Identity, Lecp, Login, Logout, NameIdentifierMapping, NameRegistration,
Session, AssertionQuery, Ecp and NameIdManagement objects were missing a
namespace association to their GObject class. It broke when you try to
dump a node created by lasso_node_new_from_dump.
- build_response_msg will report signature error in response status
code when called without an initialized response (without a call to
validate_request)
- process_response_msg now use
lasso_saml20_profile_check_signature_status to check the signature
status only if permitted.
The check was missing for processing of logout requests, name id
management request and assertion query responses.
A new internal function lasso_saml20_profile_check_signature_status is
added.
* saml-2.0/name_id_management.c:
use specialized lasso_saml20_profile_set_response_status
set 'MissingNameID' second level error with requester first level
error code when request is missing a name id.
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/profileprivate.h:
make lasso_saml20_profile_set_response_status2 the new implementation
of lasso_saml20_profile_set_response_status.
add helper macros to set success, responder and requester first level
status code.
* saml-2.0/assertion_query.c:
* saml-2.0/login.c:
* saml-2.0/logout.c:
* saml-2.0/name_id_management.c:
adapt consumers to the new signature.
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* lasso/saml-2.0/login.c:
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/provider.c:
do not mix g_malloc strings with libxml strings, use the
string/gobject handling macros as much as possible, be a good memory
citizen, don't put your elbows on the table.
* lasso/saml-2.0/profile.c:
in lasso_saml20_profile_process_any_request and
lasso_saml20_profile_process_any_response do not make signature
validation failure as call failure, just store the result in
profile->signature_status and let the upper level functions handle
what to do with it. also add documentation about those two functions.
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
handle new signature_status semantic.
* lasso/saml-2.0/login.c:
add internal documentation for
lasso_saml20_login_process_authn_response_msg.
* lasso/saml-2.0/name_id_management.c:
use new generic methods in lasso_name_id_management_init_request,
lasso_name_id_management_build_request_msg,
lasso_name_id_management_process_request_msg,
lasso_name_id_management_validate_request,
lasso_name_id_management_build_response_msg,
lasso_name_id_management_process_response_msg.
Remove useless boilerplate code.
* lasso/id-ff/server.c:
* lasso/id-ff/serverprivate.h:
last user of lasso_server_nameid_decrypt removed, so remove the code.
* lasso/saml-2.0/name_id_management.c:
(lasso_saml2_name_id_management_process_request)
simplify code, remove explicit decryption of nameid and handling of
error cases, delegate to lasso_decrypt_nameid (from xml/tools.c).
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
- remove unused parameter from private function signatures
- remove unused variable
- initialize variable potentially accessed uninitialized
- add G_GNUC_UNUSED if function is public or adhering to an interface, and a
parameter is unused.
- if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters.
The goal is to compile with -Werror.
first providerId when remote_provider_id is NULL, free old remote_provider_id
string when non null and unref old name_identifier when non null. Fix
memory leaks and lacking usual feature of init_request functions.
Benjamin Dauvergne
Damien Laniel
Frédéric Péters