diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-07-22 18:01:50 +0200 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-07-22 18:01:50 +0200 |
commit | 8b67e9b5f905ff80ee73300bbb278c00e36b9bca (patch) | |
tree | 51440e34ea6807f35dc1987ce23c3e34659fbda0 /src/reclaim | |
parent | b68e69365b355f3ef5104f3b682457b0844a70df (diff) | |
download | gnunet-8b67e9b5f905ff80ee73300bbb278c00e36b9bca.tar.gz gnunet-8b67e9b5f905ff80ee73300bbb278c00e36b9bca.zip |
ensure ticket contains client id
Diffstat (limited to 'src/reclaim')
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index a2d32e126..876e221b5 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -795,7 +795,8 @@ oidc_iteration_error (void *cls) | |||
795 | } | 795 | } |
796 | 796 | ||
797 | static int | 797 | static int |
798 | parse_authz_code (const char* code, | 798 | parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, |
799 | const char* code, | ||
799 | struct GNUNET_RECLAIM_Ticket **ticket, | 800 | struct GNUNET_RECLAIM_Ticket **ticket, |
800 | char **nonce) | 801 | char **nonce) |
801 | { | 802 | { |
@@ -868,6 +869,19 @@ parse_authz_code (const char* code, | |||
868 | memcpy (*ticket, | 869 | memcpy (*ticket, |
869 | &purpose[1], | 870 | &purpose[1], |
870 | sizeof (struct GNUNET_RECLAIM_Ticket)); | 871 | sizeof (struct GNUNET_RECLAIM_Ticket)); |
872 | if (0 != memcmp (audience, | ||
873 | &(*ticket)->audience, | ||
874 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
875 | { | ||
876 | GNUNET_free (purpose); | ||
877 | GNUNET_free (*ticket); | ||
878 | json_decref (code_json); | ||
879 | *ticket = NULL; | ||
880 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
881 | "Audience in ticket does not match client!\n"); | ||
882 | return GNUNET_SYSERR; | ||
883 | |||
884 | } | ||
871 | if (NULL != nonce_str) | 885 | if (NULL != nonce_str) |
872 | memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), | 886 | memcpy (&purpose[1] + sizeof (struct GNUNET_RECLAIM_Ticket), |
873 | nonce_str, | 887 | nonce_str, |
@@ -1669,8 +1683,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1669 | } | 1683 | } |
1670 | 1684 | ||
1671 | //decode code | 1685 | //decode code |
1686 | struct GNUNET_CRYPTO_EcdsaPublicKey cid; | ||
1687 | GNUNET_STRINGS_string_to_data (client_id, | ||
1688 | strlen(client_id), | ||
1689 | &cid, | ||
1690 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1672 | struct GNUNET_RECLAIM_Ticket *ticket; | 1691 | struct GNUNET_RECLAIM_Ticket *ticket; |
1673 | if(GNUNET_OK != parse_authz_code (code, | 1692 | if(GNUNET_OK != parse_authz_code (&cid, |
1693 | code, | ||
1674 | &ticket, | 1694 | &ticket, |
1675 | &nonce)) | 1695 | &nonce)) |
1676 | { | 1696 | { |