6 #include <strings.h> /* strncasecmp(3) */
9 /* Private structure for write_body() call back */
15 /* Private structure for write_header() call back */
17 _Bool is_complete
; /* Response has finished, next iteration is new
18 response, values become obsolete. */
19 char *last_header
; /* Temporary storage for previous unfinished header */
20 char *method
; /* WWW-Authenticate value */
21 char *code
; /* X-Response-message-code value */
22 isds_otp_resolution resolution
; /* Decoded .code member */
23 char *message
; /* X-Response-message-text value */
24 char *redirect
; /* Redirect URL */
28 /* Deallocate content of struct auth_headers */
29 static void auth_headers_free(struct auth_headers
*headers
) {
30 zfree(headers
->last_header
);
31 zfree(headers
->method
);
33 zfree(headers
->message
);
34 zfree(headers
->redirect
);
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
41 static const char *header_value(const char *line
, const char *name
) {
43 if (line
== NULL
|| name
== NULL
) return NULL
;
45 for (value
= line
; ; value
++, name
++) {
46 if (*value
== '\0') return NULL
; /* Line too short */
47 if (*name
== '\0') break; /* Name matches */
48 if (*name
!= *value
) return NULL
; /* Name does not match */
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
52 if (*value
++ != ':') return NULL
;
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
68 static int try_rfc2047_decode(_Bool prepend_space
, const char **input
,
71 const char *charset_start
, *encoding
, *end
;
72 size_t charset_length
;
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
77 if (input
== NULL
|| *input
== NULL
|| output
== NULL
|| *output
== NULL
)
82 if (encoded
[0] != '=' || encoded
[1] != '?')
85 /* Then is "CHARSET?" */
86 charset_start
= (encoded
+= 2);
87 while (*encoded
!= '?') {
90 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
97 if (*encoded
== '\0') return -1;
103 /* Then is "ENCODED_TEXT?=" */
104 while (*encoded
!= '?') {
105 if (*encoded
== '\0')
107 if (*encoded
== ' ' || *encoded
== '\t' || *encoded
== '\r' || *encoded
== '\n')
112 if (*(++encoded
) != '=') return -1;
115 * "=?CHARSET?E?ENCODED_TEXT?="
124 charset_length
= encoding
- charset_start
- 1;
125 if (charset_length
< 1)
127 charset
= strndup(charset_start
, charset_length
);
131 /* Decode encoding */
132 char *bit_stream
= NULL
;
133 size_t bit_length
= 0;
134 size_t encoding_length
= end
- encoding
- 2;
136 if (*encoding
== 'B') {
138 char *b64_stream
= NULL
;
139 if (NULL
== (b64_stream
=
140 malloc((encoding_length
+ 1) * sizeof(*encoding
)))) {
144 memcpy(b64_stream
, encoding
+ 2, encoding_length
);
145 b64_stream
[encoding_length
] = '\0';
146 bit_length
= _isds_b64decode(b64_stream
, (void **)&bit_stream
);
148 if (bit_length
== (size_t) -1) {
152 } else if (*encoding
== 'Q') {
153 /* Decode Quoted-printable-like */
154 if (NULL
== (bit_stream
=
155 malloc((encoding_length
) * sizeof(*encoding
)))) {
159 for (size_t q
= 2; q
< encoding_length
+ 2; q
++) {
160 if (encoding
[q
] == '_') {
161 bit_stream
[bit_length
] = '\x20';
162 } else if (encoding
[q
] == '=') {
164 /* Validate "=HH", where H is hexadecimal digit */
165 if (q
+ 2 >= encoding_length
+ 2 ) {
171 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
176 bit_stream
[bit_length
] = (ordinar
<< 4);
177 if ((ordinar
= _isds_hex2i(encoding
[++q
])) < 0) {
182 bit_stream
[bit_length
] += ordinar
;
184 bit_stream
[bit_length
] = encoding
[q
];
189 /* Unknown encoding */
194 /* Convert to UTF-8 */
195 char *utf_stream
= NULL
;
197 utf_length
= _isds_any2any(charset
, "UTF-8", bit_stream
, bit_length
,
198 (void **)&utf_stream
);
201 if (utf_length
== (size_t) -1) {
205 /* Copy UTF-8 stream to output buffer */
210 memcpy(*output
, utf_stream
, utf_length
);
212 *output
+= utf_length
;
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
223 static char *decode_header_value(const char *encoded_value
) {
224 char *decoded
= NULL
, *decoded_cursor
;
225 size_t content_length
;
226 _Bool text_started
= 0, lws_seen
= 0, encoded_word_seen
= 0;
228 if (encoded_value
== NULL
) return NULL
;
229 content_length
= strlen(encoded_value
);
231 /* A character can occupy up to 6 bytes in UTF-8 */
232 decoded
= malloc(content_length
* 6 + 1);
233 if (decoded
== NULL
) {
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
243 for (decoded_cursor
= decoded
; *encoded_value
; encoded_value
++) {
244 if (*encoded_value
== '\r' || *encoded_value
== '\n' ||
245 *encoded_value
== '\t' || *encoded_value
== ' ') {
249 if (*encoded_value
== '=' &&
251 lws_seen
&& text_started
&& !encoded_word_seen
,
252 &encoded_value
, &decoded_cursor
)) {
253 encoded_word_seen
= 1;
255 if (lws_seen
&& text_started
)
256 *(decoded_cursor
++) = ' ';
257 *(decoded_cursor
++) = *encoded_value
;
258 encoded_word_seen
= 0;
263 *decoded_cursor
= '\0';
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
294 static isds_otp_resolution
string2isds_otp_resolution(const char *string
) {
296 return OTP_RESOLUTION_UNKNOWN
;
297 else if (!strcmp(string
, "authentication.info.totpSended"))
298 return OTP_RESOLUTION_TOTP_SENT
;
299 else if (!strcmp(string
, "authentication.error.userIsNotAuthenticated"))
300 return OTP_RESOLUTION_BAD_AUTHENTICATION
;
301 else if (!strcmp(string
, "authentication.error.intruderDetected"))
302 return OTP_RESOLUTION_ACCESS_BLOCKED
;
303 else if (!strcmp(string
, "authentication.error.paswordExpired"))
304 return OTP_RESOLUTION_PASSWORD_EXPIRED
;
305 else if (!strcmp(string
, "authentication.info.cannotSendQuickly"))
