1 /**
2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
6 *
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
10 * License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
19 */
20
21 /**
22 * Application.cpp
23 *
24 * Interface to a Shibboleth Application instance.
25 */
26
27 #include "internal.h"
28 #include "Application.h"
29 #include "SPRequest.h"
30 #include "ServiceProvider.h"
31 #include "attribute/Attribute.h"
32 #include "remoting/ListenerService.h"
33
34 #include <algorithm>
35 #define BOOST_BIND_GLOBAL_PLACEHOLDERS
36 #include <boost/bind.hpp>
37 #include <xmltooling/util/Threads.h>
38
39 using namespace shibsp;
40 using namespace xmltooling;
41 using namespace boost;
42 using namespace std;
43
Application(const ServiceProvider * sp)44 Application::Application(const ServiceProvider* sp) : m_sp(sp), m_lock(RWLock::create())
45 {
46 }
47
~Application()48 Application::~Application()
49 {
50 delete m_lock;
51 }
52
getServiceProvider() const53 const ServiceProvider& Application::getServiceProvider() const
54 {
55 return *m_sp;
56 }
57
getId() const58 const char* Application::getId() const
59 {
60 pair<bool,const char*> ret = getString("id");
61 return ret.first ? ret.second : "default";
62 }
63
getCookieName(const char * prefix,time_t * lifetime) const64 string Application::getCookieName(const char* prefix, time_t* lifetime) const
65 {
66 if (lifetime)
67 *lifetime = 0;
68 if (!prefix)
69 prefix = "";
70 const PropertySet* props = getPropertySet("Sessions");
71 if (props) {
72 if (lifetime) {
73 pair<bool,unsigned int> lt = props->getUnsignedInt("cookieLifetime");
74 if (lt.first)
75 *lifetime = lt.second;
76 }
77 pair<bool,const char*> p = props->getString("cookieName");
78 if (p.first)
79 return string(prefix) + p.second;
80 }
81
82 return string(prefix) + getHash();
83 }
84
getCookieNameProps(const char * prefix,time_t * lifetime) const85 pair<string,const char*> Application::getCookieNameProps(const char* prefix, time_t* lifetime) const
86 {
87 // TODO: remove in V4 if it ever drops.
88
89 static const char* defProps="; path=/; HttpOnly";
90 static const char* sslProps="; path=/; secure; HttpOnly";
91
92 if (lifetime)
93 *lifetime = 0;
94 if (!prefix)
95 prefix = "";
96 const PropertySet* props = getPropertySet("Sessions");
97 if (props) {
98 if (lifetime) {
99 pair<bool,unsigned int> lt = props->getUnsignedInt("cookieLifetime");
100 if (lt.first)
101 *lifetime = lt.second;
102 }
103 pair<bool,const char*> p = props->getString("cookieProps");
104 if (!p.first || !strcmp(p.second, "http"))
105 p.second = defProps;
106 else if (!strcmp(p.second, "https"))
107 p.second = sslProps;
108 pair<bool,const char*> p2 = props->getString("cookieName");
109 if (p2.first)
110 return make_pair(string(prefix) + p2.second, p.second);
111 return make_pair(string(prefix) + getHash(), p.second);
112 }
113
114 // Shouldn't happen, but just in case..
115 return pair<string,const char*>(prefix, defProps);
116 }
117
clearHeader(SPRequest & request,const char * rawname,const char * cginame) const118 void Application::clearHeader(SPRequest& request, const char* rawname, const char* cginame) const
119 {
120 request.clearHeader(rawname, cginame);
121 }
122
setHeader(SPRequest & request,const char * name,const char * value) const123 void Application::setHeader(SPRequest& request, const char* name, const char* value) const
124 {
125 request.setHeader(name, value);
126 }
127
getSecureHeader(const SPRequest & request,const char * name) const128 string Application::getSecureHeader(const SPRequest& request, const char* name) const
129 {
130 return request.getSecureHeader(name);
131 }
132
clearAttributeHeaders(SPRequest & request) const133 void Application::clearAttributeHeaders(SPRequest& request) const
134 {
135 if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) {
136 for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) {
137 request.clearHeader(i->first.c_str(), i->second.c_str());
138 }
139 return;
140 }
141
142 m_lock->rdlock();
143 if (m_unsetHeaders.empty()) {
144 // No headers yet, so we have to request them from the remote half.
145 m_lock->unlock();
146 m_lock->wrlock();
147 if (m_unsetHeaders.empty()) {
148 SharedLock wrlock(m_lock, false);
149 string addr=string(getId()) + "::getHeaders::Application";
150 DDF out,in = DDF(addr.c_str());
151 DDFJanitor jin(in),jout(out);
152 out = getServiceProvider().getListenerService()->send(in);
153 if (out.islist()) {
154 DDF header = out.first();
155 while (header.name() && header.isstring()) {
156 m_unsetHeaders.push_back(pair<string,string>(header.name(),header.string()));
157 header = out.next();
158 }
159 }
160 }
161 else {
162 m_lock->unlock();
163 }
164 m_lock->rdlock();
165 }
166
167 // Now holding read lock.
168 SharedLock unsetLock(m_lock, false);
169 for (vector< pair<string,string> >::const_iterator i = m_unsetHeaders.begin(); i != m_unsetHeaders.end(); ++i) {
170 request.clearHeader(i->first.c_str(), i->second.c_str());
171 }
172 }
173
limitRedirect(const GenericRequest & request,const char * url) const174 void Application::limitRedirect(const GenericRequest& request, const char* url) const
175 {
176 }
177