/**
* Create and return a user backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig = null)
{
if ($backendConfig === null) {
self::assertBackendsExist();
if (self::$backends->hasSection($name)) {
$backendConfig = self::$backends->getSection($name);
} else {
throw new ConfigurationError('User backend "%s" does not exist', $name);
}
}
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
}
if ($backendType === 'external') {
$backend = new ExternalBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
}
$resource = ResourceFactory::create($backendConfig->resource);
switch ($backendType) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'user'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
$backend->setFilter($backendConfig->filter);
break;
case 'ldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
$backend->setFilter($backendConfig->filter);
break;
}
$backend->setName($name);
return $backend;
}
/**
* Set up logger
*
* @return $this
*/
protected function setupLogger()
{
if ($this->config->hasSection('logging')) {
$loggingConfig = $this->config->getSection('logging');
try {
Logger::create($loggingConfig);
} catch (ConfigurationError $e) {
Logger::getInstance()->registerConfigError($e->getMessage());
try {
Logger::getInstance()->setLevel($loggingConfig->get('level', Logger::ERROR));
} catch (ConfigurationError $e) {
Logger::getInstance()->registerConfigError($e->getMessage());
}
}
}
return $this;
}
/**
* Update the target with the given data and optionally limit the affected entries by using a filter
*
* @param string $target
* @param array $data
* @param Filter $filter
*
* @throws StatementException In case the operation has failed
*/
public function update($target, array $data, Filter $filter = null)
{
$newData = $this->requireStatementColumns($target, $data);
$keyColumn = $this->ds->getConfigObject()->getKeyColumn();
if ($filter === null && isset($newData[$keyColumn])) {
throw new StatementException(t('Cannot update. Column "%s" holds a section\'s name which must be unique'), $keyColumn);
}
if ($filter !== null) {
$filter = $this->requireFilter($target, $filter);
}
$newSection = null;
foreach (iterator_to_array($this->ds) as $section => $config) {
if ($filter !== null && !$filter->matches($config)) {
continue;
}
if ($newSection !== null) {
throw new StatementException(t('Cannot update. Column "%s" holds a section\'s name which must be unique'), $keyColumn);
}
foreach ($newData as $column => $value) {
if ($column === $keyColumn) {
$newSection = $value;
} else {
$config->{$column} = $value;
}
}
if ($newSection) {
if ($this->ds->hasSection($newSection)) {
throw new StatementException(t('Cannot update. Section "%s" does already exist'), $newSection);
}
$this->ds->removeSection($section)->setSection($newSection, $config);
} else {
$this->ds->setSection($section, $config);
}
}
try {
$this->ds->saveIni();
} catch (Exception $e) {
throw new StatementException(t('Failed to update. An error occurred: %s'), $e->getMessage());
}
}
private function hasAccessToSharedNavigationItem(&$config, Config $navConfig)
{
// TODO: Provide a more sophisticated solution
if (isset($config['owner']) && strtolower($config['owner']) === strtolower($this->user->getUsername())) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
if (isset($config['parent']) && $navConfig->hasSection($config['parent'])) {
unset($config['owner']);
if (isset($this->accessibleMenuItems[$config['parent']])) {
return $this->accessibleMenuItems[$config['parent']];
}
$parentConfig = $navConfig->getSection($config['parent']);
$this->accessibleMenuItems[$config['parent']] = $this->hasAccessToSharedNavigationItem($parentConfig, $navConfig);
return $this->accessibleMenuItems[$config['parent']];
}
if (isset($config['users'])) {
$users = array_map('trim', explode(',', strtolower($config['users'])));
if (in_array('*', $users, true) || in_array(strtolower($this->user->getUsername()), $users, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
if (isset($config['groups'])) {
$groups = array_map('trim', explode(',', strtolower($config['groups'])));
if (in_array('*', $groups, true)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
$userGroups = array_map('strtolower', $this->user->getGroups());
$matches = array_intersect($userGroups, $groups);
if (!empty($matches)) {
unset($config['owner']);
unset($config['users']);
unset($config['groups']);
return true;
}
}
return false;
}
/**
* Search for deleted properties and use the editor to delete these entries
*
* @param Config $oldconfig The config representing the state before the change
* @param Config $newconfig The config representing the state after the change
* @param Document $doc
*
* @throws ProgrammingError
*/
protected function diffPropertyDeletions(Config $oldconfig, Config $newconfig, Document $doc)
{
// Iterate over all properties in the old configuration file and remove those that don't
// exist in the new config
foreach ($oldconfig->toArray() as $section => $directives) {
if (!is_array($directives)) {
Logger::warning('Section-less property ' . (string) $directives . ' was ignored.');
continue;
}
if ($newconfig->hasSection($section)) {
$newSection = $newconfig->getSection($section);
$oldDomSection = $doc->getSection($section);
foreach ($directives as $key => $value) {
if ($value instanceof ConfigObject) {
throw new ProgrammingError('Cannot diff recursive configs');
}
if (null === $newSection->get($key) && $oldDomSection->hasDirective($key)) {
$oldDomSection->removeDirective($key);
}
}
} else {
$doc->removeSection($section);
}
}
}
/**
* @depends testWhetherConfigSetsSingleSections
*/
public function testWhetherConfigKnowsWhichSectionsItHas()
{
$config = new Config();
$config->setSection('a');
$this->assertTrue($config->hasSection('a'), 'Config::hasSection does not know anything about its sections');
$this->assertFalse($config->hasSection('b'), 'Config::hasSection does not know anything about its sections');
}