Merge branch 'hotfixes-2.3.4'

Conflicts:
	lasso/xml/xml.c
	website/web/download/index.xml
	website/web/index.xml

11 files changed, 80 insertions, 12 deletions

diff --git a/NEWS b/NEWS
index 25b8d386..6b84baa9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,28 @@
 NEWS
 ====
 
+2.3.4 - Otober 8th 2010
+-----------------------
+
+14 commits, 10 files changed, 199 insertions, 49 deletions
+
+Generic
+ * fix warning for compiling on pardus and EL5
+ * the release tarball now contains the figures for the documentation
+ * lasso_login_process_authn_request documentation gained details on returned errors
+
+SAMLv2:
+ * report unknown provider instead an error on parameter value when resolving
+   and artifact in an assertionConsumer endpoint and the provider is not
+   registered into the server object.
+ * lasso_provider_get_assertion_consumer_url now use specific SAMLv2 methods
+ * fixed a bug in the ordering of indexed endpoints which produced error when
+   looking up the defualt assertion consumer. It also improved ordering in
+   presence of the attribute isDefault="false".
+
+ID-FFv1.2:
+ * respect the signature verify hint when handling authn requests
+
 2.3.3 - October 1st 2010
 ------------------------
 
diff --git a/docs/lasso-book/figures/Makefile.am b/docs/lasso-book/figures/Makefile.am
index 4873db98..dd23b956 100644
--- a/docs/lasso-book/figures/Makefile.am
+++ b/docs/lasso-book/figures/Makefile.am
@@ -49,4 +49,5 @@ slo-sp-soap-4.svg: slo-sp-soap.svg step.xsl
 slo-sp-soap-5.svg: slo-sp-soap.svg step.xsl
 slo-sp-soap-6.svg: slo-sp-soap.svg step.xsl
 
-EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg
+EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg \
+	$(FIGURES_PNG_FILES) $(GENERATED_FIGURES_SVG_FILES)
diff --git a/lasso.doap b/lasso.doap
index 81d9fe85..0c92cd39 100644
--- a/lasso.doap
+++ b/lasso.doap
@@ -62,6 +62,10 @@
     </repository>
     <release>
       <Version>
+        <created>2010-10-08</created>
+        <revision>2.3.4</revision>
+      </Version>
+      <Version>
         <created>2010-10-01</created>
         <revision>2.3.3</revision>
       </Version>
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index fe3f42be..d7cf8810 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -145,6 +145,18 @@ lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const
 	char *name = NULL;
 	char *assertion_consumer_service_url = NULL;
 
+	if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
+		int sid = -1;
+		if (service_id != NULL) {
+			if (lasso_string_to_xsd_integer(service_id, &sid)) {
+				if (sid < 0) {
+					sid = -1;
+				}
+			}
+		}
+		return lasso_saml20_provider_get_assertion_consumer_service_url(provider, sid);
+	}
+
 	if (service_id == NULL)
 		service_id = provider->private_data->default_assertion_consumer;
 	name = g_strdup_printf("AssertionConsumerServiceURL %s", service_id);
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 18f7d64c..40f6fe89 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
 {
 	LassoProvider *remote_provider;
 	int rc = 0;
+	LassoProfileSignatureVerifyHint sig_verify_hint;
 
 	/* FIXME: parse only one time the message, reuse the parsed document for signature
 	 * validation */
@@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
 	if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) {
 		return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
 	}
+	lasso_assign_string(profile->private_data->artifact,
+			LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
+
+	sig_verify_hint = lasso_profile_get_signature_verify_hint(profile);
 
 	lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT(
 			profile->request)->Issuer->content);
 	remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
 
-	profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
-			LASSO_MESSAGE_FORMAT_SOAP);
+	goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER);
+
+	if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) {
+		profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
+				LASSO_MESSAGE_FORMAT_SOAP);
+	}
 
 	switch (lasso_profile_get_signature_verify_hint(profile)) {
 		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
@@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
 			break;
 	}
 
-	lasso_assign_string(profile->private_data->artifact,
-			LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
-
+cleanup:
 	return rc;
 }
 
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 6dcdb518..67ecc9f8 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -692,7 +692,7 @@ lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvide
 				lasso_strisequal(endpoint_type->kind,kind) &&
 				lasso_strisequal(endpoint_type->binding,binding))
 		{
-			return endpoint_type->url;
+			return g_strdup(endpoint_type->url);
 		}
 	}
 	return NULL;
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index c43608b3..0251d479 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -31,9 +31,12 @@
  *
  */
 
+#define _GNU_SOURCE /* for use of strndup */
+
 #include "private.h"
 #include <ctype.h>
 #include <errno.h>
+#include <string.h>
 
 #include <xmlsec/base64.h>
 #include <xmlsec/xmltree.h>
diff --git a/website/web/doap.rdf b/website/web/doap.rdf
index 81d9fe85..0c92cd39 100644
--- a/website/web/doap.rdf
+++ b/website/web/doap.rdf
@@ -62,6 +62,10 @@
     </repository>
     <release>
       <Version>
+        <created>2010-10-08</created>
+        <revision>2.3.4</revision>
+      </Version>
+      <Version>
         <created>2010-10-01</created>
         <revision>2.3.3</revision>
       </Version>
diff --git a/website/web/download/index.xml b/website/web/download/index.xml
index fe3812fc..3ed138fa 100644
--- a/website/web/download/index.xml
+++ b/website/web/download/index.xml
@@ -10,7 +10,7 @@
 	<p>
 	  Lasso is licensed under the GNU GPL and the latest release
 	  is available here as a gzipped tarball:
-	  <a href="https://dev.entrouvert.org/attachments/download/22/lasso-2.3.3.tar.gz">lasso-2.3.3.tar.gz</a>
+	  <a href="https://dev.entrouvert.org/lasso/lasso-2.3.4.tar.gz">lasso-2.3.4.tar.gz</a>
 	</p>
 
 	<h2>Binary Downloads</h2>
diff --git a/website/web/index.xml b/website/web/index.xml
index 4ff6f5d3..10718590 100644
--- a/website/web/index.xml
+++ b/website/web/index.xml
@@ -46,10 +46,9 @@
   </p>
 
   <p>
-   The most recent version of Lasso is <strong>2.3.3</strong>. You can
-   <a
-   href="https://dev.entrouvert.org/attachments/download/22/lasso-2.3.3.tar.gz">download
-   the 2.3.3 tarball here</a> or get more options on the general <a
+   The most recent version of Lasso is <strong>2.3.4</strong>. You can
+   <a href="https://dev.entrouvert.org/lasso/lasso-2.3.4.tar.gz">download
+   the 2.3.4 tarball here</a> or get more options on the general <a
    href="/download/">download</a> page.
   </p>
 
diff --git a/website/web/news/18-release-2.3.4.xml b/website/web/news/18-release-2.3.4.xml
new file mode 100644
index 00000000..cb493266
--- /dev/null
+++ b/website/web/news/18-release-2.3.4.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<div xmlns="http://www.w3.org/1999/xhtml">
+<h3>2010-10-08: Released 2.3.4</h3>
+
+ <p>
+  Lasso 2.3.4 have been released.
+  <a href="/download/">Download 2.3.4 now</a>
+ </p>
+
+ <p class="changes">
+  <strong>What changed ?</strong>
+  Fix bug on ordering of assertionConsumer endpoints, and problem of
+  compilation on Pardus and EL5 distributions.
+ </p>
+
+</div>