/** * (non-PHPdoc) * @see app/modules/AppKit/lib/auth/AppKitIAuthProvider#doAuthenticate() */ public function doAuthenticate(NsmUser $user, $password, $username = null, $authid = null) { $authid = $user->getAuthId(); $username = $user->user_name; $this->log('Auth.Provider.LDAP Trying authenticate (authkey=%s,user=%s)', $authid, $username, AgaviLogger::DEBUG); if ($password == '') { $this->log('Auth.Provider.LDAP Empty password given, bind aborted', AgaviLogger::DEBUG); return false; } try { // Check if user always is available $filter = $this->getSearchFilter($user->user_name); if (!$filter) { return false; } $search_record = $this->getLdaprecord($filter); if (isset($search_record['dn'])) { // Check bind $this->log('Auth.Provider.LDAP Trying bind with dn=%s', $search_record['dn'], AgaviLogger::DEBUG); $conn = $this->getLdapConnection(false); $re = @ldap_bind($conn, $search_record['dn'], $password); if ($this->isLdapError($conn) == false && $re === true && ldap_errno($conn) === 0) { $this->log('Auth.Provider.LDAP Successfull bind (dn=%s,user=%s)', $search_record['dn'], $username, AgaviLogger::DEBUG); return true; } } } catch (AgaviSecurityException $e) { // PASS } $this->log('Auth.Provider.LDAP Bind failed (authkey=%s,user=%s)', $authid, $username, AgaviLogger::WARN); return false; }
public function __construct() { if (file_exists($this->icingaWebDir . '/app/config.php')) { require $this->icingaWebDir . '/lib/agavi/src/agavi.php'; require $this->icingaWebDir . '/app/config.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Exception.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Locator/Injectable.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Access.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record/Abstract.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Record/Iterator.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Null.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Core.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Configurable.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Manager/Exception.php'; require_once $this->icingaWebDir . '/lib/doctrine/lib/Doctrine/Manager.php'; require_once $this->icingaWebDir . '/app/modules/AppKit/lib/database/models/generated/BaseNsmUser.php'; require_once $this->icingaWebDir . '/app/modules/AppKit/lib/database/models/NsmUser.php'; Agavi::bootstrap('production'); AgaviConfig::set('core.default_context', 'web'); AgaviConfig::set('core.context_implementation', 'AppKitAgaviContext'); AgaviContext::getInstance('web')->getController()->dispatch(); $icingWebUser = new NsmUser('nsm_user'); // $icingWebUser-> $icingWebUser->updatePassword($newPassword); } }
/** * Applies user principals to the cache of the model. * Public to the world for testing */ public function refreshUser() { $this->agaviUser = $this->getContext()->getUser(); if ($this->agaviUser->isAuthenticated() === true) { $this->user = $this->agaviUser->getNsmUser(); $this->principals = $this->user->getPrincipalsArray(); } }
public function extend(IcingaDoctrine_Query $query, array $params) { // target, host or service $target = $params["target"]; // alias for the table to join from $alias = $params["alias"]; $this->user = $this->getContext()->getUser()->getNsmUser(); $aliasAbbr = "cv"; $impl = ++Api_Views_Extender_CustomVariableExtenderModel::$impl; switch ($target) { case 'host': $aliasAbbr = "h_cv_{$impl}"; $target = IcingaIPrincipalConstants::TYPE_CUSTOMVAR_HOST; break; case 'service': $aliasAbbr = "s_cv_{$impl}"; $target = IcingaIPrincipalConstants::TYPE_CUSTOMVAR_SERVICE; break; } $targetVals = $this->user->getTargetValues($target, true)->toArray(); if (empty($targetVals)) { return; } $keymap = array("cv_name" => "varname", "cv_value" => "varvalue"); $pairs = array(); $CVcredentials = array(); // build correct array with the data we need foreach ($targetVals as $targetData) { if (isset($targetData["tv_pt_id"]) and isset($targetData["tv_key"])) { $tvid = $targetData["tv_pt_id"]; if ($targetData["tv_key"] == "cv_name") { $CVcredentials[$tvid]["name"] = $targetData["tv_val"]; } else { if ($targetData["tv_key"] == "cv_value") { $CVcredentials[$tvid]["value"] = $targetData["tv_val"]; } } } } // make a join for each CV permission $query->leftJoin("{$alias}.customvariables " . $aliasAbbr); // now we build the sql data foreach ($CVcredentials as $tvid => $cvdata) { // skip incomplete sets if (!isset($cvdata["name"]) || !isset($cvdata["value"])) { continue; } $pairs[] = "({$aliasAbbr}.varname LIKE '" . $cvdata["name"] . "' and {$aliasAbbr}.varvalue LIKE '" . $cvdata["value"] . "')"; } if ($target == IcingaIPrincipalConstants::TYPE_CUSTOMVAR_SERVICE) { $pairs[] = $params["alias"] . '.service_object_id IS NULL'; } $query->orWhere(join(" OR ", $pairs)); }
private function getCredentialValues($target) { if (!$this->user->hasTarget($target, true)) { return array(); } if ($target != IcingaIPrincipalConstants::TYPE_CONTACTGROUP) { return $this->user->getTargetValues($target, true)->toArray(); } $targetValue = new NsmTargetValue(); $targetValue->tv_key = 'contactname'; $targetValue->tv_val = $this->user->user_name; return array($targetValue); }
/** * Return a list of cronks defined in xml * @param boolean $all * @return array */ private function getXmlCronks($all = false) { // pull cronk xml data from the cache $cached = $this->user->getStorage()->read("icinga.cronks.cache.xml"); // get me a timestamp for our xml disk cache for cronks $configcache_ts = filemtime(AgaviConfigCache::checkConfig(AgaviConfig::get('core.config_dir') . '/cronks.xml')); // do we have any cache? if (isset($cached) and isset($cached["data"])) { // is the cached data newer than that in the xml cache on disk? if (isset($cached["timestamp"]) and $cached["timestamp"] > $configcache_ts) { // return cache return $cached["data"]; } } $out = array(); foreach (self::$xml_cronk_data as $uid => $cronk) { /* * Database credentials overwrite xml credentials */ $this->getSecurityModel()->setCronkUid($uid); if ($this->getSecurityModel()->hasDatabaseRoles()) { $cronk['groupsonly'] = $this->getSecurityModel()->getRoleNamesAsString(); } if (isset($cronk['groupsonly']) && $this->checkGroups($cronk['groupsonly']) !== true && $this->agaviUser->hasCredential('icinga.cronk.admin') === false) { continue; } elseif (isset($cronk['principalsonly']) && $this->checkPrincipals($cronk['principalsonly']) !== true) { continue; } elseif (isset($cronk['disabled']) && $cronk['disabled'] == true) { continue; } elseif (!isset($cronk['action']) || !isset($cronk['module'])) { $this->getContext()->getLoggerManager()->log('No action or module for cronk: ' . $uid, AgaviLogger::ERROR); continue; } $out[$uid] = array('cronkid' => $uid, 'module' => $cronk['module'], 'action' => $cronk['action'], 'hide' => isset($cronk['hide']) ? (bool) $cronk['hide'] : false, 'description' => isset($cronk['description']) ? $cronk['description'] : null, 'name' => isset($cronk['name']) ? $cronk['name'] : null, 'categories' => isset($cronk['categories']) ? $cronk['categories'] : null, 'image' => isset($cronk['image']) ? $cronk['image'] : self::DEFAULT_CRONK_IMAGE, 'disabled' => isset($cronk['disabled']) ? (bool) $cronk['disabled'] : false, 'groupsonly' => isset($cronk['groupsonly']) ? $cronk['groupsonly'] : null, 'state' => isset($cronk['state']) ? $cronk['state'] : null, 'ae:parameter' => isset($cronk['ae:parameter']) ? $cronk['ae:parameter'] : null, 'system' => true, 'owner' => false, 'position' => isset($cronk['position']) ? $cronk['position'] : 0, 'owner_name' => self::DEFAULT_CRONK_OWNER, 'owner_id' => self::DEFAULT_CRONK_OWNERID); } // write data to the cache, with a timestamp $this->user->getStorage()->write("icinga.cronks.cache.xml", array("timestamp" => time(), "data" => $out)); return $out; }
