X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fmodules%2Fopenid%2Fserv_openid_rp.c;h=2e65c1acc2bdb76136603fe1cfed967e24529c7b;hb=8c47559cb5ae97ec0fa35660ee16fd61a9451c72;hp=7bd6867e681cfe47891ab1a20d44f054daf8fc78;hpb=21bb16339cb082e159289757403cc2b7c8884c2d;p=citadel.git diff --git a/citadel/modules/openid/serv_openid_rp.c b/citadel/modules/openid/serv_openid_rp.c index 7bd6867e6..2e65c1acc 100644 --- a/citadel/modules/openid/serv_openid_rp.c +++ b/citadel/modules/openid/serv_openid_rp.c @@ -3,6 +3,21 @@ * * This is an implementation of OpenID 1.1 Relying Party support, in stateless mode. * + * Copyright (c) 2007-2009 by the citadel.org team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "sysdep.h" @@ -38,7 +53,8 @@ struct ctdl_openid { char claimed_id[1024]; char server[1024]; - int validated; + int verified; + HashList *sreg_keys; }; @@ -77,6 +93,7 @@ int attach_openid(struct ctdluser *who, char *claimed_id) long fetched_usernum; char *data; int data_len; + char buf[2048]; if (!who) return(1); if (!claimed_id) return(1); @@ -110,12 +127,15 @@ int attach_openid(struct ctdluser *who, char *claimed_id) cdb_store(CDB_OPENID, claimed_id, strlen(claimed_id), data, data_len); free(data); - CtdlLogPrintf(CTDL_INFO, "%s has been associated with %s (%ld)\n", - claimed_id, who->fullname, who->usernum); + snprintf(buf, sizeof buf, "User <%s> (#%ld) has claimed the OpenID URL %s\n", + who->fullname, who->usernum, claimed_id); + aide_message(buf, "OpenID claim"); + CtdlLogPrintf(CTDL_INFO, "%s", buf); return(0); } + /* * When a user is being deleted, we have to delete any OpenID associations */ @@ -126,7 +146,8 @@ void openid_purge(struct ctdluser *usbuf) { char *deleteme = NULL; long len; void *Value; - char *Key; + const char *Key; + long usernum = 0L; keys = NewHash(1, NULL); if (!keys) return; @@ -135,7 +156,8 @@ void openid_purge(struct ctdluser *usbuf) { cdb_rewind(CDB_OPENID); while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { if (cdboi->len > sizeof(long)) { - if (((long)*(cdboi->ptr)) == usbuf->usernum) { + memcpy(&usernum, cdboi->ptr, sizeof(long)); + if (usernum == usbuf->usernum) { deleteme = strdup(cdboi->ptr + sizeof(long)), Put(keys, deleteme, strlen(deleteme), deleteme, generic_free_handler); } @@ -145,7 +167,7 @@ void openid_purge(struct ctdluser *usbuf) { /* Go through the hash list, deleting keys we stored in it */ - HashPos = GetNewHashPos(); + HashPos = GetNewHashPos(keys, 0); while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) { CtdlLogPrintf(CTDL_DEBUG, "Deleting associated OpenID <%s>\n", Value); @@ -163,6 +185,7 @@ void openid_purge(struct ctdluser *usbuf) { */ void cmd_oidl(char *argbuf) { struct cdbdata *cdboi; + long usernum = 0L; if (CtdlAccessCheck(ac_logged_in)) return; cdb_rewind(CDB_OPENID); @@ -170,7 +193,8 @@ void cmd_oidl(char *argbuf) { while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { if (cdboi->len > sizeof(long)) { - if (((long)*(cdboi->ptr)) == CC->user.usernum) { + memcpy(&usernum, cdboi->ptr, sizeof(long)); + if (usernum == CC->user.usernum) { cprintf("%s\n", cdboi->ptr + sizeof(long)); } } @@ -180,6 +204,152 @@ void cmd_oidl(char *argbuf) { } +/* + * List ALL OpenIDs in the database + */ +void cmd_oida(char *argbuf) { + struct cdbdata *cdboi; + long usernum; + struct ctdluser usbuf; + + if (CtdlAccessCheck(ac_aide)) return; + cdb_rewind(CDB_OPENID); + cprintf("%d List of all OpenIDs in the database:\n", LISTING_FOLLOWS); + + while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { + if (cdboi->len > sizeof(long)) { + memcpy(&usernum, cdboi->ptr, sizeof(long)); + if (getuserbynumber(&usbuf, usernum) != 0) { + usbuf.fullname[0] = 0; + } + cprintf("%s|%ld|%s\n", + cdboi->ptr + sizeof(long), + usernum, + usbuf.fullname + ); + } + cdb_free(cdboi); + } + cprintf("000\n"); +} + + +/* + * Attempt to register (populate the vCard) the currently-logged-in user + * using the data from Simple Registration Extension, if present. + */ +void populate_vcard_from_sreg(HashList *sreg_keys) { + + struct vCard *v; + int pop = 