Fix Lasso warning

Role maybe unknown when assertion consumer url is looked up. Apply upstream commit 5ba9bb72. Fix the following warning that appears in the Apache log lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
2015-12-23 13:33:59 -05:00 · 2015-12-23 13:33:59 -05:00 · 9efdbdc52e
commit 9efdbdc52e
parent d6a8eabfac
2 changed files with 41 additions and 1 deletions
--- a/acs-warning.patch
+++ b/acs-warning.patch
@ -0,0 +1,33 @@
+commit 5ba9bb72707a90503cd4d042083ea074a0cb6b8a
+Author: John Dennis <jdennis@redhat.com>
+Date:   Fri Oct 30 15:46:33 2015 -0400
+
+    Role maybe unknown when assertion consumer url is looked up
+    
+    Replace the call to lasso_provider_get_metadata_one() with
+    lasso_provider_get_metadata_one_for_role() so that we can exlicitly
+    pass the LASSO_PROVIDER_ROLE_SP role. The former call obtains the
+    role from the provider object and then calls
+    lasso_provider_get_metadata_one_for_role() using that role. However
+    the role will not have been set in the provider until the first request is
+    processed. This means the first time we call this routine it won't
+    work correctly because the role will not have been set yet, by
+    explicitly passing the role we avoid this problem.
+    
+    Signed-off-by: John Dennis <jdennis@redhat.com>
+
+diff --git a/auth_mellon_util.c b/auth_mellon_util.c
+index 155bb1a..6c694b7 100644
+--- a/auth_mellon_util.c
+++ b/auth_mellon_util.c
+@@ -1827,7 +1827,9 @@ char *am_get_assertion_consumer_service_by_binding(LassoProvider *provider, cons
+     }
+ 
+     if (selected_descriptor) {
+-        url = lasso_provider_get_metadata_one(provider, selected_descriptor);
+        url = lasso_provider_get_metadata_one_for_role(provider,
+                                                       LASSO_PROVIDER_ROLE_SP,
+                                                       selected_descriptor);
+     }
+ 
+     lasso_release_list_of_strings(descriptors);
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
 Version: 0.11.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: System Environment/Daemons
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
@ -19,6 +19,8 @@ Requires: httpd-mmn = %{_httpd_mmn}
 Requires: lasso >= 2.5.0
 Url: https://github.com/UNINETT/mod_auth_mellon

+Patch1: acs-warning.patch
+
 %description
 The mod_auth_mellon module is an authentication service that implements the
 SAML 2.0 federation protocol. It grants access based on the attributes
@ -26,6 +28,7 @@ received in assertions generated by a IdP server.

 %prep
 %setup -q -n %{name}-%{version}
+%patch1 -p1 -b .acs-warning

 %build
 export APXS=%{_httpd_apxs}
@ -62,6 +65,10 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 %dir /run/%{name}/

 %changelog
+* Wed Dec 23 2015 John Dennis <jdennis@redhat.com> - 0.11.0-3
+- Fix the following warning that appears in the Apache log
+  lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
+
 * Fri Sep 18 2015 John Dennis <jdennis@redhat.com> - 0.11.0-2
 - Add lasso 2.5.0 version dependency