diff options
| author | Charles <sircharlesaze@gmail.com> | 2020-01-09 10:55:03 +0100 |
|---|---|---|
| committer | Charles <sircharlesaze@gmail.com> | 2020-01-09 13:09:38 +0100 |
| commit | 04d6d5ca99ebfd1cebb8ce06618fb3811fc1a8aa (patch) | |
| tree | 5c691241355c943a3c68ddb06b8cf8c60aa11319 /srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php | |
| parent | 7e0d85db834d6351ed85d01e5126ac31dc510b86 (diff) | |
| download | ft_server-04d6d5ca99ebfd1cebb8ce06618fb3811fc1a8aa.tar.gz ft_server-04d6d5ca99ebfd1cebb8ce06618fb3811fc1a8aa.tar.bz2 ft_server-04d6d5ca99ebfd1cebb8ce06618fb3811fc1a8aa.zip | |
phpmyadmin working
Diffstat (limited to 'srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php')
| -rw-r--r-- | srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php | 282 |
1 files changed, 282 insertions, 0 deletions
diff --git a/srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php b/srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php new file mode 100644 index 0000000..36b1d66 --- /dev/null +++ b/srcs/phpmyadmin/libraries/classes/Plugins/Auth/AuthenticationSignon.php @@ -0,0 +1,282 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * SignOn Authentication plugin for phpMyAdmin + * + * @package PhpMyAdmin-Authentication + * @subpackage SignOn + */ +declare(strict_types=1); + +namespace PhpMyAdmin\Plugins\Auth; + +use PhpMyAdmin\Core; +use PhpMyAdmin\Plugins\AuthenticationPlugin; +use PhpMyAdmin\Util; + +/** + * Handles the SignOn authentication method + * + * @package PhpMyAdmin-Authentication + */ +class AuthenticationSignon extends AuthenticationPlugin +{ + /** + * Displays authentication form + * + * @return boolean always true (no return indeed) + */ + public function showLoginForm() + { + unset($_SESSION['LAST_SIGNON_URL']); + if (empty($GLOBALS['cfg']['Server']['SignonURL'])) { + Core::fatalError('You must set SignonURL!'); + } else { + Core::sendHeaderLocation($GLOBALS['cfg']['Server']['SignonURL']); + } + + if (! defined('TESTSUITE')) { + exit; + } else { + return false; + } + } + + /** + * Set cookie params + * + * @param array $sessionCookieParams The cookie params + * @return void + */ + public function setCookieParams(array $sessionCookieParams = null): void + { + /* Session cookie params from config */ + if ($sessionCookieParams === null) { + $sessionCookieParams = (array) $GLOBALS['cfg']['Server']['SignonCookieParams']; + } + + /* Sanitize cookie params */ + $defaultCookieParams = function ($key) { + switch ($key) { + case 'lifetime': + return 0; + case 'path': + return '/'; + case 'domain': + return ''; + case 'secure': + return false; + case 'httponly': + return false; + } + return null; + }; + + foreach (['lifetime', 'path', 'domain', 'secure', 'httponly'] as $key) { + if (! isset($sessionCookieParams[$key])) { + $sessionCookieParams[$key] = $defaultCookieParams($key); + } + } + + if (isset($sessionCookieParams['samesite']) + && ! in_array($sessionCookieParams['samesite'], ['Lax', 'Strict'])) { + // Not a valid value for samesite + unset($sessionCookieParams['samesite']); + } + + if (version_compare(phpversion(), '7.3.0', '>=')) { + session_set_cookie_params($sessionCookieParams); + } + + session_set_cookie_params( + $sessionCookieParams['lifetime'], + $sessionCookieParams['path'], + $sessionCookieParams['domain'], + $sessionCookieParams['secure'], + $sessionCookieParams['httponly'] + ); + } + + /** + * Gets authentication credentials + * + * @return boolean whether we get authentication settings or not + */ + public function readCredentials() + { + /* Check if we're using same signon server */ + $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; + if (isset($_SESSION['LAST_SIGNON_URL']) + && $_SESSION['LAST_SIGNON_URL'] != $signon_url + ) { + return false; + } + + /* Script name */ + $script_name = $GLOBALS['cfg']['Server']['SignonScript']; + + /* Session name */ + $session_name = $GLOBALS['cfg']['Server']['SignonSession']; + + /* Login URL */ + $signon_url = $GLOBALS['cfg']['Server']['SignonURL']; + + /* Current host */ + $single_signon_host = $GLOBALS['cfg']['Server']['host']; + + /* Current port */ + $single_signon_port = $GLOBALS['cfg']['Server']['port']; + + /* No configuration updates */ + $single_signon_cfgupdate = []; + + /* Handle script based auth */ + if (! empty($script_name)) { + if (! @file_exists($script_name)) { + Core::fatalError( + __('Can not find signon authentication script:') + . ' ' . $script_name + ); + } + include $script_name; + + list ($this->user, $this->password) + = get_login_credentials($GLOBALS['cfg']['Server']['user']); + } elseif (isset($_COOKIE[$session_name])) { /* Does session exist? */ + /* End current session */ + $old_session = session_name(); + $old_id = session_id(); + $oldCookieParams = session_get_cookie_params(); + if (! defined('TESTSUITE')) { + session_write_close(); + } + /* Load single signon session */ + if (! defined('TESTSUITE')) { + $this->setCookieParams(); + session_name($session_name); + session_id($_COOKIE[$session_name]); + session_start(); + } + + /* Clear error message */ + unset($_SESSION['PMA_single_signon_error_message']); + + /* Grab credentials if they exist */ + if (isset($_SESSION['PMA_single_signon_user'])) { + $this->user = $_SESSION['PMA_single_signon_user']; + } + if (isset($_SESSION['PMA_single_signon_password'])) { + $this->password = $_SESSION['PMA_single_signon_password']; + } + if (isset($_SESSION['PMA_single_signon_host'])) { + $single_signon_host = $_SESSION['PMA_single_signon_host']; + } + + if (isset($_SESSION['PMA_single_signon_port'])) { + $single_signon_port = $_SESSION['PMA_single_signon_port']; + } + + if (isset($_SESSION['PMA_single_signon_cfgupdate'])) { + $single_signon_cfgupdate = $_SESSION['PMA_single_signon_cfgupdate']; + } + + /* Also get token as it is needed to access subpages */ + if (isset($_SESSION['PMA_single_signon_token'])) { + /* No need to care about token on logout */ + $pma_token = $_SESSION['PMA_single_signon_token']; + } + + /* End single signon session */ + if (! defined('TESTSUITE')) { + session_write_close(); + } + + /* Restart phpMyAdmin session */ + if (! defined('TESTSUITE')) { + $this->setCookieParams($oldCookieParams); + session_name($old_session); + if (! empty($old_id)) { + session_id($old_id); + } + session_start(); + } + + /* Set the single signon host */ + $GLOBALS['cfg']['Server']['host'] = $single_signon_host; + + /* Set the single signon port */ + $GLOBALS['cfg']['Server']['port'] = $single_signon_port; + + /* Configuration update */ + $GLOBALS['cfg']['Server'] = array_merge( + $GLOBALS['cfg']['Server'], + $single_signon_cfgupdate + ); + + /* Restore our token */ + if (! empty($pma_token)) { + $_SESSION[' PMA_token '] = $pma_token; + $_SESSION[' HMAC_secret '] = Util::generateRandom(16); + } + + /** + * Clear user cache. + */ + Util::clearUserCache(); + } + + // Returns whether we get authentication settings or not + if (empty($this->user)) { + unset($_SESSION['LAST_SIGNON_URL']); + + return false; + } + + $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL']; + + return true; + } + + /** + * User is not allowed to login to MySQL -> authentication failed + * + * @param string $failure String describing why authentication has failed + * + * @return void + */ + public function showFailure($failure) + { + parent::showFailure($failure); + + /* Session name */ + $session_name = $GLOBALS['cfg']['Server']['SignonSession']; + + /* Does session exist? */ + if (isset($_COOKIE[$session_name])) { + if (! defined('TESTSUITE')) { + /* End current session */ + session_write_close(); + + /* Load single signon session */ + $this->setCookieParams(); + session_name($session_name); + session_id($_COOKIE[$session_name]); + session_start(); + } + + /* Set error message */ + $_SESSION['PMA_single_signon_error_message'] = $this->getErrorMessage($failure); + } + $this->showLoginForm(); + } + + /** + * Returns URL for login form. + * + * @return string + */ + public function getLoginFormURL() + { + return $GLOBALS['cfg']['Server']['SignonURL']; + } +} |