/* * mxisd - Matrix Identity Server Daemon * Copyright (C) 2017 Kamax Sarl * * https://www.kamax.io/ * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package io.kamax.mxisd.backend.ldap; import io.kamax.mxisd.config.MatrixConfig; import io.kamax.mxisd.config.ldap.LdapConfig; import io.kamax.mxisd.exception.InternalServerError; import io.kamax.mxisd.lookup.SingleLookupReply; import io.kamax.mxisd.lookup.SingleLookupRequest; import io.kamax.mxisd.lookup.ThreePidMapping; import io.kamax.mxisd.lookup.provider.IThreePidProvider; import io.kamax.mxisd.util.GsonUtil; import org.apache.directory.api.ldap.model.cursor.CursorException; import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException; import org.apache.directory.api.ldap.model.cursor.EntryCursor; import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.exception.LdapException; import org.apache.directory.api.ldap.model.message.SearchScope; import org.apache.directory.ldap.client.api.LdapConnection; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Optional; import java.util.stream.Collectors; public class LdapThreePidProvider extends LdapBackend implements IThreePidProvider { private transient final Logger log = LoggerFactory.getLogger(LdapThreePidProvider.class); public LdapThreePidProvider(LdapConfig cfg, MatrixConfig mxCfg) { super(cfg, mxCfg); } @Override public boolean isLocal() { return true; } @Override public int getPriority() { return 20; } private Optional lookup(LdapConnection conn, String medium, String value) { Optional tPidQueryOpt = getCfg().getIdentity().getQuery(medium); if (!tPidQueryOpt.isPresent()) { log.warn("{} is not a configured 3PID type for LDAP lookup", medium); return Optional.empty(); } // we merge 3PID specific query with global/specific filter, if one exists. String tPidQuery = tPidQueryOpt.get().replaceAll(getCfg().getIdentity().getToken(), value); String searchQuery = buildWithFilter(tPidQuery, getCfg().getIdentity().getFilter()); log.debug("Query: {}", searchQuery); log.debug("Attributes: {}", GsonUtil.build().toJson(getUidAtt())); for (String baseDN : getBaseDNs()) { log.debug("Base DN: {}", baseDN); try (EntryCursor cursor = conn.search(baseDN, searchQuery, SearchScope.SUBTREE, getUidAtt())) { while (cursor.next()) { Entry entry = cursor.get(); log.info("Found possible match, DN: {}", entry.getDn().getName()); Optional data = getAttribute(entry, getUidAtt()); if (!data.isPresent()) { continue; } log.info("DN {} is a valid match", entry.getDn().getName()); return Optional.of(buildMatrixIdFromUid(data.get())); } } catch (CursorLdapReferralException e) { log.warn("3PID {} is only available via referral, skipping", value); } catch (IOException | LdapException | CursorException e) { throw new InternalServerError(e); } } return Optional.empty(); } @Override public Optional find(SingleLookupRequest request) { log.info("Performing LDAP lookup {} of type {}", request.getThreePid(), request.getType()); try (LdapConnection conn = getConn()) { bind(conn); return lookup(conn, request.getType(), request.getThreePid()).map(id -> new SingleLookupReply(request, id)); } catch (LdapException | IOException e) { throw new InternalServerError(e); } } @Override public List populate(List mappings) { log.info("Looking up {} mappings", mappings.size()); List mappingsFound = new ArrayList<>(); try (LdapConnection conn = getConn()) { bind(conn); for (ThreePidMapping mapping : mappings) { try { lookup(conn, mapping.getMedium(), mapping.getValue()).ifPresent(id -> { mapping.setMxid(id); mappingsFound.add(mapping); }); } catch (IllegalArgumentException e) { log.warn("{} is not a supported 3PID type for LDAP lookup", mapping.getMedium()); } } } catch (LdapException | IOException e) { throw new InternalServerError(e); } return mappingsFound; } private List getAttributes() { final List attributes = getCfg().getAttribute().getThreepid().values().stream().flatMap(List::stream) .collect(Collectors.toList()); attributes.add(getUidAtt()); return attributes; } private Optional getAttributeValue(Entry entry, List attributes) { return attributes.stream() .map(attr -> getAttribute(entry, attr)) .filter(Objects::nonNull) .filter(Optional::isPresent) .map(Optional::get) .findFirst(); } @Override public Iterable populateHashes() { List result = new ArrayList<>(); String filter = getCfg().getIdentity().getFilter(); try (LdapConnection conn = getConn()) { bind(conn); log.debug("Query: {}", filter); List attributes = getAttributes(); log.debug("Attributes: {}", GsonUtil.build().toJson(attributes)); for (String baseDN : getBaseDNs()) { log.debug("Base DN: {}", baseDN); try (EntryCursor cursor = conn.search(baseDN, filter, SearchScope.SUBTREE, attributes.toArray(new String[0]))) { while (cursor.next()) { Entry entry = cursor.get(); log.info("Found possible match, DN: {}", entry.getDn().getName()); Optional mxid = getAttribute(entry, getUidAtt()); if (!mxid.isPresent()) { continue; } for (Map.Entry> attributeEntry : getCfg().getAttribute().getThreepid().entrySet()) { String medium = attributeEntry.getKey(); getAttributeValue(entry, attributeEntry.getValue()) .ifPresent(s -> result.add(new ThreePidMapping(medium, s, buildMatrixIdFromUid(mxid.get())))); } } } catch (CursorLdapReferralException e) { log.warn("3PID is only available via referral, skipping", e); } catch (IOException | LdapException | CursorException e) { log.error("Unable to fetch 3PID mappings", e); } } } catch (LdapException | IOException e) { log.error("Unable to fetch 3PID mappings", e); } return result; } }