VCL-1087 - VCL CAS SSO mostly whitespace changes
casauth/index.php: modified 2 long lines concatenating strings to span to multiple lines authmethods/casauth.php: modified checkCASUserInDatabase: wrapped WHERE conditional for query utils.php: -removed vclAutoLoader function -modified existing __autoload function to first check for passed in class being in $actions['classmapping'] to include a file, else check for a file of the same name as the lower cased class name and include it if there, then also check for the parent class being Resource, and if so, include resource.php -after __autoload is defined, check for existance of spl_autoload_register function, if it exists, use it to register __autoload in case something else has already used it to ensure our __autoload function is registered. Kept the name for the __autoload class for php versions before spl_autoload_register was added -reworked getCryptKeyID function to dynamicly determine location of the utils.php file, then determine location of cryptkeyid file based on that so that the function can be called from various index.php files and still find the right location without having to have lots of regex's for each possible location conf-default.php: changed commenting out of CAS example to just use a starting slash star and ending star slash authentication.php: only whitespace changes Project: http://git-wip-us.apache.org/repos/asf/vcl/repo Commit: http://git-wip-us.apache.org/repos/asf/vcl/commit/111ee528 Tree: http://git-wip-us.apache.org/repos/asf/vcl/tree/111ee528 Diff: http://git-wip-us.apache.org/repos/asf/vcl/diff/111ee528 Branch: refs/heads/VCL-1087_VCL_CAS_SSO Commit: 111ee5287298250f1770e31e09c3073e8112d8fc Parents: 075c2c4 Author: Josh Thompson <[email protected]> Authored: Mon May 7 14:27:41 2018 -0400 Committer: Josh Thompson <[email protected]> Committed: Mon May 7 14:27:41 2018 -0400 ---------------------------------------------------------------------- web/.ht-inc/authentication.php | 38 +++--- web/.ht-inc/authmethods/casauth.php | 219 +++++++++++++++--------------- web/.ht-inc/conf-default.php | 23 ++-- web/.ht-inc/utils.php | 221 ++++++++++++------------------ web/casauth/index.php | 226 ++++++++++++++++--------------- 5 files changed, 341 insertions(+), 386 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/authentication.php ---------------------------------------------------------------------- diff --git a/web/.ht-inc/authentication.php b/web/.ht-inc/authentication.php index b28e175..55b42bc 100644 --- a/web/.ht-inc/authentication.php +++ b/web/.ht-inc/authentication.php @@ -75,19 +75,19 @@ function readAuthCookie() { else $cookie = $_COOKIE["VCLAUTH"]; $cookie = base64_decode($cookie); - if(! openssl_public_decrypt($cookie, $tmp, $keys['public'])) { - $AUTHERROR["code"] = 3; - $AUTHERROR["message"] = "Failed to decrypt auth cookie"; - return NULL; - } + if(! openssl_public_decrypt($cookie, $tmp, $keys['public'])) { + $AUTHERROR["code"] = 3; + $AUTHERROR["message"] = "Failed to decrypt auth cookie"; + return NULL; + } - $tmparr = explode('|', $tmp); + $tmparr = explode('|', $tmp); $loginid = $tmparr[0]; $remoteIP = $tmparr[1]; $ts = $tmparr[2]; if(count($tmparr) > 3) { $shibauthed = $tmparr[3]; - + # check to see if shibauth entry still exists for $shibauthed $query = "SELECT ts FROM shibauth WHERE id = $shibauthed"; $qh = doQuery($query, 101); @@ -105,19 +105,19 @@ function readAuthCookie() { } } - if($ts < time()) { - $AUTHERROR["code"] = 4; - $AUTHERROR["message"] = "Auth cookie has expired"; - return NULL; - } - if($_SERVER["REMOTE_ADDR"] != $remoteIP) { - //setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN); - $AUTHERROR["code"] = 4; - $AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP"; - return NULL; - } + if($ts < time()) { + $AUTHERROR["code"] = 4; + $AUTHERROR["message"] = "Auth cookie has expired"; + return NULL; + } + if($_SERVER["REMOTE_ADDR"] != $remoteIP) { + //setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN); + $AUTHERROR["code"] = 4; + $AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP"; + return NULL; + } - return $loginid; + return $loginid; } //////////////////////////////////////////////////////////////////////////////// http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/authmethods/casauth.php ---------------------------------------------------------------------- diff --git a/web/.ht-inc/authmethods/casauth.php b/web/.ht-inc/authmethods/casauth.php index 1acd599..2558185 100644 --- a/web/.ht-inc/authmethods/casauth.php +++ b/web/.ht-inc/authmethods/casauth.php @@ -6,9 +6,9 @@ The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,25 +39,25 @@ phpCAS::setVerbose(FALSE); /// //////////////////////////////////////////////////////////////////////////////// function validateCASUser($type) { - global $authMechs; - $auth = $authMechs[$type]; - $callbackURL = BASEURL . "/casauth/index.php?authtype=" . $type; - $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0); - - if ($auth['cacertpath'] != null) - if (file_exists($auth['cacertpath'])) - phpCAS::setCasServerCACert($auth['cacertpath']); - - phpCAS::client($casversion, $auth['host'], $auth['port'], $auth['context']); - - // Set the service URL to use custom casauth directly within the VCL website - phpCAS::setFixedServiceURL($callbackURL); - if ( $auth['validatecassslcerts'] != true ) - phpCAS::setNoCasServerValidation(); - - phpCAS::forceAuthentication(); - - # TODO - Check if server is available. + global $authMechs; + $auth = $authMechs[$type]; + $callbackURL = BASEURL . "/casauth/index.php?authtype=" . $type; + $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0); + + if($auth['cacertpath'] != null) + if(file_exists($auth['cacertpath'])) + phpCAS::setCasServerCACert($auth['cacertpath']); + + phpCAS::client($casversion, $auth['host'], $auth['port'], $auth['context']); + + // Set the service URL to use custom casauth directly within the VCL website + phpCAS::setFixedServiceURL($callbackURL); + if($auth['validatecassslcerts'] != true) + phpCAS::setNoCasServerValidation(); + + phpCAS::forceAuthentication(); + + # TODO - Check if server is available. } //////////////////////////////////////////////////////////////////////////////// @@ -73,17 +73,18 @@ function validateCASUser($type) { /// //////////////////////////////////////////////////////////////////////////////// function checkCASUserInDatabase($type, $userid) { - global $authMechs, $mysql_link_vcl; - $loweruserid = strtolower($userid); - $loweruserid = mysql_real_escape_string($loweruserid); - $query = "SELECT id " - . "FROM user " - . "WHERE unityid = '$userid' AND affiliationid = {$authMechs[$type]['affiliationid']}"; - $qh = doQuery($query, 101); - if ($row = mysql_fetch_assoc($qh)) { - return TRUE; - } - return FALSE; + global $authMechs, $mysql_link_vcl; + $loweruserid = strtolower($userid); + $loweruserid = mysql_real_escape_string($loweruserid); + $query = "SELECT id " + . "FROM user " + . "WHERE unityid = '$userid' AND " + . "affiliationid = {$authMechs[$type]['affiliationid']}"; + $qh = doQuery($query, 101); + if($row = mysql_fetch_assoc($qh)) { + return TRUE; + } + return FALSE; } //////////////////////////////////////////////////////////////////////////////// @@ -99,46 +100,46 @@ function checkCASUserInDatabase($type, $userid) { /// //////////////////////////////////////////////////////////////////////////////// function addCASUser($userinfo) { - global $authMechs, $mysql_link_vcl; - $now = unixToDatetime(time()); - - $query = "INSERT INTO user (unityid, affiliationid"; - if(array_key_exists('firstname', $userinfo)) - $query .= ", firstname"; - if(array_key_exists('lastname', $userinfo)) - $query .= ", lastname"; - if(array_key_exists('preferredname', $userinfo)) - $query .= ", preferredname"; - if(array_key_exists('email', $userinfo)) - $query .= ", email"; - $query .= ", lastupdated) VALUES ( '{$userinfo['unityid']}', {$userinfo['affiliationid']}"; - if(array_key_exists('firstname', $userinfo)) - $query .= ",'{$userinfo['firstname']}'"; - if(array_key_exists('lastname', $userinfo)) - $query .= ",'{$userinfo['lastname']}'"; - if(array_key_exists('preferredname', $userinfo)) - $query .= ",'{$userinfo['preferredname']}'"; - if(array_key_exists('email', $userinfo)) - $query .= ",'{$userinfo['email']}'"; - $query .= ",'{$now}')"; - - doQuery($query, 101, 'vcl', 1); - if(mysql_affected_rows($mysql_link_vcl)) { - $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101); - if(! $row = mysql_fetch_row($qh)) { - abort(101); - } - - // Add to default group - if ($userinfo['defaultgroup'] != null) { - $usergroups = array(); - array_push($usergroups, getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid'])); - updateGroups($usergroups, $row[0]); - } - - return $row[0]; - } - return NULL; + global $authMechs, $mysql_link_vcl; + $now = unixToDatetime(time()); + + $query = "INSERT INTO user (unityid, affiliationid"; + if(array_key_exists('firstname', $userinfo)) + $query .= ", firstname"; + if(array_key_exists('lastname', $userinfo)) + $query .= ", lastname"; + if(array_key_exists('preferredname', $userinfo)) + $query .= ", preferredname"; + if(array_key_exists('email', $userinfo)) + $query .= ", email"; + $query .= ", lastupdated) VALUES ( '{$userinfo['unityid']}', {$userinfo['affiliationid']}"; + if(array_key_exists('firstname', $userinfo)) + $query .= ",'{$userinfo['firstname']}'"; + if(array_key_exists('lastname', $userinfo)) + $query .= ",'{$userinfo['lastname']}'"; + if(array_key_exists('preferredname', $userinfo)) + $query .= ",'{$userinfo['preferredname']}'"; + if(array_key_exists('email', $userinfo)) + $query .= ",'{$userinfo['email']}'"; + $query .