/*
- * "$Id$"
- *
* HTTP routines for CUPS.
*
- * Copyright 2007-2013 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2021 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
* Jelmer Vernooij.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
- *
- * This file is subject to the Apple OS-Developed Software exception.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
*/
#include "cups-private.h"
+#include "debug-internal.h"
#include <fcntl.h>
#include <math.h>
-#ifdef WIN32
+#ifdef _WIN32
# include <tchar.h>
#else
# include <signal.h>
# include <sys/time.h>
# include <sys/resource.h>
-#endif /* WIN32 */
+#endif /* _WIN32 */
#ifdef HAVE_POLL
# include <poll.h>
#endif /* HAVE_POLL */
+# ifdef HAVE_LIBZ
+# include <zlib.h>
+# endif /* HAVE_LIBZ */
/*
* Local functions...
*/
+static void http_add_field(http_t *http, http_field_t field, const char *value, int append);
#ifdef HAVE_LIBZ
static void http_content_coding_finish(http_t *http);
static void http_content_coding_start(http_t *http,
size_t length);
static ssize_t http_write_chunk(http_t *http, const char *buffer,
size_t length);
-#ifdef HAVE_SSL
-static int http_read_ssl(http_t *http, char *buf, int len);
-static int http_set_credentials(http_t *http);
-#endif /* HAVE_SSL */
static off_t http_set_length(http_t *http);
static void http_set_timeout(int fd, double timeout);
static void http_set_wait(http_t *http);
+
#ifdef HAVE_SSL
-static int http_setup_ssl(http_t *http);
-static void http_shutdown_ssl(http_t *http);
-static int http_upgrade(http_t *http);
-static int http_write_ssl(http_t *http, const char *buf, int len);
+static int http_tls_upgrade(http_t *http);
#endif /* HAVE_SSL */
"WWW-Authenticate",
"Accept-Encoding",
"Allow",
- "Server"
- };
-
-
-#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
-/*
- * BIO methods for OpenSSL...
- */
-
-static int http_bio_write(BIO *h, const char *buf, int num);
-static int http_bio_read(BIO *h, char *buf, int size);
-static int http_bio_puts(BIO *h, const char *str);
-static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int http_bio_new(BIO *h);
-static int http_bio_free(BIO *data);
-
-static BIO_METHOD http_bio_methods =
- {
- BIO_TYPE_SOCKET,
- "http",
- http_bio_write,
- http_bio_read,
- http_bio_puts,
- NULL, /* http_bio_gets, */
- http_bio_ctrl,
- http_bio_new,
- http_bio_free,
- NULL,
+ "Server",
+ "Authentication-Info"
};
-#endif /* HAVE_SSL && HAVE_LIBSSL */
/*
* 'httpAcceptConnection()' - Accept a new HTTP client connection from the
* specified listening socket.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
http_t * /* O - HTTP connection or @code NULL@ */
*
* Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array.
*
- * @since CUPS 1.5/OS X 10.7@
+ * @since CUPS 1.5/macOS 10.7@
*/
int /* O - 0 on success, -1 on error */
}
-#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
-/*
- * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
- */
-
-BIO_METHOD * /* O - BIO methods for OpenSSL */
-_httpBIOMethods(void)
-{
- return (&http_bio_methods);
-}
-#endif /* HAVE_SSL && HAVE_LIBSSL */
-
-
/*
* 'httpBlocking()' - Set blocking/non-blocking behavior on a connection.
*/
/*
* 'httpClearCookie()' - Clear the cookie value(s).
*
- * @since CUPS 1.1.19/OS X 10.3@
+ * @since CUPS 1.1.19/macOS 10.3@
*/
void
void
httpClearFields(http_t *http) /* I - HTTP connection */
{
- DEBUG_printf(("httpClearFields(http=%p)", http));
+ http_field_t field; /* Current field */
+
+
+ DEBUG_printf(("httpClearFields(http=%p)", (void *)http));
if (http)
{
- memset(http->fields, 0, sizeof(http->fields));
+ memset(http->_fields, 0, sizeof(http->fields));
+
+ for (field = HTTP_FIELD_ACCEPT_LANGUAGE; field < HTTP_FIELD_MAX; field ++)
+ {
+ if (http->fields[field] && http->fields[field] != http->_fields[field])
+ free(http->fields[field]);
+
+ http->fields[field] = NULL;
+ }
if (http->mode == _HTTP_MODE_CLIENT)
{
httpSetField(http, HTTP_FIELD_HOST, http->hostname);
}
- if (http->field_authorization)
- {
- free(http->field_authorization);
- http->field_authorization = NULL;
- }
-
- if (http->accept_encoding)
- {
- _cupsStrFree(http->accept_encoding);
- http->accept_encoding = NULL;
- }
-
- if (http->allow)
- {
- _cupsStrFree(http->allow);
- http->allow = NULL;
- }
-
- if (http->server)
- {
- _cupsStrFree(http->server);
- http->server = NULL;
- }
-
http->expect = (http_status_t)0;
}
}
#endif /* HAVE_GSSAPI */
- DEBUG_printf(("httpClose(http=%p)", http));
+ DEBUG_printf(("httpClose(http=%p)", (void *)http));
/*
* Range check input...
}
+/*
+ * 'httpCompareCredentials()' - Compare two sets of X.509 credentials.
+ *
+ * @since CUPS 2.0/OS 10.10@
+ */
+
+int /* O - 1 if they match, 0 if they do not */
+httpCompareCredentials(
+ cups_array_t *cred1, /* I - First set of X.509 credentials */
+ cups_array_t *cred2) /* I - Second set of X.509 credentials */
+{
+ http_credential_t *temp1, *temp2; /* Temporary credentials */
+
+
+ for (temp1 = (http_credential_t *)cupsArrayFirst(cred1), temp2 = (http_credential_t *)cupsArrayFirst(cred2); temp1 && temp2; temp1 = (http_credential_t *)cupsArrayNext(cred1), temp2 = (http_credential_t *)cupsArrayNext(cred2))
+ if (temp1->datalen != temp2->datalen)
+ return (0);
+ else if (memcmp(temp1->data, temp2->data, temp1->datalen))
+ return (0);
+
+ return (temp1 == temp2);
+}
+
+
/*
* 'httpConnect()' - Connect to a HTTP server.
*
* This function is deprecated - use @link httpConnect2@ instead.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
http_t * /* O - New HTTP connection */
httpConnect(const char *host, /* I - Host to connect to */
int port) /* I - Port number */
{
- return (httpConnect2(host, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_IF_REQUESTED,
- 1, 30000, NULL));
+ return (httpConnect2(host, port, NULL, AF_UNSPEC,
+ HTTP_ENCRYPTION_IF_REQUESTED, 1, 30000, NULL));
}
/*
* 'httpConnect2()' - Connect to a HTTP server.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
http_t * /* O - New HTTP connection */
httpConnect2(
const char *host, /* I - Host to connect to */
int port, /* I - Port number */
- http_addrlist_t *addrlist, /* I - List of addresses or NULL to lookup */
+ http_addrlist_t *addrlist, /* I - List of addresses or @code NULL@ to lookup */
int family, /* I - Address family to use or @code AF_UNSPEC@ for any */
http_encryption_t encryption, /* I - Type of encryption to use */
int blocking, /* I - 1 for blocking connection, 0 for non-blocking */
http_t *http; /* New HTTP connection */
- DEBUG_printf(("httpConnect2(host=\"%s\", port=%d, addrlist=%p, family=%d, "
- "encryption=%d, blocking=%d, msec=%d, cancel=%p)", host, port,
- addrlist, family, encryption, blocking, msec, cancel));
+ DEBUG_printf(("httpConnect2(host=\"%s\", port=%d, addrlist=%p, family=%d, encryption=%d, blocking=%d, msec=%d, cancel=%p)", host, port, (void *)addrlist, family, encryption, blocking, msec, (void *)cancel));
/*
* Create the HTTP structure...
* This function is now deprecated. Please use the @link httpConnect2@ function
* instead.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
http_t * /* O - New HTTP connection */
}
-/*
- * 'httpCopyCredentials()' - Copy the credentials associated with an encrypted
- * connection.
- *
- * @since CUPS 1.5/OS X 10.7@
- */
-
-int /* O - Status of call (0 = success) */
-httpCopyCredentials(
- http_t *http, /* I - HTTP connection */
- cups_array_t **credentials) /* O - Array of credentials */
-{
-# ifdef HAVE_LIBSSL
-# elif defined(HAVE_GNUTLS)
-# elif defined(HAVE_CDSASSL)
- OSStatus error; /* Error code */
- SecTrustRef peerTrust; /* Peer trust reference */
- CFIndex count; /* Number of credentials */
- SecCertificateRef secCert; /* Certificate reference */
- CFDataRef data; /* Certificate data */
- int i; /* Looping var */
-# elif defined(HAVE_SSPISSL)
-# endif /* HAVE_LIBSSL */
-
-
- if (credentials)
- *credentials = NULL;
-
- if (!http || !http->tls || !credentials)
- return (-1);
-
-# ifdef HAVE_LIBSSL
- return (-1);
-
-# elif defined(HAVE_GNUTLS)
- return (-1);
-
-# elif defined(HAVE_CDSASSL)
- if (!(error = SSLCopyPeerTrust(http->tls, &peerTrust)) && peerTrust)
- {
- if ((*credentials = cupsArrayNew(NULL, NULL)) != NULL)
- {
- count = SecTrustGetCertificateCount(peerTrust);
-
- for (i = 0; i < count; i ++)
- {
- secCert = SecTrustGetCertificateAtIndex(peerTrust, i);
- if ((data = SecCertificateCopyData(secCert)))
- {
- httpAddCredential(*credentials, CFDataGetBytePtr(data),
- CFDataGetLength(data));
- CFRelease(data);
- }
- }
- }
-
- CFRelease(peerTrust);
- }
-
- return (error);
-
-# elif defined(HAVE_SSPISSL)
- return (-1);
-
-# else
- return (-1);
-# endif /* HAVE_LIBSSL */
-}
-
-
-/*
- * '_httpCreateCredentials()' - Create credentials in the internal format.
- */
-
-http_tls_credentials_t /* O - Internal credentials */
-_httpCreateCredentials(
- cups_array_t *credentials) /* I - Array of credentials */
-{
- if (!credentials)
- return (NULL);
-
-# ifdef HAVE_LIBSSL
- return (NULL);
-
-# elif defined(HAVE_GNUTLS)
- return (NULL);
-
-# elif defined(HAVE_CDSASSL)
- CFMutableArrayRef peerCerts; /* Peer credentials reference */
- SecCertificateRef secCert; /* Certificate reference */
- CFDataRef data; /* Credential data reference */
- http_credential_t *credential; /* Credential data */
-
-
- if ((peerCerts = CFArrayCreateMutable(kCFAllocatorDefault,
- cupsArrayCount(credentials),
- &kCFTypeArrayCallBacks)) == NULL)
- return (NULL);
-
- for (credential = (http_credential_t *)cupsArrayFirst(credentials);
- credential;
- credential = (http_credential_t *)cupsArrayNext(credentials))
- {
- if ((data = CFDataCreate(kCFAllocatorDefault, credential->data,
- credential->datalen)))
- {
- if ((secCert = SecCertificateCreateWithData(kCFAllocatorDefault, data))
- != NULL)
- {
- CFArrayAppendValue(peerCerts, secCert);
- CFRelease(secCert);
- }
-
- CFRelease(data);
- }
- }
-
- return (peerCerts);
-
-# elif defined(HAVE_SSPISSL)
- return (NULL);
-
-# else
- return (NULL);
-# endif /* HAVE_LIBSSL */
-}
-
-
/*
* 'httpDelete()' - Send a DELETE request to the server.
*/
{
#ifdef HAVE_SSL
if (http->tls)
- http_shutdown_ssl(http);
+ _httpTLSStop(http);
#endif /* HAVE_SSL */
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ httpAddrClose(NULL, http->fd);
http->fd = -1;
}
httpEncryption(http_t *http, /* I - HTTP connection */
http_encryption_t e) /* I - New encryption preference */
{
- DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
+ DEBUG_printf(("httpEncryption(http=%p, e=%d)", (void *)http, e));
#ifdef HAVE_SSL
if (!http)
return (0);
- http->encryption = e;
+ if (http->mode == _HTTP_MODE_CLIENT)
+ {
+ http->encryption = e;
- if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) ||
- (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls))
- return (httpReconnect2(http, 30000, NULL));
- else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
- return (http_upgrade(http));
+ if ((http->encryption == HTTP_ENCRYPTION_ALWAYS && !http->tls) ||
+ (http->encryption == HTTP_ENCRYPTION_NEVER && http->tls))
+ return (httpReconnect2(http, 30000, NULL));
+ else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls)
+ return (http_tls_upgrade(http));
+ else
+ return (0);
+ }
else
- return (0);
+ {
+ if (e == HTTP_ENCRYPTION_NEVER && http->tls)
+ return (-1);
+
+ http->encryption = e;
+ if (e != HTTP_ENCRYPTION_IF_REQUESTED && !http->tls)
+ return (_httpTLSStart(http));
+ else
+ return (0);
+ }
#else
if (e == HTTP_ENCRYPTION_ALWAYS || e == HTTP_ENCRYPTION_REQUIRED)
return (-1);
/*
- * 'httpFlush()' - Flush data from a HTTP connection.
+ * 'httpFlush()' - Flush data read from a HTTP connection.
*/
void
http_state_t oldstate; /* Old state */
- DEBUG_printf(("httpFlush(http=%p), state=%s", http,
- httpStateString(http->state)));
+ DEBUG_printf(("httpFlush(http=%p), state=%s", (void *)http, httpStateString(http->state)));
/*
* Nothing to do if we are in the "waiting" state...
#ifdef HAVE_SSL
if (http->tls)
- http_shutdown_ssl(http);
+ _httpTLSStop(http);
#endif /* HAVE_SSL */
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ httpAddrClose(NULL, http->fd);
http->fd = -1;
}
/*
- * 'httpFlushWrite()' - Flush data in write buffer.
