/**
* Initializes the object by Engine configuration.
*/
public function __construct()
{
$engine = \svnadmin\core\Engine::getInstance();
$config = $engine->getConfig();
// Subversion class for browsing.
$this->_svnClient = new \IF_SVNClientC($engine->getConfig()->getValue('Repositories:svnclient', 'SvnExecutable'));
// Load default repository location configuration.
$defaultSvnParentPath = $engine->getConfig()->getValue('Repositories:svnclient', 'SVNParentPath');
// Set as default.
$this->_config[0]['SVNParentPath'] = $defaultSvnParentPath;
$this->_config[0]['description'] = 'Repositories';
// Issue #5: Support multiple path values for SVNParentPath
// Try to load more repository locations.
$index = (int) 1;
while (true) {
$svnParentPath = $config->getValue('Repositories:svnclient:' . $index, 'SVNParentPath');
if ($svnParentPath != null) {
$this->_config[$index]['SVNParentPath'] = $svnParentPath;
} else {
break;
}
$description = $config->getValue('Repositories:svnclient:' . $index, 'Description');
if ($description != null) {
$this->_config[$index]['description'] = $description;
}
++$index;
}
}
/**
* (non-PHPdoc)
* @see svnadmin\core\interfaces.IAuthenticator::authenticate()
*/
public function authenticate($objUser, $password)
{
$E = \svnadmin\core\Engine::getInstance();
// Check for permission of current user.
// If the user shouldn't have permission, we do not need to use the
// authentication function.
if (!$E->getAclManager()->hasPermission($objUser, \ACL_MOD_BASIC, \ACL_ACTION_LOGIN)) {
return false;
}
// Correct user/pass combination?
if (!$E->getUserViewProvider()->authenticate($objUser, $password)) {
return false;
}
return true;
}
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; version 2
* of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program.
*/
if (!defined('ACTION_HANDLING')) {
die("HaHa!");
}
$engine = \svnadmin\core\Engine::getInstance();
//
// Authentication
//
if (!$engine->isProviderActive(PROVIDER_ACCESSPATH_EDIT)) {
$engine->forwardError(ERROR_INVALID_MODULE);
}
$engine->checkUserAuthentication(true, ACL_MOD_ACCESSPATH, ACL_ACTION_UNASSIGN);
//
// HTTP Request Vars
//
$selusers = get_request_var('selected_users');
$selgroups = get_request_var('selected_groups');
$selpaths = get_request_var('selected_accesspaths');
//
// Validation
/**
* (non-PHPdoc)
* @see svnadmin\core\interfaces.IPathsEditProvider::reset()
*/
public function reset()
{
$E = \svnadmin\core\Engine::getInstance();
$this->m_authfile = new \IF_SVNAuthFileC($E->getConfig()->getValue("Subversion", "SVNAuthFile"));
}
/**
* Updates the SVNAuthFile with Users and Groups from LDAP server.
*/
public function updateSvnAuthFile($autoRemoveUsers = true, $autoRemoveGroups = true)
{
$this->init();
$E = \svnadmin\core\Engine::getInstance();
// Increase max_execution_time for big LDAP structures.
$maxTime = intval(ini_get('max_execution_time'));
if ($maxTime != 0 && $maxTime < 300) {
@ini_set('max_execution_time', 300);
}
// Check connection before doing the update.
$connector = new \IF_AbstractLdapConnector();
if (!$connector->connect($this->host_address, 0, $this->host_protocol_version)) {
throw new \Exception("Can not connect.", 0);
} else {
if (!$connector->bind($this->bind_dn, $this->bind_password)) {
throw new \Exception("Can not connect. Authentication failed.");
}
}
try {
// @todo Backup file.
// Step 1
// Load the current SVNAuthFile and remove/reset all existing groups.
// Load file.
$svnAuthFilePath = $E->getConfig()->getValue("Subversion", "SVNAuthFile");
$svnAuthFile = new \IF_SVNAuthFileC($svnAuthFilePath);
$svnAuthFileOld = new \IF_SVNAuthFileC($svnAuthFilePath);
// Remove groups.
$svnAuthFileGroups = $svnAuthFile->groups();
foreach ($svnAuthFileGroups as $g) {
$svnAuthFile->deleteGroup($g);
}
// Step 2
// Get all users and groups from LDAP server.
// Users.
$users = array();
$users = $this->p_getUserEntries();
// Groups.
$groups = array();
$groups = $this->p_getGroupEntries(true);
// Step 3
// Iterate all groups which has been fetched from LDAP server
// and create them in the SVNAuthFile. Addionally associate
// all users to a group which are defined as member of a it.
//
// @todo Add the Realname or DN of a user as Alias to the SVNAuthFile.
// Property name of a Group-Entry which holds the group's name.
$gp_name = strtolower($this->groups_attributes[0]);
// Property name of a Group-Entry which holds the member-id (DN).
$gp_member_id = strtolower($this->groups_to_users_attribute);
// Property name of a User-Entry which holds the user's name.
$up_name = strtolower($this->users_attributes[0]);
// Property name of a User-Entry which holds the value which is assigned in a Group-Entry as Member-ID.
$up_id = strtolower($this->groups_to_users_attribute_value);
foreach ($groups as $g) {
if (!property_exists($g, $gp_name)) {
continue;
}
// The group-name property doesn't exist.
try {
// Create group in SVNAuthFile. (throws Exception)
$svnAuthFile->createGroup($g->{$gp_name});
} catch (\Exception $except) {
$E->addException($except);
continue;
}
// Find members.
if (!property_exists($g, $gp_member_id)) {
// No members.
// @todo Should we delete empty groups from overview?
} elseif (is_array($g->{$gp_member_id})) {
// Multiple members.
foreach ($g->{$gp_member_id} as $member_id) {
// Get name of the member.
foreach ($users as $u) {
if ($u->{$up_id} == $member_id) {
// Add user to SVNAuthFile-Group.
$svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name});
break;
}
}
}
} elseif (is_string($g->{$gp_member_id})) {
// One member.
$member_id = $g->{$gp_member_id};
// Get name of the member.
foreach ($users as $u) {
if ($u->{$up_id} == $member_id) {
// Add user to SVNAuthFile-Group.
$svnAuthFile->addUserToGroup($g->{$gp_name}, $u->{$up_name});
break;
}
}
}
}
// foreach($groups)
// Step 4
// Save new SVNAuthFile to disk.
$svnAuthFile->save();
// Step 5
// Compare with previous file to revoke AccessPath permissions of
// deleted groups and users.
//
// We need to reset the Provider object, because it holds the
// SVNAuthFile and should be reloaded, because of the cahnges
// above.
$apEditProvider = $E->getProvider(PROVIDER_ACCESSPATH_EDIT);
$apEditProvider->reset();
$removedUsers = array();
$removedGroups = array();
// Collect removed groups.
// Groups which are in the old file but not in the new one.
foreach ($svnAuthFileOld->groups() as $g) {
if (!$svnAuthFile->groupExists($g)) {
// The group $g is not in the new configuration (Removed from LDAP).
$removedGroups[] = $g;
if ($autoRemoveGroups) {
try {
$apEditProvider->removeGroupFromAllAccessPaths(new \svnadmin\core\entities\Group($g, $g));
$E->addMessage(tr("The group <b>%0</b> has been removed from LDAP. Removed all assigned permissions.", array($g)));
} catch (\Exception $e) {
$E->addException($e);
}
}
}
}
// Collect removed users and groups with direct associated
// Access-Path permissions and revoke the permissions.
foreach ($svnAuthFile->repositories() as $r) {
// Users.
foreach ($svnAuthFile->usersOfRepository($r) as $u) {
if ($u === "*") {
continue;
}
// #87 Do not check for * user in LDAP..
if (!$this->userExists(new \svnadmin\core\entities\User($u, $u))) {
// The user has direct AccessPath permissions but does
// not exist on LDAP server.
$removedUsers[] = $u;
if ($autoRemoveUsers) {
// Revoke permissions.
try {
$apEditProvider->removeUserFromAccessPath(new \svnadmin\core\entities\User($u, $u), new \svnadmin\core\entities\AccessPath($r));
$E->addMessage(tr("The user <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($u, $r)));
} catch (\Exception $e) {
$E->addException($e);
}
}
}
}
// foreach (users)
// Groups.
foreach ($svnAuthFile->groupsOfRepository($r) as $g) {
// We can check against the new SVNAuthFile, because the
// containing groups are updated from LDAP.
//if (!$this->groupExists(new \svnadmin\core\entities\Group($g, $g)))
if (!$svnAuthFile->groupExists($g)) {
$removedGroups[] = $g;
if ($autoRemoveGroups) {
// Revoke permissions.
try {
$apEditProvider->removeGroupFromAccessPath(new \svnadmin\core\entities\Group($g, $g), new \svnadmin\core\entities\AccessPath($r));
$E->addMessage(tr("The group <b>%0</b> doesn't exist anymore. Removed direct Access-Path permission to <b>%1</b>", array($g, $r)));
} catch (\Exception $e) {
$E->addException($e);
}
}
}
}
// foreach (groups)
}
// foreach (repositories)
// Save changes made to "$apEditProvider".
$apEditProvider->save();
} catch (\Exception $ex) {
throw $ex;
}
}
/**
* Constructor.
* Loads cache file.
*/
public function __construct()
{
parent::__construct();
$this->_cache = new \IF_JsonObjectStorage(\svnadmin\core\Engine::getInstance()->getConfig()->getValue('Ldap', 'CacheFile', './data/ldap.cache.json'));
}
if (!defined('ACTION_HANDLING')) {
die("HaHa!");
}
$engine = \svnadmin\core\Engine::getInstance();
//
// Authentication
//
if (!$engine->isProviderActive(PROVIDER_REPOSITORY_EDIT) || !$engine->getConfig()->getValueAsBoolean('GUI', 'RepositoryDumpEnabled', true)) {
$engine->forwardError(ERROR_INVALID_MODULE);
}
$engine->checkUserAuthentication(true, ACL_MOD_REPO, ACL_ACTION_DUMP);
//
// HTTP Request Vars
//
$varParentIdentifierEnc = get_request_var('pi');
$varRepositoryNameEnc = get_request_var('r');
$varParentIdentifier = rawurldecode($varParentIdentifierEnc);
$varRepositoryName = rawurldecode($varRepositoryNameEnc);
//
// Validation
//
if ($varParentIdentifier == NULL || $varRepositoryName == NULL) {
$engine->addException(new ValidationException(tr('You have to select at least one repository.')));
} else {
try {
$repositoryObject = new \svnadmin\core\entities\Repository($varRepositoryName, $varParentIdentifier);
$engine->getRepositoryEditProvider()->dump($repositoryObject);
} catch (Exception $e) {
\svnadmin\core\Engine::getInstance()->addException($e);
}
}
function printUsage()
{
$E = \svnadmin\core\Engine::getInstance();
$s = "Command line interface of iF.SVNAdmin\n" . "Version: " . $E->getAppVersionString() . "\n" . "Usage:\n" . "\tphp cli.php --mode [mode]\n" . "\n" . "Available modes:\n" . "\tupdate Updates all updateable data providers (e.g.: ldap).\n" . "\tlicense Prints out the license of this application.\n" . "\n" . "! Important usage notice !\n" . "Make sure that the current working directory (PWD/CWD) where the script " . "is being executed is the root of the iF.SVNAdmin application " . "(e.g.: /var/www/svnadmin/)." . "\n";
print $s;
}
