Esempio n. 1
0
 /**
  * Apply filter to validate attributes.
  *
  * @param array &$request  The current request
  */
 public function process(&$request)
 {
     $authorize = FALSE;
     assert('is_array($request)');
     assert('array_key_exists("Attributes", $request)');
     $attributes =& $request['Attributes'];
     foreach ($this->valid_attribute_values as $name => $patterns) {
         if (array_key_exists($name, $attributes)) {
             foreach ($patterns as $pattern) {
                 $values = $attributes[$name];
                 if (!is_array($values)) {
                     $values = array($values);
                 }
                 foreach ($values as $value) {
                     if (preg_match($pattern, $value)) {
                         $authorize = TRUE;
                         break 3;
                     }
                 }
             }
         }
     }
     if (!$authorize) {
         /* Save state and redirect to 403 page. */
         $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize');
         $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php');
         SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
     }
 }
Esempio n. 2
0
 /**
  * Retrieve our singleton instance.
  *
  * @return SimpleSAML_Store|false  The data store, or false if it isn't enabled.
  */
 public static function getInstance()
 {
     if (self::$instance !== null) {
         return self::$instance;
     }
     $config = SimpleSAML_Configuration::getInstance();
     $storeType = $config->getString('store.type', null);
     if ($storeType === null) {
         $storeType = $config->getString('session.handler', 'phpsession');
     }
     switch ($storeType) {
         case 'phpsession':
             // we cannot support advanced features with the PHP session store
             self::$instance = false;
             break;
         case 'memcache':
             self::$instance = new SimpleSAML_Store_Memcache();
             break;
         case 'sql':
             self::$instance = new SimpleSAML_Store_SQL();
             break;
         default:
             // datastore from module
             $className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
             self::$instance = new $className();
     }
     return self::$instance;
 }
Esempio n. 3
0
 /**
  * Process an authentication response.
  *
  * This function saves the state, and if necessary redirects the user to the page where the user
  * is informed about the expiry date of his/her certificate.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         /* We have a passive request. Skip the warning. */
         return;
     }
     if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
         return;
     }
     $client_cert = $_SERVER['SSL_CLIENT_CERT'];
     $client_cert_data = openssl_x509_parse($client_cert);
     if ($client_cert_data == FALSE) {
         SimpleSAML_Logger::error('authX509: invalid cert');
         return;
     }
     $validTo = $client_cert_data['validTo_time_t'];
     $now = time();
     $daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
     if ($daysleft > $this->warndaysbefore) {
         /* We have a certificate that will be valid for some time. Skip the warning. */
         return;
     }
     SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
     $state['daysleft'] = $daysleft;
     $state['renewurl'] = $this->renewurl;
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
     $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }
Esempio n. 4
0
 public static function getInstance()
 {
     if (self::$instance !== null) {
         return self::$instance;
     }
     $loader = new \Twig_Loader_Filesystem();
     $translator = Translator::getInstance();
     $modules = \SimpleSAML_Module::getModules();
     foreach ($modules as $module) {
         if (\SimpleSAML_Module::isModuleEnabled($module)) {
             $path = \SimpleSAML_Module::getModuleDir($module);
             $templatePath = self::resourceExists('templates', $path);
             if (false !== $templatePath) {
                 $loader->addPath($templatePath, $module);
             }
             $translationPath = self::resourceExists('translations', $path);
             if (false !== $translationPath) {
                 $translations = new Finder();
                 $translations->files()->in($translationPath)->name('/\\.[a-zA-Z_]+\\.yml$/');
                 /** @var SplFileInfo $translation */
                 foreach ($translations as $translation) {
                     $name = $translation->getBasename('.yml');
                     $locale = substr($name, strrpos($name, '.') + 1);
                     $translator->addResource('yaml', $translation->getPathname(), $locale, $module);
                 }
             }
         }
     }
     self::$instance = new \Twig_Environment($loader);
     self::$instance->addExtension(new TranslationExtension($translator));
     return self::$instance;
 }
Esempio n. 5
0
 /**
  * Start a login operation.
  *
  * @param array $params  Various options to the authentication request.
  */
 public function login(array $params = array())
 {
     if (array_key_exists('KeepPost', $params)) {
         $keepPost = (bool) $params['KeepPost'];
     } else {
         $keepPost = TRUE;
     }
     if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
         $params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
     }
     if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
         $params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
     }
     $session = SimpleSAML_Session::getInstance();
     $authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority);
     if (isset($params['saml:RequestId'])) {
         $authnRequest['RequestID'] = $params['saml:RequestId'];
     }
     if (isset($params['SPMetadata']['entityid'])) {
         $authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
     }
     if (isset($params['saml:RelayState'])) {
         $authnRequest['RelayState'] = $params['saml:RelayState'];
     }
     if (isset($params['saml:IDPList'])) {
         $authnRequest['IDPList'] = $params['saml:IDPList'];
     }
     $authId = SimpleSAML_Utilities::generateID();
     $session->setAuthnRequest('saml2', $authId, $authnRequest);
     $relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
     $config = SimpleSAML_Configuration::getInstance();
     $authurl = '/' . $config->getBaseURL() . $this->auth;
     SimpleSAML_Utilities::redirect($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2'));
 }
Esempio n. 6
0
 /**
  * Start the logout operation.
  *
  * @param array &$state  The logout state.
  * @param string|NULL $assocId  The SP we are logging out from.
  */
 public function startLogout(array &$state, $assocId)
 {
     assert('is_string($assocId) || is_null($assocId)');
     $associations = $this->idp->getAssociations();
     if (count($associations) === 0) {
         $this->idp->finishLogout($state);
     }
     foreach ($associations as $id => &$association) {
         $idp = SimpleSAML_IdP::getByState($association);
         $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
         $association['core:Logout-IFrame:State'] = 'onhold';
     }
     $state['core:Logout-IFrame:Associations'] = $associations;
     if (!is_null($assocId)) {
         $spName = $this->idp->getSPName($assocId);
         if ($spName === NULL) {
             $spName = array('en' => $assocId);
         }
         $state['core:Logout-IFrame:From'] = $spName;
     } else {
         $state['core:Logout-IFrame:From'] = NULL;
     }
     $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
     $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id));
     SimpleSAML_Utilities::redirect($url);
 }
Esempio n. 7
0
/**
 * Hook to add the modinfo module to the frontpage.
 *
 * @param array &$links  The links on the frontpage, split into sections.
 */
function statistics_hook_frontpage(&$links)
{
    assert('is_array($links)');
    assert('array_key_exists("links", $links)');
    $links['config']['statistics'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/showstats.php'), 'text' => array('en' => 'Show statistics', 'no' => 'Vis statistikk'), 'shorttext' => array('en' => 'Statistics', 'no' => 'Statistikk'));
    $links['config']['statisticsmeta'] = array('href' => SimpleSAML_Module::getModuleURL('statistics/statmeta.php'), 'text' => array('en' => 'Show statistics metadata', 'no' => 'Vis statistikk metadata'), 'shorttext' => array('en' => 'Statistics metadata', 'no' => 'Statistikk metadata'));
}
/**
 * @param array &$links  The links on the frontpage, split into sections.
 */
function metalisting_hook_frontpage(&$links)
{
    assert('is_array($links)');
    assert('array_key_exists("links", $links)');
    $links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/'), 'text' => array('en' => 'Federation entity listing', 'no' => 'Liste over føderasjonsmedlemmer'));
    $links['federation'][] = array('href' => SimpleSAML_Module::getModuleURL('metalisting/index.php?extended=1'), 'text' => array('en' => 'Federation entity listing (extended)', 'no' => 'Liste over føderasjonsmedlemmer (mer info)'));
}
Esempio n. 9
0
 /**
  * Log-in using Facebook cronus
  *
  * @param array &$state  Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     SimpleSAML_Logger::debug('facebook auth state id = ' . $stateID);
     $facebook = new Facebook($this->api_key, $this->secret);
     $u = $facebook->require_login(SimpleSAML_Module::getModuleUrl('authfacebook') . '/linkback.php?next=' . $stateID);
     # http://developers.facebook.com/documentation.php?v=1.0&method=users.getInfo
     /* Causes an notice / warning...
