rpms/lasso
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Upgrade to latest upstream

Browse Source 
Build using Python3, add python3 subpackage
Resolves: rhbz#1592416 Enable perl subpackage
This commit is contained in:
John Dennis 2018-06-26 19:09:04 -04:00
parent 69fbc150eb
commit 9172769420
10 changed files with 536 additions and 497 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@
/lasso-2.4.1.tar.gz
/lasso-2.5.0.tar.gz
/lasso-2.5.1.tar.gz
/lasso-2.6.0.tar.gz

255
build-scripts-py3-compatible.patch Normal file
View File

@ -0,0 +1,255 @@
commit d526669810e0dc0a454260d5081fc96e16fc9e13
Author: John Dennis <jdennis@redhat.com>
Date: Mon Jun 25 16:26:24 2018 -0400
Make Python scripts compatible with both Py2 and Py3
During the build if the Python3 interpreter is used a number of
scripts will fail because they were never ported from Py2 to Py3. In
general we want Python code to be compatible with both Py2 and
Py3. This patch brings the scripts up to date with Py3 but retains
backwards compatibility with Py2 (specifically Py 2.7, the last Py2
release).
Examples of the required changes are:
* Replace use of the built-in function file() with open(). file()
does not exist in Py3, open works in both Py2 and Py3. The code was
also modified to use a file context manager (e.g. with open(xxx) as
f:). This assures open files are properly closed when the code block
using the file goes out of scope. This is a standard modern Python
idiom.
* Replace all use of the print keyword with the six.print_()
function, which itself is an emulation of Py3's print function. Py3
no longer has a print keyword, only a print() function.
* The dict methods .keys(), .values(), .items() no longer return a
list in Py3, instead they return a "view" object which is an
iterator whose result is an unordered set. The most notable
consequence is you cannot index the result of these functions like
your could in Py2 (e.g. dict.keys()[0] will raise a run time
exception).
* Replace use of StringIO.StringIO and cStringIO with
six.StringIO. Py3 no longer has cStringIO and the six variant
handles the correct import.
* Py3 no longer allows the "except xxx, variable" syntax, where
variable appering after the comma is assigned the exception object,
you must use the "as" keyword to perform the variable assignment
(e.g. execpt xxx as variable)
Note: the modifications in this patch are the minimum necessary to get
the build to run with the Py3 interpreter. There are numerous other
Python scripts in the repo which need Py3 porting as well but because
they are not invoked during a build they will be updated in a
subsequent patch.
License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/bindings/python/examples/get_attributes_from_assertion.py b/bindings/python/examples/get_attributes_from_assertion.py
index 44ceb9e5..8f37a337 100644
--- a/bindings/python/examples/get_attributes_from_assertion.py
+++ b/bindings/python/examples/get_attributes_from_assertion.py
@@ -1,8 +1,10 @@
# Example SP Python code to get attributes from an assertion
+from six import print_
+
for attribute in assertion.attributeStatement[0].attribute:
if attribute.name == lasso.SAML2_ATTRIBUTE_NAME_EPR:
continue
- print 'attribute : ' + attribute.name
+ print_('attribute : ' + attribute.name)
for value in attribute.attributeValue:
- print ' value : ' + value.any[0].content
+ print_(' value : ' + value.any[0].content)
diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py
index 6d8e0dfa..54c3635f 100755
--- a/bindings/python/tests/binding_tests.py
+++ b/bindings/python/tests/binding_tests.py
@@ -311,8 +311,8 @@ class BindingTestCase(unittest.TestCase):
</samlp:Extensions>'''
node = lasso.Node.newFromXmlNode(content)
assert 'next_url' in node.any[1]
- assert 'huhu' in node.attributes.keys()[0]
- assert node.attributes.values()[0] == 'xxx'
+ assert '{https://www.entrouvert.com/}huhu' in node.attributes.keys()
+ assert 'xxx' in node.attributes.values()
node.any = ('<zob>coin</zob>',)
node.attributes = {'michou': 'zozo'}
assert '<zob>coin</zob>' in node.dump()
diff --git a/bindings/python/tests/idwsf2_tests.py b/bindings/python/tests/idwsf2_tests.py
index 6f80c53d..4e47a4a1 100755
--- a/bindings/python/tests/idwsf2_tests.py
+++ b/bindings/python/tests/idwsf2_tests.py
@@ -27,7 +27,7 @@
import os
import unittest
import sys
-from StringIO import StringIO
+from six import StringIO
import logging
logging.basicConfig()
@@ -310,11 +310,11 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco.request.svcMD[0].svcMDID is None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
try:
idp_disco.validateRequest()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnlessEqual(len(idp_disco.metadatas), 1)
@@ -391,16 +391,16 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco is not None)
try:
idp_disco.processRequestMsg(wsp_disco.msgBody)
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
self.failUnless(idp_disco.request is not None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
try:
idp_disco.failRequest(lasso.IDWSF2_DISCOVERY_STATUS_CODE_FAILED, lasso.IDWSF2_DISCOVERY_STATUS_CODE_FORBIDDEN)
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnless(idp_disco.response.status is not None)
@@ -415,7 +415,7 @@ class MetadataTestCase(IdWsf2TestCase):
wsp_disco.processResponseMsg(idp_disco.msgBody)
except lasso.Idwsf2DiscoveryForbiddenError:
pass
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
def test03(self):
@@ -475,7 +475,7 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(soap_envelope.getMessageId() is not None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
# redirect
interactionUrl = spInteractionUrl
@@ -488,7 +488,7 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(response.detail.any[0].redirectURL.startswith(interactionUrl + '?transactionID='))
try:
idp_disco.buildResponseMsg()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
self.failUnless(idp_disco.msgBody is not None)
@@ -500,7 +500,7 @@ class MetadataTestCase(IdWsf2TestCase):
wsp_disco.processResponseMsg(idp_disco.msgBody)
except lasso.WsfprofileRedirectRequestError:
pass
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
response_envelope = wsp_disco.getSoapEnvelopeResponse()
self.failUnless(response_envelope.sb2GetRedirectRequestUrl().startswith(interactionUrl + '?transactionID='))
@@ -527,11 +527,11 @@ class MetadataTestCase(IdWsf2TestCase):
self.failUnless(idp_disco.request.svcMD[0].svcMDID is None)
try:
idp_disco.checkSecurityMechanism()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
try:
idp_disco.validateRequest()
- except lasso.Error, e:
+ except lasso.Error as e:
self.fail(e)
self.failUnless(idp_disco.response is not None)
self.failUnlessEqual(len(idp_disco.metadatas), 1)
diff --git a/lasso/build_strerror.py b/lasso/build_strerror.py
index fca59628..908638d5 100644
--- a/lasso/build_strerror.py
+++ b/lasso/build_strerror.py
@@ -1,42 +1,42 @@
#! /usr/bin/env python
-from cStringIO import StringIO
import glob
import re
import sys
import os
+from six import print_, StringIO
srcdir = sys.argv[1]
-hlines = file('%s/errors.h' % srcdir,'r').readlines()
messages = dict()
description = ''
-for line in hlines:
- m = re.match(r'^ \* LASSO.*ERROR', line)
- if m:
- description = ''
- continue
- m = re.match(r'^ \* (.*[^:])$', line)
- if m:
- description += m.group(1)
- m = re.match(r'#define (LASSO_\w*ERROR\w+)', line)
- if m and description:
- description = re.sub(r'[ \n]+', ' ', description).strip()
- messages[m.group(1)] = description
- description = ''
- else:
- m = re.match(r'#define (LASSO_\w*ERROR\w+)',line)
+with open('%s/errors.h' % srcdir,'r') as f:
+ for line in f:
+ m = re.match(r'^ \* LASSO.*ERROR', line)
if m:
- messages[m.group(1)] = m.group(1)
+ description = ''
+ continue
+ m = re.match(r'^ \* (.*[^:])$', line)
+ if m:
+ description += m.group(1)
+ m = re.match(r'#define (LASSO_\w*ERROR\w+)', line)
+ if m and description:
+ description = re.sub(r'[ \n]+', ' ', description).strip()
+ messages[m.group(1)] = description
+ description = ''
+ else:
+ m = re.match(r'#define (LASSO_\w*ERROR\w+)',line)
+ if m:
+ messages[m.group(1)] = m.group(1)
-clines = file('%s/errors.c.in' % srcdir,'r').readlines()
-for line in clines:
- if '@ERROR_CASES@' in line:
- keys = messages.keys()
- keys.sort()
- for k in keys:
- print """ case %s:
- return "%s";""" % (k,messages[k].rstrip('\n'))
- else:
- print line,
+with open('%s/errors.c.in' % srcdir,'r') as f:
+ for line in f:
+ if '@ERROR_CASES@' in line:
+ keys = sorted(messages.keys())
+ for k in keys:
+ print_(' case %s:\n'
+ ' return "%s";' %
+ (k,messages[k].rstrip('\n')))
+ else:
+ print_(line, end="")

65
cflags.patch
View File

@ -1,65 +0,0 @@
From 629e05d8dc795a70fd2bcd3d0301641105bf0b06 Mon Sep 17 00:00:00 2001
From: John Dennis <jdennis@redhat.com>
Date: Wed, 15 Jun 2016 11:50:24 -0400
Subject: [PATCH] enable user supplied CFLAGS
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
CFLAGS is initialized to the empty string in configure.ac, this
effectively turned off user supplied values for CFLAGS preventing site
specific values from being used. A further complicating factor was of
all the user supplied values documented in Automake only CFLAGS was
disabled allowing all other user supplied variables to take
effect. Some variables must be coordinated (e.g. CFLAGS with LDFLAGS),
the fact LDFLAGS was picked up from the environment but CFLAGS was
discarded caused build failures due to incompatible combination of
compiler and linker options.
The problem was first introduced in commit: 73d9c98f "Reset CFLAGS
when --enable-debugging is used". This patch simply removes hardcoding
CFLAGS to the empty string and appends the debug options
(--enable-debugging) to the existing CFLAGS.
Proper use of the variables is described in the Automake documentation
in the section "Flag Variables Ordering"
https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html
Although the Automake documentation claims manipulating CFLAGS
directly is improper use there are many examples of this in the
existing configure.ac, this patch makes no attempt at addressing this
issue, rather it makes existing usage consistent. In the particular
case of debug flags appending to CFLAGS is probably the only valid
solution because the debug flags must appear at the end of the list of
flags in order to override earlier flags, CFLAGS always appears last
in the Makefile (see above Automake doc).
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
---
configure.ac | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 7c58870..cf86262 100644
--- a/configure.ac
+++ b/configure.ac
@@ -91,7 +91,6 @@ dnl
dnl Check for programs
dnl
AC_PROG_CC
-CFLAGS=""
AM_CFLAGS=""
AC_HEADER_STDC
LT_AC_PROG_RC
@@ -702,7 +701,7 @@ AC_ARG_ENABLE(debugging, [ --enable-debugging enable debuging optimizati
if test "z$enable_debugging" = "zyes" ; then
enable_debugging=yes
LASSO_DEFINES="$LASSO_DEFINES -DLASSO_DEBUG"
- AM_CFLAGS="-O0 -g -Wall -Wextra -Werror"
+ CFLAGS="$CFLAGS -O0 -g -Wall -Wextra -Werror"
else
enable_debugging=no
fi
--
2.5.5

83
duplicate-python-LogoutTestCase.patch Normal file
View File

@ -0,0 +1,83 @@
commit 623d785f957acc9eccb47a9a3f88e5e167a370b6
Author: John Dennis <jdennis@redhat.com>
Date: Mon Jun 25 17:37:45 2018 -0400
fix duplicate definition of LogoutTestCase and logoutSuite
Commit 6f617027e added a duplicate definition of the LogoutTestCase
class containing only 1 test which shaddowed the original
LogoutTestCase containing 4 tests. The logoutSuite variable was also
shadowed and the allTests variable contained a duplicate of
logoutSuite causing the 2nd definition of LogoutTestCase to be run
twice.
Not only were the original 4 tests not being run but the entire unit
test in profiles_tests.py was failing under Python3. This is because
the unittest code in Py3 deletes a test from it's list of tests to run
once it's been run. The second time the logoutSuite was invoked it no
longer contained any tests which caused an exception to be raised
because there were no tests to be run.
License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py
index 547c9e24..0ba1e56e 100755
--- a/bindings/python/tests/profiles_tests.py
+++ b/bindings/python/tests/profiles_tests.py
@@ -386,6 +386,21 @@ class LogoutTestCase(unittest.TestCase):
else:
self.fail('Logout processResponseMsg should have failed.')
+ def test05(self):
+ '''Test parsing of a logout request with more than one session index'''
+ content = '''<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxx" Version="2.0" IssueInstant="2010-06-14T22:00:00">
+ <saml:Issuer>me</saml:Issuer>
+ <saml:NameID>coin</saml:NameID>
+ <samlp:SessionIndex>id1</samlp:SessionIndex>
+ <samlp:SessionIndex>id2</samlp:SessionIndex>
+ <samlp:SessionIndex>id3</samlp:SessionIndex>
+ </samlp:LogoutRequest>'''
+
+ node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
+ assert isinstance(node, lasso.Samlp2LogoutRequest)
+ assert node.sessionIndex == 'id1'
+ assert node.sessionIndexes == ('id1', 'id2', 'id3')
+
class DefederationTestCase(unittest.TestCase):
def test01(self):
"""IDP initiated defederation; testing processNotificationMsg with non Liberty query."""
@@ -478,32 +493,15 @@ class AttributeAuthorityTestCase(unittest.TestCase):
assert aq.response.assertion[0].attributeStatement[0].attribute[0]
assert aq.response.assertion[0].attributeStatement[0].attribute[0].attributeValue[0]
-class LogoutTestCase(unittest.TestCase):
- def test01(self):
- '''Test parsing of a logout request with more than one session index'''
- content = '''<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxx" Version="2.0" IssueInstant="2010-06-14T22:00:00">
- <saml:Issuer>me</saml:Issuer>
- <saml:NameID>coin</saml:NameID>
- <samlp:SessionIndex>id1</samlp:SessionIndex>
- <samlp:SessionIndex>id2</samlp:SessionIndex>
- <samlp:SessionIndex>id3</samlp:SessionIndex>
- </samlp:LogoutRequest>'''
-
- node = lasso.Samlp2LogoutRequest.newFromXmlNode(content)
- assert isinstance(node, lasso.Samlp2LogoutRequest)
- assert node.sessionIndex == 'id1'
- assert node.sessionIndexes == ('id1', 'id2', 'id3')
-
serverSuite = unittest.makeSuite(ServerTestCase, 'test')
loginSuite = unittest.makeSuite(LoginTestCase, 'test')
logoutSuite = unittest.makeSuite(LogoutTestCase, 'test')
defederationSuite = unittest.makeSuite(DefederationTestCase, 'test')
identitySuite = unittest.makeSuite(IdentityTestCase, 'test')
attributeSuite = unittest.makeSuite(AttributeAuthorityTestCase, 'test')
-logoutSuite = unittest.makeSuite(LogoutTestCase, 'test')
allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite,
- identitySuite, attributeSuite, logoutSuite))
+ identitySuite, attributeSuite))
if __name__ == '__main__':
sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful())

51
java_binding_lasso_log.patch
View File

@ -1,51 +0,0 @@
commit d8e3ae85044a23424e8fcccc4af2ce7ce883ef74
Author: John Dennis <jdennis@redhat.com>
Date: Tue Feb 23 20:00:45 2016 -0500
add inline implementation of lasso_log
lasso_log is a private function of lasso and as such cannot be
referenced by the loader.
This is equivalent to commit e0bda691 in the PHP binding which
exhibited the same problem.
lasso_log is referenced in jobject_to_gobject() because of
lasso_assign_gobject macro, which includes the lasso_release_gobject
macro which invokes the message macro which expands to lasso_log.
License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/bindings/java/wrapper_top.c b/bindings/java/wrapper_top.c
index 54bdeef..29c2014 100644
--- a/bindings/java/wrapper_top.c
+++ b/bindings/java/wrapper_top.c
@@ -6,6 +6,27 @@
#include "com_entrouvert_lasso_LassoJNI.h"
#include <string.h>
#include "../ghashtable.h"
+
+#if defined(__GNUC__)
+# define lasso_log(level, filename, line, function, format, args...) \
+ g_log("Lasso", level, "%s:%i:%s" format, filename, line, function, ##args)
+#elif defined(HAVE_VARIADIC_MACROS)
+# define lasso_log(level, format, line, function, ...) \
+ g_log("Lasso", leve, "%s:%i:%s" format, filename, line, function, __VA_ARGS__)
+#else
+static inline void lasso_log(GLogLevelFlags level, const char *filename,
+ int line, const char *function, const char *format, ...)
+{
+ va_list ap;
+ char s[1024];
+ va_start(ap, format);
+ g_vsnprintf(s, 1024, format, ap);
+ va_end(ap);
+ g_log("Lasso", level, "%s:%i:%s %s", filename, line, function, s);
+}
+#define lasso_log lasso_log
+#endif
+
#include "../../lasso/utils.h"
#include "../utils.c"
#include "../../lasso/backward_comp.h"

160
lasso.spec
View File

@ -1,6 +1,6 @@
%global with_java 1
%global with_php 0
%global with_perl 0
%global with_perl 1
%global with_python 1
%global with_wsf 0
@ -12,19 +12,55 @@
%endif
%endif
%if %{with_python}
%if 0%{?fedora} < 32 || 0%{?rhel}
%global with_python2 1
%endif
%if 0%{?fedora} && ! 0%{?rhel}
%global with_python3 1
%endif
%endif
%global configure_args %{nil}
%global configure_args %{configure_args}
%if !%{with_java}
%global configure_args %{configure_args} --disable-java
%endif
%if !%{with_perl}
%global configure_args %{configure_args} --disable-perl
%endif
%if %{with_php}
%global configure_args %{configure_args} --enable-php5=yes --with-php5-config-dir=%{php_inidir}
%else
%global configure_args %{configure_args} --enable-php5=no
%endif
%if %{with_wsf}
%global configure_args %{configure_args} --enable-wsf --with-sasl2=%{_prefix}/sasl2
%endif
%if !%{with_python}
%global configure_args %{configure_args} --disable-python
%endif
Summary: Liberty Alliance Single Sign On
Name: lasso
Version: 2.5.1
Release: 13%{?dist}
Version: 2.6.0
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Libraries
Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
patch1: java_binding_lasso_log.patch
patch2: cflags.patch
patch3: validate_idp_list_test.patch
patch4: xmlSecSoap.patch
patch5: automake-version.patch
Patch1: use-specified-python-interpreter.patch
Patch2: build-scripts-py3-compatible.patch
Patch3: duplicate-python-LogoutTestCase.patch
BuildRequires: libtool autoconf automake
%if %{with_wsf}
BuildRequires: cyrus-sasl-devel
@ -59,6 +95,7 @@ documentation for Lasso.
%package perl
Summary: Liberty Alliance Single Sign On (lasso) Perl bindings
Group: Development/Libraries
BuildRequires: perl-devel
BuildRequires: perl(ExtUtils::MakeMaker)
BuildRequires: perl(Test::More)
BuildRequires: perl(Error)
@ -92,16 +129,16 @@ BuildRequires: python2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: php(zend-abi) = %{php_zend_api}
Requires: php(api) = %{php_core_api}
Provides: php-lasso = %{version}-%{release}
Provides: php-lasso%{?_isa} = %{version}-%{release}
Provides: php-%{name} = %{version}-%{release}
Provides: php-%{name}%{?_isa} = %{version}-%{release}
%description php
PHP language bindings for the lasso (Liberty Alliance Single Sign On) library.
%endif
%if %{with_python}
%package -n python2-lasso
%{?python_provide:%python_provide python2-lasso}
%if %{with_python2}
%package -n python2-%{name}
%{?python_provide:%python_provide python2-%{name}}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
@ -113,50 +150,65 @@ BuildRequires: python2-lxml
Requires: python2
Requires: %{name}%{?_isa} = %{version}-%{release}
%description -n python2-lasso
%description -n python2-%{name}
Python language bindings for the lasso (Liberty Alliance Single Sign On)
library.
%endif
%if %{with_python3}
%package -n python3-%{name}
%{?python_provide:%python_provide python3-%{name}}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
Summary: Liberty Alliance Single Sign On (lasso) Python bindings
Group: Development/Libraries
BuildRequires: python3-devel
BuildRequires: python3-lxml
Requires: python3
Requires: %{name}%{?_isa} = %{version}-%{release}
%description -n python3-%{name}
Python language bindings for the lasso (Liberty Alliance Single Sign On)
library.
%endif
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
# Remove any python script shebang lines (unless they refer to python3)
sed -i -E -e '/^#![[:blank:]]*(\/usr\/bin\/env[[:blank:]]+python[^3]?\>)|(\/usr\/bin\/python[^3]?\>)/d' \
`grep -r -l -E '^#![[:blank:]]*(/usr/bin/python[^3]?)|(/usr/bin/env[[:blank:]]+python[^3]?)' *`
%build
./autogen.sh
%configure --prefix=%{_prefix} \
%if !%{with_java}
--disable-java \
%if 0%{?with_python2}
%configure %{configure_args} --with-python=%{__python2}
pushd lasso
make %{?_smp_mflags} CFLAGS="%{optflags}"
popd
pushd bindings/python
make %{?_smp_mflags} CFLAGS="%{optflags}"
make check
mkdir py2
mv lasso.py .libs/_lasso.so py2
popd
make clean
%endif
%if !%{with_python}
--disable-python \
%endif
%if !%{with_perl}
--disable-perl \
%endif
%if %{with_php}
--enable-php5=yes \
--with-php5-config-dir=%{php_inidir} \
%else
--enable-php5=no \
%endif
%if %{with_wsf}
--enable-wsf \
--with-sasl2=%{_prefix}/sasl2 \
%endif
# --with-html-dir=%{_datadir}/gtk-doc/html
%if 0%{?with_python3}
%configure %{configure_args} --with-python=%{__python3}
%else
%configure %{configure_args}
%endif
make %{?_smp_mflags} CFLAGS="%{optflags}"
%check
%if %{with_perl}
# This is so the perl test can find the built, but not yet installed library
export LD_LIBRARY_PATH=%{_builddir}/%{buildsubdir}/lasso/.libs
%endif
make check
%install
@ -166,6 +218,13 @@ make install exec_prefix=%{_prefix} DESTDIR=%{buildroot}
find %{buildroot} -type f -name '*.la' -exec rm -f {} \;
find %{buildroot} -type f -name '*.a' -exec rm -f {} \;
%if 0%{?with_python2}
# Install Python 2 files saved from first build
install -d -m 0755 %{buildroot}/%{python2_sitearch}
install -m 0644 bindings/python/py2/lasso.py %{buildroot}/%{python2_sitearch}
install -m 0755 bindings/python/py2/_lasso.so %{buildroot}/%{python2_sitearch}
%endif
# Perl subpackage
%if %{with_perl}
find %{buildroot} \( -name perllocal.pod -o -name .packlist \) -exec rm -v {} \;
@ -229,14 +288,27 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
%attr(644,root,root) %{_datadir}/php/%{name}/lasso.php
%endif
%if %{with_python}
%files -n python2-lasso
%if %{with_python2}
%files -n python2-%{name}
%defattr(-,root,root)
%{python_sitearch}/lasso.py*
%{python_sitearch}/_lasso.so
%{python2_sitearch}/lasso.py*
%{python2_sitearch}/_lasso.so
%endif
%if %{with_python3}
%files -n python3-%{name}
%defattr(-,root,root)
%{python3_sitearch}/lasso.py*
%{python3_sitearch}/_lasso.so
%{python3_sitearch}/__pycache__/*
%endif
%changelog
* Tue Jun 26 2018 <jdennis@redhat.com> - 2.6.0-1
- Upgrade to latest upstream
- Build using Python3, add python3 subpackage
- Resolves: rhbz#1592416 Enable perl subpackage
* Wed May 2 2018 John Dennis <jdennis@redhat.com> - 2.5.1-13
- add xmlsec1 version dependency

2
sources
View File

@ -1 +1 @@
f943f3ed67fabad11c6bad1ab615398f lasso-2.5.1.tar.gz
SHA512 (lasso-2.6.0.tar.gz) = bec7ab09f73db01b0a88cd1a7c9e9c8bb6af2e0aeb5e9ece2aa0f2f46e22b6a412990c29971a765a830f0bedf174b7c9d866cae599b81d047d381cf59d844506

80
use-specified-python-interpreter.patch Normal file
View File

@ -0,0 +1,80 @@
commit e3e904af7dd308fe7530773bd9ea136afc90049b
Author: John Dennis <jdennis@redhat.com>
Date: Thu Jun 21 10:49:30 2018 -0400
Use python interpreter specified configure script
The configure script allows you to specify the python interpreter to
use via the --with-python option. There were several places where the
python interpreter was implicity invoked without using the specified
version. This can create a number of problems in an environment with
multiple python versions as is the case during the transition from
Python 2 to Python 3. Python 2 is not compatible with Python
3. Lasso's Python code is supposed to be compatible with both
versions. But during the build and when running the unit tests it is
essential the same interpreter be used consistently otherwise you can
have problems.
This patch assures whenever python is invoked it does so via the
$(PYTHON) configuration variable.
What about shebang lines (e.g #/usr/bin/python) at the top of scripts?
Python PEP 394 (https://www.python.org/dev/peps/pep-0394/) covers
this. Basically it says if a script is compatible only with Py2 the
shebang should be #/usr/bin/python2, if only compatible with Py3 the
shebang should be #/usr/bin/python3. However, if the script is
compatible with both versions it can continue to use the
compatible with both Py2 and Py3.
License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
diff --git a/bindings/java/Makefile.am b/bindings/java/Makefile.am
index 05e5f9ee..8de0178d 100644
--- a/bindings/java/Makefile.am
+++ b/bindings/java/Makefile.am
@@ -26,7 +26,7 @@ if WSF_ENABLED
EXTRA_ARGS = --enable-id-wsf
endif
-java_lasso_source_files := $(shell python $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) )
+java_lasso_source_files := $(shell $(PYTHON) $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) )
lasso_jardir=$(prefix)/share/java
lasso_jar_DATA=lasso.jar
diff --git a/bindings/python/tests/Makefile.am b/bindings/python/tests/Makefile.am
index 205e7613..1305f26f 100644
--- a/bindings/python/tests/Makefile.am
+++ b/bindings/python/tests/Makefile.am
@@ -11,5 +11,8 @@ if WSF_ENABLED
TESTS += idwsf1_tests.py idwsf2_tests.py
endif
+TEST_EXTENSIONS = .py
+PY_LOG_COMPILER = $(PYTHON)
+
EXTRA_DIST = profiles_tests.py binding_tests.py idwsf1_tests.py idwsf2_tests.py \
tests.py XmlTestRunner.py
diff --git a/lasso/Makefile.am b/lasso/Makefile.am
index 751f9419..49ae88a7 100644
--- a/lasso/Makefile.am
+++ b/lasso/Makefile.am
@@ -91,7 +91,7 @@ liblasso_la_LDFLAGS = -no-undefined -version-info @LASSO_VERSION_INFO@ \
endif
$(srcdir)/errors.c: $(srcdir)/errors.h $(srcdir)/build_strerror.py
- python $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new
+ $(PYTHON) $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new
if ! cmp -s $(srcdir)/errors.c .errors.c.new; then \
mv -f .errors.c.new $@; else \
rm .errors.c.new; fi
diff --git a/tools/check-lasso-sections.py b/tools/check-lasso-sections.py
index cb4c39c4..3a6c9880 100755
--- a/tools/check-lasso-sections.py
+++ b/tools/check-lasso-sections.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
import sys
import os.path

71
validate_idp_list_test.patch
View File

@ -1,71 +0,0 @@
commit 11ebfeb62148a89e2ebae90d7c70be918cfdc244
Author: John Dennis <jdennis@redhat.com>
Date: Fri Jun 17 11:58:24 2016 -0400
Fix ecp test validate_idp_list()
validate_idp_list was not using the correct list elements when it
iterated over the known_sp_provided_idp_entries_supporting_ecp list.
It treated them as lists of strings instead of lists of
LassoSamlp2IDPEntry.
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
diff --git a/tests/login_tests_saml2.c b/tests/login_tests_saml2.c
index 84011ec..54c7fb6 100644
--- a/tests/login_tests_saml2.c
+++ b/tests/login_tests_saml2.c
@@ -1245,18 +1245,29 @@ static void validate_idp_list(LassoEcp *ecp, EcpIdpListVariant ecpIDPListVariant
if (ecpIDPListVariant == ECP_IDP_LIST_ECP) {
check_not_null(ecp->known_sp_provided_idp_entries_supporting_ecp);
+ check_equals(g_list_length(ecp->known_sp_provided_idp_entries_supporting_ecp),
+ g_list_length(idp_list->IDPEntry));
+
for (ecp_iter = g_list_first(ecp->known_sp_provided_idp_entries_supporting_ecp),
src_iter = g_list_first(idp_list->IDPEntry);
ecp_iter && src_iter;
ecp_iter = g_list_next(ecp_iter), src_iter = g_list_next(src_iter)) {
- gchar *ecp_item, *src_item;
+ LassoSamlp2IDPEntry *ecp_item, *src_item;
+
+ ecp_item = LASSO_SAMLP2_IDP_ENTRY(ecp_iter->data);
+ src_item = LASSO_SAMLP2_IDP_ENTRY(src_iter->data);
+
+ check_not_null(ecp_item->ProviderID);
+ check_not_null(src_item->ProviderID);
+ check_str_equals(ecp_item->ProviderID, src_item->ProviderID);
- ecp_item = ecp_iter->data;
- src_item = src_iter->data;
+ check_not_null(ecp_item->Name);
+ check_not_null(src_item->Name);
+ check_str_equals(ecp_item->Name, src_item->Name);
- check_not_null(ecp_item);
- check_not_null(src_item);
- check_str_equals(ecp_item, src_item);
+ check_not_null(ecp_item->Loc);
+ check_not_null(src_item->Loc);
+ check_str_equals(ecp_item->Loc, src_item->Loc);
}
} else {
check_null(ecp->known_sp_provided_idp_entries_supporting_ecp);
@@ -1356,7 +1367,6 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant)
check_null(LASSO_PROFILE(spLoginContext)->msg_url);
check_not_null(strstr(spPaosRequestMsg, "RelayState"));
-
/* Finished with SP Login Context, will create new one later */
lasso_server_destroy(spContext);
spContext = NULL;
@@ -1388,7 +1398,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant)
check_str_equals(ecp->relaystate, relayState);
check_str_equals(ecp->issuer->content, "http://sp5/metadata");
check_str_equals(ecp->provider_name, provider_name);
- check_equals(ecp->is_passive, is_passive);
+ check_equals(ecp->is_passive, is_passive);
/* Validate ECP IdP list info & default IdP URL */
validate_idp_list(ecp, ecpIDPListVariant, idp_list);

265
xmlSecSoap.patch
View File

@ -1,265 +0,0 @@
commit bb8722b1c0e097bde8fd0a54190b13dd5bb8c0a8
Author: John Dennis <jdennis@redhat.com>
Date: Tue Apr 3 19:49:31 2018 -0400
Replace xmlSecSoap functions with lasso implementations
xmlsec has removed support for SOAP. The missing xmlSecSoap* functions
and their dependent utiliity functions were added to Lasso following
the model of the existing xmlSec implmentations.
Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2
*only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and
confused matters. Therefire the SOAP 1.2 support was removed.
The following new functions were added to Lasso to support SOAP:
* lasso_xml_next_element_node
* lasso_xml_get_node_ns_href
* lasso_xml_is_element_node
* lasso_xml_soap11_get_header
* lasso_xml_soap11_get_body
The following is the mapping from the deprecated xmlSecSoap symbols
to the new Lasso symbols:
xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF
xmlSecGetNextElementNode -> lasso_xml_next_element_node
xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href
xmlSecCheckNodeName -> lasso_xml_is_element_node
xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header
xmlSecSoap11GetBody -> lasso_xml_soap11_get_body
diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
index 8cfe5a27..112dfeeb 100644
--- a/lasso/id-wsf/wsf_profile.c
+++ b/lasso/id-wsf/wsf_profile.c
@@ -29,7 +29,6 @@
#include <xmlsec/xmldsig.h>
#include <xmlsec/templates.h>
#include <xmlsec/crypto.h>
-#include <xmlsec/soap.h>
#include "../utils.h"
@@ -1369,7 +1368,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
/* Lookup all referenced node and their Ids */
envelope = xmlDocGetRootElement(doc);
- header = xmlSecSoap11GetHeader(envelope);
+ header = lasso_xml_soap11_get_header(envelope);
provider = xmlSecFindNode(header, (xmlChar*) "Provider",
(xmlChar*) LASSO_SOAP_BINDING_HREF);
@@ -1377,7 +1376,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
(xmlChar*) LASSO_SOAP_BINDING_HREF);
interaction = xmlSecFindNode(header, (xmlChar*) "UserInteraction",
(xmlChar*) LASSO_IS_HREF);
- body = xmlSecSoap11GetBody(envelope);
+ body = lasso_xml_soap11_get_body(envelope);
xmlSecAddIDs(doc, envelope, ids);
goto_cleanup_if_fail_with_rc(header != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
goto_cleanup_if_fail_with_rc(provider != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
diff --git a/lasso/xml/private.h b/lasso/xml/private.h
index 6f7d911d..94acd0ed 100644
--- a/lasso/xml/private.h
+++ b/lasso/xml/private.h
@@ -265,8 +265,19 @@ xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size);
xmlNode* lasso_xml_get_soap_content(xmlNode *root);
+xmlNodePtr lasso_xml_next_element_node(xmlNodePtr node);
+
+const xmlChar* lasso_xml_get_node_ns_href(const xmlNodePtr node);
+
+gboolean lasso_xml_is_element_node(const xmlNodePtr node,
+ const xmlChar *name, const xmlChar *ns);
+
gboolean lasso_xml_is_soap(xmlNode *root);
+xmlNodePtr lasso_xml_soap11_get_header(xmlNodePtr envelope_node);
+
+xmlNodePtr lasso_xml_soap11_get_body(xmlNodePtr envelope_node);
+
gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *expression,
xmlXPathObjectPtr *xpath_object_ptr, int *xpath_error_code);
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index ade6d660..c6d4de4b 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -57,7 +57,6 @@
#include <xmlsec/errors.h>
#include <xmlsec/openssl/x509.h>
#include <xmlsec/openssl/crypto.h>
-#include <xmlsec/soap.h>
#include <zlib.h>
@@ -1666,30 +1665,156 @@ cleanup:
return rc;
}
+/**
+ * lasso_xml_next_element_node:
+ * @node: the pointer to an XML node.
+ *
+ * Seraches for the next element node.
+ *
+ * Returns: the pointer to next element node or NULL if it is not found.
+ */
+xmlNodePtr
+lasso_xml_next_element_node(xmlNodePtr node)
+{
+
+ for (; node != NULL && node->type != XML_ELEMENT_NODE; node = node->next);
+ return node;
+}
+
+/**
+ * lasso_xml_get_node_ns_href:
+ * @node: the pointer to node.
+ *
+ * Get's node's namespace href.
+ *
+ * Returns: node's namespace href.
+ */
+const xmlChar*
+lasso_xml_get_node_ns_href(const xmlNodePtr node)
+{
+ xmlNsPtr ns;
+
+ if (node == NULL) {
+ return NULL;
+ }
+
+ /* do we have a namespace in the node? */
+ if (node->ns != NULL) {
+ return node->ns->href;
+ }
+
+ /* search for default namespace */
+ ns = xmlSearchNs(node->doc, node, NULL);
+ if (ns != NULL) {
+ return ns->href;
+ }
+
+ return NULL;
+}
+
+/**
+ * lasso_xml_is_element_node:
+ * @node: the pointer to an XML node.
+ * @name: the name,
+ * @ns: the namespace href.
+ *
+ * Checks that the node has a given name and a given namespace href.
+ *
+ * Returns: true if the node matches false otherwise.
+ */
+gboolean
+lasso_xml_is_element_node(const xmlNodePtr node,
+ const xmlChar *name, const xmlChar *ns)
+{
+ if (node == NULL) {
+ return FALSE;
+ }
+
+ return (node->type == XML_ELEMENT_NODE &&
+ xmlStrEqual(node->name, name) &&
+ xmlStrEqual(lasso_xml_get_node_ns_href(node), ns));
+}
+
gboolean
lasso_xml_is_soap(xmlNode *root)
{
- return xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns) ||
- xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
+ return lasso_xml_is_element_node(root, BAD_CAST "Envelope",
+ BAD_CAST LASSO_SOAP_ENV_HREF);
+}
+
+/**
+ * lasso_xml_soap11_get_header:
+ * @envelope_node: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Header> node.
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+lasso_xml_soap11_get_header(xmlNodePtr envelope_node)
+{
+ xmlNodePtr node;
+
+ if (envelope_node == NULL) {
+ return NULL;
+ }
+
+ /* optional Header node is first */
+ node = lasso_xml_next_element_node(envelope_node->children);
+ if (lasso_xml_is_element_node(node, BAD_CAST "Header",
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
+ return node;
+ }
+
+ return NULL;
+}
+
+/**
+ * lasso_xml_soap11_get_body:
+ * @envelope_node: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Body> node.
+ *
+ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
+ */
+xmlNodePtr
+lasso_xml_soap11_get_body(xmlNodePtr envelope_node)
+{
+ xmlNodePtr node;
+
+ if (envelope_node == NULL) {
+ return NULL;
+ }
+
+ /* optional Header node first */
+ node = lasso_xml_next_element_node(envelope_node->children);
+ if (lasso_xml_is_element_node(node, BAD_CAST "Header",
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
+ node = lasso_xml_next_element_node(node->next);
+ }
+
+ /* Body node is next */
+ if (!lasso_xml_is_element_node(node, BAD_CAST "Body",
+ BAD_CAST LASSO_SOAP_ENV_HREF)) {
+ return NULL;
+ }
+
+ return node;
}
xmlNode*
lasso_xml_get_soap_content(xmlNode *root)
{
gboolean is_soap11 = FALSE;
- gboolean is_soap12 = FALSE;
xmlNode *content = NULL;
- is_soap11 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns);
- is_soap12 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
-
- if (is_soap11 || is_soap12) {
+ is_soap11 = lasso_xml_is_element_node(root, BAD_CAST "Envelope",
+ BAD_CAST LASSO_SOAP_ENV_HREF);
+ if (is_soap11) {
xmlNode *body;
if (is_soap11) {
- body = xmlSecSoap11GetBody(root);
- } else {
- body = xmlSecSoap12GetBody(root);
+ body = lasso_xml_soap11_get_body(root);
}
if (body) {
content = xmlSecGetNextElementNode(body->children);