Resolves: rhbz#1542126, rhbz#1556016
xmlsec removed SOAP support, reimplement missing xmlSecSoap* in Lasso
This commit is contained in:
parent
9d979326cb
commit
8a955c845b
@ -15,7 +15,7 @@
|
|||||||
Summary: Liberty Alliance Single Sign On
|
Summary: Liberty Alliance Single Sign On
|
||||||
Name: lasso
|
Name: lasso
|
||||||
Version: 2.5.1
|
Version: 2.5.1
|
||||||
Release: 11%{?dist}
|
Release: 12%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
||||||
@ -23,6 +23,7 @@ Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
|
|||||||
patch1: java_binding_lasso_log.patch
|
patch1: java_binding_lasso_log.patch
|
||||||
patch2: cflags.patch
|
patch2: cflags.patch
|
||||||
patch3: validate_idp_list_test.patch
|
patch3: validate_idp_list_test.patch
|
||||||
|
patch4: xmlSecSoap.patch
|
||||||
|
|
||||||
%if %{with_wsf}
|
%if %{with_wsf}
|
||||||
BuildRequires: cyrus-sasl-devel
|
BuildRequires: cyrus-sasl-devel
|
||||||
@ -119,6 +120,7 @@ library.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
@ -231,6 +233,10 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 4 2018 John Dennis <jdennis@redhat.com> - 2.5.1-12
|
||||||
|
- Resolves: rhbz#1542126, rhbz#1556016
|
||||||
|
- xmlsec removed SOAP support, reimplement missing xmlSecSoap* in Lasso
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-11
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-11
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
265
xmlSecSoap.patch
Normal file
265
xmlSecSoap.patch
Normal file
@ -0,0 +1,265 @@
|
|||||||
|
commit bb8722b1c0e097bde8fd0a54190b13dd5bb8c0a8
|
||||||
|
Author: John Dennis <jdennis@redhat.com>
|
||||||
|
Date: Tue Apr 3 19:49:31 2018 -0400
|
||||||
|
|
||||||
|
Replace xmlSecSoap functions with lasso implementations
|
||||||
|
|
||||||
|
xmlsec has removed support for SOAP. The missing xmlSecSoap* functions
|
||||||
|
and their dependent utiliity functions were added to Lasso following
|
||||||
|
the model of the existing xmlSec implmentations.
|
||||||
|
|
||||||
|
Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2
|
||||||
|
*only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and
|
||||||
|
confused matters. Therefire the SOAP 1.2 support was removed.
|
||||||
|
|
||||||
|
The following new functions were added to Lasso to support SOAP:
|
||||||
|
|
||||||
|
* lasso_xml_next_element_node
|
||||||
|
* lasso_xml_get_node_ns_href
|
||||||
|
* lasso_xml_is_element_node
|
||||||
|
* lasso_xml_soap11_get_header
|
||||||
|
* lasso_xml_soap11_get_body
|
||||||
|
|
||||||
|
The following is the mapping from the deprecated xmlSecSoap symbols
|
||||||
|
to the new Lasso symbols:
|
||||||
|
|
||||||
|
xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF
|
||||||
|
xmlSecGetNextElementNode -> lasso_xml_next_element_node
|
||||||
|
xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href
|
||||||
|
xmlSecCheckNodeName -> lasso_xml_is_element_node
|
||||||
|
xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header
|
||||||
|
xmlSecSoap11GetBody -> lasso_xml_soap11_get_body
|
||||||
|
|
||||||
|
diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
|
||||||
|
index 8cfe5a27..112dfeeb 100644
|
||||||
|
--- a/lasso/id-wsf/wsf_profile.c
|
||||||
|
+++ b/lasso/id-wsf/wsf_profile.c
|
||||||
|
@@ -29,7 +29,6 @@
|
||||||
|
#include <xmlsec/xmldsig.h>
|
||||||
|
#include <xmlsec/templates.h>
|
||||||
|
#include <xmlsec/crypto.h>
|
||||||
|
-#include <xmlsec/soap.h>
|
||||||
|
|
||||||
|
#include "../utils.h"
|
||||||
|
|
||||||
|
@@ -1369,7 +1368,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
|
||||||
|
|
||||||
|
/* Lookup all referenced node and their Ids */
|
||||||
|
envelope = xmlDocGetRootElement(doc);
|
||||||
|
- header = xmlSecSoap11GetHeader(envelope);
|
||||||
|
+ header = lasso_xml_soap11_get_header(envelope);
|
||||||
|
|
||||||
|
provider = xmlSecFindNode(header, (xmlChar*) "Provider",
|
||||||
|
(xmlChar*) LASSO_SOAP_BINDING_HREF);
|
||||||
|
@@ -1377,7 +1376,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
|
||||||
|
(xmlChar*) LASSO_SOAP_BINDING_HREF);
|
||||||
|
interaction = xmlSecFindNode(header, (xmlChar*) "UserInteraction",
|
||||||
|
(xmlChar*) LASSO_IS_HREF);
|
||||||
|
- body = xmlSecSoap11GetBody(envelope);
|
||||||
|
+ body = lasso_xml_soap11_get_body(envelope);
|
||||||
|
xmlSecAddIDs(doc, envelope, ids);
|
||||||
|
goto_cleanup_if_fail_with_rc(header != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
|
||||||
|
goto_cleanup_if_fail_with_rc(provider != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
|
||||||
|
diff --git a/lasso/xml/private.h b/lasso/xml/private.h
|
||||||
|
index 6f7d911d..94acd0ed 100644
|
||||||
|
--- a/lasso/xml/private.h
|
||||||
|
+++ b/lasso/xml/private.h
|
||||||
|
@@ -265,8 +265,19 @@ xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size);
|
||||||
|
|
||||||
|
xmlNode* lasso_xml_get_soap_content(xmlNode *root);
|
||||||
|
|
||||||
|
+xmlNodePtr lasso_xml_next_element_node(xmlNodePtr node);
|
||||||
|
+
|
||||||
|
+const xmlChar* lasso_xml_get_node_ns_href(const xmlNodePtr node);
|
||||||
|
+
|
||||||
|
+gboolean lasso_xml_is_element_node(const xmlNodePtr node,
|
||||||
|
+ const xmlChar *name, const xmlChar *ns);
|
||||||
|
+
|
||||||
|
gboolean lasso_xml_is_soap(xmlNode *root);
|
||||||
|
|
||||||
|
+xmlNodePtr lasso_xml_soap11_get_header(xmlNodePtr envelope_node);
|
||||||
|
+
|
||||||
|
+xmlNodePtr lasso_xml_soap11_get_body(xmlNodePtr envelope_node);
|
||||||
|
+
|
||||||
|
gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *expression,
|
||||||
|
xmlXPathObjectPtr *xpath_object_ptr, int *xpath_error_code);
|
||||||
|
|
||||||
|
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
|
||||||
|
index ade6d660..c6d4de4b 100644
|
||||||
|
--- a/lasso/xml/tools.c
|
||||||
|
+++ b/lasso/xml/tools.c
|
||||||
|
@@ -57,7 +57,6 @@
|
||||||
|
#include <xmlsec/errors.h>
|
||||||
|
#include <xmlsec/openssl/x509.h>
|
||||||
|
#include <xmlsec/openssl/crypto.h>
|
||||||
|
-#include <xmlsec/soap.h>
|
||||||
|
|
||||||
|
#include <zlib.h>
|
||||||
|
|
||||||
|
@@ -1666,30 +1665,156 @@ cleanup:
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ * lasso_xml_next_element_node:
|
||||||
|
+ * @node: the pointer to an XML node.
|
||||||
|
+ *
|
||||||
|
+ * Seraches for the next element node.
|
||||||
|
+ *
|
||||||
|
+ * Returns: the pointer to next element node or NULL if it is not found.
|
||||||
|
+ */
|
||||||
|
+xmlNodePtr
|
||||||
|
+lasso_xml_next_element_node(xmlNodePtr node)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ for (; node != NULL && node->type != XML_ELEMENT_NODE; node = node->next);
|
||||||
|
+ return node;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * lasso_xml_get_node_ns_href:
|
||||||
|
+ * @node: the pointer to node.
|
||||||
|
+ *
|
||||||
|
+ * Get's node's namespace href.
|
||||||
|
+ *
|
||||||
|
+ * Returns: node's namespace href.
|
||||||
|
+ */
|
||||||
|
+const xmlChar*
|
||||||
|
+lasso_xml_get_node_ns_href(const xmlNodePtr node)
|
||||||
|
+{
|
||||||
|
+ xmlNsPtr ns;
|
||||||
|
+
|
||||||
|
+ if (node == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* do we have a namespace in the node? */
|
||||||
|
+ if (node->ns != NULL) {
|
||||||
|
+ return node->ns->href;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* search for default namespace */
|
||||||
|
+ ns = xmlSearchNs(node->doc, node, NULL);
|
||||||
|
+ if (ns != NULL) {
|
||||||
|
+ return ns->href;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * lasso_xml_is_element_node:
|
||||||
|
+ * @node: the pointer to an XML node.
