From ce7abd70f1a7b6d8bf02ff4a23f2e57f2b18fff7 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Wed, 4 Nov 2009 15:13:53 +0000 Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-255 --- configure.ac | 14 ++++++++++++++ schemas/shibboleth-2.0-native-sp-config.xsd | 1 + shibsp/handler/impl/AbstractHandler.cpp | 2 ++ shibsp/impl/XMLServiceProvider.cpp | 21 ++++++++++++++++++++- 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 32b5c4d..7265638 100644 --- a/configure.ac +++ b/configure.ac @@ -258,6 +258,20 @@ LITE_LIBS="-lxmltooling-lite" XMLSEC_LIBS="-lxmltooling" AC_CHECK_HEADER([xmltooling/base.h],, AC_MSG_ERROR([unable to find xmltooling header files])) + + +# save and append master libs +save_LIBS="$LIBS" +LIBS="$XMLSEC_LIBS $LIBS" + +AC_TRY_LINK( + [#include ], + [xmltooling::HTTPResponse::sanitizeURL("http://test")], + [AC_DEFINE(HAVE_XMLTOOLING,1,[Define if xmltooling library was found])], + [AC_MSG_ERROR([unable to link with XMLTooling, or version was too old])]) + +# restore master libs +LIBS="$save_LIBS" # Establish location of xmltooling catalog. XMLTOOLINGXMLDIR="" diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd index 1e766d8..7b54585 100644 --- a/schemas/shibboleth-2.0-native-sp-config.xsd +++ b/schemas/shibboleth-2.0-native-sp-config.xsd @@ -88,6 +88,7 @@ + diff --git a/shibsp/handler/impl/AbstractHandler.cpp b/shibsp/handler/impl/AbstractHandler.cpp index dab28d8..d1c8d58 100644 --- a/shibsp/handler/impl/AbstractHandler.cpp +++ b/shibsp/handler/impl/AbstractHandler.cpp @@ -589,6 +589,8 @@ long AbstractHandler::sendPostResponse( const Application& application, HTTPResponse& httpResponse, const char* url, DDF& postData ) const { + HTTPResponse::sanitizeURL(url); + const PropertySet* props=application.getPropertySet("Sessions"); pair postTemplate = props->getString("postTemplate"); if (!postTemplate.first) diff --git a/shibsp/impl/XMLServiceProvider.cpp b/shibsp/impl/XMLServiceProvider.cpp index 79c62ed..ae94a16 100644 --- a/shibsp/impl/XMLServiceProvider.cpp +++ b/shibsp/impl/XMLServiceProvider.cpp @@ -69,6 +69,7 @@ # include # include # include +# include # include # include # include @@ -116,7 +117,11 @@ namespace { index = props->getInt("artifactEndpointIndex"); if (!index.first) index = getArtifactEndpointIndex(); - return new SAML2ArtifactType0004(SAMLConfig::getConfig().hashSHA1(props->getString("entityID").second),index.first ? index.second : 1); + pair entityID = props->getString("entityID"); + return new SAML2ArtifactType0004( + SecurityHelper::doHash("SHA1", entityID.second, strlen(entityID.second), false), + index.first ? index.second : 1 + ); } MetadataProvider* getMetadataProvider(bool required=true) const { @@ -1318,6 +1323,20 @@ XMLConfigImpl::XMLConfigImpl(const DOMElement* e, bool first, const XMLConfig* o if (unsafe.first) TemplateEngine::unsafe_chars = unsafe.second; + unsafe = getString("allowedSchemes"); + if (unsafe.first) { + HTTPResponse::getAllowedSchemes().clear(); + string schemes=unsafe.second; + unsigned int j_sch=0; + for (unsigned int i_sch=0; i_sch < schemes.length(); i_sch++) { + if (schemes.at(i_sch)==' ') { + HTTPResponse::getAllowedSchemes().push_back(schemes.substr(j_sch, i_sch-j_sch)); + j_sch = i_sch + 1; + } + } + HTTPResponse::getAllowedSchemes().push_back(schemes.substr(j_sch, schemes.length()-j_sch)); + } + // Extensions doExtensions(e, "global", log); if (conf.isEnabled(SPConfig::OutOfProcess)) -- 2.1.4