|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2000.
//
// File: V A L I D A T E S O A P . C P P
//
// Contents: Implementation of SOAP request validation.
//
// Notes:
//
// Author: spather 2000/11/8
//
//----------------------------------------------------------------------------
#include <pch.h>
#pragma hdrstop
#include <httpext.h>
#include "hostp.h"
#include "ncxml.h"
#include "ncbase.h"
#include "ValidateSOAP.h"
const WCHAR CSZ_SOAP_NAMESPACE_URI[] = L"http://schemas.xmlsoap.org/soap/envelope/";const WCHAR CSZ_SOAP_ENCODING_STYLE_URI[] = L"http://schemas.xmlsoap.org/soap/encoding/";
HRESULTHrValidateArguments( IN IXMLDOMNode * pxdnAction, IN IXMLDOMNodeList * pxdnlArgs, IN IUPnPServiceDescriptionInfo * pServiceDescInfo){ HRESULT hr = S_OK; BSTR bstrActionName = NULL;
hr = pxdnAction->get_baseName(&bstrActionName);
if (SUCCEEDED(hr)) { BOOL fIsQueryStateVariable = FALSE; DWORD cInArgs = 0; BSTR * rgbstrNames = NULL; BSTR * rgbstrTypes = NULL;
Assert(bstrActionName);
if (0 == lstrcmpW(bstrActionName, L"QueryStateVariable")) { fIsQueryStateVariable = TRUE; cInArgs = 1; } else { fIsQueryStateVariable = FALSE; hr = pServiceDescInfo->GetInputArgumentNamesAndTypes(bstrActionName, &cInArgs, &rgbstrNames, &rgbstrTypes); }
if (SUCCEEDED(hr)) { long listLength = 0;
hr = pxdnlArgs->get_length(&listLength);
if (SUCCEEDED(hr)) { if ((DWORD)listLength == cInArgs) { if (cInArgs > 0) { for (DWORD i = 0; i < cInArgs; i++) { IXMLDOMNode * pxdnArg = NULL;
hr = pxdnlArgs->get_item(i, &pxdnArg);
if (SUCCEEDED(hr)) { BSTR bstrArgName = NULL;
// Check that the name matches.
Assert(pxdnArg);
hr = pxdnArg->get_baseName(&bstrArgName);
if (SUCCEEDED(hr)) { Assert(bstrArgName);
if (fIsQueryStateVariable) { if (0 == lstrcmpiW(bstrArgName, L"varName"))
{ hr = S_OK; } else { hr = E_FAIL; TraceError("HrValidateArguments(): " "Invalid argument name", hr); } } else { if (0 == lstrcmpiW(bstrArgName, rgbstrNames[i]))
{ hr = S_OK; } else { hr = E_FAIL; TraceError("HrValidateArguments(): " "Invalid argument name", hr); } }
SysFreeString(bstrArgName); } pxdnArg->Release(); } else { TraceError("HrValidateArguments(): " "Failed to get item", hr); } } } } else { hr = E_FAIL; TraceError("HrValidateArguments(): " "Wrong number of input arguments in request", hr); }
} else { TraceError("HrValidateArguments(): " "Failed to get list length", hr); }
if (FALSE == fIsQueryStateVariable) { if (cInArgs > 0) { for (DWORD i = 0; i < cInArgs; i++) { SysFreeString(rgbstrNames[i]); rgbstrNames[i] = NULL; SysFreeString(rgbstrTypes[i]); rgbstrTypes[i] = NULL; } CoTaskMemFree(rgbstrNames); rgbstrNames = NULL; CoTaskMemFree(rgbstrTypes); rgbstrTypes = NULL; } } }
SysFreeString(bstrActionName); } else { TraceError("HrValidateArguments(): " "Failed to get action name", hr); }
TraceError("HrValidateArguments(): " "Exiting", hr); return hr;}
HRESULTHrValidateActionName( IN IXMLDOMNode * pxdnAction, IN LPWSTR szSOAPActionHeader){ HRESULT hr = S_OK; LPWSTR szStrippedHeader = NULL; DWORD cchSOAPActionHeader = 0; LPWSTR szActionName = NULL;
cchSOAPActionHeader = lstrlenW(szSOAPActionHeader);
// Due to bugs in some SOAP implementations (specifically, the URT, not us)
// the SOAPActionHeader may or may not have double-quotes around it. We'll
// just remove them here if they are there (they should be, according to
// the SOAP spec).
