186 lines
5.9 KiB
PHP
186 lines
5.9 KiB
PHP
<?php
|
|
|
|
// phpcs:disable PSR1.Classes.ClassDeclaration.MissingNamespace
|
|
// phpcs:disable PSR1.Files.SideEffects
|
|
defined('SYSPATH') or die('No direct access allowed.');
|
|
// phpcs:enable PSR1.Files.SideEffects
|
|
// phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps
|
|
|
|
/**
|
|
* Retrieves the PNP config files
|
|
*/
|
|
class Auth_Model extends System_Model
|
|
{
|
|
public $SOCKET = null;
|
|
|
|
public $socketPath = null;
|
|
|
|
public $socketDOMAIN = null;
|
|
|
|
public $socketTYPE = null;
|
|
|
|
public $socketHOST = null;
|
|
|
|
public $socketPORT = 0;
|
|
|
|
public $socketPROTO = null;
|
|
|
|
public $ERR_TXT = '';
|
|
|
|
public $AUTH_ENABLED = false;
|
|
|
|
public $REMOTE_USER = null;
|
|
|
|
public $config = '';
|
|
|
|
|
|
public function __construct()
|
|
{
|
|
$this->config = new Config_Model();
|
|
$this->config->read_config();
|
|
if ($this->config->conf['auth_enabled'] == 1) {
|
|
$this->AUTH_ENABLED = true;
|
|
$this->socketPath = $this->config->conf['livestatus_socket'];
|
|
}
|
|
|
|
// Try to get the login of the user
|
|
if (isset($_SERVER['REMOTE_USER'])) {
|
|
$this->REMOTE_USER = $_SERVER['REMOTE_USER'];
|
|
}
|
|
if ($this->REMOTE_USER === null && $this->config->conf['auth_multisite_enabled'] == 1) {
|
|
$MSAUTH = new Auth_Multisite_Model(
|
|
$this->config->conf['auth_multisite_htpasswd'],
|
|
$this->config->conf['auth_multisite_serials'],
|
|
$this->config->conf['auth_multisite_secret'],
|
|
$this->config->conf['auth_multisite_login_url']
|
|
);
|
|
$this->REMOTE_USER = $MSAUTH->check();
|
|
if ($this->REMOTE_USER !== null) {
|
|
return;
|
|
}
|
|
}
|
|
|
|
if ($this->AUTH_ENABLED === true && $this->REMOTE_USER === null) {
|
|
throw new Kohana_exception('error.remote_user_missing');
|
|
}
|
|
}
|
|
//end __construct()
|
|
|
|
|
|
public function __destruct()
|
|
{
|
|
if ($this->SOCKET !== null) {
|
|
socket_close($this->SOCKET);
|
|
$this->SOCKET = null;
|
|
}
|
|
}
|
|
//end __destruct()
|
|
|
|
|
|
public function connect()
|
|
{
|
|
$this->getSocketDetails($this->socketPath);
|
|
$this->SOCKET = socket_create($this->socketDOMAIN, $this->socketTYPE, $this->socketPROTO);
|
|
if ($this->SOCKET === false) {
|
|
throw new Kohana_exception('error.livestatus_socket_error', socket_strerror(socket_last_error($this->SOCKET)), $this->socketPath);
|
|
}
|
|
if ($this->socketDOMAIN === AF_UNIX) {
|
|
$result = @socket_connect($this->SOCKET, $this->socketPATH);
|
|
} else {
|
|
$result = @socket_connect($this->SOCKET, $this->socketHOST, $this->socketPORT);
|
|
}
|
|
if (!$result) {
|
|
throw new Kohana_exception('error.livestatus_socket_error', socket_strerror(socket_last_error($this->SOCKET)), $this->socketPath);
|
|
}
|
|
}
|
|
//end connect()
|
|
|
|
|
|
private function queryLivestatus($query)
|
|
{
|
|
if ($this->SOCKET === null) {
|
|
$this->connect();
|
|
}
|
|
@socket_write($this->SOCKET, $query . "\nOutputFormat: json\n\n");
|
|
// Read 16 bytes to get the status code and body size
|
|
$read = @socket_read($this->SOCKET, 2048);
|
|
if (!$read) {
|
|
throw new Kohana_exception('error.livestatus_socket_error', socket_strerror(socket_last_error($this->SOCKET)));
|
|
}
|
|
// print Kohana::debug("read ". $read);
|
|
// Catch problem while reading
|
|
if ($read === false) {
|
|
throw new Kohana_exception('error.livestatus_socket_error', socket_strerror(socket_last_error($this->SOCKET)));
|
|
}
|
|
|
|
// Decode the json response
|
|
$obj = json_decode(utf8_encode($read));
|
|
socket_close($this->SOCKET);
|
|
$this->SOCKET = null;
|
|
return $obj;
|
|
}
|
|
//end queryLivestatus()
|
|
|
|
|
|
public function is_authorized($host = false, $service = null)
|
|
{
|
|
if ($this->AUTH_ENABLED === false) {
|
|
return true;
|
|
}
|
|
|
|
if ($host == 'pnp-internal') {
|
|
return true;
|
|
}
|
|
|
|
if ($service === null || $service == '_HOST_' || $service == 'Host Perfdata') {
|
|
$users = explode(',', $this->config->conf['allowed_for_all_hosts']);
|
|
if (in_array($this->REMOTE_USER, $users)) {
|
|
return true;
|
|
}
|
|
$query = "GET hosts\nColumns: name\nFilter: name = $host\nAuthUser: " . $this->REMOTE_USER;
|
|
$result = $this->queryLivestatus($query);
|
|
} else {
|
|
$users = explode(',', $this->config->conf['allowed_for_all_services']);
|
|
if (in_array($this->REMOTE_USER, $users)) {
|
|
return true;
|
|
}
|
|
$query = "GET services\nColumns: host_name description\nFilter: host_name = $host\nFilter: description = $service\nAuthUser: " . $this->REMOTE_USER;
|
|
$result = $this->queryLivestatus($query);
|
|
}
|
|
|
|
return (!empty($result));
|
|
}
|
|
//end is_authorized()
|
|
|
|
|
|
public function getSocketDetails($string = false)
|
|
{
|
|
if (preg_match('/^unix:(.*)$/', $string, $match)) {
|
|
$this->socketDOMAIN = AF_UNIX;
|
|
$this->socketTYPE = SOCK_STREAM;
|
|
$this->socketPATH = $match[1];
|
|
$this->socketPROTO = 0;
|
|
return;
|
|
}
|
|
if (preg_match('/^tcp:([a-zA-Z0-9-\.]+):([0-9]+)$/', $string, $match)) {
|
|
$this->socketDOMAIN = AF_INET;
|
|
$this->socketTYPE = SOCK_STREAM;
|
|
$this->socketHOST = $match[1];
|
|
$this->socketPORT = $match[2];
|
|
$this->socketPROTO = SOL_TCP;
|
|
return;
|
|
}
|
|
// Fallback
|
|
if (preg_match('/^\/.*$/', $string, $match)) {
|
|
$this->socketDOMAIN = AF_UNIX;
|
|
$this->socketTYPE = SOCK_STREAM;
|
|
$this->socketPATH = $string;
|
|
$this->socketPROTO = 0;
|
|
return;
|
|
}
|
|
return false;
|
|
}
|
|
//end getSocketDetails()
|
|
}
|
|
//end class
|