1 /* $Id$
2 *
3 * Lasso - A free implementation of the Liberty Alliance specifications.
4 *
5 * Copyright (C) 2004-2007 Entr'ouvert
6 * http://lasso.entrouvert.org
7 *
8 * Authors: See AUTHORS file in top-level directory.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 */
23
24 /**
25 * SECTION:session
26 * @short_description: Principal Session
27 *
28 **/
29
30 #include "../xml/private.h"
31 #include "../lasso_config.h"
32 #include "session.h"
33 #include "sessionprivate.h"
34 #include "../xml/lib_authentication_statement.h"
35 #include "../xml/saml_assertion.h"
36 #include "../xml/saml-2.0/saml2_authn_statement.h"
37 #include "../xml/saml-2.0/saml2_assertion.h"
38 #include "../utils.h"
39 #include "../debug.h"
40
41 #include <libxml/parser.h>
42 #include <libxml/tree.h>
43 #include <xmlsec/xmltree.h>
44 #include <xmlsec/base64.h>
45
46 #ifdef LASSO_WSF_ENABLED
47 #include "../id-wsf-2.0/sessionprivate.h"
48 #endif
49
50 static gboolean lasso_match_name_id(LassoNode *a, LassoNode *b);
51
52 struct _NidAndSessionIndex {
53 LassoNode *name_id;
54 char *assertion_id;
55 char *session_index;
56 };
57
58 struct _NidAndSessionIndex *
lasso_new_nid_and_session_index(LassoNode * name_id,const char * assertion_id,const char * session_index)59 lasso_new_nid_and_session_index(LassoNode *name_id, const char *assertion_id, const char
60 *session_index)
61 {
62 struct _NidAndSessionIndex *nid_and_session_index = g_new0(struct _NidAndSessionIndex, 1);
63 lasso_assign_gobject(nid_and_session_index->name_id, name_id);
64 lasso_assign_string(nid_and_session_index->assertion_id, assertion_id);
65 lasso_assign_string(nid_and_session_index->session_index, session_index);
66
67 return nid_and_session_index;
68 }
69
70 void
lasso_release_nid_and_session_index(struct _NidAndSessionIndex * nid_and_session_index)71 lasso_release_nid_and_session_index(struct _NidAndSessionIndex *nid_and_session_index)
72 {
73 lasso_release_gobject(nid_and_session_index->name_id);
74 lasso_release_string(nid_and_session_index->session_index);
75 lasso_release_string(nid_and_session_index->assertion_id);
76 lasso_release(nid_and_session_index);
77 }
78
79 void
lasso_release_list_of_nid_an_session_index(GList * list)80 lasso_release_list_of_nid_an_session_index(GList *list)
81 {
82 g_list_foreach(list, (GFunc)lasso_release_nid_and_session_index, NULL);
83 g_list_free(list);
84 }
85
86 /*****************************************************************************/
87 /* public methods */
88 /*****************************************************************************/
89
90 static void
lasso_session_add_nid_and_session_index(LassoSession * session,const char * providerID,struct _NidAndSessionIndex * nid_and_session_index)91 lasso_session_add_nid_and_session_index(LassoSession *session,
92 const char *providerID,
93 struct _NidAndSessionIndex *nid_and_session_index)
94 {
95 GList *l = g_hash_table_lookup(session->private_data->nid_and_session_indexes, providerID);
96 GList *i;
97
98 lasso_foreach(i, l) {
99 struct _NidAndSessionIndex *other_nid_and_sid = i->data;
100
101 /* do some sharing and limit doublons */
102 if (lasso_match_name_id(other_nid_and_sid->name_id, nid_and_session_index->name_id)) {
103 if (lasso_strisequal(other_nid_and_sid->session_index, nid_and_session_index->session_index)) {
104 lasso_release_nid_and_session_index(nid_and_session_index);
105 return;
106 }
107 // lasso_assign_gobject(nid_and_session_index->name_id, other_nid_and_sid->name_id);
108 }
109 }
110 if (l) {
111 l = g_list_append(l, nid_and_session_index);
112 } else {
113 l = g_list_append(l, nid_and_session_index);
114 g_hash_table_insert(session->private_data->nid_and_session_indexes,
115 g_strdup(providerID), l);
116 }
117 }
118
119 /**
120 * lasso_session_add_assertion_nid_and_session_index:
121 *
122 * Extract NameID and SessionIndex and keep them around.
