From: Operating system: Linux / SLES 10 SP3 PHP version: 5.2.14 Package: SOAP related Bug Type: Bug Bug description:Authentication fails due to incorrect string comparison.
Description: ------------ Hi, PHP5 was updated from 5.2.5 to 5.2.14 a few days ago in SLES 10 SP3 and our SOAP client scripts failed to run after the update giving the error: SoapClient::SoapClient(https://PLACE_SERVERHOSTNAME_HERE:443/dspace- ws1.1/Community?xsd=1): failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized After two days of work I have understood why. In PHP 5.2.11 code was added that strips the authentication credentials from URLs referenced by the WSDL file if they do not match the URL of the WSDL file. The code in question is in php- 5.2.14/ext/soap/php_sdl.c::sdl_set_uri_credentials(). Towards the top of that function the code does: /* check if we load xsd from the same server */ s = strstr(ctx->sdl->source, "://"); if (!s) return; s = strchr(s+3, '/'); l1 = s - ctx->sdl->source; s = strstr((char*)uri, "://"); if (!s) return; s = strchr(s+3, '/'); l2 = s - (char*)uri; if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) { /* another server. clear authentication credentals */ Which causes authentication for us to fail because our WSDL file URL is: https://PLACE_SERVERHOSTNAME_HERE/dspace-ws1.1/Community?wsdl whilst the XSD referenced inside the WSDL file is https://PLACE_SERVERHOSTNAME_HERE:443/dspace- ws1.1/Community?xsd=1 so the above string comparison fails. And indeed if I edit our WSDL URL to include the :443 our scripts work again so that is a work around for this problem. However I believe this is a bug. The code should be checking for the server name only, not including the port number. It makes no sense to check the port number. So perhaps it should search for ':' and for '/' and use the first one found (obviously cannot just search for ':' as that would fail to work for URLs that do not specify a port number). Best regards, Anton Test script: --------------- <?php # This fails: $communityWsdl = 'https://PLACE_SERVERHOSTNAME_HERE/dspace-ws1.1/Community?wsdl'; # This works: #$communityWsdl = 'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?wsdl'; # Where the WSDL contains this line: # <xsd:import namespace="http://service.webservice.app.dspace.org/" schemaLocation="https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1"/> $options = array('login' => "PLACE_USERNAME_HERE", 'password' => "PLACE_PASSWORD_HERE", 'authentication' => SOAP_AUTHENTICATION_BASIC, 'connection_timeout' => 40, 'trace' => 1); try { $communityService = new SoapClient($GLOBALS['communityWsdl'], $GLOBALS['options']); } catch (SoapFault $exception) { fprintf(STDERR, $exception . "\n"); exit(1); } ?> Expected result: ---------------- Have a valid SoapClient object returned. Actual result: -------------- PHP Warning: SoapClient::SoapClient(https://PLACE_SERVERHOSTNAME_HERE:443/dspace- ws1.1/Community?xsd=1): failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized in /usr/share/sms/dspace/sms-list-communities.php on line 15 PHP Warning: SoapClient::SoapClient(): I/O warning : failed to load external entity "https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1" in /usr/share/sms/dspace/sms-list-communities.php on line 15 PHP Fatal error: SOAP-ERROR: Parsing Schema: can't import schema from 'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1' in /usr/share/sms/dspace/sms-list-communities.php on line 15 SoapFault exception: [WSDL] SOAP-ERROR: Parsing Schema: can't import schema from 'https://PLACE_SERVERHOSTNAME_HERE:443/dspace-ws1.1/Community?xsd=1' in /usr/share/sms/dspace/sms-list-communities.php:15 Stack trace: #0 /usr/share/sms/dspace/sms-list-communities.php(15): SoapClient- >SoapClient('https://soapbox...', Array) #1 {main} -- Edit bug report at http://bugs.php.net/bug.php?id=52893&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=52893&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=52893&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=52893&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=52893&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=52893&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=52893&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=52893&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=52893&r=needscript Try newer version: http://bugs.php.net/fix.php?id=52893&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=52893&r=support Expected behavior: http://bugs.php.net/fix.php?id=52893&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=52893&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=52893&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=52893&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52893&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=52893&r=dst IIS Stability: http://bugs.php.net/fix.php?id=52893&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=52893&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=52893&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=52893&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=52893&r=mysqlcfg