2 * Private HTTP definitions for CUPS.
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * missing or damaged, see the license at "http://www.cups.org/".
13 * This file is subject to the Apple OS-Developed Software exception.
16 #ifndef _CUPS_HTTP_PRIVATE_H_
17 # define _CUPS_HTTP_PRIVATE_H_
20 * Include necessary headers...
24 # include <cups/language.h>
29 # include <sys/select.h>
35 # include <winsock2.h>
36 # define CUPS_SOCAST (const char *)
40 # include <sys/socket.h>
45 # ifdef HAVE_GSS_GSSAPI_H
46 # include <GSS/gssapi.h>
47 # elif defined(HAVE_GSSAPI_GSSAPI_H)
48 # include <gssapi/gssapi.h>
49 # elif defined(HAVE_GSSAPI_H)
51 # endif /* HAVE_GSS_GSSAPI_H */
52 # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
53 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
54 # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
55 # endif /* HAVE_GSSAPI */
57 # ifdef HAVE_AUTHORIZATION_H
58 # include <Security/Authorization.h>
59 # endif /* HAVE_AUTHORIZATION_H */
61 # if defined(__APPLE__) && !defined(_SOCKLEN_T)
63 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
64 * unsigned type for length values...
67 typedef int socklen_t
;
68 # endif /* __APPLE__ && !_SOCKLEN_T */
70 # include <cups/http.h>
71 # include "md5-private.h"
72 # include "ipp-private.h"
75 # include <gnutls/gnutls.h>
76 # include <gnutls/x509.h>
77 # elif defined(HAVE_CDSASSL)
78 # include <CoreFoundation/CoreFoundation.h>
79 # include <Security/Security.h>
80 # include <Security/SecureTransport.h>
81 # ifdef HAVE_SECURETRANSPORTPRIV_H
82 # include <Security/SecureTransportPriv.h>
83 # endif /* HAVE_SECURETRANSPORTPRIV_H */
84 # ifdef HAVE_SECITEM_H
85 # include <Security/SecItem.h>
86 # endif /* HAVE_SECITEM_H */
87 # ifdef HAVE_SECBASEPRIV_H
88 # include <Security/SecBasePriv.h>
89 # endif /* HAVE_SECBASEPRIV_H */
90 # ifdef HAVE_SECCERTIFICATE_H
91 # include <Security/SecCertificate.h>
92 # include <Security/SecIdentity.h>
93 # endif /* HAVE_SECCERTIFICATE_H */
94 # ifdef HAVE_SECCERTIFICATEPRIV_H
95 # include <Security/SecCertificatePriv.h>
99 # endif /* __cplusplus */
100 # ifndef _SECURITY_VERSION_GREATER_THAN_57610_
101 typedef CF_OPTIONS(uint32_t, SecKeyUsage
) {
102 kSecKeyUsageAll
= 0x7FFFFFFF
104 # endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
105 extern const void * kSecCSRChallengePassword
;
106 extern const void * kSecSubjectAltName
;
107 extern const void * kSecCertificateKeyUsage
;
108 extern const void * kSecCSRBasicContraintsPathLen
;
109 extern const void * kSecCertificateExtensions
;
110 extern const void * kSecCertificateExtensionsEncoded
;
111 extern const void * kSecOidCommonName
;
112 extern const void * kSecOidCountryName
;
113 extern const void * kSecOidStateProvinceName
;
114 extern const void * kSecOidLocalityName
;
115 extern const void * kSecOidOrganization
;
116 extern const void * kSecOidOrganizationalUnit
;
117 extern SecCertificateRef
SecCertificateCreateWithBytes(CFAllocatorRef allocator
, const UInt8
*bytes
, CFIndex length
);
118 extern bool SecCertificateIsValid(SecCertificateRef certificate
, CFAbsoluteTime verifyTime
);
119 extern CFAbsoluteTime
SecCertificateNotValidAfter(SecCertificateRef certificate
);
120 extern SecCertificateRef
SecGenerateSelfSignedCertificate(CFArrayRef subject
, CFDictionaryRef parameters
, SecKeyRef publicKey
, SecKeyRef privateKey
);
121 extern SecIdentityRef
SecIdentityCreate(CFAllocatorRef allocator
, SecCertificateRef certificate
, SecKeyRef privateKey
);
124 # endif /* __cplusplus */
125 # endif /* HAVE_SECCERTIFICATEPRIV_H */
126 # ifdef HAVE_SECITEMPRIV_H
127 # include <Security/SecItemPriv.h>
128 # endif /* HAVE_SECITEMPRIV_H */
129 # ifdef HAVE_SECIDENTITYSEARCHPRIV_H
130 # include <Security/SecIdentitySearchPriv.h>
131 # endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
132 # ifdef HAVE_SECPOLICYPRIV_H
133 # include <Security/SecPolicyPriv.h>
134 # endif /* HAVE_SECPOLICYPRIV_H */
135 # elif defined(HAVE_SSPISSL)
136 # include <wincrypt.h>
137 # include <wintrust.h>
138 # include <schannel.h>
139 # define SECURITY_WIN32
140 # include <security.h>
142 # endif /* HAVE_GNUTLS */
147 # ifdef HAVE_GETIFADDRS
148 # include <ifaddrs.h>
150 # include <sys/ioctl.h>
151 # ifdef HAVE_SYS_SOCKIO_H
152 # include <sys/sockio.h>
153 # endif /* HAVE_SYS_SOCKIO_H */
154 # endif /* HAVE_GETIFADDRS */
159 # endif /* HAVE_LIBZ */
168 # endif /* __cplusplus */
175 # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
176 # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
177 # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
178 # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
179 # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
181 # define _HTTP_TLS_NONE 0 /* No TLS options */
182 # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
183 # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
184 # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
185 # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
187 # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
188 # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
189 # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
190 # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
191 # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
192 # define _HTTP_TLS_MAX 5 /* Highest known TLS version */
196 * Types and functions for SSL support...
201 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
204 typedef gnutls_session_t http_tls_t
;
205 typedef gnutls_certificate_credentials_t
*http_tls_credentials_t
;
207 # elif defined(HAVE_CDSASSL)
209 * Darwin's Security framework provides its own SSL/TLS context structure
210 * for its IO and protocol management...
213 # if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
214 extern const char *cssmErrorString(int error
);
215 # endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
216 # if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
217 extern OSStatus
SecIdentitySearchCreateWithPolicy(SecPolicyRef policy
,
218 CFStringRef idString
, CSSM_KEYUSE keyUsage
,
219 CFTypeRef keychainOrArray
,
220 Boolean returnOnlyValidIdentities
,
221 SecIdentitySearchRef
* searchRef
);
222 # endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
223 # if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
224 extern OSStatus
SecPolicySetValue(SecPolicyRef policyRef
,
225 const CSSM_DATA
*value
);
226 # endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
228 typedef SSLContextRef http_tls_t
;
229 typedef CFArrayRef http_tls_credentials_t
;
231 # elif defined(HAVE_SSPISSL)
233 * Windows' SSPI library gets a CUPS wrapper...
236 typedef struct _http_sspi_s
/**** SSPI/SSL data structure ****/
238 CredHandle creds
; /* Credentials */
239 CtxtHandle context
; /* SSL context */
240 BOOL contextInitialized
; /* Is context init'd? */
241 SecPkgContext_StreamSizes streamSizes
;/* SSL data stream sizes */
242 BYTE
*decryptBuffer
; /* Data pre-decryption*/
243 size_t decryptBufferLength
; /* Length of decrypt buffer */
244 size_t decryptBufferUsed
; /* Bytes used in buffer */
245 BYTE
*readBuffer
; /* Data post-decryption */
246 int readBufferLength
; /* Length of read buffer */
247 int readBufferUsed
; /* Bytes used in buffer */
248 BYTE
*writeBuffer
; /* Data pre-encryption */
249 int writeBufferLength
; /* Length of write buffer */
250 PCCERT_CONTEXT localCert
, /* Local certificate */
251 remoteCert
; /* Remote (peer's) certificate */
252 char error
[256]; /* Most recent error message */
254 typedef _http_sspi_t
*http_tls_t
;
255 typedef PCCERT_CONTEXT http_tls_credentials_t
;
259 * Otherwise define stub types since we have no SSL support...
262 typedef void *http_tls_t
;
263 typedef void *http_tls_credentials_t
;
264 # endif /* HAVE_GNUTLS */
266 typedef enum _http_coding_e
/**** HTTP content coding enumeration ****/
268 _HTTP_CODING_IDENTITY
, /* No content coding */
269 _HTTP_CODING_GZIP
, /* LZ77+gzip decompression */
270 _HTTP_CODING_DEFLATE
, /* LZ77+zlib compression */
271 _HTTP_CODING_GUNZIP
, /* LZ77+gzip decompression */
272 _HTTP_CODING_INFLATE
/* LZ77+zlib decompression */
275 typedef enum _http_mode_e
/**** HTTP mode enumeration ****/
277 _HTTP_MODE_CLIENT
, /* Client connected to server */
278 _HTTP_MODE_SERVER
/* Server connected (accepted) from client */
281 # ifndef _HTTP_NO_PRIVATE
282 struct _http_s
/**** HTTP connection structure ****/
284 int fd
; /* File descriptor for this socket */
285 int blocking
; /* To block or not to block */
286 int error
; /* Last error on read */
287 time_t activity
; /* Time since last read/write */
288 http_state_t state
; /* State of client */
289 http_status_t status
; /* Status of last request */
290 http_version_t version
; /* Protocol version */
291 http_keepalive_t keep_alive
; /* Keep-alive supported? */
292 struct sockaddr_in _hostaddr
; /* Address of connected host (deprecated) */
293 char hostname
[HTTP_MAX_HOST
],
294 /* Name of connected host */
295 fields
[HTTP_FIELD_ACCEPT_ENCODING
][HTTP_MAX_VALUE
];
296 /* Field values up to Accept-Encoding */
297 char *data
; /* Pointer to data buffer */
298 http_encoding_t data_encoding
; /* Chunked or not */
299 int _data_remaining
;/* Number of bytes left (deprecated) */
300 int used
; /* Number of bytes used in buffer */
301 char buffer
[HTTP_MAX_BUFFER
];
302 /* Buffer for incoming data */
303 int _auth_type
; /* Authentication in use (deprecated) */
304 _cups_md5_state_t md5_state
; /* MD5 state */
305 char nonce
[HTTP_MAX_VALUE
];
307 int nonce_count
; /* Nonce count */
308 http_tls_t tls
; /* TLS state information */
309 http_encryption_t encryption
; /* Encryption requirements */
311 /**** New in CUPS 1.1.19 ****/
312 fd_set
*input_set
; /* select() set for httpWait() (deprecated) */
313 http_status_t expect
; /* Expect: header */
314 char *cookie
; /* Cookie value(s) */
316 /**** New in CUPS 1.1.20 ****/
317 char _authstring
[HTTP_MAX_VALUE
],
318 /* Current Authorization value (deprecated) */
319 userpass
[HTTP_MAX_VALUE
];
320 /* Username:password string */
321 int digest_tries
; /* Number of tries for digest auth */
323 /**** New in CUPS 1.2 ****/
324 off_t data_remaining
; /* Number of bytes left */
325 http_addr_t
*hostaddr
; /* Current host address and port */
326 http_addrlist_t
*addrlist
; /* List of valid addresses */
327 char wbuffer
[HTTP_MAX_BUFFER
];
328 /* Buffer for outgoing data */
329 int wused
; /* Write buffer bytes used */
331 /**** New in CUPS 1.3 ****/
332 char *field_authorization
;
333 /* Authorization field */
334 char *authstring
; /* Current Authorization field */
336 gss_OID gssmech
; /* Authentication mechanism */
337 gss_ctx_id_t gssctx
; /* Authentication context */
338 gss_name_t gssname
; /* Authentication server name */
339 # endif /* HAVE_GSSAPI */
340 # ifdef HAVE_AUTHORIZATION_H
341 AuthorizationRef auth_ref
; /* Authorization ref */
342 # endif /* HAVE_AUTHORIZATION_H */
344 /**** New in CUPS 1.5 ****/
345 http_tls_credentials_t tls_credentials
;
346 /* TLS credentials */
347 http_timeout_cb_t timeout_cb
; /* Timeout callback */
348 void *timeout_data
; /* User data pointer */
349 double timeout_value
; /* Timeout in seconds */
350 int wait_value
; /* httpWait value for timeout */
352 char gsshost
[256]; /* Hostname for Kerberos */
353 # endif /* HAVE_GSSAPI */
355 /**** New in CUPS 1.7 ****/
356 int tls_upgrade
; /* Non-zero if we are doing an upgrade */
357 _http_mode_t mode
; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
358 char *accept_encoding
,
359 /* Accept-Encoding field */
360 *allow
, /* Allow field */
361 *server
, /* Server field */
362 *default_accept_encoding
,
365 /* Default field values */
367 _http_coding_t coding
; /* _HTTP_CODING_xxx */
368 z_stream stream
; /* (De)compression stream */
369 Bytef
*sbuffer
; /* (De)compression buffer */
370 # endif /* HAVE_LIBZ */
372 # endif /* !_HTTP_NO_PRIVATE */
376 * Some OS's don't have hstrerror(), most notably Solaris...
379 # ifndef HAVE_HSTRERROR
380 extern const char *_cups_hstrerror(int error
);
381 # define hstrerror _cups_hstrerror
382 # endif /* !HAVE_HSTRERROR */
386 * Some OS's don't have getifaddrs() and freeifaddrs()...
389 # if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
392 # endif /* ifa_dstaddr */
394 # define ifr_netmask ifr_addr
395 # endif /* !ifr_netmask */
397 struct ifaddrs
/**** Interface Structure ****/
399 struct ifaddrs
*ifa_next
; /* Next interface in list */
400 char *ifa_name
; /* Name of interface */
401 unsigned int ifa_flags
; /* Flags (up, point-to-point, etc.) */
402 struct sockaddr
*ifa_addr
, /* Network address */
403 *ifa_netmask
; /* Address mask */
406 struct sockaddr
*ifu_broadaddr
; /* Broadcast address of this interface. */
407 struct sockaddr
*ifu_dstaddr
; /* Point-to-point destination address. */
410 void *ifa_data
; /* Interface statistics */
413 # ifndef ifa_broadaddr
414 # define ifa_broadaddr ifa_ifu.ifu_broadaddr
415 # endif /* !ifa_broadaddr */
417 # define ifa_dstaddr ifa_ifu.ifu_dstaddr
418 # endif /* !ifa_dstaddr */
420 extern int _cups_getifaddrs(struct ifaddrs
**addrs
);
421 # define getifaddrs _cups_getifaddrs
422 extern void _cups_freeifaddrs(struct ifaddrs
*addrs
);
423 # define freeifaddrs _cups_freeifaddrs
424 # endif /* !WIN32 && !HAVE_GETIFADDRS */
431 extern void _httpAddrSetPort(http_addr_t
*addr
, int port
);
432 extern http_tls_credentials_t
433 _httpCreateCredentials(cups_array_t
*credentials
);
434 extern char *_httpDecodeURI(char *dst
, const char *src
,
436 extern void _httpDisconnect(http_t
*http
);
437 extern char *_httpEncodeURI(char *dst
, const char *src
,
439 extern void _httpFreeCredentials(http_tls_credentials_t credentials
);
440 extern const char *_httpResolveURI(const char *uri
, char *resolved_uri
,
441 size_t resolved_size
, int options
,
442 int (*cb
)(void *context
),
444 extern const char *_httpStatus(cups_lang_t
*lang
, http_status_t status
);
445 extern void _httpTLSInitialize(void);
446 extern size_t _httpTLSPending(http_t
*http
);
447 extern int _httpTLSRead(http_t
*http
, char *buf
, int len
);
448 extern int _httpTLSSetCredentials(http_t
*http
);
449 extern void _httpTLSSetOptions(int options
, int min_version
, int max_version
);
450 extern int _httpTLSStart(http_t
*http
);
451 extern void _httpTLSStop(http_t
*http
);
452 extern int _httpTLSWrite(http_t
*http
, const char *buf
, int len
);
453 extern int _httpUpdate(http_t
*http
, http_status_t
*status
);
454 extern int _httpWait(http_t
*http
, int msec
, int usessl
);
463 # endif /* __cplusplus */
465 #endif /* !_CUPS_HTTP_PRIVATE_H_ */