/*
* This is an implementation of OpenID 1.1 Relying Party support, in stateless mode.
*
- * Copyright (c) 2007-2010 by the citadel.org team
+ * Copyright (c) 2007-2011 by the citadel.org team
*
- * This program is free software; you can redistribute it and/or modify
+ * This program is open source software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "sysdep.h"
struct CitContext *CCC = CC; /* CachedCitContext - performance boost */
if (CCC->openid_data != NULL) {
- syslog(LOG_DEBUG, "Clearing OpenID session state\n");
+ syslog(LOG_DEBUG, "Clearing OpenID session state");
Free_ctdl_openid((ctdl_openid **) &CCC->openid_data);
}
}
cdb_free(cdboi);
if (fetched_usernum == who->usernum) {
- syslog(LOG_INFO, "%s already associated; no action is taken\n", ChrPtr(claimed_id));
+ syslog(LOG_INFO, "%s already associated; no action is taken", ChrPtr(claimed_id));
return(0);
}
else {
- syslog(LOG_INFO, "%s already belongs to another user\n", ChrPtr(claimed_id));
+ syslog(LOG_INFO, "%s already belongs to another user", ChrPtr(claimed_id));
return(3);
}
}
keys = NewHash(1, NULL);
if (!keys) return;
-
cdb_rewind(CDB_OPENID);
while (cdboi = cdb_next_item(CDB_OPENID), cdboi != NULL) {
if (cdboi->len > sizeof(long)) {
HashPos = GetNewHashPos(keys, 0);
while (GetNextHashPos(keys, HashPos, &len, &Key, &Value)!=0)
{
- syslog(LOG_DEBUG, "Deleting associated OpenID <%s>\n", (char*)Value);
+ syslog(LOG_DEBUG, "Deleting associated OpenID <%s>", (char*)Value);
cdb_delete(CDB_OPENID, Value, strlen(Value));
/* note: don't free(Value) -- deleting the hash list will handle this for us */
}
}
-
/*
* List the OpenIDs associated with the currently logged in account
*/
}
-
-
/*
* Detach an OpenID from the currently logged in account
*/
if (CC->logged_in) return(3);
if (!GetHash(sreg_keys, "sreg.nickname", 13, (void *) &desired_name)) return(4);
- syslog(LOG_DEBUG, "The desired account name is <%s>\n", desired_name);
+ syslog(LOG_DEBUG, "The desired account name is <%s>", desired_name);
len = cutuserkey(desired_name);
if (!CtdlGetUser(&CC->user, desired_name)) {
- syslog(LOG_DEBUG, "<%s> is already taken by another user.\n", desired_name);
+ syslog(LOG_DEBUG, "<%s> is already taken by another user.", desired_name);
memset(&CC->user, 0, sizeof(struct ctdluser));
return(5);
}
curl = curl_easy_init();
if (!curl) {
- syslog(LOG_ALERT, "Unable to initialize libcurl.\n");
+ syslog(LOG_ALERT, "Unable to initialize libcurl.");
return(-1);
}
}
res = curl_easy_perform(curl);
if (res) {
- syslog(LOG_DEBUG, "fetch_http() libcurl error %d: %s\n", res, errmsg);
+ syslog(LOG_DEBUG, "fetch_http() libcurl error %d: %s", res, errmsg);
}
curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &effective_url);
StrBufPlain(url, effective_url, -1);
oiddata->verified = 0;
i = fetch_http(oiddata->claimed_id, &ReplyBuf);
- syslog(LOG_DEBUG, "Normalized URL and Claimed ID is: %s\n",
- ChrPtr(oiddata->claimed_id));
+ syslog(LOG_DEBUG, "Normalized URL and Claimed ID is: %s", ChrPtr(oiddata->claimed_id));
if ((StrLength(ReplyBuf) > 0) && (i > 0)) {
openid_delegate = NewStrBuf();
if (len < 0)
len = sizeof(thiskey) - 1;
extract_token(thisdata, buf, 1, '|', sizeof thisdata);
- syslog(LOG_DEBUG, "%s: ["SIZE_T_FMT"] %s\n", thiskey, strlen(thisdata), thisdata);
+ syslog(LOG_DEBUG, "%s: ["SIZE_T_FMT"] %s", thiskey, strlen(thisdata), thisdata);
Put(keys, thiskey, len, strdup(thisdata), NULL);
}
/* Now that we have all of the parameters, we have to validate the signature against the server */
- syslog(LOG_DEBUG, "About to validate the signature...\n");
+ syslog(LOG_DEBUG, "About to validate the signature...");
CURL *curl;
CURLcode res;
CURLFORM_COPYNAME, "openid.mode",
CURLFORM_COPYCONTENTS, "check_authentication",
CURLFORM_END);
- syslog(LOG_DEBUG, "%25s : %s\n", "openid.mode", "check_authentication");
+ syslog(LOG_DEBUG, "%25s : %s", "openid.mode", "check_authentication");
if (GetHash(keys, "assoc_handle", 12, (void *) &o_assoc_handle)) {
curl_formadd(&formpost, &lastptr,
CURLFORM_COPYNAME, "openid.assoc_handle",
CURLFORM_COPYCONTENTS, o_assoc_handle,
CURLFORM_END);
- syslog(LOG_DEBUG, "%25s : %s\n", "openid.assoc_handle", o_assoc_handle);
+ syslog(LOG_DEBUG, "%25s : %s", "openid.assoc_handle", o_assoc_handle);
}
if (GetHash(keys, "sig", 3, (void *) &o_sig)) {
CURLFORM_COPYNAME, "openid.sig",
CURLFORM_COPYCONTENTS, o_sig,
CURLFORM_END);
- syslog(LOG_DEBUG, "%25s : %s\n", "openid.sig", o_sig);
+ syslog(LOG_DEBUG, "%25s : %s", "openid.sig", o_sig);
}
if (GetHash(keys, "signed", 6, (void *) &o_signed)) {
CURLFORM_COPYNAME, "openid.signed",
CURLFORM_COPYCONTENTS, o_signed,
CURLFORM_END);
- syslog(LOG_DEBUG, "%25s : %s\n", "openid.signed", o_signed);
+ syslog(LOG_DEBUG, "%25s : %s", "openid.signed", o_signed);
num_signed_values = num_tokens(o_signed, ',');
for (i=0; i<num_signed_values; ++i) {
CURLFORM_COPYNAME, k_o_keyname,
CURLFORM_COPYCONTENTS, k_value,
CURLFORM_END);
- syslog(LOG_DEBUG, "%25s : %s\n", k_o_keyname, k_value);
+ syslog(LOG_DEBUG, "%25s : %s", k_o_keyname, k_value);
}
else {
- syslog(LOG_INFO, "OpenID: signed field '%s' is missing\n",
+ syslog(LOG_INFO, "OpenID: signed field '%s' is missing",
k_keyname);
}
}
res = curl_easy_perform(curl);
if (res) {
- syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s\n", res, errmsg);
+ syslog(LOG_DEBUG, "cmd_oidf() libcurl error %d: %s", res, errmsg);
}
curl_easy_cleanup(curl);
curl_formfree(formpost);
}
FreeStrBuf(&ReplyBuf);
- syslog(LOG_DEBUG, "Authentication %s.\n", (oiddata->verified ? "succeeded" : "failed") );
+ syslog(LOG_DEBUG, "Authentication %s.", (oiddata->verified ? "succeeded" : "failed") );
/* Respond to the client */
if (CC->logged_in) {
if (attach_openid(&CC->user, oiddata->claimed_id) == 0) {
cprintf("attach\n");
- syslog(LOG_DEBUG, "OpenID attach succeeded\n");
+ syslog(LOG_DEBUG, "OpenID attach succeeded");
}
else {
cprintf("fail\n");
- syslog(LOG_DEBUG, "OpenID attach failed\n");
+ syslog(LOG_DEBUG, "OpenID attach failed");
}
}
if (login_via_openid(oiddata->claimed_id) == 0) {
cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
logged_in_response();
- syslog(LOG_DEBUG, "Logged in using previously claimed OpenID\n");
+ syslog(LOG_DEBUG, "Logged in using previously claimed OpenID");
}
/*
*/
else if (config.c_disable_newu) {
cprintf("fail\n");
- syslog(LOG_DEBUG, "Creating user failed due to local policy\n");
+ syslog(LOG_DEBUG, "Creating user failed due to local policy");
}
/*
else if (openid_create_user_via_sreg(oiddata->claimed_id, keys) == 0) {
cprintf("authenticate\n%s\n%s\n", CC->user.fullname, CC->user.password);
logged_in_response();
- syslog(LOG_DEBUG, "Successfully auto-created new user\n");
+ syslog(LOG_DEBUG, "Successfully auto-created new user");
}
/*
else {
cprintf("\n");
}
- syslog(LOG_DEBUG, "The desired Simple Registration name is already taken.\n");
+ syslog(LOG_DEBUG, "The desired Simple Registration name is already taken.");
}
}
}
else if (!strncmp(argv[a], "-h", 2)) {
relh=argv[a][2]!='/';
- if (!relh) safestrncpy(ctdl_home_directory, &argv[a][2],
- sizeof ctdl_home_directory);
- else
- safestrncpy(relhome, &argv[a][2],
- sizeof relhome);
+ if (!relh) {
+ safestrncpy(ctdl_home_directory, &argv[a][2], sizeof ctdl_home_directory);
+ }
+ else {
+ safestrncpy(relhome, &argv[a][2], sizeof relhome);
+ }
home=1;
}
}
else if (!strncmp(argv[a], "-t", 2)) {
- if (freopen(&argv[a][2], "w", stderr) != stderr)
- {
- syslog(LOG_EMERG,
- "unable to open your trace log [%s]: %s",
- &argv[a][2],
- strerror(errno));
- exit(1);
- }
+ /* deprecated */
}
else if (!strncmp(argv[a], "-D", 2)) {
/* -r tells the server not to drop root permissions. don't use
* this unless you know what you're doing. this should be
* removed in the next release if it proves unnecessary. */
- else if (!strcmp(argv[a], "-r"))
+ else if (!strcmp(argv[a], "-r")) {
drop_root_perms = 0;
+ }
/* any other parameter makes it crash and burn */
else {
"citserver "
"[-lLogFacility] "
"[-d] [-D] [-s] "
- "[-tTraceFile] "
"[-hHomeDir]\n"
);
exit(1);
/*
* Load any server-side extensions available here.
*/
- syslog(LOG_INFO, "Initializing server extensions\n");
+ syslog(LOG_INFO, "Initializing server extensions");
initialise_modules(0);
#endif // HAVE_GETPWUID_R
if (pwp == NULL)
- syslog(LOG_CRIT, "WARNING: getpwuid(%ld): %s\n"
+ syslog(LOG_CRIT, "WARNING: getpwuid(%ld): %s"
"Group IDs will be incorrect.\n", (long)CTDLUID,
strerror(errno));
else {
initgroups(pw.pw_name, pw.pw_gid);
if (setgid(pw.pw_gid))
- syslog(LOG_CRIT, "setgid(%ld): %s\n", (long)pw.pw_gid,
+ syslog(LOG_CRIT, "setgid(%ld): %s", (long)pw.pw_gid,
strerror(errno));
}
- syslog(LOG_INFO, "Changing uid to %ld\n", (long)CTDLUID);
+ syslog(LOG_INFO, "Changing uid to %ld", (long)CTDLUID);
if (setuid(CTDLUID) != 0) {
- syslog(LOG_CRIT, "setuid() failed: %s\n", strerror(errno));
+ syslog(LOG_CRIT, "setuid() failed: %s", strerror(errno));
}
#if defined (HAVE_SYS_PRCTL_H) && defined (PR_SET_DUMPABLE)
prctl(PR_SET_DUMPABLE, 1);
&& (!strcasecmp(ChrPtr(Hdr->c_password), ChrPtr(sptr->wc_password)))
&& (sptr->killthis == 0)
) {
- syslog(LOG_DEBUG, "\033[32m-- matched a session with the same http-auth\033[0m");
+ syslog(LOG_DEBUG, "Matched a session with the same http-auth");
TheSession = sptr;
}
break;
if ( (Hdr->HR.desired_session != 0)
&& (sptr->wc_session == Hdr->HR.desired_session)
) {
- syslog(LOG_DEBUG, "\033[32m-- matched a session with the same cookie\033[0m");
+ syslog(LOG_DEBUG, "Matched a session with the same cookie");
TheSession = sptr;
}
break;
case NO_AUTH:
/* Any unbound session is a candidate */
if ( (sptr->wc_session == 0) && (sptr->inuse == 0) ) {
- syslog(LOG_DEBUG, "\033[32m-- reusing an unbound session\033[0m");
+ syslog(LOG_DEBUG, "Reusing an unbound session");
TheSession = sptr;
}
break;
}
CtdlLogResult(pthread_mutex_unlock(ListMutex));
if (TheSession == NULL) {
- syslog(LOG_DEBUG, "\033[32m-- no existing session was matched\033[0m");
+ syslog(LOG_DEBUG, "No existing session was matched");
}
return TheSession;
}
TheSession = CreateSession(1, 0, &SessionList, Hdr, &SessionListMutex);
}
- /*
- * If a language was requested via a cookie, select that language now.
- */
- if (StrLength(Hdr->c_language) > 0) {
- syslog(9, "Session cookie requests language '%s'", ChrPtr(Hdr->c_language));
- set_selected_language(ChrPtr(Hdr->c_language));
- go_selected_language();
- }
-
/*
* Reject transactions which require http-auth, if http-auth was not provided
*/
&& (Hdr->HR.Handler != NULL)
&& ((XHTTP_COMMANDS & Hdr->HR.Handler->Flags) == XHTTP_COMMANDS)
) {
- syslog(LOG_DEBUG, "\033[35m -- http-auth required but not provided\033[0m");
+ syslog(LOG_DEBUG, "http-auth required but not provided");
OverrideRequest(Hdr, HKEY("GET /401 HTTP/1.0"));
Hdr->HR.prohibit_caching = 1;
- /* FIXME -- we have to clear the cookie here */
}
/*
TheSession->lastreq = time(NULL); /* log */
TheSession->Hdr = Hdr;
+ /*
+ * If a language was requested via a cookie, select that language now.
+ */
+ if (StrLength(Hdr->c_language) > 0) {
+ syslog(LOG_DEBUG, "Session cookie requests language '%s'", ChrPtr(Hdr->c_language));
+ set_selected_language(ChrPtr(Hdr->c_language));
+ go_selected_language();
+ }
+
+ /*
+ * do the transaction
+ */
session_attach_modules(TheSession);
- session_loop(); /* do transaction */
+ session_loop();
/* How long did this transaction take? */
gettimeofday(&tx_finish, NULL);