[Sblim-commit] Git: sfcb - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-509-ge984e37

[Dave H. <hel...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "sfcb - Small Footprint CIM Broker".

The branch, master has been updated
       via  e984e37fed5a7930344af3401676a3e1d80bdb1d (commit)
      from  bd3cc9b7cb9a5cda53ac2ff67ef336cd500a7bc0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e984e37fed5a7930344af3401676a3e1d80bdb1d
Author: Dave Heller <hel...@us...>
Date:   Thu Feb 20 20:38:27 2014 -0500

    [sfcb-tix:#102] Add config property indicationCurlHonorRedirect

-----------------------------------------------------------------------

Summary of changes:
 control.c         |    1 +
 indCIMXMLExport.c |   11 ++++++++++-
 sfcb.cfg.pre.in   |   10 ++++++++++
 3 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/control.c b/control.c
index 86c17cb..3239cbf 100644
--- a/control.c
+++ b/control.c
@@ -201,6 +201,7 @@ static Control init[] = {
   {"MaxActiveSubscriptions", CTL_LONG, NULL, {.slong=100}},
   {"indicationCurlTimeout", CTL_LONG, NULL, {.slong=10}},
   {"indicationCurlUseExpect100", CTL_BOOL, NULL, {.b=0}},
+  {"indicationCurlHonorRedirect", CTL_BOOL, NULL, {.b=0}},
 };
 
 static Control *cache;
diff --git a/indCIMXMLExport.c b/indCIMXMLExport.c
index eaa5733..60a420b 100644
--- a/indCIMXMLExport.c
+++ b/indCIMXMLExport.c
@@ -238,6 +238,16 @@ genRequest(CurlData * cd, char *url, char **msg)
         indicationCurlTimeout = 10;
   rv = curl_easy_setopt(cd->mHandle, CURLOPT_TIMEOUT, indicationCurlTimeout);
 
+  /* Honor a HTTP 3xx style redirect */
+  int opt;
+  if (!getControlBool("indicationCurlHonorRedirect", &opt) && opt) {
+    fprintf(stderr, "--> indCIMXMLExport.genRequest(): indicationCurlHonorRedirect = true\n");
+    rv = curl_easy_setopt(cd->mHandle, CURLOPT_FOLLOWLOCATION, 1);
+    rv = curl_easy_setopt(cd->mHandle, CURLOPT_UNRESTRICTED_AUTH, 0); // off for now
+    rv = curl_easy_setopt(cd->mHandle, CURLOPT_MAXREDIRS, 3); // prevent loop
+    rv = curl_easy_setopt(cd->mHandle, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
+  }
+
   /*
    * Set username and password * / if (url.user.length() > 0 &&
    * url.password.length() > 0) { mUserPass = url.user + ":" +
@@ -249,7 +259,6 @@ genRequest(CurlData * cd, char *url, char **msg)
   initializeHeaders(cd);
 
   /* Curl does Expect:100-continue unless we tell it not to */
-  int opt;
   if (getControlBool("indicationCurlUseExpect100", &opt) || !opt)
     cd->mHeaders = curl_slist_append(cd->mHeaders, "Expect: ");
 
diff --git a/sfcb.cfg.pre.in b/sfcb.cfg.pre.in
index 31e101d..3f768a6 100644
--- a/sfcb.cfg.pre.in
+++ b/sfcb.cfg.pre.in
@@ -376,6 +376,16 @@ sslCiphers: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
 ## Default is false
 #indicationCurlUseExpect100: false
 
+## If true, instruct curl to honor a HTTP 3xx redirect if it receives such a
+## response from the indication handler, and attempt delivery to the URI listed
+## in the HTTP Location header of the response. This allows handler to redirect
+## indications to a different handler, e.g. based on source IP or resource part
+## of the URI. Because this introduces a potential security vulnerability it is
+## recommended to use only secure (https) indications and to set the
+## sslIndicationReceiverCert property to 'verify' when this is enabled.
+## Default is false
+#indicationCurlHonorRedirect: false
+
 ##----------------------------Reliable Indications ----------------------------
 ## Interval between indication retry attempts
 ## Default is 20 seconds


hooks/post-receive
-- 
sfcb - Small Footprint CIM Broker