X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuclient.git;a=blobdiff_plain;f=uclient-http.c;h=1cc60e3051880303b9622ddacaa6275593463a29;hp=9e7505c84745ccdd51f5463e4a38170d46ee1c9a;hb=5e0b24f3a921081162706598d1ebea9d403d3187;hpb=5f2e60972941c1ca1a6fa572b39e18cbc58137d9

diff --git a/uclient-http.c b/uclient-http.c
index 9e7505c..1cc60e3 100644
--- a/uclient-http.c
+++ b/uclient-http.c
@@ -1,6 +1,7 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <unistd.h>
+#include <stdint.h>
 
 #include <libubox/ustream.h>
 #include <libubox/ustream-ssl.h>
@@ -11,12 +12,11 @@
 #include "uclient-utils.h"
 #include "uclient-backend.h"
 
-static struct ustream_ssl_ctx *ssl_ctx;
-
 enum auth_type {
 	AUTH_TYPE_UNKNOWN,
 	AUTH_TYPE_NONE,
 	AUTH_TYPE_BASIC,
+	AUTH_TYPE_DIGEST,
 };
 
 enum request_type {
@@ -44,6 +44,7 @@ static const char * const request_types[__REQ_MAX] = {
 struct uclient_http {
 	struct uclient uc;
 
+	struct ustream_ssl_ctx *ssl_ctx;
 	struct ustream *us;
 
 	struct ustream_fd ufd;
@@ -61,6 +62,8 @@ struct uclient_http {
 	long read_chunked;
 	long content_length;
 
+	uint32_t nc;
+
 	struct blob_buf headers;
 	struct blob_buf meta;
 };
@@ -160,6 +163,9 @@ uclient_http_update_auth_type(struct uclient_http *uh)
 	if (!strncasecmp(uh->auth_str, "basic", 5))
 		return AUTH_TYPE_BASIC;
 
+	if (!strncasecmp(uh->auth_str, "digest", 6))
+		return AUTH_TYPE_DIGEST;
+
 	return AUTH_TYPE_NONE;
 }
 
@@ -207,16 +213,12 @@ static void uclient_http_process_headers(struct uclient_http *uh)
 }
 
 static void
-uclient_http_add_auth_header(struct uclient_http *uh)
+uclient_http_add_auth_basic(struct uclient_http *uh)
 {
 	struct uclient_url *url = uh->uc.url;
+	int auth_len = strlen(url->auth);
 	char *auth_buf;
-	int auth_len;
 
-	if (!url->auth)
-		return;
-
-	auth_len = strlen(url->auth);
 	if (auth_len > 512)
 		return;
 
@@ -225,6 +227,219 @@ uclient_http_add_auth_header(struct uclient_http *uh)
 	ustream_printf(uh->us, "Authorization: Basic %s\r\n", auth_buf);
 }
 
+static char *digest_unquote_sep(char **str)
+{
+	char *cur = *str + 1;
+	char *start = cur;
+	char *out;
+
+	if (**str != '"')
+		return NULL;
+
+	out = cur;
+	while (1) {
+		if (!*cur)
+			return NULL;
+
+		if (*cur == '"') {
+			cur++;
+			break;
+		}
+
+		if (*cur == '\\')
+			cur++;
+
+		*(out++) = *(cur++);
+	}
+
+	if (*cur == ',')
+		cur++;
+
+	*out = 0;
+	*str = cur;
+
+	return start;
+}
+
+static bool strmatch(char **str, const char *prefix)
+{
+	int len = strlen(prefix);
+
+	if (strncmp(*str, prefix, len) != 0 || (*str)[len] != '=')
+		return false;
+
+	*str += len + 1;
+	return true;
+}
+
+static void
+get_cnonce(char *dest)
+{
+	uint32_t val = 0;
+	FILE *f;
+
+	f = fopen("/dev/urandom", "r");
+	if (f) {
+		fread(&val, sizeof(val), 1, f);
+		fclose(f);
+	}
+
+	bin_to_hex(dest, &val, sizeof(val));
+}
+
+static void add_field(char **buf, int *ofs, int *len, const char *name, const char *val)
+{
+	int available = *len - *ofs;
+	int required;
+	const char *next;
+	char *cur;
+
+	if (*len && !*buf)
+		return;
+
+	required = strlen(name) + 4 + strlen(val) * 2;
+	if (required > available)
+		*len += required - available + 64;
+
+	*buf = realloc(*buf, *len);
+	if (!*buf)
+		return;
+
+	cur = *buf + *ofs;
+	cur += sprintf(cur, ", %s=\"", name);
+
+	while ((next = strchr(val, '"'))) {
+		if (next > val) {
+			memcpy(cur, val, next - val);
+			cur += next - val;
+		}
+
+		cur += sprintf(cur, "\\\"");
+		val = next + 1;
+	}
+
+	cur += sprintf(cur, "%s\"", val);
+	*ofs = cur - *buf;
+}
+
+static void
+uclient_http_add_auth_digest(struct uclient_http *uh)
+{
+	struct uclient_url *url = uh->uc.url;
+	const char *realm = NULL, *opaque = NULL;
+	const char *user, *password;
+	char *buf, *next;
+	int len, ofs;
+
+	char cnonce_str[9];
+	char nc_str[9];
+	char ahash[33];
+	char hash[33];
+
+	struct http_digest_data data = {
+		.nc = nc_str,
+		.cnonce = cnonce_str,
+		.auth_hash = ahash,
+	};
+
+	len = strlen(uh->auth_str) + 1;
+	if (len > 512)
+		return;
+
+	buf = alloca(len);
+	strcpy(buf, uh->auth_str);
+
+	/* skip auth type */
+	strsep(&buf, " ");
+
+	next = buf;
+	while (*next) {
+		const char **dest = NULL;
+
+		while (isspace(*next))
+			next++;
+
+		if (strmatch(&next, "realm"))
+			dest = &realm;
+		else if (strmatch(&next, "qop"))
+			dest = &data.qop;
+		else if (strmatch(&next, "nonce"))
+			dest = &data.nonce;
+		else if (strmatch(&next, "opaque"))
+			dest = &opaque;
+		else
+			return;
+
+		*dest = digest_unquote_sep(&next);
+	}
+
+	if (!realm || !data.qop || !data.nonce)
+		return;
+
+	sprintf(nc_str, "%08x", uh->nc++);
+	get_cnonce(cnonce_str);
+
+	data.qop = "auth";
+	data.uri = url->location;
+	data.method = request_types[uh->req_type];
+
+	password = strchr(url->auth, ':');
+	if (password) {
+		char *user_buf;
+
+		len = password - url->auth;
+		if (len > 256)
+			return;
+
+		user_buf = alloca(len + 1);
+		strncpy(user_buf, url->auth, len);
+		user_buf[len] = 0;
+		user = user_buf;
+		password++;
+	} else {
+		user = url->auth;
+		password = "";
+	}
+
+	http_digest_calculate_auth_hash(ahash, user, realm, password);
+	http_digest_calculate_response(hash, &data);
+
+	buf = NULL;
+	len = 0;
+	ofs = 0;
+
+	add_field(&buf, &ofs, &len, "username", user);
+	add_field(&buf, &ofs, &len, "realm", realm);
+	add_field(&buf, &ofs, &len, "nonce", data.nonce);
+	add_field(&buf, &ofs, &len, "uri", data.uri);
+	add_field(&buf, &ofs, &len, "cnonce", data.cnonce);
+	add_field(&buf, &ofs, &len, "response", hash);
+	if (opaque)
+		add_field(&buf, &ofs, &len, "opaque", opaque);
+
+	ustream_printf(uh->us, "Authorization: Digest nc=%s, qop=%s%s\r\n", data.nc, data.qop, buf);
+	free(buf);
+}
+
+static void
+uclient_http_add_auth_header(struct uclient_http *uh)
+{
+	if (!uh->uc.url->auth)
+		return;
+
+	switch (uh->auth_type) {
+	case AUTH_TYPE_UNKNOWN:
+	case AUTH_TYPE_NONE:
+		break;
+	case AUTH_TYPE_BASIC:
+		uclient_http_add_auth_basic(uh);
+		break;
+	case AUTH_TYPE_DIGEST:
+		uclient_http_add_auth_digest(uh);
+		break;
+	}
+}
+
 static void
 uclient_http_send_headers(struct uclient_http *uh)
 {
@@ -286,6 +501,19 @@ static void uclient_parse_http_line(struct uclient_http *uh, char *data)
 	char *sep;
 
 	if (uh->state == HTTP_STATE_REQUEST_DONE) {
+		char *code;
+
+		/* HTTP/1.1 */
+		strsep(&data, " ");
+
+		code = strsep(&data, " ");
+		if (!code)
+			goto error;
+
+		uh->uc.status_code = strtoul(code, &sep, 10);
+		if (sep && *sep)
+			goto error;
+
 		uh->state = HTTP_STATE_RECV_HEADERS;
 		return;
 	}
@@ -309,6 +537,12 @@ static void uclient_parse_http_line(struct uclient_http *uh, char *data)
 		sep++;
 
 	blobmsg_add_string(&uh->meta, name, sep);
+	return;
+
+error:
+	uh->uc.status_code = 400;
+	uh->eof = true;
+	uclient_notify_eof(uh);
 }
 
 static void __uclient_notify_read(struct uclient_http *uh)
@@ -419,13 +653,13 @@ static int uclient_setup_https(struct uclient_http *uh)
 	if (ret)
 		return ret;
 
-	if (!ssl_ctx)
-		ssl_ctx = ustream_ssl_context_new(false);
+	if (!uh->ssl_ctx)
+		uh->ssl_ctx = ustream_ssl_context_new(false);
 
 	us->string_data = true;
 	us->notify_state = uclient_ssl_notify_state;
 	us->notify_read = uclient_ssl_notify_read;
-	ustream_ssl_init(&uh->ussl, &uh->ufd.stream, ssl_ctx, false);
+	ustream_ssl_init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false);
 
 	return 0;
 }
@@ -461,6 +695,9 @@ static void uclient_http_free(struct uclient *cl)
 {
 	struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
 
+	if (uh->ssl_ctx)
+		ustream_ssl_context_free(uh->ssl_ctx);
+
 	uclient_http_free_url_state(cl);
 	blob_buf_free(&uh->headers);
 	blob_buf_free(&uh->meta);
@@ -526,7 +763,8 @@ uclient_http_send_data(struct uclient *cl, char *buf, unsigned int len)
 	uclient_http_send_headers(uh);
 
 	ustream_printf(uh->us, "%X\r\n", len);
-	ustream_write(uh->us, buf, len, false);
+	if (len > 0)
+		ustream_write(uh->us, buf, len, false);
 	ustream_printf(uh->us, "\r\n");
 
 	return len;
@@ -615,7 +853,45 @@ uclient_http_read(struct uclient *cl, char *buf, unsigned int len)
 	return len;
 }
 
-const struct uclient_backend uclient_backend_http __hidden = {
+bool uclient_http_redirect(struct uclient *cl)
+{
+	struct uclient_http *uh = container_of(cl, struct uclient_http, uc);
+	struct blobmsg_policy location = {
+		.name = "location",
+		.type = BLOBMSG_TYPE_STRING,
+	};
+	struct uclient_url *url = cl->url;
+	struct blob_attr *tb;
+
+	if (cl->backend != &uclient_backend_http)
+		return false;
+
+	switch (cl->status_code) {
+	case 301:
+	case 302:
+	case 307:
+		break;
+	default:
+		return false;
+	}
+
+	blobmsg_parse(&location, 1, &tb, blob_data(uh->meta.head), blob_len(uh->meta.head));
+	if (!tb)
+		return false;
+
+	url = uclient_get_url(blobmsg_data(tb), url->auth);
+	if (!url)
+		return false;
+
+	free(cl->url);
+	cl->url = url;
+	uclient_http_connect(cl);
+	uclient_http_request_done(cl);
+
+	return true;
+}
+
+const struct uclient_backend uclient_backend_http = {
 	.prefix = uclient_http_prefix,
 
 	.alloc = uclient_http_alloc,