You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by jf...@apache.org on 2018/05/07 18:46:00 UTC
[3/3] vcl git commit: VCL-1087 - VCL CAS SSO
VCL-1087 - VCL CAS SSO
mostly whitespace changes
casauth/index.php: modified 2 long lines concatenating strings to span
to multiple lines
authmethods/casauth.php: modified checkCASUserInDatabase: wrapped WHERE
conditional for query
utils.php:
-removed vclAutoLoader function
-modified existing __autoload function to first check for passed in
class being in $actions['classmapping'] to include a file, else check
for a file of the same name as the lower cased class name and include it
if there, then also check for the parent class being Resource, and if
so, include resource.php
-after __autoload is defined, check for existance of
spl_autoload_register function, if it exists, use it to register
__autoload in case something else has already used it to ensure our
__autoload function is registered. Kept the name for the __autoload
class for php versions before spl_autoload_register was added
-reworked getCryptKeyID function to dynamicly determine location of the
utils.php file, then determine location of cryptkeyid file based on that
so that the function can be called from various index.php files and
still find the right location without having to have lots of regex's for
each possible location
conf-default.php: changed commenting out of CAS example to just use a
starting slash star and ending star slash
authentication.php: only whitespace changes
Project: http://git-wip-us.apache.org/repos/asf/vcl/repo
Commit: http://git-wip-us.apache.org/repos/asf/vcl/commit/111ee528
Tree: http://git-wip-us.apache.org/repos/asf/vcl/tree/111ee528
Diff: http://git-wip-us.apache.org/repos/asf/vcl/diff/111ee528
Branch: refs/heads/VCL-1087_VCL_CAS_SSO
Commit: 111ee5287298250f1770e31e09c3073e8112d8fc
Parents: 075c2c4
Author: Josh Thompson <jf...@ncsu.edu>
Authored: Mon May 7 14:27:41 2018 -0400
Committer: Josh Thompson <jf...@ncsu.edu>
Committed: Mon May 7 14:27:41 2018 -0400
----------------------------------------------------------------------
web/.ht-inc/authentication.php | 38 +++---
web/.ht-inc/authmethods/casauth.php | 219 +++++++++++++++---------------
web/.ht-inc/conf-default.php | 23 ++--
web/.ht-inc/utils.php | 221 ++++++++++++------------------
web/casauth/index.php | 226 ++++++++++++++++---------------
5 files changed, 341 insertions(+), 386 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/authentication.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authentication.php b/web/.ht-inc/authentication.php
index b28e175..55b42bc 100644
--- a/web/.ht-inc/authentication.php
+++ b/web/.ht-inc/authentication.php
@@ -75,19 +75,19 @@ function readAuthCookie() {
else
$cookie = $_COOKIE["VCLAUTH"];
$cookie = base64_decode($cookie);
- if(! openssl_public_decrypt($cookie, $tmp, $keys['public'])) {
- $AUTHERROR["code"] = 3;
- $AUTHERROR["message"] = "Failed to decrypt auth cookie";
- return NULL;
- }
+ if(! openssl_public_decrypt($cookie, $tmp, $keys['public'])) {
+ $AUTHERROR["code"] = 3;
+ $AUTHERROR["message"] = "Failed to decrypt auth cookie";
+ return NULL;
+ }
- $tmparr = explode('|', $tmp);
+ $tmparr = explode('|', $tmp);
$loginid = $tmparr[0];
$remoteIP = $tmparr[1];
$ts = $tmparr[2];
if(count($tmparr) > 3) {
$shibauthed = $tmparr[3];
-
+
# check to see if shibauth entry still exists for $shibauthed
$query = "SELECT ts FROM shibauth WHERE id = $shibauthed";
$qh = doQuery($query, 101);
@@ -105,19 +105,19 @@ function readAuthCookie() {
}
}
- if($ts < time()) {
- $AUTHERROR["code"] = 4;
- $AUTHERROR["message"] = "Auth cookie has expired";
- return NULL;
- }
- if($_SERVER["REMOTE_ADDR"] != $remoteIP) {
- //setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN);
- $AUTHERROR["code"] = 4;
- $AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP";
- return NULL;
- }
+ if($ts < time()) {
+ $AUTHERROR["code"] = 4;
+ $AUTHERROR["message"] = "Auth cookie has expired";
+ return NULL;
+ }
+ if($_SERVER["REMOTE_ADDR"] != $remoteIP) {
+ //setcookie("ITECSAUTH", "", time() - 10, "/", COOKIEDOMAIN);
+ $AUTHERROR["code"] = 4;
+ $AUTHERROR["message"] = "remote IP in auth cookie doesn't match user's remote IP";
+ return NULL;
+ }
- return $loginid;
+ return $loginid;
}
////////////////////////////////////////////////////////////////////////////////
http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/authmethods/casauth.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/authmethods/casauth.php b/web/.ht-inc/authmethods/casauth.php
index 1acd599..2558185 100644
--- a/web/.ht-inc/authmethods/casauth.php
+++ b/web/.ht-inc/authmethods/casauth.php
@@ -6,9 +6,9 @@
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -39,25 +39,25 @@ phpCAS::setVerbose(FALSE);
///
////////////////////////////////////////////////////////////////////////////////
function validateCASUser($type) {
- global $authMechs;
- $auth = $authMechs[$type];
- $callbackURL = BASEURL . "/casauth/index.php?authtype=" . $type;
- $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0);
-
- if ($auth['cacertpath'] != null)
- if (file_exists($auth['cacertpath']))
- phpCAS::setCasServerCACert($auth['cacertpath']);
-
- phpCAS::client($casversion, $auth['host'], $auth['port'], $auth['context']);
-
- // Set the service URL to use custom casauth directly within the VCL website
- phpCAS::setFixedServiceURL($callbackURL);
- if ( $auth['validatecassslcerts'] != true )
- phpCAS::setNoCasServerValidation();
-
- phpCAS::forceAuthentication();
-
- # TODO - Check if server is available.
