[shibboleth-sp2] 74/89: Further syncing of filter schema, fix to a factory registration.

Ferenc Wágner wferi at moszumanska.debian.org
Thu Sep 1 09:24:11 UTC 2016 

This is an automated email from the git hooks/post-receive script.

wferi pushed a commit to branch master
in repository shibboleth-sp2.

commit 54c50879581b25b74a0cd00eaf6a2fa9320b73b1
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Wed Jun 22 20:07:30 2016 -0400

    Further syncing of filter schema, fix to a factory registration.
---
 configs/attribute-policy.xml                          |  4 +---
 schemas/shibboleth-2.0-afp.xsd                        | 19 ++++++++++++-------
 shibsp/attribute/filtering/impl/MatchFunctor.cpp      |  2 +-
 .../attribute/filtering/impl/XMLAttributeFilter.cpp   |  7 +++++++
 4 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/configs/attribute-policy.xml b/configs/attribute-policy.xml
index ba0449f..7145fc1 100644
--- a/configs/attribute-policy.xml
+++ b/configs/attribute-policy.xml
@@ -65,9 +65,7 @@
         </afp:AttributeRule>
 
         <!-- Catch-all that passes everything else through unmolested. -->
-        <afp:AttributeRule attributeID="*">
-            <afp:PermitValueRule xsi:type="ANY"/>
-        </afp:AttributeRule>
+        <afp:AttributeRule attributeID="*" permitAny="true"/>
         
     </afp:AttributeFilterPolicy>
 
diff --git a/schemas/shibboleth-2.0-afp.xsd b/schemas/shibboleth-2.0-afp.xsd
index ded4423..ca54a7b 100644
--- a/schemas/shibboleth-2.0-afp.xsd
+++ b/schemas/shibboleth-2.0-afp.xsd
@@ -1,12 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+        xmlns:afp="urn:mace:shibboleth:2.0:afp"
+        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+        targetNamespace="urn:mace:shibboleth:2.0:afp"
+        version="2.6.0"
+        elementFormDefault="qualified">
 
-<schema targetNamespace="urn:mace:shibboleth:2.0:afp"
-    xmlns="http://www.w3.org/2001/XMLSchema"
-    xmlns:afp="urn:mace:shibboleth:2.0:afp"
-    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
-    elementFormDefault="qualified">
-
-    <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="classpath:/schema/xmldsig-core-schema.xsd" />
+    <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
 
     <annotation>
         <documentation>Schema for the attribute filter policies.</documentation>
@@ -157,6 +157,11 @@
                         <documentation>The ID of the attribute to which this rule applies.</documentation>
                     </annotation>
                 </attribute>
+                <attribute name="permitAny" type="string">
+                    <annotation>
+                        <documentation>If present, and true injects an implicit permit value rule of type ANY</documentation>
+                    </annotation>
+                </attribute>
             </extension>
         </complexContent>
     </complexType>
diff --git a/shibsp/attribute/filtering/impl/MatchFunctor.cpp b/shibsp/attribute/filtering/impl/MatchFunctor.cpp
index e69c337..e1e029d 100644
--- a/shibsp/attribute/filtering/impl/MatchFunctor.cpp
+++ b/shibsp/attribute/filtering/impl/MatchFunctor.cpp
@@ -178,7 +178,7 @@ void SHIBSP_API shibsp::registerMatchFunctors()
 
     mgr.registerFactory(EntityAttributeExactMatchType, AttributeRequesterEntityAttributeExactMatchFactory);
     mgr.registerFactory(EntityAttributeRegexMatchType, AttributeRequesterEntityAttributeRegexMatchFactory);
-    mgr.registerFactory(InEntityGroup, AttributeRequesterInEntityGroupFactory);
+    mgr.registerFactory(InEntityGroupType, AttributeRequesterInEntityGroupFactory);
 }
 
 MatchFunctor::MatchFunctor()
diff --git a/shibsp/attribute/filtering/impl/XMLAttributeFilter.cpp b/shibsp/attribute/filtering/impl/XMLAttributeFilter.cpp
index ede3195..a92e1f2 100644
--- a/shibsp/attribute/filtering/impl/XMLAttributeFilter.cpp
+++ b/shibsp/attribute/filtering/impl/XMLAttributeFilter.cpp
@@ -144,6 +144,7 @@ namespace shibsp {
     static const XMLCh PolicyRequirementRule[] =        UNICODE_LITERAL_21(P,o,l,i,c,y,R,e,q,u,i,r,e,m,e,n,t,R,u,l,e);
     static const XMLCh PolicyRequirementRuleReference[]=UNICODE_LITERAL_30(P,o,l,i,c,y,R,e,q,u,i,r,e,m,e,n,t,R,u,l,e,R,e,f,e,r,e,n,c,e);
     static const XMLCh attributeID[] =                  UNICODE_LITERAL_11(a,t,t,r,i,b,u,t,e,I,D);
+    static const XMLCh permitAny[] =                    UNICODE_LITERAL_9(p,e,r,m,i,t,A,n,y);
     static const XMLCh _id[] =                          UNICODE_LITERAL_2(i,d);
     static const XMLCh _ref[] =                         UNICODE_LITERAL_3(r,e,f);
 };
@@ -287,6 +288,12 @@ boost::tuple<string,const MatchFunctor*,const MatchFunctor*> XMLFilterImpl::buil
     MatchFunctor* perm = nullptr;
     MatchFunctor* deny = nullptr;
 
+    if (XMLHelper::getAttrBool(e, false, permitAny)) {
+        m_log.debug("installing implicit ANY permit rule for attribute (%s)", attrID.c_str());
+        perm = SPConfig::getConfig().MatchFunctorManager.newPlugin(AnyMatchFunctorType, make_pair(&permMap,nullptr));
+        return boost::make_tuple(attrID, perm, deny);
+    }
+
     e = XMLHelper::getFirstChildElement(e);
     if (e && XMLHelper::isNodeNamed(e, SHIB2ATTRIBUTEFILTER_NS, PermitValueRule)) {
         perm = buildFunctor(e, permMap, "PermitValueRule", false);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list