From 45f2fff060a19193d2ed85cd0c7e51b9534c8eb6 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 2 Jan 2018 06:51:14 +0000 Subject: [PATCH] www/web-proxy-sso: style fixes and copyright headers; closes #344 (cherry picked from commit 0113d06cdd6255f5a2bae44448c899ca38796cb6) --- .../src/etc/inc/plugins.inc.d/proxy_sso.inc | 2 +- .../ProxySSO/Api/ServiceController.php | 88 +++++++++++-------- .../ProxySSO/Api/SettingsController.php | 42 +++++---- .../OPNsense/ProxySSO/IndexController.php | 42 +++++++-- .../app/models/OPNsense/ProxySSO/ProxySSO.php | 40 +++++++-- .../app/views/OPNsense/ProxySSO/index.volt | 26 ++++++ .../OPNsense/ProxySSO/kerberos_test.sh | 24 +++++ .../OPNsense/ProxySSO/squid-gen-keytab.sh | 24 +++++ 8 files changed, 214 insertions(+), 74 deletions(-) diff --git a/www/web-proxy-sso/src/etc/inc/plugins.inc.d/proxy_sso.inc b/www/web-proxy-sso/src/etc/inc/plugins.inc.d/proxy_sso.inc index ba4bd8c1d..91c7f052a 100644 --- a/www/web-proxy-sso/src/etc/inc/plugins.inc.d/proxy_sso.inc +++ b/www/web-proxy-sso/src/etc/inc/plugins.inc.d/proxy_sso.inc @@ -9,7 +9,7 @@ function proxy_sso_configure() function proxy_sso_squid_hook($verbose, $action) { - if($action == "reconfigure") { + if ($action == "reconfigure") { configd_run('template reload OPNsense/ProxySSO'); } } diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php index 99e665886..931cfa7a3 100644 --- a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php +++ b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php @@ -1,5 +1,31 @@ OPNsense->proxy->forward->authentication->method); - foreach($methods as $method) { + foreach ($methods as $method) { $xpath = $cnf->xpath("//system/authserver[name=\"$method\" and type=\"ldap\"]"); - if(count($xpath)) { + if (count($xpath)) { $ldap_server = $xpath[0]; break; } @@ -100,11 +125,10 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController $ldap_ip = null; $ldap_fqdn = null; $ldap_server_ping = [ "status" => "failure"]; - if(isset($ldap_server) && !empty($ldap_server->host)) { - if(filter_var($ldap_server->host, FILTER_VALIDATE_IP)) { + if (isset($ldap_server) && !empty($ldap_server->host)) { + if (filter_var($ldap_server->host, FILTER_VALIDATE_IP)) { $ldap_ip = $ldap_server->host; - } - else { + } else { $ldap_fqdn = $ldap_server->host; } @@ -120,12 +144,12 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController $dns_server = array(); $nameservers = preg_grep('/^nameserver/', file('/etc/resolv.conf')); $dns_servers = array(); - foreach($nameservers as $key => $record) { + foreach ($nameservers as $key => $record) { $parts = explode(' ', $record); $dns_servers[] = trim($parts[1]); } $dns_server = [ "status" => count($dns_servers) ? "ok" : "failure"]; - if(!count($dns_servers)) { + if (!count($dns_servers)) { $dns_server["message"] = gettext("DNS server not found"); } $output = "# cat /etc/resolv.conf\n"; @@ -142,15 +166,14 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController $resolv_reverse = null; $dns_hostname_reverse_resolution = array(); $output = array(); - if(!empty($resolv_direct) && filter_var($resolv_direct, FILTER_VALIDATE_IP)) { + if (!empty($resolv_direct) && filter_var($resolv_direct, FILTER_VALIDATE_IP)) { $output[] = "# drill -x {$resolv_direct}"; exec("drill -x {$resolv_direct}", $output); $resolv_reverse = chop(shell_exec("drill -x {$resolv_direct} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'")); - if(strtolower($resolv_reverse) != strtolower("{$hostname}.")) { + if (strtolower($resolv_reverse) != strtolower("{$hostname}.")) { $dns_hostname_reverse_resolution["message"] = gettext("Hostname doesn't resolved to host IP."); } - } - else { + } else { $dns_hostname_reverse_resolution["message"] = gettext("Hostname doesn't resolved to IP."); } $dns_hostname_reverse_resolution["status"] = strtolower($resolv_reverse) == strtolower("{$hostname}.") ? "ok" : "failure"; @@ -160,18 +183,16 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController // DNS: LDAP server ldap_dns: $dns_ldap_reverse_resolution = array( "status" => "failure" ); - if(empty($ldap_ip)) { + if (empty($ldap_ip)) { $dns_ldap_reverse_resolution["message"] = gettext("Unknown LDAP server IP."); - } - else { + } else { $ldap_ip_esc = escapeshellarg($ldap_ip); $resolv_reverse = chop(shell_exec("drill -x {$ldap_ip_esc} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'")); - if(empty($resolv_reverse)) { + if (empty($resolv_reverse)) { $dns_ldap_reverse_resolution["message"] = gettext('LDAP server IP reverse lookup error. '); - }elseif (!empty($ldap_fqdn) && $resolv_reverse != "{$ldap_fqdn}.") { + } elseif (!empty($ldap_fqdn) && $resolv_reverse != "{$ldap_fqdn}.") { $dns_ldap_reverse_resolution["message"] = gettext('LDAP server reverse DNS lookup is not equal to LDAP server FQDN. '); - } - else { + } else { $dns_ldap_reverse_resolution["status"] = "ok"; $ldap_fqdn = substr($resolv_reverse, 0, strlen($resolv_reverse) - 1); } @@ -181,21 +202,18 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController } $dns_ldap_resolution = array( "status" => "failure" ); - if(empty($ldap_fqdn)) { + if (empty($ldap_fqdn)) { $dns_ldap_resolution["message"] = gettext('Unknown LDAP server FQDN.'); - } - else { + } else { $ldap_fqdn_esc = escapeshellarg($ldap_fqdn); $resolv = chop(shell_exec("drill {$ldap_fqdn_esc} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'")); - if(empty($resolv)) { + if (empty($resolv)) { $dns_ldap_resolution["message"] = gettext('LDAP server DNS lookup error. '); - } - elseif (!empty($ldap_ip) && $resolv != $ldap_ip) { + } elseif (!empty($ldap_ip) && $resolv != $ldap_ip) { $dns_ldap_resolution["message"] = gettext('LDAP server DNS lookup is not equal to LDAP IP. '); - } - else { + } else { $dns_ldap_resolution["status"] = "ok"; - if(empty($ldap_ip)) { + if (empty($ldap_ip)) { $ldap_ip = $resolv; goto ldap_dns; } @@ -210,10 +228,9 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController $krb5_conf = '/etc/krb5.conf'; $kerberos_config = array(); $kerberos_config["status"] = "failure"; - if(!file_exists($krb5_conf)) { + if (!file_exists($krb5_conf)) { $kerberos_config["message"] = sprintf(gettext('File %s does not exists.'), $krb5_conf); - } - else{ + } else { $domainstr = preg_quote($cnf->system->domain); $config_valid = preg_grep("/$domainstr/", file($krb5_conf)); $kerberos_config["status"] = file_exists($krb5_conf) && !empty($config_valid) ? "ok" : "failure"; @@ -228,18 +245,17 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController $keytab_file = '/usr/local/etc/squid/squid.keytab'; $keytab = array(); $keytab["status"] = file_exists($keytab_file) ? "ok" : "failure"; - if(!file_exists($keytab_file)) { + if (!file_exists($keytab_file)) { $keytab["message"] = sprintf(gettext('File %s does not exists.'), $keytab_file); } $keytab["dump"] = $backend->configdRun("proxysso showkeytab"); // and two more DNS check - if(!empty($ldap_ip) && !in_array($ldap_ip, $dns_servers)) { + if (!empty($ldap_ip) && !in_array($ldap_ip, $dns_servers)) { $dns_server["status"] = "failure"; $dns_server["message"] = gettext("LDAP server is not in DNS servers list."); - } - elseif(in_array("127.0.0.1", $dns_servers) || in_array("::1", $dns_servers)) { + } elseif (in_array("127.0.0.1", $dns_servers) || in_array("::1", $dns_servers)) { $dns_server["status"] = "failure"; $dns_server["message"] = gettext("Do not set localhost as DNS server."); } diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/SettingsController.php b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/SettingsController.php index 6dca042ba..3b77bbbeb 100644 --- a/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/SettingsController.php +++ b/www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/SettingsController.php @@ -1,31 +1,29 @@ view->pick('OPNsense/ProxySSO/index'); - $this->view->generalForm = $this->getForm("general"); - $this->view->testingCreateForm = $this->getForm("testing_create"); - $this->view->testingTestForm = $this->getForm("testing_test"); - $this->view->checkListForm = $this->getForm("checklist"); - } + public function indexAction() + { + $this->view->pick('OPNsense/ProxySSO/index'); + $this->view->generalForm = $this->getForm("general"); + $this->view->testingCreateForm = $this->getForm("testing_create"); + $this->view->testingTestForm = $this->getForm("testing_test"); + $this->view->checkListForm = $this->getForm("checklist"); + } } diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php index 5b09a8e49..6664e944d 100644 --- a/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php +++ b/www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php @@ -1,5 +1,31 @@ KerberosHostName == "") { - $hostname = (string)Config::getInstance()->object()->system->hostname; - $this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K'; - } - } + protected function init() + { + if ($this->KerberosHostName == "") { + $hostname = (string)Config::getInstance()->object()->system->hostname; + $this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K'; + } + } } diff --git a/www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/ProxySSO/index.volt b/www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/ProxySSO/index.volt index 62f3951d9..e2bf961b8 100644 --- a/www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/ProxySSO/index.volt +++ b/www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/ProxySSO/index.volt @@ -1,3 +1,29 @@ +{# + # Copyright (C) 2017 Smart-Soft + # All rights reserved. + # + # Redistribution and use in source and binary forms, with or without + # modification, are permitted provided that the following conditions are met: + # + # 1. Redistributions of source code must retain the above copyright notice, + # this list of conditions and the following disclaimer. + # + # 2. Redistributions in binary form must reproduce the above copyright + # notice, this list of conditions and the following disclaimer in the + # documentation and/or other materials provided with the distribution. + # + # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + # AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + # AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + # POSSIBILITY OF SUCH DAMAGE. + #} +