/**
  * Initializes the object by Engine configuration.
  */
 public function __construct()
 {
     $engine = \svnadmin\core\Engine::getInstance();
     $config = $engine->getConfig();
     // Subversion class for browsing.
     $this->_svnClient = new \IF_SVNClientC($engine->getConfig()->getValue('Repositories:svnclient', 'SvnExecutable'));
     // Load default repository location configuration.
     $defaultSvnParentPath = $engine->getConfig()->getValue('Repositories:svnclient', 'SVNParentPath');
     // Set as default.
     $this->_config[0]['SVNParentPath'] = $defaultSvnParentPath;
     $this->_config[0]['description'] = 'Repositories';
     // Issue #5: Support multiple path values for SVNParentPath
     // Try to load more repository locations.
     $index = (int) 1;
     while (true) {
         $svnParentPath = $config->getValue('Repositories:svnclient:' . $index, 'SVNParentPath');
         if ($svnParentPath != null) {
             $this->_config[$index]['SVNParentPath'] = $svnParentPath;
         } else {
             break;
         }
         $description = $config->getValue('Repositories:svnclient:' . $index, 'Description');
         if ($description != null) {
             $this->_config[$index]['description'] = $description;
         }
         ++$index;
     }
 }
 /**
  * (non-PHPdoc)
  * @see svnadmin\core\interfaces.IAuthenticator::authenticate()
  */
 public function authenticate($objUser, $password)
 {
     $E = \svnadmin\core\Engine::getInstance();
     // Check for permission of current user.
     // If the user shouldn't have permission, we do not need to use the
     // authentication function.
     if (!$E->getAclManager()->hasPermission($objUser, \ACL_MOD_BASIC, \ACL_ACTION_LOGIN)) {
         return false;
     }
     // Correct user/pass combination?
     if (!$E->getUserViewProvider()->authenticate($objUser, $password)) {
         return false;
     }
     return true;
 }
Esempio n. 3
0
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; version 2
 * of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.
 */
if (!defined('ACTION_HANDLING')) {
    die("HaHa!");
}
$engine = \svnadmin\core\Engine::getInstance();
//
// Authentication
//
if (!$engine->isProviderActive(PROVIDER_ACCESSPATH_EDIT)) {
    $engine->forwardError(ERROR_INVALID_MODULE);
}
$engine->checkUserAuthentication(true, ACL_MOD_ACCESSPATH, ACL_ACTION_UNASSIGN);
//
// HTTP Request Vars
//
$selusers = get_request_var('selected_users');
$selgroups = get_request_var('selected_groups');
$selpaths = get_request_var('selected_accesspaths');
//
// Validation
 /**
  * (non-PHPdoc)
  * @see svnadmin\core\interfaces.IPathsEditProvider::reset()
  */
 public function reset()
 {
     $E = \svnadmin\core\Engine::getInstance();
     $this->m_authfile = new \IF_SVNAuthFileC($E->getConfig()->getValue("Subversion", "SVNAuthFile"));
 }
 /**
  * Updates the SVNAuthFile with Users and Groups from LDAP server.
  */
 public function updateSvnAuthFile($autoRemoveUsers = true, $autoRemoveGroups = true)
 {
     $this->init();
     $E = \svnadmin\core\Engine::getInstance();
     // Increase max_execution_time for big LDAP structures.
     $maxTime = intval(ini_get('max_execution_time'));
     if ($maxTime != 0 && $maxTime < 300) {
         @ini_set('max_execution_time', 300);
     }
     // Check connection before doing the update.
     $connector = new \IF_AbstractLdapConnector();
     if (!$connector->connect($this->host_address, 0, $this->host_protocol_version)) {
         throw new \Exception("Can not connect.", 0);
     } else {
         if (!$connector->bind($this->bind_dn, $this->bind_password)) {
             throw new \Exception("Can not connect. Authentication failed.");
         }
     }
     try {
         // @todo Backup file.
         // Step 1
         // Load the current SVNAuthFile and remove/reset all existing groups.
         // Load file.
