X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=f757765ccf8f709d8fa2f3ccadb50563f7691cdc;hb=d48f459b4d1e2117d02996a60853f4037d8c0f16;hp=39af689e475a8396cd1114d71e9cee2ae59bf881;hpb=0a257dd97090f7225489c72005cacea63aa00c92;p=citadel.git

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index 39af689e4..f757765cc 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -1,5 +1,9 @@
 /*
  * This is an implementation of OpenID 2.0 RELYING PARTY SUPPORT CURRENTLY B0RKEN AND BEING DEVEL0PZ0RED
+
+
+			OPENID2 BRANCH -- NEEDS TO BE MERGEZ0RED !!!!!!111
+
  *
  * Copyright (c) 2007-2011 by the citadel.org team
  *
@@ -49,18 +53,27 @@
 #include "user_ops.h"
 
 typedef struct _ctdl_openid {
-	StrBuf *claimed_id;
-	StrBuf *server;
+	StrBuf *op_url;			/* OpenID Provider Endpoint URL */
+	StrBuf *claimed_id;		/* Claimed Identifier */
 	int verified;
 	HashList *sreg_keys;
 } ctdl_openid;
 
+enum {
+	openid_disco_none,
+	openid_disco_xrds,
+	openid_disco_html
+};
+
+
+
 void Free_ctdl_openid(ctdl_openid **FreeMe)
 {
-	if (*FreeMe == NULL)
+	if (*FreeMe == NULL) {
 		return;
+	}
+	FreeStrBuf(&(*FreeMe)->op_url);
 	FreeStrBuf(&(*FreeMe)->claimed_id);
-	FreeStrBuf(&(*FreeMe)->server);
 	DeleteHash(&(*FreeMe)->sreg_keys);
 	free(*FreeMe);
 	*FreeMe = NULL;
@@ -567,7 +580,7 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) {
 	curl_easy_setopt(curl, CURLOPT_ENCODING, "");
 #endif
 	curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL);
-	curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180);		/* die after 180 seconds */
+	curl_easy_setopt(curl, CURLOPT_TIMEOUT, 30);		/* die after 30 seconds */
 
 	if (
 		(!IsEmptyStr(config.c_ip_addr))
@@ -582,49 +595,15 @@ CURL *ctdl_openid_curl_easy_init(char *errmsg) {
 }
 
 
-/*
- * Begin an HTTP fetch (returns number of bytes actually fetched, or -1 for error) using libcurl.
- */
-int fetch_http(StrBuf *url, StrBuf **target_buf)
-{
-	StrBuf *ReplyBuf;
-	CURL *curl;
-	CURLcode res;
-	char *effective_url = NULL;
-	char errmsg[1024] = "";
-
-	if (StrLength(url) <=0 ) return(-1);
-	ReplyBuf = *target_buf = NewStrBuf ();
-	if (ReplyBuf == 0) return(-1);
-
-	curl = ctdl_openid_curl_easy_init(errmsg);
-	if (!curl) {
-		syslog(LOG_ALERT, "Unable to initialize libcurl.");
-		return(-1);
-	}
-
-	curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(url));
-	curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
-	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
-
-	res = curl_easy_perform(curl);
-	if (res) {
-		syslog(LOG_DEBUG, "libcurl error %d: %s", res, errmsg);
-	}
-	curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url);
-	StrBufPlain(url, effective_url, -1);
-	
-	curl_easy_cleanup(curl);
-	return StrLength(ReplyBuf);
-}
-
-
-
 struct xrds {
+	StrBuf *CharData;
 	int nesting_level;
 	int in_xrd;
 	int current_service_priority;
-	int selected_service_priority;	/* more here later */
+	int selected_service_priority;
+	StrBuf *current_service_uri;
+	StrBuf *selected_service_uri;
+	int current_service_is_oid2auth;
 };
 
