Pullup single logout related bugfixes from lasso -current.

On SP initiated logout, the SP x509 certificate was included in the
HTTP redirect URL. First this was an SAML standard violation, and second
it inflated the URL beyond 2038 bytes, which is the maximum length for
IE7 and prior. As a result, SP initated single logout was broken with IE7
and prior versions.

6 files changed, 293 insertions, 11 deletions

diff --git a/security/lasso/Makefile b/security/lasso/Makefile
index 25a7357a2f9..90b3414ea9c 100644
--- a/security/lasso/Makefile
+++ b/security/lasso/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.2 2009/05/26 05:26:00 manu Exp $
+# $NetBSD: Makefile,v 1.3 2009/12/01 08:49:46 manu Exp $
 #
 
-PKGREVISION=	2
+PKGREVISION=	3
 
 CONFIGURE_ARGS+=	--disable-python
 CONFIGURE_ARGS+=	--disable-php4
diff --git a/security/lasso/distinfo b/security/lasso/distinfo
index f7020a7a0f8..ab9d5638104 100644
--- a/security/lasso/distinfo
+++ b/security/lasso/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2009/07/06 22:08:16 joerg Exp $
+$NetBSD: distinfo,v 1.6 2009/12/01 08:49:46 manu Exp $
 
 SHA1 (lasso-2.2.2.tar.gz) = 32651fa71b16da01a94db234425846729a510623
 RMD160 (lasso-2.2.2.tar.gz) = a4faae605726202db33d36a2b520b0ab8f17aa76
@@ -8,4 +8,7 @@ SHA1 (patch-ba) = 4ebb013f1c264e5b0008faeebdecc7bdb49be63a
 SHA1 (patch-bb) = 0867b8ae4036620084b73d28546ac089b57d3fb9
 SHA1 (patch-bc) = 1633e47d0b4db574183bc3798a2dd839c98d11cb
 SHA1 (patch-bd) = d6788200b7f7a871b8d5bb788c5feff174c2a371
-SHA1 (patch-ca) = c803ef9032744263f0fc434eda2c3b729fc96225
+SHA1 (patch-ca) = d65ec7dcf14db7be4abf0d804e666768d0cb81d5
+SHA1 (patch-cb) = 181213f32003c2744e40c45d24fa30198444e0af
+SHA1 (patch-cc) = 71794a4f081bafd451528f11b06fb61997ff4f9f
+SHA1 (patch-cd) = 6dfacf5eb7308ad78609e3c8412422b98cb891d4
diff --git a/security/lasso/patches/patch-ca b/security/lasso/patches/patch-ca
index 584076a2c8f..8592d58baae 100644
--- a/security/lasso/patches/patch-ca
+++ b/security/lasso/patches/patch-ca
@@ -1,14 +1,133 @@
-$NetBSD: patch-ca,v 1.1 2009/05/26 05:26:00 manu Exp $
---- lasso/saml-2.0/profile.c.orig	2009-03-27 16:12:48.000000000 +0000
-+++ lasso/saml-2.0/profile.c	2009-05-25 15:40:40.000000000 +0000
-@@ -1106,10 +1106,8 @@
+$NetBSD: patch-ca,v 1.2 2009/12/01 08:49:46 manu Exp $
+--- lasso/saml-2.0/profile.c.orig	2009-03-27 17:12:48.000000000 +0100
++++ lasso/saml-2.0/profile.c	2009-11-30 20:19:47.000000000 +0100
+@@ -49,5 +49,5 @@
+ static char* lasso_saml20_profile_build_artifact(LassoProvider *provider);
+ static void remove_all_signatures(LassoNode *node);
+-static char * lasso_saml20_profile_export_to_query(LassoProfile *profile, LassoNode *msg, int sign);
++static int lasso_saml20_profile_export_to_query(LassoProfile *profile, LassoNode *msg, int sign, char **query);
+ 
+ /*
+@@ -1014,36 +1014,41 @@
+  * Return value: a newly allocated string containing the query string if successfull, NULL otherwise.
+  */
+-static char *
+-lasso_saml20_profile_export_to_query(LassoProfile *profile, LassoNode *msg, int sign) {
++static int
++lasso_saml20_profile_export_to_query(LassoProfile *profile, LassoNode *msg, int sign, char **query) {
+ 	char *unsigned_query = NULL;
+ 	char *result = NULL;
++	int rc = 0;
+ 
+-	g_return_val_if_fail(LASSO_IS_NODE(msg), NULL);
++	lasso_bad_param(PROFILE, profile);
++	lasso_bad_param(NODE, msg);
+ 
+ 	unsigned_query = lasso_node_build_query(msg);
+ 	if (profile->msg_relayState) {
+-		char *query = unsigned_query;
+-		xmlChar *encoded_relayState;
+-		if (strlen(profile->msg_relayState) < 81) {
+-			encoded_relayState = xmlURIEscape((xmlChar*)profile->msg_relayState);
+-			if (encoded_relayState != NULL) {
+-				unsigned_query = g_strdup_printf("%s&RelayState=%s", query,
+-						(char*)encoded_relayState);
+-				lasso_release_string(query);
+-				lasso_release_xml_string(encoded_relayState);
+-			}
+-		} else {
+-			g_warning("Refused to encode a RelayState of more than 80 bytes, #3.4.3 of"
+-					" saml-bindings-2.0-os");
++		unsigned_query = lasso_url_add_parameters(unsigned_query, 1, "RelayState", profile->msg_relayState, NULL);
++
++		if (strlen(profile->msg_relayState) > 80) {
++			g_warning("Encoded a RelayState of more than 80 bytes, see #3.4.3 of saml-bindings-2.0-os");
+ 		}
+ 	}
+ 	if (sign && lasso_flag_add_signature) {
++	       LassoServer *server = profile->server;
++	       goto_cleanup_if_fail_with_rc (LASSO_IS_SERVER(server),
++			       LASSO_PROFILE_ERROR_MISSING_SERVER);
++	       goto_cleanup_if_fail_with_rc (
++			       profile->server->signature_method != LASSO_SIGNATURE_TYPE_NONE &&
++			       profile->server->private_key,
++			       LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED);
++
+ 		result = lasso_query_sign(unsigned_query, profile->server->signature_method,
+ 				profile->server->private_key);
+-		lasso_release_string(unsigned_query);
++		lasso_transfer_string(*query, result);
+ 	} else {
+-		result = unsigned_query;
++		lasso_transfer_string(*query, unsigned_query);
+ 	}
+-	return result;
++cleanup:
++	lasso_release_string(unsigned_query);
++	lasso_release_string(result);
++	return rc;
++
+ }
+ 
+@@ -1054,8 +1059,13 @@
+ 	if (node == NULL)
+ 		return;
++
+ 	klass = LASSO_NODE_GET_CLASS(node);
+-	if (klass->node_data->sign_type_offset != 0) {
+-		G_STRUCT_MEMBER(LassoSignatureType, node,klass->node_data->sign_type_offset) =
+-			LASSO_SIGNATURE_TYPE_NONE;
++	/* follow the class parenting chain */
++	while (klass && LASSO_IS_NODE_CLASS(klass)) {
++		if (klass && klass->node_data && klass->node_data->sign_type_offset != 0) {
++			G_STRUCT_MEMBER(LassoSignatureType, node, klass->node_data->sign_type_offset) =
++				LASSO_SIGNATURE_TYPE_NONE;
++		}
++		klass = g_type_class_peek_parent(klass);
+ 	}
+ }
+@@ -1097,4 +1107,17 @@
+ }
+ 
++/**
++ * lasso_saml20_profile_build_http_redirect:
++ * @profile: a #LassoProfile object
++ * @msg: a #LassoNode object representing a SAML 2.0 message
++ * @must_sign: wheter to sign the query message using query signatures
++ * @url: the URL where the query is targeted
++ *
++ * Build an HTTP URL with a query-string following the SAML 2.0 HTTP-Redirect binding rules,
++ * eventually sign it. Any signature at the message level is removed.
++ *
++ * Return value: 0 if successful, an error code otherwise.
++ */
++
+ gint
+ lasso_saml20_profile_build_http_redirect(LassoProfile *profile,
+@@ -1103,12 +1126,17 @@
+ 	const char *url)
+ {
+-	char *query;
++	char *query = NULL;
++	int rc = 0;
  
  	if (url == NULL) {
  		return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
  	}
--	/* No signature on the XML message */
++	/* remove XML signature */
++	remove_signature(msg);
+ 	/* No signature on the XML message */
 -	remove_all_signatures(msg);
- 	query = lasso_saml20_profile_export_to_query(profile, msg, must_sign);
+-	query = lasso_saml20_profile_export_to_query(profile, msg, must_sign);
++	rc = lasso_saml20_profile_export_to_query(profile, msg, must_sign, &query);
++	if (rc)
++		return rc;
++
  	lasso_assign_new_string(profile->msg_url, lasso_concat_url_query(url, query));
  	lasso_release(profile->msg_body);
- 	lasso_release(query);
+@@ -1317,4 +1345,5 @@
+ 		lasso_release(idx);
+ 	}
++	/* remove signature at the message level */
+ 	rc = lasso_saml20_profile_build_http_redirect(profile, msg, must_sign, url);
+ 	lasso_release(url);
diff --git a/security/lasso/patches/patch-cb b/security/lasso/patches/patch-cb
new file mode 100644
index 00000000000..7f91cc07faf
--- /dev/null
+++ b/security/lasso/patches/patch-cb
@@ -0,0 +1,74 @@
+$NetBSD: patch-cb,v 1.3 2009/12/01 08:49:46 manu Exp $
+--- lasso/xml/tools.c.orig	2009-11-30 18:38:05.000000000 +0100
++++ lasso/xml/tools.c	2009-11-30 18:39:45.000000000 +0100
+@@ -1492,2 +1492,70 @@
+ 	return result;
+ }
++
++
++/**
++ * lasso_url_add_parameters:
++ * @url: the original URL
++ * @free: whether to free the URL parameter
++ * @...: pairs of strings, key, value, followed by NULL
++ *
++ * Iterate over all pairs of key,value, and concatenate them to @url encoded as "&key=value", where
++ * key and value are url-encoded.
++ * If free is true and at least one pair was given, url is freed. If url is NULL, the first
++ * ampersand is omitted.
++ *
++ * Return value: a newly allocated string, or url.
++ */
++char*
++lasso_url_add_parameters(char *url,
++		gboolean free, ...)
++{
++	char *old_url = url, *new_url;
++	xmlChar *encoded_key, *encoded_value;
++	int rc = 0;
++	va_list ap;
++
++	va_start(ap, free);
++
++	while (1) {
++		char *key;
++		char *value;
++
++		key = va_arg(ap, char*);
++		if (! key) {
++			break;
++		}
++		encoded_key = xmlURIEscapeStr((xmlChar*)key, NULL);
++		goto_cleanup_if_fail_with_rc(encoded_key, 0);
++
++		value = va_arg(ap, char*);
++		if (! value) {
++			message(G_LOG_LEVEL_CRITICAL, "lasso_url_add_parameter: key without a value !!");
++			break;
++		}
++		encoded_value = xmlURIEscapeStr((xmlChar*)value, NULL);
++		goto_cleanup_if_fail_with_rc(encoded_value, 0);
++
++		if (old_url) {
++			new_url = g_strdup_printf("%s&%s=%s", old_url, (char*)encoded_key, (char*)encoded_value);
++		} else {
++			new_url = g_strdup_printf("%s=%s", (char*)encoded_key, (char*)encoded_value);
++		}
++		if (old_url != url) {
++			lasso_release_string(old_url);
++		}
++		old_url = new_url;
++
++		lasso_release_xml_string(encoded_key);
++		lasso_release_xml_string(encoded_value);
++	}
++cleanup:
++	va_end(ap);
++	if (free && new_url != url) {
++		lasso_release(url);
++	}
++	lasso_release_xml_string(encoded_key);
++
++	return new_url;
++}
++
diff --git a/security/lasso/patches/patch-cc b/security/lasso/patches/patch-cc
new file mode 100644
index 00000000000..c6466cda4db
--- /dev/null
+++ b/security/lasso/patches/patch-cc
@@ -0,0 +1,77 @@
+$NetBSD: patch-cc,v 1.1 2009/12/01 08:49:46 manu Exp $
+--- lasso/utils.h.orig	2009-11-30 18:54:46.000000000 +0100
++++ lasso/utils.h	2009-11-30 19:31:22.000000000 +0100
+@@ -336,4 +336,73 @@
+ 	g_return_val_if_fail(name != NULL, LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
+ 
++/**
++ * The following macros are made to create some formalism for function's cleanup code.
++ *
++ * The exit label should be called 'cleanup'. And for functions returning an integer error code, the
++ * error code should be named 'rc' and 'return rc;' should be the last statement of the function.
++ */
++
++/**
++ * goto_cleanup_with_rc:
++ * @rc_value: integer return value
++ *
++ * This macro jump to the 'cleanup' label and set the return value to @rc_value.
++ *
++ */
++#define goto_cleanup_with_rc(rc_value) \
++	{\
++		rc = (rc_value); \
++		goto cleanup; \
++	}
++
++/**
++ * goto_cleanup_if_fail:
++ * @condition: a boolean condition
++ *
++ * Jump to the 'cleanup' label if the @condition is FALSE.
++ *
++ */
++#define goto_cleanup_if_fail(condition) \
++	{\
++		if (! (condition) ) {\
++			goto cleanup; \
++		} \
++	}
++
++/**
++ * goto_cleanup_if_fail_with_rc:
++ * @condition: a boolean condition
++ * @rc_value: integer return value
++ *
++ * Jump to the 'cleanup' label if the @condition is FALSE and set the return value to
++ * @rc_value.
++ *
++ */
++#define goto_cleanup_if_fail_with_rc(condition, rc_value) \
++	{\
++		if (! (condition) ) {\
++			rc = (rc_value); \
++			goto cleanup; \
++		} \
++	}
++
++/**
++ * goto_cleanup_if_fail_with_rc_with_warning:
++ * @condition: a boolean condition
++ * @rc_value: integer return value
++ *
++ * Jump to the 'cleanup' label if the @condition is FALSE and set the return value to
++ * @rc_value. Also emit a warning, showing the condition and the return value.
++ *
++ */
++#define goto_cleanup_if_fail_with_rc_with_warning(condition, rc_value) \
++	{\
++		if (! (condition) ) {\
++			g_warning("%s failed, returning %s", __STRING(condition), __STRING(rc_value));\
++			rc = (rc_value); \
++			goto cleanup; \
++		} \
++	}
++
+ #define goto_exit_with_rc(rc_value) \
+ 	{\
diff --git a/security/lasso/patches/patch-cd b/security/lasso/patches/patch-cd
new file mode 100644
index 00000000000..8b8ac3821bb
--- /dev/null
+++ b/security/lasso/patches/patch-cd
@@ -0,0 +1,9 @@
+$NetBSD: patch-cd,v 1.1 2009/12/01 08:49:46 manu Exp $
+--- lasso/xml/private.h.orig	2009-11-30 19:54:53.000000000 +0100
++++ lasso/xml/private.h	2009-11-30 19:55:04.000000000 +0100
+@@ -214,4 +214,5 @@
+ 
+ char * lasso_get_relaystate_from_query(const char *query);
++char * lasso_url_add_parameters(char *url, gboolean free, ...);
+ 
+ #ifdef __cplusplus