/** * Send the request and store the results. * * @return bool true on success, false on failure. */ protected function sendRequest() { phpCAS::traceBegin(); /********************************************************* * initialize the CURL session *********************************************************/ $ch = $this->_initAndConfigure(); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); phpCAS::log(var_dump($ch) . ' [' . basename($dbg[0]['file']) . ':' . $dbg[0]['line'] . ']'); /********************************************************* * Perform the query *********************************************************/ $buf = curl_exec($ch); if ($buf === false) { phpCAS::trace('curl_exec() failed'); $this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch)); $res = false; } else { $this->storeResponseBody($buf); phpCAS::trace("Response Body: \n" . $buf . "\n"); $res = true; } // close the CURL session curl_close($ch); phpCAS::traceEnd($res); return $res; }
/** * This method is used to print the HTML output when the user was not * authenticated. * * @param CAS_Client $client phpcas client * @param string $failure the failure that occured * @param string $cas_url the URL the CAS server was asked for * @param bool $no_response the response from the CAS server (other * parameters are ignored if TRUE) * @param bool $bad_response bad response from the CAS server ($err_code * and $err_msg ignored if TRUE) * @param string $cas_response the response of the CAS server * @param int $err_code the error code given by the CAS server * @param string $err_msg the error message given by the CAS server */ public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '') { phpCAS::traceBegin(); $lang = $client->getLangObj(); $client->printHTMLHeader($lang->getAuthenticationFailed()); printf($lang->getYouWereNotAuthenticated(), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: ' . $cas_url); phpCAS::trace('Authentication failure: ' . $failure); if ($no_response) { phpCAS::trace('Reason: no response from the CAS server'); } else { if ($bad_response) { phpCAS::trace('Reason: bad response from the CAS server'); } else { switch ($client->getServerVersion()) { case CAS_VERSION_1_0: phpCAS::trace('Reason: CAS error'); break; case CAS_VERSION_2_0: if (empty($err_code)) { phpCAS::trace('Reason: no CAS error'); } else { phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg); } break; } } phpCAS::trace('CAS response: ' . $cas_response); } $client->printHTMLFooter(); phpCAS::traceExit(); }
/** * Send the request and store the results. * * @return bool true on success, false on failure. */ protected function sendRequest() { phpCAS::traceBegin(); /********************************************************* * initialize the CURL session *********************************************************/ $ch = $this->_initAndConfigure(); /********************************************************* * Perform the query *********************************************************/ $buf = curl_exec($ch); if ($buf === false) { phpCAS::trace('curl_exec() failed'); $this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch)); $res = false; } else { $this->storeResponseBody($buf); phpCAS::trace("Response Body: \n" . $buf . "\n"); $res = true; } // close the CURL session curl_close($ch); phpCAS::traceEnd($res); return $res; }
/** * The constructor of the class, should be called only by inherited classes. * * @param CAS_Client $cas_parent the CAS _client instance that creates the * current object. * * @return void * * @protected */ function __construct($cas_parent) { phpCAS::traceBegin(); if (!$cas_parent->isProxy()) { phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); } phpCAS::traceEnd(); }
public function getSambaProxyTicket() { phpCAS::traceBegin(); if ($this->hasGot()) { throw new CAS_OutOfSequenceException('Cannot set the URL, request already sent.'); } $this->count = 1; $this->initializeProxyTicket(); phpCAS::traceEnd(); return $this->getProxyTicket(); }
/** * This method is used to initialize the storage. Halts on error. * * @public */ function init() { phpCAS::traceBegin(); // if the storage has already been initialized, return immediatly if ($this->isInitialized()) { return; } // call the ancestor's method (mark as initialized) parent::init(); // try to connect to the database $this->_link = DB::connect($this->getURL()); if (DB::isError($this->_link)) { phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')'); } var_dump($this->_link); phpCAS::traceBEnd(); }
/** * This method is used to add header parameters when rebroadcasting * pgtIou/pgtId or logoutRequest. * * @param String $header Header to send when rebroadcasting. * * @return void */ public static function addRebroadcastHeader($header) { phpCAS::traceBegin(); phpCAS::_validateClientExists(); try { self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); } catch (Exception $e) { phpCAS::error(get_class($e) . ': ' . $e->getMessage()); } phpCAS::traceEnd(); }
/** * Validate the proxies from the proxy ticket validation against the * chains that were definded. * * @param array $list List of proxies from the proxy ticket validation. * * @return if any chain fully matches the supplied list */ public function contains(array $list) { phpCAS::traceBegin(); $count = 0; foreach ($this->_chains as $chain) { phpCAS::trace("Checking chain " . $count++); if ($chain->matches($list)) { phpCAS::traceEnd(true); return true; } } phpCAS::trace("No proxy chain matches."); phpCAS::traceEnd(false); return false; }
/** * This method is used to initialize the storage. Halts on error. * * @public */ function init() { phpCAS::traceBegin(); // if the storage has already been initialized, return immediatly if ($this->isInitialized()) { return; } // call the ancestor's method (mark as initialized) parent::init(); //include phpDB library (the test was introduced in release 0.4.8 for //the integration into Tikiwiki). if (!class_exists('DB')) { include_once 'DB.php'; } // try to connect to the database $this->_link = DB::connect($this->getURL()); if (DB::isError($this->_link)) { phpCAS::error('could not connect to database (' . DB::errorMessage($this->_link) . ')'); } var_dump($this->_link); phpCAS::traceBEnd(); }
/** * This method reads a PGT corresponding to a PGT Iou and deletes the * corresponding file. * * @param $pgt_iou the PGT iou * * @return the corresponding PGT, or FALSE on error * * @public */ function read($pgt_iou) { phpCAS::traceBegin(); $pgt = FALSE; $fname = $this->getPGTIouFilename($pgt_iou); if (file_exists($fname)) { if (!($f = fopen($fname, "r"))) { phpCAS::trace('could not open `' . $fname . '\''); } else { if (($pgt = fgets($f)) === FALSE) { phpCAS::trace('could not read PGT from `' . $fname . '\''); } fclose($f); } // delete the PGT file @unlink($fname); } else { phpCAS::trace('No such file `' . $fname . '\''); } phpCAS::traceEnd($pgt); return $pgt; }
/** * Parse Cookies without PECL * From the comments in http://php.net/manual/en/function.http-parse-cookie.php * @param array $header An array of header lines. * @param string $defaultDomain The domain to use if none is specified in the cookie. * @return array of cookies */ protected function parseCookieHeaders($header, $defaultDomain) { phpCAS::traceBegin(); $cookies = array(); foreach ($header as $line) { if (preg_match('/^Set-Cookie2?: /i', $line)) { $cookies[] = $this->parseCookieHeader($line, $defaultDomain); } } phpCAS::traceEnd($cookies); return $cookies; }
/** * This method reads a PGT corresponding to a PGT Iou and deletes the * corresponding db entry. * * @param string $pgt_iou the PGT iou * * @return the corresponding PGT, or FALSE on error */ public function read($pgt_iou) { phpCAS::traceBegin(); $pgt = false; // initialize the PDO object for this method $pdo = $this->_getPdo(); $this->_setErrorMode(); try { $pdo->beginTransaction(); // fetch the pgt for the specified pgt_iou $query = $pdo->prepare($this->retrievePgtSql()); $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); $query->execute(); $pgt = $query->fetchColumn(0); $query->closeCursor(); // delete the specified pgt_iou from the database $query = $pdo->prepare($this->deletePgtSql()); $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); $query->execute(); $query->closeCursor(); $pdo->commit(); } catch (PDOException $e) { // attempt rolling back the transaction before throwing a phpCAS error try { $pdo->rollBack(); } catch (PDOException $e) { } phpCAS::trace('error reading PGT from database: ' . $e->getMessage()); } // reset the PDO object $this->_resetErrorMode(); phpCAS::traceEnd(); return $pgt; }
/** * Change CURL options. * CURL is used to connect through HTTPS to CAS server * @param $key the option key * @param $value the value to set */ function setExtraCurlOption($key, $value) { global $PHPCAS_CLIENT; phpCAS::traceBegin(); if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } $PHPCAS_CLIENT->setExtraCurlOption($key, $value); phpCAS::traceEnd(); }
/** * Send the request and store the results. * * @return boolean TRUE on success, FALSE on failure. */ protected function _sendRequest() { phpCAS::traceBegin(); /********************************************************* * initialize the CURL session *********************************************************/ $ch = curl_init($this->url); if (version_compare(PHP_VERSION, '5.1.3', '>=')) { //only avaible in php5 curl_setopt_array($ch, $this->curlOptions); } else { foreach ($this->curlOptions as $key => $value) { curl_setopt($ch, $key, $value); } } /********************************************************* * Set SSL configuration *********************************************************/ if ($this->caCertPath) { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($ch, CURLOPT_CAINFO, $this->caCertPath); phpCAS::trace('CURL: Set CURLOPT_CAINFO'); } else { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); } /********************************************************* * Configure curl to capture our output. *********************************************************/ // return the CURL output into a variable curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // get the HTTP header with a callback curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curlReadHeaders')); /********************************************************* * Add cookie headers to our request. *********************************************************/ if (count($this->cookies)) { $cookieStrings = array(); foreach ($this->cookies as $name => $val) { $cookieStrings[] = $name . '=' . $val; } curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookieStrings)); } /********************************************************* * Add any additional headers *********************************************************/ if (count($this->headers)) { curl_setopt($ch, CURLOPT_HTTPHEADER, $this->headers); } /********************************************************* * Flag and Body for POST requests *********************************************************/ if ($this->isPost) { curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $this->postBody); } /********************************************************* * Perform the query *********************************************************/ $buf = curl_exec($ch); if ($buf === FALSE) { phpCAS::trace('curl_exec() failed'); $this->storeErrorMessage('CURL error #' . curl_errno($ch) . ': ' . curl_error($ch)); $res = FALSE; } else { $this->storeResponseBody($buf); phpCAS::trace("Response Body: \n" . $buf . "\n"); $res = TRUE; } // close the CURL session curl_close($ch); phpCAS::traceEnd($res); return $res; }
/** * Open the IMAP stream (similar to imap_open()). * * @return resource Returns an IMAP stream on success * @throws CAS_OutOfSequenceException If called multiple times. * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. * The code of the Exception will be one of: * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE * PHPCAS_SERVICE_PT_FAILURE * @throws CAS_ProxiedService_Exception If there is a failure sending the request to the target service. */ public function open() { if ($this->hasBeenOpened()) { throw new CAS_OutOfSequenceException('Stream already opened.'); } if (empty($this->_mailbox)) { throw new CAS_ProxiedService_Exception('You must specify a mailbox via ' . get_class($this) . '->setMailbox($mailbox)'); } phpCAS::traceBegin(); // Get our proxy ticket and append it to our URL. $this->initializeProxyTicket(); phpCAS::trace('opening IMAP mailbox `' . $this->_mailbox . '\'...'); $this->_stream = @imap_open($this->_mailbox, $this->_username, $this->getProxyTicket(), $this->_options); if ($this->_stream) { phpCAS::trace('ok'); } else { phpCAS::trace('could not open mailbox'); // @todo add localization integration. $message = 'IMAP Error: ' . $url . ' ' . var_export(imap_errors(), true); phpCAS::trace($message); throw new CAS_ProxiedService_Exception($message); } phpCAS::traceEnd(); return $this->_stream; }
/** * This method is used to add header parameters when rebroadcasting * pgtIou/pgtId or logoutRequest. * * @param String $header Header to send when rebroadcasting. * * @return void */ public static function addRebroadcastHeader($header) { phpCAS::traceBegin(); if (!is_object(self::$_PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); phpCAS::traceEnd(); }
/** * Perform the request. * * @return void * @throws CAS_OutOfSequenceException If called multiple times. * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. * The code of the Exception will be one of: * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE * PHPCAS_SERVICE_PT_FAILURE * @throws CAS_ProxiedService_Exception If there is a failure sending the * request to the target service. */ public function send() { if ($this->hasBeenSent()) { throw new CAS_OutOfSequenceException('Cannot send, request already sent.'); } phpCAS::traceBegin(); // Get our proxy ticket and append it to our URL. $this->initializeProxyTicket(); $url = $this->getServiceUrl(); if (strstr($url, '?') === false) { $url = $url . '?ticket=' . $this->getProxyTicket(); } else { $url = $url . '&ticket=' . $this->getProxyTicket(); } try { $this->makeRequest($url); } catch (Exception $e) { phpCAS::traceEnd(); throw $e; } }
/** * This method rebroadcasts logout/pgtIou requests. Can be LOGOUT,PGTIOU * * @param int $type type of rebroadcasting. * * @return void */ private function _rebroadcast($type) { phpCAS::traceBegin(); $rebroadcast_curl_options = array(CURLOPT_FAILONERROR => 1, CURLOPT_FOLLOWLOCATION => 1, CURLOPT_RETURNTRANSFER => 1, CURLOPT_CONNECTTIMEOUT => 1, CURLOPT_TIMEOUT => 4); // Try to determine the IP address of the server if (!empty($_SERVER['SERVER_ADDR'])) { $ip = $_SERVER['SERVER_ADDR']; } else { if (!empty($_SERVER['LOCAL_ADDR'])) { // IIS 7 $ip = $_SERVER['LOCAL_ADDR']; } } // Try to determine the DNS name of the server if (!empty($ip)) { $dns = gethostbyaddr($ip); } $multiClassName = 'CAS_Request_CurlMultiRequest'; $multiRequest = new $multiClassName(); for ($i = 0; $i < sizeof($this->_rebroadcast_nodes); $i++) { if ($this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::HOSTNAME && !empty($dns) && stripos($this->_rebroadcast_nodes[$i], $dns) === false || $this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::IP && !empty($ip) && stripos($this->_rebroadcast_nodes[$i], $ip) === false) { phpCAS::trace('Rebroadcast target URL: ' . $this->_rebroadcast_nodes[$i] . $_SERVER['REQUEST_URI']); $className = $this->_requestImplementation; $request = new $className(); $url = $this->_rebroadcast_nodes[$i] . $_SERVER['REQUEST_URI']; $request->setUrl($url); if (count($this->_rebroadcast_headers)) { $request->addHeaders($this->_rebroadcast_headers); } $request->makePost(); if ($type == self::LOGOUT) { // Logout request $request->setPostBody('rebroadcast=false&logoutRequest=' . $_POST['logoutRequest']); } else { if ($type == self::PGTIOU) { // pgtIou/pgtId rebroadcast $request->setPostBody('rebroadcast=false'); } } $request->setCurlOptions($rebroadcast_curl_options); $multiRequest->addRequest($request); } else { phpCAS::trace('Rebroadcast not sent to self: ' . $this->_rebroadcast_nodes[$i] . ' == ' . (!empty($ip) ? $ip : '') . '/' . (!empty($dns) ? $dns : '')); } } // We need at least 1 request if ($multiRequest->getNumRequests() > 0) { $multiRequest->send(); } phpCAS::traceEnd(); }
/** * Set the fixed URL that will be set as the CAS service parameter. When this * method is not called, a phpCAS script uses its own URL. * * @param $url the URL */ function setFixedServiceURL($url) { global $PHPCAS_CLIENT; phpCAS::traceBegin(); if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::proxy()'); } if (gettype($url) != 'string') { phpCAS::error('type mismatched for parameter $url (should be `string\')'); } $PHPCAS_CLIENT->setURL($url); phpCAS::traceEnd(); }
/** * This method is used to print the HTML output when the user was not authenticated. * * @param $failure the failure that occured * @param $cas_url the URL the CAS server was asked for * @param $no_response the response from the CAS server (other * parameters are ignored if TRUE) * @param $bad_response bad response from the CAS server ($err_code * and $err_msg ignored if TRUE) * @param $cas_response the response of the CAS server * @param $err_code the error code given by the CAS server * @param $err_msg the error message given by the CAS server * * @private */ function authError($failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '') { phpCAS::traceBegin(); $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_FAILED)); printf($this->getString(CAS_STR_YOU_WERE_NOT_AUTHENTICATED), $this->getURL(), $_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: ' . $cas_url); phpCAS::trace('Authentication failure: ' . $failure); if ($no_response) { phpCAS::trace('Reason: no response from the CAS server'); } else { if ($bad_response) { phpCAS::trace('Reason: bad response from the CAS server'); } else { switch ($this->getServerVersion()) { case CAS_VERSION_1_0: phpCAS::trace('Reason: CAS error'); break; case CAS_VERSION_2_0: if (empty($err_code)) { phpCAS::trace('Reason: no CAS error'); } else { phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg); } break; } } phpCAS::trace('CAS response: ' . $cas_response); } $this->printHTMLFooter(); phpCAS::traceExit(); exit; }
/** * This method is used to logout from CAS. Halts by redirecting to the CAS server. * @param $url a URL that will be transmitted to the CAS server (to come back to when logged out) */ function logout($url = "") { global $PHPCAS_CLIENT; phpCAS::traceBegin(); if (!is_object($PHPCAS_CLIENT)) { phpCAS::error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); } $PHPCAS_CLIENT->logout($url); // never reached phpCAS::traceEnd(); }