예제 #1
0
/**
 * Return a dictionary of attribute->value pairs
 * that were pre-asserted about the given eppn.
 */
function get_asserted_attributes($eppn)
{
    $table_name = "km_asserted_attribute";
    $conn = db_conn();
    $sql = "select * from " . $table_name . " where LOWER(eppn) " . " = LOWER(" . $conn->quote($eppn, 'text') . ")";
    $result = db_fetch_rows($sql);
    if ($result[RESPONSE_ARGUMENT::CODE] != RESPONSE_ERROR::NONE) {
        $db_error = $result[RESPONSE_ARGUMENT::OUTPUT];
        geni_syslog(GENI_SYSLOG_PREFIX::MA, "Database error: {$db_error}");
        geni_syslog(GENI_SYSLOG_PREFIX::MA, "Query was: " . $sql);
        // return an empty array because we couldn't load any attributes.
        return array();
    }
    // SUCCESS -- create the return value from the db results
    $value = array();
    foreach ($result[RESPONSE_ARGUMENT::VALUE] as $row) {
        $value[$row['name']] = $row['value'];
    }
    return $value;
}
예제 #2
0
    $CURRENT_SHIB_ID_TAG = "CURRENT_SHIB_ID";
    $current_shib_id = $_SERVER["Shib-Session-ID"];
    if (!isset($_SESSION)) {
        session_start();
    }
    $shib_id_changed = false;
    if (!array_key_exists($CURRENT_SHIB_ID_TAG, $_SESSION) || $_SESSION[$CURRENT_SHIB_ID_TAG] != $current_shib_id) {
        $shib_id_changed = true;
    }
    // error_log("NEW SHIB_ID = " . $current_shib_id);
    if ($shib_id_changed) {
        $eppn = "No EPPN Found";
        if (array_key_exists("eppn", $_SERVER)) {
            $eppn = strtolower($_SERVER["eppn"]);
        }
        geni_syslog(GENI_SYSLOG_PREFIX::PORTAL, "New login to portal: " . $eppn);
        $_SESSION[$CURRENT_SHIB_ID_TAG] = $current_shib_id;
    }
}
$extra_js = array();
function add_js_script($script_url)
{
    global $extra_js;
    $extra_js[] = $script_url;
}
/**
 * Display the HTML preamble and HTML head block.
 *
 * This is modularized to facilitate sharing with pages that
 * should not show the standard menubar header.
 */
예제 #3
0
function delete_speaks_for($token)
{
    $conn = portal_conn();
    $q_token = $conn->quote($token, 'text');
    $sql = 'DELETE FROM speaks_for';
    $sql .= ' WHERE token = ' . $q_token;
    /* print "Query = $sql<br/>"; */
    $result = db_execute_statement($sql, "delete_speaks_for");
    if ($result[RESPONSE_ARGUMENT::CODE] != RESPONSE_ERROR::NONE) {
        $msg = "delete_speaks_for: " . $result[RESPONSE_ARGUMENT::OUTPUT];
        geni_syslog(GENI_SYSLOG_PREFIX::PORTAL, $msg);
        error_log($msg);
        return FALSE;
    } else {
        return TRUE;
    }
}
예제 #4
0
    $msg = "ERROR. A {$visibility} RSpec already exists with name \"{$name} \".";
    $_SESSION['lasterror'] = $msg;
    relative_redirect('profile#rspecs');
    exit;
}
$am_urns_image = "";
foreach ($am_urns as $am_urn) {
    $am_urns_image = $am_urns_image . $am_urn . " ";
}
//error_log("PARSE : " . $is_bound . " " . $is_stitch . " " . $am_urns_image);
// FIXME: Need a utility that determines schema and version
// from the RSpec itself.
$schema = "GENI";
$schema_version = "3";
if ($rspec_id != "") {
    $uploaded_rspec = $errorcode != UPLOAD_ERR_NO_FILE;
    $result = db_update_rspec($rspec_id, $user, $name, $description, $contents, $schema, $schema_version, $visibility, $is_bound, $is_stitch, $am_urns_image, $uploaded_rspec);
} else {
    $result = db_add_rspec($user, $name, $description, $contents, $schema, $schema_version, $visibility, $is_bound, $is_stitch, $am_urns_image);
}
geni_syslog(GENI_SYSLOG_PREFIX::PORTAL, "db_add_rspec: " . print_r($result, true));
//error_log("db_add_rspec: " . print_r($result, true));
// FIXME: check result
if (!$result) {
    $_SESSION['lasterror'] = "ERROR. Failed to upload Resource Specification " . $name;
} elseif ($rspec_id != "") {
    $_SESSION['lastmessage'] = "Updated Resource Specification " . $name;
} else {
    $_SESSION['lastmessage'] = "Uploaded Resource Specification " . $name;
}
relative_redirect('profile#rspecs');
예제 #5
0
function handle_message($prefix, $cs_url, $cacerts, $receiver_cert, $receiver_key, $guard_factory)
{
    if (is_null($receiver_cert)) {
        throw new Exception('No receiver certificate in handle_message call.');
    }
    if (is_null($receiver_key)) {
        throw new Exception('No receiver key in handle_message call.');
    }
    if (is_null($guard_factory)) {
        $guard_factory = new DefaultGuardFactory($prefix, $cs_url);
    }
    // mh_debug($prefix . ": starting");
    $data = extract_message();
    // Now process the data
    $data = smime_decrypt($data);
    // No CAs specified, use the default set.
    if (is_null($cacerts)) {
        $cacerts = default_cacerts();
    }
    $msg = smime_validate($data, $cacerts, $signer_pem);
    mh_debug("msg = " . print_r($msg, TRUE));
    if (is_null($msg)) {
        /* Message failed to verify. Return authentication failure. */
        $result = generate_response(RESPONSE_ERROR::AUTHENTICATION, NULL, "Message verification failed.");
        goto done;
    }
    if (is_null($signer_pem)) {
        // error_log("$prefix received unsigned message: " . print_r($msg, true));
    }
    $geni_message = new GeniMessage($msg, $signer_pem);
    $funcargs = $geni_message->parse();
    $func = $funcargs[0];
    if (!is_callable($func)) {
        $result = generate_response(RESPONSE_ERROR::ARGS, NULL, "Unknown operation \"{$func}\".");
        goto done;
    }
    if (is_null($geni_message->signer())) {
        geni_syslog("MessageHandler", "No signer on {$prefix}.{$func}");
    }
    $action = $func;
    $guards = $guard_factory->createGuards($geni_message);
    foreach ($guards as $guard) {
        if (!$guard->evaluate()) {
            $principal = $geni_message->signerUrn();
            $msg = "{$principal} is not authorized to {$action}.";
            error_log("Failed by guard " . print_r($guard, true));
            $result = generate_response(RESPONSE_ERROR::AUTHORIZATION, NULL, $msg);
            goto done;
        }
    }
    mh_debug("Action {$func} is authorized.");
    $refFunc = new ReflectionFunction($func);
    $paramCount = $refFunc->getNumberOfParameters();
    if ($paramCount === 1) {
        $result = call_user_func($func, $funcargs[1]);
    } else {
        if ($paramCount === 2) {
            $result = call_user_func($func, $funcargs[1], $geni_message);
        } else {
            error_log("Unknown method signature for invoked method \"{$func}\"." . " Expected 1 or 2 parameters, but {$func} expects" . " {$paramCount}");
            $result = generate_response(RESPONSE_ERROR::ARGS, NULL, "Bad callback signature for \"{$func}\".");
        }
    }
    /* Sweet! I get to use GOTO! */
    done:
    //   mh_debug("RESULT = " . print_r($result, true));
    $output = encode_result($result);
    //   mh_debug("RESULT(enc) = " . $output);
    //   mh_debug("RESULT(dec) = " . decode_result($output));
    $output = smime_sign_message($output, $receiver_cert, $receiver_key);
    $output = smime_encrypt($output);
    //   mh_debug("BEFORE PRINT:" . $output);
    print $output;
}
예제 #6
0
 function evaluate()
 {
     $result = (bool) $this->message->signerPem();
     if (!$result) {
         $pm = $this->message->parse();
         $op = $pm[0];
         geni_syslog("SignedMessageGuard", "blocking {$op}: unsigned message.");
     }
     return $result;
 }
예제 #7
0
function restart_sliver($am_url, $user, $slice_credential, $slice_urn, $slice_id)
{
    if (!isset($am_url) || is_null($am_url)) {
        if (!(is_array($am_url) || $am_url != '')) {
            error_log("am_client cannot invoke Omni without an AM URL");
            return "Missing AM URL";
        }
    }
    if (!isset($slice_credential) || is_null($slice_credential) || $slice_credential == '') {
        error_log("am_client cannot act on a slice without a credential");
        return "Missing slice credential";
    }
    $member_id = $user->account_id;
    $msg = "User {$member_id} calling POA geni_restart at {$am_url} on {$slice_urn}";
    geni_syslog(GENI_SYSLOG_PREFIX::PORTAL, $msg);
    // Caller logs if the restart appeared successful, so don't bother doing this
    //  log_action("Called POA(geni_restart)", $user, $am_url, $slice_urn, NULL, $slice_id);
    $slice_credential_filename = writeDataToTempFile($slice_credential, $user->username . "-cred-");
    $args = array("--slicecredfile", $slice_credential_filename, 'performoperationalaction', $slice_urn, 'geni_restart');
    // Note that this AM no longer has resources
    $output = invoke_omni_function($am_url, $user, $args, array(), 0, 0, false, NULL, $api_version = "3");
    unlink($slice_credential_filename);
    return $output;
}