2023-02-28 Benjamin Dauvergne Release 2.8.1 -·Major·overhaul·of·OpenSSL·API·usage·by·using·only·the·EVP·API·as·the·low¶ ··level·API·(RSA*,·HMAC*)·is·deprecated.¶ -·Fix·wrong·parsing·of·Count·attribute·on·saml:ProxyRestriction,·thanks·to¶ ··Maxime·Besson·from·Worteks.¶ -·Perl:·pass·LDFLAGS·to·Makefile.PL¶ -·Replace·use·of·deprecated·xmlSecBase64Decode·by·xmlSecBase64Decode_ex¶ -·Fix·overwrite·of·profile.signature_status·in·lasso_saml20_login_process_response_status_and_assertion¶ -·Fix·lot·of·GCC·warnings¶ 2022-11-23 Benjamin Dauvergne In lasso_saml20_login_process_response_status_and_assertion does not overwirte signature_status with rc which is always at 0 (#54689) We are losing information in this case, like if the response was not signed. 2022-11-23 Jakub Hrozek In lasso_saml20_login_process_response_status_and_assertion remove dead switch (#54689) In case VERIFY_HINT was set to IGNORE and the login signature was incorrect, lasso_saml20_login_process_response_status_and_assertion would have jumped straight to the cleanup label which just returns the return code. Related: https://dev.entrouvert.org/issues/54689 License: MIT 2022-11-21 Benjamin Dauvergne Fix unused parameters warnings (#71400) Fix all cast-function-type warnings (#71400) Fix warning about enum conversion (#71400) Fix all warnings in tests (#71400) Fix use of wrong enumeration NULL value (#71400) It produced a cast warning. Fix warnings about type casts (#71400) Replace all use of xmlSecBase64Decode by lasso_base64_decode (#71399) Adapt lasso_base64_decode to the deprecation of xmlSecBase64Decode (#71399) We now use the non-deprecated new API (since xmlsec 1.2.35) xmlSecBase64Decode_ex. Add new define LASSO_XMLSEC_VERSION_NUMBER allow version check on libxmlsec (#71399) Make lasso_inflate output the inflated buffer size (#71399) Use OpenSSL EVP API to work around deprecation of low level APIs in OpenSSL 3 (#71313) OpenSSL API is used to sign query-string values in the SAML 2.0 Redirect binding. Other binding only need the libxmlsec API as signature are XML DSIG signatures. Prevent loading of default cert file during tests (#71396) 2022-11-20 Frédéric Péters debian: sync with upstream packaging changes perl: pass $(LDFLAGS) to Makefile.PL (#71393) LDFLAGS is set during the Debian build to pass hardening flags and we want them to be applied to the perl module. 2022-09-28 Benjamin Dauvergne Fix parsing of Count attribute of saml:ProxyRestriction (#69673) 2022-04-27 Benjamin Dauvergne Revert "Use the AM_PATH_PYTHON macro instead of custom macros" This reverts commit 23d91efac34fed8c338a388449e763e58527b3d3. Use the AM_PATH_PYTHON macro instead of custom macros 2022-03-15 Benjamin Dauvergne website: update for 2.8.0 Release 2.8.0 2022-03-14 Frédéric Péters debian: sync bullseye packaging with upstream debian.org (#62756) 2022-02-28 Frédéric Péters jenkins: add bullseye to packaging targets 2021-11-20 Frédéric Péters debian: sync bullseye packaging with upstream debian.org (#58788) debian: init debian-bullseye as a copy of debian buster (#58788) 2021-09-28 Benjamin Dauvergne Does not decref boolean constants (#57268) TRUE/FALSE are special references in CPython bindings whose reference count must never be updated. 2021-09-13 Benjamin Dauvergne Keep ABI stability (#56883) The following functions where part of the experimental ID-WSF support recently removed but where incorrectly included in the official ABI, so we restore dummy versions of them (they do nothing or return NULL): - lasso_get_prefix_for_dst_service_href - lasso_get_prefix_for_idwsf2_dst_service_href - lasso_register_dst_service - lasso_register_idwsf2_dst_service 2021-09-11 Benjamin Dauvergne debian: update liblasso3.symbols 2021-09-11 Benjamin Dauvergne Clear Python error indicator after logging (#56572) Lasso log using the GLib logging API and the Python binding install a hook to delegate logging to a Python logger named "lasso". During the logging call the error indicator can be set to signal an exception. The indicator will still be set when we return from the Lasso API call, and is not handled by the Python wrapping of the C functions. If our function returns a non-NULL value, the Python interpreter will raise because this situation is forbidden. To prevent it, if we detect that an exception occurred during logging calls, we print it to stderr, clear the error indicator and return immediately. 2021-09-11 Benjamin Dauvergne Change default key encryption padding algorithm to RSA-OAEP (#56023) The key encryption padding algorithm is now configurable, the default being changed to OAEP. It's possible to set the default through ./configure with: --with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep] at initialization time with an environment variable: LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep] or at runtime for a service provider: lasso_provider_set_key_encryption_method(LassoProvider *provider, LassoKeyEncryptionMethod key_encryption_method) The setting is global for all encrypted nodes (Assertion or NameID). 2021-09-11 Benjamin Dauvergne Python: fix formatting (#56023) Remove win32 directory (#56645) It's obsolete. Remove ID-WSF 1.0, 2.0 and WS-* support (#56644) It has been deprecated for a long time. 2021-09-03 Benjamin Dauvergne Fix warning about int conversion saml2_authn_context.c:77:3: warning: initialization of ‘unsigned int’ from ‘void *’ makes integer from pointer without a cast [-Wint-conversion] 2021-07-16 Benjamin Dauvergne Prevent multiple OneTimeUse elements (#52961) "A SAML authority MUST NOT include more than one element within a element of an assertion" 2021-07-13 Benjamin Dauvergne python: clear warnings about PY_SSIZE_T_CLEAN (#55561) Using the python3 bindings on recent python3 >=3.8 versions shows: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats https://docs.python.org/3.9/whatsnew/changelog.html?highlight=py_ssize_t_clean#id193 2021-07-13 Benjamin Dauvergne python: clear warnings about assertX methods (#55561) 2021-06-24 Jakub Hrozek test13_test_lasso_server_load_metadata: Don't verify signature if lasso is not configured with sha-1 (#54037) python: Skip the DSA key test unless SHA-1 is configured (#54037) lasso supports DSA-XXX only with SHA-1. The alternative is to use DSA-SHA256. 2021-06-24 Jakub Hrozek Check if the signature method is allowed in addition to being valid (#54037) Adds a new utility function lasso_allowed_signature_method() that checks if the signature method is allowed. Previously, the code would only check if the method was valid. This new function is used whenever lasso_validate_signature_method was previously used through lasso_ok_signature_method() which wraps both validate and allowed. lasso_allowed_signature_method() is also used on a couple of places, notably lasso_query_verify_helper(). Related: https://dev.entrouvert.org/issues/54037 2021-06-23 Jakub Hrozek Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with lasso_get_default_signature_method() (#54037) This should be backwards-compatible but at the same time use the selected default instead of RSA-SHA1. Related: https://dev.entrouvert.org/issues/54037 2021-06-23 Jakub Hrozek Make the default signature method and the minimal hash strength configurable (#54037) Adds two new configure options: --with-default-sign-algo --min-hash-algo --with-default-sign-algo sets the default signing algorithm and defaults to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and rsa-sha256. --min-hash-algo sets the minimum hash algorithm to be accepted. The default is sha1 for backwards compatibility as well. Related: https://dev.entrouvert.org/issues/54037 2021-06-23 Jakub Hrozek tests: Move test08_lasso_key and test07_saml2_query_verify_signature to SHA256 (#54037) These tests use a hardcoded query and private key which makes it unsuitable to make the tests use the configured default digest. Let's just convert them to SHA256 unconditionally. Fix lasso_query_sign HMAC other than SHA1 (#54037) The switch clause was using SHA1 digests for all digest types when signing. This obviously breaks verifying the signatures if HMAC-SHAXXX is used and XXX is something else than 1. 2021-06-01 Benjamin Dauvergne Release 2.7.0 2021-06-01 Benjamin Dauvergne Fix signature checking on unsigned response with multiple assertions CVE-2021-28091 : when AuthnResponse messages are not signed (which is permitted by the specifiation), all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion. This patch : * check signatures from all assertions if the message is not signed, * refuse messages with assertion from different issuers than the one on the message, to prevent assertion bundling event if they are signed. 2021-04-07 Benjamin Dauvergne Jenkinsfile: update name of main branch 2021-03-09 Benjamin Dauvergne Python: improve display of warnings in the binding generator 2021-02-26 Benjamin Dauvergne replace deprecated index() by strchr() (#51385) 2021-02-25 Benjamin Dauvergne Fix: new provider reference count is incremented one time too many (#51420) 2021-02-24 Benjamin Dauvergne docs: update gtk-doc-tools integration (#50441) Using reference documentation on https://developer.gnome.org/gtk-doc-manual/stable/index.html.en bindings: disable java tests when java is disabled 2021-02-24 Benjamin Dauvergne Fix: python3 bindings (#51249) The __str__ method called itself, resulting in an RecursionError. ====================================================================== ERROR: test14 (__main__.BindingTestCase) ---------------------------------------------------------------------- Traceback (most recent call last): File "./binding_tests.py", line 336, in test14 assert isinstance(str(cm.exception), str) File "../lasso.py", line 69, in __str__ return '' % (self.__class__.__name__, self) File "../lasso.py", line 69, in __str__ return '' % (self.__class__.__name__, self) File "../lasso.py", line 69, in __str__ return '' % (self.__class__.__name__, self) [Previous line repeated 489 more times] File "../lasso.py", line 68, in __str__ if sys.version_info >= (3,): RecursionError: maximum recursion depth exceeded in comparison ---------------------------------------------------------------------- 2021-02-23 Benjamin Dauvergne configure.ac: disable java bindings 2020-12-26 Frédéric Péters build: update to use origin/main 2020-10-12 Benjamin Dauvergne debian: add packaging for debian-buster jenkins.sh: build against all available python versions (#44287) python: do not leak out_pyvalue if method call protocol is not respected (#44287) python: do not raise in valid_seq() (#44287) python: return NULL if get_list_of_strings() fails (#44287) python: return NULL if get_list_of_pygobject fails (#44287) python: return NULL if get_list_of_xml_nodes fails (#44287) python: return NULL if set_list_of_pygobject fails (#44287) python: return NULL if set_list_of_xml_nodes fails (#44287) python: return NULL if set_list_of_strings fails (#44287) python: return NULL if set_hashtable_of_strings fails (#44287) python: return NULL if set_hashtable_of_pygobject fails (#44287) python: free internal string buffer if needed in set_list_of_strings (#44287) python: check if hashtable is NULL before deallocatio (#44287)n python: add a failure label to method wrappers (#44287) To separate wrapping code from unwinding and error handling code. python: add macro for early return (#44287) python: remove newline before method call (#44287) python: simplify get_logger_object (#44287) python: fix warning about discarded const modifier (#44287) python: replace exception by warning on logging path (#44287) python: use simpler call format to prevent warning about PY_SSIZE_T_CLEAN (#44287) python: remove deprecated PyErr_Warn (#44287) python: remove unused PyString_Size (#44287) 2020-08-21 Benjamin Dauvergne python: Exception.message was removed in python3 (#45995) 2020-08-14 Benjamin Dauvergne tools: reimplement xmlURIEscapeStr to respect RFC3986 (#45581) Bugfix by Emmanuel Dreyfus. License: MIT 2020-08-11 Benjamin Dauvergne configure.ac: support php7 interpreter on CentOS 8 (#42299) 2020-04-22 Benjamin Dauvergne Release 2.6.1 Keep order of SessionIndexes Clear SessionIndex when private SessionIndexes is empty (#41950) 2020-03-26 Benjamin Dauvergne misc: clear warnings about class_init signature using coccinelle $ spatch --in-place --sp-file add-second-arg-to-class-init.cocci `git grep -l -C1 ^class_init \*.c` $ sed -i 's/\*unused\>/*unused G_GNUC_UNUSED/' `git grep -l 'void \*unused'` tests: fix compilation with check>0.12 (#39101) 2020-03-05 Bernhard M. Wiedemann Sort input file lists (#40454) so that lasso.py, lasso/types.c and liblasso.so.3.13.0 build reproducibly in spite of indeterministic filesystem readdir order. For some reason, lasso/extract_sections.py lasso/extract_symbols.py do not need such patches to get a reproducible openSUSE package. See https://reproducible-builds.org/ for why this is good. This patch was done while working on reproducible builds for openSUSE. License: MIT 2019-09-09 Benjamin Dauvergne debian: disable php7 (#28608) 2019-09-09 Tomohiro "Tomo-p" KATO Modify .gitignore for PHP 7 binding (#28608) License: MIT Add PHP 7 binding (#28608) License: MIT 2019-09-09 Benjamin Dauvergne Fix tests broken by new DEBUG logs (#12829) 2019-09-06 Benjamin Dauvergne Improve error logging during node parsing (#12829) Improve configure compatibility (#32425) Improve compatibility with Solaris (#32425) 2019-09-05 Benjamin Dauvergne Fix reference count in lasso_server_add_provider2 (fixes #35061) As implemented lasso_server_add_provider2 could not be used as a publik API as it dit not increase the reference count of the LassoProvider object before adding it to the providers hashtable. lasso_server_add_provider_helper had to be modified to decrement the reference count of the new LassoProvider object after using lasso_server_add_provider2. 2019-09-05 Benjamin Dauvergne Fix python multi-version builds on jessie and stretch debian/rules supposed that lasso Makefile would always prefer python2 to python3, it's not the case anymore. Also recent python3 improvements to bindings scripts did not work with python 3.5 on jessie (on jessie/3.5 default open() encoding is still ASCII not UTF-8 as with the default UTF-8 of later python3 versions). 2019-08-27 Thomas NOEL docs/xsltproc: do not use Internet to fetch DTDs, entities or documents (#35590) 2019-07-04 Benjamin Dauvergne fix missing include for index() (fixes #33791) tests/basic_tests.c:2141:7: warning: implicit declaration of function 'index' [-Wimplicit-function-declaration] qs = index(authnRequestUrl, '?') + 1; ^~~~~ tests/basic_tests.c:2141:7: warning: incompatible implicit declaration of built-in function 'index' 2019-07-03 Dmitrii Shcherbakov PAOS: Do not populate "Destination" attribute When ECP profile (saml-ecp-v2.0-cs01) is used with PAOS binding Lasso populates an AuthnRequest with the "Destination" attribute set to AssertionConsumerURL of an SP - this leads to IdP-side errors because the destination attribute in the request does not match the IdP URL. The "Destination" attribute is mandatory only for HTTP Redirect and HTTP Post bindings when AuthRequests are signed per saml-bindings-2.0-os (sections 3.4.5.2 and 3.5.5.2). Specifically for PAOS it makes sense to avoid setting that optional attribute because an ECP decides which IdP to use, not the SP. Fixes Bug: 34409 License: MIT 2019-07-02 Benjamin Dauvergne export symbol lasso_log (#33784) The symbol lasso_log has to be exported, otherwise Solaris run-time linker fails due to an unresolved symbol dependency. 2019-06-11 Benjamin Dauvergne tests: use self-generated certificate to sign federation metadata file (#33823) Generation procedure : openssl genrsa -out rootCA.key 4096 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 99999 -out rootCA.crt openssl genrsa -out lasso.key 2048 openssl req -new -sha256 -key lasso.key -subj "/C=FR/CN=Lasso" -out lasso.csr openssl x509 -req -in lasso.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out lasso.crt -days 99999 -sha256 openssl pkcs12 -export -inkey lasso.key -password pass: -in lasso.crt -name lasso -out lasso.pkcs12 xmlsec1 --sign --output renater.xml --trusted-pem rootCA.crt --pwd "" --pkcs12 lasso.pkcs12 metadata/renater-metadata.xml xmlsec1 --verify --trusted-pem rootCA.crt metadata/renater-metadata.xml 2019-05-23 Benjamin Dauvergne Do not ignore WantAuthnRequestSigned value with hint MAYBE (fixes #33354) Bug introduced in commit 394680712. Use io.open(encoding=utf8) in extract_symbols/sections.py (fixes #33360) 2019-01-19 Benjamin Dauvergne xml: adapt schema in saml2:AuthnContext (#29340) saml2:AuthnContext XML schema indicate that AuthenticatingAuthority is an optional unbounded list of nodes, but the current Lasso schema only handle an unique element. To prevent Lasso from refusing perfectly legal messages, we add a rule to the Lasso ignoring other nodes after the first one. 2019-01-11 John Dennis Fix ECP signature not found error when only assertion is signed (#26828) With a SAML Authn Response either the message or the assertion contained in the response message or both can be signed. Most IdP's sign the message. This fixes a bug when processing an ECP authn response when only the assertion is signed. lasso_saml20_profile_process_soap_response_with_headers() performs a signature check on the SAML message. A signature can also appear on the assertion which is checked by lasso_saml20_login_process_response_status_and_assertion() The problem occurred when the message was not signed and lasso_saml20_profile_process_soap_response_with_headers() returned LASSO_DS_ERROR_SIGNATURE_NOT_FOUND as an error code which is not actually an error because we haven't checked the signature on the assertion yet. We were returning the first LASSO_DS_ERROR_SIGNATURE_NOT_FOUND error when in fact the subsequent signature check in lasso_saml20_login_process_response_status_and_assertion() succeeded. The ECP unit tests were enhanced to cover these cases. The enhanced unit test revealed a problem in two switch statements operating on the return value of lasso_profile_get_signature_verify_hint() which were missing a case statement for LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE which caused an abort due to an unknown enumeration value. Fixes Bug: 26828 License: MIT 2018-10-15 Benjamin Dauvergne extract_types.py: force io to use UTF-8 encoding (fixes #27332) 2018-10-14 Benjamin Dauvergne add Jenkinsfile xml: fix parsing of saml:AuthnContext (fixes #25640) Decl/DeclRef are alternatives, when matching a Decl we should jump over the DeclRef. 2018-07-24 Benjamin Dauvergne Remove -Werror from --enable-debugging (fixes #24771) GCC 8 has better warnings and it breaks the build on platform already using it and wanting debugging symbols. Move AC_SUBST declaration for AM_CFLAGS with alike (#24771) Just to reorder things properly in configure.ac. Clean python cache when building python3 binding Python3 store .pyc cache in hidden directory __pycache__, distcheck complained that the source directory was not completely clean after a distclean. 2018-07-24 John Dennis Configure should search for versioned Python interpreter. Following the guidelines in Python PEP 394 with regards to the python command on UNIX like systems preference should be given to explicitly versioned command interpreter as opposed to unversioned and that an unversioned python command should (but might not) refer to Python2. Also in some environments unversioned Python interpreters (e.g. /usr/bin/python) do not even exist, onlyh their explicitly versioned variants are (e.g. /usr/bin/python2 and /usr/bin/python3). Therefore the AC_CHECK_PROGS directive in configure.ac should not rely exclusively on an unversioned Python interpreter as it does not, rather it should search in priority order. First for python3, then for an unversionsed python because some distributions have already moved the default unversioned python to python3, and then finally search for python2. In the scenario where unversioned python is still pointing to python2 it's equivalent to selecting the last prority option of python2, but if unversioned python is pointing to python3 you get instead. The net result is always preferring python3 but gracefully falling back to python2 not matter how the environment exports it's Python. If AC_CHECK_PROGS for python does not check for the versioned variants the build fails in environments that only have versioned variants with this error: configure: error: Python must be installed to compile lasso License: MIT 2018-07-24 John Dennis Make more Python scripts compatible with both Py2 and Py3 While porting other Python code in the repo to run under Py3 (as well as Py2) it was discovered there were a number of other Python scripts which also needed porting. However these scripts are never invoked during a build so there was no easy way to test the porting work. I assume these scripts are for developers only and/or are historical. Because there was no way for me to test the porting changes on these scripts I did not want to include the changes in the patch for the Py3 porting which fixed scripts that are invoked during the build (the former patch is mandatory, this patch is optional at the moment). I did verify the scripts compile cleanly under both Py2 and Py3, however it's possible I missed porting something or the error does not show up until run-time. Examples of the required changes are: * Replace use of the built-in function file() with open(). file() does not exist in Py3, open works in both Py2 and Py3. The code was also modified to use a file context manager (e.g. with open(xxx) as f:). This assures open files are properly closed when the code block using the file goes out of scope. This is a standard modern Python idiom. * Replace all use of the print keyword with the six.print_() function, which itself is an emulation of Py3's print function. Py3 no longer has a print keyword, only a print() function. * The dict methods .keys(), .values(), .items() no longer return a list in Py3, instead they return a "view" object which is an iterator whose result is an unordered set. The most notable consequence is you cannot index the result of these functions like your could in Py2 (e.g. dict.keys()[0] will raise a run time exception). * Replace use of StringIO.StringIO and cStringIO with six.StringIO. Py3 no longer has cStringIO and the six variant handles the correct import. * Py3 no longer allows the "except xxx, variable" syntax, where variable appering after the comma is assigned the exception object, you must use the "as" keyword to perform the variable assignment (e.g. execpt xxx as variable) * Python PEP 3113 removed tuple parameter unpacking. Therefore you can no longer define a formal parameter list that contains tuple notation representing a single parameter that is unpacked into multiple arguments. License: MIT 2018-07-24 John Dennis Downcase UTF-8 file encoding name Python and Emacs (and others?) recognize a special directive line in a file that identifies what encoding the file is encoded in. See Python PEP 263. For example: The general form of the directive is: where xxx is the name of a codec. Python codec names are lower case with underscores used to seperate words. In both Python and Emacs one can create aliases for the codecs so you can use an alternate name to refer to the same codec. Python is forgiving with respect to case, underscore and hyphens. Python will automatically create an alias for a codec name by downcasing it and replacing hyphens with underscores, thus "UTF-8" is actually an alias for the "utf_8" codec. Unfortunately emacs does not automatically create such aliases, although one can add aliases via a custom initialization file, but doing so requires every user using emacs to edit the files to manually create their own aliases. If you try to write a file in emacs with the "UTF-8" codec name it won't recognize it as "utf-8", instead you'll get errors like this: Warning (mule): Invalid coding system ‘UTF-8’ is specified for the current buffer/file by the :coding tag. It is highly recommended to fix it before writing to a file. and you must force the file to be written by responding to additional propmpts. This patch simply downcases the the "UTF-8" codec name to "utf-8" so that both Python and Emacs will accept the codec name. License: MIT 2018-07-24 John Dennis fix duplicate definition of LogoutTestCase and logoutSuite Commit 6f617027e added a duplicate definition of the LogoutTestCase class containing only 1 test which shaddowed the original LogoutTestCase containing 4 tests. The logoutSuite variable was also shadowed and the allTests variable contained a duplicate of logoutSuite causing the 2nd definition of LogoutTestCase to be run twice. Not only were the original 4 tests not being run but the entire unit test in profiles_tests.py was failing under Python3. This is because the unittest code in Py3 deletes a test from it's list of tests to run once it's been run. The second time the logoutSuite was invoked it no longer contained any tests which caused an exception to be raised because there were no tests to be run. License: MIT 2018-07-24 John Dennis Make Python scripts compatible with both Py2 and Py3 During the build if the Python3 interpreter is used a number of scripts will fail because they were never ported from Py2 to Py3. In general we want Python code to be compatible with both Py2 and Py3. This patch brings the scripts up to date with Py3 but retains backwards compatibility with Py2 (specifically Py 2.7, the last Py2 release). Examples of the required changes are: * Replace use of the built-in function file() with open(). file() does not exist in Py3, open works in both Py2 and Py3. The code was also modified to use a file context manager (e.g. with open(xxx) as f:). This assures open files are properly closed when the code block using the file goes out of scope. This is a standard modern Python idiom. * Replace all use of the print keyword with the six.print_() function, which itself is an emulation of Py3's print function. Py3 no longer has a print keyword, only a print() function. * The dict methods .keys(), .values(), .items() no longer return a list in Py3, instead they return a "view" object which is an iterator whose result is an unordered set. The most notable consequence is you cannot index the result of these functions like your could in Py2 (e.g. dict.keys()[0] will raise a run time exception). * Replace use of StringIO.StringIO and cStringIO with six.StringIO. Py3 no longer has cStringIO and the six variant handles the correct import. * Py3 no longer allows the "except xxx, variable" syntax, where variable appering after the comma is assigned the exception object, you must use the "as" keyword to perform the variable assignment (e.g. execpt xxx as variable) Note: the modifications in this patch are the minimum necessary to get the build to run with the Py3 interpreter. There are numerous other Python scripts in the repo which need Py3 porting as well but because they are not invoked during a build they will be updated in a subsequent patch. License: MIT 2018-07-24 John Dennis Use python interpreter specified configure script The configure script allows you to specify the python interpreter to use via the --with-python option. There were several places where the python interpreter was implicity invoked without using the specified version. This can create a number of problems in an environment with multiple python versions as is the case during the transition from Python 2 to Python 3. Python 2 is not compatible with Python 3. Lasso's Python code is supposed to be compatible with both versions. But during the build and when running the unit tests it is essential the same interpreter be used consistently otherwise you can have problems. This patch assures whenever python is invoked it does so via the $(PYTHON) configuration variable. What about shebang lines (e.g #/usr/bin/python) at the top of scripts? Python PEP 394 (https://www.python.org/dev/peps/pep-0394/) covers this. Basically it says if a script is compatible only with Py2 the shebang should be #/usr/bin/python2, if only compatible with Py3 the shebang should be #/usr/bin/python3. However, if the script is compatible with both versions it can continue to use the compatible with both Py2 and Py3. License: MIT 2018-06-28 Benjamin Dauvergne tools: set output buffer size in lasso_inflate to 20 times the input size (fixes #24853) jenkins.sh: add a make clean to prevent previous build to break new ones tools: fix segfault in lasso_get_saml_message (fixes #24830) We reuse the "message" local variable but we should not. Also fix a segfault in lasso_xmltextreader_from_message() when getting the length of "message" before checking if it is NULL or not. 2018-06-28 Frédéric Péters python: add a classmethod for lasso.profileGetIssuer (#24831) 2018-06-27 Frédéric Péters faq: fix references to lasso.profileGetIssuer (#24832) debian: sync with debian package (#24595) 2018-06-14 Benjamin Dauvergne website: add news about 2.6.0 release 2018-05-30 Benjamin Dauvergne Release 2.6.0 perl/tests: build Makefile.perl before running the tests 2018-05-01 Benjamin Dauvergne deprecate loading PEM formatted public keys in lasso_xmlsec_load_key_info Also ensure work-around bug[1] in libxmlsec 1.2.24 and 1.2.25. [1]: https://github.com/lsh123/xmlsec/issues/164 2018-05-01 Benjamin Dauvergne add a pem-public-key runtime flag We want to deprecate support for loading PEM formatted key from ds:KeyValue nodes, before final removal it will have to be activated through a runtime flag (using LASSO_FLAG environment variable). 2018-04-30 John Dennis Replace xmlSecSoap functions with lasso implementations xmlsec has removed support for SOAP. The missing xmlSecSoap* functions and their dependent utiliity functions were added to Lasso following the model of the existing xmlSec implmentations. Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2 *only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and confused matters. Therefire the SOAP 1.2 support was removed. The following new functions were added to Lasso to support SOAP: * lasso_xml_next_element_node * lasso_xml_get_node_ns_href * lasso_xml_is_element_node * lasso_xml_soap11_get_header * lasso_xml_soap11_get_body The following is the mapping from the deprecated xmlSecSoap symbols to the new Lasso symbols: xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF xmlSecGetNextElementNode -> lasso_xml_next_element_node xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href xmlSecCheckNodeName -> lasso_xml_is_element_node xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header xmlSecSoap11GetBody -> lasso_xml_soap11_get_body This patch also extends the automake version support in autogen.sh to the current 1.16 version. License: MIT 2018-04-30 Benjamin Dauvergne perl: set DESTDIR and PREFIX at Makefile's creation 2018-04-29 Benjamin Dauvergne perl: force use of the in-tree lasso when running tests (fixes #23276) python: route logs for libxml2 and libxmlsec2 to their own logger 2018-04-06 Benjamin Dauvergne add xmlsec_soap.h to Makefile java: stop setting a bytecode version target tests: prevent crash in glib caused by abort on recursive logging The fail() function from libcheck is doing a longjump() from inside the logging subsystem, preventing the depth counter to be reinitialised to 0. (Seen with g_private_get(&g_log_depth) in a gdb session). route logs from libxml2 and libxmlsec through GLib logging fix get_issuer and get_in_response_to fix warnings replace use of which is deprecated (fixes #18771) 2018-02-10 Frédéric Péters debian: initialize stretch packaging with a copy of upstream debian (#21772) 2017-09-11 Benjamin Dauvergne saml-2.0: improve support for free content inside samlp2:Extensions (fixes #18581) Four new accesors: lasso_samlp2_extensions_get_any lasso_samlp2_extensions_set_any lasso_samlp2_extensions_get_attributes lasso_samlp2_extensions_set_attributes The two new pseudo field are fully supported in the python binding. node = lasso.Samlp2Extensions() node.any = 'ok' node.attributes = {'{http://entrouvert.org/}attribute1': 'value'} print node.dump() 2017-08-12 Benjamin Dauvergne ignore unknown attributes from the xsi: namespace add defined for the XML namespace jenkins.sh: add V=1 2016-08-04 Benjamin Dauvergne fix definitions of error, critical and warning macros (fixes #12830) They all log at the DEBUG level instead of their respective levels. tests: convert log level as string 2016-06-18 John Dennis Fix ecp test validate_idp_list() (fixes #11421) validate_idp_list was not using the correct list elements when it iterated over the known_sp_provided_idp_entries_supporting_ecp list. It treated them as lists of strings instead of lists of LassoSamlp2IDPEntry. License: MIT 2016-06-15 John Dennis enable user supplied CFLAGS CFLAGS is initialized to the empty string in configure.ac, this effectively turned off user supplied values for CFLAGS preventing site specific values from being used. A further complicating factor was of all the user supplied values documented in Automake only CFLAGS was disabled allowing all other user supplied variables to take effect. Some variables must be coordinated (e.g. CFLAGS with LDFLAGS), the fact LDFLAGS was picked up from the environment but CFLAGS was discarded caused build failures due to incompatible combination of compiler and linker options. The problem was first introduced in commit: 73d9c98f "Reset CFLAGS when --enable-debugging is used". This patch simply removes hardcoding CFLAGS to the empty string and appends the debug options (--enable-debugging) to the existing CFLAGS. Proper use of the variables is described in the Automake documentation in the section "Flag Variables Ordering" https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html Although the Automake documentation claims manipulating CFLAGS directly is improper use there are many examples of this in the existing configure.ac, this patch makes no attempt at addressing this issue, rather it makes existing usage consistent. In the particular case of debug flags appending to CFLAGS is probably the only valid solution because the debug flags must appear at the end of the list of flags in order to override earlier flags, CFLAGS always appears last in the Makefile (see above Automake doc). License: MIT 2016-04-26 Benjamin Dauvergne do not call xmlSecKeyDuplicate is source key is NULL 2016-03-11 Benjamin Dauvergne fix segfault when parsed node has no namespace (#47) This bug was introduced in commit 8d06806d, the check for a correct namespace on head node of parsed XML fragments does not handle the case where the node has no namespace. Using lasso_equal_namespace() fix this. 2016-03-07 Benjamin Dauvergne check node names in lasso_node_impl_init_from_xml() (fixes #47) tests: silence unused variable warning 2016-03-06 Benjamin Dauvergne add docstring on SHA-2 signature method enum remove DGME specific commented out code add support for C14N 1.1 methods and C14N withComments methods (fixes #4863) Choose the Reference transform based on the chosen Signature transform (fixes #10155) i.e. if the signature use SHA2 then use SHA2 of the same strength for digesting references. 2016-02-24 John Dennis add inline implementation of lasso_log lasso_log is a private function of lasso and as such cannot be referenced by the loader. This is equivalent to commit e0bda691 in the PHP binding which exhibited the same problem. lasso_log is referenced in jobject_to_gobject() because of lasso_assign_gobject macro, which includes the lasso_release_gobject macro which invokes the message macro which expands to lasso_log. License: MIT 2016-02-18 Benjamin Dauvergne Release 2.5.1 fix warning about INCLUDES directive 2016-02-18 Benjamin Dauvergne bindings/php5: fix enum getters and setters (fixes #10032) enumeration type were being wrongly interpreted as objects types because is_object() was used instead of the local specialisation done in PhpCode.is_object(). Also fix docstring of getters/setters. 2016-02-18 Benjamin Dauvergne tools.c: use correct NID and digest length when building RSA signature using SHA-2 digest (fixes #10019) Thanks to Brett Gardner for the bug report and patch. Licence: MIT 2016-01-13 Benjamin Dauvergne Fix wrong snippet type (fixes #9616) In elements samlp2:RequestedAuthnContext, Comparison is an attribute, not a text child node. 2016-01-11 Frédéric Péters perl: remove quotes from $PERL -V::ccflags: output (#9572) 2015-11-25 Benjamin Dauvergne tests: update valgrind suppressions tests: fix leak saml-2.0: fix leaks of url profile: fix leak of private idp_list field xml: fix leak in lasso_soap_envelope_new_full 2015-11-24 Benjamin Dauvergne xml: fix wrong termination of comment tests: fix leaks in test_ecp saml-2.0: fix leak of message_id in lasso_profile_saml20_build_paos_request_msg id-ff: fix leak of profile->private_data->message_id tests: fix leak in test test16_test_get_issuer 2015-10-30 Rob Crittenden Set NotBefore in SAML 2.0 login assertions License: MIT 2015-10-15 John Dennis Add missing urn constants used in PAOS HTTP header The new OASIS "SAML V2.0 Enhanced Client or Proxy Profile Version 2.0" specification added new options that can appear in the PAOS HTTP header. Section 2.3.1 enumerates the following URN options which can appear in the PAOS HEADER: urn:oasis:names:tc:SAML:protocol:ext:channel-binding urn:oasis:names:tc:SAML:2.0:cm:holder-of-key urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp:2.0:WantAuthnRequestsSigned urn:oasis:names:tc:SAML:2.0:conditions:delegation Of these only the holder-of-key was previously defined in Lasso, this patch adds the other 3 constants. License: MIT 2015-09-02 Benjamin Dauvergne Release 2.5.0 remove errors.c, it breaks computation of version from tags java: fix AllJunitTests generation when building out of source directory 2015-09-01 Benjamin Dauvergne Revert "Add messageID and idp_list to profile properties" This reverts commit b10c48058ed5942b135712f46888e0697fb593ff. 2015-09-01 John Dennis fix test08_lasso_key test failure Note: the rest of this message is formatted as reStructuredText (rst). Test Failure ============ The unit tests run by "make check" fail with the following error: :: tests.c:61:F:Lasso keys:test08_lasso_key:0: No logging output expected: message «ID _E3F8E9116EE08F0E2607CF9789649BB4 already defined » was emitted for domain «Lasso» at the level «128» This is not a regression in Lasso, rather the failure is caused by one of the components Lasso is dependent upon. It was first observed when the identical Lasso package was built in Fedora 22, no problems were observed in Fedora 21. This implies one or more updated components in Fedora 22 is the cause. This was a particularity difficult error to track down, first one had to identify who was emitting the message and on what file descriptor (stream) and who was triggering on the message emission and causing a check failure. The obvious assumption the check library was responsible for detecting the message emission and failing the test is wrong. Who is emitting the message and why? ------------------------------------ The message is emitted by libxml2 in the function `xmlAddID()` (valid.c:2578). It occurs at the end of xmlAddID() when it detects the ID (which is supposed to be unique to the document is already defined, which for valid XML is illegal (violates uniquenesss constraint). The message emission occurs because of the code fragment :: if (xmlHashAddEntry(table, value, ret) < 0) { #ifdef LIBXML_VALID_ENABLED /* * The id is already defined in this DTD. */ xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED, "ID %s already defined\n", value, NULL, NULL); #endif /* LIBXML_VALID_ENABLED */ xmlFreeID(ret); return(NULL); } Why is the message emission different between libxml2 versions? --------------------------------------------------------------- The change occured between libxml2 version 2.9.1 and 2.9.2 in commit a16eb968075a82ec33b2c1e77db8909a35b44620 :: commit a16eb968075a82ec33b2c1e77db8909a35b44620 Author: Daniel Veillard Date: Tue Jun 10 16:06:14 2014 +0800 erroneously ignores a validation error if no error callback set Reported by Stefan Behnel https://bugzilla.gnome.org/show_bug.cgi?id=724903 diff --git a/valid.c b/valid.c index aedd9d7..1e03a7c 100644 --- a/valid.c +++ b/valid.c @@ -2633,11 +2633,8 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, /* * The id is already defined in this DTD. */ - if ((ctxt != NULL) && (ctxt->error != NULL)) { - xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED, - "ID %s already defined\n", - value, NULL, NULL); - } + xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED, + "ID %s already defined\n", value, NULL, NULL); #endif /* LIBXML_VALID_ENABLED */ xmlFreeID(ret); return(NULL); In both versions of libxml2 the conditional complilation LIBXML_VALID_ENABLED is enabled by default via the configure script. What is different is the the requirement ctxt be non-NULL. Lasso invokes xmlAddID with a NULL ctxt parameter. Because the NULL test for ctxt is absent in libxlm2 2.9.2 the message is now emitted where previously it was not. Who triggers on messge emission and fails the test? --------------------------------------------------- This is a Lasso feature, it is not part of libcheck. In tests/tests.c is the following function :: void error_logger(const gchar *log_domain, GLogLevelFlags log_level, const gchar *message, G_GNUC_UNUSED gpointer user_data) { fail("No logging output expected: message «%s» was emitted for domain «%s» at the level" " «%d»", message, log_domain, log_level); } Before the test are run the error_logger function is installed as a glib handler :: g_log_set_default_handler(error_logger, NULL); When the message is emitted the error_logger traps it and invokes the libcheck (deprecated) function fail() which aborts the test case. Why does `test08_lasso_key` cause an XML validation failure? ------------------------------------------------------------ `test08_lasso_key` invokes `lasso_key_saml2_xml_verify()` twice on the same XML document. Any time `lasso_key_saml2_xml_verify()` is called more than once the XML validation will fail on the second and subsequent invocations. This occurs because `lasso_key_saml2_xml_verify()` invokes `lasso_verify_signature()` passing it the node id in the `id_attr_name` parameter. Inside `lasso_verify_signature()` is this code fragment: :: /* Find ID */ if (id_attr_name) { id = xmlGetProp(signed_node, (xmlChar*)id_attr_name); if (id) { xmlAddID(NULL, doc, id, xmlHasProp(signed_node, (xmlChar*)id_attr_name)); } } Note that it unconditionally invokes `xmlAddID()`, which adds the ID to the set of unique element ID's in the document. But if you invoke `xmlAddID()` more than once with the same ID in the same document you violate the uniqueness constraint. The ID needs to be registered in the document because the element of the may utilize an XPointer reference to the signed data. In it's simplest form the XPointer reference is an ID attribute on a node. Thus to locate the signed data referenced by the ID it should (must?) be in a table of ID's for the document. Simple Solution (patch) ----------------------- The solution is simple now that the problem is understood. The ID should not be unconditionally added to the document, instead it should only be added if it's not already registered. Prior to calling `xmlAddID()` one should call `xmlGetID()` and test for a NULL result indicating the ID has not be registered previously. License: MIT 2015-09-01 John Dennis add support for automake 1.15 License: MIT 2015-09-01 John Dennis Fix coverity lasso_get_hmac_key() warning lasso_get_hmac_key() did not check return value. Now check the return code, emit a critical message and return early with cleanup. License: MIT 2015-09-01 John Dennis Add messageID and idp_list to profile properties ECP needs a place to store the messageID and idp_list. Normally values like this would located in a "context" passed to the relevant routines. But currently there is no such context, the closest thing to a context we have is the profile so we add them here in the profile private data using accessors. They are currently not relevant outside of ECP. Adds functions: lasso_profile_get_message_id() lasso_profile_set_message_id() lasso_profile_get_idp_list() lasso_profile_set_idp_list() License: MIT 2015-08-24 Benjamin Dauvergne configure.ac: move test framework detection after pkg-config detection debian-jessie: add build dependency on pkg-config Add 'debian-jessie/' from commit 'dc7374e9f41214557dd45735789a7535d6bbe681' git-subtree-dir: debian-jessie git-subtree-mainline: 83f6319c01ef633fe17625d9ec8d15f1f9dbfc36 git-subtree-split: dc7374e9f41214557dd45735789a7535d6bbe681 bindings/java: fix test script generation 2015-08-24 John Dennis add ECP unit test Test ECP. 3 different variations of the SP provided IDP List are exercised. License: MIT 2015-08-24 John Dennis Implement PAOS request and response messages Re-implement lasso_profile_saml20_build_paos_request_msg() and lasso_saml20_login_process_paos_response_msg() to use the functionality introduced by earlier patches and to assure they are functionally complete. License: MIT 2015-08-24 John Dennis Add messageID and idp_list to profile properties ECP needs a place to store the messageID and idp_list. Normally values like this would located in a "context" passed to the relevant routines. But currently there is no such context, the closest thing to a context we have is the profile so we add them here in the profile private data using accessors. They are currently not relevant outside of ECP. Adds functions: lasso_profile_get_message_id() lasso_profile_set_message_id() lasso_profile_get_idp_list() lasso_profile_set_idp_list() License: MIT 2015-08-24 John Dennis ECP and PAOS special handling ECP does not require an SP to know the remote IdP provider. Existing code made the assumption the remote provider always was necessary. Determination and setting of the remote consumer URL is different in the presence of ECP. Rework the logic to reflect differing requirements. License: MIT 2015-08-24 John Dennis Add function to set protocol conformance Lasso uses an internal private variable bound to the provider to indicate which protocol the provider is servicing. It is vital this value be correctly set because many Lasso routines used it to dispatch to the appropriate protocol handlers. Normally the provider's protocol conformance is set as a side-effect of parsing the XML metadata that describes the provider (e.g. an SP or IdP). However there are some providers (e.g. an ECP client) which do not have metadata. For providers lacking metadata it is essential there be a mechanism to set the protocol conformance otherwise the library will malfunction. The function comes with documentation that includes a clear warning this is to be used only in limited circumstances. License: MIT 2015-08-24 John Dennis Implement ECP client functionality Implement everything needed to support a SAMLv2 ECP client. Re-implement lasso_ecp_process_authn_request_msg() and lasso_ecp_process_response_msg() to use the Lasso XML serialization subsystem with the ECP and PASO LassoNode's introduced earlier. This replaces one-off explicit direct use of the libxml API with Lasso common code. In the process provide support for 100% of the ECP and PAOS SAMLv2 parameters, not just a subset. Include support for receiving an IDPList from the SP in conjuction with selecting an IdP known to the ECP client. Add extensive documentation. Modify LassoSamlp2AuthnRequest to preserve it's original XML (enable keep_xmlnode flag) so that when serializing the SOAP request the LassoSamlp2AuthnRequest received from the SP is exactly duplicated. Add the following internal static utility functions: is_provider_in_sp_idplist() is_idp_entry_in_entity_id_list() intersect_sp_idplist_with_entity_id_list() Add the following exported utility functions: lasso_ecp_is_provider_in_sp_idplist() lasso_ecp_is_idp_entry_known_idp_supporting_ecp() lasso_ecp_set_known_sp_provided_idp_entries_supporting_ecp() lasso_ecp_has_sp_idplist() lasso_ecp_get_endpoint_url_by_entity_id() lasso_ecp_process_sp_idp_list() Add the following members to the ECP class: message_id response_consumer_url relaystate issuer provider_name is_passive sp_idp_list known_sp_provided_idp_entries_supporting_ecp known_idp_entity_ids_supporting_ecp License: MIT 2015-08-24 John Dennis Clean up ECP and PAOS XML generation Re-implement lasso_node_export_to_ecp_soap_response() and lasso_node_export_to_paos_request(). Add new function lasso_node_export_to_paos_request_full() with full functionality which deprecates lasso_node_export_to_paos_request(). The existing code had two significant deficiencies, it performed explicit direct xml manipulation using the libxml API rather than calling into Lasso's extensive XML utilities, this was in stark contrast the rest of the Lasso library. It also failed to handle a number of ECP parameters leaving a functionality gap in the API. The new code makes use of the Lasso XML serialization subsystem. Rather than hand crafted xml manipulation we use the ECP and PAOS LassoNode objects introduced in an earlier patch. This is consistent with the rest of Lasso and because those LassoNodes are used elsewhere we have a better guarantee of robustness because the same common code is being called from multiple places. Other Lasso common utilities (some introduced in previous patches) are invoked instead of handcrafted xml manipulation, once again common code is preferred. Finally lasso_node_export_to_paos_request_full() was introduced to expose in the Lasso API all ECP parameters. lasso_node_export_to_paos_request() now trivially calls into lasso_node_export_to_paos_request_full(). License: MIT 2015-08-24 John Dennis Server utility returns list of providers supporting endpoint type Add lasso_server_get_filtered_provider_list() utility. Iterate over the server providers and build a list of provider EntityID's who have the specified role and at least one endpoint matching the protocol_type and http_method. Return a GList list of EntityID's License: MIT 2015-08-24 John Dennis Add server utility lasso_server_get_endpoint_url_by_id() Locate the provider in the server's list of providers, then select an endpoint given the @endpoint_description and return that endpoint's URL. If the provider cannot be found or if the provider does not have a matching endpoint NULL will be returned. License: MIT 2015-08-24 John Dennis Add ECP and PAOS to prefix_from_href_and_nodename() prefix_from_href_and_nodename() did not know about the ECP and PAOS XML prefixes so add them. License: MIT 2015-08-24 John Dennis Export LassonNode to SOAP with arbitrary SOAP headers Add function lasso_node_export_to_soap_with_headers() Utility function to build a full SOAP envelope message with arbitrary headers. The LassoNode becomes the body of the SOAP envelope. The headers are passed as a GList of LassoNode's and are added as header elements to the SOAP envelope header. This is a flexible way to build a SOAP envelope that contains headers without constraints on the headers. License: MIT 2015-08-24 John Dennis LassoSamlp2IDPList is not list capable LassoSamlp2IDPList is supposed to handle a list of LassoSamlp2IDPEntry but in fact it had no list support. Change the snippet flag SNIPPET_NODE to SNIPPET_LIST_NODES and add the special list comment on the struct member so that the binding generator knows what type of GList it is. License: MIT 2015-08-24 John Dennis Add LassoNode objects for ECP and PAOS The SAMLv2 protocol defines 5 XML types which we need to map to LassoNode objectes so thay can be serialized from XML and back into XML. ecp:RelayState ecp:Request ecp:Response paos:Request paso:Response This patch addes these 5 new LassoNode's and updates the build configuration to include them. License: MIT 2015-08-24 John Dennis Enhance process soap response to include processing soap headers The existing lasso_saml20_profile_process_soap_response() assumed there were no SOAP headers (prior to ECP none of the SOAP messages contained headers). A new function lasso_saml20_profile_process_soap_response_with_headers() was implemented that serializes from the XML SOAP headers into a LassoSoapHeader node and optionally will return the LassoSoapHeader node. The functionality in lasso_saml20_profile_process_soap_response() was moved into the new lasso_saml20_profile_process_soap_response_with_headers() and now lasso_saml20_profile_process_soap_response() simply calls lasso_saml20_profile_process_soap_response_with_headers() passing NULL for the header return. License: MIT 2015-08-24 John Dennis Add new LassoSoapEnvelope constructor, lasso_soap_envelope_new_full() The existing LassoSoapEnvelope constructors did not populate the node with it's constituent members, namely a SOAP header (LassoSoapHeader) and a SOAP body (LassoSoapBody). lasso_soap_envelope_new_full() allows one to create a SOAP envelope and immediately begin to add header and body elements. License: MIT 2015-08-24 John Dennis Fix LassoSoapHeader, was unable to serialize from XML. The existing Lasso code never made use of SOAP headers because up until now nothing used them. LassoSoapHeader was unable to serialize from XML into a GList of LassoNode objects because it was missing one of the necessary snippet flags. This corrects this omission and now parsing a SOAP header will yield a sequence of LassoNode's. License: MIT 2015-08-24 John Dennis Add new error codes and their matching error descriptions License: MIT 2015-08-24 John Dennis Add lasso_is_in_list_of_strings macro to utils.h Add macro that tests to see if a string is a member in a list of strings. License: MIT 2015-08-24 John Dennis Fix build failure, remove inclusion of xml/private.h in utils.h The public utils.h header includes the private xml/private.h file which is not installed. Therefore anyone trying to build against lasso and include utils.h will fail because xml/private.h cannot be found. There doesn't seem to be any need to include this file. License: MIT 2015-08-24 John Dennis Eliminate _BSD_SOURCE and _SVID_SOURCE deprecation warning Because all warnings are treated as errors and this warning is emitted: warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE" the build fails. The fix is to define _DEFAULT_SOURCE in lasso/xml/tools.c The effect of defining the _DEFAULT_SOURCE macro is equivalent to the effect of explicitly defining three macros in earlier glibc versions: -D_BSD_SOURCE -D_SVID_SOURCE -D_POSIX_C_SOURCE=200809C License: MIT 2015-08-24 Benjamin Dauvergne configure.ac: provide fallback for systems where libcheck is not installed with pkg-config Add checks for failure of an allocation function from libxml (#8070) g_malloc always trap on allocation errors but not xmlMalloc. xml: handle failure of xmlSecBase64Decode() (fixes #8070) Thanks to fpeters for the patch. FAQ: add section about getting the issuer before parsing the received message (#4378) profile: add two new class methods, lasso_profile_get_issuer and lasso_profile_get_in_response_to (#4378) The goal of those two methods is to allow IdP and SP to load metadata dynamically without processing completely the incoming. Currently it's impossible as message parsing and signature checking is done in the same function. configure.ac: use pkg-config for libcheck saml-2.0/login.c: change default value of WantAuthnRequestSigned (fixes #8105) Specification says it should default to FALSE. We comply. 2015-08-24 Benjamin Dauvergne Makefile.am: fix automake warning It fixes this warning: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') it seems INCLUDES is not to be used anymore. 2015-04-03 Benjamin Dauvergne Add 'debian-squeeze/' from commit '33d67ddd1352a2db97d252c7d18f7806ec91e616' git-subtree-dir: debian-squeeze git-subtree-mainline: 80a2e0ea4763d3f0bc611ab98c8e207b6a82c099 git-subtree-split: 33d67ddd1352a2db97d252c7d18f7806ec91e616 Add 'debian-wheezy/' from commit '0001ab9af1e3a7e19000a65b75ebc3c42f76a739' git-subtree-dir: debian-wheezy git-subtree-mainline: 9f99176b3c8dd2d7c9a6ebf9c619d9c7fea2b64b git-subtree-split: 0001ab9af1e3a7e19000a65b75ebc3c42f76a739 2015-03-26 Benjamin Dauvergne SAML-2.0: rework on commit 05fe802b8d, improve handling of ProtocolBinding and AssertionConsumerServiceURL When the same URL was used for many bindings, the current code did not work. Now we use lasso_saml20_provider_check_assertion_consumer_service_url() to validate url and binding are matching, if no binding is suggested we take the first one defined for this URL. Using AssertionConsumerServiceIndex and any of the other assertion consumer designator attributes is still forbidden. 2015-03-23 John Dennis Fix build failures Fix a mistake in the documentation markup that prevented the doc from building, needed to reverse the order of two tags. Remove the $(PYTHON) from TESTS_ENVIRONMENT, it was causing python to be invoked passing /bin/sh to it as a script. License: MIT 2015-03-11 John Dennis Add Destination attribute for SAML ECP Response The Destination attribute on SAML Response element was not being set when handling an ECP response. It is a requirement of SAML 2.0 that signed values contain a Destination attribute on the root element otherwise the client will reject the response. This is documented in the SAML Bindings Specification, Section 3.4.5.2 "Security Considerations": If the message is signed, the Destination XML attribute in the root SAML element of the protocol message MUST contain the URL to which the sender has instructed the user agent to deliver the message. The recipient MUST then verify that the value matches the location at which the message has been received. Normally on login one calls lasso_saml20_login_build_authn_response_msg() which then calls lasso_saml20_profile_build_response_msg() which sets the Destination attribute on the SAML Response. But when doing ECP you do not call lasso_saml20_login_build_authn_response_msg(), instead you call call lasso_saml20_login_build_response_msg() and if it's ECP it then calls lasso_node_export_to_ecp_soap_response(). Thus the ECP response never gets the Destination attribute set because of the different code path, plus for ECP the destination is different, it's the assertion consumer service. FWIW this line of code was copied almost verbatim from lasso_saml20_profile_build_response_msg which also sets the Destination attribute. License: MIT 2015-02-26 Jérôme Schneider php5-lasso.prerm: s/phpdismod/php5dismod/ Merge with lasso in Jessie, re-activate java and gen-default-control.sh control: build depends on dh-python 2015-02-25 Jérôme Schneider python-lasso.install: just install python 2 files python-lasso.install: python-lasso is for python2 only liblasso-perl.install.in: fixes path rules: cleanning clean target perl; fix build for Jessie remove java support control: update build-dependencies for python3 debian/control: like control.in, control must be updated 2015-02-25 EO builder bot debian: add python3 support 2015-02-13 Benjamin Dauvergne Re-add control for eobuilder Remove control and add python-six to control.in Revert "Remove control.in" This reverts commit 176e0716f8f8593860e0603697db5dec5675f5b3. 2015-02-12 Benjamin Dauvergne Remove control.in Add dependency on python-six Update AUHTORS file Port Java binding generator to Python 3 Port Perl binding generator to Python 3 Port PHP5 binding generator to Python 3 Make python generator scripts and tests run with python >= 3.2 2015-02-12 Houzéfa Abbasbhay Python 3: Fix the pygobject init macro and restore it Python 3: Fix a string conversion helper Python 3: Oops (see rev 279959f) Python 3: Fix Python 2 support (use six.print_) Mention Python 3 support in the changelog Python 3: Disable "PyGObjectPtrType" to avoid crashes (needs investigation) Python 3: Fix a string function Python 3: Fix module init Python 3: PyObject_HEAD_INIT(NULL) -> PyVarObject_HEAD_INIT(NULL, 0) (to play better with C strict aliasing rules - see PEP 3123) Python 3: Defs for int & string related functions Python 3: - file(...) -> open(...) - print ... -> print(...) - print >> fd, ... -> print(..., file=fd) - basestring -> str - map(...) -> list(map(...)) Python 3: PyObject.ob_type is deeper in the structure; use the Py_TYPE macro instead Python 3: Fix print calls in configure.ac Ignore some Perl binding files Ignore /test-driver 2015-02-12 Benjamin Dauvergne SAML-2.0: Rework protocol profile selection when parsing AuthnRequest messages This commit also add tests around authn request parsing. 2015-02-09 Benjamin Dauvergne Add support for SHA-2 family of hash functions for RSA and HMAC signatures 2015-01-21 Benjamin Dauvergne Check return value of lasso_session_add_assertion() in lasso_login_build_assertion() Remove _POSIX_SOURCE declaration as it's not needed 2014-12-09 Simo Sorce Fix coverity issue about unchecked return If find_path() does not find MinorVersion, then no value is changed and we repeate the search with the values for thr major version. Check if we have found anything and if not set the minor version to 0. License: MIT 2014-10-17 Benjamin Dauvergne Improve top level commint in CGI script example Add simple example of a CGI service provider script written in C 2014-10-02 Benjamin Dauvergne Remove dead code in the PHP5 binding 2014-09-02 Benjamin Dauvergne xml: modify xschema snippets to handle xsd:choice constructs xml: support xsd:choices by allowing to rewind or advance after match or miss of a snippet 2014-08-28 Simo Sorce Fix header guard Found by clang License: MIT 2014-08-28 Simo Sorce Assert on missing id In this function id is required, so just assert if it is missing. This also silences a warning about "reference" being used unintialized if "id" is null. License: MIT 2014-08-28 Simo Sorce Missing variable initialization If name_id s unconditonally dereferenced in the cleanup code. If it is not initialized it may cause segfaults or other misbehaviors. License: MIT 2014-08-28 Benjamin Dauvergne Fix release date of 2.4.1 Release 2.4.1 Add tool gitlog-to-changelog 2014-08-12 Frédéric Péters saml-2.0: set NotOnOrAfter on the Conditions element (#5248) This is actually required for interoperability with Dropbox SAML support. 2014-08-12 Benjamin Dauvergne doc: add lasso_server_add_provider2 and lasso_server_load_metadata 2014-08-11 Frédéric Péters debian: don't move perl files debian: accomodate perl now installing in the right directory perl: keep on using PREFIX, required for distcheck reformat gtk-doc function comment to work with gtk-doc 1.21 2014-08-11 Simon Josefsson fix pkg-config typo. 2014-08-06 Niko Tyni Use INSTALLDIRS=vendor for the Perl bindings, as per the Debian Perl policy Debian packaged Perl modules should be installed into the vendor directories (currently /usr/lib/perl5 and /usr/share/perl5), but the upstream default puts the into the 'site' ones (modified with the PREFIX setting.) Explicitly using INSTALLDIRS=vendor simplifies the install rules and removes the need for PREFIX, which has been deprecated in ExtUtils::MakeMaker for a long time. 2014-07-30 Benjamin Dauvergne Restore not-unused code Clang was wrong on one instance, a value must be initialized to its NULL state before using any lasso_assign_ macro with it. Bug introduced in 4789e8d4d68eb. 2014-07-30 Simo Sorce One more uninitialized value encode_key may be release when not initialized if va_args returns null on the first while loop. License: MIT 2014-07-30 Simo Sorce Fix potential null dereference errors Ina number of cases function inputs are not checked for NULL although values may end up with a NULL value and then they are dereferenced directly. Check values in the function (or the caller) if appropriate. License: MIT 2014-07-30 Simo Sorce Do not dereference null pointers Sounds like these should all be boolean 'OR's, otherwise, if profile is not in fact a lasso profile then profile->private_data will be dereferenced even if it is NULL. Found by Clang License: MIT 2014-07-30 Simo Sorce Rearrange case checking to avoid compiler warnings The compiler was complaining that 'compa' could be uninitialized. USe this occasion to make the code simpler to understand and assign actually meaningful values to the variable, even though the proper actions are not implemented yet. License: MIT 2014-07-30 Simo Sorce Properly exit on error The rc error was being set but then it was being ignored. Get out immediately if an Issuer can't be found. License: MIT 2014-07-30 Simo Sorce Consistently check dsig_reference_ctx Check if this is not NULL in all cases, to avoid NULL pointer dereference. Found by clang License: MIT 2014-07-30 Simo Sorce Trim unused code Clang complains these values are never used, avoid even assigning them. License: MIT 2014-07-30 Simo Sorce Trim dead code These conditions can never be reached as the list is filtered with and and to the value of 0xff, so just drop them, they are misleading. (Also silences checkers which were screaming of deadcode, for each and every unmatchable value ...) License: MIT 2014-07-30 Simo Sorce Fix confusing loop test Coverity was marking the check for tsnippet after the while loop, confused by the check. Make it more readable, and in the process make checkers happy too. License: MIT 2014-07-30 Simo Sorce Fix some uninitialized value The compiler complain about these values not being initialized. come of them do not really matter as they are only really used when later initialized in the code and the code paths would not use them if not initialized in a previous block, however some of these seem real issues. In all cases make the compiler happy so we get less noise in the build and less false positives in code chckers. License: MIT 2014-07-30 Simo Sorce Missing check for Sig_Alg value Initialize the sig_alg value to NULL (The compilers was complaining it may be used initialized), but also make sure to check the re is any sig_alg at all, otherwise return a proper error. License: MIT 2014-07-30 Simo Sorce Fix boundary check Coverity was marking this as an array overun as the check would never be possible and wuld allow any value for query_request_type, including "unset" wihch is 0. fix the boundary checks. License: MIT 2014-07-30 Simo Sorce Fix uninitialized values found by Coverity These values where being used without being initialized at least in some edge cases. Make Coverity happy by properly initializing them. Some of these are real bugs, not just silencing a tool. License: MIT 2014-07-30 Simo Sorce Fix format check for date Coverity was complaining that tm was used uninitialized, but the truth is that a third error condition where the string passed in matches no valid format was not handled. Just return an error in that case. License: MIT 2014-07-30 Simo Sorce Fix error checking in xml.c Coverity was complaining that 'integer' was being used without initialization (from the caller). Turns out it was erroneously used to test the result instead of the just sourced 'what'. License: MIT 2014-07-30 Simo Sorce Fixes for unchecked return values Coverity complains that in a number of places errors are not checked. Some of them are ok not to check so put a silencing (void). Check errors that need to be checked. Coverity also complains g_malloc() return is never checked but given it is never checked anywahere let it be for now. License: MIT 2014-07-30 Simo Sorce Be correct in dealing with varargs Although in this cases it may be safe to omit va_end() that is not generally so with an arbitrary compiler on an arbitrary platform. Quoting from the spec: "Each invocation of va_start() must be matched by a corresponding invocation of va_end() in the same function." note the "must" Checker tools like Coverity complain if va_start() is not always paired with va_end(), so this patch mutes them. License: MIT 2014-06-08 Benjamin Dauvergne bindings/python/tests: session indexes storage preserves order now tests: add target to Makefile to produce valgrind suppression entries tests/valgrind: add suppression of all leaks related to initialisation of the GLib type system tests: fix leaks saml-2.0/profile: fix leak of xmlSecKey when building signed query strings id-ff/provider: fix leak of xmlSecKey xml/samlp2_logout_request: fix leaks around session indexes server: fix leak of xmlSecKey objects session: fix leak of _NidAndSessionIndex structures 2014-06-07 Benjamin Dauvergne saml-2.0/server: fix invalid memory access GList must never be allocated through malloc as it internally managed using gslice. Always use Glib constructors and methods. tests: fix leak in log message checker tests: do not reuse tc_response_new_from_xmlNode test case 2014-05-28 Benjamin Dauvergne bindings/python: fix conversion of unicode value to UTF-8 for setters 2014-05-21 Benjamin Dauvergne login: complete document of lasso_login_process_authn_response_msg on expectable error codes 2014-04-24 Benjamin Dauvergne website: update links section website: add news about 2.4.0 release website: fix HTML grammar errors xml/xml.c: fix liberal use of casting for the SNIPPET_INTEGER and SNIPPET_BOOLEAN case Some behaviour are also made more explicit like the optional if equals to -1 case for integer fields, and the optional if FALSE for boolean fields. INSTALL: add php-cli to needed dependencie when compiling on Debian tests: pass automake CFLAGS when compiling tests2 lasso/xml/tools.c: fix reference to unitialized memory NEWS: fix wrong date for 2.4.0 release update website for 2.4.0 release - remove windows installer reference - update debian repository configuration - point to cgit browser and releases directory 2014-04-23 Simo Sorce Fix generators for parsing of integer values All number types including enums are parse as if they were integers, this breaks in many ways, long and int are not the same size in all architectures as well as enum may vary in size depening on compiler, architecture and optimizations. Always pass an actual long to PyArg_ParseTuple() and rely on the a cast from long to the destination variable type in the following assignment. 2014-04-15 Simo Sorce Fix java version detection 2014-03-31 Benjamin Dauvergne update NEWS bindings/perl/Makefile: it's difficult to control produced code so disable warning on unused-but-set-variable 2014-03-31 Frédéric Péters perl: get required CFLAGS from $(perl -V::ccflags:) 2014-03-25 Benjamin Dauvergne fix: remove warning by not calling g_type_init() with glib > 2.36 as it's deprecated 2014-01-07 Benjamin Dauvergne configure.ac: update LASSO_VERSION_INFO Revert "configure.ac: desactivate the PHP5 binding if no CLI interpreter is available" This reverts commit a3d53764fa75c30ee9a118088f0a224bc20059e4. docs: remove section 2014-01-06 Benjamin Dauvergne configure.ac: desactivate the PHP5 binding if no CLI interpreter is available configure.ac: remove checks for SWIG 2013-12-29 Frédéric Péters import 2.3.6-3 changelog entry use php5enmod and php5dismod 2013-12-29 Moritz Muehlenhoff enable hardened build flags 2013-12-29 Frédéric Péters import 2.3.6-2.2 changelog entry import 2.3.6-2.1 leftovers 2013-12-19 Benjamin Dauvergne configure.ac,fedora/lasso.spec: remove expat dependency INSTALL: add paragraph about build dependencies more work toward release 2.4.0 2013-12-18 Benjamin Dauvergne id-ff/providerprivate.h,id-ff/provider.h: make lasso_provider_verify_signature public API It's necessary for the crudeSAML SASL mechanism. 2013-12-11 Benjamin Dauvergne bindings/python: automatically encode string into utf-8 when passing unicode string to Lasso methods fixes #4077 2013-12-10 Jérôme Schneider python-lasso.install: replace site-packages by dist-packages add python-lasso.install with python files 2013-12-08 Benjamin Dauvergne id-ff/session.c: fix wrong variable reference in init_from_xml_nid_and_session_index 2013-12-08 Thomas NOEL update control.in with control 2013-12-06 Benjamin Dauvergne remove the debian directory from the project 2013-12-06 Jérôme Schneider python-lasso.install: don't install old /usr/lib/python*/site-packages 2013-12-06 Frédéric Péters doc: remove broken gtk-doc tests for now perl: make it compatible with recent libxml2 2013-12-05 Frédéric Péters doc: remove reference to init.xml that is not created anymore build: replace python $libdir by our own 2013-12-05 Simo Sorce Better python detection in configure.ac License: MIT Support automake 1.13 and 1.14 License: MIT 2013-12-04 Jérôme Schneider debian: replace dh_pycentral by dh_python 2013-12-03 Simo Sorce Fix license boilerplates Instad of referring to an old FSF address, point the reader to the FSF website where the latest licenses and addresses are published. 2013-11-20 Benjamin Dauvergne jenkins.sh: do not ignore errors 2013-10-23 Frédéric Péters python: do not fail displaying a non-C error (fixes #3866) The binding does a raise Error('failed to create object') but the local Error exception class expects a lasso error code, and will thus fail if printed. File ".../lasso.py", line 54, in __str__ return '' % (self.__class__.__name__, self.code, _lasso.strError(self.code)) TypeError: an integer is required 2013-10-11 Benjamin Dauvergne saml-2.0/provider: when looking for endpoints take a null role as meanning « take the first one » 2013-10-10 Benjamin Dauvergne saml-2.0/profile: fix typo in commit 8de55 saml-2.0/profile: add warning message when unable to build an artifact response message due to an unfound artifact resolution endpoint 2013-10-01 Benjamin Dauvergne web: update mailing list urls 2013-09-27 Benjamin Dauvergne debian: add a source/format file debian: add a source/format file toosl/git-version-gen: use a dot to separate the commit string from the regular version lasso/xml/tools.c: fix misuse of xmlURIUnescapeString If the length argument is NULL, the full string is unescaped; the behaviour we expected is to return a 0 length string. tools/git-version-gen: keep the g before the git commit number debian: import current packging for debian wheezy .gitignore: add more bindings/perl: fix type of size variable incompatible with 64 bits arch id-ff/login.c: initialize role status of sp and idp in lasso_login_init_authn_request 2013-09-26 Benjamin Dauvergne jenkins.sh: build a first time before running distcheck, in order to have the documentation compiled tests/data/Makefile: regenerate list of files and directories to distribute docs/Makefile: always set DIST_SUBDIRS add jenkins.sh script 2013-09-08 Benjamin Dauvergne saml2/profile.c: add resolving of the endpoint index in artifacts * lasso/saml-2.0/profile.c: add new argument role to lasso_saml20_profile_init_artifact_resolve() for looking up ArtifactResolutionService location; extract endpoint index from artifact and use it to resolve the endpoint location. * login.c: pass new argument ; force msg_url as it is preinitialized by lasso_saml20_profile_init_artifact_resolve() saml2/provider.c: add new function lasso_saml20_provider_get_endpoint_url() for retrieving endpoint locations using the new endpoints list errors.{c,h}: add new error LASSO_PROFILE_ERROR_ENDPOINT_INDEX_NOT_FOUND for reporting when a recevied artifact does match any declared endpoint saml2/profile: fix missing ArtifactResolutionService index in artifacts tests: add non-regression test to check that we correctly provide the ArtifactResolutionService index in artifacts saml2/login: fix role of providers in process_authn_request() and idp_initiated_authn_request() It is necessary for endpoint resolution to know the role of providers. tests: in check_equals() and check_not_equals() macros use long long int as a catchall type for printing compared values fix compilation errors on 64bits architectures * sizeof(unsigned int) != sizeof(size_t) * INT_MAX != LONG_MAX fix warnings about unused but set variables 2013-08-27 Benjamin Dauvergne Revert "doc: fix EXTRA_DIST definition in reference/lasso/Makefile.am" This reverts commit a223afc6077528792055def999c29ac5f4d8a418. It seems to be incompatible with recent version of gtk-doc, I need to investigate more this problem. doc: fix EXTRA_DIST definition in reference/lasso/Makefile.am 2013-07-30 Benjamin Dauvergne Merge remote-tracking branch 'origin/libxml2.9-compat' 2013-07-20 Frédéric Péters website: fix commercial licencee page location 2013-06-19 Tim Newsome AM_C_PROTOTYPES is no longer supported in autoconf 1.12. Add support for automake 1.12. 2013-06-04 Benjamin Dauvergne configure.ac: do not passe the full version suffix as the release number FAQ.rst: start a FAQ file 2013-05-15 Benjamin Dauvergne configure: generate version number from git revision between tagged release The script git-version-gen is copied from the autoconf project. 2013-03-20 Benjamin Dauvergne python: fix logout request parsing test adapt to new checks done on logout request nodes tests: comment out dump/restore checks against complex nodes saml-2.0: fix missing signature on logout responses 2013-03-07 Benjamin Dauvergne pkgconfig: do not leak lasso dependencies to users Change Require into Require.private Thanks to Thijs Kinkhorst and Olav Morken for the suggestion. 2013-01-25 Benjamin Dauvergne xml-saml-2.0: ManageNameIDRequest must have a NameID xml-saml-2.0: LogoutRequest must have a NameID xml: really enforce elements cardinality when parsing messages - add a new SNIPPET_MANDATORY: we could only indicate 0-1 and 0-* cardinalities, now we can also indicate 1-1 and 1-* cardinalities. - repect cadinalities when parsing an xmlNode tree into a LassoNode tree. xml-saml-2.0: add missing namespace declaration for the KeyInfoSujectConfirmationData sub-type fix memory leak in lasso_node_impl_init_from_xml: release the class_list utils: add a lasso_release_slist macro add a lasso_release_slist fix potential segfault in lasso_node_impl_init_from_xml Fix distcheck build problem in docs/Makefile.am Bug introduced in commit e97a36fa fix warning in docs/reference/lasso/Makefile.am 2012-09-28 Benjamin Dauvergne Rewrite all xmlNode serialization code to be compatible with libxml 2.9.0 Libxml stopped exposing the internal of the xmlOutputBuffer structure; it was replace by proper use of the API and of the xmlBuffer structure. There could be regression for older version of libxml as some functions appeared in recent version of libxml; but the reference API document does not give any introduction date for functions so it's hard to be sure. 2012-09-26 Benjamin Dauvergne fix segfault in saml-2.0/provider.c:load_endpoint_type2 Thanks to Hiromitsu Fujita for the patch. fixes #1582. 2012-07-11 Benjamin Dauvergne tests: add a SSO test with DSA keys to python bindings tests 2012-06-21 Benjamin Dauvergne Fix compilation on solaris Thanks Wojciech Lichota for the patch. Fixes #1516 2012-06-21 Benjamin Dauvergne fix SIGSEGV when loading metadata files Thanks Wojciech Lichota for the patch. Fixes #1516 2012-05-05 Benjamin Dauvergne [bindings/php5] remove redundant check to is_transfer_full [bindings/php5] add missing release for xmlnodes in return value wrapper [abi] update for release 2.4.0 [bindings/python] in constructors wrappers build the return value before [bindings/python] free xmlnode argument owned by the callee [bindings/python] fix some indentation [bindings/python] boolean values does not need to be released [bindings] add a default parameter to is_transfer_full whose default is False [bindings] improve matching for object types [xml] fix wrong forward declaration [xml] add missing include [xml] fix typos [lasso] add missing GObjectIntrospection annotations to lasso_node_get_original_xmlnode [lasso] add missing GObjectIntrospection annotations to lasso_misc_text_node_get_xml_content [NEWS] improve 2.4.0 release notes Merge branch 'release-2.4.0' 2012-04-27 Benjamin Dauvergne fix wrong EXTRA_DIST in lasso/xml/dsig/Makefile.am 2012-04-26 Thomas NOEL fix compilation error with xmlsec 1.2.18 / freebsd (#1365) see http://dev.entrouvert.org/issues/1365 2012-04-23 Frédéric Péters Allow building from git without gtk-doc installed 2012-04-06 Benjamin Dauvergne [saml2] modify behaviour of lasso_saml2_assertion_add_attribute_with_node If an AttributeStatement already exists, we add the new attribute to it. 2012-04-02 Frédéric Péters build: do not include multiple glib headers 2012-03-25 Benjamin Dauvergne [core] including glib headers directly is deprecated, we must only use now 2012-03-17 Benjamin Dauvergne [tests] add test cases for the LassoKey class [key] add methods to send message using SAML 2.0 redirect and post bindings [saml2] fix handling of SingleSignOnServer in lasso_saml20_provider_get_first_http_method When checking if a synchronous http method can be used for sending a request to the SingleSignOnService we must check if the response can received by the AssertionConsumerService with a synchronous binding not the SingleSignOnService. 2012-03-05 Frédéric Péters php5: use zend_function_entry, for compatibility with PHP 5.4 2012-03-02 Benjamin Dauvergne [bindings php5] fix missing wrappers for constructors 2012-02-27 Benjamin Dauvergne [bindings php5] improve generation of php call stubs by using type case helpers, raise exception in unknown case 2012-02-25 Benjamin Dauvergne [website] add piwik tracking code to base template 2011-12-29 Benjamin Dauvergne update NEWS Add release notes Add missing abi files Update files for release 2.4.0 Incompatibility with clang: local functions with closure does not work 2011-12-23 Benjamin Dauvergne Merge branch 'more-datas-in-sessions' [tests] remove work-around for letting ID-FF 1.2 tests work with the thin-sessions flag activated But when thin-sessions is activated we use the new way of passing artifact message content around. 2011-12-23 Benjamin Dauvergne [id-ff 1.2] change websso with artifact binding to work as SAML 2.0 The old way of transmiting the assertion to return via the session is kept, but a new way more semblable to the one used in the SAML 2.0 code is added. After lasso_login_build_artifact_msg() you must save the return of lasso_profile_get_artifact_message() linked to the value of the artifact obtained via lasso_profile_get_artifact(). In the artifact-resolve endpoint you must find the artifact message corresponding to the return value of lasso_profile_get_artifact() reinstall the artifact message using lasso_profile_set_artifact_message() just before calling lasso_login_build_response_msg(). This change is necessary for ID-FF 1.2 SSO profile to work with the thin-sessions. 2011-12-22 Benjamin Dauvergne [id-ff 1.2] in lasso_login_build_assertion() always add the assertion to the response [tests] protect the ID-FF 1.2 test cases from effect of the thin-sessions flag until it is migrated to work also with thin sessions [doc] do some documentation fixing [id-ff 1.2] provision the SessionIndex into the assertions Without it SLO session management is broken. [id-ff 1.1] add support for multiple SessionIndex to lib:LogoutRequest Combined with the new LassoSession storage for SessionIndex, it should fix many bugs when doing SLO. [saml 2.0] use the new SessionIndex storage for SLO management It shoulf fix any missing functionnalities regarding missing session indexes in logout requests sent by identity providers or service providers. [core] add support for thin-sessions environment flag, to reduce size of LassoSession dumps [core] add simpler storage for SessionIndexes in the LassoSession 2011-12-19 Benjamin Dauvergne [id-ff 1.2] add lasso_saml_name_identifier_equals() to compare NameIDs [website] remove the buildbox link for now [website] target the bug report link to on redmine 2011-12-16 Benjamin Dauvergne [saml2] fix lasso_saml20_logout_validate_request when more than one SessionIndex is sent [Makefile] add strings.h to the dsig module includes [xml/saml2] replace magic string by a define Simplify useless complexity in include paths [xml] in is_interaction_request.h move new field to the end of the structure fto limit ABI impact Merge branch 'rewrite-node-impl' [tests] fix tests to comply with new implementation of parsing The test around parsing of EncryptedAssertion was wrong since it was missing the XMLEnc namespace declaration. 2011-12-16 Benjamin Dauvergne [xml] rewrite schema directed serialization/deserialization methods The new implementations of lasso_node_impl_init_from_xml now validate namespace of all child nodes befores parsing. It stops on any error. For node which implement their own parsing of an attribute or a node, it must declare an XmlSnippet with an offset field set to 0. The 0 value is invalid for public GObject structure (it's the place of the GObject machinery like the reference count). The 0 offset can be used for XmlSnippet in a private structure, so never set the offset to 0 with the flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode virtual method. Other ameliorations in this commit is the possibility to set attributes with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The syntax for an attribute is inspired by the element tree API from Python: {namespace}attribute_name an example: {http://www.w3.org/2001/XMLSchema-instance}type for the classic xsi:type attribute. 2011-12-16 Benjamin Dauvergne [xml] add LASSO_XMLENC_PREFIX and LASSO_XMLENC_HREF defines [xml] add missing nodes to LassoIsInteractionRequest [xml] change saml_advice.h to declarer the real node type It also needed a change to bindings.py to parse struct as well as typedef node classes. [xml] complete missing namespace declarations for child nodes To allow lasso_node_impl_init_from_xmlnode to do proper namespace checking, child node which are not of the same namespace as their parent in their XSD schema must have an explicit namespace declared in the XmlSnippet. [core] mark private_data field of the LassoKey structure as private [tests] improve checking for log output - now any non expected log output is considered an error, by setting a g_log default handler. - block_lasso_logs()/unblock_lasso_logs() will block logging output at the DEBUG level - begin_check_do_log(level, message, endswith)/end_check_do_log() with check that the only message emitted between the two macros is one equals to "message" at the level "level", or ending (to work around variable parts in a log message) with "message" if "endswith" is True. [tests] rename login test suite, with mentions of ID-FF 1.2 and SAML 2.0 [Makefile] fix missing soap11 nodes when compiling for Mingw [core] fix uninitialized pointer to a GError structure [core] move XMLDsig related nodes in their own sub-library, add X509Data node implementation The goal is to use the KeyInfo structure as a transport format for our cryptographic keys 2011-12-09 Benjamin Dauvergne remove debugging printf statement 2011-12-08 Benjamin Dauvergne [provider] fix doc comment [id-ff] move LassoLogout to use LassoSignatureContext [logging] add an error() macro [id-ff] move LassoLogin to use LassoSignatureContext 2011-12-05 Benjamin Dauvergne [core] rename lasso_provider_set_specific_signing_key to lasso_provider_set_server_signing_key [perfs] add command line options, add option to use shared secret key cryptography Performance with HMAC-SHA1 is 100x the one with 2048 bits RSA. [core] add the HMAC-SHA1 shared secret signature method [core] refactor lasso_query_verify_signature and lasso_saml2_query_verify_signature This commit introduces lasso_query_verify_helper which factorize cryptographic operations. [tests] use helper macros in id-ff test case [core] add lasso_provider_add_key to add other key for signature validation The added key can be appended or prepended, depending on the need for the key: - rollover - improving performances (using simpler cryptographic algorithmss using shared secret keys) [core] add method lasso_provider_set_specific_signing_key Using this method you can specify a signing which will be used for communication with the specified provider instead of the one configured on the LassoServer object. The main objective is to allow shared secret cryptography instead of public key cryptography. [core] add a new class LassoKey LassoKey currenly store a LassoSignatureContext inside a reference-counted and bindable object. It will be used to export API around key management to bindings. [core] set the xmlSec log handler globally The log handler is not set in lasso_init(). [saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to factorize some code [core] introduce the LassoSignatureContext context, to pass around signature parameters This structure is used to pass around the signature algorithm and the signature key. [core] add a lasso_base64_decode function [core] replace explicit allocation of LassoProviderPrivate by use of g_type_class_add_private The private part is allocated contiguously to the public structure data. [configure.ac] fix compilation on Mac Os X [xml] use lasso_node_export_to_query_with_password to implement lasso_node_export_to_query [tools] fix lasso_sha1 to return a glib allocated string [id-ff/saml2] add a lasso_server_add_provider2 It allows to add LassoProvider objects directly to a LassoServer object, without using the metadata loading methods. [utils] add lasso_crypto_memequal function This method compare byte strings in constant time. [tools] add a LassoSignatureContext structure to pass signature parameters around Signature parameters are mainly a LassoSignatureMethod and a xmlSecKey. [xml] add an inline function to validate LassoSignatureMethod values - add also a LASSO_SIGNATURE_METHOD_NONE value [utils] add lasso_transfer_xml_node macros [core] simplify lasso_provider_load_public_key 2011-11-29 Benjamin Dauvergne [web] fix link on the download page Merge branch 'multi-certificates' Merge branch 'excl-c14n-fix' [web] add release news for release 2.3.6 [release] 2.3.6 2011-11-22 Benjamin Dauvergne [integration tests] does not use full leak report [integration tests] show more callers when using valgrind memcheck looking for leaks in authentic and lcs [tests] add test for rollover on the SP side, i.e. rollover of encryption keys This test case is the first to abstract the workflow between two LassoLogin object (for the idp and sp side). This part of the code could be used to simplify the code of other tests in the future. 2011-11-22 Benjamin Dauvergne [core] do not emit a warning for expected decryption errors The only expected decryption error is on decryption of the symetric key used to crypt the data. All other errors are critical and must be logged. Client of lasso_node_decrypt_xmlnode can then log the decryption failure of the symetric if they tried with all possible keys (key rollover case). 2011-11-22 Benjamin Dauvergne [core] add a new class of errors for xml encryption errors add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable xml decryption errors. [leakcheck] fix leaks seen by the unit tests This commit also improved valgrind suppression file to hide static allocations done by the GLib type system. [core] fix wrong XML canonicalization when assertion is extracted without its namespace context 2011-11-21 Benjamin Dauvergne [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5 - gcc now warns when you compate a typedef to the anonymous enum which define it. - some inline function in the zend.h header do compare between signed and unsigned char. 2011-11-21 Benjamin Dauvergne [core] multiple decryption keys support This commit complements the support for multiple signing certificate support in the metadata files. The use-case is still key roll-over. The structure LassoServerPrivateData was changed to accomodate multiple decryption keys, and so: xmlSecKey *encryption_private_key became: GList *encryption_private_keys All uses of this key were replaced by a loop over this list, terminating with the first key to be able to decrypt the content. The private key passed to lasso_server_new() or lasso_server_new_from_buffers() is first added to the list of decryption keys. Any other call to lasso_server_set_encryption_private_key_with_password() or lasso_server_set_encryption_private_key() will add a new key to the list. 2011-11-18 Benjamin Dauvergne Merge branch 'extension-abi-respecting' [saml2] add missing extension point for LassoSaml2SubjectConfirmationData - it can support any content and any attribute without validation xs:any with processContents="lax" [xml] allow to store XSchema data into a private stucture - added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P replaces use of G_STRUCT_MEMBER/_P macros. - we use the GType of the class containing a given XmlSnippet to find the proper private structure. - added flag SNIPPET_PRIVATE to state XmlSnippet whose value should be extracted from the private structure and not the public one. [binding python] prevent warning in wrapper_top.c under hardy with gcc 4.2.4 [core] add missing break to switch/case 2011-11-08 Benjamin Dauvergne [bindings] fix bug introduced in last commit 2011-10-18 Benjamin Dauvergne [bindings] fix tree traversal on windows - The file path separator is not / on all platforms, so do not use it when matching filenames. [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5 - gcc now warns when you compate a typedef to the anonymous enum which define it. - some inline function in the zend.h header do compare between signed and unsigned char. [xml saml-2.0] add missing annotation for binding generation to header for LassoKeyInformationDataType 2011-10-13 Benjamin Dauvergne [xml saml-2.0] add a class to handle the KeyInfoConfirmationData type * use a direct mapping to map this class to SubjectConfirmationData node having the xsi:type attribute. * overload get_xmlNode method to add the xsi:type attribute on output. [xml] allow node classes to not defined their nodename, useful for simple Type 2011-10-10 Benjamin Dauvergne [id-wsf2 profile] check provider->private_data->roles instead of provider->role Fixes #140. [id-wsf discovery] provider can now contain multiple public keys, only consider the first key for id-wsf token generation ID-WSF never contemplated the fact that sometimes key roll-over happend (SubjectConfirmation can only containg on ds:KeyInfo), whatever... [saml-2.0] augment lasso_saml20_provider_get_first_http_method to verify presence of synchronous bindings [xml] if a SNIPPET_LIST_NODES as the SNIPPET_ANY flag, allows really any kind of node through LassoMiscTextNode [xml] allows LassoMiscText.init_from_xml to parse any xmlNode If the node has no attributes and has a simple string content, we use the classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete xmlNode is copied. [tests] add non-regression tests concerning the parsing of any xmlNode tree by LassoMiscTextNode when SNIPPET_ANY is used by a LassoNode [xml] only try to map an xmlNode to a class ame if the node has a namespace [xml saml-2.0] change AttributeValue snippets to accept any children An AttributeValue has an XSchema type of xs:any. 2011-10-07 Benjamin Dauvergne [xml] create a static version of lasso_node_new_from_xmlNode_with_type without error logging When used inside lasso_node_impl_init_from_xml the error logging is prematurely sent as there is a backup procedure for parsing unknown nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode containing a copy of the parsed xmlNode child. 2011-09-09 Benjamin Dauvergne [configure.ac] default AM_MAINTAINER_MODE to enable 2011-07-08 Benjamin Dauvergne [configure.ac] remove useless semi-colons Fix wrong version exported in the PHP binding 2011-06-03 Benjamin Dauvergne Change the glob expression to match darwin $host_os Also use the $DARWIN flag to control the setting of JNI_EXTRA_LDFLAGS. 2011-05-30 Benjamin Dauvergne [java] try to make test works under Mac Os X [core] finish transition from single encryption key to multiple ones Some code still reference provider->private->encryption_public_key, this commit make them use lasso_provider_get_encryption_public_key(). 2011-05-27 Benjamin Dauvergne [bindings perl] remove --as-needed from linker flags, it is not supported evrywhere It can come back if we add proper checking of the support on the platform, maybe we can leverage tests made by autoconf. Disable metadata loading test with the UK federation files 2011-05-23 Benjamin Dauvergne Merge branch 'multi-certificates' 2011-05-19 Benjamin Dauvergne [bindings perl] in Makefile.am, gives a default template to mktemp Thanks to Nathan Sowatskey for the bug report and the fix. [core] start of support multiple keys for encryption [tests] add unit test for the provider with multiple key feature [tests] add sample metadata for testing metadata with multiple key descriptors 2011-05-19 Benjamin Dauvergne [core] first try at multiple signing keys support The idea was to replace every use of an xmlSecKey* by a loop over a GList* of xmlSecKey*. - In the structure LassoProviderPrivate changed xmlSecKey*public_key -> GList* signing_public_keys xmlNode*signing_key_descriptor -> GList* signing_key_descriptors. - Renamed lasso_provider_try_loading_public_key to lasso_provider_try_loading_public_keys and chaned its signature accordingly - Renamed lasso_provider_get_public_key to lasso_provider_get_public_keys and changed the signature accordingly. - Changed lasso_provider_get_encryption_public_key to return the first signing key from the list as a temporary work around. Multiple encryption keys will be supported later. - Changed lasso_provider_load_public_key to load keys from the passed file on the LassoProvider constructor, from every key descriptors found for signing and eventually from the key descriptor marked for encryption. - Every failure to load from a file or an XML KeyInfo descriptor are noew reported as warning. - Query signature checking was completely moved to lasso_provider_verify_query_signature and lasso_provider_verify_signature now calls it. - lasso_provider_verify_signature is now using lasso_verify_signature from the xml/tools.o module. - lasso_provider_verify_single_signature was modified to support multiple signing keys. 2011-05-19 Benjamin Dauvergne [utils] add macros to append to and release a list of xmlSecKey* [core] make lasso_provider_verify_query_signature use lasso_provider_verify_signature [bindings perl] in Makefile.am, gives a default template to mktemp 2011-05-18 Benjamin Dauvergne [xml] use g_strndup instead of strndup, as it is more portable 2011-05-17 Benjamin Dauvergne [tests] fix broken renater metadata file A modification was introduced which broke the signature, updating to the last version. 2011-05-16 Benjamin Dauvergne [tests] move renater metadata files into the metadata/ subdirectory 2011-05-08 Benjamin Dauvergne [saml2] add proper error code for partial logout status code [saml2] fix build_request_msg for AuthzDecision assertion queries The servicepoints and roles arrays did not match the provider role enumerations. 2011-04-21 Benjamin Dauvergne [saml2] if Status is not Success pass continue processing the response lasso_saml20_login_process_response_status_and_assertion does analyze the response status code login specific error codes, if the generic processing from lasso_saml20_profile_process_any_response returns a status of response is not success, we must continue processing. [saml2] for any RequestDenied SAML2 response return LASSO_PROFILE_ERROR_REQUEST_DENIED as error [core] add a generic LASSO_PROFILE_ERROR_REQUEST_DENIED 2011-04-20 Benjamin Dauvergne [core] make LassoServerLoadMetadataFlag enum a typedef 2011-04-14 Benjamin Dauvergne Merge branch 'load-federation' [tools] redirect xmlsec errors to lasso error handler [tools] use LASSO_LOG_DOMAIN instead of magic constant [Makefile] move lasso/xml/tools.h to public headers 2011-04-14 Benjamin Dauvergne [core] add flags parameter to lasso_server_load_metadata to tune signature checking on metadata files The flags parameter allows to control the checking of digital signature upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata files. The default behaviour is to check all found signatures and to inherit signature from EntitiesDescriptor to their children. By only enabling checking of EntityDescrtiptor node signatures it's also possible to only check signature at the EntityDescriptor level and so only trust individual entities and not the aggregating provider. 2011-04-04 Benjamin Dauvergne [core] update documentation of lasso_server_load_metadata 2011-04-04 Benjamin Dauvergne [core] make lasso_server_load_metadata load any metadata file The new code can load metadata file with a EntityDescriptor root node, and with nested EntitiesDescriptor. Idea and prototype by Olav Morken. 2011-04-04 Benjamin Dauvergne [server] in lasso_server_load_metadata do not duplicate checks already made by lasso_verify_signature lasso_verify_signature already checks that reference is to the given signed node, be it referenced through an ID or through an empty reference. [xml] if signature reference is empty check that signed node is the document root An empty reference means the complete document, so the signed node is the root element of this document. We must check that the parameter signe_node dmatches our assumption. [core] rename lasso_server_load_federation to lasso_server_load_metadata The aim of this function is now to load any metadata file, and to replace completely the use of lasso_server_add_provider. The metadata content argument is replaced by a metadata file path to more closely match other APIs. [web] update download page 2011-03-30 Benjamin Dauvergne [core] add a loaded_entity_ids output parameter to lasso_server_load_federation It allows to know which entity has been loaded from the metadata file. It must be freed by the caller. [core] add a blacklisted_entity_ids parameter to lasso_server_load_federation The goal is to prevent loading of provider known to have problems. 2011-03-29 Benjamin Dauvergne [tests] remove spurious output [tests] continue improving the lasso_server_load_federation test cases [tests] test lasso_server_load_federation The test operates on the metadata file of the french university network Renater. [tests] add renater federation metadata file for testing [core] add a lasso_server_load_federation method This method allows to load providers in bulk from what is called a federation file, i.e a SAML metadata file containing declarations for more than one provider. Those file are usually signed to bind some trust to its content, so lasso_server_load_federation can take an optional file path to a certificate chain file used to check the signature on the given XML content. Only same document signature is accepted (i.e. there must be only one XML signature reference and it should be to the empty string meaning the « current » document). [core] add a private constructor to build LassoProvider object from an xmlNode I'm not sure of the need outside lasso so I will let this method private for the moment. It's an helper method for the lasso_server_load_federation method which traverses an EntitiesDescriptor node to find all the EntityDescriptor contained inside. [saml2] add and internal method to load a federation metadata file It only loads one kind of provider (idp or sp). It's currently impossible for a provider to have the two roles at the same time toward a given LassoServer object, i.e. the current service is a service provider or an identity provider, it cannot be the two at the same time. [saml2] improve reporting of errors when loading a provider metadata file [xml] allow empty reference in XML signature (document signature) [xml] make id_attr_name parameter optional for lasso_verify_signature 2011-03-07 Benjamin Dauvergne [xml] fix lasso_node_get_xmlnode_for_any_type xmlCopyPropList does not copy the property list into the target it just copy it with respect to the target (mainly for namespace references). This patch adds the real copy into the target node. 2011-03-01 Benjamin Dauvergne [core] add missing namespace definitions to internal objects Identity, Lecp, Login, Logout, NameIdentifierMapping, NameRegistration, Session, AssertionQuery, Ecp and NameIdManagement objects were missing a namespace association to their GObject class. It broke when you try to dump a node created by lasso_node_new_from_dump. [tests] add test case for multiple load and dump of the same object 2011-02-08 Frédéric Péters [debian] adapt packaging to official section overrides [debian] adapt packaging to official section overrides [debian] sync packaging with official package [debian] sync packaging with official package 2011-01-25 Benjamin Dauvergne Merge branch 'master' of git@dev.entrouvert.org:lasso 2011-01-25 Jean-Marc Liger [Fedora RPM] spec file update 2011-01-24 Benjamin Dauvergne [tests] change perfs to accept a second parameter giving the data files to use Also add metadata files to check performance with 512 and 1024 bit RSA keys. 2011-01-14 Frédéric Péters [php5] Comments starting with '#' are deprecated 2011-01-05 Benjamin Dauvergne Remove right column with download, binary packages and source links It is redundant with other columns. [web] fix date and version in news 19 [web] fix typo in news for release 2.3.5 Merge branch 'hotfixes-2.3.5' [ŕelease] Add release notes, update doap files and website [dist] create Changelog directly from git 2011-01-04 Benjamin Dauvergne [tests] adapt Makefile.am to new path of metadata dir Merge branch 'hotfixes-2.3.5' [wsf] fix wsf preprocessor conditionals [bindings python] configure basic logging [ghashtable] add G_GNUC_UNUSED to remove unused static functions warning [saml2] when parsing short numbers reinitialize errno [bindings perl] fix get_hash_of_objects [bindings php5] remove hardcoding the php5 cli interpreter The test script did fail under Centos/Fedora because the interpreter for php5 is named php. 2010-12-22 Benjamin Dauvergne Merge branch 'hotfixes-2.3.5' [bindings perl] downgrade requirement on perl version to 5 instead of 5.10 [bindings perl] downgrade require on perl version to 5 instead of 5.10 Merge branch 'hotfixes-2.3.5' [xml] fix null pointer access in lasso_node_get_encryption 2010-12-21 Benjamin Dauvergne [configure.ac] increment version and libtool version info [saml2] fix errors in lasso)provider_get_first_http_method when a binding is unknown [saml2 provider] change critical messages to debug messages [saml2 profile] fix bug in binding_uri_to_http_method with the POST binding [saml login] suppress unused argument warning 2010-12-17 Benjamin Dauvergne [samlv2 logout] check that the assertion is well formed before accessing the subject nameid [profile] prefer to lookup the session before the identity for looking up a name identifier; [samlv2 logout] setup the NameID from the assertion [samlv2 login] do not setup conditions->notBefore/notOnOrAfter only notOnOrAfter on SubjectConfirmationData 2010-12-14 Benjamin Dauvergne [binding php5] add inline implementation of lasso_log since it is a private function of lasso [binding php5] add inline implementation of lasso_log since it is a private function of lasso Merge branch 'hotfixes-2.3.5' [saml2] make LASSO_SIGNATURE_VERIFY_HINT_FORCE as least as stringent as _MAYBE when checking signature on messages Merge branch 'hotfixes-2.3.5' [xml] remove duplicate EncryptedKey around EncryptedData elements The key is already embedded in the EncryptedData, so there is no need to also fill the EncryptedKey field of the saml:EncryptedElement object. [xml] add exportation of the encrypting public key in EncryptedData elements This commit check if the given is a simple RSA key or a full certificate and choose the better serialization method between RSAKeyValue and X509Data. [tools] fix xml decryption This commit rewrite the extraction of the EncryptedKey when it is embedded inside the EncryptedData element, which seem to be the frequent case. Merge with new field in custome element [saml2] use new encryption structure instead for internal field in LassoSaml2Assertion [xml] add field to contains encryption parameters inside CustomElement structure [utils] fix typo in lasso_assign_sec_key [bindings python] make constructor failure raise a lasso.Error exception 2010-12-13 Benjamin Dauvergne [saml2] do not set SPNameQualifier it should be reserved for SP member of an affiliation 2010-12-03 Benjamin Dauvergne Merge branch 'hotfixes-2.3.5' [tests idwsf2] add missing include for ID-WSF strings 2010-12-01 Benjamin Dauvergne [tests] include the backward compatibility include for GHashTable [bindings perl] change ghashtable interface to not use GHashTableIter [bindings perl] add dependency upon the Makefile.perl for the install target 2010-11-17 Benjamin Dauvergne [bindings] add missing static modifier for g_hash_table_get_values replacement [tests] include header for backward compatible methods on GHashTable structures 2010-11-15 Benjamin Dauvergne [bindings] fix bad use of lasso_return_if_fail in ghashtable backward compatibility header 2010-10-27 Benjamin Dauvergne Merge branch 'hotfixes-2.3.5' 2010-10-20 Benjamin Dauvergne [SAMLv2] fix segfault in has_signature by initializing local variables 2010-10-13 Benjamin Dauvergne Merge branch 'hotfixes-2.3.4' Merge branch 'hotfixes-2.3.4' into release Update doap and news file Update NEWS file 2010-10-11 Benjamin Dauvergne [tests data request] add googleapps sample AuthnRequest [tests] move metadata directory into data [tests data] add idp and sp example with 1024 bits RSA keys, for performance testing purpose [tools] add a repository for semantic patches as reference [tests metadata] add more examples of metadata files [tests integration] adapt to string change in lcs/qommon/saml2.ptl [SAMLv2] delete an unused local variable Merge branch 'hotfixes-2.3.4' 2010-10-09 Benjamin Dauvergne [SAMLv2] user server->signature_method when signing request and response [tests] add non regression test on assertion consumer endpoints ordering [core] check type of first argument of lasso_provider_get_assertion_consumer_url 2010-10-08 Benjamin Dauvergne fix pardus capitalisation in NEWS file Merge branch 'hotfixes-2.3.4' Conflicts: lasso/xml/xml.c website/web/download/index.xml website/web/index.xml Update release notes and website for release 2.3.4 [xml] fix waring on use of strndup on pardus 2010-10-08 Jérôme Schneider Add missing include 2010-10-07 Benjamin Dauvergne [SAMLv2] handle unknown provider in artifact resolve, and also alow to ignore signature validation In lasso_saml20_profile_process_artifact_resolve, we know take a short path with an error when the remote provider is unknown and we also respect the lasso_profile_get_signature_verify_hint() when checking the signature on the artifact resolve message. [SAMLv2] fix bad double free bug in lasso_saml20_provider_get_assertion_consumer_service_url_by_binding [core] adapt lasso_provider_get_assertion_consumer_service_url for SAMLv2 2010-10-06 Benjamin Dauvergne [docs lasso-book] add figures to the tarball 2010-10-06 Jérôme Schneider Add missing include 2010-10-06 Benjamin Dauvergne Merge branch 'hotfixes-2.3.4' [configure.ac] increment version and libtool version info 2010-10-06 Benjamin Dauvergne [ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler behaviour for checking signatures There is two sources of advice for signature checking: AuthnRequestsSigned attribute in service provider metadata files and value of lasso_profile_get_signature_verify_hint(). If lasso_profile_get_signature_verify_hint() forbid to check signature, we do not check. If the SP advise to check signature, we check. If lasso_profile_get_signature_verify_hint() forces to check signature, we do not check. In all other cases we only check if a signature is present, i.e. we ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND. 2010-10-06 Benjamin Dauvergne [ID-FFv1.2] make lasso_login_process_authn_request_msg() return LASSO_PROFILE_ERROR_INVALID_MSG if received request is not a lib:AuthnRequest [SAMLv2] adopt same behaviour as ID-FFv1.2 for invalid AuthnRequest [SAMLv2&ID-FFv1.2] improve documentation of lasso_login_process_authn_request_msg [SAMLv2] fix ordering of endpoints Ordering by binding is wrong, first order by isDefault (as stated in saml-metadata-2.0.pdf) then by index. [Core] change isdefault type in EndpointType structure As integer we can represent the three value of isdefault: - true - false - attribute absent [docs] update copyright years 2010-10-05 Frédéric Péters [website] "Subversion Status" -> "Git Status" [website] Only keep two latest news items [website] Fixed 2.3.3 release date [website] Update right download box for 2.3.3 [website] Don't duplicate link to git repository in link text [website] Refer to Git in buildbox title [website] Updated copyright years 2010-10-04 Benjamin Dauvergne [Website] Fix bad date [Web] chmod +x on convert-to-static.py [Web] update links for download v2.3.3, add lines to feature matrix [Web] add news file about 2.3.3 Merge commit 'v2.3.3' 2010-10-01 Benjamin Dauvergne Merge branch 'hotfixes-2.3.3' into release [Website] add news about 2.3.3 and update doap and main page [Release] add release notes 2010-10-01 Benjamin Dauvergne [SAMLv2] restore setting of SubjectConfirmationData->NotOnOrAfter This was wrongly removed by me in commit 9d22f29e55524034dfda34c15b76f1b0b78c4413. This is the responsability of the caller to adjust value on the Conditions and SubjectConfirmationData independently after. 2010-10-01 Benjamin Dauvergne [Binding java] replace use of strcmp by g_strcmp0 [Tests] add annotation to remove compiler warnings [Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal Too much human errors with strcmp kind of functions. Also change name os lasso_is_empty_string to lasso_strisempty. [Core] add helper API for string comparaison It should remove most errors when comparing strings. [SAMLv2] add missing compare to 0 introduced in 7386dc8189 I hate strcmp. 2010-09-30 Benjamin Dauvergne [Bindings] change prefix for ignoring soap_binding related files [SAMLv2] also initialize Destination for response messages asynchronous bindings needs Destination attribute even for response messages. [SAMLv2] when NidPolicy->Format is NULL or unspecified, return transient Add more default cases. 2010-09-29 Benjamin Dauvergne [Tests] update perfs to test each phase of WebSSO separately and use SAMLv2 I removed signature at the message level for the response, it should simulate apporiately the artifact binding with SSL transport. [Bindings] restore presence of SOAP nodes The node to exclude when ID-WSF is disactivated was soap_binding_ ones. [Core] fix break of lasso_profile_get_request_type_from_soap_msg from commit b9d535625 ManageNameIDRequest is not an ID-WSF kind of request. 2010-09-27 Benjamin Dauvergne [Core] add missing annotation to lasso_*_dump functions The string returned by these functions is newly allocated and must be freed by the caller. [ID-WSFv1] fix other misuses of the macro lasso_foreach [SAMLv2] fix wrong order in use of macro lasso_foreach The first argument must be the iterator, the second is the iterable. Also add a non-regression test with Googleapps metadata and and a typical authn request. 2010-09-17 Benjamin Dauvergne [SAMLv2] fix early release of the request when using idp_initiaed login [SAMLv2] fix memleak of request in lasso_name_id_management_process_request_msg Add files to .gitignore [Tests] remove a valgrind suppression on g_log_default_handler [Tests] add valgrind targets in the Makefile: leakcheck, leakcheck-reachable and massif [SAMLv2] fix memleak of request in lasso_saml20_login_process_authn_request_msg [Core] fix leak of provider->private_data->endpoints [Tests] fix leak of content in test01_server_new [Tests] fix leak of idpLogoutContext in test04_sso_then_slo_soap [Core] fix leak of provider->private_data->endpoints [XML] fix memleak in lasso_node_export_to_soap [XML] fix memleak of xmlSecKeyMngr when loading a key from a KeyInfo node [XML] fix memleak in get_xmlNode for LassoSamlp2LogoutRequest [XML] fix memleak in get_xmlNode for LassoSamlp2Response [SAMLv2] add missing stack variable initialization [SAMLv2] fix unused variable warning [SAMLv2] in profile.c fix uncovered enumeration value in switch [XML] fix unused variable warnings [XML] fix mem leak whene releasing CustomElement structures [Tests] fix mem leaks [SAMLv2] fix mem leaks 2010-09-10 Benjamin Dauvergne [SAMLv2 NID management] report signature error in response, do not check response signature if forbidden - build_response_msg will report signature error in response status code when called without an initialized response (without a call to validate_request) - process_response_msg now use lasso_saml20_profile_check_signature_status to check the signature status only if permitted. 2010-09-10 Benjamin Dauvergne [SAMLv2] move check for signature status to lasso_saml20_build_response_msg And also handle the signature verification hint. If process_msg fails, you must just call build_response_msg directly. Only check the signature on the response if asked, most applications should not care. 2010-09-09 Benjamin Dauvergne [configure.ac] increment release version and libtool version info Add files to .gitignore 2010-09-09 Benjamin Dauvergne [SAMLv2] apply the LassoProfileVerifySignatureHint when processing requests The check was missing for processing of logout requests, name id management request and assertion query responses. A new internal function lasso_saml20_profile_check_signature_status is added. 2010-09-09 Benjamin Dauvergne [ID-WSFv1&ID-WSFv2] separate better strings for ID-WSF from other strings Code in core source file which depend upon ID-WSF symbols have been conditionalized, and each id-wsf source file now include directly its need string header. 2010-09-08 Benjamin Dauvergne Merge branches 'master' and 'release' of bdauvergne@xen3.lycope.priv:/var/git/lasso into release 2010-09-08 Frédéric Péters News entry for 2.3.1 & 2.3.2 (combined) 2010-09-07 Benjamin Dauvergne Merge branch 'hotfixes-2.3.2' into develop Merge branch 'hotfixes-2.3.2' Increment revision in version Update files for release 2.3.2 Fix lasso soname change If new interfaces are added, first and last number must be incremented. As new enumeration value have been added, this is the case. Merge commit 'origin/master' Merge branch 'hotfixes-2.3.1' into develop Merge branch 'hotfixes-2.3.1' Update files for release 2.3.1 [SAMLv2] when no artifact message is present, still return a success status It is mandated by the specification. 2010-09-06 Benjamin Dauvergne [Tests integration] fix configuration variable name 2010-09-03 Benjamin Dauvergne Merge branch 'develop' into hotfixes-2.3.1 [Core] fix memory leak in lasso_endpoint_free [ID-FFv1.2&SAMLv2] add more warning for failure to load metadata file Report detailf of the failure through warning log. [SAMLv2] when failing to recreate the content for the ArtefactResponse set a lasso specific status code 2010-09-03 Benjamin Dauvergne [SAMLv2] change the way content is stored and loaded for the HTTP-Artifact binding Previously content was stored as the result of lasso_node_dump method then reloaded, and then serialized again as part of the ArtifactResponse message. lasso_node_dump was ignoring all hint to sign node, but keeping the needed parameters around. That's not what must be done, the signature should happen at the generation of the artifact and the result must manipulated as is (i.e. XML content) and never moved back to the land of LassoNode objects. Now the content is: - first removed of any signature at the message level, because the ArtifactResponse will take care of this, (any signature under this level (like at the assertion) is kept), - serialized using lasso_node_export_to_xml, - reloaded using lasso_xml_parse_memory, - and put into the ArtifactResponse using a lasso_misc_text_node_new_with_xml_node. 2010-09-03 Benjamin Dauvergne [SAMLv2] make lasso_saml20_profile_generate_artifact a static function It is only used in lasso/saml-2.0/profile.c anyway. 2010-09-03 Benjamin Dauvergne [Core] load signature parameters Generic signature parameters (attached as qdata to nodes) is now reloaded when initializing a node from XML for a node type with a signature snippet in its metadatas. It fixes the problematic usage of ciphered private keys with the HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse around and to sign it later). 2010-09-03 Benjamin Dauvergne [Core] add private function to read an integer attribute This function does integer parsing and range checks, it returns TRUE if all goes well. [Core] add LAST enum values to LassoSignatureMethod and LassoSignatureType enumerations It helps making range checks. 2010-09-03 Benjamin Dauvergne [Strings] add string constant for the internal XML attributes used in dumps Add string constants for signature method, signature type, private key (file path or content), private key password and certificate (file path or content). Add cast for xmlChar constant strings definition in python bindings, it assumed all constant strings were char*. 2010-08-31 Benjamin Dauvergne [DOAP] fix typos Tags were badly formatted. 2010-08-25 Benjamin Dauvergne [SAMLv2] mark Redirect binding as an invalid binding for return AuthnResponse This is really not supported by the SAMLv2 protocol. [SAMLv2] fix string in comment [SAMLv2] replace use of lasso_provider_get_default_name_id_format with direct use of lasso_provider_get_metadata_one_for_role The first is trying to use provider->role to know which kind of role descriptor to lookup, but for the server object this field is 0 and when building authn request we know that we want our default NameIDFormat for the SP sso descriptor. 2010-08-25 Benjamin Dauvergne [SAMLv2] rebuild specialized LassoProvider methods upon new endpoints storage The new way of storing endpoints allows to keep ordering between endpoints with respect to the order of the index and isDefault field for indexed endpoint type, and to the XML node orders for other endpoints. It also simplifies the code. 2010-08-25 Benjamin Dauvergne [Core] add destroy code for new private field endpoints The contained string must be disallocated if the object is destroyed. [Core] add structure to store endpoints type for metadata files This new C structure will allow to filter ID-FFv1.2 and SAMLv2 endpoints more easily. [XML] use strtol instead of atoi to parse XSchema integers This commit also reject negative integers from being parsed (all integers in SAMLv2 and ID-FFv1.2 schemas are positive integers). [SAMLv2] when AuthnRequest contains invalid attributes returns INVALID_REQUEST not NO_DEFAULT_ENDPOINT This is the right status to return. 2010-08-25 Frédéric Péters Fixed underlining of title 2010-08-05 Benjamin Dauvergne [Core] fix change of enumeration value This change broke the API, revert it. 2010-07-27 Benjamin Dauvergne [Website] update download link on front page [Website] fix typos [Website] fix source and download links The source repository is now the git repository on dev.entrouvert.org. Latest source release is 2.3.0. And git browser is included in our redmine. 2010-07-27 Benjamin Dauvergne [Website] change position of Download block in right bar [Website] in convert-to-static.py, work around errors in build logs If Build() constructor fails, keep going. 2010-07-27 Benjamin Dauvergne [Website] fix wrong structure for the news file about release 2.3.0 [Website] import convert-to-static.py modification from lupin [Website] add news file aboute release 2.3.0 2010-07-22 Benjamin Dauvergne [Website] fix non escaped ampersand 2010-07-21 Benjamin Dauvergne [Release] update libtool version [Website] update download links [Release] Update version number from 2.3 to 2.3.0 [Release] update release date in NEWS file [Release] update ChangeLog [Release] Lasso 2.3 - update the NEWS file - add abi-2.3 file - update DOAP files - update lasso website template - add temporary message to download pages, as there are no download links currently. [Core] add logos to EXTRA_DIST [Core] add HACKING to EXTRA_DIST [Documentation] add missing declaration to lasso-sections.txt [Tests] change the way tests data is distributed Instead of using a Makefile.am in each data directory, each data directoy has been added to the EXTRA_DIST for the parent directory Makefile.am. [Core] remove now useless .cvsignore files [Core] remove now useless .cvsignore files [Binding perl] move DISCLEANFILES and CLEANFILES outside of the condition clauses [Tests] move sourceid-2.0beta-data to data directory [Core] move format-suppressions.py to tools directory [Core] add README.JAVA and README.WIN32 files to EXTRA_DIST [Core] complete README.JAVA about later release of gcj [Core] add lasso.doap to EXTRA_DIST [Core] add errors.c to EXTRA_DIST [Core] remove unused build-strerror.pl [Doc] move style.css to the reference directory, and add it to EXTRA_DIST [Bindings] improve cleaning and distribution buiding [Tests java] remove Test.java Local test file wrongly commited. [Makefile] add abi to EXTRA_DIST [Binding perl] add DISTCLEANFILES for Makefile.perl.old file [Tests] remove debugging printf [Tests] change the way tests data is distributed Instead of using a Makefile.am in each data directory, each data directoy has been added to the EXTRA_DIST for the parent directory Makefile.am. 2010-07-20 Benjamin Dauvergne [Tests] adapt java unit tests to new semantic for list fields GList fields now return an empty list, not null. 2010-07-20 Benjamin Dauvergne [SAMLv2] simplify logic for handling AuthnResponse with binding HTTP-Post The logic is now simpler: - first lasso_saml20_profile_process_any_response check the signature on the message - then lasso_saml20_login_process_response_status_and_assertion traverse all the assertions: - if the message is signed all assertion from the same issuer are automatically accepted, - if the message is not signed, or the signature validation failed, or the assertion has a different issuer than the message, we check the signature directly on the assertion. If any of the assertions fails the signature check, the result will be LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE. The public field profile->signature_status will contain only the message level signature status, each assertion signature status is not accessible. That will change when signature and key handling is reworked. 2010-07-20 Benjamin Dauvergne [Binding perl] fix broken distclean-local target The TOCOPY files need to be cleaned only for out of source directory builds. 2010-07-19 Benjamin Dauvergne [SAMLv2] comment on SessionIndex support hack [SAMLv2] remove empty files, wrongly committed 2010-07-19 Benjamin Dauvergne [SAMLv2/SSO] when processing AuthnResponse with binding HTTP-Post only the assertion need to be signed If the message is signed, the assertion is also covered, but if only the assertion is signed, there is no error to report. If the caller ask for forcing the validation of message signature, then we report an error. This commit also add checking for the binding used, if it is not HTTP-Post lasso_login_process_authn_response_msg will now report an error. 2010-07-16 Benjamin Dauvergne [Binding java] return empty list for NULL GList value, not null [ID-FFv1.2] add missing namespace declarations 2010-07-16 Benjamin Dauvergne [SAMLv2] add support for encrypted private keys * support private key with new internal API in signature setting methods Plug lasso_node_set_signature into lasso_profile_saml20_setup_message_signature and lasso_server_saml2_assertion_setup_signature. * also use lasso_node_get_signature in has_signature * add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch cases For AuthnResponse checking the semantic is now that if HINT_FORCE is used we verify message signature *and* assertion signature. If HINT_MAYBE is used we check the assertion signature if its issuer differs from the message issuer. 2010-07-16 Benjamin Dauvergne [ID-FFv1.2] move all user of lasso_node_export_to_query to lasso_node_export_to_query_with_password [Core] Change lasso_apply_signature to use quark stored annotated signature parameters The node containing signature do not handle the private keys passwords. As the fields for signature parameters are part of the public ABI we cannot add the password field to the public structure for those nodes. Instead we use the new quark annotation accessed through lasso_node_get/set_signature, and if the sign_type parameter is non-NULL we use it instead of the parameters stored in the public structure. This is a gross hack :( but at least it is documented. [Core] add password parameter to lasso_sign_node [Code] add a lasso_node_export_to_query_with_password method [Core] add a password parameter to lasso_query_sign We force use of the password through a custom OpenSSL password callback. [Core] dump custom signature parameters in lasso dumps The signature parameters are serialized as global attributes from the http://lasso.entrouvert.org/lasso/namespaces/0.0 named: SignatureType SignatureMethod PrivateKey PrivateKeyPassword Certificate [Tests/python] add test case for WebSSO with providers using encrypted keys [Core] add lasso_node_set_signature and lasso_node_get_signature Those two methods allows to associate signature parameters to any node. They keep it inside the CustomElement quark. Using a private structure may be more performant. 2010-07-12 Benjamin Dauvergne [Core] extract signature adding into base class method lasso_node_get_xmlNode In order to permit subclass to modify the base xmlNode created by lasso_node_impl_get_xmlNode we must defer the concrete to the virtual method wrapper, lasso_node_get_xmlNode. To do that it whas needed to make id_attribute another virtual field of LassoNode subclasses (it can be accessed through an offset registered in the class object). This commit solves signature validation error since the patch for managing more than one SessionIndex element in samlp2:LogoutRequest. It also factorize the creation of signatures in one place. 2010-07-12 Benjamin Dauvergne [SAMLv2] if service provider supports logout, add a SessionIndex from the assertion ID The standard mandate to provide a SessionIndex to service provider advertaising their support of the logout profile. We follow the convention of using the assertion ID as a SessionIndex. [Tests] add a sso then slo soap test [Core] lasso_check_version does not return a proper error code lasso_check_version returns 0, 1 or -1 and one is not a proper error code, so the original int return type is kept. [Bindings] make is_rc only check for lasso_error_t type [Bindings php5] simplify is_object in php_code.py [Core] change return type of all error returning methods The new return type is lasso_error_t, it should allow to pinpoint easily methods returning an error code in bindings. [Bindings java] use is_int instead of custom methods or code [Bindings perl] add lasso_errot_t to type to map to T_IV typemap (integer types) [Bindings] add lasso_error_t to return code types [Binding java] use is_rc to match error return type [Binding php5] use is_rc to match error return type [Core] add lasso_error_t to list of integer types [Core] add a lasso_error_t typedef This typedef will serve to mark error returning methods. The ctypes.h header piggyback on export.h to be included in all public headers. 2010-07-05 Benjamin Dauvergne [Provider] Fix loading of provider without a public key This commit also emit propre warning when loading fails for a provider *with* a public key. [Python binding] do not throw lasso.Error for python exceptions 2010-06-29 Benjamin Dauvergne [Perl binding] make include from $(srcdir) works in Perl binding [Bindings] accept simple string in string<->xmlNode converter Some use case ask for passing simple libxml content node (i.e just an UTF-8 string) when a method argument or a field of the xmlNode* type. This commit add a static method in bindings/utils.c named lasso_string_fragment_to_xmlnode which does this transform by trying to parse an XML document then by trying to parse a well balanced XML fragment of only one node (if there is more than one node such as in the string " xxx yyy ", we free the node list and return NULL). [Core] add macro to release an xmlNodeList object [ID-WSF2] add idwsf2 test script to test suite Re-activate ID-WSF 2.0 test script. Fix problem with provider issuing assertion role. Need to be fixed more generally in the future. [Core] add macro to release GList of xmlNodeList [Core] add macros to manipulate xmlNodeList and GList of xmlNodeList The method to copy them is xmlCopyNodeList and not xmlCopyNode, so we need another set of macros. Merge branch 'issue-101' Merge branch 'issue-88' Merge branch 'issue-86' 2010-06-18 Benjamin Dauvergne [Tests/integration] add G_DEBUG=gc-friendly env. var to valgrind-wrapper It should improve valgrind ability to trace memory origin. 2010-06-17 Benjamin Dauvergne [XML] in lasso_node_export_to_paos_request check return value of lasso_node_get_xmlNode [XML] in _lasso_node_export_to_base64 check return value of lasso_node_export_to_xml [XML] in _lasso_node_export_to_xml check return value of lasso_node_get_xmlNode 2010-06-15 Benjamin Dauvergne Comment out custom silent rules if automake < 1.11 [Core] do not ignore keep_xmlnode flag inherited from parent classes We only looked to the keep_xmlnode flag in the node data of the top level class, but any parent class can set this flag and in this case we must honor it too. 2010-06-14 Benjamin Dauvergne Test: add non regression test for reloading a server dump with encrypted keys 2010-06-14 Benjamin Dauvergne Core: when reloading a dump, use the signing private key password for loading the encryption private key We currently do not store the encryption private key, instead on reload of a dump, we try to use the signing private key as the encryption private key. But we forgot to use the stored private key password. That's now fixed. Next step would be to keep the encryption private key around also. 2010-06-14 Benjamin Dauvergne Binding python: fix freeing of list return values for methods with the transfer full flag The output 'print' were missing, oups :( 2010-06-12 Benjamin Dauvergne Binding python: find a work around for random behaviour of PyImport_ImportModule * it seems that PyImport_ImportModule is not deterministic. Sometimes it returns True for modules which we know are present ('logging'). Importing 'sys' first seems to make 'logging' accessible (complete cargo cult programming). Core: move logging function and macros to their own module, adapt perl binding Core: move lasso_strerror declaration to errors.h add .gitignore file Tools: add check-makefile.sh script to tools add abi file for 2.2.91 Tests: add idp6-saml2 data Test: add python test for attribute requesting * What's tested: - request initialization - adding attribute designators - building the request message - processing the request message - accepting the request - adding assertion with attributes - signing the assertion - building the response - parsing the response SAMLv2: rename lasso_saml2_name_id_build_persistent to lasso_saml2_name_id_new_with_persistent_format * keep the old one for compatibility * new one will be picked by bindings as a constructor SAMLv2: when initializing signture on assertion, setup an ID if there is none * without the ID lasso refuse to sign (it's mandatory) SAMLv2: in lasso_assertion_query_build_request_msg setup nameid * lasso_profile_get_nameIdentifier does not return profile->nameIdentifier , so we first try to use profile->nameIdentifier and if it is NULL we use lasso_profile_get_nameIdentifier. Binding python: fix bad refcounting in get_logger and lasso_python_log 2010-06-10 Benjamin Dauvergne Core: update lasso_iso_8601_gmt_to_time_t to support milliseconds * We now support the two possible formats for xsdtime XSchema datatype: - dddd-dd-ddTdd:dd:ddZ - dddd-dd-ddTdd:dd:dd.d*Z Where d denotes a digit, and * is the kleene star. XSD datetime also supports negative years, but as we cannot represent them with time_t, we can reject it at the lexical level. 2010-06-10 Benjamin Dauvergne Documentation: add new AssertionQuery methods to documentation Tests: new python test for setEncryptionPrivateKeyWithPassword Fix long lines in lasso/id-ff/server.c Core: add method lasso_server_set_encryption_private_key_with_password * fixes #91. SAMLv2: add new methods to class LassoAssertionQuery * lasso_assertion_query_add_attribute_request: helper to setup request attribute for AttributeQuery messages. * lasso_assertion_query_get_request_type: method to find the type of the last received query. * fixes #90 SAMLv2: fix initialization of subject in lasso_assertion_query_build_request_msg Import tools in utils.h Fix collision between defined symbols in tools.h and private.h Binding python: if lasso.logger exists use it for logging * There is now two paths to get a logger in the python binding: - first try to get an objet from lasso.logger - if it doesn't exist or is None, the try logging.getLogger('lasso') 2010-06-09 Benjamin Dauvergne Change all logging to use message() Core: in xml error message handler, escape messages to fit on one line Core: remove arrow in log messages Binding python: call lasso_init() first in init_lasso() Binding python: add GLog handler to redirect logs to Python logger named "lasso" * fixes #20 Utils: add function to extract/create node in lists * lasso_extract_gtype_from_list_or_new will help for method with create or extend nodes in lists. 2010-06-09 Frederic Peters Add new lasso_log_set_handler and lasso_log_remove_handler functions They are modeled around the g_log... functions of GLib, they just don't have a domain parameter. 2010-06-06 Benjamin Dauvergne Binding perl: fix test so that it does not raise on add_provider Bindings: keep retro compatibility for member field names * Special kludge price go to PHP: methods name are insensitive so nothing to do here, BUT, if you use getters/setters then your objects fields can be case insensitive too ;-) (DNS, dns, DnS, dNs all maps to get_dns ). Bindings: fix camelcasing of id fields SAMLv2: make role checking inactive for LassoServer * LassoServer have no role defined, so checking breaks loading of metadata for LassoServer. ID-FFv1.2: for idp initiated sso accept any nameIdPolicy * IdP initiated SSO can be of any kind, no need to limit it. 2010-06-04 Benjamin Dauvergne SAML 2.0: add checks for proper loading of role descriptors * remove warning for descriptors supporting non SAML 2.0 protocols * checks that at least one descriptor was loaded and that it was for our assigned role. SAMLv2: fix error in naming of function in the documentation 2010-05-31 Benjamin Dauvergne SAMLv2: remove HTTP-Redirect as right binding for AssertionConsumer SAMLv2: fix bug giving UnuspportedProfile for SingleSignOn with HTTP-POST * The string constant in lasso_saml20_provider_accept_http_method was HTTP-Post instead of HTTP-POST. Core: fix extraction of relaystate when URLs contains only one kind of separators Integration test: adapt to new behaviour for federation termination SAMLv2: simplify lasso_saml20_provider_accept_http_method by only checking for remote provider support * Whatever we do, with asyncrhonous bindings the remote provider can return the response with any asynchronous binding. SAML 2.0: in lasso_login_build_assertion set conditions time limit, no SubjectConfirmationData limits SAML 2.0: in lasso_login_build_assertion do not conflate sessionNotOnOrAfter with assertion condition notOnOrAfter 2010-05-11 Benjamin Dauvergne Website: add quicklinks for download links Change VCS viewer link to point toward the redmine browser SAMLv2: conflate Responder and Requester when checking second level status code * lasso/saml-2.0/login.c: I'm not sure that most IdP really make the semantic distinction between those two first level status codes, so just conflate them. SAMLv2: remove warning message for invalid signature on AuthnResponse messages * lasso/saml-2.0/login.c: we already return an error, no need to clutter the output with warning messages. 2010-05-04 Benjamin Dauvergne Website: add a link to a tarball of the documentation extracted from the SVN 2010-05-01 Benjamin Dauvergne SAML 2.0 Helper: add lasso_saml2_assertion_set_one_time_use Fix bad initialization of an rc field from revision 4837 Change

tags to Add a lasso_profile_get_signature_status method 2010-04-30 Benjamin Dauvergne Initialize all uninitialized rc variables Test: only test custom namespace if ID-WSF is enabled 2010-04-28 Benjamin Dauvergne in lasso_idwsf2_data_service_build_response_msg, allows SOAPFault as responses Fix uninitialized local variable in lasso_session_count_assertions, do not emit warning if session is not an object SAML 2.0: always restart initial request processing in lasso_logout_build_response_msg * Does it also in process_response_msg if no more assertions are present. * Take into account that lasso_saml20_profile_process_any_response already check for the status code, and so specify finer error code in the cleanup code. SAML 2.0: fix lasso_saml20_provider_get_first_http_method * LassoServer object can have many roles, use the default role of the remote provider to decide on which to assume. SAML 2.0 Logout: in init_request, remove the assertion anyway * lasso/saml-2.0/logout.c: when initiating a logout, if no problem is found, remove the assertion. you can always continue by changing profile->http_request_method to SOAP for example and redo a build_request_msg. SAML 2.0: lasso_saml20_profile_process_any_response_msg, change status code checking 2010-04-22 Benjamin Dauvergne SAML 2.0: lasso_logout_build_response_msg, just verify there is saved data from a previous request before switching them * lasso/saml-2.0/logout.c: There is no need to check what the previous remote provider ID was, just that initial_remote_providerID is not NULL in order to switch request, response and remote_providerID. Fix wrong change g_free -> lasso_release inside example code Provider: fix problem when reusing the same lists nodes in Descriptors Improve safety by replacing all g_hash_table_destroy use by lasso_release_ghashtable Improve safety by replacing all g_list_free use by lasso_release_list Improve safety by replacing all g_string_free use by lasso_release_gstring Improve safety by replacing all g_free use by lasso_release Start an example listing for an IdP SingleSignOn endpoint Free xmlSecKey Fix potential SEGFAULT in _lasso_node_free_custom_element Utils: add lasso_assign_list Add lasso_release_gstring Utils: add lasso_release_ghashtable SAML 2.0 Profile: remove unused must_sign variable First try to check that objects are fully functionals before proceeding Fix potential SEGFAULT of an unknown provider 2010-04-20 Benjamin Dauvergne SAML 2.0: in lasso_saml20_process_federation, only handle the case of PERSISTENT format * lasso/saml-2.0/login.c: in lasso_saml20_process_federation: - if no name id format can be found by the request, use the default from the metadata file (first declared NameIDFormat) - instead of checking if format is TRANSIENT, check if it is PERSISTENT, and proceed with the federation, if not just return 0. - return LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER instead of LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND. - in any case, check for consent. SAML 2.0: in lasso_saml20_login_validate_request, do not check signature if not necessary SAML 2.0: find binding when only AssertionConsumerServiceURL is set, do not check signature on request if asked SAML 2.0: add internal method to retrieve the binding for an URL Login: add internal function _lasso_login_must_verify_*signature 2010-04-19 Benjamin Dauvergne Login: remove symbol markers in example code Fix documentation problems 2010-04-16 Benjamin Dauvergne Ameliorate support for lasso_profile_set_signature_verify_hint * lasso/id-ff/profile.h: - add end symbol for enum LassoProfileSignatureVerifyHint * lasso/id-ff/profile.c: - fix documentation of lasso_profile_set_signature_verify_hint - do not allow to set or return invalid value for the signature_verify_hint attribute. * lasso/saml-2.0/login.c: - handle new enum value * lasso/saml-2.0/profile.c: - handle new enum value - fix missing catch of signature error reporting when signature_verify_hint is IGNORE. * docs/reference/lasso/lasso-sections.txt: - export enums LassoProfileSignatureHint and LassoProfileSignatureVerifyHint * tests/metadata_tests.c: - fix test of all Role enumerations 2010-04-06 Benjamin Dauvergne Revert "Core: add XML schemas for SAML 2.0" This reverts commit 5250c2c89e3983189a3c52cd85ad221ff7b6f64b. SAML 2.0: add Destination attribute to requests * lasso/saml-2.0/profile.c: this change make Lasso respect paragraphs 3.4.5.2 (HTTP-Redirect binding securit considerations ) and 3.5.5.2 (the same for HTTP-Post) of the saml-bindings-2.0-os.pdf document, and should allow our Authn Requests to be accepted by shiboleth IdP. Tools: add usage statement to check-lasso-sections.py Docs: add/remove symbols from lasso-sections.txt ID-WSF 2.0 DST: make lasso_idwsf2_data_service_set_status_code works event if no response is initialized Tests: add tests for custom namespace functions ID-FF 1.2 & SAML 2.0: factorize access to role prefix Tests: make role descriptor loading test less verbose * tests/metadata_tests.c: remove printf, add checks Tests: show actual value in check_equals test macro XML: add custom namespace definition handling SAML 2.0: fix default assertion consumer handling when isDefault is missing * if no default_assertion_consumer value is set after traversing the list of endpoint, try to find the first one without isDefault="false" and finally take the first one. SAML 2.0: fix default assertion consumer handling * the default one is the first with the attribute isDefault not the last. Binding python tests: update idwsf1 to explicitely register PP10 HREF Binding python: update idwsf2 test for method change dst.initResponse -> validateRequest XML: do not register any DST namespace by default XML: add a SNIPPET_COLLECT_NAMESPACES snippet to DstRefResultQuery ID-WSF 2.0 Data Service: new accessor, fix use of build_unique_id, change init_response to validate_request Core: add a SNIPPET_COLLECT_NAMESPACE snippet type * lasso/xml/private.h lasso/xml/xml.c: add a new primary XmlSnippet type for collecting all namespace declaration, following parent relation on current node or one of the child nodes. Binding python: fix use of raise_on_rc, simplift Node.__setstate__ Revert "Make lasso_node_get_xmlNode return original_xmlnode if there is one" This reverts commit dfd8f21ab27d2b25a67a52aadd9d4cdce20ebda5. Binding python: for empty GList return empty tuples, not None Docs: remove from documentation comments characters outside ASCII for python bindings Fix return path in lasso_saml20_process_any_response for signatures checking fix documentation of lasso_node_debug Make lasso_node_get_xmlNode return original_xmlnode if there is one * lasso/xml/xml.c: this change allow session to contain exact copy of received assertion (and not the one lacking signatures) and also to put those assertions directly into message, for example as ID-WSF credentials. But it could have side effect, so for now I will no merge it. 2010-03-27 Benjamin Dauvergne update documentation of lasso_login_build_authn_response_msg update documentation of lasso_login_build_authn_request_msg improve documentation of lasso_login_build_artifact_msg use lasso_release_gobject in lasso_login_destroy update lasso_login_accept_sso documentation ID-FF&SAML2: complete documentation of lasso_login_build_assertion Make multiple include loading work in lasso/backward_comp.h * lasso/backward_comp.h add missing BACKWARD_COMP_H define. Binding python: fix test file SAML 2.0&ID-FF 1.2: simplify and complete metadata loading for multi-role support Core: add XML schemas for SAML 2.0 Doc: add all missing methods to documentation section file * add missing LASSO_EXPORT too for functions already present in the documentation, but not exported previously. Tools: add script to check for missing functions in lasso-sections.txt XML: in lasso_node_build_xmlNode_from_snippets only set child name if SNIPPET is not of ANY type Core: add lasso_set_string_from_prop(char**,xmlNode*,..) function Core: add method to check whether we are IdP or SP of another provider * lasso/id-ff/profile.{c,h}: the method lasso_profile_sso_role_with, evaluate using the current LassoIdentity content if we are in a relation of IdP or SP toward another provider. This is based on the existence of a federation with this provider. SAML 2.0: add attribute profiles strings SAML 2.0: add support for attribute, authentication and authorization authorities metadata * server.c,serverprivate.h: add new private method lasso_server_get_firs_providerID_by_role(server, role)w * defederation.c: use new private method lasso_server_get_first_providerID_by_role for find providerID when the argument remote_providerID is null in lasso_defederation_init_notification. * lasso/id-ff/login.c (lasso_login_init_authn_request): use new private method lasso_server_get_first_providerID_by_role. * provider.h: add thre new provider role (authn,pdp,attribute) and four new services (authn,assertionid,attribute,authz) and also a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for array sizing. * provider.h: add a LAST member to LassoMdProtocolType enum. * providerprivate.h,provider.c: - removes separate hashtable for descriptors depending on provider role, use only one table named Descriptors. - use the LAST members of enumerations to dimention static string arrays. * provider.h: add a LAST member to the e XML: add support for setting attribute in any namespace using element tree syntax Support SignatureVerifyHint in SAML 2.0 SSO profile and common message handling Add signature_verify_hint accessor methods to LassoProfile * lasso/id-ff/profile.{c,h}: add a LassoProfileSignatureVerifyHint enumeration and two accessor methods: - lasso_profile_get_signature_verify_hint - lasso_profile_set_signature_verify_hint * lasso/id-ff/profileprivate.h: add private field signature_verify_hint. Bindings: fix parsing of camelcased ident (Samlp2IDPList -> samlp2,idp,list) Binding python: fix problem of classes without an initializer Tests: add macros to test for string equality Tests: in SAML 2.0 tests, use more check_ macros Tests: add macros check_equals and check_not_equals Core: change GObjectAnnotation of lasso_node_export_to_query to state that private_key_file is optional SAML 2.0 XML: add header listing strings from XML schema 2010-03-08 Benjamin Dauvergne SAML 2.0: fix uninitialized variable ID-WSF 1.0: fix bad header name in all inclusive header lasso/id-wsf/id_wsf.h 2010-03-02 Benjamin Dauvergne Binding PHP5 tests: fix assertion dump test XML: move registry mapping into the *_get_type() functions * lassoxml/disco_send_single_logout.c: * lassoxml/id-wsf-2.0/sb2_user_interaction_header.c: * lassoxml/id-wsf-2.0/subsref_app_data.c: * lassoxml/lib_assertion.c: * lassoxml/saml-2.0/saml2_condition_abstract.c: * lassoxml/saml-2.0/saml2_encrypted_element.c: * lassoxml/ws/wsa_attributed_uri.c: * lassoxml/ws/wsa_endpoint_reference.c: class_init is only called the first time an object of the given type is created, registry mappings must exist before this time, so I moved the registration code to the _get_type() functions. Core: add a level argument to lasso_node_debug ID-WSF 2.0: add lasso_soap_envelope_set_relates_to method Core: add macro to remove gobject from lists 2010-03-02 Benjamin Dauvergne Core: export lasso_build_unique_id into public API * lasso/xml/tools.h: add new header to export lasso_build_unique_id as a public API. * lasso/xml/Makefile.am: add tools.h to header list * lasso/xml/tools.c: add GObjectIntrospection annotations to exported functions. 2010-03-02 Benjamin Dauvergne SAML 2.0: change error code for empty ArtifactResolve response to LASSO_PROFILE_ERROR_MISSING_RESPONSE Bindings java: do not mask errors from the code generator Core: add an helper method to build a SOAP response in a LassoProfile object * lasso/id-ff/profile.{c,h}: add lasso_profile_add_soap_fault_response(char* code, char *string, GList *details). * lasso/id-wsf-2.0/profile.{c,h}: change signature of lasso_idwsf2_profile_init_soap_fault_response. * lasso/id-wsf-2.0/data_service.c: use new function instead of manually intializing soap faults * lasso/id-wsf-2.0/discovery.c: init a soap fault when parsed request is of an unknown type, return proper error. ID-WSF 2.0 python tests: finish tests for new ID-WSF 2.0 API * bindings/python/tests/idwsf2_tests.py: all Discovery service request types are tested, and Data Service query is tested as well. Data Service testing and API should more tested, especially failure cases. ID-WSF 2.0: add service type to response, parse response before using it Core: in xml_insure_namespace do not segfault if ns is NULL Binding python: accept a functio as setter, if it has only two arguments ID-WSF 2.0: in lasso_idwsf2_get_name_identifier, use lasso_saml2_assertion_decrypt_subject ID-WSF 2.0: in lasso_idwsf2_profile_check_security_mechanism, add common logic for SAML 2.0 secmech, check for presence of a server object, ID-WSF 2.0: fix MDAssociationQueryResponse handling * lasso/id-wsf-2.0/discovery.c: - in lasso_idwsf2_discovery_validate_request, use svcmdids to intialize response to MSAssociationQuery requests. - in lasso_idwsf2_discovery_process_response_msg, extract received svcmdids; use lasso_check_good_rc when needed. ID-WSF 2.0: change signature of lasso_idwsf2_discovery_add_identity_to_epr * lasso/id-wsf-2.0/discovery.c: - in lasso_idwsf2_discovery_add_identity_to_epr, receive an Epr instead of an EprMetadata node, and use lasso_wsa_endpoint_reference_add_security_token to add the assertion token instead of duplicating this logic. - in lasso_idwsf2_discovery_build_epr change the call site. ID-WSF 2.0: fix documentation of lasso_idwsf2_data_service_build_request_msg SAML 2.0: in lasso_saml2_assertion_get_issuer_provider, check type of server argument Core: add do/while(0) around block of goto_cleanup_with_rc Core: add PROFILE errors around assertion validation * lasso/errors.c lasso/errors.h: - add errors concerning invalid assertion, assertion with invalid conditions, unknown issuers, or when the issuer is not a provider we marked as an IdP. - add error for missing sender id in an ID-WSF message. Core: add a level argument to lasso_xmlnode_to_string and _lasso_node_export_to_xml 2010-02-22 Benjamin Dauvergne Binding perl: add support for out parameters * bindings/perl/lang.py: support GObject out parameters. SAML 2.0: LassoSaml2ConditionAbstract does not match its element name anymore, add a registry mapping * lasso/xml/saml-2.0/saml2_condition_abstract.c: last commit to this file changed the element name from ConditionAbstract to Condition so the XML parser cannot find the corresponding GObject class anymore. SAML 2.0: add more accessors for Conditions * lasso/saml-2.0/saml2_helper.{c,h}: distribute code from lasso_saml2_assertion_validate_conditions to lasso_saml2_assertion_validate_time_checks and lasso_saml2_assertion_validate_audience. add lasso_saml2_assertion_allows_proxying and lasso_saml2_assertion_allows_proxying_to, to respectively check for proxying of the current assertion, and for proxying to a specific provider (you must call both of them to test completely the proxying status of an assertion). * docs/reference/lasso/lasso-sections.txt: reference new functions into documentation. Bindings python: use more accessors from utils.py * binings/python/lang.py: remove direct access to type tuples in favor of using accesors from utils.py. Bindings: make is_int more robust, and fix remove_modifiers Bindings php5: use accessort from bindings/utils.py * bindings/php5/wrapper_source.py: do not handle 'type/variable' tuple directly, use accessors. Binding python: add pickling support to LassoNode * bindings/python/lang.py: support pickling protocol methods __getstate__ and __setstate__ leveraging the lasso_node_dump and lasso_node_new_from_dump methods from Lasso. Add lasso_string_to_xsd_integer, to parse xsd:integer values SAML 2.0: fix bad name of Condition element, keep xmlNode as it is abstract * lasso/xml/saml-2.0/saml2_condition_abstract.c: saml2:Condition is an element whose type is abstract, it must be used as an extension point helped by the xsi:type field. As the content is unknown before hand we must keep the original xmlNode for later analysis. Bindings python tests: update idwsf2_tests.py Bindings: in utils.py, make clean_type handle None value ID-WSF 2.0: reorganize EPR minting, add a process_request method to disco service * data_service.c: remove dependency on discovery.h * discovery.{c,h}: - add a lasso_idwsf2_discovery_process_request_msg to extract request data before validate request (SvcMDID, SvcMD or RequestService). - store SvcMDID in a private field, add a setter for it. - SvcMDID is now used for building response to MDAssociationQuery and parsing request for MDQuery, MDDelete, MDAssociationAdd and MDAssociationDelete. * idwsf2_helper.{c,h}: - change security mechanism argument of lasso_wsa_endpoint_reference_add_security_token from a NULL terminated string array to a GList. * saml2_login.