--commit still broken
authorPhil <phil.buschmann@tum.de>
Thu, 7 Dec 2017 13:03:56 +0000 (13:03 +0000)
committerPhil <phil.buschmann@tum.de>
Thu, 7 Dec 2017 13:03:56 +0000 (13:03 +0000)
src/identity-provider/logfile.txt [new file with mode: 0644]
src/identity-provider/plugin_rest_identity_provider.c
src/identity-provider/vgcore.2692 [new file with mode: 0644]

diff --git a/src/identity-provider/logfile.txt b/src/identity-provider/logfile.txt
new file mode 100644 (file)
index 0000000..a59f247
--- /dev/null
@@ -0,0 +1,73 @@
+*** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f9c415c9275 ***
+*** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f0888c25275 ***
+*** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f7dee65b275 ***
+Nov 23 13:58:28-246065 gnunet-rest-server-26879 ERROR Error: (null)
+Nov 23 13:58:46-677968 gnunet-rest-server-26879 ERROR Error: Missing openid scope
+Nov 23 13:59:34-165447 gnunet-rest-server-26901 ERROR Error: Missing openid scope
+Nov 23 14:04:07-545573 gnunet-rest-server-28097 ERROR Error: Response type is not code
+Nov 23 14:53:06-102430 gnunet-rest-server-30299 ERROR Error: Missing openid scope
+Nov 23 14:54:04-248567 gnunet-rest-server-30798 ERROR Error: Missing openid scope
+Nov 23 14:56:12-809322 gnunet-rest-server-31914 ERROR Error: Missing openid scope
+Nov 23 14:56:39-819194 gnunet-rest-server-31914 ERROR Error: Missing openid scope
+Nov 23 14:58:38-889573 gnunet-rest-server-601 ERROR Error: Missing openid scope
+Nov 30 11:59:42-727619 gnunet-rest-server-9307 ERROR (null)Nov 30 12:00:28-889186 gnunet-rest-server-9307 ERROR (null)Nov 30 12:01:56-950658 gnunet-rest-server-10445 ERROR con_handle: /idp/authorize
+Nov 30 12:01:56-982304 gnunet-rest-server-10445 ERROR url: /idp/authorize
+Nov 30 12:08:22-749785 gnunet-rest-server-11652 ERROR con_handle: /idp/authorize
+Nov 30 12:08:22-782042 gnunet-rest-server-11652 ERROR url: /idp/authorize
+Nov 30 12:39:51-816632 gnunet-rest-server-14500 ERROR url: /idp/authorize
+Dec 04 09:51:02-313753 gnunet-rest-server-1974 ERROR No default ego configured in identity service
+Dec 04 09:51:09-311601 gnunet-rest-server-1974 ERROR No default ego configured in identity service
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 11:58:11-490711 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 11:58:11-508689 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 11:58:11-511015 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 12:38:15-960444 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 12:38:16-003695 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 12:38:16-021887 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 12:38:29-977580 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 12:38:30-008002 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 12:38:30-036167 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 12:43:23-654462 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 12:43:23-655070 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 12:43:23-665165 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 13:06:56-306701 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 13:06:56-326200 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 13:06:56-331741 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1
+Dec 04 13:09:56-080335 gnunet-rest-server-10794 ERROR URL (response_type=code)
+Dec 04 13:12:49-565164 gnunet-rest-server-11931 ERROR URL (response_type=code)
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 13:12:49-586734 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 13:12:49-592627 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 13:12:49-601007 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1
+Dec 04 13:15:25-370395 gnunet-rest-server-13261 ERROR URL (acr_values=true)
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 13:15:25-395382 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 13:15:25-399622 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 13:15:25-408151 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1
+Dec 04 13:36:24-427812 gnunet-rest-server-15336 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=11111&ui_locales=test&)
+Failed to send data in request for `/idp/tickets/testego'.
+Dec 04 13:36:24-450636 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/idp/attributes/testego'.
+Dec 04 13:36:24-456164 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1
+Failed to send data in request for `/names/'.
+Dec 04 13:36:24-461431 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1
+Dec 04 13:39:02-052691 gnunet-rest-server-16482 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=1111&ui_locales=test&acr_values=true)
+Dec 04 15:27:43-226881 gnunet-rest-server-16482 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=11111&ui_locales=test&acr_values=true)
index 1bef87aceed12bdb259f24926cb4da0eb38e6374..1ad0aef42ceefe0d7cf2821ff929a6bc9e0fa530 100644 (file)
@@ -70,7 +70,6 @@
  */
 #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize"
 
-
 /**
  * Attribute key
  */
  */
 #define ID_REST_STATE_POST_INIT 1
 
+/**
+ * OIDC response_type key
+ */
+#define OIDC_RESPONSE_TYPE_KEY "response_type"
+
+/**
+ * OIDC client_id key
+ */
+#define OIDC_CLIENT_ID_KEY "client_id"
+
+/**
+ * OIDC scope key
+ */
+#define OIDC_SCOPE_KEY "scope"
+
+/**
+ * OIDC redirect_uri key
+ */
+#define OIDC_REDIRECT_URI_KEY "redirect_uri"
+
+/**
+ * OIDC state key
+ */
+#define OIDC_STATE_KEY "state"
+
+/**
+ * OIDC nonce key
+ */
+#define OIDC_NONCE_KEY "nonce"
+
+/**
+ * OIDC expected response_type while authorizing
+ */
+#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code"
+
+/**
+ * OIDC expected scope part while authorizing
+ */
+#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid"
+
+
+/**
+ * OIDC ignored parameter array
+ */
+char* OIDC_ignored_parameter_array [] =
+{
+  "display", "prompt", "max_age", "ui_locales", "response_mode",
+  "id_token_hint", "login_hint", "acr_values"
+};
 
 /**
  * The configuration handle
@@ -799,10 +847,10 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
                                  strlen (rnd_str),
                                  &ticket.rnd,
                                  sizeof (uint64_t));
-  GNUNET_STRINGS_string_to_data (identity_str,
-                                 strlen (identity_str),
-                                 &ticket.identity,
-                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+//  GNUNET_STRINGS_string_to_data (identity_str,
+//                                 strlen (identity_str),
+//                                 &ticket.identity,type filter text
+//                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
   GNUNET_STRINGS_string_to_data (audience_str,
                                  strlen (audience_str),
                                  &ticket.audience,
@@ -1030,88 +1078,120 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
                 const char* url,
                 void *cls)
 {
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+  char *response_type, *client_id, *scope, *redirect_uri, *state, *nonce;
 
   //TODO clean up method
 
+  /**  The Authorization Server MUST validate all the OAuth 2.0 parameters
+   *   according to the OAuth 2.0 specification.
+   */
+  /**   The Authorization Server MUST verify that all the REQUIRED parameters
+   *   are present and their usage conforms to this specification.
+   */
+  /**
+   *   If the sub (subject) Claim is requested with a specific value for the
+   *   ID Token, the Authorization Server MUST only send a positive response
+   *   if the End-User identified by that sub value has an active session with
+   *   the Authorization Server or has been Authenticated as a result of the
+   *   request. The Authorization Server MUST NOT reply with an ID Token or
+   *   Access Token for a different user, even if they have an active session
+   *   with the Authorization Server. Such a request can be made either using
+   *   an id_token_hint parameter or by requesting a specific Claim Value as
+   *   described in Section 5.5.1, if the claims parameter is supported by
+   *   the implementation.
+   */
 
-  //    The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification.
-  //    The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification.
-  //    If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation.
 
+  int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *);
 
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Size %i = 8\n", size);
 
-  struct MHD_Response *resp;
-  struct RequestHandle *handle = cls;
+  struct GNUNET_HashCode cache_key;
 
-  /*
-   *   response_type   0
-   *   client_id               1
-   *   scope                   2
-   *   redirect_uri    3
-   *   state                   4
-   *   nonce                   5
-   *   display                 6
-   *   prompt                  7
-   *   max_age                 8
-   *   ui_locales              9
-   *   response_mode   10
-   *   id_token_hint   11
-   *   login_hint              12
-   *   acr_values              13
-   */
-  char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
-    "state", "nonce", "display", "prompt", "max_age", "ui_locales",
-    "response_mode", "id_token_hint","login_hint", "acr_values" };
-  int array_size=14;
-  int bool_array[array_size];
+  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
+                     &cache_key);
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                                          &cache_key))
+  {
+    //TODO error
 
-  struct GNUNET_HashCode cache_key;
+  }
+  response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                                    &cache_key);
 
-  //iterates over each parameter and store used values in array array[]
-  int iterator;
-  for( iterator = 0; iterator<array_size; iterator++){
-    GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);
-    char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key);
-    bool_array[iterator]=0;
-    if(cache!=0){
-      size_t size=strlen(cache)+1;
-      array[iterator]=(char*)malloc(size*sizeof(char));
-      strncpy(array[iterator],cache,size);
-      bool_array[iterator]=1;
-    }
+
+  GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
+                     &cache_key);
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                                          &cache_key))
+  {
+    //TODO error
   }
+  client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                               &cache_key);
 
