3 commits - lib/api lib/Auth lib/kolab_api_controller.php

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Sun Aug 25 14:18:29 CEST 2013 

 lib/Auth/LDAP.php                          |   82 +++++++++++++++++++++++++++--
 lib/api/kolab_api_service_group.php        |    2 
 lib/api/kolab_api_service_resource.php     |    2 
 lib/api/kolab_api_service_role.php         |    2 
 lib/api/kolab_api_service_sharedfolder.php |    2 
 lib/api/kolab_api_service_user.php         |    2 
 lib/kolab_api_controller.php               |    2 
 7 files changed, 85 insertions(+), 9 deletions(-)

New commits:
commit 7550e7ce7238e0cfe12bde02b14738c44aede573
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Aug 25 14:17:32 2013 +0200

    Pass on $domain_name (actually set), not $domain

diff --git a/lib/kolab_api_controller.php b/lib/kolab_api_controller.php
index 26f4a58..f58d717 100644
--- a/lib/kolab_api_controller.php
+++ b/lib/kolab_api_controller.php
@@ -378,7 +378,7 @@ class kolab_api_controller
 
             foreach ($this->services as $sname => $handler) {
                 $service = $this->get_service($sname);
-                foreach ($service->capabilities($domain) as $method => $type) {
+                foreach ($service->capabilities($domain_name) as $method => $type) {
                     $actions["$sname.$method"] = array('type' => $type);
                 }
             }


commit d91cf2eca6c0a0cfaa7f141df1a9bfbe62dfd873
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Aug 25 14:17:08 2013 +0200

    Actually use the domain when specified with the capabilities request

diff --git a/lib/api/kolab_api_service_group.php b/lib/api/kolab_api_service_group.php
index e7d7c2b..b1fc2ad 100644
--- a/lib/api/kolab_api_service_group.php
+++ b/lib/api/kolab_api_service_group.php
@@ -39,7 +39,7 @@ class kolab_api_service_group extends kolab_api_service
     {
         //console("kolab_api_service_group::capabilities");
 
-        $auth             = Auth::get_instance();
+        $auth             = Auth::get_instance($domain);
         $effective_rights = $auth->list_rights('group');
         $rights           = array();
 
diff --git a/lib/api/kolab_api_service_resource.php b/lib/api/kolab_api_service_resource.php
index b496bca..149fe57 100644
--- a/lib/api/kolab_api_service_resource.php
+++ b/lib/api/kolab_api_service_resource.php
@@ -39,7 +39,7 @@ class kolab_api_service_resource extends kolab_api_service
     {
         //console("kolab_api_service_group::capabilities");
 
-        $auth             = Auth::get_instance();
+        $auth             = Auth::get_instance($domain);
         $effective_rights = $auth->list_rights('resource');
         $rights           = array();
 
diff --git a/lib/api/kolab_api_service_role.php b/lib/api/kolab_api_service_role.php
index c0e672a..6ca2231 100644
--- a/lib/api/kolab_api_service_role.php
+++ b/lib/api/kolab_api_service_role.php
@@ -39,7 +39,7 @@ class kolab_api_service_role extends kolab_api_service
     {
         //console("kolab_api_service_role::capabilities");
 
-        $auth             = Auth::get_instance();
+        $auth             = Auth::get_instance($domain);
         $effective_rights = $auth->list_rights('role');
         $rights           = array();
 
diff --git a/lib/api/kolab_api_service_sharedfolder.php b/lib/api/kolab_api_service_sharedfolder.php
index 55b060b..6d3a3dd 100644
--- a/lib/api/kolab_api_service_sharedfolder.php
+++ b/lib/api/kolab_api_service_sharedfolder.php
@@ -39,7 +39,7 @@ class kolab_api_service_sharedfolder extends kolab_api_service
     {
         //console("kolab_api_service_group::capabilities");
 
-        $auth             = Auth::get_instance();
+        $auth             = Auth::get_instance($domain);
         $effective_rights = $auth->list_rights('sharedfolder');
         $rights           = array();
 
