Merge branch 'hotfixes-2.3.4' into release
This commit is contained in:
commit
11434956dd
23
NEWS
23
NEWS
|
@ -1,6 +1,29 @@
|
|||
NEWS
|
||||
====
|
||||
|
||||
2.3.4 - Otober 8th 2010
|
||||
-----------------------
|
||||
|
||||
21 commits, 18 files changed, 312 insertions, 58 deletions
|
||||
|
||||
Generic
|
||||
* fix warning for compiling on Pardus and EL5
|
||||
* the release tarball now contains the figures for the documentation
|
||||
* lasso_login_process_authn_request documentation gained details on returned errors
|
||||
|
||||
SAMLv2:
|
||||
* report unknown provider instead of an error on parameter value when
|
||||
resolving and artifact in an assertionConsumer endpoint and the provider is
|
||||
not registered into the server object.
|
||||
* lasso_provider_get_assertion_consumer_url now use specific SAMLv2 methods
|
||||
* fixed a bug in the ordering of indexed endpoints which produced error when
|
||||
looking up the default assertion consumer. It also improved ordering in
|
||||
presence of the attribute isDefault="false". A non-regression test was
|
||||
added for this functionality.
|
||||
|
||||
ID-FFv1.2:
|
||||
* respect the signature verify hint when handling authn requests
|
||||
|
||||
2.3.3 - October 1st 2010
|
||||
------------------------
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ dnl - Second number is the number of supported API versions where API version >
|
|||
dnl first number.
|
||||
dnl - Third number is the current API version implementation version number.
|
||||
dnl See libtool explanations about current, age and release, later in this file.
|
||||
AC_INIT([lasso], 2.3.3, lasso-devel@lists.labs.libre-entreprise.org)
|
||||
AC_INIT([lasso], 2.3.4, lasso-devel@lists.labs.libre-entreprise.org)
|
||||
dnl Check if autoconf ver > 2.53
|
||||
AC_PREREQ(2.53)
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
|
@ -184,7 +184,7 @@ dnl - interfaces removed -> AGE = 0
|
|||
# m = a
|
||||
# r = r
|
||||
current=`expr $VERSION_MAJOR + $VERSION_MINOR`
|
||||
LASSO_VERSION_INFO="12:1:9"
|
||||
LASSO_VERSION_INFO="12:2:9"
|
||||
AC_SUBST(LASSO_VERSION_INFO)
|
||||
|
||||
dnl Compute the minimal supported ABI version for Win32 scripts and resources files.
|
||||
|
|
|
@ -49,4 +49,5 @@ slo-sp-soap-4.svg: slo-sp-soap.svg step.xsl
|
|||
slo-sp-soap-5.svg: slo-sp-soap.svg step.xsl
|
||||
slo-sp-soap-6.svg: slo-sp-soap.svg step.xsl
|
||||
|
||||
EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg
|
||||
EXTRA_DIST = step.xsl sso-brws-art.svg sso-brws-post.svg slo-sp-soap.svg \
|
||||
$(FIGURES_PNG_FILES) $(GENERATED_FIGURES_SVG_FILES)
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
</legalnotice>
|
||||
|
||||
<copyright>
|
||||
<year>2004, 2005, 2006, 2007, 2008, 2009</year>
|
||||
<year>2004, 2005, 2006, 2007, 2008, 2009, 2010</year>
|
||||
<holder>Entr'ouvert</holder>
|
||||
</copyright>
|
||||
|
||||
|
|
|
@ -61,6 +61,10 @@
|
|||
</SVNRepository>
|
||||
</repository>
|
||||
<release>
|
||||
<Version>
|
||||
<created>2010-10-13</created>
|
||||
<revision>2.3.4</revision>
|
||||
</Version>
|
||||
<Version>
|
||||
<created>2010-10-01</created>
|
||||
<revision>2.3.3</revision>
|
||||
|
|
|
@ -307,8 +307,6 @@ static void lasso_login_build_assertion_artifact(LassoLogin *login);
|
|||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* #LASSO_PROFILE_ERROR_MISSING_RESPONSE if no response object is present ( it is normally initialized
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* by lasso_login_process_authn_request_msg() )
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
|
@ -876,17 +874,11 @@ lasso_login_build_assertion_artifact(LassoLogin *login)
|
|||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no remote provider ID was setup in the login
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* profile object, it's usually done by lasso_login_process_authn_request_msg,
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* or LASSO_HTTP_METHOD_POST (ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* LASSO_HTTP_METHOD_ARTIFACT_POST (SAML 2.0 case) for SAML 2.0),
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
|
@ -897,8 +889,6 @@ lasso_login_build_assertion_artifact(LassoLogin *login)
|
|||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the remote provider is not known to our server object
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
* which impeach us to find a service endpoint,
|
||||
* </para></listitem>
|
||||
* <listitem><para>
|
||||
|
@ -1602,18 +1592,44 @@ lasso_login_init_authn_request(LassoLogin *login, const gchar *remote_providerID
|
|||
* binding. You must set the @response_http_method argument according to the way you received the
|
||||
* artifact message.
