[SAMLv2] fix wrong order in use of macro lasso_foreach

The first argument must be the iterator, the second is the iterable.
Also add a non-regression test with Googleapps metadata and and a
typical authn request.

4 files changed, 109 insertions, 2 deletions

diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 064fe24e..cd1acfe0 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -550,7 +550,7 @@ lasso_saml20_provider_check_assertion_consumer_service_url(LassoProvider *provid
 {
 	GList *t = NULL;
 
-	lasso_foreach (provider->private_data->endpoints, t) {
+	lasso_foreach (t, provider->private_data->endpoints) {
 		EndpointType *endpoint_type = (EndpointType*) t->data;
 		if (endpoint_type && endpoint_type->role == LASSO_PROVIDER_ROLE_SP
 				&& g_strcmp0(endpoint_type->url, url) == 0
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 15eb4e9a..7414dfb8 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@ INCLUDES = \
 	$(CHECK_CFLAGS)
 
 
-tests_SOURCES = tests.c login_tests.c basic_tests.c random_tests.c metadata_tests.c login_tests_saml2.c assertion_query_saml2.c $(WSF_TESTS)
+tests_SOURCES = tests.c login_tests.c basic_tests.c non_regression_tests.c random_tests.c metadata_tests.c login_tests_saml2.c assertion_query_saml2.c $(WSF_TESTS)
 
 tests_LDADD = \
 	$(top_builddir)/lasso/liblasso.la \
diff --git a/tests/non_regression_tests.c b/tests/non_regression_tests.c
new file mode 100644
index 00000000..208bc30d
--- /dev/null
+++ b/tests/non_regression_tests.c
@@ -0,0 +1,105 @@
+/*
+ * Lasso library C unit tests
+ *
+ * Copyright (C) 2004-2007 Entr'ouvert
+ * http://lasso.entrouvert.org
+ *
+ * Authors: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <check.h>
+
+#include <../lasso/lasso.h>
+#include "./tests.h"
+#include <../lasso/xml/lib_assertion.h>
+#include <../lasso/xml/lib_authentication_statement.h>
+#include <../lasso/xml/saml_name_identifier.h>
+#include <../lasso/xml/samlp_response.h>
+#include "../lasso/utils.h"
+
+
+Suite* non_regression_suite();
+
+START_TEST(test01_googleapps_27092010)
+{
+
+/*
+ * Here the decoded request:
+ *
+ * char *gapp_request = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\
+<samlp:AuthnRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\n\
+ID=\"lfnoehcfgagfbefiaijaefdpndeppgmfllenelik\" Version=\"2.0\"\n\
+IssueInstant=\"2010-09-27T12:55:29Z\"\n\
+ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n\
+ProviderName=\"google.com\" IsPassive=\"false\"\n\
+AssertionConsumerServiceURL=\"https://www.google.com/a/linid.org/acs\"><saml:Issuer\n\
+xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">google.com</saml:Issuer><samlp:NameIDPolicy\n\
+AllowCreate=\"true\"\n\
+Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"\n\
+/></samlp:AuthnRequest>"; */
+	char *b64_encoded_request = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIgpJRD0ibGZub2VoY2ZnYWdmYmVmaWFpamFlZmRwbmRlcHBnbWZsbGVuZWxpayIgVmVyc2lvbj0iMi4wIgpJc3N1ZUluc3RhbnQ9IjIwMTAtMDktMjdUMTI6NTU6MjlaIgpQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiClByb3ZpZGVyTmFtZT0iZ29vZ2xlLmNvbSIgSXNQYXNzaXZlPSJmYWxzZSIKQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL3d3dy5nb29nbGUuY29tL2EvbGluaWQub3JnL2FjcyI+PHNhbWw6SXNzdWVyCnhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmdvb2dsZS5jb208L3NhbWw6SXNzdWVyPjxzYW1scDpOYW1lSURQb2xpY3kKQWxsb3dDcmVhdGU9InRydWUiCkZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiCi8+PC9zYW1scDpBdXRoblJlcXVlc3Q+Cg==";
+	char *metadata = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
+<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.google.com/a/linid.org/acs\" index=\"0\" />\n\
+<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n\
+</SPSSODescriptor>\n\
+</md:EntityDescriptor>\n";
+	LassoServer *server = NULL;
+	LassoLogin *login = NULL;
+	check_not_null(server = lasso_server_new(TESTSDATADIR "/idp5-saml2/metadata.xml",
+				TESTSDATADIR "/idp5-saml2/private-key.pem", NULL, NULL));
+	check_good_rc(lasso_server_add_provider_from_buffer(server, LASSO_PROVIDER_ROLE_SP,
+				metadata, NULL, NULL));
+	check_not_null(login = lasso_login_new(server));
+	lasso_profile_set_signature_verify_hint(&login->parent,
+				LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
+	check_good_rc(lasso_login_process_authn_request_msg(login, b64_encoded_request));
+	check_good_rc(lasso_login_validate_request_msg(login, TRUE, TRUE));
+	check_good_rc(lasso_login_build_authn_response_msg(login));
+	check_not_null(LASSO_PROFILE(login)->msg_url);
+	check_not_null(LASSO_PROFILE(login)->msg_body);
+	lasso_release_gobject(login);
+	lasso_release_gobject(server);
+
+}
+END_TEST
+
+struct {
+	char *name;
+	void *function;
+} tests[] = {
+	{ "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010}
+};
+
+Suite*
+non_regression_suite()
+{
+	Suite *s = suite_create("Non regression tests");
+	unsigned int i = 0;
+
+	for (i = 0 ; i < G_N_ELEMENTS(tests); i++) {
+		TCase *c = tcase_create(tests[i].name);
+		void *f = tests[i].function;
+		tcase_add_test(c, f);
+		suite_add_tcase(s, c);
+	}
+
+	return s;
+}
diff --git a/tests/tests.c b/tests/tests.c
index 3b0267f1..a32d32e9 100644
--- a/tests/tests.c
+++ b/tests/tests.c
@@ -35,6 +35,7 @@ extern Suite* login_saml2_suite();
 extern Suite* random_suite();
 extern Suite* metadata_suite();
 extern Suite* assertion_query_suite();
+extern Suite* non_regression_suite();
 #ifdef LASSO_WSF_ENABLED
 extern Suite* idwsf2_suite();
 #endif
@@ -48,6 +49,7 @@ SuiteFunction suites[] = {
 	random_suite,
 	metadata_suite,
 	assertion_query_suite,
+	non_regression_suite,
 #ifdef LASSO_WSF_ENABLED
 	idwsf2_suite,
 #endif