ID-FF 1.2: Use new macros in logout, defederation and lecp

* lasso/id-ff/logout.c:
 - (lasso_logout_build_response_msg, lasso_logout_init_request,
    lasso_logout_process_request_msg, lasso_logout_process_response_msg,
    lasso_logout_validate_request) use lasso_assign_new_object,
   lasso_assign_string, lasso_release and lasso_assign_new_string when
   possible.
 - (lasso_logout_process_response_msg) move the tranfer of the relaystate
   from XML object to profile object.

* lasso/id-ff/defederation.c:
 - (lasso_defederation_build_notification_msg,
    lasso_defederation_init_notification,
    lasso_defederation_process_notification_msg,
    lasso_defederation_validate_notification): idem

* lasso/id-ff/lecp.c:
 - (lasso_lecp_build_authn_request_envelope_msg,
    lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
    lasso_lecp_build_authn_response_envelope_msg) idem

3 files changed, 115 insertions, 129 deletions

diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c
index 2da73a60..d2935a89 100644
--- a/lasso/id-ff/defederation.c
+++ b/lasso/id-ff/defederation.c
@@ -98,13 +98,13 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation)
 	/* build the federation termination notification message (SOAP or HTTP-Redirect) */
 	if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
 		/* build the logout request message */
-		profile->msg_url = lasso_provider_get_metadata_one(
-				remote_provider, "SoapEndpoint");
-		LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->private_key_file =
-			profile->server->private_key;
-		LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->certificate_file =
-			profile->server->certificate;
-		profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request));
+		lasso_assign_new_string(profile->msg_url, lasso_provider_get_metadata_one(
+				remote_provider, "SoapEndpoint"));
+		lasso_assign_string(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->private_key_file,
+			profile->server->private_key);
+		lasso_assign_string(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->certificate_file,
+			profile->server->certificate);
+		lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(LASSO_NODE(profile->request)));
 		return 0;
 	}
 
@@ -121,14 +121,14 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation)
 				profile->server->private_key);
 
 		if (query == NULL) {
-			g_free(url);
+			lasso_release(url);
 			return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
 		}
 
-		profile->msg_url = lasso_concat_url_query(url, query);
-		profile->msg_body = NULL;
-		g_free(url);
-		g_free(query);
+		lasso_assign_new_string(profile->msg_url, lasso_concat_url_query(url, query));
+		lasso_release(profile->msg_body);
+		lasso_release(url);
+		lasso_release(query);
 
 		return 0;
 	}
@@ -176,15 +176,13 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem
 
 	profile = LASSO_PROFILE(defederation);
 
-	if (profile->remote_providerID)
-		g_free(profile->remote_providerID);
-	if (profile->request)
-		lasso_node_destroy(LASSO_NODE(profile->request));
+	lasso_release(profile->remote_providerID);
+	lasso_release_gobject(profile->request);
 
 	if (remote_providerID != NULL) {
-		profile->remote_providerID = g_strdup(remote_providerID);
+		lasso_assign_string(profile->remote_providerID, remote_providerID);
 	} else {
-		profile->remote_providerID = lasso_server_get_first_providerID(profile->server);
+		lasso_assign_new_string(profile->remote_providerID, lasso_server_get_first_providerID(profile->server));
 		if (profile->remote_providerID == NULL) {
 			return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
 		}
@@ -215,9 +213,9 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem
 	nameIdentifier = LASSO_SAML_NAME_IDENTIFIER(nameIdentifier_n);
 
 	if (federation->local_nameIdentifier) {
-		profile->nameIdentifier = g_object_ref(federation->local_nameIdentifier);
+		lasso_assign_gobject(profile->nameIdentifier, federation->local_nameIdentifier);
 	} else {
-		profile->nameIdentifier = g_object_ref(nameIdentifier);
+		lasso_assign_gobject(profile->nameIdentifier, nameIdentifier);
 	}
 
 	/* get / verify http method */
@@ -256,8 +254,8 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem
 				nameIdentifier,
 				LASSO_SIGNATURE_TYPE_NONE,
 				0);
-		LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(profile->request)->RelayState =
-			g_strdup(profile->msg_relayState);
+		lasso_assign_string(LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(profile->request)->RelayState,
+			profile->msg_relayState);
 	}
 
 	if (lasso_provider_get_protocol_conformance(remote_provider) < LASSO_PROTOCOL_LIBERTY_1_2) {
@@ -308,7 +306,7 @@ lasso_defederation_process_notification_msg(LassoDefederation *defederation, cha
 
 	profile = LASSO_PROFILE(defederation);
 
-	profile->request = lasso_lib_federation_termination_notification_new();
+	lasso_assign_new_gobject(profile->request, lasso_lib_federation_termination_notification_new());
 	format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg);
 	if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
 		return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
@@ -319,7 +317,7 @@ lasso_defederation_process_notification_msg(LassoDefederation *defederation, cha
 				lasso_get_relaystate_from_query(request_msg));
 	}
 
-	profile->remote_providerID = g_strdup(LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(
+	lasso_assign_string(profile->remote_providerID, LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(
 				profile->request)->ProviderID);
 	remote_provider = g_hash_table_lookup(profile->server->providers,
 			profile->remote_providerID);
@@ -336,12 +334,12 @@ lasso_defederation_process_notification_msg(LassoDefederation *defederation, cha
 	if (format == LASSO_MESSAGE_FORMAT_QUERY)
 		profile->http_request_method = LASSO_HTTP_METHOD_REDIRECT;
 
-	profile->nameIdentifier = g_object_ref(LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(
+	lasso_assign_gobject(profile->nameIdentifier, LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(
 				profile->request)->NameIdentifier);
 
 	/* get the RelayState (only available in redirect mode) */
 	if (LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(profile->request)->RelayState)
-		profile->msg_relayState = g_strdup(
+		lasso_assign_string(profile->msg_relayState.
 				LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(
 					profile->request)->RelayState);
 
@@ -377,8 +375,8 @@ lasso_defederation_validate_notification(LassoDefederation *defederation)
 	/* If SOAP notification, then msg_url and msg_body are NULL */
 	/* if HTTP-Redirect notification, set msg_url with the federation
 	 * termination service return url, and set msg_body to NULL */
-	profile->msg_url = NULL;
-	profile->msg_body = NULL;
+	lasso_release(profile->msg_url)
+	lasso_release(profile->msg_body)
 
 	if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
 		remote_provider = g_hash_table_lookup(profile->server->providers,
@@ -401,9 +399,8 @@ lasso_defederation_validate_notification(LassoDefederation *defederation)
 			gchar *url;
 			gchar *query = g_strdup_printf("RelayState=%s", profile->msg_relayState);
 			url = lasso_concat_url_query(profile->msg_url, query);
-			g_free(profile->msg_url);
 			g_free(query);
-			profile->msg_url = url;
+			lasso_assign_new_string(profile->msg_url, url);
 		}
 	}
 
diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c
index 55944f4d..3660897a 100644
--- a/lasso/id-ff/lecp.c
+++ b/lasso/id-ff/lecp.c
@@ -36,6 +36,8 @@
 #include <lasso/id-ff/profileprivate.h>
 #include "../utils.h"
 
+#include "../utils.h"
+
 /*****************************************************************************/
 /* public methods                                                            */
 /*****************************************************************************/
@@ -73,10 +75,10 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp)
 		return LASSO_PROFILE_ERROR_MISSING_REQUEST;
 	}
 
-	lecp->authnRequestEnvelope = lasso_lib_authn_request_envelope_new_full(
+	lasso_assign_new_gobject(lecp->authnRequestEnvelope, lasso_lib_authn_request_envelope_new_full(
 			LASSO_LIB_AUTHN_REQUEST(profile->request),
 			LASSO_PROVIDER(profile->server)->ProviderID,
-			assertionConsumerServiceURL);
+			assertionConsumerServiceURL));
 	if (lecp->authnRequestEnvelope == NULL) {
 		return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
 	}
@@ -93,7 +95,7 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp)
 	xmlNodeDumpOutput(buf, NULL, msg, 0, 0, "utf-8");
 	xmlOutputBufferFlush(buf);
 