|
||||||
|
+ * @name: the name,
|
||||||
|
+ * @ns: the namespace href.
|
||||||
|
+ *
|
||||||
|
+ * Checks that the node has a given name and a given namespace href.
|
||||||
|
+ *
|
||||||
|
+ * Returns: true if the node matches false otherwise.
|
||||||
|
+ */
|
||||||
|
+gboolean
|
||||||
|
+lasso_xml_is_element_node(const xmlNodePtr node,
|
||||||
|
+ const xmlChar *name, const xmlChar *ns)
|
||||||
|
+{
|
||||||
|
+ if (node == NULL) {
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (node->type == XML_ELEMENT_NODE &&
|
||||||
|
+ xmlStrEqual(node->name, name) &&
|
||||||
|
+ xmlStrEqual(lasso_xml_get_node_ns_href(node), ns));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
gboolean
|
||||||
|
lasso_xml_is_soap(xmlNode *root)
|
||||||
|
{
|
||||||
|
- return xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns) ||
|
||||||
|
- xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
|
||||||
|
+ return lasso_xml_is_element_node(root, BAD_CAST "Envelope",
|
||||||
|
+ BAD_CAST LASSO_SOAP_ENV_HREF);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * lasso_xml_soap11_get_header:
|
||||||
|
+ * @envelope_node: the pointer to <soap:Envelope> node.
|
||||||
|
+ *
|
||||||
|
+ * Gets pointer to the <soap:Header> node.
|
||||||
|
+ *
|
||||||
|
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
|
||||||
|
+ */
|
||||||
|
+xmlNodePtr
|
||||||
|
+lasso_xml_soap11_get_header(xmlNodePtr envelope_node)
|
||||||
|
+{
|
||||||
|
+ xmlNodePtr node;
|
||||||
|
+
|
||||||
|
+ if (envelope_node == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* optional Header node is first */
|
||||||
|
+ node = lasso_xml_next_element_node(envelope_node->children);
|
||||||
|
+ if (lasso_xml_is_element_node(node, BAD_CAST "Header",
|
||||||
|
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
|
||||||
|
+ return node;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ * lasso_xml_soap11_get_body:
|
||||||
|
+ * @envelope_node: the pointer to <soap:Envelope> node.
|
||||||
|
+ *
|
||||||
|
+ * Gets pointer to the <soap:Body> node.
|
||||||
|
+ *
|
||||||
|
+ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
|
||||||
|
+ */
|
||||||
|
+xmlNodePtr
|
||||||
|
+lasso_xml_soap11_get_body(xmlNodePtr envelope_node)
|
||||||
|
+{
|
||||||
|
+ xmlNodePtr node;
|
||||||
|
+
|
||||||
|
+ if (envelope_node == NULL) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* optional Header node first */
|
||||||
|
+ node = lasso_xml_next_element_node(envelope_node->children);
|
||||||
|
+ if (lasso_xml_is_element_node(node, BAD_CAST "Header",
|
||||||
|
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
|
||||||
|
+ node = lasso_xml_next_element_node(node->next);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Body node is next */
|
||||||
|
+ if (!lasso_xml_is_element_node(node, BAD_CAST "Body",
|
||||||
|
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return node;
|
||||||
|
}
|
||||||
|
|
||||||
|
xmlNode*
|
||||||
|
lasso_xml_get_soap_content(xmlNode *root)
|
||||||
|
{
|
||||||
|
gboolean is_soap11 = FALSE;
|
||||||
|
- gboolean is_soap12 = FALSE;
|
||||||
|
xmlNode *content = NULL;
|
||||||
|
|
||||||
|
- is_soap11 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns);
|
||||||
|
- is_soap12 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
|
||||||
|
-
|
||||||
|
- if (is_soap11 || is_soap12) {
|
||||||
|
+ is_soap11 = lasso_xml_is_element_node(root, BAD_CAST "Envelope",
|
||||||
|
+ BAD_CAST LASSO_SOAP_ENV_HREF);
|
||||||
|
+ if (is_soap11) {
|
||||||
|
xmlNode *body;
|
||||||
|
|
||||||
|
if (is_soap11) {
|
||||||
|
- body = xmlSecSoap11GetBody(root);
|
||||||
|
- } else {
|
||||||
|
- body = xmlSecSoap12GetBody(root);
|
||||||
|
+ body = lasso_xml_soap11_get_body(root);
|
||||||
|
}
|
||||||
|
if (body) {
|
||||||
|
content = xmlSecGetNextElementNode(body->children);
|
Loading…
Reference in New Issue
Block a user