The compiler was complaining that 'compa' could be uninitialized.
USe this occasion to make the code simpler to understand and assign
actually meaningful values to the variable, even though the proper
actions are not implemented yet.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
The rc error was being set but then it was being ignored.
Get out immediately if an Issuer can't be found.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
The compiler complain about these values not being initialized.
come of them do not really matter as they are only really used when
later initialized in the code and the code paths would not use them
if not initialized in a previous block, however some of these seem
real issues.
In all cases make the compiler happy so we get less noise in the build
and less false positives in code chckers.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Coverity complains that in a number of places errors are not checked.
Some of them are ok not to check so put a silencing (void).
Check errors that need to be checked.
Coverity also complains g_malloc() return is never checked but given it is
never checked anywahere let it be for now.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
* lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve()
for looking up ArtifactResolutionService location; extract endpoint index
from artifact and use it to resolve the endpoint location.
* login.c: pass new argument ; force msg_url as it is preinitialized by
lasso_saml20_profile_init_artifact_resolve()
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
lasso_saml20_login_process_response_status_and_assertion does analyze
the response status code login specific error codes, if the generic
processing from lasso_saml20_profile_process_any_response returns a
status of response is not success, we must continue processing.
This was wrongly removed by me in commit
9d22f29e55.
This is the responsability of the caller to adjust value on the
Conditions and SubjectConfirmationData independently after.
The first is trying to use provider->role to know which kind of role
descriptor to lookup, but for the server object this field is 0 and when
building authn request we know that we want our default NameIDFormat for
the SP sso descriptor.
The logic is now simpler:
- first lasso_saml20_profile_process_any_response check the signature
on the message
- then lasso_saml20_login_process_response_status_and_assertion
traverse all the assertions:
- if the message is signed all assertion from the same issuer are
automatically accepted,
- if the message is not signed, or the signature validation failed,
or the assertion has a different issuer than the message, we check
the signature directly on the assertion. If any of the assertions
fails the signature check, the result will be
LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE.
The public field profile->signature_status will contain only the message
level signature status, each assertion signature status is not
accessible. That will change when signature and key handling is
reworked.
If the message is signed, the assertion is also covered, but if only the
assertion is signed, there is no error to report. If the caller ask for
forcing the validation of message signature, then we report an error.
This commit also add checking for the binding used, if it is not
HTTP-Post lasso_login_process_authn_response_msg will now report an
error.
* support private key with new internal API in signature setting
methods
Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.
* also use lasso_node_get_signature in has_signature
* add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
cases
For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
The standard mandate to provide a SessionIndex to service provider
advertaising their support of the logout profile. We follow the
convention of using the assertion ID as a SessionIndex.
* lasso/saml-2.0/login.c:
I'm not sure that most IdP really make the semantic distinction
between those two first level status codes, so just conflate them.
* lasso/saml-2.0/login.c:
in lasso_saml20_process_federation:
- if no name id format can be found by the request, use the default from
the metadata file (first declared NameIDFormat)
- instead of checking if format is TRANSIENT, check if it is PERSISTENT,
and proceed with the federation, if not just return 0.
- return LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER instead of
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
- in any case, check for consent.
* lasso/id-ff/profile.h:
- add end symbol for enum LassoProfileSignatureVerifyHint
* lasso/id-ff/profile.c:
- fix documentation of lasso_profile_set_signature_verify_hint
- do not allow to set or return invalid value for the
signature_verify_hint attribute.
* lasso/saml-2.0/login.c:
- handle new enum value
* lasso/saml-2.0/profile.c:
- handle new enum value
- fix missing catch of signature error reporting when
signature_verify_hint is IGNORE.
* docs/reference/lasso/lasso-sections.txt:
- export enums LassoProfileSignatureHint and
LassoProfileSignatureVerifyHint
* tests/metadata_tests.c:
- fix test of all Role enumerations