| blob | f485f4f3c00d8537f003f972dab8e068e2bdf433 |
4 #include <stdlib.h>
5 #include <string.h>
9 /* Private structure for write_body() call back */
13 };
15 /* Private structure for write_header() call back */
18 response, values become obsolete. */
25 };
28 /* Deallocate content of struct auth_headers */
35 }
38 /* If given @line is HTTP header of @name,
39 * return pointer to the header value. Otherwise return NULL.
40 * @name is header name without name---value separator, terminated with 0. */
49 }
51 /* Check separator. RFC2616, section 4.2 requires collon only. */
55 }
58 /* Try to decode header value per RFC 2047.
59 * @prepend_space is true if a space should be inserted before decoded word
60 * into @output in case the word has been decoded successfully.
61 * @input is zero terminated input, it's updated to point all consumed
62 * input - 1.
63 * @output is buffer to store decoded value, it's updated to point after last
64 * written character. The buffer must be preallocated.
65 * @return 0 if input has been successfully decoded, then @input and @output
66 * poineres will be updated. Otherwise return non-zero value and keeps
67 * argument pointers and memory unchanged. */
74 /* ISDS prescribes B encoding only, but RFC 2047 requires to support Q
75 * encoding too. ISDS prescribes UTF-8 charset only, RFC requiers to
76 * support any MIME charset. */
80 /* Start is "=?" */
85 /* Then is "CHARSET?" */
92 encoded++;
93 }
94 encoded++;
96 /* Then is "ENCODING?", where ENCODING is /[BbQq]/ */
101 encoded++;
103 /* Then is "ENCODED_TEXT?=" */
109 encoded++;
110 }
114 /* Now pointers are:
115 * "=?CHARSET?E?ENCODED_TEXT?="
116 * | | | ||
117 * | | | |\- encoded
118 * | | | \- end
119 * | | \- encoding
120 * | \- charset_start
121 * \- *input
122 */
131 /* Decode encoding */
137 /* Decode Base-64 */
143 }
151 }
153 /* Decode Quoted-printable-like */
158 }
164 /* Validate "=HH", where H is hexadecimal digit */
169 }
170 /* Convert =HH */
175 }
181 }
185 }
186 bit_length++;
187 }
189 /* Unknown encoding */
192 }
194 /* Convert to UTF-8 */
203 }
205 /* Copy UTF-8 stream to output buffer */
209 }
216 }
219 /* Decode HTTP header value per RFC 2047.
220 * @encoded_value is encoded HTTP header value terminated with NUL. It can
221 * contain HTTP LWS separators that will be replaced with a space.
222 * @return newly allocated decoded value without EOL, or return NULL. */
231 /* A character can occupy up to 6 bytes in UTF-8 */
234 /* ENOMEM */
236 }
238 /* Decode */
239 /* RFC 2616, section 4.2: Remove surrounding LWS, replace inner ones with
240 * a space. */
241 /* RFC 2047, section 6.2: LWS between adjacent encoded words is ignored.
242 * */
248 }
259 }
262 }
266 }
269 /* Return true, if server requests OTP authorization method that client
270 * requested. Otherwise return false.
271 * @client_method is method client requested
272 * @server_method is value of WWW-Authenticate header */
273 /*static _Bool otp_method_matches(const isds_otp_method client_method,
274 const char *server_method) {
275 char *method_name = NULL;
277 switch (client_method) {
278 case OTP_HMAC: method_name = "hotp"; break;
279 case OTP_TIME: method_name = "totp"; break;
280 default: return 0;
281 }
283 if (!strncmp(server_method, method_name, 4) && (
284 server_method[4] == '\0' || server_method[4] == ' ' ||
285 server_method[4] == '\t'))
286 return 1;
287 return 0;
288 }*/
291 /* Convert UTF-8 @string to HTTP OTP resolution enum type.
292 * @Return corresponding value or OTP_RESOLUTION_UNKNOWN if @string is not
293 * defined or unknown value. */
311 else
313 }
316 /* Close connection to server and destroy CURL handle associated
317 * with @context */
329 }
330 }
333 /* Remove username and password from context CURL handle. */
345 #else
354 else
358 }
361 /* CURL call back function called when chunk of HTTP response body is available.
362 * @buffer points to new data
363 * @size * @nmemb is length of the chunk in bytes. Zero means empty body.
364 * @userp is private structure.
365 * Must return the length of the chunk, otherwise CURL will signal
366 * CURL_WRITE_ERROR. */
371 /* FIXME: Check for (size * nmemb + body->lengt) !> SIZE_T_MAX.
