Esempio n. 1
0
/**
@fn const char* soap_wsse_get_Username(struct soap *soap)
@brief Returns UsernameToken/username string or wsse:FailedAuthentication fault.
@param soap context
@return UsernameToken/username string or NULL with wsse:FailedAuthentication fault error set
@see soap_wsse_verify_Password

The returned username should be used to lookup the user's password in a
dictionary or database for server-side authentication with
soap_wsse_verify_Password.
*/
const char*
soap_wsse_get_Username(struct soap *soap)
{ _wsse__UsernameToken *token = soap_wsse_UsernameToken(soap, NULL);
  DBGFUN("soap_wsse_get_Username");
  if (token)
    return token->Username;
  soap_wsse_fault(soap, wsse__FailedAuthentication, "Username authentication required");
  return NULL;
}
Esempio n. 2
0
/* Check WS-Security properties of a message */
static int chk_security(struct soap *soap)
{
  X509 *cert = soap_wsse_get_KeyInfo_SecurityTokenReferenceX509(soap);
  char buf[1024];

  if (!cert)
    return soap_wsse_fault(soap, wsse__SecurityTokenUnavailable, NULL);

  /* Certificate must be known to us */
  X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
  if (!strstr(buf, srv_subject) && !strstr(buf, clt_subject))
  {
    fprintf(stderr, "Warning: certificate from %s is unknown\n", buf);

    strncat(buf, ": unrecognized subject name", sizeof(buf)-strlen(buf)-1);
    buf[sizeof(buf)-1] = '\0';

    return soap_wsse_fault(soap, wsse__InvalidSecurityToken, buf);
  }

  /* Valid timestamp required */
  if (soap_wsse_verify_Timestamp(soap))
  {
    soap_wsse_delete_Security(soap);
    return soap->error;
  }

  /* Body must be signed */
  if (soap_wsse_verify_body(soap))
  {
    soap_wsse_delete_Security(soap);
    return soap->error;
  }

  soap_wsse_delete_Security(soap);

  return SOAP_OK;
}
Esempio n. 3
0
/**
@fn int soap_wsse_verify_Password(struct soap *soap, const char *password)
@brief Verifies the supplied password or sets wsse:FailedAuthentication fault.
@param soap context
@param[in] password string to verify against
@return SOAP_OK (authorized) or SOAP_FAULT with wsse:FailedAuthentication fault

The verification supports both clear-text password verification only.

@note
This release supports the use of at most one UsernameToken in the header.
*/
int
soap_wsse_verify_Password(struct soap *soap, const char *password)
{ _wsse__UsernameToken *token = soap_wsse_UsernameToken(soap, NULL);
  DBGFUN("soap_wsse_verify_Password");
  /* if we have a UsernameToken with a Password, check it */
  if (token && token->Password)
  { /* password digest or text? */
    if (token->Password->Type
     && !strcmp(token->Password->Type, wsse_PasswordTextURI))
    { /* check password text */
      if (!strcmp(token->Password->__item, password))
        return SOAP_OK;
    }
  }
  return soap_wsse_fault(soap, wsse__FailedAuthentication, NULL);
}