static int start_authentication_session(request_rec *r, modauthopenid_config *s_cfg, opkele::params_t& params,
std::string& return_to, std::string& trust_root) {
// remove all openid GET query params (openid.*) - we don't want that maintained through
// the redirection process. We do, however, want to keep all aother GET params.
// also, add a nonce for security
std::string identity = params.get_param("openid_identifier");
// pull out the extension parameters before we get rid of openid.*
opkele::params_t ext_params;
modauthopenid::get_extension_params(ext_params, params);
modauthopenid::remove_openid_vars(params);
// add a nonce and reset what return_to is
std::string nonce, re_direct;
modauthopenid::make_rstring(10, nonce);
modauthopenid::MoidConsumer consumer(std::string(s_cfg->db_location), nonce, return_to);
params["modauthopenid.nonce"] = nonce;
full_uri(r, return_to, s_cfg, true);
return_to = params.append_query(return_to, "");
// get identity provider and redirect
try {
consumer.initiate(identity);
opkele::openid_message_t cm;
re_direct = consumer.checkid_(cm, opkele::mode_checkid_setup, return_to, trust_root).append_query(consumer.get_endpoint().uri);
re_direct = ext_params.append_query(re_direct, "");
} catch (opkele::failed_xri_resolution &e) {
consumer.close();
return show_input(r, s_cfg, modauthopenid::invalid_id);
} catch (opkele::failed_discovery &e) {
consumer.close();
return show_input(r, s_cfg, modauthopenid::invalid_id);
} catch (opkele::bad_input &e) {
consumer.close();
return show_input(r, s_cfg, modauthopenid::invalid_id);
} catch (opkele::exception &e) {
consumer.close();
APERR(r, "Error while fetching idP location: %s", e.what());
return show_input(r, s_cfg, modauthopenid::no_idp_found);
}
consumer.close();
if(!is_trusted_provider(s_cfg , re_direct, r) || is_distrusted_provider(s_cfg, re_direct, r))
return show_input(r, s_cfg, modauthopenid::idp_not_trusted);
return modauthopenid::http_redirect(r, re_direct);
};
static void test_orgate(literal_t l0, literal_t l1, literal_t l2) {
boolgate_t *g0, *g;
input[0] = l0;
input[1] = l1;
input[2] = l2;
printf("\n--- Testing OR gate ---\n");
printf("test: OR");
show_input(3);
fputc('\n', stdout);
// test find 1
g0 = gate_table_find(&table, orgate_tag(3), input);
if (g0 == NULL) {
printf("find: returned NULL\n");
} else {
printf("find: returned %p: ", g0);
print_boolgate(stdout, g0);
printf("\n");
check_orgate(g0, l0, l1, l2);
}
// test get
g = gate_table_get(&table, orgate_tag(3), input);
assert(g != NULL);
printf("get: returned %p: ", g);
print_boolgate(stdout, g);
printf("\n");
check_orgate(g, l0, l1, l2);
if (g0 == NULL) {
if (g->lit[3] != null_literal) {
printf("*** hash consing inconsistency between find and get ***\n");
} else {
printf("new gate: setting output literal to: ");
print_literal(stdout, pos_lit(12));
g->lit[3] = pos_lit(12);
printf("\n");
}
} else if (g != g0) {
printf("*** hash consing bug ***\n");
}
// test find 2
g0 = gate_table_find(&table, orgate_tag(3), input);
if (g0 == NULL) {
printf("find: returned NULL\n");
} else {
printf("find: returned %p: ", g0);
print_boolgate(stdout, g0);
printf("\n");
check_orgate(g0, l0, l1, l2);
}
if (g0 != g) {
printf("*** hash consing inconsistency between find and get ***\n");
}
}
static int mod_authopenid_method_handler(request_rec *r) {
modauthopenid_config *s_cfg;
s_cfg = (modauthopenid_config *) ap_get_module_config(r->per_dir_config, &authopenid_module);
// if we're not enabled for this location/dir, decline doing anything
const char *current_auth = ap_auth_type(r);
