2013-06-10 16:03:51 +02:00
|
|
|
<?php
|
2013-06-10 17:03:01 +02:00
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
2013-06-28 16:47:30 +02:00
|
|
|
/**
|
2013-07-15 12:26:10 +02:00
|
|
|
* This file is part of Icinga 2 Web.
|
|
|
|
|
*
|
|
|
|
|
* Icinga 2 Web - Head for multiple monitoring backends.
|
2013-06-28 16:47:30 +02:00
|
|
|
* Copyright (C) 2013 Icinga Development Team
|
2013-07-15 12:26:10 +02:00
|
|
|
*
|
2013-06-28 16:47:30 +02:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2013-07-15 12:26:10 +02:00
|
|
|
*
|
2013-06-28 16:47:30 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2013-07-15 12:26:10 +02:00
|
|
|
*
|
2013-06-28 16:47:30 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
2013-07-15 12:26:10 +02:00
|
|
|
*
|
2013-06-28 16:47:30 +02:00
|
|
|
* @copyright 2013 Icinga Development Team <info@icinga.org>
|
2013-07-15 12:26:10 +02:00
|
|
|
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
|
|
|
|
|
* @author Icinga Development Team <info@icinga.org>
|
2013-06-28 16:47:30 +02:00
|
|
|
*/
|
2013-06-10 17:03:01 +02:00
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
2013-06-10 16:03:51 +02:00
|
|
|
|
|
|
|
|
namespace Icinga\Authentication\Backend;
|
|
|
|
|
|
2013-08-28 10:16:18 +02:00
|
|
|
use \stdClass;
|
|
|
|
|
use \Zend_Config;
|
|
|
|
|
use \Icinga\User;
|
|
|
|
|
use \Icinga\Authentication\UserBackend;
|
2013-08-30 10:24:05 +02:00
|
|
|
use \Icinga\Authentication\Credential;
|
2013-08-28 10:16:18 +02:00
|
|
|
use \Icinga\Protocol\Ldap;
|
2013-08-30 10:33:35 +02:00
|
|
|
use \Icinga\Protocol\Ldap\Connection;
|
2013-08-12 15:02:25 +02:00
|
|
|
use \Icinga\Application\Config as IcingaConfig;
|
2013-06-10 16:03:51 +02:00
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* User authentication backend
|
|
|
|
|
*/
|
2013-06-10 16:03:51 +02:00
|
|
|
class LdapUserBackend implements UserBackend
|
|
|
|
|
{
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Ldap resource
|
|
|
|
|
*
|
|
|
|
|
* @var Connection
|
2013-08-13 18:08:21 +02:00
|
|
|
**/
|
2013-06-10 16:03:51 +02:00
|
|
|
protected $connection;
|
2013-07-12 15:37:36 +02:00
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-13 18:08:21 +02:00
|
|
|
* The ldap connection information
|
|
|
|
|
*
|
2013-08-28 10:16:18 +02:00
|
|
|
* @var Zend_Config
|
2013-08-13 18:08:21 +02:00
|
|
|
*/
|
|
|
|
|
private $config;
|
|
|
|
|
|
|
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Name of the backend
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2013-08-28 10:16:18 +02:00
|
|
|
* @var string
|
|
|
|
|
*/
|
|
|
|
|
private $name;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create new Ldap User backend
|
|
|
|
|
*
|
2013-08-30 10:33:35 +02:00
|
|
|
* @param Zend_Config $config Configuration to create instance
|
2013-08-28 10:16:18 +02:00
|
|
|
*/
|
|
|
|
|
public function __construct(Zend_Config $config)
|
2013-06-10 16:03:51 +02:00
|
|
|
{
|
|
|
|
|
$this->connection = new Ldap\Connection($config);
|
2013-08-13 18:08:21 +02:00
|
|
|
$this->config = $config;
|
2013-08-28 10:16:18 +02:00
|
|
|
$this->name = $config->name;
|
2013-06-10 16:03:51 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Name of the backend
|
|
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public function getName()
|
|
|
|
|
{
|
|
|
|
|
return $this->name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Test if the username exists
