<tool id="org.eclipse.linuxtools.cdt.autotools.gnu.toolchain.tool.configure.1683701533" name="configure" superClass="org.eclipse.linuxtools.cdt.autotools.gnu.toolchain.tool.configure">
<option id="org.eclipse.linuxtools.cdt.autotools.option.configure.prefix.26305207" name="Arch-independent install directory (--prefix)" superClass="org.eclipse.linuxtools.cdt.autotools.option.configure.prefix" value="/Users/scantor/Documents/workspace/2.0/install" valueType="string"/>
<option id="org.eclipse.linuxtools.cdt.autotools.option.configure.user.1607291625" name="User-specified configuration options" superClass="org.eclipse.linuxtools.cdt.autotools.option.configure.user" value="--enable-debug --with-log4shib=/opt/local --with-xmltooling=/Users/scantor/Documents/workspace/2.0/install" valueType="string"/>
+ <option id="org.eclipse.linuxtools.cdt.autotools.option.configure.includes.1450899039" name="includes" superClass="org.eclipse.linuxtools.cdt.autotools.option.configure.includes" valueType="includePath">
+ <listOptionValue builtIn="false" value=""${workspace_loc:/cpp-xmltooling}""/>
+ <listOptionValue builtIn="false" value=""${workspace_loc:/cpp-opensaml}""/>
+ <listOptionValue builtIn="false" value=""${workspace_loc:/cpp-sp}""/>
+ </option>
<inputType id="org.eclipse.linuxtools.cdt.autotools.inputType.configure.1359986111" superClass="org.eclipse.linuxtools.cdt.autotools.inputType.configure"/>
<inputType id="org.eclipse.linuxtools.cdt.autotools.inputType.configure1.707690559" superClass="org.eclipse.linuxtools.cdt.autotools.inputType.configure1"/>
</tool>
</toolChain>
</folderInfo>
<sourceEntries>
- <entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src/shibresolver"/>
- <entry excluding="shibresolver" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
<entry excluding="src|shibresolver" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
+ <entry excluding="shibresolver" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src"/>
+ <entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="src/shibresolver"/>
</sourceEntries>
</configuration>
</storageModule>
-<?xml version="1.0" encoding="UTF-8"?>\r
-<projectDescription>\r
- <name>cpp-sp-resolver</name>\r
- <comment></comment>\r
- <projects>\r
- </projects>\r
- <buildSpec>\r
- <buildCommand>\r
- <name>org.eclipse.linuxtools.cdt.autotools.genmakebuilder</name>\r
- <arguments>\r
- </arguments>\r
- </buildCommand>\r
- <buildCommand>\r
- <name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>\r
- <arguments>\r
- </arguments>\r
- </buildCommand>\r
- </buildSpec>\r
- <natures>\r
- <nature>org.eclipse.cdt.core.ccnature</nature>\r
- <nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>\r
- <nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>\r
- <nature>org.eclipse.cdt.core.cnature</nature>\r
- <nature>org.eclipse.linuxtools.cdt.autotools.autotoolsNature</nature>\r
- </natures>\r
-</projectDescription>\r
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>cpp-sp-resolver</name>
+ <comment></comment>
+ <projects>
+ <project>cpp-log4shib</project>
+ <project>cpp-opensaml</project>
+ <project>cpp-sp</project>
+ <project>cpp-xmltooling</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.linuxtools.cdt.autotools.genmakebuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.cdt.core.ccnature</nature>
