X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fauth.c;h=31c000f521987a1e0c29c59fe39cea68dbd37a21;hb=04bb95ce795519c36e7a5d4b0d5b29d4644623ce;hp=cb2917b673572a0e4aa45b532cbb4328608a0b0f;hpb=e183a2da0fc2d30da30e2745482886f090162263;p=citadel.git diff --git a/webcit/auth.c b/webcit/auth.c index cb2917b67..31c000f52 100644 --- a/webcit/auth.c +++ b/webcit/auth.c @@ -1,12 +1,12 @@ /* - * WebcitAuth; Handles authentication of users to a Citadel server. + * These functions handle authentication of users to a Citadel server. * - * Copyright (c) 1996-2010 by the citadel.org team + * Copyright (c) 1996-2011 by the citadel.org team * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * This program is open source software. You can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 3 of the + * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -15,7 +15,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "webcit.h" @@ -24,8 +24,6 @@ extern uint32_t hashlittle( const void *key, size_t length, uint32_t initval); -void display_reg(int during_login); - /* * Access level definitions. This is initialized from a function rather than a * static array so that the strings may be localized. @@ -66,27 +64,13 @@ void display_login(void) { begin_burst(); output_headers(1, 0, 0, 0, 1, 0); - do_template("login", NULL); + do_template("login"); end_burst(); } -/* - * Display the openid-enabled login screen - * mesg = the error message if last attempt failed. - */ -void display_openid_login(char *mesg) -{ - begin_burst(); - output_headers(1, 0, 0, 0, 1, 0); - do_template("openid_login", NULL); - end_burst(); -} - - - /* Initialize the session * @@ -128,7 +112,7 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo } WCC->axlevel = StrBufExtract_int(serv_response, 1, '|'); - if (WCC->axlevel >= 6) { /* TODO: make this a define, else it might trick us later */ + if (WCC->axlevel >= 6) { WCC->is_aide = 1; } @@ -151,97 +135,56 @@ void become_logged_in(const StrBuf *user, const StrBuf *pass, StrBuf *serv_respo get_preference("floordiv_expanded", &FloorDiv); WCC->floordiv_expanded = FloorDiv; FreeStrBuf(&Buf); + FlushRoomlist(); } /* - * Perform authentication using a user name and password + * modal/ajax version of 'login' (username and password) */ -void do_login(void) -{ - wcsession *WCC = WC; - StrBuf *Buf; - long ret, rc; +void ajax_login_username_password(void) { + StrBuf *Buf = NewStrBuf(); - if (havebstr("language")) { - set_selected_language(bstr("language")); - go_selected_language(); - } - - if (havebstr("exit_action")) { - do_logout(); - return; - } - Buf = NewStrBuf(); - if (havebstr("login_action")) { - serv_printf("USER %s", bstr("name")); - StrBuf_ServGetln(Buf); - rc = GetServerStatus(Buf, &ret); - StrBufCutLeft(Buf, 4); - switch (rc) { - case 3: - serv_printf("PASS %s", bstr("pass")); - StrBuf_ServGetln(Buf); - if (GetServerStatus(Buf, NULL) == 2) { - become_logged_in(sbstr("name"), sbstr("pass"), Buf); - } else { - StrBufCutLeft(Buf, 4); - AppendImportantMessage(SKEY(Buf)); - display_login(); - FreeStrBuf(&Buf); - return; - } - break; - case 5: - if (ret == 541) - { - AppendImportantMessage(SKEY(Buf)); - display_main_menu(); - return; - } - default: - AppendImportantMessage(SKEY(Buf)); - display_login(); - FreeStrBuf(&Buf); - return; - } - } - if (havebstr("newuser_action")) { - if (!havebstr("pass")) { - AppendImportantMessage(_("Blank passwords are not allowed."), -1); - display_login(); - FreeStrBuf(&Buf); - return; - } - serv_printf("NEWU %s", bstr("name")); + serv_printf("USER %s", bstr("name")); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 3) { + serv_printf("PASS %s", bstr("pass")); StrBuf_ServGetln(Buf); if (GetServerStatus(Buf, NULL) == 2) { become_logged_in(sbstr("name"), sbstr("pass"), Buf); - serv_printf("SETP %s", bstr("pass")); - StrBuf_ServGetln(Buf); /* Don't care? */ - } else { - StrBufCutLeft(Buf, 4); - AppendImportantMessage(SKEY(Buf)); - display_login(); - FreeStrBuf(&Buf); - return; } } - if (WCC->logged_in) { - if (WCC->need_regi) { - display_reg(1); - } else if (WCC->need_vali) { - validate(); - } else { - do_welcome(); - } - } else { - AppendImportantMessage(_("Your password was not accepted."), -1); - display_login(); - } + + /* The client is expecting to read back a citadel protocol response */ + wc_printf("%s", ChrPtr(Buf)); FreeStrBuf(&Buf); } + + +/* + * modal/ajax version of 'new user' (username and password) + */ +void ajax_login_newuser(void) { + StrBuf *NBuf = NewStrBuf(); + StrBuf *SBuf = NewStrBuf(); + + serv_printf("NEWU %s", bstr("name")); + StrBuf_ServGetln(NBuf); + if (GetServerStatus(NBuf, NULL) == 2) { + become_logged_in(sbstr("name"), sbstr("pass"), NBuf); + serv_printf("SETP %s", bstr("pass")); + StrBuf_ServGetln(SBuf); + } + + /* The client is expecting to read back a citadel protocol response */ + wc_printf("%s", ChrPtr(NBuf)); + FreeStrBuf(&NBuf); + FreeStrBuf(&SBuf); +} + + + /* * Try to create an account manually after an OpenID was verified */ @@ -249,45 +192,53 @@ void openid_manual_create(void) { StrBuf *Buf; + /* Did the user change his mind? Pack up and go home. */ if (havebstr("exit_action")) { - do_logout(); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); return; } - if (havebstr("newuser_action")) { - Buf = NewStrBuf(); - serv_printf("OIDC %s", bstr("name")); - StrBuf_ServGetln(Buf); - if (GetServerStatus(Buf, NULL) == 2) { - StrBuf *gpass; - - gpass = NewStrBuf(); - serv_puts("SETP GENERATE_RANDOM_PASSWORD"); - StrBuf_ServGetln(gpass); - StrBufCutLeft(gpass, 4); - become_logged_in(sbstr("name"), gpass, Buf); - FreeStrBuf(&gpass); - } - FreeStrBuf(&Buf); + + /* Ok, let's give this a try. Can we create the new user? */ + + Buf = NewStrBuf(); + serv_printf("OIDC %s", bstr("name")); + StrBuf_ServGetln(Buf); + if (GetServerStatus(Buf, NULL) == 2) { + StrBuf *gpass; + + gpass = NewStrBuf(); + serv_puts("SETP GENERATE_RANDOM_PASSWORD"); + StrBuf_ServGetln(gpass); + StrBufCutLeft(gpass, 4); + become_logged_in(sbstr("name"), gpass, Buf); + FreeStrBuf(&gpass); } + FreeStrBuf(&Buf); + /* Did we manage to log in? If so, continue with the normal flow... */ if (WC->logged_in) { - if (WC->need_regi) { - display_reg(1); - } else if (WC->need_vali) { - validate(); - } else { - do_welcome(); + if (WC->logged_in) { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); } } else { + /* Still no good! Go back to teh dialog to select a username */ const StrBuf *Buf; - putbstr("__claimed_id", NewStrBufDup(sbstr("openid_url"))); Buf = sbstr("name"); if (StrLength(Buf) > 0) putbstr("__username", NewStrBufDup(Buf)); begin_burst(); - do_template("openid_manual_create", NULL); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf("
"); + do_template("openid_manual_create"); + wc_printf(""); end_burst(); } @@ -302,40 +253,30 @@ void do_openid_login(void) { char buf[4096]; - if (havebstr("language")) { - set_selected_language(bstr("language")); - go_selected_language(); - } + snprintf(buf, sizeof buf, + "OIDS %s|%s/finalize_openid_login|%s", + bstr("openid_url"), + ChrPtr(site_prefix), + ChrPtr(site_prefix) + ); - if (havebstr("exit_action")) { - do_logout(); + serv_puts(buf); + serv_getln(buf, sizeof buf); + if (buf[0] == '2') { + syslog(LOG_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]); + http_redirect(&buf[4]); return; } - if (havebstr("login_action")) { - snprintf(buf, sizeof buf, - "OIDS %s|%s/finalize_openid_login|%s", - bstr("openid_url"), - ChrPtr(site_prefix), - ChrPtr(site_prefix) - ); - serv_puts(buf); - serv_getln(buf, sizeof buf); - if (buf[0] == '2') { - lprintf(CTDL_DEBUG, "OpenID server contacted; redirecting to %s\n", &buf[4]); - http_redirect(&buf[4]); - return; - } - else { - display_openid_login(&buf[4]); - return; - } - } - - /* If we get to this point then something failed. */ - display_openid_login(_("Your password was not accepted.")); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + escputs(&buf[4]); + wc_printf(""); + end_burst(); } + /* * Complete the authentication using OpenID * This function handles the positive or negative assertion from the user's Identity Provider @@ -344,7 +285,6 @@ void finalize_openid_login(void) { StrBuf *Buf; wcsession *WCC = WC; - int already_logged_in = (WCC->logged_in) ; int linecount = 0; StrBuf *result = NULL; StrBuf *username = NULL; @@ -363,6 +303,7 @@ void finalize_openid_login(void) long HKLen; const char *HKey; HashPos *Cursor; + int len; Cursor = GetNewHashPos (WCC->Hdr->urlstrings, 0); while (GetNextHashPos(WCC->Hdr->urlstrings, Cursor, &HKLen, &HKey, &U)) { @@ -375,7 +316,9 @@ void finalize_openid_login(void) serv_puts("000"); linecount = 0; - while (StrBuf_ServGetln(Buf), strcmp(ChrPtr(Buf), "000")) + while (len = StrBuf_ServGetln(Buf), + ((len >= 0) && + ((len != 3) || strcmp(ChrPtr(Buf), "000") ))) { if (linecount == 0) result = NewStrBufDup(Buf); if (!strcasecmp(ChrPtr(result), "authenticate")) { @@ -404,28 +347,38 @@ void finalize_openid_login(void) } } - /* If we were already logged in, this was an attempt to associate an OpenID account */ - if (already_logged_in) { + /* + * Is this an attempt to associate a new OpenID with an account that is already logged in? + */ + if ( (WCC->logged_in) && (havebstr("attach_existing")) ) { display_openids(); - FreeStrBuf(&result); - FreeStrBuf(&username); - FreeStrBuf(&password); - FreeStrBuf(&claimed_id); - FreeStrBuf(&logged_in_response); - return; } /* If this operation logged us in, either by connecting with an existing account or by * auto-creating one using Simple Registration Extension, we're already on our way. */ - if (!strcasecmp(ChrPtr(result), "authenticate")) { + else if (!strcasecmp(ChrPtr(result), "authenticate")) { become_logged_in(username, password, logged_in_response); + + /* Did we manage to log in? If so, continue with the normal flow... */ + if (WC->logged_in) { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + do_template("authpopup_finished"); + end_burst(); + } else { + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + wc_printf(_("An error has occurred.")); + wc_printf(""); + end_burst(); + } } - /* The specified OpenID was verified but the desired user name was either not specified via SRI + /* The specified OpenID was verified but the desired user name was either not specified via SRE * or conflicts with an existing user. Either way the user will need to specify a new name. */ - else if (!strcasecmp(ChrPtr(result), "verify_only")) { putbstr("__claimed_id", claimed_id); claimed_id = NULL; @@ -434,19 +387,22 @@ void finalize_openid_login(void) username = NULL; } begin_burst(); - do_template("openid_manual_create", NULL); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + do_template("openid_manual_create"); + wc_printf(""); end_burst(); } - /* Did we manage to log in? If so, continue with the normal flow... */ - else if (WC->logged_in) { - if (WC->need_regi) { - display_reg(1); - } else { - do_welcome(); - } - } else { - display_openid_login(_("Your password was not accepted.")); + /* Something went VERY wrong if we get to this point */ + else { + syslog(1, "finalize_openid_login() failed to do anything. This is a code problem.\n"); + begin_burst(); + output_headers(1, 0, 0, 0, 1, 0); + wc_printf(""); + wc_printf(_("An error has occurred.")); + wc_printf(""); + end_burst(); } FreeStrBuf(&result); @@ -477,23 +433,17 @@ void do_welcome(void) if (!setup_wizard) { int len; sprintf(wizard_filename, "setupwiz.%s.%s", - ctdlhost, ctdlport); - len = strlen(wizard_filename); - for (i=0; i