← Back to branch summary

~ubuntu-branches/ubuntu/hardy/lasso/hardy

« back to all changes in this revision

Viewing changes to lasso/id-ff/logout.c

  • Committer: Bazaar Package Importer
  • Author(s): Michael Bienia
  • Date: 2007-07-31 21:35:26 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070731213526-oc6jw5mprcd5tjyy
Tags: 2.0.0-1ubuntu1
* Merge from debian unstable. Remaining changes:
  + debian/control:
    - Modify Maintainer value to match DebianMaintainerField spec.
* debian/rules:
  + Add CC=gcc-4.2 to the configure call else configure won't find jni.h
    from libgcj8-dev.
* configure{,.ac}:
  + Add missing quotes around the value for PHP[45]_LIBS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lasso/id-ff/logout.c
1
 
/* $Id: logout.c,v 1.206 2006/01/23 14:05:59 fpeters Exp $
 
1
/* $Id: logout.c,v 1.221 2007/01/08 13:13:49 fpeters Exp $
2
2
 *
3
3
 * Lasso - A free implementation of the Liberty Alliance specifications.
4
4
 *
75
75
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
76
76
 
77
77
        profile = LASSO_PROFILE(logout);
 
78
        lasso_profile_clean_msg_info(profile);
78
79
 
79
80
        if (profile->remote_providerID == NULL) {
80
81
                /* this means lasso_logout_init_request was not called before */
120
121
                        return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
121
122
                }
122
123
                /* build the msg_url */
123
 
                profile->msg_url = g_strdup_printf("%s?%s", url, query);
 
124
                profile->msg_url = lasso_concat_url_query(url, query);
124
125
                g_free(url);
125
126
                g_free(query);
126
127
                profile->msg_body = NULL;
167
168
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
168
169
 
169
170
        profile = LASSO_PROFILE(logout);
 
171
        lasso_profile_clean_msg_info(profile);
170
172
 
171
173
        IF_SAML2(profile) {
172
174
                return lasso_saml20_logout_build_response_msg(logout);
231
233
                        g_free(url);
232
234
                        return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
233
235
                }
234
 
                profile->msg_url = g_strdup_printf("%s?%s", url, query);
 
236
                profile->msg_url = lasso_concat_url_query(url, query);
235
237
                profile->msg_body = NULL;
236
238
                g_free(url);
237
239
                g_free(query);
294
296
 * @request_method: if set, then it get the protocol profile in metadata
295
297
 *     corresponding of this HTTP request method.
296
298
 *
297
 
 * Initializes a new lib:LogoutRequest.
 
299
 * Initializes a new SLO request.
298
300
 * 
299
301
 * Return value: 0 on success; or a negative value otherwise.
300
302
 **/
307
309
        LassoSamlNameIdentifier *nameIdentifier;
308
310
        LassoNode *assertion_n, *name_identifier_n;
309
311
        LassoSamlAssertion *assertion;
 
312
        LassoSamlSubjectStatementAbstract *subject_statement;
310
313
        LassoFederation   *federation = NULL;
311
314
        gboolean           is_http_redirect_get_method = FALSE;
312
315
        LassoSession *session;
347
350
        /* get assertion */
348
351
        assertion_n = lasso_session_get_assertion(session, profile->remote_providerID);
349
352
        if (LASSO_IS_SAML_ASSERTION(assertion_n) == FALSE) {
350
 
                message(G_LOG_LEVEL_CRITICAL, "Assertion not found");
351
 
                return LASSO_ERROR_UNDEFINED;
 
353
                return critical_error(LASSO_PROFILE_ERROR_MISSING_ASSERTION);
352
354
        }
353
355
        
354
356
        assertion = LASSO_SAML_ASSERTION(assertion_n);
361
363
                        session_index = g_strdup(as->SessionIndex);
362
364
        }
363
365
 
364
 
 
365
366
        /* if format is one time, then get name identifier from assertion,
366
367
           else get name identifier from federation */
367
 
        nameIdentifier = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(
368
 
                        assertion->AuthenticationStatement)->Subject->NameIdentifier;
369
 
        if (strcmp(nameIdentifier->Format, LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0) {
 
368
        subject_statement = NULL;
 
369
        nameIdentifier = NULL;
 
370
        if (LASSO_IS_SAML_SUBJECT_STATEMENT_ABSTRACT(assertion->AuthenticationStatement)) {
 
371
                subject_statement = LASSO_SAML_SUBJECT_STATEMENT_ABSTRACT(
 
372
                                assertion->AuthenticationStatement);
 
373
                if (subject_statement && subject_statement->Subject) {
 
374
                        nameIdentifier = subject_statement->Subject->NameIdentifier;
 
375
                }
 
376
        }
 
377
 
 
378
 
 
379
        if (nameIdentifier && strcmp(nameIdentifier->Format,
 
380
                                LASSO_LIB_NAME_IDENTIFIER_FORMAT_ONE_TIME) != 0) {
370
381
                if (LASSO_IS_IDENTITY(profile->identity) == FALSE) {
371
382
                        return critical_error(LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND);
372
383
                }
476
487
 * @logout: a #LassoLogout
477
488
 * @request_msg: the logout request message
478
489
 * 
479
 
 * Processes a lib:LogoutRequest message.  Rebuilds a request object from the
 
490
 * Processes a SLO LogoutRequest message.  Rebuilds a request object from the
480
491
 * message and optionally verifies its signature.
481
492
 *
482
493
 * Return value: 0 on success; or a negative value otherwise.
488
499
        LassoProvider *remote_provider;
489
500
        LassoMessageFormat format;
490
501
 
491
 
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
492
 
        g_return_val_if_fail(request_msg != NULL, -1);
 
502
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
 
503
        g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
493
504
 
494
505
        profile = LASSO_PROFILE(logout);
495
506
 
503
514
                return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
504
515
        }
505
516
 
 
517
        if (profile->remote_providerID) {
 
518
                g_free(profile->remote_providerID);
 
519
        }
 
520
 
 
521
        profile->remote_providerID = g_strdup(
 
522
                        LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID);
 
523
 
506
524
        remote_provider = g_hash_table_lookup(profile->server->providers,
507
 
                        LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID);
 
525
                        profile->remote_providerID);
508
526
        if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
509
527
                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
510
528
        }
558
576
        int rc;
559
577
 
560
578
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
561
 
        g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
 
579
        g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
562
580
 
563
581
        profile = LASSO_PROFILE(logout);
564
582
 
565
583
        IF_SAML2(profile) {
566
 
                return lasso_saml20_process_response_msg(logout, response_msg);
 
584
                return lasso_saml20_logout_process_response_msg(logout, response_msg);
567
585
        }
568
586
 
569
587
        /* before verify if profile->response is set */
613
631
 
614
632
        if (response->Status == NULL || response->Status->StatusCode == NULL
615
633
                        || response->Status->StatusCode->Value == NULL) {
616
 
                message(G_LOG_LEVEL_CRITICAL, "No Status in LogoutResponse !");
617
 
                return LASSO_ERROR_UNDEFINED;
 
634
                return critical_error(LASSO_PROFILE_ERROR_MISSING_STATUS_CODE);
618
635
        }
619
636
        statusCodeValue = response->Status->StatusCode->Value;
620
637
 
644
661
                                g_free(url);
645
662
                                return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED);
646
663
                        }
647
 
                        profile->msg_url = g_strdup_printf("%s?%s", url, query);
 
664
                        profile->msg_url = lasso_concat_url_query(url, query);
648
665
                        g_free(url);
649
666
                        g_free(query);
650
667
                        profile->msg_body = NULL;
657
674
                }
658
675
                if (strcmp(statusCodeValue, LASSO_SAML_STATUS_CODE_REQUEST_DENIED) == 0) {
659
676
                        /* assertion no longer on idp so removing it locally too */
 
677
                        message(G_LOG_LEVEL_WARNING, "SP answer is request denied");
660
678
                        lasso_session_remove_assertion(
661
679
                                        profile->session, profile->remote_providerID);
662
680
                        return LASSO_LOGOUT_ERROR_REQUEST_DENIED;
663
681
                }
 
682
                if (strcmp(statusCodeValue,
 
683
                                        LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST) == 0) {
 
684
                        /* how could this happen ?  probably error in SP */
 
685
                        /* let's remove the assertion nevertheless */
 
686
                        message(G_LOG_LEVEL_WARNING, "SP answer is federation does not exist");
 
