From e4d0de20ceb5754ef302d74c6276164fbd259fb4 Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 18 Apr 2007 04:03:13 +0000 Subject: [PATCH] Stop defaulting in xercesc namespace. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2224 cb58f699-b61c-0410-a6fe-9272a202ed29 --- apache/mod_apache.cpp | 28 +++++------ configs/shibboleth.xml.in | 1 - nsapi_shib/nsapi_shib.cpp | 18 +++---- schemas/shibboleth-spconfig-2.0.xsd | 1 - shibd/shibd.cpp | 6 +-- shibsp/SessionCache.h | 2 +- shibsp/handler/AbstractHandler.h | 4 +- shibsp/handler/AssertionConsumerService.h | 2 +- shibsp/handler/impl/SAML2SessionInitiator.cpp | 69 +++++++++++++++++++++++---- shibsp/internal.h | 2 + siterefresh/siterefresh.cpp | 1 + util/samlquery.cpp | 6 +-- 12 files changed, 96 insertions(+), 44 deletions(-) diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index 21c3a8f..d4006da 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -561,7 +561,7 @@ public: bool authorized(const SPRequest& request, const Session* session) const; }; -AccessControl* htAccessFactory(const DOMElement* const & e) +AccessControl* htAccessFactory(const xercesc::DOMElement* const & e) { return new htAccessControl(); } @@ -569,7 +569,7 @@ AccessControl* htAccessFactory(const DOMElement* const & e) class ApacheRequestMapper : public virtual RequestMapper, public virtual PropertySet { public: - ApacheRequestMapper(const DOMElement* e); + ApacheRequestMapper(const xercesc::DOMElement* e); ~ApacheRequestMapper() { delete m_mapper; delete m_htaccess; delete m_staKey; delete m_propsKey; } Lockable* lock() { return m_mapper->lock(); } void unlock() { m_staKey->setData(NULL); m_propsKey->setData(NULL); m_mapper->unlock(); } @@ -582,7 +582,7 @@ public: pair getUnsignedInt(const char* name, const char* ns=NULL) const; pair getInt(const char* name, const char* ns=NULL) const; const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const; - const DOMElement* getElement() const; + const xercesc::DOMElement* getElement() const; private: RequestMapper* m_mapper; @@ -591,12 +591,12 @@ private: AccessControl* m_htaccess; }; -RequestMapper* ApacheRequestMapFactory(const DOMElement* const & e) +RequestMapper* ApacheRequestMapFactory(const xercesc::DOMElement* const & e) { return new ApacheRequestMapper(e); } -ApacheRequestMapper::ApacheRequestMapper(const DOMElement* e) : m_mapper(NULL), m_staKey(NULL), m_propsKey(NULL), m_htaccess(NULL) +ApacheRequestMapper::ApacheRequestMapper(const xercesc::DOMElement* e) : m_mapper(NULL), m_staKey(NULL), m_propsKey(NULL), m_htaccess(NULL) { m_mapper=SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e); m_htaccess=new htAccessControl(); @@ -687,7 +687,7 @@ const PropertySet* ApacheRequestMapper::getPropertySet(const char* name, const c return s ? s->getPropertySet(name,ns) : NULL; } -const DOMElement* ApacheRequestMapper::getElement() const +const xercesc::DOMElement* ApacheRequestMapper::getElement() const { const PropertySet* s=reinterpret_cast(m_propsKey->getData()); return s ? s->getElement() : NULL; @@ -808,14 +808,14 @@ bool htAccessControl::authorized(const SPRequest& request, const Session* sessio try { // To do regex matching, we have to convert from UTF-8. auto_ptr trans(fromUTF8(w)); - RegularExpression re(trans.get()); + xercesc::RegularExpression re(trans.get()); auto_ptr trans2(fromUTF8(remote_user.c_str())); if (re.matches(trans2.get())) { request.log(SPRequest::SPDebug, string("htAccessControl plugin accepting user (") + w + ")"); SHIB_AP_CHECK_IS_OK; } } - catch (XMLException& ex) { + catch (xercesc::XMLException& ex) { auto_ptr_char tmp(ex.getMessage()); request.log(SPRequest::SPError, string("htAccessControl plugin caught exception while parsing regular expression (") + w + "): " + tmp.get()); @@ -870,11 +870,11 @@ bool htAccessControl::authorized(const SPRequest& request, const Session* sessio } try { - auto_ptr re; + auto_ptr re; if (regexp) { delete re.release(); auto_ptr trans(fromUTF8(w)); - auto_ptr temp(new RegularExpression(trans.get())); + auto_ptr temp(new xercesc::RegularExpression(trans.get())); re=temp; } @@ -901,7 +901,7 @@ bool htAccessControl::authorized(const SPRequest& request, const Session* sessio } } } - catch (XMLException& ex) { + catch (xercesc::XMLException& ex) { auto_ptr_char tmp(ex.getMessage()); request.log(SPRequest::SPError, string("htAccessControl plugin caught exception while parsing regular expression (") + w + "): " + tmp.get() @@ -1032,9 +1032,9 @@ extern "C" void shib_child_init(apr_pool_t* p, server_rec* s) g_Config->RequestMapperManager.registerFactory(NATIVE_REQUEST_MAPPER,&ApacheRequestMapFactory); try { - DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); - XercesJanitor docjanitor(dummydoc); - DOMElement* dummy = dummydoc->createElementNS(NULL,path); + xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor docjanitor(dummydoc); + xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path); auto_ptr_XMLCh src(g_szSHIBConfig); dummy->setAttributeNS(NULL,path,src.get()); dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE); diff --git a/configs/shibboleth.xml.in b/configs/shibboleth.xml.in index ec8050f..e269647 100644 --- a/configs/shibboleth.xml.in +++ b/configs/shibboleth.xml.in @@ -142,7 +142,6 @@ * forceAuthn insist on user reauthentication at IdP * isPassive preclude interaction at IdP or discovery service * authnContextClassRef URI reference of an AuthnContextClass to request - * authnContextDeclRef URI reference of an AuthnContextDecl to request * authnContextComparison comparison operator to apply to AuthnContext reference --> diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp index c07fd44..0b83ec8 100644 --- a/nsapi_shib/nsapi_shib.cpp +++ b/nsapi_shib/nsapi_shib.cpp @@ -78,7 +78,7 @@ namespace { static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e); } -PluginManager::Factory SunRequestMapFactory; +PluginManager::Factory SunRequestMapFactory; extern "C" NSAPI_PUBLIC void nsapi_shib_exit(void*) { @@ -142,9 +142,9 @@ extern "C" NSAPI_PUBLIC int nsapi_shib_init(pblock* pb, ::Session* sn, Request* g_Config->RequestMapperManager.registerFactory(XML_REQUEST_MAPPER,&SunRequestMapFactory); try { - DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); - XercesJanitor docjanitor(dummydoc); - DOMElement* dummy = dummydoc->createElementNS(NULL,path); + xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor docjanitor(dummydoc); + xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path); auto_ptr_XMLCh src(config); dummy->setAttributeNS(NULL,path,src.get()); dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE); @@ -432,7 +432,7 @@ extern "C" NSAPI_PUBLIC int shib_handler(pblock* pb, ::Session* sn, Request* rq) class SunRequestMapper : public virtual RequestMapper, public virtual PropertySet { public: - SunRequestMapper(const DOMElement* e); + SunRequestMapper(const xercesc::DOMElement* e); ~SunRequestMapper() { delete m_mapper; delete m_stKey; delete m_propsKey; } Lockable* lock() { return m_mapper->lock(); } void unlock() { m_stKey->setData(NULL); m_propsKey->setData(NULL); m_mapper->unlock(); } @@ -445,7 +445,7 @@ public: pair getUnsignedInt(const char* name, const char* ns=NULL) const; pair getInt(const char* name, const char* ns=NULL) const; const PropertySet* getPropertySet(const char* name, const char* ns="urn:mace:shibboleth:target:config:1.0") const; - const DOMElement* getElement() const; + const xercesc::DOMElement* getElement() const; private: RequestMapper* m_mapper; @@ -453,12 +453,12 @@ private: ThreadKey* m_propsKey; }; -RequestMapper* SunRequestMapFactory(const DOMElement* const & e) +RequestMapper* SunRequestMapFactory(const xercesc::DOMElement* const & e) { return new SunRequestMapper(e); } -SunRequestMapper::SunRequestMapper(const DOMElement* e) : m_mapper(NULL), m_stKey(NULL), m_propsKey(NULL) +SunRequestMapper::SunRequestMapper(const xercesc::DOMElement* e) : m_mapper(NULL), m_stKey(NULL), m_propsKey(NULL) { m_mapper = SPConfig::getConfig().RequestMapperManager.newPlugin(XML_REQUEST_MAPPER,e); m_stKey=ThreadKey::create(NULL); @@ -541,7 +541,7 @@ const PropertySet* SunRequestMapper::getPropertySet(const char* name, const char return s ? s->getPropertySet(name,ns) : NULL; } -const DOMElement* SunRequestMapper::getElement() const +const xercesc::DOMElement* SunRequestMapper::getElement() const { const PropertySet* s=reinterpret_cast(m_propsKey->getData()); return s ? s->getElement() : NULL; diff --git a/schemas/shibboleth-spconfig-2.0.xsd b/schemas/shibboleth-spconfig-2.0.xsd index 53cfd87..8338a40 100644 --- a/schemas/shibboleth-spconfig-2.0.xsd +++ b/schemas/shibboleth-spconfig-2.0.xsd @@ -268,7 +268,6 @@ - diff --git a/shibd/shibd.cpp b/shibd/shibd.cpp index e017aac..fbe7662 100644 --- a/shibd/shibd.cpp +++ b/shibd/shibd.cpp @@ -136,9 +136,9 @@ int real_main(int preinit) fprintf(stderr, "loading configuration file: %s\n", shar_config); static const XMLCh path[] = UNICODE_LITERAL_4(p,a,t,h); static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e); - DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); - XercesJanitor docjanitor(dummydoc); - DOMElement* dummy = dummydoc->createElementNS(NULL,path); + xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor docjanitor(dummydoc); + xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path); auto_ptr_XMLCh src(shar_config); dummy->setAttributeNS(NULL,path,src.get()); dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE); diff --git a/shibsp/SessionCache.h b/shibsp/SessionCache.h index f9403cc..3b35712 100644 --- a/shibsp/SessionCache.h +++ b/shibsp/SessionCache.h @@ -157,7 +157,7 @@ namespace shibsp { * * @param e root of DOM tree to configure the cache */ - SessionCache(const DOMElement* e); + SessionCache(const xercesc::DOMElement* e); /** maximum lifetime in seconds for unused sessions to be cached */ unsigned long m_cacheTimeout; diff --git a/shibsp/handler/AbstractHandler.h b/shibsp/handler/AbstractHandler.h index 00cbf57..bc17689 100644 --- a/shibsp/handler/AbstractHandler.h +++ b/shibsp/handler/AbstractHandler.h @@ -55,9 +55,9 @@ namespace shibsp { * @param remapper optional map of property rename rules for legacy property support */ AbstractHandler( - const DOMElement* e, + const xercesc::DOMElement* e, log4cpp::Category& log, - DOMNodeFilter* filter=NULL, + xercesc::DOMNodeFilter* filter=NULL, const std::map* remapper=NULL ); diff --git a/shibsp/handler/AssertionConsumerService.h b/shibsp/handler/AssertionConsumerService.h index 8ff6475..a2a5664 100644 --- a/shibsp/handler/AssertionConsumerService.h +++ b/shibsp/handler/AssertionConsumerService.h @@ -56,7 +56,7 @@ namespace shibsp { * @param appId ID of application that "owns" the handler * @param log a logging object to use */ - AssertionConsumerService(const DOMElement* e, const char* appId, log4cpp::Category& log); + AssertionConsumerService(const xercesc::DOMElement* e, const char* appId, log4cpp::Category& log); /** * Implement protocol-specific handling of the incoming decoded message. diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp index 600f45e..2fc3cd9 100644 --- a/shibsp/handler/impl/SAML2SessionInitiator.cpp +++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp @@ -74,8 +74,10 @@ namespace shibsp { HTTPResponse& httpResponse, const char* entityID, const XMLCh* acsIndex, - const XMLCh* acsLocation, + const char* acsLocation, const XMLCh* acsBinding, + bool isPassive, + bool forceAuthn, string& relayState ) const; @@ -165,6 +167,9 @@ pair SAML2SessionInitiator::run(SPRequest& request, const char* entit string target; const Handler* ACS=NULL; const char* option; + pair acClass; + pair acComp; + bool isPassive=false,forceAuthn=false; const Application& app=request.getApplication(); pair acsByIndex = getBool("acsByIndex"); @@ -181,11 +186,34 @@ pair SAML2SessionInitiator::run(SPRequest& request, const char* entit // so we'll need the target resource for real. recoverRelayState(request.getApplication(), request, target, false); } + + option = request.getParameter("isPassive"); + isPassive = (option && (*option=='1' || *option=='t')); + if (!isPassive) { + option = request.getParameter("forceAuthn"); + forceAuthn = (option && (*option=='1' || *option=='t')); + } + + acClass.second = request.getParameter("authnContextClassRef"); + acClass.first = (acClass.second!=NULL); + acComp.second = request.getParameter("authnContextComparison"); + acComp.first = (acComp.second!=NULL); } else { // We're running as a "virtual handler" from within the filter. // The target resource is the current one and everything else is defaulted. target=request.getRequestURL(); + const PropertySet* settings = request.getRequestSettings().first; + + pair flag = settings->getBool("isPassive"); + isPassive = flag.first && flag.second; + if (!isPassive) { + flag = settings->getBool("forceAuthn"); + forceAuthn = flag.first && flag.second; + } + + acClass = settings->getString("authnContextClassRef"); + acComp = settings->getString("authnContextComparison"); } m_log.debug("attempting to initiate session using SAML 2.0 with provider (%s)", entityID); @@ -205,7 +233,9 @@ pair SAML2SessionInitiator::run(SPRequest& request, const char* entit if (option) target = option; } - return doRequest(app, request, entityID, ACS ? ACS->getXMLString("index").second : NULL, NULL, NULL, target); + return doRequest( + app, request, entityID, ACS ? ACS->getXMLString("index").second : NULL, NULL, NULL, isPassive, forceAuthn, target + ); } // Since we're not passing by index, we need to fully compute the return URL and binding. @@ -226,8 +256,9 @@ pair SAML2SessionInitiator::run(SPRequest& request, const char* entit target = option; } - auto_ptr_XMLCh wideloc(ACSloc.c_str()); - return doRequest(app, request, entityID, NULL, wideloc.get(), ACS ? ACS->getXMLString("Binding").second : NULL, target); + return doRequest( + app, request, entityID, NULL, ACSloc.c_str(), ACS ? ACS->getXMLString("Binding").second : NULL, isPassive, forceAuthn, target + ); } // Remote the call. @@ -235,6 +266,14 @@ pair SAML2SessionInitiator::run(SPRequest& request, const char* entit DDFJanitor jin(in), jout(out); in.addmember("application_id").string(app.getId()); in.addmember("entity_id").string(entityID); + if (isPassive) + in.addmember("isPassive").integer(1); + else if (forceAuthn) + in.addmember("forceAuthn").integer(1); + if (acClass.first) + in.addmember("authnContextClassRef").string(acClass.second); + if (acComp.first) + in.addmember("authnContextComparison").string(acComp.second); if (acsByIndex.first && acsByIndex.second) { if (ACS) in.addmember("acsIndex").string(ACS->getString("index").second); @@ -291,7 +330,6 @@ void SAML2SessionInitiator::receive(DDF& in, ostream& out) auto_ptr http(getResponse(ret)); auto_ptr_XMLCh index(in["acsIndex"].string()); - auto_ptr_XMLCh loc(in["acsLocation"].string()); auto_ptr_XMLCh bind(in["acsBinding"].string()); string relayState(in["RelayState"].string() ? in["RelayState"].string() : ""); @@ -299,7 +337,12 @@ void SAML2SessionInitiator::receive(DDF& in, ostream& out) // Since we're remoted, the result should either be a throw, which we pass on, // a false/0 return, which we just return as an empty structure, or a response/redirect, // which we capture in the facade and send back. - doRequest(*app, *http.get(), entityID, index.get(), loc.get(), bind.get(), relayState); + doRequest( + *app, *http.get(), entityID, + index.get(), in["acsLocation"].string(), bind.get(), + in["isPassive"].integer()==1, in["forceAuthn"].integer()==1, + relayState + ); out << ret; } @@ -308,8 +351,10 @@ pair SAML2SessionInitiator::doRequest( HTTPResponse& httpResponse, const char* entityID, const XMLCh* acsIndex, - const XMLCh* acsLocation, + const char* acsLocation, const XMLCh* acsBinding, + bool isPassive, + bool forceAuthn, string& relayState ) const { @@ -351,10 +396,16 @@ pair SAML2SessionInitiator::doRequest( req->setDestination(ep->getLocation()); if (acsIndex) req->setAssertionConsumerServiceIndex(acsIndex); - if (acsLocation) - req->setAssertionConsumerServiceURL(acsLocation); + if (acsLocation) { + auto_ptr_XMLCh wideloc(acsLocation); + req->setAssertionConsumerServiceURL(wideloc.get()); + } if (acsBinding) req->setProtocolBinding(acsBinding); + if (isPassive) + req->IsPassive(isPassive); + else if (forceAuthn) + req->ForceAuthn(forceAuthn); Issuer* issuer = IssuerBuilder::buildIssuer(); req->setIssuer(issuer); issuer->setName(app.getXMLString("providerId").second); diff --git a/shibsp/internal.h b/shibsp/internal.h index 7e8e3a1..b609431 100644 --- a/shibsp/internal.h +++ b/shibsp/internal.h @@ -43,6 +43,8 @@ #include "base.h" #include "SPConfig.h" +using namespace xercesc; + namespace shibsp { /// @cond OFF diff --git a/siterefresh/siterefresh.cpp b/siterefresh/siterefresh.cpp index d586f2e..9017c9f 100644 --- a/siterefresh/siterefresh.cpp +++ b/siterefresh/siterefresh.cpp @@ -52,6 +52,7 @@ using namespace xmltooling; using namespace samlconstants; using namespace opensaml::saml2md; using namespace opensaml; +using namespace xercesc; using namespace log4cpp; using namespace std; diff --git a/util/samlquery.cpp b/util/samlquery.cpp index 08986a9..1e07339 100644 --- a/util/samlquery.cpp +++ b/util/samlquery.cpp @@ -113,9 +113,9 @@ int main(int argc,char* argv[]) try { static const XMLCh path[] = UNICODE_LITERAL_4(p,a,t,h); static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e); - DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); - XercesJanitor docjanitor(dummydoc); - DOMElement* dummy = dummydoc->createElementNS(NULL,path); + xercesc::DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor docjanitor(dummydoc); + xercesc::DOMElement* dummy = dummydoc->createElementNS(NULL,path); auto_ptr_XMLCh src(config); dummy->setAttributeNS(NULL,path,src.get()); dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE); -- 2.1.4