Small improvement to detect bad shireURL settings.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1117 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp
index 91e3950..002d845 100644 (file)
--- a/apache/mod_apache.cpp
+++ b/apache/mod_apache.cpp
@@ -221,8 +221,15 @@ extern "C" int shib_check_user(request_rec* r)
     // Declare SHIRE object for this request.
     SHIRE shire(application);
     
+    const char* shireURL=shire.getShireURL(targeturl);
+    if (!shireURL) {
+        ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r),
+           "shib_check_user: unable to map request to proper shireURL setting, check configuration");
+        return SERVER_ERROR;
+    }
+    
     // Get location of this application's assertion consumer service and see if this is it.
-    if (strstr(targeturl,shire.getShireURL(targeturl))) {
+    if (strstr(targeturl,shireURL)) {
         return shib_handler(r,application,shire);
     }
 
@@ -564,8 +571,15 @@ int shib_handler(request_rec* r, const IApplication* application, SHIRE& shire)
 
     const char* targeturl=shib_get_targeturl(r,sc->szScheme);
 
+    const char* shireURL=shire.getShireURL(targeturl);
+    if (!shireURL) {
+        ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r),
+           "shib_post_handler: unable to map request to proper shireURL setting, check configuration");
+        return SERVER_ERROR;
+    }
+
     // Make sure we only process the SHIRE requests.
-    if (!strstr(targeturl,shire.getShireURL(targeturl)))
+    if (!strstr(targeturl,shireURL))
         return DECLINED;
 
     ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_handler() running");

diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp
index 580eabc..28221cc 100644 (file)
--- a/isapi_shib/isapi_shib.cpp
+++ b/isapi_shib/isapi_shib.cpp
@@ -467,9 +467,13 @@ extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificat
         
         // Declare SHIRE object for this request.
         SHIRE shire(application);
+        
+        const char* shireURL=shire.getShireURL(targeturl.c_str());
+        if (!shireURL)
+            return WriteClientError(pfc,"Unable to map request to proper shireURL setting, check configuration.");
 
         // If the user is accessing the SHIRE acceptance point, pass it on.
-        if (targeturl.find(shire.getShireURL(targeturl.c_str()))!=string::npos)
+        if (targeturl.find(shireURL)!=string::npos)
             return SF_STATUS_REQ_NEXT_NOTIFICATION;
 
         // Now check the policy for this request.
@@ -862,9 +866,13 @@ extern "C" DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB)
             return WriteClientError(lpECB,"Unable to map request to application session settings, check configuration.");
 
         SHIRE shire(application);
+        
+        const char* shireURL=shire.getShireURL(targeturl.c_str());
+        if (!shireURL)
+            return WriteClientError(lpECB,"Unable to map request to proper shireURL setting, check configuration.");
 
         // Make sure we only process the SHIRE requests.
-        if (!strstr(targeturl.c_str(),shire.getShireURL(targeturl.c_str())))
+        if (!strstr(targeturl.c_str(),shireURL))
             return WriteClientError(lpECB,"The request's application and associated shireURL setting are inconsistent.");;
 
         pair<const char*,const char*> shib_cookie=shire.getCookieNameProps();

diff --git a/shib-target/shib-shire.cpp b/shib-target/shib-shire.cpp
index cd9cabc..52d8e9f 100644 (file)
--- a/shib-target/shib-shire.cpp
+++ b/shib-target/shib-shire.cpp
@@ -269,7 +269,7 @@ const char* SHIRE::getShireURL(const char* resource) const
     }
     
     // Should never happen...
-    if (!shire)
+    if (!shire || (*shire!='/' && strncmp(shire,"http:",5) && strncmp(shire,"https:",6)))
         return NULL;
 
     // The "shireURL" property can be in one of three formats: