From: cantor Date: Fri, 28 May 2004 21:44:05 +0000 (+0000) Subject: Small improvement to detect bad shireURL settings. X-Git-Tag: 2.4~1764 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=8f740e4a68a38a04adcfe31494b9021f6d1bc2e2;hp=6467eebd6b9188dea2c3fd7e7e10a505a6d74609;p=shibboleth%2Fsp.git Small improvement to detect bad shireURL settings. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1117 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index 91e3950..002d845 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -221,8 +221,15 @@ extern "C" int shib_check_user(request_rec* r) // Declare SHIRE object for this request. SHIRE shire(application); + const char* shireURL=shire.getShireURL(targeturl); + if (!shireURL) { + ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r), + "shib_check_user: unable to map request to proper shireURL setting, check configuration"); + return SERVER_ERROR; + } + // Get location of this application's assertion consumer service and see if this is it. - if (strstr(targeturl,shire.getShireURL(targeturl))) { + if (strstr(targeturl,shireURL)) { return shib_handler(r,application,shire); } @@ -564,8 +571,15 @@ int shib_handler(request_rec* r, const IApplication* application, SHIRE& shire) const char* targeturl=shib_get_targeturl(r,sc->szScheme); + const char* shireURL=shire.getShireURL(targeturl); + if (!shireURL) { + ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r), + "shib_post_handler: unable to map request to proper shireURL setting, check configuration"); + return SERVER_ERROR; + } + // Make sure we only process the SHIRE requests. - if (!strstr(targeturl,shire.getShireURL(targeturl))) + if (!strstr(targeturl,shireURL)) return DECLINED; ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_handler() running"); diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp index 580eabc..28221cc 100644 --- a/isapi_shib/isapi_shib.cpp +++ b/isapi_shib/isapi_shib.cpp @@ -467,9 +467,13 @@ extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificat // Declare SHIRE object for this request. SHIRE shire(application); + + const char* shireURL=shire.getShireURL(targeturl.c_str()); + if (!shireURL) + return WriteClientError(pfc,"Unable to map request to proper shireURL setting, check configuration."); // If the user is accessing the SHIRE acceptance point, pass it on. - if (targeturl.find(shire.getShireURL(targeturl.c_str()))!=string::npos) + if (targeturl.find(shireURL)!=string::npos) return SF_STATUS_REQ_NEXT_NOTIFICATION; // Now check the policy for this request. @@ -862,9 +866,13 @@ extern "C" DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB) return WriteClientError(lpECB,"Unable to map request to application session settings, check configuration."); SHIRE shire(application); + + const char* shireURL=shire.getShireURL(targeturl.c_str()); + if (!shireURL) + return WriteClientError(lpECB,"Unable to map request to proper shireURL setting, check configuration."); // Make sure we only process the SHIRE requests. - if (!strstr(targeturl.c_str(),shire.getShireURL(targeturl.c_str()))) + if (!strstr(targeturl.c_str(),shireURL)) return WriteClientError(lpECB,"The request's application and associated shireURL setting are inconsistent.");; pair shib_cookie=shire.getCookieNameProps(); diff --git a/shib-target/shib-shire.cpp b/shib-target/shib-shire.cpp index cd9cabc..52d8e9f 100644 --- a/shib-target/shib-shire.cpp +++ b/shib-target/shib-shire.cpp @@ -269,7 +269,7 @@ const char* SHIRE::getShireURL(const char* resource) const } // Should never happen... - if (!shire) + if (!shire || (*shire!='/' && strncmp(shire,"http:",5) && strncmp(shire,"https:",6))) return NULL; // The "shireURL" property can be in one of three formats: