Unbreak SP initiated SLO with lasso >= 2.3.5 (patch backported from upstream)

2011-05-07 05:15:21 +00:00 · 2011-05-07 05:15:21 +00:00 · 054717a610
commit 054717a610
parent 60645c6da9
3 changed files with 95 additions and 3 deletions
--- a/www/ap2-auth-mellon/Makefile
+++ b/www/ap2-auth-mellon/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2011/04/22 13:44:57 obache Exp $
+# $NetBSD: Makefile,v 1.17 2011/05/07 05:15:21 manu Exp $
 #

 PKGNAME=	${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
 DISTNAME=	mod_auth_mellon-0.3.0
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	www security
 MASTER_SITES=	http://modmellon.googlecode.com/files/

--- a/www/ap2-auth-mellon/distinfo
+++ b/www/ap2-auth-mellon/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2011/04/04 08:45:43 manu Exp $
+$NetBSD: distinfo,v 1.10 2011/05/07 05:15:21 manu Exp $

 SHA1 (mod_auth_mellon-0.3.0.tar.gz) = 658dda51652f491552f2ecc84572ed7750f914ff
 RMD160 (mod_auth_mellon-0.3.0.tar.gz) = 69237b1ec266018a86e7134a4662b491af3c261e
@ -8,3 +8,4 @@ SHA1 (patch-ad) = a1bebae20bfbb99bd71d68de19901eaef6c52dbd
 SHA1 (patch-ae) = d51040b6d827940a2c3cf8928dee175efa946e37
 SHA1 (patch-af) = 0803665a14df8582ac20d950a070f73d794b08ea
 SHA1 (patch-ag) = c1ef8704268d99b01d1e96fc2da9be74a7726b9d
+SHA1 (patch-ah) = 6287c038aee79e66539dda12ff447dfd5d9529bf
--- a/www/ap2-auth-mellon/patches/patch-ah
+++ b/www/ap2-auth-mellon/patches/patch-ah
@ -0,0 +1,91 @@
+$NetBSD: patch-ah,v 1.1 2011/05/07 05:15:21 manu Exp $
+
+Unbreak SP initiated SLO with lasso >= 2.3.5
+
+--- auth_mellon_handler.c.orig	2011-05-07 06:31:46.000000000 +0200
+++ auth_mellon_handler.c	2011-05-07 06:57:03.000000000 +0200
+@@ -774,8 +774,9 @@
+     gint res;
+     char *redirect_to;
+     LassoProfile *profile;
+     LassoSession *session;
+    GList *assertion_list;
+     LassoNode *assertion_n;
+     LassoSaml2Assertion *assertion;
+     LassoSaml2AuthnStatement *authnStatement;
+     LassoSamlp2LogoutRequest *request;
+@@ -822,42 +823,46 @@
+         return HTTP_INTERNAL_SERVER_ERROR;
+     }
+ 
+ 
+-    /* We need to set the SessionIndex in the LogoutRequest to the
+-     * SessionIndex we received during the login operation.
+-     */
+-
+     profile = LASSO_PROFILE(logout);
+-    session = lasso_profile_get_session(profile);
+ 
+-    /* We currently only look at the first assertion in the list
+-     * lasso_session_get_assertions returns.
+    /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex
+     * we received during the login operation. This is not needed since release
+     * 2.3.0.
+      */
+-    assertion_n = lasso_session_get_assertions(
+-        session, profile->remote_providerID)->data;
+-    if(LASSO_IS_SAML2_ASSERTION(assertion_n) == FALSE) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+-                      "No assertions found for the current session.");
+-        lasso_logout_destroy(logout);
+-        return HTTP_INTERNAL_SERVER_ERROR;
+-    }
+-
+-    assertion = LASSO_SAML2_ASSERTION(assertion_n);
+    if (lasso_check_version(2, 3, 0, LASSO_CHECK_VERSION_NUMERIC) == 0) {
+        session = lasso_profile_get_session(profile);
+        assertion_list = lasso_session_get_assertions(
+            session, profile->remote_providerID);
+        if(! assertion_list ||
+                        LASSO_IS_SAML2_ASSERTION(assertion_list->data) == FALSE) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No assertions found for the current session.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+        /* We currently only look at the first assertion in the list
+         * lasso_session_get_assertions returns.
+         */
+        assertion_n = assertion_list->data;
+ 
+-    /* We assume that the first authnStatement contains the data we want. */
+-    authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
+        assertion = LASSO_SAML2_ASSERTION(assertion_n);
+ 
+-    if(!authnStatement) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+-                      "No AuthnStatement found in the current assertion.");
+-        lasso_logout_destroy(logout);
+-        return HTTP_INTERNAL_SERVER_ERROR;
+-    }
+        /* We assume that the first authnStatement contains the data we want. */
+        authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
+ 
+-    if(authnStatement->SessionIndex) {
+-        request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
+-        request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        if(!authnStatement) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No AuthnStatement found in the current assertion.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+    
+        if(authnStatement->SessionIndex) {
+            request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
+            request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        }
+     }
+ 
+ 
+     /* Set the RelayState parameter to the return url (if we have one). */