1 /* zxididp.c - CGI binary for SAML 2 IdP
2 * Copyright (c) 2012-2013 Synergetics SA (sampo@synergetics.be), All Rights Reserved.
3 * Copyright (c) 2008-2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved.
4 * This is confidential unpublished proprietary source code of the author.
5 * NO WARRANTY, not even implied warranties. Contains trade secrets.
6 * Distribution prohibited unless authorized in writing.
7 * Licensed under Apache License 2.0, see file COPYING.
8 * $Id: zxididp.c,v 1.9 2010-01-08 02:10:09 sampo Exp $
9 *
10 * 12.11.2008, created --Sampo
11 * 24.8.2009, perfected for TAS3 workshop --Sampo
12 * 13.12.2011, added VPATH and VURL --Sampo
13 *
14 * See zxid_idp_dispatch() in zxididpx.c for most interesting parts of IdP implementation.
15 *
16 * See also: http://hoohoo.ncsa.uiuc.edu/cgi/interface.html (CGI specification)
17 * README-zxid, section 10 "zxid_simple() API"
18 */
19
20 #include <zx/platform.h>
21
22 #include <string.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <fcntl.h>
28 #include <malloc.h>
29
30 #include <zx/errmac.h>
31 #include <zx/zxid.h> /* ZXID main API, including zxid_simple(). */
32 #include <zx/zxidconf.h> /* Default and compile-time configuration options. */
33 #include <zx/c/zxidvers.h>
34
35 char* help =
36 "zxididp - SAML 2.0 IdP CGI (also DI, AS, IM, and PS) - R" ZXID_REL "\n\
37 SAML 2.0 is a standard for federated identity and Single Sign-On.\n\
38 Copyright (c) 2012-2013 Synergetics NV (sampo@synergetics.be), All Rights Reserved.\n\
39 Copyright (c) 2008-2011 Sampo Kellomaki (sampo@iki.fi), All Rights Reserved.\n\
40 NO WARRANTY, not even implied warranties. Licensed under Apache License v2.0\n\
41 See http://www.apache.org/licenses/LICENSE-2.0\n\
42 Send well-researched bug reports to the author. Home: zxid.org\n\
43 \n\
44 Usage: zxididp [options] (when used as CGI, no options can be supplied)\n\
45 -h This help message\n\
46 -- End of options\n";
47
48 /* ============== M A I N ============== */
49
50 /* CONFIG: You must have created /var/zxid OR c:/var/zxid directory hierarchy. See `make dir' */
51 /* CONFIG: You must edit the URL to match your domain name and port */
52
53 #ifdef MINGW
54 #define CONF "URL=https://idp1.zxidp.org:8443/zxididp&SES_COOKIE_NAME=ZXIDPSES&IDP_ENA=1&PDP_ENA=1&PATH=c:/var/zxid/idp"
55 #else
56 /*#define CONF "URL=https://idp1.zxidp.org:8443/zxididp&NICE_NAME=ZXIdP&NOSIG_FATAL=0&SES_COOKIE_NAME=ZXIDPSES&IDP_ENA=1&PDP_ENA=1&PATH=/var/zxid/idp"*/
57 //#define CONF "IDP_ENA=1&VPATH=%h/&VURL=%a%h%s"
58 //#define CONF "IDP_ENA=1&PATH=/var/zxid/idp&VPATH=/var/zxid/%h/&VURL=%a%h%s"
59 #define CONF "IDP_ENA=1"
60 #endif
61
62 /* Called by: */
main(int argc,char ** argv)63 int main(int argc, char** argv)
64 {
65 char* p;
66 char* sid;
67 char* nid;
68 char* res;
69 char* setcookie;
70
71 #ifdef _GNU_SOURCE
72 if (getenv("MALLOC_TRACE"))
73 mtrace();
74 #endif
75
76 #if 0
77 /* Allocate and realase memory to cause malloc to grab bigger mmap page */
78 /* Apparently this trick does not work - perhaps memory allocation
79 is sorted by page size or something. --Sampo */
80 #ifndef ZXIDIDP_PREALLOC_KB
81 #define ZXIDIDP_PREALLOC_KB 300
82 #endif
