AuthnContextClassRef is a list; treat is as such

author: Frederic Peters <fpeters@entrouvert.com> 2006-11-09 10:20:16 +0000
committer: Frederic Peters <fpeters@entrouvert.com> 2006-11-09 10:20:16 +0000
commit: 3e4c60b767a86b0c1c6401586e44eab72c3d1a76 (patch)
tree: df6bda9ebca79099ef5261b4723b87909c8da339
parent: 0e135d2d1da35c15423d6dc56f579da0c168e307 (diff)
3 files changed, 46 insertions, 37 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 8f25b12b..2e93877f 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -268,8 +268,9 @@ lasso_saml20_login_must_authenticate(LassoLogin *login)
 	assertions = lasso_session_get_assertions(profile->session, NULL);
 	if (request->RequestedAuthnContext) {
 		char *comparison = request->RequestedAuthnContext->Comparison;
-		char *class_ref = request->RequestedAuthnContext->AuthnContextClassRef;
-		GList *t3, *t2;
+		GList *class_refs = request->RequestedAuthnContext->AuthnContextClassRef;
+		char *class_ref;
+		GList *t1, *t2, *t3;
 		int compa;
 
 		if (comparison == NULL || strcmp(comparison, "exact") == 0) {
@@ -280,48 +281,56 @@ lasso_saml20_login_must_authenticate(LassoLogin *login)
 		} else if (strcmp(comparison, "better") == 0) {
 			message(G_LOG_LEVEL_CRITICAL, "'better' comparison is not implemented");
 			compa = 0;
+		} else if (strcmp(comparison, "maximum") == 0) {
+			message(G_LOG_LEVEL_CRITICAL, "'maximum' comparison is not implemented");
+			compa = 0;
 		}
 
-		if (class_ref) {
+		if (class_refs) {
 			matched = FALSE;
 		}
 
-		for (t2 = assertions; t2 && !matched; t2 = g_list_next(t2)) {
-			LassoSaml2Assertion *assertion;
-			LassoSaml2AuthnStatement *as = NULL;
-			char *method;
-			GList *t3;
-
-			if (LASSO_IS_SAML2_ASSERTION(t2->data) == FALSE) {
-				continue;
-			}
-
-			assertion = t2->data;
+		for (t1 = class_refs; t1 && !matched; t1 = g_list_next(t1)) {
+			class_ref = t1->data;
+			for (t2 = assertions; t2 && !matched; t2 = g_list_next(t2)) {
+				LassoSaml2Assertion *assertion;
+				LassoSaml2AuthnStatement *as = NULL;
+				char *method;
+				GList *t3;
 
-			for (t3 = assertion->AuthnStatement; t3; t3 = g_list_next(t3)) {
-				if (LASSO_IS_SAML2_AUTHN_STATEMENT(t3->data)) {
-					as = t3->data;
-					break;
+				if (LASSO_IS_SAML2_ASSERTION(t2->data) == FALSE) {
+					continue;
 				}
-			}
-
-			if (as == NULL)
-				continue;
 
-			if (as->AuthnContext == NULL)
-				continue;
+				assertion = t2->data;
 
-			method = as->AuthnContext->AuthnContextClassRef;
+				for (t3 = assertion->AuthnStatement; t3; t3 = g_list_next(t3)) {
+					if (LASSO_IS_SAML2_AUTHN_STATEMENT(t3->data)) {
+						as = t3->data;
+						break;
+					}
+				}
 
-			if (compa == 0) { /* exact */
-				if (strcmp(method, class_ref) == 0) {
-					matched = TRUE;
-					break;
+				if (as == NULL)
+					continue;
+
+				if (as->AuthnContext == NULL)
+					continue;
+
+				method = as->AuthnContext->AuthnContextClassRef;
+
+				if (compa == 0) { /* exact */
+					if (strcmp(method, class_ref) == 0) {
+						matched = TRUE;
+						break;
+					}
+				} else if (compa == 1) { /* minimum */
+					/* XXX: implement 'minimum' comparison */
+				} else if (compa == 2) { /* better */
+					/* XXX: implement 'better' comparison */
+				} else if (compa == 3) { /* maximum */
+					/* XXX: implement 'maximum' comparison */
 				}
-			} else if (compa == 1) { /* minimum */
-				/* XXX: implement 'minimum' comparison */
-			} else if (compa == 2) { /* better */
-				/* XXX: implement 'better' comparison */
 			}
 		}
 
diff --git a/lasso/xml/saml-2.0/samlp2_requested_authn_context.c b/lasso/xml/saml-2.0/samlp2_requested_authn_context.c
index 06748591..428c827b 100644
--- a/lasso/xml/saml-2.0/samlp2_requested_authn_context.c
+++ b/lasso/xml/saml-2.0/samlp2_requested_authn_context.c
@@ -42,9 +42,9 @@
 
 
 static struct XmlSnippet schema_snippets[] = {
-	{ "AuthnContextClassRef", SNIPPET_CONTENT,
+	{ "AuthnContextClassRef", SNIPPET_LIST_CONTENT,
 		G_STRUCT_OFFSET(LassoSamlp2RequestedAuthnContext, AuthnContextClassRef) },
-	{ "AuthnContextDeclRef", SNIPPET_CONTENT,
+	{ "AuthnContextDeclRef", SNIPPET_LIST_CONTENT,
 		G_STRUCT_OFFSET(LassoSamlp2RequestedAuthnContext, AuthnContextDeclRef) },
 	{ "Comparison", SNIPPET_CONTENT,
 		G_STRUCT_OFFSET(LassoSamlp2RequestedAuthnContext, Comparison) },
diff --git a/lasso/xml/saml-2.0/samlp2_requested_authn_context.h b/lasso/xml/saml-2.0/samlp2_requested_authn_context.h
index 60c21954..e8ccc6a2 100644
--- a/lasso/xml/saml-2.0/samlp2_requested_authn_context.h
+++ b/lasso/xml/saml-2.0/samlp2_requested_authn_context.h
@@ -55,8 +55,8 @@ struct _LassoSamlp2RequestedAuthnContext {
 
 	/*< public >*/
 	/* elements */
-	char *AuthnContextClassRef;
-	char *AuthnContextDeclRef;
+	GList *AuthnContextClassRef;
+	GList *AuthnContextDeclRef;
 	/* attributes */
 	char *Comparison;
 };
author	Frederic Peters <fpeters@entrouvert.com>	2006-11-09 10:20:16 +0000
committer	Frederic Peters <fpeters@entrouvert.com>	2006-11-09 10:20:16 +0000
commit	3e4c60b767a86b0c1c6401586e44eab72c3d1a76 (patch)
tree	df6bda9ebca79099ef5261b4723b87909c8da339
parent	0e135d2d1da35c15423d6dc56f579da0c168e307 (diff)