Resolves: rhbz#1542126, rhbz#1556016

xmlsec removed SOAP support, reimplement missing xmlSecSoap* in Lasso
2018-04-03 20:37:45 -04:00 · 2018-04-03 20:37:45 -04:00 · 8a955c845b
commit 8a955c845b
parent 9d979326cb
2 changed files with 272 additions and 1 deletions
--- a/lasso.spec
+++ b/lasso.spec
@ -15,7 +15,7 @@
 Summary: Liberty Alliance Single Sign On
 Name: lasso
 Version: 2.5.1
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Libraries
 Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
@ -23,6 +23,7 @@ Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
 patch1: java_binding_lasso_log.patch
 patch2: cflags.patch
 patch3: validate_idp_list_test.patch
+patch4: xmlSecSoap.patch

 %if %{with_wsf}
 BuildRequires: cyrus-sasl-devel
@ -119,6 +120,7 @@ library.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1

 %build
 ./autogen.sh
@ -231,6 +233,10 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 %endif

 %changelog
+* Wed Apr  4 2018 John Dennis <jdennis@redhat.com> - 2.5.1-12
+- Resolves: rhbz#1542126, rhbz#1556016
+- xmlsec removed SOAP support, reimplement missing xmlSecSoap* in Lasso
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

--- a/xmlSecSoap.patch
+++ b/xmlSecSoap.patch
@ -0,0 +1,265 @@
+commit bb8722b1c0e097bde8fd0a54190b13dd5bb8c0a8
+Author: John Dennis <jdennis@redhat.com>
+Date:   Tue Apr 3 19:49:31 2018 -0400
+
+    Replace xmlSecSoap functions with lasso implementations
+    
+    xmlsec has removed support for SOAP. The missing xmlSecSoap* functions
+    and their dependent utiliity functions were added to Lasso following
+    the model of the existing xmlSec implmentations.
+    
+    Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2
+    *only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and
+    confused matters. Therefire the SOAP 1.2 support was removed.
+    
+    The following new functions were added to Lasso to support SOAP:
+    
+    * lasso_xml_next_element_node
+    * lasso_xml_get_node_ns_href
+    * lasso_xml_is_element_node
+    * lasso_xml_soap11_get_header
+    * lasso_xml_soap11_get_body
+    
+    The following is the mapping from the deprecated xmlSecSoap symbols
+    to the new Lasso symbols:
+    
+    xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF
+    xmlSecGetNextElementNode -> lasso_xml_next_element_node
+    xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href
+    xmlSecCheckNodeName -> lasso_xml_is_element_node
+    xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header
+    xmlSecSoap11GetBody -> lasso_xml_soap11_get_body
+
+diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
+index 8cfe5a27..112dfeeb 100644
+--- a/lasso/id-wsf/wsf_profile.c
+++ b/lasso/id-wsf/wsf_profile.c
+@@ -29,7 +29,6 @@
+ #include <xmlsec/xmldsig.h>
+ #include <xmlsec/templates.h>
+ #include <xmlsec/crypto.h>
+-#include <xmlsec/soap.h>
+ 
+ #include "../utils.h"
+ 
+@@ -1369,7 +1368,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
+ 
+ 	/* Lookup all referenced node and their Ids */
+ 	envelope = xmlDocGetRootElement(doc);
+-	header = xmlSecSoap11GetHeader(envelope);
+	header = lasso_xml_soap11_get_header(envelope);
+ 
+ 	provider = xmlSecFindNode(header, (xmlChar*) "Provider",
+ 		(xmlChar*) LASSO_SOAP_BINDING_HREF);
+@@ -1377,7 +1376,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
+ 		(xmlChar*) LASSO_SOAP_BINDING_HREF);
+ 	interaction = xmlSecFindNode(header, (xmlChar*) "UserInteraction",
+ 		(xmlChar*) LASSO_IS_HREF);
+-	body = xmlSecSoap11GetBody(envelope);
+	body = lasso_xml_soap11_get_body(envelope);
+ 	xmlSecAddIDs(doc, envelope, ids);
+ 	goto_cleanup_if_fail_with_rc(header != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
+ 	goto_cleanup_if_fail_with_rc(provider != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
+diff --git a/lasso/xml/private.h b/lasso/xml/private.h
+index 6f7d911d..94acd0ed 100644
+--- a/lasso/xml/private.h
+++ b/lasso/xml/private.h
+@@ -265,8 +265,19 @@ xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size);
+ 
+ xmlNode* lasso_xml_get_soap_content(xmlNode *root);
+ 
+xmlNodePtr lasso_xml_next_element_node(xmlNodePtr node);
+
+const xmlChar* lasso_xml_get_node_ns_href(const xmlNodePtr node);
+
+gboolean lasso_xml_is_element_node(const xmlNodePtr node,
+                                   const xmlChar *name, const xmlChar *ns);
+
+ gboolean lasso_xml_is_soap(xmlNode *root);
+ 
+xmlNodePtr lasso_xml_soap11_get_header(xmlNodePtr envelope_node);
+
+xmlNodePtr lasso_xml_soap11_get_body(xmlNodePtr envelope_node);
+
+ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *expression,