+ * 'httpFlushWrite()' - Flush data written to a HTTP connection.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
int /* O - Bytes written or -1 on error */
httpFlushWrite(http_t *http) /* I - HTTP connection */
{
- int bytes; /* Bytes written */
+ ssize_t bytes; /* Bytes written */
- DEBUG_printf(("httpFlushWrite(http=%p) data_encoding=%d", http,
- http ? http->data_encoding : -1));
+ DEBUG_printf(("httpFlushWrite(http=%p) data_encoding=%d", (void *)http, http ? http->data_encoding : 100));
if (!http || !http->wused)
{
}
if (http->data_encoding == HTTP_ENCODING_CHUNKED)
- bytes = http_write_chunk(http, http->wbuffer, http->wused);
+ bytes = http_write_chunk(http, http->wbuffer, (size_t)http->wused);
else
- bytes = http_write(http, http->wbuffer, http->wused);
+ bytes = http_write(http, http->wbuffer, (size_t)http->wused);
http->wused = 0;
- DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", bytes, errno));
-
- return (bytes);
-}
-
-
-/*
- * '_httpFreeCredentials()' - Free internal credentials.
- */
-
-void
-_httpFreeCredentials(
- http_tls_credentials_t credentials) /* I - Internal credentials */
-{
- if (!credentials)
- return;
-
-#ifdef HAVE_LIBSSL
- (void)credentials;
+ DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", (int)bytes, errno));
-#elif defined(HAVE_GNUTLS)
- (void)credentials;
-
-#elif defined(HAVE_CDSASSL)
- CFRelease(credentials);
-
-#elif defined(HAVE_SSPISSL)
- (void)credentials;
-
-#endif /* HAVE_LIBSSL */
+ return ((int)bytes);
}
/*
* 'httpGetActivity()' - Get the most recent activity for a connection.
*
- * The return value is the UNIX time of the last read or write.
+ * The return value is the time in seconds of the last read or write.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
time_t /* O - Time of last read or write */
/*
* 'httpGetAuthString()' - Get the current authorization string.
*
- * The authorization string is set by cupsDoAuthentication() and
- * httpSetAuthString(). Use httpGetAuthString() to retrieve the
- * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
- * value.
+ * The authorization string is set by @link cupsDoAuthentication@ and
+ * @link httpSetAuthString@. Use @link httpGetAuthString@ to retrieve the
+ * string to use with @link httpSetField@ for the
+ * @code HTTP_FIELD_AUTHORIZATION@ value.
*
- * @since CUPS 1.3/OS X 10.5@
+ * @since CUPS 1.3/macOS 10.5@
*/
char * /* O - Authorization string */
/*
* 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
int /* O - 1 if blocking, 0 if non-blocking */
* client. The value returned can be use in subsequent requests (for clients)
* or in the response (for servers) in order to compress the content stream.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
const char * /* O - Content-Coding value or
@code NULL@ for the identity
coding. */
-httpGetContentEncoding(http_t *http) /* I - Connection to client/server */
+httpGetContentEncoding(http_t *http) /* I - HTTP connection */
{
#ifdef HAVE_LIBZ
- if (http && http->accept_encoding)
+ if (http && http->fields[HTTP_FIELD_ACCEPT_ENCODING])
{
int i; /* Looping var */
char temp[HTTP_MAX_VALUE], /* Copy of Accepts-Encoding value */
"x-gzip"
};
- strlcpy(temp, http->accept_encoding, sizeof(temp));
+ strlcpy(temp, http->fields[HTTP_FIELD_ACCEPT_ENCODING], sizeof(temp));
for (start = temp; *start; start = end)
{
/*
* 'httpGetCookie()' - Get any cookie data from the response.
*
- * @since CUPS 1.1.19/OS X 10.3@
+ * @since CUPS 1.1.19/macOS 10.3@
*/
-const char * /* O - Cookie data or NULL */
-httpGetCookie(http_t *http) /* I - HTTP connecion */
+const char * /* O - Cookie data or @code NULL@ */
+httpGetCookie(http_t *http) /* I - HTTP connection */
{
return (http ? http->cookie : NULL);
}
* @link httpIsEncrypted@ function to determine whether a TLS session has
* been established.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
http_encryption_t /* O - Current encryption mode */
* Returns @code HTTP_STATUS_NONE@ if there is no Expect header, otherwise
* returns the expected HTTP status code, typically @code HTTP_STATUS_CONTINUE@.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
http_status_t /* O - Expect: status, if any */
-httpGetExpect(http_t *http) /* I - Connection to client */
+httpGetExpect(http_t *http) /* I - HTTP connection */
{
if (!http)
return (HTTP_STATUS_ERROR);
/*
* 'httpGetFd()' - Get the file descriptor associated with a connection.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
int /* O - File descriptor or -1 if none */
{
if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
return (NULL);
-
- switch (field)
- {
- case HTTP_FIELD_ACCEPT_ENCODING :
- return (http->accept_encoding);
-
- case HTTP_FIELD_ALLOW :
- return (http->allow);
-
- case HTTP_FIELD_SERVER :
- return (http->server);
-
- case HTTP_FIELD_AUTHORIZATION :
- if (http->field_authorization)
- {
- /*
- * Special case for WWW-Authenticate: as its contents can be
- * longer than HTTP_MAX_VALUE...
- */
-
- return (http->field_authorization);
- }
-
- default :
- return (http->fields[field]);
- }
+ else if (http->fields[field])
+ return (http->fields[field]);
+ else
+ return ("");
}
/*
* 'httpGetKeepAlive()' - Get the current Keep-Alive state of the connection.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
http_keepalive_t /* O - Keep-Alive state */
* This function is deprecated and will not return lengths larger than
* 2^31 - 1; use httpGetLength2() instead.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
int /* O - Content length */
* This function returns the complete content length, even for
* content larger than 2^31 - 1.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
off_t /* O - Content length */
off_t remaining; /* Remaining length */
- DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
- httpStateString(http->state)));
+ DEBUG_printf(("2httpGetLength2(http=%p), state=%s", (void *)http, httpStateString(http->state)));
if (!http)
return (-1);
- if (!_cups_strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
+ if (http->fields[HTTP_FIELD_TRANSFER_ENCODING] && !_cups_strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
{
DEBUG_puts("4httpGetLength2: chunked request!");
remaining = 0;
* after the transfer is complete...
*/
- if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
+ if (!http->fields[HTTP_FIELD_CONTENT_LENGTH] || !http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
{
/*
* Default content length is 0 for errors and certain types of operations,
}
+/*
+ * 'httpGetPending()' - Get the number of bytes that are buffered for writing.
+ *
+ * @since CUPS 2.0/OS 10.10@
+ */
+
+size_t /* O - Number of bytes buffered */
+httpGetPending(http_t *http) /* I - HTTP connection */
+{
+ return (http ? (size_t)http->wused : 0);
+}
+
+
/*
* 'httpGetReady()' - Get the number of bytes that can be read without blocking.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
size_t /* O - Number of bytes available */
if (!http)
return (0);
else if (http->used > 0)
- return (http->used);
+ return ((size_t)http->used);
#ifdef HAVE_SSL
else if (http->tls)
- {
- size_t ready; /* Ready bytes */
-
-# ifdef HAVE_LIBSSL
- if ((ready = SSL_pending((SSL *)(http->tls))) > 0)
- return (ready);
-# elif defined(HAVE_GNUTLS)
- if ((ready = gnutls_record_check_pending(http->tls)) > 0)
- return (ready);
-# elif defined(HAVE_CDSASSL)
- if (!SSLGetBufferedReadSize(http->tls, &ready) && ready > 0)
- return (ready);
-# endif /* HAVE_LIBSSL */
- }
+ return (_httpTLSPending(http));
#endif /* HAVE_SSL */
return (0);
* The @link httpIsChunked@ function can be used to determine whether the
* message body is chunked or fixed-length.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
size_t /* O - Remaining bytes */
httpGetRemaining(http_t *http) /* I - HTTP connection */
{
- return (http ? http->data_remaining : 0);
+ return (http ? (size_t)http->data_remaining : 0);
}
* 'httpGets()' - Get a line of text from a HTTP connection.
*/
-char * /* O - Line or NULL */
+char * /* O - Line or @code NULL@ */
httpGets(char *line, /* I - Line to read into */
int length, /* I - Max length of buffer */
http_t *http) /* I - HTTP connection */
{
- char *lineptr, /* Pointer into line */
- *lineend, /* End of line */
- *bufptr, /* Pointer into input buffer */
- *bufend; /* Pointer to end of buffer */
- int bytes, /* Number of bytes read */
- eol; /* End-of-line? */
+ char *lineptr, /* Pointer into line */
+ *lineend, /* End of line */
+ *bufptr, /* Pointer into input buffer */
+ *bufend; /* Pointer to end of buffer */
+ ssize_t bytes; /* Number of bytes read */
+ int eol; /* End-of-line? */
- DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
+ DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", (void *)line, length, (void *)http));
if (!http || !line || length <= 1)
return (NULL);
* Pre-load the buffer as needed...
*/
-#ifdef WIN32
+#ifdef _WIN32
WSASetLastError(0);
#else
errno = 0;
-#endif /* WIN32 */
+#endif /* _WIN32 */
while (http->used == 0)
{
continue;
DEBUG_puts("3httpGets: Timed out!");
-#ifdef WIN32
+#ifdef _WIN32
http->error = WSAETIMEDOUT;
#else
http->error = ETIMEDOUT;
-#endif /* WIN32 */
+#endif /* _WIN32 */
return (NULL);
}
- bytes = http_read(http, http->buffer + http->used,
- HTTP_MAX_BUFFER - http->used);
+ bytes = http_read(http, http->buffer + http->used, (size_t)(HTTP_MAX_BUFFER - http->used));
- DEBUG_printf(("4httpGets: read %d bytes.", bytes));
+ DEBUG_printf(("4httpGets: read " CUPS_LLFMT " bytes.", CUPS_LLCAST bytes));
if (bytes < 0)
{
* Nope, can't get a line this time...
*/
-#ifdef WIN32
+#ifdef _WIN32
DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
if (WSAGetLastError() == WSAEINTR)
http->error = errno;
continue;
}
-#endif /* WIN32 */
+#endif /* _WIN32 */
return (NULL);
}
* Yup, update the amount used...
*/
- http->used += bytes;
+ http->used += (int)bytes;
}
/*
http->used -= (int)(bufptr - http->buffer);
if (http->used > 0)
- memmove(http->buffer, bufptr, http->used);
+ memmove(http->buffer, bufptr, (size_t)http->used);
if (eol)
{
/*
* 'httpGetStatus()' - Get the status of the last HTTP request.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
http_status_t /* O - HTTP status */
/*
* 'httpGetSubField()' - Get a sub-field value.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
-char * /* O - Value or NULL */
+char * /* O - Value or @code NULL@ */
httpGetSubField(http_t *http, /* I - HTTP connection */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
/*
* 'httpGetSubField2()' - Get a sub-field value.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
-char * /* O - Value or NULL */
+char * /* O - Value or @code NULL@ */
httpGetSubField2(http_t *http, /* I - HTTP connection */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
*ptr, /* Pointer into string buffer */
*end; /* End of value buffer */
- DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
- "valuelen=%d)", http, field, name, value, valuelen));
+ DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, valuelen=%d)", (void *)http, field, name, (void *)value, valuelen));
+
+ if (value)
+ *value = '\0';
if (!http || !name || !value || valuelen < 2 ||
- field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
+ field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX || !http->fields[field])
return (NULL);
end = value + valuelen - 1;
httpHead(http_t *http, /* I - HTTP connection */
const char *uri) /* I - URI for head */
{
- DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
+ DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", (void *)http, uri));
return (http_send(http, HTTP_STATE_HEAD, uri));
}
httpInitialize(void)
{
static int initialized = 0; /* Have we been called before? */
-#ifdef WIN32
+#ifdef _WIN32
WSADATA winsockdata; /* WinSock data */
-#endif /* WIN32 */
-#ifdef HAVE_LIBSSL
- int i; /* Looping var */
- unsigned char data[1024]; /* Seed data */
-#endif /* HAVE_LIBSSL */
+#endif /* _WIN32 */
_cupsGlobalLock();
return;
}
-#ifdef WIN32
+#ifdef _WIN32
WSAStartup(MAKEWORD(2,2), &winsockdata);
#elif !defined(SO_NOSIGPIPE)
# else
signal(SIGPIPE, SIG_IGN);
# endif /* !SO_NOSIGPIPE */
-#endif /* WIN32 */
-
-#ifdef HAVE_GNUTLS
- /*
- * Initialize GNU TLS...
- */
+#endif /* _WIN32 */
- gnutls_global_init();
-
-#elif defined(HAVE_LIBSSL)
- /*
- * Initialize OpenSSL...
- */
-
- SSL_load_error_strings();
- SSL_library_init();
-
- /*
- * Using the current time is a dubious random seed, but on some systems
- * it is the best we can do (on others, this seed isn't even used...)
- */
-
- CUPS_SRAND(time(NULL));
-
- for (i = 0; i < sizeof(data); i ++)
- data[i] = CUPS_RAND();
-
- RAND_seed(data, sizeof(data));
-#endif /* HAVE_GNUTLS */
+# ifdef HAVE_SSL
+ _httpTLSInitialize();
+# endif /* HAVE_SSL */
initialized = 1;
_cupsGlobalUnlock();
* This function returns non-zero if the message body is composed of
* variable-length chunks.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
int /* O - 1 if chunked, 0 if not */
*
* This function returns non-zero if the connection is currently encrypted.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
int /* O - 1 if encrypted, 0 if not */
*
* This function copies available data from the given HTTP connection, reading
* a buffer as needed. The data is still available for reading using
- * @link httpRead@ or @link httpRead2@.
+ * @link httpRead2@.
