diff options
| author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-16 14:04:43 +0000 |
|---|---|---|
| committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-16 14:04:43 +0000 |
| commit | 76ec7eb692476075c9ab2649f8612479ed5df0f5 (patch) | |
| tree | 46ad31e6810679215c6cbc2577faca952040f7b0 | |
| parent | f5471b3acf9069cba291593e21f77705299d3b7e (diff) | |
| download | lasso-76ec7eb692476075c9ab2649f8612479ed5df0f5.tar.gz lasso-76ec7eb692476075c9ab2649f8612479ed5df0f5.tar.xz lasso-76ec7eb692476075c9ab2649f8612479ed5df0f5.zip | |
(almost) done with errors in ID-FF; remaining "return -1" have been converted
to LASSO_ERROR_UNDEFINED (there are forty-three of them).
LASSO_ERROR_UNDEFINED was redefined from -999 to -1 so it is easier to add new
sequences of errros.
| -rw-r--r-- | lasso/id-ff/defederation.c | 20 | ||||
| -rw-r--r-- | lasso/id-ff/identity.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 30 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 25 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 23 | ||||
| -rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 41 | ||||
| -rw-r--r-- | lasso/id-ff/name_registration.c | 24 | ||||
| -rw-r--r-- | lasso/id-ff/profile.c | 14 | ||||
| -rw-r--r-- | lasso/id-ff/provider.c | 2 | ||||
| -rw-r--r-- | lasso/xml/errors.c | 17 | ||||
| -rw-r--r-- | lasso/xml/errors.h | 19 |
11 files changed, 108 insertions, 109 deletions
diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c index a4ccac68..23ca522b 100644 --- a/lasso/id-ff/defederation.c +++ b/lasso/id-ff/defederation.c @@ -148,17 +148,15 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem g_return_val_if_fail(LASSO_IS_DEFEDERATION(defederation), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); + if (remote_providerID == NULL) { + return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); + } + profile = LASSO_PROFILE(defederation); /* set the remote provider id */ profile->remote_providerID = g_strdup(remote_providerID); - if (profile->remote_providerID == NULL) { - message(G_LOG_LEVEL_CRITICAL, - "No remote provider id to send the defederation request"); - return -1; - } - remote_provider = g_hash_table_lookup( profile->server->providers, profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { @@ -211,8 +209,7 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem 0); } if (LASSO_IS_LIB_FEDERATION_TERMINATION_NOTIFICATION(profile->request) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Error while building the request"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } /* Set the nameIdentifier attribute from content local variable */ @@ -371,8 +368,7 @@ lasso_defederation_validate_notification(LassoDefederation *defederation) nameIdentifier = LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION( profile->request)->NameIdentifier; if (nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Name identifier not found in request"); - return -1; + return critical_error(LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER); } /* Verify federation */ @@ -387,9 +383,7 @@ lasso_defederation_validate_notification(LassoDefederation *defederation) } if (lasso_federation_verify_nameIdentifier(federation, nameIdentifier) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "No name identifier for %s", - profile->remote_providerID); - return -1; + return critical_error(LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND); } /* remove federation of the remote provider */ diff --git a/lasso/id-ff/identity.c b/lasso/id-ff/identity.c index b1429bd4..8a912890 100644 --- a/lasso/id-ff/identity.c +++ b/lasso/id-ff/identity.c @@ -59,7 +59,7 @@ lasso_identity_remove_federation(LassoIdentity *identity, char *remote_providerI { if (g_hash_table_remove(identity->federations, remote_providerID) == FALSE) { debug("Failed to remove federation for remote Provider %s", remote_providerID); - return -1; + return LASSO_ERROR_UNDEFINED; } identity->is_dirty = TRUE; return 0; diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index dbe92081..a9c67c74 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -47,7 +47,7 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) if (profile->request == NULL) { message(G_LOG_LEVEL_CRITICAL, "AuthnRequest not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } lecp->authnRequestEnvelope = lasso_lib_authn_request_envelope_new_full( @@ -55,15 +55,14 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) LASSO_PROVIDER(profile->server)->ProviderID, assertionConsumerServiceURL); if (lecp->authnRequestEnvelope == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Error while building AuthnRequestEnvelope"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } profile->msg_body = lasso_node_dump(LASSO_NODE(lecp->authnRequestEnvelope), "utf-8", 0); if (profile->msg_body == NULL) { message(G_LOG_LEVEL_CRITICAL, "Error while exporting the AuthnRequestEnvelope to POST msg"); - return -1; + return LASSO_ERROR_UNDEFINED; } return 0; @@ -95,9 +94,7 @@ lasso_lecp_build_authn_request_msg(LassoLecp *lecp) remote_provider, "SingleSignOnServiceURL"); profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); if (profile->msg_body == NULL) { - message(G_LOG_LEVEL_CRITICAL, - "Error while building the AuthnRequest SOAP