entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
5,055 Commits 7 Branches 40 Tags 14 MiB
Commit Graph

3109 Commits

Author SHA1 Message Date
Benjamin Dauvergne 9d13fb1933 [core] fix wrong XML canonicalization when assertion is extracted without its namespace context 2011-11-22 00:18:33 +01:00
Benjamin Dauvergne 699f0e42d5 [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5 
- gcc now warns when you compate a typedef to the anonymous enum which
   define it.
 - some inline function in the zend.h header do compare between signed
   and unsigned char.
 2011-11-21 22:10:12 +01:00
Benjamin Dauvergne 346071a630 [wsf] fix wsf preprocessor conditionals 2011-01-04 16:43:06 +01:00
Benjamin Dauvergne 2b90dcd503 [saml2] when parsing short numbers reinitialize errno 2011-01-04 16:37:34 +01:00
Benjamin Dauvergne d69649cc5d [xml] fix null pointer access in lasso_node_get_encryption 2010-12-22 11:03:52 +01:00
Benjamin Dauvergne cfd58003fa [saml2] fix errors in lasso)provider_get_first_http_method when a binding is unknown 2010-12-21 16:38:57 +01:00
Benjamin Dauvergne e401253f8d [saml2 provider] change critical messages to debug messages 2010-12-21 10:58:48 +01:00
Benjamin Dauvergne d8bff0dbb3 [saml2 profile] fix bug in binding_uri_to_http_method with the POST binding 2010-12-21 10:54:38 +01:00
Benjamin Dauvergne aa9898693a [saml login] suppress unused argument warning 2010-12-21 10:44:14 +01:00
Benjamin Dauvergne 126a9ac71c [samlv2 logout] check that the assertion is well formed before accessing the subject nameid 2010-12-17 17:40:28 +01:00
Benjamin Dauvergne 8c28926304 [profile] prefer to lookup the session before the identity for looking up a name identifier; 2010-12-17 17:40:07 +01:00
Benjamin Dauvergne d02bf096a5 [samlv2 logout] setup the NameID from the assertion 2010-12-17 17:36:17 +01:00
Benjamin Dauvergne fd52e68094 [samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData 2010-12-17 17:34:59 +01:00
Benjamin Dauvergne 4391f1ffb9 [saml2] make LASSO_SIGNATURE_VERIFY_HINT_FORCE as least as stringent as _MAYBE when checking signature on messages 2010-12-14 12:10:47 +01:00
Benjamin Dauvergne 4f5e6c6000 [xml] remove duplicate EncryptedKey around EncryptedData elements 
The key is already embedded in the EncryptedData, so there is no need to
also fill the EncryptedKey field of the saml:EncryptedElement object.
 2010-12-14 02:01:30 +01:00
Benjamin Dauvergne b324c41237 [xml] add exportation of the encrypting public key in EncryptedData elements 
This commit check if the given is a simple RSA key or a full certificate
and choose the better serialization method between RSAKeyValue and
X509Data.
 2010-12-14 02:00:10 +01:00
Benjamin Dauvergne 447c610c9c [tools] fix xml decryption 
This commit rewrite the extraction of the EncryptedKey when it is
embedded inside the EncryptedData element, which seem to be the frequent
case.
 2010-12-14 01:58:38 +01:00
Benjamin Dauvergne 185ce3c139 Merge with new field in custome element 2010-12-14 01:58:02 +01:00
Benjamin Dauvergne 355df68dfe [saml2] use new encryption structure instead for internal field in LassoSaml2Assertion 2010-12-14 01:57:09 +01:00
Benjamin Dauvergne ec5ec161f7 [xml] add field to contains encryption parameters inside CustomElement structure 2010-12-14 01:55:09 +01:00
Benjamin Dauvergne b0c2fdab28 [utils] fix typo in lasso_assign_sec_key 2010-12-14 01:53:01 +01:00
Benjamin Dauvergne f7dbcbb2b4 [saml2] do not set SPNameQualifier it should be reserved for SP member of an affiliation 2010-12-13 16:20:29 +01:00
Benjamin Dauvergne 76dc05434a [SAMLv2] fix segfault in has_signature by initializing local variables 2010-10-20 15:42:59 +02:00
Benjamin Dauvergne 7d90d5e26a [SAMLv2] delete an unused local variable 2010-10-11 09:58:16 +02:00
Benjamin Dauvergne c36d6a90dd [SAMLv2] user server->signature_method when signing request and response 2010-10-09 17:55:31 +02:00
Benjamin Dauvergne 4ebb7067a0 [core] check type of first argument of lasso_provider_get_assertion_consumer_url 2010-10-09 15:51:23 +02:00
Benjamin Dauvergne 758fe88dad [xml] fix waring on use of strndup on pardus 2010-10-08 14:10:26 +02:00
Jérôme Schneider 270f1743f0 Add missing include <errno.h> 2010-10-08 14:10:02 +02:00
Benjamin Dauvergne 3872f17fcd [SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation 
In lasso_saml20_profile_process_artifact_resolve, we know take a short
path with an error when the remote provider is unknown and we also
respect the lasso_profile_get_signature_verify_hint() when checking the
signature on the artifact resolve message.
 2010-10-07 18:48:28 +02:00
Benjamin Dauvergne 4bf2a6c0c0 [SAMLv2] fix bad double free bug in lasso_saml20_provider_get_assertion_consumer_service_url_by_binding 2010-10-07 18:39:06 +02:00
Benjamin Dauvergne 6b2a21d116 [core] adapt lasso_provider_get_assertion_consumer_service_url for SAMLv2 2010-10-07 18:38:21 +02:00
Benjamin Dauvergne 5d56e4558e [ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler behaviour for checking signatures 
There is two sources of advice for signature checking:
AuthnRequestsSigned attribute in service provider metadata files and
value of lasso_profile_get_signature_verify_hint().

If lasso_profile_get_signature_verify_hint() forbid to check signature,
we do not check.
If the SP advise to check signature, we check.
If lasso_profile_get_signature_verify_hint() forces to check signature,
we do not check.
In all other cases we only check if a signature is present, i.e. we
ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND.
 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 58a3868361 [ID-FFv1.2] make lasso_login_process_authn_request_msg() return LASSO_PROFILE_ERROR_INVALID_MSG if received request is not a lib:AuthnRequest 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 7a27400a87 [SAMLv2] adopt same behaviour as ID-FFv1.2 for invalid AuthnRequest 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 6be8d9cfa8 [SAMLv2&ID-FFv1.2] improve documentation of lasso_login_process_authn_request_msg 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 06c2ec9d61 [SAMLv2] fix ordering of endpoints 
Ordering by binding is wrong, first order by isDefault (as stated in
saml-metadata-2.0.pdf) then by index.
 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 3d1d90ee31 [Core] change isdefault type in EndpointType structure 
As integer we can represent the three value of isdefault:
- true
- false
- attribute absent
 2010-10-06 17:00:52 +02:00
Benjamin Dauvergne 86f0f6b6f2 [SAMLv2] restore setting of SubjectConfirmationData->NotOnOrAfter 
This was wrongly removed by me in commit
9d22f29e55.

This is the responsability of the caller to adjust value on the
Conditions and SubjectConfirmationData independently after.
 2010-10-01 17:44:40 +02:00
Benjamin Dauvergne 462c9a1cd0 [Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal 
Too much human errors with strcmp kind of functions. Also change name os
lasso_is_empty_string to lasso_strisempty.
 2010-10-01 15:29:38 +02:00
Benjamin Dauvergne b5fcbc6455 [Core] add helper API for string comparaison 
It should remove most errors when comparing strings.
 2010-10-01 15:13:49 +02:00
Benjamin Dauvergne fe63f7a517 [SAMLv2] add missing compare to 0 introduced in 7386dc8189 
I hate strcmp.
 2010-10-01 12:22:17 +02:00
Benjamin Dauvergne 4c3af26a58 [SAMLv2] also initialize Destination for response messages 
asynchronous bindings needs Destination attribute even for response
messages.
 2010-09-30 10:58:50 +02:00
Benjamin Dauvergne 7386dc8189 [SAMLv2] when NidPolicy->Format is NULL or unspecified, return transient 
Add more default cases.
 2010-09-30 10:58:18 +02:00
Benjamin Dauvergne cd7b3e92c5 [Core] fix break of lasso_profile_get_request_type_from_soap_msg from commit b9d535625 
ManageNameIDRequest is not an ID-WSF kind of request.
 2010-09-29 00:10:09 +02:00
Benjamin Dauvergne 4a970453de [Core] add missing annotation to lasso_*_dump functions 
The string returned by these functions is newly allocated and must be
freed by the caller.
 2010-09-27 16:18:57 +02:00
Benjamin Dauvergne b4e04a0716 [ID-WSFv1] fix other misuses of the macro lasso_foreach 2010-09-27 16:18:30 +02:00
Benjamin Dauvergne 6cc9ae7e32 [SAMLv2] fix wrong order in use of macro lasso_foreach 
The first argument must be the iterator, the second is the iterable.
Also add a non-regression test with Googleapps metadata and and a
typical authn request.
 2010-09-27 16:17:07 +02:00
Benjamin Dauvergne 5bcbb0e55f [SAMLv2] fix early release of the request when using idp_initiaed login 2010-09-17 18:07:39 +02:00
Benjamin Dauvergne 1ffece0e57 [SAMLv2] fix memleak of request in lasso_name_id_management_process_request_msg 2010-09-17 18:01:31 +02:00
Benjamin Dauvergne 19aad7629a [SAMLv2] fix memleak of request in lasso_saml20_login_process_authn_request_msg 2010-09-17 17:02:41 +02:00