diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-05-30 13:50:07 +0200 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-05-30 13:50:07 +0200 |
| commit | 5747257471e9b66208836799bced6df3d32c50f4 (patch) | |
| tree | 1a29764f836e30dfce86393a4e8e09032302dab6 | |
| parent | dfe45df6f05c770db78922dc352c4d88de15e56e (diff) | |
| download | gnunet-5747257471e9b66208836799bced6df3d32c50f4.tar.gz gnunet-5747257471e9b66208836799bced6df3d32c50f4.zip | |
-fix idp
| -rw-r--r-- | src/credential/credential_api.c | 2 | ||||
| -rw-r--r-- | src/credential/gnunet-credential.c | 2 | ||||
| -rw-r--r-- | src/credential/plugin_rest_credential.c | 2 | ||||
| -rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 173 | ||||
| -rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 2 | ||||
| -rw-r--r-- | src/include/gnunet_credential_service.h | 2 |
6 files changed, 21 insertions, 162 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index fd0c9e3d5..ca54137ad 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
| @@ -348,7 +348,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) | |||
| 348 | * @param lr the verify request to cancel | 348 | * @param lr the verify request to cancel |
| 349 | */ | 349 | */ |
| 350 | void | 350 | void |
| 351 | GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) | 351 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) |
| 352 | { | 352 | { |
| 353 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; | 353 | struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; |
| 354 | 354 | ||
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 92804c97a..4a6dc5ccd 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
| @@ -130,7 +130,7 @@ do_shutdown (void *cls) | |||
| 130 | { | 130 | { |
| 131 | if (NULL != verify_request) | 131 | if (NULL != verify_request) |
| 132 | { | 132 | { |
| 133 | GNUNET_CREDENTIAL_verify_cancel (verify_request); | 133 | GNUNET_CREDENTIAL_request_cancel (verify_request); |
| 134 | verify_request = NULL; | 134 | verify_request = NULL; |
| 135 | } | 135 | } |
| 136 | if (NULL != credential) | 136 | if (NULL != credential) |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 59022e794..48d48fba0 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
| @@ -177,7 +177,7 @@ cleanup_handle (struct RequestHandle *handle) | |||
| 177 | if (NULL != handle->subject_attr) | 177 | if (NULL != handle->subject_attr) |
| 178 | GNUNET_free (handle->subject_attr); | 178 | GNUNET_free (handle->subject_attr); |
| 179 | if (NULL != handle->verify_request) | 179 | if (NULL != handle->verify_request) |
| 180 | GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); | 180 | GNUNET_CREDENTIAL_request_cancel (handle->verify_request); |
| 181 | if (NULL != handle->credential) | 181 | if (NULL != handle->credential) |
| 182 | GNUNET_CREDENTIAL_disconnect (handle->credential); | 182 | GNUNET_CREDENTIAL_disconnect (handle->credential); |
| 183 | if (NULL != handle->id_op) | 183 | if (NULL != handle->id_op) |
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9e06fef9..f4ea352d4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
| @@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle) | |||
| 1015 | ticket_destroy (handle->ticket); | 1015 | ticket_destroy (handle->ticket); |
| 1016 | if (NULL != handle->label) | 1016 | if (NULL != handle->label) |
| 1017 | GNUNET_free (handle->label); | 1017 | GNUNET_free (handle->label); |
| 1018 | if (NULL != handle->ns_it) | ||
| 1019 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); | ||
| 1020 | if (NULL != handle->credential_request) | ||
| 1021 | GNUNET_CREDENTIAL_request_cancel (handle->credential_request); | ||
| 1018 | GNUNET_free (handle); | 1022 | GNUNET_free (handle); |
| 1019 | } | 1023 | } |
| 1020 | 1024 | ||
| @@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls, | |||
| 1484 | 1488 | ||
| 1485 | } | 1489 | } |
| 1486 | 1490 | ||
| 1487 | |||
| 1488 | static void | ||
| 1489 | find_existing_token_error (void *cls) | ||
| 1490 | { | ||
| 1491 | struct IssueHandle *handle = cls; | ||
| 1492 | cleanup_issue_handle (handle); | ||
| 1493 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n"); | ||
| 1494 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
| 1495 | } | ||
| 1496 | |||
| 1497 | |||
| 1498 | static void | ||
| 1499 | find_existing_token_finished (void *cls) | ||
| 1500 | { | ||
| 1501 | struct IssueHandle *handle = cls; | ||
| 1502 | uint64_t rnd_key; | ||
| 1503 | |||
| 1504 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 1505 | ">>> No existing token found\n"); | ||
| 1506 | rnd_key = | ||
| 1507 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
| 1508 | UINT64_MAX); | ||
| 1509 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
| 1510 | sizeof (uint64_t), | ||
| 1511 | &handle->label); | ||
| 1512 | handle->ns_it = NULL; | ||
| 1513 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
| 1514 | &handle->iss_key, | ||
| 1515 | &attr_collect_error, | ||
| 1516 | handle, | ||
| 1517 | &attr_collect, | ||
| 1518 | handle, | ||
| 1519 | &attr_collect_finished, | ||
| 1520 | handle); | ||
| 1521 | } | ||
| 1522 | |||
| 1523 | |||
| 1524 | /** | ||
| 1525 | * | ||
| 1526 | * Look for existing token | ||
| 1527 | * | ||
| 1528 | * @param cls the identity entry | ||
| 1529 | * @param zone the identity | ||
| 1530 | * @param lbl the name of the record | ||
| 1531 | * @param rd_count number of records | ||
| 1532 | * @param rd record data | ||
| 1533 | * | ||
| 1534 | */ | ||
| 1535 | static void | ||
| 1536 | find_existing_token (void *cls, | ||
| 1537 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
| 1538 | const char *lbl, | ||
| 1539 | unsigned int rd_count, | ||
| 1540 | const struct GNUNET_GNSRECORD_Data *rd) | ||
| 1541 | { | ||
| 1542 | struct IssueHandle *handle = cls; | ||
| 1543 | const struct GNUNET_GNSRECORD_Data *token_metadata_record; | ||
| 1544 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
| 1545 | struct GNUNET_HashCode key; | ||
| 1546 | int scope_count_token; | ||
| 1547 | char *scope; | ||
| 1548 | char *tmp_scopes; | ||
| 1549 | |||
| 1550 | //There should be only a single record for a token under a label | ||
| 1551 | if (2 != rd_count) | ||
| 1552 | { | ||
| 1553 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
| 1554 | return; | ||
| 1555 | } | ||
| 1556 | |||
| 1557 | if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
| 1558 | { | ||
| 1559 | token_metadata_record = &rd[0]; | ||
| 1560 | } | ||
| 1561 | else | ||
| 1562 | { | ||
| 1563 | token_metadata_record = &rd[1]; | ||
| 1564 | } | ||
| 1565 | if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
| 1566 | { | ||
| 1567 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
| 1568 | return; | ||
| 1569 | } | ||
| 1570 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | ||
| 1571 | aud_key = | ||
| 1572 | (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
| 1573 | tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
| 1574 | |||
| 1575 | if (0 != memcmp (aud_key, &handle->aud_key, | ||
| 1576 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
| 1577 | { | ||
| 1578 | char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, | ||
| 1579 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
| 1580 | //Audience does not match! | ||
| 1581 | char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, | ||
| 1582 | token_metadata_record->data, | ||
| 1583 | token_metadata_record->data_size); | ||
| 1584 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 1585 | "Token does not match audience %s vs %s. Moving on\n", | ||
| 1586 | tmp2, | ||
| 1587 | tmp); | ||
| 1588 | GNUNET_free (tmp_scopes); | ||
| 1589 | GNUNET_free (tmp2); | ||
| 1590 | GNUNET_free (tmp); | ||
| 1591 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
| 1592 | return; | ||
| 1593 | } | ||
| 1594 | |||
| 1595 | scope = strtok (tmp_scopes, ","); | ||
| 1596 | scope_count_token = 0; | ||
| 1597 | while (NULL != scope) | ||
| 1598 | { | ||
| 1599 | GNUNET_CRYPTO_hash (scope, | ||
| 1600 | strlen (scope), | ||
| 1601 | &key); | ||
| 1602 | |||
| 1603 | if ((NULL != handle->attr_map) && | ||
| 1604 | (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) | ||
| 1605 | { | ||
| 1606 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
| 1607 | "Issued token does not include `%s'. Moving on\n", scope); | ||
| 1608 | GNUNET_free (tmp_scopes); | ||
| 1609 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
| 1610 | return; | ||
| 1611 | } | ||
| 1612 | scope_count_token++; | ||
| 1613 | scope = strtok (NULL, ","); | ||
| 1614 | } | ||
| 1615 | GNUNET_free (tmp_scopes); | ||
| 1616 | //All scopes in token are also in request. Now | ||
| 1617 | //Check length | ||
| 1618 | if ((NULL != handle->attr_map) && | ||
| 1619 | (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)) | ||
| 1620 | { | ||
| 1621 | //We have an existing token | ||
| 1622 | handle->label = GNUNET_strdup (lbl); | ||
| 1623 | handle->ns_it = NULL; | ||
| 1624 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
| 1625 | &handle->iss_key, | ||
| 1626 | &attr_collect_error, | ||
| 1627 | handle, | ||
| 1628 | &attr_collect, | ||
| 1629 | handle, | ||
| 1630 | &attr_collect_finished, | ||
| 1631 | handle); | ||
| 1632 | |||
| 1633 | return; | ||
| 1634 | } | ||
| 1635 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
| 1636 | "Nuber of attributes in token do not match request\n"); | ||
| 1637 | //No luck | ||
| 1638 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
| 1639 | } | ||
| 1640 | |||
| 1641 | /** | 1491 | /** |
| 1642 | * Checks an issue message | 1492 | * Checks an issue message |
| 1643 | * | 1493 | * |
| @@ -1684,6 +1534,7 @@ handle_issue_message (void *cls, | |||
| 1684 | char *scopes_tmp; | 1534 | char *scopes_tmp; |
| 1685 | char *scope; | 1535 | char *scope; |
| 1686 | const char *v_attrs; | 1536 | const char *v_attrs; |
| 1537 | uint64_t rnd_key; | ||
| 1687 | struct GNUNET_HashCode key; | 1538 | struct GNUNET_HashCode key; |
| 1688 | struct IssueHandle *issue_handle; | 1539 | struct IssueHandle *issue_handle; |
| 1689 | struct VerifiedAttributeEntry *vattr_entry; | 1540 | struct VerifiedAttributeEntry *vattr_entry; |
| @@ -1733,14 +1584,20 @@ handle_issue_message (void *cls, | |||
| 1733 | issue_handle->scopes = GNUNET_strdup (scopes); | 1584 | issue_handle->scopes = GNUNET_strdup (scopes); |
| 1734 | issue_handle->token = token_create (&issue_handle->iss_pkey, | 1585 | issue_handle->token = token_create (&issue_handle->iss_pkey, |
| 1735 | &issue_handle->aud_key); | 1586 | &issue_handle->aud_key); |
| 1587 | rnd_key = | ||
| 1588 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
| 1589 | UINT64_MAX); | ||
| 1590 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
| 1591 | sizeof (uint64_t), | ||
| 1592 | &issue_handle->label); | ||
| 1736 | 1593 | ||
| 1737 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | 1594 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, |
| 1738 | &im->iss_key, | 1595 | &issue_handle->iss_key, |
| 1739 | &find_existing_token_error, | 1596 | &attr_collect_error, |
| 1740 | issue_handle, | 1597 | issue_handle, |
| 1741 | &find_existing_token, | 1598 | &attr_collect, |
| 1742 | issue_handle, | 1599 | issue_handle, |
| 1743 | &find_existing_token_finished, | 1600 | &attr_collect_finished, |
| 1744 | issue_handle); | 1601 | issue_handle); |
| 1745 | } | 1602 | } |
| 1746 | 1603 | ||
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 5ea7b2821..dfb935f5b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
| @@ -402,6 +402,8 @@ token_creat_cont (void *cls, | |||
| 402 | char *ticket_str; | 402 | char *ticket_str; |
| 403 | char *token_str; | 403 | char *token_str; |
| 404 | char *result_str; | 404 | char *result_str; |
| 405 | |||
| 406 | handle->idp_op = NULL; | ||
| 405 | 407 | ||
| 406 | if (NULL == ticket) | 408 | if (NULL == ticket) |
| 407 | { | 409 | { |
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 6c9b477ea..67c2f2b4c 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
| @@ -377,7 +377,7 @@ GNUNET_CREDENTIAL_credential_issue ( | |||
| 377 | * @param lr the lookup request to cancel | 377 | * @param lr the lookup request to cancel |
| 378 | */ | 378 | */ |
| 379 | void | 379 | void |
| 380 | GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); | 380 | GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr); |
| 381 | 381 | ||
| 382 | 382 | ||
| 383 | #if 0 /* keep Emacsens' auto-indent happy */ | 383 | #if 0 /* keep Emacsens' auto-indent happy */ |