/**
* Get the configuration for a specific resource
*
* @param $resourceName String The resource's name
*
* @return ConfigObject The configuration of the resource
*
* @throws ConfigurationError
*/
public static function getResourceConfig($resourceName)
{
self::assertResourcesExist();
$resourceConfig = self::$resources->getSection($resourceName);
if ($resourceConfig->isEmpty()) {
throw new ConfigurationError('Cannot load resource config "%s". Resource does not exist', $resourceName);
}
return $resourceConfig;
}
/**
* @depends testWhetherConfigReturnsSingleSections
*/
public function testWhetherConfigSetsSingleSections()
{
$config = new Config();
$config->setSection('a', array('b' => 'c'));
$this->assertInstanceOf('Icinga\\Data\\ConfigObject', $config->getSection('a'), 'Config::setSection does not set a new section');
$config->setSection('a', array('bb' => 'cc'));
$this->assertNull($config->getSection('a')->b, 'Config::setSection does not overwrite existing sections');
$this->assertEquals('cc', $config->getSection('a')->bb, 'Config::setSection does not overwrite existing sections');
}
/**
* Create and return a user backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig = null)
{
if ($backendConfig === null) {
self::assertBackendsExist();
if (self::$backends->hasSection($name)) {
$backendConfig = self::$backends->getSection($name);
} else {
throw new ConfigurationError('User backend "%s" does not exist', $name);
}
}
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
}
if ($backendType === 'external') {
$backend = new ExternalBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
}
$resource = ResourceFactory::create($backendConfig->resource);
switch ($backendType) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'user'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
$backend->setFilter($backendConfig->filter);
break;
case 'ldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
$backend->setFilter($backendConfig->filter);
break;
}
$backend->setName($name);
return $backend;
}
/**
* Unshare the given navigation item
*
* @param string $name
* @param string $parent
*
* @return Config The new config of the given navigation item
*
* @throws NotFoundError In case no navigation item with the given name is found
* @throws IcingaException In case the navigation item has a parent assigned to it
*/
public function unshare($name, $parent = null)
{
$config = $this->getShareConfig();
if (!$config->hasSection($name)) {
throw new NotFoundError('No navigation item called "%s" found', $name);
}
$itemConfig = $config->getSection($name);
if ($parent === null) {
$parent = $itemConfig->parent;
}
if ($parent && $this->hasBeenShared($parent)) {
throw new IcingaException($this->translate('Unable to unshare navigation item "%s". It is dependent from item "%s".' . ' Dependent items can only be unshared by unsharing their parent'), $name, $parent);
}
$children = $this->getFlattenedChildren($name);
$config->removeSection($name);
$this->secondaryConfig = $config;
if (!$itemConfig->owner || $itemConfig->owner === $this->getUser()->getUsername()) {
$config = $this->getUserConfig();
} else {
$config = Config::navigation($itemConfig->type, $itemConfig->owner);
}
foreach ($children as $child) {
$childConfig = $this->secondaryConfig->getSection($child);
unset($childConfig->owner);
$this->secondaryConfig->removeSection($child);
$config->setSection($child, $childConfig);
}
unset($itemConfig->owner);
unset($itemConfig->users);
unset($itemConfig->groups);
$config->setSection($name, $itemConfig);
$this->setIniConfig($config);
return $config;
}
/**
* {@inheritdoc}
*/
protected function writeConfig(Config $config)
{
// TODO: Remove this once #11743 is fixed
$section = $config->getSection('elasticsearch');
foreach ($section->toArray() as $key => $value) {
if ($value === null) {
unset($section->{$key});
}
}
parent::writeConfig($config);
}
public function setAuthenticated(User $user, $persist = true)
{
$username = $user->getUsername();
try {
$config = Config::app();
} catch (NotReadableError $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$config = new Config();
}
if ($config->get('preferences', 'store', 'ini') !== 'none') {
$preferencesConfig = $config->getSection('preferences');
try {
$preferencesStore = PreferencesStore::create($preferencesConfig, $user);
$preferences = new Preferences($preferencesStore->load());
} catch (Exception $e) {
Logger::error(new IcingaException('Cannot load preferences for user "%s". An exception was thrown: %s', $username, $e));
$preferences = new Preferences();
}
} else {
$preferences = new Preferences();
}
$user->setPreferences($preferences);
$groups = $user->getGroups();
foreach (Config::app('groups') as $name => $config) {
try {
$groupBackend = UserGroupBackend::create($name, $config);
$groupsFromBackend = $groupBackend->getMemberships($user);
} catch (Exception $e) {
Logger::error('Can\'t get group memberships for user \'%s\' from backend \'%s\'. An exception was thrown: %s', $username, $name, $e);
continue;
}
if (empty($groupsFromBackend)) {
continue;
}
$groupsFromBackend = array_values($groupsFromBackend);
$groups = array_merge($groups, array_combine($groupsFromBackend, $groupsFromBackend));
}
$user->setGroups($groups);
$admissionLoader = new AdmissionLoader();
list($permissions, $restrictions) = $admissionLoader->getPermissionsAndRestrictions($user);
$user->setPermissions($permissions);
$user->setRestrictions($restrictions);
$this->user = $user;
if ($persist) {
$this->persistCurrentUser();
}
}
/**
* Set up logger
*
* @return $this
*/
protected function setupLogger()
{
if ($this->config->hasSection('logging')) {
$loggingConfig = $this->config->getSection('logging');
try {
Logger::create($loggingConfig);
} catch (ConfigurationError $e) {
Logger::getInstance()->registerConfigError($e->getMessage());
try {
Logger::getInstance()->setLevel($loggingConfig->get('level', Logger::ERROR));
} catch (ConfigurationError $e) {
Logger::getInstance()->registerConfigError($e->getMessage());
}
}
}
return $this;
}
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig)
{
// TODO: Provide a more sophisticated solution
if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) {
unset($config['owner']);
if (isset($this->accessibleMenuItems[$config['parent']])) {
return $this->accessibleMenuItems[$config['parent']];
}
$parentConfig = $navConfig->getSection($config['parent']);
$this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig);
return $this->accessibleMenuItems[$config['parent']];
}
if (isset($config['users'])) {
$users = array_map('trim', explode(',', strtolower($config['users'])));
if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
if (isset($config['groups'])) {
$groups = array_map('trim', explode(',', strtolower($config['groups'])));
if (in_array('*', $groups, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
$userGroups = array_map('strtolower', $this->user->getGroups());
$matches = array_intersect($userGroups, $groups);
if (!empty($matches)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
return false;
}
/**
* Search for deleted properties and use the editor to delete these entries
*
* @param Config $oldconfig The config representing the state before the change
* @param Config $newconfig The config representing the state after the change
* @param Document $doc
*
* @throws ProgrammingError
*/
protected function diffPropertyDeletions(Config $oldconfig, Config $newconfig, Document $doc)
{
// Iterate over all properties in the old configuration file and remove those that don't
// exist in the new config
foreach ($oldconfig->toArray() as $section => $directives) {
if (!is_array($directives)) {
Logger::warning('Section-less property ' . (string) $directives . ' was ignored.');
continue;
}
if ($newconfig->hasSection($section)) {
$newSection = $newconfig->getSection($section);
$oldDomSection = $doc->getSection($section);
foreach ($directives as $key => $value) {
if ($value instanceof ConfigObject) {
throw new ProgrammingError('Cannot diff recursive configs');
}
if (null === $newSection->get($key) && $oldDomSection->hasDirective($key)) {
$oldDomSection->removeDirective($key);
}
}
} else {
$doc->removeSection($section);
}
}
}
