/** * \brief test for siteminder_check() */ function test_siteminder_check() { $_SERVER['HTTP_SMUNIVERSALID'] = NULL; $result = siteminder_check(); $this->assertEquals("-1", $result); $_SERVER['HTTP_SMUNIVERSALID'] = "Test Siteminder"; $result = siteminder_check(); $this->assertEquals("Test Siteminder", $result); }
/** * \brief This is where the magic for * Authentication happens. */ function PostInitialize() { global $SysConf; /* if Site Minder enabled core-auth will be disabled*/ if (siteminder_check() != -1) { return 0; } if (!$this->session->isStarted()) { $this->session->setName('Login'); $this->session->start(); } if (array_key_exists('selectMemberGroup', $_POST)) { $selectedGroupId = intval($_POST['selectMemberGroup']); $this->userDao->setDefaultGroupMembership(intval($_SESSION[Auth::USER_ID]), $selectedGroupId); $_SESSION[Auth::GROUP_ID] = $selectedGroupId; $this->session->set(Auth::GROUP_ID, $selectedGroupId); $SysConf['auth'][Auth::GROUP_ID] = $selectedGroupId; } if (array_key_exists(Auth::USER_ID, $_SESSION)) { $SysConf['auth'][Auth::USER_ID] = $_SESSION[Auth::USER_ID]; } if (array_key_exists(Auth::GROUP_ID, $_SESSION)) { $SysConf['auth'][Auth::GROUP_ID] = $_SESSION[Auth::GROUP_ID]; } $Now = time(); if (!empty($_SESSION['time'])) { /* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */ if (@$_SESSION['time'] + 60 * 480 < $Now) { $this->updateSession(""); } } $_SESSION['time'] = $Now; if (empty($_SESSION['ip'])) { $_SESSION['ip'] = $this->getIP(); } else { if (@$_SESSION['checkip'] == 1 && @$_SESSION['ip'] != $this->getIP()) { /* Sessions are not transferable. */ $this->updateSession(""); $_SESSION['ip'] = $this->getIP(); } } if (@$_SESSION[Auth::USER_NAME]) { /* Recheck the user in case he is suddenly blocked or changed. */ if (empty($_SESSION['time_check'])) { $_SESSION['time_check'] = time() + 480 * 60; } if (time() >= @$_SESSION['time_check']) { $row = $this->userDao->getUserAndDefaultGroupByUserName(@$_SESSION[Auth::USER_NAME]); /* Check for instant logouts */ if (empty($row['user_pass'])) { $row = ""; } $this->updateSession($row); } } else { $this->updateSession(""); } /* Disable all plugins with >= level access */ plugin_disable($_SESSION[Auth::USER_LEVEL]); $this->State = PLUGIN_STATE_READY; }
/** * \brief Generate the text for this plugin. */ function Output() { if ($this->State != PLUGIN_STATE_READY) { return; } global $PG_CONN; global $PERM_NAMES; $V = ""; switch ($this->OutputType) { case "XML": break; case "HTML": /* If this is a POST, then process the request. */ $User = GetParm('username', PARM_TEXT); if (!empty($User)) { $rc = $this->Edit(); if (empty($rc)) { /* Need to refresh the screen */ $text = _("User information updated."); $V .= displayMessage($text); } else { $V .= displayMessage($rc); } } // Get the user data $sql = "SELECT * FROM users WHERE user_pk='" . @$_SESSION['UserId'] . "';"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); $R = pg_fetch_assoc($result); pg_free_result($result); /* Build HTML form */ $V .= "<form name='formy' method='POST'>\n"; // no url = this url /* if login by siteminder, didn't show this in page*/ if (siteminder_check() == -1) { $V .= _("You <font color='red'>must</font> provide your current password in order to make any changes.<br />\n"); $text = _("Enter your password"); $V .= "{$text}: <input type='password' name='pass0' size=20>\n"; $V .= "<hr>\n"; } $V .= _("To change user information, edit the following fields. You do not need to edit every field. Only fields with edits will be changed.<P />\n"); $Style = "<tr><td colspan=2 style='background:black;'></td></tr><tr>"; $V .= "<table style='border:1px solid black; text-align:left; background:lightyellow;' width='100%'>"; $Val = htmlentities($R['user_name'], ENT_QUOTES); $text = _("Username"); $V .= "{$Style}<th width='25%'>{$text}</th>"; $V .= "<td><input type='text' value='{$Val}' name='username' size=20></td>\n"; $V .= "</tr>\n"; $Val = htmlentities($R['user_desc'], ENT_QUOTES); $text = _("Description, full name, contact, etc. (optional) "); $V .= "{$Style}<th>{$text}</th>\n"; $V .= "<td><input type='text' name='description' value='{$Val}' size=60></td>\n"; $V .= "</tr>\n"; $Val = htmlentities($R['user_email'], ENT_QUOTES); $text = _("Email address (optional)"); $V .= "{$Style}<th>{$text}</th>\n"; $V .= "<td><input type='text' name='email' value='{$Val}' size=60></td>\n"; $V .= "</tr>\n"; $text = _("Password"); $text1 = _("Re-enter password"); $V .= "{$Style}<th>{$text}<br>{$text1}</th><td>"; $V .= "<input type='password' name='pass1' size=20><br />\n"; $V .= "<input type='password' name='pass2' size=20></td>\n"; $V .= "</tr>\n"; if (empty($R['email_notify'])) { $Checked = ""; } else { $Checked = "checked='checked'"; } $text = _("E-mail Notification"); $V .= "{$Style}<th>{$text}</th><td>\n"; $V .= "<input name='emailnotify' type='checkbox' {$Checked}>"; $V .= "</tr>\n"; if (@$_SESSION['UserLevel'] > PLUGIN_DB_READ) { $text = _("Default scans"); $V .= "{$Style}<th>{$text}\n</th><td>\n"; /* * added this code so the form makes sense. You can have an admin define default agents * but if you don't have Analyze or better permissions, then those agents are not available to * you! With out this code the default agent text was there, but nothing else... this way * the form at least makes sense. Turns out agent unpack is always around so both * conditions must be checked. */ $AgentList = menu_find("Agents", $Depth); if (!empty($AgentList)) { foreach ($AgentList as $AgentItem) { $uri = $AgentItem->URI; } if ($uri == "agent_unpack" && count($AgentList) == 1) { $text = _("You do not have permission to change your default agents"); $V .= "<h3>{$text}</h3>\n"; } else { $V .= AgentCheckBoxMake(-1, array("agent_unpack", "agent_adj2nest", "wget_agent")); } } $V .= "</td></tr>\n"; $text = _("Default bucketpool"); $V .= "{$Style}<th>{$text}</th>"; $V .= "<td>"; $Val = htmlentities($R['default_bucketpool_fk'], ENT_QUOTES); $V .= SelectBucketPool($Val); $V .= "</td>"; $V .= "</tr>\n"; /* /****** New Upload Group ****** / / * Get master array of groups * / $sql = "select group_pk, group_name from groups order by group_name"; $groupresult = pg_query($PG_CONN, $sql); DBCheckResult($groupresult, $sql, __FILE__, __LINE__); $GroupArray = array(); while ($GroupRow = pg_fetch_assoc($groupresult)) $GroupArray[$GroupRow['group_pk']] = $GroupRow['group_name']; pg_free_result($groupresult); $text = _("Group to give access permission for every new upload"); $V.= "$Style<th>$text</th>"; $V.= "<td>"; $V .= Array2SingleSelect($GroupArray, "new_upload_group_fk", $R['new_upload_group_fk'], true, false); $V.= "</td>"; $V .= "</tr>\n"; / ****** New Upload Permissions ****** / $text = _("Access Permission to give the above group"); $V.= "$Style<th>$text</th>"; $V.= "<td>"; $Selected = (empty($R['new_upload_perm'])) ? -1 : $R['new_upload_perm']; $V .= Array2SingleSelect($PERM_NAMES, "new_upload_perm", $Selected, true, false); $V.= "</td>"; $V .= "</tr>\n"; */ } $V .= "</table><P />"; $text = _("Update Account"); $V .= "<input type='submit' value='{$text}'>\n"; $V .= "</form>\n"; break; case "Text": break; default: break; } if (!$this->OutputToStdout) { return $V; } print "{$V}"; return; }
/** * \brief generate the output for this plug-in */ function Output() { global $SysConf; if ($this->State != PLUGIN_STATE_READY) { return; } $V = ""; if (siteminder_check() == -1) { return; } $UID = siteminder_check(); if ($this->OutputType == "HTML") { /* TODO:logout need to clear SiteMinder session */ $_SESSION['User'] = NULL; $_SESSION[Auth::USER_ID] = NULL; $SysConf['auth'][Auth::USER_ID] = NULL; $_SESSION[Auth::USER_LEVEL] = NULL; $_SESSION['UserEmail'] = NULL; $_SESSION['Folder'] = NULL; $_SESSION['UiPref'] = NULL; $Uri = Traceback_uri() . "logout.html?" . rand(); //$Uri = Traceback_uri() . "?mod=refresh&remod=default"; $V .= "<script language='javascript'>\n"; $V .= "window.open('{$Uri}','_top');\n"; $V .= "</script>\n"; } if (!$this->OutputToStdout) { return $V; } print $V; return; }
/** * \brief This is where the magic for * Authentication happens. */ function PostInitialize() { global $Plugins; global $PG_CONN; global $SysConf; if (empty($PG_CONN)) { return 0; } /* if Site Minder enabled core-auth will be disabled*/ if (siteminder_check() != -1) { return 0; } session_name("Login"); $mysess = session_id(); if (empty($mysess)) { session_start(); } if (array_key_exists('UserId', $_SESSION)) { $SysConf['auth']['UserId'] = $_SESSION['UserId']; } $Now = time(); if (!empty($_SESSION['time'])) { /* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */ if (@$_SESSION['time'] + 60 * 480 < $Now) { $this->UpdateSess(""); } } $_SESSION['time'] = $Now; if (empty($_SESSION['ip'])) { $_SESSION['ip'] = $this->GetIP(); } else { if (@$_SESSION['checkip'] == 1 && @$_SESSION['ip'] != $this->GetIP()) { /* Sessions are not transferable. */ $this->UpdateSess(""); $_SESSION['ip'] = $this->GetIP(); } } /* Enable or disable plugins based on login status */ $Level = PLUGIN_DB_NONE; if (@$_SESSION['User']) { /* If you are logged in, then the default level is "Download". */ if ("X" . $_SESSION['UserLevel'] == "X") { $Level = PLUGIN_DB_WRITE; } else { $Level = @$_SESSION['UserLevel']; } /* Recheck the user in case he is suddenly blocked or changed. */ if (empty($_SESSION['time_check'])) { $_SESSION['time_check'] = time() + 480 * 60; } if (time() >= @$_SESSION['time_check']) { $sql = "SELECT * FROM users WHERE user_pk='" . @$_SESSION['UserId'] . "';"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); $R = pg_fetch_assoc($result); pg_free_result($result); $this->UpdateSess($R); /* Check for instant logouts */ if (empty($R['user_pass'])) { $this->UpdateSess(""); } } } else { $this->UpdateSess(""); } /* Disable all plugins with >= level access */ plugin_disable($_SESSION['UserLevel']); $this->State = PLUGIN_STATE_READY; }