From 6aa27a88fddbf8452560dc04c2899d85ad94fc2d Mon Sep 17 00:00:00 2001
From: "Stefan E. Funk" <funk@sub.uni-goettingen.de>
Date: Tue, 2 Jun 2015 17:43:02 +0200
Subject: [PATCH] Re-configured tgauth to use (a) shibboleth if wanted and (b)
for ldap use only. Copied all files in secure/ from textgrid-test1 to tgauth
git. Deleted old files.
---
.../secure/PutAttributes.php | 116 +++-
.../secure/TextGrid-WebAuth-old.php | 523 -----------------
.../secure/TextGrid-WebAuth.php | 81 ++-
.../secure/index.php | 5 -
.../secure/iso3166_en_code_lists.txt | 249 ++++++++-
.../secure/portal.cgi | 366 ------------
.../secure/soapTypes.inc.php | 528 ------------------
7 files changed, 443 insertions(+), 1425 deletions(-)
mode change 120000 => 100755 info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
delete mode 100644 info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth-old.php
mode change 120000 => 100644 info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
delete mode 100644 info.textgrid.middleware.tgauth.webauth/secure/index.php
mode change 120000 => 100644 info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
delete mode 100644 info.textgrid.middleware.tgauth.webauth/secure/portal.cgi
delete mode 100644 info.textgrid.middleware.tgauth.webauth/secure/soapTypes.inc.php
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php b/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
deleted file mode 120000
index a7b98fc..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
+++ /dev/null
@@ -1 +0,0 @@
-../WebAuthN/PutAttributes.php
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php b/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
new file mode 100755
index 0000000..3a49366
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
@@ -0,0 +1,115 @@
+<?php
+// #######################################################
+// Author: Martin Haase / DAASI International GmbH / TextGrid
+// Creation date: 2010-10-19
+// Modification date: 2010-XX
+// Version: 0.1
+// #######################################################
+
+include("../tglib/RBAC.class.php");
+include("../tglib/LDAP.class.php");
+include("../tglib/WebUtils.class.php");
+
+
+$configfile = "/etc/textgrid/tgauth/conf/config_tgwebauth.xml";
+
+$util = new WebUtils;
+
+$authZinstance = $_REQUEST["authZinstance"];
+$remote_user = $_REQUEST["remote_user"];
+
+if ($_REQUEST["loginmode"] == 1) {
+ $loginmode = TRUE;
+} else {
+ $loginmode = FALSE;
+}
+
+if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
+ $util->printAuthFailure("No TgAuth Instance provided",
+ "Please provide a valid string in the authZinstance variable.",
+ null,
+ null );
+ exit;
+}
+
+$rbac = new RBAC ( $configfile, $authZinstance );
+
+$Sid = $_REQUEST["Sid"];
+
+$attributes = $rbac->getUserAttributes( $Sid );
+// we always need one more argument, as PHP'S SOAP lib simplifies structures
+// s.t. if we only want to modify exactly one attr,
+// (it turns a:1{o:2{name,n,value,v}} into a:2{name,n,value,v})
+$newattributes = array("gnuelpfix");
+$thedisplayname = "anonymous";
+
+foreach ($attributes as $a) {
+ if ($util->isBoolean($a)) {
+ if (isset ( $_REQUEST[$a->name] ) && $_REQUEST[$a->name] === "on") {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = "TRUE";
+ $newattributes[] = $na;
+ } else {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = "FALSE";
+ $newattributes[] = $na;
+ }
+ } else if (isset ( $_REQUEST[$a->name])
+ && strlen($_REQUEST[$a->name]) > 0
+ && (!isset ($a->value)
+ || ( isset( $a->value)
+ && !($_REQUEST[$a->name] === $a->value)))) {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = $_REQUEST[$a->name];
+ $newattributes[] = $na;
+ }
+ if ($a->name === "displayname" && isset ($a->value)) { // set Display Name
+ $thedisplayname = $a->value;
+ }
+}
+#$file = fopen ("/tmp/xxxPut.log", "w+");
+#fwrite ($file, "putting these attrs: ". serialize ($newattributes) ."\n");
+#fclose ($file);
+
+
+// write in RBAC
+$res = $rbac->setAttributes($newattributes, $Sid, $loginmode );
+
+// write in LDAP if it is a textgrid.de account and something relevant changed
+// AND if setAttributes returned success, i.e. the SID was valid
+if (stripos($remote_user, "@textgrid.de") > 0 && is_object($res) && $res->result == true) {
+ $ldap = new LDAP ( $configfile );
+ $ldapres = $ldap->setUserAttributes($newattributes, $remote_user);
+ if ($ldapres["success"] == FALSE) {
+ echo "Could not modify base data in community LDAP: ";
+ echo $ldapres["detail"];
+ exit;
+ }
+}
+
+if ((is_array($res) && $res['success'] == FALSE) || (is_object($res) && $res->result == FALSE)) {
+ echo "something went wrong". serialize($res);
+ exit;
+}
+
+if ($loginmode) {
+ $util->printAuthSuccess("Authentication Succeeded",
+ $thedisplayname,
+ array("remote_user" => $remote_user,
+ "scstatus" => "set Attributes",
+ "Sid" => $Sid,
+ "authZinstance" => $authZinstance,
+ "identity_provider" => "unknown",
+ "identified_user" => array("authnmethod" => "ePPN")
+ ),
+ $rbac->slcData()
+ );
+} else {
+ $util->printSetAttributesSuccess($thedisplayname);
+}
+exit;
+
+?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth-old.php b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth-old.php
deleted file mode 100644
index f5c6771..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth-old.php
+++ /dev/null
@@ -1,523 +0,0 @@
-<?php
-// #######################################################
-// Authors: Markus Widmer & Martin Haase
-// Creation date: 08.07.2007
-// Modification date: 07/05/010
-// Version: 2.0
-// #######################################################
-
-header('Content-Type: text/html; charset=utf-8');
-
-//phpinfo();
-require_once( "soapTypes.inc.php" );
-
-$config = new DOMDocument();
-$config->load('../../../config_tgwebauth.xml');
-$xpath = new DOMXPath($config);
-$xpath->registerNamespace("c", "http://textgrid.info/namespaces/middleware/tgwebauth");
-
-
-$authZinstance = $_REQUEST["authZinstance"];
-$rbacInstance = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']");
-if ($rbacInstance->length == 0)
- {
- echo "Error: '${authZinstance}' has no RBAC base configured!<br/>\n";
- exit;
- }
-
-$rbacbase = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:rbacbase")->item(0)->nodeValue;
-$sessionCreatorUid = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:user")->item(0)->nodeValue;
-$sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
-$setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
-
-$slcSupportEnabling = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/@enable");
-if ($slcSupportEnabling->length > 0 && $slcSupportEnabling->item(0)->nodeValue === 'true') {
- $slcMode = TRUE;
- $slcEntitlementAttributeName = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr/@name")->item(0)->nodeValue;
- $slcEntitlementAttributeValue = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr")->item(0)->nodeValue;
- $slcPortalDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:portalDelegationURL")->item(0)->nodeValue;
