parent
c3eb32cf54
commit
460c152106
3
AUTHORS
3
AUTHORS
|
@ -1 +1,2 @@
|
|||
Frederic Peters <fpeters@entrouvert.com>
|
||||
Valéry Febvre <vfebvre@easter-eggs.com>
|
||||
Frédéric Péters <fpeters@entrouvert.com>
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
2005-02-04 Valery Febvre <vfebvre@entrouvert.com>
|
||||
|
||||
* idpc: minor bug fixes and improvements
|
||||
|
||||
2005-01-27 Frederic Peters <fpeters@entrouvert.com>
|
||||
|
||||
* idpc: updated to lasso 0.6.0; thanks to work on idptech
|
||||
|
||||
2004-07-29 Frederic Peters <fpeters@entrouvert.com>
|
||||
|
||||
* idpc: initial version.
|
||||
|
|
2
README
2
README
|
@ -1,7 +1,7 @@
|
|||
IdPC - IdP as a C CGI program
|
||||
=============================
|
||||
|
||||
Copyright (C) 2004 Entr'ouvert
|
||||
Copyright (C) 2004-2005 Entr'ouvert
|
||||
|
||||
|
||||
IdPC is free software; you can redistribute it and/or modify
|
||||
|
|
16
src/auth.c
16
src/auth.c
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -248,11 +248,12 @@ char* certificate_auth()
|
|||
return strdup(getenv("SSL_CLIENT_M_SERIAL"));
|
||||
}
|
||||
|
||||
|
||||
char* http_auth()
|
||||
{
|
||||
char *str;
|
||||
str = getenv("REMOTE_USER");
|
||||
if (str) {
|
||||
if (str != NULL) {
|
||||
return strdup(str);
|
||||
}
|
||||
return NULL;
|
||||
|
@ -261,18 +262,18 @@ char* http_auth()
|
|||
|
||||
struct authentication authentications[] = {
|
||||
{"certificate", certificate_auth,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
|
||||
{"http", http_auth,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
|
||||
{"http", http_auth, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
|
||||
{ NULL, NULL, NULL}
|
||||
};
|
||||
|
||||
|
||||
struct authentication* get_authentication(char *auth_method)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i=0; authentications[i].name && \
|
||||
strcmp(authentications[i].name, auth_method) != 0; i++) ;
|
||||
strcmp(authentications[i].name, auth_method) != 0; i++) ;
|
||||
|
||||
if (authentications[i].name == NULL ) {
|
||||
fprintf(stderr, "no auth by that name\n");
|
||||
|
@ -281,4 +282,3 @@ struct authentication* get_authentication(char *auth_method)
|
|||
|
||||
return &authentications[i];
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -45,9 +45,9 @@ int defederation_http(LassoDefederation *termination)
|
|||
return error_page("set_profile_auto failed");
|
||||
}
|
||||
|
||||
rc = lasso_defederation_build_notification_msg(termination);
|
||||
rc = lasso_defederation_validate_notification(termination);
|
||||
if (rc) {
|
||||
return error_page("build notification msg");
|
||||
return error_page("Failed to validate notification");
|
||||
}
|
||||
|
||||
rc = save_profile_dumps(LASSO_PROFILE(termination));
|
||||
|
@ -56,21 +56,21 @@ int defederation_http(LassoDefederation *termination)
|
|||
}
|
||||
|
||||
printf("Location: %s\n\nRedirected",
|
||||
LASSO_PROFILE(termination)->msg_url);
|
||||
LASSO_PROFILE(termination)->msg_url);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int defederation_init(LassoDefederation *termination,
|
||||
char* serviceProviderId)
|
||||
char* serviceProviderId)
|
||||
{
|
||||
/* IdP-initiated */
|
||||
int rc;
|
||||
LassoIdentity *identity;
|
||||
struct authentication *auth;
|
||||
char *user_id;
|
||||
char *user_dump, *session_dump;
|
||||
char *identity_dump, *session_dump;
|
||||
|
||||
auth = get_authentication(
|
||||
get_config_string("//idpc:authenticationMethod"));
|
||||
|
@ -85,20 +85,20 @@ int defederation_init(LassoDefederation *termination,
|
|||
return error_page("Error authenticating");
|
||||
}
|
||||
|
||||
/* retrieve user_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
||||
/* retrieve identity_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
|
||||
if (user_dump && user_dump[0]) {
|
||||
if (identity_dump && identity_dump[0]) {
|
||||
rc = lasso_profile_set_identity_from_dump(
|
||||
LASSO_PROFILE(termination), user_dump);
|
||||
LASSO_PROFILE(termination), identity_dump);
|
||||
if (rc) {
|
||||
return error_page("set identity failed");
|
||||
}
|
||||
free(user_dump);
|
||||
user_dump = NULL;
|
||||
free(identity_dump);
|
||||
identity_dump = NULL;
|
||||
}
|
||||
|
||||
if (session_dump && session_dump[0]) {
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -51,7 +51,7 @@ char* get_config_string(char *xpath);
|
|||
LassoServer* get_config_server();
|
||||
|
||||
int db_init();
|
||||
int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
|
||||
int db_get_dumps(char *user_id, char **identity_dump, char **session_dump);
|
||||
int db_save_identity(char *user_id, char *identity_dump);
|
||||
int db_save_session(char *user_id, char *session_dump);
|
||||
int db_save_name_identifier(char *name_identifier, char *user_id);
|
||||
|
@ -71,4 +71,3 @@ struct authentication {
|
|||
};
|
||||
|
||||
struct authentication* get_authentication(char *auth_method);
|
||||
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -29,7 +29,6 @@
|
|||
* [!2b. initiated by SP, SOAP is handled in soapEndpoint!]
|
||||
*/
|
||||
|
||||
|
||||
int soap_loop(LassoLogout *logout)
|
||||
{
|
||||
char *other_sp;
|
||||
|
@ -92,7 +91,7 @@ int soap_loop(LassoLogout *logout)
|
|||
}
|
||||
|
||||
printf("Location: %s\n\nRedirected",
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
} else {
|
||||
/* we're done */
|
||||
rc = lasso_logout_build_request_msg(logout);
|
||||
|
@ -103,7 +102,7 @@ int soap_loop(LassoLogout *logout)
|
|||
}
|
||||
if (rc) {
|
||||
printf("Location: %s\n\nRedirected",
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -135,7 +134,7 @@ int logout_init(LassoLogout *logout)
|
|||
LassoIdentity *identity;
|
||||
struct authentication *auth;
|
||||
char *user_id;
|
||||
char *user_dump, *session_dump;
|
||||
char *identity_dump, *session_dump;
|
||||
|
||||
auth = get_authentication(
|
||||
get_config_string("//idpc:authenticationMethod"));
|
||||
|
@ -150,14 +149,14 @@ int logout_init(LassoLogout *logout)
|
|||
return error_page("Error authenticating");
|
||||
}
|
||||
|
||||
/* retrieve user_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
||||
/* retrieve identity_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(logout),
|
||||
user_dump, session_dump);
|
||||
free(user_dump);
|
||||
identity_dump, session_dump);
|
||||
free(identity_dump);
|
||||
free(session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error setting dumps");
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
/*
|
||||
* idpc - IDP as a C CGI program
|
||||
* Copyright (C) 2004 Entr'ouvert
|
||||
* Copyright (C) 2004-2005 Entr'ouvert
|
||||
*
|
||||
* Author: Frederic Peters <fpeters@entrouvert.com>
|
||||
* Authors: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -21,7 +21,6 @@
|
|||
|
||||
#include "idpc.h"
|
||||
|
||||
|
||||
struct req {
|
||||
LassoRequestType type;
|
||||
char* (*request_function) (LassoServer*, char*);
|
||||
|
@ -39,7 +38,7 @@ struct req requests[] = {
|
|||
{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
|
||||
{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
|
||||
{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
|
||||
/* {lassoRequestTypeLecp, req_lecp}, */
|
||||
/* {LASSO_REQUEST_TYPE_LECP, req_lecp}, */
|
||||
/* LECP requests go to single sign on service URL */
|
||||
{0, NULL}
|
||||
};
|
||||
|
@ -52,41 +51,57 @@ char* req_login(LassoServer *server, char *soap_msg)
|
|||
LassoLogin *login;
|
||||
int rc;
|
||||
char *user_id = NULL, *provider_id = NULL;
|
||||
char *identity_dump, *session_dump, *answer;
|
||||
char *identity_dump, *session_dump, *answer = NULL;
|
||||
|
||||
