From 3b75d3ab9591600f3e9b788fe942127b3f0539ec Mon Sep 17 00:00:00 2001 From: scantor Date: Wed, 23 Mar 2011 02:31:15 +0000 Subject: [PATCH] Externalize publically-needed configure macros and fix GSS-related bugs. git-svn-id: https://svn.shibboleth.net/cpp-sp/branches/REL_2@3413 cb58f699-b61c-0410-a6fe-9272a202ed29 --- apache/mod_apache.cpp | 13 +++++++++++-- configure.ac | 10 +++++----- plugins/plugins.cpp | 4 ++++ schemas/shibboleth-2.0-attribute-map.xsd | 6 ++++++ shibsp/AbstractSPRequest.cpp | 4 ++-- shibsp/GSSRequest.h | 6 +++--- shibsp/Makefile.am | 3 +++ shibsp/base.h | 8 +++++++- shibsp/config_pub.h.in | 26 ++++++++++++++++++++++++++ shibsp/config_pub_win32.h | 31 +++++++++++++++++++++++++++++++ shibsp/handler/impl/RemotedHandler.cpp | 16 ++++++++-------- shibsp/shibsp-lite.vcxproj | 2 ++ shibsp/shibsp.vcxproj | 2 ++ 13 files changed, 110 insertions(+), 21 deletions(-) create mode 100644 shibsp/config_pub.h.in create mode 100644 shibsp/config_pub_win32.h diff --git a/apache/mod_apache.cpp b/apache/mod_apache.cpp index 7aa50de..3bc0770 100644 --- a/apache/mod_apache.cpp +++ b/apache/mod_apache.cpp @@ -311,7 +311,7 @@ extern "C" const char* shib_table_set(cmd_parms* parms, shib_dir_config* dc, con class ShibTargetApache : public AbstractSPRequest -#if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13) +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) , public GSSRequest #endif { @@ -356,6 +356,9 @@ public: const char* getScheme() const { return m_sc->szScheme ? m_sc->szScheme : ap_http_method(m_req); } + bool isSecure() const { + return HTTPRequest::isSecure(); + } const char* getHostname() const { return ap_get_server_name(m_req); } @@ -451,6 +454,12 @@ public: #endif return m_body.c_str(); } + const char* getParameter(const char* name) const { + return AbstractSPRequest::getParameter(name); + } + vector::size_type getParameters(const char* name, vector& values) const { + return AbstractSPRequest::getParameters(name, values); + } void clearHeader(const char* rawname, const char* cginame) { if (m_dc->bUseHeaders == 1) { // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_clear_header: hdr\n"); @@ -591,7 +600,7 @@ public: } long returnDecline(void) { return DECLINED; } long returnOK(void) { return OK; } -#if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13) +#if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13) gss_ctx_id_t getGSSContext() const { gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; apr_pool_userdata_get((void**)&ctx, g_szGSSContextKey, m_req->pool); diff --git a/configure.ac b/configure.ac index be3a599..4240d10 100644 --- a/configure.ac +++ b/configure.ac @@ -31,7 +31,7 @@ else GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG" fi -AC_CONFIG_HEADERS([config.h]) +AC_CONFIG_HEADERS([config.h shibsp/config_pub.h]) AC_CONFIG_FILES([shibboleth.spec pkginfo Portfile]) AC_PROG_CC([gcc gcc3 cc]) @@ -996,7 +996,7 @@ if test x"$want_gss" = xyes; then AC_CHECK_HEADER(gss.h, [ dnl found in the given dirs - AC_DEFINE([HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries]) + AC_DEFINE([SHIBSP_HAVE_GSSGNU],[1],[if you have the GNU gssapi libraries]) gnu_gss=yes ], [ @@ -1017,7 +1017,7 @@ AC_INCLUDES_DEFAULT AC_CHECK_HEADER([gssapi.h], [ dnl found - AC_DEFINE([HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries]) + AC_DEFINE([SHIBSP_HAVE_GSSHEIMDAL],[1],[if you have the Heimdal gssapi libraries]) ], [ dnl no header found, disabling GSS @@ -1027,7 +1027,7 @@ AC_INCLUDES_DEFAULT ) else dnl MIT found - AC_DEFINE([HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries]) + AC_DEFINE([SHIBSP_HAVE_GSSMIT],[1],[if you have the MIT gssapi libraries]) dnl check if we have a really old MIT kerberos (<= 1.2) AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE]) AC_COMPILE_IFELSE([ @@ -1055,7 +1055,7 @@ else AC_MSG_RESULT(no) fi if test x"$want_gss" = xyes; then - AC_DEFINE([HAVE_GSSAPI],[1],[if you have the gssapi libraries]) + AC_DEFINE([SHIBSP_HAVE_GSSAPI],[1],[if you have the gssapi libraries]) if test -n "$gnu_gss"; then LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" diff --git a/plugins/plugins.cpp b/plugins/plugins.cpp index a845cfb..1243ed7 100644 --- a/plugins/plugins.cpp +++ b/plugins/plugins.cpp @@ -22,6 +22,8 @@ #include "internal.h" #include +#include +#include using namespace shibsp; using namespace xmltooling; @@ -43,6 +45,8 @@ extern "C" int PLUGINS_EXPORTS xmltooling_extension_init(void*) { #ifdef HAVE_GSSAPI_NAMINGEXTS SPConfig::getConfig().AttributeExtractorManager.registerFactory("GSSAPI", GSSAPIExtractorFactory); + static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I); + XMLObjectBuilder::registerBuilder(xmltooling::QName(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI), new AnyElementBuilder()); #endif return 0; // signal success } diff --git a/schemas/shibboleth-2.0-attribute-map.xsd b/schemas/shibboleth-2.0-attribute-map.xsd index b40a8dd..3815208 100644 --- a/schemas/shibboleth-2.0-attribute-map.xsd +++ b/schemas/shibboleth-2.0-attribute-map.xsd @@ -38,6 +38,12 @@ + + + A wrapper element for GSS-API contexts. + + + The set of SAML or GSS-API attribute mappings. diff --git a/shibsp/AbstractSPRequest.cpp b/shibsp/AbstractSPRequest.cpp index 7a0d863..4ab8374 100644 --- a/shibsp/AbstractSPRequest.cpp +++ b/shibsp/AbstractSPRequest.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2010 Internet2 + * Copyright 2001-2011 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,7 +51,7 @@ void SPRequest::setAuthType(const char* authtype) { } -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI GSSRequest::GSSRequest() { } diff --git a/shibsp/GSSRequest.h b/shibsp/GSSRequest.h index cb1c56f..2867d60 100644 --- a/shibsp/GSSRequest.h +++ b/shibsp/GSSRequest.h @@ -20,15 +20,15 @@ * Interface to a GSS-authenticated request. */ -#if !defined(__shibsp_gssreq_h__) && defined(HAVE_GSSAPI) +#if !defined(__shibsp_gssreq_h__) && defined(SHIBSP_HAVE_GSSAPI) #define __shibsp_gssreq_h__ #include #include -#ifdef HAVE_GSSGNU +#ifdef SHIBSP_HAVE_GSSGNU # include -#elif defined HAVE_GSSMIT +#elif defined SHIBSP_HAVE_GSSMIT # include # include #else diff --git a/shibsp/Makefile.am b/shibsp/Makefile.am index 539ea30..36af47a 100644 --- a/shibsp/Makefile.am +++ b/shibsp/Makefile.am @@ -29,6 +29,7 @@ libshibspinclude_HEADERS = \ AccessControl.h \ Application.h \ base.h \ + config_pub.h \ exceptions.h \ paths.h \ GSSRequest.h \ @@ -253,6 +254,8 @@ EXTRA_DIST = \ shibsp-lite.vcxproj \ shibsp.vcxproj.filters \ shibsp-lite.vcxproj.filters \ + config_pub.h.in \ + config_pub_win32.h\ paths.h.in \ resource.h \ shibsp.rc diff --git a/shibsp/base.h b/shibsp/base.h index 7e7def0..745cb17 100644 --- a/shibsp/base.h +++ b/shibsp/base.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2009 Internet2 + * Copyright 2001-2011 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +31,12 @@ # include #endif +#if defined (_MSC_VER) || defined(__BORLANDC__) + #include +#else + #include +#endif + // Windows and GCC4 Symbol Visibility Macros #ifdef WIN32 #define SHIBSP_IMPORT __declspec(dllimport) diff --git a/shibsp/config_pub.h.in b/shibsp/config_pub.h.in new file mode 100644 index 0000000..8d8a058 --- /dev/null +++ b/shibsp/config_pub.h.in @@ -0,0 +1,26 @@ +/* if you have the gssapi libraries */ +#undef SHIBSP_HAVE_GSSAPI + +/* if you have the GNU gssapi libraries */ +#undef SHIBSP_HAVE_GSSGNU + +/* if you have the Heimdal gssapi libraries */ +#undef SHIBSP_HAVE_GSSHEIMDAL + +/* if you have the MIT gssapi libraries */ +#undef