summaryrefslogtreecommitdiff
path: root/hugo/libraries/plugins/auth/AuthenticationSignon.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'hugo/libraries/plugins/auth/AuthenticationSignon.class.php')
-rw-r--r--hugo/libraries/plugins/auth/AuthenticationSignon.class.php284
1 files changed, 284 insertions, 0 deletions
diff --git a/hugo/libraries/plugins/auth/AuthenticationSignon.class.php b/hugo/libraries/plugins/auth/AuthenticationSignon.class.php
new file mode 100644
index 0000000..ee1cf36
--- /dev/null
+++ b/hugo/libraries/plugins/auth/AuthenticationSignon.class.php
@@ -0,0 +1,284 @@
+<?php
+/* vim: set expandtab sw=4 ts=4 sts=4: */
+/**
+ * SignOn Authentication plugin for phpMyAdmin
+ *
+ * @package PhpMyAdmin-Authentication
+ * @subpackage SignOn
+ */
+if (! defined('PHPMYADMIN')) {
+ exit;
+}
+
+/* Get the authentication interface */
+require_once 'libraries/plugins/AuthenticationPlugin.class.php';
+
+/**
+ * Handles the SignOn authentication method
+ *
+ * @package PhpMyAdmin-Authentication
+ */
+class AuthenticationSignon extends AuthenticationPlugin
+{
+ /**
+ * Displays authentication form
+ *
+ * @global string the font face to use in case of failure
+ * @global string the default font size to use in case of failure
+ * @global string the big font size to use in case of failure
+ *
+ * @return boolean always true (no return indeed)
+ */
+ public function auth()
+ {
+ unset($_SESSION['LAST_SIGNON_URL']);
+ if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
+ PMA_fatalError('You must set SignonURL!');
+ } elseif (! empty($_REQUEST['old_usr'])
+ && ! empty($GLOBALS['cfg']['Server']['LogoutURL'])
+ ) {
+ /* Perform logout to custom URL */
+ PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
+ } else {
+ PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']);
+ }
+ exit();
+ }
+
+ /**
+ * Gets advanced authentication settings
+ *
+ * @global string the username if register_globals is on
+ * @global string the password if register_globals is on
+ * @global array the array of server variables if register_globals is
+ * off
+ * @global array the array of environment variables if register_globals
+ * is off
+ * @global string the username for the ? server
+ * @global string the password for the ? server
+ * @global string the username for the WebSite Professional server
+ * @global string the password for the WebSite Professional server
+ * @global string the username of the user who logs out
+ *
+ * @return boolean whether we get authentication settings or not
+ */
+ public function authCheck()
+ {
+ global $PHP_AUTH_USER, $PHP_AUTH_PW;
+
+ /* Check if we're using same sigon server */
+ $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
+ if (isset($_SESSION['LAST_SIGNON_URL'])
+ && $_SESSION['LAST_SIGNON_URL'] != $signon_url
+ ) {
+ return false;
+ }
+
+ /* Script name */
+ $script_name = $GLOBALS['cfg']['Server']['SignonScript'];
+
+ /* Session name */
+ $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
+
+ /* Login URL */
+ $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
+
+ /* Current host */
+ $single_signon_host = $GLOBALS['cfg']['Server']['host'];
+
+ /* Current port */
+ $single_signon_port = $GLOBALS['cfg']['Server']['port'];
+
+ /* No configuration updates */
+ $single_signon_cfgupdate = array();
+
+ /* Are we requested to do logout? */
+ $do_logout = !empty($_REQUEST['old_usr']);
+
+ /* Handle script based auth */
+ if (!empty($script_name)) {
+ if (! file_exists($script_name)) {
+ PMA_fatalError(
+ __('Can not find signon authentication script:')
+ . ' '. $script_name
+ );
+ }
+ include $script_name;
+
+ list ($PHP_AUTH_USER, $PHP_AUTH_PW)
+ = get_login_credentials($cfg['Server']['user']);
+
+ } elseif (isset($_COOKIE[$session_name])) { /* Does session exist? */
+ /* End current session */
+ $old_session = session_name();
+ $old_id = session_id();
+ session_write_close();
+
+ /* Load single signon session */
+ session_name($session_name);
+ session_id($_COOKIE[$session_name]);
+ session_start();
+
+ /* Clear error message */
+ unset($_SESSION['PMA_single_signon_error_message']);
+
+ /* Grab credentials if they exist */
+ if (isset($_SESSION['PMA_single_signon_user'])) {
+ if ($do_logout) {
+ $PHP_AUTH_USER = '';
+ } else {
+ $PHP_AUTH_USER = $_SESSION['PMA_single_signon_user'];
+ }
+ }
+ if (isset($_SESSION['PMA_single_signon_password'])) {
+ if ($do_logout) {
+ $PHP_AUTH_PW = '';
+ } else {
+ $PHP_AUTH_PW = $_SESSION['PMA_single_signon_password'];
+ }
+ }
+ if (isset($_SESSION['PMA_single_signon_host'])) {
+ $single_signon_host = $_SESSION['PMA_single_signon_host'];
+ }
+
+ if (isset($_SESSION['PMA_single_signon_port'])) {
+ $single_signon_port = $_SESSION['PMA_single_signon_port'];
+ }
+
+ if (isset($_SESSION['PMA_single_signon_cfgupdate'])) {
+ $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate'];
+ }
+
+
+ /* Also get token as it is needed to access subpages */
+ if (isset($_SESSION['PMA_single_signon_token'])) {
+ /* No need to care about token on logout */
+ $pma_token = $_SESSION['PMA_single_signon_token'];
+ }
+
+ /* End single signon session */
+ session_write_close();
+
+ /* Restart phpMyAdmin session */
+ session_name($old_session);
+ if (!empty($old_id)) {
+ session_id($old_id);
+ }
+ session_start();
+
+ /* Set the single signon host */
+ $GLOBALS['cfg']['Server']['host'] = $single_signon_host;
+
+ /* Set the single signon port */
+ $GLOBALS['cfg']['Server']['port'] = $single_signon_port;
+
+ /* Configuration update */
+ $GLOBALS['cfg']['Server'] = array_merge(
+ $GLOBALS['cfg']['Server'],
+ $single_signon_cfgupdate
+ );
+
+ /* Restore our token */
+ if (!empty($pma_token)) {
+ $_SESSION[' PMA_token '] = $pma_token;
+ }
+
+ /**
+ * Clear user cache.
+ */
+ PMA_Util::clearUserCache();
+ }
+
+ // Returns whether we get authentication settings or not
+ if (empty($PHP_AUTH_USER)) {
+ unset($_SESSION['LAST_SIGNON_URL']);
+ return false;
+ } else {
+ $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
+ return true;
+ }
+ }
+
+ /**
+ * Set the user and password after last checkings if required
+ *
+ * @global array the valid servers settings
+ * @global integer the id of the current server
+ * @global array the current server settings
+ * @global string the current username
+ * @global string the current password
+ *
+ * @return boolean always true
+ */
+ public function authSetUser()
+ {
+ global $cfg;
+ global $PHP_AUTH_USER, $PHP_AUTH_PW;
+
+ $cfg['Server']['user'] = $PHP_AUTH_USER;
+ $cfg['Server']['password'] = $PHP_AUTH_PW;
+
+ return true;
+ }
+
+ /**
+ * User is not allowed to login to MySQL -> authentication failed
+ *
+ * @return boolean always true (no return indeed)
+ */
+ public function authFails()
+ {
+ /* Session name */
+ $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
+
+ /* Does session exist? */
+ if (isset($_COOKIE[$session_name])) {
+ /* End current session */
+ $old_session = session_name();
+ $old_id = session_id();
+ session_write_close();
+
+ /* Load single signon session */
+ session_name($session_name);
+ session_id($_COOKIE[$session_name]);
+ session_start();
+
+ /* Set error message */
+ if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
+ $_SESSION['PMA_single_signon_error_message'] = __(
+ 'Login without a password is forbidden by configuration '
+ . '(see AllowNoPassword)'
+ );
+ } elseif (! empty($GLOBALS['allowDeny_forbidden'])) {
+ $_SESSION['PMA_single_signon_error_message'] = __('Access denied');
+ } elseif (! empty($GLOBALS['no_activity'])) {
+ $_SESSION['PMA_single_signon_error_message'] = sprintf(
+ __('No activity within %s seconds; please log in again'),
+ $GLOBALS['cfg']['LoginCookieValidity']
+ );
+ } elseif (PMA_DBI_getError()) {
+ $_SESSION['PMA_single_signon_error_message'] = PMA_sanitize(
+ PMA_DBI_getError()
+ );
+ } else {
+ $_SESSION['PMA_single_signon_error_message'] = __(
+ 'Cannot log in to the MySQL server'
+ );
+ }
+ }
+ $this->auth();
+ }
+
+ /**
+ * This method is called when any PluginManager to which the observer
+ * is attached calls PluginManager::notify()
+ *
+ * @param SplSubject $subject The PluginManager notifying the observer
+ * of an update.
+ *
+ * @return void
+ */
+ public function update (SplSubject $subject)
+ {
+ }
+} \ No newline at end of file
generated by cgit v1.0-28-g1787 at 2026-01-09 07:58:01 +0000