Commit d2bab9b8 authored by Rebecca Blundell's avatar Rebecca Blundell Committed by Robert Lyon
Browse files

Bug 1774106: Upgrade SAML for PHP 7.2

The issue is that assert() with a string arg is deprecated.
The patch that fixes this is currently a release candidate,
which I have installed here to see if the patch works.

Requiring people to use memcached, not memcache
Removed checks for mcrypt, no longer required

@TODO:
Replace RC version with release version when it comes out.

behatnotneeded

Change-Id: I111b8cedeb3847ce585ebac0eb576107542a93a2
parent 5e06efcb
......@@ -62,7 +62,7 @@ ifdef simplesamlphp
@echo "SimpleSAMLphp already exists - doing nothing"
else
@echo "Pulling SimpleSAMLphp from download ..."
@curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.15.1/simplesamlphp-1.15.1.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf - # SimpleSAMLPHP release tarball already has all composer dependencies.
@curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.16.1/simplesamlphp-1.16.1.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf - # SimpleSAMLPHP release tarball already has all composer dependencies.
@php external/composer.phar --working-dir=htdocs/auth/saml/extlib/simplesamlphp require predis/predis
@echo "Copying www/resources/* files to sp/resources/ ..."
@cp -R htdocs/auth/saml/extlib/simplesamlphp/www/resources/ htdocs/auth/saml/sp/
......
......@@ -59,9 +59,15 @@ if (empty(get_config('ssphpsessionhandler'))) {
}
else {
$sessionhandler = get_config('ssphpsessionhandler');
$method = 'get_' . $sessionhandler . '_config';
if (method_exists('PluginAuthSaml', $method)) {
${$sessionhandler . "_config"} = call_static_method('PluginAuthSaml', $method);
if ($sessionhandler == 'memcached') {
$sessionhandler = 'memcache'; // set it to 'memcache' for correct store.type later
$memcache_config = PluginAuthSaml::get_memcache_servers();
}
else {
$method = 'get_' . $sessionhandler . '_config';
if (method_exists('PluginAuthSaml', $method)) {
${$sessionhandler . "_config"} = call_static_method('PluginAuthSaml', $method);
}
}
}
......
......@@ -38,6 +38,9 @@ function xmldb_auth_saml_upgrade($oldversion=0) {
// Set library version to download
set_config_plugin('auth', 'saml', 'version', '1.15.1');
}
if ($oldversion < 2018080300) {
set_config_plugin('auth', 'saml', 'version', '1.16.1');
}
return $status;
}
......@@ -47,9 +47,6 @@ PluginAuthSaml::init_simplesamlphp();
// Check the SimpleSAMLphp config is compatible
$saml_config = SimpleSAML_Configuration::getInstance();
$session_handler = $saml_config->getString('session.handler', false);
if ($session_handler == 'memcache' && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt','auth.saml'));
}
$store_type = $saml_config->getString('store.type', false);
if ($store_type == 'phpsession' || $session_handler == 'phpsession' || (empty($store_type) && empty($session_handler))) {
throw new AuthInstanceException(get_string('errorbadssphp', 'auth.saml'));
......
......@@ -34,8 +34,6 @@ $string['errnosamluser'] = 'No user found';
$string['errorssphpsetup'] = 'SAML is not set up correctly. You Need to run "make ssphp" from the commandline first.';
$string['errorbadlib'] = 'The SimpleSAMLPHP library\'s "autoloader" file was not found at %s.<br>Make sure you install SimpleSAMLphp via "make ssphp" and the file is readable.';
$string['errorupdatelib'] = 'Your current SimpleSAMLPHP library version is out of date. You need to run "make cleanssphp && make ssphp".';
$string['errornomcrypt'] = 'The PHP library "mcrypt" must be installed for auth/saml. Make sure you install and activate mcrypt, e.g.:<br>sudo apt-get install php5-mcrypt<br>sudo php5enmod mcrypt<br>Then restart your web server.';
$string['errornomcrypt7php'] = 'The PHP library "mcrypt" must be installed for auth/saml. Make sure you install and activate mcrypt, e.g.:<br>sudo apt-get install php7.0-mcrypt<br>sudo phpenmod mcrypt<br>Then restart your web server.';
$string['errornovalidsessionhandler'] = 'The SimpleSAMLphp session handler is misconfigured or the server is currently unavailable.';
$string['errornomemcache'] = 'Memcache is misconfigured for auth/saml or a Memcache server is currently unavailable.';
$string['errornomemcache7php'] = 'Memcache is misconfigured for auth/saml or a Memcache server is currently unavailable.';
......
......@@ -393,7 +393,7 @@ class PluginAuthSaml extends PluginAuth {
public static function install_auth_default() {
// Set library version to download
set_config_plugin('auth', 'saml', 'version', '1.15.1');
set_config_plugin('auth', 'saml', 'version', '1.16.1');
}
private static function create_certificates($numberofdays = 3650) {
......@@ -599,10 +599,6 @@ class PluginAuthSaml extends PluginAuth {
// check extensions are loaded
$libchecks = '';
// Make sure mcrypt exists
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
$libchecks .= '<li>' . get_string_php_version('errornomcrypt', 'auth.saml') . '</li>';
}
// Make sure the simplesamlphp files have been installed via 'make ssphp'
if (!self::is_simplesamlphp_installed()) {
$libchecks .= '<li>' . get_string('errorbadlib', 'auth.saml', get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php') . '</li>';
......@@ -793,30 +789,38 @@ class PluginAuthSaml extends PluginAuth {
if (!self::is_simplesamlphp_installed()) {
return false;
}
$ishandler = false;
if (get_config('ssphpsessionhandler') == 'memcached' && self::is_memcache_configured()) {
return true;
}
if (get_config('ssphpsessionhandler') == 'redis' && self::is_redis_configured()) {
return true;
}
if (get_config('ssphpsessionhandler') == 'sql' && self::is_sql_configured()) {
return true;
}
if (empty(get_config('ssphpsessionhandler'))) {
// Check Redis
$ishandler = self::is_redis_configured();
// And check Memcache if no Redis
$ishandler = $ishandler ? $ishandler : self::is_memcache_configured();
// And check Sql if no Memcache
$ishandler = $ishandler ? $ishandler : self::is_sql_configured();
return $ishandler;
switch (get_config('ssphpsessionhandler')) {
case 'memcache':
//make people use memcached, not memcache
throw new ConfigSanityException(get_string('memcacheusememcached', 'error'));
break;
case 'memcached':
if (self::is_memcache_configured()) {
$ishandler = true;
break;
}
case 'redis':
if (self::is_redis_configured()) {
$ishandler = true;
break;
}
case 'sql':
if (self::is_sql_configured()) {
$ishandler = true;
break;
}
default:
// Check Redis
$ishandler = self::is_redis_configured();
// And check Memcache if no Redis
$ishandler = $ishandler ? $ishandler : self::is_memcache_configured();
// And check Sql if no Memcache
$ishandler = $ishandler ? $ishandler : self::is_sql_configured();
}
return false;
return $ishandler;
}
public static function is_simplesamlphp_installed() {
......@@ -838,16 +842,19 @@ class PluginAuthSaml extends PluginAuth {
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
}
public static function is_memcache_configured() {
$is_configured = false;
if (extension_loaded('memcache')) {
if (extension_loaded('memcached')) {
foreach (self::get_memcache_servers() as $server) {
$memcache = new Memcache;
$memcached = new Memcached;
if (!empty($server['hostname']) && !empty($server['port'])) {
if ($memcache->connect($server['hostname'], $server['port'])) {
$memcached->addServer($server['hostname'], $server['port']);
// addServer doesn't make a connection to the server
// but if the server is added, but not running pid will be -1
$server_stats = $memcached->getStats();
if ($server_stats[$server['hostname'] . ":" . $server['port']]['pid'] > 0) {
$is_configured = true;
break;
}
......
......@@ -40,10 +40,6 @@ if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt', 'auth.saml'));
}
PluginAuthSaml::init_simplesamlphp();
require('../extlib/simplesamlphp/modules/saml/www/disco.php');
......@@ -42,10 +42,6 @@ if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt', 'auth.saml'));
}
PluginAuthSaml::init_simplesamlphp();
$config = SimpleSAML_Configuration::getInstance();
......
......@@ -40,10 +40,6 @@ if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt', 'auth.saml'));
}
PluginAuthSaml::init_simplesamlphp();
require('../extlib/simplesamlphp/modules/saml/www/sp/saml1-acs.php');
......@@ -40,10 +40,6 @@ if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt', 'auth.saml'));
}
PluginAuthSaml::init_simplesamlphp();
require('../extlib/simplesamlphp/modules/saml/www/sp/saml2-acs.php');
......@@ -40,10 +40,6 @@ if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (get_config('memcacheservers') && !extension_loaded('mcrypt')) {
throw new AuthInstanceException(get_string_php_version('errornomcrypt', 'auth.saml'));
}
PluginAuthSaml::init_simplesamlphp();
// Bug #1693426: destroy mahara session when Single Logout is initiated by IdP
......
......@@ -11,8 +11,8 @@
defined('INTERNAL') || die();
$config = new stdClass();
$config->version = 2018030800;
$config->release = '1.3.0';
$config->version = 2018080300;
$config->release = '1.4.0';
$config->name = 'saml';
$config->requires_config = 1;
$config->requires_parent = 0;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment