]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/http-private.h
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
License change: Apache License, Version 2.0.
[thirdparty/cups.git] / cups / http-private.h
1 /*
2 * Private HTTP definitions for CUPS.
3 *
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
6 *
7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
8 */
9
10 #ifndef _CUPS_HTTP_PRIVATE_H_
11 # define _CUPS_HTTP_PRIVATE_H_
12
13 /*
14 * Include necessary headers...
15 */
16
17 # include "config.h"
18 # include <cups/language.h>
19 # include <stddef.h>
20 # include <stdlib.h>
21
22 # ifdef __sun
23 # include <sys/select.h>
24 # endif /* __sun */
25
26 # include <limits.h>
27 # ifdef WIN32
28 # include <io.h>
29 # include <winsock2.h>
30 # define CUPS_SOCAST (const char *)
31 # else
32 # include <unistd.h>
33 # include <fcntl.h>
34 # include <sys/socket.h>
35 # define CUPS_SOCAST
36 # endif /* WIN32 */
37
38 # ifdef HAVE_GSSAPI
39 # ifdef HAVE_GSS_GSSAPI_H
40 # include <GSS/gssapi.h>
41 # elif defined(HAVE_GSSAPI_GSSAPI_H)
42 # include <gssapi/gssapi.h>
43 # elif defined(HAVE_GSSAPI_H)
44 # include <gssapi.h>
45 # endif /* HAVE_GSS_GSSAPI_H */
46 # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
47 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
48 # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
49 # endif /* HAVE_GSSAPI */
50
51 # ifdef HAVE_AUTHORIZATION_H
52 # include <Security/Authorization.h>
53 # endif /* HAVE_AUTHORIZATION_H */
54
55 # if defined(__APPLE__) && !defined(_SOCKLEN_T)
56 /*
57 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
58 * unsigned type for length values...
59 */
60
61 typedef int socklen_t;
62 # endif /* __APPLE__ && !_SOCKLEN_T */
63
64 # include <cups/http.h>
65 # include "ipp-private.h"
66
67 # ifdef HAVE_GNUTLS
68 # include <gnutls/gnutls.h>
69 # include <gnutls/x509.h>
70 # elif defined(HAVE_CDSASSL)
71 # include <CoreFoundation/CoreFoundation.h>
72 # include <Security/Security.h>
73 # include <Security/SecureTransport.h>
74 # ifdef HAVE_SECURETRANSPORTPRIV_H
75 # include <Security/SecureTransportPriv.h>
76 # endif /* HAVE_SECURETRANSPORTPRIV_H */
77 # ifdef HAVE_SECITEM_H
78 # include <Security/SecItem.h>
79 # endif /* HAVE_SECITEM_H */
80 # ifdef HAVE_SECBASEPRIV_H
81 # include <Security/SecBasePriv.h>
82 # endif /* HAVE_SECBASEPRIV_H */
83 # ifdef HAVE_SECCERTIFICATE_H
84 # include <Security/SecCertificate.h>
85 # include <Security/SecIdentity.h>
86 # endif /* HAVE_SECCERTIFICATE_H */
87 # ifdef HAVE_SECCERTIFICATEPRIV_H
88 # include <Security/SecCertificatePriv.h>
89 # else
90 # ifdef __cplusplus
91 extern "C" {
92 # endif /* __cplusplus */
93 # ifndef _SECURITY_VERSION_GREATER_THAN_57610_
94 typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
95 kSecKeyUsageAll = 0x7FFFFFFF
96 };
97 # endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
98 extern const void * kSecCSRChallengePassword;
99 extern const void * kSecSubjectAltName;
100 extern const void * kSecCertificateKeyUsage;
101 extern const void * kSecCSRBasicContraintsPathLen;
102 extern const void * kSecCertificateExtensions;
103 extern const void * kSecCertificateExtensionsEncoded;
104 extern const void * kSecOidCommonName;
105 extern const void * kSecOidCountryName;
106 extern const void * kSecOidStateProvinceName;
107 extern const void * kSecOidLocalityName;
108 extern const void * kSecOidOrganization;
109 extern const void * kSecOidOrganizationalUnit;
110 extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
111 extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
112 extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
113 extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
114 extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
115 # ifdef __cplusplus
116 }
117 # endif /* __cplusplus */
118 # endif /* HAVE_SECCERTIFICATEPRIV_H */
119 # ifdef HAVE_SECITEMPRIV_H
120 # include <Security/SecItemPriv.h>
121 # endif /* HAVE_SECITEMPRIV_H */
122 # ifdef HAVE_SECIDENTITYSEARCHPRIV_H
123 # include <Security/SecIdentitySearchPriv.h>
124 # endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
125 # ifdef HAVE_SECPOLICYPRIV_H
126 # include <Security/SecPolicyPriv.h>
127 # endif /* HAVE_SECPOLICYPRIV_H */
128 # elif defined(HAVE_SSPISSL)
129 # include <wincrypt.h>
130 # include <wintrust.h>
131 # include <schannel.h>
132 # define SECURITY_WIN32
133 # include <security.h>
134 # include <sspi.h>
135 # endif /* HAVE_GNUTLS */
136
137 # ifndef WIN32
138 # include <net/if.h>
139 # include <resolv.h>
140 # ifdef HAVE_GETIFADDRS
141 # include <ifaddrs.h>
142 # else
143 # include <sys/ioctl.h>
144 # ifdef HAVE_SYS_SOCKIO_H
145 # include <sys/sockio.h>
146 # endif /* HAVE_SYS_SOCKIO_H */
147 # endif /* HAVE_GETIFADDRS */
148 # endif /* !WIN32 */
149
150 # ifdef HAVE_LIBZ
151 # include <zlib.h>
152 # endif /* HAVE_LIBZ */
153
154
155 /*
156 * C++ magic...
157 */
158
159 # ifdef __cplusplus
160 extern "C" {
161 # endif /* __cplusplus */
162
163
164 /*
165 * Constants...
166 */
167
168 # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
169 # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
170 # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
171 # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
172 # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
173
174 # define _HTTP_TLS_NONE 0 /* No TLS options */
175 # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
176 # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
177 # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
178 # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
179
180 # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
181 # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
182 # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
183 # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
184 # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
185 # define _HTTP_TLS_MAX 5 /* Highest known TLS version */
186
187
188 /*
189 * Types and functions for SSL support...
190 */
191
192 # ifdef HAVE_GNUTLS
193 /*
194 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
195 */
196
197 typedef gnutls_session_t http_tls_t;
198 typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
199
200 # elif defined(HAVE_CDSASSL)
201 /*
202 * Darwin's Security framework provides its own SSL/TLS context structure
203 * for its IO and protocol management...
204 */
205
206 # if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
207 extern const char *cssmErrorString(int error);
208 # endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
209 # if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
210 extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
211 CFStringRef idString, CSSM_KEYUSE keyUsage,
212 CFTypeRef keychainOrArray,
213 Boolean returnOnlyValidIdentities,
214 SecIdentitySearchRef* searchRef);
215 # endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
216 # if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
217 extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
218 const CSSM_DATA *value);
219 # endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
220
221 typedef SSLContextRef http_tls_t;
222 typedef CFArrayRef http_tls_credentials_t;
223
224 # elif defined(HAVE_SSPISSL)
225 /*
226 * Windows' SSPI library gets a CUPS wrapper...
227 */
228
229 typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/
230 {
231 CredHandle creds; /* Credentials */
232 CtxtHandle context; /* SSL context */
233 BOOL contextInitialized; /* Is context init'd? */
234 SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
235 BYTE *decryptBuffer; /* Data pre-decryption*/
236 size_t decryptBufferLength; /* Length of decrypt buffer */
237 size_t decryptBufferUsed; /* Bytes used in buffer */
238 BYTE *readBuffer; /* Data post-decryption */
239 int readBufferLength; /* Length of read buffer */
240 int readBufferUsed; /* Bytes used in buffer */
241 BYTE *writeBuffer; /* Data pre-encryption */
242 int writeBufferLength; /* Length of write buffer */
243 PCCERT_CONTEXT localCert, /* Local certificate */
244 remoteCert; /* Remote (peer's) certificate */
245 char error[256]; /* Most recent error message */
246 } _http_sspi_t;
247 typedef _http_sspi_t *http_tls_t;
248 typedef PCCERT_CONTEXT http_tls_credentials_t;
249
250 # else
251 /*
252 * Otherwise define stub types since we have no SSL support...
