2 * Private HTTP definitions for CUPS.
4 * Copyright 2007-2018 by Apple Inc.
5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
7 * Licensed under Apache License v2.0. See the file "LICENSE" for more
11 #ifndef _CUPS_HTTP_PRIVATE_H_
12 # define _CUPS_HTTP_PRIVATE_H_
15 * Include necessary headers...
19 # include <cups/language.h>
24 # include <sys/select.h>
29 # define _WINSOCK_DEPRECATED_NO_WARNINGS 1
31 # include <winsock2.h>
32 # define CUPS_SOCAST (const char *)
36 # include <sys/socket.h>
41 # ifdef HAVE_GSS_GSSAPI_H
42 # include <GSS/gssapi.h>
43 # elif defined(HAVE_GSSAPI_GSSAPI_H)
44 # include <gssapi/gssapi.h>
45 # elif defined(HAVE_GSSAPI_H)
47 # endif /* HAVE_GSS_GSSAPI_H */
48 # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
49 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
50 # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
51 # endif /* HAVE_GSSAPI */
53 # ifdef HAVE_AUTHORIZATION_H
54 # include <Security/Authorization.h>
55 # endif /* HAVE_AUTHORIZATION_H */
57 # if defined(__APPLE__) && !defined(_SOCKLEN_T)
59 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
60 * unsigned type for length values...
63 typedef int socklen_t
;
64 # endif /* __APPLE__ && !_SOCKLEN_T */
66 # include <cups/http.h>
67 # include "ipp-private.h"
70 # include <gnutls/gnutls.h>
71 # include <gnutls/x509.h>
72 # elif defined(HAVE_CDSASSL)
73 # include <CoreFoundation/CoreFoundation.h>
74 # include <Security/Security.h>
75 # include <Security/SecureTransport.h>
76 # ifdef HAVE_SECITEM_H
77 # include <Security/SecItem.h>
78 # endif /* HAVE_SECITEM_H */
79 # ifdef HAVE_SECCERTIFICATE_H
80 # include <Security/SecCertificate.h>
81 # include <Security/SecIdentity.h>
82 # endif /* HAVE_SECCERTIFICATE_H */
83 # elif defined(HAVE_SSPISSL)
84 # include <wincrypt.h>
85 # include <wintrust.h>
86 # include <schannel.h>
87 # define SECURITY_WIN32
88 # include <security.h>
90 # endif /* HAVE_GNUTLS */
95 # ifdef HAVE_GETIFADDRS
98 # include <sys/ioctl.h>
99 # ifdef HAVE_SYS_SOCKIO_H
100 # include <sys/sockio.h>
101 # endif /* HAVE_SYS_SOCKIO_H */
102 # endif /* HAVE_GETIFADDRS */
103 # endif /* !_WIN32 */
112 # endif /* __cplusplus */
119 # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
120 # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
121 # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
122 # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
123 # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
125 # define _HTTP_TLS_NONE 0 /* No TLS options */
126 # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
127 # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
128 # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
129 # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
131 # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
132 # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
133 # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
134 # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
135 # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
136 # define _HTTP_TLS_MAX 5 /* Highest known TLS version */
140 * Types and functions for SSL support...
145 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
148 typedef gnutls_session_t http_tls_t
;
149 typedef gnutls_certificate_credentials_t
*http_tls_credentials_t
;
151 # elif defined(HAVE_CDSASSL)
153 * Darwin's Security framework provides its own SSL/TLS context structure
154 * for its IO and protocol management...
157 typedef SSLContextRef http_tls_t
;
158 typedef CFArrayRef http_tls_credentials_t
;
160 # elif defined(HAVE_SSPISSL)
162 * Windows' SSPI library gets a CUPS wrapper...
165 typedef struct _http_sspi_s
/**** SSPI/SSL data structure ****/
167 CredHandle creds
; /* Credentials */
168 CtxtHandle context
; /* SSL context */
169 BOOL contextInitialized
; /* Is context init'd? */
170 SecPkgContext_StreamSizes streamSizes
;/* SSL data stream sizes */
171 BYTE
*decryptBuffer
; /* Data pre-decryption*/
172 size_t decryptBufferLength
; /* Length of decrypt buffer */
173 size_t decryptBufferUsed
; /* Bytes used in buffer */
174 BYTE
*readBuffer
; /* Data post-decryption */
175 int readBufferLength
; /* Length of read buffer */
176 int readBufferUsed
; /* Bytes used in buffer */
177 BYTE
*writeBuffer
; /* Data pre-encryption */
178 int writeBufferLength
; /* Length of write buffer */
179 PCCERT_CONTEXT localCert
, /* Local certificate */
180 remoteCert
; /* Remote (peer's) certificate */
181 char error
[256]; /* Most recent error message */
183 typedef _http_sspi_t
*http_tls_t
;
184 typedef PCCERT_CONTEXT http_tls_credentials_t
;
188 * Otherwise define stub types since we have no SSL support...
191 typedef void *http_tls_t
;
192 typedef void *http_tls_credentials_t
;
193 # endif /* HAVE_GNUTLS */
195 typedef enum _http_coding_e
/**** HTTP content coding enumeration ****/
197 _HTTP_CODING_IDENTITY
, /* No content coding */
198 _HTTP_CODING_GZIP
, /* LZ77+gzip decompression */
199 _HTTP_CODING_DEFLATE
, /* LZ77+zlib compression */
200 _HTTP_CODING_GUNZIP
, /* LZ77+gzip decompression */
201 _HTTP_CODING_INFLATE
/* LZ77+zlib decompression */
204 typedef enum _http_mode_e
/**** HTTP mode enumeration ****/
206 _HTTP_MODE_CLIENT
, /* Client connected to server */
207 _HTTP_MODE_SERVER
/* Server connected (accepted) from client */
210 # ifndef _HTTP_NO_PRIVATE
211 struct _http_s
/**** HTTP connection structure ****/
213 int fd
; /* File descriptor for this socket */
214 int blocking
; /* To block or not to block */
215 int error
; /* Last error on read */
216 time_t activity
; /* Time since last read/write */
217 http_state_t state
; /* State of client */
218 http_status_t status
; /* Status of last request */
219 http_version_t version
; /* Protocol version */
220 http_keepalive_t keep_alive
; /* Keep-alive supported? */
221 struct sockaddr_in _hostaddr
; /* Address of connected host (deprecated) */
222 char hostname
[HTTP_MAX_HOST
],
223 /* Name of connected host */
224 _fields
[HTTP_FIELD_ACCEPT_ENCODING
][HTTP_MAX_VALUE
];
225 /* Field values up to Accept-Encoding (deprecated) */
226 char *data
; /* Pointer to data buffer */
227 http_encoding_t data_encoding
; /* Chunked or not */
228 int _data_remaining
;/* Number of bytes left (deprecated) */
229 int used
; /* Number of bytes used in buffer */
230 char buffer
[HTTP_MAX_BUFFER
];
231 /* Buffer for incoming data */
232 int _auth_type
; /* Authentication in use (deprecated) */
233 unsigned char _md5_state
[88]; /* MD5 state (deprecated) */
234 char nonce
[HTTP_MAX_VALUE
];
236 unsigned nonce_count
; /* Nonce count */
237 http_tls_t tls
; /* TLS state information */
238 http_encryption_t encryption
; /* Encryption requirements */
240 /**** New in CUPS 1.1.19 ****/
241 fd_set
*input_set
; /* select() set for httpWait() (deprecated) */
242 http_status_t expect
; /* Expect: header */
243 char *cookie
; /* Cookie value(s) */
245 /**** New in CUPS 1.1.20 ****/
246 char _authstring
[HTTP_MAX_VALUE
],
247 /* Current Authorization value (deprecated) */
248 userpass
[HTTP_MAX_VALUE
];
249 /* Username:password string */
250 int digest_tries
; /* Number of tries for digest auth */
252 /**** New in CUPS 1.2 ****/
253 off_t data_remaining
; /* Number of bytes left */
254 http_addr_t
*hostaddr
; /* Current host address and port */
255 http_addrlist_t
*addrlist
; /* List of valid addresses */
256 char wbuffer
[HTTP_MAX_BUFFER
];
257 /* Buffer for outgoing data */
258 int wused
; /* Write buffer bytes used */
260 /**** New in CUPS 1.3 ****/
261 char *authstring
; /* Current Authorization field */
263 gss_OID gssmech
; /* Authentication mechanism */
264 gss_ctx_id_t gssctx
; /* Authentication context */
265 gss_name_t gssname
; /* Authentication server name */
266 # endif /* HAVE_GSSAPI */
267 # ifdef HAVE_AUTHORIZATION_H
268 AuthorizationRef auth_ref
; /* Authorization ref */
269 # endif /* HAVE_AUTHORIZATION_H */
271 /**** New in CUPS 1.5 ****/
272 http_tls_credentials_t tls_credentials
;
273 /* TLS credentials */
274 http_timeout_cb_t timeout_cb
; /* Timeout callback */
275 void *timeout_data
; /* User data pointer */
276 double timeout_value
; /* Timeout in seconds */
277 int wait_value
; /* httpWait value for timeout */
279 char gsshost
[256]; /* Hostname for Kerberos */
280 # endif /* HAVE_GSSAPI */
282 /**** New in CUPS 1.7 ****/
283 int tls_upgrade
; /* Non-zero if we are doing an upgrade */
284 _http_mode_t mode
; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
286 _http_coding_t coding
; /* _HTTP_CODING_xxx */
287 void *stream
; /* (De)compression stream */
288 unsigned char *sbuffer
; /* (De)compression buffer */
289 # endif /* HAVE_LIBZ */
291 /**** New in CUPS 2.2.9 ****/
292 char algorithm
[65], /* Algorithm from WWW-Authenticate */
293 nextnonce
[HTTP_MAX_VALUE
],
294 /* Next nonce value from Authentication-Info */
295 opaque
[HTTP_MAX_VALUE
],
296 /* Opaque value from WWW-Authenticate */
297 realm
[HTTP_MAX_VALUE
];
298 /* Realm from WWW-Authenticate */
300 /**** New in CUPS 2.3 ****/
301 char *fields
[HTTP_FIELD_MAX
],
302 /* Allocated field values */
303 *default_fields
[HTTP_FIELD_MAX
];
304 /* Default field values, if any */
306 # endif /* !_HTTP_NO_PRIVATE */
310 * Some OS's don't have hstrerror(), most notably Solaris...
313 # ifndef HAVE_HSTRERROR
314 extern const char *_cups_hstrerror(int error
);
315 # define hstrerror _cups_hstrerror
316 # endif /* !HAVE_HSTRERROR */
323 extern void _httpAddrSetPort(http_addr_t
*addr
, int port
) _CUPS_PRIVATE
;
324 extern http_tls_credentials_t
325 _httpCreateCredentials(cups_array_t
*credentials
) _CUPS_PRIVATE
;
326 extern char *_httpDecodeURI(char *dst
, const char *src
,
327 size_t dstsize
) _CUPS_PRIVATE
;
328 extern void _httpDisconnect(http_t
*http
) _CUPS_PRIVATE
;
329 extern char *_httpEncodeURI(char *dst
, const char *src
,
330 size_t dstsize
) _CUPS_PRIVATE
;
331 extern void _httpFreeCredentials(http_tls_credentials_t credentials
) _CUPS_PRIVATE
;
332 extern const char *_httpResolveURI(const char *uri
, char *resolved_uri
,
333 size_t resolved_size
, int options
,
334 int (*cb
)(void *context
),
335 void *context
) _CUPS_PRIVATE
;
336 extern int _httpSetDigestAuthString(http_t
*http
, const char *nonce
, const char *method
, const char *resource
) _CUPS_PRIVATE
;
337 extern const char *_httpStatus(cups_lang_t
*lang
, http_status_t status
) _CUPS_PRIVATE
;
338 extern void _httpTLSInitialize(void) _CUPS_PRIVATE
;
339 extern size_t _httpTLSPending(http_t
*http
) _CUPS_PRIVATE
;
340 extern int _httpTLSRead(http_t
*http
, char *buf
, int len
) _CUPS_PRIVATE
;
341 extern void _httpTLSSetOptions(int options
, int min_version
, int max_version
) _CUPS_PRIVATE
;
342 extern int _httpTLSStart(http_t
*http
) _CUPS_PRIVATE
;
343 extern void _httpTLSStop(http_t
*http
) _CUPS_PRIVATE
;
344 extern int _httpTLSWrite(http_t
*http
, const char *buf
, int len
) _CUPS_PRIVATE
;
345 extern int _httpUpdate(http_t
*http
, http_status_t
*status
) _CUPS_PRIVATE
;
346 extern int _httpWait(http_t
*http
, int msec
, int usessl
) _CUPS_PRIVATE
;
355 # endif /* __cplusplus */
357 #endif /* !_CUPS_HTTP_PRIVATE_H_ */