/** * Initialize CAS client * */ private function cas_init() { if (!$this->cas_inited) { // retrieve configurations $cfg = rcmail::get_instance()->config->all(); // include phpCAS require_once('/usr/share/php/CAS/CAS.php'); phpCAS::setDebug('/var/log/lcs/casdebug.log'); // initialize CAS client if ($cfg['cas_proxy']) { phpCAS::proxy(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); // set URL for PGT callback phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback'))); // set PGT storage #phpCAS::setPGTStorageFile('xml', $cfg['cas_pgt_dir']); phpCAS::setPGTStorageFile($cfg['cas_pgt_dir']); } else { phpCAS::client(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); } // set service URL for authorization with CAS server phpCAS::setFixedServiceURL($this->generate_url(array('action' => 'login', 'task' => 'mail'))); // set SSL validation for the CAS server if ($cfg['cas_validation'] == 'self') { phpCAS::setCasServerCert($cfg['cas_cert']); } else if ($cfg['cas_validation'] == 'ca') { phpCAS::setCasServerCACert($cfg['cas_cert']); } else { phpCAS::setNoCasServerValidation(); } // set login and logout URLs of the CAS server phpCAS::setServerLoginURL($cfg['cas_login_url']); phpCAS::setServerLogoutURL($cfg['cas_logout_url']); $this->cas_inited = true; } }
/** * Constructor * * Carry out sanity checks to ensure the object is * able to operate. Set capabilities. * * @author Fabian Bircher <*****@*****.**> */ public function __construct() { parent::__construct(); global $config_cascade; global $conf; // allow the preloading to configure other user files if (isset($config_cascade['plaincasauth.users']) && isset($config_cascade['plaincasauth.users']['default'])) { $this->casuserfile = $config_cascade['plaincasauth.users']['default']; } else { $this->casuserfile = DOKU_CONF . 'users.auth.plaincas.php'; } $this->localuserfile = $config_cascade['plainauth.users']['default']; // check the state of the file with the users and attempt to create it. if (!@is_readable($this->casuserfile)) { if (!fopen($this->casuserfile, 'w')) { msg("plainCAS: The CAS users file could not be opened.", -1); $this->success = false; } elseif (!@is_readable($this->casuserfile)) { $this->success = false; } else { $this->success = true; } // die( "bitch!" ); } if ($this->success) { // the users are not managable through the wiki $this->cando['addUser'] = false; $this->cando['delUser'] = true; $this->cando['modLogin'] = false; //keep this false as CAS name is constant $this->cando['modPass'] = false; $this->cando['modName'] = false; $this->cando['modMail'] = false; $this->cando['modGroups'] = false; $this->cando['getUsers'] = true; $this->cando['getUserCount'] = true; $this->cando['external'] = preg_match("#(bot)|(slurp)|(netvibes)#i", $_SERVER['HTTP_USER_AGENT']) ? false : true; //Disable CAS redirection for bots/crawlers/readers $this->cando['login'] = true; $this->cando['logout'] = true; $this->cando['logoff'] = true; // The default options which need to be set in the settins file. $defaults = array('logFile' => NULL, 'cert' => NULL, 'cacert' => NULL, 'debug' => false, 'settings_file' => DOKU_CONF . 'plaincas.settings.php', 'defaultgroup' => $conf['defaultgroup'], 'superuser' => $conf['superuser']); $this->_options = (array) $conf['plugin']['authplaincas'] + $defaults; // Options are set in the configuration and have a proper default value there. $this->_options['server'] = $this->getConf('server'); $this->_options['rootcas'] = $this->getConf('rootcas'); $this->_options['port'] = $this->getConf('port'); $this->_options['samlValidate'] = $this->getConf('samlValidate'); $this->_options['autologin'] = $this->getConf('autologinout'); // $this->getConf('autologin'); $this->_options['caslogout'] = $this->getConf('autologinout'); // $this->getConf('caslogout'); $this->_options['handlelogoutrequest'] = $this->getConf('handlelogoutrequest'); $this->_options['handlelogoutrequestTrustedHosts'] = $this->getConf('handlelogoutrequestTrustedHosts'); $this->_options['minimalgroups'] = $this->getConf('minimalgroups'); $this->_options['localusers'] = $this->getConf('localusers'); // $this->_options['defaultgroup'] = $this->getConf('defaultgroup'); // $this->_options['superuser'] = $this->getConf('superuser'); // no local users at the moment $this->_options['localusers'] = false; if ($this->_options['localusers'] && !@is_readable($this->localuserfile)) { msg("plainCAS: The local users file is not readable.", -1); $this->success = false; } if ($this->_getOption("logFile")) { phpCAS::setDebug($this->_getOption("logFile")); } //If $conf['auth']['cas']['logFile'] exist we start phpCAS in debug mode $server_version = CAS_VERSION_2_0; if ($this->_getOption("samlValidate")) { $server_version = SAML_VERSION_1_1; } phpCAS::client($server_version, $this->_getOption('server'), (int) $this->_getOption('port'), $this->_getOption('rootcas'), true); //Note the last argument true, to allow phpCAS to change the session_id so he will be able to destroy the session after a CAS logout request - Enable Single Sign Out // curl extension is needed if (!function_exists('curl_init')) { if ($this->_getOption('debug')) { msg("CAS err: CURL extension not found.", -1, __LINE__, __FILE__); } $this->success = false; return; } // automatically log the user when there is a cas session opened if ($this->_getOption('autologin')) { phpCAS::setCacheTimesForAuthRecheck(1); } else { phpCAS::setCacheTimesForAuthRecheck(-1); } if ($this->_getOption('cert')) { phpCAS::setCasServerCert($this->_getOption('cert')); } elseif ($this->_getOption('cacert')) { phpCAS::setCasServerCACert($this->_getOption('cacert')); } else { phpCAS::setNoCasServerValidation(); } if ($this->_getOption('handlelogoutrequest')) { phpCAS::handleLogoutRequests(true, $this->_getOption('handlelogoutrequestTrustedHosts')); } else { phpCAS::handleLogoutRequests(false); } if (@is_readable($this->_getOption('settings_file'))) { include_once $this->_getOption('settings_file'); } else { include_once DOKU_PLUGIN . 'authplaincas/plaincas.settings.php'; } } // }