public function newuser()
{
if (empty($_POST['adminaccesskey'])) {
echo json_encode(array('e' => 1, 'm' => __('You need to enter an admin access key', 'updraftplus')));
die;
}
if (empty($_POST['adminsecret'])) {
echo json_encode(array('e' => 1, 'm' => __('You need to enter an admin secret key', 'updraftplus')));
die;
}
if (empty($_POST['newuser'])) {
echo json_encode(array('e' => 1, 'm' => __('You need to enter a new IAM username', 'updraftplus')));
die;
}
if (empty($_POST['bucket'])) {
echo json_encode(array('e' => 1, 'm' => __('You need to enter a bucket', 'updraftplus')));
die;
}
if (empty($_POST['region'])) {
$_POST['region'] = 'us-east-1';
}
if (empty($_POST['rrs'])) {
$_POST['rrs'] = false;
}
$allow_download = !empty($_POST['allowdownload']) ? true : false;
$allow_delete = !empty($_POST['allowdelete']) ? true : false;
global $updraftplus;
require_once UPDRAFTPLUS_DIR . '/methods/s3.php';
$method = new UpdraftPlus_BackupModule_s3();
$useservercerts = !empty($_POST['useservercerts']);
$disableverify = !empty($_POST['disableverify']);
$nossl = !empty($_POST['nossl']);
$adminaccesskey = stripslashes($_POST['adminaccesskey']);
$adminsecret = stripslashes($_POST['adminsecret']);
$region = $_POST['region'];
try {
$service = $method->getS3($adminaccesskey, $adminsecret, $useservercerts, $disableverify, $nossl);
if (!is_a($service, 'UpdraftPlus_S3_Compat')) {
$msg = __('Cannot create new AWS user, since the old AWS toolkit is being used.', 'updraftplus');
echo json_encode(array('e' => 1, 'm' => __('Error:', 'updraftplus') . ' ' . $msg));
$updraftplus->log('Cannot create new AWS user, since the old AWS toolkit is being used.');
$updraftplus->log($msg, 'error');
return false;
}
} catch (AuthenticationError $e) {
echo json_encode(array('e' => 1, 'm' => __('Error:', 'updraftplus') . ' ' . $e->getMessage()));
$updraftplus->log('AWS authentication failed (' . $e->getMessage() . ')');
$updraftplus->log(__('AWS authentication failed', 'updraftplus') . ' (' . $e->getMessage() . ')', 'error');
return false;
} catch (Exception $e) {
echo json_encode(array('e' => 1, 'm' => __('Error:', 'updraftplus') . ' ' . $e->getMessage()));
return false;
}
# Create the bucket if necessary
# Get the bucket
$path = stripslashes($_POST['bucket']);
if (preg_match("#^/*([^/]+)/(.*)\$#", $path, $bmatches)) {
$bucket = $bmatches[1];
$path = trailingslashit($bmatches[2]);
} else {
$bucket = $path;
$path = "";
}
$location = @$service->getBucketLocation($bucket);
if ($location) {
$bucket_exists = true;
$bucket_verb = __('Region', 'updraftplus') . ": {$location}: ";
}
if (!isset($bucket_exists)) {
$service->useDNSBucketName(true);
$gb = @$service->getBucket($bucket, null, null, 1);
if ($gb !== false) {
$bucket_exists = true;
$location = '';
$bucket_verb = '';
}
}
if (!isset($bucket_exists)) {
$service->setExceptions(true);
try {
$try_to_create_bucket = @$service->putBucket($bucket, 'private', $region);
} catch (Exception $e) {
$try_to_create_bucket = false;
$s3_error = $e->getMessage();
}
$service->setExceptions(false);
if ($try_to_create_bucket) {
$bucket_verb = '';
$gb = $try_to_create_bucket;
} else {
$msg = __("Failure: We could not successfully access or create such a bucket. Please check your access credentials, and if those are correct then try another bucket name (as another AWS user may already have taken your name).", 'updraftplus');
if (isset($s3_error)) {
$msg .= "\n\n" . sprintf(__('The error reported by %s was:', 'updraftplus'), 'S3') . ' ' . $s3_error;
}
echo json_encode(array('e' => 1, 'm' => $msg));
die;
}
}
# Create the new IAM user
require_once UPDRAFTPLUS_DIR . '/oc/autoload.php';
$credentials = array('key' => $adminaccesskey, 'secret' => $adminsecret);
$iam = IamClient::factory($credentials);
//Try create a new Iam user
try {
$response = $iam->createUser(array('Path' => '/updraftplus/', 'UserName' => $_POST['newuser']));
} catch (Guzzle\Http\Exception\ClientErrorResponseException $e) {
$response = $e->getResponse();
$code = $response->getStatusCode();
$reason = $response->getReasonPhrase();
if (403 == $code) {
echo json_encode(array('e' => 1, 'm' => __('Authorisation failed (check your credentials)', 'updraftplus')));
} elseif (409 == $code && 'Conflict' == $reason) {
echo json_encode(array('e' => 1, 'm' => __('Conflict: that user already exists', 'updraftplus')));
} else {
echo json_encode(array('e' => 1, 'm' => sprintf(__('IAM operation failed (%s)', 'updraftplus'), 5) . " (" . $e->getMessage() . ') (' . get_class($e) . ')'));
}
die;
} catch (Exception $e) {
echo json_encode(array('e' => 1, 'm' => sprintf(__('IAM operation failed (%s)', 'updraftplus'), 4) . ' (' . $e->getMessage() . ') (' . get_class($e) . ')'));
die;
}
if (empty($response['User']['UserId']) || empty($response['User']['CreateDate']) || empty($response['User']['UserName'])) {
echo json_encode(array('e' => 1, 'm' => sprintf(__('IAM operation failed (%s)', 'updraftplus'), 3)));
die;
}
$user = $response['User']['UserName'];
$id = $response['User']['UserId'];
$arn = $response['User']['Arn'];
//Add the User to the bucket
# Get the user API key
try {
$response = $iam->createAccessKey(array('UserName' => $user));
} catch (Guzzle\Http\Exception\ClientErrorResponseException $e) {
echo json_encode(array('e' => 1, 'm' => __('Failed to create user Access Key', 'updraftplus') . " (" . $e->getMessage() . ') (' . get_class($e) . ')'));
die;
} catch (Exception $e) {
echo json_encode(array('e' => 1, 'm' => __('Operation to create user Access Key failed', 'updraftplus')));
die;
}
if (empty($response['AccessKey']['UserName']) || empty($response['AccessKey']['AccessKeyId']) || empty($response['AccessKey']['SecretAccessKey'])) {
echo json_encode(array('e' => 1, 'm' => __('Operation to create user Access Key failed', 'updraftplus') . ' (2)'));
die;
}
$key = $response['AccessKey']['AccessKeyId'];
$secret = $response['AccessKey']['SecretAccessKey'];
//policy document
$pol_doc = '{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::' . $bucket . '",
"Condition": {}
},
{
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",';
if ($allow_delete) {
$pol_doc .= '
"s3:DeleteObject",
"s3:DeleteObjectVersion",';
}
if ($allow_download) {
$pol_doc .= '
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",';
}
$pol_doc .= '
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion"
],
"Resource": "arn:aws:s3:::' . $bucket . '/*",
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*",
"Condition": {}
}
]
}';
try {
$response = $iam->putUserPolicy(array('UserName' => $user, 'PolicyName' => $user . 'updraftpolicy', 'PolicyDocument' => $pol_doc));
} catch (Guzzle\Http\Exception\ClientErrorResponseException $e) {
echo json_encode(array('e' => 1, 'm' => __('Failed to apply User Policy', 'updraftplus') . " (" . $e->getMessage() . ') (' . get_class($e) . ')'));
die;
} catch (Exception $e) {
echo json_encode(array('e' => 1, 'm' => __('Failed to apply User Policy' . $e->getMessage())));
die;
}
echo json_encode(array('e' => 0, 'u' => htmlspecialchars($user), 'k' => htmlspecialchars($key), 's' => htmlspecialchars($secret), 'l' => $region, 'c' => $bucket, 'm' => htmlspecialchars(sprintf(__("Username: %s", 'updraftplus'), $user)) . "<br>" . htmlspecialchars(sprintf(__("Access Key: %s", 'updraftplus'), $key)) . "<br>" . htmlspecialchars(sprintf(__("Secret Key: %s", 'updraftplus'), $secret))));
die;
}