/** * Get the configuration for a specific resource * * @param $resourceName String The resource's name * * @return ConfigObject The configuration of the resource * * @throws ConfigurationError */ public static function getResourceConfig($resourceName) { self::assertResourcesExist(); $resourceConfig = self::$resources->getSection($resourceName); if ($resourceConfig->isEmpty()) { throw new ConfigurationError('Cannot load resource config "%s". Resource does not exist', $resourceName); } return $resourceConfig; }
/** * @depends testWhetherConfigReturnsSingleSections */ public function testWhetherConfigSetsSingleSections() { $config = new Config(); $config->setSection('a', array('b' => 'c')); $this->assertInstanceOf('Icinga\\Data\\ConfigObject', $config->getSection('a'), 'Config::setSection does not set a new section'); $config->setSection('a', array('bb' => 'cc')); $this->assertNull($config->getSection('a')->b, 'Config::setSection does not overwrite existing sections'); $this->assertEquals('cc', $config->getSection('a')->bb, 'Config::setSection does not overwrite existing sections'); }
/** * Create and return a user backend with the given name and given configuration applied to it * * @param string $name * @param ConfigObject $backendConfig * * @return UserBackendInterface * * @throws ConfigurationError */ public static function create($name, ConfigObject $backendConfig = null) { if ($backendConfig === null) { self::assertBackendsExist(); if (self::$backends->hasSection($name)) { $backendConfig = self::$backends->getSection($name); } else { throw new ConfigurationError('User backend "%s" does not exist', $name); } } if ($backendConfig->name !== null) { $name = $backendConfig->name; } if (!($backendType = strtolower($backendConfig->backend))) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name); } if ($backendType === 'external') { $backend = new ExternalBackend($backendConfig); $backend->setName($name); return $backend; } if (in_array($backendType, static::$defaultBackends)) { // The default backend check is the first one because of performance reasons: // Do not attempt to load a custom user backend unless it's actually required } elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) { $backend = new $customClass($backendConfig); if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) { throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass); } $backend->setName($name); return $backend; } else { throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType); } if ($backendConfig->resource === null) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name); } $resource = ResourceFactory::create($backendConfig->resource); switch ($backendType) { case 'db': $backend = new DbUserBackend($resource); break; case 'msldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'user')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName')); $backend->setFilter($backendConfig->filter); break; case 'ldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid')); $backend->setFilter($backendConfig->filter); break; } $backend->setName($name); return $backend; }
/** * Unshare the given navigation item * * @param string $name * @param string $parent * * @return Config The new config of the given navigation item * * @throws NotFoundError In case no navigation item with the given name is found * @throws IcingaException In case the navigation item has a parent assigned to it */ public function unshare($name, $parent = null) { $config = $this->getShareConfig(); if (!$config->hasSection($name)) { throw new NotFoundError('No navigation item called "%s" found', $name); } $itemConfig = $config->getSection($name); if ($parent === null) { $parent = $itemConfig->parent; } if ($parent && $this->hasBeenShared($parent)) { throw new IcingaException($this->translate('Unable to unshare navigation item "%s". It is dependent from item "%s".' . ' Dependent items can only be unshared by unsharing their parent'), $name, $parent); } $children = $this->getFlattenedChildren($name); $config->removeSection($name); $this->secondaryConfig = $config; if (!$itemConfig->owner || $itemConfig->owner === $this->getUser()->getUsername()) { $config = $this->getUserConfig(); } else { $config = Config::navigation($itemConfig->type, $itemConfig->owner); } foreach ($children as $child) { $childConfig = $this->secondaryConfig->getSection($child); unset($childConfig->owner); $this->secondaryConfig->removeSection($child); $config->setSection($child, $childConfig); } unset($itemConfig->owner); unset($itemConfig->users); unset($itemConfig->groups); $config->setSection($name, $itemConfig); $this->setIniConfig($config); return $config; }
