]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/http-private.h
projects / thirdparty / cups.git / blob
? search:


84f487ff7ee6ba901f65309b7a88d7746fc5ecd1
[thirdparty/cups.git] / cups / http-private.h
1 /*
2 * Private HTTP definitions for CUPS.
3 *
4 * Copyright 2007-2018 by Apple Inc.
5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
6 *
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * missing or damaged, see the license at "http://www.cups.org/".
12 *
13 * This file is subject to the Apple OS-Developed Software exception.
14 */
15
16 #ifndef _CUPS_HTTP_PRIVATE_H_
17 # define _CUPS_HTTP_PRIVATE_H_
18
19 /*
20 * Include necessary headers...
21 */
22
23 # include "config.h"
24 # include <cups/language.h>
25 # include <stddef.h>
26 # include <stdlib.h>
27
28 # ifdef __sun
29 # include <sys/select.h>
30 # endif /* __sun */
31
32 # include <limits.h>
33 # ifdef WIN32
34 # include <io.h>
35 # include <winsock2.h>
36 # define CUPS_SOCAST (const char *)
37 # else
38 # include <unistd.h>
39 # include <fcntl.h>
40 # include <sys/socket.h>
41 # define CUPS_SOCAST
42 # endif /* WIN32 */
43
44 # ifdef HAVE_GSSAPI
45 # ifdef HAVE_GSS_GSSAPI_H
46 # include <GSS/gssapi.h>
47 # elif defined(HAVE_GSSAPI_GSSAPI_H)
48 # include <gssapi/gssapi.h>
49 # elif defined(HAVE_GSSAPI_H)
50 # include <gssapi.h>
51 # endif /* HAVE_GSS_GSSAPI_H */
52 # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
53 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
54 # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
55 # endif /* HAVE_GSSAPI */
56
57 # ifdef HAVE_AUTHORIZATION_H
58 # include <Security/Authorization.h>
59 # endif /* HAVE_AUTHORIZATION_H */
60
61 # if defined(__APPLE__) && !defined(_SOCKLEN_T)
62 /*
63 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
64 * unsigned type for length values...
65 */
66
67 typedef int socklen_t;
68 # endif /* __APPLE__ && !_SOCKLEN_T */
69
70 # include <cups/http.h>
71 # include "ipp-private.h"
72
73 # ifdef HAVE_GNUTLS
74 # include <gnutls/gnutls.h>
75 # include <gnutls/x509.h>
76 # elif defined(HAVE_CDSASSL)
77 # include <CoreFoundation/CoreFoundation.h>
78 # include <Security/Security.h>
79 # include <Security/SecureTransport.h>
80 # ifdef HAVE_SECURETRANSPORTPRIV_H
81 # include <Security/SecureTransportPriv.h>
82 # endif /* HAVE_SECURETRANSPORTPRIV_H */
83 # ifdef HAVE_SECITEM_H
84 # include <Security/SecItem.h>
85 # endif /* HAVE_SECITEM_H */
86 # ifdef HAVE_SECBASEPRIV_H
87 # include <Security/SecBasePriv.h>
88 # endif /* HAVE_SECBASEPRIV_H */
89 # ifdef HAVE_SECCERTIFICATE_H
90 # include <Security/SecCertificate.h>
91 # include <Security/SecIdentity.h>
92 # endif /* HAVE_SECCERTIFICATE_H */
93 # ifdef HAVE_SECCERTIFICATEPRIV_H
94 # include <Security/SecCertificatePriv.h>
95 # else
96 # ifdef __cplusplus
97 extern "C" {
98 # endif /* __cplusplus */
99 # ifndef _SECURITY_VERSION_GREATER_THAN_57610_
100 typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
101 kSecKeyUsageAll = 0x7FFFFFFF
102 };
103 # endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
104 extern const void * kSecCSRChallengePassword;
105 extern const void * kSecSubjectAltName;
106 extern const void * kSecCertificateKeyUsage;
107 extern const void * kSecCSRBasicContraintsPathLen;
108 extern const void * kSecCertificateExtensions;
109 extern const void * kSecCertificateExtensionsEncoded;
110 extern const void * kSecOidCommonName;
111 extern const void * kSecOidCountryName;
112 extern const void * kSecOidStateProvinceName;
113 extern const void * kSecOidLocalityName;
114 extern const void * kSecOidOrganization;
115 extern const void * kSecOidOrganizationalUnit;
116 extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
117 extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
118 extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
119 extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
120 extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
121 # ifdef __cplusplus
122 }
123 # endif /* __cplusplus */
124 # endif /* HAVE_SECCERTIFICATEPRIV_H */
125 # ifdef HAVE_SECITEMPRIV_H
126 # include <Security/SecItemPriv.h>
127 # endif /* HAVE_SECITEMPRIV_H */
128 # ifdef HAVE_SECIDENTITYSEARCHPRIV_H
129 # include <Security/SecIdentitySearchPriv.h>
130 # endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
131 # ifdef HAVE_SECPOLICYPRIV_H
132 # include <Security/SecPolicyPriv.h>
133 # endif /* HAVE_SECPOLICYPRIV_H */
134 # elif defined(HAVE_SSPISSL)
135 # include <wincrypt.h>
136 # include <wintrust.h>
137 # include <schannel.h>
138 # define SECURITY_WIN32
139 # include <security.h>
140 # include <sspi.h>
141 # endif /* HAVE_GNUTLS */
142
143 # ifndef WIN32
144 # include <net/if.h>
145 # include <resolv.h>
146 # ifdef HAVE_GETIFADDRS
147 # include <ifaddrs.h>
148 # else
149 # include <sys/ioctl.h>
150 # ifdef HAVE_SYS_SOCKIO_H
151 # include <sys/sockio.h>
152 # endif /* HAVE_SYS_SOCKIO_H */
153 # endif /* HAVE_GETIFADDRS */
154 # endif /* !WIN32 */
155
156 # ifdef HAVE_LIBZ
157 # include <zlib.h>
158 # endif /* HAVE_LIBZ */
159
160
161 /*
162 * C++ magic...
163 */
164
165 # ifdef __cplusplus
166 extern "C" {
167 # endif /* __cplusplus */
168
169
170 /*
171 * Constants...
172 */
173
174 # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
175 # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
176 # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
177 # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
178 # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
179
180 # define _HTTP_TLS_NONE 0 /* No TLS options */
181 # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
182 # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
183 # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
184 # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
185
186 # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
187 # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
188 # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
189 # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
190 # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
191 # define _HTTP_TLS_MAX 5 /* Highest known TLS version */
192
193
194 /*
195 * Types and functions for SSL support...
196 */
197
198 # ifdef HAVE_GNUTLS
199 /*
200 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
201 */
202
203 typedef gnutls_session_t http_tls_t;
204 typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
205
206 # elif defined(HAVE_CDSASSL)
207 /*
208 * Darwin's Security framework provides its own SSL/TLS context structure
209 * for its IO and protocol management...
210 */
211
212 # if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
213 extern const char *cssmErrorString(int error);
214 # endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
215 # if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
216 extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
217 CFStringRef idString, CSSM_KEYUSE keyUsage,
218 CFTypeRef keychainOrArray,
219 Boolean returnOnlyValidIdentities,
220 SecIdentitySearchRef* searchRef);
221 # endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
222 # if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
223 extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
224 const CSSM_DATA *value);
225 # endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
226
227 typedef SSLContextRef http_tls_t;
228 typedef CFArrayRef http_tls_credentials_t;
229
230 # elif defined(HAVE_SSPISSL)
231 /*
232 * Windows' SSPI library gets a CUPS wrapper...
233 */
234
235 typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/
236 {
237 CredHandle creds; /* Credentials */
238 CtxtHandle context; /* SSL context */
239 BOOL contextInitialized; /* Is context init'd? */
240 SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
241 BYTE *decryptBuffer; /* Data pre-decryption*/
242 size_t decryptBufferLength; /* Length of decrypt buffer */
243 size_t decryptBufferUsed; /* Bytes used in buffer */
244 BYTE *readBuffer; /* Data post-decryption */
245 int readBufferLength; /* Length of read buffer */
246 int readBufferUsed; /* Bytes used in buffer */
247 BYTE *writeBuffer; /* Data pre-encryption */
248 int writeBufferLength; /* Length of write buffer */
249 PCCERT_CONTEXT localCert, /* Local certificate */
250 remoteCert; /* Remote (peer's) certificate */
251 char error[256]; /* Most recent error message */
252 } _http_sspi_t;
253 typedef _http_sspi_t *http_tls_t;
254 typedef PCCERT_CONTEXT http_tls_credentials_t;
255
256 # else
257 /*
258 * Otherwise define stub types since we have no SSL support...
259 */
260
261 typedef void *http_tls_t;
262 typedef void *http_tls_credentials_t;
263 # endif /* HAVE_GNUTLS */
264
265 typedef enum _http_coding_e /**** HTTP content coding enumeration ****/
266 {
267 _HTTP_CODING_IDENTITY, /* No content coding */
268 _HTTP_CODING_GZIP, /* LZ77+gzip decompression */
269 _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */
270 _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */
271 _HTTP_CODING_INFLATE /* LZ77+zlib decompression */
272 } _http_coding_t;
273
274 typedef enum _http_mode_e /**** HTTP mode enumeration ****/
275 {
276 _HTTP_MODE_CLIENT, /* Client connected to server */
277 _HTTP_MODE_SERVER /* Server connected (accepted) from client */
278 } _http_mode_t;
279
280 # ifndef _HTTP_NO_PRIVATE
281 struct _http_s /**** HTTP connection structure ****/
282 {
283 int fd; /* File descriptor for this socket */
284 int blocking; /* To block or not to block */
285 int error; /* Last error on read */
286 time_t activity; /* Time since last read/write */
287 http_state_t state; /* State of client */
288 http_status_t status; /* Status of last request */
289 http_version_t version; /* Protocol version */
290 http_keepalive_t keep_alive; /* Keep-alive supported? */
291 struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */
292 char hostname[HTTP_MAX_HOST],
293 /* Name of connected host */
294 fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
295 /* Field values up to Accept-Encoding */
296 char *data; /* Pointer to data buffer */
297 http_encoding_t data_encoding; /* Chunked or not */
298 int _data_remaining;/* Number of bytes left (deprecated) */
299 int used; /* Number of bytes used in buffer */
300 char buffer[HTTP_MAX_BUFFER];
301 /* Buffer for incoming data */
302 int _auth_type; /* Authentication in use (deprecated) */
303 unsigned char _md5_state[88]; /* MD5 state (deprecated) */
304 char nonce[HTTP_MAX_VALUE];
305 /* Nonce value */
306 unsigned nonce_count; /* Nonce count */
307 http_tls_t tls; /* TLS state information */
308 http_encryption_t encryption; /* Encryption requirements */
309
310 /**** New in CUPS 1.1.19 ****/
311 fd_set *input_set; /* select() set for httpWait() (deprecated) */
312 http_status_t expect; /* Expect: header */
313 char *cookie; /* Cookie value(s) */
314
315 /**** New in CUPS 1.1.20 ****/
316 char _authstring[HTTP_MAX_VALUE],
317 /* Current Authorization value (deprecated) */
318 userpass[HTTP_MAX_VALUE];
319 /* Username:password string */
320 int digest_tries; /* Number of tries for digest auth */
321
322 /**** New in CUPS 1.2 ****/
323 off_t data_remaining; /* Number of bytes left */
324 http_addr_t *hostaddr; /* Current host address and port */
325 http_addrlist_t *addrlist; /* List of valid addresses */
326 char wbuffer[HTTP_MAX_BUFFER];
327 /* Buffer for outgoing data */
328 int wused; /* Write buffer bytes used */
329
330 /**** New in CUPS 1.3 ****/
331 char *field_authorization;
332 /* Authorization field */
333 char *authstring; /* Current Authorization field */
334 # ifdef HAVE_GSSAPI
335 gss_OID gssmech; /* Authentication mechanism */
336 gss_ctx_id_t gssctx; /* Authentication context */
337 gss_name_t gssname; /* Authentication server name */
338 # endif /* HAVE_GSSAPI */
339 # ifdef HAVE_AUTHORIZATION_H
340 AuthorizationRef auth_ref; /* Authorization ref */
341 # endif /* HAVE_AUTHORIZATION_H */
342
343 /**** New in CUPS 1.5 ****/
344 http_tls_credentials_t tls_credentials;
345 /* TLS credentials */
346 http_timeout_cb_t timeout_cb; /* Timeout callback */
347 void *timeout_data; /* User data pointer */
348 double timeout_value; /* Timeout in seconds */
349 int wait_value; /* httpWait value for timeout */
350 # ifdef HAVE_GSSAPI
351 char gsshost[256]; /* Hostname for Kerberos */
352 # endif /* HAVE_GSSAPI */
353
354 /**** New in CUPS 1.7 ****/
355 int tls_upgrade; /* Non-zero if we are doing an upgrade */
356 _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
357 char *accept_encoding,
358 /* Accept-Encoding field */
359 *allow, /* Allow field */
360 *server, /* Server field */
361 *default_accept_encoding,
362 *default_server,
363 *default_user_agent;
364 /* Default field values */
365 # ifdef HAVE_LIBZ
366 _http_coding_t coding; /* _HTTP_CODING_xxx */
367 z_stream stream; /* (De)compression stream */
368 Bytef *sbuffer; /* (De)compression buffer */
369 # endif /* HAVE_LIBZ */
370 };
371 # endif /* !_HTTP_NO_PRIVATE */
372
373
374 /*
375 * Some OS's don't have hstrerror(), most notably Solaris...
376 */
377
378 # ifndef HAVE_HSTRERROR
379 extern const char *_cups_hstrerror(int error);
380 # define hstrerror _cups_hstrerror
381 # endif /* !HAVE_HSTRERROR */
382
383
384 /*
385 * Some OS's don't have getifaddrs() and freeifaddrs()...
386 */
387
388 # if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
389 # ifdef ifa_dstaddr
390 # undef ifa_dstaddr
391 # endif /* ifa_dstaddr */
392 # ifndef ifr_netmask
393 # define ifr_netmask ifr_addr
394 # endif /* !ifr_netmask */
395
396 struct ifaddrs /**** Interface Structure ****/
397 {
398 struct ifaddrs *ifa_next; /* Next interface in list */
399 char *ifa_name; /* Name of interface */
400 unsigned int ifa_flags; /* Flags (up, point-to-point, etc.) */
401 struct sockaddr *ifa_addr, /* Network address */
402 *ifa_netmask; /* Address mask */
403 union
404 {
405 struct sockaddr *ifu_broadaddr; /* Broadcast address of this interface. */
406 struct sockaddr *ifu_dstaddr; /* Point-to-point destination address. */
407 } ifa_ifu;
408
409 void *ifa_data; /* Interface statistics */
410 };
411
412 # ifndef ifa_broadaddr
413 # define ifa_broadaddr ifa_ifu.ifu_broadaddr
414 # endif /* !ifa_broadaddr */
415 # ifndef ifa_dstaddr
416 # define ifa_dstaddr ifa_ifu.ifu_dstaddr
417 # endif /* !ifa_dstaddr */
418
419 extern int _cups_getifaddrs(struct ifaddrs **addrs);
420 # define getifaddrs _cups_getifaddrs
421 extern void _cups_freeifaddrs(struct ifaddrs *addrs);
422 # define freeifaddrs _cups_freeifaddrs
423 # endif /* !WIN32 && !HAVE_GETIFADDRS */
424
425
426 /*
427 * Prototypes...
428 */
429
430 extern void _httpAddrSetPort(http_addr_t *addr, int port);
431 extern http_tls_credentials_t
432 _httpCreateCredentials(cups_array_t *credentials);
433 extern char *_httpDecodeURI(char *dst, const char *src,
434 size_t dstsize);
435 extern char *_httpDigest(char *buffer, size_t bufsize, const char *algorithm, const char *username, const char *realm, const char *password, const char *nonce, unsigned nc, const char *cnonce, const char *qop, const char *method, const char *resource);
436 extern void _httpDisconnect(http_t *http);
437 extern char *_httpEncodeURI(char *dst, const char *src,
438 size_t dstsize);
439 extern void _httpFreeCredentials(http_tls_credentials_t credentials);
440 extern const char *_httpResolveURI(const char *uri, char *resolved_uri,
441 size_t resolved_size, int options,
442 int (*cb)(void *context),
443 void *context);
444 extern const char *_httpStatus(cups_lang_t *lang, http_status_t status);
445 extern void _httpTLSInitialize(void);
446 extern size_t _httpTLSPending(http_t *http);
447 extern int _httpTLSRead(http_t *http, char *buf, int len);
448 extern int _httpTLSSetCredentials(http_t *http);
449 extern void _httpTLSSetOptions(int options, int min_version, int max_version);
450 extern int _httpTLSStart(http_t *http);
451 extern void _httpTLSStop(http_t *http);
452 extern int _httpTLSWrite(http_t *http, const char *buf, int len);
453 extern int _httpUpdate(http_t *http, http_status_t *status);
454 extern int _httpWait(http_t *http, int msec, int usessl);
455
456
457 /*
458 * C++ magic...
459 */
460
461 # ifdef __cplusplus
462 }
463 # endif /* __cplusplus */
464
465 #endif /* !_CUPS_HTTP_PRIVATE_H_ */
Unnamed repository; edit this file 'description' to name the repository.