login = lasso_login_new(server);
|
||||
|
||||
/* process SOAP samlp:Request message */
|
||||
rc = lasso_login_process_request_msg(login, soap_msg);
|
||||
if (rc) {
|
||||
fprintf(stderr, "process_request_msg failed\n");
|
||||
return NULL;
|
||||
fprintf(stderr, "process_request_msg failed: error %d\n", rc);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* get user_id and providerID associated with assertionArtifact */
|
||||
rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
|
||||
if (rc) {
|
||||
fprintf(stderr, "db_get_artifact failed\n");
|
||||
} else {
|
||||
rc = db_remove_artifact(login->assertionArtifact);
|
||||
if (rc) {
|
||||
fprintf(stderr, "db_remove_artifact failed\n");
|
||||
}
|
||||
goto done;
|
||||
}
|
||||
db_remove_artifact(login->assertionArtifact);
|
||||
|
||||
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(login),
|
||||
identity_dump, session_dump);
|
||||
free(identity_dump);
|
||||
free(session_dump);
|
||||
/* get user's identity and session dumps */
|
||||
rc = db_get_dumps(user_id,
|
||||
&identity_dump, &session_dump);
|
||||
if (rc) {
|
||||
fprintf(stderr, "db_get_dumps failed\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* set identity and session in login */
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(login),
|
||||
identity_dump, session_dump);
|
||||
if (rc) {
|
||||
fprintf(stderr, "set_profile_from_dumps failed\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* build SOAP samlp:Response message */
|
||||
rc = lasso_login_build_response_msg(login, provider_id);
|
||||
if (user_id)
|
||||
free(user_id);
|
||||
if (provider_id)
|
||||
free(provider_id);
|
||||
if (rc) {
|
||||
fprintf(stderr,
|
||||
"lasso_login_build_response_msg failed: error %d\n", rc);
|
||||
goto done;
|
||||
}
|
||||
|
||||
answer = strdup(LASSO_PROFILE(login)->msg_body);
|
||||
|
||||
done:
|
||||
free(user_id);
|
||||
free(provider_id);
|
||||
free(identity_dump);
|
||||
free(session_dump);
|
||||
lasso_login_destroy(login);
|
||||
|
||||
|
||||
return answer;
|
||||
}
|
||||
|
||||
|
@ -213,8 +228,8 @@ char* req_defederation(LassoServer *server, char *soap_msg)
|
|||
|
||||
rc = save_profile_dumps(LASSO_PROFILE(termination));
|
||||
if (rc) {
|
||||
fprintf(stderr, "save_profile_dumps failed: error %d\n", rc);
|
||||
lasso_defederation_destroy(termination);
|
||||
fprintf(stderr, "save_profile_dumps failed\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -246,12 +261,13 @@ int soap_end_point()
|
|||
return error_page("No HTTP verb");
|
||||
}
|
||||
|
||||
/* SOAP is send by POST */
|
||||
if (strcmp(http_verb, "POST") != 0) {
|
||||
return error_page("Must be POST");
|
||||
}
|
||||
|
||||
if (getenv("CONTENT_TYPE") &&
|
||||
strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
|
||||
strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
|
||||
return error_page("Content-Type must be text/xml");
|
||||
}
|
||||
|
||||
|
@ -265,9 +281,8 @@ int soap_end_point()
|
|||
soap_msg = malloc(clen+1);
|
||||
soap_msg[clen] = 0;
|
||||
fread(soap_msg, clen, 1, stdin);
|
||||
fprintf(stderr, "Got message:\n%s\n", soap_msg);
|
||||
|
||||
|
||||
/* fprintf(stderr, "Got message:\n%s\n", soap_msg); */
|
||||
|
||||
req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
|
||||
|
||||
for (i=0; requests[i].type && requests[i].type != req_type; i++) ;
|
||||
|
@ -311,6 +326,7 @@ int main(int argc, char *argv[])
|
|||
if (rc) {
|
||||
return error_page("Failed to init configuration");
|
||||
}
|
||||
|
||||
lasso_init();
|
||||
rc = db_init();
|
||||
if (rc) {
|
||||
|
|
|
@ -189,7 +189,7 @@ int save_profile_dumps(LassoProfile *profile)
|
|||
if (rc) {
|
||||
fprintf(stderr, "db_save_session failed: error %d\n", rc);
|
||||
free(user_id);
|
||||
return 1;
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Reference in New Issue