From 58feae57b486f7b2117060228ae93f070a2df869 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 26 Oct 2009 15:27:18 +0000 Subject: [PATCH] Add hooks for protecting headers and redirects. --- apache/mod_apache.cpp | 2 ++ fastcgi/shibauthorizer.cpp | 2 ++ fastcgi/shibresponder.cpp | 4 +++- isapi_shib/isapi_shib.cpp | 5 ++++- nsapi_shib/nsapi_shib.cpp | 2 ++ shibsp/AbstractSPRequest.cpp | 9 +++++++++ shibsp/AbstractSPRequest.h | 2 ++ 7 files changed, 24 insertions(+), 2 deletions(-) diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index a633501..08498d9 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -524,6 +524,7 @@ public: m_req->content_type = ap_psprintf(m_req->pool, type); } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); #ifdef SHIB_DEFERRED_HEADERS if (!m_rc) // this happens on subrequests @@ -553,6 +554,7 @@ public: return DONE; } long sendRedirect(const char* url) { + AbstractSPRequest::sendRedirect(url); ap_table_set(m_req->headers_out, "Location", url); return REDIRECT; } diff --git a/fastcgi/shibauthorizer.cpp b/fastcgi/shibauthorizer.cpp index 59f4417..4d9a4e5 100644 --- a/fastcgi/shibauthorizer.cpp +++ b/fastcgi/shibauthorizer.cpp @@ -193,6 +193,7 @@ public: return ""; } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); // Set for later. if (value) m_response_headers.insert(make_pair(name,value)); @@ -229,6 +230,7 @@ public: } long sendRedirect(const char* url) { + AbstractSPRequest::sendRedirect(url); string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" diff --git a/fastcgi/shibresponder.cpp b/fastcgi/shibresponder.cpp index 1537e33..78a3c9d 100644 --- a/fastcgi/shibresponder.cpp +++ b/fastcgi/shibresponder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2009 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -145,6 +145,7 @@ public: } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); // Set for later. if (value) m_headers.insert(make_pair(name,value)); @@ -182,6 +183,7 @@ public: } long sendRedirect(const char* url) { + AbstractSPRequest::sendRedirect(url); string hdr=string("Status: 302 Please Wait\r\nLocation: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp index dd571f7..0c6baf5 100644 --- a/isapi_shib/isapi_shib.cpp +++ b/isapi_shib/isapi_shib.cpp @@ -534,6 +534,7 @@ public: return getSecureHeader("remote-user"); } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); // Set for later. if (value) m_headers.insert(make_pair(name,value)); @@ -562,7 +563,7 @@ public: return SF_STATUS_REQ_FINISHED; } long sendRedirect(const char* url) { - // XXX: Don't support the httpRedirect option, yet. + AbstractSPRequest::sendRedirect(url); string hdr=string("Location: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" @@ -843,6 +844,7 @@ public: return buf.empty() ? "" : buf; } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); // Set for later. if (value) m_headers.insert(make_pair(name,value)); @@ -904,6 +906,7 @@ public: return HSE_STATUS_SUCCESS; } long sendRedirect(const char* url) { + AbstractSPRequest::sendRedirect(url); string hdr=string("Location: ") + url + "\r\n" "Content-Type: text/html\r\n" "Content-Length: 40\r\n" diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp index b18e914..61db6d2 100644 --- a/nsapi_shib/nsapi_shib.cpp +++ b/nsapi_shib/nsapi_shib.cpp @@ -422,6 +422,7 @@ public: setResponseHeader("Content-Type", type); } void setResponseHeader(const char* name, const char* value) { + AbstractSPRequest::setResponseHeader(name, value); pblock_nvinsert(name, value, m_rq->srvhdrs); } @@ -440,6 +441,7 @@ public: return REQ_EXIT; } long sendRedirect(const char* url) { + AbstractSPRequest::sendRedirect(url); param_free(pblock_remove("content-type", m_rq->srvhdrs)); pblock_nninsert("content-length", 0, m_rq->srvhdrs); pblock_nvinsert("expires", "01-Jan-1997 12:00:00 GMT", m_rq->srvhdrs); diff --git a/shibsp/AbstractSPRequest.cpp b/shibsp/AbstractSPRequest.cpp index 7f880ba..8ab6645 100644 --- a/shibsp/AbstractSPRequest.cpp +++ b/shibsp/AbstractSPRequest.cpp @@ -328,3 +328,12 @@ bool AbstractSPRequest::isPriorityEnabled(SPLogLevel level) const (level == SPError ? Priority::ERROR : Priority::CRIT)))) ); } + +void AbstractSPRequest::setResponseHeader(const char* name, const char* value) +{ +} + +long AbstractSPRequest::sendRedirect(const char* url) +{ + return HTTPResponse::XMLTOOLING_HTTP_STATUS_MOVED; +} diff --git a/shibsp/AbstractSPRequest.h b/shibsp/AbstractSPRequest.h index 318f68c..46d4485 100644 --- a/shibsp/AbstractSPRequest.h +++ b/shibsp/AbstractSPRequest.h @@ -71,6 +71,8 @@ namespace shibsp { const char* getHandlerURL(const char* resource=NULL) const; void log(SPLogLevel level, const std::string& msg) const; bool isPriorityEnabled(SPLogLevel level) const; + void setResponseHeader(const char* name, const char* value); + long sendRedirect(const char* url); private: ServiceProvider* m_sp; -- 2.1.4