Merge branch 'hotfixes-2.3.5'

6 files changed, 30 insertions, 31 deletions

diff --git a/configure.ac b/configure.ac
index 1ccb4146..526df6d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
 dnl   first number.
 dnl - Third number is the current API version implementation version number.
 dnl See libtool explanations about current, age and release, later in this file.
-AC_INIT([lasso], 2.3.4, lasso-devel@lists.labs.libre-entreprise.org)
+AC_INIT([lasso], 2.3.5, lasso-devel@lists.labs.libre-entreprise.org)
 dnl Check if autoconf ver > 2.53
 AC_PREREQ(2.53)
 AC_CONFIG_MACRO_DIR([m4])
@@ -184,7 +184,7 @@ dnl - interfaces removed -> AGE = 0
 # m = a
 # r = r
 current=`expr $VERSION_MAJOR + $VERSION_MINOR`
-LASSO_VERSION_INFO="12:2:9"
+LASSO_VERSION_INFO="12:3:9"
 AC_SUBST(LASSO_VERSION_INFO)
 
 dnl Compute the minimal supported ABI version for Win32 scripts and resources files.
diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c
index a0b24aa9..ee0d10f8 100644
--- a/lasso/id-ff/profile.c
+++ b/lasso/id-ff/profile.c
@@ -115,6 +115,20 @@ lasso_profile_get_nameIdentifier(LassoProfile *profile)
 	if (profile->remote_providerID == NULL)
 		return NULL;
 
+	/* For transient federations, we must look at assertions no federation object exists */
+	if (LASSO_IS_SESSION(profile->session)) {
+		LassoNode *assertion, *name_id;
+
+		assertion = lasso_session_get_assertion(profile->session,
+				profile->remote_providerID);
+
+		name_id = _lasso_saml_assertion_get_name_id((LassoSamlAssertion*)assertion);
+		if (name_id)
+			return name_id;
+		name_id = _lasso_saml2_assertion_get_name_id((LassoSaml2Assertion*)assertion);
+		if (name_id)
+			return name_id;
+	}
 	/* beware, it is not a real loop ! */
 	if (LASSO_IS_IDENTITY(profile->identity)) do {
 		remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
@@ -136,20 +150,6 @@ lasso_profile_get_nameIdentifier(LassoProfile *profile)
 		return federation->local_nameIdentifier;
 	} while (FALSE);
 
-	/* For transient federations, we must look at assertions no federation object exists */
-	if (LASSO_IS_SESSION(profile->session)) {
-		LassoNode *assertion, *name_id;
-
-		assertion = lasso_session_get_assertion(profile->session,
-				profile->remote_providerID);
-
-		name_id = _lasso_saml_assertion_get_name_id((LassoSamlAssertion*)assertion);
-		if (name_id)
-			return name_id;
-		name_id = _lasso_saml2_assertion_get_name_id((LassoSaml2Assertion*)assertion);
-		if (name_id)
-			return name_id;
-	}
 	return NULL;
 }
 
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 40b6d71c..08e5d6a2 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -701,7 +701,7 @@ int
 lasso_saml20_login_build_assertion(LassoLogin *login,
 		const char *authenticationMethod,
 		const char *authenticationInstant,
-		const char *notBefore,
+		G_GNUC_UNUSED const char *notBefore,
 		const char *notOnOrAfter)
 {
 	LassoProfile *profile = &login->parent;
@@ -743,8 +743,6 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	assertion->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
 			LASSO_PROVIDER(profile->server)->ProviderID));
 	assertion->Conditions = LASSO_SAML2_CONDITIONS(lasso_saml2_conditions_new());
-	lasso_assign_string(assertion->Conditions->NotOnOrAfter, notOnOrAfter);
-	lasso_assign_string(assertion->Conditions->NotBefore, notBefore);
 
 	audience_restriction = LASSO_SAML2_AUDIENCE_RESTRICTION(
 			lasso_saml2_audience_restriction_new());
@@ -760,9 +758,6 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 		LASSO_SAML2_SUBJECT_CONFIRMATION_DATA(
 			lasso_saml2_subject_confirmation_data_new());
 	lasso_assign_string(
-		assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotBefore,
-		notBefore);
-	lasso_assign_string(
 		assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter,
 		notOnOrAfter);
 
diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c
index 7f677aa2..3d8859f0 100644
--- a/lasso/saml-2.0/logout.c
+++ b/lasso/saml-2.0/logout.c
@@ -82,8 +82,12 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
 	lasso_ref(assertion_n);
 	assertion = (LassoSaml2Assertion*)assertion_n;
 