253 */
254
255 typedef void *http_tls_t;
256 typedef void *http_tls_credentials_t;
257 # endif /* HAVE_GNUTLS */
258
259 typedef enum _http_coding_e /**** HTTP content coding enumeration ****/
260 {
261 _HTTP_CODING_IDENTITY, /* No content coding */
262 _HTTP_CODING_GZIP, /* LZ77+gzip decompression */
263 _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */
264 _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */
265 _HTTP_CODING_INFLATE /* LZ77+zlib decompression */
266 } _http_coding_t;
267
268 typedef enum _http_mode_e /**** HTTP mode enumeration ****/
269 {
270 _HTTP_MODE_CLIENT, /* Client connected to server */
271 _HTTP_MODE_SERVER /* Server connected (accepted) from client */
272 } _http_mode_t;
273
274 # ifndef _HTTP_NO_PRIVATE
275 struct _http_s /**** HTTP connection structure ****/
276 {
277 int fd; /* File descriptor for this socket */
278 int blocking; /* To block or not to block */
279 int error; /* Last error on read */
280 time_t activity; /* Time since last read/write */
281 http_state_t state; /* State of client */
282 http_status_t status; /* Status of last request */
283 http_version_t version; /* Protocol version */
284 http_keepalive_t keep_alive; /* Keep-alive supported? */
285 struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */
286 char hostname[HTTP_MAX_HOST],
287 /* Name of connected host */
288 fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
289 /* Field values up to Accept-Encoding */
290 char *data; /* Pointer to data buffer */
291 http_encoding_t data_encoding; /* Chunked or not */
292 int _data_remaining;/* Number of bytes left (deprecated) */
293 int used; /* Number of bytes used in buffer */
294 char buffer[HTTP_MAX_BUFFER];
295 /* Buffer for incoming data */
296 int _auth_type; /* Authentication in use (deprecated) */
297 unsigned char _md5_state[88]; /* MD5 state (deprecated) */
298 char nonce[HTTP_MAX_VALUE];
299 /* Nonce value */
300 unsigned nonce_count; /* Nonce count */
301 http_tls_t tls; /* TLS state information */
302 http_encryption_t encryption; /* Encryption requirements */
303
304 /**** New in CUPS 1.1.19 ****/
305 fd_set *input_set; /* select() set for httpWait() (deprecated) */
306 http_status_t expect; /* Expect: header */
307 char *cookie; /* Cookie value(s) */
308
309 /**** New in CUPS 1.1.20 ****/
310 char _authstring[HTTP_MAX_VALUE],
311 /* Current Authorization value (deprecated) */
312 userpass[HTTP_MAX_VALUE];
313 /* Username:password string */
314 int digest_tries; /* Number of tries for digest auth */
315
316 /**** New in CUPS 1.2 ****/
317 off_t data_remaining; /* Number of bytes left */
318 http_addr_t *hostaddr; /* Current host address and port */
319 http_addrlist_t *addrlist; /* List of valid addresses */
320 char wbuffer[HTTP_MAX_BUFFER];
321 /* Buffer for outgoing data */
322 int wused; /* Write buffer bytes used */
323
324 /**** New in CUPS 1.3 ****/
325 char *field_authorization;
326 /* Authorization field */
327 char *authstring; /* Current Authorization field */
328 # ifdef HAVE_GSSAPI
329 gss_OID gssmech; /* Authentication mechanism */
330 gss_ctx_id_t gssctx; /* Authentication context */
331 gss_name_t gssname; /* Authentication server name */
332 # endif /* HAVE_GSSAPI */
333 # ifdef HAVE_AUTHORIZATION_H
334 AuthorizationRef auth_ref; /* Authorization ref */
335 # endif /* HAVE_AUTHORIZATION_H */
336
337 /**** New in CUPS 1.5 ****/
338 http_tls_credentials_t tls_credentials;
339 /* TLS credentials */
340 http_timeout_cb_t timeout_cb; /* Timeout callback */
341 void *timeout_data; /* User data pointer */
342 double timeout_value; /* Timeout in seconds */
343 int wait_value; /* httpWait value for timeout */
344 # ifdef HAVE_GSSAPI
345 char gsshost[256]; /* Hostname for Kerberos */
346 # endif /* HAVE_GSSAPI */
347
348 /**** New in CUPS 1.7 ****/
349 int tls_upgrade; /* Non-zero if we are doing an upgrade */
350 _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
351 char *accept_encoding,
352 /* Accept-Encoding field */
353 *allow, /* Allow field */
354 *server, /* Server field */
355 *default_accept_encoding,
356 *default_server,
357 *default_user_agent;
358 /* Default field values */
359 # ifdef HAVE_LIBZ
360 _http_coding_t coding; /* _HTTP_CODING_xxx */
361 z_stream stream; /* (De)compression stream */
362 Bytef *sbuffer; /* (De)compression buffer */
363 # endif /* HAVE_LIBZ */
364
365 /**** New in CUPS 2.3 ****/
366 char *www_authenticate;
367 /* WWW-Authenticate value */
368 };
369 # endif /* !_HTTP_NO_PRIVATE */
370
371
372 /*
373 * Some OS's don't have hstrerror(), most notably Solaris...
