| blob | f0b17ab69746fd67b10f8abf802d3fdd615d82df |
4 #include <stdlib.h>
5 #include <string.h>
9 /* Private structure for write_body() call back */
13 };
15 /* Private structure for write_header() call back */
18 response, values become obsolete. */
25 };
28 /* Deallocate content of struct auth_headers */
35 }
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
49 }
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
55 }
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
62 * input - 1.
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
80 /* Start is "=?" */
85 /* Then is "CHARSET?" */
92 encoded++;
93 }
94 encoded++;
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
101 encoded++;
103 /* Then is "ENCODED_TEXT?=" */
109 encoded++;
110 }
114 /* Now pointers are:
115 * "=?CHARSET?E?ENCODED_TEXT?="
116 * | | | ||
117 * | | | |\- encoded
118 * | | | \- end
119 * | | \- encoding
120 * | \- charset_start
121 * \- *input
122 */
131 /* Decode encoding */
137 /* Decode Base-64 */
143 }
151 }
153 /* Decode Quoted-printable-like */
158 }
164 /* Validate "=HH", where H is hexadecimal digit */
169 }
170 /* Convert =HH */
175 }
181 }
185 }
186 bit_length++;
187 }
189 /* Unknown encoding */
192 }
194 /* Convert to UTF-8 */
203 }
205 /* Copy UTF-8 stream to output buffer */
209 }
216 }
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
231 /* A character can occupy up to 6 bytes in UTF-8 */
234 /* ENOMEM */
236 }
238 /* Decode */
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
240 * a space. */
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
242 * */
248 }
259 }
262 }
266 }
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
280 default: return 0;
281 }
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
286 return 1;
287 return 0;
288 }*/
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
311 else
313 }
316 /* Close connection to server and destroy CURL handle associated
317 * with @context */
329 }
330 }
333 /* Remove username and password from context CURL handle. */
345 #else
354 else
358 }
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
386 }
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
407 /* ??? Is this the empty line delimiter? */
409 }
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
415 /* Append continuation to multi-line header */
421 /* ENOMEM */
423 }
428 /* Invalid continuation without starting header will be skipped. */
431 "been encountered. Skipping invalid HTTP response "
433 }
435 }
437 /* Decode last header */
442 /* TODO: Set IE_NOMEM to context */
444 }
446 }
452 /* TODO: Set IE_NOMEM to context */
454 }
456 }
462 /* TODO: Set IE_NOMEM to context */
464 }
466 }
468 store:
469 /* Last header decoded, free it */
473 /* Current line is header---body separator */
477 /* Current line is new header, store it */
480 /* TODO: Set IE_NOMEM to context */
482 }
485 }
487 leave:
489 }
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
507 }
508 }
511 }
514 /* CURL call back function called when curl has something to log.
515 * @curl is cURL context
516 * @type is cURL log facility
517 * @buffer points to log data, XXX: not zero-terminated
518 * @size is length of log data
519 * @userp is private structure.
520 * Must return 0. */
523 /* Silent warning about usused arguments.
524 * This prototype is cURL's debug_callback type. */
533 }
536 /* Do HTTP request.
537 * @context holds the base URL,
538 * @url is a (CGI) file of SOAP URL,
539 * @use_get is a false to do a POST request, true to do a GET request.
540 * @request is body for POST request
541 * @request_length is length of @request in bytes
542 * @reponse is automatically reallocated() buffer to fit HTTP response with
543 * @response_length (does not need to match allocated memory exactly). You must
544 * free() the @response.
545 * @mime_type is automatically allocated MIME type send by server (*NULL if not
546 * sent). Set NULL if you don't care.
547 * @charset is charset of the body signaled by server. The same constrains
548 * like on @mime_type apply.
549 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
550 * or any other one. Pass NULL if you don't interest.
551 * In case of error, the response memory, MIME type, charset and length will be
552 * deallocated and zeroed automatically. Thus be sure they are preallocated or
553 * they points to NULL.
554 * @response_otp_headers is pre-allocated structure for OTP authentication
555 * headers sent by server. Members must be valid pointers or NULLs.
556 * Pass NULL if you don't interest.
557 * Be ware that successful return value does not mean the HTTP request has
558 * been accepted by the server. You must consult @http_code. OTOH, failure
559 * return value means the request could not been sent (e.g. SSL error).
560 * Side effect: message buffer */
568 CURLcode curl_err;
580 /* Clean authentication headers */
582 /* Set the body here to allow deallocation in leave block */
586 /* Set Request-URI */
589 /* Set TLS options */
600 }
601 }
608 }
615 }
623 #else
627 "Make sure cryptographic library default setting "
631 }
634 /* Set credentials */
639 }
643 }
644 #else
652 }
655 }
658 /* Set PKI credentials */
661 /* Select SSL engine */
668 }
671 /* Select certificate format */
674 PKI_FORMAT_ENG) {
675 /* XXX: It's valid to have certificate in engine without name.
