Commit Graph

189 Commits

Author SHA1 Message Date
Simo Sorce cb7ea06ca5 Rearrange case checking to avoid compiler warnings
The compiler was complaining that 'compa' could be uninitialized.
USe this occasion to make the code simpler to understand and assign
actually meaningful values to the variable, even though the proper
actions are not implemented yet.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
2014-07-30 16:07:44 +02:00
Simo Sorce 86bfc84ba1 Properly exit on error
The rc error was being set but then it was being ignored.
Get out immediately if an Issuer can't be found.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
2014-07-30 16:07:44 +02:00
Simo Sorce 4789e8d4d6 Trim unused code
Clang complains these values are never used, avoid even assigning them.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
2014-07-30 16:07:44 +02:00
Simo Sorce 1f97a06a01 Fix some uninitialized value
The compiler complain about these values not being initialized.
come of them do not really matter as they are only really used when
later initialized in the code and the code paths would not use them
if not initialized in a previous block, however some of these seem
real issues.
In all cases make the compiler happy so we get less noise in the build
and less false positives in code chckers.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
2014-07-30 16:07:44 +02:00
Simo Sorce 5aa184b6b4 Fixes for unchecked return values
Coverity complains that in a number of places errors are not checked.
Some of them are ok not to check so put a silencing (void).
Check errors that need to be checked.

Coverity also complains g_malloc() return is never checked but given it is
never checked anywahere let it be for now.

License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
2014-07-30 16:07:43 +02:00
Simo Sorce 3a6b2fdee7 Fix license boilerplates
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.

Signed-off-by: Simo Sorce <simo@redhat.com>
2013-12-03 21:55:06 +01:00
Benjamin Dauvergne 566e29b3f8 saml2/profile.c: add resolving of the endpoint index in artifacts
* lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve()
   for looking up ArtifactResolutionService location; extract endpoint index
   from artifact and use it to resolve the endpoint location.
 * login.c: pass new argument ; force msg_url as it is preinitialized by
   lasso_saml20_profile_init_artifact_resolve()
2013-09-08 23:53:33 +02:00
Benjamin Dauvergne 9adc9bfaad saml2/login: fix role of providers in process_authn_request() and idp_initiated_authn_request()
It is necessary for endpoint resolution to know the role of providers.
2013-09-08 21:34:12 +02:00
Benjamin Dauvergne b6faccae0f fix warnings about unused but set variables 2013-09-08 21:31:52 +02:00
Benjamin Dauvergne ee4058bc22 [saml 2.0] use the new SessionIndex storage for SLO management
It shoulf fix any missing functionnalities regarding missing session indexes
in logout requests sent by identity providers or service providers.
2011-12-22 18:16:46 +01:00
Benjamin Dauvergne 727f07b1ae Simplify useless complexity in include paths 2011-12-16 14:17:31 +01:00
Benjamin Dauvergne fd7af65e91 [core] do not emit a warning for expected decryption errors
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.

Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
2011-11-22 18:51:49 +01:00
Benjamin Dauvergne 26d6b35a49 [leakcheck] fix leaks seen by the unit tests
This commit also improved valgrind suppression file to hide static
allocations done by the GLib type system.
2011-11-22 17:45:52 +01:00
Benjamin Dauvergne 5192cdf7a0 [core] multiple decryption keys support
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.

The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:

 xmlSecKey *encryption_private_key

became:

 GList *encryption_private_keys

All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.

The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
2011-11-21 10:25:03 +01:00
Benjamin Dauvergne 481aeef4e0 [saml2] if Status is not Success pass continue processing the response
lasso_saml20_login_process_response_status_and_assertion does analyze
the response status code login specific error codes, if the generic
processing from lasso_saml20_profile_process_any_response returns a
status of response is not success, we must continue processing.
2011-04-21 11:23:10 +02:00
Benjamin Dauvergne aa9898693a [saml login] suppress unused argument warning 2010-12-21 10:44:14 +01:00
Benjamin Dauvergne fd52e68094 [samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData 2010-12-17 17:34:59 +01:00
Benjamin Dauvergne 355df68dfe [saml2] use new encryption structure instead for internal field in LassoSaml2Assertion 2010-12-14 01:57:09 +01:00
Benjamin Dauvergne f7dbcbb2b4 [saml2] do not set SPNameQualifier it should be reserved for SP member of an affiliation 2010-12-13 16:20:29 +01:00
Benjamin Dauvergne 7a27400a87 [SAMLv2] adopt same behaviour as ID-FFv1.2 for invalid AuthnRequest 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 86f0f6b6f2 [SAMLv2] restore setting of SubjectConfirmationData->NotOnOrAfter
This was wrongly removed by me in commit
9d22f29e55.

This is the responsability of the caller to adjust value on the
Conditions and SubjectConfirmationData independently after.
2010-10-01 17:44:40 +02:00
Benjamin Dauvergne 462c9a1cd0 [Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal
Too much human errors with strcmp kind of functions. Also change name os
lasso_is_empty_string to lasso_strisempty.
2010-10-01 15:29:38 +02:00
Benjamin Dauvergne fe63f7a517 [SAMLv2] add missing compare to 0 introduced in 7386dc8189
I hate strcmp.
2010-10-01 12:22:17 +02:00
Benjamin Dauvergne 7386dc8189 [SAMLv2] when NidPolicy->Format is NULL or unspecified, return transient
Add more default cases.
2010-09-30 10:58:18 +02:00
Benjamin Dauvergne 5bcbb0e55f [SAMLv2] fix early release of the request when using idp_initiaed login 2010-09-17 18:07:39 +02:00
Benjamin Dauvergne 19aad7629a [SAMLv2] fix memleak of request in lasso_saml20_login_process_authn_request_msg 2010-09-17 17:02:41 +02:00
Benjamin Dauvergne 8b0de80e4c [SAMLv2] fix mem leaks 2010-09-17 17:02:35 +02:00
Benjamin Dauvergne 88236da2d2 [SAMLv2] mark Redirect binding as an invalid binding for return AuthnResponse
This is really not supported by the SAMLv2 protocol.
2010-08-25 19:02:22 +02:00
Benjamin Dauvergne 3769decc58 [SAMLv2] fix string in comment 2010-08-25 19:02:01 +02:00
Benjamin Dauvergne 2ab81b8e6f [SAMLv2] replace use of lasso_provider_get_default_name_id_format with direct use of lasso_provider_get_metadata_one_for_role
The first is trying to use provider->role to know which kind of role
descriptor to lookup, but for the server object this field is 0 and when
building authn request we know that we want our default NameIDFormat for
the SP sso descriptor.
2010-08-25 19:00:36 +02:00
Benjamin Dauvergne fc9c2738c6 [SAMLv2] when AuthnRequest contains invalid attributes returns INVALID_REQUEST not NO_DEFAULT_ENDPOINT
This is the right status to return.
2010-08-25 15:41:55 +02:00
Benjamin Dauvergne aebd6ed3d7 [SAMLv2] simplify logic for handling AuthnResponse with binding HTTP-Post
The logic is now simpler:
 - first lasso_saml20_profile_process_any_response check the signature
   on the message
 - then lasso_saml20_login_process_response_status_and_assertion
   traverse all the assertions:
   - if the message is signed all assertion from the same issuer are
     automatically accepted,
   - if the message is not signed, or the signature validation failed,
     or the assertion has a different issuer than the message, we check
     the signature directly on the assertion. If any of the assertions
     fails the signature check, the result will be
     LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE.

The public field profile->signature_status will contain only the message
level signature status, each assertion signature status is not
accessible. That will change when signature and key handling is
reworked.
2010-07-20 14:15:55 +00:00
Benjamin Dauvergne e79fcf3beb [SAMLv2/SSO] when processing AuthnResponse with binding HTTP-Post only the assertion need to be signed
If the message is signed, the assertion is also covered, but if only the
assertion is signed, there is no error to report. If the caller ask for
forcing the validation of message signature, then we report an error.

This commit also add checking for the binding used, if it is not
HTTP-Post lasso_login_process_authn_response_msg will now report an
error.
2010-07-19 15:27:10 +00:00
Benjamin Dauvergne e869899b79 [SAMLv2] add support for encrypted private keys
* support private key with new internal API in signature setting
   methods

Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.

