* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/provider.c:
there is now 2 methods to verify signatures, methods calling the old
one must now choose whether to call the liberty one of the SAML 2.0
one.
* (init_from_xml) fail initialization if we cannot load the metadatas,
and log a warning.
* extract _lasso_provider_load_metadata_from_buffer from
lasso_provider_load_metadata_from_buffer, which accept a length
parameter. use it inside lasso_provider_load_metadata, instead of
xmlParseFile.
* (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and
lasso_xmlsec_load_private_key to load the public keys.
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a new function to check an enclosed single signature on a
LassoNode, given that the LassoNode retained its original xml node
content.
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add a method giving the SPNameQualifier for a provider (its entity id
or its affiliation id).
* lasso/id-ff/profile.c:
* lasso/saml-2.0/login.c:
update use sites.
- lasso/id-ff/provider.c lasso/id-ff/provider.h:
change return type of lasso_provider_get_metadata_list from GList* to
const GList*.
- lasso/id-ff/logout.c lasso/saml-2.0/logout.c
lasso/saml-2.0/provider.c:
change consumers of the API
* lasso/id-ff/provider.c lasso/id-ff/provider.h:
add lasso_provider_get_default_name_id_format, which returns the firs
listed NameIDFormat from the SAML 2.0 metadatas of the provider.
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
use macros to release previous value when necessary,
release object used as parameters to constructors,
free the encryption key associated with a provider,
release the key manager created for a saml signature
verification.
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
* lasso/id-ff/provider.c, lasso/id-ff/providerprivate.h:
- (lasso_provider_verify_saml_signature) validate a signed
saml Request, Response or Assertion, using the public key
of the given provider.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
- lasso/id-ff/provider.c:
- in lasso_provider_verify_signature use standardised memory and
error handling macros, and also standard return code variable name
and exit label.
- in lasso_providerl_load_metadata_from_buffer and
lasso_provider_load_metadata use the standardised macros, exit
labels and return code variable.
- lasso/id-ff/server.c:
- in lasso_server_load_affiliation use standardised allocation and
error handling macros.
- lasso/id-wsf/wsf_profile.c:
- use standardised memory and error handling macros in
lasso_wsf_profile_build_soap_request_msg.
* lasso/id-ff/server.c, lasso/id-ff/server.h: add new function to build
a LassoServer object holding content of certificate and private key
files intead of loading them everytime signing is needed. You must
instead load them yourself the first time.
* lasso/id-ff/provider.c: (lasso_provider_load_metadata) libxml emit warning
when trying to parse non-existing or non-accessible file, so verify
that the file is accessible before calling libxml. (the corner
case of having warning when the file become inaccessible between
the two calls is non-interesting)
This code permit to set flags, separated by commas, space,
tabulations, or colons. This flags activates debug functions like,
suppressing validations of signatures or print debugging message about
deallocations.
The new flags are defined in /lasso/debug.h they can be set using an
environment variable named LASSO_FLAG or a function named
lasso_set_flag.
There are two flags currently:
- verify-signature:
To deactivate it, pass 'no-verify-signature' inside LASSO_DEBUG.
It desactivate signature verification, inside two functions:
lasso_query_verify_signature and lasso_provider_verify_signature.
- memory-debug:
It enabled reporting of memory deallocation inside generic memory
dellaocator for LassoNode objects and also in bindings.
- lasso/xml/xml.c: do not free a null hash table pointer.
remove valgrind errors through python tests.
1. Rename lasso_wsf_profile_new_full for java bindings (cannot subclass
in overrides of static methods).
2. Add const modifiers to many functon signatures in
bindings/python/wrapper_top.c.
3. add initialisation of private_data->encryption_sym_key_type (to
please valgrind) in instance_init of LassoProvider.
4. Add new macro to assign xmlNode, we consider xmlNode to be an
immutable value, and always use xmlCopyNode for assignment. The
macros is called named lasso_assign_node.
5. Fix segfault, when using xmlSec to encrypt the newly created
encrypted node replace the original node inside the xmlDoc structure,
and the original node is freed automatically. So you cannot borrow
the encrypted if you do not remove it from xmlDoc first.
- remove unused parameter from private function signatures
- remove unused variable
- initialize variable potentially accessed uninitialized
- add G_GNUC_UNUSED if function is public or adhering to an interface, and a
parameter is unused.
- if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters.
The goal is to compile with -Werror.
from an XML string of the metadatas (changed semantic of the second argument
compared to lasso_server_add_provider). To support this a new public
LassoProvider constructor was added: lasso_provider_new_from_buffer, where the
second argument is an XML string. It uses a new private function,
lasso_provider_load_metadata_from_buffer.
Benjamin Dauvergne
Damien Laniel
Frédéric Péters