diff options
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/id-ff/defederation.c | 6 | ||||
-rw-r--r-- | lasso/id-ff/login.c | 1 | ||||
-rw-r--r-- | lasso/id-ff/logout.c | 11 | ||||
-rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 1 | ||||
-rw-r--r-- | lasso/id-ff/name_registration.c | 1 | ||||
-rw-r--r-- | lasso/id-ff/profile.c | 33 | ||||
-rw-r--r-- | lasso/id-ff/profile.h | 7 | ||||
-rw-r--r-- | lasso/xml/errors.h | 2 |
8 files changed, 50 insertions, 12 deletions
diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c index 6d7150ec..4b61771e 100644 --- a/lasso/id-ff/defederation.c +++ b/lasso/id-ff/defederation.c @@ -365,13 +365,12 @@ lasso_defederation_init_notification(LassoDefederation *defederation, * from the SOAP message and optionaly verify the signature. * * if it is a HTTP-Redirect notification method then it builds the federation termination notication - * object from the QUERY message and optionaly verify the signature. If an error occurs, - * then it returns the code error LASSO_PROFILE_ERROR_INVALID_QUERY. + * object from the QUERY message and optionaly verify the signature. * * Set the msg_nameIdentifier attribute with the NameIdentifier content of the notification object and * optionaly set the msg_relayState attribute with the RelayState content of the notifcation object * - * Return value: 0 if OK else LASSO_PROFILE_ERROR_INVALID_QUERY or < 0 + * Return value: 0 on success or a negative value otherwise. **/ gint lasso_defederation_process_notification_msg(LassoDefederation *defederation, @@ -400,6 +399,7 @@ lasso_defederation_process_notification_msg(LassoDefederation *defederation, debug("Build a federation termination notification from query msg\n"); profile->request = lasso_federation_termination_notification_new_from_export(notification_msg, lassoNodeExportTypeQuery); if (LASSO_IS_FEDERATION_TERMINATION_NOTIFICATION(profile->request) == FALSE) { + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); ret = LASSO_PROFILE_ERROR_INVALID_QUERY; goto done; } diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 891196e5..56b3d6e0 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -1268,6 +1268,7 @@ lasso_login_process_authn_request_msg(LassoLogin *login, LASSO_PROFILE(login)->request = lasso_authn_request_new_from_export(authn_request_msg, lassoNodeExportTypeQuery); if (LASSO_PROFILE(login)->request == NULL) { + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); return LASSO_PROFILE_ERROR_INVALID_QUERY; } break; diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index edeb12ce..3ef23636 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -580,13 +580,12 @@ lasso_logout_init_request(LassoLogout *logout, * from the SOAP message and optionaly verifies the signature of the logout request. * * if it is a HTTP-Redirect request method then it builds the logout request object - * from the QUERY message and verify the signature. If there is an error while parsing the query, - * then returns the code error LASSO_PROFILE_ERROR_INVALID_QUERY. + * from the QUERY message and verify the signature. * * Saves the HTTP request method. * Saves the name identifier. * - * Return value: 0 if OK else LASSO_PROFILE_ERROR_INVALID_QUERY or < 0 + * Return value: 0 on success or a negative value otherwise. **/ gint lasso_logout_process_request_msg(LassoLogout *logout, gchar *request_msg, @@ -640,6 +639,7 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, lassoNodeExportTypeQuery); /* if problem while rebuilding the response, then return invalid query code error */ if (LASSO_IS_LOGOUT_REQUEST(profile->request) == FALSE) { + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); ret = LASSO_PROFILE_ERROR_INVALID_QUERY; goto done; } @@ -673,9 +673,7 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, * @response_msg: the response message * @response_method: the response method * - * Parses the response message and builds the response object : - * if there is an error while parsing the HTTP Redirect / GET message, - * then returns a LASSO_PROFILE_ERROR_INVALID_QUERY code error. + * Parses the response message and builds the response object. * Get the status code value : * if it is not success, then if the local provider is a Service