From 0eb45026ac945566a5b3a9ff7b6c37b0115bf9b0 Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 20 Oct 2010 19:29:24 +0000 Subject: [PATCH] https://bugs.internet2.edu/jira/browse/SSPCPP-299 git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/branches/REL_2@3349 cb58f699-b61c-0410-a6fe-9272a202ed29 --- shibsp/impl/StorageServiceSessionCache.cpp | 175 +++++++++++++++++++---------- 1 file changed, 116 insertions(+), 59 deletions(-) diff --git a/shibsp/impl/StorageServiceSessionCache.cpp b/shibsp/impl/StorageServiceSessionCache.cpp index ca3f50a..8f13d1b 100644 --- a/shibsp/impl/StorageServiceSessionCache.cpp +++ b/shibsp/impl/StorageServiceSessionCache.cpp @@ -106,7 +106,7 @@ namespace shibsp { ); bool matches( const Application& app, - const xmltooling::HTTPRequest& request, + const HTTPRequest& request, const saml2md::EntityDescriptor* issuer, const saml2::NameID& nameid, const set* indexes @@ -116,10 +116,19 @@ namespace shibsp { void remove(const Application& app, const char* key); void test(); - string active(const Application& app, const xmltooling::HTTPRequest& request) { - pair shib_cookie = app.getCookieNameProps("_shibsession_"); - const char* session_id = request.getCookie(shib_cookie.first.c_str()); - return (session_id ? session_id : ""); + string active(const Application& app, const HTTPRequest& request) { + if (m_inboundHeader.empty()) { + pair shib_cookie = app.getCookieNameProps("_shibsession_"); + const char* session_id = request.getCookie(shib_cookie.first.c_str()); + return (session_id ? session_id : ""); + } + else { + string session_id = request.getHeader(m_inboundHeader.c_str()); + if (!session_id.empty()) + return session_id; + const char* p = request.getParameter(m_inboundHeader.c_str()); + return (p ? p : ""); + } } Session* find(const Application& app, const HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr) { @@ -129,47 +138,8 @@ namespace shibsp { return nullptr; } - Session* find(const Application& app, HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr) { - string id = active(app, request); - if (id.empty()) - return nullptr; - try { - Session* session = find(app, id.c_str(), client_addr, timeout); - if (session) - return session; - HTTPResponse* response = dynamic_cast(&request); - if (response) { - pair shib_cookie = app.getCookieNameProps("_shibsession_"); - string exp(shib_cookie.second); - exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; - response->setCookie(shib_cookie.first.c_str(), exp.c_str()); - } - } - catch (exception&) { - HTTPResponse* response = dynamic_cast(&request); - if (response) { - pair shib_cookie = app.getCookieNameProps("_shibsession_"); - string exp(shib_cookie.second); - exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; - response->setCookie(shib_cookie.first.c_str(), exp.c_str()); - } - throw; - } - return nullptr; - } - - void remove(const Application& app, const HTTPRequest& request, HTTPResponse* response=nullptr) { - pair shib_cookie = app.getCookieNameProps("_shibsession_"); - const char* session_id = request.getCookie(shib_cookie.first.c_str()); - if (session_id && *session_id) { - if (response) { - string exp(shib_cookie.second); - exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; - response->setCookie(shib_cookie.first.c_str(), exp.c_str()); - } - remove(app, session_id); - } - } + Session* find(const Application& app, HTTPRequest& request, const char* client_addr=nullptr, time_t* timeout=nullptr); + void remove(const Application& app, const HTTPRequest& request, HTTPResponse* response=nullptr); unsigned long getCacheTimeout(const Application& app) { // Computes offset for adjusting expiration of sessions. @@ -203,6 +173,7 @@ namespace shibsp { #endif const DOMElement* m_root; // Only valid during initialization unsigned long m_inprocTimeout,m_cacheTimeout,m_cacheAllowance; + string m_inboundHeader,m_outboundHeader; // inproc means we buffer sessions in memory RWLock* m_lock; @@ -775,6 +746,8 @@ SSCache::SSCache(const DOMElement* e) static const XMLCh cacheAssertions[] = UNICODE_LITERAL_15(c,a,c,h,e,A,s,s,e,r,t,i,o,n,s); static const XMLCh cacheTimeout[] = UNICODE_LITERAL_12(c,a,c,h,e,T,i,m,e,o,u,t); static const XMLCh inprocTimeout[] = UNICODE_LITERAL_13(i,n,p,r,o,c,T,i,m,e,o,u,t); + static const XMLCh inboundHeader[] = UNICODE_LITERAL_13(i,n,b,o,u,n,d,H,e,a,d,e,r); + static const XMLCh outboundHeader[] = UNICODE_LITERAL_14(o,u,t,b,o,u,n,d,H,e,a,d,e,r); static const XMLCh _StorageService[] = UNICODE_LITERAL_14(S,t,o,r,a,g,e,S,e,r,v,i,c,e); static const XMLCh _StorageServiceLite[] = UNICODE_LITERAL_18(S,t,o,r,a,g,e,S,e,r,v,i,c,e,L,i,t,e); @@ -782,6 +755,8 @@ SSCache::SSCache(const DOMElement* e) m_cacheAllowance = XMLHelper::getAttrInt(e, 0, cacheAllowance); if (inproc) m_inprocTimeout = XMLHelper::getAttrInt(e, 900, inprocTimeout); + m_inboundHeader = XMLHelper::getAttrString(e, nullptr, inboundHeader); + m_outboundHeader = XMLHelper::getAttrString(e, nullptr, outboundHeader); #ifndef SHIBSP_LITE if (conf.isEnabled(SPConfig::OutOfProcess)) { @@ -1127,24 +1102,30 @@ void SSCache::insert( xlog->log.info("}"); } - time_t cookieLifetime = 0; - pair shib_cookie = app.getCookieNameProps("_shibsession_", &cookieLifetime); - string k(key.get()); - k += shib_cookie.second; + if (m_outboundHeader.empty()) { + time_t cookieLifetime = 0; + pair shib_cookie = app.getCookieNameProps("_shibsession_", &cookieLifetime); + string k(key.get()); + k += shib_cookie.second; - if (cookieLifetime > 0) { - cookieLifetime += now; + if (cookieLifetime > 0) { + cookieLifetime += now; #ifndef HAVE_GMTIME_R - ptime=gmtime(&cookieLifetime); + ptime=gmtime(&cookieLifetime); #else - ptime=gmtime_r(&cookieLifetime,&res); + ptime=gmtime_r(&cookieLifetime,&res); #endif - char cookietimebuf[64]; - strftime(cookietimebuf,64,"; expires=%a, %d %b %Y %H:%M:%S GMT",ptime); - k += cookietimebuf; - } + char cookietimebuf[64]; + strftime(cookietimebuf,64,"; expires=%a, %d %b %Y %H:%M:%S GMT",ptime); + k += cookietimebuf; + } - httpResponse.setCookie(shib_cookie.first.c_str(), k.c_str()); + httpResponse.setCookie(shib_cookie.first.c_str(), k.c_str()); + } + else { + // Use an arbitrary header to pass back the session ID instead of a cookie. + httpResponse.setResponseHeader(m_outboundHeader.c_str(), key.get()); + } } bool SSCache::matches( @@ -1525,6 +1506,82 @@ Session* SSCache::find(const Application& app, const char* key, const char* clie return session; } +Session* SSCache::find(const Application& app, HTTPRequest& request, const char* client_addr, time_t* timeout) +{ + string id = active(app, request); + if (id.empty()) + return nullptr; + try { + Session* session = find(app, id.c_str(), client_addr, timeout); + if (session) + return session; + HTTPResponse* response = dynamic_cast(&request); + if (response) { + if (m_outboundHeader.empty()) { + pair shib_cookie = app.getCookieNameProps("_shibsession_"); + string exp(shib_cookie.second); + exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + response->setCookie(shib_cookie.first.c_str(), exp.c_str()); + } + else { + response->setResponseHeader(m_outboundHeader.c_str(), nullptr); + } + } + } + catch (exception&) { + if (m_outboundHeader.empty()) { + HTTPResponse* response = dynamic_cast(&request); + if (response) { + if (m_outboundHeader.empty()) { + pair shib_cookie = app.getCookieNameProps("_shibsession_"); + string exp(shib_cookie.second); + exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + response->setCookie(shib_cookie.first.c_str(), exp.c_str()); + } + else { + response->setResponseHeader(m_outboundHeader.c_str(), nullptr); + } + } + } + throw; + } + return nullptr; +} + +void SSCache::remove(const Application& app, const HTTPRequest& request, HTTPResponse* response) +{ + if (m_inboundHeader.empty()) { + pair shib_cookie = app.getCookieNameProps("_shibsession_"); + const char* session_id = request.getCookie(shib_cookie.first.c_str()); + if (session_id && *session_id) { + if (response) { + if (m_outboundHeader.empty()) { + string exp(shib_cookie.second); + exp += "; expires=Mon, 01 Jan 2001 00:00:00 GMT"; + response->setCookie(shib_cookie.first.c_str(), exp.c_str()); + } + else { + response->setResponseHeader(m_outboundHeader.c_str(), nullptr); + } + } + remove(app, session_id); + } + } + else { + string session_id = request.getHeader(m_inboundHeader.c_str()); + if (session_id.empty()) { + const char* p = request.getParameter(m_inboundHeader.c_str()); + if (p) + session_id = p; + } + if (!session_id.empty()) { + if (response && !m_outboundHeader.empty()) + response->setResponseHeader(m_outboundHeader.c_str(), nullptr); + remove(app, session_id.c_str()); + } + } +} + void SSCache::remove(const Application& app, const char* key) { #ifdef _DEBUG -- 2.1.4