diff --git a/user_saml_shibboleth-php7/Dockerfile b/user_saml_shibboleth-php7/Dockerfile deleted file mode 100755 index 2a4bd7be..00000000 --- a/user_saml_shibboleth-php7/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -FROM unicon/shibboleth-idp:3.2.0 -MAINTAINER lukas@statuscode.ch - -# Add Shibboleth config stuff -ADD shibboleth/ /opt/shibboleth-idp/ - -# Install the LDAP server -RUN yum install -y https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm -RUN yum install -y --enablerepo=centosplus 389-ds -RUN rm -fr /var/lock /usr/lib/systemd/system -ADD ldap/ds-setup.inf /ds-setup.inf -ADD ldap/users.ldif /users.ldif -ADD ldap/nextcloud.ldif /nextcloud.ldif -RUN sed -i 's/checkHostname {/checkHostname {\nreturn();/g' /usr/lib64/dirsrv/perl/DSUtil.pm -RUN sed -i 's/updateSelinuxPolicy($inf);//g' /usr/lib64/dirsrv/perl/* -ADD ldap/DSCreate.pm /usr/lib64/dirsrv/perl/DSCreate.pm -ADD ldap/AdminServer.pm /usr/lib64/dirsrv/perl/AdminServer.pm -RUN setup-ds-admin.pl --silent --file /ds-setup.inf -RUN /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 3 && ldapmodify -H ldap:/// -f nextcloud.ldif -x -D "cn=Directory Manager" -w password && ldapadd -H ldap:/// -f users.ldif -x -D "cn=Directory Manager" -w password -RUN rm /*.ldif - -# Install Apache and PHP 7.0 for Nextcloud -RUN yum -y install centos-release-scl -RUN yum -y install rh-php70 rh-php70-php rh-php70-php-gd rh-php70-php-mbstring rh-php70-php-sqlite httpd git rh-php70-mcrypt rh-php70-php-pdo sudo -RUN scl enable rh-php70 bash -RUN yum -y install centos-release-scl -RUN yum -y install sclo-php70-php-mcrypt.x86_64 -RUN chmod -R 777 /opt/ -RUN rm -f /etc/httpd/conf.d/nss.conf -ADD apache/httpd.conf /etc/httpd/conf/httpd.conf - -# Add the startup file -ADD start.sh /start.sh -RUN chmod a+x /start.sh diff --git a/user_saml_shibboleth-php7/apache/httpd.conf b/user_saml_shibboleth-php7/apache/httpd.conf deleted file mode 100644 index 4d4e064d..00000000 --- a/user_saml_shibboleth-php7/apache/httpd.conf +++ /dev/null @@ -1,359 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -Include conf.modules.d/*.conf - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User apache -Group apache - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Relax access to content within /var/www. -# - - AllowOverride All - # Allow open access: - Require all granted - - -# Further relax access to the default document root: - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "logs/error_log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog "logs/access_log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride All - Options None - Require all granted - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - - - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic - - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf -LoadModule php7_module /opt/rh/httpd24/root/usr/lib64/httpd/modules/librh-php70-php7.so -LoadModule env_module modules/mod_env.so - - -SetHandler application/x-httpd-php - diff --git a/user_saml_shibboleth-php7/ldap/AdminServer.pm b/user_saml_shibboleth-php7/ldap/AdminServer.pm deleted file mode 100644 index e17fa55c..00000000 --- a/user_saml_shibboleth-php7/ldap/AdminServer.pm +++ /dev/null @@ -1,953 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# This Program is free software; you can redistribute it and/or modify it under -# the terms of the GNU General Public License as published by the Free Software -# Foundation; version 2 of the License. -# -# This Program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple -# Place, Suite 330, Boston, MA 02111-1307 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# - -package AdminServer; -require Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(createAdminServer reconfigAdminServer - createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles - startAdminServer stopAdminServer removeAdminServer setDefaults - updateSelinuxPolicy); -@EXPORT_OK = qw(createAdminServer reconfigAdminServer - createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles - startAdminServer stopAdminServer removeAdminServer setDefaults - updateSelinuxPolicy); - -use File::Path; -use File::Copy; -use File::Basename; -use File::Temp; - -my $template_backup_dir = "tmpdirXXXX"; -my $secfile_backup_dir = ""; - -# tempfiles -use File::Temp qw(tempfile tempdir); - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_url_parse); -use Mozilla::LDAP::LDIF; - -use DSUtil; -use Inf; -use Setup; -use AdminUtil; - -sub setDefaults { - my $setup = shift; - - if (!defined($setup->{inf}->{admin}->{ServerIpAddress})) { - $setup->{inf}->{admin}->{ServerIpAddress} = '0.0.0.0'; - } - if (!defined($setup->{inf}->{admin}->{Port})) { - $setup->{inf}->{admin}->{Port} = 9830; - } - if (!defined($setup->{inf}->{admin}->{SysUser})) { - my $user = $setup->{inf}->{General}->{SuiteSpotUserID}; - if (!defined($user)) { - if ($> == 0) { # if root, use the default user - $user = "nobody"; - } else { # if not root, use the user's uid - $user = getLogin; - } - } - $setup->{inf}->{admin}->{SysUser} = $user; - } - if (!defined($setup->{inf}->{admin}->{ServerAdminID})) { - my $id = $setup->{inf}->{General}->{ConfigDirectoryAdminID}; - if (isValidDN($id)) { - $id =~ s/^(.*)=.*/$1/; - } - $setup->{inf}->{admin}->{ServerAdminID} = $id; - } - if (!defined($setup->{inf}->{admin}->{ServerAdminPwd})) { - my $pwd = $setup->{inf}->{General}->{ConfigDirectoryAdminPwd}; - $setup->{inf}->{admin}->{ServerAdminPwd} = $pwd; - } - - return 1; -} - -sub checkRequiredParameters { - my $setup = shift; - for my $asparam (qw(ServerIpAddress Port SysUser ServerAdminID ServerAdminPwd)) { - if (!defined($setup->{inf}->{admin}->{$asparam})) { - $setup->msg($FATAL, "missing_adminserver_param", $asparam); - return 0; - } - } - - for my $general (qw(AdminDomain SuiteSpotUserID SuiteSpotGroup ConfigDirectoryLdapURL)) { - if (!defined($setup->{inf}->{General}->{$general})) { - $setup->msg($FATAL, "missing_general_param", $general); - return 0; - } - } - - return 1; -} - -sub usingSELinux { - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - - if ((getLogin() eq 'root') and "yes" and -f "/usr/sbin/sestatus" and - !system ("/usr/sbin/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) { - # We are using SELinux - return 1; - } - return 0; -} - -sub setFileOwnerPerms { - my $setup = shift; - my $configdir = shift; - my $admConf = getAdmConf($configdir); - my $uid = getpwnam $admConf->{sysuser}; - - # chown the config directory - $! = 0; # clear errno - chown $uid, -1, $configdir; - if ($!) { - $setup->msg($FATAL, 'error_chowning_file', $configdir, - $admConf->{sysuser}, $!); - return 0; - } - - # chown and chmod other files appropriately - for (glob("$configdir/*")) { - # these are owned by root - next if (/httpd.conf$/); - next if (/nss.conf$/); - next if (/admserv.conf$/); - next if (! -f $_); # should never happen - # all other files should be owned by SysUser - $! = 0; # clear errno - chown $uid, -1, $_; - if ($!) { - $setup->msg($FATAL, 'error_chowning_file', $_, - $admConf->{sysuser}, $!); - return 0; - } - # the files should be writable - $! = 0; # clear errno - chmod 0600, $_; - if ($!) { - $setup->msg($FATAL, 'error_chmoding_file', $_, $!); - return 0; - } - } - - return 1; -} - -sub createASFilesAndDirs { - my $setup = shift; - my $configdir = shift; - my $securitydir = shift; - my $logdir = shift; - my $rundir = shift; - - my $uid = getpwnam $setup->{inf}->{admin}->{SysUser}; - my $gid = getgrnam $setup->{inf}->{General}->{SuiteSpotGroup}; - - $setup->msg('create_adminserver_filesdirs'); - - # these paths are owned exclusively by admin sever - my @errs; - for ($configdir, $securitydir, $logdir) { - @errs = makePaths($_, 0700, $setup->{inf}->{admin}->{SysUser}, - $setup->{inf}->{General}->{SuiteSpotGroup}); - if (@errs) { - $setup->msg($FATAL, @errs); - return 0; - } - $! = 0; # clear errno - chmod 0700, $_; - if ($!) { - $setup->msg($FATAL, 'error_chmoding_directory', $_, $!); - return 0; - } - chown $uid, -1, $_; - if ($!) { - $setup->msg($FATAL, 'error_chowning_directory', $_, - $setup->{inf}->{admin}->{SysUser}, $!); - return 0; - } - } - - # these paths are shared by SuiteSpotGroup members - @errs = makePaths($rundir, 0770, $setup->{inf}->{admin}->{SysUser}, - $setup->{inf}->{General}->{SuiteSpotGroup}); - if (@errs) { - $setup->msg($FATAL, @errs); - return 0; - } - $! = 0; # clear errno - chmod 0770, $rundir; - if ($!) { - $setup->msg($FATAL, 'error_chmoding_directory', $rundir, $!); - return 0; - } - chown -1, $gid, $rundir; - if ($!) { - $setup->msg($FATAL, 'error_chgrping_directory', $rundir, - $setup->{inf}->{General}->{SuiteSpotGroup}, $!); - return 0; - } - - return 1; -} - -sub makeConfFiles { - my $setup = shift; - my $configdir = shift; - - my @start_slapd; - if ($setup->{inf}->{slapd}->{SlapdConfigForMC} =~ /yes/i) { - my $sbindir = $setup->{inf}->{slapd}->{sbindir}; - my $inst_name = $setup->{inf}->{slapd}->{ServerIdentifier}; - @start_slapd = ('ldapStart', "$sbindir/start-dirsrv $inst_name"); - } - $setup->msg('updating_admconf'); - my $rc = updateAdmConf({ldapurl => $setup->{inf}->{General}->{ConfigDirectoryLdapURL}, - SuiteSpotUserID => $setup->{inf}->{General}->{SuiteSpotUserID}, - SuiteSpotGroup => $setup->{inf}->{General}->{SuiteSpotGroup}, - sysuser => $setup->{inf}->{admin}->{SysUser}, - sysgroup => $setup->{inf}->{General}->{SuiteSpotGroup}, - AdminDomain => $setup->{inf}->{General}->{AdminDomain}, - @start_slapd}, - $configdir); - if (!$rc) { - $setup->msg($FATAL, 'error_updating_admconf', $!); - return 0; - } - - $setup->msg('updating_admpw'); - $rc = updateAdmpw($setup->{inf}->{admin}->{ServerAdminID}, - $setup->{inf}->{admin}->{ServerAdminPwd}, - $configdir); - if (!$rc) { - $setup->msg($FATAL, 'error_updating_admpw'); - return 0; - } - - return 1; -} - -# sub addDefaultSecurityInfo { -# my $setup = shift; -# my $inf = $setup->{inf}; -# my $configdir = shift; -# my $reconfig = shift; -# my @errs; - -# my $admConf = getAdmConf($configdir); -# my $localconf = "$configdir/local.conf"; -# if (!open(LOCALCONF, ">$localconf")) { -# $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!); -# return 0; -# } - -# if (!open(CONSOLECONF, "$admConf->{configdir}/console.conf")) { -# debug(0, "Error opening $admConf->{configdir}/console.conf: $!"); -# return 0; -# } - -# print LOCALCONF "configuration.Encryption\n"; - -# close(LOCALCONF); -# return 1; -# } - -# This is how we extract the sie and isie as the as entries are -# being added -sub registercb { - my ($context, $entry, $errs) = @_; - - my $rc = check_and_add_entry([$context->{conn}], $entry, $errs); - my $setup = $context->{setup}; - if ($rc) { - if ($entry->hasValue('objectclass', 'nsApplication', 1)) { - $context->{isie} = $entry->getDN(); - } elsif ($entry->hasValue('objectclass', 'nsAdminServer', 1)) { - $context->{sie} = $entry->getDN(); - } - - if ($context->{sie}) { - $rc = updateLocalConf($entry, $context->{sie}, $context->{localfh}); - if (!$rc) { - $setup->msg($FATAL, 'error_updating_localconf_entry', $entry->getDN()); - } - } - } else { - $setup->msg(@{$errs}); - $setup->msg($FATAL, 'error_adding_adminserver_config_entry', $entry->getDN()); - } - - return $rc; -} - -sub registerASWithConfigDS { - my $setup = shift; - my $inf = $setup->{inf}; - my $configdir = shift; - my @errs; - - $setup->msg('registering_adminserver'); - # open a connection to the configuration directory server - my $conn = getConfigDSConn($inf->{General}->{ConfigDirectoryLdapURL}, - $inf->{General}->{ConfigDirectoryAdminID}, - $inf->{General}->{ConfigDirectoryAdminPwd}, - $configdir, \@errs); - - if (@errs) { - $setup->msg($FATAL, @errs); - return 0; - } - - # add the Admin Server configuration entries - my @ldiffiles = ("/usr/share/dirsrv/data/20asdata.ldif.tmpl", - "/usr/share/dirsrv/data/21astasks.ldif.tmpl", - "/usr/share/dirsrv/data/22ascommands.ldif.tmpl" - ); - my @infs = getInfs("admin", "setup"); - my $mapper = new Inf("/usr/share/dirsrv/inf/adminserver.map"); - - $mapper = process_maptbl($mapper, \@errs, $inf, @infs); - if (!$mapper or @errs) { - $conn->close(); - $setup->msg(@errs); - $setup->msg($FATAL, 'error_creating_adminserver_maptbl'); - return 0; - } - - # context will get filled in with isie and sie in registercb - my $localconf = "$configdir/local.conf"; - my $isnew; - if (! -f $localconf) { - $isnew = 1; - } - if (!open(LOCALCONF, ">$localconf")) { - $setup->msg($FATAL, 'error_updating_localconf', $localconf, $!); - return 0; - } - my $context = {conn => $conn, localfh => \*LOCALCONF, setup => $setup}; - getMappedEntries($mapper, \@ldiffiles, \@errs, \®istercb, $context); - close(LOCALCONF); - - if ($isnew) { - my $admConf = getAdmConf($configdir); - my $uid = getpwnam $admConf->{sysuser}; - chmod 0600, "$localconf"; - chown $uid, -1, "$localconf"; - } - - $setup->msg('updating_admconf_configds'); - if ($context->{sie} or $context->{isie}) { - if (!updateAdmConf({sie => $context->{sie}, - isie => $context->{isie}, - userdn => $conn->{adminbinddn}}, - $configdir)) { - $setup->msg($FATAL, 'error_updating_admconf', $!); - return 0; - } - } - - $conn->close(); - return @errs ? 0 : 1; -} - -my @saveconffiles = qw(admserv.conf httpd.conf nss.conf console.conf); -my @savesecfiles = qw(cert8.db key3.db secmod.db password.conf); -my @reconfigsavefiles = qw (httpd.conf nss.conf cert8.db key3.db secmod.db password.conf); - -# update other config files - these are the fields which users typically want to -# change during an install or an upgrade, that also must be synced to the Apache -# style config files - we use the config CGI in command line mode because it -# already has all of the logic to update the files correctly -sub updateHttpConfFiles { - my $serverAddress = shift; - my $port = shift; - my $configdir = shift; - my $origport = shift; - my $admConf = getAdmConf($configdir); - my $user = $admConf->{sysuser}; - - # this is required on some platforms in order to execute the config command - my $savepath = $ENV{SHLIB_PATH} || $ENV{LD_LIBRARY_PATH}; - $ENV{LD_LIBRARY_PATH} = ""; - libpath_add("/usr/lib64"); - libpath_add("$savepath"); - $ENV{SHLIB_PATH} = $ENV{LD_LIBRARY_PATH}; - - if (! -d "$admConf->{configdir}/bakup") { - if (system ("mkdir -p $admConf->{configdir}/bakup")) { - debug(0, "Error backing up $admConf->{configdir}/console.conf failed: $!"); - } - } - # backup the savefiles for "remove-ds-admin.pl -a" - foreach my $savefile (@saveconffiles, @savesecfiles) { - if (! -f "$admConf->{configdir}/bakup/$savefile") { - if (-e "$admConf->{configdir}/$savefile"){ - if(system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) { - debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!\n"); - } - } - } - } - - my $cmd = "/usr/lib64/dirsrv/cgi-bin/config op=set configuration.nsSuiteSpotUser=\"$user\""; - if (!defined($origport) or ($port != $origport)) { # need to change the port number - $cmd .= " configuration.nsServerPort=\"$port\""; - } - if ($serverAddress) { - $cmd .= " configuration.nsServerAddress=\"$serverAddress\""; - } - debug(1, "Running $cmd ..."); - $? = 0; # clear error - my $output = `$cmd 2>&1`; - # Check the output of the config CGI to see if something bad happened. - if ($? || $output =~ /NMC_Status: 1/) { - debug(0, "Error updating console.conf:\n"); - debug(0, $output); - $ENV{LD_LIBRARY_PATH} = $savepath; - $ENV{SHLIB_PATH} = $savepath; - return 0; - } - - debug(1, $output); - $ENV{LD_LIBRARY_PATH} = $savepath; - $ENV{SHLIB_PATH} = $savepath; - - # update Group in console.conf - if ($admConf->{sysgroup}) { - if (!open(CONSOLECONF, "$admConf->{configdir}/console.conf")) { - debug(0, "Error opening $admConf->{configdir}/console.conf: $!"); - return 0; - } - my @contents = ; - close (CONSOLECONF); - grep { s/^Group.*$/Group $admConf->{sysgroup}/ } @contents; - if (!open(CONSOLECONF, ">$admConf->{configdir}/console.conf")) { - debug(0, "Error writing new group $admConf->{sysgroup} to $admConf->{configdir}/console.conf: $!"); - return 0; - } - print CONSOLECONF @contents; - close (CONSOLECONF); - } - - return 1; -} - -sub startAdminServer { - return 1; - my $setup = shift; - my $configdir = shift; - my $logdir = shift; - my $rundir = shift; - my $isrunning; - - $pidfile = "$rundir/admin-serv.pid"; - if (-f $pidfile) { - open(PIDFILE, $pidfile); - my $pid = ; - close(PIDFILE); - if (kill 0, $pid) { - $isrunning = 1; - } - } - - my ($fh, $filename) = tempfile("asstartupXXXXXX", UNLINK => 1, - SUFFIX => ".log", DIR => File::Spec->tmpdir); - close($fh); - my $rc; - my $selinux_cmd = ""; - - # If we're using selinux, start the server with the proper context - # to allow the process to transition to the proper domain. - if (usingSELinux()) { - $selinux_cmd = "runcon -u system_u -r system_r -t initrc_t"; - } - - if ($isrunning) { - $setup->msg('restarting_adminserver'); - if ("") { - $rc = system("service dirsrv-admin restart > $filename 2>&1"); - } elsif ("/usr/lib/systemd/system") { - $rc = system("/bin/systemctl restart dirsrv-admin.service > $filename 2>&1"); - } else { - $rc = system("$selinux_cmd /usr/sbin/restart-ds-admin > $filename 2>&1"); - } - } else { - $setup->msg('starting_adminserver'); - if ("") { - $rc = system("service dirsrv-admin start > $filename 2>&1"); - } elsif ("/usr/lib/systemd/system") { - $rc = system("/bin/systemctl start dirsrv-admin.service > $filename 2>&1"); - } else { - $rc = system("$selinux_cmd /usr/sbin/start-ds-admin > $filename 2>&1"); - } - } - - open(STARTLOG, "$filename"); - while () { - $setup->msg('adminserver_startup_output', $_); - } - close(STARTLOG); - unlink($filename); - - if ($rc) { - $setup->msg($FATAL, 'error_starting_adminserver', $rc); - return 0; - } - - $setup->msg('success_starting_adminserver'); - return 1; -} - -sub reconfig_backup_secfiles -{ - # - # Backup the security files, because when we reconfigure the admin - # server it overwrites these files and breaks SSL. - # - my $configdir = shift; - - my $dirname = dirname $configdir; - my $my_template_backup_dir = $dirname . "/" . $template_backup_dir; - $secfile_backup_dir = mkdtemp($my_template_backup_dir); - if ( ! -d $secfile_backup_dir){ - $setup->msg($FATAL, 'error_creating_secfile_backup', $secfile_backup_dir, $!); - return 0; - } - foreach my $savefile (@reconfigsavefiles) { - if ( -e "$configdir/$savefile"){ - # To keep the ownership and modes, use move for backup. - move ("$configdir/$savefile", "$secfile_backup_dir/$savefile"); - debug(1, "Backing up $configdir/$savefile to $secfile_backup_dir/$savefile\n"); - if (! -e "$secfile_backup_dir/$savefile"){ - debug(0, "Backup file $secfile_backup_dir/$savefile not found, error $!\n"); - } - } - } - return 1; -} - -sub reconfig_restore_secfiles -{ - # - # Restore security files - # - my $configdir = shift; - - if ( ! -d $secfile_backup_dir){ - $setup->msg($FATAL, 'error_accessing_secfile_backup', $secfile_backup_dir); - return 0; - } - foreach my $savefile (@reconfigsavefiles) { - move ("$secfile_backup_dir/$savefile" ,"$configdir/$savefile"); - debug(1, "Restoring $configdir/$savefile with $secfile_backup_dir/$savefile\n"); - } - rmdir ($secfile_backup_dir); - return 1; -} - -sub createAdminServer { - my $setup = shift; - my $reconfig = shift; - # setup has inf, res, and log - - if (!setDefaults($setup)) { - return 0; - } - - if (!checkRequiredParameters($setup)) { - return 0; - } - - my $configdir = $setup->{inf}->{admin}->{config_dir} || - $ENV{ADMSERV_CONF_DIR} || - $setup->{configdir} . "/admin-serv"; - - my $securitydir = $setup->{inf}->{admin}->{security_dir} || - $configdir; - - my $logdir = $setup->{inf}->{admin}->{log_dir} || - $ENV{ADMSERV_LOG_DIR} || - "/var/log/dirsrv/admin-serv"; - - my $rundir = $setup->{inf}->{admin}->{run_dir} || - $ENV{ADMSERV_PID_DIR} || - "/var/run/dirsrv"; - - if ($reconfig) { - $setup->msg('begin_reconfig_adminserver'); - if (!reconfig_backup_secfiles($configdir)) { - foreach my $savefile (@reconfigsavefiles) { - if (-e "$secfile_backup_dir/$savefile") { - move ("$secfile_backup_dir/$savefile" ,"$configdir/$savefile"); - debug(1, "Restoring $configdir/$savefile with $secfile_backup_dir/$savefile\n"); - } - } - return 0; - } - } else { - $setup->msg('begin_create_adminserver'); - } - - # if we're just doing the update, just register and return - if ($setup->{update}) { - if (!registerASWithConfigDS($setup, $configdir)) { - return 0; - } - - # Update SELinux policy if needed - updateSelinuxPolicy($setup, $configdir, $securitydir, $logdir, $rundir); - - # Restore the security files before we start the server - if ($reconfig) { - if (!reconfig_restore_secfiles($configdir)) { - return 0; - } - } - - return 1; - } - - if (!createASFilesAndDirs($setup, $configdir, $securitydir, $logdir, $rundir)) { - return 0; - } - - if (!makeConfFiles($setup, $configdir)) { - return 0; - } - - if (!registerASWithConfigDS($setup, $configdir)) { - return 0; - } - - $setup->msg('updating_httpconf'); - if (!updateHttpConfFiles($setup->{inf}->{admin}->{ServerIpAddress}, - $setup->{inf}->{admin}->{Port}, - $configdir, $setup->{asorigport})) { - $setup->msg($FATAL, 'error_updating_httpconf'); - return 0; - } - - if (!setFileOwnerPerms($setup, $configdir)) { - return 0; - } - - # Update SELinux policy if needed - updateSelinuxPolicy($setup, $configdir, $securitydir, $logdir, $rundir); - - # Restore the security files before we start the server - if ($reconfig) { - if (!reconfig_restore_secfiles($configdir)) { - return 0; - } - } - - if (!startAdminServer($setup, $configdir, $logdir, $rundir)) { - return 0; - } - - # Force to make log files owned by admin user and group - # to maintain consistency with the log files created via CGI/Console - my $uid = getpwnam $setup->{inf}->{admin}->{SysUser}; - my $gid = getgrnam $setup->{inf}->{General}->{SuiteSpotGroup}; - # chown log files appropriately - for (glob("$logdir/*")) { - $! = 0; # clear errno - debug(1, "Changing the owner of $_ to \($uid, $gid\)\n"); - chown $uid, $gid, $_; - if ($!) { - $setup->msg($FATAL, 'error_chowning_file', $_, - $admConf->{sysuser}, $!); - return 0; - } - } - - if ($reconfig) { - $setup->msg('end_reconfig_adminserver'); - } else { - $setup->msg('end_create_adminserver'); - } - return 1; -} - -sub reconfigAdminServer { - my $setup = shift; - return createAdminServer($setup, 1); -} - -sub stopAdminServer { - my $prog = "/usr/sbin/stop-ds-admin"; - if ("") { - $prog = "service dirsrv-admin stop"; - } elsif ("/usr/lib/systemd/system") { - $prog = "/bin/systemctl stop dirsrv-admin.service"; - } elsif (! -x $prog) { - debug(1, "stopping admin server: no such program $prog: cannot stop server\n"); - return 0; - } - $? = 0; - # run the stop command - my $output = `$prog 2>&1`; - my $status = $?; - debug(3, "stopping admin server returns status $status: output $output\n"); - if ($status) { - # Ignore the stop failure - debug(1,"Warning: Could not stop admin server: status $status: output $output\n"); - return 1; - } - - debug(1, "Successfully stopped admin server\n"); - return 1; -} - -sub removeAdminServer { - my $baseconfigdir = shift; - my $force = shift; - my $all = shift; - if (!stopAdminServer()) { - if ($force) { - debug(1, "Warning: Could not stop admin server - forcing continue\n"); - } else { - debug(1, "Error: Could not stop admin server - aborting - use -f flag to force removal\n"); - return ( [ 'error_stopping_adminserver', $! ] ); - } - } - - my $configdir = $ENV{ADMSERV_CONF_DIR} || $baseconfigdir . "/admin-serv"; - - my $securitydir = $configdir; - - my $logdir = $ENV{ADMSERV_LOG_DIR} || "/var/log/dirsrv/admin-serv"; - - my $rundir = $ENV{ADMSERV_PID_DIR} || "/var/run/dirsrv"; - - # Need to unlabel the port if we're using SELinux. - if (usingSELinux()) { - my $port; - - # Read the console.conf file to find the port number. - if (!open(CONSOLECONF, "$configdir/console.conf")) { - if ($force) { - debug(1, "Warning: Could not open $configdir/console.conf: $!"); - } else { - debug(1, "Error: Could not open $configdir/console.conf: $!"); - return( [ 'error_reading_conffile', "$configdir/console.conf", $! ] ); - } - } else { - # Find the Listen directive and read the port number. - while () { - if (/^Listen /g) { - # The port is after the last ':' - my @listenline = split(/:/); - $port = $listenline[-1]; - } - } - close(CONSOLECONF); - } - - if (!