X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=09fd48e9bba59d4ec41c6d7ac33a5a02b8f81870;hb=bdfa2e9b6af7e32b11461433a28dd6551f830888;hp=1d80c5dcccbaf18bd41e3e1659c7abd0de39b915;hpb=4549e5c0b44c66dfc0fefdf6b051e9d2806315c1;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index 1d80c5dcc..09fd48e9b 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -1,7 +1,7 @@ /* * This is an implementation of OpenID 2.0 relying party support in stateless mode. * - * Copyright (c) 2007-2011 by the citadel.org team + * Copyright (c) 2007-2019 by the citadel.org team * * This program is open source software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -82,7 +82,7 @@ void openid_cleanup_function(void) { struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ if (CCC->openid_data != NULL) { - syslog(LOG_DEBUG, "Clearing OpenID session state"); + syslog(LOG_DEBUG, "openid: Clearing OpenID session state"); Free_ctdl_openid((ctdl_openid **) &CCC->openid_data); } } @@ -112,9 +112,9 @@ void openid_cleanup_function(void) { /* - * Attach an OpenID to a Citadel account + * Attach an external authenticator (such as an OpenID) to a Citadel account */ -int attach_openid(struct ctdluser *who, StrBuf *claimed_id) +int attach_extauth(struct ctdluser *who, StrBuf *claimed_id) { struct cdbdata *cdboi; long fetched_usernum; @@ -125,19 +125,19 @@ int attach_openid(struct ctdluser *who, StrBuf *claimed_id) if (!who) return(1); if (StrLength(claimed_id)==0) return(1); - /* Check to see if this OpenID is already in the database */ + /* Check to see if this authenticator is already in the database */ - cdboi = cdb_fetch(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id)); + cdboi = cdb_fetch(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id)); if (cdboi != NULL) { memcpy(&fetched_usernum, cdboi->ptr, sizeof(long)); cdb_free(cdboi); if (fetched_usernum == who->usernum) { - syslog(LOG_INFO, "%s already associated; no action is taken", ChrPtr(claimed_id)); + syslog(LOG_INFO, "openid: %s already associated; no action is taken", ChrPtr(claimed_id)); return(0); } else { - syslog(LOG_INFO, "%s already belongs to another user", ChrPtr(claimed_id)); + syslog(LOG_INFO, "openid: %s already belongs to another user", ChrPtr(claimed_id)); return(3); } } @@ -150,22 +150,20 @@ int attach_openid(struct ctdluser *who, StrBuf *claimed_id) memcpy(data, &who->usernum, sizeof(long)); memcpy(&data[sizeof(long)], ChrPtr(claimed_id), StrLength(claimed_id) + 1); - cdb_store(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id), data, data_len); + cdb_store(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id), data, data_len); free(data); - snprintf(buf, sizeof buf, "User <%s> (#%ld) has claimed the OpenID URL %s\n", - who->fullname, who->usernum, ChrPtr(claimed_id)); - CtdlAideMessage(buf, "OpenID claim"); - syslog(LOG_INFO, "%s", buf); + snprintf(buf, sizeof buf, "User <%s> (#%ld) is now associated with %s\n", who->fullname, who->usernum, ChrPtr(claimed_id)); + CtdlAideMessage(buf, "External authenticator claim"); + syslog(LOG_INFO, "openid: %s", buf); return(0); } - /* * When a user is being deleted, we have to delete any OpenID associations */ -void openid_purge(struct ctdluser *usbuf) { +void extauth_purge(struct ctdluser *usbuf) { struct cdbdata *cdboi; HashList *keys = NULL; HashPos *HashPos; @@ -178,8 +176,8 @@ void openid_purge(struct ctdluser *usbuf) { keys = NewHash(1, NULL); if (!keys) return; - cdb_rewind(CDB_OPENID); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == usbuf->usernum) { @@ -195,8 +193,8 @@ void openid_purge(struct ctdluser *usbuf) { HashPos = GetNewHashPos(keys, 0); while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) { - syslog(LOG_DEBUG, "Deleting associated OpenID <%s>", (char*)Value); - cdb_delete(CDB_OPENID, Value, strlen(Value)); + syslog(LOG_DEBUG, "openid: deleting associated external authenticator <%s>", (char*)Value); + cdb_delete(CDB_EXTAUTH, Value, strlen(Value)); /* note: don't free(Value) -- deleting the hash list will handle this for us */ } DeleteHashPos(&HashPos); @@ -211,11 +209,17 @@ void cmd_oidl(char *argbuf) { struct cdbdata *cdboi; long usernum = 0L; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_logged_in)) return; - cdb_rewind(CDB_OPENID); - cprintf("%d Associated OpenIDs:\n", LISTING_FOLLOWS); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + cprintf("%d Associated external authenticators:\n", LISTING_FOLLOWS); + + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == CC->user.usernum) { @@ -236,11 +240,17 @@ void cmd_oida(char *argbuf) { long usernum; struct ctdluser usbuf; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_aide)) return; - cdb_rewind(CDB_OPENID); + cdb_rewind(CDB_EXTAUTH); cprintf("%d List of all OpenIDs in the database:\n", LISTING_FOLLOWS); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (CtdlGetUserByNumber(&usbuf, usernum) != 0) { @@ -258,88 +268,6 @@ void cmd_oida(char *argbuf) { } -/* - * Attempt to register (populate the vCard) the currently-logged-in user - * using the data from Simple Registration Extension, if present. - */ -void populate_vcard_from_sreg(HashList *sreg_keys) { - - struct vCard *v; - int pop = 0; /* number of fields populated */ - char *data = NULL; - char *postcode = NULL; - char *country = NULL; - - if (!sreg_keys) return; - v = vcard_new(); - if (!v) return; - - if (GetHash(sreg_keys, "identity", 8, (void *) &data)) { - vcard_add_prop(v, "url;type=openid", data); - ++pop; - } - - if (GetHash(sreg_keys, "sreg.email", 10, (void *) &data)) { - vcard_add_prop(v, "email;internet", data); - ++pop; - } - - if (GetHash(sreg_keys, "sreg.nickname", 13, (void *) &data)) { - vcard_add_prop(v, "nickname", data); - ++pop; - } - - if (GetHash(sreg_keys, "sreg.fullname", 13, (void *) &data)) { - char n[256]; - vcard_add_prop(v, "fn", data); - vcard_fn_to_n(n, data, sizeof n); - vcard_add_prop(v, "n", n); - ++pop; - } - - if (!GetHash(sreg_keys, "sreg.postcode", 13, (void *) &postcode)) { - postcode = NULL; - } - - if (!GetHash(sreg_keys, "sreg.country", 12, (void *) &country)) { - country = NULL; - } - - if (postcode || country) { - char adr[256]; - snprintf(adr, sizeof adr, ";;;;;%s;%s", - (postcode ? postcode : ""), - (country ? country : "") - ); - vcard_add_prop(v, "adr", adr); - ++pop; - } - - if (GetHash(sreg_keys, "sreg.dob", 8, (void *) &data)) { - vcard_add_prop(v, "bday", data); - ++pop; - } - - if (GetHash(sreg_keys, "sreg.gender", 11, (void *) &data)) { - vcard_add_prop(v, "x-funambol-gender", data); - ++pop; - } - - /* Only save the vCard if there is some useful data in it */ - if (pop > 0) { - char *ser; - ser = vcard_serialize(v); - if (ser) { - CtdlWriteObject(USERCONFIGROOM, "text/x-vcard", - ser, strlen(ser)+1, &CC->user, 0, 0, 0 - ); - free(ser); - } - } - vcard_free(v); -} - - /* * Create a new user account, manually specifying the name, after successfully * verifying an OpenID (which will of course be attached to the account) @@ -347,6 +275,12 @@ void populate_vcard_from_sreg(HashList *sreg_keys) { void cmd_oidc(char *argbuf) { ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if ( (!oiddata) || (!oiddata->verified) ) { cprintf("%d You have not verified an OpenID yet.\n", ERROR); return; @@ -359,10 +293,7 @@ void cmd_oidc(char *argbuf) { /* Now, if this logged us in, we have to attach the OpenID */ if (CC->logged_in) { - attach_openid(&CC->user, oiddata->claimed_id); - if (oiddata->sreg_keys != NULL) { - populate_vcard_from_sreg(oiddata->sreg_keys); - } + attach_extauth(&CC->user, oiddata->claimed_id); } } @@ -377,14 +308,20 @@ void cmd_oidd(char *argbuf) { int this_is_mine = 0; long usernum = 0L; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_logged_in)) return; extract_token(id_to_detach, argbuf, 0, '|', sizeof id_to_detach); if (IsEmptyStr(id_to_detach)) { cprintf("%d An empty OpenID URL is not allowed.\n", ERROR + ILLEGAL_VALUE); } - cdb_rewind(CDB_OPENID); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == CC->user.usernum) { @@ -400,41 +337,82 @@ void cmd_oidd(char *argbuf) { return; } - cdb_delete(CDB_OPENID, id_to_detach, strlen(id_to_detach)); + cdb_delete(CDB_EXTAUTH, id_to_detach, strlen(id_to_detach)); cprintf("%d %s detached from your account.