X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=09fd48e9bba59d4ec41c6d7ac33a5a02b8f81870;hb=bdfa2e9b6af7e32b11461433a28dd6551f830888;hp=aa03797ef123111aac44925853baf4eccd9275bd;hpb=acf4d7128a99b0bf586795500a66227742b0c3e1;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index aa03797ef..09fd48e9b 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -1,7 +1,7 @@ /* * This is an implementation of OpenID 2.0 relying party support in stateless mode. * - * Copyright (c) 2007-2011 by the citadel.org team + * Copyright (c) 2007-2019 by the citadel.org team * * This program is open source software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -82,7 +82,7 @@ void openid_cleanup_function(void) { struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ if (CCC->openid_data != NULL) { - syslog(LOG_DEBUG, "Clearing OpenID session state"); + syslog(LOG_DEBUG, "openid: Clearing OpenID session state"); Free_ctdl_openid((ctdl_openid **) &CCC->openid_data); } } @@ -112,9 +112,9 @@ void openid_cleanup_function(void) { /* - * Attach an OpenID to a Citadel account + * Attach an external authenticator (such as an OpenID) to a Citadel account */ -int attach_openid(struct ctdluser *who, StrBuf *claimed_id) +int attach_extauth(struct ctdluser *who, StrBuf *claimed_id) { struct cdbdata *cdboi; long fetched_usernum; @@ -125,19 +125,19 @@ int attach_openid(struct ctdluser *who, StrBuf *claimed_id) if (!who) return(1); if (StrLength(claimed_id)==0) return(1); - /* Check to see if this OpenID is already in the database */ + /* Check to see if this authenticator is already in the database */ - cdboi = cdb_fetch(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id)); + cdboi = cdb_fetch(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id)); if (cdboi != NULL) { memcpy(&fetched_usernum, cdboi->ptr, sizeof(long)); cdb_free(cdboi); if (fetched_usernum == who->usernum) { - syslog(LOG_INFO, "%s already associated; no action is taken", ChrPtr(claimed_id)); + syslog(LOG_INFO, "openid: %s already associated; no action is taken", ChrPtr(claimed_id)); return(0); } else { - syslog(LOG_INFO, "%s already belongs to another user", ChrPtr(claimed_id)); + syslog(LOG_INFO, "openid: %s already belongs to another user", ChrPtr(claimed_id)); return(3); } } @@ -150,22 +150,20 @@ int attach_openid(struct ctdluser *who, StrBuf *claimed_id) memcpy(data, &who->usernum, sizeof(long)); memcpy(&data[sizeof(long)], ChrPtr(claimed_id), StrLength(claimed_id) + 1); - cdb_store(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id), data, data_len); + cdb_store(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id), data, data_len); free(data); - snprintf(buf, sizeof buf, "User <%s> (#%ld) has claimed the OpenID URL %s\n", - who->fullname, who->usernum, ChrPtr(claimed_id)); - CtdlAideMessage(buf, "OpenID claim"); - syslog(LOG_INFO, "%s", buf); + snprintf(buf, sizeof buf, "User <%s> (#%ld) is now associated with %s\n", who->fullname, who->usernum, ChrPtr(claimed_id)); + CtdlAideMessage(buf, "External authenticator claim"); + syslog(LOG_INFO, "openid: %s", buf); return(0); } - /* * When a user is being deleted, we have to delete any OpenID associations */ -void openid_purge(struct ctdluser *usbuf) { +void extauth_purge(struct ctdluser *usbuf) { struct cdbdata *cdboi; HashList *keys = NULL; HashPos *HashPos; @@ -178,8 +176,8 @@ void openid_purge(struct ctdluser *usbuf) { keys = NewHash(1, NULL); if (!keys) return; - cdb_rewind(CDB_OPENID); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == usbuf->usernum) { @@ -195,8 +193,8 @@ void openid_purge(struct ctdluser *usbuf) { HashPos = GetNewHashPos(keys, 0); while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) { - syslog(LOG_DEBUG, "Deleting associated OpenID <%s>", (char*)Value); - cdb_delete(CDB_OPENID, Value, strlen(Value)); + syslog(LOG_DEBUG, "openid: deleting associated external authenticator <%s>", (char*)Value); + cdb_delete(CDB_EXTAUTH, Value, strlen(Value)); /* note: don't free(Value) -- deleting the hash list will handle this for us */ } DeleteHashPos(&HashPos); @@ -211,11 +209,17 @@ void cmd_oidl(char *argbuf) { struct cdbdata *cdboi; long usernum = 0L; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_logged_in)) return; - cdb_rewind(CDB_OPENID); - cprintf("%d Associated OpenIDs:\n", LISTING_FOLLOWS); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + cprintf("%d Associated external authenticators:\n", LISTING_FOLLOWS); + + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == CC->user.usernum) { @@ -236,11 +240,17 @@ void cmd_oida(char *argbuf) { long usernum; struct ctdluser usbuf; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_aide)) return; - cdb_rewind(CDB_OPENID); + cdb_rewind(CDB_EXTAUTH); cprintf("%d List of all OpenIDs in the database:\n", LISTING_FOLLOWS); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (CtdlGetUserByNumber(&usbuf, usernum) != 0) { @@ -265,6 +275,12 @@ void cmd_oida(char *argbuf) { void cmd_oidc(char *argbuf) { ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if ( (!oiddata) || (!oiddata->verified) ) { cprintf("%d You have not verified an OpenID yet.\n", ERROR); return; @@ -277,7 +293,7 @@ void cmd_oidc(char *argbuf) { /* Now, if this logged us in, we have to attach the OpenID */ if (CC->logged_in) { - attach_openid(&CC->user, oiddata->claimed_id); + attach_extauth(&CC->user, oiddata->claimed_id); } } @@ -292,14 +308,20 @@ void cmd_oidd(char *argbuf) { int this_is_mine = 0; long usernum = 0L; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (CtdlAccessCheck(ac_logged_in)) return; extract_token(id_to_detach, argbuf, 0, '|', sizeof id_to_detach); if (IsEmptyStr(id_to_detach)) { cprintf("%d An empty OpenID URL is not allowed.\n", ERROR + ILLEGAL_VALUE); } - cdb_rewind(CDB_OPENID); - while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + cdb_rewind(CDB_EXTAUTH); + while (cdboi = cdb_next_item(CDB_EXTAUTH), cdboi != NULL) { if (cdboi->len > sizeof(long)) { memcpy(&usernum, cdboi->ptr, sizeof(long)); if (usernum == CC->user.usernum) { @@ -315,7 +337,7 @@ void cmd_oidd(char *argbuf) { return; } - cdb_delete(CDB_OPENID, id_to_detach, strlen(id_to_detach)); + cdb_delete(CDB_EXTAUTH, id_to_detach, strlen(id_to_detach)); cprintf("%d %s detached from your account.\n", CIT_OK, id_to_detach); } @@ -325,35 +347,71 @@ void cmd_oidd(char *argbuf) { */ int openid_create_user_via_ax(StrBuf *claimed_id, HashList *sreg_keys) { - char *desired_name = NULL; + char *nickname = NULL; + char *firstname = NULL; + char *lastname = NULL; char new_password[32]; long len; + const char *Key; + void *Value; - if (config.c_auth_mode != AUTHMODE_NATIVE) return(1); - if (config.c_disable_newu) return(2); + if (CtdlGetConfigInt("c_auth_mode") != AUTHMODE_NATIVE) return(1); + if (CtdlGetConfigInt("c_disable_newu")) return(2); if (CC->logged_in) return(3); - if (!GetHash(sreg_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4); - syslog(LOG_DEBUG, "The desired account name is <%s>", desired_name); + HashPos *HashPos = GetNewHashPos(sreg_keys, 0); + while (GetNextHashPos(sreg_keys, HashPos, &len, &Key, &Value) != 0) { + syslog(LOG_DEBUG, "openid: %s = %s", Key, (char *)Value); + + if (cbmstrcasestr(Key, "value.nickname") != NULL) { + nickname = (char *)Value; + } + else if ( (nickname == NULL) && (cbmstrcasestr(Key, "value.nickname") != NULL)) { + nickname = (char *)Value; + } + else if (cbmstrcasestr(Key, "value.firstname") != NULL) { + firstname = (char *)Value; + } + else if (cbmstrcasestr(Key, "value.lastname") != NULL) { + lastname = (char *)Value; + } + + } + DeleteHashPos(&HashPos); + + if (nickname == NULL) { + if ((firstname != NULL) || (lastname != NULL)) { + char fullname[1024] = ""; + if (firstname) strcpy(fullname, firstname); + if (firstname && lastname) strcat(fullname, " "); + if (lastname) strcat(fullname, lastname); + nickname = fullname; + } + } + + if (nickname == NULL) { + return(4); + } + syslog(LOG_DEBUG, "openid: the desired account name is <%s>", nickname); - len = cutuserkey(desired_name); - if (!CtdlGetUser(&CC->user, desired_name)) { - syslog(LOG_DEBUG, "<%s> is already taken by another user.", desired_name); + len = cutusername(nickname); + if (!CtdlGetUser(&CC->user, nickname)) { + syslog(LOG_DEBUG, "openid: <%s> is already taken by another user.", nickname); memset(&CC->user, 0, sizeof(struct ctdluser)); return(5); } /* The desired account name is available. Create the account and log it in! */ - if (create_user(desired_name, len, 1)) return(6); + if (create_user(nickname, CREATE_USER_BECOME_USER, NATIVE_AUTH_UID)) return(6); /* Generate a random password. - * The user doesn't care what the password is since he's using OpenID. + * The user doesn't care what the password is since he is using OpenID. */ snprintf(new_password, sizeof new_password, "%08lx%08lx", random(), random()); CtdlSetPassword(new_password); /* Now attach the verified OpenID to this account. */ - attach_openid(&CC->user, claimed_id); + attach_extauth(&CC->user, claimed_id); return(0); } @@ -363,12 +421,12 @@ int openid_create_user_via_ax(StrBuf *claimed_id, HashList *sreg_keys) * If a user account exists which is associated with the Claimed ID, log it in and return zero. * Otherwise it returns nonzero. */ -int login_via_openid(StrBuf *claimed_id) +int login_via_extauth(StrBuf *claimed_id) { struct cdbdata *cdboi; long usernum = 0; - cdboi = cdb_fetch(CDB_OPENID, ChrPtr(claimed_id), StrLength(claimed_id)); + cdboi = cdb_fetch(CDB_EXTAUTH, ChrPtr(claimed_id), StrLength(claimed_id)); if (cdboi == NULL) { return(-1); } @@ -492,12 +550,12 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) { curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); /* die after 30 seconds */ if ( - (!IsEmptyStr(config.c_ip_addr)) - && (strcmp(config.c_ip_addr, "*")) - && (strcmp(config.c_ip_addr, "::")) - && (strcmp(config.c_ip_addr, "0.0.0.0")) + (!IsEmptyStr(CtdlGetConfigStr("c_ip_addr"))) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "*")) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "::")) + && (strcmp(CtdlGetConfigStr("c_ip_addr"), "0.0.0.0")) ) { - curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); + curl_easy_setopt(curl, CURLOPT_INTERFACE, CtdlGetConfigStr("c_ip_addr")); } return(curl); @@ -618,7 +676,7 @@ int parse_xrds_document(StrBuf *ReplyBuf) { XML_ParserFree(xp); } else { - syslog(LOG_ALERT, "Cannot create XML parser"); + syslog(LOG_ERR, "openid: cannot create XML parser"); } if (xrds.selected_service_priority < INT_MAX) { @@ -677,7 +735,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { StrBuf *x_xrds_location = NULL; if (!SuppliedURL) return(0); - syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(SuppliedURL)); + syslog(LOG_DEBUG, "openid: perform_openid2_discovery(%s)", ChrPtr(SuppliedURL)); if (StrLength(SuppliedURL) == 0) return(0); ReplyBuf = NewStrBuf(); @@ -699,7 +757,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { result = curl_easy_perform(curl); if (result) { - syslog(LOG_DEBUG, "libcurl error %d: %s", result, errmsg); + syslog(LOG_DEBUG, "openid: libcurl error %d: %s", result, errmsg); } curl_slist_free_all(my_headers); curl_easy_cleanup(curl); @@ -726,7 +784,7 @@ int perform_openid2_discovery(StrBuf *SuppliedURL) { if ( (x_xrds_location) && (strcmp(ChrPtr(x_xrds_location), ChrPtr(SuppliedURL))) ) { - syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); + syslog(LOG_DEBUG, "openid: X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); return_value = perform_openid2_discovery(x_xrds_location); FreeStrBuf(&x_xrds_location); } @@ -771,16 +829,21 @@ void cmd_oids(char *argbuf) { ctdl_openid *oiddata; int discovery_succeeded = 0; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } Free_ctdl_openid ((ctdl_openid**)&CCC->openid_data); CCC->openid_data = oiddata = malloc(sizeof(ctdl_openid)); if (oiddata == NULL) { - syslog(LOG_ALERT, "malloc() failed: %s", strerror(errno)); + syslog(LOG_ERR, "openid: malloc() failed: %m"); cprintf("%d malloc failed\n", ERROR + INTERNAL_ERROR); return; } memset(oiddata, 0, sizeof(ctdl_openid)); - CCC->openid_data = (void *) oiddata; ArgBuf = NewStrBufPlain(argbuf, -1); @@ -791,7 +854,7 @@ void cmd_oids(char *argbuf) { StrBufExtract_NextToken(oiddata->claimed_id, ArgBuf, &Pos, '|'); StrBufExtract_NextToken(return_to, ArgBuf, &Pos, '|'); - syslog(LOG_DEBUG, "User-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); + syslog(LOG_DEBUG, "openid: user-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); /********** OpenID 2.0 section 7.3 - Discovery **********/ @@ -812,7 +875,7 @@ void cmd_oids(char *argbuf) { /* * If we get to this point we are in possession of a valid OpenID Provider URL. */ - syslog(LOG_DEBUG, "OP URI '%s' discovered using method %d", + syslog(LOG_DEBUG, "openid: OP URI '%s' discovered using method %d", ChrPtr(oiddata->op_url), discovery_succeeded ); @@ -873,7 +936,7 @@ void cmd_oids(char *argbuf) { StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.ax.type.nickname="), 0); StrBufUrlescAppend(RedirectUrl, NULL, "http://axschema.org/namePerson/nickname"); - syslog(LOG_DEBUG, "OpenID: redirecting client to %s", ChrPtr(RedirectUrl)); + syslog(LOG_DEBUG, "openid: redirecting client to %s", ChrPtr(RedirectUrl)); cprintf("%d %s\n", CIT_OK, ChrPtr(RedirectUrl)); } @@ -897,6 +960,12 @@ void cmd_oidf(char *argbuf) { void *Value; ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; + if (CtdlGetConfigInt("c_disable_newu")) + { + cprintf("%d this system does not support openid.\n", + ERROR + CMD_NOT_SUPPORTED); + return; + } if (oiddata == NULL) { cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR); return; @@ -930,7 +999,7 @@ void cmd_oidf(char *argbuf) { if ( (!GetHash(keys, "ns", 2, (void *) &openid_ns)) || (strcasecmp(openid_ns, "http://specs.openid.net/auth/2.0")) ) { - syslog(LOG_DEBUG, "This is not an an OpenID assertion"); + syslog(LOG_DEBUG, "openid: this is not an an OpenID assertion"); oiddata->verified = 0; } @@ -945,11 +1014,11 @@ void cmd_oidf(char *argbuf) { if (GetHash(keys, "claimed_id", 10, (void *) &openid_claimed_id)) { FreeStrBuf(&oiddata->claimed_id); oiddata->claimed_id = NewStrBufPlain(openid_claimed_id, -1); - syslog(LOG_DEBUG, "Provider is asserting the Claimed ID '%s'", ChrPtr(oiddata->claimed_id)); + syslog(LOG_DEBUG, "openid: provider is asserting the Claimed ID '%s'", ChrPtr(oiddata->claimed_id)); } /* Validate the assertion against the server */ - syslog(LOG_DEBUG, "Validating..."); + syslog(LOG_DEBUG, "openid: validating..."); CURL *curl; CURLcode res; @@ -966,7 +1035,6 @@ void cmd_oidf(char *argbuf) { HashPos *HashPos = GetNewHashPos(keys, 0); while (GetNextHashPos(keys, HashPos, &len, &Key, &Value) != 0) { - syslog(LOG_DEBUG, "%s = %s", Key, (char *)Value); if (strcasecmp(Key, "mode")) { char k_o_keyname[1024]; snprintf(k_o_keyname, sizeof k_o_keyname, "openid.