From 3e87282db3c00bc18a72b43385b155c8213e599b Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 6 Oct 2010 18:43:57 +0200 Subject: [docs lasso-book] add figures to the tarball --- docs/lasso-book/figures/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/lasso-book/figures/Makefile.am b/docs/lasso-book/figures/Makefile.am index 4873db98..dd23b956 100644 --- a/docs/lasso-book/figures/Makefile.am +++ b/docs/lasso-book/figures/Makefile.am @@ -49,4 +49,5 @@ slo-sp-soap-4.svg: slo-sp-soap.svg step.xsl slo-sp-soap-5.svg: slo-sp-soap.svg step.xsl slo-sp-soap-6.svg: slo-sp-soap.svg step.xsl -EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg +EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg \ + $(FIGURES_PNG_FILES) $(GENERATED_FIGURES_SVG_FILES) -- cgit From 6b2a21d116d9191eb5f27d204e5137465d6daa2e Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 7 Oct 2010 18:38:21 +0200 Subject: [core] adapt lasso_provider_get_assertion_consumer_service_url for SAMLv2 --- lasso/id-ff/provider.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index fe3f42be..d7cf8810 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -145,6 +145,18 @@ lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const char *name = NULL; char *assertion_consumer_service_url = NULL; + if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) { + int sid = -1; + if (service_id != NULL) { + if (lasso_string_to_xsd_integer(service_id, &sid)) { + if (sid < 0) { + sid = -1; + } + } + } + return lasso_saml20_provider_get_assertion_consumer_service_url(provider, sid); + } + if (service_id == NULL) service_id = provider->private_data->default_assertion_consumer; name = g_strdup_printf("AssertionConsumerServiceURL %s", service_id); -- cgit From 4bf2a6c0c02629f87990f7e7436b2685953267d3 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 7 Oct 2010 18:39:06 +0200 Subject: [SAMLv2] fix bad double free bug in lasso_saml20_provider_get_assertion_consumer_service_url_by_binding --- lasso/saml-2.0/provider.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 15cf2a81..3d62ba4d 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -690,7 +690,7 @@ lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvide lasso_strisequal(endpoint_type->kind,kind) && lasso_strisequal(endpoint_type->binding,binding)) { - return endpoint_type->url; + return g_strdup(endpoint_type->url); } } return NULL; -- cgit From 3872f17fcd7b07727e7a7a28f7749c850f0495b8 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 7 Oct 2010 18:48:28 +0200 Subject: [SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation In lasso_saml20_profile_process_artifact_resolve, we know take a short path with an error when the remote provider is unknown and we also respect the lasso_profile_get_signature_verify_hint() when checking the signature on the artifact resolve message. --- lasso/saml-2.0/profile.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index 18f7d64c..40f6fe89 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char { LassoProvider *remote_provider; int rc = 0; + LassoProfileSignatureVerifyHint sig_verify_hint; /* FIXME: parse only one time the message, reuse the parsed document for signature * validation */ @@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } + lasso_assign_string(profile->private_data->artifact, + LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact); + + sig_verify_hint = lasso_profile_get_signature_verify_hint(profile); lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT( profile->request)->Issuer->content); remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); - profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID", - LASSO_MESSAGE_FORMAT_SOAP); + goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER); + + if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) { + profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID", + LASSO_MESSAGE_FORMAT_SOAP); + } switch (lasso_profile_get_signature_verify_hint(profile)) { case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE: @@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char break; } - lasso_assign_string(profile->private_data->artifact, - LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact); - +cleanup: return rc; } -- cgit From 270f1743f0dd1bc9ce90fbc7afa69c39de4d1846 Mon Sep 17 00:00:00 2001 From: Jérôme Schneider Date: Wed, 6 Oct 2010 17:37:37 +0200 Subject: Add missing include --- lasso/saml-2.0/provider.c | 2 ++ lasso/xml/xml.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 3d62ba4d..67ecc9f8 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -24,6 +24,8 @@ #define _POSIX_SOURCE +#include + #include "../xml/private.h" #include #include diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index e143bbff..c43608b3 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -33,7 +33,7 @@ #include "private.h" #include - +#include #include #include -- cgit From 758fe88dada513c9a3d50adf091318b10cc8b165 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 8 Oct 2010 14:10:26 +0200 Subject: [xml] fix waring on use of strndup on pardus --- lasso/xml/xml.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index c43608b3..0251d479 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -31,9 +31,12 @@ * */ +#define _GNU_SOURCE /* for use of strndup */ + #include "private.h" #include #include +#include #include #include -- cgit From 0325ce08670e9b5429dd2463266d2c0f89044f5b Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 4 Oct 2010 14:30:15 +0200 Subject: Update release notes and website for release 2.3.4 --- NEWS | 22 ++++++++++++++++++++++ lasso.doap | 4 ++++ website/web/doap.rdf | 4 ++++ website/web/download/index.xml | 2 +- website/web/index.xml | 7 +++---- website/web/news/18-release-2.3.4.xml | 16 ++++++++++++++++ 6 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 website/web/news/18-release-2.3.4.xml diff --git a/NEWS b/NEWS index 25b8d386..6b84baa9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,28 @@ NEWS ==== +2.3.4 - Otober 8th 2010 +----------------------- + +14 commits, 10 files changed, 199 insertions, 49 deletions + +Generic + * fix warning for compiling on pardus and EL5 + * the release tarball now contains the figures for the documentation + * lasso_login_process_authn_request documentation gained details on returned errors + +SAMLv2: + * report unknown provider instead an error on parameter value when resolving + and artifact in an assertionConsumer endpoint and the provider is not + registered into the server object. + * lasso_provider_get_assertion_consumer_url now use specific SAMLv2 methods + * fixed a bug in the ordering of indexed endpoints which produced error when + looking up the defualt assertion consumer. It also improved ordering in + presence of the attribute isDefault="false". + +ID-FFv1.2: + * respect the signature verify hint when handling authn requests + 2.3.3 - October 1st 2010 ------------------------ diff --git a/lasso.doap b/lasso.doap index 81d9fe85..0c92cd39 100644 --- a/lasso.doap +++ b/lasso.doap @@ -61,6 +61,10 @@ + + 2010-10-08 + 2.3.4 + 2010-10-01 2.3.3 diff --git a/website/web/doap.rdf b/website/web/doap.rdf index 81d9fe85..0c92cd39 100644 --- a/website/web/doap.rdf +++ b/website/web/doap.rdf @@ -61,6 +61,10 @@ + + 2010-10-08 + 2.3.4 + 2010-10-01 2.3.3 diff --git a/website/web/download/index.xml b/website/web/download/index.xml index df890276..e4fd34fc 100644 --- a/website/web/download/index.xml +++ b/website/web/download/index.xml @@ -10,7 +10,7 @@

Lasso is licensed under the GNU GPL and the latest release is available here as a gzipped tarball: - lasso-2.3.2.tar.gz + lasso-2.3.4.tar.gz

Binary Downloads

diff --git a/website/web/index.xml b/website/web/index.xml index cf2e521d..d3d65f5c 100644 --- a/website/web/index.xml +++ b/website/web/index.xml @@ -46,10 +46,9 @@

- The most recent version of Lasso is 2.3.3. You can - download - the 2.3.2 tarball here or get more options on the general 2.3.4. You can + download + the 2.3.4 tarball here or get more options on the general download page.

diff --git a/website/web/news/18-release-2.3.4.xml b/website/web/news/18-release-2.3.4.xml new file mode 100644 index 00000000..cb493266 --- /dev/null +++ b/website/web/news/18-release-2.3.4.xml @@ -0,0 +1,16 @@ + +
+

2010-10-08: Released 2.3.4

+ +

+ Lasso 2.3.4 have been released. + Download 2.3.4 now +

+ +

+ What changed ? + Fix bug on ordering of assertionConsumer endpoints, and problem of + compilation on Pardus and EL5 distributions. +

+ +
-- cgit