FOSSology  3.2.0rc1
Open Source License Compliance by Open Source Software
core-smauth.php
1 <?php
2 /***********************************************************
3  Copyright (C) 2011-2013 Hewlett-Packard Development Company, L.P.
4 
5  This program is free software; you can redistribute it and/or
6  modify it under the terms of the GNU General Public License
7  version 2 as published by the Free Software Foundation.
8 
9  This program is distributed in the hope that it will be useful,
10  but WITHOUT ANY WARRANTY; without even the implied warranty of
11  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  GNU General Public License for more details.
13 
14  You should have received a copy of the GNU General Public License along
15  with this program; if not, write to the Free Software Foundation, Inc.,
16  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17  ***********************************************************/
18 
19 use Fossology\Lib\Auth\Auth;
20 use Symfony\Component\HttpFoundation\Session\Session;
21 
22 define("TITLE_CORE_SMAUTH", _("SiteMinder_Login"));
23 
24 class core_smauth extends FO_Plugin
25 {
26  var $Name = "smauth";
27  var $Title = TITLE_CORE_SMAUTH;
28  var $Version = "1.0";
29  var $Dependency = array();
30  var $PluginLevel = 1000; /* make this run first! */
31  var $LoginFlag = 0;
32 
40  function Install()
41  {
42  global $PG_CONN;
43  if (empty($PG_CONN)) {
44  return (1);
45  } /* No DB */
46  return (0);
47  } // Install()
48 
53  function PostInitialize()
54  {
55  global $PG_CONN;
56  global $SysConf;
57 
58  if (siteminder_check() == -1) {
59  return;
60  }
61 
62  $UID = siteminder_check();
63 
64  global $container;
66  $session = $container->get('session');
67  $session->setName('Login');
68  $session->start();
69 
70  if (array_key_exists(Auth::USER_ID, $_SESSION)) {
71  $SysConf['auth'][Auth::USER_ID] = $_SESSION[Auth::USER_ID];
72  }
73  $Now = time();
74  /* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */
75  if (! empty($_SESSION['time']) && @$_SESSION['time'] + (60 * 480) < $Now) {
76  $_SESSION['User'] = NULL;
77  $_SESSION[Auth::USER_ID] = NULL;
78  $_SESSION[Auth::USER_LEVEL] = NULL;
79  $SysConf['auth'][Auth::USER_ID] = NULL;
80  $_SESSION['UserEmail'] = NULL;
81  $_SESSION['Folder'] = NULL;
82  $_SESSION['UiPref'] = NULL;
83  /* TODO: need to clear SiteMinder session */
84  }
85 
86  /* check db connection */
87  if (! $PG_CONN) {
88  DBconnect();
89  if (!$PG_CONN) {
90  echo "NO DB connection";
91  }
92  }
93 
94  /* Enable or disable plugins based on login status */
95  $Level = PLUGIN_DB_NONE;
96  if (@$_SESSION['User']) { //TODO: also need to check SiteMinder session
97  /* If you are logged in, then the default level is "Download". */
98  if ("X" . $_SESSION[Auth::USER_LEVEL] == "X") {
99  $Level = PLUGIN_DB_WRITE;
100  } else {
101  $Level = $_SESSION[Auth::USER_LEVEL];
102  }
103  /* Recheck the user in case he is suddenly blocked or changed. */
104  if (empty($_SESSION['time_check'])) {
105  $_SESSION['time_check'] = time() + (480 * 60);
106  }
107  if (time() >= @$_SESSION['time_check']) {
108  $sql = "SELECT * FROM users WHERE user_pk='" . @$_SESSION['UserId'] . "';";
109  $result = pg_query($PG_CONN, $sql);
110  DBCheckResult($result, $sql, __FILE__, __LINE__);
111  $R = pg_fetch_assoc($result);
112  pg_free_result($result);
113  $_SESSION['User'] = $R['user_name'];
114  $_SESSION['Folder'] = $R['root_folder_fk'];
