entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

merged from Benjamin's branch

This commit is contained in:
Damien Laniel 2008-04-21 12:30:02 +02:00
parent a13c938256 1fa90fe001
commit d731cd8885
28 changed files with 648 additions and 336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Makefile
View File

@ -10,8 +10,10 @@ PHPINCLUDEDIR=/usr/share/php
DOCPREFIX=/usr/share/doc
DOCDIR=$(DOCPREFIX)/$(NAME)
HTTPD_USER=www-data
VARPREFIX=/var/lib
VARDIR=$(VARPREFIX)/$(NAME)
.PHONY: zip distclean dist install all clean
.PHONY: zip distclean dist install all clean install-directories install-files
all:
@ -26,18 +28,21 @@ dist: distclean
tar cvzf ../$(TGZ) $(FULL)
install:
install-directories:
install -d $(DESTDIR)$(DATADIR) $(DESTDIR)$(DATADIR)/include $(DESTDIR)$(DATADIR)/endpoints $(DESTDIR)$(PHPINCLUDEDIR) $(DESTDIR)$(DOCDIR)/exemples
install -d $(DESTDIR)$(DOCDIR)/html
install -d $(DESTDIR)$(DOCDIR)
install -d -o $(HTTPD_USER) -m 755 $(DESTDIR)$(VARDIR)
ln -nfs $(DATADIR)/include $(DESTDIR)$(PHPINCLUDEDIR)/$(NAME)
install-files:
install -m 644 -t $(DESTDIR)$(DATADIR)/include include/*
install -m 644 -t $(DESTDIR)$(DATADIR)/endpoints endpoints/*
install -m 644 -t $(DESTDIR)$(DOCDIR)/exemples exemples/*.*
install -d $(DESTDIR)$(DOCDIR)
ln -nfs $(DATADIR) $(DESTDIR)$(PHPINCLUDEDIR)/$(NAME)
install -m 644 -t $(DESTDIR)$(DOCDIR)/html doc/*.html
install -m 644 -t $(DESTDIR)$(DOCDIR) README INSTALL
-mkdir -m 755 /var/lib/spkitlasso
chown $(HTTPD_USER): /var/lib/spkitlasso
install -m 644 -t $(DESTDIR)$(DOCDIR)/exemples exemples/*.*
install: install-directories install-files
distclean:
rm -rf $(FULL)

7
debian/changelog vendored
View File

@ -1,3 +1,10 @@
spkitlasso (0.2) unstable; urgency=low
* Setup the library into /usr/share/php/spkitlasso
* Setup a datadir for hosts into /var/lib/spkitlasso
-- Benjamin Dauvergne <bdauvergne@entrouvert.com> Thu, 20 Mar 2008 14:23:09 +0100
spkitlasso (0.1-1) unstable; urgency=low
* Initial release

2
debian/control vendored
View File

@ -7,7 +7,7 @@ Standards-Version: 3.7.2
Package: spkitlasso
Architecture: any
Depends: lasso-php
Depends: php-lasso
Description: Simple library to use Lasso PHP bindings inside service providers
This package provides PHP 5 classes and a procedural API to use Lasso basic
protocols like SSO, Identity Federation, Identity Defederation and SLO,

1
debian/dirs vendored
View File

@ -1,3 +1,4 @@
var/lib
usr/share/spkitlasso
usr/share/doc
usr/share/php

1
debian/spkitlasso.install vendored
View File

@ -1 +1,2 @@
debian/tmp/usr/*
debian/tmp/var/lib/*

2
debian/spkitlasso.postinst vendored
View File

@ -1,5 +1,7 @@
#! /bin/sh -e
# Automatically added by dh_installdocs
if [ "$1" = configure ] && which install-docs >/dev/null 2>&1; then
install-docs -i /usr/share/doc-base/spkitlasso
fi
chown www-data /var/lib/spkitlasso
# End automatically added section

1
debian/spkitlasso.prerm vendored
View File

@ -1,3 +1,4 @@
#! /bin/sh -e
# Automatically added by dh_installdocs
if [ "$1" = remove ] || [ "$1" = upgrade ] && \
which install-docs >/dev/null 2>&1; then

10
endpoints/configure.php
View File

@ -1,9 +1,9 @@
<?php
require_once('../include/lassospkit_configgen.inc.php');
require_once('../include/lassospkit_config.inc.php');
require_once('../include/lassospkit_debug.inc.php');
require_once('../include/lassospkit_metadata.inc.php');
require_once('../include/lassospkit_utils.inc.php');
require_once('spkitlasso/lassospkit_configgen.inc.php');
require_once('spkitlasso/lassospkit_config.inc.php');
require_once('spkitlasso/lassospkit_debug.inc.php');
require_once('spkitlasso/lassospkit_metadata.inc.php');
require_once('spkitlasso/lassospkit_utils.inc.php');
$configgen = new LassoSPKitConfigUIGen();
$error = null;

8
endpoints/liberty.php
View File

@ -1,8 +1,8 @@
<?php
require_once("../include/lassospkit_helper.inc.php");
require_once("../include/lassospkit_dispatcher.inc.php");
require_once("../include/lassospkit_metadata.inc.php");
require_once("../include/lassospkit_utils.inc.php");
require_once("spkitlasso/lassospkit_helper.inc.php");
require_once("spkitlasso/lassospkit_dispatcher.inc.php");
require_once("spkitlasso/lassospkit_metadata.inc.php");
require_once("spkitlasso/lassospkit_utils.inc.php");
dispatch(array('/login' => login,
'/federate' => federate,

32
endpoints/saml2.php
View File

@ -1,12 +1,12 @@
<?php
require_once("../include/lassospkit_helper.inc.php");
require_once("../include/lassospkit_dispatcher.inc.php");
require_once("../include/lassospkit_saml2.inc.php");
require_once("../include/lassospkit_metadata.inc.php");
require_once("../include/lassospkit_utils.inc.php");
require_once("../include/lassospkit_utils_session.inc.php");
require_once("../include/lassospkit_dummysession.inc.php");
require_once("../include/lassospkit_autopersistentsession.inc.php");
require_once("spkitlasso/lassospkit_helper.inc.php");
require_once("spkitlasso/lassospkit_dispatcher.inc.php");
require_once("spkitlasso/lassospkit_saml2.inc.php");
require_once("spkitlasso/lassospkit_metadata.inc.php");
require_once("spkitlasso/lassospkit_utils.inc.php");
require_once("spkitlasso/lassospkit_utils_session.inc.php");
require_once("spkitlasso/lassospkit_dummysession.inc.php");
require_once("spkitlasso/lassospkit_autopersistentsession.inc.php");
function verifyUrl($host) {
$host = strstr('//', $host);
@ -94,6 +94,7 @@ function login() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$persistent = TRUE;
$passive = FALSE;
if (isset($_GET['persistent'])) {
switch ($_GET['persistent']) {
case '0':
@ -107,9 +108,22 @@ function login() {
break;
}
}
if (isset($_GET['passive'])) {
switch ($_GET['passive']) {
case '0':
$passive = FALSE;
break;
case '1':
$passive = TRUE;
break;
default;
$passive = FALSE;
break;
}
}
// Do not allow creation of persistent federation,
// but eventually permit transient ones
$saml2->sso(FALSE, $persistent);
$saml2->sso(FALSE, $persistent, $passive);
LassoSPKitUtilsSession::setRelayState('sso', getReturnUrl());
}
function federate() {

