← Back to branch summary

~ubuntu-branches/ubuntu/hardy/lasso/hardy

« back to all changes in this revision

Viewing changes to lasso/saml-2.0/profile.c

  • Committer: Bazaar Package Importer
  • Author(s): Michael Bienia
  • Date: 2007-07-31 21:35:26 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070731213526-oc6jw5mprcd5tjyy
Tags: 2.0.0-1ubuntu1
* Merge from debian unstable. Remaining changes:
  + debian/control:
    - Modify Maintainer value to match DebianMaintainerField spec.
* debian/rules:
  + Add CC=gcc-4.2 to the configure call else configure won't find jni.h
    from libgcj8-dev.
* configure{,.ac}:
  + Add missing quotes around the value for PHP[45]_LIBS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lasso/saml-2.0/profile.c
1
 
/* $Id: profile.c,v 1.2 2005/11/21 18:51:52 fpeters Exp $
 
1
/* $Id: profile.c,v 1.16 2007/01/03 20:58:38 fpeters Exp $
2
2
 *
3
3
 * Lasso - A free implementation of the Liberty Alliance specifications.
4
4
 *
26
26
 
27
27
#include <lasso/saml-2.0/providerprivate.h>
28
28
#include <lasso/saml-2.0/profileprivate.h>
 
29
#include <lasso/saml-2.0/profile.h>
29
30
 
30
31
#include <lasso/id-ff/providerprivate.h>
31
32
#include <lasso/id-ff/profile.h>
38
39
#include <lasso/xml/saml-2.0/samlp2_name_id_mapping_response.h>
39
40
#include <lasso/xml/saml-2.0/samlp2_status_response.h>
40
41
#include <lasso/xml/saml-2.0/samlp2_response.h>
41
 
 
 
42
#include <lasso/xml/saml-2.0/saml2_assertion.h>
42
43
 
43
44
static char* lasso_saml20_profile_build_artifact(LassoProvider *provider);
44
45
 
72
73
static char*
73
74
lasso_saml20_profile_build_artifact(LassoProvider *provider)
74
75
{
75
 
        xmlSecByte samlArt[42], *b64_samlArt;
 
76
        xmlSecByte samlArt[44], *b64_samlArt;
76
77
        char *source_succinct_id;
77
78
        char *ret;
78
79
 
80
81
 
81
82
        /* Artifact Format is described in saml-bindings-2.0-os, 3.6.4.2. */
82
83
        memcpy(samlArt, "\000\004", 2); /* type code */
83
 
        memcpy(samlArt+2, source_succinct_id, 20);
84
 
        lasso_build_random_sequence((char*)samlArt+22, 20);
 
84
        memcpy(samlArt+2, "\000\000", 2); /* XXX: Endpoint index */
 
85
        memcpy(samlArt+4, source_succinct_id, 20);
 
86
        lasso_build_random_sequence((char*)samlArt+24, 20);
85
87
 
86
88
        xmlFree(source_succinct_id);
87
 
        b64_samlArt = xmlSecBase64Encode(samlArt, 42, 0);
 
89
        b64_samlArt = xmlSecBase64Encode(samlArt, 44, 0);
88
90
 
89
91
        ret = g_strdup((char*)b64_samlArt);
90
92
        xmlFree(b64_samlArt);
102
104
        status->StatusCode->Value = g_strdup(status_code_value);
103
105
 
104
106
        if (strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_SUCCESS) != 0 &&
105
 
                        strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_VERSION_MISMATCH) != 0) {
 
107
                        strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_VERSION_MISMATCH) != 0 &&
 
108
                        strcmp(status_code_value, LASSO_SAML2_STATUS_CODE_REQUESTER) != 0) {
106
109
                status->StatusCode->Value = g_strdup(LASSO_SAML2_STATUS_CODE_RESPONDER);
107
110
                status->StatusCode->StatusCode = LASSO_SAMLP2_STATUS_CODE(
108
111
                                lasso_samlp2_status_code_new());
133
136
        char **query_fields;
134
137
        char *artifact_b64 = NULL, *provider_succinct_id_b64;
135
138
        char provider_succinct_id[21];
136
 
        char artifact[43];
 
139
        char artifact[45];
137
140
        LassoSamlp2RequestAbstract *request;
138
141
        int i;
139
142
 
140
143
        if (method == LASSO_HTTP_METHOD_ARTIFACT_GET) {
141
144
                query_fields = urlencoded_to_strings(msg);
142
145
                for (i=0; query_fields[i]; i++) {
143
 
                        if (strncmp(query_fields[i], "SAMLArt=", 8) != 0) {
 
146
                        if (strncmp(query_fields[i], "SAMLart=", 8) != 0) {
144
147
                                xmlFree(query_fields[i]);
145
148
                                continue;
146
149
                        }
148
151
                        xmlFree(query_fields[i]);
149
152
                }
150
153
                g_free(query_fields);
 
154
                if (artifact_b64 == NULL) {
 
155
                        return LASSO_PROFILE_ERROR_MISSING_ARTIFACT;
 
156
                }
151
157
        } else {
152
158
                artifact_b64 = g_strdup(msg);
153
159
        }
154
160
 
155
 
        i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 43);
156
 
        if (i < 0 || i > 42) {
 
161
        i = xmlSecBase64Decode((xmlChar*)artifact_b64, (xmlChar*)artifact, 45);
 
162
        if (i < 0 || i > 44) {
157
163
                g_free(artifact_b64);
158
 
                return LASSO_ERROR_UNDEFINED;
 
164
                return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
159
165
        }
160
166
 
161
167
        if (artifact[0] != 0 || artifact[1] != 4) { /* wrong type code */
162
168
                g_free(artifact_b64);
163
 
                return LASSO_ERROR_UNDEFINED;
 
169
                return LASSO_PROFILE_ERROR_INVALID_ARTIFACT;
164
170
        }
165
171
 
166
 
        memcpy(provider_succinct_id, artifact+2, 20);
 
172
        /* XXX: index endpoint */
 
173
 
 
174
        memcpy(provider_succinct_id, artifact+4, 20);
167
175
        provider_succinct_id[20] = 0;
168
176
 
169
177
        provider_succinct_id_b64 = (char*)xmlSecBase64Encode((xmlChar*)provider_succinct_id, 20, 0);
232
240
lasso_saml20_profile_build_artifact_response(LassoProfile *profile)
233
241
{
234
242
        LassoSamlp2StatusResponse *response;
235
 
        LassoNode *resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
236
 
        if (resp == NULL)
237
 
                return LASSO_ERROR_UNDEFINED;
 
243
        LassoNode *resp = NULL;
 
244
 
238
245
 
239
246
        response = LASSO_SAMLP2_STATUS_RESPONSE(lasso_samlp2_artifact_response_new());
240
 
        LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any = resp;
 
247
        if (profile->private_data->artifact_message) {
 
248
                resp = lasso_node_new_from_dump(profile->private_data->artifact_message);
 
249
                LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any = resp;
 
250
        }
241
251
        response->ID = lasso_build_unique_id(32);
242
252
        response->Version = g_strdup("2.0");
243
253
        response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
252
262
        }
253
263
        response->private_key_file = g_strdup(profile->server->private_key);
254
264
        response->certificate_file = g_strdup(profile->server->certificate);
 
265
 
 
266
        profile->response = LASSO_NODE(response);
255
267
        
256
 
        profile->response = LASSO_NODE(response);
257
 
        lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
258
 
 
 
268
        if (resp == NULL) {
 
269
                lasso_saml20_profile_set_response_status(profile,
 
270
                                LASSO_SAML2_STATUS_CODE_REQUESTER);
 
271
        } else {
 
272
                lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS);
 
273
        }
259
274
        profile->msg_body = lasso_node_export_to_soap(profile->response);
260
275
        return 0;
261
276
}
267
282
 
268
283
        response = lasso_node_new_from_soap(msg);
269
284
        /* XXX: check status code */
270
 
 
271
285
        profile->response = g_object_ref(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any);
272
286
        lasso_node_destroy(response);
273
287
 
274
288
        return 0;
275
289
}
276
290
 
277
 
 
 
291
/**
 
292
 * lasso_saml20_profile_is_saml_query:
 
293
 * @query: HTTP query string
 
294
 *
 
295
 * Tests the query string to know if the URL is called as the result of a
 
296
 * SAML redirect (action initiated elsewhere) or not.
 
297
 *
 
298
 * Return value: TRUE if SAML query, FALSE otherwise
 
299
 **/
 
300
gboolean
 
301
lasso_profile_is_saml_query(const gchar *query)
 
302
{
 
303
        gchar *parameters[] = {
 
304
                "SAMLRequest=", "SAMLResponse=", "SAMLart=", NULL };
 
305
        gint i;
 
306
 
 
307
        for (i=0; parameters[i]; i++) {
 
308
                if (strstr(query, parameters[i]))
 
309
                        return TRUE;
 
310
        }
 
311
 
 
312
        return FALSE;
 
313
}
 
314
 
 
315
 
 
316
static void
 
317
lasso_saml20_profile_set_session_from_dump_decrypt(
 
318
                gpointer key, LassoSaml2Assertion *assertion, gpointer data)
 
319
{
 
320
        if (LASSO_IS_SAML2_ASSERTION(assertion) == FALSE) {
 
321
                return;
 
322
        }
 
323
 
 
324
        if (assertion->Subject != NULL && assertion->Subject->EncryptedID != NULL) {
 
325
                assertion->Subject->NameID = LASSO_SAML2_NAME_ID(
 
326
                                assertion->Subject->EncryptedID->original_data);
 
327
                assertion->Subject->EncryptedID = NULL;
 
328
        }
 
329
}
 
330
 
 
331
gint
 
332
lasso_saml20_profile_set_session_from_dump(LassoProfile *profile)
 
333
{
 
334
        if (profile->session != NULL && profile->session->assertions != NULL) {
 
335
                g_hash_table_foreach(profile->session->assertions,
 
336
                                (GHFunc)lasso_saml20_profile_set_session_from_dump_decrypt,
 
337
                                NULL);
 
338
        }
 
339
 
 
340
        return 0;
 
341
}