message"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } return 0; @@ -113,13 +110,11 @@ lasso_lecp_build_authn_response_msg(LassoLecp *lecp) profile = LASSO_PROFILE(lecp); profile->msg_url = g_strdup(lecp->assertionConsumerServiceURL); if (profile->msg_url == NULL) { - message(G_LOG_LEVEL_CRITICAL, "AssertionConsumerServiceURL not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } profile->msg_body = lasso_node_export_to_base64(profile->response, NULL, NULL); if (profile->msg_body == NULL) { - message(G_LOG_LEVEL_CRITICAL, "AuthnResponse Base64 msg not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } return 0; @@ -138,7 +133,7 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp) if (LASSO_IS_LIB_AUTHN_RESPONSE(profile->response) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "AuthnResponse not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); @@ -169,9 +164,7 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp) LASSO_NODE(lecp->authnResponseEnvelope), NULL, NULL); if (LASSO_PROFILE(lecp)->msg_body == NULL) { - message(G_LOG_LEVEL_CRITICAL, - "Error while exporting the AuthnResponseEnvelope to SOAP msg"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } return 0; @@ -227,7 +220,7 @@ lasso_lecp_process_authn_request_envelope_msg(LassoLecp *lecp, const char *reque lecp->authnRequestEnvelope->AuthnRequest)); if (LASSO_PROFILE(lecp)->request == NULL) { message(G_LOG_LEVEL_CRITICAL, "AuthnRequest not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } return 0; @@ -254,14 +247,13 @@ lasso_lecp_process_authn_response_envelope_msg(LassoLecp *lecp, const char *resp profile->response = g_object_ref(lecp->authnResponseEnvelope->AuthnResponse); if (profile->response == NULL) { message(G_LOG_LEVEL_CRITICAL, "AuthnResponse not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } lecp->assertionConsumerServiceURL = g_strdup( lecp->authnResponseEnvelope->AssertionConsumerServiceURL); if (lecp->assertionConsumerServiceURL == NULL){ - message(G_LOG_LEVEL_CRITICAL, "AssertionConsumerServiceURL not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } return 0; diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 6ef8b705..f1529c39 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -320,17 +320,17 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) response = LASSO_SAMLP_RESPONSE(LASSO_PROFILE(login)->response); if (response->Status == NULL || ! LASSO_IS_SAMLP_STATUS(response->Status)) - return -1; + return LASSO_ERROR_UNDEFINED; if (response->Status->StatusCode == NULL) - return -1; + return LASSO_ERROR_UNDEFINED; status_value = response->Status->StatusCode->Value; if (status_value == NULL) { /* XXX ? was ignored before ? */ } if (status_value && strcmp(status_value, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { - return -7; /* FIXME: proper error code */ + return LASSO_ERROR_UNDEFINED; } if (response->Assertion) { @@ -397,11 +397,11 @@ lasso_login_accept_sso(LassoLogin *login) profile->session = lasso_session_new(); if (profile->response == NULL) - return -1; + return LASSO_ERROR_UNDEFINED; assertion = LASSO_SAMLP_RESPONSE(profile->response)->Assertion; if (assertion == NULL) - return -1; + return LASSO_ERROR_UNDEFINED; lasso_session_add_assertion(profile->session, profile->remote_providerID, g_object_ref(assertion)); @@ -412,7 +412,7 @@ lasso_login_accept_sso(LassoLogin *login) ni = authentication_statement->Subject->NameIdentifier; if (ni == NULL) - return -1; + return LASSO_ERROR_UNDEFINED; if (LASSO_IS_LIB_SUBJECT(authentication_statement->Subject)) { idp_ni = LASSO_LIB_SUBJECT( @@ -467,7 +467,7 @@ lasso_login_build_artifact_msg(LassoLogin *login, lassoHttpMethod http_method) } if (LASSO_PROFILE(login)->remote_providerID == NULL) - return -1; + return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); /* build artifact infos */ remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, @@ -850,12 +850,12 @@ lasso_login_init_request(LassoLogin *login, gchar *response_msg, i = xmlSecBase64Decode(artifact_b64, artifact, 43); if (i < 0 || i > 42) { g_free(artifact_b64); - return -1; + return LASSO_ERROR_UNDEFINED; } if (artifact[0] != 0 || artifact[1] != 3) { /* wrong type code */ g_free(artifact_b64); - return -1; + return LASSO_ERROR_UNDEFINED; } memcpy(provider_succint_id, artifact+2, 20); @@ -1058,12 +1058,11 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque } else { /* AuthnRequestsSigned element is required */ message(G_LOG_LEVEL_CRITICAL, "XXX"); - return -1; + return LASSO_ERROR_UNDEFINED; } } else { - message(G_LOG_LEVEL_CRITICAL, - "Must verify signature without knowing provider"); - return -1; + return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, + LASSO_PROFILE(login)->remote_providerID); } /* verify request signature */ diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 6c4766bc..2939db5f 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -150,7 +150,8 @@ lasso_logout_build_response_msg(LassoLogout *logout) /* get the provider */ provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); if (provider == NULL) { - return -1; + return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, + profile->remote_providerID); } /* build logout response message */ @@ -268,8 +269,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, /* verify