Shibboleth Developers

["Scott Cantor" <>]

> Anything I can use to parse the SAML POST?

I expect so, it's basically a form submission parser for GET and POST
that returns the name/value pairs. It doesn't address cookies, though
that's usually not too hard to brute force.

By the time I used the code "for real" I had embedded it differently, so
I think this old version doesn't handle multiple parameters with the
same name properly, but it's a small change. Modifying the memory
allocation to use Apache pools or tables or whatever, would also be
pretty easy.

Admittedly, I'd probably use STL containers to avoid all the linked list
stuff today, but the code works.

-- Scott
/* cgiparse.h -- C library for accessing parameters in CGI scripts.
                 Scott Cantor

                 (C) 1995 Ohio State University
*/

#ifndef __CGIPARSE__
#define __CGIPARSE__

#ifdef __cplusplus
extern "C" {
#endif

/* Handle to query information. */
typedef struct Query* HQUERY;

/* Fully parse the query from standard input. */
HQUERY ParseQuery();

/* Free memory associated with query. */
void DeleteQuery(HQUERY hQuery);

/* Get value for a given name. */
const char* QueryValue(HQUERY hQuery, const char* name);

/* Dump name/value pairs to stdout. */
void DumpQuery(HQUERY hQuery);

#ifdef __cplusplus
}
#endif

#endif /* __CGIPARSE__ */
/* cgiparse.c -- C library for accessing parameters in CGI scripts.
                 Scott Cantor

                 (C) 1995 Ohio State University
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "cgiparse.h"

static int bPost=0;
static const char* pch=NULL;

char next_char()
{
    if (bPost)
        return fgetc(stdin);
    else
        return *(pch++);
}

/* Parsing routines modified from NCSA source. */
char *makeword(char *line, char stop)
{
    int x = 0,y;
    char *word = (char *) malloc(sizeof(char) * (strlen(line) + 1));

    for(x=0;((line[x]) && (line[x] != stop));x++)
        word[x] = line[x];

    word[x] = '\0';
    if(line[x])
        ++x;
    y=0;

    while(line[y++] = line[x++]);
    return word;
}

char *fmakeword(char stop, int *cl)
{
    int wsize;
    char *word;
    int ll;

    wsize = 1024;
    ll=0;
    word = (char *) malloc(sizeof(char) * (wsize + 1));

    while(1)
    {
        word[ll] = next_char();
        if(ll==wsize-1)
        {
            word[ll+1] = '\0';
            wsize+=1024;
            word = (char *)realloc(word,sizeof(char)*(wsize+1));
        }
        --(*cl);
        if((word[ll] == stop) || word[ll] == EOF || (!(*cl)))
        {
            if(word[ll] != stop)
                ll++;
            word[ll] = '\0';
            return word;
        }
        ++ll;
    }
}

char x2c(char *what)
{
    register char digit;

    digit = (what[0] >= 'A' ? ((what[0] & 0xdf) - 'A')+10 : (what[0] - '0'));
    digit *= 16;
    digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A')+10 : (what[1] - '0'));
    return(digit);
}

void unescape_url(char *url)
{
    register int x,y;

    for(x=0,y=0;url[y];++x,++y)
    {
        if((url[x] = url[y]) == '%')
        {
            url[x] = x2c(&url[y+1]);
            y+=2;
        }
    }
    url[x] = '\0';
}

void plustospace(char *str)
{
    register int x;

    for(x=0;str[x];x++)
        if(str[x] == '+') str[x] = ' ';
}

typedef struct Query
{
    char* name;
    char* value;
    struct Query* next;
} Query;

HQUERY ParseQuery()
{
    int cl;
    HQUERY hQuery=NULL;
    HQUERY hLast=NULL;

    /* Verify method and content type. */
    if(0==strcmp(getenv("REQUEST_METHOD"),"POST"))
    {
        if 
(0!=strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded"))
            return NULL;
        cl=atoi(getenv("CONTENT_LENGTH"));
        bPost=1;
    }
    else if (0==strcmp(getenv("REQUEST_METHOD"),"GET"))
    {
        pch=getenv("QUERY_STRING");
        if (!pch)
            return NULL;
        cl=strlen(pch);
        bPost=0;
    }
    else
        return NULL;
        
    while (cl && (!bPost || !feof(stdin)))
    {
        if (hQuery==NULL)
        {
            hQuery=malloc(sizeof(Query));
            hQuery->name=hQuery->value=hQuery->next=NULL;
            hLast=hQuery;
        }
        else
        {
            hLast->next=malloc(sizeof(Query));
            hLast=hLast->next;
            hLast->name=hLast->value=hLast->next=NULL;
        }

        /* hLast is now the current block to use. */
        hLast->value=fmakeword('&',&cl);
        plustospace(hLast->value);
        unescape_url(hLast->value);
        hLast->name=makeword(hLast->value,'=');
    }
    return hQuery;
}

void DeleteQuery(HQUERY hQuery)
{
    if (hQuery!=NULL)
    {
        DeleteQuery(hQuery->next);
        free(hQuery->name);
        free(hQuery->value);
    }
}

const char* QueryValue(HQUERY hQuery, const char* name)
{
    while (hQuery)
    {
        if (strcmp(name,hQuery->name)==0)
            return hQuery->value;
        else
            hQuery=hQuery->next;
    }
    return NULL;
}

void DumpQuery(HQUERY hQuery)
{
    while (hQuery)
    {
        printf("%s = %s\n",hQuery->name,hQuery->value);
        hQuery=hQuery->next;
    }
}