updated to lasso 0.6.0; thanks to work on idptech
This commit is contained in:
parent
ba2615a686
commit
f16cd25ecc
|
@ -18,7 +18,7 @@ dnl Checks for header files.
|
||||||
AC_HEADER_STDC
|
AC_HEADER_STDC
|
||||||
|
|
||||||
dnl Checks for libraries.
|
dnl Checks for libraries.
|
||||||
PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso = 0.4.1 openssl)
|
PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso >= 0.6.0 openssl)
|
||||||
AC_SUBST(IDPC_CFLAGS)
|
AC_SUBST(IDPC_CFLAGS)
|
||||||
AC_SUBST(IDPC_LIBS)
|
AC_SUBST(IDPC_LIBS)
|
||||||
|
|
||||||
|
|
|
@ -13,11 +13,12 @@
|
||||||
session_dump text
|
session_dump text
|
||||||
);
|
);
|
||||||
|
|
||||||
CREATE TABLE assertions (
|
CREATE TABLE artifacts (
|
||||||
artifact varchar(100),
|
artifact varchar(100) primary key,
|
||||||
assertion text
|
user_id varchar(100),
|
||||||
|
provider_id text
|
||||||
);
|
);
|
||||||
|
|
||||||
GRANT DELETE, INSERT, SELECT, UPDATE ON nameidentifiers TO idpc;
|
GRANT DELETE, INSERT, SELECT, UPDATE ON nameidentifiers TO idpc;
|
||||||
GRANT DELETE, INSERT, SELECT, UPDATE ON users TO idpc;
|
GRANT DELETE, INSERT, SELECT, UPDATE ON users TO idpc;
|
||||||
GRANT DELETE, INSERT, SELECT, UPDATE ON assertions TO idpc;
|
GRANT DELETE, INSERT, SELECT, UPDATE ON artifacts TO idpc;
|
||||||
|
|
|
@ -261,8 +261,9 @@ char* http_auth()
|
||||||
|
|
||||||
struct authentication authentications[] = {
|
struct authentication authentications[] = {
|
||||||
{"certificate", certificate_auth,
|
{"certificate", certificate_auth,
|
||||||
lassoSamlAuthenticationMethodSoftwarePki},
|
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
|
||||||
{"http", http_auth, lassoSamlAuthenticationMethodPassword},
|
{"http", http_auth,
|
||||||
|
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
|
||||||
{ NULL, NULL, NULL}
|
{ NULL, NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -84,10 +84,9 @@ LassoServer* get_config_server()
|
||||||
|
|
||||||
server = lasso_server_new(
|
server = lasso_server_new(
|
||||||
get_config_string("//idpc:metadataFilePath"),
|
get_config_string("//idpc:metadataFilePath"),
|
||||||
get_config_string("//idpc:idpPublicKey"),
|
|
||||||
get_config_string("//idpc:idpPrivateKey"),
|
get_config_string("//idpc:idpPrivateKey"),
|
||||||
get_config_string("//idpc:idpCertificate"),
|
NULL,
|
||||||
lassoSignatureMethodRsaSha1);
|
get_config_string("//idpc:idpCertificate"));
|
||||||
if (server == NULL) {
|
if (server == NULL) {
|
||||||
fprintf(stderr, "failure in server_new\n");
|
fprintf(stderr, "failure in server_new\n");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -105,6 +104,7 @@ LassoServer* get_config_server()
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
rc = lasso_server_add_provider(server,
|
rc = lasso_server_add_provider(server,
|
||||||
|
LASSO_PROVIDER_ROLE_SP,
|
||||||
get_config_string(cfg_metadata),
|
get_config_string(cfg_metadata),
|
||||||
get_config_string(cfg_publickey),
|
get_config_string(cfg_publickey),
|
||||||
get_config_string(cfg_cacertificate));
|
get_config_string(cfg_cacertificate));
|
||||||
|
|
|
@ -189,20 +189,18 @@ int db_save_name_identifier(char *name_identifier, char *user_id)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
|
int db_save_artifact(char *artifact, char *user_id, char *provider_id)
|
||||||
{
|
{
|
||||||
PGresult *res;
|
PGresult *res;
|
||||||
const char *params[2];
|
const char *params[3];
|
||||||
char *assertion_dump;
|
|
||||||
|
|
||||||
assertion_dump = lasso_node_export(LASSO_NODE(assertion));
|
params[0] = artifact;
|
||||||
|
params[1] = user_id;
|
||||||
params[0] = assertion_artifact;
|
params[2] = provider_id;
|
||||||
params[1] = assertion_dump;
|
|
||||||
|
|
||||||
res = PQexecParams(sqlconn,
|
res = PQexecParams(sqlconn,
|
||||||
"INSERT INTO assertions VALUES ($1, $2)",
|
"INSERT INTO artifacts VALUES ($1, $2, $3)",
|
||||||
2, NULL, params, NULL, NULL, 1);
|
3, NULL, params, NULL, NULL, 1);
|
||||||
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
|
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
|
||||||
PQclear(res);
|
PQclear(res);
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -212,7 +210,7 @@ int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int db_get_assertion(char *artifact, char **assertion)
|
int db_get_artifact(char *artifact, char **user_id, char **provider_id)
|
||||||
{
|
{
|
||||||
PGresult *res;
|
PGresult *res;
|
||||||
const char *params[1];
|
const char *params[1];
|
||||||
|
@ -220,7 +218,7 @@ int db_get_assertion(char *artifact, char **assertion)
|
||||||
params[0] = artifact;
|
params[0] = artifact;
|
||||||
|
|
||||||
res = PQexecParams(sqlconn,
|
res = PQexecParams(sqlconn,
|
||||||
"SELECT assertion from assertions where artifact = $1",
|
"SELECT user_id, provider_id from artifacts where artifact = $1",
|
||||||
1, NULL, params, NULL, NULL, 1);
|
1, NULL, params, NULL, NULL, 1);
|
||||||
if (PQresultStatus(res) != PGRES_TUPLES_OK) {
|
if (PQresultStatus(res) != PGRES_TUPLES_OK) {
|
||||||
PQclear(res);
|
PQclear(res);
|
||||||
|
@ -233,12 +231,13 @@ int db_get_assertion(char *artifact, char **assertion)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
*assertion = strdup(PQgetvalue(res, 0, 0));
|
*user_id = strdup(PQgetvalue(res, 0, 0));
|
||||||
|
*provider_id = strdup(PQgetvalue(res, 0, 1));
|
||||||
PQclear(res);
|
PQclear(res);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int db_remove_assertion(char *artifact)
|
int db_remove_artifact(char *artifact)
|
||||||
{
|
{
|
||||||
PGresult *res;
|
PGresult *res;
|
||||||
const char *params[1];
|
const char *params[1];
|
||||||
|
@ -246,7 +245,7 @@ int db_remove_assertion(char *artifact)
|
||||||
params[0] = artifact;
|
params[0] = artifact;
|
||||||
|
|
||||||
res = PQexecParams(sqlconn,
|
res = PQexecParams(sqlconn,
|
||||||
"DELETE from assertions where artifact = $1",
|
"DELETE from artifacts where artifact = $1",
|
||||||
1, NULL, params, NULL, NULL, 1);
|
1, NULL, params, NULL, NULL, 1);
|
||||||
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
|
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
|
||||||
PQclear(res);
|
PQclear(res);
|
||||||
|
|
|
@ -35,8 +35,7 @@ int defederation_http(LassoDefederation *termination)
|
||||||
LassoIdentity *identity;
|
LassoIdentity *identity;
|
||||||
|
|
||||||
rc = lasso_defederation_process_notification_msg(
|
rc = lasso_defederation_process_notification_msg(
|
||||||
termination, getenv("QUERY_STRING"),
|
termination, getenv("QUERY_STRING"));
|
||||||
lassoHttpMethodRedirect);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
return error_page("process_notification_msg failed");
|
return error_page("process_notification_msg failed");
|
||||||
}
|
}
|
||||||
|
@ -113,7 +112,7 @@ int defederation_init(LassoDefederation *termination,
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_defederation_init_notification(termination,
|
rc = lasso_defederation_init_notification(termination,
|
||||||
serviceProviderId, lassoHttpMethodSoap);
|
serviceProviderId, LASSO_HTTP_METHOD_SOAP);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
return error_page("init_notification failed");
|
return error_page("init_notification failed");
|
||||||
}
|
}
|
||||||
|
@ -168,8 +167,7 @@ int defederation()
|
||||||
return error_page("Failed to get server configuration");
|
return error_page("Failed to get server configuration");
|
||||||
}
|
}
|
||||||
|
|
||||||
termination = lasso_defederation_new(server,
|
termination = lasso_defederation_new(server);
|
||||||
lassoProviderTypeIdp);
|
|
||||||
if (termination == NULL) {
|
if (termination == NULL) {
|
||||||
lasso_server_destroy(server);
|
lasso_server_destroy(server);
|
||||||
return error_page("lasso_defederation_new failed");
|
return error_page("lasso_defederation_new failed");
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
#include <openssl/ocsp.h>
|
#include <openssl/ocsp.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <lasso/lasso.h>
|
#include <lasso/lasso.h>
|
||||||
#include <lasso/xml/errors.h> /* lasso bug; shouldn't have to include this */
|
#include <lasso/errors.h> /* lasso bug; shouldn't have to include this */
|
||||||
|
|
||||||
int error_page(char *msg);
|
int error_page(char *msg);
|
||||||
int handle_args(int argc, char *argv[]);
|
int handle_args(int argc, char *argv[]);
|
||||||
|
@ -55,9 +55,9 @@ int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
|
||||||
int db_save_identity(char *user_id, char *identity_dump);
|
int db_save_identity(char *user_id, char *identity_dump);
|
||||||
int db_save_session(char *user_id, char *session_dump);
|
int db_save_session(char *user_id, char *session_dump);
|
||||||
int db_save_name_identifier(char *name_identifier, char *user_id);
|
int db_save_name_identifier(char *name_identifier, char *user_id);
|
||||||
int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion);
|
int db_save_artifact(char *artifact, char *user_id, char *provider_id);
|
||||||
int db_get_assertion(char *artifact, char **assertion);
|
int db_get_artifact(char *artifact, char **user_id, char **provider_id);
|
||||||
int db_remove_assertion(char *artifact);
|
int db_remove_artifact(char *artifact);
|
||||||
int db_get_user_id(char *name_identifier, char **user_id);
|
int db_get_user_id(char *name_identifier, char **user_id);
|
||||||
void db_finish();
|
void db_finish();
|
||||||
|
|
||||||
|
|
|
@ -39,8 +39,7 @@ int soap_loop(LassoLogout *logout)
|
||||||
other_sp = lasso_logout_get_next_providerID(logout);
|
other_sp = lasso_logout_get_next_providerID(logout);
|
||||||
while (other_sp) {
|
while (other_sp) {
|
||||||
fprintf(stderr, "Other SP: %s\n", other_sp);
|
fprintf(stderr, "Other SP: %s\n", other_sp);
|
||||||
rc = lasso_logout_init_request(logout, other_sp,
|
rc = lasso_logout_init_request(logout, other_sp, LASSO_HTTP_METHOD_ANY);
|
||||||
lassoHttpMethodAny);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "init_request failed\n");
|
fprintf(stderr, "init_request failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -59,8 +58,7 @@ int soap_loop(LassoLogout *logout)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_logout_process_response_msg(logout,
|
rc = lasso_logout_process_response_msg(logout, soap_answer);
|
||||||
soap_answer, lassoHttpMethodSoap);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(soap_answer);
|
free(soap_answer);
|
||||||
fprintf(stderr, "logout_process_response_msg failed\n");
|
fprintf(stderr, "logout_process_response_msg failed\n");
|
||||||
|
@ -82,7 +80,7 @@ int soap_loop(LassoLogout *logout)
|
||||||
if (other_sp) {
|
if (other_sp) {
|
||||||
/* remaining service provider; redirect */
|
/* remaining service provider; redirect */
|
||||||
rc = lasso_logout_init_request(logout, other_sp,
|
rc = lasso_logout_init_request(logout, other_sp,
|
||||||
lassoHttpMethodRedirect);
|
LASSO_HTTP_METHOD_REDIRECT);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "lasso_logout_init_request failed\n");
|
fprintf(stderr, "lasso_logout_init_request failed\n");
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -184,14 +182,13 @@ int logout_req()
|
||||||
return error_page("Failed to get server configuration");
|
return error_page("Failed to get server configuration");
|
||||||
}
|
}
|
||||||
|
|
||||||
logout = lasso_logout_new(server, lassoProviderTypeIdp);
|
logout = lasso_logout_new(server);
|
||||||
if (logout == NULL) {
|
if (logout == NULL) {
|
||||||
lasso_server_destroy(server);
|
lasso_server_destroy(server);
|
||||||
return error_page("lasso_logout_new failed");
|
return error_page("lasso_logout_new failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_logout_process_request_msg(logout,
|
rc = lasso_logout_process_request_msg(logout, getenv("QUERY_STRING"));
|
||||||
getenv("QUERY_STRING"), lassoHttpMethodRedirect);
|
|
||||||
if (rc == LASSO_PROFILE_ERROR_INVALID_QUERY) {
|
if (rc == LASSO_PROFILE_ERROR_INVALID_QUERY) {
|
||||||
/* unknown query string; initiate logout now */
|
/* unknown query string; initiate logout now */
|
||||||
rc = logout_init(logout);
|
rc = logout_init(logout);
|
||||||
|
|
|
@ -44,7 +44,7 @@ int lecp_profile(LassoServer *server)
|
||||||
soap_msg[clen] = 0;
|
soap_msg[clen] = 0;
|
||||||
fgets(soap_msg, clen+1, stdin);
|
fgets(soap_msg, clen+1, stdin);
|
||||||
req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
|
req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
|
||||||
if (req_type != lassoRequestTypeLecp) {
|
if (req_type != LASSO_REQUEST_TYPE_LECP) {
|
||||||
return error_page("soap but req type not LECP");
|
return error_page("soap but req type not LECP");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,10 +78,7 @@ int lecp_profile(LassoServer *server)
|
||||||
return error_page("Failed to set profile from dumps");
|
return error_page("Failed to set profile from dumps");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = lasso_lecp_process_authn_request_msg(lecp, soap_msg);
|
||||||
|
|
||||||
rc = lasso_lecp_init_from_authn_request_msg(lecp, soap_msg,
|
|
||||||
lassoHttpMethodSoap);
|
|
||||||
if (!rc) {
|
if (!rc) {
|
||||||
lasso_lecp_destroy(lecp);
|
lasso_lecp_destroy(lecp);
|
||||||
return error_page("lecp init failed");
|
return error_page("lecp init failed");
|
||||||
|
@ -90,9 +87,7 @@ int lecp_profile(LassoServer *server)
|
||||||
reauth_time = strtime(time(NULL) +
|
reauth_time = strtime(time(NULL) +
|
||||||
(get_config_string("//idpc:reauthenticationDelay") ?
|
(get_config_string("//idpc:reauthenticationDelay") ?
|
||||||
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
|
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
|
||||||
rc = lasso_lecp_build_authn_response_envelope_msg(
|
rc = lasso_lecp_build_authn_response_envelope_msg(lecp);
|
||||||
lecp, 1, auth->lasso_name,
|
|
||||||
reauth_time);
|
|
||||||
free(reauth_time);
|
free(reauth_time);
|
||||||
if (!rc) {
|
if (!rc) {
|
||||||
lasso_lecp_destroy(lecp);
|
lasso_lecp_destroy(lecp);
|
||||||
|
@ -115,7 +110,6 @@ int single_sign_on()
|
||||||
{
|
{
|
||||||
LassoServer *server;
|
LassoServer *server;
|
||||||
LassoLogin *login;
|
LassoLogin *login;
|
||||||
lassoHttpMethod response_method;
|
|
||||||
char *http_verb, *ct;
|
char *http_verb, *ct;
|
||||||
char *authn_request_msg = NULL;
|
char *authn_request_msg = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
|
@ -137,12 +131,13 @@ int single_sign_on()
|
||||||
char *t;
|
char *t;
|
||||||
|
|
||||||
t = getenv("QUERY_STRING");
|
t = getenv("QUERY_STRING");
|
||||||
if (t) {
|
if (!t)
|
||||||
authn_request_msg = strdup(t);
|
return error_page("No authnRequest as query string");
|
||||||
} else {
|
|
||||||
authn_request_msg = strdup("");
|
if (! lasso_profile_is_liberty_query(t))
|
||||||
}
|
return error_page("Improper query string; not a AuthnRequest");
|
||||||
response_method = lassoHttpMethodRedirect;
|
|
||||||
|
authn_request_msg = strdup(t);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strcmp(http_verb, "POST") == 0) {
|
if (strcmp(http_verb, "POST") == 0) {
|
||||||
|
@ -161,7 +156,6 @@ int single_sign_on()
|
||||||
msg = malloc(clen+1);
|
msg = malloc(clen+1);
|
||||||
msg[clen] = 0;
|
msg[clen] = 0;
|
||||||
fgets(msg, clen+1, stdin);
|
fgets(msg, clen+1, stdin);
|
||||||
response_method = lassoHttpMethodPost;
|
|
||||||
|
|
||||||
res = urlencoded_to_strings(msg);
|
res = urlencoded_to_strings(msg);
|
||||||
for (i=0; res[i]; i++) {
|
for (i=0; res[i]; i++) {
|
||||||
|
@ -228,8 +222,7 @@ int single_sign_on()
|
||||||
return error_page("Failed to set profile from dumps");
|
return error_page("Failed to set profile from dumps");
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_login_init_from_authn_request_msg(login,
|
rc = lasso_login_process_authn_request_msg(login, authn_request_msg);
|
||||||
authn_request_msg, response_method);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
char msg[100];
|
char msg[100];
|
||||||
sprintf(msg, "Lasso login error, %d", rc);
|
sprintf(msg, "Lasso login error, %d", rc);
|
||||||
|
@ -251,12 +244,22 @@ int single_sign_on()
|
||||||
(get_config_string("//idpc:reauthenticationDelay") ?
|
(get_config_string("//idpc:reauthenticationDelay") ?