123 *
124 */
125 static gint
lasso_session_add_assertion_nid_and_session_index(LassoSession * session,const gchar * providerID,LassoNode * assertion)126 lasso_session_add_assertion_nid_and_session_index(LassoSession *session, const gchar *providerID,
127 LassoNode *assertion)
128 {
129 struct _NidAndSessionIndex *nid_and_session_index = NULL;
130
131 lasso_bad_param(SESSION, session);
132 lasso_null_param(assertion);
133
134 if (LASSO_IS_SAML_ASSERTION(assertion)) { /* saml 1.1 */
135 LassoSamlAssertion *saml_assertion = (LassoSamlAssertion*) assertion;
136 LassoLibAuthenticationStatement *auth_statement = NULL;
137 LassoSamlSubjectStatementAbstract *ss = NULL;
138
139 if (saml_assertion->SubjectStatement)
140 ss = &saml_assertion->SubjectStatement->parent;
141 else if (saml_assertion->AuthenticationStatement)
142 ss = &saml_assertion->AuthenticationStatement->parent;
143 else
144 return LASSO_PARAM_ERROR_INVALID_VALUE;
145 if (! ss->Subject)
146 return LASSO_PARAM_ERROR_INVALID_VALUE;
147 if (! ss->Subject->NameIdentifier)
148 return LASSO_PARAM_ERROR_INVALID_VALUE;
149 if (! LASSO_IS_LIB_AUTHENTICATION_STATEMENT(saml_assertion->AuthenticationStatement))
150 return LASSO_ERROR_UNIMPLEMENTED;
151 auth_statement = (LassoLibAuthenticationStatement*)
152 saml_assertion->AuthenticationStatement;
153 if (! auth_statement->SessionIndex)
154 return 0;
155 nid_and_session_index = lasso_new_nid_and_session_index(
156 (LassoNode*)ss->Subject->NameIdentifier,
157 saml_assertion->AssertionID,
158 auth_statement->SessionIndex);
159 lasso_session_add_nid_and_session_index(session,
160 providerID, nid_and_session_index);
161 } else if (LASSO_IS_SAML2_ASSERTION(assertion)) { /* saml 2.0 */
162 LassoSaml2Assertion *saml2_assertion = (LassoSaml2Assertion*) assertion;
163 GList *iter;
164
165 if (! saml2_assertion->Subject)
166 return LASSO_PARAM_ERROR_INVALID_VALUE;
167 if (! saml2_assertion->Subject->NameID)
168 return LASSO_PARAM_ERROR_INVALID_VALUE;
169 if (! saml2_assertion->AuthnStatement)
170 return 0;
171 lasso_foreach(iter, saml2_assertion->AuthnStatement) {
172 LassoSaml2AuthnStatement *authn_statement = iter->data;
173
174 if (authn_statement->SessionIndex) {
175 nid_and_session_index = lasso_new_nid_and_session_index(
176 (LassoNode*)saml2_assertion->Subject->NameID,
177 saml2_assertion->ID,
178 authn_statement->SessionIndex);
179 lasso_session_add_nid_and_session_index(session,
180 providerID,
181 nid_and_session_index);
182 }
183 }
184 } else {
185 return LASSO_ERROR_UNIMPLEMENTED;
186 }
187 return 0;
188 }
189
190 static gint
lasso_session_add_assertion_simple(LassoSession * session,const char * providerID,LassoNode * assertion)191 lasso_session_add_assertion_simple(LassoSession *session, const char *providerID, LassoNode
192 *assertion)
193 {
194 g_return_val_if_fail(LASSO_IS_SESSION(session), LASSO_PARAM_ERROR_INVALID_VALUE);
195 g_return_val_if_fail(providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
196 g_return_val_if_fail(assertion != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
197
198 if (lasso_flag_thin_sessions) { /* do not store the full assertion */
199 return 0;
200 }
201 g_hash_table_insert(session->assertions, g_strdup(providerID),
202 g_object_ref(assertion));
203
204 return 0;
205 }
206
207 static gboolean
lasso_match_name_id(LassoNode * a,LassoNode * b)208 lasso_match_name_id(LassoNode *a, LassoNode *b)
209 {
210 if (LASSO_IS_SAML_NAME_IDENTIFIER(a) && LASSO_IS_SAML_NAME_IDENTIFIER(b)) {
211 return lasso_saml_name_identifier_equals((LassoSamlNameIdentifier*)a,
212 (LassoSamlNameIdentifier*)b);
213
214 } else if (LASSO_IS_SAML2_NAME_ID(a) && LASSO_IS_SAML2_NAME_ID(b)) {
215 return lasso_saml2_name_id_equals((LassoSaml2NameID*)a,
216 (LassoSaml2NameID*)b);
217 }
218 return FALSE;
219 }
220
221 /**
222 * lasso_session_get_session_indexes:
223 * @session: a #LassoSession object
224 * @providerID: a provider id
225 * @name_id: a #LassoSamlAssertion or #LassoSaml2Assertion object
226 *
227 * Gets all the registered session indexes for this session.
228 *
229 * Return value:(transfer full)(element-type utf8): a list of string containing the session index identifiers.
230 */
231 GList*
lasso_session_get_session_indexes(LassoSession * session,const gchar * providerID,LassoNode * node)232 lasso_session_get_session_indexes(LassoSession *session,
233 const gchar *providerID,
234 LassoNode *node)
235 {
236 GList *l = NULL, *iter = NULL;
237 GList *ret = NULL;
238
239 if (! LASSO_IS_SESSION(session))
240 return NULL;
241 if (! providerID)
242 return NULL;
243 l = g_hash_table_lookup(session->private_data->nid_and_session_indexes,
244 providerID);
245
246 lasso_foreach(iter, l) {
247 struct _NidAndSessionIndex *nid_and_session_index = iter->data;
248
249 if (! nid_and_session_index->session_index)
250 continue;
251
252 if (node && ! lasso_match_name_id(node, nid_and_session_index->name_id)) {
253 continue;
254 }
255 lasso_list_add_string(ret, nid_and_session_index->session_index);
256 }
257 return ret;
258 }
259
260 /**
261 * lasso_session_get_name_ids:
262 * @session: a #LassoSession object
263 * @providerID: a provider identifier
264 *
265 * List the known NameID coming from this provider during this session.
266 *
267 * Return value:(transfer full)(element-type LassoNode): a list of #LassoNode objects.
