* lasso/Makefile.am:
distribute extract_sections.py
* docs/references/lasso/lasso.types.in: add missing class (mainly SAML2
and ID-WSF 1.0/2.0) from docs/references/lasso.types.in
* lasso/xml/strings.h:
add lots of documentation, or at least documentation template to
strings constants.
* id-ff/login.h:
* saml-2.0/assertion_query.h:
* xml/xml.h:
document undocumented enumerations.
* lasso/errors.h:
add proper documentation about error codes.
* lasso/errors.c:
new version of the lasso_strerror function
* lasso/build_strerror.py:
update the script that generater lasso_strerror from the
documentation comments.
Remove usage of OFTYPE
* lasso/id-ff/session.c:
* lasso/id-ff/session.h:
remove usage of oftype, prefer gtk-introspection annotations instead.
* lasso/id-wsf/data_service.h:
* lasso/id-wsf/data_service.c:
do the same.
Add a script to build lasso-sections.txt
* lasso/extract_sections.py:
this script parses header files and generated lasso-sections.txt
content for GObject class descriptions.
Add a template file for the lasso-section.txt file
* docs/references/lasso-sections.txt.in:
this file serves as a base for the generation of lasso-sections.txt
Update docs/references/Makefile.am for generating lasso-sections.txt
* docs/references/Makefile.am:
always rebuild template, using out of source build directory is too
weird without it.
call new script extract_sections.py to regenerate lasso-sections.txt
if header files changed.
Update lasso.sgml file with all missing sections
* docs/reference/lasso.sgml:
add all missing sections, mainly objects from XML schemas.
* docs/reference/lasso-sections.txt: update it
* *.c: add section documentation to some files.
* lasso/xml/strings.h: fix bad usage or docbook markup
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/session.h: seal public fields.
* id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading
the is_dirty flag and counting store assertions.
* id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c,
saml-2.0/profile.c: use the new accessors.
* id-ff/profile.c: include the private header file, use the new
accessors, and remove unnecessary setting of is_dirty to FALSE (it
should be false at instanciation).
* utils.h: add a macro to access private content, prepare for using
G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for
private structures eventually.
* lasso/saml-2.0/login.c:
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/provider.c:
do not mix g_malloc strings with libxml strings, use the
string/gobject handling macros as much as possible, be a good memory
citizen, don't put your elbows on the table.
* lasso/saml-2.0/profile.c:
in lasso_saml20_profile_process_any_request and
lasso_saml20_profile_process_any_response do not make signature
validation failure as call failure, just store the result in
profile->signature_status and let the upper level functions handle
what to do with it. also add documentation about those two functions.
* lasso/saml-2.0/logout.c:
* lasso/saml-2.0/name_id_management.c:
handle new signature_status semantic.
* lasso/saml-2.0/login.c:
add internal documentation for
lasso_saml20_login_process_authn_response_msg.
* lasso/saml-2.0/login.c:
lasso_saml20_login_check_assertion_signature() find the issuer of an
assertion, look it up in the server object and try to validate its
signature. It returns an error code if any of this step fails.
* lasso/saml-2.0/login.c: In
lasso_saml20_login_process_authn_request_msg change handling of
relayState do not rely upon parsing by the node object, but extract
directly from the query string. Use new function
lasso_get_relaystate_from_query.
* lasso/saml-2.0/logout.c: In lasso_saml20_logout_process_request_msg
change handling of relayState do not rely upon parsing by the node
object, but extract directly from the query string.
* lasso/saml-2.0/profile.c: In
lasso_saml20_profile_init_artifact_resolve, add handling of the
relayState transmitted to the assertion consumer URL.
* lasso/saml-2.0/name_id_management.c: In
lasso_name_id_management_process_request_msg change handling of
relayState do not rely upon parsing by the node
object, but extract directly from the query string.
* lasso/saml-2.0/login.c, lasso/saml-2.0/logout.c,
lasso/saml-2.0/name_id_management.c: simplify code path associated
with generation of the url for the HTTP-Redirect binding using the
rencently introduced function
lasso_saml20_profile_build_http_redirect.
* lasso/saml-2.0/login.c:
use new generic profile methods for saml 2.0 in
lasso_saml20_login_process_paos_response_msg,
lasso_saml20_login_process_authn_response_msg,
lasso_saml20_login_process_response_status_and_assertion.
* lasso/saml-2.0/login.c:
In specification saml-profile-2.0-os.pdf, in paragraph 4.1.4.3, it is
said that the SubjectConfirmationData node MUST NOT contain a
NotBefore attribute if it contains an InReponseTo attribute,
understanding that the response cannot (it the ID of the request is
sufficiently random) arrive before the request and be valid with
respect to the InResponseTo attribute.
* lasso/id-ff/login.c:
* lasso/saml-2.0/login.c:
Serialize/Unserialize request_id private field in LassoLogin dumps.
Match InResponseTo assertion attribute (ID-FF 1.2) or
SubjectConfirmationData attribute (SAML 2.0) to original request id
if it is present.
* id-ff/login.h:
add a string field named request_id in the private part of LassoLogin
to store request id from the original AuthnRequest.
* id-ff/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
* saml-2.0/login.c:
if request_id field is not null check the InResponseTo attribute of
the samlp:Response.
- remove unused parameter from private function signatures
- remove unused variable
- initialize variable potentially accessed uninitialized
- add G_GNUC_UNUSED if function is public or adhering to an interface, and a
parameter is unused.
- if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters.
The goal is to compile with -Werror.
not consider profile->session != NULL as a proof of a
previous authentication and search an assertion associated with
profile->remote_providerID. That was causing a bug when a previous
unsuccesfull request was making profile->session != NULL even if no
authentication has been made.
should define response->status_code no matter what happens, especially when
consent is not obtained (lasso_login_saml20_process_federation return an
error code in this case but it's a normal event in the SSO workflow so
status code is 'Success'). If not buildArtifactMsg fails when looking for
the response status code.
Benjamin Dauvergne
Frédéric Péters
Damien Laniel