]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * "$Id$" | |
3 | * | |
4 | * Private HTTP definitions for CUPS. | |
5 | * | |
6 | * Copyright 2007-2013 by Apple Inc. | |
7 | * Copyright 1997-2007 by Easy Software Products, all rights reserved. | |
8 | * | |
9 | * These coded instructions, statements, and computer programs are the | |
10 | * property of Apple Inc. and are protected by Federal copyright | |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
14 | * | |
15 | * This file is subject to the Apple OS-Developed Software exception. | |
16 | */ | |
17 | ||
18 | #ifndef _CUPS_HTTP_PRIVATE_H_ | |
19 | # define _CUPS_HTTP_PRIVATE_H_ | |
20 | ||
21 | /* | |
22 | * Include necessary headers... | |
23 | */ | |
24 | ||
25 | # include "config.h" | |
26 | # include <cups/language.h> | |
27 | # include <stddef.h> | |
28 | # include <stdlib.h> | |
29 | ||
30 | # ifdef __sun | |
31 | # include <sys/select.h> | |
32 | # endif /* __sun */ | |
33 | ||
34 | # include <limits.h> | |
35 | # ifdef WIN32 | |
36 | # include <io.h> | |
37 | # include <winsock2.h> | |
38 | # define CUPS_SOCAST (const char *) | |
39 | # else | |
40 | # include <unistd.h> | |
41 | # include <fcntl.h> | |
42 | # include <sys/socket.h> | |
43 | # define CUPS_SOCAST | |
44 | # endif /* WIN32 */ | |
45 | ||
46 | # ifdef HAVE_GSSAPI | |
47 | # ifdef HAVE_GSS_GSSAPI_H | |
48 | # include <GSS/gssapi.h> | |
49 | # elif defined(HAVE_GSSAPI_GSSAPI_H) | |
50 | # include <gssapi/gssapi.h> | |
51 | # elif defined(HAVE_GSSAPI_H) | |
52 | # include <gssapi.h> | |
53 | # endif /* HAVE_GSS_GSSAPI_H */ | |
54 | # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE | |
55 | # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name | |
56 | # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */ | |
57 | # endif /* HAVE_GSSAPI */ | |
58 | ||
59 | # ifdef HAVE_AUTHORIZATION_H | |
60 | # include <Security/Authorization.h> | |
61 | # endif /* HAVE_AUTHORIZATION_H */ | |
62 | ||
63 | # if defined(__APPLE__) && !defined(_SOCKLEN_T) | |
64 | /* | |
65 | * MacOS X 10.2.x does not define socklen_t, and in fact uses an int instead of | |
66 | * unsigned type for length values... | |
67 | */ | |
68 | ||
69 | typedef int socklen_t; | |
70 | # endif /* __APPLE__ && !_SOCKLEN_T */ | |
71 | ||
72 | # include <cups/http.h> | |
73 | # include "md5-private.h" | |
74 | # include "ipp-private.h" | |
75 | ||
76 | # if defined HAVE_LIBSSL | |
77 | # include <openssl/err.h> | |
78 | # include <openssl/rand.h> | |
79 | # include <openssl/ssl.h> | |
80 | # elif defined HAVE_GNUTLS | |
81 | # include <gnutls/gnutls.h> | |
82 | # include <gnutls/x509.h> | |
83 | # include <gcrypt.h> | |
84 | # elif defined(HAVE_CDSASSL) | |
85 | # include <CoreFoundation/CoreFoundation.h> | |
86 | # include <Security/Security.h> | |
87 | # include <Security/SecureTransport.h> | |
88 | # ifdef HAVE_SECURETRANSPORTPRIV_H | |
89 | # include <Security/SecureTransportPriv.h> | |
90 | # endif /* HAVE_SECURETRANSPORTPRIV_H */ | |
91 | # ifdef HAVE_SECITEM_H | |
92 | # include <Security/SecItem.h> | |
93 | # endif /* HAVE_SECITEM_H */ | |
94 | # ifdef HAVE_SECBASEPRIV_H | |
95 | # include <Security/SecBasePriv.h> | |
96 | # endif /* HAVE_SECBASEPRIV_H */ | |
97 | # ifdef HAVE_SECCERTIFICATE_H | |
98 | # include <Security/SecCertificate.h> | |
99 | # include <Security/SecIdentity.h> | |
100 | # endif /* HAVE_SECCERTIFICATE_H */ | |