{c,h}: - add a lasso_server_create_assertion_as_idwsf2_security_token for minting assertion for ID-WSF 2.0 security, to be used in Discovery bootstap EPR creation and EPR minting for Discovery service Query responses. - add a lasso_saml2_assertion_get_discovery_bootstrap_epr, and rewirte lasso_login_idwsf2_get_discovery_bootstrap_epr to use it. - make lasso_login_idwsf2_add_discovery_bootstrap_epr accept a list of security mechanisms, not just one. * tests/idwsf2_tests.c: - adapt to new argument type of lasso_login_idwsf2_add_discovery_bootstrap_epr. Core: add new example to LassoLogout for asynchronous response handling Support multiline error messages in build_strerror.py SAML 2.0: add lasso_saml2_encrypted_element_server_decrypt and lasso_saml2_assertion_decrypt_subject Fix idp5-saml2 metadatas * tests/data/idp5-saml2/metadata.xml: we do not have the private key for the encryption public key, so I copied the signing public key. Fix lasso_extract_gobject_from_list 2010-02-21 Mikael Ates 2010-02-17 Benjamin Dauvergne Documentation: add example to LassoLogout, fix bad markup in id-wsf-2.0/profile.c ID-WSF 2.0: also check sender match assertion in lasso_idwsf2_profile_check_security_mechanism * lasso/id-wsf-2.0/profile.c: for BEARER mechanism, also check that the SPNameQualifier of the Subject match the Sender of the request. ID-WSF 2.0: add lasso_idwsf2_discovery_get_svcmdids to public API Tests integration: force C locale * tests/integration/saml2/__init__.py: authentic now use 'system locale' by default, so force C locale to get english IHM string to make twill happy. SAML 2.0: if assertion possess a signed original_xmlnode return it instead of using get_xmlNode * lasso/xml/saml-2.0/saml2_assertion.c: assertion in lasso when read are not usable anymore because the signature is lost, this commit allows to keep assertion unaltered after reading them if they contained a top level signature (a signature contained in the Assertion node). This is useful for reusing assertion kept in a LassoSession object and for using assertion as security token for ID-WSF. Core: use lasso_xmlnode_to_string in LassoNode export functions * lasso/xml/xml.c: remove duplicate codes and use lasso_xmlnode_to_string instead. Current state of ID-WSF 2.0 python test Binding php5: fix generation of list freeing * bindings/php5/wrapper_source.py: free_glist wants a GList** as first argument. Core: add a lasso_xmlnode_to_string function * lasso/xml/tools.c lasso/xml/private.h: lots of functions duplicate this code, so we factorized it there. It has two parameters, the xmlnode and boolean deciding whether to format the resulting content (good for reading but bad for signatures). SAML 2.0: in lasso_saml20_profile_set_session_from_dump_decrypt, really decrypt * lasso/saml-2.0/profile.c: dump for already signed assertion containing an EncryptedID as Subject does not work as before, the decrypted NameID is no more included in it, so instead of trying to plug it in the NameID field we resort to really deciphering the EncryptedID. That could be a performance problem if the session object is stuffed with a lot of assertions. Current state of idwsf2 tests ID-WSF 2.0: fix loading of LassoIdWsf2Discovery dumps Core: add error exit to lasso_node_new_from_xmlNode * lasso/xml/xml.c: if building of the node fails, we must keep the initialization of custom nodename and namespace. Binding python: simplify special constructor, use cptrToPy ID-WSF 2.0: make lasso_idwsf2_profile_redirect_user_for_interaction add the transactionID to the URL * lasso/id-wsf-2.0/profile.c: simplify use of lasso_idwsf2_profile_redirect_user_for_interaction by directly adding the ID of the SOAP response message to the URL. Report an error if no MessageID can be found. ID-WSF 2.0: rewrite and document lasso_soap_envelope_sb2_get_redirect_request_url * lasso/id-wsf-2.0/soap_binding.{c,h}: fix error in conception of lasso_soap_envelope_sb2_get_redirect_request_url, RedirectRequest is part of a SOAP fault not the headers. Explain in the documentation how to use the RedirectRequest URL. Change the return type to a const string. ID-WSF 2.0: add a method to retrieve/create a SOAP Fault to SOAP binding module * lasso/id-wsf-2.0/soap_binding.{c,h}: add method lasso_soap_envelope_get_soap_fault which returns/create the first SOAP fault inside the body of the SOAP envelope. Binding python tests: adapt test to use TOP_SRCDIR env var Binding python: factorize value freeing generation code * lasso/python/lang.py: extract value freeing generation code to method free_value, add proper liberation of values at exit of wrapper functions, remove g_free call from return_value generated code. Core: add missing return value owner semantic annotations to getters * lasso/id-ff/provider.c: fix lasso_provider_get_base64_succinct_id, it returned a libxml string, copy it with g_strdup before releasing it to stay with GLib allocated string in return values. Core: add annotation to getter function about return value owner semantic * lasso/id-ff/identity.c lasso/id-ff/profile.c: precise owner semantic of lasso_profile_get_identity, lasso_profile_get_session, lasso_profile_get_server * lasso/id-wsf-2.0/saml2_login.c tests/login_tests_saml2.c: in the same vein add missing release of assertion returned by lasso_login_get_assertion which return a caller owned object. ID-WSF 2.0: make lasso_idwsf2_profile_redirect_user_for_interaction choke on missing redirect property on UserInteraction header * lasso/id-wsf-2.0/profile.c: if redirect boolean property is false, refuse to return a redirect request. automatically create a SOAP fault to signal to the requester that it needs to support interaction via redirect. ID-WSF 2.0: add error code signaling that the requester does not support redirect request * lasso/errors.c lasso/errors.h: add LASSO_WSF_PROFILE_ERROR_REDIRECT_REQUEST_UNSUPPORTED_BY_REQUESTER. ID-WSF 2.0: add a create arg to lasso_soap_envelope_get_sb2_user_interaction_header, add it to public API ID-WSF 2.0: fix lots of bad usage of g_strcmp0 * lasso/id-wsf-2.0/idwsf2_helper.c lasso/id-wsf-2.0/soap_binding.c lasso/id-wsf/data_service.: add missing check for the return value of strcmp, maybe we need a macro like lasso_strequal. Tests: in login_tests_saml2.c, add test for lasso_saml2_assertion_validate_conditions in idwsf2_tests.py, merge test case for metadata registering, add test case for failure Bindings: parse defines refering to other defines * bindings/bindings.py: Allow to build constants using other constants (prefix string), the constant type is retrieved from the prefix existing record. in tools.c, add defines to permit import of timegm SAML 2.0: make lasso_saml2_assertion_validate_conditions really work Core: fix lasso_iso_8601_gmt_to_time_t, use timegm instead of mktime * lasso/xml/tools.c: mktime convert works on local time, we need timegm to work with GMT time. ID-WSF 2.0: add strings for Discovery service Actions ID-WSF 2.0: add serialization code for private properties of LassoIdWsf2Profile ID-WSF 2.0: fix missing initialization of request field in lasso_idwsf2_discovery_validate_md_register ID-WSF 2.0 Documentation: update lasso-sections.txt with LassoIdWsf2Profile methods ID-WSF 2.0: fix lasso_idwsf2_discovery_add_simple_service_metadata * lasso/id-wsf-2.0/discovery.c: options is a string list, and security_mech_ids too, so employ the corresponding macros. Core: in utils.h, use a temporary to store reference to freed list ID-WSF 2.0: in lasso_idwsf2_discovery_status2rc, check second level status code too Website: add a link to the developement version documentation 2010-02-15 Benjamin Dauvergne Binding python: fix leak in string getters SAML 2.0: fix documentation of lasso_saml2_assertion_validate_conditions Add signature on EPR secur token Bindings python: udpate id-wsf 2.0 test file * bindings/python/tests/idwsf2_tests.py: Disco Service registering is working, it now needs a bootstrap epr in all case (before registering could be done without signatures). ID-WSF 2.0: add signature to Disco produced EPR SAML 2.0 security tokens ID-WSF 2.0: in lasso_idwsf2_profile_build_request_msg, properly handle the security token * lasso/id-wsf-2.0/profile.c: security token is a signed assertion by an IdP or a discovery service, we must keep as is, that is with the signature, in order to do that we extract the original xmlNode from the assertion and embed it in the new message using a LassoMiscTextNode. ID-WSF 2.0: in lasso_login_idwsf2_get_discovery_bootstrap_epr, better handle attribute content * lasso/id-wsf-2.0/saml2_login.c: LassoSaml2AttributeValue can contain many children, so traverse them all to find the firs LassoWsAddrEndpointReference among them. ID-WSF 2.0: in lasso_login_idwsf2_add_discovery_bootstrap_epr, initialize ID and Issuer property on bootstrap assertion. * lasso/id-wsf-2.0/saml2_login.c: initialization of ID and Issuer properties was missing. Core: in lasso_verify_signature, fix conditional about single reference * lasso/xml/toosl.c: verify that reference is unique if NO_SINGLE_REFERENCE is disabled. SAML 2.0: in saml2_helper.c, better check issuer element and also test the LassoServer object for issuance, lasso_saml2_assertion_get_issuer_provider ID-WSF 2.0: in lasso_wsa_endpoint_reference_new_for_idwsf2_service, do not forget to add metadata to epr, fill usage property of token * lasso/id-wsf-2.0/idwsf2_helper.c: add missing initialization code. ID-WSF 2.0: fix bad type checking in lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism * lasso/id-wsf-2.0/idwsf2_helper.c: SecurityMechID is a list of strings not LassoMiscTextNode. ID-WSF 2.0: fix bad conditionnal in lasso_idwsf2_discovery_process_metadata_register_response_msg * lasso/id-wsf-2.0/discovery.c: fix check in lasso_idwsf2_discovery_process_metadata_register_response_msg fix duplication of service metadatas inside private list of service metadatas. in server.c, fix missing loading of public keys in constructors * lasso/id-ff/server.c: constructor for LassoProvider load public keys but they are not called by LassoServer constructors, so we have to explicitely duplicate calls to lasso_provider_load_public_keys. ID-WSF 2.0: moved strings to their own header 2010-02-12 Benjamin Dauvergne Add saml2_strings.h to dist Bindings python: remove default argument if there is parameters without default argument following Use defined symbols instead of magic constants Add LASSO_SAML2_FIELD_ENCODING * lasso/xml/saml-2.0/saml2_strings.h: add another field name from SAML 2.0 specifications. Fix lasso_get_relaystate_from_query, support semi-colon and parameter at beginning * lasso/xml/tools.c: getting first parameter was broken (query_string does not contain '?' at the beginning) and semi-colon support was missing. 2010-02-10 Benjamin Dauvergne Documentation: fix typos in saml2_strings.h documentation, add new string symbols to lasso-sections.txt SAML 2.0: move SAML 2.0 strings to their own header, add documentation * lasso/xml/strings.h: remove SAML 2.0 strings * lasso/xml/saml-2.0/saml2_strings.h: move them here, document useful ones. Documentation: document LsasoSamlp2NameIDPolicy Documentation: complete non finished documentation comments * too much warnings when generating doc, now we can concentrate on undocumented symbols (in lasso/docs/reference/lasso/lasso-undocumented.txt). Bindings perl: prevent unused functio warning for array_to_glist_gobject Tests perl: raise number of tests Docs: reorder sections in chapter "Lasso Architecture" SAML 2.0: separate lasso_saml20_login_process_response_status_and_assertion into multiple functions * lasso/saml-2.0/login.c: in lasso_saml20_login_process_response_status_and_assertion, extract assertion decryption, and issuer checking into their own function. SAML 2.0: when verifying query signature, do not presume order of field and separator * lasso/xml/tools.c: in lasso_saml2_verify_query_signature, extract needed field and order them appropriately before computing digest, expect ';' as well as '&' as separator. * tests/random_test.c: add non-regression tests for query signature validation. * tests/Makefile.am: make tests link agains static version of liblasso, to get access to private functions. SAML 2.0: complete list of field names for SAML 2.0 Core: in tools.c, enhance urlencoded_to_string to support semu-colon separator SAML 2.0: add helper method lasso_saml2_assertion_get_in_response_to * lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h: add a method to access easily the InResponseTo attribute. SAML 2.0: in lasso_saml20_login_process_authn_response_msg always report signatures errors * lasso/saml-2.0/login.c: - in lasso_saml20_login_process_authn_response_msg keep around all error codes returned by intermediary steps. At the end report the first one. SAML 2.0: in lasso_saml20_profile_process_any_response do not stop on missing issuer * lasso/saml-2.0/profile.c: Issuer is not a mandatory element of SAML 2.0 response, but if we do not remember which issuer we sent the request (of if the response is spontaneous) then we will receive a provider not found error when trying to check the message signature. Use new SAML2 strings instead of hardcoding query string field names Add documentation about runtime flags * lasso/lasso.c: add a table to Initialization documentation section about general runtime flags. Remove follow-idwsf-stupid-semantic flag * lasso/lasso.c: this flag is useless, that's me that is stupid. Add internal methods to LassoServer to get the signature and encryption private keys * lasso/id-ff/server.c lasso/id-ff/serverprivate.h: add methods lasso_server_get_private_key and lasso_server_get_encryption_private_key. Add complete error code listing for lasso_login_process_response_msg * lasso/id-ff/login.c: list all error codes and their semantic with respect to this call. Update code example for LassoLogin * lasso/id-ff/login.c: add code for intializaing request for SAML 2.0, shows how to handler errors codes. 2010-02-10 Benjamin Dauvergne Add error codes, update error codes documentation, reduce changes in errors.c by ordering error codes * lasso/errors.h lasso/errors.c - add to report non schema conforming XML trees, decyrption failure due to missing private keys and invalid signatures on assertions. - update documentation of LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH, * lasso/build_strerror.py: before outputting switch cases, order error codes name lexically in order to reduce change lines when adding new error codes. 2010-02-10 Benjamin Dauvergne Add strings for SAML2 field names for POST, Redirect and Artifact bindings Update documentation of the registry module Adapt LassoProvider methods to care for protocol profile version when verifying signature * lasso/id-ff/provider.c: there is now 2 methods to verify signatures, methods calling the old one must now choose whether to call the liberty one of the SAML 2.0 one. Add a function to validate query signatures using SAML 2.0 semantic * lasso/xml/tools.c: this new function is a placeholder for the new SAML 2.0 semantic following query signature validation function. It will start with the old code of lasso_query_verify_signature. Propagate change of name for LASSO_PP_ defines 2010-02-08 Benjamin Dauvergne Core: in LassoServer constructors, test if private_key is loadable * lasso/id-ff/server.c: mark private_key as not mandatory as regression tests expect it to not be mandatory. test if loading of private key to encryption_private_key private field worked, if not abort the constructor and return NULL. * lasso/id-ff/server.h: fix name of constructors argument to corresponds with comments (binding generator use this correspondance to apply annotation from comments to the model obtained by parsing the headers). in lasso_xmlsec_load_private_key_from_buffer, do not let xmlSecBase64Decode show warnings 2010-02-05 Benjamin Dauvergne fix bad operation in bindings.py 2010-02-04 Benjamin Dauvergne Bindings: restore ID-WSF constants, improve python getters, * bindings/bindings.py: parse idwsf_strings.h to get ID-WSF constants. * bindings/utils.py: add an is_rc check function, to check for 'error code' return type. * bindings/perl/lang.py: only raise errors for 'int' or 'gint' return type * bindings/python/lang.py: - always create a normal function binding. - for functions starting with 'get' try to create a corresponding property, but if a corresponding member already exists, fails, and print a warning about getter function/member field clash. - make type dispatching on return_type more explicite. Core: Finish support for all XMLDsig key formats * lasso/xml/tools.c: xmlsec is not able to load a certificate public key without checking it against trusted root certificate, so we must work around and load the key by hand. lasso_xmlsec_load_private_key_from_buffer is made more robust in the same (loading of the key was extracted inside _lasso_xmlsec_load_key_from_buffer) and now can load certificates and keys directly embedded inside KeyValue nodes (in total opposition to the XMLDsig specification but...), with or without PEM headers. * tests/metadata/Makefile.am tests/metadata/metadata_06.xml tests/metadata_tests.c: add test case for RSAKeyValue public keys. Binding python: fix getter for non-object fields * bindings/python/lang.py: transition to bindings/utils.py methods broke getters. Core: in lasso_xmlsec_load_key_info add flag to let xmlSec load certificates * lasso/xml/tools.c: adding the flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS make xmlSec able to load certificate, the 'hand made' code to load certificate is then useless. Tests: add more checking to dump generation code in login_tests.c Tests: adapt server constructor settings to recent changes Core: in lasso_profile_get_request_type_from_soap_msg use lasso_xml_parse_memory_with_error * lasso/id-ff/profile.c: (lasso_profile_get_request_type_from_soap_msg) use lasso_xml_parse_memory_with_error instead of xmlParseMemory, use error code output argument to log error reports. Core: in provider.c, make lasso_provider_load_metadata_from_buffer the main metadata loading function * (init_from_xml) fail initialization if we cannot load the metadatas, and log a warning. * extract _lasso_provider_load_metadata_from_buffer from lasso_provider_load_metadata_from_buffer, which accept a length parameter. use it inside lasso_provider_load_metadata, instead of xmlParseFile. * (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and lasso_xmlsec_load_private_key to load the public keys. Core: use lasso_xml_parse_file to load affiliation file Binding java: Makefile.am has multiple target rules, it cannot support parallel builds Core: in tools.c, add function to load XML files and KeyInfo nodes * tools.c: add lasso_xml_parse_file, based on g_file_get_contents and lasso_xml_parse_memory. add lasso_xml_parse_memory_with_error which instead of logging errors, can return the xmlError structure. add lasso_xmlsec_load_key_info, which allows to load keys from ds:KeyInfo XML nodes. It also support the "Lasso" bug of using ds:KeyValue directly to store base64 encoded keys and certificates. SAML 2.0: in name_id_management.c, rework lasso_name_id_management_new_from_dump Core: add more memory tracing, add a tracing macro * lasso/utils.h: add lasso_trace, which as a printf signature. * xml/xml.c: add more trace to node initialization code. Tests: in valgrind suppressions file add more GLib suppressions Tests: in basic_tests.c, re-enable parsing of LassoWsuTimestamp objects Core: use lasso_node_new_from_dump to implement _new_from_dump methods * provider.c: add annotation for nullable arguments (necessary for bindings of new_from_buffer). * server.c: add annotations, allow to set encryption_private_key from buffers Binding perl: add cleanup for temporary data of trampoline code * bindings/perl/lang.py: data type not common to Perl and C must be allocated for the duration of the call (mainly GList and xmlNode), but after the call they must be deallocated. SAML 2.0: in samlp2_response.c, simplify code path for assertion encryption Fix leaks * lasso/id-wsf-2.0/profile.c: release private data object. * lasso/saml-2.0/login.c: free NameID content after construction. * lasso/xml/tools.c: free algorithm attribute content in lasso_node_decrypt_xmlnode. * lasso/xml/xml.c: release cutom_element->nodename in destructor. remove useless finalize method. * tests/basic_tests.c: release xmldoc after use. * tests/random_tests.c: free resut of lasso_node_dump. Fix leaks, change signature of lasso_provider_get_sp_name_qualifier, make it return a const char* in lasso/xml/tools.c, remove leaks of xmlSecKey and xmlNode in lasso_xmlsec_load_private_key, do not leak the file buffer, in lasso_node_encrypt do not leak the keys manager 2010-02-01 Benjamin Dauvergne Binding perl: many improvements * lang.py: use lasso_unref instead of g_object_unref. * lang.py: handle 'optional' annotation for more types, needed by ID-WSF bindings. * lang.py, gobject_handling.c: check object type before making the C call * Makefile.am: improve silent rules, hide all normal output, show errors, and with V=1 shows everything * glist_handling.c, gobject_handling.c: make local functions static * t/Lasso.t: add non regression test for method receiver type checking. * glist_handlind.c; remove unused convertion functions. * lang.py: clear the semi-assigned list and croak if all list elements do not convert to non-NULL values. Bindings: re-add binding for lasso_session_get_assertions for perl, special case formatting function for WsAddressing namespace * bindings/utils.py: type have LassoWsAddr prefix but function have the lasso_wsa_ prefix, so we have to adjust generated prefix. Bindings: use lasso_return_xxx macros instead of GLib ones ID-WSF: remove useless new_from_message methods Core: in utils.h, add macros to replace verbose g_return_val_if_fail Core: document return values of lasso_login_validate_request_msg Utils: lasso_unref, a safe g_object_unref, and add some document about existing family of macros Core: do not emit messages inside lasso_check_version Bindings: os.path.relpath is only present since python 2.6, add a local implementation for older python versions Add a dist-hook to remove .svn directories before taring the dist Bindings: make binding generation more silent * bindings/java/Makefile.am bindings/perl/Makefile.am bindings/php5/Makefile.am bindings/python/Makefile.am: use AM_V_GEN, or similar variable for all steps of binding generation, normal output can be activated with the V=1 argument to the 'make' command. Binding java: use eager evalutation to get list of sources files * bindings/java/Makefile.am: use := to provoke eager evaluation so that java-list mode is not called many times. 2010-01-29 Benjamin Dauvergne Bindings: use 'absolute' header paths to produces bindings * bindings/bindings.py: if files from bindings are using absolute instead of relatives header paths they can be independant of the lasso source. Bindings perl: simplify Makefile.PL * bindings/perl/Makefile.PL: remove as much special casing as possible so that it could eventually become a CPAN module. use pkg-config to find lasso libs if no explicit LIBS command line argument is used. * bindings/perl/Makefile.am: pass parameters using command line argument instead of environment variable, which needed a special Makefile.PL. Binding perl: special case for lasso_check_version * bindings/perl/lang.py: special case lasso_check_version for not raising an error when it returns 1. * bindings/perl/t/Lasso.t: add a non regression test. Binding perl: remove warning when passing Null to croak * bindings/perl/gobject_handling.c: croak is aliased to Perl_croak_nocontext which has a gcc attribute 'notnull'. We use Perl_croak and an explicit perl context object, to work around this warning. in bindings.py, change header paths Update files for a 2.2.91 release update changelog Binding python: make a better use of default value annotation for creating method declarations Binding perl: many improvements * handle GHashTable of strings and objects. * report errors with 'croak' as a Lasso::Error object. * add more basic tests. * for string arguments, convert undef to NULL, and croak if function does not accept NULL. * fix library paths in Makefile.PL. Bindings: in bindings.py, fix regexp and annotation parsing for optional arguments and their default values SAML 2.0: fix annotations, documentation and signatures 2010-01-28 Benjamin Dauvergne Bindings python ID-WSF 1.0 tests: update PP HREF symbol Bindings php5: string hashtable methods are only used by ID-WSF bindings, mark them unused by default * bindings/php5/wrapper_source_top.c: only id-wsf has field of type GHashtTable so when compiling without --enable-wsf, it give 'unused symbols' errors. Lets mark de the concerned functions as unused. ID-WSF 1.0: make LassoServer.services private with respect to the bindings Bindings java: use utils.py methods, make set_hash_of_objects more robust Tests: export sp2-la do dist file for dist with id-wsf enabled Bindings: add time_t to integer types, add unpointerize method Binding python ID-WSF 2.0 tests: update some tests Binding Python ID-WSF 2.0: comment out test ID-WSF: change name of Personal Profile namespace symbols, add symbols for ID-SIS PP 1.1 Bindings: java, php5, python simplify logic in binding generator * use utils.h macros to manipulate fields. * use utils.py function to filter variables, argument and return types. * finish support of hashtables of strings for php5 and python. Bindings: better parse oftype annotation for hashtable, allow to skip structures * bindings/bindings.py: add possibility to skip generating bindings for structures to overrides.xml. parse element-type annotation /* of XXX */ for hashtable objects. output to stderr warning about skipped objects. parse idwsf_strings.h * bindings/overrides.xml: skip more ID-WSF 1.0 functions in java and perl. skip structure LassoAuthentication. Core: fix gtk-doc annotations Core: add new macros to lasso/utils.h, fix lasso_assign_new_list_of_gobjects * lasso/utils.h: add: - lasso_assign_new_xml_node - lasso_assign_new_list_of_strings - lasso_assign_new_list_of_xml_node fix lasso_assign_new_list_of_gobjects, bad naming of release macro. XML: add missing element-type annotations Bindings: in bindings/utils.py, augment robustness of matching functions to work with type alone or triples Binding perl: update to binding * change extension of typemap files because if conflicts with existing * support constant list of strings and gobjects, add input rule for list of gobjects * fix setter for GList fields 2010-01-26 Benjamin Dauvergne ID-WSF 1.0 & 2.0: complete lasso-sections.txt, add internal API to access SOAP headers, complete WS-Addressing support * docs/reference/lasso/lasso-sections.txt: complete documentation of LassoSoapEnvelope and LassoSoapFault with ID-WSF additions. * lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/soap_binding.c lasso/id-wsf-2.0/soap_binding.h: add internal function _get_node and _get_header to simplify implementation of accessors for headers. change signature of lasso_soap_envelope_get_message_id and add new function lasso_soap_envelope_get_relates_to. update call points. add a message id when building a SOAP message. * lasso/xml/idwsf_strings.h: add element name for MessageID and RelatesTo WS-Addressing elements. * lasso/id-wsf/authentication.c lasso/id-wsf/data_service.c lasso/id-wsf/discovery.c lasso/id-wsf/wsf_profile.c lasso/id-wsf-2.0/saml2_login.c lasso/xml/disco_description.c: fix path name of header lasso/id-wsf/wsf_utils.h. make all internal include path relatives. 2010-01-26 Benjamin Dauvergne Core XML: make lasso_node_set_custom_namespace/nodename take const string * lasso/xml/xml.c lasso/xml/xml.h: mark argument of lasso_node_set_custom_namespace and lasso_node_set_custom_nodename as const char* strings. Core XML: add function to get the namespace of a LassoNode * lasso/xml/xml.c lasso/xml/xml.h: if a custome namespace is set, return it, otherwise return the class namespace (klass->node_data->ns->href). Binding perl: fix include paths in the makefile, again in bindings/perl/Makefile.PL, add include path for normal builds in configure.ac, activate the Perl binding in normal builds Core: in configure.ac, activate warning when debugging, not in normal build * configure.ac: remove -Wxxx flag from AM_CFLAGS, add them if --enable-debugging is used. in lasso/saml-2.0/logout.c, fix missing declaration Core: update errors.c file in bindings/perl/Makefile.am, change permission to make distcheck works in bindings/perl/Makefile.am, add files to EXTRA_DIST 2010-01-26 Benjamin Dauvergne Bindings: add a new perl binding using the new binding infrastructure * XS files is autogenerated using bindings/binding.py model of the Lasso API. All constants are in the Lasso::Constants package, the LASSO_ prefix is removed. All classes are now Lasso::ClassName, field accessor also serves as setters, i.e you can do this: $name_id = Lasso::Saml2NameID::new(); $name_id->content('coin'); print $name_id->content; Is still missing: - a lot of test files, - support for hashtables, - and throwing exceptions when return code is non-zero. 2010-01-26 Benjamin Dauvergne Bindings: in utils.py, fix is_glist and is_hashtable, make arg_type accept simple string as input instead of triples in lasso/xml/saml_attribute_value.h, fix typo in content type annotation in lasso/xml/sa_sasl_response.h, add GList content type annotation to field 'any' Bindings PHP5: use is_cstring to match string types Bindings: remove all SWIG bindings and SWIG related files Add new macro lasso_list_add_new_xml_node * lasso/utils.h: fix lasso_list_add_xml_node, it must copy the node before assigning it. add lasso_list_add_new_xml_node for keeping the old behaviour. * lasso/xml/xml.c: fix use of lasso_list_add_xml_node, because copying the node before assigning it is a leak now. 2010-01-25 Benjamin Dauvergne in bindings/ghashtable.h, Add missing unused argument hints SAML 2.0 Logout: when in an SP initiated logout, lasso_logout_build_response_msg is the finishing call * lasso/saml-2.0/logout.c: when calling lasso_logout_build_response_msg(), if we known that we are in the middle of an SP initiated logout, i.e. if initial_remote_providerID is not NULL, then we can restore the intial response. Fix name of LASSO_WSSEC_BAD_PASSWORD * lasso/errors.c lasso/errors.h: LASSO_WSSE_BAD_PASSWORD -> LASSO_WSSEC_ERROR_BAD_PASSWORD * lasso/xml/ws/wsse_username_token.c: update client code. Bindings java: cast return value of special constructors * bindings/java/lang.py: in the JAVA API special constructors are made to return their real type, but usual GObject constructors return their base type (here LassoNode) so we have to cast it. Export more assertion access API for LassoSession * lasso/id-ff/session.c lasso/id-ff/session.h lasso/id-ff/sessionprivate.h: export lasso_session_get_assertion(), lasso_session_add_assertion() and lasso_session_remove_assertion(). remove them from private header. * docs/reference/lasso/lasso-sections.txt: update documentation 2010-01-21 Benjamin Dauvergne Bindings: remove useless overrides * bindings/overrides.xml: It is no more needed to force return type of constructors to their real types, the bindings check the type dynamically anyway. Fix GHashTable backward compatibility header * lasso/ghashtable.h: g_hash_table_remove_all_nodes is not a public function, use g_hash_table_foreach_remove instead. 2010-01-20 Benjamin Dauvergne in saml2_name_id.c, include utils.h to benefit from replacement for g_strcmp0 Fix LASSO_WSSEC_BAD_PASSWORD error, reformat wsse_username_token.c * lasso/errors.h: change error id and error name for LASSO_WSSEC_BAD_PASSWORD * lasso/xml/ws/wsse_username_token.c: update reference to LASSO_WSSEC_BAD_PASSWORD. reformat line longer than 100 characters. 2010-01-19 Benjamin Dauvergne ID-WSF 2.0: add some annotations Core: in backward_comp.h, include string.h if g_strcmp0 is used * lasso/backward_comp.h: implementation of g_strcmp0 depends upon string.h. WS-Security: fix typo in name of string symbols * lasso/xml/idwsf_strings.h: uppercase define for WS-Securities SOAP faults. WS: complete support for wsse:UsernameToken * docs/reference/lasso/lasso-sections.txt: add new functions and change type name in documentation. * lasso/errors.h lasso/errors.c: add an error to report password verification failure * lasso/xml/ws/wsse_username_token.h lasso/xml/ws/wsse_username_token.c: update support for wsse:UsernameToken up to version 1.1, implement digest and derived keys computations. * lasso/xml/idwsf_strings.h: add strings for Username WS-Security Token profile XML SAML-2.0: AuthnContext content is a xdf:choice so make content optional - lasso/xml/saml-2.0/saml2_authn_context.c: can contain at least one node among: - - - to approximate this possibility, we need to make any of them optional. should be a list but we cannot change it without breaking the ABI, so we will wait for this. make an explicit copy of lasso.doap to website/web/doap.rdf Reduce news message to fit the news column 2010-01-18 Benjamin Dauvergne updat download link ID-WSF 2.0: Add saml2_login.h to list of headers Documentation: wsse_security.xml is now wsse_security_header.xml By default make autogen.sh to enable gtk doc Bindings PHP5: rewire php5 tests to the makefiles, make them pass distcheck in autogen.sh, move libtoolize and gtkdocize before aclocal fix typo Merge EXTRA_DIST declarations in tests/Makefile.am fix bad commit tag release 2.2.90 Update changelog Change again date of release 2.2.90 Add tests/valgrind to dist tarballs Add autogen.sh and tools to EXTRA_DIST in top Makefile.am Documentation: distribute stylesheet, fix documentation comments, compelte lasso-sections.txt Documentation: add empty lasso-overrides.txt, it seems to be necessary ID-WSF: mark API as Private not Internal Core: complete documentation on LassoSession Core: complete documentation on LassoProfile Core: complete documentation on LassoLogin fix typo (transfer-none) -> (transfer none) ID-WSF 1.0: change name of utils.{c,h} file for documentation parsing * utils.h: this header has the same name as an other header which is not parsed by the documentation (lasso/utils.h) and the documentation process just match by filename, so we rename it. Website: add news about 2.2.90 2010-01-16 Benjamin Dauvergne Add bindings/python/examples to dist file remove empty directory remove empty directory 2010-01-15 Benjamin Dauvergne Documentation: update lasso-sections.txt Update doap file FIX ABI breakage between 2.2.1 and 2.2.2 in LassoSamlAdvice * lasso/xml/saml_advice.c lasso/xml/saml_advice.h: restore fields AssertionIDReference and Assertion, remove field any to restore state from 2.2.1 * lasso/id-ff/session.c: use xmlNode stored inside LassoSamlAssertion objects instead of accessing the 'any' list of xmlNode that was inserted in LassoSamlAdvice. 2010-01-14 Benjamin Dauvergne FIX ABI breakage when addning new field to struct LassoSaml2AttributeValue Fix ABI breakage due to change of constant name from LASSO_SOAP_FAULT_REDIRECT_REQUEST to LASSO_SOAP_ERROR_REDIRECT_REQUEST_FAULT Fix ABI breakage with respect to 2.2.1 Documentation: add lasso_profile_set/get_signature_hint to lasso-sections.txt Add files listings the ABI of Lasso Tools: add script to generate a listing of Lasso ABI * tools/api.py: use parser from the binding generator to output a list of symbols * bindings/bindings.py; add private flags to not clobber 'private' fields of structures or methods not exported in bindings like _get_type. ID-WSF: separate ID-WSF strings into their own header start NEWS file for 2.2.90 Tests integration: remove save_html hooks, after fed termination logout button should still be there Bindings python: use is_cstring for matching GList element type 2010-01-14 Benjamin Dauvergne SAML 2.0 Logout: undo some change to when the assertion is removed * lasso/saml-2.0/logout.c: - do not remove the assertion in init_request, as before only if all fails (event REDIRECT is unsupported). - in process_response_msg remove the assertion if we are the IdP or if there is no error. - in validate_request, remove the assertion if there is no error. I think that there will be more updates to this in the future. 2010-01-14 Benjamin Dauvergne Bindings: make is_cstring usable with tuple and with direct type Core: remove warning emiting macros from lasso_session_remove_assertion * lasso/id-ff/session.c: we already return error code, no need to log more warnings. SAML 2.0: report missing request when creating artifact resolve response, fix typo in lasso_saml20_profile_build_post_response_msg SAML 2.0: Fix typo in lasso_saml20_login_build_authn_response_msg ID-FF&SAML2: if use is not defined on a key descriptor use the key for any use * lasso/id-ff/provider.c lasso/saml-2.0/provider.c: if the "use" attribute is not set on a KeyDescriptor, use the key for signing and encryption. 2010-01-12 Benjamin Dauvergne Tests SAML2: use & test encryption SAML 2.0: add saml2_helper.h to include files to install Tests: fix inclusion of id-wsf 2.0 tests Core: add new SAML 2.0 public header to top level header lasso.h ID-WSF 2.0: remote saml2_login_private.h from Makefile.am Bindings: add support for time_t to bindings, add support for 'string' type for list in java binding in saml2_helper.{c,h}, remote const modifier from time_t type in saml-2.0/name_id_management.c: handle NewEncryptedID, only encrypt if needed in saml-2.0/logout.c: remove commented code, only encrypt if needed, intialize local variables in lasso_saml20_login_init_idp_initiated_auhtn_request, do not use init_authn_request, manually create the request. in lasso_saml20_login_init_authn_request, use saml-2.0/profile.c functions to reduce code size in saml-2.0/profile.c, in lasso_saml20_build_response_msg, when no url is given, only stop for bindings needing one in saml-2.0/profile.c, in lasso_saml20_profile_init_response make direct access in saml-2.0/profile.c, in lasso_saml20_init_request better check for supported bindings, do not check for identity or session, report SESSION_NOT_FOUND only if first_in_session is used, do not stop on missing name_id. in saml2_helper.c, remove dead code SAML 2.0: in lasso_saml20_provider_accept_http_method, add HTTP-Artifact-POST case, better check for bad inputs, and handle special SingleSignOn case Core Profile: remove need for identity in lasso_profile_get_nameIdentifier Core Server: make default to load signing private key also as encryption private key Commit to delete Core: rewrite lasso_assertion_encrypt using lasso_xmlsect_load_key and add recipient argument Core: add simple function to load key from any format Core Node: add args to lasso_node_encrypt to set recipient of an encrypted element Binding python: provide old binding name for set_encryptionMode SAML 2.0: overhaul for ubuquitous binding support, still need work for HTTP-Artefact Core: in profile.c, profile.h, profileprivate.h, add a new attribute to express signature needs Core: in identity.c, do not emit trace when lasso_identity_get_federation fails XML Core: in xml.c, private.h, add a lasso_node_remove_signature function XML: fill node_data->{certificate,private_key}_file_offset for nodes with signatures Core: in xml/private.h, add new field to LassoNodeClassData for private_key and certificate handling Core: in provider.h, add LASSO_PROVIDER_ROLE_BOTH Core: in profile.c, make lasso_profile_get_nameIdentifier work for transient federations * lasso/id-ff/profile.c: if no LassoIdentity is accessible try to get a name identifier through the assertion in the LassoSession object. This allows the logout profile to work without an identity object (which is normal since logout does not modify the federation status). Core: in provider.h, add new SAML 2.0 HTTP-Method, PAOS SAML 2.0: add new function to factorize adding signature to a message Fix mitm attack using the AssertionConsumerURL property on requests * lasso/saml-2.0/login.c: check that the URL is know before using it * lasso/saml-2.0/provider.c lasso/saml-2.0/providerprivate.h: add a function to check that an URL corresponds to a know AssertionConsumer of the given provider. ID-WSF 2.0: fix in documentation 2010-01-04 Benjamin Dauvergne Bindings: simplify GList handling XML: add element type annotation to all GList fields Bindings: in bindings/python/Makefile.am, precise generated files dependencies XML: move SOAP API to its own sub directory Bindings: in overrides.xml, remove noew useless directives Python binding: update test scripts to new ID-WSF API Binding ID-WSF 2.0: do not bind lasso_wsa_endpoint_reference_get_*_token methods Tests: add idwsf2_tests.c, call from tests.c, update Makefile.am 2010-01-04 Benjamin Dauvergne ID-WSF 2.0: in profile.{c,h}, discovery.{c,h}, data_service.{c,h}, overhaul all profiles. * lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.h: - lasso_idwsf2_profile_get_name_identifier returns the NameID found in an assertion used as a WS-Security token when security mechanism Bearer or SAML are used. - complete the function lasso_id_wsf2_profile_build_soap_envelope with construction of the Sender element which is used to transmit the providerID of the message sender by the SOAP binding ID-WSF 2.0 specification. - remove useless instance_init function in profile object - reset some profile fields in process_soap_request_msg (response, body, nameIdentifier). use lasso_saml20_profile_name_identifier_decryption for handling NameID from WS-Security mechanism assertion. - add private_data - change signature of lasso_idwsf2_profile_init_soap_request to use and EPR and a security mechanism specifier when building the SOAP request. - change signature of lasso_idwsf2_profile_process_soap_request to verify security_mech_id of received messages. * docs/reference/lasso/lasso-sections.txt: add the function to the documentation. * lasso/id-wsf-2.0/discovery.{c,h}: - use utils.h macros instead of g_return_val_if_fail because it removes useless warning, since it returns an error code. release acquired resources. - in lasso_idwsf2_discovery_metadata_register_self, return error code instead of identifier string for the new service, use an out parmeter to return the identifier, use utils.h macros. - in lasso_idwsf2_discovery_init_metadata_register, use utils.h macros, check return code of lasso_idwsf2_profile_init_soap_request. - change signature of lasso_idwsf2_discovery_init_metadata_register to support security_mech_id, try to get URL from an existing Discovery service EPR (from Session object). - change signature of lasso_idwsf2_discovery_process_metadata_register_msg, lasso_idwsf2_discovery_init_metadata_association_add, lasso_idwsf2_discovery_process_metadata_association_add_msg, lasso_idwsf2_discovery_init_query, lasso_idwsf2_discovery_process_query_msg, to support security mechanism. - improve lasso_idwsf2_discovery_build_query_response_eprs. - add lasso_idwsf2_discovery_get_nth_data_service to acces returned services. * lasso/id-wsf-2.0/data_service.{c,h}: - redo all the API 2010-01-04 Benjamin Dauvergne ID-WSF 2.0: in session.c, fix memory handling errors ID-WSF 2.0&ID-WSF: in profile.c, wsf_profile.c, errors.c, errors.h, and in lasso-sections.txt change LASSO_SOAP_FAULT_REDIRECT_REQUEST to LASSO_SOAP_ERROR_REDIRECT_REQUEST_FAULT ID-WSF 2.0 Errors: in errors.{c,h}, add new errors code for ID-WSF 2.0 - add LASSO_DST_ERROR_EMPTY_REQUEST - add LASSO_WSF_PROFILE_ERROR_SECURITY_MECHANISM_CHECK_FAILED - add new errors codes for generic profiles and disco service ID-WSF 2.0 XML: in strings.h, add identifiers from ID-WSF 2.0 standards - add status code for ID-WSF 2.0 DST - add token usage identifiers - conform security mechanism identifiers to ID-WSF 2.0 Liberty Sech Mech specification - add Discovery Service status codes - add Soap Binding status codes - add disco result type and user interaction hint strings ID-WSF 2.0 XML: in sec_token.c, remove extra SNIPPET_ANY ID-WSF 2.0 XML: in util_response.{c,h}, add helper functions to idwsf2_util_status ID-WSF 2.0: in server.c, change annotation of lasso_server_get_svc_metadatas_with_id_and_type. ID-WSF 2.0: in saml2_login.c, change API * lasso/id-wsf-2.0/saml2_login.c: - change private lasso_saml20_login_assertion_add_discovery to public lasso_login_idwsf2_add_discovery_bootstrap_epr. - remove lasso_saml20_login_copy_assertion_epr, add lasso_login_idwsf2_get_discovery_bootstrap_epr. * docs/reference/lasso/lasso-docs.sgml: - add sections id_wsf_2_0_login * docs/reference/lasso/lasso-sections.txt: - add new functions to section id_wsf_2_0_login ID-WSF 2.0: in idwsf2_helper.c, add new functions, fix old things - add lasso_wsa_endpoint_reference_get_service, lasso_wsa_endpoint_reference_associate_service_type_uri, ID-WSF 2.0: create idwsf2_helper.{c,h}, new module for manipulating EPR elements * lasso/id-wsf-2.0/idwsf2_helper.c lasso/id-wsf-2.0/idwsf2_helper.h: add new functions lasso_wsa_endpoint_reference_get_idwsf2_service_type, lasso_wsa_endpoint_reference_get_idwsf2_provider_id, lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism, lasso_wsa_endpoint_reference_get_token_by_usage, lasso_wsa_endpoint_reference_get_security_token,lasso_wsa_endpoint_reference_get_target_identity_token, lasso_wsa_endpoint_reference_new_for_idwsf2_service, and lasso_wsa_endpoint_reference_add_security_token. * lasso/id-wsf-2.0/idwsf2_helper.h: declare new functions. * lasso/id-wsf-2.0/Makefile.am: add new files to source list ID-WSF 2.0: in soap_binding.{c,h}, add new functions 2010-01-04 Benjamin Dauvergne ID-WSF 2.0: add files soap_binding.c, soap_binding.h * lasso/id-wsf-2.0/Makefile.am - reference new source files in Makefile.am * lasso/id-wsf-2.0/soap_binding.c * lasso/id-wsf-2.0/soap_binding.h: - add extraction functions lasso_soap_envelope_sb2_get_provider_id, lasso_soap_envelope_sb2_get_redirect_request_url, lasso_soap_envelope_sb2_get_target_identity_header, lasso_soap_envelope_add_action and lasso_soap_envelope_get_action. - add SOAP security headers accessors - add lasso_soap_envelope_get_saml2_security_token which simplify retrieving a SAML 2.0 assertion used as a WS-Security token. complete documentation of other functions. * docs/reference/lasso/lasso-sections.txt: - reference the new functions in a new section soap_binding2 * docs/reference/lasso/lasso-docs.sgml: - add new section soap_binding2 ID-WSF 2.0: in soap_binding.{c,h}: add function 2010-01-04 Benjamin Dauvergne ID-WSF: in id_ff_extensions.c, add SECTION gtk-doc declaration ID-WSF: in interaction_profile_service.{c,h}, make initialization of a redirect request, part of LassoWsfProfile methods. ID-WSF: in discovery.c:lasso_discovery_init_resource_offering, add doc annotations, use assignment macros to set output argument ID-WSF: in discovery.c, update documentation annotations * lasso/id-wsf/discovery.c: - add annotations to lasso_discovery_init_query, lasso_discovery_init_modify, lasso_discovery_process_request_msg. - initialize response in lasso_discovery_process_query_mesg and lasso_discovery_process_modify_msg, so that modifications of the response can be done between _process_ and _build_ calls. ID-WSF: in data_service.c:lasso_data_service_init_query check absent resource offering, support security_mech_id argument * lasso/id-wsf/data_service.c lasso/id-wsf/data_service.h: - in lasso_data_service_apply_modifications, dst_modification initialization is missing. - remove lasso_data_service_get_redirect_request_url - change LASSO_DATA_SERVICE_CANNOT_ADD_ITEM to LASSO_DATA_SERVICE_ERROR_CANNOT_ADD_ITEM - in lasso_data_service_init_query, complete documentation, fix mem leak - factorize code between lasso_data_service_build_modify_response_msg and lasso_data_service_build_query_response_msg, create lasso_data_service_build_response_msg - in lasso_data_service_get_answer, add out annotation to output parameter - simplify API, simplify code path for query and modification processing - add lasso_data_service_process_request_msg, lasso_data_service_build_modify_response_msg, lasso_data_service_validate_request. - remove lasso_data_service_process_query_msg and lasso_data_service_process_modify_msg from public API. - in lasso_data_service_process_query_msg and lasso_data_service_process_modify_msg add arg checks, make them static and move preprocessing of the request in lasso_data_service_process_request_msg. - in lasso_data_service_get_answer, fix request/response mismatch. - add accessors lasso_data_service_set_resource_data and lasso_data_service_get_resource_data. - add securit_mech_id arg to data_service_init_modify, export resource_data accessor methods - remove lasso_data_service_get_redirect_request_url - fix missing intializations and leaks ID-WSF: in wsf_profile.c, fix mem leaks ID-WSF XML: in dst_modification.c, add SNIPPET_BOOLEAN to overrideAllowed attribute snippet ID-WSF XML: in dst_modify.{c,h}, remove extra argument to the constructor of LassoDstModify * lasso/xml/dst_modify.c: * lasso/xml/dst_modify.h: remove parameters of the default constructor. Tests: in tests/login_tests.c, change path of header utils.h Tests: in basic_tests.c, fix, do not overwrite known elements mappings * tests/basic_tests.c: when testing functionality of lasso registries which map namespace elements to lasso objects, do not use liberty namespace because it interacts with other tests -- deserialization of lib:Assertion node was broken by this test -- when running them in CK_FORK=no mode. Changed namespace LASSO_LIB_HREF, for "coin" which is less dangerous. WS XML: change signature of lasso_wsa_attributed_uri_new_with_string, add mappings * wsa_attributed_uri.c: - constify first argument of lasso_wsa_attributed_uri_new_with_string. - add add direct mappings from wsa:Action,wsa:To to LassoWsAddrAttributedURI and from wsa:From,wsa:ReplyTo,wsa:FaultTo to LassoWsAddrEndpointReference SAML 2.0: in login.c, use lasso_server_saml2_assertion_setup_signature XML: in private.h, remove duplicate declaration of lasso_xml_parse_memory ID-FF XML: in lib_assertion.c, add registry mapping for lib:AssertionType * xml/lib_assertion.c: this object is really a container for lib:AssertionType, so register it. Core: in provider.c, add lasso_provider_verify_single_node_signature * lasso/id-ff/provider.c lasso/id-ff/provider.h: add a new function to check an enclosed single signature on a LassoNode, given that the LassoNode retained its original xml node content. SAML 2.0: in login.c, fix memleaks * lasso/saml-2.0/login.c: return value from lasso_provider_get_sp_name_qualifier must be freed. SAML 2.0: in login.c, remove discovery bootstrap handling Core Login: in login.c, add assertion accessor * docs/reference/lasso/lasso-sections.txt: declare new function * lasso/id-ff/login.c lasso/id-ff/login.h: add new function lasso_login_get_assertion. * lasso/saml-2.0/login.c: store created assertions * lasso/id-ff/login.h: make assertion field private for bindings. 2010-01-04 Benjamin Dauvergne SAML 2.0: in saml2_helper.c, add new methods to manipulate SAML2 assertions * lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h: - add lasso_server_saml2_assertion_setup_signature, to help in defining signature upon saml2:Assertion nodes. - add new symbols LASSO_DURATION_MINUTE, LASSO_DURATION_HOUR, LASSO_DURATION_DAY, LASSO_DURATION_WEEK. - add method lasso_saml2_assertion_add_attribute_with_node * docs/reference/lasso/lasso-sections.txt: declare new functions in saml2_helper section. 2010-01-04 Benjamin Dauvergne Tests: in basic_tests.c, check LassoSaml2EncryptedElement handling SAML 2.0 XML: map EncryptedID, EncryptedAssertion, EncryptedAttribute and NewEncryptedID element to saml2:EncryptedElement * lasso/xml/saml-2.0/saml2_encrypted_element.c: add registry mapping from EncryptedID, EncryptedAssertion, EncryptedAttribute and NewEncryptedID element to saml2:EncryptedElement SAML 2.0 XML: in strings.h, add the identifier for the holder of key subject confirmation method SAML 2.0: in provider.c, add node encryption function and reference it in doc * lasso/saml-2.0/Makefile.am: add new header provider.h * lasso/saml-2.0/provider.c lasso/saml-2.0/provider.h: add new function lasso_provider_saml2_node_encrypt to encrypt nodes and encapslutate the XML Enc datas in a LassoSaml2EncryptedElement node. * docs/reference/lasso/lasso-sections.txt: add function to saml2_utils section WS XML: add forgotten include file to wsa_attributed_uri.c and wsa_endpoint_reference.c WS Errors: in errors.h errors.c, add new error section for WS-Security handling Core: in server.c, change signature of lasso_server_get_provider, add anottations on return value * lasso/id-ff/server.h lasso/id-ff/server.c: - constify first argument of lasso_server_get_provider - add annotation about caller owned return value Core: in tools.c, complete documentation of lasso_verify_signature Core: in provider.c, add accessors for encryption informations * lasso/id-ff/provider.c: add getters for encryption_sym_key_type and encryption_public_key. * lasso/id-ff/providerprivate.h: declare new accessors. Core XML: in xml.{c,h}, add new function lasso_node_get_name to get the element name for an object Core XML: make first argument of lasso_misc_text_node_new_with_string const * lasso/xml/misc_text_node.h lasso/xml/misc_text_node.c: change signature of lasso_misc_text_node_new_with_string, string argument is const. Core XML: in xml/tools.c, add conversion method from iso8601 to time_t * lasso/xml/tools.c: add function lasso_iso_8601_gmt_to_time_t * lasso/xml/private.h: declare new function. 2010-01-04 Benjamin Dauvergne Core XML: in xml.c, keep original node names, handle xsi:type attribute better * lasso/xml/xml.c lasso/xml/xml.h: - fix signature of lasso_node_set_original_xmlnode, fix signature in documentation of lasso_node_set_original_xmlnode; - add a new API lasso_node_set_custom_nodename to specify the exact element name to use when serializing a LassoNode to XML. - rename internal structure _CustomNamespace to _CustomElement, add a nodename field to it. - rework internal functions around _CustomElement to be aware of an existing attached _CustomElement and re-use if needed. - move application of _CustomElement hints after the serialization of the node, so that the normal behaviour of the serialization is kept -- i.e. do not play with the list of parent classes. - use the full xsi:type content to find a LassoNode subclass when de-serializaing XML content, factorize QName->GObject class mapping for the three executions paths inside _type_name_from_href_and_nodename: - element QName, - xsi:type QName, - element name with xsi:type namespace - add a long comment expliciting the way the mapping is done. - remove direct mapping of EncryptedAssertion element, the registry declaration on the class LassoSaml2EncryptedElement shoud be enough. 2010-01-04 Benjamin Dauvergne Core XML: in xml.c, parse attributes with namespace checking * lasso/xml/xml.c: - use snippet->ns_uri and snippet->ns_name to parse attributes outside of the parent node namespace. Core XML: in xml/tools.c, improve lasso_eval_xpath_expression, do not fail when nodeset is empty * lasso/xml/tools.c: only check that the query returned a nodeset object, do not check its content size. Core: in utils.h, add a macros, fix existing * lasso/utils.h: - add macro lasso_ref(object), if object is not null, call g_object_ref on it, and return the value, otherwise do nothing and return NULL. - make a better reporting of bad object release - change format type for __LINE__ and dest arguments in lasso_release_gobject warning display. - add a lasso_check_non_empty_string macro - add new macro to extract a specific node type from a list of GObject objects. - use xmlStrdup not g_strdup for lasso_assign_xml_string - add lasso_list_add_gstrv and lasso_check_good_rc - add macro lasso_list_get_first_child - add inline function to test empty string - change macro lasso_check_non_empty_string to use the new inline function and go to cleanup - fix lasso_check_non_empty_string macro * lasso/utils.c: - add lasso_gobject_is_of_type returns 0 if first parameters is a gobject whose GType is equal to the second parameter, and 1 otherwise. Core: add new errors LASSO_PROFILE_ERROR_INVALID_RESPONSE, LASSO_PROFILE_ERROR_INVALID_REQUEST. 2010-01-04 Benjamin Dauvergne Bindings: in bindings.py, parse '(in)' gobject-introspection annotation, in utils.py, use it to reverse default annotation for pointer of pointers Bindings: in bindings.py, improve regular expression for declarations Bindings: parse gobject-introspection annotation in return value documentation, add cast to C calls when parameter type is const in java binding, problem arise with const char ** arrays 2010-01-04 Benjamin Dauvergne Bindings: do not stop on failing to parse a declaration, but skip the function and print a warning Python binding: add a pyobject->time_t conversion function Bindings python: in wrapper_top.c, mark internal function as potentially unused 2010-01-04 Benjamin Dauvergne Bindings: make the binding infrastructure understand GObject-introspections annotations * bindings/bindings.py * bindings/utils.py: add convenience function to treat arguments tuple: (type,name,{annotations}). introduce new argument options, fix that arguments are 3-tuple of the form (type,name,annotations), where annotations is a dictionary. Key of this dictionnary can be: - optional, wheter the argument is necessary, it means it has a default value. - out, means that the pointer is a pointer of pointer, for bindings that can return exceptions, it will be returned instead of the integer error code, the only way to access error codes will be exceptions. - element-type, contained type of a list or an array, - key-type, value-type, type of respectively the key and value of a GHashTable. - transfer, wheter a the callee(for arguments)/caller(for return values) owns the values passed, it can be none,container(if the callee/caller only owns the container not the contained value) or full. doc.parameters is now a 3-tuple of (attribute-name, attribute-description, attribute-annotations) where attribute-annotations is a string of the form '(option1)(option2 option-arguments) etc.'. - add predicates for xml, list and time_t values. improve predicates for cstring and const modifier. * bindings/overrides.xml: 'out' arguments are not well supported for java, so skip functions using them. * bindings/java/lang.py bindings/php5/php_code.py bindings/php5/wrapper_source.py bindings/python/lang.py: - update language specifig binding generators for handling new annotations. - improve python method declaration, handle optional arguments with default values, factorize this chode in two methods, get_python_arg_decl and defval_to_python_value. * bindings/python/tests/Makefile.am bindings/python/tests/idwsf1_tests.py bindings/python/tests/idwsf2_tests.py: make test work with out of source build dir. 2010-01-04 Benjamin Dauvergne Documentation: in lasso-docs.sgml, add glossary to the index, add book part delimitations * docs/reference/lasso/lasso-docs.sgml: add the glossary to the index. Core: in registry.c, change type cast to compile on amd64 platform * registry.c: use ptrdiff_t to cast to integer big enough to receive a pointer, then apply integer operations, then cast to the pointer type expected by g_direct_hash. 2009-12-16 Benjamin Dauvergne Core: in utils.h, change __STRING(x) for #x * lasso/utils.h: __STRING(x) does not seem more portable than #x so change, problem with AIX. 2009-12-09 Benjamin Dauvergne Downgrade version 2.2.90 to make a pre-release 2009-12-08 Benjamin Dauvergne in tests/tests.h, Add checks for true and false conditions Remove beginning of a PHP4 binding Upgrade version number Add missing headers to makefile, to pass make distcheck * lasso/xml/id-wsf-2.0/Makefile.am: make xml_idwsf2.h appear in the distribution file * lasso/xml/ws/Makefile.am: make xml_ws.h appear in the distribution file 2009-12-04 Benjamin Dauvergne in lasso_saml20_profile_export_to_query, checks return values * lasso/saml-2.0/profile.c: in lasso_saml20_profile_export_to_query, check return value of of lasso_node_build_query and lasso_query_sign. 2009-12-01 Benjamin Dauvergne Add SP initiated logout test to SAML 2.0 regression tests * tests/login_tests_saml2.c: add logout to first SAML 2.0 login regression test. * tests/tests.h: add macros to simplify checking of return value with check macros (encapsulate fail_unless macro to check for NULL/non-NULL values and good rc value (0) or expected bad value). 2009-11-30 Benjamin Dauvergne Restore ancient semantic of lasso_profile_is_session_dirty * lasso/id-ff/profile.c: lasso_is_session_dirty must return FALSE if session is NULL. Fix double g_object_unref * lasso/id-ff/login.c: status is already freed by lasso_assign_gobject, do not free it first with lasso_node_destroy. Restore call to autoheader in autogen.sh * autogen.sh: call to autoheader was removed during simplification of the autogen.sh script. Remove message level signature on redirect messages * lasso/saml-2.0/profile.c: remove message level signatures before building query strings. Add more check to remove_signature * lasso/saml-2.0/profile.c: check for NULL when accessing klass datas. 2009-11-02 Benjamin Dauvergne Augment query string limit for relaystate extraction to 8192 bytes * lasso/xml/tools.c: some application transfer relaystate longer thant the specification advised 80 bytes, try to cater for their needs. Add documentation for lasso_get_relaystate_from_query * lasso/xml/tools.c: add documentation on the internal function lasso_get_relaystate_from_query 2009-10-30 Benjamin Dauvergne Add C defines for SAML 2 'unspecified' authncontext class * lasso/xml/strings.h: add C defines for AuhtnContextClassRef, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified. Fix bad macro choice, precise error for bad formatted NIDM request * saml-2.0/name_id_management.c: use specialized lasso_saml20_profile_set_response_status set 'MissingNameID' second level error with requester first level error code when request is missing a name id. Fix reporting of error in message parsing * lasso/xml/xml.c: do not mix the return code from xmlSecBase64Decode and the return code for lasso_node_init_from_message_with_format. It fixes a segmentation fault in lasso_login_process_authn_request_msg. 2009-10-30 Benjamin Dauvergne Core: factorize code to obtain a SPNameQualifier * lasso/id-ff/provider.c lasso/id-ff/provider.h: add a method giving the SPNameQualifier for a provider (its entity id or its affiliation id). * lasso/id-ff/profile.c: * lasso/saml-2.0/login.c: update use sites. 2009-10-30 Benjamin Dauvergne Make php4 and perl binding disabled by default * configure.ac: make default for --enable-perl and --enable-php4 to "no". Those binding will not be maintained in the future. SAML2 Logout: initialize SessionIndex from the assertion * lasso/saml-2.0/logout.c: when creating a logout request message initialize the SessionIndex element with the correponding content in the stored assertion for this session. Tests: fix __FILE__ -> __file__ * tests/integration/saml2/__init__.py: path to the current python file is __file__ not __FILE__. SAML2: change lasso_saml20_profile_set_response_status signature * lasso/saml-2.0/profile.c: * lasso/saml-2.0/profileprivate.h: make lasso_saml20_profile_set_response_status2 the new implementation of lasso_saml20_profile_set_response_status. add helper macros to set success, responder and requester first level status code. * saml-2.0/assertion_query.c: * saml-2.0/login.c: * saml-2.0/logout.c: * saml-2.0/name_id_management.c: adapt consumers to the new signature. ID-FF: add a partial_logout flag to LassoLogout private_data * lasso/id-ff/logout.c: * lasso/id-ff/logout.h: add a flag to store the status of a partial logout SAML2: add an equals operator to the NameID class * lasso/xml/saml-2.0/saml2_name_id.c: * lasso/xml/saml-2.0/saml2_name_id.h: add a lasso_saml2_name_id_equals method which return TRUE if two NameId are equal. SAML2: use the static get_provider helper method in generic profile methods * lasso/saml-2.0/profile.c: instead of accessing directly profile->server use the helper method get_provider. SAML2: in logout_build_response_msg do not fail on missing remote_providerID * lasso/saml-2.0/logout.c: remote_providerId is verified in build_redirect_simple and is not necessary for SOAP response with a failure and profile->response cannot be null (we just created a response if it was missing). So this error case is now unnecessary. ID-FF1.2 and SAML2: remove direct access to profile->server->providers * client of LassoServer should use lasso_server_get_provider. * LASSO_PROFILE_ERRROR_UNKNOWN_PROVIDER was a mistake, it is superfluous, use LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND. Core: in profile, use lasso_server_get_provider - lasso/id-ff/profile.c: replace direct access to server->provider by lasso_server_get_provider. 2009-09-29 Benjamin Dauvergne Tests: add a test of NameIDFormat extraction - tests/basic_test.c: add test11_get_default_name_id_format which parse a metadata file and try to extract the default name id format. - tests/data/sp5-saml2/metadata.xml: add NameIDFormat node for testing. Core: add const modifier to return value of lasso_provider_get_metadata_list - lasso/id-ff/provider.c lasso/id-ff/provider.h: change return type of lasso_provider_get_metadata_list from GList* to const GList*. - lasso/id-ff/logout.c lasso/saml-2.0/logout.c lasso/saml-2.0/provider.c: change consumers of the API Core: Add const modifiers to LassoProvider methods * lasso/id-ff/provider.c lasso/id-ff/provider.h lasso/saml-2.0/provider.c lasso/saml-2.0/provider.h: add const modifier where they could be added. Do not use g_new, use g_new0 * lasso/id-ff/federation.c: * lasso/id-ff/logout.c: * lasso/id-ff/profile.c: * lasso/id-ff/provider.c: * lasso/id-ff/server.c: * lasso/id-ff/session.c: * lasso/id-wsf/authentication.c: * lasso/saml-2.0/ecp.c: * lasso/xml/xml.c: even for private datas, use g_new0, it is safer. Change setting of default NameIDFormat for SAML 2.0 login * saml-2.0/login.c: in lasso_saml20_login_init_authn_request, lasso_saml20_login_init_idp_initiated_authn_request, if the service provider provided a list of supported name id formats, use the first one as default for new AuthnRequest. * id-ff/login.c: modify documentation to report the new way of choosing a default. Add method to Provider to retrieve default NameIDFormat * lasso/id-ff/provider.c lasso/id-ff/provider.h: add lasso_provider_get_default_name_id_format, which returns the firs listed NameIDFormat from the SAML 2.0 metadatas of the provider. Complete documentation of lasso_login_init_authn_request concerning the NameIDFormat * lasso/id-ff/login.c: in lasso_login_init_authn_request, add docbook formatting, add remarks about the different NameIDFormat for ID-FF 1.2 and SAML 2.0. 2009-09-17 Benjamin Dauvergne Fix bugs found via coverity (thanks to Bhaskar Jain) * lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in lasso_idwsf2_data_service_process_query_response_soap_fault_msg. * lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable in get_xmlNode. * lasso/saml-2.0/login.c: in lasso_saml20_login_accept_sso check for ni and ni->Format null-ness before dereferencing, remove idp_ni which is not used anymore. remote all use of federation->remote_nameIdentifier, SAML 2.0 only need one NameID, and it will be local_nameIdentifier. * lasso/xml/xml.c: in lasso_node_traversal, check null-ness of node before dereferencing it, add check for class null-ness also. * lasso/id-ff/provider.c: in lasso_provider_get_first_http_method, remove useless check for t2 null-ness -- if found is TRUE, t1 and t2 cannot be null. * lasso/xml/tools.c: in lasso_sign_node, add documentation, check for private_key_file and xmlnode null-ness. in lasso_get_public_key_from_private_key_file, add a cleanup phase, check for cert variabl null-ness befor appending, count the number of certificates added. in lasso_query_verify_signature, check that URL unescaping and base64 decoding are succesfull before using the decoded strings. * lasso/saml-2.0/name_id_management.c: in lasso_name_id_management_validate_request, fix mis-handling of federation, if federation does not match request name_id, return UNKNOWN_PRINCIPAL. ID-WSF: finish unsealing field « is_dirty » of LassoSession * lasso/id-wsf-2.0/session.c: remove direct acces to LassoSession private field. 2009-09-11 Benjamin Dauvergne Core: unseal LassoSession public field * lasso/id-ff/session.c: * lasso/id-ff/session.h: * lasso/id-ff/sessionprivate.h: unseal session->is_dirty and session->assertions, remove the mirror version in the private data structure, and restore direct acces by methods. move the "private" comment before those two fields to hide them in the gtk-doc reference manual, normal access should be done by get_assertion and is_dirty methods. 2009-09-11 Benjamin Dauvergne XML ID-WSF: Fix parsing of most ID-WSF elements * lasso/xml/disco_send_single_logout.c: * lasso/xml/id-wsf-2.0/sb2_user_interaction_header.c: * lasso/xml/id-wsf-2.0/subsref_app_data.c: * lasso/xml/xml.c: lots of ID-WSF 1.0/2.0 classes were not passing the new non-regression test on serialization/deserialization. The main reason was the absence of mapping for their namespace in the prefix_from_href_and_nodename function. The other reason is that some class name does not correspond 1-to-1 to the element name (SendSingleLogOut vs. SendSingleLogout, notice the capitalised 'O'). The last problem was that mapping from nodes to GObject classes was done after default mapping ("Lasso"), now it's done before, to reflect the fact that it is a more specialized mapping. 2009-09-11 Benjamin Dauvergne Core: remove warning when lasso_registry_get_direct_mapping fails * lasso/registry.c (lasso_registry_get_direct_mapping): g_return_val_if_fail output a warning when condition fails, use a simple if instead. Tests: add more assertion to random test * tests/random_tests.c: add more assertion testing for various return values or field values. XML: Fix seg-fault bug introduced in commit 4108 * lasso/xml/xml.c: lasso_node_get_xmlnode_for_any_type is broken, if no original_xmlnode is present, return just cur. Also add all missing cases for the state of the pair (cur, orignal_xmlnode). * tests/basic_tests.c: add a non-regression test, testing all dump/restore functions. Core: add new macros to traverse lists * lasso/utils.h: lasso_foreach_full_begin(_type, _data, _iter, _list) traverse GList* _list, using _iter as iteration variable extract data field to variable _data of type _type. Test: fix Makefile.am to work with 'out of source' build directory * tests/Makefile.am: rpath must refer to the build directory, not the source directory. Core: fix extract_symbols regular expression * lasso/extract_symbols.py: the regular expression was not matching declaration over multiple lines, and would catch argument starting with lasso_. Fixed. XML: add all inclusive header files for id-wsf2, ws, id-wsf XML elements * lasso/xml/wsf/xml_ws.h: * lasso/xml/id-wsf-2.0/xml_idwsf2.h: * lasso/xml/xml_idwsf.h: new files. ID-WSF 2.0: add set_request/set_response method to Profile object * lasso/id-wsf-2.0/profile.c: * lasso/id-wsf-2.0/profile.h: add two methods that set the response object and replace the content of the SOAP message with this object. XML SOAP: add new soap fault constructor * lasso/xml/soap_fault.c: * lasso/xml/soap_fault.h: add a full constructor allowing to set faultcode and faultstring in one call. XML ID-WSF 2.0: make non simple constructor of MiscTextNode return real type * lasso/xml/misc_text_node.c: non simple constructor must return the real object type because Java binding does not work without it. XML SAML 1.1: fix schema figure for samlp:Request Docs: remove old lasso-sections.txt file ID-WSF 2.0: add accessor for field of LassoIdWsf2Profile * lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.c: add two accessor to get to soap_response and soap_request object, next step is to make those two fields really private. ID-WSF: fix duplication of namespace string declaration, add fault codes for WS-Security * lasso/xml/strings.h: namespace of WS-Security 1.0 was duplicated, add specified fault code linked to WS-Security. ID-WSF: remove LassoWsseSecurity in favor of LasoWsSec1SecurityHeader * xml/Makefile.am: remove the file from the source list * xml/wsse_security.c: * xml/wsse_security.h: remove the files * xml/xml.c: use LassoWsSec1SecurityHeader for LASSO_WSSE_HREF namespace also. ID-WSF 1.0: use the common wsse:Security object * lasso/id-wsf/wsf_profile.c: use the common LassoWsSec1SecurityHeader object instead of the specific LassoWsseSecurity, and set the needed namespace using lasso_node_set_custom_namespace. add implementation comments. WS: register LassoWsSec1SecurityHeader for all namespace associated to WS-Security * lasso/xml/ws/wsse_security_header.c: register all namespace that contains a Security header object. XML: add an API to set namespace on a single instance of a LassoNode * lasso/xml/xml.h lasso/xml/xml.c: add a new public API lasso_node_set_custom_namespace(node, prefix, href). It allows to set the precise namespace of a single object, all other instance of the same class continue to use the default namespace for the class. It should be used for difficult consumer of certain nodes (like wsse:Security) which only know certain namespace or do not use the namespace going with the specified version of a specification (like MSP not following ID-WSF 1.0 specification and using http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd instead of http://schemas.xmlsoap.org/ws/2003/06/secext. It also allows to share implementation of schema objects common to many version of the same specification (wsse:Security between ID-WSF 1.0 and ID-WSF 2.0), without creating too many child classes. ID-WSF 2.0: remove obsolete FIXME in discovery.h Core: remove a use of lasso_node_destroy in LassoSession Bindings: add support for guchar * bindings/java/lang.py: * bindings/python/lang.py: add guchar to list of C types everywhere. XML: add support for free xml content to LassoMiscTextNode * lasso/xml/misc_text_node.c: * lasso/xml/misc_text_node.h: it is often necessary to be able to put completely determined content inside lasso generated request (for example when copying an assertion for a Bearer authentication method). In this case you can use lasso_node_get_original_xml_node to get at the original content and lasso_misc_text_node_new_with_xml_node to get a LassNode with the same content. There are two additional function to acces this xml payload: lasso_misc_text_node_get_xml_content and lasso_misc_text_node_set_xml_content. 2009-08-28 Benjamin Dauvergne Core: fix commit 4313, restore support for --enable-wsf * configure.ac: I throwed the baby with the bathwater.. Core: fix make dist with --enable-wsf * lasso/id-wsf-2.0/Makefile.am: * lasso/xml/Makefile.am: some files were missing from the dist files, add them. Core: remove SWIG ID-WSF warning from configure.ac * configure.ac: as ID-WSF support in SWIG in not maintained anymore we can remove the warning about using pre-generated SWIG files with a different setting for the --enable-wsf flag. Binding: skip lasso_data_service_get_query_item * bindings/overrides.xml: bindings do not support out arguments, so skip generating bindings for lasso_data_service_get_query_item for the moment. Core: set tar-pax as dist file format * configure.ac: we could have more than 99 characters long path in the dist files, the pax format for tar archives support it. ID-WSF 1.0: Fixed missing or deprecated functions in public headers Some new functions were missing from the headers, others were deprecated some time ago and as the API is not considered stable for ID-WSF, I removed them definitely. 2009-08-27 Benjamin Dauvergne Bindings: Skip lasso_data_service_get_answers * bindings/overrides.xml: skip unsupported function. Tests: add configuration file loading to integration test * tests/integration/README: * tests/integration/saml2/__init__.py: If ~/.config/lasso_integration.conf exists, load it to find path to authentic and lcs. Add support for three environement variables: - LASSO_BUILDDIR, to specify an out of source build directory to test, - NO_SILENT, to allow authentic and lcs outputs, - VALGRIND, to check memory leaks using valgrind. 2009-08-26 Frederic Peters Call gtkdocize before automake 2009-08-26 Benjamin Dauvergne Core: errors.c is a generated file, when generating it place it in $(srcdir) not build directory * lasso/Makefile.am: the place for errors.c is in the source directory, not the build directory. SAML 2.0: Fix bug introduced in commit 4235 * lasso/saml-2.0/login.c: profile->msg_url is released before being used ;( Restore the code copying the URL before passing it to lasso_saml20_profile_build_http_redirect, to free it after. Core: Fix errors.c generation XML SAML2: remove typedef of LassoSaml2Assertion in saml2_advice.h and saml2_evidence.h * xml/saml-2.0/saml2_advice.h xml/saml-2.0/saml2_evidence.h: the declaration of LassoSaml2Assertion for supposedly preventing recursive include is useless now. Core: fix spurious semi-colon inserted in commit 4093 * lasso/errors.h: remove useless semi-colon Core: add assertion query to exported profiles * lasso/lasso.h: include lasso/saml-2.0/assertion_query.h XML: Add all including header fil for saml2, id-ff and id-wsf * lasso/xml/xml_idff.h: this header file reference all id-ff 1.2 elements * lasso/xml/xml_idwsf.h: this header file reference all id-wsf 1.0 elements * lasso/xml/saml-2.0/xml_saml2.h: this header file reference all saml-2.0 elements Core: Remove include of lasso.h in registry.h * lasso/registry.h: include of lasso.h is useless, replace by including directly export.h * lasso/registry.c: directly include errors.h ID-WSF: remove OFTYPE usage from header 2009-08-26 Benjamin Dauvergne Docs: change the doc production and lot of other fixes * lasso/Makefile.am: distribute extract_sections.py * docs/references/lasso/lasso.types.in: add missing class (mainly SAML2 and ID-WSF 1.0/2.0) from docs/references/lasso.types.in * lasso/xml/strings.h: add lots of documentation, or at least documentation template to strings constants. * id-ff/login.h: * saml-2.0/assertion_query.h: * xml/xml.h: document undocumented enumerations. * lasso/errors.h: add proper documentation about error codes. * lasso/errors.c: new version of the lasso_strerror function * lasso/build_strerror.py: update the script that generater lasso_strerror from the documentation comments. Remove usage of OFTYPE * lasso/id-ff/session.c: * lasso/id-ff/session.h: remove usage of oftype, prefer gtk-introspection annotations instead. * lasso/id-wsf/data_service.h: * lasso/id-wsf/data_service.c: do the same. Add a script to build lasso-sections.txt * lasso/extract_sections.py: this script parses header files and generated lasso-sections.txt content for GObject class descriptions. Add a template file for the lasso-section.txt file * docs/references/lasso-sections.txt.in: this file serves as a base for the generation of lasso-sections.txt Update docs/references/Makefile.am for generating lasso-sections.txt * docs/references/Makefile.am: always rebuild template, using out of source build directory is too weird without it. call new script extract_sections.py to regenerate lasso-sections.txt if header files changed. Update lasso.sgml file with all missing sections * docs/reference/lasso.sgml: add all missing sections, mainly objects from XML schemas. * docs/reference/lasso-sections.txt: update it * *.c: add section documentation to some files. * lasso/xml/strings.h: fix bad usage or docbook markup 2009-08-26 Benjamin Dauvergne Core: fix makefile for generating errors.h in out of source dir build * lasso/Makefile.am: errors.h is expected to be in srcdir not builddir. Bindings: for functions that must be totally skiped do it during parsing * bindings/bindings.py: parsing of argument type is still not advanced enough, so in order to remove spurious warnings, skip function directly during parsing just before the treatment of function signature. Tests: in integration test do not set the PYTHONPATH * tests/integration/saml2/__init__.py: to permit using build directory different from the src directory, do not force the PYTHONPATH to be relative to src dir to find lasso python module. Tests: do not hardcode PYTHONPATH in the valgrind wrapper * tests/integration/valgrind-wrapper.sh: remove PYTHONPATH setting. Tests: distribute integration tests * tests/Makefile.am: add integration directory to the distdir. Core: Use automake-1.11 when possible * Makefile.am: use new automake-1.11 silent rules if possible move macros to m4 directory * m4/gtk-doc.m4: add gtk-doc macros. * lasso/Makefile.am: add missing -f flag to rm, to unbreak make distcheck * docs/references/Makefile.am: fix problem between libtool and gtk-doc * autogen.sh: update to autogen.sh from gtk-doc, add support for automake-1.11 Tests: Add data files to EXTRA_DIST * tests/data/Makefile.am: data file for tests2 were missing (to pass distcheck). 