/** * Hook to inject HTML content into all pages... * * @param array &$hookinfo hookinfo */ function portal_hook_htmlinject(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("pre", $hookinfo)'); assert('array_key_exists("post", $hookinfo)'); assert('array_key_exists("page", $hookinfo)'); $links = array('links' => array()); SimpleSAML_Module::callHooks('frontpage', $links); $portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php'); $allLinks = array(); foreach ($links as $ls) { $allLinks = array_merge($allLinks, $ls); } $pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation'))); SimpleSAML_Module::callHooks('portalextras', $pagesets); $portal = new sspmod_portal_Portal($allLinks, $pagesets); if (!$portal->isPortalized($hookinfo['page'])) { return; } // Include jquery UI CSS files in header. $hookinfo['jquery']['css'] = TRUE; $hookinfo['jquery']['version'] = '1.6'; // Header $hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">'; // Footer $hookinfo['post'][] = '</div></div>'; }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function sanitycheck_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); SimpleSAML_Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] '); try { $sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php'); $cronTag = $sconfig->getString('cron_tag', NULL); if ($cronTag === NULL || $cronTag !== $croninfo['tag']) { return; } $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML_Module::callHooks('sanitycheck', $hookinfo); if (count($errors) > 0) { foreach ($errors as $err) { $croninfo['summary'][] = 'Sanitycheck error: ' . $err; } } } catch (Exception $e) { $croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage(); } }
/** * Hook to do sanitycheck * * @param array &$hookinfo hookinfo */ function core_hook_sanitycheck(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("errors", $hookinfo)'); assert('array_key_exists("info", $hookinfo)'); $config = SimpleSAML_Configuration::getInstance(); if ($config->getString('auth.adminpassword', '123') === '123') { $hookinfo['errors'][] = '[core] Password in config.php is not set properly'; } else { $hookinfo['info'][] = '[core] Password in config.php is set properly'; } if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') { $hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly'; } else { $hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly'; } if (version_compare(phpversion(), '5.3', '>=')) { $hookinfo['info'][] = '[core] You are running PHP version ' . phpversion() . '. Great.'; } else { $hookinfo['errors'][] = '[core] You are running PHP version ' . phpversion() . '. SimpleSAMLphp requires version >= 5.3. Please upgrade!'; } $info = array(); $mihookinfo = array('info' => &$info); $availmodules = SimpleSAML_Module::getModules(); SimpleSAML_Module::callHooks('moduleinfo', $mihookinfo); foreach ($info as $mi => $i) { if (isset($i['dependencies']) && is_array($i['dependencies'])) { foreach ($i['dependencies'] as $dep) { if (!in_array($dep, $availmodules)) { $hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep; } } } } }
<?php /** * Support the htmlinject hook, which allows modules to change header, pre and post body on all pages. */ $this->data['htmlinject'] = array('htmlContentPre' => array(), 'htmlContentPost' => array(), 'htmlContentHead' => array()); $jquery = array(); if (array_key_exists('jquery', $this->data)) { $jquery = $this->data['jquery']; } if (array_key_exists('pageid', $this->data)) { $hookinfo = array('pre' => &$this->data['htmlinject']['htmlContentPre'], 'post' => &$this->data['htmlinject']['htmlContentPost'], 'head' => &$this->data['htmlinject']['htmlContentHead'], 'jquery' => &$jquery, 'page' => $this->data['pageid']); SimpleSAML_Module::callHooks('htmlinject', $hookinfo); } // - o - o - o - o - o - o - o - o - o - o - o - o - /** * Do not allow to frame simpleSAMLphp pages from another location. * This prevents clickjacking attacks in modern browsers. * * If you don't want any framing at all you can even change this to * 'DENY', or comment it out if you actually want to allow foreign * sites to put simpleSAMLphp in a frame. The latter is however * probably not a good security practice. */ header('X-Frame-Options: SAMEORIGIN'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1.0" />
<?php $config = SimpleSAML_Configuration::getInstance(); $sconfig = SimpleSAML_Configuration::getConfig('config-sanitycheck.php'); $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML_Module::callHooks('sanitycheck', $hookinfo); if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'text') { if (count($errors) === 0) { echo 'OK'; } else { echo 'FAIL'; } exit; } $t = new SimpleSAML_XHTML_Template($config, 'sanitycheck:check-tpl.php'); $t->data['pageid'] = 'sanitycheck'; $t->data['errors'] = $errors; $t->data['info'] = $info; $t->show();
} } SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } // Prepare attributes for presentation $attributes = $state['Attributes']; $noconsentattributes = $state['consent:noconsentattributes']; // Remove attributes that do not require consent foreach ($attributes as $attrkey => $attrval) { if (in_array($attrkey, $noconsentattributes)) { unset($attributes[$attrkey]); } } $para = array('attributes' => &$attributes); // Reorder attributes according to attributepresentation hooks SimpleSAML_Module::callHooks('attributepresentation', $para); // Make, populate and layout consent form $t = new SimpleSAML_XHTML_Template($globalConfig, 'consent:consentform.php'); $t->data['srcMetadata'] = $state['Source']; $t->data['dstMetadata'] = $state['Destination']; $t->data['yesTarget'] = SimpleSAML_Module::getModuleURL('consent/getconsent.php'); $t->data['yesData'] = array('StateId' => $id); $t->data['noTarget'] = SimpleSAML_Module::getModuleURL('consent/noconsent.php'); $t->data['noData'] = array('StateId' => $id); $t->data['attributes'] = $attributes; $t->data['checked'] = $state['consent:checked']; // Fetch privacypolicy if (array_key_exists('privacypolicy', $state['Destination'])) { $privacypolicy = $state['Destination']['privacypolicy']; } elseif (array_key_exists('privacypolicy', $state['Source'])) { $privacypolicy = $state['Source']['privacypolicy'];
} if (extension_loaded('suhosin')) { $suhosinLength = ini_get('suhosin.get.max_value_length'); if (empty($suhosinLength) || (int) $suhosinLength < 2048) { $warnings[] = '{core:frontpage:warnings_suhosin_url_length}'; } } $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'example-simple/hostnames.php?dummy=1', 'text' => '{core:frontpage:link_diagnostics}'); $links_config[] = array('href' => SimpleSAML_Utilities::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $enablematrix = array('saml20-idp' => $config->getBoolean('enable.saml20-idp', false), 'shib13-idp' => $config->getBoolean('enable.shib13-idp', false)); $functionchecks = array('hash' => array('required', 'Hashing function'), 'gzinflate' => array('required', 'ZLib'), 'openssl_sign' => array('required', 'OpenSSL'), 'simplexml_import_dom' => array('required', 'SimpleXML'), 'dom_import_simplexml' => array('required', 'XML DOM'), 'preg_match' => array('required', 'RegEx support'), 'mcrypt_module_open' => array('required', 'MCrypt'), 'mysql_connect' => array('optional', 'MySQL support')); if (SimpleSAML_Module::isModuleEnabled('ldap')) { $functionchecks['ldap_bind'] = array('required_ldap', 'LDAP Extension'); } if (SimpleSAML_Module::isModuleEnabled('radius')) { $functionchecks['radius_auth_open'] = array('required_radius', 'Radius Extension'); } $funcmatrix = array(); $funcmatrix[] = array('required' => 'required', 'descr' => 'PHP Version >= 5.2. You run: ' . phpversion(), 'enabled' => version_compare(phpversion(), '5.2', '>=')); foreach ($functionchecks as $func => $descr) { $funcmatrix[] = array('descr' => $descr[1], 'required' => $descr[0], 'enabled' => function_exists($func)); } /* Some basic configuration checks */ if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') {
if ($_REQUEST['key'] !== $cronconfig->getValue('key')) { SimpleSAML_Logger::error('Cron - Wrong key provided. Cron will not run.'); exit; } } if (!is_null($cronconfig->getValue('allowed_tags'))) { if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) { SimpleSAML_Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].'); exit; } } $summary = array(); $croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']); $url = SimpleSAML_Utilities::selfURL(); $time = date(DATE_RFC822); SimpleSAML_Module::callHooks('cron', $croninfo); foreach ($summary as $s) { SimpleSAML_Logger::debug('Cron - Summary: ' . $s); } if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) { $message = '<h1>Cron report</h1><p>Cron ran at ' . $time . '</p>' . '<p>URL: <tt>' . $url . '</tt></p>' . '<p>Tag: ' . $croninfo['tag'] . "</p>\n\n" . '<ul><li>' . join('</li><li>', $summary) . '</li></ul>'; $toaddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toaddress == '*****@*****.**') { SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { $email = new SimpleSAML_XHTML_EMail($toaddress, 'simpleSAMLphp cron report', '*****@*****.**'); $email->setBody($message); $email->send(); } } if (isset($_REQUEST['output']) && $_REQUEST['output'] == "xhtml") {
function getLoginInfo($t, $thispage) { $info = array('info' => '', 'template' => $t, 'thispage' => $thispage); SimpleSAML_Module::callHooks('portalLoginInfo', $info); return $info['info']; }
/** * This function is called when the user start a logout operation, for example * by logging out of a SP that supports single logout. * * @param array &$state The logout state array. */ public function logout(&$state) { assert('is_array($state)'); SimpleSAML_Module::callHooks('openidconnect_logout', $state); }
} $loginurl = SimpleSAML\Utils\Auth::getAdminLoginURL(); $isadmin = SimpleSAML\Utils\Auth::isAdmin(); $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); if ($config->getBoolean('idpdisco.enableremember', FALSE)) { $links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}'); } $links_federation[] = array('href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML_Module::callHooks('frontpage', $allLinks); $metadataHosted = array(); SimpleSAML_Module::callHooks('metadata_hosted', $metadataHosted); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $metaentries = array('hosted' => $metadataHosted, 'remote' => array()); if ($isadmin) { $metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote'); $metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote'); } if ($config->getBoolean('enable.saml20-idp', FALSE) === true) { try { $metaentries['hosted']['saml20-idp'] = $metadata->getMetaDataCurrent('saml20-idp-hosted'); $metaentries['hosted']['saml20-idp']['metadata-url'] = '/' . $config->getBaseURL() . 'saml2/idp/metadata.php?output=xhtml'; if ($isadmin) { $metaentries['remote']['saml20-sp-remote'] = $metadata->getList('saml20-sp-remote'); } } catch (Exception $e) { }
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. * * ************************************************************************** */ /** * Punto de entrada de ejecución del módulo. * * @package IdPRef\modules\idpinstaller * @author "PRiSE [Auditoria y Consultoria de privacidad y Seguridad, S.L.]" * @copyright Copyright (C) 2014 - 2015 by the Spanish Research and Academic * Network * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 * @version 0.3-Sprint3-R57 */ include_once __DIR__ . '/../lib/functions.php'; $info = array(); $errors = array(); $errors2 = array(); $warning = array(); $step = 1; if (isset($_REQUEST['step'])) { $step = $_REQUEST['step']; } $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'idpinstaller:stepn.php'); $sirinfo = array('info' => &$info, 'errors' => &$errors, 'errors2' => &$errors2, 'warning' => &$warning, 'step' => &$step, 'ssphpobj' => $t); SimpleSAML_Module::callHooks("step{$step}", $sirinfo); $t->data['sir'] = $sirinfo; $t->show();