entrouvert
/
idpc
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

updated to lasso 0.6.0; thanks to work on idptech

This commit is contained in:
fpeters 2005-01-27 23:52:57 +00:00
parent ba2615a686
commit f16cd25ecc
11 changed files with 113 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -18,7 +18,7 @@ dnl Checks for header files.
AC_HEADER_STDC
dnl Checks for libraries.
PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso = 0.4.1 openssl)
PKG_CHECK_MODULES(IDPC, libxml-2.0 neon lasso >= 0.6.0 openssl)
AC_SUBST(IDPC_CFLAGS)
AC_SUBST(IDPC_LIBS)

9
create-db.sql
View File

@ -13,11 +13,12 @@
session_dump text
);
CREATE TABLE assertions (
artifact varchar(100),
assertion text
CREATE TABLE artifacts (
artifact varchar(100) primary key,
user_id varchar(100),
provider_id text
);
GRANT DELETE, INSERT, SELECT, UPDATE ON nameidentifiers TO idpc;
GRANT DELETE, INSERT, SELECT, UPDATE ON users TO idpc;
GRANT DELETE, INSERT, SELECT, UPDATE ON assertions TO idpc;
GRANT DELETE, INSERT, SELECT, UPDATE ON artifacts TO idpc;

5
src/auth.c
View File

@ -261,8 +261,9 @@ char* http_auth()
struct authentication authentications[] = {
{"certificate", certificate_auth,
lassoSamlAuthenticationMethodSoftwarePki},
{"http", http_auth, lassoSamlAuthenticationMethodPassword},
LASSO_SAML_AUTHENTICATION_METHOD_SOFTWARE_PKI},
{"http", http_auth,
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD},
{ NULL, NULL, NULL}
};

6
src/config.c
View File

@ -84,10 +84,9 @@ LassoServer* get_config_server()
server = lasso_server_new(
get_config_string("//idpc:metadataFilePath"),
get_config_string("//idpc:idpPublicKey"),
get_config_string("//idpc:idpPrivateKey"),
get_config_string("//idpc:idpCertificate"),
lassoSignatureMethodRsaSha1);
NULL,
get_config_string("//idpc:idpCertificate"));
if (server == NULL) {
fprintf(stderr, "failure in server_new\n");
return NULL;
@ -105,6 +104,7 @@ LassoServer* get_config_server()
break;
}
rc = lasso_server_add_provider(server,
LASSO_PROVIDER_ROLE_SP,
get_config_string(cfg_metadata),
get_config_string(cfg_publickey),
get_config_string(cfg_cacertificate));

27
src/db_postgresql.c
View File

@ -189,20 +189,18 @@ int db_save_name_identifier(char *name_identifier, char *user_id)
return 0;
}
int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
int db_save_artifact(char *artifact, char *user_id, char *provider_id)
{
PGresult *res;
const char *params[2];
char *assertion_dump;
const char *params[3];
assertion_dump = lasso_node_export(LASSO_NODE(assertion));
params[0] = assertion_artifact;
params[1] = assertion_dump;
params[0] = artifact;
params[1] = user_id;
params[2] = provider_id;
res = PQexecParams(sqlconn,
"INSERT INTO assertions VALUES ($1, $2)",
2, NULL, params, NULL, NULL, 1);
"INSERT INTO artifacts VALUES ($1, $2, $3)",
3, NULL, params, NULL, NULL, 1);
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
PQclear(res);
return 1;
@ -212,7 +210,7 @@ int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion)
return 0;
}
int db_get_assertion(char *artifact, char **assertion)
int db_get_artifact(char *artifact, char **user_id, char **provider_id)
{
PGresult *res;
const char *params[1];
@ -220,7 +218,7 @@ int db_get_assertion(char *artifact, char **assertion)
params[0] = artifact;
res = PQexecParams(sqlconn,
"SELECT assertion from assertions where artifact = $1",
"SELECT user_id, provider_id from artifacts where artifact = $1",
1, NULL, params, NULL, NULL, 1);
if (PQresultStatus(res) != PGRES_TUPLES_OK) {
PQclear(res);
@ -233,12 +231,13 @@ int db_get_assertion(char *artifact, char **assertion)
return 1;
}
*assertion = strdup(PQgetvalue(res, 0, 0));
*user_id = strdup(PQgetvalue(res, 0, 0));
*provider_id = strdup(PQgetvalue(res, 0, 1));
PQclear(res);
return 0;
}
int db_remove_assertion(char *artifact)
int db_remove_artifact(char *artifact)
{
PGresult *res;
const char *params[1];
@ -246,7 +245,7 @@ int db_remove_assertion(char *artifact)
params[0] = artifact;
res = PQexecParams(sqlconn,
"DELETE from assertions where artifact = $1",
"DELETE from artifacts where artifact = $1",
1, NULL, params, NULL, NULL, 1);
if (PQresultStatus(res) != PGRES_COMMAND_OK) {
PQclear(res);

