diff --git a/bin/check_idp_error_urls.sh b/bin/check_idp_error_urls.sh index 8a68e46..c3aacd3 100755 --- a/bin/check_idp_error_urls.sh +++ b/bin/check_idp_error_urls.sh @@ -16,7 +16,7 @@ # limitations under the License. ####################################################################### -script_version="0.3" +script_version="0.4" user_agent_string="Check IdP Error URLs ${script_version}" ####################################################################### @@ -30,7 +30,7 @@ display_help () { Given a list of entityIDs and a metadata source, for each IdP probe its errorURL in metadata (if any). - Usage: ${0##*/} [-hvq] [-t CONNECT_TIME -m MAX_TIME] (-u MDQ_BASE_URL | -f MD_PATH) [-d OUT_DIR] [ID ...] + Usage: ${0##*/} [-hvq] [-d OUT_DIR] [-t CONNECT_TIME -m MAX_TIME] (-u MDQ_BASE_URL | -f MD_PATH) [ID ...] The script optionally takes a sequence of identifiers on the command line. If none are given, the script takes its input from stdin. @@ -38,17 +38,21 @@ display_help () { Options: -h Display this message -v Write verbose messages to stdout - -q Run quietly (i.e., write no messages to stdout/stderr) + -q Run quietly (i.e., write no messages to the terminal) + -d Path to an output directory -t Time (in secs) allotted to connect to the host -m Maximum time (in secs) allotted to a complete probe -u Base URL of a Metadata Query Server -f Path to a local metadata file - -d Path to an output directory Option -h is mutually exclusive of all other options. Options - -q and -v are mutually exclusive of each other. Options -u and -f - are mutually exclusive of each other as well. Option -d is required + -q and -v are mutually exclusive of each other. Likewise options -u + and -f are mutually exclusive of each other. Option -d is required if file output is desired. + + Option -q suppresses all output to the terminal, even error messages. + If option -d is specified, output is written to files instead. In + particular, an error log is maintained in the output directory. The argument of the -t option is the TCP connect time, that is, the maximum time (in secs) allotted to the TCP connection. Note @@ -56,7 +60,8 @@ display_help () { DNS name lookup. Since the latter is unconstrained, it may consume all available TCP connect time. Thus the TCP connect time should be kept small (say, less than 10 seconds) since - larger values will slow this script considerably. + larger values will slow this script considerably. The default + value of this option argument is $connect_timeout_default secs. The argument of the -m option is the maximum total time (in secs) allotted to each probe. A reasonable value is a few seconds @@ -194,6 +199,11 @@ display_help () { (xml:lang="en") is used in each case. If there is no such element in metadata, the field is left blank. + ${ERROR_LOG_FILENAME} + + If both options -q and -d are given on the command, error and + warning messages are recorded in this file. + Examples: ${0##*/} -h ${0##*/} -t ${connect_timeout_default} -m ${max_time_default} \$id cat \$id_file | ${0##*/} -v -t 4 -m 6 @@ -205,19 +215,46 @@ HELP_MSG ####################################################################### # Bootstrap +# (anything in this section may be referenced in the help file) ####################################################################### script_bin=${0%/*} # equivalent to dirname $0 script_name=${0##*/} # equivalent to basename $0 -connect_timeout_default=2 -max_time_default=4 - # library filenames (always list command_paths first) LIB_FILENAMES="command_paths.sh compatible_mktemp.sh md_tools.sh" +# determine the source lib directory +if [ -z "$LIB_DIR" ]; then + echo "ERROR: $script_name requires env var LIB_DIR" >&2 + exit 2 +fi +if [ ! -d "$LIB_DIR" ]; then + echo "ERROR: $script_name: LIB_DIR does not exist: $LIB_DIR" >&2 + exit 2 +fi + +# source lib files +for lib_filename in $LIB_FILENAMES; do + lib_file="$LIB_DIR/$lib_filename" + if [ ! -f "$lib_file" ]; then + echo "ERROR: $script_name: lib file does not exist: $lib_file" >&2 + exit 2 + fi + source "$lib_file" + status_code=$? + if [ $status_code -ne 0 ]; then + echo "ERROR: $script_name failed to source lib file ($status_code) $lib_file" >&2 + exit 2 + fi +done + +# default parameters +connect_timeout_default=2 +max_time_default=4 + # output filenames NO_IDP_ROLE_FILENAME="entities-no-idp-role.txt" NO_ERROR_URL_FILENAME="idps-no-error-url.txt" @@ -283,6 +320,15 @@ if $help_mode; then exit 0 fi +# report bootstrap operation +if $verbose_mode; then + printf "$script_name using source lib directory: %s\n" "$LIB_DIR" + for lib_filename in $LIB_FILENAMES; do + lib_file="$LIB_DIR/$lib_filename" + printf "$script_name sourcing lib file: %s\n" "$lib_file" + done +fi + # determine the metadata source if $md_query_mode; then if [ -z "$mdq_base_url" ]; then @@ -324,12 +370,10 @@ else /bin/mkdir "$OUT_DIR" exit_status=$? if [ $exit_status -ne 0 ]; then - echo "ERROR: $script_name failed to create dir: $OUT_DIR" >&2 - exit $exit_status + echo "ERROR: $script_name failed to create out dir ($exit_status) $OUT_DIR" >&2 + exit 2 fi fi - # redirect stderr to a file - $quiet_mode && exec 2>"$ERROR_LOG_FILE" fi # check consistency of timeout options (both or neither are required) @@ -358,37 +402,10 @@ fi # Initialization ##################################################################### -# determine the source lib directory -if [ -z "$LIB_DIR" ]; then - echo "ERROR: $script_name requires env var LIB_DIR" >&2 - exit 2 -fi -if [ ! -d "$LIB_DIR" ]; then - echo "ERROR: $script_name: directory does not exist: $LIB_DIR" >&2 - exit 2 -fi -$verbose_mode && printf "$script_name using source lib directory: %s\n" "$LIB_DIR" - -# source lib files -for lib_filename in $LIB_FILENAMES; do - lib_file="$LIB_DIR/$lib_filename" - if [ ! -f "$lib_file" ]; then - echo "ERROR: $script_name: file does not exist: $lib_file" >&2 - exit 2 - fi - $verbose_mode && printf "$script_name sourcing lib file: %s\n" "$lib_file" - source "$lib_file" >&2 - exit_code=$? - if [ $exit_code -ne 0 ]; then - echo "ERROR: $script_name failed to source script $lib_file" >&2 - exit $exit_code - fi -done - # determine temporary directory if [ -n "$TMPDIR" ] && [ -d "$TMPDIR" ]; then # use system temporary directory (remove trailing slash) - TMP_DIR="${TMPDIR%%/}/shib-idp-probe" + TMP_DIR="${TMPDIR%%/}/saml-idp-probe" $verbose_mode && printf "$script_name using temp dir: %s\n" "$TMP_DIR" else # create temporary directory @@ -398,15 +415,15 @@ else exit 2 fi # use temporary directory (remove trailing slash) - TMP_DIR="${tmp_dir%%/}/shib-idp-probe" + TMP_DIR="${tmp_dir%%/}/saml-idp-probe" $verbose_mode && printf "$script_name creating temp dir: %s\n" "$TMP_DIR" fi if [ ! -d "$TMP_DIR" ]; then /bin/mkdir "$TMP_DIR" exit_status=$? if [ $exit_status -ne 0 ]; then - echo "ERROR: $script_name failed to create dir: $TMP_DIR" >&2 - exit $exit_status + echo "ERROR: $script_name failed to create tmp dir ($exit_status) $TMP_DIR" >&2 + exit 2 fi fi @@ -451,7 +468,14 @@ init_out_files () { /bin/rm -f "$IDP_NAMES_FILE" /bin/rm -f "$ERROR_LOG_FILE" + # redirect stderr to a file + if $quiet_mode; then + $_TOUCH "$ERROR_LOG_FILE" + exec 2>"$ERROR_LOG_FILE" + fi + # output cross-script compatibility info + $verbose_mode && printf "$script_name writing compatibility file: %s\n" "$COMPATIBILITY_SCRIPT_FILE" /bin/cat <<- COMPATIBILITY_SCRIPT > $COMPATIBILITY_SCRIPT_FILE # exactly one of the following two global vars will be nonempty MD_PATH=$md_path @@ -461,6 +485,7 @@ init_out_files () { NO_ERROR_URL_FILE=$NO_ERROR_URL_FILE IDP_ERROR_URL_LOG_FILE=$IDP_ERROR_URL_LOG_FILE IDP_NAMES_FILE=$IDP_NAMES_FILE + ERROR_LOG_FILE=$ERROR_LOG_FILE # temporary output directory TMP_DIR="$TMP_DIR" COMPATIBILITY_SCRIPT @@ -556,8 +581,8 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts" names=$( echo "$entityDescriptor" \ | /usr/bin/xsltproc $LIB_DIR/extract_IdP_names.xsl - ) - exit_code=$? - if [ "$exit_code" -ne 0 ]; then + status_code=$? + if [ "$status_code" -ne 0 ]; then echo "ERROR: $script_name: unable to extract IdP names for entityID: $entityID" >&2 continue fi @@ -586,7 +611,7 @@ $verbose_mode && printf "$script_name using curl opts: %s\n" "$curl_opts" status_code=$? printf "%s %s %s\n" "$status_code" "$output" "$errorURL" - print_idp_error_url_logfile "$IDP_ERROR_URL_LOG_FILE" + print_idp_error_url_logfile "$g" done exit 0