commit 5747257471e9b66208836799bced6df3d32c50f4
parent dfe45df6f05c770db78922dc352c4d88de15e56e
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Tue, 30 May 2017 13:50:07 +0200
-fix idp
Diffstat:
6 files changed, 21 insertions(+), 162 deletions(-)
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
@@ -348,7 +348,7 @@ GNUNET_CREDENTIAL_disconnect (struct GNUNET_CREDENTIAL_Handle *handle)
* @param lr the verify request to cancel
*/
void
-GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr)
+GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr)
{
struct GNUNET_CREDENTIAL_Handle *handle = vr->credential_handle;
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c
@@ -130,7 +130,7 @@ do_shutdown (void *cls)
{
if (NULL != verify_request)
{
- GNUNET_CREDENTIAL_verify_cancel (verify_request);
+ GNUNET_CREDENTIAL_request_cancel (verify_request);
verify_request = NULL;
}
if (NULL != credential)
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c
@@ -177,7 +177,7 @@ cleanup_handle (struct RequestHandle *handle)
if (NULL != handle->subject_attr)
GNUNET_free (handle->subject_attr);
if (NULL != handle->verify_request)
- GNUNET_CREDENTIAL_verify_cancel (handle->verify_request);
+ GNUNET_CREDENTIAL_request_cancel (handle->verify_request);
if (NULL != handle->credential)
GNUNET_CREDENTIAL_disconnect (handle->credential);
if (NULL != handle->id_op)
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
@@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle)
ticket_destroy (handle->ticket);
if (NULL != handle->label)
GNUNET_free (handle->label);
+ if (NULL != handle->ns_it)
+ GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
+ if (NULL != handle->credential_request)
+ GNUNET_CREDENTIAL_request_cancel (handle->credential_request);
GNUNET_free (handle);
}
@@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls,
}
-
-static void
-find_existing_token_error (void *cls)
-{
- struct IssueHandle *handle = cls;
- cleanup_issue_handle (handle);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n");
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
-}
-
-
-static void
-find_existing_token_finished (void *cls)
-{
- struct IssueHandle *handle = cls;
- uint64_t rnd_key;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- ">>> No existing token found\n");
- rnd_key =
- GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
- UINT64_MAX);
- GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
- sizeof (uint64_t),
- &handle->label);
- handle->ns_it = NULL;
- handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
- &handle->iss_key,
- &attr_collect_error,
- handle,
- &attr_collect,
- handle,
- &attr_collect_finished,
- handle);
-}
-
-
-/**
- *
- * Look for existing token
- *
- * @param cls the identity entry
- * @param zone the identity
- * @param lbl the name of the record
- * @param rd_count number of records
- * @param rd record data
- *
- */
-static void
-find_existing_token (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
- const char *lbl,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct IssueHandle *handle = cls;
- const struct GNUNET_GNSRECORD_Data *token_metadata_record;
- struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
- struct GNUNET_HashCode key;
- int scope_count_token;
- char *scope;
- char *tmp_scopes;
-
- //There should be only a single record for a token under a label
- if (2 != rd_count)
- {
- GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
- return;
- }
-
- if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
- {
- token_metadata_record = &rd[0];
- }
- else
- {
- token_metadata_record = &rd[1];
- }
- if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
- {
- GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
- return;
- }
- ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data);
- aud_key =
- (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
- tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-
- if (0 != memcmp (aud_key, &handle->aud_key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
- {
- char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- //Audience does not match!
- char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
- token_metadata_record->data,
- token_metadata_record->data_size);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Token does not match audience %s vs %s. Moving on\n",
- tmp2,
- tmp);
- GNUNET_free (tmp_scopes);
- GNUNET_free (tmp2);
- GNUNET_free (tmp);
- GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
- return;
- }
-
- scope = strtok (tmp_scopes, ",");
- scope_count_token = 0;
- while (NULL != scope)
- {
- GNUNET_CRYPTO_hash (scope,
- strlen (scope),
- &key);
-
- if ((NULL != handle->attr_map) &&
- (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key)))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Issued token does not include `%s'. Moving on\n", scope);
- GNUNET_free (tmp_scopes);
- GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
- return;
- }
- scope_count_token++;
- scope = strtok (NULL, ",");
- }
- GNUNET_free (tmp_scopes);
- //All scopes in token are also in request. Now
- //Check length
- if ((NULL != handle->attr_map) &&
- (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token))
- {
- //We have an existing token
- handle->label = GNUNET_strdup (lbl);
- handle->ns_it = NULL;
- handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
- &handle->iss_key,
- &attr_collect_error,
- handle,
- &attr_collect,
- handle,
- &attr_collect_finished,
- handle);
-
- return;
- }
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Nuber of attributes in token do not match request\n");
- //No luck
- GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-}
-
/**
* Checks an issue message
*
@@ -1684,6 +1534,7 @@ handle_issue_message (void *cls,
char *scopes_tmp;
char *scope;
const char *v_attrs;
+ uint64_t rnd_key;
struct GNUNET_HashCode key;
struct IssueHandle *issue_handle;
struct VerifiedAttributeEntry *vattr_entry;
@@ -1733,14 +1584,20 @@ handle_issue_message (void *cls,
issue_handle->scopes = GNUNET_strdup (scopes);
issue_handle->token = token_create (&issue_handle->iss_pkey,
&issue_handle->aud_key);
+ rnd_key =
+ GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+ UINT64_MAX);
+ GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
+ sizeof (uint64_t),
+ &issue_handle->label);
issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
- &im->iss_key,
- &find_existing_token_error,
+ &issue_handle->iss_key,
+ &attr_collect_error,
issue_handle,
- &find_existing_token,
+ &attr_collect,
issue_handle,
- &find_existing_token_finished,
+ &attr_collect_finished,
issue_handle);
}
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
@@ -402,6 +402,8 @@ token_creat_cont (void *cls,
char *ticket_str;
char *token_str;
char *result_str;
+
+ handle->idp_op = NULL;
if (NULL == ticket)
{
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h
@@ -377,7 +377,7 @@ GNUNET_CREDENTIAL_credential_issue (
* @param lr the lookup request to cancel
*/
void
-GNUNET_CREDENTIAL_verify_cancel (struct GNUNET_CREDENTIAL_Request *vr);
+GNUNET_CREDENTIAL_request_cancel (struct GNUNET_CREDENTIAL_Request *vr);
#if 0 /* keep Emacsens' auto-indent happy */
