-rw-r--r-- | lib/consumer.cc | 53 |
1 files changed, 47 insertions, 6 deletions
diff --git a/lib/consumer.cc b/lib/consumer.cc index 8f66688..299b3bc 100644 --- a/lib/consumer.cc +++ b/lib/consumer.cc | |||
@@ -1,63 +1,70 @@ | |||
1 | #include <algorithm> | 1 | #include <algorithm> |
2 | #include <cassert> | 2 | #include <cassert> |
3 | #include <opkele/util.h> | 3 | #include <opkele/util.h> |
4 | #include <opkele/exception.h> | 4 | #include <opkele/exception.h> |
5 | #include <opkele/data.h> | 5 | #include <opkele/data.h> |
6 | #include <opkele/consumer.h> | 6 | #include <opkele/consumer.h> |
7 | #include <openssl/sha.h> | 7 | #include <openssl/sha.h> |
8 | #include <openssl/hmac.h> | 8 | #include <openssl/hmac.h> |
9 | #include <curl/curl.h> | 9 | #include <curl/curl.h> |
10 | #include <pcre++.h> | ||
11 | 10 | ||
12 | #include <iostream> | 11 | #include <iostream> |
13 | 12 | ||
14 | #include "config.h" | 13 | #include "config.h" |
15 | 14 | ||
15 | #if defined(USE_LIBPCRECPP) | ||
16 | # include <pcrecpp.h> | ||
17 | #elif defined(USE_PCREPP) | ||
18 | # include <pcre++.h> | ||
19 | #else | ||
20 | /* internal implementation won't be built */ | ||
21 | #endif | ||
22 | |||
16 | namespace opkele { | 23 | namespace opkele { |
17 | using namespace std; | 24 | using namespace std; |
18 | 25 | ||
19 | class curl_t { | 26 | class curl_t { |
20 | public: | 27 | public: |
21 | CURL *_c; | 28 | CURL *_c; |
22 | 29 | ||
23 | curl_t() : _c(0) { } | 30 | curl_t() : _c(0) { } |
24 | curl_t(CURL *c) : _c(c) { } | 31 | curl_t(CURL *c) : _c(c) { } |
25 | ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } | 32 | ~curl_t() throw() { if(_c) curl_easy_cleanup(_c); } |
26 | 33 | ||
27 | curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } | 34 | curl_t& operator=(CURL *c) { if(_c) curl_easy_cleanup(_c); _c=c; return *this; } |
28 | 35 | ||
29 | operator const CURL*(void) const { return _c; } | 36 | operator const CURL*(void) const { return _c; } |
30 | operator CURL*(void) { return _c; } | 37 | operator CURL*(void) { return _c; } |
31 | }; | 38 | }; |
32 | 39 | ||
33 | static CURLcode curl_misc_sets(CURL* c) { | 40 | static CURLcode curl_misc_sets(CURL* c) { |
34 | CURLcode r; | 41 | CURLcode r; |
35 | (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) | 42 | (r=curl_easy_setopt(c,CURLOPT_FOLLOWLOCATION,1)) |
36 | || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) | 43 | || (r=curl_easy_setopt(c,CURLOPT_MAXREDIRS,5)) |
37 | || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) | 44 | || (r=curl_easy_setopt(c,CURLOPT_DNS_CACHE_TIMEOUT,120)) |
38 | || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) | 45 | || (r=curl_easy_setopt(c,CURLOPT_DNS_USE_GLOBAL_CACHE,1)) |
39 | || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) | 46 | || (r=curl_easy_setopt(c,CURLOPT_USERAGENT,PACKAGE_NAME"/"PACKAGE_VERSION)) |
40 | || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) | 47 | || (r=curl_easy_setopt(c,CURLOPT_TIMEOUT,20)) |
41 | #ifdefDISABLE_CURL_SSL_VERIFYHOST | 48 | #ifdefDISABLE_CURL_SSL_VERIFYHOST |
42 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) | 49 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYHOST,0)) |
43 | #endif | 50 | #endif |
44 | #ifdefDISABLE_CURL_SSL_VERIFYPEER | 51 | #ifdefDISABLE_CURL_SSL_VERIFYPEER |
45 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) | 52 | || (r=curl_easy_setopt(c,CURLOPT_SSL_VERIFYPEER,0)) |
46 | #endif | 53 | #endif |
47 | ; | 54 | ; |
48 | return r; | 55 | return r; |
49 | } | 56 | } |
50 | 57 | ||
51 | static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { | 58 | static size_t _curl_tostring(void *ptr,size_t size,size_t nmemb,void *stream) { |
52 | string *str = (string*)stream; | 59 | string *str = (string*)stream; |
53 | size_t bytes = size*nmemb; | 60 | size_t bytes = size*nmemb; |
54 | size_t get = min(16384-str->length(),bytes); | 61 | size_t get = min(16384-str->length(),bytes); |
55 | str->append((const char*)ptr,get); | 62 | str->append((const char*)ptr,get); |
56 | return get; | 63 | return get; |
57 | } | 64 | } |
58 | 65 | ||
59 | assoc_t consumer_t::associate(const string& server) { | 66 | assoc_t consumer_t::associate(const string& server) { |
60 | util::dh_t dh = DH_new(); | 67 | util::dh_t dh = DH_new(); |
61 | if(!dh) | 68 | if(!dh) |
62 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); | 69 | throw exception_openssl(OPKELE_CP_ "failed to DH_new()"); |
63 | dh->p = util::dec_to_bignum(data::_default_p); | 70 | dh->p = util::dec_to_bignum(data::_default_p); |
@@ -216,141 +223,175 @@ namespace opkele { | |||
216 | }catch(failed_check_authentication& fca) { | 223 | }catch(failed_check_authentication& fca) { |
217 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); | 224 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); |
218 | } | 225 | } |
219 | } | 226 | } |
220 | if(ext) ext->id_res_hook(pin,ps,identity); | 227 | if(ext) ext->id_res_hook(pin,ps,identity); |
221 | } | 228 | } |
222 | 229 | ||
223 | void consumer_t::check_authentication(const string& server,const params_t& p) { | 230 | void consumer_t::check_authentication(const string& server,const params_t& p) { |
224 | string request = "openid.mode=check_authentication"; | 231 | string request = "openid.mode=check_authentication"; |
225 | for(params_t::const_iterator i=p.begin();i!=p.end();++i) { | 232 | for(params_t::const_iterator i=p.begin();i!=p.end();++i) { |
226 | if(i->first!="openid.mode") { | 233 | if(i->first!="openid.mode") { |
227 | request += '&'; | 234 | request += '&'; |
228 | request += i->first; | 235 | request += i->first; |
229 | request += '='; | 236 | request += '='; |
230 | request += util::url_encode(i->second); | 237 | request += util::url_encode(i->second); |
231 | } | 238 | } |
232 | } | 239 | } |
233 | curl_t curl = curl_easy_init(); | 240 | curl_t curl = curl_easy_init(); |
234 | if(!curl) | 241 | if(!curl) |
235 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); | 242 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); |
236 | string response; | 243 | string response; |
237 | CURLcode r; | 244 | CURLcode r; |
238 | (r=curl_misc_sets(curl)) | 245 | (r=curl_misc_sets(curl)) |
239 | || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) | 246 | || (r=curl_easy_setopt(curl,CURLOPT_URL,server.c_str())) |
240 | || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) | 247 | || (r=curl_easy_setopt(curl,CURLOPT_POST,1)) |
241 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) | 248 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDS,request.data())) |
242 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) | 249 | || (r=curl_easy_setopt(curl,CURLOPT_POSTFIELDSIZE,request.length())) |
243 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) | 250 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) |
244 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) | 251 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&response)) |
245 | ; | 252 | ; |
246 | if(r) | 253 | if(r) |
247 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); | 254 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); |
248 | if(r=curl_easy_perform(curl)) | 255 | if(r=curl_easy_perform(curl)) |
249 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); | 256 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); |
250 | params_t pp; pp.parse_keyvalues(response); | 257 | params_t pp; pp.parse_keyvalues(response); |
251 | if(pp.has_param("invalidate_handle")) | 258 | if(pp.has_param("invalidate_handle")) |
252 | invalidate_assoc(server,pp.get_param("invalidate_handle")); | 259 | invalidate_assoc(server,pp.get_param("invalidate_handle")); |
253 | if(pp.has_param("is_valid")) { | 260 | if(pp.has_param("is_valid")) { |
254 | if(pp.get_param("is_valid")=="true") | 261 | if(pp.get_param("is_valid")=="true") |
255 | return; | 262 | return; |
256 | }else if(pp.has_param("lifetime")) { | 263 | }else if(pp.has_param("lifetime")) { |
257 | if(util::string_to_long(pp.get_param("lifetime"))) | 264 | if(util::string_to_long(pp.get_param("lifetime"))) |
258 | return; | 265 | return; |
259 | } | 266 | } |
260 | throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); | 267 | throw failed_check_authentication(OPKELE_CP_ "failed to verify response"); |
261 | } | 268 | } |
262 | 269 | ||
263 | void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { | 270 | void consumer_t::retrieve_links(const string& url,string& server,string& delegate) { |
271 | #if defined(USE_LIBPCRECPP) || defined(USE_PCREPP) | ||
264 | server.erase(); | 272 | server.erase(); |
265 | delegate.erase(); | 273 | delegate.erase(); |
266 | curl_t curl = curl_easy_init(); | 274 | curl_t curl = curl_easy_init(); |
267 | if(!curl) | 275 | if(!curl) |
268 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); | 276 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); |
269 | string html; | 277 | string html; |
270 | CURLcode r; | 278 | CURLcode r; |
271 | (r=curl_misc_sets(curl)) | 279 | (r=curl_misc_sets(curl)) |
272 | || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str())) | 280 | || (r=curl_easy_setopt(curl,CURLOPT_URL,url.c_str())) |
273 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) | 281 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,_curl_tostring)) |
274 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html)) | 282 | || (r=curl_easy_setopt(curl,CURLOPT_WRITEDATA,&html)) |
275 | ; | 283 | ; |
276 | if(r) | 284 | if(r) |
277 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); | 285 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_setopt()",r); |
278 | r = curl_easy_perform(curl); | 286 | r = curl_easy_perform(curl); |
279 | if(r && r!=CURLE_WRITE_ERROR) | 287 | if(r && r!=CURLE_WRITE_ERROR) |
280 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); | 288 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_perform()",r); |
281 | pcrepp::Pcre bre("<body\\b",PCRE_CASELESS); | ||
282 | // strip out everything past body | 289 | // strip out everything past body |
290 | static const char *re_hdre = "<head[^>]*>", | ||
291 | *re_lre = "<link\\b([^>]+)>", | ||
292 | *re_rre = "\\brel=['\"]([^'\"]+)['\"]", | ||
293 | *re_hre = "\\bhref=['\"]([^'\"]+)['\"]"; | ||
294 | #if defined(USE_LIBPCRECPP) | ||
295 | static pcrecpp::RE_Options ro(PCRE_CASELESS|PCRE_DOTALL); | ||
296 | static pcrecpp::RE | ||
297 | bre("<body\\b.*",ro), hdre(re_hdre,ro), | ||
298 | lre(re_lre,ro), rre(re_rre), hre(re_hre,ro); | ||
299 | bre.Replace("",&html); | ||
300 | pcrecpp::StringPiece hpiece(html); | ||
301 | if(!hdre.FindAndConsume(&hpiece)) | ||
302 | throw bad_input(OPKELE_CP_ "failed to find head"); | ||
303 | string attrs; | ||
304 | while(lre.FindAndConsume(&hpiece,&attrs)) { | ||
305 | pcrecpp::StringPiece rel, href; | ||
306 | if(!(rre.PartialMatch(attrs,&rel) && hre.PartialMatch(attrs,&href))) | ||
307 | continue; | ||
308 | if(rel=="openid.server") { | ||
309 | href.CopyToString(&server); | ||
310 | if(!delegate.empty()) | ||
311 | break; | ||
312 | }else if(rel=="openid.delegate") { | ||
313 | href.CopyToString(&delegate); | ||
314 | if(!server.empty()) | ||
315 | break; | ||
316 | } | ||
317 | } | ||
318 | #elif defined(USE_PCREPP) | ||
319 | pcrepp::Pcre bre("<body\\b",PCRE_CASELESS); | ||
283 | if(bre.search(html)) | 320 | if(bre.search(html)) |
284 | html.erase(bre.get_match_start()); | 321 | html.erase(bre.get_match_start()); |
285 | pcrepp::Pcre hdre("<head[^>]*>",PCRE_CASELESS); | 322 | pcrepp::Pcre hdre(re_hdre,PCRE_CASELESS); |
286 | if(!hdre.search(html)) | 323 | if(!hdre.search(html)) |
287 | throw bad_input(OPKELE_CP_ "failed to find head"); | 324 | throw bad_input(OPKELE_CP_ "failed to find head"); |
288 | html.erase(0,hdre.get_match_end()+1); | 325 | html.erase(0,hdre.get_match_end()+1); |
289 | pcrepp::Pcre lre("<link\\b([^>]+)>",PCRE_CASELESS), | 326 | pcrepp::Pcre lre(re_lre,PCRE_CASELESS), rre(re_rre,PCRE_CASELESS), hre(re_hre,PCRE_CASELESS); |
290 | rre("\\brel=['\"]([^'\"]+)['\"]",PCRE_CASELESS), | ||
291 | hre("\\bhref=['\"]([^'\"]+)['\"]",PCRE_CASELESS); | ||
292 | while(lre.search(html)) { | 327 | while(lre.search(html)) { |
293 | string attrs = lre[0]; | 328 | string attrs = lre[0]; |
294 | html.erase(0,lre.get_match_end()+1); | 329 | html.erase(0,lre.get_match_end()+1); |
295 | if(!(rre.search(attrs)&&hre.search(attrs))) | 330 | if(!(rre.search(attrs)&&hre.search(attrs))) |
