#include <shib.h>
namespace shibtarget {
+ class ResourcePriv;
+ class Resource
+ {
+ public:
+ Resource(const char* resource_url);
+ Resource(std::string resource_url);
+ ~Resource();
+
+ const char* getResource();
+ const char* getURL();
+ bool equals(Resource*);
+
+ private:
+ ResourcePriv *m_priv;
+ };
+
+
class CCache;
class CCacheEntry
{
public:
virtual ~CCacheEntry();
- virtual saml::Iterator<saml::SAMLAttribute*> getAttributes(const char *resource_url) = 0;
- virtual const char* getSerializedAssertion(const char* resource_url) = 0;
+ virtual saml::Iterator<saml::SAMLAssertion*> getAssertions(Resource& resource) = 0;
virtual bool isSessionValid(time_t lifetime, time_t timeout) = 0;
virtual const char* getClientAddress() = 0;
extern CCache* g_shibTargetCCache;
- class ResourcePriv;
- class Resource
- {
- public:
- Resource(const char* resource_url);
- Resource(std::string resource_url);
- ~Resource();
-
- const char* getResource();
- bool equals(Resource*);
-
- private:
- ResourcePriv *m_priv;
- };
-
-
class RPCHandleInternal;
class RPCHandle
{
RM(RPCHandle *rpc, RMConfig config);
~RM();
- RPCError* getAttributes(const char* cookie, const char* ip,
- Resource *resource,
- std::vector<saml::QName*> attr_requests,
- std::vector<saml::SAMLAttribute*> &attr_replies,
- std::string &assertion);
+ RPCError* getAssertions(const char* cookie, const char* ip,
+ const char* url,
+ std::vector<saml::SAMLAssertion*> &assertions);
+ static void serialize(saml::SAMLAssertion &assertion, std::string &result);
+ static saml::Iterator<saml::SAMLAttribute*> getAttributes(saml::SAMLAssertion &assertion);
private:
RMPriv *m_priv;
};
// Now grab the attributes...
dc->config.checkIPAddress = (dc->checkIPAddress == 1 ? true : false);
RM rm(rpc_handle, dc->config);
- Resource resource(targeturl);
- vector<saml::QName*> request;
- vector<SAMLAttribute*> response;
- string assertion;
-
- RPCError* status = rm.getAttributes(session_id, r->connection->remote_ip,
- &resource, request, response, assertion);
+ vector<SAMLAssertion*> assertions;
+ RPCError* status = rm.getAssertions(session_id, r->connection->remote_ip,
+ targeturl, assertions);
if (status->isError()) {
ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,r,
- "shibrm_check_auth() getAttributes failed: %s",
+ "shibrm_check_auth() getAssertions failed: %s",
status->error_msg.c_str());
const string& rmError = ini.get (SHIBTARGET_HTTP, "rmError");
}
delete status;
+ const string& rmError = ini.get (SHIBTARGET_HTTP, "accessError");
+
+ // Only allow a single assertion...
+ if (assertions.size() != 1) {
+ ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,r,
+ "shibrm_check_auth() found %d assertions (should be 1)",
+ assertions.size());
+ }
+
+ if (assertions.size() < 1)
+ return shibrm_error_page (r, rmError.c_str(), markupProcessor);
+
+
// Clear out the list of mapped attributes
for (map<string,string>::const_iterator i=g_mapAttribNameToHeader.begin();
i!=g_mapAttribNameToHeader.end(); i++)
ap_table_unset(r->headers_in, i->second.c_str());
-
// Maybe export the assertion
ap_table_unset(r->headers_in,"Shib-Attributes");
- if (dc->bExportAssertion==1)
+ if (dc->bExportAssertion==1) {
+ string assertion;
+ RM::serialize(*(assertions[0]), assertion);
ap_table_setn(r->headers_in,"Shib-Attributes", assertion.c_str());
+ }
-
- // Export the attributes
- Iterator<SAMLAttribute*> i=Iterator<SAMLAttribute*>(response);
+ // Export the attributes -- XXX: Assumes one statement!
