1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Brad Lafountain <rodif_bl@yahoo.com> |
14 | Shane Caraveo <shane@caraveo.com> |
15 | Dmitry Stogov <dmitry@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include "php_soap.h"
20 #include "ext/standard/base64.h"
21 #include "ext/standard/md5.h"
22 #include "ext/random/php_random.h"
23 #include "ext/hash/php_hash.h"
24
25 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len);
26 static char *get_http_header_value(char *headers, char *type);
27 static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
28 static zend_string *get_http_headers(php_stream *socketd);
29
30 #define smart_str_append_const(str, const) \
31 smart_str_appendl(str,const,sizeof(const)-1)
32
33 /* Proxy HTTP Authentication */
proxy_authentication(zval * this_ptr,smart_str * soap_headers)34 int proxy_authentication(zval* this_ptr, smart_str* soap_headers)
35 {
36 zval *login = Z_CLIENT_PROXY_LOGIN_P(this_ptr);
37 if (Z_TYPE_P(login) == IS_STRING) {
38 smart_str auth = {0};
39 smart_str_append(&auth, Z_STR_P(login));
40 smart_str_appendc(&auth, ':');
41
42 zval *password = Z_CLIENT_PROXY_PASSWORD_P(this_ptr);
43 if (Z_TYPE_P(password) == IS_STRING) {
44 smart_str_append(&auth, Z_STR_P(password));
45 }
46 smart_str_0(&auth);
47 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
48 smart_str_append_const(soap_headers, "Proxy-Authorization: Basic ");
49 smart_str_append(soap_headers, buf);
50 smart_str_append_const(soap_headers, "\r\n");
51 zend_string_release_ex(buf, 0);
52 smart_str_free(&auth);
53 return 1;
54 }
55 return 0;
56 }
57
58 /* HTTP Authentication */
basic_authentication(zval * this_ptr,smart_str * soap_headers)59 int basic_authentication(zval* this_ptr, smart_str* soap_headers)
60 {
61 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
62 zval *use_digest = Z_CLIENT_USE_DIGEST_P(this_ptr);
63 if (Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(use_digest) != IS_TRUE) {
64 smart_str auth = {0};
65 smart_str_append(&auth, Z_STR_P(login));
66 smart_str_appendc(&auth, ':');
67
68 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
69 if (Z_TYPE_P(password) == IS_STRING) {
70 smart_str_append(&auth, Z_STR_P(password));
71 }
72 smart_str_0(&auth);
73 zend_string *buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
74 smart_str_append_const(soap_headers, "Authorization: Basic ");
75 smart_str_append(soap_headers, buf);
76 smart_str_append_const(soap_headers, "\r\n");
77 zend_string_release_ex(buf, 0);
78 smart_str_free(&auth);
79 return 1;
80 }
81 return 0;
82 }
83
84 /* Additional HTTP headers */
http_context_headers(php_stream_context * context,bool has_authorization,bool has_proxy_authorization,bool has_cookies,smart_str * soap_headers)85 void http_context_headers(php_stream_context* context,
86 bool has_authorization,
87 bool has_proxy_authorization,
88 bool has_cookies,
89 smart_str* soap_headers)
90 {
91 zval *tmp;
92
93 if (context &&
94 (tmp = php_stream_context_get_option(context, "http", "header")) != NULL &&
95 Z_TYPE_P(tmp) == IS_STRING && Z_STRLEN_P(tmp)) {
96 char *s = Z_STRVAL_P(tmp);
97 char *p;
98 int name_len;
99
100 while (*s) {
101 /* skip leading newlines and spaces */
102 while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n') {
103 s++;
104 }
105 /* extract header name */
106 p = s;
107 name_len = -1;
108 while (*p) {
109 if (*p == ':') {
110 if (name_len < 0) name_len = p - s;
111 break;
112 } else if (*p == ' ' || *p == '\t') {
113 if (name_len < 0) name_len = p - s;
114 } else if (*p == '\r' || *p == '\n') {
115 break;
116 }
117 p++;
118 }
119 if (*p == ':') {
120 /* extract header value */
121 while (*p && *p != '\r' && *p != '\n') {
122 p++;
123 }
124 /* skip some predefined headers */
125 if ((name_len != sizeof("host")-1 ||
126 strncasecmp(s, "host", sizeof("host")-1) != 0) &&
127 (name_len != sizeof("connection")-1 ||
128 strncasecmp(s, "connection", sizeof("connection")-1) != 0) &&
129 (name_len != sizeof("user-agent")-1 ||
130 strncasecmp(s, "user-agent", sizeof("user-agent")-1) != 0) &&
131 (name_len != sizeof("content-length")-1 ||
132 strncasecmp(s, "content-length", sizeof("content-length")-1) != 0) &&
133 (name_len != sizeof("content-type")-1 ||
134 strncasecmp(s, "content-type", sizeof("content-type")-1) != 0) &&
135 (!has_cookies ||
136 name_len != sizeof("cookie")-1 ||
137 strncasecmp(s, "cookie", sizeof("cookie")-1) != 0) &&
138 (!has_authorization ||
139 name_len != sizeof("authorization")-1 ||
140 strncasecmp(s, "authorization", sizeof("authorization")-1) != 0) &&
141 (!has_proxy_authorization ||
142 name_len != sizeof("proxy-authorization")-1 ||
143 strncasecmp(s, "proxy-authorization", sizeof("proxy-authorization")-1) != 0)) {
144 /* add header */
145 smart_str_appendl(soap_headers, s, p-s);
146 smart_str_append_const(soap_headers, "\r\n");
147 }
148 }
149 s = (*p) ? (p + 1) : p;
150 }
151 }
152 }
153
http_connect(zval * this_ptr,php_url * phpurl,int use_ssl,php_stream_context * context,int * use_proxy)154 static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, php_stream_context *context, int *use_proxy)
155 {
156 php_stream *stream;
157 zval *tmp, ssl_proxy_peer_name;
158 char *host;
159 char *name;
160 char *protocol;
161 zend_long namelen;
162 int port;
163 int old_error_reporting;
164 struct timeval tv;
165 struct timeval *timeout = NULL;
166
167 zval *proxy_host = Z_CLIENT_PROXY_HOST_P(this_ptr);
168 zval *proxy_port = Z_CLIENT_PROXY_PORT_P(this_ptr);
169 if (Z_TYPE_P(proxy_host) == IS_STRING && Z_TYPE_P(proxy_port) == IS_LONG) {
170 host = Z_STRVAL_P(proxy_host);
171 port = Z_LVAL_P(proxy_port);
172 *use_proxy = 1;
173 } else {
174 host = ZSTR_VAL(phpurl->host);
175 port = phpurl->port;
176 }
177
178 tmp = Z_CLIENT_CONNECTION_TIMEOUT_P(this_ptr);
179 if (Z_TYPE_P(tmp) == IS_LONG && Z_LVAL_P(tmp) > 0) {
180 tv.tv_sec = Z_LVAL_P(tmp);
181 tv.tv_usec = 0;
182 timeout = &tv;
183 }
184
185 old_error_reporting = EG(error_reporting);
186 EG(error_reporting) &= ~(E_WARNING|E_NOTICE|E_USER_WARNING|E_USER_NOTICE);
187
188 /* Changed ternary operator to an if/else so that additional comparisons can be done on the ssl_method property */
189 if (use_ssl && !*use_proxy) {
190 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
191 if (Z_TYPE_P(tmp) == IS_LONG) {
192 /* uses constants declared in soap.c to determine ssl uri protocol */
193 switch (Z_LVAL_P(tmp)) {
194 case SOAP_SSL_METHOD_TLS:
195 protocol = "tls";
196 break;
197
198 case SOAP_SSL_METHOD_SSLv2:
199 protocol = "sslv2";
200 break;
201
202 case SOAP_SSL_METHOD_SSLv3:
203 protocol = "sslv3";
204 break;
205
206 case SOAP_SSL_METHOD_SSLv23:
207 protocol = "ssl";
208 break;
209
210 default:
211 protocol = "ssl";
212 break;
213
214 }
215 } else {
216 protocol = "ssl";
217 }
218 } else {
219 protocol = "tcp";
220 }
221
222 namelen = spprintf(&name, 0, "%s://%s:%d", protocol, host, port);
223
224 stream = php_stream_xport_create(name, namelen,
225 REPORT_ERRORS,
226 STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
227 NULL /*persistent_id*/,
228 timeout,
229 context,
230 NULL, NULL);
231 efree(name);
232
233 /* SSL & proxy */
234 if (stream && *use_proxy && use_ssl) {
235 smart_str soap_headers = {0};
236
237 /* Set peer_name or name verification will try to use the proxy server name */
238 if (!context || (tmp = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
239 ZVAL_STR_COPY(&ssl_proxy_peer_name, phpurl->host);
240 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
241 zval_ptr_dtor(&ssl_proxy_peer_name);
242 }
243
244 smart_str_append_const(&soap_headers, "CONNECT ");
245 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
246 smart_str_appendc(&soap_headers, ':');
247 smart_str_append_unsigned(&soap_headers, phpurl->port);
248 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
249 smart_str_append_const(&soap_headers, "Host: ");
250 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
251 if (phpurl->port != 80) {
252 smart_str_appendc(&soap_headers, ':');
253 smart_str_append_unsigned(&soap_headers, phpurl->port);
254 }
255 smart_str_append_const(&soap_headers, "\r\n");
256 proxy_authentication(this_ptr, &soap_headers);
257 smart_str_append_const(&soap_headers, "\r\n");
258 if (php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)) != ZSTR_LEN(soap_headers.s)) {
259 php_stream_close(stream);
260 stream = NULL;
261 }
262 smart_str_free(&soap_headers);
263
264 if (stream) {
265 zend_string *http_headers = get_http_headers(stream);
266 if (http_headers) {
267 zend_string_free(http_headers);
268 } else {
269 php_stream_close(stream);
270 stream = NULL;
271 }
272 }
273 /* enable SSL transport layer */
274 if (stream) {
275 /* if a stream is created without encryption, check to see if SSL method parameter is specified and use
276 proper encrypyion method based on constants defined in soap.c */
277 int crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
278 tmp = Z_CLIENT_SSL_METHOD_P(this_ptr);
279 if (Z_TYPE_P(tmp) == IS_LONG) {
280 switch (Z_LVAL_P(tmp)) {
281 case SOAP_SSL_METHOD_TLS:
282 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
283 break;
284
285 case SOAP_SSL_METHOD_SSLv2:
286 crypto_method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
287 break;
288
289 case SOAP_SSL_METHOD_SSLv3:
290 crypto_method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
291 break;
292
293 case SOAP_SSL_METHOD_SSLv23:
294 crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
295 break;
296
297 default:
298 crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
299 break;
300 }
301 }
302 if (php_stream_xport_crypto_setup(stream, crypto_method, NULL) < 0 ||
303 php_stream_xport_crypto_enable(stream, 1) < 0) {
304 php_stream_close(stream);
305 stream = NULL;
306 }
307 }
308 }
309
310 EG(error_reporting) = old_error_reporting;
311 return stream;
312 }
313
in_domain(const char * host,const char * domain)314 static int in_domain(const char *host, const char *domain)
315 {
316 if (domain[0] == '.') {
317 int l1 = strlen(host);
318 int l2 = strlen(domain);
319 if (l1 > l2) {
320 return strcmp(host+l1-l2,domain) == 0;
321 } else {
322 return 0;
323 }
324 } else {
325 return strcmp(host,domain) == 0;
326 }
327 }
328
make_http_soap_request(zval * this_ptr,zend_string * buf,char * location,char * soapaction,int soap_version,zval * return_value)329 int make_http_soap_request(zval *this_ptr,
330 zend_string *buf,
331 char *location,
332 char *soapaction,
333 int soap_version,
334 zval *return_value)
335 {
336 zend_string *request;
337 smart_str soap_headers = {0};
338 smart_str soap_headers_z = {0};
339 size_t err;
340 php_url *phpurl = NULL;
341 php_stream *stream;
342 zval *tmp;
343 int use_proxy = 0;
344 int use_ssl;
345 zend_string *http_body;
346 char *content_type, *http_version, *cookie_itt;
347 size_t cookie_len;
348 int http_close;
349 zend_string *http_headers;
350 char *connection;
351 int http_1_1;
352 int http_status;
353 int content_type_xml = 0;
354 zend_long redirect_max = 20;
355 char *content_encoding;
356 char *http_msg = NULL;
357 bool old_allow_url_fopen;
358 php_stream_context *context = NULL;
359 bool has_authorization = 0;
360 bool has_proxy_authorization = 0;
361 bool has_cookies = 0;
362
363 if (this_ptr == NULL || Z_TYPE_P(this_ptr) != IS_OBJECT) {
364 return FALSE;
365 }
366
367 request = buf;
368 /* Compress request */
369 tmp = Z_CLIENT_COMPRESSION_P(this_ptr);
370 if (Z_TYPE_P(tmp) == IS_LONG) {
371 int level = Z_LVAL_P(tmp) & 0x0f;
372 int kind = Z_LVAL_P(tmp) & SOAP_COMPRESSION_DEFLATE;
373
374 if (level > 9) {level = 9;}
375
376 if ((Z_LVAL_P(tmp) & SOAP_COMPRESSION_ACCEPT) != 0) {
377 smart_str_append_const(&soap_headers_z,"Accept-Encoding: gzip, deflate\r\n");
378 }
379 if (level > 0) {
380 zval func;
381 zval retval;
382 zval params[3];
383 int n;
384
385 ZVAL_STR_COPY(¶ms[0], buf);
386 ZVAL_LONG(¶ms[1], level);
387 if (kind == SOAP_COMPRESSION_DEFLATE) {
388 n = 2;
389 ZVAL_STRING(&func, "gzcompress");
390 smart_str_append_const(&soap_headers_z,"Content-Encoding: deflate\r\n");
391 } else {
392 n = 3;
393 ZVAL_STRING(&func, "gzencode");
394 smart_str_append_const(&soap_headers_z,"Content-Encoding: gzip\r\n");
395 ZVAL_LONG(¶ms[2], 0x1f);
396 }
397 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, n, params) == SUCCESS &&
398 Z_TYPE(retval) == IS_STRING) {
399 zval_ptr_dtor(¶ms[0]);
400 zval_ptr_dtor(&func);
401 request = Z_STR(retval);
402 } else {
403 zval_ptr_dtor(¶ms[0]);
