/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$this->users = array();
/* Validate and parse our configuration. */
foreach ($config as $userpass => $attributes) {
if (!is_string($userpass)) {
throw new Exception('Invalid <username>:<password> for authentication source ' . $this->authId . ': ' . $userpass);
}
$userpass = explode(':', $userpass, 2);
if (count($userpass) !== 2) {
throw new Exception('Invalid <username>:<password> for authentication source ' . $this->authId . ': ' . $userpass[0]);
}
$username = $userpass[0];
$password = $userpass[1];
try {
$attributes = SimpleSAML\Utils\Arrays::normalizeAttributesArray($attributes);
} catch (Exception $e) {
throw new Exception('Invalid attributes for user ' . $username . ' in authentication source ' . $this->authId . ': ' . $e->getMessage());
}
$this->users[$username . ':' . $password] = $attributes;
}
}
/**
* Gets the name value from an entry array.
*
* @param SimpleSAML_XHTML_Template $view The view object.
* @param array $entry The entry array.
*
* @return string The resulting name value.
*/
function simplesamlphp_get_entry_name($view, $entry = array())
{
$result = $entry['entityid'];
if (!empty($entry['name'])) {
$name = SimpleSAML\Utils\Arrays::arrayize($entry['name'], 'en');
$result = $view->getTranslation($name);
} elseif (!empty($entry['OrganizationDisplayName'])) {
$name = SimpleSAML\Utils\Arrays::arrayize($entry['OrganizationDisplayName'], 'en');
$result = $view->getTranslation($name);
}
return htmlspecialchars($result);
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
/* Parse attributes. */
try {
$this->attributes = SimpleSAML\Utils\Arrays::normalizeAttributesArray($config);
} catch (Exception $e) {
throw new Exception('Invalid attributes for authentication source ' . $this->authId . ': ' . $e->getMessage());
}
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$this->users = array();
if (!($htpasswd = file_get_contents($config['htpasswd_file']))) {
throw new Exception('Could not read ' . $config['htpasswd_file']);
}
$this->users = explode("\n", trim($htpasswd));
try {
$this->attributes = SimpleSAML\Utils\Arrays::normalizeAttributesArray($config['static_attributes']);
} catch (Exception $e) {
throw new Exception('Invalid static_attributes in authentication source ' . $this->authId . ': ' . $e->getMessage());
}
}
/**
* Test the transpose() function.
*/
public function testTranspose()
{
// check bad arrays
$this->assertFalse(SimpleSAML\Utils\Arrays::transpose(array('1', '2', '3')), 'Invalid two-dimensional array was accepted');
$this->assertFalse(SimpleSAML\Utils\Arrays::transpose(array('1' => 0, '2' => '0', '3' => array(0))), 'Invalid elements on a two-dimensional array were accepted');
// check array with numerical keys
$array = array('key1' => array('value1'), 'key2' => array('value1', 'value2'));
$transposed = array(array('key1' => 'value1', 'key2' => 'value1'), array('key2' => 'value2'));
$this->assertEquals($transposed, SimpleSAML\Utils\Arrays::transpose($array), 'Unexpected result of transpose()');
// check array with string keys
$array = array('key1' => array('subkey1' => 'value1'), 'key2' => array('subkey1' => 'value1', 'subkey2' => 'value2'));
$transposed = array('subkey1' => array('key1' => 'value1', 'key2' => 'value1'), 'subkey2' => array('key2' => 'value2'));
$this->assertEquals($transposed, SimpleSAML\Utils\Arrays::transpose($array), 'Unexpected result of transpose()');
// check array with no keys in common between sub arrays
$array = array('key1' => array('subkey1' => 'value1'), 'key2' => array('subkey2' => 'value1', 'subkey3' => 'value2'));
$transposed = array('subkey1' => array('key1' => 'value1'), 'subkey2' => array('key2' => 'value1'), 'subkey3' => array('key2' => 'value2'));
$this->assertEquals($transposed, SimpleSAML\Utils\Arrays::transpose($array), 'Unexpected result of transpose()');
}
public function loadData()
{
$statdir = $this->statconfig->getValue('statdir');
$resarray = array();
$rules = SimpleSAML\Utils\Arrays::arrayize($this->ruleid);
foreach ($rules as $rule) {
// Get file and extract results.