 
@@ -636,17 +615,19 @@ void xrds_xml_start(void *data, const char *supplied_el, const char **attr) {
 
 	if (!strcasecmp(supplied_el, "XRD")) {
 		++xrds->in_xrd;
-		syslog(LOG_DEBUG, "*** XRD CONTAINER BEGIN ***");
 	}
 
 	else if (!strcasecmp(supplied_el, "service")) {
 		xrds->current_service_priority = 0;
+		xrds->current_service_is_oid2auth = 0;
 		for (i=0; attr[i] != NULL; i+=2) {
 			if (!strcasecmp(attr[i], "priority")) {
 				xrds->current_service_priority = atoi(attr[i+1]);
 			}
 		}
 	}
+
+	FlushStrBuf(xrds->CharData);
 }
 
 
@@ -657,33 +638,63 @@ void xrds_xml_end(void *data, const char *supplied_el) {
 
 	if (!strcasecmp(supplied_el, "XRD")) {
 		--xrds->in_xrd;
-		syslog(LOG_DEBUG, "*** XRD CONTAINER END ***");
+	}
+
+	else if (!strcasecmp(supplied_el, "type")) {
+		if (	(xrds->in_xrd)
+			&& (!strcasecmp(ChrPtr(xrds->CharData), "http://specs.openid.net/auth/2.0/server"))
+		) {
+			xrds->current_service_is_oid2auth = 1;
+		}
+	}
+
+	else if (!strcasecmp(supplied_el, "uri")) {
+		if (xrds->in_xrd) {
+			FlushStrBuf(xrds->current_service_uri);
+			StrBufAppendBuf(xrds->current_service_uri, xrds->CharData, 0);
+		}
 	}
 
 	else if (!strcasecmp(supplied_el, "service")) {
-		/* this is where we should evaluate the service and do stuff */
-		xrds->current_service_priority = 0;
+		if (	(xrds->in_xrd)
+			&& (xrds->current_service_priority < xrds->selected_service_priority)
+			&& (xrds->current_service_is_oid2auth)
+		) {
+			xrds->selected_service_priority = xrds->current_service_priority;
+			FlushStrBuf(xrds->selected_service_uri);
+			StrBufAppendBuf(xrds->selected_service_uri, xrds->current_service_uri, 0);
+		}
+
 	}
+
+	FlushStrBuf(xrds->CharData);
 }
 
 
 void xrds_xml_chardata(void *data, const XML_Char *s, int len) {
 	struct xrds *xrds = (struct xrds *) data;
-	
-	syslog(LOG_DEBUG, "%2d xrds_xml_chardata()", xrds->nesting_level);
-	/* StrBufAppendBufPlain (xrds->CData, s, len, 0); */
+
+	StrBufAppendBufPlain (xrds->CharData, s, len, 0);
 }
 
 
 /*
  * Parse an XRDS document.
- * If OpenID stuff is discovered, populate FIXME something and return nonzero
+ * If an OpenID Provider URL is discovered, op_url to that value and return nonzero.
  * If nothing useful happened, return 0.
  */
 int parse_xrds_document(StrBuf *ReplyBuf) {
+	ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data;
 	struct xrds xrds;
+	int return_value = 0;
+
+	//	syslog(LOG_DEBUG, "\033[32m --- XRDS DOCUMENT --- \n%s\033[0m", ChrPtr(ReplyBuf));
 
 	memset(&xrds, 0, sizeof (struct xrds));
+	xrds.selected_service_priority = INT_MAX;
+	xrds.CharData = NewStrBuf();
+	xrds.current_service_uri = NewStrBuf();
+	xrds.selected_service_uri = NewStrBuf();
 	XML_Parser xp = XML_ParserCreate(NULL);
 	if (xp) {
 		XML_SetUserData(xp, &xrds);
@@ -697,59 +708,141 @@ int parse_xrds_document(StrBuf *ReplyBuf) {
 		syslog(LOG_ALERT, "Cannot create XML parser");
 	}
 
-	return(0);
+	if (xrds.selected_service_priority < INT_MAX) {
+		if (oiddata->op_url == NULL) {
+			oiddata->op_url = NewStrBuf();
+		}
+		FlushStrBuf(oiddata->op_url);
+		StrBufAppendBuf(oiddata->op_url, xrds.selected_service_uri, 0);
+		return_value = openid_disco_xrds;
+	}
+
+	FreeStrBuf(&xrds.CharData);
+	FreeStrBuf(&xrds.current_service_uri);
+	FreeStrBuf(&xrds.selected_service_uri);
+
+	return(return_value);
 }
 
 
+
 /*
- * Attempt to perform YADIS discovery.
- * If successful, returns nonzero and fills the session's claimed ID blah FIXME this comment
- * If YADIS fails, returns 0 and does nothing else.
+ * Callback function for perform_openid2_discovery()
+ * We're interested in the X-XRDS-Location: header.
+ */
+size_t yadis_headerfunction(void *ptr, size_t size, size_t nmemb, void *userdata) {
+	char hdr[1024];
+	StrBuf **x_xrds_location = (StrBuf **) userdata;
+
+	memcpy(hdr, ptr, (size*nmemb));
+	hdr[size*nmemb] = 0;
+
+	if (!strncasecmp(hdr, "X-XRDS-Location:", 16)) {
+		*x_xrds_location = NewStrBufPlain(&hdr[16], ((size*nmemb)-16));
+		StrBufTrim(*x_xrds_location);
+	}
+
+	return(size * nmemb);
+}
+
+
+/* Attempt to perform Yadis discovery as specified in Yadis 1.0 section 6.2.5.
+ * 
+ * If Yadis fails, we then attempt HTML discovery using the same document.
+ *
+ * If successful, returns nonzero and calls parse_xrds_document() to act upon the received data.
+ * If fails, returns 0 and does nothing else.
  */
-int perform_yadis_discovery(StrBuf *YadisURL) {
+int perform_openid2_discovery(StrBuf *YadisURL) {
+	ctdl_openid *oiddata = (ctdl_openid *) CC->openid_data;
 	int docbytes = (-1);
 	StrBuf *ReplyBuf = NULL;
-	int r;
+	int return_value = 0;
+	CURL *curl;
+	CURLcode result;
+	char errmsg[1024] = "";
+	struct curl_slist *my_headers = NULL;
+	StrBuf *x_xrds_location = NULL;
 
-	if (YadisURL == NULL) return(0);
+	if (!YadisURL) return(0);
+	syslog(LOG_DEBUG, "perform_openid2_discovery(%s)", ChrPtr(YadisURL));
 	if (StrLength(YadisURL) == 0) return(0);
 
+	ReplyBuf = NewStrBuf();
+	if (!ReplyBuf) return(0);
 
+	curl = ctdl_openid_curl_easy_init(errmsg);
+	if (!curl) return(0);
 
+	curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(YadisURL));
+	curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
+	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
 
+	my_headers = curl_slist_append(my_headers, "Accept:");	/* disable the default Accept: header */
+	my_headers = curl_slist_append(my_headers, "Accept: application/xrds+xml");
+	curl_easy_setopt(curl, CURLOPT_HTTPHEADER, my_headers);
 
+	curl_easy_setopt(curl, CURLOPT_WRITEHEADER, &x_xrds_location);
+	curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, yadis_headerfunction);
 
-	docbytes = fetch_http(YadisURL, &ReplyBuf);
-	if (docbytes < 0) {
-		return(0);
-	}
-	if (docbytes == 0) {
-		FreeStrBuf(&ReplyBuf);
-		return(0);
+	result = curl_easy_perform(curl);
+	if (result) {
+		syslog(LOG_DEBUG, "libcurl error %d: %s", result, errmsg);
 	}
+	curl_slist_free_all(my_headers);
+	curl_easy_cleanup(curl);
+	docbytes = StrLength(ReplyBuf);
 
-	/* FIXME here we need to handle Yadis 1.0 section 6.2.5.
-	 *
+	/*
 	 * The response from the server will be one of:
 	 * 
-	 * 1. An HTML document with a <head> element that includes a <meta> element with http-equiv
+	 * Option 1: An HTML document with a <head> element that includes a <meta> element with http-equiv
 	 * attribute, X-XRDS-Location,
-	 * 
-	 * 2. HTTP response-headers that include an X-XRDS-Location response-header, together with a
-	 * document
-	 * 
-	 * 3. HTTP response-headers only, which MAY include an X-XRDS-Location response-header,
-	 * a contenttype response-header specifying MIME media type, application/xrds+xml, or both.
-	 * 
-	 * 4. A document of MIME media type, application/xrds+xml
+	 */
+	/* FIXME handle this somehow */
+
+	/*
+	 * Option 2: HTTP response-headers that include an X-XRDS-Location response-header,
+	 *           together with a document.
+	 * Option 3: HTTP response-headers only, which MAY include an X-XRDS-Location response-header,
+	 *           a contenttype response-header specifying MIME media type,
+	 *           application/xrds+xml, or both.
 	 *
-	 * We are only handling case #4 here and assuming that the server returned an XRDS document.
+	 * If the X-XRDS-Location header was delivered, we know about it at this point...
 	 */
+	if (	(x_xrds_location)
+		&& (strcmp(ChrPtr(x_xrds_location), ChrPtr(YadisURL)))
+	) {
+		syslog(LOG_DEBUG, "X-XRDS-Location: %s ... recursing!", ChrPtr(x_xrds_location));
+		return_value = perform_openid2_discovery(x_xrds_location);
+		FreeStrBuf(&x_xrds_location);
+	}
 
-	/* Parse the XRDS document. */ 
-	r = parse_xrds_document(ReplyBuf);
-	FreeStrBuf(&ReplyBuf);
-	return(r);
+	/*
+	 * Option 4: the returned web page may *be* an XRDS document.  Try to parse it.
+	 */
+	else if (docbytes >= 0) {
+		return_value = parse_xrds_document(ReplyBuf);
+	}
+
+	/*
+	 * Option 5: if all else fails, attempt HTML based discovery.
+	 */
+	if (return_value == 0) {
+		syslog(LOG_DEBUG, "Attempting HTML discovery");
+		if (oiddata->op_url == NULL) {
+			oiddata->op_url = NewStrBuf();
+		}
+		extract_link(oiddata->op_url, HKEY("openid2.provider"), ReplyBuf);
+		if (StrLength(oiddata->op_url) > 0) {
+			return_value = openid_disco_html;
+		}
+	}
+
+	if (ReplyBuf != NULL) {
+		FreeStrBuf(&ReplyBuf);
+	}
+	return(return_value);
 }
 
 
@@ -757,6 +850,7 @@ int perform_yadis_discovery(StrBuf *YadisURL) {
  * Setup an OpenID authentication
  */
 void cmd_oids(char *argbuf) {
+	struct CitContext *CCC = CC;	/* CachedCitContext - performance boost */
 	const char *Pos = NULL;
 	StrBuf *ArgBuf = NULL;
 	StrBuf *ReplyBuf = NULL;
@@ -764,13 +858,14 @@ void cmd_oids(char *argbuf) {
 	StrBuf *trust_root = NULL;
 	StrBuf *openid_delegate = NULL;
 	StrBuf *RedirectUrl = NULL;
-	struct CitContext *CCC = CC;	/* CachedCitContext - performance boost */
 	ctdl_openid *oiddata;
+	int discovery_succeeded = 0;
 
 	Free_ctdl_openid ((ctdl_openid**)&CCC->openid_data);
 
 	CCC->openid_data = oiddata = malloc(sizeof(ctdl_openid));
 	if (oiddata == NULL) {
+		syslog(LOG_ALERT, "malloc() failed: %s", strerror(errno));
 		cprintf("%d malloc failed\n", ERROR + INTERNAL_ERROR);
 		return;
 	}
@@ -793,36 +888,27 @@ void cmd_oids(char *argbuf) {
 
 	/********** OpenID 2.0 section 7.3 - Discovery **********/
 
-	/* First we're supposed to attempt XRI based resolution.
+	/* Section 7.3.1 says we have to attempt XRI based discovery.
 	 * No one is using this, no one is asking for it, no one wants it.
 	 * So we're not even going to bother attempting this mode.
 	 */
 
-	/* Second we attempt YADIS.
-	 * Google uses this so we'd better do our best to implement it.
+	/* Attempt section 7.3.2 (Yadis discovery) and section 7.3.3 (HTML discovery);
 	 */
-	int yadis_succeeded = perform_yadis_discovery(oiddata->claimed_id);
+	discovery_succeeded = perform_openid2_discovery(oiddata->claimed_id);
 
-	/* Third we attempt HTML-based discovery.  Here we go! */
-	if (	(yadis_succeeded == 0)
-		&& (fetch_http(oiddata->claimed_id, &ReplyBuf) > 0)
-		&& (StrLength(ReplyBuf) > 0)
-	) {
-		openid_delegate = NewStrBuf();
-		oiddata->server = NewStrBuf();
-		extract_link(oiddata->server, HKEY("openid.server"), ReplyBuf);
-		extract_link(openid_delegate, HKEY("openid.delegate"), ReplyBuf);
-
-		if (StrLength(oiddata->server) == 0) {
-			cprintf("%d There is no OpenID identity provider at this URL.\n", ERROR);
-			FreeStrBuf(&ArgBuf);
-			FreeStrBuf(&ReplyBuf);
-			FreeStrBuf(&return_to);
-			FreeStrBuf(&trust_root);
-			FreeStrBuf(&openid_delegate);
-			FreeStrBuf(&RedirectUrl);
-			return;
-		}
+	if (discovery_succeeded == 0) {
+		cprintf("%d There is no OpenID identity provider at this location.\n", ERROR);
+	}
+
+	else {
+		/*
+		 * If we get to this point we are in possession of a valid OpenID Provider URL.
+		 */
+		syslog(LOG_DEBUG, "OP URI '%s' discovered using method %d",
+			ChrPtr(oiddata->claimed_id),
+			discovery_succeeded
+		);
 
 		/* Empty delegate is legal; we just use the openid_url instead */
 		if (StrLength(openid_delegate) == 0) {
@@ -830,42 +916,30 @@ void cmd_oids(char *argbuf) {
 		}
 
 		/* Assemble a URL to which the user-agent will be redirected. */
-
-		RedirectUrl = NewStrBufDup(oiddata->server);
-
-		StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.mode=checkid_setup"
-						       "&openid.identity="), 0);
+	
+		RedirectUrl = NewStrBufDup(oiddata->op_url);
+	
+		StrBufAppendBufPlain(RedirectUrl, HKEY("?openid.mode=checkid_setup&openid.identity="), 0);
 		StrBufUrlescAppend(RedirectUrl, openid_delegate, NULL);
-
+	
 		StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.return_to="), 0);
 		StrBufUrlescAppend(RedirectUrl, return_to, NULL);
-
+	
 		StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.trust_root="), 0);
 		StrBufUrlescAppend(RedirectUrl, trust_root, NULL);
-
+	
 		StrBufAppendBufPlain(RedirectUrl, HKEY("&openid.sreg.optional="), 0);
 		StrBufUrlescAppend(RedirectUrl, NULL, "nickname,email,fullname,postcode,country,dob,gender");
-
+	
 		cprintf("%d %s\n", CIT_OK, ChrPtr(RedirectUrl));
-		
-		FreeStrBuf(&ArgBuf);
-		FreeStrBuf(&ReplyBuf);
-		FreeStrBuf(&return_to);
-		FreeStrBuf(&trust_root);
-		FreeStrBuf(&openid_delegate);
-		FreeStrBuf(&RedirectUrl);
-
-		return;
 	}
-
+	
 	FreeStrBuf(&ArgBuf);
 	FreeStrBuf(&ReplyBuf);
 	FreeStrBuf(&return_to);
 	FreeStrBuf(&trust_root);
 	FreeStrBuf(&openid_delegate);
 	FreeStrBuf(&RedirectUrl);
-
-	cprintf("%d Unable to fetch OpenID URL\n", ERROR);
 }
 
 
@@ -887,7 +961,7 @@ void cmd_oidf(char *argbuf) {
 		cprintf("%d run OIDS first.\n", ERROR + INTERNAL_ERROR);
 		return;
 	}
-	if (StrLength(oiddata->server) == 0){
+	if (StrLength(oiddata->op_url) == 0){
 		cprintf("%d need a remote server to authenticate against\n", ERROR + ILLEGAL_VALUE);
 		return;
 	}
@@ -978,7 +1052,7 @@ void cmd_oidf(char *argbuf) {
 	ReplyBuf = NewStrBuf();
 
 	curl = ctdl_openid_curl_easy_init(errmsg);
-	curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->server));
+	curl_easy_setopt(curl, CURLOPT_URL, ChrPtr(oiddata->op_url));
 	curl_easy_setopt(curl, CURLOPT_WRITEDATA, ReplyBuf);
 	curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, CurlFillStrBuf_callback);
 	curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);