Externalize publically-needed configure macros and fix GSS-related bugs.

diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp
index 7aa50de..3bc0770 100644 (file)
--- a/apache/mod_apache.cpp
+++ b/apache/mod_apache.cpp
@@ -311,7 +311,7 @@ extern "C" const char* shib_table_set(cmd_parms* parms, shib_dir_config* dc, con
 
 
 class ShibTargetApache : public AbstractSPRequest
-#if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
+#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
     , public GSSRequest
 #endif
 {
@@ -356,6 +356,9 @@ public:
   const char* getScheme() const {
     return m_sc->szScheme ? m_sc->szScheme : ap_http_method(m_req);
   }
+  bool isSecure() const {
+      return HTTPRequest::isSecure();
+  }
   const char* getHostname() const {
     return ap_get_server_name(m_req);
   }
@@ -451,6 +454,12 @@ public:
 #endif
     return m_body.c_str();
   }
+  const char* getParameter(const char* name) const {
+      return AbstractSPRequest::getParameter(name);
+  }
+  vector<const char*>::size_type getParameters(const char* name, vector<const char*>& values) const {
+      return AbstractSPRequest::getParameters(name, values);
+  }
   void clearHeader(const char* rawname, const char* cginame) {
     if (m_dc->bUseHeaders == 1) {
        // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_clear_header: hdr\n");
@@ -591,7 +600,7 @@ public:
   }
   long returnDecline(void) { return DECLINED; }
   long returnOK(void) { return OK; }
-#if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
+#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
   gss_ctx_id_t getGSSContext() const {
     gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
     apr_pool_userdata_get((void**)&ctx, g_szGSSContextKey, m_req->pool);

diff --git a/configure.ac b/configure.ac
index be3a599..4240d10 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -31,7 +31,7 @@ else
     GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG"
 fi
 
-AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_HEADERS([config.h shibsp/config_pub.h])
 AC_CONFIG_FILES([shibboleth.spec pkginfo Portfile])
 
 AC_PROG_CC([gcc gcc3 cc])
@@ -996,7 +996,7 @@ if test x"$want_gss" = xyes; then
   AC_CHECK_HEADER(gss.h,
     [
       dnl found in the given dirs
-      AC_DEFINE([HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries])
+      AC_DEFINE([SHIBSP_HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries])
       gnu_gss=yes
     ],
     [
@@ -1017,7 +1017,7 @@ AC_INCLUDES_DEFAULT
         AC_CHECK_HEADER([gssapi.h],
             [
               dnl found
-              AC_DEFINE([HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries])
+              AC_DEFINE([SHIBSP_HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries])
             ],
             [
               dnl no header found, disabling GSS
@@ -1027,7 +1027,7 @@ AC_INCLUDES_DEFAULT
           )
       else
         dnl MIT found
-        AC_DEFINE([HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries])
+        AC_DEFINE([SHIBSP_HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries])
         dnl check if we have a really old MIT kerberos (<= 1.2)
         AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE])
         AC_COMPILE_IFELSE([
@@ -1055,7 +1055,7 @@ else
   AC_MSG_RESULT(no)
 fi
 if test x"$want_gss" = xyes; then
-  AC_DEFINE([HAVE_GSSAPI],[1],[if you have the gssapi libraries])
+  AC_DEFINE([SHIBSP_HAVE_GSSAPI],[1],[if you have the gssapi libraries])
 
   if test -n "$gnu_gss"; then
     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"

diff --git a/plugins/plugins.cpp b/plugins/plugins.cpp
index a845cfb..1243ed7 100644 (file)
--- a/plugins/plugins.cpp
+++ b/plugins/plugins.cpp
@@ -22,6 +22,8 @@
 
 #include "internal.h"
 #include <shibsp/SPConfig.h>
+#include <shibsp/util/SPConstants.h>
+#include <xmltooling/impl/AnyElement.h>
 
 using namespace shibsp;
 using namespace xmltooling;
@@ -43,6 +45,8 @@ extern "C" int PLUGINS_EXPORTS xmltooling_extension_init(void*)
 {
 #ifdef HAVE_GSSAPI_NAMINGEXTS
     SPConfig::getConfig().AttributeExtractorManager.registerFactory("GSSAPI", GSSAPIExtractorFactory);
+    static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I);
+    XMLObjectBuilder::registerBuilder(xmltooling::QName(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI), new AnyElementBuilder());
 #endif
     return 0;   // signal success
 }

diff --git a/schemas/shibboleth-2.0-attribute-map.xsd b/schemas/shibboleth-2.0-attribute-map.xsd
index b40a8dd..3815208 100644 (file)
--- a/schemas/shibboleth-2.0-attribute-map.xsd
+++ b/schemas/shibboleth-2.0-attribute-map.xsd
@@ -38,6 +38,12 @@
         <anyAttribute namespace="##any" processContents="lax"/>
     </complexType>
     
+    <element name="GSSAPI" type="base64Binary">
+        <annotation>
+            <documentation>A wrapper element for GSS-API contexts.</documentation>
+        </annotation>
+    </element>
+    
     <element name="Attributes">
         <annotation>
             <documentation>The set of SAML or GSS-API attribute mappings.</documentation>

diff --git a/shibsp/AbstractSPRequest.cpp b/shibsp/AbstractSPRequest.cpp
index 7a0d863..4ab8374 100644 (file)
--- a/shibsp/AbstractSPRequest.cpp
+++ b/shibsp/AbstractSPRequest.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2010 Internet2
+ *  Copyright 2001-2011 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -51,7 +51,7 @@ void SPRequest::setAuthType(const char* authtype)
 {
 }
 
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
 GSSRequest::GSSRequest()
 {
 }

diff --git a/shibsp/GSSRequest.h b/shibsp/GSSRequest.h
index cb1c56f..2867d60 100644 (file)
--- a/shibsp/GSSRequest.h
+++ b/shibsp/GSSRequest.h
@@ -20,15 +20,15 @@
  * Interface to a GSS-authenticated request.
  */
 
-#if !defined(__shibsp_gssreq_h__) && defined(HAVE_GSSAPI)
+#if !defined(__shibsp_gssreq_h__) && defined(SHIBSP_HAVE_GSSAPI)
 #define __shibsp_gssreq_h__
 
 #include <shibsp/base.h>
 #include <xmltooling/io/GenericRequest.h>
 
-#ifdef HAVE_GSSGNU
+#ifdef SHIBSP_HAVE_GSSGNU
 # include <gss.h>
-#elif defined HAVE_GSSMIT
+#elif defined SHIBSP_HAVE_GSSMIT
 # include <gssapi/gssapi.h>
 # include <gssapi/gssapi_generic.h>
 #else

diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am
index 539ea30..36af47a 100644 (file)
--- a/shibsp/Makefile.am
+++ b/shibsp/Makefile.am
@@ -29,6 +29,7 @@ libshibspinclude_HEADERS = \
        AccessControl.h \
        Application.h \
        base.h \
+       config_pub.h \
        exceptions.h \
        paths.h \
        GSSRequest.h \
@@ -253,6 +254,8 @@ EXTRA_DIST = \
        shibsp-lite.vcxproj \
        shibsp.vcxproj.filters \
        shibsp-lite.vcxproj.filters \
+       config_pub.h.in \
+    config_pub_win32.h\
        paths.h.in \
        resource.h \
        shibsp.rc

diff --git a/shibsp/base.h b/shibsp/base.h
index 7e7def0..745cb17 100644 (file)
--- a/shibsp/base.h
+++ b/shibsp/base.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2009 Internet2
+ *  Copyright 2001-2011 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,12 @@
 # include <saml/base.h>
 #endif
 
+#if defined (_MSC_VER) || defined(__BORLANDC__)
+  #include <shibsp/config_pub_win32.h>
+#else
+  #include <shibsp/config_pub.h>
+#endif
+
 // Windows and GCC4 Symbol Visibility Macros
 #ifdef WIN32
   #define SHIBSP_IMPORT __declspec(dllimport)

diff --git a/shibsp/config_pub.h.in b/shibsp/config_pub.h.in
new file mode 100644 (file)
index 0000000..8d8a058
--- /dev/null
+++ b/shibsp/config_pub.h.in
@@ -0,0 +1,26 @@
+/* if you have the gssapi libraries */
+#undef SHIBSP_HAVE_GSSAPI
+
+/* if you have the GNU gssapi libraries */
+#undef SHIBSP_HAVE_GSSGNU
+
+/* if you have the Heimdal gssapi libraries */
+#undef SHIBSP_HAVE_GSSHEIMDAL
+
+/* if you have the MIT gssapi libraries */
+#undef SHIBSP_HAVE_GSSMIT
+
+/* Define to 1 if log4cpp library is used. */
+#undef SHIBSP_LOG4CPP
+
+/* Define to 1 if log4shib library is used. */
+#undef SHIBSP_LOG4SHIB
+
+/* Define to 1 if Xerces XMLString includes XMLByte release. */
+#undef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE
+
+/* Define to 1 if Xerces DOMNodeFilter API returns a short. */
+#undef SHIBSP_XERCESC_SHORT_ACCEPTNODE
+
+/* Define to 1 if XML-Security-C supports white/blacklisting algorithms. */
+#undef SHIBSP_XMLSEC_WHITELISTING

diff --git a/shibsp/config_pub_win32.h b/shibsp/config_pub_win32.h
new file mode 100644 (file)
index 0000000..7534a59
--- /dev/null
+++ b/shibsp/config_pub_win32.h
@@ -0,0 +1,31 @@
+/* if you have the gssapi libraries */
+#undef SHIBSP_HAVE_GSSAPI
+
+/* if you have the GNU gssapi libraries */
+#undef SHIBSP_HAVE_GSSGNU
+
+/* if you have the Heimdal gssapi libraries */
+#undef SHIBSP_HAVE_GSSHEIMDAL
+
+/* if you have the MIT gssapi libraries */
+#undef SHIBSP_HAVE_GSSMIT
+
+/* Define to 1 if log4cpp library is used. */
+#undef SHIBSP_LOG4CPP
+
+/* Define to 1 if log4shib library is used. */
+#define SHIBSP_LOG4SHIB 1
+
+#include <xercesc/util/XercesVersion.hpp>
+
+#if (XERCES_VERSION_MAJOR < 3)
+# define SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE 1
+# define SHIBSP_XERCESC_SHORT_ACCEPTNODE 1
+#endif
+
+#ifndef XMLTOOLING_NO_XMLSEC
+# include <xsec/framework/XSECDefs.hpp>
+# if (_XSEC_VERSION_FULL >= 10600)
+#  define SHIBSP_XMLSEC_WHITELISTING 1
+# endif
+#endif

diff --git a/shibsp/handler/impl/RemotedHandler.cpp b/shibsp/handler/impl/RemotedHandler.cpp
index 272f667..5bbdbcf 100644 (file)
--- a/shibsp/handler/impl/RemotedHandler.cpp
+++ b/shibsp/handler/impl/RemotedHandler.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2010 Internet2
+ *  Copyright 2001-2011 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,7 +49,7 @@ using namespace std;
 #ifndef SHIBSP_LITE
 namespace shibsp {
     class SHIBSP_DLLLOCAL RemotedRequest : 
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
         public GSSRequest,
 #endif
         public HTTPRequest
@@ -57,12 +57,12 @@ namespace shibsp {
         DDF& m_input;
         mutable CGIParser* m_parser;
         mutable vector<XSECCryptoX509*> m_certs;
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
         mutable gss_ctx_id_t m_gss;
 #endif
     public:
         RemotedRequest(DDF& input) : m_input(input), m_parser(nullptr)
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
             , m_gss(GSS_C_NO_CONTEXT)
 #endif
         {
@@ -71,7 +71,7 @@ namespace shibsp {
         virtual ~RemotedRequest() {
             for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup<XSECCryptoX509>());
             delete m_parser;
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
             if (m_gss != GSS_C_NO_CONTEXT) {
                 OM_uint32 minor;
                 gss_delete_sec_context(&minor, &m_gss, GSS_C_NO_BUFFER);
@@ -117,7 +117,7 @@ namespace shibsp {
 
         const std::vector<XSECCryptoX509*>& getClientCertificates() const;
         
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
         // GSSRequest
         gss_ctx_id_t getGSSContext() const;
 #endif
@@ -206,7 +206,7 @@ const std::vector<XSECCryptoX509*>& RemotedRequest::getClientCertificates() cons
     return m_certs;
 }
 
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
 gss_ctx_id_t RemotedRequest::getGSSContext() const
 {
     if (m_gss == GSS_C_NO_CONTEXT) {
@@ -360,7 +360,7 @@ DDF RemotedHandler::wrap(const SPRequest& request, const vector<string>* headers
 #endif
     }
 
-#ifdef HAVE_GSSAPI
+#ifdef SHIBSP_HAVE_GSSAPI
     const GSSRequest* gss = dynamic_cast<const GSSRequest*>(&request);
     if (gss) {
         gss_ctx_id_t ctx = gss->getGSSContext();

diff --git a/shibsp/shibsp-lite.vcxproj b/shibsp/shibsp-lite.vcxproj
index 5209287..9a99f86 100644 (file)
--- a/shibsp/shibsp-lite.vcxproj
+++ b/shibsp/shibsp-lite.vcxproj
@@ -249,6 +249,7 @@
     <ClInclude Include="AccessControl.h" />\r
     <ClInclude Include="Application.h" />\r
     <ClInclude Include="base.h" />\r
+    <ClInclude Include="config_pub_win32.h" />\r
     <ClInclude Include="exceptions.h" />\r
     <ClInclude Include="internal.h" />\r
     <ClInclude Include="RequestMapper.h" />\r
@@ -287,6 +288,7 @@
   <ItemGroup>\r
     <None Include="Makefile.am" />\r
     <None Include="paths.h.in" />\r
+    <None Include="config_pub.h.in" />\r
   </ItemGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
   <ImportGroup Label="ExtensionTargets">\r

diff --git a/shibsp/shibsp.vcxproj b/shibsp/shibsp.vcxproj
index 331fddb..012de9d 100644 (file)
--- a/shibsp/shibsp.vcxproj
+++ b/shibsp/shibsp.vcxproj
@@ -290,6 +290,7 @@
     <ClInclude Include="AccessControl.h" />\r
     <ClInclude Include="Application.h" />\r
     <ClInclude Include="base.h" />\r
+    <ClInclude Include="config_pub_win32.h" />\r
     <ClInclude Include="exceptions.h" />\r
     <ClInclude Include="internal.h" />\r
     <ClInclude Include="RequestMapper.h" />\r
@@ -343,6 +344,7 @@
   <ItemGroup>\r
     <None Include="Makefile.am" />\r
     <None Include="paths.h.in" />\r
+    <None Include="config_pub.h.in" />\r
   </ItemGroup>\r
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
   <ImportGroup Label="ExtensionTargets">\r