entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

SAML 2.0: Fix many leaks 

* lasso/saml-2.0/login.c:
 * lasso/saml-2.0/logout.c:
 * lasso/saml-2.0/name_id_management.c:
 * lasso/saml-2.0/profile.c:
 * lasso/saml-2.0/provider.c:
   do not mix g_malloc strings with libxml strings, use the
   string/gobject handling macros as much as possible, be a good memory
   citizen, don't put your elbows on the table.
This commit is contained in:
Benjamin Dauvergne 2009-04-30 14:58:11 +00:00
parent e57e1efc21
commit c5f5f84329
5 changed files with 194 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
lasso/saml-2.0/login.c
View File

@ -89,7 +89,7 @@ lasso_saml20_login_init_authn_request(LassoLogin *login, LassoHttpMethod http_me
login->http_method = http_method;
profile->request = lasso_samlp2_authn_request_new();
lasso_assign_new_gobject(profile->request, lasso_samlp2_authn_request_new());
if (profile->request == NULL) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
}
@ -97,17 +97,17 @@ lasso_saml20_login_init_authn_request(LassoLogin *login, LassoHttpMethod http_me
request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request);
request->ID = lasso_build_unique_id(32);
lasso_assign_string(login->private_data->request_id, request->ID);
request->Version = g_strdup("2.0");
lasso_assign_string(request->Version, "2.0");
request->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
request->IssueInstant = lasso_get_current_time();
LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy = LASSO_SAMLP2_NAME_ID_POLICY(
lasso_samlp2_name_id_policy_new());
LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy->Format =
g_strdup(LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT);
LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy->SPNameQualifier =
g_strdup(request->Issuer->content);
lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy,
LASSO_SAMLP2_NAME_ID_POLICY( lasso_samlp2_name_id_policy_new()));
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT);
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(request)->NameIDPolicy->SPNameQualifier,
request->Issuer->content);
if (http_method != LASSO_HTTP_METHOD_REDIRECT) {
@ -136,23 +136,28 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login, LassoProvider *rem
must_sign = (md_authnRequestsSigned && strcmp(md_authnRequestsSigned, "true") == 0);
g_free(md_authnRequestsSigned);
if (! lasso_flag_sign_messages && must_sign) {
message(G_LOG_LEVEL_WARNING, "AuthnRequest message should normally be signed but \"no-sign-messages\" option is activated");
}
if (login->http_method == LASSO_HTTP_METHOD_REDIRECT) {
return lasso_saml20_build_http_redirect_query_simple(profile, profile->request,
must_sign, "SingleSignOnService", FALSE);
} else {
/* POST, SOAP and Artifact-GET|POST */
if (must_sign) {
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file =
g_strdup(profile->server->private_key);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file =
g_strdup(profile->server->certificate);
if (must_sign && lasso_flag_sign_messages) {
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file,
profile->server->private_key);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file,
profile->server->certificate);
}
if (login->http_method == LASSO_HTTP_METHOD_POST) {
char *lareq = lasso_node_export_to_base64(profile->request);
profile->msg_url = lasso_provider_get_metadata_one(
remote_provider, "SingleSignOnService HTTP-POST");
profile->msg_body = lareq;
lasso_assign_new_string(profile->msg_url,
lasso_provider_get_metadata_one(remote_provider,
"SingleSignOnService HTTP-POST"));
lasso_assign_new_string(profile->msg_body,
lasso_node_export_to_base64(profile->request));
} else if (login->http_method == LASSO_HTTP_METHOD_SOAP) {
const char *issuer;
const char *responseConsumerURL;
@ -161,10 +166,11 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login, LassoProvider *rem
responseConsumerURL = \
lasso_saml20_login_get_assertion_consumer_service_url(
login, LASSO_PROVIDER(profile->server));
profile->msg_url = NULL;
profile->msg_body = lasso_node_export_to_paos_request(profile->request,
lasso_release_string(profile->msg_url);
lasso_assign_new_string(profile->msg_body,
lasso_node_export_to_paos_request(profile->request,
issuer, responseConsumerURL,
profile->msg_relayState);
profile->msg_relayState));
} else {
/* artifact method */
char *artifact = lasso_saml20_profile_generate_artifact(profile, 0);
@ -179,7 +185,8 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login, LassoProvider *rem
} else {
query = lasso_url_add_parameters(NULL, 0, "SAMLart", artifact, NULL);
}
profile->msg_url = lasso_concat_url_query(url, query);
lasso_assign_new_string(profile->msg_url,
lasso_concat_url_query(url, query));
lasso_release_string(query);
lasso_release_string(url);
} else {
@ -223,8 +230,8 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
authn_request = LASSO_SAMLP2_AUTHN_REQUEST(request);
profile->request = request;
profile->remote_providerID = g_strdup(
lasso_assign_new_gobject(profile->request, request);
lasso_assign_string(profile->remote_providerID,
LASSO_SAMLP2_REQUEST_ABSTRACT(request)->Issuer->content);
protocol_binding = authn_request->ProtocolBinding;
@ -261,6 +268,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
} else if (strcmp(binding, "PAOS") == 0) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
}
lasso_release_string(binding);
} else if (strcmp(protocol_binding, LASSO_SAML2_METADATA_BINDING_ARTIFACT) == 0) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART;
} else if (strcmp(protocol_binding, LASSO_SAML2_METADATA_BINDING_POST) == 0) {
@ -278,14 +286,14 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
/* XXX: checks authn request signature */
profile->response = lasso_samlp2_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_response_new());
response = LASSO_SAMLP2_STATUS_RESPONSE(profile->response);
response->ID = lasso_build_unique_id(32);
response->Version = g_strdup("2.0");
lasso_assign_string(response->Version, "2.0");
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
response->IssueInstant = lasso_get_current_time();
response->InResponseTo = g_strdup(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
lasso_assign_string(response->InResponseTo, LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
/* XXX: adds signature */
return 0;
@ -540,10 +548,7 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
name_id_policy_format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT;
}
if (login->nameIDPolicy) {
g_free(login->nameIDPolicy);
}
login->nameIDPolicy = g_strdup(name_id_policy_format);
lasso_assign_string(login->nameIDPolicy, name_id_policy_format);
if (name_id_policy_format && strcmp(name_id_policy_format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) == 0) {
@ -580,10 +585,10 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
}
if (federation && LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy == NULL) {
LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy = \
LASSO_SAMLP2_NAME_ID_POLICY(lasso_samlp2_name_id_policy_new());
LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy->Format =
g_strdup(LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy,
LASSO_SAMLP2_NAME_ID_POLICY(lasso_samlp2_name_id_policy_new()));
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT);
}
if (lasso_saml20_login_must_ask_for_consent_private(login) && !is_consent_obtained) {
@ -596,12 +601,12 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
LASSO_PROVIDER(profile->server)->ProviderID,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
NULL);
LASSO_SAML2_NAME_ID(federation->local_nameIdentifier)->SPNameQualifier = g_strdup(
lasso_assign_string(LASSO_SAML2_NAME_ID(federation->local_nameIdentifier)->SPNameQualifier,
name_id_sp_name_qualifier);
lasso_identity_add_federation(profile->identity, federation);
}
profile->nameIdentifier = g_object_ref(federation->local_nameIdentifier);
lasso_assign_gobject(profile->nameIdentifier, federation->local_nameIdentifier);
return 0;
}
@ -768,7 +773,7 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
assertion = LASSO_SAML2_ASSERTION(lasso_saml2_assertion_new());
assertion->ID = lasso_build_unique_id(32);
assertion->Version = g_strdup("2.0");
lasso_assign_string(assertion->Version, "2.0");
assertion->IssueInstant = lasso_get_current_time();
assertion->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
@ -776,8 +781,8 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
audience_restriction = LASSO_SAML2_AUDIENCE_RESTRICTION(
lasso_saml2_audience_restriction_new());
audience_restriction->Audience = g_strdup(profile->remote_providerID);
assertion->Conditions->AudienceRestriction = g_list_append(NULL, audience_restriction);
lasso_assign_string(audience_restriction->Audience, profile->remote_providerID);
lasso_list_add_new_gobject(assertion->Conditions->AudienceRestriction, audience_restriction);
name_id_policy = LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy;
assertion->Subject = LASSO_SAML2_SUBJECT(lasso_saml2_subject_new());
@ -811,9 +816,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED) == 0)) {
/* caller must set the name identifier content afterwards */
name_id = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new());
name_id->NameQualifier = g_strdup(
lasso_assign_string(name_id->NameQualifier,
LASSO_PROVIDER(profile->server)->ProviderID);
name_id->Format = g_strdup(name_id_policy->Format);
lasso_assign_string(name_id->Format, name_id_policy->Format);
assertion->Subject->NameID = name_id;
} else if (federation == NULL ||
(name_id_policy && strcmp(name_id_policy->Format,
@ -821,9 +826,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
/* transient -> don't use a federation */
name_id = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
lasso_build_unique_id(32)));
name_id->NameQualifier = g_strdup(
lasso_assign_string(name_id->NameQualifier,
LASSO_PROVIDER(profile->server)->ProviderID);
name_id->Format = g_strdup(LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT);
lasso_assign_string(name_id->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT);