268 */
269 GList*
lasso_session_get_name_ids(LassoSession * session,const gchar * providerID)270 lasso_session_get_name_ids(LassoSession *session, const gchar *providerID)
271 {
272 GList *nid_and_session_indexes = NULL;
273 GList *ret = NULL;
274 GList *i, *j;
275
276 if (! LASSO_IS_SESSION(session))
277 return NULL;
278
279 if (! providerID)
280 return NULL;
281
282 nid_and_session_indexes = g_hash_table_lookup(session->private_data->nid_and_session_indexes,
283 providerID);
284
285 lasso_foreach(i, nid_and_session_indexes) {
286 struct _NidAndSessionIndex *nid_and_session_index = i->data;
287 int ok = 1;
288
289 lasso_foreach(j, ret) {
290 if (lasso_match_name_id(j->data, nid_and_session_index->name_id)) {
291 ok = 0;
292 break;
293 }
294 }
295 if (ok) {
296 lasso_list_add_gobject(ret, nid_and_session_index->name_id);
297 }
298 }
299 return ret;
300 }
301
302 /**
303 * lasso_session_get_assertion_ids:
304 * @session: a #LassoSession object
305 * @providerID: a provider identifier
306 *
307 * List the ids of assertions received during the current session.
308 *
309 * Return value:(transfer full)(element-type utf8): a list of strings
310 */
311 GList*
lasso_session_get_assertion_ids(LassoSession * session,const gchar * providerID)312 lasso_session_get_assertion_ids(LassoSession *session, const gchar *providerID)
313 {
314 GList *nid_and_session_indexes = NULL;
315 GList *ret = NULL;
316 GList *i;
317
318 if (! LASSO_IS_SESSION(session))
319 return NULL;
320
321 if (! providerID)
322 return NULL;
323
324 nid_and_session_indexes = g_hash_table_lookup(session->private_data->nid_and_session_indexes,
325 providerID);
326
327 lasso_foreach(i, nid_and_session_indexes) {
328 struct _NidAndSessionIndex *nid_and_session_index = i->data;
329 lasso_list_add_string(ret, nid_and_session_index->assertion_id);
330 }
331 return ret;
332 }
333
334 /**
335 * lasso_session_add_assertion:
336 * @session: a #LassoSession
337 * @providerID: the provider ID
338 * @assertion: the assertion
339 *
340 * Adds @assertion to the principal session. This function also
341 * add the assertion to the index by assertionID.
342 *
343 * Return value: 0 on success; or a negative value otherwise.
344 **/
345 gint
lasso_session_add_assertion(LassoSession * session,const char * providerID,LassoNode * assertion)346 lasso_session_add_assertion(LassoSession *session, const char *providerID, LassoNode *assertion)
347 {
348 gint ret = 0;
349
350 ret = lasso_session_add_assertion_simple(session, providerID, assertion);
351 if (ret != 0) {
352 return ret;
353 }
354 ret = lasso_session_add_assertion_nid_and_session_index(session, providerID, assertion);
355 if (ret != 0) {
356 return ret;
357 }
358 /* ID-WSF specific need */
359 if (LASSO_IS_SAML_ASSERTION(assertion)) {
360 LassoSamlAssertion *saml_assertion = LASSO_SAML_ASSERTION(assertion);
361 if (saml_assertion->Advice) {
362 LassoSamlAdvice *advice = saml_assertion->Advice;
363 LassoSamlAssertion *advice_assertion = (LassoSamlAssertion*)advice->Assertion;
364 if (LASSO_IS_SAML_ASSERTION(advice_assertion)) {
365 xmlNode *node = lasso_node_get_original_xmlnode(&advice_assertion->parent);
366 if (xmlSecCheckNodeName(node, (xmlChar*)"Assertion", (xmlChar*)LASSO_SAML_ASSERTION_HREF)) {
367 xmlChar *id = xmlGetProp(node, (xmlChar*)"AssertionID");
368 ret = lasso_session_add_assertion_with_id(session, (char*)id, node);
369 xmlFree(id);
370 }
371 }
372 }
373 }
374
375 session->is_dirty = TRUE;
376
377 return ret;
378 }
379
380 /**
381 * lasso_session_add_assertion_with_id:
382 * @session: a #LassoSession
383 * @assertionID: the provider ID
384 * @assertion: the assertion
385 *
386 * Adds an assertion to the dictionnary of assertion indexed by their id,
387 * do not store a reference by the Issuer like #lasso_session_add_assertion.
388 *
389 * Returns: 0 if the assertion was added to the dictionnary.
390 */
391 gint
lasso_session_add_assertion_with_id(LassoSession * session,const char * assertionID,xmlNode * assertion)392 lasso_session_add_assertion_with_id(LassoSession *session, const char *assertionID,
393 xmlNode *assertion)
394 {
395 g_return_val_if_fail(LASSO_IS_SESSION(session), LASSO_PARAM_ERROR_INVALID_VALUE);
396 g_return_val_if_fail(assertionID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
397 g_return_val_if_fail(assertion != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
398
399 g_hash_table_insert(session->private_data->assertions_by_id,
400 g_strdup(assertionID),
401 xmlCopyNode(assertion, 1));
402
403 session->is_dirty = TRUE;
404
405 return 0;
406 }
407
408 /**
409 * lasso_session_add_status:
410 * @session: a #LassoSession
411 * @providerID: the provider ID
412 * @status: the status
413 *
414 * Adds @status to the principal session.
415 *
416 * Return value: 0 on success; or a negative value otherwise.
417 **/
418 gint
lasso_session_add_status(LassoSession * session,const char * providerID,LassoNode * status)419 lasso_session_add_status(LassoSession *session, const char *providerID, LassoNode *status)
420 {
421 g_return_val_if_fail(LASSO_IS_SESSION(session), LASSO_PARAM_ERROR_INVALID_VALUE);
422 g_return_val_if_fail(providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
423 g_return_val_if_fail(status != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
424
425 g_hash_table_insert(session->private_data->status, g_strdup(providerID), status);
426
427 session->is_dirty = TRUE;
428
429 return 0;
430 }
431
432
433 /**
434 * lasso_session_get_assertion
435 * @session: a #LassoSession
436 * @providerID: the provider ID
437 *
438 * Gets the assertion for the given @providerID.
439 *
440 * Return value:(transfer none)(allow-none): the assertion or NULL if it didn't exist. This
441 * #LassoSamlAssertion is internally allocated and must not be freed by
442 * the caller.
443 **/
444 LassoNode*
lasso_session_get_assertion(LassoSession * session,const gchar * providerID)445 lasso_session_get_assertion(LassoSession *session, const gchar *providerID)
446 {
447 g_return_val_if_fail(LASSO_IS_SESSION(session), NULL);
448
449 return g_hash_table_lookup(session->assertions, providerID);
450 }
451
452 /**
453 * lasso_session_get_assertion_by_id:
454 * @session: a #LassoSession
455 * @assertionID: the assertionID of the requested assertion
456 *
457 * Gets the assertion for the given @assertionID.
458 *
459 * Return value:(transfer none)(allow-none): the assertion or NULL if it didn't exist. This
460 * #LassoSamlAssertion is internally allocated and must not be freed by
461 * the caller.
462 */
463 xmlNode*
lasso_session_get_assertion_by_id(LassoSession * session,const gchar * assertionID)464 lasso_session_get_assertion_by_id(LassoSession *session, const gchar *assertionID)
465 {
466 g_return_val_if_fail(LASSO_IS_SESSION(session), NULL);
467
468 return g_hash_table_lookup(session->private_data->assertions_by_id, assertionID);
469 }
470
471 static void
add_assertion_to_list(G_GNUC_UNUSED gchar * key,LassoLibAssertion * value,GList ** list)472 add_assertion_to_list(G_GNUC_UNUSED gchar *key, LassoLibAssertion *value, GList **list)
473 {
474 *list = g_list_append(*list, value);
475 }
476
477 /**
478 * lasso_session_get_assertions
479 * @session: a #LassoSession
480 * @provider_id: the provider ID
481 *
482 * Gets the assertions for the given @provider_id.
483 *
484 * Return value:(allow-none)(transfer container) (element-type LassoNode): a list of #LassoSamlAssertion.
485 **/
486 GList*
lasso_session_get_assertions(LassoSession * session,const char * provider_id)487 lasso_session_get_assertions(LassoSession *session, const char *provider_id)
488 {
489 GList *r = NULL;
490 LassoSamlAssertion *assertion;
491
492 if (session == NULL) {
493 return NULL;
494 }
495
496 if (provider_id == NULL) {
497 g_hash_table_foreach(session->assertions, (GHFunc)add_assertion_to_list, &r);
498 } else {
499 assertion = g_hash_table_lookup(session->assertions, provider_id);
500 if (assertion)
501 r = g_list_append(r, assertion);
502 }
503 return r;
504 }
505
506
507 /**
508 * lasso_session_get_status
509 * @session: a #LassoSession
510 * @providerID: the provider ID
511 *
512 * Gets the status for the given @providerID.
513 *
514 * Return value:(transfer none)(allow-none): the status or NULL if it didn't exist. This #LassoSamlpStatus
515 * is internally allocated and must not be freed by the caller.
516 **/
517 LassoNode*
lasso_session_get_status(LassoSession * session,const gchar * providerID)518 lasso_session_get_status(LassoSession *session, const gchar *providerID)
519 {
520 if (session == NULL) {
521 return NULL;
522 }
523 return g_hash_table_lookup(session->private_data->status, providerID);
524 }
525
526 static void
add_providerID(gchar * key,G_GNUC_UNUSED struct _NidAndSessionIndex * ignored,LassoSession * session)527 add_providerID(gchar *key, G_GNUC_UNUSED struct _NidAndSessionIndex *ignored, LassoSession *session)
528 {
529 lasso_list_add_string(session->private_data->providerIDs, key);
530 }
531
532 /**
533 * lasso_session_get_provider_index:
534 * @session: a #LassoSession
535 * @index: index of requested provider
536 *
537 * Looks up and returns the nth provider id.
538 *
539 * Return value:(transfer full)(allow-none): the provider id; or NULL if there were no nth provider. This
540 * string must be freed by the caller.
541 **/
542 gchar*
lasso_session_get_provider_index(LassoSession * session,gint index)543 lasso_session_get_provider_index(LassoSession *session, gint index)
544 {
545 GList *element;
546 int length;
547
548 g_return_val_if_fail(LASSO_IS_SESSION(session), NULL);
549 g_return_val_if_fail(session->private_data, NULL);
550
551 length = g_hash_table_size(session->private_data->nid_and_session_indexes);
552
553 if (length == 0)
554 return NULL;
555
556 if (session->private_data->providerIDs == NULL) {
557 lasso_session_init_provider_ids(session);
558 }
559
560 element = g_list_nth(session->private_data->providerIDs, index);
561 if (element == NULL)
562 return NULL;
563
564 return g_strdup(element->data);
565 }
566
567
568 /**
569 * lasso_session_init_provider_ids:
570 * @session: a #LassoSession
571 *
572 * Initializes internal assertions providers list, used to iterate in logout
573 * process.
