diff options
Diffstat (limited to 'php')
20 files changed, 1108 insertions, 147 deletions
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php index 2ce14992..5e73a82e 100644 --- a/php/Attic/examples/sample-idp/admin_user.php +++ b/php/Attic/examples/sample-idp/admin_user.php @@ -255,18 +255,16 @@ if (!empty($identity_dump)) { $login->setIdentityFromDump($identity_dump); - $identity = $login->identity; - // FIXME : providerIds is empty - // var_dump($identity->providerIds); + $providerIDs = $identity->providerIds; ?> <table width="100%"> <?php - for($i = count($providerIDs); $i > 0; $i--) - { + for($i = 0; $i < $providerIDs->length() ; $i++) + { ?> <tr> - <td align='center'><?php echo print $providerIDs[$i - 1]; ?></td> + <td align='center'><?php echo $providerIDs->getItem($i); ?></td> <td align='right'><a href="">cancel federation</a></td> </tr> <?php diff --git a/php/Attic/examples/sample-idp/cancel_federation.php b/php/Attic/examples/sample-idp/cancel_federation.php new file mode 100644 index 00000000..6ced9c86 --- /dev/null +++ b/php/Attic/examples/sample-idp/cancel_federation.php @@ -0,0 +1,225 @@ +<?php +/* + * Identity Provider Example -- Cancel Federation with an Service Provider + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + + $config = unserialize(file_get_contents('config.inc')); + + $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + if (empty($_GET['profile'])) + { + $logger->err("Cancel Federation called without profile."); + die("Cancel Federation called without profile."); + } + + if (empty($_GET['with'])) + { + $logger->err("Cancel Federation called without providerID."); + die("Cancel Federation called without providerID."); + } + + session_start(); + + lasso_init(); + + if (empty($_SESSION['user_id'])) + { + $logger->err("UserID is empty, user is not logged in."); + die("UserID is empty, user is not logged in."); + } + + if (empty($_SESSION['identity_dump'])) + { + $logger->err("Identity Dump is empty, user is not federated."); + die("Identity Dump is empty, user is not federated."); + } + + if (!in_array($_GET['profile'], array_keys($methodes))) + { + die("Unknown defederation profile : " . $_GET['profile']); + $logger->err("Unknown defederation profile : " . $_GET['profile']); + } + + $user_id = $_SESSION['user_id']; + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + $defederation = new LassoDefederation($server, lassoProviderTypeIdp); + $defederation->setIdentityFromDump($_SESSION['identity_dump']); + + if (!empty($_SESSION['session_dump'])) + $defederation->setSessionFromDump($_SESSION['session_dump']); + + $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . + "' with Service Provider '" . $_GET['with']. "'"); + + $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); + + $defederation->buildNotificationMsg(); + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + $loggery>err("Name Identifier is empty."); + die("Name Identifier is empty."); + } + + $identity = $defederation->identity; + if (isset($defederation->identity)) + { + // Update identity dump + $identity_dump = $identity->dump(); + $_SESSION['identity_dump'] = $identity_dump; + $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); + } + else // Delete identity and session dumps + $query = "UPDATE users SET identity_dump=''"; + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' identity dump in the database"); + + // Update session dump, if available + if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) + { + $session = $defederation->session; + $session_dump = $session->dump(); + $_SESSION['session_dump'] = $session_dump; + + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' session dump in the database"); +} + +// Delete Name Identifier +$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; +$query .= "AND name_identifier='$nameIdentifier'"; + +$res =& $db->query($query); +if (DB::isError($res)) +{ + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); +} + +$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); + +switch($_GET['profile']) +{ + case 'redirect': + $url = $defederation->msgUrl; + $logger->info("Redirect user to $url"); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + break; + case 'soap': + $url = parse_url($defederation->msgUrl); + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); + + $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); + $logger->debug('SOAP Request : ' . $soap); + + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + socket_set_timeout($fp, 10); + fwrite($fp, $soap); + + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } + fclose($fp); + + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); + $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); + + // TODO : check reponse status + + + break; + } + +?> + +<?php + lasso_shutdown(); +?> diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php index 79d6a318..189a59d2 100644 --- a/php/Attic/examples/sample-idp/index.php +++ b/php/Attic/examples/sample-idp/index.php @@ -65,6 +65,10 @@ You can get more informations about <b>Lasso</b> at <br> session_start(); lasso_init(); + + // Create Lasso Server + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -85,19 +89,70 @@ You can get more informations about <b>Lasso</b> at <br> <?php } ?> </p> <p align='center'> - <b>Identity Provider Fonctionnality</b><br> + <b>Identity Provider Fonctionnality</b> +</p> <?php if (!isset($_SESSION["user_id"])) { ?> - <a href="login.php">Local Login</a><br> -<?php } else { ?> -<!-- - <td><a href="federate.php">Create federation</a></td> - <td><a href="defederate.php">Destroy federation</a></td> ---> - <a href="logout.php">Local Logout</a> -<?php } ?> +<p align='center'> + <a href="login.php">Local Login</a></p> +<?php + } + else + { + if (isset($_SESSION['identity_dump'])) + { + $login = new LassoLogin($server); + $login->setIdentityFromDump($_SESSION['identity_dump']); + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['sesion_dump']); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + if ($providerIDs->length()) + { +?> +<p align='center'>Cancel a Federation with :</p> +<p align='center'> +<table align='center'> +<thead> +<tr> + <td align='center'>Service Provider</td> + <td align='center'>Profile</td> +</tr> +</thead> +<tbody> +<?php + for($i = 0; $i < $providerIDs->length() ; $i++) + { + $providerID = $providerIDs->getItem($i); +?> +<tr> + <td align='center'><?php echo $providerID; ?></td> + <td align='center'> + <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | + <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> + </td> +</tr> +<?php + } +?> +</tbody> +</table> </p> +<?php + } + else + { +?> +<p align='center'>Your are not Federated with an Service Provider.</p> +<?php + } + } +?> +<p align='center'> +<a href="logout.php">Local Logout</a></p> +<?php } ?> <p align='center'> <table align='center'> diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php index 3014ac20..16fbeff7 100644 --- a/php/Attic/examples/sample-idp/login.php +++ b/php/Attic/examples/sample-idp/login.php @@ -57,6 +57,40 @@ $logger->log("User from '" . $_SERVER['REMOTE_ADDR'] . "' pressed the cancel button during HTTP basic authentication request", PEAR_LOG_NOTICE); } + function startLocalSession($user_id, $username) + { + global $db, $logger; + + $_SESSION['user_id'] = $user_id; + $_SESSION['username'] = $username; + + $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; + + $res =& $db->query($query); + + if (DB::isError($res)) + { + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); + die("Could not fetch identity and session dump"); + } + if ($res->numRows()) + { + $row = $res->fetchRow(); + if (!empty($row[0])) + $_SESSION['identity_dump'] = $row[0]; + if (!empty($row[1])) + $_SESSION['session_dump'] = $row[1]; + } + + $logger->log("User '$username' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); + + $url = 'index.php'; + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + exit; + } /* * This function authentificate the user against the Users Database @@ -71,8 +105,8 @@ $res =& $db->query($query); if (DB::isError($res)) { - $logger->log("DB Error :" . $db->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } @@ -96,41 +130,13 @@ // Check Login and Password if (!($user_id = authentificateUser($db, $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))) { - $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_WARNING); + $logger->warning("Authentication failure with login '". $_SERVER['PHP_AUTH_USER'] . " password '" + . $_SERVER['PHP_AUTH_PW'] ."' IP " . $_SERVER['REMOTE_ADDR']); sendHTTPBasicAuth(); exit; } else - { - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - - $logger->log("User '".$_SERVER['PHP_AUTH_USER']."' ($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - - /* TODO : load identity and session dump - $query = "SELECT identity_dump,session_dump FROM users WHERE identity_dump"; - $query .