/usr/share/php/Horde/Auth/Shibboleth.php is in php-horde-auth 2.2.2-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | <?php
/**
* Copyright 2006 9Star Research, Inc. http://www.protectnetwork.org/
*
* See the enclosed file COPYING for license information (LGPL). If you did
* not receive this file, see http://www.horde.org/licenses/lgpl21.
*
* @author Cassio Nishiguchi <cassio@protectnetwork.org>
* @category Horde
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
/**
* The Horde_Auth_Shibboleth class only provides transparent authentication
* based on the headers set by a Shibboleth SP.
*
* Note that this class does not provide any actual SP functionality, it just
* takes the username from the HTTP headers that should be set by the
* Shibboleth SP.
*
* @author Cassio Nishiguchi <cassio@protectnetwork.org>
* @category Horde
* @copyright 2006 9Star Research, Inc.
* @license http://www.horde.org/licenses/lgpl21 LGPL-2.1
* @package Auth
*/
class Horde_Auth_Shibboleth extends Horde_Auth_Base
{
/**
* An array of capabilities, so that the driver can report which
* operations it supports and which it doesn't.
*
* @var array
*/
protected $_capabilities = array(
'transparent' => true
);
/**
* Constructor.
*
* @param array $params Parameters:
* <pre>
* 'password_header' - (string) Name of the header holding the password of
* the logged in user.
* 'password_holder' - (string) Where the hordeauth password is stored.
* 'password_preference' - (string) Name of the Horde preference holding
* the password of the logged in user.
* 'username_header' - (string) [REQUIRED] Name of the header holding the
* username of the logged in user.
* </pre>
*
* @throws InvalidArgumentException
*/
public function __construct(array $params = array())
{
if (!isset($params['username_header'])) {
throw new InvalidArgumentException('Missing username_header parameter.');
}
$params = array_merge(array(
'password_header' => '',
'password_holder' => '',
'password_preference' => ''
), $params);
parent::__construct($params);
}
/**
* Not implemented.
*
* @param string $userId The userID to check.
* @param array $credentials An array of login credentials.
*
* @throws Horde_Auth_Exception
*/
protected function _authenticate($userId, $credentials)
{
throw new Horde_Auth_Exception('Unsupported.');
}
/**
* Automatic authentication: checks if the username is set in the
* configured header.
*
* @return boolean Whether or not the client is allowed.
*/
public function transparent()
{
if (empty($_SERVER[$this->_params['username_header']])) {
return false;
}
$username = $_SERVER[$this->_params['username_header']];
// Remove scope from username, if present.
$this->setCredential('userId', $this->_removeScope($username));
// Set password for hordeauth login.
switch ($this->_params['password_holder']) {
case 'header':
$this->setCredential('credentials', array(
'password' => $_SERVER[$this->_params['password_header']]
));
break;
case 'preferences':
$this->setCredential('credentials', array(
'password' => $_SERVER[$this->_params['password_preference']]
));
break;
}
return true;
}
/**
* Removes the scope from the user name, if present.
*
* @param string $username The full user name.
*
* @return string The user name without scope.
*/
protected function _removeScope($username)
{
$pos = strrpos($username, '@');
return ($pos !== false)
? substr($username, 0, $pos)
: $username;
}
}
|