+
+ /* Validate the assertion against the server */
+ syslog(LOG_DEBUG, "Validating...");
+
+ CURL *curl;
+ CURLcode res;
+ struct curl_httppost *formpost = NULL;
+ struct curl_httppost *lastptr = NULL;
+ char errmsg[1024] = "";
+ StrBuf *ReplyBuf = NewStrBuf();
+
+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, "openid.mode",
+ CURLFORM_COPYCONTENTS, "check_authentication",
+ CURLFORM_END
+ );
+
+ HashPos *HashPos = GetNewHashPos(keys, 0);
+ while (GetNextHashPos(keys, HashPos, &len, &Key, &Value) != 0) {
+ syslog(LOG_DEBUG, "%s = %s", Key, (char *)Value);
+ if (strcasecmp(Key, "mode")) {
+ char k_o_keyname[1024];
+ snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", (const char *)Key);
+ curl_formadd(&formpost, &lastptr,
+ CURLFORM_COPYNAME, k_o_keyname,
+ CURLFORM_COPYCONTENTS, (char *)Value,
+ CURLFORM_END
+ );
+ }
+ }
+
+ curl = ctdl_openid_curl_easy_init(errmsg);
+ curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url));
+ curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
+ curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
+ curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
+
+ res = curl_easy_perform(curl);
+ if (res) {
+ syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg);
+ oiddata->verified = 0;
+ }
+ curl_easy_cleanup(curl);
+ curl_formfree(formpost);
+
+ /* syslog(LOG_DEBUG, "Validation reply: \n%s", ChrPtr(ReplyBuf)); */
+ if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true") == NULL) {
+ oiddata->verified = 0;
+ }
+ FreeStrBuf(&ReplyBuf);
+
+ syslog(LOG_DEBUG, "OpenID authentication %s", (oiddata->verified ? "succeeded" : "failed") );
+
+ /* Respond to the client */
+
+ if (oiddata->verified) {
+
+ /* If we were already logged in, attach the OpenID to the user's account */
+ if (CC->logged_in) {
+ if (attach_openid(&CC->user, oiddata->claimed_id) == 0) {
+ cprintf("attach\n");
+ syslog(LOG_DEBUG, "OpenID attach succeeded");
+ }
+ else {
+ cprintf("fail\n");
+ syslog(LOG_DEBUG, "OpenID attach failed");
+ }