tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Drop class Ldap\Expression and introduce LdapQuery::$nativeFilter

Browse Source 
I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.

refs #10370
This commit is contained in:
Johannes Meyer 2015-11-09 13:04:02 +01:00
parent 62eb767cd5
commit 9b826e6e5f
4 changed files with 53 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
library/Icinga/Authentication/User/LdapUserBackend.php
View File

@ -12,7 +12,6 @@ use Icinga\Exception\ProgrammingError;
use Icinga\Repository\LdapRepository; use Icinga\Repository\LdapRepository;
use Icinga\Repository\RepositoryQuery; use Icinga\Repository\RepositoryQuery;
use Icinga\Protocol\Ldap\LdapException; use Icinga\Protocol\Ldap\LdapException;
use Icinga\Protocol\Ldap\Expression;
use Icinga\User; use Icinga\User;
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
@ -203,7 +202,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
$query = parent::select($columns); $query = parent::select($columns);
$query->getQuery()->setBase($this->baseDn); $query->getQuery()->setBase($this->baseDn);
if ($this->filter) { if ($this->filter) {
$query->getQuery()->where(new Expression($this->filter)); $query->getQuery()->setNativeFilter($this->filter);
} }
return $query; return $query;

17
library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
View File

@ -9,7 +9,6 @@ use Icinga\Application\Logger;
use Icinga\Data\ConfigObject; use Icinga\Data\ConfigObject;
use Icinga\Exception\ConfigurationError; use Icinga\Exception\ConfigurationError;
use Icinga\Exception\ProgrammingError; use Icinga\Exception\ProgrammingError;
use Icinga\Protocol\Ldap\Expression;
use Icinga\Repository\LdapRepository; use Icinga\Repository\LdapRepository;
use Icinga\Repository\RepositoryQuery; use Icinga\Repository\RepositoryQuery;
use Icinga\User; use Icinga\User;
@ -368,11 +367,6 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
{ {
$query = parent::select($columns); $query = parent::select($columns);
$query->getQuery()->setBase($this->groupBaseDn); $query->getQuery()->setBase($this->groupBaseDn);
if ($this->groupFilter) {
// TODO(jom): This should differentiate between groups and their memberships
$query->getQuery()->where(new Expression($this->groupFilter));
}
return $query; return $query;
} }
@ -529,7 +523,12 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
public function requireTable($table, RepositoryQuery $query = null) public function requireTable($table, RepositoryQuery $query = null)
{ {
$table = parent::requireTable($table, $query); $table = parent::requireTable($table, $query);
if ($table === 'group' || $table === 'group_membership') { if ($table === 'group') {
$table = $this->groupClass;
if ($query !== null && $this->groupFilter) {
$query->getQuery()->setNativeFilter($this->groupFilter);
}
} elseif ($table === 'group_memership') {
$table = $this->groupClass; $table = $this->groupClass;
} }
@ -576,7 +575,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
->setBase($this->userBaseDn) ->setBase($this->userBaseDn)
->setUsePagedResults(false); ->setUsePagedResults(false);
if ($this->userFilter) { if ($this->userFilter) {
$userQuery->where(new Expression($this->userFilter)); $userQuery->setNativeFilter($this->userFilter);
} }
if (($queryValue = $userQuery->fetchDn()) === null) { if (($queryValue = $userQuery->fetchDn()) === null) {
@ -590,7 +589,7 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
->where($this->groupMemberAttribute, $queryValue) ->where($this->groupMemberAttribute, $queryValue)
->setBase($this->groupBaseDn); ->setBase($this->groupBaseDn);
if ($this->groupFilter) { if ($this->groupFilter) {
$groupQuery->where(new Expression($this->groupFilter)); $groupQuery->setNativeFilter($this->groupFilter);
} }
$groups = array(); $groups = array();

30
library/Icinga/Protocol/Ldap/Expression.php
View File

@ -1,30 +0,0 @@
<?php
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
namespace Icinga\Protocol\Ldap;
class Expression
{
protected $value;
public function __construct($value)
{
$this->value = $value;
}
public function setValue($value)
{
$this->value = $value;
return $this;
}
public function getValue()
{
return $this->value;
}
public function __toString()
{
return (string) $this->getValue();
}
}

62
library/Icinga/Protocol/Ldap/LdapQuery.php
View File

@ -42,6 +42,13 @@ class LdapQuery extends SimpleQuery
*/ */
protected $unfoldAttribute; protected $unfoldAttribute;
/**
* This query's native LDAP filter
*
* @var string
*/
protected $nativeFilter;
/** /**
* Initialize this query * Initialize this query
*/ */
@ -120,6 +127,29 @@ class LdapQuery extends SimpleQuery
return $this->unfoldAttribute; return $this->unfoldAttribute;
} }
/**
* Set this query's native LDAP filter
*
* @param string $filter
*
* @return $this
*/
public function setNativeFilter($filter)
{
$this->nativeFilter = $filter;
return $this;
}
/**
* Return this query's native LDAP filter
*
* @return string
*/
public function getNativeFilter()
{
return $this->nativeFilter;
}
/** /**
* Choose an objectClass and the columns you are interested in * Choose an objectClass and the columns you are interested in
* *
@ -141,13 +171,7 @@ class LdapQuery extends SimpleQuery
*/ */
public function where($condition, $value = null) public function where($condition, $value = null)
{ {
// TODO: Adjust this once support for Icinga\Data\Filter is available $this->filters[$condition] = $value;
if ($condition instanceof Expression) {
$this->filters[] = $condition;
} else {
$this->filters[$condition] = $value;
}
return $this; return $this;
} }
@ -239,22 +263,24 @@ class LdapQuery extends SimpleQuery
$parts = array(); $parts = array();
foreach ($this->filters as $key => $value) { foreach ($this->filters as $key => $value) {
if ($value instanceof Expression) { $parts[] = sprintf(
$parts[] = (string) $value; '%s=%s',
} else { LdapUtils::quoteForSearch($key),
$parts[] = sprintf( LdapUtils::quoteForSearch($value, true)
'%s=%s', );
LdapUtils::quoteForSearch($key),
LdapUtils::quoteForSearch($value, true)
);
}
} }
if (count($parts) > 1) { if (count($parts) > 1) {
return '(&(' . implode(')(', $parts) . '))'; $filter = '(&(' . implode(')(', $parts) . '))';
} else { } else {
return '(' . $parts[0] . ')'; $filter = '(' . $parts[0] . ')';
} }
if ($this->nativeFilter) {
$filter = '(&(' . $this->nativeFilter . ')' . $filter . ')';
}
return $filter;
} }
/** /**