diff --git a/AUTHORS b/AUTHORS index 8b5b5ca..610211c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1 +1,2 @@ -Frederic Peters +Valéry Febvre +Frédéric Péters diff --git a/ChangeLog b/ChangeLog index f2df6e1..a7a72df 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2005-02-04 Valery Febvre + + * idpc: minor bug fixes and improvements + +2005-01-27 Frederic Peters + + * idpc: updated to lasso 0.6.0; thanks to work on idptech + 2004-07-29 Frederic Peters * idpc: initial version. diff --git a/README b/README index 3aaea8f..7d46170 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ IdPC - IdP as a C CGI program ============================= -Copyright (C) 2004 Entr'ouvert +Copyright (C) 2004-2005 Entr'ouvert IdPC is free software; you can redistribute it and/or modify diff --git a/src/auth.c b/src/auth.c index 9f616ba..bbf63a4 100644 --- a/src/auth.c +++ b/src/auth.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -248,11 +248,12 @@ char* certificate_auth() return strdup(getenv("SSL_CLIENT_M_SERIAL")); } + char* http_auth() { char *str; str = getenv("REMOTE_USER"); - if (str) { + if (str != NULL) { return strdup(str); } return NULL; @@ -261,18 +262,18 @@ char* http_auth() struct authentication authentications[] = { {"certificate", certificate_auth, - LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI}, - {"http", http_auth, - LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD}, + LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI}, + {"http", http_auth, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD}, { NULL, NULL, NULL} }; + struct authentication* get_authentication(char *auth_method) { int i; for (i=0; authentications[i].name && \ - strcmp(authentications[i].name, auth_method) != 0; i++) ; + strcmp(authentications[i].name, auth_method) != 0; i++) ; if (authentications[i].name == NULL ) { fprintf(stderr, "no auth by that name\n"); @@ -281,4 +282,3 @@ struct authentication* get_authentication(char *auth_method) return &authentications[i]; } - diff --git a/src/config.c b/src/config.c index 4861e7a..0d26572 100644 --- a/src/config.c +++ b/src/config.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/src/federation_termination.c b/src/federation_termination.c index 046e3e2..61d3431 100644 --- a/src/federation_termination.c +++ b/src/federation_termination.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -45,9 +45,9 @@ int defederation_http(LassoDefederation *termination) return error_page("set_profile_auto failed"); } - rc = lasso_defederation_build_notification_msg(termination); + rc = lasso_defederation_validate_notification(termination); if (rc) { - return error_page("build notification msg"); + return error_page("Failed to validate notification"); } rc = save_profile_dumps(LASSO_PROFILE(termination)); @@ -56,21 +56,21 @@ int defederation_http(LassoDefederation *termination) } printf("Location: %s\n\nRedirected", - LASSO_PROFILE(termination)->msg_url); + LASSO_PROFILE(termination)->msg_url); return 0; } int defederation_init(LassoDefederation *termination, - char* serviceProviderId) + char* serviceProviderId) { /* IdP-initiated */ int rc; LassoIdentity *identity; struct authentication *auth; char *user_id; - char *user_dump, *session_dump; + char *identity_dump, *session_dump; auth = get_authentication( get_config_string("//idpc:authenticationMethod")); @@ -85,20 +85,20 @@ int defederation_init(LassoDefederation *termination, return error_page("Error authenticating"); } - /* retrieve user_dump and session_dump */ - rc = db_get_dumps(user_id, &user_dump, &session_dump); + /* retrieve identity_dump and session_dump */ + rc = db_get_dumps(user_id, &identity_dump, &session_dump); if (rc) { return error_page("Error getting dumps from db"); } - if (user_dump && user_dump[0]) { + if (identity_dump && identity_dump[0]) { rc = lasso_profile_set_identity_from_dump( - LASSO_PROFILE(termination), user_dump); + LASSO_PROFILE(termination), identity_dump); if (rc) { return error_page("set identity failed"); } - free(user_dump); - user_dump = NULL; + free(identity_dump); + identity_dump = NULL; } if (session_dump && session_dump[0]) { diff --git a/src/idpc.h b/src/idpc.h index c18866b..5dc55b7 100644 --- a/src/idpc.h +++ b/src/idpc.h @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -51,7 +51,7 @@ char* get_config_string(char *xpath); LassoServer* get_config_server(); int db_init(); -int db_get_dumps(char *user_id, char **user_dump, char **session_dump); +int db_get_dumps(char *user_id, char **identity_dump, char **session_dump); int db_save_identity(char *user_id, char *identity_dump); int db_save_session(char *user_id, char *session_dump); int db_save_name_identifier(char *name_identifier, char *user_id); @@ -71,4 +71,3 @@ struct authentication { }; struct authentication* get_authentication(char *auth_method); - diff --git a/src/single_logout.c b/src/single_logout.c index f667fc7..508ba6e 100644 --- a/src/single_logout.c +++ b/src/single_logout.