|
||||||
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
|
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
|
||||||
|
|
||||||
if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
|
rc = lasso_login_build_assertion(login,
|
||||||
|
auth->lasso_name,
|
||||||
|
"", /* authenticationInstant */
|
||||||
|
reauth_time, /* reauthenticateOnOrAfter */
|
||||||
|
"", /* notBefore */
|
||||||
|
""); /* notOnOrAfter */
|
||||||
|
if (rc) {
|
||||||
|
free(reauth_time);
|
||||||
|
lasso_login_destroy(login);
|
||||||
|
lasso_server_destroy(server);
|
||||||
|
return error_page("build_assertion failed");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
|
||||||
rc = lasso_login_build_artifact_msg(login,
|
rc = lasso_login_build_artifact_msg(login,
|
||||||
1, /* user authenticated */
|
LASSO_HTTP_METHOD_REDIRECT);
|
||||||
auth->lasso_name,
|
|
||||||
reauth_time,
|
|
||||||
lassoHttpMethodRedirect);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(reauth_time);
|
free(reauth_time);
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
|
@ -265,10 +268,7 @@ int single_sign_on()
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
|
||||||
rc = lasso_login_build_authn_response_msg(login,
|
rc = lasso_login_build_authn_response_msg(login);
|
||||||
1, /* user authenticated */
|
|
||||||
auth->lasso_name,
|
|
||||||
reauth_time);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(reauth_time);
|
free(reauth_time);
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
|
@ -279,7 +279,7 @@ int single_sign_on()
|
||||||
free(reauth_time);
|
free(reauth_time);
|
||||||
|
|
||||||
rc = db_save_name_identifier(
|
rc = db_save_name_identifier(
|
||||||
LASSO_PROFILE(login)->nameIdentifier, user_id);
|
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
lasso_server_destroy(server);
|
lasso_server_destroy(server);
|
||||||
|
@ -294,11 +294,10 @@ int single_sign_on()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
|
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
|
||||||
LassoAssertion *my_ass;
|
rc = db_save_artifact(login->assertionArtifact,
|
||||||
/* won't be freed; missing lasso_assertion_destroy */
|
user_id,
|
||||||
my_ass = lasso_login_get_assertion(login);
|
LASSO_PROFILE(login)->remote_providerID);
|
||||||
rc = db_save_assertion(login->assertionArtifact, my_ass);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
lasso_server_destroy(server);
|
lasso_server_destroy(server);
|
||||||
|
@ -333,7 +332,7 @@ int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (argc > 1 && handle_args(argc, argv) ) {
|
if (argc > 1 && handle_args(argc, argv)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
|
|
||||||
|
|
||||||
struct req {
|
struct req {
|
||||||
lassoRequestType type;
|
LassoRequestType type;
|
||||||
char* (*request_function) (LassoServer*, char*);
|
char* (*request_function) (LassoServer*, char*);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -34,11 +34,11 @@ char* req_register_name_identifier(LassoServer *server, char *soap_msg);
|
||||||
char* req_name_identifier_mapping(LassoServer *server, char *soap_msg);
|
char* req_name_identifier_mapping(LassoServer *server, char *soap_msg);
|
||||||
|
|
||||||
struct req requests[] = {
|
struct req requests[] = {
|
||||||
{lassoRequestTypeLogin, req_login},
|
{LASSO_REQUEST_TYPE_LOGIN, req_login},
|
||||||
{lassoRequestTypeLogout, req_logout},
|
{LASSO_REQUEST_TYPE_LOGOUT, req_logout},
|
||||||
{lassoRequestTypeDefederation, req_defederation},
|
{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
|
||||||
{lassoRequestTypeRegisterNameIdentifier, req_register_name_identifier},
|
{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
|
||||||
{lassoRequestTypeNameIdentifierMapping, req_name_identifier_mapping},
|
{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
|
||||||
/* {lassoRequestTypeLecp, req_lecp}, */
|
/* {lassoRequestTypeLecp, req_lecp}, */
|
||||||
/* LECP requests go to single sign on service URL */
|
/* LECP requests go to single sign on service URL */