687
                        lasso_session_remove_assertion(
 
688
                                        profile->session, profile->remote_providerID);
 
689
                        return LASSO_LOGOUT_ERROR_FEDERATION_NOT_FOUND;
 
690
                }
664
691
                message(G_LOG_LEVEL_CRITICAL, "Status code is not success : %s", statusCodeValue);
665
 
                return LASSO_ERROR_UNDEFINED;
 
692
                return LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS;
666
693
        }
667
694
 
668
695
        /* LogoutResponse status code value is ok */
727
754
 **/
728
755
gint lasso_logout_reset_providerID_index(LassoLogout *logout)
729
756
{
730
 
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
 
757
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
731
758
        lasso_session_init_provider_ids(LASSO_PROFILE(logout)->session);
732
759
        logout->providerID_index = 0;
733
760
        return 0;
782
809
        if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == FALSE)
783
810
                return LASSO_PROFILE_ERROR_MISSING_REQUEST;
784
811
 
 
812
        if (profile->remote_providerID) {
 
813
                g_free(profile->remote_providerID);
 
814
        }
 
815
 
785
816
        profile->remote_providerID = g_strdup(
786
817
                        LASSO_LIB_LOGOUT_REQUEST(profile->request)->ProviderID);
787
818
 
837
868
 
838
869
        /* verify authentication */
839
870
        assertion_n = lasso_session_get_assertion(profile->session, profile->remote_providerID);
840
 
        if (assertion_n == NULL) {
 
871
        if (LASSO_IS_SAML_ASSERTION(assertion_n) == FALSE) {
841
872
                message(G_LOG_LEVEL_WARNING, "%s has no assertion", profile->remote_providerID);
842
873
                lasso_profile_set_response_status(profile, LASSO_SAML_STATUS_CODE_REQUEST_DENIED);
843
 
                return LASSO_ERROR_UNDEFINED;
 
874
                return LASSO_PROFILE_ERROR_MISSING_ASSERTION;
844
875
        }
845
876
 
846
877
        assertion = LASSO_SAML_ASSERTION(assertion_n);
866
897
                                        profile->remote_providerID);
867
898
                        lasso_profile_set_response_status(profile,
868
899
                                        LASSO_LIB_STATUS_CODE_FEDERATION_DOES_NOT_EXIST);
869
 
                        return LASSO_ERROR_UNDEFINED;
 
900
                        return LASSO_LOGOUT_ERROR_FEDERATION_NOT_FOUND;
870
901
                }
871
902
        }
872
903
 
920
951
                G_STRUCT_OFFSET(LassoLogout, initial_response) },
921
952
        { "InitialRemoteProviderID", SNIPPET_CONTENT,
922
953
                G_STRUCT_OFFSET(LassoLogout, initial_remote_providerID) },
 
954
        { "InitialHttpRequestMethod", SNIPPET_CONTENT | SNIPPET_INTEGER,
 
955
                G_STRUCT_OFFSET(LassoLogout, initial_http_request_method) },
923
956
        /* "ProviderIdIndex" must not be dumped (since apps assume to get
924
957
         * it back to 0 after a restore from dump) (maybe this behaviour should
925
958
         * be fixed)
940
973
                return; /* original service provider (initiated logout) */
941
974
 
942
975
        assertion_n = lasso_session_get_assertion(profile->session, provider->ProviderID);
943
 
        if (assertion_n == NULL)
 
976
        if (LASSO_IS_SAML_ASSERTION(assertion_n) == FALSE) {
944
977
                return; /* not authenticated with this provider */
 
978
        }
945
979
        assertion = LASSO_SAML_ASSERTION(assertion_n);
946
980
 
947
981
        supported_profiles = lasso_provider_get_metadata_list(provider,
1094
1128
        LassoLogout *logout;
1095
1129
        xmlDoc *doc;
1096
1130
 
 
1131
        if (dump == NULL)
 
1132
                return NULL;
 
1133
 
1097
1134
        logout = lasso_logout_new(g_object_ref(server));
1098
1135
        doc = xmlParseMemory(dump, strlen(dump));
1099
1136
        init_from_xml(LASSO_NODE(logout), xmlDocGetRootElement(doc)); 
 
1137
        xmlFreeDoc(doc);
1100
1138
 
1101
1139
        return logout;
1102
1140
}