0; /* number of fields populated */ + char *data = NULL; + char *postcode = NULL; + char *country = NULL; + + if (!sreg_keys) return; + v = vcard_new(); + if (!v) return; + + if (GetHash(sreg_keys, "identity", 8, (void *) &data)) { + vcard_add_prop(v, "url;type=openid", data); + ++pop; + } + + if (GetHash(sreg_keys, "sreg.email", 10, (void *) &data)) { + vcard_add_prop(v, "email;internet", data); + ++pop; + } + + if (GetHash(sreg_keys, "sreg.nickname", 13, (void *) &data)) { + vcard_add_prop(v, "nickname", data); + ++pop; + } + + if (GetHash(sreg_keys, "sreg.fullname", 13, (void *) &data)) { + char n[256]; + vcard_add_prop(v, "fn", data); + vcard_fn_to_n(n, data, sizeof n); + vcard_add_prop(v, "n", n); + ++pop; + } + + if (!GetHash(sreg_keys, "sreg.postcode", 13, (void *) &postcode)) { + postcode = NULL; + } + + if (!GetHash(sreg_keys, "sreg.country", 12, (void *) &country)) { + country = NULL; + } + + if (postcode || country) { + char adr[256]; + snprintf(adr, sizeof adr, ";;;;;%s;%s", + (postcode ? postcode : ""), + (country ? country : "") + ); + vcard_add_prop(v, "adr", adr); + ++pop; + } + + if (GetHash(sreg_keys, "sreg.dob", 8, (void *) &data)) { + vcard_add_prop(v, "bday", data); + ++pop; + } + + if (GetHash(sreg_keys, "sreg.gender", 11, (void *) &data)) { + vcard_add_prop(v, "x-funambol-gender", data); + ++pop; + } + + /* Only save the vCard if there is some useful data in it */ + if (pop > 0) { + char *ser; + ser = vcard_serialize(v); + if (ser) { + CtdlWriteObject(USERCONFIGROOM, "text/x-vcard", + ser, strlen(ser)+1, &CC->user, 0, 0, 0 + ); + free(ser); + } + } + vcard_free(v); +} + + +/* + * Create a new user account, manually specifying the name, after successfully + * verifying an OpenID (which will of course be attached to the account) + */ +void cmd_oidc(char *argbuf) { + struct ctdl_openid *oiddata = (struct ctdl_openid *) CC->openid_data; + + if (!oiddata) { + cprintf("%d You have not verified an OpenID yet.\n", ERROR); + return; + } + + if (!oiddata->verified) { + cprintf("%d You have not verified an OpenID yet.\n", ERROR); + return; + } + + /* We can make the semantics of OIDC exactly the same as NEWU, simply + * by _calling_ cmd_newu() and letting it run. Very clever! + */ + cmd_newu(argbuf); + + /* Now, if this logged us in, we have to attach the OpenID */ + if (CC->logged_in) { + attach_openid(&CC->user, oiddata->claimed_id); + if (oiddata->sreg_keys != NULL) { + populate_vcard_from_sreg(oiddata->sreg_keys); + } + } + +} + + + /* * Detach an OpenID from the currently logged in account @@ -188,6 +358,7 @@ void cmd_oidd(char *argbuf) { struct cdbdata *cdboi; char id_to_detach[1024]; int this_is_mine = 0; + long usernum = 0L; if (CtdlAccessCheck(ac_logged_in)) return; extract_token(id_to_detach, argbuf, 0, '|', sizeof id_to_detach); @@ -198,7 +369,8 @@ void cmd_oidd(char *argbuf) { cdb_rewind(CDB_OPENID); while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) { if (cdboi->len > sizeof(long)) { - if (((long)*(cdboi->ptr)) == CC->user.usernum) { + memcpy(&usernum, cdboi->ptr, sizeof(long)); + if (usernum == CC->user.usernum) { this_is_mine = 1; } } @@ -220,7 +392,7 @@ void cmd_oidd(char *argbuf) { /* * Attempt to auto-create a new Citadel account using the nickname from Simple Registration Extension */ -int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys) +int openid_create_user_via_sreg(char *claimed_id, HashList *sreg_keys) { char *desired_name = NULL; char new_password[32]; @@ -228,7 +400,7 @@ int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys) if (config.c_auth_mode != AUTHMODE_NATIVE) return(1); if (config.c_disable_newu) return(2); if (CC->logged_in) return(3); - if (!GetHash(sri_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4); + if (!GetHash(sreg_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4); CtdlLogPrintf(CTDL_DEBUG, "The desired account name is <%s>\n", desired_name); @@ -244,19 +416,10 @@ int openid_create_user_via_sri(char *claimed_id, HashList *sri_keys) snprintf(new_password, sizeof new_password, "%08lx%08lx", random(), random()); CtdlSetPassword(new_password); attach_openid(&CC->user, claimed_id); + populate_vcard_from_sreg(sreg_keys); return(0); } -// FIXME we still have to set up the vCard - -// identity = [50] http://uncensored.citadel.org/~ajc/MyID.config.php -// sreg.nickname = [17] IGnatius T Foobar -// sreg.email = [26] ajc@uncensored.citadel.org -// sreg.fullname = [10] Art Cancro -// sreg.postcode = [5] 10549 -// sreg.country = [2] US - - /* * If a user account exists which is associated with the Claimed ID, log it in and return zero. @@ -433,7 +596,12 @@ int fetch_http(char *url, char *target_buf, int maxbytes, int normalize_len) curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fh_callback); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errmsg); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); +#ifdef CURLOPT_HTTP_CONTENT_DECODING + curl_easy_setopt(curl, CURLOPT_HTTP_CONTENT_DECODING, 1); + curl_easy_setopt(curl, CURLOPT_ENCODING, ""); +#endif curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180); /* die after 180 seconds */ if (!IsEmptyStr(config.c_ip_addr)) { curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); } @@ -461,16 +629,13 @@ void cmd_oids(char *argbuf) { struct CitContext *CCC = CC; /* CachedCitContext - performance boost */ struct ctdl_openid *oiddata; - /* commented out because we may be attempting to attach an OpenID to - * an existing account that is logged in - * - if (CCC->logged_in) { - cprintf("%d Already logged in.\n", ERROR + ALREADY_LOGGED_IN); - return; - } - */ + oiddata = (struct ctdl_openid *) CCC->openid_data; - if (CCC->openid_data != NULL) { + if (oiddata != NULL) { + if (oiddata->sreg_keys != NULL) { + DeleteHash(&oiddata->sreg_keys); + oiddata->sreg_keys = NULL; + } free(CCC->openid_data); } oiddata = malloc(sizeof(struct ctdl_openid)); @@ -484,7 +649,7 @@ void cmd_oids(char *argbuf) { extract_token(oiddata->claimed_id, argbuf, 0, '|', sizeof oiddata->claimed_id); extract_token(return_to, argbuf, 1, '|', sizeof return_to); extract_token(trust_root, argbuf, 2, '|', sizeof trust_root); - oiddata->validated = 0; + oiddata->verified = 0; i = fetch_http(oiddata->claimed_id, buf, sizeof buf - 1, sizeof oiddata->claimed_id); CtdlLogPrintf(CTDL_DEBUG, "Normalized URL and Claimed ID is: %s\n", oiddata->claimed_id); @@ -516,7 +681,7 @@ void cmd_oids(char *argbuf) { urlesc(escaped_return_to, sizeof escaped_return_to, return_to); urlesc(escaped_trust_root, sizeof escaped_trust_root, trust_root); urlesc(escaped_sreg_optional, sizeof escaped_sreg_optional, - "nickname,email,fullname,postcode,country"); + "nickname,email,fullname,postcode,country,dob,gender"); snprintf(redirect_string, sizeof redirect_string, "%s" @@ -651,7 +816,12 @@ void cmd_oidf(char *argbuf) { curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errmsg); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); +#ifdef CURLOPT_HTTP_CONTENT_DECODING + curl_easy_setopt(curl, CURLOPT_HTTP_CONTENT_DECODING, 1); + curl_easy_setopt(curl, CURLOPT_ENCODING, ""); +#endif curl_easy_setopt(curl, CURLOPT_USERAGENT, CITADEL); + curl_easy_setopt(curl, CURLOPT_TIMEOUT, 180); /* die after 180 seconds */ if (!IsEmptyStr(config.c_ip_addr)) { curl_easy_setopt(curl, CURLOPT_INTERFACE, config.c_ip_addr); } @@ -666,26 +836,28 @@ void cmd_oidf(char *argbuf) { valbuf[fh.total_bytes_received] = 0; if (bmstrcasestr(valbuf, "is_valid:true")) { - oiddata->validated = 1; + oiddata->verified = 1; } - CtdlLogPrintf(CTDL_DEBUG, "Authentication %s.\n", (oiddata->validated ? "succeeded" : "failed") ); + CtdlLogPrintf(CTDL_DEBUG, "Authentication %s.