/** * Initialize the output. * * @param SimpleSAML_Configuration $config The configuration for this output. */ public function __construct(SimpleSAML_Configuration $config) { $logLevel = $config->getString('level', 'notice'); $this->logger = array('SimpleSAML_Logger', $logLevel); if (!is_callable($this->logger)) { throw new Exception('Invalid log level: ' . var_export($logLevel, TRUE)); } }
/** * Initialize the output. * * @param SimpleSAML_Configuration $config The configuration for this output. */ public function __construct(SimpleSAML_Configuration $config) { $this->logDir = $config->getPathValue('directory'); if ($this->logDir === NULL) { throw new Exception('Missing "directory" option for core:File'); } if (!is_dir($this->logDir)) { throw new Exception('Could not find log directory: ' . var_export($this->logDir, TRUE)); } }
/** * Build a new logging handler based on syslog. */ public function __construct(\SimpleSAML_Configuration $config) { $facility = $config->getInteger('logging.facility', defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER); $processname = $config->getString('logging.processname', 'SimpleSAMLphp'); // Setting facility to LOG_USER (only valid in Windows), enable log level rewrite on windows systems if (System::getOS() === System::WINDOWS) { $this->isWindows = true; $facility = LOG_USER; } openlog($processname, LOG_PID, $facility); }
/** * Initialize this EntitySource. * * @param SimpleSAML_Configuration $config The configuration. */ public function __construct(sspmod_aggregator2_Aggregator $aggregator, SimpleSAML_Configuration $config) { $this->logLoc = 'aggregator2:' . $aggregator->getId() . ': '; $this->aggregator = $aggregator; $this->url = $config->getString('url'); $this->sslCAFile = $config->getString('ssl.cafile', NULL); if ($this->sslCAFile === NULL) { $this->sslCAFile = $aggregator->getCAFile(); } $this->certificate = $config->getString('cert', NULL); $this->cacheId = sha1($this->url); $this->cacheTag = sha1(serialize($config)); }
public function __construct(array $config) { if (!is_string($config['directory'])) { throw new Exception('Invalid directory option in config.'); } $conf = new SimpleSAML_Configuration(array(), ''); $path = $conf->resolvePath($config['directory']); if (!is_dir($path)) { throw new Exception('Invalid storage directory [' . $path . '].'); } if (!is_writable($path)) { throw new Exception('Storage directory [' . $path . '] is not writable.'); } $this->directory = preg_replace('/\\/$/', '', $path) . '/'; }
public function __construct(\SimpleSAML_Configuration $config) { $storeConfig = $config->getValue('ticketstore', array('directory' => 'ticketcache')); if (!is_string($storeConfig['directory'])) { throw new Exception('Invalid directory option in config.'); } $path = $config->resolvePath($storeConfig['directory']); if (!is_dir($path)) { throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. '); } if (!is_writable($path)) { throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. '); } $this->pathToTicketDirectory = preg_replace('/\\/$/', '', $path); }
/** * Retrieve our singleton instance. * * @return SimpleSAML_Store|false The data store, or false if it isn't enabled. */ public static function getInstance() { if (self::$instance !== null) { return self::$instance; } $config = SimpleSAML_Configuration::getInstance(); $storeType = $config->getString('store.type', null); if ($storeType === null) { $storeType = $config->getString('session.handler', 'phpsession'); } switch ($storeType) { case 'phpsession': // we cannot support advanced features with the PHP session store self::$instance = false; break; case 'memcache': self::$instance = new SimpleSAML_Store_Memcache(); break; case 'sql': self::$instance = new SimpleSAML_Store_SQL(); break; default: // datastore from module $className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store'); self::$instance = new $className(); } return self::$instance; }
