This function is supposed to return the value of the entry we are
looking for, but instead it returned the name. Fix it to return the
value.
Also, fix exit condition on for-loop.
This fixes NameID-based logout.
The session entry size isn't known on compile time, so we must
actually calculate the offset at runtime.
This fixes a nasty bug where we would randomly overwrite session
entries.
Apperently some IdPs like PicketLink insist they reaaaally want to see
AssertionConsumerServiceURL as part of the Authentication Request.
Provide it if allowed by the SP metadata.
Signed-off-by: Simo Sorce <simo@redhat.com>
Just make it clear that we should always be using init_cache_size. In
practice this commit doesn't actually affect the program, it just
clarifies the code.
We free the first element of a linked list, but not the data nor the
subsequent elements. Fix that by first iterating through the list
freeing the elements and then freeing the list using g_list_free().
We could have used g_list_free_full, but that requires version 2.28
of GLib, which is still slightly too recent.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@237 a716ebb1-153a-0410-b759-cfb97c6a1b53
Using the previously introduced storage facility convert storage of the
user name from being constrained to fixed sized strings to being
constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@236 a716ebb1-153a-0410-b759-cfb97c6a1b53
Using the previously introduced storage facility convert storage of env
key/value pairs from being constrained to fixed sized strings to being
constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@235 a716ebb1-153a-0410-b759-cfb97c6a1b53
Using the previously introduced storage facility converts storage
of lasso_saml_reponse from being constrained to a fixed sized string
to being constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@234 a716ebb1-153a-0410-b759-cfb97c6a1b53
Using the previously introduced storage facility converts storage
of lasso_session from being constrained to a fixed sized string
to being constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@233 a716ebb1-153a-0410-b759-cfb97c6a1b53
Using the previously introduced storage facility converts storage
of lasso_identity from being constrained to a fixed sized string
to being constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@232 a716ebb1-153a-0410-b759-cfb97c6a1b53
This pool has a fixed size and the aim is to avoid arbitrary limits
on entry's components, while maintaining an overall fixed entry size.
Accessors function for a storage unit are provided for future use.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@231 a716ebb1-153a-0410-b759-cfb97c6a1b53
Some of the following patches use features from C99, so make sure that
we are compiling using that version.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@230 a716ebb1-153a-0410-b759-cfb97c6a1b53
In case we are going to return a HTTP_UNAUTHORIZED
error we can also redirect the client to an admin chosen
page to let the application handle the error on its own.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
Idps may decide to deny authentication for a variety of reasons.
In such a case they will post to the application with an unsuccessful
status error code.
Handle the case by returning a more appropriate 401 Unauthorized
HTTP error code.
iDo this using an extensible mechanism to map arbitrary lasso errors
to HTTP errors.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
The -Wunused-but-set-variable option will cause a warning that
idp_public_key_file is set but never used when
HAVE_lasso_server_load_metadata is defined.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@225 a716ebb1-153a-0410-b759-cfb97c6a1b53
This patch changes the headers sent to prevent errornous caching of the
responses sent to only use a single header:
Cache-Control: private, must-revalidate
This single header should ensure that the data isn't shared between
multiple users, and that the browser checks that the content is still
valid for each request (enabling logout to work as expected).
This drops the Exires-header, which should be unnecessary since all
modern browsers support the Cache-Control-header.
Thanks to Arthur Müller for providing this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@223 a716ebb1-153a-0410-b759-cfb97c6a1b53
In the case where the error "LASSO_PROFILE_ERROR_SESSION_NOT_FOUND"
occurs during lasso_logout_validate_request(), we weren't releasing
the session mutex, which will lead to a deadlock in the next request
that needs to access a session. This patch makes sure we properly
release session in that case.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@221 a716ebb1-153a-0410-b759-cfb97c6a1b53
The configuration directive declaration was missing the parameter
describing where the data from the option was stored. The result is
that we access invalid memory during configuration parsing, leading to
a segmentation fault.
As far as I can tell, this error has always been present, so this
option hasn't worked before.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@220 a716ebb1-153a-0410-b759-cfb97c6a1b53
The HTTP-Artifact response is also allowed to be sent as a POST request.
This patch adds support for loading those responses.
Thanks to Nikola Ivačič for implementing this!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@217 a716ebb1-153a-0410-b759-cfb97c6a1b53
Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be
set to 1.
The default in cURL has been to validate both the certificate and the
host since 2002. Setting these options is therefore unnecessary.
Thanks to Nikola Ivačič for notifying us about this problem!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
This option allows you to set environment variables without the
"MELLON_" prefix.
Thanks to Laas Toom for implementing this!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
Apache has fixed a bug/misfeature where
ap_unescape_url_keep2f() decoded %2f-escapes. This leaves us with no
functions that can be used to urldecode strings, so we have to roll
our own.
If we drop support for Apache 2.2, we can use
ap_unescape_urlencoded().
See: http://svn.apache.org/viewvc?view=revision&revision=578332
git-svn-id: https://modmellon.googlecode.com/svn/trunk@206 a716ebb1-153a-0410-b759-cfb97c6a1b53
In the case where we are missing the repost data, we currently
display a 400 Bad Request error. This patch changes the code to
redirect to the end URL instead, which at least has a chance to
work.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@202 a716ebb1-153a-0410-b759-cfb97c6a1b53
We were mixing microseconds and seconds, causing us to always delete
all the repost data. This patch fixes the comparison, and also
optimizes it a bit.
Thanks to Matthew Slowe for diagnosing this bug!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@201 a716ebb1-153a-0410-b759-cfb97c6a1b53
I accidentally committed a revert that I had done for debugging.
This commit reverts the revert :)
git-svn-id: https://modmellon.googlecode.com/svn/trunk@197 a716ebb1-153a-0410-b759-cfb97c6a1b53
Instead of relying on the Lasso library including GLib for us,
we should link directly with it.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@194 a716ebb1-153a-0410-b759-cfb97c6a1b53
Olav Morken
Simo Sorce
olavmrk
manu@netbsd.org