/**
* (non-PHPdoc)
* @see app/modules/AppKit/lib/auth/AppKitIAuthProvider#doAuthenticate()
*/
public function doAuthenticate(NsmUser $user, $password, $username = null, $authid = null)
{
$authid = $user->getAuthId();
$username = $user->user_name;
$this->log('Auth.Provider.LDAP Trying authenticate (authkey=%s,user=%s)', $authid, $username, AgaviLogger::DEBUG);
if ($password == '') {
$this->log('Auth.Provider.LDAP Empty password given, bind aborted', AgaviLogger::DEBUG);
return false;
}
try {
// Check if user always is available
$filter = $this->getSearchFilter($user->user_name);
if (!$filter) {
return false;
}
$search_record = $this->getLdaprecord($filter);
if (isset($search_record['dn'])) {
// Check bind
$this->log('Auth.Provider.LDAP Trying bind with dn=%s', $search_record['dn'], AgaviLogger::DEBUG);
$conn = $this->getLdapConnection(false);
$re = @ldap_bind($conn, $search_record['dn'], $password);
if ($this->isLdapError($conn) == false && $re === true && ldap_errno($conn) === 0) {
$this->log('Auth.Provider.LDAP Successfull bind (dn=%s,user=%s)', $search_record['dn'], $username, AgaviLogger::DEBUG);
return true;
}
}
} catch (AgaviSecurityException $e) {
// PASS
}
$this->log('Auth.Provider.LDAP Bind failed (authkey=%s,user=%s)', $authid, $username, AgaviLogger::WARN);
return false;
}
public function __construct()
{
if (file_exists($this->icingaWebDir . '/app/config.php')) {
require $this->icingaWebDir . '/lib/agavi/src/agavi.php';
require $this->icingaWebDir . '/app/config.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Exception.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Locator/Injectable.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Access.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record/Abstract.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record/Iterator.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Null.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Core.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Configurable.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Manager/Exception.php';
require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Manager.php';
require_once $this->icingaWebDir . '/app/modules/AppKit/lib/database/models/generated/BaseNsmUser.php';
require_once $this->icingaWebDir . '/app/modules/AppKit/lib/database/models/NsmUser.php';
Agavi::bootstrap('production');
AgaviConfig::set('core.default_context', 'web');
AgaviConfig::set('core.context_implementation', 'AppKitAgaviContext');
AgaviContext::getInstance('web')->getController()->dispatch();
$icingWebUser = new NsmUser('nsm_user');
// $icingWebUser->
$icingWebUser->updatePassword($newPassword);
}
}
/**
* Applies user principals to the cache of the model.
* Public to the world for testing
*/
public function refreshUser()
{
$this->agaviUser = $this->getContext()->getUser();
if ($this->agaviUser->isAuthenticated() === true) {
$this->user = $this->agaviUser->getNsmUser();
$this->principals = $this->user->getPrincipalsArray();
}
}
public function extend(IcingaDoctrine_Query $query, array $params)
{
// target, host or service
$target = $params["target"];
// alias for the table to join from
$alias = $params["alias"];
$this->user = $this->getContext()->getUser()->getNsmUser();
$aliasAbbr = "cv";
$impl = ++Api_Views_Extender_CustomVariableExtenderModel::$impl;
switch ($target) {
case 'host':
$aliasAbbr = "h_cv_{$impl}";
$target = IcingaIPrincipalConstants::TYPE_CUSTOMVAR_HOST;
break;
case 'service':
$aliasAbbr = "s_cv_{$impl}";
$target = IcingaIPrincipalConstants::TYPE_CUSTOMVAR_SERVICE;
break;
}
$targetVals = $this->user->getTargetValues($target, true)->toArray();
if (empty($targetVals)) {
return;
}
$keymap = array("cv_name" => "varname", "cv_value" => "varvalue");
$pairs = array();
$CVcredentials = array();
// build correct array with the data we need
foreach ($targetVals as $targetData) {
if (isset($targetData["tv_pt_id"]) and isset($targetData["tv_key"])) {
$tvid = $targetData["tv_pt_id"];
if ($targetData["tv_key"] == "cv_name") {
$CVcredentials[$tvid]["name"] = $targetData["tv_val"];
} else {
if ($targetData["tv_key"] == "cv_value") {
$CVcredentials[$tvid]["value"] = $targetData["tv_val"];
}
}
}
}
// make a join for each CV permission
$query->leftJoin("{$alias}.customvariables " . $aliasAbbr);
// now we build the sql data
foreach ($CVcredentials as $tvid => $cvdata) {
// skip incomplete sets
if (!isset($cvdata["name"]) || !isset($cvdata["value"])) {
continue;
}
$pairs[] = "({$aliasAbbr}.varname LIKE '" . $cvdata["name"] . "' and {$aliasAbbr}.varvalue LIKE '" . $cvdata["value"] . "')";
}
if ($target == IcingaIPrincipalConstants::TYPE_CUSTOMVAR_SERVICE) {
$pairs[] = $params["alias"] . '.service_object_id IS NULL';
}
$query->orWhere(join(" OR ", $pairs));
}
private function getCredentialValues($target)
{
if (!$this->user->hasTarget($target, true)) {
return array();
}
if ($target != IcingaIPrincipalConstants::TYPE_CONTACTGROUP) {
return $this->user->getTargetValues($target, true)->toArray();
}
$targetValue = new NsmTargetValue();
$targetValue->tv_key = 'contactname';
$targetValue->tv_val = $this->user->user_name;
return array($targetValue);
}
/**
* Return a list of cronks defined in xml
* @param boolean $all
* @return array
*/
private function getXmlCronks($all = false)
{
// pull cronk xml data from the cache
$cached = $this->user->getStorage()->read("icinga.cronks.cache.xml");
// get me a timestamp for our xml disk cache for cronks
$configcache_ts = filemtime(AgaviConfigCache::checkConfig(AgaviConfig::get('core.config_dir') . '/cronks.xml'));
// do we have any cache?
if (isset($cached) and isset($cached["data"])) {
// is the cached data newer than that in the xml cache on disk?
if (isset($cached["timestamp"]) and $cached["timestamp"] > $configcache_ts) {
// return cache
return $cached["data"];
}
}
$out = array();
foreach (self::$xml_cronk_data as $uid => $cronk) {
/*
* Database credentials overwrite xml credentials
*/
$this->getSecurityModel()->setCronkUid($uid);
if ($this->getSecurityModel()->hasDatabaseRoles()) {
$cronk['groupsonly'] = $this->getSecurityModel()->getRoleNamesAsString();
}
if (isset($cronk['groupsonly']) && $this->checkGroups($cronk['groupsonly']) !== true && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) {
continue;
} elseif (isset($cronk['principalsonly']) && $this->checkPrincipals($cronk['principalsonly']) !== true) {
continue;
} elseif (isset($cronk['disabled']) && $cronk['disabled'] == true) {
continue;
} elseif (!isset($cronk['action']) || !isset($cronk['module'])) {
$this->getContext()->getLoggerManager()->log('No action or module for cronk: ' . $uid, AgaviLogger::ERROR);
continue;
}
$out[$uid] = array('cronkid' => $uid, 'module' => $cronk['module'], 'action' => $cronk['action'], 'hide' => isset($cronk['hide']) ? (bool) $cronk['hide'] : false, 'description' => isset($cronk['description']) ? $cronk['description'] : null, 'name' => isset($cronk['name']) ? $cronk['name'] : null, 'categories' => isset($cronk['categories']) ? $cronk['categories'] : null, 'image' => isset($cronk['image']) ? $cronk['image'] : self::DEFAULT_CRONK_IMAGE, 'disabled' => isset($cronk['disabled']) ? (bool) $cronk['disabled'] : false, 'groupsonly' => isset($cronk['groupsonly']) ? $cronk['groupsonly'] : null, 'state' => isset($cronk['state']) ? $cronk['state'] : null, 'ae:parameter' => isset($cronk['ae:parameter']) ? $cronk['ae:parameter'] : null, 'system' => true, 'owner' => false, 'position' => isset($cronk['position']) ? $cronk['position'] : 0, 'owner_name' => self::DEFAULT_CRONK_OWNER, 'owner_id' => self::DEFAULT_CRONK_OWNERID);
}
// write data to the cache, with a timestamp
$this->user->getStorage()->write("icinga.cronks.cache.xml", array("timestamp" => time(), "data" => $out));
return $out;
}
private function importUser($username)
{
$this->log('Auth.Dispatch: User %s not found, try to import', $username, AgaviLogger::DEBUG);
$padmin = $this->getContext()->getModel('PrincipalAdmin', 'AppKit');
foreach ($this->provider_keys as $pid) {
$provider = $this->getProvider($pid);
if ($provider->canCreateProfile()) {
$this->log('Auth.Dispatch/import: %s will provide the user profile', $provider->getProviderName(), AgaviLogger::DEBUG);
try {
$data = $provider->getUserdata($username, false);
if (is_array($data)) {
$user = new NsmUser();
$user->fromArray($data, false);
// Write a random password.
// @todo Change this to let providers can do that later
$user->generateRandomPassword();
$groups = $provider->getDefaultGroups();
if (is_array($groups)) {
foreach ($groups as $group_name) {
$group = Doctrine::getTable('NsmRole')->findOneBy('role_name', $group_name);
if ($group instanceof NsmRole) {
$user->NsmRole[] = $group;
} else {
$this->log('Auth.Dispatch/import: Could not assign group %s', $group_name, AgaviLogger::WARN);
}
}
}
if (count($user->NsmRole) > 0) {
$user->save();
$user->refresh(true);
} else {
$this->log('Auth.Dispatch/import: No groups available for user, ABORT!', AgaviLogger::FATAL);
return null;
}
$padmin->updatePrincipalValueData($user->principal, array(), array());
$user->save();
$this->log('Auth.Dispatch/import: user %s successfully imported (user_id=%d, provider=%s)', $username, $user->user_id, $provider->getProviderName(), AgaviLogger::DEBUG);
return $user;
}
} catch (AgaviSecurityException $e) {
$this->log('Auth.Dispatch/import: Import failed (provider=%s,msg=%s)', $provider->getProviderName(), $e->getMessage(), AgaviLogger::ERROR);
} catch (Exception $e) {
$this->log('Auth.Dispatch/import failed: Import failed: (provider=%s, msg=%s)', $provider->getProviderName(), $e->getMessage(), AgaviLogger::ERROR);
}
}
}
}
/**
* Updates the user password, this is only a smart reference
* @param $user
* @param $user_password
* @return unknown_type
* @throws AppKitException
* @author Marius Hein
*/
public function updateUserPassword(NsmUser &$user, $user_password)
{
AppKitRandomUtil::initRand();
$user->updatePassword($user_password);
$user->save();
return true;
}
/**
* Adding credential from database to the rbac user
* @param NsmUser $user
*/
private function getCredentialsFromDB(NsmUser &$user)
{
foreach ($user->NsmRole as $role) {
$this->roles[] = $role;
$next = $role;
$this->addCredentialsFromRole($role);
while ($next->hasParent()) {
$next = $next->getParent();
$this->addCredentialsFromRole($next);
$this->roles[] = $next;
}
}
foreach ($user->getTargets("credential") as $credential) {
$this->addCredential($credential->get("target_name"));
}
}
public function getPreferences($shortenBlob = false, $ignoreDefaults = false)
{
if (!empty(self::$cachedPreferences)) {
$res = self::$cachedPreferences;
} else {
$res = AppKitDoctrineUtil::createQuery()->select('p.upref_val, p.upref_key, p.upref_longval')->from('NsmUserPreference p INDEXBY p.upref_key')->where('p.upref_user_id=?', array($this->user_id))->execute(array(), Doctrine::HYDRATE_ARRAY);
self::$cachedPreferences = $res;
}
$out = array();
foreach ($res as $key => $d) {
$out[$key] = $d['upref_longval'] ? $shortenBlob ? 'BLOB' : $d['upref_longval'] : $d['upref_val'];
}
// Adding defaults
if (!$ignoreDefaults) {
foreach (AgaviConfig::get('modules.appkit.user_preferences_default', array()) as $k => $v) {
if (!array_key_exists($k, $out)) {
$out[$k] = $v;
}
}
}
return $out;
}