X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=e9bfcf199d4e2751201909c6ea4fff62e1595b6a;hb=4c01f89ce6b0e53a4f8d939a3ebae86cae36fb99;hp=74fc0a5d9232b5c1de31db81cc2652339702e00a;hpb=27d4c0d594c67e2977904776a81e18b4ccffc3ae;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index 74fc0a5d9..e9bfcf199 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -1,5 +1,9 @@ /* * This is an implementation of OpenID 2.0 RELYING PARTY SUPPORT CURRENTLY B0RKEN AND BEING DEVEL0PZ0RED + + + OPENID2 BRANCH -- NEEDS TO BE MERGEZ0RED !!!!!!111 + * * Copyright (c) 2007-2011 by the citadel.org team * @@ -49,18 +53,26 @@ #include "user_ops.h" typedef struct _ctdl_openid { - StrBuf *claimed_id; - StrBuf *server; + StrBuf *op_url; /* OpenID Provider Endpoint URL */ + StrBuf *claimed_id; /* Claimed Identifier */ int verified; HashList *sreg_keys; } ctdl_openid; +enum { + openid_disco_none, + openid_disco_xrds, + openid_disco_html +}; + + void Free_ctdl_openid(ctdl_openid **FreeMe) { - if (*FreeMe == NULL) + if (*FreeMe == NULL) { return; + } + FreeStrBuf(&(*FreeMe)->op_url); FreeStrBuf(&(*FreeMe)->claimed_id); - FreeStrBuf(&(*FreeMe)->server); DeleteHash(&(*FreeMe)->sreg_keys); free(*FreeMe); *FreeMe = NULL; @@ -339,12 +351,7 @@ void populate_vcard_from_sreg(HashList *sreg_keys) { void cmd_oidc(char *argbuf) { ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; - if (!oiddata) { - cprintf("%d You have not verified an OpenID yet.\n", ERROR); - return; - } - - if (!oiddata->verified) { + if ( (!oiddata) || (!oiddata->verified) ) { cprintf("%d You have not verified an OpenID yet.\n", ERROR); return; } @@ -402,7 +409,6 @@ void cmd_oidd(char *argbuf) { } - /* * Attempt to auto-create a new Citadel account using the nickname from Simple Registration Extension */ @@ -544,41 +550,31 @@ void extract_link(StrBuf *target_buf, const char *rel, long repllen, StrBuf *sou /* - * Begin an HTTP fetch (returns number of bytes actually fetched, or -1 for error) using libcurl. + * Wrapper for curl_easy_init() that includes the options common to all calls + * used in this module. */ -int fetch_http(StrBuf *url, StrBuf **target_buf) -{ - StrBuf *ReplyBuf; +CURL *ctdl_openid_curl_easy_init(char *errmsg) { CURL *curl; - CURLcode res; - char errmsg[1024] = ""; - char *effective_url = NULL; - - if (StrLength(url) <=0 ) return(-1); - ReplyBuf = *target_buf = NewStrBuf (); - if (ReplyBuf == 0) return(-1); curl = curl_easy_init(); if (!curl) { - syslog(LOG_ALERT, "Unable to initialize libcurl."); - return(-1); + return(curl); } - curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(url)); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback); - - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errmsg); + if (errmsg) { + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errmsg); + } curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); #ifdef CURLOPT_HTTP_CONTENT_DECODING curl_easy_setopt(curl, CURLOPT_HTTP_CONTENT_DECODING, 1); curl_easy_setopt(curl, CURLOPT_ENCODING, ""); #endif curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180); /* die after 180 seconds */ + curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30); /* die after 30 seconds */ + if ( (!IsEmptyStr(config.c_ip_addr)) && (strcmp(config.c_ip_addr, "*")) @@ -587,76 +583,117 @@ int fetch_http(StrBuf *url, StrBuf **target_buf) ) { curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); } - res = curl_easy_perform(curl); - if (res) { - syslog(LOG_DEBUG, "libcurl error %d: %s", res, errmsg); - } - curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url); - StrBufPlain(url, effective_url, -1); - - curl_easy_cleanup(curl); - return StrLength(ReplyBuf); -} + return(curl); +} struct xrds { - int foo; + StrBuf *CharData; + int nesting_level; + int in_xrd; + int current_service_priority; + int selected_service_priority; + StrBuf *current_service_uri; + StrBuf *selected_service_uri; + int current_service_is_oid2auth; }; void xrds_xml_start(void *data, const char *supplied_el, const char **attr) { struct xrds *xrds = (struct xrds *) data; + int i; + + ++xrds->nesting_level; - syslog(LOG_DEBUG, "xrds_xml_start(%s) data=0x%x", supplied_el, (int)xrds); + if (!strcasecmp(supplied_el, "XRD")) { + ++xrds->in_xrd; + } + + else if (!strcasecmp(supplied_el, "service")) { + xrds->current_service_priority = 0; + xrds->current_service_is_oid2auth = 0; + for (i=0; attr[i] != NULL; i+=2) { + if (!strcasecmp(attr[i], "priority")) { + xrds->current_service_priority = atoi(attr[i+1]); + } + } + } + + FlushStrBuf(xrds->CharData); } void xrds_xml_end(void *data, const char *supplied_el) { struct xrds *xrds = (struct xrds *) data; - syslog(LOG_DEBUG, "xrds_xml_end(%s) data=0x%x", supplied_el, (int)xrds); + --xrds->nesting_level; + + if (!strcasecmp(supplied_el, "XRD")) { + --xrds->in_xrd; + } + + else if (!strcasecmp(supplied_el, "type")) { + if ( (xrds->in_xrd) + && (!strcasecmp(ChrPtr(xrds->CharData), "http://specs.openid.net/auth/2.0/server")) + ) { + xrds->current_service_is_oid2auth = 1; + } + } + + else if (!strcasecmp(supplied_el, "uri")) { + if (xrds->in_xrd) { + FlushStrBuf(xrds->current_service_uri); + StrBufAppendBuf(xrds->current_service_uri, xrds->CharData, 0); + } + } + + else if (!strcasecmp(supplied_el, "service")) { + if ( (xrds->in_xrd) + && (xrds->current_service_priority < xrds->selected_service_priority) + && (xrds->current_service_is_oid2auth) + ) { + xrds->selected_service_priority = xrds->current_service_priority; + FlushStrBuf(xrds->selected_service_uri); + StrBufAppendBuf(xrds->selected_service_uri, xrds->current_service_uri, 0); + } + + } + + FlushStrBuf(xrds->CharData); } void xrds_xml_chardata(void *data, const XML_Char *s, int len) { struct xrds *xrds = (struct xrds *) data; - - syslog(LOG_DEBUG, "xrds_xml_chardata() data=0x%x", (int)xrds); - /* StrBufAppendBufPlain (xrds->CData, s, len, 0); */ + + StrBufAppendBufPlain (xrds->CharData, s, len, 0); } /* - * Attempt to perform YADIS discovery. - * If successful, returns nonzero and fills the session's claimed ID blah FIXME this comment - * If YADIS fails, returns 0 and does nothing else. + * Parse an XRDS document. + * If an OpenID Provider URL is discovered, op_url to that value and return nonzero. + * If nothing useful happened, return 0. */ -int perform_yadis_discovery(StrBuf *YadisURL) { - int docbytes = (-1); - StrBuf *ReplyBuf = NULL; +int parse_xrds_document(StrBuf *ReplyBuf) { + ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; struct xrds xrds; + int return_value = 0; - memset(&xrds, 0, sizeof (struct xrds)); - - docbytes = fetch_http(YadisURL, &ReplyBuf); - if (docbytes < 0) { - return(0); - } - if (docbytes == 0) { - FreeStrBuf(&ReplyBuf); - return(0); - } + // syslog(LOG_DEBUG, "\033[32m --- XRDS DOCUMENT --- \n%s\033[0m", ChrPtr(ReplyBuf)); - /* If we get to this point, something was retrieved. - * Feed it to the XML parser to see if it's an XRDS document. - */ - XML_Parser xp = XML_ParserCreateNS(NULL, ':'); + memset(&xrds, 0, sizeof (struct xrds)); + xrds.selected_service_priority = INT_MAX; + xrds.CharData = NewStrBuf(); + xrds.current_service_uri = NewStrBuf(); + xrds.selected_service_uri = NewStrBuf(); + XML_Parser xp = XML_ParserCreate(NULL); if (xp) { XML_SetUserData(xp, &xrds); XML_SetElementHandler(xp, xrds_xml_start, xrds_xml_end); XML_SetCharacterDataHandler(xp, xrds_xml_chardata); - XML_Parse(xp, ChrPtr(ReplyBuf), docbytes, 0); + XML_Parse(xp, ChrPtr(ReplyBuf), StrLength(ReplyBuf), 0); XML_Parse(xp, "", 0, 1); XML_ParserFree(xp); } @@ -664,8 +701,141 @@ int perform_yadis_discovery(StrBuf *YadisURL) { syslog(LOG_ALERT, "Cannot create XML parser"); } - FreeStrBuf(&ReplyBuf); - return(0); + if (xrds.selected_service_priority < INT_MAX) { + if (oiddata->op_url == NULL) { + oiddata->op_url = NewStrBuf(); + } + FlushStrBuf(oiddata->op_url); + StrBufAppendBuf(oiddata->op_url, xrds.selected_service_uri, 0); + return_value = openid_disco_xrds; + } + + FreeStrBuf(&xrds.CharData); + FreeStrBuf(&xrds.current_service_uri); + FreeStrBuf(&xrds.selected_service_uri); + + return(return_value); +} + + + +/* + * Callback function for perform_openid2_discovery() + * We're interested in the X-XRDS-Location: header. + */ +size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata) { + char hdr[1024]; + StrBuf **x_xrds_location = (StrBuf **) userdata; + + memcpy(hdr, ptr, (size*nmemb)); + hdr[size*nmemb] = 0; + + if (!strncasecmp(hdr, "X-XRDS-Location:", 16)) { + *x_xrds_location = NewStrBufPlain(&hdr[16], ((size*nmemb)-16)); + StrBufTrim(*x_xrds_location); + } + + return(size * nmemb); +} + + +/* Attempt to perform Yadis discovery as specified in Yadis 1.0 section 6.2.5. + * + * If Yadis fails, we then attempt HTML discovery using the same document. + * + * If successful, returns nonzero and calls parse_xrds_document() to act upon the received data. + * If fails, returns 0 and does nothing else. + */ +int perform_openid2_discovery(StrBuf *YadisURL) { + ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data; + int docbytes = (-1); + StrBuf *ReplyBuf = NULL; + int return_value = 0; + CURL *curl; + CURLcode result; + char errmsg[1024] = ""; + struct curl_slist *my_headers = NULL; + StrBuf *x_xrds_location = NULL; + + if (!YadisURL) return(0); + syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(YadisURL)); + if (StrLength(YadisURL) == 0) return(0); + + ReplyBuf = NewStrBuf(); + if (!ReplyBuf) return(0); + + curl = ctdl_openid_curl_easy_init(errmsg); + if (!curl) return(0); + + curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(YadisURL)); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback); + + my_headers = curl_slist_append(my_headers, "Accept:"); /* disable the default Accept: header */ + my_headers = curl_slist_append(my_headers, "Accept: application/xrds+xml"); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, my_headers); + + curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &x_xrds_location); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, yadis_headerfunction); + + result = curl_easy_perform(curl); + if (result) { + syslog(LOG_DEBUG, "libcurl error %d: %s", result, errmsg); + } + curl_slist_free_all(my_headers); + curl_easy_cleanup(curl); + docbytes = StrLength(ReplyBuf); + + /* + * The response from the server will be one of: + * + * Option 1: An HTML document with a element that includes a element with http-equiv + * attribute, X-XRDS-Location, + */ + /* FIXME handle this somehow */ + + /* + * Option 2: HTTP response-headers that include an X-XRDS-Location response-header, + * together with a document. + * Option 3: HTTP response-headers only, which MAY include an X-XRDS-Location response-header, + * a contenttype response-header specifying MIME media type, + * application/xrds+xml, or both. + * + * If the X-XRDS-Location header was delivered, we know about it at this point... + */ + if ( (x_xrds_location) + && (strcmp(ChrPtr(x_xrds_location), ChrPtr(YadisURL))) + ) { + syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location)); + return_value = perform_openid2_discovery(x_xrds_location); + FreeStrBuf(&x_xrds_location); + } + + /* + * Option 4: the returned web page may *be* an XRDS document. Try to parse it. + */ + else if (docbytes >= 0) { + return_value = parse_xrds_document(ReplyBuf); + } + + /* + * Option 5: if all else fails, attempt HTML based discovery. + */ + if (return_value == 0) { + syslog(LOG_DEBUG, "Attempting HTML discovery"); + if (oiddata->op_url == NULL) { + oiddata->op_url = NewStrBuf(); + } + extract_link(oiddata->op_url, HKEY("openid2.provider"), ReplyBuf); + if (StrLength(oiddata->op_url) > 0) { + return_value = openid_disco_html; + } + } + + if (ReplyBuf != NULL) { + FreeStrBuf(&ReplyBuf); + } + return(return_value); } @@ -673,20 +843,20 @@ int perform_yadis_discovery(StrBuf *YadisURL) { * Setup an OpenID authentication */ void cmd_oids(char *argbuf) { + struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ const char *Pos = NULL; StrBuf *ArgBuf = NULL; StrBuf *ReplyBuf = NULL; StrBuf *return_to = NULL; - StrBuf *trust_root = NULL; - StrBuf *openid_delegate = NULL; StrBuf *RedirectUrl = NULL; - struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ ctdl_openid *oiddata; + int discovery_succeeded = 0; Free_ctdl_openid ((ctdl_openid**)&CCC->openid_data); CCC->openid_data = oiddata = malloc(sizeof(ctdl_openid)); if (oiddata == NULL) { + syslog(LOG_ALERT, "malloc() failed: %s", strerror(errno)); cprintf("%d malloc failed\n", ERROR + INTERNAL_ERROR); return; } @@ -697,97 +867,81 @@ void cmd_oids(char *argbuf) { oiddata->verified = 0; oiddata->claimed_id = NewStrBufPlain(NULL, StrLength(ArgBuf)); - trust_root = NewStrBufPlain(NULL, StrLength(ArgBuf)); return_to = NewStrBufPlain(NULL, StrLength(ArgBuf)); StrBufExtract_NextToken(oiddata->claimed_id, ArgBuf, &Pos, '|'); StrBufExtract_NextToken(return_to, ArgBuf, &Pos, '|'); - StrBufExtract_NextToken(trust_root, ArgBuf, &Pos, '|'); syslog(LOG_DEBUG, "User-Supplied Identifier is: %s", ChrPtr(oiddata->claimed_id)); - /********** OpenID 2.0 section 7.3 - Discovery **********/ - /* First we're supposed to attempt XRI based resolution. + /* Section 7.3.1 says we have to attempt XRI based discovery. * No one is using this, no one is asking for it, no one wants it. * So we're not even going to bother attempting this mode. */ - /* Second we attempt YADIS. - * Google uses this so we'd better do our best to implement it. + /* Attempt section 7.3.2 (Yadis discovery) and section 7.3.3 (HTML discovery); */ - int yadis_succeeded = perform_yadis_discovery(oiddata->claimed_id); + discovery_succeeded = perform_openid2_discovery(oiddata->claimed_id); - /* Third we attempt HTML-based discovery. Here we go! */ - if ( (yadis_succeeded == 0) - && (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0) - && (StrLength(ReplyBuf) > 0) - ) { - openid_delegate = NewStrBuf(); - oiddata->server = NewStrBuf(); - extract_link(oiddata->server, HKEY("openid.server"), ReplyBuf); - extract_link(openid_delegate, HKEY("openid.delegate"), ReplyBuf); - - if (StrLength(oiddata->server) == 0) { - cprintf("%d There is no OpenID identity provider at this URL.\n", ERROR); - FreeStrBuf(&ArgBuf); - FreeStrBuf(&ReplyBuf); - FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); - FreeStrBuf(&RedirectUrl); - return; - } + if (discovery_succeeded == 0) { + cprintf("%d There is no OpenID identity provider at this location.\n", ERROR); + } + + else { + /* + * If we get to this point we are in possession of a valid OpenID Provider URL. + */ + syslog(LOG_DEBUG, "OP URI '%s' discovered using method %d", + ChrPtr(oiddata->op_url), + discovery_succeeded + ); - /* Empty delegate is legal; we just use the openid_url instead */ - if (StrLength(openid_delegate) == 0) { - StrBufPlain(openid_delegate, SKEY(oiddata->claimed_id)); + /* We have to "normalize" our Claimed ID otherwise it will cause some OP's to barf */ + if (cbmstrcasestr(ChrPtr(oiddata->claimed_id), "://") == NULL) { + StrBuf *cid = oiddata->claimed_id; + oiddata->claimed_id = NewStrBufPlain(HKEY("http://")); + StrBufAppendBuf(oiddata->claimed_id, cid, 0); + FreeStrBuf(&cid); } - /* Assemble a URL to which the user-agent will be redirected. */ + /* + * OpenID 2.0 section 9: request authentication + * Assemble a URL to which the user-agent will be redirected. + */ + + RedirectUrl = NewStrBufDup(oiddata->op_url); + + StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.ns=http:%2F%2Fspecs.openid.net%2Fauth%2F2.0"), 0); - RedirectUrl = NewStrBufDup(oiddata->server); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.mode=checkid_setup"), 0); - StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.mode=checkid_setup" - "&openid.identity="), 0); - StrBufUrlescAppend(RedirectUrl, openid_delegate, NULL); + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.claimed_id="), 0); + StrBufUrlescAppend(RedirectUrl, oiddata->claimed_id, NULL); + + StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.identity="), 0); + StrBufUrlescAppend(RedirectUrl, oiddata->claimed_id, NULL); StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.return_to="), 0); StrBufUrlescAppend(RedirectUrl, return_to, NULL); - StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.trust_root="), 0); - StrBufUrlescAppend(RedirectUrl, trust_root, NULL); - +/* StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.sreg.optional="), 0); StrBufUrlescAppend(RedirectUrl, NULL, "nickname,email,fullname,postcode,country,dob,gender"); - +*/ + + syslog(LOG_DEBUG, "\033[36m%s\033[0m", ChrPtr(RedirectUrl)); cprintf("%d %s\n", CIT_OK, ChrPtr(RedirectUrl)); - - FreeStrBuf(&ArgBuf); - FreeStrBuf(&ReplyBuf); - FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); - FreeStrBuf(&RedirectUrl); - - return; } - + FreeStrBuf(&ArgBuf); FreeStrBuf(&ReplyBuf); FreeStrBuf(&return_to); - FreeStrBuf(&trust_root); - FreeStrBuf(&openid_delegate); FreeStrBuf(&RedirectUrl); - - cprintf("%d Unable to fetch OpenID URL\n", ERROR); } - - - /* * Finalize an OpenID authentication */ @@ -803,8 +957,8 @@ void cmd_oidf(char *argbuf) { cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR); return; } - if (StrLength(oiddata->server) == 0){ - cprintf("%d need a remote server to authenticate against\n", ERROR + ILLEGAL_VALUE); + if (StrLength(oiddata->op_url) == 0){ + cprintf("%d No OpenID Endpoint URL has been obtained.\n", ERROR + ILLEGAL_VALUE); return; } keys = NewHash(1, NULL); @@ -823,9 +977,8 @@ void cmd_oidf(char *argbuf) { Put(keys, thiskey, len, strdup(thisdata), NULL); } - /* Now that we have all of the parameters, we have to validate the signature against the server */ - syslog(LOG_DEBUG, "About to validate the signature..."); + syslog(LOG_DEBUG, "Validating signature..."); CURL *curl; CURLcode res; @@ -893,30 +1046,11 @@ void cmd_oidf(char *argbuf) { ReplyBuf = NewStrBuf(); - curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->server)); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); - + curl = ctdl_openid_curl_easy_init(errmsg); + curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url)); curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback); curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); - curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errmsg); - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); -#ifdef CURLOPT_HTTP_CONTENT_DECODING - curl_easy_setopt(curl, CURLOPT_HTTP_CONTENT_DECODING, 1); - curl_easy_setopt(curl, CURLOPT_ENCODING, ""); -#endif - curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL); - curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180); /* die after 180 seconds */ - if ( - (!IsEmptyStr(config.c_ip_addr)) - && (strcmp(config.c_ip_addr, "*")) - && (strcmp(config.c_ip_addr, "::")) - && (strcmp(config.c_ip_addr, "0.0.0.0")) - ) { - curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); - } res = curl_easy_perform(curl); if (res) { @@ -925,6 +1059,10 @@ void cmd_oidf(char *argbuf) { curl_easy_cleanup(curl); curl_formfree(formpost); + + syslog(LOG_DEBUG, "\033[36m --- VALIDATION REPLY ---\n%s\033[0m", ChrPtr(ReplyBuf)); + + if (cbmstrcasestr(ChrPtr(ReplyBuf), "is_valid:true")) { oiddata->verified = 1; }