/** * Constructor for the metadata signer. * * You can pass an list of options as key-value pairs in the array. This allows you to initialize * a metadata signer in one call. * * The following keys are recognized: * - privatekey The file with the private key, relative to the cert-directory. * - privatekey_pass The passphrase for the private key. * - certificate The file with the certificate, relative to the cert-directory. * - privatekey_array The private key, as an array returned from SimpleSAML_Utilities::loadPrivateKey. * - publickey_array The public key, as an array returned from SimpleSAML_Utilities::loadPublicKey. * - id The name of the ID attribute. * * @param $options Associative array with options for the constructor. Defaults to an empty array. */ public function __construct($options = array()) { assert('is_array($options)'); if (self::$certDir === FALSE) { $config = SimpleSAML_Configuration::getInstance(); self::$certDir = $config->getPathValue('certdir', 'cert/'); } $this->idAttrName = FALSE; $this->privateKey = FALSE; $this->certificate = FALSE; $this->extraCertificates = array(); if (array_key_exists('privatekey', $options)) { $pass = NULL; if (array_key_exists('privatekey_pass', $options)) { $pass = $options['privatekey_pass']; } $this->loadPrivateKey($options['privatekey'], $pass); } if (array_key_exists('certificate', $options)) { $this->loadCertificate($options['certificate']); } if (array_key_exists('privatekey_array', $options)) { $this->loadPrivateKeyArray($options['privatekey_array']); } if (array_key_exists('publickey_array', $options)) { $this->loadPublicKeyArray($options['publickey_array']); } if (array_key_exists('id', $options)) { $this->setIdAttribute($options['id']); } }
/** * Hook to do sanitycheck * * @param array &$hookinfo hookinfo */ function core_hook_sanitycheck(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("errors", $hookinfo)'); assert('array_key_exists("info", $hookinfo)'); $config = SimpleSAML_Configuration::getInstance(); if ($config->getString('auth.adminpassword', '123') === '123') { $hookinfo['errors'][] = '[core] Password in config.php is not set properly'; } else { $hookinfo['info'][] = '[core] Password in config.php is set properly'; } if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') { $hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly'; } else { $hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly'; } if (version_compare(phpversion(), '5.3', '>=')) { $hookinfo['info'][] = '[core] You are running PHP version ' . phpversion() . '. Great.'; } else { $hookinfo['errors'][] = '[core] You are running PHP version ' . phpversion() . '. SimpleSAMLphp requires version >= 5.3. Please upgrade!'; } $info = array(); $mihookinfo = array('info' => &$info); $availmodules = SimpleSAML_Module::getModules(); SimpleSAML_Module::callHooks('moduleinfo', $mihookinfo); foreach ($info as $mi => $i) { if (isset($i['dependencies']) && is_array($i['dependencies'])) { foreach ($i['dependencies'] as $dep) { if (!in_array($dep, $availmodules)) { $hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep; } } } } }
/** * Send a response to the SP. * * @param array $state The authentication state. */ public static function sendResponse(array $state) { assert('isset($state["Attributes"])'); assert('isset($state["SPMetadata"])'); assert('isset($state["saml:shire"])'); assert('array_key_exists("saml:target", $state)'); // Can be NULL $spMetadata = $state["SPMetadata"]; $spEntityId = $spMetadata['entityid']; $spMetadata = SimpleSAML_Configuration::loadFromArray($spMetadata, '$metadata[' . var_export($spEntityId, TRUE) . ']'); SimpleSAML\Logger::info('Sending SAML 1.1 Response to ' . var_export($spEntityId, TRUE)); $attributes = $state['Attributes']; $shire = $state['saml:shire']; $target = $state['saml:target']; $idp = SimpleSAML_IdP::getByState($state); $idpMetadata = $idp->getConfig(); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'protocol' => 'saml1'); if (isset($state['saml:AuthnRequestReceivedAt'])) { $statsData['logintime'] = microtime(TRUE) - $state['saml:AuthnRequestReceivedAt']; } SimpleSAML_Stats::log('saml:idp:Response', $statsData); // Generate and send response. $ar = new SimpleSAML_XML_Shib13_AuthnResponse(); $authnResponseXML = $ar->generate($idpMetadata, $spMetadata, $shire, $attributes); $httppost = new SimpleSAML_Bindings_Shib13_HTTPPost($config, $metadata); $httppost->sendResponse($authnResponseXML, $idpMetadata, $spMetadata, $target, $shire); }
