diff options
author | Valery Febvre <vfebvre at easter-eggs.com> | 2004-10-01 14:15:01 +0000 |
---|---|---|
committer | Valery Febvre <vfebvre at easter-eggs.com> | 2004-10-01 14:15:01 +0000 |
commit | ea852151af788860d0c39db668eed184d947bb1e (patch) | |
tree | 118f8fbbb0184a7f9d0f9041150557975aed8414 /lasso/id-ff | |
parent | 4d5c37e54dbbc730042ea3d249dec7ed8d74c4e0 (diff) | |
download | lasso-ea852151af788860d0c39db668eed184d947bb1e.tar.gz lasso-ea852151af788860d0c39db668eed184d947bb1e.tar.xz lasso-ea852151af788860d0c39db668eed184d947bb1e.zip |
Fixed a bug in lasso_login_ask_for_consent()
Some cases had been forgotten.
Diffstat (limited to 'lasso/id-ff')
-rw-r--r-- | lasso/id-ff/login.c | 152 |
1 files changed, 100 insertions, 52 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 46436f92..07d3c436 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -149,6 +149,82 @@ lasso_login_build_assertion(LassoLogin *login, } /** + * lasso_login_must_ask_for_consent_private: + * @login: a LassoLogin + * + * Evaluates if it is necessary to ask the consent of the Principal. + * This method doesn't take the isPassive value into account. + * + * Return value: TRUE or FALSE + **/ +static gboolean +lasso_login_must_ask_for_consent_private(LassoLogin *login) +{ + xmlChar *nameIDPolicy, *consent; + LassoFederation *federation = NULL; + gboolean ret = FALSE; + + nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE(login)->request, + "NameIDPolicy", lassoLibHRef, NULL); + + if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone) || nameIDPolicy == NULL) { + ret = FALSE; + } + else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) { + ret = FALSE; + } + else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated) || \ + xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeAny)) { + if (LASSO_PROFILE(login)->identity != NULL) { + federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity, + LASSO_PROFILE(login)->remote_providerID); + } + if (federation != NULL) { + ret = FALSE; + } + else { + consent = lasso_node_get_attr_value(LASSO_PROFILE(login)->request, + "consent", NULL); + if (consent != NULL) { + if (xmlStrEqual(consent, lassoLibConsentObtained) || \ + xmlStrEqual(consent, lassoLibConsentObtainedPrior) || \ + xmlStrEqual(consent, lassoLibConsentObtainedCurrentImplicit) || \ + xmlStrEqual(consent, lassoLibConsentObtainedCurrentExplicit)) { + ret = FALSE; + } + else if (xmlStrEqual(consent, lassoLibConsentUnavailable) || \ + xmlStrEqual(consent, lassoLibConsentInapplicable)) { + ret = TRUE; + } + else { + message(G_LOG_LEVEL_CRITICAL, "Unknown consent value : %s\n", consent); + /* we consider consent as empty if its value is unknown/invalid */ + ret = TRUE; + } + xmlFree(consent); + } + else { + /* no consent */ + ret = TRUE; + goto done; + } + } + } + else { + message(G_LOG_LEVEL_CRITICAL, "Unknown NameIDPolicy : %s\n", nameIDPolicy); + /* we consider NameIDPolicy as empty (none value) if its value is unknown/invalid */ + } + + done: + if (federation != NULL) { + lasso_federation_destroy(federation); + } + xmlFree(nameIDPolicy); + + return ret; +} + +/** * lasso_login_process_federation: * @login: a LassoLogin * @is_consent_obtained: is user consent obtained ? @@ -205,7 +281,7 @@ lasso_login_process_federation(LassoLogin *login, consent is necessary, it should be obtained via consent attribute in lib:AuthnRequest or IDP should ask the Principal */ - if (lasso_login_must_ask_for_consent(login) == TRUE && is_consent_obtained == FALSE) { + if (lasso_login_must_ask_for_consent_private(login) == TRUE && is_consent_obtained == FALSE) { if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeAny)) { /* if the NameIDPolicy element is 'any' and if the policy for the @@ -989,63 +1065,35 @@ lasso_login_init_request(LassoLogin *login, return ret; } +/** + * lasso_login_must_ask_for_consent_private: + * @login: a LassoLogin + * + * Evaluates if a consent must be ask to the Principal to federate him. + * + * Return value: TRUE or FALSE + **/ gboolean lasso_login_must_ask_for_consent(LassoLogin *login) { - xmlChar *nameIDPolicy, *consent; - LassoFederation *federation = NULL; - gboolean ret = FALSE; - - nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE(login)->request, - "NameIDPolicy", lassoLibHRef, NULL); - - if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone) || nameIDPolicy == NULL) { - goto done; - } - else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) { - goto done; - } - else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated) || \ - xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeAny)) { - if (LASSO_PROFILE(login)->identity != NULL) { - federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity, - LASSO_PROFILE(login)->remote_providerID); - } - if (federation != NULL) { - goto done; - } - else { - consent = lasso_node_get_attr_value(LASSO_PROFILE(login)->request, - "consent", NULL); - if (consent != NULL) { - if (xmlStrEqual(consent, lassoLibConsentObtained) || \ - xmlStrEqual(consent, lassoLibConsentObtainedPrior) || \ - xmlStrEqual(consent, lassoLibConsentObtainedCurrentImplicit) || \ - xmlStrEqual(consent, lassoLibConsentObtainedCurrentExplicit)) { - xmlFree(consent); - goto done; - } - else { - /* FIXME: what to do if consent value is inapplicable or unavailable ? */ - } - } - else { - ret = TRUE; - goto done; + xmlChar *content; + gboolean isPassive = TRUE; /* default value */ + gboolean ret = lasso_login_must_ask_for_consent_private(login); + + /* if must_ask_for_consent = TRUE we must return FALSE if isPassive is TRUE */ + if (ret == TRUE) { + content = lasso_node_get_child_content(LASSO_PROFILE(login)->request, "IsPassive", + NULL, NULL); + if (content != NULL) { + if (xmlStrEqual(content, "false") || xmlStrEqual(content, "0")) { + ret = FALSE; } + xmlFree(content); + } + if (isPassive == TRUE) { + ret = FALSE; } } - else { - message(G_LOG_LEVEL_CRITICAL, "Unknown NameIDPolicy : %s\n", nameIDPolicy); - /* NameIDPolicy is consider as empty (return FALSE) - if its value is unknown/invalid */ - } - - done: - if (federation != NULL) { - lasso_federation_destroy(federation); - } - xmlFree(nameIDPolicy); return ret; } |