[Mapbender-commits] r4586 - in trunk/mapbender: . conf http/classes
http/php http_auth http_auth/http owsproxy/http
owsproxy/http/classes resources/db/update
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Wed Sep 2 08:59:49 EDT 2009
Author: christoph
Date: 2009-09-02 08:59:49 -0400 (Wed, 02 Sep 2009)
New Revision: 4586
Added:
trunk/mapbender/http_auth/
trunk/mapbender/http_auth/http/
trunk/mapbender/http_auth/http/index.php
Modified:
trunk/mapbender/conf/mapbender.conf-dist
trunk/mapbender/http/classes/class_administration.php
trunk/mapbender/http/classes/class_connector.php
trunk/mapbender/http/classes/class_wms.php
trunk/mapbender/http/php/mod_layerMetadata.php
trunk/mapbender/http/php/mod_loadCapabilities.php
trunk/mapbender/http/php/mod_loadwms.php
trunk/mapbender/http/php/mod_owsproxy_conf.php
trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php
trunk/mapbender/owsproxy/http/index.php
trunk/mapbender/resources/db/update/update_2.7.sql
Log:
http://trac.osgeo.org/mapbender/ticket/527
Modified: trunk/mapbender/conf/mapbender.conf-dist
===================================================================
--- trunk/mapbender/conf/mapbender.conf-dist 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/conf/mapbender.conf-dist 2009-09-02 12:59:49 UTC (rev 4586)
@@ -80,6 +80,15 @@
define("OWSPROXY", "http://<ip or name>/owsproxy");
# --------------------------------------------
+# Definitions for HTTP Authentication
+# --------------------------------------------
+
+define('REALM', 'mapbender_registry');
+define('NONCEKEY', 'mapbender');
+$nonceLife = 300;
+define('HTTP_AUTH_PROXY',"https://".$_SERVER['HTTP_HOST']."/http_auth"); //Problem - behind a rewrite rule - define it hardcoded?
+
+# --------------------------------------------
# type of server-connection
# curl, socket, http
# --------------------------------------------
@@ -88,10 +97,11 @@
define("CONNECTION", "http");
#define("CONNECTION", "socket");
-define("CONNECTION_PROXY", "<ip>");
-define("CONNECTION_PORT", "<port>");
-define("CONNECTION_USER", "<user>");
-define("CONNECTION_PASSWORD", "<password>");
+define("CONNECTION_PROXY", ""); // ip
+define("CONNECTION_PORT", ""); // port
+define("CONNECTION_USER", ""); // user
+define("CONNECTION_PASSWORD", ""); // password
+define("CONNECTION_USERAGENT", "Mapbender");
# --------------------------------------------
# HOSTs not for Proxy (curl)
Modified: trunk/mapbender/http/classes/class_administration.php
===================================================================
--- trunk/mapbender/http/classes/class_administration.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/classes/class_administration.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -1037,7 +1037,20 @@
}
}
+ /*
+ * unset the proxy definitions and logging/pricing for the owned wms proxy list
+ *
+ * @param string the wms-list
+ *
+ */
+ function unsetWmsProxy($wms_list){
+ $sql = "UPDATE wms set wms_owsproxy='', wms_pricevolume=0,wms_proxylog=0 WHERE wms_id IN ($1)";
+ $t = array("s");
+ $v = array($wms_list);
+ $res = db_prep_query($sql,$v,$t);
+ }
+
/*
* log wms getmap proxy urls to db
*
@@ -1124,6 +1137,49 @@
return $newOwsString;
}
+ /*
+ * get the authentication info out of wms table
+ *
+ * @param integer the wms-id
+ * @return array auth - 'username', 'password', 'auth_type' if not set, return false
+ */
+
+ function getAuthInfoOfWMS($wms_id){
+ $sql = "SELECT wms_username, wms_password, wms_auth_type from wms WHERE wms_id = $1 ";
+ $t = array("i");
+ $v = array($wms_id);
+ $res = db_prep_query($sql,$v,$t);
+ if($row = db_fetch_array($res)){
+ $auth['username'] = $row["wms_username"];
+ $auth['password'] = $row["wms_password"];
+ $auth['auth_type'] = $row["wms_auth_type"];
+ return $auth;
+ }
+ else{
+ return false;
+ }
+ }
+ /*
+ * get the wms_id info out of wms table when wms_owsproxy is given
+ *
+ * @param integer the owsproxy string
+ * @return wms_id - if not set, return false
+ */
+
+ function getWmsIdFromOwsproxyString($owsproxy){
+ $sql = "SELECT wms_id from wms WHERE wms_owsproxy = $1 ";
+ $t = array("s");
+ $v = array($owsproxy);
+ $res = db_prep_query($sql,$v,$t);
+ if($row = db_fetch_array($res)){
+ return $row["wms_id"];
+ }
+ else{
+ return false;
+ }
+ }
+
+
function checkURL($url){
$pos_qm = strpos($url,"?");
if($pos_qm > 0 && $pos_qm < (mb_strlen($url)-1) && mb_substr($url,(mb_strlen($url)-1)) != "&"){
Modified: trunk/mapbender/http/classes/class_connector.php
===================================================================
--- trunk/mapbender/http/classes/class_connector.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/classes/class_connector.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -42,8 +42,17 @@
$this->set("connectionType", CONNECTION);
if (func_num_args() == 1) {
$url = func_get_arg(0);
- $this->load($url);
+ if ($url) {
+ $this->load($url);
+ }
}
+ else if (func_num_args() == 2) {
+ $auth = func_get_arg(1);
+ $url = func_get_arg(0);
+ if ($url) {
+ $this->load($url,$auth);
+ }
+ }
}
/**
@@ -67,7 +76,15 @@
}
else {
$e = new mb_notice("CURL host:".$host);
- $this->file = $this->getCURL($url);
+ if (func_num_args() == 2) {
+ $auth = func_get_arg(1);
+ if (isset($auth)) {
+ $this->file = $this->getCURL($url,$auth);
+ }
+ }
+ else {
+ $this->file = $this->getCURL($url);
+ }
}
break;
case "http":
@@ -155,17 +172,46 @@
}
private function getCURL($url){
+ $url=Str_replace(" ","+",$url); //to have no problems with image/png; mode=24bit!