+ Iterator<SAMLAttribute*> i = RM::getAttributes(*(assertions[0]));
while (i.hasNext())
{
SAMLAttribute* attr=i.next();
}
}
+ // clean up memory
+ for (int i = 0; i < assertions.size(); i++)
+ delete assertions[i];
+
// mod_auth clone
int m=r->method_number;
if (!method_restricted)
return OK;
- const string& rmError = ini.get (SHIBTARGET_HTTP, "accessError");
return shibrm_error_page (r, rmError.c_str(), markupProcessor);
}
#include "shib-target.h"
-#include <xercesc/util/Base64.hpp>
#include <log4cpp/Category.hh>
#include <strstream>
ResourceEntry(SAMLResponse* response);
~ResourceEntry();
- bool isAssertionValid();
- Iterator<SAMLAttribute*> getAttributes();
- const char* getSerializedAssertion();
+ bool isValid();
+ Iterator<SAMLAssertion*> getAssertions();
- static vector<SAMLAttribute*> g_emptyVector;
+ static vector<SAMLAssertion*> g_emptyVector;
private:
SAMLResponse* m_response;
- SAMLAssertion* m_assertion;
- char* m_serialized;
log4cpp::Category* log;
};
InternalCCacheEntry(SAMLAuthenticationStatement *s, const char *client_addr);
virtual ~InternalCCacheEntry();
- virtual Iterator<SAMLAttribute*> getAttributes(const char* resource_url);
- virtual const char* getSerializedAssertion(const char* resource_url);
+ virtual Iterator<SAMLAssertion*> getAssertions(Resource& resource);
virtual bool isSessionValid(time_t lifetime, time_t timeout);
virtual const char* getClientAddress() { return m_clientAddress.c_str(); }
virtual void setCache(CCache *cache);
private:
- ResourceEntry* populate(const char* resource_url);
- ResourceEntry* find(const char* resource_url);
- void insert(const char* resource_url, ResourceEntry* entry);
- void remove(const char* resource_url);
+ ResourceEntry* populate(Resource& resource);
+ ResourceEntry* find(const char* resource);
+ void insert(const char* resource, ResourceEntry* entry);
+ void remove(const char* resource);
string m_originSite;
string m_handle;
// static members
saml::QName InternalCCacheEntry::g_authorityKind(saml::XML::SAMLP_NS,L(AttributeQuery));
saml::QName InternalCCacheEntry::g_respondWith(saml::XML::SAML_NS,L(AttributeStatement));
-vector<SAMLAttribute*> ResourceEntry::g_emptyVector;
+vector<SAMLAssertion*> ResourceEntry::g_emptyVector;
/******************************************************************************/
m_cache = cache;
}
-Iterator<SAMLAttribute*> InternalCCacheEntry::getAttributes(const char* resource_url)
+Iterator<SAMLAssertion*> InternalCCacheEntry::getAssertions(Resource& resource)
{
- saml::NDC ndc("getAttributes");
- ResourceEntry* entry = populate(resource_url);
+ saml::NDC ndc("getAssertions");
+ ResourceEntry* entry = populate(resource);
if (entry)
- return entry->getAttributes();
- return Iterator<SAMLAttribute*>(ResourceEntry::g_emptyVector);
+ return entry->getAssertions();
+ return Iterator<SAMLAssertion*>(ResourceEntry::g_emptyVector);
}
-const char* InternalCCacheEntry::getSerializedAssertion(const char* resource_url)
-{
- saml::NDC ndc("getSerializedAssertion");
- ResourceEntry* entry = populate(resource_url);
- if (entry)
- return entry->getSerializedAssertion();
- return NULL;
-}
-
-ResourceEntry* InternalCCacheEntry::populate(const char* resource_url)
+ResourceEntry* InternalCCacheEntry::populate(Resource& resource)
{
saml::NDC ndc("populate");
- log->debug("populating entry for %s", resource_url);
+ log->debug("populating entry for %s (%s)",
+ resource.getResource(), resource.getURL());
// Can we use what we have?
- ResourceEntry *entry = find(resource_url);
+ ResourceEntry *entry = find(resource.getResource());
if (entry) {
log->debug("found resource");
- if (entry->isAssertionValid())
+ if (entry->isValid())
return entry;
// entry is invalid (expired) -- go fetch a new one.
log->debug("removing resource cache; assertion is invalid");
- remove (resource_url);
+ remove (resource.getResource());
delete entry;
}
}
log->info("trying to request attributes for %s@%s -> %s",
- m_handle.c_str(), m_originSite.c_str(), resource_url);
+ m_handle.c_str(), m_originSite.c_str(), resource.getURL());
- auto_ptr<XMLCh> resource(XMLString::transcode(resource_url));
+ auto_ptr<XMLCh> resourceURL(XMLString::transcode(resource.getURL()));
Iterator<saml::QName> respond_withs = ArrayIterator<saml::QName>(&g_respondWith);
// Clone the subject...
SAMLSubject* subject=static_cast<SAMLSubject*>(m_subject->clone());
// Build a SAML Request....
- SAMLAttributeQuery* q=new SAMLAttributeQuery(subject,resource.get());
+ SAMLAttributeQuery* q=new SAMLAttributeQuery(subject,resourceURL.get());
SAMLRequest* req=new SAMLRequest(q,respond_withs);
// Try this request against all the bindings in the AuthenticationStatement
}
entry = new ResourceEntry(response);
- insert (resource_url, entry);
+ insert (resource.getResource(), entry);
log->info("fetched and stored SAML response");
return entry;
return i->second;
}
-void InternalCCacheEntry::insert(const char* resource_url, ResourceEntry* entry)
+void InternalCCacheEntry::insert(const char* resource, ResourceEntry* entry)
{
- log->debug("inserting %s", resource_url);
- m_resources[resource_url]=entry;
+ log->debug("inserting %s", resource);
+ m_resources[resource]=entry;
}
-void InternalCCacheEntry::remove(const char* resource_url)
+void InternalCCacheEntry::remove(const char* resource)
{
- log->debug("removing %s", resource_url);
- m_resources.erase(resource_url);
+ log->debug("removing %s", resource);
+ m_resources.erase(resource);
}
/******************************************************************************/
/******************************************************************************/
ResourceEntry::ResourceEntry(SAMLResponse* response)
- : m_assertion(NULL), m_serialized(NULL)
{
string ctx = "shibtarget::ResourceEntry";
log = &(log4cpp::Category::getInstance(ctx));
log->info("caching resource entry");
m_response = response;
-
- // Store off the assertion for quick access.
- // Memory mgmt is based on the response pointer.
- Iterator<SAMLAssertion*> i=m_response->getAssertions();
- if (i.hasNext())
- m_assertion=i.next();
}
ResourceEntry::~ResourceEntry()
{
delete m_response;
- delete[] m_serialized;
}
-Iterator<SAMLAttribute*> ResourceEntry::getAttributes()
+Iterator<SAMLAssertion*> ResourceEntry::getAssertions()
{
- saml::NDC ndc("getAttributes");
- if (m_assertion)
- {
- Iterator<SAMLStatement*> i=m_assertion->getStatements();
- if (i.hasNext())
- {
- SAMLAttributeStatement* s=static_cast<SAMLAttributeStatement*>(i.next());
- if (s)
- return s->getAttributes();
- }
- }
- return Iterator<SAMLAttribute*>(g_emptyVector);
-}
-
-const char* ResourceEntry::getSerializedAssertion()
-{
- saml::NDC ndc("getSerializedAssertion");
- if (m_serialized)
- return m_serialized;
- if (!m_assertion)
- return NULL;
- ostrstream os;
- os << *m_assertion;
- unsigned int outlen;
- XMLByte* serialized=Base64::encode(reinterpret_cast<XMLByte*>(os.str()),os.pcount(),&outlen);
- return m_serialized=(char*)serialized;
+ saml::NDC ndc("getAssertions");
+ return m_response->getAssertions();
}
-bool ResourceEntry::isAssertionValid()
+bool ResourceEntry::isValid()
{
- saml::NDC ndc("isAssertionValid");
+ saml::NDC ndc("isValid");
log->info("checking validity");
- if (m_assertion && m_assertion->getNotOnOrAfter())
- {
- // This is awful, but the XMLDateTime class is truly horrible.
- time_t now=time(NULL);
+
+ // This is awful, but the XMLDateTime class is truly horrible.
+ time_t now=time(NULL);
#ifdef WIN32
- struct tm* ptime=gmtime(&now);
+ struct tm* ptime=gmtime(&now);
#else
- struct tm res;
- struct tm* ptime=gmtime_r(&now,&res);
+ struct tm res;
+ struct tm* ptime=gmtime_r(&now,&res);
#endif
- char timebuf[32];
- strftime(timebuf,32,"%Y-%m-%dT%H:%M:%SZ",ptime);
- auto_ptr<XMLCh> timeptr(XMLString::transcode(timebuf));
- XMLDateTime curDateTime(timeptr.get());
+ char timebuf[32];
+ strftime(timebuf,32,"%Y-%m-%dT%H:%M:%SZ",ptime);
+ auto_ptr<XMLCh> timeptr(XMLString::transcode(timebuf));
+ XMLDateTime curDateTime(timeptr.get());
+
+ Iterator<SAMLAssertion*> iter = getAssertions();
+
+ while (iter.hasNext()) {
+ SAMLAssertion* assertion = iter.next();
+
+ log->debug ("testing assertion...");
+
+ if (! assertion->getNotOnOrAfter()) {
+ log->debug ("getNotOnOrAfter failed.");
+ return false;
+ }
+
int result=XMLDateTime::compareOrder(&curDateTime,
- m_assertion->getNotOnOrAfter());
- if (result == XMLDateTime::LESS_THAN) {
- log->debug("yes, still valid");
- return true;
+ assertion->getNotOnOrAfter());
+ if (result != XMLDateTime::LESS_THAN) {
+ log->debug("nope, not still valid");
+ return false;
}
- }
+ } // while
- log->debug("not valid");
- return false;
+ log->debug("yep, all still valid");
+ return true;
}
DummyMapper::DummyMapper()
{
- auto_ptr<XMLCh> buf(XMLString::transcode("shibprod0.internet2.edu"));
+ auto_ptr<XMLCh> buf(XMLString::transcode("wayf.internet2.edu"));
m_hsnames.push_back(buf.get());
}
~ResourcePriv();
string m_url;
+ string m_resource;
log4cpp::Category* log;
};
string ctx = "shibtarget.Resource";
log = &(log4cpp::Category::getInstance(ctx));
- log->info("creating resource: \"%s\"", str);
m_url = str;
+
+ // XXX: The Resource is just the hostname!
+ const char* colon=strchr(str,':');
+ const char* slash=strchr(colon+3,'/');
+ m_resource = m_url.substr(0, slash-str);
+
+ log->info("creating resource: \"%s\" -> \"%s\"", str, m_resource.c_str());
}
ResourcePriv::~ResourcePriv() {}
const char* Resource::getResource()
{
+ return m_priv->m_resource.c_str();
+}
+
+const char* Resource::getURL()
+{
return m_priv->m_url.c_str();
}
#include "shib-target.h"
+#include <xercesc/util/Base64.hpp>
#include <log4cpp/Category.hh>
#include <strstream>
delete m_priv;
}
-RPCError* RM::getAttributes(const char* cookie, const char* ip,
- Resource *resource,
- vector<saml::QName*> attr_requests,
- vector<SAMLAttribute*> &attr_replies,
- string &assertion)
+RPCError* RM::getAssertions(const char* cookie, const char* ip,
+ const char* url,
+ vector<SAMLAssertion*> &assertions)
{
- saml::NDC ndc("getAttributes");
- m_priv->log->info ("get attributes...");
+ saml::NDC ndc("getAssertions");
+ m_priv->log->info ("get assertions...");
if (!cookie || *cookie == '\0') {
m_priv->log->error ("no cookie");
return new RPCError(-1, "No IP Address");
}
- if (!resource) {
- m_priv->log->error ("no resource");
- return new RPCError(-1, "Invalid Resource");
+ if (!url || *url == '\0') {
+ m_priv->log->error ("no URL");
+ return new RPCError(-1, "Invalid URL Resource");
}
- m_priv->log->info ("request from %s for \"%s\"", ip, resource->getResource());
+ m_priv->log->info ("request from %s for \"%s\"", ip, url);
m_priv->log->debug ("session cookie: %s", cookie);
- shibrpc_get_attrs_args_1 arg;
+ shibrpc_get_assertions_args_1 arg;
arg.cookie.cookie = (char*)cookie;
arg.cookie.client_addr = (char*)ip;
arg.checkIPAddress = m_priv->m_config.checkIPAddress;
- arg.url = (char *)(resource->getResource());
- arg.attr_reqs.attr_reqs_len = 0;
- arg.attr_reqs.attr_reqs_val = NULL;
+ arg.url = (char *)url;
- shibrpc_get_attrs_ret_1 ret;
+ shibrpc_get_assertions_ret_1 ret;
memset (&ret, 0, sizeof(ret));
// Loop on the RPC in case we lost contact the first time through
CLIENT *clnt;
do {
clnt = m_priv->m_rpc->connect();
- if (shibrpc_get_attrs_1 (&arg, &ret, clnt) != RPC_SUCCESS) {
+ if (shibrpc_get_assertions_1 (&arg, &ret, clnt) != RPC_SUCCESS) {
m_priv->m_rpc->disconnect();
if (retry)
retry--;
if (ret.status)
retval = new RPCError(ret.status, ret.error_msg);
else {
- for (u_int i = 0; i < ret.attr_reps.attr_reps_len; i++) {
- istrstream attrstream(ret.attr_reps.attr_reps_val[i].rep);
- SAMLAttribute *attr = NULL;
+ for (u_int i = 0; i < ret.assertions.assertions_len; i++) {
+ istrstream attrstream(ret.assertions.assertions_val[i].assertion);
+ SAMLAssertion *as = NULL;
try {
- m_priv->log->debug("Trying to decode attribute %d: %s", i,
- ret.attr_reps.attr_reps_val[i].rep);
- attr = new SAMLAttribute(attrstream);
+ m_priv->log->debug("Trying to decode assertion %d: %s", i,
+ ret.assertions.assertions_val[i].assertion);
+ as = new SAMLAssertion(attrstream);
+ } catch (SAMLException& e) {
+ m_priv->log->error ("SAML Exception: %s", e.what());
+ throw;
} catch (XMLException& e) {
m_priv->log->error ("XML Exception: %s", e.getMessage());
