X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=910defca231d0d02fcb91b57942d6c6d769d5f74;hb=59fa8347ff4cfdc4afc75e0e54f03ca1a4bc9da8;hp=d8c43af129188f36d482cca0fb414257db44cd45;hpb=d957ee1589a7f722f5fe82293c97aaa3bade59e7;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index d8c43af12..910defca2 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -1,5 +1,9 @@ /* * This is an implementation of OpenID 2.0 RELYING PARTY SUPPORT CURRENTLY B0RKEN AND BEING DEVEL0PZ0RED + + + OPENID2 BRANCH -- NEEDS TO BE MERGEZ0RED !!!!!!111 + * * Copyright (c) 2007-2011 by the citadel.org team * @@ -49,18 +53,27 @@ #include "user_ops.h" typedef struct _ctdl_openid { - StrBuf *claimed_id; - StrBuf *server; + StrBuf *op_url; /* OpenID Provider Endpoint URL */ + StrBuf *claimed_id; /* Claimed Identifier */ int verified; HashList *sreg_keys; } ctdl_openid; +enum { + openid_disco_none, + openid_disco_xrds, + openid_disco_html +}; + + + void Free_ctdl_openid(ctdl_openid **FreeMe) { - if (*FreeMe == NULL) + if (*FreeMe == NULL) { return; + } + FreeStrBuf(&(*FreeMe)->op_url); FreeStrBuf(&(*FreeMe)->claimed_id); - FreeStrBuf(&(*FreeMe)->server); DeleteHash(&(*FreeMe)->sreg_keys); free(*FreeMe); *FreeMe = NULL; @@ -582,46 +595,15 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) { } -/* - * Begin an HTTP fetch (returns number of bytes actually fetched, or -1 for error) using libcurl. - */ -int fetch_http(StrBuf *url, StrBuf **target_buf) -{ - StrBuf *ReplyBuf; - CURL *curl; - CURLcode result; - char *effective_url = NULL; - char errmsg[1024] = ""; - - if (StrLength(url) <=0 ) return(-1); - ReplyBuf = *target_buf = NewStrBuf (); - if (ReplyBuf == 0) return(-1); - - curl = ctdl_openid_curl_easy_init(errmsg); - if (!curl) return(-1); - - curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(url)); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback); - - result = curl_easy_perform(curl); - if (result) { - syslog(LOG_DEBUG, "libcurl error %d: %s", result, errmsg); - } - curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url); - StrBufPlain(url, effective_url, -1); - - curl_easy_cleanup(curl); - return StrLength(ReplyBuf); -} - - - struct xrds { + StrBuf *CharData; int nesting_level; int in_xrd; int current_service_priority; - int selected_service_priority; /* more here later */ + int selected_service_priority; + StrBuf *current_service_uri; + StrBuf *selected_service_uri; + int current_service_is_oid2auth; }; @@ -633,17 +615,19 @@ void xrds_xml_start(void *data, const char *supplied_el, const char **attr) { if (!strcasecmp(supplied_el, "XRD")) { ++xrds->in_xrd; - syslog(LOG_DEBUG, "*** XRD CONTAINER BEGIN ***"); } else if (!strcasecmp(supplied_el, "service")) { xrds->current_service_priority = 0; + xrds->current_service_is_oid2auth = 0; for (i=0; attr[i] != NULL; i+=2) { if (!strcasecmp(attr[i], "priority")) { xrds->current_service_priority = atoi(attr[i+1]); } } } + + FlushStrBuf(xrds->CharData); } @@ -654,36 +638,63 @@ void xrds_xml_end(void *data, const char *supplied_el) { if (!strcasecmp(supplied_el, "XRD")) { --xrds->in_xrd; - syslog(LOG_DEBUG, "*** XRD CONTAINER END ***"); + } + + else if (!strcasecmp(supplied_el, "type")) { + if ( (xrds->in_xrd) + && (!strcasecmp(ChrPtr(xrds->CharData), "http://specs.openid.net/auth/2.0/server")) + ) { + xrds->current_service_is_oid2auth = 1; + } + } + + else if (!strcasecmp(supplied_el, "uri")) { + if (xrds->in_xrd) { + FlushStrBuf(xrds->current_service_uri); + StrBufAppendBuf(xrds->current_service_uri, xrds->CharData, 0); + } } else if (!strcasecmp(supplied_el, "service")) { - /* this is where we should evaluate the service and do stuff */ - xrds->current_service_priority = 0; + if ( (xrds->in_xrd) + && (xrds->current_service_priority < xrds->selected_service_priority) + && (xrds->current_service_is_oid2auth) + ) { + xrds->selected_service_priority = xrds->current_service_priority; + FlushStrBuf(xrds->selected_service_uri); + StrBufAppendBuf(xrds->selected_service_uri, xrds->current_service_uri, 0); + } + } + + FlushStrBuf(xrds->CharData); } void xrds_xml_chardata(void *data, const XML_Char *s, int len) { struct xrds *xrds = (struct xrds *) data; - if (xrds) ; /* this is only here to silence the warning for now */ - - /* StrBufAppendBufPlain (xrds->CData, s, len, 0); */ + StrBufAppendBufPlain (xrds->CharData, s, len, 0); } /* * Parse an XRDS document. - * If OpenID stuff is discovered, populate FIXME something and return nonzero + * If an OpenID Provider URL is discovered, op_url to that value and return nonzero. * If nothing useful happened, return 0. */ int parse_xrds_document(StrBuf *ReplyBuf) { + ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; struct xrds xrds; + int return_value = 0; - syslog(LOG_DEBUG, "\033[32m --- XRDS DOCUMENT --- \n%s\033[0m", ChrPtr(ReplyBuf)); + // syslog(LOG_DEBUG, "\033[32m --- XRDS DOCUMENT --- \n%s\033[0m", ChrPtr(ReplyBuf)); memset(&xrds, 0, sizeof (struct xrds)); + xrds.selected_service_priority = INT_MAX; + xrds.CharData = NewStrBuf(); + xrds.current_service_uri = NewStrBuf(); + xrds.selected_service_uri = NewStrBuf(); XML_Parser xp = XML_ParserCreate(NULL); if (xp) { XML_SetUserData(xp, &xrds); @@ -697,7 +708,20 @@ int parse_xrds_document(StrBuf *ReplyBuf) { syslog(LOG_ALERT, "Cannot create XML parser"); } - return(0); /* FIXME return nonzero if something wonderful happened */ + if (xrds.selected_service_priority < INT_MAX) { + if (oiddata->op_url == NULL) { + oiddata->op_url = NewStrBuf(); + } + FlushStrBuf(oiddata->op_url); + StrBufAppendBuf(oiddata->op_url, xrds.selected_service_uri, 0); + return_value = openid_disco_xrds; + } + + FreeStrBuf(&xrds.CharData); + FreeStrBuf(&xrds.current_service_uri); + FreeStrBuf(&xrds.selected_service_uri); + + return(return_value); } @@ -722,7 +746,6 @@ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata } - /* Attempt to perform Yadis discovery as specified in Yadis 1.0 section 6.2.5. * * If Yadis fails, we then attempt HTML discovery using the same document. @@ -731,6 +754,7 @@ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata * If fails, returns 0 and does nothing else. */ int perform_openid2_discovery(StrBuf *YadisURL) { + ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; int docbytes = (-1); StrBuf *ReplyBuf = NULL; int return_value = 0; @@ -740,12 +764,12 @@ int perform_openid2_discovery(StrBuf *YadisURL) { struct curl_slist *my_headers = NULL; StrBuf *x_xrds_location = NULL; - if (YadisURL == NULL) return(0); + if (!YadisURL) return(0); syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(YadisURL)); if (StrLength(YadisURL) == 0) return(0); - ReplyBuf = NewStrBuf (); - if (ReplyBuf == 0) return(0); + ReplyBuf = NewStrBuf(); + if (!ReplyBuf) return(0); curl = ctdl_openid_curl_easy_init(errmsg); if (!curl) return(0); @@ -806,12 +830,13 @@ int perform_openid2_discovery(StrBuf *YadisURL) { */ if (return_value == 0) { syslog(LOG_DEBUG, "Attempting HTML discovery"); - StrBuf *foo = NewStrBuf(); - extract_link(foo, HKEY("openid2.provider"), ReplyBuf); - if (StrLength(foo) > 0) { - syslog(LOG_DEBUG, "\033[31mHTML DISCO PROVIDER: %s\033[0m", ChrPtr(foo)); + if (oiddata->op_url == NULL) { + oiddata->op_url = NewStrBuf(); + } + extract_link(oiddata->op_url, HKEY("openid2.provider"), ReplyBuf); + if (StrLength(oiddata->op_url) > 0) { + return_value = openid_disco_html; } - FreeStrBuf(&foo); } if (ReplyBuf != NULL) { @@ -830,8 +855,6 @@ void cmd_oids(char *argbuf) { StrBuf *ArgBuf = NULL; StrBuf *ReplyBuf = NULL; StrBuf *return_to = NULL; - StrBuf *trust_root = NULL; - StrBuf *openid_delegate = NULL; StrBuf *RedirectUrl = NULL; ctdl_openid *oiddata; int discovery_succeeded = 0; @@ -840,6 +863,7 @@ void cmd_oids(char *argbuf) { CCC->openid_data = oiddata = malloc(sizeof(ctdl_openid)); if (oiddata == NULL) { + syslog(LOG_ALERT, "malloc() failed: %s", strerror(errno)); cprintf("%d malloc failed\n", ERROR + INTERNAL_ERROR); return; } @@ -850,12 +874,10 @@ void cmd_oids(char *argbuf) { oiddata->verified = 0; oiddata->claimed_id = NewStrBufPlain(NULL, StrLength(ArgBuf)); - trust_root = NewStrBufPlain(NULL, StrLength(ArgBuf)); return_to = NewStrBufPlain(NULL, StrLength(ArgBuf)); StrBufExtract_NextToken(oiddata->claimed_id, ArgBuf, &Pos, '|'); StrBufExtract_NextToken(return_to, ArgBuf, &Pos, '|'); - StrBufExtract_NextToken(trust_root, ArgBuf, &Pos, '|'); syslog(LOG_DEBUG, "User-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); @@ -871,71 +893,49 @@ void cmd_oids(char *argbuf) { */ discovery_succeeded = perform_openid2_discovery(oiddata->claimed_id); + if (discovery_succeeded == 0) { + cprintf("%d There is no OpenID identity provider at this location.\n", ERROR); + } - - /************ OPENID 1.1 **********/ - - if ( (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0) - && (StrLength(ReplyBuf) > 0) - ) { - openid_delegate = NewStrBuf(); - oiddata->server = NewStrBuf(); - extract_link(oiddata->server, HKEY("openid.server"), ReplyBuf); - extract_link(openid_delegate, HKEY("openid.delegate"), ReplyBuf); - - if (StrLength(oiddata->server) == 0) { - cprintf("%d There is no OpenID identity provider at this URL.\n", ERROR); - FreeStrBuf(&ArgBuf); - FreeStrBuf(&ReplyBuf); - FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); - FreeStrBuf(&RedirectUrl); - return; - } - - /* Empty delegate is legal; we just use the openid_url instead */ - if (StrLength(openid_delegate) == 0) { - StrBufPlain(openid_delegate, SKEY(oiddata->claimed_id)); - } + else { + /* + * If we get to this point we are in possession of a valid OpenID Provider URL. + */ + syslog(LOG_DEBUG, "OP URI '%s' discovered using method %d", + ChrPtr(oiddata->op_url), + discovery_succeeded + ); /* Assemble a URL to which the user-agent will be redirected. */ + + RedirectUrl = NewStrBufDup(oiddata->op_url); + + StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.ns=http:%2F%2Fspecs.openid.net%2Fauth%2F2.0"), 0); - RedirectUrl = NewStrBufDup(oiddata->server); - - StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.mode=checkid_setup" - "&openid.identity="), 0); - StrBufUrlescAppend(RedirectUrl, openid_delegate, NULL); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.mode=checkid_setup"), 0); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.claimed_id="), 0); + StrBufUrlescAppend(RedirectUrl, oiddata->claimed_id, NULL); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.identity="), 0); + StrBufUrlescAppend(RedirectUrl, oiddata->claimed_id, NULL); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.return_to="), 0); StrBufUrlescAppend(RedirectUrl, return_to, NULL); - StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.trust_root="), 0); - StrBufUrlescAppend(RedirectUrl, trust_root, NULL); - +/* StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.sreg.optional="), 0); StrBufUrlescAppend(RedirectUrl, NULL, "nickname,email,fullname,postcode,country,dob,gender"); - +*/ + + syslog(LOG_DEBUG, "\033[36m%s\033[0m", ChrPtr(RedirectUrl)); cprintf("%d %s\n", CIT_OK, ChrPtr(RedirectUrl)); - - FreeStrBuf(&ArgBuf); - FreeStrBuf(&ReplyBuf); - FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); - FreeStrBuf(&RedirectUrl); - - return; } - + FreeStrBuf(&ArgBuf); FreeStrBuf(&ReplyBuf); FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); FreeStrBuf(&RedirectUrl); - - cprintf("%d Unable to fetch OpenID URL\n", ERROR); } @@ -957,7 +957,7 @@ void cmd_oidf(char *argbuf) { cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR); return; } - if (StrLength(oiddata->server) == 0){ + if (StrLength(oiddata->op_url) == 0){ cprintf("%d need a remote server to authenticate against\n", ERROR + ILLEGAL_VALUE); return; } @@ -1048,7 +1048,7 @@ void cmd_oidf(char *argbuf) { ReplyBuf = NewStrBuf(); curl = ctdl_openid_curl_easy_init(errmsg); - curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->server)); + curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url)); curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback); curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);