115  $_SESSION[Auth::USER_LEVEL] = $R['user_perm'];
116  $_SESSION['UserEmail'] = $R['user_email'];
117  $_SESSION['UserEnote'] = $R['email_notify'];
118  if (empty($R['ui_preference'])) {
119  $_SESSION['UiPref'] = 'simple';
120  } else {
121  $_SESSION['UiPref'] = $R['ui_preference'];
122  }
123  $Level = $_SESSION[Auth::USER_LEVEL];
124  }
125  } else {
126  $this->CheckUser($UID);
127  $Level = $_SESSION[Auth::USER_LEVEL];
128  }
129 
130  /* Disable all plugins with >= $Level access */
131  plugin_disable($Level);
132 
133  $this->State = PLUGIN_STATE_READY;
134  } // PostInitialize()
135 
140  function CheckUser($Email)
141  {
142  global $PG_CONN;
143  global $SysConf;
144 
145  if (empty($Email)) {
146  return;
147  }
148  $Email = str_replace("'", "''", $Email); /* protect DB */
149  $FolderName = substr($Email, 0, strpos($Email,'@'));
150  $FolderName = trim($FolderName);
151  if (empty($FolderName)) {
152  return;
153  }
154  $FolderDes = "Folder created for " . $FolderName;
155 
156  /* Get default User description and bucketpool from sysconf table */
157  $UserDesc = 'null';
158  $BucketPool = 'null';
159  $sql = "SELECT typlen FROM pg_type where typname='sysconfig' limit 1";
160  $result = pg_query($PG_CONN, $sql);
161  DBCheckResult($result, $sql, __FILE__, __LINE__);
162  if (pg_num_rows($result) > 0) {
163  pg_free_result($result);
164  // Get UserDesc from sysconfig
165  $sql = "SELECT conf_value FROM sysconfig WHERE variablename = 'UserDesc';";
166  $result = pg_query($PG_CONN, $sql);
167  DBCheckResult($result, $sql, __FILE__, __LINE__);
168  $R = pg_fetch_assoc($result);
169  pg_free_result($result);
170  if (!empty($R['conf_value'])) {
171  $UserDesc = "'".$R['conf_value']."'";
172  }
173 
174  // Get BucketPool from sysconfig
175  $sql = "SELECT conf_value FROM sysconfig WHERE variablename = 'BucketPool';";
176  $result = pg_query($PG_CONN, $sql);
177  DBCheckResult($result, $sql, __FILE__, __LINE__);
178  $R = pg_fetch_assoc($result);
179  pg_free_result($result);
180  if (!empty($R['conf_value'])) {
181  $BucketPool = $R['conf_value'];
182  //Check if the bucketpool defined in sysconfig exist in bucketpool table
183  $sql = "SELECT bucketpool_pk FROM bucketpool WHERE bucketpool_pk=$BucketPool AND active='Y'";
184  $result = pg_query($PG_CONN, $sql);
185  DBCheckResult($result, $sql, __FILE__, __LINE__);
186  if (pg_num_rows($result) < 1) {
187  $BucketPool = 'null'; //didn't exist in bucketpool table, set it 'null'
188  }
189  pg_free_result($result);
190  } else {
191  /* if didn't define bucketpool from sycconf.And only a single bucketpool record, get bucketpool from bucketpool table. If more than one, set it null*/
192  $sql = "SELECT bucketpool_pk FROM bucketpool;";
193  $result = pg_query($PG_CONN, $sql);
194  DBCheckResult($result, $sql, __FILE__, __LINE__);
195  if (pg_num_rows($result) == 1) {
196  $R = pg_fetch_assoc($result);
197  if (!empty($R['bucketpool_pk'])) {
198  $BucketPool = $R['bucketpool_pk'];
199  }
200  } else {
201  $BucketPool = 'null';
202  }
203  pg_free_result($result);
204  }
205  } else {
206  pg_free_result($result);
207  }
208 
209  /* See if the user exists */
210  $sql = "SELECT * FROM users WHERE user_email = '$Email';";
211  $result = pg_query($PG_CONN, $sql);
212  DBCheckResult($result, $sql, __FILE__, __LINE__);
213  $R = pg_fetch_assoc($result);
214  pg_free_result($result);
215  if (empty($R['user_name'])) {
216  //check if folder name exists under the parent?