if (!current_auth || strcasecmp(current_auth, "openid"))
return DECLINED;
// make a record of our being called
APDEBUG(r, "*** %s module has been called ***", PACKAGE_STRING);
// if user has a valid session, they are authorized (OK)
if(has_valid_session(r, s_cfg))
return OK;
// parse the get/post params
opkele::params_t params;
modauthopenid::get_request_params(r, params);
// get our current url and trust root
std::string return_to, trust_root;
full_uri(r, return_to, s_cfg);
if(s_cfg->trust_root == NULL)
modauthopenid::base_dir(return_to, trust_root);
else
trust_root = std::string(s_cfg->trust_root);
// if we're in SSO mode, force the openid_identifier to a specific value
if(s_cfg->sso_url && !params.has_param("openid.assoc_handle"))
params.set_field("openid_identifier", s_cfg->sso_url);
// if user is posting id (only openid_identifier will contain a value)
if(params.has_param("openid_identifier") && !params.has_param("openid.assoc_handle")) {
return start_authentication_session(r, s_cfg, params, return_to, trust_root);
} else if(params.has_param("openid.assoc_handle")) { // user has been redirected, authenticate them and set cookie
return validate_authentication_session(r, s_cfg, params, return_to);
} else { //display an input form
if(params.has_param("openid.mode") && params.get_param("openid.mode") == "cancel")
return show_input(r, s_cfg, modauthopenid::canceled);
return show_input(r, s_cfg);
}
}
int main(int argc, char **argv)
{
g_log_set_default_handler(logger, NULL);
if (parse_options(argc, argv)) {
return 1;
}
/* Set the loglevel (amount of messages to output) for libsigrok. */
if (sr_log_loglevel_set(opt_loglevel) != SR_OK)
goto done;
if (sr_init(&sr_ctx) != SR_OK)
goto done;
#ifdef HAVE_SRD
/* Set the loglevel (amount of messages to output) for libsigrokdecode. */
if (srd_log_loglevel_set(opt_loglevel) != SRD_OK)
goto done;
if (opt_pds) {
if (srd_init(NULL) != SRD_OK)
goto done;
if (srd_session_new(&srd_sess) != SRD_OK) {
g_critical("Failed to create new decode session.");
goto done;
}
if (register_pds(opt_pds, opt_pd_annotations) != 0)
goto done;
if (setup_pd_stack(opt_pds, opt_pd_stack, opt_pd_annotations) != 0)
goto done;
/* Only one output type is ever shown. */
if (opt_pd_binary) {
if (setup_pd_binary(opt_pd_binary) != 0)
goto done;
if (srd_pd_output_callback_add(srd_sess, SRD_OUTPUT_BINARY,
show_pd_binary, NULL) != SRD_OK)
goto done;
} else if (opt_pd_meta) {
if (setup_pd_meta(opt_pd_meta) != 0)
goto done;
if (srd_pd_output_callback_add(srd_sess, SRD_OUTPUT_META,
show_pd_meta, NULL) != SRD_OK)
goto done;
} else {
if (opt_pd_annotations)
if (setup_pd_annotations(opt_pd_annotations) != 0)
goto done;
if (srd_pd_output_callback_add(srd_sess, SRD_OUTPUT_ANN,
show_pd_annotations, NULL) != SRD_OK)
goto done;
}
}
#endif
if (opt_version)
show_version();
else if (opt_input_format && opt_show)
show_input();
else if (opt_output_format && opt_show)
show_output();
else if (opt_transform_module && opt_show)
show_transform();
else if (opt_scan_devs)
show_dev_list();
#ifdef HAVE_SRD
else if (opt_pds && opt_show)
show_pd_detail();
#endif
else if (opt_show)
show_dev_detail();
else if (opt_input_file)
load_input_file();
else if (opt_get)
get_option();
else if (opt_set)
set_options();
else if (opt_samples || opt_time || opt_frames || opt_continuous)
run_session();
else
show_help();
#ifdef HAVE_SRD
if (opt_pds)
srd_exit();
#endif
done:
if (sr_ctx)
sr_exit(sr_ctx);
return 0;
}
static int validate_authentication_session(request_rec *r, modauthopenid_config *s_cfg, opkele::params_t& params, std::string& return_to) {
