/** * My account */ public function indexAction() { $config = Config::app()->getSection('global'); $user = $this->Auth()->getUser(); if ($user->getAdditional('backend_type') === 'db') { try { $userBackend = UserBackend::create($user->getAdditional('backend_name')); } catch (ConfigurationError $e) { $userBackend = null; } if ($userBackend !== null) { $changePasswordForm = new ChangePasswordForm(); $changePasswordForm->setBackend($userBackend)->handleRequest(); $this->view->changePasswordForm = $changePasswordForm; } } $form = new PreferenceForm(); $form->setPreferences($user->getPreferences()); if ($config->get('config_backend', 'ini') !== 'none') { $form->setStore(PreferencesStore::create(new ConfigObject(array('store' => $config->get('config_backend', 'ini'), 'resource' => $config->config_resource)), $user)); } $form->handleRequest(); $this->view->form = $form; $this->getTabs()->activate('account'); }
/** * Create and add elements to this form * * @param array $formData */ public function createElements(array $formData) { $resourceNames = $this->getLdapResourceNames(); $this->addElement('select', 'resource', array('required' => true, 'autosubmit' => true, 'label' => $this->translate('LDAP Connection'), 'description' => $this->translate('The LDAP connection to use for this backend.'), 'multiOptions' => array_combine($resourceNames, $resourceNames))); $resource = ResourceFactory::create(isset($formData['resource']) && in_array($formData['resource'], $resourceNames) ? $formData['resource'] : $resourceNames[0]); $userBackends = array('none' => $this->translate('None', 'usergroupbackend.ldap.user_backend')); $userBackendNames = $this->getLdapUserBackendNames($resource); if (!empty($userBackendNames)) { $userBackends = array_merge($userBackends, array_combine($userBackendNames, $userBackendNames)); } $this->addElement('select', 'user_backend', array('required' => true, 'autosubmit' => true, 'label' => $this->translate('User Backend'), 'description' => $this->translate('The user backend to link with this user group backend.'), 'multiOptions' => $userBackends)); $groupBackend = new LdapUserGroupBackend($resource); if ($formData['type'] === 'ldap') { $defaults = $groupBackend->getOpenLdapDefaults(); $groupConfigDisabled = $userConfigDisabled = null; // MUST BE null, do NOT change this to false! } else { // $formData['type'] === 'msldap' $defaults = $groupBackend->getActiveDirectoryDefaults(); $groupConfigDisabled = $userConfigDisabled = true; } $dnDisabled = null; // MUST BE null if (isset($formData['user_backend']) && $formData['user_backend'] !== 'none') { $userBackend = UserBackend::create($formData['user_backend']); $defaults->merge(array('user_base_dn' => $userBackend->getBaseDn(), 'user_class' => $userBackend->getUserClass(), 'user_name_attribute' => $userBackend->getUserNameAttribute(), 'user_filter' => $userBackend->getFilter())); $userConfigDisabled = $dnDisabled = true; } $this->createGroupConfigElements($defaults, $groupConfigDisabled); $this->createUserConfigElements($defaults, $userConfigDisabled, $dnDisabled); }
/** * Validate the configuration by creating a backend and requesting the user count * * @param Form $form The form to fetch the configuration values from * * @return bool Whether validation succeeded or not */ public static function isValidUserBackend(Form $form) { try { $ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues())); $ldapUserBackend->assertAuthenticationPossible(); } catch (AuthenticationException $e) { if (($previous = $e->getPrevious()) !== null) { $form->addError($previous->getMessage()); } else { $form->addError($e->getMessage()); } return false; } catch (Exception $e) { $form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage())); return false; } return true; }
/** * Return the given user backend or the first match in order * * @param string $name The name of the backend, or null in case the first match should be returned * @param string $interface The interface the backend should implement, no interface check if null * * @return UserBackendInterface * * @throws Zend_Controller_Action_Exception In case the given backend name is invalid */ protected function getUserBackend($name = null, $interface = 'Icinga\\Data\\Selectable') { if ($name !== null) { $config = Config::app('authentication'); if (!$config->hasSection($name)) { $this->httpNotFound(sprintf($this->translate('Authentication backend "%s" not found'), $name)); } else { $backend = UserBackend::create($name, $config->getSection($name)); if ($interface && !$backend instanceof $interface) { $interfaceParts = explode('\\', strtolower($interface)); throw new Zend_Controller_Action_Exception(sprintf($this->translate('Authentication backend "%s" is not %s'), $name, array_pop($interfaceParts)), 400); } } } else { $backends = $this->loadUserBackends($interface); $backend = array_shift($backends); } return $backend; }
/** * Apply the given configuration on this backend * * @param ConfigObject $config * * @return $this * * @throws ConfigurationError In case a linked user backend does not exist or is invalid */ public function setConfig(ConfigObject $config) { if ($config->backend === 'ldap') { $defaults = $this->getOpenLdapDefaults(); } elseif ($config->backend === 'msldap') { $defaults = $this->getActiveDirectoryDefaults(); } else { $defaults = new ConfigObject(); } if ($config->user_backend && $config->user_backend !== 'none') { $userBackend = UserBackend::create($config->user_backend); if (!$userBackend instanceof LdapUserBackend) { throw new ConfigurationError('User backend "%s" is not of type LDAP', $config->user_backend); } if ($this->ds->getHostname() !== $userBackend->getDataSource()->getHostname() || $this->ds->getPort() !== $userBackend->getDataSource()->getPort()) { // TODO(jom): Elaborate whether it makes sense to link directories on different hosts throw new ConfigurationError('It is required that a linked user backend refers to the ' . 'same directory as it\'s user group backend counterpart'); } $this->setUserBackend($userBackend); $defaults->merge(array('user_base_dn' => $userBackend->getBaseDn(), 'user_class' => $userBackend->getUserClass(), 'user_name_attribute' => $userBackend->getUserNameAttribute(), 'user_filter' => $userBackend->getFilter())); } return $this->setGroupBaseDn($config->base_dn)->setUserBaseDn($config->get('user_base_dn', $this->getGroupBaseDn()))->setGroupClass($config->get('group_class', $defaults->group_class))->setUserClass($config->get('user_class', $defaults->user_class))->setGroupNameAttribute($config->get('group_name_attribute', $defaults->group_name_attribute))->setUserNameAttribute($config->get('user_name_attribute', $defaults->user_name_attribute))->setGroupMemberAttribute($config->get('group_member_attribute', $defaults->group_member_attribute))->setGroupFilter($config->filter)->setUserFilter($config->user_filter); }
