From 899278abaff1e70892031fd897924038d09a7b32 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 12 Feb 2007 06:30:07 +0000 Subject: [PATCH] Draft of query tool, not working yet. --- .cdtproject | 1 + Makefile.am | 2 +- Shibboleth.sln | 28 +- apache/mod_shib13.vcproj | 2 - apache/mod_shib20.vcproj | 2 - configure.ac | 2 +- isapi_shib/isapi_shib.vcproj | 2 - nsapi_shib/nsapi_shib.vcproj | 2 - odbc-store/odbc-store.vcproj | 2 - shibd/shibd.vcproj | 16 +- shibd/shibd_win32.cpp | 3 +- shibsp/ServiceProvider.h | 8 +- shibsp/base.h | 4 +- shibsp/impl/XMLServiceProvider.cpp | 55 ++- shibsp/shibsp.vcproj | 2 - shibtest/shibtest.dsp | 90 ----- siterefresh/siterefresh.vcproj | 2 - test/Makefile.am | 10 - test/shibtest.cpp | 191 ---------- util/.gitignore | 2 + util/Makefile.am | 10 + util/samlquery.cpp | 257 ++++++++++++++ shibtest/shibtest.vcproj => util/samlquery.vcproj | 415 +++++++++++----------- 23 files changed, 525 insertions(+), 583 deletions(-) delete mode 100644 shibtest/shibtest.dsp delete mode 100644 test/Makefile.am delete mode 100644 test/shibtest.cpp create mode 100644 util/.gitignore create mode 100644 util/Makefile.am create mode 100644 util/samlquery.cpp rename shibtest/shibtest.vcproj => util/samlquery.vcproj (68%) diff --git a/.cdtproject b/.cdtproject index 3fbd0f5..c794717 100644 --- a/.cdtproject +++ b/.cdtproject @@ -21,6 +21,7 @@ + diff --git a/Makefile.am b/Makefile.am index 5c1671b..d7ffc94 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ WANT_SUBDIRS = @WANT_SUBDIRS@ SUBDIRS = $(WANT_SUBDIRS) -DIST_SUBDIRS = doc schemas configs shibsp shibd test \ +DIST_SUBDIRS = doc schemas configs shibsp shibd util \ apache siterefresh odbc-store nsapi_shib selinux all-local: shibboleth.spec pkginfo diff --git a/Shibboleth.sln b/Shibboleth.sln index be21b52..29142ba 100644 --- a/Shibboleth.sln +++ b/Shibboleth.sln @@ -42,15 +42,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsapi_shib", "nsapi_shib\ns {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} EndProjectSection EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibtest", "shibtest\shibtest.vcproj", "{67AF22A3-C26E-40BE-B0CA-2ABEE5123763}" - ProjectSection(WebsiteProperties) = preProject - Debug.AspNetCompiler.Debug = "True" - Release.AspNetCompiler.Debug = "False" - EndProjectSection - ProjectSection(ProjectDependencies) = postProject - {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "siterefresh", "siterefresh\siterefresh.vcproj", "{4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB}" ProjectSection(WebsiteProperties) = preProject Debug.AspNetCompiler.Debug = "True" @@ -105,6 +96,15 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shibd", "shibd\shibd.vcproj {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "samlquery", "util\samlquery.vcproj", "{F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}" + ProjectSection(WebsiteProperties) = preProject + Debug.AspNetCompiler.Debug = "True" + Release.AspNetCompiler.Debug = "False" + EndProjectSection + ProjectSection(ProjectDependencies) = postProject + {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} = {81F0F7A6-DC36-46EF-957F-F9E81D4403F6} + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 @@ -131,10 +131,6 @@ Global {1396D80A-8672-4224-9B02-95F3F4207CDB}.Debug|Win32.Build.0 = Debug|Win32 {1396D80A-8672-4224-9B02-95F3F4207CDB}.Release|Win32.ActiveCfg = Release|Win32 {1396D80A-8672-4224-9B02-95F3F4207CDB}.Release|Win32.Build.0 = Release|Win32 - {67AF22A3-C26E-40BE-B0CA-2ABEE5123763}.Debug|Win32.ActiveCfg = Debug|Win32 - {67AF22A3-C26E-40BE-B0CA-2ABEE5123763}.Debug|Win32.Build.0 = Debug|Win32 - {67AF22A3-C26E-40BE-B0CA-2ABEE5123763}.Release|Win32.ActiveCfg = Release|Win32 - {67AF22A3-C26E-40BE-B0CA-2ABEE5123763}.Release|Win32.Build.0 = Release|Win32 {4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB}.Debug|Win32.ActiveCfg = Debug|Win32 {4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB}.Debug|Win32.Build.0 = Debug|Win32 {4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB}.Release|Win32.ActiveCfg = Release|Win32 @@ -155,6 +151,10 @@ Global {F13141B5-6C87-40BB-8D4E-5CC56EBB4C59}.Debug|Win32.Build.0 = Debug|Win32 {F13141B5-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.ActiveCfg = Release|Win32 {F13141B5-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.Build.0 = Release|Win32 + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Debug|Win32.ActiveCfg = Debug|Win32 + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Debug|Win32.Build.0 = Debug|Win32 + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.ActiveCfg = Release|Win32 + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59}.Release|Win32.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -168,6 +168,6 @@ Global {D341DCD8-7DCD-43A2-8559-C07DAB838711} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {666A63A7-983F-4C19-8411-207F24305197} = {96AE4FC9-45EF-4C18-9F3B-EDA439E26E4C} {4D02F36E-D2CD-4FD1-AC50-2941E27BB3FB} = {FED80230-119E-4B2F-9F53-D2660A5F022B} - {67AF22A3-C26E-40BE-B0CA-2ABEE5123763} = {FED80230-119E-4B2F-9F53-D2660A5F022B} + {F13141B6-6C87-40BB-8D4E-5CC56EBB4C59} = {FED80230-119E-4B2F-9F53-D2660A5F022B} EndGlobalSection EndGlobal diff --git a/apache/mod_shib13.vcproj b/apache/mod_shib13.vcproj index 1a5527d..98aa049 100644 --- a/apache/mod_shib13.vcproj +++ b/apache/mod_shib13.vcproj @@ -54,7 +54,6 @@ RuntimeLibrary="2" EnableFunctionLevelLinking="true" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Release/mod_shib13.pch" AssemblerListingLocation=".\Release/" ObjectFile=".\Release/" @@ -150,7 +149,6 @@ BasicRuntimeChecks="3" RuntimeLibrary="3" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Debug/mod_shib13.pch" AssemblerListingLocation=".\Debug/" ObjectFile=".\Debug/" diff --git a/apache/mod_shib20.vcproj b/apache/mod_shib20.vcproj index c7389d7..1f160b4 100644 --- a/apache/mod_shib20.vcproj +++ b/apache/mod_shib20.vcproj @@ -54,7 +54,6 @@ RuntimeLibrary="2" EnableFunctionLevelLinking="true" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\mod_shib20___Win32_Release/mod_shib20.pch" AssemblerListingLocation=".\mod_shib20___Win32_Release/" ObjectFile=".\mod_shib20___Win32_Release/" @@ -150,7 +149,6 @@ BasicRuntimeChecks="3" RuntimeLibrary="3" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\mod_shib20___Win32_Debug/mod_shib20.pch" AssemblerListingLocation=".\mod_shib20___Win32_Debug/" ObjectFile=".\mod_shib20___Win32_Debug/" diff --git a/configure.ac b/configure.ac index bb90555..f716d0e 100644 --- a/configure.ac +++ b/configure.ac @@ -195,7 +195,7 @@ opensaml::SAMLConfig::getConfig(); WANT_SUBDIRS="doc schemas configs shibsp shibd siterefresh test" AC_CONFIG_FILES([Makefile doc/Makefile schemas/Makefile \ configs/Makefile shibsp/Makefile shibd/Makefile siterefresh/Makefile \ - test/Makefile selinux/Makefile]) + util/Makefile selinux/Makefile]) # diff --git a/isapi_shib/isapi_shib.vcproj b/isapi_shib/isapi_shib.vcproj index fb96842..93fad1b 100644 --- a/isapi_shib/isapi_shib.vcproj +++ b/isapi_shib/isapi_shib.vcproj @@ -54,7 +54,6 @@ RuntimeLibrary="2" EnableFunctionLevelLinking="true" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Release/isapi_shib.pch" AssemblerListingLocation=".\Release/" ObjectFile=".\Release/" @@ -152,7 +151,6 @@ BasicRuntimeChecks="3" RuntimeLibrary="3" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Debug/isapi_shib.pch" AssemblerListingLocation=".\Debug/" ObjectFile=".\Debug/" diff --git a/nsapi_shib/nsapi_shib.vcproj b/nsapi_shib/nsapi_shib.vcproj index 74ac4cc..fadcaeb 100644 --- a/nsapi_shib/nsapi_shib.vcproj +++ b/nsapi_shib/nsapi_shib.vcproj @@ -54,7 +54,6 @@ RuntimeLibrary="2" EnableFunctionLevelLinking="true" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Release/nsapi_shib.pch" AssemblerListingLocation=".\Release/" ObjectFile=".\Release/" @@ -150,7 +149,6 @@ BasicRuntimeChecks="3" RuntimeLibrary="3" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Debug/nsapi_shib.pch" AssemblerListingLocation=".\Debug/" ObjectFile=".\Debug/" diff --git a/odbc-store/odbc-store.vcproj b/odbc-store/odbc-store.vcproj index 4a77a49..91676b8 100644 --- a/odbc-store/odbc-store.vcproj +++ b/odbc-store/odbc-store.vcproj @@ -44,7 +44,6 @@ MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" - UsePrecompiledHeader="0" WarningLevel="3" Detect64BitPortabilityProblems="true" DebugInformationFormat="4" @@ -120,7 +119,6 @@ Name="VCCLCompilerTool" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;ODBCSTORE_EXPORTS" RuntimeLibrary="2" - UsePrecompiledHeader="0" WarningLevel="3" Detect64BitPortabilityProblems="true" DebugInformationFormat="3" diff --git a/shibd/shibd.vcproj b/shibd/shibd.vcproj index 577c0fa..9786387 100644 --- a/shibd/shibd.vcproj +++ b/shibd/shibd.vcproj @@ -19,7 +19,6 @@ OutputDirectory="$(SolutionDir)$(ConfigurationName)" IntermediateDirectory="$(ConfigurationName)" ConfigurationType="1" - InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops" UseOfMFC="0" ATLMinimizesCRunTimeLibraryUsage="false" CharacterSet="2" @@ -38,20 +37,18 @@ /> @@ -108,7 +104,6 @@ OutputDirectory="$(SolutionDir)$(ConfigurationName)" IntermediateDirectory="$(ConfigurationName)" ConfigurationType="1" - InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops" UseOfMFC="0" ATLMinimizesCRunTimeLibraryUsage="false" CharacterSet="2" @@ -127,18 +122,16 @@ /> +#include +#include extern bool shibd_shutdown; // signals shutdown to Unix side extern const char* shar_schemadir; diff --git a/shibsp/ServiceProvider.h b/shibsp/ServiceProvider.h index 4519a21..d4026fe 100644 --- a/shibsp/ServiceProvider.h +++ b/shibsp/ServiceProvider.h @@ -102,12 +102,12 @@ namespace shibsp { virtual xmlsignature::CredentialResolver* getCredentialResolver(const char* id) const=0; /** - * Returns the security policy rules in effect for a Handler instance. + * Returns the security policy rules for an identified policy. * - * @param handler identifies the Handler for which to return the policy rules - * @return array of policy rules + * @param id identifies the policy rules to return, or NULL for the default policy + * @return an array of policy rules */ - virtual std::vector& getPolicyRules(const Handler& handler) const=0; + virtual std::vector& getPolicyRules(const char* id=NULL) const=0; /** * Returns a RequestMapper instance. diff --git a/shibsp/base.h b/shibsp/base.h index 908356d..95ee5bc 100644 --- a/shibsp/base.h +++ b/shibsp/base.h @@ -66,12 +66,12 @@ /** * Default catalog path on Windows. */ -# define SHIBSP_SCHEMAS "/opt/shibboleth-sp/share/xml/xmltooling/catalog.xml;/opt/shibboleth-sp/share/xml/opensaml/saml20-catalog.xml;/opt/shibboleth-sp/share/xml/opensaml/saml11-catalog.xml;/opt/shibboleth-sp/share/xml/shibboleth/catalog.xml" +# define SHIBSP_SCHEMAS "c:\\opt\\shibboleth-sp\\share\\xml\\xmltooling\\catalog.xml;c:\\opt\\shibboleth-sp\\share\\xml\\opensaml\\saml20-catalog.xml;c:\\opt\\shibboleth-sp\\share\\xml\\opensaml\\saml11-catalog.xml;c:\\opt\\shibboleth-sp\\share\\xml\\shibboleth\\catalog.xml" /** * Default path to configuration file on Windows. */ -# define SHIBSP_CONFIG "/opt/shibboleth-sp/etc/shibboleth/shibboleth.xml" +# define SHIBSP_CONFIG "c:\\opt\\shibboleth-sp\\etc\\shibboleth\\shibboleth.xml" #else # include diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp index faa71d7..600c3bd 100644 --- a/shibsp/impl/XMLServiceProvider.cpp +++ b/shibsp/impl/XMLServiceProvider.cpp @@ -249,13 +249,12 @@ namespace { return NULL; } - vector& getPolicyRules(const Handler& handler) const { - pair pid = handler.getString("policyId", "urn:mace:shibboleth:sp:config:2.0"); - if (!pid.first) - pid.second = m_impl->m_policyDefault.c_str(); - if (m_impl->m_policyMap.count(pid.second)) - return m_impl->m_policyMap[pid.second]; - throw ConfigurationException("Security Policy ($1) not found, check element.", params(1,pid.second)); + vector& getPolicyRules(const char* id=NULL) const { + if (!id) + id = m_impl->m_policyDefault.c_str(); + if (m_impl->m_policyMap.count(id)) + return m_impl->m_policyMap[id]; + throw ConfigurationException("Security Policy ($1) not found, check element.", params(1,id)); } protected: @@ -938,27 +937,6 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o } } - // Load the default application. This actually has a fixed ID of "default". ;-) - child=XMLHelper::getLastChildElement(e,Applications); - if (!child) { - log.fatal("can't build default Application object, missing conf:Applications element?"); - throw ConfigurationException("can't build default Application object, missing conf:Applications element?"); - } - XMLApplication* defapp=new XMLApplication(m_outer,child); - m_appmap[defapp->getId()]=defapp; - - // Load any overrides. - child = XMLHelper::getFirstChildElement(child,_Application); - while (child) { - auto_ptr iapp(new XMLApplication(m_outer,child,defapp)); - if (m_appmap.count(iapp->getId())) - log.crit("found conf:Application element with duplicate id attribute (%s), skipping it", iapp->getId()); - else - m_appmap[iapp->getId()]=iapp.release(); - - child = XMLHelper::getNextSiblingElement(child,_Application); - } - // Load security policies. child = XMLHelper::getLastChildElement(e,SecurityPolicies); if (child) { @@ -984,6 +962,27 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o if (!m_policyMap.count(m_policyDefault)) throw ConfigurationException("Default security policy ($1) not found in conf:SecurityPolicies element.", params(1,m_policyDefault.c_str())); } + + // Load the default application. This actually has a fixed ID of "default". ;-) + child=XMLHelper::getLastChildElement(e,Applications); + if (!child) { + log.fatal("can't build default Application object, missing conf:Applications element?"); + throw ConfigurationException("can't build default Application object, missing conf:Applications element?"); + } + XMLApplication* defapp=new XMLApplication(m_outer,child); + m_appmap[defapp->getId()]=defapp; + + // Load any overrides. + child = XMLHelper::getFirstChildElement(child,_Application); + while (child) { + auto_ptr iapp(new XMLApplication(m_outer,child,defapp)); + if (m_appmap.count(iapp->getId())) + log.crit("found conf:Application element with duplicate id attribute (%s), skipping it", iapp->getId()); + else + m_appmap[iapp->getId()]=iapp.release(); + + child = XMLHelper::getNextSiblingElement(child,_Application); + } } catch (exception&) { this->~XMLConfigImpl(); diff --git a/shibsp/shibsp.vcproj b/shibsp/shibsp.vcproj index ccdfea3..fdce281 100644 --- a/shibsp/shibsp.vcproj +++ b/shibsp/shibsp.vcproj @@ -45,7 +45,6 @@ MinimalRebuild="true" BasicRuntimeChecks="3" RuntimeLibrary="3" - UsePrecompiledHeader="0" WarningLevel="3" Detect64BitPortabilityProblems="true" DebugInformationFormat="4" @@ -123,7 +122,6 @@ AdditionalIncludeDirectories=".;..;"..\..\cpp-opensaml1";"..\..\cpp-opensaml2";"..\..\cpp-xmltooling"" PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;WANT_TCP_SHAR" RuntimeLibrary="2" - UsePrecompiledHeader="0" WarningLevel="3" Detect64BitPortabilityProblems="true" DebugInformationFormat="3" diff --git a/shibtest/shibtest.dsp b/shibtest/shibtest.dsp deleted file mode 100644 index ee833a8..0000000 --- a/shibtest/shibtest.dsp +++ /dev/null @@ -1,90 +0,0 @@ -# Microsoft Developer Studio Project File - Name="shibtest" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Console Application" 0x0103 - -CFG=shibtest - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "shibtest.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "shibtest.mak" CFG="shibtest - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "shibtest - Win32 Release" (based on "Win32 (x86) Console Application") -!MESSAGE "shibtest - Win32 Debug" (based on "Win32 (x86) Console Application") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -RSC=rc.exe - -!IF "$(CFG)" == "shibtest - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD CPP /nologo /MD /W3 /GR /GX /O2 /I ".." /I "..\..\..\opensaml\c" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386 -# ADD LINK32 xerces-c_2.lib saml_5.lib /nologo /subsystem:console /machine:I386 /libpath:"..\..\..\opensaml\c\saml\Release" - -!ELSEIF "$(CFG)" == "shibtest - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c -# ADD CPP /nologo /MDd /W3 /Gm /GR /GX /ZI /Od /I ".." /I "..\..\..\opensaml\c" /D "_CONSOLE" /D "WIN32" /D "_DEBUG" /D "_MBCS" /FR /YX /FD /GZ /c -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept -# ADD LINK32 xerces-c_2D.lib saml_5D.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept /libpath:"..\..\..\opensaml\c\saml\Debug" - -!ENDIF - -# Begin Target - -# Name "shibtest - Win32 Release" -# Name "shibtest - Win32 Debug" -# Begin Source File - -SOURCE=..\test\shibtest.cpp -# End Source File -# End Target -# End Project diff --git a/siterefresh/siterefresh.vcproj b/siterefresh/siterefresh.vcproj index 669a06e..47d661d 100644 --- a/siterefresh/siterefresh.vcproj +++ b/siterefresh/siterefresh.vcproj @@ -50,7 +50,6 @@ RuntimeLibrary="2" EnableFunctionLevelLinking="true" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Release/siterefresh.pch" AssemblerListingLocation=".\Release/" ObjectFile=".\Release/" @@ -142,7 +141,6 @@ BasicRuntimeChecks="3" RuntimeLibrary="3" RuntimeTypeInfo="true" - UsePrecompiledHeader="0" PrecompiledHeaderFile=".\Debug/siterefresh.pch" AssemblerListingLocation=".\Debug/" ObjectFile=".\Debug/" diff --git a/test/Makefile.am b/test/Makefile.am deleted file mode 100644 index a5346a3..0000000 --- a/test/Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ -## $Id$ - -AUTOMAKE_OPTIONS = foreign - -bin_PROGRAMS = shibtest - -shibtest_SOURCES = shibtest.cpp - -shibtest_LDADD = $(top_builddir)/shib/libshib.la \ - $(top_builddir)/shib-target/libshib-target.la diff --git a/test/shibtest.cpp b/test/shibtest.cpp deleted file mode 100644 index 19b343e..0000000 --- a/test/shibtest.cpp +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifdef WIN32 -# define _CRT_NONSTDC_NO_DEPRECATE 1 -# define _CRT_SECURE_NO_DEPRECATE 1 -#endif - -#include -#include -#include - -using namespace shibsp; -using namespace shibtarget; -using namespace opensaml::saml2md; -using namespace saml; -using namespace std; - -int main(int argc,char* argv[]) -{ - char* h_param=NULL; - char* q_param=NULL; - char* f_param=NULL; - char* a_param=NULL; - char* path=NULL; - char* config=NULL; - - for (int i=1; i -q [-f -a -d -c ]" << endl; - exit(0); - } - - if (!path) - path=getenv("SHIBSCHEMAS"); - if (!path) - path=SHIB_SCHEMAS; - if (!config) - config=getenv("SHIBCONFIG"); - if (!config) - config=SHIB_CONFIG; - if (!a_param) - a_param="default"; - - ShibTargetConfig& conf=ShibTargetConfig::getConfig(); - SPConfig::getConfig().setFeatures( - SPConfig::Metadata | - SPConfig::Trust | - SPConfig::Credentials | - SPConfig::AttributeResolver | - SPConfig::OutOfProcess | - SPConfig::Caching - ); - if (!conf.init(path) || !conf.load(config)) - return -10; - - ServiceProvider* sp=SPConfig::getConfig().getServiceProvider(); - xmltooling::Locker locker(sp); - - try { - const IApplication* app=dynamic_cast(sp->getApplication(a_param)); - if (!app) - throw SAMLException("specified section not found in configuration"); - - auto_ptr_XMLCh domain(q_param); - auto_ptr_XMLCh handle(h_param); - auto_ptr_XMLCh format(f_param); - auto_ptr_XMLCh resource(app->getString("providerId").second); - - auto_ptr req( - new SAMLRequest( - new SAMLAttributeQuery( - new SAMLSubject( - new SAMLNameIdentifier( - handle.get(), - domain.get(), - format.get() ? format.get() : shibspconstants::SHIB1_NAMEID_FORMAT_URI - ) - ), - resource.get() - ) - ) - ); - - MetadataProvider* m=app->getMetadataProvider(); - xmltooling::Locker locker(m); - const EntityDescriptor* site=m->getEntityDescriptor(domain.get()); - if (!site) - throw MetadataException("Unable to locate specified origin site's metadata."); - - // Try to locate an AA role. - const AttributeAuthorityDescriptor* AA=site->getAttributeAuthorityDescriptor(saml::XML::SAML11_PROTOCOL_ENUM); - if (!AA) - throw MetadataException("Unable to locate metadata for origin site's Attribute Authority."); - - ShibHTTPHook::ShibHTTPHookCallContext ctx(app->getCredentialUse(site),AA); - - SAMLResponse* response=NULL; - const vector& endpoints=AA->getAttributeServices(); - for (vector::const_iterator ep=endpoints.begin(); !response && ep!=endpoints.end(); ++ep) { - try { - // Get a binding object for this protocol. - const SAMLBinding* binding = app->getBinding((*ep)->getBinding()); - if (!binding) { - continue; - } - response=binding->send((*ep)->getLocation(), *(req.get()), &ctx); - } - catch (exception&) { - } - } - - if (!response) - throw opensaml::BindingException("unable to successfully query for attributes"); - - Iterator i=response->getAssertions(); - if (i.hasNext()) - { - SAMLAssertion* a=i.next(); - cout << "Issuer: "; xmlout(cout,a->getIssuer()); cout << endl; - const SAMLDateTime* exp=a->getNotOnOrAfter(); - cout << "Expires: "; - if (exp) - xmlout(cout,exp->getRawData()); - else - cout << "None"; - cout << endl; - - Iterator j=a->getStatements(); - if (j.hasNext()) - { - SAMLAttributeStatement* s=dynamic_cast(j.next()); - if (s) - { - const SAMLNameIdentifier* sub=s->getSubject()->getNameIdentifier(); - cout << "Format: "; xmlout(cout,sub->getFormat()); cout << endl; - cout << "Domain: "; xmlout(cout,sub->getNameQualifier()); cout << endl; - cout << "Handle: "; xmlout(cout,sub->getName()); cout << endl; - - Iterator attrs=s->getAttributes(); - while (attrs.hasNext()) - { - SAMLAttribute* attr=attrs.next(); - cout << "Attribute Name: "; xmlout(cout,attr->getName()); cout << endl; - Iterator vals=attr->getValues(); - while (vals.hasNext()) - { - cout << "Attribute Value: "; - xmlout(cout,vals.next()); - cout << endl; - } - } - } - } - } - } - catch(exception& e) - { - cerr << "caught an exception: " << e.what() << endl; - } - - conf.shutdown(); - return 0; -} diff --git a/util/.gitignore b/util/.gitignore new file mode 100644 index 0000000..994c81d --- /dev/null +++ b/util/.gitignore @@ -0,0 +1,2 @@ +/Debug +/*.user diff --git a/util/Makefile.am b/util/Makefile.am new file mode 100644 index 0000000..9f76927 --- /dev/null +++ b/util/Makefile.am @@ -0,0 +1,10 @@ +## $Id$ + +AUTOMAKE_OPTIONS = foreign + +bin_PROGRAMS = samlquery + +shibtest_SOURCES = samlquery.cpp + +shibtest_LDADD = \ + $(top_builddir)/shibsp/libshibsp.la diff --git a/util/samlquery.cpp b/util/samlquery.cpp new file mode 100644 index 0000000..1d1bd74 --- /dev/null +++ b/util/samlquery.cpp @@ -0,0 +1,257 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * samlquery.cpp + * + * SAML Attribute Query tool layered on SP configuration + */ + +#if defined (_MSC_VER) || defined(__BORLANDC__) +# include "config_win32.h" +#else +# include "config.h" +#endif + +#ifdef WIN32 +# define _CRT_NONSTDC_NO_DEPRECATE 1 +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace shibsp; +using namespace opensaml::saml1; +using namespace opensaml::saml1p; +using namespace opensaml::saml2; +using namespace opensaml::saml2p; +using namespace opensaml::saml2md; +using namespace opensaml; +using namespace xmltooling; +using namespace std; + +enum samlversion { + v10, v11, v20 +}; + +int main(int argc,char* argv[]) +{ + char* n_param=NULL; + char* q_param=NULL; + char* f_param=NULL; + char* a_param=NULL; + char* path=NULL; + char* config=NULL; + + for (int i=1; i -q [-f -a ]" << endl; + exit(0); + } + + path=getenv("SHIBSP_SCHEMAS"); + if (!path) + path=SHIBSP_SCHEMAS; + config=getenv("SHIBSP_CONFIG"); + if (!config) + config=SHIBSP_CONFIG; + if (!a_param) + a_param="default"; + + SPConfig& conf=SPConfig::getConfig(); + conf.setFeatures( + SPConfig::Metadata | + SPConfig::Trust | + SPConfig::Credentials | + SPConfig::AttributeResolver | + SPConfig::OutOfProcess | + SPConfig::Caching + ); + if (!conf.init(path)) + return -10; + + try { + static const XMLCh path[] = UNICODE_LITERAL_4(p,a,t,h); + static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e); + DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument(); + XercesJanitor docjanitor(dummydoc); + DOMElement* dummy = dummydoc->createElementNS(NULL,path); + auto_ptr_XMLCh src(config); + dummy->setAttributeNS(NULL,path,src.get()); + dummy->setAttributeNS(NULL,validate,xmlconstants::XML_ONE); + + conf.setServiceProvider(conf.ServiceProviderManager.newPlugin(XML_SERVICE_PROVIDER,dummy)); + conf.getServiceProvider()->init(); + } + catch (exception&) { + conf.term(); + return -20; + } + + ServiceProvider* sp=conf.getServiceProvider(); + xmltooling::Locker locker(sp); + + try { + const Application* app=sp->getApplication(a_param); + if (!app) + throw ConfigurationException("Application ($1) not found in configuration.", params(1,a_param)); + + auto_ptr_XMLCh domain(q_param); + auto_ptr_XMLCh name(n_param); + auto_ptr_XMLCh format(f_param); + auto_ptr_XMLCh issuer(app->getString("providerId").second); + + MetadataProvider* m=app->getMetadataProvider(); + xmltooling::Locker mlocker(m); + const EntityDescriptor* site=m->getEntityDescriptor(domain.get()); + if (!site) + throw MetadataException("Unable to locate metadata for IdP ($1).", params(1,q_param)); + + // Try to locate an AA role. + samlversion ver; + const AttributeAuthorityDescriptor* AA=NULL; + if (AA=site->getAttributeAuthorityDescriptor(samlconstants::SAML20P_NS)) + ver = v20; + else if (AA=site->getAttributeAuthorityDescriptor(samlconstants::SAML11_PROTOCOL_ENUM)) + ver = v11; + else if (AA=site->getAttributeAuthorityDescriptor(samlconstants::SAML10_PROTOCOL_ENUM)) + ver = v10; + else + throw MetadataException("No AttributeAuthority role found in metadata."); + + QName role(samlconstants::SAML20P_NS, AttributeAuthorityDescriptor::LOCAL_NAME); + SecurityPolicy policy(sp->getPolicyRules(), m, &role, app->getTrustEngine()); + + if (ver == v20) { + auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP); + SAML2SOAPClient soaper(policy,true); + opensaml::saml2p::StatusResponseType* srt=NULL; + const vector& endpoints=AA->getAttributeServices(); + for (vector::const_iterator ep=endpoints.begin(); !srt && ep!