| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | test/OP.cc | 6 |
2 files changed, 6 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index e636253..606e644 100644 --- a/configure.ac +++ b/configure.ac @@ -1,207 +1,208 @@ AC_INIT([libopkele], [2.0.4], [libopkele-bugs@klever.net]) AC_CONFIG_SRCDIR([include/opkele/opkele-config.h]) AC_CONFIG_HEADERS([config.h include/opkele/acconfig.h]) AC_CONFIG_MACRO_DIR([aclocal.d]) AC_CONFIG_AUX_DIR([aux.d]) AM_INIT_AUTOMAKE([dist-bzip2]) AC_PROG_INSTALL AC_PROG_CXX AC_PROG_CC AC_PROG_LIBTOOL PKG_PROG_PKG_CONFIG AC_HEADER_STDC AC_CHECK_FUNCS([timegm]) +AC_CHECK_HEADERS([ext/algorithm.h]) AC_PATH_PROG([XSLTPROC],[xsltproc],[true]) AC_MSG_CHECKING([for source tree version]) if headrev=$(cd $srcdir && git rev-parse --verify HEAD 2>/dev/null) ; then PACKAGE_SRC_VERSION="$(cd $srcdir && git describe --tags $headrev)" test "$PACKAGE_SRC_VERSION" = "$PACKAGE_VERSION" \ -o "${PACKAGE_SRC_VERSION#${PACKAGE_VERSION}-}" != "$PACKAGE_SRC_VERSION" || PACKAGE_SRC_VERSION="${PACKAGE_VERSION}:${PACKAGE_SRC_VERSION}" ( cd $srcdir && git diff-index $headrev | read dirt ) && PACKAGE_SRC_VERSION="${PACKAGE_SRC_VERSION}-dirty" else PACKAGE_SRC_VERSION="$PACKAGE_VERSION" fi AC_MSG_RESULT([$PACKAGE_SRC_VERSION]) AC_SUBST([PACKAGE_SRC_VERSION]) AC_DEFINE_UNQUOTED([PACKAGE_SRC_VERSION],["$PACKAGE_SRC_VERSION"],[more or less precise source tree version]) tr1_mem_std="false" tr1_mem_boost="false" AC_CHECK_SHAREDPTR(std::tr1,tr1/memory,[ tr1_mem_std=true ]) AC_CHECK_SHAREDPTR(boost,boost/shared_ptr.hpp,[ tr1_mem_boost=true ]) tr1_mem="" AC_ARG_WITH([tr1-memory], AC_HELP_STRING([--with-tr1-memory=<boost|std>],[select tr1/memory (shared_ptr<>) implementation to use]), [ tr1_mem="$withval" ] ) AC_MSG_CHECKING([for tr1/memory implementation to use]) test -z "$tr1_mem" && $tr1_mem_std && tr1_mem=std test -z "$tr1_mem" && $tr1_mem_boost && tr1_mem=boost if test -z "$tr1_mem" ; then AC_MSG_RESULT([none found]) else AC_MSG_RESULT([$tr1_mem]) fi case "$tr1_mem" in std) $tr1_mem_std || AC_MSG_ERROR([std implementation requested, but not found]) OPKELE_TR1_MEM_NS=std::tr1 OPKELE_TR1_MEM_HEADER=tr1/memory ;; boost) $tr1_mem_boost || AC_MSG_ERROR([boost implementation requested, but not found]) OPKELE_TR1_MEM_NS=boost OPKELE_TR1_MEM_HEADER=boost/shared_ptr.hpp ;; *) AC_MSG_ERROR([no shared_ptr<> implementation found]) ;; esac AC_SUBST([OPKELE_TR1_MEM_NS]) AC_SUBST([OPKELE_TR1_MEM_HEADER]) AC_MSG_CHECKING([for deprecated attribute support]) AC_COMPILE_IFELSE([ int __attribute__((deprecated)) deprecated_function(); ],[ AC_MSG_RESULT([yes]) AC_DEFINE([OPKELE_DEPRECATE],[__attribute__((deprecated))],[deprecated function attribute]) ],[ AC_MSG_RESULT([no]) AC_DEFINE([OPKELE_DEPRECATE],,[deprecated function attribute]) ] ) AC_LANG_PUSH([C++]) AC_MSG_CHECKING([for abi::__cxa_demangle]) AC_COMPILE_IFELSE([ #include <typeinfo> using namespace std; #include <cxxabi.h> int main(int c,char **v) { int dstat; char *demangled = abi::__cxa_demangle(typeid(dstat).name(),0,0,&dstat); return 0; } ],[ AC_MSG_RESULT([yes]) AC_DEFINE([HAVE_DEMANGLE],,[defined if abi::__cxa_demangle is available]) ],[ AC_MSG_RESULT([no]) ] ) AC_LANG_POP([C++]) PKG_CHECK_MODULES([OPENSSL],[openssl],,[ AC_MSG_ERROR([no openssl library found. get one from http://www.openssl.org/]) ]) WANT_KONFORKA="yes" AC_ARG_ENABLE([konforka], AC_HELP_STRING([--disable-konforka],[do not use konforka library (default: use if found)]), [ test "${enableval}" = "no" && WANT_KONFORKA="no" ] ) if test "${WANT_KONFORKA}" = "yes" ; then PKG_CHECK_MODULES([KONFORKA],[konforka],[ AC_SUBST([KONFORKA_CFLAGS]) AC_SUBST([KONFORKA_LIBS]) AC_DEFINE([HAVE_KONFORKA],,[defined in presence of konforka library]) AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library]) AC_SUBST([KONFORKA_KONFORKA],[konforka]) ],[true]) fi WANT_DOXYGEN="yes" AC_ARG_ENABLE([doxygen], AC_HELP_STRING([--disable-doxygen],[do not generate documentation]), [ test "${enableval}" = "no" && WANT_DOXYGEN="no" ] ) if test "${WANT_DOXYGEN}" = "yes" ; then AC_WITH_DOXYGEN AC_WITH_DOT else AM_CONDITIONAL([HAVE_DOXYGEN],[false]) AM_CONDITIONAL([HAVE_DOT],[false]) fi LIBCURL_CHECK_CONFIG(,,,[ AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/]) ]) AC_CHECK_HEADER([expat.h],[ AC_CHECK_LIB([expat],[XML_ParserCreate],[ EXPAT_LIBS=-lexpat EXPAT_CFLAGS= AC_SUBST([EXPAT_LIBS]) AC_SUBST([EXPAT_CFLAGS]) ],[ AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/]) ]) ],[ AC_MSG_ERROR([no required expat library. get one from http://expat.sourceforge.net/]) ]) AC_CHECK_HEADERS([tidy.h tidy/tidy.h],[ test -z "$TIDY_LIBS" && AC_CHECK_LIB([tidy],[tidyParseBuffer],[ TIDY_LIBS=-ltidy TIDY_CFLAGS= AC_SUBST([TIDY_LIBS]) AC_SUBST([TIDY_CFLAGS]) ],[ AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/]) ]) ],[ test -z "$TIDY_LIBS" -a "$ac_header" = "tidy/tidy.h" \ && AC_MSG_ERROR([no required htmltidy library found. get one from http://tidy.sourceforge.net/]) ]) PKG_CHECK_MODULES([SQLITE3],[sqlite3],[have_sqlite3=true],[have_sqlite3=false]) AM_CONDITIONAL([HAVE_SQLITE3],[$have_sqlite3]) PKG_CHECK_MODULES([KINGATE],[kingate-plaincgi],[have_kingate=true],[have_kingate=false]) AM_CONDITIONAL([HAVE_KINGATE],[$have_kingate]) PKG_CHECK_MODULES([UUID],[uuid],[have_uuid=true],[have_uuid=false]) AM_CONDITIONAL([HAVE_UUID],[$have_uuid]) if $have_uuid ; then AC_DEFINE([HAVE_LIBUUID],,[defined in presence of libuuid]) AC_SUBST([UUID_UUID],[uuid]) fi curl_ssl_verify_host="true" AC_ARG_ENABLE([ssl-verify-host], AC_HELP_STRING([--disable-ssl-verify-host],[disable cURL cert/host relationships verification]), [ test "${enableval}" = "no" && curl_ssl_verify_host="false" ] ) ${curl_ssl_verify_host} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYHOST],,[defined if cURL is not to verify cert/host]) curl_ssl_verify_peer="true" AC_ARG_ENABLE([ssl-verify-peer], AC_HELP_STRING([--disable-ssl-verify-peer],[disable cURL cert validity verification]), [ test "${enableval}" = "no" && curl_ssl_verify_peer="false" ] ) ${curl_ssl_verify_peer} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYPEER],,[defined if cURL is not to verify cert validity]) postels_law=true AC_ARG_ENABLE([postels-law], AC_HELP_STRING([--disable-postels-law],[Be strict, do not adhere to Postel's Law ("be conservative in what you do, be liberal in what you accept from others", RFC 793)]), [ test "${enableval}" = "no" && postels_law=false ] ) $postels_law && AC_DEFINE([POSTELS_LAW],,[defined if we want to adhere to Postel's Law]) AC_DEFINE_UNQUOTED([OPKELE_SRC_DIR],["$PWD"],[source directory]) nitpick=false AC_ARG_ENABLE([nitpicking], AC_HELP_STRING([--enable-nitpicking],[make compiler somewhat overly fastidious about the code it deals with]), [ test "$enableval" = "no" || nitpick=true ] ) @@ -1,210 +1,214 @@ #include <uuid/uuid.h> #include <iostream> #include <cassert> #include <string> -#include <ext/algorithm> using namespace std; #include <kingate/exception.h> #include <kingate/plaincgi.h> #include <kingate/cgi_gateway.h> #include <opkele/exception.h> #include <opkele/util.h> #include <opkele/uris.h> #include <opkele/extension.h> #include <opkele/association.h> #include <opkele/debug.h> #include <opkele/verify_op.h> #include <opkele/sreg.h> +#include "config.h" +#ifdef HAVE_EXT_ALGORITHM_H +# include <ext/algorithm> +#endif + #include "sqlite.h" #include "kingate_openid_message.h" static const string get_self_url(const kingate::cgi_gateway& gw) { bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); string rv = s?"https://":"http://"; rv += gw.http_request_header("Host"); const string& port = gw.get_meta("SERVER_PORT"); if( port!=(s?"443":"80") ) { rv += ':'; rv += port; } rv += gw.get_meta("REQUEST_URI"); string::size_type q = rv.find('?'); if(q!=string::npos) rv.erase(q); return rv; } class opdb_t : public sqlite3_t { public: opdb_t() : sqlite3_t("/tmp/OP.db") { assert(_D); char **resp; int nr,nc; char *errm; if(sqlite3_get_table( _D, "SELECT a_op FROM assoc LIMIT 0", &resp,&nr,&nc,&errm)!