diff options
| author | Nicolas Clapies <nclapies@entrouvert.com> | 2004-07-21 14:11:09 +0000 |
|---|---|---|
| committer | Nicolas Clapies <nclapies@entrouvert.com> | 2004-07-21 14:11:09 +0000 |
| commit | 46738d03eacf3b0368e50674194f6f05cae2cddf (patch) | |
| tree | 5802e13b94ffc61c5f612276835d96a7fa8446a9 | |
| parent | b7cfb5c758c898377a08b368e156bae4d1820b1b (diff) | |
| download | lasso-46738d03eacf3b0368e50674194f6f05cae2cddf.tar.gz lasso-46738d03eacf3b0368e50674194f6f05cae2cddf.tar.xz lasso-46738d03eacf3b0368e50674194f6f05cae2cddf.zip | |
update of federation termination notification
| -rw-r--r-- | lasso/Attic/protocols/federation_termination_notification.c | 22 | ||||
| -rw-r--r-- | lasso/Attic/protocols/federation_termination_notification.h | 6 | ||||
| -rw-r--r-- | lasso/Attic/protocols/identity.c | 16 | ||||
| -rw-r--r-- | lasso/Attic/protocols/identity.h | 30 | ||||
| -rw-r--r-- | lasso/id-ff/federation_termination.c | 35 | ||||
| -rw-r--r-- | python/environs/py_federation_termination.c | 4 | ||||
| -rw-r--r-- | python/examples/defederation.py | 12 | ||||
| -rw-r--r-- | python/lassomod.c | 5 | ||||
| -rw-r--r-- | python/protocols/py_federation_termination_notification.c | 32 | ||||
| -rw-r--r-- | python/protocols/py_federation_termination_notification.h | 3 |
10 files changed, 102 insertions, 63 deletions
diff --git a/lasso/Attic/protocols/federation_termination_notification.c b/lasso/Attic/protocols/federation_termination_notification.c index 0c6a4ef1..afa6b17c 100644 --- a/lasso/Attic/protocols/federation_termination_notification.c +++ b/lasso/Attic/protocols/federation_termination_notification.c @@ -180,3 +180,25 @@ lasso_federation_termination_notification_new_from_soap(const xmlChar *buffer) return(notification); } + + +LassoNode* +lasso_federation_termination_notification_new_from_export(const xmlChar *buffer, + lassoNodeExportTypes export_type) +{ + LassoNode *notification; + + g_return_val_if_fail(buffer != NULL, NULL); + + switch(export_type){ + case lassoNodeExportTypeQuery: + notification = lasso_federation_termination_notification_new_from_query(buffer); + break; + case lassoNodeExportTypeSoap: + notification = lasso_federation_termination_notification_new_from_soap(buffer); + break; + default: + } + + return(notification); +} diff --git a/lasso/Attic/protocols/federation_termination_notification.h b/lasso/Attic/protocols/federation_termination_notification.h index f2edd985..5af67c37 100644 --- a/lasso/Attic/protocols/federation_termination_notification.h +++ b/lasso/Attic/protocols/federation_termination_notification.h @@ -53,12 +53,14 @@ struct _LassoFederationTerminationNotificationClass { }; LASSO_EXPORT GType lasso_federation_termination_notification_get_type (void); + LASSO_EXPORT LassoNode* lasso_federation_termination_notification_new (const xmlChar *providerID, const xmlChar *nameIdentifier, const xmlChar *nameQualifier, const xmlChar *format); -LASSO_EXPORT LassoNode* lasso_federation_termination_notification_new_from_query (const xmlChar *query); -LASSO_EXPORT LassoNode* lasso_federation_termination_notification_new_from_soap (const xmlChar *buffer); + +LASSO_EXPORT LassoNode* lasso_federation_termination_notification_new_from_export (const xmlChar *export, + lassoNodeExportTypes export_type); #ifdef __cplusplus } diff --git a/lasso/Attic/protocols/identity.c b/lasso/Attic/protocols/identity.c index ab25926d..a9d3bf8f 100644 --- a/lasso/Attic/protocols/identity.c +++ b/lasso/Attic/protocols/identity.c @@ -99,6 +99,22 @@ lasso_identity_get_remote_nameIdentifier(LassoIdentity *identity) } void +lasso_identity_remove_local_nameIdentifier(LassoIdentity *identity) +{ + if(identity->local_nameIdentifier!=NULL){ + lasso_node_destroy(identity->local_nameIdentifier); + } +} + +void +lasso_identity_remove_remote_nameIdentifier(LassoIdentity *identity) +{ + if(identity->remote_nameIdentifier!=NULL){ + lasso_node_destroy(identity->remote_nameIdentifier); + } +} + +void lasso_identity_set_local_nameIdentifier(LassoIdentity *identity, LassoNode *nameIdentifier) { diff --git a/lasso/Attic/protocols/identity.h b/lasso/Attic/protocols/identity.h index 3dd8a6d1..4c217f4c 100644 --- a/lasso/Attic/protocols/identity.h +++ b/lasso/Attic/protocols/identity.h @@ -65,28 +65,32 @@ struct _LassoIdentityClass { GObjectClass parent; }; -LASSO_EXPORT GType lasso_identity_get_type (void); +LASSO_EXPORT GType lasso_identity_get_type (void); -LASSO_EXPORT LassoIdentity *lasso_identity_new (gchar *remote_providerID); +LASSO_EXPORT LassoIdentity *lasso_identity_new (gchar *remote_providerID); -LASSO_EXPORT LassoIdentity *lasso_identity_new_from_dump (xmlChar *dump); +LASSO_EXPORT LassoIdentity *lasso_identity_new_from_dump (xmlChar *dump); -LASSO_EXPORT void lasso_identity_destroy (LassoIdentity *identity); +LASSO_EXPORT void lasso_identity_destroy (LassoIdentity *identity); -LASSO_EXPORT xmlChar *lasso_identity_dump (LassoIdentity *identity); +LASSO_EXPORT xmlChar *lasso_identity_dump (LassoIdentity *identity); -LASSO_EXPORT LassoNode *lasso_identity_get_remote_nameIdentifier (LassoIdentity *identity); +LASSO_EXPORT LassoNode *lasso_identity_get_remote_nameIdentifier (LassoIdentity *identity); -LASSO_EXPORT LassoNode *lasso_identity_get_local_nameIdentifier (LassoIdentity *identity); +LASSO_EXPORT LassoNode *lasso_identity_get_local_nameIdentifier (LassoIdentity *identity); -LASSO_EXPORT void lasso_identity_set_local_nameIdentifier (LassoIdentity *identity, - LassoNode *nameIdentifier); +LASSO_EXPORT void lasso_identity_remove_local_nameIdentifier (LassoIdentity *identity); -LASSO_EXPORT void lasso_identity_set_remote_nameIdentifier (LassoIdentity *identity, - LassoNode *nameIdentifier); +LASSO_EXPORT void lasso_identity_remove_remote_nameIdentifier (LassoIdentity *identity); -LASSO_EXPORT gboolean lasso_identity_verify_nameIdentifier (LassoIdentity *identity, - LassoNode *nameIdentifier); +LASSO_EXPORT void lasso_identity_set_local_nameIdentifier (LassoIdentity *identity, + LassoNode *nameIdentifier); + +LASSO_EXPORT void lasso_identity_set_remote_nameIdentifier (LassoIdentity *identity, + LassoNode *nameIdentifier); + +LASSO_EXPORT gboolean lasso_identity_verify_nameIdentifier (LassoIdentity *identity, + LassoNode *nameIdentifier); #ifdef __cplusplus } diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c index a50985a1..9bf31509 100644 --- a/lasso/id-ff/federation_termination.c +++ b/lasso/id-ff/federation_termination.c @@ -109,14 +109,19 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed profileContext = LASSO_PROFILE_CONTEXT(defederation); if(remote_providerID==NULL){ - debug(INFO, "No remote provider id, get the issuer of the first authentication assertion\n"); - profileContext->remote_providerID = lasso_user_get_next_assertion_remote_providerID(profileContext->user); + debug(INFO, "No remote provider id, get the remote provider id of the first identity\n"); + profileContext->remote_providerID = lasso_user_get_next_identity_remote_providerID(profileContext->user); } else{ debug(INFO, "A remote provider id for defederation notification : %s\n", remote_providerID); profileContext->remote_providerID = g_strdup(remote_providerID); } + if(profileContext->remote_providerID==NULL){ + debug(ERROR, "No provider id for init notification\n"); + return(-2); + } + /* get identity */ identity = lasso_user_get_identity(profileContext->user, profileContext->remote_providerID); if(identity==NULL){ @@ -128,8 +133,9 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed switch(profileContext->provider_type){ case lassoProviderTypeSp: nameIdentifier = LASSO_NODE(lasso_identity_get_local_nameIdentifier(identity)); - if(!nameIdentifier) + if(!nameIdentifier){ nameIdentifier = LASSO_NODE(lasso_identity_get_remote_nameIdentifier(identity)); + } break; case lassoProviderTypeIdp: nameIdentifier = LASSO_NODE(lasso_identity_get_remote_nameIdentifier(identity)); @@ -180,11 +186,11 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination switch(request_method){ case lassoHttpMethodSoap: debug(DEBUG, "Process a federation termination notification soap msg\n"); - profileContext->request = lasso_federation_termination_notification_new_from_soap(request_msg); + profileContext->request = lasso_federation_termination_notification_new_from_export(request_msg, lassoNodeExportTypeSoap); break; case lassoHttpMethodRedirect: debug(DEBUG, "Process a federation termination notification query msg\n"); - profileContext->request = lasso_federation_termination_notification_new_from_query(request_msg); + profileContext->request = lasso_federation_termination_notification_new_from_export(request_msg, lassoNodeExportTypeQuery); break; case lassoHttpMethodGet: debug(WARNING, "Implement the get federation