oidc.c

/*
 * Functionalities related to OpenId Connect based authentication
 */

#include "putty.h"
#include "oidc-agent/api.h"
#include <stdio.h>

#include <curl/curl.h>
#include "cJSON.h"


accesstoken_response *get_accesstoken(char *oidc_configuration) {
    accesstoken_response *pq = snew(accesstoken_response);
    pq->accesstoken = getAccessToken3(oidc_configuration, 60, NULL, "putty-ssh-client", NULL);
    return pq;
}

struct memory {
    char *response;
    size_t size;
};

static size_t cb(void *data, size_t size, size_t nmemb, void *userp) {
    size_t realsize = size * nmemb;
    struct memory *mem = (struct memory *)userp;

    char *ptr = realloc(mem->response, mem->size + realsize + 1);
    if(ptr == NULL)
        return 0;

    mem->response = ptr;
    memcpy(&(mem->response[mem->size]), data, realsize);
    mem->size += realsize;
    mem->response[mem->size] = 0;

    return realsize;
}

struct memory chunk;


deployed_user *deploy_user(char *hostname, char *oidc_configuration, char *oidc_motley_cue_host, int oidc_motley_cue_port) {
    deployed_user *pq = snew(deployed_user);
    // Sanity check for oidc configuration
    if (oidc_configuration == NULL) {
        pq->deployed = false;
        return pq;
    }

    CURL *curl;
    CURLcode res;
    cJSON *ssh_user;
    
    curl = curl_easy_init();
    if(curl) {
        char endpoint[1028];
        if (oidc_motley_cue_host == NULL) {
            sprintf(endpoint, "%s/user/deploy", hostname);
        } else {
            sprintf(endpoint, "%s/user/deploy", oidc_motley_cue_host);
        }
        int port;
        if (oidc_motley_cue_port != 0) {
            port = oidc_motley_cue_port;
        } else {
            port = 8080;
        }
        curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET");
        curl_easy_setopt(curl, CURLOPT_URL, endpoint);
        curl_easy_setopt(curl, CURLOPT_PORT, port);
        curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, (long)CURL_HTTP_VERSION_2);
        
        struct curl_slist *headers = NULL;
        char authorization[1028];
        accesstoken_response *conf = get_accesstoken(oidc_configuration);
        sprintf(authorization, "Authorization: Bearer %s", conf->accesstoken);
        sfree(conf);

        headers = curl_slist_append(headers, authorization);
        curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb);
        curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);

        res = curl_easy_perform(curl);
        sfree(authorization);
        sfree(headers);

        long response_code;
        curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code);
        if((res != CURLE_OK) || (response_code != 200)) {
            pq->deployed = false;
            curl_easy_cleanup(curl); 
            return pq;
        } 
        curl_easy_cleanup(curl);      
    }  
    cJSON *json = cJSON_Parse(chunk.response);
    cJSON *state = cJSON_GetObjectItem(json, "state");
    if (strcmp(state->valuestring, "deployed") != 0) {
        pq->deployed = false;
        return pq;
    }
    cJSON *credentials = cJSON_GetObjectItem(json, "credentials");
    ssh_user = cJSON_GetObjectItem(credentials, "ssh_user");
    pq->username = strdup(ssh_user->valuestring);
    pq->deployed = true;
    return pq;
}

oidc_configurations *get_loaded_oidc_configurations() {
    char *configs_str = getLoadedAccountsList();
    if (configs_str != NULL) {
        cJSON *json = cJSON_Parse(configs_str);
        oidc_configurations *ocs = new_oidc_configurations();
        for (int i = 0; i < cJSON_GetArraySize(json); i++) {
            add_oidc_configuration(ocs, cJSON_GetArrayItem(json, i)->valuestring, i);
        }
        sfree(configs_str);
        return ocs;
    } else {
        return NULL;
    }
}