Minor bug fixes and improvements

Changed copyright

AUTHORS

@@ -1 +1,2 @@
-Frederic Peters <fpeters@entrouvert.com>
+Valéry Febvre <vfebvre@easter-eggs.com>
+Frédéric Péters <fpeters@entrouvert.com>

ChangeLog

@@ -1,3 +1,11 @@
+2005-02-04  Valery Febvre  <vfebvre@entrouvert.com>
+
+	* idpc: minor bug fixes and improvements
+
+2005-01-27  Frederic Peters  <fpeters@entrouvert.com>
+
+	* idpc: updated to lasso 0.6.0; thanks to work on idptech
+
 2004-07-29  Frederic Peters  <fpeters@entrouvert.com>
 
 	* idpc: initial version.

README

@@ -1,7 +1,7 @@
 IdPC - IdP as a C CGI program
 =============================
 
-Copyright (C) 2004 Entr'ouvert
+Copyright (C) 2004-2005 Entr'ouvert
 
 
   IdPC is free software; you can redistribute it and/or modify

src/auth.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -248,11 +248,12 @@ char* certificate_auth()
 	return strdup(getenv("SSL_CLIENT_M_SERIAL"));
 }
 
+
 char* http_auth()
 {
 	char *str;
 	str = getenv("REMOTE_USER");
-	if (str) {
+	if (str != NULL) {
 		return strdup(str);
 	}
 	return NULL;
@@ -261,18 +262,18 @@ char* http_auth()
 
 struct authentication authentications[] = {
 	{"certificate", certificate_auth,
-		LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
+	 LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
-	{"http", http_auth,
+	{"http", http_auth, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
-		LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
 	{ NULL, NULL, NULL}
 };
 
+
 struct authentication* get_authentication(char *auth_method)
 {
 	int i;
 
 	for (i=0; authentications[i].name && \
-		strcmp(authentications[i].name, auth_method) != 0; i++) ;
+		     strcmp(authentications[i].name, auth_method) != 0; i++) ;
 
 	if (authentications[i].name == NULL ) {
 		fprintf(stderr, "no auth by that name\n");
@@ -281,4 +282,3 @@ struct authentication* get_authentication(char *auth_method)
 
 	return &authentications[i];
 }
-

src/config.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by

src/federation_termination.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -45,9 +45,9 @@ int defederation_http(LassoDefederation *termination)
 		return error_page("set_profile_auto failed");
 	}
 
-	rc = lasso_defederation_build_notification_msg(termination);
+	rc = lasso_defederation_validate_notification(termination);
 	if (rc) {
-		return error_page("build notification msg");
+		return error_page("Failed to validate notification");
 	}
 
 	rc = save_profile_dumps(LASSO_PROFILE(termination));
@@ -56,21 +56,21 @@ int defederation_http(LassoDefederation *termination)
 	}
 
 	printf("Location: %s\n\nRedirected",
-			LASSO_PROFILE(termination)->msg_url);
+	       LASSO_PROFILE(termination)->msg_url);
 
 	return 0;
 }
 
 
 int defederation_init(LassoDefederation *termination,
-				char* serviceProviderId)
+		      char* serviceProviderId)
 {
 	/* IdP-initiated */
 	int rc;
 	LassoIdentity *identity;
 	struct authentication *auth;
 	char *user_id;
-	char *user_dump, *session_dump;
+	char *identity_dump, *session_dump;
 
 	auth = get_authentication(
 			get_config_string("//idpc:authenticationMethod"));
@@ -85,20 +85,20 @@ int defederation_init(LassoDefederation *termination,
 		return error_page("Error authenticating");
 	}
 
-	/* retrieve user_dump and session_dump */
+	/* retrieve identity_dump and session_dump */
-	rc = db_get_dumps(user_id, &user_dump, &session_dump);
+	rc = db_get_dumps(user_id, &identity_dump, &session_dump);
 	if (rc) {
 		return error_page("Error getting dumps from db");
 	}
 