$resultFileName = $statdir . '/' . $rule . '-' . $this->timeres . '-' . $this->fileslot . '.stat';
if (!file_exists($resultFileName)) {
throw new Exception('Aggregated statitics file [' . $resultFileName . '] not found.');
}
if (!is_readable($resultFileName)) {
throw new Exception('Could not read statitics file [' . $resultFileName . ']. Bad file permissions?');
}
$resultfile = file_get_contents($resultFileName);
$newres = unserialize($resultfile);
if (empty($newres)) {
throw new Exception('Aggregated statistics in file [' . $resultFileName . '] was empty.');
}
$resarray[] = $newres;
}
$combined = $resarray[0];
if (count($resarray) > 1) {
for ($i = 1; $i < count($resarray); $i++) {
$combined = $this->combine($combined, $resarray[$i]);
}
}
$this->results = $combined;
}
/**
* Add an Organization element based on metadata array.
*
* @param array $metadata The metadata we should extract the organization information from.
*/
public function addOrganizationInfo(array $metadata)
{
if (empty($metadata['OrganizationName']) || empty($metadata['OrganizationDisplayName']) || empty($metadata['OrganizationURL'])) {
// empty or incomplete organization information
return;
}
$orgName = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationName'], 'en');
$orgDisplayName = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationDisplayName'], 'en');
$orgURL = SimpleSAML\Utils\Arrays::arrayize($metadata['OrganizationURL'], 'en');
$this->addOrganization($orgName, $orgDisplayName, $orgURL);
}
SimpleSAML\Utils\Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
if (!empty($_FILES['xmlfile']['tmp_name'])) {
$xmldata = file_get_contents($_FILES['xmlfile']['tmp_name']);
} elseif (array_key_exists('xmldata', $_POST)) {
$xmldata = $_POST['xmldata'];
}
if (!empty($xmldata)) {
\SimpleSAML\Utils\XML::checkSAMLMessage($xmldata, 'saml-meta');
$entities = SimpleSAML_Metadata_SAMLParser::parseDescriptorsString($xmldata);
/* Get all metadata for the entities. */
foreach ($entities as &$entity) {
$entity = array('shib13-sp-remote' => $entity->getMetadata1xSP(), 'shib13-idp-remote' => $entity->getMetadata1xIdP(), 'saml20-sp-remote' => $entity->getMetadata20SP(), 'saml20-idp-remote' => $entity->getMetadata20IdP());
}
/* Transpose from $entities[entityid][type] to $output[type][entityid]. */
$output = SimpleSAML\Utils\Arrays::transpose($entities);
/* Merge all metadata of each type to a single string which should be
* added to the corresponding file.
*/
foreach ($output as $type => &$entities) {
$text = '';
foreach ($entities as $entityId => $entityMetadata) {
if ($entityMetadata === NULL) {
continue;
}
/* Remove the entityDescriptor element because it is unused, and only
* makes the output harder to read.
*/
unset($entityMetadata['entityDescriptor']);
$text .= '$metadata[' . var_export($entityId, TRUE) . '] = ' . var_export($entityMetadata, TRUE) . ";\n";
}
/**
* This function retrieves statistics about all memcache server groups.
*
* @return array Array with the names of each stat and an array with the value for each server group.
*
* @throws Exception If memcache server status couldn't be retrieved.
*/
public static function getStats()
{
$ret = array();
foreach (self::getMemcacheServers() as $sg) {
$stats = $sg->getExtendedStats();
if ($stats === false) {
throw new Exception('Failed to get memcache server status.');
}
$stats = SimpleSAML\Utils\Arrays::transpose($stats);
$ret = array_merge_recursive($ret, $stats);
}
return $ret;
}
?>
<?php
if (!empty($hm['name'])) {
?>
<p><?php
echo $this->getTranslation(SimpleSAML\Utils\Arrays::arrayize($hm['name'], 'en'));
?>
</p>
<?php
}
?>
<?php
if (!empty($hm['descr'])) {
?>
<p><?php
echo $this->getTranslation(SimpleSAML\Utils\Arrays::arrayize($hm['descr'], 'en'));
?>
</p>
<?php
}
?>
<p> [ <a href="<?php
echo $hm['metadata-url'];
?>
">
<?php
echo $this->t('{core:frontpage:show_metadata}');
?>
</a> ]
</p>
</dd>
/**
* Send a SAML2 SSO request to an IdP.
*
* @param SimpleSAML_Configuration $idpMetadata The metadata of the IdP.
* @param array $state The state array for the current authentication.
