[shibboleth-sp2] 38/82: SSPCPP-735 simplify Roles Based AuthN configuration
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Thu Nov 16 08:16:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository shibboleth-sp2.
commit fc1291667cc81c35af7381781a8d7456fd73b68b
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Sun Jul 2 11:15:07 2017 +0100
SSPCPP-735 simplify Roles Based AuthN configuration
https://issues.shibboleth.net/jira/browse/SSPCPP-735
---
iis7_shib/NativeRequest.cpp | 7 ++--
iis7_shib/headers/IIS7_shib.hpp | 15 +-------
iis7_shib/register.cpp | 19 +++++++----
schemas/shibboleth-2.0-native-sp-config.xsd | 53 ++++++++++++-----------------
4 files changed, 39 insertions(+), 55 deletions(-)
diff --git a/iis7_shib/NativeRequest.cpp b/iis7_shib/NativeRequest.cpp
index 64ae1f2..6567de6 100644
--- a/iis7_shib/NativeRequest.cpp
+++ b/iis7_shib/NativeRequest.cpp
@@ -163,17 +163,16 @@ void NativeRequest::setHeader(const char* name, const char* value)
throwError("setHeader (Variable)", hr);
}
- for (list<role_t>::iterator role = g_Roles.begin(); role != g_Roles.end(); ++role) {
- if (role->m_attribute == name) {
+ for (vector<string>::iterator roleAttribute = g_RoleAttributeNames.begin(); roleAttribute != g_RoleAttributeNames.end(); ++roleAttribute) {
+ if (*roleAttribute == name) {
string str(value);
tokenizer<escaped_list_separator<char>> tok(str, escaped_list_separator<char>('\\', ';', '"'));
for (tokenizer<escaped_list_separator<char>>::iterator it = tok.begin(); it != tok.end(); ++it) {
- const xmltooling::auto_ptr_XMLCh widen(string(role->m_prefix + (*it)).c_str());
+ const xmltooling::auto_ptr_XMLCh widen(it->c_str());
m_roles.insert(widen.get());
}
}
}
-
}
}
diff --git a/iis7_shib/headers/IIS7_shib.hpp b/iis7_shib/headers/IIS7_shib.hpp
index 346228a..8d2656b 100644
--- a/iis7_shib/headers/IIS7_shib.hpp
+++ b/iis7_shib/headers/IIS7_shib.hpp
@@ -112,21 +112,8 @@ namespace Config {
extern map<string, site_t> g_Sites;
- struct role_t {
- role_t(const DOMElement* e)
- : m_attribute(XMLHelper::getAttrString(e, "", theAttribute)),
- m_prefix(XMLHelper::getAttrString(e, "", thePrefix))
- {
- if (m_attribute.empty()) {
- throw ConfigurationException("<Role> attribute name should not be empty");
- }
- }
- const string m_attribute;
- const string m_prefix;
- };
-
extern wstring g_authNRole;
- extern list<role_t> g_Roles;
+ extern vector<string> g_RoleAttributeNames;
}
BOOL LogEvent(
diff --git a/iis7_shib/register.cpp b/iis7_shib/register.cpp
index 382d708..1726351 100644
--- a/iis7_shib/register.cpp
+++ b/iis7_shib/register.cpp
@@ -19,12 +19,17 @@
*/
#define _CRT_RAND_S
+// https://stackoverflow.com/questions/1301277/c-boost-whats-the-cause-of-this-warning
+
+#define _SCL_SECURE_NO_WARNINGS 1
// Project
#include "IIS7_shib.hpp"
#include "ShibHttpModule.hpp"
#include "../util/RegistrySignature.h"
#include <xmltooling/logging.h>
+#pragma warning(disable: 4996)
+#include <boost/algorithm/string.hpp>
namespace Config {
@@ -39,12 +44,13 @@ namespace Config {
bool g_bUseHeaders = false;
bool g_bUseVariables = true;
vector<string> g_NoCerts;
- list<role_t> g_Roles;
+ vector<string> g_RoleAttributeNames;
wstring g_authNRole;
}
using namespace Config;
+
static void _my_invalid_parameter_handler(
const wchar_t * expression,
const wchar_t * function,
@@ -184,13 +190,14 @@ RegisterModule(
}
const PropertySet* roles = props->getPropertySet("Roles");
if (roles) {
- pair<bool, const char*> authNRoleFlag = roles->getString("authNRole");
+ const pair<bool, const char*> authNRoleFlag = roles->getString("authNRole");
xmltooling::auto_ptr_XMLCh rolestr(authNRoleFlag.first? authNRoleFlag.second : "ShibbolethAuthN");
g_authNRole = rolestr.get();
- const DOMElement* role = XMLHelper::getFirstChildElement(roles->getElement(), Role);
- while (role) {
- g_Roles.push_back(role_t(role));
- role = XMLHelper::getNextSiblingElement(role, Role);
+
+ const pair<bool, const char*> theRoles = roles->getString("roleAttributes");
+ if (theRoles.first) {
+#pragma warning(disable: 4996)
+ boost::split(g_RoleAttributeNames, theRoles.second, boost::algorithm::is_space(), boost::algorithm::token_compress_on);
}
}
}
diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index b9851f7..dbb1e24 100644
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -164,38 +164,29 @@
<element name="Extensions" type="conf:ExtensionsType" minOccurs="0"/>
<element name="ISAPI" minOccurs="0">
<complexType>
- <sequence maxOccurs="unbounded" minOccurs="0">
- <choice>
- <element name="Site">
- <complexType>
- <sequence>
- <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
- <attribute name="id" type="unsignedInt" use="required"/>
- <attribute name="name" type="conf:string" use="required"/>
- <attribute name="port" type="unsignedInt"/>
- <attribute name="useHeaders" type="boolean"/>
- <attribute name="useVariables" type="boolean"/>
- <attribute name="sslport" type="unsignedInt"/>
- <attribute name="scheme" type="conf:string"/>
- </complexType>
- </element>
- <element name="Roles">
- <complexType>
- <sequence>
- <element name="Role" minOccurs="0" maxOccurs="unbounded">
- <complexType >
- <attribute name="attribute" type="string" use="required"/>
- <attribute name="prefix" type="string" use="optional"/>
- </complexType>
- </element>
- </sequence>
- <attribute name="authNRole" type="string" use="optional"/>
- </complexType>
- </element>
- </choice>
+ <choice maxOccurs="unbounded" minOccurs="0">
+ <element name="Site">
+ <complexType>
+ <sequence>
+ <element name="Alias" type="conf:string" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="id" type="unsignedInt" use="required"/>
+ <attribute name="name" type="conf:string" use="required"/>
+ <attribute name="port" type="unsignedInt"/>
+ <attribute name="useHeaders" type="boolean"/>
+ <attribute name="useVariables" type="boolean"/>
+ <attribute name="sslport" type="unsignedInt"/>
+ <attribute name="scheme" type="conf:string"/>
+ </complexType>
+ </element>
+ <element name="Roles">
+ <complexType>
+ <attribute name="authNRole" type="string" use="optional"/>
+ <attribute name="roleAttributes" type="string" use="optional"/>
+ </complexType>
+ </element>
<any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
- </sequence>
+ </choice>
<attribute name="normalizeRequest" type="boolean"/>
<attribute name="safeHeaderNames" type="boolean"/>
<attribute name="useHeaders" type="boolean"/>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list