- $slcNoDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:noDelegationURL")->item(0)->nodeValue;
-} else {
- $slcMode = FALSE;
-}
-
-// the session creation status will collect all messages
-// during the course of authentication
-$scstatus = "";
-
-$remote_user = $_SERVER["REMOTE_USER"];
-$identity_provider = $_SERVER["Shib-Identity-Provider"];
-if (isset($_SERVER["givenName"])) { $givennames = $_SERVER["givenName"];} else { $givennames = "";}
-if (isset($_SERVER["sn"])) { $surnames = $_SERVER["sn"];} else { $surnames = "";}
-if (isset($_SERVER["cn"])) { $cns = $_SERVER["cn"];} else { $cns = "";}
-if (isset($_SERVER["mail"])) { $mails = $_SERVER["mail"];} else { $mails = "";}
-if (isset($_SERVER["o"])) { $organisations = $_SERVER["o"];} else { $organisations = "";}
-
-
-$identified_user = identify($remote_user, $identity_provider);
-
-if ($identified_user['authnmethod'] == 'none') {
- format_error("User ID not given by home institution",
- "Your school (its Identity Provider) did not provide a useable User ID to TextGrid.<br/>\n"
- ."Please contact your school's computing centre and ask them to release to TextGrid's Service Provider "
- ."at least one of the following attributes: eduPersonPrincipalName, PersistentID or TargetedID. Thank you.");
- exit;
-} else {
- $scstatus .= "Authentication Method: ". $identified_user['authnmethod'] . "; ";
- $remote_user = $identified_user['user'] . "@" . $identified_user['scope'];
-}
-
-
-// -----------------------------------------------------
-// You'll need these services
-// -----------------------------------------------------
-$soapExtra = new SoapClient( $rbacbase . "wsdl/tgextra.wsdl" );
-$soapPolicy = new SoapClient( $rbacbase . "wsdl/tgsystem.wsdl" );
-$soapReview = new SoapClient( $rbacbase . "wsdl/tgreview.wsdl" );
-$soapAdministration = new SoapClient( $rbacbase . "wsdl/tgadministration.wsdl" );
-
-
-// -----------------------------------------------------
-// Before you can create a session you have to
-// authenticate. If this was successful you get a
-// session-ID that you should keep
-// -----------------------------------------------------
-$authReq = new authenticateRequest();
-$authReq->username = $sessionCreatorUid;
-$authReq->password = $sessionCreatorPw;
-
-
-//echo "<HR/>";
-//echo "Doing authentication...<BR/>";
-
-try {
- $authResponse = $soapExtra->authenticate( $authReq );
-
- if( preg_match( "/[0-9a-z]{2,}/i", $authResponse->auth ) ) {
- $scstatus .= "WebAuth authenticated at RBAC, received an internal SessionId. " ;
- }
-
-} catch( SoapFault $f ) {
- format_error("Internal Error",
- "SOAP FAULT (authenticate)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
-}
-
-
-
-// -----------------------------------------------------
-// Now you can try to add an active role to your session creator session
-// -----------------------------------------------------
-$addRoleReq = new addActiveRoleRequest();
-$addRoleReq->username = $sessionCreatorUid;
-$addRoleReq->role = "sessionCreator,Anwendung";
-$addRoleReq->auth = $authResponse->auth;
-
-//echo "<HR/>";
-//echo "Adding active role...<BR/>";
-
-try {
-
- $addRoleResponse = $soapExtra->tgAddActiveRole( $addRoleReq );
-
- if( $addRoleResponse->result ) {
-
- //echo "DONE.<BR/>";
- $scstatus .= "Added active role of application; ";
-
- } else {
- format_error("Internal Error",
- "Could not add Role for application.");
- exit;
- }
-}
-catch( SoapFault $f ) {
- format_error("Internal Error",
- "SOAP FAULT (tgAddActiveRole)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
-}
-
-
-$userexistreq = new userExistsRequest();
-$userexistreq->auth = $authResponse->auth;
-$userexistreq->username = $remote_user;
-
-try {
- $existresult = $soapExtra->userExists($userexistreq);
- if (! $existresult->result) {
- try {
- $adduserrequest = new addUserRequest();
- $adduserrequest->intSid = $authResponse->auth;
- $adduserrequest->username = $remote_user;
- $adduserrequest->password = "gnuelpfix"; // this is not relevant and will never be checked
-
- $addedUser = $soapAdministration->addUser($adduserrequest);
- if ($addedUser) {
- $scstatus .= "Added user information to authorization database; ";
- } else {
- format_error("Internal Error",
- "Could not add your user ID to authorization database." );
- exit;
- }
-
- } catch(SoapFault $f) {
- format_error("Internal Error",
- "SOAP FAULT (AddUser)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
- }
- } else {
- $scstatus .= "user exists in authentication database; ";
- }
-} catch (SoapFault $f) {
- format_error("Internal Error",
- "SOAP FAULT (UserExists)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
-}
-
-
-// -----------------------------------------------------
-// If this was successful you have to add an appropriate
-// role to your active session that allows you to create
-// a session for someone else.
-// -----------------------------------------------------
-$creReq = new createSessionRequest();
-$creReq->intSid = $authResponse->auth;
-//$creReq->username = "mhaase@uni-tuebingen.de";
-$creReq->username = $remote_user;
-
-//$creReq->roleset = Array( "Projektleiter,Projekt-1,Projekt-Teilnehmer" );
-//$creReq->roleset = Array( "Bearbeiter,Projekt-1,Projekt-Teilnehmer" );
-
-// get ALL available roles...
-$rolesobject = new authorizedRolesRequest();
-$rolesobject->intSid = $authResponse->auth;
-$rolesobject->username = $remote_user;
-
-try {
- $roleResponse = $soapReview->authorizedRoles($rolesobject);
-
-// cannot list roles here as they contain "s, which interfere with the
-// attribute eclosing quotes of the meta tag
-// $scstatus = $scstatus . "Received all available roles for user: ".serialize($roleResponse->role) . "; ";
- $scstatus .= "Received all available roles for user; ";
-} catch (Soapfault $f) {
- format_error("Internal Error",
- "SOAP FAULT (authorizedRoles)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
-}
-
-
-if (is_Array($roleResponse->role)) {
- $creReq->roleset = $roleResponse->role;
-} elseif (is_string($roleResponse->role)) {
- $creReq->roleset = Array($roleResponse->role);
-} else {
- $creReq->roleset = Array();
-}
-
-
-// Get an newly generated sid from the RBAC system
-try {
- $newSid = $soapExtra->getSid();
- $newSid = $newSid->sid;
-} catch (Soapfault $f) {
- format_error("Internal Error",
- "RBAC down? Could not generate a new SessionID!" );
- exit;
-}
-
-
-$creReq->sid = $newSid;
-//echo "Creating the session...<BR/>";
-try {
- $creResponse = $soapPolicy->createSession( $creReq );
-
- if( $creResponse->result ) {
- //echo "DONE.<BR/>";
- $scstatus .= "Created active role; ";
- } else {
- $scstatus .= "Could not create active role, proceeding without any role(s) in the session; ";
- }
-
-} catch (SoapFault $f) {
- format_error("Internal Error",
- "SOAP FAULT (CreateSession)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
- exit;
-}
-
-// We will arrive here only if all went well.
