SAML with pandora sessions

2020-10-16 14:00:38 +02:00 · 2020-10-16 14:00:38 +02:00 · ca9b167741
parent b97e8697f9
commit ca9b167741
3 changed files with 76 additions and 24 deletions
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -239,8 +239,7 @@ function process_user_login_remote($login, $pass, $api=false)

        // Unknown authentication method
        default:
-            $config['auth_error'] = 'User not found in database 
-					or incorrect password';
+            $config['auth_error'] = 'User not found in database or incorrect password';
        return false;
            break;
    }
--- a/pandora_console/include/load_session.php
+++ b/pandora_console/include/load_session.php
@ -198,11 +198,63 @@ function pandora_session_gc($max_lifetime=300)
 }


-$result_handler = session_set_save_handler(
+/**
+ * Enables custom session handlers.
+ *
+ * @return boolean Context changed or  not.
+ */
+function enable_session_handlers()
+{
+    global $config;
+
+    if ($config['_using_pandora_sessionhandlers'] !== true) {
+        if (session_status() !== PHP_SESSION_NONE) {
+            // Close previous version.
+            session_write_close();
+        }
+
+        $sesion_handler = session_set_save_handler(
            'pandora_session_open',
            'pandora_session_close',
            'pandora_session_read',
            'pandora_session_write',
            'pandora_session_destroy',
            'pandora_session_gc'
-);
+        );
+
+        session_start();
+
+        // Restore previous session.
+        $config['_using_pandora_sessionhandlers'] = true;
+        return $sesion_handler;
+    }
+
+    return false;
+}
+
+
+/**
+ * Disables custom session handlers.
+ *
+ * @return void
+ */
+function disable_session_handlers()
+{
+    global $config;
+
+    if (session_status() !== PHP_SESSION_NONE) {
+        // Close previous version.
+        session_write_close();
+    }
+
+    $ss = new SessionHandler();
+    session_set_save_handler($ss, true);
+
+    session_start();
+
+    $config['_using_pandora_sessionhandlers'] = false;
+}
+
+
+// Always enable session handler.
+$result_handler = enable_session_handlers();
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -395,11 +395,11 @@ if (! isset($config['id_user'])) {
            $nick_in_db = $_SESSION['prepared_login_da']['id_user'];
            $expired_pass = false;
        } else if (($config['auth'] == 'saml') && ($login_button_saml)) {
-            $saml_configured = include_once $config['homedir'].'/'.ENTERPRISE_DIR.'/include/auth/saml.php';
-
-            if (!$saml_configured) {
+            $saml_path = $config['homedir'].'/'.ENTERPRISE_DIR.'/include/auth/saml.php';
+            if (!$saml_path) {
                include_once 'general/noaccesssaml.php';
-            }
+            } else {
+                include_once $saml_path;

                $saml_user_id = saml_process_user_login();

@ -414,6 +414,7 @@ if (! isset($config['id_user'])) {
                    $as = new SimpleSAML_Auth_Simple($config['saml_source']);
                    $as->logout();
                }
+            }
        } else {
            // process_user_login is a virtual function which should be defined in each auth file.
            // It accepts username and password. The rest should be internal to the auth file.
@ -971,7 +972,7 @@ if (isset($_GET['bye'])) {

    if ($config['auth'] == 'saml') {
        include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
-        $as = new SimpleSAML_Auth_Simple('PandoraFMS');
+        $as = new SimpleSAML_Auth_Simple($config['saml_source']);
        $as->logout();
    }