termination notification method\n"); @@ -193,6 +199,10 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination debug(ERROR, "Unknown request method (%d)\n", request_method); return(-1); } + if(profileContext->request==NULL){ + debug(ERROR, "Error While building the request from msg\n"); + return(-1); + } /* set the remote provider id from the request */ remote_providerID = lasso_node_get_child_content(profileContext->request, "ProviderID", NULL); @@ -204,20 +214,27 @@ lasso_federation_termination_process_notification_msg(LassoFederationTermination return(-2); } - remote_providerID = lasso_node_get_child_content(profileContext->request, "ProviderID", NULL); - /* Verify federation */ + if(profileContext->user==NULL){ + debug(ERROR, "User environ not found\n"); + return(-3); + } + identity = lasso_user_get_identity(profileContext->user, remote_providerID); if(identity==NULL){ debug(WARNING, "No identity for %s\n", remote_providerID); - return(-3); + return(-4); } if(lasso_identity_verify_nameIdentifier(identity, nameIdentifier)==FALSE){ debug(WARNING, "No name identifier for %s\n", remote_providerID); - return(-4); + return(-5); } + /* remove federation of the remote provider */ + lasso_identity_remove_remote_nameIdentifier(identity); + debug(INFO, "Remote name identifier removed from federation with %s\n", profileContext->remote_providerID); + return(0); } diff --git a/python/environs/py_federation_termination.c b/python/environs/py_federation_termination.c index 6f6d0902..60c8d7d7 100644 --- a/python/environs/py_federation_termination.c +++ b/python/environs/py_federation_termination.c @@ -129,8 +129,8 @@ PyObject *federation_termination_init_notification(PyObject *self, PyObject *arg gchar *remote_providerID; gint codeError; - if (CheckArgs(args, "OS:federation_termination_init_notification")) { - if(!PyArg_ParseTuple(args, (char *) "Os:federation_termination_init_notification", + if (CheckArgs(args, "Os:federation_termination_init_notification")) { + if(!PyArg_ParseTuple(args, (char *) "Oz:federation_termination_init_notification", &federation_termination_obj, &remote_providerID)) return NULL; } diff --git a/python/examples/defederation.py b/python/examples/defederation.py index 4b7b3500..a07c2331 100644 --- a/python/examples/defederation.py +++ b/python/examples/defederation.py @@ -19,32 +19,28 @@ spserver.add_provider("../../examples/sp.xml", None, None) # users : -spuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://identity-provider:2003/liberty-alliance/metadata\"><LassoRemoteNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoRemoteNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" +spuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://identity-provider:2003/liberty-alliance/metadata\"><LassoRemoteNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoRemoteNameIdentifier><LassoLocalNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">222222222222222222222</NameIdentifier></LassoLocalNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" spuser = lasso.User.new_from_dump(spuser_dump) -idpuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://service-provider:2003/liberty-alliance/metadata\"><LassoLocalNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoLocalNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" +idpuser_dump = "<LassoUser><LassoIdentities><LassoIdentity RemoteProviderID=\"https://service-provider:2003/liberty-alliance/metadata\"><LassoLocalNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">1111111111111111111111111</NameIdentifier></LassoLocalNameIdentifier><LassoRemoteNameIdentifier><NameIdentifier NameQualifier=\"qualifier.com\" Format=\"federated\">222222222222222222222</NameIdentifier></LassoRemoteNameIdentifier></LassoIdentity></LassoIdentities></LassoUser>" idpuser = lasso.User.new_from_dump(idpuser_dump) # sp federation termination : spdefederation = lasso.FederationTermination.new(spserver, spuser, lasso.providerTypeSp) -spdefederation.init_notification("https://identity-provider:2003/liberty-alliance/metadata") +spdefederation.init_notification() spdefederation.build_notification_msg() print 'url : ', spdefederation.msg_url print 'body : ', spdefederation.msg_body -sys.exit(1) # idp federation termination : print "---------------------------------------------------------" print " At identity provider " idpdefederation = lasso.FederationTermination.new(idpserver, idpuser, lasso.providerTypeIdp) idpdefederation.process_notification_msg(spdefederation.msg_body, lasso.httpMethodSoap) -idpdefederation.build_response_msg() -print 'url : ', idpdefederation.msg_url -print 'body : ', idpdefederation.msg_body - +print 'Only return an HTTP OK 200 to the notifier' print 'End of federation termination' lasso.shutdown() diff --git a/python/lassomod.c b/python/lassomod.c index ac6439fe..9135b060 100644 --- a/python/lassomod.c +++ b/python/lassomod.c @@ -146,9 +146,8 @@ static PyMethodDef lasso_methods[] = { {"authn_response_new_from_export", authn_response_new_from_export, METH_VARARGS}, /* py_federation_termination_notification.h */ - {"federation_termination_notification_new", federation_termination_notification_new, METH_VARARGS}, - {"federation_termination_notification_new_from_soap", federation_termination_notification_new_from_soap, METH_VARARGS}, - {"federation_termination_notification_new_from_query", federation_termination_notification_new_from_query, METH_VARARGS}, + {"federation_termination_notification_new", federation_termination_notification_new, METH_VARARGS}, + {"federation_termination_notification_new_from_export", federation_termination_notification_new_from_export, METH_VARARGS}, /* py_logout_request.h */ {"logout_request_new", logout_request_new, METH_VARARGS}, diff --git a/python/protocols/py_federation_termination_notification.c b/python/protocols/py_federation_termination_notification.c index e3b7945c..8a105105 100644 --- a/python/protocols/py_federation_termination_notification.c +++ b/python/protocols/py_federation_termination_notification.c @@ -64,36 +64,20 @@ PyObject *federation_termination_notification_new(PyObject *self, PyObject *args return (LassoFederationTerminationNotification_wrap(LASSO_FEDERATION_TERMINATION_NOTIFICATION(notification))); } -PyObject *federation_termination_notification_new_from_soap(PyObject *self, PyObject *args) { - const xmlChar *soap_buffer; +PyObject *federation_termination_notification_new_from_export(PyObject *self, PyObject *args) { + xmlChar *soap_buffer; + gint type; - LassoNode *notification; - - if (CheckArgs(args, "S:federation_termination_notification_new_from_soap")) { - if(!PyArg_ParseTuple(args, (char *) "s:federation_termination_notification_new_from_soap", - &soap_buffer)) - return NULL; - } - else return NULL; - - notification = lasso_federation_termination_notification_new_from_soap(soap_buffer); - - return (LassoFederationTerminationNotification_wrap(LASSO_FEDERATION_TERMINATION_NOTIFICATION(notification))); -} - -PyObject *federation_termination_notification_new_from_query(PyObject *self, PyObject *args) { - const xmlChar *query; - - LassoNode *notification; + LassoNode *notification; - if (CheckArgs(args, "S:federation_termination_notification_new_from_query")) { - if(!PyArg_ParseTuple(args, (char *) "s:federation_termination_notification_new_from_query", - &query)) + if (CheckArgs(args, "SI:federation_termination_notification_new_from_export")) { + if(!PyArg_ParseTuple(args, (char *) "si:federation_termination_notification_new_from_export", + &soap_buffer, &type)) return NULL; } else return NULL; - notification = lasso_federation_termination_notification_new_from_query(query); + notification = lasso_federation_termination_notification_new_from_export(soap_buffer, type); return (LassoFederationTerminationNotification_wrap(LASSO_FEDERATION_TERMINATION_NOTIFICATION(notification))); } diff --git a/python/protocols/py_federation_termination_notification.h b/python/protocols/py_federation_termination_notification.h index 2030f085..52e57d83 100644 --- a/python/protocols/py_federation_termination_notification.h +++ b/python/protocols/py_federation_termination_notification.h @@ -37,7 +37,6 @@ typedef struct { PyObject *LassoFederationTerminationNotification_wrap(LassoFederationTerminationNotification *notification); PyObject *federation_termination_notification_new(PyObject *self, PyObject *args); -PyObject *federation_termination_notification_new_from_soap(PyObject *self, PyObject *args); -PyObject *federation_termination_notification_new_from_query(PyObject *self, PyObject *args); +PyObject *federation_termination_notification_new_from_export(PyObject *self, PyObject *args); #endif /* __PYLASSO_PY_FEDERATION_TERMINATION_NOTIFICATION_H__ */ |