         $svnAuthFilePath = $E->getConfig()->getValue("Subversion", "SVNAuthFile");
         $svnAuthFile = new \IF_SVNAuthFileC($svnAuthFilePath);
         $svnAuthFileOld = new \IF_SVNAuthFileC($svnAuthFilePath);
         // Remove groups.
         $svnAuthFileGroups = $svnAuthFile->groups();
         foreach ($svnAuthFileGroups as $g) {
             $svnAuthFile->deleteGroup($g);
         }
         // Step 2
         // Get all users and groups from LDAP server.
         // Users.
         $users = array();
         $users = $this->p_getUserEntries();
         // Groups.
         $groups = array();
         $groups = $this->p_getGroupEntries(true);
         // Step 3
         // Iterate all groups which has been fetched from LDAP server
         // and create them in the SVNAuthFile. Addionally associate
         // all users to a group which are defined as member of a it.
         //
         // @todo Add the Realname or DN of a user as Alias to the SVNAuthFile.
         // Property name of a Group-Entry which holds the group's name.
         $gp_name = strtolower($this->groups_attributes[0]);
         // Property name of a Group-Entry which holds the member-id (DN).
         $gp_member_id = strtolower($this->groups_to_users_attribute);
         // Property name of a User-Entry which holds the user's name.
         $up_name = strtolower($this->users_attributes[0]);
         // Property name of a User-Entry which holds the value which is assigned in a Group-Entry as Member-ID.
         $up_id = strtolower($this->groups_to_users_attribute_value);
         foreach ($groups as $g) {
             if (!property_exists($g, $gp_name)) {
                 continue;
             }
             // The group-name property doesn't exist.
             try {
                 // Create group in SVNAuthFile. (throws Exception)
                 $svnAuthFile->createGroup($g->{$gp_name});
             } catch (\Exception $except) {
                 $E->addException($except);
                 continue;
             }
             // Find members.
             if (!property_exists($g, $gp_member_id)) {
                 // No members.
                 // @todo Should we delete empty groups from overview?
             } elseif (is_array($g->{$gp_member_id})) {
                 // Multiple members.
                 foreach ($g->{$gp_member_id} as $member_id) {
                     // Get name of the member.
                     foreach ($users as $u) {
                         if ($u->{$up_id} == $member_id) {
                             // Add user to SVNAuthFile-Group.
                             $svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name});
                             break;
                         }
                     }
                 }
             } elseif (is_string($g->{$gp_member_id})) {
                 // One member.
                 $member_id = $g->{$gp_member_id};
                 // Get name of the member.
                 foreach ($users as $u) {
                     if ($u->{$up_id} == $member_id) {
                         // Add user to SVNAuthFile-Group.
                         $svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name});
                         break;
                     }
                 }
             }
         }
         // foreach($groups)
         // Step 4
         // Save new SVNAuthFile to disk.
         $svnAuthFile->save();
         // Step 5
         // Compare with previous file to revoke AccessPath permissions of
         // deleted groups and users.
         //
         // We need to reset the Provider object, because it holds the
         // SVNAuthFile and should be reloaded, because of the cahnges
         // above.
         $apEditProvider = $E->getProvider(PROVIDER_ACCESSPATH_EDIT);
         $apEditProvider->reset();
         $removedUsers = array();
         $removedGroups = array();
         // Collect removed groups.
         // Groups which are in the old file but not in the new one.
         foreach ($svnAuthFileOld->groups() as $g) {
             if (!$svnAuthFile->groupExists($g)) {
                 // The group $g is not in the new configuration (Removed from LDAP).
                 $removedGroups[] = $g;
                 if ($autoRemoveGroups) {
                     try {
                         $apEditProvider->removeGroupFromAllAccessPaths(new \svnadmin\core\entities\Group($g, $g));
                         $E->addMessage(tr("The group <b>%0</b> has been removed from LDAP. Removed all assigned permissions.", array($g)));
                     } catch (\Exception $e) {
                         $E->addException($e);
                     }
                 }
             }
         }
         // Collect removed users and groups with direct associated
         // Access-Path permissions and revoke the permissions.
         foreach ($svnAuthFile->repositories() as $r) {
             // Users.
             foreach ($svnAuthFile->usersOfRepository($r) as $u) {
                 if ($u === "*") {
                     continue;
                 }
                 // #87 Do not check for * user in LDAP..
                 if (!$this->userExists(new \svnadmin\core\entities\User($u, $u))) {
                     // The user has direct AccessPath permissions but does
                     // not exist on LDAP server.
