- pch++;
- *pch=0;
- strcat(inifile,"isapi_shib.ini");
-
- // Read system-wide parameters from isapi_shib.ini.
- char buf[1024];
- char buf3[48];
-
- try
- {
- SAMLConfig& SAMLconf=SAMLConfig::getConfig();
-
- GetPrivateProfileString("shibboleth","ShibLogConfig","",buf,sizeof(buf),inifile);
- if (*buf)
- PropertyConfigurator::configure(buf);
- Category& log=Category::getInstance("isapi_shib.GetFilterVersion");
- log.info("using INI file: %s",inifile);
-
- GetPrivateProfileString("shibboleth","ShibSchemaPath","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- log.fatal("ShibSchemaPath missing");
- return FALSE;
- }
- SAMLconf.schema_dir=buf;
- if (*SAMLconf.schema_dir.end()!='\\')
- SAMLconf.schema_dir+='\\';
-
- GetPrivateProfileString("shibboleth","ShibSSLCertFile","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- log.fatal("ShibSSLCertFile missing");
- return FALSE;
- }
- SAMLconf.ssl_certfile=buf;
-
- GetPrivateProfileString("shibboleth","ShibSSLKeyFile","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- log.fatal("ShibSSLKeyFile missing");
- return FALSE;
- }
- SAMLconf.ssl_keyfile=buf;
-
- GetPrivateProfileString("shibboleth","ShibSSLKeyPass","",buf,sizeof(buf),inifile);
- SAMLconf.ssl_keypass=buf;
-
- GetPrivateProfileString("shibboleth","ShibSSLCAList","",buf,sizeof(buf),inifile);
- SAMLconf.ssl_calist=buf;
-
- // Read site count and allocate site array.
- g_ulMaxSite=GetPrivateProfileInt("shibboleth","max-site",0,inifile);
- if (g_ulMaxSite==0)
- {
- log.fatal("max-site was 0 or invalid");
- return FALSE;
- }
- log.debug("max-site is %d",g_ulMaxSite);
- g_Sites=new settings_t[g_ulMaxSite];
-
- // Read site-specific settings for each site.
- for (ULONG i=0; i<g_ulMaxSite; i++)
- {
- ultoa(i+1,buf3,10);
- GetPrivateProfileString(buf3,"ShibSiteName","X",buf,sizeof(buf),inifile);
- if (!strcmp(buf,"X"))
- {
- log.info("skipping site %d (no ShibSiteName)",i);
- continue;
- }
-
- GetPrivateProfileString(buf3,"ShibCookieName","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- delete[] g_Sites;
- log.fatal("ShibCookieName missing in site %d",i);
- return FALSE;
- }
- g_Sites[i].g_CookieName=buf;
-
- GetPrivateProfileString(buf3,"WAYFLocation","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- delete[] g_Sites;
- log.fatal("WAYFLocation missing in site %d",i);
- return FALSE;
- }
- g_Sites[i].g_WAYFLocation=buf;
-
- GetPrivateProfileString(buf3,"GarbageCollector","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- delete[] g_Sites;
- log.fatal("GarbageCollector missing in site %d",i);
- return FALSE;
- }
- g_Sites[i].g_GarbageCollector=buf;
-
- GetPrivateProfileString(buf3,"SHIRELocation","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- delete[] g_Sites;
- log.fatal("SHIRELocation missing in site %d",i);
- return FALSE;
- }
- g_Sites[i].g_SHIRELocation=buf;
-
- GetPrivateProfileString(buf3,"SHIRESessionPath","",buf,sizeof(buf),inifile);
- if (!*buf)
- {
- delete[] g_Sites;
- log.fatal("SHIRESessionPath missing in site %d",i);
- return FALSE;
- }
- g_Sites[i].g_SHIRESessionPath=buf;
- if (g_Sites[i].g_SHIRESessionPath[g_Sites[i].g_SHIRESessionPath.length()]!='\\')
- g_Sites[i].g_SHIRESessionPath+='\\';
-
- // Old-style matching string.
- GetPrivateProfileString(buf3,"ShibMustContain","",buf,sizeof(buf),inifile);
- _strupr(buf);
- char* start=buf;
- while (char* sep=strchr(start,';'))
- {
- *sep='\0';
- if (*start)
- {
- g_Sites[i].g_MustContain.push_back(start);
- log.info("site %d told to match against %s",i,start);
- }
- start=sep+1;
- }
- if (*start)
- {
- g_Sites[i].g_MustContain.push_back(start);
- log.info("site %d told to match against %s",i,start);
- }
-
- if (GetPrivateProfileInt(buf3,"ShibSSLOnly",1,inifile)==0)
- g_Sites[i].g_bSSLOnly=false;
- if (GetPrivateProfileInt(buf3,"ShibCheckAddress",1,inifile)==0)
- g_Sites[i].g_bCheckAddress=false;
- if (GetPrivateProfileInt(buf3,"ShibExportAssertion",0,inifile)==1)
- g_Sites[i].g_bExportAssertion=true;
- g_Sites[i].g_Lifetime=GetPrivateProfileInt(buf3,"ShibAuthLifetime",7200,inifile);
- if (g_Sites[i].g_Lifetime<=0)
- g_Sites[i].g_Lifetime=7200;
- g_Sites[i].g_Timeout=GetPrivateProfileInt(buf3,"ShibAuthTimeout",3600,inifile);
- if (g_Sites[i].g_Timeout<=0)
- g_Sites[i].g_Timeout=3600;
- log.info("configuration of site %d complete",i);
- }
-
- ShibConfig& Shibconf=ShibConfig::getConfig();
- static DummyMapper mapper;
-
- if (!SAMLconf.init())
- {
- delete[] g_Sites;
- log.fatal("SAML initialization failed");
- return FALSE;
- }
-
- Shibconf.origin_mapper=&mapper;
- if (!Shibconf.init())
- {
- delete[] g_Sites;
- log.fatal("Shibboleth initialization failed");
- return FALSE;
- }
-
- char buf2[32767];
- DWORD res=GetPrivateProfileSection("ShibMapAttributes",buf2,sizeof(buf2),inifile);
- if (res==sizeof(buf2)-2)
- {
- delete[] g_Sites;
- log.fatal("ShibMapAttributes INI section was larger than 32k");
- return FALSE;
- }
-
- for (char* attr=buf2; *attr; attr++)
- {
- char* delim=strchr(attr,'=');
- if (!delim)
- {
- delete[] g_Sites;
- log.fatal("unrecognizable ShibMapAttributes directive: %s",attr);
- return FALSE;
- }
- *delim++=0;
- g_mapAttribNameToHeader[attr]=(string(delim) + ':');
- log.info("mapping attribute %s to request header %s",attr,delim);
- attr=delim + strlen(delim);
- }