private function importUser($username) { $this->log('Auth.Dispatch: User %s not found, try to import', $username, AgaviLogger::DEBUG); $padmin = $this->getContext()->getModel('PrincipalAdmin', 'AppKit'); foreach ($this->provider_keys as $pid) { $provider = $this->getProvider($pid); if ($provider->canCreateProfile()) { $this->log('Auth.Dispatch/import: %s will provide the user profile', $provider->getProviderName(), AgaviLogger::DEBUG); try { $data = $provider->getUserdata($username, false); if (is_array($data)) { $user = new NsmUser(); $user->fromArray($data, false); // Write a random password. // @todo Change this to let providers can do that later $user->generateRandomPassword(); $groups = $provider->getDefaultGroups(); if (is_array($groups)) { foreach ($groups as $group_name) { $group = Doctrine::getTable('NsmRole')->findOneBy('role_name', $group_name); if ($group instanceof NsmRole) { $user->NsmRole[] = $group; } else { $this->log('Auth.Dispatch/import: Could not assign group %s', $group_name, AgaviLogger::WARN); } } } if (count($user->NsmRole) > 0) { $user->save(); $user->refresh(true); } else { $this->log('Auth.Dispatch/import: No groups available for user, ABORT!', AgaviLogger::FATAL); return null; } $padmin->updatePrincipalValueData($user->principal, array(), array()); $user->save(); $this->log('Auth.Dispatch/import: user %s successfully imported (user_id=%d, provider=%s)', $username, $user->user_id, $provider->getProviderName(), AgaviLogger::DEBUG); return $user; } } catch (AgaviSecurityException $e) { $this->log('Auth.Dispatch/import: Import failed (provider=%s,msg=%s)', $provider->getProviderName(), $e->getMessage(), AgaviLogger::ERROR); } catch (Exception $e) { $this->log('Auth.Dispatch/import failed: Import failed: (provider=%s, msg=%s)', $provider->getProviderName(), $e->getMessage(), AgaviLogger::ERROR); } } } }
/** * Updates the user password, this is only a smart reference * @param $user * @param $user_password * @return unknown_type * @throws AppKitException * @author Marius Hein */ public function updateUserPassword(NsmUser &$user, $user_password) { AppKitRandomUtil::initRand(); $user->updatePassword($user_password); $user->save(); return true; }
/** * Adding credential from database to the rbac user * @param NsmUser $user */ private function getCredentialsFromDB(NsmUser &$user) { foreach ($user->NsmRole as $role) { $this->roles[] = $role; $next = $role; $this->addCredentialsFromRole($role); while ($next->hasParent()) { $next = $next->getParent(); $this->addCredentialsFromRole($next); $this->roles[] = $next; } } foreach ($user->getTargets("credential") as $credential) { $this->addCredential($credential->get("target_name")); } }
public function getPreferences($shortenBlob = false, $ignoreDefaults = false) { if (!empty(self::$cachedPreferences)) { $res = self::$cachedPreferences; } else { $res = AppKitDoctrineUtil::createQuery()->select('p.upref_val, p.upref_key, p.upref_longval')->from('NsmUserPreference p INDEXBY p.upref_key')->where('p.upref_user_id=?', array($this->user_id))->execute(array(), Doctrine::HYDRATE_ARRAY); self::$cachedPreferences = $res; } $out = array(); foreach ($res as $key => $d) { $out[$key] = $d['upref_longval'] ? $shortenBlob ? 'BLOB' : $d['upref_longval'] : $d['upref_val']; } // Adding defaults if (!$ignoreDefaults) { foreach (AgaviConfig::get('modules.appkit.user_preferences_default', array()) as $k => $v) { if (!array_key_exists($k, $out)) { $out[$k] = $v; } } } return $out; }