projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a15319b)
properly support multiple attribute statements
authorLuke Howard <lukeh@padl.com>
Wed, 13 Oct 2010 00:51:09 +0000 (11:51 +1100)
committerLuke Howard <lukeh@padl.com>
Wed, 13 Oct 2010 00:51:09 +0000 (11:51 +1100)
util_saml.cpp patch | blob | history
util_saml.h patch | blob | history
util_shib.cpp patch | blob | history
util_shib.h patch | blob | history

diff --git a/util_saml.cpp b/util_saml.cpp
index 7e088eb..2017f3e 100644 (file)
--- a/util_saml.cpp
+++ b/util_saml.cpp
@@ -361,7 +361,6 @@ gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAtt
                                               void *data) const
 {
     const saml2::Assertion *assertion;
-    bool ret = true;
     int authenticated;
 
     if (!getAssertion(&authenticated, &assertion))
@@ -381,36 +380,49 @@ gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAtt
      *   query, the retrieved attributes SHOULD be GSS-API name attributes
      *   using the same name syntax.
      */
-    const vector<saml2::Attribute*>& attrs2 =
-        const_cast<const saml2::AttributeStatement*>(assertion->getAttributeStatements().front())->getAttributes();
-    for (vector<saml2::Attribute*>::const_iterator a = attrs2.begin();
-        a != attrs2.end();
-        ++a)
-    {
-        const XMLCh *attributeName = (*a)->getName();
-        const XMLCh *attributeNameFormat = (*a)->getNameFormat();
-        XMLCh *qualifiedName;
-        XMLCh space[2] = { ' ', 0 };
-        gss_buffer_desc utf8;
-
-        qualifiedName = new XMLCh[XMLString::stringLen(attributeNameFormat) + 1 +
-                                  XMLString::stringLen(attributeName) + 1];
-        XMLString::copyString(qualifiedName, attributeNameFormat);
-        XMLString::catString(qualifiedName, space);
-        XMLString::catString(qualifiedName, attributeName);
-
-        utf8.value = (void *)toUTF8(qualifiedName);
-        utf8.length = strlen((char *)utf8.value);
-
-        ret = addAttribute(this, &utf8, data);
-
-        delete qualifiedName;
-
-        if (!ret)
-            break;
+    /* For each attribute statement, look for an attribute match */
+    const vector <saml2::AttributeStatement *>&statements =
+        assertion->getAttributeStatements();
+
+    for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
+        s != statements.end();
+        ++s) {
+        const vector<saml2::Attribute*>& attrs =
+            const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
+
+        for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
+            const XMLCh *attributeName = (*a)->getName();
+            const XMLCh *attributeNameFormat = (*a)->getNameFormat();
+            XMLCh *qualifiedName;
+            XMLCh space[2] = { ' ', 0 };
+            gss_buffer_desc utf8;
+            bool ret;
+
+            qualifiedName = new XMLCh[XMLString::stringLen(attributeNameFormat) + 1 +
+                                      XMLString::stringLen(attributeName) + 1];
+            XMLString::copyString(qualifiedName, attributeNameFormat);
+            XMLString::catString(qualifiedName, space);
+            XMLString::catString(qualifiedName, attributeName);
+
+            utf8.value = (void *)toUTF8(qualifiedName);
+            utf8.length = strlen((char *)utf8.value);
+
+            ret = addAttribute(this, &utf8, data);
+
+            delete qualifiedName;
+
+            if (!ret)
+                return ret;
+        }
     }
 
-    return ret;
+    return true;
+}
+
+ssize_t
+gss_eap_saml_attr_provider::getAttributeIndex(const gss_buffer_t attr) const
+{
+    return -1;
 }
 
 bool
diff --git a/util_saml.h b/util_saml.h
index 7c457e8..8beb821 100644 (file)
--- a/util_saml.h
+++ b/util_saml.h
@@ -132,6 +132,7 @@ public:
                       const opensaml::saml2::Attribute **pAttribute) const;
     bool getAssertion(int *authenticated,
                       const opensaml::saml2::Assertion **pAssertion) const;
+    ssize_t getAttributeIndex(const gss_buffer_t attr) const;
 
     static bool init(void);
     static void finalize(void);
diff --git a/util_shib.cpp b/util_shib.cpp
index d2e7eec..0c9744d 100644 (file)
--- a/util_shib.cpp
+++ b/util_shib.cpp
@@ -192,7 +192,7 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
     return true;
 }
 
-int
+ssize_t
 gss_eap_shib_attr_provider::getAttributeIndex(const gss_buffer_t attr) const
 {
     int i = 0;
diff --git a/util_shib.h b/util_shib.h
index 6189360..6e53aec 100644 (file)
--- a/util_shib.h
+++ b/util_shib.h
@@ -87,7 +87,7 @@ private:
     static std::vector <shibsp::Attribute *>
         duplicateAttributes(const std::vector <shibsp::Attribute *>src);
 
-    int getAttributeIndex(const gss_buffer_t attr) const;
+    ssize_t getAttributeIndex(const gss_buffer_t attr) const;
     const shibsp::Attribute *getAttribute(const gss_buffer_t attr) const;
 
     std::vector<shibsp::Attribute *> getAttributes(void) const {
Moonshot GSS-API mechanism