The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Thanks a lot Paul,

I'll review your patch and integrate it to the next Sympa release.

Best regards,

David

Le 31/03/15 18:07, Paul Grzesina a écrit :

I mentioned this problem off list, but now that I have a solution I'll post it here and hope the change gets incorporated in the next release.

Briefly, when CAS was enabled, if you weren't already authenticated against CAS, the browser would go into a redirect loop when you went to Sympa. If you were authenticated, Sympa would not get the user information. Below are patches to wwsympa.fcgi and Conf.pm that fixed the issue for me:

--- wwsympa.fcgi        2015-03-23 15:26:52.000000000 -0600
+++ /home/sympa/bin/wwsympa.fcgi        2015-03-31 09:51:07.000000000 -0600
@@ -1471,11 +1471,11 @@
                     ## don't have more then 10 CAS servers (because we don't
                     ## properly split the list of values)
                     $log->syslog('debug',
-                        "check_cas checker_cas : $session->{'checked_cas'} current cas_id $Conf::Conf{'cas_id'}{$robot}{$auth_service->{'auth_service_name'}}"
+                        "check_cas checker_cas : $session->{'checked_cas'} current cas_id $Conf::Conf{'cas_id'}{$robot}{$auth_service->{'auth_service_name'}}{'casnum'}"
                     );
                     next
                         if ($session->{'checked_cas'} =~
-                        /$Conf::Conf{'cas_id'}{$robot}{$auth_service->{'auth_service_name'}}/
+                        /$Conf::Conf{'cas_id'}{$robot}{$auth_service->{'auth_service_name'}}{'casnum'}/
                         );

                     # before redirect update the list of already checked cas
@@ -1487,7 +1487,7 @@
                     ## CAS servers
                     $session->{'checked_cas'} .=
                         $Conf::Conf{'cas_id'}{$robot}
-                        {$auth_service->{'auth_service_name'}};
+                        {$auth_service->{'auth_service_name'}}{'casnum'};

                     my $redirect_url =
                         $cas_server->getServerLoginGatewayURL($return_url);
@@ -3877,7 +3877,7 @@
     ## This is a CAS service
     if (defined(
             my $cas_id =
-                $Conf::Conf{'cas_id'}{$robot}{$in{'auth_service_name'}}
+                $Conf::Conf{'cas_id'}{$robot}{$in{'auth_service_name'}}{'casnum'}
         )
         ) {
         my $cas_server =
@@ -3891,7 +3891,7 @@

         $session->{'checked_cas'} = $cas_id;
         my $service = "$param->{'base_url'}$param->{'path_cgi'}" . $path;
-
+wwslog('info', '(cas_server %s)', $cas_id);
         my $redirect_url = $cas_server->getServerLoginURL($service);
         wwslog('info', '(%s)', $redirect_url);
         if ($redirect_url =~ /http(s)+\:\//i) {


--- Conf.pm     2015-03-13 07:09:03.000000000 -0600
+++ /home/sympa/bin/Conf.pm     2015-03-31 09:06:47.000000000 -0600
@@ -1206,6 +1206,7 @@
                     }

                     $Conf{'cas_number'}{$robot}++;
+                    $Conf{'cas_id'}{$robot}{$current_paragraph->{'auth_service_name'}}{'casnum'} =  $#paragraphs+1 ;

                     ## Default value for auth_service_friendly_name IS
                     ## auth_service_name

--
A bug in Sympa? Quick! To the bug tracker!

David Verdin Études et projets applicatifs
Tél : +33 2 23 23 69 71 Fax : +33 2 23 23 71 21   www.renater.fr	RENATER 263 Avenue du Gal Leclerc 35042 Rennes Cedex

Attachment: smime.p7s
Description: Signature cryptographique S/MIME