Gergő Tisza has uploaded a new change for review. https://gerrit.wikimedia.org/r/296514
Change subject: Adjust to changes to LdapAuthentication in preparation for AuthManager ...................................................................... Adjust to changes to LdapAuthentication in preparation for AuthManager We can no longer rely on $wgAuth being LdapAuthentication; instead, call LdapAuthenticationPlugin::getInstance(). Change-Id: I7f5115c0fe68c05d26514b089db4e61cc2d440a7 Depends-On: Ia7d05f93783571ca9f1b79481303b3d2c95a5c88 (cherry picked from commit ca5602fbc403eea8aa8b286f0e1f021221acfc2a) --- M OpenStackManager.php M maintenance/purgeOldServiceGroups.php M maintenance/qualifyInstancePages.php M maintenance/updateInstancePages.php M maintenance/updatedomains.php M nova/OpenStackNovaController.php M nova/OpenStackNovaDomain.php M nova/OpenStackNovaHost.php M nova/OpenStackNovaLdapConnection.php M nova/OpenStackNovaPrivateHost.php M nova/OpenStackNovaProject.php M nova/OpenStackNovaProjectGroup.php M nova/OpenStackNovaPublicHost.php M nova/OpenStackNovaRole.php M nova/OpenStackNovaServiceGroup.php M nova/OpenStackNovaSudoer.php M nova/OpenStackNovaUser.php M special/SpecialNovaInstance.php 18 files changed, 310 insertions(+), 351 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager refs/changes/14/296514/1 diff --git a/OpenStackManager.php b/OpenStackManager.php index e22a194..60ff338 100644 --- a/OpenStackManager.php +++ b/OpenStackManager.php @@ -58,18 +58,6 @@ $wgHooks['UserRemoveGroup'][] = 'OpenStackNovaUser::removeUserFromBastionProject'; $wgHooks['getUserPermissionsErrors'][] = 'OpenStackManagerHooks::getUserPermissionsErrors'; -# Block runs on Wikimedia Jenkins CI system -if ( isset( $wgWikimediaJenkinsCI ) && $wgWikimediaJenkinsCI ) { - - # Please MediaWiki ApiDocumentationTest which invokes our API calls which - # require $wgAuth to be an instance of the LdapAuthenticationPlugin. - # T124613 - $wgExtensionFunctions[] = function () { - global $wgAuth; - $wgAuth = new LdapAuthenticationPlugin(); - }; -} - // Keystone identity URI $wgOpenStackManagerNovaIdentityURI = 'http://localhost:5000/v2.0'; $wgOpenStackManagerNovaIdentityV3URI = 'http://localhost:5000/v3'; diff --git a/maintenance/purgeOldServiceGroups.php b/maintenance/purgeOldServiceGroups.php index 65c7423..8423afe 100644 --- a/maintenance/purgeOldServiceGroups.php +++ b/maintenance/purgeOldServiceGroups.php @@ -14,8 +14,8 @@ public function execute() { global $wgOpenStackManagerLDAPUsername; - global $wgAuth; + $ldap = LdapAuthenticationPlugin::getInstance(); $user = new OpenStackNovaUser( $wgOpenStackManagerLDAPUsername ); $projects = OpenStackNovaProject::getAllProjects(); @@ -37,20 +37,20 @@ $oldServiceGroupOUDN = 'ou=groups,' . $project->getProjectDN(); $oldServiceUserOUDN = 'ou=people,' . $project->getProjectDN(); - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $oldServiceGroupOUDN, '(objectclass=groupofnames)' ); if ( $result ) { $this->serviceGroups = array(); - $groupList = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $groupList = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( isset( $groupList ) ) { array_shift( $groupList ); foreach ( $groupList as $groupEntry ) { $deleteme = "cn=" . $groupEntry['cn'][0] . "," . $oldServiceGroupOUDN; print "needs deleting: " . $deleteme . "..."; $attempt_count++; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme ); if ( $success ) { $synced_count++; print( "done.\n"); @@ -62,20 +62,20 @@ } } - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $oldServiceUserOUDN, '(objectclass=person)' ); if ( $result ) { $this->serviceGroups = array(); - $groupList = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $groupList = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( isset( $groupList ) ) { array_shift( $groupList ); foreach ( $groupList as $groupEntry ) { $deleteme = "uid=" . $groupEntry['cn'][0] . "," . $oldServiceUserOUDN; print "user needs deleting: " . $deleteme . "..."; $attempt_count++; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme ); if ( $success ) { $synced_count++; print( "done.\n"); @@ -90,7 +90,7 @@ $deleteme = $oldServiceGroupOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme ); if ( $success ) { $synced_count++; print( "done.\n"); @@ -102,7 +102,7 @@ $deleteme = $oldServiceUserOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $deleteme ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $deleteme ); if ( $success ) { $synced_count++; print( "done.\n"); diff --git a/maintenance/qualifyInstancePages.php b/maintenance/qualifyInstancePages.php index 923cf1e..3c5b819 100644 --- a/maintenance/qualifyInstancePages.php +++ b/maintenance/qualifyInstancePages.php @@ -13,7 +13,6 @@ } public function execute() { - global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; @@ -35,7 +34,8 @@ $userNova->setRegion( $region ); $instances = $userNova->getInstances(); if ( ! $instances ) { - $wgAuth->printDebug( "No instance, continuing", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "No instance, continuing", NONSENSITIVE ); continue; } foreach ( $instances as $instance ) { diff --git a/maintenance/updateInstancePages.php b/maintenance/updateInstancePages.php index 7ff65b8..f4151d2 100644 --- a/maintenance/updateInstancePages.php +++ b/maintenance/updateInstancePages.php @@ -13,7 +13,6 @@ } public function execute() { - global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; @@ -35,7 +34,8 @@ $userNova->setRegion( $region ); $instances = $userNova->getInstances(); if ( ! $instances ) { - $wgAuth->printDebug( "No instance, continuing", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "No instance, continuing", NONSENSITIVE ); continue; } foreach ( $instances as $instance ) { diff --git a/maintenance/updatedomains.php b/maintenance/updatedomains.php index 8862ea7..72c19fc 100644 --- a/maintenance/updatedomains.php +++ b/maintenance/updatedomains.php @@ -41,7 +41,6 @@ } public function execute() { - global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; diff --git a/nova/OpenStackNovaController.php b/nova/OpenStackNovaController.php index 722c5ee..38a0c77 100644 --- a/nova/OpenStackNovaController.php +++ b/nova/OpenStackNovaController.php @@ -181,8 +181,7 @@ * @return array */ function getProxiesForProject() { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $proxyarr = array(); $ret = $this->restCall( 'proxy', '/mapping', 'GET' ); $proxies = self::_get_property( $ret['body'], 'routes' ); @@ -194,14 +193,14 @@ $backends = self::_get_property( $proxy, 'backends' ); if ( (count( $backends ) ) > 1 ) { - $wgAuth->printDebug( "Warning! proxy $domain has multiple backends but we only support one backend per proxy.", NONSENSITIVE ); + $ldap->printDebug( "Warning! proxy $domain has multiple backends but we only support one backend per proxy.", NONSENSITIVE ); } $backend = $backends[0]; $backendarray = explode( ':', $backends[0] ); if ( strpos( $backend, "http" ) === 0 ) { if ( ( count( $backendarray ) < 2 ) or ( count( $backendarray ) > 3 ) ) { - $wgAuth->printDebug( "Unable to parse backend $backend, discarding.", NONSENSITIVE ); + $ldap->printDebug( "Unable to parse backend $backend, discarding.", NONSENSITIVE ); } elseif ( count( $backendarray ) == 2 ) { $backendHost = $backend; $backendPort = null; @@ -211,7 +210,7 @@ } } else { if ( ( count( $backendarray ) < 1 ) or ( count( $backendarray ) > 2 ) ) { - $wgAuth->printDebug( "Unable to parse backend $backend, discarding.", NONSENSITIVE ); + $ldap->printDebug( "Unable to parse backend $backend, discarding.", NONSENSITIVE ); } elseif ( count( $backendarray ) == 1 ) { $backendHost = $backend; $backendPort = null; @@ -238,7 +237,7 @@ */ function _getAdminToken() { global $wgOpenStackManagerLDAPUsername, $wgOpenStackManagerLDAPUserPassword; - global $wgOpenStackManagerProjectId, $wgAuth; + global $wgOpenStackManagerProjectId; global $wgMemc; if ( $this->admintoken ) { @@ -264,7 +263,8 @@ ); $ret = $this->restCall( 'identity', '/tokens', 'POST', $data, $headers ); if ( $ret['code'] !== 200 ) { - $wgAuth->printDebug( "OpenStackNovaController::_getAdminToken return code: " . $ret['code'], NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "OpenStackNovaController::_getAdminToken return code: " . $ret['code'], NONSENSITIVE ); return ""; } @@ -962,10 +962,10 @@ } function authenticate( $username, $password ) { - global $wgAuth; global $wgMemc; - $wgAuth->printDebug( "Entering OpenStackNovaController::authenticate", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "Entering OpenStackNovaController::authenticate", NONSENSITIVE ); $headers = array( 'Accept: application/json', 'Content-Type: application/json', @@ -973,7 +973,7 @@ $data = array( 'auth' => array( 'passwordCredentials' => array( 'username' => $username, 'password' => $password ) ) ); $ret = $this->restCall( 'identity', '/tokens', 'POST', $data, $headers ); if ( $ret['code'] !== 200 ) { - $wgAuth->printDebug( "OpenStackNovaController::authenticate return code: " . $ret['code'], NONSENSITIVE ); + $ldap->printDebug( "OpenStackNovaController::authenticate return code: " . $ret['code'], NONSENSITIVE ); return ''; } $user = $ret['body']; @@ -1077,11 +1077,11 @@ } function restCall( $service, $path, $method, $data = array(), $authHeaders='', $retrying=false ) { - global $wgAuth; global $wgOpenStackManagerNovaIdentityURI; global $wgOpenStackManagerNovaIdentityV3URI; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); if ( $authHeaders ) { $headers = $authHeaders; } else { @@ -1104,7 +1104,7 @@ } } $fullurl = $endpointURL . $path; - $wgAuth->printDebug( "OpenStackNovaController::restCall fullurl: " . $fullurl, NONSENSITIVE ); + $ldap->printDebug( "OpenStackNovaController::restCall fullurl: " . $fullurl, NONSENSITIVE ); $handle = curl_init(); switch( $method ) { case 'GET': diff --git a/nova/OpenStackNovaDomain.php b/nova/OpenStackNovaDomain.php index 681abbe..37a0849 100644 --- a/nova/OpenStackNovaDomain.php +++ b/nova/OpenStackNovaDomain.php @@ -29,7 +29,7 @@ * @return void */ function fetchDomainInfo() { - global $wgAuth, $wgMemc; + global $wgMemc; global $wgOpenStackManagerLDAPInstanceBaseDN; $key = wfMemcKey( 'openstackmanager', 'domaininfo', $this->domainname ); @@ -39,9 +39,10 @@ if ( is_array( $domainInfo ) ) { $this->domainInfo = $domainInfo; } else { - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->domainname . ')' ); - $this->domainInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $this->domainInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); $wgMemc->set( $key, $this->domainInfo, 3600 * 24 ); } if ( $this->domainInfo ) { @@ -89,17 +90,16 @@ * @return bool */ function updateSOA() { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $domain = array(); $domain['soarecord'] = OpenStackNovaDomain::generateSOA(); - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->domainDN, $domain ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->domainDN, $domain ); if ( $success ) { - $wgAuth->printDebug( "Successfully modified soarecord for " . $this->domainDN, NONSENSITIVE ); + $ldap->printDebug( "Successfully modified soarecord for " . $this->domainDN, NONSENSITIVE ); $this->fetchDomainInfo(); return true; } else { - $wgAuth->printDebug( "Failed to modify soarecord for " . $this->domainDN, NONSENSITIVE ); + $ldap->printDebug( "Failed to modify soarecord for " . $this->domainDN, NONSENSITIVE ); return false; } } @@ -112,9 +112,9 @@ * @return array of OpenNovaDomain */ static function getAllDomains( $type='all' ) { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $domains = array(); @@ -125,9 +125,9 @@ } else { $query = '(soarecord=*)'; } - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, $query ); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, $query ); if ( $result ) { - $entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $entries = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $entries ) { # First entry is always a count array_shift( $entries ); @@ -167,14 +167,14 @@ * @return null|OpenStackNovaDomain */ static function getDomainByHostIP( $ip ) { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(arecord=' . $ip . ')' ); - $hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $hostInfo['count'] == "0" ) { return null; } @@ -221,9 +221,9 @@ * @return null|OpenStackNovaDomain */ static function createDomain( $domainname, $fqdn, $location ) { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $soa = OpenStackNovaDomain::generateSOA(); @@ -239,12 +239,12 @@ } $dn = 'dc=' . $domainname . ',' . $wgOpenStackManagerLDAPInstanceBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $dn, $domain ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $dn, $domain ); if ( $success ) { - $wgAuth->printDebug( "Successfully added domain $domainname", NONSENSITIVE ); + $ldap->printDebug( "Successfully added domain $domainname", NONSENSITIVE ); return new OpenStackNovaDomain( $domainname ); } else { - $wgAuth->printDebug( "Failed to add domain $domainname", NONSENSITIVE ); + $ldap->printDebug( "Failed to add domain $domainname", NONSENSITIVE ); return null; } } @@ -258,31 +258,30 @@ * @return bool */ static function deleteDomain( $domainname ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $domain = new OpenStackNovaDomain( $domainname ); if ( ! $domain ) { - $wgAuth->printDebug( "Domain $domainname does not exist", NONSENSITIVE ); + $ldap->printDebug( "Domain $domainname does not exist", NONSENSITIVE ); return array( false, 'openstackmanager-failedeletedomainnotfound' ); } $dn = $domain->domainDN; # Domains can have records as sub entries. If sub-entries exist, fail. - $result = LdapAuthenticationPlugin::ldap_list( $wgAuth->ldapconn, $dn, 'objectclass=*' ); - $hosts = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $result = LdapAuthenticationPlugin::ldap_list( $ldap->ldapconn, $dn, 'objectclass=*' ); + $hosts = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $hosts['count'] != "0" ) { - $wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); return array( false, 'openstackmanager-failedeletedomainduplicates' ); } - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $dn ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE ); return array( true, '' ); } else { - $wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); return array( false, 'openstackmanager-failedeletedomain' ); } } diff --git a/nova/OpenStackNovaHost.php b/nova/OpenStackNovaHost.php index 535f7d2..438e561 100644 --- a/nova/OpenStackNovaHost.php +++ b/nova/OpenStackNovaHost.php @@ -79,14 +79,13 @@ * @return bool */ function deleteAssociatedDomain( $fqdn ) { - global $wgAuth; - if ( isset( $this->hostInfo[0]['associateddomain'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $associateddomains = $this->hostInfo[0]['associateddomain']; array_shift( $associateddomains ); $index = array_search( $fqdn, $associateddomains ); if ( $index === false ) { - $wgAuth->printDebug( "Failed to find $fqdn in associateddomain list", NONSENSITIVE ); + $ldap->printDebug( "Failed to find $fqdn in associateddomain list", NONSENSITIVE ); return false; } unset( $associateddomains[$index] ); @@ -95,14 +94,14 @@ foreach ( $associateddomains as $associateddomain ) { $values['associateddomain'][] = $associateddomain; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully removed $fqdn from $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $fqdn from $this->hostDN", NONSENSITIVE ); $this->getDomain()->updateSOA(); $this->fetchHostInfo(); return true; } else { - $wgAuth->printDebug( "Failed to remove $fqdn from $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $fqdn from $this->hostDN", NONSENSITIVE ); return false; } } else { @@ -117,14 +116,13 @@ * @return bool */ function deleteARecord( $ip ) { - global $wgAuth; - if ( isset( $this->hostInfo[0]['arecord'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $arecords = $this->hostInfo[0]['arecord']; array_shift( $arecords ); $index = array_search( $ip, $arecords ); if ( $index === false ) { - $wgAuth->printDebug( "Failed to find ip address in arecords list", NONSENSITIVE ); + $ldap->printDebug( "Failed to find ip address in arecords list", NONSENSITIVE ); return false; } unset( $arecords[$index] ); @@ -133,14 +131,14 @@ foreach ( $arecords as $arecord ) { $values['arecord'][] = $arecord; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully removed $ip from $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $ip from $this->hostDN", NONSENSITIVE ); $this->getDomain()->updateSOA(); $this->fetchHostInfo(); return true; } else { - $wgAuth->printDebug( "Failed to remove $ip from $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $ip from $this->hostDN", NONSENSITIVE ); return false; } } else { @@ -155,8 +153,7 @@ * @return bool */ function addAssociatedDomain( $fqdn ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $associatedomains = array(); if ( isset( $this->hostInfo[0]['associateddomain'] ) ) { $associatedomains = $this->hostInfo[0]['associateddomain']; @@ -165,14 +162,14 @@ $associatedomains[] = $fqdn; $values = array(); $values['associateddomain'] = $associatedomains; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully added $fqdn to $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $fqdn to $this->hostDN", NONSENSITIVE ); $this->getDomain()->updateSOA(); $this->fetchHostInfo(); return true; } else { - $wgAuth->printDebug( "Failed to add $fqdn to $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to add $fqdn to $this->hostDN", NONSENSITIVE ); return false; } } @@ -184,8 +181,7 @@ * @return bool */ function addARecord( $ip ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $arecords = array(); if ( isset( $this->hostInfo[0]['arecord'] ) ) { $arecords = $this->hostInfo[0]['arecord']; @@ -194,14 +190,14 @@ $arecords[] = $ip; $values = array(); $values['arecord'] = $arecords; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully added $ip to $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $ip to $this->hostDN", NONSENSITIVE ); $this->getDomain()->updateSOA(); $this->fetchHostInfo(); return true; } else { - $wgAuth->printDebug( "Failed to add $ip to $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to add $ip to $this->hostDN", NONSENSITIVE ); return false; } } @@ -213,17 +209,16 @@ * @return bool */ function setARecord( $ip ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $values = array( 'arecord' => array( $ip ) ); - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully set $ip on $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully set $ip on $this->hostDN", NONSENSITIVE ); $this->getDomain()->updateSOA(); $this->fetchHostInfo(); return true; } else { - $wgAuth->printDebug( "Failed to set $ip on $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to set $ip on $this->hostDN", NONSENSITIVE ); return false; } } @@ -237,8 +232,6 @@ * @return OpenStackNovaHost */ static function getHostByPublicIP( $ip ) { - global $wgAuth; - $host = new OpenStackNovaPublicHost( $ip ); if ( $host->hostInfo ) { return $host; @@ -271,18 +264,18 @@ * @return bool */ function deleteHost() { - global $wgAuth; + $ldap = LdapAuthenticationPlugin::getInstance(); # Grab the domain now, before we delete the entry and it's no longer there to grab. $domain = $this->getDomain(); - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $this->hostDN ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $this->hostDN ); if ( $success ) { $domain->updateSOA(); - $wgAuth->printDebug( "Successfully deleted host $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted host $this->hostDN", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to delete host $this->hostDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete host $this->hostDN", NONSENSITIVE ); return false; } } @@ -300,9 +293,9 @@ * @return OpenStackNovaHost */ static function addHostFromInstance( $instance, $domain, $puppetinfo = array() ) { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN, $wgOpenStackManagerPuppetOptions; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $hostname = $instance->getInstanceName(); @@ -321,7 +314,7 @@ $fqdn = $instancename . '.' . $instanceproject . '.' . $domainname; $host = OpenStackNovaHost::getHostByNameAndProject( $instancename, $instanceproject, $region ); if ( $host ) { - $wgAuth->printDebug( "Failed to add host $hostname as the DNS entry already exists", NONSENSITIVE ); + $ldap->printDebug( "Failed to add host $hostname as the DNS entry already exists", NONSENSITIVE ); return null; } $hostEntry = array(); @@ -365,13 +358,13 @@ } $dn = 'dc=' . $fqdn . ',' . $wgOpenStackManagerLDAPInstanceBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $dn, $hostEntry ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $dn, $hostEntry ); if ( $success ) { $domain->updateSOA(); - $wgAuth->printDebug( "Successfully added host $fqdn", NONSENSITIVE ); + $ldap->printDebug( "Successfully added host $fqdn", NONSENSITIVE ); return OpenStackNovaHost::getHostByInstanceNameAndProject( $instancename, $instanceproject, $region ); } else { - $wgAuth->printDebug( "Failed to add host $fqdn with dn of $dn", NONSENSITIVE ); + $ldap->printDebug( "Failed to add host $fqdn with dn of $dn", NONSENSITIVE ); return null; } } @@ -388,15 +381,15 @@ * @return bool|null|OpenStackNovaHost */ static function addPublicHost( $hostname, $ip, $domain ) { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $domainname = $domain->getFullyQualifiedDomainName(); $host = OpenStackNovaHost::getHostByPublicIP( $ip ); if ( $host ) { - $wgAuth->printDebug( "Failed to add public host $hostname as the DNS entry already exists", NONSENSITIVE ); + $ldap->printDebug( "Failed to add public host $hostname as the DNS entry already exists", NONSENSITIVE ); return null; } $hostEntry = array(); @@ -408,13 +401,13 @@ $hostEntry['associateddomain'][] = $hostname . '.' . $domainname; $dn = 'dc=' . $ip . ',' . $wgOpenStackManagerLDAPInstanceBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $dn, $hostEntry ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $dn, $hostEntry ); if ( $success ) { $domain->updateSOA(); - $wgAuth->printDebug( "Successfully added public host $hostname", NONSENSITIVE ); + $ldap->printDebug( "Successfully added public host $hostname", NONSENSITIVE ); return new OpenStackNovaHost( false, null, $ip ); } else { - $wgAuth->printDebug( "Failed to add public host $hostname with dn = $dn", NONSENSITIVE ); + $ldap->printDebug( "Failed to add public host $hostname with dn = $dn", NONSENSITIVE ); return null; } } diff --git a/nova/OpenStackNovaLdapConnection.php b/nova/OpenStackNovaLdapConnection.php index d744ac6..b2009fa 100644 --- a/nova/OpenStackNovaLdapConnection.php +++ b/nova/OpenStackNovaLdapConnection.php @@ -9,17 +9,17 @@ class OpenStackNovaLdapConnection { /** - * Connect to LDAP as the open stack manager account using wgAuth + * Connect to LDAP as the open stack manager account using LdapAuthenticationPlugin */ static function connect() { - global $wgAuth; global $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword; global $wgOpenStackManagerLDAPDomain; // Only reconnect/rebind if we aren't alredy bound - if ( $wgAuth->boundAs !== $wgOpenStackManagerLDAPUser ) { - $wgAuth->connect( $wgOpenStackManagerLDAPDomain ); - $wgAuth->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword ); + $ldap = LdapAuthenticationPlugin::getInstance(); + if ( $ldap->boundAs !== $wgOpenStackManagerLDAPUser ) { + $ldap->connect( $wgOpenStackManagerLDAPDomain ); + $ldap->bindAs( $wgOpenStackManagerLDAPUser, $wgOpenStackManagerLDAPUserPassword ); } } } diff --git a/nova/OpenStackNovaPrivateHost.php b/nova/OpenStackNovaPrivateHost.php index 31e2d09..718deae 100644 --- a/nova/OpenStackNovaPrivateHost.php +++ b/nova/OpenStackNovaPrivateHost.php @@ -26,10 +26,9 @@ * @param $region */ function __construct( $instancename, $instanceproject, $region ) { - global $wgAuth; - - $this->instancename = $wgAuth->getLdapEscapedString( $instancename ); - $this->instanceproject = $wgAuth->getLdapEscapedString( $instanceproject ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $this->instancename = $ldap->getLdapEscapedString( $instancename ); + $this->instanceproject = $ldap->getLdapEscapedString( $instanceproject ); $this->region = $region; $this->domainCache = null; OpenStackNovaLdapConnection::connect(); @@ -42,9 +41,9 @@ * @return void */ function fetchHostInfo() { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); if ($this->getDomain()) { $fqdn = $this->instancename . '.' . $this->instanceproject . '.' . $this->getDomain()->getFullyQualifiedDomainName(); } else { @@ -52,8 +51,8 @@ $this->hostInfo = null; return; } - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . ')' ); - $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $fqdn . ')' ); + $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $this->hostInfo["count"] == "0" ) { $this->hostInfo = null; } else { @@ -70,13 +69,12 @@ * @return string */ function getFullyQualifiedDisplayName() { - global $wgAuth; - if ($this->getDomain()) { $fqdn = $this->instancename . '.' . $this->instanceproject . '.' . $this->getDomain()->getFullyQualifiedDomainName(); return $fqdn; } else { - $wgAuth->printDebug( "Error: Unable to determine instancename of " . $this->instancename, NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "Error: Unable to determine instancename of " . $this->instancename, NONSENSITIVE ); return ""; } } @@ -87,12 +85,11 @@ * @return OpenStackNovaDomain */ function getDomain() { - global $wgAuth; - if ( ! $this->domainCache ) { $this->domainCache = OpenStackNovaDomain::getDomainByRegion( $this->region ); if (! $this->domainCache ) { - $wgAuth->printDebug( "Looked up domain for region $this->region but domainCache is still empty.", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "Looked up domain for region $this->region but domainCache is still empty.", NONSENSITIVE ); } } return $this->domainCache; @@ -153,11 +150,11 @@ * @return bool */ function modifyPuppetConfiguration( $puppetinfo ) { - global $wgAuth; global $wgOpenStackManagerPuppetOptions; $hostEntry = array( 'puppetclass' => array(), 'puppetvar' => array() ); if ( $wgOpenStackManagerPuppetOptions['enabled'] ) { + $ldap = LdapAuthenticationPlugin::getInstance(); if ( isset( $puppetinfo['classes'] ) ) { foreach ( $puppetinfo['classes'] as $class ) { $hostEntry['puppetclass'][] = $class; @@ -170,22 +167,22 @@ } $oldpuppetinfo = $this->getPuppetConfiguration(); if ( isset( $oldpuppetinfo['puppetvar'] ) ) { - $wgAuth->printDebug( "Checking for preexisting variables", NONSENSITIVE ); + $ldap->printDebug( "Checking for preexisting variables", NONSENSITIVE ); foreach ( $oldpuppetinfo['puppetvar'] as $variable => $value ) { - $wgAuth->printDebug( "Found $variable", NONSENSITIVE ); + $ldap->printDebug( "Found $variable", NONSENSITIVE ); if ( $variable === "instanceproject" || $variable === "instancename" ) { $hostEntry['puppetvar'][] = $variable . '=' . $value; } } } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->hostDN, $hostEntry ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->hostDN, $hostEntry ); if ( $success ) { $this->fetchHostInfo(); - $wgAuth->printDebug( "Successfully modified puppet configuration for host", NONSENSITIVE ); + $ldap->printDebug( "Successfully modified puppet configuration for host", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to modify puppet configuration for host", NONSENSITIVE ); + $ldap->printDebug( "Failed to modify puppet configuration for host", NONSENSITIVE ); return false; } } diff --git a/nova/OpenStackNovaProject.php b/nova/OpenStackNovaProject.php index ef10c38..8f938ac 100644 --- a/nova/OpenStackNovaProject.php +++ b/nova/OpenStackNovaProject.php @@ -93,7 +93,6 @@ * @return void */ function fetchProjectInfo( $refresh=true ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectBaseDN; if ( $this->loaded and !