diff options
author | Frederic Peters <fpeters@entrouvert.com> | 2006-11-28 10:47:31 +0000 |
---|---|---|
committer | Frederic Peters <fpeters@entrouvert.com> | 2006-11-28 10:47:31 +0000 |
commit | 166cff941716b236a7d2602562d7c2ecadd8e908 (patch) | |
tree | ccca6a7b37e7f61700feb4305034be418566d20e | |
parent | e51ab22b76a139f4e2a573ca69f4ae7f1e5ebfc4 (diff) | |
download | lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.gz lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.xz lasso-166cff941716b236a7d2602562d7c2ecadd8e908.zip |
extra checks to pass negative testing steps
-rw-r--r-- | lasso/errors.c | 2 | ||||
-rw-r--r-- | lasso/errors.h | 1 | ||||
-rw-r--r-- | lasso/saml-2.0/login.c | 26 | ||||
-rw-r--r-- | swig/Lasso.i | 1 | ||||
-rw-r--r-- | swig/saml-2.0/saml2_audience_restriction.i | 3 | ||||
-rw-r--r-- | swig/saml-2.0/saml2_conditions.i | 32 | ||||
-rw-r--r-- | swig/saml-2.0/saml2_subject_confirmation.i | 3 | ||||
-rw-r--r-- | swig/saml-2.0/saml2_subject_confirmation_data.i | 15 | ||||
-rw-r--r-- | swig/saml-2.0/samlp2_response.i | 14 |
9 files changed, 95 insertions, 2 deletions
diff --git a/lasso/errors.c b/lasso/errors.c index 893ba39d..c8a5e615 100644 --- a/lasso/errors.c +++ b/lasso/errors.c @@ -169,6 +169,8 @@ lasso_strerror(int error_code) return "Request denied"; case LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT: return "No default endpoint"; + case LASSO_LOGIN_ERROR_ASSERTION_REPLAY: + return "Assertion replay"; case LASSO_SOAP_FAULT_REDIRECT_REQUEST: return "Redirect request from Attribute Provider"; diff --git a/lasso/errors.h b/lasso/errors.h index d928738e..6bf76bc9 100644 --- a/lasso/errors.h +++ b/lasso/errors.h @@ -112,6 +112,7 @@ #define LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS 607 #define LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL 608 #define LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT 609 +#define LASSO_LOGIN_ERROR_ASSERTION_REPLAY 610 /* Federation Termination Notification */ #define LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER -700 diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index c0da988c..7de28c2f 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -554,8 +554,7 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string( LASSO_PROVIDER(profile->server)->ProviderID)); assertion->Conditions = LASSO_SAML2_CONDITIONS(lasso_saml2_conditions_new()); - assertion->Conditions->NotBefore = g_strdup(notBefore); - assertion->Conditions->NotOnOrAfter = g_strdup(notOnOrAfter); + audience_restriction = LASSO_SAML2_AUDIENCE_RESTRICTION( lasso_saml2_audience_restriction_new()); audience_restriction->Audience = g_strdup(profile->remote_providerID); @@ -570,6 +569,10 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Subject->SubjectConfirmation->SubjectConfirmationData = LASSO_SAML2_SUBJECT_CONFIRMATION_DATA( lasso_saml2_subject_confirmation_data_new()); + assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotBefore = g_strdup( + notBefore); + assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter = g_strdup( + notOnOrAfter); provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); @@ -1033,6 +1036,7 @@ lasso_saml20_login_accept_sso(LassoLogin *login) { LassoProfile *profile; LassoSaml2Assertion *assertion; + GList *previous_assertions, *t; LassoSaml2NameID *ni, *idp_ni = NULL; LassoFederation *federation; @@ -1044,6 +1048,24 @@ lasso_saml20_login_accept_sso(LassoLogin *login) if (assertion == NULL) return LASSO_PROFILE_ERROR_MISSING_ASSERTION; + previous_assertions = lasso_session_get_assertions(profile->session, + profile->remote_providerID); + for (t = previous_assertions; t; t = g_list_next(t)) { + LassoSaml2Assertion *ta; + + if (! LASSO_IS_SAML2_ASSERTION(t->data)) { + continue; + } + + ta = t->data; + + if (strcmp(ta->ID, assertion->ID) == 0) { + g_list_free(previous_assertions); + return LASSO_LOGIN_ERROR_ASSERTION_REPLAY; + } + } + g_list_free(previous_assertions); + lasso_session_add_assertion(profile->session, profile->remote_providerID, g_object_ref(assertion)); diff --git a/swig/Lasso.i b/swig/Lasso.i index 7882b47f..a9bd17f4 100644 --- a/swig/Lasso.i +++ b/swig/Lasso.i @@ -1115,6 +1115,7 @@ typedef enum { %rename(LOGIN_ERROR_STATUS_NOT_SUCCESS) LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS; %rename(LOGIN_ERROR_UNKNOWN_PRINCIPAL) LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL; %rename(LOGIN_ERROR_NO_DEFAULT_ENDPOINT) LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT; +%rename(LOGIN_ERROR_ASSERTION_REPLAY) LASSO_LOGIN_ERROR_ASSERTION_REPLAY; #endif /* Federation Termination Notification */ diff --git a/swig/saml-2.0/saml2_audience_restriction.i b/swig/saml-2.0/saml2_audience_restriction.i index 5b635ce8..8290db4b 100644 --- a/swig/saml-2.0/saml2_audience_restriction.i +++ b/swig/saml-2.0/saml2_audience_restriction.i @@ -3,6 +3,9 @@ %rename(Saml2AudienceRestriction) LassoSaml2AudienceRestriction; #endif typedef struct { +#ifndef SWIGPHP4 + %rename(audience) Audience; +#endif char *Audience; } LassoSaml2AudienceRestriction; %extend LassoSaml2AudienceRestriction { diff --git a/swig/saml-2.0/saml2_conditions.i b/swig/saml-2.0/saml2_conditions.i index 30cc9daf..05b60f99 100644 --- a/swig/saml-2.0/saml2_conditions.i +++ b/swig/saml-2.0/saml2_conditions.i @@ -3,11 +3,27 @@ %rename(Saml2Conditions) LassoSaml2Conditions; #endif typedef struct { +#ifndef SWIG_PHP4 + %rename(notBefore) NotBefore; +#endif char *NotBefore; +#ifndef SWIG_PHP4 + %rename(notOnOrAfter) NotOnOrAfter; +#endif char *NotOnOrAfter; } LassoSaml2Conditions; %extend LassoSaml2Conditions { +#ifndef SWIGPHP4 + %rename(condition) Condition; +#endif + %newobject Condition_get; + LassoNodeList *Condition; +#ifndef SWIGPHP4 + %rename(audienceRestriction) AudienceRestriction; +#endif + %newobject AudienceRestriction_get; + LassoNodeList *AudienceRestriction; /* Constructor, Destructor & Static Methods */ LassoSaml2Conditions(); @@ -20,6 +36,22 @@ typedef struct { %{ +/* Condition */ + +#define LassoSaml2Conditions_get_Condition(self) get_node_list((self)->Condition) +#define LassoSaml2Conditions_Condition_get(self) get_node_list((self)->Condition) +#define LassoSaml2Conditions_set_Condition(self, value) set_node_list(&(self)->Condition, (value)) +#define LassoSaml2Conditions_Condition_set(self, value) set_node_list(&(self)->Condition, (value)) + +/* AudienceRestriction */ + +#define LassoSaml2Conditions_get_AudienceRestriction(self) get_node_list((self)->AudienceRestriction) +#define LassoSaml2Conditions_AudienceRestriction_get(self) get_node_list((self)->AudienceRestriction) +#define LassoSaml2Conditions_set_AudienceRestriction(self, value) set_node_list(&(self)->AudienceRestriction, (value)) +#define LassoSaml2Conditions_AudienceRestriction_set(self, value) set_node_list(&(self)->AudienceRestriction, (value)) + + + /* Constructors, destructors & static methods implementations */ diff --git a/swig/saml-2.0/saml2_subject_confirmation.i b/swig/saml-2.0/saml2_subject_confirmation.i index 55a6ea4c..42454972 100644 --- a/swig/saml-2.0/saml2_subject_confirmation.i +++ b/swig/saml-2.0/saml2_subject_confirmation.i @@ -3,6 +3,9 @@ %rename(Saml2SubjectConfirmation) LassoSaml2SubjectConfirmation; #endif typedef struct { +#ifndef SWIGPHP4 + %rename(method) Method; +#endif char *Method; } LassoSaml2SubjectConfirmation; %extend LassoSaml2SubjectConfirmation { diff --git a/swig/saml-2.0/saml2_subject_confirmation_data.i b/swig/saml-2.0/saml2_subject_confirmation_data.i index db587cd5..359d1690 100644 --- a/swig/saml-2.0/saml2_subject_confirmation_data.i +++ b/swig/saml-2.0/saml2_subject_confirmation_data.i @@ -3,10 +3,25 @@ %rename(Saml2SubjectConfirmationData) LassoSaml2SubjectConfirmationData; #endif typedef struct { +#ifndef SWIG_PHP4 + %rename(notBefore) NotBefore; +#endif char *NotBefore; +#ifndef SWIG_PHP4 + %rename(notOnOrAfter) NotOnOrAfter; +#endif char *NotOnOrAfter; +#ifndef SWIG_PHP4 + %rename(recipient) Recipient; +#endif char *Recipient; +#ifndef SWIG_PHP4 + %rename(inResponseTo) InResponseTo; +#endif char *InResponseTo; +#ifndef SWIG_PHP4 + %rename(address) Address; +#endif char *Address; } LassoSaml2SubjectConfirmationData; %extend LassoSaml2SubjectConfirmationData { diff --git a/swig/saml-2.0/samlp2_response.i b/swig/saml-2.0/samlp2_response.i index d7a9524f..a1fe78f1 100644 --- a/swig/saml-2.0/samlp2_response.i +++ b/swig/saml-2.0/samlp2_response.i @@ -50,6 +50,12 @@ typedef struct { #endif char *Consent; +#ifndef SWIGPHP4 + %rename(assertion) Assertion; +#endif + %newobject Assertion_get; + LassoNodeList *Assertion; + /* Constructor, Destructor & Static Methods */ LassoSamlp2Response(); ~LassoSamlp2Response(); @@ -136,6 +142,14 @@ typedef struct { #define LassoSamlp2Response_Consent_set(self,value) set_string(&LASSO_SAMLP2_STATUS_RESPONSE(self)->Consent, (value)) +/* Assertion */ + +#define LassoSamlp2Response_get_Assertion(self) get_node_list((self)->Assertion) +#define LassoSamlp2Response_Assertion_get(self) get_node_list((self)->Assertion) +#define LassoSamlp2Response_set_Assertion(self, value) set_node_list(&(self)->Assertion, (value)) +#define LassoSamlp2Response_Assertion_set(self, value) set_node_list(&(self)->Assertion, (value)) + + /* Constructors, destructors & static methods implementations */ #define new_LassoSamlp2Response lasso_samlp2_response_new |