Some improvements
This commit is contained in:
parent
460c152106
commit
44d289a21f
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -33,7 +33,7 @@ int lecp_profile(LassoServer *server)
|
|||
int clen = 0;
|
||||
int req_type;
|
||||
LassoLecp *lecp;
|
||||
char *user_dump, *session_dump;
|
||||
char *identity_dump, *session_dump;
|
||||
int rc;
|
||||
struct authentication *auth;
|
||||
char *user_id;
|
||||
|
@ -61,8 +61,8 @@ int lecp_profile(LassoServer *server)
|
|||
return error_page("Error authenticating");
|
||||
}
|
||||
|
||||
/* retrieve user_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
||||
/* retrieve identity_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
|
@ -70,8 +70,8 @@ int lecp_profile(LassoServer *server)
|
|||
lecp = lasso_lecp_new(server);
|
||||
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(lecp),
|
||||
user_dump, session_dump);
|
||||
free(user_dump);
|
||||
identity_dump, session_dump);
|
||||
free(identity_dump);
|
||||
free(session_dump);
|
||||
if (rc) {
|
||||
lasso_lecp_destroy(lecp);
|
||||
|
@ -114,30 +114,29 @@ int single_sign_on()
|
|||
char *authn_request_msg = NULL;
|
||||
int rc;
|
||||
char *user_id;
|
||||
char *user_dump, *session_dump;
|
||||
char *identity_dump, *session_dump;
|
||||
struct authentication *auth;
|
||||
int i = 0;
|
||||
char *reauth_time;
|
||||
|
||||
int i = 0, authentication_result, reauthentication_delay = 7200;
|
||||
char *reauth_time, *auth_time, *val;
|
||||
|
||||
/* get request method and content type */
|
||||
http_verb = getenv("REQUEST_METHOD");
|
||||
if (http_verb == NULL) {
|
||||
return error_page("No HTTP verb");
|
||||
}
|
||||
|
||||
ct = getenv("CONTENT_TYPE");
|
||||
|
||||
if (strcmp(http_verb, "GET") == 0) {
|
||||
char *t;
|
||||
char *query;
|
||||
|
||||
t = getenv("QUERY_STRING");
|
||||
if (!t)
|
||||
query = getenv("QUERY_STRING");
|
||||
if (query == NULL) {
|
||||
return error_page("No authnRequest as query string");
|
||||
|
||||
if (! lasso_profile_is_liberty_query(t))
|
||||
}
|
||||
if (lasso_profile_is_liberty_query(query) == 0) {
|
||||
return error_page("Improper query string; not a AuthnRequest");
|
||||
|
||||
authn_request_msg = strdup(t);
|
||||
}
|
||||
authn_request_msg = strdup(query);
|
||||
}
|
||||
|
||||
if (strcmp(http_verb, "POST") == 0) {
|
||||
|
@ -169,6 +168,10 @@ int single_sign_on()
|
|||
}
|
||||
}
|
||||
|
||||
if (authn_request_msg == NULL) {
|
||||
return error_page("Failed to get authn_request_msg");
|
||||
}
|
||||
|
||||
server = get_config_server();
|
||||
if (server == NULL) {
|
||||
return error_page("Failed to get server configuration");
|
||||
|
@ -180,13 +183,7 @@ int single_sign_on()
|
|||
return rc;
|
||||
}
|
||||
|
||||
|
||||
if (authn_request_msg == NULL) {
|
||||
lasso_server_destroy(server);
|
||||
return error_page("failed to get authn_request_msg");
|
||||
}
|
||||
|
||||
/* get user_id; it is the key to retrieve previous user_dump and
|
||||
/* get user_id; it is the key to retrieve previous identity_dump and
|
||||
* session_dump */
|
||||
auth = get_authentication(
|
||||
get_config_string("//idpc:authenticationMethod"));
|
||||
|
@ -194,34 +191,10 @@ int single_sign_on()
|
|||
lasso_server_destroy(server);
|
||||
return error_page("Wrong authentication");
|
||||
}
|
||||
|
||||
user_id = auth->auth_function();
|
||||
|
||||
if (user_id == NULL) {
|
||||
/* anyway */
|
||||
lasso_server_destroy(server);
|
||||
return error_page("Error authenticating");
|
||||
}
|
||||
|
||||
/* retrieve user_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
||||
if (rc) {
|
||||
lasso_server_destroy(server);
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
|
||||
login = lasso_login_new(server);
|
||||
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(login),
|
||||
user_dump, session_dump);
|
||||
free(user_dump);
|
||||
free(session_dump);
|
||||
if (rc) {
|
||||
lasso_server_destroy(server);
|
||||
lasso_login_destroy(login);
|
||||
return error_page("Failed to set profile from dumps");
|
||||
}
|
||||
|
||||
rc = lasso_login_process_authn_request_msg(login, authn_request_msg);
|
||||
if (rc) {
|
||||
char msg[100];
|
||||
|
@ -231,6 +204,27 @@ int single_sign_on()
|
|||
return error_page(msg);
|
||||
}
|
||||
|
||||
if (user_id == NULL) {
|
||||
authentication_result = 0;
|
||||
}
|
||||
else {
|
||||
authentication_result = 1;
|
||||
/* retrieve identity_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||
if (rc) {
|
||||
lasso_server_destroy(server);
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(login),
|
||||
identity_dump, session_dump);
|
||||
free(identity_dump);
|
||||
free(session_dump);
|
||||
if (rc) {
|
||||
lasso_server_destroy(server);
|
||||
lasso_login_destroy(login);
|
||||
return error_page("Failed to set profile from dumps");
|
||||
}
|
||||
}
|
||||
|
||||
rc = lasso_login_must_authenticate(login);
|
||||
if (rc == 1 && user_id == NULL) {
|
||||
|
@ -239,70 +233,80 @@ int single_sign_on()
|
|||
* inserted here)
|
||||
*/
|
||||
}
|
||||
|
||||
/* validate request message */
|
||||
rc = lasso_login_validate_request_msg(login, authentication_result, 1);
|
||||
if (rc) {
|
||||
lasso_server_destroy(server);
|
||||
lasso_login_destroy(login);
|
||||
return error_page("validate_request_msg failed");
|
||||
}
|
||||
|
||||
reauth_time = strtime(time(NULL) +
|
||||
(get_config_string("//idpc:reauthenticationDelay") ?
|
||||
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
|
||||
|
||||
/* build assertion */
|
||||
val = get_config_string("//idpc:reauthenticationDelay");
|
||||
if (val != NULL) {
|
||||
reauthentication_delay = atoi(val);
|
||||
free(val);
|
||||
}
|
||||
auth_time = strtime(time(NULL));
|
||||
reauth_time = strtime(time(NULL) + reauthentication_delay);
|
||||
rc = lasso_login_build_assertion(login,
|
||||
auth->lasso_name,
|
||||
"", /* authenticationInstant */
|
||||
auth_time, /* authenticationInstant */
|
||||
reauth_time, /* reauthenticateOnOrAfter */
|
||||
"", /* notBefore */
|
||||
""); /* notOnOrAfter */
|
||||
NULL, /* notBefore */
|
||||
NULL); /* notOnOrAfter */
|
||||
free(auth_time);
|
||||
free(reauth_time);
|
||||
if (rc) {
|
||||
free(reauth_time);
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("build_assertion failed");
|
||||
return error_page("Failed to build assertion");
|
||||
}
|
||||
|
||||
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
|
||||
/* build artifact */
|
||||
rc = lasso_login_build_artifact_msg(login,
|
||||
LASSO_HTTP_METHOD_REDIRECT);
|
||||
if (rc) {
|
||||
free(reauth_time);
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("build_artifact_msg failed");
|
||||
}
|
||||
} else {
|
||||
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
||||
rc = lasso_login_build_authn_response_msg(login);
|
||||
if (rc) {
|
||||
free(reauth_time);
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("build_authn_response_msg failed");
|
||||
}
|
||||
}
|
||||
free(reauth_time);
|
||||
|
||||
rc = db_save_name_identifier(
|
||||
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("failed to save name identifier");
|
||||
}
|
||||
|
||||
rc = save_profile_dumps(LASSO_PROFILE(login));
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("failed to save dumps");
|
||||
}
|
||||
|
||||
|
||||
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
|
||||
rc = db_save_artifact(login->assertionArtifact,
|
||||
user_id,
|
||||
LASSO_PROFILE(login)->remote_providerID);
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("failed to save assertion");
|
||||
return error_page("Failed to save assertion");
|
||||
}
|
||||
} else {
|
||||
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
||||
rc = lasso_login_build_authn_response_msg(login);
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("build_authn_response_msg failed");
|
||||
}
|
||||
}
|
||||
|
||||
rc = db_save_name_identifier(
|
||||
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("Failed to save name identifier");
|
||||
}
|
||||
|
||||
rc = save_profile_dumps(LASSO_PROFILE(login));
|
||||
if (rc) {
|
||||
lasso_login_destroy(login);
|
||||
lasso_server_destroy(server);
|
||||
return error_page("Failed to save dumps");
|
||||
}
|
||||
|
||||
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
|
||||
printf("Location: %s\n\nRedirected", LASSO_PROFILE(login)->msg_url);
|
||||
} else {
|
||||
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
||||
|
|
Reference in New Issue