diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php index d0436b516b312a80de1b858025b8968d5fd15bc5..bfceb59acec5f5d4e59731cfa1a56c3810f96556 100644 --- a/lib/SimpleSAML/Auth/LDAP.php +++ b/lib/SimpleSAML/Auth/LDAP.php @@ -19,20 +19,11 @@ class SimpleSAML_Auth_LDAP { */ private $ldap = null; - - /** - * Logger class. - */ - private static $logger = null; - /** * private constructor restricts instantiaton to getInstance() */ public function __construct($hostname) { - if (!isset(self::$logger)) self::$logger = new SimpleSAML_Logger(); - - $this->ldap = @ldap_connect($hostname); if (empty($this->ldap)) throw new Exception('Could not connect to LDAP server. Please try again, and if the problem persists, please report the error.'); diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php index 318808f8ced5343e638b6796e050b0d4ca91e73b..7468fe154719fba002d496610400c4b94af32987 100644 --- a/lib/SimpleSAML/Logger.php +++ b/lib/SimpleSAML/Logger.php @@ -50,7 +50,7 @@ class SimpleSAML_Logger { } $logstring = implode(',', array($priority, $trackid, $module, $submodule, $eventtype, $contentstring, $message)); - syslog($priority, $logstring); + syslog($priority, " OLD ".$logstring); } } diff --git a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php index 7a2a4be5698b6c11bf2b55bf0f64d6a7514de035..22eab310bb6b757e1028b01f5745993a6000ad60 100644 --- a/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php +++ b/lib/SimpleSAML/Metadata/MetaDataStorageHandlerSAML2Meta.php @@ -19,7 +19,6 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met private static $cachedfiles; - private $logger; /* This constructor is included in case it is needed in the the * future. Including it now allows us to write parent::__construct() in @@ -27,8 +26,6 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met */ protected function __construct() { if (!isset($this->cachedfiles)) $this->cachedfiles = array(); - $this->logger = new SimpleSAML_Logger(); - } @@ -105,8 +102,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met $metadata = $this->loadFile($metadatasetfile); } - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'INFO', 'Loading', - 'Loading metadata set [' . $set . '] from [' . $metadatasetfile . ']' ); + Logger::info('MetaData - Handler.SAML2Meta: Loading metadata set [' . $set . '] from [' . $metadatasetfile . ']' ); if (!is_array($metadata)) throw new Exception('Could not load metadata set [' . $set . '] from file: ' . $metadatasetfile); @@ -182,8 +178,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } @@ -220,8 +215,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met $metadata[$entityid]['ForceAuthn'] = (isset($seek_forceauth) ? ($seek_forceauth === 'true') : false); } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } @@ -266,8 +260,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met $metadata[$entityid]['requireconsent'] = (isset($seek_requireconsent) ? ($seek_requireconsent === 'true') : false); } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } @@ -332,8 +325,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } @@ -379,8 +371,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } @@ -464,8 +455,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandlerSAML2Meta extends SimpleSAML_Met } catch (Exception $e) { - $this->logger->log(LOG_INFO, null, 'MetaData', 'Handler.SAML2Meta', 'WARNING', 'Parsing', - 'Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); + Logger::info('MetaData - Handler.SAML2Meta: Error parsing [' . __FUNCTION__ . '] ' . $e->getMessage() ); } } diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 16073c4a84141f30545b7ab24b1e695768c0a182..7bc1092e1e25d9902c24dd6c945458d51a7bca59 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -5,7 +5,7 @@ require_once('SimpleSAML/Utilities.php'); require_once('SimpleSAML/Session.php'); require_once('SimpleSAML/SessionHandler.php'); require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php'); - +require_once('SimpleSAML/Logger.php'); /** * The Session class holds information about a user session, and everything attached to it. * @@ -60,17 +60,13 @@ class SimpleSAML_Session { // Track whether the session object is modified or not. private $dirty = false; - - private static $logger = null; - + /** * private constructor restricts instantiaton to getInstance() */ private function __construct($authenticated = true) { - if (!isset(self::$logger)) self::$logger = new SimpleSAML_Logger(); - $this->authenticated = $authenticated; if ($authenticated) { $this->sessionstarted = time(); @@ -87,10 +83,7 @@ class SimpleSAML_Session { * This function is called after this class has been deserialized. */ public function __wakeup() { - /* Initialize the $logger class variable if it hasn't been initialized. */ - if (self::$logger === NULL) { - self::$logger = new SimpleSAML_Logger(); - } + } @@ -225,8 +218,7 @@ class SimpleSAML_Session { public function getAuthnRequest($protocol, $requestid) { - self::$logger->log(LOG_DEBUG, $this->getTrackID(), 'Library', 'Session', 'DEBUG', $requestid, - 'Get authnrequest from cache ' . $protocol . ' time:' . time() . ' id: '. $requestid ); + Logger::debug('Library - Session: Get authnrequest from cache ' . $protocol . ' time:' . time() . ' id: '. $requestid ); $configuration = SimpleSAML_Configuration::getInstance(); if (isset($this->authnrequests[$protocol])) { @@ -239,9 +231,7 @@ class SimpleSAML_Session { * simply delete it :) */ if ($cache['date'] < time() - $configuration->getValue('session.requestcache', 4*(60*60)) ) { - - self::$logger->log(LOG_DEBUG, $this->getTrackID(), 'Library', 'Session', 'DEBUG', $id, - 'Deleting expired authn request with id ' . $id); + Logger::debug('Library - Session: Deleting expired authn request with id ' . $id); unset($this->authnrequests[$protocol][$id]); } } @@ -268,8 +258,7 @@ class SimpleSAML_Session { */ public function setAuthnRequest($protocol, $requestid, array $cache) { - self::$logger->log(LOG_DEBUG, $this->getTrackID(), 'Library', 'Session', 'DEBUG', $requestid, - 'Set authnrequest ' . $protocol . ' time:' . time() . ' size:' . count($cache) . ' id: '. $requestid ); + Logger::debug('Library - Session: Set authnrequest ' . $protocol . ' time:' . time() . ' size:' . count($cache) . ' id: '. $requestid ); $this->dirty = true; $cache['date'] = time(); @@ -386,8 +375,7 @@ class SimpleSAML_Session { */ public function clean($cleancache = false) { - self::$logger->log(LOG_DEBUG, $this->getTrackID(), 'Library', 'Session', 'DEBUG', '-', - 'Cleaning Session. Clean cache: ' . ($cleancache ? 'yes' : 'no') ); + Logger::debug('Library - Session: Cleaning Session. Clean cache: ' . ($cleancache ? 'yes' : 'no') ); if ($cleancache) { $this->authnrequests = array(); diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php index fc1a9f0305e9da3dcb45eab6e12d07b96ba5f29a..0553695d8c14e2ca54e686566c7bc3217f2a922e 100644 --- a/lib/SimpleSAML/Utilities.php +++ b/lib/SimpleSAML/Utilities.php @@ -287,9 +287,7 @@ class SimpleSAML_Utilities { $etrace = (empty($e) ? 'No exception available' : $e->getTraceAsString()); // Log a error message - $logger = new SimpleSAML_Logger(); - $logger->log($level, $trackid, $_SERVER['PHP_SELF'], '-', 'UserError', (!empty($errorcode) ? $errorcode : 'na'), - urlencode($emsg) ); + Logger::error($_SERVER['PHP_SELF'].' - UserError: ErrCode:'.(!empty($errorcode) ? $errorcode : 'na').': '.urlencode($emsg) ); $languagefile = null; if (isset($errorcode)) $languagefile = 'error_' . $errorcode . '.php'; diff --git a/lib/SimpleSAML/XHTML/Template.php b/lib/SimpleSAML/XHTML/Template.php index a13ed17187d6abff179bfa0fe87e153935ccd947..e09f99a125e81e71ba626c1c96791540fcbfd1fd 100644 --- a/lib/SimpleSAML/XHTML/Template.php +++ b/lib/SimpleSAML/XHTML/Template.php @@ -85,9 +85,7 @@ class SimpleSAML_XHTML_Template { if (!file_exists($filebase . $file) ) { - $logger = new SimpleSAML_Logger(); - $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile', - 'Could not find template file [' . $this->template . '] at [' . $filename . ']'); + Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']'); return; } } @@ -99,9 +97,7 @@ class SimpleSAML_XHTML_Template { $filebase = $this->configuration->getBaseDir() . $this->configuration->getValue('dictionarydir'); if (!file_exists($filebase . $file)) { - $logger = new SimpleSAML_Logger(); - $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile', - 'Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']'); + Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filebase . $file . ']'); return; } include($filebase . $file); @@ -132,9 +128,7 @@ class SimpleSAML_XHTML_Template { if (!file_exists($filename)) { - $logger = new SimpleSAML_Logger(); - $logger->log(LOG_ERR, null, $_SERVER['PHP_SELF'], '-', 'Template', 