Provider and response method is SOAP, * then builds a new logout request message for HTTP Redirect / GET method and returns the code error @@ -722,6 +720,7 @@ lasso_logout_process_response_msg(LassoLogout *logout, profile->response = lasso_logout_response_new_from_export(response_msg, lassoNodeExportTypeQuery); /* if problem while rebuilding the response, then return invalid query code error */ if (LASSO_IS_LOGOUT_RESPONSE(profile->response) == FALSE) { + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); ret = LASSO_PROFILE_ERROR_INVALID_QUERY; goto done; } diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 28bcc8f5..48baafc9 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -290,6 +290,7 @@ lasso_name_identifier_mapping_process_request_msg(LassoNameIdentifierMapping *ma switch(request_method){ case lassoHttpMethodRedirect: + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); ret = LASSO_PROFILE_ERROR_INVALID_QUERY; goto done; break; diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index a7c5557c..d0bc93cd 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -514,6 +514,7 @@ gint lasso_name_registration_process_request_msg(LassoNameRegistration *name_reg case lassoHttpMethodRedirect: profile->request = lasso_register_name_identifier_request_new_from_export(request_msg, lassoNodeExportTypeQuery); if (LASSO_IS_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request) == FALSE) { + message(G_LOG_LEVEL_CRITICAL, lasso_strerror(LASSO_PROFILE_ERROR_INVALID_QUERY)); ret = LASSO_PROFILE_ERROR_INVALID_QUERY; goto done; } diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c index d3cd97f6..16b0408b 100644 --- a/lasso/id-ff/profile.c +++ b/lasso/id-ff/profile.c @@ -47,7 +47,7 @@ static GObjectClass *parent_class = NULL; /*****************************************************************************/ lassoRequestType -lasso_profile_get_request_type_from_soap_msg(gchar *soap) +lasso_profile_get_request_type_from_soap_msg(const gchar *soap) { LassoNode *soap_node, *body_node, *request_node; GPtrArray *children; @@ -98,6 +98,37 @@ lasso_profile_get_request_type_from_soap_msg(gchar *soap) return type; } +/** + * lasso_profile_is_liberty_query + * @query: HTTP query string + * + * Tests the query string to know if the URL is called as the result of a + * Liberty redirect (action initiated elsewhere) or not. + * + * Returns: TRUE if lasso query, FALSE otherwise + **/ +gboolean +lasso_profile_is_liberty_query(const gchar *query) +{ + /* logic is that a lasso query always has some parameters (RequestId, + * MajorVersion, MinorVersion, IssueInstant, ProviderID, + * NameIdentifier, NameQualifier, Format). If three of them are there; + * it's a lasso query, possibly broken, but a lasso query nevertheless. + */ + gchar *parameters[] = { + "RequestId=", "MajorVersion=", "MinorVersion=", "IssueInstant=", + "ProviderID=", "NameIdentifier=", "NameQualifier=", "Format=", + NULL }; + gint i, n = 0; + + for (i=0; parameters[i] && n < 3; i++) { + if (strstr(query, parameters[i])) + n++; + } + + return (n == 3); +} + /*****************************************************************************/ /* public methods */ diff --git a/lasso/id-ff/profile.h b/lasso/id-ff/profile.h index bfb9dd3b..5c46d61f 100644 --- a/lasso/id-ff/profile.h +++ b/lasso/id-ff/profile.h @@ -114,8 +114,13 @@ struct _LassoProfileClass { GObjectClass parent; }; -LASSO_EXPORT lassoRequestType lasso_profile_get_request_type_from_soap_msg (gchar *soap); +/* public functions */ +LASSO_EXPORT lassoRequestType lasso_profile_get_request_type_from_soap_msg (const gchar *soap); + +LASSO_EXPORT gboolean lasso_profile_is_liberty_query (const gchar *query); + +/* public methods */ LASSO_EXPORT GType lasso_profile_get_type (void); diff --git a/lasso/xml/errors.h b/lasso/xml/errors.h index 23455575..cab8ea8f 100644 --- a/lasso/xml/errors.h +++ b/lasso/xml/errors.h @@ -55,7 +55,7 @@ #define LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE -301 /* profile */ -#define LASSO_PROFILE_ERROR_INVALID_QUERY 401 +#define LASSO_PROFILE_ERROR_INVALID_QUERY -401 #define LASSO_PROFILE_ERROR_INVALID_POST_MSG -402 #define LASSO_PROFILE_ERROR_INVALID_SOAP_MSG -403 #define LASSO_PROFILE_ERROR_MISSING_REQUEST -404 |