X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fuclient.git;a=blobdiff_plain;f=uclient-http.c;h=9652fb8f7cd9a9d5457a44522fddb5b919e16ba9;hp=9e7505c84745ccdd51f5463e4a38170d46ee1c9a;hb=58dec1d4bf3b66d62454775bd8fd4f3d347b3806;hpb=5f2e60972941c1ca1a6fa572b39e18cbc58137d9 diff --git a/uclient-http.c b/uclient-http.c index 9e7505c..9652fb8 100644 --- a/uclient-http.c +++ b/uclient-http.c @@ -1,6 +1,24 @@ +/* + * uclient - ustream based protocol client library + * + * Copyright (C) 2014 Felix Fietkau + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ #include #include #include +#include #include #include @@ -11,18 +29,18 @@ #include "uclient-utils.h" #include "uclient-backend.h" -static struct ustream_ssl_ctx *ssl_ctx; - enum auth_type { AUTH_TYPE_UNKNOWN, AUTH_TYPE_NONE, AUTH_TYPE_BASIC, + AUTH_TYPE_DIGEST, }; enum request_type { REQ_GET, REQ_HEAD, REQ_POST, + REQ_PUT, __REQ_MAX }; @@ -39,19 +57,26 @@ static const char * const request_types[__REQ_MAX] = { [REQ_GET] = "GET", [REQ_HEAD] = "HEAD", [REQ_POST] = "POST", + [REQ_PUT] = "PUT", }; struct uclient_http { struct uclient uc; + const struct ustream_ssl_ops *ssl_ops; + struct ustream_ssl_ctx *ssl_ctx; struct ustream *us; struct ustream_fd ufd; struct ustream_ssl ussl; + struct uloop_timeout disconnect_t; + + bool ssl_require_validation; bool ssl; bool eof; bool connection_close; + bool disconnect; enum request_type req_type; enum http_state state; @@ -61,6 +86,8 @@ struct uclient_http { long read_chunked; long content_length; + uint32_t nc; + struct blob_buf headers; struct blob_buf meta; }; @@ -79,6 +106,7 @@ static const char * const uclient_http_prefix[] = { static int uclient_do_connect(struct uclient_http *uh, const char *port) { + socklen_t sl; int fd; if (uh->uc.url->port) @@ -89,11 +117,20 @@ static int uclient_do_connect(struct uclient_http *uh, const char *port) return -1; ustream_fd_init(&uh->ufd, fd); + + memset(&uh->uc.local_addr, 0, sizeof(uh->uc.local_addr)); + memset(&uh->uc.remote_addr, 0, sizeof(uh->uc.remote_addr)); + + sl = sizeof(uh->uc.local_addr); + getsockname(fd, &uh->uc.local_addr.sa, &sl); + getpeername(fd, &uh->uc.remote_addr.sa, &sl); + return 0; } static void uclient_http_disconnect(struct uclient_http *uh) { + uloop_timeout_cancel(&uh->disconnect_t); if (!uh->us) return; @@ -114,10 +151,21 @@ static void uclient_http_free_url_state(struct uclient *cl) uclient_http_disconnect(uh); } +static void uclient_http_error(struct uclient_http *uh, int code) +{ + uh->state = HTTP_STATE_ERROR; + uh->us->eof = true; + ustream_state_change(uh->us); + uclient_backend_set_error(&uh->uc, code); +} + static void uclient_notify_eof(struct uclient_http *uh) { struct ustream *us = uh->us; + if (uh->disconnect) + return; + if (!uh->eof) { if (!us->eof && !us->write_error) return; @@ -138,6 +186,7 @@ static void uclient_http_reset_state(struct uclient_http *uh) uh->read_chunked = -1; uh->content_length = -1; uh->eof = false; + uh->disconnect = false; uh->connection_close = false; uh->state = HTTP_STATE_INIT; @@ -160,6 +209,9 @@ uclient_http_update_auth_type(struct uclient_http *uh) if (!strncasecmp(uh->auth_str, "basic", 5)) return AUTH_TYPE_BASIC; + if (!strncasecmp(uh->auth_str, "digest", 6)) + return AUTH_TYPE_DIGEST; + return AUTH_TYPE_NONE; } @@ -207,16 +259,12 @@ static void uclient_http_process_headers(struct uclient_http *uh) } static void -uclient_http_add_auth_header(struct uclient_http *uh) +uclient_http_add_auth_basic(struct uclient_http *uh) { struct uclient_url *url = uh->uc.url; + int auth_len = strlen(url->auth); char *auth_buf; - int auth_len; - - if (!url->auth) - return; - auth_len = strlen(url->auth); if (auth_len > 512) return; @@ -225,6 +273,219 @@ uclient_http_add_auth_header(struct uclient_http *uh) ustream_printf(uh->us, "Authorization: Basic %s\r\n", auth_buf); } +static char *digest_unquote_sep(char **str) +{ + char *cur = *str + 1; + char *start = cur; + char *out; + + if (**str != '"') + return NULL; + + out = cur; + while (1) { + if (!*cur) + return NULL; + + if (*cur == '"') { + cur++; + break; + } + + if (*cur == '\\') + cur++; + + *(out++) = *(cur++); + } + + if (*cur == ',') + cur++; + + *out = 0; + *str = cur; + + return start; +} + +static bool strmatch(char **str, const char *prefix) +{ + int len = strlen(prefix); + + if (strncmp(*str, prefix, len) != 0 || (*str)[len] != '=') + return false; + + *str += len + 1; + return true; +} + +static void +get_cnonce(char *dest) +{ + uint32_t val = 0; + FILE *f; + + f = fopen("/dev/urandom", "r"); + if (f) { + fread(&val, sizeof(val), 1, f); + fclose(f); + } + + bin_to_hex(dest, &val, sizeof(val)); +} + +static void add_field(char **buf, int *ofs, int *len, const char *name, const char *val) +{ + int available = *len - *ofs; + int required; + const char *next; + char *cur; + + if (*len && !*buf) + return; + + required = strlen(name) + 4 + strlen(val) * 2; + if (required > available) + *len += required - available + 64; + + *buf = realloc(*buf, *len); + if (!*buf) + return; + + cur = *buf + *ofs; + cur += sprintf(cur, ", %s=\"", name); + + while ((next = strchr(val, '"'))) { + if (next > val) { + memcpy(cur, val, next - val); + cur += next - val; + } + + cur += sprintf(cur, "\\\""); + val = next + 1; + } + + cur += sprintf(cur, "%s\"", val); + *ofs = cur - *buf; +} + +static void +uclient_http_add_auth_digest(struct uclient_http *uh) +{ + struct uclient_url *url = uh->uc.url; + const char *realm = NULL, *opaque = NULL; + const char *user, *password; + char *buf, *next; + int len, ofs; + + char cnonce_str[9]; + char nc_str[9]; + char ahash[33]; + char hash[33]; + + struct http_digest_data data = { + .nc = nc_str, + .cnonce = cnonce_str, + .auth_hash = ahash, + }; + + len = strlen(uh->auth_str) + 1; + if (len > 512) + return; + + buf = alloca(len); + strcpy(buf, uh->auth_str); + + /* skip auth type */ + strsep(&buf, " "); + + next = buf; + while (*next) { + const char **dest = NULL; + + while (isspace(*next)) + next++; + + if (strmatch(&next, "realm")) + dest = &realm; + else if (strmatch(&next, "qop")) + dest = &data.qop; + else if (strmatch(&next, "nonce")) + dest = &data.nonce; + else if (strmatch(&next, "opaque")) + dest = &opaque; + else + return; + + *dest = digest_unquote_sep(&next); + } + + if (!realm || !data.qop || !data.nonce) + return; + + sprintf(nc_str, "%08x", uh->nc++); + get_cnonce(cnonce_str); + + data.qop = "auth"; + data.uri = url->location; + data.method = request_types[uh->req_type]; + + password = strchr(url->auth, ':'); + if (password) { + char *user_buf; + + len = password - url->auth; + if (len > 256) + return; + + user_buf = alloca(len + 1); + strncpy(user_buf, url->auth, len); + user_buf[len] = 0; + user = user_buf; + password++; + } else { + user = url->auth; + password = ""; + } + + http_digest_calculate_auth_hash(ahash, user, realm, password); + http_digest_calculate_response(hash, &data); + + buf = NULL; + len = 0; + ofs = 0; + + add_field(&buf, &ofs, &len, "username", user); + add_field(&buf, &ofs, &len, "realm", realm); + add_field(&buf, &ofs, &len, "nonce", data.nonce); + add_field(&buf, &ofs, &len, "uri", data.uri); + add_field(&buf, &ofs, &len, "cnonce", data.cnonce); + add_field(&buf, &ofs, &len, "response", hash); + if (opaque) + add_field(&buf, &ofs, &len, "opaque", opaque); + + ustream_printf(uh->us, "Authorization: Digest nc=%s, qop=%s%s\r\n", data.nc, data.qop, buf); + free(buf); +} + +static void +uclient_http_add_auth_header(struct uclient_http *uh) +{ + if (!uh->uc.url->auth) + return; + + switch (uh->auth_type) { + case AUTH_TYPE_UNKNOWN: + case AUTH_TYPE_NONE: + break; + case AUTH_TYPE_BASIC: + uclient_http_add_auth_basic(uh); + break; + case AUTH_TYPE_DIGEST: + uclient_http_add_auth_digest(uh); + break; + } +} + static void uclient_http_send_headers(struct uclient_http *uh) { @@ -248,12 +509,14 @@ uclient_http_send_headers(struct uclient_http *uh) blobmsg_for_each_attr(cur, uh->headers.head, rem) ustream_printf(uh->us, "%s: %s\n", blobmsg_name(cur), (char *) blobmsg_data(cur)); - if (uh->req_type == REQ_POST) + if (uh->req_type == REQ_POST || uh->req_type == REQ_PUT) ustream_printf(uh->us, "Transfer-Encoding: chunked\r\n"); uclient_http_add_auth_header(uh); ustream_printf(uh->us, "\r\n"); + + uh->state = HTTP_STATE_HEADERS_SENT; } static void uclient_http_headers_complete(struct uclient_http *uh) @@ -274,7 +537,10 @@ static void uclient_http_headers_complete(struct uclient_http *uh) if (uh->uc.cb->header_done) uh->uc.cb->header_done(&uh->uc); - if (uh->req_type == REQ_HEAD) { + if (uh->eof) + return; + + if (uh->req_type == REQ_HEAD || uh->uc.status_code == 204) { uh->eof = true; uclient_notify_eof(uh); } @@ -286,6 +552,19 @@ static void uclient_parse_http_line(struct uclient_http *uh, char *data) char *sep; if (uh->state == HTTP_STATE_REQUEST_DONE) { + char *code; + + /* HTTP/1.1 */ + strsep(&data, " "); + + code = strsep(&data, " "); + if (!code) + goto error; + + uh->uc.status_code = strtoul(code, &sep, 10); + if (sep && *sep) + goto error; + uh->state = HTTP_STATE_RECV_HEADERS; return; } @@ -309,6 +588,12 @@ static void uclient_parse_http_line(struct uclient_http *uh, char *data) sep++; blobmsg_add_string(&uh->meta, name, sep); + return; + +error: + uh->uc.status_code = 400; + uh->eof = true; + uclient_notify_eof(uh); } static void __uclient_notify_read(struct uclient_http *uh) @@ -317,7 +602,7 @@ static void __uclient_notify_read(struct uclient_http *uh) char *data; int len; - if (uh->state < HTTP_STATE_REQUEST_DONE) + if (uh->state < HTTP_STATE_REQUEST_DONE || uh->state == HTTP_STATE_ERROR) return; data = ustream_get_read_buf(uh->us, &len); @@ -351,6 +636,9 @@ static void __uclient_notify_read(struct uclient_http *uh) ustream_consume(uh->us, cur_len); len -= cur_len; + if (uh->eof) + return; + data = ustream_get_read_buf(uh->us, &len); } while (data && uh->state < HTTP_STATE_RECV_DATA); @@ -358,6 +646,9 @@ static void __uclient_notify_read(struct uclient_http *uh) return; } + if (uh->eof) + return; + if (uh->state == HTTP_STATE_RECV_DATA && uc->cb->data_read) uc->cb->data_read(uc); } @@ -382,13 +673,15 @@ static int uclient_setup_http(struct uclient_http *uh) int ret; uh->us = us; + uh->ssl = false; + us->string_data = true; us->notify_state = uclient_notify_state; us->notify_read = uclient_notify_read; ret = uclient_do_connect(uh, "80"); if (ret) - return ret; + return UCLIENT_ERROR_CONNECT; return 0; } @@ -407,6 +700,34 @@ static void uclient_ssl_notify_state(struct ustream *us) uclient_notify_eof(uh); } +static void uclient_ssl_notify_error(struct ustream_ssl *ssl, int error, const char *str) +{ + struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl); + + uclient_http_error(uh, UCLIENT_ERROR_CONNECT); +} + +static void uclient_ssl_notify_verify_error(struct ustream_ssl *ssl, int error, const char *str) +{ + struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl); + + if (!uh->ssl_require_validation) + return; + + uclient_http_error(uh, UCLIENT_ERROR_SSL_INVALID_CERT); +} + +static void uclient_ssl_notify_connected(struct ustream_ssl *ssl) +{ + struct uclient_http *uh = container_of(ssl, struct uclient_http, ussl); + + if (!uh->ssl_require_validation) + return; + + if (!uh->ussl.valid_cn) + uclient_http_error(uh, UCLIENT_ERROR_SSL_CN_MISMATCH); +} + static int uclient_setup_https(struct uclient_http *uh) { struct ustream *us = &uh->ussl.stream; @@ -415,17 +736,21 @@ static int uclient_setup_https(struct uclient_http *uh) uh->ssl = true; uh->us = us; + if (!uh->ssl_ctx) + return UCLIENT_ERROR_MISSING_SSL_CONTEXT; + ret = uclient_do_connect(uh, "443"); if (ret) - return ret; - - if (!ssl_ctx) - ssl_ctx = ustream_ssl_context_new(false); + return UCLIENT_ERROR_CONNECT; us->string_data = true; us->notify_state = uclient_ssl_notify_state; us->notify_read = uclient_ssl_notify_read; - ustream_ssl_init(&uh->ussl, &uh->ufd.stream, ssl_ctx, false); + uh->ussl.notify_error = uclient_ssl_notify_error; + uh->ussl.notify_verify_error = uclient_ssl_notify_verify_error; + uh->ussl.notify_connected = uclient_ssl_notify_connected; + uh->ssl_ops->init(&uh->ussl, &uh->ufd.stream, uh->ssl_ctx, false); + uh->ssl_ops->set_peer_cn(&uh->ussl, uh->uc.url->host); return 0; } @@ -433,6 +758,7 @@ static int uclient_setup_https(struct uclient_http *uh) static int uclient_http_connect(struct uclient *cl) { struct uclient_http *uh = container_of(cl, struct uclient_http, uc); + int ret; uclient_http_init_request(uh); @@ -442,9 +768,18 @@ static int uclient_http_connect(struct uclient *cl) uh->ssl = cl->url->prefix == PREFIX_HTTPS; if (uh->ssl) - return uclient_setup_https(uh); + ret = uclient_setup_https(uh); else - return uclient_setup_http(uh); + ret = uclient_setup_http(uh); + + return ret; +} + +static void uclient_http_disconnect_cb(struct uloop_timeout *timeout) +{ + struct uclient_http *uh = container_of(timeout, struct uclient_http, disconnect_t); + + uclient_http_disconnect(uh); } static struct uclient *uclient_http_alloc(void) @@ -452,16 +787,24 @@ static struct uclient *uclient_http_alloc(void) struct uclient_http *uh; uh = calloc_a(sizeof(*uh)); + uh->disconnect_t.cb = uclient_http_disconnect_cb; blob_buf_init(&uh->headers, 0); return &uh->uc; } +static void uclient_http_free_ssl_ctx(struct uclient_http *uh) +{ + uh->ssl_ops = NULL; + uh->ssl_ctx = NULL; +} + static void uclient_http_free(struct uclient *cl) { struct uclient_http *uh = container_of(cl, struct uclient_http, uc); uclient_http_free_url_state(cl); + uclient_http_free_ssl_ctx(uh); blob_buf_free(&uh->headers); blob_buf_free(&uh->meta); free(uh); @@ -491,7 +834,7 @@ uclient_http_set_request_type(struct uclient *cl, const char *type) } int -uclient_http_reset_headers(struct uclient *cl, const char *name, const char *value) +uclient_http_reset_headers(struct uclient *cl) { struct uclient_http *uh = container_of(cl, struct uclient_http, uc); @@ -525,9 +868,11 @@ uclient_http_send_data(struct uclient *cl, char *buf, unsigned int len) uclient_http_send_headers(uh); - ustream_printf(uh->us, "%X\r\n", len); - ustream_write(uh->us, buf, len, false); - ustream_printf(uh->us, "\r\n"); + if (len > 0) { + ustream_printf(uh->us, "%X\r\n", len); + ustream_write(uh->us, buf, len, false); + ustream_printf(uh->us, "\r\n"); + } return len; } @@ -541,6 +886,8 @@ uclient_http_request_done(struct uclient *cl) return -1; uclient_http_send_headers(uh); + if (uh->req_type == REQ_POST || uh->req_type == REQ_PUT) + ustream_printf(uh->us, "0\r\n\r\n"); uh->state = HTTP_STATE_REQUEST_DONE; return 0; @@ -581,8 +928,10 @@ uclient_http_read(struct uclient *cl, char *buf, unsigned int len) read_len += sep + 2 - data; data = sep + 2; - if (!uh->read_chunked) + if (!uh->read_chunked) { uh->eof = true; + uh->uc.data_eof = true; + } } if (len > data_end - data) @@ -598,8 +947,10 @@ uclient_http_read(struct uclient *cl, char *buf, unsigned int len) len = uh->content_length; uh->content_length -= len; - if (!uh->content_length) + if (!uh->content_length) { uh->eof = true; + uh->uc.data_eof = true; + } } if (len > 0) { @@ -615,12 +966,81 @@ uclient_http_read(struct uclient *cl, char *buf, unsigned int len) return len; } -const struct uclient_backend uclient_backend_http __hidden = { +bool uclient_http_redirect(struct uclient *cl) +{ + struct uclient_http *uh = container_of(cl, struct uclient_http, uc); + struct blobmsg_policy location = { + .name = "location", + .type = BLOBMSG_TYPE_STRING, + }; + struct uclient_url *url = cl->url; + struct blob_attr *tb; + + if (cl->backend != &uclient_backend_http) + return false; + + switch (cl->status_code) { + case 301: + case 302: + case 307: + break; + default: + return false; + } + + blobmsg_parse(&location, 1, &tb, blob_data(uh->meta.head), blob_len(uh->meta.head)); + if (!tb) + return false; + + url = uclient_get_url(blobmsg_data(tb), url->auth); + if (!url) + return false; + + free(cl->url); + cl->url = url; + uclient_http_connect(cl); + uclient_http_request_done(cl); + + return true; +} + +int uclient_http_set_ssl_ctx(struct uclient *cl, const struct ustream_ssl_ops *ops, + struct ustream_ssl_ctx *ctx, bool require_validation) +{ + struct uclient_http *uh = container_of(cl, struct uclient_http, uc); + + if (cl->backend != &uclient_backend_http) + return -1; + + uclient_http_free_url_state(cl); + + uclient_http_free_ssl_ctx(uh); + uh->ssl_ops = ops; + uh->ssl_ctx = ctx; + uh->ssl_require_validation = !!ctx && require_validation; + + return 0; +} + +static void uclient_http_request_disconnect(struct uclient *cl) +{ + struct uclient_http *uh = container_of(cl, struct uclient_http, uc); + + if (!uh->us) + return; + + uh->eof = true; + uh->disconnect = true; + uloop_timeout_set(&uh->disconnect_t, 1); +} + +const struct uclient_backend uclient_backend_http = { .prefix = uclient_http_prefix, .alloc = uclient_http_alloc, .free = uclient_http_free, .connect = uclient_http_connect, + .disconnect = uclient_http_request_disconnect, .update_url = uclient_http_free_url_state, .read = uclient_http_read,