374 */
375
376 # ifndef HAVE_HSTRERROR
377 extern const char *_cups_hstrerror(int error);
378 # define hstrerror _cups_hstrerror
379 # endif /* !HAVE_HSTRERROR */
380
381
382 /*
383 * Some OS's don't have getifaddrs() and freeifaddrs()...
384 */
385
386 # if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
387 # ifdef ifa_dstaddr
388 # undef ifa_dstaddr
389 # endif /* ifa_dstaddr */
390 # ifndef ifr_netmask
391 # define ifr_netmask ifr_addr
392 # endif /* !ifr_netmask */
393
394 struct ifaddrs /**** Interface Structure ****/
395 {
396 struct ifaddrs *ifa_next; /* Next interface in list */
397 char *ifa_name; /* Name of interface */
398 unsigned int ifa_flags; /* Flags (up, point-to-point, etc.) */
399 struct sockaddr *ifa_addr, /* Network address */
400 *ifa_netmask; /* Address mask */
401 union
402 {
403 struct sockaddr *ifu_broadaddr; /* Broadcast address of this interface. */
404 struct sockaddr *ifu_dstaddr; /* Point-to-point destination address. */
405 } ifa_ifu;
406
407 void *ifa_data; /* Interface statistics */
408 };
409
410 # ifndef ifa_broadaddr
411 # define ifa_broadaddr ifa_ifu.ifu_broadaddr
412 # endif /* !ifa_broadaddr */
413 # ifndef ifa_dstaddr
414 # define ifa_dstaddr ifa_ifu.ifu_dstaddr
415 # endif /* !ifa_dstaddr */
416
417 extern int _cups_getifaddrs(struct ifaddrs **addrs);
418 # define getifaddrs _cups_getifaddrs
419 extern void _cups_freeifaddrs(struct ifaddrs *addrs);
420 # define freeifaddrs _cups_freeifaddrs
421 # endif /* !WIN32 && !HAVE_GETIFADDRS */
422
423
424 /*
425 * Prototypes...
426 */
427
428 extern void _httpAddrSetPort(http_addr_t *addr, int port);
429 extern http_tls_credentials_t
430 _httpCreateCredentials(cups_array_t *credentials);
431 extern char *_httpDecodeURI(char *dst, const char *src,
432 size_t dstsize);
433 extern void _httpDisconnect(http_t *http);
434 extern char *_httpEncodeURI(char *dst, const char *src,
435 size_t dstsize);
436 extern void _httpFreeCredentials(http_tls_credentials_t credentials);
437 extern const char *_httpResolveURI(const char *uri, char *resolved_uri,
438 size_t resolved_size, int options,
439 int (*cb)(void *context),
440 void *context);
441 extern const char *_httpStatus(cups_lang_t *lang, http_status_t status);
442 extern void _httpTLSInitialize(void);
443 extern size_t _httpTLSPending(http_t *http);
444 extern int _httpTLSRead(http_t *http, char *buf, int len);
445 extern int _httpTLSSetCredentials(http_t *http);
446 extern void _httpTLSSetOptions(int options, int min_version, int max_version);
447 extern int _httpTLSStart(http_t *http);
448 extern void _httpTLSStop(http_t *http);
449 extern int _httpTLSWrite(http_t *http, const char *buf, int len);
450 extern int _httpUpdate(http_t *http, http_status_t *status);
451 extern int _httpWait(http_t *http, int msec, int usessl);
452
453
454 /*
455 * C++ magic...
456 */
457
458 # ifdef __cplusplus
459 }
460 # endif /* __cplusplus */
461
462 #endif /* !_CUPS_HTTP_PRIVATE_H_ */
Unnamed repository; edit this file 'description' to name the repository.