X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=80e25679d6505991080ff590aed3248649d46cf5;hb=0136c8c68f939f12da477ac92c538bdefb37afc9;hp=d1418a246037562c85b68e1456681c634b8962c7;hpb=54b083bf78b5f0febc0777409953006ff6c864da;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index d1418a246..80e25679d 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -33,6 +33,7 @@ #include "ctdl_module.h" #include "config.h" #include "citserver.h" +#include "user_ops.h" struct ctdl_openid { char claimed_id[1024]; @@ -51,12 +52,31 @@ struct ctdl_openid { /**************************************************************************/ +/* + * The structure of an openid record *key* is: + * + * |--------------claimed_id-------------| + * (actual length of claimed id) + * + * + * The structure of an openid record *value* is: + * + * |-----user_number----|------------claimed_id---------------| + * (sizeof long) (actual length of claimed id) + * + */ + + + /* * Attach an OpenID to a Citadel account */ int attach_openid(struct ctdluser *who, char *claimed_id) { struct cdbdata *cdboi; + long fetched_usernum; + char *data; + int data_len; if (!who) return(1); if (!claimed_id) return(1); @@ -66,13 +86,14 @@ int attach_openid(struct ctdluser *who, char *claimed_id) cdboi = cdb_fetch(CDB_OPENID, claimed_id, strlen(claimed_id)); if (cdboi != NULL) { - if ( (long)*cdboi->ptr == who->usernum ) { - cdb_free(cdboi); + memcpy(&fetched_usernum, cdboi->ptr, sizeof(long)); + cdb_free(cdboi); + + if (fetched_usernum == who->usernum) { CtdlLogPrintf(CTDL_INFO, "%s already associated; no action is taken\n", claimed_id); return(0); } else { - cdb_free(cdboi); CtdlLogPrintf(CTDL_INFO, "%s already belongs to another user\n", claimed_id); return(3); } @@ -80,7 +101,15 @@ int attach_openid(struct ctdluser *who, char *claimed_id) /* Not already in the database, so attach it now */ - cdb_store(CDB_OPENID, claimed_id, strlen(claimed_id), &who->usernum, sizeof(long)); + data_len = sizeof(long) + strlen(claimed_id) + 1; + data = malloc(data_len); + + memcpy(data, &who->usernum, sizeof(long)); + memcpy(&data[sizeof(long)], claimed_id, strlen(claimed_id) + 1); + + cdb_store(CDB_OPENID, claimed_id, strlen(claimed_id), data, data_len); + free(data); + CtdlLogPrintf(CTDL_INFO, "%s has been associated with %s (%ld)\n", claimed_id, who->fullname, who->usernum); return(0); @@ -91,7 +120,40 @@ int attach_openid(struct ctdluser *who, char *claimed_id) * When a user is being deleted, we have to delete any OpenID associations */ void openid_purge(struct ctdluser *usbuf) { - /* FIXME finish this */ + struct cdbdata *cdboi; + HashList *keys = NULL; + HashPos *HashPos; + char *deleteme = NULL; + long len; + void *Value; + char *Key; + + keys = NewHash(1, NULL); + if (!keys) return; + + + cdb_rewind(CDB_OPENID); + while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + if (cdboi->len > sizeof(long)) { + if (((long)*(cdboi->ptr)) == usbuf->usernum) { + deleteme = strdup(cdboi->ptr + sizeof(long)), + Put(keys, deleteme, strlen(deleteme), deleteme, generic_free_handler); + } + } + cdb_free(cdboi); + } + + /* Go through the hash list, deleting keys we stored in it */ + + HashPos = GetNewHashPos(); + while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) + { + CtdlLogPrintf(CTDL_DEBUG, "Deleting associated OpenID <%s>\n", Value); + cdb_delete(CDB_OPENID, Value, strlen(Value)); + /* note: don't free(Value) -- deleting the hash list will handle this for us */ + } + DeleteHashPos(&HashPos); + DeleteHash(&keys); } @@ -107,13 +169,76 @@ void cmd_oidl(char *argbuf) { cprintf("%d Associated OpenIDs:\n", LISTING_FOLLOWS); while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { - cprintf("FIXME %ld\n", (long)*cdboi->ptr ); + if (cdboi->len > sizeof(long)) { + if (((long)*(cdboi->ptr)) == CC->user.usernum) { + cprintf("%s\n", cdboi->ptr + sizeof(long)); + } + } + cdb_free(cdboi); } cprintf("000\n"); } +/* + * Detach an OpenID from the currently logged in account + */ +void cmd_oidd(char *argbuf) { + struct cdbdata *cdboi; + char id_to_detach[1024]; + int this_is_mine = 0; + + if (CtdlAccessCheck(ac_logged_in)) return; + extract_token(id_to_detach, argbuf, 0, '|', sizeof id_to_detach); + if (IsEmptyStr(id_to_detach)) { + cprintf("%d An empty OpenID URL is not allowed.\n", ERROR + ILLEGAL_VALUE); + } + + cdb_rewind(CDB_OPENID); + while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + if (cdboi->len > sizeof(long)) { + if (((long)*(cdboi->ptr)) == CC->user.usernum) { + this_is_mine = 1; + } + } + cdb_free(cdboi); + } + + if (!this_is_mine) { + cprintf("%d That OpenID was not found or not associated with your account.\n", + ERROR + ILLEGAL_VALUE); + return; + } + + cdb_delete(CDB_OPENID, id_to_detach, strlen(id_to_detach)); + cprintf("%d %s detached from your account.\n", CIT_OK, id_to_detach); +} + + + +/* + * getuserbyopenid() works the same way as getuser() and getuserbynumber(). + * If a user account exists which is associated with the Claimed ID, it fills usbuf and returns zero. + * Otherwise it returns nonzero. + */ +int getuserbyopenid(struct ctdluser *usbuf, char *claimed_id) +{ + struct cdbdata *cdboi; + long usernum = 0; + + cdboi = cdb_fetch(CDB_OPENID, claimed_id, strlen(claimed_id)); + if (cdboi == NULL) { + return(-1); + } + + memcpy(&usernum, cdboi->ptr, sizeof(long)); + cdb_free(cdboi); + + return(getuserbynumber(usbuf, usernum)); +} + + /**************************************************************************/ /* */ @@ -366,12 +491,6 @@ void cmd_oids(char *argbuf) { -/* - * Callback function to free a pointer (used below in the hash list) - */ -void free_oid_key(void *ptr) { - free(ptr); -} /* @@ -382,7 +501,6 @@ void cmd_oidf(char *argbuf) { char thiskey[1024]; char thisdata[1024]; HashList *keys = NULL; - HashPos *HashPos; struct ctdl_openid *oiddata = (struct ctdl_openid *) CC->openid_data; keys = NewHash(1, NULL); @@ -397,7 +515,7 @@ void cmd_oidf(char *argbuf) { extract_token(thiskey, buf, 0, '|', sizeof thiskey); extract_token(thisdata, buf, 1, '|', sizeof thisdata); CtdlLogPrintf(CTDL_DEBUG, "%s: [%d] %s\n", thiskey, strlen(thisdata), thisdata); - Put(keys, thiskey, strlen(thiskey), strdup(thisdata), free_oid_key); + Put(keys, thiskey, strlen(thiskey), strdup(thisdata), generic_free_handler); } @@ -519,26 +637,45 @@ void cmd_oidf(char *argbuf) { /* Otherwise, a user is attempting to log in using the validated OpenID */ else { - cprintf("fail\n"); // FIXME do the login here!! - } + struct ctdluser usbuf; + + /* + * Existing user who has claimed this OpenID? + * + * Note: if you think that sending the password back over the wire is insecure, + * check your assumptions. If someone has successfully asserted an OpenID that + * is associated with the account, they already have password equivalency and can + * login, so they could just as easily change the password, etc. + */ + if (getuserbyopenid(&usbuf, oiddata->claimed_id) == 0) { + cprintf("authenticate\n%s\n%s\n", usbuf.fullname, usbuf.password); + } + else { + cprintf("fail\n"); // FIXME do the login here!! + } + } } else { cprintf("fail\n"); } cprintf("000\n"); - /* Free the hash list */ + /* + * We will eventually do something with the data in the hash list. + * long len; void *Value; char *Key; - + HashPos *HashPos; HashPos = GetNewHashPos(); while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) { - free(Value); } DeleteHashPos(&HashPos); + */ + + DeleteHash(&keys); /* This will free() all the key data for us */ } @@ -583,6 +720,7 @@ CTDL_MODULE_INIT(openid_rp) CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication"); CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication"); CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account"); + CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account"); CtdlRegisterSessionHook(openid_cleanup_function, EVT_STOP); CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER); } @@ -593,3 +731,4 @@ CTDL_MODULE_INIT(openid_rp) /* FIXME ... we have to add the new openid database to serv_vandelay.c */ +