+ global $authMechs;
+ $auth = $authMechs[$type];
+ $callbackURL = BASEURL . "/casauth/index.php?authtype=" . $type;
+ $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0);
+
+ if($auth['cacertpath'] != null)
+ if(file_exists($auth['cacertpath']))
+ phpCAS::setCasServerCACert($auth['cacertpath']);
+
+ phpCAS::client($casversion, $auth['host'], $auth['port'], $auth['context']);
+
+ // Set the service URL to use custom casauth directly within the VCL website
+ phpCAS::setFixedServiceURL($callbackURL);
+ if($auth['validatecassslcerts'] != true)
+ phpCAS::setNoCasServerValidation();
+
+ phpCAS::forceAuthentication();
+
+ # TODO - Check if server is available.
}
////////////////////////////////////////////////////////////////////////////////
@@ -73,17 +73,18 @@ function validateCASUser($type) {
///
////////////////////////////////////////////////////////////////////////////////
function checkCASUserInDatabase($type, $userid) {
- global $authMechs, $mysql_link_vcl;
- $loweruserid = strtolower($userid);
- $loweruserid = mysql_real_escape_string($loweruserid);
- $query = "SELECT id "
- . "FROM user "
- . "WHERE unityid = '$userid' AND affiliationid = {$authMechs[$type]['affiliationid']}";
- $qh = doQuery($query, 101);
- if ($row = mysql_fetch_assoc($qh)) {
- return TRUE;
- }
- return FALSE;
+ global $authMechs, $mysql_link_vcl;
+ $loweruserid = strtolower($userid);
+ $loweruserid = mysql_real_escape_string($loweruserid);
+ $query = "SELECT id "
+ . "FROM user "
+ . "WHERE unityid = '$userid' AND "
+ . "affiliationid = {$authMechs[$type]['affiliationid']}";
+ $qh = doQuery($query, 101);
+ if($row = mysql_fetch_assoc($qh)) {
+ return TRUE;
+ }
+ return FALSE;
}
////////////////////////////////////////////////////////////////////////////////
@@ -99,46 +100,46 @@ function checkCASUserInDatabase($type, $userid) {
///
////////////////////////////////////////////////////////////////////////////////
function addCASUser($userinfo) {
- global $authMechs, $mysql_link_vcl;
- $now = unixToDatetime(time());
-
- $query = "INSERT INTO user (unityid, affiliationid";
- if(array_key_exists('firstname', $userinfo))
- $query .= ", firstname";
- if(array_key_exists('lastname', $userinfo))
- $query .= ", lastname";
- if(array_key_exists('preferredname', $userinfo))
- $query .= ", preferredname";
- if(array_key_exists('email', $userinfo))
- $query .= ", email";
- $query .= ", lastupdated) VALUES ( '{$userinfo['unityid']}', {$userinfo['affiliationid']}";
- if(array_key_exists('firstname', $userinfo))
- $query .= ",'{$userinfo['firstname']}'";
- if(array_key_exists('lastname', $userinfo))
- $query .= ",'{$userinfo['lastname']}'";
- if(array_key_exists('preferredname', $userinfo))
- $query .= ",'{$userinfo['preferredname']}'";
- if(array_key_exists('email', $userinfo))
- $query .= ",'{$userinfo['email']}'";
- $query .= ",'{$now}')";
-
- doQuery($query, 101, 'vcl', 1);
- if(mysql_affected_rows($mysql_link_vcl)) {
- $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101);
- if(! $row = mysql_fetch_row($qh)) {
- abort(101);
- }
-
- // Add to default group
- if ($userinfo['defaultgroup'] != null) {
- $usergroups = array();
- array_push($usergroups, getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']));
- updateGroups($usergroups, $row[0]);
- }
-
- return $row[0];
- }
- return NULL;
+ global $authMechs, $mysql_link_vcl;
+ $now = unixToDatetime(time());
+
+ $query = "INSERT INTO user (unityid, affiliationid";
+ if(array_key_exists('firstname', $userinfo))
+ $query .= ", firstname";
+ if(array_key_exists('lastname', $userinfo))
+ $query .= ", lastname";
+ if(array_key_exists('preferredname', $userinfo))
+ $query .= ", preferredname";
+ if(array_key_exists('email', $userinfo))
+ $query .= ", email";
+ $query .= ", lastupdated) VALUES ( '{$userinfo['unityid']}', {$userinfo['affiliationid']}";
+ if(array_key_exists('firstname', $userinfo))
+ $query .= ",'{$userinfo['firstname']}'";
+ if(array_key_exists('lastname', $userinfo))
+ $query .= ",'{$userinfo['lastname']}'";
+ if(array_key_exists('preferredname', $userinfo))
+ $query .= ",'{$userinfo['preferredname']}'";
+ if(array_key_exists('email', $userinfo))
+ $query .= ",'{$userinfo['email']}'";
+ $query .= ",'{$now}')";
+
+ doQuery($query, 101, 'vcl', 1);
+ if(mysql_affected_rows($mysql_link_vcl)) {
+ $qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101);
+ if(! $row = mysql_fetch_row($qh)) {
+ abort(101);
+ }
+
+ // Add to default group
+ if($userinfo['defaultgroup'] != null) {
+ $usergroups = array();
+ array_push($usergroups, getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']));
+ updateGroups($usergroups, $row[0]);
+ }
+
+ return $row[0];
+ }
+ return NULL;
}
////////////////////////////////////////////////////////////////////////////////
@@ -154,41 +155,41 @@ function addCASUser($userinfo) {
///
////////////////////////////////////////////////////////////////////////////////
function updateCASUser($userinfo) {
- global $mysql_link_vcl;
- $now = unixToDatetime(time());
- $esc_userid = mysql_real_escape_string($userinfo['unityid']);
- $query = "UPDATE user SET unityid = '{$userinfo['unityid']}', lastupdated = '{$now}'";
- if(array_key_exists('firstname', $userinfo))
- $query .= ", firstname = '{$userinfo['firstname']}' ";
- if(array_key_exists('lastname', $userinfo))
- $query .= ", lastname = '{$userinfo['lastname']}' ";
- if(array_key_exists('preferredname', $userinfo))
- $query .= ", preferredname = '{$userinfo['preferredname']}' ";
- if(array_key_exists('email', $userinfo))
- $query .= ", email = '{$userinfo['email']}' ";
- $query .= "WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
- doQuery($query, 256, 'vcl', 1);
- if (mysql_affected_rows($mysql_link_vcl) == -1) {
- error_log(mysql_error($mysql_link_vcl));
- error_log($query);
- return FALSE;
- }
-
- // get id of current user
- $query = "SELECT id FROM user WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
- $qh = doQuery($query, 255);
- if ($user = mysql_fetch_assoc($qh)) {
- // Add to default group
- if ($userinfo['defaultgroup'] != null) {
- $usergroups = array();
- $newgroupid = getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']);
- array_push($usergroups, $newgroupid);
- $usergroups = array_unique($usergroups);
- if (! empty($usergroups))
- updateGroups($usergroups, $user["id"]);
- }
- }
-
- return TRUE;
+ global $mysql_link_vcl;
+ $now = unixToDatetime(time());
+ $esc_userid = mysql_real_escape_string($userinfo['unityid']);
+ $query = "UPDATE user SET unityid = '{$userinfo['unityid']}', lastupdated = '{$now}'";
+ if(array_key_exists('firstname', $userinfo))
+ $query .= ", firstname = '{$userinfo['firstname']}' ";
+ if(array_key_exists('lastname', $userinfo))
+ $query .= ", lastname = '{$userinfo['lastname']}' ";
+ if(array_key_exists('preferredname', $userinfo))
+ $query .= ", preferredname = '{$userinfo['preferredname']}' ";
+ if(array_key_exists('email', $userinfo))
+ $query .= ", email = '{$userinfo['email']}' ";
+ $query .= "WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
+ doQuery($query, 256, 'vcl', 1);
+ if(mysql_affected_rows($mysql_link_vcl) == -1) {
+ error_log(mysql_error($mysql_link_vcl));
+ error_log($query);
+ return FALSE;
+ }
+
+ // get id of current user
+ $query = "SELECT id FROM user WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
+ $qh = doQuery($query, 255);
+ if($user = mysql_fetch_assoc($qh)) {
+ // Add to default group
+ if($userinfo['defaultgroup'] != null) {
+ $usergroups = array();
+ $newgroupid = getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']);
+ array_push($usergroups, $newgroupid);
+ $usergroups = array_unique($usergroups);
+ if(! empty($usergroups))
+ updateGroups($usergroups, $user["id"]);
+ }
+ }
+
+ return TRUE;
}
-?>
\ No newline at end of file
+?>
http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/conf-default.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/conf-default.php b/web/.ht-inc/conf-default.php
index 99e323e..b6ffda6 100644
--- a/web/.ht-inc/conf-default.php
+++ b/web/.ht-inc/conf-default.php
@@ -158,18 +158,17 @@ $authMechs = array(
# for the user. Typically either 'cn', 'uid', or 'samaccountname'
"help" => "Use EXAMPLE1 LDAP if you are using an EXAMPLE1 account"), # message to be displayed on login page about when
# to use this login mechanism*/
- /*"CAS (Central Authentication Service)" => array("type" => "cas",
- * "affiliationid" => 3, # id from affiliation id this login method is associated with
- * "version" => 3, # this denotes the CAS protocol version used. currently supported values is 3. this value is maintained to track furture updates to the protocol
- * "host" => "cas.example.edu", # the CAS server DNS name
- * "port" => "8443", # the CAS Server port
- * "context" => "/cas", # the CAS context
- * "validatecassslcerts" => true, # validates the SSL certificates used by CAS server. strictly set to true for production (like) environments
- * "cacertpath" => "/etc/cas/cachain.pem", # if using self signed certificates on the CAS server set this to the path where the CA chain is stored. Set to '' if using publicly trusted certificates
