ECP needs a place to store the messageID and idp_list. Normally values
like this would located in a "context" passed to the relevant
routines. But currently there is no such context, the closest thing to
a context we have is the profile so we add them here in the profile
private data using accessors. They are currently not relevant outside
of ECP.
Adds functions:
lasso_profile_get_message_id()
lasso_profile_set_message_id()
lasso_profile_get_idp_list()
lasso_profile_set_idp_list()
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
The goal of those two methods is to allow IdP and SP to load metadata
dynamically without processing completely the incoming. Currently it's
impossible as message parsing and signature checking is done in the same
function.
Sounds like these should all be boolean 'OR's, otherwise,
if profile is not in fact a lasso profile then profile->private_data
will be dereferenced even if it is NULL.
Found by Clang
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
Code in core source file which depend upon ID-WSF symbols have been
conditionalized, and each id-wsf source file now include directly its
need string header.
* lasso/id-ff/profile.h:
- add end symbol for enum LassoProfileSignatureVerifyHint
* lasso/id-ff/profile.c:
- fix documentation of lasso_profile_set_signature_verify_hint
- do not allow to set or return invalid value for the
signature_verify_hint attribute.
* lasso/saml-2.0/login.c:
- handle new enum value
* lasso/saml-2.0/profile.c:
- handle new enum value
- fix missing catch of signature error reporting when
signature_verify_hint is IGNORE.
* docs/reference/lasso/lasso-sections.txt:
- export enums LassoProfileSignatureHint and
LassoProfileSignatureVerifyHint
* tests/metadata_tests.c:
- fix test of all Role enumerations
* lasso/id-ff/profile.{c,h}:
the method lasso_profile_sso_role_with, evaluate using the current
LassoIdentity content if we are in a relation of IdP or SP toward
another provider. This is based on the existence of a federation with
this provider.
* lasso/id-ff/profile.{c,h}:
add a LassoProfileSignatureVerifyHint enumeration and two accessor
methods:
- lasso_profile_get_signature_verify_hint
- lasso_profile_set_signature_verify_hint
* lasso/id-ff/profileprivate.h:
add private field signature_verify_hint.
* lasso/id-ff/profile.{c,h}:
add lasso_profile_add_soap_fault_response(char* code, char *string,
GList *details).
* lasso/id-wsf-2.0/profile.{c,h}:
change signature of lasso_idwsf2_profile_init_soap_fault_response.
* lasso/id-wsf-2.0/data_service.c:
use new function instead of manually intializing soap faults
* lasso/id-wsf-2.0/discovery.c:
init a soap fault when parsed request is of an unknown type, return
proper error.
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/identity.c lasso/id-ff/profile.c:
precise owner semantic of lasso_profile_get_identity,
lasso_profile_get_session, lasso_profile_get_server
* lasso/id-wsf-2.0/saml2_login.c tests/login_tests_saml2.c:
in the same vein add missing release of assertion returned by
lasso_login_get_assertion which return a caller owned object.
* lasso/id-ff/profile.c: (lasso_profile_get_request_type_from_soap_msg)
use lasso_xml_parse_memory_with_error instead of xmlParseMemory, use
error code output argument to log error reports.
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a method giving the SPNameQualifier for a provider (its entity id
or its affiliation id).
* lasso/id-ff/profile.c:
* lasso/saml-2.0/login.c:
update use sites.
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/session.h: seal public fields.
* id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading
the is_dirty flag and counting store assertions.
* id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c,
saml-2.0/profile.c: use the new accessors.
* id-ff/profile.c: include the private header file, use the new
accessors, and remove unnecessary setting of is_dirty to FALSE (it
should be false at instanciation).
* utils.h: add a macro to access private content, prepare for using
G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for
private structures eventually.
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
* lasso/id-ff/profile.c:
* lasso/id-ff/profile.h:
in a move to try to remove direct access to object content, add a
function to retrieve the LassoServer object of a LassoProfile.
* bindings/overrides.xml:
it conflicts with direct access to the public field server, so we do
not export it in the binding for now.
* lasso/id-ff/profile.c: add tracing code activaged by
LASSO_FLAG=memory-debug to print release of field values.
Complement the existing code in generic deallocation procedure in
LassoNode.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
Benjamin Dauvergne
John Dennis
Simo Sorce
Frédéric Péters
Damien Laniel