306 return OTP_RESOLUTION_TO_FAST
;
307 else if (!strcmp(string
, "authentication.error.badRole"))
308 return OTP_RESOLUTION_UNAUTHORIZED
;
309 else if (!strcmp(string
, "authentication.info.totpNotSended"))
310 return OTP_RESOLUTION_TOTP_NOT_SENT
;
312 return OTP_RESOLUTION_UNKNOWN
;
316 /* Close connection to server and destroy CURL handle associated
318 _hidden isds_error
_isds_close_connection(struct isds_ctx
*context
) {
319 if (!context
) return IE_INVALID_CONTEXT
;
322 curl_easy_cleanup(context
->curl
);
323 context
->curl
= NULL
;
324 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Connection to server %s closed\n"),
328 return IE_CONNECTION_CLOSED
;
333 /* Remove username and password from context CURL handle. */
334 static isds_error
unset_http_authorization(struct isds_ctx
*context
) {
335 isds_error error
= IE_SUCCESS
;
337 if (context
== NULL
) return IE_INVALID_CONTEXT
;
338 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
340 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
341 if (curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
, NULL
))
343 if (curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
, NULL
))
346 if (curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, NULL
))
348 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
351 isds_log(ILF_HTTP
, ILL_ERR
, _("Error while unsetting user name and "
352 "password from CURL handle for connection to server %s.\n"),
355 isds_log(ILF_HTTP
, ILL_DEBUG
, _("User name and password for server %s "
356 "have been unset from CURL handle.\n"), context
->url
);
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
367 static size_t write_body(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
368 struct soap_body
*body
= (struct soap_body
*) userp
;
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
374 if (!body
) return 0; /* This should never happen */
375 if (0 == (size
* nmemb
)) return 0; /* Empty body */
377 new_data
= realloc(body
->data
, body
->length
+ size
* nmemb
);
378 if (!new_data
) return 0;
380 memcpy(new_data
+ body
->length
, buffer
, size
* nmemb
);
382 body
->data
= new_data
;
383 body
->length
+= size
* nmemb
;
385 return (size
* nmemb
);
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
396 static size_t write_header(void *buffer
, size_t size
, size_t nmemb
, void *userp
) {
397 struct auth_headers
*headers
= (struct auth_headers
*) userp
;
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
403 length
= size
* nmemb
;
405 if (NULL
== headers
) return 0; /* This should never happen */
407 /* ??? Is this the empty line delimiter? */
408 return 0; /* Empty headers */
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
413 if (headers
->is_complete
) auth_headers_free(headers
);
415 /* Append continuation to multi-line header */
416 if (*(char *)buffer
== ' ' || *(char *)buffer
== '\t') {
417 if (headers
->last_header
!= NULL
) {
418 size_t old_length
= strlen(headers
->last_header
);
419 char *longer_header
= realloc(headers
->last_header
, old_length
+ length
);
420 if (longer_header
== NULL
) {
424 strncpy(longer_header
+ old_length
, (char*)buffer
+ 1, length
- 1);
425 longer_header
[old_length
+ length
- 1] = '\0';
426 headers
->last_header
= longer_header
;
428 /* Invalid continuation without starting header will be skipped. */
429 isds_log(ILF_HTTP
, ILL_WARNING
,
430 _("HTTP header continuation without starting header has "
431 "been encountered. Skipping invalid HTTP response "
437 /* Decode last header */
438 value
= header_value(headers
->last_header
, "WWW-Authenticate");
440 free(headers
->method
);
441 if (NULL
== (headers
->method
= decode_header_value(value
))) {
442 /* TODO: Set IE_NOMEM to context */
448 value
= header_value(headers
->last_header
, "X-Response-message-code");
451 if (NULL
== (headers
->code
= decode_header_value(value
))) {
452 /* TODO: Set IE_NOMEM to context */
458 value
= header_value(headers
->last_header
, "X-Response-message-text");
460 free(headers
->message
);
461 if (NULL
== (headers
->message
= decode_header_value(value
))) {
462 /* TODO: Set IE_NOMEM to context */
469 /* Last header decoded, free it */
470 zfree(headers
->last_header
);
472 if (!strncmp(buffer
, "\r\n", length
)) {
473 /* Current line is header---body separator */
474 headers
->is_complete
= 1;
477 /* Current line is new header, store it */
478 headers
->last_header
= malloc(length
+ 1);
479 if (headers
->last_header
== NULL
) {
480 /* TODO: Set IE_NOMEM to context */
483 memcpy(headers
->last_header
, buffer
, length
);
484 headers
->last_header
[length
] = '\0';
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
494 static int progress_proxy(void *curl_data
, double download_total
,
495 double download_current
, double upload_total
, double upload_current
) {
496 struct isds_ctx
*context
= (struct isds_ctx
*) curl_data
;
499 if (context
&& context
->progress_callback
) {
500 abort
= context
->progress_callback(
501 upload_total
, upload_current
,
502 download_total
, download_current
,
503 context
->progress_callback_data
);
505 isds_log(ILF_HTTP
, ILL_INFO
,
506 _("Application aborted HTTP transfer"));
514 /* CURL call back function called when curl has something to log.
515 * @curl is cURL context
516 * @type is cURL log facility
517 * @buffer points to log data, XXX: not zero-terminated
518 * @size is length of log data
519 * @userp is private structure.
521 static int log_curl(CURL
*curl
, curl_infotype type
, char *buffer
, size_t size
,
523 /* Silent warning about usused arguments.
524 * This prototype is cURL's debug_callback type. */
528 if (!buffer
|| 0 == size
) return 0;
529 if (type
== CURLINFO_TEXT
|| type
== CURLINFO_HEADER_IN
||
530 type
== CURLINFO_HEADER_OUT
)
531 isds_log(ILF_HTTP
, ILL_DEBUG
, "%*s", size
, buffer
);
537 * @context holds the base URL,
538 * @url is a (CGI) file of SOAP URL,
539 * @use_get is a false to do a POST request, true to do a GET request.
540 * @request is body for POST request
541 * @request_length is length of @request in bytes
542 * @reponse is automatically reallocated() buffer to fit HTTP response with
543 * @response_length (does not need to match allocated memory exactly). You must
544 * free() the @response.
545 * @mime_type is automatically allocated MIME type send by server (*NULL if not
546 * sent). Set NULL if you don't care.
547 * @charset is charset of the body signaled by server. The same constrains
548 * like on @mime_type apply.
549 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
550 * or any other one. Pass NULL if you don't interest.
551 * In case of error, the response memory, MIME type, charset and length will be
552 * deallocated and zeroed automatically. Thus be sure they are preallocated or
553 * they points to NULL.
554 * @response_otp_headers is pre-allocated structure for OTP authentication
555 * headers sent by server. Members must be valid pointers or NULLs.
556 * Pass NULL if you don't interest.
557 * Be ware that successful return value does not mean the HTTP request has
558 * been accepted by the server. You must consult @http_code. OTOH, failure
559 * return value means the request could not been sent (e.g. SSL error).
560 * Side effect: message buffer */
561 static isds_error
http(struct isds_ctx
*context
,
562 const char *url
, _Bool use_get
,
563 const void *request
, const size_t request_length
,
564 void **response
, size_t *response_length
,
565 char **mime_type
, char **charset
, long *http_code
,
566 struct auth_headers
*response_otp_headers
) {
569 isds_error err
= IE_SUCCESS
;
570 struct soap_body body
;
572 struct curl_slist
*headers
= NULL
;
575 if (!context
) return IE_INVALID_CONTEXT
;
576 if (!url
) return IE_INVAL
;
577 if (request_length
> 0 && !request
) return IE_INVAL
;
578 if (!response
|| !response_length
) return IE_INVAL
;
580 /* Clean authentication headers */
582 /* Set the body here to allow deallocation in leave block */
583 body
.data
= *response
;
586 /* Set Request-URI */
587 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_URL
, url
);
589 /* Set TLS options */
590 if (!curl_err
&& context
->tls_verify_server
) {
591 if (!*context
->tls_verify_server
)
592 isds_log(ILF_SEC
, ILL_WARNING
,
593 _("Disabling server identity verification. "
594 "That was your decision.\n"));
595 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYPEER
,
596 (*context
->tls_verify_server
)? 1L : 0L);
598 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSL_VERIFYHOST
,
599 (*context
->tls_verify_server
)? 2L : 0L);
602 if (!curl_err
&& context
->tls_ca_file
) {
603 isds_log(ILF_SEC
, ILL_INFO
,
604 _("CA certificates will be searched in `%s' file since now\n"),
605 context
->tls_ca_file
);
606 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAINFO
,
607 context
->tls_ca_file
);
609 if (!curl_err
&& context
->tls_ca_dir
) {
610 isds_log(ILF_SEC
, ILL_INFO
,
611 _("CA certificates will be searched in `%s' directory "
612 "since now\n"), context
->tls_ca_dir
);
613 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CAPATH
,
614 context
->tls_ca_dir
);
616 if (!curl_err
&& context
->tls_crl_file
) {
617 #if HAVE_DECL_CURLOPT_CRLFILE /* Since curl-7.19.0 */
618 isds_log(ILF_SEC
, ILL_INFO
,
619 _("CRLs will be searched in `%s' file since now\n"),
620 context
->tls_crl_file
);
621 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_CRLFILE
,
622 context
->tls_crl_file
);
624 isds_log(ILF_SEC
, ILL_WARNING
,
625 _("Your curl library cannot pass certificate revocation "
626 "list to cryptographic library.\n"
627 "Make sure cryptographic library default setting "
628 "delivers proper CRLs,\n"
629 "or upgrade curl.\n"));
630 #endif /* not HAVE_DECL_CURLOPT_CRLFILE */
634 /* Set credentials */
635 #if HAVE_DECL_CURLOPT_USERNAME /* Since curl-7.19.1 */
636 if (!curl_err
&& context
->username
) {
637 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERNAME
,
640 if (!curl_err
&& context
->password
) {
641 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PASSWORD
,
645 if (!curl_err
&& (context
->username
|| context
->password
)) {
647 _isds_astrcat3(context
->username
, ":", context
->password
);
649 isds_log_message(context
, _("Could not pass credentials to CURL"));
653 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERPWD
, userpwd
);
656 #endif /* not HAVE_DECL_CURLOPT_USERNAME */
658 /* Set PKI credentials */
659 if (!curl_err
&& (context
->pki_credentials
)) {
660 if (context
->pki_credentials
->engine
) {
661 /* Select SSL engine */
662 isds_log(ILF_SEC
, ILL_INFO
,
663 _("Cryptographic engine `%s' will be used for "
664 "key or certificate\n"),
665 context
->pki_credentials
->engine
);
666 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLENGINE
,
667 context
->pki_credentials
->engine
);
671 /* Select certificate format */
672 #if HAVE_DECL_CURLOPT_SSLCERTTYPE /* since curl-7.9.3 */
673 if (context
->pki_credentials
->certificate_format
==
675 /* XXX: It's valid to have certificate in engine without name.
676 * Engines can select certificate according private key and
678 if (context
->pki_credentials
->certificate
)
679 isds_log(ILF_SEC
, ILL_INFO
, _("Client `%s' certificate "
680 "will be read from `%s' engine\n"),
681 context
->pki_credentials
->certificate
,
682 context
->pki_credentials
->engine
);
684 isds_log(ILF_SEC
, ILL_INFO
, _("Client certificate "
685 "will be read from `%s' engine\n"),
686 context
->pki_credentials
->engine
);
687 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
689 } else if (context
->pki_credentials
->certificate
) {
690 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s certificate "
691 "will be read from `%s' file\n"),
692 (context
->pki_credentials
->certificate_format
==
693 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
694 context
->pki_credentials
->certificate
);
695 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERTTYPE
,
696 (context
->pki_credentials
->certificate_format
==
697 PKI_FORMAT_DER
) ? "DER" : "PEM");
700 if ((context
->pki_credentials
->certificate_format
==
702 context
->pki_credentials
->certificate
))
703 isds_log(ILF_SEC
, ILL_WARNING
,
704 _("Your curl library cannot distinguish certificate "
705 "formats. Make sure your cryptographic library\n"
706 "understands your certificate file by default, "
707 "or upgrade curl.\n"));
708 #endif /* not HAVE_DECL_CURLOPT_SSLCERTTYPE */
711 if (!curl_err
&& context
->pki_credentials
->certificate
) {
712 /* Select certificate */
714 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLCERT
,
715 context
->pki_credentials
->certificate
);
719 /* Select key format */
720 if (context
->pki_credentials
->key_format
== PKI_FORMAT_ENG
) {
721 if (context
->pki_credentials
->key
)
722 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key `%s' "
723 "from `%s' engine will be used\n"),
724 context
->pki_credentials
->key
,
725 context
->pki_credentials
->engine
);
727 isds_log(ILF_SEC
, ILL_INFO
, _("Client private key "
728 "from `%s' engine will be used\n"),
729 context
->pki_credentials
->engine
);
730 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
732 } else if (context
->pki_credentials
->key
) {
733 isds_log(ILF_SEC
, ILL_INFO
, _("Client %s private key will be "
734 "read from `%s' file\n"),
735 (context
->pki_credentials
->key_format
==
736 PKI_FORMAT_DER
) ? _("DER") : _("PEM"),
737 context
->pki_credentials
->key
);
738 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEYTYPE
,
739 (context
->pki_credentials
->key_format
==
740 PKI_FORMAT_DER
) ? "DER" : "PEM");
745 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_SSLKEY
,
746 context
->pki_credentials
->key
);
749 /* Pass key pass-phrase */
750 #if HAVE_DECL_CURLOPT_KEYPASSWD /* since curl-7.16.5 */
751 curl_err
= curl_easy_setopt(context
->curl
,
753 context
->pki_credentials
->passphrase
);
754 #elif HAVE_DECL_CURLOPT_SSLKEYPASSWD /* up to curl-7.16.4 */
755 curl_err
= curl_easy_setopt(context
->curl
,
756 CURLOPT_SSLKEYPASSWD
,
757 context
->pki_credentials
->passphrase
);
758 #else /* up to curl-7.9.2 */
759 curl_err
= curl_easy_setopt(context
->curl
,
760 CURLOPT_SSLCERTPASSWD
,
761 context
->pki_credentials
->passphrase
);
767 /* Set authorization cookie for OTP session */
768 if (!curl_err
&& context
->otp
) {
769 isds_log(ILF_SEC
, ILL_INFO
,
770 _("Cookies will be stored and sent "
771 "because context has been authorized by OTP.\n"));
772 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_COOKIEFILE
, "");
777 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOSIGNAL
, 1);
779 if (!curl_err
&& context
->timeout
) {
780 #if HAVE_DECL_CURLOPT_TIMEOUT_MS /* Since curl-7.16.2 */
781 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT_MS
,
784 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_TIMEOUT
,
785 context
->timeout
/ 1000);
786 #endif /* not HAVE_DECL_CURLOPT_TIMEOUT_MS */
789 /* Register callback */
790 if (context
->progress_callback
) {
792 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_NOPROGRESS
, 0);
795 curl_err
= curl_easy_setopt(context
->curl
,
796 CURLOPT_PROGRESSFUNCTION
, progress_proxy
);
799 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_PROGRESSDATA
,
804 /* Set other CURL features */
806 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_FAILONERROR
, 0);
809 /* Set get-response function */
811 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEFUNCTION
,
815 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEDATA
, &body
);
818 /* Set get-response-headers function if needed.
819 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
820 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
821 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
823 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HEADERFUNCTION
,
824 (response_otp_headers
== NULL
) ? NULL
: write_header
);
827 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_WRITEHEADER
,
828 response_otp_headers
);
831 /* Set MIME types and headers requires by SOAP 1.1.
832 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml.
833 * But suppress sending the headers to proxies first if supported. */
834 #if HAVE_DECL_CURLOPT_HEADEROPT /* since curl-7.37.0 */
836 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HEADEROPT
,
837 CURLHEADER_SEPARATE
);
839 #endif /* HAVE_DECL_CURLOPT_HEADEROPT */
841 headers
= curl_slist_append(headers
,
842 "Accept: application/soap+xml,application/xml,text/xml");
847 headers
= curl_slist_append(headers
, "Content-Type: text/xml");
852 headers
= curl_slist_append(headers
, "SOAPAction: ");
857 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPHEADER
, headers
);
860 /* Set user agent identification */
861 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_USERAGENT
,
862 "libisds/" PACKAGE_VERSION
);
866 /* Set GET request */
868 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_HTTPGET
, 1);
871 /* Set POST request body */
873 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POST
, 1);
876 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDS
, request
);
879 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_POSTFIELDSIZE
,
885 /* Debug cURL if requested */
887 ((log_facilities
& ILF_HTTP
) && (log_level
>= ILL_DEBUG
));
889 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_VERBOSE
,
890 (debug_curl
) ? 1 : 0);
893 curl_err
= curl_easy_setopt(context
->curl
, CURLOPT_DEBUGFUNCTION
,
894 (debug_curl
) ? log_curl
: NULL
);
898 /* Check for errors so far */
900 isds_log_message(context
, curl_easy_strerror(curl_err
));
905 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Sending %s request to <%s>\n"),
906 use_get
? "GET" : "POST", url
);
908 isds_log(ILF_HTTP
, ILL_DEBUG
,
909 _("POST body length: %zu, content follows:\n"), request_length
);
910 if (_isds_sizet2int(request_length
) >= 0 ) {
911 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n",
912 _isds_sizet2int(request_length
), request
);
914 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of POST body\n"));
919 curl_err
= curl_easy_perform(context
->curl
);
922 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_CONTENT_TYPE
,
926 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
928 /* TODO: CURL is not internationalized yet. Collect CURL messages for
930 isds_printf_message(context
,
931 _("%s: %s"), url
, _(curl_easy_strerror(curl_err
)));
932 if (curl_err
== CURLE_ABORTED_BY_CALLBACK
)
935 curl_err
== CURLE_SSL_CONNECT_ERROR
||
936 curl_err
== CURLE_SSL_ENGINE_NOTFOUND
||
937 curl_err
== CURLE_SSL_ENGINE_SETFAILED
||
938 curl_err
== CURLE_SSL_CERTPROBLEM
||
939 curl_err
== CURLE_SSL_CIPHER
||
940 curl_err
== CURLE_SSL_CACERT
||
941 curl_err
== CURLE_USE_SSL_FAILED
||
942 curl_err
== CURLE_SSL_ENGINE_INITFAILED
||
943 curl_err
== CURLE_SSL_CACERT_BADFILE
||
944 curl_err
== CURLE_SSL_SHUTDOWN_FAILED
||
945 curl_err
== CURLE_SSL_CRL_BADFILE
||
946 curl_err
== CURLE_SSL_ISSUER_ERROR
954 isds_log(ILF_HTTP
, ILL_DEBUG
, _("Final response to %s received\n"), url
);
955 isds_log(ILF_HTTP
, ILL_DEBUG
,
956 _("Response body length: %zu, content follows:\n"),
958 if (_isds_sizet2int(body
.length
) >= 0) {
959 isds_log(ILF_HTTP
, ILL_DEBUG
, "%.*s\n",
960 _isds_sizet2int(body
.length
), body
.data
);
962 isds_log(ILF_HTTP
, ILL_DEBUG
, _("End of response body\n"));
965 /* Extract MIME type and charset */
970 sep
= strchr(content_type
, ';');
971 if (sep
) offset
= (size_t) (sep
- content_type
);
972 else offset
= strlen(content_type
);
975 *mime_type
= malloc(offset
+ 1);
980 memcpy(*mime_type
, content_type
, offset
);
981 (*mime_type
)[offset
] = '\0';
988 sep
= strstr(sep
, "charset=");
992 *charset
= strdup(sep
+ 8);
1002 /* Get HTTP response code */
1004 curl_err
= curl_easy_getinfo(context
->curl
,
1005 CURLINFO_RESPONSE_CODE
, http_code
);
1012 /* Store OTP authentication results */
1013 if (response_otp_headers
&& response_otp_headers
->is_complete
) {
1014 isds_log(ILF_SEC
, ILL_DEBUG
,
1015 _("OTP authentication headers received: "
1016 "method=%s, code=%s, message=%s\n"),
1017 response_otp_headers
->method
, response_otp_headers
->code
,
1018 response_otp_headers
->message
);
1020 /* XXX: Don't make unknown code fatal. Missing code can be succcess if
1021 * HTTP code is 302. This is checked in _isds_soap(). */
1022 response_otp_headers
->resolution
=
1023 string2isds_otp_resolution(response_otp_headers
->code
);
1025 if (response_otp_headers
->message
!= NULL
) {
1026 char *message_locale
= _isds_utf82locale(response_otp_headers
->message
);
1027 /* _isds_utf82locale() return NULL on inconverable string. Do not
1029 * TODO: Escape such characters.
1030 * if (message_locale == NULL) {
1034 isds_printf_message(context
,
1035 _("Server returned OTP authentication message: %s"),
1037 free(message_locale
);
1040 char *next_url
= NULL
; /* Weak pointer managed by cURL */
1041 curl_err
= curl_easy_getinfo(context
->curl
, CURLINFO_REDIRECT_URL
,
1047 if (next_url
!= NULL
) {
1048 isds_log(ILF_SEC
, ILL_DEBUG
,
1049 _("OTP authentication headers redirect to: <%s>\n"),
1051 free(response_otp_headers
->redirect
);
1052 response_otp_headers
->redirect
= strdup(next_url
);
1053 if (response_otp_headers
->redirect
== NULL
) {
1060 curl_slist_free_all(headers
);
1076 if (err
!= IE_ABORTED
) _isds_close_connection(context
);
1079 *response
= body
.data
;
1080 *response_length
= body
.length
;
1087 * @context holds the base URL,
1088 * @file is a (CGI) file of SOAP URL,
1089 * @request is XML node set with SOAP request body.
1090 * @file must be NULL, @request should be NULL rather than empty, if they should
1091 * not be signaled in the SOAP request.
1092 * @response_document is an automatically allocated XML document whose subtree
1093 * identified by @response_node_list holds the SOAP response body content. You
1094 * must xmlFreeDoc() it. If you don't care pass NULL and also
1095 * NULL @response_node_list.
1096 * @response_node_list is a pointer to node set with SOAP response body
1097 * content. The returned pointer points into @response_document to the first
1098 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1100 * @raw_response is automatically allocated bit stream with response body. Use
1101 * NULL if you don't care
1102 * @raw_response_length is size of @raw_response in bytes
1103 * In case of error the response will be deallocated automatically.
1104 * Side effect: message buffer */
1105 _hidden isds_error
_isds_soap(struct isds_ctx
*context
, const char *file
,
1106 const xmlNodePtr request
,
1107 xmlDocPtr
*response_document
, xmlNodePtr
*response_node_list
,
1108 void **raw_response
, size_t *raw_response_length
) {
1110 isds_error err
= IE_SUCCESS
;
1112 char *mime_type
= NULL
;
1114 struct auth_headers response_otp_headers
;
1115 xmlBufferPtr http_request
= NULL
;
1116 xmlSaveCtxtPtr save_ctx
= NULL
;
1117 xmlDocPtr request_soap_doc
= NULL
;
1118 xmlNodePtr request_soap_envelope
= NULL
, request_soap_body
= NULL
;
1119 xmlNsPtr soap_ns
= NULL
;
1120 void *http_response
= NULL
;
1121 size_t response_length
= 0;
1122 xmlDocPtr response_soap_doc
= NULL
;
1123 xmlNodePtr response_root
= NULL
;
1124 xmlXPathContextPtr xpath_ctx
= NULL
;
1125 xmlXPathObjectPtr response_soap_headers
= NULL
, response_soap_body
= NULL
,
1126 response_soap_fault
= NULL
;
1129 if (!context
) return IE_INVALID_CONTEXT
;
1130 if ( (NULL
== response_document
&& NULL
!= response_node_list
) ||
1131 (NULL
!= response_document
&& NULL
== response_node_list
))
1133 if (!raw_response_length
&& raw_response
) return IE_INVAL
;
1135 if (response_document
) *response_document
= NULL
;
1136 if (response_node_list
) *response_node_list
= NULL
;
1137 if (raw_response
) *raw_response
= NULL
;
1139 url
= _isds_astrcat(context
->url
, file
);
1140 if (!url
) return IE_NOMEM
;
1142 /* Build SOAP request envelope */
1143 request_soap_doc
= xmlNewDoc(BAD_CAST
"1.0");
1144 if (!request_soap_doc
) {
1145 isds_log_message(context
, _("Could not build SOAP request document"));
1149 request_soap_envelope
= xmlNewNode(NULL
, BAD_CAST
"Envelope");
1150 if (!request_soap_envelope
) {
1151 isds_log_message(context
, _("Could not build SOAP request envelope"));
1155 xmlDocSetRootElement(request_soap_doc
, request_soap_envelope
);
1156 /* Only this way we get namespace definition as @xmlns:soap,
1157 * otherwise we get namespace prefix without definition */
1158 soap_ns
= xmlNewNs(request_soap_envelope
, BAD_CAST SOAP_NS
, NULL
);
1160 isds_log_message(context
, _("Could not create SOAP name space"));
1164 xmlSetNs(request_soap_envelope
, soap_ns
);
1165 request_soap_body
= xmlNewChild(request_soap_envelope
, NULL
,
1166 BAD_CAST
"Body", NULL
);
1167 if (!request_soap_body
) {
1168 isds_log_message(context
,
1169 _("Could not add Body to SOAP request envelope"));
1174 /* Append request XML node set to SOAP body if request is not empty */
1175 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1176 * would destroy this outer structure. */
1178 xmlNodePtr request_copy
= xmlCopyNodeList(request
);
1179 if (!request_copy
) {
1180 isds_log_message(context
,
1181 _("Could not copy request content"));
1185 if (!xmlAddChildList(request_soap_body
, request_copy
)) {
1186 xmlFreeNodeList(request_copy
);
1187 isds_log_message(context
,
1188 _("Could not add request content to SOAP "
1189 "request envelope"));
1196 /* Serialize the SOAP request into HTTP request body */
1197 http_request
= xmlBufferCreate();
1198 if (!http_request
) {
1199 isds_log_message(context
,
1200 _("Could not create xmlBuffer for HTTP request body"));
1204 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1205 * XML document transport as it adds text nodes (indentiation) between
1207 save_ctx
= xmlSaveToBuffer(http_request
, "UTF-8", 0);
1209 isds_log_message(context
,
1210 _("Could not create XML serializer"));
1214 /* XXX: According LibXML documentation, this function does not return
1215 * meaningful value yet */
1216 xmlSaveDoc(save_ctx
, request_soap_doc
);
1217 if (-1 == xmlSaveFlush(save_ctx
)) {
1218 isds_log_message(context
,
1219 _("Could not serialize SOAP request to HTTP request body"));
1224 if (context
->otp_credentials
!= NULL
)
1225 memset(&response_otp_headers
, 0, sizeof(response_otp_headers
));
1227 if (context
->otp_credentials
!= NULL
)
1228 auth_headers_free(&response_otp_headers
);
1229 isds_log(ILF_SOAP
, ILL_DEBUG
,
1230 _("SOAP request to sent to %s:\n%.*s\nEnd of SOAP request\n"),
1231 url
, http_request
->use
, http_request
->content
);
1233 err
= http(context
, url
, 0, http_request
->content
, http_request
->use
,
1234 &http_response
, &response_length
,
1235 &mime_type
, NULL
, &http_code
,
1236 (context
->otp_credentials
== NULL
) ? NULL
: &response_otp_headers
);
1238 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1239 * to be processed too. */
1245 if (NULL
!= context
->otp_credentials
)
1246 context
->otp_credentials
->resolution
= response_otp_headers
.resolution
;
1248 /* Check for HTTP return code */
1249 isds_log(ILF_SOAP
, ILL_DEBUG
, _("Server returned %ld HTTP code\n"),
1251 switch (http_code
) {
1252 /* XXX: We must see which code is used for not permitted ISDS
1253 * operation like downloading message without proper user
1254 * permissions. In that case we should keep connection opened. */
1256 if (NULL
!= context
->otp_credentials
) {
1257 if (context
->otp_credentials
->resolution
==
1258 OTP_RESOLUTION_UNKNOWN
)
1259 context
->otp_credentials
->resolution
=
1260 OTP_RESOLUTION_SUCCESS
;
1264 if (NULL
!= context
->otp_credentials
) {
1265 if (context
->otp_credentials
->resolution
==
1266 OTP_RESOLUTION_UNKNOWN
)
1267 context
->otp_credentials
->resolution
=
1268 OTP_RESOLUTION_SUCCESS
;
1269 err
= IE_PARTIAL_SUCCESS
;
1270 isds_printf_message(context
,
1271 _("Server redirects on <%s> because OTP authentication "
1274 if (context
->otp_credentials
->otp_code
!= NULL
&&
1275 response_otp_headers
.redirect
!= NULL
) {
1276 /* XXX: If OTP code is known, this must be second OTP phase, so
1277 * send final POST request and unset Basic authentication
1278 * from cURL context as cookie is used instead. */
1280 url
= response_otp_headers
.redirect
;
1281 response_otp_headers
.redirect
= NULL
;
1282 _isds_discard_credentials(context
, 0);
1283 err
= unset_http_authorization(context
);
1285 isds_log_message(context
, _("Could not remove "
1286 "credentials from CURL handle."));
1291 /* XXX: Otherwise bail out to ask application for OTP code. */
1296 isds_printf_message(context
,
1297 _("Code 302: Server redirects on <%s> request. "
1298 "Redirection is forbidden in stateless mode."),
1303 case 401: /* ISDS server returns 401 even if Authorization
1305 case 403: /* HTTP/1.0 prescribes 403 if Authorization presents. */
1306 err
= IE_NOT_LOGGED_IN
;
1307 isds_log_message(context
, _("Authentication failed"));
1312 isds_printf_message(context
,
1313 _("Code 404: Document (%s) not found on server"), url
);
1316 /* 500 should return standard SOAP message */
1319 /* Check for Content-Type: text/xml.
