showError ('Invalid authentication source!', __FUNCTION__);
die;
}
- // Fallback value.
- $remote_displayname = $remote_username;
- if (NULL !== ($remote_userid = getUserIDByUsername ($remote_username)))
- {
- // Always set $remote_displayname, if a local account exists and has one.
- // This can be overloaded from LDAP later though.
- $userinfo = spotEntity ('user', $remote_userid);
- $user_given_tags = $userinfo['etags'];
- if (!empty ($userinfo['user_realname']))
- $remote_displayname = $userinfo['user_realname'];
- }
- elseif ($require_local_account)
+ $userinfo = constructUserCell ($remote_username);
+ if ($require_local_account and !isset ($userinfo['user_id']))
dieWith401();
- $auto_tags = array_merge ($auto_tags, generateEntityAutoTags ('user', $remote_username));
+ $remote_displayname = strlen ($userinfo['user_realname']) ? $userinfo['user_realname'] : $remote_username;
+ $user_given_tags = $userinfo['etags'];
+ $auto_tags = array_merge ($auto_tags, $userinfo['atags']);
switch (TRUE)
{
// Just trust the server, because the password isn't known.
return;
// When using LDAP, leave a mean to fix things. Admin user is always authenticated locally.
case ('database' == $user_auth_src or $remote_userid == 1):
- if (authenticated_via_database ($remote_username, $_SERVER['PHP_AUTH_PW']))
+ if (authenticated_via_database ($userinfo, $_SERVER['PHP_AUTH_PW']))
return;
break;
case ('ldap' == $user_auth_src):
return $ret;
}
-function authenticated_via_database ($username, $password)
+function authenticated_via_database ($userinfo, $password)
{
- if (NULL === ($userid = getUserIDByUsername ($username))) // user not found
+ if (!isset ($userinfo['user_id'])) // not a local account
return FALSE;
- // FIXME: consider avoiding this DB call, because user data should be already
- // available in authenticate().
- if (NULL === ($userinfo = spotEntity ('user', $userid))) // user found, DB error
- {
- showError ('Cannot load user data', __FUNCTION__);
- die();
- }
return $userinfo['user_password_hash'] == sha1 ($password);
}
{
$ret[$entity_id]['etags'] = getExplicitTagsOnly ($ret[$entity_id]['etags']);
$ret[$entity_id]['itags'] = getImplicitTags ($ret[$entity_id]['etags']);
- switch ($realm)
- {
- case 'ipv4net':
- case 'object':
- $ret[$entity_id]['atags'] = generateEntityAutoTags ($realm, $ret[$entity_id]);
- break;
- default:
- $ret[$entity_id]['atags'] = generateEntityAutoTags ($realm, $entity_id);
- }
+ $ret[$entity_id]['atags'] = generateEntityAutoTags ($ret[$entity_id]);
switch ($realm)
{
case 'object':
return NULL;
$ret['etags'] = getExplicitTagsOnly ($ret['etags']);
$ret['itags'] = getImplicitTags ($ret['etags']);
- switch ($realm)
- {
- case 'ipv4net':
- case 'object':
- $ret['atags'] = generateEntityAutoTags ($realm, $ret);
- break;
- default:
- $ret['atags'] = generateEntityAutoTags ($realm, $id);
- }
+ $ret['atags'] = generateEntityAutoTags ($ret);
switch ($realm)
{
case 'object':
// Universal autotags generator, a complementing function for loadEntityTags().
// Bypass key isn't strictly typed, but interpreted depending on the realm.
-function generateEntityAutoTags ($entity_realm = '', $bypass_value = '')
+function generateEntityAutoTags ($cell)
{
$ret = array();
- switch ($entity_realm)
+ switch ($cell['realm'])
{
case 'rack':
- $ret[] = array ('tag' => '$rackid_' . $bypass_value);
+ $ret[] = array ('tag' => '$rackid_' . $cell['id']);
$ret[] = array ('tag' => '$any_rack');
break;
case 'object': // during transition bypass is already the whole structure
- $oinfo = $bypass_value;
- $ret[] = array ('tag' => '$id_' . $oinfo['id']);
- $ret[] = array ('tag' => '$typeid_' . $oinfo['objtype_id']);
+ $ret[] = array ('tag' => '$id_' . $cell['id']);
+ $ret[] = array ('tag' => '$typeid_' . $cell['objtype_id']);
$ret[] = array ('tag' => '$any_object');
- if (validTagName ('$cn_' . $oinfo['name']))
- $ret[] = array ('tag' => '$cn_' . $oinfo['name']);
- if (!strlen ($oinfo['rack_id']))
+ if (validTagName ('$cn_' . $cell['name']))
+ $ret[] = array ('tag' => '$cn_' . $cell['name']);
+ if (!strlen ($cell['rack_id']))
$ret[] = array ('tag' => '$unmounted');
break;
case 'ipv4net': // during transition bypass is already the whole structure
- $netinfo = $bypass_value;
- $ret[] = array ('tag' => '$ip4netid_' . $netinfo['id']);
- $ret[] = array ('tag' => '$ip4net-' . str_replace ('.', '-', $netinfo['ip']) . '-' . $netinfo['mask']);
+ $ret[] = array ('tag' => '$ip4netid_' . $cell['id']);
+ $ret[] = array ('tag' => '$ip4net-' . str_replace ('.', '-', $cell['ip']) . '-' . $cell['mask']);
$ret[] = array ('tag' => '$any_ip4net');
$ret[] = array ('tag' => '$any_net');
break;
case 'ipv4vs':
- $ret[] = array ('tag' => '$ipv4vsid_' . $bypass_value);
+ $ret[] = array ('tag' => '$ipv4vsid_' . $cell['id']);
$ret[] = array ('tag' => '$any_ipv4vs');
$ret[] = array ('tag' => '$any_vs');
break;
case 'ipv4rspool':
- $ret[] = array ('tag' => '$ipv4rspid_' . $bypass_value);
+ $ret[] = array ('tag' => '$ipv4rspid_' . $cell['id']);
$ret[] = array ('tag' => '$any_ipv4rsp');
$ret[] = array ('tag' => '$any_rsp');
break;
case 'user':
// {$username_XXX} autotag is generated always, but {$userid_XXX}
// appears only for accounts, which exist in local database.
- $ret[] = array ('tag' => '$username_' . $bypass_value);
- if (NULL !== ($userid = getUserIDByUsername ($bypass_value)))
- $ret[] = array ('tag' => '$userid_' . $userid);
+ $ret[] = array ('tag' => '$username_' . $cell['user_name']);
+ if (isset ($cell['user_id']))
+ $ret[] = array ('tag' => '$userid_' . $cell['user_id']);
break;
case 'file':
- $ret[] = array ('tag' => '$fileid_' . $bypass_value);
+ $ret[] = array ('tag' => '$fileid_' . $cell['id']);
$ret[] = array ('tag' => '$any_file');
break;
- default:
+ default: // HCF!
break;
}
return $ret;
return $ret;
}
+// Derive a complete cell structure from the given username regardless
+// if it is a local account or not.
+function constructUserCell ($username)
+{
+ if (NULL !== ($userid = getUserIDByUsername ($username)))
+ return spotEntity ('user', $userid);
+ $ret = array
+ (
+ 'realm' => 'user',
+ 'user_name' => $username,
+ 'user_realname' => '',
+ 'etags' => array(),
+ 'itags' => array(),
+ 'atags' => array(),
+ );
+ return $ret;
+}
+
?>
projects / racktables / commitdiff
