[thirdparty/cups.git] / cups / http-private.h

/*
 * Private HTTP definitions for CUPS.
 *
 * Copyright 2007-2017 by Apple Inc.
 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
 *
 * These coded instructions, statements, and computer programs are the
 * property of Apple Inc. and are protected by Federal copyright
 * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 * which should have been included with this file.  If this file is
 * missing or damaged, see the license at "http://www.cups.org/".
 *
 * This file is subject to the Apple OS-Developed Software exception.
 */

#ifndef _CUPS_HTTP_PRIVATE_H_
#  define _CUPS_HTTP_PRIVATE_H_

/*
 * Include necessary headers...
 */

#  include "config.h"
#  include <cups/language.h>
#  include <stddef.h>
#  include <stdlib.h>

#  ifdef __sun
#    include <sys/select.h>
#  endif /* __sun */

#  include <limits.h>
#  ifdef WIN32
#    include <io.h>
#    include <winsock2.h>
#    define CUPS_SOCAST (const char *)
#  else
#    include <unistd.h>
#    include <fcntl.h>
#    include <sys/socket.h>
#    define CUPS_SOCAST
#  endif /* WIN32 */

#  ifdef HAVE_GSSAPI
#    ifdef HAVE_GSS_GSSAPI_H
#      include <GSS/gssapi.h>
#    elif defined(HAVE_GSSAPI_GSSAPI_H)
#      include <gssapi/gssapi.h>
#    elif defined(HAVE_GSSAPI_H)
#      include <gssapi.h>
#    endif /* HAVE_GSS_GSSAPI_H */
#    ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
#      define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
#    endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
#  endif /* HAVE_GSSAPI */

#  ifdef HAVE_AUTHORIZATION_H
#    include <Security/Authorization.h>
#  endif /* HAVE_AUTHORIZATION_H */

#  if defined(__APPLE__) && !defined(_SOCKLEN_T)
/*
 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
 * unsigned type for length values...
 */

typedef int socklen_t;
#  endif /* __APPLE__ && !_SOCKLEN_T */

#  include <cups/http.h>
#  include "md5-private.h"
#  include "ipp-private.h"

#  ifdef HAVE_GNUTLS
#    include <gnutls/gnutls.h>
#    include <gnutls/x509.h>
#  elif defined(HAVE_CDSASSL)
#    include <CoreFoundation/CoreFoundation.h>
#    include <Security/Security.h>
#    include <Security/SecureTransport.h>
#    ifdef HAVE_SECURETRANSPORTPRIV_H
#      include <Security/SecureTransportPriv.h>
#    endif /* HAVE_SECURETRANSPORTPRIV_H */
#    ifdef HAVE_SECITEM_H
#      include <Security/SecItem.h>
#    endif /* HAVE_SECITEM_H */
#    ifdef HAVE_SECBASEPRIV_H
#      include <Security/SecBasePriv.h>
#    endif /* HAVE_SECBASEPRIV_H */
#    ifdef HAVE_SECCERTIFICATE_H
#      include <Security/SecCertificate.h>
#      include <Security/SecIdentity.h>
#    endif /* HAVE_SECCERTIFICATE_H */
#    ifdef HAVE_SECCERTIFICATEPRIV_H
#      include <Security/SecCertificatePriv.h>
#    else
#      ifdef __cplusplus
extern "C" {
#      endif /* __cplusplus */
#      ifndef _SECURITY_VERSION_GREATER_THAN_57610_
typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
    kSecKeyUsageAll              = 0x7FFFFFFF
};
#       endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
extern const void * kSecCSRChallengePassword;
extern const void * kSecSubjectAltName;
extern const void * kSecCertificateKeyUsage;
extern const void * kSecCSRBasicContraintsPathLen;
extern const void * kSecCertificateExtensions;
extern const void * kSecCertificateExtensionsEncoded;
extern const void * kSecOidCommonName;
extern const void * kSecOidCountryName;
extern const void * kSecOidStateProvinceName;
extern const void * kSecOidLocalityName;
extern const void * kSecOidOrganization;
extern const void * kSecOidOrganizationalUnit;
extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
#      ifdef __cplusplus
}
#      endif /* __cplusplus */
#    endif /* HAVE_SECCERTIFICATEPRIV_H */
#    ifdef HAVE_SECITEMPRIV_H
#      include <Security/SecItemPriv.h>
#    endif /* HAVE_SECITEMPRIV_H */
#    ifdef HAVE_SECIDENTITYSEARCHPRIV_H
#      include <Security/SecIdentitySearchPriv.h>
#    endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
#    ifdef HAVE_SECPOLICYPRIV_H
#      include <Security/SecPolicyPriv.h>
#    endif /* HAVE_SECPOLICYPRIV_H */
#  elif defined(HAVE_SSPISSL)
#    include <wincrypt.h>
#    include <wintrust.h>
#    include <schannel.h>
#    define SECURITY_WIN32
#    include <security.h>
#    include <sspi.h>
#  endif /* HAVE_GNUTLS */

#  ifndef WIN32
#    include <net/if.h>
#    include <resolv.h>
#    ifdef HAVE_GETIFADDRS
#      include <ifaddrs.h>
#    else
#      include <sys/ioctl.h>
#      ifdef HAVE_SYS_SOCKIO_H
#        include <sys/sockio.h>
#      endif /* HAVE_SYS_SOCKIO_H */
#    endif /* HAVE_GETIFADDRS */
#  endif /* !WIN32 */

#  ifdef HAVE_LIBZ
#    include <zlib.h>
#  endif /* HAVE_LIBZ */


/*
 * C++ magic...
 */

#  ifdef __cplusplus
extern "C" {
#  endif /* __cplusplus */


/*
 * Constants...
 */


#define _HTTP_MAX_SBUFFER	65536	/* Size of (de)compression buffer */
#define _HTTP_RESOLVE_DEFAULT	0	/* Just resolve with default options */
#define _HTTP_RESOLVE_STDERR	1	/* Log resolve progress to stderr */
#define _HTTP_RESOLVE_FQDN	2	/* Resolve to a FQDN */
#define _HTTP_RESOLVE_FAXOUT	4	/* Resolve FaxOut service? */

#define _HTTP_TLS_NONE		0	/* No TLS options */
#define _HTTP_TLS_ALLOW_RC4	1	/* Allow RC4 cipher suites */
#define _HTTP_TLS_ALLOW_SSL3	2	/* Allow SSL 3.0 */
#define _HTTP_TLS_ALLOW_DH	4	/* Allow DH/DHE key negotiation */
#define _HTTP_TLS_DENY_TLS10	16	/* Deny TLS 1.0 */
#define _HTTP_TLS_DENY_CBC	32	/* Deny CBC cipher suites */
#define _HTTP_TLS_ONLY_TLS10    64      /* Only use TLS 1.0 */


/*
 * Types and functions for SSL support...
 */

#  ifdef HAVE_GNUTLS
/*
 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
 */

typedef gnutls_session_t http_tls_t;
typedef gnutls_certificate_credentials_t *http_tls_credentials_t;

#  elif defined(HAVE_CDSASSL)
/*
 * Darwin's Security framework provides its own SSL/TLS context structure
 * for its IO and protocol management...
 */

#    if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
extern const char *cssmErrorString(int error);
#    endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
#    if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
				CFStringRef idString, CSSM_KEYUSE keyUsage,
				CFTypeRef keychainOrArray,
				Boolean returnOnlyValidIdentities,
				SecIdentitySearchRef* searchRef);
#    endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
#    if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
                                  const CSSM_DATA *value);
#    endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */

typedef SSLContextRef	http_tls_t;
typedef CFArrayRef	http_tls_credentials_t;

#  elif defined(HAVE_SSPISSL)
/*
 * Windows' SSPI library gets a CUPS wrapper...
 */

typedef struct _http_sspi_s		/**** SSPI/SSL data structure ****/
{
  CredHandle	creds;			/* Credentials */
  CtxtHandle	context;		/* SSL context */
  BOOL		contextInitialized;	/* Is context init'd? */
  SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
  BYTE		*decryptBuffer;		/* Data pre-decryption*/
  size_t	decryptBufferLength;	/* Length of decrypt buffer */
  size_t	decryptBufferUsed;	/* Bytes used in buffer */
  BYTE		*readBuffer;		/* Data post-decryption */
  int		readBufferLength;	/* Length of read buffer */
  int		readBufferUsed;		/* Bytes used in buffer */
  BYTE		*writeBuffer;		/* Data pre-encryption */
  int		writeBufferLength;	/* Length of write buffer */
  PCCERT_CONTEXT localCert,		/* Local certificate */
		remoteCert;		/* Remote (peer's) certificate */
  char		error[256];		/* Most recent error message */
} _http_sspi_t;
typedef _http_sspi_t *http_tls_t;
typedef PCCERT_CONTEXT http_tls_credentials_t;

#  else
/*
 * Otherwise define stub types since we have no SSL support...
 */

typedef void *http_tls_t;
typedef void *http_tls_credentials_t;
#  endif /* HAVE_GNUTLS */

typedef enum _http_coding_e		/**** HTTP content coding enumeration ****/
{
  _HTTP_CODING_IDENTITY,		/* No content coding */
  _HTTP_CODING_GZIP,			/* LZ77+gzip decompression */
  _HTTP_CODING_DEFLATE,			/* LZ77+zlib compression */
  _HTTP_CODING_GUNZIP,			/* LZ77+gzip decompression */
  _HTTP_CODING_INFLATE			/* LZ77+zlib decompression */
} _http_coding_t;

typedef enum _http_mode_e		/**** HTTP mode enumeration ****/
{
  _HTTP_MODE_CLIENT,			/* Client connected to server */
  _HTTP_MODE_SERVER			/* Server connected (accepted) from client */
} _http_mode_t;