= ",'{$now}')"; + + doQuery($query, 101, 'vcl', 1); + if(mysql_affected_rows($mysql_link_vcl)) { + $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101); + if(! $row = mysql_fetch_row($qh)) { + abort(101); + } + + // Add to default group + if($userinfo['defaultgroup'] != null) { + $usergroups = array(); + array_push($usergroups, getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid'])); + updateGroups($usergroups, $row[0]); + } + + return $row[0]; + } + return NULL; } //////////////////////////////////////////////////////////////////////////////// @@ -154,41 +155,41 @@ function addCASUser($userinfo) { /// //////////////////////////////////////////////////////////////////////////////// function updateCASUser($userinfo) { - global $mysql_link_vcl; - $now = unixToDatetime(time()); - $esc_userid = mysql_real_escape_string($userinfo['unityid']); - $query = "UPDATE user SET unityid = '{$userinfo['unityid']}', lastupdated = '{$now}'"; - if(array_key_exists('firstname', $userinfo)) - $query .= ", firstname = '{$userinfo['firstname']}' "; - if(array_key_exists('lastname', $userinfo)) - $query .= ", lastname = '{$userinfo['lastname']}' "; - if(array_key_exists('preferredname', $userinfo)) - $query .= ", preferredname = '{$userinfo['preferredname']}' "; - if(array_key_exists('email', $userinfo)) - $query .= ", email = '{$userinfo['email']}' "; - $query .= "WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}"; - doQuery($query, 256, 'vcl', 1); - if (mysql_affected_rows($mysql_link_vcl) == -1) { - error_log(mysql_error($mysql_link_vcl)); - error_log($query); - return FALSE; - } - - // get id of current user - $query = "SELECT id FROM user WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}"; - $qh = doQuery($query, 255); - if ($user = mysql_fetch_assoc($qh)) { - // Add to default group - if ($userinfo['defaultgroup'] != null) { - $usergroups = array(); - $newgroupid = getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']); - array_push($usergroups, $newgroupid); - $usergroups = array_unique($usergroups); - if (! empty($usergroups)) - updateGroups($usergroups, $user["id"]); - } - } - - return TRUE; + global $mysql_link_vcl; + $now = unixToDatetime(time()); + $esc_userid = mysql_real_escape_string($userinfo['unityid']); + $query = "UPDATE user SET unityid = '{$userinfo['unityid']}', lastupdated = '{$now}'"; + if(array_key_exists('firstname', $userinfo)) + $query .= ", firstname = '{$userinfo['firstname']}' "; + if(array_key_exists('lastname', $userinfo)) + $query .= ", lastname = '{$userinfo['lastname']}' "; + if(array_key_exists('preferredname', $userinfo)) + $query .= ", preferredname = '{$userinfo['preferredname']}' "; + if(array_key_exists('email', $userinfo)) + $query .= ", email = '{$userinfo['email']}' "; + $query .= "WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}"; + doQuery($query, 256, 'vcl', 1); + if(mysql_affected_rows($mysql_link_vcl) == -1) { + error_log(mysql_error($mysql_link_vcl)); + error_log($query); + return FALSE; + } + + // get id of current user + $query = "SELECT id FROM user WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}"; + $qh = doQuery($query, 255); + if($user = mysql_fetch_assoc($qh)) { + // Add to default group + if($userinfo['defaultgroup'] != null) { + $usergroups = array(); + $newgroupid = getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']); + array_push($usergroups, $newgroupid); + $usergroups = array_unique($usergroups); + if(! empty($usergroups)) + updateGroups($usergroups, $user["id"]); + } + } + + return TRUE; } -?> \ No newline at end of file +?> http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/conf-default.php ---------------------------------------------------------------------- diff --git a/web/.ht-inc/conf-default.php b/web/.ht-inc/conf-default.php index 99e323e..b6ffda6 100644 --- a/web/.ht-inc/conf-default.php +++ b/web/.ht-inc/conf-default.php @@ -158,18 +158,17 @@ $authMechs = array( # for the user. Typically either 'cn', 'uid', or 'samaccountname' "help" => "Use EXAMPLE1 LDAP if you are using an EXAMPLE1 account"), # message to be displayed on login page about when # to use this login mechanism*/ - /*"CAS (Central Authentication Service)" => array("type" => "cas", - * "affiliationid" => 3, # id from affiliation id this login method is associated with - * "version" => 3, # this denotes the CAS protocol version used. currently supported values is 3. this value is maintained to track furture updates to the protocol - * "host" => "cas.example.edu", # the CAS server DNS name - * "port" => "8443", # the CAS Server port - * "context" => "/cas", # the CAS context - * "validatecassslcerts" => true, # validates the SSL certificates used by CAS server. strictly set to true for production (like) environments - * "cacertpath" => "/etc/cas/cachain.pem", # if using self signed certificates on the CAS server set this to the path where the CA chain is stored. Set to '' if using publicly trusted certificates - * "attributemap" => array("sn" => "lastname", "givenName" => "firstname", "cn" => "preferredname", "mail" => "email"), # a list of CAS user attributes mapped to VCL user attributes - * "defaultgroup" => "global", # the default group name (excluding the affiliation name) that each CAS user should be added. make sure this group is pre-created - * "help" => "Use CAS authentication to use your university CAS environment"), # message to be displayed on login page about when to use this login mechanism - */ + /*"CAS (Central Authentication Service)" => array("type" => "cas", + "affiliationid" => 3, # id from affiliation id this login method is associated with + "version" => 3, # this denotes the CAS protocol version used. currently supported values is 3. this value is maintained to track furture updates to the protocol + "host" => "cas.example.edu", # the CAS server DNS name + "port" => "8443", # the CAS Server port + "context" => "/cas", # the CAS context + "validatecassslcerts" => true, # validates the SSL certificates used by CAS server. strictly set to true for production (like) environments + "cacertpath" => "/etc/cas/cachain.pem", # if using self signed certificates on the CAS server set this to the path where the CA chain is stored. Set to '' if using publicly trusted certificates + "attributemap" => array("sn" => "lastname", "givenName" => "firstname", "cn" => "preferredname", "mail" => "email"), # a list of CAS user attributes mapped to VCL user attributes + "defaultgroup" => "global", # the default group name (excluding the affiliation name) that each CAS user should be added. make sure this group is pre-created + "help" => "Use CAS authentication to use your university CAS environment"), # message to be displayed on login page about when to use this login mechanism*/ ); $affilValFunc = array(); http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/utils.php ---------------------------------------------------------------------- diff --git a/web/.ht-inc/utils.php b/web/.ht-inc/utils.php index 596c811..8daa29f 100644 --- a/web/.ht-inc/utils.php +++ b/web/.ht-inc/utils.php @@ -352,13 +352,19 @@ function initGlobals() { //////////////////////////////////////////////////////////////////////////////// function __autoload($class) { global $actions; - $class = strtolower($class); - if(array_key_exists($class, $actions['classmapping'])) { - require_once(".ht-inc/{$actions['classmapping'][$class]}.php"); - return; + $_class = strtolower($class); + if(array_key_exists($_class, $actions['classmapping'])) { + require_once(".ht-inc/{$actions['classmapping'][$_class]}.php"); + } + elseif(file_exists(".ht-inc/{$_class}.php")) { + require_once(".ht-inc/{$_class}.php"); + if(get_parent_class($class) == 'Resource') + require_once(".ht-inc/resource.php"); } - require_once(".ht-inc/resource.php"); - require_once(".ht-inc/$class.php"); +} +// register autoload function in case CAS or something else has used spl_autoload_register +if(function_exists('spl_autoload_register')) { + spl_autoload_register('__autoload'); } //////////////////////////////////////////////////////////////////////////////// @@ -1483,7 +1489,7 @@ function getImages($includedeleted=0, $imageid=0) { . "u.affiliationid = a.id "; if(! $includedeleted) $query .= "AND i.deleted = 0 "; - $query .= "ORDER BY i.prettyname"; + $query .= "ORDER BY i.prettyname"; $qh = doQuery($query, 120); while($row = mysql_fetch_assoc($qh)) { if(is_null($row['maxconcurrent'])) @@ -1509,8 +1515,8 @@ function getImages($includedeleted=0, $imageid=0) { $imagelist[$includedeleted][$row["id"]]["subimages"] = array(); if($allmetadata[$metaid]["subimages"]) { $query2 = "SELECT imageid " - . "FROM subimages " - . "WHERE imagemetaid = $metaid"; + . "FROM subimages " + . "WHERE imagemetaid = $metaid"; $qh2 = doQuery($query2, 101); while($row2 = mysql_fetch_assoc($qh2)) $imagelist[$includedeleted][$row["id"]]["subimages"][] = $row2["imageid"]; @@ -2968,12 +2974,10 @@ function deleteSecretKeys($secretid) { /// //////////////////////////////////////////////////////////////////////////////// function getCryptKeyID() { - $reg = "|" . SCRIPT . "$|"; - $casauthreg = "|/casauth$|"; - $filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']); - $filebase = preg_replace($casauthreg, '', $filebase); - $filebase .