     		if ($facebook->api_client->error_code) {
     			throw new Exception('Unable to load profile from facebook');
     		}
     		*/
     // http://developers.facebook.com/docs/reference/rest/users.getInfo
     $info = $facebook->api_client->users_getInfo($u, array('uid', 'first_name', 'middle_name', 'last_name', 'name', 'locale', 'current_location', 'affiliations', 'pic_square', 'profile_url', 'sex', 'email', 'pic', 'username', 'about_me', 'status', 'profile_blurb'));
     $attributes = array();
     foreach ($info[0] as $key => $value) {
         if (is_string($value) && !empty($value)) {
             $attributes['facebook.' . $key] = array((string) $value);
         }
     }
     if (array_key_exists('username', $info[0])) {
         $attributes['facebook_user'] = array($info[0]['username'] . '@facebook.com');
     } else {
         $attributes['facebook_user'] = array($u . '@facebook.com');
     }
     $attributes['facebook_targetedID'] = array('http://facebook.com!' . $u);
     $attributes['facebook_cn'] = array($info[0]['name']);
     SimpleSAML_Logger::debug('Facebook Returned Attributes: ' . implode(", ", array_keys($attributes)));
     $state['Attributes'] = $attributes;
 }
Esempio n. 10
0
/**
 * Hook to add the simple consenet admin module to the frontpage.
 *
 * @param array &$links  The links on the frontpage, split into sections.
 */
function consentSimpleAdmin_hook_frontpage(&$links)
{
    assert('is_array($links)');
    assert('array_key_exists("links", $links)');
    $links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}');
    $links['config'][] = array('href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentStats.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}');
}
Esempio n. 11
0
 /**
  * Process a authentication response.
  *
  * This function checks how long it is since the last time the user was authenticated.
  * If it is to short a while since, we will show a warning to the user.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!array_key_exists('PreviousSSOTimestamp', $state)) {
         /*
          * No timestamp from the previous SSO to this SP. This is the first
          * time during this session.
          */
         return;
     }
     $timeDelta = time() - $state['PreviousSSOTimestamp'];
     if ($timeDelta >= 10) {
         /* At least 10 seconds since last attempt. */
         return;
     }
     if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
         $entityId = $state['Destination']['entityid'];
     } else {
         $entityId = 'UNKNOWN';
     }
     SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
     $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
 /**
  * When the process logic determines that the user is not
  * authorized for this service, then forward the user to
  * an 403 unauthorized page.
  *
  * Separated this code into its own method so that child
  * classes can override it and change the action. Forward
  * thinking in case a "chained" ACL is needed, more complex
  * permission logic.
  *
  * @param array $request
  */
 protected function unauthorized(&$request)
 {
     SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, true));
     $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
     $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }
Esempio n. 13
0
/**
 * Hook to inject HTML content into all pages...
 *
 * @param array &$hookinfo  hookinfo
 */
function portal_hook_htmlinject(&$hookinfo)
{
    assert('is_array($hookinfo)');
    assert('array_key_exists("pre", $hookinfo)');
    assert('array_key_exists("post", $hookinfo)');
    assert('array_key_exists("page", $hookinfo)');
    $links = array('links' => array());
    SimpleSAML_Module::callHooks('frontpage', $links);
    $portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php');
    $allLinks = array();
    foreach ($links as $ls) {
        $allLinks = array_merge($allLinks, $ls);
    }
    $pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation')));
    SimpleSAML_Module::callHooks('portalextras', $pagesets);
    $portal = new sspmod_portal_Portal($allLinks, $pagesets);
    if (!$portal->isPortalized($hookinfo['page'])) {
        return;
    }
    // Include jquery UI CSS files in header.
    $hookinfo['jquery']['css'] = TRUE;
    $hookinfo['jquery']['version'] = '1.6';
    // Header
    $hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">';
    // Footer
    $hookinfo['post'][] = '</div></div>';
}
Esempio n. 14
0
/**
 * Hook to run a cron job.
 *
 * @param array &$croninfo  Output
 */
function sanitycheck_hook_cron(&$croninfo)
{
    assert('is_array($croninfo)');
    assert('array_key_exists("summary", $croninfo)');
    assert('array_key_exists("tag", $croninfo)');
    SimpleSAML_Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] ');
    try {
        $sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php');
        $cronTag = $sconfig->getString('cron_tag', NULL);
        if ($cronTag === NULL || $cronTag !== $croninfo['tag']) {
            return;
        }
        $info = array();
        $errors = array();
        $hookinfo = array('info' => &$info, 'errors' => &$errors);
        SimpleSAML_Module::callHooks('sanitycheck', $hookinfo);
        if (count($errors) > 0) {
            foreach ($errors as $err) {
                $croninfo['summary'][] = 'Sanitycheck error: ' . $err;
            }
        }
    } catch (Exception $e) {
        $croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage();
    }
}
Esempio n. 15
0
 /**
  * Retrieve our singleton instance.
  *
  * @return SimpleSAML_Store|FALSE  The datastore, or FALSE if it isn't enabled.
  */
 public static function getInstance()
 {
     if (self::$instance !== NULL) {
         return self::$instance;
     }
     $config = SimpleSAML_Configuration::getInstance();
     $storeType = $config->getString('store.type', NULL);
     if ($storeType === NULL) {
         $storeType = $config->getString('session.handler', 'phpsession');
     }
     switch ($storeType) {
         case 'phpsession':
             /* We cannot support advanced features with the PHP session store. */
             self::$instance = FALSE;
             break;
         case 'memcache':
             self::$instance = new SimpleSAML_Store_Memcache();
             break;
         case 'sql':
             self::$instance = new SimpleSAML_Store_SQL();
             break;
         default:
             if (strpos($storeType, ':') === FALSE) {
                 throw new SimpleSAML_Error_Exception('Unknown datastore type: ' . var_export($storeType, TRUE));
             }
             /* Datastore from module. */
             $className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store');
             self::$instance = new $className();
     }
     return self::$instance;
 }
Esempio n. 16
0
 public function finalStep(&$state)
 {
     SimpleSAML_Logger::debug("oauth wrap:  Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]");
     // Retrieve Access Token
     // Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx
     $postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']);
     $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData));
     $result = \SimpleSAML\Utils\HTTP::fetch('https://consent.live.com/AccessToken.aspx', $context);
     parse_str($result, $response);
     // error checking of $response to make sure we can proceed
     if (!array_key_exists('wrap_access_token', $response)) {
         throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']);
     }
     SimpleSAML_Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]");
     // Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx
     $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n"));
     $data = \SimpleSAML\Utils\HTTP::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts);
     $userdata = json_decode($data, TRUE);
     $attributes = array();
     $attributes['windowslive_uid'] = array($response['uid']);
     $attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']);
     $attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com');
     if (array_key_exists('Entries', $userdata)) {
         foreach ($userdata['Entries'][0] as $key => $value) {
             if (is_string($value)) {
                 $attributes['windowslive.' . $key] = array((string) $value);
             }
         }
         if (array_key_exists('Emails', $userdata['Entries'][0])) {
             $attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']);
         }
     }
     SimpleSAML_Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes)));
     $state['Attributes'] = $attributes;
 }
Esempio n. 17
0
 /**
  * Start the logout operation.
  *
  * @param array       &$state The logout state.
  * @param string|null $assocId The SP we are logging out from.
  */
 public function startLogout(array &$state, $assocId)
 {
     assert('is_string($assocId) || is_null($assocId)');
     $associations = $this->idp->getAssociations();
     if (count($associations) === 0) {
         $this->idp->finishLogout($state);
     }
     foreach ($associations as $id => &$association) {
         $idp = SimpleSAML_IdP::getByState($association);
         $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
         $association['core:Logout-IFrame:State'] = 'onhold';
     }
     $state['core:Logout-IFrame:Associations'] = $associations;
     if (!is_null($assocId)) {
         $spName = $this->idp->getSPName($assocId);
         if ($spName === null) {
             $spName = array('en' => $assocId);
         }
         $state['core:Logout-IFrame:From'] = $spName;
     } else {
         $state['core:Logout-IFrame:From'] = null;
     }
     $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
     if (isset($state['core:Logout-IFrame:InitType'])) {
         $params['type'] = $state['core:Logout-IFrame:InitType'];
     }
     $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params);
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url);
 }
/**
 * Hook a ejecutar antes del paso 5 de la instalación
 * Extrae cuales son las fuentes de datos principales que podría utilizarse
 *
 * @param array &$data  Los datos a utilizar por las plantillas de tipo stepn
 */
function idpinstaller_hook_step5(&$data)
{
    $data['datasources'] = getDataSources();
    $require_mods = array("saml", "idpinstaller", "modinfo", "ldap", "sqlauth", "core", "portal", "sir2skin");
    //Modulos obligatorios
    $ssphpobj = $data['ssphpobj'];
    $modules = SimpleSAML_Module::getModules();
    sort($modules);
    $perms_ko = array();
    $modules_ko = array();
    foreach ($modules as $m) {
        $f = realpath(__DIR__ . '/../../' . $m);
        if (!file_exists($f . '/default-disable') && !file_exists($f . '/default-enable') && in_array($m, $require_mods)) {
            $modules_ko[] = $f;
        } elseif (file_exists($f . '/default-disable') && !is_writable($f . '/default-disable') || file_exists($f . '/default-enable') && !is_writable($f . '/default-enable')) {
            $perms_ko[] = $f;
        } else {
            if (in_array($m, $require_mods)) {
                //PARA LOS QUE SI QUEREMOS ACTIVAR
                if (file_exists($f . '/default-disable')) {
                    @unlink($f . '/default-disable');
                    @touch($f . '/default-enable');
                    if (!file_exists($f . '/default-enable')) {
                        $data['errors'][] = $ssphpobj->t('{idpinstaller:idpinstaller:step4_error}');
                    }
                }
            } else {
                //PARA LOS QUE QUEREMOS DESACTIVAR
                if (file_exists($f . '/default-enable')) {
                    @unlink($f . '/default-enable');
                    @touch($f . '/default-disable');
                    if (!file_exists($f . '/default-disable')) {
                        $data['errors'][] = $ssphpobj->t('{idpinstaller:idpinstaller:step4_error}');
                    }
                }
            }
        }
    }
    if (count($modules_ko) > 0) {
        $data['errors'][] = $ssphpobj->t('{idpinstaller:idpinstaller:step4_error}');
    } elseif (count($perms_ko) > 0) {
        if (function_exists('posix_getgrnam')) {
            $aux = "<br/>" . $ssphpobj->t('{idpinstaller:idpinstaller:step4_perms_ko}');
            $filename = $perms_ko[0];
            $file_owner = posix_getpwuid(fileowner($filename));
            $group = posix_getgrgid(posix_getgid());
            $recursive = is_dir($filename) ? "-R" : "";
            $aux .= "<pre>&gt; chown {$recursive} " . $file_owner['name'] . ":" . $group['name'] . " {$filename}\n&gt; chmod {$recursive} g+w " . $filename . "</pre>";
        }
        $data['errors'][] = $aux;
        $data['errors'][] = $ssphpobj->t("{idpinstaller:idpinstaller:step1_remember_change_perms}");
    }
    if (count($data['errors']) == 0) {
        $data['info'][] = $ssphpobj->t('{idpinstaller:idpinstaller:step4_all_ok}');
    }
    /*else {
          $data['errors'][] = $ssphpobj->t('{idpinstaller:idpinstaller:step4_error}');
      }*/
    return true;
}
Esempio n. 19
0
 /**
  * Create an output from a configuration object.
  *
  * @param SimpleSAML_Configuration $config  The configuration object.