$port) { - if ($force) { - debug(1, "Warning: Could not determine port number - forcing continue\n"); - debug(1, "Warning: Port not removed from selinux policy correctly. Remove label manually using semanage.\n"); - } else { - debug(1, "Error: Could not determine port number - aborting - use -f flag to force removal\n"); - return ( [ 'error_reading_port' ] ); - } - } else { - # Attempt to remove the http_port_t label from the port used by Admin Server. - my $semanage_err = `semanage port -d -t http_port_t -p tcp $port 2>&1`; - if ($? != 0) { - if ($semanage_err !~ /defined in policy, cannot be deleted/) { - debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n"); - if (!$force) { - return( [ 'error_removing_port_label', $port, $semanage_err ] ); - } - } - } - } - - # turn off the switch to allow admin server to connect to the ldap port - $? = 0; # clear error - - my $cmd = "getsebool httpd_can_connect_ldap"; - my $output = `$cmd 2>&1`; - chomp($output); - if ($output =~ /Error getting active value for httpd_can_connect_ldap/) { - # this version of selinux does not support the boolean value - debug(1, "This version of selinux does not support httpd_can_connect_ldap\n"); - } elsif ($?) { - $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); - } elsif ($output =~ /on$/) { - $cmd = "setsebool -P httpd_can_connect_ldap off"; - $? = 0; # clear error - $output = `$cmd 2>&1`; - chomp($output); - if ($?) { - $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); - } else { - debug(1, "$cmd was successful\n"); - } - } else { - debug(1, "selinux boolean httpd_can_connect_ldap is already off - $output\n"); - } - } - - # remove admin server files in $rundir - my $file; - for $file (glob("$rundir/admin-serv.*")) { - unlink($file); - } - - # remove admin server log dir - if ($logdir =~ /admin-serv/) { # make sure directory has admin-serv in it somewhere - if (!rmtree($logdir)) { - debug(1, "Warning: Could not remove directory $logdir: $!\n"); - if (!$force) { - return ( [ 'error_removing_path', $logdir, $! ] ); - } - } - } - - # remove config files - my @savefiles = (@savesecfiles, @saveconffiles); # save security and conf files by default - if ($all) { - @savefiles = @saveconffiles; # $all means remove everything, except the files in rpm. - } - if (opendir(CONFDIR, $configdir)) { - while ($file = readdir(CONFDIR)) { - next if ($file eq '.' || $file eq '..'); - if (-d "$configdir/$file") { - debug(1, "Skipping directory $configdir/$file - remove manually\n"); - next; - } - if (grep /^$file$/, @savefiles) { - debug(1, "saving file $configdir/$file\n"); - } else { - debug(1, "removing file $configdir/$file\n"); - unlink("$configdir/$file"); - } - } - closedir(CONFDIR); - # restore original conf files - foreach my $savefile (@saveconffiles) { - if (-f "$configdir/bakup/$savefile") { - if (system ("mv $configdir/bakup/$savefile $configdir")) { - debug(0, "Error Restoring $configdir/$savefile failed: $!"); - } - } - } - # Clean up the bakup dir - system ("rm -rf $configdir/bakup"); - } else { - debug(1, "Error: could not read config files in $configdir: $!"); - if (!$force) { - return ( [ 'error_removing_path', $configdir, $! ] ); - } - } - - return; -} - -sub updateSelinuxPolicy { - my $setup = shift; - my $configdir = shift; - my $securitydir = shift; - my $logdir = shift; - my $rundir = shift; - - # if selinux is not available, do nothing - if (usingSELinux()) { - # run restorecon on all directories we created - system("restorecon -R $configdir $securitydir $logdir $rundir"); - - # Label the selected port as http_port_t. - if ($setup->{inf}->{admin}->{Port}) { - my $need_label = 1; - - # check if the port is already labeled properly - my $portline = `semanage port -l | grep http_port_t | grep tcp`; - chomp($portline); - $portline =~ s/http_port_t\s+tcp\s+//g; - my @labeledports = split(/,\s+/, $portline); - foreach my $labeledport (@labeledports) { - if ($setup->{inf}->{admin}->{Port} == $labeledport) { - $need_label = 0; - last; - } - } - - if ($need_label == 1) { - system("semanage port -a -t http_port_t -p tcp $setup->{inf}->{admin}->{Port}"); - } - } - - # turn on the switch to allow admin server to connect to the ldap port - $? = 0; # clear error - - my $cmd = "getsebool httpd_can_connect_ldap"; - my $output = `$cmd 2>&1`; - chomp($output); - if ($output =~ /Error getting active value for httpd_can_connect_ldap/) { - # this version of selinux does not support the boolean value - debug(1, "This version of selinux does not support httpd_can_connect_ldap\n"); - } elsif ($?) { - $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); - } elsif ($output =~ /off$/) { - $cmd = "setsebool -P httpd_can_connect_ldap on"; - $? = 0; # clear error - $output = `$cmd 2>&1`; - chomp($output); - if ($?) { - $setup->msg($SetupLog::WARN, 'error_running_command', $cmd, $output, $!); - } else { - debug(1, "$cmd was successful\n"); - } - } else { - debug(1, "selinux boolean httpd_can_connect_ldap is already on - $output\n"); - } - } -} - -sub libpath_add { - my $libpath = shift; - - if ($libpath) { - if ($ENV{'LD_LIBRARY_PATH'}) { - $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:$libpath"; - } else { - $ENV{'LD_LIBRARY_PATH'} = "$libpath"; - } - } -} - -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: \ No newline at end of file diff --git a/user_saml_shibboleth-php7/ldap/DSCreate.pm b/user_saml_shibboleth-php7/ldap/DSCreate.pm deleted file mode 100644 index 627a67cf..00000000 --- a/user_saml_shibboleth-php7/ldap/DSCreate.pm +++ /dev/null @@ -1,1570 +0,0 @@ -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2013 Red Hat, Inc. -# All rights reserved. -# -# License: GPL (version 3 or any later version). -# See LICENSE for details. -# END COPYRIGHT BLOCK -# - -########################### -# -# This perl module provides a way to create a new instance of -# directory server. -# -########################## - -package DSCreate; -use DSUtil; -use Inf; -use FileConn; -use Config; - -use Sys::Hostname; -# tempfiles -use File::Temp qw(tempfile tempdir); -use File::Path; -use File::Copy; -use File::Basename qw(basename dirname); -use POSIX qw(:errno_h); - -# load perldap -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Utils qw(normalizeDN); -use Mozilla::LDAP::API qw(ldap_explode_dn); -use Mozilla::LDAP::LDIF; - -use POSIX ":sys_wait_h"; - -use Exporter; -@ISA = qw(Exporter); -@EXPORT = qw(createDSInstance removeDSInstance setDefaults createInstanceScripts - makeOtherConfigFiles installSchema updateSelinuxPolicy updateTmpfilesDotD - get_initconfigdir updateSystemD makeDSDirs); -@EXPORT_OK = qw(createDSInstance removeDSInstance setDefaults createInstanceScripts - makeOtherConfigFiles installSchema updateSelinuxPolicy updateTmpfilesDotD - get_initconfigdir updateSystemD makeDSDirs); - -use strict; - -use SetupLog; - -sub get_initconfigdir { - my $prefix = shift; - - # determine initconfig_dir - if (getLogin eq 'root') { - return "$prefix/etc/sysconfig"; - } else { - return "$ENV{HOME}/.dirsrv"; - } -} - -sub checkPort { - my $inf = shift; - - # allow port 0 if ldapi is used - if ("1") { - if ($inf->{slapd}->{ldapifilepath} && - ($inf->{slapd}->{ServerPort} == 0)) { - return (); - } - } - - if ($inf->{slapd}->{ServerPort} !~ /^\d+$/) { - return ('error_port_invalid', $inf->{slapd}->{ServerPort}); - } - if (!portAvailable($inf->{slapd}->{ServerPort})) { - return ('error_port_available', $inf->{slapd}->{ServerPort}, $!); - } - - return (); -} - -# checks the parameters in $inf to make sure the supplied values -# are valid -# returns null if successful, or an error string for use with getText() -sub sanityCheckParams { - my $inf = shift; - my @errs = (); - - # if we don't need to start the server right away, we can skip the - # port number checks - if (!defined($inf->{slapd}->{start_server}) or - ($inf->{slapd}->{start_server} == 1)) { - - if (@errs = checkPort($inf)) { - return @errs; - } - } - - if($inf->{slapd}->{ServerIdentifier} eq "admin"){ - return ('error_reserved_serverid' ,"admin"); - } elsif (!isValidServerID($inf->{slapd}->{ServerIdentifier})) { - return ('error_invalid_serverid', $inf->{slapd}->{ServerIdentifier}); - } elsif (-d $inf->{slapd}->{config_dir}) { - return ('error_server_already_exists', $inf->{slapd}->{config_dir}); - } - - if (@errs = isValidUser($inf->{General}->{SuiteSpotUserID})) { - return @errs; - } - - if (@errs = isValidGroup($inf->{General}->{SuiteSpotGroup})) { - return @errs; - } - - if (!isValidDN($inf->{slapd}->{Suffix})) { - return ('dialog_dssuffix_error', $inf->{slapd}->{Suffix}); - } - - if (!isValidDN($inf->{slapd}->{RootDN})) { - return ('dialog_dsrootdn_error', $inf->{slapd}->{RootDN}); - } - - if ($inf->{slapd}->{RootDNPwd} =~ /^\{\w+\}.+/) { - debug(1, "The root password is already hashed - no checking will be performed\n"); - } elsif (length($inf->{slapd}->{RootDNPwd}) < 8) { - debug(0, "WARNING: The root password is less than 8 characters long. You should choose a longer one.\n"); - } - - $inf->{General}->{StrictHostCheck} = lc $inf->{General}->{StrictHostCheck}; - - if ("true" ne $inf->{General}->{StrictHostCheck} && "false" ne $inf->{General}->{StrictHostCheck}) { - debug(1, "StrictHostCheck is not a valid boolean"); - return ('error_invalid_boolean', $inf->{General}->{StrictHostCheck}); - } - - if ($inf->{General}->{StrictHostCheck} eq "true" ) { - if (@errs = checkHostname($inf->{General}->{FullMachineName}, 0)) { - debug(1, @errs); - return @errs; - } - } - - # We need to make sure this value is lowercase - $inf->{slapd}->{InstScriptsEnabled} = lc $inf->{slapd}->{InstScriptsEnabled}; - - if ("true" ne $inf->{slapd}->{InstScriptsEnabled} && "false" ne $inf->{slapd}->{InstScriptsEnabled}) { - debug(1, "InstScriptsEnabled is not a valid boolean"); - return ('error_invalid_boolean', $inf->{slapd}->{InstScriptsEnabled}); - } - - - return (); -} - -sub getMode { - my $inf = shift; - my $mode = shift; - my $rest = shift; - if (!$rest) { - $rest = "0"; - } - if (defined($inf->{General}->{SuiteSpotGroup})) { - $mode = "0" . $mode . $mode . $rest; - } else { - $mode = "0" . $mode . $rest . $rest; - } - - return oct($mode); -} - -# This is used to change the ownership and permissions of files and directories -# The mode is just a single digit octal number (e.g. 4 6 7) -# If there is a group, the ownership and permissions will allow group access -# otherwise, only the owner will be allowed access -sub changeOwnerMode { - my $inf = shift; - my $mode = shift; - my $it = shift; - my $gidonly = shift; - my $othermode = shift; - - my $uid = getpwnam $inf->{General}->{SuiteSpotUserID}; - my $gid = -1; # default to leave it alone - my $mode_string = ""; - - if (defined($inf->{General}->{SuiteSpotGroup})) { - $gid = getgrnam $inf->{General}->{SuiteSpotGroup}; - } - - $mode = getMode($inf, $mode, $othermode); - - $! = 0; # clear errno - chmod $mode, $it; - if ($!) { - return ('error_chmoding_file', $it, $!); - } - - $mode_string = sprintf "%lo", $mode; - debug(1, "changeOwnerMode: changed mode of $it to $mode_string\n"); - - $! = 0; # clear errno - if ( $gidonly ) { - chown -1, $gid, $it; - } else { - chown $uid, $gid, $it; - } - if ($!) { - return ('error_chowning_file', $it, $inf->{General}->{SuiteSpotUserID}, $!); - } - - if ( $gidonly ) { - debug(1, "changeOwnerMode: changed group ownership of $it to group $gid\n"); - } else { - debug(1, "changeOwnerMode: changed ownership of $it to user $uid group $gid\n"); - } - - return (); -} - -sub makeDSDirs { - my $inf = shift; - my $verbose = ($DSUtil::debuglevel > 0); - my $mode = getMode($inf, 7); - my @errs; - - my @dsdirs = qw(config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_dir ldif_dir bak_dir); - if ($inf->{slapd}->{InstScriptsEnabled} eq "true") { - @dsdirs = qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_dir ldif_dir bak_dir); - } - - # These paths are owned by the SuiteSpotGroup - # This allows the admin server to run as a different, - # more privileged user than the directory server, but - # still allows the admin server to manage directory - # server files/dirs without being root - for my $kw (@dsdirs) { - my $dir = $inf->{slapd}->{$kw}; - @errs = makePaths($dir, $mode, $inf->{General}->{SuiteSpotUserID}, - $inf->{General}->{SuiteSpotGroup}); - if (@errs) { - return @errs; - } - } - # run_dir is a special case because it is usually shared among - # all instances and the admin server - # all instances must be able to write to it - # if the SuiteSpotUserID is root or 0, we can just skip - # this because root will have access to it - we really - # shouldn't be using root anyway, primarily just for - # legacy migration support - # if there are two different user IDs that need access - # to this directory, then SuiteSpotGroup must be defined, - # and both users must be members of the SuiteSpotGroup - if (($inf->{General}->{SuiteSpotUserID} eq 'root') || - (defined($inf->{General}->{SuiteSpotUserID}) && - ($inf->{General}->{SuiteSpotUserID} =~ /^0$/))) { - # skip - debug(3, "Root user " . $inf->{General}->{SuiteSpotUserID} . " already has access to $inf->{slapd}->{run_dir} - skipping\n"); - } else { - my $dir = $inf->{slapd}->{run_dir}; - # rwx by user only, or by user & group if a group is defined. Also only change the group ownership. - @errs = changeOwnerMode($inf, 7, $dir, 1); - debug(3, "\t" . `/bin/ls -ld $dir`); - } - # set the group of the parent dir of config_dir and inst_dir - if (defined($inf->{General}->{SuiteSpotGroup})) { - for my $kw (qw(inst_dir config_dir)) { - my $dir = $inf->{slapd}->{$kw}; - my $parent = dirname($dir); - # changeOwnerMode(inf, mode, file, gidonly, othermode); - @errs = changeOwnerMode($inf, 7, $parent, 1, 5); - if (@errs) { - return @errs; - } - } - } - - return @errs; -} - -sub createInstanceScripts { - my $inf = shift; - my $skip = shift; - my $perlexec = "/usr/bin/perl" || "/usr/bin/env perl"; - my $myperl = "!$perlexec"; - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - - # If we have InstScriptsEnabled, we likely have setup.inf or the argument. - # However, during an upgrade, we need to know if we should upgrade the template files or not. - # For now, the easiest way is to check to if the directory exists, and if is does, we assume we want to upgrade / create the updated scripts. - if ($inf->{slapd}->{InstScriptsEnabled} eq "true" || -d $inf->{slapd}->{inst_dir} ) { - debug(1, "Creating or updating instance directory scripts\n"); - # determine initconfig_dir - my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix}); - - my %maptable = ( - "DS-ROOT" => $inf->{General}->{prefix}, - "SEP" => "/", # works on all platforms - "SERVER-NAME" => $inf->{General}->{FullMachineName}, - "SERVER-PORT" => $inf->{slapd}->{ServerPort}, - "PERL-EXEC" => $myperl, - "DEV-NULL" => $mydevnull, - "ROOT-DN" => $inf->{slapd}->{RootDN}, - "LDIF-DIR" => $inf->{slapd}->{ldif_dir}, - "SERV-ID" => $inf->{slapd}->{ServerIdentifier}, - "BAK-DIR" => $inf->{slapd}->{bak_dir}, - "SERVER-DIR" => $inf->{General}->{ServerRoot}, - "CONFIG-DIR" => $inf->{slapd}->{config_dir}, - "INITCONFIG-DIR" => $initconfig_dir, - "INST-DIR" => $inf->{slapd}->{inst_dir}, - "RUN-DIR" => $inf->{slapd}->{run_dir}, - "PRODUCT-NAME" => "slapd", - "SERVERBIN-DIR" => $inf->{slapd}->{sbindir}, - "DB-DIR" => $inf->{slapd}->{db_dir} - ); - - - my $dir = "$inf->{General}->{prefix}/usr/share/dirsrv/script-templates"; - for my $file (glob("$dir/template-*")) { - my $basename = $file; - $basename =~ s/^.*template-//; - my $destfile = "$inf->{slapd}->{inst_dir}/$basename"; - debug(1, "$destfile\n"); - - next if ($skip and -f $destfile); # in skip mode, skip files that already exist - - if (!open(SRC, "< $file")) { - return ("error_opening_scripttmpl", $file, $!); - } - if (!open(DEST, "> $destfile")) { - return ("error_opening_scripttmpl", $destfile, $!); - } - my $contents; # slurp entire file into memory - read SRC, $contents, int(-s $file); - close(SRC); - while (my ($key, $val) = each %maptable) { - $contents =~ s/\{\{$key\}\}/$val/g; - } - print DEST $contents; - close(DEST); - my @errs = changeOwnerMode($inf, 5, $destfile); - if (@errs) { - return @errs; - } - } - } else { - debug(1, "No instance directory scripts will be updated or created\n"); - } - - return (); -} - -sub createConfigFile { - my $inf = shift; - my $conffile = "$inf->{slapd}->{config_dir}/dse.ldif"; - my $conn = new FileConn; - my @errs; - - # first, create the basic config - my $mapper = new Inf("$inf->{General}->{prefix}/usr/share/dirsrv/inf/dscreate.map"); - my $dsinf = new Inf("$inf->{General}->{prefix}/usr/share/dirsrv/inf/slapd.inf"); - if (!$inf->{slapd}->{ds_bename}) { - $inf->{slapd}->{ds_bename} = "userRoot"; # for suffix-db - } - $mapper = process_maptbl($mapper, \@errs, $inf, $dsinf); - if (!$mapper or @errs) { - $conn->close(); - if (!@errs) { - @errs = ('error_creating_file', $conffile, $!); - } - return @errs; - } - - my @ldiffiles = ("$inf->{General}->{prefix}/usr/share/dirsrv/data/template-dse.ldif", - "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-suffix-db.ldif", - "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-sasl.ldif"); - if ("1") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-pampta.ldif"; - } - if ("1") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-bitwise.ldif"; - } - if ("1") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-dnaplugin.ldif"; - } - if (-f "$inf->{General}->{prefix}/usr/share/dirsrv/updates/50replication-plugins.ldif") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/updates/50replication-plugins.ldif"; - } - if (-f "$inf->{General}->{prefix}/usr/share/dirsrv/updates/50posix-winsync-plugin.ldif") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/updates/50posix-winsync-plugin.ldif"; - } - - if (-f "$inf->{General}->{prefix}/usr/share/dirsrv/data/90betxn-plugins.ldif") { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/data/90betxn-plugins.ldif"; - } - - # additional configuration LDIF files - if (exists($inf->{slapd}->{ConfigFile})) { - if (ref($inf->{slapd}->{ConfigFile})) { - push @ldiffiles, @{$inf->{slapd}->{ConfigFile}}; - } else { - push @ldiffiles, $inf->{slapd}->{ConfigFile}; - } - } - - getMappedEntries($mapper, \@ldiffiles, \@errs, \&check_and_add_entry, - [$conn]); - - if (@errs) { - $conn->close(); - return @errs; - } - - if ("1") { - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - if (defined($inf->{slapd}->{ldapifilepath})) { - $ent->setValues("nsslapd-ldapifilepath", $inf->{slapd}->{ldapifilepath}); - $ent->setValues("nsslapd-ldapilisten", "on"); - } else { - my $parent = dirname($inf->{slapd}->{run_dir}); - $ent->setValues("nsslapd-ldapifilepath", - "$parent/slapd-$inf->{slapd}->{ServerIdentifier}.socket"); - $ent->setValues("nsslapd-ldapilisten", "off"); - } - if ("1") { - $ent->setValues("nsslapd-ldapiautobind", "off"); - $ent->setValues("nsslapd-ldapimaprootdn", $inf->{slapd}->{RootDN}); - $ent->setValues("nsslapd-ldapimaptoentries", "off"); - $ent->setValues("nsslapd-ldapiuidnumbertype", "uidNumber"); - $ent->setValues("nsslapd-ldapigidnumbertype", "gidNumber"); - $ent->setValues("nsslapd-ldapientrysearchbase", $inf->{slapd}->{Suffix}); - if ("") { - $ent->setValues("nsslapd-ldapiautodnsuffix", "cn=peercred,cn=external,cn=auth"); - } - } - $ent->setValues("nsslapd-defaultNamingContext", $inf->{slapd}->{Suffix}); - if (!$conn->update($ent)) { - $conn->close(); - return ("error_enabling_feature", "ldapi", $conn->getErrorString()); - } - } - - if ($inf->{slapd}->{sasl_path}) { - my $ent = $conn->search("cn=config", "base", "(objectclass=*)"); - $ent->setValues("nsslapd-saslpath", $inf->{slapd}->{sasl_path}); - if (!$conn->update($ent)) { - $conn->close(); - return ("error_enabling_feature", "sasl_path", $conn->getErrorString()); - } - } - - if (!$conn->write($conffile)) { - $conn->close(); - return ("error_writing_ldif", $conffile, $!); - } - $conn->close(); - - if (@errs = changeOwnerMode($inf, 6, $conffile)) { - return @errs; - } - # make a copy - my $origconf = "$inf->{slapd}->{config_dir}/dse_original.ldif"; - $! = 0; # clear errno - copy($conffile, $origconf); - if ($!) { - return ('error_copying_file', $conffile, $origconf, $!); - } - if (@errs = changeOwnerMode($inf, 4, $origconf)) { - return @errs; - } - - return @errs; -} - -sub makeOtherConfigFiles { - my $inf = shift; - my $skip = shift; - my @errs; - my %maptable = ( - "DS-ROOT" => $inf->{General}->{prefix}, - "SERVER-DIR" => $inf->{General}->{ServerRoot}, - "CONFIG-DIR" => $inf->{slapd}->{config_dir}, - "INST-DIR" => $inf->{slapd}->{inst_dir}, - "RUN-DIR" => $inf->{slapd}->{run_dir}, - "PRODUCT-NAME" => "slapd", - "SERVERBIN-DIR" => $inf->{slapd}->{sbindir}, - ); - - # install certmap.conf at - my $src = "$inf->{General}->{prefix}/etc/dirsrv/config/certmap.conf"; - my $dest = "$inf->{slapd}->{config_dir}/certmap.conf"; - $! = 0; # clear errno - - #in skip mode, skip files that already exist - unless ($skip and -f $dest) { - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - $src = "$inf->{General}->{prefix}/etc/dirsrv/config/slapd-collations.conf"; - $dest = "$inf->{slapd}->{config_dir}/slapd-collations.conf"; - - $! = 0; # clear errno - - #in skip mode, skip files that already exist - unless ($skip and -f $dest) { - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - # determine initconfig_dir - my $initconfig_dir = $inf->{slapd}->{initconfig_dir} || get_initconfigdir($inf->{General}->{prefix}); - - # install instance specific initconfig script - $src = "$inf->{General}->{prefix}/etc/dirsrv/config/template-initconfig"; - $dest = "$initconfig_dir/dirsrv-$inf->{slapd}->{ServerIdentifier}"; - - $! = 0; # clear errno - - # in skip mode, skip files that already exist - unless ($skip and -f $dest) { - if (!open(SRC, "< $src")) { - return ("error_opening_scripttmpl", $src, $!); - } - if (!open(DEST, "> $dest")) { - return ("error_opening_scripttmpl", $dest, $!); - } - my $contents; # slurp entire file into memory - read SRC, $contents, int(-s $src); - close(SRC); - while (my ($key, $val) = each %maptable) { - $contents =~ s/\{\{$key\}\}/$val/g; - } - print DEST $contents; - close(DEST); - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; - } - } - - return (); -} - -sub installSchema { - my $inf = shift; - my $skip = shift; - my @errs; - my @schemafiles = (); - if (!defined($inf->{slapd}->{install_full_schema}) or - $inf->{slapd}->{install_full_schema}) { - push @schemafiles, glob("$inf->{General}->{prefix}/etc/dirsrv/schema/*"); - } else { - push @schemafiles, "$inf->{General}->{prefix}/etc/dirsrv/schema/00core.ldif", - "$inf->{General}->{prefix}/etc/dirsrv/schema/01core389.ldif"; - } - - # additional schema files - if (exists($inf->{slapd}->{SchemaFile})) { - if (ref($inf->{slapd}->{SchemaFile})) { - push @schemafiles, @{$inf->{slapd}->{SchemaFile}}; - } else { - push @schemafiles, $inf->{slapd}->{SchemaFile}; - } - } - for my $file (@schemafiles) { - my $src = $file; - my $basename = basename($src); - my $dest = "$inf->{slapd}->{schema_dir}/$basename"; - - next if ($skip and -f $dest); # skip files that already exist - - $! = 0; # clear errno - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - my $mode = 4; # default read only - if ($basename eq "99user.ldif") { - $mode = 6; # read write - } - if (@errs = changeOwnerMode($inf, $mode, $dest)) { - return @errs; - } - } - - return (); -} - -# maps the suffix attr to the filename to use -my %suffixTable = ( - 'o' => "/usr/share/dirsrv/data/template-org.ldif", - 'dc' => "/usr/share/dirsrv/data/template-domain.ldif", - 'ou' => "/usr/share/dirsrv/data/template-orgunit.ldif", - 'st' => "/usr/share/dirsrv/data/template-state.ldif", - 'l' => "/usr/share/dirsrv/data/template-locality.ldif", - 'c' => "/usr/share/dirsrv/data/template-country.ldif" -); - -sub initDatabase { - my $inf = shift; - my $istempldif = 0; - # If the user has specified an LDIF file to use to initialize the database, - # load it now - my $ldiffile = $inf->{slapd}->{InstallLdifFile}; - if ($ldiffile =~ /none/i) { - debug(1, "No ldif file or org entries specified - no initial database will be created\n"); - return (); - } elsif ($ldiffile && ($ldiffile !~ /suggest/i)) { - debug(1, "Loading initial ldif file $ldiffile\n"); - if (! -r $ldiffile) { - return ('error_opening_init_ldif', $ldiffile); - } - } elsif (($inf->{slapd}->{Suffix} =~ /^(.*?)=/) && $suffixTable{$1}) { - my @errs; - my $template = $inf->{General}->{prefix} . $suffixTable{$1}; - my $mapper = new Inf("$inf->{General}->{prefix}/usr/share/dirsrv/inf/dsorgentries.map"); - my $dsinf = new Inf("$inf->{General}->{prefix}/usr/share/dirsrv/inf/slapd.inf"); - my @rdns = ldap_explode_dn($inf->{slapd}->{Suffix}, 1); - $inf->{slapd}->{naming_value} = $rdns[0]; - $mapper = process_maptbl($mapper, \@errs, $inf, $dsinf); - if (!$mapper or @errs) { - return @errs; - } - - my @ldiffiles = ($template, "$inf->{General}->{prefix}/usr/share/dirsrv/data/template-baseacis.ldif"); - # default is to create org entries unless explicitly set to none - if (!exists($inf->{slapd}->{InstallLdifFile}) or - ($inf->{slapd}->{InstallLdifFile} =~ /suggest/i)) { - push @ldiffiles, "$inf->{General}->{prefix}/usr/share/dirsrv/data/template.ldif"; - } - - my ($fh, $templdif) = tempfile("ldifXXXXXX", SUFFIX => ".ldif", OPEN => 0, - DIR => File::Spec->tmpdir); - if (!$templdif) { - return ('error_creating_templdif', $!); - } - my $conn = new FileConn; - $conn->setNamingContext($inf->{slapd}->{Suffix}); - getMappedEntries($mapper, \@ldiffiles, \@errs, \&check_and_add_entry, - [$conn]); - if (@errs) { - $conn->close(); - return @errs; - } - if (!$conn->write($templdif)) { - $conn->close(); - return ('error_writing_ldif', $templdif, $!); - } - $conn->close(); - if (@errs) { - return @errs; - } - if (@errs = changeOwnerMode($inf, 4, $templdif)) { - unlink($ldiffile); - return @errs; - } - # $templdif now contains the ldif to import - $ldiffile = $templdif; - $istempldif = 1; - } - if (!$ldiffile) { - return (); - } - - my $cmd = "$inf->{slapd}->{sbindir}/ldif2db -Z $inf->{slapd}->{ServerIdentifier} -n $inf->{slapd}->{ds_bename} -i \'$ldiffile\'"; - $? = 0; # clear error condition - my $output = `$cmd 2>&1`; - my $result = $?; - if ($istempldif) { - unlink($ldiffile); - } - if ($result) { - return ('error_importing_ldif', $ldiffile, $result, $output); - } - - debug(1, $output); - - return (); -} - -sub startServer { - my $inf = shift; - return () if (defined($inf->{slapd}->{start_server}) && !$inf->{slapd}->{start_server}); - - my @errs; - # get error log - my $errLog = "$inf->{slapd}->{log_dir}/errors"; - my $startcmd = "/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 3"; - if ("/usr/lib/systemd/system" and (getLogin() eq 'root')) { - $startcmd = "/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && sleep 3"; - } - - # emulate tail -f - # if the last line we see does not contain "slapd started", try again - my $done = 0; - my $started = 0; - my $code = 0; - my $lastLine = ""; - my $cmdPat = 'slapd started\.'; - my $timeout = $inf->{slapd}->{startup_timeout}; - - $timeout = $timeout?$timeout:600; # default is 10 minutes - $timeout = time + $timeout; - - debug(1, "Starting the server: $startcmd\n"); - - # We have to do this because docker is incapable of sane process management - # Sadly we have to sacrifice output collection, because of perl issues - my $cpid = open(my $output, "-|", "$startcmd 2>&1"); - my $code = -512; - if ($cpid) { - # Parent process - waitpid($cpid,0); - $code = $?; - } - close($output); - if ($code) { - debug(0, "Process returned $code\n"); - } else { - debug(1, "Process returned $code\n"); - } - - # try to open the server error log - my $ii = 0; - while (time < $timeout) { - if (open(IN, $errLog)) { - last; - } - sleep(1); - if (!($ii % 10)) { - debug(0, "Attempting to obtain server status . . .\n"); - } - ++$ii; - } - - if (! -f $errLog) { - debug(0, "Error: Could not read error log $errLog to get server startup status. Error: $!\n"); - return ('error_starting_server', $startcmd, "no status", $!); - } - if (time >= $timeout) { - debug(0, "Error: timed out waiting for the server to start and write to $errLog"); - return ('error_starting_server', $startcmd, "timeout", 0); - } - - my $pos = tell(IN); - my $line; - while (($done == 0) && (time < $timeout)) { - for (; ($done == 0) && ($line = ); $pos = tell(IN)) { - $lastLine = $line; - debug(1, $line); - if ($line =~ /$cmdPat/) { - $done = 1; - $started = 1; - } elsif ($line =~ /Initialization Failed/) { - debug(1, "Server failed to start, retrying . . .\n"); - $code = system($startcmd); - } elsif ($line =~ /exiting\./) { - debug(1, "Server failed to start, retrying . . .\n"); - $code = system($startcmd); - } - } - if ($lastLine =~ /PR_Bind/) { - # server port conflicts with another one, just report and punt - debug(0, $lastLine); - @errs = ('error_port_available', $inf->{slapd}->{ServerPort}, $!); - $done = 1; - } - if ($done == 0) { - # rest a bit, then . . . - sleep(2); - # . . . reset the EOF status of the file desc - seek(IN, $pos, 0); - } - } - close(IN); - - if (!$started) { - $! = $code; - my $now = time; - if ($now > $timeout) { - debug(0, "Possible timeout starting server: timeout=$timeout now=$now\n"); - } - @errs = ('error_starting_server', $startcmd, $lastLine, $!); - } else { - debug(1, "Your new directory server has been started.\n"); - } - - return @errs; -} - -sub set_path_attribute { - my $val = shift; - my $defaultval = shift; - my $prefix = shift; - - if ($val) { - return "$prefix" . "$val"; - } else { - return "$prefix" . "$defaultval"; - } -} - -sub set_localrundir { - my $val = shift; - my $prefix = shift; - - if ($val) { - return "$prefix" . "$val"; - } else { - return ""; - } -} - -sub setDefaults { - my $inf = shift; - # set default values - - # this turns off the warnings - if (!defined($inf->{General}->{prefix})) { - $inf->{General}->{prefix} = ""; - } - - if (!$inf->{General}->{FullMachineName}) { - $inf->{General}->{FullMachineName} = hostname(); - } - - if (!$inf->{General}->{SuiteSpotUserID}) { - if ($> != 0) { # if not root, use the user's uid - $inf->{General}->{SuiteSpotUserID} = getLogin; - } else { - return('error_missing_userid'); - } - } - - if (!$inf->{General}->{SuiteSpotGroup}) { - # If the group wasn't specified, use the primary group - # of the SuiteSpot user - $inf->{General}->{SuiteSpotGroup} = getGroup($inf->{General}->{SuiteSpotUserID}); - } - - if (!$inf->{slapd}->{RootDN}) { - $inf->{slapd}->{RootDN} = "cn=Directory Manager"; - } - - if (!$inf->{slapd}->{Suffix}) { - my $suffix = $inf->{General}->{FullMachineName}; - # convert fqdn to dc= domain components - $suffix =~ s/^[^\.]*\.//; # just the domain part - $suffix = "dc=$suffix"; - $suffix =~ s/\./,dc=/g; - $inf->{slapd}->{Suffix} = $suffix; - } - $inf->{slapd}->{Suffix} = normalizeDN($inf->{slapd}->{Suffix}); - - if (!$inf->{slapd}->{ServerIdentifier}) { - my $servid = $inf->{General}->{FullMachineName}; - # strip out the leftmost domain component - $servid =~ s/\..*$//; - $inf->{slapd}->{ServerIdentifier} = $servid; - } - - if ("") { - $inf->{General}->{ServerRoot} = "$inf->{General}->{prefix}/opt/dirsrv"; - } else { - $inf->{General}->{ServerRoot} = "$inf->{General}->{prefix}/usr/lib64/dirsrv"; - } - - if (!defined($inf->{slapd}->{sasl_path})) { - if ($Config{'osname'} ne "linux") { - $inf->{slapd}->{sasl_path} = "$inf->{General}->{prefix}/usr/lib64/sasl2"; - } - } - - if (!defined($inf->{slapd}->{ServerPort}) and - !defined($inf->{slapd}->{ldapifilepath})) { - if ("1") { - return ('error_missing_port_and_ldapi'); - } else { - return ('error_missing_port'); - } - } - - if (!defined($inf->{slapd}->{ServerPort})) { - $inf->{slapd}->{ServerPort} = 0; - } - - $inf->{slapd}->{HashedRootDNPwd} = getHashedPassword($inf->{slapd}->{RootDNPwd}); - - $inf->{slapd}->{localstatedir} = set_path_attribute($inf->{slapd}->{localstatedir}, - "/var", - $inf->{General}->{prefix}); - my $localstatedir = $inf->{slapd}->{localstatedir}; - my $servid = $inf->{slapd}->{ServerIdentifier}; - $inf->{slapd}->{sysconfdir} = set_path_attribute($inf->{slapd}->{sysconfdir}, - "/etc", - $inf->{General}->{prefix}); - my $sysconfdir = $inf->{slapd}->{sysconfdir}; - $inf->{slapd}->{bindir} = set_path_attribute($inf->{slapd}->{bindir}, - "/usr/bin", - $inf->{General}->{prefix}); - $inf->{slapd}->{sbindir} = set_path_attribute($inf->{slapd}->{sbindir}, - "/usr/sbin", - $inf->{General}->{prefix}); - $inf->{slapd}->{datadir} = set_path_attribute($inf->{slapd}->{datadir}, - "/usr/share", - $inf->{General}->{prefix}); - - if (!defined($inf->{slapd}->{InstScriptsEnabled})) { - $inf->{slapd}->{InstScriptsEnabled} = "true"; - } - - if (!defined($inf->{General}->{StrictHostCheck})) { - $inf->{General}->{StrictHostCheck} = "true"; - } - - if (!defined($inf->{slapd}->{inst_dir})) { - $inf->{slapd}->{inst_dir} = "$inf->{General}->{ServerRoot}/slapd-$servid"; - } - - if (!defined($inf->{slapd}->{config_dir})) { - $inf->{slapd}->{config_dir} = "$inf->{General}->{prefix}/etc/dirsrv/slapd-$servid"; - } - $ENV{DS_CONFIG_DIR} = $inf->{slapd}->{config_dir}; - - if (!defined($inf->{slapd}->{schema_dir})) { - $inf->{slapd}->{schema_dir} = "$sysconfdir/dirsrv/slapd-$servid/schema"; - } - - if (!defined($inf->{slapd}->{lock_dir})) { - if ("") { - $inf->{slapd}->{lock_dir} = "$localstatedir/dirsrv/slapd-$servid/lock"; - } else { - $inf->{slapd}->{lock_dir} = "$localstatedir/lock/dirsrv/slapd-$servid"; - } - } - - if (!defined($inf->{slapd}->{log_dir})) { - if ("") { - $inf->{slapd}->{log_dir} = "$localstatedir/dirsrv/slapd-$servid/log"; - } else { - $inf->{slapd}->{log_dir} = "$localstatedir/log/dirsrv/slapd-$servid"; - } - } - - if (!defined($inf->{slapd}->{run_dir})) { - if ("") { - $inf->{slapd}->{run_dir} = "$localstatedir/dirsrv/slapd-$servid/run"; - } else { - $inf->{slapd}->{run_dir} = "$localstatedir/run/dirsrv"; - } - } - $ENV{DS_RUN_DIR} = $inf->{slapd}->{run_dir}; - - if (!defined($inf->{slapd}->{db_dir})) { - if ("") { - $inf->{slapd}->{db_dir} = "$localstatedir/dirsrv/slapd-$servid/db"; - } else { - $inf->{slapd}->{db_dir} = "$localstatedir/lib/dirsrv/slapd-$servid/db"; - } - } - - if (!defined($inf->{slapd}->{bak_dir})) { - if ("") { - $inf->{slapd}->{bak_dir} = "$localstatedir/dirsrv/slapd-$servid/bak"; - } else { - $inf->{slapd}->{bak_dir} = "$localstatedir/lib/dirsrv/slapd-$servid/bak"; - } - } - $ENV{DS_BAK_DIR} = $inf->{slapd}->{bak_dir}; - - if (!defined($inf->{slapd}->{ldif_dir})) { - if ("") { - $inf->{slapd}->{ldif_dir} = "$localstatedir/dirsrv/slapd-$servid/ldif"; - } else { - $inf->{slapd}->{ldif_dir} = "$localstatedir/lib/dirsrv/slapd-$servid/ldif"; - } - } - - if (!defined($inf->{slapd}->{tmp_dir})) { - if ("") { - $inf->{slapd}->{tmp_dir} = "/tmp"; - } else { - $inf->{slapd}->{tmp_dir} = "/tmp"; - } - } - $ENV{DS_TMP_DIR} = $inf->{slapd}->{tmp_dir}; - - if (!defined($inf->{slapd}->{cert_dir})) { - $inf->{slapd}->{cert_dir} = $inf->{slapd}->{config_dir}; - } - - return (); -} - -sub updateSelinuxPolicy { - my $inf = shift; - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - - # if selinux is not available, do nothing - # In perl, exit(1) is 256 from system. ds_selinux_enable returns 1 on true, 0 on false. - if ((getLogin() eq 'root') and "yes" and system("$inf->{slapd}->{sbindir}/ds_selinux_enabled") == 256 ) { - debug(1, "Selinux is enabled or permissive, fixing contexts\n"); - # -f "/usr/sbin/sestatus" and !system ("/usr/sbin/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) { - my $localstatedir = $inf->{slapd}->{localstatedir}; - - # run restorecon on all of the parent directories we - # may have created (this only happens if this is the - # first instance created). - if ("") { - system("restorecon -R $localstatedir/dirsrv"); - } else { - system("restorecon -R $localstatedir/lock/dirsrv"); - system("restorecon -R $localstatedir/log/dirsrv"); - system("restorecon -R $localstatedir/run/dirsrv"); - system("restorecon -R $localstatedir/lib/dirsrv"); - } - - my @inst_dirs = qw(config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_dir ldif_dir bak_dir); - if ($inf->{slapd}->{InstScriptsEnabled} eq "true") { - @inst_dirs = qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_dir ldif_dir bak_dir); - } - # run restorecon on all instance directories we created - for my $kw (@inst_dirs) { - my $dir = $inf->{slapd}->{$kw}; - system("restorecon -R $dir"); - } - - # label the selected port as ldap_port_t - # We should be doing this for secure port too ..... - if ($inf->{slapd}->{ServerPort} != 0) { - my $port_query_cmd = ("$inf->{slapd}->{sbindir}/ds_selinux_port_query $inf->{slapd}->{ServerPort} ldap_port_t 2> $mydevnull"); - my $need_label = 0; - my $result = system($port_query_cmd); - - # 0 is false, 1 is true. True means 'already in policy'. - if ($result == 0) { - debug(1, "Port $inf->{slapd}->{ServerPort} must be labeled as ldap_port_t \n"); - $need_label = 1; - } - if ($result == 512) { - $need_label = 0; - debug(0, "Port $inf->{slapd}->{ServerPort} already belongs to another selinux type.\n"); - debug(0, " The command below will show you the current type that owns the port.\n"); - debug(0, "sudo $inf->{slapd}->{sbindir}/ds_selinux_port_query $inf->{slapd}->{ServerPort} ldap_port_t\n"); - debug(0, " It is highly likely your server will fail to start ... \n"); - } - if ($result == 131072) { - $need_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - - if ($need_label == 1) { - my $semanage_err; - my $rc; - # 60 is a bit excessive, we should fail faster. - my $retry = 2; - $ENV{LANG} = "C"; - while (($retry > 0) && ($semanage_err = `semanage port -a -t ldap_port_t -p tcp $inf->{slapd}->{ServerPort} 2>&1`) && ($rc = $?)) { - debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc, $retry attempts remain).\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - if (0 == $retry) { - debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc).\n"); - debug(1, "Reached time limit.\n"); - } - } - } - } -} - -sub updateTmpfilesDotD { - my $inf = shift; - my $dir = "/etc/tmpfiles.d"; - my $rundir; - my $lockdir; - my $parentdir; - - # if tmpfiles.d is not available, do nothing - if ((getLogin() eq 'root') and $dir and -d $dir) { - my $filename = "$dir/dirsrv-$inf->{slapd}->{ServerIdentifier}.conf"; - if (-f $filename) { - debug(3, "Removing the old tmpfile: $filename\n"); - if (!unlink($filename)){ - debug(1, "Can not delete old tmpfile $filename ($!)\n"); - return(); - } - } - debug(3, "Creating $filename\n"); - my $username = ""; - my $groupname = ""; - my $conffile = "$inf->{slapd}->{config_dir}/dse.ldif"; - # use the owner:group from the dse.ldif for the instance - if (-f $conffile) { - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, - $atime,$mtime,$ctime,$blksize,$blocks) - = stat(_); - $username = getpwuid($uid); - if (!$username) { - debug(1, "Error: could not get username from uid $uid\n"); - } - $groupname = getgrgid($gid); - } - # else, see if we were passed in values to use - if (!$username) { - $username = $inf->{General}->{SuiteSpotUserID}; - } - if (!$groupname) { - if (defined($inf->{General}->{SuiteSpotGroup})) { - $groupname = $inf->{General}->{SuiteSpotGroup}; - } else { # $groupname - $groupname = "-"; # use default - } - } - if (!open(DOTDFILE, ">$filename")) { - return ( [ 'error_creating_file', $filename, $! ] ); - } - # Type Path Mode UID GID Age - # d /var/run/user 0755 root root 10d - # we don't use age - my $localrundir = set_localrundir("/run", $inf->{General}->{prefix}); - if( $localrundir ne "" && -d "$localrundir"){ - $rundir = "$localrundir/dirsrv"; - $lockdir = "$localrundir/lock/dirsrv/slapd-$inf->{slapd}->{ServerIdentifier}"; - $parentdir = "$localrundir/lock/dirsrv"; - } else { - $rundir = $inf->{slapd}->{run_dir}; - $lockdir = $inf->{slapd}->{lock_dir}; - $parentdir = dirname($inf->{slapd}->{lock_dir}); - } - print DOTDFILE "d $rundir 0770 $username $groupname\n"; - print DOTDFILE "d $parentdir 0770 $username $groupname\n"; - print DOTDFILE "d $lockdir 0770 $username $groupname\n"; - - close DOTDFILE; - } else { - debug(3, "no tmpfiles.d - skipping\n"); - } - - return (); -} - -sub updateSystemD { - my $noservicelink = shift; - my $inf = shift; - my $unitdir = "/usr/lib/systemd/system"; - my $confbasedir = "/etc/systemd/system"; - my $confdir = "$confbasedir/dirsrv.target.wants"; - - if ((getLogin() ne 'root') or !$unitdir or !$confdir or ! -d $unitdir or ! -d $confdir) { - debug(3, "no systemd - skipping\n"); - return (); - } - - my @errs = (); - my $initconfigdir = $inf->{slapd}->{initconfigdir} || get_initconfigdir($inf->{General}->{prefix}); - debug(1, "updating systemd files in $unitdir and $confdir for all directory server instances in $initconfigdir\n"); - my $pkgname = "dirsrv"; - my $changes = 0; - # installation should already have put down the files and - # directories - we just need to update the symlinks - my $servicefile = "$unitdir/$pkgname\@.service"; - # first, look for new instances - for my $file (glob("$initconfigdir/$pkgname-*")) { - my $inst = $file; - $inst =~ s/^.*$pkgname-//; - # see if this is the admin or snmp or some other service - if (-f "$unitdir/$pkgname-$inst.service") { - debug(1, "$unitdir/$pkgname-$inst.service already exists - skipping\n"); - next; - } elsif (-f "$confbasedir/$pkgname-$inst.service") { - debug(1, "$confbasedir/$pkgname-$inst.service already exists - skipping\n"); - next; - } else { - my $servicelink = "$confdir/$pkgname\@$inst.service"; - if (! -l $servicelink && ! $noservicelink) { - if (!symlink($servicefile, $servicelink)) { - debug(1, "error updating link $servicelink to $servicefile - $!\n"); - push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ]; - } else { - debug(2, "updated link $servicelink to $servicefile\n"); - } - $changes++; - } - } - } - # next, look for instances that have been removed - for my $file (glob("$confdir/$pkgname\@*.service")) { - my $inst = $file; - $inst =~ s/^.*$pkgname\@(.*?).service$/$1/; - if (! -f "$initconfigdir/$pkgname-$inst") { - if (!unlink($file)) { - debug(1, "error removing $file - $!\n"); - push @errs, [ 'error_removing_path', $file, $! ]; - } else { - debug(2, "removed systemd file $file for removed instance $inst\n"); - } - $changes++; - } - } - if ($changes > 0) { - $? = 0; - my $cmd = '/bin/systemctl --system daemon-reload'; - # run the reload command - my $output = `$cmd 2>&1`; - my $status = $?; - if ($status) { - debug(1, "Error: $cmd failed - output $output: $!\n"); - push @errs, [ 'error_running_command', $cmd, $output, $! ]; - } else { - debug(2, "$cmd succeeded\n"); - } - } else { - debug(1, "No changes to $unitdir or $confdir\n"); - } - - - return @errs; -} - -sub createDSInstance { - my $inf = shift; - my @errs; - - if (@errs = setDefaults($inf)) { - return @errs; - } - - if (@errs = sanityCheckParams($inf)) { - return @errs; - } - - if (@errs = makeDSDirs($inf)) { - return @errs; - } - - if (@errs = createConfigFile($inf)) { - return @errs; - } - - if (@errs = makeOtherConfigFiles($inf)) { - return @errs; - } - - if (@errs = createInstanceScripts($inf)) { - return @errs; - } - - if (@errs = installSchema($inf)) { - return @errs; - } - - if (@errs = initDatabase($inf)) { - return @errs; - } - - - - if (@errs = updateTmpfilesDotD($inf)) { - return @errs; - } - - if (@errs = updateSystemD(0, $inf)) { - return @errs; - } - - if (@errs = startServer($inf)) { - return @errs; - } - - return @errs; -} - -sub stopServer { - my $instance = shift; - my $prog = "/usr/sbin/stop-dirsrv"; - if (-x $prog) { - $? = 0; - # run the stop command - my $output = `$prog $instance 2>&1`; - my $status = $?; - debug(3, "stopping server $instance returns status $status: output $output\n"); - if ($status) { - debug(1,"Warning: Could not stop directory server: status $status: output $output\n"); - # if the server is not running, that's ok - if ($output =~ /not running/) { - $! = ENOENT; - return 1; - } - # else, some other error (e.g. permission) - return false for error - return; - } - } else { - debug(1, "stopping server: no such program $prog: cannot stop server\n"); - return; - } - - debug(1, "Successfully stopped server $instance\n"); - return 1; -} - -# NOTE: Returns a list of array ref - each array ref is suitable for passing -# to Resource::getText -sub removeDSInstance { - my $inst = shift; - my $force = shift; - my $all = shift; - my $initconfig_dir = shift || get_initconfigdir(); - my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "/etc/dirsrv"; - my $instname = "slapd-$inst"; - my $configdir; - my $rundir; - my $product_name; - my @errs; - - my $initconfig = "$initconfig_dir/dirsrv-$inst"; - my $pkglockdir = "/var/lock/dirsrv"; - my $pkgrundir = "/var/run/dirsrv"; - my $pkglibdir = "/var/lib/dirsrv"; - - # Get the configdir, rundir and product_name from the instance initconfig script. - unless(open(INFILE, $initconfig)) { - return ( [ 'error_no_such_instance', $instname, $! ] ); - } - - my $line; - while($line = ) { - if ($line =~ /CONFIG_DIR=(.*) ; export CONFIG_DIR/) { - $configdir = $1; - } elsif ($line =~ /CONFIG_DIR=(.*)$/) { - $configdir = $1; - } elsif ($line =~ /RUN_DIR=(.*) ; export RUN_DIR/) { - $rundir = $1; - } elsif ($line =~ /RUN_DIR=(.*)$/) { - $rundir = $1; - } elsif ($line =~ /PRODUCT_NAME=(.*) ; export PRODUCT_NAME/) { - $product_name = $1; - } elsif ($line =~ /PRODUCT_NAME=(.*)$/) { - $product_name = $1; - } - } - close(INFILE); - - if ( ! -d $configdir ) - { - debug(1, "Error: $configdir does not exist: $!\n"); - return ( [ 'error_no_such_instance', $configdir, $! ] ); - } - # read the config file to find out the paths - my $dseldif = "$configdir/dse.ldif"; - my $conn = new FileConn($dseldif, 1); - if (!$conn) { - debug(1, "Error: Could not open config file $dseldif: Error $!\n"); - return ( [ 'error_opening_dseldif', $dseldif, $! ] ); - } - - my $dn = "cn=config"; - my $entry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$entry) - { - debug(1, "Error: Search $dn in $dseldif failed: $entry\n"); - push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ]; - } - - $dn = "cn=config,cn=ldbm database,cn=plugins,cn=config"; - my $dbentry = $conn->search($dn, "base", "(cn=*)", 0); - if (!$dbentry) - { - debug(1, "Error: Search $dn in $dseldif failed: $dbentry\n"); - push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ]; - } - $conn->close(); - - # stop the server - if (!stopServer($inst)) { - if ($force) { - debug(1, "Warning: Could not stop directory server - Error: $! - forcing continue\n"); - } elsif ($! == ENOENT) { # stop script not found or server not running - debug(1, "Warning: Could not stop directory server: already removed or not running\n"); - push @errs, [ 'error_stopping_server', $inst, $! ]; - } else { # real error - debug(1, "Error: Could not stop directory server - aborting - use -f flag to force removal\n"); - push @errs, [ 'error_stopping_server', $inst, $! ]; - return @errs; - } - } - - # remove physical dirs/files - if ($dbentry) { - push @errs, remove_tree($dbentry, "nsslapd-directory", $instname, 1); - push @errs, remove_tree($dbentry, "nsslapd-db-logdirectory", $instname, 1); - } - if ($entry) { - push @errs, remove_tree($entry, "nsslapd-lockdir", $instname, 0); - push @errs, remove_tree($entry, "nsslapd-tmpdir", $instname, 0); - push @errs, remove_tree($entry, "nsslapd-bakdir", $instname, 1); - push @errs, remove_tree($entry, "nsslapd-errorlog", $instname, 1); - } - - - # instance dir - my $instdir = ""; - if ($entry) { - foreach my $instdir ( @{$entry->{"nsslapd-instancedir"}} ) - { - if ( -d $instdir && $instdir =~ /$instname/ ) - { - # clean up pid files (if any) - remove_pidfile("STARTPIDFILE", $inst, $instdir, $instname, $rundir, $product_name); - remove_pidfile("PIDFILE", $inst, $instdir, $instname, $rundir, $product_name); - - my $rc = rmtree($instdir); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $instdir, $! ]; - debug(1, "Warning: $instdir was not removed. Error: $!\n"); - } - } - } - } - # Finally, config dir - if ($all) { - push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1); - } else { - push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$"); - } - - # Remove the instance specific initconfig script - if ( -f $initconfig ) { - my $rc = unlink($initconfig); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $initconfig, $! ]; - debug(1, "Warning: $initconfig was not removed. Error: $!\n"); - } - } - - my $tmpfilesdir = "/etc/tmpfiles.d"; - my $tmpfilesname = "$tmpfilesdir/dirsrv-$inst.conf"; - if ((getLogin() eq 'root') && $tmpfilesdir && -d $tmpfilesdir && -f $tmpfilesname) { - my $rc = unlink($tmpfilesname); - if ( 0 == $rc ) - { - push @errs, [ 'error_removing_path', $tmpfilesname, $! ]; - debug(1, "Warning: $tmpfilesname was not removed. Error: $!\n"); - } - } - - # remove the selinux label from the ports if needed - my $mydevnull = (-c "/dev/null" ? " /dev/null " : " NUL "); - if ((getLogin() eq 'root') and "yes" and system("/usr/sbin/ds_selinux_enabled") == 256 ) { - foreach my $port (@{$entry->{"nsslapd-port"}}) - { - - my $need_remove_label = 0; - my $port_query_cmd = ("/usr/sbin/ds_selinux_port_query $port ldap_port_t 2> $mydevnull"); - my $result = system($port_query_cmd); - - if ($result == 256) { - debug(1, "Port $port may be removed as ldap_port_t \n"); - $need_remove_label = 1; - } - if ($result == 131072) { - $need_remove_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - - my $semanage_err; - my $rc; - my $retry = 5; - $ENV{LANG} = "C"; - if ($need_remove_label) { - while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $port 2>&1`) && ($rc = $?)) { - if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) { - $retry = -1; - } else { - debug(1, "Warning: Port $port not removed from selinux policy correctly, $retry attempts remain. Error: $semanage_err\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - } - if (0 == $retry) { - push @errs, [ 'error_removing_port_label', $port, $semanage_err]; - debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Reached time limit.\n"); - } - } - } - - foreach my $secureport (@{$entry->{"nsslapd-secureport"}}) - { - my $need_remove_label = 0; - my $port_query_cmd = ("/usr/sbin/ds_selinux_port_query $secureport ldap_port_t 2> $mydevnull"); - my $result = system($port_query_cmd); - - if ($result == 256) { - debug(1, "Port $secureport may be removed as ldap_port_t \n"); - $need_remove_label = 1; - } - if ($result == 131072) { - $need_remove_label = 0; - debug(0, "An error occured running ds_selinux_port_query. This is probably a bug\n"); - debug(0, "$port_query_cmd \n"); - } - my $semanage_err; - my $rc; - my $retry = 60; - $ENV{LANG} = "C"; - if ($need_remove_label) { - while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $secureport 2>&1`) && ($rc = $?)) { - if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) { - $retry = -1; - } else { - debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Retrying in 5 seconds\n"); - sleep(5); - $retry--; - } - } - if (0 == $retry) { - push @errs, [ 'error_removing_port_label', $secureport, $semanage_err]; - debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n"); - debug(1, "Reached time limit.\n"); - } - } - } - } - - # update systemd files - push @errs, updateSystemD(0); - - # if we got here, report success - if (@errs) { - debug(1, "Could not successfully remove $instname\n"); - } else { - if (!<$pkglockdir/*>){ - # If this was the last instance, remove /var/lock/dirsrv & /var/run/dirsrv - rmdir $pkglockdir; - rmdir $pkgrundir; - } - debug(1, "Instance $instname removed.\n"); - } - - return @errs; -} - -1; - -# emacs settings -# Local Variables: -# mode:perl -# indent-tabs-mode: nil -# tab-width: 4 -# End: \ No newline at end of file diff --git a/user_saml_shibboleth-php7/ldap/ds-setup.inf b/user_saml_shibboleth-php7/ldap/ds-setup.inf deleted file mode 100644 index 677e7c75..00000000 --- a/user_saml_shibboleth-php7/ldap/ds-setup.inf +++ /dev/null @@ -1,28 +0,0 @@ -[General] -AdminDomain =idptestbed -ConfigDirectoryAdminID = admin -ConfigDirectoryAdminPwd = admin -ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot -FullMachineName = localhost -ServerRoot = /usr/lib64/dirsrv -SuiteSpotGroup = nobody -SuiteSpotUserID = nobody - -[admin] -Port = 9830 -ServerAdminID = admin -ServerAdminPwd = admin -ServerIpAddress = 0.0.0.0 -SysUser = nobody - -[slapd] -AddOrgEntries = Yes -AddSampleEntries = No -InstallLdifFile = suggest -RootDN = cn=Directory Manager -RootDNPwd = password -ServerIdentifier = dir -ServerPort = 389 -SlapdConfigForMC = yes -Suffix = dc=idptestbed -UseExistingMC = No \ No newline at end of file diff --git a/user_saml_shibboleth-php7/ldap/nextcloud.ldif b/user_saml_shibboleth-php7/ldap/nextcloud.ldif deleted file mode 100644 index fc35aa3a..00000000 --- a/user_saml_shibboleth-php7/ldap/nextcloud.ldif +++ /dev/null @@ -1,25 +0,0 @@ -# -# SCHEMA 'ownCloud' for 389DS (cn=schema) -# -# From http://doc.owncloud.org/server/6.0/admin_manual/configuration/auth_ldap.html -# -# Quota Field: -# ownCloud can read an LDAP attribute and set the user quota according to its value. -# Specify the attribute here, otherwise keep it empty. The attribute shall return -# human readable values, e.g. "2 GB". -# -# INSTALLATION: -# sudo ldapadd -Y EXTERNAL -H ldapi:/// -f owncloud.ldif -# -# SOURCE: -# https://github.com/valerytschopp/owncloud-ldap-schema -# -# WARNING: the spaces ' ' in the definitions are very important!!! - -dn: cn=schema -changetype: modify -add: attributetypes -attributetypes: ( 1.3.6.1.4.1.39430.1.1.1 NAME 'quota' DESC 'User Quota (e.g. 2 GB)' EQUALITY caseExactMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) -- -add: objectclasses -objectclasses: ( 1.3.6.1.4.1.39430.1.2.1 NAME 'ownCloud' DESC 'ownCloud LDAP Schema' AUXILIARY MAY ( quota ) ) diff --git a/user_saml_shibboleth-php7/ldap/users.ldif b/user_saml_shibboleth-php7/ldap/users.ldif deleted file mode 100644 index e5d61123..00000000 --- a/user_saml_shibboleth-php7/ldap/users.ldif +++ /dev/null @@ -1,47 +0,0 @@ -dn: cn=admin,dc=idptestbed -objectClass: simpleSecurityObject -objectClass: organizationalRole -cn: admin -userPassword: password -description: LDAP administrator - -dn: uid=student1,ou=People,dc=idptestbed -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: ownCloud -givenName: Stud -uid: student1 -sn: Ent -cn: Stud Ent -mail: student1@idptestbed.edu -userPassword: password -quota: 200 MB - -dn: uid=student2,ou=People,dc=idptestbed -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: ownCloud -givenName: Stud -uid: student2 -sn: Ent2 -cn: Stud Ent2 -mail: student2@idptestbed.edu -userPassword: password -quota: 1 GB - -dn: uid=staff1,ou=People,dc=idptestbed -objectClass: organizationalPerson -objectClass: person -objectClass: top -objectClass: inetOrgPerson -objectClass: ownCloud -givenName: St -uid: staff1 -sn: aff -cn: St aff -mail: staff1@idptestbed.edu -userPassword: password diff --git a/user_saml_shibboleth-php7/shibboleth/conf/attribute-filter.xml b/user_saml_shibboleth-php7/shibboleth/conf/attribute-filter.xml deleted file mode 100644 index 4dcd5486..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/attribute-filter.xml +++ /dev/null @@ -1,51 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/conf/attribute-resolver.xml b/user_saml_shibboleth-php7/shibboleth/conf/attribute-resolver.xml deleted file mode 100644 index de435b56..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/attribute-resolver.xml +++ /dev/null @@ -1,299 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/conf/cas-protocol.xml b/user_saml_shibboleth-php7/shibboleth/conf/cas-protocol.xml deleted file mode 100644 index d0b3d55f..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/cas-protocol.xml +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/conf/idp.properties b/user_saml_shibboleth-php7/shibboleth/conf/idp.properties deleted file mode 100644 index d71cbc6c..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/idp.properties +++ /dev/null @@ -1,195 +0,0 @@ -# Load any additional property resources from a comma-delimited list -idp.additionalProperties= /conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties - -# Set the entityID of the IdP -idp.entityID= https://shibboleth-integration-nextcloud.localdomain/idp/shibboleth - -# Set the scope used in the attribute resolver for scoped attributes -idp.scope= example.org - -# General cookie properties (maxAge only applies to persistent cookies) -#idp.cookie.secure = false -#idp.cookie.httpOnly = true -#idp.cookie.domain = -#idp.cookie.path = -#idp.cookie.maxAge = 31536000 - -# Set the location of user-supplied web flow definitions -#idp.webflows = %{idp.home}/flows - -# Set the location of Velocity view templates -#idp.views = %{idp.home}/views - -# Settings for internal AES encryption key -#idp.sealer.storeType = JCEKS -#idp.sealer.updateInterval = PT15M -#idp.sealer.aliasBase = secret -idp.sealer.storeResource= %{idp.home}/credentials/sealer.jks -idp.sealer.versionResource= %{idp.home}/credentials/sealer.kver -idp.sealer.storePassword= nextcloud -idp.sealer.keyPassword= nextcloud - -# Settings for public/private signing and encryption key(s) -# During decryption key rollover, point the ".2" properties at a second -# keypair, uncomment in credentials.xml, then publish it in your metadata. -idp.signing.key= %{idp.home}/credentials/idp-signing.key -idp.signing.cert= %{idp.home}/credentials/idp-signing.crt -idp.encryption.key= %{idp.home}/credentials/idp-encryption.key -idp.encryption.cert= %{idp.home}/credentials/idp-encryption.crt -#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key -#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt - -# Sets the bean ID to use as a default security configuration set -#idp.security.config = shibboleth.DefaultSecurityConfiguration - -# To default to SHA-1, set to shibboleth.SigningConfiguration.SHA1 -#idp.signing.config = shibboleth.SigningConfiguration.SHA256 - -# Configures trust evaluation of keys used by services at runtime -# Defaults to supporting both explicit key and PKIX using SAML metadata. -#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine -#idp.trust.certificates = shibboleth.ChainingX509TrustEngine -# To pick only one set to one of: -# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine - -# If true, encryption will happen whenever a key to use can be located, but -# failure to encrypt won't result in request failure. -#idp.encryption.optional = false - -# Configuration of client- and server-side storage plugins -#idp.storage.cleanupInterval = PT10M -#idp.storage.htmlLocalStorage = false - -# Set to true to expose more detailed errors in responses to SPs -#idp.errors.detailed = false -# Set to false to skip signing of SAML response messages that signal errors -#idp.errors.signed = true -# Name of bean containing a list of Java exception classes to ignore -#idp.errors.excludedExceptions = ExceptionClassListBean -# Name of bean containing a property set mapping exception names to views -#idp.errors.exceptionMappings = ExceptionToViewPropertyBean -# Set if a different default view name for events and exceptions is needed -#idp.errors.defaultView = error - -# Set to false to disable the IdP session layer -#idp.session.enabled = true - -# Set to "shibboleth.StorageService" for server-side storage of user sessions -#idp.session.StorageService = shibboleth.ClientSessionStorageService - -# Size of session IDs -#idp.session.idSize = 32 -# Bind sessions to IP addresses -#idp.session.consistentAddress = true -# Inactivity timeout -#idp.session.timeout = PT60M -# Extra time to store sessions for logout -#idp.session.slop = PT0S -# Tolerate storage-related errors -#idp.session.maskStorageFailure = false -# Track information about SPs logged into -#idp.session.trackSPSessions = false -# Support lookup by SP for SAML logout -#idp.session.secondaryServiceIndex = false -# Length of time to track SP sessions -#idp.session.defaultSPlifetime = PT2H - -# Regular expression matching login flows to enable, e.g. IPAddress|Password -idp.authn.flows= Password - -# Regular expression of forced "initial" methods when no session exists, -# usually in conjunction with the idp.authn.resolveAttribute property below. -#idp.authn.flows.initial = Password - -# Set to an attribute ID to resolve prior to selecting authentication flows; -# its values are used to filter the flows to allow. -#idp.authn.resolveAttribute = eduPersonAssurance - -# Default lifetime and timeout of various authentication methods -#idp.authn.defaultLifetime = PT60M -#idp.authn.defaultTimeout = PT30M - -# Whether to populate relying party user interface information for display -# during authentication, consent, terms-of-use. -#idp.authn.rpui = true - -# Whether to prioritize "active" results when an SP requests more than -# one possible matching login method (V2 behavior was to favor them) -#idp.authn.favorSSO = false - -# Whether to fail requests when a user identity after authentication -# doesn't match the identity in a pre-existing session. -#idp.authn.identitySwitchIsError = false - -# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent -#idp.consent.StorageService = shibboleth.ClientPersistentStorageService - -# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute -# to key user consent storage records (and set the attribute name) -#idp.consent.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey -#idp.consent.userStorageKeyAttribute = uid - -# Flags controlling how built-in attribute consent feature operates -#idp.consent.allowDoNotRemember = true -#idp.consent.allowGlobal = true -#idp.consent.allowPerAttribute = false - -# Whether attribute values and terms of use text are compared -#idp.consent.compareValues = false -# Maximum number of consent records for space-limited storage (e.g. cookies) -#idp.consent.maxStoredRecords = 10 -# Maximum number of consent records for larger/server-side storage (0 = no limit) -#idp.consent.expandedMaxStoredRecords = 0 - -# Time in milliseconds to expire consent storage records. -#idp.consent.storageRecordLifetime = P1Y - -# Whether to lookup metadata, etc. for every SP involved in a logout -# for use by user interface logic; adds overhead so off by default. -#idp.logout.elaboration = false - -# Whether to require logout requests/responses be signed/authenticated. -#idp.logout.authenticated = true - -# Message freshness and replay cache tuning -#idp.policy.messageLifetime = PT3M -#idp.policy.clockSkew = PT3M - -# Set to custom bean for alternate storage of replay cache -#idp.replayCache.StorageService = shibboleth.StorageService - -# Toggles whether to allow outbound messages via SAML artifact -#idp.artifact.enabled = true -# Suppresses typical signing/encryption when artifact binding used -#idp.artifact.secureChannel = true -# May differ to direct SAML 2 artifact lookups to specific server nodes -#idp.artifact.endpointIndex = 2 -# Set to custom bean for alternate storage of artifact map state -#idp.artifact.StorageService = shibboleth.StorageService - -# Comma-delimited languages to use if not match can be found with the -# browser-supported languages, defaults to an empty list. -idp.ui.fallbackLanguages= en,fr,de - -# Storage service used by CAS protocol -# Defaults to shibboleth.StorageService (in-memory) -# MUST be server-side storage (e.g. in-memory, memcached, database) -# NOTE that idp.session.StorageService requires server-side storage -# when CAS protocol is enabled -#idp.cas.StorageService=shibboleth.StorageService - -# CAS service registry implementation class -#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry - -# Profile flows in which the ProfileRequestContext should be exposed -# in servlet request under the key "opensamlProfileRequestContext" -#idp.profile.exposeProfileRequestContextInServletRequest = SAML2/POST/SSO,SAML2/Redirect/SSO - -# F-TICKS auditing - set a salt to include hashed username -#idp.fticks.federation=MyFederation -#idp.fticks.algorithm=SHA-256 -#idp.fticks.salt=somethingsecret -#idp.fticks.loghost=localhost -#idp.fticks.logport=514 diff --git a/user_saml_shibboleth-php7/shibboleth/conf/ldap.properties b/user_saml_shibboleth-php7/shibboleth/conf/ldap.properties deleted file mode 100644 index c6d8c2ec..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/ldap.properties +++ /dev/null @@ -1,59 +0,0 @@ - -# LDAP authentication configuration, see authn/ldap-authn-config.xml - -## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator -#idp.authn.LDAP.authenticator = anonSearchAuthenticator - -## Connection properties ## -idp.authn.LDAP.ldapURL = ldap://localhost:389 -idp.authn.LDAP.useStartTLS = false -idp.authn.LDAP.useSSL = false -#idp.authn.LDAP.connectTimeout = 3000 - -## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust -#idp.authn.LDAP.sslConfig = certificateTrust -## If using certificateTrust above, set to the trusted certificate's path -idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt -## If using keyStoreTrust above, set to the truststore path -idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore - -## Return attributes during authentication -## NOTE: this is not used during attribute resolution; configure that directly in the -## attribute-resolver.xml configuration via a DataConnector's element -idp.authn.LDAP.returnAttributes = cn,businessCategory,mail - -## DN resolution properties ## - -# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator -# for AD: CN=Users,DC=example,DC=org -idp.authn.LDAP.baseDN = ou=people,dc=idptestbed -#idp.authn.LDAP.subtreeSearch = false -idp.authn.LDAP.userFilter = (uid={user}) -# bind search configuration -# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com -idp.authn.LDAP.bindDN = cn=admin,dc=idptestbed -idp.authn.LDAP.bindDNCredential = password - -# Format DN resolution, used by directAuthenticator, adAuthenticator -# for AD use idp.authn.LDAP.dnFormat=%s@domain.com -idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=idptestbed - -# LDAP attribute configuration, see attribute-resolver.xml -idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} -idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN} -idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN} -idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential} -idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} -idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates} -idp.attribute.resolver.LDAP.searchFilter = (uid=$requestContext.principalName) - -# LDAP pool configuration, used for both authn and DN resolution -#idp.pool.LDAP.minSize = 3 -#idp.pool.LDAP.maxSize = 10 -#idp.pool.LDAP.validateOnCheckout = false -#idp.pool.LDAP.validatePeriodically = true -#idp.pool.LDAP.validatePeriod = 300 -#idp.pool.LDAP.prunePeriod = 300 -#idp.pool.LDAP.idleTime = 600 -#idp.pool.LDAP.blockWaitTime = 3000 -#idp.pool.LDAP.failFastInitialize = false \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/conf/metadata-providers.xml b/user_saml_shibboleth-php7/shibboleth/conf/metadata-providers.xml deleted file mode 100644 index f1eae46e..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/metadata-providers.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/conf/nextcloud.xml b/user_saml_shibboleth-php7/shibboleth/conf/nextcloud.xml deleted file mode 100644 index 7697b086..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/nextcloud.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - MIIC+zCCAeOgAwIBAgIJAIgZuvWDBIrdMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzAxMDQxMTM5MjFaFw0yNzAxMDIxMTM5MjFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESWaDH1JiJTy9yRJQV7kahPOxgBkIH2xwcYDL1k9deKNhSKLx7aGfxE244+HBcC6WLHKVUnOm0ld2qxQ4bMYiJXzZuqL67r07L5wxGAssv12lO92qohGmlHy3+VzRYUBmovu6upqOv3R2F8HBbo7Jc7Hvt7hOEJn/jPuFuF/fHit3mqU8l6IkrIZjpaW8T9fIWOXRq98U4+hkgWpqEZWsqlfE8BxAs9DeIMZab0GxO9stHLp+GYKx10uE4ezFcaDS8W+g2C8enCTt1HXGvcnj4o5zkC1lITGvcFTsiFqfIWyXeSufcxdc0W7HoG6J3ks0WJyK38sfFn0t2Ao6kX0CAwEAAaNQME4wHQYDVR0OBBYEFAoJzX6TVYAwC1GSPe6nObBG54zaMB8GA1UdIwQYMBaAFAoJzX6TVYAwC1GSPe6nObBG54zaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJia9R70uXdUZtgujUPjLas4+sVajozlBFmqhBqpLAo934vljf9HISsHrPtdBcbS0d0rucqXwabDf0MlR18ksnT/NYpsTwMbMx76CrXi4zYEEW5lISKEO65aIkzVTcqKWSuhjtSnRdB6iOLsFiKmNMWXaIKMR5T0+AbR9wdQgn08W+3EEeHGvafVQfE3STVsSgNb1ft7DvcSUnfPXGU7KzvmTpZa0Hfmc7uY4vpdEEhLAdRhgLReS7USZskov7ooiPSoD+JRFi2gM4klBxTemHdNUa9oFnHMXuYKOkLbkgFvHxyy+QlLq2ELQTga5e7I83ZyOfGctyf8Ul6vGw10vbQ= - - - - - - - MIIC+zCCAeOgAwIBAgIJAIgZuvWDBIrdMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNzAxMDQxMTM5MjFaFw0yNzAxMDIxMTM5MjFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3ESWaDH1JiJTy9yRJQV7kahPOxgBkIH2xwcYDL1k9deKNhSKLx7aGfxE244+HBcC6WLHKVUnOm0ld2qxQ4bMYiJXzZuqL67r07L5wxGAssv12lO92qohGmlHy3+VzRYUBmovu6upqOv3R2F8HBbo7Jc7Hvt7hOEJn/jPuFuF/fHit3mqU8l6IkrIZjpaW8T9fIWOXRq98U4+hkgWpqEZWsqlfE8BxAs9DeIMZab0GxO9stHLp+GYKx10uE4ezFcaDS8W+g2C8enCTt1HXGvcnj4o5zkC1lITGvcFTsiFqfIWyXeSufcxdc0W7HoG6J3ks0WJyK38sfFn0t2Ao6kX0CAwEAAaNQME4wHQYDVR0OBBYEFAoJzX6TVYAwC1GSPe6nObBG54zaMB8GA1UdIwQYMBaAFAoJzX6TVYAwC1GSPe6nObBG54zaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJia9R70uXdUZtgujUPjLas4+sVajozlBFmqhBqpLAo934vljf9HISsHrPtdBcbS0d0rucqXwabDf0MlR18ksnT/NYpsTwMbMx76CrXi4zYEEW5lISKEO65aIkzVTcqKWSuhjtSnRdB6iOLsFiKmNMWXaIKMR5T0+AbR9wdQgn08W+3EEeHGvafVQfE3STVsSgNb1ft7DvcSUnfPXGU7KzvmTpZa0Hfmc7uY4vpdEEhLAdRhgLReS7USZskov7ooiPSoD+JRFi2gM4klBxTemHdNUa9oFnHMXuYKOkLbkgFvHxyy+QlLq2ELQTga5e7I83ZyOfGctyf8Ul6vGw10vbQ= - - - - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/conf/relying-party.xml b/user_saml_shibboleth-php7/shibboleth/conf/relying-party.xml deleted file mode 100644 index 271abb6c..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/relying-party.xml +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/conf/saml-nameid.xml b/user_saml_shibboleth-php7/shibboleth/conf/saml-nameid.xml deleted file mode 100644 index ea97448f..00000000 --- a/user_saml_shibboleth-php7/shibboleth/conf/saml-nameid.xml +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.crt b/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.crt deleted file mode 100644 index 720adca9..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnTCCAoWgAwIBAgIUczx2s99juF2Kx0Swewy/E6IBptwwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTMxWhcNMzcwMTA0MTAxMTMxWjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2aXesORtJ1Vlmk -w+EOcIwKBZtcp8fafChol17GyM4gNrpRRGvm1MJObTfL2wxpnstj/qRqFONyOSLA -Ef/EEASwlbd/tFxO9xTti+SktdT4lGy2qm3v5e0RfrpFOLihw/hdqiTR0KEWim1j -Mh6ec57dcAyhV7JLHQLgxr4vmYZl7Wq+wyYyA6T4vjzIOLOXbN07hRba6OZs1xAD -eFKcJzmWcbH7X+0BvyB3sAZIv2PZ+wpfucQsvrqklfOYfzqcMIocMkjznSTlC8lc -fkwovjNhIKHWcZHtuMF+W0X01m8mtU8E1FCR2buT8yQBXN/p9XchteDjaE+dzjuF -A80h51sCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUMX3PWNbmxUOdXpVklJvA51cfaz8w -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -AHIh71RRCMjmtQmjvfrLAbJ8/lajAn5gxvFh0NqoS7c635AgGON1Xl3aJjUBtj1F -N0Vz8G3M5b5/+aLYvAePQ1XLhBlfKprz55wcbaMvJCwrCTbDbqmNosCS+gPX21Hr -Tby6dPWW4VgKtxME45QfiqWBXozuuCwncmdhPnro7/8HCFYZCNw8n5E8PqMJvkSG -e+2dgq0+zvoaqRf2YHt0j2OazUXB1O6KkL6/Cqju/s8zG4c9hyj29erqO8T1Kq9b -NjxGCSnFycZm5xbEKxcc2/YKMNBubQGBoEJX+V+0OIjxwEHJNhGHpFrmiDpB50B7 -rYWDgYL1z23a1A5QKkGNig0= ------END CERTIFICATE----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.p12 b/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.p12 deleted file mode 100644 index c5a37ae5..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/credentials/idp-backchannel.p12 and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-browser.p12 b/user_saml_shibboleth-php7/shibboleth/credentials/idp-browser.p12 deleted file mode 100644 index bf39256c..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/credentials/idp-browser.p12 and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.crt b/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.crt deleted file mode 100644 index 5d9490fd..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnjCCAoagAwIBAgIVAL4/OE7tQNTmMZT7q2ppdRWr9mMaMA0GCSqGSIb3DQEB -CwUAMDcxNTAzBgNVBAMMLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3Vk -LmxvY2FsZG9tYWluMB4XDTE3MDEwNDEwMTEyN1oXDTM3MDEwNDEwMTEyN1owNzE1 -MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKZXw6Pfvb4nGl -4AN5kwJWKhGqqwCs0M6kT3WLxGi9TfvwAKoKSpF/jJblpv4HtWC2vcn+9hoE55Dk -nT0LefUpo0v/ki3bu2gblANmBXrcDvcUI5NRxkg3dy9yRoLGK28QYlhHh7sLQaT4 -/YfNiuhRmGJijh6tikW+SapxaGnH+Fi++xpyjyhAJD4POlzWfYTwcsD019Wv0MDZ -B1YoEISQV5U18xnVuTZtlKqxkUxu0Lxv2gtSqkwPlnaJuyHLzm0uHrenFWkk9iYb -ek2fF7A6KGh6j/73eqjqdWu3UtZHPlQYtcb7Vu7nA6mfNVjCwWkNIzUR++9PRBEG -k4rgJ+91AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFCYbwDAYibCwyIqjvcwGKN51c9VV -MHwGA1UdEQR1MHOCLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3VkLmxv -Y2FsZG9tYWluhkNodHRwczovL3NoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNs -b3VkLmxvY2FsZG9tYWluL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IB -AQBGq5kYoFIgfKiSHblctGhN8c/ka9Tcwe3sgWzm9iAXn3UrDVCbgl5Mxotboiuy -d9t4BD8F4uuSJEwNErcOWbMZo57q/ewXIX1WmCCGkt/TW8GFfVMVbT/LQXnepCq8 -mtlyT72q4AsyD4TKwJFa+xkPUzCEIsYDYfap+gHcF9fHfsNw8HNsGyMFHBKdEZNJ -P/MUQI6MKDCCNUCcJDp5SjagxJhsJsmk0NHOzIJXb0kEziz1DEcd9VewZrNFmB9I -NRFEJMj8SJ5A8YFoO5E55X9zjjyKud1ePpYTa+KK+TA2AjL3LcBK2qmWTJ7cURnt -GrYd+TvG2duNh6z69Ppj2WuD ------END CERTIFICATE----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.key b/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.key deleted file mode 100644 index 44328597..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp-encryption.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAimV8Oj372+JxpeADeZMCVioRqqsArNDOpE91i8RovU378ACq -CkqRf4yW5ab+B7Vgtr3J/vYaBOeQ5J09C3n1KaNL/5It27toG5QDZgV63A73FCOT -UcZIN3cvckaCxitvEGJYR4e7C0Gk+P2HzYroUZhiYo4erYpFvkmqcWhpx/hYvvsa -co8oQCQ+Dzpc1n2E8HLA9NfVr9DA2QdWKBCEkFeVNfMZ1bk2bZSqsZFMbtC8b9oL -UqpMD5Z2ibshy85tLh63pxVpJPYmG3pNnxewOihoeo/+93qo6nVrt1LWRz5UGLXG -+1bu5wOpnzVYwsFpDSM1EfvvT0QRBpOK4CfvdQIDAQABAoIBAQCJdxRVpYutdNb9 -s+y/rU381/yEUSZygVU/z80p7wU6Q2OjmIVNg5PR5YtcwOpCLd7KpOkm3rwpcvlw -mt4vsAvcN98dE82JHDTkb7iQdZD7U8IHtu51o0XIEhKGp5Lt0+aVl5moMyGOpL2A -tBNYDkmEAqB21EOUjGuJ/xHVY6jufjqK+bYE/SMkTRvvvm+np8s/fJCiGUzAsBr0 -d5AAN5QKVJ8ZnzlpFewr3sXKLf3tGZEgGCgL+pvc0pCEyxMCXZgSxg93dxIjqagi -nvALZQAk+WC+B9X8g4xWlHa+Q0Y5yz+Xq5t+Cmsx2DqTtTmmsYhcjTDAXVEsVI6v -7G0sEx5hAoGBAOQlBPAQF8wORW1lcM9Gpcv9IuRKG3OByNAfZOC4WUJxaRmDGkpp -XPANqusVJiD0M0KdSq18k6RMmI004fzVAdImx60svanGZPLwOyjriNmiASfZKKP8 -MTKkDAGkBYxgshqTlVd2CPlqd4Uql4x/zvCyLegFSdvrkysq0drKmMqfAoGBAJtL -QqTWOyyeqYzgbRc+ZEehQwZ78geIPiI6JNEFWNuc1jiROLEwFVczCazTLYFjLbN8 -AVGM1hj2H119IsvABdr85vecY7pbN6VzZBGAOZB9sD5eGxvqiyZS3gUrJD7ehPOi -FwQrJRYAKvD4MCJrHFE5nnJ3c35JxqAvho1ZW2FrAoGBALGgROzniq+b+OAIl8E5 -vwJITu8w55iR1ph7qN3xicVaaTqswT5oNCzOZ2FqcOo9Vt+peSgDkyvbWvat0rk3 -2pgVC2fAKtbRGW2wLk9Yuo6/PGkbATJTurYz1Qk9+/fknSZl+2NCChCunOm4VI/W -PndWMrmvzGaGTmnQh9zx2e3/AoGACa801cDCafLvEekBBJ0QdeMZofLi0hNuBIZp -u1tBAlkShu6PgYVFH24AYXW99b6wn+vQzTwiMeZPaG4gWGJ+OvzgjnqDQaDkpH3A -tNKxRFCCSDFoMWJ8EQTD8cCR/xWzZtop40mpg2i5RNPFdLAHUQ1t0yed3TdOmri8 -BF6ZM0cCgYEAh8FzhDeZrVh5EixM5jhiOphESjaw7Tyt6AjixKLlV2a1YbDp73hd -4YytmRFB8JEbqRVACC7NFg7y2cUKrQv0oAoGmOVRg7x27H7t6yWS0RYM3a/gxaHC -Wk/5hyxBW2xwz0LlrHDgRq3hvTmAespKm7e1tlTcBYS+eTXNrvWbpp8= ------END RSA PRIVATE KEY----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.crt b/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.crt deleted file mode 100644 index 2332ee7d..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDnTCCAoWgAwIBAgIUGPx9uPjCu7c172IUgV84Tm94pBcwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTI3WhcNMzcwMTA0MTAxMTI3WjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKH+bPu45tk8/JRk -XOxkyfbxocWZlY4mRumEUxscd3fn0oVzOrdWbHH7lCZV4bus4KxvJljc0Nm2K+Zr -LoiRUUnf/LQ4LlehWVm5Kbc4kRgOXS0iGZN3SslAWPKyIg0tywg+TLOBPoS6EtST -1WuYg1JPMFxPfeFDWQ0dQYPlXIJWBFh6F2JMTb0FLECqA5l/ryYE13QisX5l+Mqo -6y3Dh7qIgaH0IJNobXoAcEWza7Kb2RnfhZRh9e0qjZIwBqTJUFM/6I86RYXn829s -INUvYQQbez6VkGTdUQJ/GuXb/dD5sMQfOyK8hrRY5MozOmK32cz3JaAzSXpiSRS9 -NxFwvicCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUKn8+TV0WXSDeavvF0M8mWn1o8ukw -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -ABI6uzoIeLZT9Az2KTlLxIc6jZ4MDmhaVja4ZuBxTXEb7BFLfeASEJmQm1wgIMOn -pJId3Kh3njW+3tOBWKm7lj8JxVVpAu4yMFSoQGPaVUgYB1AVm+pmAyPLzfJ/XGhf -esCU2F/b0eHWcaIb3x+BZFX089Cd/PBtP84MNXdo+TccibxC8N39sr45qJM/7SC7 -TfDYU0L4q2WZHJr4S7+0F+F4KaxLx9NzCvN4h6XaoWofZWir2iHO4NzbrVQGC0ei -QybS/neBfni4A2g1lyzCb6xFB58JBvNCn7AAnDJULOE7S5XWUKsDAQVQrxTNkUq7 -pnhlCQqZDwUdgmIXd1KB1So= ------END CERTIFICATE----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.key b/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.key deleted file mode 100644 index ee9474ec..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp-signing.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAof5s+7jm2Tz8lGRc7GTJ9vGhxZmVjiZG6YRTGxx3d+fShXM6 -t1ZscfuUJlXhu6zgrG8mWNzQ2bYr5msuiJFRSd/8tDguV6FZWbkptziRGA5dLSIZ -k3dKyUBY8rIiDS3LCD5Ms4E+hLoS1JPVa5iDUk8wXE994UNZDR1Bg+VcglYEWHoX -YkxNvQUsQKoDmX+vJgTXdCKxfmX4yqjrLcOHuoiBofQgk2htegBwRbNrspvZGd+F -lGH17SqNkjAGpMlQUz/ojzpFhefzb2wg1S9hBBt7PpWQZN1RAn8a5dv90PmwxB87 -IryGtFjkyjM6YrfZzPcloDNJemJJFL03EXC+JwIDAQABAoIBAFVRoGrPzt35zfoG -Bh8HUov6Zb6iDm/I3y5cYDz2OEHx2iIpN3KaVRGPdE7giryC5+5JuEOzQVh5JxP7 -vY12I/8ptnng4R+MPngQGtWCOIEYB6EexaOyf7QRbQeeJGsWhEm6LkGYv6m+Ku7F -UfGSaQ/v30OvJlh/VSagEwJ5ychm2GOMTkHUMEIgY29QDqGgCmQ95DrGyZAJ9gUd -uGj7SyE+VguHcanXjravkhunMEdVXYDyQRSVB+G4TH19RyN7kUUqJxg4AL4PwM8k -vxxf7yLccWXrtKsMyFgP3dIxukcA+lreUzNzlIjgGZZ/NJRnQhAXMXx8KIQt/bRm -QtRGUGkCgYEA2p8Kk8QKlIwONr1SuJQKmfWtWftRhREUiJIwv3CLGMq8uUefZ1Vi -ueu3Qbk6w23meMN3/VVePVIHinve19LgrDN3kBAxZBz0ZsdjL/o3exQI9rGZncAc -UnCHCzewuWgbUmMSYHEb8Ap/pQubGmGVg3aGKFNx/xe5w47ROYAZ+csCgYEAvbDT -wFwD9P8mVvoudwMBP+gUUlMNK+5wF0PPtoGwdp3Jbe4kD8cHM+20yK34Vc5uPpyc -scfQRLr3tlG0LtJdBHIrvdOzyEZGYR8a2aIJtYu2qxHtNOQJZIcf0px/ntuFP2px -KeuF7ukfZkbkKs5S71zNjVzpPnT5Pr5H9mY3sZUCgYB+wxju9QztdQgI1V3RiIVd -IAaT1hU+gtjVF28MkcUVavhithTHZcsI4pQvl6drCZ5JB43bZlRuWdHlik179tou -/uikr77zvZY4wgPRHdRtmQBZikD4JxxE8Npctr3Rw3uUGb3eDbeVR4Ebwc79TPfU -cjT3zOqcbrVXnsfR/2UQYQKBgE2TbWXzu6KMXm+frTT6w54RGY55bJ+Uyb6Z+u6W -p0Y7TU9p3tGdAbMY+aBAlZjx7WApyGNkZiZVmEy1qUykt2nED2N4msPDCbFaeS6b -+ACI/NGFaU8CG11DbZ5CZmbfO+UtcM5GBeYo7LB1OYbQDlbZyy6O2syyJeSlCOUZ -9JjpAoGBAK9QA2IVclUDZRdJPmwGGxL5b/mBKhR/zyLjjFEaW+UtQzu8IH/4ECjo -9nrJNO4dwU26y2TZLm1MouCMZNgjAezgWWdOXzdLEVCcOKfgrzsyiCKxUTDFS1Bu -VfudT77KFHviEorDWc39AFOiwSDWCPuMbjO9xZbuwd5ARXVsw+Y5 ------END RSA PRIVATE KEY----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp.crt b/user_saml_shibboleth-php7/shibboleth/credentials/idp.crt deleted file mode 100644 index e114f2ee..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsjCCAxugAwIBAgIJAJAIUFHXmBHGMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD -VQQGEwJERTESMBAGA1UECBMJU3R1dHRnYXJ0MRIwEAYDVQQHEwlTdHV0dGdhcnQx -EjAQBgNVBAoTCU5leHRjbG91ZDEWMBQGA1UECxMNSVQgRGVwYXJ0bWVudDE1MDMG -A1UEAxMsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9jYWxkb21h -aW4wHhcNMTcwMTA0MTA1NzEwWhcNMzcwMTA0MTA1NzEwWjCBmDELMAkGA1UEBhMC -REUxEjAQBgNVBAgTCVN0dXR0Z2FydDESMBAGA1UEBxMJU3R1dHRnYXJ0MRIwEAYD -VQQKEwlOZXh0Y2xvdWQxFjAUBgNVBAsTDUlUIERlcGFydG1lbnQxNTAzBgNVBAMT -LHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3VkLmxvY2FsZG9tYWluMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtSe4PIRnpb1rm1mGXUC0PZJUrl9/r -Qbk+jHfzMgg1inhvFegTlYC2jsgaIUQTcoxJg45N2MbmnrpgNa+hV4ex6bisB9VX -810BCb/i4nViDJfxQbscrjGQqKWGiMcTNbh8iVKm29uDp0tw1GSAiKbcbdCKnWhb -c25hHG6sciDnswIDAQABo4IBADCB/TAdBgNVHQ4EFgQUbX3OlXIKNhmYAzq7cALj -Lel56WAwgc0GA1UdIwSBxTCBwoAUbX3OlXIKNhmYAzq7cALjLel56WChgZ6kgZsw -gZgxCzAJBgNVBAYTAkRFMRIwEAYDVQQIEwlTdHV0dGdhcnQxEjAQBgNVBAcTCVN0 -dXR0Z2FydDESMBAGA1UEChMJTmV4dGNsb3VkMRYwFAYDVQQLEw1JVCBEZXBhcnRt -ZW50MTUwMwYDVQQDEyxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5s -b2NhbGRvbWFpboIJAJAIUFHXmBHGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADgYEAIyCzhGza61NagLLBpGu7/pH81I3DxmdNUfuqgznAQts2R5tdHmxP4OvS -I8g/0nIyCmtAzXgbzvf8HwO3LVpti6LRwPVE2k3VZWvzMwqL1sE8y8MdoqiUs/k5 -Ig7tm9j/6iwADncuHg3mWZ1SN4UbZPECNcB59vkzFWdVNNKEEq8= ------END CERTIFICATE----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/idp.key b/user_saml_shibboleth-php7/shibboleth/credentials/idp.key deleted file mode 100644 index 368140dc..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/idp.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCtSe4PIRnpb1rm1mGXUC0PZJUrl9/rQbk+jHfzMgg1inhvFegT -lYC2jsgaIUQTcoxJg45N2MbmnrpgNa+hV4ex6bisB9VX810BCb/i4nViDJfxQbsc -rjGQqKWGiMcTNbh8iVKm29uDp0tw1GSAiKbcbdCKnWhbc25hHG6sciDnswIDAQAB -AoGAC7lew+NHb4W7Lrb+b1BbXBlABm0GF1KhB9xVGT0fVRADSfC/fOO2i6NpYmsx -wecUGr0t2ZJ7EotWrL+1HENhyMkkUevtScrolkTZzkNsmzHcMu73l4kMjQMSplN8 -V0yyqL8WhxdJzTQoiQTnqRRYk8zryNTasDBjpNuvI0YBdYECQQDjL/r4Z93SiwiR -KslJ6T0TcrOMAayQ6slTMJ8mFX586Y2ErPS5mrOUtZBXKrrbrSRJ78HC2gUVddZB -WlL4L9+TAkEAw0QKTiyZLbsnnaT4gARuCieewQKeJoJbvHoE8DkZVqj5xYa9OswK -9x5Ly1xMi71RvvrlOQoP+5lSbdgEp4KrYQJBANDGzPnuaXkMb6kICsazYn82zy0A -dNcQDEc4zWgwJHciIf0k/Bh8xD8Kw0R3bhRmfoy7mfI4bKeWDHkuSkTtqaUCQGgy -ur0Ul3kL0gwRqHnH42CP2+trFjG+hm2BP3lhPuA7s21whTIHCCLui8utKTu4fxLG -l+NkNzsvigkLqRAqboECQF2D8GRtvXdNDSGvoTDJ3nTB20YZ8lLCShbhqyCFHv3z -hjhRHe/gKK/w2Sfy+P1vqka0pWmmOnPOjMw0FVTFEHY= ------END RSA PRIVATE KEY----- diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/sealer.jks b/user_saml_shibboleth-php7/shibboleth/credentials/sealer.jks deleted file mode 100644 index d2715819..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/credentials/sealer.jks and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/credentials/sealer.kver b/user_saml_shibboleth-php7/shibboleth/credentials/sealer.kver deleted file mode 100644 index da0a20eb..00000000 --- a/user_saml_shibboleth-php7/shibboleth/credentials/sealer.kver +++ /dev/null @@ -1,2 +0,0 @@ -#Wed Jan 04 10:11:34 UTC 2017 -CurrentVersion=1 diff --git a/user_saml_shibboleth-php7/shibboleth/metadata/idp-metadata.xml b/user_saml_shibboleth-php7/shibboleth/metadata/idp-metadata.xml deleted file mode 100644 index 7a351b60..00000000 --- a/user_saml_shibboleth-php7/shibboleth/metadata/idp-metadata.xml +++ /dev/null @@ -1,231 +0,0 @@ - - - - - - - - example.org - - - - - - - -MIIDnTCCAoWgAwIBAgIUczx2s99juF2Kx0Swewy/E6IBptwwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTMxWhcNMzcwMTA0MTAxMTMxWjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2aXesORtJ1Vlmk -w+EOcIwKBZtcp8fafChol17GyM4gNrpRRGvm1MJObTfL2wxpnstj/qRqFONyOSLA -Ef/EEASwlbd/tFxO9xTti+SktdT4lGy2qm3v5e0RfrpFOLihw/hdqiTR0KEWim1j -Mh6ec57dcAyhV7JLHQLgxr4vmYZl7Wq+wyYyA6T4vjzIOLOXbN07hRba6OZs1xAD -eFKcJzmWcbH7X+0BvyB3sAZIv2PZ+wpfucQsvrqklfOYfzqcMIocMkjznSTlC8lc -fkwovjNhIKHWcZHtuMF+W0X01m8mtU8E1FCR2buT8yQBXN/p9XchteDjaE+dzjuF -A80h51sCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUMX3PWNbmxUOdXpVklJvA51cfaz8w -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -AHIh71RRCMjmtQmjvfrLAbJ8/lajAn5gxvFh0NqoS7c635AgGON1Xl3aJjUBtj1F -N0Vz8G3M5b5/+aLYvAePQ1XLhBlfKprz55wcbaMvJCwrCTbDbqmNosCS+gPX21Hr -Tby6dPWW4VgKtxME45QfiqWBXozuuCwncmdhPnro7/8HCFYZCNw8n5E8PqMJvkSG -e+2dgq0+zvoaqRf2YHt0j2OazUXB1O6KkL6/Cqju/s8zG4c9hyj29erqO8T1Kq9b -NjxGCSnFycZm5xbEKxcc2/YKMNBubQGBoEJX+V+0OIjxwEHJNhGHpFrmiDpB50B7 -rYWDgYL1z23a1A5QKkGNig0= - - - - - - - - - -MIIDnTCCAoWgAwIBAgIUGPx9uPjCu7c172IUgV84Tm94pBcwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTI3WhcNMzcwMTA0MTAxMTI3WjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKH+bPu45tk8/JRk -XOxkyfbxocWZlY4mRumEUxscd3fn0oVzOrdWbHH7lCZV4bus4KxvJljc0Nm2K+Zr -LoiRUUnf/LQ4LlehWVm5Kbc4kRgOXS0iGZN3SslAWPKyIg0tywg+TLOBPoS6EtST -1WuYg1JPMFxPfeFDWQ0dQYPlXIJWBFh6F2JMTb0FLECqA5l/ryYE13QisX5l+Mqo -6y3Dh7qIgaH0IJNobXoAcEWza7Kb2RnfhZRh9e0qjZIwBqTJUFM/6I86RYXn829s -INUvYQQbez6VkGTdUQJ/GuXb/dD5sMQfOyK8hrRY5MozOmK32cz3JaAzSXpiSRS9 -NxFwvicCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUKn8+TV0WXSDeavvF0M8mWn1o8ukw -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -ABI6uzoIeLZT9Az2KTlLxIc6jZ4MDmhaVja4ZuBxTXEb7BFLfeASEJmQm1wgIMOn -pJId3Kh3njW+3tOBWKm7lj8JxVVpAu4yMFSoQGPaVUgYB1AVm+pmAyPLzfJ/XGhf -esCU2F/b0eHWcaIb3x+BZFX089Cd/PBtP84MNXdo+TccibxC8N39sr45qJM/7SC7 -TfDYU0L4q2WZHJr4S7+0F+F4KaxLx9NzCvN4h6XaoWofZWir2iHO4NzbrVQGC0ei -QybS/neBfni4A2g1lyzCb6xFB58JBvNCn7AAnDJULOE7S5XWUKsDAQVQrxTNkUq7 -pnhlCQqZDwUdgmIXd1KB1So= - - - - - - - - - -MIIDnjCCAoagAwIBAgIVAL4/OE7tQNTmMZT7q2ppdRWr9mMaMA0GCSqGSIb3DQEB -CwUAMDcxNTAzBgNVBAMMLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3Vk -LmxvY2FsZG9tYWluMB4XDTE3MDEwNDEwMTEyN1oXDTM3MDEwNDEwMTEyN1owNzE1 -MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKZXw6Pfvb4nGl -4AN5kwJWKhGqqwCs0M6kT3WLxGi9TfvwAKoKSpF/jJblpv4HtWC2vcn+9hoE55Dk -nT0LefUpo0v/ki3bu2gblANmBXrcDvcUI5NRxkg3dy9yRoLGK28QYlhHh7sLQaT4 -/YfNiuhRmGJijh6tikW+SapxaGnH+Fi++xpyjyhAJD4POlzWfYTwcsD019Wv0MDZ -B1YoEISQV5U18xnVuTZtlKqxkUxu0Lxv2gtSqkwPlnaJuyHLzm0uHrenFWkk9iYb -ek2fF7A6KGh6j/73eqjqdWu3UtZHPlQYtcb7Vu7nA6mfNVjCwWkNIzUR++9PRBEG -k4rgJ+91AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFCYbwDAYibCwyIqjvcwGKN51c9VV -MHwGA1UdEQR1MHOCLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3VkLmxv -Y2FsZG9tYWluhkNodHRwczovL3NoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNs -b3VkLmxvY2FsZG9tYWluL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IB -AQBGq5kYoFIgfKiSHblctGhN8c/ka9Tcwe3sgWzm9iAXn3UrDVCbgl5Mxotboiuy -d9t4BD8F4uuSJEwNErcOWbMZo57q/ewXIX1WmCCGkt/TW8GFfVMVbT/LQXnepCq8 -mtlyT72q4AsyD4TKwJFa+xkPUzCEIsYDYfap+gHcF9fHfsNw8HNsGyMFHBKdEZNJ -P/MUQI6MKDCCNUCcJDp5SjagxJhsJsmk0NHOzIJXb0kEziz1DEcd9VewZrNFmB9I -NRFEJMj8SJ5A8YFoO5E55X9zjjyKud1ePpYTa+KK+TA2AjL3LcBK2qmWTJ7cURnt -GrYd+TvG2duNh6z69Ppj2WuD - - - - - - - - - - - - - - - - - - - - - - - example.org - - - - - - -MIIDnTCCAoWgAwIBAgIUczx2s99juF2Kx0Swewy/E6IBptwwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTMxWhcNMzcwMTA0MTAxMTMxWjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2aXesORtJ1Vlmk -w+EOcIwKBZtcp8fafChol17GyM4gNrpRRGvm1MJObTfL2wxpnstj/qRqFONyOSLA -Ef/EEASwlbd/tFxO9xTti+SktdT4lGy2qm3v5e0RfrpFOLihw/hdqiTR0KEWim1j -Mh6ec57dcAyhV7JLHQLgxr4vmYZl7Wq+wyYyA6T4vjzIOLOXbN07hRba6OZs1xAD -eFKcJzmWcbH7X+0BvyB3sAZIv2PZ+wpfucQsvrqklfOYfzqcMIocMkjznSTlC8lc -fkwovjNhIKHWcZHtuMF+W0X01m8mtU8E1FCR2buT8yQBXN/p9XchteDjaE+dzjuF -A80h51sCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUMX3PWNbmxUOdXpVklJvA51cfaz8w -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -AHIh71RRCMjmtQmjvfrLAbJ8/lajAn5gxvFh0NqoS7c635AgGON1Xl3aJjUBtj1F -N0Vz8G3M5b5/+aLYvAePQ1XLhBlfKprz55wcbaMvJCwrCTbDbqmNosCS+gPX21Hr -Tby6dPWW4VgKtxME45QfiqWBXozuuCwncmdhPnro7/8HCFYZCNw8n5E8PqMJvkSG -e+2dgq0+zvoaqRf2YHt0j2OazUXB1O6KkL6/Cqju/s8zG4c9hyj29erqO8T1Kq9b -NjxGCSnFycZm5xbEKxcc2/YKMNBubQGBoEJX+V+0OIjxwEHJNhGHpFrmiDpB50B7 -rYWDgYL1z23a1A5QKkGNig0= - - - - - - - - - -MIIDnTCCAoWgAwIBAgIUGPx9uPjCu7c172IUgV84Tm94pBcwDQYJKoZIhvcNAQEL -BQAwNzE1MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQu -bG9jYWxkb21haW4wHhcNMTcwMTA0MTAxMTI3WhcNMzcwMTA0MTAxMTI3WjA3MTUw -MwYDVQQDDCxzaGliYm9sZXRoLWludGVncmF0aW9uLW5leHRjbG91ZC5sb2NhbGRv -bWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKH+bPu45tk8/JRk -XOxkyfbxocWZlY4mRumEUxscd3fn0oVzOrdWbHH7lCZV4bus4KxvJljc0Nm2K+Zr -LoiRUUnf/LQ4LlehWVm5Kbc4kRgOXS0iGZN3SslAWPKyIg0tywg+TLOBPoS6EtST -1WuYg1JPMFxPfeFDWQ0dQYPlXIJWBFh6F2JMTb0FLECqA5l/ryYE13QisX5l+Mqo -6y3Dh7qIgaH0IJNobXoAcEWza7Kb2RnfhZRh9e0qjZIwBqTJUFM/6I86RYXn829s -INUvYQQbez6VkGTdUQJ/GuXb/dD5sMQfOyK8hrRY5MozOmK32cz3JaAzSXpiSRS9 -NxFwvicCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUKn8+TV0WXSDeavvF0M8mWn1o8ukw -fAYDVR0RBHUwc4Isc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9j -YWxkb21haW6GQ2h0dHBzOi8vc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xv -dWQubG9jYWxkb21haW4vaWRwL3NoaWJib2xldGgwDQYJKoZIhvcNAQELBQADggEB -ABI6uzoIeLZT9Az2KTlLxIc6jZ4MDmhaVja4ZuBxTXEb7BFLfeASEJmQm1wgIMOn -pJId3Kh3njW+3tOBWKm7lj8JxVVpAu4yMFSoQGPaVUgYB1AVm+pmAyPLzfJ/XGhf -esCU2F/b0eHWcaIb3x+BZFX089Cd/PBtP84MNXdo+TccibxC8N39sr45qJM/7SC7 -TfDYU0L4q2WZHJr4S7+0F+F4KaxLx9NzCvN4h6XaoWofZWir2iHO4NzbrVQGC0ei -QybS/neBfni4A2g1lyzCb6xFB58JBvNCn7AAnDJULOE7S5XWUKsDAQVQrxTNkUq7 -pnhlCQqZDwUdgmIXd1KB1So= - - - - - - - - - -MIIDnjCCAoagAwIBAgIVAL4/OE7tQNTmMZT7q2ppdRWr9mMaMA0GCSqGSIb3DQEB -CwUAMDcxNTAzBgNVBAMMLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3Vk -LmxvY2FsZG9tYWluMB4XDTE3MDEwNDEwMTEyN1oXDTM3MDEwNDEwMTEyN1owNzE1 -MDMGA1UEAwwsc2hpYmJvbGV0aC1pbnRlZ3JhdGlvbi1uZXh0Y2xvdWQubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKZXw6Pfvb4nGl -4AN5kwJWKhGqqwCs0M6kT3WLxGi9TfvwAKoKSpF/jJblpv4HtWC2vcn+9hoE55Dk -nT0LefUpo0v/ki3bu2gblANmBXrcDvcUI5NRxkg3dy9yRoLGK28QYlhHh7sLQaT4 -/YfNiuhRmGJijh6tikW+SapxaGnH+Fi++xpyjyhAJD4POlzWfYTwcsD019Wv0MDZ -B1YoEISQV5U18xnVuTZtlKqxkUxu0Lxv2gtSqkwPlnaJuyHLzm0uHrenFWkk9iYb -ek2fF7A6KGh6j/73eqjqdWu3UtZHPlQYtcb7Vu7nA6mfNVjCwWkNIzUR++9PRBEG -k4rgJ+91AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFCYbwDAYibCwyIqjvcwGKN51c9VV -MHwGA1UdEQR1MHOCLHNoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNsb3VkLmxv -Y2FsZG9tYWluhkNodHRwczovL3NoaWJib2xldGgtaW50ZWdyYXRpb24tbmV4dGNs -b3VkLmxvY2FsZG9tYWluL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3DQEBCwUAA4IB -AQBGq5kYoFIgfKiSHblctGhN8c/ka9Tcwe3sgWzm9iAXn3UrDVCbgl5Mxotboiuy -d9t4BD8F4uuSJEwNErcOWbMZo57q/ewXIX1WmCCGkt/TW8GFfVMVbT/LQXnepCq8 -mtlyT72q4AsyD4TKwJFa+xkPUzCEIsYDYfap+gHcF9fHfsNw8HNsGyMFHBKdEZNJ -P/MUQI6MKDCCNUCcJDp5SjagxJhsJsmk0NHOzIJXb0kEziz1DEcd9VewZrNFmB9I -NRFEJMj8SJ5A8YFoO5E55X9zjjyKud1ePpYTa+KK+TA2AjL3LcBK2qmWTJ7cURnt -GrYd+TvG2duNh6z69Ppj2WuD - - - - - - - - - - - - - diff --git a/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-read.vm b/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-read.vm deleted file mode 100644 index 1993c14d..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-read.vm +++ /dev/null @@ -1,53 +0,0 @@ -## -## Velocity template to read from local storage. -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## loadContext - context with details about the storage keys to load -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) -#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-read.suffix", "Loading Session Information")) -## - - - - - - $title - $titleSuffix - - - - -
-
-
-

$title - $titleSuffix

-
-
- $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...") -
- - #parse( "client-storage/read.vm" ) -
-
- -
-
- - diff --git a/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-write.vm b/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-write.vm deleted file mode 100644 index 4b92d6b8..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/client-storage/client-storage-write.vm +++ /dev/null @@ -1,53 +0,0 @@ -## -## Velocity template to write to local storage. -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## saveContext - context with details about the storage data to save -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) -#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.client-storage-write.suffix", "Saving Session Information...")) -## - - - - - - $title - $titleSuffix - - - - -
-
-
-

$title - $titleSuffix

-
-
- $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...") -
- - #parse( "client-storage/write.vm" ) -
-
- -
-
- - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/duo.vm b/user_saml_shibboleth-php7/shibboleth/views/duo.vm deleted file mode 100644 index cf4f96a8..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/duo.vm +++ /dev/null @@ -1,83 +0,0 @@ -## -## Velocity Template for Duo login view-state -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## authenticationContext - context with authentication request information -## rpUIContext - the context with SP UI information from the metadata -## canonicalUsername - name of user passed to Duo -## duoHost - API hostname for Duo frame -## duoRequest - signed Duo request message -## duoScriptPath - path to Duo JavaScript source -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - - #springMessageText("idp.title", "Web Login Service") - - - - -
-
-
- #springMessageText( -
- -
-
- -

#springMessageText("idp.login.duoRequired", "Authentication with Duo is required for the requested service.")

- - - - -
- - -
- -

- #springMessageText("idp.login.duoCancel", "Cancel this Request") -

-
- -
-
- -
- -
-
- - diff --git a/user_saml_shibboleth-php7/shibboleth/views/error.vm b/user_saml_shibboleth-php7/shibboleth/views/error.vm deleted file mode 100644 index c5951759..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/error.vm +++ /dev/null @@ -1,72 +0,0 @@ -## -## Velocity Template for error end-state -## -## Velocity context will contain the following properties -## flowRequestContext - the Spring Web Flow RequestContext -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## -#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service")) -#set ($defaultTitleSuffix = $springMacroRequestContext.getMessage("idp.title.suffix", "Error")) -## -#if ($flowRequestContext) - ## This handles flow events, the most common case. - #set ($eventId = $flowRequestContext.getCurrentEvent().getId()) - #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) - #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) - #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) - #if ($eventId == "AccessDenied" or $eventId == "ContextCheckDenied") - $response.setStatus(403) - #elseif ($eventId == "AttributeReleaseRejected" || $eventId == "TermsRejected") - $response.setStatus(200) - #elseif ($eventKey == "unexpected" || $eventKey == "runtime-error" || $eventKey == "error") - $response.setStatus(500) - #else - $response.setStatus(400) - #end -#elseif ($exception) - ## This handles exceptions that reach the Spring-MVC exception handler. - #set ($eventId = $exception.getClass().getSimpleName()) - #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error")) - #set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix")) - #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId")) -#else - ## This is a catch-all that theoretically shouldn't happen? - #set ($titleSuffix = $defaultTitleSuffix) - #set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred.")) -#end -## - - - - - - $title - $titleSuffix - - - - -
-
-
- #springMessageText( -

$title - $titleSuffix

-
- -
- #evaluate($message) -
-
- -
- -
- -
- - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/intercept/attribute-release.vm b/user_saml_shibboleth-php7/shibboleth/views/intercept/attribute-release.vm deleted file mode 100644 index 0b745516..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/intercept/attribute-release.vm +++ /dev/null @@ -1,158 +0,0 @@ -## -## Velocity Template for DisplayAttributeReleasePage view-state -## -## Velocity context will contain the following properties : -## -## attributeReleaseContext - context holding consentable attributes -## attributeReleaseFlowDescriptor - attribute consent flow descriptor -## attributeDisplayNameFunction - function to display attribute name -## consentContext - context representing the state of a consent flow -## encoder - HTMLEncoder class -## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) -## flowExecutionUrl - form action location -## flowRequestContext - Spring Web Flow RequestContext -## profileRequestContext - OpenSAML profile request context -## request - HttpServletRequest -## response - HttpServletResponse -## rpUIContext - context with SP UI information from the metadata -## environment - Spring Environment object for property resolution -#set ($serviceName = $rpUIContext.serviceName) -#set ($serviceDescription = $rpUIContext.serviceDescription) -#set ($informationURL = $rpUIContext.informationURL) -#set ($privacyStatementURL = $rpUIContext.privacyStatementURL) -#set ($rpOrganizationLogo = $rpUIContext.getLogo()) -#set ($rpOrganizationName = $rpUIContext.organizationName) -#set ($replaceDollarWithNewline = true) -## - - - - - - - #springMessageText("idp.attribute-release.title", "Information Release") - - -
-
-
- - #if ($rpOrganizationLogo) - - #end -
- #if ($serviceName) -

- #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")
- $serviceName - #if ($rpOrganizationName) - #springMessageText("idp.attribute-release.of", "of") $encoder.encodeForHTML($rpOrganizationName) - #end -

- #end - #if ($serviceDescription) -

- #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")
- $encoder.encodeForHTML($serviceDescription) -
-

- #end - #if ($informationURL) -

- #springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service") -

- #end -
- - - - - - - - #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values()) - - - - - - #end - -
- #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service") -
$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute)) - #foreach ($value in $attribute.values) - #if ($replaceDollarWithNewline) - #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML("$"),"
")) - #else - #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue())) - #end - #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) - - #else - $encodedValue - #end -
- #end -
- #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled) - #set ($inputType = "checkbox") - #else - #set ($inputType = "hidden") - #end - -
-
- #if ($privacyStatementURL) -

- #springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service") -

- #end -
-

- #springMessageText("idp.attribute-release.confirmationQuestion", "The information above would be shared with the service if you proceed. Do you agree to release this information to the service every time you access it?") -

- #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) -
- #springMessageText("idp.attribute-release.consentMethod", "Select an information release consent duration:") - #end - #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed) -

- - -

    -
  • #springMessageText("idp.attribute-release.doNotRememberConsentItem", "I agree to send my information this time.")
  • -
-

- #end - #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) -

- - -

    -
  • #springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")
  • -
-

- #end - #if ($attributeReleaseFlowDescriptor.globalConsentAllowed) -

- - -

    -
  • #springMessageText("idp.attribute-release.globalConsentItem", "I agree that all of my information will be released to any service.")
  • -
-

- #end - #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed) - #springMessageText("idp.attribute-release.consentMethodRevoke", "This setting can be revoked at any time with the checkbox on the login page.") -
- #end -

- - -

-
-
-
- - diff --git a/user_saml_shibboleth-php7/shibboleth/views/intercept/expiring-password.vm b/user_saml_shibboleth-php7/shibboleth/views/intercept/expiring-password.vm deleted file mode 100644 index 4395844a..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/intercept/expiring-password.vm +++ /dev/null @@ -1,54 +0,0 @@ -## -## Velocity Template for expiring password view -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## authenticationContext - context with authentication request information -## authenticationErrorContext - context with login error state -## authenticationWarningContext - context with login warning state -## ldapResponseContext - context with LDAP state (if using native LDAP) -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - #springMessageText("idp.title", "Web Login Service") - - - - - -
-
-
- #springMessageText( -

#springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")

-
- -
-

#springMessageText("idp.login.changePassword", "To create a new password now, go to") - #.

-

#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click") - #springMessageText("idp.login.proceedHere", "here") - #springMessageText("idp.login.proceedEnd", "to continue").

-
-
- -
- -
- -
- - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/intercept/terms-of-use.vm b/user_saml_shibboleth-php7/shibboleth/views/intercept/terms-of-use.vm deleted file mode 100644 index 1bf12c7e..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/intercept/terms-of-use.vm +++ /dev/null @@ -1,67 +0,0 @@ -## -## Velocity Template for DisplayTermsOfUsePage view-state -## -## Velocity context will contain the following properties : -## -## encoder - HTMLEncoder class -## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl) -## flowExecutionUrl - form action location -## flowRequestContext - Spring Web Flow RequestContext -## request - HttpServletRequest -## response - HttpServletResponse -## rpUIContext - context with SP UI information from the metadata -## termsOfUseId - terms of use ID to lookup message strings -## environment - Spring Environment object for property resolution -#set ($serviceName = $rpUIContext.serviceName) -#set ($rpOrganizationLogo = $rpUIContext.getLogo()) -## - - - - - - - #springMessageText("${termsOfUseId}.title", "Terms of Use") - - -
-
- - #if ($rpOrganizationLogo) - - #end -
- #if ($rpOrganizationLogo) -
-

#springMessageText("${termsOfUseId}.title", "Terms of Use")

-
- #end -
- #springMessageText("${termsOfUseId}.text", "Terms of Use Text...") -
-
-
-
- -
-
-
-
- - - #if ($requireCheckbox) -

#springMessageText("idp.terms-of-use.required", "Please check this box if you want to proceed.")

- #end - -
-
-
-
-
- -
-
- - diff --git a/user_saml_shibboleth-php7/shibboleth/views/login-error.vm b/user_saml_shibboleth-php7/shibboleth/views/login-error.vm deleted file mode 100644 index 44676b32..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/login-error.vm +++ /dev/null @@ -1,24 +0,0 @@ -## Velocity Template for login error message production, included by login.vm -## -## authenticationErrorContext - context containing error data, if available -## -#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow") - ## This handles errors that are classified by the message maps in the authentication config. - #set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next()) - #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login")) - #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId")) -#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0) - ## This handles login exceptions that are left unclassified. - #set ($loginException = $authenticationErrorContext.getExceptions().get(0)) - #if ($loginException.getMessage()) - #set ($message = "Login Failure: $loginException.getMessage()") - #else - #set ($message = $loginException.toString()) - #end -#end - -#if ($message) -
-

$encoder.encodeForHTML($message)

-
-#end diff --git a/user_saml_shibboleth-php7/shibboleth/views/login.vm b/user_saml_shibboleth-php7/shibboleth/views/login.vm deleted file mode 100644 index c421a99a..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/login.vm +++ /dev/null @@ -1,140 +0,0 @@ -## -## Velocity Template for DisplayUsernamePasswordPage view-state -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## authenticationContext - context with authentication request information -## authenticationErrorContext - context with login error state -## authenticationWarningContext - context with login warning state -## ldapResponseContext - context with LDAP state (if using native LDAP) -## rpUIContext - the context with SP UI information from the metadata -## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects -## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## -#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext')) -#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername()) -#set ($passwordEnabled = false) -#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals)) - #set ($passwordEnabled = true) -#end -## - - - - - - #springMessageText("idp.title", "Web Login Service") - - - -
-
-
- #springMessageText( -
- -
-
- #parse("login-error.vm") - -
- - #set ($serviceName = $rpUIContext.serviceName) - #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName)) - - #springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName) - - #end - - #if ($passwordEnabled) -
- - -
- -
- - -
- -
- - -
- #end - -
- - -
- - #if ($passwordEnabled) -
- -
- #end - - #foreach ($extFlow in $extendedAuthenticationFlows) - #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.apply(profileRequestContext)) -
- -
- #end - #end -
- - #* - // - // SP Description & Logo (optional) - // These idpui lines will display added information (if available - // in the metadata) about the Service Provider (SP) that requested - // authentication. These idpui lines are "active" in this example - // (not commented out) - this extra SP info will be displayed. - // Remove or comment out these lines to stop the display of the - // added SP information. - // - *# - #set ($logo = $rpUIContext.getLogo()) - #if ($logo) - $encoder.encodeForHTMLAttribute($serviceName) - #end - #set ($desc = $rpUIContext.getServiceDescription()) - #if ($desc) - $encoder.encodeForHTML($desc) - #end - -
- -
-
- -
- -
-
- - - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/logout-complete.vm b/user_saml_shibboleth-php7/shibboleth/views/logout-complete.vm deleted file mode 100644 index d780252c..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/logout-complete.vm +++ /dev/null @@ -1,59 +0,0 @@ -## -## Velocity Template for logout flow's concluding view-state (no propagation) -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## logoutContext - context with SPSession details for logout operation -## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - #springMessageText("idp.title", "Web Login Service") - - - - -
-
-
- #springMessageText( -
- -
-
-

#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")

-
- -
-
- - - #if ( $profileRequestContext.getProfileId().contains("saml2/logout") ) - - #end - -
- -
-
- - - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/logout-propagate.vm b/user_saml_shibboleth-php7/shibboleth/views/logout-propagate.vm deleted file mode 100644 index 86b3fa14..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/logout-propagate.vm +++ /dev/null @@ -1,58 +0,0 @@ -## -## Velocity Template for logout flow's concluding view-state (with propagation) -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## logoutContext - context with SPSession details for logout operation -## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata -## htmlEncoder - HTMLEncoder class -## urlEncoder - urlEncoder class -## codecUtil - CodecUtil class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - #springMessageText("idp.title", "Web Login Service") - - - - - -
-
-
- #springMessageText( -
- -
-
-

#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")

- #parse("logout/propagate.vm") -
- -
-
- -
- -
-
- - - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/logout.vm b/user_saml_shibboleth-php7/shibboleth/views/logout.vm deleted file mode 100644 index 23428554..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/logout.vm +++ /dev/null @@ -1,91 +0,0 @@ -## -## Velocity Template for logout flow's starting view-state -## -## Velocity context will contain the following properties -## flowExecutionUrl - the form action location -## flowRequestContext - the Spring Web Flow RequestContext -## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl) -## profileRequestContext - root of context tree -## logoutContext - context with SPSession details for logout operation -## multiRPContext - context with RelyingPartyContexts and possibly SP UI information from the metadata -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) - - #end - #springMessageText("idp.title", "Web Login Service") - - - - -
-
-
- #springMessageText( -
- -
-
-

This page is displayed when a logout operation at the Identity Provider completes. This page is an example - and should be customized. It is not fully internationalized because the presentation will be a highly localized - decision, and we don't have a good suggestion for a default.

-
- - #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() ) -

#springMessageText("idp.logout.ask", "Would you like to attempt to log out of all services accessed during your session? Please select Yes or No to ensure the logout operation completes, or wait a few seconds for Yes.")

-
- -
- - -
- -
-

#springMessageText("idp.logout.contactServices", "If you proceed, the system will attempt to contact the following services:")

-
    - #foreach ($sp in $logoutContext.getSessionMap().keySet()) - #set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp)) - #if ($rpCtx) - #set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext")) - #end - #if ($rpUIContext and $rpUIContext.getServiceName()) -
  1. $encoder.encodeForHTML($rpUIContext.getServiceName())
  2. - #else -
  3. $encoder.encodeForHTML($sp)
  4. - #end - #end -
- #else -

#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")

- - - #end - -
- -
-
- -
- -
-
- - - \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/views/spnego-unavailable.vm b/user_saml_shibboleth-php7/shibboleth/views/spnego-unavailable.vm deleted file mode 100644 index 3673f02a..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/spnego-unavailable.vm +++ /dev/null @@ -1,49 +0,0 @@ -## -## Velocity Template for SPNEGO unauthorized page -## -## This is not a Spring Webflow view, but a special view internal to the -## SPNEGO login flow, so it doesn't contain all of the usual SWF variables. -## -## Velocity context will contain the following properties -## encoder - HTMLEncoder class -## request - HttpServletRequest -## response - HttpServletResponse -## profileRequestContext - root of context tree -## errorUrl - URL to call to indicate error and return back to the login flow -## -#set ($eventKey = $springMacroRequestContext.getMessage("SPNEGOUnavailable", "spnego-unavailable")) - - - - - - #springMessageText("idp.title", "Web Login Sevice") - #springMessageText("${eventKey}.title", "Error") - - - - -
-
-
- #springMessageText( -

#springMessageText("idp.title", "Web Login Sevice") - #springMessage("idp.title.suffix", "Error")

-
- -
- #springMessageText("${eventKey}.message", "Your web browser doesn't support authentication with your desktop login credentials.") - -
-
- -
- -
-
- - diff --git a/user_saml_shibboleth-php7/shibboleth/views/user-prefs.js b/user_saml_shibboleth-php7/shibboleth/views/user-prefs.js deleted file mode 100644 index ab994f9a..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/user-prefs.js +++ /dev/null @@ -1,45 +0,0 @@ -"use strict"; - -function createCookie(name, value, seconds) { - var date = new Date(); - date.setTime(date.getTime() + (seconds * 1000)); - var expires = "; expires=" + date.toGMTString(); - - var path = '$environment.getProperty("idp.cookie.path", $request.getContextPath())'; - if (path.length > 0) - path = "; path=" + path; - document.cookie = name + "=" + value + expires + path; -} - -function eraseCookie(name) { - createCookie(name, "", -31536000); -} - -function readCookie(name) { - var nameEQ = name + "="; - var ca = document.cookie.split(';'); - for (var i = 0; i < ca.length; i++) { - var c = ca[i]; - while (c.charAt(0) == ' ') - c = c.substring(1, c.length); - if (c.indexOf(nameEQ) == 0) - return c.substring(nameEQ.length, c.length); - } - return null; -} - -function load(id) { - var checkbox = document.getElementById(id); - if (checkbox != null) { - var spnego = readCookie(checkbox.name); - checkbox.checked = (spnego == "1"); - } -} - -function check(checkbox) { - if (checkbox.checked) { - createCookie(checkbox.name, checkbox.value, $environment.getProperty("idp.cookie.maxAge","31536000")); - } else { - eraseCookie(checkbox.name); - } -} diff --git a/user_saml_shibboleth-php7/shibboleth/views/user-prefs.vm b/user_saml_shibboleth-php7/shibboleth/views/user-prefs.vm deleted file mode 100644 index 8de0503c..00000000 --- a/user_saml_shibboleth-php7/shibboleth/views/user-prefs.vm +++ /dev/null @@ -1,60 +0,0 @@ -## -## Velocity Template for user preferences view -## -## Velocity context will contain the following properties -## request - HttpServletRequest -## response - HttpServletResponse -## environment - Spring Environment object for property resolution -## custom - arbitrary object injected by deployer -## - - - - - - #springMessageText("idp.userprefs.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences") - - - - -
-
-
- #springMessageText( -

#springMessageText("idp.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")

