security: reset READY flag when dropping context
[siplcs.git] / src / core / sipe-svc.c
blobcd45f9306cc65067d9b9a97aac608fbacb8c6f8f
1 /**
2 * @file sipe-svc.c
4 * pidgin-sipe
6 * Copyright (C) 2011-2013 SIPE Project <http://sipe.sourceforge.net/>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * Specification references:
26 * - [MS-SIPAE]: http://msdn.microsoft.com/en-us/library/cc431510.aspx
27 * - [MS-OCAUTHWS]: http://msdn.microsoft.com/en-us/library/ff595592.aspx
28 * - MS Tech-Ed Europe 2010 "UNC310: Microsoft Lync 2010 Technology Explained"
29 * http://ecn.channel9.msdn.com/o9/te/Europe/2010/pptx/unc310.pptx
32 #include <stdlib.h>
33 #include <string.h>
35 #include <glib.h>
37 #include "sipe-common.h"
38 #include "sipe-backend.h"
39 #include "sipe-core.h"
40 #include "sipe-core-private.h"
41 #include "sipe-http.h"
42 #include "sipe-svc.h"
43 #include "sipe-tls.h"
44 #include "sipe-utils.h"
45 #include "sipe-xml.h"
46 #include "uuid.h"
48 /* forward declaration */
49 struct svc_request;
50 typedef void (svc_callback)(struct sipe_core_private *sipe_private,
51 struct svc_request *data,
52 const gchar *raw,
53 sipe_xml *xml);
55 struct svc_request {
56 svc_callback *internal_cb;
57 sipe_svc_callback *cb;
58 gpointer *cb_data;
59 struct sipe_http_request *request;
60 gchar *uri;
63 struct sipe_svc {
64 GSList *pending_requests;
65 gboolean shutting_down;
68 struct sipe_svc_session {
69 struct sipe_http_session *session;
72 static void sipe_svc_request_free(struct sipe_core_private *sipe_private,
73 struct svc_request *data)
75 if (data->request)
76 sipe_http_request_cancel(data->request);
77 if (data->cb)
78 /* Callback: aborted */
79 (*data->cb)(sipe_private, NULL, NULL, NULL, data->cb_data);
80 g_free(data->uri);
81 g_free(data);
84 void sipe_svc_free(struct sipe_core_private *sipe_private)
86 struct sipe_svc *svc = sipe_private->svc;
87 if (!svc)
88 return;
90 /* Web Service stack is shutting down: reject all new requests */
91 svc->shutting_down = TRUE;
93 if (svc->pending_requests) {
94 GSList *entry = svc->pending_requests;
95 while (entry) {
96 sipe_svc_request_free(sipe_private, entry->data);
97 entry = entry->next;
99 g_slist_free(svc->pending_requests);
102 g_free(svc);
103 sipe_private->svc = NULL;
106 static void sipe_svc_init(struct sipe_core_private *sipe_private)
108 if (sipe_private->svc)
109 return;
111 sipe_private->svc = g_new0(struct sipe_svc, 1);
114 struct sipe_svc_session *sipe_svc_session_start(void)
116 struct sipe_svc_session *session = g_new0(struct sipe_svc_session, 1);
117 session->session = sipe_http_session_start();
118 return(session);
121 void sipe_svc_session_close(struct sipe_svc_session *session)
123 if (session) {
124 sipe_http_session_close(session->session);
125 g_free(session);
129 static void sipe_svc_https_response(struct sipe_core_private *sipe_private,
130 guint status,
131 SIPE_UNUSED_PARAMETER GSList *headers,
132 const gchar *body,
133 gpointer callback_data)
135 struct svc_request *data = callback_data;
136 struct sipe_svc *svc = sipe_private->svc;