$refresh ) { @@ -119,16 +118,16 @@ } function fetchServiceGroups() { - global $wgAuth; global $wgOpenStackManagerLDAPServiceGroupBaseDN; - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPServiceGroupBaseDN, '(objectclass=groupofnames)' ); if ( $result ) { $this->serviceGroups = array(); - $groupList = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $groupList = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( isset( $groupList ) ) { array_shift( $groupList ); foreach ( $groupList as $groupEntry ) { @@ -144,20 +143,20 @@ } $serviceUserBaseDN = "ou=people" . "," . $wgOpenStackManagerLDAPServiceGroupBaseDN; - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $serviceUserBaseDN, '(objectclass=person)' ); if ( $result ) { $this->serviceUsers = array(); - $userList = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $userList = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( isset( $userList ) ) { array_shift( $userList ); foreach ( $userList as $userEntry ) { # Now we have every user. Check if this one belongs to us. $matchstring = $this->projectname . "."; if ( strpos($userEntry['cn'][0], $matchstring) === 0 ) { - $wgAuth->printDebug( "adding " . $userEntry['cn'][0], NONSENSITIVE ); + $ldap->printDebug( "adding " . $userEntry['cn'][0], NONSENSITIVE ); $this->serviceUsers[] = $userEntry['cn'][0]; } } @@ -177,13 +176,13 @@ * @return void */ function fetchProjectGroup() { - global $wgAuth; $this->projectGroup = new OpenStackNovaProjectGroup( $this->projectname ); // If we couldn't find an corresponding Project Group, // then we should create one now. if ( !$this->projectGroup->loaded ) { - $wgAuth->printDebug( $this->projectGroup->getProjectGroupName() . " does not exist. Creating it.", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( $this->projectGroup->getProjectGroupName() . " does not exist. Creating it.", NONSENSITIVE ); $createSuccess = OpenStackNovaProjectGroup::createProjectGroup( $this->projectname ); // Aaaaand if we successfully created the group, then finally sync the members from this project now. @@ -359,9 +358,9 @@ * @return bool */ function deleteMember( $username ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); $key = wfMemcKey( 'openstackmanager', 'projectuidsandmembers', $this->projectname ); $wgMemc->delete( $key ); @@ -377,17 +376,17 @@ foreach ( $sudoers as $sudoer ) { $success = $sudoer->deleteUser( $username ); if ( $success ) { - $wgAuth->printDebug( "Successfully removed $username from " . $sudoer->getSudoerName(), NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $username from " . $sudoer->getSudoerName(), NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to remove $username from " . $sudoer->getSudoerName(), NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $username from " . $sudoer->getSudoerName(), NONSENSITIVE ); } } - $wgAuth->printDebug( "Successfully removed $user->userDN from $this->projectname", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $user->userDN from $this->projectname", NONSENSITIVE ); $this->deleteRoleCaches( $username ); $this->editArticle(); return true; } else { - $wgAuth->printDebug( "Failed to remove $username from $this->projectname: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $username from $this->projectname: " . ldap_error($ldap->ldapconn), NONSENSITIVE ); return false; } } @@ -399,11 +398,10 @@ * @return bool */ function addServiceGroup( $groupName, $initialUser ) { - global $wgAuth; - $group = OpenStackNovaServiceGroup::createServiceGroup( $groupName, $this, $initialUser ); if ( ! $group ) { - $wgAuth->printDebug( "Failed to create service group $groupName", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "Failed to create service group $groupName", NONSENSITIVE ); return false; } @@ -418,8 +416,6 @@ * @return bool */ function deleteServiceGroup( $groupName ) { - global $wgAuth; - $success = OpenStackNovaServiceGroup::deleteServiceGroup( $groupName, $this ); $this->fetchServiceGroups(); @@ -433,9 +429,9 @@ * @return bool */ function addMember( $username ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); $key = wfMemcKey( 'openstackmanager', 'projectuidsandmembers', $this->projectname ); $wgMemc->delete( $key ); @@ -448,11 +444,11 @@ // also add the member to the corresponding ProjectGroup. $this->projectGroup->addMember( $username ); $this->deleteRoleCaches( $username ); - $wgAuth->printDebug( "Successfully added $username to $this->projectname", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $username to $this->projectname", NONSENSITIVE ); $this->editArticle(); return true; } else { - $wgAuth->printDebug( "Failed to add $username to $this->projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to add $username to $this->projectname", NONSENSITIVE ); return false; } } @@ -612,8 +608,6 @@ * @return OpenStackNovaProject[] */ static function getAllProjects() { - global $wgAuth; - $projects = array(); foreach( OpenStackNovaProject::getProjectList() as $id => $name ) { $project = new OpenStackNovaProject( $id, false ); @@ -634,10 +628,11 @@ * @return OpenStackNovaProject */ static function createProject( $projectname ) { - global $wgAuth, $wgMemc; + global $wgMemc; global $wgOpenStackManagerLDAPUser; global $wgOpenStackManagerLDAPProjectBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); $controller = OpenstackNovaProject::getController(); $newProjectId = $controller->createProject( $projectname ); $wgMemc->delete( wfMemcKey( 'openstackmanager', 'projectlist' ) ); @@ -652,12 +647,12 @@ $ldapproject['member'] = $wgOpenStackManagerLDAPUser; $projectdn = 'cn=' . $projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $projectdn, $ldapproject ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $projectdn, $ldapproject ); if ( !$success ) { - $wgAuth->printDebug( "Creation of ldap project container failed for $projectname", NONSENSITIVE ); + $ldap->printDebug( "Creation of ldap project container failed for $projectname", NONSENSITIVE ); } - $wgAuth->printDebug( "Added ldap project container $projectname", NONSENSITIVE ); + $ldap->printDebug( "Added ldap project container $projectname", NONSENSITIVE ); $project = new OpenstackNovaProject( $newProjectId, false ); $projectdn = $project->getProjectDN(); @@ -665,7 +660,7 @@ $sudoerOU['objectclass'][] = 'organizationalunit'; $sudoerOU['ou'] = 'sudooers'; $sudoerOUdn = 'ou=sudoers,' . $projectdn; - LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $sudoerOUdn, $sudoerOU ); + LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $sudoerOUdn, $sudoerOU ); # TODO: If sudoerOU creation fails we need to be able to fail gracefully // Now that we've created the Project, if we @@ -680,18 +675,18 @@ if ( OpenStackNovaSudoer::createSudoer( 'default-sudo', $projectname, array( $projectGroup ), array(), array( 'ALL' ), array( '!authenticate' ) ) ) { - $wgAuth->printDebug( "Successfully created default sudo policy for $projectname", NONSENSITIVE ); + $ldap->printDebug( "Successfully created default sudo policy for $projectname", NONSENSITIVE ); } // Now, allow all project members to sudo to all other users. $projectGroup = "%" . $project->getProjectGroup()->getProjectGroupName(); if ( OpenStackNovaSudoer::createSudoer( 'default-sudo-as', $projectname, array( $projectGroup ), array( "$projectGroup" ), array( 'ALL' ), array( '!authenticate' ) ) ) { - $wgAuth->printDebug( "Successfully created default sudo-as policy for $projectname", NONSENSITIVE ); + $ldap->printDebug( "Successfully created default sudo-as policy for $projectname", NONSENSITIVE ); } OpenStackNovaProject::createServiceGroupOUs( $projectname ); } else { - $wgAuth->printDebug( "Failed to add project $projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to add project $projectname", NONSENSITIVE ); return null; } @@ -708,8 +703,9 @@ * @return bool */ static function createServiceGroupOUs( $projectname ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectBaseDN; + + $ldap = LdapAuthenticationPlugin::getInstance(); // Create ou for service groups $groups = array(); @@ -717,9 +713,9 @@ $groups['ou'] = 'groups'; $groupsdn = 'ou=' . $groups['ou'] . ',' . 'cn=' . $projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $groupsdn, $groups ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $groupsdn, $groups ); if ( !$success ) { - $wgAuth->printDebug( "Failed to create service group ou for project $projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to create service group ou for project $projectname", NONSENSITIVE ); return false; } @@ -729,9 +725,9 @@ $users['ou'] = 'people'; $usersdn = 'ou=' . $users['ou'] . ',' . 'cn=' . $projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $usersdn, $users ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $usersdn, $users ); if ( !$success ) { - $wgAuth->printDebug( "Failed to create service user ou for project $projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to create service user ou for project $projectname", NONSENSITIVE ); return false; } @@ -745,17 +741,18 @@ * @return bool */ function deleteServiceGroupOUs() { - global $wgAuth; global $wgOpenStackManagerLDAPProjectBaseDN; + + $ldap = LdapAuthenticationPlugin::getInstance(); $groups = array(); $groups['objectclass'][] = 'organizationalunit'; $groups['ou'] = 'groups'; $groupsdn = 'ou=' . $groups['ou'] . ',' . 'cn=' . $this->projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $groupsdn ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $groupsdn ); if ( !$success ) { - $wgAuth->printDebug( "Failed to delete service group ou for project $this->projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete service group ou for project $this->projectname", NONSENSITIVE ); return false; } @@ -764,9 +761,9 @@ $users['ou'] = 'people'; $usersdn = 'ou=' . $users['ou'] . ',' . 'cn=' . $this->projectname . ',' . $wgOpenStackManagerLDAPProjectBaseDN; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $usersdn ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $usersdn ); if ( !$success ) { - $wgAuth->printDebug( "Failed to delete service user ou for project $this->projectname", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete service user ou for project $this->projectname", NONSENSITIVE ); return false; } @@ -782,7 +779,7 @@ * @return bool */ static function deleteProject( $projectid ) { - global $wgAuth, $wgMemc; + global $wgMemc; $project = new OpenStackNovaProject( $projectid ); if ( ! $project ) { @@ -790,6 +787,7 @@ } $projectname = $project->getName(); + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); OpenStackNovaProjectGroup::deleteProjectGroup( $project->getProjectName() ); @@ -798,16 +796,16 @@ foreach ( $sudoers as $sudoer ) { $success = OpenStackNovaSudoer::deleteSudoer( $sudoer->getSudoerName(), $project->getProjectName() ); if ( $success ){ - $wgAuth->printDebug( "Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE ); + $ldap->printDebug( "Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE ); } } - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $project->getSudoersDN() ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $project->getSudoersDN() ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE ); + $ldap->printDebug( "Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE ); } # And, we need to clean up service groups. $servicegroups = $project->getServiceGroups(); @@ -815,17 +813,17 @@ $groupName = $group->groupName; $success = OpenStackNovaServiceGroup::deleteServiceGroup( $groupName, $project ); if ( $success ){ - $wgAuth->printDebug( "Successfully deleted service group " . $groupName, NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted service group " . $groupName, NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to delete service group " . $groupName, NONSENSITIVE ); + $ldap->printDebug( "Failed to delete service group " . $groupName, NONSENSITIVE ); } } $project->deleteServiceGroupOUs(); $dn = $project->projectDN; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $dn ); if ( !$success ) { - $wgAuth->printDebug( "Failed to delete project LDAP container $dn", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete project LDAP container $dn", NONSENSITIVE ); } $controller = OpenstackNovaProject::getController(); @@ -833,10 +831,10 @@ $wgMemc->delete( wfMemcKey( 'openstackmanager', 'projectlist' ) ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted project", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted project", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to delete project", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete project", NONSENSITIVE ); return false; } } @@ -914,12 +912,13 @@ */ function getServiceGroupHomedirPattern() { global $wgOpenStackManagerServiceGroupHomedirPattern; - global $wgOpenStackManagerLDAPProjectBaseDN, $wgAuth; + global $wgOpenStackManagerLDAPProjectBaseDN; $pattern = $wgOpenStackManagerServiceGroupHomedirPattern; - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, '(&(cn=' . $this->getProjectName() . ')(objectclass=groupofnames))' ); - $projectInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $projectInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( isset( $projectInfo[0]['info'] ) ) { $infos = $projectInfo[0]['info']; diff --git a/nova/OpenStackNovaProjectGroup.php b/nova/OpenStackNovaProjectGroup.php index 479a79d..70bfa71 100644 --- a/nova/OpenStackNovaProjectGroup.php +++ b/nova/OpenStackNovaProjectGroup.php @@ -47,15 +47,15 @@ * @return void */ function fetchProjectGroupInfo( $refresh=true ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectGroupBaseDN; if ( $this->loaded and !$refresh ) { return; } - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectGroupBaseDN, + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPProjectGroupBaseDN, '(&(cn=' . $this->getProjectGroupName() . ')(objectclass=groupofnames))' ); - $this->projectGroupInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $this->projectGroupInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( !isset( $this->projectGroupInfo[0] ) ) { $this->loaded = false; return; @@ -82,20 +82,20 @@ * @return array */ function getMembers() { - global $wgAuth; global $wgOpenStackManagerLDAPDomain; $members = array(); if ( isset( $this->projectGroupInfo[0]['member'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $memberdns = $this->projectGroupInfo[0]['member']; array_shift( $memberdns ); foreach ( $memberdns as $memberdn ) { - $searchattr = $wgAuth->getConf( 'SearchAttribute', $wgOpenStackManagerLDAPDomain ); + $searchattr = $ldap->getConf( 'SearchAttribute', $wgOpenStackManagerLDAPDomain ); if ( $searchattr ) { // We need to look up the search attr from the user entry // this is expensive, but must be done. // TODO: memcache this - $userInfo = $wgAuth->getUserInfoStateless( $memberdn ); + $userInfo = $ldap->getUserInfoStateless( $memberdn ); $members[] = $userInfo[0][$searchattr][0]; } else { @@ -132,19 +132,18 @@ * @return bool */ function deleteMember( $username ) { - global $wgAuth; - if ( isset( $this->projectGroupInfo[0]['member'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $members = $this->projectGroupInfo[0]['member']; array_shift( $members ); $user = new OpenStackNovaUser( $username ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find userDN for username $username in OpenStackNovaProjectGroup deleteMember.", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN for username $username in OpenStackNovaProjectGroup deleteMember.", NONSENSITIVE ); return false; } $index = array_search( $user->userDN, $members ); if ( $index === false ) { - $wgAuth->printDebug( "Failed to find userDN " . $user->userDN . " in in ProjectGroup " . $this->projectGroupName . " member list", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN " . $user->userDN . " in in ProjectGroup " . $this->projectGroupName . " member list", NONSENSITIVE ); return false; } unset( $members[$index] ); @@ -153,13 +152,13 @@ foreach ( $members as $member ) { $values['member'][] = $member; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->projectGroupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->projectGroupDN, $values ); if ( $success ) { $this->fetchProjectGroupInfo( true ); - $wgAuth->printDebug( "Successfully removed $user->userDN from $this->projectGroupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $user->userDN from $this->projectGroupDN", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to remove $user->userDN from $this->projectGroupDN: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $user->userDN from $this->projectGroupDN: " . ldap_error($ldap->ldapconn), NONSENSITIVE ); return false; } } else { @@ -175,17 +174,16 @@ * @return bool */ function setMembers( $memberDNs ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $values = array( 'member' => $memberDNs ); - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->projectGroupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->projectGroupDN, $values ); if ( $success ) { // reload the ProjectGroup from LDAP. $this->fetchProjectGroupInfo( true ); - $wgAuth->printDebug( "Successfully set " . count( $memberDNs ) . " members to $this->projectGroupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully set " . count( $memberDNs ) . " members to $this->projectGroupDN", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to set " . count( $memberDNs ) . " members to $this->projectGroupDN: " . ldap_error( $wgAuth->ldapconn ) . ". [" . join( ";", $memberDNs ) . "]", NONSENSITIVE ); + $ldap->printDebug( "Failed to set " . count( $memberDNs ) . " members to $this->projectGroupDN: " . ldap_error( $ldap->ldapconn ) . ". [" . join( ";", $memberDNs ) . "]", NONSENSITIVE ); } return $success; @@ -198,8 +196,7 @@ * @return bool */ function addMember( $username ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $members = array(); if ( isset( $this->projectGroupInfo[0]['member'] ) ) { $members = $this->projectGroupInfo[0]['member']; @@ -207,19 +204,19 @@ } $user = new OpenStackNovaUser( $username ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find userDN in addMember", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN in addMember", NONSENSITIVE ); return false; } $members[] = $user->userDN; $values = array(); $values['member'] = $members; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->projectGroupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->projectGroupDN, $values ); if ( $success ) { $this->fetchProjectGroupInfo( true ); - $wgAuth->printDebug( "Successfully added $user->userDN to $this->projectGroupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $user->userDN to $this->projectGroupDN", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to add $user->userDN to $this->projectGroupDN: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE ); + $ldap->printDebug( "Failed to add $user->userDN to $this->projectGroupDN: " . ldap_error($ldap->ldapconn), NONSENSITIVE ); return false; } } @@ -233,18 +230,18 @@ * @return bool */ static function createProjectGroup( $projectname ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectGroupBaseDN; global $wgOpenStackManagerLDAPUsername; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $user = new OpenStackNovaUser( $wgOpenStackManagerLDAPUsername ); - if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find userDN in createProjectGroup", NONSENSITIVE ); - return false; - } + if ( ! $user->userDN ) { + $ldap->printDebug( "Failed to find userDN in createProjectGroup", NONSENSITIVE ); + return false; + } $projectGroupName = self::$prefix . $projectname; $projectGroup = array(); @@ -252,17 +249,17 @@ $projectGroup['objectclass'][] = 'posixgroup'; $projectGroup['objectclass'][] = 'groupofnames'; $projectGroup['cn'] = $projectGroupName; - $projectGroup['gidnumber'] = OpenStackNovaUser::getNextIdNumber( $wgAuth, 'gidnumber' ); + $projectGroup['gidnumber'] = OpenStackNovaUser::getNextIdNumber( $ldap, 'gidnumber' ); $projectGroupDN = 'cn=' . $projectGroupName . ',' . $wgOpenStackManagerLDAPProjectGroupBaseDN; # TODO: If project group creation fails we need to be able to fail gracefully - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $projectGroupDN, $projectGroup ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $projectGroupDN, $projectGroup ); if ( $success ) { - $wgAuth->printDebug( "Successfully added project group $projectGroupName", NONSENSITIVE ); + $ldap->printDebug( "Successfully added project group $projectGroupName", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to add project group $projectGroupName: " . ldap_error( $wgAuth->ldapconn ), NONSENSITIVE ); - return false; + $ldap->printDebug( "Failed to add project group $projectGroupName: " . ldap_error( $ldap->ldapconn ), NONSENSITIVE ); + return false; } return $success; } @@ -274,19 +271,19 @@ * @return bool */ static function deleteProjectGroup( $projectname ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectGroupBaseDN; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $projectGroupName = self::$prefix . $projectname; $projectGroupDN = 'cn=' . $projectGroupName . ',' . $wgOpenStackManagerLDAPProjectGroupBaseDN; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $projectGroupDN ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $projectGroupDN ); if ( $success ){ - $wgAuth->printDebug( "Successfully deleted project group $projectGroupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted project group $projectGroupDN", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to delete project group $projectGroupDN: " . ldap_error( $wgAuth->ldapconn ), NONSENSITIVE ); + $ldap->printDebug( "Failed to delete project group $projectGroupDN: " . ldap_error( $ldap->ldapconn ), NONSENSITIVE ); } return $success; } diff --git a/nova/OpenStackNovaPublicHost.php b/nova/OpenStackNovaPublicHost.php index beb74cd..4345981 100644 --- a/nova/OpenStackNovaPublicHost.php +++ b/nova/OpenStackNovaPublicHost.php @@ -18,8 +18,6 @@ * @param $ip */ function __construct( $ip ) { - global $wgAuth; - $this->domainCache = null; $this->ip = $ip; OpenStackNovaLdapConnection::connect(); @@ -32,12 +30,12 @@ * @return void */ function fetchHostInfo() { - global $wgAuth; global $wgOpenStackManagerLDAPInstanceBaseDN; - $this->ip = $wgAuth->getLdapEscapedString( $this->ip ); - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip . ')' ); - $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $this->ip = $ldap->getLdapEscapedString( $this->ip ); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $wgOpenStackManagerLDAPInstanceBaseDN, '(dc=' . $this->ip . ')' ); + $this->hostInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $this->hostInfo["count"] == "0" ) { $this->hostInfo = null; } else { @@ -51,12 +49,11 @@ * @return OpenStackNovaDomain */ function getDomain() { - global $wgAuth; - if ( ! $this->domainCache ) { $this->domainCache = OpenStackNovaDomain::getDomainByHostIP( $this->ip ); if (! $this->domainCache ) { - $wgAuth->printDebug( "Looked up domain for ip $this->ip but domainCache is still empty.", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "Looked up domain for ip $this->ip but domainCache is still empty.", NONSENSITIVE ); } } return $this->domainCache; diff --git a/nova/OpenStackNovaRole.php b/nova/OpenStackNovaRole.php index 292727b..e8c2495 100644 --- a/nova/OpenStackNovaRole.php +++ b/nova/OpenStackNovaRole.php @@ -91,8 +91,7 @@ * @return bool */ function deleteMember( $username ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $user = new OpenStackNovaUser( $username ); $userid = $user->getUid(); $controller = OpenstackNovaProject::getController(); @@ -101,10 +100,10 @@ $userid ) ) { $user = new OpenStackNovaUser( $userid ); $this->deleteMemcKeys( $user ); - $wgAuth->printDebug( "Successfully removed $userid from role $this->rolename", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $userid from role $this->rolename", NONSENSITIVE ); return true; } else { - $wgAuth->printDebug( "Failed to remove $userid from role $this->rolename", NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $userid from role $this->rolename", NONSENSITIVE ); return false; } } @@ -114,20 +113,19 @@ * @return bool */ function addMember( $username ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $user = new OpenStackNovaUser( $username ); $userid = $user->getUid(); - $controller = OpenstackNovaProject::getController(); + $controller = OpenstackNovaProject::getController(); if ( $controller->grantRoleForProjectAndUser( $this->roleid, $this->project->getId(), $userid ) ) { - $wgAuth->printDebug( "Successfully added $userid to $this->rolename", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $userid to $this->rolename", NONSENSITIVE ); $user = new OpenStackNovaUser( $userid ); $this->deleteMemcKeys( $user ); return true; } else { - $wgAuth->printDebug( "Failed to add $userid to role $this->rolename", NONSENSITIVE ); + $ldap->printDebug( "Failed to add $userid to role $this->rolename", NONSENSITIVE ); return false; } } diff --git a/nova/OpenStackNovaServiceGroup.php b/nova/OpenStackNovaServiceGroup.php index fdecd92..d1d18dc 100644 --- a/nova/OpenStackNovaServiceGroup.php +++ b/nova/OpenStackNovaServiceGroup.php @@ -29,7 +29,6 @@ * @return void */ function fetchGroupInfo( $refreshCache = true ) { - global $wgAuth; global $wgOpenStackManagerLDAPServiceGroupBaseDN; global $wgMemc; @@ -48,8 +47,9 @@ if ( is_array( $groupInfo ) ) { $this->groupInfo = $groupInfo; } else { - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $dn, $query ); - $this->groupInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $dn, $query ); + $this->groupInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); $wgMemc->set( $key, $this->groupInfo, 3600 * 24 ); } @@ -79,7 +79,6 @@ * @return array */ function getUidMembers() { - global $wgAuth; global $wgOpenStackManagerLDAPDomain; $members = array(); @@ -97,7 +96,8 @@ if ( $attr === 'uid' ) { $members[] = $member; } else { - $userInfo = $wgAuth->getUserInfoStateless( $memberdn ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $userInfo = $ldap->getUserInfoStateless( $memberdn ); $members[] = $userInfo[0]['uid'][0]; } } @@ -109,17 +109,17 @@ * @return array */ function getMembers() { - global $wgAuth; global $wgOpenStackManagerLDAPDomain; $members = array(); if ( isset( $this->groupInfo[0]['member'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $memberdns = $this->groupInfo[0]['member']; array_shift( $memberdns ); foreach ( $memberdns as $memberdn ) { - $searchattr = $wgAuth->getConf( 'SearchAttribute', $wgOpenStackManagerLDAPDomain ); + $searchattr = $ldap->getConf( 'SearchAttribute', $wgOpenStackManagerLDAPDomain ); if ( $searchattr ) { - $userInfo = $wgAuth->getUserInfoStateless( $memberdn ); + $userInfo = $ldap->getUserInfoStateless( $memberdn ); $members[] = $userInfo[0][$searchattr][0]; } else { $member = explode( '=', $memberdn ); @@ -145,21 +145,20 @@ * @return bool */ function deleteMember( $username ) { - global $wgAuth; - if ( isset( $this->groupInfo[0]['member'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $members = $this->groupInfo[0]['member']; array_shift( $members ); $user = new OpenStackNovaUser( $username ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find $username in deleteMember", NONSENSITIVE ); + $ldap->printDebug( "Failed to find $username in deleteMember", NONSENSITIVE ); return false; } $index = array_search( $user->userDN, $members ); if ( $index === false ) { - $wgAuth->printDebug( "Failed to find userDN in member list", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN in member list", NONSENSITIVE ); return false; } unset( $members[$index] ); @@ -168,12 +167,12 @@ foreach ( $members as $member ) { $values['member'][] = $member; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->groupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->groupDN, $values ); if ( $success ) { $this->fetchGroupInfo(); - $wgAuth->printDebug( "Successfully removed $user->userDN from $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully removed $user->userDN from $this->groupDN", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to remove $user->userDN from $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to remove $user->userDN from $this->groupDN", NONSENSITIVE ); return false; } } else { @@ -187,14 +186,13 @@ * @return bool */ function setMembers( $usernames, $serviceUsernames=array() ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $members = array(); foreach ( $usernames as $username ) { $userDN = ""; $user = new OpenStackNovaUser( $username ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find userDN in setMembers", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN in setMembers", NONSENSITIVE ); return false; } $userDN = $user->userDN; @@ -207,12 +205,12 @@ } $values = array(); $values['member'] = $members; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->groupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->groupDN, $values ); if ( $success ) { $this->fetchGroupInfo(); - $wgAuth->printDebug( "Successfully set members for $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully set members for $this->groupDN", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to set members for $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to set members for $this->groupDN", NONSENSITIVE ); return false; } return true; @@ -223,8 +221,7 @@ * @return bool */ function addMember( $username ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); $members = array(); if ( isset( $this->groupInfo[0]['member'] ) ) { $members = $this->groupInfo[0]['member']; @@ -234,7 +231,7 @@ $userDN = ""; $user = new OpenStackNovaUser( $username ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Failed to find userDN in addMember", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN in addMember", NONSENSITIVE ); return false; } $userDN = $user->userDN; @@ -242,12 +239,12 @@ $members[] = $userDN; $values = array(); $values['member'] = $members; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->groupDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->groupDN, $values ); if ( $success ) { $this->fetchGroupInfo(); - $wgAuth->printDebug( "Successfully added $userDN to $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully added $userDN to $this->groupDN", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to add $userDN to $this->groupDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to add $userDN to $this->groupDN", NONSENSITIVE ); return false; } return true; @@ -276,12 +273,12 @@ * @return null|OpenStackNovaServiceGroup */ static function createServiceGroup( $inGroupName, $project, $initialUser ) { - global $wgAuth; global $wgOpenStackManagerLDAPUser; global $wgOpenStackManagerLDAPDefaultShell; global $wgOpenStackManagerLDAPServiceGroupBaseDN; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $projectPrefix = $project->getProjectName() . '.'; @@ -299,7 +296,7 @@ if ( $initialUser ) { $user = new OpenStackNovaUser( $initialUser ); if ( ! $user->userDN ) { - $wgAuth->printDebug( "Unable to find initial user $initialUser for new group $groupName", NONSENSITIVE ); + $ldap->printDebug( "Unable to find initial user $initialUser for new group $groupName", NONSENSITIVE ); return null; } $initialUserDN = $user->userDN; @@ -313,17 +310,17 @@ $group['objectclass'][] = 'groupofnames'; $group['cn'] = $groupName; $groupdn = 'cn=' . $groupName . ',' . $wgOpenStackManagerLDAPServiceGroupBaseDN; - $group['gidnumber'] = OpenStackNovaUser::getNextIdNumber( $wgAuth, 'gidnumber' ); + $group['gidnumber'] = OpenStackNovaUser::getNextIdNumber( $ldap, 'gidnumber' ); $group['member'] = array(); if ( $initialUser ) { $group['member'][] = $initialUserDN; } - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $groupdn, $group ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $groupdn, $group ); if ( $success ) { - $wgAuth->printDebug( "Successfully added service group $groupdn", NONSENSITIVE ); + $ldap->printDebug( "Successfully added service group $groupdn", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to add service group $groupdn", NONSENSITIVE ); + $ldap->printDebug( "Failed to add service group $groupdn", NONSENSITIVE ); return null; } @@ -347,12 +344,12 @@ $user['uid'] = $groupName; $user['sn'] = $groupName; $user['cn'] = $groupName; - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $userdn, $user ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $userdn, $user ); if ( $success ) { - $wgAuth->printDebug( "Successfully created service user $userdn", NONSENSITIVE ); + $ldap->printDebug( "Successfully created service user $userdn", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to create service user $userdn", NONSENSITIVE ); + $ldap->printDebug( "Failed to create service user $userdn", NONSENSITIVE ); return null; } @@ -363,10 +360,10 @@ array(), array( '/bin/chown -R ' . $groupName . '\:' . $groupName . ' ' . $homeDir ), array( '!authenticate' ) ) ) { - $wgAuth->printDebug( "Successfully created chmod sudo policy for $groupName", + $ldap->printDebug( "Successfully created chmod sudo policy for $groupName", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to creat chmod sudo policy for $groupName", + $ldap->printDebug( "Failed to creat chmod sudo policy for $groupName", NONSENSITIVE ); } @@ -377,10 +374,10 @@ array( $groupName ), array( 'ALL' ), array( '!authenticate' ) ) ) { - $wgAuth->printDebug( "Successfully created run-as sudo policy for $groupName", + $ldap->printDebug( "Successfully created run-as sudo policy for $groupName", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to creat run-as sudo policy for $groupName", + $ldap->printDebug( "Failed to creat run-as sudo policy for $groupName", NONSENSITIVE ); } @@ -394,32 +391,32 @@ * @return bool */ static function deleteServiceGroup( $groupName, $project ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); $group = self::getServiceGroupByName( $groupName, $project ); if ( !$group ) { - $wgAuth->printDebug( "We are trying to delete a nonexistent service group, $groupName", NONSENSITIVE ); + $ldap->printDebug( "We are trying to delete a nonexistent service group, $groupName", NONSENSITIVE ); return false; } # Delete our special member. - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $group->getSpecialUserDN() ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $group->getSpecialUserDN() ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted service user $groupName", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted service user $groupName", NONSENSITIVE ); } else { - $wgAuth->printDebug( "Failed to delete service user $groupName", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete service user $groupName", NONSENSITIVE ); return false; } # Now delete the group. - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $group->groupDN ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $group->groupDN ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted service group $groupName", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted service group $groupName", NONSENSITIVE ); $key = wfMemcKey( 'openstackmanager', 'servicegroup', $groupName ); $wgMemc->delete( $key ); } else { - $wgAuth->printDebug( "Failed to delete service group $groupName", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete service group $groupName", NONSENSITIVE ); return false; } diff --git a/nova/OpenStackNovaSudoer.php b/nova/OpenStackNovaSudoer.php index a5688c6..4d339c1 100644 --- a/nova/OpenStackNovaSudoer.php +++ b/nova/OpenStackNovaSudoer.php @@ -31,7 +31,6 @@ * @return void */ function fetchSudoerInfo() { - global $wgAuth; global $wgMemc; $key = wfMemcKey( 'openstackmanager', 'sudoerinfo', $this->project->getProjectName() . $this->sudoername ); @@ -41,9 +40,10 @@ if ( is_array( $sudoerInfo ) ) { $this->sudoerInfo = $sudoerInfo; } else { - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $this->project->getSudoersDN(), + $ldap = LdapAuthenticationPlugin::getInstance(); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $this->project->getSudoersDN(), '(cn=' . $this->sudoername . ')' ); - $this->sudoerInfo = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $this->sudoerInfo = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); $wgMemc->set( $key, $this->sudoerInfo, 3600 * 24 ); } if ( $this->sudoerInfo ) { @@ -129,9 +129,9 @@ * @return boolean */ function modifySudoer( $users, $runasuser, $commands, $options ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); $sudoer = array(); $sudoer['sudouser'] = array(); foreach ( $users as $user ) { @@ -150,28 +150,28 @@ $sudoer['sudooption'][] = $option; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->sudoerDN, $sudoer ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->sudoerDN, $sudoer ); if ( $success ) { - $wgAuth->printDebug( "Successfully modified sudoer $this->sudoerDN", NONSENSITIVE ); + $ldap->printDebug( "Successfully modified sudoer $this->sudoerDN", NONSENSITIVE ); $key = wfMemcKey( 'openstackmanager', 'sudoerinfo', $this->project->getProjectName() . $this->sudoername ); $wgMemc->delete( $key ); return true; } else { - $wgAuth->printDebug( "Failed to modify sudoer $this->sudoerDN", NONSENSITIVE ); + $ldap->printDebug( "Failed to modify sudoer $this->sudoerDN", NONSENSITIVE ); return false; } } function deleteUser( $username ) { - global $wgAuth; global $wgMemc; if ( isset( $this->sudoerInfo[0]['sudouser'] ) ) { + $ldap = LdapAuthenticationPlugin::getInstance(); $sudousers = $this->sudoerInfo[0]['sudouser']; array_shift( $sudousers ); $index = array_search( $username, $sudousers ); if ( $index === false ) { - $wgAuth->printDebug( "Failed to find userDN in sudouser list", NONSENSITIVE ); + $ldap->printDebug( "Failed to find userDN in sudouser list", NONSENSITIVE ); return false; } unset( $sudousers[$index] ); @@ -180,7 +180,7 @@ foreach ( $sudousers as $sudouser ) { $values['sudouser'][] = $sudouser; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->sudoerDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->sudoerDN, $values ); if ( $success ) { $key = wfMemcKey( 'openstackmanager', 'sudoerinfo', $this->project->getProjectName() . $this->sudoername ); $wgMemc->delete( $key ); @@ -197,15 +197,14 @@ * @return array of OpenStackNovaSudoer */ static function getAllSudoersByProject( $projectName ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $sudoers = array(); $project = OpenStackNovaProject::getProjectByName( $projectName ); - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $project->getSudoersDN(), '(&(cn=*)(objectclass=sudorole))' ); + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $project->getSudoersDN(), '(&(cn=*)(objectclass=sudorole))' ); if ( $result ) { - $entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $entries = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( $entries ) { # First entry is always a count array_shift( $entries ); @@ -250,8 +249,7 @@ * @return null|OpenStackNovaSudoer */ static function createSudoer( $sudoername, $projectName, $users, $runasuser, $commands, $options ) { - global $wgAuth; - + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $sudoer = array(); @@ -273,12 +271,12 @@ $project = OpenStackNovaProject::getProjectByName( $projectName ); $dn = 'cn=' . $sudoername . ',' . $project->getSudoersDN(); - $success = LdapAuthenticationPlugin::ldap_add( $wgAuth->ldapconn, $dn, $sudoer ); + $success = LdapAuthenticationPlugin::ldap_add( $ldap->ldapconn, $dn, $sudoer ); if ( $success ) { - $wgAuth->printDebug( "Successfully added sudoer $sudoername", NONSENSITIVE ); + $ldap->printDebug( "Successfully added sudoer $sudoername", NONSENSITIVE ); return new OpenStackNovaSudoer( $sudoername, $project ); } else { - $wgAuth->printDebug( "Failed to add sudoer $sudoername", NONSENSITIVE ); + $ldap->printDebug( "Failed to add sudoer $sudoername", NONSENSITIVE ); return null; } } @@ -292,27 +290,27 @@ * @return bool */ static function deleteSudoer( $sudoername, $projectName ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); OpenStackNovaLdapConnection::connect(); $project = OpenStackNovaProject::getProjectByName( $projectName ); $sudoer = new OpenStackNovaSudoer( $sudoername, $project ); if ( ! $sudoer ) { - $wgAuth->printDebug( "Sudoer $sudoername does not exist", NONSENSITIVE ); + $ldap->printDebug( "Sudoer $sudoername does not exist", NONSENSITIVE ); return false; } $dn = $sudoer->sudoerDN; - $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); + $success = LdapAuthenticationPlugin::ldap_delete( $ldap->ldapconn, $dn ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted sudoer $sudoername", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted sudoer $sudoername", NONSENSITIVE ); $key = wfMemcKey( 'openstackmanager', 'sudoerinfo', $projectName . $sudoername ); $wgMemc->delete( $key ); return true; } else { - $wgAuth->printDebug( "Failed to delete sudoer $sudoername", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete sudoer $sudoername", NONSENSITIVE ); return false; } } diff --git a/nova/OpenStackNovaUser.php b/nova/OpenStackNovaUser.php index a791e89..1122f18 100644 --- a/nova/OpenStackNovaUser.php +++ b/nova/OpenStackNovaUser.php @@ -26,25 +26,26 @@ * @return void */ function fetchUserInfo() { - global $wgAuth, $wgUser; + global $wgUser; + $ldap = LdapAuthenticationPlugin::getInstance(); if ( $this->username ) { - $this->userDN = $wgAuth->getUserDN( strtolower( $this->username ) ); - $wgAuth->printDebug( "Fetching userdn using username: $this->userDN ", NONSENSITIVE ); + $this->userDN = $ldap->getUserDN( strtolower( $this->username ) ); + $ldap->printDebug( "Fetching userdn using username: $this->userDN ", NONSENSITIVE ); if ( ! $this->userDN ) { - $this->userDN = $wgAuth->getUserDN( strtolower( $this->username ), false, "uid" ); - $wgAuth->printDebug( "Fetching userdn using shell name: $this->userDN ", NONSENSITIVE ); + $this->userDN = $ldap->getUserDN( strtolower( $this->username ), false, "uid" ); + $ldap->printDebug( "Fetching userdn using shell name: $this->userDN ", NONSENSITIVE ); # We want the actual username, not the id that was passed in. - $this->userInfo = $wgAuth->userInfo; + $this->userInfo = $ldap->userInfo; $this->username = $this->userInfo[0]['cn'][0]; } } else { - $this->userDN = $wgAuth->getUserDN( strtolower( $wgUser->getName() ) ); + $this->userDN = $ldap->getUserDN( strtolower( $wgUser->getName() ) ); $this->username = $wgUser->getName(); - $wgAuth->printDebug( "Fetching userdn using wiki name: " . $wgUser->getName(), NONSENSITIVE ); + $ldap->printDebug( "Fetching userdn using wiki name: " . $wgUser->getName(), NONSENSITIVE ); } - $this->userInfo = $wgAuth->userInfo; + $this->userInfo = $ldap->userInfo; } /** @@ -133,8 +134,6 @@ * @return array */ function getKeypairs() { - global $wgAuth; - $this->fetchUserInfo(); if ( isset( $this->userInfo[0]['sshpublickey'] ) ) { $keys = $this->userInfo[0]['sshpublickey']; @@ -146,7 +145,8 @@ } return $keypairs; } else { - $wgAuth->printDebug( "No keypairs found", NONSENSITIVE ); + $ldap = LdapAuthenticationPlugin::getInstance(); + $ldap->printDebug( "No keypairs found", NONSENSITIVE ); return array(); } } @@ -174,7 +174,7 @@ * @return array of rolenames */ function getRoles() { - global $wgAuth, $wgMemc; + global $wgMemc; global $wgOpenStackManagerLDAPProjectBaseDN; $key = wfMemcKey( 'openstackmanager', 'roles', $this->username ); @@ -206,7 +206,6 @@ * @return bool */ function inProject( $project ) { - global $wgAuth; global $wgOpenStackManagerLDAPProjectBaseDN; global $wgMemc; @@ -229,7 +228,6 @@ * @return bool */ function inRole( $role, $projectname ) { - global $wgAuth; global $wgMemc; if ( !$projectname ) { @@ -265,9 +263,9 @@ * @return bool */ function importKeypair( $key ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); $keypairs = array(); if ( isset( $this->userInfo[0]['sshpublickey'] ) ) { $keypairs = $this->userInfo[0]['sshpublickey']; @@ -276,16 +274,16 @@ $keypairs[] = $key; $values = array(); $values['sshpublickey'] = $keypairs; - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->userDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->userDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully imported the user's sshpublickey", NONSENSITIVE ); + $ldap->printDebug( "Successfully imported the user's sshpublickey", NONSENSITIVE ); $key = wfMemcKey( 'ldapauthentication', "userinfo", $this->userDN ); - $wgAuth->printDebug( "Deleting memcache key: $key.", NONSENSITIVE ); + $ldap->printDebug( "Deleting memcache key: $key.", NONSENSITIVE ); $wgMemc->delete( $key ); $this->fetchUserInfo(); return true; } else { - $wgAuth->printDebug( "Failed to import the user's sshpublickey", NONSENSITIVE ); + $ldap->printDebug( "Failed to import the user's sshpublickey", NONSENSITIVE ); return false; } } @@ -295,15 +293,15 @@ * @return bool */ function deleteKeypair( $key ) { - global $wgAuth; global $wgMemc; + $ldap = LdapAuthenticationPlugin::getInstance(); if ( isset( $this->userInfo[0]['sshpublickey'] ) ) { $keypairs = $this->userInfo[0]['sshpublickey']; array_shift( $keypairs ); $index = array_search( $key, $keypairs ); if ( $index === false ) { - $wgAuth->printDebug( "Unable to find the sshpublickey to be deleted", NONSENSITIVE ); + $ldap->printDebug( "Unable to find the sshpublickey to be deleted", NONSENSITIVE ); return false; } unset( $keypairs[$index] ); @@ -312,20 +310,20 @@ foreach ( $keypairs as $keypair ) { $values['sshpublickey'][] = $keypair; } - $success = LdapAuthenticationPlugin::ldap_modify( $wgAuth->ldapconn, $this->userDN, $values ); + $success = LdapAuthenticationPlugin::ldap_modify( $ldap->ldapconn, $this->userDN, $values ); if ( $success ) { - $wgAuth->printDebug( "Successfully deleted the user's sshpublickey", NONSENSITIVE ); + $ldap->printDebug( "Successfully deleted the user's sshpublickey", NONSENSITIVE ); $key = wfMemcKey( 'ldapauthentication', "userinfo", $this->userDN ); - $wgAuth->printDebug( "Deleting memcache key: $key.", NONSENSITIVE ); + $ldap->printDebug( "Deleting memcache key: $key.", NONSENSITIVE ); $wgMemc->delete( $key ); $this->fetchUserInfo(); return true; } else { - $wgAuth->printDebug( "Failed to delete the user's sshpublickey", NONSENSITIVE ); + $ldap->printDebug( "Failed to delete the user's sshpublickey", NONSENSITIVE ); return false; } } else { - $wgAuth->printDebug( "User does not have a sshpublickey attribute", NONSENSITIVE ); + $ldap->printDebug( "User does not have a sshpublickey attribute", NONSENSITIVE ); return false; } } @@ -501,22 +499,22 @@ static function AbortNewAccount( $user, &$message ) { global $wgRequest; - global $wgAuth; global $wgUser; + $ldap = LdapAuthenticationPlugin::getInstance(); $shellaccountname = $wgRequest->getText( 'shellaccountname' ); if ( ! preg_match( "/^[a-z][a-z0-9\-_]*$/", $shellaccountname ) ) { - $wgAuth->printDebug( "Invalid shell name $shellaccountname", NONSENSITIVE ); + $ldap->printDebug( "Invalid shell name $shellaccountname", NONSENSITIVE ); $message = wfMessage( 'openstackmanager-shellaccountvalidationfail' )->parse(); return false; } - $base = USERDN; - $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $base, "(uid=$shellaccountname)" ); + $base = USERDN; + $result = LdapAuthenticationPlugin::ldap_search( $ldap->ldapconn, $base, "(uid=$shellaccountname)" ); if ( $result ) { - $entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); + $entries = LdapAuthenticationPlugin::ldap_get_entries( $ldap->ldapconn, $result ); if ( (int)$entries['count'] > 0 ) { - $wgAuth->printDebug( "User $shellaccountname already exists.", NONSENSITIVE ); + $ldap->printDebug( "User $shellaccountname already exists.", NONSENSITIVE ); $message = wfMessage( 'openstackmanager-shellaccountexists' )->parse(); return false; } diff --git a/special/SpecialNovaInstance.php b/special/SpecialNovaInstance.php index b638c05..626b767 100644 --- a/special/SpecialNovaInstance.php +++ b/special/SpecialNovaInstance.php @@ -641,7 +641,6 @@ */ function tryCreateSubmit( $formData, $entryPoint = 'internal' ) { global $wgUser; - global $wgAuth; $domain = OpenStackNovaDomain::getDomainByName( $formData['region'] ); $project = $formData['project']; -- To view, visit https://gerrit.wikimedia.org/r/296514 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7f5115c0fe68c05d26514b089db4e61cc2d440a7 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/OpenStackManager Gerrit-Branch: REL1_27 Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Anomie <bjor...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits