169 lines
5.8 KiB
PHP
169 lines
5.8 KiB
PHP
<?php
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
|
|
|
namespace Icinga\Authentication;
|
|
|
|
use Countable;
|
|
use Icinga\Authentication\Backend\ExternalBackend;
|
|
use Icinga\Authentication\Backend\DbUserBackend;
|
|
use Icinga\Authentication\Backend\LdapUserBackend;
|
|
use Icinga\Data\ConfigObject;
|
|
use Icinga\Data\ResourceFactory;
|
|
use Icinga\Exception\ConfigurationError;
|
|
use Icinga\User;
|
|
|
|
abstract class UserBackend implements Countable
|
|
{
|
|
/**
|
|
* Name of the backend
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $name;
|
|
|
|
/**
|
|
* Setter for the backend's name
|
|
*
|
|
* @param string $name
|
|
*
|
|
* @return $this
|
|
*/
|
|
public function setName($name)
|
|
{
|
|
$this->name = $name;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Getter for the backend's name
|
|
*
|
|
* @return string
|
|
*/
|
|
public function getName()
|
|
{
|
|
return $this->name;
|
|
}
|
|
|
|
public static function create($name, ConfigObject $backendConfig)
|
|
{
|
|
if ($backendConfig->name !== null) {
|
|
$name = $backendConfig->name;
|
|
}
|
|
if (isset($backendConfig->class)) {
|
|
// Use a custom backend class, this is only useful for testing
|
|
if (!class_exists($backendConfig->class)) {
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" defines an invalid backend class.'
|
|
. ' Backend class "%s" not found',
|
|
$name,
|
|
$backendConfig->class
|
|
);
|
|
}
|
|
return new $backendConfig->class($backendConfig);
|
|
}
|
|
if (($backendType = $backendConfig->backend) === null) {
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" is missing the backend directive',
|
|
$name
|
|
);
|
|
}
|
|
$backendType = strtolower($backendType);
|
|
if ($backendType === 'external') {
|
|
$backend = new ExternalBackend($backendConfig);
|
|
$backend->setName($name);
|
|
return $backend;
|
|
}
|
|
if ($backendConfig->resource === null) {
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" is missing the resource directive',
|
|
$name
|
|
);
|
|
}
|
|
try {
|
|
$resourceConfig = ResourceFactory::getResourceConfig($backendConfig->resource);
|
|
} catch (ProgrammingError $e) {
|
|
throw new ConfigurationError(
|
|
'Resources not set up. Please contact your Icinga Web administrator'
|
|
);
|
|
}
|
|
$resource = ResourceFactory::createResource($resourceConfig);
|
|
switch ($backendType) {
|
|
case 'db':
|
|
$backend = new DbUserBackend($resource);
|
|
break;
|
|
case 'msldap':
|
|
$groupOptions = array(
|
|
'group_base_dn' => $backendConfig->get('group_base_dn', $resource->getDN()),
|
|
'group_attribute' => $backendConfig->get('group_attribute', 'sAMAccountName'),
|
|
'group_member_attribute' => $backendConfig->get('group_member_attribute', 'member'),
|
|
'group_class' => $backendConfig->get('group_class', 'group')
|
|
);
|
|
$backend = new LdapUserBackend(
|
|
$resource,
|
|
$backendConfig->get('user_class', 'user'),
|
|
$backendConfig->get('user_name_attribute', 'sAMAccountName'),
|
|
$backendConfig->get('base_dn', $resource->getDN()),
|
|
$backendConfig->get('filter'),
|
|
$groupOptions
|
|
);
|
|
break;
|
|
case 'ldap':
|
|
if ($backendConfig->user_class === null) {
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" is missing the user_class directive',
|
|
$name
|
|
);
|
|
}
|
|
if ($backendConfig->user_name_attribute === null) {
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" is missing the user_name_attribute directive',
|
|
$name
|
|
);
|
|
}
|
|
$groupOptions = array(
|
|
'group_base_dn' => $backendConfig->group_base_dn,
|
|
'group_attribute' => $backendConfig->group_attribute,
|
|
'group_member_attribute' => $backendConfig->group_member_attribute,
|
|
'group_class' => $backendConfig->group_class
|
|
);
|
|
$backend = new LdapUserBackend(
|
|
$resource,
|
|
$backendConfig->user_class,
|
|
$backendConfig->user_name_attribute,
|
|
$backendConfig->get('base_dn', $resource->getDN()),
|
|
$backendConfig->get('filter'),
|
|
$groupOptions
|
|
);
|
|
break;
|
|
default:
|
|
throw new ConfigurationError(
|
|
'Authentication configuration for backend "%s" defines an invalid backend type.'
|
|
. ' Backend type "%s" is not supported',
|
|
$name,
|
|
$backendType
|
|
);
|
|
}
|
|
$backend->setName($name);
|
|
return $backend;
|
|
}
|
|
|
|
/**
|
|
* Test whether the given user exists
|
|
*
|
|
* @param User $user
|
|
*
|
|
* @return bool
|
|
*/
|
|
abstract public function hasUser(User $user);
|
|
|
|
/**
|
|
* Authenticate
|
|
*
|
|
* @param User $user
|
|
* @param string $password
|
|
*
|
|
* @return bool
|
|
*/
|
|
abstract public function authenticate(User $user, $password);
|
|
}
|