Exemplo n.º 1
0
 /**
  * getNREN() find an NREN and return it based on provided key
  *
  * This is a 'guess all' approach. If you know the type of key, consider
  * calling the matching routine directly.
  *
  * The key can be:
  *	- the database-id of the NREN
  *	- the wayf-url
  *	- the idp_name
  *
  * @param	mixed $key
  * @return	NREN|null
  * @access	public
  */
 static function getNREN($key)
 {
     /* try URL first, this is via the idp_map, the most common case  */
     $nren = self::getByIdPURL(Input::sanitizeURL($key));
     if ($nren) {
         return $nren;
     }
     /* try the URL of the portal */
     $nren = self::getByURL(Input::sanitizeURL($key));
     if ($nren) {
         return $nren;
     }
     $nren = self::getByWAYF(Input::sanitizeURL($key));
     if ($nren) {
         return $nren;
     }
     $nren = self::getByID(Input::sanitizeID($key));
     if ($nren) {
         return $nren;
     }
     return false;
 }
Exemplo n.º 2
0
 public function pre_process($person)
 {
     parent::pre_process($person);
     /* If user is not subscriber- or nren-admin, we stop here */
     if (!$this->person->isNRENAdmin()) {
         return false;
     }
     /* are we running in grid-mode? We must check this before we do
      * any other processing */
     if (Config::get_config('cert_product') == PRD_ESCIENCE) {
         $this->tpl->assign('confusa_grid_restrictions', true);
     } else {
         $this->tpl->assign('confusa_grid_restrictions', false);
     }
     /* if the function exists due to failed field validation, it should
      * display all affected fiels. Everything else is very annoying for
      * the user.
      */
     $this->validationErrors = false;
     /* handle nren-flags */
     if (isset($_POST['subscriber'])) {
         if (isset($_POST['id'])) {
             $id = Input::sanitizeID($_POST['id']);
         }
         if (isset($_POST['state'])) {
             $state = Input::sanitizeOrgState($_POST['state']);
         }
         if (isset($_POST['db_name'])) {
             $db_name_trim = trim($_POST['db_name']);
             $this->form_data['db_name'] = htmlentities($db_name_trim);
             if ($this->form_data['db_name'] != $db_name_trim) {
                 $this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm');
                 $this->form_data['db_name'] = "";
                 $this->form_data['db_name_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* db_name */
         if (isset($_POST['dn_name'])) {
             $dn_name_trim = trim($_POST['dn_name']);
             /* personal certificates may have UTF-8 chars in the DN */
             if (Config::get_config('cert_product') == PRD_PERSONAL) {
                 $this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim);
             } else {
                 $this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim);
             }
             /* warn user if characters got sanitized away */
             if ($this->form_data['dn_name'] != $dn_name_trim) {
                 $this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname');
                 $this->form_data['dn_name'] = "";
                 $this->form_data['dn_name_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* dn_name */
         if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") {
             $subscr_email_trim = trim($_POST['subscr_email']);
             $this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim);
             if ($this->form_data['subscr_email'] != $subscr_email_trim) {
                 $this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail');
                 $this->form_data['subscr_email'] = "";
                 $this->form_data['subscr_email_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* subscr_email */
         if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") {
             $subscr_phone_trim = trim($_POST['subscr_phone']);
             $this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim);
             if ($this->form_data['subscr_phone'] != $subscr_phone_trim) {
                 $this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone');
                 $this->form_data['subscr_phone'] = "";
                 $this->form_data['subscr_phone_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* subscr_phone */
         if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") {
             $subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']);
             $this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim);
             if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) {
                 $this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers');
                 $this->form_data['subscr_responsible_name'] = "";
                 $this->form_data['subscr_responsible_name_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* subscr_responsible_name */
         if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") {
             $subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']);
             $this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim);
             if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) {
                 $this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail');
                 $this->validationErrors = true;
             }
         }
         /* subscr_responsible_email */
         if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") {
             $this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment']));
         }
         if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") {
             $subscr_help_url_trim = trim($_POST['subscr_help_url']);
             $this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim);
             if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) {
                 $this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl');
                 $this->form_data['subscr_help_url'] = "";
                 $this->form_data['subscr_help_url_invalid'] = true;
                 $this->validationErrors = true;
             }
         }
         /* subscr_help_url */
         if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") {
             $subscr_help_email_trim = trim($_POST['subscr_help_email']);
             $this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim);
             if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) {
                 $this->form_data['subscr_help_email'] = "";
                 $this->form_data['subscr_help_email_invalid'] = true;
                 $this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail');
                 $this->validationErrors = true;
             }
         }
         /* subscr_help_email */
         /* don't continue, if data was stripped due to the field
          * sanitation */
         if ($this->validationErrors) {
             return;
         }
         switch (htmlentities($_POST['subscriber'])) {
             case 'edit':
                 $subscriber = null;
                 if ($this->person->getSubscriber()->hasDBID($id)) {
                     $subscriber = $this->person->getSubscriber();
                 } else {
                     /* Other subscruber than user's
                      * subscriber, must create new object
                      * from DB */
                     $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
                 }
                 if (!is_null($subscriber)) {
                     /* subscriber will clean input */
                     $update = $subscriber->setState($state);
                     $update |= $subscriber->setEmail($this->form_data['subscr_email']);
                     $update |= $subscriber->setPhone($this->form_data['subscr_phone']);
                     $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
                     $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
                     $update |= $subscriber->setComment($this->form_data['subscr_comment']);
                     $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
                     $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
                     if ($update) {
                         if (!$subscriber->save(true)) {
                             Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin'));
                         } else {
                             Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin'));
                         }
                     }
                     /* show info-list for subscriber */
                     $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo());
                     $this->tpl->assign('subscriber_details', true);
                     $this->tpl->assign('subscriber_detail_id', $id);
                 }
                 break;
             case 'editState':
                 $subscriber = null;
                 if ($this->person->getSubscriber()->hasDBID($id)) {
                     $subscriber = $this->person->getSubscriber();
                 } else {
                     $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN());
                 }
                 if (!is_null($subscriber)) {
                     if ($subscriber->setState($state)) {
                         if (!$subscriber->save(true)) {
                             Framework::error_output("Could not update state of subscriber. Is the database-layer broken?");
                             Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin"));
                         }
                     }
                 }
                 break;
             case 'info':
                 $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo());
                 $this->tpl->assign('subscriber_details', true);
                 $this->tpl->assign('subscriber_detail_id', $id);
                 break;
             case 'add':
                 if (!isset($this->form_data['db_name'])) {
                     break;
                 }
                 $inheritUIDAttr = isset($_POST['inherit_uid_attr']);
                 $subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN());
                 if ($subscriber->isValid()) {
                     Framework::error_output("Cannot create new, already existing.");
                     break;
                 }
                 $update = $subscriber->setState($state);
                 $update |= $subscriber->setOrgName($this->form_data['dn_name']);
                 $update |= $subscriber->setEmail($this->form_data['subscr_email']);
                 $update |= $subscriber->setPhone($this->form_data['subscr_phone']);
                 $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']);
                 $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']);
                 $update |= $subscriber->setComment($this->form_data['subscr_comment']);
                 $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']);
                 $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']);
                 if ($update && $subscriber->create()) {
                     Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin'));
                 }
                 if (!$inheritUIDAttr) {
                     $nren = $this->person->getNREN();
                     $nrenMap = $nren->getMap();
                     $uidAttr = Input::sanitizeAlpha($_POST['uid_attr']);
                     $subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']);
                 }
                 break;
             case 'delete':
                 $this->delSubscriber($id);
                 break;
         }
     }
     /* isset($_POST['subscriber'] */
 }
Exemplo n.º 3
0
 /**
  * Render the page for a NREN-admin
  */
 private function processNRENAdmin()
 {
     $admins = $this->getNRENAdmins($this->person->getNREN());
     try {
         /* Get a list of subscribers (as
          * Subscriber-objects) */
         $subscribers = $this->person->getNREN()->getSubscriberList('name');
     } catch (DBQueryException $dbqe) {
         Framework::error_output("Cannot retrieve subscriber from database!<br /> " . "Probably wrong syntax for query, ask an admin to investigate." . "Server said: " . htmlentities($dbse->getMessage()));
     } catch (DBStatementException $dbse) {
         Framework::error_output("Query failed. This probably means that the values passed to the " . "database are wrong. Server said: " . htmlentities($dbqe->getMessage()));
     }
     $current_subscriber = null;
     /* Are we looking at a particular subscriber? */
     if (isset($_POST['subscriberID'])) {
         $current_subscriber_id = Input::sanitizeID($_POST['subscriberID']);
         foreach ($subscribers as $nren_subscriber) {
             if ($nren_subscriber->getDBID() == $current_subscriber_id) {
                 $current_subscriber = $nren_subscriber;
                 break;
             }
         }
     } else {
         if (!is_null($subscribers)) {
             $current_subscriber = $subscribers[0];
         }
     }
     if (isset($current_subscriber)) {
         $subscriber_admins = $this->getSubscriberAdmins($current_subscriber->getDBID(), SUBSCRIBER_ADMIN);
         $this->tpl->assign('subscriber', $current_subscriber);
         $this->tpl->assign('subscriber_admins', $subscriber_admins);
     }
     /* does the NREN-admin have the admin-entitlement (for downgrading)? */
     if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin'))) {
         $this->tpl->assign('has_adm_entl', true);
     } else {
         $this->tpl->assign('has_adm_entl', false);
     }
     $nren = $this->person->getNREN();
     $idpList = $nren->getIdPList();
     /* append an empty entry to the beginning */
     $idpList = array_merge((array) '-', $idpList);
     $this->tpl->assign('idps', $idpList);
     $this->tpl->assign('nren_admins', $admins);
     $this->tpl->assign('nren', $nren);
     $this->tpl->assign('subscribers', $subscribers);
 }
Exemplo n.º 4
0
 /**
  * save() save the Certificate to the database.
  *
  * This function requires that the owner is a registred
  * administrator. It will then save all the registred fields to the
  * database and connect the admin to the certificate.
  *
  * The function will handle both new certificates as well as updating
  * existing ones.
  *
  * @param	void
  * @return	Boolean flag indicating if the save-operation succeeded
  * @access	public
  */
 public function save()
 {
     /* is it a new certificate? */
     if (!$this->getCertFromDB()) {
         if (!isset($this->owner)) {
             return false;
         }
         try {
             $admin_res = MDB2Wrapper::execute("SELECT * FROM admins WHERE admin_id=?", array('text'), array($this->owner));
             if (count($admin_res) == 0) {
                 return false;
             }
             if (count($admin_res) > 1) {
                 Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Corrupted database. Multiple admins with same primary key!");
                 return false;
             }
             $this->subscriber = Input::sanitizeID($admin_res[0]['subscriber']);
         } catch (DBStatementException $dbse) {
             Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not find Admin (statement), server said: " . $dbse->getMessage());
             return false;
         } catch (DBQueryException $dbqe) {
             Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could not find Admin (query), server said: " . $dbqe->getMessage());
             return false;
         }
         $update = "INSERT INTO robot_certs (subscriber_id, uploaded_by, ";
         $update .= " uploaded_date, valid_until, cert, fingerprint, ";
         $update .= "serial, comment)";
         $update .= " VALUES(?, ?, current_timestamp(), ?, ?, ?, ?, ?)";
         $params = array('text', 'text', 'text', 'text', 'text', 'text', 'text');
         $data = array($this->subscriber, $this->owner, $this->getEndDate(), $this->getPEMContent(), $this->getFingerprint(), $this->getSerial(), $this->getComment());
         echo "{$update}\n";
         try {
             MDB2Wrapper::update($update, $params, $data);
             return true;
         } catch (DBStatementException $dbse) {
             Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could save Robot-cert (statement), server said: " . $dbse->getMessage());
             return false;
         } catch (DBQueryException $dbqe) {
             Logger::log_event(LOG_WARNING, __FILE__ . ":" . __LINE__ . " Could save Robot-cert (query), server said: " . $dbqe->getMessage());
             return false;
         }
     } else {
         if (is_array($this->changed) && count($this->changed) > 0) {
             /* existing certificate, but things have changed. */
             $query = "UPDATE robot_certs SET ";
             $params = array();
             $data = array();
             foreach ($this->changed as $key => $value) {
                 $query .= "{$key}=:{$key}, ";
                 $data[$key] = $value;
             }
             $query = substr($query, 0, -2) . " WHERE id=:id";
             $data['id'] = $this->db_id;
             try {
                 MDB2Wrapper::update($query, null, $data);
                 echo "updated OK\n";
                 return true;
             } catch (DBStatementException $dbse) {
                 $msg = __CLASS__ . "::" . __FUNCTION__ . "(" . __LINE__ . ") ";
                 $msg .= "Cannot connect properly to database, some internal error. ";
                 $msg .= "Make sure the DB is configured correctly." . $dbse->getMessage();
             } catch (DBQueryException $dbqe) {
                 $msg = __CLASS__ . "::" . __FUNCTION__ . "(" . __LINE__ . ") ";
                 $msg .= "Cannot connect properly to database, ";
                 $msg .= "errors with supplied data.";
             }
         }
     }
     return false;
 }