1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
namespace Icinga\Authentication\User;
use Icinga\Application\Logger;
use Icinga\Data\ConfigObject;
use Icinga\User;
/**
* Test login with external authentication mechanism, e.g. Apache
*/
class ExternalBackend implements UserBackendInterface
{
/**
* Possible variables where to read the user from
*
* @var string[]
*/
public static $remoteUserEnvvars = array('REMOTE_USER', 'REDIRECT_REMOTE_USER');
/**
* The name of this backend
*
* @var string
*/
protected $name;
/**
* Regexp expression to strip values from a username
*
* @var string
*/
protected $stripUsernameRegexp;
/**
* Create new authentication backend of type "external"
*
* @param ConfigObject $config
*/
public function __construct(ConfigObject $config)
{
$this->stripUsernameRegexp = $config->get('strip_username_regexp');
}
/**
* {@inheritdoc}
*/
public function getName()
{
return $this->name;
}
/**
* {@inheritdoc}
*/
public function setName($name)
{
$this->name = $name;
return $this;
}
/**
* Get the remote user from environment or $_SERVER, if any
*
* @param string $variable The name of the variable where to read the user from
*
* @return string|null
*/
public static function getRemoteUser($variable = 'REMOTE_USER')
{
$username = getenv($variable);
if (! empty($username)) {
return $username;
}
if (array_key_exists($variable, $_SERVER) && ! empty($_SERVER[$variable])) {
return $_SERVER[$variable];
}
}
/**
* Get the remote user information from environment or $_SERVER, if any
*
* @return array Contains always two entries, the username and origin which may both set to null.
*/
public static function getRemoteUserInformation()
{
foreach (static::$remoteUserEnvvars as $envVar) {
$username = static::getRemoteUser($envVar);
if ($username !== null) {
return array($username, $envVar);
}
}
return array(null, null);
}
/**
* {@inheritdoc}
*/
public function authenticate(User $user, $password = null)
{
list($username, $field) = static::getRemoteUserInformation();
if ($username !== null) {
$user->setExternalUserInformation($username, $field);
if ($this->stripUsernameRegexp) {
$stripped = @preg_replace($this->stripUsernameRegexp, '', $username);
if ($stripped === false) {
Logger::error('Failed to strip external username. The configured regular expression is invalid.');
return false;
}
$username = $stripped;
}
$user->setUsername($username);
return true;
}
return false;
}
}
|
