[SCM] Debian packaging for OpenSAML 2.0 branch, lenny, updated. debian/2.0-2-4-g069b7f5
Russ Allbery
rra at debian.org
Wed Sep 23 05:52:28 UTC 2009
The following commit has been merged in the lenny branch:
commit 79aa46ab6d12b55765859adaf4a73197aee4933d
Author: Russ Allbery <rra at debian.org>
Date: Tue Sep 22 12:45:47 2009 -0700
Revert portions of the patch that were unrelated to the security fixes
diff --git a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp
index 965e58f..16a6bc1 100644
--- a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp
+++ b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -109,7 +109,8 @@ XMLObject* SAML1POSTDecoder::decode(
if (!response)
throw BindingException("Decoded message was not a SAML 1.x Response.");
- SchemaValidators.validate(response);
+ if (!policy.getValidating())
+ SchemaValidators.validate(response);
pair<bool,int> minor = response->getMinorVersion();
extractMessageDetails(
diff --git a/saml/saml1/binding/impl/SAML1SOAPDecoder.cpp b/saml/saml1/binding/impl/SAML1SOAPDecoder.cpp
index 74c1960..d60dced 100644
--- a/saml/saml1/binding/impl/SAML1SOAPDecoder.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -98,7 +98,8 @@ XMLObject* SAML1SOAPDecoder::decode(
if (!env)
throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
- SchemaValidators.validate(env);
+ if (!policy.getValidating())
+ SchemaValidators.validate(env);
Body* body = env->getBody();
if (body && body->hasChildren()) {
diff --git a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
index e8ecc34..d311286 100644
--- a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -99,7 +99,8 @@ XMLObject* SAML2ECPDecoder::decode(
if (!env)
throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
- SchemaValidators.validate(env);
+ if (!policy.getValidating())
+ SchemaValidators.validate(env);
Body* body = env->getBody();
if (body && body->hasChildren()) {
diff --git a/saml/saml2/binding/impl/SAML2ECPEncoder.cpp b/saml/saml2/binding/impl/SAML2ECPEncoder.cpp
index 16ee9f0..2cddf29 100644
--- a/saml/saml2/binding/impl/SAML2ECPEncoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ECPEncoder.cpp
@@ -179,7 +179,7 @@ long SAML2ECPEncoder::encode(
header->getUnknownXMLObjects().push_back(hdrblock);
}
- if (relayState && *relayState) {
+ if (relayState) {
// Create ecp:RelayState header.
static const XMLCh RelayState[] = UNICODE_LITERAL_10(R,e,l,a,y,S,t,a,t,e);
hdrblock = dynamic_cast<ElementProxy*>(m_anyBuilder.buildObject(SAML20ECP_NS, RelayState, SAML20ECP_PREFIX));
@@ -224,10 +224,8 @@ long SAML2ECPEncoder::encode(
stringstream s;
s << *rootElement;
- if (log.isDebugEnabled()) {
- string forlog(s.str());
- log.debug("marshalled envelope:\n%s", forlog.c_str());
- }
+ if (log.isDebugEnabled())
+ log.debug("marshalled envelope:\n%s", s.str().c_str());
log.debug("sending serialized envelope");
long ret = genericResponse.sendResponse(s);
diff --git a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
index bd0cd73..7be9f55 100644
--- a/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2POSTDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -122,7 +122,8 @@ XMLObject* SAML2POSTDecoder::decode(
root = static_cast<saml2::RootObject*>(request);
}
- SchemaValidators.validate(root);
+ if (!policy.getValidating())
+ SchemaValidators.validate(root);
// Run through the policy.
extractMessageDetails(*root, genericRequest, samlconstants::SAML20P_NS, policy);
diff --git a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
index 027b111..f682d2d 100644
--- a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -134,7 +134,8 @@ XMLObject* SAML2RedirectDecoder::decode(
root = static_cast<saml2::RootObject*>(request);
}
- SchemaValidators.validate(root);
+ if (!policy.getValidating())
+ SchemaValidators.validate(root);
// Run through the policy.
extractMessageDetails(*root, genericRequest, samlconstants::SAML20P_NS, policy);
diff --git a/saml/saml2/binding/impl/SAML2SOAPDecoder.cpp b/saml/saml2/binding/impl/SAML2SOAPDecoder.cpp
index 346aa99..e006a9e 100644
--- a/saml/saml2/binding/impl/SAML2SOAPDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPDecoder.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -98,7 +98,8 @@ XMLObject* SAML2SOAPDecoder::decode(
if (!env)
throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
- SchemaValidators.validate(env);
+ if (!policy.getValidating())
+ SchemaValidators.validate(env);
Body* body = env->getBody();
if (body && body->hasChildren()) {
diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
index 03f9809..835a2ed 100644
--- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
@@ -30,7 +30,6 @@
#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
#include <xmltooling/util/XMLHelper.h>
-#include <xmltooling/validation/ValidatorSuite.h>
using namespace opensaml::saml2md;
using namespace xmltooling::logging;
@@ -86,13 +85,6 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
// Try resolving it.
auto_ptr<EntityDescriptor> entity2(resolve(name.c_str()));
- try {
- SchemaValidators.validate(entity2.get());
- }
- catch (exception& ex) {
- log.error("metadata intance failed manual validation checking: %s", ex.what());
- throw MetadataException("Metadata instance failed manual validation checking.");
- }
// Filter it, which may throw.
doFilters(*entity2.get());
diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index 430288f..f3f2b39 100644
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -27,7 +27,6 @@
#include <xmltooling/util/NDC.h>
#include <xmltooling/util/ReloadableXMLFile.h>
-#include <xmltooling/validation/ValidatorSuite.h>
using namespace opensaml::saml2md;
using namespace xmltooling::logging;
@@ -99,13 +98,6 @@ pair<bool,DOMElement*> XMLMetadataProvider::load()
throw MetadataException(
"Root of metadata instance not recognized: $1", params(1,xmlObject->getElementQName().toString().c_str())
);
- try {
- SchemaValidators.validate(xmlObject.get());
- }
- catch (exception& ex) {
- m_log.error("metadata intance failed manual validation checking: %s", ex.what());
- throw MetadataException("Metadata instance failed manual validation checking.");
- }
// Preprocess the metadata.
doFilters(*xmlObject.get());
--
Debian packaging for OpenSAML 2.0
More information about the Pkg-shibboleth-devel
mailing list