+ long len;
+ char buf[2048];
+ char thiskey[1024];
+ char thisdata[1024];
+ HashList *keys = NULL;
+ ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data;
+
+ if (oiddata == NULL) {
+ cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR);
+ return;
+ }
+ if (StrLength(oiddata->op_url) == 0){
+ cprintf("%d No OpenID Endpoint URL has been obtained.\n", ERROR + ILLEGAL_VALUE);
+ return;
+ }
+ keys = NewHash(1, NULL);
+ if (!keys) {
+ cprintf("%d NewHash() failed\n", ERROR + INTERNAL_ERROR);
+ return;
+ }
+ cprintf("%d Transmit OpenID data now\n", START_CHAT_MODE);
+
+ while (client_getln(buf, sizeof buf), strcmp(buf, "000")) {
+ len = extract_token(thiskey, buf, 0, '|', sizeof thiskey);
+ if (len < 0) {
+ len = sizeof(thiskey) - 1;
+ }
+ extract_token(thisdata, buf, 1, '|', sizeof thisdata);
+ syslog(LOG_DEBUG, "%s: ["SIZE_T_FMT"] %s", thiskey, strlen(thisdata), thisdata);
+ Put(keys, thiskey, len, strdup(thisdata), NULL);
+ }
+
+ /* Check to see if this is a correct response.
+ * Start with verified=1 but then set it to 0 if anything looks wrong.
+ */
+ oiddata->verified = 1;
+
+ char *openid_ns = NULL;
+ if ( (!GetHash(keys, "ns", 2, (void *) &openid_ns))
+ || (strcasecmp(openid_ns, "http://specs.openid.net/auth/2.0"))
+ ) {
+ syslog(LOG_DEBUG, "This is not an an OpenID assertion");
+ oiddata->verified = 0;
+ }
+
+ char *openid_mode = NULL;
+ if ( (!GetHash(keys, "mode", 4, (void *) &openid_mode))
+ || (strcasecmp(openid_mode, "id_res"))
+ ) {
+ oiddata->verified = 0;
+ }
+
+ char *openid_claimed_id = NULL;
+ if (GetHash(keys, "claimed_id", 10, (void *) &openid_claimed_id)) {
+ FreeStrBuf(&oiddata->claimed_id);
+ oiddata->claimed_id = NewStrBufPlain(openid_claimed_id, -1);
+ syslog(LOG_DEBUG, "Provider is asserting the Claimed ID '%s'", ChrPtr(oiddata->claimed_id));
+ }
+
+ /* Validate the assertion against the server */
+ syslog(LOG_DEBUG, "Validating...");
+
+ CURL *curl;
+ CURLcode res;
+ struct curl_httppost *formpost = NULL;
+ struct curl_httppost *lastptr = NULL;
+ char errmsg[1024] = "";
+ StrBuf *ReplyBuf = NewStrBuf();
+
+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, "openid.mode",
+ CURLFORM_COPYCONTENTS, "check_authentication",
+ CURLFORM_END
+ );
+
+/*
+
+FIXME put the rest of this crap in here
+
+ if (GetHash(keys, k_keyname, strlen(k_keyname), (void *) &k_value)) {
+ snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", k_keyname);
+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, k_o_keyname,
+ CURLFORM_COPYCONTENTS, k_value,
+ CURLFORM_END);
+ syslog(LOG_DEBUG, "%25s : %s", k_o_keyname, k_value);
+ }
+*/
+
+ curl = ctdl_openid_curl_easy_init(errmsg);
+ curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url));
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
+ curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
+
+ res = curl_easy_perform(curl);
+ if (res) {
+ syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg);
+ oiddata->verified = 0;
+ }
+ curl_easy_cleanup(curl);
+ curl_formfree(formpost);
+
+ /* syslog(LOG_DEBUG, "\033[36m --- VALIDATION REPLY ---\n%s\033[0m", ChrPtr(ReplyBuf)); */
+
+ if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true") == NULL) {
+ oiddata->verified = 0;
+ }
+ FreeStrBuf(&ReplyBuf);
+
+ syslog(LOG_DEBUG, "OpenID authentication %s", (oiddata->verified ? "succeeded" : "failed") );
+
+ /* Respond to the client */