\n", CIT_OK, id_to_detach); } /* - * Attempt to auto-create a new Citadel account using the nickname from Simple Registration Extension + * Attempt to auto-create a new Citadel account using the nickname from Attribute Exchange */ -int openid_create_user_via_sreg(StrBuf *claimed_id, HashList *sreg_keys) +int openid_create_user_via_ax(StrBuf *claimed_id, HashList *sreg_keys) { - char *desired_name = NULL; + char *nickname = NULL; + char *firstname = NULL; + char *lastname = NULL; char new_password[32]; long len; + const char *Key; + void *Value; - if (config.c_auth_mode != AUTHMODE_NATIVE) return(1); - if (config.c_disable_newu) return(2); + if (CtdlGetConfigInt("c_auth_mode") != AUTHMODE_NATIVE) return(1); + if (CtdlGetConfigInt("c_disable_newu")) return(2); if (CC->logged_in) return(3); - if (!GetHash(sreg_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4); - syslog(LOG_DEBUG, "The desired account name is <%s>", desired_name); + HashPos *HashPos = GetNewHashPos(sreg_keys, 0); + while (GetNextHashPos(sreg_keys, HashPos, &len, &Key, &Value) != 0) { + syslog(LOG_DEBUG, "openid: %s = %s", Key, (char *)Value); + + if (cbmstrcasestr(Key, "value.nickname") != NULL) { + nickname = (char *)Value; + } + else if ( (nickname == NULL) && (cbmstrcasestr(Key, "value.nickname") != NULL)) { + nickname = (char *)Value; + } + else if (cbmstrcasestr(Key, "value.firstname") != NULL) { + firstname = (char *)Value; + } + else if (cbmstrcasestr(Key, "value.lastname") != NULL) { + lastname = (char *)Value; + } + + } + DeleteHashPos(&HashPos); + + if (nickname == NULL) { + if ((firstname != NULL) || (lastname != NULL)) { + char fullname[1024] = ""; + if (firstname) strcpy(fullname, firstname); + if (firstname && lastname) strcat(fullname, " "); + if (lastname) strcat(fullname, lastname); + nickname = fullname; + } + } - len = cutuserkey(desired_name); - if (!CtdlGetUser(&CC->user, desired_name)) { - syslog(LOG_DEBUG, "<%s> is already taken by another user.", desired_name); + if (nickname == NULL) { + return(4); + } + syslog(LOG_DEBUG, "openid: the desired account name is <%s>", nickname); + + len = cutusername(nickname); + if (!CtdlGetUser(&CC->user, nickname)) { + syslog(LOG_DEBUG, "openid: <%s> is already taken by another user.", nickname); memset(&CC->user, 0, sizeof(struct ctdluser)); return(5); } /* The desired account name is available. Create the account and log it in! */ - if (create_user(desired_name, len, 1)) return(6); + if (create_user(nickname, CREATE_USER_BECOME_USER, NATIVE_AUTH_UID)) return(6); + /* Generate a random password. + * The user doesn't care what the password is since he is using OpenID. + */ snprintf(new_password, sizeof new_password, "%08lx%08lx", random(), random()); CtdlSetPassword(new_password); - attach_openid(&CC->user, claimed_id); - populate_vcard_from_sreg(sreg_keys); + + /* Now attach the verified OpenID to this account. */ + attach_extauth(&CC->user, claimed_id); + return(0); } @@ -443,12 +421,12 @@ int openid_create_user_via_sreg(StrBuf *claimed_id, HashList *sreg_keys) * If a user account exists which is associated with the Claimed ID, log it in and return zero. * Otherwise it returns nonzero. */ -int login_via_openid(StrBuf *claimed_id) +int login_via_extauth(StrBuf *claimed_id) { struct cdbdata *cdboi; long usernum = 0; - cdboi = cdb_fetch(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id)); + cdboi = cdb_fetch(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id)); if (cdboi == NULL) { return(-1); } @@ -572,12 +550,12 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) { curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); /* die after 30 seconds */ if ( - (!IsEmptyStr(config.c_ip_addr)) - && (strcmp(config.c_ip_addr, "*")) - && (strcmp(config.c_ip_addr, "::")) - && (strcmp(config.c_ip_addr, "0.0.0.0")) + (!IsEmptyStr(CtdlGetConfigStr("c_ip_addr"))) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "*")) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "::")) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "0.0.0.0")) ) { - curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); + curl_easy_setopt(curl, CURLOPT_INTERFACE, CtdlGetConfigStr("c_ip_addr")); } return(curl); @@ -683,11 +661,6 @@ int parse_xrds_document(StrBuf *ReplyBuf) { struct xrds xrds; int return_value = 0; - syslog(LOG_DEBUG, - " --- XRDS DOCUMENT BEGIN --- \n%s\n --- XRDS DOCUMENT END ---", - ChrPtr(ReplyBuf) - ); - memset(&xrds, 0, sizeof (struct xrds)); xrds.selected_service_priority = INT_MAX; xrds.CharData = NewStrBuf(); @@ -703,7 +676,7 @@ int parse_xrds_document(StrBuf *ReplyBuf) { XML_ParserFree(xp); } else { - syslog(LOG_ALERT, "Cannot create XML parser"); + syslog(LOG_ERR, "openid: cannot create XML parser"); } if (xrds.selected_service_priority < INT_MAX) { @@ -723,7 +696,6 @@ int parse_xrds_document(StrBuf *ReplyBuf) { } - /* * Callback function for perform_openid2_discovery() * We're interested in the X-XRDS-Location: header. @@ -763,7 +735,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { StrBuf *x_xrds_location = NULL; if (!SuppliedURL) return(0); - syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(SuppliedURL)); + syslog(LOG_DEBUG, "openid: perform_openid2_discovery(%s)", ChrPtr(SuppliedURL)); if (StrLength(SuppliedURL) == 0) return(0); ReplyBuf = NewStrBuf(); @@ -785,7 +757,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { result = curl_easy_perform(curl); if (result) { - syslog(LOG_DEBUG, "libcurl error %d: %s", result, errmsg); + syslog(LOG_DEBUG, "openid: libcurl error %d: %s", result, errmsg); } curl_slist_free_all(my_headers); curl_easy_cleanup(curl); @@ -812,7 +784,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { if ( (x_xrds_location) && (strcmp(ChrPtr(x_xrds_location), ChrPtr(SuppliedURL))) ) { - syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); + syslog(LOG_DEBUG, "openid: X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); return_value = perform_openid2_discovery(x_xrds_location); FreeStrBuf(&x_xrds_location); } @@ -857,16 +829,21 @@ void cmd_oids(char *argbuf) { ctdl_openid *oiddata; int discovery_succeeded = 0; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } Free_ctdl_openid ((ctdl_openid**)&CCC->openid_data); CCC->openid_data = oiddata = malloc(sizeof(ctdl_openid)); if (oiddata == NULL) { - syslog(LOG_ALERT, "malloc() failed: %s", strerror(errno)); + syslog(LOG_ERR, "openid: malloc() failed: %m"); cprintf("%d malloc failed\n", ERROR + INTERNAL_ERROR); return; } memset(oiddata, 0, sizeof(ctdl_openid)); - CCC->openid_data = (void *) oiddata; ArgBuf = NewStrBufPlain(argbuf, -1); @@ -877,7 +854,7 @@ void cmd_oids(char *argbuf) { StrBufExtract_NextToken(oiddata->claimed_id, ArgBuf, &Pos, '|'); StrBufExtract_NextToken(return_to, ArgBuf, &Pos, '|'); - syslog(LOG_DEBUG, "User-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); + syslog(LOG_DEBUG, "openid: user-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); /********** OpenID 2.0 section 7.3 - Discovery **********/ @@ -898,7 +875,7 @@ void cmd_oids(char *argbuf) { /* * If we get to this point we are in possession of a valid OpenID Provider URL. */ - syslog(LOG_DEBUG, "OP URI '%s' discovered using method %d", + syslog(LOG_DEBUG, "openid: OP URI '%s' discovered using method %d", ChrPtr(oiddata->op_url), discovery_succeeded ); @@ -918,7 +895,8 @@ void cmd_oids(char *argbuf) { RedirectUrl = NewStrBufDup(oiddata->op_url); - StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.ns=http:%2F%2Fspecs.openid.net%2Fauth%2F2.0"), 0); + StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.ns="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://specs.openid.net/auth/2.0"); StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.mode=checkid_setup"), 0); @@ -928,16 +906,37 @@ void cmd_oids(char *argbuf) { StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.identity="), 0); StrBufUrlescAppend(RedirectUrl, oiddata->claimed_id, NULL); + /* return_to tells the provider how to complete the round trip back to our site */ StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.return_to="), 0); StrBufUrlescAppend(RedirectUrl, return_to, NULL); -/* - We probably have to do something here to set up Simple Registration - StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.sreg.optional="), 0); - StrBufUrlescAppend(RedirectUrl, NULL, "nickname,email,fullname,postcode,country,dob,gender"); -*/ + /* Attribute Exchange + * See: + * http://openid.net/specs/openid-attribute-exchange-1_0.html + * http://code.google.com/apis/accounts/docs/OpenID.html#endpoint + * http://test-id.net/OP/AXFetch.aspx + */ + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ns.ax="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://openid.net/srv/ax/1.0"); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.mode=fetch_request"), 0); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.required=firstname,lastname,friendly,nickname"), 0); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.type.firstname="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://axschema.org/namePerson/first"); - syslog(LOG_DEBUG, "\033[36m%s\033[0m", ChrPtr(RedirectUrl)); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.type.lastname="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://axschema.org/namePerson/last"); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.type.friendly="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://axschema.org/namePerson/friendly"); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.type.nickname="), 0); + StrBufUrlescAppend(RedirectUrl, NULL, "http://axschema.org/namePerson/nickname"); + + syslog(LOG_DEBUG, "openid: redirecting client to %s", ChrPtr(RedirectUrl)); cprintf("%d %s\n", CIT_OK, ChrPtr(RedirectUrl)); } @@ -957,8 +956,16 @@ void cmd_oidf(char *argbuf) { char thiskey[1024]; char thisdata[1024]; HashList *keys = NULL; + const char *Key; + void *Value; ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (oiddata == NULL) { cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR); return; @@ -980,7 +987,6 @@ void cmd_oidf(char *argbuf) { len = sizeof(thiskey) - 1; } extract_token(thisdata, buf, 1, '|', sizeof thisdata); - syslog(LOG_DEBUG, "%s: ["SIZE_T_FMT"] %s", thiskey, strlen(thisdata), thisdata); Put(keys, thiskey, len, strdup(thisdata), NULL); } @@ -993,7 +999,7 @@ void cmd_oidf(char *argbuf) { if ( (!GetHash(keys, "ns", 2, (void *) &openid_ns)) || (strcasecmp(openid_ns, "http://specs.openid.net/auth/2.0")) ) { - syslog(LOG_DEBUG, "This is not an an OpenID assertion"); + syslog(LOG_DEBUG, "openid: this is not an an OpenID assertion"); oiddata->verified = 0; } @@ -1008,11 +1014,11 @@ void cmd_oidf(char *argbuf) { if (GetHash(keys, "claimed_id", 10, (void *) &openid_claimed_id)) { FreeStrBuf(&oiddata->claimed_id); oiddata->claimed_id = NewStrBufPlain(openid_claimed_id, -1); - syslog(LOG_DEBUG, "Provider is asserting the Claimed ID '%s'", ChrPtr(oiddata->claimed_id)); + syslog(LOG_DEBUG, "openid: provider is asserting the Claimed ID '%s'", ChrPtr(oiddata->claimed_id)); } /* Validate the assertion against the server */ - syslog(LOG_DEBUG, "Validating..."); + syslog(LOG_DEBUG, "openid: validating..."); CURL *curl; CURLcode res; @@ -1027,19 +1033,19 @@ void cmd_oidf(char *argbuf) { CURLFORM_END ); -/* - -FIXME put the rest of this crap in here - - if (GetHash(keys, k_keyname, strlen(k_keyname), (void *) &k_value)) { - snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", k_keyname); - curl_formadd(&formpost, &lastptr, - CURLFORM_COPYNAME, k_o_keyname, - CURLFORM_COPYCONTENTS, k_value, - CURLFORM_END); - syslog(LOG_DEBUG, "%25s : %s", k_o_keyname, k_value); - } -*/ + HashPos *HashPos = GetNewHashPos(keys, 0); + while (GetNextHashPos(keys, HashPos, &len, &Key, &Value) != 0) { + if (strcasecmp(Key, "mode")) { + char k_o_keyname[1024]; + snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", (const char *)Key); + curl_formadd(&formpost, &lastptr, + CURLFORM_COPYNAME, k_o_keyname, + CURLFORM_COPYCONTENTS, (char *)Value, + CURLFORM_END + ); + } + } + DeleteHashPos(&HashPos); curl = ctdl_openid_curl_easy_init(errmsg); curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url)); @@ -1049,20 +1055,18 @@ FIXME put the rest of this crap in here res = curl_easy_perform(curl); if (res) { - syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg); + syslog(LOG_DEBUG, "openid: cmd_oidf() libcurl error %d: %s", res, errmsg); oiddata->verified = 0; } curl_easy_cleanup(curl); curl_formfree(formpost); - /* syslog(LOG_DEBUG, "\033[36m --- VALIDATION REPLY ---\n%s\033[0m", ChrPtr(ReplyBuf)); */ - if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true") == NULL) { oiddata->verified = 0; } FreeStrBuf(&ReplyBuf); - syslog(LOG_DEBUG, "OpenID authentication %s", (oiddata->verified ? "succeeded" : "failed") ); + syslog(LOG_DEBUG, "openid: authentication %s", (oiddata->verified ? "succeeded" : "failed") ); /* Respond to the client */ @@ -1070,13 +1074,13 @@ FIXME put the rest of this crap in here /* If we were already logged in, attach the OpenID to the user's account */ if (CC->logged_in) { - if (attach_openid(&CC->user, oiddata->claimed_id) == 0) { + if (attach_extauth(&CC->user, oiddata->claimed_id) == 0) { cprintf("attach\n"); - syslog(LOG_DEBUG, "OpenID attach succeeded"); + syslog(LOG_DEBUG, "openid: attach succeeded"); } else { cprintf("fail\n"); - syslog(LOG_DEBUG, "OpenID attach failed"); + syslog(LOG_DEBUG, "openid: attach failed"); } } @@ -1090,28 +1094,28 @@ FIXME put the rest of this crap in here * is associated with the account, they already have password equivalency and can * login, so they could just as easily change the password, etc. */ - if (login_via_openid(oiddata->claimed_id) == 0) { + if (login_via_extauth(oiddata->claimed_id) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); - syslog(LOG_DEBUG, "Logged in using previously claimed OpenID"); + syslog(LOG_DEBUG, "openid: logged in using previously claimed OpenID"); } /* * If this system does not allow self-service new user registration, the * remaining modes do not apply, so fail here and now. */ - else if (config.c_disable_newu) { + else if (CtdlGetConfigInt("c_disable_newu")) { cprintf("fail\n"); - syslog(LOG_DEBUG, "Creating user failed due to local policy"); + syslog(LOG_DEBUG, "openid: creating user failed due to local policy"); } /* - * New user whose OpenID is verified and Simple Registration Extension is in use? + * New user whose OpenID is verified and Attribute Exchange gave us a name? */ - else if (openid_create_user_via_sreg(oiddata->claimed_id, keys) == 0) { + else if (openid_create_user_via_ax(oiddata->claimed_id, keys) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); - syslog(LOG_DEBUG, "Successfully auto-created new user"); + syslog(LOG_DEBUG, "openid: successfully auto-created new user"); } /* @@ -1128,7 +1132,7 @@ FIXME put the rest of this crap in here else { cprintf("\n"); } - syslog(LOG_DEBUG, "The desired Simple Registration name is already taken."); + syslog(LOG_DEBUG, "openid: the desired display name is already taken."); } } } @@ -1158,10 +1162,9 @@ FIXME put the rest of this crap in here CTDL_MODULE_INIT(openid_rp) { if (!threading) { - curl_global_init(CURL_GLOBAL_ALL); /* Only enable the OpenID command set when native mode authentication is in use. */ - if (config.c_auth_mode == AUTHMODE_NATIVE) { + if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_NATIVE) { CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication"); CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication"); CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account"); @@ -1169,8 +1172,8 @@ CTDL_MODULE_INIT(openid_rp) CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create new user after validating OpenID"); CtdlRegisterProtoHook(cmd_oida, "OIDA", "List all OpenIDs in the database"); } - CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT); - CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER); + CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT, PRIO_LOGOUT + 10); + CtdlRegisterUserHook(extauth_purge, EVT_PURGEUSER); openid_level_supported = 1; /* This module supports OpenID 1.0 only */ }