2004-08-26 17:32:48 +02:00
|
|
|
/* $Id$
|
|
|
|
*
|
|
|
|
* Lasso - A free implementation of the Liberty Alliance specifications.
|
|
|
|
*
|
2007-05-30 19:17:45 +02:00
|
|
|
* Copyright (C) 2004-2007 Entr'ouvert
|
2004-08-26 17:32:48 +02:00
|
|
|
* http://lasso.entrouvert.org
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-22 16:57:56 +01:00
|
|
|
* Authors: See AUTHORS file in top-level directory.
|
2004-08-26 17:32:48 +02:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-08-26 17:32:48 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-08-26 17:32:48 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
|
2008-05-15 23:17:44 +02:00
|
|
|
/**
|
|
|
|
* SECTION:name_registration
|
|
|
|
* @short_description: Name Registration Profile (ID-FF)
|
|
|
|
*
|
|
|
|
**/
|
|
|
|
|
2009-03-27 16:04:26 +01:00
|
|
|
#include "../xml/private.h"
|
2009-08-26 17:14:32 +02:00
|
|
|
#include "name_registration.h"
|
|
|
|
#include "profileprivate.h"
|
|
|
|
#include "providerprivate.h"
|
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
2008-11-04 02:58:49 +01:00
|
|
|
#include "../utils.h"
|
2004-12-31 12:51:11 +01:00
|
|
|
|
2004-08-26 17:32:48 +02:00
|
|
|
/*****************************************************************************/
|
|
|
|
/* public methods */
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_build_request_msg:
|
2005-01-20 12:59:04 +01:00
|
|
|
* @name_registration: a #LassoNameRegistration
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Builds a register name identifier request message.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-10-27 11:49:13 +02:00
|
|
|
* It gets the register name identifier protocol profile and:
|
2005-01-20 12:59:04 +01:00
|
|
|
* <itemizedlist>
|
|
|
|
* <listitem><para>
|
|
|
|
* if it is a SOAP method, then it builds the register name identifier
|
2005-01-21 11:51:24 +01:00
|
|
|
* request SOAP message, optionally signs his node, sets @msg_body,
|
|
|
|
* gets the SoapEndpoint url and sets @msg_url.
|
2005-01-20 12:59:04 +01:00
|
|
|
* </para></listitem>
|
|
|
|
* <listitem><para>
|
|
|
|
* if it is a HTTP-Redirect method, then it builds the register name
|
2005-01-20 14:25:11 +01:00
|
|
|
* identifier request QUERY message (optionally signs the request message),
|
2004-10-27 11:49:13 +02:00
|
|
|
* builds the request url with register name identifier url with register
|
2005-01-21 11:51:24 +01:00
|
|
|
* name identifier service url, sets @msg_url in the register name
|
|
|
|
* identifier object, sets @msg_body to NULL.
|
2005-01-20 12:59:04 +01:00
|
|
|
* </para></listitem>
|
|
|
|
* </itemizedlist>
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
2004-08-26 17:32:48 +02:00
|
|
|
**/
|
|
|
|
gint
|
|
|
|
lasso_name_registration_build_request_msg(LassoNameRegistration *name_registration)
|
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
char *url, *query;
|
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-11-25 23:51:39 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
profile = LASSO_PROFILE(name_registration);
|
2007-01-05 14:40:07 +01:00
|
|
|
lasso_profile_clean_msg_info(profile);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2006-01-23 16:30:00 +01:00
|
|
|
if (profile->remote_providerID == NULL) {
|
|
|
|
/* this means lasso_logout_init_request was not called before */
|
|
|
|
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
profile->remote_providerID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
|
2004-11-29 17:38:58 +01:00
|
|
|
profile->msg_url = lasso_provider_get_metadata_one(
|
|
|
|
remote_provider, "SoapEndpoint");
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->private_key_file =
|
2005-11-20 16:38:19 +01:00
|
|
|
profile->server->private_key;
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->certificate_file =
|
2005-11-20 16:38:19 +01:00
|
|
|
profile->server->certificate;
|
|
|
|
profile->msg_body = lasso_node_export_to_soap(profile->request);
|
2004-11-09 10:08:47 +01:00
|
|
|
return 0;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2004-11-09 10:08:47 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
|
2005-01-20 14:25:11 +01:00
|
|
|
/* build and optionally sign the query message and build the
|
2004-10-27 11:49:13 +02:00
|
|
|
* register name identifier request url */
|
|
|
|
url = lasso_provider_get_metadata_one(remote_provider,
|
|
|
|
"RegisterNameIdentifierServiceURL");
|
|
|
|
if (url == NULL) {
|
2004-12-14 22:41:57 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2004-12-28 13:44:22 +01:00
|
|
|
query = lasso_node_export_to_query(LASSO_NODE(profile->request),
|
2004-10-27 11:49:13 +02:00
|
|
|
profile->server->signature_method,
|
|
|
|
profile->server->private_key);
|
|
|
|
if (query == NULL) {
|
|
|
|
g_free(url);
|
2004-12-15 12:07:34 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
/* build the msg_url */
|
2006-11-07 13:44:32 +01:00
|
|
|
profile->msg_url = lasso_concat_url_query(url, query);
|
2004-11-09 10:08:47 +01:00
|
|
|
profile->msg_body = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
g_free(url);
|
|
|
|
g_free(query);
|
2004-11-09 10:08:47 +01:00
|
|
|
return 0;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2004-12-14 16:46:25 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD);
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2005-01-20 12:59:04 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_build_response_msg:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Builds the register name idendifier response message.
|
|
|
|
*
|
|
|
|
* It gets the request message method and:
|
|
|
|
* <itemizedlist>
|
|
|
|
* <listitem><para>
|
|
|
|
* if it is a SOAP method, then it builds the response SOAP message, sets
|
|
|
|
* the msg_body attribute, gets the register name identifier service return
|
2005-01-21 11:51:24 +01:00
|
|
|
* url and sets @msg_url of the object.
|
2005-01-20 12:59:04 +01:00
|
|
|
* </para></listitem>
|
|
|
|
* <listitem><para>
|
|
|
|
* if it is a HTTP-Redirect method, then it builds the response QUERY
|
2005-01-21 11:51:24 +01:00
|
|
|
* message, builds the response url, sets @msg_url with the response url
|
2005-01-20 12:59:04 +01:00
|
|
|
* and sets the msg_body with NULL
|
|
|
|
* </para></listitem>
|
|
|
|
* </itemizedlist>
|
|
|
|
*
|
|
|
|
* If private key and certificate are set in server object it will also signs
|
|
|
|
* the message (either with X509 if SOAP or with a simple signature for query
|
|
|
|
* strings).
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
**/
|
2004-08-26 17:32:48 +02:00
|
|
|
gint
|
|
|
|
lasso_name_registration_build_response_msg(LassoNameRegistration *name_registration)
|
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
char *url, *query;
|
2004-11-25 23:51:39 +01:00
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
profile = LASSO_PROFILE(name_registration);
|
2007-01-05 14:40:07 +01:00
|
|
|
lasso_profile_clean_msg_info(profile);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2006-01-23 16:30:00 +01:00
|
|
|
if (profile->remote_providerID == NULL) {
|
|
|
|
/* this means lasso_logout_init_request was not called before */
|
|
|
|
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
profile->remote_providerID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
|
2004-12-31 14:06:21 +01:00
|
|
|
profile->msg_url = NULL;
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->private_key_file =
|
2005-11-20 16:38:19 +01:00
|
|
|
profile->server->private_key;
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->certificate_file =
|
2005-11-20 16:38:19 +01:00
|
|
|
profile->server->certificate;
|
|
|
|
profile->msg_body = lasso_node_export_to_soap(profile->response);
|
2004-10-27 11:49:13 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2004-11-09 10:08:47 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
|
|
|
|
url = lasso_provider_get_metadata_one(remote_provider,
|
|
|
|
"RegisterNameIdentifierServiceReturnURL");
|
|
|
|
if (url == NULL) {
|
2004-12-14 22:41:57 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2004-12-28 13:44:22 +01:00
|
|
|
query = lasso_node_export_to_query(LASSO_NODE(profile->response),
|
2004-10-27 11:49:13 +02:00
|
|
|
profile->server->signature_method,
|
|
|
|
profile->server->private_key);
|
|
|
|
if (query == NULL) {
|
|
|
|
g_free(url);
|
2004-12-15 12:07:34 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
/* build the msg_url */
|
2006-11-07 13:44:32 +01:00
|
|
|
profile->msg_url = lasso_concat_url_query(url, query);
|
2004-10-27 11:49:13 +02:00
|
|
|
g_free(url);
|
|
|
|
g_free(query);
|
|
|
|
profile->msg_body = NULL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-12-14 16:46:25 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD);
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2005-01-10 22:46:39 +01:00
|
|
|
/**
|
|
|
|
* lasso_name_registration_destroy:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-10 22:46:39 +01:00
|
|
|
* Destroys a #LassoNameRegistration object.
|
|
|
|
**/
|
2004-08-26 17:32:48 +02:00
|
|
|
void
|
|
|
|
lasso_name_registration_destroy(LassoNameRegistration *name_registration)
|
|
|
|
{
|
2005-01-10 22:46:39 +01:00
|
|
|
lasso_node_destroy(LASSO_NODE(name_registration));
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2005-01-20 12:59:04 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_init_request:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
|
|
|
* @remote_providerID: the providerID of the identity provider.
|
|
|
|
* @http_method: if set, then it get the protocol profile in metadata
|
|
|
|
* corresponding of this HTTP request method.
|
|
|
|
*
|
2005-05-12 20:29:34 +02:00
|
|
|
* Initializes a new lib:RegisterNameIdentifierRequest request; it sets
|
|
|
|
* @name_registration->nameIdentifier to the new name identifier and
|
|
|
|
* @name_registration->oldNameIdentifier to the old one.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
**/
|
2004-08-26 17:32:48 +02:00
|
|
|
gint
|
|
|
|
lasso_name_registration_init_request(LassoNameRegistration *name_registration,
|
2004-12-31 19:33:23 +01:00
|
|
|
char *remote_providerID, LassoHttpMethod http_method)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
LassoFederation *federation;
|
|
|
|
LassoSamlNameIdentifier *spNameIdentifier, *idpNameIdentifier, *oldNameIdentifier = NULL;
|
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
|
|
|
g_return_val_if_fail(remote_providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
profile = LASSO_PROFILE(name_registration);
|
|
|
|
|
|
|
|
/* verify if the identity and session exist */
|
|
|
|
if (LASSO_IS_IDENTITY(profile->identity) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* set the remote provider id */
|
|
|
|
profile->remote_providerID = g_strdup(remote_providerID);
|
|
|
|
|
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
profile->remote_providerID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Get federation */
|
|
|
|
federation = g_hash_table_lookup(profile->identity->federations,
|
|
|
|
profile->remote_providerID);
|
|
|
|
if (LASSO_IS_FEDERATION(federation) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* FIXME : depending on the requester provider type, verify the format
|
|
|
|
* of the old name identifier is only federated type */
|
|
|
|
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
|
2005-05-12 20:29:34 +02:00
|
|
|
/* Initiating it, from a SP */
|
2004-10-27 11:49:13 +02:00
|
|
|
spNameIdentifier = lasso_saml_name_identifier_new();
|
|
|
|
spNameIdentifier->content = lasso_build_unique_id(32);
|
|
|
|
spNameIdentifier->NameQualifier = g_strdup(profile->remote_providerID);
|
|
|
|
spNameIdentifier->Format = g_strdup(LASSO_LIB_NAME_IDENTIFIER_FORMAT_FEDERATED);
|
|
|
|
|
|
|
|
idpNameIdentifier = g_object_ref(federation->remote_nameIdentifier);
|
|
|
|
|
|
|
|
if (federation->local_nameIdentifier) {
|
|
|
|
/* old name identifier is from SP,
|
|
|
|
* name_registration->oldNameIdentifier must be from SP */
|
|
|
|
oldNameIdentifier = g_object_ref(federation->local_nameIdentifier);
|
|
|
|
} else {
|
|
|
|
/* oldNameIdentifier is none, no local name identifier at SP, old is IDP */
|
|
|
|
oldNameIdentifier = g_object_ref(idpNameIdentifier);
|
|
|
|
}
|
|
|
|
|
2004-12-18 19:36:54 +01:00
|
|
|
profile->nameIdentifier = g_object_ref(spNameIdentifier);
|
|
|
|
name_registration->oldNameIdentifier = g_object_ref(oldNameIdentifier);
|
2004-12-15 14:26:31 +01:00
|
|
|
} else { /* if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) { */
|
2005-05-12 20:29:34 +02:00