// make sure nonce is present
if(!params.has_param("modauthopenid.nonce"))
return show_input(r, s_cfg, modauthopenid::invalid_nonce);
modauthopenid::MoidConsumer consumer(std::string(s_cfg->db_location), params.get_param("modauthopenid.nonce"), return_to);
try {
consumer.id_res(modauthopenid::modauthopenid_message_t(params));
// if no exception raised, check nonce
if(!consumer.session_exists()) {
consumer.close();
return show_input(r, s_cfg, modauthopenid::invalid_nonce);
}
// if we should be using a user specified auth program, run it to see if user is authorized
if(s_cfg->use_auth_program) {
std::string username = consumer.get_claimed_id();
std::string progname = std::string(s_cfg->auth_program);
modauthopenid::exec_result_t eresult = modauthopenid::exec_auth(progname, username);
if(eresult != modauthopenid::id_accepted) {
std::string error = modauthopenid::exec_error_to_string(eresult, progname, username);
APERR(r, "Error in authentication: %s", error.c_str());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unauthorized);
} else {
APDEBUG(r, "Authenticated %s using %s", username.c_str(), progname.c_str());
}
}
// Make sure that identity is set to the original one given by the user (in case of delegation
// this will be different than openid_identifier GET param
std::string identity;
if (s_cfg->sso_url && s_cfg->sso_user_base) {
std::string c_identity = consumer.get_claimed_id();
if (strstr(c_identity.c_str(), s_cfg->sso_user_base) == c_identity.c_str()) {
identity = strdup(c_identity.c_str() + strlen(s_cfg->sso_user_base));
} else {
std::string error = "SSOUserBase didn't match in the identity";
APERR(r, "Error in authentication: %s", error.c_str());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unauthorized);
}
} else
identity = consumer.get_claimed_id();
consumer.kill_session();
consumer.close();
if(s_cfg->use_cookie)
return set_session_cookie(r, s_cfg, params, identity);
// if we're not setting cookie - don't redirect, just show page
APERR(r, "Setting REMOTE_USER to %s", identity.c_str());
r->user = apr_pstrdup(r->pool, identity.c_str());
return DECLINED;
} catch(opkele::exception &e) {
APERR(r, "Error in authentication: %s", e.what());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unspecified);
}
};
void
show_text(TextNode *node, int Ender)
{
/*int twidth, len;*/
/*int otext_x, otext_y, t;*/
/*XFontStruct *old_font;*/
/*int old_color;*/
for (; node != NULL; node = node->next) {
switch (node->type) {
case 0:
case Beginitems:
case Begintitems:
case Bound:
case Center:
case Free:
case HSpace:
case Indent:
case Indentrel:
case Item:
case Macro:
case Mbox:
case Newline:
case Noop:
case Par:
case Pound:
case Rbrace:
case Space:
case Tab:
case Table:
case Titem:
case VSpace:
break;
case Dash:
case Fi:
case Ifcond:
if (visible(node->y, node->height)) {
if (strlen(node->data.text) > 1) {
XDrawLine(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC, node->x,
node->y + gRegionOffset + y_off
- gTopOfGroupStack->cur_font->descent -
word_off_height,
node->x + node->width,
node->y + gRegionOffset + y_off - word_off_height -
gTopOfGroupStack->cur_font->descent);
}
else {
XDrawString(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC, node->x, node->y +
gRegionOffset - gTopOfGroupStack->cur_font->descent + y_off,
node->data.text, 1);
}
}
else {
if (above(node->y))
need_scroll_up_button = 1;
else if (below(node->y))
need_scroll_down_button = 1;
}
break;
case Lsquarebrace:
case Math:
case Punctuation:
case Rsquarebrace:
case Spadsrctxt:
