|
|
|
@@ -1,146 +1,150 @@ |
1 | #include <uuid/uuid.h> |
1 | #include <uuid/uuid.h> |
2 | #include <iostream> |
2 | #include <iostream> |
3 | #include <cassert> |
3 | #include <cassert> |
4 | #include <string> |
4 | #include <string> |
5 | #include <ext/algorithm> |
| |
6 | using namespace std; |
5 | using namespace std; |
7 | #include <kingate/exception.h> |
6 | #include <kingate/exception.h> |
8 | #include <kingate/plaincgi.h> |
7 | #include <kingate/plaincgi.h> |
9 | #include <kingate/cgi_gateway.h> |
8 | #include <kingate/cgi_gateway.h> |
10 | #include <opkele/exception.h> |
9 | #include <opkele/exception.h> |
11 | #include <opkele/util.h> |
10 | #include <opkele/util.h> |
12 | #include <opkele/uris.h> |
11 | #include <opkele/uris.h> |
13 | #include <opkele/extension.h> |
12 | #include <opkele/extension.h> |
14 | #include <opkele/association.h> |
13 | #include <opkele/association.h> |
15 | #include <opkele/debug.h> |
14 | #include <opkele/debug.h> |
16 | #include <opkele/verify_op.h> |
15 | #include <opkele/verify_op.h> |
17 | #include <opkele/sreg.h> |
16 | #include <opkele/sreg.h> |
18 | |
17 | |
| |
18 | #include "config.h" |
| |
19 | #ifdef HAVE_EXT_ALGORITHM_H |
| |
20 | # include <ext/algorithm> |
| |
21 | #endif |
| |
22 | |
19 | #include "sqlite.h" |
23 | #include "sqlite.h" |
20 | #include "kingate_openid_message.h" |
24 | #include "kingate_openid_message.h" |
21 | |
25 | |
22 | static const string get_self_url(const kingate::cgi_gateway& gw) { |
26 | static const string get_self_url(const kingate::cgi_gateway& gw) { |
23 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
27 | bool s = gw.has_meta("SSL_PROTOCOL_VERSION"); |
24 | string rv = s?"https://":"http://"; |
28 | string rv = s?"https://":"http://"; |
25 | rv += gw.http_request_header("Host"); |
29 | rv += gw.http_request_header("Host"); |
26 | const string& port = gw.get_meta("SERVER_PORT"); |
30 | const string& port = gw.get_meta("SERVER_PORT"); |
27 | if( port!=(s?"443":"80") ) { |
31 | if( port!=(s?"443":"80") ) { |
28 | rv += ':'; rv += port; |
32 | rv += ':'; rv += port; |
29 | } |
33 | } |
30 | rv += gw.get_meta("REQUEST_URI"); |
34 | rv += gw.get_meta("REQUEST_URI"); |
31 | string::size_type q = rv.find('?'); |
35 | string::size_type q = rv.find('?'); |
32 | if(q!=string::npos) |
36 | if(q!=string::npos) |
33 | rv.erase(q); |
37 | rv.erase(q); |
34 | return rv; |
38 | return rv; |
35 | } |
39 | } |
36 | |
40 | |
37 | class opdb_t : public sqlite3_t { |
41 | class opdb_t : public sqlite3_t { |
38 | public: |
42 | public: |
39 | opdb_t() |
43 | opdb_t() |
40 | : sqlite3_t("/tmp/OP.db") { |
44 | : sqlite3_t("/tmp/OP.db") { |
41 | assert(_D); |
45 | assert(_D); |
42 | char **resp; int nr,nc; char *errm; |
46 | char **resp; int nr,nc; char *errm; |
43 | if(sqlite3_get_table( |
47 | if(sqlite3_get_table( |
44 | _D, "SELECT a_op FROM assoc LIMIT 0", |
48 | _D, "SELECT a_op FROM assoc LIMIT 0", |
45 | &resp,&nr,&nc,&errm)!=SQLITE_OK) { |
49 | &resp,&nr,&nc,&errm)!=SQLITE_OK) { |
46 | extern const char *__OP_db_bootstrap; |
50 | extern const char *__OP_db_bootstrap; |
47 | DOUT_("Bootstrapping DB"); |
51 | DOUT_("Bootstrapping DB"); |
48 | if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
52 | if(sqlite3_exec(_D,__OP_db_bootstrap,NULL,NULL,&errm)!=SQLITE_OK) |
49 | throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); |
53 | throw opkele::exception(OPKELE_CP_ string("Failed to boostrap SQLite database: ")+errm); |
50 | }else |
54 | }else |
51 | sqlite3_free_table(resp); |
55 | sqlite3_free_table(resp); |
52 | } |
56 | } |
53 | }; |
57 | }; |
54 | |
58 | |
55 | class example_op_t : public opkele::verify_OP { |
59 | class example_op_t : public opkele::verify_OP { |
56 | public: |
60 | public: |
57 | kingate::cgi_gateway& gw; |
61 | kingate::cgi_gateway& gw; |
58 | opdb_t db; |
62 | opdb_t db; |
59 | kingate::cookie htc; |
63 | kingate::cookie htc; |
60 | |
64 | |
61 | |
65 | |
62 | example_op_t(kingate::cgi_gateway& g) |
66 | example_op_t(kingate::cgi_gateway& g) |
63 | : gw(g) { |
67 | : gw(g) { |
64 | try { |
68 | try { |
65 | htc = gw.cookies.get_cookie("htop_session"); |
69 | htc = gw.cookies.get_cookie("htop_session"); |
66 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
70 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
67 | "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", |
71 | "SELECT 1 FROM ht_sessions WHERE hts_id=%Q", |
68 | htc.get_value().c_str()); |
72 | htc.get_value().c_str()); |
69 | sqlite3_table_t T; int nr,nc; |
73 | sqlite3_table_t T; int nr,nc; |
70 | db.get_table(S,T,&nr,&nc); |
74 | db.get_table(S,T,&nr,&nc); |
71 | if(nr<1) |
75 | if(nr<1) |
72 | throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); |
76 | throw kingate::exception_notfound(CODEPOINT,"forcing cookie generation"); |
73 | }catch(kingate::exception_notfound& kenf) { |
77 | }catch(kingate::exception_notfound& kenf) { |
74 | uuid_t uuid; uuid_generate(uuid); |
78 | uuid_t uuid; uuid_generate(uuid); |
75 | htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); |
79 | htc = kingate::cookie("htop_session",opkele::util::encode_base64(uuid,sizeof(uuid))); |
76 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
80 | sqlite3_mem_t<char*> S = sqlite3_mprintf( |
77 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
81 | "INSERT INTO ht_sessions (hts_id) VALUES (%Q)", |
78 | htc.get_value().c_str()); |
82 | htc.get_value().c_str()); |
79 | db.exec(S); |
83 | db.exec(S); |
80 | } |
84 | } |
81 | } |
85 | } |
82 | |
86 | |
83 | void set_authorized(bool a) { |
87 | void set_authorized(bool a) { |
84 | sqlite3_mem_t<char*> |
88 | sqlite3_mem_t<char*> |
85 | S = sqlite3_mprintf( |
89 | S = sqlite3_mprintf( |
86 | "UPDATE ht_sessions" |
90 | "UPDATE ht_sessions" |
87 | " SET authorized=%d" |
91 | " SET authorized=%d" |
88 | " WHERE hts_id=%Q", |
92 | " WHERE hts_id=%Q", |
89 | (int)a,htc.get_value().c_str()); |
93 | (int)a,htc.get_value().c_str()); |
90 | db.exec(S); |
94 | db.exec(S); |
91 | } |
95 | } |
92 | bool get_authorized() { |
96 | bool get_authorized() { |
93 | sqlite3_mem_t<char*> |
97 | sqlite3_mem_t<char*> |
94 | S = sqlite3_mprintf( |
98 | S = sqlite3_mprintf( |
95 | "SELECT authorized" |
99 | "SELECT authorized" |
96 | " FROM ht_sessions" |
100 | " FROM ht_sessions" |
97 | " WHERE hts_id=%Q", |
101 | " WHERE hts_id=%Q", |
98 | htc.get_value().c_str()); |
102 | htc.get_value().c_str()); |
99 | sqlite3_table_t T; int nr,nc; |
103 | sqlite3_table_t T; int nr,nc; |
100 | db.get_table(S,T,&nr,&nc); |
104 | db.get_table(S,T,&nr,&nc); |
101 | assert(nr==1); assert(nc=1); |
105 | assert(nr==1); assert(nc=1); |
102 | return opkele::util::string_to_long(T.get(1,0,nc)); |
106 | return opkele::util::string_to_long(T.get(1,0,nc)); |
103 | } |
107 | } |
104 | |
108 | |
105 | ostream& cookie_header(ostream& o) const { |
109 | ostream& cookie_header(ostream& o) const { |
106 | o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; |
110 | o << "Set-Cookie: " << htc.set_cookie_header() << "\n"; |
107 | return o; |
111 | return o; |
108 | } |
112 | } |
109 | |
113 | |
110 | opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { |
114 | opkele::assoc_t alloc_assoc(const string& type,size_t klength,bool sl) { |
111 | uuid_t uuid; uuid_generate(uuid); |
115 | uuid_t uuid; uuid_generate(uuid); |
112 | string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); |
116 | string a_handle = opkele::util::encode_base64(uuid,sizeof(uuid)); |
113 | opkele::secret_t a_secret; |
117 | opkele::secret_t a_secret; |
114 | generate_n( |
118 | generate_n( |
115 | back_insert_iterator<opkele::secret_t>(a_secret),klength, |
119 | back_insert_iterator<opkele::secret_t>(a_secret),klength, |
116 | rand ); |
120 | rand ); |
117 | string ssecret; a_secret.to_base64(ssecret); |
121 | string ssecret; a_secret.to_base64(ssecret); |
118 | time_t now = time(0); |
122 | time_t now = time(0); |
119 | int expires_in = sl?3600*2:3600*24*7*2; |
123 | int expires_in = sl?3600*2:3600*24*7*2; |
120 | sqlite3_mem_t<char*> |
124 | sqlite3_mem_t<char*> |
121 | S = sqlite3_mprintf( |
125 | S = sqlite3_mprintf( |
122 | "INSERT INTO assoc" |
126 | "INSERT INTO assoc" |
123 | " (a_handle,a_type,a_ctime,a_etime,a_secret,a_stateless)" |
127 | " (a_handle,a_type,a_ctime,a_etime,a_secret,a_stateless)" |
124 | " VALUES (" |
128 | " VALUES (" |
125 | " %Q,%Q,datetime('now')," |
129 | " %Q,%Q,datetime('now')," |
126 | " datetime('now','+%d seconds')," |
130 | " datetime('now','+%d seconds')," |
127 | " %Q,%d );", |
131 | " %Q,%d );", |
128 | a_handle.c_str(), type.c_str(), |
132 | a_handle.c_str(), type.c_str(), |
129 | expires_in, |
133 | expires_in, |
130 | ssecret.c_str(), sl ); |
134 | ssecret.c_str(), sl ); |
131 | db.exec(S); |
135 | db.exec(S); |
132 | return opkele::assoc_t(new opkele::association( |
136 | return opkele::assoc_t(new opkele::association( |
133 | "", |
137 | "", |
134 | a_handle, type, a_secret, |
138 | a_handle, type, a_secret, |
135 | now+expires_in, sl )); |
139 | now+expires_in, sl )); |
136 | } |
140 | } |
137 | |
141 | |
138 | opkele::assoc_t retrieve_assoc(const string& h) { |
142 | opkele::assoc_t retrieve_assoc(const string& h) { |
139 | sqlite3_mem_t<char*> |
143 | sqlite3_mem_t<char*> |
140 | S = sqlite3_mprintf( |
144 | S = sqlite3_mprintf( |
141 | "SELECT" |
145 | "SELECT" |
142 | " a_handle,a_type,a_secret,a_stateless," |
146 | " a_handle,a_type,a_secret,a_stateless," |
143 | " strftime('%%s',a_etime) AS a_etime," |
147 | " strftime('%%s',a_etime) AS a_etime," |
144 | " a_itime" |
148 | " a_itime" |
145 | " FROM assoc" |
149 | " FROM assoc" |
146 | " WHERE a_handle=%Q AND a_itime IS NULL" |
150 | " WHERE a_handle=%Q AND a_itime IS NULL" |
|