|
|
|
/* Initiating it, from an IdP */
|
2004-10-27 11:49:13 +02:00
|
|
|
if (federation->local_nameIdentifier == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
oldNameIdentifier = g_object_ref(federation->local_nameIdentifier);
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
spNameIdentifier = NULL;
|
|
|
|
if (federation->remote_nameIdentifier) {
|
|
|
|
spNameIdentifier = g_object_ref(federation->remote_nameIdentifier);
|
|
|
|
}
|
|
|
|
|
|
|
|
idpNameIdentifier = lasso_saml_name_identifier_new();
|
|
|
|
idpNameIdentifier->content = lasso_build_unique_id(32);
|
|
|
|
idpNameIdentifier->NameQualifier = g_strdup(profile->remote_providerID);
|
|
|
|
idpNameIdentifier->Format = g_strdup(LASSO_LIB_NAME_IDENTIFIER_FORMAT_FEDERATED);
|
|
|
|
|
2005-05-12 20:29:34 +02:00
|
|
|
profile->nameIdentifier = g_object_ref(idpNameIdentifier);
|
|
|
|
name_registration->oldNameIdentifier = g_object_ref(oldNameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (oldNameIdentifier == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Invalid provider type"); /* ??? */
|
|
|
|
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (http_method == LASSO_HTTP_METHOD_ANY) {
|
|
|
|
http_method = lasso_provider_get_first_http_method(
|
|
|
|
LASSO_PROVIDER(profile->server),
|
|
|
|
remote_provider,
|
|
|
|
LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER);
|
|
|
|
} else {
|
|
|
|
if (lasso_provider_accept_http_method(LASSO_PROVIDER(profile->server),
|
|
|
|
remote_provider,
|
|
|
|
LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER,
|
|
|
|
http_method,
|
|
|
|
TRUE) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
profile->request = lasso_lib_register_name_identifier_request_new_full(
|
|
|
|
LASSO_PROVIDER(profile->server)->ProviderID,
|
2004-12-14 14:22:00 +01:00
|
|
|
idpNameIdentifier, spNameIdentifier, oldNameIdentifier,
|
2008-09-12 17:06:58 +02:00
|
|
|
profile->server->certificate ?
|
2005-03-07 15:16:16 +01:00
|
|
|
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
|
|
|
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
2004-10-27 11:49:13 +02:00
|
|
|
if (profile->request == NULL) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request)->RelayState =
|
2004-12-19 12:07:22 +01:00
|
|
|
g_strdup(profile->msg_relayState);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-11-20 16:38:19 +01:00
|
|
|
if (lasso_provider_get_protocol_conformance(remote_provider) < LASSO_PROTOCOL_LIBERTY_1_2) {
|
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->MajorVersion = 1;
|
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->MinorVersion = 1;
|
2005-01-28 14:29:14 +01:00
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
profile->http_request_method = http_method;
|
|
|
|
|
|
|
|
return 0;
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2005-01-20 12:59:04 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_process_request_msg:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
|
|
|
* @request_msg: the register name identifier request message
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Processes a lib:RegisterNameIdentifierRequest message. Rebuilds a request
|
2005-05-12 20:52:43 +02:00
|
|
|
* object from the message and optionally verifies its signature. Sets
|
|
|
|
* profile->nameIdentifier to local name identifier. If it changed (when this
|
|
|
|
* is IdP-initiated and there was no previously defined local name identifier)
|
|
|
|
* profile->nameIdentifier will be the new one and profile->oldNameIdentiifer
|
|
|
|
* the old one.
|
2005-01-20 12:59:04 +01:00
|
|
|
*
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
**/
|
2004-08-26 17:32:48 +02:00
|
|
|
gint lasso_name_registration_process_request_msg(LassoNameRegistration *name_registration,
|
2004-10-27 11:49:13 +02:00
|
|
|
char *request_msg)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
LassoMessageFormat format;
|
|
|
|
LassoSamlNameIdentifier *nameIdentifier;
|
2005-05-12 20:14:02 +02:00
|
|
|
LassoLibRegisterNameIdentifierRequest *request;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
|
|
|
g_return_val_if_fail(request_msg != NULL,
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
profile = LASSO_PROFILE(name_registration);
|
|
|
|
|
|
|
|
profile->request = lasso_lib_register_name_identifier_request_new();
|
2004-12-28 13:44:22 +01:00
|
|
|
format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg);
|
2004-11-22 14:13:16 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
|
2004-12-14 16:46:25 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request)->ProviderID);
|
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2004-12-14 14:22:00 +01:00
|
|
|
/* verify signatures */
|
|
|
|
profile->signature_status = lasso_provider_verify_signature(
|
|
|
|
remote_provider, request_msg, "RequestID", format);
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_SOAP)
|
|
|
|
profile->http_request_method = LASSO_HTTP_METHOD_SOAP;
|
|
|
|
if (format == LASSO_MESSAGE_FORMAT_QUERY)
|
|
|
|
profile->http_request_method = LASSO_HTTP_METHOD_REDIRECT;
|
|
|
|
|
2005-05-12 20:14:02 +02:00
|
|
|
request = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request);
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
nameIdentifier = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(
|
|
|
|
profile->request)->SPProvidedNameIdentifier;
|
2005-05-12 20:14:02 +02:00
|
|
|
name_registration->oldNameIdentifier = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
|
2005-05-12 20:14:02 +02:00
|
|
|
/* IdP initiated */
|
|
|
|
if (request->SPProvidedNameIdentifier) {
|
|
|
|
profile->nameIdentifier = g_object_ref(request->SPProvidedNameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
} else {
|
2005-05-12 20:45:50 +02:00
|
|
|
profile->nameIdentifier = g_object_ref(request->IDPProvidedNameIdentifier);
|
|
|
|
name_registration->oldNameIdentifier = g_object_ref(
|
|
|
|
request->OldProvidedNameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2005-05-12 20:14:02 +02:00
|
|
|
} else if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
|
|
|
|
/* SP initiated, profile->name */
|
|
|
|
profile->nameIdentifier = g_object_ref(request->IDPProvidedNameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2004-12-14 14:22:00 +01:00
|
|
|
return profile->signature_status;
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2005-01-20 12:59:04 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_process_response_msg:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
|
|
|
* @response_msg: the register name identifier response message
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Processes a lib:RegisterNameIdentifierResponse message. Rebuilds a response
|
|
|
|
* object from the message and optionally verifies its signature.
|
|
|
|
*
|
|
|
|
* If the response depicts Success it will also update Principal federation.
|
|
|
|
*
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
**/
|
2004-09-10 15:19:53 +02:00
|
|
|
gint
|
|
|
|
lasso_name_registration_process_response_msg(LassoNameRegistration *name_registration,
|
2004-10-27 11:49:13 +02:00
|
|
|
char *response_msg)
|
2004-09-10 15:19:53 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
LassoFederation *federation;
|
|
|
|
LassoSamlNameIdentifier *nameIdentifier = NULL;
|
2004-12-31 19:33:23 +01:00
|
|
|
LassoHttpMethod response_method;
|
2007-01-04 00:35:17 +01:00
|
|
|
LassoLibStatusResponse *response;
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoMessageFormat format;
|
|
|
|
int rc;
|
|
|
|
char *statusCodeValue;
|
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
|
|
|
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
profile = LASSO_PROFILE(name_registration);
|
|
|
|
|
|
|
|
/* build register name identifier response from message */
|
|
|
|
profile->response = lasso_lib_register_name_identifier_response_new();
|
2004-12-28 13:44:22 +01:00
|
|
|
format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg);
|
2004-11-22 14:13:16 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
|
2004-12-14 16:46:25 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
if (format == LASSO_MESSAGE_FORMAT_SOAP)
|
|
|
|
response_method = LASSO_HTTP_METHOD_SOAP;
|
|
|
|
if (format == LASSO_MESSAGE_FORMAT_QUERY)
|
|
|
|
response_method = LASSO_HTTP_METHOD_REDIRECT;
|
