From 6dcf9516533682613974a69dc5e1ab6e88bee621 Mon Sep 17 00:00:00 2001 From: zachmann Date: Wed, 24 Apr 2024 14:49:41 +0200 Subject: [PATCH] add possibility to oidc-add to load default account for issuer url --- CHANGELOG.md | 6 +++++ src/oidc-add/add_handler.c | 6 ++--- src/oidc-add/add_handler.h | 4 ++-- src/oidc-add/oidc-add.c | 33 ++++++++++++++++++++++++++-- src/oidc-add/oidc-add_options.c | 7 +++--- src/oidc-add/oidc-add_options.h | 3 +++ src/oidc-agent/oidcp/proxy_handler.c | 19 ---------------- src/oidc-agent/oidcp/proxy_handler.h | 1 - src/utils/config/issuerConfig.c | 21 +++++++++++++++++- src/utils/config/issuerConfig.h | 7 +++--- 10 files changed, 73 insertions(+), 34 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index adeb4ec5..bc9c0ada 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,12 @@ +## oidc-agent 5.1.1 + +### Enhancements + +- `oidc-add` can now also take an issuer url to load the default account for this issuer, i.e. `oidc-add ` + ## oidc-agent 5.1.0 ### Changes diff --git a/src/oidc-add/add_handler.c b/src/oidc-add/add_handler.c index 03db1a05..a261e557 100644 --- a/src/oidc-add/add_handler.c +++ b/src/oidc-add/add_handler.c @@ -29,7 +29,7 @@ unsigned char checkIfAccountIsLoaded(struct arguments* arguments, return add_checkLoadedAccountsResponseForAccount(res, account); } -void add_handleAdd(char* account, struct arguments* arguments) { +void add_handleAdd(const char* account, struct arguments* arguments) { if (!arguments->force && checkIfAccountIsLoaded(arguments, account)) { printStdout("Account '%s' already loaded\n", account); exit(EXIT_SUCCESS); @@ -51,7 +51,7 @@ void add_handleAdd(char* account, struct arguments* arguments) { secFree(iss); char* password = result.password; - struct password_entry pw = {.shortname = account}; + struct password_entry pw = {.shortname = (char*)account}; unsigned char type = PW_TYPE_PRMT; if (arguments->pw_cmd) { pwe_setCommand(&pw, arguments->pw_cmd); @@ -132,7 +132,7 @@ void add_handleLock(int lock, struct arguments* arguments) { add_parseResponse(res); } -void add_handlePrint(char* account, struct arguments* arguments) { +void add_handlePrint(const char* account, struct arguments* arguments) { char* json_p = getDecryptedAccountAsStringFromFilePrompt( account, arguments->pw_cmd, arguments->pw_file, arguments->pw_env); if (json_p == NULL) { diff --git a/src/oidc-add/add_handler.h b/src/oidc-add/add_handler.h index a7736275..d4a5864a 100644 --- a/src/oidc-add/add_handler.h +++ b/src/oidc-add/add_handler.h @@ -3,10 +3,10 @@ #include "oidc-add/oidc-add_options.h" -void add_handleAdd(char* account, struct arguments* arguments); +void add_handleAdd(const char* account, struct arguments* arguments); void add_handleRemove(const char* account, struct arguments* arguments); void add_handleRemoveAll(struct arguments* arguments); -void add_handlePrint(char* account, struct arguments* arguments); +void add_handlePrint(const char* account, struct arguments* arguments); void add_handleLock(int lock, struct arguments* arguments); void add_handleListLoadedAccounts(struct arguments* arguments); diff --git a/src/oidc-add/oidc-add.c b/src/oidc-add/oidc-add.c index 552966ef..84bd4965 100644 --- a/src/oidc-add/oidc-add.c +++ b/src/oidc-add/oidc-add.c @@ -3,9 +3,12 @@ #include "account/account.h" #include "add_handler.h" #include "utils/commonFeatures.h" +#include "utils/config/issuerConfig.h" #include "utils/disableTracing.h" #include "utils/file_io/fileUtils.h" #include "utils/logger.h" +#include "utils/printer.h" +#include "utils/string/stringUtils.h" int main(int argc, char** argv) { platform_disable_tracing(); @@ -39,8 +42,12 @@ int main(int argc, char** argv) { } checkOidcDirExists(); - char* account = arguments.args[0]; - if (!accountConfigExists(account)) { + const char* account = arguments.args[0]; + unsigned char useIssuerInsteadOfShortname = 0; + if (strstarts(account, "https://")) { + useIssuerInsteadOfShortname = 1; + } + if (!useIssuerInsteadOfShortname && !accountConfigExists(account)) { if (!(arguments.remove && arguments.remote)) { // If connected with // remote agent a remove // uses a shortname that does not exist locally @@ -50,13 +57,35 @@ int main(int argc, char** argv) { } } if (arguments.print) { + if (useIssuerInsteadOfShortname) { + printError( + "Cannot use '--%s' with an issuer url instead of a shortname.\n", + OPT_LONG_PRINT); + return EXIT_FAILURE; + } add_handlePrint(account, &arguments); return EXIT_SUCCESS; } if (arguments.remove) { + if (useIssuerInsteadOfShortname) { + printError( + "Cannot use '--%s' with an issuer url instead of a shortname.\n", + OPT_LONG_REMOVE); + return EXIT_FAILURE; + } add_handleRemove(account, &arguments); } else { + if (useIssuerInsteadOfShortname) { + const char* issuer = account; + account = getDefaultAccountConfigForIssuer(issuer); + if (account == NULL) { + printError("Could not determine default account shortname for passed " + "issuer url: '%s'\n", + issuer); + return EXIT_FAILURE; + } + } add_handleAdd(account, &arguments); } diff --git a/src/oidc-add/oidc-add_options.c b/src/oidc-add/oidc-add_options.c index ab67ebc9..7a950195 100644 --- a/src/oidc-add/oidc-add_options.c +++ b/src/oidc-add/oidc-add_options.c @@ -18,14 +18,15 @@ static struct argp_option options[] = { {0, 0, 0, 0, "General:", 1}, - {"remove", 'r', 0, 0, "The account configuration is removed, not added", 1}, + {OPT_LONG_REMOVE, 'r', 0, 0, + "The account configuration is removed, not added", 1}, {"remove-all", 'R', 0, 0, "Removes all account configurations currently loaded", 1}, {"list", 'l', 0, 0, "Lists all configured account configurations", 1}, {"loaded", 'a', 0, 0, "Lists the currently loaded account configurations", 1}, - {"print", 'p', 0, 0, "Prints the encrypted account configuration and exits", - 1}, + {OPT_LONG_PRINT, 'p', 0, 0, + "Prints the encrypted account configuration and exits", 1}, {"lifetime", 't', "TIME", 0, "Set a maximum lifetime in seconds when adding the account configuration", 1}, diff --git a/src/oidc-add/oidc-add_options.h b/src/oidc-add/oidc-add_options.h index 9d0906bd..db9c8037 100644 --- a/src/oidc-add/oidc-add_options.h +++ b/src/oidc-add/oidc-add_options.h @@ -7,6 +7,9 @@ #define ARG_PROVIDED_BUT_USES_DEFAULT 2 +#define OPT_LONG_PRINT "print" +#define OPT_LONG_REMOVE "remove" + struct arguments { char* args[1]; /* account */ char* pw_cmd; diff --git a/src/oidc-agent/oidcp/proxy_handler.c b/src/oidc-agent/oidcp/proxy_handler.c index bae8cc98..9a9c6cea 100644 --- a/src/oidc-agent/oidcp/proxy_handler.c +++ b/src/oidc-agent/oidcp/proxy_handler.c @@ -106,22 +106,3 @@ char* getAutoloadConfig(const char* shortname, const char* issuer, secFree(crypt_content); return NULL; } - -const char* getDefaultAccountConfigForIssuer(const char* issuer_url) { - if (issuer_url == NULL) { - oidc_setArgNullFuncError(__func__); - return NULL; - } - const struct issuerConfig* c = getIssuerConfig(issuer_url); - if (c == NULL) { - return NULL; - } - if (strValid(c->default_account)) { - return c->default_account; - } - if (!listValid(c->accounts)) { - return NULL; - } - list_node_t* firstAccount = list_at(c->accounts, 0); - return firstAccount ? firstAccount->val : NULL; -} diff --git a/src/oidc-agent/oidcp/proxy_handler.h b/src/oidc-agent/oidcp/proxy_handler.h index 9466f2b4..b3368c98 100644 --- a/src/oidc-agent/oidcp/proxy_handler.h +++ b/src/oidc-agent/oidcp/proxy_handler.h @@ -15,6 +15,5 @@ oidc_error_t updateRefreshTokenUsingGPG(const char* shortname, const char* gpg_key); char* getAutoloadConfig(const char* shortname, const char* issuer, const char* application_hint); -const char* getDefaultAccountConfigForIssuer(const char* issuer_url); #endif // OIDC_PROXY_HANDLER_H diff --git a/src/utils/config/issuerConfig.c b/src/utils/config/issuerConfig.c index 830ea9ad..9a9613db 100644 --- a/src/utils/config/issuerConfig.c +++ b/src/utils/config/issuerConfig.c @@ -503,4 +503,23 @@ char* getAccountInfos(list_t* loaded) { char* json_str = jsonToStringUnformatted(json); secFreeJson(json); return json_str; -} \ No newline at end of file +} + +const char* getDefaultAccountConfigForIssuer(const char* issuer_url) { + if (issuer_url == NULL) { + oidc_setArgNullFuncError(__func__); + return NULL; + } + const struct issuerConfig* c = getIssuerConfig(issuer_url); + if (c == NULL) { + return NULL; + } + if (strValid(c->default_account)) { + return c->default_account; + } + if (!listValid(c->accounts)) { + return NULL; + } + list_node_t* firstAccount = list_at(c->accounts, 0); + return firstAccount ? firstAccount->val : NULL; +} diff --git a/src/utils/config/issuerConfig.h b/src/utils/config/issuerConfig.h index 53323977..fa8aea95 100644 --- a/src/utils/config/issuerConfig.h +++ b/src/utils/config/issuerConfig.h @@ -35,9 +35,10 @@ const list_t* getPubClientFlows(const char* issuer_url); const list_t* getUserClientFlows(const char* issuer_url); list_t* getSuggestableIssuers(); list_t* defaultRedirectURIs(); -void oidcp_updateIssuerConfig(const char* action, const char* issuer, - const char* shortname); -char* getAccountInfos(list_t* loaded); +void oidcp_updateIssuerConfig(const char* action, const char* issuer, + const char* shortname); +char* getAccountInfos(list_t* loaded); +const char* getDefaultAccountConfigForIssuer(const char* issuer_url); #ifndef secFreeIssuerConfig #define secFreeIssuerConfig(ptr) \