372 * Precompute the product then. */
386 }
389 /* CURL call back function called when a HTTP response header is available.
390 * This is called for each header even if reply consists of more responses.
391 * @buffer points to new header (no zero terminator, but HTTP EOL is included)
392 * @size * @nmemb is length of the header in bytes
393 * @userp is private structure.
394 * Must return the length of the header, otherwise CURL will signal
395 * CURL_WRITE_ERROR. */
401 /* FIXME: Check for (size * nmemb) !> SIZE_T_MAX.
402 * Precompute the product then. */
407 /* ??? Is this the empty line delimiter? */
409 }
411 /* New response, invalide authentication headers. */
412 /* XXX: Chunked encoding trailer is not supported */
415 /* Append continuation to multi-line header */
421 /* ENOMEM */
423 }
428 /* Invalid continuation without starting header will be skipped. */
431 "been encountered. Skipping invalid HTTP response "
433 }
435 }
437 /* Decode last header */
442 /* TODO: Set IE_NOMEM to context */
444 }
446 }
452 /* TODO: Set IE_NOMEM to context */
454 }
456 }
462 /* TODO: Set IE_NOMEM to context */
464 }
466 }
468 store:
469 /* Last header decoded, free it */
473 /* Current line is header---body separator */
477 /* Current line is new header, store it */
480 /* TODO: Set IE_NOMEM to context */
482 }
485 }
487 leave:
489 }
492 /* CURL progress callback proxy to rearrange arguments.
493 * @curl_data is session context */
497 curl_off_t upload_total, curl_off_t upload_current
498 #else
502 ) {
514 }
515 }
518 }
521 /* CURL call back function called when curl has something to log.
522 * @curl is cURL context
523 * @type is cURL log facility
524 * @buffer points to log data, XXX: not zero-terminated
525 * @size is length of log data
526 * @userp is private structure.
527 * Must return 0. */
530 /* Silent warning about usused arguments.
531 * This prototype is cURL's debug_callback type. */
540 }
543 /* Do HTTP request.
544 * @context holds the base URL,
545 * @url is a (CGI) file of SOAP URL,
546 * @use_get is a false to do a POST request, true to do a GET request.
547 * @request is body for POST request
548 * @request_length is length of @request in bytes
549 * @reponse is automatically reallocated() buffer to fit HTTP response with
550 * @response_length (does not need to match allocated memory exactly). You must
551 * free() the @response.
552 * @mime_type is automatically allocated MIME type send by server (*NULL if not
553 * sent). Set NULL if you don't care.
554 * @charset is charset of the body signaled by server. The same constrains
555 * like on @mime_type apply.
556 * @http_code is final HTTP code returned by server. This can be 200, 401, 500
557 * or any other one. Pass NULL if you don't interest.
558 * In case of error, the response memory, MIME type, charset and length will be
559 * deallocated and zeroed automatically. Thus be sure they are preallocated or
560 * they points to NULL.
561 * @response_otp_headers is pre-allocated structure for OTP authentication
562 * headers sent by server. Members must be valid pointers or NULLs.
563 * Pass NULL if you don't interest.
564 * Be ware that successful return value does not mean the HTTP request has
565 * been accepted by the server. You must consult @http_code. OTOH, failure
566 * return value means the request could not been sent (e.g. SSL error).
567 * Side effect: message buffer */
575 CURLcode curl_err;
587 /* Clean authentication headers */
589 /* Set the body here to allow deallocation in leave block */
593 /* Set Request-URI */
596 /* Set TLS options */
607 }
608 }
615 }
622 }
630 #else
634 "Make sure cryptographic library default setting "
638 }
641 if ((NULL == context->mep_credentials) || (NULL == context->mep_credentials->intermediate_uri)) {
642 /* Don't set credentials in intermediate mobile key login state. */
643 /* Set credentials */
648 }
652 }
653 #else
661 }
664 }
666 }
668 /* Set PKI credentials */
671 /* Select SSL engine */
678 }
681 /* Select certificate format */
684 PKI_FORMAT_ENG) {
685 /* XXX: It's valid to have certificate in engine without name.
