Fixed big mistake about PAOS naming. Added more strict check when trying to process PAOS response in login.c.

5 files changed, 40 insertions, 26 deletions

diff --git a/lasso/saml-2.0/ecp.c b/lasso/saml-2.0/ecp.c
index 0b2571f1..10f1128d 100644
--- a/lasso/saml-2.0/ecp.c
+++ b/lasso/saml-2.0/ecp.c
@@ -126,7 +126,7 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg)
 	xmlDoc *doc;
 	xmlXPathContext *xpathCtx;
 	xmlXPathObject *xpathObj;
-	xmlNode *envelope, *new_envelope, *header, *poas_response, *ecp_relay_state;
+	xmlNode *envelope, *new_envelope, *header, *paos_response, *ecp_relay_state;
 	xmlNode *body = NULL;
 	xmlOutputBuffer *buf;
 	xmlCharEncodingHandler *handler;
@@ -153,21 +153,21 @@ lasso_ecp_process_response_msg(LassoEcp *ecp, const char *response_msg)
 	new_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope");
 	xmlSetNs(new_envelope, xmlNewNs(new_envelope,
 		(xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX));
-	xmlNewNs(poas_response,
-		(xmlChar*)LASSO_POAS_HREF, (xmlChar*)LASSO_POAS_PREFIX);
+	xmlNewNs(paos_response,
+		(xmlChar*)LASSO_PAOS_HREF, (xmlChar*)LASSO_PAOS_PREFIX);
 	xmlNewNs(new_envelope,
 		(xmlChar*)LASSO_SAML_ASSERTION_HREF, (xmlChar*)LASSO_SAML_ASSERTION_PREFIX);
 	header = xmlNewTextChild(new_envelope, NULL, (xmlChar*)"Header", NULL);
 
-	/* POAS request header block */
+	/* PAOS request header block */
 	soap_env_ns = xmlNewNs(envelope,
 				(xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX);
-	poas_response = xmlNewNode(NULL, (xmlChar*)"Response");
-	xmlSetNs(poas_response, xmlNewNs(poas_response,
-				(xmlChar*)LASSO_POAS_HREF, (xmlChar*)LASSO_POAS_PREFIX));
-	xmlSetNsProp(poas_response, soap_env_ns, "mustUnderstand", "1");
-	xmlSetNsProp(poas_response, soap_env_ns, "actor", LASSO_SOAP_ENV_ACTOR);
-	xmlAddChild(header, poas_response);
+	paos_response = xmlNewNode(NULL, (xmlChar*)"Response");
+	xmlSetNs(paos_response, xmlNewNs(paos_response,
+				(xmlChar*)LASSO_PAOS_HREF, (xmlChar*)LASSO_PAOS_PREFIX));
+	xmlSetNsProp(paos_response, soap_env_ns, "mustUnderstand", "1");
+	xmlSetNsProp(paos_response, soap_env_ns, "actor", LASSO_SOAP_ENV_ACTOR);
+	xmlAddChild(header, paos_response);
 
 	/* ECP relay state block */
 	if (LASSO_PROFILE(ecp)->msg_relayState) {
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 3a38834f..8d83beaf 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -155,7 +155,7 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login, LassoProvider *rem
 				lasso_saml20_login_get_assertion_consumer_service_url(
 				       login, LASSO_PROVIDER(profile->server));
 			profile->msg_url = NULL;
-			profile->msg_body = lasso_node_export_to_poas_request(profile->request,
+			profile->msg_body = lasso_node_export_to_paos_request(profile->request,
 							issuer, responseConsumerURL,
 							profile->msg_relayState);
 		} else {
@@ -800,6 +800,20 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg)
 	doc = xmlParseMemory(msg, strlen(msg));
 	xpathCtx = xmlXPathNewContext(doc);
 
+	/* check PAOS response */
+	xmlnode = NULL;
+	xmlXPathRegisterNs(xpathCtx, (xmlChar*)"paos", (xmlChar*)LASSO_PAOS_HREF);
+	xpathObj = xmlXPathEvalExpression((xmlChar*)"//paos:Response", xpathCtx);
+	if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
+		xmlnode = xpathObj->nodesetval->nodeTab[0];
+	}
+	if (xmlnode == NULL) {
+		xmlFreeDoc(doc);
+		xmlXPathFreeContext(xpathCtx);
+		xmlXPathFreeObject(xpathObj);
+		return LASSO_PROFILE_ERROR_INVALID_MSG;
+	}
+
 	xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ecp", (xmlChar*)LASSO_ECP_HREF);
 	xpathObj = xmlXPathEvalExpression((xmlChar*)"//ecp:RelayState", xpathCtx);
 	if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h
index f740c2a1..22a4a5cb 100644
--- a/lasso/xml/strings.h
+++ b/lasso/xml/strings.h
@@ -314,8 +314,8 @@
 /* POAS BINDING                                                              */
 /*****************************************************************************/
 