= " IS NOT NULL AND session_dump IS NOT NULL AND user_id='$user_id'"; - - $res =& $db->query($query); - - if (DB::isError($res)) - die($res->getMessage()); - - if ($res->numRows()) - { - $row = $res->fetchRow(); - - $_SESSION['identity_dump'] = $row[0]; - $_SESSION['session_dump'] = $row[1]; - } */ - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } + startLocalSession($user_id, $_SERVER['PHP_AUTH_USER']); } } else if ($config['auth_type'] == 'auth_form') @@ -151,17 +157,8 @@ { if (($user_id = authentificateUser($db, $form->exportValue('username'), $form->exportValue('password')))) { - $_SESSION['user_id'] = $user_id; - $_SESSION['username'] = $form->exportValue('username'); - - $logger->log("User '".$form->exportValue('username')."'($user_id) authenticated, local session started", PEAR_LOG_NOTICE); - - $url = 'index.php'; - header("Request-URI: $url"); - header("Content-Location: $url"); - header("Location: $url\r\n\r\n"); - exit; - } + startLocalSession($user_id, $form->exportValue('username')); + } else $logger->log("Authentication failure with login '".$form->exportValue('username')." password '". $form->exportValue('password') ."' IP '" . $_SERVER['REMOTE_ADDR']."'", PEAR_LOG_WARNING); } diff --git a/php/Attic/examples/sample-idp/metadata_idp1.xml b/php/Attic/examples/sample-idp/metadata_idp1.xml index 3330c73d..afa9c9b2 100644 --- a/php/Attic/examples/sample-idp/metadata_idp1.xml +++ b/php/Attic/examples/sample-idp/metadata_idp1.xml @@ -12,8 +12,12 @@ <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> + <FederationTerminationServiceURL>https://idp1:1998/federationTermination</FederationTerminationServiceURL> + <FederationTerminationServiceReturnURL>https://idp1:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> + <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <SoapEndpoint>https://idp1:1998/soapEndpoint</SoapEndpoint> + + <SoapEndpoint>https://idp1:1998/soapEndpoint.php</SoapEndpoint> </IDPDescriptor> </EntityDescriptor> diff --git a/php/Attic/examples/sample-idp/metadata_sp1.xml b/php/Attic/examples/sample-idp/metadata_sp1.xml index e93daf15..9b2bf70c 100644 --- a/php/Attic/examples/sample-idp/metadata_sp1.xml +++ b/php/Attic/examples/sample-idp/metadata_sp1.xml @@ -15,9 +15,8 @@ <FederationTerminationServiceURL>https://sp1:2006/federationTermination</FederationTerminationServiceURL> <FederationTerminationServiceReturnURL>https://sp1:2006/federationTerminationReturn</FederationTerminationServiceReturnURL> <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> - <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile> - <SoapEndpoint>https://sp1:2006/soapEndpoint</SoapEndpoint> + <SoapEndpoint>https://sp1:2006/soapEndpoint.php</SoapEndpoint> <AuthnRequestsSigned>true</AuthnRequestsSigned> diff --git a/php/Attic/examples/sample-idp/misc.php b/php/Attic/examples/sample-idp/misc.php new file mode 100644 index 00000000..df9709e5 --- /dev/null +++ b/php/Attic/examples/sample-idp/misc.php @@ -0,0 +1,55 @@ +<?php +/* + * Service Provider Example -- Misc functions + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +function read_http_response($fp, &$header, &$response) +{ + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } +} diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php index 5284f886..6aa7f613 100644 --- a/php/Attic/examples/sample-idp/setup.php +++ b/php/Attic/examples/sample-idp/setup.php @@ -222,6 +222,16 @@ print "OK"; + print "<br>Insert user 'test' into 'users' : "; + + $query = "INSERT INTO users(user_id, username, password, created) "; + $query .= "VALUES (nextval('user_id_seq'), 'test', 'test', NOW())"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + print "OK"; + print "<br>Create table 'nameidentifiers' : "; $query = "DROP TABLE nameidentifiers CASCADE"; diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php index 3ecf4795..2a30c7d6 100644 --- a/php/Attic/examples/sample-idp/singleSignOn.php +++ b/php/Attic/examples/sample-idp/singleSignOn.php @@ -108,16 +108,10 @@ $is_first_sso = (isset($array['identity_dump']) ? FALSE : TRUE); if (!$is_first_sso) - { $login->setIdentityFromDump($array['identity_dump']); - $logger->log("Update Identity dump for user '$user_id' :" . $array['identity_dump'], PEAR_LOG_DEBUG); - } if (!empty($array['session_dump'])) - { $login->setSessionFromDump($array['session_dump']); - $logger->log("Update Session dump for user '$user_id' :" . $array['session_dump'], PEAR_LOG_DEBUG); - } doneSingleSignOn($db, $login, $user_id, $is_first_sso); } @@ -166,7 +160,7 @@ if (DB::isError($res)) { $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_CRIT); - $logger->log("DB Error :" . $db->getDebugInfo(), PEAR_LOG_DEBUG); + $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); die("Internal Server Error"); } $logger->log("Update user '$user_id' identity dump in the database : $identity_dump", PEAR_LOG_DEBUG); diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php index 2b051070..6ce56d02 100644 --- a/php/Attic/examples/sample-idp/soapEndpoint.php +++ b/php/Attic/examples/sample-idp/soapEndpoint.php @@ -124,7 +124,7 @@ } break; case lassoRequestTypeLogout: - $logger->log("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); // Logout $logout = new LassoLogout($server, lassoProviderTypeIdp); @@ -135,7 +135,7 @@ if (empty($nameIdentifier)) { header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Name Identifier is empty", PEAR_LOG_ERR); + $logger->err("Name Identifier is empty"); exit; } @@ -235,7 +235,7 @@ } - /* TODO : try multiple sp logout + // TODO : try multiple sp logout while(($providerID = $logout->getNextProviderId())) { $logout->initRequest($providerID, lassoHttpMethodAny); // FIXME @@ -258,34 +258,9 @@ continue; } fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); + read_http_response($fp, $header, $response); + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); @@ -295,7 +270,7 @@ continue; } $logout->processResponseMsg($response, lassoHttpMethodSoap); - } */ + } $logout->buildResponseMsg(); @@ -337,10 +312,81 @@ echo $logout->msgBody; break; case lassoRequestTypeDefederation: + $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); + + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name Identifier is empty"); + exit; + } + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; + $res =& $db->query($query); + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); + exit; + } + + $row = $res->fetchRow(); + $user_id = $row[0]; + $logger->debug("UserID is '$user_id"); + + $query = "SELECT identity_dump,session_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("User is not federated."); + exit; + } + $row = $res->fetchRow(); + $identity_dump = $row[0]; + $session_dump = $row[1]; + + $defederation->setIdentityFromDump($identity_dump); + if (!empty($session_dump)) + $defederation->setSessionFromDump($identity_dump); + + $defederation->validateNotification(); + + if (empty($defederation->msgUrl)): + header("HTTP/1.0 204 No Content"); + else + { + $url = $defederation->msgUrl; + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\n\n"); + } + break; default: header("HTTP/1.0 500 Internal Server Error"); - $logger->log("Unknown or unsupported SOAP request", PEAR_LOG_CRIT); + $logger->crit("Unknown or unsupported SOAP request"); } lasso_shutdown(); diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php index a93fbf2b..71432c6f 100644 --- a/php/Attic/examples/sample-idp/user_add.php +++ b/php/Attic/examples/sample-idp/user_add.php @@ -64,7 +64,7 @@ { $logger->log("DB Error :" . $res->getMessage(), PEAR_LOG_ERR); $logger->log("DB Error :" . $res->getDebugInfo(), PEAR_LOG_DEBUG); - die("username exist!"); + die("Username exist!"); } $logger->log("Create User '" . $form->exportValue('username') . "'", PEAR_LOG_NOTICE); diff --git a/php/Attic/examples/sample-idp/view_session.php b/php/Attic/examples/sample-idp/view_session.php new file mode 100644 index 00000000..cdd62c98 --- /dev/null +++ b/php/Attic/examples/sample-idp/view_session.php @@ -0,0 +1,121 @@ +<?php +/* + * Service Provider Example -- Online User Viewer + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'DB.php'; + + if (!file_exists('config.inc')) + { +?> +<p align='center'><b>Service Provider Configuration file is not available</b><br> +Please run the setup script :<br> +<a href='setup.php'>Lasso Service Provider Setup</a><br> +You can get more informations about <b>Lasso</b> at <br> +<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p> +<?php + exit(); + } + $config = unserialize(file_get_contents('config.inc')); + + $db = &DB::connect($config['dsn']); + + if (DB::isError($db)) + die($db->getMessage()); + + $query = "SELECT nameidentifiers.user_id,users.username,ip "; + $query .= "FROM nameidentifiers,sso_sessions,users "; + $query .= "WHERE sso_sessions.name_identifier = nameidentifiers.name_identifier "; + $query .= "AND nameidentifiers.user_id = users.user_id"; + + $res =& $db->query($query); + if (DB::isError($res)) + die($res->getMessage()); + + $numRows = $res->numRows(); +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" +"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> +<head> +<title>Lasso Service Provider Example : View Online Users</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" /> +</head> +<body> + +<p align='center'> +<table align='center' width='95%' border='1'> +<caption>Online Users</caption> +<thead> +<tr> + <td align='center'>User ID</td> + <td align='center'>User Name</td> + <td align='center'>Address IP</td> + <td align='center'>Started</td> + <td align='center'>Duration</td> +</tr> +</thead> +<tbody> +<?php + if ($numRows) + { + $num_col = $res->numCols(); + $tableinfo = $db->tableInfo($res); + + while($row = $res->fetchRow()) + { + echo "<tr>"; + for ($i = 0; $i < $num_col; $i++) + { + echo "<td align='center'>"; + switch ($tableinfo[$i]['name']) + { + case "ip": + echo long2ip($row[$i]); + break; + default: + echo $row[$i]; + } + echo "</td>"; + } + echo "</tr>"; + } + + } +?> +</tbody> +<tfoot> +<tr> + <td colspan='5'> </td> +</tr> +</tfoot> +</table> +</p> + +<br> +<p align='center'><a href='index.php'>Index</a> +</p> +<br> +<p align='center'>Copyright © 2004 Entr'ouvert</p> + +</body> +</html> diff --git a/php/Attic/examples/sample-sp/admin_user.php b/php/Attic/examples/sample-sp/admin_user.php index 30efe3c6..48a903dd 100644 --- a/php/Attic/examples/sample-sp/admin_user.php +++ b/php/Attic/examples/sample-sp/admin_user.php @@ -24,13 +24,18 @@ $config = unserialize(file_get_contents('config.inc')); + require_once 'Log.php'; require_once 'DB.php'; - - + + // connect to the data base $db = &DB::connect($config['dsn']); - if (DB::isError($db)) - die($db->getMessage()); + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + if (!empty($_GET['dump'])) { $query = "SELECT identity_dump FROM users WHERE user_id=".$db->quoteSmart($_GET['dump']); @@ -38,6 +43,7 @@ if (DB::isError($res)) print $res->getMessage(). "\n"; $row = $res->fetchRow(); + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -78,6 +84,15 @@ die($res->getMessage()); } + lasso_init(); + + // Create Lasso Server + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + // Lasso User + $login = new LassoLogin($server); + $query = "SELECT * FROM users"; $res =& $db->query($query); if (DB::isError($res)) @@ -107,7 +122,7 @@ <thead> <tr align="center"><?php for ($i = 0; $i < $num_col; $i++) { - echo "<td>" . $tableinfo[$i]['name'] ."</td>"; + echo "<td><b>" . $tableinfo[$i]['name'] ."</b></td>"; } ?><td> </td> </tr> @@ -127,6 +142,7 @@ { case "identity_dump": echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>"; + $identity_dump = $row[$i]; break; default: @@ -137,9 +153,29 @@ <?php } ?> - <td> - <a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a> - </td> + <td rowspan='2'><a href="<?php echo $PHP_SELF . '?del=' . $row[0]; ?>">delete</a></td> +</tr> +<tr> + <td colspan='<?php echo $num_col; ?>' align='center'> +<? + // get all federations for this user + if (!empty($identity_dump)) + { + $login->setIdentityFromDump($identity_dump); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + for($i = 0; $i < $providerIDs->length() ; $i++) + { + if ($i) + echo "<br>"; + echo $providerIDs->getItem($i); + } + } + else + echo "Not Federated with an Service Provider."; +?> + </td> </tr> <?php } @@ -165,4 +201,5 @@ </html> <?php $db->disconnect(); + lasso_shutdown(); ?> diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php index 727c2c0f..f7d38d32 100644 --- a/php/Attic/examples/sample-sp/assertionConsumer.php +++ b/php/Attic/examples/sample-sp/assertionConsumer.php @@ -25,6 +25,7 @@ require_once 'Log.php'; require_once 'DB.php'; require_once 'session.php'; + require_once 'misc.php'; $config = unserialize(file_get_contents('config.inc')); @@ -55,7 +56,7 @@ $login = new LassoLogin($server); - $logger->log('Request from ' . $_SERVER['REMOTE_ADDR'], PEAR_LOG_INFO); + $logger->info('Request from ' . $_SERVER['REMOTE_ADDR']); $login->initRequest($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect); $login->buildRequestMsg(); @@ -72,36 +73,8 @@ $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); socket_set_timeout($fp, 10); fwrite($fp, $soap); - - // header - do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); - - // chunked encoding - if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) - { - do { - $byte = ''; - $chunk_size = ''; - - do { - $chunk_size .= $byte; - $byte = fread($fp, 1); - } while ($byte != "\\r"); - - fread($fp, 1); - $chunk_size = hexdec($chunk_size); - $response .= fread($fp, $chunk_size); - fread($fp, 2); - } while ($chunk_size); - } - else - { - if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) - $response = @fread($fp, $matches[1]); - else - while (!feof($fp)) $response .= fread($fp, 1024); - } - fclose($fp); + + read_http_response($fp, $header, $response); $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); @@ -151,8 +124,10 @@ $login->acceptSso(); $session = $login->session; + $identity = $login->identity; $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; @@ -209,6 +184,7 @@ $_SESSION['nameidentifier'] = $login->nameIdentifier; + $_SESSION['identity_dump'] = $identity->dump(); $_SESSION['session_dump'] = $session->dump(); $_SESSION['user_id'] = $user_id; diff --git a/php/Attic/examples/sample-sp/cancel_federation.php b/php/Attic/examples/sample-sp/cancel_federation.php new file mode 100644 index 00000000..66a2076d --- /dev/null +++ b/php/Attic/examples/sample-sp/cancel_federation.php @@ -0,0 +1,200 @@ +<?php +/* + * Service Provider Example -- Cancel Federation with an Identity Provider + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + require_once 'misc.php'; + + $config = unserialize(file_get_contents('config.inc')); + + $methodes = array('redirect' => lassoHttpMethodRedirect, 'soap' => lassoHttpMethodSoap); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + die($db->getMessage()); + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + if (empty($_GET['profile'])) + { + $logger->err("Cancel Federation called without profile."); + die("Cancel Federation called without profile."); + } + + if (empty($_GET['with'])) + { + $logger->err("Cancel Federation called without providerID."); + die("Cancel Federation called without providerID."); + } + + session_start(); + + lasso_init(); + + if (empty($_SESSION['user_id'])) + { + $logger->err("UserID is empty, user is not logged in."); + die("UserID is empty, user is not logged in."); + } + + if (empty($_SESSION['identity_dump'])) + { + $logger->err("Identity Dump is empty, user is not federated."); + die("Identity Dump is empty, user is not federated."); + } + + if (!in_array($_GET['profile'], array_keys($methodes))) + { + die("Unknown defederation profile : " . $_GET['profile']); + $logger->err("Unknown defederation profile : " . $_GET['profile']); + } + + $user_id = $_SESSION['user_id']; + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->setIdentityFromDump($_SESSION['identity_dump']); + + if (!empty($_SESSION['session_dump'])) + $defederation->setSessionFromDump($_SESSION['session_dump']); + + $logger->debug("Create Cancel Federation Notification for User '" . $_SESSION["user_id"] . + "' with Identity Provider '" . $_GET['with']. "'"); + + $defederation->initNotification($_GET['with'], $methodes[$_GET['profile']]); + + $defederation->buildNotificationMsg(); + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + $loggery>err("Name Identifier is empty."); + die("Name Identifier is empty."); + } + + $identity = $defederation->identity; + if (isset($defederation->identity)) + { + // Update identity dump + $identity_dump = $identity->dump(); + $_SESSION['identity_dump'] = $identity_dump; + $query = "UPDATE users SET identity_dump=".$db->quoteSmart($identity_dump); + } + else // Delete identity and session dumps + $query = "UPDATE users SET identity_dump=''"; + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' identity dump in the database"); + + // Update session dump, if available + if (!empty($_SESSION['sesion_dump']) && $defederation->isSessionDirty) + { + $session = $defederation->session; + $session_dump = $session->dump(); + $_SESSION['session_dump'] = $session_dump; + + $query = "UPDATE users SET session_dump=".$db->quoteSmart($session_dump); + $query .= " WHERE user_id='$user_id'"; + + $res =& $db->query($query); + if (DB::isError($res)) + { + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); + } + $logger->debug("Update user '$user_id' session dump in the database"); +} + +// Delete Name Identifier +$query = "DELETE FROM nameidentifiers WHERE user_id='$user_id' "; +$query .= "AND name_identifier='$nameIdentifier'"; + +$res =& $db->query($query); +if (DB::isError($res)) +{ + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + die("Internal Server Error"); +} + +$logger->info("Delete Name Identifier '$nameIdentifier' for User '$user_id'"); + +switch($_GET['profile']) +{ + case 'redirect': + $url = $defederation->msgUrl; + $logger->info("Redirect user to $url"); + + header("Request-URI: $url"); + header("Content-Location: $url"); + header("Location: $url\r\n\r\n"); + break; + case 'soap': + $url = parse_url($defederation->msgUrl); + $soap = sprintf( + "POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n", + $url['path'], $url['host'], $url['port'], strlen($defederation->msgBody), $defederation->msgBody); + + $logger->info('Send SOAP Request to '. $url['host'] . ":" .$url['port']. $url['path']); + $logger->debug('SOAP Request : ' . $soap); + + $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno)); + socket_set_timeout($fp, 10); + fwrite($fp, $soap); + + read_http_response($fp, $header, $reponse); + + fclose($fp); + + $logger->log('SOAP Response Header : ' . $header, PEAR_LOG_DEBUG); + $logger->log('SOAP Response Body : ' . $response, PEAR_LOG_DEBUG); + + // TODO : check reponse status + + + break; + } + +?> + +<?php + lasso_shutdown(); +?> diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php index 62c5faef..43948017 100644 --- a/php/Attic/examples/sample-sp/index.php +++ b/php/Attic/examples/sample-sp/index.php @@ -64,7 +64,11 @@ You can get more informations about <b>Lasso</b> at <br> session_start(); + lasso_init(); + + $server_dump = file_get_contents($config['server_dump_filename']); + $server = LassoServer::newFromDump($server_dump); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> @@ -104,11 +108,48 @@ You can get more informations about <b>Lasso</b> at <br> <td><?php echo $config['providerID']; ?></td> <td><a href="login.php?profile=post">post</a> | <a href="login.php?profile=artifact">artifact</a></td> </tr> -<?php } else { ?> +<?php } else { + // User is federated with an Service Provider + if (isset($_SESSION['identity_dump'])) + { + $login = new LassoLogin($server); + $login->setIdentityFromDump($_SESSION['identity_dump']); + if (!empty($_SESSION['session_dump'])) + $login->setSessionFromDump($_SESSION['session_dump']); + $identity = $login->identity; + $providerIDs = $identity->providerIds; + + if ($providerIDs->length()) + { +?> <tr> - <td colspan="2">Single Logout</td> + <td align='center' colspan='2'>Cancel a Federation with :</td> +</tr> +<tr> + <td align='center'>Identity Provider</td><td align='center'>Profile</td> +</tr> +<?php + for($i = 0; $i < $providerIDs->length() ; $i++) + { + $providerID = $providerIDs->getItem($i); +?> +<tr> + <td align='center'><?php echo $providerID; ?></td> + <td align='center'> + <a href="cancel_federation.php?profile=redirect&with=<?php echo $providerID; ?>">Redirect</a> | + <a href="cancel_federation.php?profile=soap&with=<?php echo $providerID; ?>">SOAP</a> + </td> +</tr> +<tr> + <td colspan='2'> </td> +</tr> +<?php + } + } + } +?> <tr> - <td colspan="2"><a href="logout.php">Logout!</a></td> + <td>Single Logout using </td><td><a href="logout.php?profile=soap">SOAP</a></td> </tr> <?php } ?> </table> diff --git a/php/Attic/examples/sample-sp/metadata_idp1.xml b/php/Attic/examples/sample-sp/metadata_idp1.xml index 5dda1a22..afa9c9b2 100644 --- a/php/Attic/examples/sample-sp/metadata_idp1.xml +++ b/php/Attic/examples/sample-sp/metadata_idp1.xml @@ -4,14 +4,18 @@ xmlns="urn:liberty:metadata:2003-08"> <IDPDescriptor> - <SingleSignOnServiceURL>https://idp1:1998/singleSignOn.php</SingleSignOnServiceURL> + <SingleSignOnServiceURL>https://idp1:1998/singleSignOn</SingleSignOnServiceURL> <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile> - <SingleLogoutServiceURL>https://idp1:1998/singleLogout.php</SingleLogoutServiceURL> + <SingleLogoutServiceURL>https://idp1:1998/singleLogout</SingleLogoutServiceURL> <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile> - <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier.php</RegisterNameIdentifierServiceURL> + <RegisterNameIdentifierServiceURL>https://idp1:1998/registerNameIdentifier</RegisterNameIdentifierServiceURL> <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile> + <FederationTerminationServiceURL>https://idp1:1998/federationTermination</FederationTerminationServiceURL> + <FederationTerminationServiceReturnURL>https://idp1:1998/federationTerminationReturn</FederationTerminationServiceReturnURL> + <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile> + <SoapEndpoint>https://idp1:1998/soapEndpoint.php</SoapEndpoint> diff --git a/php/Attic/examples/sample-sp/misc.php b/php/Attic/examples/sample-sp/misc.php new file mode 100644 index 00000000..df9709e5 --- /dev/null +++ b/php/Attic/examples/sample-sp/misc.php @@ -0,0 +1,55 @@ +<?php +/* + * Service Provider Example -- Misc functions + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +function read_http_response($fp, &$header, &$response) +{ + // header + do $header .= fread($fp, 1); while (!preg_match('/\\r\\n\\r\\n$/',$header)); + + // chunked encoding + if (preg_match('/Transfer\\-Encoding:\\s+chunked\\r\\n/',$header)) + { + do { + $byte = ''; + $chunk_size = ''; + + do { + $chunk_size .= $byte; + $byte = fread($fp, 1); + } while ($byte != "\\r"); + + fread($fp, 1); + $chunk_size = hexdec($chunk_size); + $response .= fread($fp, $chunk_size); + fread($fp, 2); + } while ($chunk_size); + } + else + { + if (preg_match('/Content\\-Length:\\s+([0-9]+)\\r\\n/', $header, $matches)) + $response = @fread($fp, $matches[1]); + else + while (!feof($fp)) $response .= fread($fp, 1024); + } +} diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php index 2886c88a..a27d3d05 100644 --- a/php/Attic/examples/sample-sp/setup.php +++ b/php/Attic/examples/sample-sp/setup.php @@ -284,6 +284,7 @@ ob_end_flush(); ob_end_flush(); ?> +<p><a href='index.php'>Back to Index</a></p> </body> </html> <?php diff --git a/php/Attic/examples/sample-sp/soapEndpoint.php b/php/Attic/examples/sample-sp/soapEndpoint.php new file mode 100644 index 00000000..ef7dcc8a --- /dev/null +++ b/php/Attic/examples/sample-sp/soapEndpoint.php @@ -0,0 +1,143 @@ +<?php +/* + * Identity Provider Example -- SOAP Endpoint + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Christophe Nowicki <cnowicki@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + require_once 'Log.php'; + require_once 'DB.php'; + require_once 'session.php'; + + + $config = unserialize(file_get_contents('config.inc')); + + $server_dump = file_get_contents($config['server_dump_filename']); + + header("Content-Type: text/xml\r\n"); + + // connect to the data base + $db = &DB::connect($config['dsn']); + if (DB::isError($db)) + { + header("HTTP/1.0 500 Internal Server Error"); + exit; + } + + // create logger + $conf['db'] = $db; + $logger = &Log::factory($config['log_handler'], 'log', $_SERVER['PHP_SELF'], $conf); + + // session handler + session_set_save_handler("open_session", "close_session", + "read_session", "write_session", "destroy_session", "gc_session"); + + session_start(); + + if (empty($HTTP_RAW_POST_DATA)) + { + $logger->log("HTTP_RAW_POST_DATA is empty", PEAR_LOG_WARNING); + die("HTTP_RAW_POST_DATA is empty!"); + } + + lasso_init(); + + $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA); + $server = LassoServer::newFromDump($server_dump); + + switch ($requestype) + { + case lassoRequestTypeLogout: + $logger->info("SOAP Logout Request from " . $_SERVER['REMOTE_ADDR']); + + break; + case lassoRequestTypeDefederation: + $logger->info("SOAP Defederation Request from " . $_SERVER['REMOTE_ADDR']); + + $defederation = new LassoDefederation($server, lassoProviderTypeSp); + $defederation->processNotificationMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap); + + $nameIdentifier = $defederation->nameIdentifier; + if (empty($nameIdentifier)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name Identifier is empty"); + exit; + } + + $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='$nameIdentifier'"; + $res =& $db->query($query); + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("Name identifier '$nameIdentifier' doesn't correspond to any user"); + exit; + } + + $row = $res->fetchRow(); + $user_id = $row[0]; + $logger->debug("UserID is '$user_id"); + + $query = "SELECT identity_dump FROM users WHERE user_id='$user_id'"; + $res =& $db->query($query); + + if (DB::isError($res)) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("DB Error :" . $res->getMessage()); + $logger->debug("DB Error :" . $res->getDebugInfo()); + exit; + } + + if (!$res->numRows()) + { + header("HTTP/1.0 500 Internal Server Error"); + $logger->err("User is not federated."); + exit; + } + $row = $res->fetchRow(); + $identity_dump = $row[0]; + + $defederation->setIdentityFromDump($identity_dump); + + // TODO : Get Session + + $defederation->validateNotification(); + + $identity = $defederation->identity; + + if (!isset($identity->dump)) + { + $identity_dump = $identity->dump; + } + + break; + default: + header("HTTP/1.0 500 Internal Server Error"); + $logger->crit("Unknown or unsupported SOAP request"); + } + +?> |