6
exemples/index.php
View File

@ -1,7 +1,7 @@
<?php
require_once('spkitlasso/include/lassospkit_public_api.inc.php');
require_once('spkitlasso/include/lassospkit_debug.inc.php');
require_once('spkitlasso/include/lassospkit_utils.inc.php');
require_once('spkitlasso/lassospkit_public_api.inc.php');
require_once('spkitlasso/lassospkit_debug.inc.php');
require_once('spkitlasso/lassospkit_utils.inc.php');
echo '<?xml version="1.0" encoding="UTF-8"?>';
function show($a) {

8
include/lassospkit_autopersistentsession.inc.php
View File

@ -18,13 +18,13 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
function findFederation($nameID) {
$federation = null;
if ($nameID) {
lassospkit_debuglog("looking for session using nameID from profile: $nameID");
#lassospkit_debuglog("looking for session using nameID from profile: $nameID");
$federation = $this->storage->get($nameID);
}
if (! $federation) {
$userID = LassoSPKitUtilsSession::getUserID();
if ($userID) {
lassospkit_debuglog("looking for session using userID: $userID");
#lassospkit_debuglog("looking for session using userID: $userID");
$federation = $this->storage->get(md5($userID));
}
}
@ -32,13 +32,13 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
$nameIDs = LassoSPKitUtilsSession::getNameID();
if (is_array($nameIDs)) {
foreach (LassoSPKitUtilsSession::getNameID() as $nameID) {
lassospkit_debuglog("looking for session using nameID in session: $userID");
#lassospkit_debuglog("looking for session using nameID in session: $userID");
$federation = $this->storage->get($nameID);
}
}
}
if ($federation == null) {
lassospkit_debuglog('did not found any session file...');
#lassospkit_debuglog('did not found any session file...');
return 0;
}
$this->explodeFederation($federation);

12
include/lassospkit_config.inc.php
View File

@ -24,7 +24,10 @@ class LassoSPKitConfig {
'storage' => "File",
'cookiename' => 0,
'default_return_url' => null,
'showExtension' => 1 /* Shall we show the extension of scripts in public apis */
'lasso_lib' => 'lasso.php',
'showExtension' => 1, /* Shall we show the extension of scripts in public apis */
'memcache_servers' => 'localhost:11211', /* Blank separated list of host:port pairs */
'session_storage_class' => 'LassoSPKitSessionFile'
);
private static $instance = null;
private static $file;
@ -75,9 +78,12 @@ class LassoSPKitConfig {
static function init() {
if (! self::$instance) {
/* Where is lasso PHP binding ? */
self::$default_values['lasso_lib'] = ini_get('extension_dir').'/lasso.php';
self::$file = lassospkit_datadir() . '/lassospkit_config.ini';
self::$instance = self::loadIni(self::$file);
if (file_exists(self::$file)) {
self::$instance = self::loadIni(self::$file);
} else {
self::$instance = array();
}
}
}
/** Commit the content of the singleton table to the .ini file */

3
include/lassospkit_datadir.inc.php
View File

@ -4,8 +4,7 @@
* in an unique directory with you application, you can just make it return "../data".
*/
function lassospkit_datadir() {
// $path = '/var/lib/spkitlasso/' . $_SERVER['HTTP_HOST'];
$path = "/home/bdauvergne/public_html/data";
$path = '/var/lib/spkitlasso/' . $_SERVER['HTTP_HOST'];
// $path = $_SERVER['DOCUMENT_ROOT'] . '/data';
if (! file_exists($path)) {
@mkdir($path,755,1);

60
include/lassospkit_endpoints.inc.php Normal file
View File

@ -0,0 +1,60 @@
<?php
require_once('lassospkit_helper.inc.php');
require_once('lassospkit_utils.inc.php');
require_once('lassospkit_metadata.inc.php');
class LassoSPKitEndpoint {
var $dispatch_table = array();
var $protocol = null;
function LassoSPKitEndpoint($protocol) {
$this->__construct($protocol);
}
function __construct($protocol) {
$this->protocol = $protocol;
$this->addDispatch('/metadata', 'metadata');
}
function addDispatch($point, $method) {
$dispatch_table[$point] = $method;
}
function dispatchAndExit() {
if (! isset($_SERVER['PATH_INFO'])) {
throw new Exception('No PATH INFO');
}
$path_info = $_SERVER['PATH_INFO'];
$fname = $this->dispatch_table[$path_info];
if ($fname) {
$fname();
exit(0);
} else {
header("HTTP/1.0 404 Not Found");
exit(0);
}
}
// Urls
function metadata() {
$datadir = LassoSPKitHelper::getMetadataDir($this->protocol);
$pkey = $datadir . "/" . PRIVATE_KEY;
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
$content = LassoSPKitMetadataSAML2::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
if ($content) {
header('Content-type: text/xml');
echo $content;
}
}
// Verify that the host is the same has HTTP_HOST
function verifyUrl($host) {
$host = strstr('//', $host);
$pos = strpos($host, '/');
if ($pos !== FALSE) {
$host = substr($host, 0, $pos);
}
if ($host && isset($_SERVER['HTTP_HOST']) && $host != $_SERVER['HTTP_HOST']) {
echo "Bad referer '$host' != '" . $_SERVER['HTTP_HOST'] . "'";
exit(1);
}
}
}

2
include/lassospkit_file.inc.php
View File

@ -51,7 +51,7 @@ class LassoSPKitFileStore implements LassoSPKitStore {
}
function debug($ret, $mesg) {
if ($ret === FALSE) {
lassospkit_debuglog("SPKit File Storage: " . $mesg);
#lassospkit_debuglog("SPKit File Storage: " . $mesg);
}
}
}

