1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Brad Lafountain <rodif_bl@yahoo.com> |
14 | Shane Caraveo <shane@caraveo.com> |
15 | Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php_soap.h"
20 #include "ext/standard/base64.h"
21 #include "ext/standard/md5.h"
22 #include "ext/random/php_random.h"
23 #include "ext/hash/php_hash.h"
24
25 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
26 static char *get_http_header_value(char *headers, char *type);
27 static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
28 static zend_string *get_http_headers(php_stream *socketd);
29
30 #define smart_str_append_const(str, const) \
31 smart_str_appendl(str,const,sizeof(const)-1)
32
33 /* Proxy HTTP Authentication */
proxy_authentication(zval * this_ptr,smart_str * soap_headers)34 int proxy_authentication(zval* this_ptr, smart_str* soap_headers)
35 {
36 zval *login = Z_CLIENT_PROXY_LOGIN_P(this_ptr);
37 if (Z_TYPE_P(login) == IS_STRING) {
38 smart_str auth = {0};
39 smart_str_append(&auth, Z_STR_P(login));
40 smart_str_appendc(&auth, ':');
41
42 zval *password = Z_CLIENT_PROXY_PASSWORD_P(this_ptr);
43 if (Z_TYPE_P(password) == IS_STRING) {
44 smart_str_append(&auth, Z_STR_P(password));
45 }
46 smart_str_0(&auth);
47 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
48 smart_str_append_const(soap_headers, "Proxy-Authorization: Basic ");
49 smart_str_append(soap_headers, buf);
50 smart_str_append_const(soap_headers, "\r\n");
51 zend_string_release_ex(buf, 0);
52 smart_str_free(&auth);
53 return 1;
54 }
55 return 0;
56 }
57
58 /* HTTP Authentication */
basic_authentication(zval * this_ptr,smart_str * soap_headers)59 int basic_authentication(zval* this_ptr, smart_str* soap_headers)
60 {
61 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
62 zval *use_digest = Z_CLIENT_USE_DIGEST_P(this_ptr);
63 if (Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(use_digest) != IS_TRUE) {
64 smart_str auth = {0};
65 smart_str_append(&auth, Z_STR_P(login));
66 smart_str_appendc(&auth, ':');
67
68 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
69 if (Z_TYPE_P(password) == IS_STRING) {
70 smart_str_append(&auth, Z_STR_P(password));
71 }
72 smart_str_0(&auth);
73 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
74 smart_str_append_const(soap_headers, "Authorization: Basic ");
75 smart_str_append(soap_headers, buf);
76 smart_str_append_const(soap_headers, "\r\n");
77 zend_string_release_ex(buf, 0);
78 smart_str_free(&auth);
79 return 1;
80 }
81 return 0;
82 }
83
http_context_add_header(const char * s,bool has_authorization,bool has_proxy_authorization,bool has_cookies,smart_str * soap_headers)84 static void http_context_add_header(const char *s,
85 bool has_authorization,
86 bool has_proxy_authorization,
87 bool has_cookies,
88 smart_str *soap_headers)
89 {
90 const char *p;
91 int name_len;
92
93 while (*s) {
94 /* skip leading newlines and spaces */
95 while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n') {
96 s++;
97 }
98 /* extract header name */
99 p = s;
100 name_len = -1;
101 while (*p) {
102 if (*p == ':') {
103 if (name_len < 0) name_len = p - s;
104 break;
105 } else if (*p == ' ' || *p == '\t') {
106 if (name_len < 0) name_len = p - s;
107 } else if (*p == '\r' || *p == '\n') {
108 break;
109 }
110 p++;
111 }
112 if (*p == ':') {
113 /* extract header value */
114 while (*p && *p != '\r' && *p != '\n') {
115 p++;
116 }
117 /* skip some predefined headers */
118 if ((name_len != sizeof("host")-1 ||
119 strncasecmp(s, "host", sizeof("host")-1) != 0) &&
120 (name_len != sizeof("connection")-1 ||
121 strncasecmp(s, "connection", sizeof("connection")-1) != 0) &&
122 (name_len != sizeof("user-agent")-1 ||
123 strncasecmp(s, "user-agent", sizeof("user-agent")-1) != 0) &&
124 (name_len != sizeof("content-length")-1 ||
125 strncasecmp(s, "content-length", sizeof("content-length")-1) != 0) &&
126 (name_len != sizeof("content-type")-1 ||
127 strncasecmp(s, "content-type", sizeof("content-type")-1) != 0) &&
128 (!has_cookies ||
129 name_len != sizeof("cookie")-1 ||
130 strncasecmp(s, "cookie", sizeof("cookie")-1) != 0) &&
131 (!has_authorization ||
132 name_len != sizeof("authorization")-1 ||
133 strncasecmp(s, "authorization", sizeof("authorization")-1) != 0) &&
134 (!has_proxy_authorization ||
135 name_len != sizeof("proxy-authorization")-1 ||
136 strncasecmp(s, "proxy-authorization", sizeof("proxy-authorization")-1) != 0)) {
137 /* add header */
138 smart_str_appendl(soap_headers, s, p-s);
139 smart_str_append_const(soap_headers, "\r\n");
140 }
141 }
142 s = (*p) ? (p + 1) : p;
143 }
144 }
145
146 /* Additional HTTP headers */
http_context_headers(php_stream_context * context,bool has_authorization,bool has_proxy_authorization,bool has_cookies,smart_str * soap_headers)147 void http_context_headers(php_stream_context* context,
148 bool has_authorization,
149 bool has_proxy_authorization,
150 bool has_cookies,
151 smart_str* soap_headers)
152 {
153 zval *tmp;
154 if (context && (tmp = php_stream_context_get_option(context, "http", "header")) != NULL) {
155 if (Z_TYPE_P(tmp) == IS_STRING && Z_STRLEN_P(tmp)) {
156 http_context_add_header(Z_STRVAL_P(tmp), has_authorization, has_proxy_authorization, has_cookies, soap_headers);
157 } else if (Z_TYPE_P(tmp) == IS_ARRAY) {
158 zval *value;
159 ZEND_HASH_FOREACH_VAL(Z_ARR_P(tmp), value) {
160 if (Z_TYPE_P(value) == IS_STRING && Z_STRLEN_P(value)) {
161 http_context_add_header(Z_STRVAL_P(value), has_authorization, has_proxy_authorization, has_cookies, soap_headers);
162 }
163 } ZEND_HASH_FOREACH_END();
164 }
165 }
166 }
167
http_connect(zval * this_ptr,php_url * phpurl,int use_ssl,php_stream_context * context,int * use_proxy)168 static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, php_stream_context *context, int *use_proxy)
169 {
170 php_stream *stream;
171 zval *tmp, ssl_proxy_peer_name;
172 char *host;
173 char *name;
174 char *protocol;
175 zend_long namelen;
176 int port;
177 int old_error_reporting;
178 struct timeval tv;
179 struct timeval *timeout = NULL;
180
181 zval *proxy_host = Z_CLIENT_PROXY_HOST_P(this_ptr);
182 zval *proxy_port = Z_CLIENT_PROXY_PORT_P(this_ptr);
183 if (Z_TYPE_P(proxy_host) == IS_STRING && Z_TYPE_P(proxy_port) == IS_LONG) {
184 host = Z_STRVAL_P(proxy_host);
185 port = Z_LVAL_P(proxy_port);
