6 #include <libubox/ustream.h>
7 #include <libubox/ustream-ssl.h>
8 #include <libubox/usock.h>
9 #include <libubox/blobmsg.h>
12 #include "uclient-utils.h"
13 #include "uclient-backend.h"
31 HTTP_STATE_HEADERS_SENT,
32 HTTP_STATE_REQUEST_DONE,
33 HTTP_STATE_RECV_HEADERS,
38 static const char * const request_types[__REQ_MAX] = {
47 struct ustream_ssl_ctx *ssl_ctx;
50 struct ustream_fd ufd;
51 struct ustream_ssl ussl;
53 bool ssl_require_validation;
57 bool connection_close;
58 enum request_type req_type;
59 enum http_state state;
61 enum auth_type auth_type;
69 struct blob_buf headers;
79 static const char * const uclient_http_prefix[] = {
80 [PREFIX_HTTP] = "http://",
81 [PREFIX_HTTPS] = "https://",
85 static int uclient_do_connect(struct uclient_http *uh, const char *port)
90 port = uh->uc.url->port;
92 fd = usock(USOCK_TCP | USOCK_NONBLOCK, uh->uc.url->host, port);
96 ustream_fd_init(&uh->ufd, fd);
100 static void uclient_http_disconnect(struct uclient_http *uh)
106 ustream_free(&uh->ussl.stream);
107 ustream_free(&uh->ufd.stream);
108 close(uh->ufd.fd.fd);
112 static void uclient_http_free_url_state(struct uclient *cl)
114 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
116 uh->auth_type = AUTH_TYPE_UNKNOWN;
119 uclient_http_disconnect(uh);
122 static void uclient_http_error(struct uclient_http *uh, int code)
124 uh->state = HTTP_STATE_ERROR;
126 ustream_state_change(uh->us);
127 uclient_backend_set_error(&uh->uc, code);
130 static void uclient_notify_eof(struct uclient_http *uh)
132 struct ustream *us = uh->us;
135 if (!us->eof && !us->write_error)
138 if (ustream_pending_data(us, false))
142 uclient_backend_set_eof(&uh->uc);
144 if (uh->connection_close)
145 uclient_http_disconnect(uh);
148 static void uclient_http_reset_state(struct uclient_http *uh)
150 uclient_backend_reset_state(&uh->uc);
151 uh->read_chunked = -1;
152 uh->content_length = -1;
154 uh->connection_close = false;
155 uh->state = HTTP_STATE_INIT;
157 if (uh->auth_type == AUTH_TYPE_UNKNOWN && !uh->uc.url->auth)
158 uh->auth_type = AUTH_TYPE_NONE;
161 static void uclient_http_init_request(struct uclient_http *uh)
163 uclient_http_reset_state(uh);
164 blob_buf_init(&uh->meta, 0);
167 static enum auth_type
168 uclient_http_update_auth_type(struct uclient_http *uh)
171 return AUTH_TYPE_NONE;
173 if (!strncasecmp(uh->auth_str, "basic", 5))
174 return AUTH_TYPE_BASIC;
176 if (!strncasecmp(uh->auth_str, "digest", 6))
177 return AUTH_TYPE_DIGEST;
179 return AUTH_TYPE_NONE;
182 static void uclient_http_process_headers(struct uclient_http *uh)
185 HTTP_HDR_TRANSFER_ENCODING,
187 HTTP_HDR_CONTENT_LENGTH,
191 static const struct blobmsg_policy hdr_policy[__HTTP_HDR_MAX] = {
192 #define hdr(_name) { .name = _name, .type = BLOBMSG_TYPE_STRING }
193 [HTTP_HDR_TRANSFER_ENCODING] = hdr("transfer-encoding"),
194 [HTTP_HDR_CONNECTION] = hdr("connection"),
195 [HTTP_HDR_CONTENT_LENGTH] = hdr("content-length"),
196 [HTTP_HDR_AUTH] = hdr("www-authenticate"),
199 struct blob_attr *tb[__HTTP_HDR_MAX];
200 struct blob_attr *cur;
202 blobmsg_parse(hdr_policy, __HTTP_HDR_MAX, tb, blob_data(uh->meta.head), blob_len(uh->meta.head));
204 cur = tb[HTTP_HDR_TRANSFER_ENCODING];
205 if (cur && strstr(blobmsg_data(cur), "chunked"))
206 uh->read_chunked = 0;
208 cur = tb[HTTP_HDR_CONNECTION];
209 if (cur && strstr(blobmsg_data(cur), "close"))
210 uh->connection_close = true;
212 cur = tb[HTTP_HDR_CONTENT_LENGTH];
214 uh->content_length = strtoul(blobmsg_data(cur), NULL, 10);
216 cur = tb[HTTP_HDR_AUTH];
219 uh->auth_str = strdup(blobmsg_data(cur));
222 uh->auth_type = uclient_http_update_auth_type(uh);
226 uclient_http_add_auth_basic(struct uclient_http *uh)
228 struct uclient_url *url = uh->uc.url;
229 int auth_len = strlen(url->auth);
235 auth_buf = alloca(base64_len(auth_len) + 1);
236 base64_encode(url->auth, auth_len, auth_buf);
237 ustream_printf(uh->us, "Authorization: Basic %s\r\n", auth_buf);
240 static char *digest_unquote_sep(char **str)
242 char *cur = *str + 1;
274 static bool strmatch(char **str, const char *prefix)
276 int len = strlen(prefix);
278 if (strncmp(*str, prefix, len) != 0 || (*str)[len] != '=')
286 get_cnonce(char *dest)
291 f = fopen("/dev/urandom", "r");
293 fread(&val, sizeof(val), 1, f);
297 bin_to_hex(dest, &val, sizeof(val));
300 static void add_field(char **buf, int *ofs, int *len, const char *name, const char *val)
302 int available = *len - *ofs;
310 required = strlen(name) + 4 + strlen(val) * 2;
311 if (required > available)
312 *len += required - available + 64;
314 *buf = realloc(*buf, *len);
319 cur += sprintf(cur, ", %s=\"", name);
321 while ((next = strchr(val, '"'))) {
323 memcpy(cur, val, next - val);
327 cur += sprintf(cur, "\\\"");
331 cur += sprintf(cur, "%s\"", val);
336 uclient_http_add_auth_digest(struct uclient_http *uh)
338 struct uclient_url *url = uh->uc.url;
339 const char *realm = NULL, *opaque = NULL;
340 const char *user, *password;
349 struct http_digest_data data = {
351 .cnonce = cnonce_str,
355 len = strlen(uh->auth_str) + 1;
360 strcpy(buf, uh->auth_str);
367 const char **dest = NULL;
369 while (isspace(*next))
372 if (strmatch(&next, "realm"))
374 else if (strmatch(&next, "qop"))
376 else if (strmatch(&next, "nonce"))
378 else if (strmatch(&next, "opaque"))
383 *dest = digest_unquote_sep(&next);
386 if (!realm || !data.qop || !data.nonce)
389 sprintf(nc_str, "%08x", uh->nc++);
390 get_cnonce(cnonce_str);
393 data.uri = url->location;
394 data.method = request_types[uh->req_type];
396 password = strchr(url->auth, ':');
400 len = password - url->auth;
404 user_buf = alloca(len + 1);
405 strncpy(user_buf, url->auth, len);
414 http_digest_calculate_auth_hash(ahash, user, realm, password);
415 http_digest_calculate_response(hash, &data);
421 add_field(&buf, &ofs, &len, "username", user);
422 add_field(&buf, &ofs, &len, "realm", realm);
423 add_field(&buf, &ofs, &len, "nonce", data.nonce);
424 add_field(&buf, &ofs, &len, "uri", data.uri);
425 add_field(&buf, &ofs, &len, "cnonce", data.cnonce);
426 add_field(&buf, &ofs, &len, "response", hash);
428 add_field(&buf, &ofs, &len, "opaque", opaque);
430 ustream_printf(uh->us, "Authorization: Digest nc=%s, qop=%s%s\r\n", data.nc, data.qop, buf);
435 uclient_http_add_auth_header(struct uclient_http *uh)
437 if (!uh->uc.url->auth)
440 switch (uh->auth_type) {
441 case AUTH_TYPE_UNKNOWN:
444 case AUTH_TYPE_BASIC:
445 uclient_http_add_auth_basic(uh);
447 case AUTH_TYPE_DIGEST:
448 uclient_http_add_auth_digest(uh);
454 uclient_http_send_headers(struct uclient_http *uh)
456 struct uclient_url *url = uh->uc.url;
457 struct blob_attr *cur;
458 enum request_type req_type = uh->req_type;
461 if (uh->state >= HTTP_STATE_HEADERS_SENT)
464 if (uh->auth_type == AUTH_TYPE_UNKNOWN)
467 ustream_printf(uh->us,
470 request_types[req_type],
471 url->location, url->host);
473 blobmsg_for_each_attr(cur, uh->headers.head, rem)
474 ustream_printf(uh->us, "%s: %s\n", blobmsg_name(cur), (char *) blobmsg_data(cur));
476 if (uh->req_type == REQ_POST)
477 ustream_printf(uh->us, "Transfer-Encoding: chunked\r\n");
479 uclient_http_add_auth_header(uh);
481 ustream_printf(uh->us, "\r\n");
484 static void uclient_http_headers_complete(struct uclient_http *uh)
486 enum auth_type auth_type = uh->auth_type;
488 uh->state = HTTP_STATE_RECV_DATA;
489 uh->uc.meta = uh->meta.head;
490 uclient_http_process_headers(uh);
492 if (auth_type == AUTH_TYPE_UNKNOWN) {
493 uclient_http_init_request(uh);
494 uclient_http_send_headers(uh);
495 uh->state = HTTP_STATE_REQUEST_DONE;
499 if (uh->uc.cb->header_done)
500 uh->uc.cb->header_done(&uh->uc);
502 if (uh->req_type == REQ_HEAD) {
504 uclient_notify_eof(uh);
508 static void uclient_parse_http_line(struct uclient_http *uh, char *data)
513 if (uh->state == HTTP_STATE_REQUEST_DONE) {
519 code = strsep(&data, " ");
523 uh->uc.status_code = strtoul(code, &sep, 10);
527 uh->state = HTTP_STATE_RECV_HEADERS;
532 uclient_http_headers_complete(uh);
536 sep = strchr(data, ':');
542 for (name = data; *name; name++)
543 *name = tolower(*name);
546 while (isspace(*sep))
549 blobmsg_add_string(&uh->meta, name, sep);
553 uh->uc.status_code = 400;
555 uclient_notify_eof(uh);
558 static void __uclient_notify_read(struct uclient_http *uh)
560 struct uclient *uc = &uh->uc;
564 if (uh->state < HTTP_STATE_REQUEST_DONE || uh->state == HTTP_STATE_ERROR)
567 data = ustream_get_read_buf(uh->us, &len);
571 if (uh->state < HTTP_STATE_RECV_DATA) {
576 sep = strstr(data, "\r\n");
580 /* Check for multi-line HTTP headers */
585 if (isspace(sep[2]) && sep[2] != '\r') {
593 cur_len = sep + 2 - data;
594 uclient_parse_http_line(uh, data);
595 ustream_consume(uh->us, cur_len);
598 data = ustream_get_read_buf(uh->us, &len);
599 } while (data && uh->state < HTTP_STATE_RECV_DATA);
605 if (uh->state == HTTP_STATE_RECV_DATA && uc->cb->data_read)
606 uc->cb->data_read(uc);
609 static void uclient_notify_read(struct ustream *us, int bytes)
611 struct uclient_http *uh = container_of(us, struct uclient_http, ufd.stream);
613 __uclient_notify_read(uh);
616 static void uclient_notify_state(struct ustream *us)
618 struct uclient_http *uh = container_of(us, struct uclient_http, ufd.stream);
620 uclient_notify_eof(uh);
623 static int uclient_setup_http(struct uclient_http *uh)
625 struct ustream *us = &uh->ufd.stream;
629 us->string_data = true;
630 us->notify_state = uclient_notify_state;
631 us->notify_read = uclient_notify_read;
633 ret = uclient_do_connect(uh, "80");
640 static void uclient_ssl_notify_read(struct ustream *us, int bytes)
642 struct uclient_http *uh = container_of(us, struct uclient_http, ussl.stream);
644 __uclient_notify_read(uh);
647 static void uclient_ssl_notify_state(struct ustream *us)
649 struct uclient_http *uh = container_of(us, struct uclient_http, ussl.stream);
651 uclient_notify_eof(uh);
654 static void uclient_ssl_notify_error(struct ustream_ssl *ssl, int error, const char *str)
656 struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
658 uclient_http_error(uh, UCLIENT_ERROR_CONNECT);
661 static void uclient_ssl_notify_verify_error(struct ustream_ssl *ssl, int error, const char *str)
663 struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
665 if (!uh->ssl_require_validation)
668 uclient_http_error(uh, UCLIENT_ERROR_SSL_INVALID_CERT);
671 static void uclient_ssl_notify_connected(struct ustream_ssl *ssl)
673 struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl);
675 if (!uh->ssl_require_validation)
678 if (!uh->ussl.valid_cn)
679 uclient_http_error(uh, UCLIENT_ERROR_SSL_CN_MISMATCH);
682 static int uclient_setup_https(struct uclient_http *uh)
684 struct ustream *us = &uh->ussl.stream;
690 ret = uclient_do_connect(uh, "443");
695 uh->ssl_ctx = ustream_ssl_context_new(false);
697 us->string_data = true;
698 us->notify_state = uclient_ssl_notify_state;
699 us->notify_read = uclient_ssl_notify_read;
700 uh->ussl.notify_error = uclient_ssl_notify_error;
701 uh->ussl.notify_verify_error = uclient_ssl_notify_verify_error;
702 uh->ussl.notify_connected = uclient_ssl_notify_connected;
703 ustream_ssl_init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
704 ustream_ssl_set_peer_cn(&uh->ussl, uh->uc.url->host);
709 static int uclient_http_connect(struct uclient *cl)
711 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
714 uclient_http_init_request(uh);
719 uh->ssl = cl->url->prefix == PREFIX_HTTPS;
722 ret = uclient_setup_https(uh);
724 ret = uclient_setup_http(uh);
727 uclient_http_error(uh, UCLIENT_ERROR_CONNECT);
732 static struct uclient *uclient_http_alloc(void)
734 struct uclient_http *uh;
736 uh = calloc_a(sizeof(*uh));
737 blob_buf_init(&uh->headers, 0);
742 static void uclient_http_free_ssl_ctx(struct uclient_http *uh)
744 if (uh->ssl_ctx && !uh->ssl_ctx_ext)
745 ustream_ssl_context_free(uh->ssl_ctx);
747 uh->ssl_ctx_ext = false;
750 static void uclient_http_free(struct uclient *cl)
752 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
754 uclient_http_free_ssl_ctx(uh);
755 uclient_http_free_url_state(cl);
756 blob_buf_free(&uh->headers);
757 blob_buf_free(&uh->meta);
762 uclient_http_set_request_type(struct uclient *cl, const char *type)
764 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
767 if (cl->backend != &uclient_backend_http)
770 if (uh->state > HTTP_STATE_INIT)
773 for (i = 0; i < ARRAY_SIZE(request_types); i++) {
774 if (strcmp(request_types[i], type) != 0)
785 uclient_http_reset_headers(struct uclient *cl, const char *name, const char *value)
787 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
789 blob_buf_init(&uh->headers, 0);
795 uclient_http_set_header(struct uclient *cl, const char *name, const char *value)
797 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
799 if (cl->backend != &uclient_backend_http)
802 if (uh->state > HTTP_STATE_INIT)
805 blobmsg_add_string(&uh->headers, name, value);
810 uclient_http_send_data(struct uclient *cl, char *buf, unsigned int len)
812 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
814 if (uh->state >= HTTP_STATE_REQUEST_DONE)
817 uclient_http_send_headers(uh);
819 ustream_printf(uh->us, "%X\r\n", len);
821 ustream_write(uh->us, buf, len, false);
822 ustream_printf(uh->us, "\r\n");
828 uclient_http_request_done(struct uclient *cl)
830 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
832 if (uh->state >= HTTP_STATE_REQUEST_DONE)
835 uclient_http_send_headers(uh);
836 uh->state = HTTP_STATE_REQUEST_DONE;
842 uclient_http_read(struct uclient *cl, char *buf, unsigned int len)
844 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
846 char *data, *data_end;
848 if (uh->state < HTTP_STATE_RECV_DATA || !uh->us)
851 data = ustream_get_read_buf(uh->us, &read_len);
852 if (!data || !read_len)
855 data_end = data + read_len;
858 if (uh->read_chunked == 0) {
861 if (data[0] == '\r' && data[1] == '\n') {
866 sep = strstr(data, "\r\n");
871 uh->read_chunked = strtoul(data, NULL, 16);
873 read_len += sep + 2 - data;
876 if (!uh->read_chunked)
880 if (len > data_end - data)
881 len = data_end - data;
883 if (uh->read_chunked >= 0) {
884 if (len > uh->read_chunked)
885 len = uh->read_chunked;
887 uh->read_chunked -= len;
888 } else if (uh->content_length >= 0) {
889 if (len > uh->content_length)
890 len = uh->content_length;
892 uh->content_length -= len;
893 if (!uh->content_length)
899 memcpy(buf, data, len);
903 ustream_consume(uh->us, read_len);
905 uclient_notify_eof(uh);
910 bool uclient_http_redirect(struct uclient *cl)
912 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
913 struct blobmsg_policy location = {
915 .type = BLOBMSG_TYPE_STRING,
917 struct uclient_url *url = cl->url;
918 struct blob_attr *tb;
920 if (cl->backend != &uclient_backend_http)
923 switch (cl->status_code) {
932 blobmsg_parse(&location, 1, &tb, blob_data(uh->meta.head), blob_len(uh->meta.head));
936 url = uclient_get_url(blobmsg_data(tb), url->auth);
942 uclient_http_connect(cl);
943 uclient_http_request_done(cl);
948 int uclient_http_set_ssl_ctx(struct uclient *cl, struct ustream_ssl_ctx *ctx, bool require_validation)
950 struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
952 if (cl->backend != &uclient_backend_http)
955 uclient_http_free_url_state(cl);
957 uclient_http_free_ssl_ctx(uh);
959 uh->ssl_ctx_ext = !!ctx;
960 uh->ssl_require_validation = !!ctx && require_validation;
965 const struct uclient_backend uclient_backend_http = {
966 .prefix = uclient_http_prefix,
968 .alloc = uclient_http_alloc,
969 .free = uclient_http_free,
970 .connect = uclient_http_connect,
971 .update_url = uclient_http_free_url_state,
973 .read = uclient_http_read,
974 .write = uclient_http_send_data,
975 .request = uclient_http_request_done,