throw;
}
- if (attr)
- attr_replies.push_back(attr);
+ if (as)
+ assertions.push_back(as);
}
- if (!retval) {
+
+ if (!retval)
retval = new RPCError();
- assertion = ret.assertion;
- }
}
- clnt_freeres (clnt, (xdrproc_t)xdr_shibrpc_get_attrs_ret_1, (caddr_t)&ret);
+ clnt_freeres (clnt, (xdrproc_t)xdr_shibrpc_get_assertions_ret_1, (caddr_t)&ret);
m_priv->log->debug ("returning..");
return retval;
}
+
+void RM::serialize(SAMLAssertion &assertion, string &result)
+{
+ saml::NDC ndc("RM::serialize");
+
+ ostrstream os;
+ os << assertion;
+ unsigned int outlen;
+ XMLByte* serialized = Base64::encode(reinterpret_cast<XMLByte*>(os.str()),
+ os.pcount(), &outlen);
+ result = (char*) serialized;
+}
+
+Iterator<SAMLAttribute*> RM::getAttributes(SAMLAssertion &assertion)
+{
+ static vector<SAMLAttribute*> emptyVector;
+
+ // XXX: Only deal with a single statement!!!!
+ Iterator<SAMLStatement*> i = assertion.getStatements();
+ if (i.hasNext()) {
+ SAMLAttributeStatement* s = static_cast<SAMLAttributeStatement*>(i.next());
+
+ if (s)
+ return s->getAttributes();
+ }
+
+ return Iterator<SAMLAttribute*>(emptyVector);
+}
}
enum clnt_stat
-shibrpc_get_attrs_1(shibrpc_get_attrs_args_1 *argp, shibrpc_get_attrs_ret_1 *clnt_res, CLIENT *clnt)
+shibrpc_get_assertions_1(shibrpc_get_assertions_args_1 *argp, shibrpc_get_assertions_ret_1 *clnt_res, CLIENT *clnt)
{
- return (clnt_call(clnt, shibrpc_get_attrs,
- (xdrproc_t) xdr_shibrpc_get_attrs_args_1, (caddr_t) argp,
- (xdrproc_t) xdr_shibrpc_get_attrs_ret_1, (caddr_t) clnt_res,
+ return (clnt_call(clnt, shibrpc_get_assertions,
+ (xdrproc_t) xdr_shibrpc_get_assertions_args_1, (caddr_t) argp,
+ (xdrproc_t) xdr_shibrpc_get_assertions_ret_1, (caddr_t) clnt_res,
TIMEOUT));
}
}
bool_t
-shibrpc_get_attrs_1_svc(shibrpc_get_attrs_args_1 *argp, shibrpc_get_attrs_ret_1 *result, struct svc_req *rqstp)
+shibrpc_get_assertions_1_svc(shibrpc_get_assertions_args_1 *argp, shibrpc_get_assertions_ret_1 *result, struct svc_req *rqstp)
{
bool_t retval;
}
extern "C" bool_t
-shibrpc_get_attrs_1_svc(shibrpc_get_attrs_args_1 *argp,
- shibrpc_get_attrs_ret_1 *result, struct svc_req *rqstp)
+shibrpc_get_assertions_1_svc(shibrpc_get_assertions_args_1 *argp,
+ shibrpc_get_assertions_ret_1 *result, struct svc_req *rqstp)
{
log4cpp::Category& log = get_category();
- string ctx = get_threadid("get_attrs");
+ string ctx = get_threadid("get_assertions");
saml::NDC ndc(ctx);
if (!argp || !result) {
}
memset (result, 0, sizeof (*result));
- result->assertion = strdup("");
log.debug ("get attrs for client at %s", argp->cookie.client_addr);
log.debug ("cookie: %s", argp->cookie.cookie);
return TRUE;
}
- // grab the attributes for this entry/url
- Iterator<SAMLAttribute*> iter=entry->getAttributes(argp->url);
- u_int size = iter.size();
- result->attr_reps.attr_reps_len = size;
-
- // if we have attributes...
- if (size) {
-
- // Build the response section
- ShibRpcAttrRep_1* av = (ShibRpcAttrRep_1*) malloc (size *
- sizeof (ShibRpcAttrRep_1));
- result->attr_reps.attr_reps_val = av;
-
- // and then serialize them all...
- u_int i = 0;
- while (iter.hasNext()) {
- SAMLAttribute* attr = iter.next();
- ostringstream os;
- os << *attr;
- av[i++].rep = strdup(os.str().c_str());
+ try {
+ // grab the attributes for this resource
+ Resource resource(argp->url);
+ Iterator<SAMLAssertion*> iter = entry->getAssertions(resource);
+ u_int size = iter.size();
+ result->assertions.assertions_len = size;
+
+ // if we have assertions...
+ if (size) {
+
+ // Build the response section
+ ShibRpcAssertion_1* av =
+ (ShibRpcAssertion_1*) malloc (size * sizeof (ShibRpcAssertion_1));
+ result->assertions.assertions_val = av;
+
+ // and then serialize them all...
+ u_int i = 0;
+ while (iter.hasNext()) {
+ SAMLAssertion* as = iter.next();
+ ostringstream os;
+ os << *as;
+ av[i++].assertion = strdup(os.str().c_str());
+ }
}
+ } catch (SAMLException& e) {
+ log.error ("received SAML exception");
+ ostringstream os;
+ os << e;
+ result->status = SHIBRPC_SAML_EXCEPTION;
+ result->error_msg = strdup(os.str().c_str());
+ return TRUE;
}
- // grab the serialized assertion
- char* assn = strdup(entry->getSerializedAssertion(argp->url));
- free (result->assertion);
- result->assertion = assn; // freed by RPC
-
// and let it fly
result->status = SHIBRPC_OK;
result->error_msg = strdup("");
int shibrpc_ping_1_arg;
shibrpc_session_is_valid_args_1 shibrpc_session_is_valid_1_arg;
shibrpc_new_session_args_1 shibrpc_new_session_1_arg;
- shibrpc_get_attrs_args_1 shibrpc_get_attrs_1_arg;
+ shibrpc_get_assertions_args_1 shibrpc_get_assertions_1_arg;
} argument;
union {
int shibrpc_ping_1_res;
shibrpc_session_is_valid_ret_1 shibrpc_session_is_valid_1_res;
shibrpc_new_session_ret_1 shibrpc_new_session_1_res;
- shibrpc_get_attrs_ret_1 shibrpc_get_attrs_1_res;
+ shibrpc_get_assertions_ret_1 shibrpc_get_assertions_1_res;
} result;
bool_t retval;
xdrproc_t _xdr_argument, _xdr_result;
local = (bool_t (*) (char *, void *, struct svc_req *))shibrpc_new_session_1_svc;
break;
- case shibrpc_get_attrs:
- _xdr_argument = (xdrproc_t) xdr_shibrpc_get_attrs_args_1;
- _xdr_result = (xdrproc_t) xdr_shibrpc_get_attrs_ret_1;
- local = (bool_t (*) (char *, void *, struct svc_req *))shibrpc_get_attrs_1_svc;
+ case shibrpc_get_assertions:
+ _xdr_argument = (xdrproc_t) xdr_shibrpc_get_assertions_args_1;
+ _xdr_result = (xdrproc_t) xdr_shibrpc_get_assertions_ret_1;
+ local = (bool_t (*) (char *, void *, struct svc_req *))shibrpc_get_assertions_1_svc;
break;
default:
}
bool_t
-xdr_ShibRpcAttrReq_1 (XDR *xdrs, ShibRpcAttrReq_1 *objp)
+xdr_ShibRpcAssertion_1 (XDR *xdrs, ShibRpcAssertion_1 *objp)
{
register int32_t *buf;
- if (!xdr_string (xdrs, &objp->req, ~0))
- return FALSE;
- return TRUE;
-}
-
-bool_t
-xdr_ShibRpcAttrRep_1 (XDR *xdrs, ShibRpcAttrRep_1 *objp)
-{
- register int32_t *buf;
-
- if (!xdr_string (xdrs, &objp->rep, ~0))
+ if (!xdr_string (xdrs, &objp->assertion, ~0))
return FALSE;
return TRUE;
}
}
bool_t
-xdr_shibrpc_get_attrs_args_1 (XDR *xdrs, shibrpc_get_attrs_args_1 *objp)
+xdr_shibrpc_get_assertions_args_1 (XDR *xdrs, shibrpc_get_assertions_args_1 *objp)
{
register int32_t *buf;
return FALSE;
if (!xdr_string (xdrs, &objp->url, ~0))
return FALSE;
