diff options
Diffstat (limited to '')
| -rw-r--r-- | extensions/source/config/WinUserInfo/WinUserInfoBe.component | 16 | ||||
| -rw-r--r-- | extensions/source/config/WinUserInfo/WinUserInfoBe.cxx | 433 | ||||
| -rw-r--r-- | extensions/source/config/WinUserInfo/WinUserInfoBe.hxx | 101 | ||||
| -rw-r--r-- | extensions/source/config/ldap/ldapaccess.cxx | 289 | ||||
| -rw-r--r-- | extensions/source/config/ldap/ldapaccess.hxx | 133 | ||||
| -rw-r--r-- | extensions/source/config/ldap/ldapbe2.component | 26 | ||||
| -rw-r--r-- | extensions/source/config/ldap/ldapuserprofilebe.cxx | 214 | ||||
| -rw-r--r-- | extensions/source/config/ldap/ldapuserprofilebe.hxx | 113 |
8 files changed, 1325 insertions, 0 deletions
diff --git a/extensions/source/config/WinUserInfo/WinUserInfoBe.component b/extensions/source/config/WinUserInfo/WinUserInfoBe.component new file mode 100644 index 000000000..5dd7d21ad --- /dev/null +++ b/extensions/source/config/WinUserInfo/WinUserInfoBe.component @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + --> + +<component loader="com.sun.star.loader.SharedLibrary" environment="@CPPU_ENV@" + xmlns="http://openoffice.org/2010/uno-components"> + <implementation name="com.sun.star.comp.configuration.backend.WinUserInfoBe" + constructor="extensions_WinUserInfoBe_get_implementation"> + <service name="com.sun.star.configuration.backend.WinUserInfoBe"/> + </implementation> +</component> diff --git a/extensions/source/config/WinUserInfo/WinUserInfoBe.cxx b/extensions/source/config/WinUserInfo/WinUserInfoBe.cxx new file mode 100644 index 000000000..2914cf78d --- /dev/null +++ b/extensions/source/config/WinUserInfo/WinUserInfoBe.cxx @@ -0,0 +1,433 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include "WinUserInfoBe.hxx" + +#include <com/sun/star/beans/Optional.hpp> +#include <comphelper/base64.hxx> +#include <comphelper/configuration.hxx> +#include <cppuhelper/supportsservice.hxx> +#include <map> +#include <o3tl/char16_t2wchar_t.hxx> +#include <tools/diagnose_ex.h> +#include <officecfg/UserProfile.hxx> + +#include <Iads.h> +#include <Adshlp.h> +#include <Lmcons.h> +#define SECURITY_WIN32 +#include <Security.h> + +#include <systools/win32/comtools.hxx> +#include <systools/win32/oleauto.hxx> + +namespace extensions +{ +namespace config +{ +namespace WinUserInfo +{ +class WinUserInfoBe_Impl +{ +public: + virtual ~WinUserInfoBe_Impl(){}; + virtual OUString GetGivenName() = 0; + virtual OUString GetSn() { return ""; } + virtual OUString GetFathersname() { return ""; } + virtual OUString GetInitials() { return ""; } + virtual OUString GetStreet() { return ""; } + virtual OUString GetCity() { return ""; } + virtual OUString GetState() { return ""; } + virtual OUString GetApartment() { return ""; } + virtual OUString GetPostalCode() { return ""; } + virtual OUString GetCountry() { return ""; } + virtual OUString GetOrganization() { return ""; } + virtual OUString GetPosition() { return ""; } + virtual OUString GetTitle() { return ""; } + virtual OUString GetHomePhone() { return ""; } + virtual OUString GetTelephoneNumber() { return ""; } + virtual OUString GetFaxNumber() { return ""; } + virtual OUString GetMail() { return ""; } +}; +} +} +} + +namespace +{ +constexpr OUStringLiteral givenname(u"givenname"); +constexpr OUStringLiteral sn(u"sn"); +constexpr char fathersname[]("fathersname"); +constexpr OUStringLiteral initials(u"initials"); +constexpr OUStringLiteral street(u"street"); +constexpr OUStringLiteral l(u"l"); +constexpr OUStringLiteral st(u"st"); +constexpr char apartment[]("apartment"); +constexpr OUStringLiteral postalcode(u"postalcode"); +constexpr OUStringLiteral c(u"c"); +constexpr OUStringLiteral o(u"o"); +constexpr char position[]("position"); +constexpr OUStringLiteral title(u"title"); +constexpr OUStringLiteral homephone(u"homephone"); +constexpr OUStringLiteral telephonenumber(u"telephonenumber"); +constexpr OUStringLiteral facsimiletelephonenumber(u"facsimiletelephonenumber"); +constexpr OUStringLiteral mail(u"mail"); + +// Backend class implementing access to Active Directory user data. It caches its encoded data +// in a configuration entry, to allow reusing it when user later doesn't have access to AD DC +// (otherwise the user would get different data when connected vs not connected). +class ADsUserAccess : public extensions::config::WinUserInfo::WinUserInfoBe_Impl +{ +public: + ADsUserAccess() + { + try + { + sal::systools::CoInitializeGuard aCoInitializeGuard(COINIT_APARTMENTTHREADED); + + sal::systools::COMReference<IADsADSystemInfo> pADsys(CLSID_ADSystemInfo, nullptr, + CLSCTX_INPROC_SERVER); + + sal::systools::BStr sUserDN; + sal::systools::ThrowIfFailed(pADsys->get_UserName(&sUserDN), "get_UserName failed"); + // If this user is an AD user, then without an active connection to the domain, all the + // above will succeed, and m_sUserDN will be correctly initialized, but the following + // call to ADsGetObject will fail, and we will attempt reading cached values. + m_sUserDN = sUserDN; + OUString sLdapUserDN = "LDAP://" + m_sUserDN; + sal::systools::COMReference<IADsUser> pUser; + sal::systools::ThrowIfFailed(ADsGetObject(o3tl::toW(sLdapUserDN.getStr()), IID_IADsUser, + reinterpret_cast<void**>(&pUser)), + "ADsGetObject failed"); + // Fetch all the required information right now, when we know to have access to AD + // (later the connection may already be lost) + m_aMap[givenname] = Str(pUser, &IADsUser::get_FirstName); + m_aMap[sn] = Str(pUser, &IADsUser::get_LastName); + m_aMap[initials] = Str(pUser, L"initials"); + m_aMap[street] = Str(pUser, L"streetAddress"); + m_aMap[l] = Str(pUser, L"l"); + m_aMap[st] = Str(pUser, L"st"); + m_aMap[postalcode] = Str(pUser, L"postalCode"); + m_aMap[c] = Str(pUser, L"co"); + m_aMap[o] = Str(pUser, L"company"); + m_aMap[title] = Str(pUser, &IADsUser::get_Title); + m_aMap[homephone] = Str(pUser, L"homePhone"); + m_aMap[telephonenumber] = Str(pUser, L"TelephoneNumber"); + m_aMap[facsimiletelephonenumber] = Str(pUser, L"facsimileTelephoneNumber"); + m_aMap[mail] = Str(pUser, &IADsUser::get_EmailAddress); + + CacheData(); + } + catch (sal::systools::ComError&) + { + // Maybe we temporarily lost connection to AD; try to get cached data + GetCachedData(); + } + } + + virtual OUString GetGivenName() override { return m_aMap[givenname]; } + virtual OUString GetSn() override { return m_aMap[sn]; } + virtual OUString GetInitials() override { return m_aMap[initials]; } + virtual OUString GetStreet() override { return m_aMap[street]; } + virtual OUString GetCity() override { return m_aMap[l]; } + virtual OUString GetState() override { return m_aMap[st]; } + virtual OUString GetPostalCode() override { return m_aMap[postalcode]; } + virtual OUString GetCountry() override { return m_aMap[c]; } + virtual OUString GetOrganization() override { return m_aMap[o]; } + virtual OUString GetTitle() override { return m_aMap[title]; } + virtual OUString GetHomePhone() override { return m_aMap[homephone]; } + virtual OUString GetTelephoneNumber() override { return m_aMap[telephonenumber]; } + virtual OUString GetFaxNumber() override { return m_aMap[facsimiletelephonenumber]; } + virtual OUString GetMail() override { return m_aMap[mail]; } + +private: + typedef HRESULT (__stdcall IADsUser::*getstrfunc)(BSTR*); + static OUString Str(IADsUser* pUser, getstrfunc func) + { + sal::systools::BStr sBstr; + if (FAILED((pUser->*func)(&sBstr))) + return ""; + return OUString(sBstr); + } + static OUString Str(IADsUser* pUser, const wchar_t* property) + { + sal::systools::BStr sBstrProp{ o3tl::toU(property) }; + struct AutoVariant : public VARIANT + { + AutoVariant() { VariantInit(this); } + ~AutoVariant() { VariantClear(this); } + } varArr; + if (FAILED(pUser->GetEx(sBstrProp, &varArr))) + return ""; + SAFEARRAY* sa = V_ARRAY(&varArr); + LONG nStart, nEnd; + if (FAILED(SafeArrayGetLBound(sa, 1, &nStart)) || FAILED(SafeArrayGetUBound(sa, 1, &nEnd))) + return ""; + AutoVariant varItem; + for (LONG i = nStart; i <= nEnd; i++) + { + if (FAILED(SafeArrayGetElement(sa, &i, &varItem))) + continue; + if (varItem.vt == VT_BSTR) + return OUString(o3tl::toU(V_BSTR(&varItem))); + VariantClear(&varItem); + } + return ""; + } + + void CacheData() + { + try + { + OUString sCachedData = "user=" + m_sUserDN // user DN + + "\0" + givenname + "=" + GetGivenName() // 1st name + + "\0" + sn + "=" + GetSn() // sn + + "\0" + initials + "=" + GetInitials() // initials + + "\0" + street + "=" + GetStreet() // street + + "\0" + l + "=" + GetCity() // l + + "\0" + st + "=" + GetState() // st + + "\0" + postalcode + "=" + GetPostalCode() // p.code + + "\0" + c + "=" + GetCountry() // c + + "\0" + o + "=" + GetOrganization() // o + + "\0" + title + "=" + GetTitle() // title + + "\0" + homephone + "=" + GetHomePhone() // h.phone + + "\0" + telephonenumber + "=" + GetTelephoneNumber() // tel + + "\0" + facsimiletelephonenumber + "=" + GetFaxNumber() // fax + + "\0" + mail + "=" + GetMail(); // mail + const css::uno::Sequence<sal_Int8> seqCachedData( + reinterpret_cast<const sal_Int8*>(sCachedData.getStr()), + sCachedData.getLength() * sizeof(sal_Unicode)); + OUStringBuffer sOutBuf; + comphelper::Base64::encode(sOutBuf, seqCachedData); + + std::shared_ptr<comphelper::ConfigurationChanges> batch( + comphelper::ConfigurationChanges::create()); + officecfg::UserProfile::WinUserInfo::Cache::set(sOutBuf.makeStringAndClear(), batch); + batch->commit(); + } + catch (const css::uno::Exception&) + { + TOOLS_WARN_EXCEPTION("extensions.config", + "ADsUserAccess: access to configuration data failed:"); + } + } + + void GetCachedData() + { + if (m_sUserDN.isEmpty()) + throw css::uno::RuntimeException(); + + OUString sCache = officecfg::UserProfile::WinUserInfo::Cache::get(); + + if (sCache.isEmpty()) + throw css::uno::RuntimeException(); + + { + css::uno::Sequence<sal_Int8> seqCachedData; + comphelper::Base64::decode(seqCachedData, sCache); + sCache = OUString(reinterpret_cast<const sal_Unicode*>(seqCachedData.getConstArray()), + seqCachedData.getLength() / sizeof(sal_Unicode)); + } + + OUString sUserDN; + std::map<const OUString, OUString> aMap; + sal_Int32 nIndex = 0; + do + { + const OUString sEntry = sCache.getToken(0, '\0', nIndex); + sal_Int32 nEqIndex = 0; + const OUString sEntryName = sEntry.getToken(0, '=', nEqIndex); + OUString sEntryVal; + if (nEqIndex >= 0) + sEntryVal = sEntry.copy(nEqIndex); + if (sEntryName == "user") + sUserDN = sEntryVal; + else + aMap[sEntryName] = sEntryVal; + } while (nIndex >= 0); + + if (sUserDN != m_sUserDN) + throw css::uno::RuntimeException(); + m_aMap = std::move(aMap); + } + + OUString m_sUserDN; // used to check if the cached data is for current user + std::map<const OUString, OUString> m_aMap; +}; + +class SysInfoUserAccess : public extensions::config::WinUserInfo::WinUserInfoBe_Impl +{ +public: + SysInfoUserAccess() + { + try + { + ULONG nSize = 0; + GetUserNameExW(NameDisplay, nullptr, &nSize); + if (GetLastError() != ERROR_MORE_DATA) + throw css::uno::RuntimeException(); + auto pNameBuf(std::make_unique<wchar_t[]>(nSize)); + if (!GetUserNameExW(NameDisplay, pNameBuf.get(), &nSize)) + throw css::uno::RuntimeException(); + m_sName = o3tl::toU(pNameBuf.get()); + } + catch (css::uno::RuntimeException&) + { + // GetUserNameEx may fail in some cases (e.g., for built-in AD domain + // administrator account on non-DC systems), where GetUserName will + // still give a name. + DWORD nSize = UNLEN + 1; + auto pNameBuf(std::make_unique<wchar_t[]>(nSize)); + if (!GetUserNameW(pNameBuf.get(), &nSize)) + throw css::uno::RuntimeException(); + m_sName = o3tl::toU(pNameBuf.get()); + } + } + + virtual OUString GetGivenName() override { return m_sName; } + +private: + OUString m_sName; +}; +} + +namespace extensions +{ +namespace config +{ +namespace WinUserInfo +{ +WinUserInfoBe::WinUserInfoBe() + : WinUserInfoMutexHolder() + , BackendBase(mMutex) +{ + try + { + m_pImpl.reset(new ADsUserAccess()); + } + catch (css::uno::RuntimeException&) + { + m_pImpl.reset(new SysInfoUserAccess); + } +} + +WinUserInfoBe::~WinUserInfoBe() {} + +void WinUserInfoBe::setPropertyValue(OUString const&, css::uno::Any const&) +{ + throw css::lang::IllegalArgumentException("setPropertyValue not supported", + static_cast<cppu::OWeakObject*>(this), -1); +} + +css::uno::Any WinUserInfoBe::getPropertyValue(OUString const& PropertyName) +{ + OUString sValue; + // Only process the first argument of possibly multiple space- or comma-separated arguments + OUString sToken = PropertyName.getToken(0, ' ').getToken(0, ','); + if (sToken == givenname) + { + sValue = m_pImpl->GetGivenName(); + } + else if (sToken == sn) + { + sValue = m_pImpl->GetSn(); + } + else if (sToken == fathersname) + { + sValue = m_pImpl->GetFathersname(); + } + else if (sToken == initials) + { + sValue = m_pImpl->GetInitials(); + } + else if (sToken == street) + { + sValue = m_pImpl->GetStreet(); + } + else if (sToken == l) + { + sValue = m_pImpl->GetCity(); + } + else if (sToken == st) + { + sValue = m_pImpl->GetState(); + } + else if (sToken == apartment) + { + sValue = m_pImpl->GetApartment(); + } + else if (sToken == postalcode) + { + sValue = m_pImpl->GetPostalCode(); + } + else if (sToken == c) + { + sValue = m_pImpl->GetCountry(); + } + else if (sToken == o) + { + sValue = m_pImpl->GetOrganization(); + } + else if (sToken == position) + { + sValue = m_pImpl->GetPosition(); + } + else if (sToken == title) + { + sValue = m_pImpl->GetTitle(); + } + else if (sToken == homephone) + { + sValue = m_pImpl->GetHomePhone(); + } + else if (sToken == telephonenumber) + { + sValue = m_pImpl->GetTelephoneNumber(); + } + else if (sToken == facsimiletelephonenumber) + { + sValue = m_pImpl->GetFaxNumber(); + } + else if (sToken == mail) + { + sValue = m_pImpl->GetMail(); + } + else + throw css::beans::UnknownPropertyException(sToken, static_cast<cppu::OWeakObject*>(this)); + + return css::uno::Any(css::beans::Optional<css::uno::Any>( + !sValue.isEmpty(), sValue.isEmpty() ? css::uno::Any() : css::uno::Any(sValue))); +} + +OUString SAL_CALL WinUserInfoBe::getImplementationName() +{ + return "com.sun.star.comp.configuration.backend.WinUserInfoBe"; +} + +sal_Bool SAL_CALL WinUserInfoBe::supportsService(const OUString& aServiceName) +{ + return