summaryrefslogtreecommitdiffstats
path: root/lasso
Commit message (Collapse)AuthorAgeFilesLines
...
* Core: add new error code to lasso_node_init_from_messageBenjamin Dauvergne2009-01-241-11/+14
| | | | | | - add new return code LASSO_MESSAGE_FORMAT_XSCHEMA_ERROR - fix SOAP_FORMAT bizarre if conditional - remove old comments
* Core: review of lasso_node_encryptBenjamin Dauvergne2009-01-241-7/+5
| | | | | - use new memory macros - copying nodes instead of stealing nodes
* ID-FF 1.2: fix leak of instance objectBenjamin Dauvergne2009-01-241-0/+1
|
* Core: add a new messsage format error for XSchema constraint failureBenjamin Dauvergne2009-01-241-0/+1
|
* ID-FF 1.2: review logout_validate_requestBenjamin Dauvergne2009-01-241-14/+11
| | | | | | | | | * lasso/id-ff/logout.c (lasso_logout_validate_request): - when signature verification failed in process_request_msg, do not continue validation of the request, stop immediately and return the signature status code. - use utils.h macro for memory allocation handling. Fix potential leak of the profile->response object.
* ID-FF 1.2: validate signatures on responses during the BRWS/Artifact profileBenjamin Dauvergne2009-01-242-0/+29
| | | | | | | | | | | - lasso/id-ff/login.c: - the lasso_login_process_response_msg is used to process SOAP response to artifact resolution requests. The answer contains an samlp:Response that can be signed, and each contained assertion MUST be individually signed. - lasso/xml/samlp_response.c: - set keep_xmlnode flag on the class metadatas to help in signature validations.
* ID-FF 1.2: add validation of assertion signaturesBenjamin Dauvergne2009-01-241-5/+21
| | | | | | | | - lasso/id-ff/login.c: - lasso_login_process_response_status_and_assertion: - if signature_status is not 0 and an assertion is present, we validate the signature on this assertion using the internal API lasso_provider_verify_saml_signature.
* Core: add error code LOGIN_ERROR_REFER_TO_UNKNOWN_REQUESTBenjamin Dauvergne2009-01-242-0/+3
| | | | | | | | * lasso/errors.h, lasso/errors.c: - LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST is raised when a samlp:Response contains an attribute inResponseTo when when no previous request can be found inside the LassoLogin object or if the given ID is not the as the one fome the previous request.
* ID-FF 1.2: fix signature validation in login_process_authn_response_msgBenjamin Dauvergne2009-01-241-3/+3
| | | | | | * lasso/id-ff/login.c: when signature validation fails on a message, then return the signature status as return code. There is a security fix.
* XML: new LassoProvider API to verify XMLDsig signaturesBenjamin Dauvergne2009-01-242-0/+41
| | | | | | | * lasso/id-ff/provider.c, lasso/id-ff/providerprivate.h: - (lasso_provider_verify_saml_signature) validate a signed saml Request, Response or Assertion, using the public key of the given provider.
* XML: Make LassoSamlAssertion keep its XML form when created by parsingBenjamin Dauvergne2009-01-241-0/+1
| | | | | | | * lasso/xml/saml_assertion.c: set the keep_original flag of class LassoSamlAssertion to true, to keep a copy of the original libxml tree used to initialize eache instance of this object. We will use it to validate signature on assertions.
* XML: Add internal API to validate XMLDsig signaturesBenjamin Dauvergne2009-01-242-0/+145
| | | | | | | | | | * lasso/xml/tools.c: - lasso_saml_constrain_dsigctxt() add constraints following SAML specifications on XMLDsig signatures to an libxmlsec DSig context. - lasso_verify_signature() this function given an xmlNode and a key or a keys manager (for a set of AC or AC chains) validate the envelopped signature set upon this node. It can be instructed to follow constraints of the SAML 1.0 specification.
* Core: add new error codesBenjamin Dauvergne2009-01-242-6/+18
| | | | | | | | | | | * lasso/errors.h: add error codes for, - out of memory situation, - excess of references during validation of signature on SAML protocols message or assertions, - an invalid reference during validation of signatures on SAML protocols message or assertions, - an mismatch between requested assertion issuer and received assertion issuer.
* All: Fix missing field initializer problemsBenjamin Dauvergne2009-01-24343-1256/+1594
| | | | | | * lots of files: Explicitely set all field of initialized structures, in order to remove -Wno-missing-field-initilizers from needed compiler options when using -Wall -Wextra.
* Core: add macros to assign list of things, rename xmlNode related macrosBenjamin Dauvergne2009-01-241-86/+146
| | | | | | | | | | | | | | * lasso/utils.h: added new macros, renamed others: - macros handling xmlNode are renamed from _node to _xml_node, - new macros for assign GList* of specific objects: - lasso_assign_list_of_gobjects, - lasso_assign_list_of_strings, - lasso_assign_new_list_of_gobjects, - macros for assigning xmlChar string (we need a specific macros because, we must use xmlFree to release the destination string), - macros to add string without duping: lasso_list_add_xml_string, - macros to add anything non-null (no type cast): lasso_list_add_non_null.
* Core: add references handling macrosBenjamin Dauvergne2009-01-241-17/+102
| | | | | | | | | | | | | | | | | | * lasso/utils.h: - add macro lasso_transfer_string and lasso_transfer_gobject, to transfer ownership of such objects without copying or their changing reference count. The old containing variable is NULLed. - lasso_list_add_gobject,lasso_list_add_new_gobject: test if the added object is a GObject, if not do not add it and print a warning. - lasso_check_type_equality: this macro use special builtin functions only with GCC (typeof and __builtin_types_compatible_p) and do metaprogramming using anonymous enumeration type to make compile time assertions. It is used - add macros to release XPathObject XPathContext, macro constructor to make reference transfert macros (free dest, nullify dest, copy src to dest without increasing refcount, nullify src), add a macro to transfert xpath objects.
* Core: new goto_exit macro which produces warningsBenjamin Dauvergne2009-01-241-0/+9
| | | | | * lasso/utils.h: similar macro to goto_exit_if_fail but also produce a printed warning.
* Core: new macros for adding string to GListBenjamin Dauvergne2009-01-241-0/+5
| | | | | * lasso/utils.h: - lasso_list_add_string, add a copy of a string to a GList
* Core: Remove unused macro lasso_warn_deprecatedBenjamin Dauvergne2009-01-241-4/+0
| | | | | * lasso/utils.h: remove macros lasso_warn_deprecated, use GCC attributes and gtkdoc markers instead.
* removed unused destroy functions (only defined in .c or .h files)Damien Laniel2009-01-222-16/+1
|
* correctly check for successful return of DSA_verifyFrederic Peters2008-12-181-1/+1
|
* check in lasso_name_id_management_init_request if HTTP method is supportedDamien Laniel2008-12-161-2/+13
|
* fixed fault code and use a more precise fault stringDamien Laniel2008-12-122-2/+3
|
* if no identity is found while building disco response, create a soap fault ↵Damien Laniel2008-12-121-2/+7
| | | | response
* Use assignment macros in id-wsf 2.0 moduleBenjamin Dauvergne2008-12-013-57/+33
| | | | | | * lasso/id-wsf-2.0/data_service.c, lasso/id-wsf-2.0/discovery.c, lasso/id-wsf-2.0/profile.c: use assignment macros to maintain proper reference counting and ownership of object field values.
* Add errors.h.in to EXTRA_DISTBenjamin Dauvergne2008-11-261-1/+1
| | | | * lasso/Makefile.am: errors.h.in must be distributed.
* Fix refcounting error in SoapEnvelope classBenjamin Dauvergne2008-11-191-1/+2
| | | | | - lasso/xml/soap_envelope.c (lasso_soap_envelope_new): fix forgotten reference count increase when assigning the body.
* Add support to in memory private key to lasso_query_signBenjamin Dauvergne2008-11-101-1/+6
| | | | | - lasso/xml/tools.c: use BIO_new_mem_buf instead of BIO_new_file if private_key is not an existing file.
* Add missing intializationBenjamin Dauvergne2008-11-052-4/+4
| | | | | - lasso/id-ff/provider.c,lasso/id-ff/server.c: add missing initialization of return code variable.
* Fix missing includeBenjamin Dauvergne2008-11-051-0/+2
|
* Add log message in the metadata loading processBenjamin Dauvergne2008-11-052-3/+16
| | | | | - lasso/id-ff/provider.c, lasso/saml-2.0/provider.c: add critical log message in each failed loading of metadatas branch cases.
* Add new internal function to show safe extractsBenjamin Dauvergne2008-11-053-1/+91
| | | | | | | - lasso/utils.c, lasso/utils.h: New internal api lasso_safe_prefix_string that can show any string taking care of escaping newlines,tabs and non-graphical ou non-ASCII characters.
* Fix uninitialized return codeBenjamin Dauvergne2008-11-051-1/+1
| | | | Thanks Emmanuel Dreyfus
* Fix overwriting of attributes ht by node listsBenjamin Dauvergne2008-11-041-1/+1
| | | | | | | | | | - lasso/xml/xml.c: - In lasso_node_impl_init_from_xml fix really old bug seen when running ID-WSF 2 python tests, when looking for snippet_any field in the GObject we should not take the any attribute field, otherwise the field value is gonna be overwritten with new GList nodes. The problem ca be seen only with classes using the two kind of snippets (ANY nodes and ANY attributs).
* Change style of error and dellocation handlingBenjamin Dauvergne2008-11-043-93/+46
| | | | | | | | | | | | | | | | - lasso/id-ff/provider.c: - in lasso_provider_verify_signature use standardised memory and error handling macros, and also standard return code variable name and exit label. - in lasso_providerl_load_metadata_from_buffer and lasso_provider_load_metadata use the standardised macros, exit labels and return code variable. - lasso/id-ff/server.c: - in lasso_server_load_affiliation use standardised allocation and error handling macros. - lasso/id-wsf/wsf_profile.c: - use standardised memory and error handling macros in lasso_wsf_profile_build_soap_request_msg.
* Move xmlDoc release after xmlFreeXPath*Benjamin Dauvergne2008-11-041-1/+1
| | | | | | - lasso/xml/xml.c: - in lasso_node_new_from_soap release xmlDoc (and the contained nodes) after the XPath objects that can reference them.
* Remove use of xmlFreeDoc for lasso_release_docBenjamin Dauvergne2008-11-0418-42/+54
| | | | | | | | | | | | | | - bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c, bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c, lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c, lasso/id-ff/logout.c, lasso/id-ff/name_registration.c, lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c, lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c, lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c, lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c, lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c, lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i: Remove use of xmlFreeDoc. Use lasso_release_doc instead.
* Add new utils macrosBenjamin Dauvergne2008-11-041-0/+9
| | | | | | | - lasso/utils.h: - add goto_exit_with_rc a standardized macro that suppose having an 'int rc' variable and an exit label in the current function. - add lasso_release_output_buffer macro
* Fix lasso_assign_node: wrong xmlFreeNodeListBenjamin Dauvergne2008-11-041-1/+1
| | | | | | | * lasso/utils.h: - (lasso_assign_node) This macro wrongly assumes that the destroy function for xmlNode is xmlFreeNodeList but it's xmlFreeNode. xmlFreeNodeList is for xmlNode list of children.
* Restore ABI compatibility wrt original_xmlNodeBenjamin Dauvergne2008-11-032-10/+34
| | | | | | | | | | | * lasso/xml/xml.c: - use set/get_qdata to store the original xmlnode, modify init_from_xml and dispose function to cope with this new storage place. * lasso/xml/xml.h: - remove field original_xmlNode from structure LassoNode to keep ABI compatibility with previous versions. - declare new API lasso_node_get_original_xmlnode
* API to cleanup LassoNode tree of keeped xmlNodeBenjamin Dauvergne2008-11-032-0/+63
| | | | | | | | | * lasso/xml/xml.c: - add a new function lasso_node_cleanup_original_xmlnodes to disallocate all keeped xmlNode inside a tree of LassoNodes. - add internal function lasso_node_traversal to iterate across a LassoNode tree (could be used to reimplement lasso_node_destroy) It is a preorder traversal.
* Add support for keep_xmlnode flagBenjamin Dauvergne2008-11-031-0/+11
| | | | | | | | | * lasso/xml/xml.c: - (lasso_node_impl_init_from_xml) When the keep_xmlnode flag is true for the currently parsed Node class, we copy the parsed xmlNode and keep inside the LassoNode. - (lasso_node_dispose) if an original_xmlNode is present, we disallocate it.
* Add original_xmlNode pointer to LassoNodeBenjamin Dauvergne2008-11-031-0/+1
| | | | | | * lasso/xml/xml.h: add an xmlNode field to base class LassoNode, to permit retrieving the xmlNode originally parsed when the structure is the result of parsing. Will be used by signature checking code.
* Add keep_xmlnode field to LassoNodeClassDataBenjamin Dauvergne2008-11-031-0/+1
| | | | | * lasso/xml/private.h: add a boolean flag named keep_xmlnode to base class structure LassoNodeClassData.
* LassoServer init_from_xml/new_from_buffer handlingBenjamin Dauvergne2008-11-021-1/+3
| | | | | | * lasso/id-ff/server.c: (init_from_xml) if load_metadata fail try load_metadata_from_buffer instead using the content of the dumped nodes.
* Add new constructor lasso_server_new_from_buffersBenjamin Dauvergne2008-11-023-0/+43
| | | | | | | * lasso/id-ff/server.c, lasso/id-ff/server.h: add new function to build a LassoServer object holding content of certificate and private key files intead of loading them everytime signing is needed. You must instead load them yourself the first time.
* Export lasso_provider_load_metadata_from_bufferBenjamin Dauvergne2008-11-021-0/+1
| | | | | * lasso/id-ff/providerprivate.h: add declaration for private function lasso_provider_load_metadata_from_buffer
* Add verification of access before calling libxml loading functionBenjamin Dauvergne2008-11-021-1/+4
| | | | | | | | * lasso/id-ff/provider.c: (lasso_provider_load_metadata) libxml emit warning when trying to parse non-existing or non-accessible file, so verify that the file is accessible before calling libxml. (the corner case of having warning when the file become inaccessible between the two calls is non-interesting)
* First try accessing the file before calling key loading functionsBenjamin Dauvergne2008-11-021-9/+11
| | | | | | | * lasso/xml/tools.c: (lasso_sign_node) instead of waiting for the xmlsec key loading function to fail before trying to load the key directly from the private_key buffer, test it using POSIX function.
* Add possibility to sign using preloaded keysBenjamin Dauvergne2008-11-021-2/+17
| | | | | | * lasso/xml/tools.c: - (lasso_sign_node) if loading of the private_key or the certificate file we try to use the filename directly as a key in the PEM format.
generated by cgit (git 2.34.1) at 2025-09-28 20:33:29 +0000