2013-06-28 19:00:30 +02:00
|
|
|
<?php
|
|
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
|
|
|
|
|
|
namespace Icinga\Authentication\Backend;
|
|
|
|
|
|
2014-03-03 17:21:17 +01:00
|
|
|
use Icinga\Authentication\UserBackend;
|
2014-06-06 08:43:13 +02:00
|
|
|
use Icinga\Data\Db\DbConnection;
|
2014-03-03 17:21:17 +01:00
|
|
|
use Icinga\User;
|
2014-06-02 15:52:58 +02:00
|
|
|
use Icinga\Exception\AuthenticationException;
|
2014-06-06 08:43:13 +02:00
|
|
|
use Exception;
|
|
|
|
|
use Zend_Db_Expr;
|
|
|
|
|
use Zend_Db_Select;
|
2014-08-27 16:03:15 +02:00
|
|
|
use Icinga\Exception\IcingaException;
|
2013-06-28 19:00:30 +02:00
|
|
|
|
2014-03-03 17:21:17 +01:00
|
|
|
class DbUserBackend extends UserBackend
|
2013-08-15 14:16:34 +02:00
|
|
|
{
|
2013-08-15 14:58:08 +02:00
|
|
|
/**
|
2014-03-03 17:21:17 +01:00
|
|
|
* Connection to the database
|
2013-11-27 10:58:43 +01:00
|
|
|
*
|
2014-06-06 08:43:13 +02:00
|
|
|
* @var DbConnection
|
2013-11-27 10:58:43 +01:00
|
|
|
*/
|
2014-10-08 10:26:12 +02:00
|
|
|
protected $conn;
|
2013-11-27 10:58:43 +01:00
|
|
|
|
2014-06-06 08:43:13 +02:00
|
|
|
public function __construct(DbConnection $conn)
|
2013-11-27 10:58:43 +01:00
|
|
|
{
|
2014-03-03 17:21:17 +01:00
|
|
|
$this->conn = $conn;
|
2013-11-27 10:58:43 +01:00
|
|
|
}
|
|
|
|
|
|
2013-11-28 17:22:53 +01:00
|
|
|
/**
|
2014-03-03 17:21:17 +01:00
|
|
|
* Test whether the given user exists
|
2013-11-28 17:22:53 +01:00
|
|
|
*
|
2014-03-03 17:21:17 +01:00
|
|
|
* @param User $user
|
2013-11-28 17:22:53 +01:00
|
|
|
*
|
2014-03-03 17:21:17 +01:00
|
|
|
* @return bool
|
2013-11-28 17:22:53 +01:00
|
|
|
*/
|
2014-03-03 17:21:17 +01:00
|
|
|
public function hasUser(User $user)
|
2013-11-28 17:22:53 +01:00
|
|
|
{
|
2014-03-06 14:07:33 +01:00
|
|
|
$select = new Zend_Db_Select($this->conn->getConnection());
|
|
|
|
|
$row = $select->from('account', array(new Zend_Db_Expr(1)))
|
2014-03-03 17:21:17 +01:00
|
|
|
->where('username = ?', $user->getUsername())
|
2014-03-06 14:07:33 +01:00
|
|
|
->query()->fetchObject();
|
|
|
|
|
|
|
|
|
|
return ($row !== false) ? true : false;
|
2013-11-28 17:22:53 +01:00
|
|
|
}
|
|
|
|
|
|
2014-10-08 10:26:12 +02:00
|
|
|
/**
|
|
|
|
|
* Add a new user
|
|
|
|
|
*
|
|
|
|
|
* @param string $username The name of the new user
|
|
|
|
|
* @param string $password The new user's password
|
|
|
|
|
* @param bool $active Whether the user is active
|
|
|
|
|
*/
|
|
|
|
|
public function addUser($username, $password, $active = true)
|
|
|
|
|
{
|
|
|
|
|
$passwordSalt = $this->generateSalt();
|
|
|
|
|
$hashedPassword = $this->hashPassword($password, $passwordSalt);
|
|
|
|
|
$stmt = $this->conn->getDbAdapter()->prepare(
|
|
|
|
|
'INSERT INTO account VALUES (:username, :salt, :password, :active);'
|
|
|
|
|
);
|
|
|
|
|
$stmt->execute(array(
|
|
|
|
|
':active' => $active,
|
|
|
|
|
':username' => $username,
|
|
|
|
|
':salt' => $passwordSalt,
|
|
|
|
|
':password' => $hashedPassword
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-28 10:16:18 +02:00
|
|
|
/**
|
2014-03-28 14:45:03 +01:00
|
|
|
* Authenticate the given user and return true on success, false on failure and null on error
|
2013-08-28 10:16:18 +02:00
|
|
|
*
|
2014-03-06 14:07:33 +01:00
|
|
|
* @param User $user
|
|
|
|
|
* @param string $password
|
2013-08-15 14:16:34 +02:00
|
|
|
*
|
2014-03-28 14:45:03 +01:00
|
|
|
* @return bool|null
|
2014-06-02 15:52:58 +02:00
|
|
|
* @throws AuthenticationException
|
2013-06-28 19:00:30 +02:00
|
|
|
*/
|
2014-03-03 17:21:17 +01:00
|
|
|
public function authenticate(User $user, $password)
|
2013-07-25 16:47:43 +02:00
|
|
|
{
|
2014-03-28 14:45:03 +01:00
|
|
|
try {
|
|
|
|
|
$salt = $this->getSalt($user->getUsername());
|
|
|
|
|
if ($salt === null) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if ($salt === '') {
|
2014-08-27 16:03:15 +02:00