/** * {@inheritdoc} */ protected function writeConfig(Config $config) { // TODO: Remove this once #11743 is fixed $section = $config->getSection('elasticsearch'); foreach ($section->toArray() as $key => $value) { if ($value === null) { unset($section->{$key}); } } parent::writeConfig($config); }
public function setAuthenticated(User $user, $persist = true) { $username = $user->getUsername(); try { $config = Config::app(); } catch (NotReadableError $e) { Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e)); $config = new Config(); } if ($config->get('preferences', 'store', 'ini') !== 'none') { $preferencesConfig = $config->getSection('preferences'); try { $preferencesStore = PreferencesStore::create($preferencesConfig, $user); $preferences = new Preferences($preferencesStore->load()); } catch (Exception $e) { Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e)); $preferences = new Preferences(); } } else { $preferences = new Preferences(); } $user->setPreferences($preferences); $groups = $user->getGroups(); foreach (Config::app('groups') as $name => $config) { try { $groupBackend = UserGroupBackend::create($name, $config); $groupsFromBackend = $groupBackend->getMemberships($user); } catch (Exception $e) { Logger::error('Can\'t get group memberships for user \'%s\' from backend \'%s\'. An exception was thrown: %s', $username, $name, $e); continue; } if (empty($groupsFromBackend)) { continue; } $groupsFromBackend = array_values($groupsFromBackend); $groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend)); } $user->setGroups($groups); $admissionLoader = new AdmissionLoader(); list($permissions, $restrictions) = $admissionLoader->getPermissionsAndRestrictions($user); $user->setPermissions($permissions); $user->setRestrictions($restrictions); $this->user = $user; if ($persist) { $this->persistCurrentUser(); } }
/** * Set up logger * * @return $this */ protected function setupLogger() { if ($this->config->hasSection('logging')) { $loggingConfig = $this->config->getSection('logging'); try { Logger::create($loggingConfig); } catch (ConfigurationError $e) { Logger::getInstance()->registerConfigError($e->getMessage()); try { Logger::getInstance()->setLevel($loggingConfig->get('level', Logger::ERROR)); } catch (ConfigurationError $e) { Logger::getInstance()->registerConfigError($e->getMessage()); } } } return $this; }
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig) { // TODO: Provide a more sophisticated solution if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) { unset($config['owner']); if (isset($this->accessibleMenuItems[$config['parent']])) { return $this->accessibleMenuItems[$config['parent']]; } $parentConfig = $navConfig->getSection($config['parent']); $this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig); return $this->accessibleMenuItems[$config['parent']]; } if (isset($config['users'])) { $users = array_map('trim', explode(',', strtolower($config['users']))); if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } if (isset($config['groups'])) { $groups = array_map('trim', explode(',', strtolower($config['groups']))); if (in_array('*', $groups, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } $userGroups = array_map('strtolower', $this->user->getGroups()); $matches = array_intersect($userGroups, $groups); if (!empty($matches)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } return false; }
/** * Search for deleted properties and use the editor to delete these entries * * @param Config $oldconfig The config representing the state before the change * @param Config $newconfig The config representing the state after the change * @param Document $doc * * @throws ProgrammingError */ protected function diffPropertyDeletions(Config $oldconfig, Config $newconfig, Document $doc) { // Iterate over all properties in the old configuration file and remove those that don't // exist in the new config foreach ($oldconfig->toArray() as $section => $directives) { if (!is_array($directives)) { Logger::warning('Section-less property ' . (string) $directives . ' was ignored.'); continue; } if ($newconfig->hasSection($section)) { $newSection = $newconfig->getSection($section); $oldDomSection = $doc->getSection($section); foreach ($directives as $key => $value) { if ($value instanceof ConfigObject) { throw new ProgrammingError('Cannot diff recursive configs'); } if (null === $newSection->get($key) && $oldDomSection->hasDirective($key)) { $oldDomSection->removeDirective($key); } } } else { $doc->removeSection($section); } } }