= "/.ht-inc/cryptkey"; - $idfile = "$filebase/cryptkeyid"; + $me = new ReflectionFunction('getCryptKeyID'); + $myfile = $me->getFileName(); + $path = dirname($myfile); + $idfile = "$path/cryptkey/cryptkeyid"; static $create = 1; # set flag so that recursion only goes one level deep @@ -3967,12 +3971,12 @@ function processInputVar($vartag, $type, $defaultvalue=NULL, $stripwhitespace=0) ! is_array($_POST[$vartag]) && strncmp("{$_POST[$vartag]}", "0", 1) == 0 && $type == ARG_NUMERIC && - strncmp("{$_POST[$vartag]}", "0x0", 3) != 0) || + strncmp("{$_POST[$vartag]}", "0x0", 3) != 0) || (array_key_exists($vartag, $_GET) && ! is_array($_GET[$vartag]) && strncmp("{$_GET[$vartag]}", "0", 1) == 0 && $type == ARG_NUMERIC && - strncmp("{$_GET[$vartag]}", "0x0", 3) != 0)) { + strncmp("{$_GET[$vartag]}", "0x0", 3) != 0)) { $_POST[$vartag] = "zero"; } if(!empty($_POST[$vartag])) { @@ -4116,7 +4120,7 @@ function getContinuationVar($name=NULL, $defaultval=NULL) { function processInputData($data, $type, $addslashes=0, $defaultvalue=NULL) { if(strncmp("$data", "0", 1) == 0 && $type == ARG_NUMERIC && - strncmp("$data", "0x0", 3) != 0) { + strncmp("$data", "0x0", 3) != 0) { $data = "zero"; } if(!empty($data)) @@ -6383,7 +6387,7 @@ function moveReservationsOffComputer($compid=0, $count=0) { $checkstart = unixToDatetime(time() + 180); if($compid == 0) { $resources = getUserResources(array("imageAdmin", "imageCheckOut"), - array("available"), 0, 0); + array("available"), 0, 0); $computers = implode("','", array_keys($resources["computer"])); $computers = "'$computers'"; $query = "SELECT DISTINCT COUNT(rs.id) AS reservations, " @@ -7511,7 +7515,7 @@ function getManagementNodes($alive="neither", $includedeleted=0, $id=0) { } # Get items from variable table for specific management node id - foreach ($return as $mn_id => $value ) { + foreach($return as $mn_id => $value) { if(array_key_exists("hostname", $value)) { $mn_hostname = $value['hostname']; $timeservers = getVariable('timesource|'.$mn_hostname); @@ -8051,9 +8055,9 @@ function showTimeTable($links) { # or aren't mapped in resourcemap if($computer_platformids[$id] != $platformid || ($computerData[$id]["stateid"] != 2 && - $computerData[$id]["stateid"] != 3 && - $computerData[$id]["stateid"] != 6 && - $computerData[$id]["stateid"] != 8) || + $computerData[$id]["stateid"] != 3 && + $computerData[$id]["stateid"] != 6 && + $computerData[$id]["stateid"] != 8) || $computerData[$id]["ram"] < $imageData[$imageid]["minram"] || $computerData[$id]["procnumber"] < $imageData[$imageid]["minprocnumber"] || $computerData[$id]["procspeed"] < $imageData[$imageid]["minprocspeed"] || @@ -8166,7 +8170,7 @@ function showTimeTable($links) { continue; } if($links && ($computer_platformids[$id] != $platformid || - $computerData[$id]["stateid"] == 10 || + $computerData[$id]["stateid"] == 10 || $computerData[$id]["stateid"] == 5)) { continue; } @@ -8189,7 +8193,7 @@ function showTimeTable($links) { elseif($timeslots[$id][$stamp]['blockAllocation'] && ($timeslots[$id][$stamp]['blockInfo']['imageid'] != $imageid || # this line threw an error at one point, but we couldn't recreate it later (! in_array($timeslots[$id][$stamp]['blockInfo']['groupid'], array_keys($user['groups'])))) && - $timeslots[$id][$stamp]['available']) { + $timeslots[$id][$stamp]['available']) { if($links) { print " <TD bgcolor=\"#ff0000\"><img src=images/red.jpg "; print "alt=blockallocation border=0></TD>\n"; @@ -10818,7 +10822,7 @@ function addSublogEntry($logid, $imageid, $imagerevisionid, $computerid, . "imagerevisionid, " . "computerid, " . "managementnodeid, " - . "predictivemoduleid, "; + . "predictivemoduleid, "; if($fromblock) { $query .= "blockRequestid, " . "blockStart, " @@ -11359,7 +11363,7 @@ function getMappedSubConfigs($mode, $arg1, $arg2, $rec=0) { . "cm.affiliationid = a.id AND " . "(cm.affiliationid = {$user['affiliationid']} OR " . "a.name = 'Global') AND " - . "cm.configstageid = cs.id AND "; + . "cm.configstageid = cs.id AND "; if($mode) { $query .= "cmt.name = 'config' AND " . " cm.subid IN ($inlist)"; @@ -11563,7 +11567,7 @@ function getConfigClustersRec($subimageid, $flat, $rec=0) { . "configmaptype cmt, " . "configsubimage csi, " . "image i, " - . "OS o, " + . "OS o, " . "OStype ot, " . "affiliation a " . "WHERE ct.name = 'cluster' AND " @@ -12585,7 +12589,7 @@ function validateIPv4addr($ip) { /// /// \fn validateHostname($name) /// -/// \param $name the hostname to validate +/// \param $name - the hostname to validate /// /// \return 1 if valid hostname else 0 /// @@ -13021,12 +13025,12 @@ function json_encode($a=false) { if($a === true) return 'true'; if(is_scalar($a)) { - if (is_float($a)) { + if(is_float($a)) { // Always use "." for floats. return floatval(str_replace(",", ".", strval($a))); } - if (is_string($a)) { + if(is_string($a)) { static $jsonReplaces = array(array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"'), array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\"')); return '"' . str_replace($jsonReplaces[0], $jsonReplaces[1], $a) . '"'; } @@ -13034,15 +13038,15 @@ function json_encode($a=false) { return $a; } $isList = true; - for ($i = 0, reset($a); $i < count($a); $i++, next($a)) { - if (key($a) !== $i) { + for($i = 0, reset($a); $i < count($a); $i++, next($a)) { + if(key($a) !