574 **/
575 void
lasso_session_init_provider_ids(LassoSession * session)576 lasso_session_init_provider_ids(LassoSession *session)
577 {
578 g_return_if_fail(LASSO_IS_SESSION(session));
579 g_return_if_fail(session->private_data);
580
581 lasso_release_list_of_strings(session->private_data->providerIDs);
582 g_hash_table_foreach(session->private_data->nid_and_session_indexes, (GHFunc)add_providerID,
583 session);
584 }
585
586
587 /**
588 * lasso_session_is_empty:
589 * @session: a #LassoSession
590 *
591 * Returns %TRUE if session is empty.
592 *
593 * Return value: %TRUE if empty
594 **/
595 gboolean
lasso_session_is_empty(LassoSession * session)596 lasso_session_is_empty(LassoSession *session)
597 {
598 if (session == NULL) {
599 return TRUE;
600 }
601
602 if (g_hash_table_size(session->assertions) +
603 g_hash_table_size(session->private_data->status) +
604 g_hash_table_size(session->private_data->assertions_by_id) +
605 g_hash_table_size(session->private_data->nid_and_session_indexes))
606 {
607 return FALSE;
608 }
609 #ifdef LASSO_WSF_ENABLED
610 if (g_hash_table_size(session->eprs)) {
611 return FALSE;
612 }
613 #endif
614
615 return TRUE;
616 }
617
618 /**
619 * lasso_session_count_assertions:
620 * @session: a #LassoSession object
621 *
622 * Return the number of assertion currently recored in the session.
623 *
624 * Return value: a positive value or -1 if session is an invalid #LassoSession object.
625 */
626 gint
lasso_session_count_assertions(LassoSession * session)627 lasso_session_count_assertions(LassoSession *session)
628 {
629 GHashTable *hashtable;
630
631 if (! LASSO_IS_SESSION(session))
632 return -1;
633 if (lasso_flag_thin_sessions)
634 hashtable = session->private_data->nid_and_session_indexes;
635 else
636 hashtable = session->assertions;
637
638 return hashtable ? g_hash_table_size(hashtable) : 0;
639 }
640
641 gboolean
lasso_session_is_dirty(LassoSession * session)642 lasso_session_is_dirty(LassoSession *session)
643 {
644 lasso_return_val_if_invalid_param(SESSION, session, TRUE);
645
646 return session->is_dirty;
647 }
648
649 /**
650 * lasso_session_remove_assertion:
651 * @session: a #LassoSession
652 * @providerID: the provider ID
653 *
654 * Removes assertion for @providerID from @session.
655 *
656 * Return value: 0 on success; or a negative value otherwise.
657 **/
658 gint
lasso_session_remove_assertion(LassoSession * session,const gchar * providerID)659 lasso_session_remove_assertion(LassoSession *session, const gchar *providerID)
660 {
661 int rc = 0;
662 gboolean ok1, ok2;
663
664 lasso_bad_param(SESSION, session);
665 lasso_return_val_if_fail(! lasso_strisempty(providerID), LASSO_PARAM_ERROR_INVALID_VALUE);
666
667 ok1 = g_hash_table_remove(session->assertions, providerID);
668 ok2 = g_hash_table_remove(session->private_data->nid_and_session_indexes, providerID);
669
670 if (ok1 || ok2) {
671 session->is_dirty = TRUE;
672 } else {
673 rc = LASSO_PROFILE_ERROR_MISSING_ASSERTION;
674 }
675 return rc;
676 }
677
678 /**
679 * lasso_session_remove_status:
680 * @session: a #LassoSession
681 * @providerID: the provider ID
682 *
683 * Removes status for @providerID from @session.
684 *
685 * Return value: 0 on success; or a negative value otherwise.
686 **/
687 gint
lasso_session_remove_status(LassoSession * session,const gchar * providerID)688 lasso_session_remove_status(LassoSession *session, const gchar *providerID)
689 {
690 g_return_val_if_fail(session != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
691 g_return_val_if_fail(providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
692
693 if (g_hash_table_remove(session->private_data->status, providerID)) {
694 session->is_dirty = TRUE;
695 return 0;
696 }
697
698 return LASSO_PROFILE_ERROR_MISSING_STATUS_CODE;
699 }
700
701
702 /*****************************************************************************/
703 /* private methods */
704 /*****************************************************************************/
705
706 static LassoNodeClass *parent_class = NULL;
707
708 typedef struct _DumpContext {
709 xmlNode *parent;
710 } DumpContext;
711
712 static void
add_assertion_childnode(gchar * key,LassoLibAssertion * value,DumpContext * context)713 add_assertion_childnode(gchar *key, LassoLibAssertion *value, DumpContext *context)
714 {
715 xmlNode *t;
716 xmlNode *xmlnode;
717
718 xmlnode = context->parent;
719 t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Assertion", NULL);
720 xmlSetProp(t, (xmlChar*)"RemoteProviderID", (xmlChar*)key);
721 xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
722 }
723
724 xmlChar *
xmlNode_to_base64(xmlNode * node)725 xmlNode_to_base64(xmlNode *node) {
726 gchar *buffer = NULL;
727 xmlChar *ret = NULL;
728
729 buffer = lasso_xmlnode_to_string(node, 0, 0);
730 ret = xmlSecBase64Encode(BAD_CAST buffer, strlen((char*)buffer), 0);
731 lasso_release_string(buffer);
732 return ret;
733 }
734
735 static void
add_assertion_by_id(gchar * key,xmlNode * value,DumpContext * context)736 add_assertion_by_id(gchar *key, xmlNode *value, DumpContext *context)
737 {
738 xmlNode *t, *xmlnode;
739 xmlChar *content;
740
741 xmlnode = context->parent;
742 t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Assertion", NULL);
743 xmlSetProp(t, (xmlChar*)"ID", (xmlChar*)key);
744 content = xmlNode_to_base64(value);
745 if (content) {
746 // xmlAddChild(t, xmlCopyNode(value, 1));
747 xmlNodeSetContent(t, content);
748 xmlFree(content);
749 }
750 }
751
752 static void
add_status_childnode(gchar * key,LassoSamlpStatus * value,DumpContext * context)753 add_status_childnode(gchar *key, LassoSamlpStatus *value, DumpContext *context)
754 {
755 xmlNode *t;
756 xmlNode *xmlnode;
757
758 xmlnode = context->parent;
759 t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Status", NULL);
760 xmlSetProp(t, (xmlChar*)"RemoteProviderID", (xmlChar*)key);
761 xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
762 }
763
764 #define NID_AND_SESSION_INDEX "NidAndSessionIndex"
765 #define SESSION_INDEX "SessionIndex"
766 #define PROVIDER_ID "ProviderID"
767 #define ASSERTION_ID "AssertionID"
768
769 static void
xmlnode_add_assertion_nid_and_session_indexes(gchar * key,GList * nid_and_session_indexes,DumpContext * context)770 xmlnode_add_assertion_nid_and_session_indexes(gchar *key, GList *nid_and_session_indexes, DumpContext *context)
771 {
772 GList *iter;
773
774 if (! nid_and_session_indexes) {
775 return;
776 }
777 lasso_foreach(iter, nid_and_session_indexes) {
778 struct _NidAndSessionIndex *nid_and_session_index = iter->data;
779 xmlNode *node = xmlSecAddChild(context->parent, BAD_CAST NID_AND_SESSION_INDEX,
780 BAD_CAST LASSO_LASSO_HREF);
781
782 xmlSetProp(node, BAD_CAST PROVIDER_ID, BAD_CAST key);
783 xmlSetProp(node, BAD_CAST ASSERTION_ID, BAD_CAST nid_and_session_index->assertion_id);
784 if (nid_and_session_index->session_index) {
785 xmlSetProp(node, BAD_CAST SESSION_INDEX,
786 BAD_CAST nid_and_session_index->session_index);
787 }
788 xmlSecAddChildNode(node, lasso_node_get_xmlNode(nid_and_session_index->name_id,
789 FALSE));
790 }
791 }
792
793 static xmlNode*
get_xmlNode(LassoNode * node,G_GNUC_UNUSED gboolean lasso_dump)794 get_xmlNode(LassoNode *node, G_GNUC_UNUSED gboolean lasso_dump)
795 {
796 xmlNode *xmlnode;
797 LassoSession *session = LASSO_SESSION(node);
798 DumpContext context;
799
800 xmlnode = xmlNewNode(NULL, (xmlChar*)"Session");
801 context.parent = xmlnode;
802
803 xmlSetNs(xmlnode, xmlNewNs(xmlnode, (xmlChar*)LASSO_LASSO_HREF, NULL));
804 xmlSetProp(xmlnode, (xmlChar*)"Version", (xmlChar*)"2");
805
806 if (g_hash_table_size(session->assertions))
807 g_hash_table_foreach(session->assertions,
808 (GHFunc)add_assertion_childnode, &context);
809 if (g_hash_table_size(session->private_data->status))
810 g_hash_table_foreach(session->private_data->status,
811 (GHFunc)add_status_childnode, &context);
812 if (g_hash_table_size(session->private_data->assertions_by_id)) {
813 g_hash_table_foreach(session->private_data->assertions_by_id,
814 (GHFunc)add_assertion_by_id, &context);
815 }
816 if (g_hash_table_size(session->private_data->nid_and_session_indexes)) {
817 g_hash_table_foreach(session->private_data->nid_and_session_indexes,
818 (GHFunc)xmlnode_add_assertion_nid_and_session_indexes, &context);
819 }
820
821 #ifdef LASSO_WSF_ENABLED
822 lasso_session_id_wsf2_dump_eprs(session, xmlnode);
823 #endif
824
825 return xmlnode;
826 }
827
828 xmlNode*
base64_to_xmlNode(xmlChar * buffer)829 base64_to_xmlNode(xmlChar *buffer) {
830 xmlChar *decoded = NULL;
831 xmlDoc *doc = NULL;
832 xmlNode *ret = NULL;
833 int l1,l2;
834
835 l1 = 4*strlen((char*)buffer)+2;
836 decoded = g_malloc(l1);
837 l2 = xmlSecBase64Decode(buffer, decoded, l1);
838 if (l2 < 0)
839 goto cleanup;
840 doc = xmlParseMemory((char*)decoded, l2);
841 if (doc == NULL)
842 goto cleanup;
843 ret = xmlDocGetRootElement(doc);
844 if (ret) {
845 ret = xmlCopyNode(ret, 1);
846 }
847 cleanup:
848 lasso_release(decoded);
849 lasso_release_doc(doc);
850
851 return ret;
852 }
853
854 static void
init_from_xml_nid_and_session_index(LassoNode * node,xmlNode * nid_and_session_index_node)855 init_from_xml_nid_and_session_index(LassoNode *node, xmlNode *nid_and_session_index_node)
856 {
857 xmlChar *session_index = NULL;
858 xmlChar *provider_id = NULL;
859 xmlChar *assertion_id = NULL;
860 xmlNode *nid;
861 LassoNode *name_id = NULL;
862 struct _NidAndSessionIndex *nid_and_session_index;
863
864 provider_id = xmlGetProp(nid_and_session_index_node, BAD_CAST PROVIDER_ID);
865 if (! provider_id)
866 goto cleanup;
867 assertion_id = xmlGetProp(nid_and_session_index_node, BAD_CAST ASSERTION_ID);
868 if (! assertion_id)
869 goto cleanup;
870 nid = xmlSecGetNextElementNode(nid_and_session_index_node->children);
871 if (! nid)
872 goto cleanup;
873 name_id = lasso_node_new_from_xmlNode(nid);
874 if (! name_id)
875 goto cleanup;
876 session_index = xmlGetProp(nid_and_session_index_node, BAD_CAST SESSION_INDEX);
877 nid_and_session_index = lasso_new_nid_and_session_index(name_id, (char*)assertion_id,
878 (char*)session_index);
879 lasso_session_add_nid_and_session_index((LassoSession*)node, (char*)provider_id,
880 nid_and_session_index);
881 cleanup:
882 lasso_release_xml_string(session_index);
883 lasso_release_xml_string(provider_id);
884 lasso_release_xml_string(assertion_id);
885 lasso_release_gobject(name_id);
886 }
887
888 static int
init_from_xml(LassoNode * node,xmlNode * xmlnode)889 init_from_xml(LassoNode *node, xmlNode *xmlnode)
890 {
891 LassoSession *session = LASSO_SESSION(node);
892 xmlNode *t;
893 xmlNode *n;
894
895 t = xmlnode->children;
896 while (t) {
897 if (t->type != XML_ELEMENT_NODE) {
898 t = t->next;
899 continue;
900 }
901
902 if (strcmp((char*)t->name, "Assertion") == 0) {
903 xmlChar* value;
904 n = t->children;
905 while (n && n->type != XML_ELEMENT_NODE) n = n->next;
906
907 if (n) {
908 LassoNode *assertion;
909
910 if ((value = xmlGetProp(t, (xmlChar*)"RemoteProviderID"))) {
911
912 assertion = lasso_node_new_from_xmlNode(n);
913 lasso_session_add_assertion_simple(session, (char*)value, assertion);
914 /* automatic upgrade from old session serialization to the new */
915 lasso_session_add_assertion_nid_and_session_index(session, (char*)value, assertion);
916 lasso_release_gobject(assertion);
917 xmlFree(value);
918 }
919 } else if ((value = xmlGetProp(t, (xmlChar*)"ID"))) {
920 xmlChar *content;
921 xmlNode *assertion;
922
923 content = xmlNodeGetContent(t);
924 if (content) {
925 assertion = base64_to_xmlNode(content);
926 if (assertion) {
927 lasso_session_add_assertion_with_id(session,
928 (char*)value, assertion);
929 xmlFreeNode(assertion);
930 }
931 xmlFree(content);
932 }
933 xmlFree(value);
934 }
935 }
936 if (strcmp((char*)t->name, "Status") == 0) {
937 n = t->children;
938 while (n && n->type != XML_ELEMENT_NODE) n = n->next;
939
940 if (n) {
941 LassoNode *status;
942 status = lasso_node_new_from_xmlNode(n);
943 g_hash_table_insert(session->private_data->status,
944 xmlGetProp(t, (xmlChar*)"RemoteProviderID"),
945 status);
946 }
947 }
948 if (xmlSecCheckNodeName(t, BAD_CAST NID_AND_SESSION_INDEX,
949 BAD_CAST LASSO_LASSO_HREF)) {
950 init_from_xml_nid_and_session_index(node, t);
951 }
952
953 #ifdef LASSO_WSF_ENABLED
954 lasso_session_id_wsf2_init_eprs(session, t);
955 #endif
956
957 t = t->next;
958 }
959 return 0;
960 }
961
962
963
964
965 /*****************************************************************************/
966 /* overridden parent class methods */
967 /*****************************************************************************/
968
969 static void
dispose(GObject * object)970 dispose(GObject *object)
971 {
972 LassoSession *session = LASSO_SESSION(object);
973
974 if (! session->private_data || session->private_data->dispose_has_run == TRUE)
975 return;
976 session->private_data->dispose_has_run = TRUE;
977
978 lasso_release_ghashtable(session->assertions);
979 lasso_release_ghashtable(session->private_data->status);
980 lasso_release_list_of_strings(session->private_data->providerIDs);
