| blob | c04ae70bcc14f6c1aff56275e26db32cfd2aa95a |
4 #include <stdlib.h>
5 #include <string.h>
9 /* Private structure for write_body() call back */
13 };
15 /* Private structure for write_header() call back */
18 response, values become obsolete. */
25 };
28 /* Deallocate content of struct auth_headers */
35 }
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
49 }
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
55 }
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
62 * input - 1.
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
80 /* Start is "=?" */
85 /* Then is "CHARSET?" */
92 encoded++;
93 }
94 encoded++;
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
101 encoded++;
103 /* Then is "ENCODED_TEXT?=" */
109 encoded++;
110 }
114 /* Now pointers are:
115 * "=?CHARSET?E?ENCODED_TEXT?="
116 * | | | ||
117 * | | | |\- encoded
118 * | | | \- end
119 * | | \- encoding
120 * | \- charset_start
121 * \- *input
122 */
131 /* Decode encoding */
137 /* Decode Base-64 */
143 }
151 }
153 /* Decode Quoted-printable-like */
158 }
164 /* Validate "=HH", where H is hexadecimal digit */
169 }
170 /* Convert =HH */
175 }
181 }
185 }
186 bit_length++;
187 }
189 /* Unknown encoding */
192 }
194 /* Convert to UTF-8 */
203 }
205 /* Copy UTF-8 stream to output buffer */
209 }
216 }
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
231 /* A character can occupy up to 6 bytes in UTF-8 */
234 /* ENOMEM */
236 }
238 /* Decode */
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
240 * a space. */
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
242 * */
248 }
259 }
262 }
266 }
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
280 default: return 0;
281 }
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
286 return 1;
287 return 0;
288 }*/
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
311 else
313 }
316 /* Close connection to server and destroy CURL handle associated
317 * with @context */
329 }
330 }
333 /* Remove username and password from context CURL handle. */
345 #else
354 else
358 }
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
386 }
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
407 /* ??? Is this the empty line delimiter? */
409 }
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
415 /* Append continuation to multi-line header */
421 /* ENOMEM */
423 }
428 /* Invalid continuation without starting header will be skipped. */
431 "been encountered. Skipping invalid HTTP response "
433 }
435 }
437 /* Decode last header */
442 /* TODO: Set IE_NOMEM to context */
444 }
446 }
452 /* TODO: Set IE_NOMEM to context */
454 }
456 }
462 /* TODO: Set IE_NOMEM to context */
464 }
466 }
468 store:
469 /* Last header decoded, free it */
473 /* Current line is header---body separator */
477 /* Current line is new header, store it */
480 /* TODO: Set IE_NOMEM to context */
482 }
485 }
487 leave:
489 }
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
507 }
508 }
511 }
514 /* CURL call back function called when curl has something to log.
515 * @curl is cURL context
516 * @type is cURL log facility
517 * @buffer points to log data, XXX: not zero-terminated
518 * @size is length of log data
519 * @userp is private structure.
520 * Must return 0. */
523 /* Silent warning about usused arguments.
524 * This prototype is cURL's debug_callback type. */
533 }
536 /* Do HTTP request.
537 * @context holds the base URL,
538 * @url is a (CGI) file of SOAP URL,
539 * @use_get is a false to do a POST request, true to do a GET request.
540 * @request is body for POST request
541 * @request_length is length of @request in bytes
542 * @reponse is automatically reallocated() buffer to fit HTTP response with
543 * @response_length (does not need to match allocated memory exactly). You must
544 * free() the @response.
545 * @mime_type is automatically allocated MIME type send by server (*NULL if not
546 * sent). Set NULL if you don't care.
547 * @charset is charset of the body signaled by server. The same constrains
548 * like on @mime_type apply.
549 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
550 * or any other one. Pass NULL if you don't interest.
551 * In case of error, the response memory, MIME type, charset and length will be
552 * deallocated and zeroed automatically. Thus be sure they are preallocated or
553 * they points to NULL.
554 * @response_otp_headers is pre-allocated structure for OTP authentication
555 * headers sent by server. Members must be valid pointers or NULLs.
556 * Pass NULL if you don't interest.
557 * Be ware that successful return value does not mean the HTTP request has
558 * been accepted by the server. You must consult @http_code. OTOH, failure
559 * return value means the request could not been sent (e.g. SSL error).
560 * Side effect: message buffer */
568 CURLcode curl_err;
580 /* Clean authentication headers */
582 /* Set the body here to allow deallocation in leave block */
586 /* Set Request-URI */
589 /* Set TLS options */
600 }
601 }
608 }
615 }
623 #else
627 "Make sure cryptographic library default setting "
631 }
634 /* Set credentials */
639 }
643 }
644 #else
652 }
655 }
658 /* Set PKI credentials */
661 /* Select SSL engine */
668 }
671 /* Select certificate format */
674 PKI_FORMAT_ENG) {
675 /* XXX: It's valid to have certificate in engine without name.
676 * Engines can select certificate according private key and
677 * vice versa. */
683 else
698 }
699 #else
701 PKI_FORMAT_ENG ||
706 "understands your certificate file by default, "
709 }
712 /* Select certificate */
716 }
719 /* Select key format */
726 else
741 }
744 /* Select key */
749 /* Pass key pass-phrase */
752 CURLOPT_KEYPASSWD,
756 CURLOPT_SSLKEYPASSWD,
760 CURLOPT_SSLCERTPASSWD,
762 #endif
763 }
764 }
765 }
767 /* Set authorization cookie for OTP session */
773 }
775 /* Set timeout */
778 }
783 #else
787 }
789 /* Register callback */
793 }
797 }
800 context);
801 }
802 }
804 /* Set other CURL features */
807 }
809 /* Set get-response function */
812 write_body);
813 }
816 }
818 /* Set get-response-headers function if needed.
819 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
820 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
821 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
825 }
828 response_otp_headers);
829 }
831 /* Set MIME types and headers requires by SOAP 1.1.
832 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml */
839 }
844 }
849 }
851 }
853 /* Set user agent identification */
856 }
859 /* Set GET request */
862 }
864 /* Set POST request body */
867 }
870 }
873 request_length);
874 }
875 }
877 {
878 /* Debug cURL if requested */
879 _Bool debug_curl =
884 }
888 }
889 }
891 /* Check for errors so far */
896 }
906 }
908 }
911 /* Do the request */
919 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
920 * error message. */
921 /* TODO: CURL is not internationalized yet. Collect CURL messages for
922 * I18N. */
939 curl_err == CURLE_SSL_ISSUER_ERROR
940 )
942 else
945 }
954 }
958 /* Extract MIME type and charset */
972 }
975 }
989 }
990 }
991 }
992 }
993 }
995 /* Get HTTP response code */
1002 }
1003 }
1005 /* Store OTP authentication results */
1013 /* XXX: Don't make unknown code fatal. Missing code can be succcess if
1014 * HTTP code is 302. This is checked in _isds_soap(). */
1020 /* _isds_utf82locale() return NULL on inconverable string. Do not
1021 * panic on it.
1022 * TODO: Escape such characters.
1023 * if (message_locale == NULL) {
1024 err = IE_NOMEM;
1025 goto leave;
1026 }*/
1029 message_locale);
1031 }
1039 }
1043 next_url);
1049 }
1050 }
1051 }
1052 leave:
1063 }
1067 }
1070 }
1076 }
1079 /* Do SOAP request.
1080 * @context holds the base URL,
1081 * @file is a (CGI) file of SOAP URL,
1082 * @request is XML node set with SOAP request body.
1083 * @file must be NULL, @request should be NULL rather than empty, if they should
1084 * not be signaled in the SOAP request.
1085 * @response_document is an automatically allocated XML document whose subtree
1086 * identified by @response_node_list holds the SOAP response body content. You
1087 * must xmlFreeDoc() it. If you don't care pass NULL and also
1088 * NULL @response_node_list.
1089 * @response_node_list is a pointer to node set with SOAP response body
1090 * content. The returned pointer points into @response_document to the first
1091 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1092 * don't care.
1093 * @raw_response is automatically allocated bit stream with response body. Use
1094 * NULL if you don't care
1095 * @raw_response_length is size of @raw_response in bytes
1096 * In case of error the response will be deallocated automatically.
1097 * Side effect: message buffer */
1135 /* Build SOAP request envelope */
1141 }
1147 }
1149 /* Only this way we get namespace definition as @xmlns:soap,
1150 * otherwise we get namespace prefix without definition */
1156 }
1165 }
1167 /* Append request XML node set to SOAP body if request is not empty */
1168 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1169 * would destroy this outer structure. */
1177 }
1185 }
1186 }
1189 /* Serialize the SOAP request into HTTP request body */
1196 }
1197 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1198 * XML document transport as it adds text nodes (indentiation) between
1199 * elements. */
1206 }
1207 /* XXX: According LibXML documentation, this function does not return
1208 * meaningful value yet */
1215 }
1219 redirect:
1231 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1232 * to be processed too. */
1236 }
1241 /* Check for HTTP return code */
1243 http_code);
1245 /* XXX: We must see which code is used for not permitted ISDS
1246 * operation like downloading message without proper user
1247 * permissions. In that case we should keep connection opened. */
1251 OTP_RESOLUTION_UNKNOWN)
1253 OTP_RESOLUTION_SUCCESS;
1254 }
1259 OTP_RESOLUTION_UNKNOWN)
1261 OTP_RESOLUTION_SUCCESS;
1266 url);
1269 /* XXX: If OTP code is known, this must be second OTP phase, so
1270 * send final POST request and unset Basic authentication
1271 * from cURL context as cookie is used instead. */
1281 }
1284 /* XXX: Otherwise bail out to ask application for OTP code. */
1286 }
1292 url);
1294 }
1297 presents. */
1309 /* 500 should return standard SOAP message */
1310 }
1312 /* Check for Content-Type: text/xml.
1313 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1314 * page for browsers. */
1321 mime_type_locale);
1325 }
1327 /* TODO: Convert returned body into XML default encoding */
1329 /* Parse the HTTP body as XML */
1334 }
1340 }
1345 }
1351 }
1353 /* Check for SOAP version */
1359 }
1365 }
1367 /* Check for SOAP Headers */
1369 BAD_CAST "/soap:Envelope/soap:Header/"
1374 }
1378 /* TODO: log the headers
1379 * xmlChar *fragment = NULL;
1380 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1383 }
1385 /* Get SOAP Body */
1391 }
1397 }
1403 }
1405 /* Check for SOAP Fault */
1411 }
1413 /* Server signals Fault. Gather error message and croak. */
1414 /* XXX: Only first message is passed */
1418 /* XXX: faultstring and faultcode are in no name space according
1419 * ISDS specification */
1420 /* First more verbose faultstring */
1428 }
1429 /* If not available, try shorter faultcode */
1441 }
1442 }
1444 /* Croak */
1447 message_locale);
1448 else
1456 }
1459 /* Extract XML tree with ISDS response from SOAP envelope and return it.
1460 * XXX: response_soap_body lists only one Body element here. We need
1461 * children which may not exist (i.e. empty Body) or being more than one
1462 * (this is not the case of ISDS payload, but let's support generic SOAP).
1463 * XXX: We will return the XML document and children as a node list for
1464 * two reasons:
1465 * (1) We won't to do expensive xmlDocCopyNodeList(),
1466 * (2) Any node is unusable after calling xmlFreeDoc() on it's document
1467 * because the document holds a dictionary with identifiers. Caller always
1468 * can do xmlDocCopyNodeList() on a fresh document later. */
1473 }
1475 /* Save raw response */
1480 }
1483 leave:
1490 }
1501 }
1504 /* Build new URL from current @context and template.
1505 * @context is context carrying an URL
1506 * @template is printf(3) format string. First argument is length of the base
1507 * URL found in @context, second argument is the base URL, third argument is
1508 * again the base URL.
1509 * XXX: We cannot use "$" formatting character because it's not in the ISO C99.
1510 * @new_url is newly allocated URL built from @template. Caller must free it.
1511 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1512 * allocated.
1513 * */
1523 /* Find length of base URL from context URL */
1526 "from context URL because there was no URL set in the "
1529 }
1533 }
1538 }
1539 length++;
1541 /* Build new URL */
1547 }
1550 /* Invalidate session cookie for otp authenticated @context */
1552 isds_error err;
1561 /* Build logout URL */
1562 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1567 /* Invalidate the cookie by GET request */
1573 NULL);
1577 /* long message set by http() */
1579 /* TODO: Specification does not define response for this request.
1580 * Especially it does not state whether direct 200 or 302 redirect is
1581 * sent. We need to check real implementation. */
1590 }
1592 }
1595 /* LibXML functions:
1596 *
1597 * void xmlInitParser(void)
1598 * Initialization function for the XML parser. This is not reentrant. Call
1599 * once before processing in case of use in multithreaded programs.
1600 *
1601 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1602 * Initialize a parser context
1603 *
1604 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1605 * const * char URL, const char * encoding, int options);
1606 * Parse in-memory NULL-terminated document @cur.
1607 *
1608 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1609 * Parse an XML in-memory block and build a tree.
1610 *
1611 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1612 * size);
1613 * Create a parser context for an XML in-memory document.
1614 *
1615 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1616 * Creates a parser context for an XML in-memory document.
1617 *
1618 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1619 * const char * buffer, int size, const char * URL, const char * encoding,
1620 * int options)
1621 * Parse an XML in-memory document and build a tree. This reuses the existing
1622 * @ctxt parser context.
1624 * void xmlCleanupParser(void)
1625 * Cleanup function for the XML library. It tries to reclaim all parsing
1626 * related glob document related memory. Calling this function should not
1627 * prevent reusing the libr finished using the library or XML document built
1628 * with it.
1629 *
1630 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1631 * Clear (release owned resources) and reinitialize a parser context.
1632 *
1633 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1634 * Reset a parser context
1635 *
1636 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1637 * Free all the memory used by a parser context. However the parsed document
1638 * in ctxt->myDoc is not freed.
1639 *
1640 * void xmlFreeDoc(xmlDocPtr cur)
1641 * Free up all the structures used by a document, tree included.
1642 */