summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add support for AssertionConsumerServiceURLwipSimo Sorce2014-08-151-0/+14
| | | | | | | | | Apperently some IdPs like PicketLink insist they reaaaally want to see AssertionConsumerServiceURL as part of the Authentication Request. Provide it if allowed by the SP metadata. Signed-off-by: Simo Sorce <simo@redhat.com>
* Update news file and version number for version 0.8.0.olavmrk2014-06-242-1/+33
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@238 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix memory leak of loaded IdPs.olavmrk2014-06-241-2/+6
| | | | | | | | | | | We free the first element of a linked list, but not the data nor the subsequent elements. Fix that by first iterating through the list freeing the elements and then freeing the list using g_list_free(). We could have used g_list_free_full, but that requires version 2.28 of GLib, which is still slightly too recent. git-svn-id: https://modmellon.googlecode.com/svn/trunk@237 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert session user name to dynamic size storageolavmrk2014-06-203-10/+30
| | | | | | | | | | Using the previously introduced storage facility convert storage of the user name from being constrained to fixed sized strings to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@236 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert session env array to dynamic size storageolavmrk2014-06-203-23/+47
| | | | | | | | | | Using the previously introduced storage facility convert storage of env key/value pairs from being constrained to fixed sized strings to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@235 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_saml_response to dynamic size storageolavmrk2014-06-202-21/+17
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_saml_reponse from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@234 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_session to dynamic size storageolavmrk2014-06-202-26/+16
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_session from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@233 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Convert lasso_identity to dynamic size storageolavmrk2014-06-202-25/+14
| | | | | | | | | | Using the previously introduced storage facility converts storage of lasso_identity from being constrained to a fixed sized string to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@232 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Introduce dynamic memory pool for sessionsolavmrk2014-06-205-1/+132
| | | | | | | | | | | This pool has a fixed size and the aim is to avoid arbitrary limits on entry's components, while maintaining an overall fixed entry size. Accessors function for a storage unit are provided for future use. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@231 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Compile in C99-mode.olavmrk2014-06-202-1/+4
| | | | | | | Some of the following patches use features from C99, so make sure that we are compiling using that version. git-svn-id: https://modmellon.googlecode.com/svn/trunk@230 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix potential NULL Dereference bugsolavmrk2014-06-121-4/+8
| | | | | | | | Found by Coverity Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@229 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonNoSuccessErrorPage to the README-file.olavmrk2014-04-251-0/+9
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@228 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a helper to redirect on unauthorized errorolavmrk2014-04-253-0/+25
| | | | | | | | | | In case we are going to return a HTTP_UNAUTHORIZED error we can also redirect the client to an admin chosen page to let the application handle the error on its own. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Handle non successful status posted by the Idpolavmrk2014-04-253-1/+23
| | | | | | | | | | | | | | | | Idps may decide to deny authentication for a variety of reasons. In such a case they will post to the application with an unsuccessful status error code. Handle the case by returning a more appropriate 401 Unauthorized HTTP error code. iDo this using an extensible mechanism to map arbitrary lasso errors to HTTP errors. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Silence warningolavmrk2014-04-251-1/+4
| | | | | | | | | | The -Wunused-but-set-variable option will cause a warning that idp_public_key_file is set but never used when HAVE_lasso_server_load_metadata is defined. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@225 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Document caching logic in the README-file.olavmrk2014-02-131-0/+37
| | | | | | Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@224 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Simplify cache disabling headers.olavmrk2014-02-133-25/+13
| | | | | | | | | | | | | | | | | | This patch changes the headers sent to prevent errornous caching of the responses sent to only use a single header: Cache-Control: private, must-revalidate This single header should ensure that the data isn't shared between multiple users, and that the browser checks that the content is still valid for each request (enabling logout to work as expected). This drops the Exires-header, which should be unnecessary since all modern browsers support the Cache-Control-header. Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@223 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Document MellonUser with multi-valued attributes.olavmrk2013-10-281-0/+3
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@222 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Properly release sessions during logout.olavmrk2013-10-281-4/+9
| | | | | | | | | | In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND" occurs during lasso_logout_validate_request(), we weren't releasing the session mutex, which will lead to a deadlock in the next request that needs to access a session. This patch makes sure we properly release session in that case. git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix MellonDoNotVerifyLogoutSignature.olavmrk2013-10-281-1/+1
| | | | | | | | | | | | The configuration directive declaration was missing the parameter describing where the data from the option was stored. The result is that we access invalid memory during configuration parsing, leading to a segmentation fault. As far as I can tell, this error has always been present, so this option hasn't worked before. git-svn-id: https://modmellon.googlecode.com/svn/trunk@220 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for reciving HTTP-Artifact responses over POST.olavmrk2013-06-111-12/+46
| | | | | | | | | The HTTP-Artifact response is also allowed to be sent as a POST request. This patch adds support for loading those responses. Thanks to Nikola Ivačič for implementing this! git-svn-id: https://modmellon.googlecode.com/svn/trunk@217 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Use default values for SSL peer and host validation.olavmrk2013-06-071-18/+0
| | | | | | | | | | | | Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be set to 1. The default in cURL has been to validate both the certificate and the host since 2002. Setting these options is therefore unnecessary. Thanks to Nikola Ivačič for notifying us about this problem! git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Version 0.7.0.olavmrk2013-05-301-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@214 a716ebb1-153a-0410-b759-cfb97c6a1b53
* NEWS-file for version 0.7.0.olavmrk2013-05-301-1/+8
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@213 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add auth_mellon_compat.h to .tar.gz.olavmrk2013-05-301-0/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@212 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSetEvnNoPrefix option.olavmrk2013-05-304-10/+71
| | | | | | | | | This option allows you to set environment variables without the "MELLON_" prefix. Thanks to Laas Toom for implementing this! git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix typos.olavmrk2013-05-213-23/+23
| | | | | | Thanks to Thijs Kinkhorst for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@210 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Handle empty RelayState the same as missing RelayState.olavmrk2013-05-081-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@209 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Compatibility helpers for Apache 2.4.olavmrk2013-05-083-8/+33
| | | | | | | Thansk to Thijs Kinkhorst for identifying the changes that were necessary! git-svn-id: https://modmellon.googlecode.com/svn/trunk@208 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Move GLib compatibility helpers to a separate file.olavmrk2013-05-083-23/+32
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@207 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix am_urldecode handling of encoded slashes.olavmrk2013-05-081-14/+62
| | | | | | | | | | | | | | Apache has fixed a bug/misfeature where ap_unescape_url_keep2f() decoded %2f-escapes. This leaves us with no functions that can be used to urldecode strings, so we have to roll our own. If we drop support for Apache 2.2, we can use ap_unescape_urlencoded(). See: http://svn.apache.org/viewvc?view=revision&revision=578332 git-svn-id: https://modmellon.googlecode.com/svn/trunk@206 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSPentityId to control entityId in autogenerated metadatamanu@netbsd.org2013-04-155-3/+29
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@205 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Version 0.6.1.olavmrk2013-03-221-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@204 a716ebb1-153a-0410-b759-cfb97c6a1b53
* NEWS file for version 0.6.1olavmrk2013-03-221-0/+9
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@203 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Redirect the user when missing repost data.olavmrk2013-03-221-4/+7
| | | | | | | | | In the case where we are missing the repost data, we currently display a 400 Bad Request error. This patch changes the code to redirect to the end URL instead, which at least has a chance to work. git-svn-id: https://modmellon.googlecode.com/svn/trunk@202 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix repost data expiration.olavmrk2013-03-221-1/+5
| | | | | | | | | | We were mixing microseconds and seconds, causing us to always delete all the repost data. This patch fixes the comparison, and also optimizes it a bit. Thanks to Matthew Slowe for diagnosing this bug! git-svn-id: https://modmellon.googlecode.com/svn/trunk@201 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Version 0.6.0.olavmrk2013-03-151-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@199 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Update NEWS file.olavmrk2013-03-151-0/+3
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@198 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Revert "Revert "Directly link to GLib.""olavmrk2013-03-152-1/+3
| | | | | | | | I accidentally committed a revert that I had done for debugging. This commit reverts the revert :) git-svn-id: https://modmellon.googlecode.com/svn/trunk@197 a716ebb1-153a-0410-b759-cfb97c6a1b53
* README: Clarify MellonSPMetadataFile option.olavmrk2013-03-151-2/+4
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@196 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Revert "Directly link to GLib."olavmrk2013-03-152-3/+1
| | | | | | This reverts commit ee8e7f205d6c7cecdc56491877de88a361e027e3. git-svn-id: https://modmellon.googlecode.com/svn/trunk@195 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Directly link to GLib.olavmrk2013-03-152-1/+3
| | | | | | | Instead of relying on the Lasso library including GLib for us, we should link directly with it. git-svn-id: https://modmellon.googlecode.com/svn/trunk@194 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add emacs directory settings.olavmrk2013-03-151-0/+2
| | | | | | This sets the default indentation to 4 spaces, and disables tabs. git-svn-id: https://modmellon.googlecode.com/svn/trunk@193 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Version 0.6.0-rc1.olavmrk2013-03-061-1/+1
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@190 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Update NEWS file for version 0.6.0.olavmrk2013-03-061-0/+51
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@189 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Remove TODO file.olavmrk2013-03-062-5/+0
| | | | | | This file has been replaced with the issue tracker, so remove it. git-svn-id: https://modmellon.googlecode.com/svn/trunk@188 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Remove debian-directory.olavmrk2013-03-0611-291/+1
| | | | | | The Debian build files will be moving to a separate repository. git-svn-id: https://modmellon.googlecode.com/svn/trunk@187 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Use discovery service with "login" endpoint.olavmrk2013-03-061-4/+16
| | | | | | | | | | | | | Accessing the "login"-endpoint with multiple IdPs configured would bypass the discovery service. This patch changes the behaviour so that we send a discovery service request instead. This breaks backwardscompatibility slightly, but hopefully it should not be a problem. This fixes issue 13: https://code.google.com/p/modmellon/issues/detail?id=13 git-svn-id: https://modmellon.googlecode.com/svn/trunk@186 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix incorrect use of const-keyword in login handler.olavmrk2013-03-061-3/+5
| | | | | | This doesn't fix any bugs, it just makes the code cleaner. git-svn-id: https://modmellon.googlecode.com/svn/trunk@185 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Do not mark a session as logged in before all processing is completed.olavmrk2013-03-061-3/+3
| | | | | | | | | | | If we mark the session as logged in before all processing is completed, a failure during login processing (e.g. too big attribute values) can cause a user to receive a "half-authenticated" session. This patch changes the code so that the last task before releaseing the session is to mark it as logged in. git-svn-id: https://modmellon.googlecode.com/svn/trunk@184 a716ebb1-153a-0410-b759-cfb97c6a1b53
generated by cgit (git 2.34.1) at 2024-04-24 03:20:49 +0000