-rw-r--r-- | configure.ac | 14 | ||||
-rw-r--r-- | lib/consumer.cc | 6 |
2 files changed, 20 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index fd50721..8397914 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -16,56 +16,70 @@ AC_WITH_PKGCONFIG | |||
16 | PKG_CHECK_MODULES([OPENSSL],[openssl],,[ | 16 | PKG_CHECK_MODULES([OPENSSL],[openssl],,[ |
17 | AC_MSG_ERROR([no openssl library found. get one from http://www.openssl.org/]) | 17 | AC_MSG_ERROR([no openssl library found. get one from http://www.openssl.org/]) |
18 | ]) | 18 | ]) |
19 | 19 | ||
20 | WANT_KONFORKA="yes" | 20 | WANT_KONFORKA="yes" |
21 | AC_ARG_ENABLE([konforka], | 21 | AC_ARG_ENABLE([konforka], |
22 | AC_HELP_STRING([--disable-konforka],[do not use konforka library (default: use if found)]), | 22 | AC_HELP_STRING([--disable-konforka],[do not use konforka library (default: use if found)]), |
23 | [ | 23 | [ |
24 | test "${enableval}" = "no" && WANT_KONFORKA="no" | 24 | test "${enableval}" = "no" && WANT_KONFORKA="no" |
25 | ] | 25 | ] |
26 | ) | 26 | ) |
27 | if test "${WANT_KONFORKA}" = "yes" ; then | 27 | if test "${WANT_KONFORKA}" = "yes" ; then |
28 | PKG_CHECK_MODULES([KONFORKA],[konforka],[ | 28 | PKG_CHECK_MODULES([KONFORKA],[konforka],[ |
29 | AC_SUBST([KONFORKA_CFLAGS]) | 29 | AC_SUBST([KONFORKA_CFLAGS]) |
30 | AC_SUBST([KONFORKA_LIBS]) | 30 | AC_SUBST([KONFORKA_LIBS]) |
31 | AC_DEFINE([HAVE_KONFORKA],,[defined in presence of konforka library]) | 31 | AC_DEFINE([HAVE_KONFORKA],,[defined in presence of konforka library]) |
32 | AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library]) | 32 | AC_DEFINE([OPKELE_HAVE_KONFORKA],,[defined in presence of konforka library]) |
33 | AC_SUBST([KONFORKA_KONFORKA],[konforka]) | 33 | AC_SUBST([KONFORKA_KONFORKA],[konforka]) |
34 | ],[true]) | 34 | ],[true]) |
35 | fi | 35 | fi |
36 | 36 | ||
37 | WANT_DOXYGEN="yes" | 37 | WANT_DOXYGEN="yes" |
38 | AC_ARG_ENABLE([doxygen], | 38 | AC_ARG_ENABLE([doxygen], |
39 | AC_HELP_STRING([--disable-doxygen],[do not generate documentation]), | 39 | AC_HELP_STRING([--disable-doxygen],[do not generate documentation]), |
40 | [ | 40 | [ |
41 | test "${enableval}" = "no" && WANT_DOXYGEN="no" | 41 | test "${enableval}" = "no" && WANT_DOXYGEN="no" |
42 | ] | 42 | ] |
43 | ) | 43 | ) |
44 | if test "${WANT_DOXYGEN}" = "yes" ; then | 44 | if test "${WANT_DOXYGEN}" = "yes" ; then |
45 | AC_WITH_DOXYGEN | 45 | AC_WITH_DOXYGEN |
46 | AC_WITH_DOT | 46 | AC_WITH_DOT |
47 | else | 47 | else |
48 | AM_CONDITIONAL([HAVE_DOXYGEN],[false]) | 48 | AM_CONDITIONAL([HAVE_DOXYGEN],[false]) |
49 | AM_CONDITIONAL([HAVE_DOT],[false]) | 49 | AM_CONDITIONAL([HAVE_DOT],[false]) |
50 | fi | 50 | fi |
51 | 51 | ||
52 | LIBCURL_CHECK_CONFIG(,,,[ | 52 | LIBCURL_CHECK_CONFIG(,,,[ |
53 | AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/]) | 53 | AC_MSG_ERROR([no required libcurl library. get one from http://curl.haxx.se/]) |
54 | ]) | 54 | ]) |
55 | AC_WITH_PCRE([ | 55 | AC_WITH_PCRE([ |
56 | AC_WITH_PCREPP(,[ | 56 | AC_WITH_PCREPP(,[ |
57 | AC_MSG_ERROR([no pcre++ library found. get one at http://www.daemon.de/PCRE]) | 57 | AC_MSG_ERROR([no pcre++ library found. get one at http://www.daemon.de/PCRE]) |
58 | ]) | 58 | ]) |
59 | ],[ | 59 | ],[ |
60 | AC_MSG_ERROR([no pcre library found. get one at http://www.pcre.org/]) | 60 | AC_MSG_ERROR([no pcre library found. get one at http://www.pcre.org/]) |
61 | ] | 61 | ] |
62 | ) | 62 | ) |
63 | 63 | ||
64 | curl_ssl_verify_host="true" | ||
65 | AC_ARG_ENABLE([ssl-verify-host], | ||
66 | AC_HELP_STRING([--disable-ssl-verify-host],[disable cURL cert/host relationships verification]), | ||
67 | [ test "${enableval}" = "no" && curl_ssl_verify_host="false" ] | ||
68 | ) | ||
69 | ${curl_ssl_verify_host} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYHOST],,[defined if cURL is not to verify cert/host]) | ||
70 | |||
71 | curl_ssl_verify_peer="true" | ||
72 | AC_ARG_ENABLE([ssl-verify-peer], | ||
73 | AC_HELP_STRING([--disable-ssl-verify-peer],[disable cURL cert validity verification]), | ||
74 | [ test "${enableval}" = "no" && curl_ssl_verify_peer="false" ] | ||
75 | ) | ||
76 | ${curl_ssl_verify_peer} || AC_DEFINE([DISABLE_CURL_SSL_VERIFYPEER],,[defined if cURL is not to verify cert validity]) | ||
77 | |||
64 | AC_CONFIG_FILES([ | 78 | AC_CONFIG_FILES([ |
65 | Makefile | 79 | Makefile |
66 | libopkele.pc | 80 | libopkele.pc |
67 | Doxyfile | 81 | Doxyfile |
68 | include/Makefile | 82 | include/Makefile |
69 | lib/Makefile | 83 | lib/Makefile |
70 | ]) | 84 | ]) |
71 | AC_OUTPUT | 85 | AC_OUTPUT |
diff --git a/lib/consumer.cc b/lib/consumer.cc index 331b1e9..dc49405 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
@@ -1,88 +1,94 @@ | |||
1 | #include <algorithm> | 1 | #include <algorithm> |
2 | #include <cassert> | 2 | #include <cassert> |
3 | #include <opkele/util.h> | 3 | #include <opkele/util.h> |
4 | #include <opkele/exception.h> | 4 | #include <opkele/exception.h> |
5 | #include <opkele/data.h> | 5 | #include <opkele/data.h> |
6 | #include <opkele/consumer.h> | 6 | #include <opkele/consumer.h> |
7 | #include <openssl/sha.h> | 7 | #include <openssl/sha.h> |
8 | #include <openssl/hmac.h> | 8 | #include <openssl/hmac.h> |
9 | #include <curl/curl.h> | 9 | #include <curl/curl.h> |
10 | #include <pcre++.h> | 10 | #include <pcre++.h> |
11 | 11 | ||
12 | #include <iostream> | 12 | #include <iostream> |
13 | 13 | ||
14 | #include "config.h" | 14 | #include "config.h" |
15 | 15 | ||
16 | namespace opkele { | 16 | namespace opkele { |
17 | using namespace std; | 17 | using namespace std; |
18 | 18 | ||
19 | class curl_t { | 19 | class curl_t { |
20 | public: | 20 | public: |
21 | CURL *_c; | 21 | CURL *_c; |
22 | 22 | ||
23 | curl_t() : _c(0) { } | 23 | curl_t() : _c(0) { } |
24 | curl_t(CURL *c) : _c(c) { } | 24 | curl_t(CURL *c) : _c(c) { } |
25 | ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } | 25 | ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } |
26 | 26 | ||
27 | curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } | 27 | curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } |
28 | 28 | ||
29 | operator const CURL*(void) const { return _c; } | 29 | operator const CURL*(void) const { return _c; } |
30 | operator CURL*(void) { return _c; } | 30 | operator CURL*(void) { return _c; } |
31 | }; | 31 | }; |
32 | 32 | ||
33 | static CURLcode curl_misc_sets(CURL* c) { | 33 | static CURLcode curl_misc_sets(CURL* c) { |
34 | CURLcode r; | 34 | CURLcode r; |
35 | (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) | 35 | (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) |
36 | || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) | 36 | || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) |
37 | || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) | 37 | || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) |
38 | || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) | 38 | || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) |
39 | || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) | 39 | || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) |
40 | || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) | 40 | || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) |
41 | #ifdefDISABLE_CURL_SSL_VERIFYHOST | ||
42 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) | ||
43 | #endif | ||
44 | #ifdefDISABLE_CURL_SSL_VERYPEER | ||
45 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) | ||
46 | #endif | ||
41 | ; | 47 | ; |
42 | return r; | 48 | return r; |
43 | } | 49 | } |
44 | 50 | ||
