diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-05-30 13:50:07 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-05-30 13:50:07 +0200 |
commit | 5747257471e9b66208836799bced6df3d32c50f4 (patch) | |
tree | 1a29764f836e30dfce86393a4e8e09032302dab6 | |
parent | dfe45df6f05c770db78922dc352c4d88de15e56e (diff) | |
download | gnunet-5747257471e9b66208836799bced6df3d32c50f4.tar.gz gnunet-5747257471e9b66208836799bced6df3d32c50f4.zip |
-fix idp
-rw-r--r-- | src/credential/credential_api.c | 2 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 2 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 2 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 173 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 2 | ||||
-rw-r--r-- | src/include/gnunet_credential_service.h | 2 |
6 files changed, 21 insertions, 162 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index fd0c9e3d5..ca54137ad 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -348,7 +348,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) | |||
348 | * @param lr the verify request to cancel | 348 | * @param lr the verify request to cancel |
349 | */ | 349 | */ |
350 | void | 350 | void |
351 | GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) | 351 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) |
352 | { | 352 | { |
353 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; | 353 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; |
354 | 354 | ||
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 92804c97a..4a6dc5ccd 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -130,7 +130,7 @@ do_shutdown (void *cls) | |||
130 | { | 130 | { |
131 | if (NULL != verify_request) | 131 | if (NULL != verify_request) |
132 | { | 132 | { |
133 | GNUNET_CREDENTIAL_verify_cancel (verify_request); | 133 | GNUNET_CREDENTIAL_request_cancel (verify_request); |
134 | verify_request = NULL; | 134 | verify_request = NULL; |
135 | } | 135 | } |
136 | if (NULL != credential) | 136 | if (NULL != credential) |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 59022e794..48d48fba0 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -177,7 +177,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
177 | if (NULL != handle->subject_attr) | 177 | if (NULL != handle->subject_attr) |
178 | GNUNET_free (handle->subject_attr); | 178 | GNUNET_free (handle->subject_attr); |
179 | if (NULL != handle->verify_request) | 179 | if (NULL != handle->verify_request) |
180 | GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); | 180 | GNUNET_CREDENTIAL_request_cancel (handle->verify_request); |
181 | if (NULL != handle->credential) | 181 | if (NULL != handle->credential) |
182 | GNUNET_CREDENTIAL_disconnect (handle->credential); | 182 | GNUNET_CREDENTIAL_disconnect (handle->credential); |
183 | if (NULL != handle->id_op) | 183 | if (NULL != handle->id_op) |
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9e06fef9..f4ea352d4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle) | |||
1015 | ticket_destroy (handle->ticket); | 1015 | ticket_destroy (handle->ticket); |
1016 | if (NULL != handle->label) | 1016 | if (NULL != handle->label) |
1017 | GNUNET_free (handle->label); | 1017 | GNUNET_free (handle->label); |
1018 | if (NULL != handle->ns_it) | ||
1019 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); | ||
1020 | if (NULL != handle->credential_request) | ||
1021 | GNUNET_CREDENTIAL_request_cancel (handle->credential_request); | ||
1018 | GNUNET_free (handle); | 1022 | GNUNET_free (handle); |
1019 | } | 1023 | } |
1020 | 1024 | ||
@@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls, | |||
1484 | 1488 | ||
1485 | } | 1489 | } |
1486 | 1490 | ||
1487 | |||
1488 | static void | ||
1489 | find_existing_token_error (void *cls) | ||
1490 | { | ||
1491 | struct IssueHandle *handle = cls; | ||
1492 | cleanup_issue_handle (handle); | ||
1493 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n"); | ||
1494 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1495 | } | ||
1496 | |||
1497 | |||
1498 | static void | ||
1499 | find_existing_token_finished (void *cls) | ||
1500 | { | ||
1501 | struct IssueHandle *handle = cls; | ||
1502 | uint64_t rnd_key; | ||
1503 | |||
1504 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1505 | ">>> No existing token found\n"); | ||
1506 | rnd_key = | ||
1507 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1508 | UINT64_MAX); | ||
1509 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
1510 | sizeof (uint64_t), | ||
1511 | &handle->label); | ||
1512 | handle->ns_it = NULL; | ||
1513 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1514 | &handle->iss_key, | ||
1515 | &attr_collect_error, | ||
1516 | handle, | ||
1517 | &attr_collect, | ||
1518 | handle, | ||
1519 | &attr_collect_finished, | ||
1520 | handle); | ||
1521 | } | ||
1522 | |||
1523 | |||
1524 | /** | ||
1525 | * | ||
1526 | * Look for existing token | ||
1527 | * | ||
1528 | * @param cls the identity entry | ||
1529 | * @param zone the identity | ||
1530 | * @param lbl the name of the record | ||
1531 | * @param rd_count number of records | ||
1532 | * @param rd record data | ||
1533 | * | ||
1534 | */ | ||
1535 | static void | ||
1536 | find_existing_token (void *cls, | ||
1537 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1538 | const char *lbl, | ||
1539 | unsigned int rd_count, | ||
1540 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1541 | { | ||
1542 | struct IssueHandle *handle = cls; | ||
1543 | const struct GNUNET_GNSRECORD_Data *token_metadata_record; | ||
1544 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
1545 | struct GNUNET_HashCode key; | ||
1546 | int scope_count_token; | ||
1547 | char *scope; | ||
1548 | char *tmp_scopes; | ||
1549 | |||
1550 | //There should be only a single record for a token under a label | ||
1551 | if (2 != rd_count) | ||
1552 | { | ||
1553 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1554 | return; | ||
1555 | } | ||
1556 | |||
1557 | if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1558 | { | ||
1559 | token_metadata_record = &rd[0]; | ||
1560 | } | ||
1561 | else | ||
1562 | { | ||
1563 | token_metadata_record = &rd[1]; | ||
1564 | } | ||
1565 | if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1566 | { | ||
1567 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1568 | return; | ||
1569 | } | ||
1570 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | ||
1571 | aud_key = | ||
1572 | (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1573 | tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1574 | |||
1575 | if (0 != memcmp (aud_key, &handle->aud_key, | ||
1576 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1577 | { | ||
1578 | char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, | ||
1579 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1580 | //Audience does not match! | ||
1581 | char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, | ||
1582 | token_metadata_record->data, | ||
1583 | token_metadata_record->data_size); | ||
1584 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1585 | "Token does not match audience %s vs %s. Moving on\n", | ||
1586 | tmp2, | ||
1587 | tmp); | ||
1588 | GNUNET_free (tmp_scopes); | ||
1589 | GNUNET_free (tmp2); | ||
1590 | GNUNET_free (tmp); | ||
1591 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1592 | return; | ||
1593 | } | ||
1594 | |||
1595 | scope = strtok (tmp_scopes, ","); | ||
1596 | scope_count_token = 0; | ||
1597 | while (NULL != scope) | ||
1598 | { | ||
1599 | GNUNET_CRYPTO_hash (scope, | ||
1600 | strlen (scope), | ||
1601 | &key); | ||
1602 | |||
1603 | if ((NULL != handle->attr_map) && | ||
1604 | (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) | ||
1605 | { | ||
1606 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1607 | "Issued token does not include `%s'. Moving on\n", scope); | ||
1608 | GNUNET_free (tmp_scopes); | ||
1609 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1610 | return; | ||
1611 | } | ||
1612 | scope_count_token++; | ||
1613 | scope = strtok (NULL, ","); | ||
1614 | } | ||
1615 | GNUNET_free (tmp_scopes); | ||
1616 | //All scopes in token are also in request. Now | ||
1617 | //Check length | ||
1618 | if ((NULL != handle->attr_map) && | ||
1619 | (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)) | ||
1620 | { | ||
1621 | //We have an existing token | ||
1622 | handle->label = GNUNET_strdup (lbl); | ||
1623 | handle->ns_it = NULL; | ||
1624 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1625 | &handle->iss_key, | ||
1626 | &attr_collect_error, | ||
1627 | handle, | ||
1628 | &attr_collect, | ||
1629 | handle, | ||
1630 | &attr_collect_finished, | ||
1631 | handle); | ||
1632 | |||
1633 | return; | ||
1634 | } | ||
1635 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1636 | "Nuber of attributes in token do not match request\n"); | ||
1637 | //No luck | ||
1638 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1639 | } | ||
1640 | |||
1641 | /** | 1491 | /** |
1642 | * Checks an issue message | 1492 | * Checks an issue message |
1643 | * | 1493 | * |
@@ -1684,6 +1534,7 @@ handle_issue_message (void *cls, | |||
1684 | char *scopes_tmp; | 1534 | char *scopes_tmp; |
1685 | char *scope; | 1535 | char *scope; |
1686 | const char *v_attrs; | 1536 | const char *v_attrs; |
1537 | uint64_t rnd_key; | ||
1687 | struct GNUNET_HashCode key; | 1538 | struct GNUNET_HashCode key; |
1688 | struct IssueHandle *issue_handle; | 1539 | struct IssueHandle *issue_handle; |
1689 | struct VerifiedAttributeEntry *vattr_entry; | 1540 | struct VerifiedAttributeEntry *vattr_entry; |
@@ -1733,14 +1584,20 @@ handle_issue_message (void *cls, | |||
1733 | issue_handle->scopes = GNUNET_strdup (scopes); | 1584 | issue_handle->scopes = GNUNET_strdup (scopes); |
1734 | issue_handle->token = token_create (&issue_handle->iss_pkey, | 1585 | issue_handle->token = token_create (&issue_handle->iss_pkey, |
1735 | &issue_handle->aud_key); | 1586 | &issue_handle->aud_key); |
1587 | rnd_key = | ||
1588 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1589 | UINT64_MAX); | ||
1590 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
1591 | sizeof (uint64_t), | ||
1592 | &issue_handle->label); | ||
1736 | 1593 | ||
1737 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | 1594 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, |
1738 | &im->iss_key, | 1595 | &issue_handle->iss_key, |
1739 | &find_existing_token_error, | 1596 | &attr_collect_error, |
1740 | issue_handle, | 1597 | issue_handle, |
1741 | &find_existing_token, | 1598 | &attr_collect, |
1742 | issue_handle, | 1599 | issue_handle, |
1743 | &find_existing_token_finished, | 1600 | &attr_collect_finished, |
1744 | issue_handle); | 1601 | issue_handle); |
1745 | } | 1602 | } |
1746 | 1603 | ||
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 5ea7b2821..dfb935f5b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -402,6 +402,8 @@ token_creat_cont (void *cls, | |||
402 | char *ticket_str; | 402 | char *ticket_str; |
403 | char *token_str; | 403 | char *token_str; |
404 | char *result_str; | 404 | char *result_str; |
405 | |||
406 | handle->idp_op = NULL; | ||
405 | 407 | ||
406 | if (NULL == ticket) | 408 | if (NULL == ticket) |
407 | { | 409 | { |
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 6c9b477ea..67c2f2b4c 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -377,7 +377,7 @@ GNUNET_CREDENTIAL_credential_issue ( | |||
377 | * @param lr the lookup request to cancel | 377 | * @param lr the lookup request to cancel |
378 | */ | 378 | */ |
379 | void | 379 | void |
380 | GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); | 380 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr); |
381 | 381 | ||
382 | 382 | ||
383 | #if 0 /* keep Emacsens' auto-indent happy */ | 383 | #if 0 /* keep Emacsens' auto-indent happy */ |