+ $url=str_replace(";","%3B",$url);
+ if (func_num_args() == 2) {
+ $auth = func_get_arg(1);
+ } //auth should be an array of ['username', 'realm', 'password', 'auth_type'] - or false - problem would be, that these are stored without hashing them!
$ch = curl_init ($url);
// curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
+ //allow https connections and handle certificates quite simply ;-)
+ curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,0);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
if(CONNECTION_PROXY != ""){
curl_setopt($ch, CURLOPT_PROXY,CONNECTION_PROXY.":".CONNECTION_PORT);
}
if(CONNECTION_PASSWORD != ""){
curl_setopt ($ch, CURLOPT_PROXYUSERPWD, CONNECTION_USER.':'.CONNECTION_PASSWORD);
}
+ //TODO maybe allow basic authentication for client, but this will store the passwords in plain text
+ //TODO: store the passwords as digest hash. Therefor we have to handle the realm which is defined in the 401 header and return it back to the scripts like mod_loadwms.php to store the digest into the database - problem: curl cannot handle digest connection without clear username and password - we have to send our own headers
+ if(isset($auth) && $auth != false) {
+ curl_setopt($ch, CURLOPT_USERPWD, $auth['username'].':'.$auth['password']);
+ if ($auth['auth_type'] == 'digest') {
+ curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
+ }
+ if ($auth['auth_type'] == 'basic') {
+ curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
+ }
+ }
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
+ $useragent=CONNECTION_USERAGENT;
+ $e = new mb_exception("connector: CURL connect to: ".$url);
+ curl_setopt ($ch,CURLOPT_USERAGENT,$useragent);
$file = curl_exec ($ch);
+ //handle http authentication
+ $info = curl_getinfo($ch);
+
+ if ($info['http_code'] == '401') {
+ curl_close ($ch);
+ return $info['http_code'];
+ }
curl_close ($ch);
return $file;
Modified: trunk/mapbender/http/classes/class_wms.php
===================================================================
--- trunk/mapbender/http/classes/class_wms.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/classes/class_wms.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -242,10 +242,17 @@
}
function createObjFromXML($url){
-
- $x = new connector($url);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $x = new connector($url,$auth);
+ }
+ else {
+ $x = new connector($url);
+ }
$data = $x->file;
-
+ if ($data=='401') {
+ echo "<br>HTTP Error:<b>".$data." - Authorization required. This seems to be a service which needs HTTP Authentication!</b><br>";
+ }
if(!$data){
$this->wms_status = false;
return false;
@@ -726,6 +733,7 @@
}
if($this->objLayer[$i]->layer_name == ""){
$this->objLayer[$i]->layer_name = $this->objLayer[$i]->layer_title;
+#$this->objLayer[$i]->layer_name = "";
}
if($this->objLayer[$i]->layer_minscale == ""){
$this->objLayer[$i]->layer_minscale = 0;
@@ -1154,6 +1162,17 @@
*/
function writeObjInDB($gui_id){
global $con;
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $username = $auth['username'];
+ $password = $auth['password'];
+ $authType = $auth['auth_type'];
+ }
+ else {
+ $username = '';
+ $password = '';
+ $authType = '';
+ }
$admin = new administration();
$this->checkObj();
@@ -1164,24 +1183,30 @@
$sql.= "wms_getfeatureinfo, wms_getlegendurl, wms_getcapabilities_doc, wms_upload_url, fees, ";
$sql .= "accessconstraints, contactperson, contactposition, contactorganization, address, city, ";
$sql .= "stateorprovince, postcode, country, contactvoicetelephone, contactfacsimiletelephone, contactelectronicmailaddress, ";
- $sql .= "wms_owner,wms_timestamp, ";
+ $sql .= "wms_owner,wms_timestamp,wms_username,wms_password,wms_auth_type,";
$sql .= "wms_supportsld, wms_userlayer, wms_userstyle, wms_remotewfs) ";
- $sql .= "VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28)";
+ $sql .= "VALUES($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28,$29,$30,$31)";
$v = array($this->wms_version,$this->wms_title,$this->wms_abstract,$this->wms_getcapabilities,
$this->wms_getmap,$this->wms_getfeatureinfo,$this->wms_getlegendurl,$admin->char_encode($this->wms_getcapabilities_doc),
$this->wms_upload_url,$this->fees,$this->accessconstraints,$this->contactperson,$this->contactposition,
$this->contactorganization,$this->address,$this->city,$this->stateorprovince,$this->postcode,$this->country,
$this->contactvoicetelephone,$this->contactfacsimiletelephone,$this->contactelectronicmailaddress,
- Mapbender::session()->get('mb_user_id'),strtotime("now"),
+ Mapbender::session()->get('mb_user_id'),strtotime("now"),$username,$password,$authType,
$this->wms_supportsld,$this->wms_userlayer,$this->wms_userstyle,$this->wms_remotewfs );
- $t = array('s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','i','i','s','s','s','s');
+ $t = array('s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','s','i','i','s','s','s','s','s','s','s');
$res = db_prep_query($sql,$v,$t);
if(!$res){
db_rollback();
}
$myWMS = db_insert_id($con,'wms', 'wms_id');
-
+
+ if ($authType != '') { //some authentication is needed!
