Пример #1
0
 /**
  * @see Form::createElements()
  */
 public function createElements(array $formData)
 {
     if (isset($formData['type']) && $formData['type'] === 'external') {
         list($username, $_) = ExternalBackend::getRemoteUserInformation();
         if ($username === null) {
             $this->info($this->translate('You\'re currently not authenticated using any of the web server\'s authentication ' . 'mechanisms. Make sure you\'ll configure such, otherwise you\'ll not be able to ' . 'log into Icinga Web 2.'), false);
         }
     }
     $backendTypes = array();
     if (Platform::hasMysqlSupport() || Platform::hasPostgresqlSupport()) {
         $backendTypes['db'] = $this->translate('Database');
     }
     if (Platform::extensionLoaded('ldap')) {
         $backendTypes['ldap'] = 'LDAP';
     }
     $backendTypes['external'] = $this->translate('External');
     $this->addElement('select', 'type', array('required' => true, 'autosubmit' => true, 'label' => $this->translate('Authentication Type'), 'description' => $this->translate('The type of authentication to use when accessing Icinga Web 2'), 'multiOptions' => $backendTypes));
 }
Пример #2
0
 /**
  * Create and return a user backend with the given name and given configuration applied to it
  *
  * @param   string          $name
  * @param   ConfigObject    $backendConfig
  *
  * @return  UserBackendInterface
  *
  * @throws  ConfigurationError
  */
 public static function create($name, ConfigObject $backendConfig = null)
 {
     if ($backendConfig === null) {
         self::assertBackendsExist();
         if (self::$backends->hasSection($name)) {
             $backendConfig = self::$backends->getSection($name);
         } else {
             throw new ConfigurationError('User backend "%s" does not exist', $name);
         }
     }
     if ($backendConfig->name !== null) {
         $name = $backendConfig->name;
     }
     if (!($backendType = strtolower($backendConfig->backend))) {
         throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
     }
     if ($backendType === 'external') {
         $backend = new ExternalBackend($backendConfig);
         $backend->setName($name);
         return $backend;
     }
     if (in_array($backendType, static::$defaultBackends)) {
         // The default backend check is the first one because of performance reasons:
         // Do not attempt to load a custom user backend unless it's actually required
     } elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
         $backend = new $customClass($backendConfig);
         if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
             throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
         }
         $backend->setName($name);
         return $backend;
     } else {
         throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
     }
     if ($backendConfig->resource === null) {
         throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
     }
     $resource = ResourceFactory::create($backendConfig->resource);
     switch ($backendType) {
         case 'db':
             $backend = new DbUserBackend($resource);
             break;
         case 'msldap':
             $backend = new LdapUserBackend($resource);
             $backend->setBaseDn($backendConfig->base_dn);
             $backend->setUserClass($backendConfig->get('user_class', 'user'));
             $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
             $backend->setFilter($backendConfig->filter);
             break;
         case 'ldap':
             $backend = new LdapUserBackend($resource);
             $backend->setBaseDn($backendConfig->base_dn);
             $backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
             $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
             $backend->setFilter($backendConfig->filter);
             break;
     }
     $backend->setName($name);
     return $backend;
 }
Пример #3
0
 /**
  * Try to authenticate the user with the current session
  *
  * Authentication for externally-authenticated users will be revoked if the username changed or external
  * authentication is no longer in effect
  */
 public function authenticateFromSession()
 {
     $this->user = Session::getSession()->get('user');
     if ($this->user !== null && $this->user->isExternalUser()) {
         list($originUsername, $field) = $this->user->getExternalUserInformation();
         $username = ExternalBackend::getRemoteUser($field);
         if ($username === null || $username !== $originUsername) {
             $this->removeAuthorization();
         }
     }
 }
Пример #4
0
 /**
  * Return the name of the externally authenticated user
  *
  * @return  string
  */
 protected function getUsername()
 {
     list($name, $_) = ExternalBackend::getRemoteUserInformation();
     if ($name === null) {
         return '';
     }
     if (isset($this->backendConfig['strip_username_regexp']) && $this->backendConfig['strip_username_regexp']) {
         // No need to silence or log anything here because the pattern has
         // already been successfully compiled during backend configuration
         $name = preg_replace($this->backendConfig['strip_username_regexp'], '', $name);
     }
     return $name;
 }