/**
* Add an lower priority filter expression to be applied on this query
*
* The syntax of the expression and valid parameters are to be defined by the concrete
* backend-specific query implementation.
*
* @param string $expression Implementation specific search expression
* @param mixed $parameters Implementation specific search value to use for query placeholders
* @return self Fluent interface
*/
public function orWhere($expression, $parameters = null)
{
$node = $this->parseFilterExpression($expression, $parameters);
if ($node === null) {
Logger::debug('Ignoring invalid filter expression: %s (params: %s)', $expression, $parameters);
return $this;
}
$this->filter->insert(Node::createOrNode());
$this->filter->insert($node);
return $this;
}
/**
* Detect installed modules from every path provided in modulePaths
*
* @return self
*/
public function detectInstalledModules()
{
foreach ($this->modulePaths as $basedir) {
$canonical = realpath($basedir);
if ($canonical === false) {
Logger::warning('Module path "%s" does not exist', $basedir);
continue;
}
if (!is_dir($canonical)) {
Logger::error('Module path "%s" is not a directory', $canonical);
continue;
}
if (!is_readable($canonical)) {
Logger::error('Module path "%s" is not readable', $canonical);
continue;
}
if (($dh = opendir($canonical)) !== false) {
while (($file = readdir($dh)) !== false) {
if ($file[0] === '.') {
continue;
}
if (is_dir($canonical . '/' . $file)) {
if (!array_key_exists($file, $this->installedBaseDirs)) {
$this->installedBaseDirs[$file] = $canonical . '/' . $file;
} else {
Logger::debug('Module "%s" already exists in installation path "%s" and is ignored.', $canonical . '/' . $file, $this->installedBaseDirs[$file]);
}
}
}
closedir($dh);
}
}
ksort($this->installedBaseDirs);
return $this;
}
/**
* Write the given external command to the command pipe
*
* @param string $command
*
* @throws RuntimeException When the command could not be sent to the remote Icinga host
* @see Transport::send()
*/
public function send($command)
{
$retCode = 0;
$output = array();
Logger::debug('Icinga instance is on different host, attempting to send command %s via ssh to %s:%s/%s', $command, $this->host, $this->port, $this->path);
$hostConnector = $this->user ? $this->user . "@" . $this->host : $this->host;
$command = escapeshellarg('[' . time() . '] ' . $command);
$sshCommand = sprintf('ssh -o BatchMode=yes -o KbdInteractiveAuthentication=no %s -p %d' . ' "echo %s > %s" 2>&1', $hostConnector, $this->port, $command, $this->path);
exec($sshCommand, $output, $retCode);
Logger::debug("Command '%s' exited with %d: %s", $sshCommand, $retCode, $output);
if ($retCode != 0) {
$msg = 'Could not send command to remote Icinga host: ' . implode(PHP_EOL, $output) . " (returncode {$retCode})";
Logger::error($msg);
throw new RuntimeException($msg);
}
}
/**
* Remove session cookies
*/
private function clearCookies()
{
if (ini_get('session.use_cookies')) {
Logger::debug('Clear session cookie');
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
}
protected function prepareNewConnection()
{
$use_tls = false;
$force_tls = true;
$force_tls = false;
if ($use_tls) {
$this->prepareTlsEnvironment();
}
$ds = ldap_connect($this->hostname, $this->port);
$cap = $this->discoverCapabilities($ds);
$this->capabilities = $cap;
if ($use_tls) {
if ($cap->starttls) {
if (@ldap_start_tls($ds)) {
Logger::debug('LDAP STARTTLS succeeded');
} else {
Logger::debug('LDAP STARTTLS failed: %s', ldap_error($ds));
throw new \Exception(sprintf('LDAP STARTTLS failed: %s', ldap_error($ds)));
}
} elseif ($force_tls) {
throw new \Exception(sprintf('TLS is required but not announced by %s', $this->host_name));
} else {
// TODO: Log noticy -> TLS enabled but not announced
}
}
// ldap_rename requires LDAPv3:
if ($cap->ldapv3) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
throw new Exception('LDAPv3 is required');
}
} else {
// TODO: remove this -> FORCING v3 for now
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
Logger::warning('No LDAPv3 support detected');
}
// Not setting this results in "Operations error" on AD when using the
// whole domain as search base:
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
// ldap_set_option($ds, LDAP_OPT_DEREF, LDAP_DEREF_NEVER);
return $ds;
}
/**
* Create or return an instance of a given hook
*
* TODO: Should return some kind of a hook interface
*
* @param string $name One of the predefined hook names
* @param string $key The identifier of a specific subtype
*
* @return mixed
*/
public static function createInstance($name, $key)
{
if (!self::has($name, $key)) {
return null;
}
if (isset(self::$instances[$name][$key])) {
return self::$instances[$name][$key];
}
$class = self::$hooks[$name][$key];
try {
$instance = new $class();
} catch (Exception $e) {
Logger::debug('Hook "%s" (%s) (%s) failed, will be unloaded: %s', $name, $key, $class, $e->getMessage());
// TODO: Persist unloading for "some time" or "current session"
unset(self::$hooks[$name][$key]);
return null;
}
self::assertValidHook($instance, $name);
self::$instances[$name][$key] = $instance;
return $instance;
}
