/**
* This function will go through all the metadata, and check the hint.cidr
* parameter, which defines a network space (ip range) for each remote entry.
* This function returns the entityID for any of the entities that have an
* IP range which the IP falls within.
*
* @param $set Which set of metadata we are looking it up in.
* @param $ip IP address
* @param $type Do you want to return the metaindex or the entityID. [entityid|metaindex]
* @return The entity id of a entity which have a CIDR hint where the provided
* IP address match.
*/
public function getPreferredEntityIdFromCIDRhint($set, $ip, $type = 'entityid')
{
$metadataSet = $this->getMetadataSet($set);
foreach ($metadataSet as $index => $entry) {
if (!array_key_exists('hint.cidr', $entry)) {
continue;
}
if (!is_array($entry['hint.cidr'])) {
continue;
}
foreach ($entry['hint.cidr'] as $hint_entry) {
if (SimpleSAML_Utilities::ipCIDRcheck($hint_entry, $ip)) {
if ($type === 'entityid') {
return $entry['entityid'];
} else {
return $index;
}
}
}
}
/* No entries matched - we should return NULL. */
return NULL;
}
/**
* checkMask() looks up the subnet config option and verifies
* that the client is within that range.
*
* Will return TRUE if no subnet option is configured.
*
* @return boolean
*/
public function checkMask()
{
// No subnet means all clients are accepted.
if ($this->subnet === NULL) {
return TRUE;
}
$ip = $_SERVER['REMOTE_ADDR'];
foreach ($this->subnet as $cidr) {
$ret = SimpleSAML_Utilities::ipCIDRcheck($cidr);
if ($ret) {
SimpleSAML_Logger::debug('Negotiate: Client "' . $ip . '" matched subnet.');
return TRUE;
}
}
SimpleSAML_Logger::debug('Negotiate: Client "' . $ip . '" did not match subnet.');
return FALSE;
}
