From: cantor Date: Sun, 14 Jan 2007 03:25:01 +0000 (+0000) Subject: Removed ShibTarget members. X-Git-Tag: 2.4~1047 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=0153a3657d6f83333078b0a60b3ee5644af456a6;p=shibboleth%2Fsp.git Removed ShibTarget members. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2126 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index 381cdd9..96bcf78 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -281,10 +281,7 @@ public: m_sc->szScheme ? m_sc->szScheme : ap_http_method(req), ap_get_server_name(req), (int)ap_get_server_port(req), - req->unparsed_uri, - ap_table_get(req->headers_in, "Content-type"), - req->connection->remote_ip, - req->method + req->unparsed_uri ); } virtual ~ShibTargetApache() {} diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp index 1b71250..153ef80 100644 --- a/isapi_shib/isapi_shib.cpp +++ b/isapi_shib/isapi_shib.cpp @@ -334,6 +334,9 @@ class ShibTargetIsapiF : public ShibTarget PHTTP_FILTER_PREPROC_HEADERS m_pn; map m_headers; vector m_certs; + int m_port; + string m_scheme,m_hostname,m_uri; + mutable string m_remote_addr,m_content_type,m_method; public: ShibTargetIsapiF(PHTTP_FILTER_CONTEXT pfc, PHTTP_FILTER_PREPROC_HEADERS pn, const site_t& site) { @@ -342,40 +345,35 @@ public: m_pn = pn; // URL path always come from IIS. - dynabuf url(256); - GetHeader(pn,pfc,"url",url,256,false); + dynabuf var(256); + GetHeader(pn,pfc,"url",var,256,false); + m_uri = var; // Port may come from IIS or from site def. - dynabuf port(11); - if (!g_bNormalizeRequest || (pfc->fIsSecurePort && site.m_sslport.empty()) || (!pfc->fIsSecurePort && site.m_port.empty())) - GetServerVariable(pfc,"SERVER_PORT",port,10); + if (!g_bNormalizeRequest || (pfc->fIsSecurePort && site.m_sslport.empty()) || (!pfc->fIsSecurePort && site.m_port.empty())) { + GetServerVariable(pfc,"SERVER_PORT",var,10); + m_port = atoi(var); + } else if (pfc->fIsSecurePort) { - strncpy(port,site.m_sslport.c_str(),10); - static_cast(port)[10]=0; + m_port = atoi(site.m_sslport.c_str()); } else { - strncpy(port,site.m_port.c_str(),10); - static_cast(port)[10]=0; + m_port = atoi(site.m_port.c_str()); } // Scheme may come from site def or be derived from IIS. - const char* scheme=site.m_scheme.c_str(); - if (!scheme || !*scheme || !g_bNormalizeRequest) - scheme=pfc->fIsSecurePort ? "https" : "http"; + m_scheme=site.m_scheme; + if (m_scheme.empty() || !g_bNormalizeRequest) + m_scheme=pfc->fIsSecurePort ? "https" : "http"; - // Get the rest of the server variables. - dynabuf remote_addr(16),method(5),content_type(32),hostname(32); - GetServerVariable(pfc,"SERVER_NAME",hostname,32); - GetServerVariable(pfc,"REMOTE_ADDR",remote_addr,16); - GetServerVariable(pfc,"REQUEST_METHOD",method,5,false); - GetServerVariable(pfc,"CONTENT_TYPE",content_type,32,false); + GetServerVariable(pfc,"SERVER_NAME",var,32); // Make sure SERVER_NAME is "authorized" for use on this site. If not, set to canonical name. - const char* host=hostname; - if (site.m_name!=host && site.m_aliases.find(host)==site.m_aliases.end()) - host=site.m_name.c_str(); + m_hostname = var; + if (site.m_name!=m_hostname && site.m_aliases.find(m_hostname)==site.m_aliases.end()) + m_hostname=site.m_name; - init(scheme, host, atoi(port), url, content_type, remote_addr, method); + init(m_scheme.c_str(), m_hostname.c_str(), m_port, m_uri.c_str()); } ~ShibTargetIsapiF() { } @@ -392,15 +390,33 @@ public: return m_uri.c_str(); } const char* getMethod() const { + if (m_method.empty()) { + dynabuf var(5); + GetServerVariable(m_pfc,"REQUEST_METHOD",var,5,false); + if (!var.empty()) + m_method = var; + } return m_method.c_str(); } string getContentType() const { + if (m_content_type.empty()) { + dynabuf var(32); + GetServerVariable(m_pfc,"CONTENT_TYPE",var,32,false); + if (!var.empty()) + m_content_type = var; + } return m_content_type; } long getContentLength() const { return 0; } string getRemoteAddr() const { + if (m_remote_addr.empty()) { + dynabuf var(16); + GetServerVariable(m_pfc,"REMOTE_ADDR",var,16,false); + if (!var.empty()) + m_remote_addr = var; + } return m_remote_addr; } void log(SPLogLevel level, const string& msg) { @@ -597,6 +613,9 @@ class ShibTargetIsapiE : public ShibTarget vector m_certs; mutable string m_body; mutable bool m_gotBody; + int m_port; + string m_scheme,m_hostname,m_uri; + mutable string m_remote_addr; public: ShibTargetIsapiE(LPEXTENSION_CONTROL_BLOCK lpECB, const site_t& site) : m_lpECB(lpECB), m_gotBody(false) { @@ -604,6 +623,11 @@ public: GetServerVariable(lpECB,"HTTPS",ssl,5); bool SSL=(ssl=="on" || ssl=="ON"); + // Scheme may come from site def or be derived from IIS. + m_scheme=site.m_scheme; + if (m_scheme.empty() || !g_bNormalizeRequest) + m_scheme = SSL ? "https" : "http"; + // URL path always come from IIS. dynabuf url(256); GetServerVariable(lpECB,"URL",url,255); @@ -620,22 +644,15 @@ public: strncpy(port,site.m_port.c_str(),10); static_cast(port)[10]=0; } + m_port = atoi(port); - // Scheme may come from site def or be derived from IIS. - const char* scheme=site.m_scheme.c_str(); - if (!scheme || !*scheme || !g_bNormalizeRequest) { - scheme = SSL ? "https" : "http"; - } - - // Get the other server variables. - dynabuf remote_addr(16),hostname(32); - GetServerVariable(lpECB, "REMOTE_ADDR", remote_addr, 16); - GetServerVariable(lpECB, "SERVER_NAME", hostname, 32); + dynabuf var(32); + GetServerVariable(lpECB, "SERVER_NAME", var, 32); // Make sure SERVER_NAME is "authorized" for use on this site. If not, set to canonical name. - const char* host=hostname; - if (site.m_name!=host && site.m_aliases.find(host)==site.m_aliases.end()) - host=site.m_name.c_str(); + m_hostname=var; + if (site.m_name!=m_hostname && site.m_aliases.find(m_hostname)==site.m_aliases.end()) + m_hostname=site.m_name; /* * IIS screws us over on PATH_INFO (the hits keep on coming). We need to figure out if @@ -654,25 +671,29 @@ public: * PathInfo: /SAML/POST */ - string fullurl; - // Clearly we're only in bad mode if path info exists at all. if (lpECB->lpszPathInfo && *(lpECB->lpszPathInfo)) { if (strstr(lpECB->lpszPathInfo,url)) // Pretty good chance we're in bad mode, unless the PathInfo repeats the path itself. - fullurl=lpECB->lpszPathInfo; + m_uri = lpECB->lpszPathInfo; else { - fullurl+=url; - fullurl+=lpECB->lpszPathInfo; + m_uri = url; + m_uri += lpECB->lpszPathInfo; } } // For consistency with Apache, let's add the query string. if (lpECB->lpszQueryString && *(lpECB->lpszQueryString)) { - fullurl+='?'; - fullurl+=lpECB->lpszQueryString; + m_uri += '?'; + m_uri += lpECB->lpszQueryString; } - init(scheme, host, atoi(port), fullurl.c_str(), lpECB->lpszContentType, remote_addr, lpECB->lpszMethod); + + init( + m_scheme.c_str(), + m_hostname.c_str(), + m_port, + m_uri.c_str() + ); } ~ShibTargetIsapiE() { } @@ -689,7 +710,7 @@ public: return m_uri.c_str(); } const char* getMethod() const { - return m_lpECB->lpszMethod ? m_lpECB->lpszMethod : ""; + return m_lpECB->lpszMethod; } string getContentType() const { return m_lpECB->lpszContentType ? m_lpECB->lpszContentType : ""; @@ -698,6 +719,12 @@ public: return m_lpECB->cbTotalBytes; } string getRemoteAddr() const { + if (m_remote_addr.empty()) { + dynabuf var(16); + GetServerVariable(m_lpECB, "REMOTE_ADDR", var, 16, false); + if (!var.empty()) + m_remote_addr = var; + } return m_remote_addr; } void log(SPLogLevel level, const string& msg) { diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp index 991149c..71514be 100644 --- a/nsapi_shib/nsapi_shib.cpp +++ b/nsapi_shib/nsapi_shib.cpp @@ -175,6 +175,7 @@ extern "C" NSAPI_PUBLIC int nsapi_shib_init(pblock* pb, Session* sn, Request* rq class ShibTargetNSAPI : public ShibTarget { + string m_uri; mutable string m_body; mutable bool m_gotBody; vector m_certs; @@ -188,16 +189,16 @@ public: // Get everything but hostname... const char* uri=pblock_findval("uri", rq->reqpb); const char* qstr=pblock_findval("query", rq->reqpb); - int port=server_portnum; - const char* scheme=security_active ? "https" : "http"; - const char* host=NULL; string url; - if (uri) - url=uri; + if (uri) { + url = uri; + m_uri = uri; + } if (qstr) url=url + '?' + qstr; + const char* host=NULL; #ifdef vs_is_default_vs // This is 6.0 or later, so we can distinguish requests to name-based