From b708adb2005e3ef485c9b3db819b2802449e1371 Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Fri, 23 May 2008 19:42:42 +0000
Subject: [PATCH] In order to circumvent AOL's broken OpenID server, and save
 some time in the process, we're going to implement stateless mode instead. 
 Began implementation...

---
 citadel/modules/openid/serv_openid_rp.c | 184 ++----------------------
 webcit/auth.c                           |  36 ++++-
 2 files changed, 44 insertions(+), 176 deletions(-)

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index b30d594f0..6554e4219 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -33,16 +33,6 @@
 #include "ctdl_module.h"
 
 
-struct associate_handle {
-	char claimed_id[256];
-	char assoc_type[32];
-	time_t expiration_time;
-	char assoc_handle[256];
-	char mac_key[128];
-};
-
-HashList *HL = NULL;		// hash table of assoc_handle
-
 /* 
  * Locate a <link> tag and, given its 'rel=' parameter, return its 'href' parameter
  */
@@ -186,134 +176,6 @@ int fetch_http(char *url, char *target_buf, int maxbytes)
 }
 
 
-#define ASSOCIATE_RESPONSE_SIZE	4096
-
-/*
- * libcurl callback function for prepare_openid_associate_request()
- */
-size_t associate_callback(void *ptr, size_t size, size_t nmemb, void *stream)
-{
-	char *response = (char *) stream;
-	int got_bytes = (size * nmemb);
-	int len = strlen(response);
-
-	if ((len + got_bytes + 1) < ASSOCIATE_RESPONSE_SIZE) {
-		memcpy(&response[len], ptr, got_bytes);
-		response[len+got_bytes] = 0;
-	}
-
-	return got_bytes;
-}
-
-
-/*
- * Helper function for process_associate_response()
- * (Delete function for hash table)
- */
-void delete_assoc_handle(void *data) {
-	if (data) free(data);
-}
-
-
-/*
- * Process the response from an "associate" request
- */
-struct associate_handle *process_associate_response(char *claimed_id, char *associate_response)
-{
-	struct associate_handle *h = NULL;
-	char *ptr = associate_response;
-	char thisline[512];
-	char thiskey[256];
-	char thisdata[256];
-
-	h = (struct associate_handle *) malloc(sizeof(struct associate_handle));
-	safestrncpy(h->claimed_id, claimed_id, sizeof h->claimed_id);
-
-	do {
-		ptr = memreadline(ptr, thisline, sizeof thisline);
-		extract_token(thiskey, thisline, 0, ':', sizeof thiskey);
-		extract_token(thisdata, thisline, 1, ':', sizeof thisdata);
-
-		CtdlLogPrintf(CTDL_DEBUG, "Associate response: key:<%s> data:<%s>\n", thiskey, thisdata);
-
-		if (!strcasecmp(thiskey, "assoc_type")) {
-			safestrncpy(h->assoc_type, thisdata, sizeof h->assoc_type);
-		}
-		else if (!strcasecmp(thiskey, "expires_in")) {
-			h->expiration_time = time(NULL) + atol(thisdata);
-		}
-		else if (!strcasecmp(thiskey, "assoc_handle")) {
-			safestrncpy(h->assoc_handle, thisdata, sizeof h->assoc_handle);
-		}
-		else if (!strcasecmp(thiskey, "mac_key")) {
-			safestrncpy(h->mac_key, thisdata, sizeof h->mac_key);
-		}
-
-	} while (*ptr);
-
-	/* Add this data structure into the hash table */
-	Put(HL, h->assoc_handle, strlen(h->assoc_handle), h, delete_assoc_handle);
-
-	/* FIXME periodically purge the hash table of expired handles */
-
-	return h;
-}
-
-
-
-/*
- * Establish a shared secret with an OpenID Identity Provider by sending
- * an "associate" request.
- */
-struct associate_handle *prepare_openid_associate_request(
-		char *claimed_id, char *openid_server, char *openid_delegate)
-{
-	CURL *curl;
-	CURLcode res;
-	struct curl_httppost *formpost=NULL;
-	struct curl_httppost *lastptr=NULL;
-	char associate_response[ASSOCIATE_RESPONSE_SIZE];
-	struct associate_handle *h = NULL;
-
-	memset(associate_response, 0, ASSOCIATE_RESPONSE_SIZE);
-
-	curl_formadd(&formpost,
-			&lastptr,
-			CURLFORM_COPYNAME,	"openid.mode",
-			CURLFORM_COPYCONTENTS,	"associate",
-			CURLFORM_END
-	);
-
-	curl_formadd(&formpost,
-			&lastptr,
-			CURLFORM_COPYNAME,	"openid.session_type",
-			CURLFORM_COPYCONTENTS,	"",
-			CURLFORM_END
-	);
-
-	curl = curl_easy_init();
-	if (curl) {
-		curl_easy_setopt(curl, CURLOPT_URL, openid_server);
-		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
-		curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
-		curl_easy_setopt(curl, CURLOPT_WRITEDATA, associate_response);
-		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, associate_callback);
-		curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
-			
-		curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
-		res = curl_easy_perform(curl);
-		h = process_associate_response(claimed_id, associate_response);
-		curl_easy_cleanup(curl);
-	}
-	curl_formfree(formpost);
-
-	return h;
-}
-
-
-
-
-
 /*
  * Setup an OpenID authentication
  */
@@ -323,7 +185,6 @@ void cmd_oids(char *argbuf) {
 	char trust_root[1024];
 	int i;
 	char buf[SIZ];
-	struct associate_handle *h = NULL;
 
 	if (CC->logged_in) {
 		cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN);
@@ -353,22 +214,14 @@ void cmd_oids(char *argbuf) {
 			safestrncpy(openid_delegate, openid_url, sizeof openid_delegate);
 		}
 
-		/*
-		 * Prepare an "associate" request.  This contacts the IdP and fetches
-		 * a data structure containing an assoc_handle plus a shared secret.
-		 */
-		h = prepare_openid_associate_request(openid_url, openid_server, openid_delegate);
-
 		/* Assemble a URL to which the user-agent will be redirected. */
 		char redirect_string[4096];
 		char escaped_identity[512];
 		char escaped_return_to[2048];
 		char escaped_trust_root[1024];
 		char escaped_sreg_optional[256];
-		char escaped_assoc_handle[512];
 
 		urlesc(escaped_identity, sizeof escaped_identity, openid_delegate);
-		urlesc(escaped_assoc_handle, sizeof escaped_assoc_handle, h->assoc_handle);
 		urlesc(escaped_return_to, sizeof escaped_return_to, return_to);
 		urlesc(escaped_trust_root, sizeof escaped_trust_root, trust_root);
 		urlesc(escaped_sreg_optional, sizeof escaped_sreg_optional,
@@ -378,19 +231,16 @@ void cmd_oids(char *argbuf) {
 			"%s"
 			"?openid.mode=checkid_setup"
 			"&openid.identity=%s"
-			"&openid.assoc_handle=%s"
 			"&openid.return_to=%s"
 			"&openid.trust_root=%s"
 			"&openid.sreg.optional=%s"
 			,
 			openid_server,
 			escaped_identity,
-			escaped_assoc_handle,
 			escaped_return_to,
 			escaped_trust_root,
 			escaped_sreg_optional
 		);
-		CtdlLogPrintf(CTDL_DEBUG, "Telling client about assoc_handle <%s>\n", h->assoc_handle);
 		cprintf("%d %s\n", CIT_OK, redirect_string);
 		return;
 	}
@@ -404,27 +254,20 @@ void cmd_oids(char *argbuf) {
  * Finalize an OpenID authentication
  */
 void cmd_oidf(char *argbuf) {
-	char assoc_handle[256];
-	char invalidate_handle[256];
-	struct associate_handle *h = NULL;
-
-	extract_token(assoc_handle, argbuf, 0, '|', sizeof assoc_handle);
-	extract_token(invalidate_handle, argbuf, 1, '|', sizeof assoc_handle);
-
-	if (GetHash(HL, assoc_handle, strlen(assoc_handle), (void *)&h)) {
-		cprintf("%d handle is good\n", CIT_OK);
-
-		// FIXME now do something with it
-
-	}
-	else {
-		if (GetHash(HL, invalidate_handle, strlen(invalidate_handle), (void *)&h)) {
-			cprintf("%d assoc_handle not found, but invalidate_handle was found\n", ERROR);
-		}
-		else {
-			cprintf("%d neither assoc_handle nor invalidate_handle found, wtf?\n", ERROR);
-		}
+	char buf[2048];
+	char thiskey[1024];
+	char thisdata[1024];
+	
+	cprintf("%d Transmit OpenID data now\n", START_CHAT_MODE);
+
+	while (client_getln(buf, sizeof buf), strcmp(buf, "000")) {
+		extract_token(thiskey, buf, 0, '|', sizeof thiskey);
+		extract_token(thisdata, buf, 1, '|', sizeof thisdata);
+		CtdlLogPrintf(CTDL_DEBUG, "%s: [%d] %s\n", thiskey, strlen(thisdata), thisdata);
 	}
+
+	cprintf("message|FIXME finish this\n");
+	cprintf("000\n");
 }
 
 
@@ -435,7 +278,6 @@ CTDL_MODULE_INIT(openid_rp)
 	if (!threading)
 	{
 		curl_global_init(CURL_GLOBAL_ALL);
-		HL = NewHash(1, NULL);
 	        CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication");
 	        CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
 	}
diff --git a/webcit/auth.c b/webcit/auth.c
index 023c54e55..c7d60f26f 100644
--- a/webcit/auth.c
+++ b/webcit/auth.c
@@ -308,6 +308,7 @@ void do_openid_login(void)
 void finalize_openid_login(void)
 {
 	char buf[1024];
+	struct wcsession *WCC = WC;
 
 	if (havebstr("openid.mode")) {
 		if (!strcasecmp(bstr("openid.mode"), "id_res")) {
@@ -325,13 +326,38 @@ void finalize_openid_login(void)
 // openid.sig = [28]  vixxxU4MAqWfxxxxCfrHv3TxxxhEw=
 
 			// FIXME id accepted but the code isn't finished
-			serv_printf("OIDF %s|%s",
-				bstr("openid.assoc_handle"),
-				bstr("openid.invalidate_handle")
+			serv_printf("OIDF %s",
+				bstr("openid.assoc_handle")
 			);
 			serv_getln(buf, sizeof buf);
-			display_openid_login(buf);
-			return;
+
+			if (buf[0] == '8') {
+
+
+				urlcontent *u;
+				void *U;
+				long HKLen;
+				char *HKey;
+				HashPos *Cursor;
+				
+				Cursor = GetNewHashPos ();
+				while (GetNextHashPos(WCC->urlstrings, Cursor, &HKLen, &HKey, &U)) {
+					u = (urlcontent*) U;
+					if (!strncasecmp(u->url_key, "openid.", 7)) {
+						serv_printf("%s|%s", &u->url_key[7], u->url_data);
+					}
+				}
+
+				serv_puts("000");
+
+				while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
+					// FIXME
+				}
+			}
+			else {
+				display_openid_login(&buf[4]);
+				return;
+			}
 
 		}
 	}
-- 
2.39.2