I ran into an odd issue when trying to use the builtin management app. Turns out the scope list sent from grant.html is seperated by a "+", but the logic in auth_check_user_scope_database() uses a " " (space). See the following two backtraces from gdb:
[Switching to Thread 0xb65ffb40 (LWP 8769)]
Breakpoint 1, auth_check_user_scope_database (config=0x808fa18,
username=0xb5c00a28 "admin", scope_list=0xb5c01410 "g_admin g_profile")
at user.c:552
552 char * scope, * scope_escaped, * saveptr, * scope_list_escaped = NULL, * scope_list_save = o_strdup(scope_list), * login_escaped = h_escape_string(config->conn, username), * scope_list_join;
(gdb) bt
#0 auth_check_user_scope_database (config=0x808fa18,
username=0xb5c00a28 "admin", scope_list=0xb5c01410 "g_admin g_profile")
at user.c:552
#1 0x0805c88c in auth_check_user_scope (config=0x808fa18,
username=0xb5c00a28 "admin", scope_list=0xb5c01410 "g_admin g_profile")
at user.c:637
#2 0x08051cba in check_auth_type_implicit_grant (request=0xb5c03d48,
response=0xb5c00f18, user_data=0x808fa18) at oauth.c:236
#3 0x08053aed in callback_glewlwyd_authorization (request=0xb5c03d48,
response=0xb5c00f18, user_data=0x808fa18) at webservice.c:59
#4 0xb7e18ff3 in ulfius_webservice_dispatcher ()
from /usr/local/lib/libulfius.so
#5 0xb7bf6dff in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#6 0xb7bf836f in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#7 0xb7c033c6 in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#8 0xb7bfb863 in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#9 0xb7bddecb in start_thread (arg=0xb65ffb40) at pthread_create.c:309
#10 0xb7f10d0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
[BT 2]
Breakpoint 1, auth_check_user_scope_database (config=0x808fa18,
username=0xb5c009b8 "admin", scope_list=0xb5c06400 "g_admin+g_profile")
at user.c:552
552 char * scope, * scope_escaped, * saveptr, * scope_list_escaped = NULL, * scope_list_save = o_strdup(scope_list), * login_escaped = h_escape_string(config->conn, username), * scope_list_join;
(gdb) bt
#0 auth_check_user_scope_database (config=0x808fa18,
username=0xb5c009b8 "admin", scope_list=0xb5c06400 "g_admin+g_profile")
at user.c:552
#1 0x0805c88c in auth_check_user_scope (config=0x808fa18,
username=0xb5c009b8 "admin", scope_list=0xb5c06400 "g_admin+g_profile")
at user.c:637
#2 0x0805412e in callback_glewlwyd_set_user_scope_grant (request=0xb5c05f00,
response=0xb5c016f8, user_data=0x808fa18) at webservice.c:179
#3 0xb7e18ff3 in ulfius_webservice_dispatcher ()
from /usr/local/lib/libulfius.so
#4 0xb7bf6dff in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#5 0xb7bf836f in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#6 0xb7c033c6 in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#7 0xb7bfb863 in ?? () from /usr/lib/i386-linux-gnu/libmicrohttpd.so.10
#8 0xb7bddecb in start_thread (arg=0xb65ffb40) at pthread_create.c:309
#9 0xb7f10d0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:129
- scope = strtok_r(save_scope_list, " ", &saveptr);
+ char sep = ' ';
+ char * tmp_scope = msprintf("%s", scope_list);
+ if(strchr(tmp_scope, '+') != NULL) {
+ sep = '+';
+ }
+ o_free(tmp_scope);
+ scope = strtok_r(save_scope_list, &sep, &saveptr);
while (scope != NULL) {
// Check if this user hasn't granted access to this client for this scope
scope_escaped = h_escape_string(config->conn, scope);
@@ -132,7 +138,7 @@ int grant_client_user_scope_access(struct config_elements * config, const char *
}
o_free(scope_escaped);
json_decref(j_result);
- scope = strtok_r(NULL, " ", &saveptr);
+ scope = strtok_r(NULL, &sep, &saveptr);
}
but I know nothing about C and I'm pretty sure this is a silly config error on my side. Any Ideas?