using namespace shibtarget;
extern "C" module MODULE_VAR_EXPORT mod_shib;
+#if 0
int shib_handler(request_rec* r, const IApplication* application, SHIRE& shire);
+#endif
namespace {
char* g_szSHIBConfig = NULL;
return NULL;
}
+extern "C" const char* shib_ap_set_file_slot(cmd_parms* parms,
+#ifdef SHIB_APACHE_13
+ char* arg1, char* arg2
+#else
+ void* arg1, const char* arg2
+#endif
+ )
+{
+ ap_set_file_slot(parms, arg1, arg2);
+ return DECLINE_CMD;
+}
+
/********************************************************************************/
// Some other useful helper function(s)
HTGroupTableApache(request_rec* r, const char *user, char *grpfile) {
groups = groups_for_user(r, user, grpfile);
if (!groups)
- throw ShibTargetException(SHIBRPC_OK, "EEP");
+ throw ResourceAccessException("Unable to access group file ($1) for user ($2)",params(2,grpfile,user));
}
~HTGroupTableApache() {}
bool lookup(const char *entry) { return (ap_table_get(groups, entry)!=NULL); }
m_dc = (shib_dir_config*)ap_get_module_config(req->per_dir_config, &mod_shib);
- const char* ct = ap_table_get(req->headers_in, "Content-type");
-
- init(g_Config, string(m_sc->szScheme ? m_sc->szScheme : ap_http_method(req)),
- string(ap_get_server_name(req)), (int)ap_get_server_port(req),
- string(req->unparsed_uri), string(ct ? ct : ""),
- string(req->connection->remote_ip), string(req->method));
+ init(
+ g_Config,
+ m_sc->szScheme ? m_sc->szScheme : ap_http_method(req),
+ ap_get_server_name(req),
+ (int)ap_get_server_port(req),
+ req->unparsed_uri,
+ ap_table_get(req->headers_in, "Content-type"),
+ req->connection->remote_ip,
+ req->method
+ );
m_req = req;
}
virtual string getPostData(void) {
// Read the posted data
if (ap_setup_client_block(m_req, REQUEST_CHUNKED_ERROR))
- throw ShibTargetException(SHIBRPC_OK, "CGI setup_client_block failed");
+ throw FatalProfileException("Apache function (setup_client_block) failed while reading profile submission.");
if (!ap_should_client_block(m_req))
- throw ShibTargetException(SHIBRPC_OK, "CGI should_client_block failed");
+ throw FatalProfileException("Apache function (should_client_block) failed while reading profile submission.");
if (m_req->remaining > 1024*1024)
- throw ShibTargetException (SHIBRPC_OK, "CGI length too long...");
-
+ throw FatalProfileException("Blocked too-large a submission to profile endpoint.");
string cgistr;
char buff[HUGE_STRING_LEN];
ap_hard_timeout("[mod_shib] getPostData", m_req);
"REQUIRE all: %d", m_dc->bRequireAll);
HTAccessInfo* ht = new HTAccessInfo();
- ht->requireAll = (m_dc->bRequireAll >= 0);
+ ht->requireAll = (m_dc->bRequireAll == 1);
ht->elements.reserve(reqs_arr->nelts);
for (int x = 0; x < reqs_arr->nelts; x++) {
HTAccessInfo::RequireLine* rline = new HTAccessInfo::RequireLine();
return NULL;
}
- virtual void* sendPage(const string &msg, const string content_type,
- const pair<string, string> headers[], int code) {
+ virtual void* sendPage(
+ const string& msg,
+ const string& content_type,
+ const saml::Iterator<header_t>& headers=EMPTY(header_t),
+ int code=200
+ ) {
m_req->content_type = ap_psprintf(m_req->pool, content_type.c_str());
- // XXX: push headers and code into the response
+ while (headers.hasNext()) {
+ const header_t& h=headers.next();
+ ap_table_setn(m_req->headers_out, h.first.c_str(), h.second.c_str());
+ }
ap_send_http_header(m_req);
ap_rprintf(m_req, msg.c_str());
return (void*)DONE;
}
- virtual void* sendRedirect(const string url) {
+ virtual void* sendRedirect(const string& url) {
ap_table_set(m_req->headers_out, "Location", url.c_str());
return (void*)REDIRECT;
}
ShibTargetApache sta(r);
// Check user authentication, the set the post handler bypass
- pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1));
+ pair<bool,void*> res = sta.doCheckAuthN((sta.m_dc->bRequireSession == 1), true);
apr_pool_userdata_setn((const void*)42,g_UserDataKey,NULL,r->pool);
if (res.first) return (int)res.second;
#endif
ShibTargetApache sta(r);
- pair<bool,void*> res = sta.doHandlePOST();
+ pair<bool,void*> res = sta.doHandleProfile();
if (res.first) return (int)res.second;
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, SH_AP_R(r),
- "doHandlePOST() did not do anything.");
+ "doHandleProfile() did not do anything.");
return SERVER_ERROR;
#ifndef _DEBUG
/*
* shib_auth_checker() -- a simple resource manager to
- * process the .htaccess settings and copy attributes
- * into the HTTP headers.
+ * process the .htaccess settings
*/
extern "C" int shib_auth_checker(request_rec* r)
{
ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),
- "shib_check_user(%d): ENTER", (int)getpid());
+ "shib_auth_checker(%d): ENTER", (int)getpid());
ostringstream threadid;
threadid << "[" << getpid() << "] shib_auth_checker" << '\0';
ShibTargetConfig::Metadata |
ShibTargetConfig::AAP |
ShibTargetConfig::RequestMapper |
- ShibTargetConfig::SHIREExtensions |
+ ShibTargetConfig::LocalExtensions |
ShibTargetConfig::Logging
);
if (!g_Config->init(g_szSchemaDir,g_szSHIBConfig)) {
{"ShibExportAssertion", (config_fn_t)ap_set_flag_slot,
(void *) XtOffsetOf (shib_dir_config, bExportAssertion),
OR_AUTHCFG, FLAG, "Export SAML assertion to Shibboleth-defined header?"},
- {"AuthGroupFile", (config_fn_t)ap_set_file_slot,
+ {"AuthGroupFile", (config_fn_t)shib_ap_set_file_slot,
(void *) XtOffsetOf (shib_dir_config, szAuthGrpFile),
OR_AUTHCFG, TAKE1, "text file containing group names and member user IDs"},
{"ShibRequireAll", (config_fn_t)ap_set_flag_slot,
AP_INIT_FLAG("ShibExportAssertion", (config_fn_t)ap_set_flag_slot,
(void *) offsetof (shib_dir_config, bExportAssertion),
OR_AUTHCFG, "Export SAML assertion to Shibboleth-defined header?"),
- AP_INIT_TAKE1("AuthGroupFile", (config_fn_t)ap_set_file_slot,
+ AP_INIT_TAKE1("AuthGroupFile", (config_fn_t)shib_ap_set_file_slot,
(void *) offsetof (shib_dir_config, szAuthGrpFile),
OR_AUTHCFG, "text file containing group names and member user IDs"),
AP_INIT_FLAG("ShibRequireAll", (config_fn_t)ap_set_flag_slot,