distinguished name of the first result
|
2013-06-03 17:02:08 +02:00
|
|
|
*
|
2015-05-04 11:26:27 +02:00
|
|
|
* @return string|false The distinguished name or false in case it's not possible to fetch a result
|
2013-06-03 17:02:08 +02:00
|
|
|
*
|
2015-06-24 09:19:41 +02:00
|
|
|
* @throws LdapException In case the query returns multiple results
|
2015-05-04 11:26:27 +02:00
|
|
|
* (i.e. it's not possible to fetch a unique DN)
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-05-04 11:26:27 +02:00
|
|
|
public function fetchDn()
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-05-04 11:26:27 +02:00
|
|
|
return $this->ds->fetchDn($this);
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-11-09 15:59:48 +01:00
|
|
|
* Render and return this query's filter
|
2013-06-03 17:02:08 +02:00
|
|
|
*
|
2015-05-04 11:26:27 +02:00
|
|
|
* @return string
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-11-09 15:59:48 +01:00
|
|
|
public function renderFilter()
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-11-09 15:59:48 +01:00
|
|
|
$filter = $this->ds->renderFilter($this->filter);
|
2015-11-09 13:04:02 +01:00
|
|
|
if ($this->nativeFilter) {
|
|
|
|
$filter = '(&(' . $this->nativeFilter . ')' . $filter . ')';
|
|
|
|
}
|
|
|
|
|
|
|
|
return $filter;
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2015-05-04 11:26:27 +02:00
|
|
|
* Return the LDAP filter to be applied on this query
|
|
|
|
*
|
|
|
|
* @return string
|
2013-06-03 17:02:08 +02:00
|
|
|
*/
|
2015-05-04 11:26:27 +02:00
|
|
|
public function __toString()
|
2013-06-03 17:02:08 +02:00
|
|
|
{
|
2015-05-04 11:26:27 +02:00
|
|
|
return $this->renderFilter();
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|
2016-04-05 15:02:10 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get LDAP search scope
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function getScope()
|
|
|
|
{
|
|
|
|
return $this->scope;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set LDAP search scope
|
|
|
|
*
|
|
|
|
* Valid: sub one base (Default: sub)
|
|
|
|
*
|
|
|
|
* @param string $scope
|
|
|
|
*
|
|
|
|
* @return LdapQuery
|
|
|
|
*
|
|
|
|
* @throws LogicException If scope value is invalid
|
|
|
|
*/
|
|
|
|
public function setScope($scope)
|
|
|
|
{
|
|
|
|
if (! in_array($scope, static::$scopes)) {
|
|
|
|
throw new LogicException(
|
|
|
|
'Can\'t set scope %d, it is is invalid. Use one of %s or LdapQuery\'s constants.',
|
2017-01-27 14:48:59 +01:00
|
|
|
$scope,
|
|
|
|
implode(', ', static::$scopes)
|
2016-04-05 15:02:10 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
$this->scope = $scope;
|
|
|
|
return $this;
|
|
|
|
}
|
2013-06-03 17:02:08 +02:00
|
|
|
}
|