assertion->Subject->NameID = name_id;
} else {
if (provider && name_id_policy && strcmp(name_id_policy->Format,
@ -895,9 +900,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
LASSO_NODE(assertion));
response = LASSO_SAMLP2_RESPONSE(profile->response);
response->Assertion = g_list_append(NULL, assertion);
lasso_list_add_new_gobject(response->Assertion, assertion);
login->private_data->saml2_assertion = g_object_ref(assertion);
lasso_assign_gobject(login->private_data->saml2_assertion, assertion);
return 0;
}
@ -934,7 +939,7 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
}
artifact = lasso_saml20_profile_generate_artifact(profile, 1);
login->assertionArtifact = g_strdup(artifact);
lasso_assign_string(login->assertionArtifact, artifact);
if (http_method == LASSO_HTTP_METHOD_ARTIFACT_GET) {
gchar *query;
@ -944,7 +949,7 @@ lasso_saml20_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_me
} else {
query = lasso_url_add_parameters(NULL, 0, "SAMLart", artifact, NULL);
}
profile->msg_url = lasso_concat_url_query(url, query);
lasso_assign_new_string(profile->msg_url, lasso_concat_url_query(url, query));
lasso_release_string(query);
} else {
/* XXX: ARTIFACT POST */
@ -990,19 +995,19 @@ lasso_saml20_login_build_request_msg(LassoLogin *login)
profile = LASSO_PROFILE(login);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file =
g_strdup(profile->server->private_key);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file =
g_strdup(profile->server->certificate);
profile->msg_body = lasso_node_export_to_soap(profile->request);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file,
profile->server->private_key);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file,
profile->server->certificate);
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->request));
remote_provider = g_hash_table_lookup(profile->server->providers,
profile->remote_providerID);
if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
}
profile->msg_url = lasso_provider_get_metadata_one(remote_provider,
"ArtifactResolutionService SOAP");
lasso_assign_new_string(profile->msg_url, lasso_provider_get_metadata_one(remote_provider,
"ArtifactResolutionService SOAP"));
return 0;
}
@ -1017,7 +1022,7 @@ lasso_saml20_login_process_request_msg(LassoLogin *login, gchar *request_msg)
return rc;
}
/* compat with liberty id-ff code */
login->assertionArtifact = lasso_profile_get_artifact(profile);
lasso_assign_new_string(login->assertionArtifact, lasso_profile_get_artifact(profile));
return 0;
}
@ -1041,10 +1046,10 @@ lasso_saml20_login_build_response_msg(LassoLogin *login)
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->sign_method =
LASSO_SIGNATURE_METHOD_RSA_SHA1;
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file =
g_strdup(profile->server->private_key);
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file =
g_strdup(profile->server->certificate);
lasso_assign_string(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file,
profile->server->private_key);
lasso_assign_string(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file,
profile->server->certificate);
remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers,
LASSO_PROFILE(login)->remote_providerID);
@ -1061,8 +1066,8 @@ lasso_saml20_login_build_response_msg(LassoLogin *login)
}
/* build an ECP SOAP Response */
profile->msg_body = lasso_node_export_to_ecp_soap_response(
LASSO_NODE(profile->response), assertionConsumerURL);
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_ecp_soap_response(
LASSO_NODE(profile->response), assertionConsumerURL));
return 0;
}
@ -1105,14 +1110,16 @@ lasso_saml20_login_process_authn_response_msg(LassoLogin *login, gchar *authn_re
{
LassoProfile *profile = NULL;
int rc1, rc2, message_signature_status;
LassoSamlp2Response *samlp2_response = NULL;
lasso_bad_param(LOGIN, login);
lasso_null_param(authn_response_msg);
/* parse the message */
profile = LASSO_PROFILE(login);
samlp2_response = (LassoSamlp2Response*)lasso_samlp2_response_new();
rc1 = lasso_saml20_profile_process_any_response(profile,
(LassoSamlp2StatusResponse*)lasso_samlp2_response_new(),
(LassoSamlp2StatusResponse*)samlp2_response,
authn_response_msg);
message_signature_status = profile->signature_status;
@ -1120,6 +1127,7 @@ lasso_saml20_login_process_authn_response_msg(LassoLogin *login, gchar *authn_re
rc2 = lasso_saml20_login_process_response_status_and_assertion(login);
/** The more important signature errors */
lasso_release_gobject(samlp2_response);
if (message_signature_status) {
message(G_LOG_LEVEL_WARNING, "Validation of the AuthnResponse message signature failed: %s", lasso_strerror(message_signature_status));
}
@ -1486,18 +1494,18 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login)
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->sign_method =
LASSO_SIGNATURE_METHOD_RSA_SHA1;
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file =
g_strdup(profile->server->private_key);
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file =
g_strdup(profile->server->certificate);
