X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=d8c43af129188f36d482cca0fb414257db44cd45;hb=d957ee1589a7f722f5fe82293c97aaa3bade59e7;hp=14409dd86690592f38eba22b7c205c2b72889ed2;hpb=e17d35535f056b94972e5a1f09cd49d294dfa6b6;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index 14409dd86..d8c43af12 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -681,6 +681,8 @@ void xrds_xml_chardata(void *data, const XML_Char *s, int len) { int parse_xrds_document(StrBuf *ReplyBuf) { struct xrds xrds; + syslog(LOG_DEBUG, "\033[32m --- XRDS DOCUMENT --- \n%s\033[0m", ChrPtr(ReplyBuf)); + memset(&xrds, 0, sizeof (struct xrds)); XML_Parser xp = XML_ParserCreate(NULL); if (xp) { @@ -701,8 +703,8 @@ int parse_xrds_document(StrBuf *ReplyBuf) { /* - * Callback function for perform_yadis_discovery() - * We're interested in HTTP headers returned from the server. + * Callback function for perform_openid2_discovery() + * We're interested in the X-XRDS-Location: header. */ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata) { char hdr[1024]; @@ -711,9 +713,6 @@ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata memcpy(hdr, ptr, (size*nmemb)); hdr[size*nmemb] = 0; - /* We are looking for a header like this: - * X-XRDS-Location: https://api.screenname.aol.com/auth/openid/xrds - */ if (!strncasecmp(hdr, "X-XRDS-Location:", 16)) { *x_xrds_location = NewStrBufPlain(&hdr[16], ((size*nmemb)-16)); StrBufTrim(*x_xrds_location); @@ -725,13 +724,16 @@ size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata /* Attempt to perform Yadis discovery as specified in Yadis 1.0 section 6.2.5. + * + * If Yadis fails, we then attempt HTML discovery using the same document. + * * If successful, returns nonzero and calls parse_xrds_document() to act upon the received data. - * If Yadis fails, returns 0 and does nothing else. + * If fails, returns 0 and does nothing else. */ -int perform_yadis_discovery(StrBuf *YadisURL) { +int perform_openid2_discovery(StrBuf *YadisURL) { int docbytes = (-1); StrBuf *ReplyBuf = NULL; - int r; + int return_value = 0; CURL *curl; CURLcode result; char errmsg[1024] = ""; @@ -739,6 +741,7 @@ int perform_yadis_discovery(StrBuf *YadisURL) { StrBuf *x_xrds_location = NULL; if (YadisURL == NULL) return(0); + syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(YadisURL)); if (StrLength(YadisURL) == 0) return(0); ReplyBuf = NewStrBuf (); @@ -783,21 +786,38 @@ int perform_yadis_discovery(StrBuf *YadisURL) { * * If the X-XRDS-Location header was delivered, we know about it at this point... */ - if (x_xrds_location) { - syslog(LOG_DEBUG, "\033[31m FIXME \033[32m'%s'\033[0m", ChrPtr(x_xrds_location)); + if ( (x_xrds_location) + && (strcmp(ChrPtr(x_xrds_location), ChrPtr(YadisURL))) + ) { + syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); + return_value = perform_openid2_discovery(x_xrds_location); FreeStrBuf(&x_xrds_location); } /* * Option 4: the returned web page may *be* an XRDS document. Try to parse it. */ - r = 0; - if (docbytes >= 0) { - r = parse_xrds_document(ReplyBuf); - FreeStrBuf(&ReplyBuf); + else if (docbytes >= 0) { + return_value = parse_xrds_document(ReplyBuf); } - return(r); + /* + * Option 5: if all else fails, attempt HTML based discovery. + */ + if (return_value == 0) { + syslog(LOG_DEBUG, "Attempting HTML discovery"); + StrBuf *foo = NewStrBuf(); + extract_link(foo, HKEY("openid2.provider"), ReplyBuf); + if (StrLength(foo) > 0) { + syslog(LOG_DEBUG, "\033[31mHTML DISCO PROVIDER: %s\033[0m", ChrPtr(foo)); + } + FreeStrBuf(&foo); + } + + if (ReplyBuf != NULL) { + FreeStrBuf(&ReplyBuf); + } + return(return_value); } @@ -805,6 +825,7 @@ int perform_yadis_discovery(StrBuf *YadisURL) { * Setup an OpenID authentication */ void cmd_oids(char *argbuf) { + struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ const char *Pos = NULL; StrBuf *ArgBuf = NULL; StrBuf *ReplyBuf = NULL; @@ -812,8 +833,8 @@ void cmd_oids(char *argbuf) { StrBuf *trust_root = NULL; StrBuf *openid_delegate = NULL; StrBuf *RedirectUrl = NULL; - struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ ctdl_openid *oiddata; + int discovery_succeeded = 0; Free_ctdl_openid ((ctdl_openid**)&CCC->openid_data); @@ -841,19 +862,20 @@ void cmd_oids(char *argbuf) { /********** OpenID 2.0 section 7.3 - Discovery **********/ - /* First we're supposed to attempt XRI based resolution. + /* Section 7.3.1 says we have to attempt XRI based discovery. * No one is using this, no one is asking for it, no one wants it. * So we're not even going to bother attempting this mode. */ - /* Second we attempt Yadis. - * Google uses this so we'd better do our best to implement it. + /* Attempt section 7.3.2 (Yadis discovery) and section 7.3.3 (HTML discovery); */ - int yadis_succeeded = perform_yadis_discovery(oiddata->claimed_id); + discovery_succeeded = perform_openid2_discovery(oiddata->claimed_id); + + + + /************ OPENID 1.1 **********/ - /* Third we attempt HTML-based discovery. Here we go! */ - if ( (yadis_succeeded == 0) - && (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0) + if ( (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0) && (StrLength(ReplyBuf) > 0) ) { openid_delegate = NewStrBuf();