-// Otherwise, format_error() will be called which prints its own header and footer
-
-// Header ------------------------------------------------------------
-echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
-echo "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">\n";
-echo "<head>\n";
-echo "<title>Authentication Succeeded</title>\n";
-echo "<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\n";
-
-// Data --------------------------------------------------------------
-echo "<meta name=\"remote_principal\" content=\"$remote_user\"/>\n";
-echo "<meta name=\"rbac_session_status\" content=\"$scstatus\"/>\n";
-echo "<meta name=\"rbac_sessionid\" content=\"$newSid\"/>\n";
-if (!$slcMode) {
- echo "<meta name=\"ePPNplusSID\" content=\"$remote_user|$newSid\"/>\n";
-}
-echo "<style type=\"text/css\">";
-echo "#d123 {display:none;}";
-echo "</style>";
-echo "<script type=\"text/javascript\">\n";
-echo "<!--\n";
-echo "function toggle (target) {\n";
-echo " var obj=document.getElementById(target);\n";
-echo " obj.style.display=\"block\";\n";
-echo "}\n";
-echo "-->\n";
-echo "</script>\n";
-
-echo "</head>\n<body>\n";
- echo "<h2>Authentication Succeeded</h2>\n";
-
- echo "<p>You were successfully authenticated with User ID '<b>" . $remote_user . "</b>'. You may now access remote resources using the TextGrid Lab. This window can be closed.</p>\n";
-
- // experimental: Logout
- //echo "<br/><br/>";
-
- // das hier beendet nur die SP-Session, IdP bleibt...
- //echo "Click <a href=\"https://auth.textgrid.daasi.de/Shibboleth.sso/Logout\">here</a> if you want to log out.";
-
- // das hier sollte den Browser schließen, tuts aber nicht...
- //echo "<form action=\"\"><input type=\"button\" value=\"Log Out\" onclick=\"window.close()\"></form>";
-
- // also cookies loeschen:
- //s. http://de.selfhtml.org/javascript/objekte/document.htm#cookie...
-
-// Details -----------------------------------------------
-echo "<p>More <a href=\"javascript:toggle('d123')\">Details</a>.</p>\n";
-echo "<div id=\"d123\"> <h2>Authentication Details</h2>\n";
-echo "<table><tr><td>TgAuth Instance</td><td>". $rbacbase ."</td></tr>\n";
-echo "<tr><td>Shibboleth Identity ProviderID</td><td>". $identity_provider ."</td></tr>\n";
-echo "<tr><td>User ID Attribute Name</td><td>". $identified_user['authnmethod'] ."</td></tr>\n";
-echo "<tr><td>User ID Value </td><td>".$remote_user."</td></tr>\n";
-echo "<tr><td>Given Name(s)</td><td>".$givennames."</td></tr>\n";
-echo "<tr><td>Surname(s)</td><td>".$surnames."</td></tr>\n";
-echo "<tr><td>Common Name(s)</td><td>".$cns."</td></tr>\n";
-echo "<tr><td>Mail(s)</td><td>".$mails."</td></tr>\n";
-echo "<tr><td>Organisation(s)</td><td>".$organisations."</td></tr>\n";
-echo "<tr><td>TgAuth Session ID</td><td>".$newSid."</td></tr></table>\n";
-echo "</div>";
-
-setNameInRBAC();
-
-if ($slcMode) {
- $isSLCScompatible = scanEntitlements();
- if ($isSLCScompatible) {
- showCertificateButtons();
- } else {
- showCertificateInfoButton();
- }
-}
-
-
-echo "\n</body>\n</html>";
-
-exit;
-
-/////////////////////// Functions ///////////////////////////////////////
-function format_error ($heading, $detail) {
-
-global $remote_user, $scstatus, $newSid, $rbacbase, $identity_provider, $identified_user;
-
-// Header ------------------------------------------------------------
-echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n";
-echo "<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">";
-echo "<head>\n";
-echo "<title>Authentication Failed</title>\n";
-echo "<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\n";
-
-echo "<meta name=\"remote_principal\" content=\"$remote_user\"/>\n";
-echo "<meta name=\"rbac_session_status\" content=\"$scstatus\"/>\n";
-echo "<meta name=\"rbac_sessionid\" content=\"$newSid\"/>\n";
-echo "<style type=\"text/css\">";
-echo "#d123 {display:none;}";
-echo "</style>";
-echo "<script type=\"text/javascript\">\n";
-echo "<!--\n";
-echo "function toggle (target) {\n";
-echo " var obj=document.getElementById(target);\n";
-echo " obj.style.display=\"block\";\n";
-echo "}\n";
-echo "-->\n";
-echo "</script>\n";
-echo "</head>\n\n<body>\n";
-
-echo "<h2>Authentication Failure, $heading</h2>\n";
-echo "<p>The Authentication system could not authenticate you.</p>\n";
-
-echo "<p>More <a href=\"javascript:toggle('d123')\">Details</a>.</p>\n";
-echo "<div id=\"d123\">";
-echo "<h2>Error Details</h2>\n";
-echo "<p>". $detail ."</p>" ;
-echo "<h2>Authentication Details</h2>\n";
-echo "<table><tr><td>TgAuth Instance</td><td>". $rbacbase ."</td></tr>\n";
-echo "<tr><td>Shibboleth Identity ProviderID</td><td>". $identity_provider ."</td></tr>\n";
-echo "<tr><td>User ID Attribute Name</td><td>". $identified_user['authnmethod'] ."</td></tr>\n";
-echo "<tr><td>User ID Value </td><td>".$remote_user."</td></tr>\n";
-echo "<tr><td>TgAuth Session ID</td><td>".$newSid."</td></tr></table>\n";
-echo "</div>";
-
-echo "<p>If not indicated otherwise in the <a href=\"javascript:toggle('d123')\">details</a>, it could be that some service is not responding temporarily. In this case, please <a href=\"javascript:history.back()\">go back</a> or re-open the TextGridLab and try again.</p>";
-echo "<p>If the problem persists, please report this bug together with its time of occurence (" . date("Y-m-d H:i:s") . "). In the TextGridLab, choose 'Help->Report Bug'.</p>" ;
-
-echo "\n</body>\n</html>";
-}
-
-
-function identify ( $remote_user, $idp )
-{
- $authnmethod = "undefined";
- $user = "dummy";
- $scope = "no-scope.xxx";
- if (preg_match('/([^@]+)@([^@]+)/', $remote_user, $matches) == 1)
- {
- $authnmethod = "ePPN";
- $user = $matches[1];
- $scope = $matches[2];
- }
- else if (preg_match('/([^!]+)!([^!]+)!([^!]+)/', $remote_user, $matches) == 1)
- {
- $authnmethod = "persistentId";
- $user = $matches[3];
- $scope = $idp;
- }
- else if (strlen($remote_user) > 0)
- {
- $authnmethod = "targetedId";
- $user = $remote_user;
- $scope = $idp;
- }
- else
- {
- $authnmethod = "none";
- }
-
- $user = escapeForDN($user);
- $scope = escapeForDN($scope);
-
- return array("authnmethod" => $authnmethod,
- "user" => $user,
- "scope" => $scope );
-}
-
-
-function escapeForDN ($string)
-{
- return preg_replace('/[";+<>,\\\]/', "X", $string);
-}
-
-function scanEntitlements () {
- global $slcEntitlementAttributeName, $slcEntitlementAttributeValue;
-
- if (isset($_SERVER[$slcEntitlementAttributeName])) {
- $entitlements = $_SERVER[$slcEntitlementAttributeName];