|
||||||
{0, NULL}
|
{0, NULL}
|
||||||
|
@ -50,8 +50,9 @@ struct req requests[] = {
|
||||||
char* req_login(LassoServer *server, char *soap_msg)
|
char* req_login(LassoServer *server, char *soap_msg)
|
||||||
{
|
{
|
||||||
LassoLogin *login;
|
LassoLogin *login;
|
||||||
char *assertion_dump = NULL;
|
|
||||||
int rc;
|
int rc;
|
||||||
|
char *user_id = NULL, *provider_id = NULL;
|
||||||
|
char *identity_dump, *session_dump, *answer;
|
||||||
|
|
||||||
login = lasso_login_new(server);
|
login = lasso_login_new(server);
|
||||||
rc = lasso_login_process_request_msg(login, soap_msg);
|
rc = lasso_login_process_request_msg(login, soap_msg);
|
||||||
|
@ -60,26 +61,33 @@ char* req_login(LassoServer *server, char *soap_msg)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = db_get_assertion(login->assertionArtifact, &assertion_dump);
|
rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "db_get_assertion failed\n");
|
fprintf(stderr, "db_get_artifact failed\n");
|
||||||
} else {
|
} else {
|
||||||
rc = lasso_login_set_assertion_from_dump(login, assertion_dump);
|
rc = db_remove_artifact(login->assertionArtifact);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "set_assertion_from_dump failed\n");
|
fprintf(stderr, "db_remove_artifact failed\n");
|
||||||
}
|
|
||||||
rc = db_remove_assertion(login->assertionArtifact);
|
|
||||||
if (rc) {
|
|
||||||
fprintf(stderr, "db_remove_assertion failed\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||||
|
rc = set_profile_from_dumps(LASSO_PROFILE(login),
|
||||||
|
identity_dump, session_dump);
|
||||||
|
free(identity_dump);
|
||||||
|
free(session_dump);
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_login_build_response_msg(login);
|
rc = lasso_login_build_response_msg(login, provider_id);
|
||||||
assertion_dump = strdup(LASSO_PROFILE(login)->msg_body);
|
if (user_id)
|
||||||
|
free(user_id);
|
||||||
|
if (provider_id)
|
||||||
|
free(provider_id);
|
||||||
|
|
||||||
|
answer = strdup(LASSO_PROFILE(login)->msg_body);
|
||||||
|
|
||||||
lasso_login_destroy(login);
|
lasso_login_destroy(login);
|
||||||
|
|
||||||
return assertion_dump;
|
return answer;
|
||||||
}
|
}
|
||||||
|
|
||||||
char* req_logout(LassoServer *server, char *soap_msg)
|
char* req_logout(LassoServer *server, char *soap_msg)
|
||||||
|
@ -90,10 +98,9 @@ char* req_logout(LassoServer *server, char *soap_msg)
|
||||||
char *answer = NULL;
|
char *answer = NULL;
|
||||||
char *soap_answer = NULL;
|
char *soap_answer = NULL;
|
||||||
|
|
||||||
logout = lasso_logout_new(server, lassoProviderTypeIdp);
|
logout = lasso_logout_new(server);
|
||||||
|
|
||||||
rc = lasso_logout_process_request_msg(logout,
|
rc = lasso_logout_process_request_msg(logout, soap_msg);
|
||||||
soap_msg, lassoHttpMethodSoap);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "process_request_msg failed\n");
|
fprintf(stderr, "process_request_msg failed\n");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
@ -131,7 +138,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
|
||||||
while (other_sp) {
|
while (other_sp) {
|
||||||
fprintf(stderr, "Other SP: %s\n", other_sp);
|
fprintf(stderr, "Other SP: %s\n", other_sp);
|
||||||
rc = lasso_logout_init_request(logout, other_sp,
|
rc = lasso_logout_init_request(logout, other_sp,
|
||||||
lassoHttpMethodAny);
|
LASSO_HTTP_METHOD_ANY);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "init_request failed\n");
|
fprintf(stderr, "init_request failed\n");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
@ -149,8 +156,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = lasso_logout_process_response_msg(logout,
|
rc = lasso_logout_process_response_msg(logout, soap_answer);
|
||||||
soap_answer, lassoHttpMethodSoap);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(soap_answer);
|
free(soap_answer);
|
||||||
fprintf(stderr, "logout_process_response_msg failed\n");
|
fprintf(stderr, "logout_process_response_msg failed\n");
|
||||||
|
@ -183,10 +189,9 @@ char* req_defederation(LassoServer *server, char *soap_msg)
|
||||||
LassoIdentity *identity;
|
LassoIdentity *identity;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
termination = lasso_defederation_new(server, lassoProviderTypeIdp);
|
termination = lasso_defederation_new(server);
|
||||||
|
|
||||||
rc = lasso_defederation_process_notification_msg(
|
rc = lasso_defederation_process_notification_msg(termination, soap_msg);
|
||||||
termination, soap_msg, lassoHttpMethodSoap);
|
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "process_notifification_msg failed\n");
|
fprintf(stderr, "process_notifification_msg failed\n");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -233,7 +238,7 @@ int soap_end_point()
|
||||||
int clen = 0;
|
int clen = 0;
|
||||||
char *soap_msg, *soap_answer = NULL;
|
char *soap_msg, *soap_answer = NULL;
|
||||||
char *http_verb;
|
char *http_verb;
|
||||||
lassoRequestType req_type;
|
LassoRequestType req_type;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
http_verb = getenv("REQUEST_METHOD");
|
http_verb = getenv("REQUEST_METHOD");
|
||||||
|
|
18
src/utils.c
18
src/utils.c
|
@ -125,23 +125,23 @@ int set_profile_auto(LassoProfile *profile)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
char *user_id;
|
char *user_id;
|
||||||
char *user_dump, *session_dump;
|
char *identity_dump, *session_dump;
|
||||||
|
|
||||||
rc = db_get_user_id(profile->nameIdentifier, &user_id);
|
rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "db_get_user_id failed\n");
|
fprintf(stderr, "db_get_user_id failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||||
free(user_id);
|
free(user_id);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "Error getting dumps from db\n");
|
fprintf(stderr, "Error getting dumps from db\n");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = set_profile_from_dumps(profile, user_dump, session_dump);
|
rc = set_profile_from_dumps(profile, identity_dump, session_dump);
|
||||||
free(user_dump);
|
free(identity_dump);
|
||||||
free(session_dump);
|
free(session_dump);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -163,7 +163,7 @@ int save_profile_dumps(LassoProfile *profile)
|
||||||
char *user_id;
|
char *user_id;
|
||||||
|
|
||||||
|
|
||||||
rc = db_get_user_id(profile->nameIdentifier, &user_id);
|
rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
fprintf(stderr, "db_get_user_id failed\n");
|
fprintf(stderr, "db_get_user_id failed\n");
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -172,8 +172,9 @@ int save_profile_dumps(LassoProfile *profile)
|
||||||
if (lasso_profile_is_identity_dirty(profile)) {
|
if (lasso_profile_is_identity_dirty(profile)) {
|
||||||
LassoIdentity *identity;
|
LassoIdentity *identity;
|
||||||
identity = lasso_profile_get_identity(profile);
|
identity = lasso_profile_get_identity(profile);
|
||||||
dump = identity ? lasso_identity_dump(identity) : "";
|
dump = identity ? lasso_identity_dump(identity) : strdup("");
|
||||||
rc = db_save_identity(user_id, dump);
|
rc = db_save_identity(user_id, dump);
|
||||||
|
free(dump);
|
||||||
lasso_identity_destroy(identity);
|
lasso_identity_destroy(identity);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(user_id);
|
free(user_id);
|
||||||
|
@ -184,8 +185,9 @@ int save_profile_dumps(LassoProfile *profile)
|
||||||
if (lasso_profile_is_session_dirty(profile)) {
|
if (lasso_profile_is_session_dirty(profile)) {
|
||||||
LassoSession *session;
|
LassoSession *session;
|
||||||
session = lasso_profile_get_session(profile);
|
session = lasso_profile_get_session(profile);
|
||||||
dump = session ? lasso_session_dump(session) : "";
|
dump = session ? lasso_session_dump(session) : strdup("");
|
||||||
rc = db_save_session(user_id, dump);
|
rc = db_save_session(user_id, dump);
|
||||||
|
free(dump);
|
||||||
lasso_session_destroy(session);
|
lasso_session_destroy(session);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
free(user_id);
|
free(user_id);
|
||||||
|
|
Reference in New Issue