981 lasso_release_ghashtable(session->private_data->assertions_by_id);
982 lasso_release_ghashtable(session->private_data->nid_and_session_indexes);
983
984 #ifdef LASSO_WSF_ENABLED
985 lasso_release_ghashtable(session->private_data->eprs);
986 #endif
987
988 G_OBJECT_CLASS(parent_class)->dispose(object);
989 }
990
991 /*****************************************************************************/
992 /* instance and class init functions */
993 /*****************************************************************************/
994
995 static void
instance_init(LassoSession * session)996 instance_init(LassoSession *session)
997 {
998 session->private_data = LASSO_SESSION_GET_PRIVATE(session);
999 session->private_data->dispose_has_run = FALSE;
1000 session->private_data->providerIDs = NULL;
1001 session->private_data->status = g_hash_table_new_full(g_str_hash, g_str_equal,
1002 (GDestroyNotify)g_free,
1003 (GDestroyNotify)lasso_node_destroy);
1004 session->private_data->assertions_by_id =
1005 g_hash_table_new_full(g_str_hash, g_str_equal,
1006 (GDestroyNotify)g_free,
1007 (GDestroyNotify)xmlFree);
1008 session->assertions = g_hash_table_new_full(g_str_hash, g_str_equal,
1009 (GDestroyNotify)g_free, (GDestroyNotify)lasso_node_destroy);
1010 session->is_dirty = FALSE;
1011 session->private_data->nid_and_session_indexes = g_hash_table_new_full(g_str_hash,
1012 g_str_equal, (GDestroyNotify)g_free,
1013 (GDestroyNotify)lasso_release_list_of_nid_an_session_index);
1014 #ifdef LASSO_WSF_ENABLED
1015 session->private_data->eprs = g_hash_table_new_full(g_str_hash, g_str_equal,
1016 (GDestroyNotify)g_free,
1017 (GDestroyNotify)g_object_unref);
1018 #endif
1019 }
1020
1021 static void
class_init(LassoSessionClass * klass,void * unused G_GNUC_UNUSED)1022 class_init(LassoSessionClass *klass, void *unused G_GNUC_UNUSED)
1023 {
1024 LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);
1025 parent_class = g_type_class_peek_parent(klass);
1026
1027 nclass->get_xmlNode = get_xmlNode;
1028 nclass->init_from_xml = init_from_xml;
1029 nclass->node_data = g_new0(LassoNodeClassData, 1);
1030 lasso_node_class_set_nodename(nclass, "Session");
1031 lasso_node_class_set_ns(nclass, LASSO_LASSO_HREF, LASSO_LASSO_PREFIX);
1032 g_type_class_add_private(nclass, sizeof(LassoSessionPrivate));
1033
1034 G_OBJECT_CLASS(klass)->dispose = dispose;
1035 }
1036
1037 GType
lasso_session_get_type()1038 lasso_session_get_type()
1039 {
1040 static GType this_type = 0;
1041
1042 if (!this_type) {
1043 static const GTypeInfo this_info = {
1044 sizeof (LassoSessionClass),
1045 NULL,
1046 NULL,
1047 (GClassInitFunc) class_init,
1048 NULL,
1049 NULL,
1050 sizeof(LassoSession),
1051 0,
1052 (GInstanceInitFunc) instance_init,
1053 NULL
1054 };
1055
1056 this_type = g_type_register_static(LASSO_TYPE_NODE,
1057 "LassoSession", &this_info, 0);
1058 }
1059 return this_type;
1060 }
1061
1062 /**
1063 * lasso_session_new:
1064 *
1065 * Creates a new #LassoSession.
1066 *
1067 * Return value: a newly created #LassoSession
1068 **/
1069 LassoSession*
lasso_session_new()1070 lasso_session_new()
1071 {
1072 return g_object_new(LASSO_TYPE_SESSION, NULL);
1073 }
1074
1075 /**
1076 * lasso_session_new_from_dump:
1077 * @dump: XML server dump
1078 *
1079 * Restores the @dump to a new #LassoSession.
1080 *
1081 * Return value: a newly created #LassoSession; or NULL if an error occured
1082 **/
1083 LassoSession*
lasso_session_new_from_dump(const gchar * dump)1084 lasso_session_new_from_dump(const gchar *dump)
1085 {
1086 LassoSession *session;
1087
1088 session = (LassoSession*)lasso_node_new_from_dump(dump);
1089 if (! LASSO_IS_SESSION(session)) {
1090 lasso_release_gobject(session);
1091 }
1092 return session;
1093 }
1094
1095 /**
1096 * lasso_session_dump:
1097 * @session: a #LassoSession
1098 *
1099 * Dumps @session content to an XML string.
1100 *
1101 * Return value:(transfer full): the dump string. It must be freed by the caller.
1102 **/
1103 gchar*
lasso_session_dump(LassoSession * session)1104 lasso_session_dump(LassoSession *session)
1105 {
1106 if (lasso_session_is_empty(session))
1107 return g_strdup("");
1108
1109 return lasso_node_dump(LASSO_NODE(session));
1110 }
1111
1112 /**
1113 * lasso_session_destroy:
1114 * @session: a #LassoSession
1115 *
1116 * Destroys a session.
1117 **/
lasso_session_destroy(LassoSession * session)1118 void lasso_session_destroy(LassoSession *session)
1119 {
1120 if (session == NULL)
1121 return;
1122 lasso_node_destroy(LASSO_NODE(session));
1123 }
1124
1125 gboolean
lasso_session_has_slo_session(LassoSession * session,const gchar * provider_id)1126 lasso_session_has_slo_session(LassoSession *session, const gchar *provider_id)
1127 {
1128 if (! LASSO_IS_SESSION(session))
1129 return FALSE;
1130 return g_hash_table_lookup(session->private_data->nid_and_session_indexes, provider_id) !=
1131 NULL;
1132 }
1133