+ $admin = new administration();
+ echo "WMS ID: ".$myWMS;
+ $admin->setWMSOWSstring($myWMS, 1);
+ }
+
# TABLE layer and gui_layer
for($i=0; $i<count($this->objLayer); $i++){
Modified: trunk/mapbender/http/php/mod_layerMetadata.php
===================================================================
--- trunk/mapbender/http/php/mod_layerMetadata.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/php/mod_layerMetadata.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -101,7 +101,15 @@
$layer = array();
$row = db_fetch_array($res);
$layer_id = $row['layer_id'];
+ $layer_name = $row['layer_name'];
+if($row['wms_owsproxy']!='') {
+ $secured=true;
+}
+else {
+ $secured=false;
+}
+
$sql_dep = "SELECT mb_group_name FROM mb_group AS a, mb_user AS b, mb_user_mb_group AS c WHERE b.mb_user_id = $1 AND b.mb_user_id = c.fkey_mb_user_id AND c.fkey_mb_group_id = a.mb_group_id AND b.mb_user_department = a.mb_group_description LIMIT 1";
$v_dep = array($row['wms_owner']);
$t_dep = array('i');
@@ -221,6 +229,11 @@
_mb("Monitoring abonnieren") . "</a></td></tr>";
}
}
+ //if service is secured
+ if ($secured=true){
+ $slink=HTTP_AUTH_PROXY."/".$layer_id."?REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS";
+ echo "<tr><th>Abgesicherte Verbindung</th><td><a href = '".$slink."' target=_blank>Secured Capabilities-Dokument</a></td></tr>";
+ }
$metadataStr .= "</table>\n";
$metadataStr .= '</div></body></html>';
echo $metadataStr;
Modified: trunk/mapbender/http/php/mod_loadCapabilities.php
===================================================================
--- trunk/mapbender/http/php/mod_loadCapabilities.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/php/mod_loadCapabilities.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -156,11 +156,22 @@
#echo "Load WMS capabilities URL:<br>"
if (isset($xml_file)){
- echo"<input type='text' name='xml_file' size='50' value='".$xml_file."'>";
+ echo"<input type='text' name='xml_file' size='50' value='".$xml_file."'><br>";
}else{
- echo"<input type='text' name='xml_file' size='50' value='http://'>";
+ echo"<input type='text' name='xml_file' size='50' value='http://'><br>";
}
- echo"<input type='button' name='loadCap' value='Load' onClick='validate(\"guiList\")'>";
+ //show fields for authentication - only possible if curl is used as connector!
+ if (CONNECTION == 'curl') {
+ echo"HTTP Authentication:<br>";
+ echo"<input type='radio' name='auth_type' checked='checked' value='none'>None<br>";
+ echo"<input type='radio' name='auth_type' value='digest'>Digest<br>";
+ echo"<input type='radio' name='auth_type' value='basic'>Basic<br>";
+ echo"Username<br>";
+ echo"<input type='text' name='username' size='50' value=''><br>";
+ echo"Password:<br>";
+ echo"<input type='text' name='password' size='50' value=''><br>";
+ }
+ echo"<input type='button' name='loadCap' value='Load' onClick='validate(\"guiList\")'>";
echo "</form>";
}
else{
@@ -168,4 +179,4 @@
}
?>
</body>
-</html>
\ No newline at end of file
+</html>
Modified: trunk/mapbender/http/php/mod_loadwms.php
===================================================================
--- trunk/mapbender/http/php/mod_loadwms.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/php/mod_loadwms.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -20,13 +20,36 @@
require_once(dirname(__FILE__) . "/mb_validatePermission.php");
require_once(dirname(__FILE__) . "/../classes/class_wms.php");
-$guiList = $_REQUEST["guiList"];
-$xml = $_REQUEST["xml_file"];
-
-echo "file: ".$xml;
-
-$mywms = new wms();
-$mywms->createObjFromXML($xml);
-$mywms->writeObjInDB($guiList);
-$mywms->displayWMS();
-?>
\ No newline at end of file
+if(isset($_REQUEST["wms_id"]) == false)
+{
+ echo "file: ".$_REQUEST["xml_file"];
+ $gui_id = $_REQUEST["guiList"];
+ $xml = $_REQUEST["xml_file"];
+
+ if ($_REQUEST["auth_type"] == 'basic' || $_REQUEST["auth_type"] == 'digest') {
+ $auth = array();
+ $auth['username'] = $_REQUEST["username"];
+ $auth['password'] = $_REQUEST["password"];
+ $auth['auth_type'] = $_REQUEST["auth_type"];
+ }
+ $mywms = new wms();
+if (isset($auth)){
+ $mywms->createObjFromXML($xml,$auth);
+ $mywms->writeObjInDB($gui_id,$auth);
+}
+else
+{
+ $mywms->createObjFromXML($xml);
+ $mywms->writeObjInDB($gui_id);
+}
+
+ $mywms->displayWMS();
+ $wms_id = $mywms->wms_id;
+}
+else
+{
+ $wms_id = $_REQUEST["wms_id"];
+}
+require_once(dirname(__FILE__)."/../php/mod_editWMS_Metadata.php");
+ editWMSByWMSID ($wms_id);
+?>
Modified: trunk/mapbender/http/php/mod_owsproxy_conf.php
===================================================================
--- trunk/mapbender/http/php/mod_owsproxy_conf.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/http/php/mod_owsproxy_conf.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -168,10 +168,13 @@
if($admin->getWMSOWSstring($ownwms[$i]) == false){ $status_proxy = 0 ;} else {$status_proxy = 1;};
if($admin->getWmsLogTag($ownwms[$i]) == 1){$status_log=1;} else {$status_log=0;};