'CannotFindFile', - 'Could not find template file [' . $this->template . '] at [' . $filename . ']'); + Logger::error($_SERVER['PHP_SELF'].' - Template: Could not find template file [' . $this->template . '] at [' . $filename . ']'); echo 'Fatal error: Could not find template file [' . $this->template . '] at [' . $filename . ']'; exit(0); diff --git a/www/aselect/handler.php b/www/aselect/handler.php index 2c270eeabf521e096fbb335772cceb098c585d98..d24b3a97008827bc887ebda3a64af953f03d7b06 100644 --- a/www/aselect/handler.php +++ b/www/aselect/handler.php @@ -58,7 +58,6 @@ require_once('xmlseclibs.php'); require_once('SimpleSAML/Logger.php'); require_once('SimpleSAML/Configuration.php'); -$logger = new SimpleSAML_Logger(); $config = SimpleSAML_Configuration::getInstance(); $as_metadata = array( @@ -123,9 +122,7 @@ session_start(); // log an error and throw an exception function as_error_exception($msg) { - global $logger; - - $logger->log(LOG_NOTICE, '1', 'aselect', 'handler', 'request', 'access', $msg); + Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $msg)); throw new Exception($msg); } @@ -441,7 +438,7 @@ function as_request_bridge_return() { // demultiplex incoming request try { - $logger->log(LOG_NOTICE, '1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI']); + Logger::notice(array('1', 'aselect', 'handler', 'request', 'access', $_SERVER['REQUEST_URI'])); if ($_GET['request']) { $handler = 'as_request_' . $_GET['request']; $handler(); diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php index c66576c7fbfb10ffa1b41dac9a00e4e3c5ea257d..6bacd1c1f1b588af353943dd3c625007b410998f 100644 --- a/www/auth/login-admin.php +++ b/www/auth/login-admin.php @@ -12,9 +12,8 @@ require_once('SimpleSAML/Logger.php'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(); -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'admin', 'EVENT', 'Access', 'Accessing auth endpoint login-admin'); +Logger::info('AUTH -admin: Accessing auth endpoint login-admin'); $error = null; $attributes = array(); @@ -61,7 +60,7 @@ if (isset($_POST['password'])) { 'value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'admin', 'OK', $username, $username . ' successfully authenticated'); + Logger::notice('AUTH - admin: '. $username . ' successfully authenticated'); SimpleSAML_Utilities::redirect($relaystate); exit(0); diff --git a/www/auth/login-feide.php b/www/auth/login-feide.php index 472f2f0c11b849d992998735a768ef84de356419..7fffb16a356707a38b79a32bc5d326cb3f0789fc 100644 --- a/www/auth/login-feide.php +++ b/www/auth/login-feide.php @@ -31,12 +31,11 @@ require_once('SimpleSAML/Auth/LDAP.php'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(); -$logger = new SimpleSAML_Logger(); $ldapconfigfile = $config->getBaseDir() . 'config/ldapfeide.php'; require_once($ldapconfigfile); -$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap-feide', 'EVENT', 'Access', 'Accessing auth endpoint login-feide'); +Logger::info('AUTH - ldap-feide: Accessing auth endpoint login-feide'); $error = null; $attributes = array(); @@ -113,7 +112,7 @@ if (isset($_REQUEST['username'])) { * Do LDAP bind using DN found from the search on ePPN. */ if (!$ldap->bind($dn, $password)) { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-feide', 'Fail', $requestedUser, $requestedUser . ' failed to authenticate. DN=' . $dn); + Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' failed to authenticate. DN=' . $dn); throw new Exception('Wrong username or password'); } @@ -122,7 +121,7 @@ if (isset($_REQUEST['username'])) { */ $attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-feide', 'OK', $requestedUser, $requestedUser . ' successfully authenticated'); + Logger::notice('AUTH - ldap-feide: '. $requestedUser . ' successfully authenticated'); $session->setAuthenticated(true, 'login-feide'); $session->setAttributes($attributes); @@ -136,8 +135,7 @@ if (isset($_REQUEST['username'])) { } catch (Exception $e) { - $logger->log(LOG_ERR, $session->getTrackID(), 'AUTH', 'ldap-feide', 'ERROR', - (isset($requestedUser) ? $requestedUser : 'na'), $e->getMessage()); + Logger::error('AUTH - ldap-feide: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage()); $error = $e->getMessage(); } } diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php index a3ceb29d026a8bfa3c3a38d2fc5120a56e1462d3..78aa0129f4e01a28bc0fdb1fd86f715bc79a018b 100644 --- a/www/auth/login-ldapmulti.php +++ b/www/auth/login-ldapmulti.php @@ -12,13 +12,12 @@ require_once('SimpleSAML/XHTML/Template.php'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(); -$logger = new SimpleSAML_Logger(); $ldapconfigfile = $config->getBaseDir() . 'config/ldapmulti.php'; require_once($ldapconfigfile); -$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap-multi', 'EVENT', 'Access', 'Accessing auth endpoint login-ldapmulti'); +Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti'); $error = null; @@ -48,7 +47,7 @@ if (isset($_POST['username'])) { if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3'); + Logger::critical('AUTH - ldap-multi: Error setting LDAP protocol version to 3'); $error = "Failed to set LDAP Protocol version to 3"; } @@ -65,7 +64,7 @@ if (isset($_POST['username'])) { ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]"; - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate'); + Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate'); } else { $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] ); @@ -86,7 +85,7 @@ if (isset($_POST['username'])) { //print_r($ldapentries); //print_r($attributes); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap-multi', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated'); + Logger::notice('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated'); $session->setAuthenticated(true, 'login-ldapmulti'); diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php index a36eca74aa6061c91fee7eaab3e5331ff2e31384..d1c9851b7ce80cd514e1c46b7b7a2604672c57ac 100644 --- a/www/auth/login-radius.php +++ b/www/auth/login-radius.php @@ -11,9 +11,9 @@ require_once('SimpleSAML/XHTML/Template.php'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(); -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'radius', 'EVENT', 'Access', 'Accessing auth endpoint login'); + +Logger::info('AUTH - radius: Accessing auth endpoint login'); $error = null; $attributes = array(); @@ -35,14 +35,12 @@ if (isset($_POST['username'])) { if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'), $config->getValue('auth.radius.secret'), 5, 3)) { - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius), - 'Problem occured when connecting to Radius server'); + Logger::critical('AUTH - radius: Problem occured when connecting to Radius server: '.radius_strerror($radius)); throw new Exception('Problem occured when connecting to Radius server: ' . radius_strerror($radius)); } if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) { - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius), - 'Problem occured when creating the Radius request'); + Logger::critical('AUTH - radius: Problem occured when creating the Radius request: '.radius_strerror($radius)); throw new Exception('Problem occured when creating the Radius request: ' . radius_strerror($radius)); } @@ -83,7 +81,7 @@ if (isset($_POST['username'])) { //$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username'])); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'OK', $_POST['username'], $_POST['username'] . ' successfully authenticated'); + Logger::notice('AUTH - radius: '. $_POST['username'] . ' successfully authenticated'); $session->setAuthenticated(true, 'login-radius'); @@ -98,17 +96,15 @@ if (isset($_POST['username'])) { case RADIUS_ACCESS_REJECT: - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'radius', 'Fail', $_POST['username'], $_POST['username'] . ' failed to authenticate'); + Logger::notice('AUTH - radius: '. $_POST['username'] . ' failed to authenticate'); throw new Exception('Radius authentication error: Bad credentials '); break; case RADIUS_ACCESS_CHALLENGE: - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius), - 'Challenge requested'); + Logger::critical('AUTH - radius: Challenge requested: ' . radius_strerror($radius)); throw new Exception('Radius authentication error: Challenge requested'); break; default: - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'radius', 'radius_strerror', radius_strerror($radius), - 'General radius error'); + Logger::critical('AUTH -radius: General radius error: ' . radius_strerror($radius)); throw new Exception('Error during radius authentication: ' . radius_strerror($radius)); } diff --git a/www/auth/login.php b/www/auth/login.php index ee09d764288618075c4798058a00cc77c9236620..0a11d44b0d4c58b5d86ec5e0b867fda9934ca6f4 100644 --- a/www/auth/login.php +++ b/www/auth/login.php @@ -15,9 +15,8 @@ require_once('SimpleSAML/Logger.php'); $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackID(), 'AUTH', 'ldap', 'EVENT', 'Access', 'Accessing auth endpoint login'); +Logger::info('AUTH - ldap: Accessing auth endpoint login'); $error = null; $attributes = array(); @@ -70,7 +69,7 @@ if (isset($_POST['username'])) { if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { - $logger->log(LOG_CRIT, $session->getTrackID(), 'AUTH', 'ldap-multi', 'LDAP_OPT_PROTOCOL_VERSION', '3', 'Error setting LDAP prot version to 3'); + Logger::critical('AUTH - ldap: Error setting LDAP protocol version to 3'); throw new Exception("Failed to set LDAP Protocol version to 3"); } @@ -84,7 +83,7 @@ if (isset($_POST['username'])) { $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern') . "] Error=[" . ldap_error($ds) . "] ErrNo=[" . ldap_errno($ds) . "]"; - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'Fail', $username, $username . ' failed to authenticate'); + Logger::notice('AUTH - ldap: '. $username . ' failed to authenticate'); } else { $sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes')); @@ -138,7 +137,7 @@ if (isset($_POST['username'])) { 'value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'AUTH', 'ldap', 'OK', $username, $username . ' successfully authenticated'); + Logger::notice('AUTH - ldap: '. $username . ' successfully authenticated'); SimpleSAML_Utilities::redirect($relaystate); diff --git a/www/openid/provider/server.php b/www/openid/provider/server.php index f9677fdbbfacf8c17afebe7b2c88c474f27dc695..bf5e40534764e531bf22d68d1f827e2a7d660cee 100644 --- a/www/openid/provider/server.php +++ b/www/openid/provider/server.php @@ -220,8 +220,6 @@ function check_authenticated_user() { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); - $logger = new SimpleSAML_Logger(); - $idpentityid = $metadata->getMetaDataCurrentEntityID('openid-provider'); $idpmeta = $metadata->getMetaDataCurrent('openid-provider'); diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php index a985e3a369788a531914fec0ad6155ec3a58bf59..24452986eaa201e99373a9ccf0df4610c36717d3 100644 --- a/www/saml2/idp/SSOService.php +++ b/www/saml2/idp/SSOService.php @@ -27,8 +27,6 @@ $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); -$logger = new SimpleSAML_Logger(); - try { $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted'); @@ -38,7 +36,7 @@ try { $requestid = null; -$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', 'Access', 'Accessing SAML 2.0 IdP endpoint SSOService'); +Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService'); /* * If the SAMLRequest query parameter is set, we got an incomming Authentication Request @@ -71,12 +69,10 @@ if (isset($_GET['SAMLRequest'])) { if ($binding->validateQuery($authnrequest->getIssuer(),'IdP')) { - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnRequest', $requestid, 'Valid signature found'); + Logger::info('SAML2.0 - IdP.SSOService: Valid signature found for '.$requestid); } - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnRequest', - array($authnrequest->getIssuer(), $requestid), - 'Incomming Authentication request'); + Logger::info('SAML2.0 - IdP.SSOService: Incomming Authentication request: '.$authnrequest->getIssuer().' id '.$requestid); } catch(Exception $exception) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception); @@ -99,7 +95,7 @@ if (isset($_GET['SAMLRequest'])) { $requestcache = $session->getAuthnRequest('saml2', $requestid); - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming RequestID'); + Logger::info('SAML2.0 - IdP.SSOService: Got incomming RequestID'); if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid); @@ -127,8 +123,7 @@ $authority = isset($idpmeta['authority']) ? $idpmeta['authority'] : null; */ if (!isset($session) || !$session->isValid($authority) ) { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthNext', $idpmeta['auth'], - 'Will go to authentication module ' . $idpmeta['auth']); + Logger::notice('SAML2.0 - IdP.SSOService: Will go to authentication module ' . $idpmeta['auth']); $relaystate = SimpleSAML_Utilities::selfURLNoQuery() . '?RequestID=' . urlencode($requestid); @@ -157,8 +152,7 @@ if (!isset($session) || !