8
src/federation_termination.c
View File

@ -35,8 +35,7 @@ int defederation_http(LassoDefederation *termination)
LassoIdentity *identity;
rc = lasso_defederation_process_notification_msg(
termination, getenv("QUERY_STRING"),
lassoHttpMethodRedirect);
termination, getenv("QUERY_STRING"));
if (rc) {
return error_page("process_notification_msg failed");
}
@ -113,7 +112,7 @@ int defederation_init(LassoDefederation *termination,
}
rc = lasso_defederation_init_notification(termination,
serviceProviderId, lassoHttpMethodSoap);
serviceProviderId, LASSO_HTTP_METHOD_SOAP);
if (rc) {
return error_page("init_notification failed");
}
@ -168,8 +167,7 @@ int defederation()
return error_page("Failed to get server configuration");
}
termination = lasso_defederation_new(server,
lassoProviderTypeIdp);
termination = lasso_defederation_new(server);
if (termination == NULL) {
lasso_server_destroy(server);
return error_page("lasso_defederation_new failed");

8
src/idpc.h
View File

@ -35,7 +35,7 @@
#include <openssl/ocsp.h>
#include <openssl/ssl.h>
#include <lasso/lasso.h>
#include <lasso/xml/errors.h> /* lasso bug; shouldn't have to include this */
#include <lasso/errors.h> /* lasso bug; shouldn't have to include this */
int error_page(char *msg);
int handle_args(int argc, char *argv[]);
@ -55,9 +55,9 @@ int db_get_dumps(char *user_id, char **user_dump, char **session_dump);
int db_save_identity(char *user_id, char *identity_dump);
int db_save_session(char *user_id, char *session_dump);
int db_save_name_identifier(char *name_identifier, char *user_id);
int db_save_assertion(char *assertion_artifact, LassoAssertion *assertion);
int db_get_assertion(char *artifact, char **assertion);
int db_remove_assertion(char *artifact);
int db_save_artifact(char *artifact, char *user_id, char *provider_id);
int db_get_artifact(char *artifact, char **user_id, char **provider_id);
int db_remove_artifact(char *artifact);
int db_get_user_id(char *name_identifier, char **user_id);
void db_finish();

13
src/single_logout.c
View File

@ -39,8 +39,7 @@ int soap_loop(LassoLogout *logout)
other_sp = lasso_logout_get_next_providerID(logout);
while (other_sp) {
fprintf(stderr, "Other SP: %s\n", other_sp);
rc = lasso_logout_init_request(logout, other_sp,
lassoHttpMethodAny);
rc = lasso_logout_init_request(logout, other_sp, LASSO_HTTP_METHOD_ANY);
if (rc) {
fprintf(stderr, "init_request failed\n");
return 1;
@ -59,8 +58,7 @@ int soap_loop(LassoLogout *logout)
return 1;
}
rc = lasso_logout_process_response_msg(logout,
soap_answer, lassoHttpMethodSoap);
rc = lasso_logout_process_response_msg(logout, soap_answer);
if (rc) {
free(soap_answer);
fprintf(stderr, "logout_process_response_msg failed\n");
@ -82,7 +80,7 @@ int soap_loop(LassoLogout *logout)
if (other_sp) {
/* remaining service provider; redirect */
rc = lasso_logout_init_request(logout, other_sp,
lassoHttpMethodRedirect);
LASSO_HTTP_METHOD_REDIRECT);
if (rc) {
fprintf(stderr, "lasso_logout_init_request failed\n");
return 0;
@ -184,14 +182,13 @@ int logout_req()
return error_page("Failed to get server configuration");
}
logout = lasso_logout_new(server, lassoProviderTypeIdp);
logout = lasso_logout_new(server);
if (logout == NULL) {
lasso_server_destroy(server);
return error_page("lasso_logout_new failed");
}
rc = lasso_logout_process_request_msg(logout,
getenv("QUERY_STRING"), lassoHttpMethodRedirect);
rc = lasso_logout_process_request_msg(logout, getenv("QUERY_STRING"));
if (rc == LASSO_PROFILE_ERROR_INVALID_QUERY) {
/* unknown query string; initiate logout now */
rc = logout_init(logout);

67
src/single_sign_on.c
View File

@ -44,7 +44,7 @@ int lecp_profile(LassoServer *server)
soap_msg[clen] = 0;
fgets(soap_msg, clen+1, stdin);
req_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
if (req_type != lassoRequestTypeLecp) {
if (req_type != LASSO_REQUEST_TYPE_LECP) {
return error_page("soap but req type not LECP");
}
@ -78,10 +78,7 @@ int lecp_profile(LassoServer *server)
return error_page("Failed to set profile from dumps");
}
rc = lasso_lecp_init_from_authn_request_msg(lecp, soap_msg,
lassoHttpMethodSoap);
rc = lasso_lecp_process_authn_request_msg(lecp, soap_msg);
if (!rc) {
lasso_lecp_destroy(lecp);
return error_page("lecp init failed");
@ -90,9 +87,7 @@ int lecp_profile(LassoServer *server)
reauth_time = strtime(time(NULL) +
(get_config_string("//idpc:reauthenticationDelay") ?
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
rc = lasso_lecp_build_authn_response_envelope_msg(
lecp, 1, auth->lasso_name,
reauth_time);
rc = lasso_lecp_build_authn_response_envelope_msg(lecp);
free(reauth_time);
if (!rc) {
lasso_lecp_destroy(lecp);
@ -115,7 +110,6 @@ int single_sign_on()
{
LassoServer *server;
LassoLogin *login;
lassoHttpMethod response_method;
char *http_verb, *ct;
char *authn_request_msg = NULL;
int rc;
@ -137,12 +131,13 @@ int single_sign_on()
char *t;
t = getenv("QUERY_STRING");
if (t) {
authn_request_msg = strdup(t);
} else {
authn_request_msg = strdup("");
}
response_method = lassoHttpMethodRedirect;
if (!t)
return error_page("No authnRequest as query string");
if (! lasso_profile_is_liberty_query(t))
return error_page("Improper query string; not a AuthnRequest");
authn_request_msg = strdup(t);
}
if (strcmp(http_verb, "POST") == 0) {
@ -161,7 +156,6 @@ int single_sign_on()
msg = malloc(clen+1);
msg[clen] = 0;
fgets(msg, clen+1, stdin);
response_method = lassoHttpMethodPost;
res = urlencoded_to_strings(msg);
for (i=0; res[i]; i++) {
@ -228,8 +222,7 @@ int single_sign_on()
return error_page("Failed to set profile from dumps");
}
rc = lasso_login_init_from_authn_request_msg(login,
authn_request_msg, response_method);
rc = lasso_login_process_authn_request_msg(login, authn_request_msg);
if (rc) {
char msg[100];
sprintf(msg, "Lasso login error, %d", rc);
@ -251,12 +244,22 @@ int single_sign_on()
(get_config_string("//idpc:reauthenticationDelay") ?
atoi(get_config_string("//idpc:reauthenticationDelay")) : 7200));
if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
rc = lasso_login_build_assertion(login,
auth->lasso_name,
"", /* authenticationInstant */
reauth_time, /* reauthenticateOnOrAfter */
"", /* notBefore */
""); /* notOnOrAfter */
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
lasso_server_destroy(server);
return error_page("build_assertion failed");
}
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
rc = lasso_login_build_artifact_msg(login,
1, /* user authenticated */
auth->lasso_name,
reauth_time,
lassoHttpMethodRedirect);
LASSO_HTTP_METHOD_REDIRECT);
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
@ -265,10 +268,7 @@ int single_sign_on()
}
} else {
/* POST profile (lassoLoginProtocolProfileBrwsPost) */
rc = lasso_login_build_authn_response_msg(login,
1, /* user authenticated */
auth->lasso_name,
reauth_time);
rc = lasso_login_build_authn_response_msg(login);
if (rc) {
free(reauth_time);
lasso_login_destroy(login);
@ -279,7 +279,7 @@ int single_sign_on()
free(reauth_time);
rc = db_save_name_identifier(
LASSO_PROFILE(login)->nameIdentifier, user_id);
LASSO_PROFILE(login)->nameIdentifier->content, user_id);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
@ -294,11 +294,10 @@ int single_sign_on()
}
if (login->protocolProfile == lassoLoginProtocolProfileBrwsArt) {
LassoAssertion *my_ass;
/* won't be freed; missing lasso_assertion_destroy */
my_ass = lasso_login_get_assertion(login);
rc = db_save_assertion(login->assertionArtifact, my_ass);
if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) {
rc = db_save_artifact(login->assertionArtifact,
user_id,
LASSO_PROFILE(login)->remote_providerID);
if (rc) {
lasso_login_destroy(login);
lasso_server_destroy(server);
@ -333,7 +332,7 @@ int main(int argc, char *argv[])
{
int rc;
if (argc > 1 && handle_args(argc, argv) ) {
if (argc > 1 && handle_args(argc, argv)) {
return 0;
}

