← Back to branch summary

~ubuntu-branches/ubuntu/hardy/lasso/hardy

« back to all changes in this revision

Viewing changes to lasso/id-ff/logout.c

  • Committer: Bazaar Package Importer
  • Author(s): Loic Pefferkorn
  • Date: 2005-11-25 19:20:59 UTC
  • mfrom: (1.1.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20051125192059-m4894lhpynmkrmwr
Tags: 0.6.3-4ubuntu1
Resynchronise with Debian.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lasso/id-ff/logout.c
1
 
/* $Id: logout.c,v 1.192 2005/05/12 16:26:49 fpeters Exp $
 
1
/* $Id: logout.c,v 1.200 2005/08/24 15:19:31 fpeters Exp $
2
2
 *
3
3
 * Lasso - A free implementation of the Liberty Alliance specifications.
4
4
 *
160
160
 
161
161
        profile = LASSO_PROFILE(logout);
162
162
 
163
 
        /* get the provider */
164
 
        provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
165
 
        if (provider == NULL) {
 
163
        if (profile->response == NULL) {
 
164
                if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
 
165
                        profile->response = lasso_lib_logout_response_new_full(
 
166
                                        LASSO_PROVIDER(profile->server)->ProviderID,
 
167
                                        LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
 
168
                                        LASSO_LIB_LOGOUT_REQUEST(profile->request),
 
169
                                        profile->server->certificate ? 
 
170
                                        LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
 
171
                                        LASSO_SIGNATURE_METHOD_RSA_SHA1);
 
172
                }
 
173
                if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
 
174
                        profile->response = lasso_lib_logout_response_new_full(
 
175
                                        LASSO_PROVIDER(profile->server)->ProviderID,
 
176
                                        LASSO_SAML_STATUS_CODE_REQUEST_DENIED,
 
177
                                        LASSO_LIB_LOGOUT_REQUEST(profile->request),
 
178
                                        LASSO_SIGNATURE_TYPE_NONE,
 
179
                                        0);
 
180
                }
 
181
        }
 
182
 
 
183
        if (profile->remote_providerID == NULL || profile->response == NULL) {
 
184
                /* no remote provider id set or no response set, this means
 
185
                 * this function got called before validate_request, probably
 
186
                 * because there were no active session */
166
187
                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
167
188
        }
168
189
 
176
197
        }
177
198
 
178
199
        if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
 
200
                /* get the provider */
 
201
                provider = g_hash_table_lookup(profile->server->providers,
 
202
                                profile->remote_providerID);
 
203
                if (provider == NULL) {
 
204
                        return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
 
205
                }
 
206
 
179
207
                url = lasso_provider_get_metadata_one(provider, "SingleLogoutServiceReturnURL");
180
208
                if (url == NULL) {
181
209
                        return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
338
366
                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
339
367
        }
340
368
 
341
 
        /* before setting profile->request, verify if it is already set */
342
 
        if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == TRUE) {
343
 
                lasso_node_destroy(LASSO_NODE(profile->request));
344
 
                profile->request = NULL;
345
 
        }
346
 
 
347
 
        /* build a new request object from single logout protocol profile */
348
 
 
349
369
        /* get / verify http method */
350
370
        if (http_method == LASSO_HTTP_METHOD_ANY) {
351
371
                http_method = lasso_provider_get_first_http_method(
352
372
                                LASSO_PROVIDER(profile->server),
353
373
                                remote_provider,
354
374
                                LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT);
 
375
                /* XXX: check it found a valid http method */
355
376
        } else {
356
377
                if (lasso_provider_accept_http_method(LASSO_PROVIDER(profile->server),
357
378
                                        remote_provider,
358
379
                                        LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT,
359
380
                                        http_method,
360
381
                                        TRUE) == FALSE) {
 
382
                        if (http_method == LASSO_HTTP_METHOD_REDIRECT) {
 
383
                                /* it was probably used as last resort, and
 
384
                                 * failed, since the remote provider doesn't
 
385
                                 * support any logout.  remove assertion
 
386
                                 * unconditionnaly. */
 
387
                                lasso_session_remove_assertion(profile->session,
 
388
                                                profile->remote_providerID);
 
389
                                if (logout->initial_remote_providerID && logout->initial_request) {
 
390
                                        g_free(profile->remote_providerID);
 
391
                                        profile->remote_providerID = g_strdup(
 
392
                                                        logout->initial_remote_providerID);
 
393
                                        profile->response = lasso_lib_logout_response_new_full(
 
394
                                                LASSO_PROVIDER(profile->server)->ProviderID,
 
395
                                                LASSO_SAML_STATUS_CODE_SUCCESS,
 
396
                                                LASSO_LIB_LOGOUT_REQUEST(logout->initial_request),
 
397
                                                LASSO_SIGNATURE_TYPE_NONE,
 
398
                                                0);
 
399
                                }
 
400
                        }
361
401
                        return LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE;
362
402
                }
363
403
        }
364
404
 
 
405
        /* before setting profile->request, verify it is not already set */
 
406
        if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == TRUE) {
 
407
                lasso_node_destroy(LASSO_NODE(profile->request));
 
408
                profile->request = NULL;
 
409
        }
 
410
 
365
411
        /* build a new request object from http method */
366
412
        if (http_method == LASSO_HTTP_METHOD_SOAP) {
367
413
                profile->request = lasso_lib_logout_request_new_full(
644
690
gint lasso_logout_reset_providerID_index(LassoLogout *logout)
645
691
{
646
692
        g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1);
 
693
        lasso_session_init_provider_ids(LASSO_PROFILE(logout)->session);
647
694
        logout->providerID_index = 0;
648
695
        return 0;
649
696
}
795
842
                }
796
843
        }
797
844
 
798
 
        /* authentication is ok, federation is ok, propagation support is ok, remove federation */
 
845
        /* authentication is ok, federation is ok, propagation support is ok, remove assertion */
799
846
        lasso_session_remove_assertion(profile->session, profile->remote_providerID);
800
847
 
801
848
        /* if at IDP and nb sp logged > 1, then backup remote provider id,
868
915
        xmlNode *xmlnode;
869
916
 
870
917
        xmlnode = parent_class->get_xmlNode(node, lasso_dump);
871
 
        xmlNodeSetName(xmlnode, "Logout");
872
 
        xmlSetProp(xmlnode, "LogoutDumpVersion", "2");
 
918
        xmlNodeSetName(xmlnode, (xmlChar*)"Logout");
 
919
        xmlSetProp(xmlnode, (xmlChar*)"LogoutDumpVersion", (xmlChar*)"2");
873
920
 
874
921
        return xmlnode;
875
922
}