Switch from just saving XML data to parsing JSON data

2025-02-14 08:57:46 +01:00 · 2025-02-14 08:57:46 +01:00 · e26a6116ec
parent 1c7ae192bb
commit e26a6116ec
7 changed files with 64 additions and 19 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2025-01-13  Christoph Pleger <pleger@irb.cs.tu-dortmund.de>
+
+	Release 4.0
+	+ Switch from just saving XML data to parsing JSON data
+
 2024-10-08  Christoph Pleger <pleger@irb.cs.tu-dortmund.de>

 	Release 3.0
--- a/18
+++ b/18
@ -4,8 +4,8 @@

 ARCH		:=	$(shell gcc -dumpmachine)

-EXEC_OBJS	:=	authorized_eid.o client.o add-eid.o
-PAM_OBJS	:=	pam_eid.o auth.o authorized_eid.o client.o
+EXEC_OBJS	:=	authorized_eid.o client.o add-eid.o json.o
+PAM_OBJS	:=	pam_eid.o auth.o authorized_eid.o client.o json.o

 CURL_CFLAGS 	:=	$(shell /usr/bin/pkg-config --cflags libcurl)
 CURL_LDFLAGS	:=	$(shell /usr/bin/pkg-config --libs libcurl)
@ -16,9 +16,12 @@ PAM_LDFLAGS	:=	$(shell /usr/bin/pkg-config --libs pam)
 GLIB_CFLAGS 	:=	$(shell /usr/bin/pkg-config --cflags glib-2.0)
 GLIB_LDFLAGS	:=	$(shell /usr/bin/pkg-config --libs glib-2.0)

-CFLAGS		:= 	-O2 -Wall -Werror -g -fPIC $(CURL_CFLAGS) $(PAM_CFLAGS) $(GLIB_CFLAGS)
-EXEC_LDFLAGS	:=	$(CURL_LDFLAGS) $(GLIB_LDFLAGS)
-PAM_LDFLAGS	:=	$(CURL_LDFLAGS) $(PAM_LDFLAGS) $(GLIB_LDFLAGS)
+JSON_CFLAGS 	:=	$(shell /usr/bin/pkg-config --cflags libcjson)
+JSON_LDFLAGS	:=	$(shell /usr/bin/pkg-config --libs libcjson)
+
+CFLAGS		:= 	-O2 -Wall -Werror -g -fPIC $(CURL_CFLAGS) $(PAM_CFLAGS) $(GLIB_CFLAGS) $(JSON_CFLAGS)
+EXEC_LDFLAGS	:=	$(CURL_LDFLAGS) $(GLIB_LDFLAGS) $(JSON_LDFLAGS)
+PAM_LDFLAGS	:=	$(CURL_LDFLAGS) $(PAM_LDFLAGS) $(GLIB_LDFLAGS) $(JSON_LDFLAGS)

 all: pam_eid.so add-eid

@ -29,10 +32,11 @@ add-eid: $(EXEC_OBJS)
 	gcc -o add-eid $(EXEC_OBJS) $(EXEC_LDFLAGS)

 pam_eid.o: auth.h pam_eid.h
-auth.o:	authorized_eid.h client.h auth.h pam_eid.h
-add-eid.o: authorized_eid.h client.h
+auth.o:	authorized_eid.h client.h auth.h pam_eid.h json.h
+add-eid.o: authorized_eid.h client.h json.h
 authorized_eid.o: authorized_eid.h
 client.o: client.h
+json.o: json.h

 install: all
 	install -m 755 -d $(DESTDIR)/usr/lib/$(ARCH)/security
--- a/add-eid.c
+++ b/add-eid.c
@ -15,14 +15,15 @@