61
src/soap_end_point.c
View File

@ -23,7 +23,7 @@
struct req {
lassoRequestType type;
LassoRequestType type;
char* (*request_function) (LassoServer*, char*);
};
@ -34,11 +34,11 @@ char* req_register_name_identifier(LassoServer *server, char *soap_msg);
char* req_name_identifier_mapping(LassoServer *server, char *soap_msg);
struct req requests[] = {
{lassoRequestTypeLogin, req_login},
{lassoRequestTypeLogout, req_logout},
{lassoRequestTypeDefederation, req_defederation},
{lassoRequestTypeRegisterNameIdentifier, req_register_name_identifier},
{lassoRequestTypeNameIdentifierMapping, req_name_identifier_mapping},
{LASSO_REQUEST_TYPE_LOGIN, req_login},
{LASSO_REQUEST_TYPE_LOGOUT, req_logout},
{LASSO_REQUEST_TYPE_DEFEDERATION, req_defederation},
{LASSO_REQUEST_TYPE_NAME_REGISTRATION, req_register_name_identifier},
{LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING, req_name_identifier_mapping},
/* {lassoRequestTypeLecp, req_lecp}, */
/* LECP requests go to single sign on service URL */
{0, NULL}
@ -50,8 +50,9 @@ struct req requests[] = {
char* req_login(LassoServer *server, char *soap_msg)
{
LassoLogin *login;
char *assertion_dump = NULL;
int rc;
char *user_id = NULL, *provider_id = NULL;
char *identity_dump, *session_dump, *answer;
login = lasso_login_new(server);
rc = lasso_login_process_request_msg(login, soap_msg);
@ -60,26 +61,33 @@ char* req_login(LassoServer *server, char *soap_msg)
return NULL;
}
rc = db_get_assertion(login->assertionArtifact, &assertion_dump);
rc = db_get_artifact(login->assertionArtifact, &user_id, &provider_id);
if (rc) {
fprintf(stderr, "db_get_assertion failed\n");
fprintf(stderr, "db_get_artifact failed\n");
} else {
rc = lasso_login_set_assertion_from_dump(login, assertion_dump);
rc = db_remove_artifact(login->assertionArtifact);
if (rc) {
fprintf(stderr, "set_assertion_from_dump failed\n");
}
rc = db_remove_assertion(login->assertionArtifact);
if (rc) {
fprintf(stderr, "db_remove_assertion failed\n");
fprintf(stderr, "db_remove_artifact failed\n");
}
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
rc = set_profile_from_dumps(LASSO_PROFILE(login),
identity_dump, session_dump);
free(identity_dump);
free(session_dump);
}
rc = lasso_login_build_response_msg(login);
assertion_dump = strdup(LASSO_PROFILE(login)->msg_body);
rc = lasso_login_build_response_msg(login, provider_id);
if (user_id)
free(user_id);
if (provider_id)
free(provider_id);
answer = strdup(LASSO_PROFILE(login)->msg_body);
lasso_login_destroy(login);
return assertion_dump;
return answer;
}
char* req_logout(LassoServer *server, char *soap_msg)
@ -90,10 +98,9 @@ char* req_logout(LassoServer *server, char *soap_msg)
char *answer = NULL;
char *soap_answer = NULL;
logout = lasso_logout_new(server, lassoProviderTypeIdp);
logout = lasso_logout_new(server);
rc = lasso_logout_process_request_msg(logout,
soap_msg, lassoHttpMethodSoap);
rc = lasso_logout_process_request_msg(logout, soap_msg);
if (rc) {
fprintf(stderr, "process_request_msg failed\n");
goto cleanup;
@ -131,7 +138,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
while (other_sp) {
fprintf(stderr, "Other SP: %s\n", other_sp);
rc = lasso_logout_init_request(logout, other_sp,
lassoHttpMethodAny);
LASSO_HTTP_METHOD_ANY);
if (rc) {
fprintf(stderr, "init_request failed\n");
goto cleanup;
@ -149,8 +156,7 @@ char* req_logout(LassoServer *server, char *soap_msg)
goto cleanup;
}
rc = lasso_logout_process_response_msg(logout,
soap_answer, lassoHttpMethodSoap);
rc = lasso_logout_process_response_msg(logout, soap_answer);
if (rc) {
free(soap_answer);
fprintf(stderr, "logout_process_response_msg failed\n");
@ -183,10 +189,9 @@ char* req_defederation(LassoServer *server, char *soap_msg)
LassoIdentity *identity;
int rc;
termination = lasso_defederation_new(server, lassoProviderTypeIdp);
termination = lasso_defederation_new(server);
rc = lasso_defederation_process_notification_msg(
termination, soap_msg, lassoHttpMethodSoap);
rc = lasso_defederation_process_notification_msg(termination, soap_msg);
if (rc) {
fprintf(stderr, "process_notifification_msg failed\n");
return NULL;
@ -233,7 +238,7 @@ int soap_end_point()
int clen = 0;
char *soap_msg, *soap_answer = NULL;
char *http_verb;
lassoRequestType req_type;
LassoRequestType req_type;
int i;
http_verb = getenv("REQUEST_METHOD");