-	/* set the nameid */
-	lasso_assign_gobject(logout_request->NameID, profile->nameIdentifier);
+	/* Set the NameID */
+	goto_cleanup_if_fail_with_rc(assertion->Subject != NULL,
+			LASSO_PROFILE_ERROR_MISSING_SUBJECT);
+	goto_cleanup_if_fail_with_rc(assertion->Subject->NameID != NULL,
+			LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER);
+	lasso_assign_gobject(logout_request->NameID, assertion->Subject->NameID);
 
 	/* Encrypt NameID */
 	if (lasso_provider_get_encryption_mode(remote_provider) == LASSO_ENCRYPTION_MODE_NAMEID) {
diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c
index 67ecc9f8..4f9192d5 100644
--- a/lasso/saml-2.0/provider.c
+++ b/lasso/saml-2.0/provider.c
@@ -82,7 +82,7 @@ binding_uri_to_http_method(const char *uri)
 	} else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_REDIRECT) == 0) {
 		return LASSO_HTTP_METHOD_REDIRECT;
 	} else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_POST) == 0) {
-		return LASSO_HTTP_METHOD_NONE;
+		return LASSO_HTTP_METHOD_POST;
 	} else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_ARTIFACT) == 0) {
 		return LASSO_HTTP_METHOD_ARTIFACT_GET;
 	} else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_PAOS) == 0) {
@@ -235,7 +235,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole
 
 	binding_s = binding_uri_to_identifier((char*)binding);
 	if (! binding_s) {
-		critical("XXX: unknown binding: %s", binding);
+		debug("Endpoint loading failed, unknown binding: %s", binding);
 		goto cleanup;
 	}
 
@@ -243,7 +243,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole
 	value = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_LOCATION);
 
 	if (value == NULL) {
-		message(G_LOG_LEVEL_CRITICAL, "XXX: missing location for element %s", xmlnode->name);
+		debug("Endpoint loading failed, missing location on element %s", xmlnode->name);
 		goto cleanup;
 	}
 	/* special case of AssertionConsumerService */
@@ -518,7 +518,6 @@ lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provide
 		kind = profile_names[protocol_type];
 	}
 	if (! kind) {
-		warning("Could not find a first http method for protocol type %u", protocol_type);
 		return LASSO_HTTP_METHOD_NONE;
 	}
 
@@ -526,7 +525,8 @@ lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provide
 		EndpointType *endpoint_type = (EndpointType*)t->data;
 		if (endpoint_type && lasso_strisequal(endpoint_type->kind, kind)) {
 			result = binding_uri_to_http_method(endpoint_type->binding);
-			if (result) break;
+			if (result != LASSO_HTTP_METHOD_NONE)
+				break;
 		}
 	}
 
@@ -546,7 +546,7 @@ lasso_saml20_provider_accept_http_method(G_GNUC_UNUSED LassoProvider *provider,
 	}
 	if (! kind) {
 		warning("Could not find a first http method for protocol type %u", protocol_type);
-		return LASSO_HTTP_METHOD_NONE;
+		return FALSE;
 	}
 
 	lasso_foreach(t, remote_provider->private_data->endpoints) {
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index b5d35050..5504c3fc 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -1081,7 +1081,7 @@ lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key,
 
 	g_return_if_fail(LASSO_IS_NODE(node));
 	custom_element = _lasso_node_get_custom_element(node);
-	if (custom_element->encryption_public_key) {
+	if (custom_element && custom_element->encryption_public_key) {
 		lasso_assign_sec_key(*encryption_public_key,
 				custom_element->encryption_public_key);
 		*encryption_sym_key_type = custom_element->encryption_sym_key_type;