- $arrEntitlements = explode( ";", $entitlements);
- foreach ($arrEntitlements as $ent) {
- if ($ent === $slcEntitlementAttributeValue) {
- return TRUE;
- }
- }
- }
- return FALSE;
-}
-
-
-function showCertificateInfoButton () {
- global $slcNoDelegationURL, $remote_user, $newSid;
-
- echo "<br/><br/>Your account does not include certificate support.";
- echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
- echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
- echo "<input type=\"submit\" value=\"Work without Certificate\"/>\n";
- echo "</form>\n";
-}
-
-function showCertificateButtons () {
- global $slcPortalDelegationURL, $slcNoDelegationURL, $remote_user, $newSid, $authZinstance;
-
- echo "<form method=\"get\" action=\"${slcPortalDelegationURL}\">\n";
- echo "<input type=\"hidden\" name=\"userDetails\" value=\"" . $remote_user . "|" .$newSid ."|". $authZinstance . "\">\n";
- echo "<input type=\"submit\" value=\"Request Certificate\">\n";
- echo "</form>\n\n";
-
- echo "<form method=\"post\" action=\"${slcNoDelegationURL}\">\n";
- echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
- echo "<input type=\"submit\" value=\"Use Existing Certificate\"/>\n";
- echo "</form>\n";
-}
-
-
-
-function setNameInRBAC ()
-{
-
- global $givennames, $surnames, $cns, $mails, $organisations, $soapExtra, $newSid, $identity_provider, $remote_user, $setnamessecret;
- $setNameReq = new setNameRequest();
- $setNameReq->auth = $newSid;
- $setNameReq->log = "";
- $setNameReq->webAuthSecret = $setnamessecret;
-
- // name will be first cn with a space (s.t. no uid), or "gn1 gn2 gn3 sn1 sn2", or last resort ePPN
- $cnarr = preg_split ("/;/", $cns );
- if ( sizeof ($cnarr) > 0 && preg_match("/ /", $cns) > 0 )
- {
- for ($i = 0; $i < sizeof ($cnarr); $i++)
- {
- if (preg_match("/ /", $cnarr[$i]) > 0 )
- {
- $setNameReq->name = $cnarr[$i];
- break;
- }
- }
- }
- elseif ( strlen ($givennames) > 0 && strlen ($surnames) > 0)
- {
- $givennameswithspaces = preg_replace ( "/;/", " ", $givennames );
- $surnameswithspaces = preg_replace ( "/;/", " ", $surnames );
- $setNameReq->name = $givennameswithspaces . " " . $surnameswithspaces;
- }
- else
- {
- $setNameReq->name = $remote_user;
- }
-
- $setNameReq->mail = $mails;
-
- if ( strlen ($organisations) > 0)
- {
- $setNameReq->organisation = $organisations;
- }
- else
- {
- $setNameReq->organisation = $identity_provider;
- }
-
- $setNameReq->agreeSearch = TRUE;
-
- try
- {
- $setNameResult = $soapExtra->setName( $setNameReq );
-
- if (! $setNameResult->result ) {
- // do NOT exit as setName is not vital
- echo "setName: result=false";
- }
- }
- catch (Soapfault $f)
- {
- // do NOT exit as setName is not vital
- echo "SoapFault";
- }
-
-}
-
-
-?>
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
deleted file mode 120000
index 37194c0..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
+++ /dev/null
@@ -1 +0,0 @@
-../WebAuthN/TextGrid-WebAuth.php
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
new file mode 100644
index 0000000..eea837f
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
@@ -0,0 +1,80 @@
+<?php
+// #######################################################
+// Author: Martin Haase / DAASI International GmbH / TextGrid
+// Creation date: 2010-09-23
+// Modification date: 2015-04-27
+// Version: 0.3 - user management is done in DARIAH now
+// #######################################################
+
+include("../tglib/RBAC.class.php");
+include("../tglib/WebUtils.class.php");
+
+$configfile = "/etc/textgrid/tgauth/conf/config_tgwebauth.xml";
+
+$util = new WebUtils;
+
+$authZinstance = $_REQUEST["authZinstance"];
+
+if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
+ $util->printAuthFailure("no_tgauth_instance_heading",
+ "no_tgauth_instance_detail",
+ null,
+ null );
+ exit;
+}
+
+$rbac = new RBAC ( $configfile, $authZinstance );
+
+// Variant 1: Authentication at Community LDAP
+// now unsused
+
+// Variant 2: Shibboleth gave us the right REMOTE_USER.
+// We create a Session here in RBAC, also for Variant1
+if (isset ($_SERVER["REMOTE_USER"])) {
+
+ // now creating session, activating roles, etc, in RBAC
+
+ $CSResult = $rbac->createSession( $_SERVER["REMOTE_USER"] );
+ $CSResult["rbachash"]["identity_provider"] = $_SERVER["Shib-Identity-Provider"];
+
+ if (!$CSResult["success"]) {
+ $util->printAuthFailure("sid_create_failure_heading",
+ $CSResult["detail"],
+ $_REQUEST["loginname"],
+ $CSResult["rbachash"]
+ );
+ exit;
+ }
+}
+
+// not enough information, exiting.
+else
+{
+
+ // check if we came via Shibboleth, but without an eduPersonPrincipalName
+ // (which would have been the REMOTE_USER)
+ if (isset( $_SERVER['Shib-Session-ID'] )) {
+ $util->printAuthFailure("shib_login_failure_heading",
+ "shib_login_failure_detail",
+ "(Shibboleth login, but no ePPN provided)",
+ null );
+ exit;
+ }
+ else
+ {
+ $util->printAuthFailure("authn_failure_heading",
+ "authn_failure_detail_nothing_to_do",
+ 'XXXX',
+ null );
+ trigger_error("WebAutnN: reached /secure, but no Shibboleth Session ID. This should not have happened.", E_USER_WARNING);
+ exit;
+ }
+}
+
+// print welcome screen causing the TextGridLab to take over the Sid
+$util->printAuthSuccess("authn_succeeded_heading",
+ $_SERVER["REMOTE_USER"],
+ $CSResult["rbachash"] );
+
+// Variant 3 unused now: No Session Creation, but just a desire to see (and update) User Attributes
+?>
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/index.php b/info.textgrid.middleware.tgauth.webauth/secure/index.php
deleted file mode 100644
index 554a22c..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/index.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<?php
-
-phpinfo();
-
-?>
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt b/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
deleted file mode 120000
index adba753..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
+++ /dev/null
@@ -1 +0,0 @@
-../WebAuthN/iso3166_en_code_lists.txt
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt b/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
new file mode 100644
index 0000000..f1bb234
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
@@ -0,0 +1,248 @@
+This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. The list is updated whenever a change to the official code list in ISO 3166-1 is effected by the ISO 3166/MA. It lists 240 official short names and code elements. One line of text contains one entry. A country name and its code element are separated by a semicolon (;).
