/** * Hook to do sanitycheck * * @param array &$hookinfo hookinfo */ function core_hook_sanitycheck(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("errors", $hookinfo)'); assert('array_key_exists("info", $hookinfo)'); $config = SimpleSAML_Configuration::getInstance(); if ($config->getString('auth.adminpassword', '123') === '123') { $hookinfo['errors'][] = '[core] Password in config.php is not set properly'; } else { $hookinfo['info'][] = '[core] Password in config.php is set properly'; } if ($config->getString('technicalcontact_email', '*****@*****.**') === '*****@*****.**') { $hookinfo['errors'][] = '[core] In config.php technicalcontact_email is not set properly'; } else { $hookinfo['info'][] = '[core] In config.php technicalcontact_email is set properly'; } if (version_compare(phpversion(), '5.3', '>=')) { $hookinfo['info'][] = '[core] You are running a PHP version suitable for SimpleSAMLphp.'; } else { $hookinfo['errors'][] = '[core] You are running an old PHP installation. Please check the requirements for your SimpleSAMLphp version and upgrade.'; } $info = array(); $mihookinfo = array('info' => &$info); $availmodules = SimpleSAML\Module::getModules(); SimpleSAML\Module::callHooks('moduleinfo', $mihookinfo); foreach ($info as $mi => $i) { if (isset($i['dependencies']) && is_array($i['dependencies'])) { foreach ($i['dependencies'] as $dep) { if (!in_array($dep, $availmodules)) { $hookinfo['errors'][] = '[core] Module dependency not met: ' . $mi . ' requires ' . $dep; } } } } }
/** * Hook to run a cron job. * * @param array &$croninfo Output */ function sanitycheck_hook_cron(&$croninfo) { assert('is_array($croninfo)'); assert('array_key_exists("summary", $croninfo)'); assert('array_key_exists("tag", $croninfo)'); SimpleSAML\Logger::info('cron [sanitycheck]: Running cron in cron tag [' . $croninfo['tag'] . '] '); try { $sconfig = SimpleSAML_Configuration::getOptionalConfig('config-sanitycheck.php'); $cronTag = $sconfig->getString('cron_tag', null); if ($cronTag === null || $cronTag !== $croninfo['tag']) { return; } $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML\Module::callHooks('sanitycheck', $hookinfo); if (count($errors) > 0) { foreach ($errors as $err) { $croninfo['summary'][] = 'Sanitycheck error: ' . $err; } } } catch (Exception $e) { $croninfo['summary'][] = 'Error executing sanity check: ' . $e->getMessage(); } }
/** * Hook to inject HTML content into all pages... * * @param array &$hookinfo hookinfo */ function portal_hook_htmlinject(&$hookinfo) { assert('is_array($hookinfo)'); assert('array_key_exists("pre", $hookinfo)'); assert('array_key_exists("post", $hookinfo)'); assert('array_key_exists("page", $hookinfo)'); $links = array('links' => array()); SimpleSAML\Module::callHooks('frontpage', $links); $portalConfig = SimpleSAML_Configuration::getOptionalConfig('module_portal.php'); $allLinks = array(); foreach ($links as $ls) { $allLinks = array_merge($allLinks, $ls); } $pagesets = $portalConfig->getValue('pagesets', array(array('frontpage_welcome', 'frontpage_config', 'frontpage_auth', 'frontpage_federation'))); SimpleSAML\Module::callHooks('portalextras', $pagesets); $portal = new sspmod_portal_Portal($allLinks, $pagesets); if (!$portal->isPortalized($hookinfo['page'])) { return; } // Include jquery UI CSS files in header $hookinfo['jquery']['css'] = TRUE; // Header $hookinfo['pre'][] = '<div id="portalmenu" class="ui-tabs ui-widget ui-widget-content ui-corner-all">' . $portal->getMenu($hookinfo['page']) . '<div id="portalcontent" class="ui-tabs-panel ui-widget-content ui-corner-bottom">'; // Footer $hookinfo['post'][] = '</div></div>'; }
function SimpleSAML_exception_handler($exception) { SimpleSAML\Module::callHooks('exception_handler', $exception); if ($exception instanceof SimpleSAML_Error_Error) { $exception->show(); } elseif ($exception instanceof Exception) { $e = new SimpleSAML_Error_Error('UNHANDLEDEXCEPTION', $exception); $e->show(); } else { if (class_exists('Error') && $exception instanceof Error) { $code = $exception->getCode(); $errno = $code > 0 ? $code : E_ERROR; $errstr = $exception->getMessage(); $errfile = $exception->getFile(); $errline = $exception->getLine(); SimpleSAML_error_handler($errno, $errstr, $errfile, $errline); } } }
} $loginurl = SimpleSAML\Utils\Auth::getAdminLoginURL(); $isadmin = SimpleSAML\Utils\Auth::isAdmin(); $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); if ($config->getBoolean('idpdisco.enableremember', FALSE)) { $links_federation[] = array('href' => 'cleardiscochoices.php', 'text' => '{core:frontpage:link_cleardiscochoices}'); } $links_federation[] = array('href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/metadata-converter.php', 'text' => '{core:frontpage:link_xmlconvert}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML\Module::callHooks('frontpage', $allLinks); $metadataHosted = array(); SimpleSAML\Module::callHooks('metadata_hosted', $metadataHosted); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $metaentries = array('hosted' => $metadataHosted, 'remote' => array()); if ($isadmin) { $metaentries['remote']['saml20-idp-remote'] = $metadata->getList('saml20-idp-remote'); $metaentries['remote']['shib13-idp-remote'] = $metadata->getList('shib13-idp-remote'); } if ($config->getBoolean('enable.saml20-idp', FALSE) === true) { try { $metaentries['hosted']['saml20-idp'] = $metadata->getMetaDataCurrent('saml20-idp-hosted'); $metaentries['hosted']['saml20-idp']['metadata-url'] = $config->getBasePath() . 'saml2/idp/metadata.php?output=xhtml'; if ($isadmin) { $metaentries['remote']['saml20-sp-remote'] = $metadata->getList('saml20-sp-remote'); } } catch (Exception $e) { }
function getLoginInfo($t, $thispage) { $info = array('info' => '', 'template' => $t, 'thispage' => $thispage); SimpleSAML\Module::callHooks('portalLoginInfo', $info); return $info['info']; }
<?php /** * Support the htmlinject hook, which allows modules to change header, pre and post body on all pages. */ $this->data['htmlinject'] = array('htmlContentPre' => array(), 'htmlContentPost' => array(), 'htmlContentHead' => array()); $jquery = array(); if (array_key_exists('jquery', $this->data)) { $jquery = $this->data['jquery']; } if (array_key_exists('pageid', $this->data)) { $hookinfo = array('pre' => &$this->data['htmlinject']['htmlContentPre'], 'post' => &$this->data['htmlinject']['htmlContentPost'], 'head' => &$this->data['htmlinject']['htmlContentHead'], 'jquery' => &$jquery, 'page' => $this->data['pageid']); SimpleSAML\Module::callHooks('htmlinject', $hookinfo); } // - o - o - o - o - o - o - o - o - o - o - o - o - /** * Do not allow to frame SimpleSAMLphp pages from another location. * This prevents clickjacking attacks in modern browsers. * * If you don't want any framing at all you can even change this to * 'DENY', or comment it out if you actually want to allow foreign * sites to put SimpleSAMLphp in a frame. The latter is however * probably not a good security practice. */ header('X-Frame-Options: SAMEORIGIN'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1.0" />
} if (extension_loaded('suhosin')) { $suhosinLength = ini_get('suhosin.get.max_value_length'); if (empty($suhosinLength) || (int) $suhosinLength < 2048) { $warnings[] = '{core:frontpage:warnings_suhosin_url_length}'; } } $links = array(); $links_welcome = array(); $links_config = array(); $links_auth = array(); $links_federation = array(); $links_config[] = array('href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/hostnames.php', 'text' => '{core:frontpage:link_diagnostics}'); $links_config[] = array('href' => \SimpleSAML\Utils\HTTP::getBaseURL() . 'admin/phpinfo.php', 'text' => '{core:frontpage:link_phpinfo}'); $allLinks = array('links' => &$links, 'welcome' => &$links_welcome, 'config' => &$links_config, 'auth' => &$links_auth, 'federation' => &$links_federation); SimpleSAML\Module::callHooks('frontpage', $allLinks); // Check for updates. Store the remote result in the session so we // don't need to fetch it on every access to this page. $current = $config->getVersion(); if ($config->getBoolean('admin.checkforupdates', true) && $current !== 'master') { $latest = $session->getData("core:latest_simplesamlphp_version", "version"); if (!$latest) { $api_url = 'https://api.github.com/repos/simplesamlphp/simplesamlphp/releases'; $ch = curl_init($api_url . '/latest'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERAGENT, 'SimpleSAMLphp'); curl_setopt($ch, CURLOPT_TIMEOUT, 2); $response = curl_exec($ch); if (curl_getinfo($ch, CURLINFO_HTTP_CODE) === 200) { $latest = json_decode($response, true); $session->setData("core:latest_simplesamlphp_version", "version", $latest);
<?php $config = SimpleSAML_Configuration::getInstance(); $info = array(); $errors = array(); $hookinfo = array('info' => &$info, 'errors' => &$errors); SimpleSAML\Module::callHooks('sanitycheck', $hookinfo); if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'text') { if (count($errors) === 0) { echo 'OK'; } else { echo 'FAIL'; } exit; } $t = new SimpleSAML_XHTML_Template($config, 'sanitycheck:check-tpl.php'); $t->data['pageid'] = 'sanitycheck'; $t->data['errors'] = $errors; $t->data['info'] = $info; $t->show();
} } SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); } // Prepare attributes for presentation $attributes = $state['Attributes']; $noconsentattributes = $state['consent:noconsentattributes']; // Remove attributes that do not require consent foreach ($attributes as $attrkey => $attrval) { if (in_array($attrkey, $noconsentattributes)) { unset($attributes[$attrkey]); } } $para = array('attributes' => &$attributes); // Reorder attributes according to attributepresentation hooks SimpleSAML\Module::callHooks('attributepresentation', $para); // Make, populate and layout consent form $t = new SimpleSAML_XHTML_Template($globalConfig, 'consent:consentform.php'); $t->data['srcMetadata'] = $state['Source']; $t->data['dstMetadata'] = $state['Destination']; $t->data['yesTarget'] = SimpleSAML\Module::getModuleURL('consent/getconsent.php'); $t->data['yesData'] = array('StateId' => $id); $t->data['noTarget'] = SimpleSAML\Module::getModuleURL('consent/noconsent.php'); $t->data['noData'] = array('StateId' => $id); $t->data['attributes'] = $attributes; $t->data['checked'] = $state['consent:checked']; // Fetch privacypolicy if (array_key_exists('privacypolicy', $state['Destination'])) { $privacypolicy = $state['Destination']['privacypolicy']; } elseif (array_key_exists('privacypolicy', $state['Source'])) { $privacypolicy = $state['Source']['privacypolicy'];
if ($_REQUEST['key'] !== $cronconfig->getValue('key')) { SimpleSAML\Logger::error('Cron - Wrong key provided. Cron will not run.'); exit; } } if (!is_null($cronconfig->getValue('allowed_tags'))) { if (!in_array($_REQUEST['tag'], $cronconfig->getValue('allowed_tags'))) { SimpleSAML\Logger::error('Cron - Illegal tag [' . $_REQUEST['tag'] . '].'); exit; } } $summary = array(); $croninfo = array('summary' => &$summary, 'tag' => $_REQUEST['tag']); $url = \SimpleSAML\Utils\HTTP::getSelfURL(); $time = date(DATE_RFC822); SimpleSAML\Module::callHooks('cron', $croninfo); foreach ($summary as $s) { SimpleSAML\Logger::debug('Cron - Summary: ' . $s); } if ($cronconfig->getValue('sendemail', TRUE) && count($summary) > 0) { $message = '<h1>Cron report</h1><p>Cron ran at ' . $time . '</p>' . '<p>URL: <tt>' . $url . '</tt></p>' . '<p>Tag: ' . $croninfo['tag'] . "</p>\n\n" . '<ul><li>' . join('</li><li>', $summary) . '</li></ul>'; $toaddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toaddress == '*****@*****.**') { SimpleSAML\Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { // Use $toaddress for both TO and FROM $email = new SimpleSAML_XHTML_EMail($toaddress, 'SimpleSAMLphp cron report', $toaddress); $email->setBody($message); $email->send(); } }