6 #include <strings.h> /* strncasecmp(3) */
9 /* Private structure for write_body() call back */
15 /* Private structure for write_header() call back */
17 _Bool is_complete
; /* Response has finished, next iteration is new
18 response, values become obsolete. */
19 char *last_header
; /* Temporary storage for previous unfinished header */
20 char *method
; /* WWW-Authenticate value */
21 char *code
; /* X-Response-message-code value */
22 isds_otp_resolution resolution
; /* Decoded .code member */
23 char *message
; /* X-Response-message-text value */
24 char *redirect
; /* Redirect URL */
28 /* Deallocate content of struct auth_headers */
29 static void auth_headers_free(struct auth_headers
*headers
) {
30 zfree(headers
->last_header
);
31 zfree(headers
->method
);
33 zfree(headers
->message
);
34 zfree(headers
->redirect
);
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
41 static const char *header_value(const char *line
, const char *name
) {
43 if (line
== NULL
|| name
== NULL
) return NULL
;
45 for (value
= line
; ; value
++, name
++) {
46 if (*value
== '\0') return NULL
; /* Line too short */
47 if (*name
== '\0') break; /* Name matches */
48 if (*name
!= *value
) return NULL
; /* Name does not match */
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
52 if (*value
++ != ':') return NULL
;
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
68 static int try_rfc2047_decode(_Bool prepend_space
, const char **input
,
71 const char *charset_start
, *encoding
, *end
;
72 size_t charset_length
;
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
77 if (input
== NULL
|| *input
== NULL
|| output
== NULL
|| *output
== NULL
)
82 if (encoded
[0] != '=' || encoded
[1] != '?')
85 /* Then is "CHARSET?" */
86 charset_start
= (encoded
+= 2);
87 while (*encoded
!= '?') {
90 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
97 if (*encoded
== '\0') return -1;
103 /* Then is "ENCODED_TEXT?=" */
104 while (*encoded
!= '?') {
105 if (*encoded
== '\0')
107 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
112 if (*(++encoded
) != '=') return -1;
115 * "=?CHARSET?E?ENCODED_TEXT?="
124 charset_length
= encoding
- charset_start
- 1;
125 if (charset_length
< 1)
127 charset
= strndup(charset_start
, charset_length
);
131 /* Decode encoding */
132 char *bit_stream
= NULL
;
133 size_t bit_length
= 0;
134 size_t encoding_length
= end
- encoding
- 2;
136 if (*encoding
== 'B') {
138 char *b64_stream
= NULL
;
139 if (NULL
== (b64_stream
=
140 malloc((encoding_length
+ 1) * sizeof(*encoding
)))) {
144 memcpy(b64_stream
, encoding
+ 2, encoding_length
);
145 b64_stream
[encoding_length
] = '\0';
146 bit_length
= _isds_b64decode(b64_stream
, (void **)&bit_stream
);
148 if (bit_length
== (size_t) -1) {
152 } else if (*encoding
== 'Q') {
153 /* Decode Quoted-printable-like */
154 if (NULL
== (bit_stream
=
155 malloc((encoding_length
) * sizeof(*encoding
)))) {
159 for (size_t q
= 2; q
< encoding_length
+ 2; q
++) {
160 if (encoding
[q
] == '_') {
161 bit_stream
[bit_length
] = '\x20';
162 } else if (encoding
[q
] == '=') {
164 /* Validate "=HH", where H is hexadecimal digit */
165 if (q
+ 2 >= encoding_length
+ 2 ) {
171 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
176 bit_stream
[bit_length
] = (ordinar
<< 4);
177 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
182 bit_stream
[bit_length
] += ordinar
;
184 bit_stream
[bit_length
] = encoding
[q
];
189 /* Unknown encoding */
194 /* Convert to UTF-8 */
195 char *utf_stream
= NULL
;
197 utf_length
= _isds_any2any(charset
, "UTF-8", bit_stream
, bit_length
,
198 (void **)&utf_stream
);
201 if (utf_length
== (size_t) -1) {
205 /* Copy UTF-8 stream to output buffer */
210 memcpy(*output
, utf_stream
, utf_length
);
212 *output
+= utf_length
;
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
223 static char *decode_header_value(const char *encoded_value
) {
224 char *decoded
= NULL
, *decoded_cursor
;
225 size_t content_length
;
226 _Bool text_started
= 0, lws_seen
= 0, encoded_word_seen
= 0;
228 if (encoded_value
== NULL
) return NULL
;
229 content_length
= strlen(encoded_value
);
231 /* A character can occupy up to 6 bytes in UTF-8 */
232 decoded
= malloc(content_length
* 6 + 1);
233 if (decoded
== NULL
) {
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
243 for (decoded_cursor
= decoded
; *encoded_value
; encoded_value
++) {
244 if (*encoded_value
== '\r' || *encoded_value
== '\n' ||
245 *encoded_value
== '\t' || *encoded_value
== ' ') {
249 if (*encoded_value
== '=' &&
251 lws_seen
&& text_started
&& !encoded_word_seen
,
252 &encoded_value
, &decoded_cursor
)) {
253 encoded_word_seen
= 1;
255 if (lws_seen
&& text_started
)
256 *(decoded_cursor
++) = ' ';
257 *(decoded_cursor
++) = *encoded_value
;
258 encoded_word_seen
= 0;
263 *decoded_cursor
= '\0';
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
294 static isds_otp_resolution
string2isds_otp_resolution(const char *string
) {
296 return OTP_RESOLUTION_UNKNOWN
;
297 else if (!strcmp(string
, "authentication.info.totpSended"))
298 return OTP_RESOLUTION_TOTP_SENT
;
299 else if (!strcmp(string
, "authentication.error.userIsNotAuthenticated"))
300 return OTP_RESOLUTION_BAD_AUTHENTICATION
;
301 else if (!strcmp(string
, "authentication.error.intruderDetected"))
302 return OTP_RESOLUTION_ACCESS_BLOCKED
;
303 else if (!strcmp(string
, "authentication.error.paswordExpired"))
304 return OTP_RESOLUTION_PASSWORD_EXPIRED
;
305 else if (!strcmp(string