vhosts. if (!vs_is_default_vs) @@ -209,13 +210,12 @@ public: // In other cases, we're going to rely on the initialization process... host=g_ServerName.c_str(); - char* content_type = ""; - request_header("content-type", &content_type, sn, rq); - - const char *remote_ip = pblock_findval("ip", sn->client); - const char *method = pblock_findval("method", rq->reqpb); - - init(scheme, host, port, url.c_str(), content_type, remote_ip, method); + init( + security_active ? "https" : "http", + host, + server_portnum, + url.c_str() + ); } ~ShibTargetNSAPI() {} diff --git a/shib-target/shib-target.cpp b/shib-target/shib-target.cpp index 4607862..928f270 100644 --- a/shib-target/shib-target.cpp +++ b/shib-target/shib-target.cpp @@ -136,26 +136,12 @@ void ShibTarget::init( const char* scheme, const char* hostname, int port, - const char* uri, - const char* content_type, - const char* remote_addr, - const char* method + const char* uri ) { -#ifdef _DEBUG - xmltooling::NDC ndc("init"); -#endif - if (m_priv->m_app) throw XMLToolingException("Request initialization occurred twice!"); - if (method) m_method = method; - if (scheme) m_scheme = scheme; - if (hostname) m_hostname = hostname; - if (uri) m_uri = uri; - if (content_type) m_content_type = content_type; - if (remote_addr) m_remote_addr = remote_addr; - m_port = port; m_priv->m_Config = &ShibTargetConfig::getConfig(); m_priv->get_application(this, scheme, hostname, port, uri); AbstractSPRequest::m_app = m_priv->m_app; @@ -265,7 +251,7 @@ pair ShibTarget::doCheckAuthN(bool handler) m_priv->m_cacheEntry=m_priv->m_conf->getSessionCache()->find( session_id, m_priv->m_app, - m_remote_addr.c_str() + getRemoteAddr().c_str() ); // Make a localized exception throw if the session isn't valid. if (!m_priv->m_cacheEntry) @@ -361,7 +347,7 @@ pair ShibTarget::doHandler(void) pair handlerSSL=sessionProps->getBool("handlerSSL"); // Make sure this is SSL, if it should be - if ((!handlerSSL.first || handlerSSL.second) && m_scheme != "https") + if ((!handlerSSL.first || handlerSSL.second) && strcmp(getScheme(),"https")) throw FatalProfileException("Blocked non-SSL access to Shibboleth handler."); // We dispatch based on our path info. We know the request URL begins with or equals the handler URL, @@ -463,7 +449,7 @@ pair ShibTarget::doCheckAuthZ(void) m_priv->m_cacheEntry=m_priv->m_conf->getSessionCache()->find( session_id, m_priv->m_app, - m_remote_addr.c_str() + getRemoteAddr().c_str() ); } } @@ -533,7 +519,7 @@ pair ShibTarget::doExportAssertions(bool requireSession) m_priv->m_cacheEntry=m_priv->m_conf->getSessionCache()->find( session_id, m_priv->m_app, - m_remote_addr.c_str() + getRemoteAddr().c_str() ); } } diff --git a/shib-target/shib-target.h b/shib-target/shib-target.h index 4d10e9f..2346e8f 100644 --- a/shib-target/shib-target.h +++ b/shib-target/shib-target.h @@ -321,7 +321,6 @@ namespace shibtarget { // Basic request access in case any plugins need the info virtual const IConfig* getConfig() const; virtual const IApplication* getApplication() const; - const char* getRequestURL() const {return m_url.c_str();} protected: ShibTarget(); @@ -338,15 +337,9 @@ namespace shibtarget { const char* scheme, const char* hostname, int port, - const char* uri, - const char* content_type, - const char* remote_addr, - const char* method + const char* uri ); - std::string m_url, m_method, m_scheme, m_hostname, m_uri, m_content_type, m_remote_addr; - int m_port; - private: mutable ShibTargetPriv* m_priv; friend class ShibTargetPriv; diff --git a/shibsp/AbstractSPRequest.h b/shibsp/AbstractSPRequest.h index 82849b3..ed31925 100644 --- a/shibsp/AbstractSPRequest.h +++ b/shibsp/AbstractSPRequest.h @@ -45,6 +45,10 @@ namespace shibsp { public: virtual ~AbstractSPRequest(); + + const char* getRequestURL() const { + return m_url.c_str(); + } const Application& getSPApplication() const { return *m_app; @@ -65,6 +69,9 @@ namespace shibsp { protected: /** Holds effective Application. */ const Application* m_app; + + /** Complete "canonical" request URL. */ + std::string m_url; private: void* m_log; // declared void* to avoid log4cpp header conflicts in Apache