* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/session.h: seal public fields.
* id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading
the is_dirty flag and counting store assertions.
* id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c,
saml-2.0/profile.c: use the new accessors.
* id-ff/profile.c: include the private header file, use the new
accessors, and remove unnecessary setting of is_dirty to FALSE (it
should be false at instanciation).
* utils.h: add a macro to access private content, prepare for using
G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for
private structures eventually.
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
* lasso/id-ff/login.c:
change the return code for when no remote provider ID could be
defined (because the argument is NULL and the server object contains
no providers) so that we can distingish the case where the given
provider is unknown or if there is no providers configured.
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
* lasso/id-ff/login.c:
add condition upon checking of the InResponseTo field: checks only if
strict checking is activated as it could stop old code using Lasso
from working.
* lasso/id-ff/login.c: (lasso_login_init_authn_request) again a passing by
correction, use lasso_assign_string for copying information from
the request to the profile object.
* lasso/id-ff/login.c:
- (lasso_login_init_request) catch RelayState in the query_fields and
copy it to msg_relayState
- (lasso_login_process_authn_request_msg) copy RelayState from the
request object to the profile object.
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
* lasso/id-ff/login.c:
* lasso/saml-2.0/login.c:
Serialize/Unserialize request_id private field in LassoLogin dumps.
Match InResponseTo assertion attribute (ID-FF 1.2) or
SubjectConfirmationData attribute (SAML 2.0) to original request id
if it is present.
* id-ff/login.h:
add a string field named request_id in the private part of LassoLogin
to store request id from the original AuthnRequest.
* id-ff/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
* saml-2.0/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
- lasso/id-ff/login.c:
- the lasso_login_process_response_msg is used to process SOAP response
to artifact resolution requests. The answer contains an samlp:Response
that can be signed, and each contained assertion MUST be individually
signed.
- lasso/xml/samlp_response.c:
- set keep_xmlnode flag on the class metadatas to help in signature
validations.
- lasso/id-ff/login.c:
- lasso_login_process_response_status_and_assertion:
- if signature_status is not 0 and an assertion is present, we
validate the signature on this assertion using the
internal API lasso_provider_verify_saml_signature.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
- remove unused parameter from private function signatures
- remove unused variable
- initialize variable potentially accessed uninitialized
- add G_GNUC_UNUSED if function is public or adhering to an interface, and a
parameter is unused.
- if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters.
The goal is to compile with -Werror.
the DiscoService support a security mechanism needing one. Anyway the
generation of Credentials is broken.
* lasso/id-ff/session.c: add treatment of saml:Advice on newly added
Assertions, keep the transmitted assertions inside the session indexed by their
AssertionID.
* lasso/xml/saml_advice.{c,h}: change content to SNIPPET_LIST_XMLNODES.
Benjamin Dauvergne
Damien Laniel
Frédéric Péters