From cd6262bbd746ac7a45e0904764da4e7b6aa00e76 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 14 Dec 2010 15:19:36 +0100 Subject: [binding php5] add inline implementation of lasso_log since it is a private function of lasso --- bindings/php5/wrapper_source_top.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/bindings/php5/wrapper_source_top.c b/bindings/php5/wrapper_source_top.c index 1b6bec7e..67a279a4 100644 --- a/bindings/php5/wrapper_source_top.c +++ b/bindings/php5/wrapper_source_top.c @@ -7,6 +7,28 @@ #include #include "php_lasso.h" #include "../ghashtable.h" +#define LASSO_LOG_STATIC + +#if defined(__GNUC__) +# define lasso_log(level, filename, line, function, format, args...) \ + g_log("Lasso", level, "%s:%i:%s" format, filename, line, function, ##args) +#elif defined(HAVE_VARIADIC_MACROS) +# define lasso_log(level, format, line, function, ...) \ + g_log("Lasso", leve, "%s:%i:%s" format, filename, line, function, __VA_ARGS__) +#else +static inline void lasso_log(GLogLevelFlags level, const char *filename, + int line, const char *function, const char *format, ...) +{ + va_list ap; + char s[1024]; + va_start(ap, format); + g_vsnprintf(s, 1024, format, ap); + va_end(ap); + g_log("Lasso", level, "%s:%i:%s %s", filename, line, function, s); +} +#define lasso_log lasso_log +#endif + #include "../../lasso/utils.h" #include "../utils.c" -- cgit From fd52e6809498824b48d999da3fa2f221fd1543da Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 17 Dec 2010 17:34:59 +0100 Subject: [samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData --- lasso/saml-2.0/login.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 40b6d71c..8e9ada11 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -743,8 +743,6 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string( LASSO_PROVIDER(profile->server)->ProviderID)); assertion->Conditions = LASSO_SAML2_CONDITIONS(lasso_saml2_conditions_new()); - lasso_assign_string(assertion->Conditions->NotOnOrAfter, notOnOrAfter); - lasso_assign_string(assertion->Conditions->NotBefore, notBefore); audience_restriction = LASSO_SAML2_AUDIENCE_RESTRICTION( lasso_saml2_audience_restriction_new()); @@ -759,9 +757,6 @@ lasso_saml20_login_build_assertion(LassoLogin *login, assertion->Subject->SubjectConfirmation->SubjectConfirmationData = LASSO_SAML2_SUBJECT_CONFIRMATION_DATA( lasso_saml2_subject_confirmation_data_new()); - lasso_assign_string( - assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotBefore, - notBefore); lasso_assign_string( assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter, notOnOrAfter); -- cgit From d02bf096a5468ce688b07ecb543260942c075331 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 17 Dec 2010 17:36:17 +0100 Subject: [samlv2 logout] setup the NameID from the assertion --- lasso/saml-2.0/logout.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c index 7f677aa2..332c3287 100644 --- a/lasso/saml-2.0/logout.c +++ b/lasso/saml-2.0/logout.c @@ -82,8 +82,8 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov lasso_ref(assertion_n); assertion = (LassoSaml2Assertion*)assertion_n; - /* set the nameid */ - lasso_assign_gobject(logout_request->NameID, profile->nameIdentifier); + /* Set the NameID */ + lasso_assign_gobject(logout_request->NameID, assertion->Subject->NameID); /* Encrypt NameID */ if (lasso_provider_get_encryption_mode(remote_provider) == LASSO_ENCRYPTION_MODE_NAMEID) { -- cgit From 8c289263043f6f3ed0ae17485658a4387964c961 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 17 Dec 2010 17:40:07 +0100 Subject: [profile] prefer to lookup the session before the identity for looking up a name identifier; --- lasso/id-ff/profile.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c index a0b24aa9..ee0d10f8 100644 --- a/lasso/id-ff/profile.c +++ b/lasso/id-ff/profile.c @@ -115,6 +115,20 @@ lasso_profile_get_nameIdentifier(LassoProfile *profile) if (profile->remote_providerID == NULL) return NULL; + /* For transient federations, we must look at assertions no federation object exists */ + if (LASSO_IS_SESSION(profile->session)) { + LassoNode *assertion, *name_id; + + assertion = lasso_session_get_assertion(profile->session, + profile->remote_providerID); + + name_id = _lasso_saml_assertion_get_name_id((LassoSamlAssertion*)assertion); + if (name_id) + return name_id; + name_id = _lasso_saml2_assertion_get_name_id((LassoSaml2Assertion*)assertion); + if (name_id) + return name_id; + } /* beware, it is not a real loop ! */ if (LASSO_IS_IDENTITY(profile->identity)) do { remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); @@ -136,20 +150,6 @@ lasso_profile_get_nameIdentifier(LassoProfile *profile) return federation->local_nameIdentifier; } while (FALSE); - /* For transient federations, we must look at assertions no federation object exists */ - if (LASSO_IS_SESSION(profile->session)) { - LassoNode *assertion, *name_id; - - assertion = lasso_session_get_assertion(profile->session, - profile->remote_providerID); - - name_id = _lasso_saml_assertion_get_name_id((LassoSamlAssertion*)assertion); - if (name_id) - return name_id; - name_id = _lasso_saml2_assertion_get_name_id((LassoSaml2Assertion*)assertion); - if (name_id) - return name_id; - } return NULL; } -- cgit From 126a9ac71c853e230fdd4abe1ca05f77ba56bbac Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 17 Dec 2010 17:40:28 +0100 Subject: [samlv2 logout] check that the assertion is well formed before accessing the subject nameid --- lasso/saml-2.0/logout.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c index 332c3287..3d8859f0 100644 --- a/lasso/saml-2.0/logout.c +++ b/lasso/saml-2.0/logout.c @@ -83,6 +83,10 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov assertion = (LassoSaml2Assertion*)assertion_n; /* Set the NameID */ + goto_cleanup_if_fail_with_rc(assertion->Subject != NULL, + LASSO_PROFILE_ERROR_MISSING_SUBJECT); + goto_cleanup_if_fail_with_rc(assertion->Subject->NameID != NULL, + LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER); lasso_assign_gobject(logout_request->NameID, assertion->Subject->NameID); /* Encrypt NameID */ -- cgit From aa9898693a6caecf4a72368e46ca2d164ed3c258 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 21 Dec 2010 10:44:14 +0100 Subject: [saml login] suppress unused argument warning --- lasso/saml-2.0/login.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 8e9ada11..08e5d6a2 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -701,7 +701,7 @@ int lasso_saml20_login_build_assertion(LassoLogin *login, const char *authenticationMethod, const char *authenticationInstant, - const char *notBefore, + G_GNUC_UNUSED const char *notBefore, const char *notOnOrAfter) { LassoProfile *profile = &login->parent; -- cgit From d8bff0dbb395b20c5a7c2c5aa7acd2d8568cd1db Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 21 Dec 2010 10:54:38 +0100 Subject: [saml2 profile] fix bug in binding_uri_to_http_method with the POST binding --- lasso/saml-2.0/provider.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 67ecc9f8..8a552b82 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -82,7 +82,7 @@ binding_uri_to_http_method(const char *uri) } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_REDIRECT) == 0) { return LASSO_HTTP_METHOD_REDIRECT; } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_POST) == 0) { - return LASSO_HTTP_METHOD_NONE; + return LASSO_HTTP_METHOD_POST; } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_ARTIFACT) == 0) { return LASSO_HTTP_METHOD_ARTIFACT_GET; } else if (strcmp(uri, LASSO_SAML2_METADATA_BINDING_PAOS) == 0) { -- cgit From e401253f8def3bd0cd3fa21bf0683fb999cc6d65 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 21 Dec 2010 10:58:48 +0100 Subject: [saml2 provider] change critical messages to debug messages --- lasso/saml-2.0/provider.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 8a552b82..431f2937 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -235,7 +235,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole binding_s = binding_uri_to_identifier((char*)binding); if (! binding_s) { - critical("XXX: unknown binding: %s", binding); + debug("Endpoint loading failed, unknown binding: %s", binding); goto cleanup; } @@ -243,7 +243,7 @@ load_endpoint_type(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole value = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_LOCATION); if (value == NULL) { - message(G_LOG_LEVEL_CRITICAL, "XXX: missing location for element %s", xmlnode->name); + debug("Endpoint loading failed, missing location on element %s", xmlnode->name); goto cleanup; } /* special case of AssertionConsumerService */ -- cgit From cfd58003fa315193b512aeb8b2a78431b35100dd Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 21 Dec 2010 16:38:57 +0100 Subject: [saml2] fix errors in lasso)provider_get_first_http_method when a binding is unknown --- lasso/saml-2.0/provider.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index 431f2937..4f9192d5 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -518,7 +518,6 @@ lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provide kind = profile_names[protocol_type]; } if (! kind) { - warning("Could not find a first http method for protocol type %u", protocol_type); return LASSO_HTTP_METHOD_NONE; } @@ -526,7 +525,8 @@ lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provide EndpointType *endpoint_type = (EndpointType*)t->data; if (endpoint_type && lasso_strisequal(endpoint_type->kind, kind)) { result = binding_uri_to_http_method(endpoint_type->binding); - if (result) break; + if (result != LASSO_HTTP_METHOD_NONE) + break; } } @@ -546,7 +546,7 @@ lasso_saml20_provider_accept_http_method(G_GNUC_UNUSED LassoProvider *provider, } if (! kind) { warning("Could not find a first http method for protocol type %u", protocol_type); - return LASSO_HTTP_METHOD_NONE; + return FALSE; } lasso_foreach(t, remote_provider->private_data->endpoints) { -- cgit From fb37b807a72e1a44ed338215cf0fb7c9199eab80 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 21 Dec 2010 17:44:38 +0100 Subject: [configure.ac] increment version and libtool version info --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 1ccb4146..526df6d3 100644 --- a/configure.ac +++ b/configure.ac @@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version > dnl first number. dnl - Third number is the current API version implementation version number. dnl See libtool explanations about current, age and release, later in this file. -AC_INIT([lasso], 2.3.4, lasso-devel@lists.labs.libre-entreprise.org) +AC_INIT([lasso], 2.3.5, lasso-devel@lists.labs.libre-entreprise.org) dnl Check if autoconf ver > 2.53 AC_PREREQ(2.53) AC_CONFIG_MACRO_DIR([m4]) @@ -184,7 +184,7 @@ dnl - interfaces removed -> AGE = 0 # m = a # r = r current=`expr $VERSION_MAJOR + $VERSION_MINOR` -LASSO_VERSION_INFO="12:2:9" +LASSO_VERSION_INFO="12:3:9" AC_SUBST(LASSO_VERSION_INFO) dnl Compute the minimal supported ABI version for Win32 scripts and resources files. -- cgit From d69649cc5d89cb8a9c1fe50e5f668427d19449b2 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 22 Dec 2010 11:03:52 +0100 Subject: [xml] fix null pointer access in lasso_node_get_encryption --- lasso/xml/xml.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index b5d35050..5504c3fc 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -1081,7 +1081,7 @@ lasso_node_get_encryption(LassoNode *node, xmlSecKey **encryption_public_key, g_return_if_fail(LASSO_IS_NODE(node)); custom_element = _lasso_node_get_custom_element(node); - if (custom_element->encryption_public_key) { + if (custom_element && custom_element->encryption_public_key) { lasso_assign_sec_key(*encryption_public_key, custom_element->encryption_public_key); *encryption_sym_key_type = custom_element->encryption_sym_key_type; -- cgit