217  pg_exec("BEGIN;");
218  $sql = "SELECT * FROM folderlist WHERE name = '$FolderName' AND parent = '1' AND foldercontents_mode = '1';";
219  $result = pg_query($PG_CONN, $sql);
220  DBCheckResult($result, $sql, __FILE__, __LINE__);
221  $row = pg_fetch_assoc($result);
222  pg_free_result($result);
223  if (empty($row['name'])) {
224  //create folder for the user
225  $sql = "INSERT INTO folder (folder_name, folder_desc) VALUES ('$FolderName', '$FolderDes');";
226  $result = pg_query($PG_CONN, $sql);
227  DBCheckResult($result, $sql, __FILE__, __LINE__);
228  pg_free_result($result);
229  $sql = "SELECT folder_pk FROM folder WHERE folder_name='$FolderName' AND folder_desc = '$FolderDes';";
230  $result = pg_query($PG_CONN, $sql);
231  DBCheckResult($result, $sql, __FILE__, __LINE__);
232  $row = pg_fetch_assoc($result);
233  pg_free_result($result);
234  //print_r($row);
235  if (empty($row['folder_pk'])) {
236  return;
237  }
238  $FolderPk = $row['folder_pk'];
239  //echo $FolderPk;
240 
241  $sql = "INSERT INTO foldercontents (parent_fk,foldercontents_mode,child_id) VALUES ('1','1','$FolderPk');";
242  $result = pg_query($PG_CONN, $sql);
243  DBCheckResult($result, $sql, __FILE__, __LINE__);
244  pg_free_result($result);
245  } else {
246  $sql = "SELECT folder_pk FROM folder WHERE folder_name='$FolderName' AND folder_desc = '$FolderDes';";
247  $result = pg_query($PG_CONN, $sql);
248  DBCheckResult($result, $sql, __FILE__, __LINE__);
249  $row = pg_fetch_assoc($result);
250  pg_free_result($result);
251  //print_r($row);
252  if (empty($row['folder_pk'])) {
253  return;
254  }
255  $FolderPk = $row['folder_pk'];
256  //echo $FolderPk;
257  }
258 
259  //create user
260  add_user($Email,$UserDesc,null,null,5,$Email,y,"agent_bucket,agent_copyright",$FolderPk,$BucketPool);
261 
262  pg_exec("COMMIT;");
263  } /* no user */
264 
265  $sql = "SELECT * FROM users WHERE user_email = '$Email';";
266  $result = pg_query($PG_CONN, $sql);
267  DBCheckResult($result, $sql, __FILE__, __LINE__);
268  $R = pg_fetch_assoc($result);
269  pg_free_result($result);
270 
271  /* Check the email */
272  if (strcmp($Email, $R['user_email']) != 0) {
273  return;
274  }
275  /* If you make it here, then username and email were good! */
276  $_SESSION['User'] = $R['user_name'];
277  $_SESSION['UserId'] = $R['user_pk'];
278  $SysConf['auth'][Auth::USER_ID] = $R['user_pk'];
279  $_SESSION['UserEmail'] = $R['user_email'];
280  $_SESSION['UserEnote'] = $R['email_notify'];
281  if (empty($R['ui_preference'])) {
282  $_SESSION['UiPref'] = 'simple';
283  } else {
284  $_SESSION['UiPref'] = $R['ui_preference'];
285  }
286  $_SESSION['Folder'] = $R['root_folder_fk'];
287  $_SESSION['time_check'] = time() + (480 * 60);
288  /* No specified permission means ALL permission */
289  if ("X" . $R['user_perm'] == "X") {
290  $_SESSION[Auth::USER_LEVEL] = PLUGIN_DB_ADMIN;
291  } else {
292  $_SESSION[Auth::USER_LEVEL] = $R['user_perm'];
293  }
294  /* Check for the no-popup flag */
295  if (GetParm("nopopup", PARM_INTEGER) == 1) {
296  $_SESSION['NoPopup'] = 1;
297  } else {
298  $_SESSION['NoPopup'] = 0;
299  }
300  } // CheckUser()