404 zval_ptr_dtor(&func);
405 if (request != buf) {
406 zend_string_release_ex(request, 0);
407 }
408 smart_str_free(&soap_headers_z);
409 return FALSE;
410 }
411 }
412 }
413
414 tmp = Z_CLIENT_HTTPSOCKET_P(this_ptr);
415 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
416 php_stream_from_zval_no_verify(stream,tmp);
417 tmp = Z_CLIENT_USE_PROXY_P(this_ptr);
418 if (Z_TYPE_P(tmp) == IS_LONG) {
419 use_proxy = Z_LVAL_P(tmp);
420 }
421 } else {
422 stream = NULL;
423 }
424
425 if (location != NULL && location[0] != '\000') {
426 phpurl = php_url_parse(location);
427 }
428
429 tmp = Z_CLIENT_STREAM_CONTEXT_P(this_ptr);
430 if (Z_TYPE_P(tmp) == IS_RESOURCE) {
431 context = php_stream_context_from_zval(tmp, 0);
432 }
433
434 if (context &&
435 (tmp = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
436 if (Z_TYPE_P(tmp) != IS_STRING || !is_numeric_string(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &redirect_max, NULL, 1)) {
437 if (Z_TYPE_P(tmp) == IS_LONG)
438 redirect_max = Z_LVAL_P(tmp);
439 }
440 }
441
442 try_again:
443 if (phpurl == NULL || phpurl->host == NULL) {
444 if (phpurl != NULL) {php_url_free(phpurl);}
445 if (request != buf) {
446 zend_string_release_ex(request, 0);
447 }
448 add_soap_fault(this_ptr, "HTTP", "Unable to parse URL", NULL, NULL);
449 smart_str_free(&soap_headers_z);
450 return FALSE;
451 }
452
453 use_ssl = 0;
454 if (phpurl->scheme != NULL && zend_string_equals_literal(phpurl->scheme, "https")) {
455 use_ssl = 1;
456 } else if (phpurl->scheme == NULL || !zend_string_equals_literal(phpurl->scheme, "http")) {
457 php_url_free(phpurl);
458 if (request != buf) {
459 zend_string_release_ex(request, 0);
460 }
461 add_soap_fault(this_ptr, "HTTP", "Unknown protocol. Only http and https are allowed.", NULL, NULL);
462 smart_str_free(&soap_headers_z);
463 return FALSE;
464 }
465
466 old_allow_url_fopen = PG(allow_url_fopen);
467 PG(allow_url_fopen) = 1;
468 if (use_ssl && php_stream_locate_url_wrapper("https://", NULL, STREAM_LOCATE_WRAPPERS_ONLY) == NULL) {
469 php_url_free(phpurl);
470 if (request != buf) {
471 zend_string_release_ex(request, 0);
472 }
473 add_soap_fault(this_ptr, "HTTP", "SSL support is not available in this build", NULL, NULL);
474 PG(allow_url_fopen) = old_allow_url_fopen;
475 smart_str_free(&soap_headers_z);
476 return FALSE;
477 }
478
479 if (phpurl->port == 0) {
480 phpurl->port = use_ssl ? 443 : 80;
481 }
482
483 /* Check if request to the same host */
484 if (stream != NULL) {
485 php_url *orig;
486 tmp = Z_CLIENT_HTTPURL_P(this_ptr);
487 if (Z_TYPE_P(tmp) == IS_RESOURCE &&
488 (orig = (php_url *) zend_fetch_resource_ex(tmp, "httpurl", le_url)) != NULL &&
489 ((use_proxy && !use_ssl) ||
490 (((use_ssl && orig->scheme != NULL && zend_string_equals_literal(orig->scheme, "https")) ||
491 (!use_ssl && orig->scheme == NULL) ||
492 (!use_ssl && !zend_string_equals_literal(orig->scheme, "https"))) &&
493 zend_string_equals(orig->host, phpurl->host) &&
494 orig->port == phpurl->port))) {
495 } else {
496 php_stream_close(stream);
497 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
498 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
499 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
500 stream = NULL;
501 use_proxy = 0;
502 }
503 }
504
505 /* Check if keep-alive connection is still opened */
506 if (stream != NULL && php_stream_eof(stream)) {
507 php_stream_close(stream);
508 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
509 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
510 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
511 stream = NULL;
512 use_proxy = 0;
513 }
514
515 if (!stream) {
516 stream = http_connect(this_ptr, phpurl, use_ssl, context, &use_proxy);
517 if (stream) {
518 php_stream_auto_cleanup(stream);
519 ZVAL_RES(Z_CLIENT_HTTPSOCKET_P(this_ptr), stream->res);
520 GC_ADDREF(stream->res);
521 ZVAL_LONG(Z_CLIENT_USE_PROXY_P(this_ptr), use_proxy);
522 } else {
523 php_url_free(phpurl);
524 if (request != buf) {
525 zend_string_release_ex(request, 0);
526 }
527 add_soap_fault(this_ptr, "HTTP", "Could not connect to host", NULL, NULL);
528 PG(allow_url_fopen) = old_allow_url_fopen;
529 smart_str_free(&soap_headers_z);
530 return FALSE;
531 }
532 }
533 PG(allow_url_fopen) = old_allow_url_fopen;
534
535 if (stream) {
536 zval *cookies, *login, *password;
537 zend_resource *ret = zend_register_resource(phpurl, le_url);
538 ZVAL_RES(Z_CLIENT_HTTPURL_P(this_ptr), ret);
539 GC_ADDREF(ret);
540
541 if (context &&
542 (tmp = php_stream_context_get_option(context, "http", "protocol_version")) != NULL &&
543 Z_TYPE_P(tmp) == IS_DOUBLE &&
544 Z_DVAL_P(tmp) == 1.0) {
545 http_1_1 = 0;
546 } else {
547 http_1_1 = 1;
548 }
549
550 smart_str_append_const(&soap_headers, "POST ");
551 if (use_proxy && !use_ssl) {
552 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->scheme));
553 smart_str_append_const(&soap_headers, "://");
554 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
555 smart_str_appendc(&soap_headers, ':');
556 smart_str_append_unsigned(&soap_headers, phpurl->port);
557 }
558 if (phpurl->path) {
559 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
560 } else {
561 smart_str_appendc(&soap_headers, '/');
562 }
563 if (phpurl->query) {
564 smart_str_appendc(&soap_headers, '?');
565 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
566 }
567 if (phpurl->fragment) {
568 smart_str_appendc(&soap_headers, '#');
569 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
570 }
571 if (http_1_1) {
572 smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
573 } else {
574 smart_str_append_const(&soap_headers, " HTTP/1.0\r\n");
575 }
576 smart_str_append_const(&soap_headers, "Host: ");
577 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->host));
578 if (phpurl->port != (use_ssl?443:80)) {
579 smart_str_appendc(&soap_headers, ':');
580 smart_str_append_unsigned(&soap_headers, phpurl->port);
581 }
582 if (!http_1_1 || Z_TYPE_P(Z_CLIENT_KEEP_ALIVE_P(this_ptr)) == IS_FALSE) {
583 smart_str_append_const(&soap_headers, "\r\n"
584 "Connection: close\r\n");
585 } else {
586 smart_str_append_const(&soap_headers, "\r\n"
587 "Connection: Keep-Alive\r\n");
588 }
589 tmp = Z_CLIENT_USER_AGENT_P(this_ptr);
590 if (Z_TYPE_P(tmp) == IS_STRING) {
591 if (Z_STRLEN_P(tmp) > 0) {
592 smart_str_append_const(&soap_headers, "User-Agent: ");
593 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
594 smart_str_append_const(&soap_headers, "\r\n");
595 }
596 } else if (context &&
597 (tmp = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
598 Z_TYPE_P(tmp) == IS_STRING) {
599 if (Z_STRLEN_P(tmp) > 0) {
600 smart_str_append_const(&soap_headers, "User-Agent: ");
601 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
602 smart_str_append_const(&soap_headers, "\r\n");
603 }
604 } else if (FG(user_agent)) {
605 smart_str_append_const(&soap_headers, "User-Agent: ");
606 smart_str_appends(&soap_headers, FG(user_agent));
607 smart_str_append_const(&soap_headers, "\r\n");
608 } else {
609 smart_str_append_const(&soap_headers, "User-Agent: PHP-SOAP/"PHP_VERSION"\r\n");
610 }
611
612 smart_str_append_smart_str(&soap_headers, &soap_headers_z);
613
614 if (soap_version == SOAP_1_2) {
615 if (context &&
616 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
617 Z_TYPE_P(tmp) == IS_STRING &&
618 Z_STRLEN_P(tmp) > 0
619 ) {
620 smart_str_append_const(&soap_headers, "Content-Type: ");
621 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
622 } else {
623 smart_str_append_const(&soap_headers, "Content-Type: application/soap+xml; charset=utf-8");
624 }
625 if (soapaction) {
626 smart_str_append_const(&soap_headers,"; action=\"");
627 smart_str_appends(&soap_headers, soapaction);
628 smart_str_append_const(&soap_headers,"\"");
629 }
630 smart_str_append_const(&soap_headers,"\r\n");
631 } else {
632 if (context &&
633 (tmp = php_stream_context_get_option(context, "http", "content_type")) != NULL &&
634 Z_TYPE_P(tmp) == IS_STRING &&
635 Z_STRLEN_P(tmp) > 0
636 ) {
637 smart_str_append_const(&soap_headers, "Content-Type: ");
638 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
639 smart_str_append_const(&soap_headers, "\r\n");
640 } else {
641 smart_str_append_const(&soap_headers, "Content-Type: text/xml; charset=utf-8\r\n");
642 }
643 if (soapaction) {
644 smart_str_append_const(&soap_headers, "SOAPAction: \"");
645 smart_str_appends(&soap_headers, soapaction);
646 smart_str_append_const(&soap_headers, "\"\r\n");
647 }
648 }
649 smart_str_append_const(&soap_headers,"Content-Length: ");
650 smart_str_append_long(&soap_headers, request->len);
651 smart_str_append_const(&soap_headers, "\r\n");
652
653 /* HTTP Authentication */
654 login = Z_CLIENT_LOGIN_P(this_ptr);
655 if (Z_TYPE_P(login) == IS_STRING) {
656 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
657
658 has_authorization = 1;
659 if (Z_TYPE_P(digest) == IS_ARRAY) {
660 char HA1[33], HA2[33], response[33], cnonce[33], nc[9];
661 unsigned char nonce[16];
662 PHP_MD5_CTX md5ctx;
663 unsigned char hash[16];
664
665 if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) {
666 ZEND_ASSERT(EG(exception));
667 php_stream_close(stream);
668 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
669 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
670 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
671 smart_str_free(&soap_headers_z);
672 smart_str_free(&soap_headers);
673 return FALSE;
674 }
675
676 php_hash_bin2hex(cnonce, nonce, sizeof(nonce));
677 cnonce[32] = 0;
678
679 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
680 Z_TYPE_P(tmp) == IS_LONG) {
681 Z_LVAL_P(tmp)++;
682 snprintf(nc, sizeof(nc), "%08" ZEND_LONG_FMT_SPEC, Z_LVAL_P(tmp));
683 } else {
684 add_assoc_long(digest, "nc", 1);
685 strcpy(nc, "00000001");
686 }
687
688 PHP_MD5Init(&md5ctx);
689 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(login), Z_STRLEN_P(login));
690 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
691 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
692 Z_TYPE_P(tmp) == IS_STRING) {
693 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
694 }
695 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
696 password = Z_CLIENT_PASSWORD_P(this_ptr);
697 if (Z_TYPE_P(password) == IS_STRING) {
698 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(password), Z_STRLEN_P(password));
699 }
700 PHP_MD5Final(hash, &md5ctx);
701 make_digest(HA1, hash);
702 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
703 Z_TYPE_P(tmp) == IS_STRING &&
704 Z_STRLEN_P(tmp) == sizeof("md5-sess")-1 &&
705 stricmp(Z_STRVAL_P(tmp), "md5-sess") == 0) {
706 PHP_MD5Init(&md5ctx);
707 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
708 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
709 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
710 Z_TYPE_P(tmp) == IS_STRING) {
711 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
712 }
713 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
714 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
715 PHP_MD5Final(hash, &md5ctx);
716 make_digest(HA1, hash);
717 }
718
719 PHP_MD5Init(&md5ctx);
720 PHP_MD5Update(&md5ctx, (unsigned char*)"POST:", sizeof("POST:")-1);
721 if (phpurl->path) {
722 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->path), ZSTR_LEN(phpurl->path));
723 } else {
724 PHP_MD5Update(&md5ctx, (unsigned char*)"/", 1);
725 }
726 if (phpurl->query) {
727 PHP_MD5Update(&md5ctx, (unsigned char*)"?", 1);
728 PHP_MD5Update(&md5ctx, (unsigned char*)ZSTR_VAL(phpurl->query), ZSTR_LEN(phpurl->query));
729 }
730
731 PHP_MD5Final(hash, &md5ctx);
732 make_digest(HA2, hash);
733
734 PHP_MD5Init(&md5ctx);
735 PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
736 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
737 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
738 Z_TYPE_P(tmp) == IS_STRING) {
739 PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
740 }
741 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
742 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
743 Z_TYPE_P(tmp) == IS_STRING) {
744 PHP_MD5Update(&md5ctx, (unsigned char*)nc, 8);
745 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
746 PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
747 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
748 /* TODO: Support for qop="auth-int" */
749 PHP_MD5Update(&md5ctx, (unsigned char*)"auth", sizeof("auth")-1);
750 PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
751 }
752 PHP_MD5Update(&md5ctx, (unsigned char*)HA2, 32);
753 PHP_MD5Final(hash, &md5ctx);
754 make_digest(response, hash);
755
756 smart_str_append_const(&soap_headers, "Authorization: Digest username=\"");
757 smart_str_appendl(&soap_headers, Z_STRVAL_P(login), Z_STRLEN_P(login));
758 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
759 Z_TYPE_P(tmp) == IS_STRING) {
760 smart_str_append_const(&soap_headers, "\", realm=\"");
761 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
762 }
763 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
764 Z_TYPE_P(tmp) == IS_STRING) {
765 smart_str_append_const(&soap_headers, "\", nonce=\"");
766 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
767 }
768 smart_str_append_const(&soap_headers, "\", uri=\"");
769 if (phpurl->path) {
770 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->path));
771 } else {
772 smart_str_appendc(&soap_headers, '/');
773 }
774 if (phpurl->query) {
775 smart_str_appendc(&soap_headers, '?');
776 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->query));
777 }
778 if (phpurl->fragment) {
779 smart_str_appendc(&soap_headers, '#');
780 smart_str_appends(&soap_headers, ZSTR_VAL(phpurl->fragment));
781 }
782 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
783 Z_TYPE_P(tmp) == IS_STRING) {
784 /* TODO: Support for qop="auth-int" */
785 smart_str_append_const(&soap_headers, "\", qop=\"auth");
786 smart_str_append_const(&soap_headers, "\", nc=\"");
787 smart_str_appendl(&soap_headers, nc, 8);
788 smart_str_append_const(&soap_headers, "\", cnonce=\"");
789 smart_str_appendl(&soap_headers, cnonce, 8);
790 }
791 smart_str_append_const(&soap_headers, "\", response=\"");
792 smart_str_appendl(&soap_headers, response, 32);
793 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "opaque", sizeof("opaque")-1)) != NULL &&
794 Z_TYPE_P(tmp) == IS_STRING) {
795 smart_str_append_const(&soap_headers, "\", opaque=\"");
796 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
797 }
798 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
799 Z_TYPE_P(tmp) == IS_STRING) {
800 smart_str_append_const(&soap_headers, "\", algorithm=\"");
801 smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
802 }
803 smart_str_append_const(&soap_headers, "\"\r\n");
804 } else {
805 zend_string *buf;
806
807 smart_str auth = {0};
808 smart_str_append(&auth, Z_STR_P(login));
809 smart_str_appendc(&auth, ':');
810 password = Z_CLIENT_PASSWORD_P(this_ptr);
811 if (Z_TYPE_P(password) == IS_STRING) {
812 smart_str_append(&auth, Z_STR_P(password));
813 }
814 smart_str_0(&auth);
815 buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
816 smart_str_append_const(&soap_headers, "Authorization: Basic ");
817 smart_str_append(&soap_headers, buf);
818 smart_str_append_const(&soap_headers, "\r\n");
819 zend_string_release_ex(buf, 0);
820 smart_str_free(&auth);
821 }
822 }
823
824 /* Proxy HTTP Authentication */
825 if (use_proxy && !use_ssl) {
826 has_proxy_authorization = proxy_authentication(this_ptr, &soap_headers);
827 }
828
829 /* Send cookies along with request */
830 cookies = Z_CLIENT_COOKIES_P(this_ptr);
831 ZEND_ASSERT(Z_TYPE_P(cookies) == IS_ARRAY);
832 if (zend_hash_num_elements(Z_ARRVAL_P(cookies)) != 0 && !HT_IS_PACKED(Z_ARRVAL_P(cookies))) {
833 zval *data;
834 zend_string *key;
835 has_cookies = 1;
836 bool first_cookie = true;
837 smart_str_append_const(&soap_headers, "Cookie: ");
838 ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(cookies), key, data) {
839 if (key && Z_TYPE_P(data) == IS_ARRAY) {
840 zval *value;
841
842 if ((value = zend_hash_index_find(Z_ARRVAL_P(data), 0)) != NULL &&
843 Z_TYPE_P(value) == IS_STRING) {
844 zval *tmp;
845 if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL ||
846 Z_TYPE_P(tmp) != IS_STRING ||
847 strncmp(phpurl->path?ZSTR_VAL(phpurl->path):"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) &&
848 ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL ||
849 Z_TYPE_P(tmp) != IS_STRING ||
850 in_domain(ZSTR_VAL(phpurl->host),Z_STRVAL_P(tmp))) &&
851 (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) {
852 if (!first_cookie) {
853 smart_str_appends(&soap_headers, "; ");
854 }
855 first_cookie = false;
856 smart_str_append(&soap_headers, key);
857 smart_str_appendc(&soap_headers, '=');
858 smart_str_append(&soap_headers, Z_STR_P(value));
859 }
860 }
861 }
862 } ZEND_HASH_FOREACH_END();
863 smart_str_append_const(&soap_headers, "\r\n");
864 }
865
866 http_context_headers(context, has_authorization, has_proxy_authorization, has_cookies, &soap_headers);
867
868 smart_str_append_const(&soap_headers, "\r\n");
869 smart_str_0(&soap_headers);
870 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
871 zval_ptr_dtor(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr));
872 /* Need to copy the string here, as we continue appending to soap_headers below. */
873 ZVAL_STRINGL(Z_CLIENT_LAST_REQUEST_HEADERS_P(this_ptr),
874 ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
875 }
876 smart_str_appendl(&soap_headers, request->val, request->len);
877 smart_str_0(&soap_headers);
878
879 err = php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
880 if (err != ZSTR_LEN(soap_headers.s)) {
881 if (request != buf) {
882 zend_string_release_ex(request, 0);
883 }
884 php_stream_close(stream);
885 convert_to_null(Z_CLIENT_HTTPURL_P(this_ptr));
886 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
887 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
888 add_soap_fault(this_ptr, "HTTP", "Failed Sending HTTP SOAP request", NULL, NULL);
889 smart_str_free(&soap_headers_z);
890 return FALSE;
891 }
892 smart_str_free(&soap_headers);
893 } else {
894 add_soap_fault(this_ptr, "HTTP", "Failed to create stream??", NULL, NULL);
895 smart_str_free(&soap_headers_z);
896 return FALSE;
897 }
898
899 if (!return_value) {
900 php_stream_close(stream);
901 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
902 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
903 smart_str_free(&soap_headers_z);
904 return TRUE;
905 }
906
907 do {
908 http_headers = get_http_headers(stream);
909 if (!http_headers) {
910 if (request != buf) {
911 zend_string_release_ex(request, 0);
912 }
913 php_stream_close(stream);
914 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
915 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
916 add_soap_fault(this_ptr, "HTTP", "Error Fetching http headers", NULL, NULL);
917 smart_str_free(&soap_headers_z);
918 return FALSE;
919 }
920
921 if (Z_TYPE_P(Z_CLIENT_TRACE_P(this_ptr)) == IS_TRUE) {
922 zval_ptr_dtor(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr));
923 ZVAL_STR_COPY(Z_CLIENT_LAST_RESPONSE_HEADERS_P(this_ptr), http_headers);
924 }
925
926 /* Check to see what HTTP status was sent */
927 http_1_1 = 0;
928 http_status = 0;
929 http_version = get_http_header_value(ZSTR_VAL(http_headers), "HTTP/");
930 if (http_version) {
931 char *tmp;
932
933 if (!strncmp(http_version,"1.1", 3)) {
934 http_1_1 = 1;
935 }
936
937 tmp = strstr(http_version," ");
938 if (tmp != NULL) {
939 tmp++;
940 http_status = atoi(tmp);
941 }
942 tmp = strstr(tmp," ");
943 if (tmp != NULL) {
944 tmp++;
945 if (http_msg) {
946 efree(http_msg);
947 }
948 http_msg = estrdup(tmp);
949 }
950 efree(http_version);
951
952 /* Try and get headers again */
953 if (http_status == 100) {
954 zend_string_release_ex(http_headers, 0);
955 }
956 }
957 } while (http_status == 100);
958
959 /* Grab and send back every cookie */
960
961 /* Not going to worry about Path: because
962 we shouldn't be changing urls so path doesn't
963 matter too much
964 */
965 cookie_itt = ZSTR_VAL(http_headers);
966
967 while ((cookie_itt = get_http_header_value_nodup(cookie_itt, "Set-Cookie: ", &cookie_len))) {
968 zval *cookies = Z_CLIENT_COOKIES_P(this_ptr);
969 SEPARATE_ARRAY(cookies);
970
971 char *cookie = estrndup(cookie_itt, cookie_len);
972 char *eqpos = strstr(cookie, "=");
973 char *sempos = strstr(cookie, ";");
974 if (eqpos != NULL && (sempos == NULL || sempos > eqpos)) {
975 smart_str name = {0};
976 int cookie_len;
977 zval zcookie;
978
979 if (sempos != NULL) {
980 cookie_len = sempos-(eqpos+1);
981 } else {
982 cookie_len = strlen(cookie)-(eqpos-cookie)-1;
983 }
984
985 smart_str_appendl(&name, cookie, eqpos - cookie);
986 smart_str_0(&name);
987
988 array_init(&zcookie);
989 add_index_stringl(&zcookie, 0, eqpos + 1, cookie_len);
990
991 if (sempos != NULL) {
992 char *options = cookie + cookie_len+1;
993 while (*options) {
994 while (*options == ' ') {options++;}
995 sempos = strstr(options, ";");
996 if (strstr(options,"path=") == options) {
997 eqpos = options + sizeof("path=")-1;
998 add_index_stringl(&zcookie, 1, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
999 } else if (strstr(options,"domain=") == options) {
1000 eqpos = options + sizeof("domain=")-1;
1001 add_index_stringl(&zcookie, 2, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
1002 } else if (strstr(options,"secure") == options) {
1003 add_index_bool(&zcookie, 3, 1);
1004 }
1005 if (sempos != NULL) {
1006 options = sempos+1;
1007 } else {
1008 break;
1009 }
1010 }
1011 }
1012 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 1)) {
1013 char *t = phpurl->path?ZSTR_VAL(phpurl->path):"/";
1014 char *c = strrchr(t, '/');
1015 if (c) {
1016 add_index_stringl(&zcookie, 1, t, c-t);
1017 }
1018 }
1019 if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 2)) {
1020 add_index_str(&zcookie, 2, phpurl->host);
1021 GC_ADDREF(phpurl->host);
1022 }
1023
1024 zend_symtable_update(Z_ARRVAL_P(cookies), name.s, &zcookie);
1025 smart_str_free(&name);
1026 }
1027
1028 cookie_itt = cookie_itt + cookie_len;
1029 efree(cookie);
1030 }
1031
1032 /* See if the server requested a close */
1033 if (http_1_1) {
1034 http_close = FALSE;
1035 if (use_proxy && !use_ssl) {
1036 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1037 if (connection) {
1038 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1039 http_close = TRUE;
1040 }
1041 efree(connection);
1042 }
1043 }
1044 if (http_close == FALSE) {
1045 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1046 if (connection) {
1047 if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1048 http_close = TRUE;
1049 }
1050 efree(connection);
1051 }
1052 }
1053 } else {
1054 http_close = TRUE;
1055 if (use_proxy && !use_ssl) {
1056 connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1057 if (connection) {
1058 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1059 http_close = FALSE;
1060 }
1061 efree(connection);
1062 }
1063 }
1064 if (http_close == TRUE) {
1065 connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1066 if (connection) {
1067 if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1068 http_close = FALSE;
1069 }
1070 efree(connection);
1071 }
1072 }
1073 }
1074
1075
1076 http_body = get_http_body(stream, http_close, ZSTR_VAL(http_headers));
1077 if (!http_body) {
1078 if (request != buf) {
1079 zend_string_release_ex(request, 0);
1080 }
1081 php_stream_close(stream);
1082 zend_string_release_ex(http_headers, 0);
1083 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1084 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1085 add_soap_fault(this_ptr, "HTTP", "Error Fetching http body, No Content-Length, connection closed or chunked data", NULL, NULL);
1086 if (http_msg) {
1087 efree(http_msg);
1088 }
1089 smart_str_free(&soap_headers_z);
1090 return FALSE;
1091 }
1092
1093 if (request != buf) {
1094 zend_string_release_ex(request, 0);
1095 }
1096
1097 if (http_close) {
1098 php_stream_close(stream);
1099 convert_to_null(Z_CLIENT_HTTPSOCKET_P(this_ptr));
1100 convert_to_null(Z_CLIENT_USE_PROXY_P(this_ptr));
1101 stream = NULL;
1102 }
1103
1104 /* Process HTTP status codes */
1105 if (http_status >= 300 && http_status < 400) {
1106 char *loc;
1107
1108 if ((loc = get_http_header_value(ZSTR_VAL(http_headers), "Location: ")) != NULL) {
1109 php_url *new_url = php_url_parse(loc);
1110
1111 if (new_url != NULL) {
1112 zend_string_release_ex(http_headers, 0);
1113 zend_string_release_ex(http_body, 0);
1114 efree(loc);
1115 if (new_url->scheme == NULL && new_url->path != NULL) {
1116 new_url->scheme = phpurl->scheme ? zend_string_copy(phpurl->scheme) : NULL;
1117 new_url->host = phpurl->host ? zend_string_copy(phpurl->host) : NULL;
1118 new_url->port = phpurl->port;
1119 if (new_url->path && ZSTR_VAL(new_url->path)[0] != '/') {
1120 if (phpurl->path) {
1121 char *t = ZSTR_VAL(phpurl->path);
1122 char *p = strrchr(t, '/');
1123 if (p) {
1124 zend_string *s = zend_string_alloc((p - t) + ZSTR_LEN(new_url->path) + 2, 0);
1125 strncpy(ZSTR_VAL(s), t, (p - t) + 1);
1126 ZSTR_VAL(s)[(p - t) + 1] = 0;
1127 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1128 zend_string_release_ex(new_url->path, 0);
1129 new_url->path = s;
1130 }
1131 } else {
1132 zend_string *s = zend_string_alloc(ZSTR_LEN(new_url->path) + 2, 0);
1133 ZSTR_VAL(s)[0] = '/';
1134 ZSTR_VAL(s)[1] = 0;
1135 strcat(ZSTR_VAL(s), ZSTR_VAL(new_url->path));
1136 zend_string_release_ex(new_url->path, 0);
1137 new_url->path = s;
1138 }
1139 }
1140 }
1141 phpurl = new_url;
1142
1143 if (--redirect_max < 1) {
1144 add_soap_fault(this_ptr, "HTTP", "Redirection limit reached, aborting", NULL, NULL);
1145 smart_str_free(&soap_headers_z);
1146 return FALSE;
1147 }
1148
1149 goto try_again;
1150 }
1151 }
1152 } else if (http_status == 401) {
1153 /* Digest authentication */
1154 zval *digest = Z_CLIENT_DIGEST_P(this_ptr);
1155 zval *login = Z_CLIENT_LOGIN_P(this_ptr);
1156 zval *password = Z_CLIENT_PASSWORD_P(this_ptr);
1157 char *auth = get_http_header_value(ZSTR_VAL(http_headers), "WWW-Authenticate: ");
1158 if (auth && strstr(auth, "Digest") == auth && Z_TYPE_P(digest) != IS_ARRAY
1159 && Z_TYPE_P(login) == IS_STRING && Z_TYPE_P(password) == IS_STRING) {
1160 char *s;
1161 zval digest;
1162
1163 ZVAL_UNDEF(&digest);
1164 s = auth + sizeof("Digest")-1;
1165 while (*s != '\0') {
1166 char *name, *val;
1167 while (*s == ' ') ++s;
1168 name = s;
1169 while (*s != '\0' && *s != '=') ++s;
1170 if (*s == '=') {
1171 *s = '\0';
1172 ++s;
1173 if (*s == '"') {
1174 ++s;
1175 val = s;
1176 while (*s != '\0' && *s != '"') ++s;
1177 } else {
1178 val = s;
1179 while (*s != '\0' && *s != ' ' && *s != ',') ++s;
1180 }
1181 if (*s != '\0') {
1182 if (*s != ',') {
1183 *s = '\0';
1184 ++s;
1185 while (*s != '\0' && *s != ',') ++s;
1186 if (*s != '\0') ++s;
1187 } else {
1188 *s = '\0';
1189 ++s;
1190 }
1191 }
1192 if (Z_TYPE(digest) == IS_UNDEF) {
1193 array_init(&digest);
1194 }
1195 add_assoc_string(&digest, name, val);
1196 }
1197 }
1198
1199 if (Z_TYPE(digest) != IS_UNDEF) {
1200 php_url *new_url = emalloc(sizeof(php_url));
1201
1202 zval_ptr_dtor(Z_CLIENT_DIGEST_P(this_ptr));
1203 ZVAL_COPY_VALUE(Z_CLIENT_DIGEST_P(this_ptr), &digest);
1204
1205 *new_url = *phpurl;
1206 if (phpurl->scheme) phpurl->scheme = zend_string_copy(phpurl->scheme);
1207 if (phpurl->user) phpurl->user = zend_string_copy(phpurl->user);
1208 if (phpurl->pass) phpurl->pass = zend_string_copy(phpurl->pass);
1209 if (phpurl->host) phpurl->host = zend_string_copy(phpurl->host);
1210 if (phpurl->path) phpurl->path = zend_string_copy(phpurl->path);
1211 if (phpurl->query) phpurl->query = zend_string_copy(phpurl->query);
1212 if (phpurl->fragment) phpurl->fragment = zend_string_copy(phpurl->fragment);
1213 phpurl = new_url;
1214
1215 efree(auth);
1216 zend_string_release_ex(http_headers, 0);
1217 zend_string_release_ex(http_body, 0);
1218
1219 goto try_again;
1220 }
1221 }
1222 if (auth) efree(auth);
1223 }
1224 smart_str_free(&soap_headers_z);
1225
1226 /* Check and see if the server even sent a xml document */
1227 content_type = get_http_header_value(ZSTR_VAL(http_headers), "Content-Type: ");
1228 if (content_type) {
1229 char *pos = NULL;
1230 int cmplen;
1231 pos = strstr(content_type,";");
1232 if (pos != NULL) {
1233 cmplen = pos - content_type;
1234 } else {
1235 cmplen = strlen(content_type);
1236 }
1237 if (strncmp(content_type, "text/xml", cmplen) == 0 ||
1238 strncmp(content_type, "application/soap+xml", cmplen) == 0) {
1239 content_type_xml = 1;
1240 /*
1241 if (strncmp(http_body, "<?xml", 5)) {
1242 zval *err;
1243 MAKE_STD_ZVAL(err);
1244 ZVAL_STRINGL(err, http_body, http_body_size, 1);
1245 add_soap_fault(this_ptr, "HTTP", "Didn't receive an xml document", NULL, err);
1246 efree(content_type);
1247 zend_string_release_ex(http_headers, 0);
1248 efree(http_body);
1249 return FALSE;
1250 }
1251 */
1252 }
1253 efree(content_type);
1254 }
1255
1256 /* Decompress response */
1257 content_encoding = get_http_header_value(ZSTR_VAL(http_headers), "Content-Encoding: ");
1258 if (content_encoding) {
1259 zval func;
1260 zval retval;
1261 zval params[1];
1262
1263 /* Warning: the zlib function names are chosen in an unfortunate manner.
1264 * Check zlib.c to see how a function corresponds with a particular format. */
1265 if ((strcmp(content_encoding,"gzip") == 0 ||
1266 strcmp(content_encoding,"x-gzip") == 0) &&
1267 zend_hash_str_exists(EG(function_table), "gzdecode", sizeof("gzdecode")-1)) {
1268 ZVAL_STRING(&func, "gzdecode");
1269 ZVAL_STR_COPY(¶ms[0], http_body);
1270 } else if (strcmp(content_encoding,"deflate") == 0 &&
1271 zend_hash_str_exists(EG(function_table), "gzuncompress", sizeof("gzuncompress")-1)) {
1272 ZVAL_STRING(&func, "gzuncompress");
1273 ZVAL_STR_COPY(¶ms[0], http_body);
1274 } else {
1275 efree(content_encoding);
1276 zend_string_release_ex(http_headers, 0);
1277 zend_string_release_ex(http_body, 0);
1278 if (http_msg) {
1279 efree(http_msg);
1280 }
1281 add_soap_fault(this_ptr, "HTTP", "Unknown Content-Encoding", NULL, NULL);
1282 return FALSE;
1283 }
1284 if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, 1, params) == SUCCESS &&
1285 Z_TYPE(retval) == IS_STRING) {
1286 zval_ptr_dtor(¶ms[0]);
1287 zval_ptr_dtor(&func);
1288 zend_string_release_ex(http_body, 0);
1289 ZVAL_COPY_VALUE(return_value, &retval);
1290 } else {
1291 zval_ptr_dtor(¶ms[0]);
1292 zval_ptr_dtor(&func);
1293 efree(content_encoding);
1294 zend_string_release_ex(http_headers, 0);
1295 zend_string_release_ex(http_body, 0);
1296 add_soap_fault(this_ptr, "HTTP", "Can't uncompress compressed response", NULL, NULL);
1297 if (http_msg) {
1298 efree(http_msg);
1299 }
1300 return FALSE;
1301 }
1302 efree(content_encoding);
1303 } else {
1304 ZVAL_STR(return_value, http_body);
1305 }
1306
1307 zend_string_release_ex(http_headers, 0);
1308
1309 if (http_status >= 400) {
1310 int error = 0;
1311
1312 if (Z_STRLEN_P(return_value) == 0) {
1313 error = 1;
1314 } else if (Z_STRLEN_P(return_value) > 0) {
1315 if (!content_type_xml) {
1316 char *s = Z_STRVAL_P(return_value);
1317
1318 while (*s != '\0' && *s < ' ') {
1319 s++;
1320 }
1321 if (strncmp(s, "<?xml", 5)) {
1322 error = 1;
1323 }
1324 }
1325 }
1326
1327 if (error) {
1328 zval_ptr_dtor(return_value);
1329 ZVAL_UNDEF(return_value);
1330 add_soap_fault(this_ptr, "HTTP", http_msg, NULL, NULL);
1331 efree(http_msg);
1332 return FALSE;
1333 }
1334 }
1335
1336 if (http_msg) {
1337 efree(http_msg);
1338 }
1339
1340 return TRUE;
1341 }
1342
get_http_header_value_nodup(char * headers,char * type,size_t * len)1343 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len)
1344 {
1345 char *pos, *tmp = NULL;
1346 int typelen, headerslen;
1347
1348 typelen = strlen(type);
1349 headerslen = strlen(headers);
1350
1351 /* header `titles' can be lower case, or any case combination, according
1352 * to the various RFC's. */
1353 pos = headers;
1354 do {
1355 /* start of buffer or start of line */
1356 if (strncasecmp(pos, type, typelen) == 0) {
1357 char *eol;
1358
1359 /* match */
1360 tmp = pos + typelen;
1361
1362 /* strip leading whitespace */
1363 while (*tmp == ' ' || *tmp == '\t') {
1364 tmp++;
1365 }
1366
1367 eol = strchr(tmp, '\n');
1368 if (eol == NULL) {
1369 eol = headers + headerslen;
1370 } else if (eol > tmp) {
1371 if (*(eol-1) == '\r') {
1372 eol--;
1373 }
1374
1375 /* strip trailing whitespace */
1376 while (eol > tmp && (*(eol-1) == ' ' || *(eol-1) == '\t')) {
1377 eol--;
1378 }
1379 }
1380
1381 *len = eol - tmp;
1382 return tmp;
1383 }
1384
1385 /* find next line */
1386 pos = strchr(pos, '\n');
1387 if (pos) {
1388 pos++;
1389 }
1390
1391 } while (pos);
1392
1393 return NULL;
1394 }
1395
get_http_header_value(char * headers,char * type)1396 static char *get_http_header_value(char *headers, char *type)
1397 {
1398 size_t len;
1399 char *value;
1400
1401 value = get_http_header_value_nodup(headers, type, &len);
1402
1403 if (value) {
1404 return estrndup(value, len);
1405 }
1406
1407 return NULL;
1408 }
1409
get_http_body(php_stream * stream,int close,char * headers)1410 static zend_string* get_http_body(php_stream *stream, int close, char *headers)
1411 {
1412 zend_string *http_buf = NULL;
1413 char *header;
1414 int header_close = close, header_chunked = 0, header_length = 0, http_buf_size = 0;
1415
1416 if (!close) {
1417 header = get_http_header_value(headers, "Connection: ");
1418 if (header) {
1419 if(!strncasecmp(header, "close", sizeof("close")-1)) header_close = 1;
1420 efree(header);
1421 }
1422 }
1423 header = get_http_header_value(headers, "Transfer-Encoding: ");
1424 if (header) {
1425 if(!strncasecmp(header, "chunked", sizeof("chunked")-1)) header_chunked = 1;
1426 efree(header);
1427 }
1428 header = get_http_header_value(headers, "Content-Length: ");
1429 if (header) {
1430 header_length = atoi(header);
1431 efree(header);
1432 if (!header_length && !header_chunked) {
1433 /* Empty response */
1434 return ZSTR_EMPTY_ALLOC();
1435 }
1436 }
1437
1438 if (header_chunked) {
1439 char ch, done, headerbuf[8192];
1440
1441 done = FALSE;
1442
1443 while (!done) {
1444 int buf_size = 0;
1445
1446 php_stream_gets(stream, headerbuf, sizeof(headerbuf));
1447 if (sscanf(headerbuf, "%x", &buf_size) > 0 ) {
1448 if (buf_size > 0) {
1449 size_t len_size = 0;
1450
1451 if (http_buf_size + buf_size + 1 < 0) {
1452 if (http_buf) {
1453 zend_string_release_ex(http_buf, 0);
1454 }
1455 return NULL;
1456 }
1457
1458 if (http_buf) {
1459 http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0);
1460 } else {
1461 http_buf = zend_string_alloc(buf_size, 0);
1462 }
1463
1464 while (len_size < buf_size) {
1465 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size);
1466 if (len_read <= 0) {
1467 /* Error or EOF */
1468 done = TRUE;
1469 break;
1470 }
1471 len_size += len_read;
1472 http_buf_size += len_read;
1473 }
1474
1475 /* Eat up '\r' '\n' */
1476 ch = php_stream_getc(stream);
1477 if (ch == '\r') {
1478 ch = php_stream_getc(stream);
1479 }
1480 if (ch != '\n') {
1481 /* Something wrong in chunked encoding */
1482 if (http_buf) {
1483 zend_string_release_ex(http_buf, 0);
1484 }
1485 return NULL;
1486 }
1487 }
1488 } else {
1489 /* Something wrong in chunked encoding */
1490 if (http_buf) {
1491 zend_string_release_ex(http_buf, 0);
1492 }
1493 return NULL;
1494 }
1495 if (buf_size == 0) {
1496 done = TRUE;
1497 }
1498 }
1499
1500 /* Ignore trailer headers */
1501 while (1) {
1502 if (!php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1503 break;
1504 }
1505
1506 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1507 (headerbuf[0] == '\n')) {
1508 /* empty line marks end of headers */
1509 break;
1510 }
1511 }
1512
1513 if (http_buf == NULL) {
1514 return ZSTR_EMPTY_ALLOC();
1515 }
1516
1517 } else if (header_length) {
1518 if (header_length < 0 || header_length >= INT_MAX) {
1519 return NULL;
1520 }
1521 http_buf = zend_string_alloc(header_length, 0);
1522 while (http_buf_size < header_length) {
1523 ssize_t len_read = php_stream_read(stream, http_buf->val + http_buf_size, header_length - http_buf_size);
1524 if (len_read <= 0) {
1525 break;
1526 }
1527 http_buf_size += len_read;
1528 }
1529 } else if (header_close) {
1530 do {
1531 ssize_t len_read;
1532 if (http_buf) {
1533 http_buf = zend_string_realloc(http_buf, http_buf_size + 4096, 0);
1534 } else {
1535 http_buf = zend_string_alloc(4096, 0);
1536 }
1537 len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096);
1538 if (len_read > 0) {
1539 http_buf_size += len_read;
1540 }
1541 } while(!php_stream_eof(stream));
1542 } else {
1543 return NULL;
1544 }
1545
1546 http_buf->val[http_buf_size] = '\0';
1547 http_buf->len = http_buf_size;
1548 return http_buf;
1549 }
1550
get_http_headers(php_stream * stream)1551 static zend_string *get_http_headers(php_stream *stream)
1552 {
1553 smart_str tmp_response = {0};
1554 char headerbuf[8192];
1555
1556 while (php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1557 if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1558 (headerbuf[0] == '\n')) {
1559 /* empty line marks end of headers */
1560 smart_str_0(&tmp_response);
1561 return tmp_response.s;
1562 }
1563
1564 /* add header to collection */
1565 smart_str_appends(&tmp_response, headerbuf);
1566 }
1567
1568 smart_str_free(&tmp_response);
1569 return NULL;
1570 }
1571