Skip to content

Commit

Permalink
Remove code pertaining to Lasso < 2.4 (released 2014)
Browse files Browse the repository at this point in the history
Having many ifdefs makes the code less maintainable and also keeps
code that is in practice untested around, because the developers
never compile the code with ancient lasso versions. Confusing
bugs arise because some configuration options only work with some
of the code and not the other.

This removes all code not satisfying the presence of:
- lasso_server_new_from_buffers,
- lasso_server_load_metadata,
- lasso_profile_set_signature_verify_hint
  • Loading branch information
thijskh committed Sep 26, 2023
1 parent db09519 commit 241e475
Show file tree
Hide file tree
Showing 4 changed files with 1 addition and 84 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ mod_auth_mellon has four dependencies:
* pkg-config
* Apache (>=2.0)
* OpenSSL
* lasso (>=2.1)
* lasso (>=2.4)

You will also require development headers and tools for all of the
dependencies.
Expand Down
23 changes: 0 additions & 23 deletions auth_mellon_config.c
Original file line number Diff line number Diff line change
Expand Up @@ -367,13 +367,6 @@ static const char *am_set_idp_string_slot(cmd_parms *cmd,
am_file_data_t *idp_file_data = NULL;
am_file_data_t *chain_file_data = NULL;

#ifndef HAVE_lasso_server_load_metadata
if (chain != NULL)
return apr_psprintf(cmd->pool, "Cannot specify validating chain "
"for %s since lasso library lacks "
"lasso_server_load_metadata()", cmd->cmd->name);
#endif /* HAVE_lasso_server_load_metadata */

idp_file_data = am_file_data_new(pconf, metadata);
if (am_file_stat(idp_file_data) != APR_SUCCESS) {
return idp_file_data->strerror;
Expand Down Expand Up @@ -415,7 +408,6 @@ static const char *am_set_idp_ignore_slot(cmd_parms *cmd,
int argc,
char *const argv[])
{
#ifdef HAVE_lasso_server_load_metadata
server_rec *s = cmd->server;
apr_pool_t *pconf = s->process->pconf;
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
Expand All @@ -438,13 +430,6 @@ static const char *am_set_idp_ignore_slot(cmd_parms *cmd,
}

return NULL;

#else /* HAVE_lasso_server_load_metadata */

return apr_psprintf(cmd->pool, "Cannot use %s since lasso library lacks "
"lasso_server_load_metadata()", cmd->cmd->name);

#endif /* HAVE_lasso_server_load_metadata */
}


Expand Down Expand Up @@ -1096,15 +1081,7 @@ static const char *am_set_do_not_verify_logout_signature(cmd_parms *cmd,
void *struct_ptr,
const char *key)
{
#ifdef HAVE_lasso_profile_set_signature_verify_hint
return am_set_hash_string_slot(cmd, struct_ptr, key, NULL);
#else
return apr_pstrcat(cmd->pool, cmd->cmd->name,
" is not usable as modmellon was compiled against "
"a version of the lasso library which miss the "
"function lasso_profile_set_signature_verify_hint.",
NULL);
#endif
}

/* This function handles the MellonMergeEnvVars configuration directive,
Expand Down
51 changes: 0 additions & 51 deletions auth_mellon_handler.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ APLOG_USE_MODULE(auth_mellon);
*/


#ifdef HAVE_lasso_server_new_from_buffers
/* This function generates optional metadata for a given element
*
* Parameters:
Expand Down Expand Up @@ -211,7 +210,6 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r)
sp_entity_id, cfg->sp_entity_id ? "" : "metadata",
cert, url, url, url, url, url, am_optional_metadata(p, r));
}
#endif /* HAVE_lasso_server_new_from_buffers */


/*
Expand All @@ -228,16 +226,6 @@ static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r)
{
apr_size_t index;

#ifndef HAVE_lasso_server_load_metadata
const char *idp_public_key_file;

if (cfg->idp_metadata->nelts == 1)
idp_public_key_file = cfg->idp_public_key_file ?
cfg->idp_public_key_file->path : NULL;
else
idp_public_key_file = NULL;
#endif /* ! HAVE_lasso_server_load_metadata */

if (cfg->idp_metadata->nelts == 0) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Error, URI \"%s\" has no IdP's defined", r->uri);
Expand All @@ -247,9 +235,7 @@ static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r)
for (index = 0; index < cfg->idp_metadata->nelts; index++) {
const am_metadata_t *idp_metadata;
int error;
#ifdef HAVE_lasso_server_load_metadata
GList *loaded_idp = NULL;
#endif /* HAVE_lasso_server_load_metadata */

idp_metadata = &( ((const am_metadata_t*)cfg->idp_metadata->elts) [index] );

Expand All @@ -260,7 +246,6 @@ static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r)
"Loading IdP metadata chain");
}

#ifdef HAVE_lasso_server_load_metadata
error = lasso_server_load_metadata(cfg->server,
LASSO_PROVIDER_ROLE_IDP,
idp_metadata->metadata->path,
Expand All @@ -286,15 +271,6 @@ static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r)
g_list_free(loaded_idp);
}

#else /* HAVE_lasso_server_load_metadata */
error = lasso_server_add_provider(cfg->server,
LASSO_PROVIDER_ROLE_IDP,
idp_metadata->metadata->path,
idp_public_key_file,
cfg->idp_ca_file ?
cfg->idp_ca_file->path : NULL);
#endif /* HAVE_lasso_server_load_metadata */

if (error != 0) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Error adding metadata \"%s\" to "
Expand All @@ -317,7 +293,6 @@ static LassoServer *am_get_lasso_server(request_rec *r)
if(cfg->server == NULL) {
if(cfg->sp_metadata_file == NULL) {

#ifdef HAVE_lasso_server_new_from_buffers
/*
* Try to generate missing metadata
*/
Expand All @@ -326,29 +301,14 @@ static LassoServer *am_get_lasso_server(request_rec *r)
cfg->sp_metadata_file->rv = APR_SUCCESS;
cfg->sp_metadata_file->generated = true;
cfg->sp_metadata_file->contents = am_generate_metadata(pool, r);
#else
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Missing MellonSPMetadataFile option.");
apr_thread_mutex_unlock(cfg->server_mutex);
return NULL;
#endif /* HAVE_lasso_server_new_from_buffers */
}

#ifdef HAVE_lasso_server_new_from_buffers
cfg->server = lasso_server_new_from_buffers(cfg->sp_metadata_file->contents,
cfg->sp_private_key_file ?
cfg->sp_private_key_file->contents : NULL,
NULL,
cfg->sp_cert_file ?
cfg->sp_cert_file->contents : NULL);
#else
cfg->server = lasso_server_new(cfg->sp_metadata_file->path,
cfg->sp_private_key_file ?
cfg->sp_private_key_file->path : NULL,
NULL,
cfg->sp_cert_file ?
cfg->sp_cert_file->path : NULL);
#endif
if (cfg->server == NULL) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Error initializing lasso server object. Please"
Expand Down Expand Up @@ -711,7 +671,6 @@ static int am_handle_logout_request(request_rec *r,

/* Process the logout message. Ignore missing signature. */
res = lasso_logout_process_request_msg(logout, msg);
#ifdef HAVE_lasso_profile_set_signature_verify_hint
if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND &&
logout->parent.remote_providerID != NULL) {
if (apr_hash_get(cfg->do_not_verify_logout_signature,
Expand All @@ -722,7 +681,6 @@ static int am_handle_logout_request(request_rec *r,
res = lasso_logout_process_request_msg(logout, msg);
}
}
#endif
if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Error processing logout request message."
Expand Down Expand Up @@ -915,7 +873,6 @@ static int am_handle_logout_response_cmn(request_rec *r, LassoLogout *logout,
res = lasso_logout_process_response_msg(logout, input);
am_diag_log_lasso_node(r, 0, LASSO_PROFILE(logout)->response,
"SAML Response (%s):", __func__);
#ifdef HAVE_lasso_profile_set_signature_verify_hint
if(res != 0 && res != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND &&
logout->parent.remote_providerID != NULL) {
if (apr_hash_get(cfg->do_not_verify_logout_signature,
Expand All @@ -926,7 +883,6 @@ static int am_handle_logout_response_cmn(request_rec *r, LassoLogout *logout,
res = lasso_logout_process_response_msg(logout, input);
}
}
#endif
if(res != 0) {
AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"Unable to process logout response."
Expand Down Expand Up @@ -2826,7 +2782,6 @@ static int am_handle_repost(request_rec *r)
*/
static int am_handle_metadata(request_rec *r)
{
#ifdef HAVE_lasso_server_new_from_buffers
am_dir_cfg_rec *cfg = am_get_dir_cfg(r);
LassoServer *server;
const char *data;
Expand All @@ -2848,12 +2803,6 @@ static int am_handle_metadata(request_rec *r)
ap_rputs(data, r);

return OK;
#else /* ! HAVE_lasso_server_new_from_buffers */

AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r,
"metadata publishing require lasso 2.2.2 or higher");
return HTTP_NOT_FOUND;
#endif
}


Expand Down
9 changes: 0 additions & 9 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -58,15 +58,6 @@ AC_SUBST(APXS2)
# We need the lasso library for SAML2 communication.
PKG_CHECK_MODULES(LASSO, lasso)
saved_LIBS=$LIBS; LIBS="$LIBS $LASSO_LIBS";
AC_CHECK_LIB(lasso, lasso_server_new_from_buffers,
[AC_DEFINE([HAVE_lasso_server_new_from_buffers],[],
[lasso library exports lasso_server_new_from_buffers])])
AC_CHECK_LIB(lasso, lasso_server_load_metadata,
[AC_DEFINE([HAVE_lasso_server_load_metadata],[],
[lasso library exports lasso_server_load_metadata])])
AC_CHECK_LIB(lasso, lasso_profile_set_signature_verify_hint,
[AC_DEFINE([HAVE_lasso_profile_set_signature_verify_hint],[],
[lasso library exports lasso_profile_set_signature_verify_hint])])
AC_CHECK_LIB(lasso, lasso_ecp_request_new,
[AC_DEFINE([HAVE_ECP],[],
[lasso library supports ECP profile])])
Expand Down

0 comments on commit 241e475

Please sign in to comment.