+
+AFGHANISTAN;AF
+ÅLAND ISLANDS;AX
+ALBANIA;AL
+ALGERIA;DZ
+AMERICAN SAMOA;AS
+ANDORRA;AD
+ANGOLA;AO
+ANGUILLA;AI
+ANTARCTICA;AQ
+ANTIGUA AND BARBUDA;AG
+ARGENTINA;AR
+ARMENIA;AM
+ARUBA;AW
+AUSTRALIA;AU
+AUSTRIA;AT
+AZERBAIJAN;AZ
+BAHAMAS;BS
+BAHRAIN;BH
+BANGLADESH;BD
+BARBADOS;BB
+BELARUS;BY
+BELGIUM;BE
+BELIZE;BZ
+BENIN;BJ
+BERMUDA;BM
+BHUTAN;BT
+BOLIVIA, PLURINATIONAL STATE OF;BO
+BOSNIA AND HERZEGOVINA;BA
+BOTSWANA;BW
+BOUVET ISLAND;BV
+BRAZIL;BR
+BRITISH INDIAN OCEAN TERRITORY;IO
+BRUNEI DARUSSALAM;BN
+BULGARIA;BG
+BURKINA FASO;BF
+BURUNDI;BI
+CAMBODIA;KH
+CAMEROON;CM
+CANADA;CA
+CAPE VERDE;CV
+CAYMAN ISLANDS;KY
+CENTRAL AFRICAN REPUBLIC;CF
+CHAD;TD
+CHILE;CL
+CHINA;CN
+CHRISTMAS ISLAND;CX
+COCOS (KEELING) ISLANDS;CC
+COLOMBIA;CO
+COMOROS;KM
+CONGO;CG
+CONGO, THE DEMOCRATIC REPUBLIC OF THE;CD
+COOK ISLANDS;CK
+COSTA RICA;CR
+CÔTE D'IVOIRE;CI
+CROATIA;HR
+CUBA;CU
+CYPRUS;CY
+CZECH REPUBLIC;CZ
+DENMARK;DK
+DJIBOUTI;DJ
+DOMINICA;DM
+DOMINICAN REPUBLIC;DO
+ECUADOR;EC
+EGYPT;EG
+EL SALVADOR;SV
+EQUATORIAL GUINEA;GQ
+ERITREA;ER
+ESTONIA;EE
+ETHIOPIA;ET
+FALKLAND ISLANDS (MALVINAS);FK
+FAROE ISLANDS;FO
+FIJI;FJ
+FINLAND;FI
+FRANCE;FR
+FRENCH GUIANA;GF
+FRENCH POLYNESIA;PF
+FRENCH SOUTHERN TERRITORIES;TF
+GABON;GA
+GAMBIA;GM
+GEORGIA;GE
+GERMANY;DE
+GHANA;GH
+GIBRALTAR;GI
+GREECE;GR
+GREENLAND;GL
+GRENADA;GD
+GUADELOUPE;GP
+GUAM;GU
+GUATEMALA;GT
+GUERNSEY;GG
+GUINEA;GN
+GUINEA-BISSAU;GW
+GUYANA;GY
+HAITI;HT
+HEARD ISLAND AND MCDONALD ISLANDS;HM
+HOLY SEE (VATICAN CITY STATE);VA
+HONDURAS;HN
+HONG KONG;HK
+HUNGARY;HU
+ICELAND;IS
+INDIA;IN
+INDONESIA;ID
+IRAN, ISLAMIC REPUBLIC OF;IR
+IRAQ;IQ
+IRELAND;IE
+ISLE OF MAN;IM
+ISRAEL;IL
+ITALY;IT
+JAMAICA;JM
+JAPAN;JP
+JERSEY;JE
+JORDAN;JO
+KAZAKHSTAN;KZ
+KENYA;KE
+KIRIBATI;KI
+KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF;KP
+KOREA, REPUBLIC OF;KR
+KUWAIT;KW
+KYRGYZSTAN;KG
+LAO PEOPLE'S DEMOCRATIC REPUBLIC;LA
+LATVIA;LV
+LEBANON;LB
+LESOTHO;LS
+LIBERIA;LR
+LIBYAN ARAB JAMAHIRIYA;LY
+LIECHTENSTEIN;LI
+LITHUANIA;LT
+LUXEMBOURG;LU
+MACAO;MO
+MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF;MK
+MADAGASCAR;MG
+MALAWI;MW
+MALAYSIA;MY
+MALDIVES;MV
+MALI;ML
+MALTA;MT
+MARSHALL ISLANDS;MH
+MARTINIQUE;MQ
+MAURITANIA;MR
+MAURITIUS;MU
+MAYOTTE;YT
+MEXICO;MX
+MICRONESIA, FEDERATED STATES OF;FM
+MOLDOVA, REPUBLIC OF;MD
+MONACO;MC
+MONGOLIA;MN
+MONTENEGRO;ME
+MONTSERRAT;MS
+MOROCCO;MA
+MOZAMBIQUE;MZ
+MYANMAR;MM
+NAMIBIA;NA
+NAURU;NR
+NEPAL;NP
+NETHERLANDS;NL
+NETHERLANDS ANTILLES;AN
+NEW CALEDONIA;NC
+NEW ZEALAND;NZ
+NICARAGUA;NI
+NIGER;NE
+NIGERIA;NG
+NIUE;NU
+NORFOLK ISLAND;NF
+NORTHERN MARIANA ISLANDS;MP
+NORWAY;NO
+OMAN;OM
+PAKISTAN;PK
+PALAU;PW
+PALESTINIAN TERRITORY, OCCUPIED;PS
+PANAMA;PA
+PAPUA NEW GUINEA;PG
+PARAGUAY;PY
+PERU;PE
+PHILIPPINES;PH
+PITCAIRN;PN
+POLAND;PL
+PORTUGAL;PT
+PUERTO RICO;PR
+QATAR;QA
+REUNION;RE
+ROMANIA;RO
+RUSSIAN FEDERATION;RU
+RWANDA;RW
+SAINT BARTHÉLEMY;BL
+SAINT HELENA;SH
+SAINT KITTS AND NEVIS;KN
+SAINT LUCIA;LC
+SAINT MARTIN;MF
+SAINT PIERRE AND MIQUELON;PM
+SAINT VINCENT AND THE GRENADINES;VC
+SAMOA;WS
+SAN MARINO;SM
+SAO TOME AND PRINCIPE;ST
+SAUDI ARABIA;SA
+SENEGAL;SN
+SERBIA;RS
+SEYCHELLES;SC
+SIERRA LEONE;SL
+SINGAPORE;SG
+SLOVAKIA;SK
+SLOVENIA;SI
+SOLOMON ISLANDS;SB
+SOMALIA;SO
+SOUTH AFRICA;ZA
+SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS;GS
+SPAIN;ES
+SRI LANKA;LK
+SUDAN;SD
+SURINAME;SR
+SVALBARD AND JAN MAYEN;SJ
+SWAZILAND;SZ
+SWEDEN;SE
+SWITZERLAND;CH
+SYRIAN ARAB REPUBLIC;SY
+TAIWAN, PROVINCE OF CHINA;TW
+TAJIKISTAN;TJ
+TANZANIA, UNITED REPUBLIC OF;TZ
+THAILAND;TH
+TIMOR-LESTE;TL
+TOGO;TG
+TOKELAU;TK
+TONGA;TO
+TRINIDAD AND TOBAGO;TT
+TUNISIA;TN
+TURKEY;TR
+TURKMENISTAN;TM
+TURKS AND CAICOS ISLANDS;TC
+TUVALU;TV
+UGANDA;UG
+UKRAINE;UA
+UNITED ARAB EMIRATES;AE
+UNITED KINGDOM;GB
+UNITED STATES;US
+UNITED STATES MINOR OUTLYING ISLANDS;UM
+URUGUAY;UY
+UZBEKISTAN;UZ
+VANUATU;VU
+VENEZUELA;VE
+VIET NAM;VN
+VIRGIN ISLANDS, BRITISH;VG
+VIRGIN ISLANDS, U.S.;VI
+WALLIS AND FUTUNA;WF
+WESTERN SAHARA;EH
+YEMEN;YE
+ZAMBIA;ZM
+ZIMBABWE;ZW
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/portal.cgi b/info.textgrid.middleware.tgauth.webauth/secure/portal.cgi
deleted file mode 100644
index 0590da9..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/portal.cgi
+++ /dev/null
@@ -1,366 +0,0 @@
-#!/usr/bin/perl -w
-######################################################################
-# TextGrid demo portal used for delegation of short-lived credentials
-# initially based on gridshib-ca-demo-portal.cgi.in,v 1.5 2006/11/20 00:07:38 welch Exp
-#
-# (c) Martin Haase / DAASI International GmbH / Gap-SLC
-# Version 2.0
-# Fr 23. Jul 09:34:20 CEST 2010
-######################################################################
-
-use CGI;
-use XML::Simple;
-
-my $conf = "../../../config_tgwebauth.xml";
-
-######################################################################
-$cgi = new CGI;
-$status = $cgi->param("status");
-
-if (!defined($status))
-{
- # No status, we are being called for the first time by the user
- # Create a certificate request and create a form for requesting
- # delegation.
- makeRequest();
-}
-elsif ($status eq "success")
-{
- # Successful delegation from GridShib-CA. Read in certificate
- # and store.
- handleSuccess();
-}
-elsif ($status eq "rejected")
-{
- # We were rejected for some reason. Clean up.
- handleRejected();
-}
-
-exit(0);
-
-######################################################################
-
-sub makeRequest
-{
- use MIME::Base64;
-
- $userDetails = $cgi->param("userDetails");
- if (not defined ($userDetails)) {
- errorExit("Sorry, your Browser is not supported.");
- }
- @all = split "\\|", $userDetails;
- $eppn = $all[0];
- $sid = $all[1];
- $authZinstance = $all[2];
-
- $slcConfig = getConfig($conf, $authZinstance);
-
- # generate certificate request with key remotely
- $rethash = invokeWebService (
- $slcConfig->{rbacbase}.'tgextra.php',
- 'http://textgrid.info/namespaces/middleware/tgauth',
- 'getCSRRequest', {'auth' => $sid}
- );
-
- $reqPEM = decode_base64 ( $rethash->{csr} );
-
- my $targetURL = $slcConfig->{SLCSaddress};
- # this does not work on ws1:
- # my $myURL = $cgi->url();
- $myURL = $slcConfig->{portalDelegationURL};
-
- print $cgi->header();
- print $cgi->start_html("TextGrid / SLC Demo");
- print <<"EOF";
-<center>
-Welcome to the SLC demo for TextGrid for YOU ($eppn)
-</center>
-<p>
-This script shows how the TextGrid middleware can ask for a delegated <b>S</b>hort-<b>L</b>ived <b>C</b>redential
-from the DFN SLC Service by redirecting a user there with a credential request.
-<p>
-This demo uses the GridShib CA at: $targetURL
-<p>
-Your certificate request has been generated.
-<p>
-<form action="$targetURL" method="get">
-<input name="certificateRequest" type="hidden" value="$reqPEM">
-<input name="portalURL" type="hidden" value="$myURL">
-<input name="portalData" type="hidden" value="$userDetails">
-<input value="Click to submit Delegation request" type="submit">
-</form>
-EOF
- print $cgi->end_html();
-
-}
-
-sub handleSuccess
-{
- my $certificate = $cgi->param("certificate");
- my $userDetails = $cgi->param("portalData");
-
- @all = split "\\|", $userDetails;
- $eppn = $all[0];
- $sid = $all[1];
- $authZinstance = $all[2];
-
- $slcConfig = getConfig($conf, $authZinstance);
-
- $certificate =~ s/\x0d\x0a/\x0a/g;
-
- $rethash = invokeWebService (
- $slcConfig->{rbacbase}.'tgextra.php',
- 'http://textgrid.info/namespaces/middleware/tgauth',
- 'putCRTRequest', {'auth' => $sid, 'crt' => $certificate}
- );
-
- $noDelegationURL = $slcConfig->{noDelegationURL};
-
- $success = $rethash->{success};
- if ($success eq 'false') {
- errorExitWithSID($eppn, $sid, $noDelegationURL , "Could not store your credentials in TG-auth*.");
- }
-
- print $cgi->header();
- print $cgi->start_html("Delegation Successful");
- print <<"EOF";
-Your delegated credential was successfully retrieved and stored in TG-auth*. Here is its public key:
-<p>
-<pre>
-$certificate
-</pre>
-The corresponding private key is now held by TG-auth*.
-<p>
-<form method="post" action="$noDelegationURL">
- <input type="hidden" name="ePPNplusSID" value="$eppn|$sid" />
- <input type="submit" value="Return to the TextGridLab"/>
-</form><br/>
-EOF
-
-registerUserAtVOMRS (
- "/usr/local/bin/VOMRSclient/bin/runAutoregClient.sh",
- $certificate,
- $slcConfig->{rbacbase},
- $sid
-);
-
-print $cgi->end_html();
-
-}
-
-sub handleRejected
-{
- print $cgi->header();
- print $cgi->start_html("Delegation Request Rejected");
- print "The delegation failed.";
- print $cgi->end_html();
-}
-
-######################################################################
-#
-# Utility functions
-#
-
-### we cannot use &invokeWebservice as SOAP::Lite only unwillingly treats XML attributes right
-### however, the Web Service returns datastructures with XML attributes, such as:
-#<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://textgrid.info/namespaces/middleware/tgauth">
-# <SOAP-ENV:Body>
-# <ns1:getMyUserAttributesResponse>
-# <attribute name="givenname" mandatory="true" displayname="Given Name">
-# <value>Martin</value>
-# <description>Your First Name</description>
-# </attribute>
-# <attribute name="surname" mandatory="true" displayname="Surname">
-# <value>Haase</value>
-# <description>Your Last Name</description>
-# </attribute>
-# ...
-# The mapping onto D-Grid VOMRS attribute names from ours (e.g. 'street' => 'Street or P.O. Box') is also done here
-sub getAttributes {
- my ($rbacbase, $sid) = @_;
-
- my ($endpointInWSDL,$namespace,$methodname,$arghash) =
- ($rbacbase . 'tgextra.php',
- 'http://textgrid.info/namespaces/middleware/tgauth',
- 'getMyUserAttributesRequest',
- {'auth' => $sid }
- );
-
- use SOAP::Lite;
-
- my $soap = SOAP::Lite->new( proxy => $endpointInWSDL);
- $soap->default_ns($namespace);
-
- @args = ();
- foreach $k (keys %{$arghash}) {
- push @args, SOAP::Data->name($k)->value( $arghash->{$k});
- }
-
- my $result = $soap->call( $methodname, @args );
-
- die $result->fault->{ faultstring } if ($result->fault);
-
- $i=0;
- $attrs = $result->freeform->{'attribute'};
- foreach my $a ($result->dataof("//attribute/")) {
- $attrs->[$i]->{'name'} = $a->attr->{'name'};
- $i++;
- }
-
- my %vomrsmap = ('givenname' => 'First name',
- 'surname' => 'Last name',
- #'displayname' => '',
- #'mail' => '',
- 'organisation' => 'Institute or Department',
- #'orgunit' => '',
- 'street' => 'Street or P.O. Box',
- 'plz' => 'Zipcode',
- 'city' => 'City',
- 'country' => 'Country',
- 'tel' => 'Phone',
- 'citizenship' => 'Nationality',
- #'interest' => '',
- #'personid' => '',
- #'agreesearch' => '',
- );
-
- %result = ();
-
- foreach $entry (@{$attrs}) {
- if (exists $vomrsmap{$entry->{'name'}}) {
- $result{$vomrsmap{$entry->{'name'}}} = $entry->{'value'};
- }
- }
-
- return \%result;
-}
-
-
-sub registerUserAtVOMRS {
- my ($registerScript, $pem, $rbacbase, $sid) = @_;
-
- $attrhash = getAttributes ($rbacbase, $sid);
-
- use Crypt::OpenSSL::X509;
-
- my $crt = Crypt::OpenSSL::X509->new_from_string ( $pem );
-
- my $dn_commas = $crt->subject();
- my $ca_commas = $crt->issuer();
- my $mail = $crt->email();
- my $serial = $crt->serial();
-
-# my ($firstname, $lastname ) = getSLCname ($dn_commas);
-
- my $dn = commas2slashes ($dn_commas);
- my $ca = commas2slashes ($ca_commas);
-
- $personalinfo = "";
- foreach $key (keys %{$attrhash}) {
- $personalinfo = $personalinfo . $key . ',' . $attrhash->{$key} . ',';
- }
- chop $personalinfo;
-
- system "$registerScript '$dn' '$ca' '$serial' '$mail' '$personalinfo' >/dev/null";
-}
-
-
-# assumes "C=DE, ..., CN=Tanja Test - tanja.test@textgrid-test-idp.de"
-# returns ("Tanja", "Test")
-sub getSLCname {
- my $dn = shift;
- $dn =~ /CN=(\S+\s+)+(\S+)\s+-\s+/;
- $givennames = $1;
- $surname = $2;
- $givennames =~ s/\s+$//;
- return ( $givennames, $surname );
-}
-
-# translates C=DE, O=DFN-Verein, OU=DFN-PKI, CN=DFN-Verein Test-AAI SLCS CA
-# to /C=DE/O=DFN-Verein/OU=DFN-PKI/CN=DFN-Verein Test-AAI SLCS CA
-sub commas2slashes {
- $_ = shift;
- s/,\s+/\//g;
- return '/' . $_;
-}
-
-
-sub getConfig {
- my ($configfilename, $authZinstance) = @_;
-
- my $xml = new XML::Simple;
-
- my $data = $xml->XMLin($configfilename);
-
- @instance = grep $_->{'instance'} eq $authZinstance, @{$data->{'authz'}};
-
- if (scalar @instance != 1) {
- errorExit("Please specify valid and unique RBAC instance");
- } else {
- $rbacInstance = $instance[0];
- }
-
- $SLCoptions = $rbacInstance ->{'SLCsupport'};
-
- return {
- rbacbase => $rbacInstance->{rbacbase},
- noDelegationURL => $SLCoptions->{noDelegationURL},
- portalDelegationURL => $SLCoptions->{portalDelegationURL},
- SLCSaddress => $SLCoptions->{SLCSaddress}
- };
-
-
-}
-
-
-sub invokeWebService {
- my ($endpointInWSDL,$namespace,$methodname,$arghash) = @_;
-
- use SOAP::Lite;
-
- my $soap = SOAP::Lite->new( proxy => $endpointInWSDL);
- $soap->default_ns($namespace);
-
- @args = ();
- foreach $k (keys %{$arghash}) {
- push @args, SOAP::Data->name($k)->value( $arghash->{$k});
- }
-
- my $result = $soap->call( $methodname, @args );
-
- die $result->fault->{ faultstring } if ($result->fault);
-
- return $result->freeform; # i.e. a hash
-}
-
-
-sub errorExitWithSID {
- my ($eppn, $sid, $noDelegationURL, $format) = @_;
- print $cgi->header();
- print $cgi->start_html(
- -title=>"Delegation not successful");
-
- print sprintf("Error: " . $format, @_);
-
- print "<br/>\n";
- print "Delegation did not succeed. However, you can also work without a certificate now.<br/>\n";
- print "<form method=\"post\" action=\"" . $noDelegationURL . "\">\n";
- print "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $eppn ."|". $sid . "\" />\n";
- print "<input type=\"submit\" value=\"Work without a Certificate\"/>\n";
- print "</form><br/>\n";
-
- print $cgi->end_html();
- exit(1);
-}
-
-
-# errorExit()
-# Dump HTML error and exit
-sub errorExit
-{
- my $format = shift;
- print $cgi->header();
- print sprintf("Error: " . $format, @_);
- exit(1);
-}
-
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/soapTypes.inc.php b/info.textgrid.middleware.tgauth.webauth/secure/soapTypes.inc.php
deleted file mode 100644
index 09f2371..0000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/soapTypes.inc.php
