Commit 830f15f7 authored by Xavier Guimard's avatar Xavier Guimard

Bad safe usage (#595)

parent 5cd25e3d
......@@ -1417,10 +1417,8 @@ sub getIDP {
else {
foreach ( keys %{ $self->idpList } ) {
my $idpConfKey = $self->idpList->{$_}->{confKey};
my $cond = $self->conf->{samlIDPMetaDataOptions}->{$idpConfKey}
->{samlIDPMetaDataOptionsResolutionRule};
next unless defined $cond;
if ( $self->p->HANDLER->safe->reval($cond) ) {
my $cond = $self->idpRules->{$idpConfKey} or next;
if ( $cond->( $req->sessionInfo ) ) {
$self->logger->debug(
"IDP $idpConfKey resolution rule match");
$idp = $_;
......
......@@ -88,15 +88,23 @@ sub checkForNotifications {
}
# Check condition if any
# TODO: check this
my $condition = $notif->getAttribute('condition');
if ($condition) {
$self->logger->debug("Get condition $condition");
$condition = $self->p->HANDLER->substitute($condition);
unless ( $condition = $self->p->HANDLER->buildSub($condition) )
{
$self->logger->error( 'Notification condition error: '
. $self->p->HANDLER->tsv->{jail}->error );
$notif->unbindNode();
next LOOP;
}
unless ( $self->p->HANDLER->safe->reval($condition) ) {
$self->logger->debug("Notification condition not accepted");
unless ( $condition->( $req->sessionInfo ) ) {
$self->logger->debug(
'Notification condition not authorizated');
# Remove it from XML
$notif->unbindNode();
......
......@@ -26,6 +26,7 @@ our $VERSION = '2.0.0';
has lassoServer => ( is => 'rw' );
has spList => ( is => 'rw', default => sub { {} } );
has idpList => ( is => 'rw', default => sub { {} } );
has idpRules => ( is => 'rw', default => sub { {} } );
# return LWP::UserAgent object
has ua => (
......@@ -261,6 +262,16 @@ sub loadIDPs {
return 0;
}
if(my $cond = $self->conf->{samlIDPMetaDataOptions}->{$_}
->{samlIDPMetaDataOptionsResolutionRule}) {
$cond = $self->p->HANDLER->substitute($cond);
unless( $cond = $self->p->HANDLER->buildSub($cond) ) {
$self->error( 'SAML IdP rule error: '
. $self->p->HANDLER->tsv->{jail}->error );
return 0;
}
$self->idpRules->{$entityID} = $cond;
}
$self->logger->debug("Set encryption mode $encryption_mode on IDP $_");
$self->logger->debug("IDP $_ added");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment