Skip to content
Snippets Groups Projects
Commit 7b924db9 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Certcheck functionality is moved into ldapstatus module 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1342 44740490-163a-0410-bde0-09ae8108e29a
parent 218bca49
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/certcheck/default-disable deleted 100644 → 0
+ 0
0
View file @ 218bca49
modules/certcheck/templates/certcheck.php deleted 100644 → 0
+ 0
58
View file @ 218bca49
<?php
$this->data['header'] = 'LDAP status page';
$this->includeAtTemplateBase('includes/header.php');
?>
<h2>Certificate check</h2>
<table class="attributes" style="font-size: small; width: 100%; border: 1px solid #aaa">
<tr>
<th>Host</th>
<th colspan="3">Expires</th>
<th>Issuer</th>
</tr>
<?php
$i = 0;
$classes = array('odd', 'even');
# $this->data['results']
foreach($this->data['results'] as $orgkey => $org) {
echo('<tr class="' . ($classes[($i++ % 2)]) . '">');
if (array_key_exists('error', $this->data['resultsm'][$orgkey])) {
echo '<td colspan="2">' . $orgkey . '</td><td>';
echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/delete.png" /></td>';
echo '<td colspan="2">' . $this->data['resultsm'][$orgkey]['error'];
echo '</td>';
} else {
echo '<td>' . $orgkey . '</td><td>' . $org . ' days</td><td>';
if ($org < 30) {
echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/delete.png" />';
} else {
echo '<img src="/' . $this->data['baseurlpath'] . 'resources/icons/accept.png" />';
}
echo '</td>';
echo '<td>';
if (array_key_exists('expire', $this->data['resultsm'][$orgkey])) echo $this->data['resultsm'][$orgkey]['expire'];
echo '</td>';
echo '<td>';
if (array_key_exists('issuer', $this->data['resultsm'][$orgkey])) echo $this->data['resultsm'][$orgkey]['issuer'];
echo '</td>';
}
echo('</tr>');
}
?>
</table>
<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
modules/certcheck/www/index.php deleted 100644 → 0
+ 0
115
View file @ 218bca49
<?php
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getInstance();
if (!$session->isValid('login-admin') ) {
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
array('RelayState' => SimpleSAML_Utilities::selfURL())
);
}
function phpping($host, $port) {
SimpleSAML_Logger::debug('ldapstatus phpping(): ping [' . $host . ':' . $port . ']' );
$timeout = 1.0;
$socket = @fsockopen($host, $port, $errno, $errstr, $timeout);
@fclose($socket);
if ($errno) {
return array(FALSE, $errno . ':' . $errstr);
} else {
return array(TRUE,NULL);
}
}
$ldapconfig = SimpleSAML_Configuration::getConfig('config-login-feide.php');
$ldapStatusConfig = SimpleSAML_Configuration::getConfig('module_ldapstatus.php');
$pingcommand = $ldapStatusConfig->getValue('ping');
$debug = $ldapconfig->getValue('ldapDebug', FALSE);
$orgs = $ldapconfig->getValue('orgldapconfig');
#echo '<pre>'; print_r($orgs); exit;
$results = array();
$resultsm = array();
$i = 0;
foreach ($orgs AS $orgkey => $orgconfig) {
# if (++$i > 10) continue;
if (empty($orgconfig['hostname'])) continue;
$urldef = explode(' ', $orgconfig['hostname']);
$url = parse_url($urldef[0]);
$port = 389;
if (preg_match('/^ldaps/', $urldef[0])) $port = 636;
if (!empty($url['port'])) $port = $url['port'];
if (!array_key_exists('host', $url)) {
echo 'could not resolve host name in ' . $urldef[0]; exit;
}
$host = $url['host'];
# echo 'pinging ' . $host . ' port ' . $port;
$ping = phpping($host, $port);
if ($ping[0] === FALSE) {
$results[$host] = 0;
$resultsm[$host]['error'] = 'No connectivity (ping) [' . $host . ':' . $port . ']';
continue;
}
$cmd = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -enddate -noout';
$output = shell_exec($cmd);
if (!empty($output)) {
$cmd2 = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -issuer -noout';
$output2 = shell_exec($cmd2);
// echo $output; exit;
if (preg_match('/issuer=(.{0,40})/', $output2, $matches) ) {
$resultsm[$host]['issuer'] = $matches[1];
} else {
$results[$host] = 0;
$resultsm[$host]['error'] = 'Did not find Issuer in response [' . $host . ':' . $port . ']';
}
} else {
$results[$host] = 0;
$resultsm[$host]['error'] = 'Empty output from s_client -connect [' . $host . ':' . $port . ']';
}
if (preg_match('/notAfter=(.*)/', $output, $matches) ) {
$rawdate = $matches[1];
$date = strtotime($rawdate) - time();
// echo '<pre>';
// print_r($date);
$days = floor($date / (60*60*24));
# echo '<p>expires in ' . $days . ' days';
$results[$host] = $days;
$resultsm[$host]['expire'] = date('jS F Y', strtotime($rawdate));
}
}
asort($results);
// echo '<pre>';
// print_r($results);
// print_r($resultsm);
// exit;
$t = new SimpleSAML_XHTML_Template($config, 'certcheck:certcheck.php');
$t->data['results'] = $results;
$t->data['resultsm'] = $resultsm;
$t->show();
exit;
?>
modules/ldapstatus/lib/Auth/Backend/Test/StandardLDAPTest.php
+ 54
1
View file @ 7b924db9
......@@ -78,6 +78,9 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
}
$result['cert'] = $this->certCheck();
// LDAP Connect
try {
$tester->tick('connect');
......@@ -195,7 +198,57 @@ class sspmod_ldapstatus_Auth_Backend_Test_StandardLDAPTest extends sspmod_feide_
}
private function certCheck() {
$result = array(FALSE, '');
$tester = new sspmod_ldapstatus_Tester($this->location);
$tester->tick('certcheck');
$hostname = $this->location->getValue('hostname');
$urldef = explode(' ', $hostname);
$url = parse_url($urldef[0]);
$port = 389;
if (!empty($url['scheme']) && $url['scheme'] === 'ldaps') $port = 636;
if (!empty($url['port'])) $port = $url['port'];
$host = $url['host'];
$tester->log('ldapstatus Url parse [' . $hostname . '] => [' . $host . ']:[' . $port . ']' );
$cmd = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -enddate -noout';
$output = shell_exec($cmd);
if (!empty($output)) {
$cmd2 = 'echo "" | openssl s_client -connect ' . $host . ':' . $port . ' 2> /dev/null | openssl x509 -issuer -noout';
$output2 = shell_exec($cmd2);
if (preg_match('/issuer=(.{0,40})/', $output2, $matches) ) {
$result['issuer'] = $matches[1];
$result[1] .= ' ' . $output2;
} else {
$result[0] = FALSE;
$result[1] = 'Did not find Issuer in response [' . $host . ':' . $port . ']';
return $result;
}
} else {
$result[0] = FALSE;
$result[1] = 'Empty output from s_client -connect [' . $host . ':' . $port . ']';
return $result;
}
if (preg_match('/notAfter=(.*)/', $output, $matches) ) {
$rawdate = $matches[1];
$date = strtotime($rawdate) - time();
$days = floor($date / (60*60*24));
# echo '<p>expires in ' . $days . ' days';
$result[0] = ($days > 20);
$result['expire'] = $days;
$result['expireText'] = date('Y-m-d', strtotime($rawdate));
return $result;
}
}
}
\ No newline at end of file
modules/ldapstatus/templates/ldapsinglehost.php
+ 33
0
View file @ 7b924db9
......@@ -55,6 +55,35 @@ function presentRes($restag) {
echo('</div>');
}
function presentCertRes($restag) {
global $t;
echo('<div class="inbox" style="border: 1px solid #aaa; background: #eee; padding: .4em; margin: .2em;">');
if (array_key_exists($restag, $t->data['res'])) {
$res = $t->data['res'][$restag];
if ($res[0]) {
echo('<img style="float: right" src="/' . $t->data['baseurlpath'] . 'resources/icons/accept.png" />');
echo('OK: ' . $res[1]);
} else {
echo('<img style="float: right" src="/' . $t->data['baseurlpath'] . 'resources/icons/gn/stop-l.png" />');
echo($res[1]);
}
if (isset($res['expire'])) {
echo('<p>Certificate expires in ' . $res['expire'] . ' days</p>');
}
if (isset($res['expireText'])) {
echo('<p>Certificate expires on ' . $res['expireText'] . '</p>');
}
echo('<div style="clear: both; height: 0px"></div>');
} else {
echo('<p style="color: #ccc">NA</p>');
}
echo('</div>');
}
$ok = TRUE;
foreach ($this->data['res'] AS $tag => $res) {
if ($tag == 'time') continue;
......@@ -94,6 +123,10 @@ if ($ok) {
<p>Trying to setup a TCP socket against the LDAP host.</p>
<?php presentRes('ping'); ?>
<p>Check certificate.</p>
<?php presentCertRes('cert'); ?>
<p>Trying to bind() with the LDAP admin user.</p>
<?php presentRes('adminBind'); ?>
......
modules/ldapstatus/templates/ldapstatus.php
+ 26
3
View file @ 7b924db9
......@@ -15,6 +15,12 @@ a:hover {
div#content {
margin: .4em ! important;
}
body {
padding: 0px ! important;
}
div.corner_t {
max-width: none ! important;
}
</style>';
$this->includeAtTemplateBase('includes/header.php');
......@@ -27,11 +33,12 @@ $this->includeAtTemplateBase('includes/header.php');
<th>Name of institusion</th>
<th>Conf</th>
<th>Ping</th>
<th>Admin bind()</th>
<th colspan="3">Cert</th>
<th>Admin</th>
<th>S=bogus</th>
<th>test</th>
<th>S=test</th>
<th>test bind()</th>
<th>T-bind()</th>
<th>Org-info</th>
<th>Meta</th>
<th>Time</th>
......@@ -87,6 +94,19 @@ foreach($this->data['sortedOrgIndex'] as $orgkey) {
}
showRes('config', $res, $this);
showRes('ping', $res, $this);
showRes('cert', $res, $this);
echo('<td>' .
(isset($res['cert']['expire']) ? $res['cert']['expire'] . '' :
'<span style="color: #b4b4b4; font-size: x-small">NA</span>' ).
'</td>');
echo('<td>' .
(isset($res['cert']['expireText']) ? $res['cert']['expireText'] :
'<span style="color: #b4b4b4; font-size: x-small">NA</span>' ).
'</td>');
showRes('adminBind', $res, $this);
showRes('ldapSearchBogus', $res, $this);
showRes('configTest', $res, $this);
......@@ -94,7 +114,10 @@ foreach($this->data['sortedOrgIndex'] as $orgkey) {
showRes('ldapBindTestUser', $res, $this);
showRes('getTestOrg', $res, $this);
showRes('configMeta', $res, $this);
echo('<td style="text-align: right">' . ceil($res['time']*1000) . ' ms</td>');
echo('<td style="text-align: right">' . ceil($res['time']*1000) . '&nbsp;ms</td>');
echo('</tr>');
if ($this->data['showcomments'] && array_key_exists('comment', $this->data['orgconfig'][$orgkey])) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment