Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Extracting curl/yajl code into verifier.c

  • Loading branch information...
commit 2b1ab4813ade4ebf3c91d86876456edde42b20bf 1 parent 778bba2
@ozten authored
View
2  libtool
@@ -86,7 +86,7 @@ NM="/usr/bin/nm -B"
LN_S="ln -s"
# What is the maximum length of a command?
-max_cmd_len=805306365
+max_cmd_len=1572864
# Object file suffix (normally "o").
objext=o
View
2  plugins/Makefile.am
@@ -1,6 +1,6 @@
AM_CFLAGS = -I/usr/include/sasl -lyajl `mysql_config --include --libs` -lcurl
AM_LDFLAGS = -module -export-dynamic -rpath @plugindir@
lib_LTLIBRARIES = libbrowserid.la
-libbrowserid_la_SOURCES = browserid.c browserid_init.c browserid.h
+libbrowserid_la_SOURCES = browserid.c browserid_init.c verifier.h verifier.c
libbrowserid_la_LDFLAGS = -rpath $(libdir)
libdir = @plugindir@
View
6 plugins/Makefile.in
@@ -71,7 +71,8 @@ am__base_list = \
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
libbrowserid_la_LIBADD =
-am_libbrowserid_la_OBJECTS = browserid.lo browserid_init.lo
+am_libbrowserid_la_OBJECTS = browserid.lo browserid_init.lo \
+ verifier.lo
libbrowserid_la_OBJECTS = $(am_libbrowserid_la_OBJECTS)
libbrowserid_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -209,7 +210,7 @@ top_srcdir = @top_srcdir@
AM_CFLAGS = -I/usr/include/sasl -lyajl `mysql_config --include --libs` -lcurl
AM_LDFLAGS = -module -export-dynamic -rpath @plugindir@
lib_LTLIBRARIES = libbrowserid.la
-libbrowserid_la_SOURCES = browserid.c browserid_init.c browserid.h
+libbrowserid_la_SOURCES = browserid.c browserid_init.c verifier.h verifier.c
libbrowserid_la_LDFLAGS = -rpath $(libdir)
all: all-am
@@ -287,6 +288,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/browserid.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/browserid_init.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verifier.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
View
179 plugins/browserid.c
@@ -1,13 +1,16 @@
/* BROWSER-ID SASL plugin
* $Id: browserid.c,v 1.180 2006/04/26 17:39:26 mel Exp $
*
- * A Cyrus SASL Mechanism plugin for using browserid.org authentication.
+ * A Cyrus SASL Auth Mechanism for BrowserID.
*
- * This plugin implements a client and server side.
+ * This plugin implements both the client and server code.
+ *
* A typical senario would be Python ldap code loading the client
* plugin and then a slapd LDAP server loading the server plugin.
*
- * Client makes sure assertion and audience are present in the request.
+ * Clients should make sure assertion and audience are present in the request.
+ *
+ * See http://github.com/mozilla/sasl-browserid for details
*
* References:
* * http://cyrusimap.web.cmu.edu/docs/cyrus-sasl/2.1.23/plugprog.php
@@ -38,120 +41,10 @@
#include <unistd.h>
-#include <curl/curl.h>
-
-#include "yajl/yajl_parse.h"
-#include "yajl/yajl_tree.h"
-
#include <mysql.h>
#include <mysql/errmsg.h>
-struct json_ctx_t {
- char state[64];
- char status[64]; /* "okay" */
- char email[1024]; /* shout@ozten.com */
- char audience[1024]; /* mozillians.org */
- /* long valid_until; timeout */
- char issuer[1024]; /* browserid.org:443 */
- char reason[1024]; /* Set if status is failure */
-};
-
-#define bool int
-
-#ifndef TRUE
-#define TRUE (1)
-#define FALSE (0)
-#endif
-
-/* MAX_UIN32_DIV_10 * 10 + MAX_UIN32_MOD_10 == 2^32-1 == 4294967295 */
-#define MAX_UIN32_DIV_10 429496729
-#define MAX_UIN32_MOD_10 5
-
-#define DEFAULT_BUFSIZE 0xFFFF
-#define MAX_SASL_BUFSIZE 0xFFFFFF
-
-/***************************** BrowserID Section ****************************/
-/* yajl callback functions */
-static int json_string(void *ctx, const unsigned char *ukey, size_t len)
-{
- struct json_ctx_t *parser = ctx;
- const char *key = parser->state;
- const char *val = strndup(ukey, len);
- syslog(LOG_DEBUG, "json_string %s=%s", key, val);
-
- if (strcasecmp(key, "status") == 0) {
- strncpy(parser->status, ukey, len);
- syslog(LOG_DEBUG, "status=%s", parser->status);
- } else if (strcasecmp(key, "email") == 0) {
- strncpy(parser->email, ukey, len);
- syslog(LOG_DEBUG, "email=%s", val);
- } else if (strcasecmp(key, "audience") == 0) {
- strncpy(parser->audience, ukey, len);
- syslog(LOG_DEBUG, "audience = %s", val);
- } else if (strcasecmp(key, "issuer") == 0) {
- strncpy(parser->issuer, ukey, len);
- syslog(LOG_DEBUG, "issuer=%s", val);
- } else if (strcasecmp(key, "reason") == 0) {
- strncpy(parser->reason, ukey, len);
- syslog(LOG_DEBUG, "reason=%s", val);
- } else {
- syslog(LOG_DEBUG, "unknown json_string=%s", key);
- }
- /* valid-until => json_number */
-
- /*
- if (strcmp(parser->curkey, "type") == 0 &&
- strncmp(key, "error", 5) == 0) {
- return 1;
- } else if (strcmp(parser->curkey, "ID") == 0) {
- */
- /*parser->curpkg->id = strndup(key, len);*/
- /*}*/
-
- return 1;
-}
-
-static int json_map_key(void *ctx, const unsigned char *ukey, size_t len)
-{
- struct json_ctx_t *parser = ctx;
-
-
- const char *key = strndup(ukey, len);
- strncpy(parser->state, ukey, len);
- parser->state[len] = 0;
-
- /*syslog(LOG_DEBUG, "json_map_key %s=%s", key, parser->state);*/
-
- return 1;
-}
-
-
-/* yajl_callback functions.
- * They handle the "events" of yajl.
- */
-yajl_callbacks yajl_cbs[] = {
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- json_string,
- NULL,
- json_map_key,
- NULL,
- NULL,
- NULL
-};
-
-size_t parse_json(void *ptr, size_t size, size_t nmemb, void *stream) {
- size_t total_size = size * nmemb;
- yajl_handle y_handle = (yajl_handle)stream;
- syslog(LOG_DEBUG, "about to parse");
-
- yajl_parse(y_handle, ptr, total_size);
-
- return total_size;
-}
+#include <verifier.h>
/*************************** Session Section********************************/
static int check_session(const char *assertion, char *email)
@@ -327,11 +220,8 @@ static int browserid_server_mech_step(void *conn_context,
int result;
char *audience_copy;
- CURL *handle;
- CURLcode code;
- const char*bid_url_fmt;
- char bid_url[8192];
- yajl_handle y_handle;
+
+
struct json_ctx_t *json_ctx;
/* FROM Session
@@ -403,56 +293,10 @@ static int browserid_server_mech_step(void *conn_context,
/* BEGIN BrowserID */
- bid_url_fmt = "https://browserid.org/verify?assertion=%s&audience=%s";
- /*"http://localhost:8001/en-US/media/js/browserid.json";*/
-
- sprintf(bid_url, bid_url_fmt, assertion, audience_copy);
- syslog(LOG_ERR, "bidurl = %s", bid_url);
json_ctx = malloc(sizeof(struct json_ctx_t));
-
- y_handle = yajl_alloc(yajl_cbs, NULL, /* NULL);*/
- json_ctx);
- if (!y_handle) {
- syslog(LOG_ERR, "Could not alloc YAJL");
- }
-
- if (0 != curl_global_init(CURL_GLOBAL_SSL)) {
- syslog(LOG_ERR, "curl_global_init was non-zero");
- return -1;
- }
-