|
||||
*
|
||||
* Return value: 0 on success; or a
|
||||
* Return value: 0 on success; or
|
||||
* <itemizedlist>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is not a #LassoLogin object,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PARAM_ERROR_INVALID_VALUE if @response_msg is NULL,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PROFILE_ERROR_INVALID_HTTP_METHOD if the HTTP method is neither LASSO_HTTP_METHOD_REDIRECT
|
||||
* or LASSO_HTTP_METHOD_POST (in the ID-FF 1.2 case) or neither LASSO_HTTP_METHOD_ARTIFACT_GET or
|
||||
* LASSO_HTTP_METHOD_ARTIFACT_POST (in the SAML 2.0 case),
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PROFILE_ERROR_MISSING_ARTIFACT if no artifact field was found in the query string (only
|
||||
* possible for the LASSO_HTTP_METHOD_REDIRECT case),
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PROFILE_ERROR_INVALID_ARTIFACT if decoding of the artifact failed -- whether because
|
||||
* the base64 encoding is invalid or because the type code is wrong --,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID if no provider ID could be found corresponding to
|
||||
* the hash contained in the artifact.
|
||||
* </para>
|
||||
* </listitem>
|
||||
* </itemizedlist>
|
||||
*
|
||||
**/
|
||||
gint
|
||||
|
@ -1896,7 +1912,87 @@ lasso_login_must_authenticate(LassoLogin *login)
|
|||
* Processes received authentication request, checks it is signed correctly,
|
||||
* checks if requested protocol profile is supported, etc.
|
||||
*
|
||||
* Return value: 0 on success; or a negative value otherwise.
|
||||
* Return value: 0 on success; or
|
||||
* <itemizedlist>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* #LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if login is no a #LassoLogin object,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* #LASSO_PROFILE_ERROR_MISSING_REQUEST if @authn_request_msg is #NULL and no request as actually
|
||||
* been processed or initialized — see lasso_login_init_idp_initiated_authn_request(),
|
||||
*
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* #LASSO_PROFILE_ERROR_INVALID_MSG if the content of @authn_request_msg cannot be parsed to as a
|
||||
* valid lib:AuthnRequest messages for any support binding (mainly HTTP-Redirect, HTTP-Post and
|
||||
* SOAP),
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_PROFILE_ERROR_MISSING_ISSUER if the parsed samlp2:AuthnRequest does not have a proper Issuer element,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_PROFILE_ERROR_INVALID_REQUEST if the parsed message does not validate as a valid
|
||||
* samlp2:AuthnRequest (SAMLv2) i.e. if there is no Issuer, or mutually exclusive attributes are
|
||||
* used (ProtocolBinding and AssertionConsumerServiceIndex),
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE if the protocolProfile (ID-FFv1.2) or the
|
||||
* protocolBinding (SAMLv2) is unsupported by Lasso,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE if the protocolProfile (ID-FFv1.2) or the protocolBinding
|
||||
* (SAMLv2) for the AssertionConsumer is unsupported by this provider implementation as indicated by
|
||||
* its metadata file,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER, or
|
||||
* #LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the metadata for the issuer of the request are absent
|
||||
* from the #LassoServer object of this profile,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_DS_ERROR_SIGNATURE_NOT_FOUND if no signature could be found and signature validation is
|
||||
* forced — by the service provider metadata with the AuthnRequestsSigned attribute
|
||||
* (ID-FFv1.2&SAMLv2), the attribute WantAuthnRequestsSigned in the identity provider metadata file
|
||||
* (SAMLv2) or as advised by the lasso_profile_set_signature_verify_hint() method),
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
*
|
||||
* #LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED if the signature validation failed on a present
|
||||
* signature,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* <listitem>
|
||||
* <para>
|
||||
* #LASSO_DS_ERROR_INVALID_SIGNATURE if the signature was malformed and a signature was present,
|
||||
* </para>
|
||||
* </listitem>
|
||||
* </itemizedlist>
|
||||
*
|
||||
**/
|
||||
gint
|
||||
lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_request_msg)
|
||||
|
@ -1934,7 +2030,11 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque
|
|||
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
||||
}
|
||||
|
||||
lasso_assign_new_gobject(profile->request, LASSO_NODE(request));
|
||||
lasso_assign_new_gobject(profile->request, request);
|
||||
if (! LASSO_IS_LIB_AUTHN_REQUEST(profile->request)) {
|
||||
lasso_release_gobject(profile->request);
|
||||
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
||||
}
|
||||
|
||||
/* get remote ProviderID */
|
||||
lasso_assign_string(profile->remote_providerID,
|
||||
|
@ -1972,28 +2072,38 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque
|
|||
|
||||
/* Check authnRequest signature. */
|
||||
if (authn_request_msg != NULL) {
|
||||
LassoProfileSignatureVerifyHint sig_verify_hint;
|
||||
|
||||
sig_verify_hint = lasso_profile_get_signature_verify_hint(profile);
|
||||
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
|
||||
if (remote_provider != NULL) {
|
||||
/* Is authnRequest signed ? */
|
||||
authnRequestSigned = lasso_provider_get_metadata_one(
|
||||
remote_provider, "AuthnRequestsSigned");
|
||||
if (authnRequestSigned != NULL) {
|
||||
must_verify_signature = strcmp(authnRequestSigned, "true") == 0;
|
||||
lasso_release_string(authnRequestSigned);
|
||||
} else {
|
||||
/* missing element in metadata; shouldn't
|
||||
* happen, assume true */
|
||||
must_verify_signature = TRUE;
|
||||
}
|
||||
} else {
|
||||
if (remote_provider == NULL) {
|
||||
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
||||
}
|
||||
|
||||
/* verify request signature */
|
||||
/* Is authnRequest signed ? */
|
||||
must_verify_signature = TRUE;
|
||||
authnRequestSigned = lasso_provider_get_metadata_one(
|
||||
remote_provider, "AuthnRequestsSigned");
|
||||
if (authnRequestSigned != NULL) {
|
||||
must_verify_signature = strcmp(authnRequestSigned, "true") == 0;
|
||||
lasso_release_string(authnRequestSigned);
|
||||
}
|
||||
if (sig_verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE) {
|
||||
must_verify_signature = TRUE;
|
||||
}
|
||||
if (sig_verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) {
|
||||
must_verify_signature = FALSE;
|
||||
}
|
||||
/* reset the signature_status, and if signature validation was not really needed
|
||||
* just choke on the presence of an invalid signature, if no signature just goes on
|
||||
* */
|
||||
profile->signature_status = 0;
|
||||
if (must_verify_signature) {
|
||||
ret = lasso_provider_verify_signature(remote_provider,
|
||||
authn_request_msg, "RequestID", format);
|
||||
profile->signature_status = ret;
|
||||
if (profile == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE && ret !=
|
||||
LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
|
||||
profile->signature_status = ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -145,6 +145,20 @@ lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const
|
|||
char *name = NULL;
|
||||
char *assertion_consumer_service_url = NULL;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
||||
|
||||
if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
|
||||
long sid = -1;
|
||||
if (service_id != NULL) {
|
||||
if (lasso_string_to_xsd_integer(service_id, &sid)) {
|
||||
if (sid < 0) {
|
||||
sid = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
return lasso_saml20_provider_get_assertion_consumer_service_url(provider, sid);
|
||||
}
|
||||
|
||||
if (service_id == NULL)
|
||||
service_id = provider->private_data->default_assertion_consumer;
|
||||
name = g_strdup_printf("AssertionConsumerServiceURL %s", service_id);
|
||||
|
|
|
@ -49,7 +49,7 @@ struct EndpointType_s {
|
|||
char *url;
|
||||
char *return_url;
|
||||
int index;
|
||||
gboolean is_default;
|
||||
int is_default;
|
||||
};
|
||||
typedef struct EndpointType_s EndpointType;
|
||||
|
||||
|
|
|
@ -288,7 +288,7 @@ lasso_saml20_login_process_authn_request_msg(LassoLogin *login, const char *auth
|
|||
lasso_check_good_rc(lasso_saml20_profile_process_any_request(profile, request, authn_request_msg));
|
||||
}
|
||||
if (! LASSO_IS_SAMLP2_AUTHN_REQUEST(request)) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_MISSING_REQUEST);
|
||||
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
||||
}
|
||||
authn_request = LASSO_SAMLP2_AUTHN_REQUEST(request);
|
||||
/* intialize the response */
|
||||
|
|
|
@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
|
|||
{
|
||||
LassoProvider *remote_provider;
|
||||
int rc = 0;
|
||||
LassoProfileSignatureVerifyHint sig_verify_hint;
|
||||
|
||||
/* FIXME: parse only one time the message, reuse the parsed document for signature
|
||||
* validation */
|
||||
|
@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
|
|||
if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
||||
}
|
||||
lasso_assign_string(profile->private_data->artifact,
|
||||
LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
|
||||
|
||||
sig_verify_hint = lasso_profile_get_signature_verify_hint(profile);
|
||||
|
||||
lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT(
|
||||
profile->request)->Issuer->content);
|
||||
remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
|
||||
|
||||
profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
|
||||
LASSO_MESSAGE_FORMAT_SOAP);
|
||||
goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER);
|
||||
|
||||
if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) {
|
||||
profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID",
|
||||
LASSO_MESSAGE_FORMAT_SOAP);
|
||||
}
|
||||
|
||||
switch (lasso_profile_get_signature_verify_hint(profile)) {
|
||||
case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
|
||||
|
@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char
|
|||
break;
|
||||
}
|
||||
|
||||
lasso_assign_string(profile->private_data->artifact,
|
||||
LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact);
|
||||
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -1537,7 +1544,7 @@ lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *r
|
|||
} else {
|
||||
request->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
|
||||
}
|
||||
request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
|
||||
request->sign_method = profile->server->signature_method;
|
||||
lasso_assign_string(request->private_key_file,
|
||||
profile->server->private_key);
|
||||
lasso_assign_string(request->certificate_file,
|
||||
|
@ -1555,7 +1562,7 @@ lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *r
|
|||
} else {
|
||||
response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
|
||||
}
|
||||
response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
|
||||
response->sign_method = profile->server->signature_method;
|
||||
lasso_assign_string(response->private_key_file,
|
||||
profile->server->private_key);
|
||||
lasso_assign_string(response->certificate_file,
|
||||
|
|
|
@ -24,6 +24,8 @@
|
|||
|
||||
#define _POSIX_SOURCE
|
||||
|
||||
#include <errno.h>
|
||||
|
||||
#include "../xml/private.h"
|
||||
#include <xmlsec/base64.h>
|
||||
#include <xmlsec/xmltree.h>
|
||||
|
@ -145,7 +147,7 @@ load_endpoint_type2(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole
|
|||