SHIBSP_HAVE_GSSMIT + +/* Define to 1 if log4cpp library is used. */ +#undef SHIBSP_LOG4CPP + +/* Define to 1 if log4shib library is used. */ +#undef SHIBSP_LOG4SHIB + +/* Define to 1 if Xerces XMLString includes XMLByte release. */ +#undef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE + +/* Define to 1 if Xerces DOMNodeFilter API returns a short. */ +#undef SHIBSP_XERCESC_SHORT_ACCEPTNODE + +/* Define to 1 if XML-Security-C supports white/blacklisting algorithms. */ +#undef SHIBSP_XMLSEC_WHITELISTING diff --git a/shibsp/config_pub_win32.h b/shibsp/config_pub_win32.h new file mode 100644 index 0000000..7534a59 --- /dev/null +++ b/shibsp/config_pub_win32.h @@ -0,0 +1,31 @@ +/* if you have the gssapi libraries */ +#undef SHIBSP_HAVE_GSSAPI + +/* if you have the GNU gssapi libraries */ +#undef SHIBSP_HAVE_GSSGNU + +/* if you have the Heimdal gssapi libraries */ +#undef SHIBSP_HAVE_GSSHEIMDAL + +/* if you have the MIT gssapi libraries */ +#undef SHIBSP_HAVE_GSSMIT + +/* Define to 1 if log4cpp library is used. */ +#undef SHIBSP_LOG4CPP + +/* Define to 1 if log4shib library is used. */ +#define SHIBSP_LOG4SHIB 1 + +#include + +#if (XERCES_VERSION_MAJOR < 3) +# define SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE 1 +# define SHIBSP_XERCESC_SHORT_ACCEPTNODE 1 +#endif + +#ifndef XMLTOOLING_NO_XMLSEC +# include +# if (_XSEC_VERSION_FULL >= 10600) +# define SHIBSP_XMLSEC_WHITELISTING 1 +# endif +#endif diff --git a/shibsp/handler/impl/RemotedHandler.cpp b/shibsp/handler/impl/RemotedHandler.cpp index 272f667..5bbdbcf 100644 --- a/shibsp/handler/impl/RemotedHandler.cpp +++ b/shibsp/handler/impl/RemotedHandler.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2010 Internet2 + * Copyright 2001-2011 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -49,7 +49,7 @@ using namespace std; #ifndef SHIBSP_LITE namespace shibsp { class SHIBSP_DLLLOCAL RemotedRequest : -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI public GSSRequest, #endif public HTTPRequest @@ -57,12 +57,12 @@ namespace shibsp { DDF& m_input; mutable CGIParser* m_parser; mutable vector m_certs; -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI mutable gss_ctx_id_t m_gss; #endif public: RemotedRequest(DDF& input) : m_input(input), m_parser(nullptr) -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI , m_gss(GSS_C_NO_CONTEXT) #endif { @@ -71,7 +71,7 @@ namespace shibsp { virtual ~RemotedRequest() { for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup()); delete m_parser; -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI if (m_gss != GSS_C_NO_CONTEXT) { OM_uint32 minor; gss_delete_sec_context(&minor, &m_gss, GSS_C_NO_BUFFER); @@ -117,7 +117,7 @@ namespace shibsp { const std::vector& getClientCertificates() const; -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI // GSSRequest gss_ctx_id_t getGSSContext() const; #endif @@ -206,7 +206,7 @@ const std::vector& RemotedRequest::getClientCertificates() cons return m_certs; } -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI gss_ctx_id_t RemotedRequest::getGSSContext() const { if (m_gss == GSS_C_NO_CONTEXT) { @@ -360,7 +360,7 @@ DDF RemotedHandler::wrap(const SPRequest& request, const vector* headers #endif } -#ifdef HAVE_GSSAPI +#ifdef SHIBSP_HAVE_GSSAPI const GSSRequest* gss = dynamic_cast(&request); if (gss) { gss_ctx_id_t ctx = gss->getGSSContext(); diff --git a/shibsp/shibsp-lite.vcxproj b/shibsp/shibsp-lite.vcxproj index 5209287..9a99f86 100644 --- a/shibsp/shibsp-lite.vcxproj +++ b/shibsp/shibsp-lite.vcxproj @@ -249,6 +249,7 @@ + @@ -287,6 +288,7 @@ + diff --git a/shibsp/shibsp.vcxproj b/shibsp/shibsp.vcxproj index 331fddb..012de9d 100644 --- a/shibsp/shibsp.vcxproj +++ b/shibsp/shibsp.vcxproj @@ -290,6 +290,7 @@ + @@ -343,6 +344,7 @@ + -- 2.1.4