Merge pull request #576 from indigo-dc/enc/oidc-add-issuer

add possibility to oidc-add to load default account for issuer url
indigo-dc · Apr 24, 2024 · db90073 · db90073
2 parents ec93725 + dc29b56
commit db90073
Show file tree

Hide file tree

Showing 10 changed files with 72 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,13 +21,17 @@ The previous release stated that:
     When an account configuration is generated and the OP returns scopes in the initial token flow, the account
     configuration is updated with those scopes.
 
-This is not work as intended. We made the following changes:
+This did not work as intended. We made the following changes:
 
 - Fixed a bug, so that the agent now actually behaves as described.
 - Implemented separate scope lists for the initial token flow and the refreshing of tokens. Only the refresh-scope-list
   is updated. This way access tokens can be obtained with the correct (updated) scope, but re-authentication flows can
   still use the original scope list.
 
+### Enhancements
+
+- `oidc-add` can now also take an issuer url to load the default account for this issuer, i.e. `oidc-add <issuer_url>`
+
 ## oidc-agent 5.1.0
 
 ### Changes

diff --git a/src/oidc-add/add_handler.c b/src/oidc-add/add_handler.c
@@ -29,7 +29,7 @@ unsigned char checkIfAccountIsLoaded(struct arguments* arguments,
   return add_checkLoadedAccountsResponseForAccount(res, account);
 }
 
-void add_handleAdd(char* account, struct arguments* arguments) {
+void add_handleAdd(const char* account, struct arguments* arguments) {
   if (!arguments->force && checkIfAccountIsLoaded(arguments, account)) {
     printStdout("Account '%s' already loaded\n", account);
     exit(EXIT_SUCCESS);
@@ -51,7 +51,7 @@ void add_handleAdd(char* account, struct arguments* arguments) {
   secFree(iss);
   char* password = result.password;
 
-  struct password_entry pw   = {.shortname = account};
+  struct password_entry pw   = {.shortname = (char*)account};
   unsigned char         type = PW_TYPE_PRMT;
   if (arguments->pw_cmd) {
     pwe_setCommand(&pw, arguments->pw_cmd);
@@ -132,7 +132,7 @@ void add_handleLock(int lock, struct arguments* arguments) {
   add_parseResponse(res);
 }
 
-void add_handlePrint(char* account, struct arguments* arguments) {
+void add_handlePrint(const char* account, struct arguments* arguments) {
   char* json_p = getDecryptedAccountAsStringFromFilePrompt(
       account, arguments->pw_cmd, arguments->pw_file, arguments->pw_env);
   if (json_p == NULL) {

diff --git a/src/oidc-add/add_handler.h b/src/oidc-add/add_handler.h
@@ -3,10 +3,10 @@
 
 #include "oidc-add/oidc-add_options.h"
 
-void add_handleAdd(char* account, struct arguments* arguments);
+void add_handleAdd(const char* account, struct arguments* arguments);
 void add_handleRemove(const char* account, struct arguments* arguments);
 void add_handleRemoveAll(struct arguments* arguments);
-void add_handlePrint(char* account, struct arguments* arguments);
+void add_handlePrint(const char* account, struct arguments* arguments);
 void add_handleLock(int lock, struct arguments* arguments);
 void add_handleListLoadedAccounts(struct arguments* arguments);
 

diff --git a/src/oidc-add/oidc-add.c b/src/oidc-add/oidc-add.c
@@ -3,9 +3,12 @@
 #include "account/account.h"
 #include "add_handler.h"
 #include "utils/commonFeatures.h"
+#include "utils/config/issuerConfig.h"
 #include "utils/disableTracing.h"
 #include "utils/file_io/fileUtils.h"
 #include "utils/logger.h"
+#include "utils/printer.h"
+#include "utils/string/stringUtils.h"
 
 int main(int argc, char** argv) {
   platform_disable_tracing();
@@ -39,8 +42,12 @@ int main(int argc, char** argv) {
   }
   checkOidcDirExists();
 
-  char* account = arguments.args[0];
-  if (!accountConfigExists(account)) {
+  const char*   account                     = arguments.args[0];
+  unsigned char useIssuerInsteadOfShortname = 0;
+  if (strstarts(account, "https://")) {
+    useIssuerInsteadOfShortname = 1;
+  }
+  if (!useIssuerInsteadOfShortname && !accountConfigExists(account)) {
     if (!(arguments.remove && arguments.remote)) {  // If connected with
                                                     // remote agent a remove
       // uses a shortname that does not exist locally
@@ -50,13 +57,35 @@ int main(int argc, char** argv) {
     }
   }
   if (arguments.print) {
+    if (useIssuerInsteadOfShortname) {
+      printError(
+          "Cannot use '--%s' with an issuer url instead of a shortname.\n",
+          OPT_LONG_PRINT);
+      return EXIT_FAILURE;
+    }
     add_handlePrint(account, &arguments);
     return EXIT_SUCCESS;
   }
 
   if (arguments.remove) {
+    if (useIssuerInsteadOfShortname) {
+      printError(
+          "Cannot use '--%s' with an issuer url instead of a shortname.\n",
+          OPT_LONG_REMOVE);
+      return EXIT_FAILURE;
+    }
     add_handleRemove(account, &arguments);
   } else {
+    if (useIssuerInsteadOfShortname) {
+      const char* issuer = account;
+      account            = getDefaultAccountConfigForIssuer(issuer);
+      if (account == NULL) {
+        printError("Could not determine default account shortname for passed "
+                   "issuer url: '%s'\n",
+                   issuer);
+        return EXIT_FAILURE;
+      }
+    }
     add_handleAdd(account, &arguments);
   }
 

diff --git a/src/oidc-add/oidc-add_options.c b/src/oidc-add/oidc-add_options.c
@@ -18,14 +18,15 @@
 
 static struct argp_option options[] = {
     {0, 0, 0, 0, "General:", 1},
-    {"remove", 'r', 0, 0, "The account configuration is removed, not added", 1},
+    {OPT_LONG_REMOVE, 'r', 0, 0,
+     "The account configuration is removed, not added", 1},
     {"remove-all", 'R', 0, 0,
      "Removes all account configurations currently loaded", 1},
     {"list", 'l', 0, 0, "Lists all configured account configurations", 1},
     {"loaded", 'a', 0, 0, "Lists the currently loaded account configurations",
      1},
-    {"print", 'p', 0, 0, "Prints the encrypted account configuration and exits",
-     1},
+    {OPT_LONG_PRINT, 'p', 0, 0,
+     "Prints the encrypted account configuration and exits", 1},
     {"lifetime", 't', "TIME", 0,
      "Set a maximum lifetime in seconds when adding the account configuration",
      1},

diff --git a/src/oidc-add/oidc-add_options.h b/src/oidc-add/oidc-add_options.h
@@ -7,6 +7,9 @@
 
 #define ARG_PROVIDED_BUT_USES_DEFAULT 2
 
+#define OPT_LONG_PRINT "print"
+#define OPT_LONG_REMOVE "remove"
+
 struct arguments {
   char* args[1]; /* account */
   char* pw_cmd;

diff --git a/src/oidc-agent/oidcp/proxy_handler.c b/src/oidc-agent/oidcp/proxy_handler.c
@@ -106,22 +106,3 @@ char* getAutoloadConfig(const char* shortname, const char* issuer,
   secFree(crypt_content);
   return NULL;
 }
-
-const char* getDefaultAccountConfigForIssuer(const char* issuer_url) {
-  if (issuer_url == NULL) {
-    oidc_setArgNullFuncError(__func__);
-    return NULL;
-  }
-  const struct issuerConfig* c = getIssuerConfig(issuer_url);
-  if (c == NULL) {
-    return NULL;
-  }
-  if (strValid(c->default_account)) {
-    return c->default_account;
-  }
-  if (!listValid(c->accounts)) {
-    return NULL;
-  }
-  list_node_t* firstAccount = list_at(c->accounts, 0);
-  return firstAccount ? firstAccount->val : NULL;
-}
diff --git a/src/oidc-agent/oidcp/proxy_handler.h b/src/oidc-agent/oidcp/proxy_handler.h
@@ -15,6 +15,5 @@ oidc_error_t updateRefreshTokenUsingGPG(const char* shortname,
                                         const char* gpg_key);
 char*        getAutoloadConfig(const char* shortname, const char* issuer,
                                const char* application_hint);
-const char*  getDefaultAccountConfigForIssuer(const char* issuer_url);
 
 #endif  // OIDC_PROXY_HANDLER_H
diff --git a/src/utils/config/issuerConfig.c b/src/utils/config/issuerConfig.c
@@ -503,4 +503,23 @@ char* getAccountInfos(list_t* loaded) {
   char* json_str = jsonToStringUnformatted(json);
   secFreeJson(json);
   return json_str;
-}
+}
+
+const char* getDefaultAccountConfigForIssuer(const char* issuer_url) {
+  if (issuer_url == NULL) {
+    oidc_setArgNullFuncError(__func__);
+    return NULL;
+  }
+  const struct issuerConfig* c = getIssuerConfig(issuer_url);
+  if (c == NULL) {
+    return NULL;
+  }
+  if (strValid(c->default_account)) {
+    return c->default_account;
+  }
+  if (!listValid(c->accounts)) {
+    return NULL;
+  }
+  list_node_t* firstAccount = list_at(c->accounts, 0);
+  return firstAccount ? firstAccount->val : NULL;
+}
diff --git a/src/utils/config/issuerConfig.h b/src/utils/config/issuerConfig.h
@@ -35,9 +35,10 @@ const list_t*              getPubClientFlows(const char* issuer_url);
 const list_t*              getUserClientFlows(const char* issuer_url);
 list_t*                    getSuggestableIssuers();
 list_t*                    defaultRedirectURIs();
-void  oidcp_updateIssuerConfig(const char* action, const char* issuer,
-                               const char* shortname);
-char* getAccountInfos(list_t* loaded);
+void        oidcp_updateIssuerConfig(const char* action, const char* issuer,
+                                     const char* shortname);
+char*       getAccountInfos(list_t* loaded);
+const char* getDefaultAccountConfigForIssuer(const char* issuer_url);
 
 #ifndef secFreeIssuerConfig
 #define secFreeIssuerConfig(ptr) \