[shibboleth-sp2] 31/82: SSPCPP-738 Do not set HTTP_REMOTE_USER

Etienne Dysli Metref edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:22 UTC 2017 

This is an automated email from the git hooks/post-receive script.

edm-guest pushed a commit to branch master
in repository shibboleth-sp2.

commit 44de662a9d958a05b26703cd793cb63d5aa4d6dd
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date:   Mon Jun 26 13:11:25 2017 +0100

    SSPCPP-738 Do not set HTTP_REMOTE_USER
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-738
    
    The new interfaces allows setting the IPincipal which priovided the remote user (and is needed
    for roles based AuthN).  This means we can just "do the right thing".
---
 iis7_shib/NativeRequest.cpp | 33 +++++++++++----------------------
 1 file changed, 11 insertions(+), 22 deletions(-)

diff --git a/iis7_shib/NativeRequest.cpp b/iis7_shib/NativeRequest.cpp
index a760c23..c5cb0d6 100644
--- a/iis7_shib/NativeRequest.cpp
+++ b/iis7_shib/NativeRequest.cpp
@@ -180,30 +180,19 @@ void NativeRequest::setHeader(const char* name, const char* value)
 void NativeRequest::setRemoteUser(const char* user)
 {
     m_remoteUser = user;
-    if (m_useHeaders) {
-        HRESULT hr;
-        if (user) {
-            hr = m_request->SetHeader("REMOTE_USER", user, static_cast<USHORT>(strlen(user)), true);
-        }
-        else {
-            hr = m_request->DeleteHeader("REMOTE_USER");
-        }
-        if (FAILED(hr)) {
-            throwError("setRemoteUser (Variable)", hr);
+    // Setting the variable REMOTE_USER fails, so set the Principal if we are called appropriately.
+    // Getting REMOTE_USER goes via the Principal.
+    auto_ptr_XMLCh widen(user);
+    IAuthenticationProvider *auth = dynamic_cast<IAuthenticationProvider*>(m_event);
+
+    if (auth) {
+        if (!g_authNRole.empty()) {
+            m_roles.insert(g_authNRole);
         }
+        auth->SetUser(new ShibUser(user, m_roles));
     }
-    if (m_useVariables) {
-        // Setting the variable REMOTE_USER fails, so set the Principal if we are called appropriately.
-        // Getting REMOTE_USER goes via the Principal.
-        auto_ptr_XMLCh widen(user);
-        IAuthenticationProvider *auth = dynamic_cast<IAuthenticationProvider*>(m_event);
-
-        if (auth) {
-            if (!g_authNRole.empty()) {
-                m_roles.insert(g_authNRole);
-            }
-            auth->SetUser(new ShibUser(user, m_roles));
-        }
+    else {
+        log(SPError, "Internal Error:  setting remote user in a non AuthN Context");
     }
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

More information about the Pkg-shibboleth-devel mailing list