2009-08-26 Benjamin Dauvergne XML: remove all useless instance_init functions * Use Coccinelle semantic patch tool (http://coccinelle.lip6.fr/) to remove useless instance_init functions, the first patch applied was: @@ type T,V; identifier I, J; parameter list P; expression E1; @@ V instance_init(T node) { <... ( - E1 = 0; | - E1 = NULL; | - E1 = FALSE; ) ...> } It removes useless initialization to 0 (GObject already zeroes allocated objects). The second one is: @ rule1 @ type T; identifier node,fn; @@ - static void fn(T *node) { } @ rule2 extends rule1 @ typedef GType, GInstanceInitFunc; identifier type_constructor; @@ GType type_constructor() { <... - (GInstanceInitFunc)fn + NULL ...> } It removes empty instance_init functions. 2009-08-26 Benjamin Dauvergne sb2:TargetIdentity can have a content * lasso/xml/id-wsf-2.0/sb2_target_identity.c: * lasso/xml/id-wsf-2.0/sb2_target_identity.h: add support for any content. All: Rework include files handling, separated ID-WSF code from SAML2/ID-FF code * nearly all C files: change includes for relative paths. * lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level public include files for ID-WSF 1.0 and ID-WSF 2.0. * lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*: remove most of the code related to ID-WSF and push into lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c, lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c. * lasso/id-wsf-2.0/saml2_login.c, lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF 2.0 support in SAML2 SSO profile. Bindings: skip ID-WSF methods with unsupported signatures * bindings/overrides.xml: some functions have output parameters (pointer on pointers) that are currently not supported by our binding generator, so we skip them. SWIG: unplug id-wsf support in SWIG * swig/Lasso.i: force LASSO_WSF_ENABLED to be undefined. Tests: allow tests2 to pass distcheck * tests/Makefile.am add an SRCDIR symbol. remove unused include paths. * tests/tests2.c: use SRCDIR to find data files. Tests: remove internal content from data files * tests/data/response-3: this dump of a SAML message contains elements and attribute outside the SAML schema, implementation detail from Lasso. They broke execution of tests/tests2. XML&SAML 2.0: add missing include files * lasso/xml/saml-2.0/saml2_encrypted_element.h: xmlSecKey is present in a function signature, so include xmlsec/xmlsec.h. SWIG: implement change to LassoSession in the SWIG interface file * swig/Lasso.i: remove LassoSession::is_dirty attribute and rewrite the getProviderIds function. XML: only recurse into xml/id-wsf subdirs if --enable-wsf is true * lasso/xml/Makefile.am: put id-wsf and id-wsf2 subdirs under a conditionnal. ID-WSF 1.0: remove absent header file from the Makefile.am * lasso/id-wsf/Makefile.am: remove data_service_private.h from header file list. Core: SOAP is also used by SAML bindings * extract_symbols.py, extract_types.py: export SOAP types whatever the value of the flag --enable-wsf. It still worked because constructor for GObject calls get_type, but there is a race condition: if you receive a SOAP message before sending one, it fails. Only soap_binding types must be removed. 2009-08-26 Benjamin Dauvergne ID-FF&Core: Seal public field of LassoSession * id-ff/session.h: seal public fields. * id-ff/session.c, id-ff/sessionprivate.h: add accessors for reading the is_dirty flag and counting store assertions. * id-ff/logout.c, id-ff/login.c, saml-2.0/login.c, saml-2.0/logout.c, saml-2.0/profile.c: use the new accessors. * id-ff/profile.c: include the private header file, use the new accessors, and remove unnecessary setting of is_dirty to FALSE (it should be false at instanciation). * utils.h: add a macro to access private content, prepare for using G_TYPE_INSTANCE_GET_PRIVATE and the GObject infrastructure for private structures eventually. 2009-08-26 Benjamin Dauvergne ID-WSF 2.0: remove unused variable - lasso/id-wsf-2.0/discovery.c: remove unused variable in discovery.c Core: fix bad name of lasso_unlink_and_release_node * lasso/utils.h: - rename lasso_unlink_and_release_node to lasso_release_list_of_xml_node. - add a GList iteration macro: lasso_foreach. 2009-08-26 Benjamin Dauvergne ID-WSF: Lots of modifications Migrate lots of code to use new utility macros. Try to simplify most code paths or to factorize with LassoWsfProfile. * lasso/id-wsf/wsf_profile.c: Add API: - lasso_wsf_profile_build_soap_response_msg to build SOAP fault for Lasso errors, - lasso_wsf_profile_set_msg_url_from_description, to set the destination URL using the chosen LassoDiscoDescription (with respect to the security mechanism), - lasso_wsf_profile_init_soap_response to initialize a response to the current request, to use in sub classes, - lasso_wsf_profile_get_remote_provider_id, retrieve the SOAP binding corresponding information, - lasso_wsf_profile_get_remote_provider, simplification of lasso_wsf_profile_get_remote_provider_id, - lasso_wsf_profile_get_soap_fault, retrieve the last setted SOAP fault, used by sub classes, - lasso_wsf_profile_set_soap_fault, set a SOAP fault, to be returned by the next call by lasso_wsf_profile_build_soap_response_msg, to use in sub classes, - lasso_wsf_profile_set/get_status_code, set/get the stored status code, to use in the next lasso_xxx_build_response_message, to use in sub classes. Change name lasso_wsf_profile_get_description_autos to lasso_wsf_profile_get_description_auto. Do not access directly the session is_dirty field (it has been sealed). * lasso/id-wsf/wsf_profile.h: Add helper macro lasso_wsf_profile_helper_set_status to set status code of an ID-WSF response message containing a Status element using the stored status code. * lasso/id-wsf/wsf_profile_private.h: Add new fields (moved public fields). Add lasso_wsf_profile_set_msg_url_from_description, lasso_wsf_profile_build_soap_fault_response_msg. * lasso/id-wsf/data_service_private.h: Remove file. * lasso/id-wsf/data_service.h: Remove all public fields. * lasso/id-wsf/data_service.c: Remove private structure. Use the equivalents LassoWsfProfile private fields. Update documentation. Use LassoWsfProfile generic functions for initializing requests. Add API lasso_data_service_get_query_item, lasso_data_service_get_answers, lasso_data_service_get_answer, lasso_data_service_get_answers_by_select, lasso_data_service_get_answer_for_item_id, lasso_data_service_add_modification. Remove lasso_data_service_need_redirect_user use equivalent function lasso_interaction_profile_service_build_redirect_response_msg. Remove lasso_data_service_get_resource_offering, lasso_data_service_set_offering. * lasso/id-wsf/discovery.c: Add documentation. Change some signatures. Remove lasso_discovery_get_description_auto. Change name of lasso_discovery_init_insert to lasso_discovery_init_modify. Add a generic lasso_discovery_process_request_msg. Add internal function lasso_discovery_init_offering, to get automatically an offering if possible. Remove useless init_from_xml. Rework lasso_discovery_build_credential implementation. overloading. Remove lasso_discovery_destroy. * lasso/id-wsf/discovery.h: Remove lasso_discovery_destroy. * lasso/id-wsf/interaction_profile_service.c: Add lasso_interaction_profile_service_build_redirect_response_msg. * lasso/id-wsf/personal_profile_service.c: Update lasso_personal_profile_service_get_email to use lasso_data_service_get_answers_by_select. * lasso/xml/dst_modify.c: make modification parameter optional to the constructor. 2009-08-26 Benjamin Dauvergne Core: Add new error types * lasso/errors.h lasso/errors.c: add error types: LASSO_ERROR_CAST_FAILED, LASSO_DATA_SERVICE_CANNOT_ADD_ITEM, LASSO_WSF_PROFILE_ERROR_INVALID_OR_MISSING_REFERENCE_TO_MESSAGE_ID, LASSO_DST_ERROR_QUERY_NOT_FOUND, LASSO_DST_ERROR_NO_DATA, LASSO_DST_ERROR_MALFORMED_QUERY. XML: Add time formatting function for ISO 8601 format * xml/private.h: * xml/tools.c: add util function to format time_t values in the ISO 8601 format. XML: Add any attribute parsing to Saml2AttributeValue * xml/saml-2.0/saml2_attribute_value.h: add new public field GHashTable *attributes; * xml/saml-2.0/saml2_attribute_value.c: add parsing instructions to populate attributes field. XML: add documentation for lasso_eval_xpath_expression * lasso/xml/tools.c: add documentation for xpath helper evaluation function lasso_eval_xpath_expression. XML: add string constant for client soap errors * lasso/xml/strings.h: add new string constant LASSO_SOAP_FAULT_CODE_CLIENT. XML: add documentation for lasso_idwsf2_disco_svc_md_register_new_full * lasso/xml/id-wsf-2.0/disco_svc_md_register.c: add documentation for constructor function lasso_idwsf2_disco_svc_md_register_new_full. ID-WSF 1.0: Add new error to signal unknown entry * lasso/errors.{c,h}: add a new error for the ID-WSF 1.0 module, to signal unknown entry in discovery responses. SWIG Binding: reflect changes in the signature of struct LassoIdWsfDiscovery * swig/Lasso-wsf2.i (LassoIdWsfDiscovery): add new fields metadatas and svcMDIDS, remove old ones (metadata and svcMDID). ID-WSF 1.0: fix off-by one ref counting error in lasso_wsf_profile_init_soap_request * lasso/id-wsf/wsf_profile.c (lasso_wsf_profile_init_soap_request): envelope is an argument, increment its ref count before storing it. ID-WSF 1.0: improve error recovery in lasso_wsf_profile_comply_with_saml_authentication * lasso/id-wsf/wsf_profile.c (lasso_wsf_profile_comply_with_saml_authentication): reuse existing wsse-security element if present, remove useless comments, move core code after argument type checks, return error if enveloppe or header is missing, fail if any referenced assertion is missing, correctly handle reference count of wsse_security depending on the situation (new or reused). ID-WSF 1.0: fix memory leak * lasso/id-wsf/discovery.c (lasso_discovery_add_insert_entry): the rule is that callee is responsible for becoming owner of a resource, so no g_object_ref before a call on an argument. ID-WSF 2.0: publicize lasso_idwsf2_profile_build_soap_envelope * lasso/id-wsf-2.0/profile.c, lasso/id-wsf-2.0/profile.h (lasso_idwsf2_profile_build_soap_envelope): as for ID-WSF 1.0 export this function to allow easier implementation of external ID-WSF 2.0 services. remove FIXME comment and fill equivalent bugzilla reports. ID-WSF 2.0: review lasso_idwsf2_discovery_process_metadata_register_response_msg * lasso/id-wsf-2.0/discovery.c (lasso_idwsf2_discovery_process_metadata_register_response_msg): change return code variable to rc, move argument casting after argument type check, copy all the service metadata ids, ID-WSF 2.0: review lasso_idwsf2_discovery_process_metadata_register_msg * lasso/id-wsf-2.0/discovery.c (lasso_idwsf2_discovery_init_metadata_register): add documentation comment, move argument casting after type checking, change return code name to rc to comply with standardisation, use lasso_build_unique_id instead of duplicating the code, add iteration over all the registered service, add iteration to return all the generated service metadata ids, use new assignment macros. * lasso/id-wsf-2.0/discovery.h (struct _LassoIdWsf2Discovery): change field LassoIdWsf2DiscoSvcMetadata metadata to GList* metadatas and gchar *svcMDID to GList *svcMDIDs in order to support multiple services in requests. ID-WSF 2.0: review lasso_idwsf2_discovery_metadata_register_self * lasso/id-wsf-2.0/discovery.c (lasso_idwsf2_discovery_metadata_register_self): Add documentation, add code for getting the service URL. ID-WSF 2.0: add documentation to lasso_idwsf2_discovery_register_self * lasso/id-wsf-2.0/discovery.c (lasso_idwsf2_discovery_register_self) move casting after argument type check, simplify code by using lasso_build_unique_id, remove useless comments ID-WSF 2.0: simplify gobject boilerplate * lasso/id-wsf-2.0/discovery.c: (get_xmlNode, instance_init, class_init) remove useless method get_xmlNode, remove useless NULLing or instance fields. ID-WSF 2.0: use new macros * lasso/id-wsf-2.0/data_service.c (lasso_idwsf2_data_service_init_query, lasso_idwsf2_data_service_parse_query_items, lasso_idwsf2_data_service_init_modify, lasso_idwsf2_data_service_parse_one_modify_item, lasso_idwsf2_data_service_parse_modify_items): add cast, change macros for stealing version, fix name of macro * lasso/id-wsf-2.0/profile.c: (lasso_idwsf2_profile_init_soap_request) use list handling macro, add missing casts * lasso/id-wsf-2.0/discovery.c: (lasso_idwsf2_discovery_process_metadata_association_add_msg, lasso_idwsf2_discovery_init_query) add missing casts ID-WSF 2.0: add a new constructor for UtilStatus - lasso/xml/id-wsf-2.0/utils_status.h (lasso_idwsf2_util_status_new_with_code): this constructor allow to construct and fill a UtilStatus node with one line. It has two arguments to construct nested two level status objects (with two status codes). If you omit the second argument you get a one level status object. ID-WSF 2.0: add initialization of local variables ID-WSF 2.0: Use new XPath API in DST - lasso/id-wsf-2.0/data_service.c: - lasso_idwsf2_data_service_parse_query_items: use the new API to remove error outputs from libxml, and generate an additional status code containing newly returned libxml error code. - lasso_idwsf2_data_service_parse_one_modify_item: use the new API. XML: add API to simplify evaluation of XPath expressions * lasso/xml/tools.c,lasso/xml/private.h: - lasso_eval_xpath_expression(xmlXPathContextPtr xpathCtx, const char *expression, xmlXPathObjectPtr *xpathObjectPtr, int *xpathErrorCode) is a boolean returning function handling call to libxml API to evaluate en XPath expression in the xpathCtx context. It eventually save the returned nodeset in the variable pointed by xpathObjectPtr if it is not-NULL (and eventually deallocate previous value) and if an error happend it copy its code into the variable pointed to by xpathErrorCode if it is not NULL. Tests: Add a fourth data loading test * tests/data/response-4: test content * tests/tests2.c: add loading of the new file. 2009-07-06 Benjamin Dauvergne Only recurse into id-wsf if it is enabled * lasso/Makefile.am: only add id-wsf and id-wsf-2.0 to SUBDIRS if wsf is enabled. Fix: backward_comp.h is missing from tarballs. * lasso/Makefile.am: add backward_comp.h to EXTRA_DIST 2009-06-15 Benjamin Dauvergne Python Binding: fix bug of uninitialized ppos argument to PyDict_Next * bindings/pyhton/wrapper_top.c (set_hashtable_of_pygobject): second argument (int*ppos) of PyDict_Next must be reinitialized to zero before each traversal (see Python C API http://docs.python.org/c-api/dict.html). Patch from Iban Rodríguez of the Desarrollo de Producto Electrónico, Spain. 2009-06-15 Benjamin Dauvergne Update doap file Do not remove signatures on assertion when using HTTP Redirect * lasso/saml-2.0/profile.c: HTTP Redirect binding mandate to remove signature at the SAML message level, but signatures at the assertion, especially if the SP asked for it, must be preserved. 2009-05-07 Benjamin Dauvergne Fix bug in lasso_registry_destroy / shutdown * lasso/registry.c: if not initialized, do not free. do not segfault on NULL argument. Do not respect default semantic of dst:Query * lasso/id-wsf-2.0/data_service.c: the specification for data service template indicat that the query must fail at the first failing query, we think this is a stupid behaviour so I set the default to keep running query until the last one and returning a partial result if at least one failed and a failed result if absolutely no query matched. * lasso/id-wsf-2.0/private.h: declare the lasso_flag_follow_id_wsf_supid_semantic flag. * lasso.c: declare the lasso_flag_follow_id_wsf_supid_semantic flag, it's conditionned by the LASSO_WSF_ENABLED preprocessor symbol. 2009-04-30 Benjamin Dauvergne Add valgrind support to integration tests * tests/integration/saml2/__init__.py: if /usr/bin/valgrind exist, use script valgrind-wrapper.sh to launch tests, it stores log files in {authentic,lcs}_$ISODATE_pid$PID.log. Fix leak in python binding * bindings/python/wrapper_top.c: keep a pointer on beginning of list to free it. Fix leak of mapping registry * lasso/lasso.c: * lasso/registry-private.h: * lasso/registry.c: make the registry be freed in lasso_shutdown. ID-FF 1.2: Fix leaks, reduce code * id-ff/login.c: * id-ff/logout.c: * id-ff/profile.c: * id-ff/provider.c: * id-ff/server.c: fix leaks by using field setting macros which frees previous values, it also reduce code length sometimes. Export the new flag * lasso/debug.h: export new flag lasso_flag_sign_messages. Fix leaks in tests * basic_tests.c: * login_tests.c: * login_tests_saml2.c: * random_tests.c: free replaced string, unref used nodes, initialize local variables when necessary, free newly allocated strings. Add a script to format suppression file * tests/format-suppressions.py: this is the script used to generate valgrind/lasso.supp and valgrind/glib.supp. Add a stress test for serializing/deserializing code * Makefile.am: add targets * tests2.c: this simple makes lots of serializing, deserializing. * data/response-1: * data/response-2: * data/response-3: data test files SAML 2.0: Fix many leaks * lasso/saml-2.0/login.c: * lasso/saml-2.0/logout.c: * lasso/saml-2.0/name_id_management.c: * lasso/saml-2.0/profile.c: * lasso/saml-2.0/provider.c: do not mix g_malloc strings with libxml strings, use the string/gobject handling macros as much as possible, be a good memory citizen, don't put your elbows on the table. LassoNode: Fix leaks * lasso/xml/xml.c: fix more and more leaks. Add debugging code to lasso_node_impl_init_from_xml * lasso/xml/xml.c: add more debugging code for the memory-debug flag. Add debugging code to lasso_set_orginal_xmlnode * lasso/xml/xml.c: add code to trace allocation and deallocation of original xmlnode associated to LassoNodes. Remove useless code * lasso/xml/lib_authentication_statement.c: * lasso/xml/saml-2.0/samlp2_name_id_policy.c: * lasso/xml/saml_name_identifier.c: remove useless initialization code. Fix leak in lasso_url_add_parameters * lasso/xml/tools.c: in lasso_url_add_parameters free intermediate strings. Fix debug echo on stdout * lasso/utils.h: make lasso_mem_debug output on stderr and not stdout Add new valgrind memleak suppression files * tests/valgrind/glib.supp: suppress all "static" allocation by glib, usually for the type system. * tests/valgrind/lasso.supp: suppress allocations from lasso that we cannot actually remove, they are all from "called only once" code, so it should not really be a problem for embedded codes. 2009-04-27 Benjamin Dauvergne More work on signature validation for SAML 2.0 * lasso/saml-2.0/profile.c: in lasso_saml20_profile_process_any_request and lasso_saml20_profile_process_any_response do not make signature validation failure as call failure, just store the result in profile->signature_status and let the upper level functions handle what to do with it. also add documentation about those two functions. * lasso/saml-2.0/logout.c: * lasso/saml-2.0/name_id_management.c: handle new signature_status semantic. * lasso/saml-2.0/login.c: add internal documentation for lasso_saml20_login_process_authn_response_msg. 2009-04-27 Benjamin Dauvergne Update signature_status when checking signature on assertions * lasso/saml-2.0/login.c: if signature_status is SIGNATURE_NOT_FOUND, check one on the assertion and keep the result in signature_status. Increase wait time for integration test * tests/integration/saml2/__init__.py: wait 5 seconds for dameons to start. review later FIX: verify assertion signature for SAML 2.0 when response is not signed * lasso/saml-2.0/login.c: if response was not signed, check the signature on the assertion. new function lasso_saml20_login_check_assertion_signature() * lasso/saml-2.0/login.c: lasso_saml20_login_check_assertion_signature() find the issuer of an assertion, look it up in the server object and try to validate its signature. It returns an error code if any of this step fails. Test: Remove spurious debugging printf * tests/login_tests_saml2.c: remove debug code. Add keep_xmlnode flag to SAML 2.0 req, resp and assertions * lasso/xml/saml-2.0/saml2_assertion.c: * lasso/xml/saml-2.0/samlp2_request_abstract.c: * lasso/xml/saml-2.0/samlp2_response.c: * lasso/xml/saml-2.0/samlp2_status_response.c: set keep_xmlnode flag to 1 in class_init. new function lasso_profile_get_server() * lasso/id-ff/profile.c: * lasso/id-ff/profile.h: in a move to try to remove direct access to object content, add a function to retrieve the LassoServer object of a LassoProfile. * bindings/overrides.xml: it conflicts with direct access to the public field server, so we do not export it in the binding for now. fix: in lasso_verify_signature() only look for the first direct child Signature element * lasso/xml/tools.c: in SAML message signatures are usually envelopped signatures, so just lookup for the first direct child which is a Signature node. fix: handle non-LHS argument for lasso_extract_node_or_fail() * lasso/utils.h: create a temporary varaible to store result of second argument evaluation to prevent spurious side effects. lasso_saml20_profile_init_artifact_resolve(): check http_method * lasso/saml-2.0/profile.c: check the given http_method it must one in - LASSO_HTTP_METHOD_ARTIFACT_POST, - LASSO_HTTP_METHOD_ARTIFACT_GET. lasso_login_init_request(): change error code for invalid artifacts * lasso/id-ff/login.c: if artifact is invalid return LASSO_PROFILE_ERROR_INVALID_ARTIFACT as in lasso_saml20_profile_init_artifact_resolve(). Complete documentation of lasso_login_init_request * lasso/id-ff/login.c: add precision on usage. add all possible return codes with meanings. lasso_login_init_authn_request: complete doc * lasso/id-ff/login.c: add all possible return codes and their meaning. lasso_login_init_authn_request: change error code for missing remote provider ID * lasso/id-ff/login.c: change the return code for when no remote provider ID could be defined (because the argument is NULL and the server object contains no providers) so that we can distingish the case where the given provider is unknown or if there is no providers configured. Add a deprecated tag to lasso_login_destroy doc * lasso/id-ff/login.c: all destroy functions are deprecated, g_object_unref() should be used instead. Complete documentation of lasso_login_byuld_response_msg * lasso/id-ff/login.c: add all possible return codes with meaning. Complete documentation of lasso_login_build_request_msg * lasso/id-ff/login.c: add all possible return codes with meaning. Complet documentation for lasso_login_build_authn_response_msg * lasso/id-ff/login.c: add all possible return codes with meaning. Complete documentation of lasso_login_build_authn_request * lasso/id-ff/login.c: add all possible return codes with meaning. Complete documentation for lasso_login_build_artifact_msg * lasso/id-ff/login.c: add all possible return codes with meaning. Complet documentation of lasso_login_accept_sso * lasso/id-ff/login.c: add all possible return codes. Complete doc for static function lasso_login_musk_ask_for_consent * lasso/id-ff/login.c: precise return value meaning. Complete document of lasso_login_build_assertion * lasso/id-ff/login.c: add possible return codes. Complete doc of lasso_logout_validate_request * lasso/id-ff/logout.c: add description of all possible return codes. 2009-04-23 Benjamin Dauvergne Rework cleanup handling * lasso/utils.h: change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to goto_cleanup_. rename goto_cleanup_if_fail to goto_cleanup_if_fail_with_rc and add a goto_cleanup_if_fail for function which do not return an integer value. add documentation for goto_cleanup macro family. * lasso/id-ff/login.c: * lasso/id-ff/provider.c: * lasso/id-ff/server.c: * lasso/id-ff/session.c: * lasso/id-wsf/discovery.c: * lasso/id-wsf/wsf_profile.c: * lasso/saml-2.0/profile.c: * lasso/utils.h: * lasso/xml/lib_logout_request.c: * lasso/xml/tools.c: * lasso/xml/xml.c: update name of goto_exit_if_fail macros. rename 'exit' labels to 'cleanup'. XML: Fix prefix clobbering by xsi:type handling * lasso/xml/xml.c: if xsi:type is not able to find a GObject typename for the current node, then do not erase the actual prefix value. change prefix type to const char. SAML 2.0: Use new API lasso_url_add_parameter * lasso/saml-2.0/profile.c: use new API lasso_url_add_parameter to handle RelayState parameter creation. SAML 2.0: Check http_method in build_artifact_msg * lasso/saml-2.0/login.c: if http_method is not among ARTIFACT_GET and ARTIFACT_POST, return an INVALID_HTTP_METHOD error. Tests: Add test parsing a Ping Federate assertion. * tests/basic_tests.c: load data/response-1 and try to parse it. Add a new internal API for parameters building * xml/tools.c: add lasso_url_add_parameter that concat the string &key=value to an existing URL where key and value are url-encoded. * xml/private.h: declare lasso_url_add_parameter. Tests: Add a SAML2 login test * tests/login_tests_saml2.c: add a C login test for SAML 2. * tests/Makefile.am: add the new test to dependencies. 2009-04-21 Benjamin Dauvergne If no typename could be determined, stop parsing. * lasso/xml/xml.c: in lasso_node_new_from_xmlNode if no typename is found for the given xmlNode, return NULL. 2009-04-17 Jerome Schneider Fix python 2.4 binding build 2009-04-14 Benjamin Dauvergne Core: Add cast to first argument of isalnum * lasso/xml/xml.c: * lasso/xml/tools.c: isalnum takes a int as first arg. Core: add an header file for backward compatibility * lasso/backward_comp.h: this header will contain substitue function, defines or types for compatibility with older versions of dependencies. * lasso/utils.h: remove declaration of g_strcmp0 * lasso.c: * tests/login_tests.c: use backward_comp.h 2009-04-09 Jerome Schneider Fix build issues on amd64 / gcc 4.3 * bindings/java/lang.py: fix cast issue * bindings/python/wrapper_top.c fix type issue * lasso/registry.c fix cast issue 2009-04-02 Benjamin Dauvergne Tests&Core: add g_strcmp0 if glib is old * lasso/utils.h: if glib is older than 2.16, export g_strcmp0 as part of internal headers, in order to use it in login_tests.c * tests/login_tests.c: include utils.h 2009-03-27 Benjamin Dauvergne Update website download page * website/web/download/index.xml: update link for last release download * website/web/news/13-release-2.2.2.xml: add news about release 2.2.2 Update lasso version to 2.2.2 * configure.ac: * fedora/lasso.spec: * lasso.doap: update lasso version to 2.2.2, this commit will be the reference for the 2.2.2 release. Makefile: change dependencies to pass distcheck * lasso/Makefile.am: source dependencies must refer to $(srcdir) in order to pass distcheck, I forgot to do it in types.c and symbols.sym target changes. ID-FF 1.2: if logout request parsing fails, take a shortcut * lasso/xml/lib_logout_request.c: immediately return from init_from_query if overloaded parent method fails. SAML 2.0: Update generic relaystate handling * lasso/saml-2.0/profile.c: in lasso_saml20_profile_build_redirect_request_msg and lasso_saml20_profile_build_redirect_response, use new function lasso_saml20_profile_build_http_redirect. Core: add a add-signature flag * lasso/debug.h: * lasso/lasso.c: add a lasso_flag_add_signature flag variable (default to TRUE), and parsing code to change it from LASSO_FLAG environment variable. ("env LASSO_FLAG=no-add-signature test"). ID-FF 1.2: Only verify InResponseTo if strict checking is on * lasso/id-ff/login.c: add condition upon checking of the InResponseTo field: checks only if strict checking is activated as it could stop old code using Lasso from working. 2009-03-27 Benjamin Dauvergne Core: Add a flag for enabling more strict checking * lasso/debug.h: declare lasso_flag_strict_checking global boolean variable. * lasso/lasso.c: add parsing for new option called 'strict-checking'. 2009-03-27 Benjamin Dauvergne XML: use macro for assignment * lasso/xml/xml.c: use standardized assignment macros (it takes care of releasing previous valuesm and other peculiarities associated with safe pointer usage). ID-FF 1.2: Add trace in dispose for LassoProfile * lasso/id-ff/profile.c: add tracing code activaged by LASSO_FLAG=memory-debug to print release of field values. Complement the existing code in generic deallocation procedure in LassoNode. Core: debug.h need export.h * lasso/debug.h: export.h is needed for the LASSO_EXPORT macro. Core: Macros to print deallocation messages * lasso/utils.h: lasso_mem_debug print deallocation message with respect to class and field. Core: remove type check equality on gobject macros * lasso/utils.h: assignment to the temporary variable allow to check for the typing, do not use lasso_check_type_equality. Core: add macros to handle xmlSecKey * lasso/utils.h: macros to assign and release xmlSecKey(s). XML: fix memory leaks * lasso/xml/tools.c: * lasso/xml/xml.c: release xmlDoc, properly steal nodes by using xmlSetTreeDoc(xmlnode, NULL); ID-FF 1.2: fix style fault * lasso/id-ff/defederation.c: * lasso/id-ff/logout.c: * lasso/id-ff/profile.c: * lasso/id-ff/provider.c: * lasso/id-ff/server.c: add missings casts, remove useless wrappers * lasso/id-ff/logout.c: In lasso_logout_process_request_msg change sequence of "if" for a "switch". ID-FF 1.2: fix some real and potential memory leaks * lasso/id-ff/provider.c: * lasso/id-ff/server.c: * lasso/id-ff/session.c: use macros to release previous value when necessary, release object used as parameters to constructors, free the encryption key associated with a provider, release the key manager created for a saml signature verification. Test: add missing release of objects and memory * tests/basic_tests.c: * tests/login_tests.c: * tests/metadata_tests.c: * tests/random_tests.c: * tests/tests.c: add missing g_free and g_object_unref calls. Bindings: skip DEPRECATED variables * bindings/bindings.py: when parsing headers, skipped deprecated struct fields. ID-FF 1.2: Add handling of relaystate for logout requests * lasso/id-ff/logout.c (lasso_logout_process_request_msg, lasso_logout_validate_request): transfer relaystate from request message to profile field. 2009-03-27 Benjamin Dauvergne ID-FF 1.2: Use new macros in logout, defederation and lecp * lasso/id-ff/logout.c: - (lasso_logout_build_response_msg, lasso_logout_init_request, lasso_logout_process_request_msg, lasso_logout_process_response_msg, lasso_logout_validate_request) use lasso_assign_new_object, lasso_assign_string, lasso_release and lasso_assign_new_string when possible. - (lasso_logout_process_response_msg) move the tranfer of the relaystate from XML object to profile object. * lasso/id-ff/defederation.c: - (lasso_defederation_build_notification_msg, lasso_defederation_init_notification, lasso_defederation_process_notification_msg, lasso_defederation_validate_notification): idem * lasso/id-ff/lecp.c: - (lasso_lecp_build_authn_request_envelope_msg, lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg, lasso_lecp_build_authn_response_envelope_msg) idem 2009-03-27 Benjamin Dauvergne Autoconf: Do not include optimisation flags in AM_CFLAGS * configure.ac: when --enable-debugging set CFLAGS, do not modify AM_CFLAGS. ID-FF 1.2 Tests: Add test for relaystate * tests/login_tests.c: - (test02_serviceProviderLogin) add assertion concerning the relaying of the RelayState parameter during an SP initiated SSO. ID-FF 1.2 Login: Use allocation macros * lasso/id-ff/login.c: (lasso_login_init_authn_request) again a passing by correction, use lasso_assign_string for copying information from the request to the profile object. ID-FF 1.2: Handle RelayState inside LassoLogin * lasso/id-ff/login.c: - (lasso_login_init_request) catch RelayState in the query_fields and copy it to msg_relayState - (lasso_login_process_authn_request_msg) copy RelayState from the request object to the profile object. XML ID-FF 1.2 & SAML 2.0: Handle signature failure * lasso/xml/saml_assertion.c: * lasso/xml/samlp_response_abstract.c: * lasso/xml/samlp_request_abstract.c: * lasso/xml/saml-2.0/samlp2_request_abstract.c: * lasso/xml/saml-2.0/saml2_assertion.c: * lasso/xml/saml-2.0/samlp2_status_response.c: if a failure occur in the signing process, free the xmlnode, return NULL and print a warning. XML SAML 2.0: Delete parent_class static variable * lasso/xml/saml-2.0/samlp2_manage_name_id_request.c, lasso/xml/saml-2.0/samlp2_manage_name_id_response.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c. lasso/xml/saml-2.0/samlp2_subject_query_abstract.c: - remove static variable parent_class - (class_init) remove intialization of parent_class 2009-03-27 Benjamin Dauvergne XML SAML 2.0: Mark RelayState field from SAML 2.0 deprecated * lasso/xml/saml-2.0/samlp2_authn_request.c, lasso/xml/saml-2.0/samlp2_logout_request.c, - (instance_init) remove initialization of relayState field * lasso/xml/saml-2.0/samlp2_logout_response.c: - (instance_init) remove empty function, since it only initialized relayState. - (lasso_samlp2_logout_reponse_get_type) remove instance_init from the type initialization structure. * lasso/xml/saml-2.0/samlp2_authn_request.h, lasso/xml/saml-2.0/samlp2_logout_request.h, lasso/xml/saml-2.0/samlp2_logout_response.h: - (struct _LassoSamlp2*) mark relaystate field as deprecated. 2009-03-27 Benjamin Dauvergne XML SAML 2.0: Clean query string parsing/building * lasso/xml/saml-2.0/samlp2_status_response.c: - (init_from_query) remove useless stub code for parsing RelayState * lasso/xml/saml-2.0/samlp2_response.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c, lasso/xml/saml-2.0/samlp2_logout_response.c, lasso/xml/saml-2.0/samlp2_manage_name_id_response.c, : - (class_init) remove overloading of init_from_query, use version from samlp2_status_response instead. - (init_from_query) Useless so deleted. * lasso/xml/saml-2.0/samlp2_request_abstract.c: - (class_init) add overloaded method for init_from_query virtual method. - (init_from_query) generic implementation for SAML 2.0 requests * lasso/xml/saml-2.0/samlp2_subject_query_abstract.c, lasso/xml/saml-2.0/samlp2_authn_request.c, lasso/xml/saml-2.0/samlp2_logout_request.c, lasso/xml/saml-2.0/samlp2_manage_name_id_request.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c, lasso/xml/saml-2.0/samlp2_assertion_id_request.c: - (class_init) remove overloading of init_from_query, use version from samlp2_request_abstract instead. - (init_from_query) Useless so deleted. 2009-03-27 Benjamin Dauvergne XML: Remove useless parsing of RelayState in lasso_node_init_from_saml2_query_fields * lasso/xml/xml.c: (lasso_node_init_from_saml2_query_fields) Since parsing of the relayState is now done inside each "_process_*msg" method of each SAML2 profile, it is not needed anymore in this function. XML: Use memory macros inside lasso_node_export_to_query * lasso/xml/xml.c (lasso_node_export_to_query): use lasso own memory handling macros. 2009-03-27 Benjamin Dauvergne ID-FF 1.2: review HTTP-Redirect binding parsing/building * lasso/xml/lib_authn_request.c, lasso/xml/lib_logout_request.c, lasso/xml/lib_register_name_identifier_request.c, lasso/xml/lib_status_resposne.c: - build_query: remove build_query overloaded virtual method, use LassoNode new generic implementation. - init_from_query: - change direct call to lasso_node_init_from_query_fields to use of base implementation from LassoNode. - make use of utils.h memory handling macros like lasso_release_gobject and lasso_assign_string. * lasso/xml/lib_federation_termination_notification.c: - init_from_query: remove parsing of RelayState parameter 2009-03-27 Benjamin Dauvergne ID-FF 1.2: Defederation, changes includes for relative paths * lasso/id-ff/defederation.c: header path should be relative to the implementation, I will try to do it to most files. ID-FF 1.2: Defederatopm HTTP-Redirect binding, handle relaystate * lasso/id-ff/defederation.c: get relaystate directly from the query string using lasso_get_relaystate_from_query. SAML 2.0: In login change includes for relative paths * lasso/id-ff/login.c: changes headers for relatives paths Core: Remove ending blanks from erros.c.in * lasso/errors.c.in: errors.c template contains blanks at end of lines. SAML 2.0: add direct treatment of relaystate for HTTP-Redirect binding * lasso/saml-2.0/login.c: In lasso_saml20_login_process_authn_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string. Use new function lasso_get_relaystate_from_query. * lasso/saml-2.0/logout.c: In lasso_saml20_logout_process_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string. * lasso/saml-2.0/profile.c: In lasso_saml20_profile_init_artifact_resolve, add handling of the relayState transmitted to the assertion consumer URL. * lasso/saml-2.0/name_id_management.c: In lasso_name_id_management_process_request_msg change handling of relayState do not rely upon parsing by the node object, but extract directly from the query string. SAML 2.0: simplify redirect binding code path * lasso/saml-2.0/login.c, lasso/saml-2.0/logout.c, lasso/saml-2.0/name_id_management.c: simplify code path associated with generation of the url for the HTTP-Redirect binding using the rencently introduced function lasso_saml20_profile_build_http_redirect. SAML 2.0: remove TODO comment about RelayState * lasso/xml/saml-2.0/samlp2_status_response.c: do it:) XML SAML2: Remove unnecessary overloading of build_query in request/respons objects * lasso/xml/saml-2.0/samlp2_assertion_id_request.c, lasso/xml/saml-2.0/samlp2_authn_request.c, lasso/xml/saml-2.0/samlp2_logout_request.c, lasso/xml/saml-2.0/samlp2_logout_response.c, lasso/xml/saml-2.0/samlp2_manage_name_id_request.c, lasso/xml/saml-2.0/samlp2_manage_name_id_response.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_request.c, lasso/xml/saml-2.0/samlp2_name_id_mapping_response.c, lasso/xml/saml-2.0/samlp2_response.c, lasso/xml/saml-2.0/samlp2_subject_query_abstract.c: remove useless overloading of build_query virtual method, revert to implementations in LassoSamlp2RequestAbstract and LassoSamlp2StatusResponse. XML SAML 2.0: add a build query to request base class * lasso/xml/saml-2.0/samlp2_request_abstract.c: add a build query overloaded function to LassoSamlp2RequestAbstract class, the base class of all saml 2.0 request nodes. SAML 2.0: Add helper function to implement the HTTP-Redirect binding * lasso/saml-2.0/profile.c, lasso/saml-2.0/profileprivate.h: - remove_all_signature traverse a tree of LassoNode objects to unset all signature_type field in on nodes supporting signature generation. - lasso_saml20_profile_export_to_query does the job of generateing the url containing the message content and the relaystate, then sign it using lasso_query_sign. - lasso_saml20_profile_build_http_redirect use those two functions and the metadatas to build the signed redirect url. XML: Add const modifiers to lasso_concat_url_query arguments * lasso/xml/private.h, lasso/xml/tools.c: add const modifier to lasso_concat_url_query arguments. XML: Remove static modifier on lasso_node_build_query * lasso/xml/private.h, lasso/xml/xml.c: remove static modifier to lasso_node_build_query and export it for use in id-ff profiles. XML: Tool function to extract relaystate from query * lasso/xml/tools.c, lasso/xml/private.h: new function lasso_get_relaystate_from_query to help in relaystate handling. Core: rename lasso_release_xmlchar to lasso_release_xml_string * lasso/id-wsf/wsf_profile.c, lasso/utils.h, lasso/xml/xml.c: rename lasso_release_xmlchar to lasso_release_xml_string. Core: Fix double instantiation of macro parameters * lasso/utils.h: - (lasso_assign_new_string,lasso_assign_gobject) if source parameter is a function call it could be called two times and have unexpected side effects. Copy the returned value to a temp variable and use it instead. Core: Fix corner case in deallocation macros * lasso/utils.h: When setting strings using lasso_assing_string or lasso_assign_new_string, verify that new string is different than the target value string before deallocating the target. Add missing intializations * initialize local variables. Core: replace direct use of xmlSecSoap function by wrapper * lasso/xml/xml.c: In lasso_node_init_from_message_with_format remove direct use of xmlSecSoap* functions because they emit too much warning by lasso reimplementations. Core: remove use of XPath * lasso/xml/xml.c: in lasso_node_new_from_soap, instead of using XPath use function lasso_xml_get_soap_content. Core: fix comment for lasso_node_init_from_message * lasso/xml/xml.c: state the return code type. Core: remove lasso_node_decrypt implementation * lasso/xml/xml.c: remove code for lasso_node_decrypt. Core: make comment agree with the code * lasso/xml/xml.c: change comment about xsi:type handling, we try to honor every xsi:type. Core: remove commented code * lasso/xml/xml.c: remove commented code to handle a specific lasso extension. Core: use lasso_xml_parse_memory instead of xmlParseDoc * lasso/id-ff/provider.c: use internal wrapper instead of direct call to libxml for parsing. Core: move parse xml wrapper from xml.c to tools.c * lasso/xml/xml.c: remove lasso_xml_parse_memory. * lasso/xml/tools.c: add lasso_xml_parse_memory to wrap xmlParseDocument. * lasso/saml-2.0/name_id_management.c: use lasso_xml_parse_memory 2009-03-27 Benjamin Dauvergne SAML 2.0 NameIDManagement: use new generic methods * lasso/saml-2.0/name_id_management.c: use new generic methods in lasso_name_id_management_init_request, lasso_name_id_management_build_request_msg, lasso_name_id_management_process_request_msg, lasso_name_id_management_validate_request, lasso_name_id_management_build_response_msg, lasso_name_id_management_process_response_msg. Remove useless boilerplate code. * lasso/id-ff/server.c: * lasso/id-ff/serverprivate.h: last user of lasso_server_nameid_decrypt removed, so remove the code. 2009-03-27 Benjamin Dauvergne SAML 2.0 Logout: use generic methods * lasso/saml-2.0/logout.c: use new generic methods in lasso_saml20_logout_process_request_msg, and lasso_saml20_logout_process_response_msg. SAML 2.0 Login: use generic methods * lasso/saml-2.0/login.c: use new generic profile methods for saml 2.0 in lasso_saml20_login_process_paos_response_msg, lasso_saml20_login_process_authn_response_msg, lasso_saml20_login_process_response_status_and_assertion. SAML 2.0: add name id include to login.c * lasso/saml-2.0/login.c: add include saml2_name_id.h XML SAML 2.0: add a decrypt function to Saml2EncryptedElement * lasso/xml/saml-2.0/saml2_encrypted_element.c: using new function lasso_node_decrypt_xmlnode implement the new method, int lasso_saml2_encrypted_element_decrypt( LassoSaml2EncryptedElement* encrypted_element, xmlSecKey *encryption_private_key, LassoNode **decrypted_node). This function is currently not exported by bindings because of the last ouput argument which is not supported by the binding generator. SAML 2.0: replace lasso_node_decrypt by lasso_node_decrypt_xmlnode * lasso/xml/private.h: * lasso/xml/tools.c: replace implementation of lasso_node_decrypt by a new one called lasso_node_decrypt_xmlnode, and use it where old one was used. SAML 2.0: reduce code in lasso_assertion_query_process_request * lasso/saml-2.0/assertion_query.c: use new code in SAML 2.0 profile.c to parse requests and decrypt nameid, chains calls so that error are kept but all actions are accomplished anyway (if first call fails, keep the error but continue the processing, then at end return the first returned error). 2009-03-27 Benjamin Dauvergne SAML 2.0: add internal generic implementation * lasso/saml-2.0/profile.c: * lasso/saml-2.0/profileprivate.h: the current effort is to simplify implementation code in saml-2.0 and much of the other frameworks. Those new methods: lasso_saml20_init_request lasso_saml20_profile_process_name_identifier_decryption lasso_saml20_profile_process_soap_request lasso_saml20_profile_process_soap_response lasso_saml20_profile_process_any_request lasso_saml20_profile_process_any_response lasso_saml20_profile_setup_request_signing lasso_saml20_profile_build_request_msg lasso_saml20_profile_build_response lasso_saml20_profile_init_response should help reduce code in login.c, logout.c, name_id_management.c and assertion_query.c. They should also permit to make all profiles at the same level of binding support (GET,REDIRECT,POST,ARTIFACT_GET,ARTIFACT_POST). Those function centralize error code handling, initialization of commong class (LassoSamlp2StatusResponse and LassoSamlp2RequestAbstract) and also the handling of NameID decryption. 2009-03-27 Benjamin Dauvergne Core: add new internal macro lasso_extract_node_or_fail * lasso/utils.h: this new macro try to extract a field from a structre (or any left-hand-side value), try to typecheck it using 'LASSO_IS_XXX', if succesfull, the value is assigned to the variable given as first argument or we jump to the 'cleanup' goto label, setting the 4th argument as the current error code (value of variable 'rc'). ID-WSF 2.0: make it work with --enabe-debugging * lasso/id-wsf-2.0/data_service.c: * lasso/id-wsf-2.0/discovery.c: * lasso/id-wsf-2.0/profile.c: * lasso/id-wsf/data_service.c: * lasso/id-wsf/discovery.c: * lasso/id-wsf/wsf_profile.c: when --enable-debugging is activated much more type checking is done by internal macros, and code do not pass compile anymore. * bindings/python/tests/idwsf2_tests.py: nameIdentifier packing in SOAP ID-WSF calls headers is no longer supported, do not test it. Core: add argument checking to lasso_server_get_provider * lasso/id-ff/server.c: In lasso_server_get_provider, return NULL if provider server is not one, provider is null or 0-length. Core: add new internal API lasso_provider_verify_query_signature * lasso/id-ff/provider.c: try to keep some homgeneity between lasso_verify_signature and lasso_verify_query_signature functions, by having mirror methods inside the LassoProvider class. this new methods comes with complete documentation. * lasso/xml/tools.c: add a xmlDoc argument to lasso_verify_signature, in order to reuse an already built message context, and possible problems with interned string in parsed xml documents. Core: add xmlDoc parameter to lasso_provider_verify_saml_signature * lasso/id-ff/provider.c: add an xmlDoc parameter to lasso_provider_verify_saml_signature, reflecting change in lasso_verify_signature. fix memory leaks of an xmlSecKeysMngr. complete arguments checking. * lasso/id-ff/login.c: update use of lasso_provider_verify_signature in LassoLogin Core: add a terminating value to enum LassoHttpMethod * lasso/id-ff/provider.h: add LASSO_HTTP_METHOD_LAST to enum LassoHttpMethod. ID-FF 1.2: rework lasso_login_process_status_and_assertion * lasso/id-ff/login.c: reword lasso_login_process_status_and_assertion, remove wrong NameID decryption code (it cannot work), adapt to new signature of lasso_provider_verify_saml_signature, Core: new init method with format limit and xmlDoc output argument * lasso/xml/private.h: * lasso/xml/xml.c: lasso_node_init_from_message_with_format permit to initialize a node and to keep the corresponding xml document, in order for example to validate a signature. * lasso/xml/tools.c: lasso_xml_parse_message is able to parse a message of any type, or of a given type. If a message of another than the one specified is found, the call fails, and a LASSO_MESSAGE_FORMAT_ERROR is returned. Core: add function to extract SOAP message content * lasso/xml/tools.c: add lasso_xml_is_soap, to verify that a message is SOAP. add lasso_xml_get_soap_content, to retrieve the first child of the SOAP body, whatever the SOAP content version. SAML 2.0: API for Saml2EncryptedElement decrypt * lasso/xml/xml_enc.h: remove old functions * lasso/xml/private.h: remove lasso_node_(de/en)crypt from public headers API, they were not exported anyway. move them to internal header. * lasso/xml/saml-2.0/saml2_encrypted_element.{c,h}: add a new decrypt function to convert a EncryptedElement to the contained encrypted node objects. * bindings/overrrides.xml: do not export the new method, wait for implementation of output arguments. * lasso/id-ff/server.c: remove lasso_decrypt_nameid from lasso/id-ff/server.c Bindings php5: add support for xmlNode arguments * bindings/php5/php_code.py: * bindings/php5/wrapper_source.py: complete error reporting about on documentation treatment. treat xmlNode* arguments (convert string to xmlNode, give as argument, then frees it). Bindings: fix documentation parsing * bindings/bindings.py: fix regex to match documentation (remove condition terminating on '**/') print error messages to stderr. * bindings/java/lang.py: remove commented debugging code Docs: add declaration of missing LassoNode public methods * docs/reference/lasso-sections.txt: add missing lasso_node_*() functions. Docs: fix doc on Attribute related classes * xml/saml-2.0/saml2_attribute_value.c: * xml/saml-2.0/samlp2_extensions.c: * xml/saml_attribute_value.c: add documentation about the special way of setting those classes content, that is using lasso_node_set_original_xmlnode. * docs/reference/lasso-sections.txt: * docs/reference/lasso.sgml: add missing declarations for documentation of LassoSamlAttribute, LassoSamlAttributeValue, LassoSamlAttributeDesignator, LassoSamlStatement and LassoSaml2AttributeValue. Fix bug #94: permit any content for AttributeValue * lasso/xml/private.h: * lasso/xml/xml.h * lassoi/xml/xml.c: add an implementation helper for the AttributeValue objects implementation of get_xmlNode. make lasso_node_set_original_xmlnode public API. * lasso/xml/saml-2.0/samlp2_extensions.c: * lasso/xml/saml-2.0/saml2_attribute_value.c: * lasso/xml/saml_attribute_value.c: implement get_xmlNode for the AttributeValue and Extensions objects. If the any field is empty, use the original_xmlnode value. In order to support free-style content, you must use the method lasso_node_set_original_xmlnode, properties and children are extracted from the given node and added to the node created by the generic get_xmlNode virtual method. XML Core: add new snippet type SNIPPET_KEEP_XMLNODE * private.h: add the new constant to the enum type * xml.c: fix lasso_node_traversal, add support for the new contanst in lasso_node_imp_init_from_xmlNode. Core: add error codes, fix error strings * lasso/errors.c, lasso/errors.h: remove useless error code LASSO_SERVER_ERROR_INVALID_XML, fix string for LASSO_PROFILE_ERROR_INVALID_ISSUER, add errors codes LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE, LASSO_PROFILE_ERROR_CANNOT_FIND_A_PROVIDER and LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY. Makefile: missing dependencies for built sources * lasso/Makefile.am: remove .PHONY declaration on built sources and set appropriate dependencies. * lasso/extract_types.py: with new dependencies well defined in Makefile no need to verify change in the content of the file, just overwrite it. Core: Fix argument checking in init_from_xml * lasso/xml/xml.c: In lasso_node_impl_init_from_xml if xmlnode is null, return an error but if no node_data specification is present, do not fail but print a warning. It is not an error for a class to not have a node_data private field. add a comment to fix return code later. Core: handle g_io_channel creation failure * lasso/xml/tools.c: in lasso_load_certs_from_pem_certs_chain_file if g_io_channel_new_file fails return NULL and print a warning. If path is NULL or 0-length also returns NULL. Core: do not mix public and private headers * lots of files: explicitely load the internal header xml/private.h where needed. 2009-03-23 Frederic Peters tentative NEWS file 2009-03-09 Benjamin Dauvergne Doc: Update index sgml file to cope with gtkdoc 1.11 * docs/references/lasso.sgml: change entity path for LassoSamlp2AssertionIDRequest. SAML 2.0: Fix #90, simplify NameID decryption for NameIdManagement * lasso/saml-2.0/name_id_management.c: (lasso_saml2_name_id_management_process_request) simplify code, remove explicit decryption of nameid and handling of error cases, delegate to lasso_decrypt_nameid (from xml/tools.c). Core: add a method to decrypt nameid, handling error cases * lasso/id-dff/serverprivate.h: * lasso/id-ff/server.c: lasso_server_decrypt_nameid handle error case of NameID decryption, and update passed field pointers. * lasso/errors.h: add new error codes: LASSO_DS_ERROR_DECRYPTION_FAILED -118 - Decryption of an encrypted node failed LASSO_PROFILE_ERROR_MISSING_SERVER -438 - No server object set in the profile XML SAML 1.0: fix bug 85 * lasso/xml/lib_logout_request.c: do not break parsing when NameIdentifier->Format attribute is NULL. 2009-03-03 Benjamin Dauvergne SAML 2.0: remove NotBefore attribute when not answering an AuthnRequest * lasso/saml-2.0/login.c: In specification saml-profile-2.0-os.pdf, in paragraph 4.1.4.3, it is said that the SubjectConfirmationData node MUST NOT contain a NotBefore attribute if it contains an InReponseTo attribute, understanding that the response cannot (it the ID of the request is sufficiently random) arrive before the request and be valid with respect to the InResponseTo attribute. Test: Add test for testing new InResponseTo checking code * tests/login_tests.c: after first test of parsing the soap response message in the login test, try to parse it a second time, after modifying the InResponseTo id of the assertion and disabling signature checking. ID-FF 1.2 & SAML 2.0: fix "fix bug 173" match assertion and not the response with authn request id * lasso/id-ff/login.c: * lasso/saml-2.0/login.c: Serialize/Unserialize request_id private field in LassoLogin dumps. Match InResponseTo assertion attribute (ID-FF 1.2) or SubjectConfirmationData attribute (SAML 2.0) to original request id if it is present. Core: rename LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST * lasso/errors.h: * lasso/errors.c: rename LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST to LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID. Core: fix handling of xsi:type * lasso/xml/xml.c: xsi:type handling is broken since commit 3982, restore it. move prefix/nodename matching in static helper functions, and reuse them inside xsi:type code path. Core: enforce flag verify-signature in function lasso_verify_signature * lasso/xml/tools.c: in lasso_verify_signature always return success if lasso_flag_verify_signature is FALSE. * lasso/xml/private.h: change return type to int. 2009-03-02 Benjamin Dauvergne Fix BSD compatibility bug in configure.ac * configure.ac: remove GNUism, use -eq and = instead of == with test tool. (Patch from Emmanuel Dreyfus) 2009-02-17 Benjamin Dauvergne ID-FF 1.2 & SAML 2.0: Fix #173, check InReponseTo in authn responses * id-ff/login.h: add a string field named request_id in the private part of LassoLogin to store request id from the original AuthnRequest. * id-ff/login.c: if request_id field is not null check the InResponseTo attribute of the samlp:Response. * saml-2.0/login.c: if request_id field is not null check the InResponseTo attribute of the samlp:Response. 2009-02-06 Damien Laniel fixed binding generation removed trailing whitespace 2009-02-05 Damien Laniel fixed parsing of OFTYPE 2009-01-26 Damien Laniel added all string constants to the API doc reorganised string constants definitions added an index to quickly find symbols fixed some functions name documentation-related fixes added documentation for id-wsf 2.0 functions added lasso_data_service_new_full and removed lasso_idwsf2_discovery_destroy in api doc 2009-01-24 Benjamin Dauvergne Core: if OFTYPE is already defined, skip Core: add decorator on GList return value in LassoSession header * lasso/id-ff/session.h: add the OFTYPE decorator to the return type of lasso_session_get_assertions. Java: add assertions * bindings/java/tests/LoginTest.java: add assertion for the return code of lasso_logout_process_request_msg. ID-FF 1.2: review of logout validate request * lasso/id-ff/logout.c (lasso_logout_validate_request): use new macros. ID-FF 1.2: review logout_process_request_msg * lasso/id-ff/logout.c (lasso_logout_process_request_msg): use the new allocation macros, add checking of the parsed object type, add validation of some schema constraints before processing, like presence of the name identifier. Core: make caller owner of the list, fix refcount leak Autoconf: new macro AS_COMPILER_FLAGS to check flag support * macros/as-compiler-flags.m4 configure.ac: add a new files of autoconf macro to check support of warning flags, add needed line in configure.ac to define variable WARNING_FLAGS, containing only supported flags. Core: replace manual reference handling with macros - lasso/xml/disco_insert_entry.c (lasso_disco_insert_entry_new) : replace manual g_object_ref with assignment macro. Core: replace manual handling of references with macros - lasso/xml/disco_resource_offering.c (lasso_disco_resource_offering_new) replace manual g_object_ref with assignment macro. Core: synchronize lasso_verify_signature with new macros Core: add new error code to lasso_node_init_from_message - add new return code LASSO_MESSAGE_FORMAT_XSCHEMA_ERROR - fix SOAP_FORMAT bizarre if conditional - remove old comments Core: review of lasso_node_encrypt - use new memory macros - copying nodes instead of stealing nodes ID-FF 1.2: fix leak of instance object Core: add a new messsage format error for XSchema constraint failure ID-FF 1.2: review logout_validate_request * lasso/id-ff/logout.c (lasso_logout_validate_request): - when signature verification failed in process_request_msg, do not continue validation of the request, stop immediately and return the signature status code. - use utils.h macro for memory allocation handling. Fix potential leak of the profile->response object. ID-FF 1.2: validate signatures on responses during the BRWS/Artifact profile - lasso/id-ff/login.c: - the lasso_login_process_response_msg is used to process SOAP response to artifact resolution requests. The answer contains an samlp:Response that can be signed, and each contained assertion MUST be individually signed. - lasso/xml/samlp_response.c: - set keep_xmlnode flag on the class metadatas to help in signature validations. ID-FF 1.2: add validation of assertion signatures - lasso/id-ff/login.c: - lasso_login_process_response_status_and_assertion: - if signature_status is not 0 and an assertion is present, we validate the signature on this assertion using the internal API lasso_provider_verify_saml_signature. Core: add error code LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST * lasso/errors.h, lasso/errors.c: - LASSO_LOGIN_ERROR_REFER_TO_UNKNOWN_REQUEST is raised when a samlp:Response contains an attribute inResponseTo when when no previous request can be found inside the LassoLogin object or if the given ID is not the as the one fome the previous request. ID-FF 1.2: fix signature validation in login_process_authn_response_msg * lasso/id-ff/login.c: when signature validation fails on a message, then return the signature status as return code. There is a security fix. XML: new LassoProvider API to verify XMLDsig signatures * lasso/id-ff/provider.c, lasso/id-ff/providerprivate.h: - (lasso_provider_verify_saml_signature) validate a signed saml Request, Response or Assertion, using the public key of the given provider. XML: Make LassoSamlAssertion keep its XML form when created by parsing * lasso/xml/saml_assertion.c: set the keep_original flag of class LassoSamlAssertion to true, to keep a copy of the original libxml tree used to initialize eache instance of this object. We will use it to validate signature on assertions. XML: Add internal API to validate XMLDsig signatures * lasso/xml/tools.c: - lasso_saml_constrain_dsigctxt() add constraints following SAML specifications on XMLDsig signatures to an libxmlsec DSig context. - lasso_verify_signature() this function given an xmlNode and a key or a keys manager (for a set of AC or AC chains) validate the envelopped signature set upon this node. It can be instructed to follow constraints of the SAML 1.0 specification. Core: add new error codes * lasso/errors.h: add error codes for, - out of memory situation, - excess of references during validation of signature on SAML protocols message or assertions, - an invalid reference during validation of signatures on SAML protocols message or assertions, - an mismatch between requested assertion issuer and received assertion issuer. Autoconf: redirect shell warning in one of configure.ac tests - configure.ac: when testing if bindings have been already generated with differents settings do not let grep emit warnings. All: Fix missing field initializer problems * lots of files: Explicitely set all field of initialized structures, in order to remove -Wno-missing-field-initilizers from needed compiler options when using -Wall -Wextra. Core: add macros to assign list of things, rename xmlNode related macros * lasso/utils.h: added new macros, renamed others: - macros handling xmlNode are renamed from _node to _xml_node, - new macros for assign GList* of specific objects: - lasso_assign_list_of_gobjects, - lasso_assign_list_of_strings, - lasso_assign_new_list_of_gobjects, - macros for assigning xmlChar string (we need a specific macros because, we must use xmlFree to release the destination string), - macros to add string without duping: lasso_list_add_xml_string, - macros to add anything non-null (no type cast): lasso_list_add_non_null. Core: add references handling macros * lasso/utils.h: - add macro lasso_transfer_string and lasso_transfer_gobject, to transfer ownership of such objects without copying or their changing reference count. The old containing variable is NULLed. - lasso_list_add_gobject,lasso_list_add_new_gobject: test if the added object is a GObject, if not do not add it and print a warning. - lasso_check_type_equality: this macro use special builtin functions only with GCC (typeof and __builtin_types_compatible_p) and do metaprogramming using anonymous enumeration type to make compile time assertions. It is used - add macros to release XPathObject XPathContext, macro constructor to make reference transfert macros (free dest, nullify dest, copy src to dest without increasing refcount, nullify src), add a macro to transfert xpath objects. Core: new goto_exit macro which produces warnings * lasso/utils.h: similar macro to goto_exit_if_fail but also produce a printed warning. Core: new macros for adding string to GList * lasso/utils.h: - lasso_list_add_string, add a copy of a string to a GList Core: Remove unused macro lasso_warn_deprecated * lasso/utils.h: remove macros lasso_warn_deprecated, use GCC attributes and gtkdoc markers instead. 2009-01-22 Damien Laniel added documentation sections for ID-WSF 2.0 Discovery and DataService removed unused destroy functions (only defined in .c or .h files) 2009-01-13 Jean-Marc Liger Fedora/Redhat spec file 2008-12-18 Frederic Peters correctly check for successful return of DSA_verify 2008-12-16 Damien Laniel check in lasso_name_id_management_init_request if HTTP method is supported 2008-12-12 Damien Laniel fixed fault code and use a more precise fault string if no identity is found while building disco response, create a soap fault response 2008-12-01 Benjamin Dauvergne Use assignment macros in id-wsf 2.0 module * lasso/id-wsf-2.0/data_service.c, lasso/id-wsf-2.0/discovery.c, lasso/id-wsf-2.0/profile.c: use assignment macros to maintain proper reference counting and ownership of object field values. 2008-11-28 Benjamin Dauvergne Fix lasso.pc.in Cflags field * lasso.pc.in: cflags must contain include directory 2008-11-26 Benjamin Dauvergne Add errors.h.in to EXTRA_DIST * lasso/Makefile.am: errors.h.in must be distributed. 2008-11-20 Benjamin Dauvergne Add me. 2008-11-19 Benjamin Dauvergne Fix refcounting error in SoapEnvelope class - lasso/xml/soap_envelope.c (lasso_soap_envelope_new): fix forgotten reference count increase when assigning the body. 2008-11-14 Benjamin Dauvergne Fix uninitialized local variable - bindings/java/wrapper_top.c: (gobject_to_jobject_and_ref) initialize local variable. 2008-11-10 Benjamin Dauvergne Add support to in memory private key to lasso_query_sign - lasso/xml/tools.c: use BIO_new_mem_buf instead of BIO_new_file if private_key is not an existing file. 2008-11-06 Benjamin Dauvergne Add missing intialization - lasso/id-ff/provider.c,lasso/id-ff/server.c: add missing initialization of return code variable. 2008-11-05 Benjamin Dauvergne Fix missing include Add log message in the metadata loading process - lasso/id-ff/provider.c, lasso/saml-2.0/provider.c: add critical log message in each failed loading of metadatas branch cases. Add new internal function to show safe extracts - lasso/utils.c, lasso/utils.h: New internal api lasso_safe_prefix_string that can show any string taking care of escaping newlines,tabs and non-graphical ou non-ASCII characters. Fix uninitialized return code Thanks Emmanuel Dreyfus 2008-11-04 Benjamin Dauvergne Fix overwriting of attributes ht by node lists - lasso/xml/xml.c: - In lasso_node_impl_init_from_xml fix really old bug seen when running ID-WSF 2 python tests, when looking for snippet_any field in the GObject we should not take the any attribute field, otherwise the field value is gonna be overwritten with new GList nodes. The problem ca be seen only with classes using the two kind of snippets (ANY nodes and ANY attributs). Change style of error and dellocation handling - lasso/id-ff/provider.c: - in lasso_provider_verify_signature use standardised memory and error handling macros, and also standard return code variable name and exit label. - in lasso_providerl_load_metadata_from_buffer and lasso_provider_load_metadata use the standardised macros, exit labels and return code variable. - lasso/id-ff/server.c: - in lasso_server_load_affiliation use standardised allocation and error handling macros. - lasso/id-wsf/wsf_profile.c: - use standardised memory and error handling macros in lasso_wsf_profile_build_soap_request_msg. Move xmlDoc release after xmlFreeXPath* - lasso/xml/xml.c: - in lasso_node_new_from_soap release xmlDoc (and the contained nodes) after the XPath objects that can reference them. Remove use of xmlFreeDoc for lasso_release_doc - bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c, bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c, lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c, lasso/id-ff/logout.c, lasso/id-ff/name_registration.c, lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c, lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c, lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c, lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c, lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c, lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i: Remove use of xmlFreeDoc. Use lasso_release_doc instead. Clean generated files in bindings * bindings/java/Makefile.am: * bindings/php5/Makefile.am: * bindings/python/Makefile.am: - reformat value and add generated files to the MOSTLYCLEANFILES variable Add new utils macros - lasso/utils.h: - add goto_exit_with_rc a standardized macro that suppose having an 'int rc' variable and an exit label in the current function. - add lasso_release_output_buffer macro Fix lasso_assign_node: wrong xmlFreeNodeList * lasso/utils.h: - (lasso_assign_node) This macro wrongly assumes that the destroy function for xmlNode is xmlFreeNodeList but it's xmlFreeNode. xmlFreeNodeList is for xmlNode list of children. 2008-11-03 Benjamin Dauvergne Restore ABI compatibility wrt original_xmlNode * lasso/xml/xml.c: - use set/get_qdata to store the original xmlnode, modify init_from_xml and dispose function to cope with this new storage place. * lasso/xml/xml.h: - remove field original_xmlNode from structure LassoNode to keep ABI compatibility with previous versions. - declare new API lasso_node_get_original_xmlnode API to cleanup LassoNode tree of keeped xmlNode * lasso/xml/xml.c: - add a new function lasso_node_cleanup_original_xmlnodes to disallocate all keeped xmlNode inside a tree of LassoNodes. - add internal function lasso_node_traversal to iterate across a LassoNode tree (could be used to reimplement lasso_node_destroy) It is a preorder traversal. Add support for keep_xmlnode flag * lasso/xml/xml.c: - (lasso_node_impl_init_from_xml) When the keep_xmlnode flag is true for the currently parsed Node class, we copy the parsed xmlNode and keep inside the LassoNode. - (lasso_node_dispose) if an original_xmlNode is present, we disallocate it. Add original_xmlNode pointer to LassoNode * lasso/xml/xml.h: add an xmlNode field to base class LassoNode, to permit retrieving the xmlNode originally parsed when the structure is the result of parsing. Will be used by signature checking code. Add keep_xmlnode field to LassoNodeClassData * lasso/xml/private.h: add a boolean flag named keep_xmlnode to base class structure LassoNodeClassData. 2008-11-02 Benjamin Dauvergne Add test case for loading server completely from memory * tests/login_test.c: - add generateIdentityProviderContextDumpMemory that first load metadata, private_key and certificate file using g_file_get_contents then use the created buffers to initialize a LassoServer object. - add test03_serviceProviderLogin that use the new function. LassoServer init_from_xml/new_from_buffer handling * lasso/id-ff/server.c: (init_from_xml) if load_metadata fail try load_metadata_from_buffer instead using the content of the dumped nodes. Add new constructor lasso_server_new_from_buffers * lasso/id-ff/server.c, lasso/id-ff/server.h: add new function to build a LassoServer object holding content of certificate and private key files intead of loading them everytime signing is needed. You must instead load them yourself the first time. Export lasso_provider_load_metadata_from_buffer * lasso/id-ff/providerprivate.h: add declaration for private function lasso_provider_load_metadata_from_buffer Add verification of access before calling libxml loading function * lasso/id-ff/provider.c: (lasso_provider_load_metadata) libxml emit warning when trying to parse non-existing or non-accessible file, so verify that the file is accessible before calling libxml. (the corner case of having warning when the file become inaccessible between the two calls is non-interesting) First try accessing the file before calling key loading functions * lasso/xml/tools.c: (lasso_sign_node) instead of waiting for the xmlsec key loading function to fail before trying to load the key directly from the private_key buffer, test it using POSIX function. Add possibility to sign using preloaded keys * lasso/xml/tools.c: - (lasso_sign_node) if loading of the private_key or the certificate file we try to use the filename directly as a key in the PEM format. 2008-10-22 Benjamin Dauvergne Add missing initializations. 2008-10-16 Benjamin Dauvergne Add substitute code for g_strcmp0 2008-10-13 Benjamin Dauvergne Integrate modification from Olav Morken It fixes bad url encoding of relaystates for logout profile. A better fix for all profiles is coming. add files to nodist_HEADERS to pass distcheck 2008-10-01 Benjamin Dauvergne add functionality to enable debugging flags at runtime This code permit to set flags, separated by commas, space, tabulations, or colons. This flags activates debug functions like, suppressing validations of signatures or print debugging message about deallocations. The new flags are defined in /lasso/debug.h they can be set using an environment variable named LASSO_FLAG or a function named lasso_set_flag. There are two flags currently: - verify-signature: To deactivate it, pass 'no-verify-signature' inside LASSO_DEBUG. It desactivate signature verification, inside two functions: lasso_query_verify_signature and lasso_provider_verify_signature. - memory-debug: It enabled reporting of memory deallocation inside generic memory dellaocator for LassoNode objects and also in bindings. - lasso/xml/xml.c: do not free a null hash table pointer. 2008-10-01 Damien Laniel cleaned up some code fixed docstrings ; added an exported function ; reorganised functions in file fixed segfaults fixed xml indentation 2008-09-23 Damien Laniel If ProviderID isn't found in an AuthnResponse, immediately return a critical error 2008-09-23 Benjamin Dauvergne Many fix to compile with --enable-wsf and --enable-debugging and also to remove valgrind errors through python tests. 1. Rename lasso_wsf_profile_new_full for java bindings (cannot subclass in overrides of static methods). 2. Add const modifiers to many functon signatures in bindings/python/wrapper_top.c. 3. add initialisation of private_data->encryption_sym_key_type (to please valgrind) in instance_init of LassoProvider. 4. Add new macro to assign xmlNode, we consider xmlNode to be an immutable value, and always use xmlCopyNode for assignment. The macros is called named lasso_assign_node. 5. Fix segfault, when using xmlSec to encrypt the newly created encrypted node replace the original node inside the xmlDoc structure, and the original node is freed automatically. So you cannot borrow the encrypted if you do not remove it from xmlDoc first. 2008-09-17 Damien Laniel free xmlDoc only once fixed docstring php: added a root class to define generic getter and setter fixed docstrings which fucked php5 binding 2008-09-16 Damien Laniel fixed various bugs with new compilation flags enable optimisation flag when not debugging 2008-09-12 Benjamin Dauvergne * Remove ending blanks * Reset CFLAGS when --enable-debugging is used (remove -g -O2 value setted by AC_PROG_CC). * Show AM_CFLAGS + CFLAGS in resume when configure finish. * When --enable-debugging is used, add -Wno-xxx options to AM_CFLAGS so that bindings compile with -Werror (-Werror is activated by --enable-debugging now) * Add G_GNUC_UNUSED for unused parameter we can't remove (python wrappers). * Add options when DEBUGGING is activated, i.e. to permit compiling when -Werror is used. It removes some of the warning for code we do not control. * Select bindings in bindings/Makefile not in bindings/*/Makefile. * Remove warnings: - remove unused parameter from private function signatures - remove unused variable - initialize variable potentially accessed uninitialized - add G_GNUC_UNUSED if function is public or adhering to an interface, and a parameter is unused. - if ID-WSF is not compiled in, define stubs with G_GNUC_UNUSED on parameters. The goal is to compile with -Werror. * Add setting of AM_CFLAGS when --enable-debugging is used * Export the AM_CFLAGS variable * Create a conditionnal for automake named DEBUGGING * Show CFLAGS in resume of configuration option * Add support of lasso_registry to lasso_node_new_from_xmlNode. * Add full support for xsi:type, with lookup of the QName namespace, will only work if lib: namespace is correctly declared in the dumped XML fragment. * Add a test for the new functionnality in lasso_node_new_from_xmlNode. 2008-09-04 Benjamin Dauvergne Add a new error code, with the REGISTRY prefix and use it in registry function returning an error code. Fix a typo when retrieving a quark string in the registry modulke. Improve tests for functional mapping. Fix regression when loading a LassoServer from dump. Fix an error with -rpath setting in last commit, -rpath must always be absolute paths. 2008-09-03 Damien Laniel don't put registry functions in the bindings 2008-08-26 Benjamin Dauvergne Add -rpath to LDFLAGS variable to use the builded lasso and not the local one. Add functional mappings and test code that goest with it. Add namespace for federation XML object Add test of the two public registry functions, lasso_registry_default_add_mapping, lasso_registry_default_get_mapping. Add new module lasso_registry, to handle mapping from XML tag to GObject classes. Fix changed name of g_assign_string in wsf_profile.c Add public function lasso_server_add_provider_from_buffer, to add a provider from an XML string of the metadatas (changed semantic of the second argument compared to lasso_server_add_provider). To support this a new public LassoProvider constructor was added: lasso_provider_new_from_buffer, where the second argument is an XML string. It uses a new private function, lasso_provider_load_metadata_from_buffer. Add documentation to lasso_server_add_service_from_dump. Complete documentation of lasso_server_add_service. 2008-08-07 Benjamin Dauvergne Move soap_binding files from lasso/id-wsf to lasso/xml. 2008-08-05 Benjamin Dauvergne Add bindings/javaj/__init__.py to EXTRA_DIST Lookup wrapper_{top,bottom}.c files in the src_dir, useful for VPATH build (i.e. distcheck). Add top_srcdir/binings to python syspath. $< is already translated to the VPATH in pattern rules, no need to prefix with $(srcdir). Reflect this in the rule that creates variations of svg files for the documentation. * Fix blanks mismatch (space in *.c and *h files or tabs in *.py files) and formatting * fix typo with g_hash_table_remove_all * remove unused variable * add GNUC_UNUSED to static functions to pass -Werror add an __init__.py to make the java subdirectory a python module exemple of usage of the macro OFTYPE new empty macro OFTYPE(x) to specify type of GList containers add moved files to EXTRA_DIST change dependency with respect to moved files, add moved files to EXTRA_DIST use new util function to throw exceptions add moved files to EXTRA_DIST add TODOs for parsing OFTYPE in other positions Remove moved files from EXTRA_DIST Move all files related to java into the java subdirectory Add a module init file to python directory. Move all files related to the php5 binding inside the php5 subdirectory. Move all python binding related files inside the python subdirectory * Fix typo * add missing lasso_release_list, add lasso_release_list_of_full, reimplement lasso_release_list_of_* using _full * removed unused variables, and change FIXME comment. * add include of utils.h * remove code to add credentials, it is actually useless. * remove useless code * add Deprecated marker to documentation. * Fix potential memory leaks * id-wsf/wsf_profile.c: add error code path in lasso_wsf_profile_build_soap_request_msg for unsupported security mechanisms. add macros to release xmlSec context objects add lasso_release_full to construct other lasso_release_ functions, use it in old definitions rename g_unlink_and_release_node to lasso_unlink_and_release_node Add a macro to emit a «Function is deprecated» warning change last g_* macros to lasso_ prefix * change g_list_add* to lasso_list_add* change g_assign_* to lasso_assgin_* and g_release_* to lasso_release_* * remove blanks (review by F. Peters) * fix documentation (review by F. Peters) * bindings/python/tests/Makefile.am: make running of iwsf{1,2}_tests.py conditioned upon --enable-wsf flag of ./configure script * fix change in SamlAdvice ABI * lasso/id-wsf/data_service.c: fix my own memleak inside build_modify_response_msg 2008-08-01 Benjamin Dauvergne polish code in lasso_discovery_build_credential add macro to assign gobject field, first a simple version beginning of a pool of macros for mem handling, affectation to fields, etc.. * remove body->id and correlation->id setup, no need to set id on everything. * add detail node to node with specialised detection in lass_node_new_from_xmlNode * specialise lasso_node_new_from_xmlNode for soap:detail node remove useless overriding Match is:RedirectRequest and set msg_url to the url to redirect to do not use normal add_assertion method when reconstructing a session, no need to add Advice to assertion_by_id container Fix wrong node name in SOAP fault Fix bad SNIPPET_TYPE for attribute maxInteractionTime, it was treated as a string, and provoked a SEGFAULT. * lasso/xml/xml.c: add support for dgme:Status node. * lasso/xml/xml.c: in samlNs, compare prefix *AND* href fields of the namespace object copy node instead of stealing it to xmlDoc object, when parsing session dump if no children is present try to get a base64 encoded assertion. add assertion_id to TokenSecurityReference * lasso/id-ff/session.c: fix compilation errors. * lasso/id-ff/session.c: store ID-WSF assertion in base64 to fix problem of formatting of session dumps. * lasso/id-wsf/wsf_profile.c: - change return code variable from 'ret' to 'rc' to permit use of standardised macros like goto_exit_if_fail. - add initialization to NULL of lot of variables, to enable error return paths. - adapt to change bo soap:Body id field to its new name 'Id' - fix numerous mem leaks by using assignment macros (g_assign_gobject, g_list_add_gobject) and release macros (g_release_gobject). * lasso/id-ff/login.c: comment the generation of Advice when ResourceOffering for the DiscoService support a security mechanism needing one. Anyway the generation of Credentials is broken. * lasso/id-ff/session.c: add treatment of saml:Advice on newly added Assertions, keep the transmitted assertions inside the session indexed by their AssertionID. * lasso/xml/saml_advice.{c,h}: change content to SNIPPET_LIST_XMLNODES. * lasso/id-wsf/discovery.c: fix macros assign_resource_id to adapt to standard return code name: rc * lasso/id-wsf-2.0/profile.c, lasso/id-wsf/authentication.c: adapt to change of name of id attribute in LassoSoapBody * lasso/xml/disco_encrypted_resource_id.{c,h}: add support for any kind of content through a SNIPPET_LIST_XMLNODES marked field. * lasso/xml/soap_body.h: change name of variable id to Id * lasso/xml/soap_body.c: change attribute id to Id and fix its namespace (wssu) in overloaded get_xmlNode * lasso/xml/wsse_security.c: fix wrong namespace * lasso/xml/xml.c: make xmlClean change namespace of properties not just of nodes * lasso/xml/xml.c: adapt to new prefix of Dgme library * lasso/errors.h: new error for LassoWsfProfile signal missing Credentials * bindings/lang_python_wrapper_top.c: add cast to suppress warning about g_list_length argument non-constness. add support for LassoDgme* objects, must find a better way to do this in the future. * lasso/id-wsf/discovery.c: (lasso_discovery_build_credential, lasso_discovery_add_remove_entry, lasso_discovery_add_requested_service_type) use macro g_list_add, to reduce code size. * lasso/id-wsf/wsf_profile.c: In lasso_wsf_profile_set_security_mech_id if security_mech_id is NULL, default to LASSO_SECURITY_MECH_NULL. In lasso_wsf_profile_init_soap_request increment ref count of the argument when new reference are created. * bindings/bindings.py: support const modifier on this argument * add lasso/lasso_config.h.in because it is not generated anymore since config.h become the normal configuration file. fix wrong const modifier * lasso/id-wsf/wsf_profile.c: fix wrong namespace in a call to xmlSecFindNode * lasso/id-wsf/wsf_profile.c: implement creation of the signature for ID-WSF SAML security mechanism. Implemented many utility function that could be shared with other part of the library. * lasso/xml/tools.c: In lasso_sign_node suppress useless code to lookup the Signature node. * lasso/utils.h: add utility macros to releases libxml objects, to check null parameters or badly typed parameters. add a macro that go to an "exit" label and set the return code variable named "rc". * lasso/id-wsf/wsf_profile.c: add documentation to the function lasso_wsf_profile_set_resource_offering: * lasso/id-wsf/wsf_profile.c,wsf_profile.h,wsf_profile_private.h: add const modifier to signature when possible add a const modifier on the argument offering of lasso_discovery_get_description_auto * lasso/id-wsf/discovery.c: In lasso_discovery_get_resource_offering_auto, do not increment reference count of the returned value, it is not how it is done in the rest of the library. Returned gobject are always not-owned reference, you reference them only to keep them around. * Update errors.c to last state of errors.h add an new error for a missing ResourceID inside a ResourceOffering add const modifier to conversion function on GList*, a problem still remains that g_list_length do not take a const GList* mark init_modify as deprecated, use init_insert fix forgottent arg to g_list_foreach start rework of lasso_discovery_init_request, my intention is to base toher init_ function on this one fix a reference counting error when building response message add documentation to lasso/id-wsf/discovery.c reflects change inside lasso/id-ff/identity.c in assertions - surrounded declaration of containers for ID-WSF object with ifdef/endif, did the same in initialization/finalization code. - changed storage of resource offering from a list to a hash table - added a counter to create entryIDs for newly added resource offerings - simplify the code around resource offerings management fix issue #15 "In lasso_data_service_build_modify_response_msg we free a shared xmlNode" instead of moving assertion from session to new sessions, reference the old session in newly created ID-WSF services proxy move session storage of assertion for SAML ID-WSF authentication of request to xmlNode instead of LassoNode; add error handling when no description has been found in comply_with_saml_authentication beginning of signature implementation for SAML authentication fix naming in documentation of lasso_wsf_profile_set_description_from_offering, add new private function lasso_wsf_profile_set_resource_offering integrate new errors messages add a lasso_discovery_new_full function deprecated lasso_discovery_init_modify add somme error messages, add new error LASSO_WSF_PROFILE_ERROR_MISSING_DESCRIPTION, when no description can be found for the chosen security mechanism add matching of Bearer authentication, support ID-WSF 1.1 security mechanisms URNs fix error of namespace change content from list of LassoNode to list of xmlNode changed contents to list of xmlNodes instead of LassoNode add strings for security mechanism defined in ID-WSF 1.1 forked lasso branch for adeline add a general error for a badly initialized object and two error for idwsf relating to a missing assertion id and a missing endpoint declaration Revert " * remove body->id and correlation->id setup, no need to set id on everything." This reverts commit 832f127760dc074336400531a99f3a03574ffe13. added functions to release [list]string/gobject/any add methods to manipulate list of gobjects, and dissociate affectation of fresh object from older objects add macro to assign gobject field, first a simple version fix typo in last commit add soap binding util function to lookup specific SOAP header for ID-WSF SOAP encapsulation beginning of a pool of macros for mem handling, affectation to fields, etc.. * remove body->id and correlation->id setup, no need to set id on everything. forked lasso branch for adeline forked lasso branch for adeline forked lasso branch for adeline keep head version 2008-08-01 Benjamin Dauvergne * lasso/id-wsf/discovery.c: - include utils.h - move lasso_wsf_profile_build_key_info_node here - add a comment for future review of lasso_discovery_build_credential - remove direct use of lasso_wsf_profile_build_soap_envelope, use lasso_wsf_profile_init_soap_request instead. * lasso/id-wsf/utils.{c,h}: - new file with security mech id matching functions * lasso/id-wsf/wsf_profile.c: - remove all credentials related static functions - empty all credentials related public functions - move function related to matching security mechanism into utils.{c,h} and xml/disco_description.h - add static function lasso_wsf_profile_comply_with_saml_authentication that tries to add credential to the request to a web service using the SAML WS-Security mechanism - add static function lasso_wsf_profile_comply_with_security_mechanism to dispatch upon the current chosen securirt mechanism. - extract build_soap_envelope to the static function build_soap_envelope_internal to remove warning of usage of a deprecated function. - remove lasso_wsf_profile_set_public_key - remove lasso_wsf_profile_set_security_mech_id - add lasso_wsf_profile_get_security_mechanism - add lasso_wsf_profile_set_description - empty function about online status of the principal - remove all (non-working) handling of the x509 security mechanism - add a new constructor function LassoWsfProfile* lasso_wsf_profile_new_full(LassoServer *server, LassoDiscoResourceOffering *offering) - and a new init function (for subclass): gint lasso_wsf_profile_init(LassoWsfProfile *profile, LassoServer *server, LassoDiscoResourceOffering *offering) * lasso/id-wsf/wsf_profile.h: - mark as deprecated: lasso_wsf_profile_move_credentials lasso_wsf_profile_build_soap_envelope lasso_wsf_profile_set_provider_soap_request lasso_wsf_profile_principal_is_online lasso_wsf_profile_add_credential lasso_wsf_profile_set_principal_status lasso_wsf_profile_set_principal_online lasso_wsf_profile_set_principal_offline * lasso/id-wsf/wsf_profile_private.h: - remove fields from LassoWsfProfilePrivate structure: - GList *credentials; - gchar *public_key; - add fields: - char *security_mech_id; - LassoDiscoResourceOffering *offering; 2008-08-01 Benjamin Dauvergne include utils.h fix typo on name of an xmlsec function change strings for security mechanisms to comply with the spec * Move error message inside comments in lasso/errors.h * Add a script to autogenerate lasso/errors.c from errors.h * Update errors.c * Add a target to Makefile.am to create errors.c move and export matching function for disco description into lasso/xml/disco_description.c fix bad copy/paste add utils.c and utils.h to file list move some utility functions out of wsf_profile.c - lasso/id-wsf/wsf_profile.c lasso/id-wsf/wsf_profile_private.h: extract LassoWsfProfilePrivate structure. * lasso/id-wsf/discovery.c: repurpose lasso_discovery_process_query_response_msg in order to extract credentials informations and store them into the current session. * lasso/id-wsf/wsf_profile.c: Remove any high-level processing from lasso_wsf_profile_process_soap_response_msg, just parse and setup the corresponding fields into the structure. Eventually signal a SOAP using a return code. Add an index of assertions by ID and two new function lasso_session_add_assertion_with_id(session, id, assertion) and lasso_session_get_assertion_by_id(session, id) Add to lasso_session_add_assertion a call to add_assertion_with_id, to index all assertions into the index by id. rebase to trunk Add disco_description in includes * add type decl to field GList* any lasso_wsf_profile_build_soap_request_msg: - add a TODO comment - lasso_wsf_profile_add_soap_signature: * add documentation * user xmlSec functions for findings nodes * add comments on the work flow * fix memleak * remove enveloped signature transform, it is a detached signature. - lasso_wsf_profile_verify_saml_authentication: - add comments on the work flow - simplify and centralize cleanup code - loop over all assertion lookup for signature to verif - lasso_wsf_profile_add_credential_signature: * add documentation * reformat * add comments on the work flow * fix memleak - suppress lasso_wsf_profile_get_public_key_from_credential - lasso_wsf_profile_verify_credential_signature: * centralize and simplify cleanup code * add comments describing the flow - Add a const LassoDiscoDescription *lasso_wsf_profile_get_description(LassoWsfProfile *profile) - Add documentation to lasso_wsf_profile_verify_credential_signature Change formatting -Use lasso_wsf_profile_is_saml_authentication in lasso_wsf_profile_has_saml_authentication -Add documentation for lasso_wsf_profile_is_x509_authentication ,lasso_wsf_profile_is_saml_authentication and lasso_security_mech_has_x509_authentication. Use macros instead of custom code, add parameter value verifications In lasso_wsf_move_credentials use new lasso utils macros Documentation for lasso_wsf_profile_has_saml_authentication Documentation for lasso_wsf_profile_get_fault Documentation for lasso_wsf_profile_get_description_autos Documentation for lasso_wsf_profile_set_public_key Documentation for lasso_wsf_profile_add_credential documentation for lasso_wsf_profile_move_credentials add new method lasso_wsf_profile_set_description_from_offering fix typo add a general error for a badly initialized object and two error for idwsf relating to a missing assertion id and a missing endpoint declaration Revert " * remove body->id and correlation->id setup, no need to set id on everything." This reverts commit 832f127760dc074336400531a99f3a03574ffe13. add function to load a public key from anything added functions to release [list]string/gobject/any add methods to manipulate list of gobjects, and dissociate affectation of fresh object from older objects use g_assign_gobject add methods to handle the registry of WsfProfile constructors - private: {lookup,remove,set}_registry handle access to the registry - public: lasso_discovery_[un]register_constructor_for_service_type gives access to this registry to other classes. Conflicts: add xml dump functionality import discovery.h, fix name of registered constructor function change return type of lasso_discovery_get_service (kein direct user in the rest of the code) polish code in lasso_discovery_build_credential use lasso_discovery_build_wsf_profile commodity method in lasso_discovery_get_service(s) methods. add registering of the constructor add macro to assign gobject field, first a simple version use g_assign_string to update a string field fix typo in last commit add soap binding util function to lookup specific SOAP header for ID-WSF SOAP encapsulation if messageID is missing return MISSING_CORRELATION beginning of a pool of macros for mem handling, affectation to fields, etc.. look for the correlation element, do not just take the first one, report proper error if not present remove useless reset of structure after allocation with g_new0 * set credential to NULL when freed * remove body->id and correlation->id setup, no need to set id on everything. 2008-07-22 Frederic Peters published news about 2.2.1 bumped to 2.2.1 fixed order of freeing calls (stolen from ec76ae4f7e40e99443ad421a85ec4d3fb7359bf3) fixed ..._must_authenticate to look for any assertion, not just one from the requester provider. 2008-07-16 Frederic Peters don't copy gtk-doc tmpl/ files that do not longer exists (fixes make distcheck) 2008-07-01 Benjamin Dauvergne change bug report link 2008-06-29 Benjamin Dauvergne add build_strerror.py to EXTRA_DIST 2008-06-16 Damien Laniel set an accurate error code on IdP if session wasn't reloaded 2008-06-05 Frederic Peters check NameIdentifier for existence before strcmp'ing it 2008-05-30 Benjamin Dauvergne remove perl script for generating lasso_strerror, replace with a python script, do not replace errors.c if generation give the same file as before, add warning to errors.c about autogeneration, add documentation on lasso_strerror to errors.c.in reformat utils.h 2008-05-30 Damien Laniel fixed too long lines and remove some blank lines fixed too long lines and remove some blank lines fixed tab/space mix 2008-05-30 Benjamin Dauvergne remove merge markers * Move error message inside comments in lasso/errors.h * Add a script to autogenerate lasso/errors.c from errors.h * Update errors.c * Add a target to Makefile.am to create errors.c 2008-05-30 Frederic Peters NameIdPolicy must be allocated 2008-05-29 Frederic Peters forbit query strings to be xml signed provider_id is optional in lasso_session_get_assertions debian/control is now generated debian/control is now generated updated debian packaging updated debian packaging 2008-05-28 Frederic Peters 2.2.0 notes about new bindings updated release date 2008-05-28 Benjamin Dauvergne add forgottent static modifier 2008-05-28 Damien Laniel fixed functions returning const GList * 2008-05-28 Benjamin Dauvergne recognize const GList* return of lasso_server_get_svc_metadatas so return_owner = False 2008-05-28 Frederic Peters boolean in C are uppercase 2008-05-27 Frederic Peters 2.0.0 updated changelog to 2.2.0 noted about 2.2.0 updated copyright info 2008-05-27 Benjamin Dauvergne remove obsolete swig binding csharp, php5, python. java stays as long as alain coetmeur needs it php(4) will be superseded by the new bindings/php4 later. remove ./docs/reference/tmpl during clean-local target add lasso_config.h.in to MAINTAINERCLEANFILES add Makefile.in to MAINTAINERCLEANFILES in every Makefile.am export SWIG_VERSION into Makefile.am handle swig < 1.3.32 and swig >= 1.3.32 with two different versions of the patch script add -I$(top_builddir) to CFLAGS in first position surround parameter with quotes permitting filename with spaces clean *.pyc files in the bindings Make Makefile.PL use TOP_SRCDIR and TOP_BUILDDIR variables fix INCLUDES, remove obsolete JDK_INCLUDES definition fix INCLUDES #include => #include fix INCLUDES quick and dirty fix to support return type «const GList*» fix INCLUDES var, put top_builddir first add qualifier for the GList returned by lasso_server_get_svc_metadatas cleanup include listingm first builddir then srcdir and no need for $srcdir/lasso Add disco_declaration.h to imported headers Add $(top_builddir) to include of id-wsf and id-wsf-2.0 Makefile.am to work with distcheck. 2008-05-26 Damien Laniel allow getting xpath attributes like /node/@attr 2008-05-26 Frederic Peters respect optional args and default values for integer args last argument to check_version was optional with the SWIG bindings 2008-05-26 Damien Laniel don't test NULL value before calling gfree + proper list freeing 2008-05-26 Benjamin Dauvergne Fix escaping of parenthesis inside a regex add -fno-strict-aliasing to CFLAGS to remove bad code genereation on amd64 and warnings on all platforms Re-remove java/Makefile from configure.ac outputs 2008-05-24 Benjamin Dauvergne re-add swig/java binding to makefile, make it use the JAVA_INCLUDE path, JDK_INCLUDES does not exist 2008-05-23 Frederic Peters fixing a little bit the doap file removed doap.rdt to lasso.doap to be compatible with moap mentioning bug database and updated description bitching about free 2008-05-22 Benjamin Dauvergne add a new headers with macros to handle memory like assigning a gobject field (work flow, is you augment ref of the new value, decrease the one from the old, and then assign), assigning strings, releasing lists of strings, of gobjects,etc.. the free macros are all called g_release_somehting and they set the released variable to NULL. add a macro to validate GObject parameter types This header is intended to concentre every bit of wisdom for handling pointers and memory, try to use thoses macros in your code. They are not intended to work with weak references (references you do not own), so always g_object_ref in this case (or use g_assign_gobject that does it, when your variable is not needed anymore to g_assign_gobject(var, NULL)); 2008-05-22 Damien Laniel added some more missing unreference added some more missing unreference added some more missing unreference fixed freeing svcMDID list added a missing reference 2008-05-21 Damien Laniel added some more missing unreference fixed memory management during node decryption unreference service node after adding it to the server some comments free list elements make return value const instead of copying the list make return value const instead of copying the list removed warning when calling lasso_node_destroy with NULL argument useless variables detroyer; they're already freed by snippets 2008-05-20 Frederic Peters removing unused variable 2008-05-20 Damien Laniel fixed some reference counting and memory management avoir function calls in parameter checks import main test file some cleanups in id-wsf 1.1 code added a discovery remove test case added id-wsf 2.0 tests for new bindings stronger check on empty string parameters added some tests for id-wsf 1.1 with new python bindings 2008-05-20 Benjamin Dauvergne add pact for SWIG 1.3.33, need to be tested agains previous and later versions of SWIG 2008-05-19 Damien Laniel fixed methods with xmlNode* arguments 2008-05-15 Frederic Peters moved gtk-doc inline as is better on so many points; also added schema fragments to published doc 2008-05-14 Damien Laniel allows querying a list of items with ID-WSF 2.0 data service 2008-05-14 Frederic Peters added lasso_idwsf2_data_service_get_attribute_nodes method 2008-05-14 Damien Laniel fixed get and set queryItems in bindings 2008-05-13 Benjamin Dauvergne * validate input in lasso_profile_is_saml_query 2008-05-09 Benjamin Dauvergne * export dummy lasso_init/lasso_shutdown for compatibility * module shutdown must return SUCCESS * verify if returned object is non-null before decrementing its refcount export dummy lasso_init/lasso_shutdown for compatibility 2008-04-30 Benjamin Dauvergne fix indentation III the come back fix indentation bis fix indentation * lasso*login_must_authenticate: (id-ff/login.c,saml-2.0/login.c): do not consider profile->session != NULL as a proof of a previous authentication and search an assertion associated with profile->remote_providerID. That was causing a bug when a previous unsuccesfull request was making profile->session != NULL even if no authentication has been made. * add string translation for error LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS 2008-04-29 Frederic Peters look for ElementTree in yet another place updated with 2.1.98 packaging updated with 2.1.98 packaging properly quote vars added build-dep on php5-dev added build-dep on php5-dev use new bindings don't generate "abstract" member for PHP as it causes a problem with SWIG [project @ fpeters@0d.be-20080426153010-i98np134gtvc03sy] move php extension dir under $(prefix) Original author: Frederic Peters Date: 2008-04-26 17:30:10.185000+02:00 [project @ fpeters@0d.be-20080423153851-70h4ns9mvsncw150] ship lasso.ini Original author: Frederic Peters Date: 2008-04-23 17:38:51.027000+02:00 [project @ fpeters@0d.be-20080423145930-yekpmusph6oob90d] merge Original author: Frederic Peters Date: 2008-04-23 16:59:30.377000+02:00 [project @ fpeters@0d.be-20080423100400-sbs984j19ik6dxzi] merge Original author: Frederic Peters Date: 2008-04-23 12:04:00.477000+02:00 [project @ fpeters@0d.be-20080423095917-mmhdqmpa9i00kuly] remove assert that needs private struct info Original author: Frederic Peters Date: 2008-04-23 11:59:17.694000+02:00 [project @ fpeters@0d.be-20080416142729-kpuwdj5m75qe5vnc] added php4 binding from benjamin but disabled it Original author: Frederic Peters Date: 2008-04-16 16:27:29.948000+02:00 [project @ fpeters@0d.be-20080416142356-cl3d6hb3ru62p8xv] Damien Laniel 2008-04-16 added PHPGObject destructors and fixed some memory management Original author: Frederic Peters Date: 2008-04-16 16:23:56.715000+02:00 [project @ fpeters@0d.be-20080410163456-r6a9flm66nhyap6m] Merge from bdauvergne: factorize the backward compatibility code for GHashTable, fixed placement of declarations. Original author: Frederic Peters Date: 2008-04-10 18:34:56.595000+02:00 [project @ fpeters@0d.be-20080410140255-456kiwqz53exn9vo] removed hash table size checks as they requires access to glib internals Original author: Frederic Peters Date: 2008-04-10 16:02:55.908000+02:00 [project @ fpeters@0d.be-20080408141937-9ge86l4vyec39lsz] merging damien branch Original author: Frederic Peters Date: 2008-04-08 16:19:37.055000+02:00 [project @ fpeters@0d.be-20080408141317-mmjdku5wuegia6o3] merging benjamin Original author: Frederic Peters Date: 2008-04-08 16:13:17.010000+02:00 [project @ fpeters@0d.be-20080407154605-x6j5u3k1t53vzary] look for alternative ElementTree implementation Original author: Frederic Peters Date: 2008-04-07 17:46:05.507000+02:00 [project @ fpeters@0d.be-20080406145608-13ngws5566q8jkj9] simplified raise_on_rc Original author: Frederic Peters Date: 2008-04-06 16:56:08.973000+02:00 [project @ fpeters@0d.be-20080406145106-b6ywyx9f53w39y0e] fixed returned list of gobject Original author: Frederic Peters Date: 2008-04-06 16:51:06.682000+02:00 [project @ fpeters@0d.be-20080406135913-4sxje4sifk407jna] support for methods returning GList* of LassoNode* Original author: Frederic Peters Date: 2008-04-06 15:59:13.889000+02:00 [project @ fpeters@0d.be-20080406111623-pf8iq94lrfu2w2un] extended the skip attribute to accept more values Original author: Frederic Peters Date: 2008-04-06 13:16:23.574000+02:00 [project @ fpeters@0d.be-20080406110838-j0faaj3x9t3ztbhs] don't output two spaces before = Original author: Frederic Peters Date: 2008-04-06 13:08:38.325000+02:00 [project @ fpeters@0d.be-20080406103050-qfvnslshaslcjrj1] improving doc strings Original author: Frederic Peters Date: 2008-04-06 12:30:50.311000+02:00 [project @ fpeters@0d.be-20080406100353-gauqob9b1238gw9o] functions that are not owner of their return type Original author: Frederic Peters Date: 2008-04-06 12:03:53.304000+02:00 [project @ fpeters@0d.be-20080405225744-bz39keu5co15n5l6] backward compat for ID-WSF buildRequestMsg methods Original author: Frederic Peters Date: 2008-04-06 00:57:44.577000+02:00 [project @ fpeters@0d.be-20080405220112-hv62do6qtb8itkxw] optional parameters for LassoDiscovery and LassoDataService Original author: Frederic Peters Date: 2008-04-06 00:01:12.703000+02:00 [project @ fpeters@0d.be-20080405204919-zlk32ehqmftfwh0c] backward compat for registerIdWsf2DstService Original author: Frederic Peters Date: 2008-04-05 22:49:19.113000+02:00 [project @ fpeters@0d.be-20080405204856-apdxhkk5pdhmx0nj] support for xmlNode* attributes Original author: Frederic Peters Date: 2008-04-05 22:48:56.805000+02:00 [project @ fpeters@0d.be-20080405184728-xay3dzjeq41suxav] added remaining optional parameters that were defined in the swig bindings Original author: Frederic Peters Date: 2008-04-05 20:47:28.881000+02:00 [project @ fpeters@0d.be-20080405184658-1389bbpst9cxhjm6] support for boolean default values Original author: Frederic Peters Date: 2008-04-05 20:46:58.982000+02:00 [project @ fpeters@0d.be-20080405184638-o2aipd0e2lkd674q] fixed backward compatibility of DiscoDescription to only be enabled when WSF support is on Original author: Frederic Peters Date: 2008-04-05 20:46:38.168000+02:00 [project @ fpeters@0d.be-20080404131647-lb7jty8pp3tjcmny] added handling of other constructors, and backward compatibility for lasso.DiscoDescription_newWithBriefSoapHttpDescription Original author: Frederic Peters Date: 2008-04-04 15:16:47.595000+02:00 [project @ fpeters@0d.be-20080403104659-tio35cweqbl32auj] lasso_idwsf2_discovery_metadata_register_self has its last parameter optional Original author: Frederic Peters Date: 2008-04-03 12:46:59.281000+02:00 [project @ fpeters@0d.be-20080328175728-1uv5yyo713uhukck] merging benjamin branch (again) Original author: Frederic Peters Date: 2008-03-28 18:57:28.327000+01:00 [project @ fpeters@0d.be-20080328175710-s4031yloqsdbmvel] merging benjamin branch Original author: Frederic Peters Date: 2008-03-28 18:57:10.522000+01:00 [project @ fpeters@0d.be-20080326094935-u5wxcw8nd30ckdjw] casting free functions Original author: Frederic Peters Date: 2008-03-26 10:49:35.397000+01:00 [project @ fpeters@0d.be-20080326094754-cw66nuog62q06ekk] merging benjamin branch Original author: Frederic Peters Date: 2008-03-26 10:47:54.384000+01:00 [project @ fpeters@0d.be-20080326090203-a0ietdsmp8ec9aef] freeing converted list Original author: Frederic Peters Date: 2008-03-26 10:02:03.689000+01:00 [project @ fpeters@0d.be-20080326084502-krmekmh7mokemn18] possibility to qualify GList* parameters Original author: Frederic Peters Date: 2008-03-26 09:45:02.789000+01:00 [project @ fpeters@0d.be-20080325181554-raqz9a721r2vjo5t] return type qualifier to know what is the content of a GList* Original author: Frederic Peters Date: 2008-03-25 19:15:54.747000+01:00 [project @ fpeters@0d.be-20080325172346-eitu3onvzps4b30z] merging benjamin stuff and adding --enable-id-wsf when id-wsf is asked Original author: Frederic Peters Date: 2008-03-25 18:23:46.535000+01:00 [project @ fpeters@0d.be-20080321174837-2fneubl3xhlol08w] always raise an exception, to be compatible with previous behaviour Original author: Frederic Peters Date: 2008-03-21 18:48:37.002000+01:00 [project @ fpeters@0d.be-20080321174813-7pcjuucmw5xw4d4o] declare functions, and make them static Original author: Frederic Peters Date: 2008-03-21 18:48:13.524000+01:00 [project @ fpeters@0d.be-20080321173628-ufrpdmc23wmhu5ym] removed compatibility to inexisting attribute Original author: Frederic Peters Date: 2008-03-21 18:36:28.789000+01:00 [project @ fpeters@0d.be-20080314231446-2fess87rf4xe00ar] more compat Original author: Frederic Peters Date: 2008-03-15 00:14:46.531000+01:00 [project @ fpeters@0d.be-20080314231256-hjz1wljuqrcbuce3] merging benjamin branch Original author: Frederic Peters Date: 2008-03-15 00:12:56.228000+01:00 [project @ fpeters@0d.be-20080310093300-2iv41ihnuify54po] merging benjamin branch Original author: Frederic Peters Date: 2008-03-10 10:33:00.592000+01:00 [project @ fpeters@0d.be-20080309152828-pw4gd3lcm7rb7dxd] merging benjamin branch Original author: Frederic Peters Date: 2008-03-09 16:28:28.854000+01:00 [project @ fpeters@0d.be-20080229163949-v7zjjcr3sg5w0wfj] set exception code in raise_on_rc as the same exception can share two different codes (in reality this is only the case for UnknownProfileError), also skip LogoutErroor/UnknownProfileError instead of duplicating and overwriting it, with a long explanation comment. Original author: Frederic Peters Date: 2008-02-29 17:39:49.202000+01:00 [project @ fpeters@0d.be-20080228084331-nnw52qii4xdmz36k] ship files required for tests/ Original author: Frederic Peters Date: 2008-02-28 09:43:31.229000+01:00 [project @ fpeters@0d.be-20080227102117-mbx90lw49ty9vfq9] rename lasso_profile_is_identity_dirty to lasso_profile_has_dirty_identity (and ditto with s/identity/session/) to provide both correct documentation and backward compatibility in Python bindings Original author: Frederic Peters Date: 2008-02-27 11:21:17.023000+01:00 [project @ fpeters@0d.be-20080227101004-a8tjn21ux8m0md7s] an other rename issue Original author: Frederic Peters Date: 2008-02-27 11:10:04.420000+01:00 [project @ fpeters@0d.be-20080226163902-kby1si1erxqnvzsm] compatibility with NodeList, StringList and StringDict Original author: Frederic Peters Date: 2008-02-26 17:39:02.548000+01:00 [project @ fpeters@0d.be-20080226163712-tdqz8v7d3rsdoygt] backward compat for MiscTextNode.text_child Original author: Frederic Peters Date: 2008-02-26 17:37:12.594000+01:00 [project @ fpeters@0d.be-20080225222041-kixxnphv94z7ld23] fixed function renaming Original author: Frederic Peters Date: 2008-02-25 23:20:41.510000+01:00 [project @ fpeters@0d.be-20080225132449-kd2tppchh4z47sti] increment refcount of objects returned in tuples Original author: Frederic Peters Date: 2008-02-25 14:24:49.893000+01:00 [project @ fpeters@0d.be-20080225121334-yi07nl8kefuefhk9] benjamin branch Original author: Frederic Peters Date: 2008-02-25 13:13:34.475000+01:00 [project @ fpeters@0d.be-20080222101655-1mbomnvhq5d8gxtb] support for accessor returning GObjects Original author: Frederic Peters Date: 2008-02-22 11:16:55.631000+01:00 [project @ fpeters@0d.be-20080222101641-d32t8a8wtocet4qq] more __repr__ like Original author: Frederic Peters Date: 2008-02-22 11:16:41.648000+01:00 [project @ fpeters@0d.be-20080222095228-htuqndnaiiazp2qv] backward compatibility for Saml2Subject.nameID Original author: Frederic Peters Date: 2008-02-22 10:52:28.583000+01:00 [project @ fpeters@0d.be-20080222093656-l6a09ccadxdz9qrs] merging benjamin branch Original author: Frederic Peters Date: 2008-02-22 10:36:56.421000+01:00 [project @ fpeters@0d.be-20080222093439-0tbhiky3305jroj5] added backward compatibility for Samlp2AuthnRequest.nameIDPolicy Original author: Frederic Peters Date: 2008-02-22 10:34:39.153000+01:00 [project @ fpeters@0d.be-20080218085519-h4hpx5u9ezvupvbc] com_entrouvert_lasso_LassoJNI.h is built Original author: Frederic Peters Date: 2008-02-18 09:55:19.662000+01:00 [project @ fpeters@0d.be-20080218085509-t0oktx26t3v393pw] added missing java files to distributed files Original author: Frederic Peters Date: 2008-02-18 09:55:09.987000+01:00 [project @ fpeters@0d.be-20080217154439-uws87jdru8j3izkj] distribute GObject.java and LassoException_top.java, and fixed distcheck Original author: Frederic Peters Date: 2008-02-17 16:44:39.322000+01:00 [project @ fpeters@0d.be-20080217154423-svipbb8mktdbs6gz] create source directory if necessary Original author: Frederic Peters Date: 2008-02-17 16:44:23.418000+01:00 [project @ fpeters@0d.be-20080217144029-zleb5lw82iwcqqvj] space after comma Original author: Frederic Peters Date: 2008-02-17 15:40:29.819000+01:00 [project @ fpeters@0d.be-20080217143931-r5r87f8m415866z5] fixed (a little bit hacky, slowly getting back) renamed methods in python binding Original author: Frederic Peters Date: 2008-02-17 15:39:31.583000+01:00 [project @ fpeters@0d.be-20080217115736-u8axfdcztdhvsnj0] removed pyc file Original author: Frederic Peters Date: 2008-02-17 12:57:36.849000+01:00 [project @ fpeters@0d.be-20080217115557-8qtcrc1vzb75f75c] merged Benjamin branch Original author: Frederic Peters Date: 2008-02-17 12:55:57.088000+01:00 [project @ fpeters@0d.be-20080118215410-d45drghkhvba7822] merged Damien branch; and fixed PHP5 binding to use GLib memory management functions Original author: Frederic Peters Date: 2008-01-18 22:54:10.239000+01:00 [project @ fpeters@0d.be-20071122144503-m1ya6db2hzlijhmt] parse docstrings (such as the parsed form is available to all languages) and format them as epydoc in the python binding Original author: Frederic Peters Date: 2007-11-22 15:45:03.610000+01:00 [project @ fpeters@0d.be-20071122125027-vw48yk2h353ijif8] Don't bind lasso_*_destroy methods since they are just wrappers around g_object_unref which will be called properly from the bindings object destructor support. Also added support for a skip attribute to in overrides (not used at the moment). Original author: Frederic Peters Date: 2007-11-22 13:50:27.802000+01:00 [project @ fpeters@0d.be-20071120204838-b1q3z1nv4phb1t8r] fixed typo in file to remove Original author: Frederic Peters Date: 2007-11-20 21:48:38.865000+01:00 [project @ fpeters@0d.be-20071120201438-11ybvaefw3o02p7h] clean built files Original author: Frederic Peters Date: 2007-11-20 21:14:38.792000+01:00 [project @ fpeters@0d.be-20071120201406-loyt7g5302ztk7er] get srcdir from env variable (set automatically by automake) Original author: Frederic Peters Date: 2007-11-20 21:14:06.537000+01:00 [project @ fpeters@0d.be-20071120151830-wdnobbexiv300ibb] fixed some make distcheck issues (still remaining is access to test data when srcdir != builddir) Original author: Frederic Peters Date: 2007-11-20 16:18:30.814000+01:00 [project @ fpeters@0d.be-20071115162508-ydcoj2rr8zkfxyvy] merged Damien branch Original author: Frederic Peters Date: 2007-11-15 17:25:08.524000+01:00 [project @ fpeters@0d.be-20071115161633-6e49xtjy7dgqxm3r] added special support for functions that return a borrowed reference to a GObject*. Original author: Frederic Peters Date: 2007-11-15 17:16:33.298000+01:00 [project @ fpeters@0d.be-20071115102943-ai5s97yj5g9chrv3] added getter for internal GObject* reference count; useful to debug memory allocations. Original author: Frederic Peters Date: 2007-11-15 11:29:43.003000+01:00 [project @ fpeters@0d.be-20071113195326-cd83a1nrlh9l9nbr] added three more tests of bindings Original author: Frederic Peters Date: 2007-11-13 20:53:26.406000+01:00 [project @ fpeters@0d.be-20071113192919-3g05qazwjjhivlsh] ported old test cases to the new binding Original author: Frederic Peters Date: 2007-11-13 20:29:19.859000+01:00 [project @ fpeters@0d.be-20071113192818-6ysl71n3cg4uvy4l] fixed setting list and object attributes to None Original author: Frederic Peters Date: 2007-11-13 20:28:18.519000+01:00 [project @ fpeters@0d.be-20071113172348-8i4mcve247l8ec0k] fixed memory managements issues in Python binding Original author: Frederic Peters Date: 2007-11-13 18:23:48.693000+01:00 [project @ fpeters@0d.be-20071113151334-k8v9udlbr5nb2lu7] backward compatibility for isSessionDirty and isIdentityDirty Original author: Frederic Peters Date: 2007-11-13 16:13:34.182000+01:00 [project @ fpeters@0d.be-20071113141308-1hr4b009pgx606sa] some backward compatibility with SWIG generated binding Original author: Frederic Peters Date: 2007-11-13 15:13:08.467000+01:00 [project @ fpeters@0d.be-20071113140738-l9xdpgnjvx2ekdvr] PyDict_SetItemString doesn't steal the reference, so Py_DECREF(obj); after. Original author: Frederic Peters Date: 2007-11-13 15:07:38.745000+01:00 [project @ fpeters@0d.be-20071113015838-961yf93m001amgi1] merging Damien branch Original author: Frederic Peters Date: 2007-11-13 02:58:38.825000+01:00 [project @ fpeters@0d.be-20071112131601-rxpuzaxkhe2qwdw4] fixed variable type Original author: Frederic Peters Date: 2007-11-12 14:16:01.913000+01:00 [project @ fpeters@0d.be-20071111224238-k28pyur1kpm2iiyc] added some support for overrided function names to PHP5 binding Original author: Frederic Peters Date: 2007-11-11 23:42:38.123000+01:00 [project @ fpeters@0d.be-20071111215225-xo2v0iwwjw74rqyp] override lasso_profile_get_nameIdentifier to be renamed to lasso_profile_get_federation_nameIdentifier in bindings, so it doesn't shadow the LassoProfile::nameIdentifier member. Original author: Frederic Peters Date: 2007-11-11 22:52:25.286000+01:00 [project @ fpeters@0d.be-20071111213604-1prv8pyvnwr6gdly] moved is_null check into cptrToPhp function instead of duplicating it in callers. Original author: Frederic Peters Date: 2007-11-11 22:36:04.472000+01:00 [project @ fpeters@0d.be-20071111213455-a7lds8mfily3o9i1] ISO C90 forbids mixed declarations and code; moved xmlString return code into its own code block Original author: Frederic Peters Date: 2007-11-11 22:34:55.867000+01:00 [project @ fpeters@0d.be-20071106133809-z6qxlw10eooqrkwp] merged damien branch Original author: Frederic Peters Date: 2007-11-06 14:38:09.490000+01:00 [project @ fpeters@0d.be-20071103222826-mjowzcuitfc35jpx] removed erroneously duplicated lines Original author: Frederic Peters Date: 2007-11-03 23:28:26.922000+01:00 [project @ fpeters@0d.be-20071103213505-94itgfwnvinqnhf6] Added warning message on boolean constants, as they are not yet supported but shouldn't cause the build to fail; also fixed a few calls to format_attribute that have been removed in favor of code from utils.py Original author: Frederic Peters Date: 2007-11-03 22:35:05.918000+01:00 [project @ fpeters@0d.be-20071103211651-8vperiqd97t0987s] support for list of xmlNode* (such as LibAuthnRequest/Extension) Original author: Frederic Peters Date: 2007-11-03 22:16:51.610000+01:00 [project @ fpeters@0d.be-20071102093734-mv4amat73ulcri17] merged Damien branch Original author: Frederic Peters Date: 2007-11-02 10:37:34.842000+01:00 [project @ fpeters@0d.be-20071101183642-85c94st4sjujh4sr] added special support required for SAML2_SUPPORT and WSF_SUPPORT constants Original author: Frederic Peters Date: 2007-11-01 19:36:42.776000+01:00 [project @ fpeters@0d.be-20071101181800-r94oeih0q8hplrxo] added support for standalone functions in lasso wrapper; and added renames for a bunch of them Original author: Frederic Peters Date: 2007-11-01 19:18:00.896000+01:00 [project @ fpeters@0d.be-20071101170655-2qi60xpa42u7g310] added (get) wrapper for GHashTable members Original author: Frederic Peters Date: 2007-11-01 18:06:55.994000+01:00 [project @ fpeters@0d.be-20071101160226-jj7ou71gblw0uymq] added support for converting xmlNode* as return type to PyString Original author: Frederic Peters Date: 2007-11-01 17:02:26.261000+01:00 [project @ fpeters@0d.be-20071101155155-avzyxfeum84mhf7k] don't return a value for methods that do not return a value, and convert returned value to object for methods returning objects. Original author: Frederic Peters Date: 2007-11-01 16:51:55.007000+01:00 [project @ fpeters@0d.be-20071101154634-m2de3kw7qyl47p39] raise lasso.Error instead of base Exception on constructor error Original author: Frederic Peters Date: 2007-11-01 16:46:34.882000+01:00 [project @ fpeters@0d.be-20071101154602-vtgnze1fteggdkvj] always convert identifers from ID to Id Original author: Frederic Peters Date: 2007-11-01 16:46:02.686000+01:00 [project @ fpeters@0d.be-20071101154109-l4l5rntsmkrukw3k] raise exception when constructor fails Original author: Frederic Peters Date: 2007-11-01 16:41:09.647000+01:00 [project @ fpeters@0d.be-20071101153722-f7053pg8s6x5rpst] added comments to file, and added optional args definition to lasso_provider_new Original author: Frederic Peters Date: 2007-11-01 16:37:22.975000+01:00 [project @ fpeters@0d.be-20071031161615-6azrhw33s96nngr1] fixed setters for object members that are LassoNode Original author: Frederic Peters Date: 2007-10-31 17:16:15.654000+01:00 [project @ fpeters@0d.be-20071031161008-c5jqe7topkxoaoe0] raise TypeError when assigning a Python list to a member expecting a tuple Original author: Frederic Peters Date: 2007-10-31 17:10:08.047000+01:00 [project @ fpeters@0d.be-20071031124903-z1k8ywuk1qgrl5gm] added lasso extension dynamic loading, aborting if it fails Original author: Frederic Peters Date: 2007-10-31 13:49:03.384000+01:00 [project @ fpeters@0d.be-20071031114522-jkrmvbpphcm0rms8] moved identifier name formatting functions to their own module, so they are not duplicated everywhere. Original author: Frederic Peters Date: 2007-10-31 12:45:22.367000+01:00 [project @ fpeters@0d.be-20071030182501-ylv8gu5he0jqlngd] output warnings to stderr Original author: Frederic Peters Date: 2007-10-30 19:25:01.156000+01:00 [project @ fpeters@0d.be-20071029175534-xyhm1jidpe624m3t] API compatibility with SWIG bindings which didn't have accessors for those methods and used totally pythonified method name instead, such as Logout::getNextProviderId; also improved python method naming converter function to correctly translate ID to Id. Original author: Frederic Peters Date: 2007-10-29 18:55:34.577000+01:00 [project @ fpeters@0d.be-20071029174409-80dztn33kjef8xch] output warning to stderr Original author: Frederic Peters Date: 2007-10-29 18:44:09.130000+01:00 [project @ fpeters@0d.be-20071028192051-mdp2mgambly3dyxv] fixed two places which had not been converted to new cptr/type Original author: Frederic Peters Date: 2007-10-28 20:20:51.103000+01:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071028140359-qhawdgrwjhk97y32] added Makefile.am files; to integrate within lasso build tree (under a bindings/ directory), this also requires to add those three lines to configure.ac AC_OUTPUT: bindings/Makefile bindings/python/Makefile bindings/php5/Makefile also changed generation script to output files in the current directory Original author: Frederic Peters Date: 2007-10-28 15:03:59.480000+01:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071028134708-gxz10vu031229qi8] undef some #define from php_config.h that are also defined in lasso_config.h Original author: Frederic Peters Date: 2007-10-28 14:47:08.021000+01:00 [project @ fpeters@0d.be-20071028132849-mlc6yfzl0y3enzbn] merged PHP5 support from Damien Original author: Frederic Peters Date: 2007-10-28 14:28:49.939000+01:00 [project @ fpeters@0d.be-20071010133236-j76dbt8kh1gojsz2] build without ID-WSF support by default, adding a --enable-id-wsf parameter to enable it. Also some generated C cleaning. Original author: Frederic Peters Date: 2007-10-10 15:32:36.162000+02:00 [project @ fpeters@0d.be-20071008135840-ujwuza0tqm6cwlzr] added licence header, help text, command-line options and renamed script Original author: Frederic Peters Date: 2007-10-08 15:58:40.683000+02:00 [project @ fpeters@0d.be-20071008113045-hi02eeinwh7a1703] some support to generate python docstrings (on methods) Original author: Frederic Peters Date: 2007-10-08 13:30:45.285000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071008100008-wd4uyitms1xfz1wv] completed support for get/setters of list of objects s = lasso.Saml2Assertion() s2 = lasso.Saml2AuthnStatement() s2.sessionIndex = 'plop' s3 = lasso.Saml2AuthnStatement() s3.sessionIndex = 'plop2' s.authnStatement = (s2, s3) print s.authnStatement Original author: Frederic Peters Date: 2007-10-08 12:00:08.145000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071008094035-jypv3sactdkvkoq7] setting of list of objects s = lasso.Saml2Assertion() s2 = lasso.Saml2AuthnStatement() s2.sessionIndex = 'plop' s3 = lasso.Saml2AuthnStatement() s3.sessionIndex = 'plop2' s.authnStatement = (s2, s3) print s.dump() Original author: Frederic Peters Date: 2007-10-08 11:40:35.875000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071008090356-014qg89f2kq667v4] support for getter/setter of list of strings (and partially done of objects) Original author: Frederic Peters Date: 2007-10-08 11:03:56.732000+02:00 [project @ fpeters@0d.be-20071006185817-a2qpisu5x6a4zqef] fixing newFromDump constructors Original author: Frederic Peters Date: 2007-10-06 20:58:17.081000+02:00 [project @ fpeters@0d.be-20071006183919-bv96kzjkqzho9p5s] added support for non-None optional args Original author: Frederic Peters Date: 2007-10-06 20:39:19.031000+02:00 [project @ fpeters@0d.be-20071006180132-1t68niy6jyj26k88] bugfix for string members Original author: Frederic Peters Date: 2007-10-06 20:01:32.249000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071006172452-7ed22uoeqm22gled] support for exceptions, with a complete hierarchy of exceptions; and emulation of swig binding behaviour (access to code via [0] and to error string via [1]) login = lasso.Login(server) try: login.initAuthnRequest('plop', lasso.HTTP_METHOD_REDIRECT) except lasso.Error, error: print error # print error.code # -201 print error[0] # -201 print error[1] # ProviderID unknown to LassoServer. sys.exit(1) Original author: Frederic Peters Date: 2007-10-06 19:24:52.095000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071006155345-ses0l1suzq229qdq] fixed refcounting Original author: Frederic Peters Date: 2007-10-06 17:53:45.416000+02:00 [project @ fpeters@0d.be-20071006151758-pwrstredrf19b2nw] added repr support for PyGObjectPtr, displaying GObject type name and reference count Original author: Frederic Peters Date: 2007-10-06 17:17:58.258000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005223906-y27ho960oiiqho19] fixed getters returning objects (getting the appropriate class for the given type) (and a small issue with setter of strings); this is now working: login = lasso.Login(server) login.initAuthnRequest('https://idp1/metadata', lasso.HTTP_METHOD_REDIRECT) login.request.isPassive = False login.request.nameIDPolicy = 'federated' login.buildAuthnRequestMsg() Original author: Frederic Peters Date: 2007-10-06 00:39:06.565000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005200614-dahkk1xuq6pbumbo] wrap constants & enums; is now possible: login = lasso.Login(server) login.initAuthnRequest('https://idp1/metadata', lasso.HTTP_METHOD_REDIRECT) login.buildAuthnRequestMsg() Original author: Frederic Peters Date: 2007-10-05 22:06:14.800000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005194234-7b7e39l1x4afi8wf] fixed attribute renaming, login.msgUrl now works Original author: Frederic Peters Date: 2007-10-05 21:42:34.345000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005193755-jzlc2gc56thaxqwe] added support for optional arguments and fixed method calls with objects now working: server = lasso.Server('../../tests/data/sp1-la/metadata.xml') server.addProvider(2, '../../tests/data/idp1-la/metadata.xml', '../../tests/data/idp1-la/public-key.pem') login = lasso.Login(server) login.initAuthnRequest('https://idp1/metadata', 4) login.buildAuthnRequestMsg() print login.msg_url Original author: Frederic Peters Date: 2007-10-05 21:37:55.914000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005171544-ben23itgbrjebwvk] member setters import lasso s = lasso.Samlp2AuthnRequest() s.isPassive = True print s.dump() Original author: Frederic Peters Date: 2007-10-05 19:15:44.095000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005162859-0pf7l8zkie7m9sr5] generate wrapper for get accessors import lasso s = lasso.Samlp2AuthnRequest() print s.isPassive Original author: Frederic Peters Date: 2007-10-05 18:28:59.741000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005161337-vh1s4saoywr0u2sa] workaround since assertion must come before advice Original author: Frederic Peters Date: 2007-10-05 18:13:37.320000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005155511-13lg9tc7usfht3ud] minimalistic functional module $ python -c 'import lasso; print lasso.Samlp2AuthnRequest().dump()' Original author: Frederic Peters Date: 2007-10-05 17:55:11.508000+02:00 2008-04-29 Frederic Peters [project @ fpeters@0d.be-20071005125351-543q5fahhrljdmaj] (work in progress) some infra for python wrapper Original author: Frederic Peters Date: 2007-10-05 14:53:51.026000+02:00 [project @ fpeters@0d.be-20071005114857-u95fr7hqt6ze2qp9] create constructor for _new functions and class methods for _new_from_dump methods Original author: Frederic Peters Date: 2007-10-05 13:48:57.345000+02:00 [project @ fpeters@0d.be-20071005100459-r1mm9241ko41pcfv] python generation (classes, members & methods; missing constructors and layer using python C API) Original author: Frederic Peters Date: 2007-10-05 12:04:59.172000+02:00 [project @ fpeters@0d.be-20071005082424-d4y1kxyjhenlflsj] ignore get_type functions Original author: Frederic Peters Date: 2007-10-05 10:24:24.151000+02:00 [project @ fpeters@0d.be-20071005082412-r41uf26575dubg5l] attach methods to classes Original author: Frederic Peters Date: 2007-10-05 10:24:12.840000+02:00 [project @ fpeters@0d.be-20071005081049-u0v99a86515z4ay5] order class hierarchy Original author: Frederic Peters Date: 2007-10-05 10:10:49.378000+02:00 [project @ fpeters@0d.be-20071005080353-01t90pe4t68sdmtp] moved binding data to a class Original author: Frederic Peters Date: 2007-10-05 10:03:53.550000+02:00 [project @ fpeters@0d.be-20071004213555-02snw1q22fgkw3jx] added support for functions Original author: Frederic Peters Date: 2007-10-04 23:35:55.074000+02:00 [project @ fpeters@0d.be-20071004205916-5ur5t75ht9586n4j] reimplemented to be easier to concatenate lines (necessary for functions spanning multiple lines) Original author: Frederic Peters Date: 2007-10-04 22:59:16.286000+02:00 [project @ fpeters@0d.be-20071004204927-6j2np9wflrp15tt4] get struct members Original author: Frederic Peters Date: 2007-10-04 22:49:27.981000+02:00 [project @ fpeters@0d.be-20071004203958-xsegogi4ad0muf0a] get list of structs Original author: Frederic Peters Date: 2007-10-04 22:39:58.914000+02:00 [project @ fpeters@0d.be-20071004203206-voc7gqczx2usx3c8] ignore private headers Original author: Frederic Peters Date: 2007-10-04 22:32:06.670000+02:00 [project @ fpeters@0d.be-20071004203137-j6p42c5e48qgc5fq] added support for enums Original author: Frederic Peters Date: 2007-10-04 22:31:37.240000+02:00 [project @ fpeters@0d.be-20071004185258-quqzvq2tgmbt8u1j] initial work, extracting constants out of source tree Original author: Frederic Peters Date: 2007-10-04 20:52:58.486000+02:00 updated to current packaging then updated for new bindings updated to current packaging then updated for new bindings 2008-04-28 Frederic Peters re-added function; but fixed docstrings removed duplicated function 2008-04-26 Frederic Peters add unprefixed extension dir for php5, and fixed it for php4 2008-04-24 Benjamin Dauvergne change g_return_val_if_fail(provider,... from last commit to g_return_val_if_fail(LASSO_IS_PROVIDER(provider) 2008-04-23 Benjamin Dauvergne * add bad argument handling in lasso_provider_* functions * in lasso_provider_get_key return NULL if provider is NULL * change /etc -> /etc/php5/conf.d/ in the last commit * add parameters for php5: --with-php5-include-dir (default to /usr/share/php) and --with-php5-config-dir (default to /etc/php5/cond.f/) 2008-04-23 Frederic Peters that part is broken with PHP 4 only that part is broken with PHP 4 only 2008-04-23 Benjamin Dauvergne * search gzread in zlib1 after trying in libz (win32) * remove critical exit from java macros 2008-04-21 Benjamin Dauvergne * AttributeQuery contains multiple Attribute elements not juste one * ajout d'un package debian pour le binding php5 * ajout d'un package debian pour le binding php5 2008-04-18 Benjamin Dauvergne * add a finalizer to LassoNode class object 2008-04-10 Benjamin Dauvergne twill has a debian package now 2008-04-10 Frederic Peters added defederation tests removed saving page 2008-04-09 Damien Laniel fixes SLO from IdP with Encrypted NameID in ID-FF 2008-04-06 Frederic Peters fallback to onetime usage if no federation is found 2008-03-28 Benjamin Dauvergne add new directory in bindings/php5 to AC_OUTPUT commented lines const is useless, and LassoIdWsf2UtilTestResult does not exist, breaking the bindings const gboolean as argument is useless and it disturbs the bindings 2008-03-21 Frederic Peters added sso with ispassive check fixed missing rename of LASSO_TYPE_PROFILE_SERVICE to LASSO_TYPE_DATA_SERVICE 2008-03-20 Frederic Peters fixed data service macros to refer to data service, not to profile service; and added some parameter checking in init_modify 2008-03-18 Benjamin Dauvergne * fix typo in the last commit :) * id-wsd/data_service.c: (lasso_data_service_process_modify_response_msg) return an error code if return value from lasso_node_new_from_dump is NULL or invalid. 2008-03-14 Benjamin Dauvergne * configure.ac: remove generation of php5/Makefile, it does nothing. add detection of pre-4.1.3 gcj versions. add bindings/python/tests/Makefile in commented AC_OUTPUT code. 2008-03-12 Benjamin Dauvergne * change in the sgml documentation files. 2008-03-11 Benjamin Dauvergne * fix ticket #1 and #3. 2008-03-10 Benjamin Dauvergne * configure.ac: re-add JDK_INCLUDE substs (can be removed when we will move to the new bindings) * configure.ac,macros/ac_*.m4: add new m4 macros to detect more JAVA related things like junit.jar path to put into the CLASSPATH or desactivate compilation of java bindings test. 2008-03-06 Benjamin Dauvergne * configure.ac: remove line for making bindings makefiles. 2008-03-05 Benjamin Dauvergne * configure.ac: fix typo, forgot 'sed'. * configure.ac: add the same option for javac than for gcjh (for target and source java language version). * configure.ac: change handling of java options. Try to find JAVA_HOME from the link in /usr/bin. Propose more options for java, javac and javah. Set good options for gcj (-ftarget=1.4 -fsource=1.4 mainly to be retro compatible with old VMs). * login.c: (lasso_login_saml20_validate_request) fix typo. 2008-03-04 Benjamin Dauvergne * lasso/saml-2.0/login.c: (lasso_login_validate_request) If consent is not obtained set status code at AUTHN_FAILED (no other status code seems ok). * lasso/saml-2.0/login.c: lasso_login_saml20_validate_request should define response->status_code no matter what happens, especially when consent is not obtained (lasso_login_saml20_process_federation return an error code in this case but it's a normal event in the SSO workflow so status code is 'Success'). If not buildArtifactMsg fails when looking for the response status code. 2008-03-03 Benjamin Dauvergne * lasso_name_id_management_process_requet: verify that request_msg is not null. 2008-03-03 Frederic Peters only get session when remote provider id is not provided 2008-02-29 Benjamin Dauvergne * fix syntax error introduced in r3494 :) Bad benjamin commit before compiling. * id-ff/logout.c: (lasso_logout_init_request) free remote_provider_id before setting it. free profile->request before setting it if LASSO_IS_NODE(request), not just LASSO_IS_LIB_LOGOUT_REQUEST(request). Fix memory leaks. * name_id_management.c: (lasso_name_id_management_init_request)get the first providerId when remote_provider_id is NULL, free old remote_provider_id string when non null and unref old name_identifier when non null. Fix memory leaks and lacking usual feature of init_request functions. 2008-02-29 Damien Laniel fixed the prototype of get_type functions to avoid warnings on windows 2008-02-28 Damien Laniel fixed php version checks 2008-02-26 Frederic Peters misc text node attributes are not private 2008-02-25 Frederic Peters initialize twill before servers, and pass over crashed servers on cleanup keep NameIdPolicy/Format in login->nameIDPolicy, as in ID-FF 1.2; use it not to look for federations when transient is requested. removed debugging visit to idp removed debugging saving added integration tests to repository 2008-02-21 Benjamin Dauvergne * reflect in the documentation of lasso_server_new the fact that metadata is optional 2008-02-20 Benjamin Dauvergne * Add lasso_ds_* API to the general build of lasso (was enable only with id-wsf before) 2008-02-18 Benjamin Dauvergne * Suppression de #define doublons. * Ajout d'un commentaire déclaratif /* of LassoXXX */ à une déclaration d'un membre de structure de type GList*. 2008-02-18 Frederic Peters proper casting fixed assertion refcounting in lasso_login_build_assertion, changed lasso_session_add_assertion to refcount the assertion it gets 2008-02-17 Frederic Peters added missing Saml2AttributeValue.java to distributed files removed obsolete file from Makefile.am fixed gcj version regex 2008-02-01 Frederic Peters register all known prefixes to xpath context 2008-01-23 Frederic Peters warns when signing saml2 elements would fail because private key is missing rewording (hopefully without adding bug) removed unnecessary double call to export_to_soap proper casts of xmlChar* 2008-01-17 Damien Laniel updated download links for Windows installers 2008-01-15 Damien Laniel each value of an multi-valued-attribute go in a different AttributeValue node 2008-01-15 Frederic Peters removed broken php rename removed unused variable 2008-01-14 Damien Laniel loop on attributeStatement and childs lists fixed mixing epr assertion attribute with other custom attributes added swig binding for Saml2AttributeValue + tests 2007-12-27 Frederic Peters added missing underscore in lasso_samlp2_assertion_idrequest_new renamed samlp2_assertion_idrequest.i to /samlp2_assertion_id_request.i added preliminary support for the Assertion Query and Request profile. renamed files according to their contents renamed samlp2:AssertionIDRequest with an underscore between id and request. 2007-12-06 Damien Laniel handle name identifier formats : email and unspecified added all missing name identifier formats 2007-12-05 Damien Laniel break ABI less than before added support for encrypting name identifiers with id-ff 1.2 2007-12-03 Frederic Peters store ProtocolProfile even when it is Redirect support for HTTP-Redirect binding being explicitely specified 2007-11-28 Frederic Peters added support for sending SAMLv2 AuthnResponse over HTTP-Redirect (which shouldn't be used because the assertion within makes for a very big message) 2007-11-27 Frederic Peters include serverprivate.h since lasso_server_get_first_providerID is used. 2007-11-22 Frederic Peters format list in docstring with paragraphs, as this form is known by the new binding generator fixed parameter name that differed between docstring and function fixed parameter names that different between header and source file fixed comments pointing to the wrong function removed direct usage of g_object_unref from lasso_*_destroy methods formatting fix in docstring don't shout a critical error when there is no session and logout get_next_providerId is called. 2007-11-13 Frederic Peters added sample identity dump fixed wrong type for SamlpRequest->RespondWith (list of strings, was declared as list of nodes) 2007-11-13 Damien Laniel removed the * from the GList item type as other GList items are commented with no * added item types for GHashTable 2007-11-12 Damien Laniel allow a NULL first parameter in init_notification 2007-11-11 Frederic Peters fixed copyright comment header 2007-11-06 Damien Laniel added OrganisationName in the metadatas of the first test 2007-11-05 Damien Laniel removed a useless tab 2007-11-03 Frederic Peters annotate GList* of xmlNode* changed GList* of xmlNode* annotation, to include the * 2007-10-30 Frederic Peters updated annotations to use '/* of strings */' instead of '/* of char* */' as it is more readable added annotation about GList items type 2007-10-19 Frederic Peters error checking when processing artifact response. 2007-10-11 Damien Laniel fixed modifyng root node added an idwsf1 test fixed a syntax error 2007-10-10 Damien Laniel fixed memory management fixed a memory error fixed error code added missing error codes in swig bindings run idwsf tests only if lasso has idwsf support fix error code removed an usused variable 2007-10-04 Frederic Peters cosmetic issue, set parameter name in function declaration 2007-10-04 Damien Laniel changed the way status code is handled to make code simpler 2007-10-04 Frederic Peters added lasso_data_service_get_resource_offering method to get LassoDiscoResourceOffering of a DataService 2007-10-03 Frederic Peters returns SOAP fault with approriate value when need_redirect_user is called inbetween dataservice modify stuff. 2007-09-21 Frederic Peters indentation fixes fixed indentation in generation script 2007-09-21 Damien Laniel fixed tabs removed whitespaces added checks on soap messages type fixed id-wsf 1 data service modify split the discovery query test and added data service query and data service modify tests fixed service_type in lasso_data_service_process_modify_msg fixed service_type in lasso_data_service_process_modify_msg some error checks and some coding style 2007-09-20 Frederic Peters added missing session accessor 2007-09-20 Damien Laniel reordered methods so it's easier to read fixed data_service_init_modify method reordered methods so it's easier to read fixed personal profile constructor in bindings 2007-09-20 Frederic Peters added knowledge about automake-1.10 2007-09-19 Damien Laniel added a unit test for id-wsf 1 2007-09-18 Damien Laniel check if (Encrypted)ResourceID is null fixed setting of resource offering datas into a data service check soap enveloppe to prevent segfaults removed useless line lasso_discovery_add_resource_offering doesn't exist, remove it completely from the binding this time added missing method 2007-09-12 Frederic Peters adds support for text as answer to dst queries (instead of forcing answers to be full nodes) 2007-08-28 Damien Laniel fixed dll files path for installer set svn property to use Windows-style line endings for Windows files restored windows-style line endings in visual studio configuration files so they can be loaded updated visual studio main configuration file for new lasso version fixed missing character for macro updated links to version 2.1.1 for windows 2007-08-27 Frederic Peters RPMs for 2.1.1 are now available 2007-08-21 Frederic Peters updated website with 2.1.1 bumped to 2.1.1 fixed bad casting on get/set lists removed LassoSignatureType fixed usage of set|get_node_list and set|get_string_list added binding for LassoSignatureType which is just an enum but SWIG creates such ugly things. 2007-08-13 Frederic Peters added pointers to 2.1.0 tarball updated changelog for 2.1.0 bumped to 2.1.0 updated SAML2 bindings with all attributes; and added copyright / licence notice. updated with current list of swig generated files remove reference to inexistent file fixed reference to metadata files added a wrapper around xmlParseMemory to avoid network and DTD 2007-08-08 Damien Laniel processModifyResponseMsg 2007-08-06 Damien Laniel swig binding for parse modify items parse modify items added ModifyResponse as custom namespace 2007-08-02 Damien Laniel added some missing Makefiles to configure.ac 2007-07-30 Damien Laniel added a missing END_THROW_ERROR added first functions for ID-WSF 2 attribute modification increased the number of allocatable objects 2007-07-30 Frederic Peters added script to generate idwsf2 low level classes to repository DstRefAppData is just a template, don't consider it a string but a container for anything 2007-07-27 Damien Laniel changed abort message when too many objects are allocated changed abort message when too many objects are allocated use a constant for node_infos size abort when node_infos array has reached its limit 2007-07-27 Frederic Peters access to saml2 attribute statement 2007-07-26 Frederic Peters python2.3-lasso was package for old policy python2.3-lasso was package for old policy updated packaging to current sid package updated packaging to current sid package 2007-07-16 Damien Laniel added one error message some more data service tests data service query tests + one more test for discovery + some fixes to previous code 2007-07-11 Damien Laniel discovery query test suite moved common function to a super class test suite for metadata association add split id-wsf 2 tests in smaller functions 2007-07-10 Damien Laniel some unit tests for id-wsf 2 fixed prefix changes for soap binding and ws security renamed some files added saml2 metadatas and keys for 1 idp and 2 sp 2007-07-10 Frederic Peters don't call lasso_node_destroy on a NULL variable initialize global variables adds all classes from ID-WSF 2 required schemas; with appropriate changes to other files. 2007-07-09 Damien Laniel _new function have no parameters and added some _new_full function instead changed metadata_list attribute to SvcMD 2007-07-06 Frederic Peters added namespaces used by other parts of id-wsf 2 2007-07-05 Damien Laniel check enveloppe existence in case lasso functions are called in wrong order 2007-07-03 Frederic Peters hack around swig not declaring functions by declaring it ourself here, but it may break in a future swig version, this is just to get a clean build without any warning of the Python binding with SWIG 1.3.31... get_node_info_with_swig may not be used by the python binding, but it sure is used by other bindings (and if we were only concerned by python we wouldn't use swig). 2007-07-02 Damien Laniel commented out an usused function to fix another swig warning cleaned methods definitions to fix swig warnings fixed a swig warning in LassoServer fixed swig warnings for ID-WSF 1 removed no more existing methods from id-wsf 1 swig bindings moved type attribute which isn't herited added service.queryItems + some attributes initialisation and destruction 2007-06-29 Damien Laniel added lasso.SOAP_FAULT_REDIRECT_REQUEST eception when WSP needs user consent + service.redirectUrl added one soap error and text for other soap errors added SoapBinding2 prefix to handle RedirectRequest added initRedirectUserForConsent 2007-06-19 Frederic Peters fixed class hierarchy, with ID-WSF 2 specific stuffs going into LassoIdWsf2Profile (which now inherits from LassoProfile). 2007-06-18 Damien Laniel moved soap_envelope_request and soap_envelope_response to ProfilePrivate to avoid ABI breackage 2007-06-14 Damien Laniel rephrase a meaningless sentence fixed spelling mistake changed responseMsg to answer for consistency added 2 lines to get the added keys and metadata creation added a line to tell to restart Apache 2 2007-06-13 Damien Laniel moved epr free from finalize to dispose fixed EncryptedID usage ; last commit was a mistake use nameIdentifier attribute of LassoProfile for IdWsf2 profiles uncomment a useful line use nameIdentifier attribute of LassoProfile for IdWsf2 profiles initialise and destroy new attributes removed IdWsf2Profile and use LassoProfile instead removed IdWsf2Profile and use LassoProfile instead fixed gcj warnings + added 2 checks fixed tabs and spaces mix fix documentation for getting nameIdentifier content fix for getting nameIdentifier content renamed Wsf2Profile to IdWsf2Profile changed buildQueryResponseMsg to parseQueryItems + buildResponseMsg coding style changed buildQueryResponseMsg to buildQueryResponseEprs + buildResponseMsg replaced two strings with a constant better error handling + some refactoring removed a duplicate 2007-06-12 Damien Laniel split lasso_idwsf2_discovery_process_query_msg for the SP to get the name_id and load the identity dump in between decrypt nameId in identity token encrypt nameId in profile identity token coding style added comments coding style + comments save provider encryption in dumps and reload it from dump + reloads the keys after loading a dump moved xmlenc.h include where it is really needed 2007-06-11 Damien Laniel get the identity token from the current epr added a security token in all eprs (only disco eprs had one before) fixed warnings removed a duplicate line various error checks, coding style and refactoring removed a useless line 2007-06-09 Frederic Peters fixed LassoIdWsf2DiscoSvcMetadata binding constructor 2007-06-08 Frederic Peters differentiate between id-wsf 1 & 2 since this is what is expected in other places (won't work as easily for DST) recognize ID-WSF 2 disco query messages 2007-06-08 Damien Laniel various error checks, coding style and refactoring removed useless arguments for lasso_idwsf2_discovery_init_metadata_association_add removed lasso_idwsf2_data_service_get_personal_profile_email if the user wasn't yet associated to a discovery metadata, associate it + added some commments if a user hasn't been associated to a discovery metadata, give him a default disco epr added lasso_idwsf2_discovery_metadata_register_self and lasso_idwsf2_data_service_get_personal_profile_email 2007-06-07 Frederic Peters noted about memleak to be fixed later properly allocate memory for svcMDID 2007-06-07 Damien Laniel check all function arguments in session and identity check session existence 2007-06-07 Frederic Peters be robust, check for possible NULL variables. 2007-06-07 Damien Laniel memory management in lasso_idwsf2_data_service_get_attribute_string small fixes in lasso_idwsf2_data_service_get_attribute_string one more argument check + free node memory added some checks on arguments added lasso_idwsf2_data_service_get_attribute_string added lasso_idwsf2_data_service_get_attribute_node fixed gcc warnings 2007-06-07 Frederic Peters extended xml_insure_namespace so it creates the namespace itself, after having looked for a preexisting namespace; the function was previously called with ns == NULL, which caused namespace to be *removed* from elements (ns was NULL because xmlNewNs will return NULL when the namespace is already defined). first snippet member is a name; looking for an element named "any" won't work that often... copied note from LIST_NODES to LIST_XMLNODES since the same behaviour is present in both. 2007-06-06 Damien Laniel removed useless line DST processQueryResponseMsg changed QueryResponse items data from string to xmlNode added missing files 2007-06-05 Frederic Peters fixed Python scripts Damien broke when he updated copyright without checking. 2007-06-05 Damien Laniel added service.data and lasso_idwsf2_data_service_build_query_response_msg remove a print Copy session form discovery to data service object added dst profile registration cosmetics 2007-06-04 Damien Laniel use profile namespace for dst queries + added server as parameter to basic IdWsf2DataService constructor moved identity token code from discovery to wsf2_profile make some queryItem attributes optional 2007-06-04 Frederic Peters returned objects must go through the binding; fix ID-WSF2 disco.getService 2007-06-04 Damien Laniel removed useless code swig binding for some ID WSF 2 functions + changed some types 2007-06-01 Damien Laniel added lasso_idwsf2_data_service_init_query and lasso_idwsf2_data_service_add_query_item added some node class for id-wsf-2.0 DST 2007-05-30 Damien Laniel updated Copyright dates in some more remaining files updated Copyright dates in some more remaining files revert copyright changed by mistake updated Copyright dates in remaining files updated Copyright dates in all files added data service class and lasso_idwsf2_discovery_get_service function 2007-05-09 Damien Laniel fixed usage of an identity without federation in lasso_idwsf2_discovery_register_metadata, create idenity if it doesn't exist filled msgUrl in initMetadataAssociationAdd fixed memory management don't use misc_text_node don't use g_return_if_fail here moved session check to where it's really needed added LassoIdentity_getSvcMDIDs method to swig added a forgotten file replaced svcMDs with svcMDIDs in identity and moved EPRs from identity to session 2007-05-08 Frederic Peters also keep lasso prefix in PHP5 binding 2007-05-03 Damien Laniel fixed attribute name and name format added LASSO_EXPORT for a function in a public header changed function names to match binding function names don't use lasso_node_dump to create xml soap messages fixed SecMechID changed registerMetadata prototype + small fixes split processMetadataAssociationAddMsg into processMetadataAssociationAddMsg + registerMetadata - new API 2007-05-02 Damien Laniel get assertion from disco epr and put this assertion into soap header for metadata_association_add 2007-05-02 Frederic Peters SNIPPE_ALLOW_TEXT doesn't have to be handled, but Damien gcc is warning-happy. 2007-05-02 Damien Laniel replaced status codes with constants don't segfault when receiving bad soap request or response replaced LASSO_WSF2_PROFILE(discovery) with profile everywhere wrap too long line fixed function name added assertion identity token into disco EPR added method to get an assertion security token from an EPR fixed spaces 2007-05-02 Frederic Peters don't put text nodes in list nodes unless SNIPPET_ALLOW_TEXT is set fixed xmlCleanNs on recursing namespaces hardened id-wsf1 disco detection against misc nodes SNIPPET_LIST_NODES can now host LassoMiscTextNode, also useful now to directly embed a text element (instead of a node with a text element as content) whitespace cleaning binding for LassoLogin->assertion binding for LassoMiscTextNode 2007-05-01 Damien Laniel added identity token into metadata_association_add messages 2007-04-30 Frederic Peters xml_enc.h should have been public; so much for QA. 2007-04-25 Frederic Peters const'ified a bunch of parameter that are immutable 2007-04-25 Damien Laniel fixed gcc warning added id-wsf 2.0 request types + added a missing include removed const warning from gcc 2007-04-25 Frederic Peters new server.addServiceFromDump method, and extended addService to work for both id-wsf 1 and 2; also necessary to add quick hack in new_from_xmlnode to map SvcMD to SvcMetadata. 2007-04-25 Damien Laniel fill profile->request in init_metadata_register + added soap_endpoint parameter fill profile->request in init_metadata_register 2007-04-24 Frederic Peters added getSvcMetadatas method to lasso.Identity, to bind lasso_identity_get_svc_metadatas(). 2007-04-24 Damien Laniel coding style fixes coding style fix implemented discovery query 2007-04-19 Frederic Peters a little bit of imagination to avoid new classes for each and every simple element with a different name. 2007-04-19 Damien Laniel Build a Disco EPR within saml 2 login assertion 2007-04-19 Frederic Peters cleaning warnings signaled by gcc 2007-04-19 Damien Laniel fixed gcc warnings minor fixes 2007-04-18 Damien Laniel completed metatada_register and metadata_association_add 2007-04-17 Damien Laniel added saml_attribute_value.[ch] to Makefile.am 2007-04-16 Damien Laniel typo fixed typo (no idea how long it had been there) start writing an ID-WSF EPR in saml 2 assertions md_association_add xml nodes identity + session in discovery + SvcMDAssociationAdd 2007-04-14 Frederic Peters new StringDict to map GHashTable of strings to a structure similar to a python dictionary (necessary to support mapping of "any" attributes) updated liberty document uris updated with version from a newer generator (initialize anyAttribute hash table and correctly set content to 0 instead of NULL) add profileprivate.h header for lasso_profile_clean_info function declaration add missing profileprivate.h header for lasso_profile_clean_info function declaration. optimize type autodetection in lasso_node_new_from_xmlNode by reordering namespace matches and stopping at first success added reference to WsAddr implemented support for SNIPPET_ATTRIBUTE | SNIPPET_ANY (using GHashTable). removed useless glib/glist.h include fixed last commit author in buildbox 2007-04-13 Damien Laniel disco.processMetadataRegisterResponseMsg(soap_answer) and disco.svcMDID + renamed Idwsf2 to IdWsf2 to make it work with new classes 2007-04-13 Frederic Peters don't include wsu_ symbols in non-id-wsf builds 2007-04-13 Damien Laniel disco.processMetadataRegisterMsg(soap_answer) and disco.buildResponseMsg() 2007-04-12 Damien Laniel implemented disco.metadata.dump() changed disco classes and methods names + make lasso_idwsf2_discovery_process_metadata_register_msg work removed useless check removed useless headers added wsu_timestamp class removed id-wsf 1 soap headers and added wsu_timestamp id-wsf 2.0 element 2007-04-11 Frederic Peters only include wsa_ when ID-WSF is enabled added WS-Addr classes 2007-04-11 Damien Laniel removed useless g_object_ref fixed include implementing lasso_idwsf2_discovery_process_metadata_register_msg, not working yet 2007-04-11 Frederic Peters target namespace for disco would better be disco, not ds, to avoid confusion renamed disco_service_metadata to disco_svc_metadata 2007-04-10 Damien Laniel renaming + removed some useless casts some more work on metadata registration 2007-04-08 Frederic Peters adding all ID-WSF 2.0 namespaces 2007-04-07 Frederic Peters fixing figures from cvs2svn conversion 2007-04-06 Frederic Peters keep a single --enable-wsf configure option, for both ID-WSF 1 and 2. 2007-04-05 Damien Laniel removed useless comments and wrap too long lines 'service metadata register' message construction moved and renamed attributes 2007-04-04 Frederic Peters fixed segfault on invalid input passed to lasso_wsf_profile_process_soap_response_msg fixed usage of constant strings in Perl binding 2007-04-03 Damien Laniel ID-WSF 2.0 : basix swig support build configuration for id-wsf 2.0 new strings declarations ID-WSF 2.0 Discovery query : not yet working classes 2007-04-03 Damien Laniel ID-WSF 2.0 Discovery Query : not yet working classes ID-WSF 2.0 Discovery : Some XML nodes 2007-03-29 Frederic Peters website update; Lasso is now managed in Subversion 2007-03-26 Frederic Peters website import 2007-03-24 Frederic Peters Attic shouldn't have been imported during the switch to svn 2007-01-16 Frederic Peters updated changelog for 2.0.0 fixed memory leaks updated version number and required swig version 2007-01-09 Frederic Peters added section for ECP (and titled LECP) 2007-01-08 Frederic Peters reordered some elements in index and added short descriptions to all elements fixed docstring parameter name added all classes for SAMLv2 schema elements un-idff'ied docstrings (and fixed a few comments) added documentation about SAMLv2 Name Id Management profile; and by the same time updated all tmpl/ files with a newer gtk-doc 2007-01-07 Frederic Peters fixed provider->private_data->encryption_public_key memory leak and removed duplicate freeing for public_key and ca_cert_chain mitigate memory leak (?) fixed memory leak occuring near SNIPPET_SIGNATURE fixed memory leak in Extension to query string conversion fixed memory leak unfixed memory leak, because strange manipulations to xmlnode structures could cause memory corruption 2007-01-06 Frederic Peters removing white space lost in a tab removing white spaces on blank lines fixing indentation removing white space on blank line removing spaces from otherwise white lines fixed indentation & param checking fixed memory leak fixed little memory leak 2007-01-05 Frederic Peters replace some xmlFree that should have been g_free and added some xmlFree where required. even more memory leak tracking new lasso_profile_clean_msg_info function used to clean msg_url and msg_body (free()ing and setting to NULL) in functions where those variables are later set. fixed some memory leaks (tracked with valgrind) cleaning up memory allocated for tests; so valgrind logs are cleaner memory management, avoid leaking xmlDoc* 2007-01-04 Frederic Peters directly include headers from xmlsec/openssl/; at least required to compile on Fedora Cora 6. bumped version to 1.9.9 (and updated libtool version accordingly) and disabled PHP5 support by default. misc fixes for 1) memory leaks around XPath usage and 2) potential segfaults from untested pointers new LASSO_NAME_IDENTIFIER_MAPPING_ERROR_MISSING_TARGET_IDENTIFIER error code 2007-01-03 Frederic Peters make ID-FF SLO works even when there are SAMLv2 assertions in the session insure sso and slo from SAML2 work even when there are active ID-FF sessions. removed memory leak (GPtrArray was not freed) by directly accessing assertions from their hash table instead of an intermediary GPtrArray. 2007-01-02 Nicolas Clapies Updated metadata saml2 saming files. Fixed protocol binding setting when initiating sso. 2006-12-28 Frederic Peters removed XXX comment about SessionIndex since it is handled in the application, not in Lasso harmonized LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ and LASSO_PARAM_ERROR_INVALID_VALUE usage extra checking for wrong or NULL parameters more fixes for optional arg support in PHP optional args are handled differently in newer SWIG versions notice when building deflated query fails, and don't include (null) as query component in this case. fixed crashed added when changing find_path return type coding style improvements replaced remaining LASSO_ERROR_UNDEFINED by appropriate error codes new error codes and coding style missing include, typo in comment and coding style coding style replaced LASSO_ERROR_UNDEFINED by appropriate error codes in all of xml/ and id-ff/ coding style: added spaces at appropriate places replaced most LASSO_ERROR_UNDEFINED by appropriate error codes (two occurences are remaining) fixed all occurences of returning a negative number unspecified in errors.h replaced all usage of UNDEFINED error code in logout profiles (both ID-FF and SAMLv2) by appropriate error codes 2006-12-27 Frederic Peters new LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS error code typo fix changed test against assertions which could yield a useless LASSO_ERROR_UNDEFINED avoid segfaults when passing NULL to *_new_from_dump fixing a bunch of possible segfaults (NULL passed to strlen) fixing a bunch of undeclared functions and possible segfaults; also removed some debugging printf. (ID-WSF is now warning-free (but char signedness)) fixing some usage of unitialized variables in SAMLv2 support correctly initialize req at top of function and don't try to get the deflated samlv2 query if the parameter was not present moved find_path and set_value_at_path from returning int to returning gboolean; this gets rid of ugly and useless LASSO_ERROR_UNDEFINED in thos functions. default encryption type is AES-128, rearranged code so that is clearer (let default handling be at the end) fixed gtk-doc for some enums Adding Damien to developers fixing minor typo added libgcj7-dev for gcj 4.1 2006-12-21 Frederic Peters fixed a few (harmless) warnings detected when compiling with -Wall -Wmissing-declarations -Wdeclaration-after-statement set return type 2006-12-20 Frederic Peters fixed used of unitialized variable 2006-12-20 Nicolas Clapies Added SAML2 PHP documentation. Need to complete with some Login and Logout details. Need to add description of Name Id Management profile. 2006-12-20 Damien Laniel Allow the choice of the encryption algorithm to use 2006-12-19 Frederic Peters include all testing metadata 2006-12-18 Frederic Peters fix rst syntax 2006-12-16 Frederic Peters Added (and documented) new members to snippet, necessary to fix namespace for saml:AuthnContextClassRef used in samlp:RequestedAuthnContext 2006-12-08 Frederic Peters testing metadata files are in $(srcdir) include tests metadata subdir ship metadata files used in tests fixed php configure options indentation added support for PHP5 compile PHP5 binding fine (using PHP_VERSION_ID to see if this is PHP 5) try to avoid detecting php5 as a compatible php version tarball have to ship two new Java file ship xml_enc.h 2006-12-07 Frederic Peters removed -dlname argument which disappeared in SWIG 1.3.31 and was already optional in 1.3.29 abstract is a reserved java keyword different code path for SWIG >= 1.3.31 for downcast in java added (required in swig 1.3.31) methodmodifiers for javadestruct delete typemap abstract attribute breaks php binding with SWIG 1.3.31 fixed PHP4 #ifdef binding for new error code ECP fixes SAMLv2 compliance fix (mostly RelayState and affiliations related) use Location when ResponseLocation is not available minimal support for EncryptedID in federation termiation 2006-12-06 Damien Laniel Better parse xml to find and EncryptedKey 2006-12-06 Frederic Peters if signature element is not found, look for it in an assertion element (this is not perfect since it should be possibly to check *both* signatures and we don't care for the moment) new logout error code relaystate handling set Destination and handle relayState fixed ecp attribute name 2006-12-05 Nicolas Clapies Added paos response message process support in LassoLogin object. 2006-12-05 Frederic Peters look up harder for encypted stuff avoid segfaults looking for decryption key return missing assertion error on missing assertion removed conflicting change use 128-bit AES which seems better supported by other applications fixed casing for all saml2 attribute members 2006-12-04 Nicolas Clapies Moved ECP protocol binding detection from to PAOS. 2006-12-04 Damien Laniel Verify message signature in lasso_saml20_login_process_authn_response_msg 2006-12-04 Frederic Peters look up for the right federation based on affiliation in logout use federation from affiliation if necessary in logout correctly rename attributes to camelCase fixed signature element position binding for authnStatement 2006-12-02 Damien Laniel Fixed memory management Fixed memory management problems Fixed a few warnings with -Wall 2006-12-01 Frederic Peters (stupid me) initialize and destroy correctly affiliation variables achieved support for using affiliations fixing case for NameIdPolicy binding include id-wsf/identity.h to get identity_get_offerings prototype 2006-12-01 Damien Laniel Added an error code in bindings 2006-12-01 Frederic Peters on logout response, if responder then look inside for real value 2006-12-01 Damien Laniel Fixed a memory problem (was double free) 2006-11-30 Damien Laniel Fixed logout request signature Initialise and destroy correctly provider private datas 2006-11-30 Frederic Peters only call into lasso_saml20_login_process_paos_response_msg if PAOS namespace is visible; this avoids parsing three times the same message for the common case of *not* PAOS. removed side effects in samlp2_response/get_xmlNode fixed case when not using encrypted assertion fixing memory leaks, side effects and more in EncryptedAssertion 2006-11-30 Nicolas Clapies Uncommented xml free. Fixed memory use. 2006-11-30 Frederic Peters naming lists "item" is confusin 2006-11-30 Nicolas Clapies Added missing ecp private header file. Added private structure for LassoEcp to keep relayed data. 2006-11-30 Frederic Peters use appropriate functions for g_list_ re-enabling saml2 signature check 2006-11-29 Damien Laniel Moved assertion encryption code out of saml2_response.c to tools.c Encrypt Assertions at the last moment, so that the assertions should be fully built before that 2006-11-28 Damien Laniel Don't include the internal datas of the nodes in encrypted elements Added an error type when there is no key to decrypt some encrypted elements 2006-11-28 Frederic Peters fixed references to SWIGPHP4 extra checks to pass negative testing steps 2006-11-27 Frederic Peters include header file for lasso_saml20_profile_set_session_from_dump removed unused variable and added check for identity before accessing it removed unused variable removed debugging output 2006-11-27 Damien Laniel Support for name-id:format:encrypted in NameIdPolicy in Authnrequest 2006-11-24 Damien Laniel return -1 was not cute 2006-11-23 Damien Laniel Added an original node to encrypted elements, only in dumps, for the dump to be readable Removed useless headers Encrypt and decrypt NameID in logout requests Coding style fix 2006-11-23 Frederic Peters removed use of unallocated variable style and missing header fixing indentation 2006-11-23 Nicolas Clapies Added missing updates about LassoEcp object. 2006-11-22 Nicolas Clapies Updated binding for LassoEcp object. 2006-11-22 Damien Laniel Binding for setEncryptionMode Changed setEncryption(boolean) to setEncryptionMode(enum mode) Binding for setEncryption method changed provider->private_data->encryption name to provider->private_data->encryption_enabled Fix LassoSaml2EncryptedElement name Added lasso_provider_set_encryption method to activate or desactive encryption 2006-11-22 Frederic Peters reduced memory allocation (and loc) 2006-11-22 Damien Laniel Changed xmlGetNoNsProp with xmlGetProp in lasso_decrypt 2006-11-21 Frederic Peters fixed pkey memory leak 2006-11-21 Damien Laniel coding style fixes Free bio on error in lasso_get_pem_file_type Fixed -Wall warnings and replaced a LASSO_ERROR_UNDEFINED Coding style fixes + removed the obsolete comment about set_nodename in LassoSaml2EncryptedElementClass Set nodename "EncryptedElement" in LassoSaml2EncryptedElementClass updated comments - Can use AES EncryptedKey as well as DES to decrypted the EncryptedData - Encrypt nodes with 256-bit AES 2006-11-21 Frederic Peters in LIST_NODES, if snippet->name is set; use it. ##any nodes needs empty snippet name 2006-11-21 Damien Laniel Encrypt and decrypt Assertion 2006-11-21 Frederic Peters check for identity before accessing it 2006-11-20 Nicolas Clapies Restored immutable attribute msg_relayState in LassoLogin object. Moved SOAP value as last element in lists. 2006-11-20 Frederic Peters new server method, for saml2 affiliations saml2 server private functions 2006-11-19 Frederic Peters added loading of affiliation metadata (not yet acted upon) const'ified some char* rewritten in a shorter form s/file_name/filename/ don't include * in %rename() statements 2006-11-16 Damien Laniel - Moved the EncryptedKey to the same level as EncryptedData in xml - Changed the prototype for lasso_node_encrypt and lasso_node_encrypt - Moved lasso_node_encrypt and lasso_node_encrypt declaration to xml_enc.h - Added a GList for EncryptedKey in EncryptedElement 2006-11-16 Frederic Peters process_authn_response_msg for saml2; this is similar to id-ff even if the underlying messages are different correctly looks up assertionconsumerservice url, even with just the binding 2006-11-15 Frederic Peters binding for SAML2 binding uri; and fixed SAML20 to SAML2 for coherence 2006-11-15 Damien Laniel Decryption of EncryptedID in Assertion 2006-11-15 Frederic Peters fixed up lasso_saml20_logout_process_response_msg function name; and remove assertion on SP when initiated on SP. 2006-11-14 Frederic Peters random fixage of warning displayed with -Wall 2006-11-14 Nicolas Clapies Fixed big mistake about PAOS naming. Added more strict check when trying to process PAOS response in login.c. Fixed declaration line ending. Added ecp files. 2006-11-14 Frederic Peters downcast soapenvelope to LassoNode include header from xmlsec to get xmlSecCreateTree declaration 2006-11-14 Nicolas Clapies Added ecp.h in public declarations. Added binding for ECP. Modified binding in Lasso.si to allow setting LassoProfile's msg_relayState. Added ECP profile (client, SP and IDP parts). Added functions to export to PAOS request and ECP response. 2006-11-14 Damien Laniel Replaced some LASSO_ERROR_UNDEFINED with real error codes Test on a possibly NULL pointer to avoid seg fault 2006-11-13 Damien Laniel Read SNIPPET_XMLNODE from XML Added documentation for SNIPPET_XMLNODE Added EncryptedID as SNIPPET_XMLNODE in Subject in Assertion Header for lasso_node_encrypt 2006-11-13 Frederic Peters also dump private data; necessary for saml2 artifact support 2006-11-13 Damien Laniel Added lasso_node_encrypt to encrypt a Lasso node 2006-11-10 Frederic Peters don't set inResponseTo if there is no request include http request method in profile dumps 2006-11-09 Damien Laniel moved encryption key loading from id-ff to saml-2.0 properly initialise encryption_private_key Use xmlSecKeyDestroy to free the key in lasso_server_set_encryption_private_key Fix a possible memory leak in lasso_server_set_encryption_private_key and add a comment binding for lasso_server_set_encryption_private_key changed prototype for lasso_server_set_encryption_private_key and added error handling 2006-11-09 Frederic Peters Change from string to list in requestedAuthnContext. AuthnContextClassRef is a list; treat is as such only compare saml1 assertion 2006-11-09 Damien Laniel load encryption private key 2006-11-09 Frederic Peters filled login_must_authenticate with intelligence about authncontext 2006-11-08 Frederic Peters support for RequestAuthnContext in must_authenticate (incomplete but not likely to do much more here; I'll do it better in SAML2) changed lasso_session_get_assertions not to g_object_ref assertions, so they don't have to be freed. spec refers to signing/encryption so use that vocabulary (even if I don't like it) minor changes & fix to coding style for enc public key loading encryption_public_key will always be set from metadata; no need for filename stuff and to touch the public struct. 2006-11-08 Damien Laniel load encryption key from metadatas 2006-11-08 Frederic Peters more appropriate error code error on sso initiated by idp and no endpoint defined as default for sp saml2 sso initiated by idp 2006-11-07 Frederic Peters can get assertion consumer service url from that very same attribute fixed url/query construction for endpoints with query part (zxid) 2006-11-07 Damien Laniel fix metadata test tests for loading certs and keys from metadata 2006-11-07 Frederic Peters fixed dump/restore from dump for name id management profile 2006-11-06 Frederic Peters fixing saml2 sso error cases (on ispassive) spelling better loading of public key from metadata; full support for embedded PEM, and suppressed output when not base64. keep a copy of assertion easily accessible for further changes added LASSO_SAML2_CONFIRMATION_METHOD_BEARER set subject confirmation method and recipient; to be conformant. error code for missing assertion 2006-11-05 Frederic Peters implementation of lasso_name_id_management_process_response_msg appropriate return code detection of SOAP name id management 2006-11-04 Frederic Peters bindings for new LassoNameIdManagement profile empty _process_response_msg LassoNameIdManagement is first class profile -> included in lasso.h dump handling invert args fixed new id param format name id management saml2 profile (lacks process_response) fixed small memory leak in saml2 slo 2006-11-03 Frederic Peters fix saml2 artifact decoding 2006-11-02 Frederic Peters if node was not base64, use its original value for key loading. set provider role; so mixed sp/idp metadata is ok. 2006-11-02 Damien Laniel Added back LASSO_PROFILE_ERROR_MISSING_ARTIFACT 2006-11-02 Frederic Peters new lasso_profile_is_saml_query function uncomment xmlsec output directives; that should not have been commented already set remote_provider_id in process_request 2006-11-02 Damien Laniel Replaced return -1 with return LASSO_ERROR_UNDEFINED Added some error cases tests on possibly null pointers 2006-11-02 Frederic Peters coding style downcast nameidentifier to LassoNode* in LassoLogout; so that it works with both ID-FF (LassoSamlNameIdentifier) and SAML2 (LassoSaml2NameID) 2006-10-31 Damien Laniel changed LASSO_LIB_NAME_ID_POLICY_TYPE_FEDERATED to LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED according to the code 2006-10-30 Frederic Peters removed XXX comments after Damien looked at them include authentication statement in saml2 assertion saml2 artifacts include an endpoint index; fill it with 0 for the moment. 2006-10-29 Frederic Peters deal with default assertion consumer service url use new error code for missing artifact new error code for missing artifact correctly clean memory fixed reference to length when inflating default value set to -1 and marked as optionals saml-2.0 more POST support s/SAMLArt/SAMLart/ (+ check for remote provider) handle "1" as well as "true" in booleans started support for AssertionConsumerServiceIndex (as alternative to ProtocolBinding) (used by zxid) saml2 query strings are often limited to one single arg accept PAOS binding 2006-10-28 Frederic Peters finished saml2/sso/post note about memory leak standard .cvsignoe handle saml2/sso/post (almost) handle saml2/sso/post (almost, need to fix return url) initialize private_key_file and certificate_file properly formatting use external stylesheet rest2html is now shipped as rst2html, also looks for this one return defined error code cast function reference standard .cvsignore for saml-2.0/ dir marked maxInteractTime as optional LassoDiscoServiceInstance are freed through lasso_node_destroy fixed deflate, tested against lightbulb(opensso-php) 2006-10-27 Nicolas Clapies Added documentation about writing a sp in java. 2006-10-26 Frederic Peters use zlib compress2 instead of lowlevel functions, this fixes inflate. don't automatically fallback to redirect, this breaks some cases.... checking pointers... 2006-10-25 Frederic Peters return NULL; not an error code check for response before accessing it check for query before accessing it 2006-10-12 Frederic Peters nameIdentifier is now a LassoSamlNameIdentifier; which should help Java 2006-10-09 Frederic Peters revert to SNIPPET_LIST_NODES; which is required for ID-WSF to work 2006-10-02 Frederic Peters ds_* are now also used out of id-wsf 2006-09-29 Frederic Peters check session is not NULL even in functions where it shouldn't happen; since developer may always call functions out of order. 2006-09-28 Frederic Peters better error handling in slo 2006-09-21 Damien Laniel updated documentation for lasso server creation prototype change 2006-09-19 Frederic Peters fixed lasso_server_new prototype 2006-08-03 Frederic Peters use specific error messages fill LassoDataService provider_id member on process_request define and use specific error codes 2006-05-16 Frederic Peters SWIG 1.3.28 is required. be more specific in role support for SNIPPET_LIST_XMLNODES (very old patch) 2006-05-11 Frederic Peters added missing comma error message 2006-05-10 Frederic Peters don't say undefined when it is, just lacking a description string, bugger. looking up NameIdentifier in AttributeStatement (old patch) 2006-03-21 Frederic Peters ship Lasso-saml2.i; part of 0.6.5 updated to 0.6.5 fixed doc note about 0.6.5 note about 0.6.5 try to find nameidentifier in alternative location; for compatibity with some idp Helps building outside srcdir fixed a few win32 versioning issues 2006-03-20 Frederic Peters killed a chicken to restore swig voodoo; hope it is enough, I'm running out of virgins. 2006-03-20 Damien Laniel changed contact address for php documentation to mine 2006-03-19 Frederic Peters update copyright year, add Damien to the php doc authors, run a spellchecker on the doc unified braces on if line, spaces between if and parenthesis and indentation; also use the same $server variable name everywhere 2006-03-19 Damien Laniel fixed doc writing-a-php-sp.txt 2006-03-19 Frederic Peters removed hardcoded php dependency, added php:Depends substvar removed hardcoded php dependency, added php:Depends substvar 2006-03-17 Frederic Peters fixed RSA_SHA1 constant name 2006-03-08 Frederic Peters fixed underline updated changelog to 0.6.4 update to 0.6.4 update to 0.6.4 fixing python test. ignoring generated saml2 files info about 0.6.4 updated (c) years and gforge url updated FSF address releasing 0.6.4 don't ship c# in this release 2006-03-06 Frederic Peters new error check test ship logoutprivate.h ship style.css don't ship fedterm-redirect.svg for now updated generated java files list missing brace adding braces don't unref/affect the same pointer; this will cause segfaults (seen in java) ignoring generated Makefile and Makefile.in SWIG upgrade (->1.3.28) broke once again bindings; this time thanks to macros that are now required to have args (looks like that anyway, nothing is documented); fixing this. 2006-03-04 Frederic Peters fixed variable type; how bad cast strings to xmlChar* for correct signedness added comment about why not to use memset 2006-02-21 Frederic Peters added short desc for lasso.h added short descriptions to every lib: classes more doc documentation fixes 2006-02-06 Frederic Peters don't g_object_ref what can be NULL 2006-01-25 Frederic Peters own style for reference doc fixing redirect example fix memory management for ID-WSF ResourceId 2006-01-23 Frederic Peters check for remote provider id before looking it in GHashTable don't segfault when lasso_logout_build_request_msg is erroneously called without lasso_logout_init_request before 2006-01-21 Frederic Peters fix swig id-wsf disco for new version of swig 2006-01-12 Frederic Peters duplicate key to fix consecutive calls to xmlsec 2006-01-05 Nicolas Clapies Fixed symbol error about LassoDiscoDescription_newWithBriefSoapHttpDescription. Fixed node prefix from interaction service namespace element. 2005-12-10 Frederic Peters bindings working with swig 1.3.27 2005-12-06 Nicolas Clapies Fixed missing declaration and settings. AP now verify SP signature. *** empty log message *** *** empty log message *** Only KeyValue in KeyInfo. Added KeyValue and RsaKeyValue element. 2005-12-05 Frederic Peters fixed host specific architecture changes dont parse files in id-wsf/ when not compiled with id-wsf support (required for mac os x nmedit) 2005-11-22 Frederic Peters missing saml 2 file Completed first go of SAML 2.0 single logout and added some missing files 2005-11-21 Frederic Peters starting SAML 2 logout 2005-11-20 Frederic Peters swig inheritance for SAML 2 elements removing xmlsec debug code SAML 2.0 support (only web-sso for the moment) 2005-11-15 Nicolas Clapies Little modif about SAML authentication verification Renamed lasso_data_service_need_user_interaction() to lasso_data_service_need_redirect_user(). Only add lasso_ds_* for id-wsf. Added binding for user interaction in data service. Added some user interaction support : lasso_data_service_need_user_interaction() sets soap response with a soap fault asking redirect request. lasso_data_service_get_redirect_request_url() retrieves the redirect request url. DataService raises a redirect request warning exception if a fault was found in soap response after a lasso_data_service_process_query_response_msg(). Added soap fault code server. Fixed snippet type and name of Detail attribute. Fixed snippet type of redirectURL from content to attribute. Check if a soap fault is found in response message. If no fault found, then set response. Added a first soap fault code error. Added soap Detail element. 2005-11-14 Frederic Peters SAML 2.0 string constants 2005-11-14 Nicolas Clapies Now discovery service includes a key value in credential added to disco:QueryResponse. 2005-11-13 Frederic Peters starting to commit SAML 2 changes; minor changes (and bugfix) to lasso_node_new_from_xmlNode as well as code to recreate SAML2 object from SAML2 query string. 2005-10-14 Nicolas Clapies Fixed signature template problem : now if metadata's service provider has AuthnRequestsSigned set to false and HTTP method is POST, then template is not added anymore to AuthnRequest xml message. 2005-10-13 Nicolas Clapies Fixed optional param of processModifyMsg(). 2005-10-11 Nicolas Clapies Fixed getServiceWithProviderId method. 2005-10-10 Nicolas Clapies Removed useless discovery method lasso_discovery_get_service_with_providerId(). Removed useless Swig binding of LassoWsfProfile class. Removed useless discovery method lasso_discovery_get_service_with_providerId(). Removed useless Swig binding of LassoWsfProfile class.lasso/id-wsf/discovery.c 2005-10-06 Frederic Peters updating ignored files with new packages updating ignored files with new packages remove old and never necessary debhelper generated files remove old and never necessary debhelper generated files new liblasso-java package new liblasso-java package removed mono packages from build-depends removed mono packages from build-depends updated debian changelog with uploaded packages. updated debian changelog with uploaded packages. don't build wsf; touch swig files so they are not rebuilt even if swig is detected. don't build wsf; touch swig files so they are not rebuilt even if swig is detected. updated FSF address updated FSF address 2005-10-06 Nicolas Clapies Added binding to set more than one security mecanism authentication in DiscoDescription. Added check by AP if it wants X509 authentication of SP. Does not work yet, need to fix retrieving public key from credential before. Set server attribute in LassoPersonalProfileService Added support of principal state : now it is possible a SP informs an AP if principal is considered to be online or not. To tell principal is online, just add a call to lasso_wsf_profile_set_principal_online() after lasso_data_service_init_query(), and offline a call to lasso_wsf_profile_set_principal_offline(). At AP, to known if principal is to be considered online just test if lasso_wsf_profile_principal_is_online() returns TRUE or FALSE. 2005-10-05 Nicolas Clapies A first attempt to include a KeyInfo in credential. Verify if a saml security authentication is available. Added LassoDsKeyInfo oject. It allows to add it to LassoSamlSubjectConfirmation object. 2005-10-05 Frederic Peters don't patch a lasso_wrap.c that was not just generated by swig. no session on idp -> requestdenied -> removing no longer valid session on sp. added error string for LASSO_LOGOUT_ERROR_REQUEST_DENIED (...) 2005-10-04 Frederic Peters handle new error code returns LASSO_LOGOUT_ERROR_REQUEST_DENIED if appropriate. 2005-10-03 Nicolas Clapies Fixed the way getting description in lasso_data_service_init_query(). 2005-09-30 Nicolas Clapies A little comment to note that some code is needed to add KeyInfo in Assertion when returning it to SP from IDP / Disco service. Added private function lasso_wsf_profile_has_saml_authentication() to know if a saml authentication mecanism exists in current description. lasso_discovery_build_credential() adds ConfirmationMethod element. Updated comments. Added reference binding when signing soap messages. Updated data service with service_type parameter. Added a g_object_ref on private attribute description in lasso_wsf_profile_set_description(). If a service found in server object, retrieve needed description depending on an optional security mechanism id.lasso/id-wsf/data_service.c 2005-09-30 Frederic Peters the "how could I not curse those adding files without checking them in Makefile.am?" commit. I'm so glad for tests; another emergency change. last emergency fix: wsf_profile_private.h must be included in .tar.gz updated ChangeLog for 0.6.3 new upstream release new upstream release updated news and doap.rdf with 0.6.3 release data 2005-09-29 Frederic Peters fixed typo in docstring minor automated changes removed c# dir from distribution 2005-09-28 Frederic Peters security mech id is optional 2005-09-28 Nicolas Clapies Fixed local variable declaration. Uncomment lasso_wsf_profile_build_soap_response_msg() in lasso_discovery_build_response_msg(). 2005-09-28 Frederic Peters 80 cols for docstrings 2005-09-28 Nicolas Clapies Added x509 certificate file tests. Added private function lasso_wsf_profile_get_fault(). 2005-09-27 Nicolas Clapies Added a first support of soap binding Fault wsf response. Added soap Fault element. 2005-09-27 Frederic Peters disabled mcs test and updated version to 0.6.3 swig files were split, dependencies needed to be updated fixed spelling acknowledge new lasso_sec_ category, only used for wsf. fixed typo 2005-09-27 Nicolas Clapies Added missing wsf_profile_private.h. fixed error while attempting to include non existing private header discovery_private.h Updated binding for new optional security mecanism parameter. Discovery and DataSerivice can pass X509 authentication mecanism if needed. Added X509 authentication mecanism. 2005-09-26 Nicolas Clapies Added private method lasso_provider_get_public_key() to get public key info. 2005-09-20 Nicolas Clapies Added private method. Ordered methods. lasso_data_service_add_credential() is not a public method. lasso_discovery_build_credential() is not a plublic method. lasso_discovery_build_credential() adds AuthenticationStatemet element in Assertion. 2005-09-19 Nicolas Clapies Fixed code typing. Added optional param security_mech_id for wsf methods. First attempt to implement authentication security mechanism. Only SAML is implemented and it needs improvement. Added id attribute in Body element. Fixed snippet definition of Credentials object. Added compilation of resource access statement. Added security namespace for resource access statement. Added ResourceAccessStatement element from wsf Security. 2005-09-16 Frederic Peters getOfferings without parameters will return all of them 2005-09-12 Frederic Peters disabled c# support for the time being generation of lasso.types so it only includes wsf classes if wsf is compiled in. updated java note erroneously disabled symbols.sym 2005-09-11 Frederic Peters possibility to register new dst services. 2005-09-10 Frederic Peters data_service_init_query may be called without parameters. 2005-09-07 Nicolas Clapies lasso_data_service_get_answer() : verify response->Data is not NULL before accessing it. lasso_discovery_get_resource_offering_auto() : verify LASSO_WSF_PROFILE(discovery)->session is not NULL before looking for a resource offering. 2005-09-06 Nicolas Clapies Fixed typing code error. Updated ignored java files. Removed XmlNode binding in swig. Not used anymore. Added lasso_discovery_get_services() method documentation 2005-09-05 Nicolas Clapies Missing attributes in the last commit. Added attributes provider_id and abstract_description in lassoDataService. Added method lasso_discovery_get_services() : it returns a list of available services offering resource of principal. Updated lasso_discovery_build_modify_response_msg() : now it sets status code to OK only if every remove entry are possible. 2005-08-29 Nicolas Clapies Added lasso_discovery_get_service_with_providerId().. Splitted existing Lasso-wsf.i in several files for eache wsf namespace (disco, dst, sa, is, soap) 2005-08-26 Frederic Peters check the query response is of the correct type 2005-08-25 Frederic Peters new modify things for LassoPersonalProfile 2005-08-25 Nicolas Clapies complete last commit. Now an AP can process a Modify request and return an updated data resource to application. 2005-08-25 Frederic Peters added getAnswerForItemId binding restore prefix and href for dst:Modify and dst:ModifyResponse 2005-08-25 Nicolas Clapies Updated lasso_data_service_init_modify(). Now it takes a select (a String type) and a String xml as parameters. 2005-08-25 Frederic Peters added lasso_data_service_get_answer_for_item_id added missing ; added lasso_data_service_get_answer_for_item_id marks public structure memebers in LassoDiscovery and LassoDataService continuing on disco example, use the service to retrieve principal name. explicit cases where item_id may be NULL. 2005-08-25 Nicolas Clapies Replaced ProfileService.java by DataService.java 2005-08-25 Frederic Peters add_query_item must checks the query has been created. Do not use SWIG_UnknownError but SWIG_RuntimeError so it is translated to a catchable exception in Java. Use SWIG_ValueError for value errors (things like invalid args) it is no longer possible to add providers with unknown public keys moved private_data erroneously placed in class to object; this breaks ABI for classes inheriting from LassoDeferation; nobody does that, ignoring. last bit of LassoProfileService got renamed renamed ProfileService to DataService include xmlsec errors.h header to get function declaration; a return in the middle of load_public_key got a FALSE argument. 2005-08-24 Frederic Peters documentation for discovery don't output xmlsec errors when trying to get a working public key but fails with a message if it can't find a key. doc for discovery and profile_service 2005-08-24 Nicolas Clapies Updated swig binding for latest id-wsf udpates. Removed lasso_personal_profile_service_init_modify(). Removed prefix and href in lasso_profile_service_init_modify, lasso_profile_service_process_modify_msg, lasso_profile_service_process_response_msg, lasso_profile_service_validate_modify 2005-08-24 Frederic Peters don't check for remote provider id before checking for possible empty answer. 2005-08-24 Nicolas Clapies Removed prefix and href in lasso_profile_service_init_modify, lasso_profile_service_process_modify_msg lasso_profile_service_process_response_msg, lasso_profile_service_validate_modify Removed lasso_discovery_new_from_dump, lasso_discovery_dump, lasso_discovery_add_resource_offering, lasso_discovery_init_query_full 2005-08-24 Frederic Peters sync arg name in header file with real arg names documented api documented all discovery functions used by authentic / candle / unwind fixed add_requested_service_type declaration to match code 2005-08-19 Frederic Peters tries various key format before giving up 2005-08-16 Frederic Peters build_response_msg called while there was no connection will build a failure message. check for remote_provider_id 2005-08-14 Frederic Peters reference correct identity header reinitialize assertion provider id list only on reset_provider_id_index counter providers that do not support any single logout; they are now skipped and a correct response is nevertheless sent to the originating provider correctly reset list before rebuilding it 2005-08-13 Frederic Peters fixed comment functions got moved from id-ff/ to id-wsf/ identity/resourceoffering functions are now declared publically in id-wsf/ expose identity/resourceoffering functions to developer 2005-08-12 Frederic Peters private profile service functions following-up on PersonalProfileService cleaning; but I can't get getService to dynamically cast to that class :( return LassoPersonalProfileService from disco->getService if appropriate cleaned up PersonalProfileService cleaning and documenting profile service fixed lasso_profile_service_add_query_item so it accepts a item_id parameter (since they are mandatory once there is more than one). also allows init_query to specify item_id. this gives: service = disco.getService() service.initQuery('/pp:PP/pp:CommonName'), 'name') service.addQueryItem('/pp:PP/pp:MsgContact'), 'email') soap_answer = liberty.root.soap_call(service.msgUrl, service.msgBody) print service.getAnswer('/pp:PP/pp:CommonName') print service.getAnswer('/pp:PP/pp:MsgContact') 2005-08-12 Frederic Peters API after the pp:query has been sent, server: service = lasso.ProfileService(server) service.processQueryMsg(soap_message) identity = get_identity_by_resource_id(service.request.resourceId) service.resourceData = identity.get_pp_view() service.buildResponseMsg() return service.msgBody client: service.processQueryResponseMsg(soap_answer) service.getAnswer() # or service.getAnswer('/pp:PP/pp:CommonName') 2005-08-12 Frederic Peters idwsf/pp on the attribute provider side; sth like service = lasso.ProfileService(server) service.processQueryMsg(soap_message) identity = get_from(service.request.resourceId) service.resourceData = identity.convert_to_pp_xml() first steps towards id-wsf/dst; something like this, in Python: service = disco.getService() service.initQuery('/pp:PP/pp:CommonName') service.buildRequestMsg() -> service.msgUrl and .msgBody added LASSO_ERROR_UNIMPLEMENTED error code disco:queryResponse missed namespace definition 2005-08-10 Frederic Peters disabled c# in debian apckage disabled c# in debian apckage return LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL after unsuccessful logon 2005-08-09 Frederic Peters another id-wsf step, disco:query, looking up for resource offerings in identity handle the case where logout request is done while there are no session; that means direct call to build_response_msg, creating a status: requestdenied. disco.processQueryMsg now sets disco.resourceId new remove entry; correctly restore resource offerings from identity dump renamed crunch to build since it doesn't look like there is a need for an intermediate function for the moment. process remove entries. create correct answer (when everything goes ok, no support for failure yet) 2005-08-08 Frederic Peters lasso_discovery_crunch_modify_msg() (waiting for another name) process disco modify insertEntries and adds them to active identity sets ResourceId (or EncryptedResourceId) in LassoDiscovery object for easy usage provide resource_offering as argument to not diverge too much from existing work first function towards easy disco api get_assertions() called with NULL will return every assertions added session and identity to LassoWsfProfile, much like LassoProfile. Exposed them via SWIG inherited into LassoDiscovery object 2005-08-05 Nicolas Clapies Fixed setting of attribute, int not NULL pointer. Added getXmlNode() method to LassoProfileService class. Added getEmail() method in LassoPersonalProfile class. Fixed som warning about char signedness. Added swig binding to getEmail() method in LassoPersonalProfile. Added class LassoPersonalProfile. It allows to load a xml doc representing PP data and to process query requests. Need to complete WSC PP part. 2005-08-04 Frederic Peters fixed typo in error constant name 2005-07-31 Frederic Peters char signedness for gcc 4 (id-wsf part has not been done) 2005-07-08 Frederic Peters signedness change to lasso_query_sign (does not break API/ABI) 2005-07-08 Nicolas Clapies Now lasso_profile_service_add_data() returns a LassoDstData object, so it is possible to set optional attributes. 2005-07-07 Frederic Peters fixed signedness differences signaled by gcc 4.0 (lots of others yet to do) 2005-07-07 Nicolas Clapies Use lasso_wsf_profile_process_soap_request_msg() to build soap response messgae. Removed unused declared method name : lasso_profile_service_build_request_msg(). Fixed swig binding on ProfileService's buildResponseMsg(). 2005-06-27 Nicolas Clapies Fixed mistake about prototype of lasso_session_dump(). Now lasso_identity_new_from_dump() and lasso_session_new_from_dump() return NULL if the root element name is wrong. 2005-06-15 Emmanuel Raviart Removed now useless sed script (now done by Swig). In Swig, Use g_free instead of free for strings, to avoid segfault when used in Java Windows. 2005-06-03 Frederic Peters checks identity exists before referencing it updated debian packaging wrt new cli policy updated debian packaging wrt new cli policy 2005-06-02 Frederic Peters new mono packages no longer have this tool new mono packages no longer have this tool 2005-05-30 Frederic Peters Give LassoServer access to (LassoProvider)self->role 2005-05-26 Frederic Peters update ChangeLog for 0.6.2 sync docs with code no more php zts no more php zts new upstream new upstream this file is generated this file is generated 0.6.2 release date 2005-05-25 Frederic Peters preparing for 0.6.2; removes swig files if moving from non-wsf to wsf or otherwise. bring wsf files on make dist properly initialize key node to NULL allows overriding of infile keydescriptor with argument to add_provider load public key from metadata file 2005-05-18 Frederic Peters fixed docstring to use entities for < and > oops missing | fixed usage of DESTDIR and PREFIX 2005-05-17 Frederic Peters perl now installs and uninstalls correctly (with thanks to p.g.o) fixed case when consent was first refused then given (failure status code remained in the user session). (debugged thanks to Authentic Debug Pane (tm) (r) (patent pending)) planning 0.6.2 for May 23rd. 2005-05-16 Nicolas Clapies Set liblasso-id-wsf.la only when WSF support set. Set response attribute when processing WSF SOAP response message. Updated discovery to SOAP binding. Mistake about last add. Added WSF SOAP binding layer. 2005-05-16 Frederic Peters fixed memory leak in loadDescriptor 2005-05-12 Frederic Peters allows fake brws-lecp profile (introduced by Nicolas) to be used in lasso_login_build_authn_response_msg, so LECP works again. documented that previous change fixed the case of idp-initiated rni with no sp defined name identifier fixing lasso_name_registration_init_request with regards to profile->nameIdentifier (hopefully) fixed lasso_name_registration_process_request_msg so that it ends with profile->nameIdentifier being the local name identifier. profile->nameIdentifier set to local name identifier profile->nameIdentifier should always points to *local* name identifier. (not yet tested for federation termination) use remote name identifier if available for login->nameIdentifier 2005-05-11 Frederic Peters don't check other endpoint for supported profile since *they* initiated it that way and it seems allowed for them not to have it in their metadata. 2005-05-11 Nicolas Clapies Fixed header included. 2005-05-10 Frederic Peters InResponseTo must be part of the redirect answer 1 is a valid boolean value \r may be hiding in base64 2005-05-10 Nicolas Clapies Fixed lecp profile : added case when lecp profile is used when building assertion. 2005-05-10 Frederic Peters don't lasso_node_destroy list items that may be NULL allows \n in base64 strings NameQualifier is optional don't fail if there is no signature on Logout Response 2005-05-02 Frederic Peters reworked query string signature verification to better handle cases where the signature algorithm is not fully url-encoded; also deals with the corner case where there are query params past the signature. wsse is only for wsf 2005-05-02 Nicolas Clapies Added process of Wsse prefix in lasso_node_new_from_xmlNode(). wsse:Security class. Added a FIXME to list missing element in credential. Added wsse:Security element. Added access to saml:Assertion in saml:Advice element. 2005-04-26 Frederic Peters fixed Darwin case so it compiles on Mac OS X 2005-04-26 Nicolas Clapies For now Make only one credential for every description end points of the Discovery IDP. Fixed Minor Version of credential included in Advice element to Saml Minor Version. Added Audience restriction to Discovery IDP ProviderID. 2005-04-25 Frederic Peters allocate memory for string; don't use it static 2005-04-25 Nicolas Clapies lasso_login_assertion_add_discovery() adds credentials if security mechanisms want it. Added copy constructor to duplicate LassoDiscoDescription and LassoDiscoServiceInstance objects. 2005-04-25 Frederic Peters use proper confirmation method saml identifiers added saml artifact confirmation method identification (from SAML 1.1 spec) loads public key into xmlSecKey on LassoProvider instanciation; this merges signature verification in XML messages and in query strings. conscientiously overwrite memory used by the private key password renamed secret_key to private_key_password since it was badly named and unused (so no API breakage) 2005-04-23 Frederic Peters return error message if name registration profile is used on an empty identity (was segfaulting) 2005-04-22 Nicolas Clapies Added missing optional attributes AttributeName and AttributeNameSpace in Attribute element. When adding a ResourceOffering element in Assertion, they are set. DiscoResourceOffering is required in DiscoInsertEntry. 2005-04-22 Frederic Peters SNIPPET_LIST_NODES [note: if there are no other nodes; it is possible to leave snippet name as the empty string; nodes will then be constructed looking at their names and namespaces (this is useful for xs:any)] (from docs/reference/snippet-types.rst) 2005-04-22 Nicolas Clapies Added binding of lasso_new_from_message() for DiscoModify. 2005-04-20 Frederic Peters binding to lasso_provider_get_organization; converts xmlNode into string API addition; lasso_provider_get_organization set pointer to NULL as a protective measure 2005-04-19 Nicolas Clapies Added support of choice between WsdlRef and BriefSoapHttpDescription in LassoDiscoDescription object : 2 new constructors, lasso_disco_description_new_with_WsdlRef() and lasso_disco_description_new_with_BriefSoapHttpDescription(). lasso_disco_description_new only returns a simple empty object. 2005-04-18 Frederic Peters bails out with an error if lasso_login_must_authenticate is called while login has no request; this probably means it was called before lasso_login_process_authn_request_msg. 2005-04-18 Nicolas Clapies Added discovery directives in inheritance.h 2005-04-15 Nicolas Clapies Added ref count in addDescription() method. Added addDescription method. 2005-04-11 Nicolas Clapies Liberty wsf SOAP binding. Fixed lasso_discovery_init_modify() : added missing code for liberty wsf soap binding. Completed discovery with support of liberty wsf soap binding. Updated Discovery : now it binds his messages in liberty wsf SOAP envelope. 2005-04-01 Nicolas Clapies Fixed removed code in previous commit. Fixed some rules from liberty spec : mutli mechanism, null mechanism. Added namespace for service authentication. 2005-03-29 Frederic Peters don't set status to constant string in samlp:Response properly multiply sizeof(char*) to avoid buffer overflow free up Status if not NULL. checks for Status before Assertion; so lasso doesn't restore an old assertion. bring back LassoSamlAssertion don't add assertion in samlp:Response if the signature check failed 2005-03-24 Frederic Peters deals with incorrect AssertionConsumerServiceID include AssertionConsumerServiceID in query strings 2005-03-22 Frederic Peters session may exist beforehand, store status nevertheless no success won't set Success 2005-03-21 Nicolas Clapies Added REQUEST_TYPE_SASL_REQUEST returned by lasso_profile_get_request_type_from_soap_msg(). Renamed properly attribute acces in DiscoServiceInstance object. Updated authentication service : fixed error when parsing data from client. Removed hard code to build soap envelope by call to common function from wsf_profile.h. Added function to build generic liberty wsf soap envelope. 2005-03-19 Frederic Peters removed erroneously commited tests Makefile 2005-03-18 Frederic Peters docstring to errorchecking tests include lasso_config.h since LASSO_WSF_ENABLED is used added missing lasso_config.h include (necessary for LASSO_WSF_ENABLED definition) since wsf is no longer compiled it is no longer necessary to check or isolate sasl check variable. don't compile id-wsf files when wsf is disabled; this cuts down build time by a nice margin. 2005-03-18 Nicolas Clapies Updated lasso_discovery_add_insert_entry() prototype : now it only takes a LassoServiceInstance and a LassoDiscoResourceID. 2005-03-18 Emmanuel Raviart Renamed LASSO_WSF_SUPPORT to WSF_SUPPORT in SWIG. 2005-03-18 Nicolas Clapies Updated authentication service : now it has hard coded collbacks. developer must use LassoUserAccount to inform sasl about login and password. Fixed dump of attribute. Fixed any attribute in snippet. Fixed process of dump for soap envelope message. 2005-03-17 Romain Chantereay First version of the "Writing a Libety PHP SP". Almost all adapted copied/pasted from "Writing a Liberty C SP". 2005-03-15 Frederic Peters detect liberty QName and add appropriate namespace (closes: #416) added non-regression test for bug #416 (missing namespace in some samlp:Response) 2005-03-11 Frederic Peters warning: ISO C90 forbids mixed declarations and code 2005-03-11 Nicolas Clapies Complete liberty soap binding. Added liberty soap binding extension. 2005-03-10 Nicolas Clapies Added missing security mechanism. Restore ResourceID and EncryptedResourceID attributes in discovery and modify. Added security mechanism id. Added comments about security mech rules. Added comment about Options rules. Added comments about status rules. resourceId is for LassoResourceID and LassoEncryptedResourceID. Fixed resourceID to resourceId. Added some param tests. Added disco status codes. Added discovery directive elements. 2005-03-07 Frederic Peters removed debugging output use fail_unless since fail_if didn't exist in check 0.8.x only use xsi:type on elements that have a saml: ancestor (and added test to not regress) return LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND in lasso_login_process_authn_response_msg when liberty status is samlp:Responder/lib:FederationDoesNotExist only use LASSO_SIGNATURE_TYPE_WITHX509 (including a in message) if we have a certificate to use; use LASSO_SIGNATURE_TYPE_SIMPLE otherwise. 2005-03-04 Emmanuel Raviart Corrected MinorVersion of samlp:Response. 2005-03-02 Nicolas Clapies Added credentials and resource offerings if authentication is OK. Added credentials and resource offerings if authentication is OK. Use gchar instead of char. Renamed LassoSaSaslRequest to LassoSaSASLRequest. Idem to LassoSaSASLResponse. soap envelope / binding support. Added soap swig binding, liberty soap binding swig binding, authentication service swig update Added soap envelope object to embed specific data from id-wsf.lasso/id-wsf/authentication.c Added soap envelope and soap binding. It is useful for id-wsf but could be used in other parts later. 2005-03-01 Frederic Peters fixed links to API reference 2005-02-24 Frederic Peters don't require sasl if wsf is not wanted; allow sasl2 dir to be passed to configure; include instead of since mutt does it that way. 2005-02-24 Nicolas Clapies Removed odd printf(). Added support of cyrus libsasl in id-wsf authentication service. Added support of cyrus libsasl in id-wsf authentication service. Added support of cyrus libsasl. Currently it disables wsf if not found. 2005-02-22 Frederic Peters updated ChangeLog for 0.6.1 told about 0.6.1 wsf support include file MessageType.cs was removed 2005-02-21 Frederic Peters updated �� information in reference manual more hateful Makefile.am to work with both swig 1.3.22 and 1.3.24; perhaps. LassoRequestType disappeared LassoMessageFormat enum is now documented incode typo fix and longer description enum documentation documented enums removed LassoMessageType from doc documented LassoRequestType and killed unused LassoMessageType (it was already unused in 0.6.0 so I allow this as not breaking api) gtkdoc comment formatting documented new version check mode hacking against swig 1.3.24 2005-02-19 Frederic Peters generated files are best ignored by cvs janitored configure.ac; it shouldn't have been batardized this way. missing csharp swig generated file removed long useless file define LASSO_WSF_ENABLED provide wsf support activation status to swig binding; note to Romain: wtf was LASSO_WSF_ENABLE ? (it appears in rev1.129 of configure.ac without any comment about its purpose) (I removed it) 2005-02-18 Romain Chantereay Use MSVC binaries. 2005-02-18 Frederic Peters corrected enum CheckVersionMode binding (didn't work for c# and java) 2005-02-17 Romain Chantereay Changed the output file directory to nsis. Added python NSI script. 2005-02-17 Frederic Peters lasso numeric check enum added dumb numerical mode to checkVersion; added swig binding for this function; generating Lasso.i considered bad idea, cleaned and removed. 2005-02-17 Romain Chantereay Escape the $ as begin of a variable name adding another '$'. Now the '$$' pass '$' to sed and '$' is end of line and no more begin of variable name. 2005-02-16 Romain Chantereay Updated MSVC projects. Now lasso_config.h for MSVC is generated with configure substitutions. Added the temporary files for "int res = 0;" declaration to local cleanning rule. Added the automake makefile for the MSVC lasso-java project. Added DLL filename subsitution. Distribute generated nsi files too in order to permit non-autotools users to create lasso installers. Include lasso project input file and java subdirectory in distribution and automake system. Now Lasso MSVC Project is dynamicaly generated. The produced resource file is distributed too in order to permit MSVC users to compile LASSO. Now Resource file is generated from configure variable (for versionning and file name). No more Lasso.i in the repository, it is generated from Lasso.i.in. The SWIG input file is distributed too. Now The SWIG interface is "generated" by configure. The following constants are set and exported to bindings: - LASSO_VERSION_MAJOR - LASSO_VERSION_MINOR - LASSO_VERSION_SUBMINOR - LASSO_WSF_ENABLE result have to be freed with g_free. corrected a incode declaration. As regexp does not manage multiline expressions, the comment is replaced by the res integer declaration. Fix a syntax error only reported by MSVC. Create a void pointer in an empty structure declaration. Now some version information are propagated in order to perform substitions. New files are not dynamicaly generated. Put swig sub directory before bindings directories. 2005-02-15 Romain Chantereay Set only used constants. No more lasso_config.h constants export in LASSO bindings. Added java project to lasso workspace. Updated Lasso workspace. Added a Windows configured lasso_config.h. Perhaps we have to transform it into a special lasso_config.h.in in order to have the version number dynamicaly configured, and only this value (not the HAVE_FOO). 2005-02-15 Frederic Peters ship msvc project files 2005-02-14 Frederic Peters use g_free(), not free() (so it works under windows) 2005-02-14 Romain Chantereay Included xml.h for better lasso_strerror export declaration. 2005-02-14 Nicolas Clapies Added status code constants for wsf authentication service. 2005-02-14 Frederic Peters added missing authentication.c to Makefile.am 2005-02-14 Nicolas Clapies Added high level of authentication service : standard methods of a lasso service. Must be improved depending on the needs from souk implementation. Added duplication of mechanism string parameter in constructor. Added missing status parameter in lasso_sa_sasl_response_new() method. Added lasso_sa_sasl_response_new_from_message(). 2005-02-13 Emmanuel Raviart Added Lasso error strings to SWIG exception messages. Added two missing ID-WSF functions to LECP binding. 2005-02-11 Romain Chantereay Update MSVC workspace and projects. 2005-02-11 Frederic Peters checks provider has been found if g_hash_table_find doesn't find anything, check twice to be sure to return NULL. 2005-02-11 Romain Chantereay g_vsnprintf taked the place of vsnprintf. 2005-02-11 Frederic Peters check param for NULL cflags_save ate my breakfast; removed. 2005-02-10 Nicolas Clapies Added low level classes for wsf authentication service. SASLResponse is only tested with required Status element. 2005-02-10 Frederic Peters removed unecessary vsnprintf declaration we don't need yet another implement of vsnprintf, we can use glib use glib version of vsnprintf use gtk-doc style function comment for DllMain autofill nsi files with lasso version number 2005-02-10 Nicolas Clapies Now lasso_lib_request_authn_context_new() returns LassoLibRequestAuthnContex* instead of LassoNode*. 2005-02-10 Frederic Peters reworked a bit documentation build system and added detection of inkscape and xsltproc in configure 2005-02-08 Romain Chantereay Removed XMLSEC_DYNAMIC_LOADING because it is a non-sense. We are using xmlsec-openssl specific functions in code, so there is no choice, we have to use openssl. (Fix a build warning). Fixed type error. 2005-02-08 Frederic Peters allocate query fields memory with glib g_malloc (and free it with g_free) memory allocated by libxml2, freed by xmlFree replaced free() by xmlFree() when freeing strings created by libxml2 replaced free() with correct libraries function (glib and libxml2) do not include wsf functions when not using wsf step.xsl is in $(srcdir) updated debian packaging to what has just been uploaded to sid updated debian packaging to what has just been uploaded to sid that inline should be ok everywhere ultra magic swig search&replace; compiles with new debian php packages (and old ones too) 2005-02-08 Romain Chantereay Removed bad build configuration. Added MS VC worspace and projets. Currently two projects: - Lasso DLL - PHP binding Added the vsnprintf function code of Patrick Powell for MS Visual C users. If vsnprintf is not available, the function is declared in the private.h header file. 2005-02-08 Frederic Peters another php api change bites the dust 2005-02-08 Romain Chantereay __inline under MSVC. 2005-02-08 Frederic Peters first fix for debian php package abi changes; zend_register_internal_class_ex gained a mysterious parameter obviously static distribute patch_swig_output; it might come handy variables and functions shouldn't have the same names fixed variable name detect when it is possible to use variadic macros and fall back to inline functions when it is not the case. 2005-02-08 Emmanuel Raviart Added missing snippet for element "any" in dst:NewData. 2005-02-05 Frederic Peters use new figures in documentation New figures for documentation; automake and makefile stuffs to generate png out of svg (with inkscape) out of template svg (with xsltproc). Needs to check for those tools in configure.ac removed all %s escaping sequences from lasso error strings; as a side effect this simplifies critical_error macro, porting to non-gcc compilers should be easier. Along the way I also fixed the long standing bug #256. marked types.c and symbols.sym as phony targets so they are rebuilt every time more appropriate error code removed remaining compiler warning (unused variable) from id-wsf/ correctly use id-ff 1.1 xml namespace in backward compatibility mode Updated documentation files nobody cared about. 2005-02-04 Frederic Peters added tests to fix bug #407 and avoir similar ones added testcase for bug #407 all query fields are restored to the same lib:Extension; there are no other way. restore a from unknown query string elements; all of them are merged in the same use c99 construct for variadic macros when not using gcc (still missing a third alternative for non-(c99||gcc) compilers 2005-02-03 Emmanuel Raviart Lasso requires glib and gobject >= 2.4.0 (when compiled with glib 2.2.3, it generates an error: undefined symbol g_hash_table_find). 2005-02-02 Emmanuel Raviart Added a test converting an AuthnRequest with an extension to and from a query. It fails. 2005-02-02 Frederic Peters correctly deals with RequestAuthnContext when rebuilding AuthnRequest from query string 2005-02-01 Emmanuel Raviart Corrected typo in constant. Added test for AuthnContext in AuthnRequest. 2005-01-30 Emmanuel Raviart Corrected SIS namespaces. 2005-01-30 Frederic Peters doesn't mention wsf files for now; a better solution will be devised in time 2005-01-29 Frederic Peters removed extraneous liberty namespace registration and noted a future fix to LECP to do. 2005-01-29 Emmanuel Raviart SWIG: Use WSF_SUPPORT instead of WSF_ENABLED as constant in bindings. Typo correction. Reverted previous replacement of #if LASSO_WSF_ENABLED with #ifdef LASSO_WSF_ENABLED. 2005-01-29 Nicolas Clapies Replaced #if LASSO_WSF_ENABLED by ifdef LASSO_WSF_ENABLED to enable wsf in bindings. Removed old comment. Removed optional option parameter in lasso_discovery_add_insert_entry(). 2005-01-29 Emmanuel Raviart SWIG: Added Attribute to AttributeStatement. Added binding for saml:AttributeValue. Corrected use of constant LASSO_WSF_ENABLED in binding. SWIG: Added constant WSF_ENABLED and VERSION_DECIMAL to bindings. 2005-01-28 Frederic Peters compatibility with previous liberty specifications; still missing support for old elements in lib:AuthnRequest (requires some deep thought) but it may already be working as is. 2005-01-28 Romain Chantereay Updated to lasso 0.6.0 with soname 3. Updated dependencies too. 2005-01-28 Frederic Peters initializes AuthnResponse in process_authn_request_msg; it is necessary since intermediary function may want to set status code. (fix a crasher bug when using isPassive and POST) 2005-01-28 Romain Chantereay SONAME:3 no more 1. 2005-01-28 Frederic Peters produce 1.1 requests and notifications when interoperating with previous liberty implementations include missing identityprivate.h liberty 1.1 metadata were in another namespace "http://projectliberty.org/schemas/core/2002/12" store liberty 1.2 conformance when loading metadata; it will allow to deal with previous liberty implementations samlp:Request Major and Minor versions are saml, not lib If the element or its type is in a SAML namespace (urn:oasis:names:tc:SAML:1.0:assertion or urn:oasis:names:tc:SAML:1.0:protocol), then the values MUST be 1 and 1 respectively. abort configure if python is not found Document new functions; pretty please. Fixed memory leak introduced in lasso_profile_get_request_type_from_soap_msg; moved wsf chunk from build_assertion to its own function. 2005-01-28 Emmanuel Raviart Merged wsf-api-change-not-for-0-6 branch with trunk. 2005-01-27 Frederic Peters updated ChangeLog for 0.6 with gazillion things. wsf activation status in configure summary output configure flag to enable ID-WSF (off by default) don't use wsf for now late 0.5 fixes to documentation correctly deals with multiple elements for the same query part 2005-01-27 Emmanuel Raviart Corrected name of element AuthnContextComparison. Added missing constants. 2005-01-26 Frederic Peters removed .bak file on clean prepare for 0.6.0 take ntoe of function changes in doc lasso-src-config is generated ignore more and more files reworded blah blah in reference manual introduction removed functions that are now private from documentation 2005-01-26 Emmanuel Raviart Removed obsolete Python sample code. Updated ColdFusion examples. Added SWIG binding for lasso_session_get_assertions. Also added Java code to test it. 2005-01-26 Frederic Peters lasso_identity_{add,remove}_federation went private new lasso_session_get_assertions, returns GList* of (incref'd) assertions every morning I distcheck and fix java and csharp classes; oh yeah. moved lasso_identity_{add,remove}_federation to private use python as found by configure 2005-01-26 Emmanuel Raviart Updated Java LoginTest and test metadata. 2005-01-25 Frederic Peters Empty node name is allowed for LIST_NODES; this allows nodes to be reconstructed looking at their names and namespaces. This is useful to implement xs:any 2005-01-25 Emmanuel Raviart SWIG: Corrected Java enums. Renamed enum types. Corrected constant name. 2005-01-25 Frederic Peters documented memory management for lasso_identity_add_federation no more php/examples/ subdir 2005-01-25 Christophe Nowicki remove php samples Remove php samples from the lasso repository I'm still working on it. I will release an independant Pear package for Lasso 0.6. The pear package repository is here: https://meuh.dyndns.org/cgi-bin/viewcvs.cgi/lasso_pear/ 2005-01-25 Frederic Peters updated swig generated files list for C# updated swig generated file list fixed DowncastableNode.java filename "hope you paid attention to API/ABI". 2005-01-24 Emmanuel Raviart Cosmetic changes to SWIG Lasso.i #ifdefs. 2005-01-24 Romain Chantereay Added a special section for PHP4 SWIG execeptions. Now positive lasso errors will not produce a E_ERROR PHP error but simply a E_WARNING PHP error. 2005-01-24 Emmanuel Raviart Added Lasso version numbers to bindings. Removed service from ID-FF. It was obsolete and will be replaced with a new API, once Lasso 0.6 is out. 2005-01-23 Emmanuel Raviart Completed ID-WSF SWIG binding. Added attribute server to binding of LassoProfile. Small corrections to declarations of ID-WSF objects. Quick fix so that Lasso bindings work till SWIG WSF part is fully updated. 2005-01-22 Emmanuel Raviart Updated binding of all "discovery" nodes. Work in progress: improving ID-WSF SWIG binding. Updated Copyright and authors. Updated Copyright and authors. SWIG: Renamed constants from camelCase to UPPER_CASE. SWIG: Added missing renaming of constant LASSO_HTTP_METHOD_NONE. SWIG: Very preliminary clean-up of Lasso-wsf.i. Renamed SWIG module name to "lasso" instead of "Lasso" for every language. 2005-01-22 Frederic Peters don't get remote provider id out of request if it was initiated by provider 2005-01-22 Emmanuel Raviart SWIG: Added binding for new_full constructors. 2005-01-21 Frederic Peters fixed missing provider error code (and used it in other places) don't segfault on missing remote provider id removed lib:Scoping, optional reordered lib:authnRequest elements new SNIPPET_OPTIONAL_NEG which allow to skip integer elements when set to -1 (useful for proxycount) moved samlp qname conversion to lib_status_response adds samlp: prefix to statuscode qname if necessary 2005-01-21 Emmanuel Raviart SWIG: Added yet another correction in generated PHP lasso_wrap.c for handling of optional arguments. SWIG: Added patch for PHP lasso_wrap.c to correct handling of optional arguments in methods. 2005-01-21 Frederic Peters if existing, use SessionIndex from assertion in lib:LogoutRequest. removed out of place int caused by dubious docstring copy/paste documented remaining functions in xml/; looks like all the functions are done. done with documenting if-ff/* functions removed lasso_server_add_service from reference api since it is for wsf 2005-01-21 Emmanuel Raviart SWIG: Removed method dump of NameIdentifierMapping. 2005-01-20 Emmanuel Raviart SWIG: Every function that may raise an exception, also returns the errorCode. 2005-01-20 Nicolas Clapies Fixed saml attribute tag define. 2005-01-20 Frederic Peters don't output licensing comment when starting perfs.php corrected spelling of optionally. documented name_identifier_mapping.c; removed its unused dump functions; fixed a few docstrings documented #LassoNameRegistration and fixed some docstrings in #LassoLogout 2005-01-19 Emmanuel Raviart Improved C# binding. 2005-01-19 Frederic Peters added SNIPPET_LIST_XMLNODES support (mostly the same thing as SNIPPET_EXTENSION for the moment) 2005-01-18 Frederic Peters restored documentation I wrote before (and lost in enum name change) documented a few things 2005-01-18 Christophe Nowicki create a isDBError function update sso code for the new lasso api change idp and sp fqdn (add .lasso.lan) update metadata update metadata change constants name fix LassoServer call add a gen_keys.sh script for generating automatically ssl keys 2005-01-18 Emmanuel Raviart Extracted the inheritance of nodes from SWIG in a separate file, to remove its duplication in Lasso.i. Reorganized Lasso.i. 2005-01-17 Emmanuel Raviart Improved Java .cvsignore. Completed Java binding tests. SWIG: Corrected constant name: SWIG macros are not accessible inside %{ %}. SWIG: Ported dynamic casting to all type of nodes. Not fully tested yet. SWIG: Added support for dynamic casting in Java. It works, but it has been only implemented for SamlpRequestAbstract. It will soon be generalized to LassoNode. 2005-01-15 Emmanuel Raviart SWIG: Renamed getitem to getItem. Idem for setitem. Java: Added a third binding test. PHP: Corrected header of binding test. Added first 2 binding tests for Java. Corrected help for Java login test. Updated authors. Changed authors & copyright in SWIG and unit tests headers. Extracted binding_tests.py from profiles_tests.py, so that each language has a binding specific test. 2005-01-14 Emmanuel Raviart Corrected Perl binding and added test program. 2005-01-14 Frederic Peters check for correct exception handle non-soap messages in new_from_soap 2005-01-14 Romain Chantereay Added NameQualifer definition paragraph and added a meta info on the LASSO_LIB_NAME_IDENTIFIER_FORMAT_ENCRYPTED. 2005-01-14 Emmanuel Raviart Added a new test that generates a segfault in new_from_soap. 2005-01-13 Nicolas Clapies Started to bind class LassoIsInteractionRequest to process it in interaction profile service class. 2005-01-13 Frederic Peters don't pass prefix to install-perl 2005-01-13 Nicolas Clapies Removed class LassoAbstractService. 2005-01-13 Emmanuel Raviart Swig PHP: Added test to accept NULL for dynamic arguments. Added program to test PHP binding. Corrected patch to SWIG PHP output. 2005-01-13 Frederic Peters safe against unfound strings 2005-01-13 Emmanuel Raviart Swig PHP: Corrected LassoNode conversion for input arguments. 2005-01-13 Nicolas Clapies Fixed error in xmlNewNs() call : first param must be xmlnode instead of NULL. Removed pp_msg_contact.c pp_msg_contact.h. Removed LassoPPMsgContact class. Updated binding too.lasso/xml/Makefile.am Removed specific class LassoPersonalProfileService. Added generic web service class LassoProfileService. 2005-01-13 Emmanuel Raviart PHP Binding: Added support for NULL return value. 2005-01-13 Frederic Peters removed uncommited profile_service.[ch] from Makefile.am 2005-01-13 Nicolas Clapies Added support of interaction profile service. Started to implement interaction service profile. Added lasso_*_new_from_message() method to rebuild objects from xml dump. 2005-01-12 Frederic Peters forgotten commit of new is* classes to Makefile.am. removed unused variable moved errors.[ch] up; as requested. 2005-01-12 Nicolas Clapies Added low level classes for interaction service specification. Added name space constant for interaction service. Added interaction rule constants for interaction service UserInteraction element. 2005-01-12 Frederic Peters remove duplicate declaration of namespace (bug#398) 2005-01-12 Emmanuel Raviart Swig: Removed attribute responseStatus (now private). Corrected LassoProfile request and response attributes. Corrected handling of NULL pointers in dynamic casting. Added Python tests for XML lists and nodes inside nodes. 2005-01-12 Frederic Peters sync documentation sections with current functions made lasso_profile_set_response_status into a private function removed lasso_check_version_exact and lasso_check_version macros; renamed lasso_check_version_ext to lasso_check_version. install and uninstall correctly files (distcheck once again ok) added a new bunch of files to ignore replaced malloc by strdup; that was stupid. no longer allows NULL to get the first known remote provider id define check variables don't use am_path_check since it fails when check is not available (while it should continue and disable the test suite) added support for SNIPPET_OPTIONAL (for use with SNIPPET_INTEGER or SNIPPET_BOOLEAN) (not that really tested) updated list of java swig generated files 2005-01-12 Emmanuel Raviart Python: Added tests for list of nodes. 2005-01-12 Frederic Peters use snippts in #LassoProvider and #LassoServer 2005-01-12 Emmanuel Raviart Corrected SWIG PHP output patch to be pre-C99 compatible. Swig: Cancel a %newobject getitem, because a %newobject getitem applies to every method getitem in every classes below. This caused an "interesting" memory handling bug. Beginning to add binding specific tests. The objective is to port these tests to every binding. Discovered a binding bug in list handling. 2005-01-11 Frederic Peters homogenous quoting for "x" comparisons even more files to ignore include new java files (note that I also modified the buildbox, it was not checking lasso.jar file, it does now and will therefore fail, too bad) 2005-01-10 Frederic Peters documented lasso_node_get_xmlNode Reserved space for private_data expansion, so it will be possible to maintain ABI compatibility if changes are needed. Documented some functions (and switched some destroy to use lasso_node_destroy). integrate patch_swig_output.py in PHP swig module build process changed php swig patch script to use stdin and stdout 2005-01-10 Emmanuel Raviart Swig: Added a patch to PHP, so that it handles correctly dynamic cast of function results. [Note: Patch is not integrated in Makefile.am.] 2005-01-09 Frederic Peters fixed comment about gcc 2.95 removed hack to get to lib; it doesn't seem to work elsewhere. 2005-01-09 Emmanuel Raviart Swig: Corrected LassoNode node_info. Swig: Removed login & lecp authnRequest & authnResponse attribute. Now uses attributes request & response, like C. Added dynamic casting to AuthnRequestAbstract & AuthnResponseAbstract. 2005-01-09 Frederic Peters replaced strncpy calls by g_strlcpy deals with lines ending with \; compile regex only once. ends lines with \ so they get caught by extract_symbols.py 2005-01-09 Emmanuel Raviart Swig: Beginning to add a kind of inheritance mechanism to LassoNode. Swig: Added missing classes. 2005-01-08 Emmanuel Raviart Swig: Added several GList items. Swig: Added SamlpRequestAbstract inheritance. 2005-01-08 Frederic Peters reserve abi-space for unsupported elements in saml:Assertion 2005-01-08 Emmanuel Raviart Renamed NodeArray (resp. StringArray) to NodeList (resp. StringList). Renamed LassoStringArray to LassoStringList. Corrected a typo. Corrected a copy/paste error. Swig: Renamed LassoNodeArray to LassoNodeList, because, although it is physically an array, it is the Swig binding of a GList. Swig: Added Assertion attribute in samlp:Response. 2005-01-08 Frederic Peters moved remaining unbounded elements to GList* (samlp:Response/Assertion being part of that bunch) 2005-01-08 Emmanuel Raviart In SWIG, enclosed %init code inside braces to preserve gcc 2.95 compatibility. In SWIG added support for conversion to and from LassoNode. Not implemented for C# nor Java yet. 2005-01-08 Frederic Peters turned a bunch of unbounded elements into GList* only give xsi namespace to nodes with xsi: attributes fixed maintainer-clean target for Perl binding port of perfs.c to PHP (it is surprisingly faster than the C version). check for identity in build_assertion 2005-01-07 Frederic Peters beginning of a C# version of perfs.c updated simple C# example put c# binding in a lasso namespace 2005-01-05 Frederic Peters properly creates lasso-src-config from lasso-src-config.in mark sameNs as inline since it is short and often called (thanks to kcachegrind for profiling details) 2005-01-04 Frederic Peters fixed element name for SubjectConfirmation fixed order of samlp:Response elements clean some state and uri escape artifact correctly allocates memory for nameidentifier attributes removed individual debug() statements in dispose() and finalize(); replaced by a single statement in xml/xml.c; surrouded that one by LASSO_DEBUG so --enable-debugging prints those memory-management debugging data. added missing ; completely handle memory management for sessions properly allocates memory for constant strings used in messages (or readonly memory would be freed and segfaults would happen) created serverprivate.h for two private #LassoServer methods rewrote lasso_login_init_idp_initiated_authn_request using lasso_login_init_authn_request to avoid duplication. don't care about NameFormat and NameQualifier in comparaison makefile perl magic to get distcheck running (disabled installation) 2005-01-03 Emmanuel Raviart SWIG binding helper functions are now static. Added binding for saml:Attribute. 2005-01-03 Frederic Peters added include of #LassoSamlAttribute header file for #LassoSamlAttributeStatement updated swig generated java files list to have a working make distcheck build and ship html documentation; distcheck runs ok. fixed succint typo copy version.xml from the right location for make distcheck to work updated swig output files list for make distcheck more perl files to ignore 2005-01-03 Emmanuel Raviart Adding SWIG support for GList of LassoNodes. Not finished. 2005-01-02 Frederic Peters use choosen CC and CFLAGS when compiling the perl module Perl module builds and links correctly. 2005-01-02 Emmanuel Raviart Improved SWIG binding for assertions. 2005-01-02 Frederic Peters building the perl binding 2005-01-02 Emmanuel Raviart Improved Extension support in SWIG. Corrected use of %newobject in SWIG. 2005-01-02 Frederic Peters first step to perl bindings (they still need to be compiled and installed correctly) 2005-01-01 Frederic Peters accounts for changes in lasso_node_dump Removed second and third parameters of lasso_node_dump since @encoding is always UTF-8 and @format is always to indent XML in lasso dumps. removed lasso_federation_set_local_name_identifier and lasso_federation_set_remote_name_identifier; they were no longer necessary. 2005-01-01 Emmanuel Raviart Removed %rename for attributes in PHP binding, because they currently don't work. 2005-01-01 Frederic Peters applied esaracco patch for check configure test 2005-01-01 Emmanuel Raviart Changed the way %extend was used in SWIG. Removed binding for functions lasso_federation_set_local_name_identifier and lasso_federation_set_remote_name_identifier: the are useless. SWIG binding now uses only lasso_node_destroy for LassoNode: no more g_object_unref nor lasso_xxx_destroy. SWIG binding: Added Federation; updated Identity. Back to camelCase for attributes in SWIG binding. 2004-12-31 Emmanuel Raviart Updated LassoServer SWIG binding. 2004-12-31 Frederic Peters replaced enum name in methods added between two cvs runs moved remaining lasso[A-Z].* enums to Lasso[A-Z].* 2004-12-31 Emmanuel Raviart Updated SWIG binding for LassoProvider. Spelling correction: succint -> succinct. In SWIG, added constructor, destructor and dump to "lib:" objects. Improved SWIG bindings of "lib:" objects. 2004-12-31 Frederic Peters moved lasso_strerror to public interface removed obsolete (since move to structure) lasso_node_verify_signature (but lasso is still lacking signature check for assertion) sets InResponseTo in samlp:Response ret > 0 no longer happens if AuthnRequestsSigned is missing assume it as TRUE removed obsolete comment error on missing memory management in #LassoLogout (actually already done with snippets; nothing to do but removing old FIXME comments) it sure must be set to NULL memory management in #LassoProvider don't output memory management debug strings ignore version.xml added new saml classes and removed private functions from #LassoProvider fixed spelling in lasso_provider_new_from_dump description moved some lasso private functions to new providerprivate.h; insure it is included properly in other files (as well as some sessionprivate.h that were missing) documented lasso_server_get_providerID_from_hash, reaching: 60% symbol docs coverage (151 symbols documented, 101 not documented) fixed parameter name in constructor fixed function name in docstring for #LassoLibAuthnResponseEnvelope constructor documented a bunch of LassoSaml* classes _new functions documented a bunch of other xml base objects forgot a parameter in lasso_login_validate_request_msg docstring documented remaining #LassoLogin function, lasso_login_validate_request_msg fixed parameter names in some #LassoLogin docstrings documented #LassoLogin 2004-12-30 Frederic Peters more memory management for #LassoServer memory management for #LassoIdentity and #LassoSession (partial) implemented _destroy for LassoService (WSF thing, but that's just a call to lasso_node_destroy) documented more functions, reaching 50% symbol docs coverage (126 symbols documented, 126 not documented) set members to NULL to be sure request and response fields are handled by snippets; they must not be freed manually 2004-12-30 Emmanuel Raviart Added missing g_object_ref for Logout et Lecp request and response in SWIG binding. Removed unused GLib types from SWIG. SWIG now uses errors.h. 2004-12-30 Frederic Peters added refcounting of server to other profiles fixing object refcounting in login/logout and proper object destruction to profile documented #LassoProfile identity and session methods documented some new/destroy/dump/... functions added some missing functions to documentation moved lasso_node_build_query to private functions merged tools.h and internals.h in new private.h, excluded from API reference. added lasso_session_is_empty method to documented functions Do not remove tmpl/ directory; it holds real hand-written documentation there. Copy lasso.sgml to build/ directory before calling gtkdoc-mkdb so it is found by gtkdoc-mkdb and xml prologues are not added everywhere. documenting lasso_{login|lecp}_init_authn_request include LassoLibAssertion details into swig bindings. Moved #LassoSession private functions (limited to Lasso internal use) to a new sessionprivate.h file. 2004-12-30 Emmanuel Raviart Added handling of GObject reference counting to SWIG binding. Fully revamped SWIG binding. Corrected result type of lasso_saml_assertion_new. 2004-12-29 Frederic Peters check for libtool and pkg-config m4 files (thanks again to gnome-autogen.sh) don't use $< since it fails with BSD make. only set Status in session on failure Store status in session to be restored for samlp:Response usage. This means the session *must* be saved in single sign-on service url and will be dirty. (so souk, libertyidentity.py line 1076 failIf(login.isSessionDirty) will fail) 2004-12-28 Emmanuel Raviart Added StatusCode binding in Logout. Reorganized objects in swig Lasso.i file. 2004-12-28 Frederic Peters revamped autogen.sh so it works on FreeBSD (with many thanks to gnome-autogen.sh) only set samlp:Success in samlp:Response if assertion was found; fall back to samlp:RequestDenied in other cases since there is currently no way to be more precise. added LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS error code set error to lib:UnknownPrincipal if authentication_result is FALSE don't crash if session was not set removed old signature code from LECP 2004-12-28 Emmanuel Raviart Added Status to AuthnResponse. Added SamlpStatus & SamlpStatusCode to SWIG. Beginning to use same case in SWIG for XML elements as in C. 2004-12-28 Frederic Peters return LASSO_LOGIN_ERROR_REQUEST_DENIED if that's the response Status fixed dependency on xmlsec1-openssl generate xmlsec signatures in get_xmlNode; this should allow envelopes (in LECP) to work properly. lasso requires xmlsec >= 1.2.6 2004-12-27 Emmanuel Raviart Added cast to remove compile time warning. 2004-12-27 Frederic Peters Fixed lasso_lecp_build_authn_request_envelope_msg, lasso_lecp_process_authn_request_envelope_msg and lasso_lecp_build_authn_request_msg to properly deal with signatures (and, generally, to work) support for elements in query (not yet reconstructed); enabled for Moved back Extension support from xmlNode* to GList*; "SP login using post/artifact (testing Extension); SP logout using SOAP." test now works. 2004-12-26 Emmanuel Raviart Replaced calls of lasso_provider_get_metadata_one with lasso_provider_get_assertion_consumer_service_url in lecp. Corrected SWIG binding for LECP methods inherited from Login. 2004-12-25 Emmanuel Raviart Changed lib:Extension handling in SWIG lib:AuthnRequest binding, to ensure that each lib:Extension element has a valid namespace. 2004-12-24 Emmanuel Raviart Added SWIG support for "Extension" elements in lib:AuthnRequest. 2004-12-24 Frederic Peters added lib:Extension support to dst classes. Added missing declaration for lasso_name_identity_mapping_new_from_dump (and moved dump type to const char*). errata2 makes SPProvidedNameIdentifier optional; changed schema snippet accordingly errata2 adds a NotOnOrAfter attribute to LogoutRequests removed obsolete comment Do not store metadata in provider dumps; only store the filename. Handle AssertionConsumerServiceID in ; this allows to have more than one AssertionConsumerServiceURL in a single service provider. more documentation 2004-12-23 Frederic Peters removing lasso_config.h from scanned header files Moved to xmlNode* since the developer can use xmlAddNextSibling to add other nodes. (not tested) a few words about lib:AuthnRequest documented #LassoSamlNameIdentifier removed all old setter methods and other removed functions from documentation. dot at the end Removed _new functions for abstract classes; added _new functions for classes that only had _new_full functions. Documented a little bit; marked public members in structures as such. removed cut'n pasted doc from oasis removed liberty-alliance entity; documented #LassoLogout; actually most docstrings were already there but are way too much going into Lasso internals. Not fixed yet. remove angle brackets around elements in doc strings so they can now be considered as docbook (necessary to produce itemized lists in docstrings) removed copy/pasted OASIS documentation Removed docstring copy/pasted from OASIS documentation (looks like BSD so it should be allowed if they are cited but I prefer to have full copyright over Lasso code) documented #LassoSession. Removed lasso_session_get_authentication_method and lasso_session_get_first_providerID methods that were obsolete and unused. Commited Nicolas SWIG binding for WSF since he is on vacation. create namespace in the air not to disturb xmlnode disco:Status doesn't exist; once again fall back to UtilityStatus pp:Status are not DstStatus but UtilityStatus; acknowledge. fixed QueryResponse get_xmlNode function. 2004-12-22 Nicolas Clapies Added missing header. Updated get_xmlNode(). Added missing headers. Added set of request in lasso_personal_profile_process_query_msg() and lasso_personal_profile_process_modify_msg(). Removed use of GList for Options. Use only a Options pointer. 2004-12-22 Frederic Peters documenting #LassoIdentity and #LassoFederation copyright and license in are ok assertion consumer *service* URL documented service provider assertion consumer service url close parenthesis documenting single sign-on; Service Provider Login URL done with example. commented out ; not handled by gtk-doc.xsl Switched documentation to docbook XML. titles for id-ff 1.2 profiles minor adjustments to documentation Minimal documentation for #LassoProfile and #LassoLogin documented #LassoServer Started organizing Lasso Reference Manual; documenting LassoProvider. 2004-12-21 Frederic Peters fixed symbols.sym case added lasso_provider_get_base64_succint_id method to LassoProvider to facilitate Identity Provider Introduction implementation. moves back to the place the schema gave them. refined symbol regex removed declaration of inexistant function removed unused variable ignoring some more swig generated files Updated list of files generated by SWIG in C# and Java bindings; fixed PHP Makefile.am; use $(srcdir) to get correct directory in code generation python scrips. make distcheck works after that. only exports symbols declared with LASSO_EXPORT (experimental) 2004-12-21 Nicolas Clapies Fixed call to constructor of LassoDiscoQueryResponse and LassoDiscoModifyResponse. 2004-12-21 Frederic Peters added random suites with random tests 2004-12-21 Nicolas Clapies Added lasso_disco_query_response_new_from_message() constructor. fixed name space in dump message of LassoDiscoQueryResponse and LassoDiscoModifyResponse : every element children inerit the discovery name space. 2004-12-21 Frederic Peters don't use xmlSecFind to look up signature 2004-12-21 Frederic Peters Severe libxml2 and xmlsec riot. Always put as the last node since it looks like the right thing to do (and even if the schema seems to say otherwise). Try to clean xml messages and remove redundant xml namespace declarations. Behind libxml2 back and cleaning memory properly. We���re off the streets now / And back on the road / On the riot trail. 2004-12-21 Frederic Peters define correct namespace on QueryResponse 2004-12-20 Frederic Peters removed unnecessary xmlReconciliateNs correctly sets namespace on Query and QueryResponse Personal Profile nodes. 2004-12-20 Nicolas Clapies Fixed method declarations : lasso_personal_profile_service_process_query_msg() and lasso_personal_profile_service_process_query_msg_response(). Removed GList type in lasso_discovery_add_insert_entry() params. Instead use simple type pointer until list support is implemented in swig binding. Added missing method lasso_discovery_process_query_response_msg(). 2004-12-20 Frederic Peters don't include in a second-level status code samlp error status Refactored signature code so it is now shared between requests/responses and artifacts. 2004-12-19 Frederic Peters Added differentiation between creating xmlnode for lasso use (the _dump functions) and creating xmlnode for the wire (export_to_soap...). This was necessary to keep track of private_key_file to use on an Assertion while it was kept in a lasso session dump and restored later. This means the get_xmlNode functions have now a second parameter, gboolean lasso_dump, TRUE when dumping for lasso internal use. On the bright side assertions are now signed (that signature is not yet checked). 2004-12-19 Frederic Peters removed minitests from tests Makefile.am little tests benchmarking AuthnRequest creation and AuthnResponse processing. add nodes in reverse class order to get them in schema order Moved signature template stuff into xml.c and use XmlSnippet for them; this should insure proper validation against Liberty XML schemas and should help adding missing signature support to cleaning up process files if available, use profile->msg_relayState to init request in init_request functions. 2004-12-18 Frederic Peters Moved LassoProfile->nameIdentifier from char* to LassoSamlNameIdentifier*, gaining back access to the nameFormat added late before 0.5. There are no bindings for LassoSamlNameIdentifier; as a temporary and compatible measure; profile->nameIdentifier in bindings continues to return a char* (profile->nameIdentifier->content). At the same time the same change has been done for LassoNameRegistration->oldNameIdentifier. 2004-12-17 Frederic Peters Isolated CFLAGS to be used when compiling Lasso in LASSO_CORE_CFLAGS; don't use those when compiling tests in order to catch errors in headers. (continuing) Isolated CFLAGS to be used when compiling Lasso in LASSO_CORE_CFLAGS; don't use those when compiling tests in order to catch errors in headers. Also moved a few things in header files; need more thinking about that. define LASSO_INTERNALS in lasso/ don't export functions defined in tools.h created by Lasso should now be compatible with SAML requirements [SAMLCore11]. [SAMLCore11] Maler, Eve, Mishra, Prateek, Philpott, Rob, eds. (27 May 2003). "Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1," OASIS Committee Specification, version 1.1, Organization for the Advancement of Structured Information Standards deal with missing Status in LogoutResponse Done with the new query snippets system (everything but the IDPEntries in ). It has nested support but ID-FF layer must still be updated to produce them. new (draft) query snippet mechanism to generate query string; deployed in 2004-12-16 Frederic Peters merged new error codes in SWIG and used one of them in the Python tests (almost) done with errors in ID-FF; remaining "return -1" have been converted to LASSO_ERROR_UNDEFINED (there are forty-three of them). LASSO_ERROR_UNDEFINED was redefined from -999 to -1 so it is easier to add new sequences of errros. added minimal support (only XML, no mapping to URL yet) for added memory management to list* XmlSnippet 2004-12-15 Frederic Peters pointers are %p in format strings, not %x memory management work moved federation to XmlSnippet no longer play fool mixing pointers and integers; they are not always the same size and this bites quite hard on AMD-64 (shame on me). 2004-12-15 Nicolas Clapies Reordered function declarations. Added check of server param. 2004-12-15 Frederic Peters fixed a few "variable might be used uninitialized in this function" detected with gcc-3.4 -O3. 2004-12-15 Nicolas Clapies Added support of modify request from a SP to AP : updated element's class in level 1 (Modify and ModifyResponse) and implemented modify request in level 2 id wsf. 2004-12-15 Frederic Peters added new standard error code LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED new LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND error code coherent error handling for "identity not found" and "federation not found" cases. 2004-12-14 Frederic Peters replaced unknown error by 2 LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD in Name Identifier Mapping profile. new LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL profile error and replaced a bunch of 'return -1;' with that one. fixed some missing or wrong prototype declarations fixed function declared as returning int that didn't return anything API change in Single Sign On profile (IdP side) to allow the developer to mess with Outlined in http://lists.labs.libre-entreprise.org/pipermail/lasso-devel/2004-December/001119.html more error code harmony, now with a new critical_error macro status code has been set in lasso_lib_logout_respone_new_full properly sign samlp:Response properly check signature on soap samlp:Request (login/artifact) properly verify signatures and return code appriopriately (closes: #362) updated test to new api updated test to new API ignore generated files ignore html rendition process files taken from lasso 0.5 (not uptodate) got uptodate documentation about single sign on (I think) [API Change] For consistency with the other profiles, remote_providerID has been moved from build_authn_request_msg to init_authn_request in both Single Sign-On and LECP profiles. [details on lasso-devel@] 2004-12-13 Frederic Peters error codes handling in LassoLogin use XmlSnippet for LassoLogout dump/restore reenabled lasso_session_destroy() more error code harmonization. sign AuthnResponse and harmonous use of LASSO_PROFILE_ERROR_INVALID_MSG removed obsolete comment harmonized remote_provider tests (check and error code set to LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND) replaced error_code macro with a function since that macro didn't work with gcc 2.95 error message for LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED removed trailing ; in macro dealing with errors; now like this: return error_code(G_LOG_LEVEL_CRITICAL, LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED); 2004-12-12 Frederic Peters properly sign soap messages in name identifier mapping profile. got top-of-file license spaced the same way as in other files (+ fixed editor typo) removed error message when java was not found 2004-12-10 Valery Febvre Added LassoDiscovery class Added lasso_server_add_service() method Added LassoService class Fixed the attribute name of the dump version 2004-12-10 Nicolas Clapies Added lasso_personal_profile_service_add_data() method : it allows to add response elements corresponding to the requested attribute values. Removed params of constructor : id and itemIDRef are not required attributes. Added support of MsgContact PP service. Initial version : support of personal profile msg contact. It is very experimental and only supports msg account and msg provider part. 2004-12-10 Valery Febvre Removed useless LassoDiscoResourceIDGroup class 2004-12-10 Frederic Peters Added back xmlsec signature check (and disabled it in name identifier mapping profile since it is buggy there). The signature check requires another call to xmlParseMemory; this makes them 3 per SOAP message (sign check + lasso_profile_get_request_type_from_soap_msg and lasso_node_init_from_message). I'll think further about this. 2004-12-10 Nicolas Clapies Fixed type mistake in snippets of LassoDstQueryItem. Added support of DST modify / modify response. Replaced LassoDiscoResourceIDGroup with old ResourceID and EncryptedResourceID. Updated lasso_personal_profile_service_init_query() method : now it takes a LassoDiscoResourceOffering* resourceOfferring, a LassoDiscoDescription* description and a char* select, init a Query object, set the soap url from ResourceOffering, and return a QueryItem* to optionaly set attributes. Now it is possible to add extra QueryItems with lasso_personal_profile_service_add_query_item(). It returns the new QueryItem'pointer to set optional attributes; Removed ResourceOffering and ResourceIDGroup class's attributes. Only keep data and queryItem attributes. Removed old unused private methods (dispose() and finalize() ) Updated lasso_wsf_profile_build_*_msg() : now they only set msg_body class's attribute with a soap message (request / response). Added DST Modify part level 1. 2004-12-10 Frederic Peters overridden spelling fix caused alignment wreckage removed XmlSnippetObsolete, no longer used anywhere. lasso_node_build_xmlNode_from_snippets made static and documented some new functions. reenabled signature checking on query strings (xml messages still to do) moved NameRegistration to XmlSnippet removed unnecessary namespace declaration removed unnecessary private_data in LassoFederation; consequence being instance_init, class_init, dispose and finalise have also been removed. removed struct LassoLoginPrivate declaration Moved LassoLogin to XmlSnippet; not completely since an enum is converted in string and I'm not sure it is a good idea to 1) store them as integer or 2) adds the mapping value->string to xml.c. Also removed unused LassoLoginPrivate variable/struct/ 2004-12-09 Frederic Peters use xml snippet in LassoProfile; better faster stronger. don't sign query if not asked to; and fixed SNIPPET_NODE_IN_CHILD support 2004-12-09 Nicolas Clapies Removed code with ResourceIDGroup in lasso_personal_profile_service_init_query() : will be updated soon. 2004-12-09 Valery Febvre Yet another modification about ResourceID and EncrytpedResourceID elements 2004-12-08 Frederic Peters force role as service provider in lasso_login_build_authn_request_msg (closes: 382) forgot to get query when AuthnRequestsSigned was not set 2004-12-08 Nicolas Clapies Fixed support of ResourceIDGroup : updated class of level 1 and id-wsf with this new class. Removed process of ResourceOffering param. Need to be reactivated when ResourceID process in level 1 will be completed. 2004-12-08 Emmanuel Raviart For Swig, corrected server providerIds. Added providerIds to identities and sessions. 2004-12-08 Valery Febvre Fixed bad XML schema interpretation of ResourceIDGroup element in: LassoDiscoModify, LassoDiscoQuerya and LassoDiscoResourceOffering 2004-12-08 Nicolas Clapies Updated with support of disco_resource_id_group. Initial version : complex class to manage ResourceID and EncryptedResourceID choice. 2004-12-08 Frederic Peters new snippet type, SNIPPET_NODE_IN_CHILD, and documented all of the types. 2004-12-08 Valery Febvre Added LassoDiscoResourceID and LassoDiscoEncryptedResourceID classes 2004-12-08 Frederic Peters reviewed code marked with XXX 2004-12-08 Emmanuel Raviart In SWIG: - Improved ProviderIds. - Removed LassoProviders structure (too complex to handle with SWIG). - Added attribute providerIds and method getProvider to LassoServer. - Replaced xmlChar with gchar. 2004-12-07 Emmanuel Raviart The past participle of "to override" is overridden. see http://en.wiktionary.org/wiki/Overridden 2004-12-07 Frederic Peters another round on snippets; no longer multiply types for content transformation (CONTENT_BOOLEAN, ATTRIBUTE_BOOLEAN, CONTENT_INTEGER, ATTRIBUTE_INTEGER...), instead does something like this: SNIPPET_ATTRIBUTE | SNIPPET_INTEGER (other combinations allowed) 2004-12-07 Nicolas Clapies Fixed #ifndef __LASSO_LIB_DISCO_QUERY_H__ to #ifndef __LASSO_DISCO_QUERY_H__ Replaced template_service.* with abstract_service.* 2004-12-07 Valery Febvre Added AttributeStatement element support in Saml:Assertion (required for id-WSF). Fixed constructor's required params of Disco classes. Updated Disco classes with new snippet. Updated some schema fragments. 2004-12-07 Nicolas Clapies Initial version : class to manage Personal profile service. Currently, only support initiating, processing and building of Query and QueryResponse messages. Initial version : abstract class to store ResourceID, ResourceOfferings, QueryItem. Removed unused old code. Added support of specific service : now QueryResponse element can be used by services and inherits their name space. Fixed required params of constructor lasso_dst_query_item_new() : QueryItem's attribute itemID is optional. Added support of specific service : now Query element can be used by services and inherits their name space. 2004-12-07 Frederic Peters updated informative files with data about Lasso 0.5.0. 2004-12-07 Valery Febvre Updated LassoUtilityStatus with new snippet 2004-12-07 Nicolas Clapies Fixed namespace of Status element : Status is included by schemas so no default name space. 2004-12-06 Frederic Peters removed obsolete doc args 2004-12-06 Valery Febvre Fixed a stupid copy/paste Fixed SNIPPET_LIST_NODES and SNIPPET_LIST_CONTENT snippet type support in lasso_node_init_from_xml() 2004-12-06 Frederic Peters removed debugging fprintf fixed xpath expressions for id-ff 1.1 compatibility fixed metadata added (untested) compatibility with ID-FF 1.1 metadata files 2004-12-06 Nicolas Clapies Renamed LASSO_LIB_SERVICE_TYPE_ID_SIS_* to LASSO_*_HREF. Oups ... bad, bad copy / paste. Removed service types defines. Added prefix and href for personal profile and employee profile. 2004-12-06 Frederic Peters added dst support dealt with namespaces in a manner compatibler with libxml2 2.6.11 and 2.6.16 2004-12-04 Frederic Peters more on documentation compilation; ok now. removed obsolete classes so the doc compiles again Won anther automake battle. Thanks to Matthias Andree and Be Plouvier. added types.c generation to Makefile and to .cvsignore added types (classes) extraction on build and registration in lasso_init removed gmodule from libs; I failed to get class registration dynamic formatted for easier processing link to gmodule (part of glib) 2004-12-03 Frederic Peters consistency: comment stars are aligned; parent_class is no longer necessary; struct indentation only use one tab; trailing \ are not necessary. 2004-12-03 Nicolas Clapies Removed old FIXME. Updated LassoDstQueryItem with new snippet feature in class instance. Moved schema comment from .h to .c 2004-12-03 Frederic Peters added xml boolean attribute snippet support 2004-12-03 Nicolas Clapies Updated LassoDstQueryResponse with new snippet feature in class instance. Moved schema comment from .h to .c Updated LassoDstQuery with new snippet feature in class instance. Moved schema comment from .h to .c 2004-12-03 Frederic Peters removed memory management debugging fprintf cvs ignore for id-wsf/ files memory management for XmlSnippets; xml/*.c should no longer leak do not share memory between profile->remote_providerID and response->ProviderID 2004-12-02 Valery Febvre Added 22 DST status code constants 2004-12-02 Frederic Peters updated version to 0.5.9 and libtool version to 3.0.0 last(?) iteration on XmlSnippet; now attached to classes, get_xmlNode and init_from_xml are no longer necessary in many cases. Previous XmlSnippet renamed to XmlSnippetObsolete to keep compatibility (id-wsf classes have not yet been converted). indent using tabs 2004-12-01 Romain Chantereay Update NSIS scripts. Install zlib, intl.dll instead of libtoolized name. Install correctly in the lasso-lite installer. 2004-11-30 Nicolas Clapies Added a first support of id-wsf high level. Only the base class is defined : LassoWsfProfile is intended to be inherited by future service classes. It is still very incomplete. Added support of DISCO and DST element classes. Fixed wrong param in lasso_dst_query_item_new() : LibDstSelect doesnt exist, it is a specific element of attributes services. Initial version : added DST part of WSF for sis specific attribute services. 2004-11-29 Frederic Peters extra consistency check in lasso_session_get_provider_index fixed error checking in lasso_server_new added error checking in lasso_server_new added proper error checking where xpath is used. removed unnecessary include remove erroneous (my bad) XXX comment 2004-11-29 Valery Febvre Added LassoSamlAttribute, LassoSamlAttributeDesignator & LassoSamlAttributeStatement classes 2004-11-29 Frederic Peters cut on some line lengths reduced line length and aligning some #define harmonize schema fragment comments (indentation, in .c, no space between namespace and element name) 2004-11-29 Nicolas Clapies Initial version of wsf query / query response discovery part files. 2004-11-29 Frederic Peters harmony in snippets declaration harmony in schema fragment comments cut on line length (along a fix to commitinfo script to check this automatically) fixed protocolProfile handling when NULL in request in lasso_login_process_authn_request_msg map server->providers to a kind of list (should be dict) 2004-11-29 Valery Febvre Minor fixes after the snippets changes 2004-11-29 Frederic Peters added RelayState support in federation termination notification (used only in redirect mode) updated lasso_login_process_authn_request_msg to lasso 0.5 code 2004-11-29 Valery Febvre Added 8 classes for discovering identity services (ID-WSF) They provide methods to build Modify & ModifyResponse messages. Added 2 constants: LASSO_DISCO_HREF and LASSO_DISCO_PREFIX 2004-11-29 Frederic Peters check error and free memory in lasso_node_new_from_soap elsif'ing 2004-11-28 Frederic Peters error checking in lasso_profile_get_request_type_from_soap_msg() cleaned up useless affectation 2004-11-26 Frederic Peters moved xml snippet stuffs into new internals.h; those should not be exposed; changed snippet type from character to enum (defined in internals.h) signature for FederatationTerminationNotification; preparation for AuthnResponse. cut some long lines formatting added attribute snippet support to added attribute xml snippet support to signature support in , and added attribute xml snippet support to use xmlsnippets in fixed comment formatting use attribute xml snippet support in use attribute xml snippet support in use attribute xml snippet support in use attribute snippet support in fixed comment formatting use attribute xml snippet support in woke up to remove tutorials from configure.ac 2004-11-25 Frederic Peters indentation leftovers removed examples/ and docs/tutorial directories (obsolete stuffs) indentation work restore spaces in front of author name limit line length to 100 characters. cut down on line length; removed unnecessary cast, implemented 't' snippet handling. 2004-11-25 Valery Febvre added xml complex and simple elements sequences support to xmlsnippet 2004-11-25 Frederic Peters don't loop twice on xmlsnippets removed some unused #define use new xml attribute support for saml:Assertion added xml attribute support to xmlsnippet 2004-11-22 Frederic Peters renamed private struct member to private_data (gtk+ does it like that) fixed emacs mode Note about lasso-c-mode for Emacs users added error checking on query strings; python tests should now pass sync python tests with lasso 0.5 don't dump empty file path in server dumps merged late 0.5 changes to java/ and csharp/ Makefile.am 2004-11-18 Frederic Peters unused variables include appropriate file so saml_name_identifier_new is defined removed unnecessary lasso_node_impl_init_from_query fixed signed/unsigned mismatch server is not part of dump use same "xmlsnippets" (name will probably change) to build xml nodes 2004-11-17 Frederic Peters refactored init_from_xml functions (lasso is now less than 20000 lines) 2004-11-16 Frederic Peters more header cleaning cleaning #includes support for samlp:StatusCode in samlp:StatusCode in ... ad vitam. 2004-11-15 Frederic Peters tests are ok renamed lasso/environs/ to lasso/id-ff/ new tests updated tests 2004-11-09 Frederic Peters return value on init_from_xml; and minor tweaks to code style 2004-11-04 Frederic Peters Fixed value of SingleSignOnProtocolProfile metadata : added support of artifact and post. [lasso-orig rev1.2] 2004-11-03 Frederic Peters move debug functions with other tools functions in tools.c we're missing AuthenticationContextStatement support Fixed 2 bugs in lasso_node_add_signature_tmpl() * the transform method "exclusive C14N" was missing in Transforms element * removed useless KeyInfo element in Signatures without X509 data [from lasso-orig revision 1.95] 2004-11-01 Frederic Peters cleaning files LECP converted to new tree set RemoteProviderID has attribute instead of text child to be a little more compatible with lasso (still incompatible since they put all the federation in a global while I put them directly in the ). sign message in name registration fixed previous lasso-head port Corrected lasso_logout_process_response_msg so that it works for proxies. - Added Swig access to attribute role in LassoProvider (needed for proxies). - Renamed TargetNamespace (without uppercase 'S'). 2004-10-30 Frederic Peters xmlsec for logout requests and responses ds:Signature in (in login) (and the signature is not verified yet) 2004-10-29 Frederic Peters cleaning up read over lasso_login_process_request_msg syncing other functions lasso_samlp_response_abstract_fill to initialize responses with id, time and versions. synced lasso_login_build_authn_response_msg synced lasso_login_build_authn_request_msg; added has_protocol_profile function. synced lasso_login_build_artifact_msg synced (not much to do) lasso_login_accept_sso not much on lasso_login_process_response_status_and_assertion cleaned up lasso_login_process_federation no space before : sync unknown error value with lasso reformatted lasso_get_pem_file_type apply optimization to build_random_sequence (and use it in build_unique_id) change function signature 2004-10-28 Frederic Peters style fixed lasso_get_current_time to return UTC time removed unused lasso_g_ptr_array_index 2004-10-27 Frederic Peters removal of \n at end of error messages removed useless casts indented lasso.c cleaning up removed unused code [2004-10-26 19:36 rchantereau] configure.ac: Some configuration variables and configure options in order to compile php. Done with the move to structures and the removal of protocols/ (lasso branched on October 2nd; occasional merges since then). - Compatible with current souk test suites. - Missing memory management for everything in xml/ - Missing xmlsec support for SOAP messages. 2004-10-03 Emmanuel Raviart Removed wrong test and changed a comment. Added RegisterNameIdentifier request and response to SWIG binding. Corrected error in exception generation for non-Python bindings. Removed SWIG_Warning which doesn't exist in Swig. Updated Python tests. 2004-10-02 Emmanuel Raviart Integrated scalp_is_liberty_query into Lasso. Consequently, LASSO_PROFILE_ERROR_INVALID_QUERY is now a negative error code and a critical message is displayed when this error occurs. Removed function lasso_login_process_without_authn_request_msg. It has been replaced with: lasso_login_init_self_addressed_authn_request(remote_providerID); /* ...Set protocolProfile, isPassive, consent, relayState here... */ lasso_login_process_authn_request_message(NULL, lassoHttpMethodSelfAddressed); This change was needed because there was no way to set isPassive, consent, etc, before. Standardized some error codes and messages. 2004-10-02 Emmanuel Raviart Homogeneized error handling for HTTP methods in requests. Reworked error codes, so that positive and negative numbers don't overlap: It will be easier to change the sign of an error code without break API. Realigned error codes definitions. 2004-10-02 Emmanuel Raviart Removed consent from fake authnRequest created by lasso_login_process_without_authn_request_msg: Since the nameIDPolicy is "any", must_ask_for_consent must return true and if the user doesn't give its consent, a one-time nameidentifier should be used. In lasso_login_process_without_authn_request_msg, set the isPassive flag of the fake authnRequest to false, so that must_authenticate() returns true. Corrected handling of NULL remote_providerID in lasso_login_process_without_authn_request_msg. 2004-10-02 Valery Febvre Fixed a bug in lasso_login_process_without_authn_request_msg() and lasso_login_build_assertion() When Identity provider initiates SSO, response assertion MUST not include an InResponseTo attribute. Fixed a bug in lasso_query_to_dict() function It occurred when a parameter didn't have a value. 2004-10-02 Emmanuel Raviart Added login method processWithoutAuthnRequestMsg to SWIG bindings. 2004-10-02 Valery Febvre Added documentation Modified lasso_login_process_without_authn_request_msg() The 'remote_providerID' param is now optional (can be NULL). 2004-10-01 Valery Febvre Added methods comments Fixed a bug in lasso_login_accept_sso() 2004-10-01 Emmanuel Raviart Removed federation test, because for one-time single sign-on, there is no federation. Correction in consent handling for login when testing IsPassive. 2004-10-01 Valery Febvre Fixed a bug in lasso_login_ask_for_consent() Some cases had been forgotten. 2004-10-01 Emmanuel Raviart Corrected #define syntax in SWIG. Added consent constants in SWIG. Use #define instead of xmlChar for string constants in SWIG. 2004-10-01 Valery Febvre Fixed a bug in instance_init() methods of LassoIdentity and LassoSession classes is_dirty flag was initialized to TRUE instead of FALSE. 2004-10-01 Emmanuel Raviart camelCased argument name in SWIG. English correction. Synchronized SWIG error codes with those in errors.h (Shame on the developper who forgot to update them in Lasso.i :-) 2004-10-01 Valery Febvre Fixed a bug in lasso_query_verify_signature() It was impossible to verify queries signed with the DSA-SHA1 algorithm. Added one error code 2004-09-30 Emmanuel Raviart Updated login C tests to new API for obtaining consent. Added mustAskForConsent to login in SWIG. camelCased a parameter name. 2004-09-30 Valery Febvre Added a param 'is_consent_obtained' in method: lasso_login_build_artifact_msg(), lasso_login_build_authn_response_msg(), lasso_login_process_federation(), lasso_lecp_build_authn_response_envelope_msg() AuthnRequest message accepts now all possible values for the NameIDPolicy: none, onetime, federated, any Added lasso_login_must_ask_for_consent() method This method must be called after lasso_login_process_authn_request_msg() Added lasso_login_process_without_authn_request_msg() method This method is useful to initiate SSO from IDP. Lasso.i was updated according to the changes. 2004-09-30 Nicolas Clapies Updated registation profile : now it supports multiple registration from SP and IDP. This profile has been tested only with SOAP method in souk. Test must be added with Redirect method. Fixed a critical segfault bug when parsing an invalid SOAP message in private method lasso_{protocol_type}_new_from_soap(). 2004-09-30 Emmanuel Raviart Added directory for sample SourceID messages. 2004-09-30 Nicolas Clapies Fixed critical bug when parsing an invalid SOAP message in private method lasso_name_identifier_mapping_response_new_from_soap() 2004-09-30 Valery Febvre Added 3 error codes Added 3 lassoLibConsent 2004-09-30 Nicolas Clapies Fixed critical bug when parsing an invalid SOAP message in private method lasso_name_identifier_mapping_new_from_soap() 2004-09-30 Valery Febvre Added a parameter 'content' (optional) in lasso_federation_build_local_nameIdentifier() and lasso_federation_build_remote_nameIdentifier() methods Added lasso_federation_build_remote_nameIdentifier() and lasso_federation_build_local_nameIdentifier() methods 2004-09-30 Emmanuel Raviart Updates Python tests to new Lasso API. 2004-09-29 Emmanuel Raviart Updated C tests to lasso_server_new new API. 2004-09-29 Nicolas Clapies Added better support for name registration. There is still problem with multiple registration needed to be fixed 2004-09-29 Valery Febvre Replaced 2 lassoLibMinorVersion by 2 lassoSamlMinorVersion and 2 lassoLibMajorVersion by 2 lassoSamlMajorVersion 2004-09-28 Nicolas Clapies Added comments in lasso_register_name_identifier_response_new() Added support of RelayState. Now if the requester wants to get back th RelayState, it has to acces to profile->msg_relayState 2004-09-27 Valery Febvre Added an error code: LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED Improved lasso_node_verify_signature() method The 'public_key_file' param can now be either a public_key or a certificate 2004-09-27 Nicolas Clapies Added dump support in name registration. Fixed a bug in lasso_process_request_msg() : removed a free of node 2004-09-27 Valery Febvre Fixed bug #303 lasso_profile_set_session_from_dump() and lasso_profile_set_identity_from_dump() methods log now a critical message if dumps are NULL. 2004-09-27 Valery Febvre Renamed 'ca_certificate' property of LassoProvider object to 'ca_cert_chain' Added a new property 'secret_key' in LassoServer object Changed prototype of lasso_server_new() method BEFORE: LassoServer * lasso_server_new(gchar *metadata, gchar *public_key, gchar *private_key, gchar *certificate, lassoSignatureMethod signature_method) AFTER: LassoServer * lasso_server_new(const gchar *metadata, const gchar *private_key, const gchar *secret_key, const gchar *certificate) public_key param was removed because it was useless. secret_key was added to decrypt private_key signature_method was removed (default value is lassoSignatureMethodRsaSha1). 2 new methods was added to access 'signature_method' property of LassoServer: lasso_server_get_signature_method() and lasso_server_set_signature_method() Update Lasso.i 2004-09-27 Nicolas Clapies Fixed bug #294 : memory leak on name identifiers local variables in lasso_name_registration_init_request(). 2004-09-27 Valery Febvre Removed lasso_node_verify_x509_signature() method. This method isn't useful anymore. lasso_node_verify_signature() can now verify signatures with or without X509Data. Added a new param "ca_cert_chain_file" in lasso_node_verify_signature() 2004-09-27 Nicolas Clapies Fixed bug #293 : memory leak on content local variable in lasso_logout_init_request(). 2004-09-27 Valery Febvre Added lasso_load_certs_from_pem_certs_chain_file() function 2004-09-27 Nicolas Clapies Fixed bug #292 : memory leak on content attribute. 2004-09-25 Nicolas Clapies - Removed lassoLibProtocolProfileNimSpSoap macro. - Removed odd private method : lasso_name_identifier_mapping_response_new_from_query is not useful, Liberty Alliance does't implement Redirect method in name identifier mapping profile. - Added lasso_name_identifier_mapping_response_set_status_code_value() to define status code of the response. - Removed odd private method : lasso_name_identifier_mapping_request_new_from_query() has no sense. Liberty Alliance doesn't define Redirect method for name identifier mapping profile. 2004-09-25 Nicolas Clapies - Fixed mistake in the API : restored the second param (provider type). Added a new attribute. Now targetNameIdentifier is used to get the target name identifier of the remote Service Provider. Later it will be used to request an attribute of a principal at this SP. - Updated code of name identifier mapping object : lasso_name_identifier_mapping_build_request_msg() : builds the name identifier mapping SOAP request message. lasso_name_identifier_mapping_process_request_msg() : parse a SOAP request message. lasso_name_identifier_mapping_validate_request() : now this method verify federation of the principal. and get the name identifier of this principal from federation with the remote service provider. lasso_name_identifier_mapping_build_response_msg() : build the name identifier mapping SOAP response message. lasso_name_identifier_mapping_process_response_msg() : parse the SOAP response message and veriy the status code value. If Success, then it sets the targetNameIdentifier attribute. 2004-09-25 Nicolas Clapies Fixed mistake in LassoNameIdentifierMapping() : restored the second param (provider type). Added a new attribute in NameIdentifierMapping object. Now targetNameIdentifier is the name identifier of the target Service Provider. Later will be used to request an attribute. 2004-09-23 Nicolas Clapies *** empty log message *** Major update of code in lasso_name_identifier_mapping_init_request(), lasso_name_identifier_mapping_process_request(), lasso_name_identifier_mapping_validate_request(). Added binding in swig for name identifier mapping profile Removed old commented code 2004-09-23 Christophe Nowicki Group misc functions into misc.php on the idp and sp Add Federation Terminaison metadata on the idp and sp Add view off federation on the sp Add cancel federation button on the sp and idp Defederation is not working yet 2004-09-23 Nicolas Clapies Added definition of name identifier mapping protocol profiles 2004-09-23 Valery Febvre Moved 'signature_status' private property from LassoLogin to LassoProfile 2004-09-23 Christophe Nowicki Add Federation Federation Termination metadata 2004-09-23 Valery Febvre Removed a ';' in excess 2004-09-22 Valery Febvre Update Ooops, signature_status type must be gint, not gboolean Changed returned values and added some error messages in lasso_query_verify_signature() 2004-09-22 Emmanuel Raviart Updated to new API (but it doesn't work yet). 2004-09-22 Nicolas Clapies Added a test on the remote provider id param in lasso_name_registration_init_request() method 2004-09-22 Valery Febvre Minor fixs 2004-09-22 Nicolas Clapies Added method lasso_lib_name_identifier_mapping_request_set_targetNameSpace() in lib_name_identifier_mapping_reques.c / h files. Added support of target name space in lasso_name_identifier_mapping_new() in name_identifier_mapping_request.c / h files. Added support of target name space in lasso_name_identifier_init_request() in name_identifier_mapping.c / h files 2004-09-22 Christophe Nowicki fix problem with the sso, now the user can do more than one sso session. 2004-09-22 Frederic Peters forgotten commit; /insert const keyword explanation here/ 2004-09-22 Nicolas Clapies fixed a lot of bug, added a new attribute oldNameIdentifier. Now after the process of the identity object ( or dump), nameIdentifier holds the new name identifier and oldNameIdentifier holds the old name identifier lasso_federation_set_local_nameIdentifier() and lasso_federation_set_remote_nameIdentifier() remove the old value before setting local_nameIdentifier of remote_nameIdentifier *** empty log message *** Added lasso_identity_get_federation_ref : it returns the reference of the asked federation object 2004-09-22 Christophe Nowicki Added ProfileBrwsPost 2004-09-22 Valery Febvre update 2004-09-22 Emmanuel Raviart Removed assertion from login in SWIG. 2004-09-22 Valery Febvre Renamed lasso_lecp_init_from_authn_request_msg() into lasso_lecp_process_authn_request_msg() BEWARE : this change breaks the API Removed response_dump and assertion properties in LassoLogin object Added an attribute (remote_providerID) in lasso_login_build_response_msg() Renamed lasso_login_add_response_assertion() into lasso_login_build_assertion() Renamed lasso_login_init_from_authn_request_msg() into lasso_login_process_authn_request_msg() Removed lasso_login_get_assertion(), lasso_login_set_assertion and lasso_login_set_assertion_from_dump() methods BEWARE : these changes break the API Added 8 SamlStatusCode Added lasso_profile_get_remote_providerID() method 2004-09-22 Emmanuel Raviart New API pour artefact handling. 2004-09-20 Valery Febvre update 2004-09-20 Emmanuel Raviart Made argument remote_providerID optional for Defederation.initNotification, in SWIG binding. 2004-09-20 Nicolas Clapies Added binding for new name registration type 2004-09-20 Christophe Nowicki PHP session are stored in the database PHP session are now stored in the database A now table was added 'sso_session' for storing information about the PHP Session, it's possible to view logged user Logout destroy the PHP session in the IdP Bug : user can't sso twice ;( 2004-09-20 Nicolas Clapies *** empty log message *** 2004-09-20 Emmanuel Raviart Made remote_providerID optional in lasso_lecp_build_authn_request_msg and in SWIG Corrected SWIG handling of metadata. Added attribute providerIds to Session in SWIG. 2004-09-20 Nicolas Clapies Fixed big mistake when updating name registration type in lassoRequestType : moved type at the end to preserve API, sorry. 2004-09-20 Frederic Peters repair API/ABI; thanks you very much. 2004-09-20 Nicolas Clapies Added name registration declaration and definition Added name registration type in lassoRequestType enum. added test in function lasso_profile_get_request_type_from_soap_msg() 2004-09-20 Frederic Peters I wanted to login /But it was too long/ So I logged out /It was not much shorter/ 2004-09-20 Nicolas Clapies Added tests in lasso_register_name_identifier_response_new_from_query(). Now return NULL if a required key value is not found Added test lasso_register_name_identifier_request_new_from_query(). Verify if SPProvidedNameIdentifier exists in query (As specified in IDFF 1.2 errata, SPProvidedNameIdentifier is optional) 2004-09-20 Valery Febvre Added lasso_get_public_key_from_pem_cert_file() and lasso_get_pem_file_type() functions 2004-09-20 Nicolas Clapies Replaced call to lasso_identity_get_next_federation_remote_providerID() with lasso_identity_get_first_providerID() 2004-09-20 Valery Febvre the remote_providerID parameter of lasso_login_build_authn_request_msg() method is now optional. If it's NULL, the providerID of the first provider of login->server is used. 2004-09-20 Nicolas Clapies Added lasso_identity_get_first_providerID(). Now it replaces lasso_identity_get_next_federation_remote_providerID() wich still exists to keep API / ABI compatibility 2004-09-20 Valery Febvre Added lasso_server_get_first_providerID() method 2004-09-18 Emmanuel Raviart Added SWIG bindings for metadata, providers and providerIds. Reworked PHP4 binding for Identity.providerIds => PHP API has changed. 2004-09-17 Frederic Peters fixed typo use g_strdup_printf to avoir buffer size calculations and g_snprintf to avoir buffer overrun. use g_strdup_printf to avoid buffer size calculation; and free() the uri once it has been used. strncpy won't add a trailing \0 to the string if it has over 512 characters; only copy 511 and add a zero manually. 2004-09-17 Christophe Nowicki log viewer for the Service Provider and the Identity Provider added logger for in many files updated idp1 metadata, added .php extension added session viewer for the sp (you will be able to view online users) 2004-09-17 Frederic Peters removed remaining parenthesis on return statements lasso_sha1 doesn't return a string but a buffer 2004-09-17 Romain Chantereay Uptaded NSI scripts: * Set version to 0.4.1-2 (filename is set too) * Updated files modules documentation. * Added intl.dll (part of gettext project) to dependencies installation. PS: Gettext is not included, just intl.dll 2004-09-17 Frederic Peters remove removed code alloc xmlChar with xmlMalloc in lasso_build_unique_id; alloc one more character in lasso_sha1; remove some removed code use memcpy to copy memory; also fixed type of samlArt. 2004-09-16 Christophe Nowicki New logging system with a web interface. 2004-09-16 Valery Febvre Disabled "consent" attribute checking when NameIDPolicy is set to federated in the AuthnRequest (in lasso_login_process_federation method) 2004-09-16 Christophe Nowicki For multiple virtual hosts with certificat you need to set the CN. It's fixed in the PHP sample README. README for the PHP samples is now complete. Can someone try it? 2004-09-15 Christophe Nowicki Added sample xml metadata in the distribution Added a README file, this file explain howto setup a PHP IdP/SP, it's not fully documented yet. Work in progress. New logging system based on Pear::Log package. Every actions on the idp, sp will be logged inside the database, syslog a file. 2004-09-14 Nicolas Clapies Added binding for LassoNameRegistration C object Little indentation Added tests if required attributes in lasso_register_name_identifier_request_new_from_query() are not found. 2004-09-13 Christophe Nowicki now the user list show federations bind property providerIDs for LassoIdentity added typemap, convert GPtrArray to PHP indexed string array split source code of singleSignOn.php in many functions added support for http basic authentification remove useless "?SID=" values 2004-09-10 Christophe Nowicki change header("Location $url\n\n") to header("Location $url\r\n\r\n") Use header("Location: $url\n\n") instead of header("Location: $url") Secure every SQL query with the quoteSmart methode. Completely rewrite singleSignOn.php, now the code is more easy to understand and more clean. 2004-09-10 Frederic Peters Fixed ABI and API breakage. Please don't modify function signatures (even more so when the new arg is not used). 2004-09-10 Nicolas Clapies A lot of Updates ... currently it is unusable : lasso_name_registration_validate_request(), lasso_name_registration_process_response_msg(), lasso_name_identifier_mapping_validate_request() and lasso_name_identifier_mapping_process_response_msg() need to be completed Moved lasso_name_registration_validate_request() method at the end of definition order Moved lasso_name_registration_validate_request() at the end of declaration order 2004-09-10 Frederic Peters Moved assertion to private part of LassoLogin* (use lasso_login_get_assertion to get it). Without breaking ABI. Classy. 2004-09-10 Nicolas Clapies Updated name registration object's methods code to have the same structure as the other profiles. It still needs to be tested before to be souked :) Changed comment if error when building query logout request message Added entry for logout method lasso_logout_dump(), lasso_logout_init_request() and lasso_logout_reset_providerID_index() Added lasso_provider_get_registerNameIdentifierServiceReturnURL() method in LassoProvider object 2004-09-09 Christophe Nowicki I've forget to add lasso/php/examples/sample-idp/Makefile in the autoconf script. 2004-09-08 Christophe Nowicki Improve setup system : edit metadata and allow the administrator to select the authentification methode (HTTP Basic or HTML Form). 2004-09-08 Frederic Peters please use spaces between variable names and values 2004-09-08 Christophe Nowicki added edit sp metadata to the setup system nice user browser oups ;( SOAP request read problem fixed SSO is now working much better 2004-09-08 Emmanuel Raviart Restructured ColdFusion code. Added single logout code. Both single sign-on and single logout work. 2004-09-07 Emmanuel Raviart Added files that I forgot to commit for 0.4.1 Improved ColdFusion. 2004-09-07 Romain Chantereay Corrected install-java-lite nsi script. 2004-09-07 Emmanuel Raviart Created ChangeLog using cvs2cl -f ChangeLog --FSF Replaced Sign On with Sign-On. Login skeleton for ColdFusion is now fully working. 2004-09-07 Romain Chantereay Updated NSI scripts. Set Lasso DLL windows resources filename to liblasso-1.dll. Add windows linker --add-stdcall-alias in order to permit failsafe use of DLLs. 2004-09-07 Christophe Nowicki IdP PHP : logout is working ZVAL_STRING macro for PHP 2004-09-07 Frederic Peters fixed error output in configure when no java has been found (was: ./configure: line 20612: NULL: command not found ) 2004-09-07 Romain Chantereay Firsts fixes in order to compile Python binding under Darwin. Another way to test, ugly, but safe. 2004-09-07 Nicolas Clapies Comments miss in some last commits, so : the 4 last commits fixed a bad bug in lasso_logout_get_next_provideID() and a bug in the setting of status code value in logout response 2004-09-07 Romain Chantereay Ok, now a module undex Win32, and a lib under Linux (and other OS). 2004-09-07 Nicolas Clapies Fixed a seg fault in lasso_logout_get_next_providerID() 2004-09-07 Romain Chantereay Now module is a module. 2004-09-07 Nicolas Clapies *** empty log message *** 2004-09-07 Romain Chantereay Now 0.4.1 and 1:1:0. 2004-09-07 Nicolas Clapies Added entries for missing methods of logout object documentation : lasso_logout_init_request() and lasso_logout_reset_providerID_index() Updated the API developer documentation Updated the API developer documentation 2004-09-07 Christophe Nowicki SWIGPHP4 is not a defined in the wapper source code, use PHP_VERSION remove swig -noproxy option for PHP 2004-09-07 Romain Chantereay RTM :) Now good and proper test on swig version. 2004-09-07 Frederic Peters filled NEWS file removed note about bindings in README 2004-09-07 Romain Chantereay For compatibility with SWIG < 1.3.22, test the swig version before using the new java enum handling way. 2004-09-07 Romain Chantereay Specificly use original approach java enums binding method. http://www.swig.org/Release/CHANGES 05/20/2004: wsfulton [Java] Java enum support added. There are now 4 ways in which enums can be wrapped: 1) Proper Java enums - use %include "enums.swg" 2) Typesafe enums - use %include "enumtypesafe.swg" 3) Type unsafe enums (constant integers) - use %include "enumtypeunsafe.swg" 4) Simple constant integers (original approach) - use %include %"enumsimple.swg" 2004-09-07 Romain Chantereay Added php sample-sp to the distribution. 2004-09-07 Frederic Peters updated debian packaging updated debian packaging 2004-09-07 Romain Chantereay Better java sun jdk support on Windows plateforms. NOTE: Use good PATH environment variable and set JAVA=java, JAVAC=javac & JAR=jar. It is very important. Fixed php-config help typo. No need to define package and version constants, there are already defined in the lasso_config.h file. This file is included in the generated wrap C source code. Windows java installer includes now lasso.jar. Usefull isn't it ? 2004-09-07 Emmanuel Raviart Corrected Lasso minor version in SWIG binding. 2004-09-06 Frederic Peters added 0.4 to doap.rdf a bit late; fixed use of unitialized variables (-Wuninitialized needs -O) 2004-09-06 Romain Chantereay Updated installer file names. Added NSI java script file to distribution. Updated NSI file and added java NSI. 2004-09-06 Christophe Nowicki PHP Idp Sample : - form for creating metadata - sso support - small README with installation instruction 2004-09-06 Romain Chantereay No more trace of macros if the distribution. pkg-config-path= becomes pkg-config= Removed check.m4 from distribution. 2004-09-06 Nicolas Clapies Removed old methods declaration 2004-09-06 Frederic Peters removd extraneous output about gtk-doc 2004-09-06 Romain Chantereay Really added check macros to the distribution. Corrected java test. Args are string. 2004-09-06 Romain Chantereay Revision to 0.4.0 Libtool: 1:0:0 Java is not activated when no jar program. 2004-09-06 Nicolas Clapies *** empty log message *** *** empty log message *** 2004-09-06 Romain Chantereay Some typo, and variables corrections. 2004-09-06 Nicolas Clapies Added lasso_logout_dump() to logout.h Renamed methods lasso_logint_set_assertion*() to lasso_login_set_assertion*() Oups, little mistake : now attribute version is added only in lasso_profile_dump() instead of lasso_login_dump() or lasso_logout_dump() Added version attribute in lasso dump messages 2004-09-06 Romain Chantereay Now, we use the detected JAR program instead of an harcoded 'jar' command. Now Lasso distribution includes the check macros allowing people to generate Makefile and configure without check-xml installed. PS: The distribution is not checked yet. 2004-09-05 Emmanuel Raviart Changed Python exceptions generated by SWIG. 2004-09-04 Emmanuel Raviart Half a day of work for this prodigious result: ColdFusion redirects the AuthnRequest to the IDP. Corrected a mistake in Java binding. 2004-09-04 Frederic Peters missing includes, unusued variables, usual saturday stuff. 2004-09-04 Nicolas Clapies *** empty log message *** Fixed a lot of bugs in the logout from a SP to others SPs : now it remove each of the assertions SPs at IDPs and IDP returns the real LogoutResponse 2004-09-04 Frederic Peters Pierre Cros improvements 2004-09-04 Emmanuel Raviart Made the sample Java code work. Added new object Assertion to C# & Java bindings. Corrected Java. Converted C login test to new login API. Added defines neededfor Java binding. 2004-09-03 Nicolas Clapies *** empty log message *** Fixed problem when checking all remote SP from IDP in lasso_logout_validate_request() : replaced lasso_provider_get_singleLogoutProtocolProfile(provider, lassoProviderTypeIdp, NULL) with lasso_provider_get_singleLogoutProtocolProfile(provider, lassoProviderTypeSp, NULL) Updated of lasso_logout_validate_request() : now it returns a code error of -301 (unsupported profile) if an IDP receiving a LogoutRequest via SOAP detects other SPs dont support SOAP method. Updated process of artifact : now the IDP generates an artifact either or not the user authentication succeeded. When the SP resends the artifact to the IDP in a samlp:Request, it builds a samlp:Response message with Success status code value. If an assertion is found from artifact, then it adds it to the response. Finally, the IDP responds to the SP with the SOAP message 2004-09-02 Frederic Peters another serie of ignored files ignore some files ignore a bunch of things 2004-09-02 Emmanuel Raviart Added missing .cvsignore in tests/data/ 2004-09-02 Frederic Peters things were overcomplicated; simplify a bit (for example the DEPDIR dirty things was necessary because variables were overused; ask me for details if you want) new classes -> new files disable xmlsec version check 2004-09-01 Nicolas Clapies Removed lasso_session_remove_assertion() in lasso_logout_init_request() at IDP with HTTP Redirect method, added remove of assertion if at IDP and HTTP redirect *** empty log message *** Removed in python test, hard coded logout dump test, fixed a bug in lasso_logout_new_from_dump() when setting provider id index 2004-09-01 Christophe Nowicki PHP IdP Sample : - setup system is working - user management (add, delete, etc ...) - sso login in progress 2004-09-01 Nicolas Clapies Moved support of provider index from session to logout. Now only the logout knows the current index of the provider id to request, and the session can only return the provider id from an index Added support of index ProviderID in lasso_session_dump() and lasso_session_new_from_dump() Fixed bug when getting relay state in lasso_logout_process_response_msg() 2004-09-01 Emmanuel Raviart Corrected Request and Response for Logout and request for Federation Termination Notification in SWIG. 2004-09-01 Frederic Peters removed extra parentheses after return statements; 2004-09-01 Nicolas Clapies Added free of temporary node object in lasso_logout_new_from_dump() Added parse support of xml message in lasso_logout_response_new_from_export(), added private method lasso_logout_response_new_from_export() Fixed bug when parsing from an export message in lasso_logout_request_new_from_xml() : call to lasso_node_destroy() at the wrong place 2004-09-01 Emmanuel Raviart LassoSession.getAuthenticationMethod argument is now optional. 2004-09-01 Christophe Nowicki Fix addProvider bug 2004-09-01 Nicolas Clapies Replaced lasso_session_get_next_providerID() with lasso_session_get_first_providerID() Removed set of msg_relayState in lasso_logout_process_request(), it has no meaning here, but set the msg_relayState in lasso_logout_process_response_msg() 2004-08-31 Emmanuel Raviart Added a new Python logout test: Make the same Logout.newFromDump enough times => segfault. Corrected request and respond for profiles others than login. Added relayState attribute to LogoutRequest, but it doesn't work. I believe, this is a Lasso bug. 2004-08-31 Nicolas Clapies Added method lasso_session_get_first_providerID(). Now to get the first providerID use it instead of lasso_session_get_next_providerID() fixed bug in lasso_logout_dump() and lasso_logout_new_from_dump() 2004-08-31 Emmanuel Raviart Added setting of isPassive to False in doc. 2004-08-31 Frederic Peters strcmp is used; string.h must be included g_sprintf is used; gprintf.h must be included default: in switches removed unused variables g_sprintf is used; glib/gprintf.h must be included strlen is used; string.h must be included properly cast request to needed type default: to set descriptor to NULL; so it won't be undefined on the next line where it was tested. xmlSecBase64Encode is used; xmlsec/base64.h must be included g_sprintf is used; gprintf.h must be included; default: statement in switch. 2004-08-31 Nicolas Clapies Added support of code error LASSO_PROFILE_ERROR_MISSING_REQUEST in lasso_logout_build_response_msg() Added code error : LASSO_PROFILE_ERROR_MISSING_REQUEST. It indicates that lasso needs a request to process a task. For example, when building a response message 2004-08-31 Frederic Peters cvs must ignore cil and dev packages directory cvs must ignore cil and dev packages directory php4 packaging and renamed liblasso0-python2.3 to python2.3-lasso php4 packaging and renamed liblasso0-python2.3 to python2.3-lasso 2004-08-31 Emmanuel Raviart Typo correction. 2004-08-31 Nicolas Clapies Fixed bug when attempting to parse a query message : now if a key / value with = is incomplete, it skips it and completes the process of the list Added in parse of query a test if the data list is not NULL 2004-08-31 Emmanuel Raviart Added Lasso version constants to SWIG. Testing logout.processResponseMsg with a really bad URL. => red alert. 2004-08-31 Christophe Nowicki new version of the PHP service provider made with the new Swig PHP binding 2004-08-31 Nicolas Clapies Fixed missing feature in lasso_process_request_msg() and lasso_logout_process_response() : now if the parse of the query message is wron, then it returns LASSO_PROFILE_ERROR_INVALID_QUERY code error Fixed bug in lasso_logout_response_new_from_export() : now if a query message and if an attribute or element key / value is missing, return NULL Fixed bug in lasso_logout_request_new_from_export() : now if a query message and if an attribute or element key / value is missing, return NULL 2004-08-30 Emmanuel Raviart New logout test => Red alert! Removed low-level bindings from SWIG. In PHP, error constants keep their LASSO_ prefix (because PHP4 doesn't have the notion of namespaces). 2004-08-30 Nicolas Clapies Little lean of the code 2004-08-30 Christophe Nowicki PHP Binding : PHP does not handle namepaces, added lasso_ prefix for all functions. 2004-08-30 Nicolas Clapies Fixed problem when validating the notification : test the remote provider type to get the return url Added a test in lasso_defederation_build_notification_msg() to test if the federation termination service url exists Fixed call of lasso_session_remove_assertion() in the right place in init_request() and process_response_msg() Fixed error in method name : renamed lasso_provider_get_singleLogoutServiceURL() to lasso_provider_get_registerNameIdentifierServiceURL() Added comment in lasso_defederation_validate_notification() : indicate that query is not signed because of the crypted optional relay state Added building of federation termination notification return url with QUERY if a RelayState is in the notification Added lasso_logout_new_from_dump(). Need to be tested Added parsing of status code value in lasso_logout_response_new_from_query(). Now it sets the Status, StatusCode and his Value attribute in logoutResponse Fixed bug when dumping and loading from dump server with no metatadata. Now if metadata of the server exists, it adds a ServerMetadata node and embbeds it 2004-08-30 Emmanuel Raviart A few corrections to SWIG binding (a quick commit, so that Christophe can work on it). 2004-08-30 Frederic Peters swig generate new objects/filenames returns 0 on success 2004-08-30 Emmanuel Raviart SWIG high-level binding now uses camelCase. Updated SWIG binding to support Java high-level classes. Simplified java/Makefile.am (but now, it needs to be reworked by an autotools expert). ColdFusion simple Java test compiles ok. 2004-08-29 Emmanuel Raviart SWIG should now generate a high-level binding with classes, so I have removed the -noproxy option. 2004-08-29 Frederic Peters updated c# binding for new class names some tests do not have descriptions corretly escape xml 2004-08-29 Emmanuel Raviart Removed obsolete Python doc. When Lasso doesn't recognize the URL query, it now throws a SyntaxError exception. 2004-08-28 Emmanuel Raviart Removed references to lassomod in .cvsignore. SWIG now produces high-level bindings. (python/Makefile.am needs some cleaning IMHO, but I don't understant it). 2004-08-28 Frederic Peters renamed API reference to API reference (was reference manual) xml encoding of special characters (&, <, >) new URLs and version info for 0.3.0 2004-08-28 Emmanuel Raviart Converted Identity & Session to real objects in SWIG bindings. Hide LibAuthnRequest attributes from SWIG binding. Added preliminary error throwing in SWIG binding. Replaced simple object methods whith #define. Converted SWIG Server into a high-level class with new_from_dump static method and default value for some arguments. Renamed login_tests.py to profiles_tests.py. Added Server tests (=> discovered bug #265). Transformed LassoAuthnRequest as a true SWIG class with attributes and methods for all bindings. 2004-08-27 Nicolas Clapies *** empty log message *** *** empty log message *** 2004-08-27 Emmanuel Raviart Added method Logout.reset_session_index in Python high-level binding. 2004-08-27 Nicolas Clapies *** empty log message *** 2004-08-27 Emmanuel Raviart Added support for "invalid query" errors in Python high-level binding. 2004-08-27 Nicolas Clapies *** empty log message *** Renamed method name lasso_session_get_next_assertion_remote_providerID to lasso_session_get_next_providerID Added return of code error LASSO_PROFILE_ERROR_INVALID_QUERY when an error occurs while parsing a federation termination notification message query in lasso_defederation_process_notification_msg() Added code error LASSO_PROFILE_ERROR_INVALID_QUERY, returned when an error occurs while parsing a query message 2004-08-27 Emmanuel Raviart Corrected SWIG binding. Corrected Python tests. 2004-08-27 Nicolas Clapies Added index attribute (session->index_providerID) of next provider id returned when a call to lasso_session_get_providerID(), added lasso_session_reset_index_providerID() to reset the index to the first provider id of assertion list. the index is decremented when removing assertion. lasso_get_next_providerID() returns NULL if there is no assertion anymore or if the index point is at the end of the list. Added lasso_logout_get_next_providerID() lasso_logout_reset_index_providerID() to wrap session method 2004-08-27 Emmanuel Raviart Replaced SWIG specific functions to access "request" and "response" attributes of profiles, with SWIG read-only attributes. 2004-08-27 Nicolas Clapies Removed g_assert in samlp_request_abstract object when setting required attributes and elements. Added tests in federation termination notification building from QUERY export for required elements, return NULL if error, notification object if ok 2004-08-27 Emmanuel Raviart Removed SWIG Lasso.c file. Added a Python test for defederation (currently it aborts). 2004-08-27 Frederic Peters more on single sign on 2004-08-26 Frederic Peters searches all text files for unknown functions improvement 2004-08-26 Emmanuel Raviart Forgot to declare a parameter as optionnal. Added constant lassoHttpMethodAny. Added error constants to SWIG (and one to Python). 2004-08-26 Frederic Peters new parameter to lasso_logout_init_... fix included file name 2004-08-26 Nicolas Clapies Added a param to method lasso_defederation_init_notification(). Now if it is set, lasso can choose a specific defederation protocol profile depending on the http method value of this param Replaced xmlFree with g_free in lasso_logout_get_next_providerID() for current_provider_id *** empty log message *** Renamed register_name_identifier.* to name_registration.* files Oups, missing commit of the new Lasso.i swig file :p Added a param to method lasso_logout_init_request(). Now if it is set, lasso can choose a specific logout protocol profile depending on the http method value of this param 2004-08-26 Frederic Peters removed revision More on sso profile; sp-side 2004-08-26 Nicolas Clapies *** empty log message *** *** empty log message *** Rename constant LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILLE to LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE, now can be use by all profiles 2004-08-26 Frederic Peters new lasso documentation 2004-08-26 Nicolas Clapies Added remove of assertion in lasso_logout_init_request(), and lasso_logout_process_response_msg() if there was an error while processing a LogoutResponse with HTTP SOAP method, added a returned code error for Unsupported profile status code 2004-08-26 Emmanuel Raviart Moved SWIG constructors and destructors from Lasso.c to Lasso.i. 2004-08-25 Nicolas Clapies Added tests to verify if the request message is a LogoutRequest in lasso_login_process_request_msg() and if the response message is a LogoutResponse in lasso_logout_process_response_msg() Added a test in lasso_login_init_from_authn_request_msg() to verify if the request message is an AuthnRequest message, if not, returns a code error added include for string.h Added in lasso_login_process_authn_response_msg() setting of msg_relayState from lib:RelayState of AuthnResponse message if exists, else msg_relayState is set to NULL *** empty log message *** fixed bug : at a done label, use to remove a provider got with lasso_provider_get_ref() 2004-08-25 Emmanuel Raviart Added a --source-dir option to tests. Removed obsolete Python test framework. 2004-08-25 Nicolas Clapies Added missing private attribute, private variable and desallocation methods : LassoDefederationPrivate *private in LassoDefederation object, static GObjectClass *parent_class in C file, lasso_defederation_dispose() and lasso_defederation_finalize() in LassoFederation object 2004-08-25 Frederic Peters ignore new class added Defederation profile; workaround lasso-sharp.snk 2004-08-24 Nicolas Clapies added test if identity is set before removing federation removed federation and assertion *** empty log message *** *** empty log message *** 2004-08-24 Emmanuel Raviart Corrected SWIG Defederation binding. Created Python high-level class for Defederation. 2004-08-24 Nicolas Clapies updated doc conf files for defederation 2004-08-24 Emmanuel Raviart Continue to rename FederationTermination into Defederation. 2004-08-24 Nicolas Clapies renamed lassoFederationTermination to lassoDefederation in lassoRequestType enum update, now use GError object for each lasso_server_get_provider_ref() renamed lasso_federation_termination_get_type to lasso_defederation_type *** empty log message *** renamed lasso/environs/federation_termination.* to lasso/environs/defederation.* 2004-08-24 Emmanuel Raviart Created SWIG bindings for Defederation (new name of FederationTermination). 2004-08-24 Nicolas Clapies use lassoProviderType instead of gint for provider_type params *** empty log message *** Set the nameIdentifier attribute after a call to init_notification() updated process of logout response msg at SP. Now if the initial requester is a SP and the HTTP method is SOAP and if the logout request fails, then lasso builds a new logout request for HTTP Redirect method and set only msg_url *** empty log message *** fixed bug in lasso_federation_termination_build_notification_msg() : now it gets the remote provider real service url updates minor updates fixed bug in lasso_logout_get_next_providerID() when looking for a remote provider id when session attribute is NULL 2004-08-24 Romain Chantereay Corrected configure option help. Told to use with-pkg-config= and no with-pkg-config-path wich it the good option name. 2004-08-24 Nicolas Clapies fixed problem of finding the remote provider type in build_request_msg() added error messages if invalid attributes in logout object while setting building request and message 2004-08-23 Romain Chantereay Serious rewrite of the automake file. The php extension is now named lasso. The LTLIBRARIES if for 'php_extension' and no more 'lib'. The swig command invokation is updated to use the new php extension name. 2004-08-23 Romain Chantereay Completed autoconf files output directive with win32 directories Makefile. Rewritent the lasso win32 resource file dependency on the top_srcdir and not relative parent directory. 2004-08-23 Romain Chantereay Cleaned a little the automake files. Proper use of $(top_srcdir). Proper use of $DEPDIR. Added $(top_srcdir)/swig/Lasso.c to java shared object compilation. 2004-08-23 Romain Chantereay Re added win32 directory in the distribution. 2004-08-23 Nicolas Clapies *** empty log message *** *** empty log message *** *** empty log message *** verify if session and identity are set in logout object 2004-08-23 Romain Chantereay Removed php subdirectories Makefile generations. 2004-08-23 Nicolas Clapies *** empty log message *** 2004-08-23 Romain Chantereay REmoved now useless binding files. See attic for more information. Now PHP Binding is handled by SWIG. 2004-08-23 Nicolas Clapies updpated process of protocol profile added support of URI identifier in signature 2004-08-22 Valery Febvre Added a new param "use_xsitype" (gboolean) in constructors of classes: LassoLibSubject, LassoLibAssertion, LassoLibAuthenticationStatement Added lasso_node_new_ns_prop() method in LassoNode class 2004-08-21 Frederic Peters updated debian package description; added packaging of the C# assembly. updated debian package description; added packaging of the C# assembly. updated example with correct path to certificates more C# fun. dll is now registered with gacutil. But it needed a StrongName; this is sort of a cryptographic signature for DLL; not clear about this. The key is in csharp/lasso-sharp.snk 2004-08-21 Emmanuel Raviart Bug correction in last PHP changes. 2004-08-21 Frederic Peters forgot to distribute lasso.dll.config C# example some files were renamed I don't know the purpose of this file. working lasso c# binding. next step is to figure how mono manages the directories (currently it looks like CLASSPATH mess but gacutil may be useful). 2004-08-21 Emmanuel Raviart Updated "Writing a SP" doc & PHP binding to Lasso API change. 