furhter merging

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@7752 7c539038-3410-0410-b1ec-0f2a7bf1c452

furhter merging
950d75bc · Martin Haase · 743dd778 · 950d75bc · 950d75bc · 950d75bc
Commit 950d75bc authored 14 years ago by Martin Haase
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACMLGrid.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/XACMLGrid.class.php
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 24.09.2010
+// Modification date: 24.09.2010
+// Version: 0.0.1
+// #######################################################
+class XACMLGrid extends XACML {
+  // Global variables
+  protected $rbac;
+  protected $config;
+  protected $connection;
+  // -----------------------------------------------------
+  // Constructor
+  // Input: none
+  // Output: object RBACcore
+  // Description:
+  //   Creates initial connections to the LDAP-server and
+  //   sets some configuration parameters.
+  // -----------------------------------------------------
+  public function __construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase ) {
+/*
+    $this->rbac = new RBAC( $inRbacConfFile, $inRbacBase );
+    $this->config = new SimpleConfig( $inConfigurationFilename );
+*/
+    parent::__construct( $inConfigurationFilename, $inRbacConfFile, $inRbacBase );
+    $this->connection['user'] = new LDAP();
+    $this->connection['user']->connect( $this->config->getValue( "authentication", "host" ),
+                                        $this->config->getValue( "authentication", "port" ),
+                                        $this->config->getValue( "authentication", "version" ),
+                                        preg_match( "/yes/i", $this->config->getValue( "authentication", "tls" ) ) ? true : false );
+    $this->connection['user']->bind( $this->config->getValue( "authentication", "binddn" ),
+                                     $this->config->getValue( "authentication", "password" ) );
+    $this->connection['resource'] = $this->rbac->getConnection( "resource" );
+    $this->connection['session'] = $this->rbac->getConnection( "session" );
+  }
+  // -----------------------------------------------------
+  // Function: checkXACMLaccess
+  // Input: auth / xsd:string
+  //        log / xsd:string
+  //        username / xsd:string
+  // Output: result / xsd:boolean
+  // Description
+  //   Checks if a given user exists in the LDAP directory.
+  // -----------------------------------------------------
+  function checkXACMLaccess( $inRequest ) {
+    $strFilter = "";           // An LDAP filter string
+    $result = new stdClass();  // The response
+    try {
+      $strDnUsername = $inRequest->Request->Subject->Attribute->AttributeValue->any;
+      // Get the user's real name
+      $strFilter = "(" . $this->config->getValue( "xacmlGrid", "certDnAttribute" ) . "=" . $strDnUsername . ")";
+      $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $strFilter, "sub" );
+      if( sizeof( $arrUserEntry ) > 0 ) {
+        // Set the username from the first available result
+        // (there should only be one).
+        $strRealUsername = $arrUserEntry[0][strtolower($this->config->getValue( "authentication", "namingattribute" ))][0];
+        fwrite( $file, "strRealUsername: " . $strRealUsername . "\n" );
+        // Get the user's roles
+        $arrRole = $this->rbac->authorizedRoles( $strRealUsername );
+        // Search for an existing session for the cert DN.
+        $strFilter = "(rbacSession=" . $inRequest->Request->Subject->Attribute->AttributeValue->any . ")";
+        $arrSession = $this->connection['session']->search( $this->rbac->getConfiguration()->getValue( "session", "base" ), "sub", $strFilter );
+        // Create a temporary session for the user that will
+        // be removed after the check has been completed.
+        $strSessionId = "temp_" . $this->createSessionID();
+        $this->rbac->createSession( $strRealUsername, $arrRole, $strSessionId );
+        // Replace the user's cert DN by the temporary session ID
+        $inRequest->Request->Subject->Attribute->AttributeValue->any = $strSessionId;
+        // Check the access...
+        $result = parent::checkXACMLaccess( $inRequest );
+        // Re-replace the user's temporary session ID by the user's cert DN
+        $inRequest->Request->Subject->Attribute->AttributeValue->any = $strDnUsername;
+        // Remove the temporary session.
+        $this->rbac->deleteSession( $strRealUsername, $strSessionId );
+      }
+    }
+    catch( Exception $e ) {
+      $result->Response->Result->Decision = "NotApplicable";
+    }
+    fclose( $file );
+    return $result;
+  }
+  private function createSessionID() {
+    $sid = "";  // Session-ID
+    $tmp = "";  // Temporaere Session-ID
+    // Setzen eines Startwerts fuer den Zufallsgenerator
+    mt_srand( (double)microtime(true) * 1234560);
+    // Erzeugen eines Zufallsstrings
+    for( $i = 0; $i < 256; $i++ ) {
+      $tmp = chr( mt_rand( 0, 255 ) );
+      if( preg_match( "/[a-zA-Z0-9]/", $tmp ) ) {
+        $sid .= $tmp;
+      }
+    }
+    $sid .= (integer) ( microtime(true) * 1000000) ;
+    return $sid;
+  }
+}
+?>
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacml.wsdl
 <?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions name="xacml"
+<wsdl:definitions name="xacml" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
-                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+  xmlns:tns="http://daasi.de/namespaces/rbac/xacml" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
-                  xmlns:tns="http://daasi.de/namespaces/rbac/xacml"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-                  xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+  targetNamespace="http://daasi.de/namespaces/rbac/xacml"
-                  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
-                  targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+  xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
-                  xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
-                  xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
  <!--
  ####################
@@ -17,16 +14,14 @@
  //-->
  <wsdl:types>
    <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
-    	<xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+      <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
-                    schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd" />
+        schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
-	<xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+      <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
-                    schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"/>
+        schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"
+      />
    </xsd:schema>
  </wsdl:types>
  <!--
  #################
  # WSDL-Messages #
@@ -35,59 +30,53 @@
  <!-- #### checkXACMLaccess #### //-->
  <wsdl:message name="checkXACMLaccessRequest">
-    <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput" />
+    <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput"/>
  </wsdl:message>
  <wsdl:message name="checkXACMLaccessResponse">
-    <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput" />
+    <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput"/>
  </wsdl:message>
  <!--
  ##########################
  # Port-Type-Definitionen #
  ##########################
  //-->
  <wsdl:portType name="port_xacml">
    <!-- #### checkXACMLaccess #### //-->
    <wsdl:operation name="checkXACMLaccess">
-      <wsdl:input message="tns:checkXACMLaccessRequest" />
+      <wsdl:input message="tns:checkXACMLaccessRequest"/>
-      <wsdl:output message="tns:checkXACMLaccessResponse" />
+      <wsdl:output message="tns:checkXACMLaccessResponse"/>
    </wsdl:operation>
  </wsdl:portType>
  <!--
  ###########
  # Binding #
  ###########
  //-->
  <wsdl:binding name="binding_xacml" type="tns:port_xacml">
-    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
    <!-- #### checkXACMLaccess #### //-->
    <wsdl:operation name="checkXACMLaccess">
-      <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess" />
+      <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess"/>
-      <wsdl:input><soap:body use="literal" /></wsdl:input>
+      <wsdl:input>
-      <wsdl:output><soap:body use="literal" /></wsdl:output>
+        <soap:body use="literal"/>
