diff options
| -rw-r--r-- | ChangeLog | 21 | ||||
| -rw-r--r-- | Doxyfile.in | 410 | ||||
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rwxr-xr-x | configure | 4 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | doc/mainpage.dox | 45 | ||||
| -rw-r--r-- | doc/mainpage.dox.in | 43 | ||||
| -rw-r--r-- | doc/oauth.3 | 498 | ||||
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/Makefile.in | 1 | ||||
| -rw-r--r-- | src/config.h | 2 | ||||
| -rw-r--r-- | src/hash.c | 8 | ||||
| -rw-r--r-- | src/oauth.c | 85 | ||||
| -rw-r--r-- | src/oauth.h | 70 | ||||
| -rw-r--r-- | src/oauth_http.c | 53 | ||||
| -rw-r--r-- | src/sha1.c | 325 | ||||
| -rw-r--r-- | src/xmalloc.c | 3 | ||||
| -rw-r--r-- | src/xmalloc.h | 1 | ||||
| -rw-r--r-- | tests/commontest.c | 2 | ||||
| -rw-r--r-- | tests/oauthbodyhash.c | 19 | ||||
| -rw-r--r-- | tests/oauthdatapost.c | 2 | ||||
| -rw-r--r-- | tests/oauthexample.c | 2 | ||||
| -rw-r--r-- | tests/oauthtest.c | 2 | ||||
| -rw-r--r-- | tests/oauthtest2.c | 2 | ||||
| -rw-r--r-- | tests/selftest_eran.c | 2 | ||||
| -rw-r--r-- | tests/selftest_other.c | 2 |
27 files changed, 1144 insertions, 466 deletions
@@ -1,3 +1,24 @@ +version 1.0.3 + - clarify documentation of oauth_curl + - fix possible memleak in oauth_curl (only relevant if an error occurs) + - fix TOCTOU in oauth_curl_post_file: the file may change between stat() and fopen() + +version 1.0.2 + - fix typos in documentation + - add xfree, xstrdup patch from Kedar Sovani + - prepare repository migration to github + - built-in sha1 support big&little endian + - (no changes to the actual library API or ABI) + +version 1.0.1 + - do not url-escape RSA-key for signature + +version 1.0.0 + - fix body-hash example code + - mark all oauth_http functions a deprecated + - freeze interface defitions for good + - enter maintenance/bug-fix only cycle + version 0.9.7 - fixed tiny memory leak when oauth_curl_get() fails - fixed double-encoding of plaintext signature diff --git a/Doxyfile.in b/Doxyfile.in index eb4c284..baae78b 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -1,14 +1,14 @@ -# Doxyfile 1.7.1 +# Doxyfile 1.8.2 # This file describes the settings to be used by the documentation system -# doxygen (www.doxygen.org) for a project +# doxygen (www.doxygen.org) for a project. # -# All text after a hash (#) is considered a comment and will be ignored +# All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] -# Values that contain spaces should be placed between quotes (" ") +# Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options @@ -22,8 +22,9 @@ DOXYFILE_ENCODING = UTF-8 -# The PROJECT_NAME tag is a single word (or a sequence of words surrounded -# by quotes) that should identify the project. +# The PROJECT_NAME tag is a single word (or sequence of words) that should +# identify the project. Note that if you do not use Doxywizard you need +# to put quotes around the project name if it contains spaces. PROJECT_NAME = "OAuth library functions" @@ -33,6 +34,19 @@ PROJECT_NAME = "OAuth library functions" PROJECT_NUMBER = @VERSION@ +# Using the PROJECT_BRIEF tag one can provide an optional one line description +# for a project that appears at the top of each page and should give viewer +# a quick idea about the purpose of the project. Keep the description short. + +PROJECT_BRIEF = + +# With the PROJECT_LOGO tag one can specify an logo or icon that is +# included in the documentation. The maximum height of the logo should not +# exceed 55 pixels and the maximum width should not exceed 200 pixels. +# Doxygen will copy the logo to the output directory. + +PROJECT_LOGO = doc/libOAuth.png + # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location @@ -57,7 +71,7 @@ CREATE_SUBDIRS = NO # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, -# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak, +# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English @@ -112,9 +126,11 @@ FULL_PATH_NAMES = YES # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the -# path to strip. +# path to strip. Note that you specify absolute paths here, but also +# relative paths, which will be relative from the directory where doxygen is +# started. -STRIP_FROM_PATH = +STRIP_FROM_PATH = src/ # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells @@ -126,7 +142,7 @@ STRIP_FROM_PATH = STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter -# (but less readable) file names. This can be useful is your file systems +# (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO @@ -181,6 +197,13 @@ TAB_SIZE = 2 ALIASES = +# This tag can be used to specify a number of word-keyword mappings (TCL only). +# A mapping has the form "name=value". For example adding +# "class=itcl::class" will allow you to use the command class in the +# itcl::class meaning. + +TCL_SUBST = + # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list @@ -208,22 +231,39 @@ OPTIMIZE_FOR_FORTRAN = NO OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it -# parses. With this tag you can assign which parser to use for a given extension. -# Doxygen has a built-in mapping, but you can override or extend it using this -# tag. The format is ext=language, where ext is a file extension, and language -# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, -# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make -# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C -# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions -# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. +# parses. With this tag you can assign which parser to use for a given +# extension. Doxygen has a built-in mapping, but you can override or extend it +# using this tag. The format is ext=language, where ext is a file extension, +# and language is one of the parsers supported by doxygen: IDL, Java, +# Javascript, CSharp, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, +# C++. For instance to make doxygen treat .inc files as Fortran files (default +# is PHP), and .f files as C (default is Fortran), use: inc=Fortran f=C. Note +# that for custom extensions you also need to set FILE_PATTERNS otherwise the +# files are not read by doxygen. EXTENSION_MAPPING = +# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all +# comments according to the Markdown format, which allows for more readable +# documentation. See http://daringfireball.net/projects/markdown/ for details. +# The output of markdown processing is further processed by doxygen, so you +# can mix doxygen, HTML, and XML commands with Markdown formatting. +# Disable only in case of backward compatibilities issues. + +MARKDOWN_SUPPORT = YES + +# When enabled doxygen tries to link words that correspond to documented classes, +# or namespaces to their corresponding documentation. Such a link can be +# prevented in individual cases by by putting a % sign in front of the word or +# globally by setting AUTOLINK_SUPPORT to NO. + +AUTOLINK_SUPPORT = YES + # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. -# func(std::string) {}). This also make the inheritance and collaboration +# func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO @@ -239,12 +279,7 @@ CPP_CLI_SUPPORT = NO SIP_SUPPORT = NO -# For Microsoft's IDL there are propget and propput attributes to indicate getter -# and setter methods for a property. Setting this option to YES (the default) -# will make doxygen to replace the get and set methods by a property in the -# documentation. This will only work if the methods are indeed getting or -# setting a simple type. If this is not the case, or you want to show the -# methods anyway, you should set this option to NO. +# For Microsoft's IDL there are propget and propput attributes to indicate getter and setter methods for a property. Setting this option to YES (the default) will make doxygen replace the get and set methods by a property in the documentation. This will only work if the methods are indeed getting or setting a simple type. If this is not the case, or you want to show the methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES @@ -263,6 +298,22 @@ DISTRIBUTE_GROUP_DOC = NO SUBGROUPING = YES +# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and +# unions are shown inside the group in which they are included (e.g. using +# @ingroup) instead of on a separate page (for HTML and Man pages) or +# section (for LaTeX and RTF). + +INLINE_GROUPED_CLASSES = NO + +# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and +# unions with only public data fields will be shown inline in the documentation +# of the scope in which they are defined (i.e. file, namespace, or group +# documentation), provided this scope is documented. If set to NO (the default), +# structs, classes, and unions are shown on a separate page (for HTML and Man +# pages) or section (for LaTeX and RTF). + +INLINE_SIMPLE_STRUCTS = NO + # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct @@ -279,16 +330,27 @@ TYPEDEF_HIDES_STRUCT = NO # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time -# causing a significant performance penality. +# causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on -# a logarithmic scale so increasing the size by one will rougly double the +# a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, -# corresponding to a cache size of 2^16 = 65536 symbols +# corresponding to a cache size of 2^16 = 65536 symbols. SYMBOL_CACHE_SIZE = 0 +# Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be +# set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given +# their name and scope. Since this can be an expensive process and often the +# same symbol appear multiple times in the code, doxygen keeps a cache of +# pre-resolved symbols. If the cache is too small doxygen will become slower. +# If the cache is too large, memory is wasted. The cache size is given by this +# formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0, +# corresponding to a cache size of 2^16 = 65536 symbols. + +LOOKUP_CACHE_SIZE = 0 + #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- @@ -305,6 +367,11 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = NO +# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal +# scope will be included in the documentation. + +EXTRACT_PACKAGE = NO + # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. @@ -327,7 +394,7 @@ EXTRACT_LOCAL_METHODS = NO # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default -# anonymous namespace are hidden. +# anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO @@ -438,6 +505,15 @@ SORT_GROUP_NAMES = NO SORT_BY_SCOPE_NAME = NO +# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to +# do proper type resolution of all parameters of a function it will reject a +# match between the prototype and the implementation of a member function even +# if there is only one candidate or it is obvious which candidate to choose +# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen +# will still accept a match between prototype and implementation in such cases. + +STRICT_PROTO_MATCHING = NO + # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. @@ -468,10 +544,10 @@ GENERATE_DEPRECATEDLIST= YES ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines -# the initial value of a variable or define consists of for it to appear in +# the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. -# The appearance of the initializer of individual variables and defines in the +# The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. @@ -483,12 +559,6 @@ MAX_INITIALIZER_LINES = 30 SHOW_USED_FILES = YES -# If the sources in your project are distributed over multiple directories -# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy -# in the documentation. The default is NO. - -SHOW_DIRECTORIES = NO - # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. @@ -514,13 +584,23 @@ FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated -# output files in an output format independent way. The create the layout file +# output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = +# The CITE_BIB_FILES tag can be used to specify one or more bib files +# containing the references data. This must be a list of .bib files. The +# .bib extension is automatically appended if omitted. Using this command +# requires the bibtex tool to be installed. See also +# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style +# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this +# feature you need bibtex and perl available in the search path. + +CITE_BIB_FILES = + #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- @@ -549,7 +629,7 @@ WARN_IF_UNDOCUMENTED = YES WARN_IF_DOC_ERROR = YES -# This WARN_NO_PARAMDOC option can be abled to get warnings for +# The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of @@ -596,8 +676,9 @@ INPUT_ENCODING = UTF-8 # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: -# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx -# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 +# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh +# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py +# *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = @@ -607,14 +688,16 @@ FILE_PATTERNS = RECURSIVE = NO -# The EXCLUDE tag can be used to specify files and/or directories that should +# The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. +# Note that relative paths are relative to the directory from which doxygen is +# run. EXCLUDE = -# The EXCLUDE_SYMLINKS tag can be used select whether or not files or -# directories that are symbolic links (a Unix filesystem feature) are excluded +# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or +# directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO @@ -678,8 +761,8 @@ INPUT_FILTER = # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further -# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER -# is applied to all files. +# info on how filters are used. If FILTER_PATTERNS is empty or if +# non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = @@ -689,6 +772,14 @@ FILTER_PATTERNS = FILTER_SOURCE_FILES = NO +# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file +# pattern. A pattern will override the setting for FILTER_PATTERN (if any) +# and it is also possible to disable source filtering for a specific pattern +# using *.ext= (so without naming a filter). This option only has effect when +# FILTER_SOURCE_FILES is enabled. + +FILTER_SOURCE_PATTERNS = + #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- @@ -707,7 +798,7 @@ INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code -# fragments. Normal C and C++ comments will always remain visible. +# fragments. Normal C, C++ and Fortran comments will always remain visible. STRIP_CODE_COMMENTS = YES @@ -791,7 +882,14 @@ HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a -# standard header. +# standard header. Note that when using a custom header you are responsible +# for the proper inclusion of any scripts and style sheets that doxygen +# needs, which is dependent on the configuration options used. +# It is advised to generate a default header using "doxygen -w html +# header.html footer.html stylesheet.css YourConfigFile" and then modify +# that header. Note that the header is subject to change so you typically +# have to redo this when upgrading to a newer version of doxygen or when +# changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = @@ -803,15 +901,34 @@ HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to -# fine-tune the look of the HTML output. If the tag is left blank doxygen -# will generate a default style sheet. Note that doxygen will try to copy -# the style sheet file to the HTML output directory, so don't put your own -# stylesheet in the HTML output directory as well, or it will be erased! +# fine-tune the look of the HTML output. If left blank doxygen will +# generate a default style sheet. Note that it is recommended to use +# HTML_EXTRA_STYLESHEET instead of this one, as it is more robust and this +# tag will in the future become obsolete. HTML_STYLESHEET = +# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional +# user-defined cascading style sheet that is included after the standard +# style sheets created by doxygen. Using this option one can overrule +# certain style aspects. This is preferred over using HTML_STYLESHEET +# since it does not replace the standard style sheet and is therefor more +# robust against future updates. Doxygen will copy the style sheet file to +# the output directory. + +HTML_EXTRA_STYLESHEET = + +# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or +# other source files which should be copied to the HTML output directory. Note +# that these files will be copied to the base HTML output directory. Use the +# $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these +# files. In the HTML_STYLESHEET file, use the file name only. Also note that +# the files will be copied as-is; there are no commands or markers available. + +HTML_EXTRA_FILES = + # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. -# Doxygen will adjust the colors in the stylesheet and background images +# Doxygen will adjust the colors in the style sheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, @@ -841,20 +958,23 @@ HTML_COLORSTYLE_GAMMA = 80 HTML_TIMESTAMP = YES -# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, -# files or namespaces will be aligned in HTML using tables. If set to -# NO a bullet list will be used. - -HTML_ALIGN_MEMBERS = YES - # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the -# page has loaded. For this to work a browser that supports -# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox -# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). +# page has loaded. HTML_DYNAMIC_SECTIONS = NO +# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of +# entries shown in the various tree structured indices initially; the user +# can expand and collapse entries dynamically later on. Doxygen will expand +# the tree to such a level that at most the specified number of entries are +# visible (unless a fully collapsed tree already exceeds this amount). +# So setting the number of entries 1 will produce a full collapsed tree by +# default. 