-

- #springMessage("idp.userprefs.info") -

-
- - - - -
- -
- -
-
- - - diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/css/consent.css b/user_saml_shibboleth-php7/shibboleth/webapp/css/consent.css deleted file mode 100644 index 5daabeed..00000000 --- a/user_saml_shibboleth-php7/shibboleth/webapp/css/consent.css +++ /dev/null @@ -1,150 +0,0 @@ -.box { - width:600px; - margin-left: auto; - margin-right: auto; - margin-top: 50px; - background-color: white; - -webkit-box-shadow: 1px 1px 15px #999999; - -moz-box-shadow: 1px 1px 15px #999999; - box-shadow: 1px 1px 15px #999999; - -webkit-border-radius: 8px; - -moz-border-radius: 8px; - border-radius: 8px; - overflow: auto; - padding: 1.268em; -} - -body { - font-family:Verdana, Geneva, sans-serif; - font-size: 12px; -} - -h1 { - font-size: 13px; - padding-bottom: 12px; -} - -a { - color: #00247D; - text-decoration: underline; -} - -a:visited { - color: #00247D; - text-decoration: underline; -} - -a:focus, a:hover, a:active { - color: #F39800; - text-decoration: underline; -} - -#tou-content { - font-family:monospace; - width: 95%; - border: solid 1px #666; - margin: 4px; - padding: 10px; - overflow: hidden; -} - -#tou-content li{ - margin-bottom:10px; -} - -#tou-acceptance { - width: 95%; - border: solid 1px #666; - background-color: #F0F0F0; - margin: 4px; - padding: 10px; - text-align: left; - overflow: hidden; -} - -.service_name { - font-weight: bold; -} - -.service_description { - font-style: italic; -} - -.organization_name { -} - -#attributeRelease-consent { - width: 95%; - border: solid 1px #666; - background-color: #F0F0F0; - margin: 4px; - overflow: hidden; -} - -#attributeRelease { - width: 95%; - margin: 4px; - border: solid 1px black; - overflow: auto; -} - -#attributeRelease table { - border-collapse: collapse; - border: none 0px white; - width: 100%; -} - -#attributeRelease td { - padding: 3px 7px; - vertical-align: top; -} - -#attributeRelease th { - text-align: left; - font-size: 18px; - padding: 5px 7px; - background-color:#00247D; - color: white; -} - -#attributeRelease tr:nth-of-type(even) { - background-color: #E4E5E3; -} - -.federation_logo -{ - width: 50%; - float: left; - padding-top: 35px; - border: 0; -} -.organization_logo -{ - width: 50%; - float: right; - border: 0; -} - -.form-error { - padding: 0; - color: #B61601; -} - -/* Device specific styles */ -@media only screen and (max-device-width: 721px){ - .box { - width: auto; - box-shadow: none; - border-radius: 0; - -webkit-box-shadow: none; - -webkit-border-radius: 0; - -moz-box-shadow: none; - -moz-border-radius: 0; - padding: 0; - margin-top:0; - } - #tou-content, #tou-acceptance{ - /*width:87%;*/ - width:auto; - } -} diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/css/logout.css b/user_saml_shibboleth-php7/shibboleth/webapp/css/logout.css deleted file mode 100644 index e57319c9..00000000 --- a/user_saml_shibboleth-php7/shibboleth/webapp/css/logout.css +++ /dev/null @@ -1,12 +0,0 @@ -/* Success/Failure indicators for logout propagation. */ - -.success { - background: url(../images/success-32x32.png) no-repeat left center; - line-height: 36px; - padding-left: 36px; -} -.failure { - background: url(../images/failure-32x32.png) no-repeat left center; - line-height: 36px; - padding-left: 36px; -} diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/css/main.css b/user_saml_shibboleth-php7/shibboleth/webapp/css/main.css deleted file mode 100644 index 282c5501..00000000 --- a/user_saml_shibboleth-php7/shibboleth/webapp/css/main.css +++ /dev/null @@ -1,165 +0,0 @@ -* { - margin: 0; - padding: 0; -} -header, footer, section, nav { - display: block; -} -html, body { - height: 100%; -} -body { - font-family:Verdana, Geneva, sans-serif; - font-size: 12px; - line-height: 1.5; - color: #717171; - background: #717171; -} -a:link, -a:visited { - text-decoration: none; - color: #717171; -} -img { - max-width: 100%; - margin-bottom: 12px; -} - -.wrapper { - background: #ffffff; -} - -.container { - position: relative; - left: 34%; - width: 540px; - margin-left: -270px; -} -.container-footer { - padding-top: 12px; -} -@media only screen and (max-width: 1020px) { - .container { - left: 45%; - } -} -@media only screen and (max-width: 650px) { - .container { - position: static; - margin: 0 auto; - width: 280px; - } -} - -header { - padding: 20px 0; -} - -.logo img { - border: none; -} -@media only screen and (max-width: 650px) { - .logo img { - display: none; - } - .logo { - background: url(../images/dummylogo-mobile.png) no-repeat top center; - display: block; - height: 115px; - width: 100px; - margin: 0 auto; - } -} - -.content { - padding-bottom: 80px; - overflow: hidden; -} - -.column { - float: left; -} -.column.one { - width: 50%; - margin-right: 48px; -} - -form { - width: 240px; - padding-bottom: 21px; -} -form label { /* labels are hidden */ - font-weight: bold; -} -form legend { - font-size:1.2em; - margin-bottom: 12px; -} -.form-element-wrapper { - margin-bottom: 12px; -} -.form-element { - width: 100%; - padding: 13px 12px; - border: none; - font-size: 14px; - border-radius: 4px; - -webkit-border-radius: 4px; - -moz-border-radius: 4px; -} -.form-field { - color: #B7B7B7; - border: 1px solid #B7B7B7; -} -.form-field-focus, -.form-field:focus, -input[type="text"]:focus { - color: #333333; - border-color: #333; -} -.form-button { - background: #B61601; - box-sizing: content-box; - -moz-box-sizing: content-box; - color: #ffffff; - cursor: pointer; -} -.form-button:hover { - background: #FF6400; -} -.form-error { - padding: 0; - color: #B61601; -} - -.list-help { - margin-top: 40px; /* offset padding on first anchor */ - list-style: none; -} -.list-help-item a { - display: block; - padding: 6px 0; -} -.item-marker { - color: #be0000; -} - -footer { - color: #ffffff; - font-size: 11px; - background: #717171; -} -.footer-text { - margin-bottom: 12px; -} -.footer-links a:link, -.footer-links a:visited { - color: #ffffff; - font-weight: bold; -} -.footer-links a:after { - content: "\00a0\00a0\00a0|\00a0\00a0"; -} -.footer-links a.last:after { - content: ""; -} diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo-mobile.png b/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo-mobile.png deleted file mode 100644 index 8ba3c95a..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo-mobile.png and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo.png b/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo.png deleted file mode 100644 index e89ede6e..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/webapp/images/dummylogo.png and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/images/failure-32x32.png b/user_saml_shibboleth-php7/shibboleth/webapp/images/failure-32x32.png deleted file mode 100644 index 3c48e466..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/webapp/images/failure-32x32.png and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/images/success-32x32.png b/user_saml_shibboleth-php7/shibboleth/webapp/images/success-32x32.png deleted file mode 100644 index aa512048..00000000 Binary files a/user_saml_shibboleth-php7/shibboleth/webapp/images/success-32x32.png and /dev/null differ diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/js/Duo-Web-v2.min.js b/user_saml_shibboleth-php7/shibboleth/webapp/js/Duo-Web-v2.min.js deleted file mode 100644 index 393900db..00000000 --- a/user_saml_shibboleth-php7/shibboleth/webapp/js/Duo-Web-v2.min.js +++ /dev/null @@ -1 +0,0 @@ -window.Duo=function(e,t){var i=/^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/;var o=/^ERR\|[\w\s\.\(\)]+$/;var n="duo_iframe",a="",s="sig_response",r,f,u,d,m,c;function h(e,t){throw new Error("Duo Web SDK error: "+e+(t?"\n"+"See "+t+" for more information":""))}function g(e){return e.replace(/([a-z])([A-Z])/,"$1-$2").toLowerCase()}function l(e,t){if("dataset"in e){return e.dataset[t]}else{return e.getAttribute("data-"+g(t))}}function p(e,i,o,n){if("addEventListener"in t){e.addEventListener(i,n,false)}else{e.attachEvent(o,n)}}function w(e,i,o,n){if("removeEventListener"in t){e.removeEventListener(i,n,false)}else{e.detachEvent(o,n)}}function v(t){p(e,"DOMContentLoaded","onreadystatechange",t)}function b(t){w(e,"DOMContentLoaded","onreadystatechange",t)}function E(e){p(t,"message","onmessage",e)}function _(e){w(t,"message","onmessage",e)}function y(e){if(!e){return}if(e.indexOf("ERR|")===0){h(e.split("|")[1])}if(e.indexOf(":")===-1||e.split(":").length!==2){h("Duo was given a bad token. This might indicate a configuration "+"problem with one of Duo's client libraries.","https://www.duosecurity.com/docs/duoweb#first-steps")}var t=e.split(":");f=e;u=t[0];d=t[1];return{sigRequest:e,duoSig:t[0],appSig:t[1]}}function D(){m=e.getElementById(n);if(!m){throw new Error("This page does not contain an iframe for Duo to use."+'Add an element like '+"to this page. "+"See https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe "+"for more information.")}B();b(D)}function A(e){return Boolean(e.origin==="https://"+r&&typeof e.data==="string"&&(e.data.match(i)||e.data.match(o)))}function L(t){if(t){if(t.host){r=t.host}if(t.sig_request){y(t.sig_request)}if(t.post_action){a=t.post_action}if(t.post_argument){s=t.post_argument}if(t.iframe){if("tagName"in t.iframe){m=t.iframe}else if(typeof t.iframe==="string"){n=t.iframe}}if(typeof t.submit_callback==="function"){c=t.submit_callback}}if(m){B()}else{m=e.getElementById(n);if(m){B()}else{v(D)}}b(L)}function q(e){if(A(e)){R(e.data);_(q)}}function B(){if(!r){r=l(m,"host");if(!r){h("No API hostname is given for Duo to use. Be sure to pass "+"a `host` parameter to Duo.init, or through the `data-host` "+"attribute on the iframe element.","https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe")}}if(!u||!d){y(l(m,"sigRequest"));if(!u||!d){h("No valid signed request is given. Be sure to give the "+"`sig_request` parameter to Duo.init, or use the "+"`data-sig-request` attribute on the iframe element.","https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe")}}if(a===""){a=l(m,"postAction")||a}if(s==="sig_response"){s=l(m,"postArgument")||s}m.src=["https://",r,"/frame/web/v1/auth?tx=",u,"&parent=",encodeURIComponent(e.location.href),"&v=2.3"].join("");E(q)}function R(t){var i=e.createElement("input");i.type="hidden";i.name=s;i.value=t+":"+d;var o=e.getElementById("duo_form");if(!o){o=e.createElement("form");m.parentElement.insertBefore(o,m.nextSibling)}o.method="POST";o.action=a;o.appendChild(i);if(typeof c==="function"){c.call(null,o)}else{o.submit()}}v(L);return{init:L,_parseSigRequest:y,_isDuoMessage:A,_doPostBack:R}}(document,window); \ No newline at end of file diff --git a/user_saml_shibboleth-php7/shibboleth/webapp/js/jquery-2.1.4.min.js b/user_saml_shibboleth-php7/shibboleth/webapp/js/jquery-2.1.4.min.js deleted file mode 100644 index 49990d6e..00000000 --- a/user_saml_shibboleth-php7/shibboleth/webapp/js/jquery-2.1.4.min.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */ -!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)||(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)+1>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b||this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid||n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function s(a){var b="length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N=M.replace("w","w#"),O="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+N+"))|)"+L+"*\\]",P=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+O+")*)|.*)\\)|)",Q=new RegExp(L+"+","g"),R=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),S=new RegExp("^"+L+"*,"+L+"*"),T=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),U=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),V=new RegExp(P),W=new RegExp("^"+N+"$"),X={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M.replace("w","w*")+")"),ATTR:new RegExp("^"+O),PSEUDO:new RegExp("^"+P),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},Y=/^(?:input|select|textarea|button)$/i,Z=/^h\d$/i,$=/^[^{]+\{\s*\[native \w/,_=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,aa=/[+~]/,ba=/'|\\/g,ca=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),da=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},ea=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(fa){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function ga(a,b,d,e){var f,h,j,k,l,o,r,s,w,x;if((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,d=d||[],k=b.nodeType,"string"!=typeof a||!a||1!==k&&9!==k&&11!==k)return d;if(!e&&p){if(11!==k&&(f=_.exec(a)))if(j=f[1]){if(9===k){if(h=b.getElementById(j),!h||!h.parentNode)return d;if(h.id===j)return d.push(h),d}else if(b.ownerDocument&&(h=b.ownerDocument.getElementById(j))&&t(b,h)&&h.id===j)return d.push(h),d}else{if(f[2])return H.apply(d,b.getElementsByTagName(a)),d;if((j=f[3])&&c.getElementsByClassName)return H.apply(d,b.getElementsByClassName(j)),d}if(c.qsa&&(!q||!q.test(a))){if(s=r=u,w=b,x=1!==k&&a,1===k&&"object"!==b.nodeName.toLowerCase()){o=g(a),(r=b.getAttribute("id"))?s=r.replace(ba,"\\$&"):b.setAttribute("id",s),s="[id='"+s+"'] ",l=o.length;while(l--)o[l]=s+ra(o[l]);w=aa.test(a)&&pa(b.parentNode)||b,x=o.join(",")}if(x)try{return H.apply(d,w.querySelectorAll(x)),d}catch(y){}finally{r||b.removeAttribute("id")}}}return i(a.replace(R,"$1"),b,d,e)}function ha(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ia(a){return a[u]=!0,a}function ja(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ka(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function la(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function na(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function oa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function pa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=ga.support={},f=ga.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=ga.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=g.documentElement,e=g.defaultView,e&&e!==e.top&&(e.addEventListener?e.addEventListener("unload",ea,!1):e.attachEvent&&e.attachEvent("onunload",ea)),p=!f(g),c.attributes=ja(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ja(function(a){return a.appendChild(g.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=$.test(g.getElementsByClassName),c.getById=ja(function(a){return o.appendChild(a).id=u,!g.getElementsByName||!g.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ca,da);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ca,da);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=$.test(g.querySelectorAll))&&(ja(function(a){o.appendChild(a).innerHTML="",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ja(function(a){var b=g.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=$.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ja(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",P)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=$.test(o.compareDocumentPosition),t=b||$.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===g||a.ownerDocument===v&&t(v,a)?-1:b===g||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,h=[a],i=[b];if(!e||!f)return a===g?-1:b===g?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)i.unshift(c);while(h[d]===i[d])d++;return d?la(h[d],i[d]):h[d]===v?-1:i[d]===v?1:0},g):n},ga.matches=function(a,b){return ga(a,null,null,b)},ga.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(U,"='$1']"),!(!c.matchesSelector||!p||r&&r.test(b)||q&&q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return ga(b,n,null,[a]).length>0},ga.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},ga.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},ga.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},ga.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=ga.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=ga.selectors={cacheLength:50,createPseudo:ia,match:X,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ca,da),a[3]=(a[3]||a[4]||a[5]||"").replace(ca,da),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||ga.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&ga.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return X.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&V.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ca,da).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=ga.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(Q," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){k=q[u]||(q[u]={}),j=k[a]||[],n=j[0]===w&&j[1],m=j[0]===w&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[w,n,m];break}}else if(s&&(j=(b[u]||(b[u]={}))[a])&&j[0]===w)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(s&&((l[u]||(l[u]={}))[a]=[w,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||ga.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ia(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ia(function(a){var b=[],c=[],d=h(a.replace(R,"$1"));return d[u]?ia(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ia(function(a){return function(b){return ga(a,b).length>0}}),contains:ia(function(a){return a=a.replace(ca,da),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ia(function(a){return W.test(a||"")||ga.error("unsupported lang: "+a),a=a.replace(ca,da).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Z.test(a.nodeName)},input:function(a){return Y.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:oa(function(){return[0]}),last:oa(function(a,b){return[b-1]}),eq:oa(function(a,b,c){return[0>c?c+b:c]}),even:oa(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:oa(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:oa(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:oa(function(a,b,c){for(var d=0>c?c+b:c;++db;b++)d+=a[b].value;return d}function sa(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[u]||(b[u]={}),(h=i[d])&&h[0]===w&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function ta(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ua(a,b,c){for(var d=0,e=b.length;e>d;d++)ga(a,b[d],c);return c}function va(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function wa(a,b,c,d,e,f){return d&&!d[u]&&(d=wa(d)),e&&!e[u]&&(e=wa(e,f)),ia(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ua(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:va(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=va(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=va(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function xa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=sa(function(a){return a===b},h,!0),l=sa(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[sa(ta(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return wa(i>1&&ta(m),i>1&&ra(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(R,"$1"),c,e>i&&xa(a.slice(i,e)),f>e&&xa(a=a.slice(e)),f>e&&ra(a))}m.push(c)}return ta(m)}function ya(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,m,o,p=0,q="0",r=f&&[],s=[],t=j,u=f||e&&d.find.TAG("*",k),v=w+=null==t?1:Math.random()||.1,x=u.length;for(k&&(j=g!==n&&g);q!==x&&null!=(l=u[q]);q++){if(e&&l){m=0;while(o=a[m++])if(o(l,g,h)){i.push(l);break}k&&(w=v)}c&&((l=!o&&l)&&p--,f&&r.push(l))}if(p+=q,c&&q!==p){m=0;while(o=b[m++])o(r,s,g,h);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=F.call(i));s=va(s)}H.apply(i,s),k&&!f&&s.length>0&&p+b.length>1&&ga.uniqueSort(i)}return k&&(w=v,j=t),r};return c?ia(f):f}return h=ga.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=xa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,ya(e,d)),f.selector=a}return f},i=ga.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ca,da),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=X.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ca,da),aa.test(j[0].type)&&pa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&ra(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,aa.test(a)&&pa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ja(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ja(function(a){return a.innerHTML="","#"===a.firstChild.getAttribute("href")})||ka("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ja(function(a){return a.innerHTML="",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ka("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ja(function(a){return null==a.getAttribute("disabled")})||ka(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),ga}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=n.expr.match.needsContext,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^.[^:#\[\.,]*$/;function x(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(w.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return g.call(b,a)>=0!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=this.length,d=[],e=this;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushStack(x(this,a||[],!1))},not:function(a){return this.pushStack(x(this,a||[],!0))},is:function(a){return!!x(this,"string"==typeof a&&u.test(a)?n(a):a||[],!1).length}});var y,z=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,A=n.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:z.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||y).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:l,!0)),v.test(c[1])&&n.isPlainObject(b))for(c in b)n.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}return d=l.getElementById(c[2]),d&&d.parentNode&&(this.length=1,this[0]=d),this.context=l,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof y.ready?y.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};A.prototype=n.fn,y=n(l);var B=/^(?:parents|prev(?:Until|All))/,C={children:!0,contents:!0,next:!0,prev:!0};n.extend({dir:function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),n.fn.extend({has:function(a){var b=n(a,this),c=b.length;return this.filter(function(){for(var a=0;c>a;a++)if(n.contains(this,b[a]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=u.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.unique(f):f)},index:function(a){return a?"string"==typeof a?g.call(n(a),this[0]):g.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.unique(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function D(a,b){while((a=a[b])&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return n.dir(a,"parentNode")},parentsUntil:function(a,b,c){return n.dir(a,"parentNode",c)},next:function(a){return D(a,"nextSibling")},prev:function(a){return D(a,"previousSibling")},nextAll:function(a){return n.dir(a,"nextSibling")},prevAll:function(a){return n.dir(a,"previousSibling")},nextUntil:function(a,b,c){return n.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return n.dir(a,"previousSibling",c)},siblings:function(a){return n.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return n.sibling(a.firstChild)},contents:function(a){return a.contentDocument||n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(C[a]||n.unique(e),B.test(a)&&e.reverse()),this.pushStack(e)}});var E=/\S+/g,F={};function G(a){var b=F[a]={};return n.each(a.match(E)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?F[a]||G(a):n.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(b=a.memory&&l,c=!0,g=e||0,e=0,f=h.length,d=!0;h&&f>g;g++)if(h[g].apply(l[0],l[1])===!1&&a.stopOnFalse){b=!1;break}d=!1,h&&(i?i.length&&j(i.shift()):b?h=[]:k.disable())},k={add:function(){if(h){var c=h.length;!function g(b){n.each(b,function(b,c){var d=n.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&g(c)})}(arguments),d?f=h.length:b&&(e=c,j(b))}return this},remove:function(){return h&&n.each(arguments,function(a,b){var c;while((c=n.inArray(b,h,c))>-1)h.splice(c,1),d&&(f>=c&&f--,g>=c&&g--)}),this},has:function(a){return a?n.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],f=0,this},disable:function(){return h=i=b=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,b||k.disable(),this},locked:function(){return!i},fireWith:function(a,b){return!h||c&&!i||(b=b||[],b=[a,b.slice?b.slice():b],d?i.push(b):j(b)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!c}};return k},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&n.isFunction(a.promise)?e:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var H;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(H.resolveWith(l,[n]),n.fn.triggerHandler&&(n(l).triggerHandler("ready"),n(l).off("ready"))))}});function I(){l.removeEventListener("DOMContentLoaded",I,!1),a.removeEventListener("load",I,!1),n.ready()}n.ready.promise=function(b){return H||(H=n.Deferred(),"complete"===l.readyState?setTimeout(n.ready):(l.addEventListener("DOMContentLoaded",I,!1),a.addEventListener("load",I,!1))),H.promise(b)},n.ready.promise();var J=n.access=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)n.access(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f};n.acceptData=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function K(){Object.defineProperty(this.cache={},0,{get:function(){return{}}}),this.expando=n.expando+K.uid++}K.uid=1,K.accepts=n.acceptData,K.prototype={key:function(a){if(!K.accepts(a))return 0;var b={},c=a[this.expando];if(!c){c=K.uid++;try{b[this.expando]={value:c},Object.defineProperties(a,b)}catch(d){b[this.expando]=c,n.extend(a,b)}}return this.cache[c]||(this.cache[c]={}),c},set:function(a,b,c){var d,e=this.key(a),f=this.cache[e];if("string"==typeof b)f[b]=c;else if(n.isEmptyObject(f))n.extend(this.cache[e],b);else for(d in b)f[d]=b[d];return f},get:function(a,b){var c=this.cache[this.key(a)];return void 0===b?c:c[b]},access:function(a,b,c){var d;return void 0===b||b&&"string"==typeof b&&void 0===c?(d=this.get(a,b),void 0!==d?d:this.get(a,n.camelCase(b))):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d,e,f=this.key(a),g=this.cache[f];if(void 0===b)this.cache[f]={};else{n.isArray(b)?d=b.concat(b.map(n.camelCase)):(e=n.camelCase(b),b in g?d=[b,e]:(d=e,d=d in g?[d]:d.match(E)||[])),c=d.length;while(c--)delete g[d[c]]}},hasData:function(a){return!n.isEmptyObject(this.cache[a[this.expando]]||{})},discard:function(a){a[this.expando]&&delete this.cache[a[this.expando]]}};var L=new K,M=new K,N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(O,"-$1").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}M.set(a,b,c)}else c=void 0;return c}n.extend({hasData:function(a){return M.hasData(a)||L.hasData(a)},data:function(a,b,c){ -return M.access(a,b,c)},removeData:function(a,b){M.remove(a,b)},_data:function(a,b,c){return L.access(a,b,c)},_removeData:function(a,b){L.remove(a,b)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=M.get(f),1===f.nodeType&&!L.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));L.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){M.set(this,a)}):J(this,function(b){var c,d=n.camelCase(a);if(f&&void 0===b){if(c=M.get(f,a),void 0!==c)return c;if(c=M.get(f,d),void 0!==c)return c;if(c=P(f,d,void 0),void 0!==c)return c}else this.each(function(){var c=M.get(this,d);M.set(this,d,b),-1!==a.indexOf("-")&&void 0!==c&&M.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){M.remove(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=L.get(a,b),c&&(!d||n.isArray(c)?d=L.access(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return L.get(a,c)||L.access(a,c,{empty:n.Callbacks("once memory").add(function(){L.remove(a,[b+"queue",c])})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.lengthx",k.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var U="undefined";k.focusinBubbles="onfocusin"in a;var V=/^key/,W=/^(?:mouse|pointer|contextmenu)|click/,X=/^(?:focusinfocus|focusoutblur)$/,Y=/^([^.]*)(?:\.(.+)|)$/;function Z(){return!0}function $(){return!1}function _(){try{return l.activeElement}catch(a){}}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.get(a);if(r){c.handler&&(f=c,c=f.handler,e=f.selector),c.guid||(c.guid=n.guid++),(i=r.events)||(i=r.events={}),(g=r.handle)||(g=r.handle=function(b){return typeof n!==U&&n.event.triggered!==b.type?n.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(E)||[""],j=b.length;while(j--)h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o&&(l=n.event.special[o]||{},o=(e?l.delegateType:l.bindType)||o,l=n.event.special[o]||{},k=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},f),(m=i[o])||(m=i[o]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,p,g)!==!1||a.addEventListener&&a.addEventListener(o,g,!1)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),n.event.global[o]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.hasData(a)&&L.get(a);if(r&&(i=r.events)){b=(b||"").match(E)||[""],j=b.length;while(j--)if(h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=i[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&q!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete i[o])}else for(o in i)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(i)&&(delete r.handle,L.remove(a,"events"))}},trigger:function(b,c,d,e){var f,g,h,i,k,m,o,p=[d||l],q=j.call(b,"type")?b.type:b,r=j.call(b,"namespace")?b.namespace.split("."):[];if(g=h=d=d||l,3!==d.nodeType&&8!==d.nodeType&&!X.test(q+n.event.triggered)&&(q.indexOf(".")>=0&&(r=q.split("."),q=r.shift(),r.sort()),k=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=e?2:3,b.namespace=r.join("."),b.namespace_re=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=d),c=null==c?[b]:n.makeArray(c,[b]),o=n.event.special[q]||{},e||!o.trigger||o.trigger.apply(d,c)!==!1)){if(!e&&!o.noBubble&&!n.isWindow(d)){for(i=o.delegateType||q,X.test(i+q)||(g=g.parentNode);g;g=g.parentNode)p.push(g),h=g;h===(d.ownerDocument||l)&&p.push(h.defaultView||h.parentWindow||a)}f=0;while((g=p[f++])&&!b.isPropagationStopped())b.type=f>1?i:o.bindType||q,m=(L.get(g,"events")||{})[b.type]&&L.get(g,"handle"),m&&m.apply(g,c),m=k&&g[k],m&&m.apply&&n.acceptData(g)&&(b.result=m.apply(g,c),b.result===!1&&b.preventDefault());return b.type=q,e||b.isDefaultPrevented()||o._default&&o._default.apply(p.pop(),c)!==!1||!n.acceptData(d)||k&&n.isFunction(d[q])&&!n.isWindow(d)&&(h=d[k],h&&(d[k]=null),n.event.triggered=q,d[q](),n.event.triggered=void 0,h&&(d[k]=h)),b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,e,f,g,h=[],i=d.call(arguments),j=(L.get(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())(!a.namespace_re||a.namespace_re.test(g.namespace))&&(a.handleObj=g,a.data=g.data,e=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(a.result=e)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&(!a.button||"click"!==a.type))for(;i!==this;i=i.parentNode||this)if(i.disabled!==!0||"click"!==a.type){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>=0:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h]*)\/>/gi,ba=/<([\w:]+)/,ca=/<|&#?\w+;/,da=/<(?:script|style|link)/i,ea=/checked\s*(?:[^=]|=\s*.checked.)/i,fa=/^$|\/(?:java|ecma)script/i,ga=/^true\/(.*)/,ha=/^\s*\s*$/g,ia={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};ia.optgroup=ia.option,ia.tbody=ia.tfoot=ia.colgroup=ia.caption=ia.thead,ia.th=ia.td;function ja(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function ka(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function la(a){var b=ga.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function ma(a,b){for(var c=0,d=a.length;d>c;c++)L.set(a[c],"globalEval",!b||L.get(b[c],"globalEval"))}function na(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(L.hasData(a)&&(f=L.access(a),g=L.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;d>c;c++)n.event.add(b,e,j[e][c])}M.hasData(a)&&(h=M.access(a),i=n.extend({},h),M.set(b,i))}}function oa(a,b){var c=a.getElementsByTagName?a.getElementsByTagName(b||"*"):a.querySelectorAll?a.querySelectorAll(b||"*"):[];return void 0===b||b&&n.nodeName(a,b)?n.merge([a],c):c}function pa(a,b){var c=b.nodeName.toLowerCase();"input"===c&&T.test(a.type)?b.checked=a.checked:("input"===c||"textarea"===c)&&(b.defaultValue=a.defaultValue)}n.extend({clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=n.contains(a.ownerDocument,a);if(!(k.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(g=oa(h),f=oa(a),d=0,e=f.length;e>d;d++)pa(f[d],g[d]);if(b)if(c)for(f=f||oa(a),g=g||oa(h),d=0,e=f.length;e>d;d++)na(f[d],g[d]);else na(a,h);return g=oa(h,"script"),g.length>0&&ma(g,!i&&oa(a,"script")),h},buildFragment:function(a,b,c,d){for(var e,f,g,h,i,j,k=b.createDocumentFragment(),l=[],m=0,o=a.length;o>m;m++)if(e=a[m],e||0===e)if("object"===n.type(e))n.merge(l,e.nodeType?[e]:e);else if(ca.test(e)){f=f||k.appendChild(b.createElement("div")),g=(ba.exec(e)||["",""])[1].toLowerCase(),h=ia[g]||ia._default,f.innerHTML=h[1]+e.replace(aa,"<$1>")+h[2],j=h[0];while(j--)f=f.lastChild;n.merge(l,f.childNodes),f=k.firstChild,f.textContent=""}else l.push(b.createTextNode(e));k.textContent="",m=0;while(e=l[m++])if((!d||-1===n.inArray(e,d))&&(i=n.contains(e.ownerDocument,e),f=oa(k.appendChild(e),"script"),i&&ma(f),c)){j=0;while(e=f[j++])fa.test(e.type||"")&&c.push(e)}return k},cleanData:function(a){for(var b,c,d,e,f=n.event.special,g=0;void 0!==(c=a[g]);g++){if(n.acceptData(c)&&(e=c[L.expando],e&&(b=L.cache[e]))){if(b.events)for(d in b.events)f[d]?n.event.remove(c,d):n.removeEvent(c,d,b.handle);L.cache[e]&&delete L.cache[e]}delete M.cache[c[M.expando]]}}}),n.fn.extend({text:function(a){return J(this,function(a){return void 0===a?n.text(this):this.empty().each(function(){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&(this.textContent=a)})},null,a,arguments.length)},append:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=ja(this,a);b.appendChild(a)}})},prepend:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=ja(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},remove:function(a,b){for(var c,d=a?n.filter(a,this):this,e=0;null!=(c=d[e]);e++)b||1!==c.nodeType||n.cleanData(oa(c)),c.parentNode&&(b&&n.contains(c.ownerDocument,c)&&ma(oa(c,"script")),c.parentNode.removeChild(c));return this},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(n.cleanData(oa(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return J(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!da.test(a)&&!ia[(ba.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(aa,"<$1>");try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(oa(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=arguments[0];return this.domManip(arguments,function(b){a=this.parentNode,n.cleanData(oa(this)),a&&a.replaceChild(b,this)}),a&&(a.length||a.nodeType)?this:this.remove()},detach:function(a){return this.remove(a,!0)},domManip:function(a,b){a=e.apply([],a);var c,d,f,g,h,i,j=0,l=this.length,m=this,o=l-1,p=a[0],q=n.isFunction(p);if(q||l>1&&"string"==typeof p&&!k.checkClone&&ea.test(p))return this.each(function(c){var d=m.eq(c);q&&(a[0]=p.call(this,c,d.html())),d.domManip(a,b)});if(l&&(c=n.buildFragment(a,this[0].ownerDocument,!1,this),d=c.firstChild,1===c.childNodes.length&&(c=d),d)){for(f=n.map(oa(c,"script"),ka),g=f.length;l>j;j++)h=c,j!==o&&(h=n.clone(h,!0,!0),g&&n.merge(f,oa(h,"script"))),b.call(this[j],h,j);if(g)for(i=f[f.length-1].ownerDocument,n.map(f,la),j=0;g>j;j++)h=f[j],fa.test(h.type||"")&&!L.access(h,"globalEval")&&n.contains(i,h)&&(h.src?n._evalUrl&&n._evalUrl(h.src):n.globalEval(h.textContent.replace(ha,"")))}return this}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e=n(a),g=e.length-1,h=0;g>=h;h++)c=h===g?this:this.clone(!0),n(e[h])[b](c),f.apply(d,c.get());return this.pushStack(d)}});var qa,ra={};function sa(b,c){var d,e=n(c.createElement(b)).appendTo(c.body),f=a.getDefaultComputedStyle&&(d=a.getDefaultComputedStyle(e[0]))?d.display:n.css(e[0],"display");return e.detach(),f}function ta(a){var b=l,c=ra[a];return c||(c=sa(a,b),"none"!==c&&c||(qa=(qa||n("