[shibboleth-sp2] 36/82: SSPCPP-736 Make spoof headers code look more like the ISAPI code.

Thu Nov 16 08:16:22 UTC 2017

This is an automated email from the git hooks/post-receive script.

edm-guest pushed a commit to branch master
in repository shibboleth-sp2.

commit 187d9c1360084917630ae616678f940b691550a2
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date:   Sat Jul 1 16:09:34 2017 +0100

    SSPCPP-736 Make spoof headers code  look more like the ISAPI code.
    
    https://issues.shibboleth.net/jira/browse/SSPCPP-736
    
    Code is now pretty much the same in both filters.  The exception being that it
    is predicated on setting headers (which is optional and deprecated for the
    IIS7 native filter).
---
 iis7_shib/NativeRequest.cpp  | 4 ++--
 iis7_shib/ShibHttpModule.cpp | 3 +--
 util/RegistrySignature.cpp   | 3 ---
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/iis7_shib/NativeRequest.cpp b/iis7_shib/NativeRequest.cpp
index c5cb0d6..64ae1f2 100644
--- a/iis7_shib/NativeRequest.cpp
+++ b/iis7_shib/NativeRequest.cpp
@@ -137,12 +137,12 @@ NativeRequest::NativeRequest(IHttpContext *pHttpContext, IHttpEventProvider *pEv
     }
 
     if (checkUser && m_useHeaders && !g_spoofKey.empty()) {
-        const string hdr = getSecureHeader(SpoofHeaderName);
+        const string hdr = getHeader(SpoofHeaderName);
         if (hdr == g_spoofKey) {
             m_firsttime = false;
         }
         if (!m_firsttime) {
-            log(SPDebug, "shib_check_user running more than once");
+            log(SPDebug, "IIS filter running more than once");
         }
     }
 }
diff --git a/iis7_shib/ShibHttpModule.cpp b/iis7_shib/ShibHttpModule.cpp
index 5131b2c..74fe7a2 100644
--- a/iis7_shib/ShibHttpModule.cpp
+++ b/iis7_shib/ShibHttpModule.cpp
@@ -70,8 +70,7 @@ ShibHttpModule::DoFilter(
     }
 
     if (!g_spoofKey.empty() && filter.isUseHeaders()) {
-        const string hdr = g_bSafeHeaderNames ? filter.makeSafeHeader(g_spoofKey.c_str()) : (string(g_spoofKey.c_str()) + ':');
-        const HRESULT hr(pHttpContext->GetRequest()->SetHeader(hdr.c_str(), g_spoofKey.c_str(), static_cast<USHORT>(g_spoofKey.length()), TRUE));
+        const HRESULT hr(pHttpContext->GetRequest()->SetHeader(SpoofHeaderName, g_spoofKey.c_str(), static_cast<USHORT>(g_spoofKey.length()), TRUE));
         if (FAILED(hr)) {
             (void)pHttpContext->GetResponse()->SetStatus(static_cast<USHORT>(filter.XMLTOOLING_HTTP_STATUS_ERROR), "Fatal Server Error", 0, hr);
             return RQ_NOTIFICATION_FINISH_REQUEST;
diff --git a/util/RegistrySignature.cpp b/util/RegistrySignature.cpp
index 3aea9f9..b9b618a 100644
--- a/util/RegistrySignature.cpp
+++ b/util/RegistrySignature.cpp
@@ -24,10 +24,7 @@
  *    - if it's not there we create a volatile key, write it and say "OK"
  *    - if it is there and the same then we say OK
  *    - if it is there and differs then we delete thekey (resetting the trigger) and say NOT OK
- *  
  */
-//
-//
 
 #include "RegistrySignature.h"
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git

