Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- de:shibslohttpd:helperscripts [2015/12/08 16:08] – [checker.php] Schreiterer, Frank
+++ de:shibslohttpd:helperscripts [2019/02/28 12:25] (aktuell) – [logoutnotify.php] Schreiterer, Frank
@@ Zeile 1: / Zeile 1: @@
-====== Hilfsscripte ======
+====== Hilfsskripte ======
+Alle hier aufgeführten Skripte sind beispielhaft und müssen ggf. angepasst werden.
 ===== checker.php =====
+Sorgt für den notwendigen zusätzlichen Request beim SessionHook.
 <file php checker.php>
-<? php
+<?php
 //redirect to application
 header('Location: '.$_GET['return']);
+?>
+</file>
+===== initsess.php =====
+<file php initsess.php>
+<?php
+//initialize application session
+session_start();
+//applicationpath
+$path = "Path/to/NORMALAPPLICATION";
+//and redirect to application
+$redirect = "https://".$_SERVER['SERVER_NAME']."/$path";
+header('Location: '.$redirect);
 ?>
 </file>
@@ Zeile 12: / Zeile 29: @@
 ===== logoutnotify.php =====
-<file php>
+Dieses Skript [[de:shibslohttpd:removallogout|entfernt die Anwendungs-Session]] via Back-Channel und die Cookies via Front-Channel.
+<file php logoutnotify.php>
 <?php
 // Sample PHP 5 Shibboleth logout code by lukas.haemmerle@switch.change_user
@@ Zeile 83: / Zeile 102: @@
 //       See function LogoutNotification below
-elseif (!empty($HTTP_RAW_POST_DATA)) {
+elseif (!empty(file_get_contents("php://input"))) {
     // Set SOAP header
     $server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
@@ Zeile 173: / Zeile 192: @@
     // SessionID is stored in the user session data!
-	//connection parameters to the shibcheckerdb
-	$dbDriver="mysql";
-	$dbHost="localhost";
-	$dbUser="shibuser";
-	$dbPass="Password";
-	$dbName="shibchecker";
-	$dbPort="3306";
 	//connection parameters to memcached
 	$mcsrv="127.0.0.1";
 	$mcport="11211";
-	//mode memcached or DB
+	$mc=new Memcache;
-	$mode = "memcached";
+	$mc->connect($mcsrv,$mcport);
-	#$mode = "DB";
+	//get the application session id
+	$appsessionid = $mc->get($SessionID);
-	if ($mode == "DB") {
+	//remove
-		//Remove the entry in shibchecker-DB and the aplication session
+	$ret = $mc-> delete($SessionID);
-		try {
+	$ret = $mc-> delete($appsessionid);
-			$pdo = new PDO("$dbDriver:dbname=$dbName;host=$dbHost;port=$dbPort",$dbUser,$dbPass);
+	if ($appsessionid == false) {
-			//get the application session id
+		$appsessionid = "";
-			$sqlappsess="Select appsessionid from appshibsession where shibsessionid='$SessionID'";
-			$appsessionid = "";
-			if ($res = $pdo->query($sqlappsess)) {
-				while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-					$appsessionid = $row['appsessionid'];
-				}
-			}
-			if ($appsessionid != "") {
-				$sql="Delete from appshibsession where appsessionid='$appsessionid'";
-				$pdo->query($sql);
-				$pdo = NULL;
-			}
-		} catch (PDOExeption $e) {
-			return new SoapFault('LogoutError', 'Database error.');
-		}
-	} elseif ($mode == "memcached") {
-		$mc=new Memcache;
-		$mc->connect($mcsrv,$mcport);
-		//get the application session id
-		$appsessionid = $mc->get($SessionID);
-		//remove
-		$ret = $mc-> delete($SessionID);
-		$ret = $mc-> delete($appsessionid);
-		if ($appsessionid == false) {
-			$appsessionid = "";
-		}
 	}
 	//Connect to the application session (PHP Session)
 	session_id($appsessionid);
@@ Zeile 232: / Zeile 217: @@
 ?>
 </file>
+===== remsess.php =====
+<file php remsess.php>
+<?php
+/*
+	This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    Copyright 2015 Frank Schreiterer, University of Bamberg, Computing Centre
+*/
+function removeMemcached($destid) {
+	$mcsrv="127.0.0.1";
+	$mcport="11211";
+	$mc=new Memcache;
+	$mc->connect($mcsrv,$mcport);
+	$stats = $mc->getExtendedStats();
+    $list = array();
+    #memcached auslesen und bei passendem Wert den Key entfernen
+    $allSlabs = $mc->getExtendedStats('slabs');
+    $items = $mc->getExtendedStats('items');
+    foreach($allSlabs as $server => $slabs) {
+        foreach($slabs AS $slabId => $slabMeta) {
+			if (is_numeric($slabId)) {
+				$cdump = $mc->getExtendedStats('cachedump',(int)$slabId);
+				foreach($cdump AS $keys => $arrVal) {
+					if (!is_array($arrVal)) continue;
+					foreach($arrVal AS $k => $v) {
+						$get = $mc->get($k);
+						if ($get == $destid) {
+							$ret = $mc->delete($k);
+						}
+					}
+				}
+			}
+        }
+    }
+    #und bei mixedLazy den Sicherungseintrag zur destid
+    $ret = $mc->delete($destid);
+	$mc->close();
+}
+#eine böse Anwendungs-Session-ID zerstören
+if (isset($_REQUEST['appsid'])) {
+	$destid = $_REQUEST['appsid'];
+	if ($destid != "") {
+		session_id($destid);
+		removeMemcached($destid);
+		session_start();
+		session_destroy();
+	}
+}
+session_start();
+$serverurl="https://".$_SERVER['SERVER_NAME'];
+if (isset($_REQUEST['shibloggedoff'])) {
+	$shiblogoff = $_REQUEST['shibloggedoff'];
+	if ($shiblogoff == "true") {
+		echo "Sie wurden abgemeldet.<br><br>Erneut <a href=\"$serverurl/PATH/TO/Login\">anmelden</a><br>";
+	}
+} else {
+	$destid = session_id();
+	removeMemcached($destid);
+	$url="$serverurl/Shibboleth.sso/Logout?return=$serverurl/PATH/TO/remsess.php?shibloggedoff=true";
+	header('Location: '.$url);
+}
+session_destroy();
+#SessionCookie löschen
+setcookie(session_name(),"",time() -3600,"/");
+?>
+</file>