lasso_assign_string(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->private_key_file,
profile->server->private_key);
lasso_assign_string(LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->certificate_file,
profile->server->certificate);
remote_provider = g_hash_table_lookup(profile->server->providers,
profile->remote_providerID);
if (LASSO_IS_PROVIDER(remote_provider) == FALSE)
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
profile->msg_url = lasso_saml20_login_get_assertion_consumer_service_url(
login, remote_provider);
lasso_assign_new_string(profile->msg_url, lasso_saml20_login_get_assertion_consumer_service_url(
login, remote_provider));
if (profile->msg_url == NULL) {
return LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL;
}
@ -1511,16 +1519,12 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login)
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) {
/* build an lib:AuthnResponse base64 encoded */
profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response));
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_base64(LASSO_NODE(profile->response)));
} else {
int rc;
char *url;
url = profile->msg_url;
lasso_release_string(profile->msg_url);
rc = lasso_saml20_profile_build_http_redirect(profile, profile->response, 1, profile->msg_url);
if (profile->msg_url != url) {
lasso_release(url);
}
if (rc != 0) {
return rc;
}
@ -1574,12 +1578,9 @@ lasso_saml20_login_init_idp_initiated_authn_request(LassoLogin *login,
if (rc)
return rc;
g_free(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID = NULL;
g_free(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer->content);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer->content =
g_strdup(remote_providerID);
lasso_release_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer->content,
remote_providerID);
return 0;
}

140
lasso/saml-2.0/logout.c
View File

@ -102,13 +102,13 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
return critical_error(LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND);
}
if (federation->local_nameIdentifier) {
profile->nameIdentifier = g_object_ref(federation->local_nameIdentifier);
lasso_assign_gobject(profile->nameIdentifier, federation->local_nameIdentifier);
} else {
profile->nameIdentifier = g_object_ref(name_id_n);
lasso_assign_gobject(profile->nameIdentifier, name_id_n);
}
} else {
profile->nameIdentifier = g_object_ref(name_id);
lasso_assign_gobject(profile->nameIdentifier, name_id);
}
if (http_method == LASSO_HTTP_METHOD_ANY) {
@ -130,8 +130,7 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
lasso_session_remove_assertion(profile->session,
profile->remote_providerID);
if (logout->initial_remote_providerID && logout->initial_request) {
g_free(profile->remote_providerID);
profile->remote_providerID = g_strdup(
lasso_assign_string(profile->remote_providerID,
logout->initial_remote_providerID);
/* XXX: create response
profile->response = lasso_lib_logout_response_new_full(
@ -147,21 +146,16 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
}
}
/* free profile->request if it was already set */
if (LASSO_IS_NODE(profile->request)) {
lasso_node_destroy(profile->request);
profile->request = NULL;
}
profile->request = lasso_samlp2_logout_request_new();
lasso_assign_new_gobject(profile->request, lasso_samlp2_logout_request_new());
request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request);
request->ID = lasso_build_unique_id(32);
request->Version = g_strdup("2.0");
request->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
request->IssueInstant = lasso_get_current_time();
lasso_assign_new_string(request->ID, lasso_build_unique_id(32));
lasso_assign_string(request->Version, "2.0");
lasso_assign_new_gobject(request->Issuer,
LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID)));
lasso_assign_new_string(request->IssueInstant, lasso_get_current_time());
LASSO_SAMLP2_LOGOUT_REQUEST(request)->NameID = g_object_ref(profile->nameIdentifier);
lasso_assign_gobject(LASSO_SAMLP2_LOGOUT_REQUEST(request)->NameID, profile->nameIdentifier);
/* Encrypt NameID */
if (remote_provider &&
@ -172,8 +166,8 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
remote_provider->private_data->encryption_public_key,
remote_provider->private_data->encryption_sym_key_type));
if (encrypted_element != NULL) {
LASSO_SAMLP2_LOGOUT_REQUEST(request)->EncryptedID = encrypted_element;
LASSO_SAMLP2_LOGOUT_REQUEST(request)->NameID = NULL;
lasso_assign_new_gobject(LASSO_SAMLP2_LOGOUT_REQUEST(request)->EncryptedID, encrypted_element);
lasso_release_gobject(LASSO_SAMLP2_LOGOUT_REQUEST(request)->NameID)
}
}
@ -197,17 +191,17 @@ lasso_saml20_logout_build_request_msg(LassoLogout *logout, LassoProvider *remote
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->sign_type =
LASSO_SIGNATURE_TYPE_SIMPLE;
}
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file =
g_strdup(profile->server->private_key);
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file =
g_strdup(profile->server->certificate);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->private_key_file,
profile->server->private_key);
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->certificate_file,
profile->server->certificate);
if (logout->initial_http_request_method == LASSO_HTTP_METHOD_SOAP) {
profile->msg_url = lasso_provider_get_metadata_one(remote_provider,
"SingleLogoutService SOAP");
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Destination = g_strdup(
lasso_assign_new_string(profile->msg_url,
lasso_provider_get_metadata_one(remote_provider, "SingleLogoutService SOAP"));
lasso_assign_string(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Destination,
profile->msg_url);
profile->msg_body = lasso_node_export_to_soap(profile->request);
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->request));
return 0;
}
if (logout->initial_http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
@ -231,7 +225,8 @@ lasso_saml20_logout_process_request_msg(LassoLogout *logout, char *request_msg)
lasso_null_param(request_msg);
profile = LASSO_PROFILE(logout);
rc1 = lasso_saml20_profile_process_any_request(profile, lasso_samlp2_logout_request_new(),
logout_request = (LassoSamlp2LogoutRequest*) lasso_samlp2_logout_request_new();
rc1 = lasso_saml20_profile_process_any_request(profile, (LassoNode*)logout_request,
request_msg);
logout_request = (LassoSamlp2LogoutRequest*)profile->request;
@ -244,6 +239,7 @@ lasso_saml20_logout_process_request_msg(LassoLogout *logout, char *request_msg)
&logout_request->EncryptedID);
lasso_release_gobject(logout_request);
if (profile->signature_status) {
return profile->signature_status;
}
@ -268,11 +264,7 @@ lasso_saml20_logout_validate_request(LassoLogout *logout)
if (LASSO_IS_SAMLP2_LOGOUT_REQUEST(profile->request) == FALSE)
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
if (profile->remote_providerID) {
g_free(profile->remote_providerID);
}
profile->remote_providerID = g_strdup(
lasso_assign_string(profile->remote_providerID,
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer->content);
/* get the provider */
@ -282,18 +274,16 @@ lasso_saml20_logout_validate_request(LassoLogout *logout)
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
}
if (profile->response) {
lasso_node_destroy(profile->response);
}
profile->response = lasso_samlp2_logout_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_logout_response_new());
response = LASSO_SAMLP2_STATUS_RESPONSE(profile->response);
response->ID = lasso_build_unique_id(32);
response->Version = g_strdup("2.0");
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
response->IssueInstant = lasso_get_current_time();
response->InResponseTo = g_strdup(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
lasso_assign_new_string(response->ID, lasso_build_unique_id(32));
lasso_assign_string(response->Version, "2.0");
lasso_assign_new_gobject(response->Issuer,
LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID)));
lasso_assign_new_string(response->IssueInstant, lasso_get_current_time());
lasso_assign_string(response->InResponseTo,
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
@ -401,13 +391,10 @@ lasso_saml20_logout_validate_request(LassoLogout *logout)
*/
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP &&
g_hash_table_size(profile->session->assertions) >= 1) {
logout->initial_remote_providerID = profile->remote_providerID;
logout->initial_request = LASSO_NODE(profile->request);
logout->initial_response = LASSO_NODE(profile->response);
profile->remote_providerID = NULL;
profile->request = NULL;
profile->response = NULL;
lasso_transfer_string(logout->initial_remote_providerID,
profile->remote_providerID);
lasso_transfer_gobject(logout->initial_request, profile->request);
lasso_transfer_gobject(logout->initial_response, profile->response);
}
return 0;
@ -449,15 +436,15 @@ lasso_saml20_logout_build_response_msg(LassoLogout *logout)
if (profile->response == NULL) {
/* no response set here means request denied */
profile->response = lasso_samlp2_logout_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_logout_response_new());
response = LASSO_SAMLP2_STATUS_RESPONSE(profile->response);
response->ID = lasso_build_unique_id(32);
response->Version = g_strdup("2.0");
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
response->IssueInstant = lasso_get_current_time();
lasso_assign_new_string(response->ID, lasso_build_unique_id(32));
lasso_assign_string(response->Version, "2.0");
lasso_assign_new_gobject(response->Issuer, LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID)));
lasso_assign_new_string(response->IssueInstant, lasso_get_current_time());
if (profile->request) {
response->InResponseTo = g_strdup(
lasso_assign_string(response->InResponseTo,
LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
}
lasso_saml20_profile_set_response_status(profile,
@ -469,8 +456,8 @@ lasso_saml20_logout_build_response_msg(LassoLogout *logout)
} else {
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
}
response->private_key_file = g_strdup(profile->server->private_key);
response->certificate_file = g_strdup(profile->server->certificate);
lasso_assign_string(response->private_key_file, profile->server->private_key);
lasso_assign_string(response->certificate_file, profile->server->certificate);
}
if (profile->remote_providerID == NULL || profile->response == NULL) {
@ -482,8 +469,8 @@ lasso_saml20_logout_build_response_msg(LassoLogout *logout)
/* build logout response message */
if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
profile->msg_url = NULL;
profile->msg_body = lasso_node_export_to_soap(profile->response);
lasso_release_string(profile->msg_url);
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->response));
return 0;
}
@ -505,12 +492,7 @@ lasso_saml20_logout_process_response_msg(LassoLogout *logout, const char *respon
char *status_code_value = NULL;
int rc;
if (LASSO_IS_SAMLP2_LOGOUT_RESPONSE(profile->response) == TRUE) {
lasso_node_destroy(profile->response);
profile->response = NULL;
}
profile->response = lasso_samlp2_logout_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_logout_response_new());
format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg);
switch (format) {
@ -524,7 +506,7 @@ lasso_saml20_logout_process_response_msg(LassoLogout *logout, const char *respon
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
profile->remote_providerID = g_strdup(
lasso_assign_string(profile->remote_providerID,
LASSO_SAMLP2_STATUS_RESPONSE(profile->response)->Issuer->content);
/* get the provider */
@ -597,20 +579,10 @@ lasso_saml20_logout_process_response_msg(LassoLogout *logout, const char *respon
remote_provider = g_hash_table_lookup(profile->server->providers,
logout->initial_remote_providerID);
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
if (profile->remote_providerID != NULL)
g_free(profile->remote_providerID);
if (profile->request != NULL)
lasso_node_destroy(LASSO_NODE(profile->request));
if (profile->response != NULL)
lasso_node_destroy(LASSO_NODE(profile->response));
profile->remote_providerID = logout->initial_remote_providerID;
profile->request = logout->initial_request;
profile->response = logout->initial_response;
logout->initial_remote_providerID = NULL;
logout->initial_request = NULL;
logout->initial_response = NULL;
lasso_transfer_string(profile->remote_providerID,
logout->initial_remote_providerID);
lasso_transfer_gobject(profile->request, logout->initial_request);
lasso_transfer_gobject(profile->response, logout->initial_response);
}
}

8
lasso/saml-2.0/name_id_management.c
View File

@ -133,19 +133,20 @@ lasso_name_id_management_process_request_msg(LassoNameIdManagement *name_id_mana
/* Parsing */
profile = LASSO_PROFILE(name_id_management);
request = (LassoSamlp2ManageNameIDRequest*)lasso_samlp2_manage_name_id_request_new();
rc1 = lasso_saml20_profile_process_any_request(profile,
lasso_samlp2_manage_name_id_request_new(),
(LassoNode*)request,
request_msg);
if (! LASSO_IS_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request)) {
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
}
request = LASSO_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request);
/* NameID treatment */
rc2 = lasso_saml20_profile_process_name_identifier_decryption(profile,
&request->NameID, &request->EncryptedID);
lasso_release_gobject(request);
if (profile->signature_status) {
return profile->signature_status;
}
@ -429,6 +430,7 @@ lasso_name_id_management_new(LassoServer *server)
g_return_val_if_fail(LASSO_IS_SERVER(server), NULL);
name_id_management = g_object_new(LASSO_TYPE_NAME_ID_MANAGEMENT, NULL);
/* fresh object dont need to check previous value */
LASSO_PROFILE(name_id_management)->server = g_object_ref(server);
return name_id_management;
@ -464,7 +466,7 @@ lasso_name_id_management_new_from_dump(LassoServer *server, const char *dump)
if (dump == NULL)
return NULL;
name_id_management = lasso_name_id_management_new(g_object_ref(server));
name_id_management = lasso_name_id_management_new(server);
doc = lasso_xml_parse_memory(dump, strlen(dump));
lasso_node_init_from_xml(LASSO_NODE(name_id_management), xmlDocGetRootElement(doc));
lasso_release_doc(doc);

94
lasso/saml-2.0/profile.c
View File

@ -116,12 +116,12 @@ get_response_url(LassoProvider *provider, char *service, char *binding)
char*
lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part)
{
profile->private_data->artifact = lasso_saml20_profile_build_artifact(
LASSO_PROVIDER(profile->server));
lasso_assign_new_string(profile->private_data->artifact,
lasso_saml20_profile_build_artifact(LASSO_PROVIDER(profile->server)));
if (part == 0) {
profile->private_data->artifact_message = lasso_node_dump(profile->request);
lasso_assign_new_string(profile->private_data->artifact_message, lasso_node_dump(profile->request));
} else if (part == 1) {
profile->private_data->artifact_message = lasso_node_dump(profile->response);
lasso_assign_new_string(profile->private_data->artifact_message, lasso_node_dump(profile->response));
} else {
/* XXX: RequestDenied here? */
}
@ -212,23 +212,22 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
const char *msg, LassoHttpMethod method)
{
char **query_fields;
char *artifact_b64 = NULL, *provider_succinct_id_b64;
char provider_succinct_id[21];
char *artifact_b64 = NULL;
xmlChar *provider_succinct_id_b64 = NULL;
char *provider_succinct_id[21];
char artifact[45];
LassoSamlp2RequestAbstract *request;
int i;
LassoSamlp2RequestAbstract *request = NULL;
int i = 0;
if (method == LASSO_HTTP_METHOD_ARTIFACT_GET) {
query_fields = urlencoded_to_strings(msg);
for (i=0; query_fields[i]; i++) {
if (strncmp(query_fields[i], "SAMLart=", 8) != 0) {
xmlFree(query_fields[i]);
continue;
if (strncmp((char*)query_fields[i], "SAMLart=", 8) == 0) {
lasso_assign_string(artifact_b64, query_fields[i]+8);
}
artifact_b64 = g_strdup(query_fields[i]+8);
xmlFree(query_fields[i]);
}
g_free(query_fields);
lasso_release(query_fields);
if (artifact_b64 == NULL) {
return LASSO_PROFILE_ERROR_MISSING_ARTIFACT;
}
@ -240,12 +239,12 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 45);
if (i < 0 || i > 44) {
g_free(artifact_b64);
lasso_release_string(artifact_b64);
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
}
if (artifact[0] != 0 || artifact[1] != 4) { /* wrong type code */
g_free(artifact_b64);
lasso_release_string(artifact_b64);
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
}
@ -254,23 +253,20 @@ lasso_saml20_profile_init_artifact_resolve(LassoProfile *profile,
memcpy(provider_succinct_id, artifact+4, 20);
provider_succinct_id[20] = 0;
provider_succinct_id_b64 = (char*)xmlSecBase64Encode((xmlChar*)provider_succinct_id, 20, 0);
provider_succinct_id_b64 = xmlSecBase64Encode((xmlChar*)provider_succinct_id, 20, 0);
profile->remote_providerID = lasso_server_get_providerID_from_hash(
profile->server, provider_succinct_id_b64);
xmlFree(provider_succinct_id_b64);
lasso_assign_new_string(profile->remote_providerID, lasso_server_get_providerID_from_hash(
profile->server, (char*)provider_succinct_id_b64));
lasso_release_xml_string(provider_succinct_id_b64);
if (profile->remote_providerID == NULL) {
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
}
if (profile->request) {
lasso_node_destroy(profile->request);
}
profile->request = lasso_samlp2_artifact_resolve_new();
lasso_assign_new_gobject(profile->request, lasso_samlp2_artifact_resolve_new());
request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request);
LASSO_SAMLP2_ARTIFACT_RESOLVE(request)->Artifact = artifact_b64;
lasso_assign_new_string(LASSO_SAMLP2_ARTIFACT_RESOLVE(request)->Artifact, artifact_b64);
request->ID = lasso_build_unique_id(32);
request->Version = g_strdup("2.0");
lasso_assign_string(request->Version, "2.0");
request->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
request->IssueInstant = lasso_get_current_time();
@ -292,11 +288,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
LassoProvider *remote_provider;
int rc;
if (profile->request) {
lasso_node_destroy(profile->request);
}
profile->request = lasso_node_new_from_soap(msg);
lasso_assign_new_gobject(profile->request, lasso_node_new_from_soap(msg));
if (profile->request == NULL) {
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
@ -304,14 +296,14 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
profile->remote_providerID = g_strdup(LASSO_SAMLP2_REQUEST_ABSTRACT(
lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT(
profile->request)->Issuer->content);
remote_provider = g_hash_table_lookup(profile->server->providers,
profile->remote_providerID);
rc = lasso_provider_verify_signature(remote_provider, msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
profile->private_data->artifact = g_strdup(
lasso_assign_string(profile->private_data->artifact,
LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
return rc;
@ -327,32 +319,32 @@ lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
response = LASSO_SAMLP2_STATUS_RESPONSE(lasso_samlp2_artifact_response_new());
if (profile->private_data->artifact_message) {
resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any = resp;
lasso_assign_new_gobject(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any, resp);
}
response->ID = lasso_build_unique_id(32);
response->Version = g_strdup("2.0");
lasso_assign_string(response->Version, "2.0");
response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID));
response->IssueInstant = lasso_get_current_time();
response->InResponseTo = g_strdup(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
lasso_assign_string(response->InResponseTo, LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID);
response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
if (profile->server->certificate) {
response->sign_type = LASSO_SIGNATURE_TYPE_WITHX509;
} else {
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
}
response->private_key_file = g_strdup(profile->server->private_key);
response->certificate_file = g_strdup(profile->server->certificate);
profile->response = LASSO_NODE(response);
lasso_assign_string(response->private_key_file, profile->server->private_key);
lasso_assign_string(response->certificate_file, profile->server->certificate);
lasso_assign_new_gobject(profile->response, LASSO_NODE(response));
if (resp == NULL) {
lasso_saml20_profile_set_response_status(profile,
LASSO_SAML2_STATUS_CODE_REQUESTER);
} else {
lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
lasso_saml20_profile_set_response_status(profile,
LASSO_SAML2_STATUS_CODE_SUCCESS);
}
profile->msg_body = lasso_node_export_to_soap(profile->response);
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->response));
return 0;
}
@ -366,17 +358,17 @@ lasso_saml20_profile_process_artifact_response(LassoProfile *profile, const char
response = lasso_node_new_from_soap(msg);
if (!LASSO_IS_SAMLP2_ARTIFACT_RESPONSE(response)) {
profile->response = lasso_samlp2_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_response_new());
return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
}
artifact_response = LASSO_SAMLP2_ARTIFACT_RESPONSE(response);
if (artifact_response->any == NULL) {
profile->response = lasso_samlp2_response_new();
lasso_assign_new_gobject(profile->response, lasso_samlp2_response_new());
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
}
profile->response = g_object_ref(artifact_response->any);
lasso_node_destroy(response);
lasso_assign_gobject(profile->response, artifact_response->any);
lasso_release_gobject(response);
return 0;
}
@ -416,10 +408,9 @@ lasso_saml20_profile_set_session_from_dump_decrypt(G_GNUC_UNUSED gpointer key,
}
if (assertion->Subject != NULL && assertion->Subject->EncryptedID != NULL) {
assertion->Subject->NameID = g_object_ref(
lasso_assign_gobject(assertion->Subject->NameID,
assertion->Subject->EncryptedID->original_data);
g_object_unref(assertion->Subject->EncryptedID);
assertion->Subject->EncryptedID = NULL;
lasso_release_gobject(assertion->Subject->EncryptedID);
}
}
@ -595,7 +586,7 @@ lasso_saml20_profile_process_soap_request(LassoProfile *profile,
lasso_bad_param(PROFILE, profile);
profile->signature_status = 0;
profile->request = lasso_node_new_from_soap(request_msg);
lasso_assign_new_gobject(profile->request, lasso_node_new_from_soap(request_msg));
profile->http_request_method = LASSO_HTTP_METHOD_SOAP;
lasso_extract_node_or_fail(request_abstract, profile->request, SAMLP2_REQUEST_ABSTRACT,
LASSO_PROFILE_ERROR_INVALID_MSG);
@ -700,7 +691,7 @@ lasso_saml20_init_request(LassoProfile *profile,
/* initialize request fields */
lasso_assign_new_string(request_abstract->ID, lasso_build_unique_id(32));
lasso_assign_string(request_abstract->Version, "2.0");
lasso_assign_gobject(request_abstract->Issuer,
lasso_assign_new_gobject(request_abstract->Issuer,
LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
LASSO_PROVIDER(profile->server)->ProviderID)));
lasso_assign_new_string(request_abstract->IssueInstant, lasso_get_current_time());
@ -1260,6 +1251,7 @@ lasso_saml20_profile_process_any_response(LassoProfile *profile,
}
cleanup:
lasso_release_doc(doc);
if (rc == LASSO_PROFILE_ERROR_MISSING_STATUS_CODE) {
message(G_LOG_LEVEL_CRITICAL,
"Status Code is missing in a SAML 2.0 protocol response");
@ -1288,7 +1280,7 @@ lasso_saml20_profile_process_soap_response(LassoProfile *profile,
lasso_null_param(response_msg);
profile->signature_status = 0;
profile->response = lasso_node_new_from_soap(response_msg);
lasso_assign_new_gobject(profile->response, lasso_node_new_from_soap(response_msg));
lasso_extract_node_or_fail(response_abstract, profile->response, SAMLP2_STATUS_RESPONSE,
LASSO_PROFILE_ERROR_INVALID_MSG);
lasso_extract_node_or_fail(server, profile->server, SERVER,

15
lasso/saml-2.0/provider.c
View File

@ -27,6 +27,7 @@
#include <lasso/saml-2.0/providerprivate.h>
#include <lasso/id-ff/providerprivate.h>
#include "../utils.h"
const char *profile_names[] = {
"", /* No fedterm in SAML 2.0 */
@ -152,6 +153,7 @@ gboolean
lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node)
{
xmlNode *node, *descriptor_node;
xmlChar *providerID;
if (strcmp((char*)root_node->name, "EntityDescriptor") == 0) {
node = root_node;
@ -172,7 +174,9 @@ lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node)
return FALSE;
}
provider->ProviderID = (char*)xmlGetProp(node, (xmlChar*)"entityID");
providerID = xmlGetProp(node, (xmlChar*)"entityID");
lasso_assign_string(provider->ProviderID, (char*)providerID);
lasso_release_xml_string(providerID);
if (provider->ProviderID == NULL) {
message (G_LOG_LEVEL_CRITICAL, "lasso_saml20_provider_load_metadata_from_doc: no entityID attribute");
return FALSE;
@ -379,8 +383,6 @@ lasso_saml20_provider_get_assertion_consumer_service_binding(LassoProvider *prov
return binding;
}
gboolean
lasso_saml20_provider_accept_http_method(LassoProvider *provider, LassoProvider *remote_provider,
LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
@ -399,6 +401,7 @@ lasso_saml20_provider_accept_http_method(LassoProvider *provider, LassoProvider
"HTTP-Artifact",
NULL
};
gboolean rc = FALSE;
initiating_role = remote_provider->role;
@ -416,8 +419,8 @@ lasso_saml20_provider_accept_http_method(LassoProvider *provider, LassoProvider
if (lasso_provider_get_metadata_list(provider, protocol_profile) &&
lasso_provider_get_metadata_list(remote_provider, protocol_profile)) {
return TRUE;
rc = TRUE;
}
return FALSE;
lasso_release_string(protocol_profile);
return rc;
}