Gergő Tisza has uploaded a new change for review.
https://gerrit.wikimedia.org/r/296514
Change subject: Adjust to changes to LdapAuthentication in preparation for
AuthManager
......................................................................
Adjust to changes to LdapAuthentication in preparation for AuthManager
We can no longer rely on $wgAuth being LdapAuthentication; instead, call
LdapAuthenticationPlugin::getInstance().
Change-Id: I7f5115c0fe68c05d26514b089db4e61cc2d440a7
Depends-On: Ia7d05f93783571ca9f1b79481303b3d2c95a5c88
(cherry picked from commit ca5602fbc403eea8aa8b286f0e1f021221acfc2a)
---
M OpenStackManager.php
M maintenance/purgeOldServiceGroups.php
M maintenance/qualifyInstancePages.php
M maintenance/updateInstancePages.php
M maintenance/updatedomains.php
M nova/OpenStackNovaController.php
M nova/OpenStackNovaDomain.php
M nova/OpenStackNovaHost.php
M nova/OpenStackNovaLdapConnection.php
M nova/OpenStackNovaPrivateHost.php
M nova/OpenStackNovaProject.php
M nova/OpenStackNovaProjectGroup.php
M nova/OpenStackNovaPublicHost.php
M nova/OpenStackNovaRole.php
M nova/OpenStackNovaServiceGroup.php
M nova/OpenStackNovaSudoer.php
M nova/OpenStackNovaUser.php
M special/SpecialNovaInstance.php
18 files changed, 310 insertions(+), 351 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager
refs/changes/14/296514/1
diff --git a/OpenStackManager.php b/OpenStackManager.php
index e22a194..60ff338 100644
--- a/OpenStackManager.php
+++ b/OpenStackManager.php
@@ -58,18 +58,6 @@
$wgHooks['UserRemoveGroup'][] =
'OpenStackNovaUser::removeUserFromBastionProject';
$wgHooks['getUserPermissionsErrors'][] =
'OpenStackManagerHooks::getUserPermissionsErrors';
-# Block runs on Wikimedia Jenkins CI system
-if ( isset( $wgWikimediaJenkinsCI ) && $wgWikimediaJenkinsCI ) {
-
- # Please MediaWiki ApiDocumentationTest which invokes our API calls
which
- # require $wgAuth to be an instance of the LdapAuthenticationPlugin.
- # T124613
- $wgExtensionFunctions[] = function () {
- global $wgAuth;
- $wgAuth = new LdapAuthenticationPlugin();
- };
-}
-
// Keystone identity URI
$wgOpenStackManagerNovaIdentityURI = 'http://localhost:5000/v2.0';
$wgOpenStackManagerNovaIdentityV3URI = 'http://localhost:5000/v3';
diff --git a/maintenance/purgeOldServiceGroups.php
b/maintenance/purgeOldServiceGroups.php
index 65c7423..8423afe 100644
--- a/maintenance/purgeOldServiceGroups.php
+++ b/maintenance/purgeOldServiceGroups.php
@@ -14,8 +14,8 @@
public function execute() {
global $wgOpenStackManagerLDAPUsername;
- global $wgAuth;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$user = new OpenStackNovaUser(
$wgOpenStackManagerLDAPUsername );
$projects = OpenStackNovaProject::getAllProjects();
@@ -37,20 +37,20 @@
$oldServiceGroupOUDN = 'ou=groups,' .
$project->getProjectDN();
$oldServiceUserOUDN = 'ou=people,' .
$project->getProjectDN();
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn,
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn,
$oldServiceGroupOUDN,
'(objectclass=groupofnames)' );
if ( $result ) {
$this->serviceGroups = array();
- $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
if ( isset( $groupList ) ) {
array_shift( $groupList );
foreach ( $groupList as $groupEntry ) {
$deleteme = "cn=" .
$groupEntry['cn'][0] . "," . $oldServiceGroupOUDN;
print "needs deleting: " .
$deleteme . "...";
$attempt_count++;
- $success =
LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme );
+ $success =
LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme );
if ( $success ) {
$synced_count++;
print( "done.\n");
@@ -62,20 +62,20 @@
}
}
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn,
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn,
$oldServiceUserOUDN,
'(objectclass=person)' );
if ( $result ) {
$this->serviceGroups = array();
- $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
if ( isset( $groupList ) ) {
array_shift( $groupList );
foreach ( $groupList as $groupEntry ) {
$deleteme = "uid=" .
$groupEntry['cn'][0] . "," . $oldServiceUserOUDN;
print "user needs deleting: " .
$deleteme . "...";
$attempt_count++;
- $success =
LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme );
+ $success =
LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme );
if ( $success ) {
$synced_count++;
print( "done.\n");
@@ -90,7 +90,7 @@
$deleteme = $oldServiceGroupOUDN;
print "ou needs deleting: " . $deleteme . "...";
$attempt_count++;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $deleteme );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $deleteme );
if ( $success ) {
$synced_count++;
print( "done.\n");
@@ -102,7 +102,7 @@
$deleteme = $oldServiceUserOUDN;
print "ou needs deleting: " . $deleteme . "...";
$attempt_count++;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $deleteme );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $deleteme );
if ( $success ) {
$synced_count++;
print( "done.\n");
diff --git a/maintenance/qualifyInstancePages.php
b/maintenance/qualifyInstancePages.php
index 923cf1e..3c5b819 100644
--- a/maintenance/qualifyInstancePages.php
+++ b/maintenance/qualifyInstancePages.php
@@ -13,7 +13,6 @@
}
public function execute() {
- global $wgAuth;
global $wgOpenStackManagerLDAPUsername;
global $wgOpenStackManagerLDAPUserPassword;
@@ -35,7 +34,8 @@
$userNova->setRegion( $region );
$instances = $userNova->getInstances();
if ( ! $instances ) {
- $wgAuth->printDebug( "No instance,
continuing", NONSENSITIVE );
+ $ldap =
LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "No instance,
continuing", NONSENSITIVE );
continue;
}
foreach ( $instances as $instance ) {
diff --git a/maintenance/updateInstancePages.php
b/maintenance/updateInstancePages.php
index 7ff65b8..f4151d2 100644
--- a/maintenance/updateInstancePages.php
+++ b/maintenance/updateInstancePages.php
@@ -13,7 +13,6 @@
}
public function execute() {
- global $wgAuth;
global $wgOpenStackManagerLDAPUsername;
global $wgOpenStackManagerLDAPUserPassword;
@@ -35,7 +34,8 @@
$userNova->setRegion( $region );
$instances = $userNova->getInstances();
if ( ! $instances ) {
- $wgAuth->printDebug( "No instance,
continuing", NONSENSITIVE );
+ $ldap =
LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "No instance,
continuing", NONSENSITIVE );
continue;
}
foreach ( $instances as $instance ) {
diff --git a/maintenance/updatedomains.php b/maintenance/updatedomains.php
index 8862ea7..72c19fc 100644
--- a/maintenance/updatedomains.php
+++ b/maintenance/updatedomains.php
@@ -41,7 +41,6 @@
}
public function execute() {
- global $wgAuth;
global $wgOpenStackManagerLDAPUsername;
global $wgOpenStackManagerLDAPUserPassword;
diff --git a/nova/OpenStackNovaController.php b/nova/OpenStackNovaController.php
index 722c5ee..38a0c77 100644
--- a/nova/OpenStackNovaController.php
+++ b/nova/OpenStackNovaController.php
@@ -181,8 +181,7 @@
* @return array
*/
function getProxiesForProject() {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$proxyarr = array();
$ret = $this->restCall( 'proxy', '/mapping', 'GET' );
$proxies = self::_get_property( $ret['body'], 'routes' );
@@ -194,14 +193,14 @@
$backends = self::_get_property( $proxy, 'backends' );
if ( (count( $backends ) ) > 1 ) {
- $wgAuth->printDebug( "Warning! proxy $domain
has multiple backends but we only support one backend per proxy.", NONSENSITIVE
);
+ $ldap->printDebug( "Warning! proxy $domain has
multiple backends but we only support one backend per proxy.", NONSENSITIVE );
}
$backend = $backends[0];
$backendarray = explode( ':', $backends[0] );
if ( strpos( $backend, "http" ) === 0 ) {
if ( ( count( $backendarray ) < 2 ) or ( count(
$backendarray ) > 3 ) ) {
- $wgAuth->printDebug( "Unable to parse
backend $backend, discarding.", NONSENSITIVE );
+ $ldap->printDebug( "Unable to parse
backend $backend, discarding.", NONSENSITIVE );
} elseif ( count( $backendarray ) == 2 ) {
$backendHost = $backend;
$backendPort = null;
@@ -211,7 +210,7 @@
}
} else {
if ( ( count( $backendarray ) < 1 ) or ( count(
$backendarray ) > 2 ) ) {
- $wgAuth->printDebug( "Unable to parse
backend $backend, discarding.", NONSENSITIVE );
+ $ldap->printDebug( "Unable to parse
backend $backend, discarding.", NONSENSITIVE );
} elseif ( count( $backendarray ) == 1 ) {
$backendHost = $backend;
$backendPort = null;
@@ -238,7 +237,7 @@
*/
function _getAdminToken() {
global $wgOpenStackManagerLDAPUsername,
$wgOpenStackManagerLDAPUserPassword;
- global $wgOpenStackManagerProjectId, $wgAuth;
+ global $wgOpenStackManagerProjectId;
global $wgMemc;
if ( $this->admintoken ) {
@@ -264,7 +263,8 @@
);
$ret = $this->restCall( 'identity', '/tokens', 'POST', $data,
$headers );
if ( $ret['code'] !== 200 ) {
- $wgAuth->printDebug(
"OpenStackNovaController::_getAdminToken return code: " . $ret['code'],
NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug(
"OpenStackNovaController::_getAdminToken return code: " . $ret['code'],
NONSENSITIVE );
return "";
}
@@ -962,10 +962,10 @@
}
function authenticate( $username, $password ) {
- global $wgAuth;
global $wgMemc;
- $wgAuth->printDebug( "Entering
OpenStackNovaController::authenticate", NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "Entering
OpenStackNovaController::authenticate", NONSENSITIVE );
$headers = array(
'Accept: application/json',
'Content-Type: application/json',
@@ -973,7 +973,7 @@
$data = array( 'auth' => array( 'passwordCredentials' => array(
'username' => $username, 'password' => $password ) ) );
$ret = $this->restCall( 'identity', '/tokens', 'POST', $data,
$headers );
if ( $ret['code'] !== 200 ) {
- $wgAuth->printDebug(
"OpenStackNovaController::authenticate return code: " . $ret['code'],
NONSENSITIVE );
+ $ldap->printDebug(
"OpenStackNovaController::authenticate return code: " . $ret['code'],
NONSENSITIVE );
return '';
}
$user = $ret['body'];
@@ -1077,11 +1077,11 @@
}
function restCall( $service, $path, $method, $data = array(),
$authHeaders='', $retrying=false ) {
- global $wgAuth;
global $wgOpenStackManagerNovaIdentityURI;
global $wgOpenStackManagerNovaIdentityV3URI;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
if ( $authHeaders ) {
$headers = $authHeaders;
} else {
@@ -1104,7 +1104,7 @@
}
}
$fullurl = $endpointURL . $path;
- $wgAuth->printDebug( "OpenStackNovaController::restCall
fullurl: " . $fullurl, NONSENSITIVE );
+ $ldap->printDebug( "OpenStackNovaController::restCall fullurl:
" . $fullurl, NONSENSITIVE );
$handle = curl_init();
switch( $method ) {
case 'GET':
diff --git a/nova/OpenStackNovaDomain.php b/nova/OpenStackNovaDomain.php
index 681abbe..37a0849 100644
--- a/nova/OpenStackNovaDomain.php
+++ b/nova/OpenStackNovaDomain.php
@@ -29,7 +29,7 @@
* @return void
*/
function fetchDomainInfo() {
- global $wgAuth, $wgMemc;
+ global $wgMemc;
global $wgOpenStackManagerLDAPInstanceBaseDN;
$key = wfMemcKey( 'openstackmanager', 'domaininfo',
$this->domainname );
@@ -39,9 +39,10 @@
if ( is_array( $domainInfo ) ) {
$this->domainInfo = $domainInfo;
} else {
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN,
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN,
'(dc='
. $this->domainname . ')' );
- $this->domainInfo =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $this->domainInfo =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
$wgMemc->set( $key, $this->domainInfo, 3600 * 24 );
}
if ( $this->domainInfo ) {
@@ -89,17 +90,16 @@
* @return bool
*/
function updateSOA() {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$domain = array();
$domain['soarecord'] = OpenStackNovaDomain::generateSOA();
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->domainDN, $domain );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->domainDN, $domain );
if ( $success ) {
- $wgAuth->printDebug( "Successfully modified soarecord
for " . $this->domainDN, NONSENSITIVE );
+ $ldap->printDebug( "Successfully modified soarecord for
" . $this->domainDN, NONSENSITIVE );
$this->fetchDomainInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to modify soarecord for "
. $this->domainDN, NONSENSITIVE );
+ $ldap->printDebug( "Failed to modify soarecord for " .
$this->domainDN, NONSENSITIVE );
return false;
}
}
@@ -112,9 +112,9 @@
* @return array of OpenNovaDomain
*/
static function getAllDomains( $type='all' ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$domains = array();
@@ -125,9 +125,9 @@
} else {
$query = '(soarecord=*)';
}
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, $query );
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, $query );
if ( $result ) {
- $entries = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $entries = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $entries ) {
# First entry is always a count
array_shift( $entries );
@@ -167,14 +167,14 @@
* @return null|OpenStackNovaDomain
*/
static function getDomainByHostIP( $ip ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN,
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN,
'(arecord=' .
$ip . ')' );
- $hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $hostInfo['count'] == "0" ) {
return null;
}
@@ -221,9 +221,9 @@
* @return null|OpenStackNovaDomain
*/
static function createDomain( $domainname, $fqdn, $location ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$soa = OpenStackNovaDomain::generateSOA();
@@ -239,12 +239,12 @@
}
$dn = 'dc=' . $domainname . ',' .
$wgOpenStackManagerLDAPInstanceBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $domain );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$dn, $domain );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added domain
$domainname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added domain
$domainname", NONSENSITIVE );
return new OpenStackNovaDomain( $domainname );
} else {
- $wgAuth->printDebug( "Failed to add domain
$domainname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add domain $domainname",
NONSENSITIVE );
return null;
}
}
@@ -258,31 +258,30 @@
* @return bool
*/
static function deleteDomain( $domainname ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$domain = new OpenStackNovaDomain( $domainname );
if ( ! $domain ) {
- $wgAuth->printDebug( "Domain $domainname does not
exist", NONSENSITIVE );
+ $ldap->printDebug( "Domain $domainname does not exist",
NONSENSITIVE );
return array( false,
'openstackmanager-failedeletedomainnotfound' );
}
$dn = $domain->domainDN;
# Domains can have records as sub entries. If sub-entries
exist, fail.
- $result = LdapAuthenticationPlugin::ldap_list(
$wgAuth->ldapconn, $dn, 'objectclass=*' );
- $hosts = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $result = LdapAuthenticationPlugin::ldap_list( $ldap->ldapconn,
$dn, 'objectclass=*' );
+ $hosts = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $hosts['count'] != "0" ) {
- $wgAuth->printDebug( "Failed to delete domain
$domainname, since it had sub entries", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete domain
$domainname, since it had sub entries", NONSENSITIVE );
return array( false,
'openstackmanager-failedeletedomainduplicates' );
}
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $dn );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $dn );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted domain
$domainname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted domain
$domainname", NONSENSITIVE );
return array( true, '' );
} else {
- $wgAuth->printDebug( "Failed to delete domain
$domainname, since it had sub entries", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete domain
$domainname, since it had sub entries", NONSENSITIVE );
return array( false,
'openstackmanager-failedeletedomain' );
}
}
diff --git a/nova/OpenStackNovaHost.php b/nova/OpenStackNovaHost.php
index 535f7d2..438e561 100644
--- a/nova/OpenStackNovaHost.php
+++ b/nova/OpenStackNovaHost.php
@@ -79,14 +79,13 @@
* @return bool
*/
function deleteAssociatedDomain( $fqdn ) {
- global $wgAuth;
-
if ( isset( $this->hostInfo[0]['associateddomain'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$associateddomains =
$this->hostInfo[0]['associateddomain'];
array_shift( $associateddomains );
$index = array_search( $fqdn, $associateddomains );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find $fqdn in
associateddomain list", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find $fqdn in
associateddomain list", NONSENSITIVE );
return false;
}
unset( $associateddomains[$index] );
@@ -95,14 +94,14 @@
foreach ( $associateddomains as $associateddomain ) {
$values['associateddomain'][] =
$associateddomain;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully removed
$fqdn from $this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed $fqdn
from $this->hostDN", NONSENSITIVE );
$this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to remove $fqdn
from $this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove $fqdn from
$this->hostDN", NONSENSITIVE );
return false;
}
} else {
@@ -117,14 +116,13 @@
* @return bool
*/
function deleteARecord( $ip ) {
- global $wgAuth;
-
if ( isset( $this->hostInfo[0]['arecord'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$arecords = $this->hostInfo[0]['arecord'];
array_shift( $arecords );
$index = array_search( $ip, $arecords );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find ip address
in arecords list", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find ip address
in arecords list", NONSENSITIVE );
return false;
}
unset( $arecords[$index] );
@@ -133,14 +131,14 @@
foreach ( $arecords as $arecord ) {
$values['arecord'][] = $arecord;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully removed $ip
from $this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed $ip
from $this->hostDN", NONSENSITIVE );
$this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to remove $ip from
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove $ip from
$this->hostDN", NONSENSITIVE );
return false;
}
} else {
@@ -155,8 +153,7 @@
* @return bool
*/
function addAssociatedDomain( $fqdn ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$associatedomains = array();
if ( isset( $this->hostInfo[0]['associateddomain'] ) ) {
$associatedomains =
$this->hostInfo[0]['associateddomain'];
@@ -165,14 +162,14 @@
$associatedomains[] = $fqdn;
$values = array();
$values['associateddomain'] = $associatedomains;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added $fqdn to
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $fqdn to
$this->hostDN", NONSENSITIVE );
$this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to add $fqdn to
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $fqdn to
$this->hostDN", NONSENSITIVE );
return false;
}
}
@@ -184,8 +181,7 @@
* @return bool
*/
function addARecord( $ip ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$arecords = array();
if ( isset( $this->hostInfo[0]['arecord'] ) ) {
$arecords = $this->hostInfo[0]['arecord'];
@@ -194,14 +190,14 @@
$arecords[] = $ip;
$values = array();
$values['arecord'] = $arecords;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added $ip to
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $ip to
$this->hostDN", NONSENSITIVE );
$this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to add $ip to
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $ip to
$this->hostDN", NONSENSITIVE );
return false;
}
}
@@ -213,17 +209,16 @@
* @return bool
*/
function setARecord( $ip ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$values = array( 'arecord' => array( $ip ) );
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully set $ip on
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully set $ip on
$this->hostDN", NONSENSITIVE );
$this->getDomain()->updateSOA();
$this->fetchHostInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to set $ip on
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to set $ip on
$this->hostDN", NONSENSITIVE );
return false;
}
}
@@ -237,8 +232,6 @@
* @return OpenStackNovaHost
*/
static function getHostByPublicIP( $ip ) {
- global $wgAuth;
-
$host = new OpenStackNovaPublicHost( $ip );
if ( $host->hostInfo ) {
return $host;
@@ -271,18 +264,18 @@
* @return bool
*/
function deleteHost() {
- global $wgAuth;
+ $ldap = LdapAuthenticationPlugin::getInstance();
# Grab the domain now, before we delete the entry and it's no
longer there to grab.
$domain = $this->getDomain();
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $this->hostDN );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $this->hostDN );
if ( $success ) {
$domain->updateSOA();
- $wgAuth->printDebug( "Successfully deleted host
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted host
$this->hostDN", NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to delete host
$this->hostDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete host
$this->hostDN", NONSENSITIVE );
return false;
}
}
@@ -300,9 +293,9 @@
* @return OpenStackNovaHost
*/
static function addHostFromInstance( $instance, $domain, $puppetinfo =
array() ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN,
$wgOpenStackManagerPuppetOptions;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$hostname = $instance->getInstanceName();
@@ -321,7 +314,7 @@
$fqdn = $instancename . '.' . $instanceproject . '.' .
$domainname;
$host = OpenStackNovaHost::getHostByNameAndProject(
$instancename, $instanceproject, $region );
if ( $host ) {
- $wgAuth->printDebug( "Failed to add host $hostname as
the DNS entry already exists", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add host $hostname as the
DNS entry already exists", NONSENSITIVE );
return null;
}
$hostEntry = array();
@@ -365,13 +358,13 @@
}
$dn = 'dc=' . $fqdn . ',' .
$wgOpenStackManagerLDAPInstanceBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $hostEntry );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$dn, $hostEntry );
if ( $success ) {
$domain->updateSOA();
- $wgAuth->printDebug( "Successfully added host $fqdn",
NONSENSITIVE );
+ $ldap->printDebug( "Successfully added host $fqdn",
NONSENSITIVE );
return
OpenStackNovaHost::getHostByInstanceNameAndProject( $instancename,
$instanceproject, $region );
} else {
- $wgAuth->printDebug( "Failed to add host $fqdn with dn
of $dn", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add host $fqdn with dn of
$dn", NONSENSITIVE );
return null;
}
}
@@ -388,15 +381,15 @@
* @return bool|null|OpenStackNovaHost
*/
static function addPublicHost( $hostname, $ip, $domain ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$domainname = $domain->getFullyQualifiedDomainName();
$host = OpenStackNovaHost::getHostByPublicIP( $ip );
if ( $host ) {
- $wgAuth->printDebug( "Failed to add public host
$hostname as the DNS entry already exists", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add public host $hostname
as the DNS entry already exists", NONSENSITIVE );
return null;
}
$hostEntry = array();
@@ -408,13 +401,13 @@
$hostEntry['associateddomain'][] = $hostname . '.' .
$domainname;
$dn = 'dc=' . $ip . ',' . $wgOpenStackManagerLDAPInstanceBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $hostEntry );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$dn, $hostEntry );
if ( $success ) {
$domain->updateSOA();
- $wgAuth->printDebug( "Successfully added public host
$hostname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added public host
$hostname", NONSENSITIVE );
return new OpenStackNovaHost( false, null, $ip );
} else {
- $wgAuth->printDebug( "Failed to add public host
$hostname with dn = $dn", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add public host $hostname
with dn = $dn", NONSENSITIVE );
return null;
}
}
diff --git a/nova/OpenStackNovaLdapConnection.php
b/nova/OpenStackNovaLdapConnection.php
index d744ac6..b2009fa 100644
--- a/nova/OpenStackNovaLdapConnection.php
+++ b/nova/OpenStackNovaLdapConnection.php
@@ -9,17 +9,17 @@
class OpenStackNovaLdapConnection {
/**
- * Connect to LDAP as the open stack manager account using wgAuth
+ * Connect to LDAP as the open stack manager account using
LdapAuthenticationPlugin
*/
static function connect() {
- global $wgAuth;
global $wgOpenStackManagerLDAPUser,
$wgOpenStackManagerLDAPUserPassword;
global $wgOpenStackManagerLDAPDomain;
// Only reconnect/rebind if we aren't alredy bound
- if ( $wgAuth->boundAs !== $wgOpenStackManagerLDAPUser ) {
- $wgAuth->connect( $wgOpenStackManagerLDAPDomain );
- $wgAuth->bindAs( $wgOpenStackManagerLDAPUser,
$wgOpenStackManagerLDAPUserPassword );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ if ( $ldap->boundAs !== $wgOpenStackManagerLDAPUser ) {
+ $ldap->connect( $wgOpenStackManagerLDAPDomain );
+ $ldap->bindAs( $wgOpenStackManagerLDAPUser,
$wgOpenStackManagerLDAPUserPassword );
}
}
}
diff --git a/nova/OpenStackNovaPrivateHost.php
b/nova/OpenStackNovaPrivateHost.php
index 31e2d09..718deae 100644
--- a/nova/OpenStackNovaPrivateHost.php
+++ b/nova/OpenStackNovaPrivateHost.php
@@ -26,10 +26,9 @@
* @param $region
*/
function __construct( $instancename, $instanceproject, $region ) {
- global $wgAuth;
-
- $this->instancename = $wgAuth->getLdapEscapedString(
$instancename );
- $this->instanceproject = $wgAuth->getLdapEscapedString(
$instanceproject );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $this->instancename = $ldap->getLdapEscapedString(
$instancename );
+ $this->instanceproject = $ldap->getLdapEscapedString(
$instanceproject );
$this->region = $region;
$this->domainCache = null;
OpenStackNovaLdapConnection::connect();
@@ -42,9 +41,9 @@
* @return void
*/
function fetchHostInfo() {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
if ($this->getDomain()) {
$fqdn = $this->instancename . '.' .
$this->instanceproject . '.' .
$this->getDomain()->getFullyQualifiedDomainName();
} else {
@@ -52,8 +51,8 @@
$this->hostInfo = null;
return;
}
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . ')'
);
- $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . ')' );
+ $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $this->hostInfo["count"] == "0" ) {
$this->hostInfo = null;
} else {
@@ -70,13 +69,12 @@
* @return string
*/
function getFullyQualifiedDisplayName() {
- global $wgAuth;
-
if ($this->getDomain()) {
$fqdn = $this->instancename . '.' .
$this->instanceproject . '.' .
$this->getDomain()->getFullyQualifiedDomainName();
return $fqdn;
} else {
- $wgAuth->printDebug( "Error: Unable to determine
instancename of " . $this->instancename, NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "Error: Unable to determine
instancename of " . $this->instancename, NONSENSITIVE );
return "";
}
}
@@ -87,12 +85,11 @@
* @return OpenStackNovaDomain
*/
function getDomain() {
- global $wgAuth;
-
if ( ! $this->domainCache ) {
$this->domainCache =
OpenStackNovaDomain::getDomainByRegion( $this->region );
if (! $this->domainCache ) {
- $wgAuth->printDebug( "Looked up domain for
region $this->region but domainCache is still empty.", NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "Looked up domain for region
$this->region but domainCache is still empty.", NONSENSITIVE );
}
}
return $this->domainCache;
@@ -153,11 +150,11 @@
* @return bool
*/
function modifyPuppetConfiguration( $puppetinfo ) {
- global $wgAuth;
global $wgOpenStackManagerPuppetOptions;
$hostEntry = array( 'puppetclass' => array(), 'puppetvar' =>
array() );
if ( $wgOpenStackManagerPuppetOptions['enabled'] ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
if ( isset( $puppetinfo['classes'] ) ) {
foreach ( $puppetinfo['classes'] as $class ) {
$hostEntry['puppetclass'][] = $class;
@@ -170,22 +167,22 @@
}
$oldpuppetinfo = $this->getPuppetConfiguration();
if ( isset( $oldpuppetinfo['puppetvar'] ) ) {
- $wgAuth->printDebug( "Checking for preexisting
variables", NONSENSITIVE );
+ $ldap->printDebug( "Checking for preexisting
variables", NONSENSITIVE );
foreach ( $oldpuppetinfo['puppetvar'] as
$variable => $value ) {
- $wgAuth->printDebug( "Found $variable",
NONSENSITIVE );
+ $ldap->printDebug( "Found $variable",
NONSENSITIVE );
if ( $variable === "instanceproject" ||
$variable === "instancename" ) {
$hostEntry['puppetvar'][] =
$variable . '=' . $value;
}
}
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->hostDN, $hostEntry );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->hostDN, $hostEntry );
if ( $success ) {
$this->fetchHostInfo();
- $wgAuth->printDebug( "Successfully modified
puppet configuration for host", NONSENSITIVE );
+ $ldap->printDebug( "Successfully modified
puppet configuration for host", NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to modify puppet
configuration for host", NONSENSITIVE );
+ $ldap->printDebug( "Failed to modify puppet
configuration for host", NONSENSITIVE );
return false;
}
}
diff --git a/nova/OpenStackNovaProject.php b/nova/OpenStackNovaProject.php
index ef10c38..8f938ac 100644
--- a/nova/OpenStackNovaProject.php
+++ b/nova/OpenStackNovaProject.php
@@ -93,7 +93,6 @@
* @return void
*/
function fetchProjectInfo( $refresh=true ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectBaseDN;
if ( $this->loaded and !$refresh ) {
@@ -119,16 +118,16 @@
}
function fetchServiceGroups() {
- global $wgAuth;
global $wgOpenStackManagerLDAPServiceGroupBaseDN;
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn,
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn,
$wgOpenStackManagerLDAPServiceGroupBaseDN,
'(objectclass=groupofnames)' );
if ( $result ) {
$this->serviceGroups = array();
- $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $groupList =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
if ( isset( $groupList ) ) {
array_shift( $groupList );
foreach ( $groupList as $groupEntry ) {
@@ -144,20 +143,20 @@
}
$serviceUserBaseDN = "ou=people" . "," .