|
|
|
|
|
*
|
2013-08-30 10:33:35 +02:00
|
|
|
* @param Credential $credential Credential to find user in database
|
2013-08-28 10:16:18 +02:00
|
|
|
*
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
2013-08-30 10:24:05 +02:00
|
|
|
public function hasUsername(Credential $credential)
|
2013-06-10 16:03:51 +02:00
|
|
|
{
|
|
|
|
|
return $this->connection->fetchOne(
|
2013-06-25 12:24:52 +02:00
|
|
|
$this->selectUsername($credential->getUsername())
|
|
|
|
|
) === $credential->getUsername();
|
2013-06-10 16:03:51 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Removes the '*' character from $string
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2013-08-30 10:33:35 +02:00
|
|
|
* @param string $string Input string
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2013-08-28 10:16:18 +02:00
|
|
|
* @return string
|
2013-08-13 18:08:21 +02:00
|
|
|
**/
|
2013-06-10 16:03:51 +02:00
|
|
|
protected function stripAsterisks($string)
|
|
|
|
|
{
|
|
|
|
|
return str_replace('*', '', $string);
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Tries to fetch the username
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2013-08-28 10:16:18 +02:00
|
|
|
* @param string $username The username to select
|
2013-08-13 18:08:21 +02:00
|
|
|
*
|
2013-08-28 10:16:18 +02:00
|
|
|
* @return stdClass $result
|
2013-08-13 18:08:21 +02:00
|
|
|
**/
|
2013-06-10 16:03:51 +02:00
|
|
|
protected function selectUsername($username)
|
|
|
|
|
{
|
|
|
|
|
return $this->connection->select()
|
2013-07-26 15:58:16 +02:00
|
|
|
->from(
|
2013-08-13 18:08:21 +02:00
|
|
|
$this->config->user_class,
|
2013-07-26 15:58:16 +02:00
|
|
|
array(
|
2013-08-13 18:08:21 +02:00
|
|
|
$this->config->user_name_attribute
|
2013-07-26 15:58:16 +02:00
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
->where(
|
2013-08-13 18:08:21 +02:00
|
|
|
$this->config->user_name_attribute,
|
2013-07-26 15:58:16 +02:00
|
|
|
$this->stripAsterisks($username)
|
|
|
|
|
);
|
2013-06-10 16:03:51 +02:00
|
|
|
}
|
|
|
|
|
|
2013-06-27 15:18:24 +02:00
|
|
|
/**
|
2013-08-28 10:16:18 +02:00
|
|
|
* Authenticate
|
|
|
|
|
*
|
2013-08-30 10:33:35 +02:00
|
|
|
* @param Credential $credentials Credential to authenticate
|
2013-08-28 10:16:18 +02:00
|
|
|
*
|
|
|
|
|
* @return User
|
|
|
|
|
*/
|
2013-08-30 10:24:05 +02:00
|
|
|
public function authenticate(Credential $credentials)
|
2013-06-10 16:03:51 +02:00
|
|
|
{
|
2013-06-11 13:53:42 +02:00
|
|
|
if (!$this->connection->testCredentials(
|
2013-08-27 14:37:22 +02:00
|
|
|
$this->connection->fetchDN($this->selectUsername($credentials->getUsername())),
|
|
|
|
|
$credentials->getPassword()
|
|
|
|
|
)) {
|
2013-06-10 16:03:51 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
2013-06-25 12:24:52 +02:00
|
|
|
$user = new User($credentials->getUsername());
|
2013-06-11 13:53:42 +02:00
|
|
|
|
2013-06-10 16:03:51 +02:00
|
|
|
return $user;
|
|
|
|
|
}
|
2013-08-26 16:56:23 +02:00
|
|
|
|
2013-08-27 14:37:22 +02:00
|
|
|
public function getUserCount()
|
|
|
|
|
{
|
2013-08-26 16:56:23 +02:00
|
|
|
return $this->connection->count(
|
|
|
|
|
$this->connection->select()->from(
|
|
|
|
|
$this->config->user_class,
|
|
|
|
|
array(
|
|
|
|
|
$this->config->user_name_attribute
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
}
|
2013-06-10 16:03:51 +02:00
|
|
|
}
|