%s", (const char *)Key); @@ -977,6 +1045,7 @@ void cmd_oidf(char *argbuf) { ); } } + DeleteHashPos(&HashPos); curl = ctdl_openid_curl_easy_init(errmsg); curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url)); @@ -986,19 +1055,18 @@ void cmd_oidf(char *argbuf) { res = curl_easy_perform(curl); if (res) { - syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg); + syslog(LOG_DEBUG, "openid: cmd_oidf() libcurl error %d: %s", res, errmsg); oiddata->verified = 0; } curl_easy_cleanup(curl); curl_formfree(formpost); - /* syslog(LOG_DEBUG, "Validation reply: \n%s", ChrPtr(ReplyBuf)); */ if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true") == NULL) { oiddata->verified = 0; } FreeStrBuf(&ReplyBuf); - syslog(LOG_DEBUG, "OpenID authentication %s", (oiddata->verified ? "succeeded" : "failed") ); + syslog(LOG_DEBUG, "openid: authentication %s", (oiddata->verified ? "succeeded" : "failed") ); /* Respond to the client */ @@ -1006,13 +1074,13 @@ void cmd_oidf(char *argbuf) { /* If we were already logged in, attach the OpenID to the user's account */ if (CC->logged_in) { - if (attach_openid(&CC->user, oiddata->claimed_id) == 0) { + if (attach_extauth(&CC->user, oiddata->claimed_id) == 0) { cprintf("attach\n"); - syslog(LOG_DEBUG, "OpenID attach succeeded"); + syslog(LOG_DEBUG, "openid: attach succeeded"); } else { cprintf("fail\n"); - syslog(LOG_DEBUG, "OpenID attach failed"); + syslog(LOG_DEBUG, "openid: attach failed"); } } @@ -1026,19 +1094,19 @@ void cmd_oidf(char *argbuf) { * is associated with the account, they already have password equivalency and can * login, so they could just as easily change the password, etc. */ - if (login_via_openid(oiddata->claimed_id) == 0) { + if (login_via_extauth(oiddata->claimed_id) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); - syslog(LOG_DEBUG, "Logged in using previously claimed OpenID"); + syslog(LOG_DEBUG, "openid: logged in using previously claimed OpenID"); } /* * If this system does not allow self-service new user registration, the * remaining modes do not apply, so fail here and now. */ - else if (config.c_disable_newu) { + else if (CtdlGetConfigInt("c_disable_newu")) { cprintf("fail\n"); - syslog(LOG_DEBUG, "Creating user failed due to local policy"); + syslog(LOG_DEBUG, "openid: creating user failed due to local policy"); } /* @@ -1047,7 +1115,7 @@ void cmd_oidf(char *argbuf) { else if (openid_create_user_via_ax(oiddata->claimed_id, keys) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); - syslog(LOG_DEBUG, "Successfully auto-created new user"); + syslog(LOG_DEBUG, "openid: successfully auto-created new user"); } /* @@ -1064,7 +1132,7 @@ void cmd_oidf(char *argbuf) { else { cprintf("\n"); } - syslog(LOG_DEBUG, "The desired display name is already taken."); + syslog(LOG_DEBUG, "openid: the desired display name is already taken."); } } } @@ -1094,10 +1162,9 @@ void cmd_oidf(char *argbuf) { CTDL_MODULE_INIT(openid_rp) { if (!threading) { - curl_global_init(CURL_GLOBAL_ALL); /* Only enable the OpenID command set when native mode authentication is in use. */ - if (config.c_auth_mode == AUTHMODE_NATIVE) { + if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_NATIVE) { CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication"); CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication"); CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account"); @@ -1105,8 +1172,8 @@ CTDL_MODULE_INIT(openid_rp) CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create new user after validating OpenID"); CtdlRegisterProtoHook(cmd_oida, "OIDA", "List all OpenIDs in the database"); } - CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT); - CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER); + CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT, PRIO_LOGOUT + 10); + CtdlRegisterUserHook(extauth_purge, EVT_PURGEUSER); openid_level_supported = 1; /* This module supports OpenID 1.0 only */ }