示例#1
0
文件: zxidoauth.c 项目: gitpan/zxid
char* zxid_bn2b64(zxid_conf* cf, BIGNUM* bn)
{
  char* bin;
  char* b64;
  char* e;
  int len;

  if (!bn)
    return zx_dup_cstr(cf->ctx, "");
  bin = ZX_ALLOC(cf->ctx, BN_num_bytes(bn));
  len = BN_bn2bin(bn, (unsigned char*)bin);
  b64 = ZX_ALLOC(cf->ctx, SIMPLE_BASE64_LEN(len)+1);
  e = base64_fancy_raw(bin, len, b64, safe_basis_64, 1000000, 0, "", '=');
  *e = 0;
  ZX_FREE(cf->ctx, bin);
  return b64;
}
示例#2
0
文件: zxidps.c 项目: grubba/zxid
/* Called by: */
int zxid_parse_psobj(zxid_conf* cf, struct zxid_psobj* obj, char* p, const char* lk)
{
  char* name;
  char* val;
  char* q;
  struct zx_str* ss;
  struct zxid_perm* perm;

  for (; p; ++p) {
    name = p;
    p = strstr(p, ": ");
    if (!p)
      break;
    *p = 0;
    val = p+2;
    p = strchr(val, '\n');  /* *** parsing LDIF is fragile if values are multiline */
    if (p)
      *p = 0;

    D("%s: ATTR(%s)=VAL(%s)", lk, name, val);

    switch (name[0]) {
    case 'd':
      if (!strcmp(name, "dn"))
	goto next;
      if (!strcmp(name, "dispname")) {
	obj->dispname = zx_dup_str(cf->ctx, val);
	goto next;
      }
      break;
    case 'i':
      if (!strcmp(name, "idpnid")) {
	obj->idpnid = zx_dup_str(cf->ctx, val);
	goto next;
      }
      if (!strcmp(name, "invid")) {
	ss = zx_dup_str(cf->ctx, val);
	ss->n = obj->invids;
	obj->invids = ss;
	goto next;
      }
      break;
    case 'p':
      if (!strcmp(name, "psobj")) {
	obj->psobj = zx_dup_str(cf->ctx, val);
	goto next;
      }
      if (!strcmp(name, "psobjref")) {
	ERR("%s: *** Child objects not yet supported (%s: %s)", lk, name, val);
	/*obj->child = zx_dup_str(cf->ctx, val); *** */
	goto next;
      }
      if (!strcmp(name, "perm")) {
	perm = ZX_ZALLOC(cf->ctx, struct zxid_perm);
	q = strchr(val, '$');
	if (q) {
	  perm->eid = zx_dup_len_str(cf->ctx, q-val, val);
	  perm->qs  = zx_dup_str(cf->ctx, q);
	} else
	  perm->eid = zx_dup_str(cf->ctx, val);
	perm->n = obj->perms;
	obj->perms = perm;
	goto next;
      }
      break;
    case 't':
      if (!strcmp(name, "tag")) {
	ss = zx_dup_str(cf->ctx, val);
	ss->n = obj->tags;
	obj->tags = ss;
	goto next;
      }
      break;
    case 'u':
      if (!strcmp(name, "uid")) {
	obj->uid = zx_dup_cstr(cf->ctx, val);
	goto next;
      }
      break;
    }
    ERR("%s: Unknown name(%s) val(%s) in psobj LDIF file. Ignored.", lk, name, val);

  next:
    val[-2] = ':'; /* restore */
    if (p)
      *p = '\n';
    else
      break;
  }
示例#3
0
文件: zxumacall.c 项目: gitpan/zxid
/* Called by:  zxcall_main, zxid_callf */
struct zx_str* zxid_uma_call(zxid_conf* cf, zxid_ses* ses, const char* svctype, const char* url, const char* di_opt, const char* az_cred, const char* req)
{
  long rc;
  struct zx_str* res;
  char* p;
  char* realm;
  char* host_id;
  char* as_uri;
  char* error;
  char* ticket = 0;
  char* azhdr = 0;
  /* *** try
GET /umaprotected/resource HTTP/1.1

HTTP/1.1 401 Unauthorized
   WWW-Authenticate: UMA realm="example",
    host_id="photoz.example.com",
    as_uri="https://as.example.com"
  