4
include/lassospkit_generic_session.inc.php
View File

@ -17,7 +17,7 @@ class LassoSPKitGenericSession {
header("Location: $url");
}
function doResponse($mimeType, $content) {
lassospkit_debuglog("Renvoi la réponse de type $mimeType et contenu $content");
#lassospkit_debuglog("Renvoi la réponse de type $mimeType et contenu $content");
header("Content-type: $mimeType");
echo $content;
}
@ -70,7 +70,7 @@ class LassoSPKitGenericSession {
function explodeFederationBlob($blob) {
$federation = @unserialize($blob);
if ($federation === FALSE) {
lassospkit_debuglog("LassoSPKitGenericSession: cannot deserialize the federation blob");
#lassospkit_debuglog("LassoSPKitGenericSession: cannot deserialize the federation blob");
return 0;
}
$this->explodeFederation($federation);

3
include/lassospkit_helper.inc.php
View File

@ -17,7 +17,7 @@ class LassoSPKitHelper {
$profile->setSessionFromDump($sessionDump);
}
if ($identityDump) {
lassospkit_debuglog("load dump " . $identityDump);
#lassospkit_debuglog("load dump " . $identityDump);
$profile->setIdentityFromDump($identityDump);
}
}
@ -31,7 +31,6 @@ class LassoSPKitHelper {
$ok = 0;
if ($profile->hasDirtyIdentity()) {
if ($profile->identity) {
lassospkit_debuglog("save " . $profile->identity->dump());
$session->setIdentityDump($profile->identity->dump());
} else {
$session->setIdentityDump(null);

53
include/lassospkit_http_request.inc.php Normal file
View File

@ -0,0 +1,53 @@
<?php
class LassoSPKitHttpRequest {
var $url;
var $header = array();
var $method = 'GET';
var $mime_type = null;
var $_content = null;
function init($url = null) {
if ($url) {
$this->url = $url;
} else {
throw new Exception("LassoSPKitHttpRequest: __construct without arg not implemented");
}
$this->getCurrentCookies();
}
function setPOST($mime_type, $content) {
$this->method = 'POST';
$this->mime_type = $mime_type;
$this->_content = $content;
}
function getCurrentCookies() {
$this->headers = array();
foreach ($_COOKIE as $cookie => $value) {
$this->headers[] = "Cookie: " . urlencode($cookie) . "=" . urlencode($value);
}
}
function perform() {
$opts = array('http' =>
array(
'method' => $this->method,
'header' => $this->header,
'content' => $this->_content
)
);
$context = stream_context_create($opts);
$res = @file_get_contents($this->url,false,$context);
return $res;
}
function buildPOST($url,$mime_type,$content) {
$b = new LassoSPKitHttpRequest();
$b->init($url);
$b->setPost($mime_type,$content);
return $b;
}
function buildGET($url) {
$b = new LassoSPKitHttpRequest();
$b->init($url);
return $b;
}
}

77
include/lassospkit_memcache.inc.php Normal file
View File

@ -0,0 +1,77 @@
<?php
require_once('lassospkit_config.inc.php');
require_once('lassospkit_debug.inc.php');
class LassoSPKitMemCache {
function getInstance() {
static $instance = null;
if ($instance == null) {
$instance = new Memcache();
$memcache_servers = LassoSPKitConfig::get('memcache_servers');
if (! $memcache_servers) {
lassospkit_errlog('There is no configuration for memcache servers, put one');
throw new Exception('memcache config error');
}
$servers = self::validateServers($memcache_servers);
foreach ($servers as $hostport) {
$host = $hostport[0];
$port = $hostport[1];
$res = $instance->pconnect($host,intval($port));
if ($res === FALSE) {
lassospkit_errlog("LassoSPKitMemcache: could not connect to $host:$port");
}
}
}
return $instance;
}
function validateServers($str) {
$pairs = split(" +", $str);
$servers = array();
foreach ($pairs as $a_pair) {
if (! ereg("^([[:alnum:]]+):([[:digit:]]+)$",$a_pair,$matches) ||
intval($matches[2]) == 0) {
lassospkit_errlog("$a_pair is not a valid memcache server ref");
} else {
$servers[] = array($matches[0],$matches[1]);
}
}
if (count($servers)) {
return $servers;
} else {
return null;
}
}
function add($key, $value, $timeout = 2592000) {
$instance = LassoSPKitMemCache::getInstance();
if (! $instance) {
lassospkit_errlog("LassoSPKitMemCache: could not add key " . var_export($key,1) . ", no instance present");
}
$res = $instance->add($key, $value, false, $timeout);
return $res;
}
function set($key, $value, $timeout = 2592000) {
$instance = LassoSPKitMemCache::getInstance();
if (! $instance) {
lassospkit_errlog("LassoSPKitMemCache: could not set key " . var_export($key,1) . ", no instance present");
}
$res = $instance->set($key, $value, false, $timeout);
return $res;
}
function get($key) {
$instance = LassoSPKitMemCache::getInstance();
if (! $instance) {
lassospkit_errlog("LassoSPKitMemCache: could not get key " . var_export($key,1) . ", no instance present");
}
return $instance->get($key);
}
function delete($key) {
$instance = LassoSPKitMemCache::getInstance();
if (! $instance) {
lassospkit_errlog("LassoSPKitMemCache: could not delete key " . var_export($key,1) . ", no instance present");
}
return $instance->delete($key);
}
}

24
include/lassospkit_public_api.inc.php
View File

@ -1,5 +1,6 @@
<?php
require_once('lassospkit_utils_session.inc.php');
require_once('lassospkit_utils.inc.php');
require_once('lassospkit_config.inc.php');
/** This file contains the public front-end API
@ -35,6 +36,9 @@ function _lassospkit_make_redirect_url($endpoint, $return_url, $params) {
$redirect = $redirect . "?return_url=" . urlencode($return_url);
// Other params
foreach ($params as $key => $value) {
if (is_bool($value)) {
$value = intval($value);
}
$redirect = $redirect . '&' . urlencode($key) . "=" . urlencode($value);
}
return $redirect;
@ -77,15 +81,19 @@ function lassospkit_set_federation($federation) {
LassoSPKitUtilsSession::setFederation($federation);
}
/* Return the URL where to redirect a user when liberty authentification
* is required for existing federation or to get a transient one.
/* Return the URL where to redirect a user to ask for
* an authentification assertion from the IdP without creating
* new federation.
* Second arguments is an array of options. Possible options are:
* - "persistent" => Bool, wether to get an existing persistent
* session or get a one-time federation identifier.
* - "passive" => Bool, forbid user interaction by the IdP.
* For example, to verify "transparently" (there is still the redirect latency)
* if an user is currently logged to the IdP, just do:
* header("Location: " . lassospkit_login_url($login_page, array("passive" => TRUE)))
*/
function lassospkit_login_url($return_url, $persistent = TRUE) {
if ($persistent) {
$params = array( 'persistent' => 1 );
} else {
$params = array( 'persistent' => 0 );
}
function lassospkit_login_url($return_url, $options = array() ) {
$params = LassoSPKitUtils::extract_options(array('persistent' => 'b', 'passive' => 'b'), $options);
return _lassospkit_make_redirect_url('login',$return_url, $params);
}