#  ifndef _HTTP_NO_PRIVATE
struct _http_s				/**** HTTP connection structure ****/
{
  int			fd;		/* File descriptor for this socket */
  int			blocking;	/* To block or not to block */
  int			error;		/* Last error on read */
  time_t		activity;	/* Time since last read/write */
  http_state_t		state;		/* State of client */
  http_status_t		status;		/* Status of last request */
  http_version_t	version;	/* Protocol version */
  http_keepalive_t	keep_alive;	/* Keep-alive supported? */
  struct sockaddr_in	_hostaddr;	/* Address of connected host (deprecated) */
  char			hostname[HTTP_MAX_HOST],
  					/* Name of connected host */
			fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
					/* Field values up to Accept-Encoding */
  char			*data;		/* Pointer to data buffer */
  http_encoding_t	data_encoding;	/* Chunked or not */
  int			_data_remaining;/* Number of bytes left (deprecated) */
  int			used;		/* Number of bytes used in buffer */
  char			buffer[HTTP_MAX_BUFFER];
					/* Buffer for incoming data */
  int			_auth_type;	/* Authentication in use (deprecated) */
  _cups_md5_state_t	md5_state;	/* MD5 state */
  char			nonce[HTTP_MAX_VALUE];
					/* Nonce value */
  int			nonce_count;	/* Nonce count */
  http_tls_t		tls;		/* TLS state information */
  http_encryption_t	encryption;	/* Encryption requirements */

  /**** New in CUPS 1.1.19 ****/
  fd_set		*input_set;	/* select() set for httpWait() (deprecated) */
  http_status_t		expect;		/* Expect: header */
  char			*cookie;	/* Cookie value(s) */

  /**** New in CUPS 1.1.20 ****/
  char			_authstring[HTTP_MAX_VALUE],
					/* Current Authorization value (deprecated) */
			userpass[HTTP_MAX_VALUE];
					/* Username:password string */
  int			digest_tries;	/* Number of tries for digest auth */

  /**** New in CUPS 1.2 ****/
  off_t			data_remaining;	/* Number of bytes left */
  http_addr_t		*hostaddr;	/* Current host address and port */
  http_addrlist_t	*addrlist;	/* List of valid addresses */
  char			wbuffer[HTTP_MAX_BUFFER];
					/* Buffer for outgoing data */
  int			wused;		/* Write buffer bytes used */

  /**** New in CUPS 1.3 ****/
  char			*field_authorization;
					/* Authorization field */
  char			*authstring;	/* Current Authorization field */
#  ifdef HAVE_GSSAPI
  gss_OID 		gssmech;	/* Authentication mechanism */
  gss_ctx_id_t		gssctx;		/* Authentication context */
  gss_name_t		gssname;	/* Authentication server name */
#  endif /* HAVE_GSSAPI */
#  ifdef HAVE_AUTHORIZATION_H
  AuthorizationRef	auth_ref;	/* Authorization ref */
#  endif /* HAVE_AUTHORIZATION_H */

  /**** New in CUPS 1.5 ****/
  http_tls_credentials_t tls_credentials;
					/* TLS credentials */
  http_timeout_cb_t	timeout_cb;	/* Timeout callback */
  void			*timeout_data;	/* User data pointer */
  double		timeout_value;	/* Timeout in seconds */
  int			wait_value;	/* httpWait value for timeout */
#  ifdef HAVE_GSSAPI
  char			gsshost[256];	/* Hostname for Kerberos */
#  endif /* HAVE_GSSAPI */

  /**** New in CUPS 1.7 ****/
  int			tls_upgrade;	/* Non-zero if we are doing an upgrade */
  _http_mode_t		mode;		/* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
  char			*accept_encoding,
					/* Accept-Encoding field */
			*allow,		/* Allow field */
			*server,	/* Server field */
			*default_accept_encoding,
			*default_server,
			*default_user_agent;
					/* Default field values */
#  ifdef HAVE_LIBZ
  _http_coding_t	coding;		/* _HTTP_CODING_xxx */
  z_stream		stream;		/* (De)compression stream */
  Bytef			*sbuffer;	/* (De)compression buffer */
#  endif /* HAVE_LIBZ */
};
#  endif /* !_HTTP_NO_PRIVATE */


/*
 * Some OS's don't have hstrerror(), most notably Solaris...
 */

#  ifndef HAVE_HSTRERROR
extern const char *_cups_hstrerror(int error);
#    define hstrerror _cups_hstrerror
#  endif /* !HAVE_HSTRERROR */


/*
 * Some OS's don't have getifaddrs() and freeifaddrs()...
 */

#  if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
#    ifdef ifa_dstaddr
#      undef ifa_dstaddr
#    endif /* ifa_dstaddr */
#    ifndef ifr_netmask
#      define ifr_netmask ifr_addr
#    endif /* !ifr_netmask */

struct ifaddrs				/**** Interface Structure ****/
{
  struct ifaddrs	*ifa_next;	/* Next interface in list */
  char			*ifa_name;	/* Name of interface */
  unsigned int		ifa_flags;	/* Flags (up, point-to-point, etc.) */
  struct sockaddr	*ifa_addr,	/* Network address */
			*ifa_netmask;	/* Address mask */
  union
  {
    struct sockaddr	*ifu_broadaddr;	/* Broadcast address of this interface. */
    struct sockaddr	*ifu_dstaddr;	/* Point-to-point destination address. */
  } ifa_ifu;

  void			*ifa_data;	/* Interface statistics */
};

#    ifndef ifa_broadaddr
#      define ifa_broadaddr ifa_ifu.ifu_broadaddr
#    endif /* !ifa_broadaddr */
#    ifndef ifa_dstaddr
#      define ifa_dstaddr ifa_ifu.ifu_dstaddr
#    endif /* !ifa_dstaddr */

extern int	_cups_getifaddrs(struct ifaddrs **addrs);
#    define getifaddrs _cups_getifaddrs
extern void	_cups_freeifaddrs(struct ifaddrs *addrs);
#    define freeifaddrs _cups_freeifaddrs
#  endif /* !WIN32 && !HAVE_GETIFADDRS */


/*
 * Prototypes...
 */

extern void		_httpAddrSetPort(http_addr_t *addr, int port);
extern http_tls_credentials_t
			_httpCreateCredentials(cups_array_t *credentials);
extern char		*_httpDecodeURI(char *dst, const char *src,
			                size_t dstsize);
extern void		_httpDisconnect(http_t *http);
extern char		*_httpEncodeURI(char *dst, const char *src,
			                size_t dstsize);
extern void		_httpFreeCredentials(http_tls_credentials_t credentials);
extern const char	*_httpResolveURI(const char *uri, char *resolved_uri,
			                 size_t resolved_size, int options,
					 int (*cb)(void *context),
					 void *context);
extern const char	*_httpStatus(cups_lang_t *lang, http_status_t status);
extern void		_httpTLSInitialize(void);
extern size_t		_httpTLSPending(http_t *http);
extern int		_httpTLSRead(http_t *http, char *buf, int len);
extern int		_httpTLSSetCredentials(http_t *http);
extern void		_httpTLSSetOptions(int options);
extern int		_httpTLSStart(http_t *http);
extern void		_httpTLSStop(http_t *http);
extern int		_httpTLSWrite(http_t *http, const char *buf, int len);
extern int		_httpUpdate(http_t *http, http_status_t *status);
extern int		_httpWait(http_t *http, int msec, int usessl);


/*
 * C++ magic...
 */

#  ifdef __cplusplus
}
#  endif /* __cplusplus */

#endif /* !_CUPS_HTTP_PRIVATE_H_ */
Commit	Line	Data
ef416fc2	1	/*
2c85b752	2	* Private HTTP definitions for CUPS.
ef416fc2	3	*
f2e87147	4	* Copyright 2007-2017 by Apple Inc.
2c85b752	5	* Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2	6	*
2c85b752 MS	7	* These coded instructions, statements, and computer programs are the
	8	* property of Apple Inc. and are protected by Federal copyright
	9	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	10	* which should have been included with this file. If this file is
57b7b66b	11	* missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	12	*
2c85b752	13	* This file is subject to the Apple OS-Developed Software exception.
ef416fc2	14	*/
	15
	16	#ifndef _CUPS_HTTP_PRIVATE_H_
	17	# define _CUPS_HTTP_PRIVATE_H_
	18
	19	/*
	20	* Include necessary headers...
	21	*/
	22
71e16022	23	# include "config.h"
41e6c1f1	24	# include <cups/language.h>
5180a04c	25	# include <stddef.h>
a74454a7	26	# include <stdlib.h>
ef416fc2	27
ef416fc2	28	# ifdef __sun
ef416fc2	29	# include <sys/select.h>
	30	# endif /* __sun */
	31
	32	# include <limits.h>
	33	# ifdef WIN32
	34	# include <io.h>
	35	# include <winsock2.h>
db8b865d	36	# define CUPS_SOCAST (const char *)
ef416fc2	37	# else
	38	# include <unistd.h>
	39	# include <fcntl.h>
	40	# include <sys/socket.h>
db8b865d	41	# define CUPS_SOCAST
ef416fc2	42	# endif /* WIN32 */
ef416fc2	43
f7deaa1a	44	# ifdef HAVE_GSSAPI
eac3a0a0 MS	45	# ifdef HAVE_GSS_GSSAPI_H
eac3a0a0 MS	46	# include <GSS/gssapi.h>
eac3a0a0	47	# elif defined(HAVE_GSSAPI_GSSAPI_H)
f7deaa1a	48	# include <gssapi/gssapi.h>
eac3a0a0	49	# elif defined(HAVE_GSSAPI_H)
f7deaa1a	50	# include <gssapi.h>
eac3a0a0	51	# endif /* HAVE_GSS_GSSAPI_H */
f7deaa1a	52	# ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
	53	# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
	54	# endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
	55	# endif /* HAVE_GSSAPI */
	56
b94498cf	57	# ifdef HAVE_AUTHORIZATION_H
	58	# include <Security/Authorization.h>
	59	# endif /* HAVE_AUTHORIZATION_H */
	60
3dd9c340	61	# if defined(__APPLE__) && !defined(_SOCKLEN_T)
ef416fc2	62	/*
d4874933	63	* macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
ef416fc2	64	* unsigned type for length values...
	65	*/
	66
	67	typedef int socklen_t;
3dd9c340	68	# endif /* __APPLE__ && !_SOCKLEN_T */
ef416fc2	69
71e16022 MS	70	# include <cups/http.h>
71e16022 MS	71	# include "md5-private.h"
fa73b229	72	# include "ipp-private.h"
ef416fc2	73
724e1819	74	# ifdef HAVE_GNUTLS
07ed0e9a MS	75	# include <gnutls/gnutls.h>
07ed0e9a MS	76	# include <gnutls/x509.h>
07ed0e9a MS	77	# elif defined(HAVE_CDSASSL)
	78	# include <CoreFoundation/CoreFoundation.h>
	79	# include <Security/Security.h>
	80	# include <Security/SecureTransport.h>
eac3a0a0 MS	81	# ifdef HAVE_SECURETRANSPORTPRIV_H
	82	# include <Security/SecureTransportPriv.h>
	83	# endif /* HAVE_SECURETRANSPORTPRIV_H */
07ed0e9a MS	84	# ifdef HAVE_SECITEM_H
	85	# include <Security/SecItem.h>
	86	# endif /* HAVE_SECITEM_H */
	87	# ifdef HAVE_SECBASEPRIV_H
	88	# include <Security/SecBasePriv.h>
	89	# endif /* HAVE_SECBASEPRIV_H */
	90	# ifdef HAVE_SECCERTIFICATE_H
	91	# include <Security/SecCertificate.h>
	92	# include <Security/SecIdentity.h>
	93	# endif /* HAVE_SECCERTIFICATE_H */
9653cfdf MS	94	# ifdef HAVE_SECCERTIFICATEPRIV_H
	95	# include <Security/SecCertificatePriv.h>
	96	# else
	97	# ifdef __cplusplus
	98	extern "C" {
	99	# endif /* __cplusplus */
de8c34f8	100	# ifndef _SECURITY_VERSION_GREATER_THAN_57610_
558883c6 MS	101	typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
	102	kSecKeyUsageAll = 0x7FFFFFFF
	103	};
de8c34f8	104	# endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
558883c6 MS	105	extern const void * kSecCSRChallengePassword;
	106	extern const void * kSecSubjectAltName;
	107	extern const void * kSecCertificateKeyUsage;
	108	extern const void * kSecCSRBasicContraintsPathLen;
	109	extern const void * kSecCertificateExtensions;
	110	extern const void * kSecCertificateExtensionsEncoded;
	111	extern const void * kSecOidCommonName;
	112	extern const void * kSecOidCountryName;
	113	extern const void * kSecOidStateProvinceName;
	114	extern const void * kSecOidLocalityName;
	115	extern const void * kSecOidOrganization;
	116	extern const void * kSecOidOrganizationalUnit;
9653cfdf MS	117	extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
	118	extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
	119	extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