*** obtain RPT by calling AS with AAT

GET /umaprotected/resource HTTP/1.1
Authorization: Bearer RPT

(see ResourceServer registers the desired permissions)

HTTP/1.1 403 Forbidden
   WWW-Authenticate: UMA realm="example",
    host_id="photoz.example.com",
    as_uri="https://as.example.com",
    error="insufficient_scope"

{
"ticket": "016f84e8-f9b9-11e0-bd6f-0021cc6004de"
}

OR

HTTP/1.1 200 OK

*** ResourceServer registers the desired permissions

POST /host/scope_reg_uri/photoz.example.com HTTP/1.1
Content-Type: application/json
Host: as.example.com

{
  "resource_set_id": "112210f47de98100",
  "scopes": [
      "http://photoz.example.com/dev/actions/view",
      "http://photoz.example.com/dev/actions/all"
  ]
}

HTTP/1.1 201 Created
Content-Type: application/json
Location: https://as.example.com/permreg/host/photoz.example.com/5454345rdsaa4543
...

{
"ticket": "016f84e8-f9b9-11e0-bd6f-0021cc6004de"
}

*** With ticket, enhance the RPT

  */

  while (1) {
    curl_easy_setopt(cf->curl, CURLOPT_HEADER, 1);
    res = zxid_http_cli(cf, -1, url, -1, req, "application/json", azhdr, 0x01);
    if (!res) {
      ERR("Call to url(%s) failed", url);
      return 0;
    }
    curl_easy_getinfo(cf->curl, CURLINFO_RESPONSE_CODE, &rc);
    switch (rc) {
    case 200:
      p = strstr(res->s, CRLF CRLF);  /* find where headers end */
      if (!p) {
	ERR("Failed to find empty line separating headers from the body(%s)", res->s);
	return res;
      }
      p = zx_dup_cstr(cf->ctx, p + sizeof(CRLF CRLF)-1);
      ZX_FREE(cf->ctx, res->s);
      res->s = p;
      return res;
    case 401:
#if 0
      p = strstr(res->s, "WWW-Authenticate: UMA realm=");
      if (!p) {
	ERR("Failed to find WWW-Authenticate header or it is not of uma type res(%s)", res->s);
	return res;
      }
      p = p + sizeof("WWW-Authenticate: UMA realm=")+1;
      p = zxid_scan_quoted(cf, p, &realm);

      p = strstr(p, "host_id=");
      p = p + sizeof("host_id=")+1;
      p = zxid_scan_quoted(cf, p, &host_id);
#else
      if (sscanf(res->s, "WWW-Authenticate: UMA realm=\"%m[^\"]\" , host_id=\"%m[^\"]\", as_uri=\"%m[^\"]\"",
		  &realm, &host_id, &as_uri) != 3) {
	ERR("Failed to find WWW-Authenticate header or it is not correctly formatted for UMA. res(%s)", res->s);
	return res;
      }
#endif 

      // Call AS to get RPT
      zxid_oauth_call_rpt_endpoint(cf, ses, host_id, as_uri);
      azhdr = zx_alloc_sprintf(cf->ctx, 0, "Authorization: Bearer %s", ses->rpt);
      break;

    case 403:
      if (sscanf(res->s, "WWW-Authenticate: UMA realm=\"%m[^\"]\" , host_id=\"%m[^\"]\", as_uri=\"%m[^\"]\", error=\"%m[^\"]\"",
		  &realm, &host_id, &as_uri, &error) != 4) {
	ERR("Failed to find WWW-Authenticate header or it is not correctly formatted for UMA. res(%s)", res->s);
	return res;
      }
      if (strcmp(error, "insufficient_scope")) {
	ERR("Expected error insufficient_scope, got(%s)", error);
	return res;
      }
      p = strstr(res->s, CRLF CRLF);  /* find where headers end */
      if (!p) {
	ERR("Failed to find empty line separating headers from the body(%s)", res->s);
	return res;
      }
      ticket = zx_json_extract_dup(cf->ctx, res->s, "\"ticket\"");
      
      // Call AS to get more perms
      zxid_oauth_call_az_endpoint(cf, ses, host_id, as_uri, ticket);
      azhdr = zx_alloc_sprintf(cf->ctx, 0, "Authorization: Bearer %s", ses->rpt);
      break;

    default:
      ERR("Unexpected HTTP response %ld", rc);
      return 0;
    }
  }
}