+ <nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+ <nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+ <nature>org.eclipse.cdt.core.cnature</nature>
+ <nature>org.eclipse.linuxtools.cdt.autotools.autotoolsNature</nature>
+ </natures>
+</projectDescription>
GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG"
fi
-AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_HEADERS([config.h src/shibresolver/config_pub.h])
AC_CONFIG_FILES([resolver.spec Portfile])
AC_CONFIG_FILES([Makefile doc/Makefile src/Makefile])
# restore master libs
LIBS="$save_LIBS"
+# GSS-API checking
+
+GSSAPI_ROOT="/usr"
+AC_ARG_WITH(gssapi-includes,
+ AS_HELP_STRING([--with-gssapi-includes=DIR],[Specify location of GSSAPI header]),
+ [ GSSAPI_INCS="-I$withval"
+ want_gss="yes" ]
+)
+
+AC_ARG_WITH(gssapi-libs,
+ AS_HELP_STRING([--with-gssapi-libs=DIR],[Specify location of GSSAPI libs]),
+ [ GSSAPI_LIB_DIR="-L$withval"
+ want_gss="yes" ]
+)
+
+AC_ARG_WITH(gssapi,
+ AS_HELP_STRING([--with-gssapi=DIR],[Where to look for GSSAPI]),
+ [ GSSAPI_ROOT="$withval"
+ if test x"$GSSAPI_ROOT" != xno; then
+ want_gss="yes"
+ if test x"$GSSAPI_ROOT" = xyes; then
+ dnl if yes, then use default root
+ GSSAPI_ROOT="/usr"
+ fi
+ fi
+])
+
+save_CPPFLAGS="$CPPFLAGS"
+AC_MSG_CHECKING([if GSSAPI support is requested])
+if test x"$want_gss" = xyes; then
+ AC_MSG_RESULT(yes)
+
+ if test -z "$GSSAPI_INCS"; then
+ if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+ GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+ elif test "$GSSAPI_ROOT" != "yes"; then
+ GSSAPI_INCS="-I$GSSAPI_ROOT/include"
+ fi
+ fi
+
+ CPPFLAGS="$CPPFLAGS $GSSAPI_INCS"
+
+ AC_CHECK_HEADER(gss.h,
+ [
+ dnl found in the given dirs
+ AC_DEFINE([SHIBRESOLVER_HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries])
+ gnu_gss=yes
+ ],
+ [
+ dnl not found, check Heimdal or MIT
+ AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1])
+ AC_CHECK_HEADERS(
+ [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h],
+ [],
+ [not_mit=1],
+ [
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#endif
+ ])
+ if test "x$not_mit" = "x1"; then
+ dnl MIT not found, check for Heimdal
+ AC_CHECK_HEADER([gssapi.h],
+ [
+ dnl found
+ AC_DEFINE([SHIBRESOLVER_HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries])
+ ],
+ [
+ dnl no header found, disabling GSS
+ want_gss=no
+ AC_MSG_WARN([disabling GSSAPI since no header files was found])
+ ]
+ )
+ else
+ dnl MIT found
+ AC_DEFINE([SHIBRESOLVER_HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries])
+ dnl check if we have a really old MIT kerberos (<= 1.2)
+ AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE])
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
+#include <gssapi/gssapi_krb5.h>
+ ]],[[
+ gss_import_name(
+ (OM_uint32 *)0,
+ (gss_buffer_t)0,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ (gss_name_t *)0);
+ ]])
+ ],[
+ AC_MSG_RESULT([yes])
+ ],[
+ AC_MSG_RESULT([no])
+ AC_DEFINE([HAVE_OLD_GSSMIT],[1],[if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE])
+ ])
+ fi
+ ]
+ )
+else
+ AC_MSG_RESULT(no)
+fi
+if test x"$want_gss" = xyes; then
+ AC_DEFINE([SHIBRESOLVER_HAVE_GSSAPI],[1],[if you have the gssapi libraries])
+
+ if test -n "$gnu_gss"; then
+ LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+ LIBS="$LIBS -lgss"
+ elif test -z "$GSSAPI_LIB_DIR"; then
+ case $host in
+ *-*-darwin*)
+ LIBS="$LIBS -lgssapi_krb5 -lresolv"
+ ;;
+ *)
+ if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+ dnl krb5-config doesn't have --libs-only-L or similar, put everything
+ dnl into LIBS
+ gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+ LIBS="$LIBS $gss_libs"
+ elif test "$GSSAPI_ROOT" != "yes"; then
+ LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+ LIBS="$LIBS -lgssapi"
+ else
+ LIBS="$LIBS -lgssapi"
+ fi
+ ;;
+ esac
+ else
+ LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+ LIBS="$LIBS -lgssapi"
+ fi
+
+ AC_MSG_CHECKING([whether GSS-API naming extensions are available])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[#include <gssapi/gssapi_ext.h>]],
+ [[gss_get_name_attribute(NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL);]])],
+ [AC_MSG_RESULT([yes])AC_DEFINE([HAVE_GSSAPI_NAMINGEXTS],[1],[Define to 1 if GSS-API naming extensions are available.])],
+ [AC_MSG_RESULT([no])])
+
+else
+ CPPFLAGS="$save_CPPFLAGS"
+fi
+
+
AC_SUBST(LITE_LIBS)
AC_SUBST(XMLSEC_LIBS)
libshibresolverinclude_HEADERS = \
shibresolver/base.h \
+ shibresolver/config_pub.h \
shibresolver/resolver.h
noinst_HEADERS = \
EXTRA_DIST = \
resolver.vcxproj \
resolver-lite.vcxproj \
+ shibresolver/config_pub.h.in \
+ shibresolver/config_pub_win32.h \
shibresolver/resource.h \
shibresolver/resolver.rc
</ItemGroup>\r
<ItemGroup>\r
<ClInclude Include="shibresolver\base.h" />\r
+ <ClInclude Include="shibresolver\config_pub_win32.h" />\r
<ClInclude Include="shibresolver\internal.h" />\r
<ClInclude Include="shibresolver\resolver.h" />\r
<ClInclude Include="shibresolver\resource.h" />\r
</ItemGroup>\r
<ItemGroup>\r
<ClInclude Include="shibresolver\base.h" />\r
+ <ClInclude Include="shibresolver\config_pub_win32.h" />\r
<ClInclude Include="shibresolver\internal.h" />\r
<ClInclude Include="shibresolver\resolver.h" />\r
<ClInclude Include="shibresolver\resource.h" />\r
/*
- * Copyright 2010 JANET(UK)
+ * Copyright 2011 JANET(UK)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <shibsp/base.h>
+
+#if defined (_MSC_VER) || defined(__BORLANDC__)
+ #include <shibresolver/config_pub_win32.h>
+#else
+ #include <shibresolver/config_pub.h>
+#endif
+
// Windows and GCC4 Symbol Visibility Macros
#ifdef WIN32
#define SHIBRESOLVER_IMPORT __declspec(dllimport)
--- /dev/null
+/* if you have the gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSAPI
+
+/* if you have the GNU gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSGNU
+
+/* if you have the Heimdal gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSHEIMDAL
+
+/* if you have the MIT gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSMIT
--- /dev/null
+/* if you have the gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSAPI
+
+/* if you have the GNU gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSGNU
+
+/* if you have the Heimdal gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSHEIMDAL
+
+/* if you have the MIT gssapi libraries */
+#undef SHIBRESOLVER_HAVE_GSSMIT
/*
- * Copyright 2010 JANET(UK)
+ * Copyright 2010-2011 JANET(UK)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <shibsp/exceptions.h>
#include <shibsp/Application.h>
+#include <shibsp/GSSRequest.h>
#include <shibsp/SPRequest.h>
#include <shibsp/ServiceProvider.h>
#include <shibsp/attribute/Attribute.h>
#endif
#include <xmltooling/XMLObjectBuilder.h>
#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/impl/AnyElement.h>
#include <xmltooling/util/ParserPool.h>