if ($admin->getWmsPrice($ownwms[$i]) != 0 ){$status_price=$admin->getWmsPrice($ownwms[$i]);} else {$status_price=0;};
-
+ $auth=$admin->getAuthInfoOfWMS($ownwms[$i]);
+ if($auth['auth_type'] == ''){$status_auth = 0;} else {$status_auth = 1;};
echo "<tr>";
echo "<td>".$ownwms[$i]."</td>";
- echo "<td>".$admin->getWmsTitleByWmsId($ownwms[$i])."</td>";
+ echo "<td";
+ if($status_auth == 1){echo " bgcolor=\"#FF0000\"";};
+ echo ">".$admin->getWmsTitleByWmsId($ownwms[$i]);
echo "<td>";
#for owsproxy
echo "<input type='checkbox' id='wms_".$ownwms[$i]."_proxy' name='wms_".$ownwms[$i]."_proxy' onclick='if(this.checked){document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_log\").disabled=false;document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_price\").disabled=true;document.getElementById(\"status_\"+".$ownwms[$i]."+\"_proxy\").value=\"1\"}else{document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_log\").checked=false;document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_log\").disabled=true;document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_price\").disabled=true;document.getElementById(\"wms_\"+".$ownwms[$i]."+\"_price\").value=\"0\";document.getElementById(\"status_\"+".$ownwms[$i]."+\"_proxy\").value=\"0\";document.getElementById(\"status_\"+".$ownwms[$i]."+\"_log\").value=\"0\"}'";
@@ -179,6 +182,7 @@
#default
if($status_proxy == 1){ echo " checked"; } else {echo " unchecked"; }; //if a proxy string is set
+ if($status_auth == 1){ echo " disabled";};
echo ">";
#initialize hidden field for status proxy:
@@ -216,6 +220,10 @@
}
echo "</table>";
+echo "<br>";
+echo "<table><tr><td bgcolor=\"#FF0000\">Service with authentication information</td></tr></table>";
+
+
echo "<input type='submit' name='save' value='save' ></form>";
?>
</table>
Added: trunk/mapbender/http_auth/http/index.php
===================================================================
--- trunk/mapbender/http_auth/http/index.php (rev 0)
+++ trunk/mapbender/http_auth/http/index.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -0,0 +1,521 @@
+<?php
+require(dirname(__FILE__) . "/../../conf/mapbender.conf");
+require(dirname(__FILE__) . "/../../http/classes/class_administration.php");
+require(dirname(__FILE__) . "/../../http/classes/class_connector.php");
+require_once(dirname(__FILE__) . "/../../http/classes/class_mb_exception.php");
+require(dirname(__FILE__) . "/../../owsproxy/http/classes/class_QueryHandler.php");
+
+//database connection
+$db = db_connect($DBSERVER,$OWNER,$PW);
+db_select_db(DB,$db);
+
+$imageformats = array("image/png","image/gif","image/jpeg", "image/jpg");
+
+//control if digest auth is set, if not set, generate the challenge with getNonce()
+if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="'.REALM.
+ '",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'"');
+ die('Text to send if user hits Cancel button');
+}
+
+//read out the header in an array
+$requestHeaderArray = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);
+
+//error if header could not be read
+if (!($requestHeaderArray)) {
+ echo 'Following Header information cannot be validated - check your clientsoftware!<br>';
+ echo $_SERVER['PHP_AUTH_DIGEST'].'<br>';
+ die();
+}
+
+//get mb_username and email out of http_auth username string
+$userIdentification = explode(';',$requestHeaderArray['username']);
+$mbUsername = $userIdentification[0];
+$mbEmail = $userIdentification[1];
+
+$userInformation = getUserInfo($mbUsername,$mbEmail);
+
+if ($userInformation[0] == '-1') {
+ die('User with name: '.$mbUsername.' and email: '.$mbEmail.' not known to security proxy!');
+}
+
+if ($userInformation[1]=='') { //check if digest exists in db - if no digest exists it should be a null string!
+ die('User with name: '.$mbUsername.' and email: '.$mbEmail.' has no digest - please set a new password and try again!');
+}
+
+//first check the stale!
+if($requestHeaderArray['nonce'] == getNonce()) {
+ // Up-to-date nonce received
+ $stale = false;
+ } else {
+ // Stale nonce received (probably more than x seconds old)
+ $stale = true;
+ //give another chance to authenticate
+ header('HTTP/1.1 401 Unauthorized');
+ header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.getNonce().'",opaque="'.md5(REALM).'" ,stale=true');
+ }
+// generate the valid response to check the request of the client
+$A1 = $userInformation[1];
+$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$requestHeaderArray['uri']);
+$valid_response = $A1.':'.getNonce().':'.$requestHeaderArray['nc'];
+$valid_response .= ':'.$requestHeaderArray['cnonce'].':'.$requestHeaderArray['qop'].':'.$A2;
+
+$valid_response=md5($valid_response);
+
+if ($requestHeaderArray['response'] != $valid_response) {//the user have to authenticate new - cause something in the authentication went wrong
+ die('Authentication failed - sorry, you have to authenticate once more!');
+}
+//if we are here - authentication has been done well!
+//let's do the proxy things (came from owsproxy.php):
+$postdata = $HTTP_RAW_POST_DATA;
+$layerId = $_REQUEST['layer_id'];
+$query = new QueryHandler();
+
+// an array with keys and values toLoserCase -> caseinsensitiv
+$reqParams = $query->getRequestParams();
+
+$n = new administration();
+
+$wmsId = getWmsIdByLayerId($layerId);
+$owsproxyString = $n->getWMSOWSstring($wmsId);
+
+if (!$owsproxyString) {
+ die('The requested ressource does not exists or the routing through mapbenders owsproxy is not activated!');
+}
+//get authentication infos if they are available in wms table! if not $auth = false
+$auth = $n->getAuthInfoOfWMS($wmsId);
+
+if ($auth['auth_type']==''){
+ unset($auth);
+}
+
+$e = new mb_exception("REQUEST to HTTP_AUTH: ".strtolower($reqParams['request']));
+
+//what the proxy does
+switch (strtolower($reqParams['request'])) {
+
+ case 'getcapabilities':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
+ $request = 'http://'.$_SERVER['HTTP_HOST'].'/mapbender/x_geoportal/wms.php?layer_id='.$layerId;
+ $requestFull .= $request.'&REQUEST=GetCapabilities&VERSION=1.1.1&SERVICE=WMS';
+ if(isset($auth)){
+ getCapabilities($request,$requestFull,$auth);
+ }
+ else {
+ getCapabilities($request,$requestFull);
+ }
+ break;
+ case 'getfeatureinfo':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
+ $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
+ if ($layers == '' ) {
+ throwE("GetFeatureInfo permission denied on layer with id".$layerId);
+ die();
+ }
+ $request = $query->getRequest();
+ if(isset($auth)){
+ getFeatureInfo($request,$auth);
+ }
+ else {
+ getFeatureInfo($request);
+ }
+ break;
+ case 'getmap':
+ $arrayOnlineresources = checkWmsPermission($wmsId,$userInformation[0]);
+ $query->setOnlineResource($arrayOnlineresources['wms_getmap']);
+ $layers = checkLayerPermission($wmsId,$reqParams['layers'],$userInformation[0]);
+ if ($layers == '' ) {
+ throwE("GetMap permission denied on layer with id ".$layerId);
+ die();
+ }
+ $query->setParam("layers",$layers);
+ $request = $query->getRequest();
+ #log proxy requests
+ if($n->getWmsLogTag($wmsId)==1) {
+ #do log to db
+ #TODO read out size of bbox and calculate price
+ #get price out of db
+ $price=intval($n->getWmsPrice($wmsId));
+ $n->logWmsProxyRequest($wmsId,$userInformation[0],$request,$price);
+ }
+ if(isset($auth)){
+ getImage($request,$auth);
+ }
+ else {
+ getImage($request);
+ }
+ break;
+ case 'getlegendgraphic':
+ $url = getLegendUrl($wmsId);
+ $e = new mb_exception("URL for getlegendgraphic: ");
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
+ break;
+ default:
+echo 'Your are logged in as: <b>' .$requestHeaderArray['username'].'</b> and requested the layer with id=<b>'.$layerId.'</b> but your request is not a valid OWS request';
+}
+//functions for http_auth
+//**********************************************************************************************
+
+// function to parse the http auth header
+function http_digest_parse($txt)
+{
+ // protect against missing data
+ $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
+ $data = array();
+ $keys = implode('|', array_keys($needed_parts));
+ preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
+ foreach ($matches as $m) {
+ $data[$m[1]] = $m[3] ? $m[3] : $m[4];
+ unset($needed_parts[$m[1]]);
+ }
+ return $needed_parts ? false : $data;
+}
+// function to get relevant user information from mb db
+function getUserInfo($mbUsername,$mbEmail) {
+ $result = array();
+ $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2";
+ $v = array($mbUsername, $mbEmail);
+ $t = array("s","s");
+ $res = db_prep_query($sql, $v, $t);
+ if(!($row = db_fetch_array($res))){
+ $result[0] = "-1";
+ }
+ else {
+ $result[0] = $row['mb_user_id'];
+ $result[1] = $row['mb_user_digest'];
+ }
+ return $result;
+}
+
+function getNonce() {
+ global $nonceLife;
+ $time = ceil(time() / $nonceLife) * $nonceLife;
+ return md5(date('Y-m-d H:i', $time).':'.$_SERVER['REMOTE_ADDR'].':'.NONCEKEY);
+}
+
+//**********************************************************************************************
+//functions of owsproxy/http/index.php
+//**********************************************************************************************
+function throwE($e){
+ global $reqParams, $imageformats;
+
+ if(in_array($reqParams['format'],$imageformats)){
+ throwImage($e);
+ }
+ else{
+ throwText($e);
+ }
+}
+
+function throwImage($e){
+ global $reqParams;
+ if (!$reqParams['width'] || !$reqParams['height']) { //width or height are not set by ows request - maybe for legendgraphics
+ $width = 300;
+ $height = 20;
+ }
+ $image = imagecreate($width,$height);
+ $transparent = ImageColorAllocate($image,155,155,155);