 #include "authorized_eid.h"
 #include "client.h"
+#include "json.h"

 int main(int argc, char *argv[])
 {
 	struct passwd *passwd;
 	FILE *authorized_eid;
+	char *res1, *res2;
 	gchar *hash;
 	CURL *curl;
-	char *res;

 	if ((curl = curl_easy_init()) == NULL)
 	{
@ -31,15 +32,24 @@ int main(int argc, char *argv[])
        }

 	port = 24727;
-	res = eidResponse(curl);
+	res1 = eidResponse(curl);

-	if (res == NULL)
+	if (res1 == NULL)
 	{
 		fprintf(stderr, "Did not receive a valid result from the web\n");
 		exit(-2);
 	}

-	hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res));
+	res2 = json2txt(res1);
+
+	if (res2 == NULL)
+	{
+		fprintf(stderr, "The result from the web could not be parsed\n");
+		exit(-3);
+	}
+
+	hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res2, strlen(res2));
+	free(res2);
 	errno = 0;

 	if ((passwd = getpwuid(geteuid())) == NULL)
--- a/auth.c
+++ b/auth.c
@ -15,12 +15,14 @@
 #include "authorized_eid.h"
 #include "client.h"
 #include "auth.h"
+#include "json.h"
 #include "pam_eid.h"

 int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl)
 {
 	char *fileEntry = NULL;
-	char *res       = NULL;
+	char *res1      = NULL;
+	char *res2      = NULL;
 	FILE *authorized_eid;
 	gchar *hash;
 	size_t n;
@ -45,7 +47,7 @@ int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl)
 	
 	port = 41325;

-	if ((res = eidResponse(curl)) == NULL)
+	if ((res1 = eidResponse(curl)) == NULL)
 	{
 		pam_syslog(pamh, LOG_ERR, "curl_easy_perform() failed: %s", errbuf);
 		r = PAM_SERVICE_ERR;
@ -56,10 +58,27 @@ int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl)
 	{
 		pam_syslog(pamh, LOG_DEBUG, "curl_easy_perform() succeeded");
 		pam_syslog(pamh, LOG_DEBUG, "The data read from web is: %s",
-			   res);
+			   res1);
 	}

-	hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res));
+	res2 = json2txt(res1);
+
+	if (res2 == NULL)
+	{
+		pam_syslog(pamh, LOG_DEBUG, "The result from the web could not be parsed\n");
+		r = PAM_SERVICE_ERR;
+		goto cleanup;
+	}
+
+	if (params.debug)
+	{
+		pam_syslog(pamh, LOG_DEBUG, "json2txt() succeeded");
+		pam_syslog(pamh, LOG_DEBUG, "The result is: %s",
+			   res2);
+	}
+
+	hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res2, strlen(res2));
+	free(res2);

 	if (params.debug)
 	{
@ -107,8 +126,8 @@ cleanup:
 	if (authorized_eid != NULL)
 		fclose(authorized_eid);

-	if (res != NULL)
-		free(res);
+	if (res1 != NULL)
+		free(res1);

 	if (fileEntry != NULL)
 		free(fileEntry);
--- a/client.c
+++ b/client.c
@ -10,8 +10,8 @@

 #include "client.h"

-static const char action_eid[] = "tcTokenURL=https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml";
-static const char action_eid_ok[] = "<ns2:ResultMajor>http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok</ns2:ResultMajor>";
+static const char action_eid[] = "tcTokenURL=https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json";
+static const char action_eid_ok[] = "http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok";
 char errbuf[CURL_ERROR_SIZE];
 int port;

--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+pam-eid (4.0-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Christoph Pleger <pleger@irb.cs.tu-dortmund.de>  Thu, 13 Feb 2025 18:56:49 +0100
+
 pam-eid (3.0-1) unstable; urgency=medium

  * New upstream release
--- a/debian/control
+++ b/debian/control
@ -8,6 +8,7 @@ Build-Depends:
 libcurl4-gnutls-dev | libcurl4-openssl-dev,
 libglib2.0-dev,
 libpam0g-dev,
+ libcjson-dev,
 pkgconf | pkg-config
 Standards-Version: 4.6.2