\n", (oiddata->verified ? "succeeded" : "failed") ); /* Respond to the client */ - if (oiddata->validated) { + if (oiddata->verified) { /* If we were already logged in, attach the OpenID to the user's account */ if (CC->logged_in) { if (attach_openid(&CC->user, oiddata->claimed_id) == 0) { cprintf("attach\n"); + CtdlLogPrintf(CTDL_DEBUG, "OpenID attach succeeded\n"); } else { cprintf("fail\n"); + CtdlLogPrintf(CTDL_DEBUG, "OpenID attach failed\n"); } } - /* Otherwise, a user is attempting to log in using the validated OpenID */ + /* Otherwise, a user is attempting to log in using the verified OpenID */ else { /* * Existing user who has claimed this OpenID? @@ -698,20 +870,42 @@ void cmd_oidf(char *argbuf) { if (login_via_openid(oiddata->claimed_id) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); + CtdlLogPrintf(CTDL_DEBUG, "Logged in using previously claimed OpenID\n"); + } + + /* + * If this system does not allow self-service new user registration, the + * remaining modes do not apply, so fail here and now. + */ + else if (config.c_disable_newu) { + cprintf("fail\n"); + CtdlLogPrintf(CTDL_DEBUG, "Creating user failed due to local policy\n"); } /* * New user whose OpenID is verified and Simple Registration Extension is in use? */ - else if (openid_create_user_via_sri(oiddata->claimed_id, keys) == 0) { + else if (openid_create_user_via_sreg(oiddata->claimed_id, keys) == 0) { cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password); logged_in_response(); + CtdlLogPrintf(CTDL_DEBUG, "Successfully auto-created new user\n"); } - /* FIXME right here we have to handle manual account creation */ - + /* + * OpenID is verified, but the desired username either was not specified or + * conflicts with an existing user. Manual account creation is required. + */ else { - cprintf("fail\n"); + char *desired_name = NULL; + cprintf("verify_only\n"); + cprintf("%s\n", oiddata->claimed_id); + if (GetHash(keys, "sreg.nickname", 13, (void *) &desired_name)) { + cprintf("%s\n", desired_name); + } + else { + cprintf("\n"); + } + CtdlLogPrintf(CTDL_DEBUG, "The desired Simple Registration name is already taken.\n"); } } } @@ -720,21 +914,11 @@ void cmd_oidf(char *argbuf) { } cprintf("000\n"); - /* - * We will eventually do something with the data in the hash list. - * - long len; - void *Value; - char *Key; - HashPos *HashPos; - HashPos = GetNewHashPos(); - while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0) - { + if (oiddata->sreg_keys != NULL) { + DeleteHash(&oiddata->sreg_keys); + oiddata->sreg_keys = NULL; } - DeleteHashPos(&HashPos); - */ - - DeleteHash(&keys); /* This will free() all the key data for us */ + oiddata->sreg_keys = keys; } @@ -750,30 +934,37 @@ void cmd_oidf(char *argbuf) { * This cleanup function blows away the temporary memory used by this module. */ void openid_cleanup_function(void) { + struct ctdl_openid *oiddata = (struct ctdl_openid *) CC->openid_data; - if (CC->openid_data != NULL) { - free(CC->openid_data); + if (oiddata != NULL) { + CtdlLogPrintf(CTDL_DEBUG, "Clearing OpenID session state\n"); + if (oiddata->sreg_keys != NULL) { + DeleteHash(&oiddata->sreg_keys); + oiddata->sreg_keys = NULL; + } + free(oiddata); } } CTDL_MODULE_INIT(openid_rp) { - if (!threading) - { + if (!threading) { curl_global_init(CURL_GLOBAL_ALL); - CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication"); - CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication"); - CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account"); - CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account"); - CtdlRegisterSessionHook(openid_cleanup_function, EVT_STOP); + + /* Only enable the OpenID command set when native mode authentication is in use. */ + if (config.c_auth_mode == AUTHMODE_NATIVE) { + CtdlRegisterProtoHook(cmd_oids, "OIDS", "Setup OpenID authentication"); + CtdlRegisterProtoHook(cmd_oidf, "OIDF", "Finalize OpenID authentication"); + CtdlRegisterProtoHook(cmd_oidl, "OIDL", "List OpenIDs associated with an account"); + CtdlRegisterProtoHook(cmd_oidd, "OIDD", "Detach an OpenID from an account"); + CtdlRegisterProtoHook(cmd_oidc, "OIDC", "Create new user after validating OpenID"); + CtdlRegisterProtoHook(cmd_oida, "OIDA", "List all OpenIDs in the database"); + } + CtdlRegisterSessionHook(openid_cleanup_function, EVT_LOGOUT); CtdlRegisterUserHook(openid_purge, EVT_PURGEUSER); } /* return our Subversion id for the Log */ return "$Id$"; } - - -/* FIXME ... we have to add the new openid database to serv_vandelay.c */ -