14    const STAGEID = 
'sspmod_negotiate_Auth_Source_Negotiate.StageId';
 
   43        assert(is_array(
$info));
 
   46        if (!extension_loaded(
'krb5')) {
 
   47            throw new Exception(
'KRB5 Extension not installed');
 
   55        $this->backend = 
$config->getString(
'fallback');
 
   56        $this->hostname = 
$config->getString(
'hostname');
 
   57        $this->port = 
$config->getInteger(
'port', 389);
 
   58        $this->referrals = 
$config->getBoolean(
'referrals', 
true);
 
   59        $this->enableTLS = 
$config->getBoolean(
'enable_tls', 
false);
 
   60        $this->debugLDAP = 
$config->getBoolean(
'debugLDAP', 
false);
 
   61        $this->timeout = 
$config->getInteger(
'timeout', 30);
 
   62        $this->keytab = 
$config->getString(
'keytab');
 
   64        $this->attr = 
$config->getString(
'attr', 
'uid');
 
   65        $this->subnet = 
$config->getArray(
'subnet', 
null);
 
   66        $this->admin_user = 
$config->getString(
'adminUser', 
null);
 
   67        $this->admin_pw = 
$config->getString(
'adminPassword', 
null);
 
   68        $this->attributes = 
$config->getArray(
'attributes', 
null);
 
   88        $state[
'LogoutState'] = array(
 
   89            'negotiate:backend' => $this->backend,
 
  101        $disabled = 
$session->getData(
'negotiate:disable', 
'session');
 
  104            (!empty(
$_COOKIE[
'NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT']) &&
 
  105                $_COOKIE[
'NEGOTIATE_AUTOLOGIN_DISABLE_PERMANENT'] == 
'True')
 
  120        if (!empty(
$_SERVER[
'HTTP_AUTHORIZATION'])) {
 
  131            list($mech,) = explode(
' ', 
$_SERVER[
'HTTP_AUTHORIZATION'], 2);
 
  132            if (strtolower($mech) == 
'basic') {
 
  135                if (strtolower($mech) != 
'negotiate') {
 
  140            $auth = 
new KRB5NegotiateAuth($this->keytab);
 
  143                $reply = 
$auth->doAuthentication();
 
  144            } 
catch (Exception $e) {
 
  154                if ($lookup !== 
null) {
 
  155                    $state[
'Attributes'] = $lookup;
 
  157                    $state[
'LogoutState'] = array(
 
  158                        'negotiate:backend' => 
null,
 
  191        if (array_key_exists(
'negotiate:disable', 
$spMetadata)) {
 
  216        if ($this->subnet === 
null) {
 
  220        foreach ($this->subnet as $cidr) {
 
  241        $json_url = json_encode(
$url);
 
  243        header(
'HTTP/1.1 401 Unauthorized');
 
  244        header(
'WWW-Authenticate: Negotiate', 
false);
 
  248  <script type=
"text/javascript">window.location = $json_url</script>
 
  249  <title>Redirect to login</title>
 
  252 <
p>Your browser seems to have Javascript disabled. Please click <a href=
"$url">here</a>.</
p>
 
  281        } 
catch (Exception $e) {
 
  302        $pos = strpos(
$user, 
'@');
 
  303        if ($pos === 
false) {
 
  306        $uid = substr(
$user, 0, $pos);
 
  310            $dn = $this->ldap->searchfordn($this->
base, $this->attr, $uid);
 
  311            return $this->ldap->getAttributes($dn, $this->attributes);
 
  325        if ($this->admin_user === 
null) {
 
  330            'Negotiate - authenticate(): Binding as system user '.var_export($this->admin_user, 
true)
 
  333        if (!$this->ldap->bind($this->admin_user, $this->admin_pw)) {
 
  334            $msg = 
'Unable to authenticate system user (LDAP_INVALID_CREDENTIALS) '.var_export($this->admin_user, 
true);
 
  358            $session->setData(
'negotiate:disable', 
'session', 
true, 24 * 60 * 60);
 
const EOF
How fgetc() reports an End Of File.
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
An exception for terminatinating execution or to throw for unit testing.
static ipCIDRcheck($cidr, $ip=null)
Check whether an IP address is part of a CIDR.
static loginCompleted($state)
Called when a login operation has finished.
static getById($authId, $type=null)
Retrieve authentication source.
static completeAuth(&$state)
Complete authentication.
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
static saveState(&$state, $stage, $rawId=false)
Save the state.
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
static getSessionFromRequest()
Retrieves the current session.
logout(&$state)
Log out from this authentication source.
sendNegotiate($params)
Send the actual headers and body of the 401.
static fallBack(&$state)
Passes control of the login process to a different module.
authenticate(&$state)
The inner workings of the module.
lookupUserData($user)
Strips away the realm of the Kerberos identifier, looks up what attributes to fetch from SP metadata ...
checkMask()
checkMask() looks up the subnet config option and verifies that the client is within that range.
adminBind()
Elevates the LDAP connection to allow restricted lookups if so configured.
spDisabledInMetadata($spMetadata)
__construct($info, $config)
Constructor for this authentication source.
if(!array_key_exists('StateId', $_REQUEST)) $id
Attribute-related utility methods.
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']