/** * Retrieve our singleton instance. * * @return SimpleSAML_Store|FALSE The datastore, or FALSE if it isn't enabled. */ public static function getInstance() { if (self::$instance !== NULL) { return self::$instance; } $config = SimpleSAML_Configuration::getInstance(); $storeType = $config->getString('store.type', NULL); if ($storeType === NULL) { $storeType = $config->getString('session.handler', 'phpsession'); } switch ($storeType) { case 'phpsession': /* We cannot support advanced features with the PHP session store. */ self::$instance = FALSE; break; case 'memcache': self::$instance = new SimpleSAML_Store_Memcache(); break; case 'sql': self::$instance = new SimpleSAML_Store_SQL(); break; default: if (strpos($storeType, ':') === FALSE) { throw new SimpleSAML_Error_Exception('Unknown datastore type: ' . var_export($storeType, TRUE)); } /* Datastore from module. */ $className = SimpleSAML_Module::resolveClass($storeType, 'Store', 'SimpleSAML_Store'); self::$instance = new $className(); } return self::$instance; }
protected function createLogoutResponse($testrun, $logoutRequest, $logoutRelayState) { $this->log($testrun, 'Creating response with relaystate [' . $logoutRelayState . ']'); $idpMetadata = SimpleSAML_Configuration::loadFromArray($this->idpmetadata); $spMetadata = SimpleSAML_Configuration::loadFromArray($this->metadata); // Get SingleLogoutService URL $consumerURLf = $spMetadata->getDefaultEndpoint('SingleLogoutService', array('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect')); $consumerURL = $consumerURLf['Location']; /* Create an send response. */ $response = sspmod_saml2_Message::buildLogoutResponse($idpMetadata, $spMetadata); $response->setRelayState($logoutRequest->getRelayState()); $response->setInResponseTo($logoutRequest->getId()); $keyArray = SimpleSAML_Utilities::loadPrivateKey($idpMetadata, TRUE); $certArray = SimpleSAML_Utilities::loadPublicKey($idpMetadata, FALSE); $privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private')); $privateKey->loadKey($keyArray['PEM'], FALSE); $response->setSignatureKey($privateKey); if ($certArray === NULL) { throw new Exception('No certificates found. [1]'); } if (!array_key_exists('PEM', $certArray)) { throw new Exception('No certificates found. [2]'); } $response->setCertificates(array($certArray['PEM'])); #$this->tweakResponse($testrun, $response); $msgStr = $response->toUnsignedXML(); #$this->tweakResponseDOM($testrun, $msgStr); $msgStr = $msgStr->ownerDocument->saveXML($msgStr); # echo '<pre>'; echo(htmlspecialchars($msgStr)); exit; # $msgStr = base64_encode($msgStr); # $msgStr = htmlspecialchars($msgStr); return array('url' => $consumerURL, 'Response' => $msgStr, 'ResponseObj' => $response, 'RelayState' => $logoutRelayState); }
/** * Hook to do santity checks * * @param array &$hookinfo hookinfo */ function statistics_hook_sanitycheck(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("errors", $hookinfo)'); assert('array_key_exists("info", $hookinfo)'); try { $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php'); } catch (Exception $e) { $hookinfo['errors'][] = '[statistics] Could not get configuration: ' . $e->getMessage(); return; } $statdir = $statconfig->getValue('statdir'); $inputfile = $statconfig->getValue('inputfile'); if (file_exists($statdir)) { $hookinfo['info'][] = '[statistics] Statistics dir [' . $statdir . '] exists'; if (is_writable($statdir)) { $hookinfo['info'][] = '[statistics] Statistics dir [' . $statdir . '] is writable'; } else { $hookinfo['errors'][] = '[statistics] Statistics dir [' . $statdir . '] is not writable'; } } else { $hookinfo['errors'][] = '[statistics] Statistics dir [' . $statdir . '] does not exists'; } if (file_exists($inputfile)) { $hookinfo['info'][] = '[statistics] Input file [' . $inputfile . '] exists'; } else { $hookinfo['errors'][] = '[statistics] Input file [' . $inputfile . '] does not exists'; } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config The configuration of the module * * @throws Exception If the KRB5 extension is not installed or active. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); if (!extension_loaded('krb5')) { throw new Exception('KRB5 Extension not installed'); } // call the parent constructor first, as required by the interface parent::__construct($info, $config); $config = SimpleSAML_Configuration::loadFromArray($config); $this->backend = $config->getString('fallback'); $this->hostname = $config->getString('hostname'); $this->port = $config->getInteger('port', 389); $this->referrals = $config->getBoolean('referrals', true); $this->enableTLS = $config->getBoolean('enable_tls', false); $this->debugLDAP = $config->getBoolean('debugLDAP', false); $this->timeout = $config->getInteger('timeout', 30); $this->keytab = $config->getString('keytab'); $this->base = $config->getArrayizeString('base'); $this->attr = $config->getString('attr', 'uid'); $this->subnet = $config->getArray('subnet', null); $this->admin_user = $config->getString('adminUser', null); $this->admin_pw = $config->getString('adminPassword', null); $this->attributes = $config->getArray('attributes', null); }
public function process(&$state) { assert('is_array($state)'); if (empty($state['Expire']) || empty($state['Authority'])) { return; } $now = time(); $delta = $state['Expire'] - $now; $globalConfig = SimpleSAML_Configuration::getInstance(); $sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60); /* Extend only if half of session duration already passed */ if ($delta >= $sessionDuration * 0.5) { return; } /* Update authority expire time */ $session = SimpleSAML_Session::getSessionFromRequest(); $session->setAuthorityExpire($state['Authority']); /* Update session cookies duration */ /* If remember me is active */ $rememberMeExpire = $session->getRememberMeExpire(); if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) { $session->setRememberMeExpire(); return; } /* Or if session lifetime is more than zero */ $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $cookieParams = $sessionHandler->getCookieParams(); if ($cookieParams['lifetime'] > 0) { $session->updateSessionCookies(); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); /* Parse configuration. */ $config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->servers = $config->getArray('servers', array()); /* For backwards compatibility. */ if (empty($this->servers)) { $this->hostname = $config->getString('hostname'); $this->port = $config->getIntegerRange('port', 1, 65535, 1812); $this->secret = $config->getString('secret'); $this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret); } $this->timeout = $config->getInteger('timeout', 5); $this->retries = $config->getInteger('retries', 3); $this->usernameAttribute = $config->getString('username_attribute', NULL); $this->nasIdentifier = $config->getString('nas_identifier', isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'); $this->vendor = $config->getInteger('attribute_vendor', NULL); if ($this->vendor !== NULL) { $this->vendorType = $config->getInteger('attribute_vendor_type'); } }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); $cfgHelper = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, TRUE)); $this->orgs = array(); $this->ldapOrgs = array(); foreach ($config as $name => $value) { if ($name === 'username_organization_method') { $usernameOrgMethod = $cfgHelper->getValueValidate('username_organization_method', array('none', 'allow', 'force')); $this->setUsernameOrgMethod($usernameOrgMethod); continue; } if ($name === 'include_organization_in_username') { $this->includeOrgInUsername = $cfgHelper->getBoolean('include_organization_in_username', FALSE); continue; } $orgCfg = $cfgHelper->getArray($name); $orgId = $name; if (array_key_exists('description', $orgCfg)) { $this->orgs[$orgId] = $orgCfg['description']; } else { $this->orgs[$orgId] = $orgId; } $orgCfg = new sspmod_ldap_ConfigHelper($orgCfg, 'Authentication source ' . var_export($this->authId, TRUE) . ', organization ' . var_export($orgId, TRUE)); $this->ldapOrgs[$orgId] = $orgCfg; } }
