コード例 #1
0
 /**
  * Update the Start of Authority record. This should be called on
  * the change of any object in the domain
  *
  * @return bool
  */
 function updateSOA()
 {
     global $wgAuth;
     $domain = array();
     $domain['soarecord'] = OpenStackNovaDomain::generateSOA();
     $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->domainDN, $domain);
     if ($success) {
         $wgAuth->printDebug("Successfully modified soarecord for " . $this->domainDN, NONSENSITIVE);
         $this->fetchDomainInfo();
         return true;
     } else {
         $wgAuth->printDebug("Failed to modify soarecord for " . $this->domainDN, NONSENSITIVE);
         return false;
     }
 }
コード例 #2
0
	/**
	 * Modify a new sudoer based on users, hosts, commands, and options.
	 *
	 * @param  $users
	 * @param  $hosts
	 * @param  $commands
	 * @param  $options
	 * @return boolean
	 */
	function modifySudoer( $users, $hosts, $commands, $options ) {
		global $wgAuth;

		$sudoer = array();
		foreach ( $users as $user ) {
			$sudoer['sudouser'][] = $user;
		}
		foreach ( $hosts as $host ) {
			$sudoer['sudohost'][] = $host;
		}
		foreach ( $commands as $command ) {
			$sudoer['sudocommand'][] = $command;
		}
		foreach ( $options as $option ) {
			$sudoer['sudooption'][] = $option;
		}

		$success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->sudoerDN, $sudoer );
		if ( $success ) {
			$wgAuth->printDebug( "Successfully modified sudoer $this->sudoerDN", NONSENSITIVE );
			return true;
		} else {
			$wgAuth->printDebug( "Failed to modify sudoer $this->sudoerDN", NONSENSITIVE );
			return false;
		}
	}
 /**
  * Add a member to this project based on username
  *
  * @param $username string
  * @return bool
  */
 function addMember($username)
 {
     global $wgAuth;
     $members = array();
     if (isset($this->projectGroupInfo[0]['member'])) {
         $members = $this->projectGroupInfo[0]['member'];
         array_shift($members);
     }
     $user = new OpenStackNovaUser($username);
     if (!$user->userDN) {
         $wgAuth->printDebug("Failed to find userDN in addMember", NONSENSITIVE);
         return false;
     }
     $members[] = $user->userDN;
     $values = array();
     $values['member'] = $members;
     $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->projectGroupDN, $values);
     if ($success) {
         $this->fetchProjectGroupInfo(true);
         $wgAuth->printDebug("Successfully added {$user->userDN} to {$this->projectGroupDN}", NONSENSITIVE);
         return true;
     } else {
         $wgAuth->printDebug("Failed to add {$user->userDN} to {$this->projectGroupDN}: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE);
         return false;
     }
 }
 function deleteUser($username)
 {
     global $wgAuth;
     global $wgMemc;
     if (isset($this->sudoerInfo[0]['sudouser'])) {
         $sudousers = $this->sudoerInfo[0]['sudouser'];
         array_shift($sudousers);
         $index = array_search($username, $sudousers);
         if ($index === false) {
             $wgAuth->printDebug("Failed to find userDN in sudouser list", NONSENSITIVE);
             return false;
         }
         unset($sudousers[$index]);
         $values = array();
         $values['sudouser'] = array();
         foreach ($sudousers as $sudouser) {
             $values['sudouser'][] = $sudouser;
         }
         $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->sudoerDN, $values);
         if ($success) {
             $key = wfMemcKey('openstackmanager', 'sudoerinfo', $this->project->getProjectName() . $this->sudoername);
             $wgMemc->delete($key);
             return true;
         }
     }
     return false;
 }
コード例 #5
0
 /**
  * Update user information in LDAP
  * Return true if successful.
  *
  * @param User $user
  * @return bool
  */
 public function updateExternalDB($user)
 {
     global $wgMemc;
     $this->printDebug("Entering updateExternalDB", NONSENSITIVE);
     if (!$this->getConf('UpdateLDAP') || $this->getSessionDomain() == 'local') {
         $this->printDebug("Either the user is using a local domain, or the wiki isn't allowing updates", NONSENSITIVE);
         // We don't handle local preferences, but we don't want the
         // wiki to return an error.
         return true;
     }
     $writer = $this->getConf('WriterDN');
     if (!$writer) {
         $this->printDebug("The wiki doesn't have wgLDAPWriterDN set", NONSENSITIVE);
         // We can't modify LDAP preferences if we don't have a user
         // capable of editing LDAP attributes.