- handle = curl_easy_init();
- if (handle == NULL) {
- syslog(LOG_ERR, "Unable to curl_easy_init");
- }
-
- if (0 != curl_easy_setopt(handle, CURLOPT_URL, bid_url))
- syslog(LOG_DEBUG, "curl setopt url failed");
-
- if (0 != curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1))
- syslog(LOG_DEBUG, "curl setopt follow");
-
- if (0 != curl_easy_setopt(handle, CURLOPT_USE_SSL, CURLUSESSL_TRY))
- syslog(LOG_DEBUG, "curl setopt ssl failed");
-
- if (0 != curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, parse_json))
- syslog(LOG_DEBUG, "curl setopt write fn failed");
-
- if (0 != curl_easy_setopt(handle, CURLOPT_WRITEDATA, y_handle))
- syslog(LOG_DEBUG, "curl setopt writedata failed");
-
-
- code = curl_easy_perform(handle);
-
- syslog(LOG_DEBUG, "curl perform finished");
- if (code != 0)
- syslog(LOG_DEBUG, "curl perform failed");
-
- yajl_complete_parse(y_handle);
- yajl_free(y_handle);
- curl_easy_cleanup(handle);
+ browserid_verify(json_ctx, assertion, audience_copy);
if (strcasecmp(json_ctx->status, "okay") == 0) {
syslog(LOG_DEBUG, "Yes, we're all good! %s %s %s",
@@ -465,6 +309,7 @@ static int browserid_server_mech_step(void *conn_context,
SASL_CU_AUTHID | SASL_CU_AUTHZID, oparams);
if (result != SASL_OK) {
_plug_free_string(sparams->utils, &audience_copy);
+ free(json_ctx);
return result;
}
} else {
@@ -472,6 +317,8 @@ static int browserid_server_mech_step(void *conn_context,
/* TODO sprintf error message with bid_resp->reason */
SETERROR(sparams->utils,
"Browserid.org assertion verification failed.");
+ _plug_free_string(sparams->utils, &audience_copy);
+ free(json_ctx);
return SASL_BADPROT;
}
View
164 plugins/verifier.c
@@ -0,0 +1,164 @@
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+
+#include <curl/curl.h>
+
+#include "yajl/yajl_parse.h"
+#include "yajl/yajl_tree.h"
+
+#include <verifier.h>
+
+static int json_string(void *ctx, const unsigned char *ukey, size_t len);
+
+static int json_map_key(void *ctx, const unsigned char *ukey, size_t len);
+
+static size_t parse_json(void *ptr, size_t size, size_t nmemb, void *stream);
+
+
+/* yajl_callback functions.
+ * They handle the "events" of yajl.
+ */
+yajl_callbacks yajl_cbs[] = {
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ json_string,
+ NULL,
+ json_map_key,
+ NULL,
+ NULL,
+ NULL
+};
+
+/* yajl callback functions */
+static int json_string(void *ctx, const unsigned char *ukey, size_t len)
+{
+ struct json_ctx_t *parser = ctx;
+ const char *key = parser->state;
+ const char *val = strndup(ukey, len);
+ syslog(LOG_DEBUG, "json_string %s=%s", key, val);
+
+
+ if (strcasecmp(key, "status") == 0) {
+ strncpy(parser->status, ukey, len);
+ syslog(LOG_DEBUG, "status=%s", parser->status);
+ } else if (strcasecmp(key, "email") == 0) {
+ strncpy(parser->email, ukey, len);
+ syslog(LOG_DEBUG, "email=%s", val);
+ } else if (strcasecmp(key, "audience") == 0) {
+ strncpy(parser->audience, ukey, len);
+ syslog(LOG_DEBUG, "audience = %s", val);
+ } else if (strcasecmp(key, "issuer") == 0) {
+ strncpy(parser->issuer, ukey, len);
+ syslog(LOG_DEBUG, "issuer=%s", val);
+ } else if (strcasecmp(key, "reason") == 0) {
+ strncpy(parser->reason, ukey, len);
+ syslog(LOG_DEBUG, "reason=%s", val);
+ } else {
+ syslog(LOG_DEBUG, "unknown json_string=%s", key);
+ }
+ /* valid-until => json_number */
+
+ /*
+ if (strcmp(parser->curkey, "type") == 0 &&
+ strncmp(key, "error", 5) == 0) {
+ return 1;
+ } else if (strcmp(parser->curkey, "ID") == 0) {
+ */
+ /*parser->curpkg->id = strndup(key, len);*/
+ /*}*/
+
+ return 1;
+}
+
+static int json_map_key(void *ctx, const unsigned char *ukey, size_t len)
+{
+ struct json_ctx_t *parser = ctx;
+
+
+ const char *key = strndup(ukey, len);
+ strncpy(parser->state, ukey, len);
+ parser->state[len] = 0;
+
+ /*syslog(LOG_DEBUG, "json_map_key %s=%s", key, parser->state);*/
+
+ return 1;
+}
+
+static size_t parse_json(void *ptr, size_t size, size_t nmemb, void *stream) {
+ size_t total_size = size * nmemb;
+ yajl_handle y_handle = (yajl_handle)stream;
+ syslog(LOG_DEBUG, "about to parse");
+
+ yajl_parse(y_handle, ptr, total_size);
+
+ return total_size;
+}
+
+int browserid_verify(struct json_ctx_t *json_ctx, const char *assertion, const char *audience)
+{
+ CURL *handle;
+ CURLcode code;
+ const char*bid_url_fmt;
+ char bid_url[8192];
+ yajl_handle y_handle;
+
+ /* TODO bid_url should be config */
+
+
+ bid_url_fmt = "https://browserid.org/verify?assertion=%s&audience=%s";
+ /*"http://localhost:8001/en-US/media/js/browserid.json";*/
+
+ sprintf(bid_url, bid_url_fmt, assertion, audience);
+ syslog(LOG_ERR, "bidurl = %s", bid_url);
+
+
+ y_handle = yajl_alloc(yajl_cbs, NULL, /* NULL);*/
+ json_ctx);
+ if (!y_handle) {
+ syslog(LOG_ERR, "Could not alloc YAJL");
+ }
+
+ if (0 != curl_global_init(CURL_GLOBAL_SSL)) {
+ syslog(LOG_ERR, "curl_global_init was non-zero");
+ return -1;
+ }
+
+ handle = curl_easy_init();
+ if (handle == NULL) {
+ syslog(LOG_ERR, "Unable to curl_easy_init");
+ }
+
+ if (0 != curl_easy_setopt(handle, CURLOPT_URL, bid_url))
+ syslog(LOG_DEBUG, "curl setopt url failed");
+
+ if (0 != curl_easy_setopt(handle, CURLOPT_FOLLOWLOCATION, 1))
+ syslog(LOG_DEBUG, "curl setopt follow");
+
+ if (0 != curl_easy_setopt(handle, CURLOPT_USE_SSL, CURLUSESSL_TRY))
+ syslog(LOG_DEBUG, "curl setopt ssl failed");
+
+ if (0 != curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, parse_json))
+ syslog(LOG_DEBUG, "curl setopt write fn failed");
+
+ if (0 != curl_easy_setopt(handle, CURLOPT_WRITEDATA, y_handle))
+ syslog(LOG_DEBUG, "curl setopt writedata failed");
+
+
+ code = curl_easy_perform(handle);
+
+ syslog(LOG_DEBUG, "curl perform finished");
+ if (code != 0)
+ syslog(LOG_DEBUG, "curl perform failed");
+
+ yajl_complete_parse(y_handle);
+ yajl_free(y_handle);
+
+ curl_easy_cleanup(handle);
+
+}
View
27 plugins/verifier.h
@@ -0,0 +1,27 @@
+#ifndef VERIFIER_H
+#define VERIFIER_H 1
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include "yajl/yajl_parse.h"
+#include "yajl/yajl_tree.h"
+
+struct json_ctx_t {
+ char state[64];
+ char status[64]; /* "okay" */
+ char email[1024]; /* shout@ozten.com */
+ char audience[1024]; /* mozillians.org */
+ /* long valid_until; timeout */
+ char issuer[1024]; /* browserid.org:443 */
+ char reason[1024]; /* Set if status is failure */
+};
+
+/**
+ * Uses the BrowserID webservice to verify an identity assertion
+ * for a given audience. Returns a json_ctx_t.
+ */
+int browserid_verify(struct json_ctx_t *json_ctx, const char *assertion, const char *audience);
+
+#endif /* VERIFIER_H */

0 comments on commit 2b1ab48

Please sign in to comment.
Something went wrong with that request. Please try again.