updated to lasso 0.6.0; thanks to work on idptech

2005-01-27 23:52:57 +00:00 · 2005-01-27 23:52:57 +00:00 · f16cd25ecc
parent ba2615a686
commit f16cd25ecc
11 changed files with 113 additions and 111 deletions
--- a/configure.ac
+++ b/configure.ac
@ -18,7 +18,7 @@ dnl Checks for header files.
 AC_HEADER_STDC
 dnl Checks for libraries.
-PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso = 0.4.1 openssl)
+PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso >= 0.6.0 openssl)
 AC_SUBST(IDPC_CFLAGS)
 AC_SUBST(IDPC_LIBS)
--- a/create-db.sql
+++ b/create-db.sql
@ -13,11 +13,12 @@
  	session_dump	text
  );
-  CREATE TABLE assertions (
+  CREATE TABLE artifacts (
-        artifact        varchar(100),
+        artifact        varchar(100) primary key,
-        assertion       text
+	user_id         varchar(100),
 	provider_id     text
  );
  GRANT DELETE, INSERT, SELECT, UPDATE ON nameidentifiers TO idpc;
  GRANT DELETE, INSERT, SELECT, UPDATE ON users TO idpc;
-  GRANT DELETE, INSERT, SELECT, UPDATE ON assertions TO idpc;
+  GRANT DELETE, INSERT, SELECT, UPDATE ON artifacts TO idpc;
--- a/src/auth.c
+++ b/src/auth.c
@ -261,8 +261,9 @@ char* http_auth()
 struct authentication authentications[] = {
 	{"certificate", certificate_auth,
-		lassoSamlAuthenticationMethodSoftwarePki},
+		LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
-	{"http", http_auth, lassoSamlAuthenticationMethodPassword},
+	{"http", http_auth,
 		LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
 	{ NULL, NULL, NULL}
 };
--- a/src/config.c
+++ b/src/config.c
@ -84,10 +84,9 @@ LassoServer* get_config_server()
 	server = lasso_server_new(
 			get_config_string("//idpc:metadataFilePath"),
 			get_config_string("//idpc:idpPublicKey"),
 			get_config_string("//idpc:idpPrivateKey"),
-			get_config_string("//idpc:idpCertificate"),
+			NULL,
-			lassoSignatureMethodRsaSha1);
+			get_config_string("//idpc:idpCertificate"));
 	if (server == NULL) {
 		fprintf(stderr, "failure in server_new\n");
 		return NULL;
@ -105,6 +104,7 @@ LassoServer* get_config_server()
 			break;
 		}
 		rc = lasso_server_add_provider(server,
 				LASSO_PROVIDER_ROLE_SP,
 				get_config_string(cfg_metadata),
 				get_config_string(cfg_publickey),
 				get_config_string(cfg_cacertificate));
--- a/src/db_postgresql.c
+++ b/src/db_postgresql.c
@ -189,20 +189,18 @@ int db_save_name_identifier(char *name_identifier, char *user_id)
 	return 0;
 }
-int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
+int db_save_artifact(char *artifact, char *user_id, char *provider_id)
 {
 	PGresult *res;
-	const char *params[2];
+	const char *params[3];
 	char *assertion_dump;
-	assertion_dump = lasso_node_export(LASSO_NODE(assertion));
+	params[0] = artifact;
-
+	params[1] = user_id;
-	params[0] = assertion_artifact;
+	params[2] = provider_id;
 	params[1] = assertion_dump;
 	res = PQexecParams(sqlconn,
-			"INSERT INTO assertions VALUES ($1, $2)",
+			"INSERT INTO artifacts VALUES ($1, $2, $3)",
-			2, NULL, params, NULL, NULL, 1);
+			3, NULL, params, NULL, NULL, 1);
 	if (PQresultStatus(res) != PGRES_COMMAND_OK) {
 		PQclear(res);
 		return 1;
@ -212,7 +210,7 @@ int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
 	return 0;
 }
-int db_get_assertion(char *artifact, char **assertion)
+int db_get_artifact(char *artifact, char **user_id, char **provider_id)
 {
 	PGresult *res;
 	const char *params[1];
@ -220,7 +218,7 @@ int db_get_assertion(char *artifact, char **assertion)
 	params[0] = artifact;
 	res = PQexecParams(sqlconn,
-		"SELECT assertion from assertions where artifact = $1",
+		"SELECT user_id, provider_id from artifacts where artifact = $1",
 		1, NULL, params, NULL, NULL, 1);
 	if (PQresultStatus(res) != PGRES_TUPLES_OK) {
 		PQclear(res);
@ -233,12 +231,13 @@ int db_get_assertion(char *artifact, char **assertion)
 		return 1;
 	}
-	*assertion = strdup(PQgetvalue(res, 0, 0));
+	*user_id = strdup(PQgetvalue(res, 0, 0));
 	*provider_id = strdup(PQgetvalue(res, 0, 1));
 	PQclear(res);
 	return 0;
 }
-int db_remove_assertion(char *artifact)
+int db_remove_artifact(char *artifact)
 {
 	PGresult *res;
 	const char *params[1];
@ -246,7 +245,7 @@ int db_remove_assertion(char *artifact)
 	params[0] = artifact;
 	res = PQexecParams(sqlconn,
-		"DELETE from assertions where artifact = $1",
+		"DELETE from artifacts where artifact = $1",
 		1, NULL, params, NULL, NULL, 1);
 	if (PQresultStatus(res) != PGRES_COMMAND_OK) {
 		PQclear(res);
--- a/src/federation_termination.c
+++ b/src/federation_termination.c
@ -35,8 +35,7 @@ int defederation_http(LassoDefederation *termination)
 	LassoIdentity *identity;
 	rc = lasso_defederation_process_notification_msg(
-			termination, getenv("QUERY_STRING"),
+			termination, getenv("QUERY_STRING"));
 			lassoHttpMethodRedirect);
 	if (rc) {
 		return error_page("process_notification_msg failed");
 	}
@ -113,7 +112,7 @@ int defederation_init(LassoDefederation *termination,
 	}
 	rc  = lasso_defederation_init_notification(termination,
-			serviceProviderId, lassoHttpMethodSoap);
+			serviceProviderId, LASSO_HTTP_METHOD_SOAP);
 	if (rc) {
 		return error_page("init_notification failed");
 	}
@ -168,8 +167,7 @@ int defederation()
 		return error_page("Failed to get server configuration");
 	}
-	termination = lasso_defederation_new(server,
+	termination = lasso_defederation_new(server);
 			lassoProviderTypeIdp);
 	if (termination == NULL) {
 		lasso_server_destroy(server);
 		return error_page("lasso_defederation_new failed");
--- a/src/idpc.h
+++ b/src/idpc.h
@ -35,7 +35,7 @@
 #include <openssl/ocsp.h>
 #include <openssl/ssl.h>
 #include <lasso/lasso.h>
-#include <lasso/xml/errors.h> /* lasso bug; shouldn't have to include this */
+#include <lasso/errors.h> /* lasso bug; shouldn't have to include this */
 int error_page(char *msg);
 int handle_args(int argc, char *argv[]);
@ -55,9 +55,9 @@ int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
 int db_save_identity(char *user_id, char *identity_dump);
 int db_save_session(char *user_id, char *session_dump);
 int db_save_name_identifier(char *name_identifier, char *user_id);
-int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion);
+int db_save_artifact(char *artifact, char *user_id, char *provider_id);
-int db_get_assertion(char *artifact, char **assertion);
+int db_get_artifact(char *artifact, char **user_id, char **provider_id);
-int db_remove_assertion(char *artifact);
+int db_remove_artifact(char *artifact);
 int db_get_user_id(char *name_identifier, char **user_id);
 void db_finish();
--- a/src/single_logout.c
+++ b/src/single_logout.c
@ -39,8 +39,7 @@ int soap_loop(LassoLogout *logout)
 	other_sp = lasso_logout_get_next_providerID(logout);
 	while (other_sp) {
 		fprintf(stderr, "Other SP: %s\n", other_sp);
-		rc = lasso_logout_init_request(logout, other_sp,
+		rc = lasso_logout_init_request(logout, other_sp, LASSO_HTTP_METHOD_ANY);
 				lassoHttpMethodAny);
 		if (rc) {
 			fprintf(stderr, "init_request failed\n");
 			return 1;
@ -59,8 +58,7 @@ int soap_loop(LassoLogout *logout)
 				return 1;
 			}
-			rc = lasso_logout_process_response_msg(logout,
+			rc = lasso_logout_process_response_msg(logout, soap_answer);
 					soap_answer, lassoHttpMethodSoap);
 			if (rc) {
 				free(soap_answer);
 				fprintf(stderr, "logout_process_response_msg failed\n");
@ -82,7 +80,7 @@ int soap_loop(LassoLogout *logout)
 	if (other_sp) {
 		/* remaining service provider; redirect */
 		rc = lasso_logout_init_request(logout, other_sp,
-				lassoHttpMethodRedirect);
+				LASSO_HTTP_METHOD_REDIRECT);
 		if (rc) {
 			fprintf(stderr, "lasso_logout_init_request failed\n");
 			return 0;
@ -184,14 +182,13 @@ int logout_req()
 		return error_page("Failed to get server configuration");
 	}
-	logout = lasso_logout_new(server, lassoProviderTypeIdp);
+	logout = lasso_logout_new(server);
 	if (logout == NULL) {
 		lasso_server_destroy(server);
 		return error_page("lasso_logout_new failed");
 	}
-	rc = lasso_logout_process_request_msg(logout,
+	rc = lasso_logout_process_request_msg(logout, getenv("QUERY_STRING"));
 			getenv("QUERY_STRING"), lassoHttpMethodRedirect);
 	if (rc == LASSO_PROFILE_ERROR_INVALID_QUERY) {
 		/* unknown query string; initiate logout now */
 		rc = logout_init(logout);
--- a/src/single_sign_on.c
+++ b/src/single_sign_on.c
@ -44,7 +44,7 @@ int lecp_profile(LassoServer *server)
 	soap_msg[clen] = 0;
 	fgets(soap_msg, clen+1, stdin);
 	req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
-	if (req_type != lassoRequestTypeLecp) {
+	if (req_type != LASSO_REQUEST_TYPE_LECP) {
 		return error_page("soap but req type not LECP");
 	}
@ -78,10 +78,7 @@ int lecp_profile(LassoServer *server)
 		return error_page("Failed to set profile from dumps");
 	}
-
+	rc = lasso_lecp_process_authn_request_msg(lecp, soap_msg);
 	rc = lasso_lecp_init_from_authn_request_msg(lecp, soap_msg,
 			lassoHttpMethodSoap);
 	if (!rc) {
 		lasso_lecp_destroy(lecp);
 		return error_page("lecp init failed");
@ -90,9 +87,7 @@ int lecp_profile(LassoServer *server)
 	reauth_time = strtime(time(NULL) + 
 		(get_config_string("//idpc:reauthenticationDelay") ?
 		 atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
-	rc = lasso_lecp_build_authn_response_envelope_msg(
+	rc = lasso_lecp_build_authn_response_envelope_msg(lecp);
 			lecp, 1, auth->lasso_name,
 			reauth_time);
 	free(reauth_time);
 	if (!rc) {
 		lasso_lecp_destroy(lecp);
@ -115,7 +110,6 @@ int single_sign_on()
 {
 	LassoServer *server;
 	LassoLogin *login;
 	lassoHttpMethod response_method;
 	char *http_verb, *ct;
 	char *authn_request_msg = NULL;
 	int rc;
@ -137,12 +131,13 @@ int single_sign_on()
 		char *t;
 		t = getenv("QUERY_STRING");
-		if (t) {
+		if (!t)
-			authn_request_msg = strdup(t);
+			return error_page("No authnRequest as query string");
-		} else {
+
-			authn_request_msg = strdup("");
+		if (! lasso_profile_is_liberty_query(t))
-		}
+			return error_page("Improper query string; not a AuthnRequest");
-		response_method = lassoHttpMethodRedirect;
+
 		authn_request_msg = strdup(t);
 	}
 	if (strcmp(http_verb, "POST") == 0) {
@ -161,7 +156,6 @@ int single_sign_on()
 			msg = malloc(clen+1);
 			msg[clen] = 0;
 			fgets(msg, clen+1, stdin);
 			response_method = lassoHttpMethodPost;
 			res = urlencoded_to_strings(msg);
 			for (i=0; res[i]; i++) {
@ -228,8 +222,7 @@ int single_sign_on()
 		return error_page("Failed to set profile from dumps");
 	}
-	rc = lasso_login_init_from_authn_request_msg(login,
+	rc = lasso_login_process_authn_request_msg(login, authn_request_msg);
 			authn_request_msg, response_method);
 	if (rc) {
 		char msg[100];
 		sprintf(msg, "Lasso login error, %d", rc);
@ -251,12 +244,22 @@ int single_sign_on()
 		(get_config_string("//idpc:reauthenticationDelay") ?
 		 atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
-	if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
+	rc = lasso_login_build_assertion(login,
 			auth->lasso_name,
 			"",		/* authenticationInstant */
 			reauth_time,	/* reauthenticateOnOrAfter */
 			"",		/* notBefore */
 			"");		/* notOnOrAfter */
 	if (rc) {
 		free(reauth_time);
 		lasso_login_destroy(login);
 		lasso_server_destroy(server);
 		return error_page("build_assertion failed");
 	}
 	if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
 		rc = lasso_login_build_artifact_msg(login,
-				1, /* user authenticated */
+				LASSO_HTTP_METHOD_REDIRECT);
 				auth->lasso_name,
 				reauth_time,
 				lassoHttpMethodRedirect);
 		if (rc) {
 			free(reauth_time);
 			lasso_login_destroy(login);
@ -265,10 +268,7 @@ int single_sign_on()
 		}
 	} else {
 		/* POST profile (lassoLoginProtocolProfileBrwsPost) */
-		rc = lasso_login_build_authn_response_msg(login,
+		rc = lasso_login_build_authn_response_msg(login);
 				1, /* user authenticated */
 				auth->lasso_name,
 				reauth_time);
 		if (rc) {
 			free(reauth_time);
 			lasso_login_destroy(login);
@ -279,7 +279,7 @@ int single_sign_on()
 	free(reauth_time);
 	rc = db_save_name_identifier(
-			LASSO_PROFILE(login)->nameIdentifier, user_id);
+			LASSO_PROFILE(login)->nameIdentifier->content, user_id);
 	if (rc) {
 		lasso_login_destroy(login);
 		lasso_server_destroy(server);
@ -294,11 +294,10 @@ int single_sign_on()
 	}
-	if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
+	if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
-		LassoAssertion *my_ass;
+		rc = db_save_artifact(login->assertionArtifact,
-			/* won't be freed; missing lasso_assertion_destroy */
+				user_id,
-		my_ass = lasso_login_get_assertion(login);
+				LASSO_PROFILE(login)->remote_providerID);
 		rc = db_save_assertion(login->assertionArtifact, my_ass);
 		if (rc) {
 			lasso_login_destroy(login);
 			lasso_server_destroy(server);
@ -333,7 +332,7 @@ int main(int argc, char *argv[])
 {
 	int rc;
-	if (argc > 1 && handle_args(argc, argv) ) {
+	if (argc > 1 && handle_args(argc, argv)) {
 		return 0;
 	}
--- a/src/soap_end_point.c
+++ b/src/soap_end_point.c
@ -23,7 +23,7 @@
 struct req {
-	lassoRequestType type;
+	LassoRequestType type;
 	char* (*request_function) (LassoServer*, char*);
 };
@ -34,11 +34,11 @@ char* req_register_name_identifier(LassoServer *server, char *soap_msg);
 char* req_name_identifier_mapping(LassoServer *server, char *soap_msg);
 struct req requests[] = {
-	{lassoRequestTypeLogin, req_login},
+	{LASSO_REQUEST_TYPE_LOGIN, req_login},
-	{lassoRequestTypeLogout, req_logout},
+	{LASSO_REQUEST_TYPE_LOGOUT, req_logout},
-	{lassoRequestTypeDefederation, req_defederation},
+	{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
-	{lassoRequestTypeRegisterNameIdentifier, req_register_name_identifier},
+	{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
-	{lassoRequestTypeNameIdentifierMapping, req_name_identifier_mapping},
+	{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
 	/* {lassoRequestTypeLecp, req_lecp}, */
 		/* LECP requests go to single sign on service URL */
 	{0, NULL}
@ -50,8 +50,9 @@ struct req requests[] = {
 char* req_login(LassoServer *server, char *soap_msg)
 {
 	LassoLogin *login;
 	char *assertion_dump = NULL;
 	int rc;
 	char *user_id = NULL, *provider_id = NULL;
 	char *identity_dump, *session_dump, *answer;
 	login = lasso_login_new(server);
 	rc = lasso_login_process_request_msg(login, soap_msg);
@ -60,26 +61,33 @@ char* req_login(LassoServer *server, char *soap_msg)
 		return NULL;
 	}
-	rc = db_get_assertion(login->assertionArtifact, &assertion_dump);
+	rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
 	if (rc) {
-		fprintf(stderr, "db_get_assertion failed\n");
+		fprintf(stderr, "db_get_artifact failed\n");
 	} else {
-		rc = lasso_login_set_assertion_from_dump(login, assertion_dump);
+		rc = db_remove_artifact(login->assertionArtifact);
 		if (rc) {
-			fprintf(stderr, "set_assertion_from_dump failed\n");
+			fprintf(stderr, "db_remove_artifact failed\n");
 		}
 		rc = db_remove_assertion(login->assertionArtifact);
 		if (rc) {
 			fprintf(stderr, "db_remove_assertion failed\n");
 		}
 		rc = db_get_dumps(user_id, &identity_dump, &session_dump);
 		rc = set_profile_from_dumps(LASSO_PROFILE(login),
 				identity_dump, session_dump);
 		free(identity_dump);
 		free(session_dump);
 	}
-	rc = lasso_login_build_response_msg(login);
+	rc = lasso_login_build_response_msg(login, provider_id);
-	assertion_dump = strdup(LASSO_PROFILE(login)->msg_body);
+	if (user_id)
 		free(user_id);
 	if (provider_id)
 		free(provider_id);
 	answer = strdup(LASSO_PROFILE(login)->msg_body);
 	lasso_login_destroy(login);
-	return assertion_dump;
+	return answer;
 }
 char* req_logout(LassoServer *server, char *soap_msg)
@ -90,10 +98,9 @@ char* req_logout(LassoServer *server, char *soap_msg)
 	char *answer = NULL;
 	char *soap_answer = NULL;
-	logout = lasso_logout_new(server, lassoProviderTypeIdp);
+	logout = lasso_logout_new(server);
-	rc = lasso_logout_process_request_msg(logout,
+	rc = lasso_logout_process_request_msg(logout, soap_msg);
 			soap_msg, lassoHttpMethodSoap);
 	if (rc) {
 		fprintf(stderr, "process_request_msg failed\n");
 		goto cleanup;
@ -131,7 +138,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
 	while (other_sp) {
 		fprintf(stderr, "Other SP: %s\n", other_sp);
 		rc = lasso_logout_init_request(logout, other_sp,
-				lassoHttpMethodAny);
+				LASSO_HTTP_METHOD_ANY);
 		if (rc) {
 			fprintf(stderr, "init_request failed\n");
 			goto cleanup;
@ -149,8 +156,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
 			goto cleanup;
 		}
-		rc = lasso_logout_process_response_msg(logout,
+		rc = lasso_logout_process_response_msg(logout, soap_answer);
 				soap_answer, lassoHttpMethodSoap);
 		if (rc) {
 			free(soap_answer);
 			fprintf(stderr, "logout_process_response_msg failed\n");
@ -183,10 +189,9 @@ char* req_defederation(LassoServer *server, char *soap_msg)
 	LassoIdentity *identity;
 	int rc;
-	termination = lasso_defederation_new(server, lassoProviderTypeIdp);
+	termination = lasso_defederation_new(server);
-	rc = lasso_defederation_process_notification_msg(
+	rc = lasso_defederation_process_notification_msg(termination, soap_msg);
 			termination, soap_msg, lassoHttpMethodSoap);
 	if (rc) {
 		fprintf(stderr, "process_notifification_msg failed\n");
 		return NULL;
@ -233,7 +238,7 @@ int soap_end_point()
 	int clen = 0;
 	char *soap_msg, *soap_answer = NULL;
 	char *http_verb;
-	lassoRequestType req_type;
+	LassoRequestType req_type;
 	int i;
 	http_verb = getenv("REQUEST_METHOD");
--- a/src/utils.c
+++ b/src/utils.c
@ -125,23 +125,23 @@ int set_profile_auto(LassoProfile *profile)
 {
 	int rc;
 	char *user_id;
-	char *user_dump, *session_dump;
+	char *identity_dump, *session_dump;
-	rc = db_get_user_id(profile->nameIdentifier, &user_id);
+	rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
 	if (rc) {
 		fprintf(stderr, "db_get_user_id failed\n");
 		return 1;
 	}
-	rc = db_get_dumps(user_id, &user_dump, &session_dump);
+	rc = db_get_dumps(user_id, &identity_dump, &session_dump);
 	free(user_id);
 	if (rc) {
 		fprintf(stderr, "Error getting dumps from db\n");
 		return 1;
 	}
-	rc = set_profile_from_dumps(profile, user_dump, session_dump);
+	rc = set_profile_from_dumps(profile, identity_dump, session_dump);
-	free(user_dump);
+	free(identity_dump);
 	free(session_dump);
 	return rc;
 }
@ -163,7 +163,7 @@ int save_profile_dumps(LassoProfile *profile)
 	char *user_id;
-	rc = db_get_user_id(profile->nameIdentifier, &user_id);
+	rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
 	if (rc) {
 		fprintf(stderr, "db_get_user_id failed\n");
 		return 1;
@ -172,8 +172,9 @@ int save_profile_dumps(LassoProfile *profile)
 	if (lasso_profile_is_identity_dirty(profile)) {
 		LassoIdentity *identity;
 		identity = lasso_profile_get_identity(profile);
-		dump = identity ? lasso_identity_dump(identity) : "";
+		dump = identity ? lasso_identity_dump(identity) : strdup("");
 		rc = db_save_identity(user_id, dump);
 		free(dump);
 		lasso_identity_destroy(identity);
 		if (rc) {
 			free(user_id);
@ -184,8 +185,9 @@ int save_profile_dumps(LassoProfile *profile)
 	if (lasso_profile_is_session_dirty(profile)) {
 		LassoSession *session;
 		session = lasso_profile_get_session(profile);
-		dump = session ? lasso_session_dump(session) : "";
+		dump = session ? lasso_session_dump(session) : strdup("");
 		rc = db_save_session(user_id, dump);
 		free(dump);
 		lasso_session_destroy(session);
 		if (rc) {
 			free(user_id);