From 45447f0c61f3c468328be78f328e3662beaa69c4 Mon Sep 17 00:00:00 2001 From: Stefan Becker Date: Fri, 30 Oct 2015 22:16:05 +0200 Subject: [PATCH] Fix #293: Mandatory wsa:MessageID node missing [WS-Addressing] states that wsa:MessageID is mandatory for wsa:ReplyTo. Generate a "random" UUID URI from the wsse_security string. Update generateUUIDfromEPID() to handle strings of any length. --- ChangeLog | 3 +++ src/core/sipe-svc.c | 10 ++++++++-- src/core/uuid.c | 20 ++++++++++++++++---- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 650c6f65..975bfc2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +version 1.21.0 "???" (????-??-??) + - Fixed #293: Mandatory wsa:MessageID node missing (Stefan Becker) + version 1.20.1 "Bug Fixes I" (2015-10-24) - add support for another type of ADFS response (Stefan Becker) - improve configure check for back-ported features (Stefan Becker, Jakub Adam) diff --git a/src/core/sipe-svc.c b/src/core/sipe-svc.c index b3a65ef8..2eb028df 100644 --- a/src/core/sipe-svc.c +++ b/src/core/sipe-svc.c @@ -3,7 +3,7 @@ * * pidgin-sipe * - * Copyright (C) 2011-2014 SIPE Project + * Copyright (C) 2011-2015 SIPE Project * * * This program is free software; you can redistribute it and/or modify @@ -244,17 +244,22 @@ static gboolean sipe_svc_wsdl_request(struct sipe_core_private *sipe_private, sipe_svc_callback *callback, gpointer callback_data) { - /* Only generate SOAP header if we have a security token */ + /* Only generate UUID & SOAP header if we have a security token */ + gchar *uuid = wsse_security ? + generateUUIDfromEPID(wsse_security) : + NULL; gchar *soap_header = wsse_security ? g_strdup_printf("" " %s" " " " http://www.w3.org/2005/08/addressing/anonymous" " " + " uuid:%s" " %s" " %s" "", uri, + uuid, soap_action, wsse_security) : g_strdup(""); @@ -282,6 +287,7 @@ static gboolean sipe_svc_wsdl_request(struct sipe_core_private *sipe_private, internal_callback, callback, callback_data); + g_free(uuid); g_free(soap_header); g_free(body); diff --git a/src/core/uuid.c b/src/core/uuid.c index da455d1b..51cd5c70 100644 --- a/src/core/uuid.c +++ b/src/core/uuid.c @@ -1,6 +1,10 @@ /** * @file uuid.c * + * pidgin-sipe + * + * Copyright (C) 2008-2015 SIPE Project + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -25,6 +29,7 @@ #include "sipe-digest.h" #include "uuid.h" +#define UUID_STRING_LENGTH 36 static const char *epid_ns_uuid = "fcacfb03-8a73-46ef-91b1-e5ebeeaba4fe"; /* @@ -99,8 +104,10 @@ static void createUUIDfromHash(uuid_t *uuid, const unsigned char *hash) char *generateUUIDfromEPID(const gchar *epid) { uuid_t result; - char buf[512]; + gchar *buf; guchar digest[SIPE_DIGEST_SHA1_LENGTH]; + uint digest_length = sizeof(uuid_t) + strlen(epid); + uint buf_length = digest_length; readUUID(epid_ns_uuid, &result); @@ -108,10 +115,15 @@ char *generateUUIDfromEPID(const gchar *epid) result.time_mid = GUINT16_FROM_LE(result.time_mid); result.time_hi_and_version = GUINT16_FROM_LE(result.time_hi_and_version); + /* buffer must be able to hold at least the UUID string */ + if (buf_length < UUID_STRING_LENGTH) + buf_length = UUID_STRING_LENGTH; + buf = g_malloc(buf_length + 1); + memcpy(buf, &result, sizeof(uuid_t)); - strcpy(&buf[sizeof(uuid_t)], epid); + strcpy(buf + sizeof(uuid_t), epid); - sipe_digest_sha1((guchar *)buf, strlen(buf), digest); + sipe_digest_sha1((guchar *)buf, digest_length, digest); createUUIDfromHash(&result, digest); result.time_low = GUINT32_TO_LE(result.time_low); @@ -119,7 +131,7 @@ char *generateUUIDfromEPID(const gchar *epid) result.time_hi_and_version = GUINT16_TO_LE(result.time_hi_and_version); printUUID(&result, buf); - return g_strdup(buf); + return(buf); } /** -- 2.11.4.GIT