* When not using native auth mode, do not enable the OpenID server command set.

* When self-service new user account creation is disabled, do not allow account creation via OpenID.

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index 44f087d8016df1486c8366f0f9799e7045ccd393..3b0b639a68f989e30264906bb1b510266206cc3c 100644 (file)
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -809,6 +809,14 @@ void cmd_oidf(char *argbuf) {
                                logged_in_response();
                        }
 
+                       /*
+                        * If this system does not allow self-service new user registration, the
+                        * remaining modes do not apply, so fail here and now.
+                        */
+                       else if (config.c_disable_newu) {
+                               cprintf("fail\n");
+                       }
+
                        /*
                         * New user whose OpenID is verified and Simple Registration Extension is in use?
                         */
@@ -874,14 +882,17 @@ void openid_cleanup_function(void) {
 
 CTDL_MODULE_INIT(openid_rp)
 {
-       if (!threading)
-       {
+       if (!threading) {
                curl_global_init(CURL_GLOBAL_ALL);
-               CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication");
-               CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
-               CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account");
-               CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account");
-               CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create a new user after validating an OpenID");
+
+               /* Only enable the OpenID command set when native mode authentication is in use. */
+               if (config.c_auth_mode == AUTHMODE_NATIVE) {
+                       CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication");
+                       CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
+                       CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account");
+                       CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account");
+                       CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create new user after validating OpenID");
+               }
                CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT);
                CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER);
        }