558883c6 MS	120	extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
558883c6 MS	121	extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
9653cfdf MS	122	# ifdef __cplusplus
	123	}
	124	# endif /* __cplusplus */
	125	# endif /* HAVE_SECCERTIFICATEPRIV_H */
07ed0e9a MS	126	# ifdef HAVE_SECITEMPRIV_H
	127	# include <Security/SecItemPriv.h>
	128	# endif /* HAVE_SECITEMPRIV_H */
	129	# ifdef HAVE_SECIDENTITYSEARCHPRIV_H
	130	# include <Security/SecIdentitySearchPriv.h>
	131	# endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
	132	# ifdef HAVE_SECPOLICYPRIV_H
	133	# include <Security/SecPolicyPriv.h>
	134	# endif /* HAVE_SECPOLICYPRIV_H */
	135	# elif defined(HAVE_SSPISSL)
2ece34a9 MS	136	# include <wincrypt.h>
	137	# include <wintrust.h>
	138	# include <schannel.h>
	139	# define SECURITY_WIN32
	140	# include <security.h>
	141	# include <sspi.h>
724e1819	142	# endif /* HAVE_GNUTLS */
07ed0e9a MS	143
	144	# ifndef WIN32
	145	# include <net/if.h>
ed26f50f	146	# include <resolv.h>
07ed0e9a MS	147	# ifdef HAVE_GETIFADDRS
	148	# include <ifaddrs.h>
	149	# else
	150	# include <sys/ioctl.h>
	151	# ifdef HAVE_SYS_SOCKIO_H
	152	# include <sys/sockio.h>
	153	# endif /* HAVE_SYS_SOCKIO_H */
	154	# endif /* HAVE_GETIFADDRS */
	155	# endif /* !WIN32 */
	156
a469f8a5 MS	157	# ifdef HAVE_LIBZ
	158	# include <zlib.h>
	159	# endif /* HAVE_LIBZ */
	160
07ed0e9a MS	161
	162	/*
	163	* C++ magic...
	164	*/
	165
	166	# ifdef __cplusplus
	167	extern "C" {
	168	# endif /* __cplusplus */
	169
	170
eac3a0a0 MS	171	/*
	172	* Constants...
	173	*/
	174
	175
291e4727	176	#define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
eac3a0a0 MS	177	#define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
	178	#define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
	179	#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
f3c17241	180	#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
eac3a0a0	181
ee6226a5	182	#define _HTTP_TLS_NONE 0 /* No TLS options */
63aefcd5	183	#define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
d627bfa0	184	#define _HTTP_TLS_ALLOW_SSL3 2 /* Allow SSL 3.0 */
ee6226a5 MS	185	#define _HTTP_TLS_ALLOW_DH 4 /* Allow DH/DHE key negotiation */
ee6226a5 MS	186	#define _HTTP_TLS_DENY_TLS10 16 /* Deny TLS 1.0 */
f2e87147	187	#define _HTTP_TLS_DENY_CBC 32 /* Deny CBC cipher suites */
4f272af7	188	#define _HTTP_TLS_ONLY_TLS10 64 /* Only use TLS 1.0 */
63aefcd5	189
eac3a0a0	190
07ed0e9a MS	191	/*
	192	* Types and functions for SSL support...
	193	*/
	194
724e1819	195	# ifdef HAVE_GNUTLS
ef416fc2	196	/*
	197	* The GNU TLS library is more of a "bare metal" SSL/TLS library...
	198	*/
ef416fc2	199
dd332638	200	typedef gnutls_session_t http_tls_t;
172bdf5d	201	typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
ef416fc2	202
	203	# elif defined(HAVE_CDSASSL)
	204	/*
	205	* Darwin's Security framework provides its own SSL/TLS context structure
	206	* for its IO and protocol management...
	207	*/
	208
07ed0e9a	209	# if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
7cf5915e	210	extern const char *cssmErrorString(int error);
07ed0e9a	211	# endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
07ed0e9a	212	# if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
7cf5915e MS	213	extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
	214	CFStringRef idString, CSSM_KEYUSE keyUsage,
	215	CFTypeRef keychainOrArray,
	216	Boolean returnOnlyValidIdentities,
	217	SecIdentitySearchRef* searchRef);
07ed0e9a MS	218	# endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
07ed0e9a MS	219	# if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
7cf5915e MS	220	extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
7cf5915e MS	221	const CSSM_DATA *value);
07ed0e9a	222	# endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
7cf5915e MS	223
	224	typedef SSLContextRef http_tls_t;
	225	typedef CFArrayRef http_tls_credentials_t;
ef416fc2	226
cc754834	227	# elif defined(HAVE_SSPISSL)
07ed0e9a MS	228	/*
	229	* Windows' SSPI library gets a CUPS wrapper...
	230	*/
	231
2ece34a9 MS	232	typedef struct _http_sspi_s /** SSPI/SSL data structure **/
	233	{
	234	CredHandle creds; /* Credentials */
	235	CtxtHandle context; /* SSL context */
	236	BOOL contextInitialized; /* Is context init'd? */
	237	SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
	238	BYTE decryptBuffer; / Data pre-decryption*/
	239	size_t decryptBufferLength; /* Length of decrypt buffer */
	240	size_t decryptBufferUsed; /* Bytes used in buffer */
	241	BYTE readBuffer; / Data post-decryption */