, "authentication.info.cannotSendQuickly"))
306 return OTP_RESOLUTION_TO_FAST
;
307 else if (!strcmp(string
, "authentication.error.badRole"))
308 return OTP_RESOLUTION_UNAUTHORIZED
;
309 else if (!strcmp(string
, "authentication.info.totpNotSended"))
310 return OTP_RESOLUTION_TOTP_NOT_SENT
;
312 return OTP_RESOLUTION_UNKNOWN
;
316 /* Close connection to server and destroy CURL handle associated
318 _hidden isds_error
_isds_close_connection(struct isds_ctx
*context
) {
319 if (!context
) return IE_INVALID_CONTEXT
;
322 curl_easy_cleanup(context
->curl
);
323 context
->curl
= NULL
;
324 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Connection to server %s closed\n"),
328 return IE_CONNECTION_CLOSED
;
333 /* Remove username and password from context CURL handle. */
334 static isds_error
unset_http_authorization(struct isds_ctx
*context
) {
335 isds_error error
= IE_SUCCESS
;
337 if (context
== NULL
) return IE_INVALID_CONTEXT
;
338 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
340 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
341 if (curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
, NULL
))
343 if (curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
, NULL
))
346 if (curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, NULL
))
348 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
351 isds_log(ILF_HTTP
, ILL_ERR
, _("Error while unsetting user name and "
352 "password from CURL handle for connection to server %s.\n"),
355 isds_log(ILF_HTTP
, ILL_DEBUG
, _("User name and password for server %s "
356 "have been unset from CURL handle.\n"), context
->url
);
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
367 static size_t write_body(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
368 struct soap_body
*body
= (struct soap_body
*) userp
;
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
374 if (!body
) return 0; /* This should never happen */
375 if (0 == (size
* nmemb
)) return 0; /* Empty body */
377 new_data
= realloc(body
->data
, body
->length
+ size
* nmemb
);
378 if (!new_data
) return 0;
380 memcpy(new_data
+ body
->length
, buffer
, size
* nmemb
);
382 body
->data
= new_data
;
383 body
->length
+= size
* nmemb
;
385 return (size
* nmemb
);
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
396 static size_t write_header(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
397 struct auth_headers
*headers
= (struct auth_headers
*) userp
;
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
403 length
= size
* nmemb
;
405 if (NULL
== headers
) return 0; /* This should never happen */
407 /* ??? Is this the empty line delimiter? */
408 return 0; /* Empty headers */
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
413 if (headers
->is_complete
) auth_headers_free(headers
);
415 /* Append continuation to multi-line header */
416 if (*(char *)buffer
== ' ' || *(char *)buffer
== '\t') {
417 if (headers
->last_header
!= NULL
) {
418 size_t old_length
= strlen(headers
->last_header
);
419 char *longer_header
= realloc(headers
->last_header
, old_length
+ length
);
420 if (longer_header
== NULL
) {
424 strncpy(longer_header
+ old_length
, (char*)buffer
+ 1, length
- 1);
425 longer_header
[old_length
+ length
- 1] = '\0';
426 headers
->last_header
= longer_header
;
428 /* Invalid continuation without starting header will be skipped. */
429 isds_log(ILF_HTTP
, ILL_WARNING
,
430 _("HTTP header continuation without starting header has "
431 "been encountered. Skipping invalid HTTP response "
437 /* Decode last header */
438 value
= header_value(headers
->last_header
, "WWW-Authenticate");
440 free(headers
->method
);
441 if (NULL
== (headers
->method
= decode_header_value(value
))) {
442 /* TODO: Set IE_NOMEM to context */
448 value
= header_value(headers
->last_header
, "X-Response-message-code");
451 if (NULL
== (headers
->code
= decode_header_value(value
))) {
452 /* TODO: Set IE_NOMEM to context */
458 value
= header_value(headers
->last_header
, "X-Response-message-text");
460 free(headers
->message
);
461 if (NULL
== (headers
->message
= decode_header_value(value
))) {
462 /* TODO: Set IE_NOMEM to context */
469 /* Last header decoded, free it */
470 zfree(headers
->last_header
);
472 if (!strncmp(buffer
, "\r\n", length
)) {
473 /* Current line is header---body separator */
474 headers
->is_complete
= 1;
477 /* Current line is new header, store it */
478 headers
->last_header
= malloc(length
+ 1);
479 if (headers
->last_header
== NULL
) {
480 /* TODO: Set IE_NOMEM to context */
483 memcpy(headers
->last_header
, buffer
, length
);
484 headers
->last_header
[length
] = '\0';
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
494 static int progress_proxy(void *curl_data
, double download_total
,
495 double download_current
, double upload_total
, double upload_current
) {
496 struct isds_ctx
*context
= (struct isds_ctx
*) curl_data
;
499 if (context
&& context
->progress_callback
) {
500 abort
= context
->progress_callback(
501 upload_total
, upload_current
,
502 download_total
, download_current
,
503 context
->progress_callback_data
);
505 isds_log(ILF_HTTP
, ILL_INFO
,
506 _("Application aborted HTTP transfer"));
514 /* CURL call back function called when curl has something to log.
515 * @curl is cURL context
516 * @type is cURL log facility
517 * @buffer points to log data, XXX: not zero-terminated
518 * @size is length of log data
519 * @userp is private structure.
521 static int log_curl(CURL
*curl
, curl_infotype type
, char *buffer
, size_t size
,
523 if (!buffer
|| 0 == size
) return 0;
524 if (type
== CURLINFO_TEXT
|| type
== CURLINFO_HEADER_IN
||
525 type
== CURLINFO_HEADER_OUT
)
526 isds_log(ILF_HTTP
, ILL_DEBUG
, "%*s", size
, buffer
);
532 * @context holds the base URL,
533 * @url is a (CGI) file of SOAP URL,
534 * @use_get is a false to do a POST request, true to do a GET request.
535 * @request is body for POST request
536 * @request_length is length of @request in bytes
537 * @reponse is automatically reallocated() buffer to fit HTTP response with
538 * @response_length (does not need to match allocated memory exactly). You must
539 * free() the @response.
540 * @mime_type is automatically allocated MIME type send by server (*NULL if not
541 * sent). Set NULL if you don't care.
542 * @charset is charset of the body signaled by server. The same constrains
543 * like on @mime_type apply.
544 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
545 * or any other one. Pass NULL if you don't interest.
546 * In case of error, the response memory, MIME type, charset and length will be
547 * deallocated and zeroed automatically. Thus be sure they are preallocated or
548 * they points to NULL.
549 * @response_otp_headers is pre-allocated structure for OTP authentication
550 * headers sent by server. Members must be valid pointers or NULLs.
551 * Pass NULL if you don't interest.
552 * Be ware that successful return value does not mean the HTTP request has
553 * been accepted by the server. You must consult @http_code. OTOH, failure
554 * return value means the request could not been sent (e.g. SSL error).
555 * Side effect: message buffer */
556 static isds_error
http(struct isds_ctx
*context
,
557 const char *url
, _Bool use_get
,
558 const void *request
, const size_t request_length
,
559 void **response
, size_t *response_length
,
560 char **mime_type
, char **charset
, long *http_code
,
561 struct auth_headers
*response_otp_headers
) {
564 isds_error err
= IE_SUCCESS
;
565 struct soap_body body
;
567 struct curl_slist
*headers
= NULL
;
570 if (!context
) return IE_INVALID_CONTEXT
;
571 if (!url
) return IE_INVAL
;
572 if (request_length
> 0 && !request
) return IE_INVAL
;
573 if (!response
|| !response_length
) return IE_INVAL
;
575 /* Clean authentication headers */
577 /* Set the body here to allow deallocation in leave block */
578 body
.data
= *response
;
581 /* Set Request-URI */
582 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_URL
, url
);
584 /* Set TLS options */
585 if (!curl_err
&& context
->tls_verify_server
) {
586 if (!*context
->tls_verify_server
)
587 isds_log(ILF_SEC
, ILL_WARNING
,
588 _("Disabling server identity verification. "
589 "That was your decision.\n"));
590 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYPEER
,
591 (*context
->tls_verify_server
)? 1L : 0L);
593 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYHOST
,
594 (*context
->tls_verify_server
)? 2L : 0L);
597 if (!curl_err
&& context
->tls_ca_file
) {
598 isds_log(ILF_SEC
, ILL_INFO
,
599 _("CA certificates will be searched in `%s' file since now\n"),
600 context
->tls_ca_file
);
601 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAINFO
,
602 context
->tls_ca_file
);
604 if (!curl_err
&& context
->tls_ca_dir
) {
605 isds_log(ILF_SEC
, ILL_INFO
,
606 _("CA certificates will be searched in `%s' directory "
607 "since now\n"), context
->tls_ca_dir
);
608 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAPATH
,
609 context
->tls_ca_dir
);
611 if (!curl_err
&& context
->tls_crl_file
) {
612 #if HAVE_DECL_CURLOPT_CRLFILE /* Since curl-7.19.0 */
613 isds_log(ILF_SEC
, ILL_INFO
,
614 _("CRLs will be searched in `%s' file since now\n"),
615 context
->tls_crl_file
);
616 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CRLFILE
,
617 context
->tls_crl_file
);
619 isds_log(ILF_SEC
, ILL_WARNING
,
620 _("Your curl library cannot pass certificate revocation "
621 "list to cryptographic library.\n"
622 "Make sure cryptographic library default setting "
623 "delivers proper CRLs,\n"
624 "or upgrade curl.\n"));
625 #endif /* not HAVE_DECL_CURLOPT_CRLFILE */
629 /* Set credentials */
630 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
631 if (!curl_err
&& context
->username
) {
632 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
,
635 if (!curl_err
&& context
->password
) {
636 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
,
640 if (!curl_err
&& (context
->username
|| context
->password
)) {
642 _isds_astrcat3(context
->username
, ":", context
->password
);
644 isds_log_message(context
, _("Could not pass credentials to CURL"));
648 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, userpwd
);
651 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
653 /* Set PKI credentials */
654 if (!curl_err
&& (context
->pki_credentials
)) {
655 if (context
->pki_credentials
->engine
) {
656 /* Select SSL engine */
657 isds_log(ILF_SEC
, ILL_INFO
,
658 _("Cryptographic engine `%s' will be used for "
659 "key or certificate\n"),
660 context
->pki_credentials
->engine
);
661 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLENGINE
,
662 context
->pki_credentials
->engine
);
666 /* Select certificate format */
667 #if HAVE_DECL_CURLOPT_SSLCERTTYPE /* since curl-7.9.3 */
668 if (context
->pki_credentials
->certificate_format
==
670 /* XXX: It's valid to have certificate in engine without name.
671 * Engines can select certificate according private key and
673 if (context
->pki_credentials
->certificate
)
674 isds_log(ILF_SEC
, ILL_INFO
, _("Client `%s' certificate "
675 "will be read from `%s' engine\n"),
676 context
->pki_credentials
->certificate
,
677 context
->pki_credentials
->engine
);
679 isds_log(ILF_SEC
, ILL_INFO
, _("Client certificate "
680 "will be read from `%s' engine\n"),
681 context
->pki_credentials
->engine
);
682 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
684 } else if (context
->pki_credentials
->certificate
) {
685 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s certificate "
686 "will be read from `%s' file\n"),
687 (context
->pki_credentials
->certificate_format
==
688 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
689 context
->pki_credentials
->certificate
);
690 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
691 (context
->pki_credentials
->certificate_format
==
692 PKI_FORMAT_DER
) ? "DER" : "PEM");
695 if ((context
->pki_credentials
->certificate_format
==
697 context
->pki_credentials
->certificate
))
698 isds_log(ILF_SEC
, ILL_WARNING
,
699 _("Your curl library cannot distinguish certificate "
700 "formats. Make sure your cryptographic library\n"
701 "understands your certificate file by default, "
702 "or upgrade curl.\n"));
703 #endif /* not HAVE_DECL_CURLOPT_SSLCERTTYPE */
706 if (!curl_err
&& context
->pki_credentials
->certificate
) {
707 /* Select certificate */
709 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERT
,
710 context
->pki_credentials
->certificate
);
714 /* Select key format */
715 if (context
->pki_credentials
->key_format
== PKI_FORMAT_ENG
) {
716 if (context
->pki_credentials
->key
)
717 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key `%s' "
718 "from `%s' engine will be used\n"),
719 context
->pki_credentials
->key
,
720 context
->pki_credentials
->engine
);
722 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key "
723 "from `%s' engine will be used\n"),
724 context
->pki_credentials
->engine
);
725 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
727 } else if (context
->pki_credentials
->key
) {
728 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s private key will be "
729 "read from `%s' file\n"),
730 (context
->pki_credentials
->key_format
==
731 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
732 context
->pki_credentials
->key
);
733 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
734 (context
->pki_credentials
->key_format
==
735 PKI_FORMAT_DER
) ? "DER" : "PEM");
740 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEY
,
741 context
->pki_credentials
->key
);
744 /* Pass key pass-phrase */
745 #if HAVE_DECL_CURLOPT_KEYPASSWD /* since curl-7.16.5 */
746 curl_err
= curl_easy_setopt(context
->curl
,
748 context
->pki_credentials
->passphrase
);
749 #elif HAVE_DECL_CURLOPT_SSLKEYPASSWD /* up to curl-7.16.4 */
750 curl_err
= curl_easy_setopt(context
->curl
,
751 CURLOPT_SSLKEYPASSWD
,
752 context
->pki_credentials
->passphrase
);
753 #else /* up to curl-7.9.2 */
754 curl_err
= curl_easy_setopt(context
->curl
,
755 CURLOPT_SSLCERTPASSWD
,
756 context
->pki_credentials
->passphrase
);
762 /* Set authorization cookie for OTP session */
763 if (!curl_err
&& context
->otp
) {
764 isds_log(ILF_SEC
, ILL_INFO
,
765 _("Cookies will be stored and sent "
766 "because context has been authorized by OTP.\n"));
767 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_COOKIEFILE
, "");
772 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOSIGNAL
, 1);
774 if (!curl_err
&& context
->timeout
) {
775 #if HAVE_DECL_CURLOPT_TIMEOUT_MS /* Since curl-7.16.2 */
776 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT_MS
,
779 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT
,
780 context
->timeout
/ 1000);
781 #endif /* not HAVE_DECL_CURLOPT_TIMEOUT_MS */
784 /* Register callback */
785 if (context
->progress_callback
) {
787 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOPROGRESS
, 0);
790 curl_err
= curl_easy_setopt(context
->curl
,
791 CURLOPT_PROGRESSFUNCTION
, progress_proxy
);
794 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PROGRESSDATA
,
799 /* Set other CURL features */
801 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_FAILONERROR
, 0);
804 /* Set get-response function */
806 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEFUNCTION
,
810 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEDATA
, &body
);
813 /* Set get-response-headers function if needed.
814 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
815 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
816 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
818 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HEADERFUNCTION
,
819 (response_otp_headers
== NULL
) ? NULL
: write_header
);
822 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEHEADER
,
823 response_otp_headers
);
826 /* Set MIME types and headers requires by SOAP 1.1.
