diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACMLGrid.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACMLGrid.class.php
new file mode 100755
index 0000000000000000000000000000000000000000..99fd5fea4612f506b5791ef4f902af38627858fa
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACMLGrid.class.php
@@ -0,0 +1,163 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 24.09.2010
+// Modification date: 24.09.2010
+// Version: 0.0.1
+// #######################################################
+
+
+
+class XACMLGrid extends XACML {
+
+ // Global variables
+ protected $rbac;
+ protected $config;
+ protected $connection;
+
+
+
+ // -----------------------------------------------------
+ // Constructor
+ // Input: none
+ // Output: object RBACcore
+ // Description:
+ // Creates initial connections to the LDAP-server and
+ // sets some configuration parameters.
+ // -----------------------------------------------------
+ public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+
+/*
+ $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+ $this->config = new SimpleConfig( $inConfigurationFilename );
+*/
+
+ parent::__construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase );
+
+
+ $this->connection['user'] = new LDAP();
+ $this->connection['user']->connect( $this->config->getValue( "authentication", "host" ),
+ $this->config->getValue( "authentication", "port" ),
+ $this->config->getValue( "authentication", "version" ),
+ preg_match( "/yes/i", $this->config->getValue( "authentication", "tls" ) ) ? true : false );
+ $this->connection['user']->bind( $this->config->getValue( "authentication", "binddn" ),
+ $this->config->getValue( "authentication", "password" ) );
+ $this->connection['resource'] = $this->rbac->getConnection( "resource" );
+ $this->connection['session'] = $this->rbac->getConnection( "session" );
+
+ }
+
+
+
+
+ // -----------------------------------------------------
+ // Function: checkXACMLaccess
+ // Input: auth / xsd:string
+ // log / xsd:string
+ // username / xsd:string
+ // Output: result / xsd:boolean
+ // Description
+ // Checks if a given user exists in the LDAP directory.
+ // -----------------------------------------------------
+ function checkXACMLaccess( $inRequest ) {
+
+ $strFilter = ""; // An LDAP filter string
+ $result = new stdClass(); // The response
+
+
+ try {
+
+ $strDnUsername = $inRequest->Request->Subject->Attribute->AttributeValue->any;
+
+
+ // Get the user's real name
+ $strFilter = "(" . $this->config->getValue( "xacmlGrid", "certDnAttribute" ) . "=" . $strDnUsername . ")";
+ $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $strFilter, "sub" );
+
+
+ if( sizeof( $arrUserEntry ) > 0 ) {
+
+ // Set the username from the first available result
+ // (there should only be one).
+ $strRealUsername = $arrUserEntry[0][strtolower($this->config->getValue( "authentication", "namingattribute" ))][0];
+
+ fwrite( $file, "strRealUsername: " . $strRealUsername . "\n" );
+
+ // Get the user's roles
+ $arrRole = $this->rbac->authorizedRoles( $strRealUsername );
+
+
+ // Search for an existing session for the cert DN.
+ $strFilter = "(rbacSession=" . $inRequest->Request->Subject->Attribute->AttributeValue->any . ")";
+ $arrSession = $this->connection['session']->search( $this->rbac->getConfiguration()->getValue( "session", "base" ), "sub", $strFilter );
+
+
+ // Create a temporary session for the user that will
+ // be removed after the check has been completed.
+ $strSessionId = "temp_" . $this->createSessionID();
+
+ $this->rbac->createSession( $strRealUsername, $arrRole, $strSessionId );
+
+
+ // Replace the user's cert DN by the temporary session ID
+ $inRequest->Request->Subject->Attribute->AttributeValue->any = $strSessionId;
+
+
+ // Check the access...
+ $result = parent::checkXACMLaccess( $inRequest );
+
+
+ // Re-replace the user's temporary session ID by the user's cert DN
+ $inRequest->Request->Subject->Attribute->AttributeValue->any = $strDnUsername;
+
+
+ // Remove the temporary session.
+ $this->rbac->deleteSession( $strRealUsername, $strSessionId );
+
+ }
+
+ }
+ catch( Exception $e ) {
+
+ $result->Response->Result->Decision = "NotApplicable";
+
+ }
+
+
+ fclose( $file );
+
+ return $result;
+
+ }
+
+
+ private function createSessionID() {
+
+ $sid = ""; // Session-ID
+ $tmp = ""; // Temporaere Session-ID
+
+
+ // Setzen eines Startwerts fuer den Zufallsgenerator
+ mt_srand( (double)microtime(true) * 1234560);
+
+ // Erzeugen eines Zufallsstrings
+ for( $i = 0; $i < 256; $i++ ) {
+
+ $tmp = chr( mt_rand( 0, 255 ) );
+
+
+ if( preg_match( "/[a-zA-Z0-9]/", $tmp ) ) {
+
+ $sid .= $tmp;
+
+ }
+
+ }
+ $sid .= (integer) ( microtime(true) * 1000000) ;
+
+ return $sid;
+
+ }
+
+}
+?>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl
index 9755d2846ede5bcf99cf63dff5b88c9ff67603ef..064e8ed3f639ab993de8ba5234e166a478562778 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl
@@ -1,14 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions name="xacml"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:tns="http://daasi.de/namespaces/rbac/xacml"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- targetNamespace="http://daasi.de/namespaces/rbac/xacml"
- xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
- xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
-
+<wsdl:definitions name="xacml" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://daasi.de/namespaces/rbac/xacml" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
<!--
####################
@@ -17,16 +14,14 @@
//-->
<wsdl:types>
<xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
- <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
- schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd" />
- <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
- schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"/>
-
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"
+ />
</xsd:schema>
-
</wsdl:types>
-
<!--
#################
# WSDL-Messages #
@@ -35,59 +30,53 @@
<!-- #### checkXACMLaccess #### //-->
<wsdl:message name="checkXACMLaccessRequest">
- <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput" />
+ <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput"/>
</wsdl:message>
<wsdl:message name="checkXACMLaccessResponse">
- <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput" />
+ <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput"/>
</wsdl:message>
-
-
<!--
##########################
# Port-Type-Definitionen #
##########################
//-->
<wsdl:portType name="port_xacml">
-
<!-- #### checkXACMLaccess #### //-->
<wsdl:operation name="checkXACMLaccess">
- <wsdl:input message="tns:checkXACMLaccessRequest" />
- <wsdl:output message="tns:checkXACMLaccessResponse" />
+ <wsdl:input message="tns:checkXACMLaccessRequest"/>
+ <wsdl:output message="tns:checkXACMLaccessResponse"/>
</wsdl:operation>
-
</wsdl:portType>
-
-
<!--
###########
# Binding #
###########
//-->
<wsdl:binding name="binding_xacml" type="tns:port_xacml">
- <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<!-- #### checkXACMLaccess #### //-->
<wsdl:operation name="checkXACMLaccess">
- <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess" />
- <wsdl:input><soap:body use="literal" /></wsdl:input>
- <wsdl:output><soap:body use="literal" /></wsdl:output>
+ <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
</wsdl:operation>
-
</wsdl:binding>
-
-
<!--
#####################
# Servicedefinition #
#####################
//-->
<wsdl:service name="xacml">
- <wsdl:port binding="tns:binding_xacml" name="tns:xacml">
- <soap:address location="http://rbac-test.textgrid.daasi.de/xacml.php" />
+ <wsdl:port binding="tns:binding_xacml" name="xacml">
+ <soap:address location="http://ingrid.sub.uni-goettingen.de/rbac-8082/xacml.php"/>
</wsdl:port>
</wsdl:service>
-
</wsdl:definitions>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacmlGrid.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacmlGrid.wsdl
new file mode 100644
index 0000000000000000000000000000000000000000..ad0e4bbc980d1deae1204a8c4ec5851782ff6568
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacmlGrid.wsdl
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<wsdl:definitions name="xacml" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:tns="http://daasi.de/namespaces/rbac/xacml" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+ xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
+
+ <!--
+ ####################
+ # Typ-Definitionen #
+ ####################
+ //-->
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+ schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+ <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+ schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"
+ />
+ </xsd:schema>
+ </wsdl:types>
+
+ <!--
+ #################
+ # WSDL-Messages #
+ #################
+ //-->
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:message name="checkXACMLaccessRequest">
+ <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput"/>
+ </wsdl:message>
+ <wsdl:message name="checkXACMLaccessResponse">
+ <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput"/>
+ </wsdl:message>
+
+ <!--
+ ##########################
+ # Port-Type-Definitionen #
+ ##########################
+ //-->
+ <wsdl:portType name="port_xacml">
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <wsdl:input message="tns:checkXACMLaccessRequest"/>
+ <wsdl:output message="tns:checkXACMLaccessResponse"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!--
+ ###########
+ # Binding #
+ ###########
+ //-->
+ <wsdl:binding name="binding_xacml" type="tns:port_xacml">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+
+ <!-- #### checkXACMLaccess #### //-->
+ <wsdl:operation name="checkXACMLaccess">
+ <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess"/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <!--
+ #####################
+ # Servicedefinition #
+ #####################
+ //-->
+ <wsdl:service name="xacml">
+ <wsdl:port binding="tns:binding_xacml" name="xacml">
+ <soap:address location="http://ingrid.sub.uni-goettingen.de/rbac-8082/xacmlGrid.php"/>
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlGrid.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlGrid.php
new file mode 100755
index 0000000000000000000000000000000000000000..42ac0742d66620588e1ce14883fad10a7e05fa44
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlGrid.php
@@ -0,0 +1,28 @@
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+
+
+require_once( "xacmlTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "XACML.class.php" );
+require_once( "XACMLGrid.class.php" );
+
+
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+
+
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/xacmlGrid.wsdl" );
+$server->setClass( "XACMLGrid", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+
+
+$server->handle();
+?>