[shibboleth-sp2] 23/82: SSPCPP-694 Native IIS start to sketch out Configuration
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository shibboleth-sp2.
commit b0df0a5170aa6f4a82a61c8cb7b39d32e48b02b3
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Mon Apr 24 16:48:50 2017 +0100
SSPCPP-694 Native IIS start to sketch out Configuration
https://issues.shibboleth.net/jira/browse/SSPCPP-694
Still very much WIP but
1) new InProcess element <IIS> (as a choice for it or <ISAPI>)
2) IIS has optionals attributes useHeaders (default false) useVariables (default true)
3) As before the site is optional, but if it is present it can override useHeaders and useVariables
---
iis7_shib/NativeRequest.cpp | 7 ++-
iis7_shib/headers/IIS7_shib.hpp | 28 ++++++-----
iis7_shib/headers/NativeRequest.hpp | 4 +-
iis7_shib/register.cpp | 7 ++-
schemas/shibboleth-2.0-native-sp-config.xsd | 72 ++++++++++++++++++++---------
5 files changed, 81 insertions(+), 37 deletions(-)
diff --git a/iis7_shib/NativeRequest.cpp b/iis7_shib/NativeRequest.cpp
index 8e2ffd3..d5594ac 100644
--- a/iis7_shib/NativeRequest.cpp
+++ b/iis7_shib/NativeRequest.cpp
@@ -37,7 +37,7 @@ using namespace Config;
_Use_decl_annotations_
NativeRequest::NativeRequest(IHttpContext *pHttpContext, IHttpEventProvider *pEventProvider, bool checkUser) : AbstractSPRequest(SHIBSP_LOGCAT ".NATIVE"),
m_ctx(pHttpContext), m_request(pHttpContext->GetRequest()), m_response(pHttpContext->GetResponse()),
- m_firsttime(true), m_useHeaders(g_bUseHeaders), m_useVariables(g_bUseVariables), m_gotBody(false), m_event(pEventProvider)
+ m_firsttime(true), m_gotBody(false), m_event(pEventProvider)
{
DWORD len;
@@ -79,12 +79,17 @@ NativeRequest::NativeRequest(IHttpContext *pHttpContext, IHttpEventProvider *pEv
m_hostname = converter.to_bytes(m_ctx->GetSite()->GetSiteName());
to_lower(m_hostname);
+ m_useHeaders = g_bUseHeaders;
+ m_useVariables = g_bUseVariables;
}
else {
log(SPRequest::SPDebug, "Site found, using site informatiom");
site_t site = map_i->second;
+ m_useHeaders = site.m_useHeaders;
+ m_useVariables = site.m_useVariables;
+
// Grab the host from the site
m_hostname = site.m_name;
diff --git a/iis7_shib/headers/IIS7_shib.hpp b/iis7_shib/headers/IIS7_shib.hpp
index cd05d90..2b75688 100644
--- a/iis7_shib/headers/IIS7_shib.hpp
+++ b/iis7_shib/headers/IIS7_shib.hpp
@@ -63,17 +63,32 @@ namespace Config {
static const XMLCh sslport[] = UNICODE_LITERAL_7(s, s, l, p, o, r, t);
static const XMLCh scheme[] = UNICODE_LITERAL_6(s, c, h, e, m, e);
static const XMLCh id[] = UNICODE_LITERAL_2(i, d);
+ static const XMLCh useHeaders[] = UNICODE_LITERAL_10(u, s, e, H, e, a, d, e, r, s);
+ static const XMLCh useVariables[] = UNICODE_LITERAL_12(u, s, e, V, a, r, i, a, b, l, e, s);
static const XMLCh Alias[] = UNICODE_LITERAL_5(A, l, i, a, s);
static const XMLCh Site[] = UNICODE_LITERAL_4(S, i, t, e);
static const char* SpoofHeaderName = "ShibSpoofCheck";
+ extern HINSTANCE g_hinstDLL;
+ extern SPConfig* g_Config;
+ extern bool g_bNormalizeRequest;
+ extern string g_unsetHeaderValue, g_spoofKey;
+ extern bool g_checkSpoofing;
+ extern bool g_catchAll;
+ extern bool g_bSafeHeaderNames;
+ extern bool g_bUseHeaders;
+ extern bool g_bUseVariables;
+ extern vector<string> g_NoCerts;
+
struct site_t {
site_t(const DOMElement* e)
: m_name(XMLHelper::getAttrString(e, "", name)),
m_scheme(XMLHelper::getAttrString(e, "", scheme)),
m_port(XMLHelper::getAttrString(e, "", port)),
- m_sslport(XMLHelper::getAttrString(e, "", sslport))
+ m_sslport(XMLHelper::getAttrString(e, "", sslport)),
+ m_useHeaders(XMLHelper::getAttrBool(e, g_bUseHeaders, useHeaders)),
+ m_useVariables(XMLHelper::getAttrBool(e, g_bUseVariables, useVariables))
{
e = XMLHelper::getFirstChildElement(e, Alias);
while (e) {
@@ -85,20 +100,11 @@ namespace Config {
}
}
string m_scheme, m_port, m_sslport, m_name;
+ bool m_useHeaders, m_useVariables;
set<string> m_aliases;
};
- extern HINSTANCE g_hinstDLL;
- extern SPConfig* g_Config;
extern map<string, site_t> g_Sites;
- extern bool g_bNormalizeRequest;
- extern string g_unsetHeaderValue, g_spoofKey;
- extern bool g_checkSpoofing;
