ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
Data Structures | Functions | Variables
InternalPGTStorage

Data Structures

class  PGTStorage
 The PGTStorage class is a generic class for PGT storage. More...

Functions

 CASClient::initPGTStorage ()
 This method is used to initialize the storage of PGT's.
 CASClient::storePGT ($pgt, $pgt_iou)
 This method stores a PGT.
 CASClient::loadPGT ($pgt_iou)
 This method reads a PGT from its Iou and deletes the corresponding storage entry.
 CASClient::setPGTStorageFile ($format='', $path='')
 This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the filesystem.
 CASClient::setPGTStorageDB ($user, $password, $database_type, $hostname, $port, $database, $table)
 This method is used to tell phpCAS to store the response of the CAS server to PGT requests into a database.
 CASClient::validatePGT (&$validate_url, $text_response, $tree_response)
 This method is used to validate a PGT; halt on failure.
 CASClient::retrievePT ($target_service, &$err_code, &$err_msg)
 This method is used to retrieve PT's from the CAS server thanks to a PGT.
 CASClient::readURL ($url, $cookies, &$headers, &$body, &$err_msg)
 This method is used to acces a remote URL.
 CASClient::serviceWeb ($url, &$err_code, &$output)
 This method is used to access an HTTP[S] service.
 CASClient::serviceMail ($url, $flags, &$err_code, &$err_msg, &$pt)
 This method is used to access an IMAP/POP3/NNTP service.
 PGTStorage::PGTStorage ($cas_parent)
 The constructor of the class, should be called only by inherited classes.
 PGTStorage::getStorageType ()
 This virtual method returns an informational string giving the type of storage used by the object (used for debugging purposes).
 PGTStorage::getStorageInfo ()
 This virtual method returns an informational string giving informations on the parameters of the storage.
 PGTStorage::setErrorMessage ($error_message)
 This method sets en error message, which can be read later by PGTStorage::getErrorMessage().
 PGTStorage::getErrorMessage ()
 This method returns an error message set by PGTStorage::setErrorMessage().
 PGTStorage::isInitialized ()
 This method tells if the storage has already been intialized.
 PGTStorage::init ()
 This virtual method initializes the object.
 PGTStorage::write ($pgt, $pgt_iou)
 This virtual method stores a PGT and its corresponding PGT Iuo.
 PGTStorage::read ($pgt_iou)
 This virtual method reads a PGT corresponding to a PGT Iou and deletes the corresponding storage entry.

Variables

 CASClient::$_pgt_storage
 an instance of a class inheriting of PGTStorage, used to deal with PGT storage.
 PGTStorage::$_error_message
 string used to store an error message.
 PGTStorage::$_initialized
 a boolean telling if the storage has already been initialized.

Detailed Description

Function Documentation

PGTStorage::getErrorMessage ( )

This method returns an error message set by PGTStorage::setErrorMessage().

Returns
an error message when set by PGTStorage::setErrorMessage(), FALSE otherwise.
Deprecated:
not used.

Definition at line 108 of file pgt-main.php.

References PGTStorage\$_error_message.

{
return $this->_error_message;
}
PGTStorage::getStorageInfo ( )

This virtual method returns an informational string giving informations on the parameters of the storage.

(used for debugging purposes).

Reimplemented in PGTStorageDB, and PGTStorageFile.

Definition at line 66 of file pgt-main.php.

{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
PGTStorage::getStorageType ( )

This virtual method returns an informational string giving the type of storage used by the object (used for debugging purposes).

Reimplemented in PGTStorageDB, and PGTStorageFile.

Definition at line 55 of file pgt-main.php.

{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
PGTStorage::init ( )
protected

This virtual method initializes the object.

Reimplemented in PGTStorageDB, and PGTStorageFile.

Definition at line 143 of file pgt-main.php.

{
$this->_initialized = TRUE;
}
CASClient::initPGTStorage ( )
private

This method is used to initialize the storage of PGT's.

Halts on error.

Definition at line 1200 of file client.php.

{
// if no SetPGTStorageXxx() has been used, default to file
if ( !is_object($this->_pgt_storage) ) {
$this->setPGTStorageFile();
}
// initializes the storage
$this->_pgt_storage->init();
}
PGTStorage::isInitialized ( )
protected

This method tells if the storage has already been intialized.

Returns
a boolean

Definition at line 133 of file pgt-main.php.

References PGTStorage\$_initialized.

Referenced by PGTStorageFile\init(), and PGTStorageDB\init().

{
return $this->_initialized;
}

+ Here is the caller graph for this function:

CASClient::loadPGT (   $pgt_iou)
private

This method reads a PGT from its Iou and deletes the corresponding storage entry.

Parameters
$pgt_iouthe PGT Iou
Returns
The PGT corresponding to the Iou, FALSE when not found.

Definition at line 1236 of file client.php.

{
// ensure that storage is initialized
$this->initPGTStorage();
// read the PGT
return $this->_pgt_storage->read($pgt_iou);
}
PGTStorage::PGTStorage (   $cas_parent)
protected

The constructor of the class, should be called only by inherited classes.

Parameters
$cas_parentthe CASclient instance that creates the current object.

Definition at line 36 of file pgt-main.php.

Referenced by PGTStorageDB\PGTStorageDB(), and PGTStorageFile\PGTStorageFile().

{
phpCAS::traceBegin();
if ( !$cas_parent->isProxy() ) {
phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
}
phpCAS::traceEnd();
}

+ Here is the caller graph for this function:

PGTStorage::read (   $pgt_iou)
protected

This virtual method reads a PGT corresponding to a PGT Iou and deletes the corresponding storage entry.

Note
Should never be called.
Parameters
$pgt_iouthe PGT iou

Reimplemented in PGTStorageFile.

Definition at line 175 of file pgt-main.php.

{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
CASClient::readURL (   $url,
  $cookies,
$headers,
$body,
$err_msg 
)
private

This method is used to acces a remote URL.

Parameters
$urlthe URL to access.
$cookiesan array containing cookies strings such as 'name=val'
$headersan array containing the HTTP header lines of the response (an empty array on failure).
$bodythe body of the response, as a string (empty on failure).
$err_msgan error message, filled on failure.
Returns
TRUE on success, FALSE otherwise (in this later case, $err_msg contains an error message).

Definition at line 1470 of file client.php.

References $res.

Referenced by CASClient\validateST().

{
phpCAS::traceBegin();
$headers = '';
$body = '';
$err_msg = '';
$res = TRUE;
// initialize the CURL session
$ch = curl_init($url);
// verify the the server's certificate corresponds to its name
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
// but do not verify the certificate itself
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
// return the CURL output into a variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// include the HTTP header with the body
curl_setopt($ch, CURLOPT_HEADER, 1);
// add cookies headers
if ( is_array($cookies) ) {
curl_setopt($ch,CURLOPT_COOKIE,implode(';',$cookies));
}
// perform the query
$buf = curl_exec ($ch);
if ( $buf === FALSE ) {
phpCAS::trace('cur_exec() failed');
$err_msg = 'CURL error #'.curl_errno($ch).': '.curl_error($ch);
// close the CURL session
curl_close ($ch);
$res = FALSE;
} else {
// close the CURL session
curl_close ($ch);
// find the end of the headers
// note: strpos($str,"\n\r\n\r") does not work (?)
$pos = FALSE;
for ($i=0; $i<strlen($buf); $i++) {
if ( $buf[$i] == chr(13) )
if ( $buf[$i+1] == chr(10) )
if ( $buf[$i+2] == chr(13) )
if ( $buf[$i+3] == chr(10) ) {
// header found
$pos = $i;
break;
}
}
if ( $pos === FALSE ) {
// end of header not found
$err_msg = 'no header found';
phpCAS::trace($err_msg);
$res = FALSE;
} else {
// extract headers into an array
$headers = preg_split ("/[\n\r]+/",substr($buf,0,$pos));
// extract body into a string
$body = substr($buf,$pos+4);
}
}
phpCAS::traceEnd($res);
return $res;
}

+ Here is the caller graph for this function:

CASClient::retrievePT (   $target_service,
$err_code,
$err_msg 
)
private

This method is used to retrieve PT's from the CAS server thanks to a PGT.

Parameters
$target_servicethe service to ask for with the PT.
$err_codean error code (PHPCAS_SERVICE_OK on success).
$err_msgan error message (empty on success).
Returns
a Proxy Ticket, or FALSE on error.

Definition at line 1362 of file client.php.

References domxml_open_mem().

{
phpCAS::traceBegin();
// by default, $err_msg is set empty and $pt to TRUE. On error, $pt is
// set to false and $err_msg to an error message. At the end, if $pt is FALSE
// and $error_msg is still empty, it is set to 'invalid response' (the most
// commonly encountered error).
$err_msg = '';
// build the URL to retrieve the PT
$cas_url = $this->getServerProxyURL().'?targetService='.preg_replace('/&/','%26',$target_service).'&pgt='.$this->getPGT();
// open and read the URL
if ( !$this->readURL($cas_url,''/*cookies*/,$headers,$cas_response,$err_msg) ) {
phpCAS::trace('could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')');
$err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
$err_msg = 'could not retrieve PT (no response from the CAS server)';
phpCAS::traceEnd(FALSE);
return FALSE;
}
$bad_response = FALSE;
if ( !$bad_response ) {
// read the response of the CAS server into a DOM object
if ( !($dom = @domxml_open_mem($cas_response))) {
phpCAS::trace('domxml_open_mem() failed');
// read failed
$bad_response = TRUE;
}
}
if ( !$bad_response ) {
// read the root node of the XML tree
if ( !($root = $dom->document_element()) ) {
phpCAS::trace('document_element() failed');
// read failed
$bad_response = TRUE;
}
}
if ( !$bad_response ) {
// insure that tag name is 'serviceResponse'
if ( $root->node_name(true) != 'serviceResponse' ) {
phpCAS::trace('node_name() failed');
// bad root node
$bad_response = TRUE;
}
}
if ( !$bad_response ) {
// look for a proxySuccess tag
if ( sizeof($arr = $root->get_elements_by_tagname("proxySuccess")) != 0) {
// authentication succeded, look for a proxyTicket tag
if ( sizeof($arr = $root->get_elements_by_tagname("proxyTicket")) != 0) {
$err_code = PHPCAS_SERVICE_OK;
$err_msg = '';
$pt = trim($arr[0]->get_content());
phpCAS::traceEnd($pt);
return $pt;
} else {
phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>');
}
}
// look for a proxyFailure tag
else if ( sizeof($arr = $root->get_elements_by_tagname("proxyFailure")) != 0) {
// authentication failed, extract the error
$err_code = PHPCAS_SERVICE_PT_FAILURE;
$err_msg = 'PT retrieving failed (code=`'
.$arr[0]->get_attribute('code')
.'\', message=`'
.trim($arr[0]->get_content())
.'\')';
phpCAS::traceEnd(FALSE);
return FALSE;
} else {
phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found');
}
}
// at this step, we are sure that the response of the CAS server was ill-formed
$err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
$err_msg = 'Invalid response from the CAS server (response=`'.$cas_response.'\')';
phpCAS::traceEnd(FALSE);
return FALSE;
}

+ Here is the call graph for this function:

CASClient::serviceMail (   $url,
  $flags,
$err_code,
$err_msg,
$pt 
)

This method is used to access an IMAP/POP3/NNTP service.

Parameters
$urla string giving the URL of the service, including the mailing box for IMAP URLs, as accepted by imap_open().
$flagsoptions given to imap_open().
$err_codean error code Possible values are PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
$err_msgan error message on failure
$ptthe Proxy Ticket (PT) retrieved from the CAS server to access the URL on success, FALSE on error).
Returns
an IMAP stream on success, FALSE otherwise (in this later case, $err_code gives the reason why it failed and $err_msg contains an error message).

Definition at line 1633 of file client.php.

{
phpCAS::traceBegin();
// at first retrieve a PT
$pt = $this->retrievePT($target_service,$err_code,$output);
$stream = FALSE;
// test if PT was retrieved correctly
if ( !$pt ) {
// note: $err_code and $err_msg are filled by CASClient::retrievePT()
phpCAS::trace('PT was not retrieved correctly');
} else {
phpCAS::trace('opening IMAP URL `'.$url.'\'...');
$stream = @imap_open($url,$this->getUser(),$pt,$flags);
if ( !$stream ) {
phpCAS::trace('could not open URL');
$err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
// give an error message
$err_msg = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
$service_url,
var_export(imap_errors(),TRUE));
$pt = FALSE;
$stream = FALSE;
} else {
phpCAS::trace('ok');
}
}
phpCAS::traceEnd($stream);
return $stream;
}
CASClient::serviceWeb (   $url,
$err_code,
$output 
)

This method is used to access an HTTP[S] service.

Parameters
$urlthe service to access.
$err_codean error code Possible values are PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_NOT AVAILABLE.
$outputthe output of the service (also used to give an error message on failure).
Returns
TRUE on success, FALSE otherwise (in this later case, $err_code gives the reason why it failed and $output contains an error message).

Definition at line 1553 of file client.php.

References $_SESSION, $res, and CAS_STR_SERVICE_UNAVAILABLE.

{
phpCAS::traceBegin();
// at first retrieve a PT
$pt = $this->retrievePT($url,$err_code,$output);
$res = TRUE;
// test if PT was retrieved correctly
if ( !$pt ) {
// note: $err_code and $err_msg are filled by CASClient::retrievePT()
phpCAS::trace('PT was not retrieved correctly');
$res = FALSE;
} else {
// add cookies if necessary
if ( is_array($_SESSION['phpCAS']['services'][$url]['cookies']) ) {
foreach ( $_SESSION['phpCAS']['services'][$url]['cookies'] as $name => $val ) {
$cookies[] = $name.'='.$val;
}
}
// build the URL including the PT
if ( strstr($url,'?') === FALSE ) {
$service_url = $url.'?ticket='.$pt;
} else {
$service_url = $url.'&ticket='.$pt;
}
phpCAS::trace('reading URL`'.$service_url.'\'');
if ( !$this->readURL($service_url,$cookies,$headers,$output,$err_msg) ) {
phpCAS::trace('could not read URL`'.$service_url.'\'');
$err_code = PHPCAS_SERVICE_NOT_AVAILABLE;
// give an error message
$output = sprintf($this->getString(CAS_STR_SERVICE_UNAVAILABLE),
$service_url,
$err_msg);
$res = FALSE;
} else {
// URL has been fetched, extract the cookies
phpCAS::trace('URL`'.$service_url.'\' has been read, storing cookies:');
foreach ( $headers as $header ) {
// test if the header is a cookie
if ( preg_match('/^Set-Cookie:/',$header) ) {
// the header is a cookie, remove the beginning
$header_val = preg_replace('/^Set-Cookie: */','',$header);
// extract interesting information
$name_val = strtok($header_val,'; ');
// extract the name and the value of the cookie
$cookie_name = strtok($name_val,'=');
$cookie_val = strtok('=');
// store the cookie
$_SESSION['phpCAS']['services'][$url]['cookies'][$cookie_name] = $cookie_val;
phpCAS::trace($cookie_name.' -> '.$cookie_val);
}
}
}
}
phpCAS::traceEnd($res);
return $res;
}
PGTStorage::setErrorMessage (   $error_message)
protected

This method sets en error message, which can be read later by PGTStorage::getErrorMessage().

Parameters
$error_messagean error message
Deprecated:
not used.

Definition at line 94 of file pgt-main.php.

{
$this->_error_message = $error_message;
}
CASClient::setPGTStorageDB (   $user,
  $password,
  $database_type,
  $hostname,
  $port,
  $database,
  $table 
)

This method is used to tell phpCAS to store the response of the CAS server to PGT requests into a database.

Note
The connection to the database is done only when needed. As a consequence, bad parameters are detected only when initializing PGT storage.
Parameters
$userthe user to access the data with
$passwordthe user's password
$database_typethe type of the database hosting the data
$hostnamethe server hosting the database
$portthe port the server is listening on
$databasethe name of the database
$tablethe name of the table storing the data

Definition at line 1282 of file client.php.

References $user.

{
// check that the storage has not already been set
if ( is_object($this->_pgt_storage) ) {
phpCAS::error('PGT storage already defined');
}
// warn the user that he should use file storage...
trigger_error('PGT storage into database is an experimental feature, use at your own risk',E_USER_WARNING);
// create the storage object
$this->_pgt_storage = & new PGTStorageDB($this,$user,$password,$database_type,$hostname,$port,$database,$table);
}
CASClient::setPGTStorageFile (   $format = '',
  $path = '' 
)

This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the filesystem.

Parameters
$formatthe format used to store the PGT's (`plain' and `xml' allowed)
$paththe path where the PGT's should be stored

Definition at line 1253 of file client.php.

{
// check that the storage has not already been set
if ( is_object($this->_pgt_storage) ) {
phpCAS::error('PGT storage already defined');
}
// create the storage object
$this->_pgt_storage = &new PGTStorageFile($this,$format,$path);
}
CASClient::storePGT (   $pgt,
  $pgt_iou 
)
private

This method stores a PGT.

Halts on error.

Parameters
$pgtthe PGT to store
$pgt_iouits corresponding Iou

Definition at line 1219 of file client.php.

{
// ensure that storage is initialized
$this->initPGTStorage();
// writes the PGT
$this->_pgt_storage->write($pgt,$pgt_iou);
}
CASClient::validatePGT ( $validate_url,
  $text_response,
  $tree_response 
)
private

This method is used to validate a PGT; halt on failure.

Parameters
$validate_urlthe URL of the request to the CAS server.
$text_responsethe response of the CAS server, as is (XML text); result of CASClient::validateST() or CASClient::validatePT().
$tree_responsethe response of the CAS server, as a DOM XML tree; result of CASClient::validateST() or CASClient::validatePT().
Returns
bool TRUE when successfull, halt otherwise by calling CASClient::authError().

Definition at line 1318 of file client.php.

Referenced by CASClient\isAuthenticated().

{
phpCAS::traceBegin();
if ( sizeof($arr = $tree_response->get_elements_by_tagname("proxyGrantingTicket")) == 0) {
phpCAS::trace('<proxyGrantingTicket> not found');
// authentication succeded, but no PGT Iou was transmitted
$this->authError('Ticket validated but no PGT Iou transmitted',
$validate_url,
FALSE/*$no_response*/,
FALSE/*$bad_response*/,
$text_response);
} else {
// PGT Iou transmitted, extract it
$pgt_iou = trim($arr[0]->get_content());
$pgt = $this->loadPGT($pgt_iou);
if ( $pgt == FALSE ) {
phpCAS::trace('could not load PGT');
$this->authError('PGT Iou was transmitted but PGT could not be retrieved',
$validate_url,
FALSE/*$no_response*/,
FALSE/*$bad_response*/,
$text_response);
}
$this->setPGT($pgt);
}
phpCAS::traceEnd(TRUE);
return TRUE;
}

+ Here is the caller graph for this function:

PGTStorage::write (   $pgt,
  $pgt_iou 
)
protected

This virtual method stores a PGT and its corresponding PGT Iuo.

Note
Should never be called.
Parameters
$pgtthe PGT
$pgt_iouthe PGT iou

Reimplemented in PGTStorageFile.

Definition at line 161 of file pgt-main.php.

{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}

Variable Documentation

PGTStorage::$_error_message
private

string used to store an error message.

Written by PGTStorage::setErrorMessage(), read by PGTStorage::getErrorMessage().

Deprecated:
not used.

Definition at line 83 of file pgt-main.php.

Referenced by PGTStorage\getErrorMessage().

PGTStorage::$_initialized
private

a boolean telling if the storage has already been initialized.

Written by PGTStorage::init(), read by PGTStorage::isInitialized().

Definition at line 124 of file pgt-main.php.

Referenced by PGTStorage\isInitialized().

CASClient::$_pgt_storage
private

an instance of a class inheriting of PGTStorage, used to deal with PGT storage.

Created by CASClient::setPGTStorageFile() or CASClient::setPGTStorageDB(), used by CASClient::setPGTStorageFile(), CASClient::setPGTStorageDB() and CASClient::initPGTStorage().

Definition at line 1192 of file client.php.