diff options
Diffstat (limited to '')
| -rw-r--r-- | hugo/libraries/plugins/auth/AuthenticationSignon.class.php | 284 |
1 files changed, 284 insertions, 0 deletions
diff --git a/hugo/libraries/plugins/auth/AuthenticationSignon.class.php b/hugo/libraries/plugins/auth/AuthenticationSignon.class.php new file mode 100644 index 0000000..ee1cf36 --- /dev/null +++ b/hugo/libraries/plugins/auth/AuthenticationSignon.class.php @@ -0,0 +1,284 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * SignOn Authentication plugin for phpMyAdmin + * + * @package PhpMyAdmin-Authentication + * @subpackage SignOn + */ +if (! defined('PHPMYADMIN')) { + exit; +} + +/* Get the authentication interface */ +require_once 'libraries/plugins/AuthenticationPlugin.class.php'; + +/** + * Handles the SignOn authentication method + * + * @package PhpMyAdmin-Authentication + */ +class AuthenticationSignon extends AuthenticationPlugin +{ + /** + * Displays authentication form + * + * @global string the font face to use in case of failure + * @global string the default font size to use in case of failure + * @global string the big font size to use in case of failure + * + * @return boolean always true (no return indeed) + */ + public function auth() + { + unset($_SESSION['LAST_SIGNON_URL']); + if (empty($GLOBALS['cfg']['Server']['SignonURL'])) { + PMA_fatalError('You must set SignonURL!'); + } elseif (! empty($_REQUEST['old_usr']) + && ! empty($GLOBALS['cfg']['Server']['LogoutURL']) + ) { + /* Perform logout to custom URL */ + PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']); + } else { + PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']); + } + exit(); + } + + /** + * Gets advanced authentication settings + * + * @global string the username if register_globals is on + * @global string the password if register_globals is on + * @global array the array of server variables if register_globals is + * off + * @global array the array of environment variables if register_globals + * is off + * @global string the username for the ? server + * @global string the password for the ? server + * @global string the username for the WebSite Professional server + * @global string the password for the WebSite Professional server + * @global string the username of the user who logs out + * + * @return boolean whether we get authentication settings or not + */ + public function authCheck() + { + global $PHP_AUTH_USER, $PHP_AUTH_PW; + + /* Check if we're using same sigon server */ + $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; + if (isset($_SESSION['LAST_SIGNON_URL']) + && $_SESSION['LAST_SIGNON_URL'] != $signon_url + ) { + return false; + } + + /* Script name */ + $script_name = $GLOBALS['cfg']['Server']['SignonScript']; + + /* Session name */ + $session_name = $GLOBALS['cfg']['Server']['SignonSession']; + + /* Login URL */ + $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; + + /* Current host */ + $single_signon_host = $GLOBALS['cfg']['Server']['host']; + + /* Current port */ + $single_signon_port = $GLOBALS['cfg']['Server']['port']; + + /* No configuration updates */ + $single_signon_cfgupdate = array(); + + /* Are we requested to do logout? */ + $do_logout = !empty($_REQUEST['old_usr']); + + /* Handle script based auth */ + if (!empty($script_name)) { + if (! file_exists($script_name)) { + PMA_fatalError( + __('Can not find signon authentication script:') + . ' '. $script_name + ); + } + include $script_name; + + list ($PHP_AUTH_USER, $PHP_AUTH_PW) + = get_login_credentials($cfg['Server']['user']); + + } elseif (isset($_COOKIE[$session_name])) { /* Does session exist? */ + /* End current session */ + $old_session = session_name(); + $old_id = session_id(); + session_write_close(); + + /* Load single signon session */ + session_name($session_name); + session_id($_COOKIE[$session_name]); + session_start(); + + /* Clear error message */ + unset($_SESSION['PMA_single_signon_error_message']); + + /* Grab credentials if they exist */ + if (isset($_SESSION['PMA_single_signon_user'])) { + if ($do_logout) { + $PHP_AUTH_USER = ''; + } else { + $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user']; + } + } + if (isset($_SESSION['PMA_single_signon_password'])) { + if ($do_logout) { + $PHP_AUTH_PW = ''; + } else { + $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password']; + } + } + if (isset($_SESSION['PMA_single_signon_host'])) { + $single_signon_host = $_SESSION['PMA_single_signon_host']; + } + + if (isset($_SESSION['PMA_single_signon_port'])) { + $single_signon_port = $_SESSION['PMA_single_signon_port']; + } + + if (isset($_SESSION['PMA_single_signon_cfgupdate'])) { + $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate']; + } + + + /* Also get token as it is needed to access subpages */ + if (isset($_SESSION['PMA_single_signon_token'])) { + /* No need to care about token on logout */ + $pma_token = $_SESSION['PMA_single_signon_token']; + } + + /* End single signon session */ + session_write_close(); + + /* Restart phpMyAdmin session */ + session_name($old_session); + if (!empty($old_id)) { + session_id($old_id); + } + session_start(); + + /* Set the single signon host */ + $GLOBALS['cfg']['Server']['host'] = $single_signon_host; + + /* Set the single signon port */ + $GLOBALS['cfg']['Server']['port'] = $single_signon_port; + + /* Configuration update */ + $GLOBALS['cfg']['Server'] = array_merge( + $GLOBALS['cfg']['Server'], + $single_signon_cfgupdate + ); + + /* Restore our token */ + if (!empty($pma_token)) { + $_SESSION[' PMA_token '] = $pma_token; + } + + /** + * Clear user cache. + */ + PMA_Util::clearUserCache(); + } + + // Returns whether we get authentication settings or not + if (empty($PHP_AUTH_USER)) { + unset($_SESSION['LAST_SIGNON_URL']); + return false; + } else { + $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL']; + return true; + } + } + + /** + * Set the user and password after last checkings if required + * + * @global array the valid servers settings + * @global integer the id of the current server + * @global array the current server settings + * @global string the current username + * @global string the current password + * + * @return boolean always true + */ + public function authSetUser() + { + global $cfg; + global $PHP_AUTH_USER, $PHP_AUTH_PW; + + $cfg['Server']['user'] = $PHP_AUTH_USER; + $cfg['Server']['password'] = $PHP_AUTH_PW; + + return true; + } + + /** + * User is not allowed to login to MySQL -> authentication failed + * + * @return boolean always true (no return indeed) + */ + public function authFails() + { + /* Session name */ + $session_name = $GLOBALS['cfg']['Server']['SignonSession']; + + /* Does session exist? */ + if (isset($_COOKIE[$session_name])) { + /* End current session */ + $old_session = session_name(); + $old_id = session_id(); + session_write_close(); + + /* Load single signon session */ + session_name($session_name); + session_id($_COOKIE[$session_name]); + session_start(); + + /* Set error message */ + if (! empty($GLOBALS['login_without_password_is_forbidden'])) { + $_SESSION['PMA_single_signon_error_message'] = __( + 'Login without a password is forbidden by configuration ' + . '(see AllowNoPassword)' + ); + } elseif (! empty($GLOBALS['allowDeny_forbidden'])) { + $_SESSION['PMA_single_signon_error_message'] = __('Access denied'); + } elseif (! empty($GLOBALS['no_activity'])) { + $_SESSION['PMA_single_signon_error_message'] = sprintf( + __('No activity within %s seconds; please log in again'), + $GLOBALS['cfg']['LoginCookieValidity'] + ); + } elseif (PMA_DBI_getError()) { + $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize( + PMA_DBI_getError() + ); + } else { + $_SESSION['PMA_single_signon_error_message'] = __( + 'Cannot log in to the MySQL server' + ); + } + } + $this->auth(); + } + + /** + * This method is called when any PluginManager to which the observer + * is attached calls PluginManager::notify() + * + * @param SplSubject $subject The PluginManager notifying the observer + * of an update. + * + * @return void + */ + public function update (SplSubject $subject) + { + } +}
\ No newline at end of file |