$wgOpenStackManagerLDAPServiceGroupBaseDN;
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn,
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn,
$serviceUserBaseDN,
'(objectclass=person)' );
if ( $result ) {
$this->serviceUsers = array();
- $userList = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $userList = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( isset( $userList ) ) {
array_shift( $userList );
foreach ( $userList as $userEntry ) {
# Now we have every user. Check if
this one belongs to us.
$matchstring = $this->projectname . ".";
if ( strpos($userEntry['cn'][0],
$matchstring) === 0 ) {
- $wgAuth->printDebug( "adding "
. $userEntry['cn'][0], NONSENSITIVE );
+ $ldap->printDebug( "adding " .
$userEntry['cn'][0], NONSENSITIVE );
$this->serviceUsers[] =
$userEntry['cn'][0];
}
}
@@ -177,13 +176,13 @@
* @return void
*/
function fetchProjectGroup() {
- global $wgAuth;
$this->projectGroup = new OpenStackNovaProjectGroup(
$this->projectname );
// If we couldn't find an corresponding Project Group,
// then we should create one now.
if ( !$this->projectGroup->loaded ) {
- $wgAuth->printDebug(
$this->projectGroup->getProjectGroupName() . " does not exist. Creating it.",
NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug(
$this->projectGroup->getProjectGroupName() . " does not exist. Creating it.",
NONSENSITIVE );
$createSuccess =
OpenStackNovaProjectGroup::createProjectGroup( $this->projectname );
// Aaaaand if we successfully created the group, then
finally sync the members from this project now.
@@ -359,9 +358,9 @@
* @return bool
*/
function deleteMember( $username ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$key = wfMemcKey( 'openstackmanager', 'projectuidsandmembers',
$this->projectname );
$wgMemc->delete( $key );
@@ -377,17 +376,17 @@
foreach ( $sudoers as $sudoer ) {
$success = $sudoer->deleteUser( $username );
if ( $success ) {
- $wgAuth->printDebug( "Successfully
removed $username from " . $sudoer->getSudoerName(), NONSENSITIVE );
+ $ldap->printDebug( "Successfully
removed $username from " . $sudoer->getSudoerName(), NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to remove
$username from " . $sudoer->getSudoerName(), NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove
$username from " . $sudoer->getSudoerName(), NONSENSITIVE );
}
}
- $wgAuth->printDebug( "Successfully removed
$user->userDN from $this->projectname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed $user->userDN
from $this->projectname", NONSENSITIVE );
$this->deleteRoleCaches( $username );
$this->editArticle();
return true;
} else {
- $wgAuth->printDebug( "Failed to remove $username from
$this->projectname: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove $username from
$this->projectname: " . ldap_error($ldap->ldapconn), NONSENSITIVE );
return false;
}
}
@@ -399,11 +398,10 @@
* @return bool
*/
function addServiceGroup( $groupName, $initialUser ) {
- global $wgAuth;
-
$group = OpenStackNovaServiceGroup::createServiceGroup(
$groupName, $this, $initialUser );
if ( ! $group ) {
- $wgAuth->printDebug( "Failed to create service group
$groupName", NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "Failed to create service group
$groupName", NONSENSITIVE );
return false;
}
@@ -418,8 +416,6 @@
* @return bool
*/
function deleteServiceGroup( $groupName ) {
- global $wgAuth;
-
$success = OpenStackNovaServiceGroup::deleteServiceGroup(
$groupName, $this );
$this->fetchServiceGroups();
@@ -433,9 +429,9 @@
* @return bool
*/
function addMember( $username ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$key = wfMemcKey( 'openstackmanager', 'projectuidsandmembers',
$this->projectname );
$wgMemc->delete( $key );
@@ -448,11 +444,11 @@
// also add the member to the corresponding
ProjectGroup.
$this->projectGroup->addMember( $username );
$this->deleteRoleCaches( $username );
- $wgAuth->printDebug( "Successfully added $username to
$this->projectname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $username to
$this->projectname", NONSENSITIVE );
$this->editArticle();
return true;
} else {
- $wgAuth->printDebug( "Failed to add $username to
$this->projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $username to
$this->projectname", NONSENSITIVE );
return false;
}
}
@@ -612,8 +608,6 @@
* @return OpenStackNovaProject[]
*/
static function getAllProjects() {
- global $wgAuth;
-
$projects = array();
foreach( OpenStackNovaProject::getProjectList() as $id => $name
) {
$project = new OpenStackNovaProject( $id, false );
@@ -634,10 +628,11 @@
* @return OpenStackNovaProject
*/
static function createProject( $projectname ) {
- global $wgAuth, $wgMemc;
+ global $wgMemc;
global $wgOpenStackManagerLDAPUser;
global $wgOpenStackManagerLDAPProjectBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$controller = OpenstackNovaProject::getController();
$newProjectId = $controller->createProject( $projectname );
$wgMemc->delete( wfMemcKey( 'openstackmanager', 'projectlist' )
);
@@ -652,12 +647,12 @@
$ldapproject['member'] = $wgOpenStackManagerLDAPUser;
$projectdn = 'cn=' . $projectname . ',' .
$wgOpenStackManagerLDAPProjectBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $projectdn, $ldapproject );
+ $success = LdapAuthenticationPlugin::ldap_add(
$ldap->ldapconn, $projectdn, $ldapproject );
if ( !$success ) {
- $wgAuth->printDebug( "Creation of ldap project
container failed for $projectname", NONSENSITIVE );
+ $ldap->printDebug( "Creation of ldap project
container failed for $projectname", NONSENSITIVE );
}
- $wgAuth->printDebug( "Added ldap project container
$projectname", NONSENSITIVE );
+ $ldap->printDebug( "Added ldap project container
$projectname", NONSENSITIVE );
$project = new OpenstackNovaProject( $newProjectId,
false );
$projectdn = $project->getProjectDN();
@@ -665,7 +660,7 @@
$sudoerOU['objectclass'][] = 'organizationalunit';
$sudoerOU['ou'] = 'sudooers';
$sudoerOUdn = 'ou=sudoers,' . $projectdn;
- LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn,
$sudoerOUdn, $sudoerOU );
+ LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$sudoerOUdn, $sudoerOU );
# TODO: If sudoerOU creation fails we need to be able
to fail gracefully
// Now that we've created the Project, if we
@@ -680,18 +675,18 @@
if ( OpenStackNovaSudoer::createSudoer( 'default-sudo',
$projectname, array( $projectGroup ),
array(), array( 'ALL' ),
array( '!authenticate' ) ) ) {
- $wgAuth->printDebug( "Successfully created
default sudo policy for $projectname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully created
default sudo policy for $projectname", NONSENSITIVE );
}
// Now, allow all project members to sudo to all other
users.
$projectGroup = "%" .
$project->getProjectGroup()->getProjectGroupName();
if ( OpenStackNovaSudoer::createSudoer(
'default-sudo-as', $projectname, array( $projectGroup ),
array( "$projectGroup" ),
array( 'ALL' ),
array( '!authenticate' ) ) ) {
- $wgAuth->printDebug( "Successfully created
default sudo-as policy for $projectname", NONSENSITIVE );
+ $ldap->printDebug( "Successfully created
default sudo-as policy for $projectname", NONSENSITIVE );
}
OpenStackNovaProject::createServiceGroupOUs(
$projectname );
} else {
- $wgAuth->printDebug( "Failed to add project
$projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add project
$projectname", NONSENSITIVE );
return null;
}
@@ -708,8 +703,9 @@
* @return bool
*/
static function createServiceGroupOUs( $projectname ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectBaseDN;
+
+ $ldap = LdapAuthenticationPlugin::getInstance();
// Create ou for service groups
$groups = array();
@@ -717,9 +713,9 @@
$groups['ou'] = 'groups';
$groupsdn = 'ou=' . $groups['ou'] . ',' . 'cn=' . $projectname
. ',' . $wgOpenStackManagerLDAPProjectBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $groupsdn, $groups );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$groupsdn, $groups );
if ( !$success ) {
- $wgAuth->printDebug( "Failed to create service group ou
for project $projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to create service group ou
for project $projectname", NONSENSITIVE );
return false;
}
@@ -729,9 +725,9 @@
$users['ou'] = 'people';
$usersdn = 'ou=' . $users['ou'] . ',' . 'cn=' . $projectname .
',' . $wgOpenStackManagerLDAPProjectBaseDN;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $usersdn, $users );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$usersdn, $users );
if ( !$success ) {
- $wgAuth->printDebug( "Failed to create service user ou
for project $projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to create service user ou
for project $projectname", NONSENSITIVE );
return false;
}
@@ -745,17 +741,18 @@
* @return bool
*/
function deleteServiceGroupOUs() {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectBaseDN;
+
+ $ldap = LdapAuthenticationPlugin::getInstance();
$groups = array();
$groups['objectclass'][] = 'organizationalunit';
$groups['ou'] = 'groups';
$groupsdn = 'ou=' . $groups['ou'] . ',' . 'cn=' .
