+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, "openid.mode",
+ CURLFORM_COPYCONTENTS, "check_authentication",
+ CURLFORM_END
+ );
+
+/*
+
+FIXME put the rest of this crap in here
+
+ if (GetHash(keys, k_keyname, strlen(k_keyname), (void *) &k_value)) {
+ snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", k_keyname);
+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, k_o_keyname,
+ CURLFORM_COPYCONTENTS, k_value,
+ CURLFORM_END);
+ syslog(LOG_DEBUG, "%25s : %s", k_o_keyname, k_value);
+ }
+*/
+
+ curl = ctdl_openid_curl_easy_init(errmsg);
+ curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url));
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
+ curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
+
+ res = curl_easy_perform(curl);
+ if (res) {
+ syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg);
+ oiddata->verified = 0;
+ }
+ curl_easy_cleanup(curl);
+ curl_formfree(formpost);
+
+ /* syslog(LOG_DEBUG, "\033[36m --- VALIDATION REPLY ---\n%s\033[0m", ChrPtr(ReplyBuf)); */
+
+ if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true") == NULL) {
+ oiddata->verified = 0;
+ }
+ FreeStrBuf(&ReplyBuf);
+
+ syslog(LOG_DEBUG, "OpenID authentication %s", (oiddata->verified ? "succeeded" : "failed") );
+
+ /* Respond to the client */
+
+ if (oiddata->verified) {
+
+ /* If we were already logged in, attach the OpenID to the user's account */
+ if (CC->logged_in) {
+ if (attach_openid(&CC->user, oiddata->claimed_id) == 0) {
+ cprintf("attach\n");
+ syslog(LOG_DEBUG, "OpenID attach succeeded");
+ }
+ else {
+ cprintf("fail\n");
+ syslog(LOG_DEBUG, "OpenID attach failed");
+ }
+ }
+
+ /* Otherwise, a user is attempting to log in using the verified OpenID */
+ else {
+ /*
+ * Existing user who has claimed this OpenID?
+ *
+ * Note: if you think that sending the password back over the wire is insecure,
+ * check your assumptions. If someone has successfully asserted an OpenID that
+ * is associated with the account, they already have password equivalency and can
+ * login, so they could just as easily change the password, etc.
+ */
+ if (login_via_openid(oiddata->claimed_id) == 0) {
+ cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
+ logged_in_response();
+ syslog(LOG_DEBUG, "Logged in using previously claimed OpenID");
+ }
+
+ /*
+ * If this system does not allow self-service new user registration, the
+ * remaining modes do not apply, so fail here and now.
+ */
+ else if (config.c_disable_newu) {
+ cprintf("fail\n");
+ syslog(LOG_DEBUG, "Creating user failed due to local policy");
+ }
+
+ /*
+ * New user whose OpenID is verified and Simple Registration Extension is in use?
+ */
+ else if (openid_create_user_via_sreg(oiddata->claimed_id, keys) == 0) {
+ cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
+ logged_in_response();
+ syslog(LOG_DEBUG, "Successfully auto-created new user");
+ }
+
+ /*
+ * OpenID is verified, but the desired username either was not specified or
+ * conflicts with an existing user. Manual account creation is required.
+ */
+ else {
+ char *desired_name = NULL;
+ cprintf("verify_only\n");
+ cprintf("%s\n", ChrPtr(oiddata->claimed_id));
+ if (GetHash(keys, "sreg.nickname", 13, (void *) &desired_name)) {
+ cprintf("%s\n", desired_name);
+ }
+ else {
+ cprintf("\n");
+ }
+ syslog(LOG_DEBUG, "The desired Simple Registration name is already taken.");
+ }
+ }
+ }
+ else {
+ cprintf("fail\n");
+ }
+ cprintf("000\n");
+
+ if (oiddata->sreg_keys != NULL) {
+ DeleteHash(&oiddata->sreg_keys);
+ oiddata->sreg_keys = NULL;
+ }
+ oiddata->sreg_keys = keys;