diff options
| -rw-r--r-- | lasso/errors.c | 3 | ||||
| -rw-r--r-- | lasso/errors.h | 8 | ||||
| -rw-r--r-- | lasso/id-ff/identity.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 13 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 25 | ||||
| -rw-r--r-- | lasso/id-ff/name_registration.c | 26 | ||||
| -rw-r--r-- | lasso/id-ff/profile.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/provider.c | 2 | ||||
| -rw-r--r-- | lasso/xml/xml.c | 2 |
10 files changed, 43 insertions, 44 deletions
diff --git a/lasso/errors.c b/lasso/errors.c index 0e91c5d6..36ab2b03 100644 --- a/lasso/errors.c +++ b/lasso/errors.c @@ -182,6 +182,9 @@ lasso_strerror(int error_code) case LASSO_SOAP_FAULT_REDIRECT_REQUEST: return "Redirect request from Attribute Provider"; + case LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_NAMESPACE: + return "Target name space not found"; + default: return "Error"; } diff --git a/lasso/errors.h b/lasso/errors.h index 321b07fa..cd51c786 100644 --- a/lasso/errors.h +++ b/lasso/errors.h @@ -34,7 +34,8 @@ #define LASSO_XML_ERROR_NODE_CONTENT_NOT_FOUND -11 #define LASSO_XML_ERROR_ATTR_NOT_FOUND -12 #define LASSO_XML_ERROR_ATTR_VALUE_NOT_FOUND -13 -#define LASSO_XML_ERROR_INVALID_FILE -14 +#define LASSO_XML_ERROR_INVALID_FILE -14 +#define LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED -15 /* XMLDSig */ #define LASSO_DS_ERROR_SIGNATURE_NOT_FOUND 101 @@ -122,3 +123,8 @@ /* Soap */ #define LASSO_SOAP_FAULT_REDIRECT_REQUEST 800 + +/* Name Identifier Mapping */ +#define LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_NAMESPACE -900 +#define LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE -901 + diff --git a/lasso/id-ff/identity.c b/lasso/id-ff/identity.c index 89531c07..8419ab5e 100644 --- a/lasso/id-ff/identity.c +++ b/lasso/id-ff/identity.c @@ -91,7 +91,7 @@ gint lasso_identity_remove_federation(LassoIdentity *identity, const char *providerID) { if (g_hash_table_remove(identity->federations, providerID) == FALSE) { - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND; } identity->is_dirty = TRUE; return 0; diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index 014811fe..7850015e 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -61,8 +61,7 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) } if (profile->request == NULL) { - message(G_LOG_LEVEL_CRITICAL, "AuthnRequest not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_REQUEST; } lecp->authnRequestEnvelope = lasso_lib_authn_request_envelope_new_full( @@ -91,9 +90,7 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) xmlFreeNode(msg); if (profile->msg_body == NULL) { - message(G_LOG_LEVEL_CRITICAL, - "Error while exporting the AuthnRequestEnvelope to POST msg"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED; } return 0; @@ -188,8 +185,7 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp) profile = LASSO_PROFILE(lecp); if (LASSO_IS_LIB_AUTHN_RESPONSE(profile->response) == FALSE) { - message(G_LOG_LEVEL_CRITICAL, "AuthnResponse not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_RESPONSE; } provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); @@ -367,8 +363,7 @@ lasso_lecp_process_authn_response_envelope_msg(LassoLecp *lecp, const char *resp profile->response = g_object_ref(lecp->authnResponseEnvelope->AuthnResponse); if (profile->response == NULL) { - message(G_LOG_LEVEL_CRITICAL, "AuthnResponse not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_RESPONSE; } lecp->assertionConsumerServiceURL = g_strdup( diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 6366c468..7e675220 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -1288,12 +1288,12 @@ lasso_login_init_request(LassoLogin *login, gchar *response_msg, i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 43); if (i < 0 || i > 42) { g_free(artifact_b64); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED; } if (artifact[0] != 0 || artifact[1] != 3) { /* wrong type code */ g_free(artifact_b64); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED; } memcpy(provider_succinct_id, artifact+2, 20); diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 25563daa..55ad69b2 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -76,7 +76,7 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp if (remote_provider->role != LASSO_PROVIDER_ROLE_IDP) { message(G_LOG_LEVEL_CRITICAL, "Build request msg method is forbidden at IDP"); - return LASSO_ERROR_UNDEFINED; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE; } profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); @@ -145,7 +145,7 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map if (remote_provider->role != LASSO_PROVIDER_ROLE_SP) { message(G_LOG_LEVEL_CRITICAL, "Build response msg method is forbidden at SP"); - return LASSO_ERROR_UNDEFINED; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE; } /* verify the provider type is a service provider type */ @@ -220,7 +220,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping, } if (remote_provider->role != LASSO_PROVIDER_ROLE_IDP) { message(G_LOG_LEVEL_CRITICAL, "Init request method is forbidden for an IDP"); - return LASSO_ERROR_UNDEFINED; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE; } /* get federation */ @@ -363,7 +363,7 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } - response = LASSO_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response); + response = LASSO_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response); remote_provider = g_hash_table_lookup(profile->server->providers, response->ProviderID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { @@ -379,8 +379,7 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m statusCodeValue = response->Status->StatusCode->Value; if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { - message(G_LOG_LEVEL_CRITICAL, "%s", statusCodeValue); - return LASSO_ERROR_UNDEFINED; /* this function is never used, don't take care */ + return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS; } /* Set the target name identifier */ @@ -427,13 +426,13 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi if (remote_provider->role != LASSO_PROVIDER_ROLE_SP) { message(G_LOG_LEVEL_CRITICAL, "Build request msg method is forbidden at SP"); - return LASSO_ERROR_UNDEFINED; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_FORBIDDEN_CALL_ON_THIS_SIDE; } /* verify request attribute of mapping is a name identifier mapping request */ if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Invalid NameIdentifierMappingRequest"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_REQUEST; } if (profile->http_request_method != LASSO_HTTP_METHOD_SOAP) { @@ -480,21 +479,19 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi if (nameIdentifier == NULL) { lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL); - message(G_LOG_LEVEL_CRITICAL, "Name identifier of federation not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND; } /* get the federation of the target name space and his name identifier */ if (request->TargetNamespace == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Target name space not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_NAMESPACE; } federation = g_hash_table_lookup(profile->identity->federations, request->TargetNamespace); if (LASSO_IS_FEDERATION(federation) == FALSE) { lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); message(G_LOG_LEVEL_CRITICAL, "Target name space federation not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND; } targetNameIdentifier = LASSO_SAML_NAME_IDENTIFIER(federation->remote_nameIdentifier); @@ -507,7 +504,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi "Name identifier for target name space federation not found"); lasso_profile_set_response_status(profile, LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND; } LASSO_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response)->NameIdentifier = diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index ec145a12..1492c482 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -287,8 +287,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, } else { /* if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) { */ /* Initiating it, from an IdP */ if (federation->local_nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Local name identifier not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND; } oldNameIdentifier = g_object_ref(federation->local_nameIdentifier); @@ -308,8 +307,8 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, } if (oldNameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Invalid provider type"); - return LASSO_ERROR_UNDEFINED; + message(G_LOG_LEVEL_CRITICAL, "Invalid provider type"); /* ??? */ + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } if (http_method == LASSO_HTTP_METHOD_ANY) { @@ -477,8 +476,8 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr statusCodeValue = LASSO_LIB_STATUS_RESPONSE(profile->response)->Status->StatusCode->Value; if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) { - message(G_LOG_LEVEL_CRITICAL, "%s", statusCodeValue); - return LASSO_ERROR_UNDEFINED; + message(G_LOG_LEVEL_CRITICAL, "Status code not success: %s", statusCodeValue); + return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS; } /* Update federation with the nameIdentifier attribute. NameQualifier @@ -508,8 +507,8 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr profile->request)->SPProvidedNameIdentifier; } if (nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Invalid provider role"); - return LASSO_ERROR_UNDEFINED; + message(G_LOG_LEVEL_CRITICAL, "Invalid provider role"); /* ??? */ + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } if (federation->local_nameIdentifier) @@ -552,7 +551,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio /* verify the register name identifier request */ if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "Register Name Identifier request not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_REQUEST; } request = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request); @@ -560,8 +559,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio /* set the remote provider id from the request */ profile->remote_providerID = g_strdup(request->ProviderID); if (profile->remote_providerID == NULL) { - message(G_LOG_LEVEL_CRITICAL, "No provider id found in name registration request"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID; } /* set register name identifier response */ @@ -589,13 +587,13 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio if (request->OldProvidedNameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Old provided name identifier not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } if (lasso_federation_verify_name_identifier(federation, LASSO_NODE( request->OldProvidedNameIdentifier)) == FALSE) { message(G_LOG_LEVEL_CRITICAL, "No name identifier"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } remote_provider = g_hash_table_lookup(profile->server->providers, @@ -613,7 +611,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio } if (providedNameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, "Sp provided name identifier not found"); - return LASSO_ERROR_UNDEFINED; + return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER; } if (federation->remote_nameIdentifier) diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c index be6a28a6..dce0de9e 100644 --- a/lasso/id-ff/profile.c +++ b/lasso/id-ff/profile.c @@ -435,7 +435,7 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) parent_class->init_from_xml(node, xmlnode); if (xmlnode == NULL) - return LASSO_ERROR_UNDEFINED; + return LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED; t = xmlnode->children; while (t) { diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index 92f38d63..ffde4132 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -421,7 +421,7 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) parent_class->init_from_xml(node, xmlnode); if (xmlnode == NULL) - return LASSO_ERROR_UNDEFINED; + return LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED; s = xmlGetProp(xmlnode, (xmlChar*)"ProviderRole"); if (s && strcmp((char*)s, "SP") == 0) diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 915377bb..fc99ec9f 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -755,7 +755,7 @@ lasso_node_init_from_xml(LassoNode *node, xmlNode *xmlnode) { LassoNodeClass *class; - g_return_val_if_fail(LASSO_IS_NODE(node), -1); + g_return_val_if_fail(LASSO_IS_NODE(node), LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED); class = LASSO_NODE_GET_CLASS(node); return class->init_from_xml(node, xmlnode); |