xmlChar *isDefault = getSaml2MdProp(xmlnode, LASSO_SAML2_METADATA_ATTRIBUTE_ISDEFAULT);
|
||||
gboolean indexed_endpoint = FALSE;
|
||||
int idx = *counter++;
|
||||
gboolean is_default = FALSE;
|
||||
int is_default = 0;
|
||||
EndpointType *endpoint_type;
|
||||
|
||||
if (! binding || ! location) {
|
||||
|
@ -158,7 +160,18 @@ load_endpoint_type2(xmlNode *xmlnode, LassoProvider *provider, LassoProviderRole
|
|||
warning("Invalid AssertionConsumerService, no index set");
|
||||
goto cleanup;
|
||||
}
|
||||
is_default = xsdIsTrue(isDefault);
|
||||
/* isDefault is 0 if invalid or not present
|
||||
* -1 if true (comes first)
|
||||
* +1 if false (comes last)
|
||||
*/
|
||||
if (isDefault) {
|
||||
if (xsdIsTrue(isDefault)) {
|
||||
is_default = -1;
|
||||
}
|
||||
if (xsdIsFalse(isDefault)) {
|
||||
is_default = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
endpoint_type = g_new0(EndpointType, 1);
|
||||
endpoint_type->kind = g_strdup((char*)xmlnode->name);
|
||||
|
@ -182,6 +195,13 @@ static gint
|
|||
compare_endpoint_type(const EndpointType *a, const EndpointType *b) {
|
||||
int c;
|
||||
|
||||
/* order the sequence of endpoints:
|
||||
* - first by role,
|
||||
* - then by profile,
|
||||
* - then by isDefault attribute (truth first, then absent, then false)
|
||||
* - then by index
|
||||
* - then by binding
|
||||
*/
|
||||
if (a->role < b->role)
|
||||
return -1;
|
||||
if (a->role > b->role)
|
||||
|
@ -189,12 +209,9 @@ compare_endpoint_type(const EndpointType *a, const EndpointType *b) {
|
|||
c = g_strcmp0(a->kind,b->kind);
|
||||
if (c != 0)
|
||||
return c;
|
||||
c = g_strcmp0(a->binding,b->binding);
|
||||
if (c != 0)
|
||||
return c;
|
||||
if (a->is_default && ! b->is_default)
|
||||
if (a->is_default < b->is_default)
|
||||
return -1;
|
||||
if (! a->is_default && b->is_default)
|
||||
if (a->is_default > b->is_default)
|
||||
return +1;
|
||||
if (a->index < b->index)
|
||||
return -1;
|
||||
|
@ -675,7 +692,7 @@ lasso_saml20_provider_get_assertion_consumer_service_url_by_binding(LassoProvide
|
|||
lasso_strisequal(endpoint_type->kind,kind) &&
|
||||
lasso_strisequal(endpoint_type->binding,binding))
|
||||
{
|
||||
return endpoint_type->url;
|
||||
return g_strdup(endpoint_type->url);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
|
|
|
@ -31,9 +31,12 @@
|
|||
*
|
||||
*/
|
||||
|
||||
#define _GNU_SOURCE /* for use of strndup */
|
||||
|
||||
#include "private.h"
|
||||
#include <ctype.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <xmlsec/base64.h>
|
||||
#include <xmlsec/xmltree.h>
|
||||
|
|
|
@ -47,7 +47,7 @@ go http://localhost:10002
|
|||
fv 1 is_passive true
|
||||
submit
|
||||
url http://localhost:10002
|
||||
find 'Unknown authentication failure'
|
||||
find 'Authentication failure'
|
||||
''')
|
||||
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
#include <../lasso/xml/lib_authentication_statement.h>
|
||||
#include <../lasso/xml/saml_name_identifier.h>
|
||||
#include <../lasso/xml/samlp_response.h>
|
||||
#include <../lasso/id-ff/provider.h>
|
||||
#include "../lasso/utils.h"
|
||||
|
||||
|
||||
|
@ -81,11 +82,67 @@ Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"\n\
|
|||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(indexed_endpoints_20101008)
|
||||
{
|
||||
LassoProvider *provider = NULL;
|
||||
char *meta01 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
|
||||
<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"1\" />\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"0\" />\n\
|
||||
</SPSSODescriptor>\n\
|
||||
</md:EntityDescriptor>\n";
|
||||
char *meta02 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
|
||||
<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"wrong\" index=\"0\" isDefault=\"false\" />\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"ok\" index=\"1\" />\n\
|
||||
</SPSSODescriptor>\n\
|
||||
</md:EntityDescriptor>\n";
|
||||
char *meta03 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
|
||||
<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"0\" isDefault=\"false\" />\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"1\" />\n\
|
||||
</SPSSODescriptor>\n\
|
||||
</md:EntityDescriptor>\n";
|
||||
char *meta04 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
|
||||
<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"0\" />\n\
|
||||
<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"1\" isDefault=\"true\" />\n\
|
||||
</SPSSODescriptor>\n\
|
||||
</md:EntityDescriptor>\n";
|
||||
|
||||
provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta01, NULL, NULL);
|
||||
check_not_null(provider);
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "ok");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "wrong");
|
||||
lasso_release_gobject(provider);
|
||||
provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta02, NULL, NULL);
|
||||
check_not_null(provider);
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
|
||||
lasso_release_gobject(provider);
|
||||
provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta03, NULL, NULL);
|
||||
check_not_null(provider);
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
|
||||
lasso_release_gobject(provider);
|
||||
provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta04, NULL, NULL);
|
||||
check_not_null(provider);
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
|
||||
check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
|
||||
lasso_release_gobject(provider);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
struct {
|
||||
char *name;
|
||||
void *function;
|
||||
} tests[] = {
|
||||
{ "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010}
|
||||
{ "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010},
|
||||
{ "Wrong assertionConsumer ordering on 08-10-2010", indexed_endpoints_20101008}
|
||||
};
|
||||
|
||||
Suite*
|
||||
|
|
|
@ -61,6 +61,10 @@
|
|||
</SVNRepository>
|
||||
</repository>
|
||||
<release>
|
||||
<Version>
|
||||
<created>2010-10-13</created>
|
||||
<revision>2.3.4</revision>
|
||||
</Version>
|
||||
<Version>
|
||||
<created>2010-10-01</created>
|
||||
<revision>2.3.3</revision>
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
<p>
|
||||
Lasso is licensed under the GNU GPL and the latest release
|
||||
is available here as a gzipped tarball:
|
||||
<a href="https://dev.entrouvert.org/attachments/download/15/lasso-2.3.2.tar.gz">lasso-2.3.2.tar.gz</a>
|
||||
<a href="https://dev.entrouvert.org/lasso/lasso-2.3.4.tar.gz">lasso-2.3.4.tar.gz</a>
|
||||
</p>
|
||||
|
||||
<h2>Binary Downloads</h2>
|
||||
|
|
|
@ -46,10 +46,9 @@
|
|||
</p>
|
||||
|
||||
<p>
|
||||
The most recent version of Lasso is <strong>2.3.3</strong>. You can
|
||||
<a
|
||||
href="https://dev.entrouvert.org/attachments/download/15/lasso-2.3.2.tar.gz">download
|
||||
the 2.3.2 tarball here</a> or get more options on the general <a
|
||||
The most recent version of Lasso is <strong>2.3.4</strong>. You can
|
||||
<a href="https://dev.entrouvert.org/lasso/lasso-2.3.4.tar.gz">download
|
||||
the 2.3.4 tarball here</a> or get more options on the general <a
|
||||
href="/download/">download</a> page.
|
||||
</p>
|
||||
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
<?xml version="1.0"?>
|
||||
<div xmlns="http://www.w3.org/1999/xhtml">
|
||||
<h3>2010-10-13: Released 2.3.4</h3>
|
||||
|
||||
<p>
|
||||
Lasso 2.3.4 have been released.
|
||||
<a href="/download/">Download 2.3.4 now</a>
|
||||
</p>
|
||||
|
||||
<p class="changes">
|
||||
<strong>What changed ?</strong>
|
||||
Fix bug on ordering of assertionConsumer endpoints, and problem of
|
||||
compilation on Pardus and EL5 distributions.
|
||||
</p>
|
||||
|
||||
</div>
|
Loading…
Reference in New Issue