#endif
#include "shib-target.h"
+#include "hresult.h"
-#ifdef __cplusplus
+#include <log4cpp/Category.hh>
+#include <log4cpp/FixedContextCategory.hh>
-#include "ccache-utils.h"
+#define SHIBT_L(s) shibtarget::XML::Literals::s
+#define SHIBT_L_QNAME(p,s) shibtarget::XML::Literals::p##_##s
+#define SHIBTRAN_LOGCAT "Shibboleth-TRANSACTION"
-#include <log4cpp/Category.hh>
+// Controls default logging level of console tools and other situations
+// where full shibboleth.xml-based logging isn't used.
+#define SHIB_LOGGING "WARN"
namespace shibtarget {
class RPCHandle
{
public:
- RPCHandle(const char* shar, u_long program, u_long version);
+ RPCHandle();
~RPCHandle();
CLIENT* connect(void); // connects and returns the CLIENT handle
private:
log4cpp::Category* log;
- const char* m_shar;
- u_long m_program;
- u_long m_version;
- CLIENT* m_clnt;
- ShibSocket m_sock;
+ CLIENT* m_clnt;
+ IListener::ShibSocket m_sock;
};
// Manages the pool of connections
RPC();
~RPC() {delete m_handle;}
RPCHandle* operator->() {return m_handle;}
- void pool() {m_pool.put(m_handle); m_handle=NULL;}
+ void pool() {if (m_handle) m_pool.put(m_handle); m_handle=NULL;}
private:
RPCHandlePool& m_pool;
RPCHandle* m_handle;
};
+
+ // Helper class for SAML 2.0 Common Domain Cookie operations
+ class CommonDomainCookie
+ {
+ public:
+ CommonDomainCookie(const char* cookie);
+ ~CommonDomainCookie();
+ saml::Iterator<const char*> get() {return m_list;}
+ const char* set(const char* providerId);
+ static const char CDCName[];
+ private:
+ XMLByte* m_decoded;
+ std::string m_encoded;
+ std::vector<const char*> m_list;
+ std::vector<std::string> m_additions;
+ };
- // An implementation of the URL->application mapping API using an XML file
- class XMLApplicationMapper : public IApplicationMapper, public shibboleth::ReloadableXMLFile
+ // Generic class, which handles the IPropertySet configuration interface.
+ // Most of the basic configuration details are exposed via this interface.
+ // This implementation extracts the XML tree structure and caches it in a map
+ // with the attributes stored in the various possible formats they might be fetched.
+ // Elements are treated as nested IPropertySets.
+ // The "trick" to this is to pass in an "exclude list" using a DOMNodeFilter. Nested
+ // property sets are extracted by running a TreeWalker againt the filter for the
+ // immediate children. The filter should skip any excluded elements that will be
+ // processed separately.
+ class XMLPropertySet : public virtual IPropertySet
{
public:
- XMLApplicationMapper(const DOMElement* e) : shibboleth::ReloadableXMLFile(e) {}
- ~XMLApplicationMapper() {}
-
- const char* getApplicationFromURL(const char* url) const;
- const XMLCh* getXMLChApplicationFromURL(const char* url) const;
- const char* getApplicationFromParsedURL(
- const char* scheme, const char* hostname, unsigned int port, const char* path=NULL
- ) const;
- const XMLCh* getXMLChApplicationFromParsedURL(
- const char* scheme, const char* hostname, unsigned int port, const char* path=NULL
- ) const;
-
- protected:
- virtual shibboleth::ReloadableXMLFileImpl* newImplementation(const char* pathname) const;
- virtual shibboleth::ReloadableXMLFileImpl* newImplementation(const DOMElement* e) const;
+ XMLPropertySet() {}
+ ~XMLPropertySet();
+
+ std::pair<bool,bool> getBool(const char* name, const char* ns=NULL) const;
+ std::pair<bool,const char*> getString(const char* name, const char* ns=NULL) const;
+ std::pair<bool,const XMLCh*> getXMLString(const char* name, const char* ns=NULL) const;
+ std::pair<bool,unsigned int> getUnsignedInt(const char* name, const char* ns=NULL) const;
+ std::pair<bool,int> getInt(const char* name, const char* ns=NULL) const;
+ const IPropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const;
+ const DOMElement* getElement() const {return m_root;}
+
+ void load(
+ const DOMElement* e, // root element of property set
+ log4cpp::Category& log, // log object for tracing
+ DOMNodeFilter* filter, // control what subelements to include
+ const std::map<std::string,std::string>* remapper=NULL // on the fly property renaming for legacy support
+ );
+
+ private:
+ const DOMElement* m_root;
+ std::map<std::string,std::pair<char*,const XMLCh*> > m_map;
+ std::map<std::string,IPropertySet*> m_nested;
};
+ // ST-aware class that maps SAML artifacts to appropriate binding information
+ class STArtifactMapper : public virtual saml::SAMLBrowserProfile::ArtifactMapper
+ {
+ public:
+ STArtifactMapper(const IApplication* application)
+ : m_app(application), m_localcopy(application->getMetadataProviders()), m_metadata(m_localcopy), m_ctx(NULL) {}
+ virtual ~STArtifactMapper() {delete m_ctx;}
+
+ saml::SAMLBrowserProfile::ArtifactMapper::ArtifactMapperResponse map(const saml::SAMLArtifact* artifact);
+
+ private:
+ const IApplication* m_app;
+ saml::Iterator<shibboleth::IMetadata*> m_localcopy;
+ shibboleth::Metadata m_metadata; // scopes lock around use of role descriptor by hook context
+ shibboleth::ShibHTTPHook::ShibHTTPHookCallContext* m_ctx;
+ };
+
class STConfig : public ShibTargetConfig
{
public:
- STConfig(const char* app_name, const char* inifile);
- ~STConfig();
- void ref();
- void init();
+ STConfig() : m_tranLog(NULL), m_tranLogLock(NULL), m_rpcpool(NULL) {}
+ ~STConfig() {}
+
+ bool init(const char* schemadir, const char* config);
void shutdown();
- ShibINI& getINI() const { return *ini; }
- IApplicationMapper* getApplicationMapper() const { return m_applicationMapper; }
- saml::Iterator<shibboleth::IMetadata*> getMetadataProviders() const { return metadatas; }
- saml::Iterator<shibboleth::IRevocation*> getRevocationProviders() const { return revocations; }
- saml::Iterator<shibboleth::ITrust*> getTrustProviders() const { return trusts; }
- saml::Iterator<shibboleth::ICredentials*> getCredentialProviders() const { return creds; }
- saml::Iterator<shibboleth::IAAP*> getAAPProviders() const { return aaps; }
- saml::Iterator<const XMLCh*> getPolicies() const { return saml::Iterator<const XMLCh*>(policies); }
- RPCHandlePool& getRPCHandlePool() { return m_rpcpool; }
-
- private:
- saml::SAMLConfig& samlConf;
- shibboleth::ShibConfig& shibConf;
- ShibINI* ini;
