From 1d88d36ded4246cd8b1806096601ced870b2f423 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 17 May 2021 10:56:43 -0400 Subject: [PATCH] fix(saml): fix profile initialization, improve error handling Fixes #5153 Fixes #5270 --- SoObjects/SOGo/SOGoSAML2Session.m | 37 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/SoObjects/SOGo/SOGoSAML2Session.m b/SoObjects/SOGo/SOGoSAML2Session.m index e07f84116d..0b845d317b 100644 --- a/SoObjects/SOGo/SOGoSAML2Session.m +++ b/SoObjects/SOGo/SOGoSAML2Session.m @@ -24,7 +24,6 @@ #include #include - #import #import @@ -237,22 +236,24 @@ - (id) init - (void) _updateDataFromLogin { - LassoSaml2Assertion *saml2Assertion; GList *statementList, *attributeList; - LassoSaml2AttributeStatement *statement; + LassoMiscTextNode *textNode; + LassoNode *lassoNode; + LassoSaml2Assertion *saml2Assertion; LassoSaml2Attribute *attribute; + LassoSaml2AttributeStatement *statement; LassoSaml2AttributeValue *value; - LassoMiscTextNode *textNode; LassoSaml2NameID *nameIdentifier; - SOGoSystemDefaults *sd; NSString *loginAttribue; + SOGoSystemDefaults *sd; gchar *dump; - - saml2Assertion = LASSO_SAML2_ASSERTION (lasso_login_get_assertion (lassoLogin)); + + lassoNode = lasso_login_get_assertion (lassoLogin); + saml2Assertion = LASSO_SAML2_ASSERTION (lassoNode); sd = [SOGoSystemDefaults sharedSystemDefaults]; loginAttribue = [sd SAML2LoginAttribute]; - + if (saml2Assertion) { /* deduce user login */ @@ -267,6 +268,7 @@ - (void) _updateDataFromLogin while (!login && attributeList) { attribute = LASSO_SAML2_ATTRIBUTE (attributeList->data); + if (loginAttribue && (strcmp (attribute->Name, [loginAttribue UTF8String]) == 0)) { value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data); @@ -320,8 +322,7 @@ - (void) _updateDataFromLogin assertion = nil; } - nameIdentifier - = LASSO_SAML2_NAME_ID (LASSO_PROFILE (lassoLogin)->nameIdentifier); + nameIdentifier = LASSO_SAML2_NAME_ID (LASSO_PROFILE (lassoLogin)->nameIdentifier); if (nameIdentifier) { /* deduce session id */ @@ -334,7 +335,7 @@ - (void) _updateDataFromLogin - (id) _initWithDump: (NSDictionary *) saml2Dump inContext: (WOContext *) context { - // lasso_error_t rc; + lasso_error_t rc; LassoServer *server; LassoProfile *profile; const gchar *dump; @@ -346,10 +347,10 @@ - (id) _initWithDump: (NSDictionary *) saml2Dump if (saml2Dump) { profile = LASSO_PROFILE (lassoLogin); + ASSIGN (login, [saml2Dump objectForKey: @"login"]); ASSIGN (identifier, [saml2Dump objectForKey: @"identifier"]); ASSIGN (assertion, [saml2Dump objectForKey: @"assertion"]); - ASSIGN(identity, [saml2Dump objectForKey: @"identity"]); dump = [identity UTF8String]; if (dump) @@ -359,11 +360,10 @@ - (id) _initWithDump: (NSDictionary *) saml2Dump dump = [session UTF8String]; if (dump) lasso_profile_set_session_from_dump (profile, dump); - - lasso_login_accept_sso (lassoLogin); - // if (rc) - // [NSException raiseSAML2Exception: rc]; - [self _updateDataFromLogin]; + + rc = lasso_login_accept_sso (lassoLogin); + if (!rc) + [self _updateDataFromLogin]; } } @@ -454,6 +454,7 @@ - (void) processAuthnResponse: (NSString *) authnResponse responseData = strdup ([authnResponse UTF8String]); + profile = LASSO_PROFILE (lassoLogin); rc = lasso_login_process_authn_response_msg (lassoLogin, responseData); if (rc) [NSException raiseSAML2Exception: rc]; @@ -469,8 +470,6 @@ - (void) processAuthnResponse: (NSString *) authnResponse [saml2Dump setObject: identifier forKey: @"identifier"]; [saml2Dump setObject: assertion forKey: @"assertion"]; - profile = LASSO_PROFILE (lassoLogin); - lasso_session = lasso_profile_get_session (profile); if (lasso_session) {