Commit 047801fd authored by Guillaume Rousse's avatar Guillaume Rousse

simplify and fix SP/IdP extraction from metadata

- regenerate_metadata() function has been merged with update_metadata(),
avoiding duplicated work
- failure to open lock file or to acquire lock results in immediate
function exit
parent 33ae0b95
...@@ -4,12 +4,13 @@ function updateMetadata() { ...@@ -4,12 +4,13 @@ function updateMetadata() {
global $metadataLockFile, $metadataIDPFile, $metadataSPFile; global $metadataLockFile, $metadataIDPFile, $metadataSPFile;
global $metadataFile, $defaultLanguage; global $metadataFile, $defaultLanguage;
global $SAML2MetaOverLocalConf, $includeLocalConfEntries; global $SAML2MetaOverLocalConf, $includeLocalConfEntries;
global $verbose; global $verbose, $IDProviders, $SProviders;
// Open the metadata lock file. // Open the metadata lock file.
if (($lockFp = fopen($metadataLockFile, 'a+')) === false) { if (($lockFp = fopen($metadataLockFile, 'a+')) === false) {
$errorMsg = 'Could not open lock file '.$metadataLockFile; $errorMsg = 'Could not open lock file '.$metadataLockFile;
logError($errorMsg); logError($errorMsg);
return false;
} }
// Check that $IDProviders exists // Check that $IDProviders exists
...@@ -17,44 +18,46 @@ function updateMetadata() { ...@@ -17,44 +18,46 @@ function updateMetadata() {
$IDProviders = array(); $IDProviders = array();
} }
// Run as included file if (!file_exists($metadataIDPFile) or filemtime($metadataFile) > filemtime($metadataIDPFile)) {
if(!file_exists($metadataIDPFile) or filemtime($metadataFile) > filemtime($metadataIDPFile)){
// Get an exclusive lock to regenerate the IdP and SP files
// from the metadata file.
if (flock($lockFp, LOCK_EX) === false) {
$errorMsg = 'Could not get exclusive lock on '.$metadataLockFile;
logError($errorMsg);
fclose($lockFp);
return false;
}
// parse metadata file
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $defaultLanguage);
// Get an exclusive lock to regenerate the parsed files. if ($metadataIDProviders != false && is_array($metadataIDProviders)){
if ($lockFp !== false) { dumpFile($metadataIDPFile, $metadataIDProviders, 'metadataIDProviders');
if (flock($lockFp, LOCK_EX) === false) {
$errorMsg = 'Could not get exclusive lock on '.$metadataLockFile;
logError($errorMsg);
}
} }
}
// Now that we have the lock, check again if ($metadataSProviders != false && is_array($metadataSProviders)){
if( dumpFile($metadataSPFile, $metadataSProviders, 'metadataSProviders');
(!file_exists($metadataIDPFile) or filemtime($metadataFile) > filemtime($metadataIDPFile)) }
and regenerateMetadata($metadataFile, $defaultLanguage)
){ // release the exclusive lock
flock($lockFp, LOCK_UN);
// Now merge IDPs from metadata and static file // Now merge IDPs from metadata and static file
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries); $IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
// For now copy the array by reference // For now copy the array by reference
$SProviders = &$metadataSProviders; $SProviders = &$metadataSProviders;
} elseif (file_exists($metadataIDPFile)){ } elseif (file_exists($metadataIDPFile)) {
// Get a shared lock to read the IdP and SP files // Get a shared lock to read the IdP and SP files
// generated from the metadata file. // generated from the metadata file.
if ($lockFp !== false) { if (flock($lockFp, LOCK_SH) === false) {
$errorMsg = 'Could not lock file '.$metadataLockFile;
// Release the lock in case we had it for some logError($errorMsg);
// reason and still ended up here fclose($lockFp);
flock($lockFp, LOCK_UN); return false;
if (flock($lockFp, LOCK_SH) === false) {
$errorMsg = 'Could not lock file '.$metadataLockFile;
logError($errorMsg);
}
} }
// Read SP and IDP files generated with metadata // Read SP and IDP files generated with metadata
...@@ -62,9 +65,7 @@ function updateMetadata() { ...@@ -62,9 +65,7 @@ function updateMetadata() {
require($metadataSPFile); require($metadataSPFile);
// Release the lock. // Release the lock.
if ($lockFp !== false) { flock($lockFp, LOCK_UN);
flock($lockFp, LOCK_UN);
}
// Now merge IDPs from metadata and static file // Now merge IDPs from metadata and static file
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries); $IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
...@@ -74,10 +75,7 @@ function updateMetadata() { ...@@ -74,10 +75,7 @@ function updateMetadata() {
} }
// Close the metadata lock file. // Close the metadata lock file.
if ($lockFp !== false) { fclose($lockFp);
fclose($lockFp);
}
} }
// Function parseMetadata, parses metadata file and returns Array($IdPs, SPs) or // Function parseMetadata, parses metadata file and returns Array($IdPs, SPs) or
...@@ -218,31 +216,6 @@ function parseMetadata($metadataFile, $defaultLanguage){ ...@@ -218,31 +216,6 @@ function parseMetadata($metadataFile, $defaultLanguage){
return Array($metadataIDProviders, $metadataSProviders); return Array($metadataIDProviders, $metadataSProviders);
} }
// Load SAML metadata file, parse it and update
// IDProvider.metadata.php and SProvider.metadata.php files
function regenerateMetadata($metadataFile, $defaultLanguage) {
global $metadataIDPFile, $metadataSPFile, $IDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries;
// Regenerate $metadataIDPFile.
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $defaultLanguage);
if($metadataIDProviders == false) {
return false;
}
// If $metadataIDProviders is not an array (parse error in metadata),
// $IDProviders from $IDPConfigFile will be used.
if(is_array($metadataIDProviders)){
dumpFile($metadataIDPFile, $metadataIDProviders, 'metadataIDProviders');
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
}
if(is_array($metadataSProviders)){
dumpFile($metadataSPFile, $metadataSProviders, 'metadataSProviders');
require($metadataSPFile);
}
}
// Processes an IDPRoleDescriptor XML node and returns an IDP entry or false if // Processes an IDPRoleDescriptor XML node and returns an IDP entry or false if
// something went wrong // something went wrong
function processIDPRoleDescriptor($IDPRoleDescriptorNode){ function processIDPRoleDescriptor($IDPRoleDescriptorNode){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment