Merge pull request #245 from indigo-dc/dev_3.3.0

Dev 3.3.0

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017 - 2019 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
+Copyright (c) 2017 - 2020 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -8,6 +8,7 @@ AGENT    = oidc-agent
 GEN			 = oidc-gen
 ADD      = oidc-add
 CLIENT	 = oidc-token
+KEYCHAIN = oidc-keychain
 
 VERSION   ?= $(shell cat VERSION)
 # DIST      = $(lsb_release -cs)
@@ -133,14 +134,15 @@ endif
 GEN_SOURCES := $(shell find $(SRCDIR)/$(GEN) -name "*.c")
 ADD_SOURCES := $(shell find $(SRCDIR)/$(ADD) -name "*.c")
 CLIENT_SOURCES := $(shell find $(SRCDIR)/$(CLIENT) -name "*.c")
+KEYCHAIN_SOURCES := $(SRCDIR)/$(KEYCHAIN)/$(KEYCHAIN)
 TEST_SOURCES :=  $(filter-out $(TESTSRCDIR)/main.c, $(shell find $(TESTSRCDIR) -name "*.c"))
 
 # Define objects
 ALL_OBJECTS  := $(SRC_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(LIB_SOURCES:$(LIBDIR)/%.c=$(OBJDIR)/%.o)
 AGENT_OBJECTS  := $(AGENT_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(GENERAL_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(LIB_SOURCES:$(LIBDIR)/%.c=$(OBJDIR)/%.o)
 GEN_OBJECTS  := $(GEN_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(GENERAL_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(OBJDIR)/oidc-agent/httpserver/termHttpserver.o $(OBJDIR)/oidc-agent/httpserver/running_server.o $(OBJDIR)/oidc-agent/oidc/device_code.o $(LIB_SOURCES:$(LIBDIR)/%.c=$(OBJDIR)/%.o)
 ADD_OBJECTS  := $(ADD_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(GENERAL_SOURCES:$(SRCDIR)/%.c=$(OBJDIR)/%.o) $(LIB_SOURCES:$(LIBDIR)/%.c=$(OBJDIR)/%.o)
-CLIENT_OBJECTS := $(OBJDIR)/$(CLIENT)/$(CLIENT).o $(OBJDIR)/utils/disableTracing.o $(OBJDIR)/utils/stringUtils.o
+CLIENT_OBJECTS := $(OBJDIR)/$(CLIENT)/$(CLIENT).o $(OBJDIR)/$(CLIENT)/token_handler.o $(OBJDIR)/utils/disableTracing.o $(OBJDIR)/utils/stringUtils.o
 ifndef MAC_OS
 	CLIENT_OBJECTS += $(OBJDIR)/privileges/privileges.o $(OBJDIR)/privileges/token_privileges.o $(OBJDIR)/utils/file_io/file_io.o
 endif
@@ -159,7 +161,7 @@ all: build man
 # Compiling
 
 .PHONY: build
-build: create_obj_dir_structure $(BINDIR)/$(AGENT) $(BINDIR)/$(GEN) $(BINDIR)/$(ADD) $(BINDIR)/$(CLIENT)
+build: create_obj_dir_structure $(BINDIR)/$(AGENT) $(BINDIR)/$(GEN) $(BINDIR)/$(ADD) $(BINDIR)/$(CLIENT) $(BINDIR)/$(KEYCHAIN)
 
 ## pull in dependency info for *existing* .o files
 -include $(ALL_OBJECTS:.o=.d)
@@ -215,6 +217,10 @@ $(BINDIR)/$(CLIENT): create_obj_dir_structure $(CLIENT_OBJECTS) $(APILIB)/$(SHAR
 	@$(LINKER) $(CLIENT_OBJECTS) $(CLIENT_LFLAGS) -o $@
 	@echo "Linking "$@" complete!"
 
+$(BINDIR)/$(KEYCHAIN): $(KEYCHAIN_SOURCES)
+	@cat $(KEYCHAIN_SOURCES) >$@ && chmod 755 $@
+	@echo "Building "$@" complete!"
+
 # Phony Installer
 
 .PHONY: install
@@ -226,7 +232,7 @@ endif
 	@echo "Installation complete!"
 
 .PHONY: install_bin
-install_bin: $(BIN_PATH)/bin/$(AGENT) $(BIN_PATH)/bin/$(GEN) $(BIN_PATH)/bin/$(ADD) $(BIN_PATH)/bin/$(CLIENT)
+install_bin: $(BIN_PATH)/bin/$(AGENT) $(BIN_PATH)/bin/$(GEN) $(BIN_PATH)/bin/$(ADD) $(BIN_PATH)/bin/$(CLIENT) $(BIN_PATH)/bin/$(KEYCHAIN)
 	@echo "Installed binaries"
 
 .PHONY: install_conf
@@ -244,11 +250,11 @@ install_priv: $(CONFDIR)/privileges/
 	@echo "installed privileges files"
 
 .PHONY: install_bash
-install_bash: $(BASH_COMPLETION_PATH)/$(AGENT) $(BASH_COMPLETION_PATH)/$(GEN) $(BASH_COMPLETION_PATH)/$(ADD) $(BASH_COMPLETION_PATH)/$(CLIENT)
+install_bash: $(BASH_COMPLETION_PATH)/$(AGENT) $(BASH_COMPLETION_PATH)/$(GEN) $(BASH_COMPLETION_PATH)/$(ADD) $(BASH_COMPLETION_PATH)/$(CLIENT) $(BASH_COMPLETION_PATH)/$(KEYCHAIN)
 	@echo "Installed bash completion"
 
 .PHONY: install_man
-install_man: $(MAN_PATH)/man1/$(AGENT).1 $(MAN_PATH)/man1/$(GEN).1 $(MAN_PATH)/man1/$(ADD).1 $(MAN_PATH)/man1/$(CLIENT).1
+install_man: $(MAN_PATH)/man1/$(AGENT).1 $(MAN_PATH)/man1/$(GEN).1 $(MAN_PATH)/man1/$(ADD).1 $(MAN_PATH)/man1/$(CLIENT).1 $(MAN_PATH)/man1/$(KEYCHAIN).1
 	@echo "Installed man pages!"
 
 .PHONY: install_lib
@@ -298,6 +304,9 @@ $(BIN_PATH)/bin/$(ADD): $(BINDIR)/$(ADD) $(BIN_PATH)/bin
 $(BIN_PATH)/bin/$(CLIENT): $(BINDIR)/$(CLIENT) $(BIN_PATH)/bin
 	@install $< $@
 
+$(BIN_PATH)/bin/$(KEYCHAIN): $(BINDIR)/$(KEYCHAIN) $(BIN_PATH)/bin
+	@install $< $@
+
 ## Config
 $(CONFIG_PATH)/oidc-agent/$(PROVIDERCONFIG): $(CONFDIR)/$(PROVIDERCONFIG) $(CONFIG_PATH)/oidc-agent
 	@install -m 644 $< $@
@@ -318,6 +327,9 @@ $(BASH_COMPLETION_PATH)/$(ADD): $(BASH_COMPLETION_PATH)
 $(BASH_COMPLETION_PATH)/$(CLIENT): $(BASH_COMPLETION_PATH)
 	@ln -s $(AGENT) $@
 
+$(BASH_COMPLETION_PATH)/$(KEYCHAIN): $(BASH_COMPLETION_PATH)
+	@ln -s $(AGENT) $@
+
 ## Man pages
 $(MAN_PATH)/man1/$(AGENT).1: $(MANDIR)/$(AGENT).1 $(MAN_PATH)/man1
 	@install $< $@
@@ -327,16 +339,19 @@ $(MAN_PATH)/man1/$(ADD).1: $(MANDIR)/$(ADD).1 $(MAN_PATH)/man1
 	@install $< $@
 $(MAN_PATH)/man1/$(CLIENT).1: $(MANDIR)/$(CLIENT).1 $(MAN_PATH)/man1
 	@install $< $@
+$(MAN_PATH)/man1/$(KEYCHAIN).1: $(MANDIR)/$(KEYCHAIN).1 $(MAN_PATH)/man1
+	@install $< $@
+
 