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal"/>
+      </wsdl:output>
    </wsdl:operation>
  </wsdl:binding>
  <!--
  #####################
  # Servicedefinition #
  #####################
  //-->
  <wsdl:service name="xacml">
-    <wsdl:port binding="tns:binding_xacml" name="tns:xacml">
+    <wsdl:port binding="tns:binding_xacml" name="xacml">
-      <soap:address location="http://rbac-test.textgrid.daasi.de/xacml.php" />
+      <soap:address location="http://ingrid.sub.uni-goettingen.de/rbac-8082/xacml.php"/>
    </wsdl:port>
  </wsdl:service>
 </wsdl:definitions>
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacmlGrid.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8082/xacmlGrid.wsdl
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions name="xacml" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+  xmlns:tns="http://daasi.de/namespaces/rbac/xacml" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  targetNamespace="http://daasi.de/namespaces/rbac/xacml"
+  xmlns:xacml-samlp="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+  xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os">
+  <!--
+  ####################
+  # Typ-Definitionen #
+  ####################
+  //-->
+  <wsdl:types>
+    <xsd:schema targetNamespace="http://daasi.de/namespaces/rbac/xacml">
+      <xsd:import namespace="urn:oasis:xacml:2.0:saml:assertion:schema:os"
+        schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-assertion-schema-os.xsd"/>
+      <xsd:import namespace="urn:oasis:xacml:2.0:saml:protocol:schema:os"
+        schemaLocation="http://www.daasi.de/schema/oasis/access_control-xacml-2.0-saml-protocol-schema-os.xsd"
+      />
+    </xsd:schema>
+  </wsdl:types>
+  <!--
+  #################
+  # WSDL-Messages #
+  #################
+  //-->
+  <!-- #### checkXACMLaccess #### //-->
+  <wsdl:message name="checkXACMLaccessRequest">
+    <wsdl:part element="xacml-samlp:XACMLAuthzDecisionQuery" name="checkXACMLaccessInput"/>
+  </wsdl:message>
+  <wsdl:message name="checkXACMLaccessResponse">
+    <wsdl:part element="xacml-saml:XACMLAuthzDecisionStatement" name="checkXACMLaccessOutput"/>
+  </wsdl:message>
+  <!--
+  ##########################
+  # Port-Type-Definitionen #
+  ##########################
+  //-->
+  <wsdl:portType name="port_xacml">
+    <!-- #### checkXACMLaccess #### //-->
+    <wsdl:operation name="checkXACMLaccess">
+      <wsdl:input message="tns:checkXACMLaccessRequest"/>
+      <wsdl:output message="tns:checkXACMLaccessResponse"/>
+    </wsdl:operation>
+  </wsdl:portType>
+  <!--
+  ###########
+  # Binding #
+  ###########
+  //-->
+  <wsdl:binding name="binding_xacml" type="tns:port_xacml">
+    <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+    <!-- #### checkXACMLaccess #### //-->
+    <wsdl:operation name="checkXACMLaccess">
+      <soap:operation soapAction="http://daasi.de/rbac/xacml/checkXACMLaccess"/>
+      <wsdl:input>
+        <soap:body use="literal"/>
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal"/>
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <!--
+  #####################
+  # Servicedefinition #
+  #####################
+  //-->
+  <wsdl:service name="xacml">
+    <wsdl:port binding="tns:binding_xacml" name="xacml">
+      <soap:address location="http://ingrid.sub.uni-goettingen.de/rbac-8082/xacmlGrid.php"/>
+    </wsdl:port>
+  </wsdl:service>
+</wsdl:definitions>
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlGrid.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/xacmlGrid.php
+<?php
+// #######################################################
+// Author: Markus Widmer
+// Creation date: 07.07.2007
+// Modification date: 13.11.2007
+// Version: 1.0.0
+// #######################################################
+require_once( "xacmlTypes.inc.php" );
+require_once( "../rbac/RBAC.class.php" );
+require_once( "XACML.class.php" );
+require_once( "XACMLGrid.class.php" );
+// Dont be so verbose with messages and notices.
+error_reporting( E_ERROR | E_USER_ERROR );
+// #############################################################
+// Starting SOAP-Server
+// #############################################################
+$server = new SoapServer( "./wsdl/xacmlGrid.wsdl" );
+$server->setClass( "XACMLGrid", "../conf/rbacSoap.conf", "../conf/system.conf", "../rbac/" );
+$server->handle();
+?>