]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
2c85b752 | 2 | * Private HTTP definitions for CUPS. |
ef416fc2 | 3 | * |
378eeedf | 4 | * Copyright 2007-2018 by Apple Inc. |
2c85b752 | 5 | * Copyright 1997-2007 by Easy Software Products, all rights reserved. |
ef416fc2 | 6 | * |
378eeedf MS |
7 | * Licensed under Apache License v2.0. See the file "LICENSE" for more |
8 | * information. | |
ef416fc2 | 9 | */ |
10 | ||
11 | #ifndef _CUPS_HTTP_PRIVATE_H_ | |
12 | # define _CUPS_HTTP_PRIVATE_H_ | |
13 | ||
14 | /* | |
15 | * Include necessary headers... | |
16 | */ | |
17 | ||
71e16022 | 18 | # include "config.h" |
41e6c1f1 | 19 | # include <cups/language.h> |
5180a04c | 20 | # include <stddef.h> |
a74454a7 | 21 | # include <stdlib.h> |
ef416fc2 | 22 | |
23 | # ifdef __sun | |
ef416fc2 | 24 | # include <sys/select.h> |
25 | # endif /* __sun */ | |
26 | ||
27 | # include <limits.h> | |
19dc16f7 | 28 | # ifdef _WIN32 |
104c5283 | 29 | # define _WINSOCK_DEPRECATED_NO_WARNINGS 1 |
ef416fc2 | 30 | # include <io.h> |
31 | # include <winsock2.h> | |
db8b865d | 32 | # define CUPS_SOCAST (const char *) |
ef416fc2 | 33 | # else |
34 | # include <unistd.h> | |
35 | # include <fcntl.h> | |
36 | # include <sys/socket.h> | |
db8b865d | 37 | # define CUPS_SOCAST |
19dc16f7 | 38 | # endif /* _WIN32 */ |
ef416fc2 | 39 | |
f7deaa1a | 40 | # ifdef HAVE_GSSAPI |
eac3a0a0 MS |
41 | # ifdef HAVE_GSS_GSSAPI_H |
42 | # include <GSS/gssapi.h> | |
eac3a0a0 | 43 | # elif defined(HAVE_GSSAPI_GSSAPI_H) |
f7deaa1a | 44 | # include <gssapi/gssapi.h> |
eac3a0a0 | 45 | # elif defined(HAVE_GSSAPI_H) |
f7deaa1a | 46 | # include <gssapi.h> |
eac3a0a0 | 47 | # endif /* HAVE_GSS_GSSAPI_H */ |
f7deaa1a | 48 | # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE |
49 | # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name | |
50 | # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */ | |
51 | # endif /* HAVE_GSSAPI */ | |
52 | ||
b94498cf | 53 | # ifdef HAVE_AUTHORIZATION_H |
54 | # include <Security/Authorization.h> | |
55 | # endif /* HAVE_AUTHORIZATION_H */ | |
56 | ||
3dd9c340 | 57 | # if defined(__APPLE__) && !defined(_SOCKLEN_T) |
ef416fc2 | 58 | /* |
d4874933 | 59 | * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of |
ef416fc2 | 60 | * unsigned type for length values... |
61 | */ | |
62 | ||
63 | typedef int socklen_t; | |
3dd9c340 | 64 | # endif /* __APPLE__ && !_SOCKLEN_T */ |
ef416fc2 | 65 | |
71e16022 | 66 | # include <cups/http.h> |
fa73b229 | 67 | # include "ipp-private.h" |
ef416fc2 | 68 | |
724e1819 | 69 | # ifdef HAVE_GNUTLS |
07ed0e9a MS |
70 | # include <gnutls/gnutls.h> |
71 | # include <gnutls/x509.h> | |
07ed0e9a MS |
72 | # elif defined(HAVE_CDSASSL) |
73 | # include <CoreFoundation/CoreFoundation.h> | |
74 | # include <Security/Security.h> | |
75 | # include <Security/SecureTransport.h> | |
76 | # ifdef HAVE_SECITEM_H | |
77 | # include <Security/SecItem.h> | |
78 | # endif /* HAVE_SECITEM_H */ | |
07ed0e9a MS |
79 | # ifdef HAVE_SECCERTIFICATE_H |
80 | # include <Security/SecCertificate.h> | |
81 | # include <Security/SecIdentity.h> | |
82 | # endif /* HAVE_SECCERTIFICATE_H */ | |
07ed0e9a | 83 | # elif defined(HAVE_SSPISSL) |