-#define LASSO_POAS_HREF   "urn:liberty:paos:2003-08"
-#define LASSO_POAS_PREFIX "poas"
+#define LASSO_PAOS_HREF   "urn:liberty:paos:2003-08"
+#define LASSO_PAOS_PREFIX "paos"
 
 /*****************************************************************************/
 /* ECP BINDING                                                              */
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index 718d93bf..cd73c08d 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -242,19 +242,19 @@ lasso_node_export_to_ecp_soap_response(LassoNode *node, const char *assertionCon
 }
 
 /**
- * lasso_node_export_to_poas_request:
+ * lasso_node_export_to_paos_request:
  * @node: a #LassoNode
  * 
  * Exports @node to a PAOS message.
  * 
- * Return value: a POAS export of @node.  The string must be freed by the
+ * Return value: a PAOS export of @node.  The string must be freed by the
  *      caller.
  **/
 char*
-lasso_node_export_to_poas_request(LassoNode *node, const char *issuer,
+lasso_node_export_to_paos_request(LassoNode *node, const char *issuer,
 				  const char *responseConsumerURL, const char *relay_state)
 {
-	xmlNode *envelope, *body, *header, *poas_request, *ecp_request, *ecp_relay_state, *message;
+	xmlNode *envelope, *body, *header, *paos_request, *ecp_request, *ecp_relay_state, *message;
 	xmlNs *soap_env_ns, *saml_ns, *ecp_ns;
 	xmlOutputBuffer *buf;
 	xmlCharEncodingHandler *handler;
@@ -271,14 +271,14 @@ lasso_node_export_to_poas_request(LassoNode *node, const char *issuer,
 
 	header = xmlNewTextChild(envelope, NULL, (xmlChar*)"Header", NULL);
 
-	/* POAS request header block */
-	poas_request = xmlNewNode(NULL, (xmlChar*)"Request");
-	xmlSetNs(poas_request, xmlNewNs(poas_request,
-					(xmlChar*)LASSO_POAS_HREF, (xmlChar*)LASSO_POAS_PREFIX));
-	xmlSetProp(poas_request, "service", LASSO_POAS_HREF);
-	xmlSetNsProp(poas_request, soap_env_ns, "mustUnderstand", "1");
-	xmlSetNsProp(poas_request, soap_env_ns, "actor", LASSO_SOAP_ENV_ACTOR);
-	xmlAddChild(header, poas_request);
+	/* PAOS request header block */
+	paos_request = xmlNewNode(NULL, (xmlChar*)"Request");
+	xmlSetNs(paos_request, xmlNewNs(paos_request,
+					(xmlChar*)LASSO_PAOS_HREF, (xmlChar*)LASSO_PAOS_PREFIX));
+	xmlSetProp(paos_request, "service", LASSO_PAOS_HREF);
+	xmlSetNsProp(paos_request, soap_env_ns, "mustUnderstand", "1");
+	xmlSetNsProp(paos_request, soap_env_ns, "actor", LASSO_SOAP_ENV_ACTOR);
+	xmlAddChild(header, paos_request);
 
 	/* ECP request header block */
 	ecp_request = xmlNewNode(NULL, (xmlChar*)"Request");
diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h
index b6b2aef9..330ac956 100644
--- a/lasso/xml/xml.h
+++ b/lasso/xml/xml.h
@@ -139,7 +139,7 @@ LASSO_EXPORT char* lasso_node_export_to_query(LassoNode *node,
 
 LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node);
 
-LASSO_EXPORT char* lasso_node_export_to_poas_request(LassoNode *node, const char *issuer,
+LASSO_EXPORT char* lasso_node_export_to_paos_request(LassoNode *node, const char *issuer,
 				const char *responseConsumerURL, const char *relay_state);
 
 LASSO_EXPORT char* lasso_node_export_to_ecp_soap_response(LassoNode *node,