- * "attributemap" => array("sn" => "lastname", "givenName" => "firstname", "cn" => "preferredname", "mail" => "email"), # a list of CAS user attributes mapped to VCL user attributes
- * "defaultgroup" => "global", # the default group name (excluding the affiliation name) that each CAS user should be added. make sure this group is pre-created
- * "help" => "Use CAS authentication to use your university CAS environment"), # message to be displayed on login page about when to use this login mechanism
- */
+ /*"CAS (Central Authentication Service)" => array("type" => "cas",
+ "affiliationid" => 3, # id from affiliation id this login method is associated with
+ "version" => 3, # this denotes the CAS protocol version used. currently supported values is 3. this value is maintained to track furture updates to the protocol
+ "host" => "cas.example.edu", # the CAS server DNS name
+ "port" => "8443", # the CAS Server port
+ "context" => "/cas", # the CAS context
+ "validatecassslcerts" => true, # validates the SSL certificates used by CAS server. strictly set to true for production (like) environments
+ "cacertpath" => "/etc/cas/cachain.pem", # if using self signed certificates on the CAS server set this to the path where the CA chain is stored. Set to '' if using publicly trusted certificates
+ "attributemap" => array("sn" => "lastname", "givenName" => "firstname", "cn" => "preferredname", "mail" => "email"), # a list of CAS user attributes mapped to VCL user attributes
+ "defaultgroup" => "global", # the default group name (excluding the affiliation name) that each CAS user should be added. make sure this group is pre-created
+ "help" => "Use CAS authentication to use your university CAS environment"), # message to be displayed on login page about when to use this login mechanism*/
);
$affilValFunc = array();
http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/.ht-inc/utils.php
----------------------------------------------------------------------
diff --git a/web/.ht-inc/utils.php b/web/.ht-inc/utils.php
index 596c811..8daa29f 100644
--- a/web/.ht-inc/utils.php
+++ b/web/.ht-inc/utils.php
@@ -352,13 +352,19 @@ function initGlobals() {
////////////////////////////////////////////////////////////////////////////////
function __autoload($class) {
global $actions;
- $class = strtolower($class);
- if(array_key_exists($class, $actions['classmapping'])) {
- require_once(".ht-inc/{$actions['classmapping'][$class]}.php");
- return;
+ $_class = strtolower($class);
+ if(array_key_exists($_class, $actions['classmapping'])) {
+ require_once(".ht-inc/{$actions['classmapping'][$_class]}.php");
+ }
+ elseif(file_exists(".ht-inc/{$_class}.php")) {
+ require_once(".ht-inc/{$_class}.php");
+ if(get_parent_class($class) == 'Resource')
+ require_once(".ht-inc/resource.php");
}
- require_once(".ht-inc/resource.php");
- require_once(".ht-inc/$class.php");
+}
+// register autoload function in case CAS or something else has used spl_autoload_register
+if(function_exists('spl_autoload_register')) {
+ spl_autoload_register('__autoload');
}
////////////////////////////////////////////////////////////////////////////////
@@ -1483,7 +1489,7 @@ function getImages($includedeleted=0, $imageid=0) {
. "u.affiliationid = a.id ";
if(! $includedeleted)
$query .= "AND i.deleted = 0 ";
- $query .= "ORDER BY i.prettyname";
+ $query .= "ORDER BY i.prettyname";
$qh = doQuery($query, 120);
while($row = mysql_fetch_assoc($qh)) {
if(is_null($row['maxconcurrent']))
@@ -1509,8 +1515,8 @@ function getImages($includedeleted=0, $imageid=0) {
$imagelist[$includedeleted][$row["id"]]["subimages"] = array();
if($allmetadata[$metaid]["subimages"]) {
$query2 = "SELECT imageid "
- . "FROM subimages "
- . "WHERE imagemetaid = $metaid";
+ . "FROM subimages "
+ . "WHERE imagemetaid = $metaid";
$qh2 = doQuery($query2, 101);
while($row2 = mysql_fetch_assoc($qh2))
$imagelist[$includedeleted][$row["id"]]["subimages"][] = $row2["imageid"];
@@ -2968,12 +2974,10 @@ function deleteSecretKeys($secretid) {
///
////////////////////////////////////////////////////////////////////////////////
function getCryptKeyID() {
- $reg = "|" . SCRIPT . "$|";
- $casauthreg = "|/casauth$|";
- $filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
- $filebase = preg_replace($casauthreg, '', $filebase);
- $filebase .= "/.ht-inc/cryptkey";
- $idfile = "$filebase/cryptkeyid";
+ $me = new ReflectionFunction('getCryptKeyID');
+ $myfile = $me->getFileName();
+ $path = dirname($myfile);
+ $idfile = "$path/cryptkey/cryptkeyid";