2ece34a9 MS |
84 | # include <wincrypt.h> |
85 | # include <wintrust.h> | |
86 | # include <schannel.h> | |
87 | # define SECURITY_WIN32 | |
88 | # include <security.h> | |
89 | # include <sspi.h> | |
724e1819 | 90 | # endif /* HAVE_GNUTLS */ |
07ed0e9a | 91 | |
19dc16f7 | 92 | # ifndef _WIN32 |
07ed0e9a | 93 | # include <net/if.h> |
ed26f50f | 94 | # include <resolv.h> |
07ed0e9a MS |
95 | # ifdef HAVE_GETIFADDRS |
96 | # include <ifaddrs.h> | |
97 | # else | |
98 | # include <sys/ioctl.h> | |
99 | # ifdef HAVE_SYS_SOCKIO_H | |
100 | # include <sys/sockio.h> | |
101 | # endif /* HAVE_SYS_SOCKIO_H */ | |
102 | # endif /* HAVE_GETIFADDRS */ | |
19dc16f7 | 103 | # endif /* !_WIN32 */ |
07ed0e9a MS |
104 | |
105 | ||
106 | /* | |
107 | * C++ magic... | |
108 | */ | |
109 | ||
110 | # ifdef __cplusplus | |
111 | extern "C" { | |
112 | # endif /* __cplusplus */ | |
113 | ||
114 | ||
eac3a0a0 MS |
115 | /* |
116 | * Constants... | |
117 | */ | |
118 | ||
02c88e67 MS |
119 | # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ |
120 | # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ | |
121 | # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ | |
122 | # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ | |
123 | # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ | |
124 | ||
125 | # define _HTTP_TLS_NONE 0 /* No TLS options */ | |
126 | # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ | |
8f1fbdec MS |
127 | # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */ |
128 | # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */ | |
02c88e67 | 129 | # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */ |
63aefcd5 | 130 | |
8f1fbdec MS |
131 | # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */ |
132 | # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */ | |
133 | # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */ | |
134 | # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */ | |
135 | # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */ | |
136 | # define _HTTP_TLS_MAX 5 /* Highest known TLS version */ | |
137 | ||
eac3a0a0 | 138 | |
07ed0e9a MS |
139 | /* |
140 | * Types and functions for SSL support... | |
141 | */ | |
142 | ||
724e1819 | 143 | # ifdef HAVE_GNUTLS |
ef416fc2 | 144 | /* |
145 | * The GNU TLS library is more of a "bare metal" SSL/TLS library... | |
146 | */ | |
ef416fc2 | 147 | |
dd332638 | 148 | typedef gnutls_session_t http_tls_t; |
172bdf5d | 149 | typedef gnutls_certificate_credentials_t *http_tls_credentials_t; |
ef416fc2 | 150 | |
151 | # elif defined(HAVE_CDSASSL) | |
152 | /* | |
153 | * Darwin's Security framework provides its own SSL/TLS context structure | |
154 | * for its IO and protocol management... | |
155 | */ | |
156 | ||
7cf5915e MS |
157 | typedef SSLContextRef http_tls_t; |
158 | typedef CFArrayRef http_tls_credentials_t; | |
ef416fc2 | 159 | |
cc754834 | 160 | # elif defined(HAVE_SSPISSL) |
07ed0e9a MS |
161 | /* |
162 | * Windows' SSPI library gets a CUPS wrapper... | |
163 | */ | |
164 | ||
2ece34a9 MS |
165 | typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/ |
166 | { | |
167 | CredHandle creds; /* Credentials */ | |
