author | Michael Krelin <hacker@klever.net> | 2008-11-23 00:43:59 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2009-04-11 15:08:59 (UTC) |
commit | 381bfb49bfbfc569e6b5aa8e58a933de4397b053 (patch) (unidiff) | |
tree | 19f5d884250e83f43094d8bf64b52704417ff265 /lib | |
parent | a5804c83e1ff21fcbf3acb8b1ff952b8dc94adc1 (diff) | |
download | libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.zip libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.tar.gz libopkele-381bfb49bfbfc569e6b5aa8e58a933de4397b053.tar.bz2 |
workaround for livejournal.com breaking specs
just don't treat those who supply empty op_endpoint as OpenID 2.0 providers
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/basic_rp.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc index 3cad71c..8125aa7 100644 --- a/lib/basic_rp.cc +++ b/lib/basic_rp.cc | |||
@@ -173,97 +173,97 @@ namespace opkele { | |||
173 | p = co+1; | 173 | p = co+1; |
174 | } | 174 | } |
175 | } | 175 | } |
176 | 176 | ||
177 | bool has_field(const string& n) const { | 177 | bool has_field(const string& n) const { |
178 | return signeds.find(n)!=signeds.end() && x.has_field(n); } | 178 | return signeds.find(n)!=signeds.end() && x.has_field(n); } |
179 | const string& get_field(const string& n) const { | 179 | const string& get_field(const string& n) const { |
180 | if(signeds.find(n)==signeds.end()) | 180 | if(signeds.find(n)==signeds.end()) |
181 | throw failed_lookup(OPKELE_CP_ "The field isn't known to be signed"); | 181 | throw failed_lookup(OPKELE_CP_ "The field isn't known to be signed"); |
182 | return x.get_field(n); } | 182 | return x.get_field(n); } |
183 | 183 | ||
184 | fields_iterator fields_begin() const { | 184 | fields_iterator fields_begin() const { |
185 | return signeds.begin(); } | 185 | return signeds.begin(); } |
186 | fields_iterator fields_end() const { | 186 | fields_iterator fields_end() const { |
187 | return signeds.end(); } | 187 | return signeds.end(); } |
188 | }; | 188 | }; |
189 | 189 | ||
190 | static void parse_query(const string& u,string::size_type q, | 190 | static void parse_query(const string& u,string::size_type q, |
191 | map<string,string>& p) { | 191 | map<string,string>& p) { |
192 | if(q==string::npos) | 192 | if(q==string::npos) |
193 | return; | 193 | return; |
194 | assert(u[q]=='?'); | 194 | assert(u[q]=='?'); |
195 | ++q; | 195 | ++q; |
196 | string::size_type l = u.size(); | 196 | string::size_type l = u.size(); |
197 | while(q<l) { | 197 | while(q<l) { |
198 | string::size_type eq = u.find('=',q); | 198 | string::size_type eq = u.find('=',q); |
199 | string::size_type am = u.find('&',q); | 199 | string::size_type am = u.find('&',q); |
200 | if(am==string::npos) { | 200 | if(am==string::npos) { |
201 | if(eq==string::npos) { | 201 | if(eq==string::npos) { |
202 | p[""] = u.substr(q); | 202 | p[""] = u.substr(q); |
203 | }else{ | 203 | }else{ |
204 | p[u.substr(q,eq-q)] = u.substr(eq+1); | 204 | p[u.substr(q,eq-q)] = u.substr(eq+1); |
205 | } | 205 | } |
206 | break; | 206 | break; |
207 | }else{ | 207 | }else{ |
208 | if(eq==string::npos || eq>am) { | 208 | if(eq==string::npos || eq>am) { |
209 | p[""] = u.substr(q,eq-q); | 209 | p[""] = u.substr(q,eq-q); |
210 | }else{ | 210 | }else{ |
211 | p[u.substr(q,eq-q)] = u.substr(eq+1,am-eq-1); | 211 | p[u.substr(q,eq-q)] = u.substr(eq+1,am-eq-1); |
212 | } | 212 | } |
213 | q = ++am; | 213 | q = ++am; |
214 | } | 214 | } |
215 | } | 215 | } |
216 | } | 216 | } |
217 | 217 | ||
218 | void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) { | 218 | void basic_RP::id_res(const basic_openid_message& om,extension_t *ext) { |
219 | reset_vars(); | 219 | reset_vars(); |
220 | bool o2 = om.has_field("ns") | 220 | bool o2 = om.has_field("ns") |
221 | && om.get_field("ns")==OIURI_OPENID20; | 221 | && om.get_field("ns")==OIURI_OPENID20 && !om.get_field("op_endpoint").empty(); |
222 | if( (!o2) && om.has_field("user_setup_url")) | 222 | if( (!o2) && om.has_field("user_setup_url")) |
223 | throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided", | 223 | throw id_res_setup(OPKELE_CP_ "assertion failed, setup url provided", |
224 | om.get_field("user_setup_url")); | 224 | om.get_field("user_setup_url")); |
225 | string m = om.get_field("mode"); | 225 | string m = om.get_field("mode"); |
226 | if(o2 && m=="setup_needed") | 226 | if(o2 && m=="setup_needed") |
227 | throw id_res_setup(OPKELE_CP_ "setup needed, no setup url provided"); | 227 | throw id_res_setup(OPKELE_CP_ "setup needed, no setup url provided"); |
228 | if(m=="cancel") | 228 | if(m=="cancel") |
229 | throw id_res_cancel(OPKELE_CP_ "authentication cancelled"); | 229 | throw id_res_cancel(OPKELE_CP_ "authentication cancelled"); |
230 | bool go_dumb=false; | 230 | bool go_dumb=false; |
231 | try { | 231 | try { |
232 | string OP = o2 | 232 | string OP = o2 |
233 | ?om.get_field("op_endpoint") | 233 | ?om.get_field("op_endpoint") |
234 | :get_endpoint().uri; | 234 | :get_endpoint().uri; |
235 | assoc_t assoc = retrieve_assoc( | 235 | assoc_t assoc = retrieve_assoc( |
236 | OP,om.get_field("assoc_handle")); | 236 | OP,om.get_field("assoc_handle")); |
237 | if(om.get_field("sig")!=util::base64_signature(assoc,om)) | 237 | if(om.get_field("sig")!=util::base64_signature(assoc,om)) |
238 | throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); | 238 | throw id_res_mismatch(OPKELE_CP_ "signature mismatch"); |
239 | }catch(dumb_RP& drp) { | 239 | }catch(dumb_RP& drp) { |
240 | go_dumb=true; | 240 | go_dumb=true; |
241 | }catch(failed_lookup& e) { | 241 | }catch(failed_lookup& e) { |
242 | go_dumb=true; | 242 | go_dumb=true; |
243 | } OPKELE_RETHROW | 243 | } OPKELE_RETHROW |
244 | if(go_dumb) { | 244 | if(go_dumb) { |
245 | try { | 245 | try { |
246 | string OP = o2 | 246 | string OP = o2 |
247 | ?om.get_field("op_endpoint") | 247 | ?om.get_field("op_endpoint") |
248 | :get_endpoint().uri; | 248 | :get_endpoint().uri; |
249 | check_authentication(OP,om); | 249 | check_authentication(OP,om); |
250 | }catch(failed_check_authentication& fca) { | 250 | }catch(failed_check_authentication& fca) { |
251 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); | 251 | throw id_res_failed(OPKELE_CP_ "failed to check_authentication()"); |
252 | } OPKELE_RETHROW | 252 | } OPKELE_RETHROW |
253 | } | 253 | } |
254 | signed_part_message_proxy signeds(om); | 254 | signed_part_message_proxy signeds(om); |
255 | if(o2) { | 255 | if(o2) { |
256 | check_nonce(om.get_field("op_endpoint"), | 256 | check_nonce(om.get_field("op_endpoint"), |
257 | om.get_field("response_nonce")); | 257 | om.get_field("response_nonce")); |
258 | static const char *mustsign[] = { | 258 | static const char *mustsign[] = { |
259 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", | 259 | "op_endpoint", "return_to", "response_nonce", "assoc_handle", |
260 | "claimed_id", "identity" }; | 260 | "claimed_id", "identity" }; |
261 | for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { | 261 | for(size_t ms=0;ms<(sizeof(mustsign)/sizeof(*mustsign));++ms) { |
262 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) | 262 | if(om.has_field(mustsign[ms]) && !signeds.has_field(mustsign[ms])) |
263 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); | 263 | throw bad_input(OPKELE_CP_ string("Field '")+mustsign[ms]+"' is not signed against the specs"); |
264 | } | 264 | } |
265 | if( ( | 265 | if( ( |
266 | (om.has_field("claimed_id")?1:0) | 266 | (om.has_field("claimed_id")?1:0) |
267 | ^ | 267 | ^ |
268 | (om.has_field("identity")?1:0) | 268 | (om.has_field("identity")?1:0) |
269 | )&1 ) | 269 | )&1 ) |