2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51 * shib-shire.cpp -- Shibboleth SHIRE functions
53 * Created by: Derek Atkins <derek@ihtfp.com>
66 class shibtarget::SHIREPriv
69 SHIREPriv(RPCHandle *rpc, SHIREConfig cfg, string shire_url);
76 log4cpp::Category* log;
79 SHIREPriv::SHIREPriv(RPCHandle *rpc, SHIREConfig cfg, string shire_url)
81 string ctx = "shibtarget.SHIRE";
82 log = &(log4cpp::Category::getInstance(ctx));
88 SHIREPriv::~SHIREPriv() {}
91 SHIRE::SHIRE(RPCHandle *rpc, SHIREConfig cfg, string shire_url)
93 m_priv = new SHIREPriv(rpc, cfg, shire_url);
94 m_priv->log->info ("New SHIRE handle created: %p", m_priv);
103 RPCError* SHIRE::sessionIsValid(const char* cookie, const char* ip, const char* url)
105 saml::NDC ndc("sessionIsValid");
107 if (!cookie || *cookie == '\0') {
108 m_priv->log->error ("No cookie value was provided");
109 return new RPCError(SHIBRPC_NO_SESSION, "No cookie value was provided");
113 m_priv->log->error ("No IP");
114 return new RPCError(-1, "Invalid IP Address");
117 // make sure we pass _something_ to the server
120 m_priv->log->info ("is session valid: %s", ip);
121 m_priv->log->debug ("session cookie: %s", cookie);
123 shibrpc_session_is_valid_args_1 arg;
125 arg.cookie.cookie = (char*)cookie;
126 arg.cookie.client_addr = (char *)ip;
127 arg.url = (char *)url;
128 arg.lifetime = m_priv->m_config.lifetime;
129 arg.timeout = m_priv->m_config.timeout;
130 arg.checkIPAddress = m_priv->m_config.checkIPAddress;
132 shibrpc_session_is_valid_ret_1 ret;
133 memset (&ret, 0, sizeof(ret));
135 // Loop on the RPC in case we lost contact the first time through
139 clnt = m_priv->m_rpc->connect();
140 if (shibrpc_session_is_valid_1 (&arg, &ret, clnt) != RPC_SUCCESS) {
141 // FAILED. Release, disconnect, and try again...
142 m_priv->log->debug ("RPC Failure: %p (%p): %s", m_priv, clnt,
143 clnt_spcreateerror (""));
144 m_priv->m_rpc->release();
145 m_priv->m_rpc->disconnect();
149 m_priv->log->error ("RPC Failure: %p (%p)", m_priv, clnt);
150 return new RPCError(-1, "RPC Failure");
153 // SUCCESS. Release the lock.
154 m_priv->m_rpc->release();
157 } while (retry >= 0);
159 m_priv->log->debug ("RPC completed with status %d, %p", ret.status.status, m_priv);
162 if (ret.status.status)
163 retval = new RPCError(&ret.status);
165 retval = new RPCError();
167 clnt_freeres (clnt, (xdrproc_t)xdr_shibrpc_session_is_valid_ret_1, (caddr_t)&ret);
169 m_priv->log->debug ("returning");
173 RPCError* SHIRE::sessionCreate(const char* post, const char* ip, string& cookie)
175 saml::NDC ndc("sessionCreate");
177 if (!post || *post == '\0') {
178 m_priv->log->error ("No POST");
179 return new RPCError(-1, "Invalid POST string");
183 m_priv->log->error ("No IP");
184 return new RPCError(-1, "Invalid IP Address");
187 m_priv->log->info ("create session for user at %s", ip);
189 shibrpc_new_session_args_1 arg;
190 arg.shire_location = (char*) (m_priv->m_url.c_str());
191 arg.saml_post = (char*)post;
192 arg.client_addr = (char*)ip;
193 arg.checkIPAddress = m_priv->m_config.checkIPAddress;
195 shibrpc_new_session_ret_1 ret;
196 memset (&ret, 0, sizeof(ret));
198 // Loop on the RPC in case we lost contact the first time through
202 clnt = m_priv->m_rpc->connect();
203 if (shibrpc_new_session_1 (&arg, &ret, clnt) != RPC_SUCCESS) {
204 // FAILED. Release, disconnect, and retry
205 m_priv->log->debug ("RPC Failure: %p (%p): %s", m_priv, clnt,
206 clnt_spcreateerror (""));
207 m_priv->m_rpc->release();
208 m_priv->m_rpc->disconnect();
212 m_priv->log->error ("RPC Failure: %p (%p)", m_priv, clnt);
213 return new RPCError(-1, "RPC Failure");
216 // SUCCESS. Release and continue
217 m_priv->m_rpc->release();
220 } while (retry >= 0);
222 m_priv->log->debug ("RPC completed with status %d (%p)", ret.status.status, m_priv);
225 if (ret.status.status)
226 retval = new RPCError(&ret.status);
228 m_priv->log->debug ("new cookie: %s", ret.cookie);
230 retval = new RPCError();
233 clnt_freeres (clnt, (xdrproc_t)xdr_shibrpc_new_session_ret_1, (caddr_t)&ret);
235 m_priv->log->debug ("returning");