diff options
author | Phil <phil.buschmann@tum.de> | 2018-02-27 15:58:05 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-02-27 15:58:05 +0100 |
commit | 5af7ba146c11433abd67497ed170a8591948a722 (patch) | |
tree | 93a5742abdc88427e48c8dd99e6852927967a6dd /src | |
parent | 699ff34b7203eb99d7ff1a45ff6b8309676c1102 (diff) | |
download | gnunet-5af7ba146c11433abd67497ed170a8591948a722.tar.gz gnunet-5af7ba146c11433abd67497ed170a8591948a722.zip |
-fix userinfo_endpoint
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 89 |
1 files changed, 64 insertions, 25 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 9ba73ff1c..ef50077f5 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -19,6 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | /** | 20 | /** |
21 | * @author Martin Schanzenbach | 21 | * @author Martin Schanzenbach |
22 | * @author Philippe Buschmann | ||
22 | * @file identity/plugin_rest_identity.c | 23 | * @file identity/plugin_rest_identity.c |
23 | * @brief GNUnet Namestore REST plugin | 24 | * @brief GNUnet Namestore REST plugin |
24 | * | 25 | * |
@@ -234,6 +235,7 @@ struct Plugin | |||
234 | { | 235 | { |
235 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 236 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
236 | }; | 237 | }; |
238 | |||
237 | /** | 239 | /** |
238 | * OIDC needed variables | 240 | * OIDC needed variables |
239 | */ | 241 | */ |
@@ -546,7 +548,8 @@ do_error (void *cls) | |||
546 | 548 | ||
547 | 549 | ||
548 | /** | 550 | /** |
549 | * Task run on error, sends error message. Cleans up everything. | 551 | * Task run on error in userinfo endpoint, sends error header. Cleans up |
552 | * everything | ||
550 | * | 553 | * |
551 | * @param cls the `struct RequestHandle` | 554 | * @param cls the `struct RequestHandle` |
552 | */ | 555 | */ |
@@ -569,7 +572,7 @@ do_userinfo_error (void *cls) | |||
569 | 572 | ||
570 | 573 | ||
571 | /** | 574 | /** |
572 | * Task run on error, sends error message. Cleans up everything. | 575 | * Task run on error, sends error message and redirects. Cleans up everything. |
573 | * | 576 | * |
574 | * @param cls the `struct RequestHandle` | 577 | * @param cls the `struct RequestHandle` |
575 | */ | 578 | */ |
@@ -673,6 +676,12 @@ return_userinfo_response (void *cls) | |||
673 | cleanup_handle (handle); | 676 | cleanup_handle (handle); |
674 | } | 677 | } |
675 | 678 | ||
679 | /** | ||
680 | * Returns base64 encoded string without padding | ||
681 | * | ||
682 | * @param string the string to encode | ||
683 | * @return base64 encoded string | ||
684 | */ | ||
676 | static char* | 685 | static char* |
677 | base_64_encode(char *string) | 686 | base_64_encode(char *string) |
678 | { | 687 | { |
@@ -1328,13 +1337,13 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1328 | } | 1337 | } |
1329 | 1338 | ||
1330 | /** | 1339 | /** |
1331 | * Cookie interpretation | 1340 | * Interprets cookie header and pass its identity keystring to handle |
1332 | */ | 1341 | */ |
1333 | static void | 1342 | static void |
1334 | cookie_identity_interpretation (struct RequestHandle *handle) | 1343 | cookie_identity_interpretation (struct RequestHandle *handle) |
1335 | { | 1344 | { |
1336 | struct GNUNET_HashCode cache_key; | 1345 | struct GNUNET_HashCode cache_key; |
1337 | char* cookies; | 1346 | char *cookies; |
1338 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 1347 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
1339 | char delimiter[] = "; "; | 1348 | char delimiter[] = "; "; |
1340 | 1349 | ||
@@ -1378,7 +1387,7 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
1378 | } | 1387 | } |
1379 | 1388 | ||
1380 | /** | 1389 | /** |
1381 | * Login redirection | 1390 | * Redirects to login page stored in configuration file |
1382 | */ | 1391 | */ |
1383 | static void | 1392 | static void |
1384 | login_redirection(void *cls) | 1393 | login_redirection(void *cls) |
@@ -1424,7 +1433,7 @@ login_redirection(void *cls) | |||
1424 | } | 1433 | } |
1425 | 1434 | ||
1426 | /** | 1435 | /** |
1427 | * Function called if we had an error in zone-to-name mapping. | 1436 | * Does internal server error when iteration failed. |
1428 | */ | 1437 | */ |
1429 | static void | 1438 | static void |
1430 | oidc_iteration_error (void *cls) | 1439 | oidc_iteration_error (void *cls) |
@@ -1435,6 +1444,10 @@ oidc_iteration_error (void *cls) | |||
1435 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1444 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1436 | } | 1445 | } |
1437 | 1446 | ||
1447 | /** | ||
1448 | * Issues ticket and redirects to relying party with the authorization code as | ||
1449 | * parameter. Otherwise redirects with error | ||
1450 | */ | ||
1438 | static void | 1451 | static void |
1439 | oidc_ticket_issue_cb (void* cls, | 1452 | oidc_ticket_issue_cb (void* cls, |
1440 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | 1453 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
@@ -1498,7 +1511,7 @@ oidc_collect_finished_cb (void *cls) | |||
1498 | 1511 | ||
1499 | 1512 | ||
1500 | /** | 1513 | /** |
1501 | * Collect all attributes for an ego | 1514 | * Collects all attributes for an ego if in scope parameter |
1502 | */ | 1515 | */ |
1503 | static void | 1516 | static void |
1504 | oidc_attr_collect (void *cls, | 1517 | oidc_attr_collect (void *cls, |
@@ -1545,7 +1558,7 @@ oidc_attr_collect (void *cls, | |||
1545 | 1558 | ||
1546 | 1559 | ||
1547 | /** | 1560 | /** |
1548 | * Cookie and Time check | 1561 | * Checks time and cookie and redirects accordingly |
1549 | */ | 1562 | */ |
1550 | static void | 1563 | static void |
1551 | login_check (void *cls) | 1564 | login_check (void *cls) |
@@ -1612,7 +1625,8 @@ login_check (void *cls) | |||
1612 | } | 1625 | } |
1613 | 1626 | ||
1614 | /** | 1627 | /** |
1615 | * Create a response with requested records | 1628 | * Searches for client_id in namestore. If found trust status stored in handle |
1629 | * Else continues to search | ||
1616 | * | 1630 | * |
1617 | * @param handle the RequestHandle | 1631 | * @param handle the RequestHandle |
1618 | */ | 1632 | */ |
@@ -1960,14 +1974,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1960 | return; | 1974 | return; |
1961 | } | 1975 | } |
1962 | 1976 | ||
1977 | /** | ||
1978 | * Responds to token url-encoded POST request | ||
1979 | * | ||
1980 | * @param con_handle the connection handle | ||
1981 | * @param url the url | ||
1982 | * @param cls the RequestHandle | ||
1983 | */ | ||
1963 | static void | 1984 | static void |
1964 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 1985 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
1965 | const char* url, | 1986 | const char* url, |
1966 | void *cls) | 1987 | void *cls) |
1967 | { | 1988 | { |
1968 | //TODO static strings | 1989 | //TODO static strings |
1969 | |||
1970 | //TODO WWW-Authenticate 401 | ||
1971 | struct RequestHandle *handle = cls; | 1990 | struct RequestHandle *handle = cls; |
1972 | struct GNUNET_HashCode cache_key; | 1991 | struct GNUNET_HashCode cache_key; |
1973 | char *authorization, *credentials; | 1992 | char *authorization, *credentials; |
@@ -2291,7 +2310,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2291 | } | 2310 | } |
2292 | //TODO OPTIONAL acr,amr,azp | 2311 | //TODO OPTIONAL acr,amr,azp |
2293 | 2312 | ||
2294 | //TODO lookup client for client == audience of ticket | ||
2295 | struct EgoEntry *ego_entry; | 2313 | struct EgoEntry *ego_entry; |
2296 | for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) | 2314 | for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) |
2297 | { | 2315 | { |
@@ -2351,9 +2369,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2351 | MHD_add_response_header (resp, "Content-Type", "application/json"); | 2369 | MHD_add_response_header (resp, "Content-Type", "application/json"); |
2352 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 2370 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
2353 | 2371 | ||
2354 | //TODO one time ticket/code | ||
2355 | |||
2356 | //TODO free | ||
2357 | GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl); | 2372 | GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl); |
2358 | GNUNET_free(access_token_number); | 2373 | GNUNET_free(access_token_number); |
2359 | GNUNET_free(access_token); | 2374 | GNUNET_free(access_token); |
@@ -2365,7 +2380,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2365 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); | 2380 | GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle); |
2366 | } | 2381 | } |
2367 | 2382 | ||
2368 | 2383 | /** | |
2384 | * Collects claims and stores them in handle | ||
2385 | */ | ||
2369 | static void | 2386 | static void |
2370 | consume_ticket (void *cls, | 2387 | consume_ticket (void *cls, |
2371 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | 2388 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
@@ -2384,16 +2401,24 @@ consume_ticket (void *cls, | |||
2384 | json_string(attr->data)); | 2401 | json_string(attr->data)); |
2385 | } | 2402 | } |
2386 | 2403 | ||
2404 | /** | ||
2405 | * Responds to userinfo GET and url-encoded POST request | ||
2406 | * | ||
2407 | * @param con_handle the connection handle | ||
2408 | * @param url the url | ||
2409 | * @param cls the RequestHandle | ||
2410 | */ | ||
2387 | static void | 2411 | static void |
2388 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | 2412 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, |
2389 | const char* url, void *cls) | 2413 | const char* url, void *cls) |
2390 | { | 2414 | { |
2415 | //TODO expiration time | ||
2391 | struct RequestHandle *handle = cls; | 2416 | struct RequestHandle *handle = cls; |
2392 | char delimiter[] = " "; | 2417 | char delimiter[] = " "; |
2393 | char delimiter_db[] = ";"; | 2418 | char delimiter_db[] = ";"; |
2394 | struct GNUNET_HashCode cache_key; | 2419 | struct GNUNET_HashCode cache_key; |
2395 | char *authorization, *authorization_type, *authorization_access_token; | 2420 | char *authorization, *authorization_type, *authorization_access_token; |
2396 | char *client_ticket; | 2421 | char *client_ticket, *client, *ticket_str; |
2397 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; | 2422 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; |
2398 | 2423 | ||
2399 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | 2424 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
@@ -2413,6 +2438,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2413 | handle->rest_handle->header_param_map, &cache_key); | 2438 | handle->rest_handle->header_param_map, &cache_key); |
2414 | 2439 | ||
2415 | //split header in "Bearer" and access_token | 2440 | //split header in "Bearer" and access_token |
2441 | authorization = GNUNET_strdup(authorization); | ||
2416 | authorization_type = strtok (authorization, delimiter); | 2442 | authorization_type = strtok (authorization, delimiter); |
2417 | if ( 0 != strcmp ("Bearer", authorization_type) ) | 2443 | if ( 0 != strcmp ("Bearer", authorization_type) ) |
2418 | { | 2444 | { |
@@ -2420,6 +2446,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2420 | handle->edesc = GNUNET_strdup("No Access Token"); | 2446 | handle->edesc = GNUNET_strdup("No Access Token"); |
2421 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2447 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2422 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2448 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2449 | GNUNET_free(authorization); | ||
2423 | return; | 2450 | return; |
2424 | } | 2451 | } |
2425 | authorization_access_token = strtok (NULL, delimiter); | 2452 | authorization_access_token = strtok (NULL, delimiter); |
@@ -2429,6 +2456,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2429 | handle->edesc = GNUNET_strdup("No Access Token"); | 2456 | handle->edesc = GNUNET_strdup("No Access Token"); |
2430 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2457 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2431 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2458 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2459 | GNUNET_free(authorization); | ||
2432 | return; | 2460 | return; |
2433 | } | 2461 | } |
2434 | 2462 | ||
@@ -2442,25 +2470,28 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2442 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2470 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
2443 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2471 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2444 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2472 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2473 | GNUNET_free(authorization); | ||
2445 | return; | 2474 | return; |
2446 | } | 2475 | } |
2447 | 2476 | ||
2448 | client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, | 2477 | client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token, |
2449 | &cache_key); | 2478 | &cache_key); |
2450 | 2479 | client_ticket = GNUNET_strdup(client_ticket); | |
2451 | client_ticket = strtok(client_ticket,delimiter_db); | 2480 | client = strtok(client_ticket,delimiter_db); |
2452 | if (NULL == client_ticket) | 2481 | if (NULL == client) |
2453 | { | 2482 | { |
2454 | handle->emsg = GNUNET_strdup("invalid_token"); | 2483 | handle->emsg = GNUNET_strdup("invalid_token"); |
2455 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2484 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
2456 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2485 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2457 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2486 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2487 | GNUNET_free(authorization); | ||
2488 | GNUNET_free(client_ticket); | ||
2458 | return; | 2489 | return; |
2459 | } | 2490 | } |
2460 | handle->ego_entry = handle->ego_head; | 2491 | handle->ego_entry = handle->ego_head; |
2461 | for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) | 2492 | for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) |
2462 | { | 2493 | { |
2463 | if (0 == strcmp(handle->ego_entry->keystring,client_ticket)) | 2494 | if (0 == strcmp(handle->ego_entry->keystring,client)) |
2464 | { | 2495 | { |
2465 | break; | 2496 | break; |
2466 | } | 2497 | } |
@@ -2471,21 +2502,25 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2471 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2502 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
2472 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2503 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2473 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2504 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2505 | GNUNET_free(authorization); | ||
2506 | GNUNET_free(client_ticket); | ||
2474 | return; | 2507 | return; |
2475 | } | 2508 | } |
2476 | client_ticket = strtok(NULL, delimiter_db); | 2509 | ticket_str = strtok(NULL, delimiter_db); |
2477 | if (NULL == client_ticket) | 2510 | if (NULL == ticket_str) |
2478 | { | 2511 | { |
2479 | handle->emsg = GNUNET_strdup("invalid_token"); | 2512 | handle->emsg = GNUNET_strdup("invalid_token"); |
2480 | handle->edesc = GNUNET_strdup("The Access Token expired"); | 2513 | handle->edesc = GNUNET_strdup("The Access Token expired"); |
2481 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2514 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2482 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2515 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2516 | GNUNET_free(authorization); | ||
2517 | GNUNET_free(client_ticket); | ||
2483 | return; | 2518 | return; |
2484 | } | 2519 | } |
2485 | ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); | 2520 | ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket); |
2486 | if ( GNUNET_OK | 2521 | if ( GNUNET_OK |
2487 | != GNUNET_STRINGS_string_to_data (client_ticket, | 2522 | != GNUNET_STRINGS_string_to_data (ticket_str, |
2488 | strlen (client_ticket), | 2523 | strlen (ticket_str), |
2489 | ticket, | 2524 | ticket, |
2490 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) | 2525 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) |
2491 | { | 2526 | { |
@@ -2494,6 +2529,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2494 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2529 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2495 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | 2530 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); |
2496 | GNUNET_free(ticket); | 2531 | GNUNET_free(ticket); |
2532 | GNUNET_free(authorization); | ||
2533 | GNUNET_free(client_ticket); | ||
2497 | return; | 2534 | return; |
2498 | } | 2535 | } |
2499 | 2536 | ||
@@ -2507,6 +2544,8 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2507 | consume_ticket, | 2544 | consume_ticket, |
2508 | handle); | 2545 | handle); |
2509 | GNUNET_free(ticket); | 2546 | GNUNET_free(ticket); |
2547 | GNUNET_free(authorization); | ||
2548 | GNUNET_free(client_ticket); | ||
2510 | 2549 | ||
2511 | } | 2550 | } |
2512 | 2551 | ||