827 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml */
829 headers
= curl_slist_append(headers
,
830 "Accept: application/soap+xml,application/xml,text/xml");
835 headers
= curl_slist_append(headers
, "Content-Type: text/xml");
840 headers
= curl_slist_append(headers
, "SOAPAction: ");
845 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPHEADER
, headers
);
848 /* Set user agent identification */
849 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERAGENT
,
850 "libisds/" PACKAGE_VERSION
);
854 /* Set GET request */
856 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPGET
, 1);
859 /* Set POST request body */
861 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POST
, 1);
864 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDS
, request
);
867 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDSIZE
,
873 /* Debug cURL if requested */
875 ((log_facilities
& ILF_HTTP
) && (log_level
>= ILL_DEBUG
));
877 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_VERBOSE
,
878 (debug_curl
) ? 1 : 0);
881 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_DEBUGFUNCTION
,
882 (debug_curl
) ? log_curl
: NULL
);
886 /* Check for errors so far */
888 isds_log_message(context
, curl_easy_strerror(curl_err
));
893 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Sending %s request to <%s>\n"),
894 use_get
? "GET" : "POST", url
);
896 isds_log(ILF_HTTP
, ILL_DEBUG
,
897 _("POST body length: %zu, content follows:\n"), request_length
);
898 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n", request_length
, request
);
899 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of POST body\n"));
904 curl_err
= curl_easy_perform(context
->curl
);
907 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_CONTENT_TYPE
,
911 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
913 /* TODO: CURL is not internationalized yet. Collect CURL messages for
915 isds_printf_message(context
,
916 _("%s: %s"), url
, _(curl_easy_strerror(curl_err
)));
917 if (curl_err
== CURLE_ABORTED_BY_CALLBACK
)
920 curl_err
== CURLE_SSL_CONNECT_ERROR
||
921 curl_err
== CURLE_SSL_ENGINE_NOTFOUND
||
922 curl_err
== CURLE_SSL_ENGINE_SETFAILED
||
923 curl_err
== CURLE_SSL_CERTPROBLEM
||
924 curl_err
== CURLE_SSL_CIPHER
||
925 curl_err
== CURLE_SSL_CACERT
||
926 curl_err
== CURLE_USE_SSL_FAILED
||
927 curl_err
== CURLE_SSL_ENGINE_INITFAILED
||
928 curl_err
== CURLE_SSL_CACERT_BADFILE
||
929 curl_err
== CURLE_SSL_SHUTDOWN_FAILED
||
930 curl_err
== CURLE_SSL_CRL_BADFILE
||
931 curl_err
== CURLE_SSL_ISSUER_ERROR
939 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Final response to %s received\n"), url
);
940 isds_log(ILF_HTTP
, ILL_DEBUG
,
941 _("Response body length: %zu, content follows:\n"),
943 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n", body
.length
, body
.data
);
944 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of response body\n"));
947 /* Extract MIME type and charset */
952 sep
= strchr(content_type
, ';');
953 if (sep
) offset
= (size_t) (sep
- content_type
);
954 else offset
= strlen(content_type
);
957 *mime_type
= malloc(offset
+ 1);
962 memcpy(*mime_type
, content_type
, offset
);
963 (*mime_type
)[offset
] = '\0';
970 sep
= strstr(sep
, "charset=");
974 *charset
= strdup(sep
+ 8);
984 /* Get HTTP response code */
986 curl_err
= curl_easy_getinfo(context
->curl
,
987 CURLINFO_RESPONSE_CODE
, http_code
);
994 /* Store OTP authentication results */
995 if (response_otp_headers
&& response_otp_headers
->is_complete
) {
996 isds_log(ILF_SEC
, ILL_DEBUG
,
997 _("OTP authentication headers received: "
998 "method=%s, code=%s, message=%s\n"),
999 response_otp_headers
->method
, response_otp_headers
->code
,
1000 response_otp_headers
->message
);
1002 /* XXX: Don't make unknown code fatal. Missing code can be succcess if
1003 * HTTP code is 302. This is checked in _isds_soap(). */
1004 response_otp_headers
->resolution
=
1005 string2isds_otp_resolution(response_otp_headers
->code
);
1007 if (response_otp_headers
->message
!= NULL
) {
1008 char *message_locale
= _isds_utf82locale(response_otp_headers
->message
);
1009 /* _isds_utf82locale() return NULL on inconverable string. Do not
1011 * TODO: Escape such characters.
1012 * if (message_locale == NULL) {
1016 isds_printf_message(context
,
1017 _("Server returned OTP authentication message: %s"),
1019 free(message_locale
);
1022 char *next_url
= NULL
; /* Weak pointer managed by cURL */
1023 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_REDIRECT_URL
,
1029 if (next_url
!= NULL
) {
1030 isds_log(ILF_SEC
, ILL_DEBUG
,
1031 _("OTP authentication headers redirect to: <%s>\n"),
1033 free(response_otp_headers
->redirect
);
1034 response_otp_headers
->redirect
= strdup(next_url
);
1035 if (response_otp_headers
->redirect
== NULL
) {
1042 curl_slist_free_all(headers
);
1058 if (err
!= IE_ABORTED
) _isds_close_connection(context
);
1061 *response
= body
.data
;
1062 *response_length
= body
.length
;
1069 * @context holds the base URL,
1070 * @file is a (CGI) file of SOAP URL,
1071 * @request is XML node set with SOAP request body.
1072 * @file must be NULL, @request should be NULL rather than empty, if they should
1073 * not be signaled in the SOAP request.
1074 * @response_document is an automatically allocated XML document whose subtree
1075 * identified by @response_node_list holds the SOAP response body content. You
1076 * must xmlFreeDoc() it. If you don't care pass NULL and also
1077 * NULL @response_node_list.
1078 * @response_node_list is a pointer to node set with SOAP response body
1079 * content. The returned pointer points into @response_document to the first
1080 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1082 * @raw_response is automatically allocated bit stream with response body. Use
1083 * NULL if you don't care
1084 * @raw_response_length is size of @raw_response in bytes
1085 * In case of error the response will be deallocated automatically.
1086 * Side effect: message buffer */
1087 _hidden isds_error
_isds_soap(struct isds_ctx
*context
, const char *file
,
1088 const xmlNodePtr request
,
1089 xmlDocPtr
*response_document
, xmlNodePtr
*response_node_list
,
1090 void **raw_response
, size_t *raw_response_length
) {
1092 isds_error err
= IE_SUCCESS
;
1094 char *mime_type
= NULL
;
1096 struct auth_headers response_otp_headers
;
1097 xmlBufferPtr http_request
= NULL
;
1098 xmlSaveCtxtPtr save_ctx
= NULL
;
1099 xmlDocPtr request_soap_doc
= NULL
;
1100 xmlNodePtr request_soap_envelope
= NULL
, request_soap_body
= NULL
;
1101 xmlNsPtr soap_ns
= NULL
;
1102 void *http_response
= NULL
;
1103 size_t response_length
= 0;
1104 xmlDocPtr response_soap_doc
= NULL
;
1105 xmlNodePtr response_root
= NULL
;
1106 xmlXPathContextPtr xpath_ctx
= NULL
;
1107 xmlXPathObjectPtr response_soap_headers
= NULL
, response_soap_body
= NULL
,
1108 response_soap_fault
= NULL
;
1111 if (!context
) return IE_INVALID_CONTEXT
;
1112 if ( (NULL
== response_document
&& NULL
!= response_node_list
) ||
1113 (NULL
!= response_document
&& NULL
== response_node_list
))
1115 if (!raw_response_length
&& raw_response
) return IE_INVAL
;
1117 if (response_document
) *response_document
= NULL
;
1118 if (response_node_list
) *response_node_list
= NULL
;
1119 if (raw_response
) *raw_response
= NULL
;
1121 url
= _isds_astrcat(context
->url
, file
);
1122 if (!url
) return IE_NOMEM
;
1124 /* Build SOAP request envelope */
1125 request_soap_doc
= xmlNewDoc(BAD_CAST
"1.0");
1126 if (!request_soap_doc
) {
1127 isds_log_message(context
, _("Could not build SOAP request document"));
1131 request_soap_envelope
= xmlNewNode(NULL
, BAD_CAST
"Envelope");
1132 if (!request_soap_envelope
) {
1133 isds_log_message(context
, _("Could not build SOAP request envelope"));
1137 xmlDocSetRootElement(request_soap_doc
, request_soap_envelope
);
1138 /* Only this way we get namespace definition as @xmlns:soap,
1139 * otherwise we get namespace prefix without definition */
1140 soap_ns
= xmlNewNs(request_soap_envelope
, BAD_CAST SOAP_NS
, NULL
);
1142 isds_log_message(context
, _("Could not create SOAP name space"));
1146 xmlSetNs(request_soap_envelope
, soap_ns
);
1147 request_soap_body
= xmlNewChild(request_soap_envelope
, NULL
,
1148 BAD_CAST
"Body", NULL
);
1149 if (!request_soap_body
) {
1150 isds_log_message(context
,
1151 _("Could not add Body to SOAP request envelope"));
1156 /* Append request XML node set to SOAP body if request is not empty */
1157 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1158 * would destroy this outer structure. */
1160 xmlNodePtr request_copy
= xmlCopyNodeList(request
);
1161 if (!request_copy
) {
1162 isds_log_message(context
,
1163 _("Could not copy request content"));
1167 if (!xmlAddChildList(request_soap_body
, request_copy
)) {
1168 xmlFreeNodeList(request_copy
);
1169 isds_log_message(context
,
1170 _("Could not add request content to SOAP "
1171 "request envelope"));
1178 /* Serialize the SOAP request into HTTP request body */
1179 http_request
= xmlBufferCreate();
1180 if (!http_request
) {
1181 isds_log_message(context
,
1182 _("Could not create xmlBuffer for HTTP request body"));
1186 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1187 * XML document transport as it adds text nodes (indentiation) between
1189 save_ctx
= xmlSaveToBuffer(http_request
, "UTF-8", 0);
1191 isds_log_message(context
,
1192 _("Could not create XML serializer"));
1196 /* XXX: According LibXML documentation, this function does not return
1197 * meaningful value yet */
1198 xmlSaveDoc(save_ctx
, request_soap_doc
);
1199 if (-1 == xmlSaveFlush(save_ctx
)) {
1200 isds_log_message(context
,
1201 _("Could not serialize SOAP request to HTTP request body"));
1206 if (context
->otp_credentials
!= NULL
)
1207 memset(&response_otp_headers
, 0, sizeof(response_otp_headers
));
1209 if (context
->otp_credentials
!= NULL
)
1210 auth_headers_free(&response_otp_headers
);
1211 isds_log(ILF_SOAP
, ILL_DEBUG
,
1212 _("SOAP request to sent to %s:\n%.*s\nEnd of SOAP request\n"),
1213 url
, http_request
->use
, http_request
->content
);
1215 err
= http(context
, url
, 0, http_request
->content
, http_request
->use
,
1216 &http_response
, &response_length
,
1217 &mime_type
, NULL
, &http_code
,
1218 (context
->otp_credentials
== NULL
) ? NULL
: &response_otp_headers
);
1220 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1221 * to be processed too. */
1227 if (NULL
!= context
->otp_credentials
)
1228 context
->otp_credentials
->resolution
= response_otp_headers
.resolution
;
1230 /* Check for HTTP return code */
1231 isds_log(ILF_SOAP
, ILL_DEBUG
, _("Server returned %ld HTTP code\n"),
1233 switch (http_code
) {
1234 /* XXX: We must see which code is used for not permitted ISDS
1235 * operation like downloading message without proper user
1236 * permissions. In that case we should keep connection opened. */
1238 if (NULL
!= context
->otp_credentials
) {
1239 if (context
->otp_credentials
->resolution
==
1240 OTP_RESOLUTION_UNKNOWN
)
1241 context
->otp_credentials
->resolution
=
1242 OTP_RESOLUTION_SUCCESS
;
1246 if (NULL
!= context
->otp_credentials
) {
1247 if (context
->otp_credentials
->resolution
==
1248 OTP_RESOLUTION_UNKNOWN
)
1249 context
->otp_credentials
->resolution
=
1250 OTP_RESOLUTION_SUCCESS
;
1251 err
= IE_PARTIAL_SUCCESS
;
1252 isds_printf_message(context
,
1253 _("Server redirects on <%s> because OTP authentication "
1256 if (context
->otp_credentials
->otp_code
!= NULL
&&
1257 response_otp_headers
.redirect
!= NULL
) {
1258 /* XXX: If OTP code is known, this must be second OTP phase, so
1259 * send final POST request and unset Basic authentication
1260 * from cURL context as cookie is used instead. */
1262 url
= response_otp_headers
.redirect
;
1263 response_otp_headers
.redirect
= NULL
;
1264 _isds_discard_credentials(context
, 0);
1265 err
= unset_http_authorization(context
);
1267 isds_log_message(context
, _("Could not remove "
1268 "credentials from CURL handle."));
1273 /* XXX: Otherwise bail out to ask application for OTP code. */
1278 isds_printf_message(context
,
1279 _("Code 302: Server redirects on <%s> request. "
1280 "Redirection is forbidden in stateless mode."),
1285 case 401: /* ISDS server returns 401 even if Authorization
1287 case 403: /* HTTP/1.0 prescribes 403 if Authorization presents. */
1288 err
= IE_NOT_LOGGED_IN
;
1289 isds_log_message(context
, _("Authentication failed"));
1294 isds_printf_message(context
,
1295 _("Code 404: Document (%s) not found on server"), url
);
1298 /* 500 should return standard SOAP message */
1301 /* Check for Content-Type: text/xml.
1302 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1303 * page for browsers. */
1304 if (mime_type
&& strcmp(mime_type
, "text/xml")
1305 && strcmp(mime_type
, "application/soap+xml")
1306 && strcmp(mime_type
, "application/xml")) {
1307 char *mime_type_locale
= _isds_utf82locale(mime_type
);
1308 isds_printf_message(context
,
1309 _("%s: bad MIME type sent by server: %s"), url
,
1311 free(mime_type_locale
);
1316 /* TODO: Convert returned body into XML default encoding */
1318 /* Parse the HTTP body as XML */
1319 response_soap_doc
= xmlParseMemory(http_response
, response_length
);
1320 if (!response_soap_doc
) {
1325 xpath_ctx
= xmlXPathNewContext(response_soap_doc
);
1331 if (_isds_register_namespaces(xpath_ctx
, MESSAGE_NS_UNSIGNED
)) {
1336 isds_log(ILF_SOAP
, ILL_DEBUG
,
1337 _("SOAP response received:\n%.*s\nEnd of SOAP response\n"),
1338 response_length
, http_response
);
1341 /* Check for SOAP version */
1342 response_root
= xmlDocGetRootElement(response_soap_doc
);
1343 if (!response_root
) {
1344 isds_log_message(context
, "SOAP response has no root element");
1348 if (xmlStrcmp(response_root
->name
, BAD_CAST
"Envelope") ||
1349 xmlStrcmp(response_root
->ns
->href
, BAD_CAST SOAP_NS
)) {
1350 isds_log_message(context
, "SOAP response is not SOAP 1.1 document");
1355 /* Check for SOAP Headers */
1356 response_soap_headers
= xmlXPathEvalExpression(
1357 BAD_CAST
"/soap:Envelope/soap:Header/"
1358 "*[@soap:mustUnderstand/text() = true()]", xpath_ctx
);
1359 if (!response_soap_headers
) {
1363 if (!xmlXPathNodeSetIsEmpty(response_soap_headers
->nodesetval
)) {
1364 isds_log_message(context
,
1365 _("SOAP response requires unsupported feature"));
1366 /* TODO: log the headers
1367 * xmlChar *fragment = NULL;
1368 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1374 response_soap_body
= xmlXPathEvalExpression(
1375 BAD_CAST
"/soap:Envelope/soap:Body", xpath_ctx
);
1376 if (!response_soap_body
) {
1380 if (xmlXPathNodeSetIsEmpty(response_soap_body
->nodesetval
)) {
1381 isds_log_message(context
,
1382 _("SOAP response does not contain SOAP Body element"));
1386 if (response_soap_body
->nodesetval
->nodeNr
> 1) {
1387 isds_log_message(context
,
1388 _("SOAP response has more than one Body element"));
1393 /* Check for SOAP Fault */
1394 response_soap_fault
= xmlXPathEvalExpression(
1395 BAD_CAST
"/soap:Envelope/soap:Body/soap:Fault", xpath_ctx
);
1396 if (!response_soap_fault
) {
1400 if (!xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1401 /* Server signals Fault. Gather error message and croak. */
1402 /* XXX: Only first message is passed */
1403 char *message
= NULL
, *message_locale
= NULL
;
1404 xpath_ctx
->node
= response_soap_fault
->nodesetval
->nodeTab
[0];
1405 xmlXPathFreeObject(response_soap_fault
);
1406 /* XXX: faultstring and faultcode are in no name space according
1407 * ISDS specification */
1408 /* First more verbose faultstring */
1409 response_soap_fault
= xmlXPathEvalExpression(
1410 BAD_CAST
"faultstring[1]/text()", xpath_ctx
);
1411 if (response_soap_fault
&&
1412 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1414 xmlXPathCastNodeSetToString(response_soap_fault
->nodesetval
);
1415 message_locale
= _isds_utf82locale(message
);
1417 /* If not available, try shorter faultcode */
1418 if (!message_locale
) {
1420 xmlXPathFreeObject(response_soap_fault
);
1421 response_soap_fault
= xmlXPathEvalExpression(
1422 BAD_CAST
"faultcode[1]/text()", xpath_ctx
);
1423 if (response_soap_fault
&&
1424 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1426 xmlXPathCastNodeSetToString(
1427 response_soap_fault
->nodesetval
);
1428 message_locale
= _isds_utf82locale(message
);
1434 isds_printf_message(context
, _("SOAP response signals Fault: %s"),
1437 isds_log_message(context
, _("SOAP response signals Fault"));
1439 free(message_locale
);
1447 /* Extract XML tree with ISDS response from SOAP envelope and return it.
1448 * XXX: response_soap_body lists only one Body element here. We need
1449 * children which may not exist (i.e. empty Body) or being more than one
1450 * (this is not the case of ISDS payload, but let's support generic SOAP).
1451 * XXX: We will return the XML document and children as a node list for
1453 * (1) We won't to do expensive xmlDocCopyNodeList(),
1454 * (2) Any node is unusable after calling xmlFreeDoc() on it's document
1455 * because the document holds a dictionary with identifiers. Caller always
1456 * can do xmlDocCopyNodeList() on a fresh document later. */
1457 if (NULL
!= response_document
&& NULL
!= response_node_list
) {
1458 *response_document
= response_soap_doc
;
1459 *response_node_list
=
1460 response_soap_body
->nodesetval
->nodeTab
[0]->children
;
1463 /* Save raw response */
1465 *raw_response
= http_response
;
1466 *raw_response_length
= response_length
;
1467 http_response
= NULL
;
1472 xmlXPathFreeObject(response_soap_fault
);
1473 xmlXPathFreeObject(response_soap_body
);
1474 xmlXPathFreeObject(response_soap_headers
);
1475 xmlXPathFreeContext(xpath_ctx
);
1476 if (NULL
== response_document
|| NULL
== *response_document
) {
1477 xmlFreeDoc(response_soap_doc
);
1479 if (context
->otp_credentials
!= NULL
)
1480 auth_headers_free(&response_otp_headers
);
1482 free(http_response
);
1483 xmlSaveClose(save_ctx
);
1484 xmlBufferFree(http_request
);
1485 xmlFreeDoc(request_soap_doc
); /* recursive, frees request_body, soap_ns*/
1492 /* Build new URL from current @context and template.
1493 * @context is context carrying an URL
1494 * @template is printf(3) format string. First argument is string of base URL
1495 * found in @context, second argument is length of the base URL.
1496 * @new_url is newly allocated URL built from @template. Caller must free it.
1497 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1500 _hidden isds_error
_isds_build_url_from_context(struct isds_ctx
*context
,
1501 const char *template, char **new_url
) {
1502 int length
, slashes
;
1504 if (NULL
!= new_url
) *new_url
= NULL
;
1505 if (NULL
== context
) return IE_INVALID_CONTEXT
;
1506 if (NULL
== template) return IE_INVAL
;
1507 if (NULL
== new_url
) return IE_INVAL
;
1509 /* Find length of base URL from context URL */
1510 if (NULL
== context
->url
) {
1511 isds_log_message(context
, _("Base URL could not have been determined "
1512 "from context URL because there was no URL set in the "
1516 for (length
= 0, slashes
= 0; context
->url
[length
] != '\0'; length
++) {
1517 if (context
->url
[length
] == '/') slashes
++;
1518 if (slashes
== 3) break;
1521 isds_log_message(context
, _("Base URL could not have been determined "
1522 "from context URL"));
1528 if (-1 == isds_asprintf(new_url
, template, context
->url
, length
))
1535 /* Invalidate session cookie for otp authenticated @context */
1536 _hidden isds_error
_isds_invalidate_otp_cookie(struct isds_ctx
*context
) {
1540 void *response
= NULL
;
1541 size_t response_length
;
1543 if (context
== NULL
|| !context
->otp
) return IE_INVALID_CONTEXT
;
1544 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
1546 /* Build logout URL */
1547 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1548 err
= _isds_build_url_from_context(context
,
1549 "%1$.*2$sas/processLogout?uri=%1$sDS/dz", &url
);
1550 if (err
) return err
;
1552 /* Invalidate the cookie by GET request */
1556 &response
, &response_length
,
1557 NULL
, NULL
, &http_code
,
1562 /* long message set by http() */
1563 } else if (http_code
!= 200) {
1564 /* TODO: Specification does not define response for this request.
1565 * Especially it does not state whether direct 200 or 302 redirect is
1566 * sent. We need to check real implementation. */
1568 isds_printf_message(context
, _("Cookie for OTP authenticated "
1569 "connection to <%s> could not been invalidated"),
1572 isds_log(ILF_SEC
, ILL_DEBUG
, _("Cookie for OTP authenticated "
1573 "connection to <%s> has been invalidated.\n"),
1580 /* LibXML functions:
1582 * void xmlInitParser(void)
1583 * Initialization function for the XML parser. This is not reentrant. Call
1584 * once before processing in case of use in multithreaded programs.
1586 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1587 * Initialize a parser context
1589 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1590 * const * char URL, const char * encoding, int options);
1591 * Parse in-memory NULL-terminated document @cur.
1593 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1594 * Parse an XML in-memory block and build a tree.
1596 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1598 * Create a parser context for an XML in-memory document.
1600 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1601 * Creates a parser context for an XML in-memory document.
1603 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1604 * const char * buffer, int size, const char * URL, const char * encoding,
1606 * Parse an XML in-memory document and build a tree. This reuses the existing
1607 * @ctxt parser context.
1609 * void xmlCleanupParser(void)
1610 * Cleanup function for the XML library. It tries to reclaim all parsing
1611 * related glob document related memory. Calling this function should not
1612 * prevent reusing the libr finished using the library or XML document built
1615 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1616 * Clear (release owned resources) and reinitialize a parser context.
1618 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1619 * Reset a parser context
1621 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1622 * Free all the memory used by a parser context. However the parsed document
1623 * in ctxt->myDoc is not freed.
1625 * void xmlFreeDoc(xmlDocPtr cur)
1626 * Free up all the structures used by a document, tree included.