[shibboleth-sp2] 35/82: SSPCPP-737 Installer. Add detection of duplicate filters
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository shibboleth-sp2.
commit 041e154e882fe9646746619888adea97fb392539
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Sat Jul 1 15:40:08 2017 +0100
SSPCPP-737 Installer. Add detection of duplicate filters
https://issues.shibboleth.net/jira/browse/SSPCPP-737
Add a trivial registry-based protocol to ensure that only one of ISAP_SHIB
or IIS7_SHIB are ever running.
---
Projects/vc10/isapi_shib/isapi_shib.vcxproj | 6 +-
Projects/vc14/Shibboleth.sln | 1 -
Projects/vc14/iis7_shib/iis7_shib.vcxproj | 9 +--
Projects/vc14/iis7_shib/iis7_shib.vcxproj.filters | 1 +
Projects/vc14/isapi_shib/isapi_shib.vcxproj | 2 +-
iis7_shib/register.cpp | 14 ++++
isapi_shib/isapi_shib.cpp | 11 +++
util/RegistrySignature.cpp | 85 +++++++++++++++++++++++
util/RegistrySignature.h | 33 +++++++++
util/message.mc | 19 ++++-
10 files changed, 170 insertions(+), 11 deletions(-)
diff --git a/Projects/vc10/isapi_shib/isapi_shib.vcxproj b/Projects/vc10/isapi_shib/isapi_shib.vcxproj
index 8753e30..8b487c9 100644
--- a/Projects/vc10/isapi_shib/isapi_shib.vcxproj
+++ b/Projects/vc10/isapi_shib/isapi_shib.vcxproj
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
@@ -68,7 +68,6 @@
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(SolutionDir)\..\..\Build\VC10\$(Platform)\$(Configuration)\</OutDir>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(SolutionDir)\..\..\Build\VC10\\$(Configuration)\</OutDir>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(SolutionDir)\..\..\Build\VC10\\$(Configuration)\</OutDir>
-
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(Platform)\$(Configuration)\</IntDir>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
@@ -223,6 +222,7 @@
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\..\Isapi_Shib\isapi_shib.cpp" />
+ <ClCompile Include="..\..\..\util\RegistrySignature.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\..\Isapi_Shib\isapi_shib.rc" />
@@ -239,4 +239,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/Projects/vc14/Shibboleth.sln b/Projects/vc14/Shibboleth.sln
index e225949..388878b 100644
--- a/Projects/vc14/Shibboleth.sln
+++ b/Projects/vc14/Shibboleth.sln
@@ -366,7 +366,6 @@ Global
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Debug|Win32.Build.0 = Debug|Win32
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Debug|x64.ActiveCfg = Debug|x64
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Debug|x64.Build.0 = Debug|x64
- {CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Debug|x64.Deploy.0 = Debug|x64
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Release|Win32.ActiveCfg = Release|Win32
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Release|Win32.Build.0 = Release|Win32
{CEE84E04-6A19-4F93-8FE5-98F9D22526DD}.Release|x64.ActiveCfg = Release|x64
diff --git a/Projects/vc14/iis7_shib/iis7_shib.vcxproj b/Projects/vc14/iis7_shib/iis7_shib.vcxproj
index e4ebb78..a6289e9 100644
--- a/Projects/vc14/iis7_shib/iis7_shib.vcxproj
+++ b/Projects/vc14/iis7_shib/iis7_shib.vcxproj
@@ -114,7 +114,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
- <AdditionalDependencies>xerces-c_3.lib;xmltooling-lite1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>xerces-c_3.lib;xmltooling-lite1.lib;log4shib1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\..\..\..\cpp-xmltooling\Build\VC14\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
@@ -139,7 +139,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
- <AdditionalDependencies>xerces-c_3.lib;xmltooling-lite1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>xerces-c_3.lib;xmltooling-lite1.lib;log4shib1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\..\..\..\cpp-xmltooling\Build\VC14\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
@@ -163,7 +163,7 @@
<Culture>0x0409</Culture>
</ResourceCompile>
<Link>
- <AdditionalDependencies>xerces-c_3D.lib;xmltooling-lite1D.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>xerces-c_3D.lib;xmltooling-lite1D.lib;log4shib1D.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\..\..\..\cpp-xmltooling\Build\VC14\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
@@ -189,7 +189,7 @@
<Link>
<AdditionalOptions>
</AdditionalOptions>
- <AdditionalDependencies>xerces-c_3D.lib;xmltooling-lite1D.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>xerces-c_3D.lib;xmltooling-lite1D.lib;log4shib1D.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>..\..\..\..\cpp-xmltooling\Build\VC14\$(Platform)\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
@@ -202,6 +202,7 @@
<ClCompile Include="..\..\..\iis7_shib\register.cpp" />
<ClCompile Include="..\..\..\iis7_shib\ShibHttpModule.cpp" />
<ClCompile Include="..\..\..\iis7_shib\ShibUser.cpp" />
+ <ClCompile Include="..\..\..\util\RegistrySignature.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\..\Iis7_Shib\iis7_shib.rc">
diff --git a/Projects/vc14/iis7_shib/iis7_shib.vcxproj.filters b/Projects/vc14/iis7_shib/iis7_shib.vcxproj.filters
index d11897f..6705a27 100644
--- a/Projects/vc14/iis7_shib/iis7_shib.vcxproj.filters
+++ b/Projects/vc14/iis7_shib/iis7_shib.vcxproj.filters
@@ -21,6 +21,7 @@
<ClCompile Include="..\..\..\iis7_shib\ShibHttpModule.cpp">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="..\..\..\util\RegistrySignature.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\..\Iis7_Shib\iis7_shib.rc">
diff --git a/Projects/vc14/isapi_shib/isapi_shib.vcxproj b/Projects/vc14/isapi_shib/isapi_shib.vcxproj
index 8d1c439..724d98c 100644
--- a/Projects/vc14/isapi_shib/isapi_shib.vcxproj
+++ b/Projects/vc14/isapi_shib/isapi_shib.vcxproj
@@ -20,7 +20,6 @@
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{87C25D4E-8D19-4513-B0BA-BC668BC2DEE3}</ProjectGuid>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -237,6 +236,7 @@
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\..\Isapi_Shib\isapi_shib.cpp" />
+ <ClCompile Include="..\..\..\util\RegistrySignature.cpp" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\..\Isapi_Shib\isapi_shib.rc" />
diff --git a/iis7_shib/register.cpp b/iis7_shib/register.cpp
index 88e7ede..382d708 100644
--- a/iis7_shib/register.cpp
+++ b/iis7_shib/register.cpp
@@ -23,6 +23,9 @@
// Project
#include "IIS7_shib.hpp"
#include "ShibHttpModule.hpp"
+#include "../util/RegistrySignature.h"
+#include <xmltooling/logging.h>
+
namespace Config {
HINSTANCE g_hinstDLL;
@@ -87,6 +90,17 @@ RegisterModule(
return S_OK;
}
+ RegistrySignature::CheckSigResult checkSig = RegistrySignature::CheckSignature('IIS7');
+ if (RegistrySignature::CheckSigResult::Failed == checkSig) {
+ LogEvent(nullptr, EVENTLOG_WARNING_TYPE, SHIB_NATIVE_CANNOT_CHECK_SIGNATURE, nullptr,
+ "Couldn't Check signature");
+ }
+ else if (RegistrySignature::CheckSigResult::Mismatched == checkSig) {
+ log4shib::Category::getInstance(SHIBSP_LOGCAT ".Native").error("ISAPI Filter is already running, exiting");
+ return FALSE;
+ }
+
+
g_Config = &SPConfig::getConfig();
g_Config->setFeatures(
SPConfig::Listener |
diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp
index 1091bc7..b6d145e 100644
--- a/isapi_shib/isapi_shib.cpp
+++ b/isapi_shib/isapi_shib.cpp
@@ -56,6 +56,8 @@
#include <httpext.h>
#include <message.h>
+#include "../util/RegistrySignature.h"
+
using namespace shibsp;
using namespace xmltooling;
using namespace xercesc;
@@ -171,6 +173,15 @@ extern "C" BOOL WINAPI GetFilterVersion(PHTTP_FILTER_VERSION pVer)
return TRUE;
}
+ RegistrySignature::CheckSigResult checkSig = RegistrySignature::CheckSignature('IIS6');
+ if (RegistrySignature::Failed == checkSig) {
+ LogEvent(nullptr, EVENTLOG_WARNING_TYPE, SHIB_ISAPI_CANNOT_CHECK_SIGNATURE, nullptr,
+ "Couldn't Check signature");
+ } else if (RegistrySignature::Mismatched == checkSig) {
+ log4shib::Category::getInstance(SHIBSP_LOGCAT ".ISAPI").error("Native Filter is already running, exiting");
+ return FALSE;
+ }
+
g_Config = &SPConfig::getConfig();
g_Config->setFeatures(
SPConfig::Listener |
diff --git a/util/RegistrySignature.cpp b/util/RegistrySignature.cpp
new file mode 100644
index 0000000..3aea9f9
--- /dev/null
+++ b/util/RegistrySignature.cpp
@@ -0,0 +1,85 @@
+/**
+* Licensed to the University Corporation for Advanced Internet
+* Development, Inc. (UCAID) under one or more contributor license
+* agreements. See the NOTICE file distributed with this work for
+* additional information regarding copyright ownership.
+*
+* UCAID licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License. You may obtain a copy of the
+* License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+* either express or implied. See the License for the specific
+* language governing permissions and limitations under the License.
+*/
+
+/*
+ * RegistrySignature.cpp : simple bit of code to check for and write
+ * a signature into the registry.
+ * - if it's not there we create a volatile key, write it and say "OK"
+ * - if it is there and the same then we say OK
+ * - if it is there and differs then we delete thekey (resetting the trigger) and say NOT OK
+ *
+ */
+//
+//
+
+#include "RegistrySignature.h"
+
+namespace RegistrySignature
+{
+ CheckSigResult CheckSignature(const DWORD Signature)
+ {
+#if _WIN32_WINNT < 0x0600
+ // Supress downrev (==VC2010 builds)
+ return Matched;
+#else
+ const WCHAR KeyName[] = L"SOFTWARE\\Shibboleth\\IsapiPlugin";
+ const WCHAR ValueName[] = L"Signature";
+
+ struct HKEY_HOLDER {
+ private:
+ HKEY handle;
+ public:
+ HKEY_HOLDER(HKEY what)
+ {
+ handle = what;
+ }
+ ~HKEY_HOLDER()
+ {
+ RegCloseKey(handle);
+ }
+ };
+
+ HKEY handle;
+ DWORD disposition, key, keySize;
+ LONG result;
+ result = RegCreateKeyExW(HKEY_LOCAL_MACHINE, KeyName, 0, NULL, REG_OPTION_VOLATILE, KEY_ALL_ACCESS, NULL, &handle, &disposition);
+ if (result != ERROR_SUCCESS) {
+ return Failed;
+ }
+ HKEY_HOLDER holder(handle);
+ if (disposition == REG_OPENED_EXISTING_KEY) {
+ keySize = sizeof(key);
+ result = RegGetValueW(handle, nullptr, ValueName, RRF_RT_DWORD, NULL, &key, &keySize);
+ if (result == ERROR_SUCCESS) {
+ if (key != Signature) {
+ result = RegDeleteKeyW(HKEY_LOCAL_MACHINE, KeyName);
+ return Mismatched;
+ }
+ else {
+ return Matched;
+ }
+ }
+ }
+ result = RegSetValueExW(handle, ValueName, 0, REG_DWORD, reinterpret_cast<const BYTE*>(&Signature), sizeof(Signature));
+
+ return (ERROR_SUCCESS == result) ? Matched : Failed;
+#endif
+ }
+}
diff --git a/util/RegistrySignature.h b/util/RegistrySignature.h
new file mode 100644
index 0000000..4120c16
--- /dev/null
+++ b/util/RegistrySignature.h
@@ -0,0 +1,33 @@
+/**
+* Licensed to the University Corporation for Advanced Internet
+* Development, Inc. (UCAID) under one or more contributor license
+* agreements. See the NOTICE file distributed with this work for
+* additional information regarding copyright ownership.
+*
+* UCAID licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License. You may obtain a copy of the
+* License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+* either express or implied. See the License for the specific
+* language governing permissions and limitations under the License.
+*/
+
+#pragma once
+#include <windows.h>
+
+namespace RegistrySignature
+{
+ enum CheckSigResult {
+ Failed,
+ Matched,
+ Mismatched
+ };
+
+ CheckSigResult CheckSignature(const DWORD Signature);
+}
\ No newline at end of file
diff --git a/util/message.mc b/util/message.mc
index e468e77..80dda57 100644
--- a/util/message.mc
+++ b/util/message.mc
@@ -190,6 +190,14 @@ Shibboleth ISAPI filter: Caught an Unknown Exception.
.
MessageId=
+Severity=Error
+Facility=ShibbolethISAPI
+SymbolicName=SHIB_ISAPI_CANNOT_CHECK_SIGNATURE
+Language=Neutral
+Shibboleth ISAPI filter: Failed when looking for signature (check the status).
+.
+
+MessageId=
Severity=Warning
Facility=ShibbolethNative
SymbolicName=SHIB_NATIVE_REENTRANT_INIT
@@ -226,7 +234,7 @@ Severity=Informational
Facility=ShibbolethNative
SymbolicName=SHIB_NATIVE_INITIALIZED
Language=Neutral
-Shibboleth ISAPI filter: Initialized...
+Shibboleth Native filter: Initialized...
.
MessageId=
@@ -234,6 +242,13 @@ Severity=Error
Facility=ShibbolethNative
SymbolicName=SHIB_NATIVE_CRITICAL
Language=Neutral
-Shibboleth ISAPI filter: Critical Error: %0!s!
+Shibboleth Native filter: Critical Error: %0!s!
.
+MessageId=
+Severity=Error
+Facility=ShibbolethISAPI
+SymbolicName=SHIB_NATIVE_CANNOT_CHECK_SIGNATURE
+Language=Neutral
+Shibboleth Native filter: Failed when looking for signature (check the status).
+.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list