1320 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1321 * page for browsers. */
1322 if (mime_type
&& strcmp(mime_type
, "text/xml")
1323 && strcmp(mime_type
, "application/soap+xml")
1324 && strcmp(mime_type
, "application/xml")) {
1325 char *mime_type_locale
= _isds_utf82locale(mime_type
);
1326 isds_printf_message(context
,
1327 _("%s: bad MIME type sent by server: %s"), url
,
1329 free(mime_type_locale
);
1334 /* TODO: Convert returned body into XML default encoding */
1336 /* Parse the HTTP body as XML */
1337 response_soap_doc
= xmlParseMemory(http_response
, response_length
);
1338 if (!response_soap_doc
) {
1343 xpath_ctx
= xmlXPathNewContext(response_soap_doc
);
1349 if (_isds_register_namespaces(xpath_ctx
, MESSAGE_NS_UNSIGNED
)) {
1354 if (_isds_sizet2int(response_length
) >= 0) {
1355 isds_log(ILF_SOAP
, ILL_DEBUG
,
1356 _("SOAP response received:\n%.*s\nEnd of SOAP response\n"),
1357 _isds_sizet2int(response_length
), http_response
);
1360 /* Check for SOAP version */
1361 response_root
= xmlDocGetRootElement(response_soap_doc
);
1362 if (!response_root
) {
1363 isds_log_message(context
, "SOAP response has no root element");
1367 if (xmlStrcmp(response_root
->name
, BAD_CAST
"Envelope") ||
1368 xmlStrcmp(response_root
->ns
->href
, BAD_CAST SOAP_NS
)) {
1369 isds_log_message(context
, "SOAP response is not SOAP 1.1 document");
1374 /* Check for SOAP Headers */
1375 response_soap_headers
= xmlXPathEvalExpression(
1376 BAD_CAST
"/soap:Envelope/soap:Header/"
1377 "*[@soap:mustUnderstand/text() = true()]", xpath_ctx
);
1378 if (!response_soap_headers
) {
1382 if (!xmlXPathNodeSetIsEmpty(response_soap_headers
->nodesetval
)) {
1383 isds_log_message(context
,
1384 _("SOAP response requires unsupported feature"));
1385 /* TODO: log the headers
1386 * xmlChar *fragment = NULL;
1387 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1393 response_soap_body
= xmlXPathEvalExpression(
1394 BAD_CAST
"/soap:Envelope/soap:Body", xpath_ctx
);
1395 if (!response_soap_body
) {
1399 if (xmlXPathNodeSetIsEmpty(response_soap_body
->nodesetval
)) {
1400 isds_log_message(context
,
1401 _("SOAP response does not contain SOAP Body element"));
1405 if (response_soap_body
->nodesetval
->nodeNr
> 1) {
1406 isds_log_message(context
,
1407 _("SOAP response has more than one Body element"));
1412 /* Check for SOAP Fault */
1413 response_soap_fault
= xmlXPathEvalExpression(
1414 BAD_CAST
"/soap:Envelope/soap:Body/soap:Fault", xpath_ctx
);
1415 if (!response_soap_fault
) {
1419 if (!xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1420 /* Server signals Fault. Gather error message and croak. */
1421 /* XXX: Only first message is passed */
1422 char *message
= NULL
, *message_locale
= NULL
;
1423 xpath_ctx
->node
= response_soap_fault
->nodesetval
->nodeTab
[0];
1424 xmlXPathFreeObject(response_soap_fault
);
1425 /* XXX: faultstring and faultcode are in no name space according
1426 * ISDS specification */
1427 /* First more verbose faultstring */
1428 response_soap_fault
= xmlXPathEvalExpression(
1429 BAD_CAST
"faultstring[1]/text()", xpath_ctx
);
1430 if (response_soap_fault
&&
1431 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1433 xmlXPathCastNodeSetToString(response_soap_fault
->nodesetval
);
1434 message_locale
= _isds_utf82locale(message
);
1436 /* If not available, try shorter faultcode */
1437 if (!message_locale
) {
1439 xmlXPathFreeObject(response_soap_fault
);
1440 response_soap_fault
= xmlXPathEvalExpression(
1441 BAD_CAST
"faultcode[1]/text()", xpath_ctx
);
1442 if (response_soap_fault
&&
1443 !xmlXPathNodeSetIsEmpty(response_soap_fault
->nodesetval
)) {
1445 xmlXPathCastNodeSetToString(
1446 response_soap_fault
->nodesetval
);
1447 message_locale
= _isds_utf82locale(message
);
1453 isds_printf_message(context
, _("SOAP response signals Fault: %s"),
1456 isds_log_message(context
, _("SOAP response signals Fault"));
1458 free(message_locale
);
1466 /* Extract XML tree with ISDS response from SOAP envelope and return it.
1467 * XXX: response_soap_body lists only one Body element here. We need
1468 * children which may not exist (i.e. empty Body) or being more than one
1469 * (this is not the case of ISDS payload, but let's support generic SOAP).
1470 * XXX: We will return the XML document and children as a node list for
1472 * (1) We won't to do expensive xmlDocCopyNodeList(),
1473 * (2) Any node is unusable after calling xmlFreeDoc() on it's document
1474 * because the document holds a dictionary with identifiers. Caller always
1475 * can do xmlDocCopyNodeList() on a fresh document later. */
1476 if (NULL
!= response_document
&& NULL
!= response_node_list
) {
1477 *response_document
= response_soap_doc
;
1478 *response_node_list
=
1479 response_soap_body
->nodesetval
->nodeTab
[0]->children
;
1482 /* Save raw response */
1484 *raw_response
= http_response
;
1485 *raw_response_length
= response_length
;
1486 http_response
= NULL
;
1491 xmlXPathFreeObject(response_soap_fault
);
1492 xmlXPathFreeObject(response_soap_body
);
1493 xmlXPathFreeObject(response_soap_headers
);
1494 xmlXPathFreeContext(xpath_ctx
);
1495 if (NULL
== response_document
|| NULL
== *response_document
) {
1496 xmlFreeDoc(response_soap_doc
);
1498 if (context
->otp_credentials
!= NULL
)
1499 auth_headers_free(&response_otp_headers
);
1501 free(http_response
);
1502 xmlSaveClose(save_ctx
);
1503 xmlBufferFree(http_request
);
1504 xmlFreeDoc(request_soap_doc
); /* recursive, frees request_body, soap_ns*/
1511 /* Build new URL from current @context and template.
1512 * @context is context carrying an URL
1513 * @template is printf(3) format string. First argument is length of the base
1514 * URL found in @context, second argument is the base URL, third argument is
1515 * again the base URL.
1516 * XXX: We cannot use "$" formatting character because it's not in the ISO C99.
1517 * @new_url is newly allocated URL built from @template. Caller must free it.
1518 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1521 _hidden isds_error
_isds_build_url_from_context(struct isds_ctx
*context
,
1522 const char *template, char **new_url
) {
1523 int length
, slashes
;
1525 if (NULL
!= new_url
) *new_url
= NULL
;
1526 if (NULL
== context
) return IE_INVALID_CONTEXT
;
1527 if (NULL
== template) return IE_INVAL
;
1528 if (NULL
== new_url
) return IE_INVAL
;
1530 /* Find length of base URL from context URL */
1531 if (NULL
== context
->url
) {
1532 isds_log_message(context
, _("Base URL could not have been determined "
1533 "from context URL because there was no URL set in the "
1537 for (length
= 0, slashes
= 0; context
->url
[length
] != '\0'; length
++) {
1538 if (context
->url
[length
] == '/') slashes
++;
1539 if (slashes
== 3) break;
1542 isds_log_message(context
, _("Base URL could not have been determined "
1543 "from context URL"));
1549 if (-1 == isds_asprintf(new_url
, template, length
, context
->url
,
1557 /* Invalidate session cookie for otp authenticated @context */
1558 _hidden isds_error
_isds_invalidate_otp_cookie(struct isds_ctx
*context
) {
1562 void *response
= NULL
;
1563 size_t response_length
;
1565 if (context
== NULL
|| !context
->otp
) return IE_INVALID_CONTEXT
;
1566 if (context
->curl
== NULL
) return IE_CONNECTION_CLOSED
;
1568 /* Build logout URL */
1569 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1570 err
= _isds_build_url_from_context(context
,
1571 "%.*sas/processLogout?uri=%sDS/dz", &url
);
1572 if (err
) return err
;
1574 /* Invalidate the cookie by GET request */
1578 &response
, &response_length
,
1579 NULL
, NULL
, &http_code
,
1584 /* long message set by http() */
1585 } else if (http_code
!= 200) {
1586 /* TODO: Specification does not define response for this request.
1587 * Especially it does not state whether direct 200 or 302 redirect is
1588 * sent. We need to check real implementation. */
1590 isds_printf_message(context
, _("Cookie for OTP authenticated "
1591 "connection to <%s> could not been invalidated"),
1594 isds_log(ILF_SEC
, ILL_DEBUG
, _("Cookie for OTP authenticated "
1595 "connection to <%s> has been invalidated.\n"),
1602 /* LibXML functions:
1604 * void xmlInitParser(void)
1605 * Initialization function for the XML parser. This is not reentrant. Call
1606 * once before processing in case of use in multithreaded programs.
1608 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1609 * Initialize a parser context
1611 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1612 * const * char URL, const char * encoding, int options);
1613 * Parse in-memory NULL-terminated document @cur.
1615 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1616 * Parse an XML in-memory block and build a tree.
1618 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1620 * Create a parser context for an XML in-memory document.
1622 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1623 * Creates a parser context for an XML in-memory document.
1625 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1626 * const char * buffer, int size, const char * URL, const char * encoding,
1628 * Parse an XML in-memory document and build a tree. This reuses the existing
1629 * @ctxt parser context.
1631 * void xmlCleanupParser(void)
1632 * Cleanup function for the XML library. It tries to reclaim all parsing
1633 * related glob document related memory. Calling this function should not
1634 * prevent reusing the libr finished using the library or XML document built
1637 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1638 * Clear (release owned resources) and reinitialize a parser context.
1640 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1641 * Reset a parser context
1643 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1644 * Free all the memory used by a parser context. However the parsed document
1645 * in ctxt->myDoc is not freed.
1647 * void xmlFreeDoc(xmlDocPtr cur)
1648 * Free up all the structures used by a document, tree included.