         return false;
     }
     $this->email = $user->getEmail();
     $this->realname = $user->getRealName();
     $this->nickname = $user->getOption('nickname');
     $this->lang = $user->getOption('language');
     if ($this->connect()) {
         $this->userdn = $this->getSearchString($user->getName());
         $this->printDebug("Binding as the writerDN", NONSENSITIVE);
         $bind = $this->bindAs($writer, $this->getConf('WriterPassword'));
         if (!$bind) {
             return false;
         }
         $values = array();
         if (is_string($this->email)) {
             $values["mail"] = $this->email;
         }
         if (is_string($this->nickname)) {
             $values["displayname"] = $this->nickname;
         }
         if (is_string($this->realname)) {
             $values["cn"] = $this->realname;
         }
         if (is_string($this->lang)) {
             $values["preferredlanguage"] = $this->lang;
         }
         if (count($values) && LdapAuthenticationPlugin::ldap_modify($this->ldapconn, $this->userdn, $values)) {
             // We changed the user, we need to invalidate the memcache key
             $key = wfMemcKey('ldapauthentication', 'userinfo', $this->userdn);
             $wgMemc->delete($key);
             $this->printDebug("Successfully modified the user's attributes", NONSENSITIVE);
             LdapAuthenticationPlugin::ldap_unbind($this->ldapconn);
             return true;
         }
         $this->printDebug("Failed to modify the user's attributes", NONSENSITIVE);
         LdapAuthenticationPlugin::ldap_unbind($this->ldapconn);
     }
     return false;
 }
コード例 #6
0
	/**
	 * Hook to add objectclasses and attributes for users that already exist, but have
	 * missing information.
	 *
	 * @static
	 * @param  $auth
	 * @return bool
	 */
	static function LDAPSetNovaInfo( $auth ) {
		global $wgMemc;

		OpenStackNovaLdapConnection::connect();
		$result = LdapAuthenticationPlugin::ldap_read( $auth->ldapconn, $auth->userInfo[0]['dn'], '(objectclass=*)', array( 'secretkey', 'accesskey', 'objectclass' ) );
		$userInfo = LdapAuthenticationPlugin::ldap_get_entries( $auth->ldapconn, $result );
		if ( !isset( $userInfo[0]['accesskey'] ) or !isset( $userInfo[0]['secretkey'] ) ) {
			$objectclasses = $userInfo[0]['objectclass'];
			# First entry is a count
			array_shift( $objectclasses );
			if ( !in_array( 'novauser', $objectclasses ) ) {
				$values['objectclass'] = array();
				# ldap_modify for objectclasses requires the array indexes be sequential.
				# It is stupid, yes.
				foreach ( $objectclasses as $objectclass ) {
					$values['objectclass'][] = $objectclass;
				}
				$values['objectclass'][] = 'novauser';
			}
			$values['accesskey'] = OpenStackNovaUser::uuid4();
			$values['secretkey'] = OpenStackNovaUser::uuid4();
			$values['isnovaadmin'] = 'FALSE';

			$success = LdapAuthenticationPlugin::ldap_modify( $auth->ldapconn, $auth->userdn, $values );
			if ( $success ) {
				$key = wfMemcKey( 'ldapauthentication', 'userinfo', $auth->userdn );
				$wgMemc->delete( $key );
				$auth->printDebug( "Successfully modified the user's nova attributes", NONSENSITIVE );
				return true;
			} else {
				$auth->printDebug( "Failed to modify the user's nova attributes.", NONSENSITIVE );
				# Always return true, other hooks should still run, even if this fails
				return true;
			}
		} else {
			$auth->printDebug( "User has accesskey and secretkey set.", NONSENSITIVE );
			return true;
		}
	}
 /**
  * @param  $key
  * @return bool
  */
 function deleteKeypair($key)
 {
     global $wgAuth;
     global $wgMemc;
     if (isset($this->userInfo[0]['sshpublickey'])) {
         $keypairs = $this->userInfo[0]['sshpublickey'];
         array_shift($keypairs);
         $index = array_search($key, $keypairs);
         if ($index === false) {
             $wgAuth->printDebug("Unable to find the sshpublickey to be deleted", NONSENSITIVE);
             return false;
         }
         unset($keypairs[$index]);
         $values = array();
         $values['sshpublickey'] = array();
         foreach ($keypairs as $keypair) {
             $values['sshpublickey'][] = $keypair;
         }
         $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->userDN, $values);
         if ($success) {
             $wgAuth->printDebug("Successfully deleted the user's sshpublickey", NONSENSITIVE);
             $key = wfMemcKey('ldapauthentication', "userinfo", $this->userDN);
             $wgAuth->printDebug("Deleting memcache key: {$key}.", NONSENSITIVE);
             $wgMemc->delete($key);
             $this->fetchUserInfo();
             return true;
         } else {
             $wgAuth->printDebug("Failed to delete the user's sshpublickey", NONSENSITIVE);
             return false;
         }
     } else {
         $wgAuth->printDebug("User does not have a sshpublickey attribute", NONSENSITIVE);
         return false;
     }
 }
 /**
  * Replace all arecords on this host with $ip.
  *
  * @param  $ip
  * @return bool
  */
 function setARecord($ip)
 {
     global $wgAuth;
     $values = array('arecord' => array($ip));
     $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->hostDN, $values);
     if ($success) {
         $wgAuth->printDebug("Successfully set {$ip} on {$this->hostDN}", NONSENSITIVE);
         $this->getDomain()->updateSOA();
         $this->fetchHostInfo();
         return true;
     } else {
         $wgAuth->printDebug("Failed to set {$ip} on {$this->hostDN}", NONSENSITIVE);
         return false;
     }
 }
 /**
  * Update puppet classes and variables for this host.
  *
  * @param  $puppetinfo
  * @return bool
  */
 function modifyPuppetConfiguration($puppetinfo)
 {
     global $wgAuth;
     global $wgOpenStackManagerPuppetOptions;
     $hostEntry = array();
     if ($wgOpenStackManagerPuppetOptions['enabled']) {
         if (isset($puppetinfo['classes'])) {
             foreach ($puppetinfo['classes'] as $class) {
                 $hostEntry['puppetclass'][] = $class;
             }
         }
         if (isset($puppetinfo['variables'])) {
             foreach ($puppetinfo['variables'] as $variable => $value) {
                 $hostEntry['puppetvar'][] = $variable . '=' . $value;
             }
         }
         $oldpuppetinfo = $this->getPuppetConfiguration();
         if (isset($oldpuppetinfo['puppetvar'])) {
             $wgAuth->printDebug("Checking for preexisting variables", NONSENSITIVE);
             foreach ($oldpuppetinfo['puppetvar'] as $variable => $value) {
                 $wgAuth->printDebug("Found {$variable}", NONSENSITIVE);
                 if ($variable === "instanceproject" || $variable === "instancename") {
                     $hostEntry['puppetvar'][] = $variable . '=' . $value;
                 }
             }
         }
         if ($hostEntry) {
             $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->hostDN, $hostEntry);
             if ($success) {
                 $this->fetchHostInfo();
                 $wgAuth->printDebug("Successfully modified puppet configuration for host", NONSENSITIVE);
                 return true;
             } else {
                 $wgAuth->printDebug("Failed to modify puppet configuration for host", NONSENSITIVE);
                 return false;
             }
         } else {
             $wgAuth->printDebug("No hostEntry when trying to modify puppet configuration", NONSENSITIVE);
             return false;
         }
     }
     return false;
 }
 /**
  * Add a member to this project based on username
  *
  * @param $username string
  * @return bool
  */
 function addMember($username)
 {
     global $wgAuth;
     global $wgMemc;
     $key = wfMemcKey('openstackmanager', 'projectuidsandmembers', $this->projectname);
     $wgMemc->delete($key);
     $members = array();
     if (isset($this->projectInfo[0]['member'])) {
         $members = $this->projectInfo[0]['member'];
         array_shift($members);
     }
     $user = new OpenStackNovaUser($username);
     if (!$user->userDN) {
         $wgAuth->printDebug("Failed to find userDN in addMember", NONSENSITIVE);
         return false;
     }
     $members[] = $user->userDN;
     $values = array();
     $values['member'] = $members;
     $success = LdapAuthenticationPlugin::ldap_modify($wgAuth->ldapconn, $this->projectDN, $values);
     if ($success) {
         // If we successfully added the member to this Project, then
         // also add the member to the corresponding ProjectGroup.
         $this->projectGroup->addMember($username);
         $this->fetchProjectInfo(true);
         $wgAuth->printDebug("Successfully added {$user->userDN} to {$this->projectDN}", NONSENSITIVE);
         $this->editArticle();
         return true;
     } else {
         $wgAuth->printDebug("Failed to add {$user->userDN} to {$this->projectDN}: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE);
         return false;
     }
 }