Merge branch 'hotfixes-2.3.3' into release

This commit is contained in:
Benjamin Dauvergne 2010-10-01 19:13:31 +02:00
commit 0bd4c25a24
266 changed files with 878 additions and 401 deletions

35
NEWS
View File

@ -1,7 +1,40 @@
NEWS
====
2.3.2 - Septembre 7th 2010
2.3.3 - October 1st 2010
------------------------
44 commits, 264 files changed, 858 insertions, 401 deletions
Generic:
* Fixed a lot of memleaks thanks to valgrind, the greatest tool on earth (with
coccinelle).
* Add missing annotation creating memleaks in python binding (on lasso_*_dump king of methods).
* Fix bad inclusion of an ID-WSF include file when ID-WSF support is not enabled
* Benchmarking program was updated to measure each part of a WebSSO
independently (AuthnRequest generation/processing, AuthnResponse
generation/processing).
* Add new macro lasso_strisequal and lasso_strisnotequal to avoid errors with
strcmp. (Thanks to coccinelle semantic patches).
SAMLv2:
* Add uniform support for LassoProfileVerifySignatureHint for other profiles
than WebSSO.
* Report signature errors in response to NameIDNanagement requests
* Fix wrong use of macro lasso_foreach breaking the mecanism for finding a
default assertion consumer.
* Behaviour of lasso_login_build_assertion was modified:
- when the NameIDPolicy lacks a Format attribute or the Format attribute is
the unspecified format (see the spec for the corresponding URN). Now it
results in a transient nameid being generated. If you want it to be
persistent you must change it before calling this method.
- the setting of the SubjectConfirmationData->NotOnOrAfter attribute was
restored as it is mandated by the WebSSO profile. It's the same value as
Conditions->NotOnOrAfter.
* Fix missing initialization of Destination attribute on Samlp2StatusResponse
object for synchronous bindings (Redirect & Post)
2.3.2 - September 7th 2010
--------------------------
* Fix bug in increment of the libtool version info, increasing the SONAME

View File

@ -549,8 +549,8 @@ def parse_header(header_file):
def parse_headers(srcdir):
wsf_prefixes = ['disco_', 'dst_', 'is_', 'profile_service_', 'discovery_',
'wsf_', 'interaction_', 'utility_', 'sa_', 'soap_', 'authentication_',
'wsse_', 'sec_', 'idwsf2_', 'wsf2_', 'wsa_', 'wsu']
'wsf_', 'interaction_', 'utility_', 'sa_', 'authentication_',
'wsse_', 'sec_', 'idwsf2_', 'wsf2_', 'wsa_', 'wsu', 'soap_binding']
srcdir = os.path.abspath(srcdir)
parentdir = os.path.dirname(srcdir)

View File

@ -8,6 +8,7 @@
#include "../ghashtable.h"
#include "../../lasso/utils.h"
#include "../utils.c"
#include "../../lasso/backward_comp.h"
#define LASSO_ROOT "com/entrouvert/lasso/"
#define check_exception (*env)->ExceptionCheck(env)
@ -544,7 +545,7 @@ remove_from_list_of_strings(JNIEnv *env, GList **list, jstring jstr) {
g_error_if_fail(env && list);
lasso_return_val_if_fail(jstr, 1);
lasso_return_val_if_fail(jstring_to_local_string(env, jstr, &local_string), 0);
found = g_list_find_custom(*list, local_string, (GCompareFunc)strcmp);
found = g_list_find_custom(*list, local_string, (GCompareFunc)g_strcmp0);
if (found) {
g_free(found->data);
*list = g_list_delete_link(*list, found);

View File

@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
dnl first number.
dnl - Third number is the current API version implementation version number.
dnl See libtool explanations about current, age and release, later in this file.
AC_INIT([lasso], 2.3.2, lasso-devel@lists.labs.libre-entreprise.org)
AC_INIT([lasso], 2.3.3, lasso-devel@lists.labs.libre-entreprise.org)
dnl Check if autoconf ver > 2.53
AC_PREREQ(2.53)
AC_CONFIG_MACRO_DIR([m4])
@ -184,7 +184,7 @@ dnl - interfaces removed -> AGE = 0
# m = a
# r = r
current=`expr $VERSION_MAJOR + $VERSION_MINOR`
LASSO_VERSION_INFO="12:0:9"
LASSO_VERSION_INFO="12:1:9"
AC_SUBST(LASSO_VERSION_INFO)
dnl Compute the minimal supported ABI version for Win32 scripts and resources files.

View File

@ -61,6 +61,10 @@
</SVNRepository>
</repository>
<release>
<Version>
<created>2010-10-01</created>
<revision>2.3.3</revision>
</Version>
<Version>
<created>2010-09-07</created>
<revision>2.3.2</revision>

View File

@ -377,7 +377,7 @@ lasso_identity_new_from_dump(const gchar *dump)
*
* Dumps @identity content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_identity_dump(LassoIdentity *identity)

View File

@ -2413,7 +2413,7 @@ lasso_login_new_from_dump(LassoServer *server, const gchar *dump)
*
* Dumps @login content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_login_dump(LassoLogin *login)

View File

@ -1405,7 +1405,7 @@ lasso_logout_new_from_dump(LassoServer *server, const char *dump)
*
* Dumps @logout content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_logout_dump(LassoLogout *logout)

View File

@ -770,7 +770,7 @@ lasso_name_registration_new_from_dump(LassoServer *server, const char *dump)
*
* Dumps @name_registration content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar *
lasso_name_registration_dump(LassoNameRegistration *name_registration)

View File

@ -49,6 +49,10 @@
#include "../xml/soap-1.1/soap_fault.h"
#include "../utils.h"
#include "../debug.h"
#ifdef LASSO_WSF_ENABLED
#include "../xml/idwsf_strings.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#endif
/*****************************************************************************/
/* public functions */
@ -201,6 +205,9 @@ lasso_profile_get_request_type_from_soap_msg(const gchar *soap)
type = LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING;
} else if (strcmp(name, "AuthnRequest") == 0) {
type = LASSO_REQUEST_TYPE_LECP;
} else if (strcmp(name, "ManageNameIDRequest") == 0) {
type = LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT;
#ifdef LASSO_WSF_ENABLED
} else if (strcmp(name, "Query") == 0) {
if (strcmp((char*)ns->href, LASSO_DISCO_HREF) == 0) {
type = LASSO_REQUEST_TYPE_DISCO_QUERY;
@ -217,12 +224,11 @@ lasso_profile_get_request_type_from_soap_msg(const gchar *soap)
}
} else if (strcmp(name, "SASLRequest") == 0) {
type = LASSO_REQUEST_TYPE_SASL_REQUEST;
} else if (strcmp(name, "ManageNameIDRequest") == 0) {
type = LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT;
} else if (strcmp(name, "SvcMDRegister") == 0) {
type = LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER;
} else if (strcmp(name, "SvcMDAssociationAdd") == 0) {
type = LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD;
#endif
} else {
message(G_LOG_LEVEL_WARNING, "Unknown node name : %s", name);
}
@ -743,7 +749,7 @@ LassoProviderRole lasso_profile_sso_role_with(LassoProfile *profile, const char
return LASSO_PROVIDER_ROLE_NONE;
/* coherency check */
g_return_val_if_fail(g_strcmp0(federation->remote_providerID, remote_provider_id) == 0,
g_return_val_if_fail(lasso_strisequal(federation->remote_providerID,remote_provider_id),
LASSO_PROVIDER_ROLE_NONE);
if (LASSO_IS_SAML2_NAME_ID(federation->local_nameIdentifier)) {
@ -758,9 +764,9 @@ LassoProviderRole lasso_profile_sso_role_with(LassoProfile *profile, const char
message(G_LOG_LEVEL_WARNING, "a federation without a NameID was found");
return LASSO_PROVIDER_ROLE_NONE;
}
if (g_strcmp0(remote_provider_id, name_qualifier) == 0) {
if (lasso_strisequal(remote_provider_id,name_qualifier)) {
return LASSO_PROVIDER_ROLE_SP;
} else if (g_strcmp0(provider_id, name_qualifier) == 0) {
} else if (lasso_strisequal(provider_id,name_qualifier)) {
return LASSO_PROVIDER_ROLE_IDP;
}
return LASSO_PROVIDER_ROLE_NONE;

View File

@ -632,7 +632,7 @@ _lasso_provider_load_key_descriptor(LassoProvider *provider, xmlNode *key_descri
private_data = provider->private_data;
use = xmlGetProp(key_descriptor, (xmlChar*)"use");
if (use == NULL || g_strcmp0((char*)use, "signing") == 0) {
if (use == NULL || lasso_strisequal((char *)use,"signing")) {
lasso_assign_xml_node(private_data->signing_key_descriptor, key_descriptor);
}
if (use == NULL || strcmp((char*)use, "encryption") == 0) {
@ -789,6 +789,16 @@ free_list_strings(GList *list)
lasso_release_list_of_strings(list);
}
static void
lasso_endpoint_free(EndpointType *endpoint_type) {
g_free(endpoint_type->binding);
g_free(endpoint_type->url);
g_free(endpoint_type->kind);
g_free(endpoint_type->return_url);
g_free(endpoint_type);
}
static void
dispose(GObject *object)
{
@ -840,6 +850,7 @@ dispose(GObject *object)
provider->private_data->affiliation_id = NULL;
lasso_release(provider->private_data->affiliation_owner_id);
provider->private_data->affiliation_owner_id = NULL;
lasso_release_list_of_full(provider->private_data->endpoints, lasso_endpoint_free);
G_OBJECT_CLASS(parent_class)->dispose(G_OBJECT(provider));
}
@ -859,15 +870,6 @@ finalize(GObject *object)
/* instance and class init functions */
/*****************************************************************************/
void
lasso_endpoint_free(EndpointType *endpoint_type) {
g_free(endpoint_type->binding);
g_free(endpoint_type->url);
g_free(endpoint_type->kind);
g_free(endpoint_type->return_url);
g_free(endpoint_type);
}
static void
instance_init(LassoProvider *provider)
{
@ -889,7 +891,6 @@ instance_init(LassoProvider *provider)
provider->private_data->encryption_public_key = NULL;
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128;
lasso_release_list_of_full(provider->private_data->endpoints, lasso_endpoint_free);
/* no value_destroy_func since it shouldn't destroy the GList on insert */
provider->private_data->Descriptors = g_hash_table_new_full(

View File

@ -703,7 +703,7 @@ lasso_server_new_from_dump(const gchar *dump)
*
* Dumps @server content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_server_dump(LassoServer *server)

View File

@ -376,7 +376,7 @@ lasso_session_is_dirty(LassoSession *session)
gint
lasso_session_remove_assertion(LassoSession *session, const gchar *providerID)
{
if (! LASSO_IS_SESSION(session) || lasso_is_empty_string(providerID)) {
if (! LASSO_IS_SESSION(session) || lasso_strisempty(providerID)) {
return LASSO_PARAM_ERROR_INVALID_VALUE;
}
@ -756,7 +756,7 @@ lasso_session_new_from_dump(const gchar *dump)
*
* Dumps @session content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_session_dump(LassoSession *session)

View File

@ -35,6 +35,7 @@
#include <libxml/xpathInternals.h>
#include "./data_service.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../xml/id-wsf-2.0/disco_service_type.h"
#include "../xml/id-wsf-2.0/dstref_query.h"
@ -99,8 +100,8 @@ gint
lasso_idwsf2_data_service_set_service_type(LassoIdWsf2DataService *service, const char *prefix,
const char *service_type)
{
if (!LASSO_IS_IDWSF2_DATA_SERVICE(service) || lasso_is_empty_string(prefix)
|| lasso_is_empty_string(service_type))
if (!LASSO_IS_IDWSF2_DATA_SERVICE(service) || lasso_strisempty(prefix)
|| lasso_strisempty(service_type))
return LASSO_PARAM_ERROR_INVALID_VALUE;
lasso_assign_string(service->private_data->service_type_prefix, prefix);
lasso_assign_string(service->private_data->service_type, service_type);
@ -258,7 +259,7 @@ lasso_idwsf2_data_service_add_query_item(LassoIdWsf2DataService *service, const
/* Check duplicates */
lasso_foreach(i, service->private_data->query_items) {
LassoIdWsf2DstRefQueryItem *old_item = (LassoIdWsf2DstRefQueryItem *)i->data;
if (g_strcmp0(old_item->parent.parent.itemID, item_id) == 0) {
if (lasso_strisequal(old_item->parent.parent.itemID,item_id)) {
return LASSO_IDWSF2_DST_ERROR_DUPLICATE_ITEM;
}
}
@ -297,7 +298,7 @@ lasso_idwsf2_data_service_add_modify_item(LassoIdWsf2DataService *service, const
}
lasso_foreach(i, service->private_data->modify_items) {
LassoIdWsf2DstRefModifyItem *old_item = (LassoIdWsf2DstRefModifyItem *)i->data;
if (g_strcmp0(old_item->id, item_id) == 0) {
if (lasso_strisequal(old_item->id,item_id)) {
return LASSO_IDWSF2_DST_ERROR_DUPLICATE_ITEM;
}
}
@ -390,7 +391,7 @@ lasso_idwsf2_data_service_get_item(LassoIdWsf2DataService *service,
}
lasso_foreach(i, service->private_data->query_items) {
LassoIdWsf2DstRefQueryItem *old_item = (LassoIdWsf2DstRefQueryItem *)i->data;
if (g_strcmp0(old_item->parent.parent.itemID, item_id) == 0) {
if (lasso_strisequal(old_item->parent.parent.itemID,item_id)) {
return (LassoNode*)old_item;
}
}
@ -404,7 +405,7 @@ lasso_idwsf2_data_service_get_item(LassoIdWsf2DataService *service,
}
lasso_foreach(i, service->private_data->modify_items) {
LassoIdWsf2DstRefModifyItem *old_item = (LassoIdWsf2DstRefModifyItem *)i->data;
if (g_strcmp0(old_item->id, item_id) == 0) {
if (lasso_strisequal(old_item->id,item_id)) {
return (LassoNode*)old_item;
}
}
@ -427,12 +428,12 @@ gint
lasso_idwsf2_data_service_add_namespace(LassoIdWsf2DataService *service, const char *prefix,
const char *href)
{
if (xmlValidateNCName(BAD_CAST prefix, 0) && ! lasso_is_empty_string(href))
if (xmlValidateNCName(BAD_CAST prefix, 0) && ! lasso_strisempty(href))
return LASSO_PARAM_ERROR_INVALID_VALUE;
if (g_hash_table_lookup(service->private_data->namespaces, prefix) != NULL ||
g_strcmp0(service->private_data->service_type_prefix, prefix) == 0 ||
g_strcmp0(prefix, LASSO_IDWSF2_DSTREF_PREFIX) == 0) {
lasso_strisequal(service->private_data->service_type_prefix,prefix) ||
lasso_strisequal(prefix,LASSO_IDWSF2_DSTREF_PREFIX)) {
return LASSO_PARAM_ERROR_INVALID_VALUE;
}
@ -832,13 +833,13 @@ lasso_idwsf2_data_service_process_response_msg(
if (! status || ! status->code) {
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_MISSING_STATUS_CODE);
}
if (g_strcmp0(status->code, LASSO_DST2_STATUS_CODE1_FAILED) == 0) {
if (lasso_strisequal(status->code,LASSO_DST2_STATUS_CODE1_FAILED)) {
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS);
}
if (g_strcmp0(status->code, LASSO_DST2_STATUS_CODE1_PARTIAL) == 0) {
if (lasso_strisequal(status->code,LASSO_DST2_STATUS_CODE1_PARTIAL)) {
rc = LASSO_IDWSF2_DST_ERROR_PARTIAL_FAILURE;
}
if (g_strcmp0(status->code, LASSO_DST2_STATUS_CODE1_OK) != 0) {
if (lasso_strisnotequal(status->code,LASSO_DST2_STATUS_CODE1_OK)) {
rc = LASSO_IDWSF2_DST_ERROR_UNKNOWN_STATUS_CODE;
}
@ -909,7 +910,7 @@ lasso_idwsf2_data_service_get_query_item_result(LassoIdWsf2DataService *service,
}
lasso_foreach(i, service->private_data->query_datas) {
LassoIdWsf2DstRefData *data = (LassoIdWsf2DstRefData*)i->data;
if (g_strcmp0(data->parent.itemIDRef, item_id) == 0) {
if (lasso_strisequal(data->parent.itemIDRef,item_id)) {
return data;
}
}

View File

@ -83,6 +83,7 @@
#include "../id-ff/providerprivate.h"
#include "./discovery.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "./soap_binding.h"
#include "./idwsf2_helper.h"
#include "./saml2_login.h"
@ -226,7 +227,7 @@ lasso_idwsf2_discovery_status2rc(LassoIdWsf2UtilStatus *status)
return LASSO_PROFILE_ERROR_MISSING_STATUS_CODE;
for (i = 0; i < G_N_ELEMENTS(code2rc); ++i) {
if (g_strcmp0(status->code, code2rc[i].code) == 0) {
if (lasso_strisequal(status->code,code2rc[i].code)) {
rc = code2rc[i].rc;
}
}
@ -571,7 +572,7 @@ lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
GList *i;
lasso_foreach(i, discovery->private_data->metadatas) {
LassoIdWsf2DiscoSvcMetadata *metadata = (LassoIdWsf2DiscoSvcMetadata *)i->data;
if (lasso_is_empty_string(metadata->svcMDID)) {
if (lasso_strisempty(metadata->svcMDID)) {
message(G_LOG_LEVEL_WARNING, "disco:MetadataReplace method called with " \
"non registered metadatas " \
"(svcMDID attribute is missing)");
@ -826,7 +827,7 @@ _string_list_intersect(GList *a, GList *b)
lasso_foreach(i, a)
{
lasso_foreach(j, b)
if (g_strcmp0(i->data, j->data) == 0) {
if (lasso_strisequal(i->data,j->data)) {
return TRUE;
}
}
@ -841,7 +842,7 @@ _string_list_contains(GList *a, const char *str)
if (a == NULL)
return TRUE;
lasso_foreach(i, a)
if (g_strcmp0(i->data, str) == 0) {
if (lasso_strisequal(i->data,str)) {
return TRUE;
}
return FALSE;
@ -916,7 +917,7 @@ lasso_idwsf2_discovery_match_request_service_and_metadata2(
gboolean has20 = FALSE;
lasso_foreach (k, endpoint_context->Framework) {
LassoIdWsf2SbfFramework *framework = k->data;
if (LASSO_IS_IDWSF2_SBF_FRAMEWORK(framework) && g_strcmp0(framework->version, "2.0") == 0)
if (LASSO_IS_IDWSF2_SBF_FRAMEWORK(framework) && lasso_strisequal(framework->version,"2.0"))
has20 = TRUE;
}
result = result && has20;
@ -1033,7 +1034,7 @@ lasso_idwsf2_discovery_validate_md_register(LassoIdWsf2Discovery *discovery)
response = lasso_idwsf2_disco_svc_md_register_response_new();
response->Status =
lasso_idwsf2_util_status_new_with_code(LASSO_DISCO_STATUS_CODE_OK, NULL);
lasso_idwsf2_util_status_new_with_code(LASSO_IDWSF2_DISCOVERY_STATUS_CODE_OK, NULL);
for (SvcMDs = discovery->private_data->metadatas; SvcMDs != NULL; SvcMDs = g_list_next(SvcMDs)) {
lasso_list_add_string(response->SvcMDID,
LASSO_IDWSF2_DISCO_SVC_METADATA(SvcMDs->data)->svcMDID);

View File

@ -23,6 +23,7 @@
*/
#include "identity.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../utils.h"
#include "../id-ff/identity.h"
#include "../id-ff/identityprivate.h"

View File

@ -23,6 +23,7 @@
*/
#include "./idwsf2_helper.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../xml/id-wsf-2.0/disco_abstract.h"
#include "../xml/id-wsf-2.0/disco_service_type.h"
#include "../xml/id-wsf-2.0/disco_provider_id.h"
@ -114,7 +115,7 @@ lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism(
lasso_foreach_full_begin(LassoIdWsf2DiscoSecurityContext*, context, it1, epr->Metadata->any);
if (LASSO_IS_IDWSF2_DISCO_SECURITY_CONTEXT (context)) {
lasso_foreach_full_begin(char*, textnode, it2, context->SecurityMechID);
if (g_strcmp0 (textnode, security_mech_id) == 0 || sech_mech_predicate(textnode)) {
if (lasso_strisequal(textnode,security_mech_id) || sech_mech_predicate(textnode)) {
return context;
}
lasso_foreach_full_end()
@ -164,7 +165,7 @@ lasso_wsa_endpoint_reference_get_token_by_usage(
epr, sec_mech_predicate, security_mech_id, TRUE);
lasso_foreach_full_begin (LassoIdWsf2SecToken*, token, iter, security_context->Token);
if (LASSO_IS_IDWSF2_SEC_TOKEN (token)) {
if (usage && g_strcmp0(token->usage, usage) == 0) {
if (usage && lasso_strisequal(token->usage,usage)) {
if (LASSO_IS_NODE(token->any)) {
return (LassoNode*)token->any;
} else if (token->ref) {

View File

@ -38,6 +38,8 @@
#include "../saml-2.0/profileprivate.h"
#include "profile.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../xml/idwsf_strings.h"
#include "session.h"
#include "../xml/soap-1.1/soap_fault.h"
@ -433,7 +435,7 @@ lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
name_qualifier = assertion->Subject->NameID->NameQualifier;
sp_name_qualifier = assertion->Subject->NameID->SPNameQualifier;
}
if (! name_qualifier || g_strcmp0(name_qualifier, issuer->ProviderID) != 0)
if (! name_qualifier || lasso_strisnotequal(name_qualifier,issuer->ProviderID))
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_ASSERTION);
/* There is two cases for the NameID of the security assertion:
* - we are the IdP and the Wsp, so the NameQualifier is us and the SPNameQualifier is the
@ -447,10 +449,10 @@ lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
sender_id = lasso_soap_envelope_sb2_get_provider_id(envelope);
if (! sender_id)
goto_cleanup_with_rc(LASSO_WSF_PROFILE_ERROR_MISSING_SENDER_ID);
if (local_service_id && g_strcmp0(local_service_id, name_qualifier) == 0 &&
sp_name_qualifier && g_strcmp0(sp_name_qualifier, sender_id) == 0) {
if (local_service_id && lasso_strisequal(local_service_id,name_qualifier) &&
sp_name_qualifier && lasso_strisequal(sp_name_qualifier,sender_id)) {
/* Ok. */
} else if (sp_name_qualifier && g_strcmp0(sp_name_qualifier, local_service_id) == 0) {
} else if (sp_name_qualifier && lasso_strisequal(sp_name_qualifier,local_service_id)) {
/* Ok. */
} else {
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_ASSERTION);

View File

@ -23,6 +23,7 @@
*/
#include "./saml2_login.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "identity.h"
#include "server.h"
#include "session.h"
@ -240,7 +241,7 @@ lasso_saml2_assertion_idwsf2_get_discovery_bootstrap_epr(LassoSaml2Assertion *as
continue;
attribute = LASSO_SAML2_ATTRIBUTE(j->data);
if (g_strcmp0(attribute->Name, LASSO_SAML2_ATTRIBUTE_NAME_EPR) != 0)
if (lasso_strisnotequal(attribute->Name,LASSO_SAML2_ATTRIBUTE_NAME_EPR))
continue;
/* There should only one attribute value, and the EPR should be the first
* contained node */

View File

@ -23,6 +23,7 @@
*/
#include "server.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../id-ff/server.h"
#include "../id-ff/serverprivate.h"
#include "../xml/id-wsf-2.0/disco_svc_metadata.h"

View File

@ -26,6 +26,7 @@
* SECTION:idwsf2-session-extension
*/
#include "session.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../utils.h"
#include "../id-ff/session.h"
#include "../id-ff/sessionprivate.h"

View File

@ -23,6 +23,8 @@
*/
#include "./soap_binding.h"
#include "../xml/idwsf_strings.h"
#include "../xml/id-wsf-2.0/idwsf2_strings.h"
#include "../xml/id-wsf-2.0/sb2_sender.h"
#include "../xml/id-wsf-2.0/sb2_redirect_request.h"
#include "../xml/id-wsf-2.0/sb2_user_interaction_header.h"
@ -238,7 +240,7 @@ lasso_soap_envelope_get_action(LassoSoapEnvelope *soap_envelope)
lasso_foreach(i, soap_envelope->Header->Other) {
if (LASSO_IS_WSA_ATTRIBUTED_URI(i->data)
&& g_strcmp0(lasso_node_get_name((LassoNode*)i->data), "Action")) {
&& lasso_strisequal(lasso_node_get_name((LassoNode *)i->data),"Action")) {
return ((LassoWsAddrAttributedURI*)i->data)->content;
}
}
@ -271,9 +273,9 @@ _get_node(GList **list, GType node_type, const char *node_name, const char *node
if (LASSO_IS_NODE(node) &&
(! node_type || ( G_IS_OBJECT(node) && G_OBJECT_TYPE(node) == node_type)) &&
(! node_name || g_strcmp0(lasso_node_get_name(node), node_name) == 0) &&
(! node_name || lasso_strisequal(lasso_node_get_name(node),node_name)) &&
(! node_namespace ||
g_strcmp0(lasso_node_get_namespace(node), node_namespace) == 0)) {
lasso_strisequal(lasso_node_get_namespace(node),node_namespace))) {
return node;
}
}
@ -282,10 +284,10 @@ _get_node(GList **list, GType node_type, const char *node_name, const char *node
if (! node) {
return NULL;
}
if (g_strcmp0(lasso_node_get_name(node), node_name) != 0) {
if (lasso_strisnotequal(lasso_node_get_name(node),node_name)) {
lasso_node_set_custom_nodename(node, node_name);
}
if (g_strcmp0(lasso_node_get_namespace(node), node_namespace) == 0) {
if (lasso_strisequal(lasso_node_get_namespace(node),node_namespace)) {
lasso_node_set_custom_namespace(node, node_namespace, node_prefix);
}
lasso_list_add_new_gobject(*list, node);
@ -435,11 +437,11 @@ lasso_soap_envelope_get_sb2_user_interaction_hint(LassoSoapEnvelope *soap_envelo
header = lasso_soap_envelope_get_sb2_user_interaction_header(soap_envelope, FALSE);
if (header) {
hint = header->interact;
if (g_strcmp0(hint, LASSO_SB2_USER_INTERACTION_INTERACT_IF_NEEDED) == 0)
if (lasso_strisequal(hint,LASSO_SB2_USER_INTERACTION_INTERACT_IF_NEEDED))
return LASSO_IDWSF2_SB2_USER_INTERACTION_HINT_INTERACT_IF_NEEDED;
if (g_strcmp0(hint, LASSO_SB2_USER_INTERACTION_DO_NOT_INTERACT) == 0)
if (lasso_strisequal(hint,LASSO_SB2_USER_INTERACTION_DO_NOT_INTERACT))
return LASSO_IDWSF2_SB2_USER_INTERACTION_HINT_DO_NOT_INTERACT;
if (g_strcmp0(hint, LASSO_SB2_USER_INTERACTION_DO_NOT_INTERACT_FOR_DATA) == 0)
if (lasso_strisequal(hint,LASSO_SB2_USER_INTERACTION_DO_NOT_INTERACT_FOR_DATA))
return LASSO_IDWSF2_SB2_USER_INTERACTION_HINT_DO_NOT_INTERACT_FOR_DATA;
}

View File

@ -24,6 +24,7 @@
#include "../utils.h"
#include "./authentication.h"
#include "../xml/idwsf_strings.h"
#include "../xml/private.h"
#include "../xml/sa_sasl_request.h"
#include "../xml/sa_sasl_response.h"

View File

@ -63,6 +63,7 @@
#include "./discovery.h"
#include "./data_service.h"
#include "../xml/idwsf_strings.h"
#include "../xml/dst_query.h"
#include "../xml/dst_query_response.h"
#include "../xml/dst_modify.h"
@ -236,8 +237,8 @@ lasso_data_service_get_query_item(LassoDataService *service,
{
LassoDstQueryItem *query_item = NULL;
lasso_extract_node_or_fail(query_item, query_items->data, DST_QUERY_ITEM, LASSO_ERROR_CAST_FAILED);
if ((select && g_strcmp0(select, query_item->Select) == 0) ||
(item_id && g_strcmp0(item_id, query_item->itemID) == 0))
if ((select && lasso_strisequal(select,query_item->Select)) ||
(item_id && lasso_strisequal(item_id,query_item->itemID)))
{
if (output) {
lasso_assign_new_gobject(*output, query_item);
@ -430,7 +431,7 @@ lasso_data_service_get_answers_by_select(LassoDataService *service, const char *
if (datas) {
lasso_extract_node_or_fail(data, datas->data, DST_DATA,
LASSO_ERROR_CAST_FAILED);
if (g_strcmp0(select, query_item->Select) != 0) {
if (lasso_strisnotequal(select,query_item->Select)) {
data = NULL;
rc = LASSO_DST_ERROR_QUERY_NOT_FOUND;
}
@ -443,7 +444,7 @@ lasso_data_service_get_answers_by_select(LassoDataService *service, const char *
while (iter) {
lasso_extract_node_or_fail(query_item, iter->data, DST_QUERY_ITEM,
LASSO_ERROR_CAST_FAILED);
if (g_strcmp0(query_item->Select, select) == 0) {
if (lasso_strisequal(query_item->Select,select)) {
break;
}
query_item = NULL;
@ -456,7 +457,7 @@ lasso_data_service_get_answers_by_select(LassoDataService *service, const char *
while (datas) {
lasso_extract_node_or_fail(data, datas->data, DST_DATA,
LASSO_ERROR_CAST_FAILED);
if (g_strcmp0(data->itemIDRef, query_item->itemID) == 0) {
if (lasso_strisequal(data->itemIDRef,query_item->itemID)) {
break;
}
data = NULL;
@ -509,7 +510,7 @@ lasso_data_service_get_answers_by_item_id(LassoDataService *service, const char
datas = query_response->Data;
while (datas) {
lasso_extract_node_or_fail(data, datas->data, DST_DATA, LASSO_ERROR_CAST_FAILED);
if (g_strcmp0(data->itemIDRef, item_id) == 0) {
if (lasso_strisequal(data->itemIDRef,item_id)) {
break;
}
data = NULL;
@ -1039,6 +1040,7 @@ lasso_data_service_apply_queries(LassoDataService *service, LassoDstQueryRespons
LassoWsfProfile *wsf_profile = NULL;
xmlDoc *doc = NULL;
xmlXPathContext *xpathCtx = NULL;
GList *query = NULL;
lasso_bad_param(DATA_SERVICE, service);
g_return_val_if_fail(service->private_data, LASSO_PARAM_ERROR_NON_INITIALIZED_OBJECT);
@ -1066,8 +1068,8 @@ lasso_data_service_apply_queries(LassoDataService *service, LassoDstQueryRespons
xpathCtx = xmlXPathNewContext(doc);
lasso_register_idwsf_xpath_namespaces(xpathCtx);
lasso_foreach (queries, queries) {
LassoDstQueryItem *item = queries->data;
lasso_foreach (query, queries) {
LassoDstQueryItem *item = query->data;
goto_cleanup_if_fail_with_rc(lasso_data_service_apply_query(service, query_response,
xpathCtx, item) == 0, query_response->Data ?

View File

@ -75,6 +75,7 @@
#include "../xml/saml_attribute_value.h"
#include "../xml/disco_modify.h"
#include "../xml/saml_assertion.h"
#include "../xml/idwsf_strings.h"
#include "../id-ff/server.h"
#include "../id-ff/provider.h"
@ -85,6 +86,7 @@
#include "./wsf_profile_private.h"
#include "./wsf_utils.h"
#include "../utils.h"
#include "./discovery.h"
struct _LassoDiscoveryPrivate
{

View File

@ -25,6 +25,7 @@
*/
#include "id_ff_extensions.h"
#include "../xml/idwsf_strings.h"
#include "id_ff_extensions_private.h"
#include "../xml/disco_description.h"
#include "../xml/disco_resource_offering.h"

View File

@ -23,6 +23,7 @@
*/
#include "./interaction_profile_service.h"
#include "../xml/idwsf_strings.h"
#include "./wsf_profile.h"
#include "../xml/soap-1.1/soap_detail.h"
#include "../xml/soap-1.1/soap_fault.h"

View File

@ -24,6 +24,7 @@
#include "../xml/private.h"
#include "./personal_profile_service.h"
#include "../xml/idwsf_strings.h"
#include "./data_service.h"
#include "./wsf_profile_private.h"
#include "./discovery.h"
@ -45,7 +46,7 @@ lasso_personal_profile_service_get_email(LassoPersonalProfileService *service)
xmlNode *xmlnode, *child;
xmlChar *msgAccount = NULL, *msgProvider = NULL;
char *email;
GList *answers = NULL;
GList *answers = NULL, *answer = NULL;
gint rc = 0;
g_return_val_if_fail(LASSO_IS_PERSONAL_PROFILE_SERVICE(service) == TRUE, NULL);
@ -53,9 +54,9 @@ lasso_personal_profile_service_get_email(LassoPersonalProfileService *service)
rc = lasso_data_service_get_answers_by_select(LASSO_DATA_SERVICE(service),
"/pp:PP/pp:MsgContact", &answers);
lasso_foreach(answers, answers)
lasso_foreach(answer, answers)
{
xmlnode = (xmlNode*)answers->data;
xmlnode = (xmlNode*)answer->data;
child = xmlnode->children;
while (child != NULL) {
if (child->type != XML_ELEMENT_NODE) {

View File

@ -35,6 +35,7 @@
#include "../utils.h"
#include "./wsf_profile.h"
#include "../xml/idwsf_strings.h"
#include "./wsf_profile_private.h"
#include "./discovery.h"
#include "./wsf_utils.h"
@ -989,12 +990,14 @@ lasso_wsf_profile_process_soap_response_msg(LassoWsfProfile *profile, const gcha
LASSO_WSF_PROFILE_ERROR_MISSING_CORRELATION);
/* Check message ID */
goto_cleanup_if_fail_with_rc(
g_strcmp0(lasso_wsf_profile_utils_get_message_id(
profile->soap_envelope_request),
lasso_wsf_profile_utils_get_ref_message_id(
profile->soap_envelope_response)) == 0,
LASSO_WSF_PROFILE_ERROR_INVALID_OR_MISSING_REFERENCE_TO_MESSAGE_ID);
{
const char *message_id =
lasso_wsf_profile_utils_get_message_id(profile->soap_envelope_request);
const char *ref_message_id =
lasso_wsf_profile_utils_get_ref_message_id(profile->soap_envelope_response);
goto_cleanup_if_fail_with_rc(lasso_strisequal(message_id, ref_message_id),
LASSO_WSF_PROFILE_ERROR_INVALID_OR_MISSING_REFERENCE_TO_MESSAGE_ID);
}
/* Signal soap fault specifically,
* find soap redirects. */

View File

@ -44,6 +44,7 @@
#include <string.h>
#include "../xml/strings.h"
#include "../xml/idwsf_strings.h"
/**
* lasso_security_mech_id_is_null_authentication:

View File

@ -286,23 +286,23 @@ void lasso_set_flag(char *flag) {
}
do {
if (g_strcmp0(flag, "verify-signature") == 0) {
if (lasso_strisequal(flag,"verify-signature")) {
lasso_flag_verify_signature = value;
continue;
}
if (g_strcmp0(flag,"memory-debug") == 0) {
if (lasso_strisequal(flag,"memory-debug")) {
lasso_flag_memory_debug = value;
continue;
}
if (g_strcmp0(flag,"strict-checking") == 0) {
if (lasso_strisequal(flag,"strict-checking")) {
lasso_flag_strict_checking = value;
continue;
}
if (g_strcmp0(flag,"add-signature") == 0) {
if (lasso_strisequal(flag,"add-signature")) {
lasso_flag_add_signature = value;
continue;
}
if (g_strcmp0(flag, "sign-messages") == 0) {
if (lasso_strisequal(flag,"sign-messages")) {
lasso_flag_sign_messages = value;
continue;
}

View File

@ -96,7 +96,8 @@ void lasso_registry_default_shutdown()
*
* Return value: TRUE if all field of record1 are equal to record2.
*/
gboolean lasso_registry_direct_mapping_equal(LassoRegistryDirectMappingRecord *record1, LassoRegistryDirectMappingRecord *record2)
gboolean lasso_registry_direct_mapping_equal(LassoRegistryDirectMappingRecord *record1,
LassoRegistryDirectMappingRecord *record2)
{
return record1->from_namespace == record2->from_namespace
&& record1->from_name == record2->from_name
@ -113,7 +114,8 @@ gboolean lasso_registry_direct_mapping_equal(LassoRegistryDirectMappingRecord *r
*
* Return value: TRUE if record1 is equal to record2
*/
gboolean lasso_registry_functional_mapping_equal(LassoRegistryFunctionalMappingRecord *record1, LassoRegistryFunctionalMappingRecord *record2)
gboolean lasso_registry_functional_mapping_equal(LassoRegistryFunctionalMappingRecord *record1,
LassoRegistryFunctionalMappingRecord *record2)
{
return record1->from_namespace == record2->from_namespace &&
record1->to_namespace == record2->to_namespace;

View File

@ -270,28 +270,20 @@ lasso_assertion_query_process_request_msg(LassoAssertionQuery *assertion_query,
LassoProfile *profile = NULL;
LassoSamlp2SubjectQueryAbstract *subject_query = NULL;
LassoSaml2Subject *subject = NULL;
int rc = 0, rc1 = 0, rc2 = 0;
int rc = 0;
g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query),
LASSO_PARAM_ERROR_INVALID_VALUE);
profile = LASSO_PROFILE(assertion_query);
rc1 = lasso_saml20_profile_process_soap_request(profile, request_msg);
lasso_check_good_rc(lasso_saml20_profile_process_soap_request(profile, request_msg));
lasso_extract_node_or_fail(subject_query, profile->request, SAMLP2_SUBJECT_QUERY_ABSTRACT,
LASSO_PROFILE_ERROR_INVALID_MSG);
lasso_extract_node_or_fail(subject, subject_query->Subject, SAML2_SUBJECT,
LASSO_PROFILE_ERROR_MISSING_SUBJECT);
lasso_check_good_rc(lasso_saml20_profile_process_name_identifier_decryption(profile, &subject->NameID, &subject->EncryptedID));
rc2 = lasso_saml20_profile_process_name_identifier_decryption(profile, &subject->NameID, &subject->EncryptedID);
rc = rc1;
if (rc == 0)
rc = rc2;
if (rc == 0)
rc = profile->signature_status;
cleanup:
return rc;
}
@ -384,16 +376,15 @@ lasso_assertion_query_process_response_msg(
LassoAssertionQuery *assertion_query,
gchar *response_msg)
{
LassoProfile *profile;
LassoSamlp2StatusResponse *response;
LassoProfile *profile = NULL;
LassoSamlp2StatusResponse *response = NULL;
int rc = 0;
lasso_bad_param(ASSERTION_QUERY, assertion_query);
profile = &assertion_query->parent;
response = (LassoSamlp2StatusResponse*)lasso_samlp2_response_new();
lasso_check_good_rc(lasso_saml20_profile_process_any_response(profile,
response, NULL, response_msg));
lasso_check_good_rc(lasso_saml20_profile_process_soap_response(profile,
response_msg));
cleanup:
lasso_release_gobject(response);
@ -415,8 +406,8 @@ lasso_assertion_query_lookup_attribute(LassoAssertionQuery *assertion_query, cha
lasso_foreach_full_begin(LassoSaml2Attribute*, attribute, it, query->Attribute)
{
if (LASSO_IS_SAML2_ATTRIBUTE(attribute) &&
g_strcmp0(attribute->NameFormat, format) == 0 &&
g_strcmp0(attribute->Name, name) == 0)
lasso_strisequal(attribute->NameFormat,format) &&
lasso_strisequal(attribute->Name,name))
{
result = attribute;
break;

View File

@ -112,24 +112,28 @@ cleanup:
static gboolean want_authn_request_signed(LassoProvider *provider) {
char *s;
gboolean rc = TRUE;
s = lasso_provider_get_metadata_one_for_role(provider, LASSO_PROVIDER_ROLE_IDP,
LASSO_SAML2_METADATA_ATTRIBUTE_WANT_AUTHN_REQUEST_SIGNED);
if (g_strcmp0(s, "false") == 0) {
return FALSE;
if (lasso_strisequal(s,"false")) {
rc = FALSE;
}
return TRUE;
lasso_release_string(s);
return rc;
}
static gboolean authn_request_signed(LassoProvider *provider) {
char *s;
gboolean rc = FALSE;
s = lasso_provider_get_metadata_one_for_role(provider, LASSO_PROVIDER_ROLE_SP,
LASSO_SAML2_METADATA_ATTRIBUTE_AUTHN_REQUEST_SIGNED);
if (g_strcmp0(s, "true") == 0) {
return TRUE;
if (lasso_strisequal(s,"true")) {
rc = TRUE;
}
return FALSE;
lasso_release_string(s);
return rc;
}
static gboolean
@ -243,8 +247,7 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login)
/* support old way of doing PAOS */
if (login->http_method == LASSO_HTTP_METHOD_SOAP
&& g_strcmp0(authn_request->ProtocolBinding,
LASSO_SAML2_METADATA_BINDING_PAOS) == 0) {
&& lasso_strisequal(authn_request->ProtocolBinding,LASSO_SAML2_METADATA_BINDING_PAOS)) {
login->http_method = LASSO_HTTP_METHOD_PAOS;
/* PAOS is special, the url passed to build_request is the AssertionConsumerServiceURL of
* this SP, not the destination. */
@ -279,7 +282,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
/* AuthnRequest already set by .._init_idp_initiated_authn_request, or from a
* previously failed call to process_authn_request that we retry. */
request = profile->request;
request = lasso_ref(profile->request);
} else {
request = lasso_samlp2_authn_request_new();
lasso_check_good_rc(lasso_saml20_profile_process_any_request(profile, request, authn_request_msg));
@ -332,15 +335,15 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
if (binding == NULL) {
if (service_index == -1)
return LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT;
} else if (g_strcmp0(binding, "HTTP-Artifact") == 0) {
} else if (lasso_strisequal(binding,"HTTP-Artifact")) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART;
} else if (g_strcmp0(binding, "HTTP-POST") == 0) {
} else if (lasso_strisequal(binding,"HTTP-POST")) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST;
} else if (g_strcmp0(binding, "HTTP-Redirect") == 0) {
} else if (lasso_strisequal(binding,"HTTP-Redirect")) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT;
} else if (g_strcmp0(binding, "SOAP") == 0) {
} else if (lasso_strisequal(binding,"SOAP")) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
} else if (g_strcmp0(binding, "PAOS") == 0) {
} else if (lasso_strisequal(binding,"PAOS")) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
}
lasso_release_string(binding);
@ -352,17 +355,16 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
remote_provider,
authn_request->AssertionConsumerServiceURL);
}
if (g_strcmp0(protocol_binding, LASSO_SAML2_METADATA_BINDING_ARTIFACT) == 0) {
if (lasso_strisequal(protocol_binding,LASSO_SAML2_METADATA_BINDING_ARTIFACT)) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART;
} else if (g_strcmp0(protocol_binding, LASSO_SAML2_METADATA_BINDING_POST) == 0) {
} else if (lasso_strisequal(protocol_binding,LASSO_SAML2_METADATA_BINDING_POST)) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST;
} else if (g_strcmp0(protocol_binding, LASSO_SAML2_METADATA_BINDING_SOAP) == 0) {
} else if (lasso_strisequal(protocol_binding,LASSO_SAML2_METADATA_BINDING_SOAP)) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
} else if (g_strcmp0(protocol_binding,
LASSO_SAML2_METADATA_BINDING_REDIRECT) == 0) {
} else if (lasso_strisequal(protocol_binding,LASSO_SAML2_METADATA_BINDING_REDIRECT)) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT;
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE);
} else if (g_strcmp0(protocol_binding, LASSO_SAML2_METADATA_BINDING_PAOS) == 0) {
} else if (lasso_strisequal(protocol_binding,LASSO_SAML2_METADATA_BINDING_PAOS)) {
login->protocolProfile = LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP;
} else {
rc = LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE;
@ -383,6 +385,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
lasso_saml20_profile_init_response(profile, response,
status1, status2);
cleanup:
lasso_release_gobject(request);
lasso_release_gobject(response);
return rc;
}
@ -410,15 +413,15 @@ lasso_saml20_login_must_authenticate(LassoLogin *login)
GList *t1, *t2;
int compa;
if (comparison == NULL || g_strcmp0(comparison, "exact") == 0) {
if (comparison == NULL || lasso_strisequal(comparison,"exact")) {
compa = 0;
} else if (g_strcmp0(comparison, "minimum") == 0) {
} else if (lasso_strisequal(comparison,"minimum")) {
message(G_LOG_LEVEL_CRITICAL, "'minimum' comparison is not implemented");
compa = 0;
} else if (g_strcmp0(comparison, "better") == 0) {
} else if (lasso_strisequal(comparison,"better")) {
message(G_LOG_LEVEL_CRITICAL, "'better' comparison is not implemented");
compa = 0;
} else if (g_strcmp0(comparison, "maximum") == 0) {
} else if (lasso_strisequal(comparison,"maximum")) {
message(G_LOG_LEVEL_CRITICAL, "'maximum' comparison is not implemented");
compa = 0;
}
@ -458,7 +461,7 @@ lasso_saml20_login_must_authenticate(LassoLogin *login)
method = as->AuthnContext->AuthnContextClassRef;
if (compa == 0) { /* exact */
if (g_strcmp0(method, class_ref) == 0) {
if (lasso_strisequal(method,class_ref)) {
matched = TRUE;
break;
}
@ -506,7 +509,7 @@ lasso_saml20_login_must_ask_for_consent_private(LassoLogin *login)
if (name_id_policy) {
char *format = name_id_policy->Format;
if (g_strcmp0(format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) == 0) {
if (lasso_strisequal(format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT)) {
goto_cleanup_with_rc (FALSE)
}
if (name_id_policy->AllowCreate == FALSE) {
@ -533,22 +536,22 @@ lasso_saml20_login_must_ask_for_consent_private(LassoLogin *login)
if (consent == NULL)
goto_cleanup_with_rc (FALSE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_OBTAINED) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_OBTAINED))
goto_cleanup_with_rc (FALSE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_PRIOR) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_PRIOR))
goto_cleanup_with_rc (FALSE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_IMPLICIT) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_IMPLICIT))
goto_cleanup_with_rc (FALSE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_EXPLICIT) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_EXPLICIT))
goto_cleanup_with_rc (FALSE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_UNAVAILABLE) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_UNAVAILABLE))
goto_cleanup_with_rc (TRUE)
if (g_strcmp0(consent, LASSO_SAML2_CONSENT_INAPPLICABLE) == 0)
if (lasso_strisequal(consent,LASSO_SAML2_CONSENT_INAPPLICABLE))
goto_cleanup_with_rc (TRUE)
cleanup:
@ -651,8 +654,7 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt
if (lasso_saml20_login_must_ask_for_consent_private(login) && !is_consent_obtained) {
goto_cleanup_with_rc (LASSO_LOGIN_ERROR_CONSENT_NOT_OBTAINED)
}
if (g_strcmp0(name_id_policy_format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) != 0) {
if (lasso_strisnotequal(name_id_policy_format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT)) {
/* non persistent case, TRANSIENT is handled by lasso_login_build_assertion() and
* other format are the sole responsibility of the caller */
goto_cleanup_with_rc (0)
@ -760,6 +762,12 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
assertion->Subject->SubjectConfirmation->SubjectConfirmationData =
LASSO_SAML2_SUBJECT_CONFIRMATION_DATA(
lasso_saml2_subject_confirmation_data_new());
lasso_assign_string(
assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotBefore,
notBefore);
lasso_assign_string(
assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter,
notOnOrAfter);
/* If request is present, refer to it in the response */
if (authn_request) {
@ -776,8 +784,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
name_id_policy = authn_request->NameIDPolicy;
}
/* TRANSIENT */
if (!name_id_policy || g_strcmp0(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT) == 0) {
if (!name_id_policy || name_id_policy->Format == NULL ||
lasso_strisequal(name_id_policy->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED) ||
lasso_strisequal(name_id_policy->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT)) {
char *id = lasso_build_unique_id(32);
name_id = (LassoSaml2NameID*)lasso_saml2_name_id_new_with_string(id);
@ -787,18 +796,18 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
lasso_assign_string(name_id->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT);
assertion->Subject->NameID = name_id;
/* FEDERATED */
} else if (g_strcmp0(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) == 0 ||
g_strcmp0(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED) == 0) {
} else if (lasso_strisequal(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) ||
lasso_strisequal(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED))
{
LassoFederation *federation;
federation = _lasso_login_saml20_get_federation(login);
goto_cleanup_if_fail_with_rc(federation != NULL,
LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND);
if (g_strcmp0(name_id_policy->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED) == 0) {
if (lasso_strisequal(name_id_policy->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENCRYPTED)) {
do_encrypt_nameid = TRUE;
}
lasso_assign_gobject(assertion->Subject->NameID,
@ -1106,7 +1115,7 @@ lasso_saml20_login_check_assertion_signature(LassoLogin *login,
if (! Issuer || /* No issuer */
! Issuer->content || /* No issuer content */
(Issuer->Format &&
g_strcmp0(Issuer->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY) != 0))
lasso_strisnotequal(Issuer->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY)))
/* Issuer format is not entity */
{
rc = LASSO_PROFILE_ERROR_MISSING_ISSUER;
@ -1154,7 +1163,7 @@ _lasso_check_assertion_issuer(LassoSaml2Assertion *assertion, const gchar *provi
if (! assertion->Issuer || ! assertion->Issuer->content)
return FALSE;
return g_strcmp0(assertion->Issuer->content, provider_id) == 0;
return lasso_strisequal(assertion->Issuer->content,provider_id);
}
static gint
@ -1235,21 +1244,19 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
}
status_value = response->Status->StatusCode->Value;
if (status_value && g_strcmp0(status_value, LASSO_SAML2_STATUS_CODE_SUCCESS) != 0) {
if (g_strcmp0(status_value, LASSO_SAML2_STATUS_CODE_REQUEST_DENIED) == 0)
if (status_value && lasso_strisnotequal(status_value,LASSO_SAML2_STATUS_CODE_SUCCESS)) {
if (lasso_strisequal(status_value,LASSO_SAML2_STATUS_CODE_REQUEST_DENIED))
return LASSO_LOGIN_ERROR_REQUEST_DENIED;
if (g_strcmp0(status_value, LASSO_SAML2_STATUS_CODE_RESPONDER) == 0 ||
g_strcmp0(status_value, LASSO_SAML2_STATUS_CODE_REQUESTER)) {
if (lasso_strisequal(status_value,LASSO_SAML2_STATUS_CODE_RESPONDER) ||
lasso_strisequal(status_value,LASSO_SAML2_STATUS_CODE_REQUESTER)) {
/* samlp:Responder */
if (response->Status->StatusCode->StatusCode &&
response->Status->StatusCode->StatusCode->Value) {
status_value = response->Status->StatusCode->StatusCode->Value;
if (g_strcmp0(status_value,
LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST) == 0) {
if (lasso_strisequal(status_value,LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST)) {
return LASSO_LOGIN_ERROR_FEDERATION_NOT_FOUND;
}
if (g_strcmp0(status_value,
LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL) == 0) {
if (lasso_strisequal(status_value,LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL)) {
return LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL;
}
}
@ -1292,7 +1299,7 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
if (login->private_data->request_id) {
const char *in_response_to = lasso_saml2_assertion_get_in_response_to(assertion);
if (g_strcmp0(in_response_to, login->private_data->request_id) != 0) {
if (lasso_strisnotequal(in_response_to,login->private_data->request_id)) {
rc = LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID;
goto cleanup;
}
@ -1349,7 +1356,7 @@ lasso_saml20_login_accept_sso(LassoLogin *login)
ta = t->data;
if (g_strcmp0(ta->ID, assertion->ID) == 0) {
if (lasso_strisequal(ta->ID,assertion->ID)) {
lasso_release_list(previous_assertions);
return LASSO_LOGIN_ERROR_ASSERTION_REPLAY;
}
@ -1367,8 +1374,7 @@ lasso_saml20_login_accept_sso(LassoLogin *login)
/* create federation, only if nameidentifier format is Federated */
if (ni && ni->Format
&& g_strcmp0(ni->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT) == 0) {
&& lasso_strisequal(ni->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT)) {
federation = lasso_federation_new(LASSO_PROFILE(login)->remote_providerID);
lasso_assign_gobject(federation->local_nameIdentifier, ni);

View File

@ -121,7 +121,7 @@ lasso_saml20_logout_process_request_msg(LassoLogout *logout, char *request_msg)
{
LassoProfile *profile = NULL;
LassoSamlp2LogoutRequest *logout_request = NULL;
int rc1 = 0, rc2 = 0;
int rc1 = 0, rc2 = 0, rc = 0;
lasso_bad_param(LOGOUT, logout);
lasso_null_param(request_msg);
@ -130,26 +130,19 @@ lasso_saml20_logout_process_request_msg(LassoLogout *logout, char *request_msg)
logout_request = (LassoSamlp2LogoutRequest*) lasso_samlp2_logout_request_new();
rc1 = lasso_saml20_profile_process_any_request(profile, (LassoNode*)logout_request,
request_msg);
goto_cleanup_if_fail_with_rc(rc1 == 0, rc1);
logout_request = (LassoSamlp2LogoutRequest*)profile->request;
if (rc1 && ! logout_request) {
return rc1;
}
/* remember initial request method, for setting it for generating response */
logout->initial_http_request_method = profile->http_request_method;
rc2 = lasso_saml20_profile_process_name_identifier_decryption(profile,
&logout_request->NameID,
&logout_request->EncryptedID);
goto_cleanup_if_fail_with_rc(rc2 == 0, rc2);
lasso_check_good_rc(lasso_saml20_profile_check_signature_status(profile));
cleanup:
lasso_release_gobject(logout_request);
if (profile->signature_status) {
return profile->signature_status;
}
if (rc1) {
return rc1;
}
return rc2;
return rc;
}
int
@ -182,13 +175,6 @@ lasso_saml20_logout_validate_request(LassoLogout *logout)
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_SUCCESS, NULL));
/* verify signature status */
if (profile->signature_status != 0) {
lasso_saml20_profile_set_response_status_requester(profile,
LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE);
return profile->signature_status;
}
/* Get the name identifier */
name_id = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request)->NameID;
if (name_id == NULL) {
@ -236,7 +222,7 @@ lasso_saml20_logout_validate_request(LassoLogout *logout)
}
assertion_SessionIndex =
((LassoSaml2AuthnStatement*)assertion->AuthnStatement->data)->SessionIndex;
if (g_strcmp0(logout_request->SessionIndex, assertion_SessionIndex) != 0) {
if (lasso_strisnotequal(logout_request->SessionIndex,assertion_SessionIndex)) {
lasso_saml20_profile_set_response_status_responder(profile,
LASSO_SAML2_STATUS_CODE_REQUEST_DENIED);
return LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL;
@ -346,9 +332,16 @@ lasso_saml20_logout_build_response_msg(LassoLogout *logout)
if (! LASSO_IS_SAMLP2_STATUS_RESPONSE(profile->response)) {
/* no response set here means request denied */
response = (LassoSamlp2StatusResponse*) lasso_samlp2_logout_response_new();
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_RESPONDER,
LASSO_SAML2_STATUS_CODE_REQUEST_DENIED));
/* verify signature status */
if (lasso_saml20_profile_check_signature_status(profile) != 0) {
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_REQUESTER,
LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE));
} else {
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_RESPONDER,
LASSO_SAML2_STATUS_CODE_REQUEST_DENIED));
}
}
/* build logout response message */
@ -375,6 +368,13 @@ lasso_saml20_logout_process_response_msg(LassoLogout *logout, const char *respon
lasso_check_good_rc(lasso_saml20_profile_process_any_response(profile, response,
&response_method, response_msg));
/* only if asked we report, otherwise we do not care */
if (profile->signature_status && lasso_profile_get_signature_verify_hint(profile) ==
LASSO_PROFILE_SIGNATURE_HINT_FORCE)
{
goto_cleanup_with_rc(profile->signature_status);
}
remote_provider = lasso_server_get_provider(logout->parent.server,
logout->parent.remote_providerID);
goto_cleanup_if_fail_with_rc(LASSO_IS_PROVIDER(remote_provider),
@ -392,11 +392,11 @@ cleanup:
value = sub_status_code->Value;
if (g_strcmp0(value, LASSO_SAML2_STATUS_CODE_REQUEST_DENIED) == 0) {
if (lasso_strisequal(value,LASSO_SAML2_STATUS_CODE_REQUEST_DENIED)) {
rc = LASSO_LOGOUT_ERROR_REQUEST_DENIED;
break;
}
if (g_strcmp0(value, LASSO_SAML2_STATUS_CODE_UNKNOWN_PRINCIPAL) == 0) {
if (lasso_strisequal(value,LASSO_SAML2_STATUS_CODE_UNKNOWN_PRINCIPAL)) {
rc = LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL;
break;
}

View File

@ -159,38 +159,25 @@ gint
lasso_name_id_management_process_request_msg(LassoNameIdManagement *name_id_management,
char *request_msg)
{
int rc1 = 0, rc2 = 0;
LassoProfile *profile = NULL;
LassoSamlp2ManageNameIDRequest *request = NULL;
int rc = 0;
lasso_bad_param(NAME_ID_MANAGEMENT, name_id_management);
lasso_null_param(request_msg);
/* Parsing */
profile = LASSO_PROFILE(name_id_management);
request = (LassoSamlp2ManageNameIDRequest*)lasso_samlp2_manage_name_id_request_new();
rc1 = lasso_saml20_profile_process_any_request(profile,
lasso_check_good_rc(lasso_saml20_profile_process_any_request(profile,
(LassoNode*)request,
request_msg);
if (! LASSO_IS_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request)) {
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
}
/* NameID treatment */
rc2 = lasso_saml20_profile_process_name_identifier_decryption(profile,
&request->NameID, &request->EncryptedID);
request_msg));
lasso_check_good_rc(lasso_saml20_profile_process_name_identifier_decryption(profile,
&request->NameID, &request->EncryptedID));
lasso_check_good_rc(lasso_saml20_profile_check_signature_status(profile));
cleanup:
lasso_release_gobject(request);
if (profile->signature_status) {
return profile->signature_status;
}
if (rc1)
return rc1;
if (rc2)
return rc2;
return 0;
return rc;
}
@ -303,6 +290,7 @@ lasso_name_id_management_build_response_msg(LassoNameIdManagement *name_id_manag
{
LassoProfile *profile = NULL;
LassoSamlp2StatusResponse *response;
int rc = 0;
lasso_bad_param(NAME_ID_MANAGEMENT, name_id_management);
profile = &name_id_management->parent;
@ -310,13 +298,22 @@ lasso_name_id_management_build_response_msg(LassoNameIdManagement *name_id_manag
/* no response set here means request denied */
if (! LASSO_IS_SAMLP2_STATUS_RESPONSE(profile->response)) {
response = (LassoSamlp2StatusResponse*)lasso_samlp2_manage_name_id_response_new();
lasso_saml20_profile_init_response(profile, response, LASSO_SAML2_STATUS_CODE_RESPONDER,
LASSO_SAML2_STATUS_CODE_REQUEST_DENIED);
if (lasso_saml20_profile_check_signature_status(profile)) {
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_REQUESTER,
LASSO_LIB_STATUS_CODE_INVALID_SIGNATURE));
} else {
lasso_check_good_rc(lasso_saml20_profile_init_response(profile, response,
LASSO_SAML2_STATUS_CODE_RESPONDER,
LASSO_SAML2_STATUS_CODE_REQUEST_DENIED));
}
lasso_release_gobject(response);
}
/* use the same binding as for the request */
return lasso_saml20_profile_build_response_msg(profile, "ManageNameIDService", profile->http_request_method, NULL);
rc = lasso_saml20_profile_build_response_msg(profile, "ManageNameIDService", profile->http_request_method, NULL);
cleanup:
return rc;
}
@ -348,7 +345,7 @@ lasso_name_id_management_process_response_msg(
lasso_check_good_rc(lasso_saml20_profile_process_any_response(profile, response, NULL, response_msg));
/* Stop here if signature validation failed. */
goto_cleanup_if_fail_with_rc(profile->signature_status == 0, profile->signature_status);
lasso_check_good_rc(lasso_saml20_profile_check_signature_status(profile));
if (LASSO_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request)->Terminate) {
lasso_identity_remove_federation(profile->identity, profile->remote_providerID);
@ -530,7 +527,7 @@ lasso_name_id_management_new_from_dump(LassoServer *server, const char *dump)
*
* Dumps @name_id_management content to an XML string.
*
* Return value: the dump string. It must be freed by the caller.
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_name_id_management_dump(LassoNameIdManagement *name_id_management)

View File

@ -605,8 +605,9 @@ cleanup:
* validation fails no error code will be returned, you must explicitely verify the
* profile->signature_status code.
*
* Return value: 0 if parsing is successful (even if signature validation fails), and error code
* otherwise.
* Return value: 0 if parsing is successful (even if signature validation fails), and otherwise,
* LASSO_PROFILE_ERROR_INVALID_MSG, LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE, *
* LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
*/
int
lasso_saml20_profile_process_any_request(LassoProfile *profile,
@ -704,13 +705,15 @@ lasso_saml20_profile_process_soap_request(LassoProfile *profile,
remote_provider, request_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
rc = profile->signature_status;
break;
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
break;
default:
g_assert(0);
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST:
g_assert_not_reached();
break;
}
cleanup:
@ -1245,6 +1248,11 @@ lasso_saml20_profile_build_response_msg(LassoProfile *profile, char *service,
}
}
if (url) {
lasso_assign_string(((LassoSamlp2StatusResponse*)profile->response)->Destination,
url);
}
switch (method) {
case LASSO_HTTP_METHOD_POST:
rc = lasso_saml20_profile_build_post_response_msg(profile, url);
@ -1276,7 +1284,9 @@ _lasso_saml20_is_valid_issuer(LassoSaml2NameID *name_id) {
if (! LASSO_IS_SAML2_NAME_ID(name_id))
return FALSE;
if (name_id->Format && g_strcmp0(name_id->Format, LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY) != 0) {
if (name_id->Format &&
lasso_strisnotequal(name_id->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY))
{
return FALSE;
}
return TRUE;
@ -1377,8 +1387,7 @@ lasso_saml20_profile_process_any_response(LassoProfile *profile,
LASSO_PROFILE_ERROR_MISSING_STATUS_CODE);
lasso_extract_node_or_fail(status_code1, status->StatusCode, SAMLP2_STATUS_CODE,
LASSO_PROFILE_ERROR_MISSING_STATUS_CODE);
if (g_strcmp0(status_code1->Value,
LASSO_SAML2_STATUS_CODE_SUCCESS) != 0)
if (lasso_strisnotequal(status_code1->Value,LASSO_SAML2_STATUS_CODE_SUCCESS))
{
LassoSamlp2StatusCode *status_code2 = status_code1->StatusCode;
rc = LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS;
@ -1604,3 +1613,28 @@ lasso_saml20_profile_setup_encrypted_node(LassoProvider *provider,
lasso_release_gobject(*node_to_encrypt);
return 0;
}
/**
* Check the profile->signature_status flag, if signature validation is activated, report it as an
* error, if not not return 0.
*/
int
lasso_saml20_profile_check_signature_status(LassoProfile *profile) {
int rc = 0;
if (profile->signature_status) {
switch (lasso_profile_get_signature_verify_hint(profile)) {
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
rc = profile->signature_status;
break;
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
break;
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST:
g_assert_not_reached();
break;
}
}
return rc;
}

View File

@ -78,6 +78,7 @@ gint lasso_profile_saml20_setup_message_signature(LassoProfile *profile,
gint lasso_saml20_profile_setup_encrypted_node(LassoProvider *provider,
LassoNode **node_to_encrypt, LassoNode **node_destination);
int lasso_saml20_profile_setup_subject(LassoProfile *profile, LassoSaml2Subject *subject);
int lasso_saml20_profile_check_signature_status(LassoProfile *profile);
#ifdef __cplusplus
}

View File

@ -186,10 +186,10 @@ compare_endpoint_type(const EndpointType *a, const EndpointType *b) {
return -1;
if (a->role > b->role)
return +1;
c = g_strcmp0(a->kind, b->kind);
c = g_strcmp0(a->kind,b->kind);
if (c != 0)
return c;
c = g_strcmp0(a->binding, b->binding);
c = g_strcmp0(a->binding,b->binding);
if (c != 0)
return c;
if (a->is_default && ! b->is_default)
@ -347,7 +347,7 @@ load_descriptor(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole rol
break;
token = strtok_r(NULL, " ", &saveptr);
}
if (g_strcmp0(token, LASSO_SAML2_PROTOCOL_HREF) != 0) {
if (lasso_strisnotequal(token,LASSO_SAML2_PROTOCOL_HREF)) {
lasso_release_xml_string(value);
return FALSE;
}
@ -507,7 +507,7 @@ lasso_saml20_provider_get_first_http_method(G_GNUC_UNUSED LassoProvider *provide
lasso_foreach(t, remote_provider->private_data->endpoints) {
EndpointType *endpoint_type = (EndpointType*)t->data;
if (endpoint_type && g_strcmp0(endpoint_type->kind, kind) == 0) {
if (endpoint_type && lasso_strisequal(endpoint_type->kind, kind)) {
result = binding_uri_to_http_method(endpoint_type->binding);
if (result) break;
}
@ -535,7 +535,7 @@ lasso_saml20_provider_accept_http_method(G_GNUC_UNUSED LassoProvider *provider,
lasso_foreach(t, remote_provider->private_data->endpoints) {
EndpointType *endpoint_type = (EndpointType*)t->data;
if (endpoint_type && endpoint_type->role == remote_provider->role &&
g_strcmp0(endpoint_type->kind, kind) == 0) {
lasso_strisequal(endpoint_type->kind, kind)) {
if (binding_uri_to_http_method(endpoint_type->binding) == http_method) {
return TRUE;
}
@ -550,11 +550,11 @@ lasso_saml20_provider_check_assertion_consumer_service_url(LassoProvider *provid
{
GList *t = NULL;
lasso_foreach (provider->private_data->endpoints, t) {
lasso_foreach (t, provider->private_data->endpoints) {
EndpointType *endpoint_type = (EndpointType*) t->data;
if (endpoint_type && endpoint_type->role == LASSO_PROVIDER_ROLE_SP
&& g_strcmp0(endpoint_type->url, url) == 0
&& g_strcmp0(endpoint_type->binding, binding) == 0)
&& lasso_strisequal(endpoint_type->url,url)
&& lasso_strisequal(endpoint_type->binding,binding))
{
return TRUE;
}
@ -569,7 +569,7 @@ static gboolean match_any(const char *key, const char *array[]) {
const char **t = array;
while (*t) {
if (g_strcmp0(key, *t) == 0) {
if (lasso_strisequal(key,*t)) {
return TRUE;
}
t++;
@ -590,7 +590,7 @@ lasso_saml20_provider_get_assertion_consumer_service(LassoProvider *provider, in
if (! endpoint_type)
continue;
if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
g_strcmp0(endpoint_type->kind, kind) == 0 &&
lasso_strisequal(endpoint_type->kind,kind) &&
endpoint_type->index == service_id)
{
result = endpoint_type;
@ -603,7 +603,7 @@ lasso_saml20_provider_get_assertion_consumer_service(LassoProvider *provider, in
if (! endpoint_type)
continue;
if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
g_strcmp0(endpoint_type->kind, kind) == 0 &&
lasso_strisequal(endpoint_type->kind,kind) &&
match_any(endpoint_type->binding,
supported_assertion_consumer_bindings))
{
@ -651,8 +651,8 @@ lasso_saml20_provider_get_assertion_consumer_service_binding_by_url(LassoProvide
if (! endpoint_type)
continue;
if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
g_strcmp0(endpoint_type->kind, kind) == 0 &&
g_strcmp0(endpoint_type->url, url) == 0)
lasso_strisequal(endpoint_type->kind,kind) &&
lasso_strisequal(endpoint_type->url,url))
{
return endpoint_type->binding;
}
@ -672,8 +672,8 @@ lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvide
if (! endpoint_type)
continue;
if (endpoint_type->role == LASSO_PROVIDER_ROLE_SP &&
g_strcmp0(endpoint_type->kind, kind) == 0 &&
g_strcmp0(endpoint_type->binding, binding) == 0)
lasso_strisequal(endpoint_type->kind,kind) &&
lasso_strisequal(endpoint_type->binding,binding))
{
return endpoint_type->url;
}

View File

@ -87,7 +87,7 @@ lasso_saml2_assertion_is_audience_restricted(LassoSaml2Assertion *saml2_assertio
if (LASSO_IS_SAML2_AUDIENCE_RESTRICTION(it->data)) {
LassoSaml2AudienceRestriction *saml2_audience_restriction;
saml2_audience_restriction = (LassoSaml2AudienceRestriction*)it->data;
if (g_strcmp0(saml2_audience_restriction->Audience, providerID) == 0)
if (lasso_strisequal(saml2_audience_restriction->Audience,providerID))
return TRUE;
}
}
@ -564,7 +564,7 @@ lasso_saml2_assertion_allows_proxying_to(LassoSaml2Assertion *saml2_assertion, c
return LASSO_SAML2_ASSERTION_VALID;
/* FIXME: Change saml2:ProxyRestriction class */
if (g_strcmp0(proxy_restriction->Audience, audience) != 0) {
if (lasso_strisnotequal(proxy_restriction->Audience,audience)) {
return LASSO_SAML2_ASSERTION_INVALID;
}
@ -597,7 +597,7 @@ lasso_saml2_assertion_validate_audience(LassoSaml2Assertion *saml2_assertion,
lasso_foreach_full_begin (LassoSaml2AudienceRestriction*, saml2_audience_restriction, it,
saml2_conditions->AudienceRestriction)
did_audience = TRUE;
if (g_strcmp0(saml2_audience_restriction->Audience, audience) == 0) {
if (lasso_strisequal(saml2_audience_restriction->Audience,audience)) {
found_audience = TRUE;
}
lasso_foreach_full_end()
@ -654,10 +654,11 @@ lasso_saml2_assertion_get_issuer_provider(const LassoSaml2Assertion *saml2_asser
g_return_val_if_fail (LASSO_IS_SAML2_ASSERTION (saml2_assertion), NULL);
issuer = saml2_assertion->Issuer;
g_return_val_if_fail (LASSO_IS_SAML2_NAME_ID (issuer), NULL);
g_return_val_if_fail (issuer->Format == NULL || g_strcmp0(issuer->Format,
LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY) == 0, NULL);
g_return_val_if_fail (issuer->Format == NULL ||
lasso_strisequal(issuer->Format,LASSO_SAML2_NAME_IDENTIFIER_FORMAT_ENTITY),
NULL);
g_return_val_if_fail (LASSO_IS_SERVER(server), NULL);
if (g_strcmp0(server->parent.ProviderID, issuer->content) == 0) {
if (lasso_strisequal(server->parent.ProviderID,issuer->content)) {
return (LassoProvider*)&server->parent;
}
return lasso_server_get_provider (server, issuer->content);

View File

@ -477,11 +477,6 @@
#define lasso_null_param(name) \
g_return_val_if_fail(name != NULL, LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
inline static gboolean
lasso_is_empty_string(const char *str) {
return ((str) == NULL || (str)[0] == '\0');
}
/**
* lasso_check_non_empty_string:
* @str: a char pointer
@ -490,7 +485,7 @@ lasso_is_empty_string(const char *str) {
* LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ.
*/
#define lasso_check_non_empty_string(str) \
goto_cleanup_if_fail_with_rc(! lasso_is_empty_string(str), \
goto_cleanup_if_fail_with_rc(! lasso_strisempty(str), \
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
/*
@ -659,4 +654,22 @@ GObject * lasso_extract_gtype_from_list_or_new(GType type, GList **list, gboolea
fprintf(stderr, ## args); \
}
/* Lasso string data helpers */
inline static gboolean
lasso_strisequal(const char *a, const char *b) {
return (g_strcmp0(a,b) == 0);
}
inline static gboolean
lasso_strisnotequal(const char *a, const char *b) {
return ! lasso_strisequal(a,b);
}
inline static gboolean
lasso_strisempty(const char *str) {
return ((str) == NULL || (str)[0] == '\0');
}
inline static gboolean
lasso_xmlstrisnotequal(const xmlChar *a, const xmlChar *b) {
return lasso_strisnotequal((char*)a, (char*)b);
}
#endif /* __LASSO_UTILS_H__ */

View File

@ -76,6 +76,7 @@ WSF_C_FILES = \
utility_status.c
WSF_H_FILES = \
idwsf_strings.h \
disco_authenticate_requester.h \
disco_authenticate_session_context.h \
disco_authorize_requester.h \
@ -193,7 +194,6 @@ liblasso_xml_la_SOURCES = \
liblassoinclude_HEADERS = \
strings.h \
idwsf_strings.h \
xml.h \
ds_key_info.h \
ds_key_value.h \

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_authenticate_requester.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_authenticate_requester

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_authenticate_session_context.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_authenticate_session_context

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_authorize_requester.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_authorize_requester

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_credentials.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_credentials

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_description.h"
#include "./idwsf_strings.h"
#include "../id-wsf/wsf_utils.h"
#include "../utils.h"

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_encrypt_resource_id.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_encrypt_resource_id

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_encrypted_resource_id.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_encrypted_resource_id

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_generate_bearer_token.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_generate_bearer_token

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_insert_entry.h"
#include "./idwsf_strings.h"
#include "../utils.h"
/**

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_modify.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_modify

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_modify_response.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_modify_response

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_options.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_options

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_query.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_query

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_query_response.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_query_response

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_remove_entry.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_remove_entry

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_requested_service_type.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_requested_service_type

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_resource_id.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_resource_id

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_resource_offering.h"
#include "./idwsf_strings.h"
#include "../utils.h"
/**

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_send_single_logout.h"
#include "./idwsf_strings.h"
#include "../registry.h"
/**

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "disco_service_instance.h"
#include "./idwsf_strings.h"
/**
* SECTION:disco_service_instance

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_data.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_data

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_modification.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_modification

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_modify.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_modify

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_modify_response.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_modify_response

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_new_data.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_new_data

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_query.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_query

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_query_item.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_query_item

View File

@ -24,6 +24,7 @@
#include "private.h"
#include "dst_query_response.h"
#include "./idwsf_strings.h"
/**
* SECTION:dst_query_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_abstract.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_abstract

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_endpoint_context.h"
#include "./idwsf2_strings.h"
#include "sbf_framework.h"
/**

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_keys.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_keys

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_options.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_options

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_provider_id.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_provider_id

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_query.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_query

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_query_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_query_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_requested_service.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_requested_service

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_security_context.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_security_context

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_service_context.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_service_context

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_service_type.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_service_type

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_add.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_add

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_add_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_add_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_delete.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_delete

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_delete_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_delete_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_query.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_query

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_association_query_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_association_query_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_delete.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_delete

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_delete_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_delete_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_query.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_query

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_query_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_query_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_register.h"
#include "./idwsf2_strings.h"
#include "disco_svc_metadata.h"
/**

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_register_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_register_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_replace.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_replace

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_md_replace_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:disco_svc_md_replace_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "disco_svc_metadata.h"
#include "./idwsf2_strings.h"
#include "disco_endpoint_context.h"
#include "disco_service_context.h"

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "dst_data_response_base.h"
#include "./idwsf2_strings.h"
/**
* SECTION:dst_data_response_base

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "dst_delete_item_base.h"
#include "./idwsf2_strings.h"
/**
* SECTION:dst_delete_item_base

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "dst_delete_response.h"
#include "./idwsf2_strings.h"
/**
* SECTION:dst_delete_response

View File

@ -24,6 +24,7 @@
#include "../private.h"
#include "dst_request.h"
#include "./idwsf2_strings.h"
/**
* SECTION:dst_request

Some files were not shown because too many files have changed in this diff Show More