+ ImageFilledRectangle($image,0,0,$width,$height,$transparent);
+ imagecolortransparent($image, $transparent);
+ $text_color = ImageColorAllocate ($image, 233, 14, 91);
+ for($i=0; $i<count($e); $i++){
+ ImageString ($image, 3, 5, $i*20, $e[$i], $text_color);
+ }
+ responseImage($image);
+}
+function throwText($e){
+ echo join(" ", $e);
+}
+function responseImage($im){
+ global $reqParams;
+ $format = $reqParams['format'];
+ if($format == 'image/png'){header("Content-Type: image/png");}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){header("Content-Type: image/jpeg");}
+ if($format == 'image/gif'){header("Content-Type: image/gif");}
+ if($format == 'image/png'){imagepng($im);}
+ if($format == 'image/jpeg' || $format == 'image/jpg'){imagejpeg($im);}
+ if($format == 'image/gif'){imagegif($im);}
+}
+function completeURL($url){
+ global $reqParams;
+ $mykeys = array_keys($reqParams);
+ for($i=0; $i<count($mykeys);$i++){
+ if($i > 0){ $url .= "&"; }
+ $url .= $mykeys[$i]."=".urlencode($reqParams[$mykeys[$i]]);
+ }
+ return $url;
+}
+
+/**
+ * fetch and returns an image to client
+ *
+ * @param string the original url of the image to send
+ */
+
+function getImage($or){
+ global $reqParams;
+ header("Content-Type: ".$reqParams['format']);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($or,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($or);
+ }
+}
+
+/**
+ * fetchs and returns the content of the FeatureInfo Response
+ *
+ * @param string the url of the FeatureInfoRequest
+ * @return string the content of the FeatureInfo document
+ */
+function getFeatureInfo($url){
+ global $info_format;
+ $e = new mb_exception("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
+ header("Content-Type: ".$info_format);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($url,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($url);
+ }
+}
+
+
+
+
+function matchUrls($content){
+ if(!session_is_registered("owsproxyUrls")){
+ $_SESSION["owsproxyUrls"] = array();
+ $_SESSION["owsproxyUrls"]["id"] = array();
+ $_SESSION["owsproxyUrls"]["url"] = array();
+ }
+ $pattern = "/[\"|\'](https*:\/\/[^\"|^\']*)[\"|\']/";
+ preg_match_all($pattern,$content,$matches);
+ for($i=0; $i<count($matches[1]); $i++){
+ $req = $matches[1][$i];
+ $e = new mb_exception("Gefundene URL ".$i.": ".$req);
+ #$notice = new mb_notice("owsproxy id:".$req);
+ $id = registerURL($req);
+ $extReq = setExternalRequest($id);
+ $e = new mb_exception("MD5 URL ".$id."-Externer Link: ".$extReq);
+ $content = str_replace($req,$extReq,$content);
+ }
+ return $content;
+}
+
+function setExternalRequest($id){
+ global $reqParams,$query;
+ $extReq = "http://".$_SESSION['HTTP_HOST'] ."/owsproxy/". $reqParams['sid'] ."/".$id."?request=external";
+ return $extReq;
+}
+function getExternalRequest($id){
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ if($id == $_SESSION["owsproxyUrls"]["id"][$i]){
+ $cUrl = $_SESSION["owsproxyUrls"]["url"][$i];
+ $query_string = removeOWSGetParams($_SERVER["QUERY_STRING"]);
+ if($query_string != ''){
+ $cUrl .= getConjunctionCharacter($cUrl).$query_string;
+ }
+ $metainfo = get_headers($cUrl,1);
+ // just for the stupid InternetExplorer
+ header('Pragma: private');
+ header('Cache-control: private, must-revalidate');
+
+ header("Content-Type: ".$metainfo['Content-Type']);
+
+ $content = getDocumentContent($cUrl,false);
+ #$content = matchUrls($content); //In the case of http_auth - this is not possible cause we cannot save them in the header - maybe we could create a special session to do so later on?
+ echo $content;
+ }
+ }
+}
+function removeOWSGetParams($query_string){
+ $r = preg_replace("/.*request=external&/","",$query_string);
+ #return $r;
+ return "";
+}
+function getConjunctionCharacter($url){
+ if(strpos($url,"?")){
+ if(strpos($url,"?") == strlen($url)){
+ $cchar = "";
+ }else if(strpos($url,"&") == strlen($url)){
+ $cchar = "";
+ }else{
+ $cchar = "&";
+ }
+ }
+ if(strpos($url,"?") === false){
+ $cchar = "?";
+ }
+ return $cchar;
+}
+function registerUrl($url){
+ if(!in_array($url,$_SESSION["owsproxyUrls"]["url"])){
+ $e = new mb_exception("Is noch net drin!");
+ $id = md5($url);
+ $e = new mb_exception("ID: ".$id." URL: ".$url." will be written to session");
+ array_push($_SESSION["owsproxyUrls"]["url"],$url);
+ array_push($_SESSION["owsproxyUrls"]["id"], $id);
+ }
+ else{
+ $e = new mb_exception("It was found! Search content and return ID!");
+ for($i=0; $i<count($_SESSION["owsproxyUrls"]["url"]); $i++){
+ $e = new mb_exception("Content ".$i." : proxyurl:".$_SESSION["owsproxyUrls"]["url"][$i]." - new: ".$url);
+ if($url == $_SESSION["owsproxyUrls"]["url"][$i]){