- if (!xdr_array (xdrs, (char **)&objp->attr_reqs.attr_reqs_val, (u_int *) &objp->attr_reqs.attr_reqs_len, ~0,
- sizeof (ShibRpcAttrReq_1), (xdrproc_t) xdr_ShibRpcAttrReq_1))
- return FALSE;
return TRUE;
}
bool_t
-xdr_shibrpc_get_attrs_ret_1 (XDR *xdrs, shibrpc_get_attrs_ret_1 *objp)
+xdr_shibrpc_get_assertions_ret_1 (XDR *xdrs, shibrpc_get_assertions_ret_1 *objp)
{
register int32_t *buf;
return FALSE;
if (!xdr_string (xdrs, &objp->error_msg, ~0))
return FALSE;
- if (!xdr_array (xdrs, (char **)&objp->attr_reps.attr_reps_val, (u_int *) &objp->attr_reps.attr_reps_len, ~0,
- sizeof (ShibRpcAttrRep_1), (xdrproc_t) xdr_ShibRpcAttrRep_1))
- return FALSE;
- if (!xdr_string (xdrs, &objp->assertion, ~0))
+ if (!xdr_array (xdrs, (char **)&objp->assertions.assertions_val, (u_int *) &objp->assertions.assertions_len, ~0,
+ sizeof (ShibRpcAssertion_1), (xdrproc_t) xdr_ShibRpcAssertion_1))
return FALSE;
return TRUE;
}
};
typedef struct ShibRpcHttpCookie_1 ShibRpcHttpCookie_1;
-struct ShibRpcAttrReq_1 {
- char *req;
-};
-typedef struct ShibRpcAttrReq_1 ShibRpcAttrReq_1;
-
-struct ShibRpcAttrRep_1 {
- char *rep;
+struct ShibRpcAssertion_1 {
+ char *assertion;
};
-typedef struct ShibRpcAttrRep_1 ShibRpcAttrRep_1;
+typedef struct ShibRpcAssertion_1 ShibRpcAssertion_1;
struct shibrpc_session_is_valid_args_1 {
ShibRpcHttpCookie_1 cookie;
};
typedef struct shibrpc_new_session_ret_1 shibrpc_new_session_ret_1;
-struct shibrpc_get_attrs_args_1 {
+struct shibrpc_get_assertions_args_1 {
ShibRpcHttpCookie_1 cookie;
bool_t checkIPAddress;
char *url;
- struct {
- u_int attr_reqs_len;
- ShibRpcAttrReq_1 *attr_reqs_val;
- } attr_reqs;
};
-typedef struct shibrpc_get_attrs_args_1 shibrpc_get_attrs_args_1;
+typedef struct shibrpc_get_assertions_args_1 shibrpc_get_assertions_args_1;
-struct shibrpc_get_attrs_ret_1 {
+struct shibrpc_get_assertions_ret_1 {
ShibRpcStatus status;
char *error_msg;
struct {
- u_int attr_reps_len;
- ShibRpcAttrRep_1 *attr_reps_val;
- } attr_reps;
- char *assertion;
+ u_int assertions_len;
+ ShibRpcAssertion_1 *assertions_val;
+ } assertions;
};
-typedef struct shibrpc_get_attrs_ret_1 shibrpc_get_attrs_ret_1;
+typedef struct shibrpc_get_assertions_ret_1 shibrpc_get_assertions_ret_1;
#define SHIBRPC_PROG 123456
#define SHIBRPC_VERS_1 1
#define shibrpc_new_session 2
extern enum clnt_stat shibrpc_new_session_1(shibrpc_new_session_args_1 *, shibrpc_new_session_ret_1 *, CLIENT *);
extern bool_t shibrpc_new_session_1_svc(shibrpc_new_session_args_1 *, shibrpc_new_session_ret_1 *, struct svc_req *);
-#define shibrpc_get_attrs 3
-extern enum clnt_stat shibrpc_get_attrs_1(shibrpc_get_attrs_args_1 *, shibrpc_get_attrs_ret_1 *, CLIENT *);
-extern bool_t shibrpc_get_attrs_1_svc(shibrpc_get_attrs_args_1 *, shibrpc_get_attrs_ret_1 *, struct svc_req *);
+#define shibrpc_get_assertions 3
+extern enum clnt_stat shibrpc_get_assertions_1(shibrpc_get_assertions_args_1 *, shibrpc_get_assertions_ret_1 *, CLIENT *);
+extern bool_t shibrpc_get_assertions_1_svc(shibrpc_get_assertions_args_1 *, shibrpc_get_assertions_ret_1 *, struct svc_req *);
extern int shibrpc_prog_1_freeresult (SVCXPRT *, xdrproc_t, caddr_t);
#else /* K&R C */
#define shibrpc_new_session 2
extern enum clnt_stat shibrpc_new_session_1();
extern bool_t shibrpc_new_session_1_svc();
-#define shibrpc_get_attrs 3
-extern enum clnt_stat shibrpc_get_attrs_1();
-extern bool_t shibrpc_get_attrs_1_svc();
+#define shibrpc_get_assertions 3
+extern enum clnt_stat shibrpc_get_assertions_1();
+extern bool_t shibrpc_get_assertions_1_svc();
extern int shibrpc_prog_1_freeresult ();
#endif /* K&R C */
#if defined(__STDC__) || defined(__cplusplus)
extern bool_t xdr_ShibRpcStatus (XDR *, ShibRpcStatus*);
extern bool_t xdr_ShibRpcHttpCookie_1 (XDR *, ShibRpcHttpCookie_1*);
-extern bool_t xdr_ShibRpcAttrReq_1 (XDR *, ShibRpcAttrReq_1*);
-extern bool_t xdr_ShibRpcAttrRep_1 (XDR *, ShibRpcAttrRep_1*);
+extern bool_t xdr_ShibRpcAssertion_1 (XDR *, ShibRpcAssertion_1*);
extern bool_t xdr_shibrpc_session_is_valid_args_1 (XDR *, shibrpc_session_is_valid_args_1*);
extern bool_t xdr_shibrpc_session_is_valid_ret_1 (XDR *, shibrpc_session_is_valid_ret_1*);
extern bool_t xdr_shibrpc_new_session_args_1 (XDR *, shibrpc_new_session_args_1*);
extern bool_t xdr_shibrpc_new_session_ret_1 (XDR *, shibrpc_new_session_ret_1*);
-extern bool_t xdr_shibrpc_get_attrs_args_1 (XDR *, shibrpc_get_attrs_args_1*);
-extern bool_t xdr_shibrpc_get_attrs_ret_1 (XDR *, shibrpc_get_attrs_ret_1*);
+extern bool_t xdr_shibrpc_get_assertions_args_1 (XDR *, shibrpc_get_assertions_args_1*);
+extern bool_t xdr_shibrpc_get_assertions_ret_1 (XDR *, shibrpc_get_assertions_ret_1*);
#else /* K&R C */
extern bool_t xdr_ShibRpcStatus ();
extern bool_t xdr_ShibRpcHttpCookie_1 ();
-extern bool_t xdr_ShibRpcAttrReq_1 ();
-extern bool_t xdr_ShibRpcAttrRep_1 ();
+extern bool_t xdr_ShibRpcAssertion_1 ();
extern bool_t xdr_shibrpc_session_is_valid_args_1 ();
extern bool_t xdr_shibrpc_session_is_valid_ret_1 ();
extern bool_t xdr_shibrpc_new_session_args_1 ();
extern bool_t xdr_shibrpc_new_session_ret_1 ();
-extern bool_t xdr_shibrpc_get_attrs_args_1 ();
-extern bool_t xdr_shibrpc_get_attrs_ret_1 ();
+extern bool_t xdr_shibrpc_get_assertions_args_1 ();
+extern bool_t xdr_shibrpc_get_assertions_ret_1 ();
#endif /* K&R C */
string client_addr<>;
};
-/* Types for Attribute "Requests" and "Replies" -- sent as Base64-encoded strings */
-struct ShibRpcAttrReq_1 {
- string req<>;
+struct ShibRpcAssertion_1 {
+ string assertion<>;
};
-struct ShibRpcAttrRep_1 {
- string rep<>;
-};
-
-
/* function argument and response structures */
struct shibrpc_session_is_valid_args_1 {
};
-struct shibrpc_get_attrs_args_1 {
+struct shibrpc_get_assertions_args_1 {
ShibRpcHttpCookie_1 cookie;
bool checkIPAddress;
string url<>;
- ShibRpcAttrReq_1 attr_reqs<>;
};
-struct shibrpc_get_attrs_ret_1 {
+struct shibrpc_get_assertions_ret_1 {
ShibRpcStatus status;
string error_msg<>;
- ShibRpcAttrRep_1 attr_reps<>;
- string assertion<>;
+ ShibRpcAssertion_1 assertions<>;
};
/* Define the Shib Target RPC interface */
/* RM RPCs */
- /* Get the attributes (and assertion) from the SHAR */
- shibrpc_get_attrs_ret_1 shibrpc_get_attrs (shibrpc_get_attrs_args_1) = 3;
+ /* Get the assertions from the SHAR */
+ shibrpc_get_assertions_ret_1 shibrpc_get_assertions (shibrpc_get_assertions_args_1) = 3;
} = 1;
} = 123456; /* XXX: Pick an RPC Program Number */