*/
private function startSSO2(SimpleSAML_Configuration $idpMetadata, array $state)
{
if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] < 0) {
SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\ProxyCountExceeded(\SAML2\Constants::STATUS_RESPONDER));
}
$ar = sspmod_saml_Message::buildAuthnRequest($this->metadata, $idpMetadata);
$ar->setAssertionConsumerServiceURL(SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
if (isset($state['SimpleSAML_Auth_Source.ReturnURL'])) {
$ar->setRelayState($state['SimpleSAML_Auth_Source.ReturnURL']);
}
if (isset($state['saml:AuthnContextClassRef'])) {
$accr = SimpleSAML\Utils\Arrays::arrayize($state['saml:AuthnContextClassRef']);
$comp = SAML2\Constants::COMPARISON_EXACT;
if (isset($state['saml:AuthnContextComparison']) && in_array($state['AuthnContextComparison'], array(SAML2\Constants::COMPARISON_EXACT, SAML2\Constants::COMPARISON_MINIMUM, SAML2\Constants::COMPARISON_MAXIMUM, SAML2\Constants::COMPARISON_BETTER))) {
$comp = $state['saml:AuthnContextComparison'];
}
$ar->setRequestedAuthnContext(array('AuthnContextClassRef' => $accr, 'Comparison' => $comp));
}
if (isset($state['ForceAuthn'])) {
$ar->setForceAuthn((bool) $state['ForceAuthn']);
}
if (isset($state['isPassive'])) {
$ar->setIsPassive((bool) $state['isPassive']);
}
if (isset($state['saml:NameID'])) {
if (!is_array($state['saml:NameID'])) {
throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameID\'].');
}
$ar->setNameId($state['saml:NameID']);
}
if (isset($state['saml:NameIDPolicy'])) {
if (is_string($state['saml:NameIDPolicy'])) {
$policy = array('Format' => (string) $state['saml:NameIDPolicy'], 'AllowCreate' => TRUE);
} elseif (is_array($state['saml:NameIDPolicy'])) {
$policy = $state['saml:NameIDPolicy'];
} else {
throw new SimpleSAML_Error_Exception('Invalid value of $state[\'saml:NameIDPolicy\'].');
}
$ar->setNameIdPolicy($policy);
}
if (isset($state['saml:IDPList'])) {
$IDPList = $state['saml:IDPList'];
} else {
$IDPList = array();
}
$ar->setIDPList(array_unique(array_merge($this->metadata->getArray('IDPList', array()), $idpMetadata->getArray('IDPList', array()), (array) $IDPList)));
if (isset($state['saml:ProxyCount']) && $state['saml:ProxyCount'] !== null) {
$ar->setProxyCount($state['saml:ProxyCount']);
} elseif ($idpMetadata->getInteger('ProxyCount', null) !== null) {
$ar->setProxyCount($idpMetadata->getInteger('ProxyCount', null));
} elseif ($this->metadata->getInteger('ProxyCount', null) !== null) {
$ar->setProxyCount($this->metadata->getInteger('ProxyCount', null));
}
$requesterID = array();
if (isset($state['saml:RequesterID'])) {
$requesterID = $state['saml:RequesterID'];
}
if (isset($state['core:SP'])) {
$requesterID[] = $state['core:SP'];
}
$ar->setRequesterID($requesterID);
if (isset($state['saml:Extensions'])) {
$ar->setExtensions($state['saml:Extensions']);
}
// save IdP entity ID as part of the state
$state['ExpectedIssuer'] = $idpMetadata->getString('entityid');
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso', TRUE);
$ar->setId($id);
SimpleSAML\Logger::debug('Sending SAML 2 AuthnRequest to ' . var_export($idpMetadata->getString('entityid'), TRUE));
/* Select appropriate SSO endpoint */
if ($ar->getProtocolBinding() === \SAML2\Constants::BINDING_HOK_SSO) {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HOK_SSO));
} else {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST));
}
$ar->setDestination($dst['Location']);
$b = \SAML2\Binding::getBinding($dst['Binding']);
$this->sendSAML2AuthnRequest($state, $b, $ar);
assert('FALSE');
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Arrays::arrayize() instead.
*/
public static function arrayize($data, $index = 0)
{
return SimpleSAML\Utils\Arrays::arrayize($data, $index);
}
/**
* Search for a DN.
*
* @param string|array $base
* The base, or bases, which to search from.
* @param string|array $attribute
* The attribute name(s) searched for.
* @param string $value
* The attribute value searched for.
* @param bool $allowZeroHits
* Determines if the method will throw an exception if no hits are found.
* Defaults to FALSE.
* @return string
* The DN of the matching element, if found. If no element was found and
* $allowZeroHits is set to FALSE, an exception will be thrown; otherwise
* NULL will be returned.
* @throws SimpleSAML_Error_AuthSource if:
* - LDAP search encounter some problems when searching cataloge
* - Not able to connect to LDAP server
* @throws SimpleSAML_Error_UserNotFound if:
* - $allowZeroHits er TRUE and no result is found
*
*/
public function searchfordn($base, $attribute, $value, $allowZeroHits = FALSE)
{
// Traverse all search bases, returning DN if found.
$bases = SimpleSAML\Utils\Arrays::arrayize($base);
$result = NULL;
foreach ($bases as $current) {
try {
// Single base search.
$result = $this->search($current, $attribute, $value);
// We don't hawe to look any futher if user is found
if (!empty($result)) {
return $result;
}
// If search failed, attempt the other base DNs.
} catch (SimpleSAML_Error_UserNotFound $e) {
// Just continue searching
}
}
// Decide what to do for zero entries.
SimpleSAML_Logger::debug('Library - LDAP searchfordn(): No entries found');
if ($allowZeroHits) {
// Zero hits allowed.
return NULL;
} else {
// Zero hits not allowed.
throw $this->makeException('Library - LDAP searchfordn(): LDAP search returned zero entries for filter \'(' . $attribute . ' = ' . $value . ')\' on base(s) \'(' . join(' & ', $bases) . ')\'', 2);
}
}
echo '<br />[ <a href="' . $hm['metadata-url'] . '">' . $this->t('{core:frontpage:show_metadata}') . '</a> ]';
echo '</p></dd>';
}
}
echo '</dl>';
if (is_array($this->data['metaentries']['remote']) && count($this->data['metaentries']['remote']) > 0) {
foreach ($this->data['metaentries']['remote'] as $setkey => $set) {
echo '<fieldset class="fancyfieldset"><legend>' . $this->t(mtype($setkey)) . ' (Trusted)</legend>';
echo '<ul>';
foreach ($set as $entry) {
echo '<li>';
echo '<a href="' . htmlspecialchars(SimpleSAML\Module::getModuleURL('core/show_metadata.php', array('entityid' => $entry['entityid'], 'set' => $setkey))) . '">';
if (!empty($entry['name'])) {
echo htmlspecialchars($this->getTranslator()->getPreferredTranslation(SimpleSAML\Utils\Arrays::arrayize($entry['name'], 'en')));
} elseif (!empty($entry['OrganizationDisplayName'])) {
echo htmlspecialchars($this->getTranslator()->getPreferredTranslation(SimpleSAML\Utils\Arrays::arrayize($entry['OrganizationDisplayName'], 'en')));
} else {
echo htmlspecialchars($entry['entityid']);
}
echo '</a>';
if (array_key_exists('expire', $entry)) {
if ($entry['expire'] < $now) {
echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>';
} else {
echo ' (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)';
}
}
echo '</li>';
}
echo '</ul>';
echo '</fieldset>';
}
if (is_array($dstName)) {
$dstName = $this->t($dstName);
}
$srcName = htmlspecialchars($srcName);
$dstName = htmlspecialchars($dstName);
$attributes = $this->data['attributes'];
$this->data['header'] = $this->t('{consent:consent:consent_header}');
$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/consent/style.css" />' . "\n";
$this->includeAtTemplateBase('includes/header.php');
?>
<p>
<?php
echo $this->t('{consent:consent:consent_accept}', array('SPNAME' => $dstName, 'IDPNAME' => $srcName));
if (array_key_exists('descr_purpose', $this->data['dstMetadata'])) {
echo '</p><p>' . $this->t('{consent:consent:consent_purpose}', array('SPNAME' => $dstName, 'SPDESC' => $this->getTranslation(SimpleSAML\Utils\Arrays::arrayize($this->data['dstMetadata']['descr_purpose'], 'en'))));
}
?>
</p>
<form style="display: inline; margin: 0px; padding: 0px"
action="<?php
echo htmlspecialchars($this->data['yesTarget']);
?>
">
<p style="margin: 1em">
<?php
if ($this->data['usestorage']) {
$checked = $this->data['checked'] ? 'checked="checked"' : '';
echo '<input type="checkbox" name="saveconsent" ' . $checked . ' value="1" /> ' . $this->t('{consent:consent:remember}');
