Eliminate DefaultRelyingParty element.

[shibboleth/sp.git] / nsapi_shib / nsapi_shib.cpp

diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp
index f20ed7d..962499f 100644 (file)
--- a/nsapi_shib/nsapi_shib.cpp
+++ b/nsapi_shib/nsapi_shib.cpp
@@ -186,28 +186,38 @@ extern "C" NSAPI_PUBLIC int nsapi_shib_init(pblock* pb, ::Session* sn, Request*
 
 class ShibTargetNSAPI : public AbstractSPRequest
 {
-  string m_uri;
   mutable string m_body;
-  mutable bool m_gotBody;
+  mutable bool m_gotBody,m_firsttime;
   mutable vector<string> m_certs;
   set<string> m_allhttp;
 
 public:
-  ShibTargetNSAPI(pblock* pb, ::Session* sn, Request* rq) : m_gotBody(false) {
-    m_pb = pb;
-    m_sn = sn;
-    m_rq = rq;
+  pblock* m_pb;
+  ::Session* m_sn;
+  Request* m_rq;
+
+  ShibTargetNSAPI(pblock* pb, ::Session* sn, Request* rq)
+      : AbstractSPRequest(SHIBSP_LOGCAT".NSAPI"), m_gotBody(false), m_firsttime(true), m_pb(pb), m_sn(sn), m_rq(rq) {
 
     const char* uri=pblock_findval("uri", rq->reqpb);
     const char* qstr=pblock_findval("query", rq->reqpb);
 
-    if (uri)
-        m_uri = uri;
-    if (qstr)
-        m_uri = m_uri + '?' + qstr;
-  }
-  ~ShibTargetNSAPI() {
+    if (qstr) {
+        string temp = string(uri) + '?' + qstr;
+        setRequestURI(temp.c_str());
+    }
+    else {
+        setRequestURI(uri);
+    }
+
+    // See if this is the first time we've run.
+    qstr = pblock_findval("auth-type", rq->vars);
+    if (qstr && !strcmp(qstr, "shibboleth"))
+        m_firsttime = false;
+    if (!m_firsttime || rq->orig_rq)
+        log(SPDebug, "nsapi_shib function running more than once");
   }
+  ~ShibTargetNSAPI() { }
 
   const char* getScheme() const {
     return security_active ? "https" : "http";
@@ -227,9 +237,6 @@ public:
   int getPort() const {
     return server_portnum;
   }
-  const char* getRequestURI() const {
-    return m_uri.c_str();
-  }
   const char* getMethod() const {
     return pblock_findval("method", m_rq->reqpb);
   }
@@ -280,7 +287,7 @@ public:
     }
   }
   void clearHeader(const char* rawname, const char* cginame) {
-    if (g_checkSpoofing) {
+    if (g_checkSpoofing && m_firsttime && !m_rq->orig_rq) {
         if (m_allhttp.empty()) {
             // Populate the set of client-supplied headers for spoof checking.
             const pb_entry* entry;
@@ -372,10 +379,6 @@ public:
       }
       return m_certs;
   }
-
-  pblock* m_pb;
-  ::Session* m_sn;
-  Request* m_rq;
 };
 
 /********************************************************************************/
@@ -422,8 +425,9 @@ extern "C" NSAPI_PUBLIC int nsapi_shib(pblock* pb, ::Session* sn, Request* rq)
     return WriteClientError(sn, rq, FUNC, "Shibboleth module threw an exception, see web server log for error.");
   }
   catch (...) {
+    log_error(LOG_FAILURE,FUNC,sn,rq,const_cast<char*>("Shibboleth module threw an unknown exception."));
     if (g_catchAll)
-        return WriteClientError(sn, rq, FUNC, "Shibboleth module threw an uncaught exception.");
+        return WriteClientError(sn, rq, FUNC, "Shibboleth module threw an unknown exception.");
     throw;
   }
 }