=endpoints.end(); ++ep) { + try { + if (!XMLString::equals((*ep)->getBinding(),binding.get())) + continue; + auto_ptr_char loc((*ep)->getLocation()); + NameID* nameid = NameIDBuilder::buildNameID(); + Issuer* iss = IssuerBuilder::buildIssuer(); + opensaml::saml2::Subject* subject = opensaml::saml2::SubjectBuilder::buildSubject(); + opensaml::saml2p::AttributeQuery* query = opensaml::saml2p::AttributeQueryBuilder::buildAttributeQuery(); + nameid->setName(name.get()); + nameid->setFormat(format.get() ? format.get() : NameID::TRANSIENT); + nameid->setNameQualifier(domain.get()); + iss->setName(issuer.get()); + subject->setNameID(nameid); + query->setSubject(subject); + query->setIssuer(iss); + auto_ptr wrapper(query); + soaper.sendSAML(query, *AA, loc.get()); + wrapper.release(); // freed by SOAP client + srt = soaper.receiveSAML(); + } + catch (exception& ex) { + cerr << ex.what() << endl; + soaper.reset(); + } + } + + if (!srt) + throw BindingException("Unable to successfully query for attributes."); + const opensaml::saml2p::Response* response = dynamic_cast(srt); + + const vector& assertions = response->getAssertions(); + if (assertions.size()) + cout << *assertions.front(); + else + cout << "No assertions found."; + + delete response; + } + else { + auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP); + SAML1SOAPClient soaper(policy,true); + const opensaml::saml1p::Response* response=NULL; + const vector& endpoints=AA->getAttributeServices(); + for (vector::const_iterator ep=endpoints.begin(); !response && ep!=endpoints.end(); ++ep) { + try { + if (!XMLString::equals((*ep)->getBinding(),binding.get())) + continue; + auto_ptr_char loc((*ep)->getLocation()); + NameIdentifier* nameid = NameIdentifierBuilder::buildNameIdentifier(); + opensaml::saml1::Subject* subject = opensaml::saml1::SubjectBuilder::buildSubject(); + opensaml::saml1p::AttributeQuery* query = opensaml::saml1p::AttributeQueryBuilder::buildAttributeQuery(); + Request* request = RequestBuilder::buildRequest(); + nameid->setName(name.get()); + nameid->setFormat(format.get() ? format.get() : shibspconstants::SHIB1_NAMEID_FORMAT_URI); + nameid->setNameQualifier(domain.get()); + subject->setNameIdentifier(nameid); + query->setSubject(subject); + query->setResource(issuer.get()); + request->setMinorVersion(ver==v11 ? 1 : 0); + auto_ptr wrapper(request); + soaper.sendSAML(request, *AA, loc.get()); + wrapper.release(); // freed by SOAP client + response = soaper.receiveSAML(); + } + catch (exception& ex) { + cerr << ex.what() << endl; + soaper.reset(); + } + } + + if (!response) + throw BindingException("Unable to successfully query for attributes."); + + const vector& assertions = response->getAssertions(); + if (assertions.size()) + cout << *assertions.front(); + else + cout << "No assertions found."; + + delete const_cast(response); + } + } + catch(exception& ex) { + cerr << ex.what() << endl; + } + + conf.term(); + return 0; +} diff --git a/shibtest/shibtest.vcproj b/util/samlquery.vcproj similarity index 68% rename from shibtest/shibtest.vcproj rename to util/samlquery.vcproj index e958ed1..0dbaf19 100644 --- a/shibtest/shibtest.vcproj +++ b/util/samlquery.vcproj @@ -1,215 +1,200 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- 2.1.4