 * also use lasso_node_get_signature in has_signature

 * add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
   cases

For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
2010-07-16 19:34:30 +00:00
Benjamin Dauvergne 98445777b9 [SAMLv2] if service provider supports logout, add a SessionIndex from the assertion ID
The standard mandate to provide a SessionIndex to service provider
advertaising their support of the logout profile. We follow the
convention of using the assertion ID as a SessionIndex.
2010-07-12 14:09:14 +00:00
Benjamin Dauvergne c1a4ba2fc0 Merge branch 'issue-88' 2010-06-29 09:15:02 +00:00
Benjamin Dauvergne 2c0ea4d647 Change all logging to use message() 2010-06-09 16:54:55 +00:00
Benjamin Dauvergne 9d22f29e55 SAML 2.0: in lasso_login_build_assertion set conditions time limit, no SubjectConfirmationData limits 2010-05-31 07:13:41 +00:00
Benjamin Dauvergne 60c6a25208 SAML 2.0: in lasso_login_build_assertion do not conflate sessionNotOnOrAfter with assertion condition notOnOrAfter 2010-05-31 07:13:39 +00:00
Benjamin Dauvergne 23c604b268 SAMLv2: conflate Responder and Requester when checking second level status code
* lasso/saml-2.0/login.c:
   I'm not sure that most IdP really make the semantic distinction
   between those two first level status codes, so just conflate them.
2010-05-11 08:54:47 +00:00
Benjamin Dauvergne c2fff8b5f1 SAMLv2: remove warning message for invalid signature on AuthnResponse messages
* lasso/saml-2.0/login.c:
   we already return an error, no need to clutter the output with
   warning messages.
2010-05-11 08:54:45 +00:00
Benjamin Dauvergne a041a2ef81 Initialize all uninitialized rc variables 2010-04-30 09:23:01 +00:00
Benjamin Dauvergne 2f5ef5fef0 Improve safety by replacing all g_list_free use by lasso_release_list 2010-04-22 00:44:57 +00:00
Benjamin Dauvergne 11a8f53846 SAML 2.0: in lasso_saml20_process_federation, only handle the case of PERSISTENT format
* lasso/saml-2.0/login.c:
   in lasso_saml20_process_federation:
   - if no name id format can be found by the request, use the default from
     the metadata file (first declared NameIDFormat)
   - instead of checking if format is TRANSIENT, check if it is PERSISTENT,
     and proceed with the federation, if not just return 0.
   - return LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER instead of
     LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
   - in any case, check for consent.
2010-04-20 09:34:23 +00:00
Benjamin Dauvergne 281817ce87 SAML 2.0: in lasso_saml20_login_validate_request, do not check signature if not necessary 2010-04-20 09:34:22 +00:00
Benjamin Dauvergne dd495ca6c3 SAML 2.0: find binding when only AssertionConsumerServiceURL is set, do not check signature on request if asked 2010-04-20 09:34:20 +00:00
Benjamin Dauvergne 6ff6f92720 Login: add internal function _lasso_login_must_verify_*signature 2010-04-20 09:34:17 +00:00
Benjamin Dauvergne 81c35bbe2e Ameliorate support for lasso_profile_set_signature_verify_hint
* lasso/id-ff/profile.h:
   - add end symbol for enum LassoProfileSignatureVerifyHint
 * lasso/id-ff/profile.c:
   - fix documentation of lasso_profile_set_signature_verify_hint
   - do not allow to set or return invalid value for the
     signature_verify_hint attribute.
 * lasso/saml-2.0/login.c:
   - handle new enum value
 * lasso/saml-2.0/profile.c:
   - handle new enum value
   - fix missing catch of signature error reporting when
     signature_verify_hint is IGNORE.
 * docs/reference/lasso/lasso-sections.txt:
   - export enums LassoProfileSignatureHint and
     LassoProfileSignatureVerifyHint
 * tests/metadata_tests.c:
   - fix test of all Role enumerations
2010-04-16 15:37:17 +00:00
Benjamin Dauvergne 97f37266e3 Support SignatureVerifyHint in SAML 2.0 SSO profile and common message handling 2010-03-27 16:51:38 +00:00
Benjamin Dauvergne 139a31df80 SAML 2.0: fix uninitialized variable 2010-03-08 13:19:59 +00:00