diff options
| author | Valery Febvre <vfebvre at easter-eggs.com> | 2004-08-10 00:13:27 +0000 |
|---|---|---|
| committer | Valery Febvre <vfebvre at easter-eggs.com> | 2004-08-10 00:13:27 +0000 |
| commit | b06cb80fb55fd6976e086fdf8f290f6f539d0534 (patch) | |
| tree | 41c6b99a6553113e4c53e0b74c8b927760ab670a /lasso | |
| parent | 0c7afc17e6260ea52c6ebf19d06788e5ba8d9852 (diff) | |
| download | lasso-b06cb80fb55fd6976e086fdf8f290f6f539d0534.tar.gz lasso-b06cb80fb55fd6976e086fdf8f290f6f539d0534.tar.xz lasso-b06cb80fb55fd6976e086fdf8f290f6f539d0534.zip | |
Fixed a bug in lasso_login_process_authn_response_msg() method
Diffstat (limited to 'lasso')
| -rw-r--r-- | lasso/id-ff/login.c | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index b291769b..b4516d16 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -275,20 +275,38 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { "Assertion", lassoLibHRef, &err); - idp = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server, - LASSO_PROFILE(login)->remote_providerID); if (assertion != NULL) { + if (LASSO_PROFILE(login)->remote_providerID != NULL) { + idp = lasso_server_get_provider_ref(LASSO_PROFILE(login)->server, + LASSO_PROFILE(login)->remote_providerID); + } + else { + debug("remote ProviderID is NULL => Impossible to get IDP and verify response signature\n"); + } /* verify signature */ - if (idp->ca_certificate != NULL) { - signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate, &err); - if (signature_check < 0) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_clear_error(&err); - /* we continue */ + if (idp != NULL) { + if (idp->ca_certificate != NULL) { + signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate, &err); + if (signature_check < 0) { + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_clear_error(&err); + /* we continue */ + } + } + else { + message(G_LOG_LEVEL_CRITICAL, "Failed to verify Response signature, Idp CA certificate is NULL\n"); + ret = -1; + goto done; } } + else { + message(G_LOG_LEVEL_CRITICAL, "Failed to get Idp with ProviderID = %s\n", + LASSO_PROFILE(login)->remote_providerID); + ret = -1; + goto done; + } /* store NameIdentifier */ LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err); @@ -953,11 +971,26 @@ gint lasso_login_process_authn_response_msg(LassoLogin *login, gchar *authn_response_msg) { + gint ret1 = 0, ret2 = 0; + GError *err = NULL; + LASSO_PROFILE(login)->response = lasso_authn_response_new_from_export(authn_response_msg, lassoNodeExportTypeBase64); LASSO_PROFILE(login)->response_type = lassoMessageTypeAuthnResponse; - return (lasso_login_process_response_status_and_assertion(login)); + LASSO_PROFILE(login)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE(login)->response, + "ProviderID", + lassoLibHRef, + &err); + if (LASSO_PROFILE(login)->remote_providerID == NULL) { + message(G_LOG_LEVEL_CRITICAL, err->message); + ret1 = err->code; + g_error_free(err); + } + + ret2 = lasso_login_process_response_status_and_assertion(login); + + return (ret2 == 0 ? ret1 : ret2); } gint |