[shibboleth-sp2] 40/82: SSPCPP-737 Fix double web server detection
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository shibboleth-sp2.
commit 8761792309ff6c9a50dacb2a6214411cb8a5dff0
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Thu Jul 6 16:10:20 2017 +0100
SSPCPP-737 Fix double web server detection
https://issues.shibboleth.net/jira/browse/SSPCPP-737
Spotted a couple of issues during testing
1) We need to put the volatile key below a key that the installer can
create with GENERIC_ALL privs. This keeps the registry secure save
for this one key which has no secuirty implications.
2) We cannot log duplicate detection (because logging hasn't
started) so we can only send an event to the Event log
---
iis7_shib/register.cpp | 4 ++--
isapi_shib/isapi_shib.cpp | 3 ++-
util/RegistrySignature.cpp | 2 +-
util/message.mc | 19 ++++++++++++++++++-
4 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/iis7_shib/register.cpp b/iis7_shib/register.cpp
index 1726351..201bad4 100644
--- a/iis7_shib/register.cpp
+++ b/iis7_shib/register.cpp
@@ -102,11 +102,11 @@ RegisterModule(
"Couldn't Check signature");
}
else if (RegistrySignature::CheckSigResult::Mismatched == checkSig) {
- log4shib::Category::getInstance(SHIBSP_LOGCAT ".Native").error("ISAPI Filter is already running, exiting");
+ LogEvent(nullptr, EVENTLOG_ERROR_TYPE, SHIB_NATIVE_CANNOT_CHECK_SIGNATURE, nullptr,
+ "ISAPI Filter is already running, exiting");
return FALSE;
}
-
g_Config = &SPConfig::getConfig();
g_Config->setFeatures(
SPConfig::Listener |
diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp
index b6d145e..33fbd16 100644
--- a/isapi_shib/isapi_shib.cpp
+++ b/isapi_shib/isapi_shib.cpp
@@ -178,7 +178,8 @@ extern "C" BOOL WINAPI GetFilterVersion(PHTTP_FILTER_VERSION pVer)
LogEvent(nullptr, EVENTLOG_WARNING_TYPE, SHIB_ISAPI_CANNOT_CHECK_SIGNATURE, nullptr,
"Couldn't Check signature");
} else if (RegistrySignature::Mismatched == checkSig) {
- log4shib::Category::getInstance(SHIBSP_LOGCAT ".ISAPI").error("Native Filter is already running, exiting");
+ LogEvent(nullptr, EVENTLOG_ERROR_TYPE, SHIB_ISAPI_CANNOT_CHECK_SIGNATURE, nullptr,
+ "Native Filter is already running, exiting");
return FALSE;
}
diff --git a/util/RegistrySignature.cpp b/util/RegistrySignature.cpp
index b9b618a..c30338c 100644
--- a/util/RegistrySignature.cpp
+++ b/util/RegistrySignature.cpp
@@ -36,7 +36,7 @@ namespace RegistrySignature
// Supress downrev (==VC2010 builds)
return Matched;
#else
- const WCHAR KeyName[] = L"SOFTWARE\\Shibboleth\\IsapiPlugin";
+ const WCHAR KeyName[] = L"SOFTWARE\\Shibboleth\\PublicRWKey\\IsapiPlugin";
const WCHAR ValueName[] = L"Signature";
struct HKEY_HOLDER {
diff --git a/util/message.mc b/util/message.mc
index 80dda57..c208f89 100644
--- a/util/message.mc
+++ b/util/message.mc
@@ -198,6 +198,15 @@ Shibboleth ISAPI filter: Failed when looking for signature (check the status).
.
MessageId=
+Severity=Error
+Facility=ShibbolethISAPI
+SymbolicName=SHIB_ISAPI_SIGNATURE_MISMATCH
+Language=Neutral
+Shibboleth ISAPI filter: Native Filter is already running, exiting.
+.
+
+
+MessageId=
Severity=Warning
Facility=ShibbolethNative
SymbolicName=SHIB_NATIVE_REENTRANT_INIT
@@ -247,8 +256,16 @@ Shibboleth Native filter: Critical Error: %0!s!
MessageId=
Severity=Error
-Facility=ShibbolethISAPI
+Facility=ShibbolethNative
SymbolicName=SHIB_NATIVE_CANNOT_CHECK_SIGNATURE
Language=Neutral
Shibboleth Native filter: Failed when looking for signature (check the status).
.
+
+MessageId=
+Severity=Error
+Facility=ShibbolethNative
+SymbolicName=SHIB_NATIVE_SIGNATURE_MISMATCH
+Language=Neutral
+Shibboleth ISAPI filter: ISAPI Filter is already running, exiting.
+.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list