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,7 +29,6 @@ * [!2b. initiated by SP, SOAP is handled in soapEndpoint!] */ - int soap_loop(LassoLogout *logout) { char *other_sp; @@ -92,7 +91,7 @@ int soap_loop(LassoLogout *logout) } printf("Location: %s\n\nRedirected", - LASSO_PROFILE(logout)->msg_url); + LASSO_PROFILE(logout)->msg_url); } else { /* we're done */ rc = lasso_logout_build_request_msg(logout); @@ -103,7 +102,7 @@ int soap_loop(LassoLogout *logout) } if (rc) { printf("Location: %s\n\nRedirected", - LASSO_PROFILE(logout)->msg_url); + LASSO_PROFILE(logout)->msg_url); return 0; } } @@ -135,7 +134,7 @@ int logout_init(LassoLogout *logout) LassoIdentity *identity; struct authentication *auth; char *user_id; - char *user_dump, *session_dump; + char *identity_dump, *session_dump; auth = get_authentication( get_config_string("//idpc:authenticationMethod")); @@ -150,14 +149,14 @@ int logout_init(LassoLogout *logout) return error_page("Error authenticating"); } - /* retrieve user_dump and session_dump */ - rc = db_get_dumps(user_id, &user_dump, &session_dump); + /* retrieve identity_dump and session_dump */ + rc = db_get_dumps(user_id, &identity_dump, &session_dump); if (rc) { return error_page("Error getting dumps from db"); } rc = set_profile_from_dumps(LASSO_PROFILE(logout), - user_dump, session_dump); - free(user_dump); + identity_dump, session_dump); + free(identity_dump); free(session_dump); if (rc) { return error_page("Error setting dumps"); diff --git a/src/soap.c b/src/soap.c index de6c2df..b92782b 100644 --- a/src/soap.c +++ b/src/soap.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/src/soap_end_point.c b/src/soap_end_point.c index 94b9e4f..14aec8e 100644 --- a/src/soap_end_point.c +++ b/src/soap_end_point.c @@ -1,8 +1,8 @@ /* * idpc - IDP as a C CGI program - * Copyright (C) 2004 Entr'ouvert + * Copyright (C) 2004-2005 Entr'ouvert * - * Author: Frederic Peters + * Authors: See AUTHORS file in top-level directory. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,7 +21,6 @@ #include "idpc.h" - struct req { LassoRequestType type; char* (*request_function) (LassoServer*, char*); @@ -39,7 +38,7 @@ struct req requests[] = { {LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation}, {LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier}, {LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping}, - /* {lassoRequestTypeLecp, req_lecp}, */ + /* {LASSO_REQUEST_TYPE_LECP, req_lecp}, */ /* LECP requests go to single sign on service URL */ {0, NULL} }; @@ -52,41 +51,57 @@ char* req_login(LassoServer *server, char *soap_msg) LassoLogin *login; int rc; char *user_id = NULL, *provider_id = NULL; - char *identity_dump, *session_dump, *answer; + char *identity_dump, *session_dump, *answer = NULL; login = lasso_login_new(server); + + /* process SOAP samlp:Request message */ rc = lasso_login_process_request_msg(login, soap_msg); if (rc) { - fprintf(stderr, "process_request_msg failed\n"); - return NULL; + fprintf(stderr, "process_request_msg failed: error %d\n", rc); + goto done; } + /* get user_id and providerID associated with assertionArtifact */ rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id); if (rc) { fprintf(stderr, "db_get_artifact failed\n"); - } else { - rc = db_remove_artifact(login->assertionArtifact); - if (rc) { - fprintf(stderr, "db_remove_artifact failed\n"); - } + goto done; + } + db_remove_artifact(login->assertionArtifact); - rc = db_get_dumps(user_id, &identity_dump, &session_dump); - rc = set_profile_from_dumps(LASSO_PROFILE(login), - identity_dump, session_dump); - free(identity_dump); - free(session_dump); + /* get user's identity and session dumps */ + rc = db_get_dumps(user_id, + &identity_dump, &session_dump); + if (rc) { + fprintf(stderr, "db_get_dumps failed\n"); + goto done; } + /* set identity and session in login */ + rc = set_profile_from_dumps(LASSO_PROFILE(login), + identity_dump, session_dump); + if (rc) { + fprintf(stderr, "set_profile_from_dumps failed\n"); + goto done; + } + + /* build SOAP samlp:Response message */ rc = lasso_login_build_response_msg(login, provider_id); - if (user_id) - free(user_id); - if (provider_id) - free(provider_id); + if (rc) { + fprintf(stderr, + "lasso_login_build_response_msg failed: error %d\n", rc); + goto done; + } answer = strdup(LASSO_PROFILE(login)->msg_body); - +done: + free(user_id); + free(provider_id); + free(identity_dump); + free(session_dump); lasso_login_destroy(login); - + return answer; } @@ -213,8 +228,8 @@ char* req_defederation(LassoServer *server, char *soap_msg) rc = save_profile_dumps(LASSO_PROFILE(termination)); if (rc) { + fprintf(stderr, "save_profile_dumps failed: error %d\n", rc); lasso_defederation_destroy(termination); - fprintf(stderr, "save_profile_dumps failed\n"); return NULL; } @@ -246,12 +261,13 @@ int soap_end_point() return error_page("No HTTP verb"); } + /* SOAP is send by POST */ if (strcmp(http_verb, "POST") != 0) { return error_page("Must be POST"); } if (getenv("CONTENT_TYPE") && - strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) { + strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) { return error_page("Content-Type must be text/xml"); } @@ -265,9 +281,8 @@ int soap_end_point() soap_msg = malloc(clen+1); soap_msg[clen] = 0; fread(soap_msg, clen, 1, stdin); - fprintf(stderr, "Got message:\n%s\n", soap_msg); - - + /* fprintf(stderr, "Got message:\n%s\n", soap_msg); */ + req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg); for (i=0; requests[i].type && requests[i].type != req_type; i++) ; @@ -311,6 +326,7 @@ int main(int argc, char *argv[]) if (rc) { return error_page("Failed to init configuration"); } + lasso_init(); rc = db_init(); if (rc) { diff --git a/src/utils.c b/src/utils.c index 2ad6523..8045120 100644 --- a/src/utils.c +++ b/src/utils.c @@ -189,7 +189,7 @@ int save_profile_dumps(LassoProfile *profile) if (rc) { fprintf(stderr, "db_save_session failed: error %d\n", rc); free(user_id); - return 1; + return 2; } }