From 443c2c3357e491da1b520d3979798092cf2e6fb2 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Wed, 1 Jan 2020 00:00:00 +0100 Subject: Set up the project infrastructure --- src/Makefile.am | 10 ++ src/gettext.h | 290 +++++++++++++++++++++++++++++++++++++++++++ src/libwebidoidc.c | 7 ++ src/scm/webid-oidc/ChangeLog | 124 ++++++++++++++++++ 4 files changed, 431 insertions(+) create mode 100644 src/Makefile.am create mode 100644 src/gettext.h create mode 100644 src/libwebidoidc.c create mode 100644 src/scm/webid-oidc/ChangeLog (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..832391d --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,10 @@ +lib_LTLIBRARIES += %reldir%/libwebidoidc.la + +AM_CPPFLAGS += -I %reldir% -I $(srcdir)/%reldir% + +%canon_reldir%_libwebidoidc_la_SOURCES = %reldir%/gettext.h %reldir%/libwebidoidc.c +%canon_reldir%_libwebidoidc_la_LIBADD = $(noinst_LTLIBRARIES) $(GUILE_LIBS) $(NETTLE_LIBS) + +SUFFIXES += .c .x +.c.x: + $(AM_V_GEN) $(SNARF) -o $@ $< $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(AM_CPPFLAGS) $(AM_CFLAGS) $(GUILE_CFLAGS) $(NETTLE_CFLAGS) diff --git a/src/gettext.h b/src/gettext.h new file mode 100644 index 0000000..1382000 --- /dev/null +++ b/src/gettext.h @@ -0,0 +1,290 @@ +/* Convenience header for conditional use of GNU . + Copyright (C) 1995-1998, 2000-2002, 2004-2006, 2009-2018 Free Software + Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _LIBGETTEXT_H +#define _LIBGETTEXT_H 1 + +/* NLS can be disabled through the configure --disable-nls option + or through "#define ENABLE NLS 0" before including this file. */ +#if defined ENABLE_NLS && ENABLE_NLS + +/* Get declarations of GNU message catalog functions. */ +#include + +/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by + the gettext() and ngettext() macros. This is an alternative to calling + textdomain(), and is useful for libraries. */ +#ifdef DEFAULT_TEXT_DOMAIN +#undef gettext +#define gettext(Msgid) \ + dgettext (DEFAULT_TEXT_DOMAIN, Msgid) +#undef ngettext +#define ngettext(Msgid1, Msgid2, N) \ + dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N) +#endif + +#else + +/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which + chokes if dcgettext is defined as a macro. So include it now, to make + later inclusions of a NOP. We don't include + as well because people using "gettext.h" will not include , + and also including would fail on SunOS 4, whereas + is OK. */ +#if defined(__sun) +#include +#endif + +/* Many header files from the libstdc++ coming with g++ 3.3 or newer include + , which chokes if dcgettext is defined as a macro. So include + it now, to make later inclusions of a NOP. */ +#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3) +#include +#if (__GLIBC__ >= 2 && !defined __UCLIBC__) || _GLIBCXX_HAVE_LIBINTL_H +#include +#endif +#endif + +/* Disabled NLS. + The casts to 'const char *' serve the purpose of producing warnings + for invalid uses of the value returned from these functions. + On pre-ANSI systems without 'const', the config.h file is supposed to + contain "#define const". */ +#undef gettext +#define gettext(Msgid) ((const char *) (Msgid)) +#undef dgettext +#define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid)) +#undef dcgettext +#define dcgettext(Domainname, Msgid, Category) \ + ((void) (Category), dgettext (Domainname, Msgid)) +#undef ngettext +#define ngettext(Msgid1, Msgid2, N) \ + ((N) == 1 \ + ? ((void) (Msgid2), (const char *) (Msgid1)) \ + : ((void) (Msgid1), (const char *) (Msgid2))) +#undef dngettext +#define dngettext(Domainname, Msgid1, Msgid2, N) \ + ((void) (Domainname), ngettext (Msgid1, Msgid2, N)) +#undef dcngettext +#define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ + ((void) (Category), dngettext (Domainname, Msgid1, Msgid2, N)) +#undef textdomain +#define textdomain(Domainname) ((const char *) (Domainname)) +#undef bindtextdomain +#define bindtextdomain(Domainname, Dirname) \ + ((void) (Domainname), (const char *) (Dirname)) +#undef bind_textdomain_codeset +#define bind_textdomain_codeset(Domainname, Codeset) \ + ((void) (Domainname), (const char *) (Codeset)) + +#endif + +/* Prefer gnulib's setlocale override over libintl's setlocale override. */ +#ifdef GNULIB_defined_setlocale +#undef setlocale +#define setlocale rpl_setlocale +#endif + +/* A pseudo function call that serves as a marker for the automated + extraction of messages, but does not call gettext(). The run-time + translation is done at a different place in the code. + The argument, String, should be a literal string. Concatenated strings + and other string expressions won't work. + The macro's expansion is not parenthesized, so that it is suitable as + initializer for static 'char[]' or 'const char[]' variables. */ +#define gettext_noop(String) String + +/* The separator between msgctxt and msgid in a .mo file. */ +#define GETTEXT_CONTEXT_GLUE "\004" + +/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a + MSGID. MSGCTXT and MSGID must be string literals. MSGCTXT should be + short and rarely need to change. + The letter 'p' stands for 'particular' or 'special'. */ +#ifdef DEFAULT_TEXT_DOMAIN +#define pgettext(Msgctxt, Msgid) \ + pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#else +#define pgettext(Msgctxt, Msgid) \ + pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#endif +#define dpgettext(Domainname, Msgctxt, Msgid) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category) +#ifdef DEFAULT_TEXT_DOMAIN +#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#else +#define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#endif +#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +pgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, int category) +{ + const char *translation = dcgettext (domain, msg_ctxt_id, category); + if (translation == msg_ctxt_id) + return msgid; + else + return translation; +} + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +npgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, + const char *msgid_plural, unsigned long int n, int category) +{ + const char *translation = + dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + if (translation == msg_ctxt_id || translation == msgid_plural) + return (n == 1 ? msgid : msgid_plural); + else + return translation; +} + +/* The same thing extended for non-constant arguments. Here MSGCTXT and MSGID + can be arbitrary expressions. But for string literals these macros are + less efficient than those above. */ + +#include + +#if (((__GNUC__ >= 3 || __GNUG__ >= 2) && !defined __STRICT_ANSI__) \ + /* || (__STDC_VERSION__ == 199901L && !defined __HP_cc) + || (__STDC_VERSION__ >= 201112L && !defined __STDC_NO_VLA__) */ ) +#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 1 +#else +#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS 0 +#endif + +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS +#include +#endif + +#define pgettext_expr(Msgctxt, Msgid) \ + dcpgettext_expr (NULL, Msgctxt, Msgid, LC_MESSAGES) +#define dpgettext_expr(Domainname, Msgctxt, Msgid) \ + dcpgettext_expr (Domainname, Msgctxt, Msgid, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + int found_translation; + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = dcgettext (domain, msg_ctxt_id, category); + found_translation = (translation != msg_ctxt_id); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (found_translation) + return translation; + } + return msgid; +} + +#define npgettext_expr(Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (NULL, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dnpgettext_expr(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (Domainname, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcnpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, + const char *msgid_plural, unsigned long int n, int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + int found_translation; + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = + dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + found_translation = !(translation == msg_ctxt_id + || translation == msgid_plural); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (found_translation) + return translation; + } + return (n == 1 ? msgid : msgid_plural); +} + +#endif /* _LIBGETTEXT_H */ diff --git a/src/libwebidoidc.c b/src/libwebidoidc.c new file mode 100644 index 0000000..213cbcd --- /dev/null +++ b/src/libwebidoidc.c @@ -0,0 +1,7 @@ +#define N_(s) + +void +init_webidoidc (void) +{ + N_("This is the main function."); +} diff --git a/src/scm/webid-oidc/ChangeLog b/src/scm/webid-oidc/ChangeLog new file mode 100644 index 0000000..1223e69 --- /dev/null +++ b/src/scm/webid-oidc/ChangeLog @@ -0,0 +1,124 @@ +2021-04-30 Vivien Kraus + + * reverse-proxy.scm (make-reverse-proxy): Make the auth header + lowercase, so that all capitalizations of that header in the + incoming requests are dropped. + +2021-04-26 Vivien Kraus + + * identity-provider.scm (make-identity-provider): while saving the + key to file, close the port so that it gets flushed. + +2021-04-22 Vivien Kraus + + * oidc-configuration.scm (get-oidc-configuration): accept hosts as + URIs (discard everything but the host). + + * token-endpoint.scm (make-token-endpoint): use (webid-oidc + oidc-id-token) to issue the ID token. + + * oidc-id-token.scm (issue-id-token): fix function. + (id-token-payload?): now the std uses a "webid" claim for the + webid of the user, fix that. + + * token-endpoint.scm (make-token-endpoint): also return the ID + token. + + * oidc-id-token.scm (id-token-decode): this function still used a + cache and current-time arguments. + +2021-03-30 Vivien Kraus + + * hello-world.scm (webid-oidc): remove the hello world. + + * resource.scm: don’t provide a Linked Data Platform + implementation here. + + * resource-server.scm (make-authenticator): The server’s public + URI is now exported, so you don’t rely on the Host header anymore. + + * dpop-proof.scm (uris-compatible): Check decoded paths, so if + some characters are encoded they are equal to their decoded + counterparts. + +2021-03-13 Vivien Kraus + + * resource.scm (default-root-acl): The root authorization + statements need not be inherited, they are by default. + +2021-02-27 Vivien Kraus + + * hello-world.scm (main): Use an explicit caching and loggin + http-get. + (main): Add a content-type to the “unauthorized” response. + + * resource-server.scm (make-authenticator): http-get and + current-time are now authenticator parameters, not request + parameters. + + * provider-confirmation.scm (get-provider-confirmations): Don't + try to cache. + + * identity-provider.scm (make-identity-provider): The identity + provider only uses the cache through the http-get argument. + (main): Use a caching http-get. + + * token-endpoint.scm (make-token-endpoint): make the current-time + argument an endpoint parameter, not a handler parameter. + + * authorization-endpoint.scm (make-authorization-endpoint): No + need for an explicit cache, since we have http-get. + (make-authorization-endpoint): Pass current-time as an endpoint + parameter, not a handler parameter, because it should be + synchronized with that of the internal http-get with cache. + (make-authorization-endpoint): get-client-manifest is simpler. + + * client-manifest.scm (get-client-manifest): Same simplification + as for get-jwks. + + * oidc-configuration.scm (get-oidc-configuration): Same + siplifications as for get-jwks. + + * jwk.scm (get-jwks): Simplification, the cache is managed through + the http-get argument. + + * Makefile.am (dist_webidoidcmod_DATA): Use the new guile web-client with cache + +2021-02-17 Vivien Kraus + + * authorization-page.scm (with-locale): Avoid deadlock when + setlocale throws. + +2021-02-07 Vivien Kraus + + * authorization-endpoint.scm (make-authorization-endpoint): use + the new modules. + + * Makefile.am (webidoidcgo_DATA): compile the new modules to + generate the authorization pages. + + * Makefile.am (dist_webidoidcmod_DATA): distribute the new modules + to generate the authorization pages. + + * authorization-page.scm: wrapper of the unsafe module in a + thread-safe fashion. + + * authorization-page-unsafe.scm: new module. + + * dpop-proof.scm (uris-compatible): Also check userinfo for + equality. + +2020-12-05 Vivien Kraus + + * dpop-proof.scm (dpop-proof-decode): Accept a predicate to decode + a dpop proof, so that we can use it for the token endpoint. + +2020-12-02 Vivien Kraus + + * jws.scm (jws-decode): In order to verify OIDC ID tokens, the key + lookup function now takes a full JWS and not only the header. + +2020-11-29 Vivien Kraus + + * jws.scm (jws-decode): The JWS can be verified using a JWKS or multiple keys. + -- cgit v1.2.3