- std::string m_app_name;
- int refcount;
- std::vector<const XMLCh*> policies;
- std::string m_SocketName;
-#ifdef WANT_TCP_SHAR
- std::vector<std::string> m_SocketACL;
-#endif
- IApplicationMapper* m_applicationMapper;
- std::vector<shibboleth::IMetadata*> metadatas;
- std::vector<shibboleth::IRevocation*> revocations;
- std::vector<shibboleth::ITrust*> trusts;
- std::vector<shibboleth::ICredentials*> creds;
- std::vector<shibboleth::IAAP*> aaps;
- RPCHandlePool m_rpcpool;
-
- friend const char* ::shib_target_sockname();
- friend const char* ::shib_target_sockacl(unsigned int);
+ RPCHandlePool& getRPCHandlePool() {return *m_rpcpool;}
+ log4cpp::Category& getTransactionLog() { m_tranLogLock->lock(); return *m_tranLog; }
+ void releaseTransactionLog() { m_tranLogLock->unlock();}
+ private:
+ RPCHandlePool* m_rpcpool;
+ log4cpp::FixedContextCategory* m_tranLog;
+ shibboleth::Mutex* m_tranLogLock;
+ static IConfig* ShibTargetConfigFactory(const DOMElement* e);
};
class XML
{
public:
- // URI constants
- static const XMLCh APPMAP_NS[];
- static const XMLCh APPMAP_SCHEMA_ID[];
-
+ static const XMLCh SHIBTARGET_SCHEMA_ID[];
+ static const XMLCh SAML2ASSERT_NS[];
+ static const XMLCh SAML2ASSERT_SCHEMA_ID[];
+ static const XMLCh SAML2META_NS[];
+ static const XMLCh SAML2META_SCHEMA_ID[];
+ static const XMLCh XMLENC_NS[];
+ static const XMLCh XMLENC_SCHEMA_ID[];
+
+ static const char htaccessType[];
+ static const char MemorySessionCacheType[];
+ static const char MySQLSessionCacheType[];
+ static const char MemoryReplayCacheType[];
+ static const char MySQLReplayCacheType[];
+ static const char LegacyRequestMapType[];
+ static const char RequestMapType[];
+ static const char TCPListenerType[];
+ static const char UnixListenerType[];
+
struct Literals
{
- static const XMLCh ApplicationID[];
- static const XMLCh ApplicationMap[];
+ static const XMLCh AAPProvider[];
+ static const XMLCh AccessControlProvider[];
+ static const XMLCh AND[];
+ static const XMLCh applicationId[];
+ static const XMLCh Application[];
+ static const XMLCh Applications[];
+ static const XMLCh AssertionConsumerService[];
+ static const XMLCh CredentialsProvider[];
+ static const XMLCh CredentialUse[];
+ static const XMLCh Extensions[];
+ static const XMLCh fatal[];
+ static const XMLCh FederationProvider[];
+ static const XMLCh Global[];
static const XMLCh Host[];
+ static const XMLCh htaccess[];
+ static const XMLCh Implementation[];
+ static const XMLCh index[];
+ static const XMLCh isDefault[];
+ static const XMLCh Library[];
+ static const XMLCh Listener[];
+ static const XMLCh Local[];
+ static const XMLCh logger[];
+ static const XMLCh MemorySessionCache[];
+ static const XMLCh MySQLReplayCache[];
+ static const XMLCh MySQLSessionCache[];
+ static const XMLCh name[];
static const XMLCh Name[];
+ static const XMLCh NOT[];
+ static const XMLCh OR[];
static const XMLCh Path[];
- static const XMLCh Port[];
- static const XMLCh Scheme[];
+ static const XMLCh path[];
+ static const XMLCh RelyingParty[];
+ static const XMLCh ReplayCache[];
+ static const XMLCh RequestMap[];
+ static const XMLCh RequestMapProvider[];
+ static const XMLCh require[];
+ static const XMLCh RevocationProvider[];
+ static const XMLCh Rule[];
+ static const XMLCh SessionCache[];
+ static const XMLCh SessionInitiator[];
+ static const XMLCh SHAR[];
+ static const XMLCh ShibbolethTargetConfig[];
+ static const XMLCh SHIRE[];
+ static const XMLCh Signing[];
+ static const XMLCh SingleLogoutService[];
+ static const XMLCh SPConfig[];
+ static const XMLCh TCPListener[];
+ static const XMLCh TLS[];
+ static const XMLCh TrustProvider[];
+ static const XMLCh type[];
+ static const XMLCh UnixListener[];
};
};
}
#endif
-
-#endif