From 566e29b3f870048a1cb6887bc7449e44a59ebc69 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Sun, 8 Sep 2013 23:53:33 +0200 Subject: [PATCH] saml2/profile.c: add resolving of the endpoint index in artifacts * lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve() for looking up ArtifactResolutionService location; extract endpoint index from artifact and use it to resolve the endpoint location. * login.c: pass new argument ; force msg_url as it is preinitialized by lasso_saml20_profile_init_artifact_resolve() --- lasso/saml-2.0/login.c | 6 +++--- lasso/saml-2.0/profile.c | 22 ++++++++++++++++++---- lasso/saml-2.0/profileprivate.h | 2 +- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index b1b79ddc..ddd773b9 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -940,8 +940,8 @@ gint lasso_saml20_login_init_request(LassoLogin *login, gchar *response_msg, LassoHttpMethod response_http_method) { - return lasso_saml20_profile_init_artifact_resolve( - LASSO_PROFILE(login), response_msg, response_http_method); + return lasso_saml20_profile_init_artifact_resolve(LASSO_PROFILE(login), + LASSO_PROVIDER_ROLE_IDP, response_msg, response_http_method); } @@ -957,7 +957,7 @@ lasso_saml20_login_build_request_msg(LassoLogin *login) lasso_node_remove_signature(profile->request); } return lasso_saml20_profile_build_request_msg(profile, "ArtifactResolutionService", - LASSO_HTTP_METHOD_SOAP, NULL); + LASSO_HTTP_METHOD_SOAP, profile->msg_url); } gint diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index 216216a4..f0381ffd 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -46,6 +46,7 @@ #include "../xml/saml-2.0/samlp2_status_response.h" #include "../xml/saml-2.0/samlp2_response.h" #include "../xml/saml-2.0/saml2_assertion.h" +#include "../xml/saml-2.0/saml2_xsd.h" #include "../xml/misc_text_node.h" #include "../utils.h" #include "../debug.h" @@ -273,7 +274,7 @@ lasso_profile_saml20_build_artifact_post_response_msg(LassoProfile *profile, con int lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile, - const char *msg, LassoHttpMethod method) + LassoProviderRole remote_provider_role, const char *msg, LassoHttpMethod method) { char **query_fields; char *artifact_b64 = NULL; @@ -281,8 +282,10 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile, char *provider_succinct_id[21]; char artifact[45]; LassoSamlp2RequestAbstract *request = NULL; + LassoProvider *remote_provider = NULL; int i = 0; int rc = 0; + unsigned short index_endpoint = 0; if (method == LASSO_HTTP_METHOD_ARTIFACT_GET) { query_fields = urlencoded_to_strings(msg); @@ -313,8 +316,6 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile, return LASSO_PROFILE_ERROR_INVALID_ARTIFACT; } - /* XXX: index endpoint */ - memcpy(provider_succinct_id, artifact+4, 20); provider_succinct_id[20] = 0; @@ -324,9 +325,22 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile, profile->server, (char*)provider_succinct_id_b64)); lasso_release_xml_string(provider_succinct_id_b64); if (profile->remote_providerID == NULL) { - return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID); + return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND; } + /* resolve the resolver url using the endpoint index in the artifact string */ + remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); + index_endpoint = (artifact[2] << 16) + artifact[3]; + lasso_assign_string(profile->msg_url, lasso_saml20_provider_get_endpoint_url(remote_provider, + remote_provider_role, + LASSO_SAML2_METADATA_ELEMENT_ARTIFACT_RESOLUTION_SERVICE, NULL, FALSE, + FALSE, index_endpoint)); + if (! profile->msg_url) { + debug("looking for index endpoint %d", index_endpoint); + return LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND; + } + + lasso_assign_new_gobject(profile->request, lasso_samlp2_artifact_resolve_new()); request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request); lasso_assign_new_string(LASSO_SAMLP2_ARTIFACT_RESOLVE(request)->Artifact, artifact_b64); diff --git a/lasso/saml-2.0/profileprivate.h b/lasso/saml-2.0/profileprivate.h index c5b9047c..ce2479e5 100644 --- a/lasso/saml-2.0/profileprivate.h +++ b/lasso/saml-2.0/profileprivate.h @@ -50,7 +50,7 @@ int lasso_saml20_profile_init_request(LassoProfile *profile, const char *remote_ int lasso_saml20_profile_set_response_status(LassoProfile *profile, const char *code1, const char *code2); int lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile, - const char *msg, LassoHttpMethod method); + LassoProviderRole role, const char *msg, LassoHttpMethod method); int lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char *msg); int lasso_saml20_profile_build_artifact_response(LassoProfile *profile); int lasso_saml20_profile_process_artifact_response(LassoProfile *profile, const char *msg);