/** * This virtual method reads a PGT corresponding to a PGT Iou and deletes * the corresponding storage entry. * * @param string $pgt_iou the PGT iou * * @return void * * @note Should never be called. */ function read($pgt_iou) { phpCAS::error(__CLASS__ . '::' . __FUNCTION__ . '() should never be called'); }
/** * Change CURL options. * CURL is used to connect through HTTPS to CAS server * @param $key the option key * @param $value the value to set */ function setExtraCurlOption($key, $value) { global $PHPCAS_CLIENT; phpCAS::traceBegin(); if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } $PHPCAS_CLIENT->setExtraCurlOption($key, $value); phpCAS::traceEnd(); }
/** * This method is used to add header parameters when rebroadcasting * pgtIou/pgtId or logoutRequest. * * @param String $header Header to send when rebroadcasting. * * @return void */ public static function addRebroadcastHeader($header) { phpCAS::traceBegin(); phpCAS::_validateClientExists(); try { self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); } catch (Exception $e) { phpCAS::error(get_class($e) . ': ' . $e->getMessage()); } phpCAS::traceEnd(); }
/** * This method is used to initialize the storage. Halts on error. * * @public */ function init() { phpCAS::traceBegin(); // if the storage has already been initialized, return immediatly if ($this->isInitialized()) { return; } // call the ancestor's method (mark as initialized) parent::init(); // try to connect to the database $this->_link = DB::connect($this->getURL()); if (DB::isError($this->_link)) { phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')'); } var_dump($this->_link); phpCAS::traceBEnd(); }
/** * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a * warning on error. * * @param $pgt the PGT * @param $pgt_iou the PGT iou * * @public */ function write($pgt, $pgt_iou) { phpCAS::traceBegin(); $fname = $this->getPGTIouFilename($pgt_iou); if (!file_exists($fname)) { if ($f = fopen($fname, "w")) { if (fputs($f, $pgt) === FALSE) { phpCAS::error('could not write PGT to `' . $fname . '\''); } fclose($f); } else { phpCAS::error('could not open `' . $fname . '\''); } } else { phpCAS::error('File exists: `' . $fname . '\''); } phpCAS::traceEnd(); }
/** * This method is used to acces a remote URL. * * @param string $url the URL to access. * @param string &$headers an array containing the HTTP header lines of the * response (an empty array on failure). * @param string &$body the body of the response, as a string (empty on * failure). * @param string &$err_msg an error message, filled on failure. * * @return true on success, false otherwise (in this later case, $err_msg * contains an error message). */ private function _readURL($url, &$headers, &$body, &$err_msg) { phpCAS::traceBegin(); $className = $this->_requestImplementation; $request = new $className(); if (count($this->_curl_options)) { $request->setCurlOptions($this->_curl_options); } $request->setUrl($url); if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } if ($this->_cas_server_ca_cert != '') { $request->setSslCaCert($this->_cas_server_ca_cert, $this->_cas_server_cn_validate); } // add extra stuff if SAML if ($this->getServerVersion() == SAML_VERSION_1_1) { $request->addHeader("soapaction: http://www.oasis-open.org/committees/security"); $request->addHeader("cache-control: no-cache"); $request->addHeader("pragma: no-cache"); $request->addHeader("accept: text/xml"); $request->addHeader("connection: keep-alive"); $request->addHeader("content-type: text/xml"); $request->makePost(); $request->setPostBody($this->_buildSAMLPayload()); } if ($request->send()) { $headers = $request->getResponseHeaders(); $body = $request->getResponseBody(); $err_msg = ''; phpCAS::traceEnd(true); return true; } else { $headers = ''; $body = ''; $err_msg = $request->getErrorMessage(); phpCAS::traceEnd(false); return false; } }
/** * Answer an array of proxies that are sitting in front of this application. * * This method will only return a non-empty array if we have received and validated * a Proxy Ticket. * * @return array * @access public * @since 6/25/09 */ public static function getProxies () { global $PHPCAS_CLIENT; if ( !is_object($PHPCAS_CLIENT) ) { phpCAS::error('this method should only be called after '.__CLASS__.'::client()'); } return($PHPCAS_CLIENT->getProxies()); }
/** * This method stores a PGT and its corresponding PGT Iou in the database. * Echoes a warning on error. * * @param string $pgt the PGT * @param string $pgt_iou the PGT iou * * @return void */ public function write($pgt, $pgt_iou) { phpCAS::traceBegin(); // initialize the PDO object for this method $pdo = $this->_getPdo(); $this->_setErrorMode(); try { $pdo->beginTransaction(); $query = $pdo->prepare($this->storePgtSql()); $query->bindValue(':pgt', $pgt, PDO::PARAM_STR); $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); $query->execute(); $query->closeCursor(); $pdo->commit(); } catch (PDOException $e) { // attempt rolling back the transaction before throwing a phpCAS error try { $pdo->rollBack(); } catch (PDOException $e) { } phpCAS::error('error writing PGT to database: ' . $e->getMessage()); } // reset the PDO object $this->_resetErrorMode(); phpCAS::traceEnd(); }
