From: Art Cancro <ajc@citadel.org>
Date: Fri, 6 Jun 2008 03:50:43 +0000 (+0000)
Subject: * When not using native auth mode, do not enable the OpenID server command set.
X-Git-Tag: v7.86~2163
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=ffec2afac9c6c3e389543bf938042792e0c69b6a

* When not using native auth mode, do not enable the OpenID server command set.
* When self-service new user account creation is disabled, do not allow account creation via OpenID.
---

diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c
index 44f087d80..3b0b639a6 100644
--- a/citadel/modules/openid/serv_openid_rp.c
+++ b/citadel/modules/openid/serv_openid_rp.c
@@ -809,6 +809,14 @@ void cmd_oidf(char *argbuf) {
 				logged_in_response();
 			}
 
+			/*
+			 * If this system does not allow self-service new user registration, the
+			 * remaining modes do not apply, so fail here and now.
+			 */
+			else if (config.c_disable_newu) {
+				cprintf("fail\n");
+			}
+
 			/*
 			 * New user whose OpenID is verified and Simple Registration Extension is in use?
 			 */
@@ -874,14 +882,17 @@ void openid_cleanup_function(void) {
 
 CTDL_MODULE_INIT(openid_rp)
 {
-	if (!threading)
-	{
+	if (!threading) {
 		curl_global_init(CURL_GLOBAL_ALL);
-		CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication");
-		CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
-		CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account");
-		CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account");
-		CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create a new user after validating an OpenID");
+
+		/* Only enable the OpenID command set when native mode authentication is in use. */
+		if (config.c_auth_mode == AUTHMODE_NATIVE) {
+			CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication");
+			CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication");
+			CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account");
+			CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account");
+			CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create new user after validating OpenID");
+		}
 		CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT);
 		CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER);
 	}