|
@@ -19,7 +19,7 @@ discard block |
|
|
block discarded – undo |
|
19
|
19
|
* <base_url>/copyright.php after deploying the software |
|
20
|
20
|
*/ |
|
21
|
21
|
|
|
22
|
|
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
|
22
|
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
23
|
23
|
|
|
24
|
24
|
$auth = new \web\lib\admin\Authentication(); |
|
25
|
25
|
$deco = new \web\lib\admin\PageDecoration(); |
|
@@ -43,7 +43,7 @@ discard block |
|
|
block discarded – undo |
|
43
|
43
|
} |
|
44
|
44
|
$profileToBeDel = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier); |
|
45
|
45
|
$profileToBeDel->destroy(); |
|
46
|
|
- $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile " . $profileToBeDel->identifier); |
|
|
46
|
+ $loggerInstance->writeAudit($_SESSION['user'], "DEL", "Profile ".$profileToBeDel->identifier); |
|
47
|
47
|
header("Location: overview_org.php?inst_id=$my_inst->identifier"); |
|
48
|
48
|
exit; |
|
49
|
49
|
case web\lib\common\FormElements::BUTTON_SAVE: |
|
@@ -52,7 +52,7 @@ discard block |
|
|
block discarded – undo |
|
52
|
52
|
echo $deco->pageheader(sprintf(_("%s: Edit Profile - Result"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
53
|
53
|
} else { |
|
54
|
54
|
$profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS); |
|
55
|
|
- $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $my_inst->identifier . " - Profile created"); |
|
|
55
|
+ $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$my_inst->identifier." - Profile created"); |
|
56
|
56
|
echo $deco->pageheader(sprintf(_("%s: Profile wizard (step 3 completed)"), \config\Master::APPEARANCE['productname']), "ADMIN-IDP"); |
|
57
|
57
|
} |
|
58
|
58
|
if (!$profile instanceof \core\ProfileRADIUS) { |
|
@@ -121,7 +121,7 @@ discard block |
|
|
block discarded – undo |
|
121
|
121
|
$uiElements = new web\lib\admin\UIElements(); |
|
122
|
122
|
// set realm info, if submitted |
|
123
|
123
|
if ($realm !== FALSE) { |
|
124
|
|
- $profile->setRealm($anonLocal . "@" . $realm); |
|
|
124
|
+ $profile->setRealm($anonLocal."@".$realm); |
|
125
|
125
|
echo $uiElements->boxOkay(sprintf(_("Realm: <strong>%s</strong>"), $realm)); |
|
126
|
126
|
} else { |
|
127
|
127
|
$profile->setRealm(""); |
|
@@ -147,7 +147,7 @@ discard block |
|
|
block discarded – undo |
|
147
|
147
|
echo $uiElements->boxError(_("Realm check username cannot be configured: realm is missing!")); |
|
148
|
148
|
} else { |
|
149
|
149
|
$profile->setRealmcheckUser(true, $checkuser_name); |
|
150
|
|
- echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name . "@" . $realm)); |
|
|
150
|
+ echo $uiElements->boxOkay(sprintf(_("Special username for realm check is <strong>%s</strong>, the value is <strong>%s</strong>"), _("ON"), $checkuser_name."@".$realm)); |
|
151
|
151
|
} |
|
152
|
152
|
} else { |
|
153
|
153
|
$profile->setRealmCheckUser(false); |
|
@@ -159,12 +159,12 @@ discard block |
|
|
block discarded – undo |
|
159
|
159
|
$extratext = ""; |
|
160
|
160
|
if (!empty($realm)) { |
|
161
|
161
|
if ($hint !== FALSE) { |
|
162
|
|
- $extratext = " " . sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
|
162
|
+ $extratext = " ".sprintf(_("The realm portion MUST be exactly '...@%s'."), $realm); |
|
163
|
163
|
} else { |
|
164
|
|
- $extratext = " " . sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
|
164
|
+ $extratext = " ".sprintf(_("The realm portion MUST end with '%s' but sub-realms of it are allowed (i.e. 'user@%s' and 'user@<...>.%s' are both acceptable)."), $realm, $realm, $realm); |
|
165
|
165
|
} |
|
166
|
166
|
} |
|
167
|
|
- echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.") . $extratext); |
|
|
167
|
+ echo $uiElements->boxOkay(_("Where possible, supplicants will verify that username inputs contain a syntactically correct realm.").$extratext); |
|
168
|
168
|
} else { |
|
169
|
169
|
$profile->setInputVerificationPreference(false, false); |
|
170
|
170
|
} |
|
@@ -196,30 +196,30 @@ discard block |
|
|
block discarded – undo |
|
196
|
196
|
echo $uiElements->boxOkay(_("Redirection is <strong>OFF</strong>")); |
|
197
|
197
|
} |
|
198
|
198
|
|
|
199
|
|
- $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $profile->identifier . " - attributes changed"); |
|
|
199
|
+ $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$profile->identifier." - attributes changed"); |
|
200
|
200
|
// reload the profile to ingest new CA and server names if any; before checking EAP completeness |
|
201
|
201
|
$reloadedProfileNr1 = \core\ProfileFactory::instantiate($profile->identifier); |
|
202
|
202
|
foreach (\core\common\EAP::listKnownEAPTypes() as $a) { |
|
203
|
203
|
if ($a->getIntegerRep() == \core\common\EAP::INTEGER_SILVERBULLET) { // do not allow adding silverbullet via the backdoor |
|
204
|
204
|
continue; |
|
205
|
205
|
} |
|
206
|
|
- if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep() . "-priority"]) && is_numeric($_POST[$a->getPrintableRep() . "-priority"])) { |
|
207
|
|
- $priority = (int) $_POST[$a->getPrintableRep() . "-priority"]; |
|
|
206
|
+ if (isset($_POST[$a->getPrintableRep()]) && isset($_POST[$a->getPrintableRep()."-priority"]) && is_numeric($_POST[$a->getPrintableRep()."-priority"])) { |
|
|
207
|
+ $priority = (int) $_POST[$a->getPrintableRep()."-priority"]; |
|
208
|
208
|
// add EAP type to profile as requested, but ... |
|
209
|
209
|
$reloadedProfileNr1->addSupportedEapMethod($a, $priority); |
|
210
|
|
- $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile " . $reloadedProfileNr1->identifier . " - supported EAP types changed"); |
|
|
210
|
+ $loggerInstance->writeAudit($_SESSION['user'], "MOD", "Profile ".$reloadedProfileNr1->identifier." - supported EAP types changed"); |
|
211
|
211
|
// see if we can enable the EAP type, or if info is missing |
|
212
|
212
|
$eapcompleteness = $reloadedProfileNr1->isEapTypeDefinitionComplete($a); |
|
213
|
213
|
if ($eapcompleteness === true) { |
|
214
|
|
- echo $uiElements->boxOkay(_("Supported EAP Type: ") . "<strong>" . $a->getPrintableRep() . "</strong>"); |
|
|
214
|
+ echo $uiElements->boxOkay(_("Supported EAP Type: ")."<strong>".$a->getPrintableRep()."</strong>"); |
|
215
|
215
|
} else { |
|
216
|
216
|
$warntext = ""; |
|
217
|
217
|
if (is_array($eapcompleteness)) { |
|
218
|
218
|
foreach ($eapcompleteness as $item) { |
|
219
|
|
- $warntext .= "<strong>" . $uiElements->displayName($item) . "</strong> "; |
|
|
219
|
+ $warntext .= "<strong>".$uiElements->displayName($item)."</strong> "; |
|
220
|
220
|
} |
|
221
|
221
|
} |
|
222
|
|
- echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext) . "<br/>" . _("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
|
222
|
+ echo $uiElements->boxWarning(sprintf(_("Supported EAP Type: <strong>%s</strong> is missing required information %s !"), $a->getPrintableRep(), $warntext)."<br/>"._("The EAP type was added to the profile, but you need to complete the missing information before we can produce installers for you.")); |
|
223
|
223
|
} |
|
224
|
224
|
} |
|
225
|
225
|
} |
|
@@ -230,23 +230,23 @@ discard block |
|
|
block discarded – undo |
|
230
|
230
|
if (count($significantChanges) > 0) { |
|
231
|
231
|
$myInstOriginal = new \core\IdP($profile->institution); |
|
232
|
232
|
// send a notification/alert mail to someone we know is in charge |
|
233
|
|
- $text = _("To whom it may concern,") . "\n\n"; |
|
|
233
|
+ $text = _("To whom it may concern,")."\n\n"; |
|
234
|
234
|
/// were made to the *Identity Provider* *LU* / integer number of IdP / (previously known as) Name |
|
235
|
|
- $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name) . "\n\n"; |
|
|
235
|
+ $text .= sprintf(_("significant changes were made to a RADIUS deployment profile of the %s %s / %s / '%s'."), $ui->nomenclatureInst, strtoupper($myInstOriginal->federation), $myInstOriginal->identifier, $myInstOriginal->name)."\n\n"; |
|
236
|
236
|
if (isset($significantChanges[\core\AbstractProfile::CA_CLASH_ADDED])) { |
|
237
|
|
- $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:") . "\n\n"; |
|
238
|
|
- $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED] . "\n\n"; |
|
|
237
|
+ $text .= _("WARNING! A new trusted root CA was added, and it has the exact same name as a previously existing root CA. This may (but does not necessarily) mean that this is an attempt to insert an unauthorised trust root by disguising as the genuine one. The details are below:")."\n\n"; |
|
|
238
|
+ $text .= $significantChanges[\core\AbstractProfile::CA_CLASH_ADDED]."\n\n"; |
|
239
|
239
|
} |
|
240
|
240
|
if (isset($significantChanges[\core\AbstractProfile::CA_ADDED])) { |
|
241
|
|
- $text .= _("A new trusted root CA was added. The details are below:") . "\n\n"; |
|
242
|
|
- $text .= $significantChanges[\core\AbstractProfile::CA_ADDED] . "\n\n"; |
|
|
241
|
+ $text .= _("A new trusted root CA was added. The details are below:")."\n\n"; |
|
|
242
|
+ $text .= $significantChanges[\core\AbstractProfile::CA_ADDED]."\n\n"; |
|
243
|
243
|
} |
|
244
|
244
|
if (isset($significantChanges[\core\AbstractProfile::SERVERNAME_ADDED])) { |
|
245
|
|
- $text .= _("A new acceptable server name for the authentication server was added. The details are below:") . "\n\n"; |
|
246
|
|
- $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED] . "\n\n"; |
|
|
245
|
+ $text .= _("A new acceptable server name for the authentication server was added. The details are below:")."\n\n"; |
|
|
246
|
+ $text .= $significantChanges[\core\AbstractProfile::SERVERNAME_ADDED]."\n\n"; |
|
247
|
247
|
} |
|
248
|
|
- $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.") . "\n\n"; |
|
249
|
|
- $text .= _("Greetings, ") . "\n\n" . \config\Master::APPEARANCE['productname_long']; |
|
|
248
|
+ $text .= _("This mail is merely a cross-check because these changes can be security-relevant. If the change was expected, you do not need to take any action.")."\n\n"; |
|
|
249
|
+ $text .= _("Greetings, ")."\n\n".\config\Master::APPEARANCE['productname_long']; |
|
250
|
250
|
// (currently, send hard-wired to NRO - future: for linked insts, check eduroam DBv2 and send to registered admins directly) |
|
251
|
251
|
$fed = new core\Federation($myInstOriginal->federation); |
|
252
|
252
|
foreach ($fed->listFederationAdmins() as $id) { |
|
@@ -303,14 +303,14 @@ discard block |
|
|
block discarded – undo |
|
303
|
303
|
$oneHostOkay = FALSE; |
|
304
|
304
|
$testCandidates = []; |
|
305
|
305
|
foreach ($dnsChecks->NAPTR_hostname_records as $oneServer) { |
|
306
|
|
- $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[" . $oneServer['IP'] . "]") . ":" . $oneServer['port']; |
|
|
306
|
+ $testCandidates[$oneServer['hostname']][] = ($oneServer['family'] == "IPv4" ? $oneServer['IP'] : "[".$oneServer['IP']."]").":".$oneServer['port']; |
|
307
|
307
|
} |
|
308
|
308
|
foreach ($testCandidates as $oneHost => $listOfIPs) { |
|
309
|
309
|
$connectionTests = new core\diag\RFC6614Tests(array_values($listOfIPs), $oneHost, "openroaming"); |
|
310
|
310
|
// for now (no OpenRoaming client certs available) only run server-side tests |
|
311
|
311
|
foreach ($listOfIPs as $oneIP) { |
|
312
|
312
|
$connectionResult = $connectionTests->cApathCheck($oneIP); |
|
313
|
|
- if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || ( isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
|
313
|
+ if ($connectionResult != core\diag\AbstractTest::RETVAL_OK || (isset($connectionTests->TLS_CA_checks_result['cert_oddity']) && count($connectionTests->TLS_CA_checks_result['cert_oddity']) > 0)) { |
|
314
|
314
|
$allHostsOkay = FALSE; |
|
315
|
315
|
} else { |
|
316
|
316
|
$oneHostOkay = TRUE; |
|
@@ -345,7 +345,7 @@ discard block |
|
|
block discarded – undo |
|
345
|
345
|
<?php |
|
346
|
346
|
if (count($reloadedProfileNr2->getEapMethodsinOrderOfPreference(1)) > 0) { |
|
347
|
347
|
echo "<form method='post' action='overview_installers.php?inst_id=$my_inst->identifier&profile_id=$reloadedProfileNr2->identifier' accept-charset='UTF-8'> |
|
348
|
|
- <button type='submit'>" . _("Continue to Installer Fine-Tuning and Download") . "</button> |
|
|
348
|
+ <button type='submit'>"._("Continue to Installer Fine-Tuning and Download")."</button> |
|
349
|
349
|
</form>"; |
|
350
|
350
|
} |
|
351
|
351
|
echo $deco->footer(); |
GEANT /
CAT