-	if (user_dump && user_dump[0]) {
+	if (identity_dump && identity_dump[0]) {
 		rc = lasso_profile_set_identity_from_dump(
-				LASSO_PROFILE(termination), user_dump);
+				LASSO_PROFILE(termination), identity_dump);
 		if (rc) {
 			return error_page("set identity failed");
 		}
-		free(user_dump);
+		free(identity_dump);
-		user_dump = NULL;
+		identity_dump = NULL;
 	}
 
 	if (session_dump && session_dump[0]) {

src/idpc.h

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -51,7 +51,7 @@ char* get_config_string(char *xpath);
 LassoServer* get_config_server();
 
 int db_init();
-int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
+int db_get_dumps(char *user_id, char **identity_dump, char **session_dump);
 int db_save_identity(char *user_id, char *identity_dump);
 int db_save_session(char *user_id, char *session_dump);
 int db_save_name_identifier(char *name_identifier, char *user_id);
@@ -71,4 +71,3 @@ struct authentication {
 };
 
 struct authentication* get_authentication(char *auth_method);
-

src/single_logout.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -29,7 +29,6 @@
  *  [!2b. initiated by SP, SOAP is handled in soapEndpoint!]
  */
 
-
 int soap_loop(LassoLogout *logout)
 {
 	char *other_sp;
@@ -92,7 +91,7 @@ int soap_loop(LassoLogout *logout)
 		}
 
 		printf("Location: %s\n\nRedirected",
-				LASSO_PROFILE(logout)->msg_url);
+		       LASSO_PROFILE(logout)->msg_url);
 	} else {
 		/* we're done */
 		rc = lasso_logout_build_request_msg(logout);
@@ -103,7 +102,7 @@ int soap_loop(LassoLogout *logout)
 		}
 		if (rc) {
 			printf("Location: %s\n\nRedirected",
-					LASSO_PROFILE(logout)->msg_url);
+			       LASSO_PROFILE(logout)->msg_url);
 			return 0;
 		}
 	}
@@ -135,7 +134,7 @@ int logout_init(LassoLogout *logout)
 	LassoIdentity *identity;
 	struct authentication *auth;
 	char *user_id;
-	char *user_dump, *session_dump;
+	char *identity_dump, *session_dump;
 
 	auth = get_authentication(
 			get_config_string("//idpc:authenticationMethod"));
@@ -150,14 +149,14 @@ int logout_init(LassoLogout *logout)
 		return error_page("Error authenticating");
 	}
 
-	/* retrieve user_dump and session_dump */
+	/* retrieve identity_dump and session_dump */
-	rc = db_get_dumps(user_id, &user_dump, &session_dump);
+	rc = db_get_dumps(user_id, &identity_dump, &session_dump);
 	if (rc) {
 		return error_page("Error getting dumps from db");
 	}
 	rc = set_profile_from_dumps(LASSO_PROFILE(logout),
-			user_dump, session_dump);
+			identity_dump, session_dump);
-	free(user_dump);
+	free(identity_dump);
 	free(session_dump);
 	if (rc) {
 		return error_page("Error setting dumps");

src/soap.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by

src/soap_end_point.c

@@ -1,8 +1,8 @@
 /*
  *  idpc - IDP as a C CGI program
- *  Copyright (C) 2004 Entr'ouvert
+ *  Copyright (C) 2004-2005 Entr'ouvert
  * 
- *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *  Authors: See AUTHORS file in top-level directory.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -21,7 +21,6 @@
 
 #include "idpc.h"
 
-
 struct req {
 	LassoRequestType type;
 	char* (*request_function) (LassoServer*, char*);
@@ -39,7 +38,7 @@ struct req requests[] = {
 	{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
 	{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
 	{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
-	/* {lassoRequestTypeLecp, req_lecp}, */
+	/* {LASSO_REQUEST_TYPE_LECP, req_lecp}, */
 		/* LECP requests go to single sign on service URL */
 	{0, NULL}
 };
@@ -52,41 +51,57 @@ char* req_login(LassoServer *server, char *soap_msg)
 	LassoLogin *login;
 	int rc;
 	char *user_id = NULL, *provider_id = NULL;
-	char *identity_dump, *session_dump, *answer;
+	char *identity_dump, *session_dump, *answer = NULL;
 
 	login = lasso_login_new(server);
+
+	/* process SOAP samlp:Request message */
 	rc = lasso_login_process_request_msg(login, soap_msg);
 	if (rc) {
-		fprintf(stderr, "process_request_msg failed\n");
+		fprintf(stderr, "process_request_msg failed: error %d\n", rc);
-		return NULL;
+		goto done;
 	}
 
+	/* get user_id and providerID associated with assertionArtifact */
 	rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
 	if (rc) {
 		fprintf(stderr, "db_get_artifact failed\n");
-	} else {
+		goto done;
-		rc = db_remove_artifact(login->assertionArtifact);
+	}
-		if (rc) {
+	db_remove_artifact(login->assertionArtifact);
-			fprintf(stderr, "db_remove_artifact failed\n");
-		}
 
-		rc = db_get_dumps(user_id, &identity_dump, &session_dump);
+	/* get user's identity and session dumps */
-		rc = set_profile_from_dumps(LASSO_PROFILE(login),
+	rc = db_get_dumps(user_id,
-				identity_dump, session_dump);
+			  &identity_dump, &session_dump);
-		free(identity_dump);
+	if (rc) {
-		free(session_dump);
+		fprintf(stderr, "db_get_dumps failed\n");
+		goto done;
 	}
 
+	/* set identity and session in login */
+	rc = set_profile_from_dumps(LASSO_PROFILE(login),
+				    identity_dump, session_dump);
+	if (rc) {
+		fprintf(stderr, "set_profile_from_dumps failed\n");
+		goto done;
+	}
+
+	/* build SOAP samlp:Response message */
 	rc = lasso_login_build_response_msg(login, provider_id);
-	if (user_id)
+	if (rc) {
-		free(user_id);
+		fprintf(stderr,
-	if (provider_id)
+			"lasso_login_build_response_msg failed: error %d\n", rc);
-		free(provider_id);
+		goto done;
+	}
 
 	answer = strdup(LASSO_PROFILE(login)->msg_body);
-
+done:
+	free(user_id);
+	free(provider_id);
+	free(identity_dump);
+	free(session_dump);
 	lasso_login_destroy(login);
-
+	
 	return answer;
 }
 
@@ -213,8 +228,8 @@ char* req_defederation(LassoServer *server, char *soap_msg)
 
 	rc = save_profile_dumps(LASSO_PROFILE(termination));
 	if (rc) {
+		fprintf(stderr, "save_profile_dumps failed: error %d\n", rc);
 		lasso_defederation_destroy(termination);
-		fprintf(stderr, "save_profile_dumps failed\n");
 		return NULL;
 	}
 
@@ -246,12 +261,13 @@ int soap_end_point()
 		return error_page("No HTTP verb");
 	}
 
+	/* SOAP is send by POST */
 	if (strcmp(http_verb, "POST") != 0) {
 		return error_page("Must be POST");
 	}
 
 	if (getenv("CONTENT_TYPE") && 
-			strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
+	    strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
 		return error_page("Content-Type must be text/xml");
 	}
 
@@ -265,9 +281,8 @@ int soap_end_point()
 	soap_msg = malloc(clen+1);
 	soap_msg[clen] = 0;
 	fread(soap_msg, clen, 1, stdin);
-	fprintf(stderr, "Got message:\n%s\n", soap_msg);
+	/* fprintf(stderr, "Got message:\n%s\n", soap_msg); */
-
+	
-
 	req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
 
 	for (i=0; requests[i].type && requests[i].type != req_type; i++) ;
@@ -311,6 +326,7 @@ int main(int argc, char *argv[])
 	if (rc) {
 		return error_page("Failed to init configuration");
 	}
+
 	lasso_init();
 	rc = db_init();
 	if (rc) {

src/utils.c

@@ -189,7 +189,7 @@ int save_profile_dumps(LassoProfile *profile)
 		if (rc) {
 			fprintf(stderr, "db_save_session failed: error %d\n", rc);
 			free(user_id);
-			return 1;
+			return 2;
 		}
 	}