mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-05-06 15:50:10 +02:00
199 lines
5.4 KiB
PHP
199 lines
5.4 KiB
PHP
<?php
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
/**
|
|
* This file is part of Icinga Web 2.
|
|
*
|
|
* Icinga Web 2 - Head for multiple monitoring backends.
|
|
* Copyright (C) 2013 Icinga Development Team
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*
|
|
* @copyright 2013 Icinga Development Team <info@icinga.org>
|
|
* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
|
|
* @author Icinga Development Team <info@icinga.org>
|
|
*
|
|
*/
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
namespace Icinga\Authentication\Backend;
|
|
|
|
use Icinga\Data\ResourceFactory;
|
|
use \stdClass;
|
|
use \Zend_Config;
|
|
use \Icinga\User;
|
|
use \Icinga\Authentication\UserBackend;
|
|
use \Icinga\Authentication\Credential;
|
|
use \Icinga\Protocol\Ldap;
|
|
use \Icinga\Protocol\Ldap\Connection as LdapConnection;
|
|
use \Icinga\Application\Config as IcingaConfig;
|
|
use \Icinga\Exception\ConfigurationError;
|
|
|
|
/**
|
|
* User authentication backend
|
|
*/
|
|
class LdapUserBackend implements UserBackend
|
|
{
|
|
/**
|
|
* Ldap resource
|
|
*
|
|
* @var Connection
|
|
**/
|
|
protected $connection;
|
|
|
|
/**
|
|
* The ldap connection information
|
|
*
|
|
* @var Zend_Config
|
|
*/
|
|
private $config;
|
|
|
|
/**
|
|
* Name of the backend
|
|
*
|
|
* @var string
|
|
*/
|
|
private $name;
|
|
|
|
/**
|
|
* Create a new LdapUserBackend
|
|
*
|
|
* @param Zend_Config $config The configuration for this authentication backend.
|
|
* 'resource' => The name of the resource to use, or an actual
|
|
* instance of \Icinga\Protocol\Ldap\Connection.
|
|
* 'name' => The name of this authentication backend.
|
|
*
|
|
* @throws ConfigurationError When the given resource does not exist.
|
|
*/
|
|
public function __construct(Zend_Config $config)
|
|
{
|
|
if (!isset($config->resource)) {
|
|
throw new ConfigurationError('An authentication backend must provide a resource.');
|
|
}
|
|
$this->config = $config;
|
|
$this->name = $config->name;
|
|
if ($config->resource instanceof LdapConnection) {
|
|
$this->connection = $config->resource;
|
|
} else {
|
|
$this->connection = ResourceFactory::createResource(
|
|
ResourceFactory::getResourceConfig($config->resource)
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Name of the backend
|
|
*
|
|
* @return string
|
|
*/
|
|
public function getName()
|
|
{
|
|
return $this->name;
|
|
}
|
|
|
|
/**
|
|
* Test if the username exists
|
|
*
|
|
* @param Credential $credential Credential to find user in database
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function hasUsername(Credential $credential)
|
|
{
|
|
return $this->connection->fetchOne(
|
|
$this->selectUsername($credential->getUsername())
|
|
) === $credential->getUsername();
|
|
}
|
|
|
|
/**
|
|
* Removes the '*' character from $string
|
|
*
|
|
* @param string $string Input string
|
|
*
|
|
* @return string
|
|
**/
|
|
protected function stripAsterisks($string)
|
|
{
|
|
return str_replace('*', '', $string);
|
|
}
|
|
|
|
/**
|
|
* Tries to fetch the username
|
|
*
|
|
* @param string $username The username to select
|
|
*
|
|
* @return stdClass $result
|
|
**/
|
|
protected function selectUsername($username)
|
|
{
|
|
return $this->connection->select()
|
|
->from(
|
|
$this->config->user_class,
|
|
array(
|
|
$this->config->user_name_attribute
|
|
)
|
|
)
|
|
->where(
|
|
$this->config->user_name_attribute,
|
|
$this->stripAsterisks($username)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Authenticate
|
|
*
|
|
* @param Credential $credentials Credential to authenticate
|
|
*
|
|
* @return User
|
|
*/
|
|
public function authenticate(Credential $credentials)
|
|
{
|
|
if ($this->connection->testCredentials(
|
|
$this->connection->fetchDN($this->selectUsername($credentials->getUsername())),
|
|
$credentials->getPassword()
|
|
)) {
|
|
return new User($credentials->getUsername());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return number of users in this backend
|
|
*
|
|
* @return int The number of users set in this backend
|
|
* @see UserBackend::getUserCount
|
|
*/
|
|
public function getUserCount()
|
|
{
|
|
return $this->connection->count(
|
|
$this->connection->select()->from(
|
|
$this->config->user_class,
|
|
array(
|
|
$this->config->user_name_attribute
|
|
)
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
*
|
|
* Establish the connection to this authentication backend
|
|
*
|
|
* @throws \Exception When the connection to the resource is not possible.
|
|
*/
|
|
public function connect()
|
|
{
|
|
$this->connection->connect();
|
|
}
|
|
}
|