168 | CtxtHandle context; /* SSL context */ | |
169 | BOOL contextInitialized; /* Is context init'd? */ | |
170 | SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */ | |
171 | BYTE *decryptBuffer; /* Data pre-decryption*/ | |
172 | size_t decryptBufferLength; /* Length of decrypt buffer */ | |
173 | size_t decryptBufferUsed; /* Bytes used in buffer */ | |
174 | BYTE *readBuffer; /* Data post-decryption */ | |
175 | int readBufferLength; /* Length of read buffer */ | |
176 | int readBufferUsed; /* Bytes used in buffer */ | |
177 | BYTE *writeBuffer; /* Data pre-encryption */ | |
178 | int writeBufferLength; /* Length of write buffer */ | |
2ece34a9 MS |
179 | PCCERT_CONTEXT localCert, /* Local certificate */ |
180 | remoteCert; /* Remote (peer's) certificate */ | |
d777d26d | 181 | char error[256]; /* Most recent error message */ |
2ece34a9 MS |
182 | } _http_sspi_t; |
183 | typedef _http_sspi_t *http_tls_t; | |
17eecbf1 | 184 | typedef PCCERT_CONTEXT http_tls_credentials_t; |
07ed0e9a | 185 | |
7cf5915e | 186 | # else |
07ed0e9a MS |
187 | /* |
188 | * Otherwise define stub types since we have no SSL support... | |
189 | */ | |
190 | ||
7cf5915e | 191 | typedef void *http_tls_t; |
07ed0e9a | 192 | typedef void *http_tls_credentials_t; |
724e1819 | 193 | # endif /* HAVE_GNUTLS */ |
ef416fc2 | 194 | |
a469f8a5 MS |
195 | typedef enum _http_coding_e /**** HTTP content coding enumeration ****/ |
196 | { | |
197 | _HTTP_CODING_IDENTITY, /* No content coding */ | |
198 | _HTTP_CODING_GZIP, /* LZ77+gzip decompression */ | |
199 | _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */ | |
200 | _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */ | |
201 | _HTTP_CODING_INFLATE /* LZ77+zlib decompression */ | |
202 | } _http_coding_t; | |
203 | ||
204 | typedef enum _http_mode_e /**** HTTP mode enumeration ****/ | |
205 | { | |
206 | _HTTP_MODE_CLIENT, /* Client connected to server */ | |
207 | _HTTP_MODE_SERVER /* Server connected (accepted) from client */ | |
208 | } _http_mode_t; | |
209 | ||
5ec1fd3d | 210 | # ifndef _HTTP_NO_PRIVATE |
a469f8a5 | 211 | struct _http_s /**** HTTP connection structure ****/ |
f7deaa1a | 212 | { |
213 | int fd; /* File descriptor for this socket */ | |
214 | int blocking; /* To block or not to block */ | |
215 | int error; /* Last error on read */ | |
216 | time_t activity; /* Time since last read/write */ | |
217 | http_state_t state; /* State of client */ | |
218 | http_status_t status; /* Status of last request */ | |
219 | http_version_t version; /* Protocol version */ | |
220 | http_keepalive_t keep_alive; /* Keep-alive supported? */ | |
85dda01c | 221 | struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */ |
f7deaa1a | 222 | char hostname[HTTP_MAX_HOST], |
223 | /* Name of connected host */ | |
378eeedf MS |
224 | _fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE]; |
225 | /* Field values up to Accept-Encoding (deprecated) */ | |
f7deaa1a | 226 | char *data; /* Pointer to data buffer */ |
227 | http_encoding_t data_encoding; /* Chunked or not */ | |
85dda01c | 228 | int _data_remaining;/* Number of bytes left (deprecated) */ |
f7deaa1a | 229 | int used; /* Number of bytes used in buffer */ |
230 | char buffer[HTTP_MAX_BUFFER]; | |
231 | /* Buffer for incoming data */ | |
5ec1fd3d | 232 | int _auth_type; /* Authentication in use (deprecated) */ |
7ec11630 | 233 | unsigned char _md5_state[88]; /* MD5 state (deprecated) */ |
f7deaa1a | 234 | char nonce[HTTP_MAX_VALUE]; |
235 | /* Nonce value */ | |
7ec11630 | 236 | unsigned nonce_count; /* Nonce count */ |
7cf5915e | 237 | http_tls_t tls; /* TLS state information */ |
f7deaa1a | 238 | http_encryption_t encryption; /* Encryption requirements */ |
a469f8a5 | 239 | |
f7deaa1a | 240 | /**** New in CUPS 1.1.19 ****/ |
85dda01c MS |
241 | fd_set *input_set; /* select() set for httpWait() (deprecated) */ |
242 | http_status_t expect; /* Expect: header */ | |
243 | char *cookie; /* Cookie value(s) */ | |
a469f8a5 | 244 | |
f7deaa1a | 245 | /**** New in CUPS 1.1.20 ****/ |
246 | char _authstring[HTTP_MAX_VALUE], | |
c1420c87 | 247 | /* Current Authorization value (deprecated) */ |
f7deaa1a | 248 | userpass[HTTP_MAX_VALUE]; |
85dda01c MS |
249 | /* Username:password string */ |
250 | int digest_tries; /* Number of tries for digest auth */ | |
a469f8a5 | 251 | |
f7deaa1a | 252 | /**** New in CUPS 1.2 ****/ |
85dda01c MS |
253 | off_t data_remaining; /* Number of bytes left */ |
254 | http_addr_t *hostaddr; /* Current host address and port */ | |
255 | http_addrlist_t *addrlist; /* List of valid addresses */ | |
f7deaa1a | 256 | char wbuffer[HTTP_MAX_BUFFER]; |
257 | /* Buffer for outgoing data */ | |
85dda01c | 258 | int wused; /* Write buffer bytes used */ |
a469f8a5 | 259 | |
f7deaa1a | 260 | /**** New in CUPS 1.3 ****/ |
c1420c87 | 261 | char *authstring; /* Current Authorization field */ |
f7deaa1a | 262 | # ifdef HAVE_GSSAPI |
85dda01c MS |
263 | gss_OID gssmech; /* Authentication mechanism */ |
264 | gss_ctx_id_t gssctx; /* Authentication context */ | |
265 | gss_name_t gssname; /* Authentication server name */ | |
f7deaa1a | 266 | # endif /* HAVE_GSSAPI */ |
b94498cf | 267 | # ifdef HAVE_AUTHORIZATION_H |
85dda01c | 268 | AuthorizationRef auth_ref; /* Authorization ref */ |
b94498cf | 269 | # endif /* HAVE_AUTHORIZATION_H */ |
a469f8a5 | 270 | |
7cf5915e MS |
271 | /**** New in CUPS 1.5 ****/ |
272 | http_tls_credentials_t tls_credentials; | |
85dda01c MS |
273 | /* TLS credentials */ |
274 | http_timeout_cb_t timeout_cb; /* Timeout callback */ | |
275 | void *timeout_data; /* User data pointer */ | |
276 | double timeout_value; /* Timeout in seconds */ | |
277 | int wait_value; /* httpWait value for timeout */ | |
eac3a0a0 MS |
278 | # ifdef HAVE_GSSAPI |
279 | char gsshost[256]; /* Hostname for Kerberos */ | |
280 | # endif /* HAVE_GSSAPI */ | |
a469f8a5 MS |
281 | |
282 | /**** New in CUPS 1.7 ****/ | |
cb7f98ee | 283 | int tls_upgrade; /* Non-zero if we are doing an upgrade */ |
a469f8a5 | 284 | _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */ |
a469f8a5 MS |
285 | # ifdef HAVE_LIBZ |
286 | _http_coding_t coding; /* _HTTP_CODING_xxx */ | |
5a855d85 MS |
287 | void *stream; /* (De)compression stream */ |
288 | unsigned char *sbuffer; /* (De)compression buffer */ | |
a469f8a5 | 289 | # endif /* HAVE_LIBZ */ |
7ec11630 | 290 | |
16f67389 MS |
291 | /**** New in CUPS 2.2.9 ****/ |
292 | char algorithm[65], /* Algorithm from WWW-Authenticate */ | |
293 | nextnonce[HTTP_MAX_VALUE], | |
294 | /* Next nonce value from Authentication-Info */ | |
295 | opaque[HTTP_MAX_VALUE], | |
296 | /* Opaque value from WWW-Authenticate */ | |
297 | realm[HTTP_MAX_VALUE]; | |
298 | /* Realm from WWW-Authenticate */ | |
299 | ||
7ec11630 | 300 | /**** New in CUPS 2.3 ****/ |
378eeedf MS |
301 | char *fields[HTTP_FIELD_MAX], |
302 | /* Allocated field values */ | |
303 | *default_fields[HTTP_FIELD_MAX]; | |
304 | /* Default field values, if any */ | |
f7deaa1a | 305 | }; |
5ec1fd3d | 306 | # endif /* !_HTTP_NO_PRIVATE */ |
f7deaa1a | 307 | |
308 | ||
ef416fc2 | 309 | /* |
310 | * Some OS's don't have hstrerror(), most notably Solaris... | |
311 | */ | |
312 | ||
313 | # ifndef HAVE_HSTRERROR | |
314 | extern const char *_cups_hstrerror(int error); | |
315 | # define hstrerror _cups_hstrerror | |
ef416fc2 | 316 | # endif /* !HAVE_HSTRERROR */ |
317 | ||
89d46774 | 318 | |
839a51c8 | 319 | /* |
1ff0402e | 320 | * Prototypes... |
839a51c8 MS |
321 | */ |
322 | ||
e3586875 | 323 | extern void _httpAddrSetPort(http_addr_t *addr, int port) _CUPS_PRIVATE; |
85dda01c | 324 | extern http_tls_credentials_t |
e3586875 | 325 | _httpCreateCredentials(cups_array_t *credentials) _CUPS_PRIVATE; |
1106b00e | 326 | extern char *_httpDecodeURI(char *dst, const char *src, |
e3586875 MS |
327 | size_t dstsize) _CUPS_PRIVATE; |
328 | extern void _httpDisconnect(http_t *http) _CUPS_PRIVATE; | |
5eb9da71 | 329 | extern char *_httpEncodeURI(char *dst, const char *src, |
e3586875 MS |
330 | size_t dstsize) _CUPS_PRIVATE; |
331 | extern void _httpFreeCredentials(http_tls_credentials_t credentials) _CUPS_PRIVATE; | |
5eb9da71 | 332 | extern const char *_httpResolveURI(const char *uri, char *resolved_uri, |
eac3a0a0 | 333 | size_t resolved_size, int options, |
07ed0e9a | 334 | int (*cb)(void *context), |
e3586875 MS |
335 | void *context) _CUPS_PRIVATE; |
336 | extern int _httpSetDigestAuthString(http_t *http, const char *nonce, const char *method, const char *resource) _CUPS_PRIVATE; | |
337 | extern const char *_httpStatus(cups_lang_t *lang, http_status_t status) _CUPS_PRIVATE; | |
338 | extern void _httpTLSInitialize(void) _CUPS_PRIVATE; | |
339 | extern size_t _httpTLSPending(http_t *http) _CUPS_PRIVATE; | |
340 | extern int _httpTLSRead(http_t *http, char *buf, int len) _CUPS_PRIVATE; | |
e3586875 MS |
341 | extern void _httpTLSSetOptions(int options, int min_version, int max_version) _CUPS_PRIVATE; |
342 | extern int _httpTLSStart(http_t *http) _CUPS_PRIVATE; | |
343 | extern void _httpTLSStop(http_t *http) _CUPS_PRIVATE; | |
344 | extern int _httpTLSWrite(http_t *http, const char *buf, int len) _CUPS_PRIVATE; | |
345 | extern int _httpUpdate(http_t *http, http_status_t *status) _CUPS_PRIVATE; | |
346 | extern int _httpWait(http_t *http, int msec, int usessl) _CUPS_PRIVATE; | |
6d2f911b MS |
347 | |
348 | ||
07ed0e9a MS |
349 | /* |
350 | * C++ magic... | |
351 | */ | |
352 | ||
353 | # ifdef __cplusplus | |
354 | } | |
355 | # endif /* __cplusplus */ | |
356 | ||
ef416fc2 | 357 | #endif /* !_CUPS_HTTP_PRIVATE_H_ */ |