$this->projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $groupsdn );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $groupsdn );
if ( !$success ) {
- $wgAuth->printDebug( "Failed to delete service group ou
for project $this->projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete service group ou
for project $this->projectname", NONSENSITIVE );
return false;
}
@@ -764,9 +761,9 @@
$users['ou'] = 'people';
$usersdn = 'ou=' . $users['ou'] . ',' . 'cn=' .
$this->projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $usersdn );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $usersdn );
if ( !$success ) {
- $wgAuth->printDebug( "Failed to delete service user ou
for project $this->projectname", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete service user ou
for project $this->projectname", NONSENSITIVE );
return false;
}
@@ -782,7 +779,7 @@
* @return bool
*/
static function deleteProject( $projectid ) {
- global $wgAuth, $wgMemc;
+ global $wgMemc;
$project = new OpenStackNovaProject( $projectid );
if ( ! $project ) {
@@ -790,6 +787,7 @@
}
$projectname = $project->getName();
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
OpenStackNovaProjectGroup::deleteProjectGroup(
$project->getProjectName() );
@@ -798,16 +796,16 @@
foreach ( $sudoers as $sudoer ) {
$success = OpenStackNovaSudoer::deleteSudoer(
$sudoer->getSudoerName(), $project->getProjectName() );
if ( $success ){
- $wgAuth->printDebug( "Successfully deleted
sudoer " . $sudoer->getSudoerName(), NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted sudoer
" . $sudoer->getSudoerName(), NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to delete sudoer "
. $sudoer->getSudoerName(), NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete sudoer " .
$sudoer->getSudoerName(), NONSENSITIVE );
}
}
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $project->getSudoersDN() );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $project->getSudoersDN() );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted sudoers OU "
. $project->getSudoersDN(), NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted sudoers OU " .
$project->getSudoersDN(), NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to delete sudoers OU " .
$project->getSudoersDN(), NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete sudoers OU " .
$project->getSudoersDN(), NONSENSITIVE );
}
# And, we need to clean up service groups.
$servicegroups = $project->getServiceGroups();
@@ -815,17 +813,17 @@
$groupName = $group->groupName;
$success =
OpenStackNovaServiceGroup::deleteServiceGroup( $groupName, $project );
if ( $success ){
- $wgAuth->printDebug( "Successfully deleted
service group " . $groupName, NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted
service group " . $groupName, NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to delete service
group " . $groupName, NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete service
group " . $groupName, NONSENSITIVE );
}
}
$project->deleteServiceGroupOUs();
$dn = $project->projectDN;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $dn );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $dn );
if ( !$success ) {
- $wgAuth->printDebug( "Failed to delete project LDAP
container $dn", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete project LDAP
container $dn", NONSENSITIVE );
}
$controller = OpenstackNovaProject::getController();
@@ -833,10 +831,10 @@
$wgMemc->delete( wfMemcKey( 'openstackmanager', 'projectlist' )
);
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted project",
NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted project",
NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to delete project",
NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete project",
NONSENSITIVE );
return false;
}
}
@@ -914,12 +912,13 @@
*/
function getServiceGroupHomedirPattern() {
global $wgOpenStackManagerServiceGroupHomedirPattern;
- global $wgOpenStackManagerLDAPProjectBaseDN, $wgAuth;
+ global $wgOpenStackManagerLDAPProjectBaseDN;
$pattern = $wgOpenStackManagerServiceGroupHomedirPattern;
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN,
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN,
'(&(cn=' .
$this->getProjectName() . ')(objectclass=groupofnames))' );
- $projectInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $projectInfo = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( isset( $projectInfo[0]['info'] ) ) {
$infos = $projectInfo[0]['info'];
diff --git a/nova/OpenStackNovaProjectGroup.php
b/nova/OpenStackNovaProjectGroup.php
index 479a79d..70bfa71 100644
--- a/nova/OpenStackNovaProjectGroup.php
+++ b/nova/OpenStackNovaProjectGroup.php
@@ -47,15 +47,15 @@
* @return void
*/
function fetchProjectGroupInfo( $refresh=true ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectGroupBaseDN;
if ( $this->loaded and !$refresh ) {
return;
}
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectGroupBaseDN,
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPProjectGroupBaseDN,
'(&(cn=' .
$this->getProjectGroupName() . ')(objectclass=groupofnames))' );
- $this->projectGroupInfo =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $this->projectGroupInfo =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
if ( !isset( $this->projectGroupInfo[0] ) ) {
$this->loaded = false;
return;
@@ -82,20 +82,20 @@
* @return array
*/
function getMembers() {
- global $wgAuth;
global $wgOpenStackManagerLDAPDomain;
$members = array();
if ( isset( $this->projectGroupInfo[0]['member'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$memberdns = $this->projectGroupInfo[0]['member'];
array_shift( $memberdns );
foreach ( $memberdns as $memberdn ) {
- $searchattr = $wgAuth->getConf(
'SearchAttribute', $wgOpenStackManagerLDAPDomain );
+ $searchattr = $ldap->getConf(
'SearchAttribute', $wgOpenStackManagerLDAPDomain );
if ( $searchattr ) {
// We need to look up the search attr
from the user entry
// this is expensive, but must be done.
// TODO: memcache this
- $userInfo =
$wgAuth->getUserInfoStateless( $memberdn );
+ $userInfo =
$ldap->getUserInfoStateless( $memberdn );
$members[] =
$userInfo[0][$searchattr][0];
} else {
@@ -132,19 +132,18 @@
* @return bool
*/
function deleteMember( $username ) {
- global $wgAuth;
-
if ( isset( $this->projectGroupInfo[0]['member'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$members = $this->projectGroupInfo[0]['member'];
array_shift( $members );
$user = new OpenStackNovaUser( $username );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find userDN for
username $username in OpenStackNovaProjectGroup deleteMember.", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN for
username $username in OpenStackNovaProjectGroup deleteMember.", NONSENSITIVE );
return false;
}
$index = array_search( $user->userDN, $members );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find userDN " .
$user->userDN . " in in ProjectGroup " . $this->projectGroupName . " member
list", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN " .
$user->userDN . " in in ProjectGroup " . $this->projectGroupName . " member
list", NONSENSITIVE );
return false;
}
unset( $members[$index] );
@@ -153,13 +152,13 @@
foreach ( $members as $member ) {
$values['member'][] = $member;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->projectGroupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->projectGroupDN, $values );
if ( $success ) {
$this->fetchProjectGroupInfo( true );
- $wgAuth->printDebug( "Successfully removed
$user->userDN from $this->projectGroupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed
$user->userDN from $this->projectGroupDN", NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to remove
$user->userDN from $this->projectGroupDN: " . ldap_error($wgAuth->ldapconn),
NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove
$user->userDN from $this->projectGroupDN: " . ldap_error($ldap->ldapconn),
NONSENSITIVE );
return false;
}
} else {
@@ -175,17 +174,16 @@
* @return bool
*/
function setMembers( $memberDNs ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$values = array( 'member' => $memberDNs );
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->projectGroupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->projectGroupDN, $values );
if ( $success ) {
// reload the ProjectGroup from LDAP.
$this->fetchProjectGroupInfo( true );
- $wgAuth->printDebug( "Successfully set " . count(
$memberDNs ) . " members to $this->projectGroupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully set " . count(
$memberDNs ) . " members to $this->projectGroupDN", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to set " . count(
$memberDNs ) . " members to $this->projectGroupDN: " . ldap_error(
$wgAuth->ldapconn ) . ". [" . join( ";", $memberDNs ) . "]", NONSENSITIVE );
+ $ldap->printDebug( "Failed to set " . count( $memberDNs
) . " members to $this->projectGroupDN: " . ldap_error( $ldap->ldapconn ) . ".
[" . join( ";", $memberDNs ) . "]", NONSENSITIVE );
}
return $success;
@@ -198,8 +196,7 @@
* @return bool
*/
function addMember( $username ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$members = array();
if ( isset( $this->projectGroupInfo[0]['member'] ) ) {
$members = $this->projectGroupInfo[0]['member'];
@@ -207,19 +204,19 @@
}
$user = new OpenStackNovaUser( $username );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find userDN in
addMember", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN in
addMember", NONSENSITIVE );
return false;
}
$members[] = $user->userDN;
$values = array();
$values['member'] = $members;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->projectGroupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->projectGroupDN, $values );
if ( $success ) {
$this->fetchProjectGroupInfo( true );
- $wgAuth->printDebug( "Successfully added $user->userDN
to $this->projectGroupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $user->userDN to
$this->projectGroupDN", NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to add $user->userDN to
$this->projectGroupDN: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $user->userDN to
$this->projectGroupDN: " . ldap_error($ldap->ldapconn), NONSENSITIVE );
return false;
}
}
@@ -233,18 +230,18 @@
* @return bool
*/
static function createProjectGroup( $projectname ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectGroupBaseDN;
global $wgOpenStackManagerLDAPUsername;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$user = new OpenStackNovaUser( $wgOpenStackManagerLDAPUsername
);
- if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find userDN in
createProjectGroup", NONSENSITIVE );
- return false;
- }
+ if ( ! $user->userDN ) {
+ $ldap->printDebug( "Failed to find userDN in
createProjectGroup", NONSENSITIVE );
+ return false;
+ }
$projectGroupName = self::$prefix . $projectname;
$projectGroup = array();
@@ -252,17 +249,17 @@
$projectGroup['objectclass'][] = 'posixgroup';
$projectGroup['objectclass'][] = 'groupofnames';
$projectGroup['cn'] = $projectGroupName;
- $projectGroup['gidnumber'] =
OpenStackNovaUser::getNextIdNumber( $wgAuth, 'gidnumber' );
+ $projectGroup['gidnumber'] =
OpenStackNovaUser::getNextIdNumber( $ldap, 'gidnumber' );
$projectGroupDN = 'cn=' . $projectGroupName . ',' .
$wgOpenStackManagerLDAPProjectGroupBaseDN;
# TODO: If project group creation fails we need to be able to
fail gracefully
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $projectGroupDN, $projectGroup );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$projectGroupDN, $projectGroup );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added project group
$projectGroupName", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added project group
$projectGroupName", NONSENSITIVE );
}
else {
- $wgAuth->printDebug( "Failed to add project group
$projectGroupName: " . ldap_error( $wgAuth->ldapconn ), NONSENSITIVE );
- return false;
+ $ldap->printDebug( "Failed to add project group
$projectGroupName: " . ldap_error( $ldap->ldapconn ), NONSENSITIVE );
+ return false;
}
return $success;
}
@@ -274,19 +271,19 @@
* @return bool
*/
static function deleteProjectGroup( $projectname ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectGroupBaseDN;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$projectGroupName = self::$prefix . $projectname;
$projectGroupDN = 'cn=' . $projectGroupName . ',' .
$wgOpenStackManagerLDAPProjectGroupBaseDN;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $projectGroupDN );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $projectGroupDN );
if ( $success ){
- $wgAuth->printDebug( "Successfully deleted project
group $projectGroupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted project group
$projectGroupDN", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to delete project group
$projectGroupDN: " . ldap_error( $wgAuth->ldapconn ), NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete project group
$projectGroupDN: " . ldap_error( $ldap->ldapconn ), NONSENSITIVE );
}
return $success;
}
diff --git a/nova/OpenStackNovaPublicHost.php b/nova/OpenStackNovaPublicHost.php
index beb74cd..4345981 100644
--- a/nova/OpenStackNovaPublicHost.php
+++ b/nova/OpenStackNovaPublicHost.php
@@ -18,8 +18,6 @@
* @param $ip
*/
function __construct( $ip ) {
- global $wgAuth;
-
$this->domainCache = null;
$this->ip = $ip;
OpenStackNovaLdapConnection::connect();
@@ -32,12 +30,12 @@
* @return void
*/
function fetchHostInfo() {
- global $wgAuth;
global $wgOpenStackManagerLDAPInstanceBaseDN;
- $this->ip = $wgAuth->getLdapEscapedString( $this->ip );
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip .
')' );
- $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $this->ip = $ldap->getLdapEscapedString( $this->ip );
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip .
')' );
+ $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $this->hostInfo["count"] == "0" ) {
$this->hostInfo = null;
} else {
@@ -51,12 +49,11 @@
* @return OpenStackNovaDomain
*/
function getDomain() {
- global $wgAuth;
-
if ( ! $this->domainCache ) {
$this->domainCache =
OpenStackNovaDomain::getDomainByHostIP( $this->ip );
if (! $this->domainCache ) {
- $wgAuth->printDebug( "Looked up domain for ip
$this->ip but domainCache is still empty.", NONSENSITIVE );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "Looked up domain for ip
$this->ip but domainCache is still empty.", NONSENSITIVE );
}
}
return $this->domainCache;
diff --git a/nova/OpenStackNovaRole.php b/nova/OpenStackNovaRole.php
index 292727b..e8c2495 100644
--- a/nova/OpenStackNovaRole.php
+++ b/nova/OpenStackNovaRole.php
@@ -91,8 +91,7 @@
* @return bool
*/
function deleteMember( $username ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$user = new OpenStackNovaUser( $username );
$userid = $user->getUid();
$controller = OpenstackNovaProject::getController();
@@ -101,10 +100,10 @@
$userid ) ) {
$user = new OpenStackNovaUser( $userid );
$this->deleteMemcKeys( $user );
- $wgAuth->printDebug( "Successfully removed $userid from
role $this->rolename", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed $userid from
role $this->rolename", NONSENSITIVE );
return true;
} else {
- $wgAuth->printDebug( "Failed to remove $userid from
role $this->rolename", NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove $userid from role
$this->rolename", NONSENSITIVE );
return false;
}
}
@@ -114,20 +113,19 @@
* @return bool
*/
function addMember( $username ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$user = new OpenStackNovaUser( $username );
$userid = $user->getUid();
- $controller = OpenstackNovaProject::getController();
+ $controller = OpenstackNovaProject::getController();
if ( $controller->grantRoleForProjectAndUser( $this->roleid,
$this->project->getId(),
$userid ) ) {
- $wgAuth->printDebug( "Successfully added $userid to
$this->rolename", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $userid to
$this->rolename", NONSENSITIVE );
$user = new OpenStackNovaUser( $userid );
$this->deleteMemcKeys( $user );
return true;
} else {
- $wgAuth->printDebug( "Failed to add $userid to role
$this->rolename", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $userid to role
$this->rolename", NONSENSITIVE );
return false;
}
}
diff --git a/nova/OpenStackNovaServiceGroup.php
b/nova/OpenStackNovaServiceGroup.php
index fdecd92..d1d18dc 100644
--- a/nova/OpenStackNovaServiceGroup.php
+++ b/nova/OpenStackNovaServiceGroup.php
@@ -29,7 +29,6 @@
* @return void
*/
function fetchGroupInfo( $refreshCache = true ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPServiceGroupBaseDN;
global $wgMemc;
@@ -48,8 +47,9 @@
if ( is_array( $groupInfo ) ) {
$this->groupInfo = $groupInfo;
} else {
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $dn, $query );
- $this->groupInfo =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $dn, $query );
+ $this->groupInfo =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
$wgMemc->set( $key, $this->groupInfo, 3600 * 24 );
}
@@ -79,7 +79,6 @@
* @return array
*/
function getUidMembers() {
- global $wgAuth;
global $wgOpenStackManagerLDAPDomain;
$members = array();
@@ -97,7 +96,8 @@
if ( $attr === 'uid' ) {
$members[] = $member;
} else {
- $userInfo =
$wgAuth->getUserInfoStateless( $memberdn );
+ $ldap =
LdapAuthenticationPlugin::getInstance();
+ $userInfo =
$ldap->getUserInfoStateless( $memberdn );
$members[] = $userInfo[0]['uid'][0];
}
}
@@ -109,17 +109,17 @@
* @return array
*/
function getMembers() {
- global $wgAuth;
global $wgOpenStackManagerLDAPDomain;
$members = array();
if ( isset( $this->groupInfo[0]['member'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$memberdns = $this->groupInfo[0]['member'];
array_shift( $memberdns );
foreach ( $memberdns as $memberdn ) {
- $searchattr = $wgAuth->getConf(
'SearchAttribute', $wgOpenStackManagerLDAPDomain );
+ $searchattr = $ldap->getConf(
'SearchAttribute', $wgOpenStackManagerLDAPDomain );
if ( $searchattr ) {
- $userInfo =
$wgAuth->getUserInfoStateless( $memberdn );
+ $userInfo =
$ldap->getUserInfoStateless( $memberdn );
$members[] =
$userInfo[0][$searchattr][0];
} else {
$member = explode( '=', $memberdn );
@@ -145,21 +145,20 @@
* @return bool
*/
function deleteMember( $username ) {
- global $wgAuth;
-
if ( isset( $this->groupInfo[0]['member'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$members = $this->groupInfo[0]['member'];
array_shift( $members );
$user = new OpenStackNovaUser( $username );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find $username
in deleteMember", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find $username in
deleteMember", NONSENSITIVE );
return false;
}
$index = array_search( $user->userDN, $members );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find userDN in
member list", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN in
member list", NONSENSITIVE );
return false;
}
unset( $members[$index] );
@@ -168,12 +167,12 @@
foreach ( $members as $member ) {
$values['member'][] = $member;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->groupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->groupDN, $values );
if ( $success ) {
$this->fetchGroupInfo();
- $wgAuth->printDebug( "Successfully removed
$user->userDN from $this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully removed
$user->userDN from $this->groupDN", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to remove
$user->userDN from $this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to remove
$user->userDN from $this->groupDN", NONSENSITIVE );
return false;
}
} else {
@@ -187,14 +186,13 @@
* @return bool
*/
function setMembers( $usernames, $serviceUsernames=array() ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$members = array();
foreach ( $usernames as $username ) {
$userDN = "";
$user = new OpenStackNovaUser( $username );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find userDN in
setMembers", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN in
setMembers", NONSENSITIVE );
return false;
}
$userDN = $user->userDN;
@@ -207,12 +205,12 @@
}
$values = array();
$values['member'] = $members;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->groupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->groupDN, $values );
if ( $success ) {
$this->fetchGroupInfo();
- $wgAuth->printDebug( "Successfully set members for
$this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully set members for
$this->groupDN", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to set members for
$this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to set members for
$this->groupDN", NONSENSITIVE );
return false;
}
return true;
@@ -223,8 +221,7 @@
* @return bool
*/
function addMember( $username ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
$members = array();
if ( isset( $this->groupInfo[0]['member'] ) ) {
$members = $this->groupInfo[0]['member'];
@@ -234,7 +231,7 @@
$userDN = "";
$user = new OpenStackNovaUser( $username );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Failed to find userDN in
addMember", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN in
addMember", NONSENSITIVE );
return false;
}
$userDN = $user->userDN;
@@ -242,12 +239,12 @@
$members[] = $userDN;
$values = array();
$values['member'] = $members;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->groupDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->groupDN, $values );
if ( $success ) {
$this->fetchGroupInfo();
- $wgAuth->printDebug( "Successfully added $userDN to
$this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added $userDN to
$this->groupDN", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to add $userDN to
$this->groupDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add $userDN to
$this->groupDN", NONSENSITIVE );
return false;
}
return true;
@@ -276,12 +273,12 @@
* @return null|OpenStackNovaServiceGroup
*/
static function createServiceGroup( $inGroupName, $project,
$initialUser ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPUser;
global $wgOpenStackManagerLDAPDefaultShell;
global $wgOpenStackManagerLDAPServiceGroupBaseDN;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$projectPrefix = $project->getProjectName() . '.';
@@ -299,7 +296,7 @@
if ( $initialUser ) {
$user = new OpenStackNovaUser( $initialUser );
if ( ! $user->userDN ) {
- $wgAuth->printDebug( "Unable to find initial
user $initialUser for new group $groupName", NONSENSITIVE );
+ $ldap->printDebug( "Unable to find initial user
$initialUser for new group $groupName", NONSENSITIVE );
return null;
}
$initialUserDN = $user->userDN;
@@ -313,17 +310,17 @@
$group['objectclass'][] = 'groupofnames';
$group['cn'] = $groupName;
$groupdn = 'cn=' . $groupName . ',' .
