]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/http.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge changes from CUPS 1.5svn-r9323.
[thirdparty/cups.git] / cups / http.c
CommitLineData
ef416fc2 1/*
b19ccc9e 2 * "$Id: http.c 7850 2008-08-20 00:07:25Z mike $"
ef416fc2 3 *
71e16022 4 * HTTP routines for CUPS.
ef416fc2 5 *
71e16022 6 * Copyright 2007-2010 by Apple Inc.
b86bc4cf 7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 8 *
f7deaa1a 9 * This file contains Kerberos support code, copyright 2006 by
10 * Jelmer Vernooij.
11 *
ef416fc2 12 * These coded instructions, statements, and computer programs are the
bc44d920 13 * property of Apple Inc. and are protected by Federal copyright
14 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
15 * which should have been included with this file. If this file is
16 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 17 *
18 * This file is subject to the Apple OS-Developed Software exception.
19 *
20 * Contents:
21 *
7cf5915e
MS		 22 * httpAddCredential() - Allocates and adds a single credential to an
23 * array.
24 * _httpBIOMethods() - Get the OpenSSL BIO methods for HTTP
25 * connections.
26 * httpBlocking() - Set blocking/non-blocking behavior on a
27 * connection.
28 * httpCheck() - Check to see if there is a pending response
29 * from the server.
30 * httpClearCookie() - Clear the cookie value(s).
31 * httpClearFields() - Clear HTTP request fields.
32 * httpClose() - Close an HTTP connection.
33 * httpConnect() - Connect to a HTTP server.
34 * httpConnectEncrypt() - Connect to a HTTP server using encryption.
35 * httpCopyCredentials() - Copy the credentials associated with an
36 * encrypted connection.
37 * _httpConvertCredentials() - Convert credentials to the internal format.
38 * _httpCreate() - Create an unconnected HTTP connection.
39 * httpDelete() - Send a DELETE request to the server.
40 * _httpDisconnect() - Disconnect a HTTP connection.
41 * httpEncryption() - Set the required encryption on the link.
42 * httpError() - Get the last error on a connection.
43 * httpFlush() - Flush data from a HTTP connection.
44 * httpFlushWrite() - Flush data in write buffer.
45 * _httpFreeCredentials() - Free internal credentials.
46 * httpFreeCredentials() - Free an array of credentials.
47 * httpGet() - Send a GET request to the server.
48 * httpGetAuthString() - Get the current authorization string.
49 * httpGetBlocking() - Get the blocking/non-block state of a
50 * connection.
51 * httpGetCookie() - Get any cookie data from the response.
52 * httpGetFd() - Get the file descriptor associated with a
53 * connection.
54 * httpGetField() - Get a field value from a request/response.
55 * httpGetLength() - Get the amount of data remaining from the
56 * content-length or transfer-encoding fields.
57 * httpGetLength2() - Get the amount of data remaining from the
58 * content-length or transfer-encoding fields.
59 * httpGetStatus() - Get the status of the last HTTP request.
60 * httpGetSubField() - Get a sub-field value.
61 * httpGetSubField2() - Get a sub-field value.
62 * httpGets() - Get a line of text from a HTTP connection.
63 * httpHead() - Send a HEAD request to the server.
64 * httpInitialize() - Initialize the HTTP interface library and set
65 * the default HTTP proxy (if any).
66 * httpOptions() - Send an OPTIONS request to the server.
67 * _httpPeek() - Peek at data from a HTTP connection.
68 * httpPost() - Send a POST request to the server.
69 * httpPrintf() - Print a formatted string to a HTTP connection.
70 * httpPut() - Send a PUT request to the server.
71 * httpRead() - Read data from a HTTP connection.
72 * httpRead2() - Read data from a HTTP connection.
73 * _httpReadCDSA() - Read function for the CDSA library.
74 * _httpReadGNUTLS() - Read function for the GNU TLS library.
75 * httpReconnect() - Reconnect to a HTTP server.
76 * httpSetAuthString() - Set the current authorization string.
77 * httpSetCredentials() - Set the credentials associated with an
78 * encrypted connection.
79 * httpSetCookie() - Set the cookie value(s).
80 * httpSetExpect() - Set the Expect: header in a request.
81 * httpSetField() - Set the value of an HTTP header.
82 * httpSetLength() - Set the content-length and content-encoding.
83 * httpTrace() - Send an TRACE request to the server.
84 * httpUpdate() - Update the current HTTP state for incoming
85 * data.
86 * _httpWait() - Wait for data available on a connection (no
87 * flush).
88 * httpWait() - Wait for data available on a connection.
89 * httpWrite() - Write data to a HTTP connection.
90 * httpWrite2() - Write data to a HTTP connection.
91 * _httpWriteCDSA() - Write function for the CDSA library.
92 * _httpWriteGNUTLS() - Write function for the GNU TLS library.
93 * http_bio_ctrl() - Control the HTTP connection.
94 * http_bio_free() - Free OpenSSL data.
95 * http_bio_new() - Initialize an OpenSSL BIO structure.
96 * http_bio_puts() - Send a string for OpenSSL.
97 * http_bio_read() - Read data for OpenSSL.
98 * http_bio_write() - Write data for OpenSSL.
99 * http_debug_hex() - Do a hex dump of a buffer.
100 * http_field() - Return the field index for a field name.
101 * http_read_ssl() - Read from a SSL/TLS connection.
102 * http_locking_cb() - Lock/unlock a thread's mutex.
103 * http_send() - Send a request with all fields and the trailing
104 * blank line.
105 * http_set_credentials() - Set the SSL/TLS credentials.
106 * http_setup_ssl() - Set up SSL/TLS support on a connection.
107 * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
108 * http_threadid_cb() - Return the current thread ID.
109 * http_upgrade() - Force upgrade to TLS encryption.
110 * http_write() - Write a buffer to a HTTP connection.
111 * http_write_chunk() - Write a chunked buffer.
112 * http_write_ssl() - Write to a SSL/TLS connection.
ef416fc2 113 */
114
115/*
116 * Include necessary headers...
117 */
118
71e16022 119#include "cups-private.h"
ef416fc2 120#include <fcntl.h>
cc754834
MS		 121#ifdef WIN32
122# include <tchar.h>
123#else
ef416fc2 124# include <signal.h>
125# include <sys/time.h>
126# include <sys/resource.h>
cc754834 127#endif /* WIN32 */
f7deaa1a 128#ifdef HAVE_POLL
129# include <sys/poll.h>
130#endif /* HAVE_POLL */
ef416fc2 131
132
133/*
134 * Some operating systems have done away with the Fxxxx constants for
135 * the fcntl() call; this works around that "feature"...
136 */
137
138#ifndef FNONBLK
139# define FNONBLK O_NONBLOCK
140#endif /* !FNONBLK */
141
142
143/*
144 * Local functions...
145 */
146
ae71f5de
MS		 147#ifdef DEBUG
148static void http_debug_hex(const char *prefix, const char *buffer,
149 int bytes);
150#endif /* DEBUG */
ef416fc2 151static http_field_t http_field(const char *name);
152static int http_send(http_t *http, http_state_t request,
153 const char *uri);
ef416fc2 154static int http_write(http_t *http, const char *buffer,
155 int length);
156static int http_write_chunk(http_t *http, const char *buffer,
157 int length);
158#ifdef HAVE_SSL
159static int http_read_ssl(http_t *http, char *buf, int len);
7cf5915e 160static int http_set_credentials(http_t *http);
ef416fc2 161static int http_setup_ssl(http_t *http);
162static void http_shutdown_ssl(http_t *http);
163static int http_upgrade(http_t *http);
164static int http_write_ssl(http_t *http, const char *buf, int len);
6d2f911b
MS		 165
166# ifdef HAVE_GNUTLS
167# ifdef HAVE_PTHREAD_H
168GCRY_THREAD_OPTION_PTHREAD_IMPL;
169# endif /* HAVE_PTHREAD_H */
170
171# elif defined(HAVE_LIBSSL)
172static _cups_mutex_t *http_locks; /* OpenSSL lock mutexes */
173
174static void http_locking_cb(int mode, int type, const char *file,
175 int line);
176static unsigned long http_threadid_cb(void);
177# endif /* HAVE_GNUTLS */
ef416fc2 178#endif /* HAVE_SSL */
179
180
181/*
182 * Local globals...
183 */
184
185static const char * const http_fields[] =
186 {
187 "Accept-Language",
188 "Accept-Ranges",
189 "Authorization",
190 "Connection",
191 "Content-Encoding",
192 "Content-Language",
193 "Content-Length",
194 "Content-Location",
195 "Content-MD5",
196 "Content-Range",
197 "Content-Type",
198 "Content-Version",
199 "Date",
200 "Host",
201 "If-Modified-Since",
202 "If-Unmodified-since",
203 "Keep-Alive",
204 "Last-Modified",
205 "Link",
206 "Location",
207 "Range",
208 "Referer",
209 "Retry-After",
210 "Transfer-Encoding",
211 "Upgrade",
212 "User-Agent",
213 "WWW-Authenticate"
214 };
f11a948a
MS		 215#ifdef DEBUG
216static const char * const http_states[] =
217 {
218 "HTTP_WAITING",
219 "HTTP_OPTIONS",
220 "HTTP_GET",
221 "HTTP_GET_SEND",
222 "HTTP_HEAD",
223 "HTTP_POST",
224 "HTTP_POST_RECV",
225 "HTTP_POST_SEND",
226 "HTTP_PUT",
227 "HTTP_PUT_RECV",
228 "HTTP_DELETE",
229 "HTTP_TRACE",
230 "HTTP_CLOSE",
231 "HTTP_STATUS"
232 };
233#endif /* DEBUG */
ef416fc2 234
235
411affcf 236#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
237/*
238 * BIO methods for OpenSSL...
239 */
240
241static int http_bio_write(BIO *h, const char *buf, int num);
242static int http_bio_read(BIO *h, char *buf, int size);
243static int http_bio_puts(BIO *h, const char *str);
244static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
245static int http_bio_new(BIO *h);
246static int http_bio_free(BIO *data);
247
248static BIO_METHOD http_bio_methods =
249 {
250 BIO_TYPE_SOCKET,
251 "http",
252 http_bio_write,
253 http_bio_read,
254 http_bio_puts,
255 NULL, /* http_bio_gets, */
256 http_bio_ctrl,
257 http_bio_new,
258 http_bio_free,
259 NULL,
260 };
7cf5915e 261#endif /* HAVE_SSL && HAVE_LIBSSL */
411affcf 262
263
7cf5915e
MS		 264/*
265 * 'httpAddCredential()' - Allocates and adds a single credential to an array.
266 *
267 * Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array.
268 *
269 * @since CUPS 1.5@
270 */
271
272int /* O - 0 on success, -1 on error */
273httpAddCredential(
274 cups_array_t *credentials, /* I - Credentials array */
275 const void *data, /* I - PEM-encoded X.509 data */
276 size_t datalen) /* I - Length of data */
277{
278 http_credential_t *credential; /* Credential data */
279
280
281 if ((credential = malloc(sizeof(http_credential_t))) != NULL)
282 {
283 credential->datalen = datalen;
284
285 if ((credential->data = malloc(datalen)) != NULL)
286 {
287 memcpy(credential->data, data, datalen);
288 cupsArrayAdd(credentials, credential);
289 return (0);
290 }
291
292 free(credential);
293 }
294
295 return (-1);
296}
297
298
299#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
411affcf 300/*
301 * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
302 */
303
304BIO_METHOD * /* O - BIO methods for OpenSSL */
305_httpBIOMethods(void)
306{
307 return (&http_bio_methods);
308}
309#endif /* HAVE_SSL && HAVE_LIBSSL */
310
311
ecdc0628 312/*
313 * 'httpBlocking()' - Set blocking/non-blocking behavior on a connection.
314 */
315
316void
568fa3fa 317httpBlocking(http_t *http, /* I - Connection to server */
ecdc0628 318 int b) /* I - 1 = blocking, 0 = non-blocking */
319{
320 if (http)
321 http->blocking = b;
322}
323
324
ef416fc2 325/*
326 * 'httpCheck()' - Check to see if there is a pending response from the server.
327 */
328
ecdc0628 329int /* O - 0 = no data, 1 = data available */
568fa3fa 330httpCheck(http_t *http) /* I - Connection to server */
ef416fc2 331{
332 return (httpWait(http, 0));
333}
334
335
336/*
337 * 'httpClearCookie()' - Clear the cookie value(s).
338 *
426c6a59 339 * @since CUPS 1.1.19/Mac OS X 10.3@
ef416fc2 340 */
341
342void
568fa3fa 343httpClearCookie(http_t *http) /* I - Connection to server */
ef416fc2 344{
345 if (!http)
346 return;
347
348 if (http->cookie)
349 {
350 free(http->cookie);
351 http->cookie = NULL;
352 }
353}
354
355
ecdc0628 356/*
357 * 'httpClearFields()' - Clear HTTP request fields.
358 */
359
360void
568fa3fa 361httpClearFields(http_t *http) /* I - Connection to server */
ecdc0628 362{
363 if (http)
364 {
365 memset(http->fields, 0, sizeof(http->fields));
07725fee 366 if (http->hostname[0] == '/')
367 httpSetField(http, HTTP_FIELD_HOST, "localhost");
368 else
369 httpSetField(http, HTTP_FIELD_HOST, http->hostname);
b423cd4c 370
f7deaa1a 371 if (http->field_authorization)
372 {
373 free(http->field_authorization);
374 http->field_authorization = NULL;
375 }
376
b423cd4c 377 http->expect = (http_status_t)0;
ecdc0628 378 }
379}
380
381
ef416fc2 382/*
6d2f911b 383 * 'httpClose()' - Close an HTTP connection.
ef416fc2 384 */
385
386void
568fa3fa 387httpClose(http_t *http) /* I - Connection to server */
ef416fc2 388{
f7deaa1a 389#ifdef HAVE_GSSAPI
1f0275e3 390 OM_uint32 minor_status; /* Minor status code */
f7deaa1a 391#endif /* HAVE_GSSAPI */
392
393
e07d4801 394 DEBUG_printf(("httpClose(http=%p)", http));
ef416fc2 395
6d2f911b
MS		 396 /*
397 * Range check input...
398 */
399
ef416fc2 400 if (!http)
401 return;
402
6d2f911b
MS		 403 /*
404 * Close any open connection...
405 */
406
407 _httpDisconnect(http);
408
409 /*
410 * Free memory used...
411 */
412
ef416fc2 413 httpAddrFreeList(http->addrlist);
414
ef416fc2 415 if (http->cookie)
416 free(http->cookie);
417
f7deaa1a 418#ifdef HAVE_GSSAPI
419 if (http->gssctx != GSS_C_NO_CONTEXT)
1f0275e3 420 gss_delete_sec_context(&minor_status, &http->gssctx, GSS_C_NO_BUFFER);
f7deaa1a 421
422 if (http->gssname != GSS_C_NO_NAME)
1f0275e3 423 gss_release_name(&minor_status, &http->gssname);
f7deaa1a 424#endif /* HAVE_GSSAPI */
425
b94498cf 426#ifdef HAVE_AUTHORIZATION_H
427 if (http->auth_ref)
428 AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults);
429#endif /* HAVE_AUTHORIZATION_H */
430
f7deaa1a 431 httpClearFields(http);
432
433 if (http->authstring && http->authstring != http->_authstring)
434 free(http->authstring);
435
ef416fc2 436 free(http);
437}
438
439
440/*
441 * 'httpConnect()' - Connect to a HTTP server.
1ff0402e
MS		 442 *
443 * This function is deprecated - use @link httpConnectEncrypt@ instead.
444 *
445 * @deprecated@
ef416fc2 446 */
447
448http_t * /* O - New HTTP connection */
449httpConnect(const char *host, /* I - Host to connect to */
450 int port) /* I - Port number */
451{
1ff0402e
MS		 452 return (httpConnectEncrypt(host, port, HTTP_ENCRYPT_IF_REQUESTED));
453}
454
455
456/*
457 * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
458 */
459
460http_t * /* O - New HTTP connection */
461httpConnectEncrypt(
462 const char *host, /* I - Host to connect to */
463 int port, /* I - Port number */
464 http_encryption_t encryption) /* I - Type of encryption to use */
465{
466 http_t *http; /* New HTTP connection */
ef416fc2 467
468
e07d4801 469 DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)",
1ff0402e
MS		 470 host, port, encryption));
471
ef416fc2 472 /*
1ff0402e 473 * Create the HTTP structure...
ef416fc2 474 */
475
1ff0402e
MS		 476 if ((http = _httpCreate(host, port, encryption)) == NULL)
477 return (NULL);
ef416fc2 478
1ff0402e
MS		 479 /*
480 * Connect to the remote system...
481 */
482
483 if (!httpReconnect(http))
484 return (http);
485
486 /*
487 * Could not connect to any known address - bail out!
488 */
489
490 httpAddrFreeList(http->addrlist);
491
492 free(http);
493
494 return (NULL);
ef416fc2 495}
496
497
7cf5915e
MS		 498/*
499 * 'httpCopyCredentials()' - Copy the credentials associated with an encrypted
500 * connection.
501 *
502 * @since CUPS 1.5@
503 */
504
505int /* O - Status of call (0 = success) */
506httpCopyCredentials(
507 http_t *http, /* I - Connection to server */
508 cups_array_t **credentials) /* O - Array of credentials */
509{
510# ifdef HAVE_LIBSSL
511# elif defined(HAVE_GNUTLS)
512# elif defined(HAVE_CDSASSL)
513 OSStatus error; /* Error code */
514 CFIndex count; /* Number of credentials */
515 CFArrayRef peerCerts; /* Peer certificates */
516 SecCertificateRef secCert; /* Certificate reference */
517 CFDataRef data; /* Certificate data */
518 int i; /* Looping var */
519# elif defined(HAVE_SSPISSL)
520# endif /* HAVE_LIBSSL */
521
522
523 if (credentials)
524 *credentials = NULL;
525
526 if (!http || !http->tls || !credentials)
527 return (-1);
528
529# ifdef HAVE_LIBSSL
530 return (-1);
531
532# elif defined(HAVE_GNUTLS)
533 return (-1);
534
535# elif defined(HAVE_CDSASSL)
536 if (!(error = SSLCopyPeerCertificates(http->tls, &peerCerts)) && peerCerts)
537 {
538 if ((*credentials = cupsArrayNew(NULL, NULL)) != NULL)
539 {
540 for (i = 0, count = CFArrayGetCount(peerCerts); i < count; i++)
541 {
542 secCert = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
543 if ((data = SecCertificateCopyData(secCert)))
544 {
545 httpAddCredential(*credentials, CFDataGetBytePtr(data),
546 CFDataGetLength(data));
547 CFRelease(data);
548 }
549 }
550 }
551
552 CFRelease(peerCerts);
553 }
554
555 return (error);
556
557# elif defined(HAVE_SSPISSL)
558 return (-1);
559# endif /* HAVE_LIBSSL */
560}
561
562
563/*
564 * '_httpConvertCredentials()' - Convert credentials to the internal format.
565 */
566
567http_tls_credentials_t /* O - Internal credentials */
568_httpConvertCredentials(
569 cups_array_t *credentials) /* I - Array of credentials */
570{
571 if (!credentials)
572 return (NULL);
573
574# ifdef HAVE_LIBSSL
575 return (NULL);
576
577# elif defined(HAVE_GNUTLS)
578 return (NULL);
579
580# elif defined(HAVE_CDSASSL)
581 CFMutableArrayRef peerCerts; /* Peer credentials reference */
582 SecCertificateRef secCert; /* Certificate reference */
583 CFDataRef data; /* Credential data reference */
584 http_credential_t *credential; /* Credential data */
585
586
587 if ((peerCerts = CFArrayCreateMutable(kCFAllocatorDefault,
588 cupsArrayCount(credentials),
589 &kCFTypeArrayCallBacks)) == NULL)
590 return (NULL);
591
592 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
593 credential;
594 credential = (http_credential_t *)cupsArrayNext(credentials))
595 {
596 if ((data = CFDataCreate(kCFAllocatorDefault, credential->data,
597 credential->datalen)))
598 {
599 if ((secCert = SecCertificateCreateWithData(kCFAllocatorDefault, data))
600 != NULL)
601 {
602 CFArrayAppendValue(peerCerts, secCert);
603 CFRelease(secCert);
604 }
605
606 CFRelease(data);
607 }
608 }
609
610 return (peerCerts);
611
612# elif defined(HAVE_SSPISSL)
613 return (NULL);
614
615# else
616 return (NULL);
617# endif /* HAVE_LIBSSL */
618}
619
620
ef416fc2 621/*
1ff0402e 622 * '_httpCreate()' - Create an unconnected HTTP connection.
ef416fc2 623 */
624
1ff0402e
MS		 625http_t * /* O - HTTP connection */
626_httpCreate(
627 const char *host, /* I - Hostname */
ef416fc2 628 int port, /* I - Port number */
1ff0402e 629 http_encryption_t encryption) /* I - Encryption to use */
ef416fc2 630{
631 http_t *http; /* New HTTP connection */
632 http_addrlist_t *addrlist; /* Host address data */
633 char service[255]; /* Service name */
634
635
e07d4801 636 DEBUG_printf(("4_httpCreate(host=\"%s\", port=%d, encryption=%d)",
1ff0402e 637 host, port, encryption));
ef416fc2 638
639 if (!host)
640 return (NULL);
641
642 httpInitialize();
643
644 /*
645 * Lookup the host...
646 */
647
648 sprintf(service, "%d", port);
649
650 if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL)
651 return (NULL);
652
653 /*
654 * Allocate memory for the structure...
655 */
656
91c84a35
MS		 657 if ((http = calloc(sizeof(http_t), 1)) == NULL)
658 {
659 httpAddrFreeList(addrlist);
ef416fc2 660 return (NULL);
91c84a35 661 }
ef416fc2 662
1ff0402e
MS		 663 /*
664 * Initialize the HTTP data...
665 */
666
ef416fc2 667 http->activity = time(NULL);
1ff0402e
MS		 668 http->addrlist = addrlist;
669 http->blocking = 1;
ef416fc2 670 http->fd = -1;
f7deaa1a 671#ifdef HAVE_GSSAPI
1ff0402e
MS		 672 http->gssctx = GSS_C_NO_CONTEXT;
673 http->gssname = GSS_C_NO_NAME;
f7deaa1a 674#endif /* HAVE_GSSAPI */
1ff0402e 675 http->version = HTTP_1_1;
f7deaa1a 676
1ff0402e 677 strlcpy(http->hostname, host, sizeof(http->hostname));
ef416fc2 678
679 if (port == 443) /* Always use encryption for https */
680 http->encryption = HTTP_ENCRYPT_ALWAYS;
681 else
682 http->encryption = encryption;
683
684 /*
1ff0402e 685 * Return the new structure...
ef416fc2 686 */
687
1ff0402e 688 return (http);
ef416fc2 689}
690
691
692/*
693 * 'httpDelete()' - Send a DELETE request to the server.
694 */
695
696int /* O - Status of call (0 = success) */
568fa3fa 697httpDelete(http_t *http, /* I - Connection to server */
ef416fc2 698 const char *uri) /* I - URI to delete */
699{
700 return (http_send(http, HTTP_DELETE, uri));
701}
702
703
6d2f911b
MS		 704/*
705 * '_httpDisconnect()' - Disconnect a HTTP connection.
706 */
707
708void
709_httpDisconnect(http_t *http) /* I - Connection to server */
710{
711#ifdef HAVE_SSL
712 if (http->tls)
713 http_shutdown_ssl(http);
714#endif /* HAVE_SSL */
715
716#ifdef WIN32
717 closesocket(http->fd);
718#else
719 close(http->fd);
720#endif /* WIN32 */
721
722 http->fd = -1;
723}
724
725
ef416fc2 726/*
727 * 'httpEncryption()' - Set the required encryption on the link.
728 */
729
730int /* O - -1 on error, 0 on success */
568fa3fa 731httpEncryption(http_t *http, /* I - Connection to server */
ef416fc2 732 http_encryption_t e) /* I - New encryption preference */
733{
e07d4801 734 DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
ef416fc2 735
736#ifdef HAVE_SSL
737 if (!http)
738 return (0);
739
740 http->encryption = e;
741
742 if ((http->encryption == HTTP_ENCRYPT_ALWAYS && !http->tls) ||
743 (http->encryption == HTTP_ENCRYPT_NEVER && http->tls))
744 return (httpReconnect(http));
745 else if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
746 return (http_upgrade(http));
747 else
748 return (0);
749#else
750 if (e == HTTP_ENCRYPT_ALWAYS || e == HTTP_ENCRYPT_REQUIRED)
751 return (-1);
752 else
753 return (0);
754#endif /* HAVE_SSL */
755}
756
757
ecdc0628 758/*
759 * 'httpError()' - Get the last error on a connection.
760 */
761
762int /* O - Error code (errno) value */
568fa3fa 763httpError(http_t *http) /* I - Connection to server */
ecdc0628 764{
765 if (http)
766 return (http->error);
767 else
768 return (EINVAL);
769}
770
771
ef416fc2 772/*
773 * 'httpFlush()' - Flush data from a HTTP connection.
774 */
775
776void
568fa3fa 777httpFlush(http_t *http) /* I - Connection to server */
ef416fc2 778{
f8b3a85b
MS		 779 char buffer[8192]; /* Junk buffer */
780 int blocking; /* To block or not to block */
781 http_state_t oldstate; /* Old state */
ef416fc2 782
783
f11a948a
MS		 784 DEBUG_printf(("httpFlush(http=%p), state=%s", http,
785 http_states[http->state]));
ef416fc2 786
fa73b229 787 /*
788 * Temporarily set non-blocking mode so we don't get stuck in httpRead()...
789 */
790
791 blocking = http->blocking;
792 http->blocking = 0;
793
794 /*
795 * Read any data we can...
796 */
797
f8b3a85b 798 oldstate = http->state;
a4d04587 799 while (httpRead2(http, buffer, sizeof(buffer)) > 0);
fa73b229 800
801 /*
802 * Restore blocking and reset the connection if we didn't get all of
803 * the remaining data...
804 */
805
806 http->blocking = blocking;
807
aaf19ab0 808 if (http->state == oldstate && http->state != HTTP_WAITING && http->fd >= 0)
fa73b229 809 {
810 /*
811 * Didn't get the data back, so close the current connection.
812 */
813
814 http->state = HTTP_WAITING;
815
816#ifdef HAVE_SSL
817 if (http->tls)
818 http_shutdown_ssl(http);
819#endif /* HAVE_SSL */
820
821#ifdef WIN32
822 closesocket(http->fd);
823#else
824 close(http->fd);
825#endif /* WIN32 */
826
827 http->fd = -1;
828 }
ef416fc2 829}
830
831
832/*
833 * 'httpFlushWrite()' - Flush data in write buffer.
834 *
426c6a59 835 * @since CUPS 1.2/Mac OS X 10.5@
ef416fc2 836 */
837
838int /* O - Bytes written or -1 on error */
568fa3fa 839httpFlushWrite(http_t *http) /* I - Connection to server */
ef416fc2 840{
841 int bytes; /* Bytes written */
842
843
e07d4801 844 DEBUG_printf(("httpFlushWrite(http=%p)", http));
ef416fc2 845
846 if (!http || !http->wused)
f8b3a85b
MS		 847 {
848 DEBUG_puts(http ? "1httpFlushWrite: Write buffer is empty." :
849 "1httpFlushWrite: No connection.");
ef416fc2 850 return (0);
f8b3a85b 851 }
ef416fc2 852
853 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
854 bytes = http_write_chunk(http, http->wbuffer, http->wused);
855 else
856 bytes = http_write(http, http->wbuffer, http->wused);
857
858 http->wused = 0;
859
f8b3a85b
MS		 860 DEBUG_printf(("1httpFlushWrite: Returning %d.", bytes));
861
ef416fc2 862 return (bytes);
863}
864
865
7cf5915e
MS		 866/*
867 * '_httpFreeCredentials()' - Free internal credentials.
868 */
869
870void
871_httpFreeCredentials(
872 http_tls_credentials_t credentials) /* I - Internal credentials */
873{
874 if (!credentials)
875 return;
876
877#ifdef HAVE_LIBSSL
878 (void)credentials;
879
880#elif defined(HAVE_GNUTLS)
881 (void)credentials;
882
883#elif defined(HAVE_CDSASSL)
884 CFRelease(credentials);
885
886#elif defined(HAVE_SSPISSL)
887 (void)credentials;
888
889#endif /* HAVE_LIBSSL */
890}
891
892
893/*
894 * 'httpFreeCredentials()' - Free an array of credentials.
895 */
896
897void
898httpFreeCredentials(
899 cups_array_t *credentials) /* I - Array of credentials */
900{
901 http_credential_t *credential; /* Credential */
902
903
904 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
905 credential;
906 credential = (http_credential_t *)cupsArrayNext(credentials))
907 {
908 cupsArrayRemove(credentials, credential);
909 free((void *)credential->data);
910 free(credential);
911 }
912
913 cupsArrayDelete(credentials);
914}
915
916
ef416fc2 917/*
918 * 'httpGet()' - Send a GET request to the server.
919 */
920
921int /* O - Status of call (0 = success) */
568fa3fa 922httpGet(http_t *http, /* I - Connection to server */
ef416fc2 923 const char *uri) /* I - URI to get */
924{
925 return (http_send(http, HTTP_GET, uri));
926}
927
928
355e94dc
MS		 929/*
930 * 'httpGetAuthString()' - Get the current authorization string.
931 *
932 * The authorization string is set by cupsDoAuthentication() and
933 * httpSetAuthString(). Use httpGetAuthString() to retrieve the
934 * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
935 * value.
936 *
426c6a59 937 * @since CUPS 1.3/Mac OS X 10.5@
355e94dc
MS		 938 */
939
940char * /* O - Authorization string */
568fa3fa 941httpGetAuthString(http_t *http) /* I - Connection to server */
355e94dc
MS		 942{
943 if (http)
944 return (http->authstring);
945 else
946 return (NULL);
947}
948
949
ecdc0628 950/*
951 * 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
952 *
426c6a59 953 * @since CUPS 1.2/Mac OS X 10.5@
ecdc0628 954 */
955
956int /* O - 1 if blocking, 0 if non-blocking */
568fa3fa 957httpGetBlocking(http_t *http) /* I - Connection to server */
ecdc0628 958{
959 return (http ? http->blocking : 0);
960}
961
962
963/*
964 * 'httpGetCookie()' - Get any cookie data from the response.
757d2cad 965 *
426c6a59 966 * @since CUPS 1.1.19/Mac OS X 10.3@
ecdc0628 967 */
968
969const char * /* O - Cookie data or NULL */
970httpGetCookie(http_t *http) /* I - HTTP connecion */
971{
972 return (http ? http->cookie : NULL);
973}
974
975
976/*
977 * 'httpGetFd()' - Get the file descriptor associated with a connection.
978 *
426c6a59 979 * @since CUPS 1.2/Mac OS X 10.5@
ecdc0628 980 */
981
982int /* O - File descriptor or -1 if none */
568fa3fa 983httpGetFd(http_t *http) /* I - Connection to server */
ecdc0628 984{
985 return (http ? http->fd : -1);
986}
987
988
989/*
990 * 'httpGetField()' - Get a field value from a request/response.
991 */
992
993const char * /* O - Field value */
568fa3fa 994httpGetField(http_t *http, /* I - Connection to server */
ecdc0628 995 http_field_t field) /* I - Field to get */
996{
997 if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
998 return (NULL);
ef55b745 999 else if (field == HTTP_FIELD_AUTHORIZATION &&
f7deaa1a 1000 http->field_authorization)
1001 {
1002 /*
1003 * Special case for WWW-Authenticate: as its contents can be
1004 * longer than HTTP_MAX_VALUE...
1005 */
1006
1007 return (http->field_authorization);
1008 }
ecdc0628 1009 else
1010 return (http->fields[field]);
1011}
1012
1013
1014/*
1015 * 'httpGetLength()' - Get the amount of data remaining from the
1016 * content-length or transfer-encoding fields.
1017 *
1018 * This function is deprecated and will not return lengths larger than
1019 * 2^31 - 1; use httpGetLength2() instead.
1020 *
1021 * @deprecated@
1022 */
1023
1024int /* O - Content length */
568fa3fa 1025httpGetLength(http_t *http) /* I - Connection to server */
ecdc0628 1026{
1027 /*
1028 * Get the read content length and return the 32-bit value.
1029 */
1030
1031 if (http)
1032 {
1033 httpGetLength2(http);
1034
1035 return (http->_data_remaining);
1036 }
1037 else
1038 return (-1);
1039}
1040
1041
1042/*
1043 * 'httpGetLength2()' - Get the amount of data remaining from the
1044 * content-length or transfer-encoding fields.
1045 *
1046 * This function returns the complete content length, even for
1047 * content larger than 2^31 - 1.
1048 *
426c6a59 1049 * @since CUPS 1.2/Mac OS X 10.5@
ecdc0628 1050 */
1051
1052off_t /* O - Content length */
568fa3fa 1053httpGetLength2(http_t *http) /* I - Connection to server */
ecdc0628 1054{
f11a948a
MS		 1055 DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
1056 http_states[http->state]));
ecdc0628 1057
1058 if (!http)
1059 return (-1);
1060
1061 if (!strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
1062 {
e07d4801 1063 DEBUG_puts("4httpGetLength2: chunked request!");
ecdc0628 1064
1065 http->data_encoding = HTTP_ENCODE_CHUNKED;
1066 http->data_remaining = 0;
1067 }
1068 else
1069 {
1070 http->data_encoding = HTTP_ENCODE_LENGTH;
1071
1072 /*
1073 * The following is a hack for HTTP servers that don't send a
1074 * content-length or transfer-encoding field...
1075 *
1076 * If there is no content-length then the connection must close
1077 * after the transfer is complete...
1078 */
1079
b86bc4cf 1080 if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
1081 {
1082 /*
1083 * Default content length is 0 for errors and 2^31-1 for other
1084 * successful requests...
1085 */
1086
1087 if (http->status >= HTTP_MULTIPLE_CHOICES)
1088 http->data_remaining = 0;
1089 else
1090 http->data_remaining = 2147483647;
1091 }
ecdc0628 1092 else
1093 http->data_remaining = strtoll(http->fields[HTTP_FIELD_CONTENT_LENGTH],
1094 NULL, 10);
1095
e07d4801 1096 DEBUG_printf(("4httpGetLength2: content_length=" CUPS_LLFMT,
ecdc0628 1097 CUPS_LLCAST http->data_remaining));
1098 }
1099
1100 if (http->data_remaining <= INT_MAX)
1101 http->_data_remaining = (int)http->data_remaining;
1102 else
1103 http->_data_remaining = INT_MAX;
1104
1105 return (http->data_remaining);
1106}
1107
1108
1109/*
1110 * 'httpGetStatus()' - Get the status of the last HTTP request.