83 free(malloc(ZXIDIDP_PREALLOC_KB*1024));
84 mallopt(M_CHECK_ACTION,3); /* core on bad free(3) */
85 #endif
86
87 #if 1
88 /* Helps debugging CGI scripts if you see stderr. */
89 /* Reopen stderr only in mini_httpd case */
90 //p = getenv("SERVER_SOFTWARE");
91 //if (p && !memcmp(p, "mini_httpd", sizeof("mini_httpd")-1)) {
92 close(2);
93 if (open("/var/tmp/zxid.stderr", O_WRONLY | O_CREAT | O_APPEND, 0666) != 2) {
94 perror("/var/tmp/zxid.stderr");
95 exit(2);
96 }
97 //}
98 /*errmac_debug = 1;*/
99 fprintf(stderr, CC_PURY("=================== Running zxididp %s =================== %x p%d qs(%s)\n"), ZXID_REL, errmac_debug, getpid(), getenv("QUERY_STRING"));
100 p = getenv(ZXID_ENV_PREFIX "PRE_CONF");
101 D(ZXID_ENV_PREFIX "PRE_CONF(%s)", p);
102 //fprintf(stderr, "p(%s)\n", p);
103 #endif
104
105 if (argc > 1) {
106 fprintf(stderr, "This is a CGI script (written in C). No arguments are accepted.\n%s", help);
107 exit(1);
108 }
109
110 #if 1
111 strncpy(errmac_instance, CC_PURY("\tidp"), sizeof(errmac_instance));
112 #else
113 strncpy(errmac_instance, "\tidp", sizeof(errmac_instance));
114 #endif
115
116 res = zxid_simple(CONF, 0, 0x0fff); /* 0xfff == full CGI automation */
117 switch (res[0]) {
118 default:
119 ERR("Unknown zxid_simple() response(%s)", res);
120 case 'd': break; /* Logged in case */
121 }
122
123 /* Parse the LDIF to figure out session ID and the federated ID */
124
125 sid = strstr(res, "sesid: ");
126 nid = strstr(res, "idpnid: ");
127 setcookie = strstr(res, "setcookie: ");
128 if (sid) {
129 sid += sizeof("sesid: ") - 1;
130 p = strchr(sid, '\n');
131 if (p)
132 *p = 0; /* nul termination */
133 }
134 if (nid) {
135 nid += sizeof("idpnid: ") - 1;
136 p = strchr(nid, '\n');
137 if (p)
138 *p = 0; /* nul termination */
139 }
140 if (setcookie) {
141 setcookie += sizeof("setcookie: ") - 1;
142 p = strchr(setcookie, '\n');
143 if (p)
144 *p = 0; /* nul termination */
145 }
146
147 /* Render protected content page. Usually you would be redirected back to SP. */
148
149 if (setcookie && !ONE_OF_2(*setcookie, '-', 0))
150 printf("SET-COOKIE: %s\r\n", setcookie);
151 printf("Content-Type: text/html\r\n\r\n");
152 printf("<title>ZXID IdP Mgmt</title>" ZXID_BODY_TAG "<h1>ZXID IdP Management (user logged in, session active)</h1><pre>\n");
153 printf("</pre><form method=post action=\"?o=P\">");
154 //if (err) printf("<p><font color=red><i>%s</i></font></p>\n", err);
155 //if (msg) printf("<p><i>%s</i></p>\n", msg);
156 if (sid) {
157 printf("<input type=hidden name=s value=\"%s\">", sid);
158 printf("<input type=submit name=gl value=\" Local Logout \">\n");
159 printf("<input type=submit name=gr value=\" Single Logout (Redir) \">\n");
160 printf("<input type=submit name=gs value=\" Single Logout (SOAP) \">\n");
161 printf("<input type=submit name=gt value=\" Defederate (Redir) \">\n");
162 printf("<input type=submit name=gu value=\" Defederate (SOAP) \"><br>\n");
163 printf("sid(%s) nid(%s) <a href=\"?s=%s\">Reload</a>", sid, nid?nid:"?!?", sid);
164 }
165
166 printf("</form><hr>");
167 printf("<a href=\"http://zxid.org/\">zxid.org</a>, %s", zxid_version_str());
168 return 0;
169 }
170
171 /* EOF -- zxididp.c */
172