[shibboleth-sp2] 21/82: SSPCPP-604 IIS7 Native IIS7 Config flexibility

Etienne Dysli Metref edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:21 UTC 2017 

This is an automated email from the git hooks/post-receive script.

edm-guest pushed a commit to branch master
in repository shibboleth-sp2.

commit b27233c147876d509cd4065ab40396a026d588e5
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date:   Fri Apr 21 11:19:21 2017 +0100

    SSPCPP-604 IIS7 Native IIS7 Config flexibility
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-694
    
    Do not require that there be a matching site.  If there isn't one
    we collect the values from IIS (except ports which are hard wired
    if we are normalizing).
---
 iis7_shib/NativeRequest.cpp         | 70 ++++++++++++++++++++++++++-----------
 iis7_shib/ShibHttpModule.cpp        | 14 ++------
 iis7_shib/headers/NativeRequest.hpp |  2 +-
 3 files changed, 52 insertions(+), 34 deletions(-)

diff --git a/iis7_shib/NativeRequest.cpp b/iis7_shib/NativeRequest.cpp
index b4a505d..f236098 100644
--- a/iis7_shib/NativeRequest.cpp
+++ b/iis7_shib/NativeRequest.cpp
@@ -34,17 +34,13 @@
 
 using namespace Config;
 
-NativeRequest::NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventProvider *pEventProvider,  const _In_ site_t site) : AbstractSPRequest(SHIBSP_LOGCAT ".NATIVE"),
+NativeRequest::NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventProvider *pEventProvider) : AbstractSPRequest(SHIBSP_LOGCAT ".NATIVE"),
     m_ctx(pHttpContext), m_request(pHttpContext->GetRequest()), m_response(pHttpContext->GetResponse()),
     m_firsttime(true), m_useHeaders(g_bUseHeaders), m_useVariables(g_bUseVariables), m_gotBody(false), m_event(pEventProvider)
 {
     DWORD len;
 
-    // ServerVariable SERVER_NAME is what the client sent.  So use the IIS site name (which needs to have been set to something sensible)
     std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter;
-    m_hostname = converter.to_bytes(m_ctx->GetSite()->GetSiteName());
-    to_lower(m_hostname);
-
     setRequestURI(converter.to_bytes(m_ctx->GetScriptName()).c_str());
 
     PCSTR port;
@@ -63,27 +59,60 @@ NativeRequest::NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventPro
         throwError("Get Server Secure", hr);
     }
 
-    // Port may come from IIS or from site def.
-    // NOTE getting the port from m_request->GetLocalAddress() doesn't work (we get the used port)
-    // TODO Is SERVER_PORT secure?
-    // TODO default from type, add site for virtualization.
-    if (!g_bNormalizeRequest || (m_SSL && site.m_sslport.empty()) || (!m_SSL && site.m_port.empty())) {
+    map<string, site_t>::const_iterator map_i = g_Sites.find(lexical_cast<string>(m_request->GetSiteId()));
+    bool setPort = false;
+    string thePort("");
+    if (!g_bNormalizeRequest) {
+        // Only grab the port from IIS if the user said no to normalization
         hr = m_ctx->GetServerVariable("SERVER_PORT", &port, &len);
         if (SUCCEEDED(hr)) {
-            m_port = lexical_cast<int>(port);
-        }
-        else if (m_SSL) {
-            m_port = 443;
-        }
-        else {
-            m_port = 80;
+            thePort = port;
         }
     }
-    else if (m_SSL) {
-        m_port = lexical_cast<int>(site.m_sslport);
+
+    if (map_i == g_Sites.end()) {
+
+        log(SPRequest::SPDebug, "Site not found, using IIS provided information");
+
+        // ServerVariable SERVER_NAME is what the client sent.  So use the IIS site name (which needs to have been set to something sensible)
+        m_hostname = converter.to_bytes(m_ctx->GetSite()->GetSiteName());
+        to_lower(m_hostname);
+
     }
     else {
-        m_port = lexical_cast<int>(site.m_port);
+        log(SPRequest::SPDebug, "Site found, using site informatiom");
+
+        site_t site = map_i->second;
+
+        // Grab the host from the site
+        m_hostname = site.m_name;
+
+        // Grab the port from the site - if present
+        if (m_SSL && !site.m_sslport.empty()) {
+            m_port = lexical_cast<int>(site.m_sslport);
+            setPort = true;
+        }
+        else if (!m_SSL && !site.m_port.empty()) {
+            m_port = lexical_cast<int>(site.m_port);
+            setPort = true;
+        }
+    }
+
+    if (!setPort) {
+        if (!thePort.empty()) {
+            // We've not set the port so far (from the site) *AND* we are not normalising, grab from IIS
+            setPort = true;
+            m_port = lexical_cast<int>(port);
+        }
+        else {
+            // hardwire.
+            if (m_SSL) {
+                m_port = 443;
+            }
+            else {
+                m_port = 80;
+            }
+        }
     }
 
     PCSTR ru;
@@ -99,7 +128,6 @@ NativeRequest::NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventPro
     else {
         throwError("Get remote user", hr);
     }
-
 }
 
 void NativeRequest::setHeader(const char* name, const char* value)
diff --git a/iis7_shib/ShibHttpModule.cpp b/iis7_shib/ShibHttpModule.cpp
index a7d7902..5295718 100644
--- a/iis7_shib/ShibHttpModule.cpp
+++ b/iis7_shib/ShibHttpModule.cpp
@@ -34,17 +34,11 @@ ShibHttpModule::DoHandler(
     _In_ IHttpEventProvider *   pProvider
 )
 {
-    IHttpRequest *req(pHttpContext->GetRequest());
-    map<string, site_t>::const_iterator map_i = g_Sites.find(lexical_cast<string>(req->GetSiteId()));
-    if (map_i == g_Sites.end()) {
-        return RQ_NOTIFICATION_CONTINUE;
-    }
-
     string threadid("[");
     threadid += lexical_cast<string>(_getpid()) + "] native_shib";
     xmltooling::NDC ndc(threadid.c_str());
 
-    NativeRequest handler(pHttpContext, pProvider, map_i->second);
+    NativeRequest handler(pHttpContext, pProvider);
 
     pair<bool, long> res = handler.getServiceProvider().doHandler(handler);
 
@@ -61,17 +55,13 @@ ShibHttpModule::DoFilter(
 )
 {
     IHttpRequest *req(pHttpContext->GetRequest());
-    map<string, site_t>::const_iterator map_i = g_Sites.find(lexical_cast<string>(req->GetSiteId()));
-    if (map_i == g_Sites.end()) {
-        return RQ_NOTIFICATION_CONTINUE;
-    }
 
     string threadid("[");
     threadid += lexical_cast<string>(_getpid()) + "] native_shib";
     xmltooling::NDC ndc(threadid.c_str());
 
     // TODO Different class?
-    NativeRequest filter(pHttpContext, pProvider, map_i->second);
+    NativeRequest filter(pHttpContext, pProvider);
 
     pair<bool, long> res = filter.getServiceProvider().doAuthentication(filter);
     if (res.first) {
diff --git a/iis7_shib/headers/NativeRequest.hpp b/iis7_shib/headers/NativeRequest.hpp
index 044731e..446a516 100644
--- a/iis7_shib/headers/NativeRequest.hpp
+++ b/iis7_shib/headers/NativeRequest.hpp
@@ -42,7 +42,7 @@ private:
     string m_allhttp;
 
 public:
-    NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventProvider *pEventProvider, const _In_ Config::site_t site);
+    NativeRequest(_In_ IHttpContext *pHttpContext, _In_ IHttpEventProvider *pEventProvider);
 
 protected:
     //

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list