2007-01-06 23:55:24 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
LASSO_LIB_STATUS_RESPONSE(profile->response)->ProviderID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* verify signature */
|
2004-12-10 01:30:01 +01:00
|
|
|
rc = lasso_provider_verify_signature(remote_provider, response_msg, "ResponseID", format);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2007-01-04 00:35:17 +01:00
|
|
|
response = LASSO_LIB_STATUS_RESPONSE(profile->response);
|
|
|
|
if (response->Status == NULL || response->Status->StatusCode == NULL
|
|
|
|
|| response->Status->StatusCode->Value == NULL) {
|
|
|
|
return critical_error(LASSO_PROFILE_ERROR_MISSING_STATUS_CODE);
|
|
|
|
}
|
|
|
|
statusCodeValue = response->Status->StatusCode->Value;
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_SUCCESS) != 0) {
|
2006-12-28 11:19:46 +01:00
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Status code not success: %s", statusCodeValue);
|
|
|
|
return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Update federation with the nameIdentifier attribute. NameQualifier
|
|
|
|
* is local ProviderID and format is Federated type */
|
|
|
|
if (LASSO_IS_IDENTITY(profile->identity) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
federation = g_hash_table_lookup(profile->identity->federations,
|
|
|
|
profile->remote_providerID);
|
|
|
|
if (LASSO_IS_FEDERATION(federation) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2004-11-25 23:51:39 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
profile->remote_providerID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
|
|
|
|
nameIdentifier = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(
|
|
|
|
profile->request)->IDPProvidedNameIdentifier;
|
|
|
|
}
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
|
|
|
|
nameIdentifier = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(
|
|
|
|
profile->request)->SPProvidedNameIdentifier;
|
|
|
|
}
|
|
|
|
if (nameIdentifier == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Invalid provider role"); /* ??? */
|
|
|
|
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2005-01-01 19:41:17 +01:00
|
|
|
if (federation->local_nameIdentifier)
|
|
|
|
lasso_node_destroy(LASSO_NODE(federation->local_nameIdentifier));
|
|
|
|
federation->local_nameIdentifier = g_object_ref(nameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
profile->identity->is_dirty = TRUE;
|
|
|
|
|
|
|
|
/* set the relay state */
|
|
|
|
profile->msg_relayState = g_strdup(
|
|
|
|
LASSO_LIB_STATUS_RESPONSE(profile->response)->RelayState);
|
|
|
|
|
2004-12-14 14:22:00 +01:00
|
|
|
return rc;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2005-01-20 12:59:04 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_validate_request:
|
|
|
|
* @name_registration: a #LassoNameRegistration
|
|
|
|
*
|
2005-01-20 14:24:04 +01:00
|
|
|
* Checks profile request with regards to message status and principal
|
2008-09-12 17:06:58 +02:00
|
|
|
* federations, update them accordingly and prepares a
|
2005-01-20 12:59:04 +01:00
|
|
|
* lib:RegisterNameIdentifierResponse accordingly.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-20 12:59:04 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
**/
|
2004-10-27 11:49:13 +02:00
|
|
|
gint
|
|
|
|
lasso_name_registration_validate_request(LassoNameRegistration *name_registration)
|
|
|
|
{
|
|
|
|
LassoProfile *profile;
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
LassoFederation *federation;
|
|
|
|
LassoLibRegisterNameIdentifierRequest *request;
|
|
|
|
LassoSamlNameIdentifier *providedNameIdentifier = NULL;
|
|
|
|
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_NAME_REGISTRATION(name_registration),
|
|
|
|
LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
profile = LASSO_PROFILE(name_registration);
|
|
|
|
|
|
|
|
/* verify the register name identifier request */
|
|
|
|
if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request) == FALSE) {
|
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Register Name Identifier request not found");
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
request = LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request);
|
|
|
|
|
|
|
|
/* set the remote provider id from the request */
|
|
|
|
profile->remote_providerID = g_strdup(request->ProviderID);
|
|
|
|
if (profile->remote_providerID == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* set register name identifier response */
|
|
|
|
profile->response = lasso_lib_register_name_identifier_response_new_full(
|
|
|
|
LASSO_PROVIDER(profile->server)->ProviderID,
|
2008-09-12 17:06:58 +02:00
|
|
|
LASSO_SAML_STATUS_CODE_SUCCESS,
|
2004-12-14 14:22:00 +01:00
|
|
|
LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request),
|
2008-09-12 17:06:58 +02:00
|
|
|
profile->server->certificate ?
|
2005-03-07 15:16:16 +01:00
|
|
|
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
|
|
|
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
2004-10-27 11:49:13 +02:00
|
|
|
if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* verify federation */
|
2005-04-23 14:10:26 +02:00
|
|
|
if (profile->identity == NULL) {
|
|
|
|
return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
federation = g_hash_table_lookup(profile->identity->federations,
|
|
|
|
profile->remote_providerID);
|
|
|
|
if (LASSO_IS_FEDERATION(federation) == FALSE) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (request->OldProvidedNameIdentifier == NULL) {
|
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Old provided name identifier not found");
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2005-11-21 19:51:52 +01:00
|
|
|
if (lasso_federation_verify_name_identifier(federation, LASSO_NODE(
|
|
|
|
request->OldProvidedNameIdentifier)) == FALSE) {
|
2004-10-27 11:49:13 +02:00
|
|
|
message(G_LOG_LEVEL_CRITICAL, "No name identifier");
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
profile->remote_providerID);
|
2004-12-13 18:46:29 +01:00
|
|
|
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* update name identifier in federation */
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
|
|
|
|
providedNameIdentifier = request->SPProvidedNameIdentifier;
|
|
|
|
}
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
|
|
|
|
providedNameIdentifier = request->IDPProvidedNameIdentifier;
|
|
|
|
}
|
|
|
|
if (providedNameIdentifier == NULL) {
|
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Sp provided name identifier not found");
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2005-01-01 19:41:17 +01:00
|
|
|
if (federation->remote_nameIdentifier)
|
|
|
|
lasso_node_destroy(LASSO_NODE(federation->remote_nameIdentifier));
|
|
|
|
federation->remote_nameIdentifier = g_object_ref(providedNameIdentifier);
|
2004-10-27 11:49:13 +02:00
|
|
|
profile->identity->is_dirty = TRUE;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
/* private methods */
|
|
|
|
/*****************************************************************************/
|
2004-09-27 18:45:40 +02:00
|
|
|
|
2004-12-10 00:25:26 +01:00
|
|
|
static struct XmlSnippet schema_snippets[] = {
|
2004-12-18 19:36:54 +01:00
|
|
|
{ "OldNameIdentifier", SNIPPET_NODE_IN_CHILD,
|
2009-01-24 10:33:40 +01:00
|
|
|
G_STRUCT_OFFSET(LassoNameRegistration, oldNameIdentifier), NULL, NULL, NULL},
|
|
|
|
{NULL, 0, 0, NULL, NULL, NULL}
|
2004-12-10 00:25:26 +01:00
|
|
|
};
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
static LassoNodeClass *parent_class = NULL;
|
|
|
|
|
|
|
|
static xmlNode*
|
2004-12-19 21:34:22 +01:00
|
|
|
get_xmlNode(LassoNode *node, gboolean lasso_dump)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
|
|
|
xmlNode *xmlnode;
|
2004-09-28 10:20:16 +02:00
|
|
|
|
2004-12-19 21:34:22 +01:00
|
|
|
xmlnode = parent_class->get_xmlNode(node, lasso_dump);
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlSetProp(xmlnode, (xmlChar*)"NameRegistrationDumpVersion", (xmlChar*)"2");
|
2004-09-10 15:19:53 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
return xmlnode;
|
2004-09-10 15:19:53 +02:00
|
|
|
}
|
|
|
|
|
2004-11-09 10:08:47 +01:00
|
|
|
static int
|
2004-10-27 11:49:13 +02:00
|
|
|
init_from_xml(LassoNode *node, xmlNode *xmlnode)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-12-10 00:25:26 +01:00
|
|
|
return parent_class->init_from_xml(node, xmlnode);
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
/* instance and class init functions */
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
|
|
static void
|
2004-10-27 11:49:13 +02:00
|
|
|
instance_init(LassoNameRegistration *name_registration)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
name_registration->oldNameIdentifier = NULL;
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2004-10-27 11:49:13 +02:00
|
|
|
class_init(LassoNameRegistrationClass *klass)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-12-10 00:25:26 +01:00
|
|
|
LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);
|
2004-11-25 23:51:39 +01:00
|
|
|
|
2004-12-10 00:25:26 +01:00
|
|
|
parent_class = g_type_class_peek_parent(klass);
|
|
|
|
nclass->get_xmlNode = get_xmlNode;
|
|
|
|
nclass->init_from_xml = init_from_xml;
|
|
|
|
nclass->node_data = g_new0(LassoNodeClassData, 1);
|
|
|
|
lasso_node_class_set_nodename(nclass, "Login");
|
|
|
|
lasso_node_class_add_snippets(nclass, schema_snippets);
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
GType
|
|
|
|
lasso_name_registration_get_type()
|
|
|
|
{
|
|
|
|
static GType this_type = 0;
|
|
|
|
|
|
|
|
if (!this_type) {
|
|
|
|
static const GTypeInfo this_info = {
|
|
|
|
sizeof (LassoNameRegistrationClass),
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
(GClassInitFunc) class_init,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
sizeof(LassoNameRegistration),
|
|
|
|
0,
|
|
|
|
(GInstanceInitFunc) instance_init,
|
2009-01-24 10:33:40 +01:00
|
|
|
NULL
|
2004-10-27 11:49:13 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
this_type = g_type_register_static(LASSO_TYPE_PROFILE,
|
|
|
|
"LassoNameRegistration", &this_info, 0);
|
|
|
|
}
|
|
|
|
return this_type;
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
|
|
|
|
2004-12-30 16:12:12 +01:00
|
|
|
/**
|
|
|
|
* lasso_name_registration_new:
|
|
|
|
* @server: the #LassoServer
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-12-30 16:12:12 +01:00
|
|
|
* Creates a new #LassoNameRegistration.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-12-30 16:12:12 +01:00
|
|
|
* Return value: a newly created #LassoNameRegistration object; or NULL if
|
|
|
|
* an error occured
|
|
|
|
**/
|
2004-08-26 17:32:48 +02:00
|
|
|
LassoNameRegistration *
|
2004-10-27 11:49:13 +02:00
|
|
|
lasso_name_registration_new(LassoServer *server)
|
2004-08-26 17:32:48 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoNameRegistration *name_registration;
|
2004-08-26 17:32:48 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
|
2004-08-26 17:32:48 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
name_registration = g_object_new(LASSO_TYPE_NAME_REGISTRATION, NULL);
|
2004-12-30 17:47:35 +01:00
|
|
|
LASSO_PROFILE(name_registration)->server = g_object_ref(server);
|
2004-08-26 17:32:48 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
return name_registration;
|
2004-08-26 17:32:48 +02:00
|
|
|
}
|
2004-09-27 18:45:40 +02:00
|
|
|
|
2004-12-30 16:12:12 +01:00
|
|
|
/**
|
|
|
|
* lasso_name_registration_new_from_dump:
|
|
|
|
* @server: the #LassoServer
|
|
|
|
* @dump: XML logout dump
|
|
|
|
*
|
|
|
|
* Restores the @dump to a new #LassoNameRegistration.
|
|
|
|
*
|
|
|
|
* Return value: a newly created #LassoNameRegistration; or NULL if an error
|
|
|
|
* occured
|
|
|
|
**/
|
2004-09-27 18:45:40 +02:00
|
|
|
LassoNameRegistration*
|
2004-10-27 11:49:13 +02:00
|
|
|
lasso_name_registration_new_from_dump(LassoServer *server, const char *dump)
|
2004-09-27 18:45:40 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoNameRegistration *name_registration;
|
|
|
|
xmlDoc *doc;
|
2004-09-27 18:45:40 +02:00
|
|
|
|
2006-12-27 17:06:35 +01:00
|
|
|
if (dump == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
name_registration = lasso_name_registration_new(server);
|
|
|
|
doc = xmlParseMemory(dump, strlen(dump));
|
2008-09-12 17:06:58 +02:00
|
|
|
init_from_xml(LASSO_NODE(name_registration), xmlDocGetRootElement(doc));
|
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
2008-11-04 02:58:49 +01:00
|
|
|
lasso_release_doc(doc);
|
2004-09-27 18:45:40 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
return name_registration;
|
2004-09-27 18:45:40 +02:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_name_registration_dump:
|
2004-12-30 16:12:12 +01:00
|
|
|
* @name_registration: a #LassoNameRegistration
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-12-30 16:12:12 +01:00
|
|
|
* Dumps @name_registration content to an XML string.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-12-30 16:12:12 +01:00
|
|
|
* Return value: the dump string. It must be freed by the caller.
|
2004-10-27 11:49:13 +02:00
|
|
|
**/
|
|
|
|
gchar *
|
|
|
|
lasso_name_registration_dump(LassoNameRegistration *name_registration)
|
|
|
|
{
|
2005-01-01 19:53:30 +01:00
|
|
|
return lasso_node_dump(LASSO_NODE(name_registration));
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|