=SQLITE_OK) { extern const char *__OP_db_bootstrap; DOUT_("Bootstrapping DB"); if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); }else sqlite3_free_table(resp); } }; class example_op_t : public opkele::verify_OP { public: kingate::cgi_gateway& gw; opdb_t db; kingate::cookie htc; example_op_t(kingate::cgi_gateway& g) : gw(g) { try { htc = gw.cookies.get_cookie("htop_session"); sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", htc.get_value().c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); if(nr<1) throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); }catch(kingate::exception_notfound& kenf) { uuid_t uuid; uuid_generate(uuid); htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); sqlite3_mem_t<char*> S = sqlite3_mprintf( "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", htc.get_value().c_str()); db.exec(S); } } void set_authorized(bool a) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "UPDATE ht_sessions" " SET authorized=%d" " WHERE hts_id=%Q", (int)a,htc.get_value().c_str()); db.exec(S); } bool get_authorized() { sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT authorized" " FROM ht_sessions" " WHERE hts_id=%Q", htc.get_value().c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); assert(nr==1); assert(nc=1); return opkele::util::string_to_long(T.get(1,0,nc)); } ostream& cookie_header(ostream& o) const { o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; return o; } opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { uuid_t uuid; uuid_generate(uuid); string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); opkele::secret_t a_secret; generate_n( back_insert_iterator<opkele::secret_t>(a_secret),klength, rand ); string ssecret; a_secret.to_base64(ssecret); time_t now = time(0); int expires_in = sl?3600*2:3600*24*7*2; sqlite3_mem_t<char*> S = sqlite3_mprintf( "INSERT INTO assoc" " (a_handle,a_type,a_ctime,a_etime,a_secret,a_stateless)" " VALUES (" " %Q,%Q,datetime('now')," " datetime('now','+%d seconds')," " %Q,%d );", a_handle.c_str(), type.c_str(), expires_in, ssecret.c_str(), sl ); db.exec(S); return opkele::assoc_t(new opkele::association( "", a_handle, type, a_secret, now+expires_in, sl )); } opkele::assoc_t retrieve_assoc(const string& h) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT" " a_handle,a_type,a_secret,a_stateless," " strftime('%%s',a_etime) AS a_etime," " a_itime" " FROM assoc" " WHERE a_handle=%Q AND a_itime IS NULL" " AND datetime('now') < a_etime" " LIMIT 1", h.c_str() ); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); if(nr<1) throw opkele::failed_lookup(OPKELE_CP_ "couldn't retrieve valid unexpired assoc"); assert(nr==1); assert(nc==6); opkele::secret_t secret; opkele::util::decode_base64(T.get(1,2,nc),secret); return opkele::assoc_t(new opkele::association( "", h, T.get(1,1,nc), secret, strtol(T.get(1,4,nc),0,0), strtol(T.get(1,3,nc),0,0) )); } string& alloc_nonce(string& nonce) { uuid_t uuid; uuid_generate(uuid); nonce += opkele::util::encode_base64(uuid,sizeof(uuid)); sqlite3_mem_t<char*> S = sqlite3_mprintf( "INSERT INTO nonces" " (n_once) VALUES (%Q)", nonce.c_str() ); db.exec(S); return nonce; } bool check_nonce(const string& nonce) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "SELECT 1" " FROM nonces" " WHERE n_once=%Q AND n_itime IS NULL", nonce.c_str()); sqlite3_table_t T; int nr,nc; db.get_table(S,T,&nr,&nc); return nr>=1; } void invalidate_nonce(const string& nonce) { sqlite3_mem_t<char*> S = sqlite3_mprintf( "UPDATE nonces" " SET n_itime=datetime('now')" " WHERE n_once=%Q", nonce.c_str()); db.exec(S); } const string get_op_endpoint() const { return get_self_url(gw); } }; int main(int,char **) { try { kingate::plaincgi_interface ci; kingate::cgi_gateway gw(ci); string op; try { op = gw.get_param("op"); }catch(kingate::exception_notfound&) { } string message; if(op=="set_password") { |