/**
* Initialize CAS client
*
*/
private function cas_init() {
if (!$this->cas_inited) {
// retrieve configurations
$cfg = rcmail::get_instance()->config->all();
// include phpCAS
require_once('/usr/share/php/CAS/CAS.php');
phpCAS::setDebug('/var/log/lcs/casdebug.log');
// initialize CAS client
if ($cfg['cas_proxy']) {
phpCAS::proxy(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false);
// set URL for PGT callback
phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback')));
// set PGT storage
#phpCAS::setPGTStorageFile('xml', $cfg['cas_pgt_dir']);
phpCAS::setPGTStorageFile($cfg['cas_pgt_dir']);
}
else {
phpCAS::client(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false);
}
// set service URL for authorization with CAS server
phpCAS::setFixedServiceURL($this->generate_url(array('action' => 'login', 'task' => 'mail')));
// set SSL validation for the CAS server
if ($cfg['cas_validation'] == 'self') {
phpCAS::setCasServerCert($cfg['cas_cert']);
}
else if ($cfg['cas_validation'] == 'ca') {
phpCAS::setCasServerCACert($cfg['cas_cert']);
}
else {
phpCAS::setNoCasServerValidation();
}
// set login and logout URLs of the CAS server
phpCAS::setServerLoginURL($cfg['cas_login_url']);
phpCAS::setServerLogoutURL($cfg['cas_logout_url']);
$this->cas_inited = true;
}
}
/**
* Constructor
*
* Carry out sanity checks to ensure the object is
* able to operate. Set capabilities.
*
* @author Fabian Bircher <*****@*****.**>
*/
public function __construct()
{
parent::__construct();
global $config_cascade;
global $conf;
// allow the preloading to configure other user files
if (isset($config_cascade['plaincasauth.users']) && isset($config_cascade['plaincasauth.users']['default'])) {
$this->casuserfile = $config_cascade['plaincasauth.users']['default'];
} else {
$this->casuserfile = DOKU_CONF . 'users.auth.plaincas.php';
}
$this->localuserfile = $config_cascade['plainauth.users']['default'];
// check the state of the file with the users and attempt to create it.
if (!@is_readable($this->casuserfile)) {
if (!fopen($this->casuserfile, 'w')) {
msg("plainCAS: The CAS users file could not be opened.", -1);
$this->success = false;
} elseif (!@is_readable($this->casuserfile)) {
$this->success = false;
} else {
$this->success = true;
}
// die( "bitch!" );
}
if ($this->success) {
// the users are not managable through the wiki
$this->cando['addUser'] = false;
$this->cando['delUser'] = true;
$this->cando['modLogin'] = false;
//keep this false as CAS name is constant
$this->cando['modPass'] = false;
$this->cando['modName'] = false;
$this->cando['modMail'] = false;
$this->cando['modGroups'] = false;
$this->cando['getUsers'] = true;
$this->cando['getUserCount'] = true;
$this->cando['external'] = preg_match("#(bot)|(slurp)|(netvibes)#i", $_SERVER['HTTP_USER_AGENT']) ? false : true;
//Disable CAS redirection for bots/crawlers/readers
$this->cando['login'] = true;
$this->cando['logout'] = true;
$this->cando['logoff'] = true;
// The default options which need to be set in the settins file.
$defaults = array('logFile' => NULL, 'cert' => NULL, 'cacert' => NULL, 'debug' => false, 'settings_file' => DOKU_CONF . 'plaincas.settings.php', 'defaultgroup' => $conf['defaultgroup'], 'superuser' => $conf['superuser']);
$this->_options = (array) $conf['plugin']['authplaincas'] + $defaults;
// Options are set in the configuration and have a proper default value there.
$this->_options['server'] = $this->getConf('server');
$this->_options['rootcas'] = $this->getConf('rootcas');
$this->_options['port'] = $this->getConf('port');
$this->_options['samlValidate'] = $this->getConf('samlValidate');
$this->_options['autologin'] = $this->getConf('autologinout');
// $this->getConf('autologin');
$this->_options['caslogout'] = $this->getConf('autologinout');
// $this->getConf('caslogout');
$this->_options['handlelogoutrequest'] = $this->getConf('handlelogoutrequest');
$this->_options['handlelogoutrequestTrustedHosts'] = $this->getConf('handlelogoutrequestTrustedHosts');
$this->_options['minimalgroups'] = $this->getConf('minimalgroups');
$this->_options['localusers'] = $this->getConf('localusers');
// $this->_options['defaultgroup'] = $this->getConf('defaultgroup');
// $this->_options['superuser'] = $this->getConf('superuser');
// no local users at the moment
$this->_options['localusers'] = false;
if ($this->_options['localusers'] && !@is_readable($this->localuserfile)) {
msg("plainCAS: The local users file is not readable.", -1);
$this->success = false;
}
if ($this->_getOption("logFile")) {
phpCAS::setDebug($this->_getOption("logFile"));
}
//If $conf['auth']['cas']['logFile'] exist we start phpCAS in debug mode
$server_version = CAS_VERSION_2_0;
if ($this->_getOption("samlValidate")) {
$server_version = SAML_VERSION_1_1;
}
phpCAS::client($server_version, $this->_getOption('server'), (int) $this->_getOption('port'), $this->_getOption('rootcas'), true);
//Note the last argument true, to allow phpCAS to change the session_id so he will be able to destroy the session after a CAS logout request - Enable Single Sign Out
// curl extension is needed
if (!function_exists('curl_init')) {
if ($this->_getOption('debug')) {
msg("CAS err: CURL extension not found.", -1, __LINE__, __FILE__);
}
$this->success = false;
return;
}
// automatically log the user when there is a cas session opened
if ($this->_getOption('autologin')) {
phpCAS::setCacheTimesForAuthRecheck(1);
} else {
phpCAS::setCacheTimesForAuthRecheck(-1);
}
if ($this->_getOption('cert')) {
phpCAS::setCasServerCert($this->_getOption('cert'));
} elseif ($this->_getOption('cacert')) {
phpCAS::setCasServerCACert($this->_getOption('cacert'));
} else {
phpCAS::setNoCasServerValidation();
}
if ($this->_getOption('handlelogoutrequest')) {
phpCAS::handleLogoutRequests(true, $this->_getOption('handlelogoutrequestTrustedHosts'));
} else {
phpCAS::handleLogoutRequests(false);
}
if (@is_readable($this->_getOption('settings_file'))) {
include_once $this->_getOption('settings_file');
} else {
include_once DOKU_PLUGIN . 'authplaincas/plaincas.settings.php';
}
}
//
}