-	profile->msg_body = g_strdup(
+	lasso_assign_string(profile->msg_body,
 			(char*)(buf->conv ? buf->conv->content : buf->buffer->content));
 	xmlOutputBufferClose(buf);
 	xmlFreeNode(msg);
@@ -132,8 +134,8 @@ lasso_lecp_build_authn_request_msg(LassoLecp *lecp)
 	remote_provider = g_hash_table_lookup(profile->server->providers,
 			profile->remote_providerID);
 
-	profile->msg_url  = lasso_provider_get_metadata_one(
-			remote_provider, "SingleSignOnServiceURL");
+	lasso_assign_new_string(profile->msg_url, lasso_provider_get_metadata_one(
+			remote_provider, "SingleSignOnServiceURL"));
 	/* msg_body has usally been set in
 	 * lasso_lecp_process_authn_request_envelope_msg() */
 	if (profile->msg_body == NULL)
@@ -162,11 +164,11 @@ lasso_lecp_build_authn_response_msg(LassoLecp *lecp)
 	profile = LASSO_PROFILE(lecp);
 	lasso_profile_clean_msg_info(profile);
 
-	profile->msg_url = g_strdup(lecp->assertionConsumerServiceURL);
+	lasso_assign_string(profile->msg_url, lecp->assertionConsumerServiceURL);
 	if (profile->msg_url == NULL) {
 		return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
 	}
-	profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response));
+	lasso_assign_new_string(profile->msg_body, lasso_node_export_to_base64(LASSO_NODE(profile->response)));
 	if (profile->msg_body == NULL) {
 		return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
 	}
@@ -213,16 +215,12 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp)
 		return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
 	}
 
-	if (LASSO_PROFILE(lecp)->msg_body)
-		g_free(LASSO_PROFILE(lecp)->msg_body);
-
-	if (LASSO_PROFILE(lecp)->msg_url)
-		g_free(LASSO_PROFILE(lecp)->msg_url);
-	LASSO_PROFILE(lecp)->msg_url = NULL;
+	lasso_release (LASSO_PROFILE(lecp)->msg_body);
+	lasso_release (LASSO_PROFILE(lecp)->msg_url);
 
-	lecp->authnResponseEnvelope = lasso_lib_authn_response_envelope_new(
+	lasso_assign_new_gobject(lecp->authnResponseEnvelope, lasso_lib_authn_response_envelope_new(
 			LASSO_LIB_AUTHN_RESPONSE(profile->response),
-			assertionConsumerServiceURL);
+			assertionConsumerServiceURL));
 	LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
 			)->private_key_file = profile->server->private_key;
 	LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index cad31199..3a9109e9 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -184,21 +184,24 @@ lasso_logout_build_response_msg(LassoLogout *logout)
 
 	if (profile->response == NULL) {
 		if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
-			profile->response = lasso_lib_logout_response_new_full(
-					LASSO_PROVIDER(profile->server)->ProviderID,
-					LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
-					LASSO_LIB_LOGOUT_REQUEST(profile->request),
-					profile->server->certificate ?
-					LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
-					LASSO_SIGNATURE_METHOD_RSA_SHA1);
+			lasso_assign_new_gobject(profile->response,
+					lasso_lib_logout_response_new_full(
+						LASSO_PROVIDER(profile->server)->ProviderID,
+						LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
+						LASSO_LIB_LOGOUT_REQUEST(profile->request),
+						profile->server->certificate ?
+						LASSO_SIGNATURE_TYPE_WITHX509 :
+						LASSO_SIGNATURE_TYPE_SIMPLE,
+						LASSO_SIGNATURE_METHOD_RSA_SHA1));
 		}
 		if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
-			profile->response = lasso_lib_logout_response_new_full(
-					LASSO_PROVIDER(profile->server)->ProviderID,
-					LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
-					LASSO_LIB_LOGOUT_REQUEST(profile->request),
-					LASSO_SIGNATURE_TYPE_NONE,
-					0);
+			lasso_assign_new_gobject(profile->response,
+					lasso_lib_logout_response_new_full(
+						LASSO_PROVIDER(profile->server)->ProviderID,
+						LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
+						LASSO_LIB_LOGOUT_REQUEST(profile->request),
+						LASSO_SIGNATURE_TYPE_NONE,
+						0));
 		}
 	}
 