686 * Engines can select certificate according private key and
687 * vice versa. */
693 else
708 }
709 #else
711 PKI_FORMAT_ENG ||
716 "understands your certificate file by default, "
719 }
722 /* Select certificate */
726 }
729 /* Select key format */
736 else
751 }
754 /* Select key */
759 /* Pass key pass-phrase */
762 CURLOPT_KEYPASSWD,
766 CURLOPT_SSLKEYPASSWD,
770 CURLOPT_SSLCERTPASSWD,
772 #endif
773 }
774 }
775 }
777 /* Set authorization cookie for OTP session */
783 }
785 /* Set timeout */
788 }
793 #else
797 }
799 /* Register callback */
803 }
808 #else
812 }
815 context);
816 }
817 }
819 /* Set other CURL features */
822 }
824 /* Set get-response function */
827 write_body);
828 }
831 }
833 /* Set get-response-headers function if needed.
834 * XXX: Both CURLOPT_HEADERFUNCTION and CURLOPT_WRITEHEADER must be set or
835 * unset at the same time (see curl_easy_setopt(3)) ASAP, otherwise old
836 * invalid CURLOPT_WRITEHEADER value could be derefenced. */
840 }
843 response_otp_headers);
844 }
846 /* Set MIME types and headers requires by SOAP 1.1.
847 * SOAP 1.1 requires text/xml, SOAP 1.2 requires application/soap+xml.
848 * But suppress sending the headers to proxies first if supported. */
852 CURLHEADER_SEPARATE);
853 }
861 }
866 }
871 }
873 }
875 /* Set user agent identification */
878 }
881 /* Set GET request */
884 }
886 /* Set POST request body */
889 }
892 }
895 request_length);
896 }
897 }
899 {
900 /* Debug cURL if requested */
901 _Bool debug_curl =
906 }
910 }
911 }
913 /* Check for errors so far */
918 }
928 }
930 }
933 /* Do the request */
941 /* TODO: Use curl_easy_setopt(CURLOPT_ERRORBUFFER) to obtain detailed
942 * error message. */
943 /* TODO: CURL is not internationalized yet. Collect CURL messages for
944 * I18N. */
961 curl_err == CURLE_SSL_ISSUER_ERROR
962 )
964 else
967 }
976 }
980 /* Extract MIME type and charset */
994 }
997 }
1011 }
1012 }
1013 }
1014 }
1015 }
1017 /* Get HTTP response code */
1024 }
1025 }
1027 /* Store OTP authentication results */
1035 /* XXX: Don't make unknown code fatal. Missing code can be success if
1036 * HTTP code is 302. This is checked in _isds_soap(). */
1042 /* _isds_utf82locale() return NULL on inconverable string. Do not
1043 * panic on it.
1044 * TODO: Escape such characters.
1045 * if (message_locale == NULL) {
1046 err = IE_NOMEM;
1047 goto leave;
1048 }*/
1051 message_locale);
1053 }
1061 }
1065 next_url);
1071 }
1072 }
1073 }
1074 leave:
1085 }
1089 }
1092 }
1098 }
1100 /* Converts numeric server response when periodically checking for MEP
1101 * authentication status.
1102 * @str String containing the numeric server response value
1103 * @len String length
1104 * @return server response code or MEP_RESOLUTION_UNKNOWN if the code was not
1105 * recognised. */
1111 }
1112 /* Ensure trailing '\0' character. */
1116 }
1124 }
1141 }
1146 }
1149 /* Build SOAP request.
1150 * @context needed for error logging,
1151 * @request is XML node set with SOAP request body,
1152 * @http_request_ptr the address of a pointer to an automatically allocated
1153 * buffer to which the request data are written.
1154 */
1167 }
1170 }
1173 /* Build SOAP request envelope */
1179 }
1185 }
1187 /* Only this way we get namespace definition as @xmlns:soap,
1188 * otherwise we get namespace prefix without definition */
1194 }
1203 }
1206 /* Append request XML node set to SOAP body if request is not empty */
1207 /* XXX: Copy of request must be used, otherwise xmlFreeDoc(request_soap_doc)
1208 * would destroy this outer structure. */
1216 }
1224 }
1225 }
1228 /* Serialize the SOAP request into HTTP request body */
1235 }
1236 /* Last argument 1 means format the XML tree. This is pretty but it breaks
1237 * XML document transport as it adds text nodes (indentation) between
1238 * elements. */
1245 }
1246 /* XXX: According LibXML documentation, this function does not return
1247 * meaningful value yet */
1254 }
1256 leave:
1259 /* Pass buffer to caller when successfully written. */
1263 }
1266 }
1268 /* Process SOAP response.