+ $e = new mb_exception("Identical! ID:".$_SESSION["owsproxyUrls"]["id"][$i]." will be used");
+ $id = $_SESSION["owsproxyUrls"]["id"][$i];
+ }
+ }
+ }
+ return $id;
+}
+
+function getCapabilities($request,$requestFull){
+ global $arrayOnlineresources;
+ global $layerId;
+ header("Content-Type: application/xml");
+ if (func_num_args() == 3) { //new for HTTP Authentication
+ $auth = func_get_arg(2);
+ $content = getDocumentContent($requestFull,$auth);
+ print_r($auth);
+ }
+ else
+ {
+ $content = getDocumentContent($requestFull);
+ }
+
+ $new = "href=\"".HTTP_AUTH_PROXY ."/". $layerId."?";
+ $pattern = "#href=\"".OWSPROXY."/[a-z0-9]{32}\/[a-z0-9]{32}\?#m";
+ $content = preg_replace($pattern,$new,$content);
+
+ #TODO: maybe do this by parsing xml rather then regexpr cause they are hungry ;-) - but fast
+
+ $new = "href=\"".HTTP_AUTH_PROXY ."/". $layerId."?$1\"";
+ $pattern = "#href=\"".str_replace('?','\?',str_replace('/','\/',$request))."\"#";
+ $content = preg_replace($pattern,$new,$content);
+
+ echo $content;
+}
+
+/**
+ * gets the original url of the requested legend graphic
+ *
+ * @param string owsproxy md5
+ * @return string url to legend graphic
+ */
+function getLegendUrl($wmsId){
+ global $reqParams;
+ //get the url
+ $sql = "SELECT layer_style.legendurl ";
+ $sql .= "FROM layer_style JOIN layer ";
+ $sql .= "ON layer_style.fkey_layer_id = layer.layer_id ";
+ $sql .= "WHERE layer.layer_name = $2 AND layer.fkey_wms_id = $1 ";
+ $sql .= "AND layer_style.name = $3 AND layer_style.legendurlformat = $4";
+ if ($reqParams['style']==''){
+ $style='default';
+ }
+ else {
+ $style='';
+ }
+ $v = array($wmsId, $reqParams['layer'], $style, $reqParams['format']);
+ $t = array("i", "s", "s", "s");
+
+ $res = db_prep_query($sql, $v, $t);
+ if($row = db_fetch_array($res))
+ return $row["legendurl"];
+ else{
+ throwE(array("No legendurl available."));
+ die();
+ }
+}
+/**
+ * validated access permission on requested wms
+ *
+ * @param wmsId integer, userId - integer
+ * @return array array with detailed information about requested wms
+ */
+function checkWmsPermission($wmsId,$userId){
+ global $con, $n;
+ $myguis = $n->getGuisByPermission($userId,true);
+ $mywms = $n->getWmsByOwnGuis($myguis);
+
+ $sql = "SELECT * FROM wms WHERE wms_id = $1";
+ $v = array($wmsId);
+ $t = array("s");
+ $res = db_prep_query($sql, $v, $t);
+ $service = array();
+ if($row = db_fetch_array($res)){
+ $service["wms_id"] = $row["wms_id"];
+ $service["wms_getcapabilities"] = $row["wms_getcapabilities"];
+ $service["wms_getmap"] = $row["wms_getmap"];
+ $service["wms_getfeatureinfo"] = $row["wms_getfeatureinfo"];
+ $service["wms_getcapabilities_doc"] = $row["wms_getcapabilities_doc"];
+ }
+ if(!$row || count($mywms) == 0){
+ throwE(array("No wms data available."));
+ die();
+ }
+
+ if(!in_array($service["wms_id"], $mywms)){
+ throwE(array("Permission denied."," -> ".$service["wms_id"], implode(",", $mywms)));
+ die();
+ }
+ return $service;
+}
+
+function checkLayerPermission($wms_id,$l,$userId){
+ global $n, $owsproxyService;
+ $e = new mb_exception("owsproxy: checkLayerpermission: wms: ".$wms_id.", layer: ".$l.' user_id: '.$userId);
+ $myl = split(",",$l);
+ $r = array();
+ foreach($myl as $mysl){
+ if($n->getLayerPermission($wms_id, $mysl, $userId) === true){
+ array_push($r, $mysl);
+ }
+ }
+ $ret = implode(",",$r);
+ return $ret;
+}
+function getDocumentContent($url){
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $d = new connector($url, $auth);
+ }
+ else {
+ $d = new connector($url);
+ }
+ return $d->file;
+}
+//**********************************************************************************************
+//extra functions TODO: push them in class_administration.php
+
+/**
+ * selects the wms id for a given layer id.
+ *
+ * @param <integer> the layer id
+ * @return <string|boolean> either the id of the wms as integer or false when none exists
+ */
+ function getWmsIdByLayerId($id){
+ $sql = "SELECT fkey_wms_id FROM layer WHERE layer_id = $1";
+ $v = array($id);
+ $t = array('i');
+ $res = db_prep_query($sql,$v,$t);
+ $row = db_fetch_array($res);
+ if ($row) return $row["fkey_wms_id"]; else return false;
+ }
+
+
+?>
Modified: trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php
===================================================================
--- trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/owsproxy/http/classes/class_QueryHandler.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -82,6 +82,9 @@
else if($key == 'request' && $this->reqParams[$key] == 'external'){
return false;
}
+ else if($key == 'layer_id'){ //for request to restful layer proxy - id would become part of the url!
+ return false;
+ }
else{
return true;
}
@@ -162,4 +165,4 @@
}
}
-?>
\ No newline at end of file
+?>
Modified: trunk/mapbender/owsproxy/http/index.php
===================================================================
--- trunk/mapbender/owsproxy/http/index.php 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/owsproxy/http/index.php 2009-09-02 12:59:49 UTC (rev 4586)
@@ -51,12 +51,21 @@
throwE("Permission denied");
die();
}
-
+$n = new administration;
//if($_SESSION['mb_user_ip'] != $_SERVER['REMOTE_ADDR']){
// throwE(array("No session data available.","Permission denied.","Please authenticate."));
// die();
//}
+$wmsId = $n->getWmsIdFromOwsproxyString($query->getOwsproxyServiceId());
+#$notice = new mb_notice("wmsid:".$wmsId);
+//get authentication infos if they are available in wms table! if not $auth = false
+$auth = $n->getAuthInfoOfWMS($wmsId);
+#$mb_exception = new mb_exception("auth: ".$auth['username']);
+if ($auth['auth_type']==''){
+ unset($auth);
+}
+
/************* workflow ************/
$n = new administration();
switch (strtolower($reqParams['request'])) {
@@ -64,13 +73,24 @@
$arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
$query->setOnlineResource($arrayOnlineresources['wms_getcapabilities']);
$request = $query->getRequest();
- getCapabilities($request);
+ if(isset($auth)){
+ getCapabilities($request,$auth);
+ #$mb_exception = new mb_exception("auth: ".$auth['auth_type']);
+ }
+ else {
+ getCapabilities($request);
+ }
break;
case 'getfeatureinfo':
$arrayOnlineresources = checkWmsPermission($query->getOwsproxyServiceId());
$query->setOnlineResource($arrayOnlineresources['wms_getfeatureinfo']);
$request = $query->getRequest();
- getFeatureInfo($request);
+ if(isset($auth)){
+ getFeatureInfo($request,$auth);
+ }
+ else {
+ getFeatureInfo($request);
+ }
break;
case 'getmap':
$arrayOnlineresources = checkWmsPermission($owsproxyService);
@@ -90,7 +110,13 @@
$price=intval($n->getWmsPrice($arrayOnlineresources['wms_id']));
$n->logWmsProxyRequest($arrayOnlineresources['wms_id'],$_SESSION['mb_user_id'],$request,$price);
}
- getImage($request);
+ if(isset($auth)){
+#$mb_exception = new mb_exception("auth: ".$auth['auth_type']);
+ getImage($request,$auth);
+ }
+ else {
+ getImage($request);
+ }
break;
case 'map':
$arrayOnlineresources = checkWmsPermission($owsproxyService);
@@ -102,11 +128,21 @@
}
$query->setParam("layers",$layers);
$request = $query->getRequest();
- getImage($request);
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
break;
case 'getlegendgraphic':
$url = getLegendUrl($query->getOwsproxyServiceId());
- getImage($url);
+ if(isset($auth)){
+ getImage($url,$auth);
+ }
+ else {
+ getImage($url);
+ }
break;
case 'external':
getExternalRequest($query->getOwsproxyServiceId());
@@ -191,7 +227,15 @@
#timestamp,user_id,getmaprequest,amount pixel,price - but do this only for wms to log - therefor first get log tag out of wms!
#
#
- echo getDocumentContent($or);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ echo getDocumentContent($or,$auth);
+ }
+ else
+ {
+ echo getDocumentContent($or);
+ }
+
}
/**
@@ -204,7 +248,14 @@
global $info_format;
//$e = new mb_notice("owsproxy: Try to fetch FeatureInfoRequest: ".$url);
header("Content-Type: ".$info_format);
- $content = getDocumentContent($url);
+
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $content = getDocumentContent($url,$auth);
+ }
+ else {
+ $content = getDocumentContent($url);
+ }
$content = matchUrls($content);
echo $content;
}
@@ -575,7 +626,14 @@
return $ret;
}
function getDocumentContent($url){
- $d = new connector($url);
+ if (func_num_args() == 2) { //new for HTTP Authentication
+ $auth = func_get_arg(1);
+ $d = new connector($url, $auth);
+ }
+ else {
+ $d = new connector($url);
+ }
+
return $d->file;
}
?>
Modified: trunk/mapbender/resources/db/update/update_2.7.sql
===================================================================
--- trunk/mapbender/resources/db/update/update_2.7.sql 2009-09-01 13:49:30 UTC (rev 4585)
+++ trunk/mapbender/resources/db/update/update_2.7.sql 2009-09-02 12:59:49 UTC (rev 4586)
@@ -276,3 +276,23 @@
ALTER TABLE wms ADD COLUMN wms_pricevolume integer;
ALTER TABLE wms ALTER COLUMN wms_pricevolume SET STORAGE PLAIN;
---------------------------
+
+---------------------------
+-- http auth
+ALTER TABLE wms ADD COLUMN wms_username VARCHAR(255) NOT NULL DEFAULT '';
+ALTER TABLE wms ADD COLUMN wms_password VARCHAR(255) NOT NULL DEFAULT '';
+ALTER TABLE wms ADD COLUMN wms_auth_type VARCHAR(255) NOT NULL DEFAULT '';
+
+-- Column: mb_user_digest
+-- ALTER TABLE mb_user DROP COLUMN mb_user_digest;
+ALTER TABLE mb_user ADD COLUMN mb_user_digest text;
+ALTER TABLE mb_user ALTER COLUMN mb_user_digest SET STORAGE EXTENDED;
+
+--Initial filling with empty strings
+UPDATE mb_user set mb_user_digest='';
+
+--howto set up the http_auth digest hash
+--update mb_user set mb_user_digest=md5(mb_user_name || ';' || mb_user_email || ':' || '<realm_name>' || ':' || 'password') where mb_user_id = <ID>;
+
+---------------------------
+
\ No newline at end of file
More information about the Mapbender_commits
mailing list