2013-06-07 11:44:37 +02:00
|
|
|
<?php
|
2015-02-04 10:46:36 +01:00
|
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
2013-06-07 11:44:37 +02:00
|
|
|
|
2015-04-21 12:42:21 +02:00
|
|
|
namespace Icinga\Authentication\User;
|
2013-06-07 11:44:37 +02:00
|
|
|
|
2015-04-22 09:07:58 +02:00
|
|
|
use Icinga\Application\Logger;
|
|
|
|
|
use Icinga\Application\Icinga;
|
2014-11-18 13:11:52 +01:00
|
|
|
use Icinga\Data\ConfigObject;
|
2014-03-03 17:21:17 +01:00
|
|
|
use Icinga\Data\ResourceFactory;
|
|
|
|
|
use Icinga\Exception\ConfigurationError;
|
2013-08-28 10:16:18 +02:00
|
|
|
|
2015-04-21 13:59:35 +02:00
|
|
|
/**
|
2015-05-04 11:43:53 +02:00
|
|
|
* Factory for user backends
|
2015-04-21 13:59:35 +02:00
|
|
|
*/
|
2015-05-04 11:43:53 +02:00
|
|
|
class UserBackend
|
2013-06-07 11:44:37 +02:00
|
|
|
{
|
2015-04-22 09:07:58 +02:00
|
|
|
/**
|
|
|
|
|
* The default user backend types provided by Icinga Web 2
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
2015-05-04 11:43:53 +02:00
|
|
|
protected static $defaultBackends = array(
|
2015-04-22 09:07:58 +02:00
|
|
|
'external',
|
|
|
|
|
'db',
|
|
|
|
|
'ldap',
|
|
|
|
|
'msldap'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* The registered custom user backends with their identifier as key and class name as value
|
|
|
|
|
*
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
protected static $customBackends;
|
|
|
|
|
|
2013-06-25 12:24:52 +02:00
|
|
|
/**
|
2015-05-04 11:43:53 +02:00
|
|
|
* Register all custom user backends from all loaded modules
|
2015-04-22 09:07:58 +02:00
|
|
|
*/
|
2015-05-04 11:43:53 +02:00
|
|
|
protected static function registerCustomUserBackends()
|
2015-04-22 09:07:58 +02:00
|
|
|
{
|
|
|
|
|
if (static::$customBackends !== null) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static::$customBackends = array();
|
|
|
|
|
$providedBy = array();
|
|
|
|
|
foreach (Icinga::app()->getModuleManager()->getLoadedModules() as $module) {
|
|
|
|
|
foreach ($module->getUserBackends() as $identifier => $className) {
|
|
|
|
|
if (array_key_exists($identifier, $providedBy)) {
|
|
|
|
|
Logger::warning(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Cannot register user backend of type "%s" provided by module "%s".'
|
2015-04-22 09:07:58 +02:00
|
|
|
. ' The type is already provided by module "%s"',
|
|
|
|
|
$identifier,
|
|
|
|
|
$module->getName(),
|
|
|
|
|
$providedBy[$identifier]
|
|
|
|
|
);
|
|
|
|
|
} elseif (in_array($identifier, static::$defaultBackends)) {
|
|
|
|
|
Logger::warning(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Cannot register user backend of type "%s" provided by module "%s".'
