From 7b924db9762a9258a38cbc9c881034daee51d586 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Sun, 1 Mar 2009 09:01:55 +0000
Subject: [PATCH] Certcheck functionality is moved into ldapstatus module
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1342 44740490-163a-0410-bde0-09ae8108e29a
---
modules/certcheck/default-disable | 0
modules/certcheck/templates/certcheck.php | 58 ---------
modules/certcheck/www/index.php | 115 ------------------
.../Auth/Backend/Test/StandardLDAPTest.php | 55 ++++++++-
.../ldapstatus/templates/ldapsinglehost.php | 33 +++++
modules/ldapstatus/templates/ldapstatus.php | 29 ++++-
6 files changed, 113 insertions(+), 177 deletions(-)
delete mode 100644 modules/certcheck/default-disable
delete mode 100644 modules/certcheck/templates/certcheck.php
delete mode 100644 modules/certcheck/www/index.php
diff --git a/modules/certcheck/default-disable b/modules/certcheck/default-disable
deleted file mode 100644
index e69de29bb..000000000
diff --git a/modules/certcheck/templates/certcheck.php b/modules/certcheck/templates/certcheck.php
deleted file mode 100644
index 83fa3111e..000000000
--- a/modules/certcheck/templates/certcheck.php
+++ /dev/null
@@ -1,58 +0,0 @@
-<?php
-$this->data['header'] = 'LDAP status page';
-$this->includeAtTemplateBase('includes/header.php');
-
-?>
-
-<h2>Certificate check</h2>
-
-<table class="attributes" style="font-size: small; width: 100%; border: 1px solid #aaa">
- <tr>
- <th>Host</th>
- <th colspan="3">Expires</th>
- <th>Issuer</th>
- </tr>
-
-<?php
-
-$i = 0;
-$classes = array('odd', 'even');
-
-# $this->data['results']
-foreach($this->data['results'] as $orgkey => $org) {
- echo('<tr class="' . ($classes[($i++ % 2)]) . '">');
-
-
- if (array_key_exists('error', $this->data['resultsm'][$orgkey])) {
-
-
- echo '<td colspan="2">' . $orgkey . '</td><td>';
- echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/delete.png" /></td>';
- echo '<td colspan="2">' . $this->data['resultsm'][$orgkey]['error'];
- echo '</td>';
-
-
- } else {
-
- echo '<td>' . $orgkey . '</td><td>' . $org . ' days</td><td>';
-
- if ($org < 30) {
- echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/delete.png" />';
- } else {
- echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/accept.png" />';
- }
- echo '</td>';
- echo '<td>';
- if (array_key_exists('expire', $this->data['resultsm'][$orgkey])) echo $this->data['resultsm'][$orgkey]['expire'];
- echo '</td>';
- echo '<td>';
- if (array_key_exists('issuer', $this->data['resultsm'][$orgkey])) echo $this->data['resultsm'][$orgkey]['issuer'];
- echo '</td>';
-
- }
- echo('</tr>');
-
-}
-?>
-</table>
-<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
diff --git a/modules/certcheck/www/index.php b/modules/certcheck/www/index.php
deleted file mode 100644
index 4168aa1b6..000000000
--- a/modules/certcheck/www/index.php
+++ /dev/null
@@ -1,115 +0,0 @@
-<?php
-
-
-$config = SimpleSAML_Configuration::getInstance();
-$session = SimpleSAML_Session::getInstance();
-
-if (!$session->isValid('login-admin') ) {
- SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
- array('RelayState' => SimpleSAML_Utilities::selfURL())
- );
-}
-
-
-function phpping($host, $port) {
- SimpleSAML_Logger::debug('ldapstatus phpping(): ping [' . $host . ':' . $port . ']' );
- $timeout = 1.0;
- $socket = @fsockopen($host, $port, $errno, $errstr, $timeout);
- @fclose($socket);
- if ($errno) {
- return array(FALSE, $errno . ':' . $errstr);
- } else {
- return array(TRUE,NULL);
- }
-}
-
-
-$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
-$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
-
-$pingcommand = $ldapStatusConfig->getValue('ping');
-
-$debug = $ldapconfig->getValue('ldapDebug', FALSE);
-
-$orgs = $ldapconfig->getValue('orgldapconfig');
-
-#echo '<pre>'; print_r($orgs); exit;
-
-$results = array();
-$resultsm = array();
-
-$i = 0;
-foreach ($orgs AS $orgkey => $orgconfig) {
-
-# if (++$i > 10) continue;
-
- if (empty($orgconfig['hostname'])) continue;
-
- $urldef = explode(' ', $orgconfig['hostname']);
- $url = parse_url($urldef[0]);
- $port = 389;
- if (preg_match('/^ldaps/', $urldef[0])) $port = 636;
- if (!empty($url['port'])) $port = $url['port'];
-
- if (!array_key_exists('host', $url)) {
- echo 'could not resolve host name in ' . $urldef[0]; exit;
- }
-
- $host = $url['host'];
-
-# echo 'pinging ' . $host . ' port ' . $port;
- $ping = phpping($host, $port);
- if ($ping[0] === FALSE) {
- $results[$host] = 0;
- $resultsm[$host]['error'] = 'No connectivity (ping) [' . $host . ':' . $port . ']';
- continue;
- }
-
-
- $cmd = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -enddate -noout';
- $output = shell_exec($cmd);
-
- if (!empty($output)) {
-
- $cmd2 = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -issuer -noout';
- $output2 = shell_exec($cmd2);
-// echo $output; exit;
- if (preg_match('/issuer=(.{0,40})/', $output2, $matches) ) {
- $resultsm[$host]['issuer'] = $matches[1];
- } else {
- $results[$host] = 0;
- $resultsm[$host]['error'] = 'Did not find Issuer in response [' . $host . ':' . $port . ']';
-
- }
- } else {
- $results[$host] = 0;
- $resultsm[$host]['error'] = 'Empty output from s_client -connect [' . $host . ':' . $port . ']';
- }
-
- if (preg_match('/notAfter=(.*)/', $output, $matches) ) {
- $rawdate = $matches[1];
- $date = strtotime($rawdate) - time();
-// echo '<pre>';
-// print_r($date);
- $days = floor($date / (60*60*24));
-# echo '<p>expires in ' . $days . ' days';
-
- $results[$host] = $days;
- $resultsm[$host]['expire'] = date('jS F Y', strtotime($rawdate));
- }
-
-}
-
-asort($results);
-// echo '<pre>';
-// print_r($results);
-// print_r($resultsm);
-// exit;
-
-$t = new SimpleSAML_XHTML_Template($config, 'certcheck:certcheck.php');
-$t->data['results'] = $results;
-$t->data['resultsm'] = $resultsm;
-$t->show();
-exit;
-
-?>
diff --git a/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php b/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
index 27c397275..c94d4b224 100755
--- a/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
+++ b/modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
@@ -78,6 +78,9 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
}
+ $result['cert'] = $this->certCheck();
+
+
// LDAP Connect
try {
$tester->tick('connect');
@@ -195,7 +198,57 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
}
-
+ private function certCheck() {
+
+ $result = array(FALSE, '');
+
+ $tester = new sspmod_ldapstatus_Tester($this->location);
+ $tester->tick('certcheck');
+
+ $hostname = $this->location->getValue('hostname');
+ $urldef = explode(' ', $hostname);
+ $url = parse_url($urldef[0]);
+ $port = 389;
+ if (!empty($url['scheme']) && $url['scheme'] === 'ldaps') $port = 636;
+ if (!empty($url['port'])) $port = $url['port'];
+ $host = $url['host'];
+
+ $tester->log('ldapstatus Url parse [' . $hostname . '] => [' . $host . ']:[' . $port . ']' );
+
+ $cmd = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -enddate -noout';
+ $output = shell_exec($cmd);
+
+ if (!empty($output)) {
+
+ $cmd2 = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -issuer -noout';
+ $output2 = shell_exec($cmd2);
+
+ if (preg_match('/issuer=(.{0,40})/', $output2, $matches) ) {
+ $result['issuer'] = $matches[1];
+ $result[1] .= ' ' . $output2;
+ } else {
+ $result[0] = FALSE;
+ $result[1] = 'Did not find Issuer in response [' . $host . ':' . $port . ']';
+ return $result;
+ }
+ } else {
+ $result[0] = FALSE;
+ $result[1] = 'Empty output from s_client -connect [' . $host . ':' . $port . ']';
+ return $result;
+ }
+
+ if (preg_match('/notAfter=(.*)/', $output, $matches) ) {
+ $rawdate = $matches[1];
+ $date = strtotime($rawdate) - time();
+ $days = floor($date / (60*60*24));
+ # echo '<p>expires in ' . $days . ' days';
+
+ $result[0] = ($days > 20);
+ $result['expire'] = $days;
+ $result['expireText'] = date('Y-m-d', strtotime($rawdate));
+ return $result;
+ }
+ }
}
\ No newline at end of file
diff --git a/modules/ldapstatus/templates/ldapsinglehost.php b/modules/ldapstatus/templates/ldapsinglehost.php
index 60d540c2c..4c9a3dde0 100644
--- a/modules/ldapstatus/templates/ldapsinglehost.php
+++ b/modules/ldapstatus/templates/ldapsinglehost.php
@@ -55,6 +55,35 @@ function presentRes($restag) {
echo('</div>');
}
+function presentCertRes($restag) {
+
+ global $t;
+ echo('<div class="inbox" style="border: 1px solid #aaa; background: #eee; padding: .4em; margin: .2em;">');
+
+ if (array_key_exists($restag, $t->data['res'])) {
+ $res = $t->data['res'][$restag];
+ if ($res[0]) {
+ echo('<img style="float: right" src="/' . $t->data['baseurlpath'] . 'resources/icons/accept.png" />');
+ echo('OK: ' . $res[1]);
+ } else {
+ echo('<img style="float: right" src="/' . $t->data['baseurlpath'] . 'resources/icons/gn/stop-l.png" />');
+ echo($res[1]);
+ }
+
+ if (isset($res['expire'])) {
+ echo('<p>Certificate expires in ' . $res['expire'] . ' days</p>');
+ }
+ if (isset($res['expireText'])) {
+ echo('<p>Certificate expires on ' . $res['expireText'] . '</p>');
+ }
+
+ echo('<div style="clear: both; height: 0px"></div>');
+ } else {
+ echo('<p style="color: #ccc">NA</p>');
+ }
+ echo('</div>');
+}
+
$ok = TRUE;
foreach ($this->data['res'] AS $tag => $res) {
if ($tag == 'time') continue;
@@ -94,6 +123,10 @@ if ($ok) {
<p>Trying to setup a TCP socket against the LDAP host.</p>
<?php presentRes('ping'); ?>
+<p>Check certificate.</p>
+<?php presentCertRes('cert'); ?>
+
+
<p>Trying to bind() with the LDAP admin user.</p>
<?php presentRes('adminBind'); ?>
diff --git a/modules/ldapstatus/templates/ldapstatus.php b/modules/ldapstatus/templates/ldapstatus.php
index 446250443..2fb613e05 100644
--- a/modules/ldapstatus/templates/ldapstatus.php
+++ b/modules/ldapstatus/templates/ldapstatus.php
@@ -15,6 +15,12 @@ a:hover {
div#content {
margin: .4em ! important;
}
+body {
+ padding: 0px ! important;
+}
+div.corner_t {
+ max-width: none ! important;
+}
</style>';
$this->includeAtTemplateBase('includes/header.php');
@@ -27,11 +33,12 @@ $this->includeAtTemplateBase('includes/header.php');
<th>Name of institusion</th>
<th>Conf</th>
<th>Ping</th>
- <th>Admin bind()</th>
+ <th colspan="3">Cert</th>
+ <th>Admin</th>
<th>S=bogus</th>
<th>test</th>
<th>S=test</th>
- <th>test bind()</th>
+ <th>T-bind()</th>
<th>Org-info</th>
<th>Meta</th>
<th>Time</th>
@@ -87,6 +94,19 @@ foreach($this->data['sortedOrgIndex'] as $orgkey) {
}
showRes('config', $res, $this);
showRes('ping', $res, $this);
+
+ showRes('cert', $res, $this);
+
+ echo('<td>' .
+ (isset($res['cert']['expire']) ? $res['cert']['expire'] . '' :
+ '<span style="color: #b4b4b4; font-size: x-small">NA</span>' ).
+ '</td>');
+
+ echo('<td>' .
+ (isset($res['cert']['expireText']) ? $res['cert']['expireText'] :
+ '<span style="color: #b4b4b4; font-size: x-small">NA</span>' ).
+ '</td>');
+
showRes('adminBind', $res, $this);
showRes('ldapSearchBogus', $res, $this);
showRes('configTest', $res, $this);
@@ -94,7 +114,10 @@ foreach($this->data['sortedOrgIndex'] as $orgkey) {
showRes('ldapBindTestUser', $res, $this);
showRes('getTestOrg', $res, $this);
showRes('configMeta', $res, $this);
- echo('<td style="text-align: right">' . ceil($res['time']*1000) . ' ms</td>');
+
+
+
+ echo('<td style="text-align: right">' . ceil($res['time']*1000) . ' ms</td>');
echo('</tr>');
if ($this->data['showcomments'] && array_key_exists('comment', $this->data['orgconfig'][$orgkey])) {
--
GitLab