Finished option to set unset headers to fixed value, update docs/specs.

author Scott Cantor <cantor.2@osu.edu>

Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)
author Scott Cantor <cantor.2@osu.edu>
Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)
diff --git a/Makefile.am b/Makefile.am

index 8eb8139..b009b7c 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -16,6 +16,7 @@ dist-hook:
         rm -rf `find $(distdir)/doc -name CVS`
         rm -rf `find $(distdir)/doc -name Makefile`
         rm -rf `find $(distdir)/isapi_shib -name CVS`
+       rm -rf `find $(distdir)/isapi_shib_gui -name CVS`
  
  WANT_SUBDIRS = @WANT_SUBDIRS@
  
diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp

index b090617..e324f3d 100644 (file)
--- a/apache/mod_apache.cpp
+++ b/apache/mod_apache.cpp
@@ -68,6 +68,7 @@ namespace {
      char* g_szSHIBConfig = NULL;
      char* g_szSchemaDir = NULL;
      ShibTargetConfig* g_Config = NULL;
+    string g_unsetHeaderValue;
      static const char* g_UserDataKey = "_shib_check_user_";
  }
  
@@ -277,7 +278,7 @@ public:
    }
    virtual void clearHeader(const string &name) {
      ap_table_unset(m_req->headers_in, name.c_str());
-    ap_table_set(m_req->headers_in, name.c_str(), "");
+    ap_table_set(m_req->headers_in, name.c_str(), g_unsetHeaderValue.c_str());
    }
    virtual void setHeader(const string &name, const string &value) {
      ap_table_set(m_req->headers_in, name.c_str(), value.c_str());
@@ -937,6 +938,15 @@ extern "C" void shib_child_init(apr_pool_t* p, server_rec* s)
              ap_log_error(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() failed to load configuration");
              exit(1);
          }
+
+        IConfig* conf=g_Config->getINI();
+        Locker locker(conf);
+        const IPropertySet* props=conf->getPropertySet("Local");
+        if (props) {
+            pair<bool,const char*> unsetValue=props->getString("unsetHeaderValue");
+            if (unsetValue.first)
+                g_unsetHeaderValue = unsetValue.second;
+        }
      }
      catch (...) {
          ap_log_error(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(s),"shib_child_init() failed to initialize system");
diff --git a/doc/NEWS.txt b/doc/NEWS.txt

index 2efaedb..7f0a316 100644 (file)
--- a/doc/NEWS.txt
+++ b/doc/NEWS.txt
@@ -1,3 +1,8 @@
+6/15/06
+Version 1.3e
+
+Fix for secadv 20060615
+
  4/15/06
  Version 1.3d
  
diff --git a/doc/README.txt b/doc/README.txt

index 5036bd3..f10ba3a 100644 (file)
--- a/doc/README.txt
+++ b/doc/README.txt
@@ -1,5 +1,5 @@
-4/15/06
-Version 1.3d
+6/15/06
+Version 1.3e
  
  Welcome to Internet2's Shibboleth
  
diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp

index f2c50e3..7dbd276 100644 (file)
--- a/nsapi_shib/nsapi_shib.cpp
+++ b/nsapi_shib/nsapi_shib.cpp
@@ -145,7 +145,6 @@ extern "C" NSAPI_PUBLIC int nsapi_shib_init(pblock* pb, Session* sn, Request* rq
          }
  
          daemon_atrestart(nsapi_shib_exit,NULL);
-#ifndef _DEBUG
  
          IConfig* conf=g_Config->getINI();
          Locker locker(conf);
@@ -155,6 +154,7 @@ extern "C" NSAPI_PUBLIC int nsapi_shib_init(pblock* pb, Session* sn, Request* rq
              if (unsetValue.first)
                  g_unsetHeaderValue = unsetValue.second;
          }
+#ifndef _DEBUG
      }
      catch (...) {
          g_Config=NULL;
diff --git a/pkginfo.in b/pkginfo.in

index c0183b3..6841d04 100644 (file)
--- a/pkginfo.in
+++ b/pkginfo.in
@@ -6,6 +6,6 @@ CATEGORY=system
  VENDOR=http://shibboleth.internet2.edu/ packaged for Shibboleth by Scott Cantor
  HOTLINE=http://bugzilla.internet2.edu/
  EMAIL=cantor.2@osu.edu
-PSTAMP=15Apr2006
+PSTAMP=15Jun2006
  CLASSES=none
  BASEDIR=/opt/shibboleth-sp
diff --git a/shibboleth.spec.in b/shibboleth.spec.in

index a3364ef..89212b2 100644 (file)
--- a/shibboleth.spec.in
+++ b/shibboleth.spec.in
@@ -1,7 +1,7 @@
  Name:          shibboleth
  Summary:       Open source system to enable inter-institutional resource sharing
  Version:       @-VERSION-@
-Release:       9
+Release:       10
  #Copyright:    Internet2
  Group:         System Environment/Libraries
  License:       Apache style
@@ -195,6 +195,9 @@ restorecon %{_sbindir}/shibd
  %{_sysconfdir}/selinux/targeted/src/policy/domains/program/*.te
  
  %changelog
+* Wed Jun 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-10
+- Applied fix for sec 20060615
+
  * Fri Apr 15 2006 Scott Cantor  <cantor.2@osu.edu>  - 1.3-9
  - Misc. patches, SuSE, Apache 2.2, gcc 4.1, and 64-bit support
author	Scott Cantor <cantor.2@osu.edu>
	Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Fri, 16 Jun 2006 02:47:57 +0000 (02:47 +0000)
Makefile.am		patch \| blob \| history
apache/mod_apache.cpp		patch \| blob \| history
doc/NEWS.txt		patch \| blob \| history
doc/README.txt		patch \| blob \| history
nsapi_shib/nsapi_shib.cpp		patch \| blob \| history
pkginfo.in		patch \| blob \| history
shibboleth.spec.in		patch \| blob \| history