aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2020-12-27 21:43:47 +0900
committerMartin Schanzenbach <schanzen@gnunet.org>2020-12-27 21:43:47 +0900
commit7b32281b71e450827ff90f00451f5e5e98c0521e (patch)
treeda46c45025d48462e6d9139bf2fe5c407df95c32 /src/reclaim/plugin_rest_openid_connect.c
parent75a3a90fb765da872383b8f85b2d4087186dc3db (diff)
downloadgnunet-7b32281b71e450827ff90f00451f5e5e98c0521e.tar.gz
gnunet-7b32281b71e450827ff90f00451f5e5e98c0521e.zip
-hunting memleaks
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c40
1 files changed, 33 insertions, 7 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 5eb1ff093..0ee61755b 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -610,6 +610,10 @@ cleanup_handle (struct RequestHandle *handle)
610 GNUNET_free (handle->oidc->response_type); 610 GNUNET_free (handle->oidc->response_type);
611 GNUNET_free (handle->oidc->scope); 611 GNUNET_free (handle->oidc->scope);
612 GNUNET_free (handle->oidc->state); 612 GNUNET_free (handle->oidc->state);
613 if (NULL != handle->oidc->claims)
614 GNUNET_free (handle->oidc->claims);
615 if (NULL != handle->oidc->code_challenge)
616 GNUNET_free (handle->oidc->code_challenge);
613 GNUNET_free (handle->oidc); 617 GNUNET_free (handle->oidc);
614 } 618 }
615 if (NULL!=handle->attr_idtoken_list) 619 if (NULL!=handle->attr_idtoken_list)
@@ -1193,8 +1197,7 @@ attr_in_claims_request (struct RequestHandle *handle,
1193 return GNUNET_YES; 1197 return GNUNET_YES;
1194 1198
1195 /** Try claims parameter if not in scope */ 1199 /** Try claims parameter if not in scope */
1196 if ((NULL != handle->oidc->claims) && 1200 if (NULL != handle->oidc->claims)
1197 (GNUNET_YES != ret))
1198 { 1201 {
1199 root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error); 1202 root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error);
1200 claims_j = json_object_get (root, claims_parameter); 1203 claims_j = json_object_get (root, claims_parameter);
@@ -1708,8 +1711,6 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
1708 handle->ego_entry = ego_tail; 1711 handle->ego_entry = ego_tail;
1709 } 1712 }
1710 } 1713 }
1711 handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY);
1712 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Scope: %s\n", handle->oidc->scope);
1713 if (NULL == handle->tld) 1714 if (NULL == handle->tld)
1714 GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); 1715 GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle);
1715 if (NULL == handle->tld) 1716 if (NULL == handle->tld)
@@ -1872,11 +1873,18 @@ parse_credentials_post_body (struct RequestHandle *handle,
1872 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle 1873 if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle
1873 ->url_param_map, 1874 ->url_param_map,
1874 &cache_key)) 1875 &cache_key))
1876 {
1877 GNUNET_free (*client_id);
1878 *client_id = NULL;
1875 return GNUNET_SYSERR; 1879 return GNUNET_SYSERR;
1880 }
1876 pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1881 pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1877 &cache_key); 1882 &cache_key);
1878 if (NULL == pass) 1883 if (NULL == pass) {
1884 GNUNET_free (*client_id);
1885 *client_id = NULL;
1879 return GNUNET_SYSERR; 1886 return GNUNET_SYSERR;
1887 }
1880 *client_secret = strdup (pass); 1888 *client_secret = strdup (pass);
1881 return GNUNET_OK; 1889 return GNUNET_OK;
1882} 1890}
@@ -1938,12 +1946,16 @@ check_authorization (struct RequestHandle *handle,
1938 GNUNET_free (expected_pass); 1946 GNUNET_free (expected_pass);
1939 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); 1947 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT);
1940 handle->response_code = MHD_HTTP_UNAUTHORIZED; 1948 handle->response_code = MHD_HTTP_UNAUTHORIZED;
1949 GNUNET_free (received_cpw);
1950 GNUNET_free (received_cid);
1941 return GNUNET_SYSERR; 1951 return GNUNET_SYSERR;
1942 } 1952 }
1943 GNUNET_free (expected_pass); 1953 GNUNET_free (expected_pass);
1944 } 1954 }
1945 else 1955 else
1946 { 1956 {
1957 GNUNET_free (received_cpw);
1958 GNUNET_free (received_cid);
1947 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); 1959 handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR);
1948 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 1960 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
1949 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 1961 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -2102,9 +2114,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2102 handle->edesc = GNUNET_strdup ("invalid code"); 2114 handle->edesc = GNUNET_strdup ("invalid code");
2103 handle->response_code = MHD_HTTP_BAD_REQUEST; 2115 handle->response_code = MHD_HTTP_BAD_REQUEST;
2104 GNUNET_free (code); 2116 GNUNET_free (code);
2117 if (NULL != code_verifier)
2118 GNUNET_free (code_verifier);
2105 GNUNET_SCHEDULER_add_now (&do_error, handle); 2119 GNUNET_SCHEDULER_add_now (&do_error, handle);
2106 return; 2120 return;
2107 } 2121 }
2122 if (NULL != code_verifier)
2123 GNUNET_free (code_verifier);
2108 2124
2109 // create jwt 2125 // create jwt
2110 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, 2126 if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg,
@@ -2116,6 +2132,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2116 handle->edesc = GNUNET_strdup ("gnunet configuration failed"); 2132 handle->edesc = GNUNET_strdup ("gnunet configuration failed");
2117 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 2133 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2118 GNUNET_free (code); 2134 GNUNET_free (code);
2135 if (NULL != nonce)
2136 GNUNET_free (nonce);
2119 GNUNET_SCHEDULER_add_now (&do_error, handle); 2137 GNUNET_SCHEDULER_add_now (&do_error, handle);
2120 return; 2138 return;
2121 } 2139 }
@@ -2131,6 +2149,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2131 handle->edesc = GNUNET_strdup ("No signing secret configured!"); 2149 handle->edesc = GNUNET_strdup ("No signing secret configured!");
2132 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 2150 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2133 GNUNET_free (code); 2151 GNUNET_free (code);
2152 if (NULL != nonce)
2153 GNUNET_free (nonce);
2134 GNUNET_SCHEDULER_add_now (&do_error, handle); 2154 GNUNET_SCHEDULER_add_now (&do_error, handle);
2135 return; 2155 return;
2136 } 2156 }
@@ -2141,6 +2161,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2141 &expiration_time, 2161 &expiration_time,
2142 (NULL != nonce) ? nonce : NULL, 2162 (NULL != nonce) ? nonce : NULL,
2143 jwt_secret); 2163 jwt_secret);
2164 GNUNET_free (jwt_secret);
2165 if (NULL != nonce)
2166 GNUNET_free (nonce);
2144 access_token = OIDC_access_token_new (&ticket); 2167 access_token = OIDC_access_token_new (&ticket);
2145 /* Store mapping from access token to code so we can later 2168 /* Store mapping from access token to code so we can later
2146 * fall back on the provided attributes in userinfo 2169 * fall back on the provided attributes in userinfo
@@ -2293,6 +2316,8 @@ consume_timeout (void*cls)
2293 handle->edesc = GNUNET_strdup ("invalid code"); 2316 handle->edesc = GNUNET_strdup ("invalid code");
2294 handle->response_code = MHD_HTTP_BAD_REQUEST; 2317 handle->response_code = MHD_HTTP_BAD_REQUEST;
2295 GNUNET_free (cached_code); 2318 GNUNET_free (cached_code);
2319 if (NULL != nonce)
2320 GNUNET_free (nonce);
2296 GNUNET_SCHEDULER_add_now (&do_error, handle); 2321 GNUNET_SCHEDULER_add_now (&do_error, handle);
2297 return; 2322 return;
2298 } 2323 }
@@ -2337,7 +2362,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2337 const struct EgoEntry *aud_ego; 2362 const struct EgoEntry *aud_ego;
2338 const struct GNUNET_IDENTITY_PrivateKey *privkey; 2363 const struct GNUNET_IDENTITY_PrivateKey *privkey;
2339 2364
2340 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Getting userinfo\n"); 2365 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting userinfo\n");
2341 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, 2366 GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
2342 strlen (OIDC_AUTHORIZATION_HEADER_KEY), 2367 strlen (OIDC_AUTHORIZATION_HEADER_KEY),
2343 &cache_key); 2368 &cache_key);
@@ -2403,7 +2428,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2403 GNUNET_free (authorization); 2428 GNUNET_free (authorization);
2404 return; 2429 return;
2405 } 2430 }
2406 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Consuming ticket\n"); 2431 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Consuming ticket\n");
2407 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); 2432 privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego);
2408 handle->attr_userinfo_list = 2433 handle->attr_userinfo_list =
2409 GNUNET_new (struct GNUNET_RECLAIM_AttributeList); 2434 GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
@@ -2617,6 +2642,7 @@ oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2617 oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1)); 2642 oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1));
2618 resp = GNUNET_REST_create_response (oidc_config_str); 2643 resp = GNUNET_REST_create_response (oidc_config_str);
2619 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2644 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2645 json_decref (oidc_config);
2620 GNUNET_free (oidc_config_str); 2646 GNUNET_free (oidc_config_str);
2621 cleanup_handle (handle); 2647 cleanup_handle (handle);
2622} 2648}