296 | continue; | 331 | continue; |
297 | if(rre[0]=="openid.server") { | 332 | if(rre[0]=="openid.server") { |
298 | server = hre[0]; | 333 | server = hre[0]; |
299 | if(!delegate.empty()) | 334 | if(!delegate.empty()) |
300 | break; | 335 | break; |
301 | }else if(rre[0]=="openid.delegate") { | 336 | }else if(rre[0]=="openid.delegate") { |
302 | delegate = hre[0]; | 337 | delegate = hre[0]; |
303 | if(!server.empty()) | 338 | if(!server.empty()) |
304 | break; | 339 | break; |
305 | } | 340 | } |
306 | } | 341 | } |
342 | #else | ||
343 | #error "I must have gone crazy" | ||
344 | #endif | ||
307 | if(server.empty()) | 345 | if(server.empty()) |
308 | throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); | 346 | throw failed_assertion(OPKELE_CP_ "The location has no openid.server declaration"); |
347 | #else /* none of the RE bindings enabled */ | ||
348 | throw not_implemented(OPKELE_CP_ "No internal implementation of retrieve_links were provided at compile-time"); | ||
349 | #endif | ||
309 | } | 350 | } |
310 | 351 | ||
311 | assoc_t consumer_t::find_assoc(const string& server) { | 352 | assoc_t consumer_t::find_assoc(const string& server) { |
312 | throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); | 353 | throw failed_lookup(OPKELE_CP_ "no find_assoc() provided"); |
313 | } | 354 | } |
314 | 355 | ||
315 | string consumer_t::normalize(const string& url) { | 356 | string consumer_t::normalize(const string& url) { |
316 | string rv = url; | 357 | string rv = url; |
317 | // strip leading and trailing spaces | 358 | // strip leading and trailing spaces |
318 | string::size_type i = rv.find_first_not_of(" \t\r\n"); | 359 | string::size_type i = rv.find_first_not_of(" \t\r\n"); |
319 | if(i==string::npos) | 360 | if(i==string::npos) |
320 | throw bad_input(OPKELE_CP_ "empty URL"); | 361 | throw bad_input(OPKELE_CP_ "empty URL"); |
321 | if(i) | 362 | if(i) |
322 | rv.erase(0,i); | 363 | rv.erase(0,i); |
323 | i = rv.find_last_not_of(" \t\r\n"); | 364 | i = rv.find_last_not_of(" \t\r\n"); |
324 | assert(i!=string::npos); | 365 | assert(i!=string::npos); |
325 | if(i<(rv.length()-1)) | 366 | if(i<(rv.length()-1)) |
326 | rv.erase(i+1); | 367 | rv.erase(i+1); |
327 | // add missing http:// | 368 | // add missing http:// |
328 | i = rv.find("://"); | 369 | i = rv.find("://"); |
329 | if(i==string::npos) { // primitive. but do we need more? | 370 | if(i==string::npos) { // primitive. but do we need more? |
330 | rv.insert(0,"http://"); | 371 | rv.insert(0,"http://"); |
331 | i = sizeof("http://")-1; | 372 | i = sizeof("http://")-1; |
332 | }else{ | 373 | }else{ |
333 | i += sizeof("://")-1; | 374 | i += sizeof("://")-1; |
334 | } | 375 | } |
335 | string::size_type qm = rv.find('?',i); | 376 | string::size_type qm = rv.find('?',i); |
336 | string::size_type sl = rv.find('/',i); | 377 | string::size_type sl = rv.find('/',i); |
337 | if(qm!=string::npos) { | 378 | if(qm!=string::npos) { |
338 | if(sl==string::npos || sl>qm) | 379 | if(sl==string::npos || sl>qm) |
339 | rv.insert(qm,1,'/'); | 380 | rv.insert(qm,1,'/'); |
340 | }else{ | 381 | }else{ |
341 | if(sl==string::npos) | 382 | if(sl==string::npos) |
342 | rv += '/'; | 383 | rv += '/'; |
343 | } | 384 | } |
344 | return rv; | 385 | return rv; |
345 | } | 386 | } |
346 | 387 | ||
347 | string consumer_t::canonicalize(const string& url) { | 388 | string consumer_t::canonicalize(const string& url) { |
348 | string rv = normalize(url); | 389 | string rv = normalize(url); |
349 | curl_t curl = curl_easy_init(); | 390 | curl_t curl = curl_easy_init(); |
350 | if(!curl) | 391 | if(!curl) |
351 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); | 392 | throw exception_curl(OPKELE_CP_ "failed to curl_easy_init()"); |
352 | string html; | 393 | string html; |
353 | CURLcode r; | 394 | CURLcode r; |
354 | (r=curl_misc_sets(curl)) | 395 | (r=curl_misc_sets(curl)) |
355 | || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str())) | 396 | || (r=curl_easy_setopt(curl,CURLOPT_URL,rv.c_str())) |
356 | || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1)) | 397 | || (r=curl_easy_setopt(curl,CURLOPT_NOBODY,1)) |