public function updateCache() { // update the liaison Logger::debug('main', 'UsersGroup_dynamic_cached::updateCache for ID=' . $this->getUniqueID()); $logins = parent::usersLogin(); $liaisons = Abstract_Liaison::load('UsersGroupCached', NULL, $this->getUniqueID()); foreach ($liaisons as $a_liaison) { if (!in_array($a_liaison->element, $logins)) { Abstract_Liaison::delete('UsersGroupCached', $a_liaison->element, $a_liaison->group); } } foreach ($logins as $a_login) { if (!isset($liaisons[$a_login])) { Abstract_Liaison::save('UsersGroupCached', $a_login, $this->getUniqueID()); } } }
public function updatePolicy($new_policy_) { $old_policy = $this->getPolicy(); Abstract_Liaison::delete('ACL', $this->getUniqueID(), NULL); foreach ($new_policy_ as $a_policy => $allow) { if ($allow) { Abstract_Liaison::save('ACL', $this->getUniqueID(), $a_policy); } } }
private static function create($session_) { Logger::debug('main', 'Starting Abstract_Session::create for \'' . $session_->id . '\''); if (Abstract_Session::exists($session_->id)) { Logger::error('main', 'Abstract_Session::create(\'' . $session_->id . '\') session already exists'); return false; } $SQL = SQL::getInstance(); $SQL->DoQuery('INSERT INTO @1 (@2) VALUES (%3)', $SQL->prefix . 'sessions', 'id', $session_->id); foreach ($session_->servers[Server::SERVER_ROLE_APS] as $fqdn => $data) { Abstract_Liaison::save('ServerSession', $fqdn, $session_->id); } return true; }
public function addUserGroupToSharedFolder($usergroup_, $sharedfolder_) { if (!is_object($usergroup_)) { Logger::error('main', "SharedFolderDB::internal::addUserGroupToSharedFolder, parameter 'usergroup' is not correct, usergroup: " . serialize($usergroup_)); return false; } if (!is_object($sharedfolder_)) { Logger::error('main', "SharedFolderDB::internal::addUserGroupToSharedFolder, parameter 'sharedfolder' is not correct, NetworkFolder: " . serialize($sharedfolder_)); return false; } return Abstract_Liaison::save('UserGroupSharedFolder', $usergroup_->getUniqueID(), $sharedfolder_->id); }
function do_validate() { if ($_SESSION['wizard']['use_users'] == 'users') { if (!checkAuthorization('manageUsersGroups')) { redirect(); } $userGroupDB = UserGroupDB::getInstance(); if (!$userGroupDB->isWriteable()) { return false; } $g = new UsersGroup(NULL, $_SESSION['wizard']['user_group_name'], $_SESSION['wizard']['user_group_description'], 1); $res = $userGroupDB->add($g); if (!$res || !is_object($g) || $g->id == NULL) { popup_error(_('Cannot create usergroup')); } $users = $_SESSION['wizard']['users']; foreach ($users as $user) { Abstract_Liaison::save('UsersGroup', $user, $g->getUniqueID()); } $usergroups = array($g->getUniqueID()); } else { $usergroups = $_SESSION['wizard']['usergroups']; } if ($_SESSION['wizard']['use_apps'] == 'apps') { if (!checkAuthorization('manageApplicationsGroups')) { redirect(); } $g = new AppsGroup(NULL, $_SESSION['wizard']['application_group_name'], $_SESSION['wizard']['application_group_description'], 1); $applicationsGroupDB = ApplicationsGroupDB::getInstance(); $res = $applicationsGroupDB->add($g); if (!$res || !is_object($g) || $g->id == NULL) { popup_error(_('Cannot create application group')); } $apps = $_SESSION['wizard']['apps']; foreach ($apps as $app) { Abstract_Liaison::save('AppsGroup', $app, $g->id); } $appgroups = array($g->id); } else { $appgroups = $_SESSION['wizard']['appgroups']; } foreach ($usergroups as $usergroup) { foreach ($appgroups as $appgroup) { $exists = Abstract_Liaison::load('UsersGroupApplicationsGroup', $usergroup, $appgroup); if (is_object($exists) === false) { Abstract_Liaison::save('UsersGroupApplicationsGroup', $usergroup, $appgroup); } } } if (isset($_SESSION['wizard'])) { } unset($_SESSION['wizard']); redirect('publications.php'); die; }
public function update($a) { if (array_key_exists($a->getAttribute('id'), $this->cache)) { unset($this->cache[$a->getAttribute('id')]); } if ($this->isOK($a)) { $query = 'UPDATE#1 SET '; $attributes = $a->getAttributesList(); foreach ($attributes as $key) { $query .= '`' . $key . '` = \'' . mysql_escape_string($a->getAttribute($key)) . '\' , '; } $query = substr($query, 0, -2); // del the last , $query .= ' WHERE `id` =\'' . $a->getAttribute('id') . '\''; $sql2 = SQL::getInstance(); $res = $sql2->DoQuery($query, self::table); if ($res === false) { return false; } Abstract_Liaison::delete('ApplicationMimeType', $a->getAttribute('id'), NULL); foreach ($a->getMimeTypes() as $mimetype) { if (!is_object(Abstract_Liaison::load('ApplicationMimeType', $a->getAttribute('id'), $mimetype))) { $ret = Abstract_Liaison::save('ApplicationMimeType', $a->getAttribute('id'), $mimetype); if ($ret === false) { return $ret; } } } return true; } return false; }
if ($_REQUEST['action'] == 'add') { $usersGroupDB = UserGroupDB::getInstance(); $usergroup = $usersGroupDB->import($_REQUEST['group_u']); if (is_object($usergroup) == false) { popup_error(sprintf(_("Importing usergroup '%s' failed"), $_REQUEST['group_u'])); redirect(); } $applicationsGroupDB = ApplicationsGroupDB::getInstance(); $applicationsgroup = $applicationsGroupDB->import($_REQUEST['group_a']); if (is_object($applicationsgroup) == false) { popup_error(sprintf(_("Importing applications group '%s' failed"), $_REQUEST['group_a'])); redirect(); } $l = Abstract_Liaison::load('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']); if (is_null($l)) { $ret = Abstract_Liaison::save('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']); if ($ret === true) { popup_info(_('Publication successfully added')); } else { popup_error(_('Unable to save the publication')); } } else { popup_error(_('This publication already exists')); } } if ($_REQUEST['action'] == 'del') { $l = Abstract_Liaison::load('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']); if (!is_null($l)) { $ret = Abstract_Liaison::delete('UsersGroupApplicationsGroup', $_REQUEST['group_u'], $_REQUEST['group_a']); if ($ret === true) { popup_info(_('Publication successfully deleted'));
$buf = Abstract_Server::load($_GET['fqdn']); if (!$buf || !$buf->isAuthorized()) { Logger::error('main', '(webservices/application) Server not authorized : ' . $_GET['fqdn'] . ' == ' . @gethostbyname($_GET['fqdn']) . ' ?'); die('Server not authorized'); } Logger::debug('main', '(webservices/application) Security check OK'); $prefs = Preferences::getInstance(); if (!$prefs) { die_error('get Preferences failed', __FILE__, __LINE__); } $mods_enable = $prefs->get('general', 'module_enable'); if (!in_array('ApplicationDB', $mods_enable)) { Logger::error('main', '(webservices/application) Module ApplicationDB must be enabled'); header('HTTP/1.1 400 Bad Request'); die; } $applicationDB = ApplicationDB::getInstance(); $app = $applicationDB->import($_GET['id']); if (!is_object($app)) { Logger::error('main', '(webservices/application) error final'); header('HTTP/1.1 404 Not Found'); die; } if ($app->getAttribute('static')) { if (!is_object(Abstract_Liaison::load('StaticApplicationServer', $app->getAttribute('id'), $buf->fqdn))) { Abstract_Liaison::save('StaticApplicationServer', $app->getAttribute('id'), $buf->fqdn); } } header('Content-Type: text/xml; charset=utf-8'); echo $app->toXML($buf); die;
public function addUserToProfile($user_, $profile_) { if (!is_object($user_)) { Logger::error('main', "ProfileDB::internal::addUserToProfile, parameter 'user' is not correct, user: "******"ProfileDB::internal::addUserToProfile, parameter 'profile' is not correct, profile: " . serialize($profile_)); return false; } return Abstract_Liaison::save('UserProfile', $user_->getAttribute('login'), $profile_->id); }
public function updateApplications() { Logger::debug('main', 'Server::updateApplications'); if (!is_array($this->roles) || !array_key_exists(Server::SERVER_ROLE_APS, $this->roles)) { Logger::critical('main', 'SERVER::updateApplications - Not an ApS'); return false; } if (!$this->isOnline()) { Logger::debug('main', 'Server::updateApplications server "' . $this->fqdn . ':' . $this->web_port . '" is not online'); return false; } $applicationDB = ApplicationDB::getInstance(); $xml = query_url($this->getBaseURL() . '/aps/applications'); if (!$xml) { $this->isUnreachable(); Logger::error('main', 'Server::updateApplications server \'' . $this->fqdn . '\' is unreachable'); return false; } if (!is_string($xml)) { Logger::error('main', 'Server::updateApplications invalid xml1'); return false; } if (substr($xml, 0, 5) == 'ERROR') { $this->returnedError(); Logger::error('main', 'Server::updateApplications invalid xml2'); return false; } if ($xml == '') { Logger::error('main', 'Server::updateApplications invalid xml3'); return false; } $dom = new DomDocument('1.0', 'utf-8'); @$dom->loadXML($xml); $root = $dom->documentElement; // before adding application, we remove all previous applications $previous_liaison = Abstract_Liaison::load('ApplicationServer', NULL, $this->fqdn); // see end of function $current_liaison_key = array(); $application_node = $dom->getElementsByTagName("application"); $sync_apps = array(); foreach ($application_node as $app_node) { $app_name = ''; $app_description = ''; $app_path_exe = ''; $app_path_args = NULL; $app_package = NULL; $app_desktopfile = NULL; if ($app_node->hasAttribute("name")) { $app_name = $app_node->getAttribute("name"); } if ($app_node->hasAttribute("description")) { $app_description = $app_node->getAttribute("description"); } if ($app_node->hasAttribute("package")) { $app_package = $app_node->getAttribute("package"); } if ($app_node->hasAttribute("desktopfile")) { $app_desktopfile = $app_node->getAttribute("desktopfile"); } $local_id = $app_node->getAttribute("id"); $exe_node = $app_node->getElementsByTagName('executable')->item(0); if ($exe_node->hasAttribute("command")) { $command = $exe_node->getAttribute("command"); $command = str_replace(array("%U", "%u", "%c", "%i", "%f", "%m"), "", $command); $app_path_exe = trim($command); } $mimetypes = array(); $mime_nodes = $app_node->getElementsByTagName('mime'); foreach ($mime_nodes as $mime_node) { if (!$mime_node->hasAttribute("type")) { continue; } $mimetypes[] = $mime_node->getAttribute("type"); } $a = new Application(NULL, $app_name, $app_description, $this->getAttribute('type'), $app_path_exe, $app_package, true, $app_desktopfile); $a->setMimeTypes($mimetypes); $a_search = $applicationDB->search($app_name, $app_description, $this->getAttribute('type'), $app_path_exe); if (is_object($a_search)) { //already in DB // echo $app_name." already in DB\n"; $a = $a_search; } else { // echo $app_name." NOT in DB\n"; if ($applicationDB->isWriteable() == false) { Logger::debug('main', 'Server::updateApplications applicationDB is not writeable'); } else { if ($applicationDB->add($a) == false) { //echo 'app '.$app_name." not insert<br>\n"; return false; } } } if ($applicationDB->isWriteable() == true) { if ($applicationDB->isOK($a) == true) { // we add the app to the server if (!is_object(Abstract_Liaison::load('ApplicationServer', $a->getAttribute('id'), $this->fqdn))) { $ret = Abstract_Liaison::save('ApplicationServer', $a->getAttribute('id'), $this->fqdn); if ($ret === false) { Logger::error('main', 'Server::updateApplications failed to save application'); return $ret; } } $current_liaison_key[] = $a->getAttribute('id'); } else { //echo "Application not ok<br>\n"; } } $sync_apps[$local_id] = $a->getAttribute('id'); } $previous_liaison_key = array_keys($previous_liaison); foreach ($previous_liaison_key as $key) { if (in_array($key, $current_liaison_key) == false) { $a = $applicationDB->import($key); if (is_null($a) || $a->getAttribute('static') == false) { Abstract_Liaison::delete('ApplicationServer', $key, $this->fqdn); } } } if (count($sync_apps) > 0) { $dom = new DomDocument('1.0', 'utf-8'); $applications_node = $dom->createElement('applications'); foreach ($sync_apps as $local_id => $id) { $application_node = $dom->createElement('application'); $application_node->setAttribute('id', $id); $application_node->setAttribute('local_id', $local_id); $applications_node->appendChild($application_node); } $dom->appendChild($applications_node); $xml = $dom->saveXML(); query_url_post_xml($this->getBaseURL() . '/aps/applications/ids', $xml); foreach ($sync_apps as $local_id => $id) { $a = $applicationDB->import($id); if (!is_object($a)) { continue; } if (!file_exists($a->getIconPathRW())) { $this->getApplicationIcon($a->getAttribute('id')); } } } return true; }
public function get_login() { Logger::debug('main', 'AuthMethod_SAML2::get_login()'); $my_settings = $this->prefs->get('AuthMethod', 'SAML2'); $saml_node = $this->user_node_request->getElementsByTagname('saml_ticket')->item(0); if (is_null($saml_node)) { Logger::error('main', 'Authentication SAML2: No incoming SAML ticket'); return NULL; } $saml_response_ticket = NULL; for ($child = $saml_node->firstChild; $child != NULL; $child = $child->nextSibling) { if ($child->nodeType != XML_TEXT_NODE) { Logger::error('main', 'Authentication SAML2: node is not text'); continue; } $saml_response_ticket = $child->wholeText; } if (is_null($saml_response_ticket)) { Logger::error('main', 'Authentication SAML2: No incoming SAML ticket (bad protocol)'); return NULL; } $settings = $this->build_saml_settings($my_settings['idp_url'], $my_settings['idp_fingerprint'], $my_settings['idp_cert']); try { $response = new OneLogin_Saml2_Response($settings, $saml_response_ticket); ob_start(); // Catch debug messages if (!$response->isValid()) { Logger::error('main', 'Authentication SAML2: the SAML response is not valid ' . ob_get_contents()); ob_end_clean(); return NULL; } ob_end_clean(); $sessionExpiration = $response->getSessionNotOnOrAfter(); if (!empty($sessionExpiration) && $sessionExpiration <= time() || !$response->validateTimestamps()) { Logger::error('main', 'Authentication SAML2: Session expired'); return NULL; } } catch (Exception $e) { Logger::error('main', 'Authentication SAML2: ' . $e->getMessage()); return NULL; } $attributes = $response->getAttributes(); $user = $this->userDB->import($response->getNameId()); if ($user == NULL) { Logger::error('main', 'Authentication SAML2: user not found'); throw new Exception(); } $login = $user->getAttribute('login'); // we recognize following attributes: // * ovd.group_member: for user group matching // * ovd.setting.*: for settings if (array_key_exists("ovd.group_member", $attributes) && is_array($attributes["ovd.group_member"])) { $userGroupDB = UserGroupDB::getInstance(); $to_delete = array(); $current_groups = array_keys(Abstract_Liaison::loadGroups('UsersGroup', $login)); foreach ($attributes["ovd.group_member"] as $group_name) { $found = false; list($groups, $sizelimit_exceeded) = $userGroupDB->getGroupsContains($group_name, array('name')); foreach ($groups as $group) { if ($group->name == $group_name) { $found = True; if (!in_array($group->getUniqueID(), $current_groups)) { Logger::info('main', 'Authentication SAML2: Add user "' . $login . '" to group "' . $group->name . '"'); $ret = Abstract_Liaison::save('UsersGroup', $login, $group->getUniqueID()); if ($ret !== true) { Logger::error('main', 'Authentication SAML2: Unable to add user "' . $login . '" to group "' . $group->name . '"'); throw new Exception(); } } else { unset($current_groups[array_search($group->getUniqueID(), $current_groups)]); } } } if (!$found) { Logger::error('main', 'Authentication SAML2: group "' . $group_name . '" not found'); throw new Exception(); } } foreach ($current_groups as $group) { Logger::info('main', 'Authentication SAML2: remove group "' . $group . '" from ' . $login); Abstract_Liaison::delete('UsersGroup', $login, $group); } } $prefs = Preferences::getInstance(); foreach ($attributes as $attribute => $value) { if (is_array($value) && count($value) == 1) { $value = $value[0]; } if (substr($attribute, 0, 12) == 'ovd.setting.') { $attribute = explode('.', $attribute); if (count($attribute) != 4) { Logger::error('main', 'Authentication SAML2: incorrect setting : "' . implode('.', $attribute) . '"'); throw new Exception(); } $container = $attribute[2]; $setting = $attribute[3]; $session_settings_defaults = $prefs->getElements('general', $container); if (!array_key_exists($setting, $session_settings_defaults)) { Logger::error('main', 'Authentication SAML2: setting "' . implode('.', $attribute) . '" does not exists'); throw new Exception(); } $config_element = clone $session_settings_defaults[$setting]; $ugp = new User_Preferences($login, 'general', $container, $setting, $config_element->content); Logger::info('main', 'Authentication SAML2: set setting "' . implode('.', $attribute) . '" to ' . str_replace("\n", "", print_r($value, true))); $ugp->value = $value; Abstract_User_Preferences::delete($login, 'general', $container, $setting); $ret = Abstract_User_Preferences::save($ugp); if (!$ret) { Logger::error('main', 'Authentication SAML2: impossible to save setting "' . implode('.', $attribute) . '"'); throw new Exception(); } } } // return true or false.. No redirection to any IdP. We must have a valid ticket at this point. No artifact method return $response->getNameId(); }
public function users_group_add_script($script_id_, $group_id_) { $this->check_authorized('manageScriptsGroups'); $ret = Abstract_Liaison::save('Scripts', $script_id_, $group_id_); return $ret === true; }