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index 9e4cdde..7b6bd0e 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -39,7 +39,7 @@ class kolab_api_service_user extends kolab_api_service
     {
         //console("kolab_api_service_group::capabilities");
 
-        $auth = Auth::get_instance();
+        $auth = Auth::get_instance($domain);
 
         $effective_rights = $auth->list_rights('user');
 


commit 497f2c74da74b4960d8cbab8764f0a2d0d0e592c
Author: Aleksander Machniak (Kolab Systems) <machniak at kolabsys.com>
Date:   Sun Aug 25 14:06:40 2013 +0200

    Enable caching of get_effectiverights() results, that are otherwise very expensive to execute each time we need to iterate over all domains / root dns

diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 02aa27b..989d58a 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -538,6 +538,14 @@ class LDAP extends Net_LDAP3 {
      */
     public function effective_rights($subject)
     {
+        $cache = $this->get_cache();
+        $ckey  = $_SESSION['user']->user_bind_dn . '#'
+            . md5($this->domain . '::' . $subject . '::' . $_SESSION['user']->user_bind_pw);
+
+        if ($cache && ($result = $cache->get($ckey))) {
+            return $result;
+        }
+
         // Ensure we are bound with the user's credentials
         $this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
 
@@ -559,10 +567,16 @@ class LDAP extends Net_LDAP3 {
         }
 
         if (!$result) {
-            return $this->legacy_rights($subject);
-        } else {
-            return $result;
+            $result = $this->legacy_rights($subject);
+        }
+
+        if ($cache) {
+            if (!$cache->replace($ckey, $result, MEMCACHE_COMPRESSED, 3600)) {
+                $cache->set($ckey, $result, MEMCACHE_COMPRESSED, 3600);
+            }
         }
+
+        return $result;
     }
 
     public function find_recipient($address)
@@ -1490,4 +1504,66 @@ class LDAP extends Net_LDAP3 {
         return "dc=" . implode(',dc=', explode('.', $relevant_associatedDomain));
     }
 
+    /**
+     * Get global handle for memcache access
+     *
+     * @return object Memcache
+     */
+    public function get_cache()
+    {
+        if (!isset($this->memcache)) {
+            // no memcache support in PHP
+            if (!class_exists('Memcache')) {
+                $this->memcache = false;
+                return false;
+            }
+            // add all configured hosts to pool
+            $pconnect = $this->conf->get('kolab_wap', 'memcache_pconnect', Conf::BOOL);
+            $hosts    = $this->conf->get('kolab_wap', 'memcache_hosts');
+
+            if ($hosts) {
+                $this->memcache     = new Memcache;
+                $this->mc_available = 0;
+
+                $hosts = explode(',', $hosts);
+                foreach ($hosts as $host) {
+                    $host = trim($host);
+                    if (substr($host, 0, 7) != 'unix://') {
+                        list($host, $port) = explode(':', $host);
+                        if (!$port) $port = 11211;
+                    }
+                    else {
+                        $port = 0;
+                    }
+
+                    $this->mc_available += intval($this->memcache->addServer(
+                        $host, $port, $pconnect, 1, 1, 15, false, array($this, 'memcache_failure')));
+                }
+            }
+
+            // test connection and failover (will result in $this->mc_available == 0 on complete failure)
+            $this->memcache->increment('__CONNECTIONTEST__', 1);  // NOP if key doesn't exist
+
+            if (!$this->mc_available) {
+                $this->memcache = false;
+            }
+        }
+
+        return $this->memcache;
+    }
+
+    /**
+     * Callback for memcache failure
+     */
+    public function memcache_failure($host, $port)
+    {
+        static $seen = array();
+
+        // only report once
+        if (!$seen["$host:$port"]++) {
+            $this->mc_available--;
+            Log::error("Memcache failure on host $host:$port");
+        }
+    }
+
 }

More information about the commits mailing list