-  /* MUST validate all the OAuth 2.0 parameters & that all the 
-   * REQUIRED parameters are present and their usage conforms to this specification
-   */
-  GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (array[iterator]), &cache_key);
+
+  GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
   if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
-                                                           &key))
+                                                          &cache_key))
   {
-    handle->emsg=GNUNET_strdup("invalid_request");
-    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    //TODO error
   }
-  response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
-                                                    &key);
+  scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                           &cache_key);
 
-  //required values: response_type, client_id, scope, redirect_uri
-  if(!bool_array[0] || !bool_array[1] || !bool_array[2] || !bool_array[3]){
-    handle->emsg=GNUNET_strdup("invalid_request");
-    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
+                     &cache_key);
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                                          &cache_key))
+  {
+    //TODO error
+  }
+  redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                               &cache_key);
+
+  GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                                          &cache_key))
+  {
+    //TODO error
   }
+  state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                           &cache_key);
+
+  GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
+  if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                                          &cache_key))
+  {
+    //TODO error
+  }
+  nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+                                           &cache_key);
+
+  int iterator;
+  for( iterator = 0; iterator < size; iterator++ )
+  {
+    GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
+                       strlen(OIDC_ignored_parameter_array[iterator]),
+                       &cache_key);
+    if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
+                                                           &cache_key))
+    {
+      //TODO error
+    }
+  }
+
+
   //response_type = code
-  if(strcmp(array[0],"code")!=0){
-    handle->emsg=GNUNET_strdup("invalid_response_type");
-    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+  if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 )
+  {
+    //TODO error
   }
   //scope contains openid
-  if(strstr(array[2],"openid")==NULL){
+  if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL )
+  {
     handle->emsg=GNUNET_strdup("invalid_scope");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -1121,7 +1201,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
   //TODO check other values and use them accordingly
 
 
-  char* redirect_url_to_login;
+  char* login_base_url;
 
   //   if(){
   //
@@ -1131,67 +1211,29 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
   if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
                                                           "identity-rest-plugin",
                                                           "address",
-                                                          &redirect_url_to_login)){
-
-    char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri",
-      "state", "nonce", "display", "prompt", "max_age", "ui_locales",
-      "response_mode", "id_token_hint","login_hint", "acr_values" };
-    GNUNET_asprintf (new_redirect, "%s=%s&...",
+                                                          &login_base_url))
+  {
+    char* new_redirect;
+    GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
+                    login_base_url,
+                    OIDC_RESPONSE_TYPE_KEY, response_type,
+                    OIDC_CLIENT_ID_KEY, client_id,
                      OIDC_REDIRECT_URI_KEY, redirect_uri,
-                     OIDC_CLIENT_ID_KEY, client_id,
-                     ...);
-    size_t redirect_parameter_size= strlen("?");
-    for(iterator=0;iterator<array_size;iterator++){
-      if(bool_array[iterator]){
-        redirect_parameter_size += strlen(array[iterator]);
-        redirect_parameter_size += strlen(build_array[iterator]);
-        if(iterator==array_size-1)
-        {
-          redirect_parameter_size += strlen("=");
-        }else{
-          redirect_parameter_size += strlen("=&");
-        }
-      }
-    }
-
-    char redirect_parameter[redirect_parameter_size+1];
-    redirect_parameter_size = 0;
-    redirect_parameter[redirect_parameter_size]='?';
-    for(iterator=0;iterator<array_size;iterator++){
-      if(bool_array[iterator]){
-        //If not last parameter
-        if(iterator!=array_size-1)
-        {
-          char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
-          snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]);
-          strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 );
-        }else{
-          char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
-          snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]);
-          strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 );
-        }
-      }
-    }
-    char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
-    snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter);
+                    OIDC_SCOPE_KEY, scope,
+                    OIDC_STATE_KEY, state,
+                    OIDC_NONCE_KEY, nonce
+                    );
     resp = GNUNET_REST_create_response ("");
-    MHD_add_response_header (resp, "Location", redirect_component);
+    MHD_add_response_header (resp, "Location", new_redirect);
   }else{
     handle->emsg=GNUNET_strdup("No server on localhost:8000");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
-    //          resp = GNUNET_REST_create_response ("");
-    //          MHD_add_response_header (resp, "Location", array[3]);
   }
 
   handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
   cleanup_handle (handle);
-  for(iterator=0; iterator<array_size; iterator++){
-    if(bool_array[iterator]){
-      free(array[iterator]);
-    }
-  }
   return;
 }
 
diff --git a/src/identity-provider/vgcore.2692 b/src/identity-provider/vgcore.2692
new file mode 100644 (file)
index 0000000..d5691a6
Binary files /dev/null and b/src/identity-provider/vgcore.2692 differ