121
include/lassospkit_saml2.inc.php
View File

@ -19,23 +19,35 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
$nameidpolicy->format = $blob['nameIDFormat'];
$nameidpolicy->allowCreate = $blob['allowCreate'];
}
public function sso($create = TRUE, $federate = TRUE) {
/** Initiate a SSO exchange with a redirect.
The federate parameter defines if we wish to get a
persistent (federate = TRUE) or a transient federation
(federate = FALSE).
The create parameter specify if the IdP is allower
to create a new federation if a persistent
one is asked for federate = TRUE.
*/
function sso($create = TRUE, $federate = TRUE, $passive = FALSE) {
if ($federate) {
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT;
} else {
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT;
}
return $this->ssoInit($create,$format);
return $this->ssoInit(array('allowCreate' => $create, 'nameIDFormat' => $format, 'isPassive' => $passive));
}
public function ssoInit(
$allowCreate = TRUE,
$nameIDFormat = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
$remoteID = null,
$method = LASSO_HTTP_METHOD_REDIRECT,
$isConsentObtained = FALSE,
$forceAuthn = FALSE,
$isPassive = FALSE)
function ssoInit($params = array())
{
$default_params = array(
'allowCreate' => TRUE,
'nameIDFormat' => LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
'remoteID' => null,
'method' => LASSO_HTTP_METHOD_REDIRECT,
'isConsentObtained' => FALSE,
'forceAuthn' => FALSE,
'isPassive' => FALSE);
$params = array_merge($default_params, $params);
extract($params);
#lassospkit_debuglog("Params isPassive: $isPassive allowCreate: $allowCreate format: $nameIDFormat");
$login = null;
return parent::ssoCommon($login, $remoteID, $method, $isConsentObtained, $forceAuthn, $isPassive, array('nameIDFormat'=>$nameIDFormat, 'allowCreate' => $allowCreate));
}
@ -49,20 +61,21 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
/** Name Id Management, SP inititated */
/* Request */
public function initiateNameIdManagement($newNameID, $method = LASSO_HTTP_METHOD_SOAP, $remoteID = null) {
$ret = 0;
lassospkit_debuglog("initiateNIDManagement NNID: $newNameID Meth: $method RID: $remoteID ");
$ok = 1 && $nidmanagement = new LassoNameIdManagement($this->server);
$nidmanagement = new LassoNameIdManagement($this->server);
$this->findFederation($nidmanagement);
$ok = $ok && ! $ret = $nidmanagement->initRequest($remoteID, $newNameID, $method);
$ok = $ok && ! $ret = $nidmanagement->buildRequestMsg();
$retIR = $nidmanagement->initRequest($remoteID, $newNameID, $method);
$retBRM = $nidmanagement->buildRequestMsg();
if ($retIR || $retBRM) {
lassospkit_errlog("initiateNIDManagement: retIR: $retIR retBRM: $retBRM");
}
switch ($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->keepProfile($nidmanagement);
$this->finishRedirectRequest($nidmanagement, $ret, $ok);
$this->finishRedirectRequest($nidmanagement);
break;
case LASSO_HTTP_METHOD_SOAP:
$this->finishSOAPRequest($nidmanagement, $ret, $ok, $response);
$ok = $ok && $this->processResponseNameIdManagement($response, $nidmanagement);
$this->finishSOAPRequest($nidmanagement, $response);
$this->processResponseNameIdManagement($response, $nidmanagement);
break;
case LASSO_HTTP_METHOD_ARTIFACT_GET:
case LASSO_HTTP_METHOD_ARTIFACT_POST:
@ -70,38 +83,20 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
default:
LassoSPKitHelper::notImplemented();
}
if (! $ok) {
lassospkit_debuglog("NID failed Ret: $ret Exp: " . $this->exception);
$this->status = gettext('La défédération a échoué');
}
return $ok;
}
function processRedirectResponseNameIdManagement() {
$ret = 0;
$nidmanagement = null;
$ok = $this->processResponseNameIdManagement($_SERVER['QUERY_STRING'], $nidmanagement);
return $ok;
$this->processResponseNameIdManagement($_SERVER['QUERY_STRING'], $nidmanagement);
}
/** Response **/
public function processResponseNameIdManagement($message, &$nidmanagement)
{
$ret = 0;
$ok = 1;
lassospkit_debuglog("NameIdManagement SP initiated Response");
if ($nidmanagement == null) {
$ok = $ok && $nidmanagement = LassoNameIdManagement::newFromDump($this->server, $this->restoreProfile());
if ($ok) {
$this->findFederation($nidmanagement);
}
$nidmanagement = LassoNameIdManagement::newFromDump($this->server, $this->restoreProfile());
$this->findFederation($nidmanagement);
}
$ok = $ok && ! $ret = $nidmanagement->processResponseMsg($message);
if ($ok || $ret > 0) {
$this->changeFederation($nidmanagement);
}
if ($ret != 0) {
$this->setRet($ret);
}
return $ok;
$retPRM = $nidmanagement->processResponseMsg($message);
$this->changeFederation($nidmanagement);
}
/** Name Id Management request IdP iniated */
public function processRedirectRequestNameIdManagement() {
@ -115,38 +110,22 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
}
public function processRequestNameIdManagement($method, $message)
{
lassospkit_debuglog("NameIdManagement request handling");
$ret = 0;
$ok = 1;
$ok = $ok && $nidmanagement = new LassoNameIdManagement($this->server);
if (! $ok) {
lassospkit_debuglog("Cannot build nameidManagement profile");
return;
$nidmanagement = new LassoNameIdManagement($this->server);
$retPRM = $nidmanagement->processRequestMsg($message);
$this->findFederation($nidmanagement);
$retVR = $nidmanagement->validateRequest();
if ($retPRM || $retVR) {
lassospkit_errlog("initiateNIDManagement: retPRM: $retPRM retVR: $retVR");
}
lassospkit_debuglog("NID Request init ok: $ok ret: $ret " . strError($ret));
$ok = $ok && ! $ret = $nidmanagement->processRequestMsg($message);
lassospkit_debuglog("NID Request processRequestMsg ok: $ok ret: $ret " . strError($ret));
if ($ok) {
$this->findFederation($nidmanagement);
}
$ok = $ok && ! $ret = $nidmanagement->validateRequest();
lassospkit_debuglog("NID Request validateRequest ok: $ok ret: $ret " . strError($ret));
lassospkit_debuglog("NID request type: " . var_export($nidmanagement, 1));
// if ($ok) {
// $newid = null;
// if (isset($nidmanagement->request) && isset($nidmanagement->request->NewID)) {
// $newid = $nidmanagement->request->NewID;
// }
//// LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $newid);
// }
lassospkit_debuglog("NID request just before finishResponse");
$this->finishResponse($nidmanagement, $method, $ret, $ok);
if (! $ok) {
$this->status = gettext('La requête de défédération a échoué');
}
return $ok;
$this->changeFederation($nidmanagement);
$this->finishResponse($nidmanagement, $method);
}
/** Change federation with respect to nidmanagement request content.
If a response is present
*/
function changeFederation(LassoNameIdManagement $nidmanagement) {
LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $nidmanagement->request->NewID);
LassoSPKitHelper::changeFederation($nidmanagement,
$this->session,
$nidmanagement->request->NewID);
}
}