101 | # ifdef HAVE_SECITEMPRIV_H | |
102 | # include <Security/SecItemPriv.h> | |
103 | # endif /* HAVE_SECITEMPRIV_H */ | |
104 | # ifdef HAVE_SECIDENTITYSEARCHPRIV_H | |
105 | # include <Security/SecIdentitySearchPriv.h> | |
106 | # endif /* HAVE_SECIDENTITYSEARCHPRIV_H */ | |
107 | # ifdef HAVE_SECPOLICYPRIV_H | |
108 | # include <Security/SecPolicyPriv.h> | |
109 | # endif /* HAVE_SECPOLICYPRIV_H */ | |
110 | # elif defined(HAVE_SSPISSL) | |
111 | # include "sspi-private.h" | |
112 | # endif /* HAVE_LIBSSL */ | |
113 | ||
114 | # ifndef WIN32 | |
115 | # include <net/if.h> | |
116 | # ifdef HAVE_GETIFADDRS | |
117 | # include <ifaddrs.h> | |
118 | # else | |
119 | # include <sys/ioctl.h> | |
120 | # ifdef HAVE_SYS_SOCKIO_H | |
121 | # include <sys/sockio.h> | |
122 | # endif /* HAVE_SYS_SOCKIO_H */ | |
123 | # endif /* HAVE_GETIFADDRS */ | |
124 | # endif /* !WIN32 */ | |
125 | ||
126 | # ifdef HAVE_LIBZ | |
127 | # include <zlib.h> | |
128 | # endif /* HAVE_LIBZ */ | |
129 | ||
130 | ||
131 | /* | |
132 | * C++ magic... | |
133 | */ | |
134 | ||
135 | # ifdef __cplusplus | |
136 | extern "C" { | |
137 | # endif /* __cplusplus */ | |
138 | ||
139 | ||
140 | /* | |
141 | * Constants... | |
142 | */ | |
143 | ||
144 | ||
145 | #define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ | |
146 | #define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ | |
147 | #define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ | |
148 | #define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ | |
149 | ||
150 | ||
151 | /* | |
152 | * Types and functions for SSL support... | |
153 | */ | |
154 | ||
155 | # if defined HAVE_LIBSSL | |
156 | /* | |
157 | * The OpenSSL library provides its own SSL/TLS context structure for its | |
158 | * IO and protocol management. However, we need to provide our own BIO | |
159 | * (basic IO) implementation to do timeouts... | |
160 | */ | |
161 | ||
162 | typedef SSL *http_tls_t; | |
163 | typedef void *http_tls_credentials_t; | |
164 | ||
165 | extern BIO_METHOD *_httpBIOMethods(void); | |
166 | ||
167 | # elif defined HAVE_GNUTLS | |
168 | /* | |
169 | * The GNU TLS library is more of a "bare metal" SSL/TLS library... | |
170 | */ | |
171 | ||
172 | typedef gnutls_session http_tls_t; | |
173 | typedef void *http_tls_credentials_t; | |
174 | ||
175 | extern ssize_t _httpReadGNUTLS(gnutls_transport_ptr ptr, void *data, | |
176 | size_t length); | |
177 | extern ssize_t _httpWriteGNUTLS(gnutls_transport_ptr ptr, const void *data, | |
178 | size_t length); | |
179 | ||
180 | # elif defined(HAVE_CDSASSL) | |
181 | /* | |
182 | * Darwin's Security framework provides its own SSL/TLS context structure | |
183 | * for its IO and protocol management... | |
184 | */ | |
185 | ||
186 | # if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */ | |
187 | extern const char *cssmErrorString(int error); | |
188 | # endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */ | |
189 | # ifndef HAVE_SECITEMPRIV_H /* Declare constants from that header... */ | |
190 | extern const CFTypeRef kSecClassCertificate; | |
191 | extern const CFTypeRef kSecClassIdentity; | |
192 | # endif /* !HAVE_SECITEMPRIV_H */ | |
193 | # if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */ | |
194 | extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy, | |
195 | CFStringRef idString, CSSM_KEYUSE keyUsage, | |
196 | CFTypeRef keychainOrArray, | |
197 | Boolean returnOnlyValidIdentities, | |
198 | SecIdentitySearchRef* searchRef); | |
199 | # endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */ | |
200 | # if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */ | |
201 | extern OSStatus SecPolicySetValue(SecPolicyRef policyRef, | |
202 | const CSSM_DATA *value); | |
203 | # endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */ | |
204 | ||
205 | typedef SSLContextRef http_tls_t; | |
206 | typedef CFArrayRef http_tls_credentials_t; | |
207 | ||
208 | extern OSStatus _httpReadCDSA(SSLConnectionRef connection, void *data, | |
209 | size_t *dataLength); | |
210 | extern OSStatus _httpWriteCDSA(SSLConnectionRef connection, const void *data, | |
211 | size_t *dataLength); | |
212 | ||
213 | # elif defined(HAVE_SSPISSL) | |
214 | /* | |
215 | * Windows' SSPI library gets a CUPS wrapper... | |
216 | */ | |
217 | ||
218 | typedef _sspi_struct_t * http_tls_t; | |
219 | typedef void *http_tls_credentials_t; | |
220 | ||
221 | # else | |
222 | /* | |
223 | * Otherwise define stub types since we have no SSL support... | |
224 | */ | |
225 | ||
226 | typedef void *http_tls_t; | |
227 | typedef void *http_tls_credentials_t; | |
228 | # endif /* HAVE_LIBSSL */ | |
229 | ||
230 | typedef enum _http_coding_e /**** HTTP content coding enumeration ****/ | |
231 | { | |
232 | _HTTP_CODING_IDENTITY, /* No content coding */ | |
233 | _HTTP_CODING_GZIP, /* LZ77+gzip decompression */ | |
234 | _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */ | |
235 | _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */ | |
236 | _HTTP_CODING_INFLATE /* LZ77+zlib decompression */ | |
237 | } _http_coding_t; | |
238 | ||
239 | typedef enum _http_mode_e /**** HTTP mode enumeration ****/ | |
240 | { | |
241 | _HTTP_MODE_CLIENT, /* Client connected to server */ | |
242 | _HTTP_MODE_SERVER /* Server connected (accepted) from client */ | |
243 | } _http_mode_t; | |
244 | ||
245 | # ifndef _HTTP_NO_PRIVATE | |
246 | struct _http_s /**** HTTP connection structure ****/ | |
247 | { | |
248 | int fd; /* File descriptor for this socket */ | |
249 | int blocking; /* To block or not to block */ | |
250 | int error; /* Last error on read */ | |
251 | time_t activity; /* Time since last read/write */ | |
252 | http_state_t state; /* State of client */ | |
253 | http_status_t status; /* Status of last request */ | |
254 | http_version_t version; /* Protocol version */ | |
255 | http_keepalive_t keep_alive; /* Keep-alive supported? */ | |
256 | struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */ | |
257 | char hostname[HTTP_MAX_HOST], | |
258 | /* Name of connected host */ | |
259 | fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE]; | |
260 | /* Field values up to Accept-Encoding */ | |
261 | char *data; /* Pointer to data buffer */ | |
262 | http_encoding_t data_encoding; /* Chunked or not */ | |
263 | int _data_remaining;/* Number of bytes left (deprecated) */ | |
264 | int used; /* Number of bytes used in buffer */ | |
265 | char buffer[HTTP_MAX_BUFFER]; | |
266 | /* Buffer for incoming data */ | |
267 | int _auth_type; /* Authentication in use (deprecated) */ | |
268 | _cups_md5_state_t md5_state; /* MD5 state */ | |
269 | char nonce[HTTP_MAX_VALUE]; | |
270 | /* Nonce value */ | |
271 | int nonce_count; /* Nonce count */ | |
272 | http_tls_t tls; /* TLS state information */ | |
273 | http_encryption_t encryption; /* Encryption requirements */ | |
274 | ||
275 | /**** New in CUPS 1.1.19 ****/ | |
276 | fd_set *input_set; /* select() set for httpWait() (deprecated) */ | |
277 | http_status_t expect; /* Expect: header */ | |
278 | char *cookie; /* Cookie value(s) */ | |
279 | ||
280 | /**** New in CUPS 1.1.20 ****/ | |
281 | char _authstring[HTTP_MAX_VALUE], | |
282 | /* Current Authorization value (deprecated) */ | |
283 | userpass[HTTP_MAX_VALUE]; | |
284 | /* Username:password string */ | |
285 | int digest_tries; /* Number of tries for digest auth */ | |
286 | ||
287 | /**** New in CUPS 1.2 ****/ | |
288 | off_t data_remaining; /* Number of bytes left */ | |
289 | http_addr_t *hostaddr; /* Current host address and port */ | |
290 | http_addrlist_t *addrlist; /* List of valid addresses */ | |
291 | char wbuffer[HTTP_MAX_BUFFER]; | |
292 | /* Buffer for outgoing data */ | |
293 | int wused; /* Write buffer bytes used */ | |
294 | ||
295 | /**** New in CUPS 1.3 ****/ | |
296 | char *field_authorization; | |
297 | /* Authorization field */ | |
298 | char *authstring; /* Current Authorization field */ | |
299 | # ifdef HAVE_GSSAPI | |
300 | gss_OID gssmech; /* Authentication mechanism */ | |
301 | gss_ctx_id_t gssctx; /* Authentication context */ | |
302 | gss_name_t gssname; /* Authentication server name */ | |
303 | # endif /* HAVE_GSSAPI */ | |
304 | # ifdef HAVE_AUTHORIZATION_H | |
305 | AuthorizationRef auth_ref; /* Authorization ref */ | |
306 | # endif /* HAVE_AUTHORIZATION_H */ | |
307 | ||
308 | /**** New in CUPS 1.5 ****/ | |
309 | http_tls_credentials_t tls_credentials; | |
310 | /* TLS credentials */ | |
311 | http_timeout_cb_t timeout_cb; /* Timeout callback */ | |
312 | void *timeout_data; /* User data pointer */ | |
313 | double timeout_value; /* Timeout in seconds */ | |
314 | int wait_value; /* httpWait value for timeout */ | |
315 | # ifdef HAVE_GSSAPI | |
316 | char gsshost[256]; /* Hostname for Kerberos */ | |
317 | # endif /* HAVE_GSSAPI */ | |
318 | ||
319 | /**** New in CUPS 1.7 ****/ | |
320 | int tls_upgrade; /* Non-zero if we are doing an upgrade */ | |
321 | _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */ | |
322 | char *accept_encoding, | |
323 | /* Accept-Encoding field */ | |
324 | *allow, /* Allow field */ | |
325 | *server, /* Server field */ | |
326 | *default_accept_encoding, | |
327 | *default_server, | |
328 | *default_user_agent; | |
329 | /* Default field values */ | |
330 | # ifdef HAVE_LIBZ | |
331 | _http_coding_t coding; /* _HTTP_CODING_xxx */ | |
332 | z_stream stream; /* (De)compression stream */ | |
333 | Bytef *dbuffer; /* Decompression buffer */ | |
334 | # endif /* HAVE_LIBZ */ | |
335 | }; | |
336 | # endif /* !_HTTP_NO_PRIVATE */ | |
337 | ||
338 | ||
339 | /* | |
340 | * Some OS's don't have hstrerror(), most notably Solaris... | |
341 | */ | |
342 | ||
343 | # ifndef HAVE_HSTRERROR | |
344 | extern const char *_cups_hstrerror(int error); | |
345 | # define hstrerror _cups_hstrerror | |
346 | # elif defined(_AIX) || defined(__osf__) | |
347 | /* | |
348 | * AIX and Tru64 UNIX don't provide a prototype but do provide the function... | |
349 | */ | |
350 | extern const char *hstrerror(int error); | |
351 | # endif /* !HAVE_HSTRERROR */ | |
352 | ||
353 | ||
354 | /* | |
355 | * Some OS's don't have getifaddrs() and freeifaddrs()... | |
356 | */ | |
357 | ||
358 | # if !defined(WIN32) && !defined(HAVE_GETIFADDRS) | |
359 | # ifdef ifa_dstaddr | |
360 | # undef ifa_dstaddr | |
361 | # endif /* ifa_dstaddr */ | |
362 | # ifndef ifr_netmask | |
363 | # define ifr_netmask ifr_addr | |
364 | # endif /* !ifr_netmask */ | |
365 | ||
366 | struct ifaddrs /**** Interface Structure ****/ | |
367 | { | |
368 | struct ifaddrs *ifa_next; /* Next interface in list */ | |
369 | char *ifa_name; /* Name of interface */ | |
370 | unsigned int ifa_flags; /* Flags (up, point-to-point, etc.) */ | |
371 | struct sockaddr *ifa_addr, /* Network address */ | |
372 | *ifa_netmask; /* Address mask */ | |
373 | union | |
374 | { | |
375 | struct sockaddr *ifu_broadaddr; /* Broadcast address of this interface. */ | |
376 | struct sockaddr *ifu_dstaddr; /* Point-to-point destination address. */ | |
377 | } ifa_ifu; | |
378 | ||
379 | void *ifa_data; /* Interface statistics */ | |
380 | }; | |
381 | ||
382 | # ifndef ifa_broadaddr | |
383 | # define ifa_broadaddr ifa_ifu.ifu_broadaddr | |
384 | # endif /* !ifa_broadaddr */ | |
385 | # ifndef ifa_dstaddr | |
386 | # define ifa_dstaddr ifa_ifu.ifu_dstaddr | |
387 | # endif /* !ifa_dstaddr */ | |
388 | ||
389 | extern int _cups_getifaddrs(struct ifaddrs **addrs); | |
390 | # define getifaddrs _cups_getifaddrs | |
391 | extern void _cups_freeifaddrs(struct ifaddrs *addrs); | |
392 | # define freeifaddrs _cups_freeifaddrs | |
393 | # endif /* !WIN32 && !HAVE_GETIFADDRS */ | |
394 | ||
395 | ||
396 | /* | |
397 | * Prototypes... | |
398 | */ | |
399 | ||
400 | extern int _httpAddrPort(http_addr_t *addr) | |
401 | _CUPS_INTERNAL_MSG("Use httpAddrPort instead."); | |
402 | extern void _httpAddrSetPort(http_addr_t *addr, int port); | |
403 | extern char *_httpAssembleUUID(const char *server, int port, | |
404 | const char *name, int number, | |
405 | char *buffer, size_t bufsize) | |
406 | _CUPS_INTERNAL_MSG("Use httpAssembleUUID instead."); | |
407 | extern http_t *_httpCreate(const char *host, int port, | |
408 | http_addrlist_t *addrlist, | |
409 | http_encryption_t encryption, | |
410 | int family) | |
411 | _CUPS_INTERNAL_MSG("Use httpConnect2 or httpAccept instead."); | |
412 | extern http_tls_credentials_t | |
413 | _httpCreateCredentials(cups_array_t *credentials); | |
414 | extern char *_httpDecodeURI(char *dst, const char *src, | |
415 | size_t dstsize); | |
416 | extern void _httpDisconnect(http_t *http); | |
417 | extern char *_httpEncodeURI(char *dst, const char *src, | |
418 | size_t dstsize); | |
419 | extern void _httpFreeCredentials(http_tls_credentials_t credentials); | |
420 | extern ssize_t _httpPeek(http_t *http, char *buffer, size_t length) | |
421 | _CUPS_INTERNAL_MSG("Use httpPeek instead."); | |
422 | extern const char *_httpResolveURI(const char *uri, char *resolved_uri, | |
423 | size_t resolved_size, int options, | |
424 | int (*cb)(void *context), | |
425 | void *context); | |
426 | extern const char *_httpStatus(cups_lang_t *lang, http_status_t status); | |
427 | extern int _httpUpdate(http_t *http, http_status_t *status); | |
428 | extern int _httpWait(http_t *http, int msec, int usessl); | |
429 | ||
430 | ||
431 | /* | |
432 | * C++ magic... | |
433 | */ | |
434 | ||
435 | # ifdef __cplusplus | |
436 | } | |
437 | # endif /* __cplusplus */ | |
438 | ||
439 | #endif /* !_CUPS_HTTP_PRIVATE_H_ */ | |
440 | ||
441 | /* | |
442 | * End of "$Id$". | |
443 | */ |