rubycas-server 0.3.0 → 0.4.0

data/CHANGELOG.txt

@@ -1,3 +1,13 @@
+=== 0.4.0 :: In progress...
+
+* Added rubycas-server-ctl script for controlling daemonized server.
+* Added system startup script to be used in /etc/init.d on Linux systems.
+* Authenticator can now be loaded from an external file using the 'source'
+  configuration option.
+* Better preemptive detection of startup problems with mongrel.
+* User now sees an error message if the service URI is not a valid URI (i.e.
+  if it's not URI-encoded or otherwise malformed).
+
 === 0.3.0 :: 2007-03-29
 
 * Fixed glaring security problem with LDAP/AD Authenticator where under some

data/Manifest.txt

@@ -4,6 +4,7 @@ Manifest.txt
 README.txt
 Rakefile
 bin/rubycas-server
+bin/rubycas-server-ctl
 config.example.yml
 lib/casserver.rb
 lib/casserver/authenticators/active_directory_ldap.rb
@@ -31,5 +32,6 @@ lib/themes/urbacon/login_box_bg.png
 lib/themes/urbacon/logo.png
 lib/themes/urbacon/theme.css
 lib/themes/warning.png
+resources/init.d.sh
 setup.rb
 test/test_casserver.rb

data/Rakefile

@@ -20,7 +20,6 @@ HOMEPATH = "http://#{RUBYFORGE_PROJECT}.rubyforge.org"
 
 DEPS = [
   ['camping', '>= 1.5'],
-#  ['sqlite3-ruby', '>= 1.2.0'],
   ['activesupport', '>= 1.4.0'],
   ['activerecord', '>=1.15.3']
 ]
@@ -56,5 +55,5 @@ hoe = Hoe.new(GEM_NAME, VERS) do |p|
   
   # == Optional
   p.extra_deps = DEPS
-  p.spec_extras = {:executables => 'rubycas-server'}
+  p.spec_extras = {:executables => ['rubycas-server', 'rubycas-server-ctl']}
 end

data/bin/rubycas-server

@@ -4,10 +4,14 @@ require 'optparse'
 
 local_casserver = File.expand_path(File.dirname(File.expand_path(__FILE__))+'/../lib/casserver.rb')
 if File.exists? local_casserver
+  # use local rubycas-server installation
   $: << File.dirname(local_casserver)
+  path = File.dirname(local_casserver)+"/"
 else
+  # use gem installation
+  path = ""
   require 'rubygems'
-  require_gem 'rubycas-server'
+  gem 'rubycas-server'
 end
 
 OptionParser.new do |opts|
@@ -21,14 +25,27 @@ OptionParser.new do |opts|
   opts.on("-d", "--daemonize", "Run as a daemon (only when using webrick or mongrel)") do |c|
     $DAEMONIZE = true
   end
-  
+
+  opts.on("-P", "--pid_file FILE", "Use pid file (default is /etc/rubycas-server/rubycas-server.pid)") do |c|
+    if $DAEMONIZE && !File.exists?(c)
+      puts "Using pid file '#{c}'"
+      $PID_FILE = c
+    elsif File.exists?(c)
+      puts "The pid file already exists.  Is rubycas-server running?\n" +
+      	"You will have to first manually remove the pid file at '#{c}' to start the server as a daemon."
+      exit 1
+    else
+      puts "Not running as Daemon.  Ignoring pid option"
+    end
+  end
+
   opts.on_tail("-h", "--help", "Show this message") do
     puts opts
     exit
   end
   
   opts.on_tail("-v", "--version", "Show version number") do
-  	require 'casserver/version'
+  	require "#{path}casserver/version"
     puts "rubycas-server-#{CASServer::VERSION::STRING}"
     exit
   end
@@ -36,4 +53,4 @@ end.parse!
 
 $RUN = true
 
-load 'casserver.rb'
+load "#{path}casserver.rb"