18
src/utils.c
View File

@ -125,23 +125,23 @@ int set_profile_auto(LassoProfile *profile)
{
int rc;
char *user_id;
char *user_dump, *session_dump;
char *identity_dump, *session_dump;
rc = db_get_user_id(profile->nameIdentifier, &user_id);
rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
if (rc) {
fprintf(stderr, "db_get_user_id failed\n");
return 1;
}
rc = db_get_dumps(user_id, &user_dump, &session_dump);
rc = db_get_dumps(user_id, &identity_dump, &session_dump);
free(user_id);
if (rc) {
fprintf(stderr, "Error getting dumps from db\n");
return 1;
}
rc = set_profile_from_dumps(profile, user_dump, session_dump);
free(user_dump);
rc = set_profile_from_dumps(profile, identity_dump, session_dump);
free(identity_dump);
free(session_dump);
return rc;
}
@ -163,7 +163,7 @@ int save_profile_dumps(LassoProfile *profile)
char *user_id;
rc = db_get_user_id(profile->nameIdentifier, &user_id);
rc = db_get_user_id(profile->nameIdentifier->content, &user_id);
if (rc) {
fprintf(stderr, "db_get_user_id failed\n");
return 1;
@ -172,8 +172,9 @@ int save_profile_dumps(LassoProfile *profile)
if (lasso_profile_is_identity_dirty(profile)) {
LassoIdentity *identity;
identity = lasso_profile_get_identity(profile);
dump = identity ? lasso_identity_dump(identity) : "";
dump = identity ? lasso_identity_dump(identity) : strdup("");
rc = db_save_identity(user_id, dump);
free(dump);
lasso_identity_destroy(identity);
if (rc) {
free(user_id);
@ -184,8 +185,9 @@ int save_profile_dumps(LassoProfile *profile)
if (lasso_profile_is_session_dirty(profile)) {
LassoSession *session;
session = lasso_profile_get_session(profile);
dump = session ? lasso_session_dump(session) : "";
dump = session ? lasso_session_dump(session) : strdup("");
rc = db_save_session(user_id, dump);
free(dump);
lasso_session_destroy(session);
if (rc) {
free(user_id);