|
2015-04-22 09:07:58 +02:00
|
|
|
. ' The type is a default type provided by Icinga Web 2',
|
|
|
|
|
$identifier,
|
|
|
|
|
$module->getName()
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
$providedBy[$identifier] = $module->getName();
|
|
|
|
|
static::$customBackends[$identifier] = $className;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2015-05-04 11:43:53 +02:00
|
|
|
* Return the class for the given custom user backend
|
2015-04-22 09:07:58 +02:00
|
|
|
*
|
|
|
|
|
* @param string $identifier The identifier of the custom user backend
|
|
|
|
|
*
|
|
|
|
|
* @return string|null The name of the class or null in case there was no
|
|
|
|
|
* backend found with the given identifier
|
|
|
|
|
*
|
2015-05-04 11:43:53 +02:00
|
|
|
* @throws ConfigurationError In case the class associated to the given identifier does not exist
|
2015-04-22 09:07:58 +02:00
|
|
|
*/
|
|
|
|
|
protected static function getCustomUserBackend($identifier)
|
|
|
|
|
{
|
2015-05-04 11:43:53 +02:00
|
|
|
static::registerCustomUserBackends();
|
2015-04-22 09:07:58 +02:00
|
|
|
if (array_key_exists($identifier, static::$customBackends)) {
|
|
|
|
|
$className = static::$customBackends[$identifier];
|
|
|
|
|
if (! class_exists($className)) {
|
|
|
|
|
throw new ConfigurationError(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Cannot utilize user backend of type "%s". Class "%s" does not exist',
|
2015-04-22 09:07:58 +02:00
|
|
|
$identifier,
|
|
|
|
|
$className
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $className;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-21 13:59:35 +02:00
|
|
|
/**
|
2015-05-04 11:43:53 +02:00
|
|
|
* Create and return a user backend with the given name and given configuration applied to it
|
2015-04-21 13:59:35 +02:00
|
|
|
*
|
|
|
|
|
* @param string $name
|
|
|
|
|
* @param ConfigObject $backendConfig
|
|
|
|
|
*
|
2015-05-04 11:43:53 +02:00
|
|
|
* @return UserBackendInterface
|
2015-04-21 13:59:35 +02:00
|
|
|
*
|
|
|
|
|
* @throws ConfigurationError
|
|
|
|
|
*/
|
2014-11-18 13:11:52 +01:00
|
|
|
public static function create($name, ConfigObject $backendConfig)
|
2014-03-03 17:21:17 +01:00
|
|
|
{
|
|
|
|
|
if ($backendConfig->name !== null) {
|
|
|
|
|
$name = $backendConfig->name;
|
|
|
|
|
}
|
2015-04-21 13:59:35 +02:00
|
|
|
|
|
|
|
|
if (! ($backendType = strtolower($backendConfig->backend))) {
|
2014-06-12 17:05:54 +02:00
|
|
|
throw new ConfigurationError(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Authentication configuration for user backend "%s" is missing the \'backend\' directive',
|
2014-08-22 11:46:11 +02:00
|
|
|
$name
|
2014-06-12 17:05:54 +02:00
|
|
|
);
|
|
|
|
|
}
|
2015-01-27 09:49:36 +01:00
|
|
|
if ($backendType === 'external') {
|
|
|
|
|
$backend = new ExternalBackend($backendConfig);
|
2014-06-03 17:59:22 +02:00
|
|
|
$backend->setName($name);
|
|
|
|
|
return $backend;
|
|
|
|
|
}
|
2015-04-22 09:07:58 +02:00
|
|
|
if (in_array($backendType, static::$defaultBackends)) {
|
|
|
|
|
// The default backend check is the first one because of performance reasons:
|
|
|
|
|
// Do not attempt to load a custom user backend unless it's actually required
|
|
|
|
|
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
|
|
|
|
|
$backend = new $customClass($backendConfig);
|
2015-05-04 11:43:53 +02:00
|
|
|
if (! is_a($backend, 'Icinga\Authentication\User\UserBackendInterface')) {
|
|
|
|
|
throw new ConfigurationError(
|
|
|
|
|
'Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface',
|
|
|
|
|
$backendType,
|
|
|
|
|
$customClass
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-22 09:07:58 +02:00
|
|
|
$backend->setName($name);
|
|
|
|
|
return $backend;
|
|
|
|
|
} else {
|
|
|
|
|
throw new ConfigurationError(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Authentication configuration for user backend "%s" defines an invalid backend type.'
|
2015-04-22 09:07:58 +02:00
|
|
|
. ' Backend type "%s" is not supported',
|
|
|
|
|
$name,
|
|
|
|
|
$backendType
|
|
|
|
|
);
|
|
|
|
|
}
|
2015-04-21 13:59:35 +02:00
|
|
|
|
2014-03-03 17:21:17 +01:00
|
|
|
if ($backendConfig->resource === null) {
|
|
|
|
|
throw new ConfigurationError(
|
2015-05-04 11:43:53 +02:00
|
|
|
'Authentication configuration for user backend "%s" is missing the \'resource\' directive',
|
2014-08-22 11:46:11 +02:00
|
|
|
$name
|
2014-03-03 17:21:17 +01:00
|
|
|
);
|
|
|
|
|
}
|
2015-04-22 09:35:41 +02:00
|
|
|
$resource = ResourceFactory::create($backendConfig->resource);
|
2015-04-21 13:59:35 +02:00
|
|
|
|
2014-06-12 17:05:54 +02:00
|
|
|
switch ($backendType) {
|
2014-03-03 17:21:17 +01:00
|
|
|
case 'db':
|
|
|
|
|
$backend = new DbUserBackend($resource);
|
|
|
|
|
break;
|
|
|
|
|
case 'msldap':
|
2014-10-01 15:58:53 +02:00
|
|
|
$groupOptions = array(
|
2015-02-09 15:31:47 +01:00
|
|
|
'group_base_dn' => $backendConfig->get('group_base_dn', $resource->getDN()),
|
|
|
|
|
'group_attribute' => $backendConfig->get('group_attribute', 'sAMAccountName'),
|
|
|
|
|
'group_member_attribute' => $backendConfig->get('group_member_attribute', 'member'),
|
|
|
|
|
'group_class' => $backendConfig->get('group_class', 'group')
|
2014-10-01 15:58:53 +02:00
|
|
|
);
|
2014-03-03 17:21:17 +01:00
|
|
|
$backend = new LdapUserBackend(
|
|
|
|
|
$resource,
|
|
|
|
|
$backendConfig->get('user_class', 'user'),
|
2014-10-01 15:58:53 +02:00
|
|
|
$backendConfig->get('user_name_attribute', 'sAMAccountName'),
|
2014-10-09 10:10:09 +02:00
|
|
|
$backendConfig->get('base_dn', $resource->getDN()),
|
2015-03-11 09:52:14 +01:00
|
|
|
$backendConfig->get('filter'),
|
2014-10-01 15:58:53 +02:00
|
|
|
$groupOptions
|
2014-03-03 17:21:17 +01:00
|
|
|
);
|
|
|
|
|
break;
|
|
|
|
|
case 'ldap':
|
2014-10-06 13:35:17 +02:00
|
|
|
if ($backendConfig->user_class === null) {
|
|
|
|
|
throw new ConfigurationError(
|
2015-04-22 09:36:45 +02:00
|
|
|
'Authentication configuration for backend "%s" is missing the \'user_class\' directive',
|
2014-10-06 13:35:17 +02:00
|
|
|
$name
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
if ($backendConfig->user_name_attribute === null) {
|
|
|
|
|
throw new ConfigurationError(
|
2015-04-22 09:36:45 +02:00
|
|
|
'Authentication configuration for backend "%s" is'
|
|
|
|
|
. ' missing the \'user_name_attribute\' directive',
|
2014-10-06 13:35:17 +02:00
|
|
|
$name
|
|
|
|
|
);
|
|
|
|
|
}
|
2014-10-01 15:58:53 +02:00
|
|
|
$groupOptions = array(
|
|
|
|
|
'group_base_dn' => $backendConfig->group_base_dn,
|
|
|
|
|
'group_attribute' => $backendConfig->group_attribute,
|
|
|
|
|
'group_member_attribute' => $backendConfig->group_member_attribute,
|
|
|
|
|
'group_class' => $backendConfig->group_class
|
|
|
|
|
);
|
|
|
|
|
$backend = new LdapUserBackend(
|
|
|
|
|
$resource,
|
|
|
|
|
$backendConfig->user_class,
|
|
|
|
|
$backendConfig->user_name_attribute,
|
2014-10-09 10:10:09 +02:00
|
|
|
$backendConfig->get('base_dn', $resource->getDN()),
|
2015-03-11 09:52:14 +01:00
|
|
|
$backendConfig->get('filter'),
|
2014-10-01 15:58:53 +02:00
|
|
|
$groupOptions
|
|
|
|
|
);
|
2014-03-03 17:21:17 +01:00
|
|
|
break;
|
|
|
|
|
}
|
2015-04-21 13:59:35 +02:00
|
|
|
|
2014-03-03 17:21:17 +01:00
|
|
|
$backend->setName($name);
|
|
|
|
|
return $backend;
|
|
|
|
|
}
|
2013-08-27 17:17:09 +02:00
|
|
|
}
|
