diff --git a/pandora_console/general/noaccesssaml.php b/pandora_console/general/noaccesssaml.php deleted file mode 100644 index e357e040dc..0000000000 --- a/pandora_console/general/noaccesssaml.php +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - -
- -
- images/input_cross.png'> -
- -
-
- -
- -
-
'; - echo __('Please make sure you have SAML authentication properly configured. For more information the error to access this page are recorded in security logs of %s System Database', get_product_name()); - ?> - -
- -
- OK -
-
-
- -
- - - - - diff --git a/pandora_console/include/auth/saml.php b/pandora_console/include/auth/saml.php deleted file mode 100755 index 6ffbc8cf4b..0000000000 --- a/pandora_console/include/auth/saml.php +++ /dev/null @@ -1,166 +0,0 @@ -requireAuth(); - $session = SimpleSAML_Session::getSessionFromRequest(); - $session->cleanup(); - $attributes = $as->getAttributes(); - - if (empty($attributes)) { - return false; - } - - $id_user = $attributes[SAML_MAIL_IN_PANDORA][0]; - $email = $attributes[SAML_MAIL_IN_PANDORA][0]; - $group_name = $attributes[SAML_GROUP_IN_PANDORA][0]; - $profiles_and_tags = $attributes[SAML_ROLE_AND_TAG]; - - $profile_names = []; - $tag_names = []; - // Manages array with tags and roles to separate them - foreach ($profiles_and_tags as $profile_or_tag) { - $is_profile_or_tag = explode(SAML_DEFAULT_PROFILES_AND_TAGS_FORM, $profile_or_tag); - $is_profile_or_tag2 = explode(':', $is_profile_or_tag[1]); - if ($is_profile_or_tag2[0] == 'role') { - $profile_names[] = $is_profile_or_tag2[1]; - } else if ($is_profile_or_tag2[0] == 'tag') { - $tag_names[] = $is_profile_or_tag2[1]; - } - } - - // Connect to Pandora db - $connection = mysql_connect_db( - $config['pandora_server'], - $config['pandora_dbname'], - $config['pandora_user'], - $config['pandora_pass'] - ); - - if ($connection === false) { - return false; - } - - // Get the red.es user id - $rows = db_get_all_rows_sql( - "SELECT * FROM tusuario - WHERE id_user = '".$id_user."'", - false, - false, - $connection - ); - - // Checks group id, profiles id and tags id - $group_id = ''; - $profile_id = []; - $tag_id = ''; - $tags_to_profile = ''; - if ($group_name != '') { - $group_id = db_get_all_rows_sql("SELECT id_grupo FROM tgrupo WHERE nombre = '".$group_name."'"); - $group_id = $group_id[0]['id_grupo']; - if (empty($group_id)) { - $config['auth_error'] = 'Group not found in database'; - db_pandora_audit('Logon Failed', 'Group '.$group_name.' not found in database', $_SERVER['REMOTE_ADDR']); - return false; - } - } - - if (!empty($profile_names)) { - foreach ($profile_names as $profile_name) { - $profile_id[] = db_get_row_sql("SELECT id_perfil FROM tperfil WHERE name = '".io_safe_input($profile_name)."'"); - } - } - - if (!empty($tag_names)) { - $i = 0; - foreach ($tag_names as $tag_name) { - $tag_id = db_get_row_sql("SELECT id_tag FROM ttag WHERE name = '".io_safe_input($tag_name)."'"); - if ($i == 0) { - $tags_to_profile = (String) $tag_id['id_tag']; - } else { - $tags_to_profile .= ','.(String) $tag_id['id_tag']; - } - - $i++; - } - } - - // If user does not exist in Pandora - if (empty($rows)) { - if ($id_user != '') { - $values_user = []; - $values_user['id_user'] = $id_user; - $values_user['email'] = $email; - $result_insert_user = db_process_sql_insert('tusuario', $values_user); - - // Separates user insert of profile insert - $values_user_profile = []; - $values_user_profile['id_usuario'] = $id_user; - $values_user_profile['id_grupo'] = $group_id; - $values_user_profile['tags'] = $tags_to_profile; - foreach ($profile_id as $id) { - $values_user_profile['id_perfil'] = $id['id_perfil']; - $result_insert_user_profile = db_process_sql_insert('tusuario_perfil', $values_user_profile); - } - - if (!$result_insert_user_profile) { - $config['auth_error'] = 'Login error'; - return false; - } - - return $id_user; - } else { - return false; - } - } else { - $user = $rows[0]; - // To update the profiles, delete the old and insert the new - $have_profiles = db_get_all_rows_sql("SELECT id_up FROM tusuario_perfil WHERE id_usuario = '".$user['id_user']."'"); - if ($have_profiles) { - $delete_old_profiles = db_process_sql("DELETE FROM tusuario_perfil WHERE id_usuario = '".$user['id_user']."'"); - } - - $values_user_profile = []; - $values_user_profile['id_usuario'] = $user['id_user']; - $values_user_profile['id_grupo'] = $group_id; - $values_user_profile['tags'] = $tags_to_profile; - foreach ($profile_id as $id) { - $values_user_profile['id_perfil'] = $id['id_perfil']; - $result_insert_user_profile = db_process_sql_insert('tusuario_perfil', $values_user_profile); - } - - return $user['id_user']; - } - - $config['auth_error'] = 'User not found in database or incorrect password'; - - return false; -} diff --git a/pandora_console/index.php b/pandora_console/index.php index a543829bb7..3c95074171 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -359,17 +359,12 @@ if (! isset($config['id_user'])) { $nick_in_db = $_SESSION['prepared_login_da']['id_user']; $expired_pass = false; } else if (($config['auth'] == 'saml') && ($login_button_saml)) { - if (!include_once 'include/auth/saml.php') { - include_once 'general/noaccesssaml.php'; - } else { - $saml_user_id = saml_process_user_login(); - } + include_once ENTERPRISE_DIR.'/include/auth/saml.php'; + + $saml_user_id = saml_process_user_login(); $nick_in_db = $saml_user_id; - if (!$nick_in_db) { - include_once 'general/noaccesssaml.php'; - include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('PandoraFMS'); $as->logout();