301 
305  function Output()
306  {
307  global $SysConf;
308  if ($this->State != PLUGIN_STATE_READY) {
309  return;
310  }
311  $V = "";
312  if (siteminder_check() == -1) {
313  return;
314  }
315 
316  $UID = siteminder_check();
317 
318  if ($this->OutputType=="HTML") {
319  /* TODO:logout need to clear SiteMinder session */
320  $_SESSION['User'] = NULL;
321  $_SESSION[Auth::USER_ID] = NULL;
322  $SysConf['auth'][Auth::USER_ID] = NULL;
323  $_SESSION[Auth::USER_LEVEL] = NULL;
324  $_SESSION['UserEmail'] = NULL;
325  $_SESSION['Folder'] = NULL;
326  $_SESSION['UiPref'] = NULL;
327  $Uri = Traceback_uri() . "logout.html?" . rand();
328  //$Uri = Traceback_uri() . "?mod=refresh&remod=default";
329  $V.= "<script language='javascript'>\n";
330  $V.= "window.open('$Uri','_top');\n";
331  $V.= "</script>\n";
332  }
333  if (!$this->OutputToStdout) {
334  return ($V);
335  }
336  print ($V);
337  return;
338  } // Output()
339 }
340 
341 $NewPlugin = new core_smauth();
342 $NewPlugin->Initialize();
Traceback_uri
Traceback_uri()
Get the URI without query to this location.
Definition: common-parm.php:108
PLUGIN_DB_ADMIN
#define PLUGIN_DB_ADMIN
Plugin requires admin level permission on DB.
Definition: libfossology.h:51
DBconnect
DBconnect($sysconfdir, $options="", $exitOnFail=true)
Connect to database engine. This is a no-op if $PG_CONN already has a value.
Definition: common-db.php:44
add_user
add_user($User, $Desc, $Seed, $Hash, $Perm, $Email, $Email_notify, $agentList, $Folder, $default_bucketpool_fk='')
Add a user.
Definition: common-users.php:44
core_smauth\CheckUser
CheckUser($Email)
See if a username is valid.
Definition: core-smauth.php:140
core_smauth\Output
Output()
generate the output for this plug-in
Definition: core-smauth.php:305
State
Definition: state.hpp:26
GetParm
GetParm($parameterName, $parameterType)
This function will retrieve the variables and check data types.
Definition: common-parm.php:57
siteminder_check
siteminder_check()
Check if SiteMinder is enabled.
Definition: common-auth.php:33
PLUGIN_DB_NONE
#define PLUGIN_DB_NONE
Plugin requires no DB permission.
Definition: libfossology.h:48
PLUGIN_DB_WRITE
#define PLUGIN_DB_WRITE
Plugin requires write permission on DB.
Definition: libfossology.h:50
FO_Plugin\PostInitialize
PostInitialize()
This function is called before the plugin is used and after all plugins have been initialized...
Definition: FO_Plugin.php:241
PARM_INTEGER
const PARM_INTEGER
Definition: common-parm.php:25
FO_Plugin
This is the Plugin class. All plugins should:
Definition: FO_Plugin.php:67
$PG_CONN
foreach($Options as $Option=> $OptVal) if(0==$reference_flag &&0==$nomos_flag) $PG_CONN
Definition: list_license.php:62
DBCheckResult
DBCheckResult($result, $sql, $filenm, $lineno)
Check the postgres result for unexpected errors. If found, treat them as fatal.
Definition: common-db.php:198
core_smauth
Definition: core-smauth.php:24
core_smauth\Install
Install()
Only used during installation. This may be called multiple times. Used to ensure the DB has the right...
Definition: core-smauth.php:40
trim
char * trim(char *ptext)
Trimming whitespace.
Definition: fossconfig.c:695