186 *use_proxy = 1;
187 } else {
188 host = ZSTR_VAL(phpurl->host);
189 port = phpurl->port;
190 }
191
192 tmp = Z_CLIENT_CONNECTION_TIMEOUT_P(this_ptr);
193 if (Z_TYPE_P(tmp) == IS_LONG && Z_LVAL_P(tmp) > 0) {
194 tv.tv_sec = Z_LVAL_P(tmp);
195 tv.tv_usec = 0;
196 timeout = &tv;
197 }
198
199 old_error_reporting = EG(error_reporting);
200 EG(error_reporting) &= ~(E_WARNING|E_NOTICE|E_USER_WARNING|E_USER_NOTICE);
201
202 /* Changed ternary operator to an if/else so that additional comparisons can be done on the ssl_method property */
203 if (use_ssl && !*use_proxy) {
204 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
205 if (Z_TYPE_P(tmp) == IS_LONG) {
206 /* uses constants declared in soap.c to determine ssl uri protocol */
207 switch (Z_LVAL_P(tmp)) {
208 case SOAP_SSL_METHOD_TLS:
209 protocol = "tls";
210 break;
211
212 case SOAP_SSL_METHOD_SSLv2:
213 protocol = "sslv2";
214 break;
215
216 case SOAP_SSL_METHOD_SSLv3:
217 protocol = "sslv3";
218 break;
219
220 case SOAP_SSL_METHOD_SSLv23:
221 protocol = "ssl";
222 break;
223
224 default:
225 protocol = "ssl";
226 break;
227
228 }
229 } else {
230 protocol = "ssl";
231 }
232 } else {
233 protocol = "tcp";
234 }
235
236 namelen = spprintf(&name, 0, "%s://%s:%d", protocol, host, port);
237
238 stream = php_stream_xport_create(name, namelen,
239 REPORT_ERRORS,
240 STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
241 NULL /*persistent_id*/,
242 timeout,
243 context,
244 NULL, NULL);
245 efree(name);
246
247 /* SSL & proxy */
248 if (stream && *use_proxy && use_ssl) {
249 smart_str soap_headers = {0};
250
251 /* Set peer_name or name verification will try to use the proxy server name */
252 if (!context || (tmp = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
253 ZVAL_STR_COPY(&ssl_proxy_peer_name, phpurl->host);
254 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
255 zval_ptr_dtor(&ssl_proxy_peer_name);
256 }
257
258 smart_str_append_const(&soap_headers, "CONNECT ");
259 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
260 smart_str_appendc(&soap_headers, ':');
261 smart_str_append_unsigned(&soap_headers, phpurl->port);
262 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
263 smart_str_append_const(&soap_headers, "Host: ");
264 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
265 if (phpurl->port != 80) {
266 smart_str_appendc(&soap_headers, ':');
267 smart_str_append_unsigned(&soap_headers, phpurl->port);
268 }
269 smart_str_append_const(&soap_headers, "\r\n");
270 proxy_authentication(this_ptr, &soap_headers);
271 smart_str_append_const(&soap_headers, "\r\n");
272 if (php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)) != ZSTR_LEN(soap_headers.s)) {
273 php_stream_close(stream);
274 stream = NULL;
275 }
276 smart_str_free(&soap_headers);
277
278 if (stream) {
279 zend_string *http_headers = get_http_headers(stream);
280 if (http_headers) {
281 zend_string_free(http_headers);
282 } else {
283 php_stream_close(stream);
284 stream = NULL;
285 }
286 }
287 /* enable SSL transport layer */
288 if (stream) {
289 /* if a stream is created without encryption, check to see if SSL method parameter is specified and use
290 proper encrypyion method based on constants defined in soap.c */
291 int crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
292 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
293 if (Z_TYPE_P(tmp) == IS_LONG) {
294 switch (Z_LVAL_P(tmp)) {
295 case SOAP_SSL_METHOD_TLS:
296 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
297 break;
298
299 case SOAP_SSL_METHOD_SSLv2:
300 crypto_method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
301 break;
302
303 case SOAP_SSL_METHOD_SSLv3:
304 crypto_method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
305 break;
306
307 case SOAP_SSL_METHOD_SSLv23:
308 crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
309 break;
310
311 default:
312 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
313 break;
314 }
315 }
316 if (php_stream_xport_crypto_setup(stream, crypto_method, NULL) < 0 ||
317 php_stream_xport_crypto_enable(stream, 1) < 0) {
318 php_stream_close(stream);
319 stream = NULL;
320 }
321 }
322 }
323
324 EG(error_reporting) = old_error_reporting;
325 return stream;
326 }
327
in_domain(const char * host,const char * domain)328 static int in_domain(const char *host, const char *domain)
329 {
330 if (domain[0] == '.') {
331 int l1 = strlen(host);
332 int l2 = strlen(domain);
333 if (l1 > l2) {
334 return strcmp(host+l1-l2,domain) == 0;
335 } else {
336 return 0;
337 }
338 } else {
339 return strcmp(host,domain) == 0;
340 }
341 }
342
make_http_soap_request(zval * this_ptr,zend_string * buf,char * location,char * soapaction,int soap_version,zval * return_value)343 int make_http_soap_request(zval *this_ptr,
344 zend_string *buf,
345 char *location,
346 char *soapaction,
347 int soap_version,
348 zval *return_value)
349 {
350 zend_string *request;
351 smart_str soap_headers = {0};
352 smart_str soap_headers_z = {0};
353 size_t err;
354 php_url *phpurl = NULL;
355 php_stream *stream;
356 zval *tmp;
357 int use_proxy = 0;
358 int use_ssl;
359 zend_string *http_body;
360 char *content_type, *http_version, *cookie_itt;
361 size_t cookie_len;
362 int http_close;
363 zend_string *http_headers;
364 char *connection;
365 int http_1_1;
366 int http_status;
367 int content_type_xml = 0;
368 zend_long redirect_max = 20;
369 char *content_encoding;
370 char *http_msg = NULL;
371 bool old_allow_url_fopen;
372 php_stream_context *context = NULL;
373 bool has_authorization = 0;
374 bool has_proxy_authorization = 0;
375 bool has_cookies = 0;
376
377 if (this_ptr == NULL || Z_TYPE_P(this_ptr) != IS_OBJECT) {
378 return FALSE;
379 }
380
381 request = buf;
382 /* Compress request */
383 tmp = Z_CLIENT_COMPRESSION_P(this_ptr);
384 if (Z_TYPE_P(tmp) == IS_LONG) {
385 int level = Z_LVAL_P(tmp) & 0x0f;
386 int kind = Z_LVAL_P(tmp) & SOAP_COMPRESSION_DEFLATE;
387
388 if (level > 9) {level = 9;}
389
390 if ((Z_LVAL_P(tmp) & SOAP_COMPRESSION_ACCEPT) != 0) {
391 smart_str_append_const(&soap_headers_z,"Accept-Encoding: gzip, deflate\r\n");
392 }
393 if (level > 0) {
394 zval func;
395 zval retval;
396 zval params[3];
397 int n;
398
399 ZVAL_STR_COPY(¶ms[0], buf);
400 ZVAL_LONG(¶ms[1], level);
401 if (kind == SOAP_COMPRESSION_DEFLATE) {
402 n = 2;