protected function __construct() { /* Call the parent constructor in case it should become * necessary in the future. */ parent::__construct(); /* Initialize the php session handling. * * If session_id() returns a blank string, then we need * to call session start. Otherwise the session is already * started, and we should avoid calling session_start(). */ if (session_id() === '') { $config = SimpleSAML_Configuration::getInstance(); $cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS()); $cookiename = $config->getString('session.phpsession.cookiename', NULL); if (!empty($cookiename)) { session_name($cookiename); } $savepath = $config->getString('session.phpsession.savepath', NULL); if (!empty($savepath)) { session_save_path($savepath); } if (!array_key_exists(session_name(), $_COOKIE)) { /* Session cookie unset - session id not set. Generate new (secure) session id. */ session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16))); } session_start(); } }
/** * Test the SimpleSAML\Utils\Time::initTimezone() method. * * @covers SimpleSAML\Utils\Time::initTimezone */ public function testInitTimezone() { $tz = 'UTC'; $os = @date_default_timezone_get(); if ($os === 'UTC') { // avoid collisions $tz = 'Europe/Oslo'; } // test guessing timezone from the OS \SimpleSAML_Configuration::loadFromArray(array('timezone' => null), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($os, @date_default_timezone_get()); // clear initialization $c = new \ReflectionProperty('\\SimpleSAML\\Utils\\Time', 'tz_initialized'); $c->setAccessible(true); $c->setValue(false); // test unknown timezone \SimpleSAML_Configuration::loadFromArray(array('timezone' => 'INVALID'), '[ARRAY]', 'simplesaml'); try { @Time::initTimezone(); $this->fail('Failed to recognize an invalid timezone.'); } catch (\SimpleSAML_Error_Exception $e) { $this->assertEquals('Invalid timezone set in the "timezone" option in config.php.', $e->getMessage()); } // test a valid timezone \SimpleSAML_Configuration::loadFromArray(array('timezone' => $tz), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($tz, @date_default_timezone_get()); // make sure initialization happens only once \SimpleSAML_Configuration::loadFromArray(array('timezone' => 'Europe/Madrid'), '[ARRAY]', 'simplesaml'); @Time::initTimezone(); $this->assertEquals($tz, @date_default_timezone_get()); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); // Call the parent constructor first, as required by the interface parent::__construct($info, $config); // Parse configuration. $config = SimpleSAML_Configuration::loadFromArray($config, 'Authentication source ' . var_export($this->authId, true)); $this->servers = $config->getArray('servers', array()); /* For backwards compatibility. */ if (empty($this->servers)) { $this->hostname = $config->getString('hostname'); $this->port = $config->getIntegerRange('port', 1, 65535, 1812); $this->secret = $config->getString('secret'); $this->servers[] = array('hostname' => $this->hostname, 'port' => $this->port, 'secret' => $this->secret); } $this->timeout = $config->getInteger('timeout', 5); $this->retries = $config->getInteger('retries', 3); $this->realm = $config->getString('realm', null); $this->usernameAttribute = $config->getString('username_attribute', null); $this->nasIdentifier = $config->getString('nas_identifier', \SimpleSAML\Utils\HTTP::getSelfHost()); $this->vendor = $config->getInteger('attribute_vendor', null); if ($this->vendor !== null) { $this->vendorType = $config->getInteger('attribute_vendor_type'); } }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function statistics_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php'); if (is_null($statconfig->getValue('cron_tag', NULL))) { return; } if ($statconfig->getValue('cron_tag', NULL) !== $croninfo['tag']) { return; } $maxtime = $statconfig->getInteger('time_limit', NULL); if ($maxtime) { set_time_limit($maxtime); } try { $aggregator = new sspmod_statistics_Aggregator(); $results = $aggregator->aggregate(); if (empty($results)) { SimpleSAML\Logger::notice('Output from statistics aggregator was empty.'); } else { $aggregator->store($results); } } catch (Exception $e) { $message = 'Loganalyzer threw exception: ' . $e->getMessage(); SimpleSAML\Logger::warning($message); $croninfo['summary'][] = $message; } }
/** * Notifies managing contact about updated metadata of entity * * @param sspmod_janus_Entity $entity * @param string $metadataXml * @return void */ protected function _mailUpdatedMetaData(sspmod_janus_Entity $entity, $metadataXml) { $config = SimpleSAML_Configuration::getInstance(); $time = date(DATE_RFC822); $entityName = $entity->getPrettyname(); $entityId = $entity->getEntityId(); $message = <<<MESSAGE <h1>Metadata Change detected</h1> <p>Cron ran at {$time}</p> <p>Name: {$entityName}</p> <p>EntityId: {$entityId}</p> MESSAGE; $toAddress = $config->getString('managingcontact_email'); if (empty($toAddress)) { SimpleSAML_Logger::error('Cron - Could not send email. [managingcontact_email] not set in config.'); } $fromAddress = '*****@*****.**'; $subject = "Metadata Change detected for entity " . $entity->getPrettyname() . " (" . $entity->getEntityId() . "])"; $email = new SimpleSAML_XHTML_EMail($toAddress, $subject, $fromAddress); $email->setBody($message); // Add gzipped metadata $attachmentContent = gzencode($metadataXml); $attachmentFileName = 'metadata-' . $entityName . '.xml.gz'; $email->addAttachment($attachmentContent, $attachmentFileName, 'application/zip'); $email->send(); }
/** * Determine whether a module is enabled. * * Will return false if the given module doesn't exists. * * @param string $module Name of the module * * @return bool True if the given module is enabled, false otherwise. * * @throws Exception If module.enable is set and is not boolean. */ public static function isModuleEnabled($module) { $moduleDir = self::getModuleDir($module); if (!is_dir($moduleDir)) { return false; } $globalConfig = SimpleSAML_Configuration::getOptionalConfig(); $moduleEnable = $globalConfig->getArray('module.enable', array()); if (isset($moduleEnable[$module])) { if (is_bool($moduleEnable[$module]) === true) { return $moduleEnable[$module]; } throw new Exception("Invalid module.enable value for for the module {$module}"); } if (assert_options(ASSERT_ACTIVE) && !file_exists($moduleDir . '/default-enable') && !file_exists($moduleDir . '/default-disable')) { SimpleSAML_Logger::error("Missing default-enable or default-disable file for the module {$module}"); } if (file_exists($moduleDir . '/enable')) { return true; } if (!file_exists($moduleDir . '/disable') && file_exists($moduleDir . '/default-enable')) { return true; } return false; }
/** * Hook to inject HTML content into all pages... * * @param array &$hookinfo hookinfo */ function portal_hook_htmlinject(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("pre", $hookinfo)'); assert('array_key_exists("post", $hookinfo)'); assert('array_key_exists("page", $hookinfo)'); $links = array('links' => array()); SimpleSAML_Module::callHooks('frontpage', $links); $portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php'); $allLinks = array(); foreach ($links as $ls) { $allLinks = array_merge($allLinks, $ls); } $pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation'))); SimpleSAML_Module::callHooks('portalextras', $pagesets); $portal = new sspmod_portal_Portal($allLinks, $pagesets); if (!$portal->isPortalized($hookinfo['page'])) { return; } // Include jquery UI CSS files in header. $hookinfo['jquery']['css'] = TRUE; $hookinfo['jquery']['version'] = '1.6'; // Header $hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">'; // Footer $hookinfo['post'][] = '</div></div>'; }
private function loadAttributeMap($attributemap) { $config = SimpleSAML_Configuration::getInstance(); include $config->getPathValue('attributemap', 'attributemap/') . $attributemap . '.php'; $this->attributes = $attributemap; # print_r($attributemap); exit; }
public function validate() { assert('$this->dom instanceof DOMDocument'); if ($this->messageValidated) { /* This message was validated externally. */ return TRUE; } /* Validate the signature. */ $this->validator = new SimpleSAML_XML_Validator($this->dom, array('ResponseID', 'AssertionID')); // Get the issuer of the response. $issuer = $this->getIssuer(); /* Get the metadata of the issuer. */ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $md = $metadata->getMetaData($issuer, 'shib13-idp-remote'); if (array_key_exists('certFingerprint', $md)) { /* Get fingerprint for the certificate of the issuer. */ $issuerFingerprint = $md['certFingerprint']; /* Validate the fingerprint. */ $this->validator->validateFingerprint($issuerFingerprint); } elseif (array_key_exists('caFile', $md)) { /* Validate against CA. */ $globalConfig = SimpleSAML_Configuration::getInstance(); $this->validator->validateCA($globalConfig->getPathValue('certdir', 'cert/') . $md['caFile']); } else { throw new Exception('Required field [certFingerprint] or [caFile] in Shibboleth 1.3 IdP Remote metadata was not found for identity provider [' . $issuer . ']. Please add a fingerprint and try again. You can add a dummy fingerprint first, and then an error message will be printed with the real fingerprint.'); } return true; }