*
* For non-blocking connections the usual timeouts apply.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
ssize_t /* O - Number of bytes copied */
char len[32]; /* Length string */
- DEBUG_printf(("httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
- http, buffer, CUPS_LLCAST length));
+ DEBUG_printf(("httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
if (http == NULL || buffer == NULL)
return (-1);
*/
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding >= _HTTP_CODING_GUNZIP)
http_content_coding_finish(http);
#endif /* HAVE_LIBZ */
#ifdef HAVE_LIBZ
if (http->used == 0 &&
- (http->coding == _HTTP_CODING_IDENTITY || http->stream.avail_in == 0))
+ (http->coding == _HTTP_CODING_IDENTITY ||
+ (http->coding >= _HTTP_CODING_GUNZIP && ((z_stream *)http->stream)->avail_in == 0)))
#else
if (http->used == 0)
#endif /* HAVE_LIBZ */
}
}
- if (http->data_remaining > sizeof(http->buffer))
+ if ((size_t)http->data_remaining > sizeof(http->buffer))
buflen = sizeof(http->buffer);
else
- buflen = http->data_remaining;
+ buflen = (ssize_t)http->data_remaining;
DEBUG_printf(("2httpPeek: Reading %d bytes into buffer.", (int)buflen));
- bytes = http_read(http, http->buffer, buflen);
+ bytes = http_read(http, http->buffer, (size_t)buflen);
DEBUG_printf(("2httpPeek: Read " CUPS_LLFMT " bytes into buffer.",
CUPS_LLCAST bytes));
http_debug_hex("httpPeek", http->buffer, (int)bytes);
#endif /* DEBUG */
- http->used = bytes;
+ http->used = (int)bytes;
}
}
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding >= _HTTP_CODING_GUNZIP)
{
# ifdef HAVE_INFLATECOPY
int zerr; /* Decompressor error */
z_stream stream; /* Copy of decompressor stream */
- if (http->used > 0 && http->stream.avail_in < HTTP_MAX_BUFFER)
+ if (http->used > 0 && ((z_stream *)http->stream)->avail_in < HTTP_MAX_BUFFER)
{
- size_t buflen = buflen = HTTP_MAX_BUFFER - http->stream.avail_in;
+ size_t buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in;
/* Number of bytes to copy */
- if (http->stream.avail_in > 0 &&
- http->stream.next_in > http->dbuffer)
- memmove(http->dbuffer, http->stream.next_in, http->stream.avail_in);
+ if (((z_stream *)http->stream)->avail_in > 0 &&
+ ((z_stream *)http->stream)->next_in > http->sbuffer)
+ memmove(http->sbuffer, ((z_stream *)http->stream)->next_in, ((z_stream *)http->stream)->avail_in);
- http->stream.next_in = http->dbuffer;
+ ((z_stream *)http->stream)->next_in = http->sbuffer;
- if (buflen > http->data_remaining)
- buflen = http->data_remaining;
+ if (buflen > (size_t)http->data_remaining)
+ buflen = (size_t)http->data_remaining;
- if (buflen > http->used)
- buflen = http->used;
+ if (buflen > (size_t)http->used)
+ buflen = (size_t)http->used;
DEBUG_printf(("1httpPeek: Copying %d more bytes of data into "
"decompression buffer.", (int)buflen));
- memcpy(http->dbuffer + http->stream.avail_in, http->buffer, buflen);
- http->stream.avail_in += buflen;
- http->used -= buflen;
- http->data_remaining -= buflen;
+ memcpy(http->sbuffer + ((z_stream *)http->stream)->avail_in, http->buffer, buflen);
+ ((z_stream *)http->stream)->avail_in += buflen;
+ http->used -= (int)buflen;
+ http->data_remaining -= (off_t)buflen;
if (http->used > 0)
- memmove(http->buffer, http->buffer + buflen, http->used);
+ memmove(http->buffer, http->buffer + buflen, (size_t)http->used);
}
DEBUG_printf(("2httpPeek: length=%d, avail_in=%d", (int)length,
- (int)http->stream.avail_in));
+ (int)((z_stream *)http->stream)->avail_in));
- if (inflateCopy(&stream, &(http->stream)) != Z_OK)
+ if (inflateCopy(&stream, (z_stream *)http->stream) != Z_OK)
{
DEBUG_puts("2httpPeek: Unable to copy decompressor stream.");
http->error = ENOMEM;
}
stream.next_out = (Bytef *)buffer;
- stream.avail_out = length;
+ stream.avail_out = (uInt)length;
zerr = inflate(&stream, Z_SYNC_FLUSH);
inflateEnd(&stream);
{
DEBUG_printf(("2httpPeek: zerr=%d", zerr));
#ifdef DEBUG
- http_debug_hex("2httpPeek", (char *)http->dbuffer,
- http->stream.avail_in);
+ http_debug_hex("2httpPeek", (char *)http->sbuffer, (int)((z_stream *)http->stream)->avail_in);
#endif /* DEBUG */
http->error = EIO;
return (-1);
}
- bytes = length - http->stream.avail_out;
+ bytes = (ssize_t)(length - ((z_stream *)http->stream)->avail_out);
# else
DEBUG_puts("2httpPeek: No inflateCopy on this platform, httpPeek does not "
if (bytes < 0)
{
-#ifdef WIN32
+#ifdef _WIN32
if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
bytes = 0;
else
bytes = 0;
else
http->error = errno;
-#endif /* WIN32 */
+#endif /* _WIN32 */
}
else if (bytes == 0)
{
return (bytes);
}
-/* For OS X 10.8 and earlier */
-ssize_t _httpPeek(http_t *http, char *buffer, size_t length)
-{ return (httpPeek(http, buffer, length)); }
-
/*
* 'httpPost()' - Send a POST request to the server.
const char *format, /* I - printf-style format string */
...) /* I - Additional args as needed */
{
- int bytes; /* Number of bytes to write */
- char buf[16384]; /* Buffer for formatted string */
+ ssize_t bytes; /* Number of bytes to write */
+ char buf[65536]; /* Buffer for formatted string */
va_list ap; /* Variable argument pointer */
- DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
+ DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", (void *)http, format));
va_start(ap, format);
bytes = vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
- DEBUG_printf(("3httpPrintf: (%d bytes) %s", bytes, buf));
+ DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf));
- if (http->data_encoding == HTTP_ENCODING_FIELDS)
- return (httpWrite2(http, buf, bytes));
+ if (bytes > (ssize_t)(sizeof(buf) - 1))
+ {
+ http->error = ENOMEM;
+ return (-1);
+ }
+ else if (http->data_encoding == HTTP_ENCODING_FIELDS)
+ return ((int)httpWrite2(http, buf, (size_t)bytes));
else
{
if (http->wused)
return (-1);
}
- return (http_write(http, buf, bytes));
+ return ((int)http_write(http, buf, (size_t)bytes));
}
}
httpPut(http_t *http, /* I - HTTP connection */
const char *uri) /* I - URI to put */
{
- DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
+ DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", (void *)http, uri));
return (http_send(http, HTTP_STATE_PUT, uri));
}
* This function is deprecated. Use the httpRead2() function which can
* read more than 2GB of data.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
int /* O - Number of bytes read */
char *buffer, /* I - Buffer for data */
int length) /* I - Maximum number of bytes */
{
- return ((int)httpRead2(http, buffer, length));
+ return ((int)httpRead2(http, buffer, (size_t)length));
}
/*
* 'httpRead2()' - Read data from a HTTP connection.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
ssize_t /* O - Number of bytes read */
#ifdef HAVE_LIBZ
- DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT
- ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT,
- http, buffer, CUPS_LLCAST length,
- http->coding,
- http->data_encoding, CUPS_LLCAST http->data_remaining));
+ DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->coding, http->data_encoding, CUPS_LLCAST http->data_remaining));
#else
- DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT
- ") data_encoding=%d data_remaining=" CUPS_LLFMT,
- http, buffer, CUPS_LLCAST length,
- http->data_encoding, CUPS_LLCAST http->data_remaining));
+ DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->data_encoding, CUPS_LLCAST http->data_remaining));
#endif /* HAVE_LIBZ */
if (http == NULL || buffer == NULL)
return (0);
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding >= _HTTP_CODING_GUNZIP)
{
do
{
- if (http->stream.avail_in > 0)
+ if (((z_stream *)http->stream)->avail_in > 0)
{
int zerr; /* Decompressor error */
DEBUG_printf(("2httpRead2: avail_in=%d, avail_out=%d",
- (int)http->stream.avail_in, (int)length));
+ (int)((z_stream *)http->stream)->avail_in, (int)length));
- http->stream.next_out = (Bytef *)buffer;
- http->stream.avail_out = length;
+ ((z_stream *)http->stream)->next_out = (Bytef *)buffer;
+ ((z_stream *)http->stream)->avail_out = (uInt)length;
- if ((zerr = inflate(&(http->stream), Z_SYNC_FLUSH)) < Z_OK)
+ if ((zerr = inflate((z_stream *)http->stream, Z_SYNC_FLUSH)) < Z_OK)
{
DEBUG_printf(("2httpRead2: zerr=%d", zerr));
#ifdef DEBUG
- http_debug_hex("2httpRead2", (char *)http->dbuffer,
- http->stream.avail_in);
+ http_debug_hex("2httpRead2", (char *)http->sbuffer, (int)((z_stream *)http->stream)->avail_in);
#endif /* DEBUG */
http->error = EIO;
return (-1);
}
- bytes = length - http->stream.avail_out;
+ bytes = (ssize_t)(length - ((z_stream *)http->stream)->avail_out);
DEBUG_printf(("2httpRead2: avail_in=%d, avail_out=%d, bytes=%d",
- http->stream.avail_in, http->stream.avail_out,
+ ((z_stream *)http->stream)->avail_in, ((z_stream *)http->stream)->avail_out,
(int)bytes));
}
else
if (bytes == 0)
{
- ssize_t buflen = HTTP_MAX_BUFFER - http->stream.avail_in;
+ ssize_t buflen = HTTP_MAX_BUFFER - (ssize_t)((z_stream *)http->stream)->avail_in;
/* Additional bytes for buffer */
if (buflen > 0)
{
- if (http->stream.avail_in > 0 &&
- http->stream.next_in > http->dbuffer)
- memmove(http->dbuffer, http->stream.next_in, http->stream.avail_in);
+ if (((z_stream *)http->stream)->avail_in > 0 &&
+ ((z_stream *)http->stream)->next_in > http->sbuffer)
+ memmove(http->sbuffer, ((z_stream *)http->stream)->next_in, ((z_stream *)http->stream)->avail_in);
- http->stream.next_in = http->dbuffer;
+ ((z_stream *)http->stream)->next_in = http->sbuffer;
DEBUG_printf(("1httpRead2: Reading up to %d more bytes of data into "
"decompression buffer.", (int)buflen));
if (http->data_remaining > 0)
{
if (buflen > http->data_remaining)
- buflen = http->data_remaining;
+ buflen = (ssize_t)http->data_remaining;
- bytes = http_read_buffered(http,
- (char *)http->dbuffer +
- http->stream.avail_in, buflen);
+ bytes = http_read_buffered(http, (char *)http->sbuffer + ((z_stream *)http->stream)->avail_in, (size_t)buflen);
}
else if (http->data_encoding == HTTP_ENCODING_CHUNKED)
- bytes = http_read_chunk(http,
- (char *)http->dbuffer +
- http->stream.avail_in, buflen);
+ bytes = http_read_chunk(http, (char *)http->sbuffer + ((z_stream *)http->stream)->avail_in, (size_t)buflen);
else
bytes = 0;
"decompression buffer.", CUPS_LLCAST bytes));
http->data_remaining -= bytes;
- http->stream.avail_in += bytes;
+ ((z_stream *)http->stream)->avail_in += (uInt)bytes;
if (http->data_remaining <= 0 &&
http->data_encoding == HTTP_ENCODING_CHUNKED)
if (
#ifdef HAVE_LIBZ
- (http->coding == _HTTP_CODING_IDENTITY || http->stream.avail_in == 0) &&
+ (http->coding == _HTTP_CODING_IDENTITY ||
+ (http->coding >= _HTTP_CODING_GUNZIP && ((z_stream *)http->stream)->avail_in == 0)) &&
#endif /* HAVE_LIBZ */
((http->data_remaining <= 0 &&
http->data_encoding == HTTP_ENCODING_LENGTH) ||
(http->data_encoding == HTTP_ENCODING_CHUNKED && bytes == 0)))
{
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding >= _HTTP_CODING_GUNZIP)
http_content_coding_finish(http);
#endif /* HAVE_LIBZ */
}
-#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
-/*
- * '_httpReadCDSA()' - Read function for the CDSA library.
- */
-
-OSStatus /* O - -1 on error, 0 on success */
-_httpReadCDSA(
- SSLConnectionRef connection, /* I - SSL/TLS connection */
- void *data, /* I - Data buffer */
- size_t *dataLength) /* IO - Number of bytes */
-{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- http_t *http; /* HTTP connection */
-
-
- http = (http_t *)connection;
-
- if (!http->blocking)
- {
- /*
- * Make sure we have data before we read...
- */
-
- while (!_httpWait(http, http->wait_value, 0))
- {
- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
- continue;
-
- http->error = ETIMEDOUT;
- return (-1);
- }
- }
-
- do
- {
- bytes = recv(http->fd, data, *dataLength, 0);
- }
- while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
-
- if (bytes == *dataLength)
- {
- result = 0;
- }
- else if (bytes > 0)
- {
- *dataLength = bytes;
- result = errSSLWouldBlock;
- }
- else
- {
- *dataLength = 0;
-
- if (bytes == 0)
- result = errSSLClosedGraceful;
- else if (errno == EAGAIN)
- result = errSSLWouldBlock;
- else
- result = errSSLClosedAbort;
- }
-
- return (result);
-}
-#endif /* HAVE_SSL && HAVE_CDSASSL */
-
-
-#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
-/*
- * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
- */
-
-ssize_t /* O - Number of bytes read or -1 on error */
-_httpReadGNUTLS(
- gnutls_transport_ptr ptr, /* I - HTTP connection */
- void *data, /* I - Buffer */
- size_t length) /* I - Number of bytes to read */
-{
- http_t *http; /* HTTP connection */
- ssize_t bytes; /* Bytes read */
-
-
- DEBUG_printf(("6_httpReadGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data, (int)length));
-
- http = (http_t *)ptr;
-
- if (!http->blocking)
- {
- /*
- * Make sure we have data before we read...
- */
-
- while (!_httpWait(http, http->wait_value, 0))
- {
- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
- continue;
-
- http->error = ETIMEDOUT;
- return (-1);
- }
- }
-
- bytes = recv(http->fd, data, length, 0);
- DEBUG_printf(("6_httpReadGNUTLS: bytes=%d", (int)bytes));
- return (bytes);
-}
-#endif /* HAVE_SSL && HAVE_GNUTLS */
-
-
/*
* 'httpReadRequest()' - Read a HTTP request from a connection.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
http_state_t /* O - New state of connection */
* Range check input...
*/
- DEBUG_printf(("httpReadRequest(http=%p, uri=%p, urilen=" CUPS_LLFMT ")",
- http, uri, CUPS_LLCAST urilen));
+ DEBUG_printf(("httpReadRequest(http=%p, uri=%p, urilen=" CUPS_LLFMT ")", (void *)http, (void *)uri, CUPS_LLCAST urilen));
if (uri)
*uri = '\0';
if (!*req_uri)
{
DEBUG_puts("1httpReadRequest: No request URI.");
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("No request URI."), 1);
return (HTTP_STATE_ERROR);
}
if (!*req_version)
{
DEBUG_puts("1httpReadRequest: No request protocol version.");
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("No request protocol version."), 1);
return (HTTP_STATE_ERROR);
}
else
{
DEBUG_printf(("1httpReadRequest: Unknown method \"%s\".", req_method));
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unknown request method."), 1);
return (HTTP_STATE_UNKNOWN_METHOD);
}
else
{
DEBUG_printf(("1httpReadRequest: Unknown version \"%s\".", req_version));
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unknown request version."), 1);
return (HTTP_STATE_UNKNOWN_VERSION);
}
* This function is deprecated. Please use the @link httpReconnect2@ function
* instead.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
int /* O - 0 on success, non-zero on failure */
httpReconnect(http_t *http) /* I - HTTP connection */
{
- DEBUG_printf(("httpReconnect(http=%p)", http));
+ DEBUG_printf(("httpReconnect(http=%p)", (void *)http));
return (httpReconnect2(http, 30000, NULL));
}
#endif /* DEBUG */
- DEBUG_printf(("httpReconnect2(http=%p, msec=%d, cancel=%p)", http, msec,
- cancel));
+ DEBUG_printf(("httpReconnect2(http=%p, msec=%d, cancel=%p)", (void *)http, msec, (void *)cancel));
if (!http)
{
if (http->tls)
{
DEBUG_puts("2httpReconnect2: Shutting down SSL/TLS...");
- http_shutdown_ssl(http);
+ _httpTLSStop(http);
}
#endif /* HAVE_SSL */
{
DEBUG_printf(("2httpReconnect2: Closing socket %d...", http->fd));
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ httpAddrClose(NULL, http->fd);
http->fd = -1;
}
httpAddrPort(&(current->addr))));
#endif /* DEBUG */
- if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec,
- cancel)) == NULL)
+ if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, cancel)) == NULL)
{
/*
* Unable to connect...
*/
-#ifdef WIN32
+#ifdef _WIN32
http->error = WSAGetLastError();
#else
http->error = errno;
-#endif /* WIN32 */
+#endif /* _WIN32 */
http->status = HTTP_STATUS_ERROR;
DEBUG_printf(("1httpReconnect2: httpAddrConnect failed: %s",
* Always do encryption via SSL.
*/
- if (http_setup_ssl(http) != 0)
+ if (_httpTLSStart(http) != 0)
{
-# ifdef WIN32
- closesocket(http->fd);
-# else
- close(http->fd);
-# endif /* WIN32 */
+ httpAddrClose(NULL, http->fd);
+ http->fd = -1;
return (-1);
}
}
else if (http->encryption == HTTP_ENCRYPTION_REQUIRED && !http->tls_upgrade)
- return (http_upgrade(http));
+ return (http_tls_upgrade(http));
#endif /* HAVE_SSL */
DEBUG_printf(("1httpReconnect2: Connected to %s:%d...",
* 'httpSetAuthString()' - Set the current authorization string.
*
* This function just stores a copy of the current authorization string in
- * the HTTP connection object. You must still call httpSetField() to set
- * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
- * httpHead(), httpOptions(), httpPost, or httpPut().
+ * the HTTP connection object. You must still call @link httpSetField@ to set
+ * @code HTTP_FIELD_AUTHORIZATION@ prior to issuing a HTTP request using
+ * @link httpGet@, @link httpHead@, @link httpOptions@, @link httpPost@, or
+ * @link httpPut@.
*
- * @since CUPS 1.3/OS X 10.5@
+ * @since CUPS 1.3/macOS 10.5@
*/
void
* Set the current authorization string...
*/
- int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
+ size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
char *temp;
- if (len > (int)sizeof(http->_authstring))
+ if (len > sizeof(http->_authstring))
{
if ((temp = malloc(len)) == NULL)
len = sizeof(http->_authstring);
* 'httpSetCredentials()' - Set the credentials associated with an encrypted
* connection.
*
- * @since CUPS 1.5/OS X 10.7@
+ * @since CUPS 1.5/macOS 10.7@
*/
int /* O - Status of call (0 = success) */
if (!http || cupsArrayCount(credentials) < 1)
return (-1);
+#ifdef HAVE_SSL
_httpFreeCredentials(http->tls_credentials);
http->tls_credentials = _httpCreateCredentials(credentials);
+#endif /* HAVE_SSL */
return (http->tls_credentials ? 0 : -1);
}
/*
* 'httpSetCookie()' - Set the cookie value(s).
*
- * @since CUPS 1.1.19/OS X 10.3@
+ * @since CUPS 1.1.19/macOS 10.3@
*/
void
* Currently only @code HTTP_FIELD_ACCEPT_ENCODING@, @code HTTP_FIELD_SERVER@,
* and @code HTTP_FIELD_USER_AGENT@ can be set.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
void
http_field_t field, /* I - Field index */
const char *value)/* I - Value */
{
- DEBUG_printf(("httpSetDefaultField(http=%p, field=%d(%s), value=\"%s\")",
- http, field, http_fields[field], value));
+ DEBUG_printf(("httpSetDefaultField(http=%p, field=%d(%s), value=\"%s\")", (void *)http, field, http_fields[field], value));
- if (!http)
+ if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
return;
- switch (field)
- {
- case HTTP_FIELD_ACCEPT_ENCODING :
- if (http->default_accept_encoding)
- _cupsStrFree(http->default_accept_encoding);
-
- http->default_accept_encoding = value ? _cupsStrAlloc(value) : NULL;
- break;
-
- case HTTP_FIELD_SERVER :
- if (http->default_server)
- _cupsStrFree(http->default_server);
+ if (http->default_fields[field])
+ free(http->default_fields[field]);
- http->default_server = value ? _cupsStrAlloc(value) : NULL;
- break;
-
- case HTTP_FIELD_USER_AGENT :
- if (http->default_user_agent)
- _cupsStrFree(http->default_user_agent);
-
- http->default_user_agent = value ? _cupsStrAlloc(value) : NULL;
- break;
-
- default :
- DEBUG_puts("1httpSetDefaultField: Ignored.");
- break;
- }
+ http->default_fields[field] = value ? strdup(value) : NULL;
}
* Currently only @code HTTP_STATUS_CONTINUE@ is supported for the "expect"
* argument.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
void
http_status_t expect) /* I - HTTP status to expect
(@code HTTP_STATUS_CONTINUE@) */
{
- DEBUG_printf(("httpSetExpect(http=%p, expect=%d)", http, expect));
+ DEBUG_printf(("httpSetExpect(http=%p, expect=%d)", (void *)http, expect));
if (http)
http->expect = expect;
http_field_t field, /* I - Field index */
const char *value) /* I - Value */
{
- DEBUG_printf(("httpSetField(http=%p, field=%d(%s), value=\"%s\")", http,
- field, http_fields[field], value));
+ DEBUG_printf(("httpSetField(http=%p, field=%d(%s), value=\"%s\")", (void *)http, field, http_fields[field], value));
- if (http == NULL ||
- field < HTTP_FIELD_ACCEPT_LANGUAGE ||
- field >= HTTP_FIELD_MAX ||
- value == NULL)
+ if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX || !value)
return;
- switch (field)
- {
- case HTTP_FIELD_ACCEPT_ENCODING :
- if (http->accept_encoding)
- _cupsStrFree(http->accept_encoding);
-
- http->accept_encoding = _cupsStrAlloc(value);
- break;
-
- case HTTP_FIELD_ALLOW :
- if (http->allow)
- _cupsStrFree(http->allow);
-
- http->allow = _cupsStrAlloc(value);
- break;
-
- case HTTP_FIELD_SERVER :
- if (http->server)
- _cupsStrFree(http->server);
-
- http->server = _cupsStrAlloc(value);
- break;
-
- default :
- strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
- break;
- }
-
- if (field == HTTP_FIELD_AUTHORIZATION)
- {
- /*
- * Special case for Authorization: as its contents can be
- * longer than HTTP_MAX_VALUE
- */
-
- if (http->field_authorization)
- free(http->field_authorization);
-
- http->field_authorization = strdup(value);
- }
- else if (field == HTTP_FIELD_HOST)
- {
- /*
- * Special-case for Host: as we don't want a trailing "." on the hostname and
- * need to bracket IPv6 numeric addresses.
- */
-
- char *ptr = strchr(value, ':');
-
- if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
- {
- /*
- * Bracket IPv6 numeric addresses...
- *
- * This is slightly inefficient (basically copying twice), but is an edge
- * case and not worth optimizing...
- */
-
- snprintf(http->fields[HTTP_FIELD_HOST],
- sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
- }
- else
- {
- /*
- * Check for a trailing dot on the hostname...
- */
-
- ptr = http->fields[HTTP_FIELD_HOST];
-
- if (*ptr)
- {
- ptr += strlen(ptr) - 1;
-
- if (*ptr == '.')
- *ptr = '\0';
- }
- }
- }
-#ifdef HAVE_LIBZ
- else if (field == HTTP_FIELD_CONTENT_ENCODING &&
- http->data_encoding != HTTP_ENCODING_FIELDS)
- {
- DEBUG_puts("1httpSetField: Calling http_content_coding_start.");
- http_content_coding_start(http, value);
- }
-#endif /* HAVE_LIBZ */
+ http_add_field(http, field, value, 0);
}
/*
* 'httpSetKeepAlive()' - Set the current Keep-Alive state of a connection.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
void
/*
* 'httpSetLength()' - Set the content-length and content-encoding.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
void
httpSetLength(http_t *http, /* I - HTTP connection */
size_t length) /* I - Length (0 for chunked) */
{
- DEBUG_printf(("httpSetLength(http=%p, length=" CUPS_LLFMT ")", http,
- CUPS_LLCAST length));
+ DEBUG_printf(("httpSetLength(http=%p, length=" CUPS_LLFMT ")", (void *)http, CUPS_LLCAST length));
if (!http)
return;
if (!length)
{
- strlcpy(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked",
- HTTP_MAX_VALUE);
- http->fields[HTTP_FIELD_CONTENT_LENGTH][0] = '\0';
+ httpSetField(http, HTTP_FIELD_TRANSFER_ENCODING, "chunked");
+ httpSetField(http, HTTP_FIELD_CONTENT_LENGTH, "");
}
else
{
- http->fields[HTTP_FIELD_TRANSFER_ENCODING][0] = '\0';
- snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE,
- CUPS_LLFMT, CUPS_LLCAST length);
+ char len[32]; /* Length string */
+
+
+ snprintf(len, sizeof(len), CUPS_LLFMT, CUPS_LLCAST length);
+ httpSetField(http, HTTP_FIELD_TRANSFER_ENCODING, "");
+ httpSetField(http, HTTP_FIELD_CONTENT_LENGTH, len);
}
}
* The optional timeout callback receives both the HTTP connection and a user
* data pointer and must return 1 to continue or 0 to error (time) out.
*
- * @since CUPS 1.5/OS X 10.7@
+ * @since CUPS 1.5/macOS 10.7@
*/
void
http_t *http, /* I - HTTP connection */
double timeout, /* I - Number of seconds for timeout,
must be greater than 0 */
- http_timeout_cb_t cb, /* I - Callback function or NULL */
+ http_timeout_cb_t cb, /* I - Callback function or @code NULL@ */
void *user_data) /* I - User data pointer */
{
if (!http || timeout <= 0.0)
/*
* 'httpShutdown()' - Shutdown one side of an HTTP connection.
*
- * @since CUPS 2.0@
+ * @since CUPS 2.0/OS 10.10@
*/
void
if (!http || http->fd < 0)
return;
+#ifdef HAVE_SSL
if (http->tls)
- http_shutdown_ssl(http);
+ _httpTLSStop(http);
+#endif /* HAVE_SSL */
+#ifdef _WIN32
+ shutdown(http->fd, SD_RECEIVE); /* Microsoft-ism... */
+#else
shutdown(http->fd, SHUT_RD);
+#endif /* _WIN32 */
}
/*
* 'httpTrace()' - Send an TRACE request to the server.
+ *
+ * @exclude all@
*/
int /* O - Status of call (0 = success) */
int major, minor; /* HTTP version numbers */
- DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", http, status,
- httpStateString(http->state)));
+ DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", (void *)http, (void *)status, httpStateString(http->state)));
/*
* Grab a single line from the connection...
#ifdef HAVE_SSL
if (http->status == HTTP_STATUS_SWITCHING_PROTOCOLS && !http->tls)
{
- if (http_setup_ssl(http) != 0)
+ if (_httpTLSStart(http) != 0)
{
-# ifdef WIN32
- closesocket(http->fd);
-# else
- close(http->fd);
-# endif /* WIN32 */
+ httpAddrClose(NULL, http->fd);
+ http->fd = -1;
*status = http->status = HTTP_STATUS_ERROR;
return (0);
*status = http->status;
return (0);
}
- else if (!strncmp(line, "HTTP/", 5))
+ else if (!strncmp(line, "HTTP/", 5) && http->mode == _HTTP_MODE_CLIENT)
{
/*
* Got the beginning of a response...
httpSetCookie(http, value);
}
else if ((field = httpFieldValue(line)) != HTTP_FIELD_UNKNOWN)
- httpSetField(http, field, value);
+ {
+ http_add_field(http, field, value, 1);
+
+ if (field == HTTP_FIELD_AUTHENTICATION_INFO)
+ httpGetSubField2(http, HTTP_FIELD_AUTHENTICATION_INFO, "nextnonce", http->nextnonce, (int)sizeof(http->nextnonce));
+ }
#ifdef DEBUG
else
DEBUG_printf(("1_httpUpdate: unknown field %s seen!", line));
http_status_t status; /* Request status */
- DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
- httpStateString(http->state)));
+ DEBUG_printf(("httpUpdate(http=%p), state=%s", (void *)http, httpStateString(http->state)));
/*
* Flush pending data, if any...
int nfds; /* Result from select()/poll() */
- DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
+ DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", (void *)http, msec, usessl));
if (http->fd < 0)
{
*/
#ifdef HAVE_SSL
- if (http->tls && usessl)
+ if (http->tls && _httpTLSPending(http))
{
-# ifdef HAVE_LIBSSL
- if (SSL_pending(http->tls))
- {
- DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
- return (1);
- }
-
-# elif defined(HAVE_GNUTLS)
- if (gnutls_record_check_pending(http->tls))
- {
- DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
- return (1);
- }
-
-# elif defined(HAVE_CDSASSL)
- size_t bytes; /* Bytes that are available */
-
- if (!SSLGetBufferedReadSize(http->tls, &bytes) &&
- bytes > 0)
- {
- DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
- return (1);
- }
-# endif /* HAVE_LIBSSL */
+ DEBUG_puts("5_httpWait: Return 1 since there is pending TLS data.");
+ return (1);
}
#endif /* HAVE_SSL */
DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
}
-# ifdef WIN32
+# ifdef _WIN32
while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
WSAGetLastError() == WSAEWOULDBLOCK));
# else
while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
-# endif /* WIN32 */
+# endif /* _WIN32 */
#endif /* HAVE_POLL */
DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
/*
* 'httpWait()' - Wait for data available on a connection.
*
- * @since CUPS 1.1.19/OS X 10.3@
+ * @since CUPS 1.1.19/macOS 10.3@
*/
int /* O - 1 if data is available, 0 otherwise */
* First see if there is data in the buffer...
*/
- DEBUG_printf(("2httpWait(http=%p, msec=%d)", http, msec));
+ DEBUG_printf(("2httpWait(http=%p, msec=%d)", (void *)http, msec));
if (http == NULL)
return (0);
}
#ifdef HAVE_LIBZ
- if (http->coding >= _HTTP_CODING_GUNZIP && http->stream.avail_in > 0)
+ if (http->coding >= _HTTP_CODING_GUNZIP && ((z_stream *)http->stream)->avail_in > 0)
{
DEBUG_puts("3httpWait: Returning 1 since there is buffered data ready.");
return (1);
* This function is deprecated. Use the httpWrite2() function which can
* write more than 2GB of data.
*
- * @deprecated@
+ * @deprecated@ @exclude all@
*/
int /* O - Number of bytes written */
const char *buffer, /* I - Buffer for data */
int length) /* I - Number of bytes to write */
{
- return ((int)httpWrite2(http, buffer, length));
+ return ((int)httpWrite2(http, buffer, (size_t)length));
}
/*
* 'httpWrite2()' - Write data to a HTTP connection.
*
- * @since CUPS 1.2/OS X 10.5@
+ * @since CUPS 1.2/macOS 10.5@
*/
ssize_t /* O - Number of bytes written */
ssize_t bytes; /* Bytes written */
- DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
- buffer, CUPS_LLCAST length));
+ DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
/*
* Range check input...
*/
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding == _HTTP_CODING_GZIP || http->coding == _HTTP_CODING_DEFLATE)
{
DEBUG_printf(("1httpWrite2: http->coding=%d", http->coding));
}
else
{
- http->stream.next_in = (Bytef *)buffer;
- http->stream.avail_in = length;
- http->stream.next_out = (Bytef *)http->wbuffer + http->wused;
- http->stream.avail_out = sizeof(http->wbuffer) - http->wused;
+ size_t slen; /* Bytes to write */
+ ssize_t sret; /* Bytes written */
- while (deflate(&(http->stream), Z_NO_FLUSH) == Z_OK)
+ ((z_stream *)http->stream)->next_in = (Bytef *)buffer;
+ ((z_stream *)http->stream)->avail_in = (uInt)length;
+
+ while (deflate((z_stream *)http->stream, Z_NO_FLUSH) == Z_OK)
{
- http->wused = sizeof(http->wbuffer) - http->stream.avail_out;
+ DEBUG_printf(("1httpWrite2: avail_out=%d", ((z_stream *)http->stream)->avail_out));
- if (http->stream.avail_out == 0)
- {
- if (httpFlushWrite(http) < 0)
- {
- DEBUG_puts("1httpWrite2: Unable to flush, returning -1.");
- return (-1);
- }
+ if (((z_stream *)http->stream)->avail_out > 0)
+ continue;
+
+ slen = _HTTP_MAX_SBUFFER - ((z_stream *)http->stream)->avail_out;
- http->stream.next_out = (Bytef *)http->wbuffer;
- http->stream.avail_out = sizeof(http->wbuffer);
+ DEBUG_printf(("1httpWrite2: Writing intermediate chunk, len=%d", (int)slen));
+
+ if (slen > 0 && http->data_encoding == HTTP_ENCODING_CHUNKED)
+ sret = http_write_chunk(http, (char *)http->sbuffer, slen);
+ else if (slen > 0)
+ sret = http_write(http, (char *)http->sbuffer, slen);
+ else
+ sret = 0;
+
+ if (sret < 0)
+ {
+ DEBUG_puts("1httpWrite2: Unable to write, returning -1.");
+ return (-1);
}
+
+ ((z_stream *)http->stream)->next_out = (Bytef *)http->sbuffer;
+ ((z_stream *)http->stream)->avail_out = (uInt)_HTTP_MAX_SBUFFER;
}
- http->wused = sizeof(http->wbuffer) - http->stream.avail_out;
- bytes = length;
+ bytes = (ssize_t)length;
}
}
else
#endif /* HAVE_LIBZ */
if (length > 0)
{
- if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
+ if (http->wused && (length + (size_t)http->wused) > sizeof(http->wbuffer))
{
DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
httpFlushWrite(http);
}
- if ((length + http->wused) <= sizeof(http->wbuffer) &&
- length < sizeof(http->wbuffer))
+ if ((length + (size_t)http->wused) <= sizeof(http->wbuffer) && length < sizeof(http->wbuffer))
{
/*
* Write to buffer...
CUPS_LLCAST length));
if (http->data_encoding == HTTP_ENCODING_CHUNKED)
- bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
+ bytes = (ssize_t)http_write_chunk(http, buffer, length);
else
- bytes = (ssize_t)http_write(http, buffer, (int)length);
+ bytes = (ssize_t)http_write(http, buffer, length);
DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
CUPS_LLCAST bytes));
*/
#ifdef HAVE_LIBZ
- if (http->coding)
+ if (http->coding == _HTTP_CODING_GZIP || http->coding == _HTTP_CODING_DEFLATE)
http_content_coding_finish(http);
#endif /* HAVE_LIBZ */
if (http->state == HTTP_STATE_POST_RECV)
http->state ++;
- else if (http->state == HTTP_STATE_POST_SEND)
+ else if (http->state == HTTP_STATE_POST_SEND ||
+ http->state == HTTP_STATE_GET_SEND)
http->state = HTTP_STATE_WAITING;
else
http->state = HTTP_STATE_STATUS;
}
-#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
-/*
- * '_httpWriteCDSA()' - Write function for the CDSA library.
- */
-
-OSStatus /* O - -1 on error, 0 on success */
-_httpWriteCDSA(
- SSLConnectionRef connection, /* I - SSL/TLS connection */
- const void *data, /* I - Data buffer */
- size_t *dataLength) /* IO - Number of bytes */
-{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- http_t *http; /* HTTP connection */
-
-
- http = (http_t *)connection;
-
- do
- {
- bytes = write(http->fd, data, *dataLength);
- }
- while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
-
- if (bytes == *dataLength)
- {
- result = 0;
- }
- else if (bytes >= 0)
- {
- *dataLength = bytes;
- result = errSSLWouldBlock;
- }
- else
- {
- *dataLength = 0;
-
- if (errno == EAGAIN)
- result = errSSLWouldBlock;
- else
- result = errSSLClosedAbort;
- }
-
- return (result);
-}
-#endif /* HAVE_SSL && HAVE_CDSASSL */
-
-
-#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
-/*
- * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
- */
-
-ssize_t /* O - Number of bytes written or -1 on error */
-_httpWriteGNUTLS(
- gnutls_transport_ptr ptr, /* I - HTTP connection */
- const void *data, /* I - Data buffer */
- size_t length) /* I - Number of bytes to write */
-{
- ssize_t bytes; /* Bytes written */
-
-
- DEBUG_printf(("6_httpWriteGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data,
- (int)length));
-#ifdef DEBUG
- http_debug_hex("_httpWriteGNUTLS", data, (int)length);
-#endif /* DEBUG */
-
- bytes = send(((http_t *)ptr)->fd, data, length, 0);
- DEBUG_printf(("_httpWriteGNUTLS: bytes=%d", (int)bytes));
-
- return (bytes);
-}
-#endif /* HAVE_SSL && HAVE_GNUTLS */
-
-
/*
* 'httpWriteResponse()' - Write a HTTP response to a client connection.
*
- * @since CUPS 1.7/OS X 10.9@
+ * @since CUPS 1.7/macOS 10.9@
*/
int /* O - 0 on success, -1 on error */
* Range check input...
*/
- DEBUG_printf(("httpWriteResponse(http=%p, status=%d)", http, status));
+ DEBUG_printf(("httpWriteResponse(http=%p, status=%d)", (void *)http, status));
if (!http || status < HTTP_STATUS_CONTINUE)
{
* Set the various standard fields if they aren't already...
*/
- if (!http->fields[HTTP_FIELD_DATE][0])
+ if (!http->fields[HTTP_FIELD_DATE])
httpSetField(http, HTTP_FIELD_DATE, httpGetDateString(time(NULL)));
if (status >= HTTP_STATUS_BAD_REQUEST && http->keep_alive)
if (http->version == HTTP_VERSION_1_1)
{
- if (!http->fields[HTTP_FIELD_CONNECTION][0])
+ if (!http->fields[HTTP_FIELD_CONNECTION])
{
if (http->keep_alive)
httpSetField(http, HTTP_FIELD_CONNECTION, "Keep-Alive");
httpSetField(http, HTTP_FIELD_CONNECTION, "close");
}
- if (http->keep_alive && !http->fields[HTTP_FIELD_KEEP_ALIVE][0])
+ if (http->keep_alive && !http->fields[HTTP_FIELD_KEEP_ALIVE])
httpSetField(http, HTTP_FIELD_KEEP_ALIVE, "timeout=10");
}
#ifdef HAVE_SSL
- if (status == HTTP_STATUS_UPGRADE_REQUIRED)
+ if (status == HTTP_STATUS_UPGRADE_REQUIRED ||
+ status == HTTP_STATUS_SWITCHING_PROTOCOLS)
{
- if (!http->fields[HTTP_FIELD_CONNECTION][0])
+ if (!http->fields[HTTP_FIELD_CONNECTION])
httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
- if (!http->fields[HTTP_FIELD_UPGRADE][0])
+ if (!http->fields[HTTP_FIELD_UPGRADE])
httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
+
+ if (!http->fields[HTTP_FIELD_CONTENT_LENGTH])
+ httpSetField(http, HTTP_FIELD_CONTENT_LENGTH, "0");
}
#endif /* HAVE_SSL */
- if (!http->server)
- httpSetField(http, HTTP_FIELD_SERVER,
- http->default_server ? http->default_server : CUPS_MINIMAL);
+ if (!http->fields[HTTP_FIELD_SERVER])
+ httpSetField(http, HTTP_FIELD_SERVER, http->default_fields[HTTP_FIELD_SERVER] ? http->default_fields[HTTP_FIELD_SERVER] : CUPS_MINIMAL);
/*
* Set the Accept-Encoding field if it isn't already...
*/
- if (!http->accept_encoding)
- httpSetField(http, HTTP_FIELD_ACCEPT_ENCODING,
- http->default_accept_encoding ? http->default_accept_encoding :
+ if (!http->fields[HTTP_FIELD_ACCEPT_ENCODING])
+ httpSetField(http, HTTP_FIELD_ACCEPT_ENCODING, http->default_fields[HTTP_FIELD_ACCEPT_ENCODING] ? http->default_fields[HTTP_FIELD_ACCEPT_ENCODING] :
#ifdef HAVE_LIBZ
"gzip, deflate, identity");
#else
old_remaining = http->data_remaining;
http->data_encoding = HTTP_ENCODING_FIELDS;
- if (httpPrintf(http, "HTTP/%d.%d %d %s\r\n", http->version / 100,
- http->version % 100, (int)status, httpStatus(status)) < 0)
+ if (httpPrintf(http, "HTTP/%d.%d %d %s\r\n", http->version / 100, http->version % 100, (int)status, httpStatus(status)) < 0)
{
http->status = HTTP_STATUS_ERROR;
return (-1);
if (http->cookie)
{
- if (httpPrintf(http, "Set-Cookie: %s path=/%s\r\n", http->cookie,
- http->tls ? " secure" : "") < 1)
+ if (strchr(http->cookie, ';'))
+ {
+ if (httpPrintf(http, "Set-Cookie: %s\r\n", http->cookie) < 1)
+ {
+ http->status = HTTP_STATUS_ERROR;
+ return (-1);
+ }
+ }
+ else if (httpPrintf(http, "Set-Cookie: %s; path=/; httponly;%s\r\n", http->cookie, http->tls ? " secure;" : "") < 1)
{
http->status = HTTP_STATUS_ERROR;
return (-1);
}
}
+
+ /*
+ * "Click-jacking" defense (STR #4492)...
+ */
+
+ if (httpPrintf(http, "X-Frame-Options: DENY\r\n"
+ "Content-Security-Policy: frame-ancestors 'none'\r\n") < 1)
+ {
+ http->status = HTTP_STATUS_ERROR;
+ return (-1);
+ }
}
if (httpWrite2(http, "\r\n", 2) < 2)
return (-1);
}
- if (status == HTTP_STATUS_CONTINUE)
+ if (status == HTTP_STATUS_CONTINUE ||
+ status == HTTP_STATUS_SWITCHING_PROTOCOLS)
{
/*
* Restore the old data_encoding and data_length values...
http_set_length(http);
+ if (http->data_encoding == HTTP_ENCODING_LENGTH && http->data_remaining == 0)
+ {
+ DEBUG_printf(("1httpWriteResponse: Resetting state to HTTP_STATE_WAITING, "
+ "was %s.", httpStateString(http->state)));
+ http->state = HTTP_STATE_WAITING;
+ return (0);
+ }
+
+ if (http->state == HTTP_STATE_POST_RECV || http->state == HTTP_STATE_GET)
+ http->state ++;
+
#ifdef HAVE_LIBZ
/*
* Then start any content encoding...
http_content_coding_start(http,
httpGetField(http, HTTP_FIELD_CONTENT_ENCODING));
#endif /* HAVE_LIBZ */
+
}
return (0);
}
-#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
/*
- * 'http_bio_ctrl()' - Control the HTTP connection.
+ * 'http_add_field()' - Add a value for a HTTP field, appending if needed.
*/
-static long /* O - Result/data */
-http_bio_ctrl(BIO *h, /* I - BIO data */
- int cmd, /* I - Control command */
- long arg1, /* I - First argument */
- void *arg2) /* I - Second argument */
+static void
+http_add_field(http_t *http, /* I - HTTP connection */
+ http_field_t field, /* I - HTTP field */
+ const char *value, /* I - Value string */
+ int append) /* I - Append value? */
{
- switch (cmd)
+ char temp[1024]; /* Temporary value string */
+ size_t fieldlen, /* Length of existing value */
+ valuelen, /* Length of value string */
+ total; /* Total length of string */
+
+
+ if (field == HTTP_FIELD_HOST)
{
- default :
- return (0);
+ /*
+ * Special-case for Host: as we don't want a trailing "." on the hostname and
+ * need to bracket IPv6 numeric addresses.
+ */
- case BIO_CTRL_RESET :
- h->ptr = NULL;
- return (0);
+ char *ptr = strchr(value, ':');
- case BIO_C_SET_FILE_PTR :
- h->ptr = arg2;
- h->init = 1;
- return (1);
+ if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
+ {
+ /*
+ * Bracket IPv6 numeric addresses...
+ *
+ * This is slightly inefficient (basically copying twice), but is an edge
+ * case and not worth optimizing...
+ */
- case BIO_C_GET_FILE_PTR :
- if (arg2)
- {
- *((void **)arg2) = h->ptr;
- return (1);
- }
- else
- return (0);
+ snprintf(temp, sizeof(temp), "[%s]", value);
+ value = temp;
+ }
+ else if (*value)
+ {
+ /*
+ * Check for a trailing dot on the hostname...
+ */
- case BIO_CTRL_DUP :
- case BIO_CTRL_FLUSH :
- return (1);
+ strlcpy(temp, value, sizeof(temp));
+ value = temp;
+ ptr = temp + strlen(temp) - 1;
+
+ if (*ptr == '.')
+ *ptr = '\0';
+ }
}
-}
+ if (append && field != HTTP_FIELD_ACCEPT_ENCODING && field != HTTP_FIELD_ACCEPT_LANGUAGE && field != HTTP_FIELD_ACCEPT_RANGES && field != HTTP_FIELD_ALLOW && field != HTTP_FIELD_LINK && field != HTTP_FIELD_TRANSFER_ENCODING && field != HTTP_FIELD_UPGRADE && field != HTTP_FIELD_WWW_AUTHENTICATE)
+ append = 0;
-/*
- * 'http_bio_free()' - Free OpenSSL data.
- */
+ if (!append && http->fields[field])
+ {
+ if (http->fields[field] != http->_fields[field])
+ free(http->fields[field]);
-static int /* O - 1 on success, 0 on failure */
-http_bio_free(BIO *h) /* I - BIO data */
-{
- if (!h)
- return (0);
+ http->fields[field] = NULL;
+ }
+
+ valuelen = strlen(value);
- if (h->shutdown)
+ if (!valuelen)
{
- h->init = 0;
- h->flags = 0;
+ http->_fields[field][0] = '\0';
+ return;
}
- return (1);
-}
+ if (http->fields[field])
+ {
+ fieldlen = strlen(http->fields[field]);
+ total = fieldlen + 2 + valuelen;
+ }
+ else
+ {
+ fieldlen = 0;
+ total = valuelen;
+ }
+ if (total < HTTP_MAX_VALUE && field < HTTP_FIELD_ACCEPT_ENCODING)
+ {
+ /*
+ * Copy short values to legacy char arrays (maintained for binary
+ * compatibility with CUPS 1.2.x and earlier applications...)
+ */
-/*
- * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
- */
+ if (fieldlen)
+ {
+ char combined[HTTP_MAX_VALUE];
+ /* Combined value string */
-static int /* O - 1 on success, 0 on failure */
-http_bio_new(BIO *h) /* I - BIO data */
-{
- if (!h)
- return (0);
+ snprintf(combined, sizeof(combined), "%s, %s", http->_fields[field], value);
+ value = combined;
+ }
- h->init = 0;
- h->num = 0;
- h->ptr = NULL;
- h->flags = 0;
+ strlcpy(http->_fields[field], value, sizeof(http->_fields[field]));
+ http->fields[field] = http->_fields[field];
+ }
+ else if (fieldlen)
+ {
+ /*
+ * Expand the field value...
+ */
- return (1);
-}
+ char *combined; /* New value string */
+ if (http->fields[field] == http->_fields[field])
+ {
+ if ((combined = malloc(total + 1)) != NULL)
+ {
+ http->fields[field] = combined;
+ snprintf(combined, total + 1, "%s, %s", http->_fields[field], value);
+ }
+ }
+ else if ((combined = realloc(http->fields[field], total + 1)) != NULL)
+ {
+ http->fields[field] = combined;
+ strlcat(combined, ", ", total + 1);
+ strlcat(combined, value, total + 1);
+ }
+ }
+ else
+ {
+ /*
+ * Allocate the field value...
+ */
-/*
- * 'http_bio_puts()' - Send a string for OpenSSL.
- */
+ http->fields[field] = strdup(value);
+ }
-static int /* O - Bytes written */
-http_bio_puts(BIO *h, /* I - BIO data */
- const char *str) /* I - String to write */
-{
-#ifdef WIN32
- return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
-#else
- return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
-#endif /* WIN32 */
+#ifdef HAVE_LIBZ
+ if (field == HTTP_FIELD_CONTENT_ENCODING && http->data_encoding != HTTP_ENCODING_FIELDS)
+ {
+ DEBUG_puts("1httpSetField: Calling http_content_coding_start.");
+ http_content_coding_start(http, value);
+ }
+#endif /* HAVE_LIBZ */
}
+#ifdef HAVE_LIBZ
/*
- * 'http_bio_read()' - Read data for OpenSSL.
+ * 'http_content_coding_finish()' - Finish doing any content encoding.
*/
-static int /* O - Bytes read */
-http_bio_read(BIO *h, /* I - BIO data */
- char *buf, /* I - Buffer */
- int size) /* I - Number of bytes to read */
+static void
+http_content_coding_finish(
+ http_t *http) /* I - HTTP connection */
{
- http_t *http; /* HTTP connection */
+ int zerr; /* Compression status */
+ Byte dummy[1]; /* Dummy read buffer */
+ size_t bytes; /* Number of bytes to write */
- http = (http_t *)h->ptr;
-
- if (!http->blocking)
- {
- /*
- * Make sure we have data before we read...
- */
-
- while (!_httpWait(http, http->wait_value, 0))
- {
- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
- continue;
-
-#ifdef WIN32
- http->error = WSAETIMEDOUT;
-#else
- http->error = ETIMEDOUT;
-#endif /* WIN32 */
-
- return (-1);
- }
- }
-
- return (recv(http->fd, buf, size, 0));
-}
-
-
-/*
- * 'http_bio_write()' - Write data for OpenSSL.
- */
-
-static int /* O - Bytes written */
-http_bio_write(BIO *h, /* I - BIO data */
- const char *buf, /* I - Buffer to write */
- int num) /* I - Number of bytes to write */
-{
- return (send(((http_t *)h->ptr)->fd, buf, num, 0));
-}
-#endif /* HAVE_SSL && HAVE_LIBSSL */
-
-
-#ifdef HAVE_LIBZ
-/*
- * 'http_content_coding_finish()' - Finish doing any content encoding.
- */
-
-static void
-http_content_coding_finish(
- http_t *http) /* I - HTTP connection */
-{
- int zerr; /* Compression status */
-
+ DEBUG_printf(("http_content_coding_finish(http=%p)", (void *)http));
+ DEBUG_printf(("1http_content_coding_finishing: http->coding=%d", http->coding));
switch (http->coding)
{
case _HTTP_CODING_DEFLATE :
case _HTTP_CODING_GZIP :
+ ((z_stream *)http->stream)->next_in = dummy;
+ ((z_stream *)http->stream)->avail_in = 0;
+
do
{
- http->stream.next_out = (Bytef *)http->wbuffer + http->wused;
- http->stream.avail_out = sizeof(http->wbuffer) - http->wused;
+ zerr = deflate((z_stream *)http->stream, Z_FINISH);
+ bytes = _HTTP_MAX_SBUFFER - ((z_stream *)http->stream)->avail_out;
+
+ if (bytes > 0)
+ {
+ DEBUG_printf(("1http_content_coding_finish: Writing trailing chunk, len=%d", (int)bytes));
- zerr = deflate(&(http->stream), Z_FINISH);
+ if (http->data_encoding == HTTP_ENCODING_CHUNKED)
+ http_write_chunk(http, (char *)http->sbuffer, bytes);
+ else
+ http_write(http, (char *)http->sbuffer, bytes);
+ }
- http->wused = sizeof(http->wbuffer) - http->stream.avail_out;
- if (http->wused == sizeof(http->wbuffer))
- httpFlushWrite(http);
- }
+ ((z_stream *)http->stream)->next_out = (Bytef *)http->sbuffer;
+ ((z_stream *)http->stream)->avail_out = (uInt)_HTTP_MAX_SBUFFER;
+ }
while (zerr == Z_OK);
- deflateEnd(&(http->stream));
+ deflateEnd((z_stream *)http->stream);
+
+ free(http->sbuffer);
+ free(http->stream);
+
+ http->sbuffer = NULL;
+ http->stream = NULL;
if (http->wused)
httpFlushWrite(http);
case _HTTP_CODING_INFLATE :
case _HTTP_CODING_GUNZIP :
- inflateEnd(&(http->stream));
- free(http->dbuffer);
- http->dbuffer = NULL;
+ inflateEnd((z_stream *)http->stream);
+
+ free(http->sbuffer);
+ free(http->stream);
+
+ http->sbuffer = NULL;
+ http->stream = NULL;
break;
default :
_http_coding_t coding; /* Content coding value */
- DEBUG_printf(("http_content_coding_start(http=%p, value=\"%s\")", http,
- value));
+ DEBUG_printf(("http_content_coding_start(http=%p, value=\"%s\")", (void *)http, value));
if (http->coding != _HTTP_CODING_IDENTITY)
{
return;
}
- memset(&(http->stream), 0, sizeof(http->stream));
-
switch (coding)
{
case _HTTP_CODING_DEFLATE :
if (http->wused)
httpFlushWrite(http);
+ if ((http->sbuffer = malloc(_HTTP_MAX_SBUFFER)) == NULL)
+ {
+ http->status = HTTP_STATUS_ERROR;
+ http->error = errno;
+ return;
+ }
+
/*
* Window size for compression is 11 bits - optimal based on PWG Raster
* sample files on pwg.org. -11 is raw deflate, 27 is gzip, per ZLIB
* documentation.
*/
- if ((zerr = deflateInit2(&(http->stream), Z_DEFAULT_COMPRESSION,
- Z_DEFLATED,
- coding == _HTTP_CODING_DEFLATE ? -11 : 27, 7,
- Z_DEFAULT_STRATEGY)) < Z_OK)
+ if ((http->stream = calloc(1, sizeof(z_stream))) == NULL)
+ {
+ free(http->sbuffer);
+
+ http->sbuffer = NULL;
+ http->status = HTTP_STATUS_ERROR;
+ http->error = errno;
+ return;
+ }
+
+ if ((zerr = deflateInit2((z_stream *)http->stream, Z_DEFAULT_COMPRESSION, Z_DEFLATED, coding == _HTTP_CODING_DEFLATE ? -11 : 27, 7, Z_DEFAULT_STRATEGY)) < Z_OK)
{
- http->status = HTTP_STATUS_ERROR;
- http->error = zerr == Z_MEM_ERROR ? ENOMEM : EINVAL;
+ free(http->sbuffer);
+ free(http->stream);
+
+ http->sbuffer = NULL;
+ http->stream = NULL;
+ http->status = HTTP_STATUS_ERROR;
+ http->error = zerr == Z_MEM_ERROR ? ENOMEM : EINVAL;
return;
}
+
+ ((z_stream *)http->stream)->next_out = (Bytef *)http->sbuffer;
+ ((z_stream *)http->stream)->avail_out = (uInt)_HTTP_MAX_SBUFFER;
break;
case _HTTP_CODING_INFLATE :
case _HTTP_CODING_GUNZIP :
- if ((http->dbuffer = malloc(HTTP_MAX_BUFFER)) == NULL)
+ if ((http->sbuffer = malloc(_HTTP_MAX_SBUFFER)) == NULL)
{
http->status = HTTP_STATUS_ERROR;
http->error = errno;
* -15 is raw inflate, 31 is gunzip, per ZLIB documentation.
*/
- if ((zerr = inflateInit2(&(http->stream),
- coding == _HTTP_CODING_INFLATE ? -15 : 31))
- < Z_OK)
+ if ((http->stream = calloc(1, sizeof(z_stream))) == NULL)
+ {
+ free(http->sbuffer);
+
+ http->sbuffer = NULL;
+ http->status = HTTP_STATUS_ERROR;
+ http->error = errno;
+ return;
+ }
+
+ if ((zerr = inflateInit2((z_stream *)http->stream, coding == _HTTP_CODING_INFLATE ? -15 : 31)) < Z_OK)
{
- free(http->dbuffer);
- http->dbuffer = NULL;
+ free(http->sbuffer);
+ free(http->stream);
+
+ http->sbuffer = NULL;
+ http->stream = NULL;
http->status = HTTP_STATUS_ERROR;
http->error = zerr == Z_MEM_ERROR ? ENOMEM : EINVAL;
return;
}
- http->stream.avail_in = 0;
- http->stream.next_in = http->dbuffer;
+ ((z_stream *)http->stream)->avail_in = 0;
+ ((z_stream *)http->stream)->next_in = http->sbuffer;
break;
default :
http_create(
const char *host, /* I - Hostname */
int port, /* I - Port number */
- http_addrlist_t *addrlist, /* I - Address list or NULL */
+ http_addrlist_t *addrlist, /* I - Address list or @code NULL@ */
int family, /* I - Address family or AF_UNSPEC */
http_encryption_t encryption, /* I - Encryption to use */
int blocking, /* I - 1 for blocking mode */
http_addrlist_t *myaddrlist = NULL; /* My address list */
- DEBUG_printf(("4http_create(host=\"%s\", port=%d, addrlist=%p, family=%d, "
- "encryption=%d, blocking=%d, mode=%d)", host, port, addrlist,
- family, encryption, blocking, mode));
+ DEBUG_printf(("4http_create(host=\"%s\", port=%d, addrlist=%p, family=%d, encryption=%d, blocking=%d, mode=%d)", host, port, (void *)addrlist, family, encryption, blocking, mode));
if (!host && mode == _HTTP_MODE_CLIENT)
return (NULL);
if ((http = calloc(sizeof(http_t), 1)) == NULL)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
- httpAddrFreeList(addrlist);
+ httpAddrFreeList(myaddrlist);
return (NULL);
}
return (http);
}
-/* For OS X 10.8 and earlier */
-http_t *_httpCreate(const char *host, int port, http_addrlist_t *addrlist,
- http_encryption_t encryption, int family)
-{ return (http_create(host, port, addrlist, family, encryption, 1,
- _HTTP_MODE_CLIENT)); }
-
#ifdef DEBUG
/*
for (i = 0; i < bytes; i += 16)
{
for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
- sprintf(ptr, "%02X", buffer[i + j] & 255);
+ snprintf(ptr, 3, "%02X", buffer[i + j] & 255);
while (j < 16)
{
if (ch < ' ' || ch >= 127)
ch = '.';
- *ptr++ = ch;
+ *ptr++ = (char)ch;
}
*ptr = '\0';
ssize_t bytes; /* Bytes read */
- DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
- buffer, CUPS_LLCAST length));
+ DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
- if (!http->blocking)
+ if (!http->blocking || http->timeout_value > 0.0)
{
while (!httpWait(http, http->wait_value))
{
{
#ifdef HAVE_SSL
if (http->tls)
- bytes = http_read_ssl(http, buffer, length);
+ bytes = _httpTLSRead(http, buffer, (int)length);
else
#endif /* HAVE_SSL */
bytes = recv(http->fd, buffer, length, 0);
if (bytes < 0)
{
-#ifdef WIN32
+#ifdef _WIN32
if (WSAGetLastError() != WSAEINTR)
{
http->error = WSAGetLastError();
http->error = errno;
return (-1);
}
-#endif /* WIN32 */
+#endif /* _WIN32 */
}
}
while (bytes < 0);
if (bytes < 0)
{
-#ifdef WIN32
+#ifdef _WIN32
if (WSAGetLastError() == WSAEINTR)
bytes = 0;
else
bytes = 0;
else
http->error = errno;
-#endif /* WIN32 */
+#endif /* _WIN32 */
}
else if (bytes == 0)
{
ssize_t bytes; /* Bytes read */
- DEBUG_printf(("http_read_buffered(http=%p, buffer=%p, length=" CUPS_LLFMT
- ") used=%d",
- http, buffer, CUPS_LLCAST length, http->used));
+ DEBUG_printf(("http_read_buffered(http=%p, buffer=%p, length=" CUPS_LLFMT ") used=%d", (void *)http, (void *)buffer, CUPS_LLCAST length, http->used));
if (http->used > 0)
{
if (length > (size_t)http->used)
- bytes = (size_t)http->used;
+ bytes = (ssize_t)http->used;
else
- bytes = length;
+ bytes = (ssize_t)length;
DEBUG_printf(("2http_read: Grabbing %d bytes from input buffer.",
(int)bytes));
- memcpy(buffer, http->buffer, bytes);
+ memcpy(buffer, http->buffer, (size_t)bytes);
http->used -= (int)bytes;
if (http->used > 0)
- memmove(http->buffer, http->buffer + bytes, http->used);
+ memmove(http->buffer, http->buffer + bytes, (size_t)http->used);
}
else
bytes = http_read(http, buffer, length);
char *buffer, /* I - Buffer */
size_t length) /* I - Maximum bytes to read */
{
- DEBUG_printf(("http_read_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
- http, buffer, CUPS_LLCAST length));
+ DEBUG_printf(("http_read_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
if (http->data_remaining <= 0)
{
}
-#ifdef HAVE_SSL
-/*
- * 'http_read_ssl()' - Read from a SSL/TLS connection.
- */
-
-static int /* O - Bytes read */
-http_read_ssl(http_t *http, /* I - HTTP connection */
- char *buf, /* I - Buffer to store data */
- int len) /* I - Length of buffer */
-{
-# if defined(HAVE_LIBSSL)
- return (SSL_read((SSL *)(http->tls), buf, len));
-
-# elif defined(HAVE_GNUTLS)
- ssize_t result; /* Return value */
-
-
- result = gnutls_record_recv(http->tls, buf, len);
-
- if (result < 0 && !errno)
- {
- /*
- * Convert GNU TLS error to errno value...
- */
-
- switch (result)
- {
- case GNUTLS_E_INTERRUPTED :
- errno = EINTR;
- break;
-
- case GNUTLS_E_AGAIN :
- errno = EAGAIN;
- break;
-
- default :
- errno = EPIPE;
- break;
- }
-
- result = -1;
- }
-
- return ((int)result);
-
-# elif defined(HAVE_CDSASSL)
- int result; /* Return value */
- OSStatus error; /* Error info */
- size_t processed; /* Number of bytes processed */
-
-
- error = SSLRead(http->tls, buf, len, &processed);
- DEBUG_printf(("6http_read_ssl: error=%d, processed=%d", (int)error,
- (int)processed));
- switch (error)
- {
- case 0 :
- result = (int)processed;
- break;
-
- case errSSLWouldBlock :
- if (processed)
- result = (int)processed;
- else
- {
- result = -1;
- errno = EINTR;
- }
- break;
-
- case errSSLClosedGraceful :
- default :
- if (processed)
- result = (int)processed;
- else
- {
- result = -1;
- errno = EPIPE;
- }
- break;
- }
-
- return (result);
-
-# elif defined(HAVE_SSPISSL)
- return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
-# endif /* HAVE_LIBSSL */
-}
-#endif /* HAVE_SSL */
-
-
/*
* 'http_send()' - Send a request with all fields and the trailing blank line.
*/
};
- DEBUG_printf(("4http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
- http, codes[request], uri));
+ DEBUG_printf(("4http_send(http=%p, request=HTTP_%s, uri=\"%s\")", (void *)http, codes[request], uri));
if (http == NULL || uri == NULL)
return (-1);
* Set the User-Agent field if it isn't already...
*/
- if (!http->fields[HTTP_FIELD_USER_AGENT][0])
+ if (!http->fields[HTTP_FIELD_USER_AGENT])
{
- if (http->default_user_agent)
- httpSetField(http, HTTP_FIELD_USER_AGENT, http->default_user_agent);
+ if (http->default_fields[HTTP_FIELD_USER_AGENT])
+ httpSetField(http, HTTP_FIELD_USER_AGENT, http->default_fields[HTTP_FIELD_USER_AGENT]);
else
httpSetField(http, HTTP_FIELD_USER_AGENT, cupsUserAgent());
}
* Set the Accept-Encoding field if it isn't already...
*/
- if (!http->accept_encoding && http->default_accept_encoding)
- httpSetField(http, HTTP_FIELD_ACCEPT_ENCODING,
- http->default_accept_encoding);
+ if (!http->fields[HTTP_FIELD_ACCEPT_ENCODING] && http->default_fields[HTTP_FIELD_ACCEPT_ENCODING])
+ httpSetField(http, HTTP_FIELD_ACCEPT_ENCODING, http->default_fields[HTTP_FIELD_ACCEPT_ENCODING]);
/*
* Encode the URI as needed...
* The Kerberos and AuthRef authentication strings can only be used once...
*/
- if (http->field_authorization && http->authstring &&
+ if (http->fields[HTTP_FIELD_AUTHORIZATION] && http->authstring &&
(!strncmp(http->authstring, "Negotiate", 9) ||
!strncmp(http->authstring, "AuthRef", 7)))
{
}
-#ifdef HAVE_SSL
-# if defined(HAVE_CDSASSL)
-/*
- * 'http_set_credentials()' - Set the SSL/TLS credentials.
- */
-
-static int /* O - Status of connection */
-http_set_credentials(http_t *http) /* I - HTTP connection */
-{
- _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
- OSStatus error = 0; /* Error code */
- http_tls_credentials_t credentials = NULL;
- /* TLS credentials */
-
-
- DEBUG_printf(("7http_set_credentials(%p)", http));
-
- /*
- * Prefer connection specific credentials...
- */
-
- if ((credentials = http->tls_credentials) == NULL)
- credentials = cg->tls_credentials;
-
- if (credentials)
- {
- error = SSLSetCertificate(http->tls, credentials);
- DEBUG_printf(("4http_set_credentials: SSLSetCertificate, error=%d",
- (int)error));
- }
- else
- DEBUG_puts("4http_set_credentials: No credentials to set.");
-
- return (error);
-}
-# endif /* HAVE_CDSASSL */
-#endif /* HAVE_SSL */
-
-
/*
* 'http_set_length()' - Set the data_encoding and data_remaining values.
*/
off_t remaining; /* Remainder */
- DEBUG_printf(("http_set_length(http=%p) mode=%d state=%s", http, http->mode,
- httpStateString(http->state)));
+ DEBUG_printf(("http_set_length(http=%p) mode=%d state=%s", (void *)http, http->mode, httpStateString(http->state)));
if ((remaining = httpGetLength2(http)) >= 0)
{
return (remaining);
}
- if (!_cups_strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING],
- "chunked"))
+ if (!_cups_strcasecmp(httpGetField(http, HTTP_FIELD_TRANSFER_ENCODING), "chunked"))
{
DEBUG_puts("1http_set_length: Setting data_encoding to "
"HTTP_ENCODING_CHUNKED.");
http->data_remaining = remaining;
if (remaining <= INT_MAX)
- http->_data_remaining = remaining;
+ http->_data_remaining = (int)remaining;
else
http->_data_remaining = INT_MAX;
}
http_set_timeout(int fd, /* I - File descriptor */
double timeout) /* I - Timeout in seconds */
{
-#ifdef WIN32
+#ifdef _WIN32
DWORD tv = (DWORD)(timeout * 1000);
/* Timeout in milliseconds */
setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CUPS_SOCAST &tv, sizeof(tv));
setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, CUPS_SOCAST &tv, sizeof(tv));
-#endif /* WIN32 */
+#endif /* _WIN32 */
}
#ifdef HAVE_SSL
/*
- * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
- */
-
-static int /* O - 0 on success, -1 on failure */
-http_setup_ssl(http_t *http) /* I - HTTP connection */
-{
- char hostname[256], /* Hostname */
- *hostptr; /* Pointer into hostname */
-
-# ifdef HAVE_LIBSSL
- SSL_CTX *context; /* Context for encryption */
- BIO *bio; /* BIO data */
- const char *message = NULL;/* Error message */
-# elif defined(HAVE_GNUTLS)
- int status; /* Status of handshake */
- gnutls_certificate_client_credentials *credentials;
- /* TLS credentials */
-# elif defined(HAVE_CDSASSL)
- _cups_globals_t *cg = _cupsGlobals();
- /* Pointer to library globals */
- OSStatus error; /* Error code */
- const char *message = NULL;/* Error message */
- cups_array_t *credentials; /* Credentials array */
- cups_array_t *names; /* CUPS distinguished names */
- CFArrayRef dn_array; /* CF distinguished names array */
- CFIndex count; /* Number of credentials */
- CFDataRef data; /* Certificate data */
- int i; /* Looping var */
- http_credential_t *credential; /* Credential data */
-# elif defined(HAVE_SSPISSL)
- TCHAR username[256]; /* Username returned from GetUserName() */
- TCHAR commonName[256];/* Common name for certificate */
- DWORD dwSize; /* 32 bit size */
-# endif /* HAVE_LIBSSL */
-
-
- DEBUG_printf(("7http_setup_ssl(http=%p)", http));
-
- /*
- * Get the hostname to use for SSL...
- */
-
- if (httpAddrLocalhost(http->hostaddr))
- {
- strlcpy(hostname, "localhost", sizeof(hostname));
- }
- else
- {
- /*
- * Otherwise make sure the hostname we have does not end in a trailing dot.
- */
-
- strlcpy(hostname, http->hostname, sizeof(hostname));
- if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
- *hostptr == '.')
- *hostptr = '\0';
- }
-
-# ifdef HAVE_LIBSSL
- context = SSL_CTX_new(SSLv23_client_method());
-
- SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
-
- bio = BIO_new(_httpBIOMethods());
- BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
-
- http->tls = SSL_new(context);
- SSL_set_bio(http->tls, bio, bio);
-
-# ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
- SSL_set_tlsext_host_name(http->tls, hostname);
-# endif /* HAVE_SSL_SET_TLSEXT_HOST_NAME */
-
- if (SSL_connect(http->tls) != 1)
- {
- unsigned long error; /* Error code */
-
- while ((error = ERR_get_error()) != 0)
- {
- message = ERR_error_string(error, NULL);
- DEBUG_printf(("8http_setup_ssl: %s", message));
- }
-
- SSL_CTX_free(context);
- SSL_free(http->tls);
- http->tls = NULL;
-
-# ifdef WIN32
- http->error = WSAGetLastError();
-# else
- http->error = errno;
-# endif /* WIN32 */
- http->status = HTTP_STATUS_ERROR;
-
- if (!message)
- message = _("Unable to establish a secure connection to host.");
-
- _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, message, 1);
-
- return (-1);
- }
-
-# elif defined(HAVE_GNUTLS)
- credentials = (gnutls_certificate_client_credentials *)
- malloc(sizeof(gnutls_certificate_client_credentials));
- if (credentials == NULL)
- {
- DEBUG_printf(("8http_setup_ssl: Unable to allocate credentials: %s",
- strerror(errno)));
- http->error = errno;
- http->status = HTTP_STATUS_ERROR;
- _cupsSetHTTPError(HTTP_STATUS_ERROR);
-
- return (-1);
- }
-
- gnutls_certificate_allocate_credentials(credentials);
-
- gnutls_init(&http->tls, GNUTLS_CLIENT);
- gnutls_set_default_priority(http->tls);
- gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, hostname,
- strlen(hostname));
- gnutls_credentials_set(http->tls, GNUTLS_CRD_CERTIFICATE, *credentials);
- gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr)http);
- gnutls_transport_set_pull_function(http->tls, _httpReadGNUTLS);
- gnutls_transport_set_push_function(http->tls, _httpWriteGNUTLS);
-
- while ((status = gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
- {
- DEBUG_printf(("8http_setup_ssl: gnutls_handshake returned %d (%s)",
- status, gnutls_strerror(status)));
-
- if (gnutls_error_is_fatal(status))
- {
- http->error = EIO;
- http->status = HTTP_STATUS_ERROR;
-
- _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, gnutls_strerror(status), 0);
-
- gnutls_deinit(http->tls);
- gnutls_certificate_free_credentials(*credentials);
- free(credentials);
- http->tls = NULL;
-
- return (-1);
- }
- }
-
- http->tls_credentials = credentials;
-
-# elif defined(HAVE_CDSASSL)
- if ((http->tls = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide,
- kSSLStreamType)) == NULL)
- {
- DEBUG_puts("4http_setup_ssl: SSLCreateContext failed.");
- http->error = errno = ENOMEM;
- http->status = HTTP_STATUS_ERROR;
- _cupsSetHTTPError(HTTP_STATUS_ERROR);
-
- return (-1);
- }
-
- error = SSLSetConnection(http->tls, http);
- DEBUG_printf(("4http_setup_ssl: SSLSetConnection, error=%d", (int)error));
-
- if (!error)
- {
- error = SSLSetIOFuncs(http->tls, _httpReadCDSA, _httpWriteCDSA);
- DEBUG_printf(("4http_setup_ssl: SSLSetIOFuncs, error=%d", (int)error));
- }
-
- if (!error)
- {
- error = SSLSetSessionOption(http->tls, kSSLSessionOptionBreakOnServerAuth,
- true);
- DEBUG_printf(("4http_setup_ssl: SSLSetSessionOption, error=%d",
- (int)error));
- }
-
- if (!error)
- {
- if (cg->client_cert_cb)
- {
- error = SSLSetSessionOption(http->tls,
- kSSLSessionOptionBreakOnCertRequested, true);
- DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnCertRequested, "
- "error=%d", (int)error));
- }
- else
- {
- error = http_set_credentials(http);
- DEBUG_printf(("4http_setup_ssl: http_set_credentials, error=%d",
- (int)error));
- }
- }
-
- /*
- * Let the server know which hostname/domain we are trying to connect to
- * in case it wants to serve up a certificate with a matching common name.
- */
-
- if (!error)
- {
- error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
-
- DEBUG_printf(("4http_setup_ssl: SSLSetPeerDomainName, error=%d",
- (int)error));
- }
-
- if (!error)
- {
- int done = 0; /* Are we done yet? */
-
- while (!error && !done)
- {
- error = SSLHandshake(http->tls);
-
- DEBUG_printf(("4http_setup_ssl: SSLHandshake returned %d.", (int)error));
-
- switch (error)
- {
- case noErr :
- done = 1;
- break;
-
- case errSSLWouldBlock :
- error = noErr; /* Force a retry */
- usleep(1000); /* in 1 millisecond */
- break;
-
- case errSSLServerAuthCompleted :
- error = 0;
- if (cg->server_cert_cb)
- {
- error = httpCopyCredentials(http, &credentials);
- if (!error)
- {
- error = (cg->server_cert_cb)(http, http->tls, credentials,
- cg->server_cert_data);
- httpFreeCredentials(credentials);
- }
-
- DEBUG_printf(("4http_setup_ssl: Server certificate callback "
- "returned %d.", (int)error));
- }
- break;
-
- case errSSLClientCertRequested :
- error = 0;
-
- if (cg->client_cert_cb)
- {
- names = NULL;
- if (!(error = SSLCopyDistinguishedNames(http->tls, &dn_array)) &&
- dn_array)
- {
- if ((names = cupsArrayNew(NULL, NULL)) != NULL)
- {
- for (i = 0, count = CFArrayGetCount(dn_array); i < count; i++)
- {
- data = (CFDataRef)CFArrayGetValueAtIndex(dn_array, i);
-
- if ((credential = malloc(sizeof(*credential))) != NULL)
- {
- credential->datalen = CFDataGetLength(data);
- if ((credential->data = malloc(credential->datalen)))
- {
- memcpy((void *)credential->data, CFDataGetBytePtr(data),
- credential->datalen);
- cupsArrayAdd(names, credential);
- }
- else
- free(credential);
- }
- }
- }
-
- CFRelease(dn_array);
- }
-
- if (!error)
- {
- error = (cg->client_cert_cb)(http, http->tls, names,
- cg->client_cert_data);
-
- DEBUG_printf(("4http_setup_ssl: Client certificate callback "
- "returned %d.", (int)error));
- }
-
- httpFreeCredentials(names);
- }
- break;
-
- case errSSLUnknownRootCert :
- message = _("Unable to establish a secure connection to host "
- "(untrusted certificate).");
- break;
-
- case errSSLNoRootCert :
- message = _("Unable to establish a secure connection to host "
- "(self-signed certificate).");
- break;
-
- case errSSLCertExpired :
- message = _("Unable to establish a secure connection to host "
- "(expired certificate).");
- break;
-
- case errSSLCertNotYetValid :
- message = _("Unable to establish a secure connection to host "
- "(certificate not yet valid).");
- break;
-
- case errSSLHostNameMismatch :
- message = _("Unable to establish a secure connection to host "
- "(host name mismatch).");
- break;
-
- case errSSLXCertChainInvalid :
- message = _("Unable to establish a secure connection to host "
- "(certificate chain invalid).");
- break;
-
- case errSSLConnectionRefused :
- message = _("Unable to establish a secure connection to host "
- "(peer dropped connection before responding).");
- break;
-
- default :
- break;
- }
- }
- }
-
- if (error)
- {
- http->error = error;
- http->status = HTTP_STATUS_ERROR;
- errno = ECONNREFUSED;
-
- CFRelease(http->tls);
- http->tls = NULL;
-
- /*
- * If an error string wasn't set by the callbacks use a generic one...
- */
-
- if (!message)
-#ifdef HAVE_CSSMERRORSTRING
- message = cssmErrorString(error);
-#else
- message = _("Unable to establish a secure connection to host.");
-#endif /* HAVE_CSSMERRORSTRING */
-
- _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, message, 1);
-
- return (-1);
- }
-
-# elif defined(HAVE_SSPISSL)
- http->tls = _sspiAlloc();
-
- if (!http->tls)
- {
- _cupsSetHTTPError(HTTP_STATUS_ERROR);
- return (-1);
- }
-
- http->tls->sock = http->fd;
- dwSize = sizeof(username) / sizeof(TCHAR);
- GetUserName(username, &dwSize);
- _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
- sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
-
- if (!_sspiGetCredentials(http->tls_credentials, L"ClientContainer",
- commonName, FALSE))
- {
- _sspiFree(http->tls_credentials);
- http->tls_credentials = NULL;
-
- http->error = EIO;
- http->status = HTTP_STATUS_ERROR;
-
- _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI,
- _("Unable to establish a secure connection to host."), 1);
-
- return (-1);
- }
-
- _sspiSetAllowsAnyRoot(http->tls_credentials, TRUE);
- _sspiSetAllowsExpiredCerts(http->tls_credentials, TRUE);
-
- if (!_sspiConnect(http->tls_credentials, hostname))
- {
- _sspiFree(http->tls_credentials);
- http->tls_credentials = NULL;
-
- http->error = EIO;
- http->status = HTTP_STATUS_ERROR;
-
- _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI,
- _("Unable to establish a secure connection to host."), 1);
-
- return (-1);
- }
-# endif /* HAVE_CDSASSL */
-
- return (0);
-}
-
-
-/*
- * 'http_shutdown_ssl()' - Shut down SSL/TLS on a connection.
- */
-
-static void
-http_shutdown_ssl(http_t *http) /* I - HTTP connection */
-{
-# ifdef HAVE_LIBSSL
- SSL_CTX *context; /* Context for encryption */
-
- context = SSL_get_SSL_CTX(http->tls);
-
- SSL_shutdown(http->tls);
- SSL_CTX_free(context);
- SSL_free(http->tls);
-
-# elif defined(HAVE_GNUTLS)
- gnutls_certificate_client_credentials *credentials;
- /* TLS credentials */
-
- credentials = (gnutls_certificate_client_credentials *)(http->tls_credentials);
-
- gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
- gnutls_deinit(http->tls);
- gnutls_certificate_free_credentials(*credentials);
- free(credentials);
-
-# elif defined(HAVE_CDSASSL)
- while (SSLClose(http->tls) == errSSLWouldBlock)
- usleep(1000);
-
- CFRelease(http->tls);
-
- if (http->tls_credentials)
- CFRelease(http->tls_credentials);
-
-# elif defined(HAVE_SSPISSL)
- _sspiFree(http->tls_credentials);
-# endif /* HAVE_LIBSSL */
-
- http->tls = NULL;
- http->tls_credentials = NULL;
-}
-#endif /* HAVE_SSL */
-
-
-#ifdef HAVE_SSL
-/*
- * 'http_upgrade()' - Force upgrade to TLS encryption.
+ * 'http_tls_upgrade()' - Force upgrade to TLS encryption.
*/
static int /* O - Status of connection */
-http_upgrade(http_t *http) /* I - HTTP connection */
+http_tls_upgrade(http_t *http) /* I - HTTP connection */
{
int ret; /* Return value */
http_t myhttp; /* Local copy of HTTP data */
- DEBUG_printf(("7http_upgrade(%p)", http));
+ DEBUG_printf(("7http_tls_upgrade(%p)", (void *)http));
/*
* Flush the connection to make sure any previous "Upgrade" message
* encryption on the link...
*/
- http->tls_upgrade = 1;
- http->field_authorization = NULL; /* Don't free the auth string */
+ http->tls_upgrade = 1;
+ memset(http->fields, 0, sizeof(http->fields));
+ http->expect = (http_status_t)0;
+
+ if (http->hostname[0] == '/')
+ httpSetField(http, HTTP_FIELD_HOST, "localhost");
+ else
+ httpSetField(http, HTTP_FIELD_HOST, http->hostname);
- httpClearFields(http);
httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2,TLS/1.1,TLS/1.0");
* Restore the HTTP request data...
*/
+ memcpy(http->_fields, myhttp._fields, sizeof(http->_fields));
memcpy(http->fields, myhttp.fields, sizeof(http->fields));
- http->data_encoding = myhttp.data_encoding;
- http->data_remaining = myhttp.data_remaining;
- http->_data_remaining = myhttp._data_remaining;
- http->expect = myhttp.expect;
- http->field_authorization = myhttp.field_authorization;
- http->digest_tries = myhttp.digest_tries;
- http->tls_upgrade = 0;
+
+ http->data_encoding = myhttp.data_encoding;
+ http->data_remaining = myhttp.data_remaining;
+ http->_data_remaining = myhttp._data_remaining;
+ http->expect = myhttp.expect;
+ http->digest_tries = myhttp.digest_tries;
+ http->tls_upgrade = 0;
/*
* See if we actually went secure...
* Server does not support HTTP upgrade...
*/
- DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
+ DEBUG_puts("8http_tls_upgrade: Server does not support HTTP upgrade!");
-# ifdef WIN32
- closesocket(http->fd);
-# else
- close(http->fd);
-# endif
+ _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, _("Encryption is not supported."), 1);
+ httpAddrClose(NULL, http->fd);
http->fd = -1;
bytes; /* Bytes sent */
- DEBUG_printf(("2http_write(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
- buffer, CUPS_LLCAST length));
+ DEBUG_printf(("2http_write(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
http->error = 0;
tbytes = 0;
{
DEBUG_printf(("3http_write: About to write %d bytes.", (int)length));
- if (http->timeout_cb)
+ if (http->timeout_value > 0.0)
{
#ifdef HAVE_POLL
struct pollfd pfd; /* Polled file descriptor */
nfds = select(http->fd + 1, NULL, &output_set, NULL, &timeout);
}
-# ifdef WIN32
+# ifdef _WIN32
while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
WSAGetLastError() == WSAEWOULDBLOCK));
# else
while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
-# endif /* WIN32 */
+# endif /* _WIN32 */
#endif /* HAVE_POLL */
if (nfds < 0)
http->error = errno;
return (-1);
}
- else if (nfds == 0 && !(*http->timeout_cb)(http, http->timeout_data))
+ else if (nfds == 0 && (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data)))
{
-#ifdef WIN32
+#ifdef _WIN32
http->error = WSAEWOULDBLOCK;
#else
http->error = EWOULDBLOCK;
-#endif /* WIN32 */
+#endif /* _WIN32 */
return (-1);
}
}
#ifdef HAVE_SSL
if (http->tls)
- bytes = http_write_ssl(http, buffer, length);
+ bytes = _httpTLSWrite(http, buffer, (int)length);
else
#endif /* HAVE_SSL */
bytes = send(http->fd, buffer, length, 0);
if (bytes < 0)
{
-#ifdef WIN32
+#ifdef _WIN32
if (WSAGetLastError() == WSAEINTR)
continue;
else if (WSAGetLastError() == WSAEWOULDBLOCK)
http->error = errno;
continue;
}
-#endif /* WIN32 */
+#endif /* _WIN32 */
DEBUG_printf(("3http_write: error writing data (%s).",
strerror(http->error)));
buffer += bytes;
tbytes += bytes;
- length -= bytes;
+ length -= (size_t)bytes;
}
#ifdef DEBUG
- http_debug_hex("http_write", buffer - tbytes, tbytes);
+ http_debug_hex("http_write", buffer - tbytes, (int)tbytes);
#endif /* DEBUG */
DEBUG_printf(("3http_write: Returning " CUPS_LLFMT ".", CUPS_LLCAST tbytes));
ssize_t bytes; /* Bytes written */
- DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
- http, buffer, CUPS_LLCAST length));
+ DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
/*
* Write the chunk header, data, and trailer.
return (bytes);
}
-
-
-#ifdef HAVE_SSL
-/*
- * 'http_write_ssl()' - Write to a SSL/TLS connection.
- */
-
-static int /* O - Bytes written */
-http_write_ssl(http_t *http, /* I - HTTP connection */
- const char *buf, /* I - Buffer holding data */
- int len) /* I - Length of buffer */
-{
- ssize_t result; /* Return value */
-
-
- DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
-
-# if defined(HAVE_LIBSSL)
- result = SSL_write((SSL *)(http->tls), buf, len);
-
-# elif defined(HAVE_GNUTLS)
- result = gnutls_record_send(http->tls, buf, len);
-
- if (result < 0 && !errno)
- {
- /*
- * Convert GNU TLS error to errno value...
- */
-
- switch (result)
- {
- case GNUTLS_E_INTERRUPTED :
- errno = EINTR;
- break;
-
- case GNUTLS_E_AGAIN :
- errno = EAGAIN;
- break;
-
- default :
- errno = EPIPE;
- break;
- }
-
- result = -1;
- }
-
-# elif defined(HAVE_CDSASSL)
- OSStatus error; /* Error info */
- size_t processed; /* Number of bytes processed */
-
-
- error = SSLWrite(http->tls, buf, len, &processed);
-
- switch (error)
- {
- case 0 :
- result = (int)processed;
- break;
-
- case errSSLWouldBlock :
- if (processed)
- result = (int)processed;
- else
- {
- result = -1;
- errno = EINTR;
- }
- break;
-
- case errSSLClosedGraceful :
- default :
- if (processed)
- result = (int)processed;
- else
- {
- result = -1;
- errno = EPIPE;
- }
- break;
- }
-# elif defined(HAVE_SSPISSL)
- return _sspiWrite((_sspi_struct_t *)http->tls, (void *)buf, len);
-# endif /* HAVE_LIBSSL */
-
- DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
-
- return ((int)result);
-}
-#endif /* HAVE_SSL */
-
-
-/*
- * End of "$Id$".
- */