[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, master, updated. debian/2.4.2+dfsg-1-21-gf016e47

Russ Allbery rra at debian.org
Tue Jul 26 00:38:11 UTC 2011 

The following commit has been merged in the master branch:
commit 70cdaec48b5dd7996514ada9ff2a0f66dc00192b
Merge: a57641753e49f9d2766606c2d25aafef4182e1a3 f2b5c8f49a2c9e350423e9f6fa379d076bb75911
Author: Russ Allbery <rra at debian.org>
Date:   Mon Jul 25 16:08:22 2011 -0700

    Merge commit 'upstream/2.4.3+dfsg'

diff --combined apache/mod_apache.cpp
index 4f39eb1,8f04472..dab21f8
--- a/apache/mod_apache.cpp
+++ b/apache/mod_apache.cpp
@@@ -1,17 -1,21 +1,21 @@@
- /*
-  *  Copyright 2001-2011 Internet2
+ /**
+  * Licensed to the University Corporation for Advanced Internet
+  * Development, Inc. (UCAID) under one or more contributor license
+  * agreements. See the NOTICE file distributed with this work for
+  * additional information regarding copyright ownership.
   *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-  * you may not use this file except in compliance with the License.
-  * You may obtain a copy of the License at
+  * UCAID licenses this file to you under the Apache License,
+  * Version 2.0 (the "License"); you may not use this file except
+  * in compliance with the License. You may obtain a copy of the
+  * License at
   *
-  *     http://www.apache.org/licenses/LICENSE-2.0
+  * http://www.apache.org/licenses/LICENSE-2.0
   *
-  * Unless required by applicable law or agreed to in writing, software
-  * distributed under the License is distributed on an "AS IS" BASIS,
-  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  * See the License for the specific language governing permissions and
-  * limitations under the License.
+  * Unless required by applicable law or agreed to in writing,
+  * software distributed under the License is distributed on an
+  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+  * either express or implied. See the License for the specific
+  * language governing permissions and limitations under the License.
   */
  
  /**
@@@ -72,13 -76,13 +76,14 @@@
  #include <apr_pools.h>
  #endif
  
 +#include <cstddef>		// for offsetof()
  #include <set>
  #include <memory>
  #include <fstream>
  #include <sstream>
  #include <stdexcept>
  
+ #include <cstddef>
  #ifdef HAVE_UNISTD_H
  #include <unistd.h>		// for getpid()
  #endif
@@@ -169,6 -173,7 +174,7 @@@ struct shib_dir_confi
      int bExportAssertion;   // export SAML assertion to the environment?
      int bUseEnvVars;        // use environment?
      int bUseHeaders;        // use headers?
+     int bExpireRedirects;   // expire redirects?
  };
  
  // creates per-directory config structure
@@@ -189,6 -194,7 +195,7 @@@ extern "C" void* create_shib_dir_confi
      dc->bExportAssertion = -1;
      dc->bUseEnvVars = -1;
      dc->bUseHeaders = -1;
+     dc->bExpireRedirects = -1;
      return dc;
  }
  
@@@ -253,6 -259,7 +260,7 @@@ extern "C" void* merge_shib_dir_config 
      dc->bAuthoritative=((child->bAuthoritative==-1) ? parent->bAuthoritative : child->bAuthoritative);
      dc->bUseEnvVars=((child->bUseEnvVars==-1) ? parent->bUseEnvVars : child->bUseEnvVars);
      dc->bUseHeaders=((child->bUseHeaders==-1) ? parent->bUseHeaders : child->bUseHeaders);
+     dc->bExpireRedirects=((child->bExpireRedirects==-1) ? parent->bExpireRedirects : child->bExpireRedirects);
      return dc;
  }
  
@@@ -312,7 -319,7 +320,7 @@@ extern "C" const char* shib_table_set(c
  
  
  class ShibTargetApache : public AbstractSPRequest
- #if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
+ #if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
      , public GSSRequest
  #endif
  {
@@@ -357,6 -364,9 +365,9 @@@ public
    const char* getScheme() const {
      return m_sc->szScheme ? m_sc->szScheme : ap_http_method(m_req);
    }
+   bool isSecure() const {
+       return HTTPRequest::isSecure();
+   }
    const char* getHostname() const {
      return ap_get_server_name(m_req);
    }
@@@ -452,6 -462,12 +463,12 @@@
  #endif
      return m_body.c_str();
    }
+   const char* getParameter(const char* name) const {
+       return AbstractSPRequest::getParameter(name);
+   }
+   vector<const char*>::size_type getParameters(const char* name, vector<const char*>& values) const {
+       return AbstractSPRequest::getParameters(name, values);
+   }
    void clearHeader(const char* rawname, const char* cginame) {
      if (m_dc->bUseHeaders == 1) {
         // ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(m_req), "shib_clear_header: hdr\n");
@@@ -574,6 -590,10 +591,10 @@@
    long sendRedirect(const char* url) {
      HTTPResponse::sendRedirect(url);
      ap_table_set(m_req->headers_out, "Location", url);
+     if (m_dc->bExpireRedirects != 0) {
+         ap_table_set(m_req->err_headers_out, "Expires", "Wed, 01 Jan 1997 12:00:00 GMT");
+         ap_table_set(m_req->err_headers_out, "Cache-Control", "private,no-store,no-cache,max-age=0");
+     }
      return REDIRECT;
    }
    const vector<string>& getClientCertificates() const {
@@@ -592,7 -612,7 +613,7 @@@
    }
    long returnDecline(void) { return DECLINED; }
    long returnOK(void) { return OK; }
- #if defined(HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
+ #if defined(SHIBSP_HAVE_GSSAPI) && !defined(SHIB_APACHE_13)
    gss_ctx_id_t getGSSContext() const {
      gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
      apr_pool_userdata_get((void**)&ctx, g_szGSSContextKey, m_req->pool);
@@@ -920,7 -940,7 +941,7 @@@ void ApacheRequestMapper::getAll(map<st
          properties["exportAssertion"] = (sta->m_dc->bExportAssertion==1) ? "true" : "false";
  
      if (sta->m_dc->tSettings)
-         ap_table_do(_rm_get_all_table_walk, &properties, sta->m_dc->tSettings, nullptr);
+         ap_table_do(_rm_get_all_table_walk, &properties, sta->m_dc->tSettings, NULL);
  }
  
  const PropertySet* ApacheRequestMapper::getPropertySet(const char* name, const char* ns) const
@@@ -1457,7 -1477,7 +1478,7 @@@ static apr_status_t do_output_filter(ap
          ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_out_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts);
          // can't use overlap call because it will collapse Set-Cookie headers
          //apr_table_overlap(r->headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE);
-         apr_table_do(_table_add,r->headers_out, rc->hdr_out,nullptr);
+         apr_table_do(_table_add,r->headers_out, rc->hdr_out,NULL);
      }
  
      /* remove ourselves from the filter chain */
@@@ -1476,7 -1496,7 +1497,7 @@@ static apr_status_t do_error_filter(ap_
          ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,SH_AP_R(r),"shib_err_filter: merging %d headers", apr_table_elts(rc->hdr_out)->nelts);
          // can't use overlap call because it will collapse Set-Cookie headers
          //apr_table_overlap(r->err_headers_out, rc->hdr_out, APR_OVERLAP_TABLES_MERGE);
-         apr_table_do(_table_add,r->err_headers_out, rc->hdr_out,nullptr);
+         apr_table_do(_table_add,r->err_headers_out, rc->hdr_out,NULL);
      }
  
      /* remove ourselves from the filter chain */
@@@ -1548,6 -1568,9 +1569,9 @@@ static command_rec shire_cmds[] = 
    {"ShibUseHeaders", (config_fn_t)ap_set_flag_slot,
     (void *) XtOffsetOf (shib_dir_config, bUseHeaders),
     OR_AUTHCFG, FLAG, "Export attributes using custom HTTP headers"},
+   {"ShibExpireRedirects", (config_fn_t)ap_set_flag_slot,
+    (void *) XtOffsetOf (shib_dir_config, bExpireRedirects),
+    OR_AUTHCFG, FLAG, "Expire SP-generated redirects"},
  
    {nullptr}
  };
@@@ -1667,6 -1690,9 +1691,9 @@@ static command_rec shib_cmds[] = 
      AP_INIT_FLAG("ShibUseHeaders", (config_fn_t)ap_set_flag_slot,
          (void *) offsetof (shib_dir_config, bUseHeaders),
          OR_AUTHCFG, "Export attributes using custom HTTP headers"),
+     AP_INIT_FLAG("ShibExpireRedirects", (config_fn_t)ap_set_flag_slot,
+         (void *) offsetof (shib_dir_config, bExpireRedirects),
+         OR_AUTHCFG, "Expire SP-generated redirects"),
  
      {nullptr}
  };
diff --combined configs/metagen.sh
index ce71382,84090c1..e42cf25
--- a/configs/metagen.sh
+++ b/configs/metagen.sh
@@@ -1,4 -1,4 +1,4 @@@
 -#! /bin/sh
 +#! /bin/bash
  
  DECLS=1
  
@@@ -124,11 -124,6 +124,6 @@@ if [ $SAML1 -eq 1 ] ; the
      fi
  fi
  
- if [ $SAML2 -eq 1 ] ; then
-     ACS[${#ACS[*]}]=$SAML20PAOS
-     ACSLOC[${#ACSLOC[*]}]="SAML2/ECP"
- fi
- 
  if [ $DECLS -eq 1 ] ; then
      DECLS="xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" "
      if [ $DS -eq 1 ] ; then
@@@ -162,7 -157,7 +157,7 @@@ don
  for h in ${NAKEDHOSTS[@]}
  do
    cat << EOF
-       <disco:DiscoveryResponse xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
+       <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://$h/Shibboleth.sso/DS" index="$count"/>
  EOF
    let "count++"
  done

-- 
Debian packaging for the 2.0 Apache Shibboleth SP

More information about the Pkg-shibboleth-devel mailing list