/** * Initialize the timezone. * * This function should be called before any calls to date(). * * @author Olav Morken, UNINETT AS <*****@*****.**> */ public static function initTimezone() { static $initialized = false; if ($initialized) { return; } $initialized = true; $globalConfig = \SimpleSAML_Configuration::getInstance(); $timezone = $globalConfig->getString('timezone', null); if ($timezone !== null) { if (!date_default_timezone_set($timezone)) { throw new \SimpleSAML_Error_Exception('Invalid timezone set in the "timezone" option in config.php.'); } return; } // we don't have a timezone configured /* * The date_default_timezone_get() function is likely to cause a warning. * Since we have a custom error handler which logs the errors with a backtrace, * this error will be logged even if we prefix the function call with '@'. * Instead we temporarily replace the error handler. */ set_error_handler(function () { return true; }); $serverTimezone = date_default_timezone_get(); restore_error_handler(); // set the timezone to the default date_default_timezone_set($serverTimezone); }
function getMenu($thispage) { $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'sanitycheck:check.tpl.php'); $tabset = $this->getTabset($thispage); $logininfo = $this->getLoginInfo($t, $thispage); $text = ''; $text .= '<ul class="tabset_tabs ui-tabs-nav ui-helper-reset ui-helper-clearfix ui-widget-header ui-corner-all">'; foreach ($this->pages as $pageid => $page) { if (isset($tabset) && !in_array($pageid, $tabset, TRUE)) { continue; } $name = 'uknown'; if (isset($page['text'])) { $name = $page['text']; } if (isset($page['shorttext'])) { $name = $page['shorttext']; } if (!isset($page['href'])) { $text .= '<li class="ui-state-default ui-corner-top ui-tabs-selected ui-state-active"><a href="#">' . $t->t($name) . '</a></li>'; } else { if ($pageid === $thispage) { $text .= '<li class="ui-state-default ui-corner-top ui-tabs-selected ui-state-active"><a href="#">' . $t->t($name) . '</a></li>'; } else { $text .= '<li class="ui-state-default ui-corner-top"><a href="' . $page['href'] . '">' . $t->t($name) . '</a></li>'; } } } $text .= '</ul>'; if (!empty($logininfo)) { $text .= '<p class="logininfo" style="text-align: right; margin: 0px">' . $logininfo . '</p>'; } return $text; }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function sanitycheck_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); SimpleSAML_Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] '); try { $sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php'); $cronTag = $sconfig->getString('cron_tag', NULL); if ($cronTag === NULL || $cronTag !== $croninfo['tag']) { return; } $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML_Module::callHooks('sanitycheck', $hookinfo); if (count($errors) > 0) { foreach ($errors as $err) { $croninfo['summary'][] = 'Sanitycheck error: ' . $err; } } } catch (Exception $e) { $croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage(); } }
/** * Build a new logging handler based on files. */ public function __construct(\SimpleSAML_Configuration $config) { // get the metadata handler option from the configuration $this->logFile = $config->getPathValue('loggingdir', 'log/') . $config->getString('logging.logfile', 'simplesamlphp.log'); $this->processname = $config->getString('logging.processname', 'SimpleSAMLphp'); if (@file_exists($this->logFile)) { if (!@is_writeable($this->logFile)) { throw new \Exception("Could not write to logfile: " . $this->logFile); } } else { if (!@touch($this->logFile)) { throw new \Exception("Could not create logfile: " . $this->logFile . " The logging directory is not writable for the web server user."); } } \SimpleSAML\Utils\Time::initTimezone(); }