Unbreak SP initiated SLO with lasso >= 2.3.5 (patch backported from upstream)

3 files changed, 95 insertions, 3 deletions

diff --git a/www/ap2-auth-mellon/Makefile b/www/ap2-auth-mellon/Makefile
index 3bc70c5c161..13be9bf71f2 100644
--- a/www/ap2-auth-mellon/Makefile
+++ b/www/ap2-auth-mellon/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2011/04/22 13:44:57 obache Exp $
+# $NetBSD: Makefile,v 1.17 2011/05/07 05:15:21 manu Exp $
 #
 
 PKGNAME=	${APACHE_PKG_PREFIX}-${DISTNAME:S/mod_//:S/_/-/}
 DISTNAME=	mod_auth_mellon-0.3.0
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	www security
 MASTER_SITES=	http://modmellon.googlecode.com/files/
 
diff --git a/www/ap2-auth-mellon/distinfo b/www/ap2-auth-mellon/distinfo
index 70780fcd0b3..fa24e895579 100644
--- a/www/ap2-auth-mellon/distinfo
+++ b/www/ap2-auth-mellon/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2011/04/04 08:45:43 manu Exp $
+$NetBSD: distinfo,v 1.10 2011/05/07 05:15:21 manu Exp $
 
 SHA1 (mod_auth_mellon-0.3.0.tar.gz) = 658dda51652f491552f2ecc84572ed7750f914ff
 RMD160 (mod_auth_mellon-0.3.0.tar.gz) = 69237b1ec266018a86e7134a4662b491af3c261e
@@ -8,3 +8,4 @@ SHA1 (patch-ad) = a1bebae20bfbb99bd71d68de19901eaef6c52dbd
 SHA1 (patch-ae) = d51040b6d827940a2c3cf8928dee175efa946e37
 SHA1 (patch-af) = 0803665a14df8582ac20d950a070f73d794b08ea
 SHA1 (patch-ag) = c1ef8704268d99b01d1e96fc2da9be74a7726b9d
+SHA1 (patch-ah) = 6287c038aee79e66539dda12ff447dfd5d9529bf
diff --git a/www/ap2-auth-mellon/patches/patch-ah b/www/ap2-auth-mellon/patches/patch-ah
new file mode 100644
index 00000000000..03e62cd2e0e
--- /dev/null
+++ b/www/ap2-auth-mellon/patches/patch-ah
@@ -0,0 +1,91 @@
+$NetBSD: patch-ah,v 1.1 2011/05/07 05:15:21 manu Exp $
+
+Unbreak SP initiated SLO with lasso >= 2.3.5
+
+--- auth_mellon_handler.c.orig	2011-05-07 06:31:46.000000000 +0200
++++ auth_mellon_handler.c	2011-05-07 06:57:03.000000000 +0200
+@@ -774,8 +774,9 @@
+     gint res;
+     char *redirect_to;
+     LassoProfile *profile;
+     LassoSession *session;
++    GList *assertion_list;
+     LassoNode *assertion_n;
+     LassoSaml2Assertion *assertion;
+     LassoSaml2AuthnStatement *authnStatement;
+     LassoSamlp2LogoutRequest *request;
+@@ -822,42 +823,46 @@
+         return HTTP_INTERNAL_SERVER_ERROR;
+     }
+ 
+ 
+-    /* We need to set the SessionIndex in the LogoutRequest to the
+-     * SessionIndex we received during the login operation.
+-     */
+-
+     profile = LASSO_PROFILE(logout);
+-    session = lasso_profile_get_session(profile);
+ 
+-    /* We currently only look at the first assertion in the list
+-     * lasso_session_get_assertions returns.
++    /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex
++     * we received during the login operation. This is not needed since release
++     * 2.3.0.
+      */
+-    assertion_n = lasso_session_get_assertions(
+-        session, profile->remote_providerID)->data;
+-    if(LASSO_IS_SAML2_ASSERTION(assertion_n) == FALSE) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+-                      "No assertions found for the current session.");
+-        lasso_logout_destroy(logout);
+-        return HTTP_INTERNAL_SERVER_ERROR;
+-    }
+-
+-    assertion = LASSO_SAML2_ASSERTION(assertion_n);
++    if (lasso_check_version(2, 3, 0, LASSO_CHECK_VERSION_NUMERIC) == 0) {
++        session = lasso_profile_get_session(profile);
++        assertion_list = lasso_session_get_assertions(
++            session, profile->remote_providerID);
++        if(! assertion_list ||
++                        LASSO_IS_SAML2_ASSERTION(assertion_list->data) == FALSE) {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                          "No assertions found for the current session.");
++            lasso_logout_destroy(logout);
++            return HTTP_INTERNAL_SERVER_ERROR;
++        }
++        /* We currently only look at the first assertion in the list
++         * lasso_session_get_assertions returns.
++         */
++        assertion_n = assertion_list->data;
+ 
+-    /* We assume that the first authnStatement contains the data we want. */
+-    authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
++        assertion = LASSO_SAML2_ASSERTION(assertion_n);
+ 
+-    if(!authnStatement) {
+-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+-                      "No AuthnStatement found in the current assertion.");
+-        lasso_logout_destroy(logout);
+-        return HTTP_INTERNAL_SERVER_ERROR;
+-    }
++        /* We assume that the first authnStatement contains the data we want. */
++        authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
+ 
+-    if(authnStatement->SessionIndex) {
+-        request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
+-        request->SessionIndex = g_strdup(authnStatement->SessionIndex);
++        if(!authnStatement) {
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++                          "No AuthnStatement found in the current assertion.");
++            lasso_logout_destroy(logout);
++            return HTTP_INTERNAL_SERVER_ERROR;
++        }
++    
++        if(authnStatement->SessionIndex) {
++            request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
++            request->SessionIndex = g_strdup(authnStatement->SessionIndex);
++        }
+     }
+ 
+ 
+     /* Set the RelayState parameter to the return url (if we have one). */