entrouvert
/
idpc
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Some improvements

This commit is contained in:
valos 2005-02-04 16:12:55 +00:00
parent 460c152106
commit 44d289a21f
1 changed files with 94 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
src/single_sign_on.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -33,7 +33,7 @@ int lecp_profile(LassoServer *server)
int clen = 0;
int req_type;
LassoLecp *lecp;
char *user_dump, *session_dump;
char *identity_dump, *session_dump;
int rc;
struct authentication *auth;
char *user_id;
@ -61,8 +61,8 @@ int lecp_profile(LassoServer *server)
return error_page("Error authenticating");
}
/* retrieve user_dump and session_dump */
rc = db_get_dumps(user_id, &user_dump, &session_dump);
/* retrieve identity_dump and session_dump */
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
if (rc) {
return error_page("Error getting dumps from db");
}
@ -70,8 +70,8 @@ int lecp_profile(LassoServer *server)
lecp = lasso_lecp_new(server);
rc = set_profile_from_dumps(LASSO_PROFILE(lecp),
user_dump, session_dump);
free(user_dump);
identity_dump, session_dump);
free(identity_dump);
free(session_dump);
if (rc) {
lasso_lecp_destroy(lecp);
@ -114,30 +114,29 @@ int single_sign_on()
char *authn_request_msg = NULL;
int rc;
char *user_id;
char *user_dump, *session_dump;
char *identity_dump, *session_dump;
struct authentication *auth;
int i = 0;
char *reauth_time;
int i = 0, authentication_result, reauthentication_delay = 7200;
char *reauth_time, *auth_time, *val;
/* get request method and content type */
http_verb = getenv("REQUEST_METHOD");
if (http_verb == NULL) {
return error_page("No HTTP verb");
}
ct = getenv("CONTENT_TYPE");
if (strcmp(http_verb, "GET") == 0) {
char *t;
char *query;
t = getenv("QUERY_STRING");
if (!t)
query = getenv("QUERY_STRING");
if (query == NULL) {
return error_page("No authnRequest as query string");
if (! lasso_profile_is_liberty_query(t))
}
if (lasso_profile_is_liberty_query(query) == 0) {
return error_page("Improper query string; not a AuthnRequest");
authn_request_msg = strdup(t);
}
authn_request_msg = strdup(query);
}
if (strcmp(http_verb, "POST") == 0) {
@ -169,6 +168,10 @@ int single_sign_on()
}
}
if (authn_request_msg == NULL) {
return error_page("Failed to get authn_request_msg");
}
server = get_config_server();
if (server == NULL) {
return error_page("Failed to get server configuration");
@ -180,13 +183,7 @@ int single_sign_on()
return rc;
}
if (authn_request_msg == NULL) {
lasso_server_destroy(server);
return error_page("failed to get authn_request_msg");
}
/* get user_id; it is the key to retrieve previous user_dump and
/* get user_id; it is the key to retrieve previous identity_dump and
* session_dump */
auth = get_authentication(
get_config_string("//idpc:authenticationMethod"));
@ -194,34 +191,10 @@ int single_sign_on()
lasso_server_destroy(server);
return error_page("Wrong authentication");
}
user_id = auth->auth_function();
if (user_id == NULL) {
/* anyway */
lasso_server_destroy(server);
return error_page("Error authenticating");
}
/* retrieve user_dump and session_dump */
rc = db_get_dumps(user_id, &user_dump, &session_dump);
if (rc) {
lasso_server_destroy(server);
return error_page("Error getting dumps from db");
}
login = lasso_login_new(server);
rc = set_profile_from_dumps(LASSO_PROFILE(login),
user_dump, session_dump);
free(user_dump);
free(session_dump);
if (rc) {
lasso_server_destroy(server);
lasso_login_destroy(login);
return error_page("Failed to set profile from dumps");
}
rc = lasso_login_process_authn_request_msg(login, authn_request_msg);
if (rc) {
char msg[100];
@ -231,6 +204,27 @@ int single_sign_on()
return error_page(msg);
}
if (user_id == NULL) {
authentication_result = 0;
}
else {
authentication_result = 1;
/* retrieve identity_dump and session_dump */
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
if (rc) {
lasso_server_destroy(server);
return error_page("Error getting dumps from db");
}
rc = set_profile_from_dumps(LASSO_PROFILE(login),
identity_dump, session_dump);
free(identity_dump);
free(session_dump);
if (rc) {
lasso_server_destroy(server);
lasso_login_destroy(login);
return error_page("Failed to set profile from dumps");
}
}
rc = lasso_login_must_authenticate(login);
if (rc == 1 && user_id == NULL) {
@ -239,70 +233,80 @@ int single_sign_on()
* inserted here)
*/
}
/* validate request message */
rc = lasso_login_validate_request_msg(login, authentication_result, 1);
if (rc) {
lasso_server_destroy(server);
lasso_login_destroy(login);
return error_page("validate_request_msg failed");
}
reauth_time = strtime(time(NULL) +
(get_config_string("//idpc:reauthenticationDelay") ?
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
/* build assertion */
val = get_config_string("//idpc:reauthenticationDelay");
if (val != NULL) {
reauthentication_delay = atoi(val);
free(val);
}
auth_time = strtime(time(NULL));
reauth_time = strtime(time(NULL) + reauthentication_delay);
rc = lasso_login_build_assertion(login,
auth->lasso_name,
"", /* authenticationInstant */
auth_time, /* authenticationInstant */
reauth_time, /* reauthenticateOnOrAfter */
"", /* notBefore */
""); /* notOnOrAfter */
NULL, /* notBefore */
NULL); /* notOnOrAfter */
free(auth_time);
free(reauth_time);
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("build_assertion failed");
return error_page("Failed to build assertion");
}
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
/* build artifact */
rc = lasso_login_build_artifact_msg(login,
LASSO_HTTP_METHOD_REDIRECT);
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("build_artifact_msg failed");
}
} else {
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
rc = lasso_login_build_authn_response_msg(login);
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("build_authn_response_msg failed");
}
}
free(reauth_time);
rc = db_save_name_identifier(
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("failed to save name identifier");
}
rc = save_profile_dumps(LASSO_PROFILE(login));
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("failed to save dumps");
}
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
rc = db_save_artifact(login->assertionArtifact,
user_id,
LASSO_PROFILE(login)->remote_providerID);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("failed to save assertion");
return error_page("Failed to save assertion");
}
} else {
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
rc = lasso_login_build_authn_response_msg(login);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("build_authn_response_msg failed");
}
}
rc = db_save_name_identifier(
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("Failed to save name identifier");
}
rc = save_profile_dumps(LASSO_PROFILE(login));
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("Failed to save dumps");
}
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
printf("Location: %s\n\nRedirected", LASSO_PROFILE(login)->msg_url);
} else {
/* POST profile (lassoLoginProtocolProfileBrwsPost) */