1111 *
426c6a59 1112 * @since CUPS 1.2/Mac OS X 10.5@
ecdc0628 1113 */
1114
1115http_status_t /* O - HTTP status */
568fa3fa 1116httpGetStatus(http_t *http) /* I - Connection to server */
ecdc0628 1117{
1118 return (http ? http->status : HTTP_ERROR);
1119}
1120
1121
ef416fc2 1122/*
1123 * 'httpGetSubField()' - Get a sub-field value.
1124 *
1125 * @deprecated@
1126 */
1127
1128char * /* O - Value or NULL */
568fa3fa 1129httpGetSubField(http_t *http, /* I - Connection to server */
ef416fc2 1130 http_field_t field, /* I - Field index */
1131 const char *name, /* I - Name of sub-field */
1132 char *value) /* O - Value string */
1133{
1134 return (httpGetSubField2(http, field, name, value, HTTP_MAX_VALUE));
1135}
1136
1137
1138/*
1139 * 'httpGetSubField2()' - Get a sub-field value.
1140 *
426c6a59 1141 * @since CUPS 1.2/Mac OS X 10.5@
ef416fc2 1142 */
1143
1144char * /* O - Value or NULL */
568fa3fa 1145httpGetSubField2(http_t *http, /* I - Connection to server */
ef416fc2 1146 http_field_t field, /* I - Field index */
1147 const char *name, /* I - Name of sub-field */
1148 char *value, /* O - Value string */
1149 int valuelen) /* I - Size of value buffer */
1150{
1151 const char *fptr; /* Pointer into field */
1152 char temp[HTTP_MAX_VALUE], /* Temporary buffer for name */
1153 *ptr, /* Pointer into string buffer */
1154 *end; /* End of value buffer */
1155
e07d4801
MS		 1156 DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
1157 "valuelen=%d)", http, field, name, value, valuelen));
ef416fc2 1158
1159 if (!http || !name || !value || valuelen < 2 ||
ecdc0628 1160 field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
ef416fc2 1161 return (NULL);
1162
1163 end = value + valuelen - 1;
1164
1165 for (fptr = http->fields[field]; *fptr;)
1166 {
1167 /*
1168 * Skip leading whitespace...
1169 */
1170
7cf5915e 1171 while (_cups_isspace(*fptr))
ef416fc2 1172 fptr ++;
1173
1174 if (*fptr == ',')
1175 {
1176 fptr ++;
1177 continue;
1178 }
1179
1180 /*
1181 * Get the sub-field name...
1182 */
1183
1184 for (ptr = temp;
7cf5915e 1185 *fptr && *fptr != '=' && !_cups_isspace(*fptr) &&
ef416fc2 1186 ptr < (temp + sizeof(temp) - 1);
1187 *ptr++ = *fptr++);
1188
1189 *ptr = '\0';
1190
e07d4801 1191 DEBUG_printf(("4httpGetSubField2: name=\"%s\"", temp));
ef416fc2 1192
1193 /*
1194 * Skip trailing chars up to the '='...
1195 */
1196
7cf5915e 1197 while (_cups_isspace(*fptr))
ef416fc2 1198 fptr ++;
1199
1200 if (!*fptr)
1201 break;
1202
1203 if (*fptr != '=')
1204 continue;
1205
1206 /*
1207 * Skip = and leading whitespace...
1208 */
1209
1210 fptr ++;
1211
7cf5915e 1212 while (_cups_isspace(*fptr))
ef416fc2 1213 fptr ++;
1214
1215 if (*fptr == '\"')
1216 {
1217 /*
1218 * Read quoted string...
1219 */
1220
1221 for (ptr = value, fptr ++;
1222 *fptr && *fptr != '\"' && ptr < end;
1223 *ptr++ = *fptr++);
1224
1225 *ptr = '\0';
1226
1227 while (*fptr && *fptr != '\"')
1228 fptr ++;
1229
1230 if (*fptr)
1231 fptr ++;
1232 }
1233 else
1234 {
1235 /*
1236 * Read unquoted string...
1237 */
1238
1239 for (ptr = value;
7cf5915e 1240 *fptr && !_cups_isspace(*fptr) && *fptr != ',' && ptr < end;
ef416fc2 1241 *ptr++ = *fptr++);
1242
1243 *ptr = '\0';
1244
7cf5915e 1245 while (*fptr && !_cups_isspace(*fptr) && *fptr != ',')
ef416fc2 1246 fptr ++;
1247 }
1248
e07d4801 1249 DEBUG_printf(("4httpGetSubField2: value=\"%s\"", value));
ef416fc2 1250
1251 /*
1252 * See if this is the one...
1253 */
1254
1255 if (!strcmp(name, temp))
e07d4801
MS		 1256 {
1257 DEBUG_printf(("3httpGetSubField2: Returning \"%s\"", value));
ef416fc2 1258 return (value);
e07d4801 1259 }
ef416fc2 1260 }
1261
1262 value[0] = '\0';
1263
e07d4801
MS		 1264 DEBUG_puts("3httpGetSubField2: Returning NULL");
1265
ef416fc2 1266 return (NULL);
1267}
1268
1269
ef416fc2 1270/*
1271 * 'httpGets()' - Get a line of text from a HTTP connection.
1272 */
1273
1274char * /* O - Line or NULL */
1275httpGets(char *line, /* I - Line to read into */
1276 int length, /* I - Max length of buffer */
568fa3fa 1277 http_t *http) /* I - Connection to server */
ef416fc2 1278{
1279 char *lineptr, /* Pointer into line */
1280 *lineend, /* End of line */
1281 *bufptr, /* Pointer into input buffer */
1282 *bufend; /* Pointer to end of buffer */
1283 int bytes, /* Number of bytes read */
1284 eol; /* End-of-line? */
1285
1286
e07d4801 1287 DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
ef416fc2 1288
1289 if (http == NULL || line == NULL)
1290 return (NULL);
1291
1292 /*
1293 * Read a line from the buffer...
1294 */
f11a948a
MS		 1295
1296 http->error = 0;
1297 lineptr = line;
1298 lineend = line + length - 1;
1299 eol = 0;
ef416fc2 1300
1301 while (lineptr < lineend)
1302 {
1303 /*
1304 * Pre-load the buffer as needed...
1305 */
1306
1307#ifdef WIN32
1308 WSASetLastError(0);
1309#else
1310 errno = 0;
1311#endif /* WIN32 */
1312
1313 while (http->used == 0)
1314 {
1315 /*
1316 * No newline; see if there is more data to be read...
1317 */
1318
38e73f87 1319 if (!http->blocking && !_httpWait(http, 10000, 1))
89d46774 1320 {
e07d4801 1321 DEBUG_puts("3httpGets: Timed out!");
b86bc4cf 1322#ifdef WIN32
1323 http->error = WSAETIMEDOUT;
1324#else
89d46774 1325 http->error = ETIMEDOUT;
b86bc4cf 1326#endif /* WIN32 */
ef416fc2 1327 return (NULL);
89d46774 1328 }
ef416fc2 1329
1330#ifdef HAVE_SSL
1331 if (http->tls)
1332 bytes = http_read_ssl(http, http->buffer + http->used,
1333 HTTP_MAX_BUFFER - http->used);
1334 else
1335#endif /* HAVE_SSL */
1336 bytes = recv(http->fd, http->buffer + http->used,
1337 HTTP_MAX_BUFFER - http->used, 0);
1338
e07d4801 1339 DEBUG_printf(("4httpGets: read %d bytes...", bytes));
ef416fc2 1340
1341 if (bytes < 0)
1342 {
1343 /*
1344 * Nope, can't get a line this time...
1345 */
1346
1347#ifdef WIN32
cc754834
MS		 1348 DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
1349
1350 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
1351 continue;
1352 else if (WSAGetLastError() != http->error)
ef416fc2 1353 {
1354 http->error = WSAGetLastError();
1355 continue;
1356 }
1357
ef416fc2 1358#else
e07d4801 1359 DEBUG_printf(("3httpGets: recv() error %d!", errno));
ef416fc2 1360
e07d4801 1361 if (errno == EINTR || errno == EAGAIN)
ef416fc2 1362 continue;
1363 else if (errno != http->error)
1364 {
1365 http->error = errno;
1366 continue;
1367 }
1368#endif /* WIN32 */
1369
1370 return (NULL);
1371 }
1372 else if (bytes == 0)
1373 {
1374 http->error = EPIPE;
1375
1376 return (NULL);
1377 }
1378
1379 /*
1380 * Yup, update the amount used...
1381 */
1382
1383 http->used += bytes;
1384 }
1385
1386 /*
1387 * Now copy as much of the current line as possible...
1388 */
1389
1390 for (bufptr = http->buffer, bufend = http->buffer + http->used;
1391 lineptr < lineend && bufptr < bufend;)
1392 {
1393 if (*bufptr == 0x0a)
1394 {
1395 eol = 1;
1396 bufptr ++;
1397 break;
1398 }
1399 else if (*bufptr == 0x0d)
1400 bufptr ++;
1401 else
1402 *lineptr++ = *bufptr++;
1403 }
1404
b86bc4cf 1405 http->used -= (int)(bufptr - http->buffer);
ef416fc2 1406 if (http->used > 0)
1407 memmove(http->buffer, bufptr, http->used);
1408
1409 if (eol)
1410 {
1411 /*
1412 * End of line...
1413 */
1414
1415 http->activity = time(NULL);
1416
1417 *lineptr = '\0';
ef55b745 1418
e07d4801 1419 DEBUG_printf(("3httpGets: Returning \"%s\"", line));
ef416fc2 1420
1421 return (line);
1422 }
1423 }
1424
e07d4801 1425 DEBUG_puts("3httpGets: No new line available!");
ef416fc2 1426
1427 return (NULL);
1428}
1429
1430
1431/*
1432 * 'httpHead()' - Send a HEAD request to the server.
1433 */
1434
1435int /* O - Status of call (0 = success) */
568fa3fa 1436httpHead(http_t *http, /* I - Connection to server */
ef416fc2 1437 const char *uri) /* I - URI for head */
1438{
e07d4801 1439 DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
ef416fc2 1440 return (http_send(http, HTTP_HEAD, uri));
1441}
1442
1443
1444/*
1445 * 'httpInitialize()' - Initialize the HTTP interface library and set the
1446 * default HTTP proxy (if any).
1447 */
1448
1449void
1450httpInitialize(void)
1451{
6d2f911b
MS		 1452 static int initialized = 0; /* Have we been called before? */
1453#ifdef WIN32
1454 WSADATA winsockdata; /* WinSock data */
1455#endif /* WIN32 */
ef416fc2 1456#ifdef HAVE_LIBSSL
6d2f911b
MS		 1457 int i; /* Looping var */
1458 unsigned char data[1024]; /* Seed data */
ef416fc2 1459#endif /* HAVE_LIBSSL */
1460
ef416fc2 1461
6d2f911b
MS		 1462 _cupsGlobalLock();
1463 if (initialized)
1464 {
1465 _cupsGlobalUnlock();
1466 return;
1467 }
1468
1469#ifdef WIN32
c7017ecc 1470 WSAStartup(MAKEWORD(2,2), &winsockdata);
ef416fc2 1471
fa73b229 1472#elif !defined(SO_NOSIGPIPE)
ef416fc2 1473 /*
1474 * Ignore SIGPIPE signals...
1475 */
1476
fa73b229 1477# ifdef HAVE_SIGSET
1478 sigset(SIGPIPE, SIG_IGN);
6d2f911b 1479
fa73b229 1480# elif defined(HAVE_SIGACTION)
1481 struct sigaction action; /* POSIX sigaction data */
1482
1483
ef416fc2 1484 memset(&action, 0, sizeof(action));
1485 action.sa_handler = SIG_IGN;
1486 sigaction(SIGPIPE, &action, NULL);
6d2f911b 1487
fa73b229 1488# else
ef416fc2 1489 signal(SIGPIPE, SIG_IGN);
fa73b229 1490# endif /* !SO_NOSIGPIPE */
ef416fc2 1491#endif /* WIN32 */
1492
1493#ifdef HAVE_GNUTLS
6d2f911b
MS		 1494 /*
1495 * Make sure we handle threading properly...
1496 */
1497
1498# ifdef HAVE_PTHREAD_H
1499 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
1500# endif /* HAVE_PTHREAD_H */
1501
1502 /*
1503 * Initialize GNU TLS...
1504 */
1505
ef416fc2 1506 gnutls_global_init();
ef416fc2 1507
6d2f911b
MS		 1508#elif defined(HAVE_LIBSSL)
1509 /*
1510 * Initialize OpenSSL...
1511 */
1512
ef416fc2 1513 SSL_load_error_strings();
1514 SSL_library_init();
1515
6d2f911b
MS		 1516 /*
1517 * Set the threading callbacks...
1518 */
1519
1520 http_locks = calloc(CRYPTO_num_locks(), sizeof(_cups_mutex_t));
1521# ifdef HAVE_PTHREAD_H
1522 for (i = 0; i < CRYPTO_num_locks(); i ++)
1523 pthread_mutex_init(http_locks + i, NULL);
1524# endif /* HAVE_PTHREAD_H */
1525
1526 CRYPTO_set_id_callback(http_threadid_cb);
1527 CRYPTO_set_locking_callback(http_locking_cb);
1528
ef416fc2 1529 /*
1530 * Using the current time is a dubious random seed, but on some systems
1531 * it is the best we can do (on others, this seed isn't even used...)
1532 */
1533
6d2f911b 1534 CUPS_SRAND(time(NULL));
ef416fc2 1535
1536 for (i = 0; i < sizeof(data); i ++)
6d2f911b 1537 data[i] = CUPS_RAND();
ef416fc2 1538
dfd5680b 1539 RAND_seed(data, sizeof(data));
6d2f911b
MS		 1540#endif /* HAVE_GNUTLS */
1541
1542 initialized = 1;
1543 _cupsGlobalUnlock();
ef416fc2 1544}
1545
1546
1547/*
1548 * 'httpOptions()' - Send an OPTIONS request to the server.
1549 */
1550
1551int /* O - Status of call (0 = success) */
568fa3fa 1552httpOptions(http_t *http, /* I - Connection to server */
ef416fc2 1553 const char *uri) /* I - URI for options */
1554{
1555 return (http_send(http, HTTP_OPTIONS, uri));
1556}
1557
1558
6d2f911b
MS		 1559/*
1560 * '_httpPeek()' - Peek at data from a HTTP connection.
1561 *
1562 * This function copies available data from the given HTTP connection, reading
1563 * a buffer as needed. The data is still available for reading using
1564 * @link httpRead@ or @link httpRead2@.
1565 *
1566 * For non-blocking connections the usual timeouts apply.
1567 */
1568
1569ssize_t /* O - Number of bytes copied */
1570_httpPeek(http_t *http, /* I - Connection to server */
1571 char *buffer, /* I - Buffer for data */
1572 size_t length) /* I - Maximum number of bytes */
1573{
1574 ssize_t bytes; /* Bytes read */
1575 char len[32]; /* Length string */
1576
1577
1578 DEBUG_printf(("_httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
1579 http, buffer, CUPS_LLCAST length));
1580
1581 if (http == NULL || buffer == NULL)
1582 return (-1);
1583
1584 http->activity = time(NULL);
1585 http->error = 0;
1586
1587 if (length <= 0)
1588 return (0);
1589
1590 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1591 http->data_remaining <= 0)
1592 {
1593 DEBUG_puts("2_httpPeek: Getting chunk length...");
1594
1595 if (httpGets(len, sizeof(len), http) == NULL)
1596 {
1597 DEBUG_puts("1_httpPeek: Could not get length!");
1598 return (0);
1599 }
1600
1601 http->data_remaining = strtoll(len, NULL, 16);
1602 if (http->data_remaining < 0)
1603 {
1604 DEBUG_puts("1_httpPeek: Negative chunk length!");
1605 return (0);
1606 }
1607 }
1608
1609 DEBUG_printf(("2_httpPeek: data_remaining=" CUPS_LLFMT,
1610 CUPS_LLCAST http->data_remaining));
1611
1612 if (http->data_remaining <= 0)
1613 {
1614 /*
1615 * A zero-length chunk ends a transfer; unless we are reading POST
1616 * data, go idle...
1617 */
1618
1619 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1620 httpGets(len, sizeof(len), http);
1621
1622 if (http->state == HTTP_POST_RECV)
1623 http->state ++;
1624 else
1625 http->state = HTTP_WAITING;
1626
1627 /*
1628 * Prevent future reads for this request...
1629 */
1630
1631 http->data_encoding = HTTP_ENCODE_LENGTH;
1632
1633 return (0);
1634 }
1635 else if (length > (size_t)http->data_remaining)
1636 length = (size_t)http->data_remaining;
1637
1638 if (http->used == 0)
1639 {
1640 /*
1641 * Buffer small reads for better performance...
1642 */
1643
1644 if (!http->blocking && !httpWait(http, 10000))
1645 return (0);
1646
1647 if (http->data_remaining > sizeof(http->buffer))
1648 bytes = sizeof(http->buffer);
1649 else
1650 bytes = http->data_remaining;
1651
1652#ifdef HAVE_SSL
1653 if (http->tls)
1654 bytes = http_read_ssl(http, http->buffer, bytes);
1655 else
1656#endif /* HAVE_SSL */
1657 {
1658 DEBUG_printf(("2_httpPeek: reading %d bytes from socket into buffer...",
1659 (int)bytes));
1660
1661 bytes = recv(http->fd, http->buffer, bytes, 0);
1662
1663 DEBUG_printf(("2_httpPeek: read %d bytes from socket into buffer...",
1664 (int)bytes));
1665 }
1666
1667 if (bytes > 0)
1668 http->used = bytes;
1669 else if (bytes < 0)
1670 {
1671#ifdef WIN32
cc754834
MS		 1672 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1673 {
1674 http->error = WSAGetLastError();
1675 return (-1);
1676 }
6d2f911b
MS		 1677#else
1678 if (errno != EINTR && errno != EAGAIN)
1679 {
1680 http->error = errno;
1681 return (-1);
1682 }
1683#endif /* WIN32 */
1684 }
1685 else
1686 {
1687 http->error = EPIPE;
1688 return (0);
1689 }
1690 }
1691
1692 if (http->used > 0)
1693 {
1694 if (length > (size_t)http->used)
1695 length = (size_t)http->used;
1696
1697 bytes = (ssize_t)length;
1698
1699 DEBUG_printf(("2_httpPeek: grabbing %d bytes from input buffer...",
1700 (int)bytes));
1701
1702 memcpy(buffer, http->buffer, length);
1703 }
1704 else
1705 bytes = 0;
1706
1707 if (bytes < 0)
1708 {
1709#ifdef WIN32
cc754834
MS		 1710 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
1711 bytes = 0;
1712 else
1713 http->error = WSAGetLastError();
6d2f911b
MS		 1714#else
1715 if (errno == EINTR || errno == EAGAIN)
1716 bytes = 0;
1717 else
1718 http->error = errno;
1719#endif /* WIN32 */
1720 }
1721 else if (bytes == 0)
1722 {
1723 http->error = EPIPE;
1724 return (0);
1725 }
1726
1727#ifdef DEBUG
1728 http_debug_hex("_httpPeek", buffer, (int)bytes);
1729#endif /* DEBUG */
1730
1731 return (bytes);
1732}
1733
1734
ef416fc2 1735/*
1736 * 'httpPost()' - Send a POST request to the server.
1737 */
1738
1739int /* O - Status of call (0 = success) */
568fa3fa 1740httpPost(http_t *http, /* I - Connection to server */
ef416fc2 1741 const char *uri) /* I - URI for post */
1742{
1743 return (http_send(http, HTTP_POST, uri));
1744}
1745
1746
1747/*
1748 * 'httpPrintf()' - Print a formatted string to a HTTP connection.
ecdc0628 1749 *
1750 * @private@
ef416fc2 1751 */
1752
1753int /* O - Number of bytes written */
568fa3fa 1754httpPrintf(http_t *http, /* I - Connection to server */
ef416fc2 1755 const char *format, /* I - printf-style format string */
1756 ...) /* I - Additional args as needed */
1757{
1758 int bytes; /* Number of bytes to write */
1759 char buf[16384]; /* Buffer for formatted string */
1760 va_list ap; /* Variable argument pointer */
1761
1762
e07d4801 1763 DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
ef416fc2 1764
1765 va_start(ap, format);
1766 bytes = vsnprintf(buf, sizeof(buf), format, ap);
1767 va_end(ap);
1768
e07d4801 1769 DEBUG_printf(("3httpPrintf: %s", buf));
ef416fc2 1770
d09495fa 1771 if (http->data_encoding == HTTP_ENCODE_FIELDS)
1772 return (httpWrite2(http, buf, bytes));
1773 else
ef416fc2 1774 {
d09495fa 1775 if (http->wused)
1776 {
e07d4801 1777 DEBUG_puts("4httpPrintf: flushing existing data...");
ef416fc2 1778
d09495fa 1779 if (httpFlushWrite(http) < 0)
1780 return (-1);
1781 }
ef416fc2 1782
d09495fa 1783 return (http_write(http, buf, bytes));
1784 }
ef416fc2 1785}
1786
1787
1788/*
1789 * 'httpPut()' - Send a PUT request to the server.
1790 */
1791
1792int /* O - Status of call (0 = success) */
568fa3fa 1793httpPut(http_t *http, /* I - Connection to server */
ef416fc2 1794 const char *uri) /* I - URI to put */
1795{
e07d4801 1796 DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
ef416fc2 1797 return (http_send(http, HTTP_PUT, uri));
1798}
1799
1800
1801/*
1802 * 'httpRead()' - Read data from a HTTP connection.
a4d04587 1803 *
1804 * This function is deprecated. Use the httpRead2() function which can
1805 * read more than 2GB of data.
1806 *
1807 * @deprecated@
ef416fc2 1808 */
1809
1810int /* O - Number of bytes read */
568fa3fa 1811httpRead(http_t *http, /* I - Connection to server */
ef416fc2 1812 char *buffer, /* I - Buffer for data */
1813 int length) /* I - Maximum number of bytes */
1814{
a4d04587 1815 return ((int)httpRead2(http, buffer, length));
1816}
1817
1818
1819/*
1820 * 'httpRead2()' - Read data from a HTTP connection.
ecdc0628 1821 *
426c6a59 1822 * @since CUPS 1.2/Mac OS X 10.5@
a4d04587 1823 */
1824
1825ssize_t /* O - Number of bytes read */
568fa3fa 1826httpRead2(http_t *http, /* I - Connection to server */
a4d04587 1827 char *buffer, /* I - Buffer for data */
1828 size_t length) /* I - Maximum number of bytes */
1829{
1830 ssize_t bytes; /* Bytes read */
ef416fc2 1831 char len[32]; /* Length string */
1832
1833
e07d4801 1834 DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
a603edef 1835 http, buffer, CUPS_LLCAST length));
ef416fc2 1836
1837 if (http == NULL || buffer == NULL)
1838 return (-1);
1839
1840 http->activity = time(NULL);
f11a948a 1841 http->error = 0;
ef416fc2 1842
1843 if (length <= 0)
1844 return (0);
1845
1846 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1847 http->data_remaining <= 0)
1848 {
e07d4801 1849 DEBUG_puts("2httpRead2: Getting chunk length...");
ef416fc2 1850
1851 if (httpGets(len, sizeof(len), http) == NULL)
1852 {
e07d4801 1853 DEBUG_puts("1httpRead2: Could not get length!");
ef416fc2 1854 return (0);
1855 }
1856
1857 http->data_remaining = strtoll(len, NULL, 16);
1858 if (http->data_remaining < 0)
1859 {
e07d4801 1860 DEBUG_puts("1httpRead2: Negative chunk length!");
ef416fc2 1861 return (0);
1862 }
1863 }
1864
e07d4801 1865 DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT,
ef416fc2 1866 CUPS_LLCAST http->data_remaining));
1867
1868 if (http->data_remaining <= 0)
1869 {
1870 /*
1871 * A zero-length chunk ends a transfer; unless we are reading POST
1872 * data, go idle...
1873 */
1874
1875 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1876 httpGets(len, sizeof(len), http);
1877
1878 if (http->state == HTTP_POST_RECV)
1879 http->state ++;
1880 else
1881 http->state = HTTP_WAITING;
1882
1883 /*
1884 * Prevent future reads for this request...
1885 */
1886
1887 http->data_encoding = HTTP_ENCODE_LENGTH;
1888
1889 return (0);
1890 }
b86bc4cf 1891 else if (length > (size_t)http->data_remaining)
1892 length = (size_t)http->data_remaining;
ef416fc2 1893
1894 if (http->used == 0 && length <= 256)
1895 {
1896 /*
1897 * Buffer small reads for better performance...
1898 */
1899
ed486911 1900 if (!http->blocking && !httpWait(http, 10000))
ef416fc2 1901 return (0);
1902
1903 if (http->data_remaining > sizeof(http->buffer))
1904 bytes = sizeof(http->buffer);
1905 else
1906 bytes = http->data_remaining;
1907
1908#ifdef HAVE_SSL
1909 if (http->tls)
1910 bytes = http_read_ssl(http, http->buffer, bytes);
1911 else
1912#endif /* HAVE_SSL */
1913 {
e07d4801 1914 DEBUG_printf(("2httpRead2: reading %d bytes from socket into buffer...",
a603edef 1915 (int)bytes));
ef416fc2 1916
1917 bytes = recv(http->fd, http->buffer, bytes, 0);
1918
e07d4801 1919 DEBUG_printf(("2httpRead2: read %d bytes from socket into buffer...",
a603edef 1920 (int)bytes));
ef416fc2 1921 }
1922
1923 if (bytes > 0)
1924 http->used = bytes;
1925 else if (bytes < 0)
1926 {
1927#ifdef WIN32
cc754834
MS		 1928 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1929 {
1930 http->error = WSAGetLastError();
1931 return (-1);
1932 }
ef416fc2 1933#else
e07d4801 1934 if (errno != EINTR && errno != EAGAIN)
ef416fc2 1935 {
1936 http->error = errno;
1937 return (-1);
1938 }
1939#endif /* WIN32 */
1940 }
1941 else
1942 {
1943 http->error = EPIPE;
1944 return (0);
1945 }
1946 }
1947
1948 if (http->used > 0)
1949 {
b86bc4cf 1950 if (length > (size_t)http->used)
1951 length = (size_t)http->used;
ef416fc2 1952
b86bc4cf 1953 bytes = (ssize_t)length;
ef416fc2 1954
e07d4801 1955 DEBUG_printf(("2httpRead2: grabbing %d bytes from input buffer...",
a603edef 1956 (int)bytes));
ef416fc2 1957
1958 memcpy(buffer, http->buffer, length);
b86bc4cf 1959 http->used -= (int)length;
ef416fc2 1960
1961 if (http->used > 0)
1962 memmove(http->buffer, http->buffer + length, http->used);
1963 }
1964#ifdef HAVE_SSL
1965 else if (http->tls)
1966 {
ed486911 1967 if (!http->blocking && !httpWait(http, 10000))
ef416fc2 1968 return (0);
1969
b86bc4cf 1970 bytes = (ssize_t)http_read_ssl(http, buffer, (int)length);
ef416fc2 1971 }
1972#endif /* HAVE_SSL */
1973 else
1974 {
ed486911 1975 if (!http->blocking && !httpWait(http, 10000))
ef416fc2 1976 return (0);
1977
e07d4801 1978 DEBUG_printf(("2httpRead2: reading " CUPS_LLFMT " bytes from socket...",
a603edef 1979 CUPS_LLCAST length));
ef416fc2 1980
b86bc4cf 1981#ifdef WIN32
cc754834
MS		 1982 while ((bytes = (ssize_t) recv(http->fd, buffer, (int)length, 0)) < 0)
1983 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1984 break;
b86bc4cf 1985#else
ef416fc2 1986 while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
d1c13e16 1987 if (errno != EINTR && errno != EAGAIN)
ef416fc2 1988 break;
b86bc4cf 1989#endif /* WIN32 */
ef416fc2 1990
e07d4801 1991 DEBUG_printf(("2httpRead2: read " CUPS_LLFMT " bytes from socket...",
a603edef 1992 CUPS_LLCAST bytes));
ef416fc2 1993 }
1994
1995 if (bytes > 0)
1996 {
1997 http->data_remaining -= bytes;
1998
1999 if (http->data_remaining <= INT_MAX)
2000 http->_data_remaining = (int)http->data_remaining;
2001 else
2002 http->_data_remaining = INT_MAX;
2003 }
2004 else if (bytes < 0)
2005 {
2006#ifdef WIN32
cc754834
MS		 2007 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
2008 bytes = 0;
2009 else
2010 http->error = WSAGetLastError();
ef416fc2 2011#else
d1c13e16 2012 if (errno == EINTR || errno == EAGAIN)
ef416fc2 2013 bytes = 0;
2014 else
2015 http->error = errno;
2016#endif /* WIN32 */
2017 }
2018 else
2019 {
2020 http->error = EPIPE;
2021 return (0);
2022 }
2023
2024 if (http->data_remaining == 0)
2025 {
2026 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2027 httpGets(len, sizeof(len), http);
2028
2029 if (http->data_encoding != HTTP_ENCODE_CHUNKED)
2030 {
2031 if (http->state == HTTP_POST_RECV)
2032 http->state ++;
2033 else
2034 http->state = HTTP_WAITING;
2035 }
2036 }
2037
2038#ifdef DEBUG
ae71f5de 2039 http_debug_hex("httpRead2", buffer, (int)bytes);
ef416fc2 2040#endif /* DEBUG */
2041
2042 return (bytes);
2043}
2044
2045
2046#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
2047/*
411affcf 2048 * '_httpReadCDSA()' - Read function for the CDSA library.
ef416fc2 2049 */
2050
2051OSStatus /* O - -1 on error, 0 on success */
2052_httpReadCDSA(
2053 SSLConnectionRef connection, /* I - SSL/TLS connection */
2054 void *data, /* I - Data buffer */
2055 size_t *dataLength) /* IO - Number of bytes */
2056{
411affcf 2057 OSStatus result; /* Return value */
2058 ssize_t bytes; /* Number of bytes read */
2059 http_t *http; /* HTTP connection */
2060
2061
2062 http = (http_t *)connection;
e53920b9 2063
411affcf 2064 if (!http->blocking)
2065 {
2066 /*
2067 * Make sure we have data before we read...
2068 */
e53920b9 2069
38e73f87 2070 if (!_httpWait(http, 10000, 0))
411affcf 2071 {
2072 http->error = ETIMEDOUT;
2073 return (-1);
2074 }
2075 }
ef416fc2 2076
b423cd4c 2077 do
411affcf 2078 {
2079 bytes = recv(http->fd, data, *dataLength, 0);
2080 }
e07d4801 2081 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
fa73b229 2082
b423cd4c 2083 if (bytes == *dataLength)
411affcf 2084 {
b423cd4c 2085 result = 0;
411affcf 2086 }
b423cd4c 2087 else if (bytes > 0)
2088 {
2089 *dataLength = bytes;
2090 result = errSSLWouldBlock;
2091 }
2092 else
2093 {
2094 *dataLength = 0;
fa73b229 2095
2096 if (bytes == 0)
ed486911 2097 result = errSSLClosedGraceful;
b423cd4c 2098 else if (errno == EAGAIN)
2099 result = errSSLWouldBlock;
b423cd4c 2100 else
ed486911 2101 result = errSSLClosedAbort;
ef416fc2 2102 }
b423cd4c 2103
411affcf 2104 return (result);
ef416fc2 2105}
2106#endif /* HAVE_SSL && HAVE_CDSASSL */
2107
2108
411affcf 2109#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
2110/*
2111 * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
2112 */
2113
2114ssize_t /* O - Number of bytes read or -1 on error */
2115_httpReadGNUTLS(
568fa3fa 2116 gnutls_transport_ptr ptr, /* I - Connection to server */
411affcf 2117 void *data, /* I - Buffer */
2118 size_t length) /* I - Number of bytes to read */
2119{
2120 http_t *http; /* HTTP connection */
2121
2122
2123 http = (http_t *)ptr;
2124
2125 if (!http->blocking)
2126 {
2127 /*
2128 * Make sure we have data before we read...
2129 */
2130
38e73f87 2131 if (!_httpWait(http, 10000, 0))
411affcf 2132 {
2133 http->error = ETIMEDOUT;
2134 return (-1);
2135 }
2136 }
2137
2138 return (recv(http->fd, data, length, 0));
2139}
2140#endif /* HAVE_SSL && HAVE_GNUTLS */
2141
2142
ef416fc2 2143/*
ecdc0628 2144 * 'httpReconnect()' - Reconnect to a HTTP server.
ef416fc2 2145 */
2146
2147int /* O - 0 on success, non-zero on failure */
568fa3fa 2148httpReconnect(http_t *http) /* I - Connection to server */
ef416fc2 2149{
2150 http_addrlist_t *addr; /* Connected address */
1ff0402e
MS		 2151#ifdef DEBUG
2152 http_addrlist_t *current; /* Current address */
2153 char temp[256]; /* Temporary address string */
2154#endif /* DEBUG */
ef416fc2 2155
2156
e07d4801 2157 DEBUG_printf(("httpReconnect(http=%p)", http));
ef416fc2 2158
2159 if (!http)
2160 return (-1);
2161
2162#ifdef HAVE_SSL
2163 if (http->tls)
1ff0402e 2164 {
e07d4801 2165 DEBUG_puts("2httpReconnect: Shutting down SSL/TLS...");
ef416fc2 2166 http_shutdown_ssl(http);
1ff0402e 2167 }
ef416fc2 2168#endif /* HAVE_SSL */
2169
2170 /*
2171 * Close any previously open socket...
2172 */
2173
2174 if (http->fd >= 0)
bd7854cb 2175 {
e07d4801 2176 DEBUG_printf(("2httpReconnect: Closing socket %d...", http->fd));
1ff0402e 2177
ef416fc2 2178#ifdef WIN32
2179 closesocket(http->fd);
2180#else
2181 close(http->fd);
2182#endif /* WIN32 */
2183
bd7854cb 2184 http->fd = -1;
2185 }
2186
ef416fc2 2187 /*
2188 * Connect to the server...
2189 */
2190
1ff0402e
MS		 2191#ifdef DEBUG
2192 for (current = http->addrlist; current; current = current->next)
e07d4801 2193 DEBUG_printf(("2httpReconnect: Address %s:%d",
1ff0402e
MS		 2194 httpAddrString(&(current->addr), temp, sizeof(temp)),
2195 _httpAddrPort(&(current->addr))));
2196#endif /* DEBUG */
2197
ef416fc2 2198 if ((addr = httpAddrConnect(http->addrlist, &(http->fd))) == NULL)
2199 {
2200 /*
2201 * Unable to connect...