|
|
|
throw new IcingaException(
|
|
|
|
|
'Cannot find salt for user %s',
|
|
|
|
|
$user->getUsername()
|
|
|
|
|
);
|
2014-03-28 14:45:03 +01:00
|
|
|
}
|
2014-03-06 14:07:33 +01:00
|
|
|
|
2014-03-28 14:45:03 +01:00
|
|
|
$select = new Zend_Db_Select($this->conn->getConnection());
|
|
|
|
|
$row = $select->from('account', array(new Zend_Db_Expr(1)))
|
|
|
|
|
->where('username = ?', $user->getUsername())
|
|
|
|
|
->where('active = ?', true)
|
|
|
|
|
->where('password = ?', $this->hashPassword($password, $salt))
|
|
|
|
|
->query()->fetchObject();
|
2014-03-06 14:07:33 +01:00
|
|
|
|
2014-03-28 14:45:03 +01:00
|
|
|
return ($row !== false) ? true : false;
|
|
|
|
|
} catch (Exception $e) {
|
2014-06-02 15:52:58 +02:00
|
|
|
throw new AuthenticationException(
|
2014-08-22 10:59:52 +02:00
|
|
|
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
|
|
|
|
|
$user->getUsername(),
|
|
|
|
|
$this->getName(),
|
2014-06-02 15:52:58 +02:00
|
|
|
$e
|
2014-03-28 14:45:03 +01:00
|
|
|
);
|
|
|
|
|
}
|
2013-06-28 19:00:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2014-03-03 17:21:17 +01:00
|
|
|
* Get salt by username
|
2013-07-25 16:47:43 +02:00
|
|
|
*
|
2014-03-03 17:21:17 +01:00
|
|
|
* @param string $username
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2014-03-03 17:21:17 +01:00
|
|
|
* @return string|null
|
2013-06-28 19:00:30 +02:00
|
|
|
*/
|
2014-10-08 10:26:12 +02:00
|
|
|
protected function getSalt($username)
|
2013-07-25 16:47:43 +02:00
|
|
|
{
|
2014-03-06 14:07:33 +01:00
|
|
|
$select = new Zend_Db_Select($this->conn->getConnection());
|
|
|
|
|
$row = $select->from('account', array('salt'))->where('username = ?', $username)->query()->fetchObject();
|
|
|
|
|
return ($row !== false) ? $row->salt : null;
|
2013-06-28 19:00:30 +02:00
|
|
|
}
|
|
|
|
|
|
2014-10-08 10:26:12 +02:00
|
|
|
/**
|
|
|
|
|
* Return a random salt
|
|
|
|
|
*
|
|
|
|
|
* The returned salt is safe to be used for hashing a user's password
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
protected function generateSalt()
|
|
|
|
|
{
|
2014-10-08 15:26:42 +02:00
|
|
|
return bin2hex(openssl_random_pseudo_bytes(32));
|
2014-10-08 10:26:12 +02:00
|
|
|
}
|
|
|
|
|
|
2013-11-27 10:58:43 +01:00
|
|
|
/**
|
2014-03-03 17:21:17 +01:00
|
|
|
* Hash a password
|
2013-11-27 10:58:43 +01:00
|
|
|
*
|
|
|
|
|
* @param string $password
|
|
|
|
|
* @param string $salt
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
2014-10-08 10:26:12 +02:00
|
|
|
protected function hashPassword($password, $salt) {
|
2013-11-27 10:58:43 +01:00
|
|
|
return hash_hmac('sha256', $password, $salt);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-28 19:00:30 +02:00
|
|
|
/**
|
2014-03-03 17:21:17 +01:00
|
|
|
* Get the number of users available
|
2014-01-22 11:38:47 +01:00
|
|
|
*
|
2014-03-03 17:21:17 +01:00
|
|
|
* @return int
|
2014-01-22 11:38:47 +01:00
|
|
|
*/
|
2014-03-03 17:21:17 +01:00
|
|
|
public function count()
|
2014-01-22 11:38:47 +01:00
|
|
|
{
|
2014-03-06 14:07:33 +01:00
|
|
|
$select = new Zend_Db_Select($this->conn->getConnection());
|
|
|
|
|
$row = $select->from(
|
|
|
|
|
'account',
|
|
|
|
|
array('count' => 'COUNT(*)')
|
|
|
|
|
)->query()->fetchObject();
|
|
|
|
|
|
|
|
|
|
return ($row !== false) ? $row->count : 0;
|
2014-01-22 11:38:47 +01:00
|
|
|
}
|
2014-09-29 11:21:40 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return the names of all available users
|
|
|
|
|
*
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function listUsers()
|
|
|
|
|
{
|
|
|
|
|
$query = $this->conn->select()->from('account', array('username'));
|
|
|
|
|
|
|
|
|
|
$users = array();
|
|
|
|
|
foreach ($query->fetchAll() as $row) {
|
|
|
|
|
$users[] = $row->username;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $users;
|
|
|
|
|
}
|
2014-08-22 10:59:52 +02:00
|
|
|
}
|
