| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
* lasso/xml/xml.c:
remove lasso_xml_parse_memory.
* lasso/xml/tools.c:
add lasso_xml_parse_memory to wrap xmlParseDocument.
* lasso/saml-2.0/name_id_management.c:
use lasso_xml_parse_memory
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/saml-2.0/name_id_management.c:
use new generic methods in lasso_name_id_management_init_request,
lasso_name_id_management_build_request_msg,
lasso_name_id_management_process_request_msg,
lasso_name_id_management_validate_request,
lasso_name_id_management_build_response_msg,
lasso_name_id_management_process_response_msg.
Remove useless boilerplate code.
* lasso/id-ff/server.c:
* lasso/id-ff/serverprivate.h:
last user of lasso_server_nameid_decrypt removed, so remove the code.
|
| |
|
|
|
|
|
| |
* lasso/saml-2.0/logout.c:
use new generic methods in
lasso_saml20_logout_process_request_msg, and
lasso_saml20_logout_process_response_msg.
|
| |
|
|
|
|
|
|
| |
* lasso/saml-2.0/login.c:
use new generic profile methods for saml 2.0 in
lasso_saml20_login_process_paos_response_msg,
lasso_saml20_login_process_authn_response_msg,
lasso_saml20_login_process_response_status_and_assertion.
|
| |
|
|
|
| |
* lasso/saml-2.0/login.c:
add include saml2_name_id.h
|
| |
|
|
|
|
|
|
|
|
| |
* lasso/xml/saml-2.0/saml2_encrypted_element.c:
using new function lasso_node_decrypt_xmlnode implement the new
method, int lasso_saml2_encrypted_element_decrypt(
LassoSaml2EncryptedElement* encrypted_element,
xmlSecKey *encryption_private_key, LassoNode **decrypted_node).
This function is currently not exported by bindings because of the
last ouput argument which is not supported by the binding generator.
|
| |
|
|
|
|
|
| |
* lasso/xml/private.h:
* lasso/xml/tools.c:
replace implementation of lasso_node_decrypt by a new one called
lasso_node_decrypt_xmlnode, and use it where old one was used.
|
| |
|
|
|
|
|
|
| |
* lasso/saml-2.0/assertion_query.c:
use new code in SAML 2.0 profile.c to parse requests and decrypt
nameid, chains calls so that error are kept but all actions are
accomplished anyway (if first call fails, keep the error but continue
the processing, then at end return the first returned error).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/profileprivate.h:
the current effort is to simplify implementation code in saml-2.0 and
much of the other frameworks. Those new methods:
lasso_saml20_init_request
lasso_saml20_profile_process_name_identifier_decryption
lasso_saml20_profile_process_soap_request
lasso_saml20_profile_process_soap_response
lasso_saml20_profile_process_any_request
lasso_saml20_profile_process_any_response
lasso_saml20_profile_setup_request_signing
lasso_saml20_profile_build_request_msg
lasso_saml20_profile_build_response
lasso_saml20_profile_init_response
should help reduce code in login.c, logout.c, name_id_management.c
and assertion_query.c. They should also permit to make all profiles
at the same level of binding support
(GET,REDIRECT,POST,ARTIFACT_GET,ARTIFACT_POST).
Those function centralize error code handling, initialization of
commong class (LassoSamlp2StatusResponse and
LassoSamlp2RequestAbstract) and also the handling of NameID
decryption.
|
| |
|
|
|
|
|
|
|
| |
* lasso/utils.h:
this new macro try to extract a field from a structre (or any
left-hand-side value), try to typecheck it using 'LASSO_IS_XXX',
if succesfull, the value is assigned to the variable given as first
argument or we jump to the 'cleanup' goto label, setting the 4th
argument as the current error code (value of variable 'rc').
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/id-wsf-2.0/data_service.c:
* lasso/id-wsf-2.0/discovery.c:
* lasso/id-wsf-2.0/profile.c:
* lasso/id-wsf/data_service.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
when --enable-debugging is activated much more type checking is done
by internal macros, and code do not pass compile anymore.