$session->isValid($authority) ) { if (!isset($_GET['consent'])) { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'Consent', 'request', - 'Requires consent from user for attribute release'); + Logger::notice('SAML2.0 - IdP.SSOService: Requires consent from user for attribute release'); $t = new SimpleSAML_XHTML_Template($config, 'consent.php'); $t->data['header'] = 'Consent'; @@ -170,8 +164,7 @@ if (!isset($session) || !$session->isValid($authority) ) { } else { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'ConsentOK', '-', - 'Got consent from user'); + Logger::notice('SAML2.0 - IdP.SSOService: Got consent from user'); } } @@ -180,8 +173,7 @@ if (!isset($session) || !$session->isValid($authority) ) { // Right now the list is used for SAML 2.0 only. $session->add_sp_session($spentityid); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'IdP.SSOService', 'AuthnResponse', $spentityid, - 'Sending back AuthnResponse'); + Logger::notice('SAML2.0 - IdP.SSOService: Sending back AuthnResponse to '.$spentityid); /* * Filtering attributes. diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php index ecb7b4d37cb7c8fd4c455470f3d2cb9d099d8ac9..91543a6168cca828adb10cba84b90b63aff9b2b3 100644 --- a/www/saml2/idp/SingleLogoutService.php +++ b/www/saml2/idp/SingleLogoutService.php @@ -30,9 +30,7 @@ $session = SimpleSAML_Session::getInstance(); $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SingleLogoutService', 'EVENT', 'Access', - 'Accessing SAML 2.0 IdP endpoint SingleLogoutService'); +Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService'); // TODO: if session is not set, give error or do something else. @@ -52,9 +50,7 @@ if (isset($_GET['SAMLRequest'])) { $logoutrequest = $binding->decodeLogoutRequest($_GET); if ($binding->validateQuery($logoutrequest->getIssuer(),'IdP')) { - $logger->log(LOG_INFO, - isset($session) ? $session->getTrackID() : 'NA', - 'SAML2.0', 'IdP.SingleLogoutService', 'LogoutRequest', $logoutrequest->getRequestID(), 'Valid signature found'); + Logger::info('SAML2.0 - IdP.SingleLogoutService: Valid signature found for '.$logoutrequest->getRequestID()); } } catch(Exception $exception) { @@ -105,7 +101,7 @@ if (isset($_GET['SAMLRequest'])) { //echo '<pre>' . htmlentities($logoutrequest->getXML()) . '</pre>'; - error_log('IdP LogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer() . ' '); + Logger::notice('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer()); # $session->setLogoutRequest($logoutrequest); @@ -136,7 +132,7 @@ if (isset($_GET['SAMLRequest'])) { $loginresponse = $binding->decodeLogoutResponse($_GET); if ($binding->validateQuery($loginresponse->getIssuer(),'SP','SAMLResponse')) { - $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', 'SingleLogoutServiceResponse','Valid signature found'); + Logger::notice('SAML2.0 - IDP.SingleLogoutService: Valid signature found'); } @@ -157,7 +153,7 @@ if (isset($_GET['SAMLRequest'])) { $session->set_sp_logout_completed($loginresponse->getIssuer()); - error_log('IdP LogoutService: got LogoutResponse from ' . $loginresponse->getIssuer() . ' '); + Logger::notice('SAML2.0 - IDP.SingleLogoutService: got LogoutResponse from ' . $loginresponse->getIssuer()); } @@ -171,7 +167,7 @@ $session->dump_sp_sessions(); $spentityid = $session->get_next_sp_logout(); if ($spentityid) { - error_log('IdP LogoutService: next SP ' . $spentityid); + Logger::notice('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spentityid); try { $lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata); @@ -206,8 +202,8 @@ if ($spentityid) { } -if ($config->getValue('debug', false)) - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SingleLogoutService', 'EVENT', 'LogoutDone', 'IdP LogoutService: SPs done '); +if ($config->getValue('debug', false)) + Logger::info('SAML2.0 - IdP.SingleLogoutService: LogoutService: All SPs done '); @@ -247,12 +243,12 @@ try { * Clean up session object to save storage. */ if ($config->getValue('debug', false)) - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SingleLogoutService', 'EVENT', 'SessionSize', 'Size before cleaning: ' . $session->getSize()); + Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size before cleaning: ' . $session->getSize()); $session->clean(); if ($config->getValue('debug', false)) - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'IdP.SingleLogoutService', 'EVENT', 'SessionSize', 'Size after cleaning: ' . $session->getSize()); + Logger::info('SAML2.0 - IdP.SingleLogoutService: Session Size after cleaning: ' . $session->getSize()); /** diff --git a/www/saml2/sp/AssertionConsumerService.php b/www/saml2/sp/AssertionConsumerService.php index dabcc554712a5ae13b9cfada15cb7ae54c22426c..2f459dcd5cd75fd862f4534b274474170b4fcf5d 100644 --- a/www/saml2/sp/AssertionConsumerService.php +++ b/www/saml2/sp/AssertionConsumerService.php @@ -28,11 +28,7 @@ require_once('SimpleSAML/XHTML/Template.php'); */ $session = SimpleSAML_Session::getInstance(TRUE); -$logger = new SimpleSAML_Logger(); - - -$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'EVENT', 'Access', - 'Accessing SAML 2.0 SP endpoint AssertionConsumerService'); +Logger::info('SAML2.0 - SP.AssertionConsumerService: Accessing SAML 2.0 SP endpoint AssertionConsumerService'); try { @@ -44,8 +40,7 @@ try { $authnResponse->process(); - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.AssertionConsumerService', 'AuthnResponse', '-', - 'Successfully created local session from Authentication Response'); + Logger::notice('SAML2.0 - SP.AssertionConsumerService: Successfully created local session from Authentication Response'); $relayState = $authnResponse->getRelayState(); if (isset($relayState)) { diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php index c3f43dcfa796039c969e80349f076ab226fd4e44..2193fc503013d92c643c696dcf121dc15684fa21 100644 --- a/www/saml2/sp/SingleLogoutService.php +++ b/www/saml2/sp/SingleLogoutService.php @@ -20,9 +20,7 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackId(), 'SAML2.0', 'SP.SingleLogoutService', 'EVENT', 'Access', - 'Accessing SAML 2.0 SP endpoint SingleLogoutService'); +Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService'); // Destroy local session if exists. if (isset($session) ) { @@ -41,7 +39,7 @@ if (isset($_GET['SAMLRequest'])) { $logoutrequest = $binding->decodeLogoutRequest($_GET); if ($binding->validateQuery($logoutrequest->getIssuer(),'SP')) { - $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid,'Valid signature found'); + Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found for '.$requestid); } // Extract some parameters from the logout request @@ -52,8 +50,7 @@ if (isset($_GET['SAMLRequest'])) { //$responder = $config->getValue('saml2-hosted-sp'); $responder = $metadata->getMetaDataCurrentEntityID(); - $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutRequest', $requestid, - 'IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ')'); + Logger::notice('SAML2.0 - SP.SingleLogoutService: IdP (' . $requester . ') is sending logout request to me SP (' . $responder . ') requestid '.$requestid); // Create a logout response @@ -65,8 +62,7 @@ if (isset($_GET['SAMLRequest'])) { $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata); - $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', '-', - 'SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')'); + Logger::notice('SAML2.0 - SP.SingleLogoutService: SP me (' . $responder . ') is sending logout response to IdP (' . $requester . ')'); // Send the Logout response using HTTP POST binding. $httpredirect->sendMessage($logoutResponseXML, $responser, $requester, $logoutrequest->getRelayState(), 'SingleLogoutServiceResponse', 'SAMLResponse'); @@ -87,7 +83,7 @@ if (isset($_GET['SAMLRequest'])) { $logoutresponse = $binding->decodeLogoutResponse($_GET); if ($binding->validateQuery($logoutresponse->getIssuer(),'SP','SAMLResponse')) { - $logger->log(LOG_NOTICE, $trackId, 'SAML2.0', 'SP.SingleLogoutService', 'LogoutResponse', 'SingleLogoutServiceResponse','Valid signature found'); + Logger::notice('SAML2.0 - SP.SingleLogoutService: Valid signature found'); } } catch(Exception $exception) { diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php index e64c36f634247933241984458d99eb0f7d38cf2d..7ac36ff82eba7dc7f7659dcc141ae65d87d64a5d 100644 --- a/www/saml2/sp/initSLO.php +++ b/www/saml2/sp/initSLO.php @@ -15,8 +15,6 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(); -$logger = new SimpleSAML_Logger(); - if (isset($session) ) { try { @@ -24,8 +22,7 @@ if (isset($session) ) { $idpentityid = $session->getIdP(); $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID(); - $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access', - 'Accessing SAML 2.0 SP initSLO script'); + Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO script'); /** * Create a logout request @@ -40,8 +37,7 @@ if (isset($session) ) { $relayState = $_REQUEST['RelayState']; } - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', 'N/A', - 'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')'); + Logger::notice('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')'); $httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP'); @@ -57,8 +53,7 @@ if (isset($session) ) { $relaystate = $_REQUEST['RelayState']; - $logger->log(LOG_NOTICE, 'NA', 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A', - 'User is already logged out. Go back to relaystate'); + Logger::notice('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate'); SimpleSAML_Utilities::redirect($relaystate); diff --git a/www/saml2/sp/initSSO.php b/www/saml2/sp/initSSO.php index 7ec35763c1f45183607ffafc67cea687fc287940..5b61f0762b31d1af1a009681728da9a439047e37 100644 --- a/www/saml2/sp/initSSO.php +++ b/www/saml2/sp/initSSO.php @@ -24,9 +24,7 @@ $session = SimpleSAML_Session::getInstance(true); * */ -$logger = new SimpleSAML_Logger(); -$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'EVENT', 'Access', - 'Accessing SAML 2.0 SP initSSO script'); +Logger::info('SAML2.0 - SP.initSSO: Accessing SAML 2.0 SP initSSO script'); try { @@ -43,8 +41,7 @@ if (!isset($session) || !$session->isValid('saml2') ) { if ($idpentityid == null) { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'NextDisco', $spentityid, - 'No SP default or specified, go to SAML2disco'); + Logger::notice('SAML2.0 - SP.initSSO: No chosen or default IdP, go to SAML2disco'); $returnURL = urlencode(SimpleSAML_Utilities::selfURL()); $discservice = '/' . $config->getValue('baseurlpath') . 'saml2/sp/idpdisco.php?entityID=' . $spentityid . @@ -67,8 +64,7 @@ if (!isset($session) || !$session->isValid('saml2') ) { $relayState = $_GET['RelayState']; } - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AuthnRequest', $idpentityid, - 'SP (' . $spentityid . ') is sending authentication request to IdP (' . $idpentityid . ')'); + Logger::notice('SAML2.0 - SP.initSSO: SP (' . $spentityid . ') is sending AuthNRequest to IdP (' . $idpentityid . ')'); $httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState); @@ -84,8 +80,7 @@ if (!isset($session) || !$session->isValid('saml2') ) { if (isset($relaystate) && !empty($relaystate)) { - $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSSO', 'AlreadyAuthenticated', '-', - 'Go back to RelayState'); + Logger::notice('SAML2.0 - SP.initSSO: Already Authenticated, Go back to RelayState'); SimpleSAML_Utilities::redirect($relaystate); } else { diff --git a/www/shib13/idp/SSOService.php b/www/shib13/idp/SSOService.php index f2442c44560d18c16d642bd5b196801d7bbd1b96..bc926ba701a659754e72c19f9a3ae16512a3f4b1 100644 --- a/www/shib13/idp/SSOService.php +++ b/www/shib13/idp/SSOService.php @@ -27,14 +27,13 @@ $config = SimpleSAML_Configuration::getInstance(); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $session = SimpleSAML_Session::getInstance(true); -$logger = new SimpleSAML_Logger(); $idpentityid = $metadata->getMetaDataCurrentEntityID('shib13-idp-hosted'); $idpmetadata = $metadata->getMetaDataCurrent('shib13-idp-hosted'); $requestid = null; -$logger->log(LOG_INFO, $session->getTrackID(), 'Shib1.3', 'IdP.SSOService', 'EVENT', 'Access', 'Accessing Shibboleth 1.3 IdP endpoint SSOService'); +Logger::info('Shib1.3 - IdP.SSOService: Accessing Shibboleth 1.3 IdP endpoint SSOService'); /* * If the shire query parameter is set, we got an incomming Authentication Request @@ -65,7 +64,7 @@ if (isset($_GET['shire'])) { $session->setAuthnRequest('shib13', $requestid, $requestcache); - $logger->log(LOG_INFO, $session->getTrackID(), 'Shib1.3', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming Shib authnRequest'); + Logger::info('Shib1.3 - IdP.SSOService: Got incomming Shib authnRequest requestid: '.$requestid); } catch(Exception $exception) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'PROCESSAUTHNREQUEST', $exception); @@ -89,7 +88,7 @@ if (isset($_GET['shire'])) { $requestcache = $session->getAuthnRequest('shib13', $requestid); - $logger->log(LOG_INFO, $session->getTrackID(), 'Shib1.3', 'IdP.SSOService', 'EVENT', $requestid, 'Got incomming RequestID'); + Logger::info('Shib1.3 - IdP.SSOService: Got incomming RequestID: '.$requestid); if (!$requestcache) throw new Exception('Could not retrieve cached RequestID = ' . $requestid);