1269 * @context needed for error logging,
1270 * @response is a pointer to a buffer where response data are held,
1271 * @response_length is the size of the response,
1272 * @response_document is an automatically allocated XML document whose sub-tree
1273 * identified by @response_node_list holds the SOAP response body content. You
1274 * must xmlFreeDoc() it. If you don't care pass NULL and also
1275 * NULL @response_node_list.
1276 * @response_node_list is a pointer to node set with SOAP response body
1277 * content. The returned pointer points into @response_document to the first
1278 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1279 * don't care.
1280 */
1281 static
1295 }
1299 }
1301 /* TODO: Convert returned body into XML default encoding */
1303 /* Parse the HTTP body as XML */
1308 }
1314 }
1320 }
1326 }
1328 /* Check for SOAP version */
1334 }
1340 }
1342 /* Check for SOAP Headers */
1344 BAD_CAST "/soap:Envelope/soap:Header/"
1349 }
1353 /* TODO: log the headers
1354 * xmlChar *fragment = NULL;
1355 * fragment = xmlXPathCastNodeSetToSting(response_soap_headers->nodesetval);*/
1358 }
1360 /* Get SOAP Body */
1366 }
1372 }
1378 }
1380 /* Check for SOAP Fault */
1386 }
1388 /* Server signals Fault. Gather error message and croak. */
1389 /* XXX: Only first message is passed */
1393 /* XXX: faultstring and faultcode are in no name space according
1394 * ISDS specification */
1395 /* First more verbose faultstring */
1403 }
1404 /* If not available, try shorter faultcode */
1416 }
1417 }
1419 /* Croak */
1422 message_locale);
1425 }
1432 }
1435 /* Extract XML tree with ISDS response from SOAP envelope and return it.
1436 * XXX: response_soap_body lists only one Body element here. We need
1437 * children which may not exist (i.e. empty Body) or being more than one
1438 * (this is not the case of ISDS payload, but let's support generic SOAP).
1439 * XXX: We will return the XML document and children as a node list for
1440 * two reasons:
1441 * (1) We won't to do expensive xmlDocCopyNodeList(),
1442 * (2) Any node is unusable after calling xmlFreeDoc() on it's document
1443 * because the document holds a dictionary with identifiers. Caller always
1444 * can do xmlDocCopyNodeList() on a fresh document later. */
1450 }
1452 leave:
1459 }
1461 /* Do SOAP request.
1462 * @context holds the base URL,
1463 * @file is a (CGI) file of SOAP URL,
1464 * @request is XML node set with SOAP request body.
1465 * @file must be NULL, @request should be NULL rather than empty, if they should
1466 * not be signaled in the SOAP request.
1467 * @response_document is an automatically allocated XML document whose subtree
1468 * identified by @response_node_list holds the SOAP response body content. You
1469 * must xmlFreeDoc() it. If you don't care pass NULL and also
1470 * NULL @response_node_list.
1471 * @response_node_list is a pointer to node set with SOAP response body
1472 * content. The returned pointer points into @response_document to the first
1473 * child of SOAP Body element. Pass NULL and NULL @response_document, if you
1474 * don't care.
1475 * @raw_response is automatically allocated bit stream with response body. Use
1476 * NULL if you don't care
1477 * @raw_response_length is size of @raw_response in bytes
1478 * In case of error the response will be deallocated automatically.
1479 * Side effect: message buffer */
1511 }
1516 }
1517 redirect:
1520 }
1525 if ((NULL != context->mep_credentials) && (NULL != context->mep_credentials->intermediate_uri)) {
1526 /* POST does not work for the intermediate URI, using GET here. */
1530 ((context->otp_credentials == NULL) && (context->mep_credentials == NULL)) ? NULL: &response_otp_headers);
1535 ((context->otp_credentials == NULL) && (context->mep_credentials == NULL)) ? NULL: &response_otp_headers);
1536 }
1538 /* TODO: HTTP binding for SOAP prescribes non-200 HTTP return codes
1539 * to be processed too. */
1543 }
1548 /* Check for HTTP return code */
1550 http_code);
1552 /* XXX: We must see which code is used for not permitted ISDS
1553 * operation like downloading message without proper user
1554 * permissions. In that case we should keep connection opened. */
1558 OTP_RESOLUTION_UNKNOWN)
1560 OTP_RESOLUTION_SUCCESS;
1562 /* The server returns just a numerical value in the body, nothing else. */
1567 /* Waiting for the user to acknowledge the login request
1568 * in the mobile application. This may take a while.
1569 * Return with partial success. Don't close communication
1570 * context. */
1575 /* Immediately redirect to login finalisation. */
1583 /* No SOAP data are returned here just plain response code. */
1586 }
1587 }
1592 OTP_RESOLUTION_UNKNOWN)
1594 OTP_RESOLUTION_SUCCESS;
1599 url);
1602 /* XXX: If OTP code is known, this must be second OTP phase, so
1603 * send final POST request and unset Basic authentication
1604 * from cURL context as cookie is used instead. */
1614 }
1617 /* XXX: Otherwise bail out to ask application for OTP code. */
1619 }
1625 /* This is the first attempt. */
1629 url);
1634 }
1636 /* MEP login succeeded. No SOAP data received even though
1637 * they were requested. */
1641 }
1648 url);
1650 }
1662 }
1665 presents. */
1677 /* 500 should return standard SOAP message */
1678 }
1680 /* Check for Content-Type: text/xml.
1681 * Do it after HTTP code check because 401 Unauthorized returns HTML web
1682 * page for browsers. */
1689 mime_type_locale);
1693 }
1700 }
1703 /* Save raw response */
1707 }
1710 }
1712 leave:
1721 }
1724 /* Build new URL from current @context and template.
1725 * @context is context carrying an URL
1726 * @template is printf(3) format string. First argument is length of the base
1727 * URL found in @context, second argument is the base URL, third argument is
1728 * again the base URL.
1729 * XXX: We cannot use "$" formatting character because it's not in the ISO C99.
1730 * @new_url is newly allocated URL built from @template. Caller must free it.
1731 * Return IE_SUCCESS, or corresponding error code and @new_url will not be
1732 * allocated.
1733 * */
1743 /* Find length of base URL from context URL */
1746 "from context URL because there was no URL set in the "
1749 }
1753 }
1758 }
1759 length++;
1761 /* Build new URL */
1767 }
1770 /* Invalidate session cookie for otp authenticated @context */
1772 isds_error err;
1781 /* Build logout URL */
1782 /*"https://DOMAINNAME/as/processLogout?uri=https://DOMAINNAME/apps/DS/WEB_SERVICE_ENDPOINT"*/
1787 /* Invalidate the cookie by GET request */
1793 NULL);
1797 /* long message set by http() */
1799 /* TODO: Specification does not define response for this request.
1800 * Especially it does not state whether direct 200 or 302 redirect is
1801 * sent. We need to check real implementation. */
1810 }
1812 }
1815 /* LibXML functions:
1816 *
1817 * void xmlInitParser(void)
1818 * Initialization function for the XML parser. This is not reentrant. Call
1819 * once before processing in case of use in multithreaded programs.
1820 *
1821 * int xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
1822 * Initialize a parser context
1823 *
1824 * xmlDocPtr xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur,
1825 * const * char URL, const char * encoding, int options);
1826 * Parse in-memory NULL-terminated document @cur.
1827 *
1828 * xmlDocPtr xmlParseMemory(const char * buffer, int size)
1829 * Parse an XML in-memory block and build a tree.
1830 *
1831 * xmlParserCtxtPtr xmlCreateMemoryParserCtxt(const char * buffer, int
1832 * size);
1833 * Create a parser context for an XML in-memory document.
1834 *
1835 * xmlParserCtxtPtr xmlCreateDocParserCtxt(const xmlChar * cur)
1836 * Creates a parser context for an XML in-memory document.
1837 *
1838 * xmlDocPtr xmlCtxtReadMemory(xmlParserCtxtPtr ctxt,
1839 * const char * buffer, int size, const char * URL, const char * encoding,
1840 * int options)
1841 * Parse an XML in-memory document and build a tree. This reuses the existing
1842 * @ctxt parser context.
1844 * void xmlCleanupParser(void)
1845 * Cleanup function for the XML library. It tries to reclaim all parsing
1846 * related glob document related memory. Calling this function should not
1847 * prevent reusing the libr finished using the library or XML document built
1848 * with it.
1849 *
1850 * void xmlClearParserCtxt(xmlParserCtxtPtr ctxt)
1851 * Clear (release owned resources) and reinitialize a parser context.
1852 *
1853 * void xmlCtxtReset(xmlParserCtxtPtr ctxt)
1854 * Reset a parser context
1855 *
1856 * void xmlFreeParserCtxt(xmlParserCtxtPtr ctxt)
1857 * Free all the memory used by a parser context. However the parsed document
1858 * in ctxt->myDoc is not freed.
1859 *
1860 * void xmlFreeDoc(xmlDocPtr cur)
1861 * Free up all the structures used by a document, tree included.
1862 */