2202 */
2203
2204#ifdef WIN32
2205 http->error = WSAGetLastError();
2206#else
2207 http->error = errno;
2208#endif /* WIN32 */
2209 http->status = HTTP_ERROR;
2210
e07d4801 2211 DEBUG_printf(("1httpReconnect: httpAddrConnect failed: %s",
1ff0402e
MS		 2212 strerror(http->error)));
2213
ef416fc2 2214 return (-1);
2215 }
2216
e07d4801 2217 DEBUG_printf(("2httpReconnect: New socket=%d", http->fd));
1ff0402e 2218
ef416fc2 2219 http->hostaddr = &(addr->addr);
2220 http->error = 0;
2221 http->status = HTTP_CONTINUE;
2222
2223#ifdef HAVE_SSL
2224 if (http->encryption == HTTP_ENCRYPT_ALWAYS)
2225 {
2226 /*
2227 * Always do encryption via SSL.
2228 */
2229
2230 if (http_setup_ssl(http) != 0)
2231 {
f7deaa1a 2232# ifdef WIN32
ef416fc2 2233 closesocket(http->fd);
f7deaa1a 2234# else
ef416fc2 2235 close(http->fd);
f7deaa1a 2236# endif /* WIN32 */
ef416fc2 2237
2238 return (-1);
2239 }
2240 }
2241 else if (http->encryption == HTTP_ENCRYPT_REQUIRED)
2242 return (http_upgrade(http));
2243#endif /* HAVE_SSL */
2244
e07d4801 2245 DEBUG_printf(("1httpReconnect: Connected to %s:%d...",
1ff0402e
MS		 2246 httpAddrString(http->hostaddr, temp, sizeof(temp)),
2247 _httpAddrPort(http->hostaddr)));
2248
ef416fc2 2249 return (0);
2250}
2251
2252
355e94dc
MS		 2253/*
2254 * 'httpSetAuthString()' - Set the current authorization string.
2255 *
2256 * This function just stores a copy of the current authorization string in
2257 * the HTTP connection object. You must still call httpSetField() to set
2258 * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
2259 * httpHead(), httpOptions(), httpPost, or httpPut().
2260 *
426c6a59 2261 * @since CUPS 1.3/Mac OS X 10.5@
355e94dc
MS		 2262 */
2263
2264void
568fa3fa 2265httpSetAuthString(http_t *http, /* I - Connection to server */
355e94dc
MS		 2266 const char *scheme, /* I - Auth scheme (NULL to clear it) */
2267 const char *data) /* I - Auth data (NULL for none) */
2268{
2269 /*
2270 * Range check input...
2271 */
2272
2273 if (!http)
2274 return;
2275
2276 if (http->authstring && http->authstring != http->_authstring)
2277 free(http->authstring);
2278
2279 http->authstring = http->_authstring;
2280
2281 if (scheme)
2282 {
2283 /*
2284 * Set the current authorization string...
2285 */
2286
2287 int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
91c84a35 2288 char *temp;
355e94dc
MS		 2289
2290 if (len > (int)sizeof(http->_authstring))
91c84a35
MS		 2291 {
2292 if ((temp = malloc(len)) == NULL)
2293 len = sizeof(http->_authstring);
2294 else
2295 http->authstring = temp;
2296 }
355e94dc
MS		 2297
2298 if (data)
2299 snprintf(http->authstring, len, "%s %s", scheme, data);
2300 else
2301 strlcpy(http->authstring, scheme, len);
2302 }
2303 else
2304 {
2305 /*
2306 * Clear the current authorization string...
2307 */
2308
2309 http->_authstring[0] = '\0';
2310 }
2311}
2312
2313
7cf5915e
MS		 2314/*
2315 * 'httpSetCredentials()' - Set the credentials associated with an encrypted
2316 * connection.
2317 *
2318 * @since CUPS 1.5@
2319 */
2320
2321int /* O - Status of call (0 = success) */
2322httpSetCredentials(http_t *http, /* I - Connection to server */
2323 cups_array_t *credentials) /* I - Array of credentials */
2324{
2325 if (!http || cupsArrayCount(credentials) < 1)
2326 return (-1);
2327
2328 _httpFreeCredentials(http->tls_credentials);
2329
2330 http->tls_credentials = _httpConvertCredentials(credentials);
2331
2332 return (http->tls_credentials ? 0 : -1);
2333}
2334
2335
ef416fc2 2336/*
6d2f911b 2337 * 'httpSetCookie()' - Set the cookie value(s).
ef416fc2 2338 *
426c6a59 2339 * @since CUPS 1.1.19/Mac OS X 10.3@
ef416fc2 2340 */
2341
2342void
2343httpSetCookie(http_t *http, /* I - Connection */
2344 const char *cookie) /* I - Cookie string */
2345{
2346 if (!http)
2347 return;
2348
2349 if (http->cookie)
2350 free(http->cookie);
2351
2352 if (cookie)
2353 http->cookie = strdup(cookie);
2354 else
2355 http->cookie = NULL;
2356}
2357
2358
b423cd4c 2359/*
2360 * 'httpSetExpect()' - Set the Expect: header in a request.
2361 *
2362 * Currently only HTTP_CONTINUE is supported for the "expect" argument.
2363 *
426c6a59 2364 * @since CUPS 1.2/Mac OS X 10.5@
b423cd4c 2365 */
2366
2367void
568fa3fa 2368httpSetExpect(http_t *http, /* I - Connection to server */
b423cd4c 2369 http_status_t expect) /* I - HTTP status to expect (HTTP_CONTINUE) */
2370{
2371 if (http)
2372 http->expect = expect;
2373}
2374
2375
ef416fc2 2376/*
2377 * 'httpSetField()' - Set the value of an HTTP header.
2378 */
2379
2380void
568fa3fa 2381httpSetField(http_t *http, /* I - Connection to server */
ef416fc2 2382 http_field_t field, /* I - Field index */
2383 const char *value) /* I - Value */
2384{
2385 if (http == NULL ||
2386 field < HTTP_FIELD_ACCEPT_LANGUAGE ||
2387 field > HTTP_FIELD_WWW_AUTHENTICATE ||
2388 value == NULL)
2389 return;
2390
2391 strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
f7deaa1a 2392
f7deaa1a 2393 if (field == HTTP_FIELD_AUTHORIZATION)
2394 {
e07d4801
MS		 2395 /*
2396 * Special case for Authorization: as its contents can be
2397 * longer than HTTP_MAX_VALUE
2398 */
2399
f7deaa1a 2400 if (http->field_authorization)
2401 free(http->field_authorization);
2402
2403 http->field_authorization = strdup(value);
2404 }
e07d4801
MS		 2405 else if (field == HTTP_FIELD_HOST)
2406 {
2407 /*
f11a948a
MS		 2408 * Special-case for Host: as we don't want a trailing "." on the hostname and
2409 * need to bracket IPv6 numeric addresses.
e07d4801
MS		 2410 */
2411
178cb736
MS		 2412 char *ptr = strchr(value, ':');
2413
2414 if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
f11a948a
MS		 2415 {
2416 /*
2417 * Bracket IPv6 numeric addresses...
2418 *
2419 * This is slightly inefficient (basically copying twice), but is an edge
2420 * case and not worth optimizing...
2421 */
e07d4801 2422
f11a948a
MS		 2423 snprintf(http->fields[HTTP_FIELD_HOST],
2424 sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
2425 }
2426 else
e07d4801 2427 {
f11a948a
MS		 2428 /*
2429 * Check for a trailing dot on the hostname...
2430 */
2431
178cb736 2432 ptr = http->fields[HTTP_FIELD_HOST];
f11a948a
MS		 2433
2434 if (*ptr)
2435 {
2436 ptr += strlen(ptr) - 1;
e07d4801 2437
f11a948a
MS		 2438 if (*ptr == '.')
2439 *ptr = '\0';
2440 }
e07d4801
MS		 2441 }
2442 }
ef416fc2 2443}
2444
2445
2446/*
2447 * 'httpSetLength()' - Set the content-length and content-encoding.
2448 *
426c6a59 2449 * @since CUPS 1.2/Mac OS X 10.5@
ef416fc2 2450 */
2451
2452void
568fa3fa 2453httpSetLength(http_t *http, /* I - Connection to server */
ef416fc2 2454 size_t length) /* I - Length (0 for chunked) */
2455{
2456 if (!http)
2457 return;
2458
2459 if (!length)
2460 {
2461 strcpy(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked");
2462 http->fields[HTTP_FIELD_CONTENT_LENGTH][0] = '\0';
2463 }
2464 else
2465 {
2466 http->fields[HTTP_FIELD_TRANSFER_ENCODING][0] = '\0';
2467 snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE,
2468 CUPS_LLFMT, CUPS_LLCAST length);
2469 }
2470}
2471
2472
2473/*
2474 * 'httpTrace()' - Send an TRACE request to the server.
2475 */
2476
2477int /* O - Status of call (0 = success) */
568fa3fa 2478httpTrace(http_t *http, /* I - Connection to server */
ef416fc2 2479 const char *uri) /* I - URI for trace */
2480{
2481 return (http_send(http, HTTP_TRACE, uri));
2482}
2483
2484
2485/*
2486 * 'httpUpdate()' - Update the current HTTP state for incoming data.
2487 */
2488
2489http_status_t /* O - HTTP status */
568fa3fa 2490httpUpdate(http_t *http) /* I - Connection to server */
ef416fc2 2491{
2492 char line[32768], /* Line from connection... */
2493 *value; /* Pointer to value on line */
2494 http_field_t field; /* Field index */
2495 int major, minor, /* HTTP version numbers */
2496 status; /* Request status */
2497
2498
f11a948a
MS		 2499 DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
2500 http_states[http->state]));
ef416fc2 2501
2502 /*
2503 * Flush pending data, if any...
2504 */
2505
2506 if (http->wused)
2507 {
e07d4801 2508 DEBUG_puts("2httpUpdate: flushing buffer...");
ef416fc2 2509
2510 if (httpFlushWrite(http) < 0)
2511 return (HTTP_ERROR);
2512 }
2513
2514 /*
2515 * If we haven't issued any commands, then there is nothing to "update"...
2516 */
2517
2518 if (http->state == HTTP_WAITING)
2519 return (HTTP_CONTINUE);
2520
2521 /*
2522 * Grab all of the lines we can from the connection...
2523 */
2524
2525 while (httpGets(line, sizeof(line), http) != NULL)
2526 {
e07d4801 2527 DEBUG_printf(("2httpUpdate: Got \"%s\"", line));
ef416fc2 2528
2529 if (line[0] == '\0')
2530 {
2531 /*
2532 * Blank line means the start of the data section (if any). Return
2533 * the result code, too...
2534 *
2535 * If we get status 100 (HTTP_CONTINUE), then we *don't* change states.
2536 * Instead, we just return HTTP_CONTINUE to the caller and keep on
2537 * tryin'...
2538 */
2539
2540 if (http->status == HTTP_CONTINUE)
2541 return (http->status);
2542
2543 if (http->status < HTTP_BAD_REQUEST)
2544 http->digest_tries = 0;
2545
2546#ifdef HAVE_SSL
2547 if (http->status == HTTP_SWITCHING_PROTOCOLS && !http->tls)
2548 {
2549 if (http_setup_ssl(http) != 0)
2550 {
2551# ifdef WIN32
2552 closesocket(http->fd);
2553# else
2554 close(http->fd);
2555# endif /* WIN32 */
2556
2557 return (HTTP_ERROR);
2558 }
2559
2560 return (HTTP_CONTINUE);
2561 }
2562#endif /* HAVE_SSL */
2563
2564 httpGetLength2(http);
2565
2566 switch (http->state)
2567 {
2568 case HTTP_GET :
2569 case HTTP_POST :
2570 case HTTP_POST_RECV :
2571 case HTTP_PUT :
2572 http->state ++;
2573 case HTTP_POST_SEND :
e1d6a774 2574 case HTTP_HEAD :
ef416fc2 2575 break;
2576
2577 default :
2578 http->state = HTTP_WAITING;
2579 break;
2580 }
2581
2582 return (http->status);
2583 }
e07d4801 2584 else if (!strncmp(line, "HTTP/", 5))
ef416fc2 2585 {
2586 /*
2587 * Got the beginning of a response...
2588 */
2589
2590 if (sscanf(line, "HTTP/%d.%d%d", &major, &minor, &status) != 3)
2591 return (HTTP_ERROR);
2592
2593 http->version = (http_version_t)(major * 100 + minor);
2594 http->status = (http_status_t)status;
2595 }
2596 else if ((value = strchr(line, ':')) != NULL)
2597 {
2598 /*
2599 * Got a value...
2600 */
2601
2602 *value++ = '\0';
7cf5915e 2603 while (_cups_isspace(*value))
ef416fc2 2604 value ++;
2605
2606 /*
2607 * Be tolerants of servers that send unknown attribute fields...
2608 */
2609
2610 if (!strcasecmp(line, "expect"))
2611 {
2612 /*
2613 * "Expect: 100-continue" or similar...
2614 */
2615
2616 http->expect = (http_status_t)atoi(value);
2617 }
2618 else if (!strcasecmp(line, "cookie"))
2619 {
2620 /*
2621 * "Cookie: name=value[; name=value ...]" - replaces previous cookies...
2622 */
2623
2624 httpSetCookie(http, value);
2625 }
2626 else if ((field = http_field(line)) == HTTP_FIELD_UNKNOWN)
2627 {
e07d4801 2628 DEBUG_printf(("1httpUpdate: unknown field %s seen!", line));
ef416fc2 2629 continue;
2630 }
2631 else
2632 httpSetField(http, field, value);
2633 }
2634 else
2635 {
e07d4801 2636 DEBUG_printf(("1httpUpdate: Bad response line \"%s\"!", line));
ef416fc2 2637 http->status = HTTP_ERROR;
2638 return (HTTP_ERROR);
2639 }
2640 }
2641
2642 /*
2643 * See if there was an error...
2644 */
2645
2646 if (http->error == EPIPE && http->status > HTTP_CONTINUE)
e07d4801
MS		 2647 {
2648 DEBUG_printf(("1httpUpdate: Returning status %d...", http->status));
ef416fc2 2649 return (http->status);
e07d4801 2650 }
ef416fc2 2651
2652 if (http->error)
2653 {
e07d4801 2654 DEBUG_printf(("1httpUpdate: socket error %d - %s", http->error,
ef416fc2 2655 strerror(http->error)));
2656 http->status = HTTP_ERROR;
2657 return (HTTP_ERROR);
2658 }
2659
2660 /*
2661 * If we haven't already returned, then there is nothing new...
2662 */
2663
2664 return (HTTP_CONTINUE);
2665}
2666
2667
38e73f87
MS		 2668/*
2669 * '_httpWait()' - Wait for data available on a connection (no flush).
2670 */
2671
2672int /* O - 1 if data is available, 0 otherwise */
2673_httpWait(http_t *http, /* I - Connection to server */
2674 int msec, /* I - Milliseconds to wait */
2675 int usessl) /* I - Use SSL context? */
2676{
2677#ifdef HAVE_POLL
2678 struct pollfd pfd; /* Polled file descriptor */
2679#else
2680 fd_set input_set; /* select() input set */
2681 struct timeval timeout; /* Timeout */
2682#endif /* HAVE_POLL */
2683 int nfds; /* Result from select()/poll() */
2684
2685
e07d4801 2686 DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
38e73f87
MS		 2687
2688 if (http->fd < 0)
f8b3a85b
MS		 2689 {
2690 DEBUG_printf(("5_httpWait: Returning 0 since fd=%d", http->fd));
38e73f87 2691 return (0);
f8b3a85b 2692 }
38e73f87
MS		 2693
2694 /*
2695 * Check the SSL/TLS buffers for data first...
2696 */
2697
2698#ifdef HAVE_SSL
2699 if (http->tls && usessl)
2700 {
2701# ifdef HAVE_LIBSSL
7cf5915e 2702 if (SSL_pending(http->tls))
f8b3a85b
MS		 2703 {
2704 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
38e73f87 2705 return (1);
f8b3a85b
MS		 2706 }
2707
38e73f87 2708# elif defined(HAVE_GNUTLS)
7cf5915e 2709 if (gnutls_record_check_pending(http->tls))
f8b3a85b
MS		 2710 {
2711 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
38e73f87 2712 return (1);
f8b3a85b
MS		 2713 }
2714
38e73f87
MS		 2715# elif defined(HAVE_CDSASSL)
2716 size_t bytes; /* Bytes that are available */
2717
7cf5915e 2718 if (!SSLGetBufferedReadSize(http->tls, &bytes) &&
38e73f87 2719 bytes > 0)
f8b3a85b
MS		 2720 {
2721 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
38e73f87 2722 return (1);
f8b3a85b 2723 }
38e73f87
MS		 2724# endif /* HAVE_LIBSSL */
2725 }
2726#endif /* HAVE_SSL */
2727
2728 /*
2729 * Then try doing a select() or poll() to poll the socket...
2730 */
2731
2732#ifdef HAVE_POLL
2733 pfd.fd = http->fd;
2734 pfd.events = POLLIN;
2735
e07d4801
MS		 2736 while ((nfds = poll(&pfd, 1, msec)) < 0 &&
2737 (errno == EINTR || errno == EAGAIN));
38e73f87
MS		 2738
2739#else
2740 do
2741 {
2742 FD_ZERO(&input_set);
2743 FD_SET(http->fd, &input_set);
2744
e07d4801 2745 DEBUG_printf(("6_httpWait: msec=%d, http->fd=%d", msec, http->fd));
38e73f87
MS		 2746
2747 if (msec >= 0)
2748 {
2749 timeout.tv_sec = msec / 1000;
2750 timeout.tv_usec = (msec % 1000) * 1000;
2751
2752 nfds = select(http->fd + 1, &input_set, NULL, NULL, &timeout);
2753 }
2754 else
2755 nfds = select(http->fd + 1, &input_set, NULL, NULL, NULL);
2756
e07d4801 2757 DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
38e73f87
MS		 2758 }
2759# ifdef WIN32
cc754834
MS		 2760 while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
2761 WSAGetLastError() == WSAEWOULDBLOCK));
38e73f87 2762# else
e07d4801 2763 while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
38e73f87
MS		 2764# endif /* WIN32 */
2765#endif /* HAVE_POLL */
2766
f8b3a85b
MS		 2767 DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
2768 errno));
38e73f87
MS		 2769
2770 return (nfds > 0);
2771}
2772
2773
ef416fc2 2774/*
2775 * 'httpWait()' - Wait for data available on a connection.
2776 *
426c6a59 2777 * @since CUPS 1.1.19/Mac OS X 10.3@
ef416fc2 2778 */
2779
2780int /* O - 1 if data is available, 0 otherwise */
568fa3fa 2781httpWait(http_t *http, /* I - Connection to server */
ef416fc2 2782 int msec) /* I - Milliseconds to wait */
2783{
2784 /*
2785 * First see if there is data in the buffer...
2786 */
2787
2788 if (http == NULL)
2789 return (0);
2790
2791 if (http->used)
2792 return (1);
2793
8ca02f3c 2794 /*
2795 * Flush pending data, if any...
2796 */
2797
2798 if (http->wused)
2799 {
2800 if (httpFlushWrite(http) < 0)
2801 return (0);
2802 }
2803
ef416fc2 2804 /*
2805 * If not, check the SSL/TLS buffers and do a select() on the connection...
2806 */
2807
38e73f87 2808 return (_httpWait(http, msec, 1));
ef416fc2 2809}
2810
2811
2812/*
2813 * 'httpWrite()' - Write data to a HTTP connection.
a4d04587 2814 *
2815 * This function is deprecated. Use the httpWrite2() function which can
2816 * write more than 2GB of data.
2817 *
2818 * @deprecated@
ef416fc2 2819 */
ef55b745 2820
ef416fc2 2821int /* O - Number of bytes written */
568fa3fa 2822httpWrite(http_t *http, /* I - Connection to server */
ef416fc2 2823 const char *buffer, /* I - Buffer for data */
2824 int length) /* I - Number of bytes to write */
2825{
a4d04587 2826 return ((int)httpWrite2(http, buffer, length));
2827}
2828
2829
2830/*
2831 * 'httpWrite2()' - Write data to a HTTP connection.
ecdc0628 2832 *
426c6a59 2833 * @since CUPS 1.2/Mac OS X 10.5@
a4d04587 2834 */
ef55b745 2835
a4d04587 2836ssize_t /* O - Number of bytes written */
568fa3fa 2837httpWrite2(http_t *http, /* I - Connection to server */
a4d04587 2838 const char *buffer, /* I - Buffer for data */
2839 size_t length) /* I - Number of bytes to write */
2840{
2841 ssize_t bytes; /* Bytes written */
ef416fc2 2842
2843
e07d4801 2844 DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
a603edef 2845 buffer, CUPS_LLCAST length));
ef416fc2 2846
2847 /*
2848 * Range check input...
2849 */
2850
2851 if (http == NULL || buffer == NULL)
2852 return (-1);
2853
2854 /*
2855 * Mark activity on the connection...
2856 */
2857
2858 http->activity = time(NULL);
2859
2860 /*
2861 * Buffer small writes for better performance...
2862 */
2863
2864 if (length > 0)
2865 {
2866 if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
2867 {
e07d4801
MS		 2868 DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
2869 CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
ef416fc2 2870
2871 httpFlushWrite(http);
2872 }
2873
38e73f87
MS		 2874 if ((length + http->wused) <= sizeof(http->wbuffer) &&
2875 length < sizeof(http->wbuffer))
ef416fc2 2876 {
2877 /*
2878 * Write to buffer...
2879 */
2880
e07d4801 2881 DEBUG_printf(("2httpWrite2: Copying " CUPS_LLFMT " bytes to wbuffer...",
a603edef 2882 CUPS_LLCAST length));
ef416fc2 2883
2884 memcpy(http->wbuffer + http->wused, buffer, length);
b86bc4cf 2885 http->wused += (int)length;
2886 bytes = (ssize_t)length;
ef416fc2 2887 }
2888 else
2889 {
2890 /*
2891 * Otherwise write the data directly...
2892 */
2893
e07d4801 2894 DEBUG_printf(("2httpWrite2: Writing " CUPS_LLFMT " bytes to socket...",
a603edef 2895 CUPS_LLCAST length));
ef416fc2 2896
2897 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
b86bc4cf 2898 bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
ef416fc2 2899 else
b86bc4cf 2900 bytes = (ssize_t)http_write(http, buffer, (int)length);
ef416fc2 2901
e07d4801 2902 DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
ae71f5de 2903 CUPS_LLCAST bytes));
ef416fc2 2904 }
2905
2906 if (http->data_encoding == HTTP_ENCODE_LENGTH)
2907 http->data_remaining -= bytes;
2908 }
2909 else
2910 bytes = 0;
2911
2912 /*
2913 * Handle end-of-request processing...
2914 */
2915
2916 if ((http->data_encoding == HTTP_ENCODE_CHUNKED && length == 0) ||
2917 (http->data_encoding == HTTP_ENCODE_LENGTH && http->data_remaining == 0))
2918 {
2919 /*
2920 * Finished with the transfer; unless we are sending POST or PUT
2921 * data, go idle...
2922 */
2923
e07d4801 2924 DEBUG_puts("2httpWrite: changing states...");
ef416fc2 2925
2926 if (http->wused)
2927 httpFlushWrite(http);
2928
2929 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2930 {
2931 /*
2932 * Send a 0-length chunk at the end of the request...
2933 */
2934
2935 http_write(http, "0\r\n\r\n", 5);
2936
2937 /*
2938 * Reset the data state...
2939 */
2940
2941 http->data_encoding = HTTP_ENCODE_LENGTH;
2942 http->data_remaining = 0;
2943 }
2944
2945 if (http->state == HTTP_POST_RECV)
2946 http->state ++;
2947 else if (http->state == HTTP_PUT_RECV)
2948 http->state = HTTP_STATUS;
2949 else
2950 http->state = HTTP_WAITING;
2951 }
2952
2953 return (bytes);
2954}
2955
2956
2957#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
2958/*
411affcf 2959 * '_httpWriteCDSA()' - Write function for the CDSA library.
ef416fc2 2960 */
2961
2962OSStatus /* O - -1 on error, 0 on success */
2963_httpWriteCDSA(
2964 SSLConnectionRef connection, /* I - SSL/TLS connection */
2965 const void *data, /* I - Data buffer */
2966 size_t *dataLength) /* IO - Number of bytes */
2967{
411affcf 2968 OSStatus result; /* Return value */
2969 ssize_t bytes; /* Number of bytes read */
2970 http_t *http; /* HTTP connection */
e53920b9 2971
2972
411affcf 2973 http = (http_t *)connection;
ef416fc2 2974
b423cd4c 2975 do
411affcf 2976 {
2977 bytes = write(http->fd, data, *dataLength);
2978 }
e07d4801 2979 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
fa73b229 2980
b423cd4c 2981 if (bytes == *dataLength)
411affcf 2982 {
b423cd4c 2983 result = 0;
411affcf 2984 }
b423cd4c 2985 else if (bytes >= 0)
2986 {
2987 *dataLength = bytes;
2988 result = errSSLWouldBlock;
2989 }
2990 else
2991 {
2992 *dataLength = 0;
ef55b745 2993
fa73b229 2994 if (errno == EAGAIN)
b423cd4c 2995 result = errSSLWouldBlock;
b423cd4c 2996 else
ed486911 2997 result = errSSLClosedAbort;
ef416fc2 2998 }
b423cd4c 2999
411affcf 3000 return (result);
ef416fc2 3001}
3002#endif /* HAVE_SSL && HAVE_CDSASSL */
3003
3004
411affcf 3005#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
3006/*
3007 * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
3008 */
3009
3010ssize_t /* O - Number of bytes written or -1 on error */
3011_httpWriteGNUTLS(
568fa3fa 3012 gnutls_transport_ptr ptr, /* I - Connection to server */
411affcf 3013 const void *data, /* I - Data buffer */
3014 size_t length) /* I - Number of bytes to write */
3015{
3016 return (send(((http_t *)ptr)->fd, data, length, 0));
3017}
3018#endif /* HAVE_SSL && HAVE_GNUTLS */
3019
3020
3021#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
3022/*
3023 * 'http_bio_ctrl()' - Control the HTTP connection.
3024 */
3025
3026static long /* O - Result/data */
3027http_bio_ctrl(BIO *h, /* I - BIO data */
3028 int cmd, /* I - Control command */
3029 long arg1, /* I - First argument */
3030 void *arg2) /* I - Second argument */
3031{
3032 switch (cmd)
3033 {
3034 default :
3035 return (0);
3036
3037 case BIO_CTRL_RESET :
3038 h->ptr = NULL;
3039 return (0);
3040
3041 case BIO_C_SET_FILE_PTR :
3042 h->ptr = arg2;
3043 h->init = 1;
3044 return (1);
3045
3046 case BIO_C_GET_FILE_PTR :
3047 if (arg2)
3048 {
3049 *((void **)arg2) = h->ptr;
3050 return (1);
3051 }
3052 else
3053 return (0);
ef55b745 3054
411affcf 3055 case BIO_CTRL_DUP :
3056 case BIO_CTRL_FLUSH :
3057 return (1);
3058 }
3059}
3060
3061
3062/*
3063 * 'http_bio_free()' - Free OpenSSL data.
3064 */
3065
3066static int /* O - 1 on success, 0 on failure */
3067http_bio_free(BIO *h) /* I - BIO data */
3068{
3069 if (!h)
3070 return (0);
3071
3072 if (h->shutdown)
3073 {
3074 h->init = 0;
3075 h->flags = 0;
3076 }
3077
3078 return (1);
3079}
3080
3081
3082/*
3083 * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
3084 */
3085
3086static int /* O - 1 on success, 0 on failure */
3087http_bio_new(BIO *h) /* I - BIO data */
3088{
3089 if (!h)
3090 return (0);
3091
3092 h->init = 0;
3093 h->num = 0;
3094 h->ptr = NULL;
3095 h->flags = 0;
3096
3097 return (1);
3098}
3099
3100
3101/*
3102 * 'http_bio_puts()' - Send a string for OpenSSL.
3103 */
3104
3105static int /* O - Bytes written */
3106http_bio_puts(BIO *h, /* I - BIO data */
3107 const char *str) /* I - String to write */
3108{
b86bc4cf 3109#ifdef WIN32
3110 return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
3111#else
411affcf 3112 return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
b86bc4cf 3113#endif /* WIN32 */
411affcf 3114}
3115
3116
3117/*
3118 * 'http_bio_read()' - Read data for OpenSSL.
3119 */
3120
3121static int /* O - Bytes read */
3122http_bio_read(BIO *h, /* I - BIO data */
3123 char *buf, /* I - Buffer */
3124 int size) /* I - Number of bytes to read */
3125{
3126 http_t *http; /* HTTP connection */
3127
3128
3129 http = (http_t *)h->ptr;
3130
3131 if (!http->blocking)
3132 {
3133 /*
3134 * Make sure we have data before we read...
3135 */
3136
38e73f87 3137 if (!_httpWait(http, 10000, 0))
411affcf 3138 {
b86bc4cf 3139#ifdef WIN32
3140 http->error = WSAETIMEDOUT;
3141#else
411affcf 3142 http->error = ETIMEDOUT;
b86bc4cf 3143#endif /* WIN32 */
3144
411affcf 3145 return (-1);
3146 }
3147 }
3148
3149 return (recv(http->fd, buf, size, 0));
3150}
3151
3152
3153/*
3154 * 'http_bio_write()' - Write data for OpenSSL.
3155 */
3156
3157static int /* O - Bytes written */
3158http_bio_write(BIO *h, /* I - BIO data */
3159 const char *buf, /* I - Buffer to write */
3160 int num) /* I - Number of bytes to write */
3161{
3162 return (send(((http_t *)h->ptr)->fd, buf, num, 0));
3163}
3164#endif /* HAVE_SSL && HAVE_LIBSSL */
3165
3166
ae71f5de
MS		 3167#ifdef DEBUG
3168/*
3169 * 'http_debug_hex()' - Do a hex dump of a buffer.
3170 */
3171
3172static void
3173http_debug_hex(const char *prefix, /* I - Prefix for line */
3174 const char *buffer, /* I - Buffer to dump */
3175 int bytes) /* I - Bytes to dump */
3176{
3177 int i, j, /* Looping vars */
3178 ch; /* Current character */
3179 char line[255], /* Line buffer */
3180 *start, /* Start of line after prefix */
3181 *ptr; /* Pointer into line */
3182
3183
f11a948a 3184 if (_cups_debug_fd < 0 || _cups_debug_level < 6)
dd1abb6b
MS		 3185 return;
3186
e07d4801 3187 DEBUG_printf(("6%s: %d bytes:\n", prefix, bytes));
ae71f5de 3188
f11a948a 3189 snprintf(line, sizeof(line), "6%s: ", prefix);
ae71f5de
MS		 3190 start = line + strlen(line);
3191
3192 for (i = 0; i < bytes; i += 16)
3193 {
3194 for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
3195 sprintf(ptr, "%02X", buffer[i + j] & 255);
3196
3197 while (j < 16)
3198 {
3199 strcpy(ptr, " ");
3200 ptr += 2;
3201 j ++;
3202 }
3203
3204 strcpy(ptr, " ");
3205 ptr += 2;
3206
3207 for (j = 0; j < 16 && (i + j) < bytes; j ++)
3208 {
3209 ch = buffer[i + j] & 255;
3210
3211 if (ch < ' ' || ch >= 127)
3212 ch = '.';
3213
3214 *ptr++ = ch;
3215 }
3216
3217 *ptr = '\0';
3218 DEBUG_puts(line);
3219 }
3220}
3221#endif /* DEBUG */
3222
3223
ef416fc2 3224/*
3225 * 'http_field()' - Return the field index for a field name.
3226 */
3227
ae71f5de
MS		 3228static http_field_t /* O - Field index */
3229http_field(const char *name) /* I - String name */
ef416fc2 3230{
ae71f5de 3231 int i; /* Looping var */
ef416fc2 3232
3233
3234 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3235 if (strcasecmp(name, http_fields[i]) == 0)
3236 return ((http_field_t)i);
3237
3238 return (HTTP_FIELD_UNKNOWN);
3239}
3240
3241
3242#ifdef HAVE_SSL
3243/*
3244 * 'http_read_ssl()' - Read from a SSL/TLS connection.
3245 */
3246
3247static int /* O - Bytes read */
568fa3fa 3248http_read_ssl(http_t *http, /* I - Connection to server */
ef416fc2 3249 char *buf, /* I - Buffer to store data */
3250 int len) /* I - Length of buffer */
3251{
3252# if defined(HAVE_LIBSSL)
3253 return (SSL_read((SSL *)(http->tls), buf, len));
3254
3255# elif defined(HAVE_GNUTLS)
ef55b745
MS		 3256 ssize_t result; /* Return value */
3257
3258
7cf5915e 3259 result = gnutls_record_recv(http->tls, buf, len);
ef55b745
MS		 3260
3261 if (result < 0 && !errno)
3262 {
3263 /*
3264 * Convert GNU TLS error to errno value...
3265 */
3266
3267 switch (result)
3268 {
3269 case GNUTLS_E_INTERRUPTED :
3270 errno = EINTR;
3271 break;
3272
3273 case GNUTLS_E_AGAIN :
3274 errno = EAGAIN;
3275 break;
3276
3277 default :
3278 errno = EPIPE;
3279 break;
3280 }
3281
3282 result = -1;
3283 }
3284
3285 return ((int)result);
ef416fc2 3286
3287# elif defined(HAVE_CDSASSL)
fa73b229 3288 int result; /* Return value */
ef416fc2 3289 OSStatus error; /* Error info */
3290 size_t processed; /* Number of bytes processed */
3291
3292
7cf5915e 3293 error = SSLRead(http->tls, buf, len, &processed);
ef416fc2 3294
fa73b229 3295 switch (error)
ef416fc2 3296 {
fa73b229 3297 case 0 :
3298 result = (int)processed;
3299 break;
3300 case errSSLClosedGraceful :
3301 result = 0;
3302 break;
3303 case errSSLWouldBlock :
b423cd4c 3304 if (processed)
3305 result = (int)processed;
3306 else
3307 {
3308 result = -1;
3309 errno = EINTR;
3310 }
fa73b229 3311 break;
3312 default :
3313 errno = EPIPE;
3314 result = -1;
3315 break;
ef416fc2 3316 }
fa73b229 3317
3318 return (result);
cc754834
MS		 3319# elif defined(HAVE_SSPISSL)
3320 return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
ef416fc2 3321# endif /* HAVE_LIBSSL */
3322}
3323#endif /* HAVE_SSL */
3324
3325
6d2f911b
MS		 3326#ifdef HAVE_LIBSSL
3327/*
3328 * 'http_locking_cb()' - Lock/unlock a thread's mutex.
3329 */
3330
3331static void
3332http_locking_cb(int mode, /* I - Lock mode */
3333 int type, /* I - Lock type */
3334 const char *file, /* I - Source file */
3335 int line) /* I - Line number */
3336{
3337 if (mode & CRYPTO_LOCK)
3338 _cupsMutexLock(http_locks + type);
3339 else
3340 _cupsMutexUnlock(http_locks + type);
3341}
3342#endif /* HAVE_LIBSSL */
3343
3344
ef416fc2 3345/*
3346 * 'http_send()' - Send a request with all fields and the trailing blank line.
3347 */
3348
3349static int /* O - 0 on success, non-zero on error */
568fa3fa 3350http_send(http_t *http, /* I - Connection to server */
ef416fc2 3351 http_state_t request, /* I - Request code */
3352 const char *uri) /* I - URI */
3353{
3354 int i; /* Looping var */
839a51c8 3355 char buf[1024]; /* Encoded URI buffer */
ef416fc2 3356 static const char * const codes[] =
3357 { /* Request code strings */
3358 NULL,
3359 "OPTIONS",
3360 "GET",
3361 NULL,
3362 "HEAD",
3363 "POST",
3364 NULL,
3365 NULL,
3366 "PUT",
3367 NULL,
3368 "DELETE",
3369 "TRACE",
3370 "CLOSE"
3371 };
ef416fc2 3372
3373
e07d4801 3374 DEBUG_printf(("7http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
ef416fc2 3375 http, codes[request], uri));
3376
3377 if (http == NULL || uri == NULL)
3378 return (-1);
3379
3380 /*
3381 * Set the User-Agent field if it isn't already...
3382 */
3383
3384 if (!http->fields[HTTP_FIELD_USER_AGENT][0])
3385 httpSetField(http, HTTP_FIELD_USER_AGENT, CUPS_MINIMAL);
3386
3387 /*
3388 * Encode the URI as needed...
3389 */
3390
839a51c8 3391 _httpEncodeURI(buf, uri, sizeof(buf));
ef416fc2 3392
3393 /*
3394 * See if we had an error the last time around; if so, reconnect...
3395 */
3396
3397 if (http->status == HTTP_ERROR || http->status >= HTTP_BAD_REQUEST)
fa73b229 3398 if (httpReconnect(http))
3399 return (-1);
ef416fc2 3400
d09495fa 3401 /*
3402 * Flush any written data that is pending...
3403 */
3404
3405 if (http->wused)
536bc2c6
MS		 3406 {
3407 if (httpFlushWrite(http) < 0)
3408 if (httpReconnect(http))
3409 return (-1);
3410 }
d09495fa 3411
ef416fc2 3412 /*
3413 * Send the request header...
3414 */
3415
d09495fa 3416 http->state = request;
3417 http->data_encoding = HTTP_ENCODE_FIELDS;
3418
ef416fc2 3419 if (request == HTTP_POST || request == HTTP_PUT)
3420 http->state ++;
3421
3422 http->status = HTTP_CONTINUE;
3423
3424#ifdef HAVE_SSL
3425 if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
3426 {
3427 httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
3428 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0,SSL/2.0,SSL/3.0");
3429 }
3430#endif /* HAVE_SSL */
3431
3432 if (httpPrintf(http, "%s %s HTTP/1.1\r\n", codes[request], buf) < 1)
3433 {
3434 http->status = HTTP_ERROR;
3435 return (-1);
3436 }
3437
3438 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3439 if (http->fields[i][0] != '\0')
3440 {
e07d4801 3441 DEBUG_printf(("9http_send: %s: %s", http_fields[i],
ae71f5de 3442 httpGetField(http, i)));
ef416fc2 3443
ef55b745 3444 if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
f7deaa1a 3445 httpGetField(http, i)) < 1)
ef416fc2 3446 {
3447 http->status = HTTP_ERROR;
3448 return (-1);
3449 }
3450 }
3451
3452 if (http->cookie)
3453 if (httpPrintf(http, "Cookie: $Version=0; %s\r\n", http->cookie) < 1)
3454 {
3455 http->status = HTTP_ERROR;
3456 return (-1);
3457 }
3458
b423cd4c 3459 if (http->expect == HTTP_CONTINUE &&
3460 (http->state == HTTP_POST_RECV || http->state == HTTP_PUT_RECV))
3461 if (httpPrintf(http, "Expect: 100-continue\r\n") < 1)
3462 {
3463 http->status = HTTP_ERROR;
3464 return (-1);
3465 }
3466
ef416fc2 3467 if (httpPrintf(http, "\r\n") < 1)
3468 {
3469 http->status = HTTP_ERROR;
3470 return (-1);
3471 }
3472
536bc2c6
MS		 3473 if (httpFlushWrite(http) < 0)
3474 return (-1);
3475
ef416fc2 3476 httpGetLength2(http);
3477 httpClearFields(http);
3478
f7deaa1a 3479 /*
b94498cf 3480 * The Kerberos and AuthRef authentication strings can only be used once...
f7deaa1a 3481 */
3482
ef55b745
MS		 3483 if (http->field_authorization && http->authstring &&
3484 (!strncmp(http->authstring, "Negotiate", 9) ||
b94498cf 3485 !strncmp(http->authstring, "AuthRef", 7)))
f7deaa1a 3486 {
3487 http->_authstring[0] = '\0';
3488
3489 if (http->authstring != http->_authstring)
3490 free(http->authstring);
ef55b745 3491
f7deaa1a 3492 http->authstring = http->_authstring;
3493 }
3494
ef416fc2 3495 return (0);
3496}
3497
3498
3499#ifdef HAVE_SSL
7cf5915e
MS		 3500/*
3501 * 'http_set_credentials()' - Set the SSL/TLS credentials.
3502 */
3503
3504static int /* O - Status of connection */
3505http_set_credentials(http_t *http) /* I - Connection to server */
3506{
3507 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
3508# ifdef HAVE_CDSASSL
3509 OSStatus error = 0; /* Error code */
3510 http_tls_credentials_t credentials = NULL;
3511 /* TLS credentials */
3512# endif /* HAVE_CDSASSL */
3513
3514
3515 DEBUG_printf(("7http_set_credentials(%p)", http));
3516
3517# ifdef HAVE_LIBSSL
3518 return (-1);
3519
3520# elif defined(HAVE_GNUTLS)
3521 return (-1);
3522
3523# elif defined(HAVE_CDSASSL)
3524 /*
3525 * Prefer connection specific credentials...
3526 */
3527
3528 if ((credentials = http->tls_credentials) == NULL)
3529 credentials = cg->tls_credentials;
3530
3531# if HAVE_SECPOLICYCREATESSL
3532 /*
3533 * Otherwise root around in the user's keychain to see if one can be found...
3534 */
3535
3536 if (!credentials)
3537 {
3538 CFDictionaryRef query; /* Query dictionary */
3539 CFTypeRef matches = NULL; /* Matching credentials */
3540 CFArrayRef dn_array = NULL;/* Distinguished names array */
3541 CFTypeRef keys[] = { kSecClass,
3542 kSecMatchLimit,
3543 kSecReturnRef };
3544 /* Keys for dictionary */
3545 CFTypeRef values[] = { kSecClassCertificate,
3546 kSecMatchLimitOne,
3547 kCFBooleanTrue };
3548 /* Values for dictionary */
3549
3550 /*
3551 * Get the names associated with the server.
3552 */
3553
3554 if ((error = SSLCopyDistinguishedNames(http->tls, &dn_array)) != noErr)
3555 {
3556 DEBUG_printf(("4http_set_credentials: SSLCopyDistinguishedNames, error=%d",
3557 (int)error));
3558 return (error);
3559 }
3560
3561 /*
3562 * Create a query which will return all identities that can sign and match
3563 * the passed in policy.
3564 */
3565
3566 query = CFDictionaryCreate(NULL,
3567 (const void**)(&keys[0]),
3568 (const void**)(&values[0]),
3569 sizeof(keys) / sizeof(keys[0]),
3570 &kCFTypeDictionaryKeyCallBacks,
3571 &kCFTypeDictionaryValueCallBacks);
3572 if (query)
3573 {
3574 error = SecItemCopyMatching(query, &matches);
3575 DEBUG_printf(("4http_set_credentials: SecItemCopyMatching, error=%d",
3576 (int)error));
3577 CFRelease(query);
3578 }
3579
3580 if (matches)
3581 CFRelease(matches);
3582
3583 if (dn_array)
3584 CFRelease(dn_array);
3585 }
3586# endif /* HAVE_SECPOLICYCREATESSL */
3587
3588 if (credentials)
3589 {
3590 error = SSLSetCertificate(http->tls, credentials);
3591 DEBUG_printf(("4http_set_credentials: SSLSetCertificate, error=%d",
3592 (int)error));
3593 }
3594 else
3595 DEBUG_puts("4http_set_credentials: No credentials to set.");
3596
3597 return (error);
3598
3599# elif defined(HAVE_SSPISSL)
3600 return (-1);
3601# endif /* HAVE_LIBSSL */
3602}
3603
3604
ef416fc2 3605/*
3606 * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
3607 */
3608
3609static int /* O - Status of connection */
568fa3fa 3610http_setup_ssl(http_t *http) /* I - Connection to server */
ef416fc2 3611{
7cf5915e
MS		 3612 _cups_globals_t *cg = _cupsGlobals();
3613 /* Pointer to library globals */
3614 int any_root; /* Allow any root */
3615
ef416fc2 3616# ifdef HAVE_LIBSSL
89d46774 3617 SSL_CTX *context; /* Context for encryption */
411affcf 3618 BIO *bio; /* BIO data */
ef416fc2 3619# elif defined(HAVE_GNUTLS)
ef416fc2 3620 gnutls_certificate_client_credentials *credentials;
89d46774 3621 /* TLS credentials */
ef416fc2 3622# elif defined(HAVE_CDSASSL)
89d46774 3623 OSStatus error; /* Error code */
7cf5915e
MS		 3624 const char *message = NULL; /* Error message */
3625 cups_array_t *credentials; /* Credentials array */
3626 char *hostname; /* Hostname */
3627 cups_array_t *names; /* CUPS distinguished names */
3628 CFArrayRef dn_array; /* CF distinguished names array */
3629 CFIndex count; /* Number of credentials */
3630 CFDataRef data; /* Certificate data */
3631 int i; /* Looping var */
3632 http_credential_t
3633 *credential; /* Credential data */
cc754834
MS		 3634# elif defined(HAVE_SSPISSL)
3635 TCHAR username[256]; /* Username returned from GetUserName() */
3636 TCHAR commonName[256]; /* Common name for certificate */
3637 DWORD dwSize; /* 32 bit size */
ef416fc2 3638# endif /* HAVE_LIBSSL */
3639
3640
e07d4801 3641 DEBUG_printf(("7http_setup_ssl(http=%p)", http));
ef416fc2 3642
7cf5915e
MS		 3643 /*
3644 * Always allow self-signed certificates for the local loopback address...
3645 */
3646
3647 if (httpAddrLocalhost(http->hostaddr))
3648 any_root = 1;
3649 else
3650 any_root = cg->any_root;
3651
ef416fc2 3652# ifdef HAVE_LIBSSL
3653 context = SSL_CTX_new(SSLv23_client_method());
3654
3655 SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
3656
411affcf 3657 bio = BIO_new(_httpBIOMethods());
3658 BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
3659
7cf5915e
MS		 3660 http->tls = SSL_new(context);
3661 SSL_set_bio(http->tls_credentials, bio, bio);
ef416fc2 3662
7cf5915e 3663 if (SSL_connect(http->tls) != 1)
ef416fc2 3664 {
3665# ifdef DEBUG
3666 unsigned long error; /* Error code */
3667
3668 while ((error = ERR_get_error()) != 0)
e07d4801 3669 DEBUG_printf(("8http_setup_ssl: %s", ERR_error_string(error, NULL)));
ef416fc2 3670# endif /* DEBUG */
3671
3672 SSL_CTX_free(context);
7cf5915e
MS		 3673 SSL_free(http->tls);
3674 http->tls = NULL;
ef416fc2 3675
3676# ifdef WIN32
3677 http->error = WSAGetLastError();
3678# else
3679 http->error = errno;
3680# endif /* WIN32 */
3681 http->status = HTTP_ERROR;
3682
3683 return (HTTP_ERROR);
3684 }
3685
3686# elif defined(HAVE_GNUTLS)
ef416fc2 3687 credentials = (gnutls_certificate_client_credentials *)
3688 malloc(sizeof(gnutls_certificate_client_credentials));
3689 if (credentials == NULL)
3690 {
ef416fc2 3691 http->error = errno;
3692 http->status = HTTP_ERROR;
3693
3694 return (-1);
3695 }
3696
3697 gnutls_certificate_allocate_credentials(credentials);
3698
7cf5915e
MS		 3699 gnutls_init(&http->tls, GNUTLS_CLIENT);
3700 gnutls_set_default_priority(http->tls);
3701 gnutls_credentials_set(http->tls, GNUTLS_CRD_CERTIFICATE, *credentials);
3702 gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr)http);
3703 gnutls_transport_set_pull_function(http->tls, _httpReadGNUTLS);
3704 gnutls_transport_set_push_function(http->tls, _httpWriteGNUTLS);
ef416fc2 3705
7cf5915e 3706 if ((gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
ef416fc2 3707 {
3708 http->error = errno;
3709 http->status = HTTP_ERROR;
3710
7cf5915e 3711 gnutls_deinit(http->tls);
85b5d1df
MS		 3712 gnutls_certificate_free_credentials(*credentials);
3713 free(credentials);
7cf5915e 3714 http->tls = NULL;
85b5d1df 3715
ef416fc2 3716 return (-1);
3717 }
3718
7cf5915e 3719 http->tls_credentials = credentials;
ef416fc2 3720
3721# elif defined(HAVE_CDSASSL)
7cf5915e 3722 if ((error = SSLNewContext(false, &http->tls)))
e53920b9 3723 {
89d46774 3724 http->error = error;
3725 http->status = HTTP_ERROR;
e53920b9 3726
89d46774 3727 return (-1);
e53920b9 3728 }
ef416fc2 3729
7cf5915e
MS		 3730 error = SSLSetConnection(http->tls, http);
3731 DEBUG_printf(("4http_setup_ssl: SSLSetConnection, error=%d", (int)error));
3732
3733 if (!error)
3734 {
3735 error = SSLSetIOFuncs(http->tls, _httpReadCDSA, _httpWriteCDSA);
3736 DEBUG_printf(("4http_setup_ssl: SSLSetIOFuncs, error=%d", (int)error));
3737 }
3738
3739 if (!error)
3740 {
3741 error = SSLSetProtocolVersionEnabled(http->tls, kSSLProtocol2, false);
3742 DEBUG_printf(("4http_setup_ssl: SSLSetProtocolVersionEnabled, error=%d",
3743 (int)error));
3744 }
89d46774 3745
7cf5915e
MS		 3746 if (!error)
3747 {
3748 error = SSLSetAllowsAnyRoot(http->tls, any_root);
3749 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsAnyRoot(%d), error=%d",
3750 any_root, (int)error));
3751 }
89d46774 3752
3753 if (!error)
7cf5915e
MS		 3754 {
3755 error = SSLSetAllowsExpiredCerts(http->tls, cg->expired_certs);
3756 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredCerts(%d), error=%d",
3757 cg->expired_certs, (int)error));
3758 }
89d46774 3759
ef416fc2 3760 if (!error)
7cf5915e
MS		 3761 {
3762 error = SSLSetAllowsExpiredRoots(http->tls, cg->expired_root);
3763 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredRoots(%d), error=%d",
3764 cg->expired_root, (int)error));
3765 }
ef416fc2 3766
3767 if (!error)
7cf5915e
MS		 3768 {
3769 if (cg->client_cert_cb)
3770 {
3771 error = SSLSetSessionOption(http->tls,
3772 kSSLSessionOptionBreakOnCertRequested, true);
3773 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnCertRequested, "
3774 "error=%d", (int)error));
3775 }
3776 else
3777 {
3778 error = http_set_credentials(http);
3779 DEBUG_printf(("4http_setup_ssl: http_set_credentials, error=%d",
3780 (int)error));
3781 }
3782 }
3783
3784 /*
3785 * If there's a server certificate callback installed let it evaluate the
3786 * certificate(s) during the handshake...
3787 */
3788
3789 if (!error && cg->server_cert_cb != NULL)
3790 {
3791 error = SSLSetEnableCertVerify(http->tls, false);
3792 DEBUG_printf(("4http_setup_ssl: SSLSetEnableCertVerify, error=%d",
3793 (int)error));
3794
3795 if (!error)
3796 {
3797 error = SSLSetSessionOption(http->tls,
3798 kSSLSessionOptionBreakOnServerAuth, true);
3799 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnServerAuth, "
3800 "error=%d", (int)error));
3801 }
3802 }
ef416fc2 3803
ed486911 3804 if (!error)
7cf5915e
MS		 3805 {
3806 hostname = httpAddrLocalhost(http->hostaddr) ? "localhost" : http->hostname;
3807 error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
3808
3809 DEBUG_printf(("4http_setup_ssl: SSLSetPeerDomainName, error=%d",
3810 (int)error));
3811 }
ed486911 3812
ef416fc2 3813 if (!error)
b423cd4c 3814 {
7cf5915e
MS		 3815 int done = 0; /* Are we done yet? */
3816
3817 while (!error && !done)
3818 {
3819 error = SSLHandshake(http->tls);
3820
3821 DEBUG_printf(("4_httpWait: SSLHandshake returned %d.", (int)error));
3822
3823 switch (error)
3824 {
3825 case noErr :
3826 done = 1;
3827 break;
3828
3829 case errSSLWouldBlock :
3830 usleep(1000);
3831 break;
3832
3833 case errSSLServerAuthCompleted :
3834 error = 0;
3835 if (cg->server_cert_cb)
3836 {
3837 error = httpCopyCredentials(http, &credentials);
3838 if (!error)
3839 {
3840 error = (cg->server_cert_cb)(http, http->tls, credentials,
3841 cg->server_cert_data);
3842 httpFreeCredentials(credentials);
3843 }
3844
3845 DEBUG_printf(("4_httpWait: Server certificate callback returned "
3846 "%d.", (int)error));
3847 }
3848 break;
3849
3850 case errSSLClientCertRequested :
3851 error = 0;
3852
3853 if (cg->client_cert_cb)
3854 {
3855 names = NULL;
3856 if (!(error = SSLCopyDistinguishedNames(http->tls, &dn_array)) &&
3857 dn_array)
3858 {
3859 if ((names = cupsArrayNew(NULL, NULL)) != NULL)
3860 {
3861 for (i = 0, count = CFArrayGetCount(dn_array); i < count; i++)
3862 {
3863 data = (CFDataRef)CFArrayGetValueAtIndex(dn_array, i);
3864
3865 if ((credential = malloc(sizeof(*credential))))
3866 {
3867 credential->datalen = CFDataGetLength(data);
3868 if ((credential->data = malloc(credential->datalen)))
3869 {
3870 memcpy((void *)credential->data, CFDataGetBytePtr(data),
3871 credential->datalen);
3872 cupsArrayAdd(names, credential);
3873 }
3874 }
3875 }
3876 }
3877
3878 CFRelease(dn_array);
3879 }
3880
3881 if (!error)
3882 {
3883 error = (cg->client_cert_cb)(http, http->tls, names,
3884 cg->client_cert_data);
3885
3886 DEBUG_printf(("4_httpWait: Client certificate callback "
3887 "returned %d.", (int)error));
3888 }
3889
3890 httpFreeCredentials(names);
3891 }
3892 break;
3893
3894 case errSSLUnknownRootCert :
3895 message = _("Unable to establish a secure connection to host "
3896 "(untrusted certificate).");
3897 break;
3898
3899 case errSSLNoRootCert :
3900 message = _("Unable to establish a secure connection to host "
3901 "(self-signed certificate).");
3902 break;
3903
3904 case errSSLCertExpired :
3905 message = _("Unable to establish a secure connection to host "
3906 "(expired certificate).");
3907 break;
3908
3909 case errSSLCertNotYetValid :
3910 message = _("Unable to establish a secure connection to host "
3911 "(certificate not yet valid).");
3912 break;
3913
3914 case errSSLHostNameMismatch :
3915 message = _("Unable to establish a secure connection to host "
3916 "(host name mismatch).");
3917 break;
3918
3919 case errSSLXCertChainInvalid :
3920 message = _("Unable to establish a secure connection to host "
3921 "(certificate chain invalid).");
3922 break;
3923
3924 case errSSLConnectionRefused :
3925 message = _("Unable to establish a secure connection to host "
3926 "(peer dropped connection before responding).");
3927 break;
3928
3929 default :
3930 break;
3931 }
3932 }
b423cd4c 3933 }
ef416fc2 3934
89d46774 3935 if (error)
ef416fc2 3936 {
3937 http->error = error;
3938 http->status = HTTP_ERROR;
7cf5915e
MS		 3939 errno = ECONNREFUSED;
3940
3941 SSLDisposeContext(http->tls);
3942 http->tls = NULL;
ef416fc2 3943
7cf5915e
MS		 3944 /*
3945 * If an error string wasn't set by the callbacks use a generic one...
3946 */
3947
3948 if (!message)
3949#ifdef HAVE_CSSMERRORSTRING
3950 message = cssmErrorString(error);
3951#else
3952 message = _("Unable to establish a secure connection to host.");
3953#endif /* HAVE_CSSMERRORSTRING */
ef416fc2 3954
7cf5915e 3955 _cupsSetError(IPP_PKI_ERROR, message, 1);
ef416fc2 3956
cc754834
MS		 3957 return (-1);
3958 }
7cf5915e 3959
cc754834 3960# elif defined(HAVE_SSPISSL)
7cf5915e 3961 http->tls = _sspiAlloc();
cc754834 3962
7cf5915e 3963 if (!http->tls)
cc754834
MS		 3964 return (-1);
3965
7cf5915e
MS		 3966 http->tls->sock = http->fd;
3967 dwSize = sizeof(username) / sizeof(TCHAR);
cc754834
MS		 3968 GetUserName(username, &dwSize);
3969 _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
3970 sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
3971
7cf5915e
MS		 3972 if (!_sspiGetCredentials(http->tls_credentials, L"ClientContainer",
3973 commonName, FALSE))
cc754834 3974 {
7cf5915e
MS		 3975 _sspiFree(http->tls_credentials);
3976 http->tls_credentials = NULL;
cc754834
MS		 3977 return (-1);
3978 }
3979
7cf5915e
MS		 3980 _sspiSetAllowsAnyRoot(http->tls_credentials, TRUE);
3981 _sspiSetAllowsExpiredCerts(http->tls_credentials, TRUE);
cc754834 3982
7cf5915e 3983 if (!_sspiConnect(http->tls_credentials, http->hostname))
cc754834 3984 {
7cf5915e
MS		 3985 _sspiFree(http->tls_credentials);
3986 http->tls_credentials = NULL;
ef416fc2 3987 return (-1);
3988 }
3989# endif /* HAVE_CDSASSL */
3990
ef416fc2 3991 return (0);
3992}
3993#endif /* HAVE_SSL */
3994
3995
3996#ifdef HAVE_SSL
3997/*
3998 * 'http_shutdown_ssl()' - Shut down SSL/TLS on a connection.
3999 */
4000
4001static void
568fa3fa 4002http_shutdown_ssl(http_t *http) /* I - Connection to server */
ef416fc2 4003{
4004# ifdef HAVE_LIBSSL
89d46774 4005 SSL_CTX *context; /* Context for encryption */
ef416fc2 4006
7cf5915e 4007 context = SSL_get_SSL_CTX(http->tls_credentials);
ef416fc2 4008
7cf5915e 4009 SSL_shutdown(http->tls_credentials);
ef416fc2 4010 SSL_CTX_free(context);
7cf5915e 4011 SSL_free(http->tls_credentials);
ef416fc2 4012
4013# elif defined(HAVE_GNUTLS)
ef416fc2 4014 gnutls_certificate_client_credentials *credentials;
89d46774 4015 /* TLS credentials */
ef416fc2 4016
7cf5915e 4017 credentials = (gnutls_certificate_client_credentials *)(http->tls_credentials);
ef416fc2 4018
7cf5915e
MS		 4019 gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
4020 gnutls_deinit(http->tls);
ef416fc2 4021 gnutls_certificate_free_credentials(*credentials);
4022 free(credentials);
ef416fc2 4023
4024# elif defined(HAVE_CDSASSL)
7cf5915e 4025 while (SSLClose(http->tls) == errSSLWouldBlock)
b423cd4c 4026 usleep(1000);
4027
7cf5915e 4028 SSLDisposeContext(http->tls);
89d46774 4029
7cf5915e
MS		 4030 if (http->tls_credentials)
4031 CFRelease(http->tls_credentials);
89d46774 4032
cc754834 4033# elif defined(HAVE_SSPISSL)
7cf5915e 4034 _sspiFree(http->tls_credentials);
ef416fc2 4035# endif /* HAVE_LIBSSL */
4036
7cf5915e
MS		 4037 http->tls = NULL;
4038 http->tls_credentials = NULL;
ef416fc2 4039}
4040#endif /* HAVE_SSL */
4041
4042
6d2f911b
MS		 4043#ifdef HAVE_LIBSSL
4044/*
4045 * 'http_threadid_cb()' - Return the current thread ID.
4046 */
4047
4048static unsigned long /* O - Thread ID */
4049http_threadid_cb(void)
4050{
4051# ifdef HAVE_PTHREAD_H
4052 return ((unsigned long)pthread_self());
4053# else
4054 return (0);
4055# endif /* HAVE_PTHREAD_H */
4056}
4057#endif /* HAVE_LIBSSL */
4058
4059
ef416fc2 4060#ifdef HAVE_SSL
4061/*
4062 * 'http_upgrade()' - Force upgrade to TLS encryption.
4063 */
4064
89d46774 4065static int /* O - Status of connection */
568fa3fa 4066http_upgrade(http_t *http) /* I - Connection to server */
ef416fc2 4067{
89d46774 4068 int ret; /* Return value */
4069 http_t myhttp; /* Local copy of HTTP data */
ef416fc2 4070
4071
e07d4801 4072 DEBUG_printf(("7http_upgrade(%p)", http));
ef416fc2 4073
85b5d1df
MS		 4074 /*
4075 * Flush the connection to make sure any previous "Upgrade" message
4076 * has been read.
4077 */
4078
4079 httpFlush(http);
4080
ef416fc2 4081 /*
4082 * Copy the HTTP data to a local variable so we can do the OPTIONS
4083 * request without interfering with the existing request data...
4084 */
4085
4086 memcpy(&myhttp, http, sizeof(myhttp));
4087
4088 /*
4089 * Send an OPTIONS request to the server, requiring SSL or TLS
4090 * encryption on the link...
4091 */
4092
f7deaa1a 4093 http->field_authorization = NULL; /* Don't free the auth string */
4094
b86bc4cf 4095 httpClearFields(http);
4096 httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
7cf5915e 4097 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0, SSL/3.0");
ef416fc2 4098
b86bc4cf 4099 if ((ret = httpOptions(http, "*")) == 0)
ef416fc2 4100 {
4101 /*
4102 * Wait for the secure connection...
4103 */
4104
b86bc4cf 4105 while (httpUpdate(http) == HTTP_CONTINUE);
ef416fc2 4106 }
4107
ef416fc2 4108 /*
b86bc4cf 4109 * Restore the HTTP request data...
ef416fc2 4110 */
4111
b86bc4cf 4112 memcpy(http->fields, myhttp.fields, sizeof(http->fields));
f7deaa1a 4113 http->data_encoding = myhttp.data_encoding;
4114 http->data_remaining = myhttp.data_remaining;
4115 http->_data_remaining = myhttp._data_remaining;
4116 http->expect = myhttp.expect;
4117 http->field_authorization = myhttp.field_authorization;
bc44d920 4118 http->digest_tries = myhttp.digest_tries;
ef416fc2 4119
4120 /*
4121 * See if we actually went secure...
4122 */
4123
4124 if (!http->tls)
4125 {
4126 /*
4127 * Server does not support HTTP upgrade...
4128 */
4129
e07d4801 4130 DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
ef416fc2 4131
4132# ifdef WIN32
4133 closesocket(http->fd);
4134# else
4135 close(http->fd);
4136# endif
4137
4138 http->fd = -1;
4139
4140 return (-1);
4141 }
4142 else
4143 return (ret);
4144}
4145#endif /* HAVE_SSL */
4146
4147
ef416fc2 4148/*
4149 * 'http_write()' - Write a buffer to a HTTP connection.
4150 */
ef55b745 4151
ef416fc2 4152static int /* O - Number of bytes written */
568fa3fa 4153http_write(http_t *http, /* I - Connection to server */
f11a948a
MS		 4154 const char *buffer, /* I - Buffer for data */
4155 int length) /* I - Number of bytes to write */
ef416fc2 4156{
4157 int tbytes, /* Total bytes sent */
4158 bytes; /* Bytes sent */
4159
4160
f8b3a85b
MS		 4161 DEBUG_printf(("2http_write(http=%p, buffer=%p, length=%d)", http, buffer,
4162 length));
f11a948a
MS		 4163 http->error = 0;
4164 tbytes = 0;
ef416fc2 4165
4166 while (length > 0)
4167 {
4168#ifdef HAVE_SSL
4169 if (http->tls)
4170 bytes = http_write_ssl(http, buffer, length);
4171 else
4172#endif /* HAVE_SSL */
4173 bytes = send(http->fd, buffer, length, 0);
4174
4175 if (bytes < 0)
4176 {
4177#ifdef WIN32
cc754834
MS		 4178 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
4179 continue;
4180 else if (WSAGetLastError() != http->error && WSAGetLastError() != WSAECONNRESET)
ef416fc2 4181 {
4182 http->error = WSAGetLastError();
4183 continue;
4184 }
4185#else
e07d4801 4186 if (errno == EINTR || errno == EAGAIN)
ef416fc2 4187 continue;
4188 else if (errno != http->error && errno != ECONNRESET)
4189 {
4190 http->error = errno;
4191 continue;
4192 }
4193#endif /* WIN32 */
4194
f8b3a85b
MS		 4195 DEBUG_printf(("3http_write: error writing data (%s).",
4196 strerror(http->error)));
ef416fc2 4197
4198 return (-1);
4199 }
4200
4201 buffer += bytes;
4202 tbytes += bytes;
4203 length -= bytes;
4204 }
4205
4206#ifdef DEBUG
ae71f5de 4207 http_debug_hex("http_write", buffer - tbytes, tbytes);
ef416fc2 4208#endif /* DEBUG */
4209
f8b3a85b
MS		 4210 DEBUG_printf(("3http_write: Returning %d.", tbytes));
4211
ef416fc2 4212 return (tbytes);
4213}
4214
4215
4216/*
4217 * 'http_write_chunk()' - Write a chunked buffer.
4218 */
4219
4220static int /* O - Number bytes written */
568fa3fa 4221http_write_chunk(http_t *http, /* I - Connection to server */
ef416fc2 4222 const char *buffer, /* I - Buffer to write */
4223 int length) /* I - Length of buffer */
4224{
4225 char header[255]; /* Chunk header */
4226 int bytes; /* Bytes written */
4227
f11a948a 4228
e07d4801 4229 DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=%d)",
ef416fc2 4230 http, buffer, length));
4231
4232 /*
4233 * Write the chunk header, data, and trailer.
4234 */
4235
4236 sprintf(header, "%x\r\n", length);
b86bc4cf 4237 if (http_write(http, header, (int)strlen(header)) < 0)
ef416fc2 4238 {
e07d4801 4239 DEBUG_puts("8http_write_chunk: http_write of length failed!");
ef416fc2 4240 return (-1);
4241 }
4242
4243 if ((bytes = http_write(http, buffer, length)) < 0)
4244 {
e07d4801 4245 DEBUG_puts("8http_write_chunk: http_write of buffer failed!");
ef416fc2 4246 return (-1);
4247 }
4248
4249 if (http_write(http, "\r\n", 2) < 0)
4250 {
e07d4801 4251 DEBUG_puts("8http_write_chunk: http_write of CR LF failed!");
ef416fc2 4252 return (-1);
4253 }
4254
4255 return (bytes);
4256}
4257
4258
4259#ifdef HAVE_SSL
4260/*
4261 * 'http_write_ssl()' - Write to a SSL/TLS connection.
4262 */
4263
4264static int /* O - Bytes written */
568fa3fa 4265http_write_ssl(http_t *http, /* I - Connection to server */
ef416fc2 4266 const char *buf, /* I - Buffer holding data */
4267 int len) /* I - Length of buffer */
4268{
f8b3a85b
MS		 4269 ssize_t result; /* Return value */
4270
4271
4272 DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
4273
ef416fc2 4274# if defined(HAVE_LIBSSL)
f8b3a85b 4275 result = SSL_write((SSL *)(http->tls), buf, len);
ef416fc2 4276
4277# elif defined(HAVE_GNUTLS)
7cf5915e 4278 result = gnutls_record_send(http->tls, buf, len);
ef55b745
MS		 4279
4280 if (result < 0 && !errno)
4281 {
4282 /*
4283 * Convert GNU TLS error to errno value...
4284 */
4285
4286 switch (result)
4287 {
4288 case GNUTLS_E_INTERRUPTED :
4289 errno = EINTR;
4290 break;
4291
4292 case GNUTLS_E_AGAIN :
4293 errno = EAGAIN;
4294 break;
4295
4296 default :
4297 errno = EPIPE;
4298 break;
4299 }
4300
4301 result = -1;
4302 }
4303
ef416fc2 4304# elif defined(HAVE_CDSASSL)
4305 OSStatus error; /* Error info */
4306 size_t processed; /* Number of bytes processed */
4307
4308
7cf5915e 4309 error = SSLWrite(http->tls, buf, len, &processed);
ef416fc2 4310
fa73b229 4311 switch (error)
ef416fc2 4312 {
fa73b229 4313 case 0 :
4314 result = (int)processed;
4315 break;
4316 case errSSLClosedGraceful :
4317 result = 0;
4318 break;
4319 case errSSLWouldBlock :
b423cd4c 4320 if (processed)
4321 result = (int)processed;
4322 else
4323 {
4324 result = -1;
ef55b745 4325 errno = EINTR;
b423cd4c 4326 }
fa73b229 4327 break;
4328 default :
ef55b745 4329 errno = EPIPE;
fa73b229 4330 result = -1;
4331 break;
ef416fc2 4332 }
cc754834
MS		 4333# elif defined(HAVE_SSPISSL)
4334 return _sspiWrite((_sspi_struct_t*) http->tls, (void*) buf, len);
ef416fc2 4335# endif /* HAVE_LIBSSL */
f8b3a85b
MS		 4336
4337 DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
4338
4339 return ((int)result);
ef416fc2 4340}
4341#endif /* HAVE_SSL */
4342
4343
4344/*
b19ccc9e 4345 * End of "$Id: http.c 7850 2008-08-20 00:07:25Z mike $".
ef416fc2 4346 */
Unnamed repository; edit this file 'description' to name the repository.