$wgOpenStackManagerLDAPServiceGroupBaseDN;
- $group['gidnumber'] = OpenStackNovaUser::getNextIdNumber(
$wgAuth, 'gidnumber' );
+ $group['gidnumber'] = OpenStackNovaUser::getNextIdNumber(
$ldap, 'gidnumber' );
$group['member'] = array();
if ( $initialUser ) {
$group['member'][] = $initialUserDN;
}
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $groupdn, $group );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$groupdn, $group );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added service group
$groupdn", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added service group
$groupdn", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to add service group
$groupdn", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add service group
$groupdn", NONSENSITIVE );
return null;
}
@@ -347,12 +344,12 @@
$user['uid'] = $groupName;
$user['sn'] = $groupName;
$user['cn'] = $groupName;
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $userdn, $user );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$userdn, $user );
if ( $success ) {
- $wgAuth->printDebug( "Successfully created service user
$userdn", NONSENSITIVE );
+ $ldap->printDebug( "Successfully created service user
$userdn", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to create service user
$userdn", NONSENSITIVE );
+ $ldap->printDebug( "Failed to create service user
$userdn", NONSENSITIVE );
return null;
}
@@ -363,10 +360,10 @@
array(),
array( '/bin/chown -R ' . $groupName . '\:' .
$groupName . ' ' . $homeDir ),
array( '!authenticate' ) ) ) {
- $wgAuth->printDebug( "Successfully created chmod sudo
policy for $groupName",
+ $ldap->printDebug( "Successfully created chmod sudo
policy for $groupName",
NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to creat chmod sudo
policy for $groupName",
+ $ldap->printDebug( "Failed to creat chmod sudo policy
for $groupName",
NONSENSITIVE );
}
@@ -377,10 +374,10 @@
array( $groupName ),
array( 'ALL' ),
array( '!authenticate' ) ) ) {
- $wgAuth->printDebug( "Successfully created run-as sudo
policy for $groupName",
+ $ldap->printDebug( "Successfully created run-as sudo
policy for $groupName",
NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to creat run-as sudo
policy for $groupName",
+ $ldap->printDebug( "Failed to creat run-as sudo policy
for $groupName",
NONSENSITIVE );
}
@@ -394,32 +391,32 @@
* @return bool
*/
static function deleteServiceGroup( $groupName, $project ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$group = self::getServiceGroupByName( $groupName, $project );
if ( !$group ) {
- $wgAuth->printDebug( "We are trying to delete a
nonexistent service group, $groupName", NONSENSITIVE );
+ $ldap->printDebug( "We are trying to delete a
nonexistent service group, $groupName", NONSENSITIVE );
return false;
}
# Delete our special member.
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $group->getSpecialUserDN() );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $group->getSpecialUserDN() );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted service user
$groupName", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted service user
$groupName", NONSENSITIVE );
} else {
- $wgAuth->printDebug( "Failed to delete service user
$groupName", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete service user
$groupName", NONSENSITIVE );
return false;
}
# Now delete the group.
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $group->groupDN );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $group->groupDN );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted service
group $groupName", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted service group
$groupName", NONSENSITIVE );
$key = wfMemcKey( 'openstackmanager', 'servicegroup',
$groupName );
$wgMemc->delete( $key );
} else {
- $wgAuth->printDebug( "Failed to delete service group
$groupName", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete service group
$groupName", NONSENSITIVE );
return false;
}
diff --git a/nova/OpenStackNovaSudoer.php b/nova/OpenStackNovaSudoer.php
index a5688c6..4d339c1 100644
--- a/nova/OpenStackNovaSudoer.php
+++ b/nova/OpenStackNovaSudoer.php
@@ -31,7 +31,6 @@
* @return void
*/
function fetchSudoerInfo() {
- global $wgAuth;
global $wgMemc;
$key = wfMemcKey( 'openstackmanager', 'sudoerinfo',
$this->project->getProjectName() . $this->sudoername );
@@ -41,9 +40,10 @@
if ( is_array( $sudoerInfo ) ) {
$this->sudoerInfo = $sudoerInfo;
} else {
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $this->project->getSudoersDN(),
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $this->project->getSudoersDN(),
'(cn='
. $this->sudoername . ')' );
- $this->sudoerInfo =
LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
+ $this->sudoerInfo =
LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result );
$wgMemc->set( $key, $this->sudoerInfo, 3600 * 24 );
}
if ( $this->sudoerInfo ) {
@@ -129,9 +129,9 @@
* @return boolean
*/
function modifySudoer( $users, $runasuser, $commands, $options ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$sudoer = array();
$sudoer['sudouser'] = array();
foreach ( $users as $user ) {
@@ -150,28 +150,28 @@
$sudoer['sudooption'][] = $option;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->sudoerDN, $sudoer );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->sudoerDN, $sudoer );
if ( $success ) {
- $wgAuth->printDebug( "Successfully modified sudoer
$this->sudoerDN", NONSENSITIVE );
+ $ldap->printDebug( "Successfully modified sudoer
$this->sudoerDN", NONSENSITIVE );
$key = wfMemcKey( 'openstackmanager', 'sudoerinfo',
$this->project->getProjectName() . $this->sudoername );
$wgMemc->delete( $key );
return true;
} else {
- $wgAuth->printDebug( "Failed to modify sudoer
$this->sudoerDN", NONSENSITIVE );
+ $ldap->printDebug( "Failed to modify sudoer
$this->sudoerDN", NONSENSITIVE );
return false;
}
}
function deleteUser( $username ) {
- global $wgAuth;
global $wgMemc;
if ( isset( $this->sudoerInfo[0]['sudouser'] ) ) {
+ $ldap = LdapAuthenticationPlugin::getInstance();
$sudousers = $this->sudoerInfo[0]['sudouser'];
array_shift( $sudousers );
$index = array_search( $username, $sudousers );
if ( $index === false ) {
- $wgAuth->printDebug( "Failed to find userDN in
sudouser list", NONSENSITIVE );
+ $ldap->printDebug( "Failed to find userDN in
sudouser list", NONSENSITIVE );
return false;
}
unset( $sudousers[$index] );
@@ -180,7 +180,7 @@
foreach ( $sudousers as $sudouser ) {
$values['sudouser'][] = $sudouser;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->sudoerDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->sudoerDN, $values );
if ( $success ) {
$key = wfMemcKey( 'openstackmanager',
'sudoerinfo', $this->project->getProjectName() . $this->sudoername );
$wgMemc->delete( $key );
@@ -197,15 +197,14 @@
* @return array of OpenStackNovaSudoer
*/
static function getAllSudoersByProject( $projectName ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$sudoers = array();
$project = OpenStackNovaProject::getProjectByName( $projectName
);
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $project->getSudoersDN(), '(&(cn=*)(objectclass=sudorole))'
);
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $project->getSudoersDN(), '(&(cn=*)(objectclass=sudorole))' );
if ( $result ) {
- $entries = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $entries = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( $entries ) {
# First entry is always a count
array_shift( $entries );
@@ -250,8 +249,7 @@
* @return null|OpenStackNovaSudoer
*/
static function createSudoer( $sudoername, $projectName, $users,
$runasuser, $commands, $options ) {
- global $wgAuth;
-
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$sudoer = array();
@@ -273,12 +271,12 @@
$project = OpenStackNovaProject::getProjectByName( $projectName
);
$dn = 'cn=' . $sudoername . ',' . $project->getSudoersDN();
- $success = LdapAuthenticationPlugin::ldap_add(
$wgAuth->ldapconn, $dn, $sudoer );
+ $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn,
$dn, $sudoer );
if ( $success ) {
- $wgAuth->printDebug( "Successfully added sudoer
$sudoername", NONSENSITIVE );
+ $ldap->printDebug( "Successfully added sudoer
$sudoername", NONSENSITIVE );
return new OpenStackNovaSudoer( $sudoername, $project );
} else {
- $wgAuth->printDebug( "Failed to add sudoer
$sudoername", NONSENSITIVE );
+ $ldap->printDebug( "Failed to add sudoer $sudoername",
NONSENSITIVE );
return null;
}
}
@@ -292,27 +290,27 @@
* @return bool
*/
static function deleteSudoer( $sudoername, $projectName ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
OpenStackNovaLdapConnection::connect();
$project = OpenStackNovaProject::getProjectByName( $projectName
);
$sudoer = new OpenStackNovaSudoer( $sudoername, $project );
if ( ! $sudoer ) {
- $wgAuth->printDebug( "Sudoer $sudoername does not
exist", NONSENSITIVE );
+ $ldap->printDebug( "Sudoer $sudoername does not exist",
NONSENSITIVE );
return false;
}
$dn = $sudoer->sudoerDN;
- $success = LdapAuthenticationPlugin::ldap_delete(
$wgAuth->ldapconn, $dn );
+ $success = LdapAuthenticationPlugin::ldap_delete(
$ldap->ldapconn, $dn );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted sudoer
$sudoername", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted sudoer
$sudoername", NONSENSITIVE );
$key = wfMemcKey( 'openstackmanager', 'sudoerinfo',
$projectName . $sudoername );
$wgMemc->delete( $key );
return true;
} else {
- $wgAuth->printDebug( "Failed to delete sudoer
$sudoername", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete sudoer
$sudoername", NONSENSITIVE );
return false;
}
}
diff --git a/nova/OpenStackNovaUser.php b/nova/OpenStackNovaUser.php
index a791e89..1122f18 100644
--- a/nova/OpenStackNovaUser.php
+++ b/nova/OpenStackNovaUser.php
@@ -26,25 +26,26 @@
* @return void
*/
function fetchUserInfo() {
- global $wgAuth, $wgUser;
+ global $wgUser;
+ $ldap = LdapAuthenticationPlugin::getInstance();
if ( $this->username ) {
- $this->userDN = $wgAuth->getUserDN( strtolower(
$this->username ) );
- $wgAuth->printDebug( "Fetching userdn using username:
$this->userDN ", NONSENSITIVE );
+ $this->userDN = $ldap->getUserDN( strtolower(
$this->username ) );
+ $ldap->printDebug( "Fetching userdn using username:
$this->userDN ", NONSENSITIVE );
if ( ! $this->userDN ) {
- $this->userDN = $wgAuth->getUserDN( strtolower(
$this->username ), false, "uid" );
- $wgAuth->printDebug( "Fetching userdn using
shell name: $this->userDN ", NONSENSITIVE );
+ $this->userDN = $ldap->getUserDN( strtolower(
$this->username ), false, "uid" );
+ $ldap->printDebug( "Fetching userdn using shell
name: $this->userDN ", NONSENSITIVE );
# We want the actual username, not the id that
was passed in.