2004-08-21 Valery Febvre Moved param 'http_method' of lasso_login_build_authn_request_msg() method in lasso_login_init_authn_request() BEWARE : this change breaks the API Added checks not to do copies of NULL objects. Changed LASSO_PARAM_ERROR_INVALID_VALUE error message Fixed a mistake: the signature template should be added before the ProviderID 2004-08-21 Frederic Peters getting there; it builds and installs correctly but I'm still trying to separate assembly name and file name. (no, I don't know what is an assembly name) a few files to ignore usable lasso c# bindings; liblassosharpglue.so is installed in libdir and lasso.dll in /usr/share/dotnet/lasso/ compile with mcs -g -nologo -r:lasso.dll -out:runme.exe runme.cs 2004-08-21 Valery Febvre Removed lassoLibProtocolProfileSSOGet, lassoLibProtocolProfileSSOPost Added lassoXsiHRef, lassoXsiPrefix 2004-08-21 Frederic Peters added c# binding; I'm not sure how all of this works and a little program compiles and run: using System; public class runme { static void Main() { Console.WriteLine("lasso_init"); int rc = lassomod.lasso_init(); Console.WriteLine(String.Format("sortie de lasso_init: {0}", rc)); LassoServer server = new LassoServer( "../tests/data/idp1-la/metadata.xml", "", "../tests/data/idp1-la/private-key-raw.pem", "../tests/data/idp1-la/certificate.pem", lassomod.lassoSignatureMethodRsaSha1); Console.WriteLine("lasso_shutdown"); lassomod.lasso_shutdown(); } } 2004-08-21 Frederic Peters Fixed lasso_server_new parameter type. When you make change in header files (such as [1]) think about the bindings and adapt them; thanks. [1] http://cvs.labs.libre-entreprise.org/cgi-bin/cvsweb.cgi/lasso/lasso/environs/server.c.diff?r1=1.54;r2=1.55;cvsroot=lasso 2004-08-21 Frederic Peters replaced lots of const char* wasting memory and a treat to binary compatibility with lots of #define wasting nothing at all. doesn't fail on second run I prefer it that way reenabled tests since the swig binding is ok now 2004-08-21 Valery Febvre Fixed a bug in lasso_login_accept_sso() Updated gtk-doc 2004-08-20 Emmanuel Raviart Modified PHP bindings in an attempt to add new argument to method lasso_build_authn_request_msg. Updated the documentation to reflect API change. Added new argument to lasso_login_build_authn_request_msg. 2004-08-20 Valery Febvre Added a new param 'http_method' in lasso_login_build_authn_request_msg() BEWARE : this change breaks the API 2004-08-20 Romain Chantereay The local clean rule now remove the package sub directory (com). The dirty rule now have a little goldy spray that test the existence of the com/entrouvert/lasso/lasso.java source file before trying to copy it from the distribution. Modified PHP extension installation directory, now it is prefixed. 2004-08-20 Romain Chantereay Created unprefixed PHP_UNPREFIXED_EXTENTION_DIR in order to prefix it with the supplied configure prefix. Is it useful in this PHP special case ? I do not think so, but, the user is the master. Moved the libtool bad versionning computation after program tests in order to use the founded sed program ($SED) and not just 'sed'. Every calls to 'sed' use the founded 'sed' ($SED). 2004-08-20 Frederic Peters talking about idpProviderID file moved fixed function name 2004-08-20 Emmanuel Raviart In Python high-level binding, constants are now defined using 2 forms: as a global variable and as a dict item. For example: libNameIDPolicyTypeFederated and libNameIDPolicyTypes['federated']. 2004-08-20 Romain Chantereay Use libtool generated la instead of human -llasso and -Ldir... Removed an useless inclusion directory. Coded mechanisms in order to permit distcheck to work cleanly. It is a little dirty, but... Perphas using libtool facilities. Removed an useless inclusion directory. Now include and instead of and h> 2004-08-20 Emmanuel Raviart Corrections in Python high-level binding: - Added missing self in previous commit. - Server default constructor allows again to give no arguments. 2004-08-20 Emmanuel Raviart I have always wanted that Python bindings for GTK, libXML, etc, allow the user to override the classes they define. So I did it for Lasso Python high-level bindings. 2004-08-20 Valery Febvre Update and 2 fixs 2004-08-20 Frederic Peters cleaned Makefile.am (I'm curious about the NULL= idiom; where did it come from ?) 2004-08-20 Christophe Nowicki new setup system 2004-08-20 Valery Febvre Removed useless files ds_signature.c & ds_signature.h 2004-08-20 Frederic Peters removed the remaining ds_signature stuffs 2004-08-20 Emmanuel Raviart Added method get_authentication_method to session in high-level Python binding. 2004-08-20 Frederic Peters install lasso.py (and cleaned a bit the Makefile.am) 2004-08-20 Emmanuel Raviart Removed trash from SWIG binding. 2004-08-20 Frederic Peters typo errors propagate; fixes follow them. 2004-08-20 Emmanuel Raviart Ignore some files in swig. 2004-08-20 Frederic Peters Also look for include files in top_src_dir/lasso. As for the python binding. I actually think this is a bug; why should lasso_wrap.c include lasso.h and not ? get your act on ds_signature; please. include top source dir fixed includes 2004-08-20 Emmanuel Raviart Removed a "s". Updated .cvsignore. Removed old Python binding. Updated Python high-level binding and tests. May all the lights be green! 2004-08-20 Frederic Peters ignore build; no longer need to ignore a bunch of other files gtkdoc example was misleading; caused confusions between what was generated and what was not, etc. Improved things a bit. cleanup and remove result.xml 2004-08-20 Emmanuel Raviart Created a high-level API above SWIG Python API. Removed a trailing "s" from an enum. 2004-08-20 Frederic Peters fixed python path 2004-08-19 Frederic Peters install python in $prefix/lib/python2.3/ instead of $pyprefix/... certs are not in builddir; take care of that include a bunch of ssl thingies in release (make distcheck goes further) 2004-08-19 Frederic Peters Copy the examples but when the examples are wrong you are screwed. Too bad. Never write to srcdir. 2004-08-19 Emmanuel Raviart Commented parts of the SWIG bindings that is not done yet. Note: This commit includes a secret gift. 2004-08-19 Frederic Peters the quest for a working distcheck; don't be miserable, use make features (directed to me; I never remember $?, $@ and family) the quest for a working make distcheck; part 1: srcdir is not always builddir. TODO was removed dude an empty TODO file was misleading removed CVS tag lines that were scattered all around the file (kept as empty comments since they were marks of file change) Makefile.am in swig directory so that make clean and make dist works properly set docdir as datadir/doc/lasso 2004-08-19 Emmanuel Raviart Removed signature functions whose arguments have changed from SWIG binding. They are not for public use anyway. Java & Python binding should now compile correctly => 2 green lights. 2004-08-19 Valery Febvre Fixed a mistake with name identifiers of the assertions Removed debug messages 2004-08-19 Emmanuel Raviart Deeply reworked SWIG bindings for the Lasso objects we currently use. Note: Python high-level bindings are not yet updated to use these SWIG bindings. 2004-08-19 Romain Chantereay Reformated some lines in python Makefile.am Added -I.. to java Makefile.am CFLAGS. Some modifications. The rules generating the C wrapper is defined generating the python wrapper too. Use JDK_INCLUDE if jdk is Kaffe's or Sun's. 2004-08-19 Frederic Peters disabled tests that do not really need really quick fixing. (with the hope to get a full green line) 2004-08-19 Christophe Nowicki Setup PHP Interface in progress ;0) 2004-08-19 Romain Chantereay Completly recoded the java detection and configuration framework. Now compile very well with kaffe and GNU Java compiler. Should compile without any complain with sun jdk if --with-java-home is used. 2004-08-19 Valery Febvre Fixed a bug in lasso_node_verify_signature() & lasso_node_verify_x509_signature() Replaced a HRef by NULL Commented some incorrect lines of code 2004-08-19 Christophe Nowicki more logical comparaison logout 2004-08-19 Valery Febvre Removed ds_signature.c & ds_signature.h 2004-08-19 Romain Chantereay Java binding is no more activated when: - Java compiler is gcj - jni.h is not compilable. 2004-08-19 Valery Febvre Update python binding 2004-08-19 Valery Febvre Splited lasso_node_verify_signature() (LassoNode class) in 2 methods: lasso_node_verify_signature(), lasso_node_verify_x509_signature() Added 2 private methods in LassoNode: add_signature_tmpl(), sign_signature_tmpl(), Removed 'err' param in all methods for signing 2004-08-19 Valery Febvre Added 2 methods: lasso_samlp_response_abstract_set_signature_tmpl(), lasso_samlp_response_abstract_sign_signature_tmpl() Removed err param in lasso_samlp_response_abstract_set_signature() Added 2 methods: lasso_samlp_request_abstract_set_signature_tmpl(), lasso_samlp_request_abstract_sign_signature_tmpl() Removed err param in lasso_samlp_request_abstract_set_signature() Added a '_' character at the begining of all ids generated by lasso_build_unique_id() Update codes Added a signature template in lasso_request_new() Added 2 params in lasso_authn_request_new() sign_type & sign_method are used to build the signature template Changed type of signature_method guint -> lassoSignatureMethod 2004-08-19 Nicolas Clapies fixed bug in lasso_logout_build_response_msg() : build the response message depending on the HTTP method requester 2004-08-19 Romain Chantereay Added ds_signature in the Makefile sources and headers declarations. 2004-08-19 Christophe Nowicki PHP Binding : Added lasso_profile_set_session_from_dump Now lasso_cast_to_profile take to different reources Sample SP : Logout in progress 2004-08-19 Romain Chantereay If swig not present: SWIG=echo python automake use $SWIG instead of swig. 2004-08-19 Frederic Peters removed logout part from C test 2; it would work now. But http://buildbox.entrouvert.org/logs/20040818/lupin.1820.changelog.xml 2004-08-19 Emmanuel Raviart Bug correction. __str__ should not have arguments. 2004-08-19 Romain Chantereay The old subdirs python Makefile generation is no more needed. Include swig Interface file in the source distribution. Now python binding is handled by SWIG. Manou takes the following parts. All the file in the python directory except Makefile.am are useless now; but I do not remove it. 2004-08-18 Nicolas Clapies *** empty log message *** federation termination updates little register name identifier udpates 2004-08-18 Romain Chantereay Oups. Reverted to 1.7 for lasso-sections.txt maintainer-clean do not remove it anymore. Java now distributes itself well and compile well too. (SWIG not needed when compiling sources distribution.) Added generation and clean of lasso-references.txt 2004-08-18 Valery Febvre Removed ds_signature.c & ds_signature.h Added a '%s' in LASSO_DS_ERROR_SIGNATURE_FAILED message 2004-08-18 Frederic Peters warning about the total uselessness of lasso_server_dump 2004-08-18 Christophe Nowicki Rename install.php to setup.php 2004-08-18 Frederic Peters section about lasso_server_dump and lasso_server_new_from_dump 2004-08-18 Christophe Nowicki Service Provider written in PHP (login is working and logout will work soon ;0) Add environ/lasso_logout.c Add logout functions : lasso_logout_new, lasso_logout_init_request, lasso_logout_build_request_msg 2004-08-18 Frederic Peters properly use libtool convenience libraries (intend is to build correctly on hppa) 2004-08-18 Romain Chantereay Update interface (moved _bla to bla). 2004-08-18 Nicolas Clapies udpate of logout and federation profiles added private attribute http_request_method in profile class to know the HTTP method in defederation, name registration, logout and name mapping used by the requester renamed federationTerminationReturnServiceURL to federationTerminationServiceReturnURL 2004-08-18 Frederic Peters properly don't enable python if it was not detected 2004-08-17 Frederic Peters shortened title a bit this script checks a documentation file for functions that do not exist they may talk about correctness but won't make it 2004-08-17 Romain Chantereay Updated Interfaces. Commented out all .*Class$. 2004-08-17 Frederic Peters typo 2004-08-17 Nicolas Clapies updated error checkings with ret / goto done method 2004-08-17 Emmanuel Raviart I presume that the writer of the documentation "Writing a Liberty Alliance service provider in C" has never coded such a SP in C. 2004-08-17 Christophe Nowicki rename lasso_login_set_identity_from_dump to lasso_profile_set_identity_from_dump fix cvs sticky state problem. Added lasso_session_dump added lasso_login_set_identity_from_dump fix cvs sticky state ;( 2004-08-17 Nicolas Clapies added UnsupportedProfile constant updated doc in logout, fixed Feature Requests item #253, must be tested, added doc to federation termination notification removed unwanted code removed unwanted attribute in logout object 2004-08-16 Nicolas Clapies added API doc comments 2004-08-16 Christophe Nowicki Add lasso_profile_get_identity, lasso_profile_is_identity_dirty, lasso_profile_get_session, lasso_profile_is_session_dirty 2004-08-16 Frederic Peters where is the name identifier detect and use rest2html signature 2004-08-16 Christophe Nowicki Added lasso_login_process_response_msg and fix a minor bug in lib_authn_request (bool) 2004-08-16 Frederic Peters last one cast Login et Logout to Provider 2004-08-16 Valery Febvre *** empty log message *** 2004-08-16 Emmanuel Raviart Improved session deletion in Python simulator. Removed comments. 2004-08-14 Frederic Peters format the metadata to avoid an horizontal scrollbar lasso_provider_get_assertionConsumerServiceURL now returns a glib-allocated string (instead of libxml2-allocated) since it was already declared to return gchar*. Moreover it strips the returned string so that is is possible to have some spacings in the metadata file. https://service-provider:2003/liberty-alliance/liberty-alliance/assertionConsumer won't no more cause a redirect to Location:\n https://... missing parameter trying to fix login test 2 get away from G_LOG_LEVEL_ERROR since they cause abort() test for xmlParseMemory success // are not in ISO C90 include since xmlSecBase64Decode is used %F is only defined in C99 and %T in the Single Unix Specification; use more conservative "%Y-%m-%dT%H:%M:%SZ" 2004-08-14 Emmanuel Raviart Added logout to sample Liberty proxy, but it fails because of Lasso bug #259. 2004-08-13 Frederic Peters include xmlsec/base64.h since it uses one of those functions declarations first (and s/lenght/length/) 2004-08-13 Emmanuel Raviart Added client flag to SSL servers, because each server is also a SOAP client. 2004-08-13 Frederic Peters missed an arg 2004-08-13 Emmanuel Raviart Removed certificates that are no more used. Improved lasso/.cvsignore. Updated Python sample sites to use new certificates. Added forgotten LECP public keys. 2004-08-13 Valery Febvre Added error checks and error messages Added signature element in lib:AuthnRequest (POST method) and in samlp:Request lasso_server_add_provider returns now a -202 error when it fails *** empty log message *** Modified 4 error codes Added one Added comments 2004-08-13 Emmanuel Raviart Added metadata corresponding to new certificates. Updated non regression tests to use these certificates and metadata. 2004-08-12 Emmanuel Raviart Added sample X.509 certificates and keys. 2004-08-12 Frederic Peters worth a table of contents 2004-08-12 Christophe Nowicki remove all debug messages. 2004-08-12 Frederic Peters workaround xmlsec bug links to API; at best. shuffling notes new section on compilation/linkage; new section on return code checking; fixes to the code samples. 2004-08-12 Christophe Nowicki fix bool value in lasso_lib_authn_request_set_forceauthn fixed wrong args num for lasso_login_init_authn_request 2004-08-12 Emmanuel Raviart Added .cvsignore to lassobook. 2004-08-12 Valery Febvre Added tests for errors reporting and to avoid some malicious segfaults 2004-08-12 Emmanuel Raviart Corrected comment. Create a new test Proxy server (a server between a SP and an IDP, which acts as an IDP for the SP and as a SP for the IDP): login works. 2004-08-11 Valery Febvre Fixed a bug in lasso_provider_get_providerID Replaced lasso_str_hash by lasso_sha1 Removed Base64 encoding of result in lasso_build_unique_id() funct Renamed 4 error codes and added one Added param 'type' in set_debug_info() Fixed GError* bugs Added tests for errors reporting and to avoid some malicious segfaults Fixed a bug with metadata ProviderID attribute is "providerID" instead of "ProviderID" Removed param 'err' in lasso_provider_get_providerID Added a param 'err' in 2 methods of LassoServer class: lasso_server_get_provider, lasso_server_get_provider_ref for errors reporting Changed return type for 5 methods in LassoNode: lasso_node_dump, lasso_node_export, lasso_node_export_to_base64, lasso_node_export_to_query, lasso_node_export_to_soap 2004-08-11 Frederic Peters style more on database section style section about database 2004-08-11 Emmanuel Raviart Better handling and checking of Liberty-Enabled header. 2004-08-11 Frederic Peters section about LassoServer 2004-08-11 Emmanuel Raviart Removed server public key in tests: it seems that it is no more used. In Python simulator, redirect now accepts partial URLs. In python/tests, there are now a sample IDP (sample-idp.py) and a sample SP (sample-sp.py). The two applications are real servers. 2004-08-11 Frederic Peters more code in the documentation 2004-08-10 Frederic Peters fixed a few errors warning about *not* taking care of memory management and error checking fix documentation about writing a service provider in C 2004-08-10 Christophe Nowicki Added new PHP Unit test for Lasso Login and Lasso Server. 2004-08-10 Romain Chantereay Corrected automake problems. 2004-08-10 Christophe Nowicki add php unit test support. just run php -f php/run-tests.php create php/run-tests.php and export PHP_PATH 2004-08-10 Romain Chantereay Create package directory if not exists. 2004-08-10 Romain Chantereay - Added java binding swig generation. - Added Swig Interface file. - Added readme for java build dependencies - Removed old java/src directory (still present on the CVS and this is important). 2004-08-10 Emmanuel Raviart Improved Python unit tests. 2004-08-10 Christophe Nowicki Removed the param 'remote_providerID' of lasso_login_init_authn_request() method Added a param 'remote_providerID' in lasso_login_build_authn_request_msg() method Fix compilation warnings, avoid multiple definitions and REGISTER_STRING_CONSTANT 2004-08-10 Valery Febvre Fixed a bug in lasso_login_process_authn_response_msg() method 2004-08-09 Emmanuel Raviart Renamed LEC to LECP. It is really a proxy. LECP now nearly works. Still a segmentation fault at the end, but Valos is aware of it. 2004-08-09 Valery Febvre Fixed a BIG bug in lasso_node_add_child() method Fixed a bug in lasso_server_dump() 2004-08-09 Emmanuel Raviart Updated Python tests. Not finished but Valos want it to debug Lasso. Slightly corrected C test. 2004-08-09 Frederic Peters new lack of error checking test case; not even the developer fault this time; the program got bad data; lasso segfault. 2004-08-09 Valery Febvre Small fix Fixed a bug in lasso_lecp_build_authn_request_msg() Updated server Added XML export type in lasso_authn_request_envelope_new_from_export() Server objects can now be created without metadata Corrected correction Update 2004-08-09 Valery Febvre Removed Base64 encoding in lasso_lecp_build_authn_response_msg() Removed Base64 decoding in lasso_lecp_process_authn_request_envelope_msg() Removed the param 'remote_providerID' of lasso_lecp_init_authn_request() Added a param 'remote_providerID' in lasso_lecp_build_authn_request_msg() Added 3 params in lasso_lecp_build_authn_response_envelope_msg() They are necessary to build the Assertion, to process the federation and possibly to set the Status. 2004-08-09 Valery Febvre Removed the param 'remote_providerID' of lasso_login_init_authn_request() method Added a param 'remote_providerID' in lasso_login_build_authn_request_msg() method Added 3 missing #include 2004-08-09 Frederic Peters the point is to fix lasso not to segfault; not to fix tests to make lasso happy. 2004-08-09 Valery Febvre 'Class methods' Login.new() & Logout.new() should be used instead of Login() & Logout() constructors Added doc 2004-08-09 Emmanuel Raviart Updated Python unit tests infrastructure, so that it can be reused for independant simulation applications. Added module http. It is derived from Expression eponym module, but it is derived from abstractweb and it is designed to be a truly independant module. It still need a lot of work, but may be one day, Expression will use it. Added module abstractweb. It defines abstract classes for HTTP servers, etc, that are independant of the connection type: They must be overrided for HTTP(S) connection or simulated connections. Added module assertions to Python Lasso simulator. This module defines global functions to use for unit tests (instead of methods self.fail...) or for other applications. Added module builtins to Python Lasso simulator. builtins will replace environs in Expression one day. 2004-08-08 Valery Febvre Relpaced the lasso_str_hash() call by lasso_sha1() in the lasso_login_build_artifact_msg() method. Fixed bug #245 In the dump of the identity object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix). In the dump of the session object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix). In the dump of the server object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix). Relpaced the lasso_str_hash() call by lasso_sha1() in the lasso_server_get_providerID_from_hash() method. Minor fixs In the dump of the federation object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix). In the dump of the provider object, rather than use the "Lasso" word in the name of nodes, the namespace of the root elment is now set to the Lasso namespace (without prefix). 2004-08-08 Frederic Peters missed new files missed new files debian packaging: - correct sections - correct FSF address - renamed liblasso-dev to liblasso0-dev (and provides: liblasso-dev) - pointer to /usr/share/common-licenses/GPL debian packaging: - correct sections - correct FSF address - renamed liblasso-dev to liblasso0-dev (and provides: liblasso-dev) - pointer to /usr/share/common-licenses/GPL fixed FSF address 2004-08-07 Emmanuel Raviart Added LECP support in Python simulator and unit tests. I think I have found several bugs in Lasso LECP implementation. My biggest problem is that I didn't find a way for IDP to set userAuthenticated, authenticationMethod, reauthenticateOnOrAfter to lecp before (or when) building response envelope with lecp.build_authn_response_envelope_msg(). Did I overlook something? 2004-08-07 Valery Febvre Added lasso_sha1() method (will replace lasso_str_hash) 2004-08-07 Frederic Peters new tests; lasso needs some error checking 2004-08-07 Emmanuel Raviart Added attributes request, request_type, response, response_type to Lecp in Python binding. Close bug #247. 2004-08-06 Emmanuel Raviart Added tests for forceAuthn. Light will still be green. Added Python simulation for isPassive and corrected some simulation bugs. Added isPassive tests. 2004-08-06 Valery Febvre Moved session & identity properties in private section Removed debug messages Removed an invalid SGML tag Update of the Lasso API Reference 2004-08-06 Emmanuel Raviart New Python tests. Added new Python test. It works, but see bug #245. Reversed error sign convention for Python binding. 2004-08-06 Valery Febvre Added missing parameter description in 5 methods 2004-08-06 Frederic Peters summarized libtool version info comment 2004-08-06 Emmanuel Raviart Corrected a bug in test. 2004-08-06 Christophe Nowicki Fixed #244 : check for libexpat 2004-08-06 Valery Febvre Fixed a bug in lasso_login_must_authenticate() method 2004-08-06 Emmanuel Raviart Added a new test. If Nico & Valos are not quick enough, the light will be red. Cleanly separated the new Python Lasso simulator from unit tests. 2004-08-06 Christophe Nowicki PHP_PREFIX in configure.ac. Add good LDFLAGS and LIBADD to php/Makefile.am Now php load the lasso extension : $ php -m | grep lasso lasso remove COMPILE_DL_LASSO ... now php can load lasso.so 2004-08-06 Valery Febvre Renamed all SAMLArt strings by SAMLart 2004-08-06 Romain Chantereay Fixed reference docs make problems: - Docs did not compile invoking top level make when enabled in configure. - Docs did not compile in references directory with make all. - Docs used the old substitution variables. 2004-08-06 Emmanuel Raviart An early commit of the new Python test. It is not clean yet, but the light will be green again :-) Corrected error in Error. 2004-08-06 Romain Chantereay Sorry. Fixed some bad done cut/paste. REmoved some useless tests. 2004-08-06 Frederic Peters string.h never used; no need to check it random long awaited fixes 2004-08-06 Romain Chantereay Added lasso/environs/lecp.h inclusion. Added missing dist docs. 2004-08-06 Christophe Nowicki install module in `php-config --extension-dir` in state of /usr/lib add PHP_PREFIX 2004-08-06 Nicolas Clapies update of code style updated code style Renamed load_notification_msg to process_notification msg, renamed process_request to validate_request, added some goto for code error, little update of the code style, updated examples 2004-08-05 Romain Chantereay - Big step toward unified output. - Enable for feature. - With for path to program (with-python, with-php-config). 2004-08-05 Valery Febvre *** empty log message *** lasso_profile_get_identity() & lasso_profile_get_session() return now NULL if the identity/session is empty. lasso_profile_is_identity_dirty() & lasso_profile_is_identity_dirty() return now FALSE if the identity/session is NULL. lasso_server_get_providerID_from_hash() method takes now a hash base64 encoded as argument. Added automatic detection for the lasso HRef in lasso_node_get_child() 2004-08-05 Nicolas Clapies fix in lecp 2004-08-05 Valery Febvre Replaced a lot of wrong issueInstance words by issueInstant Renamed 3 methods: lasso_saml_assertion_set_issueInstant(), lasso_samlp_request_abstract_set_issueInstant(), lasso_samlp_response_abstract_set_issueInstant() 2004-08-05 Romain Chantereay Corrected error due to focus problem. PHP build by default 2004-08-05 Nicolas Clapies *** empty log message *** fixed coding style 2004-08-05 Romain Chantereay Unified configuration report. pkg-config => $PKG_CONFIG Fix #231 - Fix #234 2004-08-05 Christophe Nowicki automake/autoconf support for the php binding 2004-08-05 Romain Chantereay - Added explanations to libtool versionning system. - Added explanations in order to fix a "good" version number in order to produce a correct libtool version. - Fixed #229. - Fixed #202. Remove command line PACKAGE definition (already done in lasso_config.h). Unified configure output. (#229) Corrected some errors with AM_CONDITIONAL bad placed calls. Use of conditional subdirectories. This permit automake to automaticaly define a correct DIST_SUBDIRS. 2004-08-05 Valery Febvre lasso_identity_get_federation() & lasso_identity_add_federation() methods make now a copy of the federation object. update Added a new argument 'err' in lasso_artifact_get_* methods for errors reporting. update Initial commit update 2004-08-04 Valery Febvre update update 2004-08-04 Emmanuel Raviart Python binding now raises exceptions instead of returning error codes. Close bug #237. Slightly improved exception handling in Python. 2004-08-04 Valery Febvre Renamed lasso_server_get_provider() into lasso_server_get_provider_ref() Added lasso_server_get_provider(), this method returns a provider copy. 2004-08-04 Christophe Nowicki first php binding import 2004-08-04 Romain Chantereay Added one java automake. 2004-08-04 Romain Chantereay Me 1, Litlle memory stick Windows computer 0. First step toward a fully automaked java build. java now compile and build the DLL. 2004-08-04 Valery Febvre Fixed a bug in lasso_artifact_new() and lasso_artifact_get_identityProviderSuccinctID() IdentityProviderSuccinctID data (ProviderID SHA1 hash) is now Base64 encoded. 2004-08-04 Emmanuel Raviart Python test02 is now completely refactored. But bigger changes are on the way. 2004-08-04 Nicolas Clapies *** empty log message *** update of lecp python binding update of the LECP profile 2004-08-04 Valery Febvre Moved '#include into lasso.c Added also in py_lasso.c *** empty log message *** Added the SOAP HTTP method in lasso_login_init_from_authn_request_msg() Added the SOAP export type in lasso_authn_request_new_from_export() 2004-08-04 Emmanuel Raviart The Python test refactoring continues and the light is still green. 2004-08-04 Valery Febvre Fixed 3 bugs in lasso_login_new_from_dump() 2004-08-04 Frederic Peters fixed typo; fix bug230 2004-08-04 Emmanuel Raviart The Python test reorganization continues. It detects a new login bug, so the light will be red again. 2004-08-04 Nicolas Clapies remove warning message before lasso_session_remove_assertion() 2004-08-04 Frederic Peters [angry comment removed] 2004-08-04 Valery Febvre *** empty log message *** Renamed enums (Bug #225): lassoMessageTypes,lassoHttpMethods,lassoRequestTypes into lassoMessageType,lassoHttpMethod,lassoRequestType Removed the 'identity' arg in lasso_login_new_from_dump() method 2004-08-04 Nicolas Clapies add lasso_session_remove_assertion() in validate_request() and process_response_msg() set nameIdentifier attribute of the logout object (from LogoutRequest NameIdentifier value) after a call of init_request() method move server param in new *** empty log message *** 2004-08-04 Emmanuel Raviart In Python tests, renamed sp to spServer and idp to idpServer. In Python, Server.add_provider now returns an error code instead of None. Begin to restructure Python tests. 2004-08-04 Valery Febvre Renamed enum lassoProviderTypes into lassoProviderType (Bug #225) Renamed enum lassoNodeExportTypes into lassoNodeExportType (Bug #225) Changed all lasso_provider_get_* methods prototype It was added: a 'provider_type' argument to read in the appropriate Descriptor in metadata a 'err' argument for reporting errors 2004-08-04 Emmanuel Raviart I thought I had discover one new bug in Lasso SP logout. I was wrong... I discovered one bug and a missing feature: - first the feature request: Lasso should set logout.nameIdentifier in logout.init_request, because there is no way to retrieve the current nameIdentifier from identity_dump or session_dump - and now the bug: After the IDP soapEndpoint returns a SOAP response, the SP process_response_msg doesn't remove the assertion from session (neither does it set session.is_dirty flag). See the new test05 for details. 2004-08-03 Emmanuel Raviart Python tests now work again, but please remove the Lasso-CRITICAL below. Generate identity and service provider context dumps ... ok Service provider initiated login ... ok Identity Provider single sign-on when identity and session already exist. ... (process:22065): Lasso-CRITICAL **: 03-08-2004 22:25:48 An assertion existed already for this providerID, it was replaced by the new one. ok Identity Provider logout. ... ok 2004-08-03 Emmanuel Raviart Install documentation is running after autoconf changes. Lasso now requires automake 1.8 2004-08-03 Romain Chantereay No more anoying warning. 2004-08-03 Nicolas Clapies *** empty log message *** 2004-08-03 Romain Chantereay Bye bye AM_CONDITIONAL rests. (the if WITH_PYTHON are not accurate now). 2004-08-03 Nicolas Clapies initial version 2004-08-03 Romain Chantereay - No more need of version.h. - Better libtool version computation. Update to automake 1.8. Revert. Updated macro calls: from AM_CONFIG_HEADER to AC_CONFIG_HEADERS. Corrected SWIG warning. (deleted it.) - Added libtool auto versionning (or corrected). - Learn back to the previous Python detection. - Corrected invalid variable in automake java top dir Makefile. Commented out coldfusion/Makefile generation. 2004-08-03 Nicolas Clapies replace load_request_msg() with process_request_msg(), process_request() with validate_request(), remove assertion of the authenticated principal in validate_request() 2004-08-03 Romain Chantereay SWIG is NOT required (yet ?) ! 2004-08-03 Nicolas Clapies add request type test for Lecp 2004-08-03 Romain Chantereay New Autotools infrastructure. Don't hesitate to report bug (if any). Main changes: - No more, or so few AM_CONDITIONAL. - Binding compilation use AC_SUBST top level Makefile SUBDIRS. - Change order of AM Macro. - Added Macro. - Fix Windows Compilation. - New way to handle version number. - Use of lasso_config.h - more ? I do not remember. 2004-08-03 Valery Febvre Fixed a bug in lasso_session_new_from_dump() Added some optimizations in lasso_identity_add_federation() 2004-08-03 Emmanuel Raviart Bug correction in test04. Added forgotten Lasso call in test04. Updated Python test04. Tell the poor win32 user that he can't test the software 2004-08-03 Nicolas Clapies replace G_LOG_LEVEL_ERROR with G_LOG_LEVEL_CRITICAL 2004-08-03 Emmanuel Raviart Added a new Python regression test that shows that logout doesn't set session is_dirty flag. Don't build win32 anymore. Makefile.am in win32 directory will disapear anyway. 2004-08-03 Valery Febvre - Replaced some charPtrConst_wrap() calls by charPtr_wrap() - Added GPtrArray_wrap() function to wrap GPtrArray into Python list. - Added session_getattr() function, we can get now providerIDs and is_dirty properties of Session objects. Replaced two G_LOG_LEVEL_ERROR by G_LOG_LEVEL_CRITICAL Fixed a bug in lasso_identity_new_from_dump() 2004-08-02 Emmanuel Raviart Added test03, which shows a bug in Lasso: When identity and session already exist (and must_authenticate() return False), the call to build_artifact_msg generates: (process:8083): GLib-GObject-WARNING **: invalid cast from LassoNode' to LassoSamlNameIdentifier' (process:8083): lasso-CRITICAL **: file authentication_statement.c: line 84 (lasso_authentication_statement_new): assertion LASSO_IS_SAML_NAME_IDENTIFIER(idp_identifier)' failed (process:8083): Lasso-CRITICAL **: 02-08-2004 20:33:59 Failed to build the AuthenticationStatement element of the Assertion. and then access to login.nameIdentifier fails. 2004-08-02 Frederic Peters some files to be ignored in debian/ some files to be ignored in debian/ 2004-08-02 Emmanuel Raviart Integrated README.WIN32 into Lasso book. Removed obsolete Python INSTALL file. Check that Lasso is inited and shotdown only once. Lasso Python modules now calls init() at first import (I need this behaviour, because I have several "import lasso" in Expression and I don't know which one will be called first and I don't want to do something like: import lasso if not lasso.inited: lasso.init() ). 2004-08-02 Romain Chantereay Added some win32 specific explanations. 2004-08-02 Romain Chantereay New clean and beauty version of the windows resource file. use defined constant from lasso_config.h more to come. 2004-08-02 Romain Chantereay Modified resource. () 2004-08-01 Valery Febvre Added a new argument 'err' (GError *) in 5 methods: lasso_ds_signature_sign, lasso_node_add_signature, lasso_node_verify_signature, lasso_saml_assertion_set_signature, lasso_samlp_request_abstract_set_signature, lasso_samlp_response_abstract_set_signature for reporting always more errors. 2004-07-31 Valery Febvre Added a new argument 'err' in 4 methods of the LassoNode class: lasso_node_get_attr lasso_node_get_child lasso_node_get_child_content lasso_node_get_content for reporting errors. 2004-07-31 Emmanuel Raviart Updated Java binding and unit test. 2004-07-31 Valery Febvre Removed access to attributes identity & session by __getattr__ Added 2 tests in lasso_federation_copy() to avoid NULL pointer copy 2004-07-31 Emmanuel Raviart Python login_tests now works again, although there remains a lasso-CRITICAL caused by idpLoginContext.get_identity() (file login_tests.py, line 120): (process:5228): lasso-CRITICAL **: file xml.c: line 64 (lasso_node_copy): assertion LASSO_IS_NODE(node)' failed ERROR 2004-07-31 Valery Febvre *** empty log message *** 2004-07-30 Valery Febvre Fixed 2 errors in lasso_identity_copy() et lasso_session_copy() methods 2004-07-30 Emmanuel Raviart Some update to python login_tests. Some bugs remain. Removed last profile_context or profileContext. Restructured INSTALL a little more. Improved book. It also now includes HACKING. 2004-07-30 Valery Febvre Initial commit lasso_profile_get_identity() and lasso_profile_get_session() should return copies 2004-07-30 Nicolas Clapies *** empty log message *** 2004-07-30 Valery Febvre Update end Added a missing #include Some G_LOG_LEVEL_ERROR -> G_LOG_LEVEL_CRITICAL Moved functions (alphabetical order) Moved a function (alphabetical order) Fixed a typing mistake all durty -> dirty 2004-07-30 Frederic Peters I also can describe non-existing features. 2004-07-30 Valery Febvre Added methods: lasso_profile_get_identity() lasso_profile_get_session() lasso_profile_is_identity_durty() lasso_profile_is_session_durty() 2004-07-30 Emmanuel Raviart Added some important configure options in INSTALL. 2004-07-30 Nicolas Clapies lecp in environs is complete 2004-07-30 Valery Febvre Added new attribute is_durty in LassoIdentity & LassoSession classes 2004-07-30 Emmanuel Raviart Improved AUTHORS restructuration. Restructured AUTHORS & README and integrated them in Lasso Book. 2004-07-30 Valery Febvre *** empty log message *** Update 2004-07-30 Nicolas Clapies update of examples to user identity and session objects 2004-07-30 Valery Febvre update 2004-07-30 Emmanuel Raviart Improved? ReST section titles. 2004-07-30 Valery Febvre Renamed ProfileContext into Profile Initial commit 2004-07-30 Emmanuel Raviart Added very preliminary work on Lasso Book. Modified INSTALL to be compatible with reStructured Text syntax. Is this solution an acceptable solution? Added Lasso logo. 2004-07-30 Valery Febvre Update begining LassoProfileContext class was renamed into LassoProfile LassoIdentity was renamed into LassoFederation LassoUser class was splited into 2 new classes (LassoSession & LassoIdentity) Update LassoUser class was splited into 2 classes: LassoSession & LassoIdentity LassoIdentity was renamed into LassoFederation 2004-07-29 Valery Febvre Renamed LassoIdentity class into LassoFederation and LassoUser class into LassoIdentity lasso/protocols/federation.c replace lasso/protocols/identity.c lasso/environs/identity.c replace lasso/environs/user.c 2004-07-29 Frederic Peters never thought about application developers; not a target ? added missing gobject-2.0 to list of requirements. (first to feel the pain of *using* lasso) [I wonder how it went on wednesday tutorial; didn't use autotools ?] lasso.pc don't set minimal version for other libraries 2004-07-29 Nicolas Clapies update of registration example in C *** empty log message *** update of register name identifier 2004-07-29 Valery Febvre Added session class 2004-07-29 Frederic Peters added stupid tests to annoy developers. had detection of a patched (with XML support) check; only use srunner_set_xml if it is available. 2004-07-29 Valery Febvre Removed memory leaks Inverted only 2 lines :-) 2004-07-28 Valery Febvre Just a typing mistake *** empty log message *** server attribute is now a copy in lasso_logout_new() Atrributes server & user are now copied in lasso_login_new() and lasso_login_new_from_dump() methods Added destroy calls for server & user attributes in lasso_profile_context_dispose() private method. Added lasso_user_copy() method Added lasso_user_dispose() private method Added lasso_server_copy() method Added lasso_identity_copy() method *** empty log message *** 2004-07-28 Frederic Peters updated .cvsignore (binary is now tests and out.xml has been renamed to result.xml) modularized tests; it is now possible to add more suites easily. 2004-07-28 Valery Febvre Added lasso_provider_copy() method lasso_node_get_name now returns now an xmlChar* (instead of a const xmlChar*) 2004-07-28 Frederic Peters remove generated lasso.pc on make clean 2004-07-27 Nicolas Clapies debug messages *** empty log message *** update of federation termination 2004-07-27 Frederic Peters debian/ updated for official 0.3 release debian/ updated for official 0.3 release 2004-07-27 Nicolas Clapies version 0.3.0 remove useless debug message 2004-07-27 Frederic Peters fixed warnings 2004-07-27 Nicolas Clapies Move first_* to initial_* vars Use LassoNode_get instead of LassoAssertion_get in user_add_assertion() 2004-07-27 Valery Febvre 'assertion' var should be a PyObject*, not a LassoNode* (in user_add_assertion) Ooops, Copy/Paste isn't always your friend :-) *** empty log message *** Removed 2 useless lasso_node_copy 2004-07-27 Nicolas Clapies remove the second param of lasso.Login.new fix a bug in python binding user_add_assertion : give obj of python assertion, add a copy of assertion in lasso_add_assertion ( not sure, but assertion should be copied ) 2004-07-27 Emmanuel Raviart Removed obsolete logout method load_from_dump. Upgraded some residual calls to login_new & logout_new. Updated Java binding. Java unit test works (and C too, but Python still doesn't). 2004-07-26 Frederic Peters output tags when error occurs (not just success or failures) 2004-07-26 Valery Febvre *** empty log message *** *** empty log message *** Added new ProfileContext class 2004-07-26 Nicolas Clapies remove logout-from-idp.py, only logout.py is useful 2004-07-26 Romain Chantereay Removed from the dist the two removed files. 2004-07-26 Valery Febvre *** empty log message *** Added lasso_profile_context_set_user_from_dump method Removed arg user in lasso_login_new 2004-07-26 Romain Chantereay - Removed old style DLL exports definitions. - Moved old to new way windows dll creation command. Added special Windows AC substitution. 2004-07-26 Nicolas Clapies update of example acces to RelayState in logout object 2004-07-26 Valery Febvre *** empty log message *** 2004-07-26 Romain Chantereay use the macro to get logout data. 2004-07-26 Valery Febvre Removed 4 useless #define constants Added consent attribute check in lasso_login_process_federation() function 2004-07-26 Frederic Peters set a few variables to NULL after they'be freed; and don't free providerID in lasso_user_get_authentication_method if it was passed by the caller. 2004-07-26 Valery Febvre Finished to implement lasso_login_destroy() and lasso_logout_destroy() methods Removed nameIdentifier attribute in Logout object There is already a nameIdientifier attribute in ProfileContext class 2004-07-26 Frederic Peters added an XXX and a comment where I think the problem is. Developers; please have a look. --dontfork mode for the tests (so it is easier to debug segfaults) 2004-07-26 Frederic Peters end of test port to C; developers, please test it (or the python login_tests; results should be identical). There is a problem in memory management and *sometimes* it works. *Sometimes* it doesn't: (process:12643): lasso-CRITICAL **: file xml.c: line 64 (lasso_node_copy): assertion `LASSO_IS_NODE(node)' failed (process:12643): lasso-CRITICAL **: file xml.c: line 1024 (lasso_node_impl_add_child): assertion `LASSO_IS_NODE(child)' failed And *sometimes* it is even worse (segfault): Running suite(s): Login 50%: Checks: 2, Failures: 0, Errors: 1 login_tests.c:81:P:Generate Server Contexts:test01_generateServersContextDumps:Passed login_tests.c:229:E:Login initiated by service provider:test02_serviceProviderLogin: (after this point) Received signal 11 I believe this is caused by something in http://buildbox.entrouvert.org/logs/20040726/lupin.0320.changelog.xml 2004-07-26 Frederic Peters this is a debug message; please. require check 0.9.0 further in the unit test; pain pain pain. started to copy Python second test (serviceProviderLogin) in C. 1 hour and 38 lines so far and I should probably move to something or I'll get angry. 2004-07-26 Valery Febvre Removed many memory leaks Removed many memory leaks Finished to implement lasso_user_destroy() method Removed many memory leaks 2004-07-25 Frederic Peters sync namespace with check unittest namespace (I didn't feel like they would keep a 0d.be namespace...) check 0.9 no longer has suite_free(). And our local version got srunner_set_xml() 2004-07-25 Emmanuel Raviart Added a ColdFusion redirect to IDP single sign-on URL. Added Makefile for ColdFusion "binding". Added ColdFusion very preliminary "binding" using Java binding. 2004-07-25 Emmanuel Raviart Java unit test is again similar to Python. Corrected Java binding to pass the unit test both with Kaffe and Sun JRE. Added a small new test in Python unit test. 2004-07-25 Frederic Peters add title and time for test suites (in xml output) moved as debug() two messages (those were interfering with the test suite) use message functions to show message (fix #217) basic XmlTestRunner; ./tests.py --xml; output to stdout (messed up with lasso spouting messages on stdout; will be fixed on lasso side) s/&/and/ 2004-07-25 Valery Febvre Added lasso_provider_destroy() method Finished to implement lasso_server_destroy() method Replaced 2 debug(ERROR, ...) by new message(G_LOG_LEVEL_ERROR, ...) function BEWARE: debug() should be used only for debugging messages. Oops, forget in previous commit 2004-07-25 Emmanuel Raviart Adapted logout unit test to new API. Added missing return statement. 2004-07-25 Valery Febvre Many little fixs Moved nameIdentifer attribute of Login object in ProfileContext 2004-07-25 Frederic Peters fixed tabulations in python files (oh the horror; they were mixed with space indendations). Also installed a test on commits to catch this (and check xml files) fixed args order (but not enough to get the test to pass) login_tests.py can be executed without tests.py nozero exit code if a test failed modified sys.path so that python test suite can run before lasso is installed. initialze codeError 2004-07-25 Nicolas Clapies fix the problem of setting the user environ in SOAP method : the problem : process_request_msg needs usr environ to verify federation and authentication. a solution : first load the request msg get the name identifier of the request find the user dump from the name identifier and load it in logout object process the request see python/examples/logout.py for the methods. 2004-07-25 Nicolas Clapies *** empty log message *** udpate of C lecp, add python lecp 2004-07-24 Romain Chantereay Update windows exports. 2004-07-24 Frederic Peters do not build tests in the debian package do not build tests in the debian package .cvsignore for tests/ directory using check for the test suite (--enable-tests=no if you don't want them) 2004-07-24 Emmanuel Raviart This is not a C unit test, but it can miracolously become one. 2004-07-24 Valery Febvre Added 2 missing #include (for xmlsec) Added a summary. It's just a test. I'm not sure it's can be useful. Moved some #include 2004-07-24 Frederic Peters added debian packaging files (NOT included in .tar.gz produced by make dist; this is normal) added debian packaging files (NOT included in .tar.gz produced by make dist; this is normal) 2004-07-24 Emmanuel Raviart Updated unit tests to show logout bug. 2004-07-24 Frederic Peters compile java binding intree (doesn't try to link to a system liblasso) removed Question (shouldn't have been commited) Moved copyright statements to the README file (no sense to have them in the AUTHORS file). Point *kindly* to the mailing list and request tracker. Unified titles style. 2004-07-24 Emmanuel Raviart Added myself as project master. Small corrections. 2004-07-24 Valery Febvre Replaced old debug() calls by the 2 new functions debug() and message() Added a missing utf8 *** empty log message *** Added a note about bug reports, help and feature requests 2004-07-23 Frederic Peters improved doap file utf8 for AUTHORS MANIFEST.in was used by distutils; removed added --enable-python option to ./configure; default is yes. --enable-python=no to not compile python bindings. 2004-07-23 Emmanuel Raviart Added DOAP file (see http://usefulinc.com/doap). Slight corrections to README. 2004-07-23 Frederic Peters running autoheader moved win32 Makefile targets to win32/Makefile.am use pkg-config unless on windows; not the contrary 2004-07-23 Romain Chantereay Added some windows specifics considerations. Cleaned the Hard, badly, sadly, dirty constant definitions. These definitions are kept dirt, but a little less. 2004-07-23 Valery Febvre New log/debug system It uses g_log() function now (from glib) debug macro has been split into 2 macros: debug(format, args) : for debug message only, activated if LASSO_DEBUG flag is defined message(level, format, args) : level is a GLogLevelFlags (enum) 2004-07-23 Romain Chantereay Migrated windows.h inclusion from lasso.c to lasso.h. Definition file was to early in the future. En croisant les doigts pour les ^M ne viennent pas tout pourrir... Cleaned DLL process creation. Now we have a import library. The libs are created in the win32/.libs directory. The linkage is done using import libs and no more directly the DLL. The import library is named liblasso.a and no more liblasso.dll.a 2004-07-23 Emmanuel Raviart Added Java LassoUser.getAuthenticationMethod Python method User.get_authentication_method argument is now optional. Use of this method in non-regression tests. 2004-07-23 Valery Febvre Added lasso_user_get_authentication_method() Done in Python too. 2004-07-23 Nicolas Clapies fix bug in init of logout from request at idp 2004-07-23 Emmanuel Raviart Inverted assertion operands, so that error messages be more logical. First non regression test that supports full logout procedure... and shows a bug. Removed directory we should not be in CVS. 2004-07-23 Nicolas Clapies fix : process of a logout request at idp *** empty log message *** *** empty log message *** update of logout with better support of propagation from idp remove unwanted debug message 2004-07-23 Valery Febvre *** empty log message *** *** empty log message *** Added a third arg (GError **err) in lasso_node_get_attr_value() method to report errors - Added a third arg (GError **err) in lasso_node_get_attr_value() method to report errors - Replaced some lasso_provider_get_providerID() by direct access to ProviderID attribute of server objects 2004-07-23 Emmanuel Raviart Added (incomplete) logout tests for Python & Java. Removed file that shouldn't be in CVS. Added authors (please correct if I made mistakes). 2004-07-23 Frederic Peters emptyed outdated TODO useful and interesting README file added docs/tutorial/ to directories handled by automake install python module in site-packages/ forgot Makefile.am in nsis/ directory 2004-07-22 Frederic Peters cleaned up configure.in PKG_CHECK_MODULES detects missing pkg-config build was used by distutils; no longer used. (but automake creates .deps) 2004-07-22 Emmanuel Raviart Corrected Java non-regression test bug (found with Sun non free jdk :-/ ). Improved some .cvsignore. 2004-07-22 Frederic Peters setup.py has been removed added win32 2004-07-22 Emmanuel Raviart Nearly completed Python & Java first non-regression test for login. But Java test doesn't work: java.lang.UnsatisfiedLinkError: libjlasso: not found Adding its directory to LD_LIBRARY_PATH may help. at LoginTest.main (LoginTest.java:165) And I don't understand why. Please professor, help me! 2004-07-22 Frederic Peters include win32/ in make dist ignore Makefile.in, Makefile, .deps and .libs under python/ libtool line for win32; copied from libxml2 usage of pkg-config to get library information in configure; automake for the python module; 2004-07-22 Nicolas Clapies add lecp in environs 2004-07-22 Emmanuel Raviart Added Java Lasso method getRequestTypeFromSoapMsg. 2004-07-22 Valery Febvre Added errors.c & errors.h *** empty log message *** Initial commit *** empty log message *** Fixed some compilation warnings Added some controls on HTTP methods 2004-07-22 Nicolas Clapies add level 2 of LECP 2004-07-22 Valery Febvre Moved LassoProviderTypes enums from profile_context.h to provider.h Fixed some compliation warnings Initialized some local variables to NULL to avoid compilation warnings 2004-07-22 Nicolas Clapies *** empty log message *** xml low level implementation of LECP 2004-07-22 Frederic Peters unused variables 2004-07-22 Emmanuel Raviart A little more java binding and non-regression tests. 2004-07-22 Frederic Peters fixed compilation warnings unused variables declare used function unused variable unused variables unused variable `consent' missing includes 2004-07-22 Nicolas Clapies update of logout example with test of the request soap 2004-07-22 Frederic Peters missing #include and case (marked with XXX; should it be written?) missing #include missing #include (I did my tests with -Werror but -Wall was not activated) 2004-07-22 Nicolas Clapies *** empty log message *** 2004-07-22 Frederic Peters xmlSecBase64Encode is used so xmlsec/base64.h must be included 2004-07-22 Nicolas Clapies profile context with function to parse a soap request 2004-07-22 Emmanuel Raviart Java & Python tests do not regress. They even progress. Added Nicolas to authors. Corrected Lasso URL. Corrected Lasso URL. Some progress in Python non regression test. Corrected Lasso URL for java binding. Some progress in first non regression test. 2004-07-22 Valery Febvre Update *** empty log message *** Added "ProviderID" attribut in server object A memory leak was removed in lasso_server_new Added method set_consent in LibAuthnRequest class *** empty log message *** 2004-07-21 Frederic Peters better way compilation warnings; in a better way fixed compilation warning compilation without warning compilation without warnings compilation without warning ciompilation without warning compilation without warnings removed compilation warnings; fixed a few places where memory was allocated with GLib (g_malloc) and freed with libxml2 (xmlFree). C (before C99) didn't allow // as comments; trying to be kind fixed lasso site url 2004-07-21 Nicolas Clapies *** empty log message *** 2004-07-21 Emmanuel Raviart Added gcj support. 2004-07-21 Emmanuel Raviart Changed Makefile for Kaffe support. Added new class LassoObject. First non regression test. 2004-07-21 Nicolas Clapies *** empty log message *** update of federation termination notification 2004-07-21 Valery Febvre Update 2004-07-21 Nicolas Clapies *** empty log message *** add list of identity provider id in user environ allow no param in init_request for class Logout 2004-07-21 Valery Febvre lasso_node_add_signature() method returns now an integer lasso_saml_assertion_set_signature() method returns now an integer lasso_ds_signature_sign() method returns now an integer *** empty log message *** Added error codes in lasso_login_add_response_assertion 2004-07-20 Valery Febvre Added method lasso_user_remove_identity *** empty log message *** Removed 2 compilation warnings Added method lasso_identity_destroy() Added method lasso_node_import_from_node() fct lasso_login_create_user: Created a new identity with the 2 nameIdentifiers found in response assertion this identity is added in user attribute 2004-07-20 Nicolas Clapies *** empty log message *** update internal code to use new_from_export style 2004-07-20 Emmanuel Raviart Added Java binding. 2004-07-20 Nicolas Clapies *** empty log message *** 2004-07-20 Emmanuel Raviart Added Python first unit test. Added keys, certificates and metadata, that will be used by regression tests and samples. 2004-07-20 Nicolas Clapies *** empty log message *** update debug infos *** empty log message *** initial version of register name identifier update destroy method 2004-07-20 Frederic Peters files to be included in python tarball 2004-07-20 Valery Febvre Little fix in lasso_node_impl_export_to_soap() 2004-07-19 Valery Febvre *** empty log message *** Fixed a little mistake *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-19 Romain Chantereay Modified lasso DLL ressource version number. Added deps & lite distributions. Modified lass-full distribution version number. 2004-07-19 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** Added assertions in user object in lasso_login_add_response_assertion() and lasso_login_process_response_msg() Removed some debug messages Fixed memory leaks 2004-07-19 Romain Chantereay - Added NSIS installation script. Removed --prefix option from xxx-config helpers. - Better Win32 stuff organization. - Added NSIS special directory. - Added icon file to this directory. 2004-07-19 Nicolas Clapies *** empty log message *** 2004-07-19 Romain Chantereay Additional test for disabling openssl detection under Windows/Cygwin environment. 2004-07-19 Nicolas Clapies *** empty log message *** add a debug message when dumping assertions of user add a INFO debug message for get provider update federation termination add get_attr support 2004-07-19 Valery Febvre Added some debug messages Removed msg_relayState in dump (must be on LassoProfileContext) Finished lasso_login_process_request_msg() lasso_login_new_from_dump() is now almost complete. New export type supported (Xml) in _new_from_export() constructor Added new lasso_request_new_from_export() constructor Added response_type & provider_type in login_getattr *** empty log message *** New export type supported (Xml) in lasso_response_new_from_export 2004-07-19 Nicolas Clapies *** empty log message *** *** empty log message *** 2004-07-19 Valery Febvre *** empty log message *** 2004-07-18 Valery Febvre Added 4 missing attributes in LassoProfileContext dump msg_relayState, request_type, response_type, provider_type Update Fixed a typing error: LASSP_... -> LASSO_... Initial commit Added a check for xmlsec1 OpenSSL crypto library 2004-07-17 Frederic Peters .tar.gz must include lasso.pc.in 2004-07-16 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-16 Romain Chantereay Another try to dllwrap. 2004-07-16 Valery Febvre Added somes g_free() and lasso_node_destroy() to fixe memory leaks Code cleanup Fixed some memory leak Added more debug messages lasso_node_copy() method uses now the G_OBJECT_TYPE macro to build a new object with the same type as the object copied Removed 2 lasso_node_copy() in lasso_identity_set_local_nameIdentifier() and lasso_identity_set_remote_nameIdentifier() 2004-07-16 Nicolas Clapies *** empty log message *** *** empty log message *** 2004-07-16 Romain Chantereay Added variables exports information. 2004-07-16 Romain Chantereay Added Cygwin/Windows compilation support. Now: just: ./autogen --hots=i686-pc-mingw32 make make dll make install dll Of course you will need to install the dependencies libraries in /usr/local in order to compile. And next the DLL in Windows %SYSTEM% directory. 2004-07-16 Frederic Peters removed rules that made "make dist" fails. 2004-07-16 Nicolas Clapies *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-16 Valery Febvre Added date + time in debug messages 2004-07-15 Valery Febvre *** empty log message *** Update Added method create_user in Login class + Update Removed attribute remote_ProviderID of lasso_login_init_request() method Added new method lasso_login_create_user() 2004-07-15 Nicolas Clapies *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-15 Valery Febvre Changed some debug levels 2004-07-15 Valery Febvre Removed attribute 'msg_relayState' in LassoLogin (moved in LassoProfileContext) lasso_login_process_response_status_and_assertion() static function was rewritten more error codes and debug messages Added a new static function : lasso_login_get_assertion_nameIdentifier() 2004-07-15 Valery Febvre Added attribute 'msg_relayState' in LassoProfileContext (previously set in LassoLogin) 2004-07-15 Nicolas Clapies *** empty log message *** 2004-07-15 Valery Febvre *** empty log message *** 7 #define moved from .c to .h 2004-07-15 Frederic Peters please don't use // for comments, this is QA speaking :) 2004-07-15 Valery Febvre 3 #define moved from .h to .c 6 #define moved from .h to .c 2004-07-15 Frederic Peters replaced C++ // comments with C /* */ comments before we fall on a pre-C99 compiler. 2004-07-15 Valery Febvre 4 # define moved from .h to .c 5 #define moved from .h to .c 2004-07-15 Emmanuel Raviart Added init & shutdown functions to tutorial. 2004-07-14 Valery Febvre Nothing, code cleanup only New debug system with 4 levels (4 colors): DEBUG : yellow INFO : green WARNING : blue ERROR : red if Cflag -DLASSO_DEBUG is defined, DEBUG level message are ignored. Added get for nameIdentifier & msg_relayState attributes (in login_getattr function) *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-14 Nicolas Clapies add class User, update class Logout, update example logout.py 2004-07-13 Emmanuel Raviart The API is globally frozen, but locally melting. Added response_dump attribute. 2004-07-13 Valery Febvre *** empty log message *** 2004-07-13 Nicolas Clapies add signature support for soap method 2004-07-13 Emmanuel Raviart Added missing s. Use constant instead of integer. 2004-07-13 Nicolas Clapies *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-13 Valery Febvre *** empty log message *** 2004-07-13 Nicolas Clapies *** empty log message *** *** empty log message *** 2004-07-13 Emmanuel Raviart Profile instead of porfile. 2004-07-13 Valery Febvre *** empty log message *** 2004-07-13 Emmanuel Raviart Yet another very important correction. Corrected typo. Document a trap in which I was caught. Use RSA keys instead of DSA. Corrected constant name. 2004-07-13 Nicolas Clapies *** empty log message *** 2004-07-13 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-13 Nicolas Clapies *** empty log message *** 2004-07-13 Valery Febvre *** empty log message *** 2004-07-13 Emmanuel Raviart Renamed attribut to attribute. 2004-07-13 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-13 Nicolas Clapies *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-13 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-12 Nicolas Clapies *** empty log message *** lasso/environs/federation_termination.c *** empty log message *** 2004-07-12 Emmanuel Raviart Corrected SP init for C & Python. 2004-07-12 Nicolas Clapies fix: dump of user environ *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-12 Valery Febvre *** empty log message *** 2004-07-12 Nicolas Clapies fix code in new logout 2004-07-12 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-12 Nicolas Clapies *** empty log message *** 2004-07-12 Valery Febvre *** empty log message *** 2004-07-12 Nicolas Clapies *** empty log message *** fix : change the return type in g_return_val_if_fail fix : replace xmlChar with gchar type in method prototypes fix : replace xmlChar with gchar type register name identifier profile 2004-07-12 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-12 Nicolas Clapies federation termination environ 2004-07-11 Nicolas Clapies fix setting of status code value *** empty log message *** fix fix for logout request export to query *** empty log message *** *** empty log message *** *** empty log message *** fix bugs in new_from_dump 2004-07-11 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-10 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-09 Valery Febvre *** empty log message *** 2004-07-09 Nicolas Clapies *** empty log message *** *** empty log message *** add python class Logout 2004-07-09 Valery Febvre *** empty log message *** 2004-07-09 Nicolas Clapies *** empty log message *** add entry for logout binding add entry for logou binding 2004-07-09 Valery Febvre *** empty log message *** 2004-07-09 Nicolas Clapies update of user dump methods initial version : binding for logout *** empty log message *** 2004-07-09 Valery Febvre *** empty log message *** Initial commit 2004-07-08 Valery Febvre *** empty log message *** 2004-07-08 Nicolas Clapies *** empty log message *** 2004-07-08 Valery Febvre *** empty log message *** 2004-07-08 Nicolas Clapies *** empty log message *** logout support in makefile.am *** empty log message *** 2004-07-08 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-07 Valery Febvre *** empty log message *** Added initial debug message system 2004-07-07 Nicolas Clapies *** empty log message *** 2004-07-07 Valery Febvre *** empty log message *** *** empty log message *** 2004-07-06 Nicolas Clapies *** empty log message *** add type provider enum 2004-07-06 Emmanuel Raviart Added Python files explaining how to create a SP using Lasso. 2004-07-06 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-07-03 Valery Febvre 2 new constructors were added *** empty log message *** 2004-07-02 Valery Febvre *** empty log message *** 2004-07-02 Nicolas Clapies *** empty log message *** 2004-07-02 Valery Febvre Added new class Artifact Fixed 2 bugs in lasso_node_impl_add_child() and lasso_node_impl_add_child() methods Added functions lasso_build_random_sequence() and lasso_str_hash() 2004-07-01 Nicolas Clapies add support for artifacts, assertions and identities 2004-07-01 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-06-30 Valery Febvre *** empty log message *** *** empty log message *** 2004-06-29 Valery Febvre *** empty log message *** 2004-06-25 Valery Febvre *** empty log message *** Initial commit *** empty log message *** 2004-06-25 Nicolas Clapies initial version add acces methods to metadata logout properties 2004-06-24 Valery Febvre Initial commit *** empty log message *** *** empty log message *** Initial commit *** empty log message *** 2004-06-23 Valery Febvre *** empty log message *** Initial commit 2004-06-23 Nicolas Clapies update for session environ in process of authentication, user environ for identity list 2004-06-22 Valery Febvre *** empty log message *** 2004-06-22 Nicolas Clapies update a lot of update 2004-06-15 Nicolas Clapies add code to build provider from filename and method to acces value of metadata add provider, server_environ, session_environ, identity, user_environ, remove authn_environ.c/.h initial version add lasso name space 2004-06-11 Nicolas Clapies update type of isPassive and forceAuthn params, instead use gboolean add ref and prefix for sso get and post request add lasso_authn_response_new to set a AuthnResponse from a AuthnRequest object fix : strange conversion of true string to an integer value setting the wrong value to the function settings of IsPassive and ForceAuthn 2004-06-07 Nicolas Clapies fix: segmentation fault in lasso_node_get_attr_value() if no attribute found 2004-06-04 Valery Febvre *** empty log message *** Initial version 2004-06-02 Valery Febvre *** empty log message *** 2004-06-02 Nicolas Clapies add metadata prefix and uri 2004-06-02 Valery Febvre Added lasso_node_get_child_content() method Changed default format value to 0 instead of 1 in dump() method of class Node Added new directory lasso/profiles 2004-06-01 Valery Febvre *** empty log message *** *** empty log message *** 2004-05-28 Valery Febvre Added option menu to build documentation (doxygen) Initial commit Some functions documentation (doxygen syntax) Updated doc Fixed a memory leak in lasso_node_add_signature() method Added functions and public methods documentation 2004-05-26 Valery Febvre *** empty log message *** Initial commit *** empty log message *** Modified function lasso_str_sign() *** empty log message *** 2004-05-25 Valery Febvre Modified method get_child() *** empty log message *** *** empty log message *** Added some lasso_node_destroy() Little inversion to respect alpha order Added 4 lasso_node_destroy() 2004-05-17 Valery Febvre New method lasso_node_destroy() added in class LassoNode 2004-05-15 Valery Febvre Many many memory leaks fixed *** empty log message *** 2004-05-14 Valery Febvre *** empty log message *** node_export() and node_export_from_base64() functions added 2 export methods in class Node added node_export and node_export_from_base64() functions added authn_response_new_from_export() function added some update more comments A new constructor added: authn_response_new_from_export() 2004-05-13 Valery Febvre *** empty log message *** *** empty log message *** 2004-05-13 Nicolas Clapies add some macro defines to local variables in methodes ... 2004-05-13 Valery Febvre gpointer_get() macro added 2 methods renamed, 3 added and 1 removed node_url_encode() and node_soap_envelop() renamed -> node_export_to_query() and node_export_to_soap() saml_assertion_set_signature() function added *** empty log message *** authn_response_add_assetion() function removed cosmetic lasso_saml_assertion_set_signature() method rewritten lasso_ds_signature_new() rewritten 2004-05-13 Nicolas Clapies add const in read-only params of constructors 2004-05-13 Valery Febvre *** empty log message *** all lasso_node_load_from_buffer() replaced by lasso_node_import() lasso_authn_response_add_assertion() method removed Minor bugfix : lassoLibMajorVersion -> lassoLibMinorVersion Initial commit *** empty log message *** 2004-05-13 Nicolas Clapies add registration python example register name identifier request and response updates in C and python binding 2004-05-13 Valery Febvre update 4 NameIdentifier formats added 2004-05-11 Nicolas Clapies initial version c example for federation termination notification name identifier mapping response low class binding and, examples ... name identifer mapping c and python binding updates initial version federation termination notification c and binding 2004-05-09 Valery Febvre *** empty log message *** Bugfix in lasso_node_verify_signature() method New method lasso_node_add_signature() added Bugfix in lasso_authn_response_add_assertion() method 2004-05-07 Valery Febvre *** empty log message *** 2004-05-06 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** 2004-05-06 Nicolas Clapies add class method constructor new_from_query in LogoutResponse 2004-05-06 Valery Febvre Bugfixes in lasso_node_serialize(), lasso_node_get_attrs() and lasso_node_get_children() methods Removed lasso_node_new_ns() method *** empty log message *** 2 new constructors : lasso_node_new_from_dump() lasso_node_new_from_xmlNode() lasso_node_parse_memory() renamed -> lasso_node_load_from_buffer() minor changes 2004-05-05 Nicolas Clapies add low level of logout response binding binding for low level of logout request and response C class update of LogoutRequest LogoutResponse classes update of constructors 2004-05-05 Valery Febvre *** empty log message *** Added a new method -> lasso_node_copy() 2004-05-05 Nicolas Clapies add enveloping in soap node update ... add soap enveloping method in LassoNode delete lasso_protocol_export_to_soap() function 2004-05-05 Valery Febvre Initail commit a new constructor - lasso_authn_request_new_from_query() a big bug fixes in lasso_query_to_dict() 2004-05-04 Nicolas Clapies minor updates add constructors for LogoutRequest and LogoutResponse add function to build a soap-enveloped lasso node initial version 2004-05-03 Nicolas Clapies update makefile.am for soap add constants for soap 2004-05-03 Valery Febvre *** empty log message *** 4 new SAML Confirmation methods *** empty log message *** *** empty log message *** Methods set_relayState() and set_nameIDPolicy() added in LibAuthnRequest class last version which demonstrates an Authentication Request/Response (more comments) Too many changes, sorry Many many changes only cosmetic Funct lasso_node_set_node() renamed -> lasso_node_set_xmlNode() cosmetic 2004-05-02 Valery Febvre 3 LassoAuthnRequest replaced by LassoRegisterNameIdentifierRequest a bad cast fix In funct name_identifier_mapping_request_new(): args providerID and nameIdentifier : required args nameQualifier and format : optional In funct logout_request_new(): args providerID and nameIdentifier : required args nameQualifier and format : optional Removed funct lasso_authn_response_get_protocolProfile() Added funct lasso_authn_response_process_authentication_result() 3 args removed in lasso_authn_response_new() nico added to authors Initial commit Added funct lasso_authn_request_get_protocolProfile() 2004-04-29 Valery Febvre #include fix *** empty log message *** AuthnRequest added 3 methods and 1 funct added Initial commit 2004-04-28 Valery Febvre a new funct added: lasso_query_get_value() #include replaced by #include lasso_str_verify() renamed -> lasso_query_verify_signature() *** empty log message *** *** empty log message *** *** empty log message *** lasso/protocols/elements/Makefile added Initial commit *** empty log message *** 2004-04-27 Nicolas Clapies add support for binding of NameIdentifierMapping add NameIdentifierMappingRequest/Response class and binding add optional attribute in FederationTerminationNotification 2004-04-27 Valery Febvre Fixed a big boulette 2004-04-27 Nicolas Clapies delete files from cvs 2004-04-27 Valery Febvre *** empty log message *** 2004-04-27 Nicolas Clapies add optional element RelayState add optional element and attribute for LogoutRequest/Response 2004-04-27 Valery Febvre type_name removed in private struct *** empty log message *** 2004-04-27 Nicolas Clapies add fonction to change names of attributes in identitiers 2004-04-27 Valery Febvre Memory leaks fixed again Memory leaks fixed 2004-04-27 Nicolas Clapies remove code changing name of attributes in IDP/SP/OldProvidedNameIdentifier remove files initial version add LogoutRequest/Response, FederationTerminationNotification, RegisterNameIdentifierRequest/Response classes in python 2004-04-26 Valery Febvre 8 SatusCode were added 2004-04-26 Nicolas Clapies build the RegisterNameIdentifierRequest with specific names for name identifiers attributes add federation termination notification high level class add register_name_identifier.h/.c initial version fix conflict in name declaration of functions for name identifiers settings 2004-04-23 Nicolas Clapies add LogoutRequest and LogoutResponse 2004-04-22 Valery Febvre previously named ssoaf_authn_request.c and ssoaf_authn_request.h renamed *** empty log message *** strings type changed: gchar* -> xmlChar* added ssoaf_authn_request.c, ssoaf_authn_request.h, protocol.c and protocol.h nico added in authors list Initial commit *** empty log message *** 2004-04-20 Nicolas Clapies add RegisterNameIdentifierRequest class initial version rename functions for request creation 2004-04-20 Valery Febvre make clean updated 2 methods comments fixed First test version config.h.in added Initial commit lasso-sections.txt removed 2004-04-19 Valery Febvre *** empty log message *** 2004-04-19 Nicolas Clapies add NameIdentifier content in constructors 2004-04-19 Valery Febvre *** empty log message *** 2004-04-19 Nicolas Clapies fix = add support of cplusplus update for classes LogoutRequest and LogoutResponse update functions to create and init logout request / response 2004-04-19 Valery Febvre *** empty log message *** *** empty log message *** 2004-04-19 Nicolas Clapies add saml_response_add_assertion() function add add_assertion method for Response object 2004-04-18 Valery Febvre Added lasso.pc.in to used pkg-config 2004-04-17 Valery Febvre Remove class->set_ns() useless Used new method set_ns() instead of new_ns() (in *_instance_init() methods) *** empty log message *** cosmetic, many g_return_* added, a new method lasso_node_set_ns() (will replaced lasso_node_new_ns()) 2004-04-16 Nicolas Clapies fix : logout_request_getattr(self, name) add lasso_request_create() declaration 2004-04-16 Valery Febvre Removed a call to fcunt lasso_samlp_response_add_assertion() in excess 2004-04-16 Nicolas Clapies request and response definition blablabla ... add Request and Response class definition in function lasso_authn_response_init() add issueInstant and InResponseTo 2004-04-15 Valery Febvre *** empty log message *** *** empty log message *** Clean-ups, cosmetics and memory leaks fixed 2004-04-15 Nicolas Clapies add functions for Request and Response messages 2004-04-15 Valery Febvre *** empty log message *** 2004-04-15 Nicolas Clapies delete file fix : return a string the lasso_node_dump() function add include for samlp_request.h 2004-04-14 Valery Febvre lasso_node_dump() public method now returns a string (instead of void) Added public method lasso_node_parse_memory() *** empty log message *** 2004-04-13 Valery Febvre *** empty log message *** 2004-04-13 Nicolas Clapies add samlp Request compilation initial version 2004-04-13 Valery Febvre *** empty log message *** *** empty log message *** 2004-04-13 Nicolas Clapies add logout options compiling 2004-04-13 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** 2004-04-09 Nicolas Clapies initial version add logout stuffs bindings first high level functions 2004-04-09 Valery Febvre *** empty log message *** Some clean-ups *** empty log message *** Added function lasso_node_verify_signature() 2004-04-08 Valery Febvre generator_lasso_strings.py *** empty log message *** 2004-04-08 Emmanuel Raviart 80 columns. 2004-04-08 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** 2004-04-07 Valery Febvre *** empty log message *** 2004-04-07 Nicolas Clapies fix constructor lasso_saml_name_identifier_new(nameIdentifier) in lasso_build_nameIdentifier 2004-04-07 Valery Febvre *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** *** empty log message *** Many modifications 2004-04-06 Valery Febvre Added virtual public method lasso_node_get_content() Used lasso_node_get_child instead() of class->get_child() Fixed many compilation warnings. Virtual private methods lasso_node_get_attr(), lasso_node_get_attrs(), lasso_node_get_child() and lasso_node_get_children() became virtual public Fixed compilation warnings (casts missing) Fixed compile warning (casts missing) Fixed compile warning schema replaced by xml Files moved. Initialy located in lasso/schema/ directory 2004-04-04 Valery Febvre lasso/Makefile.am remove lasso/bindings/Makefile (directory lasso/bindings will be not used anymore) 2004-04-02 Nicolas Clapies initial version fix types of some parameters add function lasso_build_authnRequest_must_autenthicate 2004-04-02 Valery Febvre Initial commit Fct lasso_shutdown() now return int values. 2004-04-01 Nicolas Clapies use function lasso_lib_subject_new() instead of lasso_saml_subject_new() fix : use function lasso_lib_authentication_statement_new() instead of lasso_saml_authentication_statement_new() add function lasso_build_authnRequest_from_query 2004-04-01 Valery Febvre Added arg protocolProfile in fct lasso_build_full_authnRequest() 2004-04-01 Nicolas Clapies add functions lasso_build_assertion lasso_build_authenticationStatement add methods lasso_build_full_logoutRequest lasso_build_full_logoutResponse add methods lasso_build_full_federationTerminationNotification add lasso_build_full_registerNameIdentifierRequest lasso_build_full_registerNameIdentifierResponse 2004-04-01 Valery Febvre Ooops, add missing return for funct lasso_build_authnRequest() 2004-03-30 Valery Febvre Added some cosmetics, comment headers, #ifdef ... Added HEADER 2004-03-30 Nicolas Clapies add includes of high level functions of class building. set prototype of common functions for encoding and signing initial version fix type parameters from const char to const xmlChar. add function to build response 2004-03-29 Valery Febvre const char * convert into const xmlChar * Added *.lo, *.la, .deps, .libs 2004-03-29 Nicolas Clapies initial version add lasso_build_authnRequest method add protocols Makefile support add support of protocols initial version 2004-03-24 Nicolas Clapies add comments about little problems with implementation of name identifier mapping request class and question about implementation of nodes 2004-03-23 Valery Febvre Added *.lo, *.la, .deps, .libs Initial version Initial revision