From 9215415163beea38ca926d04f3d945615c6cd903 Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Wed, 4 Nov 2009 12:10:47 +0100 Subject: [PATCH] Reduce the functionality of the kolab authentication driver. Some functionality should be readded as decorators. --- framework/Auth/lib/Horde/Auth/Kolab.php | 242 ++++++++++----------- .../Horde/Kolab/Server/Exception/Bindfailed.php | 30 +++ .../Kolab_Server/lib/Horde/Kolab/Server/Ldap.php | 7 +- framework/Kolab_Server/package.xml | 2 + .../Kolab_Session/lib/Horde/Kolab/Session/Base.php | 3 + .../lib/Horde/Kolab/Session/Exception/Badlogin.php | 30 +++ framework/Kolab_Session/package.xml | 4 + 7 files changed, 190 insertions(+), 128 deletions(-) create mode 100644 framework/Kolab_Server/lib/Horde/Kolab/Server/Exception/Bindfailed.php create mode 100644 framework/Kolab_Session/lib/Horde/Kolab/Session/Exception/Badlogin.php diff --git a/framework/Auth/lib/Horde/Auth/Kolab.php b/framework/Auth/lib/Horde/Auth/Kolab.php index 1df354522..66b430c28 100644 --- a/framework/Auth/lib/Horde/Auth/Kolab.php +++ b/framework/Auth/lib/Horde/Auth/Kolab.php @@ -23,27 +23,15 @@ class Horde_Auth_Kolab extends Horde_Auth_Base * @var array */ protected $_capabilities = array( - 'add' => true, - 'authenticate' => true, - 'list' => true + 'authenticate' => true, + 'list' => true, + /** @todo These would only work if we allow manager login */ + 'add' => false, + 'remove' => false, + 'update' => false ); /** - * Constructor. - * - * @param array $params A hash containing parameters. - * @throws Horde_Auth_Exception - */ - public function __construct($params = array()) - { - if (!class_exists('Horde_Kolab_Session')) { - throw new Horde_Auth_Exception('The Horde_Kolab_Session class is not available.'); - } - - parent::__construct($params); - } - - /** * Find out if a set of login credentials are valid. * * For Kolab this requires to identify the IMAP server the user should @@ -59,131 +47,131 @@ class Horde_Auth_Kolab extends Horde_Auth_Base */ protected function _authenticate($userId, $credentials) { - global $conf; - - $params = array(); - try { - $session = Horde_Kolab_Session::singleton($userId, $credentials, true); - } catch (Horde_Kolab_Server_MissingObjectException $e) { + $session = Horde_Kolab_Session_Singleton::singleton( + $userId, $credentials + ); + } catch (Horde_Kolab_Session_Exception_Badlogin $e) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } catch (Exception $e) { Horde::logMessage($e, __FILE__, __LINE__, PEAR_LOG_ERR); throw new Horde_Auth_Exception('', Horde_Auth::REASON_FAILED); } - $this->_credentials['userId'] = $session->user_mail; + $this->_credentials['userId'] = $session->getMail(); - if (!isset($conf['auth']['params']) || - $conf['auth']['params']['login_block'] != 1) { - // Return if feature is disabled. - return $session->auth; - } + return true; - if ($session->auth !== true && - class_exists('Horde_History')) { - $history = Horde_History::singleton(); - - $history_identifier = "$userId@logins.kolab"; - $history_log = $history->getHistory($history_identifier); - $history_list = array(); - - // Extract history list from log. - if ($history_log && !($history_log instanceof PEAR_Error)) { - $data = $history_log->getData(); - if (!empty($data)) { - $entry = array_shift($data); - $history_list = $entry['history_list']; - } - } - - // Calculate the time range. - $start_time = (time() - $conf['auth']['params']['login_block_time'] * 60); - - $new_history_list = array(); - $count = 0; - - // Copy and count all relevant timestamps. - foreach ($history_list as $entry) { - $timestamp = $entry[ 'timestamp' ]; - - if ($timestamp > $start_time) { - $new_history_list[] = $entry; - $count++; - } - } - - $max_count = $conf['auth']['params']['login_block_count']; - - if ($count > $max_count) { - // Add entry for current failed login. - $entry = array(); - $entry[ 'timestamp' ] = time(); - $new_history_list[] = $entry; - - // Write back history. - $history->log($history_identifier, - array('action' => 'add', 'who' => $userId, - 'history_list' => $new_history_list), true); - - if ($count > $max_count) { - throw new Horde_Auth_Exception(_("Too many invalid logins during the last minutes.")); - } - - throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); - } - } +/* if (!isset($conf['auth']['params']) || */ +/* $conf['auth']['params']['login_block'] != 1) { */ +/* // Return if feature is disabled. */ +/* return $session->auth; */ +/* } */ - return ($session->auth === true); - } +/* if ($session->auth !== true && */ +/* class_exists('Horde_History')) { */ +/* $history = Horde_History::singleton(); */ - /** - * List Users - * - * @return array List of Users - * @throws Horde_Auth_Exception - */ - public function listUsers() - { - $session = Horde_Kolab_Session::singleton(); - $server = $session->getServer(); - if ($server instanceof PEAR_Error) { - return $server; - } - $users = $server->listObjects(KOLAB_OBJECT_USER); - $mails = array(); - foreach ($users as $user) { - $mails[] = $user->get(KOLAB_ATTR_MAIL); - } +/* $history_identifier = "$userId@logins.kolab"; */ +/* $history_log = $history->getHistory($history_identifier); */ +/* $history_list = array(); */ - return $mails; - } +/* // Extract history list from log. */ +/* if ($history_log && !($history_log instanceof PEAR_Error)) { */ +/* $data = $history_log->getData(); */ +/* if (!empty($data)) { */ +/* $entry = array_shift($data); */ +/* $history_list = $entry['history_list']; */ +/* } */ +/* } */ - /** - * Add a set of authentication credentials. - * - * @param string $userId The userId to add. - * @param array $credentials The credentials to be set. - * - * @throws Horde_Auth_Exception - */ - public function addUser($userId, $credentials) - { - $session = Horde_Kolab_Session::singleton(); - $server = $session->getServer(); - if ($server instanceof PEAR_Error) { - return $server; - } +/* // Calculate the time range. */ +/* $start_time = (time() - $conf['auth']['params']['login_block_time'] * 60); */ - $result = $server->store(KOLAB_OBJECT_USER, $userId, $credentials); +/* $new_history_list = array(); */ +/* $count = 0; */ - if (is_a($result, KOLAB_OBJECT_USER)) { - return true; - } else if ($result instanceof PEAR_Error) { - return $result; - } +/* // Copy and count all relevant timestamps. */ +/* foreach ($history_list as $entry) { */ +/* $timestamp = $entry[ 'timestamp' ]; */ + +/* if ($timestamp > $start_time) { */ +/* $new_history_list[] = $entry; */ +/* $count++; */ +/* } */ +/* } */ + +/* $max_count = $conf['auth']['params']['login_block_count']; */ + +/* if ($count > $max_count) { */ +/* // Add entry for current failed login. */ +/* $entry = array(); */ +/* $entry[ 'timestamp' ] = time(); */ +/* $new_history_list[] = $entry; */ - throw new Horde_Auth_Exception(sprintf('The new Kolab object is a %s rather than a ' . KOLAB_OBJECT_USER, get_class($result))); +/* // Write back history. */ +/* $history->log($history_identifier, */ +/* array('action' => 'add', 'who' => $userId, */ +/* 'history_list' => $new_history_list), true); */ + +/* if ($count > $max_count) { */ +/* throw new Horde_Auth_Exception(_("Too many invalid logins during the last minutes.")); */ +/* } */ + +/* throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); */ +/* } */ +/* } */ + +/* return ($session->auth === true); */ } +/* /\** */ +/* * List Users */ +/* * */ +/* * @return array List of Users */ +/* * @throws Horde_Auth_Exception */ +/* *\/ */ +/* public function listUsers() */ +/* { */ +/* $session = Horde_Kolab_Session_Singleton::singleton(); */ +/* $server = $session->getServer(); */ +/* if ($server instanceof PEAR_Error) { */ +/* return $server; */ +/* } */ +/* $users = $server->listObjects(KOLAB_OBJECT_USER); */ +/* $mails = array(); */ +/* foreach ($users as $user) { */ +/* $mails[] = $user->get(KOLAB_ATTR_MAIL); */ +/* } */ + +/* return $mails; */ +/* } */ + +/* /\** */ +/* * Add a set of authentication credentials. */ +/* * */ +/* * @param string $userId The userId to add. */ +/* * @param array $credentials The credentials to be set. */ +/* * */ +/* * @throws Horde_Auth_Exception */ +/* *\/ */ +/* public function addUser($userId, $credentials) */ +/* { */ +/* $session = Horde_Kolab_Session::singleton(); */ +/* $server = $session->getServer(); */ +/* if ($server instanceof PEAR_Error) { */ +/* return $server; */ +/* } */ + +/* $result = $server->store(KOLAB_OBJECT_USER, $userId, $credentials); */ + +/* if (is_a($result, KOLAB_OBJECT_USER)) { */ +/* return true; */ +/* } else if ($result instanceof PEAR_Error) { */ +/* return $result; */ +/* } */ + +/* throw new Horde_Auth_Exception(sprintf('The new Kolab object is a %s rather than a ' . KOLAB_OBJECT_USER, get_class($result))); */ +/* } */ + } diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Exception/Bindfailed.