/** * This function will go through all the metadata, and check the hint.cidr * parameter, which defines a network space (ip range) for each remote entry. * This function returns the entityID for any of the entities that have an * IP range which the IP falls within. * * @param $set Which set of metadata we are looking it up in. * @param $ip IP address * @param $type Do you want to return the metaindex or the entityID. [entityid|metaindex] * @return The entity id of a entity which have a CIDR hint where the provided * IP address match. */ public function getPreferredEntityIdFromCIDRhint($set, $ip, $type = 'entityid') { $metadataSet = $this->getMetadataSet($set); foreach ($metadataSet as $index => $entry) { if (!array_key_exists('hint.cidr', $entry)) { continue; } if (!is_array($entry['hint.cidr'])) { continue; } foreach ($entry['hint.cidr'] as $hint_entry) { if (SimpleSAML_Utilities::ipCIDRcheck($hint_entry, $ip)) { if ($type === 'entityid') { return $entry['entityid']; } else { return $index; } } } } /* No entries matched - we should return NULL. */ return NULL; }
/** * checkMask() looks up the subnet config option and verifies * that the client is within that range. * * Will return TRUE if no subnet option is configured. * * @return boolean */ public function checkMask() { // No subnet means all clients are accepted. if ($this->subnet === NULL) { return TRUE; } $ip = $_SERVER['REMOTE_ADDR']; foreach ($this->subnet as $cidr) { $ret = SimpleSAML_Utilities::ipCIDRcheck($cidr); if ($ret) { SimpleSAML_Logger::debug('Negotiate: Client "' . $ip . '" matched subnet.'); return TRUE; } } SimpleSAML_Logger::debug('Negotiate: Client "' . $ip . '" did not match subnet.'); return FALSE; }