diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-04-20 09:34:22 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-04-20 09:34:22 +0000 |
| commit | 281817ce87b6afcd6b3d096f3a30de6b239e7507 (patch) | |
| tree | 39afc827d6b47b6484815063f1280ef6ef36b3e5 | |
| parent | dd495ca6c341a7d214d6978d0eb81f1de1fed29d (diff) | |
SAML 2.0: in lasso_saml20_login_validate_request, do not check signature if not necessary
| -rw-r--r-- | lasso/saml-2.0/login.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 279db4cd..715a9fe4 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -568,46 +568,44 @@ lasso_saml20_login_validate_request_msg(LassoLogin *login, gboolean authenticati gboolean is_consent_obtained) { LassoProfile *profile; - int ret = 0; + int rc = 0; profile = LASSO_PROFILE(login); if (authentication_result == FALSE) { lasso_saml20_profile_set_response_status_responder(profile, LASSO_SAML2_STATUS_CODE_REQUEST_DENIED); - return LASSO_LOGIN_ERROR_REQUEST_DENIED; + goto_cleanup_with_rc(LASSO_LOGIN_ERROR_REQUEST_DENIED); } - if (profile->signature_status == LASSO_DS_ERROR_INVALID_SIGNATURE) { + if (_lasso_login_must_verify_authn_request_signature(profile) && profile->signature_status) + { lasso_saml20_profile_set_response_status_requester(profile, - LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE); - return LASSO_LOGIN_ERROR_INVALID_SIGNATURE; + LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE); + + if (profile->signature_status == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + goto_cleanup_with_rc(LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST); + } + goto_cleanup_with_rc(LASSO_LOGIN_ERROR_INVALID_SIGNATURE); } - if (profile->signature_status == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + rc = lasso_saml20_login_process_federation(login, is_consent_obtained); + if (rc == LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND) { lasso_saml20_profile_set_response_status_requester(profile, - LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE); - return LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST; + LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); + goto cleanup; } - - if (profile->signature_status == 0 && authentication_result == TRUE) { - ret = lasso_saml20_login_process_federation(login, is_consent_obtained); - if (ret == LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND) { - lasso_saml20_profile_set_response_status_requester(profile, - LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); - return ret; - } - /* PROVIDER_NOT_FOUND, CONSENT_NOT_OBTAINED */ - if (ret) { - lasso_saml20_profile_set_response_status_responder(profile, - LASSO_SAML2_STATUS_CODE_REQUEST_DENIED); - return ret; - } + /* UNKNOWN_PROVIDER, CONSENT_NOT_OBTAINED */ + if (rc) { + lasso_saml20_profile_set_response_status_responder(profile, + LASSO_SAML2_STATUS_CODE_REQUEST_DENIED); + goto cleanup; } lasso_saml20_profile_set_response_status_success(profile, NULL); +cleanup: - return ret; + return rc; } static int |