@@ -209,14 +212,21 @@ lasso_logout_build_response_msg(LassoLogout *logout)
 		return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
 	}
 
+	/* Set the RelayState */
+	lasso_assign_string(LASSO_LIB_STATUS_RESPONSE(profile->response)->RelayState,
+			profile->msg_relayState);
+
 	/* build logout response message */
 	if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
-		profile->msg_url = NULL;
-		LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->private_key_file =
-			g_strdup(profile->server->private_key);
-		LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->certificate_file =
-			profile->server->certificate;
-		profile->msg_body = lasso_node_export_to_soap(profile->response);
+		lasso_release(profile->msg_url);
+		lasso_assign_string(
+				LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->private_key_file,
+				profile->server->private_key);
+		lasso_assign_string(
+				LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->certificate_file,
+				profile->server->certificate);
+		lasso_assign_new_string(profile->msg_body,
+				lasso_node_export_to_soap(profile->response));
 		return 0;
 	}
 
@@ -238,13 +248,13 @@ lasso_logout_build_response_msg(LassoLogout *logout)
 				profile->server->signature_method,
 				profile->server->private_key);
 		if (query == NULL) {
-			g_free(url);
+			lasso_release(url);
 			return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
 		}
-		profile->msg_url = lasso_concat_url_query(url, query);
-		profile->msg_body = NULL;
-		g_free(url);
-		g_free(query);
+		lasso_assign_new_string(profile->msg_url, lasso_concat_url_query(url, query));
+		lasso_release(profile->msg_body);
+		lasso_release(url);
+		lasso_release(query);
 		return 0;
 	}
 
@@ -341,9 +351,9 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 	   If remote_providerID is NULL, then get the first remote provider id in session */
 	g_free(profile->remote_providerID);
 	if (remote_providerID == NULL) {
-		profile->remote_providerID = lasso_session_get_provider_index(session, 0);
+		lasso_assign_new_string(profile->remote_providerID, lasso_session_get_provider_index(session, 0));
 	} else {
-		profile->remote_providerID = g_strdup(remote_providerID);
+		lasso_assign_string(profile->remote_providerID, remote_providerID);
 	}
 	if (profile->remote_providerID == NULL) {
 		return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
@@ -373,7 +383,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 		LassoLibAuthenticationStatement *as =
 			LASSO_LIB_AUTHENTICATION_STATEMENT(assertion->AuthenticationStatement);
 		if (as->SessionIndex)
-			session_index = g_strdup(as->SessionIndex);
+			lasso_assign_string(session_index, as->SessionIndex);
 	}
 
 	/* if format is one time, then get name identifier from assertion,
@@ -391,8 +401,8 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 	/* FIXME: Should first decrypt the EncryptedNameIdentifier */
 
 	if ((nameIdentifier && strcmp(nameIdentifier->Format,
-				LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0)
-				|| encryptedNameIdentifier) {
+					LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0)
+			|| encryptedNameIdentifier) {
 
 		if (LASSO_IS_IDENTITY(profile->identity) == FALSE) {
 			return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND);
@@ -442,11 +452,11 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 					profile->remote_providerID = g_strdup(
 							logout->initial_remote_providerID);
 					profile->response = lasso_lib_logout_response_new_full(
-						LASSO_PROVIDER(profile->server)->ProviderID,
-						LASSO_SAML_STATUS_CODE_SUCCESS,
-						LASSO_LIB_LOGOUT_REQUEST(logout->initial_request),
-						LASSO_SIGNATURE_TYPE_NONE,
-						0);
+							LASSO_PROVIDER(profile->server)->ProviderID,
+							LASSO_SAML_STATUS_CODE_SUCCESS,
+							LASSO_LIB_LOGOUT_REQUEST(logout->initial_request),
+							LASSO_SIGNATURE_TYPE_NONE,
+							0);
 				}
 			}
 			return LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE;
@@ -465,7 +475,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 				LASSO_PROVIDER(profile->server)->ProviderID,
 				nameIdentifier,
 				profile->server->certificate ?
-					LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
+				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
 				LASSO_SIGNATURE_METHOD_RSA_SHA1);
 	} else { /* http_method == LASSO_HTTP_METHOD_REDIRECT */
 		is_http_redirect_get_method = TRUE;
@@ -483,11 +493,10 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
 		LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->MinorVersion = 1;
 	}
 
-	if (session_index)
-		LASSO_LIB_LOGOUT_REQUEST(profile->request)->SessionIndex = session_index;
-	if (profile->msg_relayState)
-		LASSO_LIB_LOGOUT_REQUEST(profile->request)->RelayState =
-			g_strdup(profile->msg_relayState);
+	lasso_assign_string(LASSO_LIB_LOGOUT_REQUEST(profile->request)->SessionIndex,
+			session_index);
+	lasso_assign_string(LASSO_LIB_LOGOUT_REQUEST(profile->request)->RelayState,
+			profile->msg_relayState);
 
 	/* if logout request from a SP and if an HTTP Redirect/GET method, then remove assertion */
 	if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP && is_http_redirect_get_method) {
@@ -544,7 +553,7 @@ lasso_logout_process_request_msg(LassoLogout *logout, char *request_msg)
 		g_free(profile->remote_providerID);
 	}
 
-	profile->remote_providerID = g_strdup(
+	lasso_assign_string(profile->remote_providerID,
 			LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID);
 
 	remote_provider = g_hash_table_lookup(profile->server->providers,
@@ -562,7 +571,7 @@ lasso_logout_process_request_msg(LassoLogout *logout, char *request_msg)
 	if (format == LASSO_MESSAGE_FORMAT_QUERY)
 		profile->http_request_method = LASSO_HTTP_METHOD_REDIRECT;
 
-	profile->nameIdentifier = g_object_ref(
+	lasso_assign_gobject(profile->nameIdentifier,
 			LASSO_LIB_LOGOUT_REQUEST(profile->request)->NameIdentifier);
 
 	return profile->signature_status;
@@ -610,13 +619,7 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg)
 		return lasso_saml20_logout_process_response_msg(logout, response_msg);
 	}
 
-	/* before verify if profile->response is set */
-	if (LASSO_IS_LIB_LOGOUT_RESPONSE(profile->response) == TRUE) {
-		lasso_node_destroy(profile->response);
-		profile->response = NULL;
-	}
-
-	profile->response = lasso_lib_logout_response_new();
+	lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new());
 	format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg);
 
 	switch (format) {
@@ -630,8 +633,12 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg)
 			return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
 	}
 
+	/* get the RelayState */
+	lasso_assign_string(profile->msg_relayState,
+			LASSO_LIB_STATUS_RESPONSE(profile->response)->RelayState);
+
 	/* get provider */
-	profile->remote_providerID = g_strdup(
+	lasso_assign_string(profile->remote_providerID,
 			LASSO_LIB_STATUS_RESPONSE(profile->response)->ProviderID);
 	if (profile->remote_providerID == NULL) {
 		return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
@@ -684,13 +691,13 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg)
 					profile->server->signature_method,
 					profile->server->private_key);
 			if (query == NULL) {
-				g_free(url);
+				lasso_release(url);
 				return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
 			}
-			profile->msg_url = lasso_concat_url_query(url, query);
-			g_free(url);
-			g_free(query);
-			profile->msg_body = NULL;
+			lasso_assign_new_string(profile->msg_url, lasso_concat_url_query(url, query));
+			lasso_release(url);
+			lasso_release(query);
+			lasso_release(profile->msg_body);
 
 			/* send a HTTP Redirect / GET method, so first remove session */
 			lasso_session_remove_assertion(
@@ -720,9 +727,6 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg)
 
 	/* LogoutResponse status code value is ok */
 
-	/* set the msg_relayState */
-	profile->msg_relayState = g_strdup(
-			LASSO_LIB_STATUS_RESPONSE(profile->response)->RelayState);
 
 	/* if SOAP method or, if IDP provider type and HTTP Redirect, then remove assertion */
 	if ( response_method == LASSO_HTTP_METHOD_SOAP ||
@@ -749,20 +753,12 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg)
 		remote_provider = g_hash_table_lookup(profile->server->providers,
 				logout->initial_remote_providerID);
 		if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
-			if (profile->remote_providerID != NULL)
-				g_free(profile->remote_providerID);
-			if (profile->request != NULL)
-				lasso_node_destroy(LASSO_NODE(profile->request));
-			if (profile->response != NULL)
-				lasso_node_destroy(LASSO_NODE(profile->response));
-
-			profile->remote_providerID = logout->initial_remote_providerID;
-			profile->request = logout->initial_request;
-			profile->response = logout->initial_response;
-
-			logout->initial_remote_providerID = NULL;
-			logout->initial_request = NULL;
-			logout->initial_response = NULL;
+			lasso_transfer_string(profile->remote_providerID,
+					logout->initial_remote_providerID);
+			lasso_assign_gobject(profile->request, logout->initial_request);
+			lasso_assign_gobject(profile->response, logout->initial_response);
+			lasso_release_gobject(logout->initial_request);
+			lasso_release_gobject(logout->initial_response);
 		}
 	}
 
@@ -841,8 +837,9 @@ lasso_logout_validate_request(LassoLogout *logout)
 	}
 
 	/* verify logout request */
-	if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == FALSE)
+	if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == FALSE) {
 		return LASSO_PROFILE_ERROR_MISSING_REQUEST;
+	}
 
 	lasso_assign_string(profile->remote_providerID,
 			LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID);
@@ -857,21 +854,21 @@ lasso_logout_validate_request(LassoLogout *logout)
 	/* Set LogoutResponse */
 	lasso_release_gobject(profile->response);
 	if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
-		profile->response = lasso_lib_logout_response_new_full(
+		lasso_assign_gobject(profile->response, lasso_lib_logout_response_new_full(
 				LASSO_PROVIDER(profile->server)->ProviderID,
 				LASSO_SAML_STATUS_CODE_SUCCESS,
 				LASSO_LIB_LOGOUT_REQUEST(profile->request),
 				profile->server->certificate ?
 					LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
-				LASSO_SIGNATURE_METHOD_RSA_SHA1);
+				LASSO_SIGNATURE_METHOD_RSA_SHA1));
 	}
 	if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
-		profile->response = lasso_lib_logout_response_new_full(
+		lasso_assign_gobject(profile->response, lasso_lib_logout_response_new_full(
 				LASSO_PROVIDER(profile->server)->ProviderID,
 				LASSO_SAML_STATUS_CODE_SUCCESS,
 				LASSO_LIB_LOGOUT_REQUEST(profile->request),
 				LASSO_SIGNATURE_TYPE_NONE,
-				0);
+				0));
 	}
 	if (LASSO_IS_LIB_LOGOUT_RESPONSE(profile->response) == FALSE) {
 		return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
@@ -954,7 +951,7 @@ lasso_logout_validate_request(LassoLogout *logout)
 	/* authentication is ok, federation is ok, propagation support is ok, remove assertion */
 	lasso_session_remove_assertion(profile->session, profile->remote_providerID);
 
-	/* if at IDP and nb sp logged > 1, then backup remote provider id,
+	/* if at IDP and nb sp logged >= 1, then backup remote provider id,
 	 * request and response
 	 */
 	if (remote_provider->role == LASSO_PROVIDER_ROLE_SP &&
@@ -1071,12 +1068,6 @@ instance_init(LassoLogout *logout)
 {
 	logout->private_data = g_new(LassoLogoutPrivate, 1);
 	logout->private_data->dispose_has_run = FALSE;
-
-	logout->initial_request = NULL;
-	logout->initial_response = NULL;
-	logout->initial_remote_providerID = NULL;
-
-	logout->providerID_index = 0;
 }
 
 static void