if session exists */ if (profile->session == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Session not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_SESSION_NOT_FOUND); } /* get the remote provider id @@ -280,15 +280,14 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, profile->remote_providerID = g_strdup(remote_providerID); } if (profile->remote_providerID == NULL) { - message(G_LOG_LEVEL_CRITICAL, "No remote provider id to build the logout request"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); } /* get assertion */ assertion = lasso_session_get_assertion(profile->session, profile->remote_providerID); if (LASSO_IS_SAML_ASSERTION(assertion) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Assertion not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* if format is one time, then get name identifier from assertion, @@ -360,8 +359,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, 0); } if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Error while building the request"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } /* Set the name identifier attribute with content local variable */ @@ -544,7 +542,7 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg) return LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE; } message(G_LOG_LEVEL_CRITICAL, "Status code is not success : %s", statusCodeValue); - return -1; + return LASSO_ERROR_UNDEFINED; } /* LogoutResponse status code value is ok */ @@ -679,8 +677,7 @@ lasso_logout_validate_request(LassoLogout *logout) 0); } if (LASSO_IS_LIB_LOGOUT_RESPONSE(profile->response) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Error while building response"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); } /* verify signature status */ @@ -703,7 +700,7 @@ lasso_logout_validate_request(LassoLogout *logout) if (assertion == NULL) { message(G_LOG_LEVEL_WARNING, "%s has no assertion", profile->remote_providerID); lasso_profile_set_response_status(profile, LASSO_SAML_STATUS_CODE_REQUEST_DENIED); - return -1; + return LASSO_ERROR_UNDEFINED; } /* If name identifier is federated, then verify federation */ @@ -726,7 +723,7 @@ lasso_logout_validate_request(LassoLogout *logout) profile->remote_providerID); lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); - return -1; + return LASSO_ERROR_UNDEFINED; } } diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 6e0e80c3..620c8c09 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -49,7 +49,7 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp if (remote_provider->role != LASSO_PROVIDER_ROLE_IDP) { message(G_LOG_LEVEL_CRITICAL, "Build request msg method is forbidden at IDP"); - return -1; + return LASSO_ERROR_UNDEFINED; } profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); @@ -60,9 +60,7 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp profile->msg_body = lasso_node_export_to_soap(profile->request, profile->server->private_key, profile->server->certificate); if (profile->msg_body == NULL) { - message(G_LOG_LEVEL_CRITICAL, - "Error building name identifier mapping request SOAP message"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } return 0; @@ -87,7 +85,7 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map if (remote_provider->role != LASSO_PROVIDER_ROLE_SP) { message(G_LOG_LEVEL_CRITICAL, "Build response msg method is forbidden at SP"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* verify the provider type is a service provider type */ @@ -143,7 +141,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping, } if (remote_provider->role != LASSO_PROVIDER_ROLE_IDP) { message(G_LOG_LEVEL_CRITICAL, "Init request method is forbidden for an IDP"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* get federation */ @@ -158,8 +156,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping, if (nameIdentifier == NULL) nameIdentifier = federation->remote_nameIdentifier; if (nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Name identifier not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND); } /* get / verify http method */ @@ -178,8 +175,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping, LASSO_SIGNATURE_TYPE_WITHX509, LASSO_SIGNATURE_METHOD_RSA_SHA1); if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Invalid request"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } profile->http_request_method = LASSO_HTTP_METHOD_SOAP; @@ -273,7 +269,7 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m profile->response)->Status->StatusCode->Value; if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { message(G_LOG_LEVEL_CRITICAL, "%s", statusCodeValue); - return -1; + return LASSO_ERROR_UNDEFINED; } /* Set the target name identifier */ @@ -299,20 +295,24 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi /* verify the provider type is a service provider type */ if (profile->remote_providerID == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Remote provider id not found"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); } remote_provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); + if (remote_provider == NULL) { + return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, + profile->remote_providerID); + } + if (remote_provider->role != LASSO_PROVIDER_ROLE_SP) { message(G_LOG_LEVEL_CRITICAL, "Build request msg method is forbidden at SP"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* verify request attribute of mapping is a name identifier mapping request */ if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Invalid NameIdentifierMappingRequest"); - return -1; + return LASSO_ERROR_UNDEFINED; } if (profile->http_request_method != LASSO_HTTP_METHOD_SOAP) { @@ -329,8 +329,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi LASSO_SIGNATURE_METHOD_RSA_SHA1); if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Error building NameIdentifierMappingResponse"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); } /* verify signature status */ @@ -360,20 +359,20 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL); message(G_LOG_LEVEL_CRITICAL, "Name identifier of federation not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* get the federation of the target name space and his name identifier */ if (request->TargetNamespace == NULL) { message(G_LOG_LEVEL_CRITICAL, "Target name space not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } federation = g_hash_table_lookup(profile->identity->federations, request->TargetNamespace); if (LASSO_IS_FEDERATION(federation) == FALSE) { lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); message(G_LOG_LEVEL_CRITICAL, "Target name space federation not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } targetNameIdentifier = federation->remote_nameIdentifier; @@ -386,7 +385,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi "Name identifier for target name space federation not found"); lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); - return -1; + return LASSO_ERROR_UNDEFINED; } LASSO_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response)->NameIdentifier = diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index eeb5ebcf..3e78e627 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -220,7 +220,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, } else { /* if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) { */ if (federation->local_nameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Local name identifier not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } oldNameIdentifier = g_object_ref(federation->local_nameIdentifier); @@ -247,7 +247,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, if (oldNameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Invalid provider type"); - return -1; + return LASSO_ERROR_UNDEFINED; } if (http_method == LASSO_HTTP_METHOD_ANY) { @@ -270,8 +270,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, idpNameIdentifier, spNameIdentifier, oldNameIdentifier, LASSO_SIGNATURE_TYPE_WITHX509, LASSO_SIGNATURE_METHOD_RSA_SHA1); if (profile->request == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Error creating the request"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } profile->http_request_method = http_method; @@ -390,7 +389,7 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr statusCodeValue = LASSO_LIB_STATUS_RESPONSE(profile->response)->Status->StatusCode->Value; if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { message(G_LOG_LEVEL_CRITICAL, "%s", statusCodeValue); - return -1; + return LASSO_ERROR_UNDEFINED; } /* Update federation with the nameIdentifier attribute. NameQualifier @@ -422,7 +421,7 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr } if (nameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Invalid provider role"); - return -1; + return LASSO_ERROR_UNDEFINED; } lasso_federation_set_local_name_identifier(federation, nameIdentifier); @@ -451,7 +450,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio /* verify the register name identifier request */ if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Register Name Identifier request not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } request = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request); @@ -460,7 +459,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio profile->remote_providerID = g_strdup(request->ProviderID); if (profile->remote_providerID == NULL) { message(G_LOG_LEVEL_CRITICAL, "No provider id found in name registration request"); - return -1; + return LASSO_ERROR_UNDEFINED; } /* set register name identifier response */ @@ -470,8 +469,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request), LASSO_SIGNATURE_TYPE_WITHX509, LASSO_SIGNATURE_METHOD_RSA_SHA1); if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Error building response"); - return -1; + return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); } /* verify federation */ @@ -483,13 +481,13 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio if (request->OldProvidedNameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Old provided name identifier not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } if (lasso_federation_verify_nameIdentifier(federation, request->OldProvidedNameIdentifier) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "No name identifier"); - return -1; + return LASSO_ERROR_UNDEFINED; } remote_provider = g_hash_table_lookup(profile->server->providers, @@ -508,7 +506,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio } if (providedNameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Sp provided name identifier not found"); - return -1; + return LASSO_ERROR_UNDEFINED; } lasso_federation_set_remote_name_identifier(federation, providedNameIdentifier); diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c index 9d4d68c7..869a0e10 100644 --- a/lasso/id-ff/profile.c +++ b/lasso/id-ff/profile.c @@ -216,12 +216,8 @@ lasso_profile_set_identity_from_dump(LassoProfile *ctx, const gchar *dump) g_return_val_if_fail(dump != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); ctx->identity = lasso_identity_new_from_dump(dump); - if (ctx->identity == NULL) { - message(G_LOG_LEVEL_WARNING, - "Failed to create the identity from the identity dump"); - return -1; - } - ctx->identity->is_dirty = FALSE; + if (ctx->identity == NULL) + return critical_error(LASSO_PROFILE_ERROR_BAD_IDENTITY_DUMP); return 0; } @@ -232,10 +228,8 @@ lasso_profile_set_session_from_dump(LassoProfile *ctx, const gchar *dump) g_return_val_if_fail(dump != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); ctx->session = lasso_session_new_from_dump(dump); - if (ctx->session == NULL) { - message(G_LOG_LEVEL_WARNING, "Failed to create the session from the session dump"); - return -1; - } + if (ctx->session == NULL) + return critical_error(LASSO_PROFILE_ERROR_BAD_SESSION_DUMP); ctx->session->is_dirty = FALSE; return 0; diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index e8c66aad..dc2939ef 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -270,7 +270,7 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) xmlChar *s; if (xmlnode == NULL) - return -1; + return LASSO_ERROR_UNDEFINED; s = xmlGetProp(xmlnode, "ProviderRole"); if (s && strcmp(s, "SP") == 0) diff --git a/lasso/xml/errors.c b/lasso/xml/errors.c index e43a7974..9a938677 100644 --- a/lasso/xml/errors.c +++ b/lasso/xml/errors.c @@ -97,6 +97,18 @@ lasso_strerror(int error_code) return "Name identifier not found"; case LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED: return "Error building request QUERY url"; + case LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED: + return "Error building request object"; + case LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED: + return "Error building request message"; + case LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED: + return "Error building response object"; + case LASSO_PROFILE_ERROR_SESSION_NOT_FOUND: + return "Session not found"; + case LASSO_PROFILE_ERROR_BAD_IDENTITY_DUMP: + return "Failed to create identity from dump"; + case LASSO_PROFILE_ERROR_BAD_SESSION_DUMP: + return "Failed to create session from dump"; case LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ: return "An object type provided as parameter "\ @@ -106,8 +118,13 @@ lasso_strerror(int error_code) case LASSO_PARAM_ERROR_CHECK_FAILED: return "The error return location should be "\ "either NULL or contains a NULL error."; + case LASSO_LOGIN_ERROR_INVALID_NAMEIDPOLICY: return "Invalid NameIDPolicy in lib:AuthnRequest: %s"; + + case LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER: + return "Name identifier not found in request"; + default: return g_strdup_printf("Undefined error code %d.", error_code); } diff --git a/lasso/xml/errors.h b/lasso/xml/errors.h index d7e40b36..1a5fdf8b 100644 --- a/lasso/xml/errors.h +++ b/lasso/xml/errors.h @@ -26,6 +26,9 @@ /* Negative errors : programming or runtime recoverable errors */ /* Positive errors : Liberty Alliance recoverable errors */ +/* undefined */ +#define LASSO_ERROR_UNDEFINED -1 + /* generic XML */ #define LASSO_XML_ERROR_NODE_NOT_FOUND -10 #define LASSO_XML_ERROR_NODE_CONTENT_NOT_FOUND -11 @@ -48,14 +51,14 @@ #define LASSO_DS_ERROR_INVALID_SIGALG -113 #define LASSO_DS_ERROR_DIGEST_COMPUTE_FAILED -114 -/* server */ +/* Server */ #define LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND -201 #define LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED -202 -/* logout */ +/* Single Logout */ #define LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE -301 -/* profile */ +/* Profile */ #define LASSO_PROFILE_ERROR_INVALID_QUERY -401 #define LASSO_PROFILE_ERROR_INVALID_POST_MSG -402 #define LASSO_PROFILE_ERROR_INVALID_SOAP_MSG -403 @@ -70,6 +73,12 @@ #define LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND -412 #define LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND -413 #define LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED -414 +#define LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED -415 +#define LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED -416 +#define LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED -417 +#define LASSO_PROFILE_ERROR_SESSION_NOT_FOUND -418 +#define LASSO_PROFILE_ERROR_BAD_IDENTITY_DUMP -419 +#define LASSO_PROFILE_ERROR_BAD_SESSION_DUMP -420 /* functions/methods parameters checking */ #define LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ -501 @@ -84,7 +93,7 @@ #define LASSO_LOGIN_ERROR_INVALID_SIGNATURE 605 #define LASSO_LOGIN_ERROR_UNSIGNED_AUTHN_REQUEST 606 -/* others */ -#define LASSO_ERROR_UNDEFINED -999 +/* Federation Termination Notification */ +#define LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER -700 const char* lasso_strerror(int error_code); |