/** * This method reads a PGT corresponding to a PGT Iou and deletes the * corresponding file. * * @param string $pgt_iou the PGT iou * * @return the corresponding PGT, or FALSE on error * * @public */ function read($pgt_iou) { phpCAS::traceBegin(); $pgt = false; $fname = $this->getPGTIouFilename($pgt_iou); if (file_exists($fname)) { if (!($f = fopen($fname, "r"))) { phpCAS::error('could not open `' . $fname . '\''); } else { if (($pgt = fgets($f)) === false) { phpCAS::error('could not read PGT from `' . $fname . '\''); } phpCAS::trace('Successful read of PGT to `' . $fname . '\''); fclose($f); } // delete the PGT file @unlink($fname); } else { phpCAS::error('No such file `' . $fname . '\''); } phpCAS::traceEnd($pgt); return $pgt; }
/** * Retrieve a Proxy Ticket from the CAS server. */ function retrievePT($target_service, &$err_code, &$err_msg) { global $PHPCAS_CLIENT; if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::proxy()'); } if (gettype($target_service) != 'string') { phpCAS::error('type mismatched for parameter $target_service(should be `string\')'); } return $PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg); }
/** * This method is used to add header parameters when rebroadcasting * pgtIou/pgtId or logoutRequest. * * @param String $header Header to send when rebroadcasting. * * @return void */ public static function addRebroadcastHeader($header) { phpCAS::traceBegin(); if (!is_object(self::$_PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); phpCAS::traceEnd(); }
/** * This method is used to acces a remote URL. * * @param $url the URL to access. * @param $cookies an array containing cookies strings such as 'name=val' * @param $headers an array containing the HTTP header lines of the response * (an empty array on failure). * @param $body the body of the response, as a string (empty on failure). * @param $err_msg an error message, filled on failure. * * @return TRUE on success, FALSE otherwise (in this later case, $err_msg * contains an error message). * * @private */ function readURL($url, $cookies, &$headers, &$body, &$err_msg) { phpCAS::traceBegin(); $headers = ''; $body = ''; $err_msg = ''; $res = TRUE; // initialize the CURL session $ch = curl_init($url); if (version_compare(PHP_VERSION, '5.1.3', '>=')) { //only avaible in php5 curl_setopt_array($ch, $this->_curl_options); } else { foreach ($this->_curl_options as $key => $value) { curl_setopt($ch, $key, $value); } } if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } if ($this->_cas_server_cert != '') { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); } else { if ($this->_cas_server_ca_cert != '') { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); } else { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); } } // return the CURL output into a variable curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // get the HTTP header with a callback $this->_curl_headers = array(); // empty the headers array curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); // add cookies headers if (is_array($cookies)) { curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookies)); } // perform the query $buf = curl_exec($ch); if ($buf === FALSE) { phpCAS::trace('curl_exec() failed'); $err_msg = 'CURL error #' . curl_errno($ch) . ': ' . curl_error($ch); // close the CURL session curl_close($ch); $res = FALSE; } else { // close the CURL session curl_close($ch); $headers = $this->_curl_headers; $body = $buf; } phpCAS::traceEnd($res); return $res; }
/** * This method is used to acces a remote URL. * * @param $url the URL to access. * @param $cookies an array containing cookies strings such as 'name=val' * @param $headers an array containing the HTTP header lines of the response * (an empty array on failure). * @param $body the body of the response, as a string (empty on failure). * @param $err_msg an error message, filled on failure. * * @return TRUE on success, FALSE otherwise (in this later case, $err_msg * contains an error message). * * @private */ function readURL($url, $cookies, &$headers, &$body, &$err_msg) { phpCAS::traceBegin(); $headers = ''; $body = ''; $err_msg = ''; $res = TRUE; // initialize the CURL session $ch = curl_init($url); if (version_compare(PHP_VERSION, '5.1.3', '>=')) { //only avaible in php5 curl_setopt_array($ch, $this->_curl_options); } else { foreach ($this->_curl_options as $key => $value) { curl_setopt($ch, $key, $value); } } if ($this->_cas_server_cert == '' && $this->_cas_server_ca_cert == '' && !