45 | static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { | 51 | static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { |
46 | string *str = (string*)stream; | 52 | string *str = (string*)stream; |
47 | size_t bytes = size*nmemb; | 53 | size_t bytes = size*nmemb; |
48 | size_t get = min(16384-str->length(),bytes); | 54 | size_t get = min(16384-str->length(),bytes); |
49 | str->append((const char*)ptr,get); | 55 | str->append((const char*)ptr,get); |
50 | return get; | 56 | return get; |
51 | } | 57 | } |
52 | 58 | ||
53 | assoc_t consumer_t::associate(const string& server) { | 59 | assoc_t consumer_t::associate(const string& server) { |
54 | util::dh_t dh = DH_new(); | 60 | util::dh_t dh = DH_new(); |
55 | if(!dh) | 61 | if(!dh) |
56 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); | 62 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); |
57 | dh->p = util::dec_to_bignum(data::_default_p); | 63 | dh->p = util::dec_to_bignum(data::_default_p); |
58 | dh->g = util::dec_to_bignum(data::_default_g); | 64 | dh->g = util::dec_to_bignum(data::_default_g); |
59 | if(!DH_generate_key(dh)) | 65 | if(!DH_generate_key(dh)) |
60 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); | 66 | throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()"); |
61 | string request = | 67 | string request = |
62 | "openid.mode=associate" | 68 | "openid.mode=associate" |
63 | "&openid.assoc_type=HMAC-SHA1" | 69 | "&openid.assoc_type=HMAC-SHA1" |
64 | "&openid.session_type=DH-SHA1" | 70 | "&openid.session_type=DH-SHA1" |
65 | "&openid.dh_consumer_public="; | 71 | "&openid.dh_consumer_public="; |
66 | request += util::url_encode(util::bignum_to_base64(dh->pub_key)); | 72 | request += util::url_encode(util::bignum_to_base64(dh->pub_key)); |
67 | curl_t curl = curl_easy_init(); | 73 | curl_t curl = curl_easy_init(); |
68 | if(!curl) | 74 | if(!curl) |
69 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); | 75 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); |
70 | string response; | 76 | string response; |
71 | CURLcode r; | 77 | CURLcode r; |
72 | (r=curl_misc_sets(curl)) | 78 | (r=curl_misc_sets(curl)) |
73 | || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) | 79 | || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) |
74 | || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) | 80 | || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) |
75 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) | 81 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) |
76 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) | 82 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) |
77 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) | 83 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) |
78 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) | 84 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) |
79 | ; | 85 | ; |
80 | if(r) | 86 | if(r) |
81 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); | 87 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); |
82 | if(r=curl_easy_perform(curl)) | 88 | if(r=curl_easy_perform(curl)) |
83 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); | 89 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); |
84 | params_t p; p.parse_keyvalues(response); | 90 | params_t p; p.parse_keyvalues(response); |
85 | if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") | 91 | if(p.has_param("assoc_type") && p.get_param("assoc_type")!="HMAC-SHA1") |
86 | throw bad_input(OPKELE_CP_ "unsupported assoc_type"); | 92 | throw bad_input(OPKELE_CP_ "unsupported assoc_type"); |
87 | string st; | 93 | string st; |
88 | if(p.has_param("session_type")) st = p.get_param("session_type"); | 94 | if(p.has_param("session_type")) st = p.get_param("session_type"); |