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Exception/Bindfailed.php new file mode 100644 index 000000000..b293f505f --- /dev/null +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Exception/Bindfailed.php @@ -0,0 +1,30 @@ + + * @license http://www.fsf.org/copyleft/lgpl.html LGPL + * @link http://pear.horde.org/index.php?package=Kolab_Server + */ + +/** + * Indicate that the given bind credentials were invalid. + * + * Copyright 2009 The Horde Project (http://www.horde.org/) + * + * See the enclosed file COPYING for license information (LGPL). If you + * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. + * + * @category Kolab + * @package Kolab_Server + * @author Gunnar Wrobel + * @license http://www.fsf.org/copyleft/lgpl.html LGPL + * @link http://pear.horde.org/index.php?package=Kolab_Server + */ +class Horde_Kolab_Server_Exception_Bindfailed extends Horde_Kolab_Server_Exception +{ +} diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Ldap.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Ldap.php index 1adfdd521..a0ada57ee 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Ldap.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Ldap.php @@ -319,7 +319,12 @@ implements Horde_Kolab_Server_Interface $code = Horde_Kolab_Server_Exception::SYSTEM ) { if ($result instanceOf PEAR_Error) { - throw new Horde_Kolab_Server_Exception($result, $code); + if ($code == Horde_Kolab_Server_Exception::BIND_FAILED + && $result->getCode() == 49) { + throw new Horde_Kolab_Server_Exception_Bindfailed($result, $code); + } else { + throw new Horde_Kolab_Server_Exception($result, $code); + } } } diff --git a/framework/Kolab_Server/package.xml b/framework/Kolab_Server/package.xml index 861c45988..05b936d6c 100644 --- a/framework/Kolab_Server/package.xml +++ b/framework/Kolab_Server/package.xml @@ -83,6 +83,7 @@ http://pear.php.net/dtd/package-2.0.xsd"> + @@ -367,6 +368,7 @@ http://pear.php.net/dtd/package-2.0.xsd"> + diff --git a/framework/Kolab_Session/lib/Horde/Kolab/Session/Base.php b/framework/Kolab_Session/lib/Horde/Kolab/Session/Base.php index add352c6f..2234cbb57 100644 --- a/framework/Kolab_Session/lib/Horde/Kolab/Session/Base.php +++ b/framework/Kolab_Session/lib/Horde/Kolab/Session/Base.php @@ -143,6 +143,9 @@ class Horde_Kolab_Session_Base implements Horde_Kolab_Session try { $this->_server->connect($this->_user_id, $password); $user_object = $this->_server->objects->fetch(); + } catch (Horde_Kolab_Server_Exception_Bindfailed $e) { + throw new Horde_Kolab_Session_Exception_Badlogin($e); + } } catch (Horde_Kolab_Server_Exception $e) { throw new Horde_Kolab_Session_Exception($e); } diff --git a/framework/Kolab_Session/lib/Horde/Kolab/Session/Exception/Badlogin.php b/framework/Kolab_Session/lib/Horde/Kolab/Session/Exception/Badlogin.php new file mode 100644 index 000000000..de0aee177 --- /dev/null +++ b/framework/Kolab_Session/lib/Horde/Kolab/Session/Exception/Badlogin.php @@ -0,0 +1,30 @@ + + * @license http://www.fsf.org/copyleft/lgpl.html LGPL + * @link http://pear.horde.org/index.php?package=Kolab_Session + */ + +/** + * Indicate bad login credentials. + * + * Copyright 2009 The Horde Project (http://www.horde.org/) + * + * See the enclosed file COPYING for license information (LGPL). If you + * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. + * + * @category Kolab + * @package Kolab_Session + * @author Gunnar Wrobel + * @license http://www.fsf.org/copyleft/lgpl.html LGPL + * @link http://pear.horde.org/index.php?package=Kolab_Session + */ +class Horde_Kolab_Session_Exception_Badlogin extends Horde_Kolab_Session_Exception +{ +} \ No newline at end of file diff --git a/framework/Kolab_Session/package.xml b/framework/Kolab_Session/package.xml index 2049419fc..5918bfa54 100644 --- a/framework/Kolab_Session/package.xml +++ b/framework/Kolab_Session/package.xml @@ -55,6 +55,9 @@ http://pear.php.net/dtd/package-2.0.xsd"> + + + @@ -174,6 +177,7 @@ http://pear.php.net/dtd/package-2.0.xsd"> + -- 2.11.0