diff options
| -rw-r--r-- | lasso/id-ff/login.c | 65 | ||||
| -rw-r--r-- | lasso/id-ff/login.h | 13 | ||||
| -rw-r--r-- | lasso/id-ff/profile_context.c | 23 | ||||
| -rw-r--r-- | lasso/id-ff/profile_context.h | 1 | ||||
| -rw-r--r-- | python/environs/py_logout.c | 21 | ||||
| -rw-r--r-- | python/environs/py_logout.h | 7 | ||||
| -rw-r--r-- | python/lassomod.c | 10 | ||||
| -rw-r--r-- | python/protocols/elements/py_authentication_statement.c | 34 | ||||
| -rw-r--r-- | python/protocols/py_authn_response.c | 91 | ||||
| -rw-r--r-- | python/protocols/py_authn_response.h | 7 | ||||
| -rwxr-xr-x | python/setup.py | 1 |
11 files changed, 113 insertions, 160 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index c7fb5400..fbb74d7a 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -22,14 +22,11 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include <lasso/protocols/request.h> -#include <lasso/protocols/response.h> +#include <lasso/environs/login.h> + #include <lasso/protocols/artifact.h> -#include <lasso/protocols/authn_response.h> #include <lasso/protocols/provider.h> -#include <lasso/environs/login.h> - /*****************************************************************************/ /* functions */ /*****************************************************************************/ @@ -83,6 +80,7 @@ lasso_login_add_response_assertion(LassoLogin *login, { xmlChar *providerID; LassoNode *assertion=NULL, *authentication_statement; + xmlChar *ni, *idp_ni; providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server)); assertion = lasso_assertion_new(providerID, @@ -91,6 +89,17 @@ lasso_login_add_response_assertion(LassoLogin *login, reauthenticateOnOrAfter, identity->remote_nameIdentifier, identity->local_nameIdentifier); + ni = lasso_node_get_child_content(LASSO_NODE(authentication_statement), "NameIdentifier", NULL); + idp_ni = lasso_node_get_child_content(LASSO_NODE(authentication_statement), "IDPProvidedNameIdentifier", NULL); + /* store NameIdentifier */ + if (xmlStrEqual(ni, idp_ni)) { + login->nameIdentifier = idp_ni; + xmlFree(ni); + } + else { + login->nameIdentifier = ni; + xmlFree(idp_ni); + } lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement)); lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), @@ -313,15 +322,15 @@ lasso_login_dump(LassoLogin *login) g_free(str); } - if (login->assertionArtifact != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "assertionArtifact", login->assertionArtifact, FALSE); - } - if (login->response_dump != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "response_dump", login->response_dump, FALSE); - } - if (login->msg_relayState != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "msg_relayState", login->msg_relayState, FALSE); - } +/* if (login->assertionArtifact != NULL) { */ +/* LASSO_NODE_GET_CLASS(node)->new_child(node, "assertionArtifact", login->assertionArtifact, FALSE); */ +/* } */ +/* if (login->response_dump != NULL) { */ +/* LASSO_NODE_GET_CLASS(node)->new_child(node, "response_dump", login->response_dump, FALSE); */ +/* } */ +/* if (login->msg_relayState != NULL) { */ +/* LASSO_NODE_GET_CLASS(node)->new_child(node, "msg_relayState", login->msg_relayState, FALSE); */ +/* } */ dump = lasso_node_export(node); lasso_node_destroy(node); @@ -478,7 +487,8 @@ lasso_login_handle_authn_response_msg(LassoLogin *login, LassoProvider *idp; gchar *statusCode_value; - LASSO_PROFILE_CONTEXT(login)->response = lasso_authn_response_new_from_export(authn_response_msg, 0); + LASSO_PROFILE_CONTEXT(login)->response = lasso_authn_response_new_from_export(authn_response_msg, + lassoNodeExportTypeBase64); assertion = lasso_node_get_child(LASSO_PROFILE_CONTEXT(login)->response, "Assertion", lassoLibHRef); @@ -566,8 +576,9 @@ lasso_login_instance_init(LassoLogin *login) { login->protocolProfile = 0; login->assertionArtifact = NULL; - login->msg_relayState = NULL; + login->nameIdentifier = NULL; login->response_dump = NULL; + login->msg_relayState = NULL; } static void @@ -611,3 +622,25 @@ lasso_login_new(LassoServer *server, return (login); } + +LassoProfileContext* +lasso_login_new_from_dump(LassoServer *server, + LassoUser *user, + gchar *dump) +{ + LassoProfileContext *login; + LassoNode *node_dump; + + login = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_LOGIN, + "server", server, + "user", user, + NULL)); + + node_dump = lasso_node_new_from_dump(dump); + login->remote_providerID = lasso_node_get_child_content(node_dump, "RemoteProviderID", NULL); + login->request = NULL; + + lasso_node_destroy(node_dump); + + return (login); +} diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h index c6849f6c..3ea7de34 100644 --- a/lasso/id-ff/login.h +++ b/lasso/id-ff/login.h @@ -56,12 +56,13 @@ typedef enum { struct _LassoLogin { LassoProfileContext parent; /*< public >*/ - gint protocolProfile; - gchar *assertionArtifact; + lassoLoginProtocolProfiles protocolProfile; + gchar *assertionArtifact; + gchar *nameIdentifier; - gchar *response_dump; + gchar *response_dump; - gchar *msg_relayState; + gchar *msg_relayState; /*< private >*/ }; @@ -74,6 +75,10 @@ LASSO_EXPORT GType lasso_login_get_type (void) LASSO_EXPORT LassoProfileContext* lasso_login_new (LassoServer *server, LassoUser *user); +LASSO_EXPORT LassoProfileContext* lasso_login_new_from_dump (LassoServer *server, + LassoUser *user, + gchar *dump); + LASSO_EXPORT gint lasso_login_build_artifact_msg (LassoLogin *login, gint authentication_result, const gchar *authenticationMethod, diff --git a/lasso/id-ff/profile_context.c b/lasso/id-ff/profile_context.c index 5bc8faf0..d6dfc820 100644 --- a/lasso/id-ff/profile_context.c +++ b/lasso/id-ff/profile_context.c @@ -41,6 +41,8 @@ lasso_profile_context_dump(LassoProfileContext *ctx, const gchar *name) { LassoNode *node; +/* xmlDocPtr doc = NULL; */ +/* xmlNodePtr cdata, data; */ gchar *child_dump, *dump = NULL; node = lasso_node_new(); @@ -50,6 +52,7 @@ lasso_profile_context_dump(LassoProfileContext *ctx, else { LASSO_NODE_GET_CLASS(node)->set_name(node, "LassoProfileContext"); } + //LASSO_NODE_GET_CLASS(node)->set_ns(node, lassoLibHRef, lassoLibPrefix); if (ctx->request != NULL) { LASSO_NODE_GET_CLASS(node)->add_child(node, ctx->request, FALSE); @@ -59,15 +62,21 @@ lasso_profile_context_dump(LassoProfileContext *ctx, } if (ctx->remote_providerID != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "remote_providerID", ctx->remote_providerID, FALSE); + LASSO_NODE_GET_CLASS(node)->new_child(node, "RemoteProviderID", + ctx->remote_providerID, FALSE); } - if (ctx->msg_url != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "msg_url", lasso_str_escape(ctx->msg_url), FALSE); - } - if (ctx->msg_body != NULL) { - LASSO_NODE_GET_CLASS(node)->new_child(node, "msg_body", lasso_str_escape(ctx->msg_body), FALSE); - } +/* if (ctx->msg_url != NULL) { */ +/* doc = xmlNewDoc("1.0"); */ +/* data = xmlNewNode(NULL, "data"); */ +/* xmlNewNs(data, lassoLibHRef, NULL); */ +/* cdata = xmlNewCDataBlock(doc, ctx->msg_url, strlen(ctx->msg_url)); */ +/* xmlAddChild(data, cdata); */ +/* xmlAddChild(LASSO_NODE_GET_CLASS(node)->get_xmlNode(node), data); */ +/* } */ +/* if (ctx->msg_body != NULL) { */ +/* LASSO_NODE_GET_CLASS(node)->new_child(node, "msg_body", lasso_str_escape(ctx->msg_body), FALSE); */ +/* } */ dump = lasso_node_export(node); lasso_node_destroy(node); diff --git a/lasso/id-ff/profile_context.h b/lasso/id-ff/profile_context.h index 97c24bd3..6d74bae7 100644 --- a/lasso/id-ff/profile_context.h +++ b/lasso/id-ff/profile_context.h @@ -51,6 +51,7 @@ typedef enum { lassoHttpMethodGet = 1, lassoHttpMethodPost, lassoHttpMethodRedirect, + lassoHttpMethodSoap, } lassoHttpMethods; typedef enum { diff --git a/python/environs/py_logout.c b/python/environs/py_logout.c index ac565552..0382b1b3 100644 --- a/python/environs/py_logout.c +++ b/python/environs/py_logout.c @@ -95,6 +95,7 @@ PyObject *logout_build_response_msg(PyObject *self, PyObject *args) { PyObject *logout_init_request(PyObject *self, PyObject *args) { PyObject *logout_obj; gchar *remote_providerID; + gint codeError; if (CheckArgs(args, "OS:logout_init_request")) { if(!PyArg_ParseTuple(args, (char *) "Os:logout_init_request", @@ -103,41 +104,43 @@ PyObject *logout_init_request(PyObject *self, PyObject *args) { } else return NULL; - codeError = logout_init_request(LassoLogout_get(logout_obj), remote_providerID); + codeError = lasso_logout_init_request(LassoLogout_get(logout_obj), remote_providerID); return(int_wrap(codeError)); } -PyObject *logout_handle_request(PyObject *self, PyObject *args) { +PyObject *logout_handle_request_msg(PyObject *self, PyObject *args) { PyObject *logout_obj; gchar *request_msg; gint request_method; + gint codeError; - if (CheckArgs(args, "OSI:logout_handle_request")) { - if(!PyArg_ParseTuple(args, (char *) "Osi:logout_handle_request", + if (CheckArgs(args, "OSI:logout_handle_request_msg")) { + if(!PyArg_ParseTuple(args, (char *) "Osi:logout_handle_request_msg", &logout_obj, &request_msg, &request_method)) return NULL; } else return NULL; - codeError = logout_init_request(LassoLogout_get(logout_obj), request_msg, request_method); + codeError = lasso_logout_handle_request_msg(LassoLogout_get(logout_obj), request_msg, request_method); return(int_wrap(codeError)); } -PyObject *logout_handle_response(PyObject *self, PyObject *args) { +PyObject *logout_handle_response_msg(PyObject *self, PyObject *args) { PyObject *logout_obj; gchar *response_msg; gint response_method; + gint codeError; - if (CheckArgs(args, "OSI:logout_handle_response")) { - if(!PyArg_ParseTuple(args, (char *) "Osi:logout_handle_response", + if (CheckArgs(args, "OSI:logout_handle_response_msg")) { + if(!PyArg_ParseTuple(args, (char *) "Osi:logout_handle_response_msg", &logout_obj, &response_msg, &response_method)) return NULL; } else return NULL; - codeError = logout_init_request(LassoLogout_get(logout_obj), response_msg, response_method); + codeError = lasso_logout_handle_response_msg(LassoLogout_get(logout_obj), response_msg, response_method); return(int_wrap(codeError)); } diff --git a/python/environs/py_logout.h b/python/environs/py_logout.h index 9bd8e5b6..20806913 100644 --- a/python/environs/py_logout.h +++ b/python/environs/py_logout.h @@ -28,6 +28,9 @@ #include <lasso/environs/logout.h> +#include "py_server.h" +#include "py_user.h" + typedef struct { PyObject_HEAD LassoLogout *obj; @@ -40,7 +43,7 @@ PyObject *logout_new(PyObject *self, PyObject *args); PyObject *logout_build_request_msg(PyObject *self, PyObject *args); PyObject *logout_build_response_msg(PyObject *self, PyObject *args); PyObject *logout_init_request(PyObject *self, PyObject *args); -PyObject *logout_handle_request(PyObject *self, PyObject *args) -PyObject *logout_handle_response(PyObject *self, PyObject *args); +PyObject *logout_handle_request_msg(PyObject *self, PyObject *args); +PyObject *logout_handle_response_msg(PyObject *self, PyObject *args); #endif /* __PYLASSO_PY_LOGOUT_H__ */ diff --git a/python/lassomod.c b/python/lassomod.c index feec7cec..21fa9c9d 100644 --- a/python/lassomod.c +++ b/python/lassomod.c @@ -141,13 +141,7 @@ static PyMethodDef lasso_methods[] = { {"authn_request_get_protocolProfile", authn_request_get_protocolProfile, METH_VARARGS}, /* py_authn_response.h */ - {"authn_response_getattr", authn_response_getattr, METH_VARARGS}, - {"authn_response_new_from_dump", authn_response_new_from_dump, METH_VARARGS}, {"authn_response_new_from_export", authn_response_new_from_export, METH_VARARGS}, - //{"authn_response_new_from_request_query", authn_response_new_from_request_query, METH_VARARGS}, - {"authn_response_must_authenticate", authn_response_must_authenticate, METH_VARARGS}, - {"authn_response_process_authentication_result", authn_response_process_authentication_result, METH_VARARGS}, - {"authn_response_verify_signature", authn_response_verify_signature, METH_VARARGS}, /* py_federation_termination_notification.h */ {"federation_termination_notification_new", federation_termination_notification_new, METH_VARARGS}, @@ -216,8 +210,8 @@ static PyMethodDef lasso_methods[] = { {"logout_build_request_msg", logout_build_request_msg, METH_VARARGS}, {"logout_build_response_msg", logout_build_response_msg, METH_VARARGS}, {"logout_init_request", logout_init_request, METH_VARARGS}, - {"logout_handle_request", logout_handle_request, METH_VARARGS}, - {"logout_handle_response", logout_handle_response, METH_VARARGS}, + {"logout_handle_request_msg", logout_handle_request_msg, METH_VARARGS}, + {"logout_handle_response_msg", logout_handle_response_msg, METH_VARARGS}, /* py_server.h */ {"server_new", server_new, METH_VARARGS}, diff --git a/python/protocols/elements/py_authentication_statement.c b/python/protocols/elements/py_authentication_statement.c index acef02dc..4e7e8946 100644 --- a/python/protocols/elements/py_authentication_statement.c +++ b/python/protocols/elements/py_authentication_statement.c @@ -25,6 +25,7 @@ #include "../../lassomod.h" +#include "../../xml/py_saml_name_identifier.h" #include "py_authentication_statement.h" PyObject *LassoAuthenticationStatement_wrap(LassoAuthenticationStatement *statement) { @@ -42,30 +43,29 @@ PyObject *LassoAuthenticationStatement_wrap(LassoAuthenticationStatement *statem /******************************************************************************/ PyObject *authentication_statement_new(PyObject *self, PyObject *args) { + PyObject *identifier_obj, *idp_identifier_obj; const xmlChar *authenticationMethod; const xmlChar *reauthenticateOnOrAfter; - xmlChar *nameIdentifier; - const xmlChar *nameQualifier; - const xmlChar *format; - xmlChar *idp_nameIdentifier; - const xmlChar *idp_nameQualifier; - const xmlChar *idp_format; + LassoSamlNameIdentifier *identifier=NULL, *idp_identifier; LassoNode *statement; - if(!PyArg_ParseTuple(args, (char *) "ssssssss:authentication_statement_new", - &authenticationMethod, &reauthenticateOnOrAfter, - &nameIdentifier, &nameQualifier, &format, - &idp_nameIdentifier, &idp_nameQualifier, &idp_format)) - return NULL; + if (CheckArgs(args, "SSoO:authentication_statement_new")) { + if(!PyArg_ParseTuple(args, (char *) "ssOO:authentication_statement_new", + &authenticationMethod, &reauthenticateOnOrAfter, + &identifier_obj, &idp_identifier_obj)) + return NULL; + } + else return NULL; + + if (identifier_obj != Py_None) { + identifier = LassoSamlNameIdentifier_get(identifier_obj); + } + idp_identifier = LassoSamlNameIdentifier_get(idp_identifier_obj); statement = lasso_authentication_statement_new(authenticationMethod, reauthenticateOnOrAfter, - nameIdentifier, - nameQualifier, - format, - idp_nameIdentifier, - idp_nameQualifier, - idp_format); + identifier, + idp_identifier); return (LassoAuthenticationStatement_wrap(LASSO_AUTHENTICATION_STATEMENT(statement))); } diff --git a/python/protocols/py_authn_response.c b/python/protocols/py_authn_response.c index 77471893..52315ae3 100644 --- a/python/protocols/py_authn_response.c +++ b/python/protocols/py_authn_response.c @@ -27,7 +27,6 @@ #include "../xml/py_xml.h" #include "py_authn_response.h" -#include "py_authn_request.h" /******************************************************************************/ /* LassoAuthnResponse */ @@ -47,28 +46,12 @@ PyObject *LassoAuthnResponse_wrap(LassoAuthnResponse *response) { /******************************************************************************/ -PyObject *authn_response_new_from_dump(PyObject *self, PyObject *args) { - xmlChar *buffer; - LassoNode *response; - - if (CheckArgs(args, "S:authn_response_new_from_dump")) { - if(!PyArg_ParseTuple(args, (char *) "s:authn_response_new_from_dump", - &buffer)) - return NULL; - } - else return NULL; - - response = lasso_authn_response_new_from_dump(buffer); - - return (LassoAuthnResponse_wrap(LASSO_AUTHN_RESPONSE(response))); -} - PyObject *authn_response_new_from_export(PyObject *self, PyObject *args) { xmlChar *buffer; gint type; LassoNode *response; - if (CheckArgs(args, "Si:authn_response_new_from_export")) { + if (CheckArgs(args, "SI:authn_response_new_from_export")) { if(!PyArg_ParseTuple(args, (char *) "si:authn_response_new_from_export", &buffer, &type)) return NULL; @@ -79,75 +62,3 @@ PyObject *authn_response_new_from_export(PyObject *self, PyObject *args) { return (LassoAuthnResponse_wrap(LASSO_AUTHN_RESPONSE(response))); } - -PyObject *authn_response_new_from_request_query(PyObject *self, PyObject *args) { - xmlChar *query = NULL; - const xmlChar *providerID = NULL; - LassoNode *response; - - if (CheckArgs(args, "ss:authn_response_new_from_request_query")) { - if(!PyArg_ParseTuple(args, (char *) "zz:authn_response_new_from_request_query", - &query, &providerID)) - return NULL; - } - else return NULL; - - response = lasso_authn_response_new_from_request_query(query, providerID); - - return (LassoAuthnResponse_wrap(LASSO_AUTHN_RESPONSE(response))); -} - -PyObject *authn_response_must_authenticate(PyObject *self, PyObject *args) { - PyObject *response_obj; - gboolean is_authenticated; - gboolean ret; - - if (CheckArgs(args, "OI:authn_response_must_authenticate")) { - if(!PyArg_ParseTuple(args, (char *) "Oi:authn_response_must_authenticate", - &response_obj, &is_authenticated)) - return NULL; - } - else return NULL; - - ret = lasso_authn_response_must_authenticate(LassoAuthnResponse_get(response_obj), - is_authenticated); - - return (int_wrap(ret)); -} - -PyObject *authn_response_process_authentication_result(PyObject *self, PyObject *args) { - PyObject *response_obj; - gboolean authentication_result; - - if (CheckArgs(args, "OI:authn_response_process_authentication_result")) { - if(!PyArg_ParseTuple(args, (char *) "Oi:authn_response_process_authentication_result", - &response_obj, &authentication_result)) - return NULL; - } - else return NULL; - - lasso_authn_response_process_authentication_result(LassoAuthnResponse_get(response_obj), - authentication_result); - - Py_INCREF(Py_None); - return (Py_None); -} - -PyObject *authn_response_verify_signature(PyObject *self, PyObject *args) { - PyObject *response_obj; - xmlChar *public_key_file; - xmlChar *private_key_file; - gboolean ret; - - if (CheckArgs(args, "OSS:authn_response_verify_signature")) { - if(!PyArg_ParseTuple(args, (char *) "Oss:authn_response_verify_signature", - &response_obj, &public_key_file, &private_key_file)) - return NULL; - } - else return NULL; - - ret = lasso_authn_response_verify_signature(LassoAuthnResponse_get(response_obj), - public_key_file, private_key_file); - - return (int_wrap(ret)); -} diff --git a/python/protocols/py_authn_response.h b/python/protocols/py_authn_response.h index f11a9638..be21a522 100644 --- a/python/protocols/py_authn_response.h +++ b/python/protocols/py_authn_response.h @@ -27,7 +27,6 @@ #define __PYLASSO_PY_AUTHN_RESPONSE_H__ #include <lasso/protocols/authn_response.h> -#include "elements/py_assertion.h" typedef struct { PyObject_HEAD @@ -37,12 +36,6 @@ typedef struct { #define LassoAuthnResponse_get(v) (((v) == Py_None) ? NULL : (((LassoAuthnResponse_object *)(PyObject_GetAttr(v, PyString_FromString("_o"))))->obj)) PyObject *LassoAuthnResponse_wrap(LassoAuthnResponse *response); -PyObject *authn_response_getattr(PyObject *self, PyObject *args); -PyObject *authn_response_new_from_dump(PyObject *self, PyObject *args); PyObject *authn_response_new_from_export(PyObject *self, PyObject *args); -//PyObject *authn_response_new_from_request_query(PyObject *self, PyObject *args); -PyObject *authn_response_must_authenticate(PyObject *self, PyObject *args); -PyObject *authn_response_process_authentication_result(PyObject *self, PyObject *args); -PyObject *authn_response_verify_signature(PyObject *self, PyObject *args); #endif /* __PYLASSO_PY_AUTHN_RESPONSE_H__ */ diff --git a/python/setup.py b/python/setup.py index a1965bc6..ba1cf784 100755 --- a/python/setup.py +++ b/python/setup.py @@ -217,6 +217,7 @@ em = Extension("lassomod", "protocols/elements/py_assertion.c", "protocols/elements/py_authentication_statement.c", "environs/py_login.c", + "environs/py_logout.c", "environs/py_server.c", "environs/py_user.c", "lassomod.c", |