entrouvert
/
idpc
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Minor bug fixes and improvements 

Changed copyright
This commit is contained in:
valos 2005-02-04 16:07:42 +00:00
parent c3eb32cf54
commit 460c152106
11 changed files with 93 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
AUTHORS
View File

@ -1 +1,2 @@
Frederic Peters <fpeters@entrouvert.com>
Valéry Febvre <vfebvre@easter-eggs.com>
Frédéric Péters <fpeters@entrouvert.com>

8
ChangeLog
View File

@ -1,3 +1,11 @@
2005-02-04 Valery Febvre <vfebvre@entrouvert.com>
* idpc: minor bug fixes and improvements
2005-01-27 Frederic Peters <fpeters@entrouvert.com>
* idpc: updated to lasso 0.6.0; thanks to work on idptech
2004-07-29 Frederic Peters <fpeters@entrouvert.com>
* idpc: initial version.

2
README
View File

@ -1,7 +1,7 @@
IdPC - IdP as a C CGI program
=============================
Copyright (C) 2004 Entr'ouvert
Copyright (C) 2004-2005 Entr'ouvert
IdPC is free software; you can redistribute it and/or modify

16
src/auth.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -248,11 +248,12 @@ char* certificate_auth()
return strdup(getenv("SSL_CLIENT_M_SERIAL"));
}
char* http_auth()
{
char *str;
str = getenv("REMOTE_USER");
if (str) {
if (str != NULL) {
return strdup(str);
}
return NULL;
@ -261,18 +262,18 @@ char* http_auth()
struct authentication authentications[] = {
{"certificate", certificate_auth,
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
{"http", http_auth,
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
{"http", http_auth, LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
{ NULL, NULL, NULL}
};
struct authentication* get_authentication(char *auth_method)
{
int i;
for (i=0; authentications[i].name && \
strcmp(authentications[i].name, auth_method) != 0; i++) ;
strcmp(authentications[i].name, auth_method) != 0; i++) ;
if (authentications[i].name == NULL ) {
fprintf(stderr, "no auth by that name\n");
@ -281,4 +282,3 @@ struct authentication* get_authentication(char *auth_method)
return &authentications[i];
}

4
src/config.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

26
src/federation_termination.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -45,9 +45,9 @@ int defederation_http(LassoDefederation *termination)
return error_page("set_profile_auto failed");
}
rc = lasso_defederation_build_notification_msg(termination);
rc = lasso_defederation_validate_notification(termination);
if (rc) {
return error_page("build notification msg");
return error_page("Failed to validate notification");
}
rc = save_profile_dumps(LASSO_PROFILE(termination));
@ -56,21 +56,21 @@ int defederation_http(LassoDefederation *termination)
}
printf("Location: %s\n\nRedirected",
LASSO_PROFILE(termination)->msg_url);
LASSO_PROFILE(termination)->msg_url);
return 0;
}
int defederation_init(LassoDefederation *termination,
char* serviceProviderId)
char* serviceProviderId)
{
/* IdP-initiated */
int rc;
LassoIdentity *identity;
struct authentication *auth;
char *user_id;
char *user_dump, *session_dump;
char *identity_dump, *session_dump;
auth = get_authentication(
get_config_string("//idpc:authenticationMethod"));
@ -85,20 +85,20 @@ int defederation_init(LassoDefederation *termination,
return error_page("Error authenticating");
}
/* retrieve user_dump and session_dump */
rc = db_get_dumps(user_id, &user_dump, &session_dump);
/* retrieve identity_dump and session_dump */
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
if (rc) {
return error_page("Error getting dumps from db");
}
if (user_dump && user_dump[0]) {
if (identity_dump && identity_dump[0]) {
rc = lasso_profile_set_identity_from_dump(
LASSO_PROFILE(termination), user_dump);
LASSO_PROFILE(termination), identity_dump);
if (rc) {
return error_page("set identity failed");
}
free(user_dump);
user_dump = NULL;
free(identity_dump);
identity_dump = NULL;
}
if (session_dump && session_dump[0]) {

7
src/idpc.h
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -51,7 +51,7 @@ char* get_config_string(char *xpath);
LassoServer* get_config_server();
int db_init();
int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
int db_get_dumps(char *user_id, char **identity_dump, char **session_dump);
int db_save_identity(char *user_id, char *identity_dump);
int db_save_session(char *user_id, char *session_dump);
int db_save_name_identifier(char *name_identifier, char *user_id);
@ -71,4 +71,3 @@ struct authentication {
};
struct authentication* get_authentication(char *auth_method);

19
src/single_logout.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -29,7 +29,6 @@
* [!2b. initiated by SP, SOAP is handled in soapEndpoint!]
*/
int soap_loop(LassoLogout *logout)
{
char *other_sp;
@ -92,7 +91,7 @@ int soap_loop(LassoLogout *logout)
}
printf("Location: %s\n\nRedirected",
LASSO_PROFILE(logout)->msg_url);
LASSO_PROFILE(logout)->msg_url);
} else {
/* we're done */
rc = lasso_logout_build_request_msg(logout);
@ -103,7 +102,7 @@ int soap_loop(LassoLogout *logout)
}
if (rc) {
printf("Location: %s\n\nRedirected",
LASSO_PROFILE(logout)->msg_url);
LASSO_PROFILE(logout)->msg_url);
return 0;
}
}
@ -135,7 +134,7 @@ int logout_init(LassoLogout *logout)
LassoIdentity *identity;
struct authentication *auth;
char *user_id;
char *user_dump, *session_dump;
char *identity_dump, *session_dump;
auth = get_authentication(
get_config_string("//idpc:authenticationMethod"));
@ -150,14 +149,14 @@ int logout_init(LassoLogout *logout)
return error_page("Error authenticating");
}
/* retrieve user_dump and session_dump */
rc = db_get_dumps(user_id, &user_dump, &session_dump);
/* retrieve identity_dump and session_dump */
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
if (rc) {
return error_page("Error getting dumps from db");
}
rc = set_profile_from_dumps(LASSO_PROFILE(logout),
user_dump, session_dump);
free(user_dump);
identity_dump, session_dump);
free(identity_dump);
free(session_dump);
if (rc) {
return error_page("Error setting dumps");

4
src/soap.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

72
src/soap_end_point.c
View File

@ -1,8 +1,8 @@
/*
* idpc - IDP as a C CGI program
* Copyright (C) 2004 Entr'ouvert
* Copyright (C) 2004-2005 Entr'ouvert
*
* Author: Frederic Peters <fpeters@entrouvert.com>
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -21,7 +21,6 @@
#include "idpc.h"
struct req {
LassoRequestType type;
char* (*request_function) (LassoServer*, char*);
@ -39,7 +38,7 @@ struct req requests[] = {
{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
/* {lassoRequestTypeLecp, req_lecp}, */
/* {LASSO_REQUEST_TYPE_LECP, req_lecp}, */
/* LECP requests go to single sign on service URL */
{0, NULL}
};
@ -52,41 +51,57 @@ char* req_login(LassoServer *server, char *soap_msg)
LassoLogin *login;
int rc;
char *user_id = NULL, *provider_id = NULL;
char *identity_dump, *session_dump, *answer;
char *identity_dump, *session_dump, *answer = NULL;
login = lasso_login_new(server);
/* process SOAP samlp:Request message */
rc = lasso_login_process_request_msg(login, soap_msg);
if (rc) {
fprintf(stderr, "process_request_msg failed\n");
return NULL;
fprintf(stderr, "process_request_msg failed: error %d\n", rc);
goto done;
}
/* get user_id and providerID associated with assertionArtifact */
rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
if (rc) {
fprintf(stderr, "db_get_artifact failed\n");
} else {
rc = db_remove_artifact(login->assertionArtifact);
if (rc) {
fprintf(stderr, "db_remove_artifact failed\n");
}
goto done;
}
db_remove_artifact(login->assertionArtifact);
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
rc = set_profile_from_dumps(LASSO_PROFILE(login),
identity_dump, session_dump);
free(identity_dump);
free(session_dump);
/* get user's identity and session dumps */
rc = db_get_dumps(user_id,
&identity_dump, &session_dump);
if (rc) {
fprintf(stderr, "db_get_dumps failed\n");
goto done;
}
/* set identity and session in login */
rc = set_profile_from_dumps(LASSO_PROFILE(login),
identity_dump, session_dump);
if (rc) {
fprintf(stderr, "set_profile_from_dumps failed\n");
goto done;
}
/* build SOAP samlp:Response message */
rc = lasso_login_build_response_msg(login, provider_id);
if (user_id)
free(user_id);
if (provider_id)
free(provider_id);
if (rc) {
fprintf(stderr,
"lasso_login_build_response_msg failed: error %d\n", rc);
goto done;
}
answer = strdup(LASSO_PROFILE(login)->msg_body);
done:
free(user_id);
free(provider_id);
free(identity_dump);
free(session_dump);
lasso_login_destroy(login);
return answer;
}
@ -213,8 +228,8 @@ char* req_defederation(LassoServer *server, char *soap_msg)
rc = save_profile_dumps(LASSO_PROFILE(termination));
if (rc) {
fprintf(stderr, "save_profile_dumps failed: error %d\n", rc);
lasso_defederation_destroy(termination);
fprintf(stderr, "save_profile_dumps failed\n");
return NULL;
}
@ -246,12 +261,13 @@ int soap_end_point()
return error_page("No HTTP verb");
}
/* SOAP is send by POST */
if (strcmp(http_verb, "POST") != 0) {
return error_page("Must be POST");
}
if (getenv("CONTENT_TYPE") &&
strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
strcmp(getenv("CONTENT_TYPE"), "text/xml") != 0) {
return error_page("Content-Type must be text/xml");
}
@ -265,9 +281,8 @@ int soap_end_point()
soap_msg = malloc(clen+1);
soap_msg[clen] = 0;
fread(soap_msg, clen, 1, stdin);
fprintf(stderr, "Got message:\n%s\n", soap_msg);
/* fprintf(stderr, "Got message:\n%s\n", soap_msg); */
req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
for (i=0; requests[i].type && requests[i].type != req_type; i++) ;
@ -311,6 +326,7 @@ int main(int argc, char *argv[])
if (rc) {
return error_page("Failed to init configuration");
}
lasso_init();
rc = db_init();
if (rc) {

2
src/utils.c
View File

@ -189,7 +189,7 @@ int save_profile_dumps(LassoProfile *profile)
if (rc) {
fprintf(stderr, "db_save_session failed: error %d\n", rc);
free(user_id);
return 1;
return 2;
}
}