* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/provider.c:
there is now 2 methods to verify signatures, methods calling the old
one must now choose whether to call the liberty one of the SAML 2.0
one.
* (init_from_xml) fail initialization if we cannot load the metadatas,
and log a warning.
* extract _lasso_provider_load_metadata_from_buffer from
lasso_provider_load_metadata_from_buffer, which accept a length
parameter. use it inside lasso_provider_load_metadata, instead of
xmlParseFile.
* (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and
lasso_xmlsec_load_private_key to load the public keys.
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a new function to check an enclosed single signature on a
LassoNode, given that the LassoNode retained its original xml node
content.
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a method giving the SPNameQualifier for a provider (its entity id
or its affiliation id).
* lasso/id-ff/profile.c:
* lasso/saml-2.0/login.c:
update use sites.
- lasso/id-ff/provider.c lasso/id-ff/provider.h:
change return type of lasso_provider_get_metadata_list from GList* to
const GList*.
- lasso/id-ff/logout.c lasso/saml-2.0/logout.c
lasso/saml-2.0/provider.c:
change consumers of the API
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add lasso_provider_get_default_name_id_format, which returns the firs
listed NameIDFormat from the SAML 2.0 metadatas of the provider.
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
use macros to release previous value when necessary,
release object used as parameters to constructors,
free the encryption key associated with a provider,
release the key manager created for a saml signature
verification.
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
* lasso/id-ff/provider.c, lasso/id-ff/providerprivate.h:
- (lasso_provider_verify_saml_signature) validate a signed
saml Request, Response or Assertion, using the public key
of the given provider.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
Benjamin Dauvergne
Damien Laniel