lasso_identity_get_federation() & lasso_identity_add_federation() methods
make now a copy of the federation object.
This commit is contained in:
parent
12c0f0c478
commit
33ebd74c07
|
@ -153,7 +153,8 @@ lasso_federation_termination_init_notification(LassoFederationTermination *defed
|
|||
default:
|
||||
message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n");
|
||||
}
|
||||
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
if(!nameIdentifier) {
|
||||
message(G_LOG_LEVEL_CRITICAL, "Name identifier not found for %s\n", profile->remote_providerID);
|
||||
codeError = -1;
|
||||
|
@ -272,6 +273,7 @@ lasso_federation_termination_process_notification(LassoFederationTermination *de
|
|||
message(G_LOG_LEVEL_WARNING, "No name identifier for %s\n", profile->remote_providerID);
|
||||
return(-1);
|
||||
}
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
/* remove federation of the remote provider */
|
||||
lasso_identity_remove_federation(profile->identity, profile->remote_providerID);
|
||||
|
|
|
@ -80,18 +80,18 @@ lasso_identity_add_federation(LassoIdentity *identity,
|
|||
gboolean found = FALSE;
|
||||
int i;
|
||||
|
||||
g_return_val_if_fail(identity != NULL, -1);
|
||||
g_return_val_if_fail(LASSO_IS_IDENTITY(identity), -1);
|
||||
g_return_val_if_fail(remote_providerID != NULL, -2);
|
||||
g_return_val_if_fail(federation != NULL, -3);
|
||||
g_return_val_if_fail(LASSO_IS_FEDERATION(federation), -3);
|
||||
|
||||
/* add the remote provider id if not already saved */
|
||||
for(i = 0; i<identity->providerIDs->len; i++) {
|
||||
for (i = 0; i<identity->providerIDs->len; i++) {
|
||||
if(xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
|
||||
found = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if(found == TRUE) {
|
||||
if (found == TRUE) {
|
||||
debug("A federation existed already for this providerID, it was replaced by the new one.\n");
|
||||
}
|
||||
else {
|
||||
|
@ -99,7 +99,8 @@ lasso_identity_add_federation(LassoIdentity *identity,
|
|||
}
|
||||
|
||||
/* add the federation, replace if one already exists */
|
||||
g_hash_table_insert(identity->federations, g_strdup(remote_providerID), federation);
|
||||
g_hash_table_insert(identity->federations, g_strdup(remote_providerID),
|
||||
lasso_federation_copy(federation));
|
||||
|
||||
identity->is_dirty = TRUE;
|
||||
|
||||
|
@ -185,10 +186,10 @@ lasso_identity_get_federation(LassoIdentity *identity,
|
|||
remote_providerID);
|
||||
if (federation == NULL) {
|
||||
debug("No Federation found with remote ProviderID = %s\n", remote_providerID);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/* FIXME: federation should be a copy (fix lasso_identity_add_federation too) */
|
||||
return(federation);
|
||||
return(lasso_federation_copy(federation));
|
||||
}
|
||||
|
||||
gchar*
|
||||
|
@ -198,7 +199,7 @@ lasso_identity_get_next_federation_remote_providerID(LassoIdentity *identity)
|
|||
|
||||
g_return_val_if_fail(identity!=NULL, NULL);
|
||||
|
||||
if(identity->providerIDs->len == 0) {
|
||||
if (identity->providerIDs->len == 0) {
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
|
@ -221,14 +222,15 @@ lasso_identity_remove_federation(LassoIdentity *identity,
|
|||
federation = lasso_identity_get_federation(identity, remote_providerID);
|
||||
if (federation != NULL) {
|
||||
g_hash_table_remove(identity->federations, remote_providerID);
|
||||
lasso_federation_destroy(federation);
|
||||
}
|
||||
else {
|
||||
debug("Failed to remove federation for remote Provider %s\n", remote_providerID);
|
||||
}
|
||||
|
||||
/* remove the federation remote provider id */
|
||||
for(i = 0; i<identity->providerIDs->len; i++) {
|
||||
if(xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
|
||||
for (i = 0; i<identity->providerIDs->len; i++) {
|
||||
if (xmlStrEqual(remote_providerID, g_ptr_array_index(identity->providerIDs, i))) {
|
||||
debug("Remove federation of %s\n", remote_providerID);
|
||||
g_ptr_array_remove_index(identity->providerIDs, i);
|
||||
break;
|
||||
|
@ -388,7 +390,7 @@ lasso_identity_new_from_dump(gchar *dump)
|
|||
federation_node = lasso_node_new_from_xmlNode(federation_xmlNode);
|
||||
remote_providerID = lasso_node_get_attr_value(federation_node,
|
||||
LASSO_FEDERATION_REMOTE_PROVIDERID_NODE, &err);
|
||||
if(remote_providerID==NULL){
|
||||
if (remote_providerID == NULL) {
|
||||
message(G_LOG_LEVEL_WARNING, err->message);
|
||||
g_error_free(err);
|
||||
lasso_node_destroy(federation_node);
|
||||
|
@ -466,6 +468,7 @@ lasso_identity_new_from_dump(gchar *dump)
|
|||
|
||||
xmlFree(remote_providerID);
|
||||
lasso_node_destroy(federation_node);
|
||||
lasso_federation_destroy(federation);
|
||||
}
|
||||
|
||||
federation_xmlNode = federation_xmlNode->next;
|
||||
|
|
|
@ -227,6 +227,7 @@ lasso_login_process_federation(LassoLogin *login)
|
|||
}
|
||||
|
||||
done:
|
||||
lasso_federation_destroy(federation);
|
||||
xmlFree(nameIDPolicy);
|
||||
xmlFree(consent);
|
||||
|
||||
|
@ -335,7 +336,7 @@ lasso_login_accept_sso(LassoLogin *login)
|
|||
assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
|
||||
"Assertion", lassoLibHRef, NULL);
|
||||
if (assertion == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Assertion element not found in response.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Assertion element not found in response.\n");
|
||||
ret = -2;
|
||||
goto done;
|
||||
}
|
||||
|
@ -349,7 +350,7 @@ lasso_login_accept_sso(LassoLogin *login)
|
|||
nameIdentifier = lasso_node_get_child(assertion, "NameIdentifier",
|
||||
lassoSamlAssertionHRef, NULL);
|
||||
if (nameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "NameIdentifier element not found in assertion.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "NameIdentifier element not found in assertion.\n");
|
||||
ret = -3;
|
||||
goto done;
|
||||
}
|
||||
|
@ -357,7 +358,7 @@ lasso_login_accept_sso(LassoLogin *login)
|
|||
idpProvidedNameIdentifier = lasso_node_get_child(assertion, "IDPProvidedNameIdentifier",
|
||||
lassoLibHRef, NULL);
|
||||
if (idpProvidedNameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "IDPProvidedNameIdentifier element not found in assertion.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "IDPProvidedNameIdentifier element not found in assertion.\n");
|
||||
ret = -4;
|
||||
goto done;
|
||||
}
|
||||
|
@ -376,9 +377,10 @@ lasso_login_accept_sso(LassoLogin *login)
|
|||
lasso_identity_add_federation(LASSO_PROFILE(login)->identity,
|
||||
LASSO_PROFILE(login)->remote_providerID,
|
||||
federation);
|
||||
lasso_federation_destroy(federation);
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_ERROR, "response attribute is empty.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "response attribute is empty.\n");
|
||||
}
|
||||
|
||||
done:
|
||||
|
@ -406,13 +408,13 @@ lasso_login_build_artifact_msg(LassoLogin *login,
|
|||
g_return_val_if_fail(authenticationMethod != NULL && reauthenticateOnOrAfter != NULL, -1);
|
||||
|
||||
if (method != lassoHttpMethodRedirect && method != lassoHttpMethodPost) {
|
||||
message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT or POST\n.");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
|
||||
return (-2);
|
||||
}
|
||||
|
||||
/* ProtocolProfile must be BrwsArt */
|
||||
if (login->protocolProfile != lassoLoginProtocolProfileBrwsArt) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to build artifact message, an AuthnResponse is required by ProtocolProfile.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to build artifact message, an AuthnResponse is required by ProtocolProfile.\n");
|
||||
return (-3);
|
||||
}
|
||||
|
||||
|
@ -431,6 +433,7 @@ lasso_login_build_artifact_msg(LassoLogin *login,
|
|||
federation,
|
||||
authenticationMethod,
|
||||
reauthenticateOnOrAfter);
|
||||
lasso_federation_destroy(federation);
|
||||
}
|
||||
}
|
||||
/* save response dump */
|
||||
|
@ -586,7 +589,7 @@ lasso_login_build_authn_response_msg(LassoLogin *login,
|
|||
|
||||
/* ProtocolProfile must be BrwsPost */
|
||||
if (login->protocolProfile != lassoLoginProtocolProfileBrwsPost) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to build AuthnResponse message, an Artifact is required by ProtocolProfile.\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to build AuthnResponse message, an Artifact is required by ProtocolProfile.\n");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -605,6 +608,7 @@ lasso_login_build_authn_response_msg(LassoLogin *login,
|
|||
federation,
|
||||
authenticationMethod,
|
||||
reauthenticateOnOrAfter);
|
||||
lasso_federation_destroy(federation);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -700,7 +704,7 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
|
|||
if (authn_request_method != lassoHttpMethodRedirect && \
|
||||
authn_request_method != lassoHttpMethodPost && \
|
||||
authn_request_method != lassoHttpMethodSoap) {
|
||||
message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT, POST or SOAP (LECP)\n.");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT, POST or SOAP (LECP)\n.");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -815,10 +819,15 @@ lasso_login_init_request(LassoLogin *login,
|
|||
{
|
||||
LassoNode *response = NULL;
|
||||
xmlChar *artifact, *identityProviderSuccinctID;
|
||||
gint ret = 0;
|
||||
GError *err = NULL;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_LOGIN(login), -1);
|
||||
g_return_val_if_fail(response_msg != NULL, -1);
|
||||
|
||||
if (response_method != lassoHttpMethodRedirect && \
|
||||
response_method != lassoHttpMethodPost) {
|
||||
message(G_LOG_LEVEL_ERROR, "Invalid HTTP method, it could be REDIRECT or POST\n.");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Invalid HTTP method, it could be REDIRECT or POST\n.");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -834,21 +843,35 @@ lasso_login_init_request(LassoLogin *login,
|
|||
break;
|
||||
}
|
||||
LASSO_PROFILE(login)->response = response;
|
||||
/* get remote identityProviderSuccinctID */
|
||||
identityProviderSuccinctID = lasso_artifact_get_identityProviderSuccinctID(LASSO_ARTIFACT(response));
|
||||
LASSO_PROFILE(login)->remote_providerID = lasso_server_get_providerID_from_hash(LASSO_PROFILE(login)->server,
|
||||
identityProviderSuccinctID);
|
||||
xmlFree(identityProviderSuccinctID);
|
||||
|
||||
LASSO_PROFILE(login)->response_type = lassoMessageTypeArtifact;
|
||||
|
||||
/* get remote identityProviderSuccinctID */
|
||||
identityProviderSuccinctID = lasso_artifact_get_identityProviderSuccinctID(LASSO_ARTIFACT(response), &err);
|
||||
if (identityProviderSuccinctID != NULL) {
|
||||
LASSO_PROFILE(login)->remote_providerID = lasso_server_get_providerID_from_hash(LASSO_PROFILE(login)->server,
|
||||
identityProviderSuccinctID);
|
||||
xmlFree(identityProviderSuccinctID);
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
}
|
||||
|
||||
/* create SamlpRequest */
|
||||
artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE(login)->response));
|
||||
LASSO_PROFILE(login)->request = lasso_request_new(artifact);
|
||||
LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
|
||||
xmlFree(artifact);
|
||||
artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE(login)->response), &err);
|
||||
if (artifact != NULL) {
|
||||
LASSO_PROFILE(login)->request = lasso_request_new(artifact);
|
||||
LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
|
||||
xmlFree(artifact);
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
}
|
||||
|
||||
return (0);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
gboolean
|
||||
|
|
|
@ -256,7 +256,8 @@ lasso_logout_init_request(LassoLogout *logout,
|
|||
message(G_LOG_LEVEL_CRITICAL, "Invalid provider type\n");
|
||||
return(-4);
|
||||
}
|
||||
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
if(nameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_CRITICAL, "Name identifier not found for %s\n",
|
||||
profile->remote_providerID);
|
||||
|
@ -418,6 +419,7 @@ lasso_logout_validate_request(LassoLogout *logout)
|
|||
statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
|
||||
return(-10);
|
||||
}
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
/* verification is ok, save name identifier in logout object */
|
||||
lasso_session_remove_assertion(profile->session, profile->remote_providerID);
|
||||
|
|
|
@ -181,7 +181,8 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping,
|
|||
message(G_LOG_LEVEL_ERROR, "Unknown provider type\n");
|
||||
return(-4);
|
||||
}
|
||||
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
if(nameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Name identifier not found\n");
|
||||
return(-5);
|
||||
|
@ -272,6 +273,7 @@ lasso_name_identifier_mapping_process_request_msg(LassoNameIdentifierMapping *ma
|
|||
statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
|
||||
return(-7);
|
||||
}
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
|
|
@ -243,6 +243,7 @@ lasso_register_name_identifier_init_request(LassoRegisterNameIdentifier *registe
|
|||
message(G_LOG_LEVEL_CRITICAL, "Invalid provider type (%d)\n", profile->provider_type);
|
||||
return(-5);
|
||||
}
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
debug("old name identifier : %s, old name qualifier : %s, old format : %s\n", oldNameIdentifier, oldNameQualifier, oldFormat);
|
||||
debug("sp name identifier : %s, sp name qualifier : %s, sp format : %s\n", spNameIdentifier, spNameQualifier, spFormat);
|
||||
|
@ -367,6 +368,7 @@ lasso_register_name_identifier_process_request(LassoRegisterNameIdentifier *regi
|
|||
statusCode_class->set_prop(statusCode, "Value", lassoLibStatusCodeFederationDoesNotExist);
|
||||
return(-8);
|
||||
}
|
||||
lasso_federation_destroy(federation);
|
||||
|
||||
/* verify authentication (if ok, delete assertion) */
|
||||
assertion = lasso_session_get_assertion(profile->session, remote_providerID);
|
||||
|
|
Loading…
Reference in New Issue