/**
* Validate the resource configuration by trying to connect with it
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidResource(Form $form)
{
$result = ResourceFactory::createResource(new ConfigObject($form->getValues()))->inspect();
if ($result->hasError()) {
$form->addError(sprintf('%s (%s)', $form->translate('Connectivity validation failed, connection to the given resource not possible.'), $result->getError()));
}
// TODO: display diagnostics in $result->toArray() to the user
return !$result->hasError();
}
/**
* Validate the configuration by creating a backend and requesting the user count
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidUserBackend(Form $form)
{
$backend = new DbUserBackend(ResourceFactory::createResource($form->getResourceConfig()));
$result = $backend->inspect();
if ($result->hasError()) {
$form->addError(sprintf($form->translate('Using the specified backend failed: %s'), $result->getError()));
}
// TODO: display diagnostics in $result->toArray() to the user
return !$result->hasError();
}
/**
* Validate the resource configuration by trying to connect with it
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidResource(Form $form)
{
try {
$resource = ResourceFactory::createResource(new ConfigObject($form->getValues()));
$resource->getConnection()->getConnection();
} catch (Exception $e) {
$form->addError($form->translate('Connectivity validation failed, connection to the given resource not possible.'));
return false;
}
return true;
}
protected function createAccount()
{
try {
$backend = new DbUserBackend(ResourceFactory::createResource(new ConfigObject($this->data['adminAccountData']['resourceConfig'])));
if ($backend->select()->where('user_name', $this->data['adminAccountData']['username'])->count() === 0) {
$backend->insert('user', array('user_name' => $this->data['adminAccountData']['username'], 'password' => $this->data['adminAccountData']['password'], 'is_active' => true));
}
} catch (Exception $e) {
$this->dbError = $e;
return false;
}
$this->dbError = false;
return true;
}
/**
* Validate the configuration by creating a backend and requesting the user count
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidUserBackend(Form $form)
{
try {
$dbUserBackend = new DbUserBackend(ResourceFactory::createResource($form->getResourceConfig()));
if ($dbUserBackend->select()->where('is_active', true)->count() < 1) {
$form->addError($form->translate('No active users found under the specified database backend'));
return false;
}
} catch (Exception $e) {
$form->addError(sprintf($form->translate('Using the specified backend failed: %s'), $e->getMessage()));
return false;
}
return true;
}
/**
* Validate the resource configuration by trying to connect with it
*
* @param Form $form The form to fetch the configuration values from
*
* @return bool Whether validation succeeded or not
*/
public static function isValidResource(Form $form)
{
try {
$resource = ResourceFactory::createResource(new ConfigObject($form->getValues()));
$resource->bind();
} catch (Exception $e) {
$msg = $form->translate('Connectivity validation failed, connection to the given resource not possible.');
if ($error = $e->getMessage()) {
$msg .= ' (' . $error . ')';
}
$form->addError($msg);
return false;
}
return true;
}
protected function createMembership()
{
try {
$backend = new DbUserGroupBackend(ResourceFactory::createResource(new ConfigObject($this->data['resourceConfig'])));
$groupName = mt('setup', 'Administrators', 'setup.role.name');
$userName = $this->data['username'];
if ($backend->select()->from('group_membership')->where('group_name', $groupName)->where('user_name', $userName)->count() === 0) {
$backend->insert('group_membership', array('group_name' => $groupName, 'user_name' => $userName));
$this->memberError = false;
}
} catch (Exception $e) {
$this->memberError = $e;
return false;
}
return true;
}
/**
* Create a resource by using the given form's values and return its inspection results
*
* @param Form $form
*
* @return Inspection
*/
public static function inspectResource(Form $form)
{
if ($form->getValue('type') !== 'ssh') {
$resource = ResourceFactory::createResource(new ConfigObject($form->getValues()));
if ($resource instanceof Inspectable) {
return $resource->inspect();
}
}
}
/**
* Return whether a single icinga instance is writing to the given resource
*
* @param Form $form
* @param ConfigObject $resourceConfig
*
* @return bool True if it's a single instance, false if none
* or multiple instances are writing to it
*/
public static function isValidIdoInstance(Form $form, ConfigObject $resourceConfig)
{
$db = ResourceFactory::createResource($resourceConfig);
$rowCount = $db->select()->from('icinga_instances')->count();
if ($rowCount === 0) {
$form->warning($form->translate('There is currently no icinga instance writing to the IDO. Make sure ' . 'that a icinga instance is configured and able to write to the IDO.'));
return false;
} elseif ($rowCount > 1) {
$form->warning($form->translate('There is currently more than one icinga instance writing to the IDO. You\'ll see all objects from all' . ' instances without any differentation. If this is not desired, consider setting up a separate IDO' . ' for each instance.'));
return false;
}
return true;
}
/**
* Creates an array of Icinga\Data\Db\DbConnection
*
* @param string $name
*
* @return array
*/
protected function createDbConnectionFor($name)
{
try {
$conn = ResourceFactory::createResource($this->createDbConfigFor($name));
} catch (Exception $e) {
$conn = $e->getMessage();
}
return array(array($conn));
}
/**
* Create and return a user backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig = null)
{
if ($backendConfig === null) {
$authConfig = Config::app('authentication');
if ($authConfig->hasSection($name)) {
$backendConfig = $authConfig->getSection($name);
} else {
throw new ConfigurationError('User backend "%s" does not exist', $name);
}
}
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
}
if ($backendType === 'external') {
$backend = new ExternalBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
}
if ($backendConfig->resource instanceof ConfigObject) {
$resource = ResourceFactory::createResource($backendConfig->resource);
} else {
$resource = ResourceFactory::create($backendConfig->resource);
}
switch ($backendType) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'user'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
$backend->setFilter($backendConfig->filter);
break;
case 'ldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
$backend->setFilter($backendConfig->filter);
break;
}
$backend->setName($name);
return $backend;
}
public static function create($name, Zend_Config $backendConfig)
{
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (isset($backendConfig->class)) {
// Use a custom backend class, this is only useful for testing
if (!class_exists($backendConfig->class)) {
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" defines an invalid backend' . ' class. Backend class "' . $backendConfig->class . '" not found');
}
return new $backendConfig->class($backendConfig);
}
if ($name === 'autologin') {
$backend = new AutoLoginBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" is missing the resource directive');
}
if (($backendType = $backendConfig->backend) === null) {
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" is missing the backend directive');
}
try {
$resourceConfig = ResourceFactory::getResourceConfig($backendConfig->resource);
} catch (ProgrammingError $e) {
throw new ConfigurationError('Resources not set up. Please contact your Icinga Web administrator');
}
$resource = ResourceFactory::createResource($resourceConfig);
switch (strtolower($backendType)) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource, $backendConfig->get('user_class', 'user'), $backendConfig->get('user_name_attribute', 'sAMAccountName'));
break;
case 'ldap':
if (($userClass = $backendConfig->user_class) === null) {
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" is missing the user_class directive');
}
if (($userNameAttribute = $backendConfig->user_name_attribute) === null) {
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" is missing the user_name_attribute directive');
}
$backend = new LdapUserBackend($resource, $userClass, $userNameAttribute);
break;
default:
throw new ConfigurationError('Authentication configuration for backend "' . $name . '" defines an invalid backend' . ' type. Backend type "' . $backendType . '" is not supported');
}
$backend->setName($name);
return $backend;
}
/**
* Validate the ido instance availability
*
* @param Form $form
* @param ConfigObject $resourceConfig
*
* @return bool Whether validation succeeded or not
*/
public static function isValidIdoInstance(Form $form, ConfigObject $resourceConfig)
{
$resource = ResourceFactory::createResource($resourceConfig);
$result = $resource->select()->from('icinga_instances', array('instance_name'));
$instances = $result->fetchAll();
if (count($instances) === 1) {
return true;
} elseif (count($instances) > 1) {
$form->warning($form->translate('IDO instance validation failed, because there are multiple instances available.'));
return false;
}
$form->error($form->translate('IDO instance validation failed, because there is no IDO instance available.'));
return false;
}