	242	int readBufferLength; /* Length of read buffer */
	243	int readBufferUsed; /* Bytes used in buffer */
	244	BYTE writeBuffer; / Data pre-encryption */
	245	int writeBufferLength; /* Length of write buffer */
2ece34a9 MS	246	PCCERT_CONTEXT localCert, /* Local certificate */
2ece34a9 MS	247	remoteCert; /* Remote (peer's) certificate */
d777d26d	248	char error[256]; /* Most recent error message */
2ece34a9 MS	249	} _http_sspi_t;
2ece34a9 MS	250	typedef _http_sspi_t *http_tls_t;
17eecbf1	251	typedef PCCERT_CONTEXT http_tls_credentials_t;
07ed0e9a	252
7cf5915e	253	# else
07ed0e9a MS	254	/*
	255	* Otherwise define stub types since we have no SSL support...
	256	*/
	257
7cf5915e	258	typedef void *http_tls_t;
07ed0e9a	259	typedef void *http_tls_credentials_t;
724e1819	260	# endif /* HAVE_GNUTLS */
ef416fc2	261
a469f8a5 MS	262	typedef enum _http_coding_e /** HTTP content coding enumeration **/
	263	{
	264	_HTTP_CODING_IDENTITY, /* No content coding */
	265	_HTTP_CODING_GZIP, /* LZ77+gzip decompression */
	266	_HTTP_CODING_DEFLATE, /* LZ77+zlib compression */
	267	_HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */
	268	_HTTP_CODING_INFLATE /* LZ77+zlib decompression */
	269	} _http_coding_t;
	270
	271	typedef enum _http_mode_e /** HTTP mode enumeration **/
	272	{
	273	_HTTP_MODE_CLIENT, /* Client connected to server */
	274	_HTTP_MODE_SERVER /* Server connected (accepted) from client */
	275	} _http_mode_t;
	276
5ec1fd3d	277	# ifndef _HTTP_NO_PRIVATE
a469f8a5	278	struct _http_s /** HTTP connection structure **/
f7deaa1a	279	{
	280	int fd; /* File descriptor for this socket */
	281	int blocking; /* To block or not to block */
	282	int error; /* Last error on read */
	283	time_t activity; /* Time since last read/write */
	284	http_state_t state; /* State of client */
	285	http_status_t status; /* Status of last request */
	286	http_version_t version; /* Protocol version */
	287	http_keepalive_t keep_alive; /* Keep-alive supported? */
85dda01c	288	struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */
f7deaa1a	289	char hostname[HTTP_MAX_HOST],
f7deaa1a	290	/* Name of connected host */
a469f8a5 MS	291	fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
a469f8a5 MS	292	/* Field values up to Accept-Encoding */
f7deaa1a	293	char data; / Pointer to data buffer */
f7deaa1a	294	http_encoding_t data_encoding; /* Chunked or not */
85dda01c	295	int _data_remaining;/* Number of bytes left (deprecated) */
f7deaa1a	296	int used; /* Number of bytes used in buffer */
	297	char buffer[HTTP_MAX_BUFFER];
	298	/* Buffer for incoming data */
5ec1fd3d	299	int _auth_type; /* Authentication in use (deprecated) */
f7deaa1a	300	_cups_md5_state_t md5_state; /* MD5 state */
	301	char nonce[HTTP_MAX_VALUE];
	302	/* Nonce value */
	303	int nonce_count; /* Nonce count */
7cf5915e	304	http_tls_t tls; /* TLS state information */
f7deaa1a	305	http_encryption_t encryption; /* Encryption requirements */
a469f8a5	306
f7deaa1a	307	/** New in CUPS 1.1.19 **/
85dda01c MS	308	fd_set input_set; / select() set for httpWait() (deprecated) */
	309	http_status_t expect; /* Expect: header */
	310	char cookie; / Cookie value(s) */
a469f8a5	311
f7deaa1a	312	/** New in CUPS 1.1.20 **/
f7deaa1a	313	char _authstring[HTTP_MAX_VALUE],
c1420c87	314	/* Current Authorization value (deprecated) */
f7deaa1a	315	userpass[HTTP_MAX_VALUE];
85dda01c MS	316	/* Username:password string */
85dda01c MS	317	int digest_tries; /* Number of tries for digest auth */
a469f8a5	318
f7deaa1a	319	/** New in CUPS 1.2 **/
85dda01c MS	320	off_t data_remaining; /* Number of bytes left */
	321	http_addr_t hostaddr; / Current host address and port */
	322	http_addrlist_t addrlist; / List of valid addresses */
f7deaa1a	323	char wbuffer[HTTP_MAX_BUFFER];
f7deaa1a	324	/* Buffer for outgoing data */
85dda01c	325	int wused; /* Write buffer bytes used */
a469f8a5	326
f7deaa1a	327	/** New in CUPS 1.3 **/
f7deaa1a	328	char *field_authorization;
85dda01c	329	/* Authorization field */
c1420c87	330	char authstring; / Current Authorization field */
f7deaa1a	331	# ifdef HAVE_GSSAPI
85dda01c MS	332	gss_OID gssmech; /* Authentication mechanism */
	333	gss_ctx_id_t gssctx; /* Authentication context */
	334	gss_name_t gssname; /* Authentication server name */
f7deaa1a	335	# endif /* HAVE_GSSAPI */
b94498cf	336	# ifdef HAVE_AUTHORIZATION_H
85dda01c	337	AuthorizationRef auth_ref; /* Authorization ref */
b94498cf	338	# endif /* HAVE_AUTHORIZATION_H */
a469f8a5	339
7cf5915e MS	340	/** New in CUPS 1.5 **/
7cf5915e MS	341	http_tls_credentials_t tls_credentials;
85dda01c MS	342	/* TLS credentials */
	343	http_timeout_cb_t timeout_cb; /* Timeout callback */
	344	void timeout_data; / User data pointer */
	345	double timeout_value; /* Timeout in seconds */
	346	int wait_value; /* httpWait value for timeout */
eac3a0a0 MS	347	# ifdef HAVE_GSSAPI
	348	char gsshost[256]; /* Hostname for Kerberos */
	349	# endif /* HAVE_GSSAPI */
a469f8a5 MS	350
a469f8a5 MS	351	/** New in CUPS 1.7 **/
cb7f98ee	352	int tls_upgrade; /* Non-zero if we are doing an upgrade */
a469f8a5 MS	353	_http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
	354	char *accept_encoding,
	355	/* Accept-Encoding field */
	356	allow, / Allow field */
c1420c87 MS	357	server, / Server field */
	358	*default_accept_encoding,
	359	*default_server,
	360	*default_user_agent;
	361	/* Default field values */
a469f8a5 MS	362	# ifdef HAVE_LIBZ
	363	_http_coding_t coding; /* _HTTP_CODING_xxx */
	364	z_stream stream; /* (De)compression stream */
291e4727	365	Bytef sbuffer; / (De)compression buffer */
a469f8a5	366	# endif /* HAVE_LIBZ */
f7deaa1a	367	};
5ec1fd3d	368	# endif /* !_HTTP_NO_PRIVATE */
f7deaa1a	369
f7deaa1a	370
ef416fc2	371	/*
	372	* Some OS's don't have hstrerror(), most notably Solaris...
	373	*/
	374
	375	# ifndef HAVE_HSTRERROR
	376	extern const char *_cups_hstrerror(int error);
	377	# define hstrerror _cups_hstrerror
ef416fc2	378	# endif /* !HAVE_HSTRERROR */
ef416fc2	379
89d46774	380
	381	/*
	382	* Some OS's don't have getifaddrs() and freeifaddrs()...
	383	*/
	384
07ed0e9a MS	385	# if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
	386	# ifdef ifa_dstaddr
	387	# undef ifa_dstaddr
	388	# endif /* ifa_dstaddr */
	389	# ifndef ifr_netmask
	390	# define ifr_netmask ifr_addr
	391	# endif /* !ifr_netmask */
89d46774	392
	393	struct ifaddrs /** Interface Structure **/
	394	{
	395	struct ifaddrs ifa_next; / Next interface in list */
	396	char ifa_name; / Name of interface */
	397	unsigned int ifa_flags; /* Flags (up, point-to-point, etc.) */
	398	struct sockaddr ifa_addr, / Network address */
f301802f	399	ifa_netmask; / Address mask */
	400	union
	401	{
	402	struct sockaddr ifu_broadaddr; / Broadcast address of this interface. */
	403	struct sockaddr ifu_dstaddr; / Point-to-point destination address. */
	404	} ifa_ifu;
	405
89d46774	406	void ifa_data; / Interface statistics */
	407	};
	408
07ed0e9a MS	409	# ifndef ifa_broadaddr
	410	# define ifa_broadaddr ifa_ifu.ifu_broadaddr
	411	# endif /* !ifa_broadaddr */
	412	# ifndef ifa_dstaddr
	413	# define ifa_dstaddr ifa_ifu.ifu_dstaddr
	414	# endif /* !ifa_dstaddr */
f301802f	415
a74454a7	416	extern int _cups_getifaddrs(struct ifaddrs **addrs);
07ed0e9a	417	# define getifaddrs _cups_getifaddrs
a74454a7	418	extern void _cups_freeifaddrs(struct ifaddrs *addrs);
07ed0e9a MS	419	# define freeifaddrs _cups_freeifaddrs
	420	# endif /* !WIN32 && !HAVE_GETIFADDRS */
	421
89d46774	422
839a51c8	423	/*
1ff0402e	424	* Prototypes...
839a51c8 MS	425	*/
839a51c8 MS	426
22c9029b	427	extern void _httpAddrSetPort(http_addr_t *addr, int port);
85dda01c MS	428	extern http_tls_credentials_t
85dda01c MS	429	_httpCreateCredentials(cups_array_t *credentials);
1106b00e MS	430	extern char _httpDecodeURI(char dst, const char *src,
1106b00e MS	431	size_t dstsize);
6d2f911b	432	extern void _httpDisconnect(http_t *http);
5eb9da71 MS	433	extern char _httpEncodeURI(char dst, const char *src,
5eb9da71 MS	434	size_t dstsize);
7cf5915e	435	extern void _httpFreeCredentials(http_tls_credentials_t credentials);
5eb9da71	436	extern const char _httpResolveURI(const char uri, char *resolved_uri,
eac3a0a0	437	size_t resolved_size, int options,
07ed0e9a MS	438	int (cb)(void context),
07ed0e9a MS	439	void *context);
41e6c1f1	440	extern const char _httpStatus(cups_lang_t lang, http_status_t status);
25731360 MS	441	extern void _httpTLSInitialize(void);
	442	extern size_t _httpTLSPending(http_t *http);
	443	extern int _httpTLSRead(http_t http, char buf, int len);
	444	extern int _httpTLSSetCredentials(http_t *http);
63aefcd5	445	extern void _httpTLSSetOptions(int options);
25731360 MS	446	extern int _httpTLSStart(http_t *http);
	447	extern void _httpTLSStop(http_t *http);
	448	extern int _httpTLSWrite(http_t http, const char buf, int len);
e60ec91f	449	extern int _httpUpdate(http_t http, http_status_t status);
38e73f87	450	extern int _httpWait(http_t *http, int msec, int usessl);
6d2f911b MS	451
6d2f911b MS	452
07ed0e9a MS	453	/*
	454	* C++ magic...
	455	*/
	456
	457	# ifdef __cplusplus
	458	}
	459	# endif /* __cplusplus */
	460
ef416fc2	461	#endif /* !_CUPS_HTTP_PRIVATE_H_ */