* bindings/python/tests/idwsf2_tests.py: nameIdentifier packing in SOAP
ID-WSF calls headers is no longer supported, do not test it.
|
| |
|
|
|
|
| |
* lasso/id-ff/server.c:
In lasso_server_get_provider, return NULL if provider server is not
one, provider is null or 0-length.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
|
| |
|
|
|
|
|
|
|
|
| |
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
|
| |
|
|
|
| |
* lasso/id-ff/provider.h:
add LASSO_HTTP_METHOD_LAST to enum LassoHttpMethod.
|
| |
|
|
|
|
|
| |
* lasso/id-ff/login.c:
reword lasso_login_process_status_and_assertion,
remove wrong NameID decryption code (it cannot work),
adapt to new signature of lasso_provider_verify_saml_signature,
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* lasso/xml/private.h:
* lasso/xml/xml.c:
lasso_node_init_from_message_with_format permit to initialize a node
and to keep the corresponding xml document, in order for example to
validate a signature.
* lasso/xml/tools.c:
lasso_xml_parse_message is able to parse a message of any type, or of
a given type. If a message of another than the one specified is
found, the call fails, and a LASSO_MESSAGE_FORMAT_ERROR is returned.
|
| |
|
|
|
|
|
| |
* lasso/xml/tools.c:
add lasso_xml_is_soap, to verify that a message is SOAP.
add lasso_xml_get_soap_content, to retrieve the first child of the
SOAP body, whatever the SOAP content version.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/xml/xml_enc.h:
remove old functions
* lasso/xml/private.h:
remove lasso_node_(de/en)crypt from public headers API, they were not
exported anyway. move them to internal header.
* lasso/xml/saml-2.0/saml2_encrypted_element.{c,h}:
add a new decrypt function to convert a EncryptedElement to the
contained encrypted node objects.
* bindings/overrrides.xml:
do not export the new method, wait for implementation of output
arguments.
* lasso/id-ff/server.c:
remove lasso_decrypt_nameid from lasso/id-ff/server.c
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* xml/saml-2.0/saml2_attribute_value.c:
* xml/saml-2.0/samlp2_extensions.c:
* xml/saml_attribute_value.c:
add documentation about the special way of setting those classes
content, that is using lasso_node_set_original_xmlnode.
* docs/reference/lasso-sections.txt:
* docs/reference/lasso.sgml:
add missing declarations for documentation of LassoSamlAttribute,
LassoSamlAttributeValue, LassoSamlAttributeDesignator,
LassoSamlStatement and LassoSaml2AttributeValue.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/xml/private.h:
* lasso/xml/xml.h
* lassoi/xml/xml.c:
add an implementation helper for the AttributeValue objects
implementation of get_xmlNode.
make lasso_node_set_original_xmlnode public API.
* lasso/xml/saml-2.0/samlp2_extensions.c:
* lasso/xml/saml-2.0/saml2_attribute_value.c:
* lasso/xml/saml_attribute_value.c:
implement get_xmlNode for the AttributeValue and Extensions objects.
If the any field is empty, use the original_xmlnode value. In order
to support free-style content, you must use the method
lasso_node_set_original_xmlnode, properties and children are
extracted from the given node and added to the node created by the
generic get_xmlNode virtual method.
|
| |
|
|
|
|
|
|
| |
* private.h:
add the new constant to the enum type
* xml.c:
fix lasso_node_traversal, add support for the new contanst in
lasso_node_imp_init_from_xmlNode.
|
| |
|
|
|
|
|
|
|
| |
* lasso/errors.c, lasso/errors.h:
remove useless error code LASSO_SERVER_ERROR_INVALID_XML,
fix string for LASSO_PROFILE_ERROR_INVALID_ISSUER,
add errors codes LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE,
LASSO_PROFILE_ERROR_CANNOT_FIND_A_PROVIDER and
LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY.
|
| |
|
|
|
|
|
|
|
| |
* lasso/Makefile.am:
remove .PHONY declaration on built sources and set appropriate
dependencies.
