From: Schanzenbach, Martin Date: Mon, 3 Jun 2019 19:22:50 +0000 (+0200) Subject: RECLAIM: Various fixes (coverity) X-Git-Tag: v0.11.5~31 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a00a49bf58c502ab860adaa6b01541c0e7e3e645;p=oweals%2Fgnunet.git RECLAIM: Various fixes (coverity) --- diff --git a/src/reclaim-attribute/reclaim_attribute.c b/src/reclaim-attribute/reclaim_attribute.c index b9465bef7..96e61d431 100644 --- a/src/reclaim-attribute/reclaim_attribute.c +++ b/src/reclaim-attribute/reclaim_attribute.c @@ -495,12 +495,18 @@ GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char *data, size_t data_size) attr_ser = (struct Attribute *) data; data_len = ntohs (attr_ser->data_size); name_len = ntohs (attr_ser->name_len); + if (data_size < sizeof (struct Attribute) + data_len + name_len) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Buffer too small to deserialize\n"); + return NULL; + } attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) + data_len + name_len + 1); attr->type = ntohs (attr_ser->attribute_type); attr->version = ntohl (attr_ser->attribute_version); attr->id = GNUNET_ntohll (attr_ser->attribute_id); - attr->data_size = ntohs (attr_ser->data_size); + attr->data_size = data_len; write_ptr = (char *) &attr[1]; GNUNET_memcpy (write_ptr, &attr_ser[1], name_len); diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c index 4b4b73008..fcb7b9bc6 100644 --- a/src/reclaim/gnunet-reclaim.c +++ b/src/reclaim/gnunet-reclaim.c @@ -267,6 +267,8 @@ ticket_iter (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) ref = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t)); fprintf (stdout, "Ticket ID: %s | Audience: %s\n", ref, aud); + GNUNET_free (aud); + GNUNET_free (ref); GNUNET_RECLAIM_ticket_iteration_next (ticket_iterator); } @@ -448,8 +450,13 @@ start_process () return; } - if (NULL != rp) - GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key); + if ((NULL != rp) && + GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key)) + { + fprintf (stderr, "%s is not a public key!\n", rp); + cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); + return; + } if (NULL != consume_ticket) GNUNET_STRINGS_string_to_data (consume_ticket, strlen (consume_ticket), &ticket, diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c index ffc67c5ae..322063fd9 100644 --- a/src/reclaim/gnunet-service-reclaim.c +++ b/src/reclaim/gnunet-service-reclaim.c @@ -947,6 +947,7 @@ attr_store_task (void *cls) &attr_store_cont, ash); GNUNET_free (buf); + GNUNET_free (label); } @@ -1126,10 +1127,17 @@ update_tickets (void *cls) le); struct GNUNET_GNSRECORD_Data rd[le->rd_count]; struct GNUNET_GNSRECORD_Data rd_new[le->rd_count - 1]; - GNUNET_GNSRECORD_records_deserialize (le->data_size, + if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size, le->data, le->rd_count, - rd); + rd)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to deserialize record data!\n"); + send_delete_response (adh, GNUNET_SYSERR); + cleanup_adh (adh); + return; + } int j = 0; for (int i = 0; i < le->rd_count; i++) { if ((GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF == rd[i].record_type) diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c index d20a4e3bf..9a595447d 100644 --- a/src/reclaim/gnunet-service-reclaim_tickets.c +++ b/src/reclaim/gnunet-service-reclaim_tickets.c @@ -312,7 +312,7 @@ move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rh); static void move_attrs_cont (void *cls) { - move_attrs ((struct RECLAIM_TICKETS_RevokeHandle *)cls); + move_attrs ((struct RECLAIM_TICKETS_RevokeHandle *) cls); } /** @@ -329,13 +329,16 @@ cleanup_rvk (struct RECLAIM_TICKETS_RevokeHandle *rh) GNUNET_NAMESTORE_cancel (rh->ns_qe); if (NULL != rh->ns_it) GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it); - while (NULL != (ae = rh->attrs_head)) { + while (NULL != (ae = rh->attrs_head)) + { GNUNET_CONTAINER_DLL_remove (rh->attrs_head, rh->attrs_tail, ae); GNUNET_free (ae); } - while (NULL != (le = rh->tickets_to_update_head)) { + while (NULL != (le = rh->tickets_to_update_head)) + { GNUNET_CONTAINER_DLL_remove (rh->tickets_to_update_head, - rh->tickets_to_update_head, le); + rh->tickets_to_update_head, + le); if (NULL != le->data) GNUNET_free (le->data); if (NULL != le->label) @@ -350,8 +353,10 @@ del_attr_finished (void *cls, int32_t success, const char *emsg) { struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; rvk->ns_qe = NULL; - if (GNUNET_SYSERR == success) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error removing attribute: %s\n", + if (GNUNET_SYSERR == success) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Error removing attribute: %s\n", emsg); rvk->cb (rvk->cb_cls, GNUNET_SYSERR); cleanup_rvk (rvk); @@ -367,7 +372,8 @@ move_attr_finished (void *cls, int32_t success, const char *emsg) struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; char *label; rvk->ns_qe = NULL; - if (GNUNET_SYSERR == success) { + if (GNUNET_SYSERR == success) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error moving attribute: %s\n", emsg); rvk->cb (rvk->cb_cls, GNUNET_SYSERR); cleanup_rvk (rvk); @@ -375,15 +381,24 @@ move_attr_finished (void *cls, int32_t success, const char *emsg) } label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id, sizeof (uint64_t)); + GNUNET_assert (NULL != label); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Removing attribute %s\n", label); - rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &rvk->identity, label, 0, - NULL, &del_attr_finished, rvk); + rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, + &rvk->identity, + label, + 0, + NULL, + &del_attr_finished, + rvk); + GNUNET_free (label); } static void -rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, unsigned int rd_count, +rvk_move_attr_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; @@ -393,9 +408,11 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, char *new_label; char *attr_data; rvk->ns_qe = NULL; - if (0 == rd_count) { + if (0 == rd_count) + { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "The attribute %s no longer exists!\n", label); + "The attribute %s no longer exists!\n", + label); le = rvk->move_attr; rvk->move_attr = le->next; GNUNET_CONTAINER_DLL_remove (rvk->attrs_head, rvk->attrs_tail, le); @@ -409,7 +426,8 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, new_rd = *rd; claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (rd->data, rd->data_size); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Attribute to update: Name=%s, ID=%" PRIu64 "\n", claim->name, + "Attribute to update: Name=%s, ID=%" PRIu64 "\n", + claim->name, claim->id); claim->id = rvk->move_attr->new_id; new_rd.data_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (claim); @@ -419,8 +437,13 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, new_label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->new_id, sizeof (uint64_t)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute %s\n", new_label); - rvk->ns_qe = GNUNET_NAMESTORE_records_store ( - nsh, &rvk->identity, new_label, 1, &new_rd, &move_attr_finished, rvk); + rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, + &rvk->identity, + new_label, + 1, + &new_rd, + &move_attr_finished, + rvk); GNUNET_free (new_label); GNUNET_free (claim); GNUNET_free (attr_data); @@ -428,8 +451,10 @@ rvk_move_attr_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, static void -rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, unsigned int rd_count, +rvk_ticket_update (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; @@ -438,10 +463,12 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, int has_changed = GNUNET_NO; /** Let everything point to the old record **/ - for (int i = 0; i < rd_count; i++) { + for (int i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type) continue; - for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) { + for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) + { if (0 != memcmp (rd[i].data, &ae->old_id, sizeof (uint64_t))) continue; has_changed = GNUNET_YES; @@ -450,7 +477,8 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, if (GNUNET_YES == has_changed) break; } - if (GNUNET_YES == has_changed) { + if (GNUNET_YES == has_changed) + { le = GNUNET_new (struct TicketRecordsEntry); le->data_size = GNUNET_GNSRECORD_records_get_size (rd_count, rd); le->data = GNUNET_malloc (le->data_size); @@ -458,7 +486,8 @@ rvk_ticket_update (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, le->label = GNUNET_strdup (label); GNUNET_GNSRECORD_records_serialize (rd_count, rd, le->data_size, le->data); GNUNET_CONTAINER_DLL_insert (rvk->tickets_to_update_head, - rvk->tickets_to_update_tail, le); + rvk->tickets_to_update_tail, + le); } GNUNET_NAMESTORE_zone_iterator_next (rvk->ns_it, 1); } @@ -482,7 +511,8 @@ process_tickets (void *cls) struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; struct TicketRecordsEntry *le; struct RevokedAttributeEntry *ae; - if (NULL == rvk->tickets_to_update_head) { + if (NULL == rvk->tickets_to_update_head) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished updatding tickets, success\n"); rvk->cb (rvk->cb_cls, GNUNET_OK); @@ -491,21 +521,38 @@ process_tickets (void *cls) } le = rvk->tickets_to_update_head; GNUNET_CONTAINER_DLL_remove (rvk->tickets_to_update_head, - rvk->tickets_to_update_tail, le); + rvk->tickets_to_update_tail, + le); struct GNUNET_GNSRECORD_Data rd[le->rd_count]; - GNUNET_GNSRECORD_records_deserialize (le->data_size, le->data, le->rd_count, - rd); - for (int i = 0; i < le->rd_count; i++) { + if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size, + le->data, + le->rd_count, + rd)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to deserialize ticket record(s)\n"); + rvk->cb (rvk->cb_cls, GNUNET_SYSERR); + cleanup_rvk (rvk); + return; + } + for (int i = 0; i < le->rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type) continue; - for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) { + for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) + { if (0 != memcmp (rd[i].data, &ae->old_id, sizeof (uint64_t))) continue; rd[i].data = &ae->new_id; } } - rvk->ns_qe = GNUNET_NAMESTORE_records_store ( - nsh, &rvk->identity, le->label, le->rd_count, rd, &ticket_processed, rvk); + rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, + &rvk->identity, + le->label, + le->rd_count, + rd, + &ticket_processed, + rvk); GNUNET_free (le->label); GNUNET_free (le->data); GNUNET_free (le); @@ -551,19 +598,31 @@ move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rvk) { char *label; - if (NULL == rvk->move_attr) { + if (NULL == rvk->move_attr) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished moving attributes\n"); - rvk->ns_it = GNUNET_NAMESTORE_zone_iteration_start ( - nsh, &rvk->identity, &rvk_ns_iter_err, rvk, &rvk_ticket_update, rvk, - &rvk_ticket_update_finished, rvk); + rvk->ns_it = + GNUNET_NAMESTORE_zone_iteration_start (nsh, + &rvk->identity, + &rvk_ns_iter_err, + rvk, + &rvk_ticket_update, + rvk, + &rvk_ticket_update_finished, + rvk); return; } label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id, sizeof (uint64_t)); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Moving attribute %s\n", label); - rvk->ns_qe = GNUNET_NAMESTORE_records_lookup ( - nsh, &rvk->identity, label, &rvk_ns_err, rvk, &rvk_move_attr_cb, rvk); + rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, + &rvk->identity, + label, + &rvk_ns_err, + rvk, + &rvk_move_attr_cb, + rvk); GNUNET_free (label); } @@ -573,14 +632,16 @@ remove_ticket_cont (void *cls, int32_t success, const char *emsg) { struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; rvk->ns_qe = NULL; - if (GNUNET_SYSERR == success) { + if (GNUNET_SYSERR == success) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", emsg); rvk->cb (rvk->cb_cls, GNUNET_SYSERR); cleanup_rvk (rvk); return; } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleted ticket\n"); - if (0 == rvk->ticket_attrs) { + if (0 == rvk->ticket_attrs) + { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "No attributes to move... strange\n"); rvk->cb (rvk->cb_cls, GNUNET_OK); @@ -593,26 +654,34 @@ remove_ticket_cont (void *cls, int32_t success, const char *emsg) static void -revoke_attrs_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, unsigned int rd_count, +revoke_attrs_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; struct RevokedAttributeEntry *le; rvk->ns_qe = NULL; - for (int i = 0; i < rd_count; i++) { + for (int i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type) continue; le = GNUNET_new (struct RevokedAttributeEntry); - le->old_id = *((uint64_t *)rd[i].data); + le->old_id = *((uint64_t *) rd[i].data); GNUNET_CONTAINER_DLL_insert (rvk->attrs_head, rvk->attrs_tail, le); rvk->ticket_attrs++; } /** Now, remove ticket **/ - rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &rvk->identity, label, 0, - NULL, &remove_ticket_cont, rvk); + rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, + &rvk->identity, + label, + 0, + NULL, + &remove_ticket_cont, + rvk); } @@ -628,7 +697,8 @@ rvk_attrs_err_cb (void *cls) struct RECLAIM_TICKETS_RevokeHandle * RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - RECLAIM_TICKETS_RevokeCallback cb, void *cb_cls) + RECLAIM_TICKETS_RevokeCallback cb, + void *cb_cls) { struct RECLAIM_TICKETS_RevokeHandle *rvk; char *label; @@ -641,9 +711,14 @@ RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket, GNUNET_CRYPTO_ecdsa_key_get_public (&rvk->identity, &rvk->ticket.identity); /** Get shared attributes **/ label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof (uint64_t)); - - rvk->ns_qe = GNUNET_NAMESTORE_records_lookup ( - nsh, identity, label, &rvk_attrs_err_cb, rvk, &revoke_attrs_cb, rvk); + GNUNET_assert (NULL != label); + rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, + identity, + label, + &rvk_attrs_err_cb, + rvk, + &revoke_attrs_cb, + rvk); return rvk; } @@ -669,12 +744,14 @@ cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth) GNUNET_GNS_lookup_cancel (cth->lookup_request); if (NULL != cth->kill_task) GNUNET_SCHEDULER_cancel (cth->kill_task); - while (NULL != (lu = cth->parallel_lookups_head)) { + while (NULL != (lu = cth->parallel_lookups_head)) + { if (NULL != lu->lookup_request) GNUNET_GNS_lookup_cancel (lu->lookup_request); GNUNET_free_non_null (lu->label); GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, - cth->parallel_lookups_tail, lu); + cth->parallel_lookups_tail, + lu); GNUNET_free (lu); } @@ -685,23 +762,27 @@ cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth) static void -process_parallel_lookup_result (void *cls, uint32_t rd_count, +process_parallel_lookup_result (void *cls, + uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct ParallelLookup *parallel_lookup = cls; struct RECLAIM_TICKETS_ConsumeHandle *cth = parallel_lookup->handle; struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parallel lookup finished (count=%u)\n", + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Parallel lookup finished (count=%u)\n", rd_count); GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, - cth->parallel_lookups_tail, parallel_lookup); + cth->parallel_lookups_tail, + parallel_lookup); GNUNET_free (parallel_lookup->label); - GNUNET_STATISTICS_update ( - stats, "attribute_lookup_time_total", - GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time) - .rel_value_us, + GNUNET_STATISTICS_update (stats, + "attribute_lookup_time_total", + GNUNET_TIME_absolute_get_duration ( + parallel_lookup->lookup_start_time) + .rel_value_us, GNUNET_YES); GNUNET_STATISTICS_update (stats, "attribute_lookups_count", 1, GNUNET_YES); @@ -709,11 +790,13 @@ process_parallel_lookup_result (void *cls, uint32_t rd_count, GNUNET_free (parallel_lookup); if (1 != rd_count) GNUNET_break (0); // TODO - if (rd->record_type == GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR) { + if (rd->record_type == GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR) + { attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry); attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (rd->data, rd->data_size); - GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, cth->attrs->list_tail, + GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, + cth->attrs->list_tail, attr_le); } if (NULL != cth->parallel_lookups_head) @@ -733,12 +816,14 @@ abort_parallel_lookups (void *cls) struct ParallelLookup *tmp; cth->kill_task = NULL; - for (lu = cth->parallel_lookups_head; NULL != lu;) { + for (lu = cth->parallel_lookups_head; NULL != lu;) + { GNUNET_GNS_lookup_cancel (lu->lookup_request); GNUNET_free (lu->label); tmp = lu->next; GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, - cth->parallel_lookups_tail, lu); + cth->parallel_lookups_tail, + lu); GNUNET_free (lu); lu = tmp; } @@ -747,7 +832,8 @@ abort_parallel_lookups (void *cls) static void -lookup_authz_cb (void *cls, uint32_t rd_count, +lookup_authz_cb (void *cls, + uint32_t rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RECLAIM_TICKETS_ConsumeHandle *cth = cls; @@ -756,14 +842,19 @@ lookup_authz_cb (void *cls, uint32_t rd_count, cth->lookup_request = NULL; - GNUNET_STATISTICS_update ( - stats, "reclaim_authz_lookup_time_total", - GNUNET_TIME_absolute_get_duration (cth->lookup_start_time).rel_value_us, + GNUNET_STATISTICS_update (stats, + "reclaim_authz_lookup_time_total", + GNUNET_TIME_absolute_get_duration ( + cth->lookup_start_time) + .rel_value_us, GNUNET_YES); - GNUNET_STATISTICS_update (stats, "reclaim_authz_lookups_count", 1, + GNUNET_STATISTICS_update (stats, + "reclaim_authz_lookups_count", + 1, GNUNET_YES); - for (int i = 0; i < rd_count; i++) { + for (int i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF != rd[i].record_type) continue; lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size); @@ -772,17 +863,24 @@ lookup_authz_cb (void *cls, uint32_t rd_count, parallel_lookup->handle = cth; parallel_lookup->label = lbl; parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get (); - parallel_lookup->lookup_request = GNUNET_GNS_lookup ( - gns, lbl, &cth->ticket.identity, GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR, - GNUNET_GNS_LO_DEFAULT, &process_parallel_lookup_result, - parallel_lookup); + parallel_lookup->lookup_request = + GNUNET_GNS_lookup (gns, + lbl, + &cth->ticket.identity, + GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR, + GNUNET_GNS_LO_DEFAULT, + &process_parallel_lookup_result, + parallel_lookup); GNUNET_CONTAINER_DLL_insert (cth->parallel_lookups_head, - cth->parallel_lookups_tail, parallel_lookup); + cth->parallel_lookups_tail, + parallel_lookup); } - if (NULL != cth->parallel_lookups_head) { + if (NULL != cth->parallel_lookups_head) + { cth->kill_task = GNUNET_SCHEDULER_add_delayed ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 3), - &abort_parallel_lookups, cth); + GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 3), + &abort_parallel_lookups, + cth); return; } cth->cb (cth->cb_cls, &cth->ticket.identity, cth->attrs, GNUNET_OK, NULL); @@ -793,7 +891,8 @@ lookup_authz_cb (void *cls, uint32_t rd_count, struct RECLAIM_TICKETS_ConsumeHandle * RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id, const struct GNUNET_RECLAIM_Ticket *ticket, - RECLAIM_TICKETS_ConsumeCallback cb, void *cb_cls) + RECLAIM_TICKETS_ConsumeCallback cb, + void *cb_cls) { struct RECLAIM_TICKETS_ConsumeHandle *cth; char *label; @@ -807,12 +906,18 @@ RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_EcdsaPrivateKey *id, cth->cb_cls = cb_cls; label = GNUNET_STRINGS_data_to_string_alloc (&cth->ticket.rnd, sizeof (uint64_t)); - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for AuthZ info under %s\n", + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Looking for AuthZ info under %s\n", label); cth->lookup_start_time = GNUNET_TIME_absolute_get (); - cth->lookup_request = GNUNET_GNS_lookup ( - gns, label, &cth->ticket.identity, GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF, - GNUNET_GNS_LO_DEFAULT, &lookup_authz_cb, cth); + cth->lookup_request = + GNUNET_GNS_lookup (gns, + label, + &cth->ticket.identity, + GNUNET_GNSRECORD_TYPE_RECLAIM_ATTR_REF, + GNUNET_GNS_LO_DEFAULT, + &lookup_authz_cb, + cth); GNUNET_free (label); return cth; } @@ -848,8 +953,11 @@ store_ticket_issue_cont (void *cls, int32_t success, const char *emsg) struct TicketIssueHandle *handle = cls; handle->ns_qe = NULL; - if (GNUNET_SYSERR == success) { - handle->cb (handle->cb_cls, &handle->ticket, GNUNET_SYSERR, + if (GNUNET_SYSERR == success) + { + handle->cb (handle->cb_cls, + &handle->ticket, + GNUNET_SYSERR, "Error storing AuthZ ticket in GNS"); return; } @@ -873,7 +981,8 @@ issue_ticket (struct TicketIssueHandle *ih) attrs_record = GNUNET_malloc (list_len * sizeof (struct GNUNET_GNSRECORD_Data)); i = 0; - for (le = ih->attrs->list_head; NULL != le; le = le->next) { + for (le = ih->attrs->list_head; NULL != le; le = le->next) + { attrs_record[i].data = &le->claim->id; attrs_record[i].data_size = sizeof (le->claim->id); //FIXME: Should this be the attribute expiration time or ticket refresh intv @@ -892,9 +1001,13 @@ issue_ticket (struct TicketIssueHandle *ih) label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, sizeof (uint64_t)); // Publish record - ih->ns_qe = GNUNET_NAMESTORE_records_store (nsh, &ih->identity, label, - list_len, attrs_record, - &store_ticket_issue_cont, ih); + ih->ns_qe = GNUNET_NAMESTORE_records_store (nsh, + &ih->identity, + label, + list_len, + attrs_record, + &store_ticket_issue_cont, + ih); GNUNET_free (attrs_record); GNUNET_free (label); } @@ -904,7 +1017,8 @@ void RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, const struct GNUNET_CRYPTO_EcdsaPublicKey *audience, - RECLAIM_TICKETS_TicketResult cb, void *cb_cls) + RECLAIM_TICKETS_TicketResult cb, + void *cb_cls) { struct TicketIssueHandle *tih; tih = GNUNET_new (struct TicketIssueHandle); @@ -933,16 +1047,19 @@ cleanup_iter (struct RECLAIM_TICKETS_Iterator *iter) static void -collect_tickets_cb (void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, unsigned int rd_count, +collect_tickets_cb (void *cls, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd) { struct RECLAIM_TICKETS_Iterator *iter = cls; - for (int i = 0; i < rd_count; i++) { + for (int i = 0; i < rd_count; i++) + { if (GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET != rd[i].record_type) continue; - iter->cb (iter->cb_cls, (struct GNUNET_RECLAIM_Ticket *)rd[i].data); + iter->cb (iter->cb_cls, (struct GNUNET_RECLAIM_Ticket *) rd[i].data); return; } GNUNET_NAMESTORE_zone_iterator_next (iter->ns_it, 1); @@ -986,17 +1103,24 @@ RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter) struct RECLAIM_TICKETS_Iterator * RECLAIM_TICKETS_iteration_start ( - const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, - RECLAIM_TICKETS_TicketIter cb, void *cb_cls) + const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, + RECLAIM_TICKETS_TicketIter cb, + void *cb_cls) { struct RECLAIM_TICKETS_Iterator *iter; iter = GNUNET_new (struct RECLAIM_TICKETS_Iterator); iter->cb = cb; iter->cb_cls = cb_cls; - iter->ns_it = GNUNET_NAMESTORE_zone_iteration_start ( - nsh, identity, &collect_tickets_error_cb, iter, &collect_tickets_cb, iter, - &collect_tickets_finished_cb, iter); + iter->ns_it = + GNUNET_NAMESTORE_zone_iteration_start (nsh, + identity, + &collect_tickets_error_cb, + iter, + &collect_tickets_cb, + iter, + &collect_tickets_finished_cb, + iter); return iter; } @@ -1005,28 +1129,32 @@ int RECLAIM_TICKETS_init (const struct GNUNET_CONFIGURATION_Handle *c) { // Get ticket expiration time (relative) from config - if (GNUNET_OK - == GNUNET_CONFIGURATION_get_value_time (c, - "reclaim", - "TICKET_REFRESH_INTERVAL", - &ticket_refresh_interval)) { - GNUNET_log ( - GNUNET_ERROR_TYPE_DEBUG, + if (GNUNET_OK == + GNUNET_CONFIGURATION_get_value_time (c, + "reclaim", + "TICKET_REFRESH_INTERVAL", + &ticket_refresh_interval)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Configured refresh interval for tickets: %s\n", GNUNET_STRINGS_relative_time_to_string (ticket_refresh_interval, GNUNET_YES)); - } else { + } + else + { ticket_refresh_interval = DEFAULT_TICKET_REFRESH_INTERVAL; } // Connect to identity and namestore services nsh = GNUNET_NAMESTORE_connect (c); - if (NULL == nsh) { + if (NULL == nsh) + { GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to namestore"); return GNUNET_SYSERR; } gns = GNUNET_GNS_connect (c); - if (NULL == gns) { + if (NULL == gns) + { GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns"); return GNUNET_SYSERR; } @@ -1043,7 +1171,8 @@ RECLAIM_TICKETS_deinit (void) if (NULL != gns) GNUNET_GNS_disconnect (gns); gns = NULL; - if (NULL != stats) { + if (NULL != stats) + { GNUNET_STATISTICS_destroy (stats, GNUNET_NO); stats = NULL; } diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c index 3ba4300bb..222cf1dbf 100644 --- a/src/reclaim/json_reclaim.c +++ b/src/reclaim/json_reclaim.c @@ -55,24 +55,37 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) GNUNET_assert (NULL != root); - if (!json_is_object (root)) { + if (! json_is_object (root)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error json is not array nor object!\n"); return GNUNET_SYSERR; } // interpret single attribute - unpack_state = - json_unpack (root, "{s:s, s?s, s:s, s:s!}", "name", &name_str, "id", - &id_str, "type", &type_str, "value", &val_str); + unpack_state = json_unpack (root, + "{s:s, s?s, s:s, s:s!}", + "name", + &name_str, + "id", + &id_str, + "type", + &type_str, + "value", + &val_str); if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_str) || - (NULL == type_str)) { + (NULL == type_str)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error json object has a wrong format!\n"); return GNUNET_SYSERR; } type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str); - if (GNUNET_SYSERR == (GNUNET_RECLAIM_ATTRIBUTE_string_to_value ( - type, val_str, (void **)&data, &data_size))) { + if (GNUNET_SYSERR == + (GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type, + val_str, + (void **) &data, + &data_size))) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Attribute value invalid!\n"); return GNUNET_SYSERR; } @@ -80,10 +93,12 @@ parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) if ((NULL == id_str) || (0 == strlen (id_str))) attr->id = 0; else - GNUNET_STRINGS_string_to_data (id_str, strlen (id_str), &attr->id, + GNUNET_STRINGS_string_to_data (id_str, + strlen (id_str), + &attr->id, sizeof (uint64_t)); - *(struct GNUNET_RECLAIM_ATTRIBUTE_Claim **)spec->ptr = attr; + *(struct GNUNET_RECLAIM_ATTRIBUTE_Claim **) spec->ptr = attr; return GNUNET_OK; } @@ -97,8 +112,9 @@ static void clean_attr (void *cls, struct GNUNET_JSON_Specification *spec) { struct GNUNET_RECLAIM_ATTRIBUTE_Claim **attr; - attr = (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **)spec->ptr; - if (NULL != *attr) { + attr = (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **) spec->ptr; + if (NULL != *attr) + { GNUNET_free (*attr); *attr = NULL; } @@ -114,12 +130,12 @@ struct GNUNET_JSON_Specification GNUNET_RECLAIM_JSON_spec_claim (struct GNUNET_RECLAIM_ATTRIBUTE_Claim **attr) { struct GNUNET_JSON_Specification ret = {.parser = &parse_attr, - .cleaner = &clean_attr, - .cls = NULL, - .field = NULL, - .ptr = attr, - .ptr_size = 0, - .size_ptr = NULL}; + .cleaner = &clean_attr, + .cls = NULL, + .field = NULL, + .ptr = attr, + .ptr_size = 0, + .size_ptr = NULL}; *attr = NULL; return ret; } @@ -142,44 +158,61 @@ parse_ticket (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) GNUNET_assert (NULL != root); - if (!json_is_object (root)) { + if (! json_is_object (root)) + { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error json is not array nor object!\n"); return GNUNET_SYSERR; } // interpret single ticket - unpack_state = json_unpack (root, "{s:s, s:s, s:s!}", "rnd", &rnd_str, - "audience", &aud_str, "identity", &id_str); - if (0 != unpack_state) { + unpack_state = json_unpack (root, + "{s:s, s:s, s:s!}", + "rnd", + &rnd_str, + "audience", + &aud_str, + "identity", + &id_str); + if (0 != unpack_state) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Error json object has a wrong format!\n"); return GNUNET_SYSERR; } ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); - if (GNUNET_OK != GNUNET_STRINGS_string_to_data (rnd_str, strlen (rnd_str), + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (rnd_str, + strlen (rnd_str), &ticket->rnd, - sizeof (uint64_t))) { + sizeof (uint64_t))) + { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Rnd invalid\n"); GNUNET_free (ticket); return GNUNET_SYSERR; } - GNUNET_STRINGS_string_to_data (id_str, strlen (id_str), &ticket->identity, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (id_str, + strlen (id_str), + &ticket->identity, + sizeof ( + struct GNUNET_CRYPTO_EcdsaPublicKey))) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Identity invalid\n"); GNUNET_free (ticket); return GNUNET_SYSERR; } - GNUNET_STRINGS_string_to_data (aud_str, strlen (aud_str), &ticket->audience, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (aud_str, + strlen (aud_str), + &ticket->audience, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience invalid\n"); GNUNET_free (ticket); return GNUNET_SYSERR; } - *(struct GNUNET_RECLAIM_Ticket **)spec->ptr = ticket; + *(struct GNUNET_RECLAIM_Ticket **) spec->ptr = ticket; return GNUNET_OK; } @@ -193,8 +226,9 @@ static void clean_ticket (void *cls, struct GNUNET_JSON_Specification *spec) { struct GNUNET_RECLAIM_Ticket **ticket; - ticket = (struct GNUNET_RECLAIM_Ticket **)spec->ptr; - if (NULL != *ticket) { + ticket = (struct GNUNET_RECLAIM_Ticket **) spec->ptr; + if (NULL != *ticket) + { GNUNET_free (*ticket); *ticket = NULL; } @@ -210,12 +244,12 @@ struct GNUNET_JSON_Specification GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket) { struct GNUNET_JSON_Specification ret = {.parser = &parse_ticket, - .cleaner = &clean_ticket, - .cls = NULL, - .field = NULL, - .ptr = ticket, - .ptr_size = 0, - .size_ptr = NULL}; + .cleaner = &clean_ticket, + .cls = NULL, + .field = NULL, + .ptr = ticket, + .ptr_size = 0, + .size_ptr = NULL}; *ticket = NULL; return ret; } diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 93e5ac864..e8561aed4 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c @@ -209,12 +209,12 @@ * OIDC ignored parameter array */ static char *OIDC_ignored_parameter_array[] = {"display", - "prompt", - "ui_locales", - "response_mode", - "id_token_hint", - "login_hint", - "acr_values"}; + "prompt", + "ui_locales", + "response_mode", + "id_token_hint", + "login_hint", + "acr_values"}; /** * OIDC Hash map that keeps track of issued cookies @@ -724,7 +724,7 @@ cookie_identity_interpretation (struct RequestHandle *handle) strlen (OIDC_COOKIE_HEADER_KEY), &cache_key); if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle - ->header_param_map, + ->header_param_map, &cache_key)) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); @@ -772,9 +772,9 @@ cookie_identity_interpretation (struct RequestHandle *handle) GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) { GNUNET_log ( - GNUNET_ERROR_TYPE_WARNING, - "Found cookie `%s', but no corresponding expiration entry present...\n", - token); + GNUNET_ERROR_TYPE_WARNING, + "Found cookie `%s', but no corresponding expiration entry present...\n", + token); GNUNET_free (cookies); return; } @@ -793,6 +793,7 @@ cookie_identity_interpretation (struct RequestHandle *handle) value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY); GNUNET_assert (NULL != value); handle->oidc->login_identity = GNUNET_strdup (value); + GNUNET_free (cookies); } /** @@ -1020,10 +1021,10 @@ code_redirect (void *cls) { if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc - ->login_identity, + ->login_identity, strlen ( - handle->oidc - ->login_identity), + handle->oidc + ->login_identity), &pubkey)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); @@ -1134,18 +1135,31 @@ lookup_redirect_uri_result (void *cls, if (NULL == strstr (tmp, handle->oidc->client_id)) { GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Redirect uri %s does not contain client_id %s", + "Redirect uri %s does not contain client_id %s\n", tmp, handle->oidc->client_id); } else { - pos = strrchr (tmp, (unsigned char) '.'); + if (NULL == pos) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Redirect uri %s contains client_id but is malformed\n", + tmp); + continue; + } *pos = '\0'; handle->redirect_prefix = GNUNET_strdup (tmp); tmp_key_str = pos + 1; pos = strchr (tmp_key_str, (unsigned char) '/'); + if (NULL == pos) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Redirect uri %s contains client_id but is malformed\n", + tmp); + continue; + } *pos = '\0'; handle->redirect_suffix = GNUNET_strdup (pos + 1); @@ -1191,7 +1205,7 @@ get_url_parameter_copy (const struct RequestHandle *handle, const char *key) char *value; GNUNET_CRYPTO_hash (key, strlen (key), &hc); if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle - ->url_param_map, + ->url_param_map, &hc)) return NULL; value = @@ -1264,7 +1278,7 @@ build_authz_response (void *cls) &cache_key); if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle - ->url_param_map, + ->url_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); @@ -1370,7 +1384,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id, strlen ( - handle->oidc->client_id), + handle->oidc->client_id), &handle->oidc->client_pkey)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); @@ -1455,8 +1469,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, { current_time = GNUNET_new (struct GNUNET_TIME_Absolute); *current_time = GNUNET_TIME_relative_to_absolute ( - GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), - OIDC_COOKIE_EXPIRATION)); + GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), + OIDC_COOKIE_EXPIRATION)); last_time = GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); GNUNET_free_non_null (last_time); @@ -1488,7 +1502,7 @@ check_authorization (struct RequestHandle *handle, strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle - ->header_param_map, + ->header_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); @@ -1502,7 +1516,7 @@ check_authorization (struct RequestHandle *handle, // split header in "Basic" and [content] credentials = strtok (authorization, " "); - if (0 != strcmp ("Basic", credentials)) + if ((NULL == credentials) || (0 != strcmp ("Basic", credentials))) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); handle->response_code = MHD_HTTP_UNAUTHORIZED; @@ -1568,8 +1582,7 @@ check_authorization (struct RequestHandle *handle, } // check client_id - for (handle->ego_entry = handle->ego_head; - NULL != handle->ego_entry; + for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next) { if (0 == strcmp (handle->ego_entry->keystring, client_id)) @@ -1619,11 +1632,12 @@ persist_access_token (const struct RequestHandle *handle, GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc); ticketbuf = GNUNET_new (struct GNUNET_RECLAIM_Ticket); *ticketbuf = *ticket; - GNUNET_CONTAINER_multihashmap_put ( - OIDC_access_token_map, - &hc, - ticketbuf, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); + GNUNET_assert (GNUNET_SYSERR != + GNUNET_CONTAINER_multihashmap_put ( + OIDC_access_token_map, + &hc, + ticketbuf, + GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)); } /** @@ -1690,10 +1704,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_free (grant_type); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } - + GNUNET_free (grant_type); // REQUIRED code code = get_url_parameter_copy (handle, OIDC_CODE_KEY); if (NULL == code) @@ -1710,7 +1725,9 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("Unknown client"); handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_free (code); GNUNET_SCHEDULER_add_now (&do_error, handle); + return; } privkey = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); // decode code @@ -1719,9 +1736,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); handle->edesc = GNUNET_strdup ("invalid code"); handle->response_code = MHD_HTTP_BAD_REQUEST; + GNUNET_free (code); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } + GNUNET_free (code); // create jwt if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, @@ -1826,7 +1845,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, strlen (OIDC_AUTHORIZATION_HEADER_KEY), &cache_key); if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle - ->header_param_map, + ->header_param_map, &cache_key)) { handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); @@ -1915,16 +1934,16 @@ init_cont (struct RequestHandle *handle) { struct GNUNET_REST_RequestHandlerError err; static const struct GNUNET_REST_RequestHandler handlers[] = - {{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, - {MHD_HTTP_METHOD_POST, + {{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, // url-encoded - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint}, - {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, - {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont}, - GNUNET_REST_HANDLER_END}; + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint}, + {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint}, + {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont}, + GNUNET_REST_HANDLER_END}; if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))