diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-03-05 19:39:56 +0100 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-03-05 19:39:56 +0100 |
commit | bb5a41d072ab7964006cb68a45e043d856cb630e (patch) | |
tree | fd2fbf5bd6fdace3892a1ba2bdb712c81a485232 /src | |
parent | d036b626b8eea15f99d91faf309843936289fde7 (diff) | |
download | gnunet-bb5a41d072ab7964006cb68a45e043d856cb630e.tar.gz gnunet-bb5a41d072ab7964006cb68a45e043d856cb630e.zip |
start fixing gns
Diffstat (limited to 'src')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 191 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 19 | ||||
-rw-r--r-- | src/identity-provider/identity-provider.conf | 2 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 76 |
4 files changed, 220 insertions, 68 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index ba162c5e3..73af0e693 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -483,6 +483,11 @@ struct Socks5Request | |||
483 | struct GNUNET_GNS_LookupRequest *gns_lookup; | 483 | struct GNUNET_GNS_LookupRequest *gns_lookup; |
484 | 484 | ||
485 | /** | 485 | /** |
486 | * Handle to Ego lookup, during #SOCKS5_RESOLVING phase. | ||
487 | */ | ||
488 | struct GNUNET_IDENTITY_EgoLookup *el; | ||
489 | |||
490 | /** | ||
486 | * Client socket read task | 491 | * Client socket read task |
487 | */ | 492 | */ |
488 | struct GNUNET_SCHEDULER_Task * rtask; | 493 | struct GNUNET_SCHEDULER_Task * rtask; |
@@ -528,6 +533,11 @@ struct Socks5Request | |||
528 | char *domain; | 533 | char *domain; |
529 | 534 | ||
530 | /** | 535 | /** |
536 | * the tld | ||
537 | */ | ||
538 | const char *tld; | ||
539 | |||
540 | /** | ||
531 | * DNS Legacy Host Name as given by GNS, NULL if not given. | 541 | * DNS Legacy Host Name as given by GNS, NULL if not given. |
532 | */ | 542 | */ |
533 | char *leho; | 543 | char *leho; |
@@ -1088,16 +1098,18 @@ curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) | |||
1088 | if (0 == strcasecmp (cookie_domain, s5r->leho + delta_cdomain)) | 1098 | if (0 == strcasecmp (cookie_domain, s5r->leho + delta_cdomain)) |
1089 | { | 1099 | { |
1090 | offset += sprintf (new_cookie_hdr + offset, | 1100 | offset += sprintf (new_cookie_hdr + offset, |
1091 | " domain=%s;", | 1101 | " domain=%s.%s;", |
1092 | s5r->domain); | 1102 | s5r->domain, |
1103 | s5r->tld); | ||
1093 | continue; | 1104 | continue; |
1094 | } | 1105 | } |
1095 | } | 1106 | } |
1096 | else if (0 == strcmp (cookie_domain, s5r->leho)) | 1107 | else if (0 == strcmp (cookie_domain, s5r->leho)) |
1097 | { | 1108 | { |
1098 | offset += sprintf (new_cookie_hdr + offset, | 1109 | offset += sprintf (new_cookie_hdr + offset, |
1099 | " domain=%s;", | 1110 | " domain=%s.%s;", |
1100 | s5r->domain); | 1111 | s5r->domain, |
1112 | s5r->tld); | ||
1101 | continue; | 1113 | continue; |
1102 | } | 1114 | } |
1103 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 1115 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
@@ -1126,11 +1138,12 @@ curl_check_hdr (void *buffer, size_t size, size_t nmemb, void *cls) | |||
1126 | strlen (leho_host))) | 1138 | strlen (leho_host))) |
1127 | { | 1139 | { |
1128 | GNUNET_asprintf (&new_location, | 1140 | GNUNET_asprintf (&new_location, |
1129 | "%s%s%s", | 1141 | "%s%s.%s%s", |
1130 | (HTTPS_PORT != s5r->port) | 1142 | (HTTPS_PORT != s5r->port) |
1131 | ? "http://" | 1143 | ? "http://" |
1132 | : "https://", | 1144 | : "https://", |
1133 | s5r->domain, | 1145 | s5r->domain, |
1146 | s5r->tld, | ||
1134 | hdr_val + strlen (leho_host)); | 1147 | hdr_val + strlen (leho_host)); |
1135 | hdr_val = new_location; | 1148 | hdr_val = new_location; |
1136 | } | 1149 | } |
@@ -2370,17 +2383,23 @@ setup_data_transfer (struct Socks5Request *s5r) | |||
2370 | int fd; | 2383 | int fd; |
2371 | const struct sockaddr *addr; | 2384 | const struct sockaddr *addr; |
2372 | socklen_t len; | 2385 | socklen_t len; |
2386 | char *domain; | ||
2373 | 2387 | ||
2374 | switch (s5r->port) | 2388 | switch (s5r->port) |
2375 | { | 2389 | { |
2376 | case HTTPS_PORT: | 2390 | case HTTPS_PORT: |
2377 | hd = lookup_ssl_httpd (s5r->domain); | 2391 | GNUNET_asprintf (&domain, |
2392 | "%s.%s", | ||
2393 | s5r->domain, | ||
2394 | s5r->tld); | ||
2395 | hd = lookup_ssl_httpd (domain); | ||
2378 | if (NULL == hd) | 2396 | if (NULL == hd) |
2379 | { | 2397 | { |
2380 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 2398 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
2381 | _("Failed to start HTTPS server for `%s'\n"), | 2399 | _("Failed to start HTTPS server for `%s'\n"), |
2382 | s5r->domain); | 2400 | s5r->domain); |
2383 | cleanup_s5r (s5r); | 2401 | cleanup_s5r (s5r); |
2402 | GNUNET_free (domain); | ||
2384 | return; | 2403 | return; |
2385 | } | 2404 | } |
2386 | break; | 2405 | break; |
@@ -2399,6 +2418,7 @@ setup_data_transfer (struct Socks5Request *s5r) | |||
2399 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 2418 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
2400 | _("Failed to pass client to MHD\n")); | 2419 | _("Failed to pass client to MHD\n")); |
2401 | cleanup_s5r (s5r); | 2420 | cleanup_s5r (s5r); |
2421 | GNUNET_free (domain); | ||
2402 | return; | 2422 | return; |
2403 | } | 2423 | } |
2404 | s5r->hd = hd; | 2424 | s5r->hd = hd; |
@@ -2406,6 +2426,7 @@ setup_data_transfer (struct Socks5Request *s5r) | |||
2406 | s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT, | 2426 | s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT, |
2407 | &timeout_s5r_handshake, | 2427 | &timeout_s5r_handshake, |
2408 | s5r); | 2428 | s5r); |
2429 | GNUNET_free (domain); | ||
2409 | } | 2430 | } |
2410 | 2431 | ||
2411 | 2432 | ||
@@ -2670,6 +2691,82 @@ clear_from_s5r_rbuf (struct Socks5Request *s5r, | |||
2670 | 2691 | ||
2671 | 2692 | ||
2672 | /** | 2693 | /** |
2694 | * Method called to with the ego we are to use for the lookup, | ||
2695 | * when the ego is determined by a name. | ||
2696 | * | ||
2697 | * @param cls closure (NULL, unused) | ||
2698 | * @param ego ego handle, NULL if not found | ||
2699 | */ | ||
2700 | static void | ||
2701 | identity_zone_cb (void *cls, | ||
2702 | const struct GNUNET_IDENTITY_Ego *ego) | ||
2703 | { | ||
2704 | struct Socks5Request *s5r = cls; | ||
2705 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
2706 | |||
2707 | s5r->el = NULL; | ||
2708 | if (NULL == ego) | ||
2709 | { | ||
2710 | signal_socks_failure (s5r, | ||
2711 | SOCKS5_STATUS_GENERAL_FAILURE); | ||
2712 | return; | ||
2713 | |||
2714 | } | ||
2715 | GNUNET_IDENTITY_ego_get_public_key (ego, | ||
2716 | &pkey); | ||
2717 | s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, | ||
2718 | s5r->domain, | ||
2719 | &pkey, | ||
2720 | GNUNET_DNSPARSER_TYPE_A, | ||
2721 | GNUNET_NO /* only cached */, | ||
2722 | &handle_gns_result, | ||
2723 | s5r); | ||
2724 | |||
2725 | |||
2726 | } | ||
2727 | |||
2728 | /** | ||
2729 | * Obtain TLD from @a name | ||
2730 | * | ||
2731 | * @param name a name | ||
2732 | * @return the part of @a name after the last ".", | ||
2733 | * or @a name if @a name does not contain a "." | ||
2734 | */ | ||
2735 | static const char * | ||
2736 | get_tld (const char *name) | ||
2737 | { | ||
2738 | const char *tld; | ||
2739 | |||
2740 | tld = strrchr (name, | ||
2741 | (unsigned char) '.'); | ||
2742 | if (NULL == tld) | ||
2743 | tld = name; | ||
2744 | else | ||
2745 | tld++; /* skip the '.' */ | ||
2746 | return tld; | ||
2747 | } | ||
2748 | |||
2749 | /** | ||
2750 | * Eat the TLD of the given @a name. | ||
2751 | * | ||
2752 | * @param name a name | ||
2753 | */ | ||
2754 | static void | ||
2755 | eat_tld (char *name) | ||
2756 | { | ||
2757 | char *tld; | ||
2758 | |||
2759 | GNUNET_assert (0 < strlen (name)); | ||
2760 | tld = strrchr (name, | ||
2761 | (unsigned char) '.'); | ||
2762 | if (NULL == tld) | ||
2763 | strcpy (name, | ||
2764 | GNUNET_GNS_MASTERZONE_STR); | ||
2765 | else | ||
2766 | *tld = '\0'; | ||
2767 | } | ||
2768 | |||
2769 | /** | ||
2673 | * Read data from incoming Socks5 connection | 2770 | * Read data from incoming Socks5 connection |
2674 | * | 2771 | * |
2675 | * @param cls the closure with the `struct Socks5Request` | 2772 | * @param cls the closure with the `struct Socks5Request` |
@@ -2684,6 +2781,9 @@ do_s5r_read (void *cls) | |||
2684 | ssize_t rlen; | 2781 | ssize_t rlen; |
2685 | size_t alen; | 2782 | size_t alen; |
2686 | const struct GNUNET_SCHEDULER_TaskContext *tc; | 2783 | const struct GNUNET_SCHEDULER_TaskContext *tc; |
2784 | char *zonestr; | ||
2785 | char *dot_tld; | ||
2786 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
2687 | 2787 | ||
2688 | s5r->rtask = NULL; | 2788 | s5r->rtask = NULL; |
2689 | tc = GNUNET_SCHEDULER_get_task_context (); | 2789 | tc = GNUNET_SCHEDULER_get_task_context (); |
@@ -2834,13 +2934,70 @@ do_s5r_read (void *cls) | |||
2834 | ntohs (*port)); | 2934 | ntohs (*port)); |
2835 | s5r->state = SOCKS5_RESOLVING; | 2935 | s5r->state = SOCKS5_RESOLVING; |
2836 | s5r->port = ntohs (*port); | 2936 | s5r->port = ntohs (*port); |
2837 | s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, | 2937 | /* TLD is zkey */ |
2838 | s5r->domain, | 2938 | s5r->tld = get_tld (s5r->domain); |
2839 | &local_gns_zone, | 2939 | if (GNUNET_OK == |
2840 | GNUNET_DNSPARSER_TYPE_A, | 2940 | GNUNET_CRYPTO_ecdsa_public_key_from_string (s5r->tld, |
2841 | GNUNET_NO /* only cached */, | 2941 | strlen (s5r->tld), |
2842 | &handle_gns_result, | 2942 | &pkey)) |
2843 | s5r); | 2943 | { |
2944 | eat_tld (s5r->domain); | ||
2945 | s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, | ||
2946 | s5r->domain, | ||
2947 | &pkey, | ||
2948 | GNUNET_DNSPARSER_TYPE_A, | ||
2949 | GNUNET_NO /* only cached */, | ||
2950 | &handle_gns_result, | ||
2951 | s5r); | ||
2952 | |||
2953 | break; | ||
2954 | } | ||
2955 | /* TLD is mapped in our config */ | ||
2956 | GNUNET_asprintf (&dot_tld, | ||
2957 | ".%s", | ||
2958 | s5r->tld); | ||
2959 | if (GNUNET_OK == | ||
2960 | GNUNET_CONFIGURATION_get_value_string (cfg, | ||
2961 | "gns", | ||
2962 | dot_tld, | ||
2963 | &zonestr)) | ||
2964 | { | ||
2965 | if (GNUNET_OK != | ||
2966 | GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr, | ||
2967 | strlen (zonestr), | ||
2968 | &pkey)) | ||
2969 | { | ||
2970 | GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, | ||
2971 | "gns", | ||
2972 | dot_tld, | ||
2973 | _("Expected a base32-encoded public zone key\n")); | ||
2974 | GNUNET_free (zonestr); | ||
2975 | GNUNET_free (dot_tld); | ||
2976 | signal_socks_failure (s5r, | ||
2977 | SOCKS5_STATUS_GENERAL_FAILURE); | ||
2978 | return; | ||
2979 | |||
2980 | } | ||
2981 | GNUNET_free (zonestr); | ||
2982 | GNUNET_free (dot_tld); | ||
2983 | eat_tld (s5r->domain); | ||
2984 | s5r->gns_lookup = GNUNET_GNS_lookup (gns_handle, | ||
2985 | s5r->domain, | ||
2986 | &pkey, | ||
2987 | GNUNET_DNSPARSER_TYPE_A, | ||
2988 | GNUNET_NO /* only cached */, | ||
2989 | &handle_gns_result, | ||
2990 | s5r); | ||
2991 | break; | ||
2992 | } | ||
2993 | |||
2994 | /* TLD matches against ego */ | ||
2995 | eat_tld (s5r->domain); | ||
2996 | |||
2997 | s5r->el = GNUNET_IDENTITY_ego_lookup (cfg, | ||
2998 | s5r->tld, | ||
2999 | &identity_zone_cb, | ||
3000 | s5r); | ||
2844 | break; | 3001 | break; |
2845 | } | 3002 | } |
2846 | default: | 3003 | default: |
@@ -3281,10 +3438,10 @@ main (int argc, char *const *argv) | |||
3281 | struct GNUNET_GETOPT_CommandLineOption options[] = { | 3438 | struct GNUNET_GETOPT_CommandLineOption options[] = { |
3282 | 3439 | ||
3283 | GNUNET_GETOPT_option_ulong ('p', | 3440 | GNUNET_GETOPT_option_ulong ('p', |
3284 | "port", | 3441 | "port", |
3285 | NULL, | 3442 | NULL, |
3286 | gettext_noop ("listen on specified port (default: 7777)"), | 3443 | gettext_noop ("listen on specified port (default: 7777)"), |
3287 | &port), | 3444 | &port), |
3288 | 3445 | ||
3289 | GNUNET_GETOPT_option_string ('a', | 3446 | GNUNET_GETOPT_option_string ('a', |
3290 | "authority", | 3447 | "authority", |
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 265719d58..523eebf39 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -1668,7 +1668,6 @@ process_consume_abe_key (void *cls, uint32_t rd_count, | |||
1668 | size_t size; | 1668 | size_t size; |
1669 | char *buf; | 1669 | char *buf; |
1670 | char *scope; | 1670 | char *scope; |
1671 | char *lookup_query; | ||
1672 | 1671 | ||
1673 | handle->lookup_request = NULL; | 1672 | handle->lookup_request = NULL; |
1674 | if (1 != rd_count) | 1673 | if (1 != rd_count) |
@@ -1720,18 +1719,15 @@ process_consume_abe_key (void *cls, uint32_t rd_count, | |||
1720 | 1719 | ||
1721 | for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) | 1720 | for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) |
1722 | { | 1721 | { |
1723 | GNUNET_asprintf (&lookup_query, | ||
1724 | "%s.gnu", | ||
1725 | scope); | ||
1726 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1722 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1727 | "Looking up %s\n", lookup_query); | 1723 | "Looking up %s\n", scope); |
1728 | parallel_lookup = GNUNET_new (struct ParallelLookup); | 1724 | parallel_lookup = GNUNET_new (struct ParallelLookup); |
1729 | parallel_lookup->handle = handle; | 1725 | parallel_lookup->handle = handle; |
1730 | parallel_lookup->label = GNUNET_strdup (scope); | 1726 | parallel_lookup->label = GNUNET_strdup (scope); |
1731 | parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get(); | 1727 | parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get(); |
1732 | parallel_lookup->lookup_request | 1728 | parallel_lookup->lookup_request |
1733 | = GNUNET_GNS_lookup (gns_handle, | 1729 | = GNUNET_GNS_lookup (gns_handle, |
1734 | lookup_query, | 1730 | scope, |
1735 | &handle->ticket.identity, | 1731 | &handle->ticket.identity, |
1736 | GNUNET_GNSRECORD_TYPE_ID_ATTR, | 1732 | GNUNET_GNSRECORD_TYPE_ID_ATTR, |
1737 | GNUNET_GNS_LO_DEFAULT, | 1733 | GNUNET_GNS_LO_DEFAULT, |
@@ -1740,7 +1736,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, | |||
1740 | GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, | 1736 | GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, |
1741 | handle->parallel_lookups_tail, | 1737 | handle->parallel_lookups_tail, |
1742 | parallel_lookup); | 1738 | parallel_lookup); |
1743 | GNUNET_free (lookup_query); | 1739 | GNUNET_free (scope); |
1744 | } | 1740 | } |
1745 | GNUNET_free (scopes); | 1741 | GNUNET_free (scopes); |
1746 | GNUNET_free (buf); | 1742 | GNUNET_free (buf); |
@@ -1756,7 +1752,6 @@ handle_consume_ticket_message (void *cls, | |||
1756 | { | 1752 | { |
1757 | struct ConsumeTicketHandle *ch; | 1753 | struct ConsumeTicketHandle *ch; |
1758 | struct IdpClient *idp = cls; | 1754 | struct IdpClient *idp = cls; |
1759 | char* lookup_query; | ||
1760 | char* rnd_label; | 1755 | char* rnd_label; |
1761 | 1756 | ||
1762 | ch = GNUNET_new (struct ConsumeTicketHandle); | 1757 | ch = GNUNET_new (struct ConsumeTicketHandle); |
@@ -1769,22 +1764,18 @@ handle_consume_ticket_message (void *cls, | |||
1769 | ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); | 1764 | ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); |
1770 | rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, | 1765 | rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, |
1771 | sizeof (uint64_t)); | 1766 | sizeof (uint64_t)); |
1772 | GNUNET_asprintf (&lookup_query, | ||
1773 | "%s.gnu", | ||
1774 | rnd_label); | ||
1775 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1767 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1776 | "Looking for ABE key under %s\n", lookup_query); | 1768 | "Looking for ABE key under %s\n", rnd_label); |
1777 | ch->lookup_start_time = GNUNET_TIME_absolute_get (); | 1769 | ch->lookup_start_time = GNUNET_TIME_absolute_get (); |
1778 | ch->lookup_request | 1770 | ch->lookup_request |
1779 | = GNUNET_GNS_lookup (gns_handle, | 1771 | = GNUNET_GNS_lookup (gns_handle, |
1780 | lookup_query, | 1772 | rnd_label, |
1781 | &ch->ticket.identity, | 1773 | &ch->ticket.identity, |
1782 | GNUNET_GNSRECORD_TYPE_ABE_KEY, | 1774 | GNUNET_GNSRECORD_TYPE_ABE_KEY, |
1783 | GNUNET_GNS_LO_DEFAULT, | 1775 | GNUNET_GNS_LO_DEFAULT, |
1784 | &process_consume_abe_key, | 1776 | &process_consume_abe_key, |
1785 | ch); | 1777 | ch); |
1786 | GNUNET_free (rnd_label); | 1778 | GNUNET_free (rnd_label); |
1787 | GNUNET_free (lookup_query); | ||
1788 | GNUNET_SERVICE_client_continue (idp->client); | 1779 | GNUNET_SERVICE_client_continue (idp->client); |
1789 | } | 1780 | } |
1790 | 1781 | ||
diff --git a/src/identity-provider/identity-provider.conf b/src/identity-provider/identity-provider.conf index b78af3553..ea0028933 100644 --- a/src/identity-provider/identity-provider.conf +++ b/src/identity-provider/identity-provider.conf | |||
@@ -14,7 +14,7 @@ DATABASE = sqlite | |||
14 | 14 | ||
15 | [identity-rest-plugin] | 15 | [identity-rest-plugin] |
16 | #ADDRESS = https://identity.gnu:8000#/login | 16 | #ADDRESS = https://identity.gnu:8000#/login |
17 | ADDRESS = https://identity.gnu/ui/#/login | 17 | ADDRESS = https://reclaim.id/ui/#/login |
18 | PSW = secret | 18 | PSW = secret |
19 | EXPIRATION_TIME = 3600 | 19 | EXPIRATION_TIME = 3600 |
20 | 20 | ||
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 3f9279d5c..7b4ebf2fc 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -409,6 +409,11 @@ struct RequestHandle | |||
409 | char *url; | 409 | char *url; |
410 | 410 | ||
411 | /** | 411 | /** |
412 | * The tld for redirect | ||
413 | */ | ||
414 | char *tld; | ||
415 | |||
416 | /** | ||
412 | * Error response message | 417 | * Error response message |
413 | */ | 418 | */ |
414 | char *emsg; | 419 | char *emsg; |
@@ -457,6 +462,8 @@ cleanup_handle (struct RequestHandle *handle) | |||
457 | GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); | 462 | GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); |
458 | if (NULL != handle->url) | 463 | if (NULL != handle->url) |
459 | GNUNET_free (handle->url); | 464 | GNUNET_free (handle->url); |
465 | if (NULL != handle->tld) | ||
466 | GNUNET_free (handle->tld); | ||
460 | if (NULL != handle->emsg) | 467 | if (NULL != handle->emsg) |
461 | GNUNET_free (handle->emsg); | 468 | GNUNET_free (handle->emsg); |
462 | if (NULL != handle->edesc) | 469 | if (NULL != handle->edesc) |
@@ -1463,6 +1470,8 @@ static void get_client_name_result (void *cls, | |||
1463 | char *code_base64_final_string; | 1470 | char *code_base64_final_string; |
1464 | char *redirect_path; | 1471 | char *redirect_path; |
1465 | char *tmp; | 1472 | char *tmp; |
1473 | char *tmp_prefix; | ||
1474 | char *prefix; | ||
1466 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, | 1475 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, |
1467 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | 1476 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
1468 | //TODO change if more attributes are needed (see max_age) | 1477 | //TODO change if more attributes are needed (see max_age) |
@@ -1476,8 +1485,13 @@ static void get_client_name_result (void *cls, | |||
1476 | redirect_path = strtok (tmp, "/"); | 1485 | redirect_path = strtok (tmp, "/"); |
1477 | redirect_path = strtok (NULL, "/"); | 1486 | redirect_path = strtok (NULL, "/"); |
1478 | redirect_path = strtok (NULL, "/"); | 1487 | redirect_path = strtok (NULL, "/"); |
1479 | GNUNET_asprintf (&redirect_uri, "https://%s.gnu/%s?%s=%s&state=%s", | 1488 | tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri); |
1480 | label, | 1489 | prefix = strrchr (tmp_prefix, |
1490 | (unsigned char) '.'); | ||
1491 | *prefix = '\0'; | ||
1492 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | ||
1493 | tmp_prefix, | ||
1494 | handle->tld, | ||
1481 | redirect_path, | 1495 | redirect_path, |
1482 | handle->oidc->response_type, | 1496 | handle->oidc->response_type, |
1483 | code_base64_final_string, handle->oidc->state); | 1497 | code_base64_final_string, handle->oidc->state); |
@@ -1486,6 +1500,7 @@ static void get_client_name_result (void *cls, | |||
1486 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1500 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1487 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1501 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1488 | GNUNET_free (tmp); | 1502 | GNUNET_free (tmp); |
1503 | GNUNET_free (tmp_prefix); | ||
1489 | GNUNET_free (redirect_uri); | 1504 | GNUNET_free (redirect_uri); |
1490 | GNUNET_free (ticket_str); | 1505 | GNUNET_free (ticket_str); |
1491 | GNUNET_free (code_json_string); | 1506 | GNUNET_free (code_json_string); |
@@ -1730,7 +1745,6 @@ static void namestore_iteration_finished (void *cls) | |||
1730 | struct RequestHandle *handle = cls; | 1745 | struct RequestHandle *handle = cls; |
1731 | struct GNUNET_HashCode cache_key; | 1746 | struct GNUNET_HashCode cache_key; |
1732 | 1747 | ||
1733 | char *expected_redirect_uri; | ||
1734 | char *expected_scope; | 1748 | char *expected_scope; |
1735 | char delimiter[]=" "; | 1749 | char delimiter[]=" "; |
1736 | int number_of_ignored_parameter, iterator; | 1750 | int number_of_ignored_parameter, iterator; |
@@ -1766,23 +1780,9 @@ static void namestore_iteration_finished (void *cls) | |||
1766 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1780 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1767 | return; | 1781 | return; |
1768 | } | 1782 | } |
1769 | handle->oidc->redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1783 | handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1770 | &cache_key); | 1784 | &cache_key)); |
1771 | 1785 | ||
1772 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", handle->oidc->client_id); | ||
1773 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | ||
1774 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) | ||
1775 | { | ||
1776 | handle->oidc->redirect_uri = NULL; | ||
1777 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
1778 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | ||
1779 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1780 | GNUNET_free(expected_redirect_uri); | ||
1781 | return; | ||
1782 | } | ||
1783 | handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri); | ||
1784 | |||
1785 | GNUNET_free(expected_redirect_uri); | ||
1786 | // REQUIRED value: response_type | 1786 | // REQUIRED value: response_type |
1787 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | 1787 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
1788 | &cache_key); | 1788 | &cache_key); |
@@ -1897,6 +1897,9 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1897 | { | 1897 | { |
1898 | struct RequestHandle *handle = cls; | 1898 | struct RequestHandle *handle = cls; |
1899 | struct GNUNET_HashCode cache_key; | 1899 | struct GNUNET_HashCode cache_key; |
1900 | struct EgoEntry *tmp_ego; | ||
1901 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | ||
1902 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
1900 | 1903 | ||
1901 | cookie_identity_interpretation(handle); | 1904 | cookie_identity_interpretation(handle); |
1902 | 1905 | ||
@@ -1922,9 +1925,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1922 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1925 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1923 | return; | 1926 | return; |
1924 | } | 1927 | } |
1925 | handle->oidc->client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1928 | handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1926 | &cache_key); | 1929 | &cache_key)); |
1927 | handle->oidc->client_id = GNUNET_strdup (handle->oidc->client_id); | ||
1928 | 1930 | ||
1929 | if ( GNUNET_OK | 1931 | if ( GNUNET_OK |
1930 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, | 1932 | != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, |
@@ -1952,6 +1954,22 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1952 | handle->ego_entry = handle->ego_head; | 1954 | handle->ego_entry = handle->ego_head; |
1953 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | 1955 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); |
1954 | handle->oidc->is_client_trusted = GNUNET_NO; | 1956 | handle->oidc->is_client_trusted = GNUNET_NO; |
1957 | |||
1958 | //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config | ||
1959 | for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) | ||
1960 | { | ||
1961 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | ||
1962 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, | ||
1963 | &pkey); | ||
1964 | if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey, | ||
1965 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | ||
1966 | { | ||
1967 | handle->tld = GNUNET_strdup (tmp_ego->identifier); | ||
1968 | handle->oidc->is_client_trusted = GNUNET_YES; | ||
1969 | handle->ego_entry = handle->ego_tail; | ||
1970 | } | ||
1971 | } | ||
1972 | |||
1955 | 1973 | ||
1956 | // Checks if client_id is valid: | 1974 | // Checks if client_id is valid: |
1957 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( | 1975 | handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start ( |
@@ -2217,20 +2235,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2217 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2235 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2218 | return; | 2236 | return; |
2219 | } | 2237 | } |
2220 | // check redirect_uri | ||
2221 | GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", client_id); | ||
2222 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | ||
2223 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | ||
2224 | { | ||
2225 | GNUNET_free_non_null(user_psw); | ||
2226 | handle->emsg=GNUNET_strdup("invalid_request"); | ||
2227 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | ||
2228 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2229 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2230 | GNUNET_free(expected_redirect_uri); | ||
2231 | return; | ||
2232 | } | ||
2233 | GNUNET_free(expected_redirect_uri); | ||
2234 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); | 2238 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
2235 | int i = 1; | 2239 | int i = 1; |
2236 | if ( GNUNET_SYSERR | 2240 | if ( GNUNET_SYSERR |