 ## Lib
 $(LIB_PATH)/$(SHARED_LIB_NAME_FULL): $(APILIB)/$(SHARED_LIB_NAME_FULL) $(LIB_PATH)
 	@install $< $@
 
 $(LIB_PATH)/$(SHARED_LIB_NAME_SO): $(LIB_PATH)
-	@ln -s $(SHARED_LIB_NAME_FULL) $@
+	@ln -sf $(SHARED_LIB_NAME_FULL) $@
 
 $(LIBDEV_PATH)/$(SHARED_LIB_NAME_SHORT): $(LIBDEV_PATH)
-	@ln -s $(SHARED_LIB_NAME_SO) $@
+	@ln -sf $(SHARED_LIB_NAME_SO) $@
 
 $(INCLUDE_PATH)/oidc-agent/api.h: $(SRCDIR)/$(CLIENT)/api.h $(INCLUDE_PATH)/oidc-agent
 	@install $< $@
@@ -390,6 +405,7 @@ uninstall_man:
 	@$(rm) $(MAN_PATH)/man1/$(GEN).1
 	@$(rm) $(MAN_PATH)/man1/$(ADD).1
 	@$(rm) $(MAN_PATH)/man1/$(CLIENT).1
+	@$(rm) $(MAN_PATH)/man1/$(KEYCHAIN).1
 	@echo "Uninstalled man pages!"
 
 .PHONY: uninstall_conf
@@ -435,20 +451,23 @@ endif
 # Man pages
 
 .PHONY: create_man
-create_man: $(MANDIR)/$(AGENT).1 $(MANDIR)/$(GEN).1 $(MANDIR)/$(ADD).1 $(MANDIR)/$(CLIENT).1
+create_man: $(MANDIR)/$(AGENT).1 $(MANDIR)/$(GEN).1 $(MANDIR)/$(ADD).1 $(MANDIR)/$(CLIENT).1 $(MANDIR)/$(KEYCHAIN).1
 	@echo "Created man pages"
 
 $(MANDIR)/$(AGENT).1: $(MANDIR) $(BINDIR)/$(AGENT) $(SRCDIR)/h2m/$(AGENT).h2m
-	@help2man $(BINDIR)/$(AGENT) -o $(MANDIR)/$(AGENT).1 --name="OIDC token agent" -s 1 -N -i $(SRCDIR)/h2m/$(AGENT).h2m
+	@help2man $(BINDIR)/$(AGENT) -o $(MANDIR)/$(AGENT).1 -s 1 -N -i $(SRCDIR)/h2m/$(AGENT).h2m
 
 $(MANDIR)/$(GEN).1: $(MANDIR) $(BINDIR)/$(GEN) $(SRCDIR)/h2m/$(GEN).h2m
-	@help2man $(BINDIR)/$(GEN) -o $(MANDIR)/$(GEN).1 --name="generates account configurations for oidc-agent" -s 1 -N -i $(SRCDIR)/h2m/$(GEN).h2m
+	@help2man $(BINDIR)/$(GEN) -o $(MANDIR)/$(GEN).1 -s 1 -N -i $(SRCDIR)/h2m/$(GEN).h2m
 
 $(MANDIR)/$(ADD).1: $(MANDIR) $(BINDIR)/$(ADD) $(SRCDIR)/h2m/$(ADD).h2m
-	@help2man $(BINDIR)/$(ADD) -o $(MANDIR)/$(ADD).1 --name="adds account configurations to oidc-agent" -s 1 -N -i $(SRCDIR)/h2m/$(ADD).h2m
+	@help2man $(BINDIR)/$(ADD) -o $(MANDIR)/$(ADD).1 -s 1 -N -i $(SRCDIR)/h2m/$(ADD).h2m
 
 $(MANDIR)/$(CLIENT).1: $(MANDIR) $(BINDIR)/$(CLIENT) $(SRCDIR)/h2m/$(CLIENT).h2m $(LIB_PATH)/$(SHARED_LIB_NAME_SO) $(LIB_PATH)/$(SHARED_LIB_NAME_FULL)
-	@export LD_LIBRARY_PATH=$(LIB_PATH):$$LD_LIBRARY_PATH && help2man $(BINDIR)/$(CLIENT) -o $(MANDIR)/$(CLIENT).1 --name="gets OIDC access token from oidc-agent" -s 1 -N -i $(SRCDIR)/h2m/$(CLIENT).h2m
+	@export LD_LIBRARY_PATH=$(LIB_PATH):$$LD_LIBRARY_PATH && help2man $(BINDIR)/$(CLIENT) -o $(MANDIR)/$(CLIENT).1 -s 1 -N -i $(SRCDIR)/h2m/$(CLIENT).h2m
+
+$(MANDIR)/$(KEYCHAIN).1: $(MANDIR) $(BINDIR)/$(KEYCHAIN) $(SRCDIR)/h2m/$(KEYCHAIN).h2m
+	@help2man $(BINDIR)/$(KEYCHAIN) -o $(MANDIR)/$(KEYCHAIN).1 -s 1 -N -i $(SRCDIR)/h2m/$(KEYCHAIN).h2m --no-discard-stderr
 
 # Library
 

VERSION

@@ -1 +1 @@
-3.2.7
+3.3.0

config/bash-completion/oidc-agent

@@ -300,7 +300,36 @@ fi
 return 0
 }
 
+_oidc-keychain() {
+local cur prev opts
+COMPREPLY=()
+cur="${COMP_WORDS[COMP_CWORD]}"
+prev="${COMP_WORDS[COMP_CWORD-1]}"
+local IFS=$'\t\n'
+declare -A suboptions
+_getOptions "oidc-agent"
+opts+="--accounts #"
+
+if _elementIn "--accounts" "${COMP_WORDS[@]}"; then
+  if [ -d ~/.config ];then
+    agentdir="$HOME/.config/oidc-agent"
+  else
+    agentdir="$HOME/.oidc-agent"
+  fi
+  shortnames=`ls $agentdir 2>/dev/null | grep -v "config" | sed -e 's/$/& /g'`
+  COMPREPLY=( $(compgen -W "${shortnames}" -- ${cur}) )
+  return 0
+fi
+if [[ ${cur} == * ]] ; then
+  local IFS=$'#\n'
+  COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+  return 0
+fi
+return 0
+}
+
 complete -o nospace -F _oidc-gen oidc-gen
 complete -o nospace -F _oidc-token oidc-token
 complete -o nospace -F _oidc-add oidc-add
 complete -o nospace -F _oidc-agent oidc-agent
+complete -o nospace -F _oidc-keychain oidc-keychain

config/issuer.config

@@ -13,4 +13,5 @@ https://aai.egi.eu/oidc/  [email protected]
 https://aai-dev.egi.eu/oidc https://aai-dev.egi.eu/oidc/manage/admin/client/new [email protected]
 https://login.elixir-czech.org/oidc/ https://login.elixir-czech.org/oidc/manage/dev/dynreg/new [email protected]
 https://oidc.scc.kit.edu/auth/realms/kit/ https://www.scc.kit.edu/dienste/openid-connect.php https://www.scc.kit.edu/personen/matthias.bonn.php
+https://wlcg.cloud.cnaf.infn.it/ https://wlcg.cloud.cnaf.infn.it/manage/dev/dynreg
 

config/pubclients.config

@@ -8,3 +8,4 @@ oidc-agent@https://aai-dev.egi.eu/oidc/
 oidc-agent@https://aai.egi.eu/oidc/
 7c98b37b-71ab-4b35-aade-25642d4695e6@https://services.humanbrainproject.eu/oidc/
 ef13f849-b1ce-4c10-b28f-4a5f19b84fe0@https://login.elixir-czech.org/oidc/
+7d6ad1c2-6647-4846-b0d5-c9f6ad0987d0@https://wlcg.cloud.cnaf.infn.it/

debian/changelog

@@ -1,4 +1,4 @@
-oidc-agent (3.2.7) UNRELEASED; urgency=medium
+oidc-agent (3.3.0) UNRELEASED; urgency=medium
 
   [ Marcus hardt ]
   * Trying to fix debuild messages
@@ -316,4 +316,22 @@ oidc-agent (3.2.7) UNRELEASED; urgency=medium
   [ Gabriel Zachmann ]
   * Improve RPM build
 
