tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 16:24:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make auth via LDAP user backends domain-aware

Browse Source 
refs #2153
This commit is contained in:
Eric Lippmann 2017-06-07 15:39:16 +02:00 committed by Alexander A. Klimov
parent 9599f6672f
commit 0cbec01743
1 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
library/Icinga/Authentication/User/LdapUserBackend.php
View File

@ -14,7 +14,7 @@ use Icinga\Repository\RepositoryQuery;
use Icinga\Protocol\Ldap\LdapException; use Icinga\Protocol\Ldap\LdapException;
use Icinga\User; use Icinga\User;
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable class LdapUserBackend extends LdapRepository implements UserBackendInterface, DomainAwareInterface, Inspectable
{ {
/** /**
* The base DN to use for a query * The base DN to use for a query
@ -44,6 +44,13 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
*/ */
protected $filter; protected $filter;
/**
* The domain the backend is responsible for
*
* @var string
*/
protected $domain;
/** /**
* The columns which are not permitted to be queried * The columns which are not permitted to be queried
* *
@ -174,6 +181,29 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
return $this->filter; return $this->filter;
} }
public function getDomain()
{
return $this->domain;
}
/**
* Set the domain the backend is responsible for
*
* @param string $domain
*
* @return $this
*/
public function setDomain($domain)
{
$domain = trim($domain);
if (strlen($domain)) {
$this->domain = $domain;
}
return $this;
}
/** /**
* Apply the given configuration to this backend * Apply the given configuration to this backend
* *
@ -187,7 +217,8 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
->setBaseDn($config->base_dn) ->setBaseDn($config->base_dn)
->setUserClass($config->user_class) ->setUserClass($config->user_class)
->setUserNameAttribute($config->user_name_attribute) ->setUserNameAttribute($config->user_name_attribute)
->setFilter($config->filter); ->setFilter($config->filter)
->setDomain($config->domain);
} }
/** /**
@ -372,10 +403,20 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
*/ */
public function authenticate(User $user, $password) public function authenticate(User $user, $password)
{ {
if ($this->domain !== null) {
if (! $user->hasDomain() || strtolower($user->getDomain()) !== $this->domain) {
return false;
}
$username = $user->getLocalUsername();
} else {
$username = $user->getUsername();
}
try { try {
$userDn = $this $userDn = $this
->select() ->select()
->where('user_name', str_replace('*', '', $user->getUsername())) ->where('user_name', str_replace('*', '', $username))
->getQuery() ->getQuery()
->setUsePagedResults(false) ->setUsePagedResults(false)
->fetchDn(); ->fetchDn();
@ -392,7 +433,7 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface, In
} catch (LdapException $e) { } catch (LdapException $e) {
throw new AuthenticationException( throw new AuthenticationException(
'Failed to authenticate user "%s" against backend "%s". An exception was thrown:', 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
$user->getUsername(), $username,
$this->getName(), $this->getName(),
$e $e
); );