summaryrefslogtreecommitdiffabout
path: root/lib/basic_op.cc
authorMichael Krelin <hacker@klever.net>2008-02-02 21:10:12 (UTC)
committer Michael Krelin <hacker@klever.net>2008-02-02 21:10:12 (UTC)
commit3658759966cbadb7b50457d446f3436b6f7987da (patch) (unidiff)
treeb215da5b5212b60aa1ec965df28070b4bff587bc /lib/basic_op.cc
parenta8f733c88d87abe422ecaa405df385bad562e60f (diff)
downloadlibopkele-3658759966cbadb7b50457d446f3436b6f7987da.zip
libopkele-3658759966cbadb7b50457d446f3436b6f7987da.tar.gz
libopkele-3658759966cbadb7b50457d446f3436b6f7987da.tar.bz2
moved uri matching into separate procedure
Signed-off-by: Michael Krelin <hacker@klever.net>
Diffstat (limited to 'lib/basic_op.cc') (more/less context) (ignore whitespace changes)
-rw-r--r--lib/basic_op.cc35
1 files changed, 3 insertions, 32 deletions
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index f7573aa..11ffb48 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,22 +1,19 @@
1#include <time.h> 1#include <time.h>
2#include <cassert> 2#include <cassert>
3#include <algorithm>
4#include <openssl/sha.h> 3#include <openssl/sha.h>
5#include <openssl/hmac.h> 4#include <openssl/hmac.h>
6#include <opkele/data.h> 5#include <opkele/data.h>
7#include <opkele/basic_op.h> 6#include <opkele/basic_op.h>
8#include <opkele/exception.h> 7#include <opkele/exception.h>
9#include <opkele/util.h> 8#include <opkele/util.h>
10#include <opkele/uris.h> 9#include <opkele/uris.h>
11 10
12namespace opkele { 11namespace opkele {
13 using std::pair;
14 using std::mismatch;
15 12
16 void basic_op::reset_vars() { 13 void basic_op::reset_vars() {
17 assoc.reset(); 14 assoc.reset();
18 return_to.clear(); realm.clear(); 15 return_to.clear(); realm.clear();
19 claimed_id.clear(); identity.clear(); 16 claimed_id.clear(); identity.clear();
20 invalidate_handle.clear(); 17 invalidate_handle.clear();
21 } 18 }
22 19
@@ -316,41 +313,15 @@ namespace opkele {
316 } 313 }
317 return oum; 314 return oum;
318 }catch(failed_check_authentication& ) { 315 }catch(failed_check_authentication& ) {
319 oum.set_field("is_valid","false"); 316 oum.set_field("is_valid","false");
320 return oum; 317 return oum;
321 } 318 }
322 319
323 void basic_op::verify_return_to() { 320 void basic_op::verify_return_to() {
324 string nrealm = opkele::util::rfc_3986_normalize_uri(realm); 321 if(realm.find('#')!=string::npos)
325 if(nrealm.find('#')!=string::npos)
326 throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment"); 322 throw opkele::bad_realm(OPKELE_CP_ "authentication realm contains URI fragment");
327 string nrt = opkele::util::rfc_3986_normalize_uri(return_to); 323 if(!util::uri_matches_realm(return_to,realm))
328 string::size_type pr = nrealm.find("://"); 324 throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match realm");
329 string::size_type prt = nrt.find("://");
330 assert(!(pr==string::npos || prt==string::npos));
331 pr += sizeof("://")-1;
332 prt += sizeof("://")-1;
333 if(!strncmp(nrealm.c_str()+pr,"*.",2)) {
334 pr = nrealm.find('.',pr);
335 prt = nrt.find('.',prt);
336 assert(pr!=string::npos);
337 if(prt==string::npos)
338 throw bad_return_to(
339 OPKELE_CP_ "return_to URL doesn't match realm");
340 // TODO: check for overgeneralized realm
341 }
342 string::size_type lr = nrealm.length();
343 string::size_type lrt = nrt.length();
344 if( (lrt-prt) < (lr-pr) )
345 throw bad_return_to(
346 OPKELE_CP_ "return_to URL doesn't match realm");
347 pair<const char*,const char*> mp = mismatch(
348 nrealm.c_str()+pr,nrealm.c_str()+lr,
349 nrt.c_str()+prt);
350 if( (*(mp.first-1))!='/'
351 && !strchr("/?#",*mp.second) )
352 throw bad_return_to(
353 OPKELE_CP_ "return_to URL doesn't match realm");
354 } 325 }
355 326
356} 327}