- $this->userInfo = $wgAuth->userInfo;
+ $this->userInfo = $ldap->userInfo;
$this->username = $this->userInfo[0]['cn'][0];
}
} else {
- $this->userDN = $wgAuth->getUserDN( strtolower(
$wgUser->getName() ) );
+ $this->userDN = $ldap->getUserDN( strtolower(
$wgUser->getName() ) );
$this->username = $wgUser->getName();
- $wgAuth->printDebug( "Fetching userdn using wiki name:
" . $wgUser->getName(), NONSENSITIVE );
+ $ldap->printDebug( "Fetching userdn using wiki name: "
. $wgUser->getName(), NONSENSITIVE );
}
- $this->userInfo = $wgAuth->userInfo;
+ $this->userInfo = $ldap->userInfo;
}
/**
@@ -133,8 +134,6 @@
* @return array
*/
function getKeypairs() {
- global $wgAuth;
-
$this->fetchUserInfo();
if ( isset( $this->userInfo[0]['sshpublickey'] ) ) {
$keys = $this->userInfo[0]['sshpublickey'];
@@ -146,7 +145,8 @@
}
return $keypairs;
} else {
- $wgAuth->printDebug( "No keypairs found", NONSENSITIVE
);
+ $ldap = LdapAuthenticationPlugin::getInstance();
+ $ldap->printDebug( "No keypairs found", NONSENSITIVE );
return array();
}
}
@@ -174,7 +174,7 @@
* @return array of rolenames
*/
function getRoles() {
- global $wgAuth, $wgMemc;
+ global $wgMemc;
global $wgOpenStackManagerLDAPProjectBaseDN;
$key = wfMemcKey( 'openstackmanager', 'roles', $this->username
);
@@ -206,7 +206,6 @@
* @return bool
*/
function inProject( $project ) {
- global $wgAuth;
global $wgOpenStackManagerLDAPProjectBaseDN;
global $wgMemc;
@@ -229,7 +228,6 @@
* @return bool
*/
function inRole( $role, $projectname ) {
- global $wgAuth;
global $wgMemc;
if ( !$projectname ) {
@@ -265,9 +263,9 @@
* @return bool
*/
function importKeypair( $key ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$keypairs = array();
if ( isset( $this->userInfo[0]['sshpublickey'] ) ) {
$keypairs = $this->userInfo[0]['sshpublickey'];
@@ -276,16 +274,16 @@
$keypairs[] = $key;
$values = array();
$values['sshpublickey'] = $keypairs;
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->userDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->userDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully imported the user's
sshpublickey", NONSENSITIVE );
+ $ldap->printDebug( "Successfully imported the user's
sshpublickey", NONSENSITIVE );
$key = wfMemcKey( 'ldapauthentication', "userinfo",
$this->userDN );
- $wgAuth->printDebug( "Deleting memcache key: $key.",
NONSENSITIVE );
+ $ldap->printDebug( "Deleting memcache key: $key.",
NONSENSITIVE );
$wgMemc->delete( $key );
$this->fetchUserInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to import the user's
sshpublickey", NONSENSITIVE );
+ $ldap->printDebug( "Failed to import the user's
sshpublickey", NONSENSITIVE );
return false;
}
}
@@ -295,15 +293,15 @@
* @return bool
*/
function deleteKeypair( $key ) {
- global $wgAuth;
global $wgMemc;
+ $ldap = LdapAuthenticationPlugin::getInstance();
if ( isset( $this->userInfo[0]['sshpublickey'] ) ) {
$keypairs = $this->userInfo[0]['sshpublickey'];
array_shift( $keypairs );
$index = array_search( $key, $keypairs );
if ( $index === false ) {
- $wgAuth->printDebug( "Unable to find the
sshpublickey to be deleted", NONSENSITIVE );
+ $ldap->printDebug( "Unable to find the
sshpublickey to be deleted", NONSENSITIVE );
return false;
}
unset( $keypairs[$index] );
@@ -312,20 +310,20 @@
foreach ( $keypairs as $keypair ) {
$values['sshpublickey'][] = $keypair;
}
- $success = LdapAuthenticationPlugin::ldap_modify(
$wgAuth->ldapconn, $this->userDN, $values );
+ $success = LdapAuthenticationPlugin::ldap_modify(
$ldap->ldapconn, $this->userDN, $values );
if ( $success ) {
- $wgAuth->printDebug( "Successfully deleted the
user's sshpublickey", NONSENSITIVE );
+ $ldap->printDebug( "Successfully deleted the
user's sshpublickey", NONSENSITIVE );
$key = wfMemcKey( 'ldapauthentication',
"userinfo", $this->userDN );
- $wgAuth->printDebug( "Deleting memcache key:
$key.", NONSENSITIVE );
+ $ldap->printDebug( "Deleting memcache key:
$key.", NONSENSITIVE );
$wgMemc->delete( $key );
$this->fetchUserInfo();
return true;
} else {
- $wgAuth->printDebug( "Failed to delete the
user's sshpublickey", NONSENSITIVE );
+ $ldap->printDebug( "Failed to delete the user's
sshpublickey", NONSENSITIVE );
return false;
}
} else {
- $wgAuth->printDebug( "User does not have a sshpublickey
attribute", NONSENSITIVE );
+ $ldap->printDebug( "User does not have a sshpublickey
attribute", NONSENSITIVE );
return false;
}
}
@@ -501,22 +499,22 @@
static function AbortNewAccount( $user, &$message ) {
global $wgRequest;
- global $wgAuth;
global $wgUser;
+ $ldap = LdapAuthenticationPlugin::getInstance();
$shellaccountname = $wgRequest->getText( 'shellaccountname' );
if ( ! preg_match( "/^[a-z][a-z0-9\-_]*$/", $shellaccountname )
) {
- $wgAuth->printDebug( "Invalid shell name
$shellaccountname", NONSENSITIVE );
+ $ldap->printDebug( "Invalid shell name
$shellaccountname", NONSENSITIVE );
$message = wfMessage(
'openstackmanager-shellaccountvalidationfail' )->parse();
return false;
}
- $base = USERDN;
- $result = LdapAuthenticationPlugin::ldap_search(
$wgAuth->ldapconn, $base, "(uid=$shellaccountname)" );
+ $base = USERDN;
+ $result = LdapAuthenticationPlugin::ldap_search(
$ldap->ldapconn, $base, "(uid=$shellaccountname)" );
if ( $result ) {
- $entries = LdapAuthenticationPlugin::ldap_get_entries(
$wgAuth->ldapconn, $result );
+ $entries = LdapAuthenticationPlugin::ldap_get_entries(
$ldap->ldapconn, $result );
if ( (int)$entries['count'] > 0 ) {
- $wgAuth->printDebug( "User $shellaccountname
already exists.", NONSENSITIVE );
+ $ldap->printDebug( "User $shellaccountname
already exists.", NONSENSITIVE );
$message = wfMessage(
'openstackmanager-shellaccountexists' )->parse();
return false;
}
diff --git a/special/SpecialNovaInstance.php b/special/SpecialNovaInstance.php
index b638c05..626b767 100644
--- a/special/SpecialNovaInstance.php
+++ b/special/SpecialNovaInstance.php
@@ -641,7 +641,6 @@
*/
function tryCreateSubmit( $formData, $entryPoint = 'internal' ) {
global $wgUser;
- global $wgAuth;
$domain = OpenStackNovaDomain::getDomainByName(
$formData['region'] );
$project = $formData['project'];
--
To view, visit https://gerrit.wikimedia.org/r/296514
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7f5115c0fe68c05d26514b089db4e61cc2d440a7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: REL1_27
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