+ 		xmlXPathObjectPtr *xpath_object_ptr, int *xpath_error_code);
+ 
+diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
+index ade6d660..c6d4de4b 100644
+--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
+@@ -57,7 +57,6 @@
+ #include <xmlsec/errors.h>
+ #include <xmlsec/openssl/x509.h>
+ #include <xmlsec/openssl/crypto.h>
+-#include <xmlsec/soap.h>
+ 
+ #include <zlib.h>
+ 
+@@ -1666,30 +1665,156 @@ cleanup:
+ 	return rc;
+ }
+ 
+/**
+ * lasso_xml_next_element_node:
+ * @node:                the pointer to an XML node.
+ *
+ * Seraches for the next element node.
+ *
+ * Returns: the pointer to next element node or NULL if it is not found.
+ */
+xmlNodePtr
+lasso_xml_next_element_node(xmlNodePtr node)
+{
+
+    for (; node != NULL && node->type != XML_ELEMENT_NODE; node = node->next);
+    return node;
+}
+
+/**
+ * lasso_xml_get_node_ns_href:
+ * @node: the pointer to node.
+ *
+ * Get's node's namespace href.
+ *
+ * Returns: node's namespace href.
+ */
+const xmlChar*
+lasso_xml_get_node_ns_href(const xmlNodePtr node)
+{
+    xmlNsPtr ns;
+
+    if (node == NULL) {
+        return NULL;
+    }
+
+    /* do we have a namespace in the node? */
+    if (node->ns != NULL) {
+        return node->ns->href;
+    }
+
+    /* search for default namespace */
+    ns = xmlSearchNs(node->doc, node, NULL);
+    if (ns != NULL) {
+        return ns->href;
+    }
+
+    return NULL;
+}
+
+/**
+ * lasso_xml_is_element_node:
+ * @node: the pointer to an XML node.
+ * @name: the name,
+ * @ns:   the namespace href.
+ *
+ * Checks that the node has a given name and a given namespace href.
+ *
+ * Returns: true if the node matches false otherwise.
+ */
+gboolean
+lasso_xml_is_element_node(const xmlNodePtr node,
+                          const xmlChar *name, const xmlChar *ns)
+{
+    if (node == NULL) {
+        return FALSE;
+    }
+
+    return (node->type == XML_ELEMENT_NODE &&
+            xmlStrEqual(node->name, name) &&
+            xmlStrEqual(lasso_xml_get_node_ns_href(node), ns));
+}
+
+ gboolean
+ lasso_xml_is_soap(xmlNode *root)
+ {
+-	return xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns) ||
+-		xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
+    return lasso_xml_is_element_node(root, BAD_CAST "Envelope",
+                                     BAD_CAST LASSO_SOAP_ENV_HREF);
+}
+
+/**
+ * lasso_xml_soap11_get_header:
+ * @envelope_node: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Header> node.
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+lasso_xml_soap11_get_header(xmlNodePtr envelope_node)
+{
+    xmlNodePtr node;
+
+    if (envelope_node == NULL) {
+        return NULL;
+    }
+
+    /* optional Header node is first */
+    node = lasso_xml_next_element_node(envelope_node->children);
+    if (lasso_xml_is_element_node(node, BAD_CAST "Header",
+                                  BAD_CAST LASSO_SOAP_ENV_HREF)) {
+        return node;
+    }
+
+    return NULL;
+}
+
+/**
+ * lasso_xml_soap11_get_body:
+ * @envelope_node: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Body> node.
+ *
+ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
+ */
+xmlNodePtr
+lasso_xml_soap11_get_body(xmlNodePtr envelope_node)
+{
+    xmlNodePtr node;
+
+    if (envelope_node == NULL) {
+        return NULL;
+    }
+
+    /* optional Header node first */
+    node = lasso_xml_next_element_node(envelope_node->children);
+    if (lasso_xml_is_element_node(node, BAD_CAST "Header",
+                                  BAD_CAST LASSO_SOAP_ENV_HREF)) {
+        node = lasso_xml_next_element_node(node->next);
+    }
+
+    /* Body node is next */
+    if (!lasso_xml_is_element_node(node, BAD_CAST "Body",
+                                   BAD_CAST  LASSO_SOAP_ENV_HREF)) {
+        return NULL;
+    }
+
+    return node;
+ }
+ 
+ xmlNode*
+ lasso_xml_get_soap_content(xmlNode *root)
+ {
+ 	gboolean is_soap11 = FALSE;
+-	gboolean is_soap12 = FALSE;
+ 	xmlNode *content = NULL;
+ 
+-	is_soap11 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns);
+-	is_soap12 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
+-
+-	if (is_soap11 || is_soap12) {
+	is_soap11 = lasso_xml_is_element_node(root, BAD_CAST "Envelope",
+                                              BAD_CAST LASSO_SOAP_ENV_HREF);
+	if (is_soap11) {
+ 		xmlNode *body;
+ 
+ 		if (is_soap11) {
+-			body = xmlSecSoap11GetBody(root);
+-		} else {
+-			body = xmlSecSoap12GetBody(root);
+			body = lasso_xml_soap11_get_body(root);
+ 		}
+ 		if (body) {
+ 			content = xmlSecGetNextElementNode(body->children);