static $create = 1; # set flag so that recursion only goes one level deep
@@ -3967,12 +3971,12 @@ function processInputVar($vartag, $type, $defaultvalue=NULL, $stripwhitespace=0)
! is_array($_POST[$vartag]) &&
strncmp("{$_POST[$vartag]}", "0", 1) == 0 &&
$type == ARG_NUMERIC &&
- strncmp("{$_POST[$vartag]}", "0x0", 3) != 0) ||
+ strncmp("{$_POST[$vartag]}", "0x0", 3) != 0) ||
(array_key_exists($vartag, $_GET) &&
! is_array($_GET[$vartag]) &&
strncmp("{$_GET[$vartag]}", "0", 1) == 0 &&
$type == ARG_NUMERIC &&
- strncmp("{$_GET[$vartag]}", "0x0", 3) != 0)) {
+ strncmp("{$_GET[$vartag]}", "0x0", 3) != 0)) {
$_POST[$vartag] = "zero";
}
if(!empty($_POST[$vartag])) {
@@ -4116,7 +4120,7 @@ function getContinuationVar($name=NULL, $defaultval=NULL) {
function processInputData($data, $type, $addslashes=0, $defaultvalue=NULL) {
if(strncmp("$data", "0", 1) == 0 &&
$type == ARG_NUMERIC &&
- strncmp("$data", "0x0", 3) != 0) {
+ strncmp("$data", "0x0", 3) != 0) {
$data = "zero";
}
if(!empty($data))
@@ -6383,7 +6387,7 @@ function moveReservationsOffComputer($compid=0, $count=0) {
$checkstart = unixToDatetime(time() + 180);
if($compid == 0) {
$resources = getUserResources(array("imageAdmin", "imageCheckOut"),
- array("available"), 0, 0);
+ array("available"), 0, 0);
$computers = implode("','", array_keys($resources["computer"]));
$computers = "'$computers'";
$query = "SELECT DISTINCT COUNT(rs.id) AS reservations, "
@@ -7511,7 +7515,7 @@ function getManagementNodes($alive="neither", $includedeleted=0, $id=0) {
}
# Get items from variable table for specific management node id
- foreach ($return as $mn_id => $value ) {
+ foreach($return as $mn_id => $value) {
if(array_key_exists("hostname", $value)) {
$mn_hostname = $value['hostname'];
$timeservers = getVariable('timesource|'.$mn_hostname);
@@ -8051,9 +8055,9 @@ function showTimeTable($links) {
# or aren't mapped in resourcemap
if($computer_platformids[$id] != $platformid ||
($computerData[$id]["stateid"] != 2 &&
- $computerData[$id]["stateid"] != 3 &&
- $computerData[$id]["stateid"] != 6 &&
- $computerData[$id]["stateid"] != 8) ||
+ $computerData[$id]["stateid"] != 3 &&
+ $computerData[$id]["stateid"] != 6 &&
+ $computerData[$id]["stateid"] != 8) ||
$computerData[$id]["ram"] < $imageData[$imageid]["minram"] ||
$computerData[$id]["procnumber"] < $imageData[$imageid]["minprocnumber"] ||
$computerData[$id]["procspeed"] < $imageData[$imageid]["minprocspeed"] ||
@@ -8166,7 +8170,7 @@ function showTimeTable($links) {
continue;
}
if($links && ($computer_platformids[$id] != $platformid ||
- $computerData[$id]["stateid"] == 10 ||
+ $computerData[$id]["stateid"] == 10 ||
$computerData[$id]["stateid"] == 5)) {
continue;
}
@@ -8189,7 +8193,7 @@ function showTimeTable($links) {
elseif($timeslots[$id][$stamp]['blockAllocation'] &&
($timeslots[$id][$stamp]['blockInfo']['imageid'] != $imageid || # this line threw an error at one point, but we couldn't recreate it later
(! in_array($timeslots[$id][$stamp]['blockInfo']['groupid'], array_keys($user['groups'])))) &&
- $timeslots[$id][$stamp]['available']) {
+ $timeslots[$id][$stamp]['available']) {
if($links) {
print " <TD bgcolor=\"#ff0000\"><img src=images/red.jpg ";
print "alt=blockallocation border=0></TD>\n";
@@ -10818,7 +10822,7 @@ function addSublogEntry($logid, $imageid, $imagerevisionid, $computerid,
. "imagerevisionid, "
. "computerid, "
. "managementnodeid, "
- . "predictivemoduleid, ";
+ . "predictivemoduleid, ";
if($fromblock) {
$query .= "blockRequestid, "
. "blockStart, "
@@ -11359,7 +11363,7 @@ function getMappedSubConfigs($mode, $arg1, $arg2, $rec=0) {
. "cm.affiliationid = a.id AND "
. "(cm.affiliationid = {$user['affiliationid']} OR "
. "a.name = 'Global') AND "
- . "cm.configstageid = cs.id AND ";
+ . "cm.configstageid = cs.id AND ";
if($mode) {
$query .= "cmt.name = 'config' AND "
. " cm.subid IN ($inlist)";
@@ -11563,7 +11567,7 @@ function getConfigClustersRec($subimageid, $flat, $rec=0) {
. "configmaptype cmt, "
. "configsubimage csi, "
. "image i, "
- . "OS o, "
+ . "OS o, "
. "OStype ot, "
. "affiliation a "
. "WHERE ct.name = 'cluster' AND "
@@ -12585,7 +12589,7 @@ function validateIPv4addr($ip) {
///
/// \fn validateHostname($name)
///
-/// \param $name the hostname to validate
+/// \param $name - the hostname to validate
///
/// \return 1 if valid hostname else 0
///
@@ -13021,12 +13025,12 @@ function json_encode($a=false) {
if($a === true)
return 'true';
if(is_scalar($a)) {
- if (is_float($a)) {
+ if(is_float($a)) {
// Always use "." for floats.
return floatval(str_replace(",", ".", strval($a)));
}
- if (is_string($a)) {
+ if(is_string($a)) {
static $jsonReplaces = array(array("\\", "/", "\n", "\t", "\r", "\b", "\f", '"'), array('\\\\', '\\/', '\\n', '\\t', '\\r', '\\b', '\\f', '\"'));
return '"' . str_replace($jsonReplaces[0], $jsonReplaces[1], $a) . '"';
}
@@ -13034,15 +13038,15 @@ function json_encode($a=false) {
return $a;
}
$isList = true;
- for ($i = 0, reset($a); $i < count($a); $i++, next($a)) {
- if (key($a) !== $i) {
+ for($i = 0, reset($a); $i < count($a); $i++, next($a)) {
+ if(key($a) !== $i) {
$isList = false;
break;
}
}
$result = array();
- if ($isList) {
- foreach ($a as $v) $result[] = json_encode($v);
+ if($isList) {
+ foreach($a as $v) $result[] = json_encode($v);
return '[' . join(',', $result) . ']';
}
else {
@@ -13209,8 +13213,8 @@ function sendHeaders() {
if(! array_key_exists('ownergroup', $data))
$data['ownergroup'] = processInputVar('ownergroup', ARG_NUMERIC, 0);
$ownergroupids = explode(',', $data['ownergroupids']);
- if(in_array($data['ownergroup'], $ownergroupids) &&
- array_key_exists($data['ownergroup'], $user['groups'])) {
+ if(in_array($data['ownergroup'], $ownergroupids) &&
+ array_key_exists($data['ownergroup'], $user['groups'])) {
$expire = time() + 31536000; //expire in 1 year
setcookie("VCLOWNERGROUPID", $data['ownergroup'], $expire, "/", COOKIEDOMAIN);
}
@@ -13269,7 +13273,7 @@ function printHTMLHeader() {
$HTMLheader .= getHeader($refresh);
if(! in_array($mode, $noHTMLwrappers) &&
- (! is_array($contdata) ||
+ (! is_array($contdata) ||
! array_key_exists('noHTMLwrappers', $contdata) ||
$contdata['noHTMLwrappers'] == 0)) {
print $HTMLheader;
@@ -13542,7 +13546,7 @@ function getUsingVCL() {
global $NOAUTH_HOMENAV;
$rt = '';
foreach($NOAUTH_HOMENAV as $name => $url)
- $rt .= "<li><a href=\"$url\">" . i($name) . "</a></li>\n";
+ $rt .= "<li><a href=\"$url\">" . i($name) . "</a></li>\n";
return $rt;
}
@@ -14371,9 +14375,9 @@ function setVCLLocale() {
# use UTF8 encoding for any locales other than English (we may just be able
# to always use UTF8)
if(preg_match('/^en/', $locale))
- setlocale(LC_ALL, $locale);
+ setlocale(LC_ALL, $locale);
else
- setlocale(LC_ALL, $locale . '.UTF8');
+ setlocale(LC_ALL, $locale . '.UTF8');
bindtextdomain('vcl', './locale');
textdomain('vcl');
bind_textdomain_codeset('vcl', 'UTF-8');
@@ -14403,7 +14407,7 @@ function getSelectLanguagePulldown() {
if(! is_array($user))
$user['id'] = 0;
- $rt = "<form name=\"localeform\" class=\"localeform\" action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
+ $rt = "<form name=\"localeform\" class=\"localeform\" action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
if($authed) {
$rt .= "<select name=\"continuation\" onChange=\"this.form.submit();\" autocomplete=\"off\">\n";
$cdata = array('IP' => $remoteIP, 'oldmode' => $mode);
@@ -14511,99 +14515,46 @@ function getFSlocales() {
///
////////////////////////////////////////////////////////////////////////////////
function curlDoSSLWebRequest($url, $validatecert = TRUE) {
- if (! function_exists ( 'curl_init' ) ) {
- $message = "php cURL library is not configured.";
- if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) {
- print "<font color=red>" . $message . "</font><br>\n";
- }
- error_log('php cURL library is not configured.');
- return;
- }
-
- $ch = curl_init();
-
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_URL, $url) ;
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-
- if ($validatecert == TRUE) {
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
- }
- curl_setopt( $ch, CURLOPT_VERBOSE, true );
-
- $response = curl_exec( $ch );
-
- if( curl_errno( $ch ) ) {
- $info = curl_getinfo( $ch );
- if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) {
- print "<font color=red>" . curl_error( $ch ) . print_r( $info, TRUE ) . "</font><br>\n";
- }
- print "ERROR(curl_errno( $ch )): " . $ERRORS[$info] . "<BR>\n";
- error_log("===========================================================================");
- error_log("ERROR(curl_errno( $ch )): " . $ERRORS[$info]);
- $backtrace = getBacktraceString(FALSE);
- print "<pre>\n";
- print $backtrace;
- print "</pre>\n";
- error_log($backtrace);
- }
- curl_close( $ch );
- return $response;
-}
-
-////////////////////////////////////////////////////////////////////////////////
-///
-/// \fn vclAutoLoader()
-///
-/// \brief autoload function for VCL classes
-///
-////////////////////////////////////////////////////////////////////////////////
-function vclAutoLoader($class) {
- $siteconfigclasses = array(
- 'TimeVariable' => '',
- 'connectedUserCheck' => '',
- 'acknowledge' => '',
- 'initialconnecttimeout' => '',
- 'reconnecttimeout' => '',
- 'generalInuse' => '',
- 'serverInuse' => '',
- 'clusterInuse' => '',
- 'generalEndNotice1' => '',
- 'generalEndNotice2' => '',
- 'AffilTextVariable' => '',
- 'AffilHelpAddress' => '',
- 'AffilWebAddress' => '',
- 'AffilKMSserver' => '',
- 'AffilTheme' => '',
- 'AffilShibOnly' => '',
- 'AffilShibName' => '',
- 'GlobalSingleVariable' => '',
- 'userPasswordLength' => '',
- 'userPasswordSpecialChar' => '',
- 'NATportRange' => '',
- 'GlobalMultiVariable' => '',
- 'NFSmounts' => '',
- 'Affiliations' => '',
- 'Messages' => ''
- );
- if (file_exists('.ht-inc/'.strtolower($class).'.php')) {
- require('.ht-inc/'.strtolower($class).'.php');
- }
- elseif (array_key_exists($class, $siteconfigclasses)) {
- require('.ht-inc/siteconfig.php');
- }
- else {
- throw new Exception("Unable to load $class.");
- }
-}
+ if(! function_exists('curl_init')) {
+ $message = "php cURL library is not configured.";
+ if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) {
+ print "<font color=red>" . $message . "</font><br>\n";
+ }
+ error_log('php cURL library is not configured.');
+ return;
+ }
-/**
- * \autoload function
- */
-if (function_exists('spl_autoload_register')) {
- spl_autoload_register('vclAutoLoader');
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_HEADER, false);
+ curl_setopt($ch, CURLOPT_URL, $url) ;
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+
+ if($validatecert == TRUE) {
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
+ }
+ curl_setopt($ch, CURLOPT_VERBOSE, true);
+
+ $response = curl_exec($ch);
+
+ if(curl_errno($ch)) {
+ $info = curl_getinfo($ch);
+ if(ONLINEDEBUG && checkUserHasPerm('View Debug Information')) {
+ print "<font color=red>" . curl_error($ch) . print_r($info, TRUE) . "</font><br>\n";
+ }
+ print "ERROR(curl_errno($ch)): " . $ERRORS[$info] . "<BR>\n";
+ error_log("===========================================================================");
+ error_log("ERROR(curl_errno($ch)): " . $ERRORS[$info]);
+ $backtrace = getBacktraceString(FALSE);
+ print "<pre>\n";
+ print $backtrace;
+ print "</pre>\n";
+ error_log($backtrace);
+ }
+ curl_close($ch);
+ return $response;
}
?>
http://git-wip-us.apache.org/repos/asf/vcl/blob/111ee528/web/casauth/index.php
----------------------------------------------------------------------
diff --git a/web/casauth/index.php b/web/casauth/index.php
index 8bc50df..df95bfd 100644
--- a/web/casauth/index.php
+++ b/web/casauth/index.php
@@ -14,120 +14,124 @@ $noHTMLwrappers = array();
dbConnect();
// Validate the Ticket
-if (array_key_exists('ticket', $_GET)) {
- $serviceticket = $_GET['ticket'];
- if (array_key_exists('authtype', $_GET)) {
- $authtype = $_GET['authtype'];
- $auth = $authMechs[$authtype];
- $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0);
- $cashost = $auth['host'];
- $casport = $auth['port'];
- $cascontext = $auth['context'];
- $validatecassslcerts = $auth['validatecassslcerts'];
- $attributemap = $auth['attributemap'];
-
- if ($auth['cacertpath'] != null)
- if (file_exists($auth['cacertpath']))
- phpCAS::setCasServerCACert($auth['cacertpath']);
-
- $serviceurl = BASEURL . '/casauth/index.php?authtype=' . $_GET['authtype'];
- if ($casversion == CAS_VERSION_2_0)
- $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext . '/serviceValidate' . '?' . 'service=' . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket;
- else
- $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext . '/p3/serviceValidate' . '?' . 'service=' . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket;
-
- $response = curlDoSSLWebRequest($servicevalidateurl, $validatecassslcerts);
-
- // check for authentication success
- $xmldata = new DOMDocument();
- $xmldata->loadXML($response);
- $xpath = new DOMXPath($xmldata);
- $authresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:user');
- $userid = '';
- $userinfo = array();
- $vcluser = array();
- foreach ($authresults as $authresult) {
- $userid = $authresult->nodeValue;
- $vcluser['unityid'] = $userid;
- $vcluser['affiliationid'] = $auth['affiliationid'];
- if ($auth['defaultgroup'] != null)
- $vcluser['defaultgroup'] = $auth['defaultgroup'];
- }
-
- // extract user attributes provided by CAS
- $attributeresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:attributes');
- if ($attributeresults->length > 0) {
- $userattributeitems = $attributeresults->item(0);
- foreach ($userattributeitems->childNodes as $userattributeitem) {
- $attributename = preg_replace('#^cas:#', '', $userattributeitem->nodeName);
- $userinfo[$attributename] = $userattributeitem->nodeValue;
- }
- }
- // convert CAS attributes to VCL user attributes
- foreach (array_keys($userinfo) as $attribute) {
- if (array_key_exists($attribute, $attributemap)) {
- $vcluser[$attributemap[$attribute]] = $userinfo[$attribute];
- }
- }
-
- unset($xmldata);
- unset($xpath);
-
- if ($userid != '') {
- // read keys
- $fp = fopen(".ht-inc/keys.pem", "r");
- $key = fread($fp, 8192);
- fclose($fp);
- $keys["private"] = openssl_pkey_get_private($key, $pemkey);
- if(! $keys['private'])
- abort(6);
- $fp = fopen(".ht-inc/pubkey.pem", "r");
- $key = fread($fp, 8192);
- fclose($fp);
- $keys["public"] = openssl_pkey_get_public($key);
- if(! $keys['public'])
- abort(7);
-
- // valid user returned, login if user exists
- if (checkCASUserInDatabase($authtype, $userid) == TRUE) {
- updateCASUser($vcluser);
- # get cookie data
- $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid']));
- if ($cookie != "Failed to encrypt cookie data") {
- # set cookie
- if(version_compare(PHP_VERSION, "5.2", ">=") == true)
- setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1);
- else
- setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN);
-
- addLoginLog($userid, $authtype, $auth['affiliationid'], 1);
- }
- }
- else {
- // user does not exists in VCL database, so add user
- if (addCASUser($vcluser) != NULL) {
- # get cookie data
- $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid']));
- if ($cookie != "Failed to encrypt cookie data") {
- # set cookie
- if(version_compare(PHP_VERSION, "5.2", ">=") == true)
- setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1);
- else
- setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN);
-
- addLoginLog($userid, $authtype, $auth['affiliationid'], 1);
- }
- }
- }
- // Set theme
- $theme = getAffiliationTheme($auth['affiliationid']);
- setcookie("VCLSKIN", $theme, (time() + 2678400), "/", COOKIEDOMAIN);
- }
- }
+if(array_key_exists('ticket', $_GET)) {
+ $serviceticket = $_GET['ticket'];
+ if(array_key_exists('authtype', $_GET)) {
+ $authtype = $_GET['authtype'];
+ $auth = $authMechs[$authtype];
+ $casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0);
+ $cashost = $auth['host'];
+ $casport = $auth['port'];
+ $cascontext = $auth['context'];
+ $validatecassslcerts = $auth['validatecassslcerts'];
+ $attributemap = $auth['attributemap'];
+
+ if($auth['cacertpath'] != null)
+ if(file_exists($auth['cacertpath']))
+ phpCAS::setCasServerCACert($auth['cacertpath']);
+
+ $serviceurl = BASEURL . '/casauth/index.php?authtype=' . $_GET['authtype'];
+ if($casversion == CAS_VERSION_2_0)
+ $servicevalidateurl = 'https://' . $cashost . ':' . $casport
+ . $cascontext . '/serviceValidate' . '?' . 'service='
+ . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket;
+ else
+ $servicevalidateurl = 'https://' . $cashost . ':' . $casport . $cascontext
+ . '/p3/serviceValidate' . '?' . 'service='
+ . urlencode($serviceurl) . '&' . 'ticket=' . $serviceticket;
+
+ $response = curlDoSSLWebRequest($servicevalidateurl, $validatecassslcerts);
+
+ // check for authentication success
+ $xmldata = new DOMDocument();
+ $xmldata->loadXML($response);
+ $xpath = new DOMXPath($xmldata);
+ $authresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:user');
+ $userid = '';
+ $userinfo = array();
+ $vcluser = array();
+ foreach($authresults as $authresult) {
+ $userid = $authresult->nodeValue;
+ $vcluser['unityid'] = $userid;
+ $vcluser['affiliationid'] = $auth['affiliationid'];
+ if($auth['defaultgroup'] != null)
+ $vcluser['defaultgroup'] = $auth['defaultgroup'];
+ }
+
+ // extract user attributes provided by CAS
+ $attributeresults = $xpath->query('//cas:serviceResponse/cas:authenticationSuccess/cas:attributes');
+ if($attributeresults->length > 0) {
+ $userattributeitems = $attributeresults->item(0);
+ foreach($userattributeitems->childNodes as $userattributeitem) {
+ $attributename = preg_replace('#^cas:#', '', $userattributeitem->nodeName);
+ $userinfo[$attributename] = $userattributeitem->nodeValue;
+ }
+ }
+ // convert CAS attributes to VCL user attributes
+ foreach(array_keys($userinfo) as $attribute) {
+ if(array_key_exists($attribute, $attributemap)) {
+ $vcluser[$attributemap[$attribute]] = $userinfo[$attribute];
+ }
+ }
+
+ unset($xmldata);
+ unset($xpath);
+
+ if($userid != '') {
+ // read keys
+ $fp = fopen(".ht-inc/keys.pem", "r");
+ $key = fread($fp, 8192);
+ fclose($fp);
+ $keys["private"] = openssl_pkey_get_private($key, $pemkey);
+ if(! $keys['private'])
+ abort(6);
+ $fp = fopen(".ht-inc/pubkey.pem", "r");
+ $key = fread($fp, 8192);
+ fclose($fp);
+ $keys["public"] = openssl_pkey_get_public($key);
+ if(! $keys['public'])
+ abort(7);
+
+ // valid user returned, login if user exists
+ if(checkCASUserInDatabase($authtype, $userid) == TRUE) {
+ updateCASUser($vcluser);
+ # get cookie data
+ $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid']));
+ if($cookie != "Failed to encrypt cookie data") {
+ # set cookie
+ if(version_compare(PHP_VERSION, "5.2", ">=") == true)
+ setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1);
+ else
+ setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN);
+
+ addLoginLog($userid, $authtype, $auth['affiliationid'], 1);
+ }
+ }
+ else {
+ // user does not exists in VCL database, so add user
+ if(addCASUser($vcluser) != NULL) {
+ # get cookie data
+ $cookie = getAuthCookieData("$userid@" . getAffiliationName($auth['affiliationid']));
+ if($cookie != "Failed to encrypt cookie data") {
+ # set cookie
+ if(version_compare(PHP_VERSION, "5.2", ">=") == true)
+ setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN, 0, 1);
+ else
+ setcookie("VCLAUTH", "{$cookie['data']}", 0, "/", COOKIEDOMAIN);
+
+ addLoginLog($userid, $authtype, $auth['affiliationid'], 1);
+ }
+ }
+ }
+ // Set theme
+ $theme = getAffiliationTheme($auth['affiliationid']);
+ setcookie("VCLSKIN", $theme, (time() + 2678400), "/", COOKIEDOMAIN);
+ }
+ }
}
// Redirect to homepage
header("Location: " . BASEURL . "/");
dbDisconnect();
-?>
\ No newline at end of file
+?>