public function updateCache()
{
// update the liaison
Logger::debug('main', 'UsersGroup_dynamic_cached::updateCache for ID=' . $this->getUniqueID());
$logins = parent::usersLogin();
$liaisons = Abstract_Liaison::load('UsersGroupCached', NULL, $this->getUniqueID());
foreach ($liaisons as $a_liaison) {
if (!in_array($a_liaison->element, $logins)) {
Abstract_Liaison::delete('UsersGroupCached', $a_liaison->element, $a_liaison->group);
}
}
foreach ($logins as $a_login) {
if (!isset($liaisons[$a_login])) {
Abstract_Liaison::save('UsersGroupCached', $a_login, $this->getUniqueID());
}
}
}
public function updatePolicy($new_policy_)
{
$old_policy = $this->getPolicy();
Abstract_Liaison::delete('ACL', $this->getUniqueID(), NULL);
foreach ($new_policy_ as $a_policy => $allow) {
if ($allow) {
Abstract_Liaison::save('ACL', $this->getUniqueID(), $a_policy);
}
}
}
private static function create($session_)
{
Logger::debug('main', 'Starting Abstract_Session::create for \'' . $session_->id . '\'');
if (Abstract_Session::exists($session_->id)) {
Logger::error('main', 'Abstract_Session::create(\'' . $session_->id . '\') session already exists');
return false;
}
$SQL = SQL::getInstance();
$SQL->DoQuery('INSERT INTO @1 (@2) VALUES (%3)', $SQL->prefix . 'sessions', 'id', $session_->id);
foreach ($session_->servers[Server::SERVER_ROLE_APS] as $fqdn => $data) {
Abstract_Liaison::save('ServerSession', $fqdn, $session_->id);
}
return true;
}
public function addUserGroupToSharedFolder($usergroup_, $sharedfolder_)
{
if (!is_object($usergroup_)) {
Logger::error('main', "SharedFolderDB::internal::addUserGroupToSharedFolder, parameter 'usergroup' is not correct, usergroup: " . serialize($usergroup_));
return false;
}
if (!is_object($sharedfolder_)) {
Logger::error('main', "SharedFolderDB::internal::addUserGroupToSharedFolder, parameter 'sharedfolder' is not correct, NetworkFolder: " . serialize($sharedfolder_));
return false;
}
return Abstract_Liaison::save('UserGroupSharedFolder', $usergroup_->getUniqueID(), $sharedfolder_->id);
}
function do_validate()
{
if ($_SESSION['wizard']['use_users'] == 'users') {
if (!checkAuthorization('manageUsersGroups')) {
redirect();
}
$userGroupDB = UserGroupDB::getInstance();
if (!$userGroupDB->isWriteable()) {
return false;
}
$g = new UsersGroup(NULL, $_SESSION['wizard']['user_group_name'], $_SESSION['wizard']['user_group_description'], 1);
$res = $userGroupDB->add($g);
if (!$res || !is_object($g) || $g->id == NULL) {
popup_error(_('Cannot create usergroup'));
}
$users = $_SESSION['wizard']['users'];
foreach ($users as $user) {
Abstract_Liaison::save('UsersGroup', $user, $g->getUniqueID());
}
$usergroups = array($g->getUniqueID());
} else {
$usergroups = $_SESSION['wizard']['usergroups'];
}
if ($_SESSION['wizard']['use_apps'] == 'apps') {
if (!checkAuthorization('manageApplicationsGroups')) {
redirect();
}
$g = new AppsGroup(NULL, $_SESSION['wizard']['application_group_name'], $_SESSION['wizard']['application_group_description'], 1);
$applicationsGroupDB = ApplicationsGroupDB::getInstance();
$res = $applicationsGroupDB->add($g);
if (!$res || !is_object($g) || $g->id == NULL) {
popup_error(_('Cannot create application group'));
}
$apps = $_SESSION['wizard']['apps'];
foreach ($apps as $app) {
Abstract_Liaison::save('AppsGroup', $app, $g->id);
}
$appgroups = array($g->id);
} else {
$appgroups = $_SESSION['wizard']['appgroups'];
}
foreach ($usergroups as $usergroup) {
foreach ($appgroups as $appgroup) {
