6 * Copyright (C) 2011-2014 SIPE Project <http://sipe.sourceforge.net/>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * Specification references:
26 * - [MS-SIPAE]: http://msdn.microsoft.com/en-us/library/cc431510.aspx
27 * - [MS-OCAUTHWS]: http://msdn.microsoft.com/en-us/library/ff595592.aspx
28 * - MS Tech-Ed Europe 2010 "UNC310: Microsoft Lync 2010 Technology Explained"
29 * http://ecn.channel9.msdn.com/o9/te/Europe/2010/pptx/unc310.pptx
37 #include "sipe-common.h"
38 #include "sipe-backend.h"
39 #include "sipe-core.h"
40 #include "sipe-core-private.h"
41 #include "sipe-http.h"
44 #include "sipe-utils.h"
48 /* forward declaration */
50 typedef void (svc_callback
)(struct sipe_core_private
*sipe_private
,
51 struct svc_request
*data
,
56 svc_callback
*internal_cb
;
57 sipe_svc_callback
*cb
;
59 struct sipe_http_request
*request
;
64 GSList
*pending_requests
;
65 gboolean shutting_down
;
68 struct sipe_svc_session
{
69 struct sipe_http_session
*session
;
72 static void sipe_svc_request_free(struct sipe_core_private
*sipe_private
,
73 struct svc_request
*data
)
76 sipe_http_request_cancel(data
->request
);
78 /* Callback: aborted */
79 (*data
->cb
)(sipe_private
, NULL
, NULL
, NULL
, data
->cb_data
);
84 void sipe_svc_free(struct sipe_core_private
*sipe_private
)
86 struct sipe_svc
*svc
= sipe_private
->svc
;
90 /* Web Service stack is shutting down: reject all new requests */
91 svc
->shutting_down
= TRUE
;
93 if (svc
->pending_requests
) {
94 GSList
*entry
= svc
->pending_requests
;
96 sipe_svc_request_free(sipe_private
, entry
->data
);
99 g_slist_free(svc
->pending_requests
);
103 sipe_private
->svc
= NULL
;
106 static void sipe_svc_init(struct sipe_core_private
*sipe_private
)
108 if (sipe_private
->svc
)
111 sipe_private
->svc
= g_new0(struct sipe_svc
, 1);
114 struct sipe_svc_session
*sipe_svc_session_start(void)
116 struct sipe_svc_session
*session
= g_new0(struct sipe_svc_session
, 1);
117 session
->session
= sipe_http_session_start();
121 void sipe_svc_session_close(struct sipe_svc_session
*session
)
124 sipe_http_session_close(session
->session
);
129 static void sipe_svc_https_response(struct sipe_core_private
*sipe_private
,
131 SIPE_UNUSED_PARAMETER GSList
*headers
,
133 gpointer callback_data
)
135 struct svc_request
*data
= callback_data
;
136 struct sipe_svc
*svc
= sipe_private
->svc
;
138 SIPE_DEBUG_INFO("sipe_svc_https_response: code %d", status
);
139 data
->request
= NULL
;
141 if ((status
== SIPE_HTTP_STATUS_OK
) && body
) {
142 sipe_xml
*xml
= sipe_xml_parse(body
, strlen(body
));
143 /* Internal callback: success */
144 (*data
->internal_cb
)(sipe_private
, data
, body
, xml
);
147 /* Internal callback: failed */
148 (*data
->internal_cb
)(sipe_private
, data
, NULL
, NULL
);
151 /* Internal callback has already called this */
154 svc
->pending_requests
= g_slist_remove(svc
->pending_requests
,
156 sipe_svc_request_free(sipe_private
, data
);
160 * Send GET request when @c body is NULL, otherwise send POST request
162 * @param content_type MIME type for body content (ignored when body is @c NULL)
163 * @param soap_action SOAP action header value (ignored when body is @c NULL)
164 * @param body body contents (may be @c NULL)
166 static gboolean
sipe_svc_https_request(struct sipe_core_private
*sipe_private
,
167 struct sipe_svc_session
*session
,
169 const gchar
*content_type
,
170 const gchar
*soap_action
,
172 svc_callback
*internal_callback
,
173 sipe_svc_callback
*callback
,
174 gpointer callback_data
)
176 struct svc_request
*data
= g_new0(struct svc_request
, 1);
177 struct sipe_http_request
*request
= NULL
;
178 struct sipe_svc
*svc
;
180 sipe_svc_init(sipe_private
);
181 svc
= sipe_private
->svc
;
183 if (svc
->shutting_down
) {
184 SIPE_DEBUG_ERROR("sipe_svc_https_request: new Web Service request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
189 soap_action
? soap_action
: "<NONE>",
190 body
? body
: "<EMPTY>");
193 gchar
*headers
= g_strdup_printf("SOAPAction: \"%s\"\r\n",
196 request
= sipe_http_request_post(sipe_private
,
201 sipe_svc_https_response
,
206 request
= sipe_http_request_get(sipe_private
,
209 sipe_svc_https_response
,
215 data
->internal_cb
= internal_callback
;
217 data
->cb_data
= callback_data
;
218 data
->request
= request
;
219 data
->uri
= g_strdup(uri
);
221 svc
->pending_requests
= g_slist_prepend(svc
->pending_requests
,
224 sipe_http_request_session(request
, session
->session
);
225 sipe_http_request_ready(request
);
228 SIPE_DEBUG_ERROR("failed to create HTTP connection to %s", uri
);
232 return(request
!= NULL
);
235 static gboolean
sipe_svc_wsdl_request(struct sipe_core_private
*sipe_private
,
236 struct sipe_svc_session
*session
,
238 const gchar
*additional_ns
,
239 const gchar
*soap_action
,
240 const gchar
*wsse_security
,
241 const gchar
*soap_body
,
242 const gchar
*content_type
,
243 svc_callback
*internal_callback
,
244 sipe_svc_callback
*callback
,
245 gpointer callback_data
)
247 /* Only generate SOAP header if we have a security token */
248 gchar
*soap_header
= wsse_security
?
249 g_strdup_printf("<soap:Header>"
250 " <wsa:To>%s</wsa:To>"
252 " <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>"
254 " <wsa:Action>%s</wsa:Action>"
255 " <wsse:Security>%s</wsse:Security>"
261 gchar
*body
= g_strdup_printf("<?xml version=\"1.0\"?>\r\n"
263 " xmlns:auth=\"http://schemas.xmlsoap.org/ws/2006/12/authorization\""
264 " xmlns:wsa=\"http://www.w3.org/2005/08/addressing\""
265 " xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\""
266 " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\""
267 " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\""
270 " <soap:Body>%s</soap:Body>"
276 gboolean ret
= sipe_svc_https_request(sipe_private
,
279 content_type
? content_type
: "text/xml",
291 static gboolean
new_soap_req(struct sipe_core_private
*sipe_private
,
292 struct sipe_svc_session
*session
,
294 const gchar
*soap_action
,
295 const gchar
*wsse_security
,
296 const gchar
*soap_body
,
297 svc_callback
*internal_callback
,
298 sipe_svc_callback
*callback
,
299 gpointer callback_data
)
301 return(sipe_svc_wsdl_request(sipe_private
,
304 "xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" "
305 "xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" "
306 "xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"",
316 static void sipe_svc_wsdl_response(struct sipe_core_private
*sipe_private
,
317 struct svc_request
*data
,
322 /* Callback: success */
323 (*data
->cb
)(sipe_private
, data
->uri
, raw
, xml
, data
->cb_data
);
325 /* Callback: failed */
326 (*data
->cb
)(sipe_private
, data
->uri
, NULL
, NULL
, data
->cb_data
);
330 gboolean
sipe_svc_get_and_publish_cert(struct sipe_core_private
*sipe_private
,
331 struct sipe_svc_session
*session
,
333 const gchar
*wsse_security
,
334 const gchar
*certreq
,
335 sipe_svc_callback
*callback
,
336 gpointer callback_data
)
338 struct sipe_tls_random id
;
341 gchar
*uuid
= get_uuid(sipe_private
);
345 /* random request ID */
346 sipe_tls_fill_random(&id
, 256);
347 id_base64
= g_base64_encode(id
.buffer
, id
.length
);
348 sipe_tls_free_random(&id
);
349 id_uuid
= generateUUIDfromEPID(id_base64
);
352 soap_body
= g_strdup_printf("<GetAndPublishCert"
353 " xmlns=\"http://schemas.microsoft.com/OCS/AuthWebServices/\""
354 " xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/\""
355 " xmlns:wstep=\"http://schemas.microsoft.com/windows/pki/2009/01/enrollment\""
359 " <wst:RequestSecurityToken>"
360 " <wst:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wst:TokenType>"
361 " <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>"
362 " <wsse:BinarySecurityToken"
363 " ValueType=\"http://schemas.microsoft.com/OCS/AuthWebServices.xsd#PKCS10\""
364 " EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary\""
365 " >\r\n%s</wsse:BinarySecurityToken>"
366 " <wstep:RequestID>%s</wstep:RequestID>"
367 " </wst:RequestSecurityToken>"
368 "</GetAndPublishCert>",
370 sipe_private
->username
,
376 ret
= new_soap_req(sipe_private
,
379 "http://schemas.microsoft.com/OCS/AuthWebServices/GetAndPublishCert",
382 sipe_svc_wsdl_response
,
390 gboolean
sipe_svc_ab_entry_request(struct sipe_core_private
*sipe_private
,
391 struct sipe_svc_session
*session
,
393 const gchar
*wsse_security
,
396 sipe_svc_callback
*callback
,
397 gpointer callback_data
)
400 gchar
*soap_body
= g_strdup_printf("<SearchAbEntry"
401 " xmlns=\"DistributionListExpander\""
402 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
403 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\""
408 " <FromDialPad>false</FromDialPad>"
409 " <MaxResultNum>%d</MaxResultNum>"
410 " <ReturnList>displayName,msRTCSIP-PrimaryUserAddress,title,telephoneNumber,homePhone,mobile,otherTelephone,mail,company,country,photoRelPath,photoSize,photoHash</ReturnList>"
417 ret
= new_soap_req(sipe_private
,
420 "DistributionListExpander/IAddressBook/SearchAbEntry",
423 sipe_svc_wsdl_response
,
431 /* Requests to login.microsoftonline.com & ADFS */
432 static gboolean
request_passport(struct sipe_core_private
*sipe_private
,
433 struct sipe_svc_session
*session
,
434 const gchar
*service_uri
,
435 const gchar
*auth_uri
,
436 const gchar
*wsse_security
,
437 const gchar
*content_type
,
438 const gchar
*request_extension
,
439 sipe_svc_callback
*callback
,
440 gpointer callback_data
)
442 gchar
*soap_body
= g_strdup_printf("<wst:RequestSecurityToken>"
443 " <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>"
445 " <wsa:EndpointReference>"
446 " <wsa:Address>%s</wsa:Address>"
447 " </wsa:EndpointReference>"
450 "</wst:RequestSecurityToken>",
452 request_extension
? request_extension
: "");
454 gboolean ret
= sipe_svc_wsdl_request(sipe_private
,
457 "xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\" "
458 "xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"",
459 "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue",
463 sipe_svc_wsdl_response
,
471 static gboolean
request_user_password(struct sipe_core_private
*sipe_private
,
472 struct sipe_svc_session
*session
,
473 const gchar
*service_uri
,
474 const gchar
*auth_uri
,
475 const gchar
*content_type
,
476 const gchar
*request_extension
,
477 sipe_svc_callback
*callback
,
478 gpointer callback_data
)
480 /* Only cleartext passwords seem to be accepted... */
481 gchar
*wsse_security
= g_markup_printf_escaped("<wsse:UsernameToken>"
482 " <wsse:Username>%s</wsse:Username>"
483 " <wsse:Password>%s</wsse:Password>"
484 "</wsse:UsernameToken>",
485 sipe_private
->authuser
? sipe_private
->authuser
: sipe_private
->username
,
486 sipe_private
->password
? sipe_private
->password
: "");
488 gboolean ret
= request_passport(sipe_private
,
497 g_free(wsse_security
);
502 gboolean
sipe_svc_webticket_adfs(struct sipe_core_private
*sipe_private
,
503 struct sipe_svc_session
*session
,
504 const gchar
*adfs_uri
,
505 sipe_svc_callback
*callback
,
506 gpointer callback_data
)
508 return(request_user_password(sipe_private
,
510 "urn:federation:MicrosoftOnline",
512 /* ADFS is special, *sigh* */
513 "application/soap+xml; charset=utf-8",
514 "<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType>",
519 #define LMC_URI "https://login.microsoftonline.com:443/RST2.srf"
521 gboolean
sipe_svc_webticket_lmc(struct sipe_core_private
*sipe_private
,
522 struct sipe_svc_session
*session
,
523 const gchar
*service_uri
,
524 sipe_svc_callback
*callback
,
525 gpointer callback_data
)
527 return(request_user_password(sipe_private
,
537 gboolean
sipe_svc_webticket_lmc_federated(struct sipe_core_private
*sipe_private
,
538 struct sipe_svc_session
*session
,
539 const gchar
*wsse_security
,
540 const gchar
*service_uri
,
541 sipe_svc_callback
*callback
,
542 gpointer callback_data
)
544 return(request_passport(sipe_private
,
555 gboolean
sipe_svc_webticket(struct sipe_core_private
*sipe_private
,
556 struct sipe_svc_session
*session
,
558 const gchar
*wsse_security
,
559 const gchar
*service_uri
,
560 const struct sipe_tls_random
*entropy
,
561 sipe_svc_callback
*callback
,
562 gpointer callback_data
)
564 gchar
*uuid
= get_uuid(sipe_private
);
565 gchar
*secret
= g_base64_encode(entropy
->buffer
, entropy
->length
);
566 gchar
*soap_body
= g_strdup_printf("<wst:RequestSecurityToken Context=\"%s\">"
567 " <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>"
568 " <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>"
570 " <wsa:EndpointReference>"
571 " <wsa:Address>%s</wsa:Address>"
572 " </wsa:EndpointReference>"
574 " <wst:Claims Dialect=\"urn:component:Microsoft.Rtc.WebAuthentication.2010:authclaims\">"
575 " <auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri\" Optional=\"false\">"
576 " <auth:Value>sip:%s</auth:Value>"
580 " <wst:BinarySecret>%s</wst:BinarySecret>"
582 " <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>"
583 "</wst:RequestSecurityToken>",
586 sipe_private
->username
,
589 gboolean ret
= new_soap_req(sipe_private
,
592 "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue",
595 sipe_svc_wsdl_response
,
605 static void sipe_svc_metadata_response(struct sipe_core_private
*sipe_private
,
606 struct svc_request
*data
,
611 /* Callback: success */
612 (*data
->cb
)(sipe_private
, data
->uri
, raw
, xml
, data
->cb_data
);
614 /* Callback: failed */
615 (*data
->cb
)(sipe_private
, data
->uri
, NULL
, NULL
, data
->cb_data
);
619 gboolean
sipe_svc_realminfo(struct sipe_core_private
*sipe_private
,
620 struct sipe_svc_session
*session
,
621 sipe_svc_callback
*callback
,
622 gpointer callback_data
)
625 * For some users RealmInfo response is different for authuser and
626 * username. Use authuser, but only if it looks like "user@domain".
628 gchar
*realminfo_uri
= g_strdup_printf("https://login.microsoftonline.com/getuserrealm.srf?login=%s&xml=1",
629 sipe_private
->authuser
&& strchr(sipe_private
->authuser
, '@') ?
630 sipe_private
->authuser
: sipe_private
->username
);
631 gboolean ret
= sipe_svc_https_request(sipe_private
,
637 sipe_svc_metadata_response
,
640 g_free(realminfo_uri
);
644 gboolean
sipe_svc_metadata(struct sipe_core_private
*sipe_private
,
645 struct sipe_svc_session
*session
,
647 sipe_svc_callback
*callback
,
648 gpointer callback_data
)
650 gchar
*mex_uri
= g_strdup_printf("%s/mex", uri
);
651 gboolean ret
= sipe_svc_https_request(sipe_private
,
657 sipe_svc_metadata_response
,