* lasso/extract_types.py: with new dependencies well defined in
Makefile no need to verify change in the content of the file, just
overwrite it.
|
| |
|
|
|
|
|
|
|
| |
* lasso/xml/xml.c:
In lasso_node_impl_init_from_xml if xmlnode is null, return an error
but if no node_data specification is present, do not fail but print a
warning. It is not an error for a class to not have a node_data
private field.
add a comment to fix return code later.
|
| |
|
|
|
|
|
| |
* lasso/xml/tools.c:
in lasso_load_certs_from_pem_certs_chain_file if
g_io_channel_new_file fails return NULL and print a warning.
If path is NULL or 0-length also returns NULL.
|
| |
|
|
|
| |
* lots of files:
explicitely load the internal header xml/private.h where needed.
|
| |
|
|
|
|
|
| |
* lasso/saml-2.0/name_id_management.c:
(lasso_saml2_name_id_management_process_request)
simplify code, remove explicit decryption of nameid and handling of
error cases, delegate to lasso_decrypt_nameid (from xml/tools.c).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/id-dff/serverprivate.h:
* lasso/id-ff/server.c:
lasso_server_decrypt_nameid handle error case of NameID decryption,
and update passed field pointers.
* lasso/errors.h:
add new error codes:
LASSO_DS_ERROR_DECRYPTION_FAILED -118
- Decryption of an encrypted node failed
LASSO_PROFILE_ERROR_MISSING_SERVER -438
- No server object set in the profile
|
| |
|
|
|
| |
* lasso/xml/lib_logout_request.c: do not break parsing when
NameIdentifier->Format attribute is NULL.
|
| |
|
|
|
|
|
|
|
|
| |
* lasso/saml-2.0/login.c:
In specification saml-profile-2.0-os.pdf, in paragraph 4.1.4.3, it is
said that the SubjectConfirmationData node MUST NOT contain a
NotBefore attribute if it contains an InReponseTo attribute,
understanding that the response cannot (it the ID of the request is
sufficiently random) arrive before the request and be valid with
respect to the InResponseTo attribute.
|
| |
|
|
|
|
|
|
|
|
|
| |
with authn request id
* lasso/id-ff/login.c:
* lasso/saml-2.0/login.c:
Serialize/Unserialize request_id private field in LassoLogin dumps.
Match InResponseTo assertion attribute (ID-FF 1.2) or
SubjectConfirmationData attribute (SAML 2.0) to original request id
if it is present.
|
| |
|
|
|
|
|
| |
* lasso/errors.h:
* lasso/errors.c:
rename LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST to
LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID.
|
| |
|
|
|
|
|
| |
* lasso/xml/xml.c:
xsi:type handling is broken since commit 3982, restore it.
move prefix/nodename matching in static helper functions, and reuse
them inside xsi:type code path.
|
| |
|
|
|
|
| |
* lasso/xml/tools.c: in lasso_verify_signature always return success if
lasso_flag_verify_signature is FALSE.
* lasso/xml/private.h: change return type to int.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* id-ff/login.h:
add a string field named request_id in the private part of LassoLogin
to store request id from the original AuthnRequest.
* id-ff/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
* saml-2.0/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* lasso/id-ff/session.h: add the OFTYPE decorator to the return type of
lasso_session_get_assertions.
|
| |
|
|
| |
* lasso/id-ff/logout.c (lasso_logout_validate_request): use new macros.
|
| |
|
|
|
|
|
| |
* lasso/id-ff/logout.c (lasso_logout_process_request_msg): use the
new allocation macros, add checking of the parsed object type, add
validation of some schema constraints before processing, like
presence of the name identifier.
|
| | |
|
| |
|
|
|
| |
- lasso/xml/disco_insert_entry.c (lasso_disco_insert_entry_new) :
replace manual g_object_ref with assignment macro.
|
| |
|
|
|
| |
- lasso/xml/disco_resource_offering.c (lasso_disco_resource_offering_new)
replace manual g_object_ref with assignment macro.
|
| | |
|
