From: cantor Date: Fri, 23 Apr 2004 17:45:04 +0000 (+0000) Subject: Factor out some of the cookie name handling. X-Git-Tag: 2.4~1833 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=368ebbdd35d790bb4caa9ba6c23cb5e15619c4f9 Factor out some of the cookie name handling. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@1045 cb58f699-b61c-0410-a6fe-9272a202ed29 --- diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index 74a7c75..ddf5791 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -43,7 +43,7 @@ using namespace shibboleth; using namespace shibtarget; extern "C" module MODULE_VAR_EXPORT mod_shib; -int shib_handler(request_rec* r, const IApplication* application, const IPropertySet* sessionProps, SHIRE& shire); +int shib_handler(request_rec* r, const IApplication* application, SHIRE& shire); namespace { char* g_szSHIBConfig = NULL; @@ -155,10 +155,9 @@ extern "C" int shib_check_user(request_rec* r) ); pair application_id=settings.first->getString("applicationId"); const IApplication* application=conf->getApplication(application_id.second); - const IPropertySet* sessionProps=application ? application->getPropertySet("Sessions") : NULL; - if (!application || !sessionProps) { + if (!application) { ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r), - "shib_check_user: unable to map request to application session settings, check configuration"); + "shib_check_user: unable to map request to application settings, check configuration"); return SERVER_ERROR; } @@ -167,7 +166,7 @@ extern "C" int shib_check_user(request_rec* r) // Get location of this application's assertion consumer service and see if this is it. if (strstr(targeturl,shire.getShireURL(targeturl))) { - return shib_handler(r,application,sessionProps,shire); + return shib_handler(r,application,shire); } // We can short circuit the handler if we run this... @@ -196,13 +195,7 @@ extern "C" int shib_check_user(request_rec* r) ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_check_user: session check for %s",targeturl); - pair shib_cookie=sessionProps->getString("cookieName"); - if (!shib_cookie.first) { - ap_log_rerror(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(r), - "shib_check_user: no cookieName set for %s", - application_id.second); - return SERVER_ERROR; - } + pair shib_cookie=shire.getCookieNameProps(); // always returns *something* // We're in charge, so check for cookie. const char* session_id=NULL; @@ -210,9 +203,9 @@ extern "C" int shib_check_user(request_rec* r) if (cookies) { ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_check_user: cookies found: %s",cookies); - if (session_id=strstr(cookies,shib_cookie.second)) { + if (session_id=strstr(cookies,shib_cookie.first)) { // Yep, we found a cookie -- pull it out (our session_id) - session_id+=strlen(shib_cookie.second) + 1; /* Skip over the '=' */ + session_id+=strlen(shib_cookie.first) + 1; /* Skip over the '=' */ char* cookiebuf = ap_pstrdup(r->pool,session_id); char* cookieend = strchr(cookiebuf,';'); if (cookieend) @@ -494,20 +487,19 @@ extern "C" int shib_post_handler(request_rec* r) ); pair application_id=settings.first->getString("applicationId"); const IApplication* application=conf->getApplication(application_id.second); - const IPropertySet* sessionProps=application ? application->getPropertySet("Sessions") : NULL; - if (!application || !sessionProps) { + if (!application) { ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r), - "shib_post_handler: unable to map request to application session settings, check configuration"); + "shib_post_handler: unable to map request to application settings, check configuration"); return SERVER_ERROR; } // Declare SHIRE object for this request. SHIRE shire(application); - return shib_handler(r, application, sessionProps, shire); + return shib_handler(r, application, shire); } -int shib_handler(request_rec* r, const IApplication* application, const IPropertySet* sessionProps, SHIRE& shire) +int shib_handler(request_rec* r, const IApplication* application, SHIRE& shire) { // Prime the pump... const char* targeturl = ap_construct_url(r->pool,r->unparsed_uri,r); @@ -518,14 +510,15 @@ int shib_handler(request_rec* r, const IApplication* application, const IPropert ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_handler() running"); - pair shib_cookie=sessionProps->getString("cookieName"); - pair shib_cookie_props=sessionProps->getString("cookieProps"); - if (!shib_cookie.first) { - ap_log_rerror(APLOG_MARK,APLOG_CRIT|APLOG_NOERRNO,SH_AP_R(r), - "shib_handler: no cookieName set for %s", application->getId()); + const IPropertySet* sessionProps=application->getPropertySet("Sessions"); + if (!sessionProps) { + ap_log_rerror(APLOG_MARK,APLOG_ERR|APLOG_NOERRNO,SH_AP_R(r), + "shib_post_handler: unable to map request to application session settings, check configuration"); return SERVER_ERROR; } + pair shib_cookie=shire.getCookieNameProps(); // always returns something + ShibMLP markupProcessor; markupProcessor.insert("requestURL", targeturl); @@ -616,8 +609,7 @@ int shib_handler(request_rec* r, const IApplication* application, const IPropert "shib_handler() POST process succeeded. New session: %s", cookie.c_str()); // We've got a good session, set the cookie... - char* val = ap_psprintf(r->pool,"%s=%s%s",shib_cookie.second,cookie.c_str(), - shib_cookie_props.first ? shib_cookie_props.second : "; path=/"); + char* val = ap_psprintf(r->pool,"%s=%s%s",shib_cookie.first,cookie.c_str(),shib_cookie.second); ap_table_setn(r->err_headers_out, "Set-Cookie", val); ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r), "shib_handler() setting cookie: %s", val); diff --git a/isapi_shib/isapi_shib.cpp b/isapi_shib/isapi_shib.cpp index ab4394a..c18fb6c 100644 --- a/isapi_shib/isapi_shib.cpp +++ b/isapi_shib/isapi_shib.cpp @@ -433,9 +433,8 @@ extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificat IRequestMapper::Settings settings=map_request(pfc,pn,mapper,site.c_str(),targeturl); pair application_id=settings.first->getString("applicationId"); const IApplication* application=conf->getApplication(application_id.second); - const IPropertySet* sessionProps=application ? application->getPropertySet("Sessions") : NULL; - if (!application || !sessionProps) - return WriteClientError(pfc,"Unable to map request to application session settings, check configuration."); + if (!application) + return WriteClientError(pfc,"Unable to map request to application settings, check configuration."); // Declare SHIRE object for this request. SHIRE shire(application); @@ -446,16 +445,14 @@ extern "C" DWORD WINAPI HttpFilterProc(PHTTP_FILTER_CONTEXT pfc, DWORD notificat // Now check the policy for this request. pair requireSession=settings.first->getBool("requireSession"); - pair shib_cookie=sessionProps->getString("cookieName"); - if (!shib_cookie.first) - return WriteClientError(pfc,"No session cookie name defined for this application, check configuration."); + pair shib_cookie=shire.getCookieNameProps(); // Check for session cookie. const char* session_id=NULL; GetHeader(pn,pfc,"Cookie:",buf,128,false); Category::getInstance("isapi_shib.HttpFilterProc").debug("cookie header is {%s}",(const char*)buf); - if (!buf.empty() && (session_id=strstr(buf,shib_cookie.second))) { - session_id+=strlen(shib_cookie.second) + 1; /* Skip over the '=' */ + if (!buf.empty() && (session_id=strstr(buf,shib_cookie.first))) { + session_id+=strlen(shib_cookie.first) + 1; /* Skip over the '=' */ char* cookieend=strchr(session_id,';'); if (cookieend) *cookieend = '\0'; /* Ignore anyting after a ; */ @@ -829,10 +826,7 @@ extern "C" DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB) if (!strstr(targeturl.c_str(),shire.getShireURL(targeturl.c_str()))) return WriteClientError(lpECB,"The request's application and associated shireURL setting are inconsistent.");; - pair shib_cookie=sessionProps->getString("cookieName"); - pair shib_cookie_props=sessionProps->getString("cookieProps"); - if (!shib_cookie.first) - return WriteClientError(lpECB,"No session cookie name defined for this application, check configuration."); + pair shib_cookie=shire.getCookieNameProps(); // Make sure this is SSL, if it should be pair shireSSL=sessionProps->getBool("shireSSL"); @@ -940,8 +934,7 @@ extern "C" DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB) delete status; // We've got a good session, set the cookie and redirect to target. - cookie = string("Set-Cookie: ") + shib_cookie.second + '=' + cookie + - (shib_cookie_props.first ? shib_cookie_props.second : "; path=/") + "\r\n" + cookie = string("Set-Cookie: ") + shib_cookie.first + '=' + cookie + shib_cookie.second + "\r\n" "Location: " + elements.second + "\r\n" "Expires: 01-Jan-1997 12:00:00 GMT\r\n" "Cache-Control: private,no-store,no-cache\r\n" diff --git a/shib-target/shib-shire.cpp b/shib-target/shib-shire.cpp index 2dbbe28..37869d4 100644 --- a/shib-target/shib-shire.cpp +++ b/shib-target/shib-shire.cpp @@ -225,7 +225,33 @@ SHIRE::~SHIRE() delete m_parser; } -const char* SHIRE::getShireURL(const char* resource) +pair SHIRE::getCookieNameProps() const +{ + static const char* defProps="; path=/"; + static const char* defName="_shibsession_"; + + const IPropertySet* props=m_app->getPropertySet("Sessions"); + if (props) { + pair p=props->getString("cookieProps"); + if (!p.first) + p.second=defProps; + if (!m_cookieName.empty()) + return pair(m_cookieName.c_str(),p.second); + pair p2=props->getString("cookieName"); + if (p2.first) { + m_cookieName=p2.second; + return pair(p2.second,p.second); + } + m_cookieName=defName; + m_cookieName+=m_app->getId(); + return pair(m_cookieName.c_str(),p.second); + } + m_cookieName=defName; + m_cookieName+=m_app->getId(); + return pair(m_cookieName.c_str(),defProps); +} + +const char* SHIRE::getShireURL(const char* resource) const { if (!m_shireURL.empty()) return m_shireURL.c_str(); @@ -299,7 +325,7 @@ const char* SHIRE::getShireURL(const char* resource) return m_shireURL.c_str(); } -const char* SHIRE::getAuthnRequest(const char* resource) +const char* SHIRE::getAuthnRequest(const char* resource) const { if (!m_authnRequest.empty()) return m_authnRequest.c_str(); @@ -324,7 +350,7 @@ const char* SHIRE::getAuthnRequest(const char* resource) return m_authnRequest.c_str(); } -const char* SHIRE::getLazyAuthnRequest(const char* query_string) +const char* SHIRE::getLazyAuthnRequest(const char* query_string) const { CgiParse parser(query_string,strlen(query_string)); const char* target=parser.get_value("target"); @@ -333,13 +359,13 @@ const char* SHIRE::getLazyAuthnRequest(const char* query_string) return getAuthnRequest(target); } -pair SHIRE::getFormSubmission(const char* post, unsigned int len) +pair SHIRE::getFormSubmission(const char* post, unsigned int len) const { m_parser = new CgiParse(post,len); return pair(m_parser->get_value("SAMLResponse"),m_parser->get_value("TARGET")); } -RPCError* SHIRE::sessionIsValid(const char* session_id, const char* ip) +RPCError* SHIRE::sessionIsValid(const char* session_id, const char* ip) const { saml::NDC ndc("sessionIsValid"); Category& log = Category::getInstance("shibtarget.SHIRE"); @@ -421,7 +447,7 @@ RPCError* SHIRE::sessionIsValid(const char* session_id, const char* ip) return retval; } -RPCError* SHIRE::sessionCreate(const char* response, const char* ip, string& cookie) +RPCError* SHIRE::sessionCreate(const char* response, const char* ip, string& cookie) const { saml::NDC ndc("sessionCreate"); Category& log = Category::getInstance("shibtarget.SHIRE"); diff --git a/shib-target/shib-target.h b/shib-target/shib-target.h index 3c87285..da7a0b6 100644 --- a/shib-target/shib-target.h +++ b/shib-target/shib-target.h @@ -266,27 +266,31 @@ namespace shibtarget { public: SHIRE(const IApplication* app) : m_app(app), m_parser(NULL) {} ~SHIRE(); - + + // Get the session cookie name and properties for the application + std::pair getCookieNameProps() const; + // Find the default assertion consumer service for the resource - const char* getShireURL(const char* resource); + const char* getShireURL(const char* resource) const; // Generate a Shib 1.x AuthnRequest redirect URL for the resource - const char* getAuthnRequest(const char* resource); + const char* getAuthnRequest(const char* resource) const; // Process a lazy session setup request and turn it into an AuthnRequest - const char* getLazyAuthnRequest(const char* query_string); + const char* getLazyAuthnRequest(const char* query_string) const; // Process a POST profile submission, and return (SAMLResponse,TARGET) pair. - std::pair getFormSubmission(const char* post, unsigned int len); + std::pair getFormSubmission(const char* post, unsigned int len) const; - RPCError* sessionCreate(const char* response, const char* ip, std::string &cookie); - RPCError* sessionIsValid(const char* session_id, const char* ip); + RPCError* sessionCreate(const char* response, const char* ip, std::string &cookie) const; + RPCError* sessionIsValid(const char* session_id, const char* ip) const; private: const IApplication* m_app; - std::string m_shireURL; - std::string m_authnRequest; - CgiParse* m_parser; + mutable std::string m_cookieName; + mutable std::string m_shireURL; + mutable std::string m_authnRequest; + mutable CgiParse* m_parser; }; class SHIBTARGET_EXPORTS RM