- m_hash=getId();\r
- m_hash+=getString("entityID").second;\r
- // TODO: some kind of non-hash method\r
- //m_hash=samlConf.hashSHA1(m_hash.c_str(), true);\r
-\r
- pair<bool,const char*> attributes = getString("REMOTE_USER");\r
- if (attributes.first) {\r
- char* dup = strdup(attributes.second);\r
- char* pos;\r
- char* start = dup;\r
- while (start && *start) {\r
- while (*start && isspace(*start))\r
- start++;\r
- if (!*start)\r
- break;\r
- pos = strchr(start,' ');\r
- if (pos)\r
- *pos=0;\r
- m_attributeIds.insert(start);\r
- start = pos ? pos+1 : NULL;\r
+ // This used to be an actual hash, but now it's just a hex-encode to avoid xmlsec.\r
+ static char DIGITS[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};\r
+ string tohash=getId();\r
+ tohash+=getString("entityID").second;\r
+ for (const char* ch = tohash.c_str(); *ch; ++ch) {\r
+ m_hash += (DIGITS[((unsigned char)(0xF0 & *ch)) >> 4 ]);\r
+ m_hash += (DIGITS[0x0F & *ch]);\r
+ }\r
+\r
+ // Load attribute ID lists for REMOTE_USER and header clearing.\r
+ if (conf.isEnabled(SPConfig::InProcess)) {\r
+ pair<bool,const char*> attributes = getString("REMOTE_USER");\r
+ if (attributes.first) {\r
+ char* dup = strdup(attributes.second);\r
+ char* pos;\r
+ char* start = dup;\r
+ while (start && *start) {\r
+ while (*start && isspace(*start))\r
+ start++;\r
+ if (!*start)\r
+ break;\r
+ pos = strchr(start,' ');\r
+ if (pos)\r
+ *pos=0;\r
+ m_remoteUsers.insert(start);\r
+ start = pos ? pos+1 : NULL;\r
+ }\r
+ free(dup);\r
+ }\r
+\r
+ attributes = getString("unsetHeaders");\r
+ if (attributes.first) {\r
+ char* dup = strdup(attributes.second);\r
+ char* pos;\r
+ char* start = dup;\r
+ while (start && *start) {\r
+ while (*start && isspace(*start))\r
+ start++;\r
+ if (!*start)\r
+ break;\r
+ pos = strchr(start,' ');\r
+ if (pos)\r
+ *pos=0;\r
+ m_unsetHeaders.push_back(start);\r
+ start = pos ? pos+1 : NULL;\r
+ }\r
+ free(dup);\r
+ m_unsetHeaders.push_back("Shib-Application-ID");\r