if ((L'"' == szSOAPActionHeader[0]) && (L'"' == szSOAPActionHeader[cchSOAPActionHeader-1])) { // Modify the string in place - insert a NULL where the close
// quote is, and start the string 1 character from the beginning.
// Doing it this way, rather than copying the string saves us 1
// memory allocation.
szSOAPActionHeader[cchSOAPActionHeader-1] = UNICODE_NULL; szStrippedHeader = szSOAPActionHeader+1; } else { szStrippedHeader = szSOAPActionHeader; }
// Check that the action name matches the SOAPAction header.
// SOAPAction header is of the form servicetype#actionName.
szActionName = wcsstr(szStrippedHeader, L"#");
if (szActionName) { BSTR bstrActionName = NULL;
szActionName++; // Advance to the character after the "#"
hr = pxdnAction->get_baseName(&bstrActionName);
if (S_OK == hr) { if (0 == lstrcmpiW(bstrActionName, szActionName)) { hr = S_OK;
TraceTag(ttidValidate, "HrValidateActionName(): " "Action node name and SOAPAction header value match!"); } else { hr = E_FAIL; TraceError("HrValidateActionName(): " "Action node name did not match SOAPAction header", hr); }
SysFreeString(bstrActionName); } else { TraceError("HrValidateActionName(): " "Failed to get node name", hr); } } else { hr = E_FAIL; TraceError("HrValidateActionName(): " "SOAPActionHeader did not contain \"#\" character", hr); }
TraceError("HrValidateActionName(): " "Exiting", hr); return hr;}
HRESULTHrValidateBody( IN IXMLDOMNode * pxdnBody, IN IUPnPServiceDescriptionInfo * pServiceDescInfo, IN LPWSTR szSOAPActionHeader){ HRESULT hr = S_OK; IXMLDOMNode * pxdnAction = NULL;
hr = pxdnBody->get_firstChild(&pxdnAction);
if (SUCCEEDED(hr)) { if (pxdnAction) { hr = HrValidateActionName(pxdnAction, szSOAPActionHeader);
if (SUCCEEDED(hr)) { IXMLDOMNodeList * pxdnlArgs = NULL;
hr = pxdnAction->get_childNodes(&pxdnlArgs);
if (SUCCEEDED(hr)) { Assert(pxdnlArgs);
hr = HrValidateArguments(pxdnAction, pxdnlArgs, pServiceDescInfo);
pxdnlArgs->Release(); } }
// Finally, if all the above succeeded, check that the
// action element does not have a sibling (there should
// only be one child of the body element).
if (SUCCEEDED(hr)) { IXMLDOMNode * pxdnSibling = NULL;
hr = pxdnAction->get_nextSibling(&pxdnSibling);
if (S_FALSE == hr) { Assert(NULL == pxdnSibling);
hr = S_OK;
TraceTag(ttidValidate, "HrValidateBody(): " "Body is valid!"); } else { if (SUCCEEDED(hr)) { Assert(pxdnSibling); pxdnSibling->Release(); hr = E_FAIL; TraceError("HrValidateBody(): " "Body element had more than one child", hr); } else { TraceError("HrValidateBody(): " "Failure trying to get next sibling", hr); }
} }
pxdnAction->Release(); } else { hr = E_FAIL; TraceError("HrValidateBody(): " "Body element was empty", hr); } } else { TraceError("HrValidateBody(): " "Failed to get first child of body element", hr); }
TraceError("HrValidateBody(): " "Exiting", hr); return hr;}
HRESULTHrValidateSOAPHeader( IN IXMLDOMNode * pxdnHeader){ HRESULT hr = S_OK; IXMLDOMNode * pxdnChild = NULL;
// A request may have headers as long as none of them have the
// "mustUnderstand" attribute set because we don't understand any
// headers.