cppu::supportsService(this, aServiceName); +} + +css::uno::Sequence<OUString> SAL_CALL WinUserInfoBe::getSupportedServiceNames() +{ + return { "com.sun.star.configuration.backend.WinUserInfoBe" }; +} +} +} +} + +extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface* +extensions_WinUserInfoBe_get_implementation(css::uno::XComponentContext*, + css::uno::Sequence<css::uno::Any> const&) +{ + return cppu::acquire(new extensions::config::WinUserInfo::WinUserInfoBe()); +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/extensions/source/config/WinUserInfo/WinUserInfoBe.hxx b/extensions/source/config/WinUserInfo/WinUserInfoBe.hxx new file mode 100644 index 000000000..30ca088c3 --- /dev/null +++ b/extensions/source/config/WinUserInfo/WinUserInfoBe.hxx @@ -0,0 +1,101 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#pragma once + +#include <com/sun/star/beans/XPropertySet.hpp> +#include <com/sun/star/lang/XServiceInfo.hpp> +#include <cppuhelper/compbase.hxx> +#include <memory> + +namespace com +{ +namespace sun +{ +namespace star +{ +namespace uno +{ +class XComponentContext; +} +} +} +} + +namespace extensions +{ +namespace config +{ +namespace WinUserInfo +{ +class WinUserInfoBe_Impl; + +typedef cppu::WeakComponentImplHelper<css::beans::XPropertySet, css::lang::XServiceInfo> + BackendBase; + +struct WinUserInfoMutexHolder +{ + osl::Mutex mMutex; +}; +/** + Implements the PlatformBackend service, a specialization of the + XPropertySet service for retrieving Active Directory user profile + configuration settings. +*/ +class WinUserInfoBe : private WinUserInfoMutexHolder, public BackendBase +{ +public: + explicit WinUserInfoBe(); + virtual ~WinUserInfoBe() override; + + // XServiceInfo + virtual OUString SAL_CALL getImplementationName() override; + + virtual sal_Bool SAL_CALL supportsService(const OUString& aServiceName) override; + + virtual css::uno::Sequence<OUString> SAL_CALL getSupportedServiceNames() override; + + // XPropertySet + virtual css::uno::Reference<css::beans::XPropertySetInfo> SAL_CALL getPropertySetInfo() override + { + return css::uno::Reference<css::beans::XPropertySetInfo>(); + } + + virtual void SAL_CALL setPropertyValue(OUString const&, css::uno::Any const&) override; + + virtual css::uno::Any SAL_CALL getPropertyValue(OUString const& PropertyName) override; + + virtual void SAL_CALL addPropertyChangeListener( + OUString const&, css::uno::Reference<css::beans::XPropertyChangeListener> const&) override + { + } + + virtual void SAL_CALL removePropertyChangeListener( + OUString const&, css::uno::Reference<css::beans::XPropertyChangeListener> const&) override + { + } + + virtual void SAL_CALL addVetoableChangeListener( + OUString const&, css::uno::Reference<css::beans::XVetoableChangeListener> const&) override + { + } + + virtual void SAL_CALL removeVetoableChangeListener( + OUString const&, css::uno::Reference<css::beans::XVetoableChangeListener> const&) override + { + } + +private: + std::unique_ptr<WinUserInfoBe_Impl> m_pImpl; +}; +} +} +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/extensions/source/config/ldap/ldapaccess.cxx b/extensions/source/config/ldap/ldapaccess.cxx new file mode 100644 index 000000000..7e35408b3 --- /dev/null +++ b/extensions/source/config/ldap/ldapaccess.cxx @@ -0,0 +1,289 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + +#include "ldapaccess.hxx" + +#include <osl/diagnose.h> +#include <o3tl/char16_t2wchar_t.hxx> + +#include <com/sun/star/ldap/LdapConnectionException.hpp> + + +namespace extensions::config::ldap { + + +typedef int LdapErrCode; + +struct LdapMessageHolder +{ + LdapMessageHolder() : msg(nullptr) {} + ~LdapMessageHolder() + { + if (msg) + ldap_msgfree(msg); + } + LdapMessageHolder(const LdapMessageHolder&) = delete; + LdapMessageHolder& operator=(const LdapMessageHolder&) = delete; + + LDAPMessage * msg; +}; + +LdapConnection::~LdapConnection() +{ + if (isValid()) disconnect(); +} + + +void LdapConnection::disconnect() +{ + if (mConnection != nullptr) + { + ldap_unbind_s(mConnection) ; + mConnection = nullptr; + } +} + + +static void checkLdapReturnCode(const char *aOperation, + LdapErrCode aRetCode) +{ + if (aRetCode == LDAP_SUCCESS) { return ; } + + OUString message; + + if (aOperation != nullptr) + { + message += OUString::createFromAscii(aOperation) + ": "; + } + message += OUString::createFromAscii(ldap_err2string(aRetCode)) + " (" ; + +#ifndef LDAP_OPT_SIZELIMIT // for use with OpenLDAP + char* stub = nullptr; + ldap_get_lderrno(aConnection, NULL, &stub) ; + if (stub != nullptr) + { + message += OUString::createFromAscii(stub) ; + // It would seem the message returned is actually + // not a copy of a string but rather some static + // string itself. At any rate freeing it seems to + // cause some undue problems at least on Windows. + // This call is thus disabled for the moment. + //ldap_memfree(stub) ; + } + else +#endif + { message += "No additional information"; } + + message += ")" ; + throw ldap::LdapGenericException(message, nullptr, aRetCode) ; +} + +void LdapConnection::connectSimple(const LdapDefinition& aDefinition) +{ + OSL_ENSURE(!isValid(), "Re-connecting to an LDAP connection that is already established"); + if (isValid()) disconnect(); + + mLdapDefinition = aDefinition; + connectSimple(); +} + +void LdapConnection::connectSimple() +{ + if (isValid()) + return; + + // Connect to the server + initConnection() ; + // Set Protocol V3 + int version = LDAP_VERSION3; + ldap_set_option(mConnection, + LDAP_OPT_PROTOCOL_VERSION, + &version); + +#ifdef LDAP_X_OPT_CONNECT_TIMEOUT // OpenLDAP doesn't support this and the func + /* timeout is specified in milliseconds -> 4 seconds*/ + int timeout = 4000; +#ifdef _WIN32 + ldap_set_optionW( mConnection, + LDAP_X_OPT_CONNECT_TIMEOUT, + &timeout ); +#else + ldap_set_option( mConnection, + LDAP_X_OPT_CONNECT_TIMEOUT, + &timeout ); +#endif +#endif + + // Do the bind +#ifdef _WIN32 + LdapErrCode retCode = ldap_simple_bind_sW(mConnection, + const_cast<PWSTR>(o3tl::toW(mLdapDefinition.mAnonUser.getStr())), + const_cast<PWSTR>(o3tl::toW(mLdapDefinition.mAnonCredentials.getStr())) ); +#else + LdapErrCode retCode = ldap_simple_bind_s(mConnection, + OUStringToOString( mLdapDefinition.mAnonUser, RTL_TEXTENCODING_UTF8 ).getStr(), + OUStringToOString( mLdapDefinition.mAnonCredentials, RTL_TEXTENCODING_UTF8 ).getStr()) ; +#endif + + checkLdapReturnCode("SimpleBind", retCode) ; +} + +void LdapConnection::initConnection() +{ + if (mLdapDefinition.mServer.isEmpty()) + { + throw ldap::LdapConnectionException("Cannot initialise connection to LDAP: No server specified."); + } + + if (mLdapDefinition.mPort == 0) mLdapDefinition.mPort = LDAP_PORT; + +#ifdef _WIN32 + mConnection = ldap_initW(const_cast<PWSTR>(o3tl::toW(mLdapDefinition.mServer.getStr())), + mLdapDefinition.mPort) ; +#else + mConnection = ldap_init(OUStringToOString( mLdapDefinition.mServer, RTL_TEXTENCODING_UTF8 ).getStr(), + mLdapDefinition.mPort) ; +#endif + if (mConnection == nullptr) + { + throw ldap::LdapConnectionException( + "Cannot initialise connection to LDAP server " + + mLdapDefinition.mServer + ":" + OUString::number(mLdapDefinition.mPort)); + } +} + + void LdapConnection::getUserProfile( + const OUString& aUser, LdapData * data) +{ + OSL_ASSERT(data != nullptr); + if (!isValid()) { connectSimple(); } + + OUString aUserDn =findUserDn( aUser ); + + LdapMessageHolder result; +#ifdef _WIN32 + LdapErrCode retCode = ldap_search_sW(mConnection, + const_cast<PWSTR>(o3tl::toW(aUserDn.getStr())), + LDAP_SCOPE_BASE, + const_cast<PWSTR>( L"(objectclass=*)" ), + nullptr, + 0, // Attributes + values + &result.msg) ; +#else + LdapErrCode retCode = ldap_search_s(mConnection, + OUStringToOString( aUserDn, RTL_TEXTENCODING_UTF8 ).getStr(), + LDAP_SCOPE_BASE, + "(objectclass=*)", + nullptr, + 0, // Attributes + values + &result.msg) ; +#endif + checkLdapReturnCode("getUserProfile", retCode) ; + + BerElement * ptr; +#ifdef _WIN32 + PWCHAR attr = ldap_first_attributeW(mConnection, result.msg, &ptr); + while (attr) { + PWCHAR * values = ldap_get_valuesW(mConnection, result.msg, attr); + if (values) { + const OUString aAttr( o3tl::toU( attr ) ); + const OUString aValues( o3tl::toU( *values ) ); + data->emplace( aAttr, aValues ); + ldap_value_freeW(values); + } + attr = ldap_next_attributeW(mConnection, result.msg, ptr); +#else + char * attr = ldap_first_attribute(mConnection, result.msg, &ptr); + while (attr) { + char ** values = ldap_get_values(mConnection, result.msg, attr); + if (values) { + data->emplace( + OStringToOUString(attr, RTL_TEXTENCODING_ASCII_US), + OStringToOUString(*values, RTL_TEXTENCODING_UTF8)); + ldap_value_free(values); + } + attr = ldap_next_attribute(mConnection, result.msg, ptr); +#endif + } +} + + OUString LdapConnection::findUserDn(const OUString& aUser) +{ + if (!isValid()) { connectSimple(); } + + if (aUser.isEmpty()) + { + throw lang::IllegalArgumentException( + "LdapConnection::findUserDn -User id is empty", + nullptr, 0) ; + } + + OUString filter = "(&(objectclass=" + + mLdapDefinition.mUserObjectClass + + ")(" + + mLdapDefinition.mUserUniqueAttr + + "=" + + aUser + + "))"; + + LdapMessageHolder result; +#ifdef _WIN32 + PWCHAR attributes [2] = { const_cast<PWCHAR>( L"1.1" ), nullptr }; + LdapErrCode retCode = ldap_search_sW(mConnection, + const_cast<PWSTR>(o3tl::toW(mLdapDefinition.mBaseDN.getStr())), + LDAP_SCOPE_SUBTREE, + const_cast<PWSTR>(o3tl::toW(filter.getStr())), attributes, 0, &result.msg) ; +#else + char * attributes [2] = { const_cast<char *>(LDAP_NO_ATTRS), nullptr }; + LdapErrCode retCode = ldap_search_s(mConnection, + OUStringToOString( mLdapDefinition.mBaseDN, RTL_TEXTENCODING_UTF8 ).getStr(), + LDAP_SCOPE_SUBTREE, + OUStringToOString( filter, RTL_TEXTENCODING_UTF8 ).getStr(), attributes, 0, &result.msg) ; +#endif + checkLdapReturnCode("FindUserDn", retCode) ; + OUString userDn ; + LDAPMessage *entry = ldap_first_entry(mConnection, result.msg) ; + + if (entry != nullptr) + { +#ifdef _WIN32 + PWCHAR charsDn = ldap_get_dnW(mConnection, entry) ; + + userDn = OUString( o3tl::toU( charsDn ) ); + ldap_memfreeW(charsDn) ; +#else + char *charsDn = ldap_get_dn(mConnection, entry) ; + + userDn = OStringToOUString( charsDn, RTL_TEXTENCODING_UTF8 ); + ldap_memfree(charsDn) ; +#endif + } + else + { + OSL_FAIL( "LdapConnection::findUserDn-could not get DN for User "); + } + + return userDn ; +} + + +} // extensions::config::ldap + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/extensions/source/config/ldap/ldapaccess.hxx b/extensions/source/config/ldap/ldapaccess.hxx new file mode 100644 index 000000000..36a0708b1 --- /dev/null +++ b/extensions/source/config/ldap/ldapaccess.hxx @@ -0,0 +1,133 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include <sal/config.h> + +#include <map> + +#ifdef _WIN32 +#if !defined WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include <windows.h> +#include <winldap.h> +#else // !defined _WIN32 +#include <ldap.h> +#endif // _WIN32 + +#include <com/sun/star/ldap/LdapGenericException.hpp> + +#include <com/sun/star/lang/IllegalArgumentException.hpp> + +namespace extensions::config::ldap +{ +namespace uno = css::uno; +namespace lang = css::lang; +namespace ldap = css::ldap; + +struct LdapUserProfile; + +/** Struct containing the information on LDAP connection */ +struct LdapDefinition +{ + /** LDAP server name */ + OUString mServer; + /** LDAP server port number */ + sal_Int32 mPort; + /** Repository base DN */ + OUString mBaseDN; + /** DN to use for "anonymous" connection */ + OUString mAnonUser; + /** Credentials to use for "anonymous" connection */ + OUString mAnonCredentials; + /** User Entity Object Class */ + OUString mUserObjectClass; + /** User Entity Unique Attribute */ + OUString mUserUniqueAttr; + + LdapDefinition() + : mPort(0) + { + } +}; + +typedef std::map<OUString, OUString> LdapData; // key/value pairs + +/** Class encapsulating all LDAP functionality */ +class LdapConnection +{ + friend struct LdapMessageHolder; + +public: + /** Default constructor */ + LdapConnection() + : mConnection(nullptr) + , mLdapDefinition() + { + } + /** Destructor, releases the connection */ + ~LdapConnection(); + /** Make connection to LDAP server + @throws ldap::LdapConnectionException + @throws ldap::LdapGenericException + */ + void connectSimple(const LdapDefinition& aDefinition); + + /** + Gets LdapUserProfile from LDAP repository for specified user + @param aUser name of logged on user + @param aUserProfileMap Map containing LDAP->00o mapping + @param aUserProfile struct for holding OOo values + + @throws css::ldap::LdapGenericException + if an LDAP error occurs. + */ + void getUserProfile(const OUString& aUser, LdapData* data); + + /** finds DN of user + @return DN of User + @throws lang::IllegalArgumentException + @throws ldap::LdapConnectionException + @throws ldap::LdapGenericException + */ + OUString findUserDn(const OUString& aUser); + +private: + /// @throws ldap::LdapConnectionException + void initConnection(); + void disconnect(); + /** + Indicates whether the connection is in a valid state. + @return sal_True if connection is valid, sal_False otherwise + */ + bool isValid() const { return mConnection != nullptr; } + + /// @throws ldap::LdapConnectionException + /// @throws ldap::LdapGenericException + void connectSimple(); + + /** LDAP connection object */ + LDAP* mConnection; + LdapDefinition mLdapDefinition; +}; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/extensions/source/config/ldap/ldapbe2.component b/extensions/source/config/ldap/ldapbe2.component new file mode 100644 index 000000000..8f6ea3f80 --- /dev/null +++ b/extensions/source/config/ldap/ldapbe2.component @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + --> + +<component loader="com.sun.star.loader.SharedLibrary" environment="@CPPU_ENV@" + xmlns="http://openoffice.org/2010/uno-components"> + <implementation name="com.sun.star.comp.configuration.backend.LdapUserProfileBe" + constructor="extensions_ldp_LdapUserProfileBe_get_implementation"> + <service name="com.sun.star.configuration.backend.LdapUserProfileBe"/> + </implementation> +</component> diff --git a/extensions/source/config/ldap/ldapuserprofilebe.cxx b/extensions/source/config/ldap/ldapuserprofilebe.cxx new file mode 100644 index 000000000..2012afd8b --- /dev/null +++ b/extensions/source/config/ldap/ldapuserprofilebe.cxx @@ -0,0 +1,214 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + +#include "ldapaccess.hxx" +#include "ldapuserprofilebe.hxx" +#include <sal/log.hxx> +#include <tools/diagnose_ex.h> + +#include <rtl/instance.hxx> +#include <com/sun/star/beans/NamedValue.hpp> +#include <com/sun/star/beans/Optional.hpp> +#include <com/sun/star/configuration/theDefaultProvider.hpp> +#include <comphelper/scopeguard.hxx> +#include <cppuhelper/supportsservice.hxx> +#include <osl/security.hxx> + + +namespace extensions::config::ldap { + +LdapUserProfileBe::LdapUserProfileBe( const uno::Reference<uno::XComponentContext>& xContext) +: BackendBase(m_aMutex) +{ + LdapDefinition aDefinition; + OUString loggedOnUser; + // true initially to handle reentrant call; will become false if readLdapConfiguration fails + bool bHaveLdapConfiguration = true; + + // This whole rigmarole is to prevent an infinite recursion where reading + // the configuration for the backend would create another instance of the + // backend, which would try and read the configuration which would... + { + osl::Mutex & aInitMutex = rtl::Static< osl::Mutex, LdapUserProfileBe >::get(); + osl::MutexGuard aInitGuard(aInitMutex); + + static bool bReentrantCall; // = false + OSL_ENSURE(!bReentrantCall, "configuration: Ldap Backend constructor called reentrantly - probably a registration error."); + + if (!bReentrantCall) + { + bReentrantCall = true ; + comphelper::ScopeGuard aReentrantCallGuard([]() { bReentrantCall = false; }); + // Don't throw on fail: this will crash if LDAP is misconfigured, and user opens + // Expert Configuration dialog. Instead, just don't fill data_, which will make the + // backend return empty values. This happens in SvtUserOptions::Impl::GetValue_Impl + // anyway even in throwing scenario, but doing it here also improves performance + // because of avoiding repeated attempts to create the backend. + bHaveLdapConfiguration = readLdapConfiguration( + xContext, &aDefinition, &loggedOnUser); + if (!bHaveLdapConfiguration) + SAL_WARN("extensions.config", "LdapUserProfileBackend: LDAP not configured"); + } + } + + if (bHaveLdapConfiguration) + { + LdapConnection connection; + connection.connectSimple(aDefinition); + connection.getUserProfile(loggedOnUser, &data_); + } +} + +LdapUserProfileBe::~LdapUserProfileBe() +{ +} + + +bool LdapUserProfileBe::readLdapConfiguration( + css::uno::Reference< css::uno::XComponentContext > const & context, + LdapDefinition * definition, OUString * loggedOnUser) +{ + OSL_ASSERT(context.is() && definition != nullptr && loggedOnUser != nullptr); + + uno::Reference< XInterface > xIface; + try + { + uno::Reference< lang::XMultiServiceFactory > xCfgProvider( + css::configuration::theDefaultProvider::get(context)); + + css::beans::NamedValue aPath("nodepath", uno::Any(OUString("org.openoffice.LDAP/UserDirectory")) ); + + uno::Sequence< uno::Any > aArgs{ uno::Any(aPath) }; + + xIface = xCfgProvider->createInstanceWithArguments("com.sun.star.configuration.ConfigurationAccess", aArgs); + + uno::Reference<container::XNameAccess > xAccess(xIface, uno::UNO_QUERY_THROW); + xAccess->getByName("ServerDefinition") >>= xIface; + + uno::Reference<container::XNameAccess > xChildAccess(xIface, uno::UNO_QUERY_THROW); + + if (!getLdapStringParam(xChildAccess, "Server", definition->mServer)) + return false; + if (!getLdapStringParam(xChildAccess, "BaseDN", definition->mBaseDN)) + return false; + + definition->mPort=0; + xChildAccess->getByName("Port") >>= definition->mPort ; + if (definition->mPort == 0) + return false; + + if (!getLdapStringParam(xAccess, "UserObjectClass", definition->mUserObjectClass)) + return false; + if (!getLdapStringParam(xAccess, "UserUniqueAttribute", definition->mUserUniqueAttr)) + return false; + + getLdapStringParam(xAccess, "SearchUser", definition->mAnonUser); + getLdapStringParam(xAccess, "SearchPassword", definition->mAnonCredentials); + } + catch (const uno::Exception&) + { + TOOLS_WARN_EXCEPTION("extensions.config", "LdapUserProfileBackend: access to configuration data failed"); + return false; + } + + osl::Security aSecurityContext; + if (!aSecurityContext.getUserName(*loggedOnUser)) + SAL_WARN("extensions.config", "LdapUserProfileBackend - could not get Logged on user from system"); + + sal_Int32 nIndex = loggedOnUser->indexOf('/'); + if (nIndex > 0) + *loggedOnUser = loggedOnUser->copy(nIndex+1); + + return true; +} + + +bool LdapUserProfileBe::getLdapStringParam( + uno::Reference<container::XNameAccess> const & xAccess, + const OUString& aLdapSetting, + OUString& aServerParameter) +{ + xAccess->getByName(aLdapSetting) >>= aServerParameter; + + return !aServerParameter.isEmpty(); +} + +void LdapUserProfileBe::setPropertyValue( + OUString const &, css::uno::Any const &) +{ + throw css::lang::IllegalArgumentException( + "setPropertyValue not supported", + static_cast< cppu::OWeakObject * >(this), -1); +} + +css::uno::Any LdapUserProfileBe::getPropertyValue( + OUString const & PropertyName) +{ + for (sal_Int32 i = 0;;) { + sal_Int32 j = PropertyName.indexOf(',', i); + if (j == -1) { + j = PropertyName.getLength(); + } + if (j == i) { + throw css::beans::UnknownPropertyException( + PropertyName, static_cast< cppu::OWeakObject * >(this)); + } + LdapData::iterator k(data_.find(PropertyName.copy(i, j - i))); + if (k != data_.end()) { + return css::uno::Any( + css::beans::Optional< css::uno::Any >( + true, css::uno::Any(k->second))); + } + if (j == PropertyName.getLength()) { + break; + } + i = j + 1; + } + return css::uno::Any(css::beans::Optional< css::uno::Any >()); +} + + +OUString SAL_CALL LdapUserProfileBe::getImplementationName() +{ + return "com.sun.star.comp.configuration.backend.LdapUserProfileBe"; +} + +sal_Bool SAL_CALL LdapUserProfileBe::supportsService(const OUString& aServiceName) +{ + return cppu::supportsService(this, aServiceName); +} + +uno::Sequence<OUString> +SAL_CALL LdapUserProfileBe::getSupportedServiceNames() +{ + return { "com.sun.star.configuration.backend.LdapUserProfileBe" }; +} + +} + +extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface* +extensions_ldp_LdapUserProfileBe_get_implementation( + css::uno::XComponentContext* context , css::uno::Sequence<css::uno::Any> const&) +{ + return cppu::acquire(new extensions::config::ldap::LdapUserProfileBe(context)); +} + + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/extensions/source/config/ldap/ldapuserprofilebe.hxx b/extensions/source/config/ldap/ldapuserprofilebe.hxx new file mode 100644 index 000000000..2f0536532 --- /dev/null +++ b/extensions/source/config/ldap/ldapuserprofilebe.hxx @@ -0,0 +1,113 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +#pragma once + +#include <com/sun/star/beans/XPropertySet.hpp> +#include <com/sun/star/lang/XServiceInfo.hpp> +#include <com/sun/star/container/XNameAccess.hpp> +#include <cppuhelper/compbase.hxx> +#include <cppuhelper/basemutex.hxx> + +#include "ldapaccess.hxx" + +namespace com::sun::star::uno { + class XComponentContext; +} + +namespace extensions::config::ldap { + +namespace uno = css::uno ; +namespace lang = css::lang ; +namespace container = css::container; + +struct LdapDefinition; + +typedef cppu::WeakComponentImplHelper<css::beans::XPropertySet, + lang::XServiceInfo> BackendBase ; + +/** + Implements the PlatformBackend service, a specialization of the + XPropertySet service for retrieving LDAP user profile + configuration settings from an LDAP repository. + */ +class LdapUserProfileBe : private cppu::BaseMutex, public BackendBase +{ + public: + + explicit LdapUserProfileBe(const uno::Reference<uno::XComponentContext>& xContext); + virtual ~LdapUserProfileBe() override ; + + // XServiceInfo + virtual OUString SAL_CALL + getImplementationName( ) override ; + + virtual sal_Bool SAL_CALL + supportsService( const OUString& aServiceName ) override ; + + virtual uno::Sequence<OUString> SAL_CALL + getSupportedServiceNames( ) override ; + + // XPropertySet + virtual css::uno::Reference< css::beans::XPropertySetInfo > SAL_CALL + getPropertySetInfo() override + { return css::uno::Reference< css::beans::XPropertySetInfo >(); } + + virtual void SAL_CALL setPropertyValue( + OUString const &, css::uno::Any const &) override; + + virtual css::uno::Any SAL_CALL getPropertyValue( + OUString const & PropertyName) override; + + virtual void SAL_CALL addPropertyChangeListener( + OUString const &, + css::uno::Reference< css::beans::XPropertyChangeListener > const &) override + {} + + virtual void SAL_CALL removePropertyChangeListener( + OUString const &, + css::uno::Reference< css::beans::XPropertyChangeListener > const &) override + {} + + virtual void SAL_CALL addVetoableChangeListener( + OUString const &, + css::uno::Reference< css::beans::XVetoableChangeListener > const &) override + {} + + virtual void SAL_CALL removeVetoableChangeListener( + OUString const &, + css::uno::Reference< css::beans::XVetoableChangeListener > const &) override + {} + + private: + /** Check if LDAP is configured */ + static bool readLdapConfiguration( + uno::Reference<uno::XComponentContext> const & context, + LdapDefinition * definition, OUString * loggedOnUser); + + static bool getLdapStringParam(uno::Reference<container::XNameAccess> const & xAccess, + const OUString& aLdapSetting, + OUString& aServerParameter); + + LdapData data_; +} ; + +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |