summaryrefslogtreecommitdiffabout
Unidiff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--include/opkele/basic_op.h2
-rw-r--r--include/opkele/verify_op.h2
-rw-r--r--lib/verify_op.cc2
-rw-r--r--test/OP.cc2
4 files changed, 4 insertions, 4 deletions
diff --git a/include/opkele/basic_op.h b/include/opkele/basic_op.h
index 0e3231d..0326508 100644
--- a/include/opkele/basic_op.h
+++ b/include/opkele/basic_op.h
@@ -1,250 +1,250 @@
1#ifndef __OPKELE_BASIC_OP_H 1#ifndef __OPKELE_BASIC_OP_H
2#define __OPKELE_BASIC_OP_H 2#define __OPKELE_BASIC_OP_H
3 3
4#include <string> 4#include <string>
5#include <opkele/types.h> 5#include <opkele/types.h>
6#include <opkele/extension.h> 6#include <opkele/extension.h>
7 7
8namespace opkele { 8namespace opkele {
9 using std::string; 9 using std::string;
10 10
11 /** 11 /**
12 * Implementation of basic OP functionality 12 * Implementation of basic OP functionality
13 */ 13 */
14 class basic_OP { 14 class basic_OP {
15 public: 15 public:
16 /** 16 /**
17 * The request mode for the request being processed 17 * The request mode for the request being processed
18 */ 18 */
19 mode_t mode; 19 mode_t mode;
20 /** 20 /**
21 * association used in transaction. reset in case of dumb operation 21 * association used in transaction. reset in case of dumb operation
22 */ 22 */
23 assoc_t assoc; 23 assoc_t assoc;
24 /** 24 /**
25 * true if the request is openid2 request 25 * true if the request is openid2 request
26 */ 26 */
27 bool openid2; 27 bool openid2;
28 /** 28 /**
29 * The return_to RP endpoint 29 * The return_to RP endpoint
30 */ 30 */
31 string return_to; 31 string return_to;
32 /** 32 /**
33 * The realm we authenticate for 33 * The realm we authenticate for
34 */ 34 */
35 string realm; 35 string realm;
36 /** 36 /**
37 * Claimed identifier 37 * Claimed identifier
38 */ 38 */
39 string claimed_id; 39 string claimed_id;
40 /** 40 /**
41 * The OP-Local identifier 41 * The OP-Local identifier
42 */ 42 */
43 string identity; 43 string identity;
44 /** 44 /**
45 * The invalidate handle for the reply request 45 * The invalidate handle for the reply request
46 */ 46 */
47 string invalidate_handle; 47 string invalidate_handle;
48 48
49 void reset_vars(); 49 void reset_vars();
50 50
51 /** 51 /**
52 * @name Request information access 52 * @name Request information access
53 * Setting and retrieval of the information pertaining to the request being processed 53 * Setting and retrieval of the information pertaining to the request being processed
54 * @{ 54 * @{
55 */ 55 */
56 /** 56 /**
57 * Check if the RP expects us to get back to them. 57 * Check if the RP expects us to get back to them.
58 * @return true if RP supplied return_to URL 58 * @return true if RP supplied return_to URL
59 */ 59 */
60 bool has_return_to() const; 60 bool has_return_to() const;
61 /** 61 /**
62 * Find out where the RP is waiting for us. 62 * Find out where the RP is waiting for us.
63 * @return the return_to URL supplied 63 * @return the return_to URL supplied
64 * @throw no_return_to if no return_to is supplied with the request 64 * @throw no_return_to if no return_to is supplied with the request
65 */ 65 */
66 const string& get_return_to() const; 66 const string& get_return_to() const;
67 67
68 /** 68 /**
69 * Find out what realm we are authenticating user for 69 * Find out what realm we are authenticating user for
70 * @return the realm 70 * @return the realm
71 */ 71 */
72 const string& get_realm() const; 72 const string& get_realm() const;
73 73
74 /** 74 /**
75 * Check if request is about identity 75 * Check if request is about identity
76 * @return true if so 76 * @return true if so
77 */ 77 */
78 bool has_identity() const; 78 bool has_identity() const;
79 /** 79 /**
80 * Get claimed identifier supplied with the request 80 * Get claimed identifier supplied with the request
81 * @return claimed identifier 81 * @return claimed identifier
82 * @throw non_identity if request is not about identity 82 * @throw non_identity if request is not about identity
83 */ 83 */
84 const string& get_claimed_id() const; 84 const string& get_claimed_id() const;
85 /** 85 /**
86 * Get the identity (OP-Local identifier) being confirmed 86 * Get the identity (OP-Local identifier) being confirmed
87 * @return identity 87 * @return identity
88 * @throw non_identity if request is not about identity 88 * @throw non_identity if request is not about identity
89 */ 89 */
90 const string& get_identity() const; 90 const string& get_identity() const;
91 91
92 /** 92 /**
93 * Is identifier supposed to be selected on our side? 93 * Is identifier supposed to be selected on our side?
94 * @return true if identity is a special identifier select URI 94 * @return true if identity is a special identifier select URI
95 */ 95 */
96 bool is_id_select() const; 96 bool is_id_select() const;
97 97
98 /** 98 /**
99 * Select the identity for identifier select request 99 * Select the identity for identifier select request
100 * @param cid claimed identifier 100 * @param cid claimed identifier
101 * @param lid local identifier 101 * @param lid local identifier
102 */ 102 */
103 void select_identity(const string& cid,const string& lid); 103 void select_identity(const string& cid,const string& lid);
104 /** 104 /**
105 * Set claimed identifier (for instance if it's supposed to have 105 * Set claimed identifier (for instance if it's supposed to have
106 * fragment part) 106 * fragment part)
107 * @param cid claimed identifier 107 * @param cid claimed identifier
108 */ 108 */
109 void set_claimed_id(const string& cid); 109 void set_claimed_id(const string& cid);
110 /** 110 /**
111 * @} 111 * @}
112 */ 112 */
113 113
114 /** @name OpenID operations 114 /** @name OpenID operations
115 * @{ 115 * @{
116 */ 116 */
117 /** 117 /**
118 * Establish association with RP 118 * Establish association with RP
119 * @param oum reply message 119 * @param oum reply message
120 * @param inm request message 120 * @param inm request message
121 */ 121 */
122 basic_openid_message& associate( 122 basic_openid_message& associate(
123 basic_openid_message& oum, 123 basic_openid_message& oum,
124 const basic_openid_message& inm); 124 const basic_openid_message& inm);
125 125
126 /** 126 /**
127 * Parse the checkid_* request. The function parses input message, 127 * Parse the checkid_* request. The function parses input message,
128 * retrieves the information needed for further processing, 128 * retrieves the information needed for further processing,
129 * verifies what can be verified at this stage. 129 * verifies what can be verified at this stage.
130 * @param inm incoming OpenID message 130 * @param inm incoming OpenID message
131 * @param ext extension/chain of extensions supported 131 * @param ext extension/chain of extensions supported
132 */ 132 */
133 void checkid_(const basic_openid_message& inm,extension_t *ext=0); 133 void checkid_(const basic_openid_message& inm,extension_t *ext=0);
134 /** 134 /**
135 * Build and sign a positive assertion message 135 * Build and sign a positive assertion message
136 * @param om outpu OpenID message 136 * @param om outpu OpenID message
137 * @param ext extension/chain of extensions supported 137 * @param ext extension/chain of extensions supported
138 * @return reference to om 138 * @return reference to om
139 */ 139 */
140 basic_openid_message& id_res(basic_openid_message& om, 140 basic_openid_message& id_res(basic_openid_message& om,
141 extension_t *ext=0); 141 extension_t *ext=0);
142 /** 142 /**
143 * Build a 'cancel' negative assertion 143 * Build a 'cancel' negative assertion
144 * @param om output OpenID message 144 * @param om output OpenID message
145 * @return reference to om 145 * @return reference to om
146 */ 146 */
147 basic_openid_message& cancel(basic_openid_message& om); 147 basic_openid_message& cancel(basic_openid_message& om);
148 /** 148 /**
149 * Build an 'error' reply 149 * Build an 'error' reply
150 * @param om output OpenID message 150 * @param om output OpenID message
151 * @param error a human-readable message indicating the cause 151 * @param error a human-readable message indicating the cause
152 * @param contact contact address for the server administrator (can be empty) 152 * @param contact contact address for the server administrator (can be empty)
153 * @param reference a reference token (can be empty) 153 * @param reference a reference token (can be empty)
154 * @return reference to om 154 * @return reference to om
155 */ 155 */
156 basic_openid_message& error(basic_openid_message& om, 156 basic_openid_message& error(basic_openid_message& om,
157 const string& error,const string& contact, 157 const string& error,const string& contact,
158 const string& reference ); 158 const string& reference );
159 /** 159 /**
160 * Build a setup_needed reply to checkid_immediate request 160 * Build a setup_needed reply to checkid_immediate request
161 * @param oum output OpenID message 161 * @param oum output OpenID message
162 * @param inm incoming OpenID request being processed 162 * @param inm incoming OpenID request being processed
163 * @return reference to oum 163 * @return reference to oum
164 */ 164 */
165 basic_openid_message& setup_needed( 165 basic_openid_message& setup_needed(
166 basic_openid_message& oum,const basic_openid_message& inm); 166 basic_openid_message& oum,const basic_openid_message& inm);
167 167
168 /** 168 /**
169 * Process check_authentication request 169 * Process check_authentication request
170 * @param oum output OpenID message 170 * @param oum output OpenID message
171 * @param inm incoming request 171 * @param inm incoming request
172 * @return reference to oum 172 * @return reference to oum
173 */ 173 */
174 basic_openid_message& check_authentication( 174 basic_openid_message& check_authentication(
175 basic_openid_message& oum,const basic_openid_message& inm); 175 basic_openid_message& oum,const basic_openid_message& inm);
176 /** 176 /**
177 * @} 177 * @}
178 */ 178 */
179 179
180 /** 180 /**
181 * Verify return_to url. The default implementation checks whether 181 * Verify return_to url. The default implementation checks whether
182 * return_to URI matches the realm 182 * return_to URI matches the realm
183 * @throw bad_realm in case of invalid realm 183 * @throw bad_realm in case of invalid realm
184 * @throw bad_return_to if return_to doesn't match the realm 184 * @throw bad_return_to if return_to doesn't match the realm
185 * @see verify_op::verify_return_to() 185 * @see verify_OP::verify_return_to()
186 */ 186 */
187 virtual void verify_return_to(); 187 virtual void verify_return_to();
188 188
189 /** 189 /**
190 * @name Global persistent store API 190 * @name Global persistent store API
191 * These functions are related to the associations with RPs storage 191 * These functions are related to the associations with RPs storage
192 * and retrieval and nonce management. 192 * and retrieval and nonce management.
193 * @{ 193 * @{
194 */ 194 */
195 /** 195 /**
196 * Allocate association. 196 * Allocate association.
197 * @param type association type 197 * @param type association type
198 * @param kl association key length 198 * @param kl association key length
199 * @param sl true if the association is stateless 199 * @param sl true if the association is stateless
200 * @return association object 200 * @return association object
201 */ 201 */
202 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0; 202 virtual assoc_t alloc_assoc(const string& type,size_t kl,bool sl) = 0;
203 /** 203 /**
204 * Retrieve valid unexpired association 204 * Retrieve valid unexpired association
205 * @param handle association handle 205 * @param handle association handle
206 * @return association object 206 * @return association object
207 */ 207 */
208 virtual assoc_t retrieve_assoc(const string& handle) = 0; 208 virtual assoc_t retrieve_assoc(const string& handle) = 0;
209 /** 209 /**
210 * Allocate nonce. 210 * Allocate nonce.
211 * @param nonce input-output parameter containing timestamp part of 211 * @param nonce input-output parameter containing timestamp part of
212 * the nonce on input 212 * the nonce on input
213 * @param sl true if the nonce is 213 * @param sl true if the nonce is
214 * @return reference to nonce 214 * @return reference to nonce
215 * @throw failed_lookup if no such valid unexpired association 215 * @throw failed_lookup if no such valid unexpired association
216 * could be retrieved 216 * could be retrieved
217 */ 217 */
218 virtual string& alloc_nonce(string& nonce) = 0; 218 virtual string& alloc_nonce(string& nonce) = 0;
219 /** 219 /**
220 * Check nonce validity 220 * Check nonce validity
221 * @param nonce nonce to check 221 * @param nonce nonce to check
222 * @return true if nonce found and isn't yet invalidated 222 * @return true if nonce found and isn't yet invalidated
223 */ 223 */
224 virtual bool check_nonce(const string& nonce) = 0; 224 virtual bool check_nonce(const string& nonce) = 0;
225 /** 225 /**
226 * Invalidate nonce 226 * Invalidate nonce
227 * @param nonce nonce to check 227 * @param nonce nonce to check
228 */ 228 */
229 virtual void invalidate_nonce(const string& nonce) = 0; 229 virtual void invalidate_nonce(const string& nonce) = 0;
230 /** 230 /**
231 * @} 231 * @}
232 */ 232 */
233 233
234 /** 234 /**
235 * @name Site particulars API 235 * @name Site particulars API
236 * @{ 236 * @{
237 */ 237 */
238 /** 238 /**
239 * Query the absolute URL of the op endpoint 239 * Query the absolute URL of the op endpoint
240 * @return fully qualified url of the OP endpoint 240 * @return fully qualified url of the OP endpoint
241 */ 241 */
242 virtual const string get_op_endpoint() const = 0; 242 virtual const string get_op_endpoint() const = 0;
243 /** 243 /**
244 * @} 244 * @}
245 */ 245 */
246 246
247 }; 247 };
248} 248}
249 249
250#endif /* __OPKELE_BASIC_OP_H */ 250#endif /* __OPKELE_BASIC_OP_H */
diff --git a/include/opkele/verify_op.h b/include/opkele/verify_op.h
index 6b94240..9e29bac 100644
--- a/include/opkele/verify_op.h
+++ b/include/opkele/verify_op.h
@@ -1,26 +1,26 @@
1#ifndef __OPKELE_VERIFY_OP_H 1#ifndef __OPKELE_VERIFY_OP_H
2#define __OPKELE_VERIFY_OP_H 2#define __OPKELE_VERIFY_OP_H
3 3
4#include <opkele/basic_op.h> 4#include <opkele/basic_op.h>
5 5
6namespace opkele { 6namespace opkele {
7 7
8 /** 8 /**
9 * The OP implementation that does discovery verification on RP 9 * The OP implementation that does discovery verification on RP
10 */ 10 */
11 class verify_op : public basic_OP { 11 class verify_OP : public basic_OP {
12 public: 12 public:
13 13
14 /** 14 /**
15 * In addition to basic_OP::verify_return_to() functionality this 15 * In addition to basic_OP::verify_return_to() functionality this
16 * implementation does the discovery on RP to see if return_to matches 16 * implementation does the discovery on RP to see if return_to matches
17 * the realm 17 * the realm
18 * @throw bad_return_to in case we fail to discover corresponding 18 * @throw bad_return_to in case we fail to discover corresponding
19 * service endpoint 19 * service endpoint
20 */ 20 */
21 void verify_return_to(); 21 void verify_return_to();
22 }; 22 };
23 23
24} 24}
25 25
26#endif /* __OPKELE_VERIFY_OP_H */ 26#endif /* __OPKELE_VERIFY_OP_H */
diff --git a/lib/verify_op.cc b/lib/verify_op.cc
index 0beca2d..ab21b4f 100644
--- a/lib/verify_op.cc
+++ b/lib/verify_op.cc
@@ -1,53 +1,53 @@
1#include <opkele/verify_op.h> 1#include <opkele/verify_op.h>
2#include <opkele/discovery.h> 2#include <opkele/discovery.h>
3#include <opkele/exception.h> 3#include <opkele/exception.h>
4#include <opkele/util.h> 4#include <opkele/util.h>
5#include <opkele/uris.h> 5#include <opkele/uris.h>
6 6
7namespace opkele { 7namespace opkele {
8 using std::output_iterator_tag; 8 using std::output_iterator_tag;
9 9
10 class __RP_verifier_good_input : public exception { 10 class __RP_verifier_good_input : public exception {
11 public: 11 public:
12 __RP_verifier_good_input(OPKELE_E_PARS) 12 __RP_verifier_good_input(OPKELE_E_PARS)
13 : exception(OPKELE_E_CONS) { } 13 : exception(OPKELE_E_CONS) { }
14 }; 14 };
15 15
16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> { 16 class RP_verifier : public iterator<output_iterator_tag,openid_endpoint_t,void> {
17 public: 17 public:
18 int seen; 18 int seen;
19 const string& return_to; 19 const string& return_to;
20 20
21 RP_verifier(const string& rt) 21 RP_verifier(const string& rt)
22 : return_to(rt), seen(0) { } 22 : return_to(rt), seen(0) { }
23 23
24 RP_verifier& operator*() { return *this; } 24 RP_verifier& operator*() { return *this; }
25 RP_verifier& operator=(const openid_endpoint_t& oep) { 25 RP_verifier& operator=(const openid_endpoint_t& oep) {
26 if(util::uri_matches_realm(return_to,oep.uri)) 26 if(util::uri_matches_realm(return_to,oep.uri))
27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm"); 27 throw __RP_verifier_good_input(OPKELE_CP_ "Found matching realm");
28 return *this; 28 return *this;
29 } 29 }
30 30
31 RP_verifier& operator++() { ++seen; return *this; } 31 RP_verifier& operator++() { ++seen; return *this; }
32 RP_verifier& operator++(int) { +seen; return *this; } 32 RP_verifier& operator++(int) { +seen; return *this; }
33 }; 33 };
34 34
35 void verify_op::verify_return_to() { 35 void verify_OP::verify_return_to() {
36 basic_OP::verify_return_to(); 36 basic_OP::verify_return_to();
37 try { 37 try {
38 RP_verifier rpv(return_to); 38 RP_verifier rpv(return_to);
39 string drealm = realm; 39 string drealm = realm;
40 string::size_type csss = drealm.find("://*."); 40 string::size_type csss = drealm.find("://*.");
41 if(csss==4 || csss==5) 41 if(csss==4 || csss==5)
42 drealm.replace(csss+3,1,"www"); 42 drealm.replace(csss+3,1,"www");
43 const char *rtt[] = { STURI_OPENID20_RT, 0 }; 43 const char *rtt[] = { STURI_OPENID20_RT, 0 };
44 yadiscover(rpv,drealm,rtt,false); 44 yadiscover(rpv,drealm,rtt,false);
45 if(rpv.seen) 45 if(rpv.seen)
46 throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP"); 46 throw bad_return_to(OPKELE_CP_ "return_to URL doesn't match any found while doing discovery on RP");
47 }catch(__RP_verifier_good_input&) { 47 }catch(__RP_verifier_good_input&) {
48 }catch(bad_return_to& brt) { 48 }catch(bad_return_to& brt) {
49 throw; 49 throw;
50 }catch(exception_network&) { } 50 }catch(exception_network&) { }
51 } 51 }
52 52
53} 53}
diff --git a/test/OP.cc b/test/OP.cc
index ce54d92..851d831 100644
--- a/test/OP.cc
+++ b/test/OP.cc
@@ -1,247 +1,247 @@
1#include <uuid/uuid.h> 1#include <uuid/uuid.h>
2#include <iostream> 2#include <iostream>
3#include <cassert> 3#include <cassert>
4#include <string> 4#include <string>
5#include <ext/algorithm> 5#include <ext/algorithm>
6using namespace std; 6using namespace std;
7#include <kingate/exception.h> 7#include <kingate/exception.h>
8#include <kingate/plaincgi.h> 8#include <kingate/plaincgi.h>
9#include <kingate/cgi_gateway.h> 9#include <kingate/cgi_gateway.h>
10#include <opkele/exception.h> 10#include <opkele/exception.h>
11#include <opkele/util.h> 11#include <opkele/util.h>
12#include <opkele/uris.h> 12#include <opkele/uris.h>
13#include <opkele/extension.h> 13#include <opkele/extension.h>
14#include <opkele/association.h> 14#include <opkele/association.h>
15#include <opkele/debug.h> 15#include <opkele/debug.h>
16#include <opkele/verify_op.h> 16#include <opkele/verify_op.h>
17#include <opkele/sreg.h> 17#include <opkele/sreg.h>
18 18
19#include "sqlite.h" 19#include "sqlite.h"
20#include "kingate_openid_message.h" 20#include "kingate_openid_message.h"
21 21
22static const string get_self_url(const kingate::cgi_gateway& gw) { 22static const string get_self_url(const kingate::cgi_gateway& gw) {
23 bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); 23 bool s = gw.has_meta("SSL_PROTOCOL_VERSION");
24 string rv = s?"https://":"http://"; 24 string rv = s?"https://":"http://";
25 rv += gw.http_request_header("Host"); 25 rv += gw.http_request_header("Host");
26 const string& port = gw.get_meta("SERVER_PORT"); 26 const string& port = gw.get_meta("SERVER_PORT");
27 if( port!=(s?"443":"80") ) { 27 if( port!=(s?"443":"80") ) {
28 rv += ':'; rv += port; 28 rv += ':'; rv += port;
29 } 29 }
30 rv += gw.get_meta("REQUEST_URI"); 30 rv += gw.get_meta("REQUEST_URI");
31 string::size_type q = rv.find('?'); 31 string::size_type q = rv.find('?');
32 if(q!=string::npos) 32 if(q!=string::npos)
33 rv.erase(q); 33 rv.erase(q);
34 return rv; 34 return rv;
35} 35}
36 36
37class opdb_t : public sqlite3_t { 37class opdb_t : public sqlite3_t {
38 public: 38 public:
39 opdb_t() 39 opdb_t()
40 : sqlite3_t("/tmp/OP.db") { 40 : sqlite3_t("/tmp/OP.db") {
41 assert(_D); 41 assert(_D);
42 char **resp; int nr,nc; char *errm; 42 char **resp; int nr,nc; char *errm;
43 if(sqlite3_get_table( 43 if(sqlite3_get_table(
44 _D, "SELECT a_op FROM assoc LIMIT 0", 44 _D, "SELECT a_op FROM assoc LIMIT 0",
45 &resp,&nr,&nc,&errm)!=SQLITE_OK) { 45 &resp,&nr,&nc,&errm)!=SQLITE_OK) {
46 extern const char *__OP_db_bootstrap; 46 extern const char *__OP_db_bootstrap;
47 DOUT_("Bootstrapping DB"); 47 DOUT_("Bootstrapping DB");
48 if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) 48 if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK)
49 throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); 49 throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm);
50 }else 50 }else
51 sqlite3_free_table(resp); 51 sqlite3_free_table(resp);
52 } 52 }
53}; 53};
54 54
55class example_op_t : public opkele::verify_op { 55class example_op_t : public opkele::verify_OP {
56 public: 56 public:
57 kingate::cgi_gateway& gw; 57 kingate::cgi_gateway& gw;
58 opdb_t db; 58 opdb_t db;
59 kingate::cookie htc; 59 kingate::cookie htc;
60 60
61 61
62 example_op_t(kingate::cgi_gateway& gw) 62 example_op_t(kingate::cgi_gateway& gw)
63 : gw(gw) { 63 : gw(gw) {
64 try { 64 try {
65 htc = gw.cookies.get_cookie("htop_session"); 65 htc = gw.cookies.get_cookie("htop_session");
66 sqlite3_mem_t<char*> S = sqlite3_mprintf( 66 sqlite3_mem_t<char*> S = sqlite3_mprintf(
67 "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", 67 "SELECT 1 FROM ht_sessions WHERE hts_id=%Q",
68 htc.get_value().c_str()); 68 htc.get_value().c_str());
69 sqlite3_table_t T; int nr,nc; 69 sqlite3_table_t T; int nr,nc;
70 db.get_table(S,T,&nr,&nc); 70 db.get_table(S,T,&nr,&nc);
71 if(nr<1) 71 if(nr<1)
72 throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); 72 throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation");
73 }catch(kingate::exception_notfound& kenf) { 73 }catch(kingate::exception_notfound& kenf) {
74 uuid_t uuid; uuid_generate(uuid); 74 uuid_t uuid; uuid_generate(uuid);
75 htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); 75 htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid)));
76 sqlite3_mem_t<char*> S = sqlite3_mprintf( 76 sqlite3_mem_t<char*> S = sqlite3_mprintf(
77 "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", 77 "INSERT INTO ht_sessions (hts_id) VALUES (%Q)",
78 htc.get_value().c_str()); 78 htc.get_value().c_str());
79 db.exec(S); 79 db.exec(S);
80 } 80 }
81 } 81 }
82 82
83 void set_authorized(bool a) { 83 void set_authorized(bool a) {
84 sqlite3_mem_t<char*> 84 sqlite3_mem_t<char*>
85 S = sqlite3_mprintf( 85 S = sqlite3_mprintf(
86 "UPDATE ht_sessions" 86 "UPDATE ht_sessions"
87 " SET authorized=%d" 87 " SET authorized=%d"
88 " WHERE hts_id=%Q", 88 " WHERE hts_id=%Q",
89 (int)a,htc.get_value().c_str()); 89 (int)a,htc.get_value().c_str());
90 db.exec(S); 90 db.exec(S);
91 } 91 }
92 bool get_authorized() { 92 bool get_authorized() {
93 sqlite3_mem_t<char*> 93 sqlite3_mem_t<char*>
94 S = sqlite3_mprintf( 94 S = sqlite3_mprintf(
95 "SELECT authorized" 95 "SELECT authorized"
96 " FROM ht_sessions" 96 " FROM ht_sessions"
97 " WHERE hts_id=%Q", 97 " WHERE hts_id=%Q",
98 htc.get_value().c_str()); 98 htc.get_value().c_str());
99 sqlite3_table_t T; int nr,nc; 99 sqlite3_table_t T; int nr,nc;
100 db.get_table(S,T,&nr,&nc); 100 db.get_table(S,T,&nr,&nc);
101 assert(nr==1); assert(nc=1); 101 assert(nr==1); assert(nc=1);
102 return opkele::util::string_to_long(T.get(1,0,nc)); 102 return opkele::util::string_to_long(T.get(1,0,nc));
103 } 103 }
104 104
105 ostream& cookie_header(ostream& o) const { 105 ostream& cookie_header(ostream& o) const {
106 o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; 106 o << "Set-Cookie: " << htc.set_cookie_header() << "\n";
107 return o; 107 return o;
108 } 108 }
109 109
110 opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { 110 opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) {
111 uuid_t uuid; uuid_generate(uuid); 111 uuid_t uuid; uuid_generate(uuid);
112 string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); 112 string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid));
113 opkele::secret_t a_secret; 113 opkele::secret_t a_secret;
114 generate_n( 114 generate_n(
115 back_insert_iterator<opkele::secret_t>(a_secret),klength, 115 back_insert_iterator<opkele::secret_t>(a_secret),klength,
116 rand ); 116 rand );
117 string ssecret; a_secret.to_base64(ssecret); 117 string ssecret; a_secret.to_base64(ssecret);
118 time_t now = time(0); 118 time_t now = time(0);
119 int expires_in = sl?3600*2:3600*24*7*2; 119 int expires_in = sl?3600*2:3600*24*7*2;
120 sqlite3_mem_t<char*> 120 sqlite3_mem_t<char*>
121 S = sqlite3_mprintf( 121 S = sqlite3_mprintf(
122 "INSERT INTO assoc" 122 "INSERT INTO assoc"
123 " (a_handle,a_type,a_ctime,a_etime,a_secret,a_stateless)" 123 " (a_handle,a_type,a_ctime,a_etime,a_secret,a_stateless)"
124 " VALUES (" 124 " VALUES ("
125 " %Q,%Q,datetime('now')," 125 " %Q,%Q,datetime('now'),"
126 " datetime('now','+%d seconds')," 126 " datetime('now','+%d seconds'),"
127 " %Q,%d );", 127 " %Q,%d );",
128 a_handle.c_str(), type.c_str(), 128 a_handle.c_str(), type.c_str(),
129 expires_in, 129 expires_in,
130 ssecret.c_str(), sl ); 130 ssecret.c_str(), sl );
131 db.exec(S); 131 db.exec(S);
132 return opkele::assoc_t(new opkele::association( 132 return opkele::assoc_t(new opkele::association(
133 "", 133 "",
134 a_handle, type, a_secret, 134 a_handle, type, a_secret,
135 now+expires_in, sl )); 135 now+expires_in, sl ));
136 } 136 }
137 137
138 opkele::assoc_t retrieve_assoc(const string& h) { 138 opkele::assoc_t retrieve_assoc(const string& h) {
139 sqlite3_mem_t<char*> 139 sqlite3_mem_t<char*>
140 S = sqlite3_mprintf( 140 S = sqlite3_mprintf(
141 "SELECT" 141 "SELECT"
142 " a_handle,a_type,a_secret,a_stateless," 142 " a_handle,a_type,a_secret,a_stateless,"
143 " strftime('%%s',a_etime) AS a_etime," 143 " strftime('%%s',a_etime) AS a_etime,"
144 " a_itime" 144 " a_itime"
145 " FROM assoc" 145 " FROM assoc"
146 " WHERE a_handle=%Q AND a_itime IS NULL" 146 " WHERE a_handle=%Q AND a_itime IS NULL"
147 " AND datetime('now') < a_etime" 147 " AND datetime('now') < a_etime"
148 " LIMIT 1", 148 " LIMIT 1",
149 h.c_str() ); 149 h.c_str() );
150 sqlite3_table_t T; 150 sqlite3_table_t T;
151 int nr,nc; 151 int nr,nc;
152 db.get_table(S,T,&nr,&nc); 152 db.get_table(S,T,&nr,&nc);
153 if(nr<1) 153 if(nr<1)
154 throw opkele::failed_lookup(OPKELE_CP_ 154 throw opkele::failed_lookup(OPKELE_CP_
155 "couldn't retrieve valid unexpired assoc"); 155 "couldn't retrieve valid unexpired assoc");
156 assert(nr==1); assert(nc==6); 156 assert(nr==1); assert(nc==6);
157 opkele::secret_t secret; opkele::util::decode_base64(T.get(1,2,nc),secret); 157 opkele::secret_t secret; opkele::util::decode_base64(T.get(1,2,nc),secret);
158 return opkele::assoc_t(new opkele::association( 158 return opkele::assoc_t(new opkele::association(
159 "", h, T.get(1,1,nc), secret, 159 "", h, T.get(1,1,nc), secret,
160 strtol(T.get(1,4,nc),0,0), 160 strtol(T.get(1,4,nc),0,0),
161 strtol(T.get(1,3,nc),0,0) )); 161 strtol(T.get(1,3,nc),0,0) ));
162 } 162 }
163 163
164 string& alloc_nonce(string& nonce) { 164 string& alloc_nonce(string& nonce) {
165 uuid_t uuid; uuid_generate(uuid); 165 uuid_t uuid; uuid_generate(uuid);
166 nonce += opkele::util::encode_base64(uuid,sizeof(uuid)); 166 nonce += opkele::util::encode_base64(uuid,sizeof(uuid));
167 sqlite3_mem_t<char*> 167 sqlite3_mem_t<char*>
168 S = sqlite3_mprintf( 168 S = sqlite3_mprintf(
169 "INSERT INTO nonces" 169 "INSERT INTO nonces"
170 " (n_once) VALUES (%Q)", 170 " (n_once) VALUES (%Q)",
171 nonce.c_str() ); 171 nonce.c_str() );
172 db.exec(S); 172 db.exec(S);
173 return nonce; 173 return nonce;
174 } 174 }
175 bool check_nonce(const string& nonce) { 175 bool check_nonce(const string& nonce) {
176 sqlite3_mem_t<char*> 176 sqlite3_mem_t<char*>
177 S = sqlite3_mprintf( 177 S = sqlite3_mprintf(
178 "SELECT 1" 178 "SELECT 1"
179 " FROM nonces" 179 " FROM nonces"
180 " WHERE n_once=%Q AND n_itime IS NULL", 180 " WHERE n_once=%Q AND n_itime IS NULL",
181 nonce.c_str()); 181 nonce.c_str());
182 sqlite3_table_t T; 182 sqlite3_table_t T;
183 int nr,nc; 183 int nr,nc;
184 db.get_table(S,T,&nr,&nc); 184 db.get_table(S,T,&nr,&nc);
185 return nr>=1; 185 return nr>=1;
186 } 186 }
187 void invalidate_nonce(const string& nonce) { 187 void invalidate_nonce(const string& nonce) {
188 sqlite3_mem_t<char*> 188 sqlite3_mem_t<char*>
189 S = sqlite3_mprintf( 189 S = sqlite3_mprintf(
190 "UPDATE nonces" 190 "UPDATE nonces"
191 " SET n_itime=datetime('now')" 191 " SET n_itime=datetime('now')"
192 " WHERE n_once=%Q", 192 " WHERE n_once=%Q",
193 nonce.c_str()); 193 nonce.c_str());
194 db.exec(S); 194 db.exec(S);
195 } 195 }
196 196
197 const string get_op_endpoint() const { 197 const string get_op_endpoint() const {
198 return get_self_url(gw); 198 return get_self_url(gw);
199 } 199 }
200 200
201}; 201};
202 202
203int main(int argc,char *argv[]) { 203int main(int argc,char *argv[]) {
204 try { 204 try {
205 kingate::plaincgi_interface ci; 205 kingate::plaincgi_interface ci;
206 kingate::cgi_gateway gw(ci); 206 kingate::cgi_gateway gw(ci);
207 string op; 207 string op;
208 try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } 208 try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { }
209 string message; 209 string message;
210 if(op=="set_password") { 210 if(op=="set_password") {
211 example_op_t OP(gw); 211 example_op_t OP(gw);
212 string password = gw.get_param("password"); 212 string password = gw.get_param("password");
213 sqlite3_mem_t<char*> 213 sqlite3_mem_t<char*>
214 Sget = sqlite3_mprintf("SELECT s_password FROM setup LIMIT 1"); 214 Sget = sqlite3_mprintf("SELECT s_password FROM setup LIMIT 1");
215 sqlite3_table_t T; int nr,nc; 215 sqlite3_table_t T; int nr,nc;
216 OP.db.get_table(Sget,T,&nr,&nc); 216 OP.db.get_table(Sget,T,&nr,&nc);
217 if(nr>=1) 217 if(nr>=1)
218 throw opkele::exception(OPKELE_CP_ "Password already set"); 218 throw opkele::exception(OPKELE_CP_ "Password already set");
219 sqlite3_mem_t<char*> 219 sqlite3_mem_t<char*>
220 Sset = sqlite3_mprintf( 220 Sset = sqlite3_mprintf(
221 "INSERT INTO setup (s_password) VALUES (%Q)", 221 "INSERT INTO setup (s_password) VALUES (%Q)",
222 password.c_str()); 222 password.c_str());
223 OP.db.exec(Sset); 223 OP.db.exec(Sset);
224 op.clear(); 224 op.clear();
225 message = "password set"; 225 message = "password set";
226 }else if(op=="login") { 226 }else if(op=="login") {
227 example_op_t OP(gw); 227 example_op_t OP(gw);
228 string password = gw.get_param("password"); 228 string password = gw.get_param("password");
229 sqlite3_mem_t<char*> 229 sqlite3_mem_t<char*>
230 Sget = sqlite3_mprintf("SELECT s_password FROM setup LIMIT 1"); 230 Sget = sqlite3_mprintf("SELECT s_password FROM setup LIMIT 1");
231 sqlite3_table_t T; int nr,nc; 231 sqlite3_table_t T; int nr,nc;
232 OP.db.get_table(Sget,T,&nr,&nc); 232 OP.db.get_table(Sget,T,&nr,&nc);
233 if(nr<1) 233 if(nr<1)
234 throw opkele::exception(OPKELE_CP_ "no password set"); 234 throw opkele::exception(OPKELE_CP_ "no password set");
235 if(password!=T.get(1,0,nc)) 235 if(password!=T.get(1,0,nc))
236 throw opkele::exception(OPKELE_CP_ "wrong password"); 236 throw opkele::exception(OPKELE_CP_ "wrong password");
237 OP.set_authorized(true); 237 OP.set_authorized(true);
238 op.clear(); 238 op.clear();
239 message = "logged in"; 239 message = "logged in";
240 OP.cookie_header(cout); 240 OP.cookie_header(cout);
241 }else if(op=="logout") { 241 }else if(op=="logout") {
242 example_op_t OP(gw); 242 example_op_t OP(gw);
243 OP.set_authorized(false); 243 OP.set_authorized(false);
244 op.clear(); 244 op.clear();
245 message = "logged out"; 245 message = "logged out";
246 } 246 }
247 string om; 247 string om;