static void testServerInfo(void) { xmlrpc_env env; xmlrpc_server_info * serverInfoP; xmlrpc_server_info * serverInfo2P; printf(" Running serverInfo tests...\n"); xmlrpc_env_init(&env); serverInfoP = xmlrpc_server_info_new(&env, "testurl"); TEST_NO_FAULT(&env); serverInfo2P = xmlrpc_server_info_copy(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_free(serverInfo2P); /* Fails because we haven't set user/password yet: */ xmlrpc_server_info_allow_auth_basic(&env, serverInfoP); TEST_FAULT(&env, XMLRPC_INTERNAL_ERROR); xmlrpc_server_info_set_basic_auth(&env, serverInfoP, "username", "password"); TEST_NO_FAULT(&env); xmlrpc_server_info_set_user(&env, serverInfoP, "username", "password"); TEST_NO_FAULT(&env); xmlrpc_server_info_allow_auth_basic(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_disallow_auth_basic(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_allow_auth_digest(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_disallow_auth_digest(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_allow_auth_negotiate(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_disallow_auth_negotiate(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_allow_auth_ntlm(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_disallow_auth_ntlm(&env, serverInfoP); TEST_NO_FAULT(&env); xmlrpc_server_info_free(serverInfoP); xmlrpc_env_clean(&env); }
/* * Make an XML-RPC call to methodName. This uses the curl client to make * a connection over SSL using the CA cert that should have been installed * by ipa-client-install. */ static void callRPC(char * user_agent, xmlrpc_env * const envP, xmlrpc_server_info * const serverInfoP, const char * const methodName, xmlrpc_value * const paramArrayP, xmlrpc_value ** const resultPP) { struct xmlrpc_clientparms clientparms; struct xmlrpc_curl_xportparms * curlXportParmsP = NULL; xmlrpc_client * clientP = NULL; memset(&clientparms, 0, sizeof(clientparms)); XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY); curlXportParmsP = malloc(sizeof(*curlXportParmsP)); if (curlXportParmsP == NULL) { xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!")); return; } memset(curlXportParmsP, 0, sizeof(*curlXportParmsP)); /* Have curl do SSL certificate validation */ curlXportParmsP->no_ssl_verifypeer = 0; curlXportParmsP->no_ssl_verifyhost = 0; curlXportParmsP->cainfo = "/etc/ipa/ca.crt"; curlXportParmsP->user_agent = user_agent; /* Enable GSSAPI credentials delegation */ curlXportParmsP->gssapi_delegation = 1; clientparms.transport = "curl"; clientparms.transportparmsP = (struct xmlrpc_xportparms *) curlXportParmsP; clientparms.transportparm_size = XMLRPC_CXPSIZE(gssapi_delegation); xmlrpc_client_create(envP, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION, &clientparms, sizeof(clientparms), &clientP); /* Set up kerberos negotiate authentication in curl. */ xmlrpc_server_info_set_user(envP, serverInfoP, ":", ""); xmlrpc_server_info_allow_auth_negotiate(envP, serverInfoP); /* Perform the XML-RPC call */ if (!envP->fault_occurred) { xmlrpc_client_call2(envP, clientP, serverInfoP, methodName, paramArrayP, resultPP); } /* Cleanup */ xmlrpc_server_info_free(serverInfoP); xmlrpc_client_destroy(clientP); free((void*)clientparms.transportparmsP); }
void xmlrpc_server_info_set_basic_auth(xmlrpc_env * const envP, xmlrpc_server_info * const serverInfoP, const char * const username, const char * const password) { xmlrpc_server_info_set_user(envP, serverInfoP, username, password); if (!envP->fault_occurred) { serverInfoP->allowedAuth.basic = true; serverInfoP->allowedAuth.digest = false; serverInfoP->allowedAuth.gssnegotiate = false; serverInfoP->allowedAuth.ntlm = false; } }
/* * Do any per-module initialization that is separate to each * configured instance of the module. e.g. set up connections * to external databases, read configuration files, set up * dictionary entries, etc. * * If configuration information is given in the config section * that must be referenced in later calls, store a handle to it * in *instance otherwise put a null pointer there. */ static int xmlrpc_instantiate(CONF_SECTION * conf, void **instance) { rlm_xmlrpc_t *data; rlm_xmlrpc_client_t *first_client; rlm_xmlrpc_client_t *client; xmlrpc_env env; struct xmlrpc_clientparms clientParms; struct xmlrpc_curl_xportparms curlParms; int i, error; void (*do_auth) (); /* * Set up a storage area for instance data */ data = rad_malloc(sizeof(*data)); if (!data) { return -1; } memset(data, 0, sizeof(*data)); /* * If the configuration parameters can't be parsed, then * fail. */ if (cf_section_parse(conf, data, module_config) < 0) { free(data); return -1; } *instance = data; #ifdef HAVE_PTHREAD_H pthread_mutex_init(&data->client_mutex, NULL); #endif /* * network_interface parameter cannot be omitted because the * XMLRPC_CXPSIZE macro calcs the size from the first parameter * to the last modified. * Unfortunately is this the order. */ curlParms.network_interface = data->interface; curlParms.no_ssl_verifypeer = data->no_ssl_verify_peer; curlParms.no_ssl_verifyhost = data->no_ssl_verify_host; clientParms.transport = "curl"; clientParms.transportparmsP = &curlParms; clientParms.transportparm_size = XMLRPC_CXPSIZE(no_ssl_verifyhost); /* * Choosing method authentication */ if (strcmp(data->auth_type, "auth_basic") == 0) { do_auth = xmlrpc_server_info_allow_auth_basic; } else if (strcmp(data->auth_type, "auth_digest") == 0) { do_auth = xmlrpc_server_info_allow_auth_digest; } else if (strcmp(data->auth_type, "auth_negotiate") == 0) { do_auth = xmlrpc_server_info_allow_auth_negotiate; } else if (strcmp(data->auth_type, "auth_ntlm") == 0) { do_auth = xmlrpc_server_info_allow_auth_ntlm; } /* * Clients are created into a circular linked list. * Into this cycle we setup clients and server information objects. * Server information contains a method to do html authentication. */ for (i = 0; i < data->xmlrpc_num_socks; i++) { client = rad_malloc(sizeof(*client)); if (!client) { return -1; } memset(client, 0, sizeof(*client)); env = client->env; xmlrpc_env_init(&env); if (i == 0) { data->client = client; first_client = client; xmlrpc_client_setup_global_const(&env); } else { data->client->next = client; data->client = data->client->next; } xmlrpc_client_create(&env, XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION, &clientParms, XMLRPC_CPSIZE(transportparm_size), &client->clientP); error = check_error_and_free(data); if (error != RLM_MODULE_OK) return error; client->serverInfoP = xmlrpc_server_info_new(&env, data->url); error = check_error_and_free(data); if (error != RLM_MODULE_OK) return error; if (strcmp(data->auth_type, "none") != 0) { xmlrpc_server_info_set_user(&env, client->serverInfoP, data->user, data->password); error = check_error_and_free(data); if (error != RLM_MODULE_OK) return error; do_auth(&env, client->serverInfoP); error = check_error_and_free(data); if (error != RLM_MODULE_OK) return error; radlog(L_INFO, "\trlm_xmlrpc: client #%d logged in as %s", i, data->user); } radlog(L_INFO, "\trlm_xmlrpc: client #%d initialized", i); } /* * closing the circular linked list. data->client helds a pointer * to the last client used by a thread. */ data->client->next = first_client; data->client = data->client->next; return 0; }