$exists = Abstract_Liaison::load('UsersGroupApplicationsGroup', $usergroup, $appgroup);
if (is_object($exists) === false) {
Abstract_Liaison::save('UsersGroupApplicationsGroup', $usergroup, $appgroup);
}
}
}
if (isset($_SESSION['wizard'])) {
}
unset($_SESSION['wizard']);
redirect('publications.php');
die;
}
public function update($a)
{
if (array_key_exists($a->getAttribute('id'), $this->cache)) {
unset($this->cache[$a->getAttribute('id')]);
}
if ($this->isOK($a)) {
$query = 'UPDATE#1 SET ';
$attributes = $a->getAttributesList();
foreach ($attributes as $key) {
$query .= '`' . $key . '` = \'' . mysql_escape_string($a->getAttribute($key)) . '\' , ';
}
$query = substr($query, 0, -2);
// del the last ,
$query .= ' WHERE `id` =\'' . $a->getAttribute('id') . '\'';
$sql2 = SQL::getInstance();
$res = $sql2->DoQuery($query, self::table);
if ($res === false) {
return false;
}
Abstract_Liaison::delete('ApplicationMimeType', $a->getAttribute('id'), NULL);
foreach ($a->getMimeTypes() as $mimetype) {
if (!is_object(Abstract_Liaison::load('ApplicationMimeType', $a->getAttribute('id'), $mimetype))) {
$ret = Abstract_Liaison::save('ApplicationMimeType', $a->getAttribute('id'), $mimetype);
if ($ret === false) {
return $ret;
}
}
}
return true;
}
return false;
}
if ($_REQUEST['action'] == 'add') {
$usersGroupDB = UserGroupDB::getInstance();
$usergroup = $usersGroupDB->import($_REQUEST['group_u']);
if (is_object($usergroup) == false) {
popup_error(sprintf(_("Importing usergroup '%s' failed"), $_REQUEST['group_u']));
redirect();
}
$applicationsGroupDB = ApplicationsGroupDB::getInstance();
$applicationsgroup = $applicationsGroupDB->import($_REQUEST['group_a']);
if (is_object($applicationsgroup) == false) {
popup_error(sprintf(_("Importing applications group '%s' failed"), $_REQUEST['group_a']));
redirect();
}
$l = Abstract_Liaison::load('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']);
if (is_null($l)) {
$ret = Abstract_Liaison::save('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']);
if ($ret === true) {
popup_info(_('Publication successfully added'));
} else {
popup_error(_('Unable to save the publication'));
}
} else {
popup_error(_('This publication already exists'));
}
}
if ($_REQUEST['action'] == 'del') {
$l = Abstract_Liaison::load('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']);
if (!is_null($l)) {
$ret = Abstract_Liaison::delete('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']);
if ($ret === true) {
popup_info(_('Publication successfully deleted'));
$buf = Abstract_Server::load($_GET['fqdn']);
if (!$buf || !$buf->isAuthorized()) {
Logger::error('main', '(webservices/application) Server not authorized : ' . $_GET['fqdn'] . ' == ' . @gethostbyname($_GET['fqdn']) . ' ?');
die('Server not authorized');
}
Logger::debug('main', '(webservices/application) Security check OK');
$prefs = Preferences::getInstance();
if (!$prefs) {
die_error('get Preferences failed', __FILE__, __LINE__);
}
$mods_enable = $prefs->get('general', 'module_enable');
if (!in_array('ApplicationDB', $mods_enable)) {
Logger::error('main', '(webservices/application) Module ApplicationDB must be enabled');
header('HTTP/1.1 400 Bad Request');
die;
}
$applicationDB = ApplicationDB::getInstance();
$app = $applicationDB->import($_GET['id']);
if (!is_object($app)) {
Logger::error('main', '(webservices/application) error final');
header('HTTP/1.1 404 Not Found');
die;
}
if ($app->getAttribute('static')) {
if (!is_object(Abstract_Liaison::load('StaticApplicationServer', $app->getAttribute('id'), $buf->fqdn))) {
Abstract_Liaison::save('StaticApplicationServer', $app->getAttribute('id'), $buf->fqdn);
}
}
header('Content-Type: text/xml; charset=utf-8');
echo $app->toXML($buf);
die;
public function addUserToProfile($user_, $profile_)
{
if (!is_object($user_)) {
Logger::error('main', "ProfileDB::internal::addUserToProfile, parameter 'user' is not correct, user: "******"ProfileDB::internal::addUserToProfile, parameter 'profile' is not correct, profile: " . serialize($profile_));
return false;
}
return Abstract_Liaison::save('UserProfile', $user_->getAttribute('login'), $profile_->id);
}
public function updateApplications()
{
Logger::debug('main', 'Server::updateApplications');
if (!is_array($this->roles) || !array_key_exists(Server::SERVER_ROLE_APS, $this->roles)) {
Logger::critical('main', 'SERVER::updateApplications - Not an ApS');
return false;
}
if (!$this->isOnline()) {
Logger::debug('main', 'Server::updateApplications server "' . $this->fqdn . ':' . $this->web_port . '" is not online');
return false;
}
$applicationDB = ApplicationDB::getInstance();
$xml = query_url($this->getBaseURL() . '/aps/applications');
if (!$xml) {
$this->isUnreachable();
Logger::error('main', 'Server::updateApplications server \'' . $this->fqdn . '\' is unreachable');
return false;
}
if (!is_string($xml)) {
Logger::error('main', 'Server::updateApplications invalid xml1');
return false;
}
if (substr($xml, 0, 5) == 'ERROR') {
$this->returnedError();
Logger::error('main', 'Server::updateApplications invalid xml2');
return false;
}
if ($xml == '') {
Logger::error('main', 'Server::updateApplications invalid xml3');
return false;
}
$dom = new DomDocument('1.0', 'utf-8');
@$dom->loadXML($xml);
$root = $dom->documentElement;
// before adding application, we remove all previous applications
$previous_liaison = Abstract_Liaison::load('ApplicationServer', NULL, $this->fqdn);
// see end of function
$current_liaison_key = array();
$application_node = $dom->getElementsByTagName("application");
$sync_apps = array();
foreach ($application_node as $app_node) {
$app_name = '';
$app_description = '';
$app_path_exe = '';
$app_path_args = NULL;
$app_package = NULL;
$app_desktopfile = NULL;
if ($app_node->hasAttribute("name")) {
$app_name = $app_node->getAttribute("name");
}
if ($app_node->hasAttribute("description")) {
$app_description = $app_node->getAttribute("description");
}
if ($app_node->hasAttribute("package")) {
$app_package = $app_node->getAttribute("package");
}
if ($app_node->hasAttribute("desktopfile")) {
$app_desktopfile = $app_node->getAttribute("desktopfile");
}
$local_id = $app_node->getAttribute("id");
$exe_node = $app_node->getElementsByTagName('executable')->item(0);
if ($exe_node->hasAttribute("command")) {
$command = $exe_node->getAttribute("command");
$command = str_replace(array("%U", "%u", "%c", "%i", "%f", "%m"), "", $command);
$app_path_exe = trim($command);
}
$mimetypes = array();
$mime_nodes = $app_node->getElementsByTagName('mime');
foreach ($mime_nodes as $mime_node) {
if (!$mime_node->hasAttribute("type")) {
continue;
}
$mimetypes[] = $mime_node->getAttribute("type");
}
$a = new Application(NULL, $app_name, $app_description, $this->getAttribute('type'), $app_path_exe, $app_package, true, $app_desktopfile);
$a->setMimeTypes($mimetypes);
$a_search = $applicationDB->search($app_name, $app_description, $this->getAttribute('type'), $app_path_exe);
if (is_object($a_search)) {
//already in DB
// echo $app_name." already in DB\n";
$a = $a_search;
} else {
// echo $app_name." NOT in DB\n";
if ($applicationDB->isWriteable() == false) {
Logger::debug('main', 'Server::updateApplications applicationDB is not writeable');
} else {
if ($applicationDB->add($a) == false) {
//echo 'app '.$app_name." not insert<br>\n";
return false;
}
}
}
if ($applicationDB->isWriteable() == true) {
if ($applicationDB->isOK($a) == true) {
// we add the app to the server
if (!is_object(Abstract_Liaison::load('ApplicationServer', $a->getAttribute('id'), $this->fqdn))) {
$ret = Abstract_Liaison::save('ApplicationServer', $a->getAttribute('id'), $this->fqdn);
if ($ret === false) {
Logger::error('main', 'Server::updateApplications failed to save application');
return $ret;
}
}
$current_liaison_key[] = $a->getAttribute('id');
} else {
//echo "Application not ok<br>\n";
}
}
$sync_apps[$local_id] = $a->getAttribute('id');
}
$previous_liaison_key = array_keys($previous_liaison);
foreach ($previous_liaison_key as $key) {
if (in_array($key, $current_liaison_key) == false) {
$a = $applicationDB->import($key);
if (is_null($a) || $a->getAttribute('static') == false) {
Abstract_Liaison::delete('ApplicationServer', $key, $this->fqdn);
}
}
}
if (count($sync_apps) > 0) {
$dom = new DomDocument('1.0', 'utf-8');
$applications_node = $dom->createElement('applications');
foreach ($sync_apps as $local_id => $id) {
$application_node = $dom->createElement('application');
$application_node->setAttribute('id', $id);
$application_node->setAttribute('local_id', $local_id);
$applications_node->appendChild($application_node);
}
$dom->appendChild($applications_node);
$xml = $dom->saveXML();
query_url_post_xml($this->getBaseURL() . '/aps/applications/ids', $xml);
foreach ($sync_apps as $local_id => $id) {
$a = $applicationDB->import($id);
if (!is_object($a)) {
continue;
}
if (!file_exists($a->getIconPathRW())) {
$this->getApplicationIcon($a->getAttribute('id'));
}
}
}
return true;
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_SAML2::get_login()');
$my_settings = $this->prefs->get('AuthMethod', 'SAML2');
$saml_node = $this->user_node_request->getElementsByTagname('saml_ticket')->item(0);
if (is_null($saml_node)) {
Logger::error('main', 'Authentication SAML2: No incoming SAML ticket');
return NULL;
}
$saml_response_ticket = NULL;
for ($child = $saml_node->firstChild; $child != NULL; $child = $child->nextSibling) {
if ($child->nodeType != XML_TEXT_NODE) {
Logger::error('main', 'Authentication SAML2: node is not text');
continue;
}
$saml_response_ticket = $child->wholeText;
}
if (is_null($saml_response_ticket)) {
Logger::error('main', 'Authentication SAML2: No incoming SAML ticket (bad protocol)');
return NULL;
}
$settings = $this->build_saml_settings($my_settings['idp_url'], $my_settings['idp_fingerprint'], $my_settings['idp_cert']);
try {
$response = new OneLogin_Saml2_Response($settings, $saml_response_ticket);
ob_start();
// Catch debug messages
if (!$response->isValid()) {
Logger::error('main', 'Authentication SAML2: the SAML response is not valid ' . ob_get_contents());
ob_end_clean();
return NULL;
}
ob_end_clean();
$sessionExpiration = $response->getSessionNotOnOrAfter();
if (!empty($sessionExpiration) && $sessionExpiration <= time() || !$response->validateTimestamps()) {
Logger::error('main', 'Authentication SAML2: Session expired');
return NULL;
}
} catch (Exception $e) {
Logger::error('main', 'Authentication SAML2: ' . $e->getMessage());
return NULL;
}
$attributes = $response->getAttributes();
$user = $this->userDB->import($response->getNameId());
if ($user == NULL) {
Logger::error('main', 'Authentication SAML2: user not found');
throw new Exception();
}
$login = $user->getAttribute('login');
// we recognize following attributes:
// * ovd.group_member: for user group matching
// * ovd.setting.*: for settings
if (array_key_exists("ovd.group_member", $attributes) && is_array($attributes["ovd.group_member"])) {
$userGroupDB = UserGroupDB::getInstance();
$to_delete = array();
$current_groups = array_keys(Abstract_Liaison::loadGroups('UsersGroup', $login));
foreach ($attributes["ovd.group_member"] as $group_name) {
$found = false;
list($groups, $sizelimit_exceeded) = $userGroupDB->getGroupsContains($group_name, array('name'));
foreach ($groups as $group) {
if ($group->name == $group_name) {
$found = True;
if (!in_array($group->getUniqueID(), $current_groups)) {
Logger::info('main', 'Authentication SAML2: Add user "' . $login . '" to group "' . $group->name . '"');
$ret = Abstract_Liaison::save('UsersGroup', $login, $group->getUniqueID());
if ($ret !== true) {
Logger::error('main', 'Authentication SAML2: Unable to add user "' . $login . '" to group "' . $group->name . '"');
throw new Exception();
}
} else {
unset($current_groups[array_search($group->getUniqueID(), $current_groups)]);
}
}
}
if (!$found) {
Logger::error('main', 'Authentication SAML2: group "' . $group_name . '" not found');
throw new Exception();
}
}
foreach ($current_groups as $group) {
Logger::info('main', 'Authentication SAML2: remove group "' . $group . '" from ' . $login);
Abstract_Liaison::delete('UsersGroup', $login, $group);
}
}
$prefs = Preferences::getInstance();
foreach ($attributes as $attribute => $value) {
if (is_array($value) && count($value) == 1) {
$value = $value[0];
}
if (substr($attribute, 0, 12) == 'ovd.setting.') {
$attribute = explode('.', $attribute);
if (count($attribute) != 4) {
Logger::error('main', 'Authentication SAML2: incorrect setting : "' . implode('.', $attribute) . '"');
throw new Exception();
}
$container = $attribute[2];
$setting = $attribute[3];
$session_settings_defaults = $prefs->getElements('general', $container);
if (!array_key_exists($setting, $session_settings_defaults)) {
Logger::error('main', 'Authentication SAML2: setting "' . implode('.', $attribute) . '" does not exists');
throw new Exception();
}
$config_element = clone $session_settings_defaults[$setting];
$ugp = new User_Preferences($login, 'general', $container, $setting, $config_element->content);
Logger::info('main', 'Authentication SAML2: set setting "' . implode('.', $attribute) . '" to ' . str_replace("\n", "", print_r($value, true)));
$ugp->value = $value;
Abstract_User_Preferences::delete($login, 'general', $container, $setting);
$ret = Abstract_User_Preferences::save($ugp);
if (!$ret) {
Logger::error('main', 'Authentication SAML2: impossible to save setting "' . implode('.', $attribute) . '"');
throw new Exception();
}
}
}
// return true or false.. No redirection to any IdP. We must have a valid ticket at this point. No artifact method
return $response->getNameId();
}
public function users_group_add_script($script_id_, $group_id_)
{
$this->check_authorized('manageScriptsGroups');
$ret = Abstract_Liaison::save('Scripts', $script_id_, $group_id_);
return $ret === true;
}