/** * Create and return the backend * * @return DbUserBackend|LdapUserBackend */ protected function createBackend() { $config = new ConfigObject($this->backendConfig); $config->resource = $this->resourceConfig; return UserBackend::create(null, $config); }
/** * Check whether the current user backend is valid, i.e. it's enabled, not an external user backend and whether its * config is valid * * @return bool */ public function valid() { if (!$this->config->valid()) { // Stop when there are no more backends to check return false; } $backendConfig = $this->config->current(); if ((bool) $backendConfig->get('disabled', false)) { $this->next(); return $this->valid(); } $name = $this->key(); try { $backend = UserBackend::create($name, $backendConfig); } catch (ConfigurationError $e) { Logger::error(new ConfigurationError('Can\'t create authentication backend "%s". An exception was thrown:', $name, $e)); $this->next(); return $this->valid(); } if ($this->getSkipExternalBackends() && $backend instanceof ExternalBackend) { $this->next(); return $this->valid(); } $this->currentBackend = $backend; return true; }
/** * Set up the user backend factory * * @return $this */ protected function setupUserBackendFactory() { try { UserBackend::setConfig(Config::app('authentication')); } catch (NotReadableError $e) { Logger::error(new IcingaException('Cannot load user backend configuration. An exception was thrown:', $e)); } return $this; }
/** * Create and add elements to this form * * @param array $formData */ public function createElements(array $formData) { // LdapUserGroupBackendForm requires these factories to provide valid configurations ResourceFactory::setConfig($this->createResourceConfiguration()); UserBackend::setConfig($this->createBackendConfiguration()); $backendForm = new LdapUserGroupBackendForm(); $formData['type'] = 'ldap'; $backendForm->create($formData); $backendForm->getElement('name')->setValue('icingaweb2'); $this->addSubForm($backendForm, 'backend_form'); $backendForm->addElement('hidden', 'resource', array('required' => true, 'value' => $this->resourceConfig['name'], 'decorators' => array('ViewHelper'))); $backendForm->addElement('hidden', 'user_backend', array('required' => true, 'value' => $this->backendConfig['name'], 'decorators' => array('ViewHelper'))); }
/** * Return the names of all configured LDAP user backends * * @param LdapConnection $resource * * @return array */ protected function getLdapUserBackendNames(LdapConnection $resource) { $names = array(); foreach (UserBackend::getBackendConfigs() as $name => $config) { if (in_array(strtolower($config->backend), array('ldap', 'msldap'))) { $backendResource = ResourceFactory::create($config->resource); if ($backendResource->getHostname() === $resource->getHostname() && $backendResource->getPort() === $resource->getPort()) { $names[] = $name; } } } return $names; }
/** * Create and return the user group backend * * @return LdapUserGroupBackend */ protected function createUserGroupBackend() { $resourceConfig = new Config(); $resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig); ResourceFactory::setConfig($resourceConfig); $backendConfig = new Config(); $backendConfig->setSection($this->backendConfig['name'], array_merge($this->backendConfig, array('resource' => $this->resourceConfig['name']))); UserBackend::setConfig($backendConfig); if (empty($this->groupConfig)) { $groupConfig = new ConfigObject(array('backend' => $this->backendConfig['backend'], 'resource' => $this->resourceConfig['name'], 'user_backend' => $this->backendConfig['name'])); } else { $groupConfig = new ConfigObject($this->groupConfig); } $backend = UserGroupBackend::create(null, $groupConfig); if (!$backend instanceof Selectable) { throw new NotImplementedError('Unsupported, until #9772 has been resolved'); } return $backend; }
/** * Create a user backend by using the given form's values and return its inspection results * * Returns null for non-inspectable backends. * * @param Form $form * * @return Inspection|null */ public static function inspectUserBackend(Form $form) { $backend = UserBackend::create(null, new ConfigObject($form->getValues())); if ($backend instanceof Inspectable) { return $backend->inspect(); } }
/** * Validate the configuration by creating a backend and requesting the user count * * @param Form $form The form to fetch the configuration values from * * @return bool Whether validation succeeded or not */ public static function isValidUserBackend(Form $form) { /** * @var $result Inspection */ $result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect(); if ($result->hasError()) { $form->addError($result->getError()); } // TODO: display diagnostics in $result->toArray() to the user return !$result->hasError(); }
/** * Return the names of all users this backend currently provides * * @return array */ protected function fetchUsers() { $config = new ConfigObject($this->backendConfig); $config->resource = $this->resourceConfig; $backend = UserBackend::create(null, $config); try { return $backend->select(array('user_name'))->order('user_name', 'asc', true)->fetchColumn(); } catch (Exception $_) { // No need to handle anything special here. Error means no users found. return array(); } }