From: Schanzenbach, Martin Date: Tue, 30 May 2017 11:50:07 +0000 (+0200) Subject: -fix idp X-Git-Tag: gnunet-0.11.0rc0~24^2~85 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5747257471e9b66208836799bced6df3d32c50f4;p=oweals%2Fgnunet.git -fix idp --- diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index fd0c9e3d5..ca54137ad 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -348,7 +348,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle) * @param lr the verify request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr) +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr) { struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle; diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 92804c97a..4a6dc5ccd 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -130,7 +130,7 @@ do_shutdown (void *cls) { if (NULL != verify_request) { - GNUNET_CREDENTIAL_verify_cancel (verify_request); + GNUNET_CREDENTIAL_request_cancel (verify_request); verify_request = NULL; } if (NULL != credential) diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 59022e794..48d48fba0 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -177,7 +177,7 @@ cleanup_handle (struct RequestHandle *handle) if (NULL != handle->subject_attr) GNUNET_free (handle->subject_attr); if (NULL != handle->verify_request) - GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); + GNUNET_CREDENTIAL_request_cancel (handle->verify_request); if (NULL != handle->credential) GNUNET_CREDENTIAL_disconnect (handle->credential); if (NULL != handle->id_op) diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9e06fef9..f4ea352d4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c @@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle) ticket_destroy (handle->ticket); if (NULL != handle->label) GNUNET_free (handle->label); + if (NULL != handle->ns_it) + GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); + if (NULL != handle->credential_request) + GNUNET_CREDENTIAL_request_cancel (handle->credential_request); GNUNET_free (handle); } @@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls, } - -static void -find_existing_token_error (void *cls) -{ - struct IssueHandle *handle = cls; - cleanup_issue_handle (handle); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n"); - GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); -} - - -static void -find_existing_token_finished (void *cls) -{ - struct IssueHandle *handle = cls; - uint64_t rnd_key; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - ">>> No existing token found\n"); - rnd_key = - GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, - UINT64_MAX); - GNUNET_STRINGS_base64_encode ((char*)&rnd_key, - sizeof (uint64_t), - &handle->label); - handle->ns_it = NULL; - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &handle->iss_key, - &attr_collect_error, - handle, - &attr_collect, - handle, - &attr_collect_finished, - handle); -} - - -/** - * - * Look for existing token - * - * @param cls the identity entry - * @param zone the identity - * @param lbl the name of the record - * @param rd_count number of records - * @param rd record data - * - */ -static void -find_existing_token (void *cls, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *lbl, - unsigned int rd_count, - const struct GNUNET_GNSRECORD_Data *rd) -{ - struct IssueHandle *handle = cls; - const struct GNUNET_GNSRECORD_Data *token_metadata_record; - struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; - struct GNUNET_HashCode key; - int scope_count_token; - char *scope; - char *tmp_scopes; - - //There should be only a single record for a token under a label - if (2 != rd_count) - { - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - token_metadata_record = &rd[0]; - } - else - { - token_metadata_record = &rd[1]; - } - if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) - { - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); - aud_key = - (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); - tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - - if (0 != memcmp (aud_key, &handle->aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) - { - char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - //Audience does not match! - char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, - token_metadata_record->data, - token_metadata_record->data_size); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Token does not match audience %s vs %s. Moving on\n", - tmp2, - tmp); - GNUNET_free (tmp_scopes); - GNUNET_free (tmp2); - GNUNET_free (tmp); - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - - scope = strtok (tmp_scopes, ","); - scope_count_token = 0; - while (NULL != scope) - { - GNUNET_CRYPTO_hash (scope, - strlen (scope), - &key); - - if ((NULL != handle->attr_map) && - (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) - { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Issued token does not include `%s'. Moving on\n", scope); - GNUNET_free (tmp_scopes); - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); - return; - } - scope_count_token++; - scope = strtok (NULL, ","); - } - GNUNET_free (tmp_scopes); - //All scopes in token are also in request. Now - //Check length - if ((NULL != handle->attr_map) && - (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)) - { - //We have an existing token - handle->label = GNUNET_strdup (lbl); - handle->ns_it = NULL; - handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &handle->iss_key, - &attr_collect_error, - handle, - &attr_collect, - handle, - &attr_collect_finished, - handle); - - return; - } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Nuber of attributes in token do not match request\n"); - //No luck - GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); -} - /** * Checks an issue message * @@ -1684,6 +1534,7 @@ handle_issue_message (void *cls, char *scopes_tmp; char *scope; const char *v_attrs; + uint64_t rnd_key; struct GNUNET_HashCode key; struct IssueHandle *issue_handle; struct VerifiedAttributeEntry *vattr_entry; @@ -1733,14 +1584,20 @@ handle_issue_message (void *cls, issue_handle->scopes = GNUNET_strdup (scopes); issue_handle->token = token_create (&issue_handle->iss_pkey, &issue_handle->aud_key); + rnd_key = + GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, + UINT64_MAX); + GNUNET_STRINGS_base64_encode ((char*)&rnd_key, + sizeof (uint64_t), + &issue_handle->label); issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, - &im->iss_key, - &find_existing_token_error, + &issue_handle->iss_key, + &attr_collect_error, issue_handle, - &find_existing_token, + &attr_collect, issue_handle, - &find_existing_token_finished, + &attr_collect_finished, issue_handle); } diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 5ea7b2821..dfb935f5b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c @@ -402,6 +402,8 @@ token_creat_cont (void *cls, char *ticket_str; char *token_str; char *result_str; + + handle->idp_op = NULL; if (NULL == ticket) { diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 6c9b477ea..67c2f2b4c 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h @@ -377,7 +377,7 @@ GNUNET_CREDENTIAL_credential_issue ( * @param lr the lookup request to cancel */ void -GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr); +GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr); #if 0 /* keep Emacsens' auto-indent happy */