676 * Engines can select certificate according private key and
677 * vice versa. */
683 else
698 }
699 #else
701 PKI_FORMAT_ENG ||
706 "understands your certificate file by default, "
709 }
712 /* Select certificate */
716 }
719 /* Select key format */
726 else
741 }
744 /* Select key */
749 /* Pass key pass-phrase */
752 CURLOPT_KEYPASSWD,
756 CURLOPT_SSLKEYPASSWD,
760 CURLOPT_SSLCERTPASSWD,
762 #endif
763 }
764 }
765 }
767 /* Set authorization cookie for OTP session */
773 }
775 /* Set timeout */
778 }
783 #else
787 }
789 /* Register callback */
793 }
797 }
800 context);
801 }
802 }
804 /* Set other CURL features */
807 }
809 /* Set get-response function */
812 write_body);
813 }
816 }
818 /* Set get-response-headers function if needed.
819 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
820 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
821 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
825 }
828 response_otp_headers);
829 }
831 /* Set MIME types and headers requires by SOAP 1.1.
832 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml.
833 * But suppress sending the headers to proxies first if supported. */
837 CURLHEADER_SEPARATE);
838 }
846 }
851 }
856 }
858 }
860 /* Set user agent identification */
863 }
866 /* Set GET request */
869 }
871 /* Set POST request body */
874 }
877 }
880 request_length);
881 }
882 }
884 {
885 /* Debug cURL if requested */
886 _Bool debug_curl =
891 }
895 }
896 }
898 /* Check for errors so far */
903 }
913 }
915 }
918 /* Do the request */
926 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
927 * error message. */
928 /* TODO: CURL is not internationalized yet. Collect CURL messages for
929 * I18N. */
946 curl_err == CURLE_SSL_ISSUER_ERROR
947 )
949 else
952 }
961 }
965 /* Extract MIME type and charset */
979 }
982 }
996 }
997 }
998 }
999 }
1000 }
1002 /* Get HTTP response code */
1009 }
1010 }
1012 /* Store OTP authentication results */
1020 /* XXX: Don't make unknown code fatal. Missing code can be succcess if
1021 * HTTP code is 302. This is checked in _isds_soap(). */
1027 /* _isds_utf82locale() return NULL on inconverable string. Do not
1028 * panic on it.
1029 * TODO: Escape such characters.
1030 * if (message_locale == NULL) {
1031 err = IE_NOMEM;
1032 goto leave;
1033 }*/
1036 message_locale);
1038 }
1046 }
1050 next_url);
1056 }
1057 }
1058 }
1059 leave:
1070 }
1074 }
1077 }
1083 }
1086 /* Do SOAP request.
1087 * @context holds the base URL,
1088 * @file is a (CGI) file of SOAP URL,
1089 * @request is XML node set with SOAP request body.
1090 * @file must be NULL, @request should be NULL rather than empty, if they should
1091 * not be signaled in the SOAP request.
1092 * @response_document is an automatically allocated XML document whose subtree
1093 * identified by @response_node_list holds the SOAP response body content. You
1094 * must xmlFreeDoc() it. If you don't care pass NULL and also
1095 * NULL @response_node_list.
1096 * @response_node_list is a pointer to node set with SOAP response body
1097 * content. The returned pointer points into @response_document to the first
1098 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1099 * don't care.
1100 * @raw_response is automatically allocated bit stream with response body. Use
1101 * NULL if you don't care
1102 * @raw_response_length is size of @raw_response in bytes
1103 * In case of error the response will be deallocated automatically.
1104 * Side effect: message buffer */
1142 /* Build SOAP request envelope */
1148 }
1154 }
1156 /* Only this way we get namespace definition as @xmlns:soap,
1157 * otherwise we get namespace prefix without definition */
1163 }
1172 }
1174 /* Append request XML node set to SOAP body if request is not empty */
1175 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1176 * would destroy this outer structure. */
1184 }
1192 }
1193 }
1196 /* Serialize the SOAP request into HTTP request body */
1203 }
1204 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1205 * XML document transport as it adds text nodes (indentiation) between
1206 * elements. */
1213 }
1214 /* XXX: According LibXML documentation, this function does not return
1215 * meaningful value yet */
1222 }
1226 redirect:
1238 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1239 * to be processed too. */
1243 }
1248 /* Check for HTTP return code */
1250 http_code);
1252 /* XXX: We must see which code is used for not permitted ISDS
1253 * operation like downloading message without proper user
1254 * permissions. In that case we should keep connection opened. */
1258 OTP_RESOLUTION_UNKNOWN)
1260 OTP_RESOLUTION_SUCCESS;
1261 }
1266 OTP_RESOLUTION_UNKNOWN)
1268 OTP_RESOLUTION_SUCCESS;
1273 url);
1276 /* XXX: If OTP code is known, this must be second OTP phase, so
1277 * send final POST request and unset Basic authentication
1278 * from cURL context as cookie is used instead. */
1288 }
1291 /* XXX: Otherwise bail out to ask application for OTP code. */
1293 }
1299 url);
1301 }
1304 presents. */
1316 /* 500 should return standard SOAP message */
1317 }
1319 /* Check for Content-Type: text/xml.
1320 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1321 * page for browsers. */
1328 mime_type_locale);
1332 }
1334 /* TODO: Convert returned body into XML default encoding */
1336 /* Parse the HTTP body as XML */
1341 }
1347 }
1352 }
1358 }
1360 /* Check for SOAP version */
1366 }
1372 }
1374 /* Check for SOAP Headers */
1376 BAD_CAST "/soap:Envelope/soap:Header/"
1381 }
1385 /* TODO: log the headers
1386 * xmlChar *fragment = NULL;
1387 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1390 }
1392 /* Get SOAP Body */
1398 }
1404 }
1410 }
1412 /* Check for SOAP Fault */
1418 }
1420 /* Server signals Fault. Gather error message and croak. */
1421 /* XXX: Only first message is passed */
1425 /* XXX: faultstring and faultcode are in no name space according
1426 * ISDS specification */
1427 /* First more verbose faultstring */
1435 }
1436 /* If not available, try shorter faultcode */
1448 }
1449 }
1451 /* Croak */
1454 message_locale);
1455 else
1463 }
1466 /* Extract XML tree with ISDS response from SOAP envelope and return it.
1467 * XXX: response_soap_body lists only one Body element here. We need
1468 * children which may not exist (i.e. empty Body) or being more than one
1469 * (this is not the case of ISDS payload, but let's support generic SOAP).
1470 * XXX: We will return the XML document and children as a node list for
1471 * two reasons:
1472 * (1) We won't to do expensive xmlDocCopyNodeList(),
1473 * (2) Any node is unusable after calling xmlFreeDoc() on it's document
1474 * because the document holds a dictionary with identifiers. Caller always
1475 * can do xmlDocCopyNodeList() on a fresh document later. */
1480 }
1482 /* Save raw response */
1487 }
1490 leave:
1497 }
1508 }
1511 /* Build new URL from current @context and template.
1512 * @context is context carrying an URL
1513 * @template is printf(3) format string. First argument is length of the base
1514 * URL found in @context, second argument is the base URL, third argument is
1515 * again the base URL.
1516 * XXX: We cannot use "$" formatting character because it's not in the ISO C99.
1517 * @new_url is newly allocated URL built from @template. Caller must free it.
1518 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1519 * allocated.
1520 * */
1530 /* Find length of base URL from context URL */
1533 "from context URL because there was no URL set in the "
1536 }
1540 }
1545 }
1546 length++;
1548 /* Build new URL */
1554 }
1557 /* Invalidate session cookie for otp authenticated @context */
1559 isds_error err;
1568 /* Build logout URL */
1569 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1574 /* Invalidate the cookie by GET request */
1580 NULL);
1584 /* long message set by http() */
1586 /* TODO: Specification does not define response for this request.
1587 * Especially it does not state whether direct 200 or 302 redirect is
1588 * sent. We need to check real implementation. */
1597 }
1599 }
1602 /* LibXML functions:
1603 *
1604 * void xmlInitParser(void)
1605 * Initialization function for the XML parser. This is not reentrant. Call
1606 * once before processing in case of use in multithreaded programs.
1607 *
1608 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1609 * Initialize a parser context
1610 *
1611 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1612 * const * char URL, const char * encoding, int options);
1613 * Parse in-memory NULL-terminated document @cur.
1614 *
1615 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1616 * Parse an XML in-memory block and build a tree.
1617 *
1618 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1619 * size);
1620 * Create a parser context for an XML in-memory document.
1621 *
1622 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1623 * Creates a parser context for an XML in-memory document.
1624 *
1625 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1626 * const char * buffer, int size, const char * URL, const char * encoding,
1627 * int options)
1628 * Parse an XML in-memory document and build a tree. This reuses the existing
1629 * @ctxt parser context.
1631 * void xmlCleanupParser(void)
1632 * Cleanup function for the XML library. It tries to reclaim all parsing
1633 * related glob document related memory. Calling this function should not
1634 * prevent reusing the libr finished using the library or XML document built
1635 * with it.
1636 *
1637 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1638 * Clear (release owned resources) and reinitialize a parser context.
1639 *
1640 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1641 * Reset a parser context
1642 *
1643 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1644 * Free all the memory used by a parser context. However the parsed document
1645 * in ctxt->myDoc is not freed.
1646 *
1647 * void xmlFreeDoc(xmlDocPtr cur)
1648 * Free up all the structures used by a document, tree included.
1649 */