6 #include <strings.h> /* strncasecmp(3) */
9 /* Private structure for write_body() call back */
15 /* Private structure for write_header() call back */
17 _Bool is_complete
; /* Response has finished, next iteration is new
18 response, values become obsolete. */
19 char *last_header
; /* Temporary storage for previous unfinished header */
20 char *method
; /* WWW-Authenticate value */
21 char *code
; /* X-Response-message-code value */
22 isds_otp_resolution resolution
; /* Decoded .code member */
23 char *message
; /* X-Response-message-text value */
24 char *redirect
; /* Redirect URL */
28 /* Deallocate content of struct auth_headers */
29 static void auth_headers_free(struct auth_headers
*headers
) {
30 zfree(headers
->last_header
);
31 zfree(headers
->method
);
33 zfree(headers
->message
);
34 zfree(headers
->redirect
);
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
41 static const char *header_value(const char *line
, const char *name
) {
43 if (line
== NULL
|| name
== NULL
) return NULL
;
45 for (value
= line
; ; value
++, name
++) {
46 if (*value
== '\0') return NULL
; /* Line too short */
47 if (*name
== '\0') break; /* Name matches */
48 if (*name
!= *value
) return NULL
; /* Name does not match */
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
52 if (*value
++ != ':') return NULL
;
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
68 static int try_rfc2047_decode(_Bool prepend_space
, const char **input
,
71 const char *charset_start
, *encoding
, *end
;
72 size_t charset_length
;
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
77 if (input
== NULL
|| *input
== NULL
|| output
== NULL
|| *output
== NULL
)
82 if (encoded
[0] != '=' || encoded
[1] != '?')
85 /* Then is "CHARSET?" */
86 charset_start
= (encoded
+= 2);
87 while (*encoded
!= '?') {
90 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
97 if (*encoded
== '\0') return -1;
103 /* Then is "ENCODED_TEXT?=" */
104 while (*encoded
!= '?') {
105 if (*encoded
== '\0')
107 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
112 if (*(++encoded
) != '=') return -1;
115 * "=?CHARSET?E?ENCODED_TEXT?="
124 charset_length
= encoding
- charset_start
- 1;
125 if (charset_length
< 1)
127 charset
= strndup(charset_start
, charset_length
);
131 /* Decode encoding */
132 char *bit_stream
= NULL
;
133 size_t bit_length
= 0;
134 size_t encoding_length
= end
- encoding
- 2;
136 if (*encoding
== 'B') {
138 char *b64_stream
= NULL
;
139 if (NULL
== (b64_stream
=
140 malloc((encoding_length
+ 1) * sizeof(*encoding
)))) {
144 memcpy(b64_stream
, encoding
+ 2, encoding_length
);
145 b64_stream
[encoding_length
] = '\0';
146 bit_length
= _isds_b64decode(b64_stream
, (void **)&bit_stream
);
148 if (bit_length
== (size_t) -1) {
152 } else if (*encoding
== 'Q') {
153 /* Decode Quoted-printable-like */
154 if (NULL
== (bit_stream
=
155 malloc((encoding_length
) * sizeof(*encoding
)))) {
159 for (size_t q
= 2; q
< encoding_length
+ 2; q
++) {
160 if (encoding
[q
] == '_') {
161 bit_stream
[bit_length
] = '\x20';
162 } else if (encoding
[q
] == '=') {
164 /* Validate "=HH", where H is hexadecimal digit */
165 if (q
+ 2 >= encoding_length
+ 2 ) {
171 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
176 bit_stream
[bit_length
] = (ordinar
<< 4);
177 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
182 bit_stream
[bit_length
] += ordinar
;
184 bit_stream
[bit_length
] = encoding
[q
];
189 /* Unknown encoding */
194 /* Convert to UTF-8 */
195 char *utf_stream
= NULL
;
197 utf_length
= _isds_any2any(charset
, "UTF-8", bit_stream
, bit_length
,
198 (void **)&utf_stream
);
201 if (utf_length
== (size_t) -1) {
205 /* Copy UTF-8 stream to output buffer */
210 memcpy(*output
, utf_stream
, utf_length
);
212 *output
+= utf_length
;
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
223 static char *decode_header_value(const char *encoded_value
) {
224 char *decoded
= NULL
, *decoded_cursor
;
225 size_t content_length
;
226 _Bool text_started
= 0, lws_seen
= 0, encoded_word_seen
= 0;
228 if (encoded_value
== NULL
) return NULL
;
229 content_length
= strlen(encoded_value
);
231 /* A character can occupy up to 6 bytes in UTF-8 */
232 decoded
= malloc(content_length
* 6 + 1);
233 if (decoded
== NULL
) {
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
243 for (decoded_cursor
= decoded
; *encoded_value
; encoded_value
++) {
244 if (*encoded_value
== '\r' || *encoded_value
== '\n' ||
245 *encoded_value
== '\t' || *encoded_value
== ' ') {
249 if (*encoded_value
== '=' &&
251 lws_seen
&& text_started
&& !encoded_word_seen
,
252 &encoded_value
, &decoded_cursor
)) {
253 encoded_word_seen
= 1;
255 if (lws_seen
&& text_started
)
256 *(decoded_cursor
++) = ' ';
257 *(decoded_cursor
++) = *encoded_value
;
258 encoded_word_seen
= 0;
263 *decoded_cursor
= '\0';
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
294 static isds_otp_resolution
string2isds_otp_resolution(const char *string
) {
296 return OTP_RESOLUTION_UNKNOWN
;
297 else if (!strcmp(string
, "authentication.info.totpSended"))
298 return OTP_RESOLUTION_TOTP_SENT
;
299 else if (!strcmp(string
, "authentication.error.userIsNotAuthenticated"))
300 return OTP_RESOLUTION_BAD_AUTHENTICATION
;
301 else if (!strcmp(string
, "authentication.error.intruderDetected"))
302 return OTP_RESOLUTION_ACCESS_BLOCKED
;
303 else if (!strcmp(string
, "authentication.error.paswordExpired"))
304 return OTP_RESOLUTION_PASSWORD_EXPIRED
;
305 else if (!strcmp(string
, "authentication.info.cannotSendQuickly"))
306 return OTP_RESOLUTION_TO_FAST
;
307 else if (!strcmp(string
, "authentication.error.badRole"))
308 return OTP_RESOLUTION_UNAUTHORIZED
;
309 else if (!strcmp(string
, "authentication.info.totpNotSended"))
310 return OTP_RESOLUTION_TOTP_NOT_SENT
;
312 return OTP_RESOLUTION_UNKNOWN
;
316 /* Close connection to server and destroy CURL handle associated
318 _hidden isds_error
_isds_close_connection(struct isds_ctx
*context
) {
319 if (!context
) return IE_INVALID_CONTEXT
;
322 curl_easy_cleanup(context
->curl
);
323 context
->curl
= NULL
;
324 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Connection to server %s closed\n"),
328 return IE_CONNECTION_CLOSED
;
333 /* Remove username and password from context CURL handle. */
334 static isds_error
unset_http_authorization(struct isds_ctx
*context
) {
335 isds_error error
= IE_SUCCESS
;
337 if (context
== NULL
) return IE_INVALID_CONTEXT
;
338 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
340 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
341 if (curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
, NULL
))
343 if (curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
, NULL
))
346 if (curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, NULL
))
348 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
351 isds_log(ILF_HTTP
, ILL_ERR
, _("Error while unsetting user name and "
352 "password from CURL handle for connection to server %s.\n"),
355 isds_log(ILF_HTTP
, ILL_DEBUG
, _("User name and password for server %s "
356 "have been unset from CURL handle.\n"), context
->url
);
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
367 static size_t write_body(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
368 struct soap_body
*body
= (struct soap_body
*) userp
;
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
374 if (!body
) return 0; /* This should never happen */
375 if (0 == (size
* nmemb
)) return 0; /* Empty body */
377 new_data
= realloc(body
->data
, body
->length
+ size
* nmemb
);
378 if (!new_data
) return 0;
380 memcpy(new_data
+ body
->length
, buffer
, size
* nmemb
);
382 body
->data
= new_data
;
383 body
->length
+= size
* nmemb
;
385 return (size
* nmemb
);
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
396 static size_t write_header(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
397 struct auth_headers
*headers
= (struct auth_headers
*) userp
;
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
403 length
= size
* nmemb
;
405 if (NULL
== headers
) return 0; /* This should never happen */
407 /* ??? Is this the empty line delimiter? */
408 return 0; /* Empty headers */
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
413 if (headers
->is_complete
) auth_headers_free(headers
);
415 /* Append continuation to multi-line header */
416 if (*(char *)buffer
== ' ' || *(char *)buffer
== '\t') {
417 if (headers
->last_header
!= NULL
) {
418 size_t old_length
= strlen(headers
->last_header
);
419 char *longer_header
= realloc(headers
->last_header
, old_length
+ length
);
420 if (longer_header
== NULL
) {
424 strncpy(longer_header
+ old_length
, (char*)buffer
+ 1, length
- 1);
425 longer_header
[old_length
+ length
- 1] = '\0';
426 headers
->last_header
= longer_header
;
428 /* Invalid continuation without starting header will be skipped. */
429 isds_log(ILF_HTTP
, ILL_WARNING
,
430 _("HTTP header continuation without starting header has "
431 "been encountered. Skipping invalid HTTP response "
437 /* Decode last header */
438 value
= header_value(headers
->last_header
, "WWW-Authenticate");
440 free(headers
->method
);
441 if (NULL
== (headers
->method
= decode_header_value(value
))) {
442 /* TODO: Set IE_NOMEM to context */
448 value
= header_value(headers
->last_header
, "X-Response-message-code");
451 if (NULL
== (headers
->code
= decode_header_value(value
))) {
452 /* TODO: Set IE_NOMEM to context */
458 value
= header_value(headers
->last_header
, "X-Response-message-text");
460 free(headers
->message
);
461 if (NULL
== (headers
->message
= decode_header_value(value
))) {
462 /* TODO: Set IE_NOMEM to context */
469 /* Last header decoded, free it */
470 zfree(headers
->last_header
);
472 if (!strncmp(buffer
, "\r\n", length
)) {
473 /* Current line is header---body separator */
474 headers
->is_complete
= 1;
477 /* Current line is new header, store it */
478 headers
->last_header
= malloc(length
+ 1);
479 if (headers
->last_header
== NULL
) {
480 /* TODO: Set IE_NOMEM to context */
483 memcpy(headers
->last_header
, buffer
, length
);
484 headers
->last_header
[length
] = '\0';
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
494 static int progress_proxy(void *curl_data
, double download_total
,
495 double download_current
, double upload_total
, double upload_current
) {
496 struct isds_ctx
*context
= (struct isds_ctx
*) curl_data
;
499 if (context
&& context
->progress_callback
) {
500 abort
= context
->progress_callback(
501 upload_total
, upload_current
,
502 download_total
, download_current
,
503 context
->progress_callback_data
);
505 isds_log(ILF_HTTP
, ILL_INFO
,
506 _("Application aborted HTTP transfer"));
514 /* CURL call back function called when curl has something to log.
515 * @curl is cURL context
516 * @type is cURL log facility
517 * @buffer points to log data, XXX: not zero-terminated
518 * @size is length of log data
519 * @userp is private structure.
521 static int log_curl(CURL
*curl
, curl_infotype type
, char *buffer
, size_t size
,
523 if (!buffer
|| 0 == size
) return 0;
524 if (type
== CURLINFO_TEXT
|| type
== CURLINFO_HEADER_IN
||
525 type
== CURLINFO_HEADER_OUT
)
526 isds_log(ILF_HTTP
, ILL_DEBUG
, "%*s", size
, buffer
);
532 * @context holds the base URL,
533 * @url is a (CGI) file of SOAP URL,
534 * @use_get is a false to do a POST request, true to do a GET request.
535 * @request is body for POST request
536 * @request_length is length of @request in bytes
537 * @reponse is automatically reallocated() buffer to fit HTTP response with
538 * @response_length (does not need to match allocated memory exactly). You must
539 * free() the @response.
540 * @mime_type is automatically allocated MIME type send by server (*NULL if not
541 * sent). Set NULL if you don't care.
542 * @charset is charset of the body signaled by server. The same constrains
543 * like on @mime_type apply.
544 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
545 * or any other one. Pass NULL if you don't interest.
546 * In case of error, the response memory, MIME type, charset and length will be
547 * deallocated and zeroed automatically. Thus be sure they are preallocated or
548 * they points to NULL.
549 * @response_otp_headers is pre-allocated structure for OTP authentication
550 * headers sent by server. Members must be valid pointers or NULLs.
551 * Pass NULL if you don't interest.
552 * Be ware that successful return value does not mean the HTTP request has
553 * been accepted by the server. You must consult @http_code. OTOH, failure
554 * return value means the request could not been sent (e.g. SSL error).
555 * Side effect: message buffer */
556 static isds_error
http(struct isds_ctx
*context
,
557 const char *url
, _Bool use_get
,
558 const void *request
, const size_t request_length
,
559 void **response
, size_t *response_length
,
560 char **mime_type
, char **charset
, long *http_code
,
561 struct auth_headers
*response_otp_headers
) {
564 isds_error err
= IE_SUCCESS
;
565 struct soap_body body
;
567 struct curl_slist
*headers
= NULL
;
570 if (!context
) return IE_INVALID_CONTEXT
;
571 if (!url
) return IE_INVAL
;
572 if (request_length
> 0 && !request
) return IE_INVAL
;
573 if (!response
|| !response_length
) return IE_INVAL
;
575 /* Clean authentication headers */
577 /* Set the body here to allow deallocation in leave block */
578 body
.data
= *response
;
581 /* Set Request-URI */
582 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_URL
, url
);
584 /* Set TLS options */
585 if (!curl_err
&& context
->tls_verify_server
) {
586 if (!*context
->tls_verify_server
)
587 isds_log(ILF_SEC
, ILL_WARNING
,
588 _("Disabling server identity verification. "
589 "That was your decision.\n"));
590 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYPEER
,
591 (*context
->tls_verify_server
)? 1L : 0L);
593 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYHOST
,
594 (*context
->tls_verify_server
)? 2L : 0L);
597 if (!curl_err
&& context
->tls_ca_file
) {
598 isds_log(ILF_SEC
, ILL_INFO
,
599 _("CA certificates will be searched in `%s' file since now\n"),
600 context
->tls_ca_file
);
601 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAINFO
,
602 context
->tls_ca_file
);
604 if (!curl_err
&& context
->tls_ca_dir
) {
605 isds_log(ILF_SEC
, ILL_INFO
,
606 _("CA certificates will be searched in `%s' directory "
607 "since now\n"), context
->tls_ca_dir
);
608 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAPATH
,
609 context
->tls_ca_dir
);
611 if (!curl_err
&& context
->tls_crl_file
) {
612 #if HAVE_DECL_CURLOPT_CRLFILE /* Since curl-7.19.0 */
613 isds_log(ILF_SEC
, ILL_INFO
,
614 _("CRLs will be searched in `%s' file since now\n"),
615 context
->tls_crl_file
);
616 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CRLFILE
,
617 context
->tls_crl_file
);
619 isds_log(ILF_SEC
, ILL_WARNING
,
620 _("Your curl library cannot pass certificate revocation "
621 "list to cryptographic library.\n"
622 "Make sure cryptographic library default setting "
623 "delivers proper CRLs,\n"
624 "or upgrade curl.\n"));
625 #endif /* not HAVE_DECL_CURLOPT_CRLFILE */
629 /* Set credentials */
630 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
631 if (!curl_err
&& context
->username
) {
632 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
,
635 if (!curl_err
&& context
->password
) {
636 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
,
640 if (!curl_err
&& (context
->username
|| context
->password
)) {
642 _isds_astrcat3(context
->username
, ":", context
->password
);
644 isds_log_message(context
, _("Could not pass credentials to CURL"));
648 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, userpwd
);
651 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
653 /* Set PKI credentials */
654 if (!curl_err
&& (context
->pki_credentials
)) {
655 if (context
->pki_credentials
->engine
) {
656 /* Select SSL engine */
657 isds_log(ILF_SEC
, ILL_INFO
,
658 _("Cryptographic engine `%s' will be used for "
659 "key or certificate\n"),
660 context
->pki_credentials
->engine
);
661 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLENGINE
,
662 context
->pki_credentials
->engine
);
666 /* Select certificate format */
667 #if HAVE_DECL_CURLOPT_SSLCERTTYPE /* since curl-7.9.3 */
668 if (context
->pki_credentials
->certificate_format
==
670 /* XXX: It's valid to have certificate in engine without name.
671 * Engines can select certificate according private key and
673 if (context
->pki_credentials
->certificate
)
674 isds_log(ILF_SEC
, ILL_INFO
, _("Client `%s' certificate "
675 "will be read from `%s' engine\n"),
676 context
->pki_credentials
->certificate
,
677 context
->pki_credentials
->engine
);
679 isds_log(ILF_SEC
, ILL_INFO
, _("Client certificate "
680 "will be read from `%s' engine\n"),
681 context
->pki_credentials
->engine
);
682 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
684 } else if (context
->pki_credentials
->certificate
) {
685 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s certificate "
686 "will be read from `%s' file\n"),
687 (context
->pki_credentials
->certificate_format
==
688 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
689 context
->pki_credentials
->certificate
);
690 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
691 (context
->pki_credentials
->certificate_format
==
692 PKI_FORMAT_DER
) ? "DER" : "PEM");
695 if ((context
->pki_credentials
->certificate_format
==
697 context
->pki_credentials
->certificate
))
698 isds_log(ILF_SEC
, ILL_WARNING
,
699 _("Your curl library cannot distinguish certificate "
700 "formats. Make sure your cryptographic library\n"
701 "understands your certificate file by default, "
702 "or upgrade curl.\n"));
703 #endif /* not HAVE_DECL_CURLOPT_SSLCERTTYPE */
706 if (!curl_err
&& context
->pki_credentials
->certificate
) {
707 /* Select certificate */
709 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERT
,
710 context
->pki_credentials
->certificate
);
714 /* Select key format */
715 if (context
->pki_credentials
->key_format
== PKI_FORMAT_ENG
) {
716 if (context
->pki_credentials
->key
)
717 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key `%s' "
718 "from `%s' engine will be used\n"),
719 context
->pki_credentials
->key
,
720 context
->pki_credentials
->engine
);
722 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key "
723 "from `%s' engine will be used\n"),
724 context
->pki_credentials
->engine
);
725 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
727 } else if (context
->pki_credentials
->key
) {
728 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s private key will be "
729 "read from `%s' file\n"),
730 (context
->pki_credentials
->key_format
==
731 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
732 context
->pki_credentials
->key
);
733 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
734 (context
->pki_credentials
->key_format
==
735 PKI_FORMAT_DER
) ? "DER" : "PEM");
740 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEY
,
741 context
->pki_credentials
->key
);
744 /* Pass key pass-phrase */
745 #if HAVE_DECL_CURLOPT_KEYPASSWD /* since curl-7.16.5 */
746 curl_err
= curl_easy_setopt(context
->curl
,
748 context
->pki_credentials
->passphrase
);
749 #elif HAVE_DECL_CURLOPT_SSLKEYPASSWD /* up to curl-7.16.4 */
750 curl_err
= curl_easy_setopt(context
->curl
,
751 CURLOPT_SSLKEYPASSWD
,
752 context
->pki_credentials
->passphrase
);
753 #else /* up to curl-7.9.2 */
754 curl_err
= curl_easy_setopt(context
->curl
,
755 CURLOPT_SSLCERTPASSWD
,
756 context
->pki_credentials
->passphrase
);
762 /* Set authorization cookie for OTP session */
763 if (!curl_err
&& context
->otp
) {
764 isds_log(ILF_SEC
, ILL_INFO
,
765 _("Cookies will be stored and sent "
766 "because context has been authorized by OTP.\n"));
767 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_COOKIEFILE
, "");
772 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOSIGNAL
, 1);
774 if (!curl_err
&& context
->timeout
) {
775 #if HAVE_DECL_CURLOPT_TIMEOUT_MS /* Since curl-7.16.2 */
776 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT_MS
,
779 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT
,
780 context
->timeout
/ 1000);
781 #endif /* not HAVE_DECL_CURLOPT_TIMEOUT_MS */
784 /* Register callback */
785 if (context
->progress_callback
) {
787 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOPROGRESS
, 0);
790 curl_err
= curl_easy_setopt(context
->curl
,
791 CURLOPT_PROGRESSFUNCTION
, progress_proxy
);
794 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PROGRESSDATA
,
799 /* Set other CURL features */
801 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_FAILONERROR
, 0);
804 /* Set get-response function */
806 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEFUNCTION
,
810 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEDATA
, &body
);
813 /* Set get-response-headers function if needed.
814 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
815 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
816 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
818 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HEADERFUNCTION
,
819 (response_otp_headers
== NULL
) ? NULL
: write_header
);
822 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEHEADER
,
823 response_otp_headers
);
826 /* Set MIME types and headers requires by SOAP 1.1.
827 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml */
829 headers
= curl_slist_append(headers
,
830 "Accept: application/soap+xml,application/xml,text/xml");
835 headers
= curl_slist_append(headers
, "Content-Type: text/xml");
840 headers
= curl_slist_append(headers
, "SOAPAction: ");
845 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPHEADER
, headers
);
848 /* Set user agent identification */
849 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERAGENT
,
850 "libisds/" PACKAGE_VERSION
);
854 /* Set GET request */
856 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPGET
, 1);
859 /* Set POST request body */
861 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POST
, 1);
864 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDS
, request
);
867 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDSIZE
,
873 /* Debug cURL if requested */
875 ((log_facilities
& ILF_HTTP
) && (log_level
>= ILL_DEBUG
));
877 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_VERBOSE
,
878 (debug_curl
) ? 1 : 0);
881 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_DEBUGFUNCTION
,
882 (debug_curl
) ? log_curl
: NULL
);
886 /* Check for errors so far */
888 isds_log_message(context
, curl_easy_strerror(curl_err
));
893 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Sending %s request to <%s>\n"),
894 use_get
? "GET" : "POST", url
);
896 isds_log(ILF_HTTP
, ILL_DEBUG
,
897 _("POST body length: %zu, content follows:\n"), request_length
);
898 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n", request_length
, request
);
899 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of POST body\n"));
904 curl_err
= curl_easy_perform(context
->curl
);
907 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_CONTENT_TYPE
,
911 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
913 /* TODO: CURL is not internationalized yet. Collect CURL messages for
915 isds_printf_message(context
,
916 _("%s: %s"), url
, _(curl_easy_strerror(curl_err
)));
917 if (curl_err
== CURLE_ABORTED_BY_CALLBACK
)
920 curl_err
== CURLE_SSL_CONNECT_ERROR
||
921 curl_err
== CURLE_SSL_ENGINE_NOTFOUND
||
922 curl_err
== CURLE_SSL_ENGINE_SETFAILED
||
923 curl_err
== CURLE_SSL_CERTPROBLEM
||
924 curl_err
== CURLE_SSL_CIPHER
||
925 curl_err
== CURLE_SSL_CACERT
||
926 curl_err
== CURLE_USE_SSL_FAILED
||
927 curl_err
== CURLE_SSL_ENGINE_INITFAILED
||
928 curl_err
== CURLE_SSL_CACERT_BADFILE
||
929 curl_err
== CURLE_SSL_SHUTDOWN_FAILED
||
930 curl_err
== CURLE_SSL_CRL_BADFILE
||
931 curl_err
== CURLE_SSL_ISSUER_ERROR
939 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Final response to %s received\n"), url
);
940 isds_log(ILF_HTTP
, ILL_DEBUG
,
941 _("Response body length: %zu, content follows:\n"),
943 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n", body
.length
, body
.data
);
944 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of response body\n"));
947 /* Extract MIME type and charset */
952 sep
= strchr(content_type
, ';');
953 if (sep
) offset
= (size_t) (sep
- content_type
);
954 else offset
= strlen(content_type
);
957 *mime_type
= malloc(offset
+ 1);
962 memcpy(*mime_type
, content_type
, offset
);
963 (*mime_type
)[offset
] = '\0';
970 sep
= strstr(sep
, "charset=");
974 *charset
= strdup(sep
+ 8);
984 /* Get HTTP response code */
986 curl_err
= curl_easy_getinfo(context
->curl
,
987 CURLINFO_RESPONSE_CODE
, http_code
);
994 /* Store OTP authentication results */
995 if (response_otp_headers
&& response_otp_headers
->is_complete
) {
996 isds_log(ILF_SEC
, ILL_DEBUG
,
997 _("OTP authentication headers received: "
998 "method=%s, code=%s, message=%s\n"),
999 response_otp_headers
->method
, response_otp_headers
->code
,
1000 response_otp_headers
->message
);
1002 /* XXX: Don't make unknown code fatal. Missing code can be succcess if
1003 * HTTP code is 302. This is checked in _isds_soap(). */
1004 response_otp_headers
->resolution
=
1005 string2isds_otp_resolution(response_otp_headers
->code
);
1007 if (response_otp_headers
->message
!= NULL
) {
1008 char *message_locale
= _isds_utf82locale(response_otp_headers
->message
);
1009 /* _isds_utf82locale() return NULL on inconverable string. Do not
1011 * TODO: Escape such characters.
1012 * if (message_locale == NULL) {
1016 isds_printf_message(context
,
1017 _("Server returned OTP authentication message: %s"),
1019 free(message_locale
);
1022 char *next_url
= NULL
; /* Weak pointer managed by cURL */
1023 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_REDIRECT_URL
,
1029 if (next_url
!= NULL
) {
1030 isds_log(ILF_SEC
, ILL_DEBUG
,
1031 _("OTP authentication headers redirect to: <%s>\n"),
1033 free(response_otp_headers
->redirect
);
1034 response_otp_headers
->redirect
= strdup(next_url
);
1035 if (response_otp_headers
->redirect
== NULL
) {
1042 curl_slist_free_all(headers
);
1058 if (err
!= IE_ABORTED
) _isds_close_connection(context
);
1061 *response
= body
.data
;
1062 *response_length
= body
.length
;
1069 * @context holds the base URL,
1070 * @file is a (CGI) file of SOAP URL,
1071 * @request is XML node set with SOAP request body.
1072 * @file must be NULL, @request should be NULL rather than empty, if they should
1073 * not be signaled in the SOAP request.
1074 * @reponse is automatically allocated() node set with SOAP response body.
1075 * You must xmlFreeNodeList() it. This is literal body, empty (NULL), one node
1076 * or more nodes can be returned.
1077 * @raw_response is automatically allocated bit stream with response body. Use
1078 * NULL if you don't care
1079 * @raw_response_length is size of @raw_response in bytes
1080 * In case of error the response will be deallocated automatically.
1081 * Side effect: message buffer */
1082 _hidden isds_error
_isds_soap(struct isds_ctx
*context
, const char *file
,
1083 const xmlNodePtr request
, xmlNodePtr
*response
,
1084 void **raw_response
, size_t *raw_response_length
) {
1086 isds_error err
= IE_SUCCESS
;
1088 char *mime_type
= NULL
;
1090 struct auth_headers response_otp_headers
;
1091 xmlBufferPtr http_request
= NULL
;
1092 xmlSaveCtxtPtr save_ctx
= NULL
;
1093 xmlDocPtr request_soap_doc
= NULL
;
1094 xmlNodePtr request_soap_envelope
= NULL
, request_soap_body
= NULL
;
1095 xmlNsPtr soap_ns
= NULL
;
1096 void *http_response
= NULL
;
1097 size_t response_length
= 0;
1098 xmlDocPtr response_soap_doc
= NULL
;
1099 xmlNodePtr response_root
= NULL
;
1100 xmlXPathContextPtr xpath_ctx
= NULL
;
1101 xmlXPathObjectPtr response_soap_headers
= NULL
, response_soap_body
= NULL
,
1102 response_soap_fault
= NULL
;
1105 if (!context
) return IE_INVALID_CONTEXT
;
1106 if (!response
) return IE_INVAL
;
1107 if (!raw_response_length
&& raw_response
) return IE_INVAL
;
1109 xmlFreeNodeList(*response
);
1111 if (raw_response
) *raw_response
= NULL
;
1113 url
= _isds_astrcat(context
->url
, file
);
1114 if (!url
) return IE_NOMEM
;
1116 /* Build SOAP request envelope */
1117 request_soap_doc
= xmlNewDoc(BAD_CAST
"1.0");
1118 if (!request_soap_doc
) {
1119 isds_log_message(context
, _("Could not build SOAP request document"));
1123 request_soap_envelope
= xmlNewNode(NULL
, BAD_CAST
"Envelope");
1124 if (!request_soap_envelope
) {
1125 isds_log_message(context
, _("Could not build SOAP request envelope"));
1129 xmlDocSetRootElement(request_soap_doc
, request_soap_envelope
);
1130 /* Only this way we get namespace definition as @xmlns:soap,
1131 * otherwise we get namespace prefix without definition */
1132 soap_ns
= xmlNewNs(request_soap_envelope
, BAD_CAST SOAP_NS
, NULL
);
1134 isds_log_message(context
, _("Could not create SOAP name space"));
1138 xmlSetNs(request_soap_envelope
, soap_ns
);
1139 request_soap_body
= xmlNewChild(request_soap_envelope
, NULL
,
1140 BAD_CAST
"Body", NULL
);
1141 if (!request_soap_body
) {
1142 isds_log_message(context
,
1143 _("Could not add Body to SOAP request envelope"));
1148 /* Append request XML node set to SOAP body if request is not empty */
1149 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1150 * would destroy this outer structure. */
1152 xmlNodePtr request_copy
= xmlCopyNodeList(request
);
1153 if (!request_copy
) {
1154 isds_log_message(context
,
1155 _("Could not copy request content"));
1159 if (!xmlAddChildList(request_soap_body
, request_copy
)) {
1160 xmlFreeNodeList(request_copy
);
1161 isds_log_message(context
,
1162 _("Could not add request content to SOAP "
1163 "request envelope"));
1170 /* Serialize the SOAP request into HTTP request body */
1171 http_request
= xmlBufferCreate();
1172 if (!http_request
) {
1173 isds_log_message(context
,
1174 _("Could not create xmlBuffer for HTTP request body"));
1178 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1179 * XML document transport as it adds text nodes (indentiation) between
1181 save_ctx
= xmlSaveToBuffer(http_request
, "UTF-8", 0);
1183 isds_log_message(context
,
1184 _("Could not create XML serializer"));
1188 /* XXX: According LibXML documentation, this function does not return
1189 * meaningful value yet */
1190 xmlSaveDoc(save_ctx
, request_soap_doc
);
1191 if (-1 == xmlSaveFlush(save_ctx
)) {
1192 isds_log_message(context
,
1193 _("Could not serialize SOAP request to HTTP request body"));
1198 if (context
->otp_credentials
!= NULL
)
1199 memset(&response_otp_headers
, 0, sizeof(response_otp_headers
));
1201 if (context
->otp_credentials
!= NULL
)
1202 auth_headers_free(&response_otp_headers
);
1203 isds_log(ILF_SOAP
, ILL_DEBUG
,
1204 _("SOAP request to sent to %s:\n%.*s\nEnd of SOAP request\n"),
1205 url
, http_request
->use
, http_request
->content
);
1207 err
= http(context
, url
, 0, http_request
->content
, http_request
->use
,
1208 &http_response
, &response_length
,
1209 &mime_type
, NULL
, &http_code
,
1210 (context
->otp_credentials
== NULL
) ? NULL
: &response_otp_headers
);
1212 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1213 * to be processed too. */
1219 if (NULL
!= context
->otp_credentials
)
1220 context
->otp_credentials
->resolution
= response_otp_headers
.resolution
;
1222 /* Check for HTTP return code */
1223 isds_log(ILF_SOAP
, ILL_DEBUG
, _("Server returned %ld HTTP code\n"),
1225 switch (http_code
) {
1226 /* XXX: We must see which code is used for not permitted ISDS
1227 * operation like downloading message without proper user
1228 * permissions. In that case we should keep connection opened. */
1230 if (NULL
!= context
->otp_credentials
) {
1231 if (context
->otp_credentials
->resolution
==
1232 OTP_RESOLUTION_UNKNOWN
)
1233 context
->otp_credentials
->resolution
=
1234 OTP_RESOLUTION_SUCCESS
;
1238 if (NULL
!= context
->otp_credentials
) {
1239 if (context
->otp_credentials
->resolution
==
1240 OTP_RESOLUTION_UNKNOWN
)
1241 context
->otp_credentials
->resolution
=
1242 OTP_RESOLUTION_SUCCESS
;
1243 err
= IE_PARTIAL_SUCCESS
;
1244 isds_printf_message(context
,
1245 _("Server redirects on <%s> because OTP authentication "
1248 if (context
->otp_credentials
->otp_code
!= NULL
&&
1249 response_otp_headers
.redirect
!= NULL
) {
1250 /* XXX: If OTP code is known, this must be second OTP phase, so
1251 * send final POST request and unset Basic authentication
1252 * from cURL context as cookie is used instead. */
1254 url
= response_otp_headers
.redirect
;
1255 response_otp_headers
.redirect
= NULL
;
1256 _isds_discard_credentials(context
, 0);
1257 err
= unset_http_authorization(context
);
1259 isds_log_message(context
, _("Could not remove "
1260 "credentials from CURL handle."));
1265 /* XXX: Otherwise bail out to ask application for OTP code. */
1270 isds_printf_message(context
,
1271 _("Code 302: Server redirects on <%s> request. "
1272 "Redirection is forbidden in stateless mode."),
1277 case 401: /* ISDS server returns 401 even if Authorization
1279 case 403: /* HTTP/1.0 prescribes 403 if Authorization presents. */
1280 err
= IE_NOT_LOGGED_IN
;
1281 isds_log_message(context
, _("Authentication failed"));
1286 isds_printf_message(context
,
1287 _("Code 404: Document (%s) not found on server"), url
);
1290 /* 500 should return standard SOAP message */
1293 /* Check for Content-Type: text/xml.
1294 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1295 * page for browsers. */
1296 if (mime_type
&& strcmp(mime_type
, "text/xml")
1297 && strcmp(mime_type
, "application/soap+xml")
1298 && strcmp(mime_type
, "application/xml")) {
1299 char *mime_type_locale
= _isds_utf82locale(mime_type
);
1300 isds_printf_message(context
,
1301 _("%s: bad MIME type sent by server: %s"), url
,
1303 free(mime_type_locale
);
1308 /* TODO: Convert returned body into XML default encoding */
1310 /* Parse the HTTP body as XML */
1311 response_soap_doc
= xmlParseMemory(http_response
, response_length
);
1312 if (!response_soap_doc
) {
1317 xpath_ctx
= xmlXPathNewContext(response_soap_doc
);
1323 if (_isds_register_namespaces(xpath_ctx
, MESSAGE_NS_UNSIGNED
)) {
1328 isds_log(ILF_SOAP
, ILL_DEBUG
,
1329 _("SOAP response received:\n%.*s\nEnd of SOAP response\n"),
1330 response_length
, http_response
);
1333 /* Check for SOAP version */
1334 response_root
= xmlDocGetRootElement(response_soap_doc
);
1335 if (!response_root
) {
1336 isds_log_message(context
, "SOAP response has no root element");
1340 if (xmlStrcmp(response_root
->name
, BAD_CAST
"Envelope") ||
1341 xmlStrcmp(response_root
->ns
->href
, BAD_CAST SOAP_NS
)) {
1342 isds_log_message(context
, "SOAP response is not SOAP 1.1 document");
1347 /* Check for SOAP Headers */
1348 response_soap_headers
= xmlXPathEvalExpression(
1349 BAD_CAST
"/soap:Envelope/soap:Header/"
1350 "*[@soap:mustUnderstand/text() = true()]", xpath_ctx
);
1351 if (!response_soap_headers
) {
1355 if (!xmlXPathNodeSetIsEmpty(response_soap_headers
->nodesetval
)) {
1356 isds_log_message(context
,
1357 _("SOAP response requires unsupported feature"));
1358 /* TODO: log the headers
1359 * xmlChar *fragment = NULL;
1360 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1366 response_soap_body
= xmlXPathEvalExpression(
1367 BAD_CAST
"/soap:Envelope/soap:Body", xpath_ctx
);
1368 if (!response_soap_body
) {
1372 if (xmlXPathNodeSetIsEmpty(response_soap_body
->nodesetval
)) {
1373 isds_log_message(context
,
1374 _("SOAP response does not contain SOAP Body element"));
1378 if (response_soap_body
->nodesetval
->nodeNr
> 1) {
1379 isds_log_message(context
,
1380 _("SOAP response has more than one Body element"));
1385 /* Check for SOAP Fault */
1386 response_soap_fault
= xmlXPathEvalExpression(
1387 BAD_CAST
"/soap:Envelope/soap:Body/soap:Fault", xpath_ctx
);
1388 if (!response_soap_fault
) {
1392 if (!xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1393 /* Server signals Fault. Gather error message and croak. */
1394 /* XXX: Only first message is passed */
1395 char *message
= NULL
, *message_locale
= NULL
;
1396 xpath_ctx
->node
= response_soap_fault
->nodesetval
->nodeTab
[0];
1397 xmlXPathFreeObject(response_soap_fault
);
1398 /* XXX: faultstring and faultcode are in no name space according
1399 * ISDS specification */
1400 /* First more verbose faultstring */
1401 response_soap_fault
= xmlXPathEvalExpression(
1402 BAD_CAST
"faultstring[1]/text()", xpath_ctx
);
1403 if (response_soap_fault
&&
1404 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1406 xmlXPathCastNodeSetToString(response_soap_fault
->nodesetval
);
1407 message_locale
= _isds_utf82locale(message
);
1409 /* If not available, try shorter faultcode */
1410 if (!message_locale
) {
1412 xmlXPathFreeObject(response_soap_fault
);
1413 response_soap_fault
= xmlXPathEvalExpression(
1414 BAD_CAST
"faultcode[1]/text()", xpath_ctx
);
1415 if (response_soap_fault
&&
1416 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1418 xmlXPathCastNodeSetToString(
1419 response_soap_fault
->nodesetval
);
1420 message_locale
= _isds_utf82locale(message
);
1426 isds_printf_message(context
, _("SOAP response signals Fault: %s"),
1429 isds_log_message(context
, _("SOAP response signals Fault"));
1431 free(message_locale
);
1439 /* Extract XML Tree with ISDS response from SOAP envelope and return it.
1440 * XXX: response_soap_body is Body, we need children which may not exist
1441 * (i.e. empty Body). */
1442 /* TODO: Destroy SOAP response but Body children. This is more memory
1443 * friendly than copying (potentially) fat body */
1444 if (response_soap_body
->nodesetval
->nodeTab
[0]->children
) {
1445 *response
= xmlDocCopyNodeList(response_soap_doc
,
1446 response_soap_body
->nodesetval
->nodeTab
[0]->children
);
1451 } else *response
= NULL
;
1453 /* Save raw response */
1455 *raw_response
= http_response
;
1456 *raw_response_length
= response_length
;
1457 http_response
= NULL
;
1463 xmlFreeNodeList(*response
);
1467 xmlXPathFreeObject(response_soap_fault
);
1468 xmlXPathFreeObject(response_soap_body
);
1469 xmlXPathFreeObject(response_soap_headers
);
1470 xmlXPathFreeContext(xpath_ctx
);
1471 xmlFreeDoc(response_soap_doc
);
1472 if (context
->otp_credentials
!= NULL
)
1473 auth_headers_free(&response_otp_headers
);
1475 free(http_response
);
1476 xmlSaveClose(save_ctx
);
1477 xmlBufferFree(http_request
);
1478 xmlFreeDoc(request_soap_doc
); /* recursive, frees request_body, soap_ns*/
1485 /* Build new URL from current @context and template.
1486 * @context is context carrying an URL
1487 * @template is printf(3) format string. First argument is string of base URL
1488 * found in @context, second argument is length of the base URL.
1489 * @new_url is newly allocated URL built from @template. Caller must free it.
1490 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1493 _hidden isds_error
_isds_build_url_from_context(struct isds_ctx
*context
,
1494 const char *template, char **new_url
) {
1495 int length
, slashes
;
1497 if (NULL
!= new_url
) *new_url
= NULL
;
1498 if (NULL
== context
) return IE_INVALID_CONTEXT
;
1499 if (NULL
== template) return IE_INVAL
;
1500 if (NULL
== new_url
) return IE_INVAL
;
1502 /* Find length of base URL from context URL */
1503 if (NULL
== context
->url
) {
1504 isds_log_message(context
, _("Base URL could not have been determined "
1505 "from context URL because there was no URL set in the "
1509 for (length
= 0, slashes
= 0; context
->url
[length
] != '\0'; length
++) {
1510 if (context
->url
[length
] == '/') slashes
++;
1511 if (slashes
== 3) break;
1514 isds_log_message(context
, _("Base URL could not have been determined "
1515 "from context URL"));
1521 if (-1 == isds_asprintf(new_url
, template, context
->url
, length
))
1528 /* Invalidate session cookie for otp authenticated @context */
1529 _hidden isds_error
_isds_invalidate_otp_cookie(struct isds_ctx
*context
) {
1533 void *response
= NULL
;
1534 size_t response_length
;
1536 if (context
== NULL
|| !context
->otp
) return IE_INVALID_CONTEXT
;
1537 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
1539 /* Build logout URL */
1540 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1541 err
= _isds_build_url_from_context(context
,
1542 "%1$.*2$sas/processLogout?uri=%1$sDS/dz", &url
);
1543 if (err
) return err
;
1545 /* Invalidate the cookie by GET request */
1549 &response
, &response_length
,
1550 NULL
, NULL
, &http_code
,
1555 /* long message set by http() */
1556 } else if (http_code
!= 200) {
1557 /* TODO: Specification does not define response for this request.
1558 * Especially it does not state whether direct 200 or 302 redirect is
1559 * sent. We need to check real implementation. */
1561 isds_printf_message(context
, _("Cookie for OTP authenticated "
1562 "connection to <%s> could not been invalidated"),
1565 isds_log(ILF_SEC
, ILL_DEBUG
, _("Cookie for OTP authenticated "
1566 "connection to <%s> has been invalidated.\n"),
1573 /* LibXML functions:
1575 * void xmlInitParser(void)
1576 * Initialization function for the XML parser. This is not reentrant. Call
1577 * once before processing in case of use in multithreaded programs.
1579 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1580 * Initialize a parser context
1582 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1583 * const * char URL, const char * encoding, int options);
1584 * Parse in-memory NULL-terminated document @cur.
1586 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1587 * Parse an XML in-memory block and build a tree.
1589 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1591 * Create a parser context for an XML in-memory document.
1593 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1594 * Creates a parser context for an XML in-memory document.
1596 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1597 * const char * buffer, int size, const char * URL, const char * encoding,
1599 * Parse an XML in-memory document and build a tree. This reuses the existing
1600 * @ctxt parser context.
1602 * void xmlCleanupParser(void)
1603 * Cleanup function for the XML library. It tries to reclaim all parsing
1604 * related glob document related memory. Calling this function should not
1605 * prevent reusing the libr finished using the library or XML document built
1608 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1609 * Clear (release owned resources) and reinitialize a parser context.
1611 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1612 * Reset a parser context
1614 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1615 * Free all the memory used by a parser context. However the parsed document
1616 * in ctxt->myDoc is not freed.
1618 * void xmlFreeDoc(xmlDocPtr cur)
1619 * Free up all the structures used by a document, tree included.