0 is a special value representing an infinite number of entries +# and will result in a full expanded tree by default. + +HTML_INDEX_NUM_ENTRIES = 100 + # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). @@ -882,9 +1002,9 @@ DOCSET_FEEDNAME = "Doxygen generated docs" DOCSET_BUNDLE_ID = org.doxygen.Project -# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify -# the documentation publisher. This should be a reverse domain-name style -# string, e.g. com.mycompany.MyDocSet.documentation. +# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely +# identify the documentation publisher. This should be a reverse domain-name +# style string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher @@ -1006,17 +1126,14 @@ GENERATE_ECLIPSEHELP = NO ECLIPSE_DOC_ID = org.doxygen.Project -# The DISABLE_INDEX tag can be used to turn on/off the condensed index at -# top of each HTML page. The value NO (the default) enables the index and -# the value YES disables it. +# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) +# at top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. Since the tabs have the same information as the +# navigation tree you can set this option to NO if you already set +# GENERATE_TREEVIEW to YES. DISABLE_INDEX = NO -# This tag can be used to set the number of enum values (range [1..20]) -# that doxygen will group on one line in the generated HTML documentation. - -ENUM_VALUES_PER_LINE = 4 - # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated @@ -1024,13 +1141,17 @@ ENUM_VALUES_PER_LINE = 4 # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. +# Since the tree basically has the same information as the tab index you +# could consider to set DISABLE_INDEX to NO when enabling this option. GENERATE_TREEVIEW = NO -# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, -# and Class Hierarchy pages using a tree view instead of an ordered list. +# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values +# (range [0,1..20]) that doxygen will group on one line in the generated HTML +# documentation. Note that a value of 0 will completely suppress the enum +# values from appearing in the overview section. -USE_INLINE_TREES = NO +ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree @@ -1059,6 +1180,32 @@ FORMULA_FONTSIZE = 10 FORMULA_TRANSPARENT = YES +# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax +# (see http://www.mathjax.org) which uses client side Javascript for the +# rendering instead of using prerendered bitmaps. Use this if you do not +# have LaTeX installed or if you want to formulas look prettier in the HTML +# output. When enabled you may also need to install MathJax separately and +# configure the path to it using the MATHJAX_RELPATH option. + +USE_MATHJAX = NO + +# When MathJax is enabled you need to specify the location relative to the +# HTML output directory using the MATHJAX_RELPATH option. The destination +# directory should contain the MathJax.js script. For instance, if the mathjax +# directory is located at the same level as the HTML output directory, then +# MATHJAX_RELPATH should be ../mathjax. The default value points to +# the MathJax Content Delivery Network so you can quickly see the result without +# installing MathJax. +# However, it is strongly recommended to install a local +# copy of MathJax from http://www.mathjax.org before deployment. + +MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest + +# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension +# names that should be enabled during MathJax rendering. + +MATHJAX_EXTENSIONS = + # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using @@ -1074,7 +1221,7 @@ SEARCHENGINE = NO # using Javascript. Doxygen will generate the search PHP script and index # file to put on the web server. The advantage of the server # based approach is that it scales better to large projects and allows -# full text search. The disadvances is that it is more difficult to setup +# full text search. The disadvantages are that it is more difficult to setup # and does not have live searching capabilities. SERVER_BASED_SEARCH = NO @@ -1115,7 +1262,7 @@ MAKEINDEX_CMD_NAME = makeindex COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used -# by the printer. Possible values are: a4, a4wide, letter, legal and +# by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4wide @@ -1132,6 +1279,13 @@ EXTRA_PACKAGES = LATEX_HEADER = +# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for +# the generated latex document. The footer should contain everything after +# the last chapter. If it is left blank doxygen will generate a +# standard footer. Notice: only use this tag if you know what you are doing! + +LATEX_FOOTER = + # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references @@ -1165,6 +1319,12 @@ LATEX_HIDE_INDICES = NO LATEX_SOURCE_CODE = NO +# The LATEX_BIB_STYLE tag can be used to specify the style to use for the +# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See +# http://en.wikipedia.org/wiki/BibTeX for more info. + +LATEX_BIB_STYLE = plain + #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- @@ -1196,7 +1356,7 @@ COMPACT_RTF = NO RTF_HYPERLINKS = NO -# Load stylesheet definitions from file. Syntax is similar to doxygen's +# Load style sheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. @@ -1341,7 +1501,7 @@ MACRO_EXPANSION = NO EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files -# in the INCLUDE_PATH (see below) will be search if a #include is found. +# pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES @@ -1371,15 +1531,15 @@ PREDEFINED = DOXYGEN_IGNORE # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. -# Use the PREDEFINED tag if you want to use a different macro definition. +# Use the PREDEFINED tag if you want to use a different macro definition that +# overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then -# doxygen's preprocessor will remove all function-like macros that are alone -# on a line, have an all uppercase name, and do not end with a semicolon. Such -# function macros are typically used for boiler-plate code, and will confuse -# the parser if not removed. +# doxygen's preprocessor will remove all references to function-like macros +# that are alone on a line, have an all uppercase name, and do not end with a +# semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES @@ -1387,22 +1547,18 @@ SKIP_FUNCTION_MACROS = YES # Configuration::additions related to external references #--------------------------------------------------------------------------- -# The TAGFILES option can be used to specify one or more tagfiles. -# Optionally an initial location of the external documentation -# can be added for each tagfile. The format of a tag file without -# this location is as follows: +# The TAGFILES option can be used to specify one or more tagfiles. For each +# tag file the location of the external documentation should be added. The +# format of a tag file without this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... -# where "loc1" and "loc2" can be relative or absolute paths or -# URLs. If a location is present for each tag, the installdox tool -# does not have to be run to correct the links. -# Note that each tag file must have a unique name -# (where the name does NOT include the path) -# If a tag file is not located in the directory in which doxygen -# is run, you must also specify the path to the tagfile here. +# where "loc1" and "loc2" can be relative or absolute paths +# or URLs. Note that each tag file must have a unique name (where the name does +# NOT include the path). If a tag file is not located in the directory in which +# doxygen is run, you must also specify the path to the tagfile here. TAGFILES = @@ -1435,9 +1591,8 @@ PERL_PATH = @PERL@ # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that -# this option is superseded by the HAVE_DOT option below. This is only a -# fallback. It is recommended to install and use dot, since it yields more -# powerful graphs. +# this option also works with HAVE_DOT disabled, but it is recommended to +# install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES @@ -1471,14 +1626,12 @@ HAVE_DOT = @HAVEDOT@ DOT_NUM_THREADS = 0 -# By default doxygen will write a font called FreeSans.ttf to the output -# directory and reference it in all dot files that doxygen generates. This -# font does not include all possible unicode characters however, so when you need -# these (or just want a differently looking font) you can specify the font name -# using DOT_FONTNAME. You need need to make sure dot is able to find the font, -# which can be done by putting it in a standard location or by setting the -# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory -# containing the font. +# By default doxygen will use the Helvetica font for all dot files that +# doxygen generates. When you want a differently looking font you can specify +# the font name using DOT_FONTNAME. You need to make sure dot is able to find +# the font, which can be done by putting it in a standard location or by setting +# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the +# directory containing the font. DOT_FONTNAME = FreeSans.ttf @@ -1487,17 +1640,16 @@ DOT_FONTNAME = FreeSans.ttf DOT_FONTSIZE = 10 -# By default doxygen will tell dot to use the output directory to look for the -# FreeSans.ttf font (which doxygen will put there itself). If you specify a -# different font using DOT_FONTNAME you can set the path where dot -# can find it using this tag. +# By default doxygen will tell dot to use the Helvetica font. +# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to +# set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the -# the CLASS_DIAGRAMS tag to NO. +# CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES @@ -1519,6 +1671,15 @@ GROUP_GRAPHS = YES UML_LOOK = NO +# If the UML_LOOK tag is enabled, the fields and methods are shown inside +# the class node. If there are many fields or methods and many nodes the +# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS +# threshold limits the number of items for each type to make the size more +# managable. Set this to 0 for no limit. Note that the threshold may be +# exceeded by 50% before the limit is enforced. + +UML_LIMIT_NUM_FIELDS = 10 + # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. @@ -1555,11 +1716,11 @@ CALL_GRAPH = NO CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen -# will graphical hierarchy of all classes instead of a textual one. +# will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES -# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. @@ -1567,11 +1728,22 @@ GRAPHICAL_HIERARCHY = YES DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images -# generated by dot. Possible values are png, jpg, or gif -# If left blank png will be used. +# generated by dot. Possible values are svg, png, jpg, or gif. +# If left blank png will be used. If you choose svg you need to set +# HTML_FILE_EXTENSION to xhtml in order to make the SVG files +# visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png +# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to +# enable generation of interactive SVG images that allow zooming and panning. +# Note that this requires a modern browser other than Internet Explorer. +# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you +# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files +# visible. Older versions of IE do not have SVG support. + +INTERACTIVE_SVG = NO + # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. @@ -1583,6 +1755,12 @@ DOT_PATH = @DOTPATH@ DOTFILE_DIRS = +# The MSCFILE_DIRS tag can be used to specify one or more directories that +# contain msc files that are included in the documentation (see the +# \mscfile command). + +MSCFILE_DIRS = + # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is diff --git a/Makefile.am b/Makefile.am index bacc32a..9a671c2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,7 +30,7 @@ MAINTAINERCLEANFILES = \ dox: stamp-doxygen -stamp-doxygen: src/oauth.h doc/mainpage.dox +stamp-doxygen: src/oauth.h doc/mainpage.dox Doxyfile $(DOXYGEN) Doxyfile && touch stamp-doxygen cp doc/man/man3/oauth.h.3 doc/oauth.3 sed 's/ -\([qsdU]\)/ \\-\1/g' doc/man/man3/oauth.h.3 \ diff --git a/Makefile.in b/Makefile.in index 79cf7e2..3bd6f35 100644 --- a/Makefile.in +++ b/Makefile.in @@ -933,7 +933,7 @@ uninstall-am: uninstall-pkgconfigDATA dox: stamp-doxygen -stamp-doxygen: src/oauth.h doc/mainpage.dox +stamp-doxygen: src/oauth.h doc/mainpage.dox Doxyfile $(DOXYGEN) Doxyfile && touch stamp-doxygen cp doc/man/man3/oauth.h.3 doc/oauth.3 sed 's/ -\([qsdU]\)/ \\-\1/g' doc/man/man3/oauth.h.3 \ @@ -11,7 +11,7 @@ # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. # -# Copyright (C) Robin Gareus 2007-2011 +# Copyright (C) Robin Gareus 2007-2012 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## @@ -1554,7 +1554,7 @@ Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. -Copyright (C) Robin Gareus 2007-2011 +Copyright (C) Robin Gareus 2007-2012 _ACEOF exit fi diff --git a/configure.ac b/configure.ac index c4b30d8..828f730 100644 --- a/configure.ac +++ b/configure.ac @@ -22,7 +22,7 @@ VERSION_INFO=${VERSION_CUR}:${VERSION_REV}:${VERSION_AGE} AC_CONFIG_SRCDIR([src/oauth.c]) AC_CONFIG_TESTDIR([tests]) AC_CANONICAL_TARGET([]) -AC_COPYRIGHT([Copyright (C) Robin Gareus 2007-2011]) +AC_COPYRIGHT([Copyright (C) Robin Gareus 2007-2012]) AM_INIT_AUTOMAKE(liboauth,$VERSION) AM_CONFIG_HEADER(src/config.h) diff --git a/doc/mainpage.dox b/doc/mainpage.dox index 05007df..98ee3d7 100644 --- a/doc/mainpage.dox +++ b/doc/mainpage.dox @@ -1,25 +1,23 @@ /** @mainpage OAuth library functions -\image html libOAuth.png "libOAuth" - @section intro Introduction liboauth is a collection of POSIX-c functions implementing the <a href="http://oauth.net/">OAuth</a> Core <a href="http://tools.ietf.org/html/rfc5849">RFC 5849</a> standard. liboauth provides functions to escape and encode parameters according to OAuth specification and offers high-level functionality to sign requests or verify OAuth signatures as well as perform HTTP requests. - - liboauth depends on either on the <a href="http://openssl.org/">OpenSSL</a> library or on + + liboauth depends on either on the <a href="http://openssl.org/">OpenSSL</a> library or on <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> (Mozilla's Network Security Services) - , which are used for generating the hash/signature, and optionally <a href="http://curl.haxx.se/libcurl/c/">libcurl</a> for issuing HTTP requests. - + , which are used for generating the hash/signature, and optionally <a href="http://curl.haxx.se/libcurl/c/">libcurl</a> for issuing HTTP requests. + The source includes example code and a self-tests based on <a href="http://wiki.oauth.net/TestCases">http://wiki.oauth.net/TestCases</a>. The library has been tested against the http://oauth-sandbox.mediamatic.nl (now offline) and http://term.ie/oauth/example test servers using commandline-cURL, libcurl and a QT4.3.2 QHttp C++ application on win32 (mingw), gnu/Linux and Mac/OSX. @section installation Installation The source is debianized. On Debian systems <tt>debian-buildpackage</tt> can be used to compile and <tt>dpkg -i</tt> to install <em>liboauth</em> and <em>liboauth-dev</em> packages. liboauth uses autotools and libtools. The tar.gz package includes the <tt>configure</tt> script, but if you get the source from the repository, you first need to generate the build environment with something alike: - <tt>aclocal; autoheader; libtoolize --copy; autoconf; automake --gnu --add-missing --copy</tt>. (<i>OSX users use <tt>glibtoolize</tt></i>). - + <tt>aclocal; autoheader; libtoolize --copy; autoconf; automake --gnu --add-missing --copy</tt>. (<i>OSX users use <tt>glibtoolize</tt></i>). + run <tt>./configure</tt> and build liboauth with <tt>make</tt>. see the INSTALL file for further instructions on gnu autotools. run <tt>./configure --help</tt> for information on optional features (<tt>--disable-curl</tt>, <tt>--disable-libcurl</tt>, <tt>--enable-nss</tt>, <tt>--with-curltimeout[=<int>]</tt>). @@ -27,24 +25,35 @@ If <a href="http://www.stack.nl/~dimitri/doxygen/">Doxygen</a> is available, the documentation can be rendered from the source by calling <tt>make dox</tt>. The http://wiki.oauth.net/TestCases scenarios in the example code can be run with <tt>make check</tt>. @section usage Usage - Consult \ref oauth.h for a detailed reference of available functions. This documentation is also available as unix manual page: <tt>man 3 oauth</tt>. + Consult \ref oauth.h for a detailed reference of available functions. This documentation is also available as unix manual page: <tt>man 3 oauth</tt>. See <tt>tests/oauthtest.c</tt> for the self-test code and example. <tt>tests/oauthexample.c</tt> implements a simple hardcoded OAuth-consumer. - If you simply want to calculate the OAuth-signature, all you need is \ref oauth_sign_url. + If you simply want to calculate the OAuth-signature, all you need is \ref oauth_sign_url. Future releases might include more elaborate usage information: Feel free to ask questions. - <a href="http://rg42.org/oss/oauth/">oauth-utils</a> includes a command-line OAuth-consumer and signature-verification tool using liboauth. + <a href="http://gareus.org/oss/oauth/">oauth-utils</a> includes a command-line OAuth-consumer and signature-verification tool using liboauth. + +@section usage Built-in HTTP client +The curl wrapper interface should never have been part of libOauth. It came in handy during initial development and test deployments, and by the time I wanted to remove it, there were already too many users... + +It is still convenient for self-tests and getting started, but application developers should rather aim for a dedicated optimized implementation appropriate for each app. + +oauth_http.c does not do any error-handling for instance, also SSL certificate checking and/or similar CURL options depend on the use-case at hand. Furthermore the available curl options and parameters in oauth_http.c are limited. + +Therefore with the release of version 1.0.0 <strong>all <tt>oauth_http</tt> functions</strong> have been marked as <strong>deprecated</strong>. + +Developers of applications using <tt>oauth_http.c</tt> are advised to simply copy the relevent code into their application (the MIT license is very permissive) and adopt it, if neccesary. @section download Download - Download Source: <a href="http://sourceforge.net/projects/liboauth/files/liboauth-0.9.7.tar.gz/download">liboauth-0.9.7.tar.gz</a> - <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/trunk/ChangeLog?revision=HEAD&view=markup">Changelog</a>. + Download Source: <a href="http://sourceforge.net/projects/liboauth/files/liboauth-1.0.3.tar.gz/download">liboauth-1.0.3.tar.gz</a> + <a href="https://raw.github.com/x42/liboauth/master/ChangeLog">Changelog</a>. - liboauth is maintained at sourceforge subversion repositories: - <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/">Browse Web SVN</a> URL: <tt>https://liboauth.svn.sourceforge.net/svnroot/liboauth/</tt>, and mirrored at the <a href="http://oauth.googlecode.com/svn/code/c/liboauth/">OAuth googlecode repository</a>. + liboauth is maintained at github: + <a href="https://github.com/x42/liboauth">liboauth repository</a> and mirrored at the <a href="http://oauth.googlecode.com/svn/code/c/liboauth/">OAuth googlecode SVN repository</a>. <!-- - The development branch is available from <tt>git://rg42.org/liboauth</tt> or download a <a href="http://rg42.org/gitweb/?p=liboauth.git;a=snapshot;h=head">snapshot</a>. + The development branch is available from <tt>git://gareus.org/liboauth</tt> or download a <a href="http://gareus.org/gitweb/?p=liboauth.git;a=snapshot;h=head">snapshot</a>. !--> @section bug Bugs @@ -58,7 +67,7 @@ Note: OpenSSL is not strictly compatible with the GPL license. An exemption (to the GPL) allowing to link and redistribute liboauth with the OpenSSL library is is included in the source files. - More information is available in the + More information is available in the <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/trunk/README?revision=HEAD&view=markup">README</a>. You can avoid this whole issue by using NSS instead of OpenSSL, configuring liboauth with <tt>--enable-nss</tt>. @@ -66,7 +75,7 @@ MIT License (source-code): <pre> - Copyright 2007-2010 Robin Gareus + Copyright 2007-2012 Robin Gareus Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/doc/mainpage.dox.in b/doc/mainpage.dox.in index d798236..e52a4d9 100644 --- a/doc/mainpage.dox.in +++ b/doc/mainpage.dox.in @@ -1,25 +1,23 @@ /** @mainpage OAuth library functions -\image html libOAuth.png "libOAuth" - @section intro Introduction liboauth is a collection of POSIX-c functions implementing the <a href="http://oauth.net/">OAuth</a> Core <a href="http://tools.ietf.org/html/rfc5849">RFC 5849</a> standard. liboauth provides functions to escape and encode parameters according to OAuth specification and offers high-level functionality to sign requests or verify OAuth signatures as well as perform HTTP requests. - - liboauth depends on either on the <a href="http://openssl.org/">OpenSSL</a> library or on + + liboauth depends on either on the <a href="http://openssl.org/">OpenSSL</a> library or on <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> (Mozilla's Network Security Services) - , which are used for generating the hash/signature, and optionally <a href="http://curl.haxx.se/libcurl/c/">libcurl</a> for issuing HTTP requests. - + , which are used for generating the hash/signature, and optionally <a href="http://curl.haxx.se/libcurl/c/">libcurl</a> for issuing HTTP requests. + The source includes example code and a self-tests based on <a href="http://wiki.oauth.net/TestCases">http://wiki.oauth.net/TestCases</a>. The library has been tested against the http://oauth-sandbox.mediamatic.nl (now offline) and http://term.ie/oauth/example test servers using commandline-cURL, libcurl and a QT4.3.2 QHttp C++ application on win32 (mingw), gnu/Linux and Mac/OSX. @section installation Installation The source is debianized. On Debian systems <tt>debian-buildpackage</tt> can be used to compile and <tt>dpkg -i</tt> to install <em>liboauth</em> and <em>liboauth-dev</em> packages. liboauth uses autotools and libtools. The tar.gz package includes the <tt>configure</tt> script, but if you get the source from the repository, you first need to generate the build environment with something alike: - <tt>aclocal; autoheader; libtoolize --copy; autoconf; automake --gnu --add-missing --copy</tt>. (<i>OSX users use <tt>glibtoolize</tt></i>). - + <tt>aclocal; autoheader; libtoolize --copy; autoconf; automake --gnu --add-missing --copy</tt>. (<i>OSX users use <tt>glibtoolize</tt></i>). + run <tt>./configure</tt> and build liboauth with <tt>make</tt>. see the INSTALL file for further instructions on gnu autotools. run <tt>./configure --help</tt> for information on optional features (<tt>--disable-curl</tt>, <tt>--disable-libcurl</tt>, <tt>--enable-nss</tt>, <tt>--with-curltimeout[=<int>]</tt>). @@ -27,24 +25,35 @@ If <a href="http://www.stack.nl/~dimitri/doxygen/">Doxygen</a> is available, the documentation can be rendered from the source by calling <tt>make dox</tt>. The http://wiki.oauth.net/TestCases scenarios in the example code can be run with <tt>make check</tt>. @section usage Usage - Consult \ref oauth.h for a detailed reference of available functions. This documentation is also available as unix manual page: <tt>man 3 oauth</tt>. + Consult \ref oauth.h for a detailed reference of available functions. This documentation is also available as unix manual page: <tt>man 3 oauth</tt>. See <tt>tests/oauthtest.c</tt> for the self-test code and example. <tt>tests/oauthexample.c</tt> implements a simple hardcoded OAuth-consumer. - If you simply want to calculate the OAuth-signature, all you need is \ref oauth_sign_url. + If you simply want to calculate the OAuth-signature, all you need is \ref oauth_sign_url. Future releases might include more elaborate usage information: Feel free to ask questions. - <a href="http://rg42.org/oss/oauth/">oauth-utils</a> includes a command-line OAuth-consumer and signature-verification tool using liboauth. + <a href="http://gareus.org/oss/oauth/">oauth-utils</a> includes a command-line OAuth-consumer and signature-verification tool using liboauth. + +@section usage Built-in HTTP client +The curl wrapper interface should never have been part of libOauth. It came in handy during initial development and test deployments, and by the time I wanted to remove it, there were already too many users... + +It is still convenient for self-tests and getting started, but application developers should rather aim for a dedicated optimized implementation appropriate for each app. + +oauth_http.c does not do any error-handling for instance, also SSL certificate checking and/or similar CURL options depend on the use-case at hand. Furthermore the available curl options and parameters in oauth_http.c are limited. + +Therefore with the release of version 1.0.0 <strong>all <tt>oauth_http</tt> functions</strong> have been marked as <strong>deprecated</strong>. + +Developers of applications using <tt>oauth_http.c</tt> are advised to simply copy the relevent code into their application (the MIT license is very permissive) and adopt it, if neccesary. @section download Download Download Source: <a href="http://sourceforge.net/projects/liboauth/files/liboauth-@VERSION@.tar.gz/download">liboauth-@VERSION@.tar.gz</a> - <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/trunk/ChangeLog?revision=HEAD&view=markup">Changelog</a>. + <a href="https://raw.github.com/x42/liboauth/master/ChangeLog">Changelog</a>. - liboauth is maintained at sourceforge subversion repositories: - <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/">Browse Web SVN</a> URL: <tt>https://liboauth.svn.sourceforge.net/svnroot/liboauth/</tt>, and mirrored at the <a href="http://oauth.googlecode.com/svn/code/c/liboauth/">OAuth googlecode repository</a>. + liboauth is maintained at github: + <a href="https://github.com/x42/liboauth">liboauth repository</a> and mirrored at the <a href="http://oauth.googlecode.com/svn/code/c/liboauth/">OAuth googlecode SVN repository</a>. <!-- - The development branch is available from <tt>git://rg42.org/liboauth</tt> or download a <a href="http://rg42.org/gitweb/?p=liboauth.git;a=snapshot;h=head">snapshot</a>. + The development branch is available from <tt>git://gareus.org/liboauth</tt> or download a <a href="http://gareus.org/gitweb/?p=liboauth.git;a=snapshot;h=head">snapshot</a>. !--> @section bug Bugs @@ -58,7 +67,7 @@ Note: OpenSSL is not strictly compatible with the GPL license. An exemption (to the GPL) allowing to link and redistribute liboauth with the OpenSSL library is is included in the source files. - More information is available in the + More information is available in the <a href="http://liboauth.svn.sourceforge.net/viewvc/liboauth/trunk/README?revision=HEAD&view=markup">README</a>. You can avoid this whole issue by using NSS instead of OpenSSL, configuring liboauth with <tt>--enable-nss</tt>. @@ -66,7 +75,7 @@ MIT License (source-code): <pre> - Copyright 2007-2010 Robin Gareus + Copyright 2007-2012 Robin Gareus Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/doc/oauth.3 b/doc/oauth.3 index 945209d..f41e6ff 100644 --- a/doc/oauth.3 +++ b/doc/oauth.3 @@ -1,31 +1,21 @@ -.TH "src/oauth.h" 3 "Wed Jul 4 2012" "Version 0.9.7" "OAuth library functions" \" -*- nroff -*- +.TH "oauth.h" 3 "Thu Apr 17 2014" "Version 1.0.3" "OAuth library functions" \" -*- nroff -*- .ad l .nh .SH NAME -src/oauth.h \- +oauth.h \- .PP -OAuth.net implementation in POSIX-C. +OAuth\&.net implementation in POSIX-C\&. .SH SYNOPSIS .br .PP -.SS "Defines" - -.in +1c -.ti -1c -.RI "#define \fBOA_GCC_VERSION_AT_LEAST\fP(x, y) 0" -.br -.ti -1c -.RI "#define \fBattribute_deprecated\fP" -.br -.in -1c .SS "Enumerations" .in +1c .ti -1c -.RI "enum \fBOAuthMethod\fP { \fBOA_HMAC\fP = 0, \fBOA_RSA\fP, \fBOA_PLAINTEXT\fP }" +.RI "enum \fBOAuthMethod\fP { \fBOA_HMAC\fP =0, \fBOA_RSA\fP, \fBOA_PLAINTEXT\fP }" .br -.RI "\fIsignature method to used for signing the request. \fP" +.RI "\fIsignature method to used for signing the request\&. \fP" .in -1c .SS "Functions" @@ -33,75 +23,75 @@ OAuth.net implementation in POSIX-C. .ti -1c .RI "char * \fBoauth_encode_base64\fP (int size, const unsigned char *src)" .br -.RI "\fIBase64 encode and return size data in 'src'. \fP" +.RI "\fIBase64 encode and return size data in 'src'\&. \fP" .ti -1c .RI "int \fBoauth_decode_base64\fP (unsigned char *dest, const char *src)" .br -.RI "\fIDecode the base64 encoded string 'src' into the memory pointed to by 'dest'. \fP" +.RI "\fIDecode the base64 encoded string 'src' into the memory pointed to by 'dest'\&. \fP" .ti -1c .RI "char * \fBoauth_url_escape\fP (const char *string)" .br -.RI "\fIEscape 'string' according to RFC3986 and http://oauth.net/core/1.0/#encoding_parameters. \fP" +.RI "\fIEscape 'string' according to RFC3986 and http://oauth.net/core/1.0/#encoding_parameters\&. \fP" .ti -1c .RI "char * \fBoauth_url_unescape\fP (const char *string, size_t *olen)" .br -.RI "\fIParse RFC3986 encoded 'string' back to unescaped version. \fP" +.RI "\fIParse RFC3986 encoded 'string' back to unescaped version\&. \fP" .ti -1c .RI "char * \fBoauth_sign_hmac_sha1\fP (const char *m, const char *k)" .br -.RI "\fIreturns base64 encoded HMAC-SHA1 signature for given message and key. \fP" +.RI "\fIreturns base64 encoded HMAC-SHA1 signature for given message and key\&. \fP" .ti -1c .RI "char * \fBoauth_sign_hmac_sha1_raw\fP (const char *m, const size_t ml, const char *k, const size_t kl)" .br -.RI "\fIsame as \fBoauth_sign_hmac_sha1\fP but allows to specify length of message and key (in case they contain null chars). \fP" +.RI "\fIsame as \fBoauth_sign_hmac_sha1\fP but allows one to specify length of message and key (in case they contain null chars)\&. \fP" .ti -1c .RI "char * \fBoauth_sign_plaintext\fP (const char *m, const char *k)" .br -.RI "\fIreturns plaintext signature for the given key. \fP" +.RI "\fIreturns plaintext signature for the given key\&. \fP" .ti -1c .RI "char * \fBoauth_sign_rsa_sha1\fP (const char *m, const char *k)" .br -.RI "\fIreturns RSA-SHA1 signature for given data. \fP" +.RI "\fIreturns RSA-SHA1 signature for given data\&. \fP" .ti -1c .RI "int \fBoauth_verify_rsa_sha1\fP (const char *m, const char *c, const char *s)" .br -.RI "\fIverify RSA-SHA1 signature. \fP" +.RI "\fIverify RSA-SHA1 signature\&. \fP" .ti -1c -.RI "char * \fBoauth_catenc\fP (int len,...)" +.RI "char * \fBoauth_catenc\fP (int len,\&.\&.\&.)" .br -.RI "\fIurl-escape strings and concatenate with '&' separator. \fP" +.RI "\fIurl-escape strings and concatenate with '&' separator\&. \fP" .ti -1c .RI "int \fBoauth_split_url_parameters\fP (const char *url, char ***argv)" .br -.RI "\fIsplits the given url into a parameter array. \fP" +.RI "\fIsplits the given url into a parameter array\&. \fP" .ti -1c .RI "int \fBoauth_split_post_paramters\fP (const char *url, char ***argv, short qesc)" .br -.RI "\fIsplits the given url into a parameter array. \fP" +.RI "\fIsplits the given url into a parameter array\&. \fP" .ti -1c .RI "char * \fBoauth_serialize_url\fP (int argc, int start, char **argv)" .br -.RI "\fIbuild a url query string from an array. \fP" +.RI "\fIbuild a url query string from an array\&. \fP" .ti -1c .RI "char * \fBoauth_serialize_url_sep\fP (int argc, int start, char **argv, char *sep, int mod)" .br -.RI "\fIencode query parameters from an array. \fP" +.RI "\fIencode query parameters from an array\&. \fP" .ti -1c .RI "char * \fBoauth_serialize_url_parameters\fP (int argc, char **argv)" .br -.RI "\fIbuild a query parameter string from an array. \fP" +.RI "\fIbuild a query parameter string from an array\&. \fP" .ti -1c .RI "char * \fBoauth_gen_nonce\fP ()" .br -.RI "\fIgenerate a random string between 15 and 32 chars length and return a pointer to it. \fP" +.RI "\fIgenerate a random string between 15 and 32 chars length and return a pointer to it\&. \fP" .ti -1c .RI "int \fBoauth_cmpstringp\fP (const void *p1, const void *p2)" .br -.RI "\fIstring compare function for oauth parameters. \fP" +.RI "\fIstring compare function for oauth parameters\&. \fP" .ti -1c .RI "int \fBoauth_param_exists\fP (char **argv, int argc, char *key)" .br -.RI "\fIsearch array for parameter key. \fP" +.RI "\fIsearch array for parameter key\&. \fP" .ti -1c .RI "void \fBoauth_add_param_to_array\fP (int *argcp, char ***argvp, const char *addparam)" .br @@ -120,21 +110,21 @@ OAuth.net implementation in POSIX-C. .ti -1c .RI "int \fBoauth_time_independent_equals\fP (const char *a, const char *b)" .br -.RI "\fIcompare two strings in constant-time. \fP" +.RI "\fIcompare two strings in constant-time\&. \fP" .ti -1c .RI "int \fBoauth_time_indepenent_equals\fP (const char *a, const char *b) attribute_deprecated" .br .ti -1c .RI "char * \fBoauth_sign_url2\fP (const char *url, char **postargs, \fBOAuthMethod\fP method, const char *http_method, const char *c_key, const char *c_secret, const char *t_key, const char *t_secret)" .br -.RI "\fIcalculate OAuth-signature for a given HTTP request URL, parameters and oauth-tokens. \fP" +.RI "\fIcalculate OAuth-signature for a given HTTP request URL, parameters and oauth-tokens\&. \fP" .ti -1c .RI "char * \fBoauth_sign_url\fP (const char *url, char **postargs, \fBOAuthMethod\fP method, const char *c_key, const char *c_secret, const char *t_key, const char *t_secret) attribute_deprecated" .br .ti -1c .RI "void \fBoauth_sign_array2_process\fP (int *argcp, char ***argvp, char **postargs, \fBOAuthMethod\fP method, const char *http_method, const char *c_key, const char *c_secret, const char *t_key, const char *t_secret)" .br -.RI "\fIthe back-end behind by /ref oauth_sign_array2. \fP" +.RI "\fIthe back-end behind by /ref oauth_sign_array2\&. \fP" .ti -1c .RI "char * \fBoauth_sign_array2\fP (int *argcp, char ***argvp, char **postargs, \fBOAuthMethod\fP method, const char *http_method, const char *c_key, const char *c_secret, const char *t_key, const char *t_secret)" .br @@ -145,87 +135,80 @@ OAuth.net implementation in POSIX-C. .ti -1c .RI "char * \fBoauth_body_hash_file\fP (char *filename)" .br -.RI "\fIcalculate body hash (sha1sum) of given file and return a oauth_body_hash=xxxx parameter to be added to the request. \fP" +.RI "\fIcalculate body hash (sha1sum) of given file and return a oauth_body_hash=xxxx parameter to be added to the request\&. \fP" .ti -1c .RI "char * \fBoauth_body_hash_data\fP (size_t length, const char *data)" .br -.RI "\fIcalculate body hash (sha1sum) of given data and return a oauth_body_hash=xxxx parameter to be added to the request. \fP" +.RI "\fIcalculate body hash (sha1sum) of given data and return a oauth_body_hash=xxxx parameter to be added to the request\&. \fP" .ti -1c .RI "char * \fBoauth_body_hash_encode\fP (size_t len, unsigned char *digest)" .br -.RI "\fIbase64 encode digest, free it and return a URL parameter with the oauth_body_hash. \fP" +.RI "\fIbase64 encode digest, free it and return a URL parameter with the oauth_body_hash\&. \fP" .ti -1c .RI "char * \fBoauth_sign_xmpp\fP (const char *xml, \fBOAuthMethod\fP method, const char *c_secret, const char *t_secret)" .br .RI "\fIxep-0235 - TODO \fP" .ti -1c -.RI "char * \fBoauth_http_get\fP (const char *u, const char *q)" +.RI "char * \fBoauth_http_get\fP (const char *u, const char *q) attribute_deprecated" .br -.RI "\fIdo a HTTP GET request, wait for it to finish and return the content of the reply. \fP" +.RI "\fIdo a HTTP GET request, wait for it to finish and return the content of the reply\&. \fP" .ti -1c -.RI "char * \fBoauth_http_get2\fP (const char *u, const char *q, const char *customheader)" +.RI "char * \fBoauth_http_get2\fP (const char *u, const char *q, const char *customheader) attribute_deprecated" .br -.RI "\fIdo a HTTP GET request, wait for it to finish and return the content of the reply. \fP" +.RI "\fIdo a HTTP GET request, wait for it to finish and return the content of the reply\&. \fP" .ti -1c -.RI "char * \fBoauth_http_post\fP (const char *u, const char *p)" +.RI "char * \fBoauth_http_post\fP (const char *u, const char *p) attribute_deprecated" .br -.RI "\fIdo a HTTP POST request, wait for it to finish and return the content of the reply. \fP" +.RI "\fIdo a HTTP POST request, wait for it to finish and return the content of the reply\&. \fP" .ti -1c -.RI "char * \fBoauth_http_post2\fP (const char *u, const char *p, const char *customheader)" +.RI "char * \fBoauth_http_post2\fP (const char *u, const char *p, const char *customheader) attribute_deprecated" .br -.RI "\fIdo a HTTP POST request, wait for it to finish and return the content of the reply. \fP" +.RI "\fIdo a HTTP POST request, wait for it to finish and return the content of the reply\&. \fP" .ti -1c -.RI "char * \fBoauth_post_file\fP (const char *u, const char *fn, const size_t len, const char *customheader)" +.RI "char * \fBoauth_post_file\fP (const char *u, const char *fn, const size_t len, const char *customheader) attribute_deprecated" .br -.RI "\fIhttp post raw data from file. \fP" +.RI "\fIhttp post raw data from file\&. \fP" .ti -1c -.RI "char * \fBoauth_post_data\fP (const char *u, const char *data, size_t len, const char *customheader)" +.RI "char * \fBoauth_post_data\fP (const char *u, const char *data, size_t len, const char *customheader) attribute_deprecated" .br .RI "\fIhttp post raw data the returned string needs to be freed by the caller (requires libcurl) \fP" .ti -1c -.RI "char * \fBoauth_post_data_with_callback\fP (const char *u, const char *data, size_t len, const char *customheader, void(*callback)(void *, int, size_t, size_t), void *callback_data)" +.RI "char * \fBoauth_post_data_with_callback\fP (const char *u, const char *data, size_t len, const char *customheader, void(*callback)(void *, int, size_t, size_t), void *callback_data) attribute_deprecated" .br -.RI "\fIhttp post raw data, with callback. \fP" +.RI "\fIhttp post raw data, with callback\&. \fP" .ti -1c -.RI "char * \fBoauth_send_data\fP (const char *u, const char *data, size_t len, const char *customheader, const char *httpMethod)" +.RI "char * \fBoauth_send_data\fP (const char *u, const char *data, size_t len, const char *customheader, const char *httpMethod) attribute_deprecated" .br -.RI "\fIhttp send raw data. \fP" +.RI "\fIhttp send raw data\&. \fP" .ti -1c -.RI "char * \fBoauth_send_data_with_callback\fP (const char *u, const char *data, size_t len, const char *customheader, void(*callback)(void *, int, size_t, size_t), void *callback_data, const char *httpMethod)" +.RI "char * \fBoauth_send_data_with_callback\fP (const char *u, const char *data, size_t len, const char *customheader, void(*callback)(void *, int, size_t, size_t), void *callback_data, const char *httpMethod) attribute_deprecated" .br -.RI "\fIhttp post raw data, with callback. \fP" +.RI "\fIhttp post raw data, with callback\&. \fP" .in -1c .SH "Detailed Description" .PP -OAuth.net implementation in POSIX-C. +OAuth\&.net implementation in POSIX-C\&. \fBAuthor:\fP .RS 4 -Robin Gareus <robin@gareus.org> +Robin Gareus robin@gareus.org .RE .PP -Copyright 2007-2011 Robin Gareus <robin@gareus.org> +Copyright 2007-2014 Robin Gareus robin@gareus.org .PP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: .PP -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. -.PP -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -.PP -Definition in file \fBoauth.h\fP. -.SH "Define Documentation" -.PP -.SS "#define attribute_deprecated" +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software\&. .PP -Definition at line 54 of file oauth.h. -.SS "#define OA_GCC_VERSION_AT_LEAST(x, y) 0" +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT\&. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE\&. .PP -Definition at line 47 of file oauth.h. +Definition in file \fBoauth\&.h\fP\&. .SH "Enumeration Type Documentation" .PP .SS "enum \fBOAuthMethod\fP" + .PP -signature method to used for signing the request. +signature method to used for signing the request\&. .PP \fBEnumerator: \fP .in +1c @@ -239,10 +222,11 @@ use RSA signature \fB\fIOA_PLAINTEXT \fP\fP use plain text signature (for testing only) .PP -Definition at line 65 of file oauth.h. +Definition at line 66 of file oauth\&.h\&. .SH "Function Documentation" .PP .SS "void oauth_add_param_to_array (int * argcp, char *** argvp, const char * addparam)" + .PP add query parameter to array \fBParameters:\fP .RS 4 @@ -250,13 +234,14 @@ add query parameter to array \fBParameters:\fP .br \fIargvp\fP pointer to array values .br -\fIaddparam\fP parameter to add (eg. 'foo=bar') +\fIaddparam\fP parameter to add (eg\&. 'foo=bar') .RE .PP .SS "char* oauth_body_hash_data (size_t length, const char * data)" + .PP -calculate body hash (sha1sum) of given data and return a oauth_body_hash=xxxx parameter to be added to the request. The returned string needs to be freed by the calling function. The returned string is not yet url-escaped and suitable to be passed as argument to \fBoauth_catenc\fP. +calculate body hash (sha1sum) of given data and return a oauth_body_hash=xxxx parameter to be added to the request\&. The returned string needs to be freed by the calling function\&. The returned string is not yet url-escaped and suitable to be passed as argument to \fBoauth_catenc\fP\&. .PP see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html .PP @@ -276,10 +261,11 @@ URL oauth_body_hash parameter string .PP \fBExamples: \fP .in +1c -\fBtests/oauthbodyhash.c\fP. +\fBtests/oauthbodyhash\&.c\fP\&. .SS "char* oauth_body_hash_encode (size_t len, unsigned char * digest)" + .PP -base64 encode digest, free it and return a URL parameter with the oauth_body_hash. The returned hash needs to be freed by the calling function. The returned string is not yet url-escaped and thus suitable to be passed to \fBoauth_catenc\fP. +base64 encode digest, free it and return a URL parameter with the oauth_body_hash\&. The returned hash needs to be freed by the calling function\&. The returned string is not yet url-escaped and thus suitable to be passed to \fBoauth_catenc\fP\&. .PP \fBParameters:\fP .RS 4 @@ -295,8 +281,9 @@ URL oauth_body_hash parameter string .PP .SS "char* oauth_body_hash_file (char * filename)" + .PP -calculate body hash (sha1sum) of given file and return a oauth_body_hash=xxxx parameter to be added to the request. The returned string needs to be freed by the calling function. +calculate body hash (sha1sum) of given file and return a oauth_body_hash=xxxx parameter to be added to the request\&. The returned string needs to be freed by the calling function\&. .PP see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html .PP @@ -314,10 +301,11 @@ URL oauth_body_hash parameter string .PP \fBExamples: \fP .in +1c -\fBtests/oauthbodyhash.c\fP. -.SS "char* oauth_catenc (int len, ...)" +\fBtests/oauthbodyhash\&.c\fP\&. +.SS "char* oauth_catenc (int len, \&.\&.\&.)" + .PP -url-escape strings and concatenate with '&' separator. The number of strings to be concatenated must be given as first argument. all arguments thereafter must be of type (char *) +url-escape strings and concatenate with '&' separator\&. The number of strings to be concatenated must be given as first argument\&. all arguments thereafter must be of type (char *) .PP \fBParameters:\fP .RS 4 @@ -326,39 +314,38 @@ url-escape strings and concatenate with '&' separator. The number of strings to .PP \fBReturns:\fP .RS 4 -pointer to memory holding the concatenated strings - needs to be free(d) by the caller. or NULL in case we ran out of memory. +pointer to memory holding the concatenated strings - needs to be xfree(d) by the caller\&. or NULL in case we ran out of memory\&. .RE .PP -.PP -\fBExamples: \fP -.in +1c -\fBtests/oauthbodyhash.c\fP. .SS "int oauth_cmpstringp (const void * p1, const void * p2)" + .PP -string compare function for oauth parameters. used with qsort. needed to normalize request parameters. see http://oauth.net/core/1.0/#anchor14 +string compare function for oauth parameters\&. used with qsort\&. needed to normalize request parameters\&. see http://oauth.net/core/1.0/#anchor14 .PP \fBExamples: \fP .in +1c -\fBtests/oauthexample.c\fP, \fBtests/oauthtest.c\fP, and \fBtests/oauthtest2.c\fP. +\fBtests/oauthexample\&.c\fP, \fBtests/oauthtest\&.c\fP, and \fBtests/oauthtest2\&.c\fP\&. .SS "int oauth_decode_base64 (unsigned char * dest, const char * src)" + .PP -Decode the base64 encoded string 'src' into the memory pointed to by 'dest'. \fBParameters:\fP +Decode the base64 encoded string 'src' into the memory pointed to by 'dest'\&. \fBParameters:\fP .RS 4 -\fIdest\fP Pointer to memory for holding the decoded string. Must be large enough to receive the decoded string. +\fIdest\fP Pointer to memory for holding the decoded string\&. Must be large enough to receive the decoded string\&. .br -\fIsrc\fP A base64 encoded string. +\fIsrc\fP A base64 encoded string\&. .RE .PP \fBReturns:\fP .RS 4 -the length of the decoded string if decode succeeded otherwise 0. +the length of the decoded string if decode succeeded otherwise 0\&. .RE .PP .SS "char* oauth_encode_base64 (int size, const unsigned char * src)" + .PP -Base64 encode and return size data in 'src'. The caller must free the returned string. +Base64 encode and return size data in 'src'\&. The caller must free the returned string\&. .PP \fBParameters:\fP .RS 4 @@ -374,155 +361,183 @@ encoded string otherwise NULL .PP .SS "void oauth_free_array (int * argcp, char *** argvp)" + .PP free array args \fBParameters:\fP .RS 4 \fIargcp\fP pointer to array length int .br -\fIargvp\fP pointer to array values to be free()d +\fIargvp\fP pointer to array values to be xfree()d .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthtest2.c\fP. +\fBtests/oauthtest2\&.c\fP\&. .SS "char* oauth_gen_nonce ()" + .PP -generate a random string between 15 and 32 chars length and return a pointer to it. The value needs to be freed by the caller +generate a random string between 15 and 32 chars length and return a pointer to it\&. The value needs to be freed by the caller .PP \fBReturns:\fP .RS 4 -zero terminated random string. +zero terminated random string\&. .RE .PP .SS "char* oauth_http_get (const char * u, const char * q)" + .PP -do a HTTP GET request, wait for it to finish and return the content of the reply. (requires libcurl or a command-line HTTP client) +do a HTTP GET request, wait for it to finish and return the content of the reply\&. (requires libcurl or a command-line HTTP client) .PP -If compiled \fBwithout\fP libcurl this function calls a command-line executable defined in the environment variable OAUTH_HTTP_GET_CMD - it defaults to \fCcurl \-sA 'liboauth-agent/0.1' '%u'\fP where %u is replaced with the URL and query parameters. +If compiled \fBwithout\fP libcurl this function calls a command-line executable defined in the environment variable OAUTH_HTTP_GET_CMD - it defaults to \fCcurl \-sA 'liboauth-agent/0\&.1' '%u'\fP where %u is replaced with the URL and query parameters\&. .PP -bash & wget example: \fCexport OAUTH_HTTP_CMD='wget \-q \-U 'liboauth-agent/0.1' '%u' '\fP +bash & wget example: \fCexport OAUTH_HTTP_CMD='wget \-q \-U 'liboauth-agent/0\&.1' '%u' '\fP .PP -WARNING: this is a tentative function. it's convenient and handy for testing or developing OAuth code. But don't rely on this function to become a stable part of this API. It does not do much error checking or handling for one thing.. +WARNING: this is a tentative function\&. it's convenient and handy for testing or developing OAuth code\&. But don't rely on this function to become a stable part of this API\&. It does not do much error checking or handling for one thing\&.\&. .PP -NOTE: \fIu\fP and \fIq\fP are just concatenated with a '?' in between, unless \fIq\fP is NULL. in which case only \fIu\fP will be used. +NOTE: \fIu\fP and \fIq\fP are just concatenated with a '?' in between, unless \fIq\fP is NULL\&. in which case only \fIu\fP will be used\&. .PP \fBParameters:\fP .RS 4 \fIu\fP base url to get .br -\fIq\fP query string to send along with the HTTP request or NULL. +\fIq\fP query string to send along with the HTTP request or NULL\&. .RE .PP \fBReturns:\fP .RS 4 -In case of an error NULL is returned; otherwise a pointer to the replied content from HTTP server. latter needs to be freed by caller. +In case of an error NULL is returned; otherwise a pointer to the replied content from HTTP server\&. latter needs to be freed by caller\&. +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthexample.c\fP, and \fBtests/oauthtest.c\fP. +\fBtests/oauthexample\&.c\fP, and \fBtests/oauthtest\&.c\fP\&. .SS "char* oauth_http_get2 (const char * u, const char * q, const char * customheader)" + .PP -do a HTTP GET request, wait for it to finish and return the content of the reply. (requires libcurl) +do a HTTP GET request, wait for it to finish and return the content of the reply\&. (requires libcurl) .PP -This is equivalent to /ref oauth_http_get but allows to specifiy a custom HTTP header and has has no support for commandline-curl. +This is equivalent to /ref oauth_http_get but allows one to specifiy a custom HTTP header andhas no support for commandline-curl\&. .PP -If liboauth is compiled \fBwithout\fP libcurl this function always returns NULL. +If liboauth is compiled \fBwithout\fP libcurl this function always returns NULL\&. .PP \fBParameters:\fP .RS 4 \fIu\fP base url to get .br -\fIq\fP query string to send along with the HTTP request or NULL. +\fIq\fP query string to send along with the HTTP request or NULL\&. .br \fIcustomheader\fP specify custom HTTP header (or NULL for none) Multiple header elements can be passed separating them with '\\r\\n' .RE .PP \fBReturns:\fP .RS 4 -In case of an error NULL is returned; otherwise a pointer to the replied content from HTTP server. latter needs to be freed by caller. +In case of an error NULL is returned; otherwise a pointer to the replied content from HTTP server\&. latter needs to be freed by caller\&. +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthtest2.c\fP. +\fBtests/oauthtest2\&.c\fP\&. .SS "char* oauth_http_post (const char * u, const char * p)" + .PP -do a HTTP POST request, wait for it to finish and return the content of the reply. (requires libcurl or a command-line HTTP client) +do a HTTP POST request, wait for it to finish and return the content of the reply\&. (requires libcurl or a command-line HTTP client) .PP -If compiled \fBwithout\fP libcurl this function calls a command-line executable defined in the environment variable OAUTH_HTTP_CMD - it defaults to \fCcurl \-sA 'liboauth-agent/0.1' \-d '%p' '%u'\fP where %p is replaced with the postargs and %u is replaced with the URL. +If compiled \fBwithout\fP libcurl this function calls a command-line executable defined in the environment variable OAUTH_HTTP_CMD - it defaults to \fCcurl \-sA 'liboauth-agent/0\&.1' \-d '%p' '%u'\fP where %p is replaced with the postargs and %u is replaced with the URL\&. .PP -bash & wget example: \fCexport OAUTH_HTTP_CMD='wget \-q \-U 'liboauth-agent/0.1' \-\-post-data='%p' '%u' '\fP +bash & wget example: \fCexport OAUTH_HTTP_CMD='wget \-q \-U 'liboauth-agent/0\&.1' –post-data='%p' '%u' '\fP .PP -NOTE: This function uses the curl's default HTTP-POST Content-Type: application/x-www-form-urlencoded which is the only option allowed by oauth core 1.0 spec. Experimental code can use the Environment variable to transmit custom HTTP headers or parameters. +NOTE: This function uses the curl's default HTTP-POST Content-Type: application/x-www-form-urlencoded which is the only option allowed by oauth core 1\&.0 spec\&. Experimental code can use the Environment variable to transmit custom HTTP headers or parameters\&. .PP -WARNING: this is a tentative function. it's convenient and handy for testing or developing OAuth code. But don't rely on this function to become a stable part of this API. It does not do much error checking for one thing.. +WARNING: this is a tentative function\&. it's convenient and handy for testing or developing OAuth code\&. But don't rely on this function to become a stable part of this API\&. It does not do much error checking for one thing\&.\&. .PP \fBParameters:\fP .RS 4 \fIu\fP url to query .br -\fIp\fP postargs to send along with the HTTP request. +\fIp\fP postargs to send along with the HTTP request\&. .RE .PP \fBReturns:\fP .RS 4 -replied content from HTTP server. needs to be freed by caller. +replied content from HTTP server\&. needs to be freed by caller\&. +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthexample.c\fP, and \fBtests/oauthtest.c\fP. +\fBtests/oauthexample\&.c\fP, and \fBtests/oauthtest\&.c\fP\&. .SS "char* oauth_http_post2 (const char * u, const char * p, const char * customheader)" + .PP -do a HTTP POST request, wait for it to finish and return the content of the reply. (requires libcurl) +do a HTTP POST request, wait for it to finish and return the content of the reply\&. (requires libcurl) .PP -It's equivalent to /ref oauth_http_post, but offers the possibility to specify a custom HTTP header and has no support for commandline-curl. +It's equivalent to /ref oauth_http_post, but offers the possibility to specify a custom HTTP header and has no support for commandline-curl\&. .PP -If liboauth is compiled \fBwithout\fP libcurl this function always returns NULL. +If liboauth is compiled \fBwithout\fP libcurl this function always returns NULL\&. .PP \fBParameters:\fP .RS 4 \fIu\fP url to query .br -\fIp\fP postargs to send along with the HTTP request. +\fIp\fP postargs to send along with the HTTP request\&. .br \fIcustomheader\fP specify custom HTTP header (or NULL for none) Multiple header elements can be passed separating them with '\\r\\n' .RE .PP \fBReturns:\fP .RS 4 -replied content from HTTP server. needs to be freed by caller. +replied content from HTTP server\&. needs to be freed by caller\&. +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .SS "int oauth_param_exists (char ** argv, int argc, char * key)" + .PP -search array for parameter key. \fBParameters:\fP +search array for parameter key\&. \fBParameters:\fP .RS 4 \fIargv\fP length of array to search .br \fIargc\fP parameter array to search .br -\fIkey\fP key of parameter to check. +\fIkey\fP key of parameter to check\&. .RE .PP \fBReturns:\fP .RS 4 -FALSE (0) if array does not contain a parameter with given key, TRUE (1) otherwise. +FALSE (0) if array does not contain a parameter with given key, TRUE (1) otherwise\&. .RE .PP .SS "char* oauth_post_data (const char * u, const char * data, size_t len, const char * customheader)" + .PP http post raw data the returned string needs to be freed by the caller (requires libcurl) see dislaimer: /ref oauth_http_post .PP @@ -532,26 +547,32 @@ http post raw data the returned string needs to be freed by the caller (requires .br \fIdata\fP data to post .br -\fIlen\fP length of the data in bytes. +\fIlen\fP length of the data in bytes\&. .br \fIcustomheader\fP specify custom HTTP header (or NULL for default) Multiple header elements can be passed separating them with '\\r\\n' .RE .PP \fBReturns:\fP .RS 4 -returned HTTP reply or NULL on error +returned HTTP reply or NULL on error +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthbodyhash.c\fP. +\fBtests/oauthbodyhash\&.c\fP\&. .SS "char* oauth_post_data_with_callback (const char * u, const char * data, size_t len, const char * customheader, void(*)(void *, int, size_t, size_t) callback, void * callback_data)" + .PP -http post raw data, with callback. the returned string needs to be freed by the caller (requires libcurl) +http post raw data, with callback\&. the returned string needs to be freed by the caller (requires libcurl) .PP -Invokes the callback - in no particular order - when HTTP-request status updates occur. The callback is called with: void * callback_data: supplied on function call. int type: 0=data received, 1=data sent. size_t size: amount of data received or amount of data sent so far size_t totalsize: original amount of data to send, or amount of data received +Invokes the callback - in no particular order - when HTTP-request status updates occur\&. The callback is called with: void * callback_data: supplied on function call\&. int type: 0=data received, 1=data sent\&. size_t size: amount of data received or amount of data sent so far size_t totalsize: original amount of data to send, or amount of data received .PP \fBParameters:\fP .RS 4 @@ -559,7 +580,7 @@ Invokes the callback - in no particular order - when HTTP-request status updates .br \fIdata\fP data to post along .br -\fIlen\fP length of the file in bytes. set to '0' for autodetection +\fIlen\fP length of the file in bytes\&. set to '0' for autodetection .br \fIcustomheader\fP specify custom HTTP header (or NULL for default) Multiple header elements can be passed separating them with '\\r\\n' .br @@ -570,13 +591,19 @@ Invokes the callback - in no particular order - when HTTP-request status updates .PP \fBReturns:\fP .RS 4 -returned HTTP reply or NULL on error +returned HTTP reply or NULL on error +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .SS "char* oauth_post_file (const char * u, const char * fn, const size_t len, const char * customheader)" + .PP -http post raw data from file. the returned string needs to be freed by the caller (requires libcurl) +http post raw data from file\&. the returned string needs to be freed by the caller (requires libcurl) .PP see dislaimer: /ref oauth_http_post .PP @@ -586,20 +613,26 @@ see dislaimer: /ref oauth_http_post .br \fIfn\fP filename of the file to post along .br -\fIlen\fP length of the file in bytes. set to '0' for autodetection +\fIlen\fP length of the file in bytes\&. set to '0' for autodetection .br -\fIcustomheader\fP specify custom HTTP header (or NULL for default). Multiple header elements can be passed separating them with '\\r\\n' +\fIcustomheader\fP specify custom HTTP header (or NULL for default)\&. Multiple header elements can be passed separating them with '\\r\\n' .RE .PP \fBReturns:\fP .RS 4 -returned HTTP reply or NULL on error +returned HTTP reply or NULL on error +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .SS "char* oauth_send_data (const char * u, const char * data, size_t len, const char * customheader, const char * httpMethod)" + .PP -http send raw data. similar to /ref oauth_http_post but provides for specifying the HTTP request method. +http send raw data\&. similar to /ref oauth_http_post but provides for specifying the HTTP request method\&. .PP the returned string needs to be freed by the caller (requires libcurl) .PP @@ -611,24 +644,30 @@ see dislaimer: /ref oauth_http_post .br \fIdata\fP data to post .br -\fIlen\fP length of the data in bytes. +\fIlen\fP length of the data in bytes\&. .br \fIcustomheader\fP specify custom HTTP header (or NULL for default) Multiple header elements can be passed separating them with '\\r\\n' .br -\fIhttpMethod\fP specify http verb ('GET'/'POST'/'PUT'/'DELETE') to be used. if httpMethod is NULL, a POST is executed. +\fIhttpMethod\fP specify http verb ('GET'/'POST'/'PUT'/'DELETE') to be used\&. if httpMethod is NULL, a POST is executed\&. .RE .PP \fBReturns:\fP .RS 4 -returned HTTP reply or NULL on error +returned HTTP reply or NULL on error +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .SS "char* oauth_send_data_with_callback (const char * u, const char * data, size_t len, const char * customheader, void(*)(void *, int, size_t, size_t) callback, void * callback_data, const char * httpMethod)" + .PP -http post raw data, with callback. the returned string needs to be freed by the caller (requires libcurl) +http post raw data, with callback\&. the returned string needs to be freed by the caller (requires libcurl) .PP -Invokes the callback - in no particular order - when HTTP-request status updates occur. The callback is called with: void * callback_data: supplied on function call. int type: 0=data received, 1=data sent. size_t size: amount of data received or amount of data sent so far size_t totalsize: original amount of data to send, or amount of data received +Invokes the callback - in no particular order - when HTTP-request status updates occur\&. The callback is called with: void * callback_data: supplied on function call\&. int type: 0=data received, 1=data sent\&. size_t size: amount of data received or amount of data sent so far size_t totalsize: original amount of data to send, or amount of data received .PP \fBParameters:\fP .RS 4 @@ -636,7 +675,7 @@ Invokes the callback - in no particular order - when HTTP-request status updates .br \fIdata\fP data to post along .br -\fIlen\fP length of the file in bytes. set to '0' for autodetection +\fIlen\fP length of the file in bytes\&. set to '0' for autodetection .br \fIcustomheader\fP specify custom HTTP header (or NULL for default) Multiple header elements can be passed separating them with '\\r\\n' .br @@ -644,93 +683,103 @@ Invokes the callback - in no particular order - when HTTP-request status updates .br \fIcallback_data\fP specify data to pass to the callback function .br -\fIhttpMethod\fP specify http verb ('GET'/'POST'/'PUT'/'DELETE') to be used. +\fIhttpMethod\fP specify http verb ('GET'/'POST'/'PUT'/'DELETE') to be used\&. .RE .PP \fBReturns:\fP .RS 4 -returned HTTP reply or NULL on error +returned HTTP reply or NULL on error +.RE +.PP +\fBDeprecated\fP +.RS 4 +use libcurl - http://curl.haxx.se/libcurl/c/ .RE .PP .SS "char* oauth_serialize_url (int argc, int start, char ** argv)" + .PP -build a url query string from an array. \fBParameters:\fP +build a url query string from an array\&. \fBParameters:\fP .RS 4 \fIargc\fP the total number of elements in the array .br -\fIstart\fP element in the array at which to start concatenating. +\fIstart\fP element in the array at which to start concatenating\&. .br -\fIargv\fP parameter-array to concatenate. +\fIargv\fP parameter-array to concatenate\&. .RE .PP \fBReturns:\fP .RS 4 -url string needs to be freed by the caller. +url string needs to be freed by the caller\&. .RE .PP .SS "char* oauth_serialize_url_parameters (int argc, char ** argv)" + .PP -build a query parameter string from an array. This function is a shortcut for \fBoauth_serialize_url\fP (argc, 1, argv). It strips the leading host/path, which is usually the first element when using oauth_split_url_parameters on an URL. +build a query parameter string from an array\&. This function is a shortcut for \fBoauth_serialize_url\fP (argc, 1, argv)\&. It strips the leading host/path, which is usually the first element when using oauth_split_url_parameters on an URL\&. .PP \fBParameters:\fP .RS 4 \fIargc\fP the total number of elements in the array .br -\fIargv\fP parameter-array to concatenate. +\fIargv\fP parameter-array to concatenate\&. .RE .PP \fBReturns:\fP .RS 4 -url string needs to be freed by the caller. +url string needs to be freed by the caller\&. .RE .PP .SS "char* oauth_serialize_url_sep (int argc, int start, char ** argv, char * sep, int mod)" + .PP -encode query parameters from an array. \fBParameters:\fP +encode query parameters from an array\&. \fBParameters:\fP .RS 4 \fIargc\fP the total number of elements in the array .br -\fIstart\fP element in the array at which to start concatenating. +\fIstart\fP element in the array at which to start concatenating\&. .br -\fIargv\fP parameter-array to concatenate. +\fIargv\fP parameter-array to concatenate\&. .br \fIsep\fP separator for parameters (usually '&') .br -\fImod\fP - bitwise modifiers: 1: skip all values that start with 'oauth_' 2: skip all values that don't start with 'oauth_' 4: double quotation marks are added around values (use with sep ', ' for HTTP Authorization header). +\fImod\fP - bitwise modifiers: 1: skip all values that start with 'oauth_' 2: skip all values that don't start with 'oauth_' 4: double quotation marks are added around values (use with sep ', ' for HTTP Authorization header)\&. .RE .PP \fBReturns:\fP .RS 4 -url string needs to be freed by the caller. +url string needs to be freed by the caller\&. .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthtest2.c\fP. -.SS "char* oauth_sign_array (int * argcp, char *** argvp, char ** postargs, \fBOAuthMethod\fP method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)"\fBDeprecated\fP +\fBtests/oauthtest2\&.c\fP\&. +.SS "char* oauth_sign_array (int * argcp, char *** argvp, char ** postargs, \fBOAuthMethod\fP method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)" +\fBDeprecated\fP .RS 4 -Use \fBoauth_sign_array2()\fP instead. +Use \fBoauth_sign_array2()\fP instead\&. .RE .PP .SS "char* oauth_sign_array2 (int * argcp, char *** argvp, char ** postargs, \fBOAuthMethod\fP method, const char * http_method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)" + .PP same as /ref oauth_sign_url with the url already split into parameter array \fBParameters:\fP .RS 4 \fIargcp\fP pointer to array length int .br -\fIargvp\fP pointer to array values (argv[0]='http://example.org:80/' argv[1]='first=QueryParamater' .. the array is modified: fi. oauth_ parameters are added) These arrays can be generated with /ref oauth_split_url_parameters or /ref oauth_split_post_paramters. +\fIargvp\fP pointer to array values (argv[0]='http://example\&.org:80/' argv[1]='first=QueryParamater' \&.\&. the array is modified: fi\&. oauth_ parameters are added) These arrays can be generated with /ref oauth_split_url_parameters or /ref oauth_split_post_paramters\&. .br -\fIpostargs\fP This parameter points to an area where the return value is stored. If 'postargs' is NULL, no value is stored. +\fIpostargs\fP This parameter points to an area where the return value is stored\&. If 'postargs' is NULL, no value is stored\&. .br -\fImethod\fP specify the signature method to use. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP. +\fImethod\fP specify the signature method to use\&. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP\&. .br -\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',..) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used. +\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',\&.\&.) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used\&. .br \fIc_key\fP consumer key .br @@ -743,27 +792,28 @@ same as /ref oauth_sign_url with the url already split into parameter array \fBP .PP \fBReturns:\fP .RS 4 -the signed url or NULL if an error occurred. +the signed url or NULL if an error occurred\&. .RE .PP .SS "void oauth_sign_array2_process (int * argcp, char *** argvp, char ** postargs, \fBOAuthMethod\fP method, const char * http_method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)" + .PP -the back-end behind by /ref oauth_sign_array2. however it does not serialize the signed URL again. The user needs to call /ref oauth_serialize_url (oA) and /ref oauth_free_array to do so. +the back-end behind by /ref oauth_sign_array2\&. however it does not serialize the signed URL again\&. The user needs to call /ref oauth_serialize_url (oA) and /ref oauth_free_array to do so\&. .PP -This allows to split parts of the URL to be used for OAuth HTTP Authorization header: see http://oauth.net/core/1.0a/#consumer_req_param the oauthtest2 example code does so. +This allows one to split parts of the URL to be used for OAuth HTTP Authorization header: see http://oauth.net/core/1.0a/#consumer_req_param the oauthtest2 example code does so\&. .PP \fBParameters:\fP .RS 4 \fIargcp\fP pointer to array length int .br -\fIargvp\fP pointer to array values (argv[0]='http://example.org:80/' argv[1]='first=QueryParamater' .. the array is modified: fi. oauth_ parameters are added) These arrays can be generated with /ref oauth_split_url_parameters or /ref oauth_split_post_paramters. +\fIargvp\fP pointer to array values (argv[0]='http://example\&.org:80/' argv[1]='first=QueryParamater' \&.\&. the array is modified: fi\&. oauth_ parameters are added) These arrays can be generated with /ref oauth_split_url_parameters or /ref oauth_split_post_paramters\&. .br -\fIpostargs\fP This parameter points to an area where the return value is stored. If 'postargs' is NULL, no value is stored. +\fIpostargs\fP This parameter points to an area where the return value is stored\&. If 'postargs' is NULL, no value is stored\&. .br -\fImethod\fP specify the signature method to use. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP. +\fImethod\fP specify the signature method to use\&. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP\&. .br -\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',..) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used. +\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',\&.\&.) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used\&. .br \fIc_key\fP consumer key .br @@ -783,10 +833,11 @@ void .PP \fBExamples: \fP .in +1c -\fBtests/oauthtest2.c\fP. +\fBtests/oauthtest2\&.c\fP\&. .SS "char* oauth_sign_hmac_sha1 (const char * m, const char * k)" + .PP -returns base64 encoded HMAC-SHA1 signature for given message and key. both data and key need to be urlencoded. +returns base64 encoded HMAC-SHA1 signature for given message and key\&. both data and key need to be urlencoded\&. .PP the returned string needs to be freed by the caller .PP @@ -799,17 +850,18 @@ the returned string needs to be freed by the caller .PP \fBReturns:\fP .RS 4 -signature string. +signature string\&. .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/selftest_wiki.c\fP. +\fBtests/selftest_wiki\&.c\fP\&. .SS "char* oauth_sign_hmac_sha1_raw (const char * m, const size_t ml, const char * k, const size_t kl)" + .PP -same as \fBoauth_sign_hmac_sha1\fP but allows to specify length of message and key (in case they contain null chars). \fBParameters:\fP +same as \fBoauth_sign_hmac_sha1\fP but allows one to specify length of message and key (in case they contain null chars)\&. \fBParameters:\fP .RS 4 \fIm\fP message to be signed .br @@ -822,13 +874,14 @@ same as \fBoauth_sign_hmac_sha1\fP but allows to specify length of message and k .PP \fBReturns:\fP .RS 4 -signature string. +signature string\&. .RE .PP .SS "char* oauth_sign_plaintext (const char * m, const char * k)" + .PP -returns plaintext signature for the given key. the returned string needs to be freed by the caller +returns plaintext signature for the given key\&. the returned string needs to be freed by the caller .PP \fBParameters:\fP .RS 4 @@ -844,8 +897,9 @@ signature string .PP .SS "char* oauth_sign_rsa_sha1 (const char * m, const char * k)" + .PP -returns RSA-SHA1 signature for given data. the returned signature needs to be freed by the caller. +returns RSA-SHA1 signature for given data\&. the returned signature needs to be freed by the caller\&. .PP \fBParameters:\fP .RS 4 @@ -856,35 +910,37 @@ returns RSA-SHA1 signature for given data. the returned signature needs to be fr .PP \fBReturns:\fP .RS 4 -base64 encoded signature string. +base64 encoded signature string\&. .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/selftest_wiki.c\fP. -.SS "char* oauth_sign_url (const char * url, char ** postargs, \fBOAuthMethod\fP method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)"\fBDeprecated\fP +\fBtests/selftest_wiki\&.c\fP\&. +.SS "char* oauth_sign_url (const char * url, char ** postargs, \fBOAuthMethod\fP method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)" +\fBDeprecated\fP .RS 4 -Use \fBoauth_sign_url2()\fP instead. +Use \fBoauth_sign_url2()\fP instead\&. .RE .PP .SS "char* oauth_sign_url2 (const char * url, char ** postargs, \fBOAuthMethod\fP method, const char * http_method, const char * c_key, const char * c_secret, const char * t_key, const char * t_secret)" + .PP -calculate OAuth-signature for a given HTTP request URL, parameters and oauth-tokens. if 'postargs' is NULL a 'GET' request is signed and the signed URL is returned. Else this fn will modify 'postargs' to point to memory that contains the signed POST-variables and returns the base URL. +calculate OAuth-signature for a given HTTP request URL, parameters and oauth-tokens\&. if 'postargs' is NULL a 'GET' request is signed and the signed URL is returned\&. Else this fn will modify 'postargs' to point to memory that contains the signed POST-variables and returns the base URL\&. .PP -both, the return value and (if given) 'postargs' need to be freed by the caller. +both, the return value and (if given) 'postargs' need to be freed by the caller\&. .PP \fBParameters:\fP .RS 4 -\fIurl\fP The request URL to be signed. append all GET or POST query-parameters separated by either '?' or '&' to this parameter. +\fIurl\fP The request URL to be signed\&. append all GET or POST query-parameters separated by either '?' or '&' to this parameter\&. .br -\fIpostargs\fP This parameter points to an area where the return value is stored. If 'postargs' is NULL, no value is stored. +\fIpostargs\fP This parameter points to an area where the return value is stored\&. If 'postargs' is NULL, no value is stored\&. .br -\fImethod\fP specify the signature method to use. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP. +\fImethod\fP specify the signature method to use\&. It is of type \fBOAuthMethod\fP and most likely \fBOA_HMAC\fP\&. .br -\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',..) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used. +\fIhttp_method\fP The HTTP request method to use (ie 'GET', 'PUT',\&.\&.) If NULL is given as 'http_method' this defaults to 'GET' when 'postargs' is also NULL and when postargs is not NULL 'POST' is used\&. .br \fIc_key\fP consumer key .br @@ -897,60 +953,64 @@ both, the return value and (if given) 'postargs' need to be freed by the caller. .PP \fBReturns:\fP .RS 4 -the signed url or NULL if an error occurred. +the signed url or NULL if an error occurred\&. .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthbodyhash.c\fP, \fBtests/oauthexample.c\fP, and \fBtests/oauthtest.c\fP. +\fBtests/oauthbodyhash\&.c\fP, \fBtests/oauthexample\&.c\fP, and \fBtests/oauthtest\&.c\fP\&. .SS "char* oauth_sign_xmpp (const char * xml, \fBOAuthMethod\fP method, const char * c_secret, const char * t_secret)" + .PP xep-0235 - TODO .SS "int oauth_split_post_paramters (const char * url, char *** argv, short qesc)" + .PP -splits the given url into a parameter array. (see \fBoauth_serialize_url\fP and \fBoauth_serialize_url_parameters\fP for the reverse) +splits the given url into a parameter array\&. (see \fBoauth_serialize_url\fP and \fBoauth_serialize_url_parameters\fP for the reverse) .PP \fBParameters:\fP .RS 4 -\fIurl\fP the url or query-string to parse. +\fIurl\fP the url or query-string to parse\&. .br -\fIargv\fP pointer to a (char *) array where the results are stored. The array is re-allocated to match the number of parameters and each parameter-string is allocated with strdup. - The memory needs to be freed by the caller. +\fIargv\fP pointer to a (char *) array where the results are stored\&. The array is re-allocated to match the number of parameters and each parameter-string is allocated with strdup\&. - The memory needs to be freed by the caller\&. .br \fIqesc\fP use query parameter escape (vs post-param-escape) - if set to 1 all '+' are treated as spaces ' ' .RE .PP \fBReturns:\fP .RS 4 -number of parameter(s) in array. +number of parameter(s) in array\&. .RE .PP .SS "int oauth_split_url_parameters (const char * url, char *** argv)" + .PP -splits the given url into a parameter array. (see \fBoauth_serialize_url\fP and \fBoauth_serialize_url_parameters\fP for the reverse) (see \fBoauth_split_post_paramters\fP for a more generic version) +splits the given url into a parameter array\&. (see \fBoauth_serialize_url\fP and \fBoauth_serialize_url_parameters\fP for the reverse) (see \fBoauth_split_post_paramters\fP for a more generic version) .PP \fBParameters:\fP .RS 4 \fIurl\fP the url or query-string to parse; may be NULL .br -\fIargv\fP pointer to a (char *) array where the results are stored. The array is re-allocated to match the number of parameters and each parameter-string is allocated with strdup. - The memory needs to be freed by the caller. +\fIargv\fP pointer to a (char *) array where the results are stored\&. The array is re-allocated to match the number of parameters and each parameter-string is allocated with strdup\&. - The memory needs to be freed by the caller\&. .RE .PP \fBReturns:\fP .RS 4 -number of parameter(s) in array. +number of parameter(s) in array\&. .RE .PP .PP \fBExamples: \fP .in +1c -\fBtests/oauthexample.c\fP, \fBtests/oauthtest.c\fP, and \fBtests/oauthtest2.c\fP. +\fBtests/oauthexample\&.c\fP, \fBtests/oauthtest\&.c\fP, and \fBtests/oauthtest2\&.c\fP\&. .SS "int oauth_time_independent_equals (const char * a, const char * b)" + .PP -compare two strings in constant-time. wrapper to \fBoauth_time_independent_equals_n\fP which calls strlen() for each argument. +compare two strings in constant-time\&. wrapper to \fBoauth_time_independent_equals_n\fP which calls strlen() for each argument\&. .PP \fBParameters:\fP .RS 4 @@ -959,8 +1019,9 @@ compare two strings in constant-time. wrapper to \fBoauth_time_independent_equal \fIb\fP string to compare .RE .PP -returns 0 (false) if strings are not equal, and 1 (true) if strings are equal. +returns 0 (false) if strings are not equal, and 1 (true) if strings are equal\&. .SS "int oauth_time_independent_equals_n (const char * a, const char * b, size_t len_a, size_t len_b)" + .PP compare two strings in constant-time (as to not let an attacker guess how many leading chars are correct: http://rdist.root.org/2010/01/07/timing-independent-array-comparison/ ) \fBParameters:\fP .RS 4 @@ -973,50 +1034,55 @@ compare two strings in constant-time (as to not let an attacker guess how many l \fIlen_b\fP length of string b .RE .PP -returns 0 (false) if strings are not equal, and 1 (true) if strings are equal. -.SS "int oauth_time_indepenent_equals (const char * a, const char * b)"\fBDeprecated\fP +returns 0 (false) if strings are not equal, and 1 (true) if strings are equal\&. +.SS "int oauth_time_indepenent_equals (const char * a, const char * b)" +\fBDeprecated\fP .RS 4 -Use \fBoauth_time_independent_equals()\fP instead. +Use \fBoauth_time_independent_equals()\fP instead\&. .RE .PP -.SS "int oauth_time_indepenent_equals_n (const char * a, const char * b, size_t len_a, size_t len_b)"\fBDeprecated\fP +.SS "int oauth_time_indepenent_equals_n (const char * a, const char * b, size_t len_a, size_t len_b)" +\fBDeprecated\fP .RS 4 -Use \fBoauth_time_independent_equals_n()\fP instead. +Use \fBoauth_time_independent_equals_n()\fP instead\&. .RE .PP .SS "char* oauth_url_escape (const char * string)" + .PP -Escape 'string' according to RFC3986 and http://oauth.net/core/1.0/#encoding_parameters. \fBParameters:\fP +Escape 'string' according to RFC3986 and http://oauth.net/core/1.0/#encoding_parameters\&. \fBParameters:\fP .RS 4 \fIstring\fP The data to be encoded .RE .PP \fBReturns:\fP .RS 4 -encoded string otherwise NULL The caller must free the returned string. +encoded string otherwise NULL The caller must free the returned string\&. .RE .PP .SS "char* oauth_url_unescape (const char * string, size_t * olen)" + .PP -Parse RFC3986 encoded 'string' back to unescaped version. \fBParameters:\fP +Parse RFC3986 encoded 'string' back to unescaped version\&. \fBParameters:\fP .RS 4 \fIstring\fP The data to be unescaped .br -\fIolen\fP unless NULL the length of the returned string is stored there. +\fIolen\fP unless NULL the length of the returned string is stored there\&. .RE .PP \fBReturns:\fP .RS 4 -decoded string or NULL The caller must free the returned string. +decoded string or NULL The caller must free the returned string\&. .RE .PP .SS "int oauth_verify_rsa_sha1 (const char * m, const char * c, const char * s)" + .PP -verify RSA-SHA1 signature. returns the output of EVP_VerifyFinal() for a given message, cert/pubkey and signature. +verify RSA-SHA1 signature\&. returns the output of EVP_VerifyFinal() for a given message, cert/pubkey and signature\&. .PP \fBParameters:\fP .RS 4 @@ -1036,7 +1102,7 @@ verify RSA-SHA1 signature. returns the output of EVP_VerifyFinal() for a given m .PP \fBExamples: \fP .in +1c -\fBtests/selftest_wiki.c\fP. +\fBtests/selftest_wiki\&.c\fP\&. .SH "Author" .PP -Generated automatically by Doxygen for OAuth library functions from the source code. +Generated automatically by Doxygen for OAuth library functions from the source code\&. diff --git a/src/Makefile.am b/src/Makefile.am index b59c7c7..ddcdce1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -6,3 +6,5 @@ liboauth_la_SOURCES=oauth.c config.h hash.c xmalloc.c xmalloc.h oauth_http.c liboauth_la_LDFLAGS=@LIBOAUTH_LDFLAGS@ -version-info @VERSION_INFO@ liboauth_la_LIBADD=@HASH_LIBS@ @CURL_LIBS@ liboauth_la_CFLAGS=@LIBOAUTH_CFLAGS@ @HASH_CFLAGS@ @CURL_CFLAGS@ + +EXTRA_DIST= sha1.c diff --git a/src/Makefile.in b/src/Makefile.in index 712f27a..c19d294 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -252,6 +252,7 @@ liboauth_la_SOURCES = oauth.c config.h hash.c xmalloc.c xmalloc.h oauth_http.c liboauth_la_LDFLAGS = @LIBOAUTH_LDFLAGS@ -version-info @VERSION_INFO@ liboauth_la_LIBADD = @HASH_LIBS@ @CURL_LIBS@ liboauth_la_CFLAGS = @LIBOAUTH_CFLAGS@ @HASH_CFLAGS@ @CURL_CFLAGS@ +EXTRA_DIST = sha1.c all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am diff --git a/src/config.h b/src/config.h index c875459..f5d7605 100644 --- a/src/config.h +++ b/src/config.h @@ -157,7 +157,7 @@ /* #undef USE_NSS */ /* Version number of package */ -#define VERSION "0.9.7" +#define VERSION "1.0.3" /* Define to `unsigned int' if <sys/types.h> does not define. */ /* #undef size_t */ @@ -1,7 +1,7 @@ /* * hash algorithms used in OAuth * - * Copyright 2007-2010 Robin Gareus <robin@gareus.org> + * Copyright 2007-2012 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -219,7 +219,7 @@ char *oauth_sign_rsa_sha1 (const char *m, const char *k) { looser: if (pkey) SECKEY_DestroyPrivateKey(pkey); if (slot) PK11_FreeSlot(slot); - free(key); + xfree(key); return rv; } @@ -259,7 +259,7 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *sig) { looser: if (pkey) SECKEY_DestroyPublicKey(pkey); if (slot) PK11_FreeSlot(slot); - free(key); + xfree(key); return rv; } @@ -445,7 +445,7 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) { err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey); EVP_MD_CTX_cleanup(&md_ctx); EVP_PKEY_free(pkey); - free(b64d); + xfree(b64d); return (err); } diff --git a/src/oauth.c b/src/oauth.c index d3f7f29..9529e2a 100644 --- a/src/oauth.c +++ b/src/oauth.c @@ -1,7 +1,7 @@ /* * OAuth string functions in POSIX-C. * - * Copyright 2007-2011 Robin Gareus <robin@gareus.org> + * Copyright 2007-2013 Robin Gareus <robin@gareus.org> * * The base64 functions are by Jan-Henrik Haukeland, <hauk@tildeslash.com> * and un/escape_url() was inspired by libcurl's curl_escape under ISC-license @@ -30,7 +30,7 @@ # include <config.h> #endif -#define WIPE_MEMORY ///< overwrite sensitve data before free()ing it. +#define WIPE_MEMORY ///< overwrite sensitve data before xfree()ing it. #include <stdio.h> #include <stdarg.h> @@ -167,7 +167,7 @@ int oauth_decode_base64(unsigned char *dest, const char *src) { if(c3 != '=') *p++=(((b2&0xf)<<4)|(b3>>2) ); if(c4 != '=') *p++=(((b3&0x3)<<6)|b4 ); } - free(buf); + xfree(buf); dest[p-dest]='\0'; return(p-dest); } @@ -285,7 +285,7 @@ char *oauth_url_unescape(const char *string, size_t *olen) { * @return signature string */ char *oauth_sign_plaintext (const char *m, const char *k) { - return(strdup(k)); + return(xstrdup(k)); } /** @@ -298,7 +298,7 @@ char *oauth_sign_plaintext (const char *m, const char *k) { * @param ... string to escape and added (may be NULL) * * @return pointer to memory holding the concatenated - * strings - needs to be free(d) by the caller. or NULL + * strings - needs to be xfree(d) by the caller. or NULL * in case we ran out of memory. */ char *oauth_catenc(int len, ...) { @@ -314,12 +314,12 @@ char *oauth_catenc(int len, ...) { enc = oauth_url_escape(arg); if(!enc) break; len = strlen(enc) + 1 + ((i>0)?1:0); - if(rv) len+=strlen(rv); + len+=strlen(rv); rv=(char*) xrealloc(rv,len*sizeof(char)); if(i>0) strcat(rv, "&"); strcat(rv, enc); - free(enc); + xfree(enc); } va_end(va); return(rv); @@ -383,7 +383,7 @@ int oauth_split_post_paramters(const char *url, char ***argv, short qesc) { #ifdef DEBUG_OAUTH fprintf(stderr, "\nliboauth: added trailing slash to URL: '%s'\n\n", token); #endif - free((*argv)[argc]); + xfree((*argv)[argc]); (*argv)[argc]= (char*) xmalloc(sizeof(char)*(2+strlen(token))); strcpy((*argv)[argc],token); strcat((*argv)[argc],"/"); @@ -396,7 +396,7 @@ int oauth_split_post_paramters(const char *url, char ***argv, short qesc) { argc++; } - free(t1); + xfree(t1); return argc; } @@ -442,7 +442,7 @@ char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep, int if ((mod&1)==1 && (strncmp(argv[i],"oauth_",6) == 0 || strncmp(argv[i],"x_oauth_",8) == 0) ) continue; if ((mod&2)==2 && (strncmp(argv[i],"oauth_",6) != 0 && strncmp(argv[i],"x_oauth_",8) != 0) && i!=0) continue; - if (query) len+=strlen(query); + len+=strlen(query); if (i==start && i==0 && strstr(argv[i], ":/")) { tmp=xstrdup(argv[i]); @@ -456,7 +456,7 @@ char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep, int strcpy(t2, tmp); strcpy(t2+off+2, tmp+off); *(t2+off)='%'; *(t2+off+1)='2'; *(t2+off+2)='0'; - free(tmp); + xfree(tmp); tmp=t2; # endif #endif @@ -479,7 +479,7 @@ char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep, int if (mod&4) strcat(tmp,"\""); strcat(tmp,t1); if (mod&4) strcat(tmp,"\""); - free(t1); + xfree(t1); len+=strlen(tmp); } len+=seplen+1; @@ -491,7 +491,7 @@ char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep, int strcat(query, "?"); first=1; } - free(tmp); + xfree(tmp); } return (query); } @@ -588,6 +588,7 @@ int oauth_cmpstringp(const void *p1, const void *p2) { char *v1,*v2; char *t1,*t2; int rv; + if (!p1 || !p2) return 0; // TODO: this is not fast - we should escape the // array elements (once) before sorting. v1=oauth_url_escape(* (char * const *)p1); @@ -603,9 +604,9 @@ int oauth_cmpstringp(const void *p1, const void *p2) { // compare parameter names rv=strcmp(v1,v2); - if (rv!=0) { - if (v1) free(v1); - if (v2) free(v2); + if (rv != 0) { + xfree(v1); + xfree(v2); return rv; } @@ -617,8 +618,8 @@ int oauth_cmpstringp(const void *p1, const void *p2) { else if (!t1) rv=-1; else rv=1; - if (v1) free(v1); - if (v2) free(v2); + xfree(v1); + xfree(v2); return rv; } @@ -665,7 +666,7 @@ void oauth_add_protocol(int *argcp, char ***argvp, char *tmp; snprintf(oarg, 1024, "oauth_nonce=%s", (tmp=oauth_gen_nonce())); oauth_add_param_to_array(argcp, argvp, oarg); - free(tmp); + xfree(tmp); } if (!oauth_param_exists(*argvp,*argcp,"oauth_timestamp")) { @@ -784,14 +785,36 @@ void oauth_sign_array2_process (int *argcp, char***argvp, // serialize URL - base-url query= oauth_serialize_url_parameters(*argcp, *argvp); - // generate signature - okey = oauth_catenc(2, c_secret, t_secret); + // prepare data to sign + if (method == OA_RSA) { + size_t len = 1; + if (c_secret) { + len += strlen(c_secret); + } + if (t_secret) { + len += strlen(t_secret); + } + okey = (char*)xmalloc(len * sizeof(char)); + *okey = '\0'; + if (c_secret) { + okey = strcat(okey, c_secret); + } + if (t_secret) { + okey = strcat(okey, t_secret); + } + } else { + okey = oauth_catenc(2, c_secret, t_secret); + } + odat = oauth_catenc(3, http_request_method, (*argvp)[0], query); // base-string - free(http_request_method); + xfree(http_request_method); + #ifdef DEBUG_OAUTH fprintf (stderr, "\nliboauth: data to sign='%s'\n\n", odat); fprintf (stderr, "\nliboauth: key='%s'\n\n", okey); #endif + + // generate signature switch(method) { case OA_RSA: sign = oauth_sign_rsa_sha1(odat,okey); // XXX okey needs to be RSA key! @@ -806,14 +829,14 @@ void oauth_sign_array2_process (int *argcp, char***argvp, memset(okey,0, strlen(okey)); memset(odat,0, strlen(odat)); #endif - free(odat); - free(okey); + xfree(odat); + xfree(okey); // append signature to query args. snprintf(oarg, 1024, "oauth_signature=%s",sign); oauth_add_param_to_array(argcp, argvp, oarg); - free(sign); - if(query) free(query); + xfree(sign); + if(query) xfree(query); } char *oauth_sign_array2 (int *argcp, char***argvp, @@ -845,14 +868,14 @@ char *oauth_sign_array2 (int *argcp, char***argvp, * free array args * * @param argcp pointer to array length int - * @param argvp pointer to array values to be free()d + * @param argvp pointer to array values to be xfree()d */ void oauth_free_array(int *argcp, char ***argvp) { int i; for (i=0;i<(*argcp);i++) { - free((*argvp)[i]); + xfree((*argvp)[i]); } - if(*argvp) free(*argvp); + if(*argvp) xfree(*argvp); } /** @@ -863,8 +886,8 @@ char *oauth_body_hash_encode(size_t len, unsigned char *digest) { char *sign=oauth_encode_base64(len,digest); char *sig_url = (char*)xmalloc(17+strlen(sign)); sprintf(sig_url,"oauth_body_hash=%s", sign); - free(sign); - free(digest); + xfree(sign); + xfree(digest); return sig_url; } diff --git a/src/oauth.h b/src/oauth.h index e612554..bb6dc3c 100644 --- a/src/oauth.h +++ b/src/oauth.h @@ -3,7 +3,7 @@ * @file oauth.h * @author Robin Gareus <robin@gareus.org> * - * Copyright 2007-2011 Robin Gareus <robin@gareus.org> + * Copyright 2007-2014 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,17 +29,16 @@ #ifndef DOXYGEN_IGNORE // liboauth version -#define LIBOAUTH_VERSION "0.9.7" -#define LIBOAUTH_VERSION_MAJOR 0 -#define LIBOAUTH_VERSION_MINOR 9 -#define LIBOAUTH_VERSION_MICRO 7 +#define LIBOAUTH_VERSION "1.0.3" +#define LIBOAUTH_VERSION_MAJOR 1 +#define LIBOAUTH_VERSION_MINOR 0 +#define LIBOAUTH_VERSION_MICRO 3 //interface revision number //http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html #define LIBOAUTH_CUR 8 -#define LIBOAUTH_REV 4 +#define LIBOAUTH_REV 7 #define LIBOAUTH_AGE 8 -#endif #ifdef __GNUC__ # define OA_GCC_VERSION_AT_LEAST(x,y) (__GNUC__ > x || __GNUC__ == x && __GNUC_MINOR__ >= y) @@ -55,6 +54,8 @@ #endif #endif +#endif /* doxygen ignore */ + #ifdef __cplusplus extern "C" { #endif @@ -125,7 +126,7 @@ char *oauth_url_unescape(const char *string, size_t *olen); char *oauth_sign_hmac_sha1 (const char *m, const char *k); /** - * same as \ref oauth_sign_hmac_sha1 but allows + * same as \ref oauth_sign_hmac_sha1 but allows one * to specify length of message and key (in case they contain null chars). * * @param m message to be signed @@ -179,7 +180,7 @@ int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s); * @param len the number of arguments to follow this parameter * * @return pointer to memory holding the concatenated - * strings - needs to be free(d) by the caller. or NULL + * strings - needs to be xfree(d) by the caller. or NULL * in case we ran out of memory. */ char *oauth_catenc(int len, ...); @@ -208,7 +209,7 @@ int oauth_split_url_parameters(const char *url, char ***argv); * The array is re-allocated to match the number of parameters and each * parameter-string is allocated with strdup. - The memory needs to be freed * by the caller. - * @param qesc use query parameter escape (vs post-param-escape) - if set + * @param qesc use query parameter escape (vs post-param-escape) - if set * to 1 all '+' are treated as spaces ' ' * * @return number of parameter(s) in array. @@ -218,9 +219,9 @@ int oauth_split_post_paramters(const char *url, char ***argv, short qesc); /** * build a url query string from an array. * - * @param argc the total number of elements in the array + * @param argc the total number of elements in the array * @param start element in the array at which to start concatenating. - * @param argv parameter-array to concatenate. + * @param argv parameter-array to concatenate. * @return url string needs to be freed by the caller. * */ @@ -295,7 +296,7 @@ void oauth_add_param_to_array(int *argcp, char ***argvp, const char *addparam); * free array args * * @param argcp pointer to array length int - * @param argvp pointer to array values to be free()d + * @param argvp pointer to array values to be xfree()d */ void oauth_free_array(int *argcp, char ***argvp); @@ -394,7 +395,7 @@ char *oauth_sign_url (const char *url, char **postargs, * The user needs to call /ref oauth_serialize_url (oA) * and /ref oauth_free_array to do so. * - * This allows to split parts of the URL to be used for + * This allows one to split parts of the URL to be used for * OAuth HTTP Authorization header: * see http://oauth.net/core/1.0a/#consumer_req_param * the oauthtest2 example code does so. @@ -565,8 +566,10 @@ char *oauth_sign_xmpp (const char *xml, * @param q query string to send along with the HTTP request or NULL. * @return In case of an error NULL is returned; otherwise a pointer to the * replied content from HTTP server. latter needs to be freed by caller. + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_http_get (const char *u, const char *q); +char *oauth_http_get (const char *u, const char *q) attribute_deprecated; /** * do a HTTP GET request, wait for it to finish @@ -574,9 +577,8 @@ char *oauth_http_get (const char *u, const char *q); * * (requires libcurl) * - * This is equivalent to /ref oauth_http_get but allows to - * specifiy a custom HTTP header and has - * has no support for commandline-curl. + * This is equivalent to /ref oauth_http_get but allows one + * to specifiy a custom HTTP header andhas no support for commandline-curl. * * If liboauth is compiled <b>without</b> libcurl this function * always returns NULL. @@ -587,8 +589,10 @@ char *oauth_http_get (const char *u, const char *q); * Multiple header elements can be passed separating them with "\r\n" * @return In case of an error NULL is returned; otherwise a pointer to the * replied content from HTTP server. latter needs to be freed by caller. + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_http_get2 (const char *u, const char *q, const char *customheader); +char *oauth_http_get2 (const char *u, const char *q, const char *customheader) attribute_deprecated; /** @@ -619,8 +623,10 @@ char *oauth_http_get2 (const char *u, const char *q, const char *customheader); * @param u url to query * @param p postargs to send along with the HTTP request. * @return replied content from HTTP server. needs to be freed by caller. + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_http_post (const char *u, const char *p); +char *oauth_http_post (const char *u, const char *p) attribute_deprecated; /** * do a HTTP POST request, wait for it to finish @@ -639,8 +645,10 @@ char *oauth_http_post (const char *u, const char *p); * @param customheader specify custom HTTP header (or NULL for none) * Multiple header elements can be passed separating them with "\r\n" * @return replied content from HTTP server. needs to be freed by caller. + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_http_post2 (const char *u, const char *p, const char *customheader); +char *oauth_http_post2 (const char *u, const char *p, const char *customheader) attribute_deprecated; /** @@ -656,8 +664,10 @@ char *oauth_http_post2 (const char *u, const char *p, const char *customheader); * @param customheader specify custom HTTP header (or NULL for default). * Multiple header elements can be passed separating them with "\r\n" * @return returned HTTP reply or NULL on error + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_post_file (const char *u, const char *fn, const size_t len, const char *customheader); +char *oauth_post_file (const char *u, const char *fn, const size_t len, const char *customheader) attribute_deprecated; /** * http post raw data @@ -672,8 +682,10 @@ char *oauth_post_file (const char *u, const char *fn, const size_t len, const ch * @param customheader specify custom HTTP header (or NULL for default) * Multiple header elements can be passed separating them with "\r\n" * @return returned HTTP reply or NULL on error + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ -char *oauth_post_data (const char *u, const char *data, size_t len, const char *customheader); +char *oauth_post_data (const char *u, const char *data, size_t len, const char *customheader) attribute_deprecated; /** * http post raw data, with callback. @@ -695,13 +707,15 @@ char *oauth_post_data (const char *u, const char *data, size_t len, const char * * @param callback specify the callback function * @param callback_data specify data to pass to the callback function * @return returned HTTP reply or NULL on error + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ char *oauth_post_data_with_callback (const char *u, const char *data, size_t len, const char *customheader, void (*callback)(void*,int,size_t,size_t), - void *callback_data); + void *callback_data) attribute_deprecated; /** * http send raw data. similar to /ref oauth_http_post but provides @@ -719,12 +733,14 @@ char *oauth_post_data_with_callback (const char *u, * Multiple header elements can be passed separating them with "\r\n" * @param httpMethod specify http verb ("GET"/"POST"/"PUT"/"DELETE") to be used. if httpMethod is NULL, a POST is executed. * @return returned HTTP reply or NULL on error + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ char *oauth_send_data (const char *u, const char *data, size_t len, const char *customheader, - const char *httpMethod); + const char *httpMethod) attribute_deprecated; /** * http post raw data, with callback. @@ -747,6 +763,8 @@ char *oauth_send_data (const char *u, * @param callback_data specify data to pass to the callback function * @param httpMethod specify http verb ("GET"/"POST"/"PUT"/"DELETE") to be used. * @return returned HTTP reply or NULL on error + * + * @deprecated use libcurl - http://curl.haxx.se/libcurl/c/ */ char *oauth_send_data_with_callback (const char *u, const char *data, @@ -754,7 +772,7 @@ char *oauth_send_data_with_callback (const char *u, const char *customheader, void (*callback)(void*,int,size_t,size_t), void *callback_data, - const char *httpMethod); + const char *httpMethod) attribute_deprecated; #ifdef __cplusplus } /* extern "C" */ diff --git a/src/oauth_http.c b/src/oauth_http.c index 0e06b10..9d637e1 100644 --- a/src/oauth_http.c +++ b/src/oauth_http.c @@ -1,7 +1,7 @@ /* * OAuth http functions in POSIX-C. * - * Copyright 2007, 2008, 2009, 2010 Robin Gareus <robin@gareus.org> + * Copyright 2007-2011 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -42,7 +42,6 @@ #ifdef HAVE_CURL /* HTTP requests via libcurl */ #include <curl/curl.h> -#include <sys/stat.h> # define GLOBAL_CURL_ENVIROMENT_OPTIONS \ if (getenv("CURLOPT_PROXYAUTH")){ \ @@ -180,7 +179,10 @@ char *oauth_curl_get (const char *u, const char *q, const char *customheader) { chunk.size = 0; curl = curl_easy_init(); - if(!curl) return NULL; + if(!curl) { + xfree(t1); + return NULL; + } curl_easy_setopt(curl, CURLOPT_URL, q?t1:u); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback); @@ -202,7 +204,7 @@ char *oauth_curl_get (const char *u, const char *q, const char *customheader) { GLOBAL_CURL_ENVIROMENT_OPTIONS; res = curl_easy_perform(curl); curl_slist_free_all(slist); - if (q) free(t1); + xfree(t1); curl_easy_cleanup(curl); if (res) { @@ -216,9 +218,10 @@ char *oauth_curl_get (const char *u, const char *q, const char *customheader) { * the returned string needs to be freed by the caller * * @param u url to retrieve - * @param fn filename of the file to post along + * @param fn filename of the file to post along (max 2GB) * @param len length of the file in bytes. set to '0' for autodetection * @param customheader specify custom HTTP header (or NULL for default) + * the default header adds "Content-Type: image/jpeg;" * @return returned HTTP or NULL on error */ char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const char *customheader) { @@ -227,6 +230,7 @@ char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const cha struct curl_slist *slist=NULL; struct MemoryStruct chunk; FILE *f; + long filelen; chunk.data=NULL; chunk.size=0; @@ -234,19 +238,24 @@ char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const cha if (customheader) slist = curl_slist_append(slist, customheader); else - slist = curl_slist_append(slist, "Content-Type: image/jpeg;"); - - if (!len) { - struct stat statbuf; - if (stat(fn, &statbuf) == -1) return(NULL); - len = statbuf.st_size; - } + slist = curl_slist_append(slist, "Content-Type: image/jpeg;"); // good guess :) f = fopen(fn,"r"); if (!f) return NULL; + fseek(f, 0L, SEEK_END); + filelen = ftell(f); + fseek(f, 0L, SEEK_SET); + + if (!len || len > filelen) { + len = filelen; + } + curl = curl_easy_init(); - if(!curl) return NULL; + if(!curl) { + fclose(f); + return NULL; + } curl_easy_setopt(curl, CURLOPT_URL, u); curl_easy_setopt(curl, CURLOPT_POST, 1); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len); @@ -262,11 +271,11 @@ char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const cha GLOBAL_CURL_ENVIROMENT_OPTIONS; res = curl_easy_perform(curl); curl_slist_free_all(slist); + fclose(f); if (res) { // error return NULL; } - fclose(f); curl_easy_cleanup(curl); return (chunk.data); @@ -282,6 +291,7 @@ char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const cha * @param data data to post along * @param len length of the file in bytes. set to '0' for autodetection * @param customheader specify custom HTTP header (or NULL for default) + * the default header adds "Content-Type: image/jpeg;" * @param callback specify the callback function * @param callback_data specify data to pass to the callback function * @return returned HTTP reply or NULL on error @@ -409,7 +419,7 @@ char *oauth_curl_post_data_with_callback (const char *u, const char *data, size_ /** * escape URL for use in String Quotes (aka shell single quotes). - * the returned string needs to be free()d by the calling function + * the returned string needs to be xfree()d by the calling function * * WARNING: this function only escapes single-quotes (') * @@ -518,8 +528,8 @@ char *oauth_exec_post (const char *u, const char *p) { t2=oauth_escape_shell(u); } snprintf(cmd, BUFSIZ, cmdtpl, t1, t2); - free(cmdtpl); - free(t1); free(t2); + xfree(cmdtpl); + xfree(t1); xfree(t2); return oauth_exec_shell(cmd); } @@ -551,6 +561,7 @@ char *oauth_exec_get (const char *u, const char *q) { t1=strstr(cmdtpl, "%u"); if (!t1) { fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environment variable.\n\n",_OAUTH_ENV_HTTPGET); + xfree(cmdtpl); return(NULL); } *(++t1)= 's'; @@ -561,12 +572,12 @@ char *oauth_exec_get (const char *u, const char *q) { e2 = oauth_escape_shell(q); t1=(char*)xmalloc(sizeof(char)*(strlen(e1)+strlen(e2)+2)); strcpy(t1,e1); strcat(t1,"?"); strcat(t1,e2); - free(e2); + xfree(e2); } snprintf(cmd, BUFSIZ, cmdtpl, q?t1:e1); - free(cmdtpl); - free(e1); - if (q) free(t1); + xfree(cmdtpl); + xfree(e1); + if (q) xfree(t1); return oauth_exec_shell(cmd); } #endif // command-line curl. diff --git a/src/sha1.c b/src/sha1.c new file mode 100644 index 0000000..3dae158 --- /dev/null +++ b/src/sha1.c @@ -0,0 +1,325 @@ +/* This code is public-domain - it is based on libcrypt + * placed in the public domain by Wei Dai and other contributors. + */ +// gcc -Wall -DSHA1TEST -o sha1test sha1.c && ./sha1test + +#include <stdint.h> +#include <string.h> + + +#ifdef __BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +#elif defined __LITTLE_ENDIAN__ +/* override */ +#elif defined __BYTE_ORDER +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +# endif +#else // ! defined __LITTLE_ENDIAN__ +# include <endian.h> // machine/endian.h +# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define SHA_BIG_ENDIAN +# endif +#endif + + +/* header */ + +#define HASH_LENGTH 20 +#define BLOCK_LENGTH 64 + +typedef struct sha1nfo { + uint32_t buffer[BLOCK_LENGTH/4]; + uint32_t state[HASH_LENGTH/4]; + uint32_t byteCount; + uint8_t bufferOffset; + uint8_t keyBuffer[BLOCK_LENGTH]; + uint8_t innerHash[HASH_LENGTH]; +} sha1nfo; + +/* public API - prototypes - TODO: doxygen*/ + +/** + */ +void sha1_init(sha1nfo *s); +/** + */ +void sha1_writebyte(sha1nfo *s, uint8_t data); +/** + */ +void sha1_write(sha1nfo *s, const char *data, size_t len); +/** + */ +uint8_t* sha1_result(sha1nfo *s); +/** + */ +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength); +/** + */ +uint8_t* sha1_resultHmac(sha1nfo *s); + + +/* code */ +#define SHA1_K0 0x5a827999 +#define SHA1_K20 0x6ed9eba1 +#define SHA1_K40 0x8f1bbcdc +#define SHA1_K60 0xca62c1d6 + +void sha1_init(sha1nfo *s) { + s->state[0] = 0x67452301; + s->state[1] = 0xefcdab89; + s->state[2] = 0x98badcfe; + s->state[3] = 0x10325476; + s->state[4] = 0xc3d2e1f0; + s->byteCount = 0; + s->bufferOffset = 0; +} + +uint32_t sha1_rol32(uint32_t number, uint8_t bits) { + return ((number << bits) | (number >> (32-bits))); +} + +void sha1_hashBlock(sha1nfo *s) { + uint8_t i; + uint32_t a,b,c,d,e,t; + + a=s->state[0]; + b=s->state[1]; + c=s->state[2]; + d=s->state[3]; + e=s->state[4]; + for (i=0; i<80; i++) { + if (i>=16) { + t = s->buffer[(i+13)&15] ^ s->buffer[(i+8)&15] ^ s->buffer[(i+2)&15] ^ s->buffer[i&15]; + s->buffer[i&15] = sha1_rol32(t,1); + } + if (i<20) { + t = (d ^ (b & (c ^ d))) + SHA1_K0; + } else if (i<40) { + t = (b ^ c ^ d) + SHA1_K20; + } else if (i<60) { + t = ((b & c) | (d & (b | c))) + SHA1_K40; + } else { + t = (b ^ c ^ d) + SHA1_K60; + } + t+=sha1_rol32(a,5) + e + s->buffer[i&15]; + e=d; + d=c; + c=sha1_rol32(b,30); + b=a; + a=t; + } + s->state[0] += a; + s->state[1] += b; + s->state[2] += c; + s->state[3] += d; + s->state[4] += e; +} + +void sha1_addUncounted(sha1nfo *s, uint8_t data) { + uint8_t * const b = (uint8_t*) s->buffer; +#ifdef SHA_BIG_ENDIAN + b[s->bufferOffset] = data; +#else + b[s->bufferOffset ^ 3] = data; +#endif + s->bufferOffset++; + if (s->bufferOffset == BLOCK_LENGTH) { + sha1_hashBlock(s); + s->bufferOffset = 0; + } +} + +void sha1_writebyte(sha1nfo *s, uint8_t data) { + ++s->byteCount; + sha1_addUncounted(s, data); +} + +void sha1_write(sha1nfo *s, const char *data, size_t len) { + for (;len--;) sha1_writebyte(s, (uint8_t) *data++); +} + +void sha1_pad(sha1nfo *s) { + // Implement SHA-1 padding (fips180-2 ยง5.1.1) + + // Pad with 0x80 followed by 0x00 until the end of the block + sha1_addUncounted(s, 0x80); + while (s->bufferOffset != 56) sha1_addUncounted(s, 0x00); + + // Append length in the last 8 bytes + sha1_addUncounted(s, 0); // We're only using 32 bit lengths + sha1_addUncounted(s, 0); // But SHA-1 supports 64 bit lengths + sha1_addUncounted(s, 0); // So zero pad the top bits + sha1_addUncounted(s, s->byteCount >> 29); // Shifting to multiply by 8 + sha1_addUncounted(s, s->byteCount >> 21); // as SHA-1 supports bitstreams as well as + sha1_addUncounted(s, s->byteCount >> 13); // byte. + sha1_addUncounted(s, s->byteCount >> 5); + sha1_addUncounted(s, s->byteCount << 3); +} + +uint8_t* sha1_result(sha1nfo *s) { + // Pad to complete the last block + sha1_pad(s); + +#ifndef SHA_BIG_ENDIAN + // Swap byte order back + int i; + for (i=0; i<5; i++) { + s->state[i]= + (((s->state[i])<<24)& 0xff000000) + | (((s->state[i])<<8) & 0x00ff0000) + | (((s->state[i])>>8) & 0x0000ff00) + | (((s->state[i])>>24)& 0x000000ff); + } +#endif + + // Return pointer to hash (20 characters) + return (uint8_t*) s->state; +} + +#define HMAC_IPAD 0x36 +#define HMAC_OPAD 0x5c + +void sha1_initHmac(sha1nfo *s, const uint8_t* key, int keyLength) { + uint8_t i; + memset(s->keyBuffer, 0, BLOCK_LENGTH); + if (keyLength > BLOCK_LENGTH) { + // Hash long keys + sha1_init(s); + for (;keyLength--;) sha1_writebyte(s, *key++); + memcpy(s->keyBuffer, sha1_result(s), HASH_LENGTH); + } else { + // Block length keys are used as is + memcpy(s->keyBuffer, key, keyLength); + } + // Start inner hash + sha1_init(s); + for (i=0; i<BLOCK_LENGTH; i++) { + sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_IPAD); + } +} + +uint8_t* sha1_resultHmac(sha1nfo *s) { + uint8_t i; + // Complete inner hash + memcpy(s->innerHash,sha1_result(s),HASH_LENGTH); + // Calculate outer hash + sha1_init(s); + for (i=0; i<BLOCK_LENGTH; i++) sha1_writebyte(s, s->keyBuffer[i] ^ HMAC_OPAD); + for (i=0; i<HASH_LENGTH; i++) sha1_writebyte(s, s->innerHash[i]); + return sha1_result(s); +} + +/* self-test */ + +#if SHA1TEST +#include <stdio.h> + +uint8_t hmacKey1[]={ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f, + 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f, + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f +}; +uint8_t hmacKey2[]={ + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f, + 0x40,0x41,0x42,0x43 +}; +uint8_t hmacKey3[]={ + 0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b,0x5c,0x5d,0x5e,0x5f, + 0x60,0x61,0x62,0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6a,0x6b,0x6c,0x6d,0x6e,0x6f, + 0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f, + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f, + 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf, + 0xb0,0xb1,0xb2,0xb3 +}; +uint8_t hmacKey4[]={ + 0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7a,0x7b,0x7c,0x7d,0x7e,0x7f, + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f, + 0xa0 +}; + +void printHash(uint8_t* hash) { + int i; + for (i=0; i<20; i++) { + printf("%02x", hash[i]); + } + printf("\n"); +} + + +int main (int argc, char **argv) { + uint32_t a; + sha1nfo s; + + // SHA tests + printf("Test: FIPS 180-2 C.1 and RFC3174 7.3 TEST1\n"); + printf("Expect:a9993e364706816aba3e25717850c26c9cd0d89d\n"); + printf("Result:"); + sha1_init(&s); + sha1_write(&s, "abc", 3); + printHash(sha1_result(&s)); + printf("\n\n"); + + printf("Test: FIPS 180-2 C.2 and RFC3174 7.3 TEST2\n"); + printf("Expect:84983e441c3bd26ebaae4aa1f95129e5e54670f1\n"); + printf("Result:"); + sha1_init(&s); + sha1_write(&s, "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56); + printHash(sha1_result(&s)); + printf("\n\n"); + + printf("Test: RFC3174 7.3 TEST4\n"); + printf("Expect:dea356a2cddd90c7a7ecedc5ebb563934f460452\n"); + printf("Result:"); + sha1_init(&s); + for (a=0; a<80; a++) sha1_write(&s, "01234567", 8); + printHash(sha1_result(&s)); + printf("\n\n"); + + // HMAC tests + printf("Test: FIPS 198a A.1\n"); + printf("Expect:4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey1, 64); + sha1_write(&s, "Sample #1",9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.2\n"); + printf("Expect:0922d3405faa3d194f82a45830737d5cc6c75d24\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey2, 20); + sha1_write(&s, "Sample #2", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.3\n"); + printf("Expect:bcf41eab8bb2d802f3d05caf7cb092ecf8d1a3aa\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey3,100); + sha1_write(&s, "Sample #3", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + printf("Test: FIPS 198a A.4\n"); + printf("Expect:9ea886efe268dbecce420c7524df32e0751a2a26\n"); + printf("Result:"); + sha1_initHmac(&s, hmacKey4,49); + sha1_write(&s, "Sample #4", 9); + printHash(sha1_resultHmac(&s)); + printf("\n\n"); + + // Long tests + printf("Test: FIPS 180-2 C.3 and RFC3174 7.3 TEST3\n"); + printf("Expect:34aa973cd4c4daa4f61eeb2bdbad27316534016f\n"); + printf("Result:"); + sha1_init(&s); + for (a=0; a<1000000; a++) sha1_writebyte(&s, 'a'); + printHash(sha1_result(&s)); + + return 0; +} +#endif /* self-test */ diff --git a/src/xmalloc.c b/src/xmalloc.c index f831e13..bd2136f 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -57,4 +57,7 @@ char *xstrdup (const char *s) { return (char*) ptr; } +void xfree(void *ptr) { + return free(ptr); +} // vi: sts=2 sw=2 ts=2 diff --git a/src/xmalloc.h b/src/xmalloc.h index 7ec9b61..6471371 100644 --- a/src/xmalloc.h +++ b/src/xmalloc.h @@ -6,5 +6,6 @@ void *xmalloc (size_t size); void *xcalloc (size_t nmemb, size_t size); void *xrealloc (void *ptr, size_t size); char *xstrdup (const char *s); +void xfree(void *ptr); #endif diff --git a/tests/commontest.c b/tests/commontest.c index f1892ca..ab57ed3 100644 --- a/tests/commontest.c +++ b/tests/commontest.c @@ -3,7 +3,7 @@ * @file commontest.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2007, 2008 Robin Gareus <robin@gareus.org> + * Copyright 2007, 2008, 2012 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/oauthbodyhash.c b/tests/oauthbodyhash.c index eb3ff3f..b71eb08 100644 --- a/tests/oauthbodyhash.c +++ b/tests/oauthbodyhash.c @@ -3,7 +3,7 @@ * @file oauthbodysign.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2009 Robin Gareus <robin@gareus.org> + * Copyright 2009, 2012 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -43,7 +43,14 @@ int my_data_post(char *url, char *data) { char *sig_url; bh=oauth_body_hash_data(strlen(data), data); - uh = oauth_catenc(2, url, bh); + uh = (char*) malloc((strlen(url)+strlen(bh)+2) * sizeof(char)); + if (!uh) return -1; + + strcat(uh, url); + strcat(uh, "?"); + strcat(uh, bh); + + printf("URL: %s\n", uh); req_url = oauth_sign_url2(uh, &postarg, OA_HMAC, NULL, c_key, c_secret, t_key, t_secret); printf("POST: %s?%s\n", req_url, postarg); if (uh) free(uh); @@ -53,8 +60,12 @@ int my_data_post(char *url, char *data) { reply = oauth_post_data(sig_url, data, strlen(data), "Content-Type: application/json"); if(sig_url) free(sig_url); - printf("REPLY: %s\n", reply); - if(reply) free(reply); + if (reply) { + printf("REPLY: %s\n", reply); + free(reply); + } else { + printf("Error performing the request\n"); + } return 0; } diff --git a/tests/oauthdatapost.c b/tests/oauthdatapost.c index 9bd2e1d..2f5c7f0 100644 --- a/tests/oauthdatapost.c +++ b/tests/oauthdatapost.c @@ -3,7 +3,7 @@ * @file oauthimageupload.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2008 Robin Gareus <robin@gareus.org> + * Copyright 2008, 2012 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/oauthexample.c b/tests/oauthexample.c index fb5915d..138e858 100644 --- a/tests/oauthexample.c +++ b/tests/oauthexample.c @@ -3,7 +3,7 @@ * @file oauthexample.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2008 Robin Gareus <robin@gareus.org> + * Copyright 2008, 2010 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/oauthtest.c b/tests/oauthtest.c index e06cb30..3882abf 100644 --- a/tests/oauthtest.c +++ b/tests/oauthtest.c @@ -3,7 +3,7 @@ * @file oauthtest.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2007, 2008 Robin Gareus <robin@gareus.org> + * Copyright 2007, 2008, 2010 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/oauthtest2.c b/tests/oauthtest2.c index fe4cbbb..ae91bcf 100644 --- a/tests/oauthtest2.c +++ b/tests/oauthtest2.c @@ -4,7 +4,7 @@ * @file oauthtest.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2010 Robin Gareus <robin@gareus.org> + * Copyright 2010, 2011 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/selftest_eran.c b/tests/selftest_eran.c index 7e118d4..d80abc2 100644 --- a/tests/selftest_eran.c +++ b/tests/selftest_eran.c @@ -6,7 +6,7 @@ * This code contains examples provided by Eran Hammer-Lahav * on the oauth.net mailing list. * - * Copyright 2008 Robin Gareus <robin@gareus.org> + * Copyright 2008, 2009 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal diff --git a/tests/selftest_other.c b/tests/selftest_other.c index 31ed557..5879d72 100644 --- a/tests/selftest_other.c +++ b/tests/selftest_other.c @@ -3,7 +3,7 @@ * @file selftest.c * @author Robin Gareus <robin@gareus.org> * - * Copyright 2009 Robin Gareus <robin@gareus.org> + * Copyright 2009, 2010, 2012 Robin Gareus <robin@gareus.org> * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal |