diff options
| author | Nicolas Clapies <nclapies@entrouvert.com> | 2004-08-27 13:44:07 +0000 |
|---|---|---|
| committer | Nicolas Clapies <nclapies@entrouvert.com> | 2004-08-27 13:44:07 +0000 |
| commit | eaa4b813fcd0f7aa1152d98998afe5b59556142f (patch) | |
| tree | 09c78008476fbdc0fb442fabc235adc7e7f0f19c | |
| parent | 3ed5fa5681451b2407e316f01f22225f9d758e6d (diff) | |
| download | lasso-eaa4b813fcd0f7aa1152d98998afe5b59556142f.tar.gz lasso-eaa4b813fcd0f7aa1152d98998afe5b59556142f.tar.xz lasso-eaa4b813fcd0f7aa1152d98998afe5b59556142f.zip | |
Added index attribute (session->index_providerID) of next provider id returned when a call to lasso_session_get_providerID(), added lasso_session_reset_index_providerID() to reset the index to the first provider id of assertion list. the index is decremented when removing assertion. lasso_get_next_providerID() returns NULL if there is no assertion anymore or if the index point is at the end of the list. Added lasso_logout_get_next_providerID() lasso_logout_reset_index_providerID() to wrap session method
| -rw-r--r-- | lasso/id-ff/logout.c | 301 | ||||
| -rw-r--r-- | lasso/id-ff/logout.h | 9 | ||||
| -rw-r--r-- | lasso/id-ff/session.c | 81 | ||||
| -rw-r--r-- | lasso/id-ff/session.h | 17 |
4 files changed, 222 insertions, 186 deletions
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index df54c650..38e7e9c0 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -286,6 +286,9 @@ lasso_logout_destroy(LassoLogout *logout) * * This method returns the next logout request service provider id * excepted the initial service provider id. + * + * This method returns the next provider id to send a logout request. + * get the current provider id with index_remote_providerID as index in session->providerIDs. * * Return value: a newly allocated string or NULL **/ @@ -293,36 +296,16 @@ gchar* lasso_logout_get_next_providerID(LassoLogout *logout) { LassoProfile *profile; - gchar *current_provider_id; - int i; + gchar *provider_id; g_return_val_if_fail(LASSO_IS_LOGOUT(logout), NULL); - profile = LASSO_PROFILE(logout); - if (profile->session == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Session not found\n"); - return(NULL); - } + g_return_val_if_fail(LASSO_IS_SESSION(profile->session), NULL); - /* if a ProviderID from a SP request, pass it and return the next provider id found */ - for (i = 0; i < profile->session->providerIDs->len; i++) { - current_provider_id = g_strdup(g_ptr_array_index(profile->session->providerIDs, i)); - - /* if logout request from SP at IDP, verify not to return the ProviderID of the initial SP requester */ - if (logout->initial_remote_providerID != NULL) { - if (xmlStrEqual(current_provider_id, logout->initial_remote_providerID)) { - debug("It's the ProviderID of the SP requester (%s) : %s, pass it\n", - logout->initial_remote_providerID, - current_provider_id); - g_free(current_provider_id); - continue; - } - } - return(current_provider_id); - } - - return(NULL); + provider_id = lasso_session_get_next_providerID(profile->session); + + return(provider_id); } /** @@ -374,7 +357,7 @@ lasso_logout_init_request(LassoLogout *logout, /* get the remote provider id */ if (remote_providerID == NULL) { debug("No remote provider id, get the next assertion peer provider id\n"); - profile->remote_providerID = lasso_session_get_next_assertion_remote_providerID(profile->session); + profile->remote_providerID = lasso_session_get_next_providerID(profile->session); } else { debug("A remote provider id for logout request : %s\n", remote_providerID); @@ -632,6 +615,148 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, } /** + * lasso_logout_process_response_msg: + * @logout: the logout object + * @response_msg: the response message + * @response_method: the response method + * + * Process the response method : + * build the logout response object + * verify the status code value + * + * Return value: 0 if OK else < 0 + **/ +gint +lasso_logout_process_response_msg(LassoLogout *logout, + gchar *response_msg, + lassoHttpMethod response_method) +{ + LassoProfile *profile; + xmlChar *statusCodeValue; + LassoNode *statusCode; + GError *err = NULL; + gint ret = 0; + + g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1); + g_return_val_if_fail(response_msg != NULL, -1); + + profile = LASSO_PROFILE(logout); + + /* build logout response object */ + switch (response_method) { + case lassoHttpMethodSoap: + profile->response = lasso_logout_response_new_from_export(response_msg, lassoNodeExportTypeSoap); + break; + case lassoHttpMethodRedirect: + profile->response = lasso_logout_response_new_from_export(response_msg, lassoNodeExportTypeQuery); + break; + default: + message(G_LOG_LEVEL_CRITICAL, "Invalid response method\n"); + ret = -1; + goto done; + } + if (LASSO_IS_LOGOUT_RESPONSE(profile->response) == FALSE) { + message(G_LOG_LEVEL_CRITICAL, "Message is not a LogoutResponse\n"); + ret = -1; + goto done; + } + + statusCode = lasso_node_get_child(profile->response, "StatusCode", NULL, NULL); + if (statusCode == NULL) { + message(G_LOG_LEVEL_CRITICAL, "StatusCode node not found\n"); + ret = -1; + goto done; + } + + statusCodeValue = lasso_node_get_attr_value(statusCode, "Value", NULL); + + if (!xmlStrEqual(statusCodeValue, lassoSamlStatusCodeSuccess)) { + /* At SP, if the request method was a SOAP type, if at IDP, then rebuild the request message with HTTP method */ + if (profile->provider_type == lassoProviderTypeSp && profile->http_request_method == lassoHttpMethodSoap) { + /* temporary vars */ + LassoProvider *provider; + gchar *url, *query; + + provider = lasso_server_get_provider_ref(profile->server, profile->remote_providerID, &err); + if (provider == NULL) { + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); + goto done; + } + + /* FIXME : verify the IDP support a HTTP method */ + + /* Build and optionaly sign the logout request QUERY message */ + url = lasso_provider_get_singleLogoutServiceURL(provider, lassoProviderTypeIdp, NULL); + query = lasso_node_export_to_query(profile->request, + profile->server->signature_method, + profile->server->private_key); + profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1); + g_sprintf(profile->msg_url, "%s?%s", url, query); + profile->msg_body = NULL; + + /* send a HTTP Redirect / GET method, so first remove session */ + lasso_session_remove_assertion(profile->session, profile->remote_providerID); + } + + message(G_LOG_LEVEL_WARNING, "Status code value is not Success\n"); + ret = LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE; + goto done; + } + + /* LogoutResponse status code value is ok, so remove assertion */ + profile->remote_providerID = lasso_node_get_child_content(profile->response, "ProviderID", + NULL, NULL); + lasso_session_remove_assertion(profile->session, profile->remote_providerID); + + switch (profile->provider_type) { + case lassoProviderTypeSp: + /* */ + break; + case lassoProviderTypeIdp: + /* At IDP, if no more assertion for other providers and if initial remote provider id is set, + then remove his assertion and restore his original requester infos */ + if(profile->session->providerIDs->len == 1 && logout->initial_remote_providerID){ + lasso_session_remove_assertion(profile->session, logout->initial_remote_providerID); + + profile->remote_providerID = logout->initial_remote_providerID; + profile->request = logout->initial_request; + profile->response = logout->initial_response; + } + break; + default: + message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n"); + } + + done: + + return(ret); +} + +/** + * lasso_logout_reset_session_index: + * @logout: the logout object + * + * Call the reset of the index provider id in session object + * + * Return value: 0 if OK else < 0 + **/ +gint lasso_logout_reset_session_index(LassoLogout *logout) +{ + LassoProfile *profile; + + g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1); + profile = LASSO_PROFILE(logout); + + g_return_val_if_fail(LASSO_IS_SESSION(profile->session), -1); + + lasso_session_reset_index_providerID(profile->session); + + return(0); +} + +/** * lasso_logout_validate_request: * @logout: the logout object * @@ -810,130 +935,6 @@ lasso_logout_validate_request(LassoLogout *logout) return(ret); } -/** - * lasso_logout_process_response_msg: - * @logout: the logout object - * @response_msg: the response message - * @response_method: the response method - * - * Process the response method : - * build the logout response object - * verify the status code value - * - * Return value: 0 if OK else < 0 - **/ -gint -lasso_logout_process_response_msg(LassoLogout *logout, - gchar *response_msg, - lassoHttpMethod response_method) -{ - LassoProfile *profile; - xmlChar *statusCodeValue; - LassoNode *statusCode; - GError *err = NULL; - gint ret = 0; - - g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1); - g_return_val_if_fail(response_msg != NULL, -1); - - profile = LASSO_PROFILE(logout); - - /* build logout response object */ - switch (response_method) { - case lassoHttpMethodSoap: - profile->response = lasso_logout_response_new_from_export(response_msg, lassoNodeExportTypeSoap); - break; - case lassoHttpMethodRedirect: - profile->response = lasso_logout_response_new_from_export(response_msg, lassoNodeExportTypeQuery); - break; - default: - message(G_LOG_LEVEL_CRITICAL, "Invalid response method\n"); - ret = -1; - goto done; - } - if (LASSO_IS_LOGOUT_RESPONSE(profile->response) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "Message is not a LogoutResponse\n"); - ret = -1; - goto done; - } - - statusCode = lasso_node_get_child(profile->response, "StatusCode", NULL, NULL); - if (statusCode == NULL) { - message(G_LOG_LEVEL_CRITICAL, "StatusCode node not found\n"); - ret = -1; - goto done; - } - - statusCodeValue = lasso_node_get_attr_value(statusCode, "Value", NULL); - - if (!xmlStrEqual(statusCodeValue, lassoSamlStatusCodeSuccess)) { - /* At SP, if the request method was a SOAP type, if at IDP, then rebuild the request message with HTTP method */ - if (profile->provider_type == lassoProviderTypeSp && profile->http_request_method == lassoHttpMethodSoap) { - /* temporary vars */ - LassoProvider *provider; - gchar *url, *query; - - provider = lasso_server_get_provider_ref(profile->server, profile->remote_providerID, &err); - if (provider == NULL) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_error_free(err); - goto done; - } - - /* FIXME : verify the IDP support a HTTP method */ - - /* Build and optionaly sign the logout request QUERY message */ - url = lasso_provider_get_singleLogoutServiceURL(provider, lassoProviderTypeIdp, NULL); - query = lasso_node_export_to_query(profile->request, - profile->server->signature_method, - profile->server->private_key); - profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1); - g_sprintf(profile->msg_url, "%s?%s", url, query); - profile->msg_body = NULL; - - /* send a HTTP Redirect / GET method, so first remove session */ - lasso_session_remove_assertion(profile->session, profile->remote_providerID); - } - - message(G_LOG_LEVEL_WARNING, "Status code value is not Success\n"); - ret = LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE; - goto done; - } - - /* LogoutResponse status code value is ok, so remove assertion */ - - profile->remote_providerID = lasso_node_get_child_content(profile->response, "ProviderID", - NULL, NULL); - - /* response os ok, delete the assertion */ - lasso_session_remove_assertion(profile->session, profile->remote_providerID); - - /* response is ok, so delete the assertion */ - switch (profile->provider_type) { - case lassoProviderTypeSp: - /* */ - break; - case lassoProviderTypeIdp: - /* if no more assertion for other providers and if initial remote provider id is set, - then remove his assertion and restore his original requester infos */ - if(profile->session->providerIDs->len == 1 && logout->initial_remote_providerID){ - lasso_session_remove_assertion(profile->session, logout->initial_remote_providerID); - - profile->remote_providerID = logout->initial_remote_providerID; - profile->request = logout->initial_request; - profile->response = logout->initial_response; - } - break; - default: - message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n"); - } - - done: - - return(ret); -} - /*****************************************************************************/ /* overrided parent class methods */ /*****************************************************************************/ diff --git a/lasso/id-ff/logout.h b/lasso/id-ff/logout.h index 70bd77ff..fe760ea0 100644 --- a/lasso/id-ff/logout.h +++ b/lasso/id-ff/logout.h @@ -84,12 +84,15 @@ LASSO_EXPORT gint lasso_logout_process_request_msg (LassoLogout *lo gchar *request_msg, lassoHttpMethod request_method); -LASSO_EXPORT gint lasso_logout_validate_request (LassoLogout *logout); - LASSO_EXPORT gint lasso_logout_process_response_msg (LassoLogout *logout, gchar *response_msg, lassoHttpMethod response_method); - + +LASSO_EXPORT gint lasso_logout_reset_session_index (LassoLogout *logout); + +LASSO_EXPORT gint lasso_logout_validate_request (LassoLogout *logout); + + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c index dabd9d4b..c7dd8644 100644 --- a/lasso/id-ff/session.c +++ b/lasso/id-ff/session.c @@ -83,19 +83,19 @@ lasso_session_dump_assertion(gpointer key, gint lasso_session_add_assertion(LassoSession *session, - gchar *remote_providerID, + gchar *providerID, LassoNode *assertion) { int i; gboolean found = FALSE; g_return_val_if_fail(session != NULL, -1); - g_return_val_if_fail(remote_providerID != NULL, -2); + g_return_val_if_fail(providerID != NULL, -2); g_return_val_if_fail(assertion != NULL, -3); /* add the remote provider id */ for(i = 0; i<session->providerIDs->len; i++) { - if(xmlStrEqual(remote_providerID, g_ptr_array_index(session->providerIDs, i))) { + if(xmlStrEqual(providerID, g_ptr_array_index(session->providerIDs, i))) { found = TRUE; break; } @@ -104,13 +104,18 @@ lasso_session_add_assertion(LassoSession *session, debug("An assertion existed already for this providerID, it was replaced by the new one.\n"); } else { - g_ptr_array_add(session->providerIDs, g_strdup(remote_providerID)); + g_ptr_array_add(session->providerIDs, g_strdup(providerID)); } /* add the assertion */ - g_hash_table_insert(session->assertions, g_strdup(remote_providerID), + g_hash_table_insert(session->assertions, g_strdup(providerID), lasso_node_copy(assertion)); + /* If index_providerID is -1, then set to 0 (now there is at least one assertion) */ + if (session->index_providerID < 0) { + session->index_providerID = 0; + } + session->is_dirty = TRUE; return(0); @@ -187,15 +192,15 @@ lasso_session_dump(LassoSession *session) LassoNode* lasso_session_get_assertion(LassoSession *session, - gchar *remote_providerID) + gchar *providerID) { LassoNode *assertion; g_return_val_if_fail(session != NULL, NULL); - g_return_val_if_fail(remote_providerID != NULL, NULL); + g_return_val_if_fail(providerID != NULL, NULL); assertion = (LassoNode *)g_hash_table_lookup(session->assertions, - remote_providerID); + providerID); if (assertion == NULL) { return NULL; } @@ -212,11 +217,11 @@ lasso_session_get_authentication_method(LassoSession *session, gchar *authentication_method; GError *err = NULL; - if (remote_providerID == NULL) { - providerID = lasso_session_get_next_assertion_remote_providerID(session); + if (providerID == NULL) { + providerID = lasso_session_get_next_providerID(session); } assertion = lasso_session_get_assertion(session, providerID); - if (remote_providerID == NULL) { + if (providerID == NULL) { g_free(providerID); } as = lasso_node_get_child(assertion, "AuthenticationStatement", NULL, NULL); @@ -234,9 +239,9 @@ lasso_session_get_authentication_method(LassoSession *session, } gchar* -lasso_session_get_next_assertion_remote_providerID(LassoSession *session) +lasso_session_get_next_providerID(LassoSession *session) { - gchar *remote_providerID; + gchar *providerID; g_return_val_if_fail(session!=NULL, NULL); @@ -244,43 +249,64 @@ lasso_session_get_next_assertion_remote_providerID(LassoSession *session) return(NULL); } - remote_providerID = g_strdup(g_ptr_array_index(session->providerIDs, 0)); + if (session->index_providerID < 0) { + return(NULL); + } + + /* get the next provider id and increments the index */ + providerID = g_strdup(g_ptr_array_index(session->providerIDs, session->index_providerID)); + session->index_providerID++; - return(remote_providerID); + return(providerID); } gint lasso_session_remove_assertion(LassoSession *session, - gchar *remote_providerID) + gchar *providerID) { LassoNode *assertion; int i; g_return_val_if_fail(session != NULL, -1); - g_return_val_if_fail(remote_providerID != NULL, -2); + g_return_val_if_fail(providerID != NULL, -2); /* remove the assertion */ - assertion = lasso_session_get_assertion(session, remote_providerID); + assertion = lasso_session_get_assertion(session, providerID); if (assertion != NULL) { - debug("Remove assertion of remote provider id %s\n", remote_providerID); - g_hash_table_remove(session->assertions, remote_providerID); + debug("Remove assertion of remote provider id %s\n", providerID); + g_hash_table_remove(session->assertions, providerID); lasso_node_destroy(assertion); } /* remove the remote provider id */ for(i = 0; i<session->providerIDs->len; i++) { - if(xmlStrEqual(remote_providerID, g_ptr_array_index(session->providerIDs, i))) { - debug("Remove remote provider id %s\n", remote_providerID); + if(xmlStrEqual(providerID, g_ptr_array_index(session->providerIDs, i))) { + debug("Remove remote provider id %s\n", providerID); g_ptr_array_remove_index(session->providerIDs, i); break; } } + /* decrements the index of provider id */ + session->index_providerID--; + session->is_dirty = TRUE; return(0); } +gint +lasso_session_reset_index_providerID(LassoSession *session) +{ + g_return_val_if_fail(session != NULL, -1); + + if (session->index_providerID >= 0) { + session->index_providerID = 0; + } + + return(0); +} + /*****************************************************************************/ /* overrided parent class methods */ /*****************************************************************************/ @@ -336,6 +362,7 @@ lasso_session_instance_init(LassoSession *session) session->assertions = g_hash_table_new_full(g_str_hash, g_str_equal, (GDestroyNotify)g_free, (GDestroyNotify)lasso_node_destroy); + session->index_providerID = -1; /* There is no assertion yet, so index_providerID is set to -1 */ session->is_dirty = TRUE; } @@ -390,7 +417,7 @@ lasso_session_new_from_dump(gchar *dump) LassoNode *session_node; LassoNode *assertions_node, *assertion_node, *assertion; xmlNodePtr assertions_xmlNode, assertion_xmlNode; - xmlChar *remote_providerID; + xmlChar *providerID; GError *err = NULL; g_return_val_if_fail(dump != NULL, NULL); @@ -418,16 +445,16 @@ lasso_session_new_from_dump(gchar *dump) xmlStrEqual(assertion_xmlNode->name, LASSO_SESSION_ASSERTION_NODE)) { /* assertion node */ assertion_node = lasso_node_new_from_xmlNode(assertion_xmlNode); - remote_providerID = lasso_node_get_attr_value(assertion_node, + providerID = lasso_node_get_attr_value(assertion_node, LASSO_SESSION_REMOTE_PROVIDERID_ATTR, &err); - if (remote_providerID != NULL) { + if (providerID != NULL) { assertion = lasso_node_get_child(assertion_node, "Assertion", NULL, /* lassoLibHRef, FIXME changed for SourceID */ &err); if (assertion != NULL) { - lasso_session_add_assertion(session, remote_providerID, assertion); + lasso_session_add_assertion(session, providerID, assertion); lasso_node_destroy(assertion); } else { @@ -439,7 +466,7 @@ lasso_session_new_from_dump(gchar *dump) message(G_LOG_LEVEL_CRITICAL, err->message); g_clear_error(&err); } - g_free(remote_providerID); + g_free(providerID); lasso_node_destroy(assertion_node); } assertion_xmlNode = assertion_xmlNode->next; diff --git a/lasso/id-ff/session.h b/lasso/id-ff/session.h index 5db2de44..2a1488c3 100644 --- a/lasso/id-ff/session.h +++ b/lasso/id-ff/session.h @@ -54,7 +54,10 @@ struct _LassoSession { gboolean is_dirty; /*< private >*/ - LassoSessionPrivate *private; + LassoSessionPrivate *private; /* Index of the current remote provider id in the providerIDs list */ + + gint index_providerID; + }; struct _LassoSessionClass { @@ -68,7 +71,7 @@ LASSO_EXPORT LassoSession* lasso_session_new ( LASSO_EXPORT LassoSession* lasso_session_new_from_dump (gchar *dump); LASSO_EXPORT gint lasso_session_add_assertion (LassoSession *session, - gchar *remote_providerID, + gchar *providerID, LassoNode *assertion); LASSO_EXPORT LassoSession* lasso_session_copy (LassoSession *session); @@ -78,15 +81,17 @@ LASSO_EXPORT void lasso_session_destroy ( LASSO_EXPORT gchar* lasso_session_dump (LassoSession *session); LASSO_EXPORT LassoNode* lasso_session_get_assertion (LassoSession *session, - gchar *remote_providerID); + gchar *providerID); LASSO_EXPORT gchar* lasso_session_get_authentication_method (LassoSession *session, - gchar *remote_providerID); + gchar *providerID); -LASSO_EXPORT gchar* lasso_session_get_next_assertion_remote_providerID (LassoSession *session); +LASSO_EXPORT gchar* lasso_session_get_next_providerID (LassoSession *session); LASSO_EXPORT gint lasso_session_remove_assertion (LassoSession *session, - gchar *remote_providerID); + gchar *providerID); + +LASSO_EXPORT gint lasso_session_reset_index_providerID (LassoSession *session); #ifdef __cplusplus } |