|
|
|
| @@ -1,114 +1,118 @@ |
| 1 | #include <uuid/uuid.h> |
1 | #include <uuid/uuid.h> |
| 2 | #include <iostream> |
2 | #include <iostream> |
| 3 | #include <cassert> |
3 | #include <cassert> |
| 4 | #include <string> |
4 | #include <string> |
| 5 | #include <ext/algorithm> |
| |
| 6 | using namespace std; |
5 | using namespace std; |
| 7 | #include <kingate/exception.h> |
6 | #include <kingate/exception.h> |
| 8 | #include <kingate/plaincgi.h> |
7 | #include <kingate/plaincgi.h> |
| 9 | #include <kingate/cgi_gateway.h> |
8 | #include <kingate/cgi_gateway.h> |
| 10 | #include <opkele/exception.h> |
9 | #include <opkele/exception.h> |
| 11 | #include <opkele/util.h> |
10 | #include <opkele/util.h> |
| 12 | #include <opkele/uris.h> |
11 | #include <opkele/uris.h> |
| 13 | #include <opkele/extension.h> |
12 | #include <opkele/extension.h> |
| 14 | #include <opkele/association.h> |
13 | #include <opkele/association.h> |
| 15 | #include <opkele/debug.h> |
14 | #include <opkele/debug.h> |
| 16 | #include <opkele/verify_op.h> |
15 | #include <opkele/verify_op.h> |
| 17 | #include <opkele/sreg.h> |
16 | #include <opkele/sreg.h> |
| 18 | |
17 | |
| |
18 | #include "config.h" |
| |
19 | #ifdef HAVE_EXT_ALGORITHM_H |
| |
20 | # include <ext/algorithm> |
| |
21 | #endif |
| |
22 | |
| 19 | #include "sqlite.h" |
23 | #include "sqlite.h" |
| 20 | #include "kingate_openid_message.h" |
24 | #include "kingate_openid_message.h" |
| 21 | |
25 | |
| 22 | static const string get_self_url(const kingate::cgi_gateway& gw) { |
26 | static const string get_self_url(const kingate::cgi_gateway& gw) { |
| 23 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
27 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
| 24 | string rv = s?"https://":"http://"; |
28 | string rv = s?"https://":"http://"; |
| 25 | rv += gw.http_request_header("Host"); |
29 | rv += gw.http_request_header("Host"); |
| 26 | const string& port = gw.get_meta("SERVER_PORT"); |
30 | const string& port = gw.get_meta("SERVER_PORT"); |
| 27 | if( port!=(s?"443":"80") ) { |
31 | if( port!=(s?"443":"80") ) { |
| 28 | rv += ':'; rv += port; |
32 | rv += ':'; rv += port; |
| 29 | } |
33 | } |
| 30 | rv += gw.get_meta("REQUEST_URI"); |
34 | rv += gw.get_meta("REQUEST_URI"); |
| 31 | string::size_type q = rv.find('?'); |
35 | string::size_type q = rv.find('?'); |
| 32 | if(q!=string::npos) |
36 | if(q!=string::npos) |
| 33 | rv.erase(q); |
37 | rv.erase(q); |
| 34 | return rv; |
38 | return rv; |
| 35 | } |
39 | } |
| 36 | |
40 | |
| 37 | class opdb_t : public sqlite3_t { |
41 | class opdb_t : public sqlite3_t { |
| 38 | public: |
42 | public: |
| 39 | opdb_t() |
43 | opdb_t() |
| 40 | : sqlite3_t("/tmp/OP.db") { |
44 | : sqlite3_t("/tmp/OP.db") { |
| 41 | assert(_D); |
45 | assert(_D); |
| 42 | char **resp; int nr,nc; char *errm; |
46 | char **resp; int nr,nc; char *errm; |
| 43 | if(sqlite3_get_table( |
47 | if(sqlite3_get_table( |
| 44 | _D, "SELECT a_op FROM assoc LIMIT 0", |
48 | _D, "SELECT a_op FROM assoc LIMIT 0", |
| 45 | &resp,&nr,&nc,&errm)!=SQLITE_OK) { |
49 | &resp,&nr,&nc,&errm)!=SQLITE_OK) { |
| 46 | extern const char *__OP_db_bootstrap; |
50 | extern const char *__OP_db_bootstrap; |
| 47 | DOUT_("Bootstrapping DB"); |
51 | DOUT_("Bootstrapping DB"); |
| 48 | if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
52 | if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
| 49 | throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); |
53 | throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); |
| 50 | }else |
54 | }else |
| 51 | sqlite3_free_table(resp); |
55 | sqlite3_free_table(resp); |
| 52 | } |
56 | } |
| 53 | }; |
57 | }; |
| 54 | |
58 | |
| 55 | class example_op_t : public opkele::verify_OP { |
59 | class example_op_t : public opkele::verify_OP { |
| 56 | public: |
60 | public: |
| 57 | kingate::cgi_gateway& gw; |
61 | kingate::cgi_gateway& gw; |
| 58 | opdb_t db; |
62 | opdb_t db; |
| 59 | kingate::cookie htc; |
63 | kingate::cookie htc; |
| 60 | |
64 | |
| 61 | |
65 | |
| 62 | example_op_t(kingate::cgi_gateway& g) |
66 | example_op_t(kingate::cgi_gateway& g) |
| 63 | : gw(g) { |
67 | : gw(g) { |
| 64 | try { |
68 | try { |
| 65 | htc = gw.cookies.get_cookie("htop_session"); |
69 | htc = gw.cookies.get_cookie("htop_session"); |
| 66 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
70 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 67 | "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", |
71 | "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", |
| 68 | htc.get_value().c_str()); |
72 | htc.get_value().c_str()); |
| 69 | sqlite3_table_t T; int nr,nc; |
73 | sqlite3_table_t T; int nr,nc; |
| 70 | db.get_table(S,T,&nr,&nc); |
74 | db.get_table(S,T,&nr,&nc); |
| 71 | if(nr<1) |
75 | if(nr<1) |
| 72 | throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); |
76 | throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); |
| 73 | }catch(kingate::exception_notfound& kenf) { |
77 | }catch(kingate::exception_notfound& kenf) { |
| 74 | uuid_t uuid; uuid_generate(uuid); |
78 | uuid_t uuid; uuid_generate(uuid); |
| 75 | htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); |
79 | htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); |
| 76 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
80 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
| 77 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
81 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
| 78 | htc.get_value().c_str()); |
82 | htc.get_value().c_str()); |
| 79 | db.exec(S); |
83 | db.exec(S); |
| 80 | } |
84 | } |
| 81 | } |
85 | } |
| 82 | |
86 | |
| 83 | void set_authorized(bool a) { |
87 | void set_authorized(bool a) { |
| 84 | sqlite3_mem_t<char*> |
88 | sqlite3_mem_t<char*> |
| 85 | S = sqlite3_mprintf( |
89 | S = sqlite3_mprintf( |
| 86 | "UPDATE ht_sessions" |
90 | "UPDATE ht_sessions" |
| 87 | " SET authorized=%d" |
91 | " SET authorized=%d" |
| 88 | " WHERE hts_id=%Q", |
92 | " WHERE hts_id=%Q", |
| 89 | (int)a,htc.get_value().c_str()); |
93 | (int)a,htc.get_value().c_str()); |
| 90 | db.exec(S); |
94 | db.exec(S); |
| 91 | } |
95 | } |
| 92 | bool get_authorized() { |
96 | bool get_authorized() { |
| 93 | sqlite3_mem_t<char*> |
97 | sqlite3_mem_t<char*> |
| 94 | S = sqlite3_mprintf( |
98 | S = sqlite3_mprintf( |
| 95 | "SELECT authorized" |
99 | "SELECT authorized" |
| 96 | " FROM ht_sessions" |
100 | " FROM ht_sessions" |
| 97 | " WHERE hts_id=%Q", |
101 | " WHERE hts_id=%Q", |
| 98 | htc.get_value().c_str()); |
102 | htc.get_value().c_str()); |
| 99 | sqlite3_table_t T; int nr,nc; |
103 | sqlite3_table_t T; int nr,nc; |
| 100 | db.get_table(S,T,&nr,&nc); |
104 | db.get_table(S,T,&nr,&nc); |
| 101 | assert(nr==1); assert(nc=1); |
105 | assert(nr==1); assert(nc=1); |
| 102 | return opkele::util::string_to_long(T.get(1,0,nc)); |
106 | return opkele::util::string_to_long(T.get(1,0,nc)); |
| 103 | } |
107 | } |
| 104 | |
108 | |
| 105 | ostream& cookie_header(ostream& o) const { |
109 | ostream& cookie_header(ostream& o) const { |
| 106 | o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; |
110 | o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; |
| 107 | return o; |
111 | return o; |
| 108 | } |
112 | } |
| 109 | |
113 | |
| 110 | opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { |
114 | opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { |
| 111 | uuid_t uuid; uuid_generate(uuid); |
115 | uuid_t uuid; uuid_generate(uuid); |
| 112 | string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); |
116 | string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); |
| 113 | opkele::secret_t a_secret; |
117 | opkele::secret_t a_secret; |
| 114 | generate_n( |
118 | generate_n( |
|
