r78240 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r78239‎ \| r78240 \| r78241 >
Date:	09:07, 12 December 2010
Author:	laner
Status:	deferred
Tags:
Comment:	Adding support for user creation in LDAP.
Modified paths:	/trunk/extensions/OpenStackManager/OpenStackManager.php (modified) (history) /trunk/extensions/OpenStackManager/OpenStackNovaUser.php (modified) (history)

Diff [purge]

Index: trunk/extensions/OpenStackManager/OpenStackNovaUser.php
—	—	@@ -49,12 +49,31 @@
50	50	}
51	51
52	52	function hasProjects() {
	53	+ global $wgAuth;
	54	+ global $wgOpenStackManagerLDAPProjectBaseDN;
	55	+
53	56	$this->connect();
54		~~- return array();~~
	57	+
	58	+ # All projects have a projectManager attribute, project
	59	+ # roles do not
	60	+ $projects = array();
	61	+ $filter = "(&(projectManager=*)(member=$this->userDN))";
	62	+ $result = ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );
	63	+ if ( $result ) {
	64	+ $entries = ldap_get_entries( $wgAuth->ldapconn, $entry );
	65	+ if ( $entries ) {
	66	+ # First entry is always a count
	67	+ array_shift($entries);
	68	+ foreach ( $entries as $entry ) {
	69	+ array_push( $projects, $entry['cn'] );
	70	+ }
	71	+ }
	72	+ }
	73	+ return $projects;
55	74	}
56	75
57		~~- function hasRoles() {~~
58		~~- $this->connect();~~
	76	+ function hasRoles( $project='' ) {
	77	+ # Currently unsupported
59	78	return array();
60	79	}
61	80
—	—	@@ -65,9 +84,9 @@
66	85	$this->connect();
67	86
68	87	$filter = "(&(cn=$project)(member=$this->userDN))";
69		~~- $entry = ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );~~
70		~~- if ( $entry ) {~~
71		~~- $entries = ldap_get_entries( $wgAuth->ldapconn, $entry );~~
	88	+ $result = ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );
	89	+ if ( $result ) {
	90	+ $entries = ldap_get_entries( $wgAuth->ldapconn, $result );
72	91	if ( $entries ) {
73	92	if ( $entries['count'] == "0" ) {
74	93	$wgAuth->printDebug( "Couldn't find the user in project: $project", NONSENSITIVE );
—	—	@@ -83,9 +102,8 @@
84	103	}
85	104	}
86	105
87		~~- function inRole( $role, $project) {~~
88		~~- $this->connect();~~
89		-
	106	+ function inRole( $role, $project='' ) {
	107	+ # Currently unsupported
90	108	return true;
91	109	}
92	110
—	—	@@ -96,4 +114,76 @@
97	115	$wgAuth->connect();
98	116	$wgAuth->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword );
99	117	}
	118	+
	119	+ static function uuid4() {
	120	+ uuid_create( &$uuid );
	121	+ uuid_make( $uuid, UUID_MAKE_V4 );
	122	+ uuid_export( $uuid, UUID_FMT_STR, &$uuidExport );
	123	+ return trim( $uuidExport );
	124	+ }
	125	+
	126	+ /**
	127	+ * Does not ensure uniqueness during concurrent use!
	128	+ * Also does not work when resource limits are set for
	129	+ * LDAP queries by the client or the server.
	130	+ *
	131	+ * TODO: write a better and more efficient version of this.
	132	+ */
	133	+ static function getNextIdNumber( $auth, $attr ) {
	134	+ $highest = '';
	135	+ $filter = "(objectclass=posixaccount)";
	136	+ $result = ldap_search( $auth->ldapconn, $auth->getBaseDN( USERDN ), $filter );
	137	+ if ( $result ) {
	138	+ $entries = ldap_get_entries( $auth->ldapconn, $result );
	139	+ if ( $entries ) {
	140	+ if ( $entries['count'] == "0" ) {
	141	+ $highest = '500';
	142	+ } else {
	143	+ array_shift( $entries );
	144	+ $uids = array();
	145	+ foreach ( $entries as $entry ) {
	146	+ array_push( $uids, $entry[$attr][0] );
	147	+ }
	148	+ sort( $uids, SORT_NUMERIC );
	149	+ $highest = array_pop( $uids ) + 1;
	150	+ }
	151	+ } else {
	152	+ $auth->printDebug( "Failed to find any entries when searching for next $attr", NONSENSITIVE );
	153	+ }
	154	+ } else {
	155	+ $auth->printDebug( "Failed to get a result searching for next $attr", NONSENSITIVE );
	156	+ }
	157	+ $auth->printDebug( "id returned: $highest", NONSENSITIVE );
	158	+ return $highest;
	159	+ }
	160	+
	161	+ /**
	162	+ * Hook to add objectclasses and attributes for users being created.
	163	+ */
	164	+ static function LDAPSetCreationValues( $auth, $username, &$values, &$result ) {
	165	+ global $wgOpenStackManagerLDAPDefaultGid;
	166	+
	167	+ $values['objectclass'][] = 'person';
	168	+ $values['objectclass'][] = 'novauser';
	169	+ $values['objectclass'][] = 'ldappublickey';
	170	+ $values['objectclass'][] = 'posixaccount';
	171	+ $values['objectclass'][] = 'shadowaccount';
	172	+ $values['accesskey'] = OpenStackNovaUser::uuid4();
	173	+ $values['secretkey'] = OpenStackNovaUser::uuid4();
	174	+ $values['isadmin'] = 'FALSE';
	175	+ $uid = OpenStackNovaUser::getNextIdNumber( $auth, 'uidnumber' );
	176	+ if ( ! $uid ) {
	177	+ $result = false;
	178	+ return false;
	179	+ }
	180	+ $values['uidnumber'] = $uid;
	181	+ $values['gidnumber'] = $wgOpenStackManagerLDAPDefaultGid;
	182	+ $values['homedirectory'] = '/home/' . $username;
	183	+
	184	+ $auth->printDebug( "User account's objectclasses: ", NONSENSITIVE, $values['objectclass'] );
	185	+ $auth->printDebug( "User account's attributes: ", HIGHLYSENSITIVE, $values );
	186	+
	187	+ return true;
	188	+ }
	189	+
100	190	}
Index: trunk/extensions/OpenStackManager/OpenStackManager.php
—	—	@@ -42,3 +42,5 @@
43	43	$wgAutoloadClasses['AmazonEC2'] = $dir . 'aws-sdk/sdk.class.php';
44	44	$wgSpecialPages['NovaInstance'] = 'SpecialNovaInstance';
45	45	$wgSpecialPageGroups['NovaInstance'] = 'other';
	46	+
	47	+$wgHooks['LDAPSetCreationValues'][] = 'OpenStackNovaUser::LDAPSetCreationValues';

Status & tagging log

02:26, 30 December 2010 Reedy (talk | contribs) changed the status of r78240 [removed: new added: deferred]