- -- Marcus Hardt <[email protected]>  Thu, 14 Nov 2019 14:29:39 +0200
+  [ Gabriel Zachmann ]
+  * Fix scope lookup not using cert path.
+  * Exit oidc-gen when error during scope lookup.
+  * Add option to oidc-token to specify name of calling application.
+  * Add option to oidc-add to list currently loaded accounts. 
+  * Fix no-scheme option not working if first url is scheme url.
+  * Add option to oidc-agent that allows log message printed to stderr.
+  * Fix that some information is printed to stderr instead of stdout.
+  * Fix scopes not set when using password flow.
+  * Add support to request tokens with specific audience.
+  * Add wlcg.cloud.cnaf.infn.it
+  * Add public client for wlcg.cloud.cnaf.infn.it
+  * Update cJSON library.
+  * Add --id-token option to oidc-token to request an id-token from the
+    agent.
+  * Fix some minor bugs.
+  * 
+
+ -- Marcus Hardt <[email protected]>  Wed, 22 Jan 2020 12:29:42 +0200

debian/control

@@ -28,11 +28,12 @@ Recommends: ssh-askpass | ssh-askpass-gnome,
             x-terminal-emulator
 Suggests: qrencode
 Description: Commandline tool for obtaining OpenID Connect Access tokens on the commandline
- This tool consists of four programs:
+ This tool consists of five programs:
    - oidc-agent that handles communication with the OIDC provider
    - oidc-gen that generates config files
    - oidc-add that loads (and unloads) configuration into the agent
    - oidc-token that can be used to get access token on the command line
+   - oidc-keychain that re-uses oidc-agent across logins
 
 Package: liboidc-agent3
 Architecture: any

debian/copyright

@@ -4,11 +4,11 @@ Upstream-Contact: Gabriel Zachmann <[email protected]>
 Source: https://github.com/indigo-dc/oidc-agent
 
 Files: *
-Copyright: 2017 - 2019 Gabriel Zachmann
+Copyright: 2017 - 2020 Gabriel Zachmann
 License: MIT-License
 
 License: MIT-License
- Copyright (c) 2017 - 2019 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
+ Copyright (c) 2017 - 2020 Karlsruhe Institute of Technology - Steinbuch Centre for Computing
  .
  Permission is hereby granted, free of charge, to any person obtaining a copy
  of this software and associated documentation files (the "Software"), to deal

gitbook/SUMMARY.md

@@ -10,14 +10,16 @@
     * [Set Default Account for a Provider](configure.md#default-account-configuration-for-a-provider)
   * [oidc-agent Integration](configure.md#oidc-agent-integration)
     * [Xsession Integration](configure.md#xsession-integration)
-    * [Persisting oidc-agent Through ```.bashrc```](configure.md#persisting-oidc-agent-through-bashrc)
   * [Agent Forwarding](configure.md#agent-forwarding)
   * [Other Configuration](configure.md#other-configuration)
 * [Usage](user.md)
   * [oidc-agent](oidc-agent.md)
-    * [Starting ```oidc-agent```](oidc-agent.md#starting-oidc-agent)
+    * [Starting `oidc-agent`](oidc-agent.md#starting-oidc-agent)
     * [General Usage](oidc-agent.md#general-usage)
     * [Detailed Information About All Options](oidc-agent.md#detailed-information-about-all-options)
+  * [oidc-keychain](oidc-keychain.md)
+    * [General Usage](oidc-keychain.md#general-usage)
+    * [Detailed Information About All Options](oidc-keychain.md#detailed-information-about-all-options)
   * [oidc-gen](oidc-gen.md)
     * [General Usage](oidc-gen.md#general-usage)
       * [Client Registration](oidc-gen.md#client-registration)
@@ -46,7 +48,7 @@
   * [oidc-token](oidc-token.md)
     * [General Usage](oidc-token.md#general-usage)
     * [Detailed Information About All Options](oidc-token.md#detailed-information-about-all-options)
-  * [Other Applications Using ```oidc-agent```](oidc-token.md#other-agent-clients)
+  * [Other Applications Using `oidc-agent`](oidc-token.md#other-agent-clients)
   * [Tips](tips.md)
 * [MAC OS](macos.md)
   * [State of Feature Support](macos.md#state-of-feature-support)
@@ -62,7 +64,7 @@
   * [Autounload (Lifetime)](security.md#autounload-lifetime)
   * [User Confirmation](security.md#user-confirmation)
   * [Tracing](security.md#tracing)
-  * [```seccomp```](security.md#seccomp)
+  * [`seccomp`](security.md#seccomp)
   * [Final Note](security.md#final-note)
 * [API](api.md)
   * [liboidc-agent3](api-c.md)