Commit b8a68693 authored by haemmer's avatar haemmer

Fixed #703 and updated/restructured README

parent 55314880
This diff is collapsed.
......@@ -3,7 +3,7 @@
/*
******************************************************************************
SWITCHwayf
Version: 1.14.2
Version: 1.14.3
Contact: aai@switch.ch
Web site: http://www.switch.ch/aai/wayf
******************************************************************************
......
......@@ -5,12 +5,12 @@
// your environment and then do some testing before deploying the WAYF.
//******************************************************************************
// Language settings
//******************
// 1. Language settings
//*********************
$defaultLanguage = 'en';
// Cookie settings
//****************
// 2. Cookie settings
//*******************
// Domain within the WAYF cookei shall be readable. Must start with a .
$commonDomain = '.switch.ch';
......@@ -39,8 +39,8 @@ $SAMLDomainCookieName = $cookieNamePrefix.'_saml_idp';
$SPCookieName = $cookieNamePrefix.'_saml_sp';
// Enabled/Disabled Features
//**************************
// 3. Features and extensions
//***************************
// Whether to show the checkbox to permanently remember a setting
$showPermanentSetting = false;
......@@ -118,8 +118,8 @@ $useLogging = true;
$exportPreselectedIdP = false;
// Look&feel settings
//*******************
// 4. Look and feel settings
//**************************
// Name of the federation
$federationName = 'SWITCHaai Federation';
......@@ -137,8 +137,9 @@ $logoURL = $imageURL.'/switch-aai-transparent.png';
$smallLogoURL = $imageURL.'/switch-aai-transparent-small.png';
// Involved files settings
//************************
// 5. Files and path settings
//***************************
// Set both config files to the same value if you don't want to use the
// the WAYF to read a (potential) automatically generated file that undergoes
// some plausability checks before being used
......@@ -160,18 +161,24 @@ $metadataIDPFile = 'IDProvider.metadata.php';
// The user running the script must have permission to create $metadataIdpFile
$metadataSPFile = 'SProvider.metadata.php';
// A Kerboros-protected soft link back to this script!
$kerberosRedirectURL = '/SWITCHaai/kerberosRedirect.php';
// File to use as the lock file for writing the parsed IdP and SP lists.
// The user running the script must have permission to write $metadataLockFile
$metadataLockFile = '/tmp/wayf_metadata.lock';
// Where to log the access
// Make sure the web server user has write access to this file!
$WAYFLogFile = '/var/log/apache2/wayf.log';
// 6. Other settings
//******************
// A Kerboros-protected soft link back to this script!
$kerberosRedirectURL = '/SWITCHaai/kerberosRedirect.php';
// Development mode settings
//**************************
// If the development mode is activated, PHP errors and warnings will be displayed
$developmentMode = false;
?>
......@@ -38,15 +38,39 @@ if(isRunViaCLI()){
die($errorMsg);
}
// Get an exclusive lock to generate our parsed IdP and SP files.
if (($lockFp = fopen($metadataLockFile, 'a+')) === false) {
$errorMsg = 'Could not open lock file '.$metadataLockFile;
die($errorMsg);
}
if (flock($lockFp, LOCK_EX) === false) {
$errorMsg = 'Could not lock file '.$metadataLockFile;
die($errorMsg);
}
echo 'Parsing metadata file '.$metadataFile."\n";
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $defaultLanguage);
// If $metadataIDProviders is not FALSE update $IDProviders and dump results in $metadataIDPFile, else do nothing.
// If $metadataIDProviders is not FALSE, dump results in $metadataIDPFile.
if(is_array($metadataIDProviders)){
echo 'Dumping parsed Identity Providers to file '.$metadataIDPFile."\n";
dumpFile($metadataIDPFile, $metadataIDProviders, 'metadataIDProviders');
}
// If $metadataSProviders is not FALSE, dump results in $metadataSPFile.
if(is_array($metadataSProviders)){
echo 'Dumping parsed Service Providers to file '.$metadataSPFile."\n";
dumpFile($metadataSPFile, $metadataSProviders, 'metadataSProviders');
}
// Release the lock, and close.
flock($lockFp, LOCK_UN);
fclose($lockFp);
// If $metadataIDProviders is not FALSE, update $IDProviders and print the Identity Providers lists.
if(is_array($metadataIDProviders)){
echo 'Merging parsed Identity Providers with data from file '.$IDProviders."\n";
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
......@@ -57,12 +81,9 @@ if(isRunViaCLI()){
print_r($IDProviders);
}
// If $metadataSProviders is not FALSE update $SProviders and dump results in $metadataSPFile, else do nothing.
// If $metadataSProviders is not FALSE, update $SProviders and print the list.
if(is_array($metadataSProviders)){
echo 'Dumping parsed Service Providers to file '.$metadataSPFile."\n";
dumpFile($metadataSPFile, $metadataSProviders, 'metadataSProviders');
// Fow now copy the array by reference
$SProviders = &$metadataSProviders;
......@@ -86,8 +107,21 @@ if(isRunViaCLI()){
die($errorMsg);
}
// Open the metadata lock file.
if (($lockFp = fopen($metadataLockFile, 'a+')) === false) {
$errorMsg = 'Could not open lock file '.$metadataLockFile;
syslog(LOG_ERR, $errorMsg);
}
// Run as included file
if(!file_exists($metadataIDPFile) or filemtime($metadataFile) > filemtime($metadataIDPFile)){
// Get an exclusive lock to regenerate the parsed files.
if ($lockFp !== false) {
if (flock($lockFp, LOCK_EX) === false) {
$errorMsg = 'Could not get exclusive lock on '.$metadataLockFile;
syslog(LOG_ERR, $errorMsg);
}
}
// Regenerate $metadataIDPFile.
list($metadataIDProviders, $metadataSProviders) = parseMetadata($metadataFile, $defaultLanguage);
......@@ -103,6 +137,11 @@ if(isRunViaCLI()){
require($metadataSPFile);
}
// Release the lock.
if ($lockFp !== false) {
flock($lockFp, LOCK_UN);
}
// Now merge IDPs from metadata and static file
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
......@@ -111,16 +150,35 @@ if(isRunViaCLI()){
} elseif (file_exists($metadataIDPFile)){
// Get a shared lock to read the IdP and SP files
// generated from the metadata file.
if ($lockFp !== false) {
if (flock($lockFp, LOCK_SH) === false) {
$errorMsg = 'Could not lock file '.$metadataLockFile;
syslog(LOG_ERR, $errorMsg);
}
}
// Read SP and IDP files generated with metadata
require($metadataIDPFile);
require($metadataSPFile);
// Release the lock.
if ($lockFp !== false) {
flock($lockFp, LOCK_UN);
}
// Now merge IDPs from metadata and static file
$IDProviders = mergeInfo($IDProviders, $metadataIDProviders, $SAML2MetaOverLocalConf, $includeLocalConfEntries);
// Fow now copy the array by reference
$SProviders = &$metadataSProviders;
}
// Close the metadata lock file.
if ($lockFp !== false) {
fclose($lockFp);
}
} else {
exit('No direct script access allowed');
......@@ -302,28 +360,15 @@ function dumpFile($dumpFile, $providers, $variableName){
if(($fp = fopen($dumpFile, 'w')) !== false){
// Get an exclusive lock
if (flock($fp, LOCK_EX)) {
fwrite($fp, "<?php\n\n");
fwrite($fp, "// This file was automatically generated by readMetadata.php\n");
fwrite($fp, "// Don't edit!\n\n");
fwrite($fp, '$'.$variableName.' = ');
fwrite($fp, var_export($providers,true));
fwrite($fp, "\n?>");
// Release the lock
flock($fp, LOCK_UN);
} else {
$errorMsg = 'Could not lock file '.$dumpFile.' for writting';
if (isRunViaCLI()){
echo $errorMsg."\n";
} else {
syslog(LOG_ERR, $errorMsg);
}
}
fwrite($fp, "<?php\n\n");
fwrite($fp, "// This file was automatically generated by readMetadata.php\n");
fwrite($fp, "// Don't edit!\n\n");
fwrite($fp, '$'.$variableName.' = ');
fwrite($fp, var_export($providers,true));
fwrite($fp, "\n?>");
fclose($fp);
} else {
$errorMsg = 'Could not open file '.$dumpFile.' for writting';
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment