Add configuration directive MellonDoNotVerifyLogoutSignature

This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.

git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53

5 files changed, 75 insertions, 3 deletions

diff --git a/README b/README
index 13fbbe3..9de7309 100644
--- a/README
+++ b/README
@@ -461,6 +461,9 @@ MellonPostCount 100
         # behind a reverse proxy or any kind of strange network topology making IP address of client
         # different for the IdP and the SP. Default is on.
         # MellonSubjectConfirmationDataAddressCheck On
+
+        # Does not check signature on logout messages exchanges with idp1
+        # MellonDoNotVerifyLogoutSignature http://idp1.example.com/saml/metadata
 </Location>
 
 
diff --git a/auth_mellon.h b/auth_mellon.h
index 0ec0e11..c1c8086 100644
--- a/auth_mellon.h
+++ b/auth_mellon.h
@@ -221,6 +221,8 @@ typedef struct am_dir_cfg_rec {
     apr_array_header_t *authn_context_class_ref;
     /* Controls the checking of SubjectConfirmationData.Address attribute */
     int subject_confirmation_data_address_check;
+    /* MellonDoNotVerifyLogoutSignature idp set */
+    apr_hash_t *do_not_verify_logout_signature;
 
     /* Cached lasso server object. */
     LassoServer *server;
diff --git a/auth_mellon_config.c b/auth_mellon_config.c
index 89f33ac..793d7af 100644
--- a/auth_mellon_config.c
+++ b/auth_mellon_config.c
@@ -77,7 +77,6 @@ static const apr_size_t post_size = 1024 * 1024 * 1024;
  */
 static const int post_count = 100;
 
-#if unused
 /* This function handles configuration directives which set a 
  * multivalued string slot in the module configuration (the destination
  * strucure is a hash).
@@ -117,7 +116,6 @@ static const char *am_set_hash_string_slot(cmd_parms *cmd,
 
     return NULL;
 }
-#endif /* unused */
 
 /* This function handles configuration directives which set a 
  * multivalued string slot in the module configuration (the destination
@@ -783,6 +781,35 @@ static const char *am_set_authn_context_class_ref(cmd_parms *cmd,
     return NULL;
 }
 
+/* This function handles the MellonDoNotVerifyLogoutSignature configuration directive, 
+ * it is identical to the am_set_hash_string_slot function. You can refer to it.
+ *
+ * Parameters:
+ *  cmd_parms *cmd       The command structure for this configuration
+ *                       directive.
+ *  void *struct_ptr     Pointer to the current directory configuration.
+ *                       NULL if we are not in a directory configuration.
+ *  const char *key      The string argument following this configuration
+ *                       directive in the configuraion file.
+ *
+ * Returns:
+ *  NULL on success or an error string on failure.
+ */
+static const char *am_set_do_not_verify_logout_signature(cmd_parms *cmd,
+                                          void *struct_ptr,
+                                          const char *key)
+{
+#ifdef HAVE_lasso_profile_set_signature_verify_hint
+    return am_set_hash_string_slot(cmd, struct_ptr, key, NULL);
+#else
+    return apr_pstrcat(cmd->pool, cmd->cmd->name,
+                       " is not usable as modmellon was compiled against "
+                       "a version of the lasso library which miss the "
+                       "function lasso_profile_set_signature_verify_hint.",
+                       NULL);
+#endif
+}
+
 /* This array contains all the configuration directive which are handled
  * by auth_mellon.
  */    
@@ -1109,6 +1136,14 @@ const command_rec auth_mellon_commands[] = {
         OR_AUTHCFG,
         "Check address given in SubjectConfirmationData Address attribute. Default is on."
         ),
+    AP_INIT_TAKE1(
+        "MellonDoNotVerifyLogoutSignature",
+        am_set_do_not_verify_logout_signature,
+        NULL,
+        OR_AUTHCFG,
+        "A list of entity of IdP whose logout requests signatures will not "
+        "be valided"
+        ),
     {NULL}
 };
 
@@ -1191,8 +1226,9 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d)
     apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p);
     dir->inherit_server_from = dir;
     dir->server = NULL;
-    dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));;
+    dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));
     dir->subject_confirmation_data_address_check = inherit_subject_confirmation_data_address_check;
+    dir->do_not_verify_logout_signature = apr_hash_make(p);
 
     return dir;
 }
@@ -1399,6 +1435,11 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
                              add_cfg->authn_context_class_ref :
                              base_cfg->authn_context_class_ref);
 
+    new_cfg->do_not_verify_logout_signature = apr_hash_copy(p, 
+                             (apr_hash_count(add_cfg->do_not_verify_logout_signature) > 0) ?
+                             add_cfg->do_not_verify_logout_signature :
+                             base_cfg->do_not_verify_logout_signature);
+
     new_cfg->subject_confirmation_data_address_check =
         CFG_MERGE(add_cfg, base_cfg, subject_confirmation_data_address_check);
 
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 4877aa8..2d4003a 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -660,9 +660,21 @@ static int am_handle_logout_request(request_rec *r,
 {
     gint res = 0, rc = HTTP_OK;
     am_cache_entry_t *session;
+    am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     /* Process the logout message. Ignore missing signature. */
     res = lasso_logout_process_request_msg(logout, msg);
+#ifdef HAVE_lasso_profile_set_signature_verify_hint
+    if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
+        if (apr_hash_get(cfg->do_not_verify_logout_signature,
+                         logout->parent.remote_providerID,
+                         APR_HASH_KEY_STRING)) {
+            lasso_profile_set_signature_verify_hint(&logout->parent,
+                LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
+            res = lasso_logout_process_request_msg(logout, msg);
+        }
+    }
+#endif
     if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                       "Error processing logout request message."
@@ -753,8 +765,20 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout)
     int rc;
     am_cache_entry_t *session;
     char *return_to;
+    am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
 
     res = lasso_logout_process_response_msg(logout, r->args);
+#ifdef HAVE_lasso_profile_set_signature_verify_hint
+    if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
+        if (apr_hash_get(cfg->do_not_verify_logout_signature,
+                         logout->parent.remote_providerID,
+                         APR_HASH_KEY_STRING)) {
+            lasso_profile_set_signature_verify_hint(&logout->parent,
+                LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE);
+            res = lasso_logout_process_response_msg(logout, r->args);
+        }
+    }
+#endif
     if(res != 0) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                       "Unable to process logout response."
diff --git a/configure.ac b/configure.ac
index 3d5b833..4455a13 100644
--- a/configure.ac
+++ b/configure.ac
@@ -48,6 +48,8 @@ AC_CHECK_LIB(lasso, lasso_server_new_from_buffers,
 	     LASSO_CFLAGS="$LASSO_CFLAGS -DHAVE_lasso_server_new_from_buffers")
 AC_CHECK_LIB(lasso, lasso_server_load_metadata,
              LASSO_CFLAGS="$LASSO_CFLAGS -DHAVE_lasso_server_load_metadata")
+AC_CHECK_LIB(lasso, lasso_profile_set_signature_verify_hint,
+             LASSO_CFLAGS="$LASSO_CFLAGS -DHAVE_lasso_profile_set_signature_verify_hint")
 LIBS=$saved_LIBS;
 AC_SUBST(LASSO_CFLAGS)
 AC_SUBST(LASSO_LIBS)