                     $removedUsers[] = $u;
                     if ($autoRemoveUsers) {
                         // Revoke permissions.
                         try {
                             $apEditProvider->removeUserFromAccessPath(new \svnadmin\core\entities\User($u, $u), new \svnadmin\core\entities\AccessPath($r));
                             $E->addMessage(tr("The user <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($u, $r)));
                         } catch (\Exception $e) {
                             $E->addException($e);
                         }
                     }
                 }
             }
             // foreach (users)
             // Groups.
             foreach ($svnAuthFile->groupsOfRepository($r) as $g) {
                 // We can check against the new SVNAuthFile, because the
                 // containing groups are updated from LDAP.
                 //if (!$this->groupExists(new \svnadmin\core\entities\Group($g, $g)))
                 if (!$svnAuthFile->groupExists($g)) {
                     $removedGroups[] = $g;
                     if ($autoRemoveGroups) {
                         // Revoke permissions.
                         try {
                             $apEditProvider->removeGroupFromAccessPath(new \svnadmin\core\entities\Group($g, $g), new \svnadmin\core\entities\AccessPath($r));
                             $E->addMessage(tr("The group <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($g, $r)));
                         } catch (\Exception $e) {
                             $E->addException($e);
                         }
                     }
                 }
             }
             // foreach (groups)
         }
         // foreach (repositories)
         // Save changes made to "$apEditProvider".
         $apEditProvider->save();
     } catch (\Exception $ex) {
         throw $ex;
     }
 }
 /**
  * Constructor.
  * Loads cache file.
  */
 public function __construct()
 {
     parent::__construct();
     $this->_cache = new \IF_JsonObjectStorage(\svnadmin\core\Engine::getInstance()->getConfig()->getValue('Ldap', 'CacheFile', './data/ldap.cache.json'));
 }
Esempio n. 7
0
if (!defined('ACTION_HANDLING')) {
    die("HaHa!");
}
$engine = \svnadmin\core\Engine::getInstance();
//
// Authentication
//
if (!$engine->isProviderActive(PROVIDER_REPOSITORY_EDIT) || !$engine->getConfig()->getValueAsBoolean('GUI', 'RepositoryDumpEnabled', true)) {
    $engine->forwardError(ERROR_INVALID_MODULE);
}
$engine->checkUserAuthentication(true, ACL_MOD_REPO, ACL_ACTION_DUMP);
//
// HTTP Request Vars
//
$varParentIdentifierEnc = get_request_var('pi');
$varRepositoryNameEnc = get_request_var('r');
$varParentIdentifier = rawurldecode($varParentIdentifierEnc);
$varRepositoryName = rawurldecode($varRepositoryNameEnc);
//
// Validation
//
if ($varParentIdentifier == NULL || $varRepositoryName == NULL) {
    $engine->addException(new ValidationException(tr('You have to select at least one repository.')));
} else {
    try {
        $repositoryObject = new \svnadmin\core\entities\Repository($varRepositoryName, $varParentIdentifier);
        $engine->getRepositoryEditProvider()->dump($repositoryObject);
    } catch (Exception $e) {
        \svnadmin\core\Engine::getInstance()->addException($e);
    }
}
Esempio n. 8
0
function printUsage()
{
    $E = \svnadmin\core\Engine::getInstance();
    $s = "Command line interface of iF.SVNAdmin\n" . "Version: " . $E->getAppVersionString() . "\n" . "Usage:\n" . "\tphp cli.php --mode [mode]\n" . "\n" . "Available modes:\n" . "\tupdate                Updates all updateable data providers (e.g.: ldap).\n" . "\tlicense               Prints out the license of this application.\n" . "\n" . "! Important usage notice !\n" . "Make sure that the current working directory (PWD/CWD) where the script " . "is being executed is the root of the iF.SVNAdmin application " . "(e.g.: /var/www/svnadmin/)." . "\n";
    print $s;
}