+++ /dev/null
@@ -1,528 +0,0 @@
-<?php
-class authenticateRequest {
-
- public $username;
- public $password;
- public $log;
-
-}
-
-class setNameRequest {
-
- public $auth;
- public $log;
- public $webAuthSecret;
- public $name;
- public $mail;
- public $organisation;
- public $agreeSearch;
-
-}
-
-class authenticateResponse {
-
- public $sid;
-
-}
-
-class getSidResponse {
-
- public $sid;
-
-}
-
-class checkAccessRequest {
-
- public $intSid;
- public $operation;
- public $resource;
- public $sid;
-
-}
-
-class tgCheckAccessRequest {
-
- public $auth;
- public $log;
- public $operation;
- public $resource;
- public $sid;
-
-}
-
-class tgGrantPermissionRequest {
-
- public $auth;
- public $log;
- public $role;
- public $resource;
- public $operation;
-
-}
-
-class tgRevokePermissionRequest {
-
- public $auth;
- public $log;
- public $role;
- public $resource;
- public $operation;
-
-}
-
-class getOwnerRequest {
-
- public $auth;
- public $log;
- public $resource;
-
-}
-
-class getOwnerResponse {
-
- public $owner;
-
-}
-
-class getMembersRequest {
-
- public $auth;
- public $log;
- public $project;
-
-}
-
-class deactivateProjectRequest {
-
- public $auth;
- public $log;
- public $project;
-
-}
-
-class getRightsRequest {
-
- public $auth;
- public $log;
- public $resource;
- public $username;
-
-}
-
-class publishRequest {
-
- public $auth;
- public $log;
- public $resource;
-
-}
-
-class getProjectDescriptionRequest {
-
- public $auth;
- public $log;
- public $project;
-
-}
-
-class getProjectDescriptionResponse {
-
- public $description;
-
-}
-
-class createSessionRequest {
-
- public $intSid;
- public $username;
- public $roleset;
- public $sid;
-
-}
-
-class tgAddActiveRoleRequest {
-
- public $auth;
- public $log;
- public $role;
-
-}
-
-class tgAssignedRolesRequest {
-
- public $auth;
- public $log;
- public $username;
-
-}
-
-class tgAssignedProjectsRequest {
-
- public $auth;
- public $log;
-
-}
-
-class deleteSessionRequest {
-
- public $intSid;
- public $username;
- public $sid;
-
-}
-
-class addActiveRoleRequest {
-
- public $intSid;
- public $username;
- public $role;
- public $sid;
-
-}
-
-class addUserRequest {
-
- public $intSid;
- public $username;
- public $password;
-
-}
-
-class deleteUserRequest {
-
- public $intSid;
- public $username;
-
-}
-
-class addInheritanceRequest {
-
- public $intSid;
- public $ascendant;
- public $descendant;
-
-}
-
-class deleteInheritanceRequest {
-
- public $intSid;
- public $ascendant;
- public $descendant;
-
-}
-
-class addAscendantRequest {
-
- public $intSid;
- public $ascendant;
- public $descendant;
-
-}
-
-class addDescendantRequest {
-
- public $intSid;
- public $ascendant;
- public $descendant;
-
-}
-
-class addRoleRequest {
-
- public $intSid;
- public $role;
-
-}
-
-class deleteRoleRequest {
-
- public $intSid;
- public $role;
-
-}
-
-class grantPermissionRequest {
-
- public $intSid;
- public $resource;
- public $operation;
- public $role;
-
-}
-
-class revokePermissionRequest {
-
- public $intSid;
- public $resource;
- public $operation;
- public $role;
-
-}
-
-class assignUserRequest {
-
- public $intSid;
- public $username;
- public $role;
-
-}
-
-class deassignUserRequest {
-
- public $intSid;
- public $username;
- public $role;
-
-}
-
-class sessionRolesRequest {
-
- public $intSid;
- public $sid;
-
-}
-
-class assignedRolesRequest {
-
- public $intSid;
- public $username;
-
-}
-
-class authorizedRolesRequest {
-
- public $intSid;
- public $username;
-
-}
-
-class roleOperationsOnObjectRequest {
-
- public $intSid;
- public $role;
- public $resource;
-
-}
-
-class userOperationsOnObjectRequest {
-
- public $intSid;
- public $user;
- public $resource;
-
-}
-
-class operationsetResponse {
-
- public $operationset;
-
-}
-
-class assignedUsersRequest {
-
- public $intSid;
- public $role;
-
-}
-
-class authorizedUsersRequest {
-
- public $intSid;
- public $role;
-
-}
-
-class usersetResponse {
-
- public $username;
-
-}
-
-class rolePermissionsRequest {
-
- public $intSid;
- public $role;
-
-}
-
-class userPermissionsRequest {
-
- public $intSid;
- public $username;
-
-}
-
-class getLeaderRequest {
-
- public $auth;
- public $log;
- public $project;
-
-}
-
-class getObjectsRequest {
-
- public $auth;
- public $log;
- public $project;
-
-}
-
-class sessionPermissionsRequest {
-
- public $intSid;
- public $sid;
-
-}
-
-class rolesetResponse {
-
- public $role;
-
-}
-
-class permissionsetResponse {
-
- public $permissionset;
-
-}
-
-class resourcesetResponse {
-
- public $resource;
-
-}
-
-class createProjectRequest {
-
- public $auth;
- public $log;
- public $name;
- public $description;
-
-}
-
-class registerResourceRequest {
-
- public $auth;
- public $log;
- public $project;
- public $uri;
-
-}
-
-class unregisterResourceRequest {
-
- public $auth;
- public $log;
- public $uri;
-
-}
-
-class addMemberRequest {
-
- public $auth;
- public $log;
- public $role;
- public $username;
-
-}
-
-class deleteMemberRequest {
-
- public $auth;
- public $log;
- public $role;
- public $username;
-
-}
-
-class createProjectResponse {
-
- public $projectId;
-
-}
-
-class getAllProjectsResponse {
-
- public $project;
-
-}
-
-class getAllProjectsRequest {
-
- public $log;
-
-}
-
-class userExistsRequest {
-
- public $auth;
- public $log;
- public $username;
-
-}
-
-
-class booleanResponse {
-
- public $result;
- public $errorCode;
- public $errorDescription;
-
-}
-
-class filterBySidRequest {
-
- public $auth;
- public $log;
- public $resource;
- public $operation;
-
-}
-
-class filterResponse {
-
- public $resource;
-
-}
-
-
-class permission {
-
- public $resource;
- public $operation;
-
-
- public function __construct( $inOperation, $inResource ) {
-
- $this->operation = $inOperation;
- $this->resource = $inResource;
-
- }
-
-}
-
-class projectInfo {
-
- public $id;
- public $description;
- public $name;
-
-
- public function __construct( $inId, $inName, $inDescription ) {
-
- $this->id = $inId;
- $this->description = $inDescription;
- $this->name = $inName;
-
- }
-
-}
-
-class checkXACMLaccessRequest {
-
- public $request;
-
-}
-?>
--
GitLab