138 SIPE_DEBUG_INFO("sipe_svc_https_response: code %d", status);
139 data->request = NULL;
141 if ((status == SIPE_HTTP_STATUS_OK) && body) {
142 sipe_xml *xml = sipe_xml_parse(body, strlen(body));
143 /* Internal callback: success */
144 (*data->internal_cb)(sipe_private, data, body, xml);
145 sipe_xml_free(xml);
146 } else {
147 /* Internal callback: failed */
148 (*data->internal_cb)(sipe_private, data, NULL, NULL);
151 /* Internal callback has already called this */
152 data->cb = NULL;
154 svc->pending_requests = g_slist_remove(svc->pending_requests,
155 data);
156 sipe_svc_request_free(sipe_private, data);
160 * Send GET request when @c body is NULL, otherwise send POST request
162 * @param content_type MIME type for body content (ignored when body is @c NULL)
163 * @param soap_action SOAP action header value (ignored when body is @c NULL)
164 * @param body body contents (may be @c NULL)
166 static gboolean sipe_svc_https_request(struct sipe_core_private *sipe_private,
167 struct sipe_svc_session *session,
168 const gchar *uri,
169 const gchar *content_type,
170 const gchar *soap_action,
171 const gchar *body,
172 svc_callback *internal_callback,
173 sipe_svc_callback *callback,
174 gpointer callback_data)
176 struct svc_request *data = g_new0(struct svc_request, 1);
177 struct sipe_http_request *request = NULL;
178 struct sipe_svc *svc;
180 sipe_svc_init(sipe_private);
181 svc = sipe_private->svc;
183 if (svc->shutting_down) {
184 SIPE_DEBUG_ERROR("sipe_svc_https_request: new Web Service request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
185 "URI: %s\n"
186 "Action: %s\n"
187 "Body: %s\n",
188 uri,
189 soap_action ? soap_action : "<NONE>",
190 body ? body : "<EMPTY>");
191 } else {
192 if (body) {
193 gchar *headers = g_strdup_printf("SOAPAction: \"%s\"\r\n",
194 soap_action);
196 request = sipe_http_request_post(sipe_private,
197 uri,
198 headers,
199 body,
200 content_type,
201 sipe_svc_https_response,
202 data);
203 g_free(headers);
205 } else {
206 request = sipe_http_request_get(sipe_private,
207 uri,
208 NULL,
209 sipe_svc_https_response,
210 data);
214 if (request) {
215 data->internal_cb = internal_callback;
216 data->cb = callback;
217 data->cb_data = callback_data;
218 data->request = request;
219 data->uri = g_strdup(uri);
221 svc->pending_requests = g_slist_prepend(svc->pending_requests,
222 data);
224 sipe_http_request_session(request, session->session);
225 sipe_http_request_ready(request);
227 } else {
228 SIPE_DEBUG_ERROR("failed to create HTTP connection to %s", uri);
229 g_free(data);
232 return(request != NULL);
235 static gboolean sipe_svc_wsdl_request(struct sipe_core_private *sipe_private,
236 struct sipe_svc_session *session,
237 const gchar *uri,
238 const gchar *additional_ns,
239 const gchar *soap_action,
240 const gchar *wsse_security,
241 const gchar *soap_body,
242 const gchar *content_type,
243 svc_callback *internal_callback,
244 sipe_svc_callback *callback,
245 gpointer callback_data)
247 /* Only generate SOAP header if we have a security token */
248 gchar *soap_header = wsse_security ?
249 g_strdup_printf("<soap:Header>"
250 " <wsa:To>%s</wsa:To>"
251 " <wsa:ReplyTo>"
252 " <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>"
253 " </wsa:ReplyTo>"
254 " <wsa:Action>%s</wsa:Action>"
255 " <wsse:Security>%s</wsse:Security>"
256 "</soap:Header>",
257 uri,
258 soap_action,
259 wsse_security) :
260 g_strdup("");
261 gchar *body = g_strdup_printf("<?xml version=\"1.0\"?>\r\n"
262 "<soap:Envelope %s"
263 " xmlns:auth=\"http://schemas.xmlsoap.org/ws/2006/12/authorization\""
264 " xmlns:wsa=\"http://www.w3.org/2005/08/addressing\""
265 " xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\""
266 " xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\""
267 " xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\""
268 " >"
269 "%s"
270 " <soap:Body>%s</soap:Body>"
271 "</soap:Envelope>",
272 additional_ns,
273 soap_header,
274 soap_body);
276 gboolean ret = sipe_svc_https_request(sipe_private,
277 session,
278 uri,
279 content_type ? content_type : "text/xml",
280 soap_action,
281 body,
282 internal_callback,
283 callback,
284 callback_data);
285 g_free(soap_header);
286 g_free(body);
288 return(ret);
291 static gboolean new_soap_req(struct sipe_core_private *sipe_private,
292 struct sipe_svc_session *session,
293 const gchar *uri,
294 const gchar *soap_action,
295 const gchar *wsse_security,
296 const gchar *soap_body,
297 svc_callback *internal_callback,
298 sipe_svc_callback *callback,
299 gpointer callback_data)
301 return(sipe_svc_wsdl_request(sipe_private,
302 session,
303 uri,
304 "xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" "
305 "xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" "
306 "xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"",
307 soap_action,
308 wsse_security,
309 soap_body,
310 NULL,
311 internal_callback,
312 callback,
313 callback_data));
316 static void sipe_svc_wsdl_response(struct sipe_core_private *sipe_private,
317 struct svc_request *data,
318 const gchar *raw,
319 sipe_xml *xml)
321 if (xml) {
322 /* Callback: success */
323 (*data->cb)(sipe_private, data->uri, raw, xml, data->cb_data);
324 } else {
325 /* Callback: failed */
326 (*data->cb)(sipe_private, data->uri, NULL, NULL, data->cb_data);
330 gboolean sipe_svc_get_and_publish_cert(struct sipe_core_private *sipe_private,
331 struct sipe_svc_session *session,
332 const gchar *uri,
333 const gchar *wsse_security,
334 const gchar *certreq,
335 sipe_svc_callback *callback,
336 gpointer callback_data)
338 struct sipe_tls_random id;
339 gchar *id_base64;
340 gchar *id_uuid;
341 gchar *uuid = get_uuid(sipe_private);
342 gchar *soap_body;
343 gboolean ret;
345 /* random request ID */
346 sipe_tls_fill_random(&id, 256);
347 id_base64 = g_base64_encode(id.buffer, id.length);
348 sipe_tls_free_random(&id);
349 id_uuid = generateUUIDfromEPID(id_base64);
350 g_free(id_base64);
352 soap_body = g_strdup_printf("<GetAndPublishCert"
353 " xmlns=\"http://schemas.microsoft.com/OCS/AuthWebServices/\""
354 " xmlns:wst=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512/\""
355 " xmlns:wstep=\"http://schemas.microsoft.com/windows/pki/2009/01/enrollment\""
356 " DeviceId=\"{%s}\""
357 " Entity=\"%s\""
359 " <wst:RequestSecurityToken>"
360 " <wst:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wst:TokenType>"
361 " <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>"
362 " <wsse:BinarySecurityToken"
363 " ValueType=\"http://schemas.microsoft.com/OCS/AuthWebServices.xsd#PKCS10\""
364 " EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#Base64Binary\""
365 " >\r\n%s</wsse:BinarySecurityToken>"
366 " <wstep:RequestID>%s</wstep:RequestID>"
367 " </wst:RequestSecurityToken>"
368 "</GetAndPublishCert>",
369 uuid,
370 sipe_private->username,
371 certreq,
372 id_uuid);
373 g_free(id_uuid);
374 g_free(uuid);
376 ret = new_soap_req(sipe_private,
377 session,
378 uri,
379 "http://schemas.microsoft.com/OCS/AuthWebServices/GetAndPublishCert",
380 wsse_security,
381 soap_body,
382 sipe_svc_wsdl_response,
383 callback,
384 callback_data);
385 g_free(soap_body);
387 return(ret);
390 gboolean sipe_svc_ab_entry_request(struct sipe_core_private *sipe_private,
391 struct sipe_svc_session *session,
392 const gchar *uri,
393 const gchar *wsse_security,
394 const gchar *search,
395 guint entries,
396 guint max_returns,
397 sipe_svc_callback *callback,
398 gpointer callback_data)
400 gboolean ret;
401 gchar *soap_body = g_strdup_printf("<SearchAbEntry"
402 " xmlns=\"DistributionListExpander\""
403 " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
404 " xmlns:soapenc=\"http://schemas.xmlsoap.org/soap/encoding/\""
406 " <AbEntryRequest>"
407 " <ChangeSearch xmlns:q1=\"DistributionListExpander\" soapenc:arrayType=\"q1:AbEntryRequest.ChangeSearchQuery[%d]\">"
408 " %s"
409 " </ChangeSearch>"
410 " <Metadata>"
411 " <FromDialPad>false</FromDialPad>"
412 " <MaxResultNum>%d</MaxResultNum>"
413 " <ReturnList>displayName,msRTCSIP-PrimaryUserAddress,title,telephoneNumber,homePhone,mobile,otherTelephone,mail,company,country,photoRelPath,photoSize,photoHash</ReturnList>"
414 " </Metadata>"
415 " </AbEntryRequest>"
416 "</SearchAbEntry>",
417 entries,
418 search,
419 max_returns);
421 ret = new_soap_req(sipe_private,
422 session,
423 uri,
424 "DistributionListExpander/IAddressBook/SearchAbEntry",
425 wsse_security,
426 soap_body,
427 sipe_svc_wsdl_response,
428 callback,
429 callback_data);
430 g_free(soap_body);
432 return(ret);
435 /* Requests to login.microsoftonline.com & ADFS */
436 static gboolean request_passport(struct sipe_core_private *sipe_private,
437 struct sipe_svc_session *session,
438 const gchar *service_uri,
439 const gchar *auth_uri,
440 const gchar *wsse_security,
441 const gchar *content_type,
442 const gchar *request_extension,
443 sipe_svc_callback *callback,
444 gpointer callback_data)
446 gchar *soap_body = g_strdup_printf("<wst:RequestSecurityToken>"
447 " <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>"
448 " <wsp:AppliesTo>"
449 " <wsa:EndpointReference>"
450 " <wsa:Address>%s</wsa:Address>"
451 " </wsa:EndpointReference>"
452 " </wsp:AppliesTo>"
453 " %s"
454 "</wst:RequestSecurityToken>",
455 service_uri,
456 request_extension ? request_extension : "");
458 gboolean ret = sipe_svc_wsdl_request(sipe_private,
459 session,
460 auth_uri,
461 "xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\" "
462 "xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"",
463 "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue",
464 wsse_security,
465 soap_body,
466 content_type,
467 sipe_svc_wsdl_response,
468 callback,
469 callback_data);
470 g_free(soap_body);
472 return(ret);
475 static gboolean request_user_password(struct sipe_core_private *sipe_private,
476 struct sipe_svc_session *session,
477 const gchar *service_uri,
478 const gchar *auth_uri,
479 const gchar *authuser,
480 const gchar *content_type,
481 const gchar *request_extension,
482 sipe_svc_callback *callback,
483 gpointer callback_data)
485 /* Only cleartext passwords seem to be accepted... */
486 gchar *wsse_security = g_markup_printf_escaped("<wsse:UsernameToken>"
487 " <wsse:Username>%s</wsse:Username>"
488 " <wsse:Password>%s</wsse:Password>"
489 "</wsse:UsernameToken>",
490 authuser,
491 sipe_private->password ? sipe_private->password : "");
493 gboolean ret = request_passport(sipe_private,
494 session,
495 service_uri,
496 auth_uri,
497 wsse_security,
498 content_type,
499 request_extension,
500 callback,
501 callback_data);
502 g_free(wsse_security);
504 return(ret);
507 gboolean sipe_svc_webticket_adfs(struct sipe_core_private *sipe_private,
508 struct sipe_svc_session *session,
509 const gchar *adfs_uri,
510 sipe_svc_callback *callback,
511 gpointer callback_data)
513 return(request_user_password(sipe_private,
514 session,
515 "urn:federation:MicrosoftOnline",
516 adfs_uri,
517 sipe_private->username,
518 /* ADFS is special, *sigh* */
519 "application/soap+xml; charset=utf-8",
520 "<wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType>",
521 callback,
522 callback_data));
525 #define LMC_URI "https://login.microsoftonline.com:443/RST2.srf"
527 gboolean sipe_svc_webticket_lmc(struct sipe_core_private *sipe_private,
528 struct sipe_svc_session *session,
529 const gchar *service_uri,
530 sipe_svc_callback *callback,
531 gpointer callback_data)
533 return(request_user_password(sipe_private,
534 session,
535 service_uri,
536 LMC_URI,
537 sipe_private->authuser ? sipe_private->authuser : sipe_private->username,
538 NULL,
539 NULL,
540 callback,
541 callback_data));
544 gboolean sipe_svc_webticket_lmc_federated(struct sipe_core_private *sipe_private,
545 struct sipe_svc_session *session,
546 const gchar *wsse_security,
547 const gchar *service_uri,
548 sipe_svc_callback *callback,
549 gpointer callback_data)
551 return(request_passport(sipe_private,
552 session,
553 service_uri,
554 LMC_URI,
555 wsse_security,
556 NULL,
557 NULL,
558 callback,
559 callback_data));
562 gboolean sipe_svc_webticket(struct sipe_core_private *sipe_private,
563 struct sipe_svc_session *session,
564 const gchar *uri,
565 const gchar *wsse_security,
566 const gchar *service_uri,
567 const struct sipe_tls_random *entropy,
568 sipe_svc_callback *callback,
569 gpointer callback_data)
571 gchar *uuid = get_uuid(sipe_private);
572 gchar *secret = g_base64_encode(entropy->buffer, entropy->length);
573 gchar *soap_body = g_strdup_printf("<wst:RequestSecurityToken Context=\"%s\">"
574 " <wst:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst:TokenType>"
575 " <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>"
576 " <wsp:AppliesTo>"
577 " <wsa:EndpointReference>"
578 " <wsa:Address>%s</wsa:Address>"
579 " </wsa:EndpointReference>"
580 " </wsp:AppliesTo>"
581 " <wst:Claims Dialect=\"urn:component:Microsoft.Rtc.WebAuthentication.2010:authclaims\">"
582 " <auth:ClaimType Uri=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri\" Optional=\"false\">"
583 " <auth:Value>sip:%s</auth:Value>"
584 " </auth:ClaimType>"
585 " </wst:Claims>"
586 " <wst:Entropy>"
587 " <wst:BinarySecret>%s</wst:BinarySecret>"
588 " </wst:Entropy>"
589 " <wst:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</wst:KeyType>"
590 "</wst:RequestSecurityToken>",
591 uuid,
592 service_uri,
593 sipe_private->username,
594 secret);
596 gboolean ret = new_soap_req(sipe_private,
597 session,
598 uri,
599 "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue",
600 wsse_security,
601 soap_body,
602 sipe_svc_wsdl_response,
603 callback,
604 callback_data);
605 g_free(soap_body);
606 g_free(secret);
607 g_free(uuid);
609 return(ret);
612 static void sipe_svc_metadata_response(struct sipe_core_private *sipe_private,
613 struct svc_request *data,
614 const gchar *raw,
615 sipe_xml *xml)
617 if (xml) {
618 /* Callback: success */
619 (*data->cb)(sipe_private, data->uri, raw, xml, data->cb_data);
620 } else {
621 /* Callback: failed */
622 (*data->cb)(sipe_private, data->uri, NULL, NULL, data->cb_data);
626 gboolean sipe_svc_realminfo(struct sipe_core_private *sipe_private,
627 struct sipe_svc_session *session,
628 sipe_svc_callback *callback,
629 gpointer callback_data)
631 gchar *realminfo_uri = g_strdup_printf("https://login.microsoftonline.com/getuserrealm.srf?login=%s&xml=1",
632 sipe_private->username);
633 gboolean ret = sipe_svc_https_request(sipe_private,
634 session,
635 realminfo_uri,
636 NULL,
637 NULL,
638 NULL,
639 sipe_svc_metadata_response,
640 callback,
641 callback_data);
642 g_free(realminfo_uri);
643 return(ret);
646 gboolean sipe_svc_metadata(struct sipe_core_private *sipe_private,
647 struct sipe_svc_session *session,
648 const gchar *uri,
649 sipe_svc_callback *callback,
650 gpointer callback_data)
652 gchar *mex_uri = g_strdup_printf("%s/mex", uri);
653 gboolean ret = sipe_svc_https_request(sipe_private,
654 session,
655 mex_uri,
656 NULL,
657 NULL,
658 NULL,
659 sipe_svc_metadata_response,
660 callback,
661 callback_data);
662 g_free(mex_uri);
663 return(ret);
667 Local Variables:
668 mode: c
669 c-file-style: "bsd"
670 indent-tabs-mode: t
671 tab-width: 8
672 End: