/** * Create and return a user backend with the given name and given configuration applied to it * * @param string $name * @param ConfigObject $backendConfig * * @return UserBackendInterface * * @throws ConfigurationError */ public static function create($name, ConfigObject $backendConfig = null) { if ($backendConfig === null) { self::assertBackendsExist(); if (self::$backends->hasSection($name)) { $backendConfig = self::$backends->getSection($name); } else { throw new ConfigurationError('User backend "%s" does not exist', $name); } } if ($backendConfig->name !== null) { $name = $backendConfig->name; } if (!($backendType = strtolower($backendConfig->backend))) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name); } if ($backendType === 'external') { $backend = new ExternalBackend($backendConfig); $backend->setName($name); return $backend; } if (in_array($backendType, static::$defaultBackends)) { // The default backend check is the first one because of performance reasons: // Do not attempt to load a custom user backend unless it's actually required } elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) { $backend = new $customClass($backendConfig); if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) { throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass); } $backend->setName($name); return $backend; } else { throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType); } if ($backendConfig->resource === null) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name); } $resource = ResourceFactory::create($backendConfig->resource); switch ($backendType) { case 'db': $backend = new DbUserBackend($resource); break; case 'msldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'user')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName')); $backend->setFilter($backendConfig->filter); break; case 'ldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid')); $backend->setFilter($backendConfig->filter); break; } $backend->setName($name); return $backend; }
/** * Set up logger * * @return $this */ protected function setupLogger() { if ($this->config->hasSection('logging')) { $loggingConfig = $this->config->getSection('logging'); try { Logger::create($loggingConfig); } catch (ConfigurationError $e) { Logger::getInstance()->registerConfigError($e->getMessage()); try { Logger::getInstance()->setLevel($loggingConfig->get('level', Logger::ERROR)); } catch (ConfigurationError $e) { Logger::getInstance()->registerConfigError($e->getMessage()); } } } return $this; }
/** * Update the target with the given data and optionally limit the affected entries by using a filter * * @param string $target * @param array $data * @param Filter $filter * * @throws StatementException In case the operation has failed */ public function update($target, array $data, Filter $filter = null) { $newData = $this->requireStatementColumns($target, $data); $keyColumn = $this->ds->getConfigObject()->getKeyColumn(); if ($filter === null && isset($newData[$keyColumn])) { throw new StatementException(t('Cannot update. Column "%s" holds a section\'s name which must be unique'), $keyColumn); } if ($filter !== null) { $filter = $this->requireFilter($target, $filter); } $newSection = null; foreach (iterator_to_array($this->ds) as $section => $config) { if ($filter !== null && !$filter->matches($config)) { continue; } if ($newSection !== null) { throw new StatementException(t('Cannot update. Column "%s" holds a section\'s name which must be unique'), $keyColumn); } foreach ($newData as $column => $value) { if ($column === $keyColumn) { $newSection = $value; } else { $config->{$column} = $value; } } if ($newSection) { if ($this->ds->hasSection($newSection)) { throw new StatementException(t('Cannot update. Section "%s" does already exist'), $newSection); } $this->ds->removeSection($section)->setSection($newSection, $config); } else { $this->ds->setSection($section, $config); } } try { $this->ds->saveIni(); } catch (Exception $e) { throw new StatementException(t('Failed to update. An error occurred: %s'), $e->getMessage()); } }
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig) { // TODO: Provide a more sophisticated solution if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) { unset($config['owner']); if (isset($this->accessibleMenuItems[$config['parent']])) { return $this->accessibleMenuItems[$config['parent']]; } $parentConfig = $navConfig->getSection($config['parent']); $this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig); return $this->accessibleMenuItems[$config['parent']]; } if (isset($config['users'])) { $users = array_map('trim', explode(',', strtolower($config['users']))); if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } if (isset($config['groups'])) { $groups = array_map('trim', explode(',', strtolower($config['groups']))); if (in_array('*', $groups, true)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } $userGroups = array_map('strtolower', $this->user->getGroups()); $matches = array_intersect($userGroups, $groups); if (!empty($matches)) { unset($config['owner']); unset($config['users']); unset($config['groups']); return true; } } return false; }
/** * Search for deleted properties and use the editor to delete these entries * * @param Config $oldconfig The config representing the state before the change * @param Config $newconfig The config representing the state after the change * @param Document $doc * * @throws ProgrammingError */ protected function diffPropertyDeletions(Config $oldconfig, Config $newconfig, Document $doc) { // Iterate over all properties in the old configuration file and remove those that don't // exist in the new config foreach ($oldconfig->toArray() as $section => $directives) { if (!is_array($directives)) { Logger::warning('Section-less property ' . (string) $directives . ' was ignored.'); continue; } if ($newconfig->hasSection($section)) { $newSection = $newconfig->getSection($section); $oldDomSection = $doc->getSection($section); foreach ($directives as $key => $value) { if ($value instanceof ConfigObject) { throw new ProgrammingError('Cannot diff recursive configs'); } if (null === $newSection->get($key) && $oldDomSection->hasDirective($key)) { $oldDomSection->removeDirective($key); } } } else { $doc->removeSection($section); } } }
/** * @depends testWhetherConfigSetsSingleSections */ public function testWhetherConfigKnowsWhichSectionsItHas() { $config = new Config(); $config->setSection('a'); $this->assertTrue($config->hasSection('a'), 'Config::hasSection does not know anything about its sections'); $this->assertFalse($config->hasSection('b'), 'Config::hasSection does not know anything about its sections'); }