case WindowId:
case Word:
if (visible(node->y, node->height))
XDrawString(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC, node->x, node->y +
gRegionOffset - gTopOfGroupStack->cur_font->descent + y_off,
node->data.text, node->width);
else {
if (above(node->y))
need_scroll_up_button = 1;
else if (below(node->y))
need_scroll_down_button = 1;
}
break;
case Verbatim:
push_group_stack();
tt_top_group();
if (visible(node->y, node->height))
XDrawString(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC, node->x, node->y +
gRegionOffset - gTopOfGroupStack->cur_font->descent + y_off,
node->data.text, node->width);
else {
if (above(node->y))
need_scroll_up_button = 1;
else if (below(node->y))
need_scroll_down_button = 1;
}
pop_group_stack();
break;
case Horizontalline:
if (visible(node->y, node->height)) {
line_top_group();
XDrawLine(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC, 0,
node->y + gRegionOffset + y_off,
gWindow->width,
node->y + gRegionOffset + y_off);
pop_group_stack();
}
else {
if (above(node->y))
need_scroll_up_button = 1;
else if (below(node->y))
need_scroll_down_button = 1;
}
break;
case Box:
if (visible(node->y, node->height))
XDrawRectangle(gXDisplay, gWindow->fDisplayedWindow, gWindow->fStandardGC,
node->x,
node->y + gRegionOffset + y_off - node->height,
node->width,
node->height);
else {
if (above(node->y))
need_scroll_up_button = 1;
else if (below(node->y))
need_scroll_down_button = 1;
}
break;
case Downlink:
case Link:
case LispDownLink:
case LispMemoLink:
case Lispcommand:
case Lispcommandquit:
case Lisplink:
case Lispwindowlink:
case Memolink:
case Qspadcall:
case Qspadcallquit:
case Returnbutton:
case Spadcall:
case Spadcallquit:
case Spaddownlink:
case Spadlink:
case Spadmemolink:
case Unixcommand:
case Unixlink:
case Upbutton:
case Windowlink:
if (pix_visible(node->y, node->height))
show_link(node);
break;
case Spadcommand:
case Spadgraph:
case Spadsrc:
show_spadcommand(node);
break;
case Pastebutton:
if (visible(node->y, node->height))
show_pastebutton(node);
break;
case Paste:
show_paste(node);
break;
case Group:
case Tableitem:
push_group_stack();
break;
case Controlbitmap:
show_image(node, gWindow->fControlGC);
break;
case Inputbitmap:
show_image(node, gWindow->fStandardGC);
break;
case Inputpixmap:
show_image(node, gWindow->fStandardGC);
break;
case BoldFace:
bf_top_group();
break;
case Emphasize:
if (gTopOfGroupStack->cur_font == gRmFont)
em_top_group();
else
rm_top_group();
break;
case It:
em_top_group();
break;
case Sl:
case Rm:
rm_top_group();
break;
case Tt:
tt_top_group();
break;
case Inputstring:
show_input(node);
break;
case Radiobox:
case SimpleBox:
show_simple_box(node);
break;
case Beep:
LoudBeepAtTheUser();
break;
case Description:
bf_top_group();
break;
case Endspadsrc:
case Endspadcommand:
gInAxiomCommand = 1;
case Endtableitem:
case Enddescription:
case Endpastebutton:
case Endlink:
case Endbutton:
case Endgroup:
pop_group_stack();
case Endverbatim:
case Endmath:
case Endbox:
case Endtable:
case Endmbox:
case Endparameter:
case Endpaste:
case Endinputbox:
case Endcenter:
case Endmacro:
case Endif:
case Endtitems:
case Enditems:
/*
* Now since I can show specific regions of the text, then at
* this point I should check to see if I am the end
*/
if (node->type == Ender)
return;
break;
case Endfooter:
case Endscrolling:
case Endheader:
case Endtitle:
/*
* regardless of what ender I have, I always terminate showing
* with one of these
*/
return;
default:
fprintf(stderr, "Show_text: Unknown Node Type %d\n", node->type);
break;
}
}
}