403 ZVAL_STRING(&func, "gzcompress");
404 smart_str_append_const(&soap_headers_z,"Content-Encoding: deflate\r\n");
405 } else {
406 n = 3;
407 ZVAL_STRING(&func, "gzencode");
408 smart_str_append_const(&soap_headers_z,"Content-Encoding: gzip\r\n");
409 ZVAL_LONG(¶ms[2], 0x1f);
410 }
411 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, n, params) == SUCCESS &&
412 Z_TYPE(retval) == IS_STRING) {
413 zval_ptr_dtor(¶ms[0]);
414 zval_ptr_dtor(&func);
415 request = Z_STR(retval);
416 } else {
417 zval_ptr_dtor(¶ms[0]);
418 zval_ptr_dtor(&func);
419 if (request != buf) {
420 zend_string_release_ex(request, 0);
421 }
422 smart_str_free(&soap_headers_z);
423 return FALSE;
424 }
425 }
426 }
427
428 tmp = Z_CLIENT_HTTPSOCKET_P(this_ptr);
429 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
430 php_stream_from_zval_no_verify(stream,tmp);
431 tmp = Z_CLIENT_USE_PROXY_P(this_ptr);
432 if (Z_TYPE_P(tmp) == IS_LONG) {
433 use_proxy = Z_LVAL_P(tmp);
434 }
435 } else {
436 stream = NULL;
437 }
438
439 if (location != NULL && location[0] != '\000') {
440 phpurl = php_url_parse(location);
441 }
442
443 tmp = Z_CLIENT_STREAM_CONTEXT_P(this_ptr);
444 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
445 context = php_stream_context_from_zval(tmp, 0);
446 }
447
448 if (context &&
449 (tmp = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
450 if (Z_TYPE_P(tmp) != IS_STRING || !is_numeric_string(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &redirect_max, NULL, 1)) {
451 if (Z_TYPE_P(tmp) == IS_LONG)
452 redirect_max = Z_LVAL_P(tmp);
453 }
454 }
455
456 try_again:
457 if (phpurl == NULL || phpurl->host == NULL) {
458 if (phpurl != NULL) {php_url_free(phpurl);}
459 if (request != buf) {
460 zend_string_release_ex(request, 0);
461 }
462 add_soap_fault(this_ptr, "HTTP", "Unable to parse URL", NULL, NULL);
463 smart_str_free(&soap_headers_z);
464 return FALSE;
465 }
466
467 use_ssl = 0;
468 if (phpurl->scheme != NULL && zend_string_equals_literal(phpurl->scheme, "https")) {
469 use_ssl = 1;
470 } else if (phpurl->scheme == NULL || !zend_string_equals_literal(phpurl->scheme, "http")) {
471 php_url_free(phpurl);
472 if (request != buf) {
473 zend_string_release_ex(request, 0);
474 }
475 add_soap_fault(this_ptr, "HTTP", "Unknown protocol. Only http and https are allowed.", NULL, NULL);
476 smart_str_free(&soap_headers_z);
477 return FALSE;
478 }
479
480 old_allow_url_fopen = PG(allow_url_fopen);
481 PG(allow_url_fopen) = 1;
482 if (use_ssl && php_stream_locate_url_wrapper("https://", NULL, STREAM_LOCATE_WRAPPERS_ONLY) == NULL) {
483 php_url_free(phpurl);
484 if (request != buf) {
485 zend_string_release_ex(request, 0);
486 }
487 add_soap_fault(this_ptr, "HTTP", "SSL support is not available in this build", NULL, NULL);
488 PG(allow_url_fopen) = old_allow_url_fopen;
489 smart_str_free(&soap_headers_z);
490 return FALSE;
491 }
492
493 if (phpurl->port == 0) {
494 phpurl->port = use_ssl ? 443 : 80;
495 }
496
497 /* Check if request to the same host */
498 if (stream != NULL) {
499 php_url *orig;
500 tmp = Z_CLIENT_HTTPURL_P(this_ptr);
501 if (Z_TYPE_P(tmp) == IS_RESOURCE &&
502 (orig = (php_url *) zend_fetch_resource_ex(tmp, "httpurl", le_url)) != NULL &&
503 ((use_proxy && !use_ssl) ||
504 (((use_ssl && orig->scheme != NULL && zend_string_equals_literal(orig->scheme, "https")) ||
505 (!use_ssl && orig->scheme == NULL) ||
506 (!use_ssl && !zend_string_equals_literal(orig->scheme, "https"))) &&
507 zend_string_equals(orig->host, phpurl->host) &&
508 orig->port == phpurl->port))) {
509 } else {
510 php_stream_close(stream);
511 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
512 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
513 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
514 stream = NULL;
515 use_proxy = 0;
516 }
517 }
518
519 /* Check if keep-alive connection is still opened */
520 if (stream != NULL && php_stream_eof(stream)) {
521 php_stream_close(stream);
522 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
523 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
524 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
525 stream = NULL;
526 use_proxy = 0;
527 }
528
529 if (!stream) {
530 stream = http_connect(this_ptr, phpurl, use_ssl, context, &use_proxy);
531 if (stream) {
532 php_stream_auto_cleanup(stream);
533 ZVAL_RES(Z_CLIENT_HTTPSOCKET_P(this_ptr), stream->res);
534 GC_ADDREF(stream->res);
535 ZVAL_LONG(Z_CLIENT_USE_PROXY_P(this_ptr), use_proxy);
536 } else {
537 php_url_free(phpurl);
538 if (request != buf) {
539 zend_string_release_ex(request, 0);
540 }
541 add_soap_fault(this_ptr, "HTTP", "Could not connect to host", NULL, NULL);
542 PG(allow_url_fopen) = old_allow_url_fopen;
543 smart_str_free(&soap_headers_z);
544 return FALSE;
545 }
546 }
547 PG(allow_url_fopen) = old_allow_url_fopen;
548
549 if (stream) {
550 zval *cookies, *login, *password;
551 zend_resource *ret = zend_register_resource(phpurl, le_url);
552 ZVAL_RES(Z_CLIENT_HTTPURL_P(this_ptr), ret);
553 GC_ADDREF(ret);
554
555 if (context &&
556 (tmp = php_stream_context_get_option(context, "http", "protocol_version")) != NULL &&
557 Z_TYPE_P(tmp) == IS_DOUBLE &&
558 Z_DVAL_P(tmp) == 1.0) {
559 http_1_1 = 0;
560 } else {
561 http_1_1 = 1;
562 }
563
564 smart_str_append_const(&soap_headers, "POST ");
565 if (use_proxy && !use_ssl) {
566 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->scheme));
567 smart_str_append_const(&soap_headers, "://");
568 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
569 smart_str_appendc(&soap_headers, ':');
570 smart_str_append_unsigned(&soap_headers, phpurl->port);
571 }
572 if (phpurl->path) {
573 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
574 } else {
575 smart_str_appendc(&soap_headers, '/');
576 }
577 if (phpurl->query) {
578 smart_str_appendc(&soap_headers, '?');
579 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
580 }
581 if (phpurl->fragment) {
582 smart_str_appendc(&soap_headers, '#');
583 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
584 }
585 if (http_1_1) {
586 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
587 } else {
588 smart_str_append_const(&soap_headers, " HTTP/1.0\r\n");
589 }
590 smart_str_append_const(&soap_headers, "Host: ");
591 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
592 if (phpurl->port != (use_ssl?443:80)) {
593 smart_str_appendc(&soap_headers, ':');
594 smart_str_append_unsigned(&soap_headers, phpurl->port);
595 }
596 if (!http_1_1 || Z_TYPE_P(Z_CLIENT_KEEP_ALIVE_P(this_ptr)) == IS_FALSE) {
597 smart_str_append_const(&soap_headers, "\r\n"
598 "Connection: close\r\n");
599 } else {
600 smart_str_append_const(&soap_headers, "\r\n"
601 "Connection: Keep-Alive\r\n");
602 }
603 tmp = Z_CLIENT_USER_AGENT_P(this_ptr);
604 if (Z_TYPE_P(tmp) == IS_STRING) {
605 if (Z_STRLEN_P(tmp) > 0) {
606 smart_str_append_const(&soap_headers, "User-Agent: ");
607 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
608 smart_str_append_const(&soap_headers, "\r\n");
609 }
610 } else if (context &&
611 (tmp = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
612 Z_TYPE_P(tmp) == IS_STRING) {
613 if (Z_STRLEN_P(tmp) > 0) {
614 smart_str_append_const(&soap_headers, "User-Agent: ");
615 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
616 smart_str_append_const(&soap_headers, "\r\n");
617 }
618 } else if (FG(user_agent)) {
619 smart_str_append_const(&soap_headers, "User-Agent: ");
620 smart_str_appends(&soap_headers, FG(user_agent));
621 smart_str_append_const(&soap_headers, "\r\n");
622 } else {
623 smart_str_append_const(&soap_headers, "User-Agent: PHP-SOAP/"PHP_VERSION"\r\n");
624 }
625
626 smart_str_append_smart_str(&soap_headers, &soap_headers_z);
627
628 if (soap_version == SOAP_1_2) {
629 if (context &&
630 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
631 Z_TYPE_P(tmp) == IS_STRING &&
632 Z_STRLEN_P(tmp) > 0
633 ) {
634 smart_str_append_const(&soap_headers, "Content-Type: ");
635 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
636 } else {
637 smart_str_append_const(&soap_headers, "Content-Type: application/soap+xml; charset=utf-8");
638 }
639 if (soapaction) {
640 smart_str_append_const(&soap_headers,"; action=\"");
641 smart_str_appends(&soap_headers, soapaction);
642 smart_str_append_const(&soap_headers,"\"");
643 }
644 smart_str_append_const(&soap_headers,"\r\n");
645 } else {
646 if (context &&
647 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
648 Z_TYPE_P(tmp) == IS_STRING &&
649 Z_STRLEN_P(tmp) > 0
650 ) {
651 smart_str_append_const(&soap_headers, "Content-Type: ");
652 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
653 smart_str_append_const(&soap_headers, "\r\n");
654 } else {
655 smart_str_append_const(&soap_headers, "Content-Type: text/xml; charset=utf-8\r\n");
656 }
657 if (soapaction) {
658 smart_str_append_const(&soap_headers, "SOAPAction: \"");
659 smart_str_appends(&soap_headers, soapaction);
660 smart_str_append_const(&soap_headers, "\"\r\n");
661 }
662 }
663 smart_str_append_const(&soap_headers,"Content-Length: ");
664 smart_str_append_long(&soap_headers, request->len);
665 smart_str_append_const(&soap_headers, "\r\n");
666
667 /* HTTP Authentication */
668 login = Z_CLIENT_LOGIN_P(this_ptr);
669 if (Z_TYPE_P(login) == IS_STRING) {
670 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
671
672 has_authorization = 1;
673 if (Z_TYPE_P(digest) == IS_ARRAY) {
674 char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
675 unsigned char nonce[16];
676 PHP_MD5_CTX md5ctx;
677 unsigned char hash[16];
678
679 if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
680 ZEND_ASSERT(EG(exception));
681 php_stream_close(stream);
682 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
683 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
684 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
685 smart_str_free(&soap_headers_z);
686 smart_str_free(&soap_headers);
687 return FALSE;
688 }
689
690 php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
691 cnonce[32] = 0;
692
693 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
694 Z_TYPE_P(tmp) == IS_LONG) {
695 Z_LVAL_P(tmp)++;
696 snprintf(nc, sizeof(nc), "%08" ZEND_LONG_FMT_SPEC, Z_LVAL_P(tmp));
697 } else {
698 add_assoc_long(digest, "nc", 1);
699 strcpy(nc, "00000001");
700 }
701
702 PHP_MD5Init(&md5ctx);
703 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(login), Z_STRLEN_P(login));
704 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
705 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
706 Z_TYPE_P(tmp) == IS_STRING) {
707 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
708 }
709 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
710 password = Z_CLIENT_PASSWORD_P(this_ptr);
711 if (Z_TYPE_P(password) == IS_STRING) {
712 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(password), Z_STRLEN_P(password));
713 }
714 PHP_MD5Final(hash, &md5ctx);
715 make_digest(HA1, hash);
716 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
717 Z_TYPE_P(tmp) == IS_STRING &&
718 Z_STRLEN_P(tmp) == sizeof("md5-sess")-1 &&
719 stricmp(Z_STRVAL_P(tmp), "md5-sess") == 0) {
720 PHP_MD5Init(&md5ctx);
721 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
722 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
723 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
724 Z_TYPE_P(tmp) == IS_STRING) {
725 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
726 }
727 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
728 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
729 PHP_MD5Final(hash, &md5ctx);
730 make_digest(HA1, hash);
731 }
732
733 PHP_MD5Init(&md5ctx);
734 PHP_MD5Update(&md5ctx, (unsigned char*)"POST:", sizeof("POST:")-1);
735 if (phpurl->path) {
736 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->path), ZSTR_LEN(phpurl->path));
737 } else {
738 PHP_MD5Update(&md5ctx, (unsigned char*)"/", 1);
739 }
740 if (phpurl->query) {
741 PHP_MD5Update(&md5ctx, (unsigned char*)"?", 1);
742 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->query), ZSTR_LEN(phpurl->query));
743 }
744
745 PHP_MD5Final(hash, &md5ctx);
746 make_digest(HA2, hash);
747
748 PHP_MD5Init(&md5ctx);
749 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
750 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
751 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
752 Z_TYPE_P(tmp) == IS_STRING) {
753 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
754 }
755 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
756 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
757 Z_TYPE_P(tmp) == IS_STRING) {
758 PHP_MD5Update(&md5ctx, (unsigned char*)nc, 8);
759 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
760 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
761 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
762 /* TODO: Support for qop=auth-int */
763 PHP_MD5Update(&md5ctx, (unsigned char*)"auth", sizeof("auth")-1);
764 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
765 }
766 PHP_MD5Update(&md5ctx, (unsigned char*)HA2, 32);
767 PHP_MD5Final(hash, &md5ctx);
768 make_digest(response, hash);
769
770 smart_str_append_const(&soap_headers, "Authorization: Digest username=\"");
771 smart_str_appendl(&soap_headers, Z_STRVAL_P(login), Z_STRLEN_P(login));
772 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
773 Z_TYPE_P(tmp) == IS_STRING) {
774 smart_str_append_const(&soap_headers, "\", realm=\"");
775 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
776 }
777 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
778 Z_TYPE_P(tmp) == IS_STRING) {
779 smart_str_append_const(&soap_headers, "\", nonce=\"");
780 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
781 }
782 smart_str_append_const(&soap_headers, "\", uri=\"");
783 if (phpurl->path) {
784 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
785 } else {
786 smart_str_appendc(&soap_headers, '/');
787 }
788 if (phpurl->query) {
789 smart_str_appendc(&soap_headers, '?');
790 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
791 }
792 if (phpurl->fragment) {
793 smart_str_appendc(&soap_headers, '#');
794 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
795 }
796 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
797 Z_TYPE_P(tmp) == IS_STRING) {
798 /* TODO: Support for qop=auth-int */
799 smart_str_append_const(&soap_headers, "\", qop=auth");
800 smart_str_append_const(&soap_headers, ", nc=");
801 smart_str_appendl(&soap_headers, nc, 8);
802 smart_str_append_const(&soap_headers, ", cnonce=\"");
803 smart_str_appendl(&soap_headers, cnonce, 8);
804 }
805 smart_str_append_const(&soap_headers, "\", response=\"");
806 smart_str_appendl(&soap_headers, response, 32);
807 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "opaque", sizeof("opaque")-1)) != NULL &&
808 Z_TYPE_P(tmp) == IS_STRING) {
809 smart_str_append_const(&soap_headers, "\", opaque=\"");
810 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
811 }
812 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
813 Z_TYPE_P(tmp) == IS_STRING) {
814 smart_str_append_const(&soap_headers, "\", algorithm=\"");
815 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
816 }
817 smart_str_append_const(&soap_headers, "\"\r\n");
818 } else {
819 zend_string *buf;
820
821 smart_str auth = {0};
822 smart_str_append(&auth, Z_STR_P(login));
823 smart_str_appendc(&auth, ':');
824 password = Z_CLIENT_PASSWORD_P(this_ptr);
825 if (Z_TYPE_P(password) == IS_STRING) {
826 smart_str_append(&auth, Z_STR_P(password));
827 }
828 smart_str_0(&auth);
829 buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
830 smart_str_append_const(&soap_headers, "Authorization: Basic ");
831 smart_str_append(&soap_headers, buf);
832 smart_str_append_const(&soap_headers, "\r\n");
833 zend_string_release_ex(buf, 0);
834 smart_str_free(&auth);
835 }
836 }
837
838 /* Proxy HTTP Authentication */
839 if (use_proxy && !use_ssl) {
840 has_proxy_authorization = proxy_authentication(this_ptr, &soap_headers);
841 }
842
843 /* Send cookies along with request */
844 cookies = Z_CLIENT_COOKIES_P(this_ptr);
845 ZEND_ASSERT(Z_TYPE_P(cookies) == IS_ARRAY);
846 if (zend_hash_num_elements(Z_ARRVAL_P(cookies)) != 0 && !HT_IS_PACKED(Z_ARRVAL_P(cookies))) {
847 zval *data;
848 zend_string *key;
849 has_cookies = 1;
850 bool first_cookie = true;
851 smart_str_append_const(&soap_headers, "Cookie: ");
852 ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(cookies), key, data) {
853 if (key && Z_TYPE_P(data) == IS_ARRAY) {
854 zval *value;
855
856 if ((value = zend_hash_index_find(Z_ARRVAL_P(data), 0)) != NULL &&
857 Z_TYPE_P(value) == IS_STRING) {
858 zval *tmp;
859 if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL ||
860 Z_TYPE_P(tmp) != IS_STRING ||
861 strncmp(phpurl->path?ZSTR_VAL(phpurl->path):"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) &&
862 ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL ||
863 Z_TYPE_P(tmp) != IS_STRING ||
864 in_domain(ZSTR_VAL(phpurl->host),Z_STRVAL_P(tmp))) &&
865 (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) {
866 if (!first_cookie) {
867 smart_str_appends(&soap_headers, "; ");
868 }
869 first_cookie = false;
870 smart_str_append(&soap_headers, key);
871 smart_str_appendc(&soap_headers, '=');
872 smart_str_append(&soap_headers, Z_STR_P(value));
873 }
874 }
875 }
876 } ZEND_HASH_FOREACH_END();
877 smart_str_append_const(&soap_headers, "\r\n");
878 }
879
880 http_context_headers(context, has_authorization, has_proxy_authorization, has_cookies, &soap_headers);
881
882 smart_str_append_const(&soap_headers, "\r\n");
883 smart_str_0(&soap_headers);
884 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
885 zval_ptr_dtor(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr));
886 /* Need to copy the string here, as we continue appending to soap_headers below. */
887 ZVAL_STRINGL(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr),
888 ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
889 }
890 smart_str_appendl(&soap_headers, request->val, request->len);
891 smart_str_0(&soap_headers);
892
893 err = php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
894 if (err != ZSTR_LEN(soap_headers.s)) {
895 if (request != buf) {
896 zend_string_release_ex(request, 0);
897 }
898 php_stream_close(stream);
899 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
900 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
901 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
902 add_soap_fault(this_ptr, "HTTP", "Failed Sending HTTP SOAP request", NULL, NULL);
903 smart_str_free(&soap_headers_z);
904 return FALSE;
905 }
906 smart_str_free(&soap_headers);
907 } else {
908 add_soap_fault(this_ptr, "HTTP", "Failed to create stream??", NULL, NULL);
909 smart_str_free(&soap_headers_z);
910 return FALSE;
911 }
912
913 if (!return_value) {
914 php_stream_close(stream);
915 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
916 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
917 smart_str_free(&soap_headers_z);
918 return TRUE;
919 }
920
921 do {
922 http_headers = get_http_headers(stream);
923 if (!http_headers) {
924 if (request != buf) {
925 zend_string_release_ex(request, 0);
926 }
927 php_stream_close(stream);
928 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
929 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
930 add_soap_fault(this_ptr, "HTTP", "Error Fetching http headers", NULL, NULL);
931 smart_str_free(&soap_headers_z);
932 return FALSE;
933 }
934
935 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
936 zval_ptr_dtor(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr));
937 ZVAL_STR_COPY(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr), http_headers);
938 }
939
940 /* Check to see what HTTP status was sent */
941 http_1_1 = 0;
942 http_status = 0;
943 http_version = get_http_header_value(ZSTR_VAL(http_headers), "HTTP/");
944 if (http_version) {
945 char *tmp;
946
947 if (!strncmp(http_version,"1.1", 3)) {
948 http_1_1 = 1;
949 }
950
951 tmp = strstr(http_version," ");
952 if (tmp != NULL) {
953 tmp++;
954 http_status = atoi(tmp);
955 }
956 tmp = strstr(tmp," ");
957 if (tmp != NULL) {
958 tmp++;
959 if (http_msg) {
960 efree(http_msg);
961 }
962 http_msg = estrdup(tmp);
963 }
964 efree(http_version);
965
966 /* Try and get headers again */
967 if (http_status == 100) {
968 zend_string_release_ex(http_headers, 0);
969 }
970 }
971 } while (http_status == 100);
972
973 /* Grab and send back every cookie */
974
975 /* Not going to worry about Path: because
976 we shouldn't be changing urls so path doesn't
977 matter too much
978 */
979 cookie_itt = ZSTR_VAL(http_headers);
980
981 while ((cookie_itt = get_http_header_value_nodup(cookie_itt, "Set-Cookie: ", &cookie_len))) {
982 zval *cookies = Z_CLIENT_COOKIES_P(this_ptr);
983 SEPARATE_ARRAY(cookies);
984
985 char *cookie = estrndup(cookie_itt, cookie_len);
986 char *eqpos = strstr(cookie, "=");
987 char *sempos = strstr(cookie, ";");
988 if (eqpos != NULL && (sempos == NULL || sempos > eqpos)) {
989 smart_str name = {0};
990 int cookie_len;
991 zval zcookie;
992
993 if (sempos != NULL) {
994 cookie_len = sempos-(eqpos+1);
995 } else {
996 cookie_len = strlen(cookie)-(eqpos-cookie)-1;
997 }
998
999 smart_str_appendl(&name, cookie, eqpos - cookie);
1000 smart_str_0(&name);
1001
1002 array_init(&zcookie);
1003 add_index_stringl(&zcookie, 0, eqpos + 1, cookie_len);
1004
1005 if (sempos != NULL) {
1006 char *options = cookie + cookie_len+1;
1007 while (*options) {
1008 while (*options == ' ') {options++;}
1009 sempos = strstr(options, ";");
1010 if (strstr(options,"path=") == options) {
1011 eqpos = options + sizeof("path=")-1;
1012 add_index_stringl(&zcookie, 1, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
1013 } else if (strstr(options,"domain=") == options) {
1014 eqpos = options + sizeof("domain=")-1;
1015 add_index_stringl(&zcookie, 2, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
1016 } else if (strstr(options,"secure") == options) {
1017 add_index_bool(&zcookie, 3, 1);
1018 }
1019 if (sempos != NULL) {
1020 options = sempos+1;
1021 } else {
1022 break;
1023 }
1024 }
1025 }
1026 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 1)) {
1027 char *t = phpurl->path?ZSTR_VAL(phpurl->path):"/";
1028 char *c = strrchr(t, '/');
1029 if (c) {
1030 add_index_stringl(&zcookie, 1, t, c-t);
1031 }
1032 }
1033 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 2)) {
1034 add_index_str(&zcookie, 2, phpurl->host);
1035 GC_ADDREF(phpurl->host);
1036 }
1037
1038 zend_symtable_update(Z_ARRVAL_P(cookies), name.s, &zcookie);
1039 smart_str_free(&name);
1040 }
1041
1042 cookie_itt = cookie_itt + cookie_len;
1043 efree(cookie);
1044 }
1045
1046 /* See if the server requested a close */
1047 if (http_1_1) {
1048 http_close = FALSE;
1049 if (use_proxy && !use_ssl) {
1050 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1051 if (connection) {
1052 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1053 http_close = TRUE;
1054 }
1055 efree(connection);
1056 }
1057 }
1058 if (http_close == FALSE) {
1059 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1060 if (connection) {
1061 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1062 http_close = TRUE;
1063 }
1064 efree(connection);
1065 }
1066 }
1067 } else {
1068 http_close = TRUE;
1069 if (use_proxy && !use_ssl) {
1070 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1071 if (connection) {
1072 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1073 http_close = FALSE;
1074 }
1075 efree(connection);
1076 }
1077 }
1078 if (http_close == TRUE) {
1079 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1080 if (connection) {
1081 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1082 http_close = FALSE;
1083 }
1084 efree(connection);
1085 }
1086 }
1087 }
1088
1089
1090 http_body = get_http_body(stream, http_close, ZSTR_VAL(http_headers));
1091 if (!http_body) {
1092 if (request != buf) {
1093 zend_string_release_ex(request, 0);
1094 }
1095 php_stream_close(stream);
1096 zend_string_release_ex(http_headers, 0);
1097 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1098 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1099 add_soap_fault(this_ptr, "HTTP", "Error Fetching http body, No Content-Length, connection closed or chunked data", NULL, NULL);
1100 if (http_msg) {
1101 efree(http_msg);
1102 }
1103 smart_str_free(&soap_headers_z);
1104 return FALSE;
1105 }
1106
1107 if (request != buf) {
1108 zend_string_release_ex(request, 0);
1109 }
1110
1111 if (http_close) {
1112 php_stream_close(stream);
1113 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1114 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1115 stream = NULL;
1116 }
1117
1118 /* Process HTTP status codes */
1119 if (http_status >= 300 && http_status < 400) {
1120 char *loc;
1121
1122 if ((loc = get_http_header_value(ZSTR_VAL(http_headers), "Location: ")) != NULL) {
1123 php_url *new_url = php_url_parse(loc);
1124
1125 if (new_url != NULL) {
1126 zend_string_release_ex(http_headers, 0);
1127 zend_string_release_ex(http_body, 0);
1128 efree(loc);
1129 if (new_url->scheme == NULL && new_url->path != NULL) {
1130 new_url->scheme = phpurl->scheme ? zend_string_copy(phpurl->scheme) : NULL;
1131 new_url->host = phpurl->host ? zend_string_copy(phpurl->host) : NULL;
1132 new_url->port = phpurl->port;
1133 if (new_url->path && ZSTR_VAL(new_url->path)[0] != '/') {
1134 if (phpurl->path) {
1135 char *t = ZSTR_VAL(phpurl->path);
1136 char *p = strrchr(t, '/');
1137 if (p) {
1138 zend_string *s = zend_string_alloc((p - t) + ZSTR_LEN(new_url->path) + 2, 0);
1139 strncpy(ZSTR_VAL(s), t, (p - t) + 1);
1140 ZSTR_VAL(s)[(p - t) + 1] = 0;
1141 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1142 zend_string_release_ex(new_url->path, 0);
1143 new_url->path = s;
1144 }
1145 } else {
1146 zend_string *s = zend_string_alloc(ZSTR_LEN(new_url->path) + 2, 0);
1147 ZSTR_VAL(s)[0] = '/';
1148 ZSTR_VAL(s)[1] = 0;
1149 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1150 zend_string_release_ex(new_url->path, 0);
1151 new_url->path = s;
1152 }
1153 }
1154 }
1155 phpurl = new_url;
1156
1157 if (--redirect_max < 1) {
1158 add_soap_fault(this_ptr, "HTTP", "Redirection limit reached, aborting", NULL, NULL);
1159 smart_str_free(&soap_headers_z);
1160 return FALSE;
1161 }
1162
1163 goto try_again;
1164 }
1165 }
1166 } else if (http_status == 401) {
1167 /* Digest authentication */
1168 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
1169 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
1170 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
1171 char *auth = get_http_header_value(ZSTR_VAL(http_headers), "WWW-Authenticate: ");
1172 if (auth && strstr(auth, "Digest") == auth && Z_TYPE_P(digest) != IS_ARRAY
1173 && Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(password) == IS_STRING) {
1174 char *s;
1175 zval digest;
1176
1177 ZVAL_UNDEF(&digest);
1178 s = auth + sizeof("Digest")-1;
1179 while (*s != '\0') {
1180 char *name, *val;
1181 while (*s == ' ') ++s;
1182 name = s;
1183 while (*s != '\0' && *s != '=') ++s;
1184 if (*s == '=') {
1185 *s = '\0';
1186 ++s;
1187 if (*s == '"') {
1188 ++s;
1189 val = s;
1190 while (*s != '\0' && *s != '"') ++s;
1191 } else {
1192 val = s;
1193 while (*s != '\0' && *s != ' ' && *s != ',') ++s;
1194 }
1195 if (*s != '\0') {
1196 if (*s != ',') {
1197 *s = '\0';
1198 ++s;
1199 while (*s != '\0' && *s != ',') ++s;
1200 if (*s != '\0') ++s;
1201 } else {
1202 *s = '\0';
1203 ++s;
1204 }
1205 }
1206 if (Z_TYPE(digest) == IS_UNDEF) {
1207 array_init(&digest);
1208 }
1209 add_assoc_string(&digest, name, val);
1210 }
1211 }
1212
1213 if (Z_TYPE(digest) != IS_UNDEF) {
1214 php_url *new_url = emalloc(sizeof(php_url));
1215
1216 zval_ptr_dtor(Z_CLIENT_DIGEST_P(this_ptr));
1217 ZVAL_COPY_VALUE(Z_CLIENT_DIGEST_P(this_ptr), &digest);
1218
1219 *new_url = *phpurl;
1220 if (phpurl->scheme) phpurl->scheme = zend_string_copy(phpurl->scheme);
1221 if (phpurl->user) phpurl->user = zend_string_copy(phpurl->user);
1222 if (phpurl->pass) phpurl->pass = zend_string_copy(phpurl->pass);
1223 if (phpurl->host) phpurl->host = zend_string_copy(phpurl->host);
1224 if (phpurl->path) phpurl->path = zend_string_copy(phpurl->path);
1225 if (phpurl->query) phpurl->query = zend_string_copy(phpurl->query);
1226 if (phpurl->fragment) phpurl->fragment = zend_string_copy(phpurl->fragment);
1227 phpurl = new_url;
1228
1229 efree(auth);
1230 zend_string_release_ex(http_headers, 0);
1231 zend_string_release_ex(http_body, 0);
1232
1233 goto try_again;
1234 }
1235 }
1236 if (auth) efree(auth);
1237 }
1238 smart_str_free(&soap_headers_z);
1239
1240 /* Check and see if the server even sent a xml document */
1241 content_type = get_http_header_value(ZSTR_VAL(http_headers), "Content-Type: ");
1242 if (content_type) {
1243 char *pos = NULL;
1244 int cmplen;
1245 pos = strstr(content_type,";");
1246 if (pos != NULL) {
1247 cmplen = pos - content_type;
1248 } else {
1249 cmplen = strlen(content_type);
1250 }
1251 if (strncmp(content_type, "text/xml", cmplen) == 0 ||
1252 strncmp(content_type, "application/soap+xml", cmplen) == 0) {
1253 content_type_xml = 1;
1254 /*
1255 if (strncmp(http_body, "<?xml", 5)) {
1256 zval *err;
1257 MAKE_STD_ZVAL(err);
1258 ZVAL_STRINGL(err, http_body, http_body_size, 1);
1259 add_soap_fault(this_ptr, "HTTP", "Didn't receive an xml document", NULL, err);
1260 efree(content_type);
1261 zend_string_release_ex(http_headers, 0);
1262 efree(http_body);
1263 return FALSE;
1264 }
1265 */
1266 }
1267 efree(content_type);
1268 }
1269
1270 /* Decompress response */
1271 content_encoding = get_http_header_value(ZSTR_VAL(http_headers), "Content-Encoding: ");
1272 if (content_encoding) {
1273 zval func;
1274 zval retval;
1275 zval params[1];
1276
1277 /* Warning: the zlib function names are chosen in an unfortunate manner.
1278 * Check zlib.c to see how a function corresponds with a particular format. */
1279 if ((strcmp(content_encoding,"gzip") == 0 ||
1280 strcmp(content_encoding,"x-gzip") == 0) &&
1281 zend_hash_str_exists(EG(function_table), "gzdecode", sizeof("gzdecode")-1)) {
1282 ZVAL_STRING(&func, "gzdecode");
1283 ZVAL_STR_COPY(¶ms[0], http_body);
1284 } else if (strcmp(content_encoding,"deflate") == 0 &&
1285 zend_hash_str_exists(EG(function_table), "gzuncompress", sizeof("gzuncompress")-1)) {
1286 ZVAL_STRING(&func, "gzuncompress");
1287 ZVAL_STR_COPY(¶ms[0], http_body);
1288 } else {
1289 efree(content_encoding);
1290 zend_string_release_ex(http_headers, 0);
1291 zend_string_release_ex(http_body, 0);
1292 if (http_msg) {
1293 efree(http_msg);
1294 }
1295 add_soap_fault(this_ptr, "HTTP", "Unknown Content-Encoding", NULL, NULL);
1296 return FALSE;
1297 }
1298 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, 1, params) == SUCCESS &&
1299 Z_TYPE(retval) == IS_STRING) {
1300 zval_ptr_dtor(¶ms[0]);
1301 zval_ptr_dtor(&func);
1302 zend_string_release_ex(http_body, 0);
1303 ZVAL_COPY_VALUE(return_value, &retval);
1304 } else {
1305 zval_ptr_dtor(¶ms[0]);
1306 zval_ptr_dtor(&func);
1307 efree(content_encoding);
1308 zend_string_release_ex(http_headers, 0);
1309 zend_string_release_ex(http_body, 0);
1310 add_soap_fault(this_ptr, "HTTP", "Can't uncompress compressed response", NULL, NULL);
1311 if (http_msg) {
1312 efree(http_msg);
1313 }
1314 return FALSE;
1315 }
1316 efree(content_encoding);
1317 } else {
1318 ZVAL_STR(return_value, http_body);
1319 }
1320
1321 zend_string_release_ex(http_headers, 0);
1322
1323 if (http_status >= 400) {
1324 int error = 0;
1325
1326 if (Z_STRLEN_P(return_value) == 0) {
1327 error = 1;
1328 } else if (Z_STRLEN_P(return_value) > 0) {
1329 if (!content_type_xml) {
1330 char *s = Z_STRVAL_P(return_value);
1331
1332 while (*s != '\0' && *s < ' ') {
1333 s++;
1334 }
1335 if (strncmp(s, "<?xml", 5)) {
1336 error = 1;
1337 }
1338 }
1339 }
1340
1341 if (error) {
1342 zval_ptr_dtor(return_value);
1343 ZVAL_UNDEF(return_value);
1344 add_soap_fault(this_ptr, "HTTP", http_msg, NULL, NULL);
1345 efree(http_msg);
1346 return FALSE;
1347 }
1348 }
1349
1350 if (http_msg) {
1351 efree(http_msg);
1352 }
1353
1354 return TRUE;
1355 }
1356
get_http_header_value_nodup(char * headers,char * type,size_t * len)1357 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len)
1358 {
1359 char *pos, *tmp = NULL;
1360 int typelen, headerslen;
1361
1362 typelen = strlen(type);
1363 headerslen = strlen(headers);
1364
1365 /* header `titles' can be lower case, or any case combination, according
1366 * to the various RFC's. */
1367 pos = headers;
1368 do {
1369 /* start of buffer or start of line */
1370 if (strncasecmp(pos, type, typelen) == 0) {
1371 char *eol;
1372
1373 /* match */
1374 tmp = pos + typelen;
1375
1376 /* strip leading whitespace */
1377 while (*tmp == ' ' || *tmp == '\t') {
1378 tmp++;
1379 }
1380
1381 eol = strchr(tmp, '\n');
1382 if (eol == NULL) {
1383 eol = headers + headerslen;
1384 } else if (eol > tmp) {
1385 if (*(eol-1) == '\r') {
1386 eol--;
1387 }
1388
1389 /* strip trailing whitespace */
1390 while (eol > tmp && (*(eol-1) == ' ' || *(eol-1) == '\t')) {
1391 eol--;
1392 }
1393 }
1394
1395 *len = eol - tmp;
1396 return tmp;
1397 }
1398
1399 /* find next line */
1400 pos = strchr(pos, '\n');
1401 if (pos) {
1402 pos++;
1403 }
1404
1405 } while (pos);
1406
1407 return NULL;
1408 }
1409
get_http_header_value(char * headers,char * type)1410 static char *get_http_header_value(char *headers, char *type)
1411 {
1412 size_t len;
1413 char *value;
1414
1415 value = get_http_header_value_nodup(headers, type, &len);
1416
1417 if (value) {
1418 return estrndup(value, len);
1419 }
1420
1421 return NULL;
1422 }
1423
get_http_body(php_stream * stream,int close,char * headers)1424 static zend_string* get_http_body(php_stream *stream, int close, char *headers)
1425 {
1426 zend_string *http_buf = NULL;
1427 char *header;
1428 int header_close = close, header_chunked = 0, header_length = 0, http_buf_size = 0;
1429
1430 if (!close) {
1431 header = get_http_header_value(headers, "Connection: ");
1432 if (header) {
1433 if(!strncasecmp(header, "close", sizeof("close")-1)) header_close = 1;
1434 efree(header);
1435 }
1436 }
1437 header = get_http_header_value(headers, "Transfer-Encoding: ");
1438 if (header) {
1439 if(!strncasecmp(header, "chunked", sizeof("chunked")-1)) header_chunked = 1;
1440 efree(header);
1441 }
1442 header = get_http_header_value(headers, "Content-Length: ");
1443 if (header) {
1444 header_length = atoi(header);
1445 efree(header);
1446 if (!header_length && !header_chunked) {
1447 /* Empty response */
1448 return ZSTR_EMPTY_ALLOC();
1449 }
1450 }
1451
1452 if (header_chunked) {
1453 char ch, done, headerbuf[8192];
1454
1455 done = FALSE;
1456
1457 while (!done) {
1458 int buf_size = 0;
1459
1460 php_stream_gets(stream, headerbuf, sizeof(headerbuf));
1461 if (sscanf(headerbuf, "%x", &buf_size) > 0 ) {
1462 if (buf_size > 0) {
1463 size_t len_size = 0;
1464
1465 if (http_buf_size + buf_size + 1 < 0) {
1466 if (http_buf) {
1467 zend_string_release_ex(http_buf, 0);
1468 }
1469 return NULL;
1470 }
1471
1472 if (http_buf) {
1473 http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0);
1474 } else {
1475 http_buf = zend_string_alloc(buf_size, 0);
1476 }
1477
1478 while (len_size < buf_size) {
1479 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size);
1480 if (len_read <= 0) {
1481 /* Error or EOF */
1482 done = TRUE;
1483 break;
1484 }
1485 len_size += len_read;
1486 http_buf_size += len_read;
1487 }
1488
1489 /* Eat up '\r' '\n' */
1490 ch = php_stream_getc(stream);
1491 if (ch == '\r') {
1492 ch = php_stream_getc(stream);
1493 }
1494 if (ch != '\n') {
1495 /* Something wrong in chunked encoding */
1496 if (http_buf) {
1497 zend_string_release_ex(http_buf, 0);
1498 }
1499 return NULL;
1500 }
1501 }
1502 } else {
1503 /* Something wrong in chunked encoding */
1504 if (http_buf) {
1505 zend_string_release_ex(http_buf, 0);
1506 }
1507 return NULL;
1508 }
1509 if (buf_size == 0) {
1510 done = TRUE;
1511 }
1512 }
1513
1514 /* Ignore trailer headers */
1515 while (1) {
1516 if (!php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1517 break;
1518 }
1519
1520 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1521 (headerbuf[0] == '\n')) {
1522 /* empty line marks end of headers */
1523 break;
1524 }
1525 }
1526
1527 if (http_buf == NULL) {
1528 return ZSTR_EMPTY_ALLOC();
1529 }
1530
1531 } else if (header_length) {
1532 if (header_length < 0 || header_length >= INT_MAX) {
1533 return NULL;
1534 }
1535 http_buf = zend_string_alloc(header_length, 0);
1536 while (http_buf_size < header_length) {
1537 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, header_length - http_buf_size);
1538 if (len_read <= 0) {
1539 break;
1540 }
1541 http_buf_size += len_read;
1542 }
1543 } else if (header_close) {
1544 do {
1545 ssize_t len_read;
1546 if (http_buf) {
1547 http_buf = zend_string_realloc(http_buf, http_buf_size + 4096, 0);
1548 } else {
1549 http_buf = zend_string_alloc(4096, 0);
1550 }
1551 len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096);
1552 if (len_read > 0) {
1553 http_buf_size += len_read;
1554 }
1555 } while(!php_stream_eof(stream));
1556 } else {
1557 return NULL;
1558 }
1559
1560 http_buf->val[http_buf_size] = '\0';
1561 http_buf->len = http_buf_size;
1562 return http_buf;
1563 }
1564
get_http_headers(php_stream * stream)1565 static zend_string *get_http_headers(php_stream *stream)
1566 {
1567 smart_str tmp_response = {0};
1568 char headerbuf[8192];
1569
1570 while (php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1571 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1572 (headerbuf[0] == '\n')) {
1573 /* empty line marks end of headers */
1574 smart_str_0(&tmp_response);
1575 return tmp_response.s;
1576 }
1577
1578 /* add header to collection */
1579 smart_str_appends(&tmp_response, headerbuf);
1580 }
1581
1582 smart_str_free(&tmp_response);
1583 return NULL;
1584 }
1585