260
include/lassospkit_saml_common.inc.php
View File

@ -60,7 +60,7 @@ class LassoSPKitSAMLCommon {
&& ! $ret = $server->addProvider(LASSO_PROVIDER_ROLE_IDP
,$idpmeta,null, null);
if (! $ok) {
lassospkit_debuglog("Erreur création serveur: Ret=$ret Msg=" . strError($ret));
#lassospkit_debuglog("Erreur création serveur: Ret=$ret Msg=" . strError($ret));
return 0;
} else {
$this->server = $server;
@ -69,7 +69,7 @@ class LassoSPKitSAMLCommon {
}
public static function checkFile($file) {
if (! file_exists($file)) {
lassospkit_debuglog("File " . $file . " is absent, can't construct server object");
#lassospkit_debuglog("File " . $file . " is absent, can't construct server object");
return 0;
}
return 1;
@ -84,18 +84,13 @@ class LassoSPKitSAMLCommon {
}
/** Return a normal HTTP response, for SOAP Response binding */
public function doResponse(LassoProfile $profile) {
lassospkit_debuglog("doResponse for profile");
lassospkit_debuglog("with content " . $profile->msgBody);
$this->session->doResponse('text/xml', $profile->msgBody);
}
/** Read a soap message from stdin */
public function receiveSOAPMessage() {
lassospkit_debuglog("Receiving a SOAP message");
$contents = @file_get_contents("php://input");
if ($contents === FALSE) {
lassospkit_debuglog("Problem Receiving a SOAP message2");
} else {
lassospkit_debuglog("Received a SOAP message");
lassospkit_errlog("Problem Receiving a SOAP message2");
}
return $contents;
}
@ -104,37 +99,45 @@ class LassoSPKitSAMLCommon {
This method makes a soap call to resolve the artifact, it is synchronous
so can potentially take times.
*/
public function artifactResolve(LassoProfile $profile, $query, $method, &$ok, &$ret) {
$ok = $ok && ! $ret = $profile->initRequest($query, $method);
$ok = $ok && ! $ret = $profile->buildRequestMsg();
$ok = $ok && $content = LassoSPKitHelper::SoapCallWithProfile($profile);
$ok = $ok && ! $ret = $profile->processResponseMsg($content);
if (! $ok) {
$this->setRet($ret);
public function artifactResolve(LassoProfile $profile, $query, $method) {
$retIR = $profile->initRequest($query, $method);
$retBRM = $profile->buildRequestMsg();
$content = @LassoSPKitHelper::SoapCallWithProfile($profile);
if ($content === FALSE) {
lassospkit_errlog("artifactResolve: soapCall result empty");
$content = "";
}
return $ok;
$retPRM = $profile->processResponseMsg($content);
if ($retIR || $retBRM || $retPRM) {
lassospkit_errlog("artifactResolve: retIR: $retIR retBRM: $retBRM retPRM: $retPRM");
if ($retIR) {
return $retIR;
}
if ($retBRM) {
return $retBRM;
}
if ($retPRM) {
return $retPRM;
}
}
return 0;
}
/** Finish a request with a redirect transport */
public function finishRedirectRequest(LassoProfile $profile, &$ret, &$ok) {
if ($ok) {
$this->doRedirect($profile);
}
public function finishRedirectRequest(LassoProfile $profile) {
$this->doRedirect($profile);
}
/** Finish a request with a SOAP transport */
public function finishSOAPRequest(LassoProfile $profile, &$ret, &$ok, &$response) {
if ($ok) {
public function finishSOAPRequest(LassoProfile $profile, &$response) {
$response = LassoSPKitHelper::SoapCallWithProfile($profile);
}
}
public function finishResponse(LassoProfile $profile, $method, &$ret, &$ok) {
public function finishResponse(LassoProfile $profile, $method) {
$ret = $profile->buildResponseMsg();
switch ($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->doRedirect($profile);
break;
case LASSO_HTTP_METHOD_SOAP:
lassospkit_debuglog("Finishing response with method SOAP");
$this->doResponse($profile);
break;
default:
@ -150,173 +153,124 @@ class LassoSPKitSAMLCommon {
Calls ssoNameIdPolicyConfig on the session object to initialize.
*/
public function ssoCommon(&$login,
$remoteID,
$method,
$isConsentObtained,
$forceAuthn,
$isPassive,
$blob) {
lassospkit_debuglog("SSO request initiated RID: $remoteID Meth: $method Consent: $isConsentObtained ForceAuthn: $forceAuthn Passive: $isPassive " . var_export($blob,1) );
$ok = 1 && $login = new LassoLogin($this->server);
$this->findFederation($login);
$ok = $ok && ! $ret = $login->initAuthnRequest($remoteID,$method);
$ok = $ok && $request = $login->request;
$ok = $ok && $nameidpolicy = $request->NameIDPolicy;
if ($ok) {
$remoteID,
$method,
$isConsentObtained,
$forceAuthn,
$isPassive,
$blob) {
$login = new LassoLogin($this->server);
$retFF = $this->findFederation($login);
$retIAR = $login->initAuthnRequest($remoteID,$method);
$request = @$login->request;
$nameidpolicy = @$request->NameIDPolicy;
if ($nameidpolicy) {
$this->ssoNameIdPolicyConfig($login, $blob);
$request->consent = $isConsentObtained;
$request->ForceAuthn = $forceAuthn;
$request->IsPassive = $isPassive;
}
$ok = $ok && ! $ret = $login->buildAuthnRequestMsg();
if (! $ok) {
lassospkit_debuglog("SSO request failed ErrCode: $ret");
$this->setStatus("Erreur durant l'authentification");
$this->setRet($ret);
} else {
switch($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->doRedirect($login);
break;
default:
LassoSPKitHelper::notImplemented();
}
throw new Exception("SSO: Pas d'object NameIDPolicy");
}
$retBAR = $login->buildAuthnRequestMsg();
switch($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->doRedirect($login);
break;
default:
LassoSPKitHelper::notImplemented();
}
return $ok;
}
/** Method to consume response to auth requests. */
function ssoConsumer($method, $message) {
$ret = 0;
lassospkit_debuglog("Consuming SSO assertion");
$ok = 1 && $login = new LassoLogin($this->server);
$login = new LassoLogin($this->server);
$retPRM = 0;
$retAR = 0;
switch ($method) {
case LASSO_HTTP_METHOD_ARTIFACT_GET:
case LASSO_HTTP_METHOD_ARTIFACT_POST:
$ok = $ok && $this->artifactResolve($login,
$retAR = $this->artifactResolve($login,
$message,
$method, $ok, $ret);
$method);
break;
case LASSO_HTTP_METHOD_POST:
$ok = $ok && ! $ret = $this->processResponseMsg($message);
$retPRM = $this->processResponseMsg($message);
break;
}
if ($ok) {
try {
$this->findFederation($login);
} catch (LassoProfileFederationNotFoundError $error) {
} catch (LassoProfileNameIdentifierNotFoundError $error) {
$ok = 0;
$ret = LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND;
if ($retAR == LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND
|| $retPRM == LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND) {
$this->setMessage("Federation not found");
}
if ($retAR == LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS ||
$retPRM == LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS) {
$this->setMessage("Request denied");
}
if ($retAR || $retPRM) {
lassospkit_errlog("ssoConsumer, retAR: $retAR retPRM: $retPRM");
} else {
$retFF = $this->findFederation($login);
$retASSO = $login->acceptSso();
if ($retASSO) {
lassospkit_errlog("ssoConsumer, retASSO: $retASSO retFF: $retFF");
}
}
$ok = $ok && ! $ret = $login->acceptSso();
if ($login->response->assertion) {
$attributes = LassoSPKitHelper::assertionExtractAttributes($login->response->assertion[0]);
$this->session->setAssertionAttributes($attributes);
}
if ($ok) {
$this->saveFederation($login);
}
if (! $ok) {
$this->setStatus("Le SSO a échoué");
$this->setRet($ret);
}
return $ok;
$this->saveFederation($login);
}
/** Web SLO methods */
/* SP initiated */
public function initiateSLO($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null)
{
$ret = 0;
lassospkit_debuglog("SLO SP initiated request");
$ok = 1 && $logout = new LassoLogout($this->server);
$logout = new LassoLogout($this->server);
$this->findFederation($logout);
$ok = $ok && ! $ret = $logout->initRequest($remoteID, $method);
$ok = $ok && ! $ret = $logout->buildRequestMsg();
if ($ok) {
switch ($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->finishRedirectRequest($logout, $ret, $ok);
break;
case LASSO_HTTP_METHOD_SOAP:
$this->finishSOAPRequest($logout, $ret, $ok, $response);
$ok = $ok && $this->processResponseSLO($logout, $response);
break;
case LASSO_HTTP_METHOD_ARTIFACT_GET:
case LASSO_HTTP_METHOD_ARTIFACT_POST:
case LASSO_HTTP_METHOD_POST:
default:
LassoSPKitHelper::notImplemented();
}
$retIR = $logout->initRequest($remoteID, $method);
$retBRM = $logout->buildRequestMsg();
switch ($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->finishRedirectRequest($logout);
break;
case LASSO_HTTP_METHOD_SOAP:
$this->finishSOAPRequest($logout, $response);
$this->processResponseSLO($logout, $response);
break;
case LASSO_HTTP_METHOD_ARTIFACT_GET:
case LASSO_HTTP_METHOD_ARTIFACT_POST:
case LASSO_HTTP_METHOD_POST:
default:
LassoSPKitHelper::notImplemented();
}
if (! $ok) {
lassospkit_debuglog("SLO SP initiated request failed ErrCode: $ret");
$this->setStatus("Le SSO a échoué");
$this->setRet($ret);
}
return $ok;
}
public function processRedirectResponseSLO() {
$ret = 0;
$logout = null;
$ok = $this->processResponseSLO($logout, $_SERVER['QUERY_STRING']);
if (! $ok) {
lassospkit_debuglog("SLO SP initiated response failed ErrCode: $ret");
$this->setStatus("Le SLO a échoué");
$this->setRet($ret);
}
return $ok;
$this->processResponseSLO($logout, $_SERVER['QUERY_STRING']);
}
public function processResponseSLO(&$logout, $message) {
$ret = 0;
$ok = 1;
lassospkit_debuglog("SLO SP initiated Response");
if (! $logout) {
$ok = $ok && $logout = new LassoLogout($this->server);
$logout = new LassoLogout($this->server);
$this->findFederation($logout);
}
$ok = $ok && ! $ret = $logout->processResponseMsg($message);
$prefix = "";
switch ($ret) {
$retPRM = $logout->processResponseMsg($message);
switch ($retPRM) {
case 0:
break;
default:
case LASSO_DS_ERROR_INVALID_SIGNATURE:
lassospkit_debuglog("Logout warn: invalid signature");
$prefix = "Warning: ";
$ok = 1;
break;
case LASSO_LOGOUT_ERROR_REQUEST_DENIED:
lassospkit_debuglog("Logout warn: request denied");
$prefix = "Warning: ";
$ok = 1;
$this->setMessage("Logout request denied by IdP");
break;
case LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL:
lassospkit_debuglog("Unknown principal on logout, probably session stopped already on IdP");
$prefix = "Warning: ";
$ok = 1;
$this->setMessage("IdP said 'unknown principal'");
break;
case LASSO_PROFILE_ERROR_INVALID_QUERY:
lassospkit_debuglog("Invalid response");
$prefix = "Error: ";
$ok = 0;
break;
default:
lassospkit_debuglog("SLO Response ErrCode: $ret");
$prefix = "Error: ";
$ok = 0;
$this->setMessage("IdP said 'logout request is invalid'");
break;
}
if ($ok == 1) {
$this->saveFederation($logout);
$this->session->logout();
}
if ($ret != 0) {
$this->setRet($ret, $prefix);
lassospkit_debuglog("SLO Res Code: $ret");
}
return $ok;
$this->saveFederation($logout);
$this->session->logout();
}
/** IDP initiated SLO **/
public function processRedirectRequestSLO() {
@ -329,29 +283,20 @@ class LassoSPKitSAMLCommon {
$contents);
}
public function processRequestSLO($method, $message) {
$ret = 0;
$ok = 1 && $logout = new LassoLogout($this->server);
if (! $ok) {
lassospkit_errlog("processRequestSLO: Cannot build logout profile");
return;
}
$logout = new LassoLogout($this->server);
$retPRM = $logout->processRequestMsg($message);
if ($ret != 0) {
lassospkit_warnlog("processResquestSLO: processRequestMsg returned non-0: " . strError($ret) . "($ret)");
}
$this->findFederation($logout);
$retVR = $logout->validateRequest();
$retBR = $this->finishResponse($logout, $logout->http_request_method, $ret, $ok);
// if ($retBR != 0) {
$retBR = $this->finishResponse($logout, $logout->http_request_method);
$this->session->logout();
// }
lassospkit_infolog("Logout request handled for nameId: " . $logout->nameID . " retPRM: $retPRM retVR: $retVR retBR: $retBR");
return $ok;
}
public function saveFederation(LassoProfile $profile) {
LassoSPKitHelper::saveFederation($profile, $this->session);
}
public function findFederation(LassoProfile $profile) {
LassoSPKitHelper::findFederation($profile, $this->session);
return LassoSPKitHelper::findFederation($profile, $this->session);
}
/** Federation termination **/
public function initiateFTNotification($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null) {
@ -384,4 +329,7 @@ class LassoSPKitSAMLCommon {
LassoSPKitUtilsSession::setFederation(serialize($fed));
return $profile;
}
function setMessage($message) {
LassoSPKitUtilsSession::setLastError($message);
}
}

46
include/lassospkit_session_file.inc.php Normal file
View File

@ -0,0 +1,46 @@
<?php
require_once('lassospkit_datadir.inc.php');
require_once('lassospkit_debug.inc.php');
class LassoSPKitSessionFile {
function retrieve($session, $timeout) {
$LassoSPKitSessionFile_cookiename = 'lassospkit_file_' . LassoSPKitConfig::get('cookiename');
$content = null;
if (isset($_COOKIE[$LassoSPKitSessionFile_cookiename])) {
$session->id = $_COOKIE[$LassoSPKitSessionFile_cookiename];
$valid = ereg("^[[:alnum:]]+$",$session->id);
if ($valid) {
$filepath = lassospkit_datadir() . "/cookie_session_" . $session->id;
if (file_exists($filepath) && time()-filemtime($filepath) < $timeout) {
$content = @file_get_contents($filepath);
if ($content === FALSE) {
lassospkit_errlog("cannot read $filepath");
}
} else {
self::delete($session);
}
}
}
if (! $content) {
$session->id = md5("lasso" . rand());
setcookie($LassoSPKitSessionFile_cookiename, $session->id, time()+3600, '/');
}
return $content;
}
function store($session, $content) {
if ($session->id) {
$ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $session->id, $content);
if ($ret === FALSE) {
lassospkit_errlog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $session->id);
}
}
}
function delete($session) {
$filepath = lassospkit_datadir() . "/cookie_session_" . $session->id;
@unlink($filepath);
}
}

48
include/lassospkit_session_memcache.inc.php Normal file
View File

@ -0,0 +1,48 @@
<?php
require_once('lassospkit_datadir.inc.php');
require_once('lassospkit_debug.inc.php');
require_once('lassospkit_memcache.inc.php');
class LassoSPKitSessionMemCache {
function getkey($session) {
return $session->id . "_cookie_session";
}
function retrieve($session, $timeout) {
$LassoSPKitSessionMemCache_cookiename = 'lassospkit_memcache_' . LassoSPKitConfig::get('cookiename');
#lassospkit_debuglog("Retrieving $LassoSPKitSessionMemCache_cookiename : " . var_export($_COOKIE, 1));
$content = null;
if (isset($_COOKIE[$LassoSPKitSessionMemCache_cookiename])) {
$session->id = $_COOKIE[$LassoSPKitSessionMemCache_cookiename];
#lassospkit_debuglog("Retrieving " . $session->id);
$valid = ereg("^[[:alnum:]]+$",$session->id);
if ($valid) {
$memcache_key = self::getkey($session);
$content = LassoSPKitMemCache::get($memcache_key);
}
if (! $content) {
self::delete($session);
}
}
if (! $content) {
$session->id = md5("lasso" . rand());
setcookie($LassoSPKitSessionMemCache_cookiename, $session->id, time()+3600, '/');
}
return $content;
}
function store($session, $content) {
if ($session->id) {
$memcache_key = self::getkey($session);
$ret = LassoSPKitMemCache::set($memcache_key, $content, LassoSPKitUtilsSession::$timeout);
if ($ret === FALSE) {
lassospkit_errlog("cannot write into Memcache for key cookie_session_" . $session->id);
}
}
}
function delete($session) {
$memcache_key = self::getkey($session);
LassoSPKitMemCache::delete($memcache_key);
}
}

34
include/lassospkit_session_php.inc.php Normal file
View File

@ -0,0 +1,34 @@
<?php
require_once('lassospkit_datadir.inc.php');
require_once('lassospkit_debug.inc.php');
$LassoSPKitSessionFile_key = "__LassoSPKitSessionObject";
class LassoSPKitSessionPHP {
function retrieve($session, $timeout) {
global $LassoSPKitSessionPHP_key;
$content = null;
if (! isset($_SESSION)) {
throw new Exception("LassoSPKit cannot work without PHP sessions if use_session is TRUE.");
}
if (isset($_SESSION[$LassoSPKitSessionFile_key])) {
$content = $_SESSION[$LassoSPKitSessionFile_key];
if (! isset($_SESSION[$LassoSPKitSessionFile_key . '_time']) ||
$_SESSION[$LassoSPKitSessionFile_key . '_time'] - time() > $timeout) {
$content = null;
self::delete($session);
}
}
return $content;
}
function store($session, $content) {
global $LassoSPKitSessionPHP_key;
$_SESSION[$LassoSPKitSessionFile_key] = $content;
$_SESSION[$LassoSPKitSessionFile_key . '_time'] = time();
}
function delete($session) {
unset($_SESSION[$LassoSPKitSessionFile_key]);
unset($_SESSION[$LassoSPKitSessionFile_key . '_time']);
}
}