data/bin/rubycas-server-ctl

@@ -0,0 +1,163 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+
+@options = {}
+@options[:pid_file] = "/etc/rubycas-server/rubycas-server.pid"
+@options[:conf_file] = nil
+@options[:verbose] = false
+
+def start
+  # use local rubycas-server bin if it exists and is executable -- makes debugging easier
+  bin = File.dirname(File.expand_path(__FILE__)) + "/rubycas-server"
+
+  if File.exists?(bin)
+    exec = "ruby #{bin}"
+  else
+    exec = "rubycas-server"
+  end
+  
+  case get_state
+  when :ok
+    $stderr.puts "rubycas-server is already running"
+    exit 1
+  when :not_running
+    $stderr.puts "The pid file '#{@options[:pid_file]}' exists but rubycas-server is not running." +
+      "Please delete the pid file first."
+    exit 1
+  when :dead
+    $stderr.puts "The pid file '#{@options[:pid_file]}' exists but rubycas-server is not running." +
+      " Please delete the pid file first."
+    exit 1
+  when :missing_pid
+    # we should be good to go (unless the server is already running without a pid file)
+  else
+    $stderr.puts "rubycas-server could not be started. Try looking in the log file for more info."
+    exit 1
+  end
+  	
+  cmd = "#{exec} -d -P #{@options[:pid_file]}"
+  cmd += " -c #{@options[:conf_file]}" if !@options[:conf_file].nil?
+  
+  puts ">>> #{cmd}" if @options[:verbose]
+  
+  output = `#{cmd}`
+  
+  puts "<<< #{output}" if @options[:verbose]
+  
+  if s = get_state == :ok
+    exit 0
+  else
+    $stderr.puts "rubycas-server could not start properly!\nTry running with the --verbose option for details." 
+    case s
+    when :missing_pid
+      exit 4
+    when :not_running
+      exit 3
+    when :dead
+      exit 1
+    else
+      exit 4
+    end
+  end
+end
+
+def stop
+  if File.exists? @options[:pid_file]
+    pid = open(@options[:pid_file]).read.to_i
+    begin
+      Process.kill("TERM", pid)
+      exit 0
+    rescue Errno::ESRCH
+      $stderr.puts "rubycas-server process '#{pid}' does not exist."
+      exit 1
+    end
+  else
+    $stderr.puts "#{@options[:pid_file]} not found.  Is rubycas-server running?"
+    exit 4
+  end
+end
+
+def status
+  case get_state
+  when :ok
+    puts "rubycas-server appears to be up and running."
+    exit 0
+  when :missing_pid
+    $stderr.puts "rubycas-server does not appear to be running (pid file not found)."
+    exit 3
+  when :empty_pid
+    $stderr.puts "rubycas-server does not appear to be running (pid file exists but is empty)."
+  when :not_running
+    $stderr.puts "rubycas-server is not running."
+    exit 1
+  when :dead
+    $stderr.puts "rubycas-server is dead or unresponsive."
+    exit 102
+  end
+end
+
+def get_state
+  if File.exists? @options[:pid_file]
+    pid = File.read(@options[:pid_file]).strip
+    
+    return :empty_pid unless pid and !pid.empty? # pid file exists but is empty
+    
+    state = `ps -p #{pid} -o state=`.strip
+    if state == ''
+      :not_running
+    elsif state == 'R' || state == 'S'
+      :ok
+    else
+      :dead
+    end
+  else
+    # TODO: scan through the process table to see if server is running without pid file
+    :missing_pid
+  end
+end
+
+OptionParser.new do |opts|
+  opts.banner = "Usage: #{$0} (start|stop|restart) [options]"
+  opts.banner += "\nruby-server-ctl is only usable when using webrick or mongrel"
+ 
+  opts.on("-c", "--config FILE", "Path to rubycas-server configuration file") { |value| @options[:conf_file] = value }
+  opts.on("-P", "--pid_file FILE", "Path to rubycas-server pid file") { |value| @options[:pid_file] = value }
+  opts.on('-v', '--verbose', "Print all called commands and output.") { |value| @options[:verbose] = value }
+
+  if ARGV.empty?
+    puts opts
+    exit
+  else
+    @cmd = opts.parse!(ARGV)
+    if @cmd.nil?
+      puts opts
+      exit
+    end
+  end
+end
+
+if !@options[:conf_file].nil? && !File.exists?(@options[:conf_file])
+  puts "Invalid path to rubycas-server configuration file: #{@options[:conf_file]}"
+  exit
+end
+
+case @cmd[0]
+when "start": 
+  puts "Starting rubycas-server..."
+  start
+when "stop":
+  puts "Stopping rubycas-server..."
+  stop
+when "restart":
+  puts "Restarting rubycas-server..."
+  stop
+  start
+when "status":
+  puts "Checking status of rubycas-server..."
+  status
+else
+ puts "Invalid command. Usage: rubycas-server-ctl [-cPv] start|stop|restart|status"
+end
+
+exit

data/config.example.yml

@@ -149,16 +149,16 @@ database:
 # as a hash under :username and :password keys. In the future, this hash
 # might also contain other data such as the domain that the user is logging in to.
 #
-# To use your custom authenticator, specify it's class name in the authenticator section
-# of the config. You will also probably have to load the class using using a `require`
-# call at the top of casserver.rb. Any other parameters you specify in the authenticator
-# configuration will be passed on to the authenticator and made availabe in the validate()
-# method as an @options hash.
+# To use your custom authenticator, specify it's class name and path to the source file 
+# in the authenticator section of the config. Any other parameters you specify in the 
+# authenticator configuration will be passed on to the authenticator and made availabe in
+# the validate() method as an @options hash.
 #
 # Example:
 #
 #authenticator:
 #  class: FooModule::MyCustomAuthenticator
+#  source: /path/to/source.rb
 #  option_a: foo
 #  another_option: yeeha
 
@@ -224,4 +224,4 @@ log:
 # If you would prefer that ticket-granting ticket expiry be enforced (in effect limiting
 # the maximum length of a session), you can set expire_sessions to true.
 
-# expire_sessions: false
+# expire_sessions: false

data/lib/casserver.rb

@@ -8,7 +8,7 @@ $CASSERVER_HOME = File.dirname(File.expand_path(__FILE__))
 $: << $CASSERVER_HOME
 
 require 'rubygems'
-require_gem 'camping', '~> 1.5'
+gem 'camping', '~> 1.5'
 require 'camping'
 
 require 'active_support'
@@ -31,9 +31,14 @@ module CASServer
   module_function :init_logger
 
   def init_db_logger
-    if CASServer::Conf.db_log
-      CASServer::Models::Base.logger = Logger.new(CASServer::Conf.db_log[:file] || 'casserver_db.log')
-      CASServer::Models::Base.logger.level = "CASServer::Utils::Logger::#{CASServer::Conf.db_log[:level] || 'DEBUG'}".constantize
+    begin
+      if CASServer::Conf.db_log
+        log_file = CASServer::Conf.db_log[:file] || 'casserver_db.log'
+        CASServer::Models::Base.logger = Logger.new(log_file)
+        CASServer::Models::Base.logger.level = "CASServer::Utils::Logger::#{CASServer::Conf.db_log[:level] || 'DEBUG'}".constantize
+      end
+    rescue Errno::EACCES => e
+      $LOG.warn "Can't write to database log file at '#{log_file}': #{e}"
     end
   end
   module_function :init_db_logger
@@ -72,11 +77,17 @@ if __FILE__ == $0 || $RUN
   
   require 'casserver/postambles'
   include CASServer::Postambles
-  
+
+  if $PID_FILE && (CASServer::Conf.server.to_s != 'mongrel' || CASServer::Conf.server.to_s != 'webrick')
+    $LOG.warn("Unable to create a pid file. You must use mongrel or webrick for this feature.")
+  end
+
   begin
     raise NoMethodError if CASServer::Conf.server.nil?
     send(CASServer::Conf.server)
   rescue NoMethodError
+    # FIXME: this rescue can sometime report the incorrect error messages due to other underlying problems
+    #         raising a NoMethodError
     if CASServer::Conf.server
       raise "The server setting '#{CASServer::Conf.server}' in your config.yml file is invalid."
     else

data/lib/casserver/authenticators/ldap.rb

@@ -4,7 +4,7 @@ begin
   require 'net/ldap'
 rescue LoadError
   require 'rubygems'
-  require_gem 'ruby-net-ldap', '~> 0.0.4'
+  gem 'ruby-net-ldap', '~> 0.0.4'
   require 'net/ldap'
 end
 

data/lib/casserver/cas.rb

@@ -219,6 +219,8 @@ module CASServer::CAS
   def service_uri_with_ticket(service, st)
     raise ArgumentError, "Second argument must be a ServiceTicket!" unless st.kind_of? CASServer::Models::ServiceTicket
     
+    # This will choke with a URI::InvalidURIError if service URI is not properly URI-escaped...
+    # This exception is handled further upstream (i.e. in the controller).
     service_uri = URI.parse(service)
     
     if service.include? "?"

data/lib/casserver/conf.rb

@@ -47,9 +47,15 @@ begin
     # attempt to instantiate the authenticator
     $AUTH = $CONF[:authenticator][:class].constantize.new
   rescue NameError
-    # the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
-    auth_rb = $CONF[:authenticator][:class].underscore.gsub('cas_server/', '')
-    require 'casserver/'+auth_rb
+    if !$CONF[:authenticator][:source].nil?
+      # config.yml explicitly names source file
+      require $CONF[:authenticator][:source]
+    else
+      # the authenticator class hasn't yet been loaded, so lets try to load it from the casserver/authenticators directory
+      auth_rb = $CONF[:authenticator][:class].underscore.gsub('cas_server/', '')
+      require 'casserver/'+auth_rb
+    end
+
     $AUTH = $CONF[:authenticator][:class].constantize.new
   end
 rescue

data/lib/casserver/controllers.rb

@@ -24,14 +24,19 @@ module CASServer::Controllers
       end
       
       if tgt and !tgt_error
-        @message = {:type => 'notice', :message => %{You are currently logged in as "#{tgt.username}". If you are not you, please log in below.}}
+        @message = {:type => 'notice', :message => %{You are currently logged in as "#{tgt.username}". If this is not you, please log in below.}}
       end
       
-      if @service && !@renew && tgt && !tgt_error
-        st = generate_service_ticket(@service, tgt.username)
-        service_with_ticket = service_uri_with_ticket(@service, st)
-        $LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
-        return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
+      begin
+        if @service && !@renew && tgt && !tgt_error
+          st = generate_service_ticket(@service, tgt.username)
+          service_with_ticket = service_uri_with_ticket(@service, st)
+          $LOG.info("User '#{tgt.username}' authenticated based on ticket granting cookie. Redirecting to service '#{@service}'.")
+          return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
+        end
+      rescue
+        $LOG.error("The service '#{@service}' is not a valid URI!")
+        @message = {:type => 'mistake', :message => "The target service your browser supplied appears to be invalid. Please contact your system administrator for help."}
       end
       
       lt = generate_login_ticket
@@ -98,19 +103,24 @@ module CASServer::Controllers
         if @service.blank?
           $LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
           @message = {:type => 'confirmation', :message => "You have successfully logged in."}
-          render :login
         else
-          @st = generate_service_ticket(@service, @username)        
-          service_with_ticket = service_uri_with_ticket(@service, @st)
-        
-          $LOG.info("Redirecting authenticated user '#{@username}' at '#{@st.client_hostname}' to service '#{@service}'")
-          return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
+          @st = generate_service_ticket(@service, @username)
+          begin
+            service_with_ticket = service_uri_with_ticket(@service, @st)
+            
+            $LOG.info("Redirecting authenticated user '#{@username}' at '#{@st.client_hostname}' to service '#{@service}'")
+            return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
+          rescue URI::InvalidURIError
+            $LOG.error("The service '#{@service}' is not a valid URI!")
+            @message = {:type => 'mistake', :message => "The target service your browser supplied appears to be invalid. Please contact your system administrator for help."}
+          end
         end
       else
         $LOG.warn("Invalid credentials given for user '#{@username}'")
         @message = {:type => 'mistake', :message => "Incorrect username or password."}
-        render :login
       end
+      
+      render :login
     end
   end
   
@@ -279,4 +289,4 @@ module CASServer::Controllers
       end
     end
   end
-end
+end

data/lib/casserver/postambles.rb

@@ -47,9 +47,16 @@ module CASServer
       trap(:INT) do
         s.shutdown
       end
+      trap(:TERM) do
+        s.shutdown
+      end
     
       if $DAEMONIZE
-        WEBrick::Daemon.start {s.start}
+        WEBrick::Daemon.start do
+          write_pid_file if $PID_FILE
+          s.start
+          clear_pid_file
+        end
       else
         s.start
       end
@@ -64,24 +71,35 @@ module CASServer
       # camping has fixes for mongrel currently only availabe in SVN
       # ... you can install camping from svn (1.5.180) by running: 
       #     gem install camping --source code.whytheluckystiff.net
-      require_gem 'camping', '~> 1.5.180'
+      gem 'camping', '~> 1.5.180'
+      
+      if $DAEMONIZE
+        # check if log and pid are writable before daemonizing, otherwise we won't be able to notify
+        # the user if we run into trouble later (since once daemonized, we can't write to stdout/stderr)
+        check_pid_writable if $PID_FILE
+        check_log_writable
+      end
       
-      CASServer.create    
+      CASServer.create
       
       puts "\n** CASServer is starting. Look in '#{CASServer::Conf.log[:file]}' for further notices."
       
       settings = {:host => "0.0.0.0", :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME}
       
-      # need to close all IOs if we daemonize
-      $LOG.close
+      # need to close all IOs before daemonizing
+      $LOG.close if $DAEMONIZE
       
-      config = Mongrel::Configurator.new settings  do
-        daemonize :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
-        
-        listener :port => CASServer::Conf.port do
-          uri CASServer::Conf.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
-          setup_signals
+      begin
+        config = Mongrel::Configurator.new settings  do
+          daemonize :log_file => CASServer::Conf.log[:file], :cwd => $CASSERVER_HOME if $DAEMONIZE
+          
+          listener :port => CASServer::Conf.port do
+            uri CASServer::Conf.uri_path, :handler => Mongrel::Camping::CampingHandler.new(CASServer)
+            setup_signals
+          end
         end
+      rescue Errno::EADDRINUSE
+        exit 1
       end
       
       config.run
@@ -89,8 +107,19 @@ module CASServer
       CASServer.init_logger
       CASServer.init_db_logger
       
+      if $DAEMONIZE && $PID_FILE
+        write_pid_file
+        unless File.exists? $PID_FILE
+          $LOG.error "CASServer could not start because pid file '#{$PID_FILE}' could not be created."
+          exit 1
+        end
+      end
+      
       puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
       config.join
+
+      clear_pid_file
+
       puts "\n** CASServer is stopped (#{Time.now})"
     end
     
@@ -108,6 +137,41 @@ module CASServer
       CASServer.create
       puts CASServer.run
     end
+    
+    private
+    def check_log_writable
+      log_file = CASServer::Conf.log['file']
+      begin
+        f = open(log_file, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log file at '#{log_file}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def check_pid_writable
+      $LOG.debug "Checking if pid file '#{$PID_FILE}' is writable"
+      begin        
+        f = open($PID_FILE, 'w')
+      rescue
+        $stderr.puts "Couldn't write to log at '#{$PID_FILE}' (#{$!})."
+        exit 1
+      end
+      f.close
+    end
+    
+    def write_pid_file
+      $LOG.debug "Writing pid '#{Process.pid}' to pid file '#{$PID_FILE}'"
+      open($PID_FILE, "w") { |file| file.write(Process.pid) }
+    end
+    
+    def clear_pid_file
+      if $PID_FILE && File.exists?($PID_FILE)
+        $LOG.debug "Clearing pid file '#{$PID_FILE}'"
+        File.unlink $PID_FILE
+      end
+    end
   
   end
 end

data/lib/casserver/version.rb

@@ -1,7 +1,7 @@
 module CASServer
   module VERSION #:nodoc:
     MAJOR = 0
-    MINOR = 3
+    MINOR = 4
     TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')

data/resources/init.d.sh

@@ -0,0 +1,58 @@
+#! /bin/sh
+#
+# Copyright (c) 2007 Urbacon Ltd.
+#
+# System startup script for the RubyCAS-Server
+#
+# Instructions:
+#   1. Rename this file to 'rubycas-server'
+#   2. Copy it to your '/etc/init.d' directory
+#   3. chmod +x /etc/init.d/rubycas-server
+#
+# chkconfig - 85 15
+# description: Provides single-sign-on authentication for web applications.
+#
+### BEGIN INIT INFO
+# Provides: rubycas-server
+# Required-Start: $syslog
+# Should-Start:
+# Required-Stop:  $syslog
+# Should-Stop:
+# Default-Start:  3 5
+# Default-Stop:   0 1 2 6
+# Description:    Start the RubyCAS-Server
+### END INIT INFO
+
+CASSERVER_CTL=rubycas-server-ctl
+
+# Gracefully exit if the controller is missing.
+which $CASSERVER_CTL > /dev/null || exit 0
+
+# Source config
+. /etc/rc.status
+
+rc_reset
+case "$1" in
+    start)
+        $CASSERVER_CTL start
+        rc_status -v
+        ;;
+    stop)
+        $CASSERVER_CTL stop
+        rc_status -v
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        rc_status
+        ;;
+    status)
+        $CASSERVER_CTL status
+        rc_status -v
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|status|restart}"
+        exit 1
+        ;;
+esac
+rc_exit

metadata

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification 
-rubygems_version: 0.9.0
+rubygems_version: 0.9.2
 specification_version: 1
 name: rubycas-server
 version: !ruby/object:Gem::Version 
-  version: 0.3.0
-date: 2007-03-29 00:00:00 -04:00
+  version: 0.4.0
+date: 2007-06-04 00:00:00 -04:00
 summary: Provides single sign on for web applications using the CAS protocol.
 require_paths: 
 - lib
@@ -35,6 +35,7 @@ files:
 - README.txt
 - Rakefile
 - bin/rubycas-server
+- bin/rubycas-server-ctl
 - config.example.yml
 - lib/casserver.rb
 - lib/casserver/authenticators/active_directory_ldap.rb
@@ -62,6 +63,7 @@ files:
 - lib/themes/urbacon/logo.png
 - lib/themes/urbacon/theme.css
 - lib/themes/warning.png
+- resources/init.d.sh
 - setup.rb
 - test/test_casserver.rb
 test_files: 
@@ -73,6 +75,7 @@ extra_rdoc_files: []
 
 executables: 
 - rubycas-server
+- rubycas-server-ctl
 extensions: []
 
 requirements: []