string m_scheme,m_port,m_sslport,m_name;
set<string> m_aliases;
};
+
+ struct context_t {
+ char* m_user;
+ bool m_checked;
+ };
HINSTANCE g_hinstDLL;
SPConfig* g_Config = NULL;
return TRUE;
}
- LPCSTR schemadir=getenv("SHIBSP_SCHEMAS");
- if (!schemadir)
- schemadir=SHIBSP_SCHEMAS;
- LPCSTR config=getenv("SHIBSP_CONFIG");
- if (!config)
- config=SHIBSP_CONFIG;
g_Config=&SPConfig::getConfig();
g_Config->setFeatures(
SPConfig::Listener |
SPConfig::Logging |
SPConfig::Handlers
);
- if (!g_Config->init(schemadir)) {
+ if (!g_Config->init()) {
g_Config=NULL;
LogEvent(NULL, EVENTLOG_ERROR_TYPE, 2100, NULL,
"Filter startup failed during library initialization, check native log for help.");
return FALSE;
}
+ LPCSTR config=getenv("SHIBSP_CONFIG");
+ if (!config)
+ config=SHIBSP_CONFIG;
+
try {
DOMDocument* dummydoc=XMLToolingConfig::getConfig().getParser().newDocument();
XercesJanitor<DOMDocument> docjanitor(dummydoc);
public:
ShibTargetIsapiF(PHTTP_FILTER_CONTEXT pfc, PHTTP_FILTER_PREPROC_HEADERS pn, const site_t& site)
- : m_pfc(pfc), m_pn(pn), m_allhttp(4096) {
+ : AbstractSPRequest(SHIBSP_LOGCAT".ISAPI"), m_pfc(pfc), m_pn(pn), m_allhttp(4096) {
// URL path always come from IIS.
dynabuf var(256);
m_hostname = var;
if (site.m_name!=m_hostname && site.m_aliases.find(m_hostname)==site.m_aliases.end())
m_hostname=site.m_name;
+
+ if (!pfc->pFilterContext) {
+ pfc->pFilterContext = pfc->AllocMem(pfc, sizeof(context_t), NULL);
+ if (static_cast<context_t*>(pfc->pFilterContext)) {
+ static_cast<context_t*>(pfc->pFilterContext)->m_user = NULL;
+ static_cast<context_t*>(pfc->pFilterContext)->m_checked = false;
+ }
+ }
}
~ShibTargetIsapiF() { }
LogEvent(NULL, EVENTLOG_ERROR_TYPE, 2100, NULL, msg.c_str());
}
void clearHeader(const char* rawname, const char* cginame) {
- if (g_checkSpoofing) {
+ if (g_checkSpoofing && m_pfc->pFilterContext && !static_cast<context_t*>(m_pfc->pFilterContext)->m_checked) {
if (m_allhttp.empty())
GetServerVariable(m_pfc,"ALL_HTTP",m_allhttp,4096);
if (strstr(m_allhttp, cginame))
}
void setRemoteUser(const char* user) {
setHeader("remote-user", user);
+ if (m_pfc->pFilterContext) {
+ if (!user || !*user)
+ static_cast<context_t*>(m_pfc->pFilterContext)->m_user = NULL;
+ else if (static_cast<context_t*>(m_pfc->pFilterContext)->m_user = (char*)m_pfc->AllocMem(m_pfc, sizeof(char) * (strlen(user) + 1), NULL))
+ strcpy(static_cast<context_t*>(m_pfc->pFilterContext)->m_user, user);
+ }
}
string getRemoteUser() const {
return getHeader("remote-user");
if (notificationType==SF_NOTIFY_LOG)
{
if (pfc->pFilterContext)
- ((PHTTP_FILTER_LOG)pvNotification)->pszClientUserName=static_cast<LPCSTR>(pfc->pFilterContext);
+ ((PHTTP_FILTER_LOG)pvNotification)->pszClientUserName=static_cast<context_t*>(pfc->pFilterContext)->m_user;
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
// "false" because we don't override the Shib settings
pair<bool,long> res = stf.getServiceProvider().doAuthentication(stf);
+ if (pfc->pFilterContext)
+ static_cast<context_t*>(pfc->pFilterContext)->m_checked = true;
if (res.first) return res.second;
// "false" because we don't override the Shib settings
mutable string m_remote_addr,m_remote_user;
public:
- ShibTargetIsapiE(LPEXTENSION_CONTROL_BLOCK lpECB, const site_t& site) : m_lpECB(lpECB), m_gotBody(false) {
+ ShibTargetIsapiE(LPEXTENSION_CONTROL_BLOCK lpECB, const site_t& site)
+ : AbstractSPRequest(SHIBSP_LOGCAT".ISAPI"), m_lpECB(lpECB), m_gotBody(false) {
dynabuf ssl(5);
GetServerVariable(lpECB,"HTTPS",ssl,5);
bool SSL=(ssl=="on" || ssl=="ON");
// Match site instance to host name, skip if no match.
map<string,site_t>::const_iterator map_i=g_Sites.find(static_cast<char*>(buf));
if (map_i==g_Sites.end())
- return WriteClientError(lpECB, "Shibboleth Extension not configured for this web site.");
+ return WriteClientError(lpECB, "Shibboleth Extension not configured for web site (check <ISAPI> mappings in configuration).");
ShibTargetIsapiE ste(lpECB, map_i->second);
pair<bool,long> res = ste.getServiceProvider().doHandler(ste);