43
include/lassospkit_utils.inc.php
View File

@ -2,13 +2,13 @@
require_once('lassospkit_defines.inc.php');
class LassoSPKitUtils {
static public function myself() {
function myself() {
return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
}
static public function mydir() {
function mydir() {
return 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
}
static public function relativePathToURL($rel) {
function relativePathToURL($rel) {
$abs = "";
if (isset($_SERVER['HTTPS'])) {
$abs = "https://";
@ -20,7 +20,7 @@ class LassoSPKitUtils {
$abs = $abs . $rel;
return $abs;
}
static function checkCanWrite($dir, &$error) {
function checkCanWrite($dir, &$error) {
$path = $dir . "/" . _CHECK_FILENAME;
$ok = ! file_exists($path) || unlink($path);
$ok = $ok && $file = fopen($path,"w");
@ -31,25 +31,25 @@ class LassoSPKitUtils {
}
return $ok;
}
static function generatePrivateKey($file,&$error) {
function generatePrivateKey($file,&$error) {
if (! is_file(OPENSSL_BIN)) {
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
return 0;
}
exec('/usr/bin/openssl genrsa -out ' . $file . ' 2048', $foo, $ret);
exec('/usr/bin/openssl genrsa -out ' . $file . ' 2048 2>/dev/null', $foo, $ret);
if ($ret != 0) {
$error = "SSL Generate: OpenSSL returned non-0 while computing the private key, check your ssl installation.";
return 0;
}
return 1;
}
public static function extractPublicKey($file,&$public,&$error) {
function extractPublicKey($file,&$public,&$error) {
if (! is_file(OPENSSL_BIN)) {
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
return 0;
}
$tempfname = tempnam(TEMPDIR, "lassospkit-public-key");
$cmdline = '/usr/bin/openssl rsa -in ' . $file . ' -pubout -out ' . $tempfname;
$cmdline = '/usr/bin/openssl rsa -in ' . $file . ' -pubout -out ' . $tempfname . ' 2>/dev/null';
exec($cmdline, $foo, $ret);
if ($ret != 0) {
$error = "SSL Generate: OpenSSL return non-0 while extracting the public key from the private key file, check your ssl installation. $cmdline";
@ -62,4 +62,31 @@ class LassoSPKitUtils {
@unlink($tempfname);
return 1;
}
function extract_options($template, $source) {
$ret = array();
if (! is_array($source)) {
return $ret;
}
foreach ($template as $key => $type) {
if (isset($source[$key])) {
$value = $source[$key];
$ok = FALSE;
switch ($type) {
case 'b':
$ok = is_bool($value);
break;
case 's':
$ok = is_string($value);
break;
case 'i':
$ok = is_int($value);
break;
}
if ($ok) {
$ret[$key] = $value;
}
}
}
return $ret;
}
}

97
include/lassospkit_utils_session.inc.php
View File

@ -1,7 +1,10 @@
<?php
require_once("lassospkit_config.inc.php");
require_once("lassospkit_datadir.inc.php");
require_once("lassospkit_session_file.inc.php");
require_once("lassospkit_session_php.inc.php");
require_once("lassospkit_session_memcache.inc.php");
require_once("lassospkit_debug.inc.php");
/** This object encapsulate the communication between the frontend and the
backend of the LassoSPkit.
@ -13,19 +16,21 @@ require_once("lassospkit_datadir.inc.php");
*/
LassoSPKitUtilsSession::$cookiename = LassoSPKitConfig::get('cookiename');
if (LassoSPKitUtilsSession::$use_session) {
LassoSPKitUtilsSession::$session_storage_class = LassoSPKitConfig::get('session_storage_class');
LassoSPKitUtilsSession::$storage = new LassoSPKitUtilsSession::$session_storage_class();
if (LassoSPKitUtilsSession::$use_session && ! isset($_SESSION)) {
session_start();
} else {
LassoSPKitUtilsSession::getSingleton();
}
class LassoSPKitUtilsSession {
private static $key = "__LassoSPKitSessionObject";
static $key = "__LassoSPKitSessionObject";
public static $cookiename;
private static $THIS;
private $vars;
static $THIS;
var $vars;
/** If we getted the last error, clear it. */
private $clears = array();
var $clears = array();
/** The supported keys */
static $keys = array(
'NameID'=>0,
@ -42,7 +47,8 @@ class LassoSPKitUtilsSession {
'loginParams'=>0,
'federateParams'=>0,
'sloParams'=>0,
'defederationParams'=>0);
'defederationParams'=>0,
'LogoutMethod'=>0);
/** The keys that must not survive one communication (one set followed by one get). */
static $keysToClearAfterGet = array(
'LastError'=>0,
@ -58,39 +64,20 @@ class LassoSPKitUtilsSession {
'sloParams'=>0,
'defederationParams'=>0);
public static $use_session = 0;
static private $timeout = 3600;
private $id = null;
static $session_storage_class;
static $storage;
static $timeout = 3600;
var $id = null;
private function __construct() {
function __construct() {
$content = null;
if (self::$use_session) {
if (! isset($_SESSION)) {
throw new Exception("LassoSPKit cannot work without sessions.");
}
if (isset($_SESSION[self::$key])) {
$content = $_SESSION[self::$key];
}
} else {
if (isset($_COOKIE[self::$cookiename])) {
$this->id = $_COOKIE[self::$cookiename];
$valid = ereg("^[[:alnum:]]+$",$this->id);
if ($valid) {
$filepath = lassospkit_datadir() . "/cookie_session_" . $this->id;
if (file_exists($filepath) && time()-filemtime($filepath) < self::$timeout) {
$content = @file_get_contents($filepath);
if ($content === FALSE) {
lassospkit_debuglog("cannot read $filepath");
}
} else {
$this->delete();
}
}
}
if (! $content) {
$this->id = md5("lasso" . rand());
setcookie(self::$cookiename, $this->id, time()+3600, '/');
}
}
# if (self::$use_session) {
# $content = LassoSPKitSessionPHP::retrieve($this, self::$timeout);
# } else {
# $content = LassoSPKitSessionFile::retrieve($this, self::$timeout);
# }
$content = self::$storage->retrieve($this, self::$timeout);
#lassospkit_debuglog("Session construct $content");
if ($content) {
$t = @unserialize($content);
if ($t && is_array($t)) {
@ -111,16 +98,13 @@ class LassoSPKitUtilsSession {
unset($this->vars[$k]);
}
$content = serialize($this->vars);
if (self::$use_session) {
$_SESSION[self::$key] = $content;
} else {
if ($this->id) {
$ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $this->id, $content);
if ($ret === FALSE) {
lassospkit_debuglog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $this->id);
}
}
}
self::$storage->store($this, $content);
#lassospkit_debuglog("Session store $content");
# if (self::$use_session) {
# LassoSPKitSessionPHP::store($this, $content);
# } else {
# LassoSPKitSessionFile::store($this, $content);
# }
}
/** Get the singleton object to communicate
@ -171,8 +155,13 @@ class LassoSPKitUtilsSession {
/* Helper static functions */
function delete() {
$filepath = lassospkit_datadir() . "/cookie_session_" . $this->id;
@unlink($filepath);
# if (self::$use_session) {
# LassoSPKitSessionPHP::delete($this);
# } else {
# LassoSPKitSessionFile::delete($this);
# }
self::$storage->delete($this);
}
/** Clear the session object of all communication
from the LassoSPKit. */
@ -184,6 +173,14 @@ class LassoSPKitUtilsSession {
$athis = self::getSingleton();
$athis->clear();
}
static function setLogoutMethod($logoutMethod) {
$athis = self::getSingleton();
$athis->set('LogoutMethod',$logoutMethod);
}
static function getLogoutMethod() {
$athis = self::getSingleton();
return $athis->get('LogoutMethod');
}
/** Set the NameID to transmit. */
static function setNameID($NameID) {
$athis = self::getSingleton();