Hi Al, Yes - the problem is that it is getting called from the shibauth/index.php file and is therefore looking under shibauth for the .ht-inc/cryptkey directory.
Adding the following line in the getCryptKeyID function should fix the
problem:
$filebase = preg_replace('|/shibauth|', '', $filebase);
So, the start of the function should look like:
function getCryptKeyID() {
$reg = "|" . SCRIPT . "$|";
$filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
$filebase = preg_replace('|/shibauth|', '', $filebase);
$filebase .= "/.ht-inc/cryptkey";
$idfile = "$filebase/cryptkeyid";
static $create = 1; # set flag so that recursion only goes one level
deep
Let me know if that fixes the problem for you.
Josh
On Tuesday, October 16, 2018 1:42:58 PM EDT Evelio Quiros wrote:
> This is the code that I used:
>
> function getCryptKeyID() {
> $reg = "|" . SCRIPT . "$|";
> $filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
> $filebase .= "/.ht-inc/cryptkey";
> $idfile = "$filebase/cryptkeyid";
> error_log("idfile: |$idfile|");
> static $create = 1; # set flag so that recursion only goes one level
> deep
> It’s weird that the $filebase is shown as /shibauth.
> It clearly sets $filebase to /.ht-inc/cryptkey.
> Is it perhaps running index.php in /shibauth ?
> That may be why the $filebase path is wrong ?
>
> -- Al Quiros
> Enterprise Systems
>
>
>
> On 10/16/18, 1:29 PM, "Evelio Quiros" <[email protected]> wrote:
>
> Hi Josh,
>
> Here is the updated error log as per your instructions:
>
> Oct 16 13:21:04 webvcl01 httpd: PHP Stack trace:
> Oct 16 13:21:04 webvcl01 httpd: PHP 1. {main}()
> /data/www/html/vcl-2.5/shibauth/index.php:0
Oct 16 13:21:04 webvcl01
> httpd: PHP 2. mysql_escape_string()
> /data/www/html/vcl-2.5/shibauth/index.php:106 Oct 16 13:21:04 webvcl01
> httpd: idfile: |/var/www/html/vcl/shibauth/.ht-inc/cryptkey/cryptkeyid| Oct
> 16 13:21:04 webvcl01 httpd: idfile:
> |/var/www/html/vcl/shibauth/.ht-inc/cryptkey/cryptkeyid| Oct 16 13:21:04
> webvcl01 httpd: You have an error in your SQL syntax;
> It appears to be looking for .ht-inc in the /shibauth directory, which
> is the directory that Shibboleth is protecting.
> -- Al Quiros
> Enterprise Systems
>
>
>
> On 10/16/18, 9:11 AM, "Josh Thompson" <[email protected]> wrote:
>
> Hi Al,
>
> I'm sorry - I forgot to include the name of the function where you
> should have
made the change. The line
>
> $idfile = "$filebase/cryptkeyid";
>
> already exists in getCryptKeyID(), which is where the change needs
> to be made.
> Add the following line to that function:
>
> error_log("idfile: |$idfile|");
>
>
> You should end up with a function that starts with:
>
> function getCryptKeyID() {
> $reg = "|" . SCRIPT . "$|";
> $filebase = preg_replace($reg, '', $_SERVER['SCRIPT_FILENAME']);
> $filebase .= "/.ht-inc/cryptkey";
> $idfile = "$filebase/cryptkeyid";
> error_log("idfile: |$idfile|");
>
> static $create = 1; # set flag so that recursion only goes one
> level deep
>
>
> Josh
>
> On Tuesday, October 16, 2018 8:38:10 AM EDT Evelio Quiros wrote:
>
> > Hi Josh,
> >
> > I did what you asked, I added this to utils.php.
> >
> > function checkMissingWebSecretKeys() {
> >
> > global $mode;
> > $mycryptkeyid = getCryptKeyID();
> >
> >
> >
> > $idfile = "$filebase/cryptkeyid";
> > error_log("idfile: |$idfile|");
> >
> >
> > I got this result:
> >
> > PHP Stack trace:
> > Oct 16 07:23:01 webvcl01 httpd: PHP 1. {main}()
> > /data/www/html/vcl-2.5/shibauth/index.php:0
>
> Oct 16 07:23:01 webvcl01
>
> > httpd: PHP 2. mysql_escape_string()
> > /data/www/html/vcl-2.5/shibauth/index.php:106 Oct 16 07:23:01
> > webvcl01
> > httpd: PHP Notice: Undefined variable: filebase in
> > /data/www/html/vcl-2.5/.ht-inc/utils.php on line 3062 Oct 16
> > 07:23:01
> > webvcl01 httpd: PHP Stack trace:
> > Oct 16 07:23:01 webvcl01 httpd: PHP 1. {main}()
> > /data/www/html/vcl-2.5/shibauth/index.php:0
>
> Oct 16 07:23:01 webvcl01
>
> > httpd: PHP 2. addLoginLog()
> > /data/www/html/vcl-2.5/shibauth/index.php:187
Oct 16 07:23:01
> > webvcl01 httpd: PHP 3. checkMissingWebSecretKeys()
> > /data/www/html/vcl-2.5/.ht-inc/authentication.php:580 Oct 16
> > 07:23:01 webvcl01 httpd: idfile: |/cryptkeyid|
> >
> > So, rather than "$filebase/cryptkeyid", where $filebase should be
> > "/.ht-inc/cryptkey", $filebase shows up as “undefined”
>
>
>
> > I see that utils.php does set $filebase at the beginning:
> >
> >
> > $filebase .= "/.ht-inc/cryptkey";
> > $idfile = "$filebase/cryptkeyid";
> >
> >
> > But it looks like $filebase gets wiped out somewhere.
> >
> > So, I added this in utils.php:
> >
> > function checkMissingWebSecretKeys() {
> >
> > global $mode;
> > $filebase .= "/.ht-inc/cryptkey";
> > $mycryptkeyid = getCryptKeyID();
> > $values = array();
> >
> >
> > But I still got the error.
> > Here, $filebase appears correct, but it still gives the same error
> > as before
(SQL error)
>
>
>
> > I think that I will just leave that function call commented out
> > in
> > authentication.php
>
>
>
> > // if($passfail == 1)
> > // checkMissingWebSecretKeys();
> >
> > That seems to work. What do you think ?
> >
> > -- Al Quiros
> > Enterprise Systems
> >
> >
> >
> >
> >
> > On 10/15/18, 4:29 PM, "Evelio Quiros" <[email protected]> wrote:
> >
> >
> > Thanks for the reply, Josh.
> >
> > I will try this tomorrow morning.
> >
> > Thanks for your help.
> >
> >
> >
> > Regards,
> >
> > -- Al Quiros
> >
> > Enterprise Systems
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On 10/15/18, 4:16 PM, "Josh Thompson" <[email protected]>
> > wrote:
> >
> >
> >
> >
> > Hi Al,
> >
> >
> >
> >
> >
> >
> >
> > The problem is that getCryptKeyID is returning an empty
> > string
> >
> > instead of "1".
>
>
>
> > Can you enable php error logging [1] and then make the
> > following
> >
> > change?
>
>
>
> >
> >
> >
> >
> > Add
> >
> >
> >
> >
> >
> >
> >
> > error_log("idfile: |$idfile|");
> >
> >
> >
> >
> >
> >
> >
> > after
> >
> >
> >
> >
> >
> >
> >
> > $idfile = "$filebase/cryptkeyid";
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Then, let me know what idfile is getting set to.
> >
> >
> >
> >
> >
> >
> >
> > [1] To enable php error logging, set
> >
> >
> >
> >
> >
> >
> >
> > log_errors = On
> >
> >
> >
> > error_log = syslog
> >
> >
> >
> >
> >
> >
> >
> > in /etc/php.ini and restart httpd. Then, php error
> > logging will be
> >
> > sent to
>
>
>
> > /var/log/messages.
> >
> >
> >
> >
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Josh
> >
> >
> >
> >
> >
> >
>
>
> --
> -------------------------------
> Josh Thompson
> Systems Programmer
> Platform Computing | VCL Developer
> North Carolina State University
>
> [email protected]
> 919-515-5323
>
> my GPG/PGP key can be found at pgp.mit.edu
>
> All electronic mail messages in connection with State business
> which
are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
>
>
>
--
-------------------------------
Josh Thompson
Systems Programmer
Platform Computing | VCL Developer
North Carolina State University
[email protected]
919-515-5323
my GPG/PGP key can be found at pgp.mit.edu
All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.
signature.asc
Description: This is a digitally signed message part.