- extern bool g_catchAll;
- extern bool g_bSafeHeaderNames;
- extern bool g_bUseHeaders;
- extern bool g_bUseVariables;
- extern vector<string> g_NoCerts;
}
BOOL LogEvent(
diff --git a/iis7_shib/headers/NativeRequest.hpp b/iis7_shib/headers/NativeRequest.hpp
index 7e925df..f391bce 100644
--- a/iis7_shib/headers/NativeRequest.hpp
+++ b/iis7_shib/headers/NativeRequest.hpp
@@ -33,8 +33,8 @@ private:
int m_port;
string m_hostname;
bool m_SSL;
- const bool m_useVariables;
- const bool m_useHeaders;
+ bool m_useVariables;
+ bool m_useHeaders;
mutable string m_remoteUser;
mutable vector<string> m_certs;
mutable string m_body;
diff --git a/iis7_shib/register.cpp b/iis7_shib/register.cpp
index af2b383..15c4b3d 100644
--- a/iis7_shib/register.cpp
+++ b/iis7_shib/register.cpp
@@ -148,12 +148,17 @@ RegisterModule(
}
}
- props = props->getPropertySet("ISAPI");
+ props = props->getPropertySet("IIS");
if (props) {
flag = props->getBool("normalizeRequest");
g_bNormalizeRequest = !flag.first || flag.second;
flag = props->getBool("safeHeaderNames");
g_bSafeHeaderNames = flag.first && flag.second;
+ flag = props->getBool("useHeaders");
+ g_bUseHeaders = flag.first && flag.second;
+ flag = props->getBool("useVariables");
+ g_bUseVariables= !flag.first || flag.second;
+
const DOMElement* child = XMLHelper::getFirstChildElement(props->getElement(), Site);
while (child) {
string id(XMLHelper::getAttrString(child, "", id));
diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index d3b51c4..ae37026 100644
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -162,28 +162,56 @@
</annotation>
<sequence>
<element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
- <element name="ISAPI" minOccurs="0">
- <complexType>
- <sequence>
- <element name="Site" maxOccurs="unbounded">
- <complexType>
- <sequence>
- <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="id" type="unsignedInt" use="required"/>
- <attribute name="name" type="conf:string" use="required"/>
- <attribute name="port" type="unsignedInt"/>
- <attribute name="sslport" type="unsignedInt"/>
- <attribute name="scheme" type="conf:string"/>
- </complexType>
- </element>
- <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="normalizeRequest" type="boolean"/>
- <attribute name="safeHeaderNames" type="boolean"/>
- <anyAttribute namespace="##other" processContents="lax"/>
- </complexType>
- </element>
+ <choice>
+ <element name="ISAPI" minOccurs="0">
+ <complexType>
+ <sequence>
+ <element name="Site" maxOccurs="unbounded">
+ <complexType>
+ <sequence>
+ <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="id" type="unsignedInt" use="required"/>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="port" type="unsignedInt"/>
+ <attribute name="sslport" type="unsignedInt"/>
+ <attribute name="scheme" type="conf:string"/>
+ </complexType>
+ </element>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="normalizeRequest" type="boolean"/>
+ <attribute name="safeHeaderNames" type="boolean"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ </element>
+ <element name="IIS" minOccurs="0">
+ <complexType>
+ <sequence>
+ <element name="Site" maxOccurs="unbounded">
+ <complexType>
+ <sequence>
+ <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="id" type="unsignedInt" use="required"/>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="port" type="unsignedInt"/>
+ <attribute name="useHeaders" type="boolean"/>
+ <attribute name="useVariables" type="boolean"/>
+ <attribute name="sslport" type="unsignedInt"/>
+ <attribute name="scheme" type="conf:string"/>
+ </complexType>
+ </element>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="normalizeRequest" type="boolean"/>
+ <attribute name="safeHeaderNames" type="boolean"/>
+ <attribute name="useHeaders" type="boolean"/>
+ <attribute name="useVariables" type="boolean"/>
+ <anyAttribute namespace="##other" processContents="lax"/>
+ </complexType>
+ </element>
+ </choice>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
</sequence>
<attribute name="logger" type="anyURI"/>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list