#include <xmltooling/util/XMLHelper.h>
+#include <xercesc/util/Base64.hpp>
using namespace shibresolver;
using namespace shibsp;
}
ShibbolethResolver::ShibbolethResolver() : m_request(NULL), m_sp(NULL)
+#ifdef SHIBRESOLVER_HAVE_GSSAPI
+ ,m_gsswrapper(NULL)
+#endif
{
}
ShibbolethResolver::~ShibbolethResolver()
{
+#ifdef SHIBRESOLVER_HAVE_GSSAPI
+ delete m_gsswrapper;
+#endif
for_each(m_resolvedAttributes.begin(), m_resolvedAttributes.end(), xmltooling::cleanup<Attribute>());
if (m_sp)
m_sp->unlock();
void ShibbolethResolver::setRequest(const SPRequest* request)
{
m_request = request;
+#if defined(SHIBSP_HAVE_GSSAPI) && defined (SHIBRESOLVER_HAVE_GSSAPI)
+ if (request) {
+ const GSSRequest* gss = dynamic_cast<const GSSRequest*>(request);
+ if (gss) {
+ addToken(gss->getGSSContext());
+ }
+ }
+#endif
}
void ShibbolethResolver::setApplicationID(const char* appID)
m_tokens.push_back(token);
}
+#ifdef SHIBRESOLVER_HAVE_GSSAPI
+void ShibbolethResolver::addToken(gss_ctx_id_t ctx)
+{
+ if (m_gsswrapper) {
+ delete m_gsswrapper;
+ m_gsswrapper = NULL;
+ }
+
+ if (ctx != GSS_C_NO_CONTEXT) {
+ OM_uint32 minor;
+ gss_buffer_desc contextbuf;
+ contextbuf.length = 0;
+ contextbuf.value = NULL;
+ OM_uint32 major = gss_export_sec_context(&minor, &ctx, &contextbuf);
+ if (major == GSS_S_COMPLETE) {
+ xsecsize_t len=0;
+ XMLByte* out=Base64::encode(reinterpret_cast<const XMLByte*>(contextbuf.value), contextbuf.length, &len);
+ if (out) {
+ string s;
+ s.append(reinterpret_cast<char*>(out), len);
+ auto_ptr_XMLCh temp(s.c_str());
+#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE
+ XMLString::release(&out);
+#else
+ XMLString::release((char**)&out);
+#endif
+ static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I);
+ m_gsswrapper = new AnyElementImpl(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI);
+ m_gsswrapper->setTextContent(temp.get());
+ }
+ else {
+ Category::getInstance(SHIBRESOLVER_LOGCAT).error("error while base64-encoding GSS context");
+ }
+ }
+ else {
+ Category::getInstance(SHIBRESOLVER_LOGCAT).error("error exporting GSS context");
+ }
+ }
+}
+#endif
+
void ShibbolethResolver::addAttribute(Attribute* attr)
{
if (attr)
if (!app)
throw ConfigurationException("Unable to locate application for resolution.");
+#ifdef HAVE_GSSAPI
+ if (m_gsswrapper)
+ m_tokens.push_back(m_gsswrapper);
+#endif
+
if (conf.isEnabled(SPConfig::OutOfProcess)) {
g_Remoted.resolve(
*app,
/*
- * Copyright 2010 JANET(UK)
+ * Copyright 2010-2011 JANET(UK)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <string>
#include <vector>
+#ifdef SHIBRESOLVER_HAVE_GSSGNU
+# include <gss.h>
+#elif defined SHIBRESOLVER_HAVE_GSSMIT
+# include <gssapi/gssapi.h>
+# include <gssapi/gssapi_generic.h>
+#else
+# include <gssapi.h>
+#endif
+
namespace xmltooling {
class XMLTOOL_API XMLObject;
};
*/
void addToken(const xmltooling::XMLObject* token);
+#ifdef SHIBRESOLVER_HAVE_GSSAPI
+ /**
+ * Adds a GSS-API security context as input to the resolver.
+ * <p>The caller retains ownership of the context.
+ *
+ * @param ctx an input context to evaluate
+ */
+ void addToken(gss_ctx_id_t ctx);
+#endif
+
/**
* Adds an Attribute as input to the resolver.
* <p>The caller retains ownership of the object.
private:
shibsp::ServiceProvider* m_sp;
+#ifdef SHIBRESOLVER_HAVE_GSSAPI
+ xmltooling::XMLObject* m_gsswrapper;
+#endif
std::vector<shibsp::Attribute*> m_resolvedAttributes;
};