== $i) { $isList = false; break; } } $result = array(); - if ($isList) { - foreach ($a as $v) $result[] = json_encode($v); + if($isList) { + foreach($a as $v) $result[] = json_encode($v); return '[' . join(',', $result) . ']'; } else { @@ -13209,8 +13213,8 @@ function sendHeaders() { if(! array_key_exists('ownergroup', $data)) $data['ownergroup'] = processInputVar('ownergroup', ARG_NUMERIC, 0); $ownergroupids = explode(',', $data['ownergroupids']); - if(in_array($data['ownergroup'], $ownergroupids) && - array_key_exists($data['ownergroup'], $user['groups'])) { + if(in_array($data['ownergroup'], $ownergroupids) && + array_key_exists($data['ownergroup'], $user['groups'])) { $expire = time() + 31536000; //expire in 1 year setcookie("VCLOWNERGROUPID", $data['ownergroup'], $expire, "/", COOKIEDOMAIN); } @@ -13269,7 +13273,7 @@ function printHTMLHeader() { $HTMLheader .= getHeader($refresh); if(! in_array($mode, $noHTMLwrappers) && - (! is_array($contdata) || + (! is_array($contdata) || ! array_key_exists('noHTMLwrappers', $contdata) || $contdata['noHTMLwrappers'] == 0)) { print $HTMLheader; @@ -13542,7 +13546,7 @@ function getUsingVCL() { global $NOAUTH_HOMENAV; $rt = ''; foreach($NOAUTH_HOMENAV as $name => $url) - $rt .= "<li><a href=\"$url\">" . i($name) . "</a></li>\n"; + $rt .= "<li><a href=\"$url\">" . i($name) . "</a></li>\n"; return $rt; } @@ -14371,9 +14375,9 @@ function setVCLLocale() { # use UTF8 encoding for any locales other than English (we may just be able # to always use UTF8) if(preg_match('/^en/', $locale)) - setlocale(LC_ALL, $locale); + setlocale(LC_ALL, $locale); else - setlocale(LC_ALL, $locale . '.UTF8'); + setlocale(LC_ALL, $locale . '.UTF8'); bindtextdomain('vcl', './locale'); textdomain('vcl'); bind_textdomain_codeset('vcl', 'UTF-8'); @@ -14403,7 +14407,7 @@ function getSelectLanguagePulldown() { if(! is_array($user)) $user['id'] = 0; - $rt = "<form name=\"localeform\" class=\"localeform\" action=\"" . BASEURL . SCRIPT . "\" method=post>\n"; + $rt = "<form name=\"localeform\" class=\"localeform\" action=\"" . BASEURL . SCRIPT . "\" method=post>\n"; if($authed) { $rt .= "<select name=\"continuation\" onChange=\"this.form.submit();\" autocomplete=\"off\">\n"; $cdata = array('IP' => $remoteIP, 'oldmode' => $mode); @@ -14511,99 +14515,46 @@ function getFSlocales() { /// //////////////////////////////////////////////////////////////////////////////// function curlDoSSLWebRequest($url, $validatecert = TRUE) { - if (! function_exists ( 'curl_init' ) ) { - $message = "php cURL library is not configured."; - if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) { - print "<font color=red>" . $message . "</font><br>\n"; - } - error_log('php cURL library is not configured.'); - return; - } - - $ch = curl_init(); - - curl_setopt($ch, CURLOPT_HEADER, false); - curl_setopt($ch, CURLOPT_URL, $url) ; - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); - - if ($validatecert == TRUE) { - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - } - curl_setopt( $ch, CURLOPT_VERBOSE, true ); - - $response = curl_exec( $ch ); - - if( curl_errno( $ch ) ) { - $info = curl_getinfo( $ch ); - if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) { - print "<font color=red>" . curl_error( $ch ) . print_r( $info, TRUE ) . "</font><br>\n"; - } - print "ERROR(curl_errno( $ch )): " . $ERRORS[$info] . "<BR>\n"; - error_log("==========================================================================="); - error_log("ERROR(curl_errno( $ch )): " . $ERRORS[$info]); - $backtrace = getBacktraceString(FALSE); - print "<pre>\n"; - print $backtrace; - print "</pre>\n"; - error_log($backtrace); - } - curl_close( $ch ); - return $response; -} - -//////////////////////////////////////////////////////////////////////////////// -/// -/// \fn vclAutoLoader() -/// -/// \brief autoload function for VCL classes -/// -//////////////////////////////////////////////////////////////////////////////// -function vclAutoLoader($class) { - $siteconfigclasses = array( - 'TimeVariable' => '', - 'connectedUserCheck' => '', - 'acknowledge' => '', - 'initialconnecttimeout' => '', - 'reconnecttimeout' => '', - 'generalInuse' => '', - 'serverInuse' => '', - 'clusterInuse' => '', - 'generalEndNotice1' => '', - 'generalEndNotice2' => '', - 'AffilTextVariable' => '', - 'AffilHelpAddress' => '', - 'AffilWebAddress' => '', - 'AffilKMSserver' => '', - 'AffilTheme' => '', - 'AffilShibOnly' => '', - 'AffilShibName' => '', - 'GlobalSingleVariable' => '', - 'userPasswordLength' => '', - 'userPasswordSpecialChar' => '', - 'NATportRange' => '', - 'GlobalMultiVariable' => '', - 'NFSmounts' => '', - 'Affiliations' => '', - 'Messages' => '' - ); - if (file_exists('.ht-inc/'.strtolower($class).'.php')) { - require('.ht-inc/'.strtolower($class).'.php'); - } - elseif (array_key_exists($class, $siteconfigclasses)) { - require('.ht-inc/siteconfig.php'); - } - else { - throw new Exception("Unable to load $class."); - } -} + if(! function_exists('curl_init')) { + $message = "php cURL library is not configured."; + if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) { + print "<font color=red>" . $message . "</font><br>\n"; + } + error_log('php cURL library is not configured.'); + return; + } -/** - * \autoload function - */ -if (function_exists('spl_autoload_register')) { - spl_autoload_register('vclAutoLoader'); + $ch = curl_init(); + + curl_setopt($ch, CURLOPT_HEADER, false); + curl_setopt($ch, CURLOPT_URL, $url) ; + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); + + if($validatecert == TRUE) { + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); + } + curl_setopt($ch, CURLOPT_VERBOSE, true); + + $response = curl_exec($ch); + + if(curl_errno($ch)) { + $info = curl_getinfo($ch); + if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) { + print "<font color=red>" . curl_error($ch) . print_r($info, TRUE) . "</font><br>\n"; + } + print "ERROR(curl_errno($ch)): " . $ERRORS[$info] . "<BR>\n"; + error_log("==========================================================================="); + error_log("ERROR(curl_errno($ch)): " . $ERRORS[$info]); + $backtrace = getBacktraceString(FALSE); + print "<pre>\n"; + print $backtrace; + print "</pre>\n"; + error_log($backtrace); + } + curl_close($ch); + return $response; } ?> http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/casauth/index.php ---------------------------------------------------------------------- diff --git a/web/casauth/index.php b/web/casauth/index.php index 8bc50df..df95bfd 100644 --- a/web/casauth/index.php +++ b/web/casauth/index.php @@ -14,120 +14,124 @@ $noHTMLwrappers = array(); dbConnect(); // Validate the Ticket -if (array_key_exists('ticket', $_GET)) { - $serviceticket = $_GET['ticket']; - if (array_key_exists('authtype', $_GET)) { - $authtype = $_GET['authtype']; - $auth = $authMechs[$authtype]; - $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0); - $cashost = $auth['host']; - $casport = $auth['port']; - $cascontext = $auth['context']; - $validatecassslcerts = $auth['validatecassslcerts']; - $attributemap = $auth['attributemap']; - - if ($auth['cacertpath'] != null) - if (file_exists($auth['cacertpath'])) - phpCAS::setCasServerCACert($auth['cacertpath']); - - $serviceurl = BASEURL . '/casauth/index.php?authtype=' . $_GET['authtype']; - if ($casversion == CAS_VERSION_2_0) - $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext . '/serviceValidate' . '?' . 'service=' . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket; - else - $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext . '/p3/serviceValidate' . '?' . 'service=' . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket; - - $response = curlDoSSLWebRequest($servicevalidateurl, $validatecassslcerts); - - // check for authentication success - $xmldata = new DOMDocument(); - $xmldata->loadXML($response); - $xpath = new DOMXPath($xmldata); - $authresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:user'); - $userid = ''; - $userinfo = array(); - $vcluser = array(); - foreach ($authresults as $authresult) { - $userid = $authresult->nodeValue; - $vcluser['unityid'] = $userid; - $vcluser['affiliationid'] = $auth['affiliationid']; - if ($auth['defaultgroup'] != null) - $vcluser['defaultgroup'] = $auth['defaultgroup']; - } - - // extract user attributes provided by CAS - $attributeresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:attributes'); - if ($attributeresults->length > 0) { - $userattributeitems = $attributeresults->item(0); - foreach ($userattributeitems->childNodes as $userattributeitem) { - $attributename = preg_replace('#^cas:#', '', $userattributeitem->nodeName); - $userinfo[$attributename] = $userattributeitem->nodeValue; - } - } - // convert CAS attributes to VCL user attributes - foreach (array_keys($userinfo) as $attribute) { - if (array_key_exists($attribute, $attributemap)) { - $vcluser[$attributemap[$attribute]] = $userinfo[$attribute]; - } - } - - unset($xmldata); - unset($xpath); - - if ($userid != '') { - // read keys - $fp = fopen(".ht-inc/keys.pem", "r"); - $key = fread($fp, 8192); - fclose($fp); - $keys["private"] = openssl_pkey_get_private($key, $pemkey); - if(! $keys['private']) - abort(6); - $fp = fopen(".ht-inc/pubkey.pem", "r"); - $key = fread($fp, 8192); - fclose($fp); - $keys["public"] = openssl_pkey_get_public($key); - if(! $keys['public']) - abort(7); - - // valid user returned, login if user exists - if (checkCASUserInDatabase($authtype, $userid) == TRUE) { - updateCASUser($vcluser); - # get cookie data - $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid'])); - if ($cookie != "Failed to encrypt cookie data") { - # set cookie - if(version_compare(PHP_VERSION, "5.2", ">=") == true) - setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1); - else - setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN); - - addLoginLog($userid, $authtype, $auth['affiliationid'], 1); - } - } - else { - // user does not exists in VCL database, so add user - if (addCASUser($vcluser) != NULL) { - # get cookie data - $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid'])); - if ($cookie != "Failed to encrypt cookie data") { - # set cookie - if(version_compare(PHP_VERSION, "5.2", ">=") == true) - setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1); - else - setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN); - - addLoginLog($userid, $authtype, $auth['affiliationid'], 1); - } - } - } - // Set theme - $theme = getAffiliationTheme($auth['affiliationid']); - setcookie("VCLSKIN", $theme, (time() + 2678400), "/", COOKIEDOMAIN); - } - } +if(array_key_exists('ticket', $_GET)) { + $serviceticket = $_GET['ticket']; + if(array_key_exists('authtype', $_GET)) { + $authtype = $_GET['authtype']; + $auth = $authMechs[$authtype]; + $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0); + $cashost = $auth['host']; + $casport = $auth['port']; + $cascontext = $auth['context']; + $validatecassslcerts = $auth['validatecassslcerts']; + $attributemap = $auth['attributemap']; + + if($auth['cacertpath'] != null) + if(file_exists($auth['cacertpath'])) + phpCAS::setCasServerCACert($auth['cacertpath']); + + $serviceurl = BASEURL . '/casauth/index.php?authtype=' . $_GET['authtype']; + if($casversion == CAS_VERSION_2_0) + $servicevalidateurl = 'https://' . $cashost . ':' . $casport + . $cascontext . '/serviceValidate' . '?' . 'service=' + . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket; + else + $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext + . '/p3/serviceValidate' . '?' . 'service=' + . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket; + + $response = curlDoSSLWebRequest($servicevalidateurl, $validatecassslcerts); + + // check for authentication success + $xmldata = new DOMDocument(); + $xmldata->loadXML($response); + $xpath = new DOMXPath($xmldata); + $authresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:user'); + $userid = ''; + $userinfo = array(); + $vcluser = array(); + foreach($authresults as $authresult) { + $userid = $authresult->nodeValue; + $vcluser['unityid'] = $userid; + $vcluser['affiliationid'] = $auth['affiliationid']; + if($auth['defaultgroup'] != null) + $vcluser['defaultgroup'] = $auth['defaultgroup']; + } + + // extract user attributes provided by CAS + $attributeresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:attributes'); + if($attributeresults->length > 0) { + $userattributeitems = $attributeresults->item(0); + foreach($userattributeitems->childNodes as $userattributeitem) { + $attributename = preg_replace('#^cas:#', '', $userattributeitem->nodeName); + $userinfo[$attributename] = $userattributeitem->nodeValue; + } + } + // convert CAS attributes to VCL user attributes + foreach(array_keys($userinfo) as $attribute) { + if(array_key_exists($attribute, $attributemap)) { + $vcluser[$attributemap[$attribute]] = $userinfo[$attribute]; + } + } + + unset($xmldata); + unset($xpath); + + if($userid != '') { + // read keys + $fp = fopen(".ht-inc/keys.pem", "r"); + $key = fread($fp, 8192); + fclose($fp); + $keys["private"] = openssl_pkey_get_private($key, $pemkey); + if(! $keys['private']) + abort(6); + $fp = fopen(".ht-inc/pubkey.pem", "r"); + $key = fread($fp, 8192); + fclose($fp); + $keys["public"] = openssl_pkey_get_public($key); + if(! $keys['public']) + abort(7); + + // valid user returned, login if user exists + if(checkCASUserInDatabase($authtype, $userid) == TRUE) { + updateCASUser($vcluser); + # get cookie data + $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid'])); + if($cookie != "Failed to encrypt cookie data") { + # set cookie + if(version_compare(PHP_VERSION, "5.2", ">=") == true) + setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1); + else + setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN); + + addLoginLog($userid, $authtype, $auth['affiliationid'], 1); + } + } + else { + // user does not exists in VCL database, so add user + if(addCASUser($vcluser) != NULL) { + # get cookie data + $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid'])); + if($cookie != "Failed to encrypt cookie data") { + # set cookie + if(version_compare(PHP_VERSION, "5.2", ">=") == true) + setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1); + else + setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN); + + addLoginLog($userid, $authtype, $auth['affiliationid'], 1); + } + } + } + // Set theme + $theme = getAffiliationTheme($auth['affiliationid']); + setcookie("VCLSKIN", $theme, (time() + 2678400), "/", COOKIEDOMAIN); + } + } } // Redirect to homepage header("Location: " . BASEURL . "/"); dbDisconnect(); -?> \ No newline at end of file +?>