hr = pxdnHeader->get_firstChild(&pxdnChild);
while (SUCCEEDED(hr) && pxdnChild) { IXMLDOMNode * pxdnNextSibling = NULL; BSTR bstrMustUnderstand = NULL;
hr = HrGetTextValueFromAttribute(pxdnChild, L"mustUnderstand", &bstrMustUnderstand);
if (SUCCEEDED(hr)) { if (NULL == bstrMustUnderstand) { hr = S_OK; TraceTag(ttidValidate, "HrValidateSOAPHeader(): " "Found header without mustUnderstand attribute - ok!"); } else { if (0 == lstrcmpW(bstrMustUnderstand, L"0")) { hr = S_OK; TraceTag(ttidValidate, "HrValidateSOAPHeader(): " "Found header with mustUnderstand " "attribute == 0 - ok!"); } else if (0 == lstrcmpW(bstrMustUnderstand, L"1")) { hr = E_FAIL; TraceError("HrValidateSOAPHeader(): " "Found header with mustUnderstand attribute set", hr); } else { hr = E_FAIL; TraceError("HrValidateSOAPHeader(): " "Found header with invalid " "mustUnderstand attribute value", hr); }
SysFreeString(bstrMustUnderstand); } } else { TraceError("HrValidateSOAPError(): " "Failed to get mustUnderstand attribute value", hr); }
if (FAILED(hr)) { pxdnChild->Release(); break; }
hr = pxdnChild->get_nextSibling(&pxdnNextSibling); pxdnChild->Release(); pxdnChild = pxdnNextSibling; }
TraceError("HrValidateSOAPHeader(): " "Exiting", hr); return hr;}
HRESULTHrValidateSOAPStructure( IN IXMLDOMNode * pxdnReqEnvelope, IN IUPnPServiceDescriptionInfo * pServiceDescInfo, IN LPWSTR szSOAPActionHeader){ HRESULT hr = S_OK;
if (FIsThisTheNodeNameWithNamespace(pxdnReqEnvelope, L"Envelope", CSZ_SOAP_NAMESPACE_URI)) { IXMLDOMNode * pxdnChild = NULL; BOOL bFoundHeader = FALSE; BOOL bFoundBody = FALSE;
hr = pxdnReqEnvelope->get_firstChild(&pxdnChild);
while (SUCCEEDED(hr) && pxdnChild) { IXMLDOMNode * pxdnNextSibling = NULL;
if (FIsThisTheNodeNameWithNamespace(pxdnChild, L"Header", CSZ_SOAP_NAMESPACE_URI)) { if (FALSE == bFoundHeader) { bFoundHeader = TRUE; hr = HrValidateSOAPHeader(pxdnChild); } else { hr = E_FAIL; TraceError("HrValidateSOAPStructure(): " "Duplicate header element found", hr); } } else if (FIsThisTheNodeNameWithNamespace(pxdnChild, L"Body", CSZ_SOAP_NAMESPACE_URI)) { if (FALSE == bFoundBody) { bFoundBody = TRUE; hr = HrValidateBody(pxdnChild, pServiceDescInfo, szSOAPActionHeader); } else { hr = E_FAIL; TraceError("HrValidateSOAPStructure(): " "Duplicate body element found", hr); } } else { hr = E_FAIL; TraceError("HrValidateSOAPStructure(): " "Unknown element found inside SOAP envelope", hr); }
if (FAILED(hr)) { pxdnChild->Release(); break; }
hr = pxdnChild->get_nextSibling(&pxdnNextSibling); pxdnChild->Release(); pxdnChild = pxdnNextSibling; }
if (SUCCEEDED(hr)) { if (FALSE == bFoundBody) { hr = E_FAIL; TraceError("HrValidateSOAPStrucutre(): " "Request was missing body element", hr); } else { hr = S_OK; TraceTag(ttidValidate, "HrValidateSOAPStructure(): " "SOAP structure is valid!"); } } } else { hr = E_FAIL; TraceError("HrValidateSOAPStructure(): " "Root element is not a SOAP envelope", hr); }
TraceError("HrValidateSOAPStructure(): " "Exiting", hr); return hr;}
HRESULTHrGetSOAPActionHeader( IN LPEXTENSION_CONTROL_BLOCK pecb, OUT LPWSTR * pszSOAPActionHeader){ HRESULT hr = S_OK; LPWSTR szSOAPActionHeader = NULL; CHAR * szaBuffer = NULL; DWORD cbBuffer = 0; BOOL bReturn = FALSE;
// First we need to find the size of buffer we need to get all the HTTP
// headers.
bReturn = pecb->GetServerVariable(pecb->ConnID, "ALL_RAW", szaBuffer, &cbBuffer);
if (FALSE == bReturn) { DWORD dwError = 0;
// Expect to be here - we passed in a null buffer and a zero size,
// in order to find what the real size should be.
dwError = GetLastError();
if (ERROR_INSUFFICIENT_BUFFER == dwError) { Assert(cbBuffer > 0);
szaBuffer = new CHAR[cbBuffer+1];
if (szaBuffer) { bReturn = pecb->GetServerVariable(pecb->ConnID, "ALL_RAW", szaBuffer, &cbBuffer);
if (bReturn) { hr = S_OK; TraceTag(ttidValidate, "HrGetSOAPActionHeader(): " "All HTTP Headers:\n%s", szaBuffer); } else { hr = HrFromLastWin32Error(); TraceError("HrGetSOAPActionHeader(): " "Failed to get all HTTP headers", hr); } } else { hr = E_OUTOFMEMORY; TraceError("HrGetSOAPActionHeader(): " "Failed to allocate buffer for all HTTP headers", hr); }
} else { hr = HrFromLastWin32Error(); TraceError("HrGetSOAPActionHeader(): " "Failed to get buffer size for all HTTP headers", hr); } } else { // Should never be here.
Assert(FALSE); }
if (SUCCEEDED(hr)) { CHAR * szaSOAPActionStart = NULL;
// Convert the buffer to uppercase.
for (DWORD i = 0; i < cbBuffer; i++) { szaBuffer[i] = (CHAR) toupper(szaBuffer[i]); }
// Now we need find the SOAPAction header and get it's value.
szaSOAPActionStart = strstr(szaBuffer, "SOAPACTION:");
if (szaSOAPActionStart) { // Count the number of characters in the value of the header.
DWORD cbSOAPActionHeader = 0; CHAR * szaSOAPActionValueStart = NULL; CHAR * szaTemp = NULL;
szaSOAPActionValueStart = szaSOAPActionStart + strlen("SOAPACTION:");
while (' ' == *szaSOAPActionValueStart || '\t' == *szaSOAPActionValueStart) { szaSOAPActionValueStart++; }
szaTemp = szaSOAPActionValueStart;
while (('\0' != *szaTemp) && ('\r' != *szaTemp) && ('\n' != *szaTemp)) { szaTemp++; cbSOAPActionHeader++; }
if (cbSOAPActionHeader > 0) { CHAR * szaSOAPActionHeader = NULL;
szaSOAPActionHeader = new CHAR[cbSOAPActionHeader + 1];
if (szaSOAPActionHeader) { strncpy(szaSOAPActionHeader, szaSOAPActionValueStart, cbSOAPActionHeader);
szaSOAPActionHeader[cbSOAPActionHeader] = '\0';
szSOAPActionHeader = WszFromSz(szaSOAPActionHeader);
if (szSOAPActionHeader) { hr = S_OK; TraceTag(ttidUDHISAPI, "HrGetSOAPActionHeader(): " "SOAPAction header value is %S", szSOAPActionHeader); } else { hr = E_OUTOFMEMORY; TraceError("HrGetSOAPActionHeader(): " "Failed to allocate memory for " "wide character SOAPAction header", hr); } delete [] szaSOAPActionHeader; } else { hr = E_OUTOFMEMORY; TraceError("HrGetSOAPActionHeader(): " "Failed to allocate memory for SOAPAction header", hr); } } else { hr = E_FAIL; TraceError("HrGetSOAPActionHeader(): " "SOAPAction header had no value", hr); } } else { hr = UPNP_E_MISSING_SOAP_ACTION; TraceError("HrGetSOAPActionHeader(): " "Could not find SOAPAction header", hr); }
}
// Cleanup.
if (szaBuffer) { delete [] szaBuffer; szaBuffer = NULL; }
// Copy the string to the out parameter if succeeded, otherwise
// clean it up.
if (SUCCEEDED(hr)) { *pszSOAPActionHeader = szSOAPActionHeader; } else { // Cleanup.
if (szSOAPActionHeader) { delete [] szSOAPActionHeader; szSOAPActionHeader = NULL; } }
TraceError("HrGetSOAPActionHeader(): " "Exiting", hr); return hr;}
HRESULTHrValidateContentType( IN LPEXTENSION_CONTROL_BLOCK pecb){ HRESULT hr = S_OK; BOOL bReturn = FALSE; const DWORD cdwBufSize = 512; CHAR szaBuffer[cdwBufSize]; DWORD cbBuffer = cdwBufSize; LPCSTR cszaExpectedContentType = "text/xml";
bReturn = pecb->GetServerVariable(pecb->ConnID, "CONTENT_TYPE", szaBuffer, &cbBuffer);
if (bReturn) { Assert(cbBuffer <= cdwBufSize);
if (0 == strncmp(szaBuffer, cszaExpectedContentType, strlen(cszaExpectedContentType))) { hr = S_OK; TraceTag(ttidValidate, "HrValidateContentType(): " "Valid content type %s", szaBuffer); } else { hr = UPNP_E_INVALID_CONTENT_TYPE; TraceTag(ttidValidate, "HrValidateContentType(): " "Invalid content type %s", szaBuffer); } } else { hr = HrFromLastWin32Error(); TraceError("HrValidateContentType(): " "Failed to get content type", hr); }
TraceError("HrValidateContentType(): " "Exiting", hr); return hr;}
//+---------------------------------------------------------------------------
//
// Function: HrValidateSOAPRequest
//
// Purpose: Validates the structure of a SOAP request.
//
// Arguments:
// pxdnReqEnvelope [in] The XML DOM Node for the SOAP envelope element
// pecb [in] The extension control block for the request
// pServiceDescInfo [in] The service description info object for the
// service at which the request is targeted
//
// Returns:
// If the function succeeds, the return value is S_OK. Otherwise, the
// function returns one of the COM error codes defined in WinError.h.
//
// Author: spather 2000/11/8
//
// Notes:
//
HRESULTHrValidateSOAPRequest( IN IXMLDOMNode * pxdnReqEnvelope, IN LPEXTENSION_CONTROL_BLOCK pecb, IN IUPnPServiceDescriptionInfo * pServiceDescInfo){ HRESULT hr = S_OK;
Assert(pxdnReqEnvelope); Assert(pecb); Assert(pServiceDescInfo);
hr = HrValidateContentType(pecb);
if (SUCCEEDED(hr)) { LPWSTR szSOAPActionHeader = NULL;
hr = HrGetSOAPActionHeader(pecb, &szSOAPActionHeader);
if (SUCCEEDED(hr)) { Assert(szSOAPActionHeader);
hr = HrValidateSOAPStructure(pxdnReqEnvelope, pServiceDescInfo, szSOAPActionHeader);
delete [] szSOAPActionHeader; } }
if (E_FAIL == hr) { hr = UPNP_E_BAD_REQUEST; }
TraceError("HrValidateSOAPRequest(): " "Exiting", hr); return hr;}
|