$this->_no_cas_server_validation) { phpCAS::error('one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'); } if ($this->_cas_server_cert != '' && $this->_cas_server_ca_cert != '') { // This branch added by IDMS. Seems phpCAS implementor got a bit confused about the curl options CURLOPT_SSLCERT and CURLOPT_CAINFO curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); curl_setopt($ch, CURLOPT_VERBOSE, '1'); phpCAS::trace('CURL: Set all required opts for mutual authentication ------'); } else { if ($this->_cas_server_cert != '') { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_SSLCERT, $this->_cas_server_cert); } else { if ($this->_cas_server_ca_cert != '') { curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_CAINFO, $this->_cas_server_ca_cert); } else { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); } } } // return the CURL output into a variable curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // get the HTTP header with a callback $this->_curl_headers = array(); // empty the headers array curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curl_read_headers')); // add cookies headers if (is_array($cookies)) { curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookies)); } // add extra stuff if SAML if ($this->hasSA()) { $more_headers = array("soapaction: http://www.oasis-open.org/committees/security", "cache-control: no-cache", "pragma: no-cache", "accept: text/xml", "connection: keep-alive", "content-type: text/xml"); curl_setopt($ch, CURLOPT_HTTPHEADER, $more_headers); curl_setopt($ch, CURLOPT_POST, 1); $data = $this->buildSAMLPayload(); //phpCAS::trace('SAML Payload: '.print_r($data, TRUE)); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); } // perform the query $buf = curl_exec($ch); //phpCAS::trace('CURL: Call completed. Response body is: \''.$buf.'\''); if ($buf === FALSE) { phpCAS::trace('curl_exec() failed'); $err_msg = 'CURL error #' . curl_errno($ch) . ': ' . curl_error($ch); //phpCAS::trace('curl error: '.$err_msg); // close the CURL session curl_close($ch); $res = FALSE; } else { // close the CURL session curl_close($ch); $headers = $this->_curl_headers; $body = $buf; } phpCAS::traceEnd($res); return $res; }
/** * Renaming the session * * @param string $ticket name of the ticket * * @return void */ private function _renameSession($ticket) { phpCAS::traceBegin(); if ($this->getChangeSessionID()) { if (!empty($this->_user)) { $old_session = $_SESSION; session_destroy(); // set up a new session, of name based on the ticket $session_id = preg_replace('/[^a-zA-Z0-9\\-]/', '', $ticket); phpCAS::trace("Session ID: " . $session_id); session_id($session_id); session_start(); phpCAS::trace("Restoring old session vars"); $_SESSION = $old_session; } else { phpCAS::error('Session should only be renamed after successfull authentication'); } } else { phpCAS::trace("Skipping session rename since phpCAS is not handling the session."); } phpCAS::traceEnd(); }
/** * This method is used to initialize the storage. Halts on error. * * @public */ function init() { phpCAS::traceBegin(); // if the storage has already been initialized, return immediatly if ($this->isInitialized()) { return; } // call the ancestor's method (mark as initialized) parent::init(); //include phpDB library (the test was introduced in release 0.4.8 for //the integration into Tikiwiki). if (!class_exists('DB')) { include_once 'DB.php'; } // try to connect to the database $this->_link = DB::connect($this->getURL()); if (DB::isError($this->_link)) { phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')'); } var_dump($this->_link); phpCAS::traceBEnd(); }
/** * This method is used to tell phpCAS to store the response of the * CAS server to PGT requests into a database. * @note The connection to the database is done only when needed. * As a consequence, bad parameters are detected only when * initializing PGT storage. * * @param $user the user to access the data with * @param $password the user's password * @param $database_type the type of the database hosting the data * @param $hostname the server hosting the database * @param $port the port the server is listening on * @param $database the name of the database * @param $table the name of the table storing the data * * @public */ function setPGTStorageDB($user, $password, $database_type, $hostname, $port, $database, $table) { // check that the storage has not already been set if (is_object($this->_pgt_storage)) { phpCAS::error('PGT storage already defined'); } // warn the user that he should use file storage... trigger_error('PGT storage into database is an experimental feature, use at your own risk', E_USER_WARNING); // create the storage object $this->_pgt_storage =& new PGTStorageDB($this, $user, $password, $database_type, $hostname, $port, $database, $table); }
/** * This method is used to logout from CAS. Halts by redirecting to the CAS server. * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out) */ function logout($url = "") { global $PHPCAS_CLIENT; phpCAS::traceBegin(); if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } $PHPCAS_CLIENT->logout($url); // never reached phpCAS::traceEnd(); }