3 commits - lib/api lib/Auth lib/kolab_api_controller.php
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Sun Aug 25 14:18:29 CEST 2013
lib/Auth/LDAP.php | 82 +++++++++++++++++++++++++++--
lib/api/kolab_api_service_group.php | 2
lib/api/kolab_api_service_resource.php | 2
lib/api/kolab_api_service_role.php | 2
lib/api/kolab_api_service_sharedfolder.php | 2
lib/api/kolab_api_service_user.php | 2
lib/kolab_api_controller.php | 2
7 files changed, 85 insertions(+), 9 deletions(-)
New commits:
commit 7550e7ce7238e0cfe12bde02b14738c44aede573
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Aug 25 14:17:32 2013 +0200
Pass on $domain_name (actually set), not $domain
diff --git a/lib/kolab_api_controller.php b/lib/kolab_api_controller.php
index 26f4a58..f58d717 100644
--- a/lib/kolab_api_controller.php
+++ b/lib/kolab_api_controller.php
@@ -378,7 +378,7 @@ class kolab_api_controller
foreach ($this->services as $sname => $handler) {
$service = $this->get_service($sname);
- foreach ($service->capabilities($domain) as $method => $type) {
+ foreach ($service->capabilities($domain_name) as $method => $type) {
$actions["$sname.$method"] = array('type' => $type);
}
}
commit d91cf2eca6c0a0cfaa7f141df1a9bfbe62dfd873
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Sun Aug 25 14:17:08 2013 +0200
Actually use the domain when specified with the capabilities request
diff --git a/lib/api/kolab_api_service_group.php b/lib/api/kolab_api_service_group.php
index e7d7c2b..b1fc2ad 100644
--- a/lib/api/kolab_api_service_group.php
+++ b/lib/api/kolab_api_service_group.php
@@ -39,7 +39,7 @@ class kolab_api_service_group extends kolab_api_service
{
//console("kolab_api_service_group::capabilities");
- $auth = Auth::get_instance();
+ $auth = Auth::get_instance($domain);
$effective_rights = $auth->list_rights('group');
$rights = array();
diff --git a/lib/api/kolab_api_service_resource.php b/lib/api/kolab_api_service_resource.php
index b496bca..149fe57 100644
--- a/lib/api/kolab_api_service_resource.php
+++ b/lib/api/kolab_api_service_resource.php
@@ -39,7 +39,7 @@ class kolab_api_service_resource extends kolab_api_service
{
//console("kolab_api_service_group::capabilities");
- $auth = Auth::get_instance();
+ $auth = Auth::get_instance($domain);
$effective_rights = $auth->list_rights('resource');
$rights = array();
diff --git a/lib/api/kolab_api_service_role.php b/lib/api/kolab_api_service_role.php
index c0e672a..6ca2231 100644
--- a/lib/api/kolab_api_service_role.php
+++ b/lib/api/kolab_api_service_role.php
@@ -39,7 +39,7 @@ class kolab_api_service_role extends kolab_api_service
{
//console("kolab_api_service_role::capabilities");
- $auth = Auth::get_instance();
+ $auth = Auth::get_instance($domain);
$effective_rights = $auth->list_rights('role');
$rights = array();
diff --git a/lib/api/kolab_api_service_sharedfolder.php b/lib/api/kolab_api_service_sharedfolder.php
index 55b060b..6d3a3dd 100644
--- a/lib/api/kolab_api_service_sharedfolder.php
+++ b/lib/api/kolab_api_service_sharedfolder.php
@@ -39,7 +39,7 @@ class kolab_api_service_sharedfolder extends kolab_api_service
{
//console("kolab_api_service_group::capabilities");
- $auth = Auth::get_instance();
+ $auth = Auth::get_instance($domain);
$effective_rights = $auth->list_rights('sharedfolder');
$rights = array();
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index 9e4cdde..7b6bd0e 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -39,7 +39,7 @@ class kolab_api_service_user extends kolab_api_service
{
//console("kolab_api_service_group::capabilities");
- $auth = Auth::get_instance();
+ $auth = Auth::get_instance($domain);
$effective_rights = $auth->list_rights('user');
commit 497f2c74da74b4960d8cbab8764f0a2d0d0e592c
Author: Aleksander Machniak (Kolab Systems) <machniak at kolabsys.com>
Date: Sun Aug 25 14:06:40 2013 +0200
Enable caching of get_effectiverights() results, that are otherwise very expensive to execute each time we need to iterate over all domains / root dns
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 02aa27b..989d58a 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -538,6 +538,14 @@ class LDAP extends Net_LDAP3 {
*/
public function effective_rights($subject)
{
+ $cache = $this->get_cache();
+ $ckey = $_SESSION['user']->user_bind_dn . '#'
+ . md5($this->domain . '::' . $subject . '::' . $_SESSION['user']->user_bind_pw);
+
+ if ($cache && ($result = $cache->get($ckey))) {
+ return $result;
+ }
+
// Ensure we are bound with the user's credentials
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
@@ -559,10 +567,16 @@ class LDAP extends Net_LDAP3 {
}
if (!$result) {
- return $this->legacy_rights($subject);
- } else {
- return $result;
+ $result = $this->legacy_rights($subject);
+ }
+
+ if ($cache) {
+ if (!$cache->replace($ckey, $result, MEMCACHE_COMPRESSED, 3600)) {
+ $cache->set($ckey, $result, MEMCACHE_COMPRESSED, 3600);
+ }
}
+
+ return $result;
}
public function find_recipient($address)
@@ -1490,4 +1504,66 @@ class LDAP extends Net_LDAP3 {
return "dc=" . implode(',dc=', explode('.', $relevant_associatedDomain));
}
+ /**
+ * Get global handle for memcache access
+ *
+ * @return object Memcache
+ */
+ public function get_cache()
+ {
+ if (!isset($this->memcache)) {
+ // no memcache support in PHP
+ if (!class_exists('Memcache')) {
+ $this->memcache = false;
+ return false;
+ }
+ // add all configured hosts to pool
+ $pconnect = $this->conf->get('kolab_wap', 'memcache_pconnect', Conf::BOOL);
+ $hosts = $this->conf->get('kolab_wap', 'memcache_hosts');
+
+ if ($hosts) {
+ $this->memcache = new Memcache;
+ $this->mc_available = 0;
+
+ $hosts = explode(',', $hosts);
+ foreach ($hosts as $host) {
+ $host = trim($host);
+ if (substr($host, 0, 7) != 'unix://') {
+ list($host, $port) = explode(':', $host);
+ if (!$port) $port = 11211;
+ }
+ else {
+ $port = 0;
+ }
+
+ $this->mc_available += intval($this->memcache->addServer(
+ $host, $port, $pconnect, 1, 1, 15, false, array($this, 'memcache_failure')));
+ }
+ }
+
+ // test connection and failover (will result in $this->mc_available == 0 on complete failure)
+ $this->memcache->increment('__CONNECTIONTEST__', 1); // NOP if key doesn't exist
+
+ if (!$this->mc_available) {
+ $this->memcache = false;
+ }
+ }
+
+ return $this->memcache;
+ }
+
+ /**
+ * Callback for memcache failure
+ */
+ public function memcache_failure($host, $port)
+ {
+ static $seen = array();
+
+ // only report once
+ if (!$seen["$host:$port"]++) {
+ $this->mc_available--;
+ Log::error("Memcache failure on host $host:$port");
+ }
+ }
+
}
More information about the commits
mailing list