  * @return
  */
 private static function createOutput(SimpleSAML_Configuration $config)
 {
     $cls = $config->getString('class');
     $cls = SimpleSAML_Module::resolveClass($cls, 'Stats_Output', 'SimpleSAML_Stats_Output');
     $output = new $cls($config);
     return $output;
 }
/**
 * Hook to do sanitycheck
 *
 * @param array &$hookinfo  hookinfo
 */
function core_hook_sanitycheck(&$hookinfo)
{
    assert('is_array($hookinfo)');
    assert('array_key_exists("errors", $hookinfo)');
    assert('array_key_exists("info", $hookinfo)');
    $config = SimpleSAML_Configuration::getInstance();
    if ($config->getString('auth.adminpassword', '123') === '123') {
        $hookinfo['errors'][] = '[core] Password in config.php is not set properly';
    } else {
        $hookinfo['info'][] = '[core] Password in config.php is set properly';
    }
    if ($config->getString('technicalcontact_email', 'na@example.org') === 'na@example.org') {
        $hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly';
    } else {
        $hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly';
    }
    if (version_compare(phpversion(), '5.3', '>=')) {
        $hookinfo['info'][] = '[core] You are running PHP version ' . phpversion() . '. Great.';
    } else {
        $hookinfo['errors'][] = '[core] You are running PHP version ' . phpversion() . '. SimpleSAMLphp requires version >= 5.3. Please upgrade!';
    }
    $info = array();
    $mihookinfo = array('info' => &$info);
    $availmodules = SimpleSAML_Module::getModules();
    SimpleSAML_Module::callHooks('moduleinfo', $mihookinfo);
    foreach ($info as $mi => $i) {
        if (isset($i['dependencies']) && is_array($i['dependencies'])) {
            foreach ($i['dependencies'] as $dep) {
                if (!in_array($dep, $availmodules)) {
                    $hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep;
                }
            }
        }
    }
}
Esempio n. 21
0
 /**
  * Constructor for Google authentication source.
  *
  * @param array $info Information about this authentication source.
  * @param array $config Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     if (!array_key_exists('key', $config)) {
         throw new Exception('Google authentication source is not properly configured: missing [key]');
     }
     $this->key = $config['key'];
     if (!array_key_exists('secret', $config)) {
         throw new Exception('Google authentication source is not properly configured: missing [secret]');
     }
     $this->secret = $config['secret'];
     $this->linkback = SimpleSAML_Module::getModuleURL('authgoogleOIDC') . '/linkback.php';
     // Create Client
     $this->client = new Google_Client();
     $this->client->setApplicationName('Google gateway');
     $this->client->setClientId($this->key);
     $this->client->setClientSecret($this->secret);
     $this->client->setRedirectUri($this->linkback);
     $this->client->addScope('openid');
     $this->client->addScope('profile');
     $this->client->addScope('email');
 }
function listMetadata($t, $metadata, $extended = FALSE)
{
    $now = time();
    echo '<ul>';
    foreach ($metadata as $entry) {
        $flag = NULL;
        if (array_key_exists('tags', $entry)) {
            if (in_array('norway', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png');
            }
            if (in_array('denmark', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png');
            }
            if (in_array('finland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png');
            }
            if (in_array('sweden', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png');
            }
            if (in_array('switzerland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png');
            }
            if (in_array('france', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png');
            }
            if (in_array('poland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png');
            }
            if (in_array('germany', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png');
            }
        }
        echo '<li>';
        if (isset($flag)) {
            echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />';
        }
        if (array_key_exists('name', $entry)) {
            echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en'));
        } else {
            echo $entry['entityid'];
        }
        // echo('<pre>'); print_r($entry); echo('</pre>');
        if ($extended) {
            if (array_key_exists('expire', $entry)) {
                if ($entry['expire'] < $now) {
                    echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>';
                } else {
                    echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>';
                }
            }
        }
        if (array_key_exists('url', $entry)) {
            echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]';
        }
        echo '</li>';
    }
    echo '</ul>';
    echo '</fieldset>';
}
Esempio n. 23
0
 /**
  * Retrieve the destination we should send the message to.
  *
  * This will return a debug endpoint if we have debug enabled. If debug
  * is disabled, NULL is returned, in which case the default destination
  * will be used.
  *
  * @return string|NULL  The destination the message should be delivered to.
  */
 public static function getDebugDestination()
 {
     $globalConfig = SimpleSAML_Configuration::getInstance();
     if (!$globalConfig->getBoolean('debug', FALSE)) {
         return NULL;
     }
     return SimpleSAML_Module::getModuleURL('saml2/debug.php');
 }
Esempio n. 24
0
 public function getRule($preferRule)
 {
     $rule = $this->resolveSelectedRule($preferRule);
     $statrulesConfig = $this->statconfig->getConfigItem('statrules');
     $statruleConfig = $statrulesConfig->getConfigItem($rule);
     $presenterClass = SimpleSAML_Module::resolveClass($statruleConfig->getValue('presenter', 'statistics:BaseRule'), 'Statistics_Rulesets');
     $statrule = new $presenterClass($this->statconfig, $statruleConfig, $rule, $this->available);
     return $statrule;
 }
Esempio n. 25
0
/**
 * Hook to add the modinfo module to the frontpage.
 *
 * @param array &$links  The links on the frontpage, split into sections.
 */
function core_hook_frontpage(&$links)
{
    assert('is_array($links)');
    assert('array_key_exists("links", $links)');
    $links['links']['frontpage_welcome'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_welcome.php'), 'text' => '{core:frontpage:welcome}', 'shorttext' => '{core:frontpage:welcome}');
    $links['links']['frontpage_config'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_config.php'), 'text' => '{core:frontpage:configuration}', 'shorttext' => '{core:frontpage:configuration}');
    $links['links']['frontpage_auth'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_auth.php'), 'text' => '{core:frontpage:auth}', 'shorttext' => '{core:frontpage:auth}');
    $links['links']['frontpage_federation'] = array('href' => SimpleSAML_Module::getModuleURL('core/frontpage_federation.php'), 'text' => '{core:frontpage:federation}', 'shorttext' => '{core:frontpage:federation}');
}
Esempio n. 26
0
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     /* We are going to need the authId in order to retrieve this authentication source later. */
     $state[self::AUTHID] = $this->authId;
     $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
     $url = SimpleSAML_Module::getModuleURL('InfoCard/login-infocard.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('AuthState' => $id));
 }
Esempio n. 27
0
 /**
  * Retrieve a admin login URL.
  *
  * @param string|NULL $returnTo The URL the user should arrive on after admin authentication. Defaults to null.
  *
  * @return string A URL which can be used for admin authentication.
  * @throws \InvalidArgumentException If $returnTo is neither a string nor null.
  */
 public static function getAdminLoginURL($returnTo = null)
 {
     if (!(is_string($returnTo) || is_null($returnTo))) {
         throw new \InvalidArgumentException('Invalid input parameters.');
     }
     if ($returnTo === null) {
         $returnTo = \SimpleSAML\Utils\HTTP::getSelfURL();
     }
     return \SimpleSAML_Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo));
 }
 /**
  * Get and initialize the configured collector
  *
  * @param array $config	 Configuration information about this filter.
  */
 private function getCollector($config)
 {
     if (!array_key_exists("collector", $config) || !array_key_exists("class", $config["collector"])) {
         throw new Exception('No collector class specified in configuration');
     }
     $collectorConfig = $config["collector"];
     $collectorClassName = SimpleSAML_Module::resolveClass($collectorConfig['class'], 'Collector', 'sspmod_attributecollector_SimpleCollector');
     unset($collectorConfig['class']);
     return new $collectorClassName($collectorConfig);
 }
Esempio n. 29
0
 /**
  * Initialize processing of the redirect test.
  *
  * @param array &$state  The state we should update.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Attributes", $state)');
     /* To check whether the state is saved correctly. */
     $state['Attributes']['RedirectTest1'] = array('OK');
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
     $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
Esempio n. 30
0
 /**
  * Process a authentication response.
  *
  * This function saves the state, and redirects the user to the page where the user
  * can authorize the release of the attributes.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         /* We have a passive request. Skip the warning. */
         return;
     }
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
     $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }