Hi Al, Awesome! I'm glad that fixed it. Thanks for working through this. I've submitted a bug into our bug tracker to ensure this gets fixed in the next release.
Josh On Wednesday, October 17, 2018 7:18:13 AM EDT Evelio Quiros wrote: > Hi Josh, > > That seems to have worked. > Thank you very much. > > -- Al Quiros > Enterprise Systems > > > > On 10/16/18, 4:32 PM, "Josh Thompson" <[email protected]> wrote: > > Hi Al, > > Yes - the problem is that it is getting called from the > shibauth/index.php file and is therefore looking under shibauth for the > .ht-inc/cryptkey directory. > > Adding the following line in the getCryptKeyID function should fix the > problem: > > $filebase = preg_replace('|/shibauth|', '', $filebase); > > So, the start of the function should look like: > > function getCryptKeyID() { > $reg = "|" . SCRIPT . "$|"; > $filebase = preg_replace($reg, '', > $_SERVER['SCRIPT_FILENAME']); $filebase = preg_replace('|/shibauth|', '', > $filebase); $filebase .= "/.ht-inc/cryptkey"; > $idfile = "$filebase/cryptkeyid"; > > static $create = 1; # set flag so that recursion only goes one > level deep > > > Let me know if that fixes the problem for you. > > Josh > > On Tuesday, October 16, 2018 1:42:58 PM EDT Evelio Quiros wrote: > > > This is the code that I used: > > > > function getCryptKeyID() { > > > > $reg = "|" . SCRIPT . "$|"; > > $filebase = preg_replace($reg, '', > > $_SERVER['SCRIPT_FILENAME']); > > $filebase .= "/.ht-inc/cryptkey"; > > $idfile = "$filebase/cryptkeyid"; > > error_log("idfile: |$idfile|"); > > static $create = 1; # set flag so that recursion only goes one > > level > > > > deep > > > > > It’s weird that the $filebase is shown as /shibauth. > > It clearly sets $filebase to /.ht-inc/cryptkey. > > Is it perhaps running index.php in /shibauth ? > > That may be why the $filebase path is wrong ? > > > > -- Al Quiros > > Enterprise Systems > > > > > > > > > > > > On 10/16/18, 1:29 PM, "Evelio Quiros" <[email protected]> wrote: > > > > > > Hi Josh, > > > > Here is the updated error log as per your instructions: > > > > Oct 16 13:21:04 webvcl01 httpd: PHP Stack trace: > > Oct 16 13:21:04 webvcl01 httpd: PHP 1. {main}() > > > > /data/www/html/vcl-2.5/shibauth/index.php:0 > > Oct 16 13:21:04 webvcl01 > > > httpd: PHP 2. mysql_escape_string() > > /data/www/html/vcl-2.5/shibauth/index.php:106 Oct 16 13:21:04 > > webvcl01 > > httpd: idfile: > > |/var/www/html/vcl/shibauth/.ht-inc/cryptkey/cryptkeyid| Oct 16 > > 13:21:04 webvcl01 httpd: idfile: > > > > |/var/www/html/vcl/shibauth/.ht-inc/cryptkey/cryptkeyid| Oct 16 > > |13:21:04 > > > > webvcl01 httpd: You have an error in your SQL syntax; > > > > It appears to be looking for .ht-inc in the /shibauth directory, > > which > > > > is the directory that Shibboleth is protecting. > > > > > -- Al Quiros > > Enterprise Systems > > > > > > > > > > > > On 10/16/18, 9:11 AM, "Josh Thompson" <[email protected]> > > wrote: > > > > > > Hi Al, > > > > I'm sorry - I forgot to include the name of the function where > > you > > > > should have > > made the change. The line > > > > > $idfile = "$filebase/cryptkeyid"; > > > > already exists in getCryptKeyID(), which is where the change > > needs > > > > to be made. > > > > > Add the following line to that function: > > > > error_log("idfile: |$idfile|"); > > > > > > You should end up with a function that starts with: > > > > function getCryptKeyID() { > > > > $reg = "|" . SCRIPT . "$|"; > > $filebase = preg_replace($reg, '', > > $_SERVER['SCRIPT_FILENAME']); > > > > $filebase .= "/.ht-inc/cryptkey"; > > > > $idfile = "$filebase/cryptkeyid"; > > error_log("idfile: |$idfile|"); > > > > > > > > static $create = 1; # set flag so that recursion only goes > > one > > > > level deep > > > > > > > > > Josh > > > > On Tuesday, October 16, 2018 8:38:10 AM EDT Evelio Quiros > > wrote: > > > > > > > > > Hi Josh, > > > > > > I did what you asked, I added this to utils.php. > > > > > > function checkMissingWebSecretKeys() { > > > > > > > > > global $mode; > > > $mycryptkeyid = getCryptKeyID(); > > > > > > > > > > > > > > > > > > $idfile = "$filebase/cryptkeyid"; > > > error_log("idfile: |$idfile|"); > > > > > > > > > > > > I got this result: > > > > > > PHP Stack trace: > > > Oct 16 07:23:01 webvcl01 httpd: PHP 1. {main}() > > > /data/www/html/vcl-2.5/shibauth/index.php:0 > > > > > > > > Oct 16 07:23:01 webvcl01 > > > > > > > > > httpd: PHP 2. mysql_escape_string() > > > /data/www/html/vcl-2.5/shibauth/index.php:106 Oct 16 > > > 07:23:01 > > > webvcl01 > > > httpd: PHP Notice: Undefined variable: filebase in > > > /data/www/html/vcl-2.5/.ht-inc/utils.php on line 3062 Oct > > > 16 > > > 07:23:01 > > > webvcl01 httpd: PHP Stack trace: > > > Oct 16 07:23:01 webvcl01 httpd: PHP 1. {main}() > > > /data/www/html/vcl-2.5/shibauth/index.php:0 > > > > > > > > Oct 16 07:23:01 webvcl01 > > > > > > > > > httpd: PHP 2. addLoginLog() > > > /data/www/html/vcl-2.5/shibauth/index.php:187 > > Oct 16 07:23:01 > > > > webvcl01 httpd: PHP 3. checkMissingWebSecretKeys() > > > /data/www/html/vcl-2.5/.ht-inc/authentication.php:580 Oct > > > 16 > > > 07:23:01 webvcl01 httpd: idfile: |/cryptkeyid| > > > > > > So, rather than "$filebase/cryptkeyid", where $filebase > > > should be > > > "/.ht-inc/cryptkey", $filebase shows up as “undefined” > > > > > > > > > > > > > > > > > I see that utils.php does set $filebase at the beginning: > > > > > > > > > > > > $filebase .= "/.ht-inc/cryptkey"; > > > $idfile = "$filebase/cryptkeyid"; > > > > > > > > > > > > But it looks like $filebase gets wiped out somewhere. > > > > > > So, I added this in utils.php: > > > > > > function checkMissingWebSecretKeys() { > > > > > > > > > global $mode; > > > $filebase .= "/.ht-inc/cryptkey"; > > > $mycryptkeyid = getCryptKeyID(); > > > $values = array(); > > > > > > > > > > > > But I still got the error. > > > Here, $filebase appears correct, but it still gives the same > > > error > > > as before > > (SQL error) > > > > > > > > > > > > > > > > I think that I will just leave that function call commented > > > out > > > in > > > authentication.php > > > > > > > > > > > > > > > > > // if($passfail == 1) > > > // checkMissingWebSecretKeys(); > > > > > > That seems to work. What do you think ? > > > > > > -- Al Quiros > > > Enterprise Systems > > > > > > > > > > > > > > > > > > > > > > > > On 10/15/18, 4:29 PM, "Evelio Quiros" <[email protected]> > > > wrote: > > > > > > > > > > > > Thanks for the reply, Josh. > > > > > > I will try this tomorrow morning. > > > > > > Thanks for your help. > > > > > > > > > > > > Regards, > > > > > > -- Al Quiros > > > > > > Enterprise Systems > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 10/15/18, 4:16 PM, "Josh Thompson" > > > <[email protected]> > > > wrote: > > > > > > > > > > > > > > > > > > Hi Al, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The problem is that getCryptKeyID is returning an > > > empty > > > string > > > > > > > > > instead of "1". > > > > > > > > > > > > > > > > > Can you enable php error logging [1] and then make > > > the > > > following > > > > > > > > > change? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Add > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > error_log("idfile: |$idfile|"); > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > after > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > $idfile = "$filebase/cryptkeyid"; > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Then, let me know what idfile is getting set to. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [1] To enable php error logging, set > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > log_errors = On > > > > > > > > > > > > > > > > > > error_log = syslog > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > in /etc/php.ini and restart httpd. Then, php error > > > logging will be > > > > > > > > > sent to > > > > > > > > > > > > > > > > > /var/log/messages. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > > > > Josh > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > ------------------------------- > > Josh Thompson > > Systems Programmer > > Platform Computing | VCL Developer > > North Carolina State University > > > > [email protected] > > 919-515-5323 > > > > my GPG/PGP key can be found at pgp.mit.edu > > > > All electronic mail messages in connection with State > > business > > > > which > > are sent to or received by this account are subject to the NC Public > > > Records Law and may be disclosed to third parties. > > > > > > > > > > > > > -- > ------------------------------- > Josh Thompson > Systems Programmer > Platform Computing | VCL Developer > North Carolina State University > > [email protected] > 919-515-5323 > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > -- ------------------------------- Josh Thompson Systems Programmer Platform Computing | VCL Developer North Carolina State University [email protected] 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties.
signature.asc
Description: This is a digitally signed message part.
