]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/http.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge changes from CUPS 1.5svn-r9313.
[thirdparty/cups.git] / cups / http.c
1 /*
2 * "$Id: http.c 7850 2008-08-20 00:07:25Z mike $"
3 *
4 * HTTP routines for CUPS.
5 *
6 * Copyright 2007-2010 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * This file contains Kerberos support code, copyright 2006 by
10 * Jelmer Vernooij.
11 *
12 * These coded instructions, statements, and computer programs are the
13 * property of Apple Inc. and are protected by Federal copyright
14 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
15 * which should have been included with this file. If this file is
16 * file is missing or damaged, see the license at "http://www.cups.org/".
17 *
18 * This file is subject to the Apple OS-Developed Software exception.
19 *
20 * Contents:
21 *
22 * httpAddCredential() - Allocates and adds a single credential to an
23 * array.
24 * _httpBIOMethods() - Get the OpenSSL BIO methods for HTTP
25 * connections.
26 * httpBlocking() - Set blocking/non-blocking behavior on a
27 * connection.
28 * httpCheck() - Check to see if there is a pending response
29 * from the server.
30 * httpClearCookie() - Clear the cookie value(s).
31 * httpClearFields() - Clear HTTP request fields.
32 * httpClose() - Close an HTTP connection.
33 * httpConnect() - Connect to a HTTP server.
34 * httpConnectEncrypt() - Connect to a HTTP server using encryption.
35 * httpCopyCredentials() - Copy the credentials associated with an
36 * encrypted connection.
37 * _httpConvertCredentials() - Convert credentials to the internal format.
38 * _httpCreate() - Create an unconnected HTTP connection.
39 * httpDelete() - Send a DELETE request to the server.
40 * _httpDisconnect() - Disconnect a HTTP connection.
41 * httpEncryption() - Set the required encryption on the link.
42 * httpError() - Get the last error on a connection.
43 * httpFlush() - Flush data from a HTTP connection.
44 * httpFlushWrite() - Flush data in write buffer.
45 * _httpFreeCredentials() - Free internal credentials.
46 * httpFreeCredentials() - Free an array of credentials.
47 * httpGet() - Send a GET request to the server.
48 * httpGetAuthString() - Get the current authorization string.
49 * httpGetBlocking() - Get the blocking/non-block state of a
50 * connection.
51 * httpGetCookie() - Get any cookie data from the response.
52 * httpGetFd() - Get the file descriptor associated with a
53 * connection.
54 * httpGetField() - Get a field value from a request/response.
55 * httpGetLength() - Get the amount of data remaining from the
56 * content-length or transfer-encoding fields.
57 * httpGetLength2() - Get the amount of data remaining from the
58 * content-length or transfer-encoding fields.
59 * httpGetStatus() - Get the status of the last HTTP request.
60 * httpGetSubField() - Get a sub-field value.
61 * httpGetSubField2() - Get a sub-field value.
62 * httpGets() - Get a line of text from a HTTP connection.
63 * httpHead() - Send a HEAD request to the server.
64 * httpInitialize() - Initialize the HTTP interface library and set
65 * the default HTTP proxy (if any).
66 * httpOptions() - Send an OPTIONS request to the server.
67 * _httpPeek() - Peek at data from a HTTP connection.
68 * httpPost() - Send a POST request to the server.
69 * httpPrintf() - Print a formatted string to a HTTP connection.
70 * httpPut() - Send a PUT request to the server.
71 * httpRead() - Read data from a HTTP connection.
72 * httpRead2() - Read data from a HTTP connection.
73 * _httpReadCDSA() - Read function for the CDSA library.
74 * _httpReadGNUTLS() - Read function for the GNU TLS library.
75 * httpReconnect() - Reconnect to a HTTP server.
76 * httpSetAuthString() - Set the current authorization string.
77 * httpSetCredentials() - Set the credentials associated with an
78 * encrypted connection.
79 * httpSetCookie() - Set the cookie value(s).
80 * httpSetExpect() - Set the Expect: header in a request.
81 * httpSetField() - Set the value of an HTTP header.
82 * httpSetLength() - Set the content-length and content-encoding.
83 * httpTrace() - Send an TRACE request to the server.
84 * httpUpdate() - Update the current HTTP state for incoming
85 * data.
86 * _httpWait() - Wait for data available on a connection (no
87 * flush).
88 * httpWait() - Wait for data available on a connection.
89 * httpWrite() - Write data to a HTTP connection.
90 * httpWrite2() - Write data to a HTTP connection.
91 * _httpWriteCDSA() - Write function for the CDSA library.
92 * _httpWriteGNUTLS() - Write function for the GNU TLS library.
93 * http_bio_ctrl() - Control the HTTP connection.
94 * http_bio_free() - Free OpenSSL data.
95 * http_bio_new() - Initialize an OpenSSL BIO structure.
96 * http_bio_puts() - Send a string for OpenSSL.
97 * http_bio_read() - Read data for OpenSSL.
98 * http_bio_write() - Write data for OpenSSL.
99 * http_debug_hex() - Do a hex dump of a buffer.
100 * http_field() - Return the field index for a field name.
101 * http_read_ssl() - Read from a SSL/TLS connection.
102 * http_locking_cb() - Lock/unlock a thread's mutex.
103 * http_send() - Send a request with all fields and the trailing
104 * blank line.
105 * http_set_credentials() - Set the SSL/TLS credentials.
106 * http_setup_ssl() - Set up SSL/TLS support on a connection.
107 * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
108 * http_threadid_cb() - Return the current thread ID.
109 * http_upgrade() - Force upgrade to TLS encryption.
110 * http_write() - Write a buffer to a HTTP connection.
111 * http_write_chunk() - Write a chunked buffer.
112 * http_write_ssl() - Write to a SSL/TLS connection.
113 */
114
115 /*
116 * Include necessary headers...
117 */
118
119 #include "cups-private.h"
120 #include <fcntl.h>
121 #ifdef WIN32
122 # include <tchar.h>
123 #else
124 # include <signal.h>
125 # include <sys/time.h>
126 # include <sys/resource.h>
127 #endif /* WIN32 */
128 #ifdef HAVE_POLL
129 # include <sys/poll.h>
130 #endif /* HAVE_POLL */
131
132
133 /*
134 * Some operating systems have done away with the Fxxxx constants for
135 * the fcntl() call; this works around that "feature"...
136 */
137
138 #ifndef FNONBLK
139 # define FNONBLK O_NONBLOCK
140 #endif /* !FNONBLK */
141
142
143 /*
144 * Local functions...
145 */
146
147 #ifdef DEBUG
148 static void http_debug_hex(const char *prefix, const char *buffer,
149 int bytes);
150 #endif /* DEBUG */
151 static http_field_t http_field(const char *name);
152 static int http_send(http_t *http, http_state_t request,
153 const char *uri);
154 static int http_write(http_t *http, const char *buffer,
155 int length);
156 static int http_write_chunk(http_t *http, const char *buffer,
157 int length);
158 #ifdef HAVE_SSL
159 static int http_read_ssl(http_t *http, char *buf, int len);
160 static int http_set_credentials(http_t *http);
161 static int http_setup_ssl(http_t *http);
162 static void http_shutdown_ssl(http_t *http);
163 static int http_upgrade(http_t *http);
164 static int http_write_ssl(http_t *http, const char *buf, int len);
165
166 # ifdef HAVE_GNUTLS
167 # ifdef HAVE_PTHREAD_H
168 GCRY_THREAD_OPTION_PTHREAD_IMPL;
169 # endif /* HAVE_PTHREAD_H */
170
171 # elif defined(HAVE_LIBSSL)
172 static _cups_mutex_t *http_locks; /* OpenSSL lock mutexes */
173
174 static void http_locking_cb(int mode, int type, const char *file,
175 int line);
176 static unsigned long http_threadid_cb(void);
177 # endif /* HAVE_GNUTLS */
178 #endif /* HAVE_SSL */
179
180
181 /*
182 * Local globals...
183 */
184
185 static const char * const http_fields[] =
186 {
187 "Accept-Language",
188 "Accept-Ranges",
189 "Authorization",
190 "Connection",
191 "Content-Encoding",
192 "Content-Language",
193 "Content-Length",
194 "Content-Location",
195 "Content-MD5",
196 "Content-Range",
197 "Content-Type",
198 "Content-Version",
199 "Date",
200 "Host",
201 "If-Modified-Since",
202 "If-Unmodified-since",
203 "Keep-Alive",
204 "Last-Modified",
205 "Link",
206 "Location",
207 "Range",
208 "Referer",
209 "Retry-After",
210 "Transfer-Encoding",
211 "Upgrade",
212 "User-Agent",
213 "WWW-Authenticate"
214 };
215 #ifdef DEBUG
216 static const char * const http_states[] =
217 {
218 "HTTP_WAITING",
219 "HTTP_OPTIONS",
220 "HTTP_GET",
221 "HTTP_GET_SEND",
222 "HTTP_HEAD",
223 "HTTP_POST",
224 "HTTP_POST_RECV",
225 "HTTP_POST_SEND",
226 "HTTP_PUT",
227 "HTTP_PUT_RECV",
228 "HTTP_DELETE",
229 "HTTP_TRACE",
230 "HTTP_CLOSE",
231 "HTTP_STATUS"
232 };
233 #endif /* DEBUG */
234
235
236 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
237 /*
238 * BIO methods for OpenSSL...
239 */
240
241 static int http_bio_write(BIO *h, const char *buf, int num);
242 static int http_bio_read(BIO *h, char *buf, int size);
243 static int http_bio_puts(BIO *h, const char *str);
244 static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
245 static int http_bio_new(BIO *h);
246 static int http_bio_free(BIO *data);
247
248 static BIO_METHOD http_bio_methods =
249 {
250 BIO_TYPE_SOCKET,
251 "http",
252 http_bio_write,
253 http_bio_read,
254 http_bio_puts,
255 NULL, /* http_bio_gets, */
256 http_bio_ctrl,
257 http_bio_new,
258 http_bio_free,
259 NULL,
260 };
261 #endif /* HAVE_SSL && HAVE_LIBSSL */
262
263
264 /*
265 * 'httpAddCredential()' - Allocates and adds a single credential to an array.
266 *
267 * Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array.
268 *
269 * @since CUPS 1.5@
270 */
271
272 int /* O - 0 on success, -1 on error */
273 httpAddCredential(
274 cups_array_t *credentials, /* I - Credentials array */
275 const void *data, /* I - PEM-encoded X.509 data */
276 size_t datalen) /* I - Length of data */
277 {
278 http_credential_t *credential; /* Credential data */
279
280
281 if ((credential = malloc(sizeof(http_credential_t))) != NULL)
282 {
283 credential->datalen = datalen;
284
285 if ((credential->data = malloc(datalen)) != NULL)
286 {
287 memcpy(credential->data, data, datalen);
288 cupsArrayAdd(credentials, credential);
289 return (0);
290 }
291
292 free(credential);
293 }
294
295 return (-1);
296 }
297
298
299 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
300 /*
301 * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
302 */
303
304 BIO_METHOD * /* O - BIO methods for OpenSSL */
305 _httpBIOMethods(void)
306 {
307 return (&http_bio_methods);
308 }
309 #endif /* HAVE_SSL && HAVE_LIBSSL */
310
311
312 /*
313 * 'httpBlocking()' - Set blocking/non-blocking behavior on a connection.
314 */
315
316 void
317 httpBlocking(http_t *http, /* I - Connection to server */
318 int b) /* I - 1 = blocking, 0 = non-blocking */
319 {
320 if (http)
321 http->blocking = b;
322 }
323
324
325 /*
326 * 'httpCheck()' - Check to see if there is a pending response from the server.
327 */
328
329 int /* O - 0 = no data, 1 = data available */
330 httpCheck(http_t *http) /* I - Connection to server */
331 {
332 return (httpWait(http, 0));
333 }
334
335
336 /*
337 * 'httpClearCookie()' - Clear the cookie value(s).
338 *
339 * @since CUPS 1.1.19/Mac OS X 10.3@
340 */
341
342 void
343 httpClearCookie(http_t *http) /* I - Connection to server */
344 {
345 if (!http)
346 return;
347
348 if (http->cookie)
349 {
350 free(http->cookie);
351 http->cookie = NULL;
352 }
353 }
354
355
356 /*
357 * 'httpClearFields()' - Clear HTTP request fields.
358 */
359
360 void
361 httpClearFields(http_t *http) /* I - Connection to server */
362 {
363 if (http)
364 {
365 memset(http->fields, 0, sizeof(http->fields));
366 if (http->hostname[0] == '/')
367 httpSetField(http, HTTP_FIELD_HOST, "localhost");
368 else
369 httpSetField(http, HTTP_FIELD_HOST, http->hostname);
370
371 if (http->field_authorization)
372 {
373 free(http->field_authorization);
374 http->field_authorization = NULL;
375 }
376
377 http->expect = (http_status_t)0;
378 }
379 }
380
381
382 /*
383 * 'httpClose()' - Close an HTTP connection.
384 */
385
386 void
387 httpClose(http_t *http) /* I - Connection to server */
388 {
389 #ifdef HAVE_GSSAPI
390 OM_uint32 minor_status; /* Minor status code */
391 #endif /* HAVE_GSSAPI */
392
393
394 DEBUG_printf(("httpClose(http=%p)", http));
395
396 /*
397 * Range check input...
398 */
399
400 if (!http)
401 return;
402
403 /*
404 * Close any open connection...
405 */
406
407 _httpDisconnect(http);
408
409 /*
410 * Free memory used...
411 */
412
413 httpAddrFreeList(http->addrlist);
414
415 if (http->cookie)
416 free(http->cookie);
417
418 #ifdef HAVE_GSSAPI
419 if (http->gssctx != GSS_C_NO_CONTEXT)
420 gss_delete_sec_context(&minor_status, &http->gssctx, GSS_C_NO_BUFFER);
421
422 if (http->gssname != GSS_C_NO_NAME)
423 gss_release_name(&minor_status, &http->gssname);
424 #endif /* HAVE_GSSAPI */
425
426 #ifdef HAVE_AUTHORIZATION_H
427 if (http->auth_ref)
428 AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults);
429 #endif /* HAVE_AUTHORIZATION_H */
430
431 httpClearFields(http);
432
433 if (http->authstring && http->authstring != http->_authstring)
434 free(http->authstring);
435
436 free(http);
437 }
438
439
440 /*
441 * 'httpConnect()' - Connect to a HTTP server.
442 *
443 * This function is deprecated - use @link httpConnectEncrypt@ instead.
444 *
445 * @deprecated@
446 */
447
448 http_t * /* O - New HTTP connection */
449 httpConnect(const char *host, /* I - Host to connect to */
450 int port) /* I - Port number */
451 {
452 return (httpConnectEncrypt(host, port, HTTP_ENCRYPT_IF_REQUESTED));
453 }
454
455
456 /*
457 * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
458 */
459
460 http_t * /* O - New HTTP connection */
461 httpConnectEncrypt(
462 const char *host, /* I - Host to connect to */
463 int port, /* I - Port number */
464 http_encryption_t encryption) /* I - Type of encryption to use */
465 {
466 http_t *http; /* New HTTP connection */
467
468
469 DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)",
470 host, port, encryption));
471
472 /*
473 * Create the HTTP structure...
474 */
475
476 if ((http = _httpCreate(host, port, encryption)) == NULL)
477 return (NULL);
478
479 /*
480 * Connect to the remote system...
481 */
482
483 if (!httpReconnect(http))
484 return (http);
485
486 /*
487 * Could not connect to any known address - bail out!
488 */
489
490 httpAddrFreeList(http->addrlist);
491
492 free(http);
493
494 return (NULL);
495 }
496
497
498 /*
499 * 'httpCopyCredentials()' - Copy the credentials associated with an encrypted
500 * connection.
501 *
502 * @since CUPS 1.5@
503 */
504
505 int /* O - Status of call (0 = success) */
506 httpCopyCredentials(
507 http_t *http, /* I - Connection to server */
508 cups_array_t **credentials) /* O - Array of credentials */
509 {
510 # ifdef HAVE_LIBSSL
511 # elif defined(HAVE_GNUTLS)
512 # elif defined(HAVE_CDSASSL)
513 OSStatus error; /* Error code */
514 CFIndex count; /* Number of credentials */
515 CFArrayRef peerCerts; /* Peer certificates */
516 SecCertificateRef secCert; /* Certificate reference */
517 CFDataRef data; /* Certificate data */
518 int i; /* Looping var */
519 # elif defined(HAVE_SSPISSL)
520 # endif /* HAVE_LIBSSL */
521
522
523 if (credentials)
524 *credentials = NULL;
525
526 if (!http || !http->tls || !credentials)
527 return (-1);
528
529 # ifdef HAVE_LIBSSL
530 return (-1);
531
532 # elif defined(HAVE_GNUTLS)
533 return (-1);
534
535 # elif defined(HAVE_CDSASSL)
536 if (!(error = SSLCopyPeerCertificates(http->tls, &peerCerts)) && peerCerts)
537 {
538 if ((*credentials = cupsArrayNew(NULL, NULL)) != NULL)
539 {
540 for (i = 0, count = CFArrayGetCount(peerCerts); i < count; i++)
541 {
542 secCert = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
543 if ((data = SecCertificateCopyData(secCert)))
544 {
545 httpAddCredential(*credentials, CFDataGetBytePtr(data),
546 CFDataGetLength(data));
547 CFRelease(data);
548 }
549 }
550 }
551
552 CFRelease(peerCerts);
553 }
554
555 return (error);
556
557 # elif defined(HAVE_SSPISSL)
558 return (-1);
559 # endif /* HAVE_LIBSSL */
560 }
561
562
563 /*
564 * '_httpConvertCredentials()' - Convert credentials to the internal format.
565 */
566
567 http_tls_credentials_t /* O - Internal credentials */
568 _httpConvertCredentials(
569 cups_array_t *credentials) /* I - Array of credentials */
570 {
571 if (!credentials)
572 return (NULL);
573
574 # ifdef HAVE_LIBSSL
575 return (NULL);
576
577 # elif defined(HAVE_GNUTLS)
578 return (NULL);
579
580 # elif defined(HAVE_CDSASSL)
581 CFMutableArrayRef peerCerts; /* Peer credentials reference */
582 SecCertificateRef secCert; /* Certificate reference */
583 CFDataRef data; /* Credential data reference */
584 http_credential_t *credential; /* Credential data */
585
586
587 if ((peerCerts = CFArrayCreateMutable(kCFAllocatorDefault,
588 cupsArrayCount(credentials),
589 &kCFTypeArrayCallBacks)) == NULL)
590 return (NULL);
591
592 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
593 credential;
594 credential = (http_credential_t *)cupsArrayNext(credentials))
595 {
596 if ((data = CFDataCreate(kCFAllocatorDefault, credential->data,
597 credential->datalen)))
598 {
599 if ((secCert = SecCertificateCreateWithData(kCFAllocatorDefault, data))
600 != NULL)
601 {
602 CFArrayAppendValue(peerCerts, secCert);
603 CFRelease(secCert);
604 }
605
606 CFRelease(data);
607 }
608 }
609
610 return (peerCerts);
611
612 # elif defined(HAVE_SSPISSL)
613 return (NULL);
614
615 # else
616 return (NULL);
617 # endif /* HAVE_LIBSSL */
618 }
619
620
621 /*
622 * '_httpCreate()' - Create an unconnected HTTP connection.
623 */
624
625 http_t * /* O - HTTP connection */
626 _httpCreate(
627 const char *host, /* I - Hostname */
628 int port, /* I - Port number */
629 http_encryption_t encryption) /* I - Encryption to use */
630 {
631 http_t *http; /* New HTTP connection */
632 http_addrlist_t *addrlist; /* Host address data */
633 char service[255]; /* Service name */
634
635
636 DEBUG_printf(("4_httpCreate(host=\"%s\", port=%d, encryption=%d)",
637 host, port, encryption));
638
639 if (!host)
640 return (NULL);
641
642 httpInitialize();
643
644 /*
645 * Lookup the host...
646 */
647
648 sprintf(service, "%d", port);
649
650 if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL)
651 return (NULL);
652
653 /*
654 * Allocate memory for the structure...
655 */
656
657 if ((http = calloc(sizeof(http_t), 1)) == NULL)
658 {
659 httpAddrFreeList(addrlist);
660 return (NULL);
661 }
662
663 /*
664 * Initialize the HTTP data...
665 */
666
667 http->activity = time(NULL);
668 http->addrlist = addrlist;
669 http->blocking = 1;
670 http->fd = -1;
671 #ifdef HAVE_GSSAPI
672 http->gssctx = GSS_C_NO_CONTEXT;
673 http->gssname = GSS_C_NO_NAME;
674 #endif /* HAVE_GSSAPI */
675 http->version = HTTP_1_1;
676
677 strlcpy(http->hostname, host, sizeof(http->hostname));
678
679 if (port == 443) /* Always use encryption for https */
680 http->encryption = HTTP_ENCRYPT_ALWAYS;
681 else
682 http->encryption = encryption;
683
684 /*
685 * Return the new structure...
686 */
687
688 return (http);
689 }
690
691
692 /*
693 * 'httpDelete()' - Send a DELETE request to the server.
694 */
695
696 int /* O - Status of call (0 = success) */
697 httpDelete(http_t *http, /* I - Connection to server */
698 const char *uri) /* I - URI to delete */
699 {
700 return (http_send(http, HTTP_DELETE, uri));
701 }
702
703
704 /*
705 * '_httpDisconnect()' - Disconnect a HTTP connection.
706 */
707
708 void
709 _httpDisconnect(http_t *http) /* I - Connection to server */
710 {
711 #ifdef HAVE_SSL
712 if (http->tls)
713 http_shutdown_ssl(http);
714 #endif /* HAVE_SSL */
715
716 #ifdef WIN32
717 closesocket(http->fd);
718 #else
719 close(http->fd);
720 #endif /* WIN32 */
721
722 http->fd = -1;
723 }
724
725
726 /*
727 * 'httpEncryption()' - Set the required encryption on the link.
728 */
729
730 int /* O - -1 on error, 0 on success */
731 httpEncryption(http_t *http, /* I - Connection to server */
732 http_encryption_t e) /* I - New encryption preference */
733 {
734 DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
735
736 #ifdef HAVE_SSL
737 if (!http)
738 return (0);
739
740 http->encryption = e;
741
742 if ((http->encryption == HTTP_ENCRYPT_ALWAYS && !http->tls) ||
743 (http->encryption == HTTP_ENCRYPT_NEVER && http->tls))
744 return (httpReconnect(http));
745 else if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
746 return (http_upgrade(http));
747 else
748 return (0);
749 #else
750 if (e == HTTP_ENCRYPT_ALWAYS || e == HTTP_ENCRYPT_REQUIRED)
751 return (-1);
752 else
753 return (0);
754 #endif /* HAVE_SSL */
755 }
756
757
758 /*
759 * 'httpError()' - Get the last error on a connection.
760 */
761
762 int /* O - Error code (errno) value */
763 httpError(http_t *http) /* I - Connection to server */
764 {
765 if (http)
766 return (http->error);
767 else
768 return (EINVAL);
769 }
770
771
772 /*
773 * 'httpFlush()' - Flush data from a HTTP connection.
774 */
775
776 void
777 httpFlush(http_t *http) /* I - Connection to server */
778 {
779 char buffer[8192]; /* Junk buffer */
780 int blocking; /* To block or not to block */
781 http_state_t oldstate; /* Old state */
782
783
784 DEBUG_printf(("httpFlush(http=%p), state=%s", http,
785 http_states[http->state]));
786
787 /*
788 * Temporarily set non-blocking mode so we don't get stuck in httpRead()...
789 */
790
791 blocking = http->blocking;
792 http->blocking = 0;
793
794 /*
795 * Read any data we can...
796 */
797
798 oldstate = http->state;
799 while (httpRead2(http, buffer, sizeof(buffer)) > 0);
800
801 /*
802 * Restore blocking and reset the connection if we didn't get all of
803 * the remaining data...
804 */
805
806 http->blocking = blocking;
807
808 if (http->state == oldstate && http->state != HTTP_WAITING && http->fd >= 0)
809 {
810 /*
811 * Didn't get the data back, so close the current connection.
812 */
813
814 http->state = HTTP_WAITING;
815
816 #ifdef HAVE_SSL
817 if (http->tls)
818 http_shutdown_ssl(http);
819 #endif /* HAVE_SSL */
820
821 #ifdef WIN32
822 closesocket(http->fd);
823 #else
824 close(http->fd);
825 #endif /* WIN32 */
826
827 http->fd = -1;
828 }
829 }
830
831
832 /*
833 * 'httpFlushWrite()' - Flush data in write buffer.
834 *
835 * @since CUPS 1.2/Mac OS X 10.5@
836 */
837
838 int /* O - Bytes written or -1 on error */
839 httpFlushWrite(http_t *http) /* I - Connection to server */
840 {
841 int bytes; /* Bytes written */
842
843
844 DEBUG_printf(("httpFlushWrite(http=%p)", http));
845
846 if (!http || !http->wused)
847 {
848 DEBUG_puts(http ? "1httpFlushWrite: Write buffer is empty." :
849 "1httpFlushWrite: No connection.");
850 return (0);
851 }
852
853 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
854 bytes = http_write_chunk(http, http->wbuffer, http->wused);
855 else
856 bytes = http_write(http, http->wbuffer, http->wused);
857
858 http->wused = 0;
859
860 DEBUG_printf(("1httpFlushWrite: Returning %d.", bytes));
861
862 return (bytes);
863 }
864
865
866 /*
867 * '_httpFreeCredentials()' - Free internal credentials.
868 */
869
870 void
871 _httpFreeCredentials(
872 http_tls_credentials_t credentials) /* I - Internal credentials */
873 {
874 if (!credentials)
875 return;
876
877 #ifdef HAVE_LIBSSL
878 (void)credentials;
879
880 #elif defined(HAVE_GNUTLS)
881 (void)credentials;
882
883 #elif defined(HAVE_CDSASSL)
884 CFRelease(credentials);
885
886 #elif defined(HAVE_SSPISSL)
887 (void)credentials;
888
889 #endif /* HAVE_LIBSSL */
890 }
891
892
893 /*
894 * 'httpFreeCredentials()' - Free an array of credentials.
895 */
896
897 void
898 httpFreeCredentials(
899 cups_array_t *credentials) /* I - Array of credentials */
900 {
901 http_credential_t *credential; /* Credential */
902
903
904 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
905 credential;
906 credential = (http_credential_t *)cupsArrayNext(credentials))
907 {
908 cupsArrayRemove(credentials, credential);
909 free((void *)credential->data);
910 free(credential);
911 }
912
913 cupsArrayDelete(credentials);
914 }
915
916
917 /*
918 * 'httpGet()' - Send a GET request to the server.
919 */
920
921 int /* O - Status of call (0 = success) */
922 httpGet(http_t *http, /* I - Connection to server */
923 const char *uri) /* I - URI to get */
924 {
925 return (http_send(http, HTTP_GET, uri));
926 }
927
928
929 /*
930 * 'httpGetAuthString()' - Get the current authorization string.
931 *
932 * The authorization string is set by cupsDoAuthentication() and
933 * httpSetAuthString(). Use httpGetAuthString() to retrieve the
934 * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
935 * value.
936 *
937 * @since CUPS 1.3/Mac OS X 10.5@
938 */
939
940 char * /* O - Authorization string */
941 httpGetAuthString(http_t *http) /* I - Connection to server */
942 {
943 if (http)
944 return (http->authstring);
945 else
946 return (NULL);
947 }
948
949
950 /*
951 * 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
952 *
953 * @since CUPS 1.2/Mac OS X 10.5@
954 */
955
956 int /* O - 1 if blocking, 0 if non-blocking */
957 httpGetBlocking(http_t *http) /* I - Connection to server */
958 {
959 return (http ? http->blocking : 0);
960 }
961
962
963 /*
964 * 'httpGetCookie()' - Get any cookie data from the response.
965 *
966 * @since CUPS 1.1.19/Mac OS X 10.3@
967 */
968
969 const char * /* O - Cookie data or NULL */
970 httpGetCookie(http_t *http) /* I - HTTP connecion */
971 {
972 return (http ? http->cookie : NULL);
973 }
974
975
976 /*
977 * 'httpGetFd()' - Get the file descriptor associated with a connection.
978 *
979 * @since CUPS 1.2/Mac OS X 10.5@
980 */
981
982 int /* O - File descriptor or -1 if none */
983 httpGetFd(http_t *http) /* I - Connection to server */
984 {
985 return (http ? http->fd : -1);
986 }
987
988
989 /*
990 * 'httpGetField()' - Get a field value from a request/response.
991 */
992
993 const char * /* O - Field value */
994 httpGetField(http_t *http, /* I - Connection to server */
995 http_field_t field) /* I - Field to get */
996 {
997 if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
998 return (NULL);
999 else if (field == HTTP_FIELD_AUTHORIZATION &&
1000 http->field_authorization)
1001 {
1002 /*
1003 * Special case for WWW-Authenticate: as its contents can be
1004 * longer than HTTP_MAX_VALUE...
1005 */
1006
1007 return (http->field_authorization);
1008 }
1009 else
1010 return (http->fields[field]);
1011 }
1012
1013
1014 /*
1015 * 'httpGetLength()' - Get the amount of data remaining from the
1016 * content-length or transfer-encoding fields.
1017 *
1018 * This function is deprecated and will not return lengths larger than
1019 * 2^31 - 1; use httpGetLength2() instead.
1020 *
1021 * @deprecated@
1022 */
1023
1024 int /* O - Content length */
1025 httpGetLength(http_t *http) /* I - Connection to server */
1026 {
1027 /*
1028 * Get the read content length and return the 32-bit value.
1029 */
1030
1031 if (http)
1032 {
1033 httpGetLength2(http);
1034
1035 return (http->_data_remaining);
1036 }
1037 else
1038 return (-1);
1039 }
1040
1041
1042 /*
1043 * 'httpGetLength2()' - Get the amount of data remaining from the
1044 * content-length or transfer-encoding fields.
1045 *
1046 * This function returns the complete content length, even for
1047 * content larger than 2^31 - 1.
1048 *
1049 * @since CUPS 1.2/Mac OS X 10.5@
1050 */
1051
1052 off_t /* O - Content length */
1053 httpGetLength2(http_t *http) /* I - Connection to server */
1054 {
1055 DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
1056 http_states[http->state]));
1057
1058 if (!http)
1059 return (-1);
1060
1061 if (!strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
1062 {
1063 DEBUG_puts("4httpGetLength2: chunked request!");
1064
1065 http->data_encoding = HTTP_ENCODE_CHUNKED;
1066 http->data_remaining = 0;
1067 }
1068 else
1069 {
1070 http->data_encoding = HTTP_ENCODE_LENGTH;
1071
1072 /*
1073 * The following is a hack for HTTP servers that don't send a
1074 * content-length or transfer-encoding field...
1075 *
1076 * If there is no content-length then the connection must close
1077 * after the transfer is complete...
1078 */
1079
1080 if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
1081 {
1082 /*
1083 * Default content length is 0 for errors and 2^31-1 for other
1084 * successful requests...
1085 */
1086
1087 if (http->status >= HTTP_MULTIPLE_CHOICES)
1088 http->data_remaining = 0;
1089 else
1090 http->data_remaining = 2147483647;
1091 }
1092 else
1093 http->data_remaining = strtoll(http->fields[HTTP_FIELD_CONTENT_LENGTH],
1094 NULL, 10);
1095
1096 DEBUG_printf(("4httpGetLength2: content_length=" CUPS_LLFMT,
1097 CUPS_LLCAST http->data_remaining));
1098 }
1099
1100 if (http->data_remaining <= INT_MAX)
1101 http->_data_remaining = (int)http->data_remaining;
1102 else
1103 http->_data_remaining = INT_MAX;
1104
1105 return (http->data_remaining);
1106 }
1107
1108
1109 /*
1110 * 'httpGetStatus()' - Get the status of the last HTTP request.
1111 *
1112 * @since CUPS 1.2/Mac OS X 10.5@
1113 */
1114
1115 http_status_t /* O - HTTP status */
1116 httpGetStatus(http_t *http) /* I - Connection to server */
1117 {
1118 return (http ? http->status : HTTP_ERROR);
1119 }
1120
1121
1122 /*
1123 * 'httpGetSubField()' - Get a sub-field value.
1124 *
1125 * @deprecated@
1126 */
1127
1128 char * /* O - Value or NULL */
1129 httpGetSubField(http_t *http, /* I - Connection to server */
1130 http_field_t field, /* I - Field index */
1131 const char *name, /* I - Name of sub-field */
1132 char *value) /* O - Value string */
1133 {
1134 return (httpGetSubField2(http, field, name, value, HTTP_MAX_VALUE));
1135 }
1136
1137
1138 /*
1139 * 'httpGetSubField2()' - Get a sub-field value.
1140 *
1141 * @since CUPS 1.2/Mac OS X 10.5@
1142 */
1143
1144 char * /* O - Value or NULL */
1145 httpGetSubField2(http_t *http, /* I - Connection to server */
1146 http_field_t field, /* I - Field index */
1147 const char *name, /* I - Name of sub-field */
1148 char *value, /* O - Value string */
1149 int valuelen) /* I - Size of value buffer */
1150 {
1151 const char *fptr; /* Pointer into field */
1152 char temp[HTTP_MAX_VALUE], /* Temporary buffer for name */
1153 *ptr, /* Pointer into string buffer */
1154 *end; /* End of value buffer */
1155
1156 DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
1157 "valuelen=%d)", http, field, name, value, valuelen));
1158
1159 if (!http || !name || !value || valuelen < 2 ||
1160 field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
1161 return (NULL);
1162
1163 end = value + valuelen - 1;
1164
1165 for (fptr = http->fields[field]; *fptr;)
1166 {
1167 /*
1168 * Skip leading whitespace...
1169 */
1170
1171 while (_cups_isspace(*fptr))
1172 fptr ++;
1173
1174 if (*fptr == ',')
1175 {
1176 fptr ++;
1177 continue;
1178 }
1179
1180 /*
1181 * Get the sub-field name...
1182 */
1183
1184 for (ptr = temp;
1185 *fptr && *fptr != '=' && !_cups_isspace(*fptr) &&
1186 ptr < (temp + sizeof(temp) - 1);
1187 *ptr++ = *fptr++);
1188
1189 *ptr = '\0';
1190
1191 DEBUG_printf(("4httpGetSubField2: name=\"%s\"", temp));
1192
1193 /*
1194 * Skip trailing chars up to the '='...
1195 */
1196
1197 while (_cups_isspace(*fptr))
1198 fptr ++;
1199
1200 if (!*fptr)
1201 break;
1202
1203 if (*fptr != '=')
1204 continue;
1205
1206 /*
1207 * Skip = and leading whitespace...
1208 */
1209
1210 fptr ++;
1211
1212 while (_cups_isspace(*fptr))
1213 fptr ++;
1214
1215 if (*fptr == '\"')
1216 {
1217 /*
1218 * Read quoted string...
1219 */
1220
1221 for (ptr = value, fptr ++;
1222 *fptr && *fptr != '\"' && ptr < end;
1223 *ptr++ = *fptr++);
1224
1225 *ptr = '\0';
1226
1227 while (*fptr && *fptr != '\"')
1228 fptr ++;
1229
1230 if (*fptr)
1231 fptr ++;
1232 }
1233 else
1234 {
1235 /*
1236 * Read unquoted string...
1237 */
1238
1239 for (ptr = value;
1240 *fptr && !_cups_isspace(*fptr) && *fptr != ',' && ptr < end;
1241 *ptr++ = *fptr++);
1242
1243 *ptr = '\0';
1244
1245 while (*fptr && !_cups_isspace(*fptr) && *fptr != ',')
1246 fptr ++;
1247 }
1248
1249 DEBUG_printf(("4httpGetSubField2: value=\"%s\"", value));
1250
1251 /*
1252 * See if this is the one...
1253 */
1254
1255 if (!strcmp(name, temp))
1256 {
1257 DEBUG_printf(("3httpGetSubField2: Returning \"%s\"", value));
1258 return (value);
1259 }
1260 }
1261
1262 value[0] = '\0';
1263
1264 DEBUG_puts("3httpGetSubField2: Returning NULL");
1265
1266 return (NULL);
1267 }
1268
1269
1270 /*
1271 * 'httpGets()' - Get a line of text from a HTTP connection.
1272 */
1273
1274 char * /* O - Line or NULL */
1275 httpGets(char *line, /* I - Line to read into */
1276 int length, /* I - Max length of buffer */
1277 http_t *http) /* I - Connection to server */
1278 {
1279 char *lineptr, /* Pointer into line */
1280 *lineend, /* End of line */
1281 *bufptr, /* Pointer into input buffer */
1282 *bufend; /* Pointer to end of buffer */
1283 int bytes, /* Number of bytes read */
1284 eol; /* End-of-line? */
1285
1286
1287 DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
1288
1289 if (http == NULL || line == NULL)
1290 return (NULL);
1291
1292 /*
1293 * Read a line from the buffer...
1294 */
1295
1296 http->error = 0;
1297 lineptr = line;
1298 lineend = line + length - 1;
1299 eol = 0;
1300
1301 while (lineptr < lineend)
1302 {
1303 /*
1304 * Pre-load the buffer as needed...
1305 */
1306
1307 #ifdef WIN32
1308 WSASetLastError(0);
1309 #else
1310 errno = 0;
1311 #endif /* WIN32 */
1312
1313 while (http->used == 0)
1314 {
1315 /*
1316 * No newline; see if there is more data to be read...
1317 */
1318
1319 if (!http->blocking && !_httpWait(http, 10000, 1))
1320 {
1321 DEBUG_puts("3httpGets: Timed out!");
1322 #ifdef WIN32
1323 http->error = WSAETIMEDOUT;
1324 #else
1325 http->error = ETIMEDOUT;
1326 #endif /* WIN32 */
1327 return (NULL);
1328 }
1329
1330 #ifdef HAVE_SSL
1331 if (http->tls)
1332 bytes = http_read_ssl(http, http->buffer + http->used,
1333 HTTP_MAX_BUFFER - http->used);
1334 else
1335 #endif /* HAVE_SSL */
1336 bytes = recv(http->fd, http->buffer + http->used,
1337 HTTP_MAX_BUFFER - http->used, 0);
1338
1339 DEBUG_printf(("4httpGets: read %d bytes...", bytes));
1340
1341 if (bytes < 0)
1342 {
1343 /*
1344 * Nope, can't get a line this time...
1345 */
1346
1347 #ifdef WIN32
1348 DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
1349
1350 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
1351 continue;
1352 else if (WSAGetLastError() != http->error)
1353 {
1354 http->error = WSAGetLastError();
1355 continue;
1356 }
1357
1358 #else
1359 DEBUG_printf(("3httpGets: recv() error %d!", errno));
1360
1361 if (errno == EINTR || errno == EAGAIN)
1362 continue;
1363 else if (errno != http->error)
1364 {
1365 http->error = errno;
1366 continue;
1367 }
1368 #endif /* WIN32 */
1369
1370 return (NULL);
1371 }
1372 else if (bytes == 0)
1373 {
1374 http->error = EPIPE;
1375
1376 return (NULL);
1377 }
1378
1379 /*
1380 * Yup, update the amount used...
1381 */
1382
1383 http->used += bytes;
1384 }
1385
1386 /*
1387 * Now copy as much of the current line as possible...
1388 */
1389
1390 for (bufptr = http->buffer, bufend = http->buffer + http->used;
1391 lineptr < lineend && bufptr < bufend;)
1392 {
1393 if (*bufptr == 0x0a)
1394 {
1395 eol = 1;
1396 bufptr ++;
1397 break;
1398 }
1399 else if (*bufptr == 0x0d)
1400 bufptr ++;
1401 else
1402 *lineptr++ = *bufptr++;
1403 }
1404
1405 http->used -= (int)(bufptr - http->buffer);
1406 if (http->used > 0)
1407 memmove(http->buffer, bufptr, http->used);
1408
1409 if (eol)
1410 {
1411 /*
1412 * End of line...
1413 */
1414
1415 http->activity = time(NULL);
1416
1417 *lineptr = '\0';
1418
1419 DEBUG_printf(("3httpGets: Returning \"%s\"", line));
1420
1421 return (line);
1422 }
1423 }
1424
1425 DEBUG_puts("3httpGets: No new line available!");
1426
1427 return (NULL);
1428 }
1429
1430
1431 /*
1432 * 'httpHead()' - Send a HEAD request to the server.
1433 */
1434
1435 int /* O - Status of call (0 = success) */
1436 httpHead(http_t *http, /* I - Connection to server */
1437 const char *uri) /* I - URI for head */
1438 {
1439 DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
1440 return (http_send(http, HTTP_HEAD, uri));
1441 }
1442
1443
1444 /*
1445 * 'httpInitialize()' - Initialize the HTTP interface library and set the
1446 * default HTTP proxy (if any).
1447 */
1448
1449 void
1450 httpInitialize(void)
1451 {
1452 static int initialized = 0; /* Have we been called before? */
1453 #ifdef WIN32
1454 WSADATA winsockdata; /* WinSock data */
1455 #endif /* WIN32 */
1456 #ifdef HAVE_LIBSSL
1457 int i; /* Looping var */
1458 unsigned char data[1024]; /* Seed data */
1459 #endif /* HAVE_LIBSSL */
1460
1461
1462 _cupsGlobalLock();
1463 if (initialized)
1464 {
1465 _cupsGlobalUnlock();
1466 return;
1467 }
1468
1469 #ifdef WIN32
1470 WSAStartup(MAKEWORD(2,2), &winsockdata);
1471
1472 #elif !defined(SO_NOSIGPIPE)
1473 /*
1474 * Ignore SIGPIPE signals...
1475 */
1476
1477 # ifdef HAVE_SIGSET
1478 sigset(SIGPIPE, SIG_IGN);
1479
1480 # elif defined(HAVE_SIGACTION)
1481 struct sigaction action; /* POSIX sigaction data */
1482
1483
1484 memset(&action, 0, sizeof(action));
1485 action.sa_handler = SIG_IGN;
1486 sigaction(SIGPIPE, &action, NULL);
1487
1488 # else
1489 signal(SIGPIPE, SIG_IGN);
1490 # endif /* !SO_NOSIGPIPE */
1491 #endif /* WIN32 */
1492
1493 #ifdef HAVE_GNUTLS
1494 /*
1495 * Make sure we handle threading properly...
1496 */
1497
1498 # ifdef HAVE_PTHREAD_H
1499 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
1500 # endif /* HAVE_PTHREAD_H */
1501
1502 /*
1503 * Initialize GNU TLS...
1504 */
1505
1506 gnutls_global_init();
1507
1508 #elif defined(HAVE_LIBSSL)
1509 /*
1510 * Initialize OpenSSL...
1511 */
1512
1513 SSL_load_error_strings();
1514 SSL_library_init();
1515
1516 /*
1517 * Set the threading callbacks...
1518 */
1519
1520 http_locks = calloc(CRYPTO_num_locks(), sizeof(_cups_mutex_t));
1521 # ifdef HAVE_PTHREAD_H
1522 for (i = 0; i < CRYPTO_num_locks(); i ++)
1523 pthread_mutex_init(http_locks + i, NULL);
1524 # endif /* HAVE_PTHREAD_H */
1525
1526 CRYPTO_set_id_callback(http_threadid_cb);
1527 CRYPTO_set_locking_callback(http_locking_cb);
1528
1529 /*
1530 * Using the current time is a dubious random seed, but on some systems
1531 * it is the best we can do (on others, this seed isn't even used...)
1532 */
1533
1534 CUPS_SRAND(time(NULL));
1535
1536 for (i = 0; i < sizeof(data); i ++)
1537 data[i] = CUPS_RAND();
1538
1539 RAND_seed(data, sizeof(data));
1540 #endif /* HAVE_GNUTLS */
1541
1542 initialized = 1;
1543 _cupsGlobalUnlock();
1544 }
1545
1546
1547 /*
1548 * 'httpOptions()' - Send an OPTIONS request to the server.
1549 */
1550
1551 int /* O - Status of call (0 = success) */
1552 httpOptions(http_t *http, /* I - Connection to server */
1553 const char *uri) /* I - URI for options */
1554 {
1555 return (http_send(http, HTTP_OPTIONS, uri));
1556 }
1557
1558
1559 /*
1560 * '_httpPeek()' - Peek at data from a HTTP connection.
1561 *
1562 * This function copies available data from the given HTTP connection, reading
1563 * a buffer as needed. The data is still available for reading using
1564 * @link httpRead@ or @link httpRead2@.
1565 *
1566 * For non-blocking connections the usual timeouts apply.
1567 */
1568
1569 ssize_t /* O - Number of bytes copied */
1570 _httpPeek(http_t *http, /* I - Connection to server */
1571 char *buffer, /* I - Buffer for data */
1572 size_t length) /* I - Maximum number of bytes */
1573 {
1574 ssize_t bytes; /* Bytes read */
1575 char len[32]; /* Length string */
1576
1577
1578 DEBUG_printf(("_httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
1579 http, buffer, CUPS_LLCAST length));
1580
1581 if (http == NULL || buffer == NULL)
1582 return (-1);
1583
1584 http->activity = time(NULL);
1585 http->error = 0;
1586
1587 if (length <= 0)
1588 return (0);
1589
1590 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1591 http->data_remaining <= 0)
1592 {
1593 DEBUG_puts("2_httpPeek: Getting chunk length...");
1594
1595 if (httpGets(len, sizeof(len), http) == NULL)
1596 {
1597 DEBUG_puts("1_httpPeek: Could not get length!");
1598 return (0);
1599 }
1600
1601 http->data_remaining = strtoll(len, NULL, 16);
1602 if (http->data_remaining < 0)
1603 {
1604 DEBUG_puts("1_httpPeek: Negative chunk length!");
1605 return (0);
1606 }
1607 }
1608
1609 DEBUG_printf(("2_httpPeek: data_remaining=" CUPS_LLFMT,
1610 CUPS_LLCAST http->data_remaining));
1611
1612 if (http->data_remaining <= 0)
1613 {
1614 /*
1615 * A zero-length chunk ends a transfer; unless we are reading POST
1616 * data, go idle...
1617 */
1618
1619 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1620 httpGets(len, sizeof(len), http);
1621
1622 if (http->state == HTTP_POST_RECV)
1623 http->state ++;
1624 else
1625 http->state = HTTP_WAITING;
1626
1627 /*
1628 * Prevent future reads for this request...
1629 */
1630
1631 http->data_encoding = HTTP_ENCODE_LENGTH;
1632
1633 return (0);
1634 }
1635 else if (length > (size_t)http->data_remaining)
1636 length = (size_t)http->data_remaining;
1637
1638 if (http->used == 0)
1639 {
1640 /*
1641 * Buffer small reads for better performance...
1642 */
1643
1644 if (!http->blocking && !httpWait(http, 10000))
1645 return (0);
1646
1647 if (http->data_remaining > sizeof(http->buffer))
1648 bytes = sizeof(http->buffer);
1649 else
1650 bytes = http->data_remaining;
1651
1652 #ifdef HAVE_SSL
1653 if (http->tls)
1654 bytes = http_read_ssl(http, http->buffer, bytes);
1655 else
1656 #endif /* HAVE_SSL */
1657 {
1658 DEBUG_printf(("2_httpPeek: reading %d bytes from socket into buffer...",
1659 (int)bytes));
1660
1661 bytes = recv(http->fd, http->buffer, bytes, 0);
1662
1663 DEBUG_printf(("2_httpPeek: read %d bytes from socket into buffer...",
1664 (int)bytes));
1665 }
1666
1667 if (bytes > 0)
1668 http->used = bytes;
1669 else if (bytes < 0)
1670 {
1671 #ifdef WIN32
1672 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1673 {
1674 http->error = WSAGetLastError();
1675 return (-1);
1676 }
1677 #else
1678 if (errno != EINTR && errno != EAGAIN)
1679 {
1680 http->error = errno;
1681 return (-1);
1682 }
1683 #endif /* WIN32 */
1684 }
1685 else
1686 {
1687 http->error = EPIPE;
1688 return (0);
1689 }
1690 }
1691
1692 if (http->used > 0)
1693 {
1694 if (length > (size_t)http->used)
1695 length = (size_t)http->used;
1696
1697 bytes = (ssize_t)length;
1698
1699 DEBUG_printf(("2_httpPeek: grabbing %d bytes from input buffer...",
1700 (int)bytes));
1701
1702 memcpy(buffer, http->buffer, length);
1703 }
1704 else
1705 bytes = 0;
1706
1707 if (bytes < 0)
1708 {
1709 #ifdef WIN32
1710 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
1711 bytes = 0;
1712 else
1713 http->error = WSAGetLastError();
1714 #else
1715 if (errno == EINTR || errno == EAGAIN)
1716 bytes = 0;
1717 else
1718 http->error = errno;
1719 #endif /* WIN32 */
1720 }
1721 else if (bytes == 0)
1722 {
1723 http->error = EPIPE;
1724 return (0);
1725 }
1726
1727 #ifdef DEBUG
1728 http_debug_hex("_httpPeek", buffer, (int)bytes);
1729 #endif /* DEBUG */
1730
1731 return (bytes);
1732 }
1733
1734
1735 /*
1736 * 'httpPost()' - Send a POST request to the server.
1737 */
1738
1739 int /* O - Status of call (0 = success) */
1740 httpPost(http_t *http, /* I - Connection to server */
1741 const char *uri) /* I - URI for post */
1742 {
1743 return (http_send(http, HTTP_POST, uri));
1744 }
1745
1746
1747 /*
1748 * 'httpPrintf()' - Print a formatted string to a HTTP connection.
1749 *
1750 * @private@
1751 */
1752
1753 int /* O - Number of bytes written */
1754 httpPrintf(http_t *http, /* I - Connection to server */
1755 const char *format, /* I - printf-style format string */
1756 ...) /* I - Additional args as needed */
1757 {
1758 int bytes; /* Number of bytes to write */
1759 char buf[16384]; /* Buffer for formatted string */
1760 va_list ap; /* Variable argument pointer */
1761
1762
1763 DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
1764
1765 va_start(ap, format);
1766 bytes = vsnprintf(buf, sizeof(buf), format, ap);
1767 va_end(ap);
1768
1769 DEBUG_printf(("3httpPrintf: %s", buf));
1770
1771 if (http->data_encoding == HTTP_ENCODE_FIELDS)
1772 return (httpWrite2(http, buf, bytes));
1773 else
1774 {
1775 if (http->wused)
1776 {
1777 DEBUG_puts("4httpPrintf: flushing existing data...");
1778
1779 if (httpFlushWrite(http) < 0)
1780 return (-1);
1781 }
1782
1783 return (http_write(http, buf, bytes));
1784 }
1785 }
1786
1787
1788 /*
1789 * 'httpPut()' - Send a PUT request to the server.
1790 */
1791
1792 int /* O - Status of call (0 = success) */
1793 httpPut(http_t *http, /* I - Connection to server */
1794 const char *uri) /* I - URI to put */
1795 {
1796 DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
1797 return (http_send(http, HTTP_PUT, uri));
1798 }
1799
1800
1801 /*
1802 * 'httpRead()' - Read data from a HTTP connection.
1803 *
1804 * This function is deprecated. Use the httpRead2() function which can
1805 * read more than 2GB of data.
1806 *
1807 * @deprecated@
1808 */
1809
1810 int /* O - Number of bytes read */
1811 httpRead(http_t *http, /* I - Connection to server */
1812 char *buffer, /* I - Buffer for data */
1813 int length) /* I - Maximum number of bytes */
1814 {
1815 return ((int)httpRead2(http, buffer, length));
1816 }
1817
1818
1819 /*
1820 * 'httpRead2()' - Read data from a HTTP connection.
1821 *
1822 * @since CUPS 1.2/Mac OS X 10.5@
1823 */
1824
1825 ssize_t /* O - Number of bytes read */
1826 httpRead2(http_t *http, /* I - Connection to server */
1827 char *buffer, /* I - Buffer for data */
1828 size_t length) /* I - Maximum number of bytes */
1829 {
1830 ssize_t bytes; /* Bytes read */
1831 char len[32]; /* Length string */
1832
1833
1834 DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
1835 http, buffer, CUPS_LLCAST length));
1836
1837 if (http == NULL || buffer == NULL)
1838 return (-1);
1839
1840 http->activity = time(NULL);
1841 http->error = 0;
1842
1843 if (length <= 0)
1844 return (0);
1845
1846 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1847 http->data_remaining <= 0)
1848 {
1849 DEBUG_puts("2httpRead2: Getting chunk length...");
1850
1851 if (httpGets(len, sizeof(len), http) == NULL)
1852 {
1853 DEBUG_puts("1httpRead2: Could not get length!");
1854 return (0);
1855 }
1856
1857 http->data_remaining = strtoll(len, NULL, 16);
1858 if (http->data_remaining < 0)
1859 {
1860 DEBUG_puts("1httpRead2: Negative chunk length!");
1861 return (0);
1862 }
1863 }
1864
1865 DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT,
1866 CUPS_LLCAST http->data_remaining));
1867
1868 if (http->data_remaining <= 0)
1869 {
1870 /*
1871 * A zero-length chunk ends a transfer; unless we are reading POST
1872 * data, go idle...
1873 */
1874
1875 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1876 httpGets(len, sizeof(len), http);
1877
1878 if (http->state == HTTP_POST_RECV)
1879 http->state ++;
1880 else
1881 http->state = HTTP_WAITING;
1882
1883 /*
1884 * Prevent future reads for this request...
1885 */
1886
1887 http->data_encoding = HTTP_ENCODE_LENGTH;
1888
1889 return (0);
1890 }
1891 else if (length > (size_t)http->data_remaining)
1892 length = (size_t)http->data_remaining;
1893
1894 if (http->used == 0 && length <= 256)
1895 {
1896 /*
1897 * Buffer small reads for better performance...
1898 */
1899
1900 if (!http->blocking && !httpWait(http, 10000))
1901 return (0);
1902
1903 if (http->data_remaining > sizeof(http->buffer))
1904 bytes = sizeof(http->buffer);
1905 else
1906 bytes = http->data_remaining;
1907
1908 #ifdef HAVE_SSL
1909 if (http->tls)
1910 bytes = http_read_ssl(http, http->buffer, bytes);
1911 else
1912 #endif /* HAVE_SSL */
1913 {
1914 DEBUG_printf(("2httpRead2: reading %d bytes from socket into buffer...",
1915 (int)bytes));
1916
1917 bytes = recv(http->fd, http->buffer, bytes, 0);
1918
1919 DEBUG_printf(("2httpRead2: read %d bytes from socket into buffer...",
1920 (int)bytes));
1921 }
1922
1923 if (bytes > 0)
1924 http->used = bytes;
1925 else if (bytes < 0)
1926 {
1927 #ifdef WIN32
1928 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1929 {
1930 http->error = WSAGetLastError();
1931 return (-1);
1932 }
1933 #else
1934 if (errno != EINTR && errno != EAGAIN)
1935 {
1936 http->error = errno;
1937 return (-1);
1938 }
1939 #endif /* WIN32 */
1940 }
1941 else
1942 {
1943 http->error = EPIPE;
1944 return (0);
1945 }
1946 }
1947
1948 if (http->used > 0)
1949 {
1950 if (length > (size_t)http->used)
1951 length = (size_t)http->used;
1952
1953 bytes = (ssize_t)length;
1954
1955 DEBUG_printf(("2httpRead2: grabbing %d bytes from input buffer...",
1956 (int)bytes));
1957
1958 memcpy(buffer, http->buffer, length);
1959 http->used -= (int)length;
1960
1961 if (http->used > 0)
1962 memmove(http->buffer, http->buffer + length, http->used);
1963 }
1964 #ifdef HAVE_SSL
1965 else if (http->tls)
1966 {
1967 if (!http->blocking && !httpWait(http, 10000))
1968 return (0);
1969
1970 bytes = (ssize_t)http_read_ssl(http, buffer, (int)length);
1971 }
1972 #endif /* HAVE_SSL */
1973 else
1974 {
1975 if (!http->blocking && !httpWait(http, 10000))
1976 return (0);
1977
1978 DEBUG_printf(("2httpRead2: reading " CUPS_LLFMT " bytes from socket...",
1979 CUPS_LLCAST length));
1980
1981 #ifdef WIN32
1982 while ((bytes = (ssize_t) recv(http->fd, buffer, (int)length, 0)) < 0)
1983 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1984 break;
1985 #else
1986 while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
1987 if (errno != EINTR && errno != EAGAIN)
1988 break;
1989 #endif /* WIN32 */
1990
1991 DEBUG_printf(("2httpRead2: read " CUPS_LLFMT " bytes from socket...",
1992 CUPS_LLCAST bytes));
1993 }
1994
1995 if (bytes > 0)
1996 {
1997 http->data_remaining -= bytes;
1998
1999 if (http->data_remaining <= INT_MAX)
2000 http->_data_remaining = (int)http->data_remaining;
2001 else
2002 http->_data_remaining = INT_MAX;
2003 }
2004 else if (bytes < 0)
2005 {
2006 #ifdef WIN32
2007 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
2008 bytes = 0;
2009 else
2010 http->error = WSAGetLastError();
2011 #else
2012 if (errno == EINTR || errno == EAGAIN)
2013 bytes = 0;
2014 else
2015 http->error = errno;
2016 #endif /* WIN32 */
2017 }
2018 else
2019 {
2020 http->error = EPIPE;
2021 return (0);
2022 }
2023
2024 if (http->data_remaining == 0)
2025 {
2026 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2027 httpGets(len, sizeof(len), http);
2028
2029 if (http->data_encoding != HTTP_ENCODE_CHUNKED)
2030 {
2031 if (http->state == HTTP_POST_RECV)
2032 http->state ++;
2033 else
2034 http->state = HTTP_WAITING;
2035 }
2036 }
2037
2038 #ifdef DEBUG
2039 http_debug_hex("httpRead2", buffer, (int)bytes);
2040 #endif /* DEBUG */
2041
2042 return (bytes);
2043 }
2044
2045
2046 #if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
2047 /*
2048 * '_httpReadCDSA()' - Read function for the CDSA library.
2049 */
2050
2051 OSStatus /* O - -1 on error, 0 on success */
2052 _httpReadCDSA(
2053 SSLConnectionRef connection, /* I - SSL/TLS connection */
2054 void *data, /* I - Data buffer */
2055 size_t *dataLength) /* IO - Number of bytes */
2056 {
2057 OSStatus result; /* Return value */
2058 ssize_t bytes; /* Number of bytes read */
2059 http_t *http; /* HTTP connection */
2060
2061
2062 http = (http_t *)connection;
2063
2064 if (!http->blocking)
2065 {
2066 /*
2067 * Make sure we have data before we read...
2068 */
2069
2070 if (!_httpWait(http, 10000, 0))
2071 {
2072 http->error = ETIMEDOUT;
2073 return (-1);
2074 }
2075 }
2076
2077 do
2078 {
2079 bytes = recv(http->fd, data, *dataLength, 0);
2080 }
2081 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
2082
2083 if (bytes == *dataLength)
2084 {
2085 result = 0;
2086 }
2087 else if (bytes > 0)
2088 {
2089 *dataLength = bytes;
2090 result = errSSLWouldBlock;
2091 }
2092 else
2093 {
2094 *dataLength = 0;
2095
2096 if (bytes == 0)
2097 result = errSSLClosedGraceful;
2098 else if (errno == EAGAIN)
2099 result = errSSLWouldBlock;
2100 else
2101 result = errSSLClosedAbort;
2102 }
2103
2104 return (result);
2105 }
2106 #endif /* HAVE_SSL && HAVE_CDSASSL */
2107
2108
2109 #if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
2110 /*
2111 * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
2112 */
2113
2114 ssize_t /* O - Number of bytes read or -1 on error */
2115 _httpReadGNUTLS(
2116 gnutls_transport_ptr ptr, /* I - Connection to server */
2117 void *data, /* I - Buffer */
2118 size_t length) /* I - Number of bytes to read */
2119 {
2120 http_t *http; /* HTTP connection */
2121
2122
2123 http = (http_t *)ptr;
2124
2125 if (!http->blocking)
2126 {
2127 /*
2128 * Make sure we have data before we read...
2129 */
2130
2131 if (!_httpWait(http, 10000, 0))
2132 {
2133 http->error = ETIMEDOUT;
2134 return (-1);
2135 }
2136 }
2137
2138 return (recv(http->fd, data, length, 0));
2139 }
2140 #endif /* HAVE_SSL && HAVE_GNUTLS */
2141
2142
2143 /*
2144 * 'httpReconnect()' - Reconnect to a HTTP server.
2145 */
2146
2147 int /* O - 0 on success, non-zero on failure */
2148 httpReconnect(http_t *http) /* I - Connection to server */
2149 {
2150 http_addrlist_t *addr; /* Connected address */
2151 #ifdef DEBUG
2152 http_addrlist_t *current; /* Current address */
2153 char temp[256]; /* Temporary address string */
2154 #endif /* DEBUG */
2155
2156
2157 DEBUG_printf(("httpReconnect(http=%p)", http));
2158
2159 if (!http)
2160 return (-1);
2161
2162 #ifdef HAVE_SSL
2163 if (http->tls)
2164 {
2165 DEBUG_puts("2httpReconnect: Shutting down SSL/TLS...");
2166 http_shutdown_ssl(http);
2167 }
2168 #endif /* HAVE_SSL */
2169
2170 /*
2171 * Close any previously open socket...
2172 */
2173
2174 if (http->fd >= 0)
2175 {
2176 DEBUG_printf(("2httpReconnect: Closing socket %d...", http->fd));
2177
2178 #ifdef WIN32
2179 closesocket(http->fd);
2180 #else
2181 close(http->fd);
2182 #endif /* WIN32 */
2183
2184 http->fd = -1;
2185 }
2186
2187 /*
2188 * Connect to the server...
2189 */
2190
2191 #ifdef DEBUG
2192 for (current = http->addrlist; current; current = current->next)
2193 DEBUG_printf(("2httpReconnect: Address %s:%d",
2194 httpAddrString(&(current->addr), temp, sizeof(temp)),
2195 _httpAddrPort(&(current->addr))));
2196 #endif /* DEBUG */
2197
2198 if ((addr = httpAddrConnect(http->addrlist, &(http->fd))) == NULL)
2199 {
2200 /*
2201 * Unable to connect...
2202 */
2203
2204 #ifdef WIN32
2205 http->error = WSAGetLastError();
2206 #else
2207 http->error = errno;
2208 #endif /* WIN32 */
2209 http->status = HTTP_ERROR;
2210
2211 DEBUG_printf(("1httpReconnect: httpAddrConnect failed: %s",
2212 strerror(http->error)));
2213
2214 return (-1);
2215 }
2216
2217 DEBUG_printf(("2httpReconnect: New socket=%d", http->fd));
2218
2219 http->hostaddr = &(addr->addr);
2220 http->error = 0;
2221 http->status = HTTP_CONTINUE;
2222
2223 #ifdef HAVE_SSL
2224 if (http->encryption == HTTP_ENCRYPT_ALWAYS)
2225 {
2226 /*
2227 * Always do encryption via SSL.
2228 */
2229
2230 if (http_setup_ssl(http) != 0)
2231 {
2232 # ifdef WIN32
2233 closesocket(http->fd);
2234 # else
2235 close(http->fd);
2236 # endif /* WIN32 */
2237
2238 return (-1);
2239 }
2240 }
2241 else if (http->encryption == HTTP_ENCRYPT_REQUIRED)
2242 return (http_upgrade(http));
2243 #endif /* HAVE_SSL */
2244
2245 DEBUG_printf(("1httpReconnect: Connected to %s:%d...",
2246 httpAddrString(http->hostaddr, temp, sizeof(temp)),
2247 _httpAddrPort(http->hostaddr)));
2248
2249 return (0);
2250 }
2251
2252
2253 /*
2254 * 'httpSetAuthString()' - Set the current authorization string.
2255 *
2256 * This function just stores a copy of the current authorization string in
2257 * the HTTP connection object. You must still call httpSetField() to set
2258 * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
2259 * httpHead(), httpOptions(), httpPost, or httpPut().
2260 *
2261 * @since CUPS 1.3/Mac OS X 10.5@
2262 */
2263
2264 void
2265 httpSetAuthString(http_t *http, /* I - Connection to server */
2266 const char *scheme, /* I - Auth scheme (NULL to clear it) */
2267 const char *data) /* I - Auth data (NULL for none) */
2268 {
2269 /*
2270 * Range check input...
2271 */
2272
2273 if (!http)
2274 return;
2275
2276 if (http->authstring && http->authstring != http->_authstring)
2277 free(http->authstring);
2278
2279 http->authstring = http->_authstring;
2280
2281 if (scheme)
2282 {
2283 /*
2284 * Set the current authorization string...
2285 */
2286
2287 int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
2288 char *temp;
2289
2290 if (len > (int)sizeof(http->_authstring))
2291 {
2292 if ((temp = malloc(len)) == NULL)
2293 len = sizeof(http->_authstring);
2294 else
2295 http->authstring = temp;
2296 }
2297
2298 if (data)
2299 snprintf(http->authstring, len, "%s %s", scheme, data);
2300 else
2301 strlcpy(http->authstring, scheme, len);
2302 }
2303 else
2304 {
2305 /*
2306 * Clear the current authorization string...
2307 */
2308
2309 http->_authstring[0] = '\0';
2310 }
2311 }
2312
2313
2314 /*
2315 * 'httpSetCredentials()' - Set the credentials associated with an encrypted
2316 * connection.
2317 *
2318 * @since CUPS 1.5@
2319 */
2320
2321 int /* O - Status of call (0 = success) */
2322 httpSetCredentials(http_t *http, /* I - Connection to server */
2323 cups_array_t *credentials) /* I - Array of credentials */
2324 {
2325 if (!http || cupsArrayCount(credentials) < 1)
2326 return (-1);
2327
2328 _httpFreeCredentials(http->tls_credentials);
2329
2330 http->tls_credentials = _httpConvertCredentials(credentials);
2331
2332 return (http->tls_credentials ? 0 : -1);
2333 }
2334
2335
2336 /*
2337 * 'httpSetCookie()' - Set the cookie value(s).
2338 *
2339 * @since CUPS 1.1.19/Mac OS X 10.3@
2340 */
2341
2342 void
2343 httpSetCookie(http_t *http, /* I - Connection */
2344 const char *cookie) /* I - Cookie string */
2345 {
2346 if (!http)
2347 return;
2348
2349 if (http->cookie)
2350 free(http->cookie);
2351
2352 if (cookie)
2353 http->cookie = strdup(cookie);
2354 else
2355 http->cookie = NULL;
2356 }
2357
2358
2359 /*
2360 * 'httpSetExpect()' - Set the Expect: header in a request.
2361 *
2362 * Currently only HTTP_CONTINUE is supported for the "expect" argument.
2363 *
2364 * @since CUPS 1.2/Mac OS X 10.5@
2365 */
2366
2367 void
2368 httpSetExpect(http_t *http, /* I - Connection to server */
2369 http_status_t expect) /* I - HTTP status to expect (HTTP_CONTINUE) */
2370 {
2371 if (http)
2372 http->expect = expect;
2373 }
2374
2375
2376 /*
2377 * 'httpSetField()' - Set the value of an HTTP header.
2378 */
2379
2380 void
2381 httpSetField(http_t *http, /* I - Connection to server */
2382 http_field_t field, /* I - Field index */
2383 const char *value) /* I - Value */
2384 {
2385 if (http == NULL ||
2386 field < HTTP_FIELD_ACCEPT_LANGUAGE ||
2387 field > HTTP_FIELD_WWW_AUTHENTICATE ||
2388 value == NULL)
2389 return;
2390
2391 strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
2392
2393 if (field == HTTP_FIELD_AUTHORIZATION)
2394 {
2395 /*
2396 * Special case for Authorization: as its contents can be
2397 * longer than HTTP_MAX_VALUE
2398 */
2399
2400 if (http->field_authorization)
2401 free(http->field_authorization);
2402
2403 http->field_authorization = strdup(value);
2404 }
2405 else if (field == HTTP_FIELD_HOST)
2406 {
2407 /*
2408 * Special-case for Host: as we don't want a trailing "." on the hostname and
2409 * need to bracket IPv6 numeric addresses.
2410 */
2411
2412 char *ptr = strchr(value, ':');
2413
2414 if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
2415 {
2416 /*
2417 * Bracket IPv6 numeric addresses...
2418 *
2419 * This is slightly inefficient (basically copying twice), but is an edge
2420 * case and not worth optimizing...
2421 */
2422
2423 snprintf(http->fields[HTTP_FIELD_HOST],
2424 sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
2425 }
2426 else
2427 {
2428 /*
2429 * Check for a trailing dot on the hostname...
2430 */
2431
2432 ptr = http->fields[HTTP_FIELD_HOST];
2433
2434 if (*ptr)
2435 {
2436 ptr += strlen(ptr) - 1;
2437
2438 if (*ptr == '.')
2439 *ptr = '\0';
2440 }
2441 }
2442 }
2443 }
2444
2445
2446 /*
2447 * 'httpSetLength()' - Set the content-length and content-encoding.
2448 *
2449 * @since CUPS 1.2/Mac OS X 10.5@
2450 */
2451
2452 void
2453 httpSetLength(http_t *http, /* I - Connection to server */
2454 size_t length) /* I - Length (0 for chunked) */
2455 {
2456 if (!http)
2457 return;
2458
2459 if (!length)
2460 {
2461 strcpy(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked");
2462 http->fields[HTTP_FIELD_CONTENT_LENGTH][0] = '\0';
2463 }
2464 else
2465 {
2466 http->fields[HTTP_FIELD_TRANSFER_ENCODING][0] = '\0';
2467 snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE,
2468 CUPS_LLFMT, CUPS_LLCAST length);
2469 }
2470 }
2471
2472
2473 /*
2474 * 'httpTrace()' - Send an TRACE request to the server.
2475 */
2476
2477 int /* O - Status of call (0 = success) */
2478 httpTrace(http_t *http, /* I - Connection to server */
2479 const char *uri) /* I - URI for trace */
2480 {
2481 return (http_send(http, HTTP_TRACE, uri));
2482 }
2483
2484
2485 /*
2486 * 'httpUpdate()' - Update the current HTTP state for incoming data.
2487 */
2488
2489 http_status_t /* O - HTTP status */
2490 httpUpdate(http_t *http) /* I - Connection to server */
2491 {
2492 char line[32768], /* Line from connection... */
2493 *value; /* Pointer to value on line */
2494 http_field_t field; /* Field index */
2495 int major, minor, /* HTTP version numbers */
2496 status; /* Request status */
2497
2498
2499 DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
2500 http_states[http->state]));
2501
2502 /*
2503 * Flush pending data, if any...
2504 */
2505
2506 if (http->wused)
2507 {
2508 DEBUG_puts("2httpUpdate: flushing buffer...");
2509
2510 if (httpFlushWrite(http) < 0)
2511 return (HTTP_ERROR);
2512 }
2513
2514 /*
2515 * If we haven't issued any commands, then there is nothing to "update"...
2516 */
2517
2518 if (http->state == HTTP_WAITING)
2519 return (HTTP_CONTINUE);
2520
2521 /*
2522 * Grab all of the lines we can from the connection...
2523 */
2524
2525 while (httpGets(line, sizeof(line), http) != NULL)
2526 {
2527 DEBUG_printf(("2httpUpdate: Got \"%s\"", line));
2528
2529 if (line[0] == '\0')
2530 {
2531 /*
2532 * Blank line means the start of the data section (if any). Return
2533 * the result code, too...
2534 *
2535 * If we get status 100 (HTTP_CONTINUE), then we *don't* change states.
2536 * Instead, we just return HTTP_CONTINUE to the caller and keep on
2537 * tryin'...
2538 */
2539
2540 if (http->status == HTTP_CONTINUE)
2541 return (http->status);
2542
2543 if (http->status < HTTP_BAD_REQUEST)
2544 http->digest_tries = 0;
2545
2546 #ifdef HAVE_SSL
2547 if (http->status == HTTP_SWITCHING_PROTOCOLS && !http->tls)
2548 {
2549 if (http_setup_ssl(http) != 0)
2550 {
2551 # ifdef WIN32
2552 closesocket(http->fd);
2553 # else
2554 close(http->fd);
2555 # endif /* WIN32 */
2556
2557 return (HTTP_ERROR);
2558 }
2559
2560 return (HTTP_CONTINUE);
2561 }
2562 #endif /* HAVE_SSL */
2563
2564 httpGetLength2(http);
2565
2566 switch (http->state)
2567 {
2568 case HTTP_GET :
2569 case HTTP_POST :
2570 case HTTP_POST_RECV :
2571 case HTTP_PUT :
2572 http->state ++;
2573 case HTTP_POST_SEND :
2574 case HTTP_HEAD :
2575 break;
2576
2577 default :
2578 http->state = HTTP_WAITING;
2579 break;
2580 }
2581
2582 return (http->status);
2583 }
2584 else if (!strncmp(line, "HTTP/", 5))
2585 {
2586 /*
2587 * Got the beginning of a response...
2588 */
2589
2590 if (sscanf(line, "HTTP/%d.%d%d", &major, &minor, &status) != 3)
2591 return (HTTP_ERROR);
2592
2593 http->version = (http_version_t)(major * 100 + minor);
2594 http->status = (http_status_t)status;
2595 }
2596 else if ((value = strchr(line, ':')) != NULL)
2597 {
2598 /*
2599 * Got a value...
2600 */
2601
2602 *value++ = '\0';
2603 while (_cups_isspace(*value))
2604 value ++;
2605
2606 /*
2607 * Be tolerants of servers that send unknown attribute fields...
2608 */
2609
2610 if (!strcasecmp(line, "expect"))
2611 {
2612 /*
2613 * "Expect: 100-continue" or similar...
2614 */
2615
2616 http->expect = (http_status_t)atoi(value);
2617 }
2618 else if (!strcasecmp(line, "cookie"))
2619 {
2620 /*
2621 * "Cookie: name=value[; name=value ...]" - replaces previous cookies...
2622 */
2623
2624 httpSetCookie(http, value);
2625 }
2626 else if ((field = http_field(line)) == HTTP_FIELD_UNKNOWN)
2627 {
2628 DEBUG_printf(("1httpUpdate: unknown field %s seen!", line));
2629 continue;
2630 }
2631 else
2632 httpSetField(http, field, value);
2633 }
2634 else
2635 {
2636 DEBUG_printf(("1httpUpdate: Bad response line \"%s\"!", line));
2637 http->status = HTTP_ERROR;
2638 return (HTTP_ERROR);
2639 }
2640 }
2641
2642 /*
2643 * See if there was an error...
2644 */
2645
2646 if (http->error == EPIPE && http->status > HTTP_CONTINUE)
2647 {
2648 DEBUG_printf(("1httpUpdate: Returning status %d...", http->status));
2649 return (http->status);
2650 }
2651
2652 if (http->error)
2653 {
2654 DEBUG_printf(("1httpUpdate: socket error %d - %s", http->error,
2655 strerror(http->error)));
2656 http->status = HTTP_ERROR;
2657 return (HTTP_ERROR);
2658 }
2659
2660 /*
2661 * If we haven't already returned, then there is nothing new...
2662 */
2663
2664 return (HTTP_CONTINUE);
2665 }
2666
2667
2668 /*
2669 * '_httpWait()' - Wait for data available on a connection (no flush).
2670 */
2671
2672 int /* O - 1 if data is available, 0 otherwise */
2673 _httpWait(http_t *http, /* I - Connection to server */
2674 int msec, /* I - Milliseconds to wait */
2675 int usessl) /* I - Use SSL context? */
2676 {
2677 #ifdef HAVE_POLL
2678 struct pollfd pfd; /* Polled file descriptor */
2679 #else
2680 fd_set input_set; /* select() input set */
2681 struct timeval timeout; /* Timeout */
2682 #endif /* HAVE_POLL */
2683 int nfds; /* Result from select()/poll() */
2684
2685
2686 DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
2687
2688 if (http->fd < 0)
2689 {
2690 DEBUG_printf(("5_httpWait: Returning 0 since fd=%d", http->fd));
2691 return (0);
2692 }
2693
2694 /*
2695 * Check the SSL/TLS buffers for data first...
2696 */
2697
2698 #ifdef HAVE_SSL
2699 if (http->tls && usessl)
2700 {
2701 # ifdef HAVE_LIBSSL
2702 if (SSL_pending(http->tls))
2703 {
2704 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2705 return (1);
2706 }
2707
2708 # elif defined(HAVE_GNUTLS)
2709 if (gnutls_record_check_pending(http->tls))
2710 {
2711 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2712 return (1);
2713 }
2714
2715 # elif defined(HAVE_CDSASSL)
2716 size_t bytes; /* Bytes that are available */
2717
2718 if (!SSLGetBufferedReadSize(http->tls, &bytes) &&
2719 bytes > 0)
2720 {
2721 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2722 return (1);
2723 }
2724 # endif /* HAVE_LIBSSL */
2725 }
2726 #endif /* HAVE_SSL */
2727
2728 /*
2729 * Then try doing a select() or poll() to poll the socket...
2730 */
2731
2732 #ifdef HAVE_POLL
2733 pfd.fd = http->fd;
2734 pfd.events = POLLIN;
2735
2736 while ((nfds = poll(&pfd, 1, msec)) < 0 &&
2737 (errno == EINTR || errno == EAGAIN));
2738
2739 #else
2740 do
2741 {
2742 FD_ZERO(&input_set);
2743 FD_SET(http->fd, &input_set);
2744
2745 DEBUG_printf(("6_httpWait: msec=%d, http->fd=%d", msec, http->fd));
2746
2747 if (msec >= 0)
2748 {
2749 timeout.tv_sec = msec / 1000;
2750 timeout.tv_usec = (msec % 1000) * 1000;
2751
2752 nfds = select(http->fd + 1, &input_set, NULL, NULL, &timeout);
2753 }
2754 else
2755 nfds = select(http->fd + 1, &input_set, NULL, NULL, NULL);
2756
2757 DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
2758 }
2759 # ifdef WIN32
2760 while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
2761 WSAGetLastError() == WSAEWOULDBLOCK));
2762 # else
2763 while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
2764 # endif /* WIN32 */
2765 #endif /* HAVE_POLL */
2766
2767 DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
2768 errno));
2769
2770 return (nfds > 0);
2771 }
2772
2773
2774 /*
2775 * 'httpWait()' - Wait for data available on a connection.
2776 *
2777 * @since CUPS 1.1.19/Mac OS X 10.3@
2778 */
2779
2780 int /* O - 1 if data is available, 0 otherwise */
2781 httpWait(http_t *http, /* I - Connection to server */
2782 int msec) /* I - Milliseconds to wait */
2783 {
2784 /*
2785 * First see if there is data in the buffer...
2786 */
2787
2788 if (http == NULL)
2789 return (0);
2790
2791 if (http->used)
2792 return (1);
2793
2794 /*
2795 * Flush pending data, if any...
2796 */
2797
2798 if (http->wused)
2799 {
2800 if (httpFlushWrite(http) < 0)
2801 return (0);
2802 }
2803
2804 /*
2805 * If not, check the SSL/TLS buffers and do a select() on the connection...
2806 */
2807
2808 return (_httpWait(http, msec, 1));
2809 }
2810
2811
2812 /*
2813 * 'httpWrite()' - Write data to a HTTP connection.
2814 *
2815 * This function is deprecated. Use the httpWrite2() function which can
2816 * write more than 2GB of data.
2817 *
2818 * @deprecated@
2819 */
2820
2821 int /* O - Number of bytes written */
2822 httpWrite(http_t *http, /* I - Connection to server */
2823 const char *buffer, /* I - Buffer for data */
2824 int length) /* I - Number of bytes to write */
2825 {
2826 return ((int)httpWrite2(http, buffer, length));
2827 }
2828
2829
2830 /*
2831 * 'httpWrite2()' - Write data to a HTTP connection.
2832 *
2833 * @since CUPS 1.2/Mac OS X 10.5@
2834 */
2835
2836 ssize_t /* O - Number of bytes written */
2837 httpWrite2(http_t *http, /* I - Connection to server */
2838 const char *buffer, /* I - Buffer for data */
2839 size_t length) /* I - Number of bytes to write */
2840 {
2841 ssize_t bytes; /* Bytes written */
2842
2843
2844 DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
2845 buffer, CUPS_LLCAST length));
2846
2847 /*
2848 * Range check input...
2849 */
2850
2851 if (http == NULL || buffer == NULL)
2852 return (-1);
2853
2854 /*
2855 * Mark activity on the connection...
2856 */
2857
2858 http->activity = time(NULL);
2859
2860 /*
2861 * Buffer small writes for better performance...
2862 */
2863
2864 if (length > 0)
2865 {
2866 if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
2867 {
2868 DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
2869 CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
2870
2871 httpFlushWrite(http);
2872 }
2873
2874 if ((length + http->wused) <= sizeof(http->wbuffer) &&
2875 length < sizeof(http->wbuffer))
2876 {
2877 /*
2878 * Write to buffer...
2879 */
2880
2881 DEBUG_printf(("2httpWrite2: Copying " CUPS_LLFMT " bytes to wbuffer...",
2882 CUPS_LLCAST length));
2883
2884 memcpy(http->wbuffer + http->wused, buffer, length);
2885 http->wused += (int)length;
2886 bytes = (ssize_t)length;
2887 }
2888 else
2889 {
2890 /*
2891 * Otherwise write the data directly...
2892 */
2893
2894 DEBUG_printf(("2httpWrite2: Writing " CUPS_LLFMT " bytes to socket...",
2895 CUPS_LLCAST length));
2896
2897 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2898 bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
2899 else
2900 bytes = (ssize_t)http_write(http, buffer, (int)length);
2901
2902 DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
2903 CUPS_LLCAST bytes));
2904 }
2905
2906 if (http->data_encoding == HTTP_ENCODE_LENGTH)
2907 http->data_remaining -= bytes;
2908 }
2909 else
2910 bytes = 0;
2911
2912 /*
2913 * Handle end-of-request processing...
2914 */
2915
2916 if ((http->data_encoding == HTTP_ENCODE_CHUNKED && length == 0) ||
2917 (http->data_encoding == HTTP_ENCODE_LENGTH && http->data_remaining == 0))
2918 {
2919 /*
2920 * Finished with the transfer; unless we are sending POST or PUT
2921 * data, go idle...
2922 */
2923
2924 DEBUG_puts("2httpWrite: changing states...");
2925
2926 if (http->wused)
2927 httpFlushWrite(http);
2928
2929 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2930 {
2931 /*
2932 * Send a 0-length chunk at the end of the request...
2933 */
2934
2935 http_write(http, "0\r\n\r\n", 5);
2936
2937 /*
2938 * Reset the data state...
2939 */
2940
2941 http->data_encoding = HTTP_ENCODE_LENGTH;
2942 http->data_remaining = 0;
2943 }
2944
2945 if (http->state == HTTP_POST_RECV)
2946 http->state ++;
2947 else if (http->state == HTTP_PUT_RECV)
2948 http->state = HTTP_STATUS;
2949 else
2950 http->state = HTTP_WAITING;
2951 }
2952
2953 return (bytes);
2954 }
2955
2956
2957 #if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
2958 /*
2959 * '_httpWriteCDSA()' - Write function for the CDSA library.
2960 */
2961
2962 OSStatus /* O - -1 on error, 0 on success */
2963 _httpWriteCDSA(
2964 SSLConnectionRef connection, /* I - SSL/TLS connection */
2965 const void *data, /* I - Data buffer */
2966 size_t *dataLength) /* IO - Number of bytes */
2967 {
2968 OSStatus result; /* Return value */
2969 ssize_t bytes; /* Number of bytes read */
2970 http_t *http; /* HTTP connection */
2971
2972
2973 http = (http_t *)connection;
2974
2975 do
2976 {
2977 bytes = write(http->fd, data, *dataLength);
2978 }
2979 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
2980
2981 if (bytes == *dataLength)
2982 {
2983 result = 0;
2984 }
2985 else if (bytes >= 0)
2986 {
2987 *dataLength = bytes;
2988 result = errSSLWouldBlock;
2989 }
2990 else
2991 {
2992 *dataLength = 0;
2993
2994 if (errno == EAGAIN)
2995 result = errSSLWouldBlock;
2996 else
2997 result = errSSLClosedAbort;
2998 }
2999
3000 return (result);
3001 }
3002 #endif /* HAVE_SSL && HAVE_CDSASSL */
3003
3004
3005 #if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
3006 /*
3007 * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
3008 */
3009
3010 ssize_t /* O - Number of bytes written or -1 on error */
3011 _httpWriteGNUTLS(
3012 gnutls_transport_ptr ptr, /* I - Connection to server */
3013 const void *data, /* I - Data buffer */
3014 size_t length) /* I - Number of bytes to write */
3015 {
3016 return (send(((http_t *)ptr)->fd, data, length, 0));
3017 }
3018 #endif /* HAVE_SSL && HAVE_GNUTLS */
3019
3020
3021 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
3022 /*
3023 * 'http_bio_ctrl()' - Control the HTTP connection.
3024 */
3025
3026 static long /* O - Result/data */
3027 http_bio_ctrl(BIO *h, /* I - BIO data */
3028 int cmd, /* I - Control command */
3029 long arg1, /* I - First argument */
3030 void *arg2) /* I - Second argument */
3031 {
3032 switch (cmd)
3033 {
3034 default :
3035 return (0);
3036
3037 case BIO_CTRL_RESET :
3038 h->ptr = NULL;
3039 return (0);
3040
3041 case BIO_C_SET_FILE_PTR :
3042 h->ptr = arg2;
3043 h->init = 1;
3044 return (1);
3045
3046 case BIO_C_GET_FILE_PTR :
3047 if (arg2)
3048 {
3049 *((void **)arg2) = h->ptr;
3050 return (1);
3051 }
3052 else
3053 return (0);
3054
3055 case BIO_CTRL_DUP :
3056 case BIO_CTRL_FLUSH :
3057 return (1);
3058 }
3059 }
3060
3061
3062 /*
3063 * 'http_bio_free()' - Free OpenSSL data.
3064 */
3065
3066 static int /* O - 1 on success, 0 on failure */
3067 http_bio_free(BIO *h) /* I - BIO data */
3068 {
3069 if (!h)
3070 return (0);
3071
3072 if (h->shutdown)
3073 {
3074 h->init = 0;
3075 h->flags = 0;
3076 }
3077
3078 return (1);
3079 }
3080
3081
3082 /*
3083 * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
3084 */
3085
3086 static int /* O - 1 on success, 0 on failure */
3087 http_bio_new(BIO *h) /* I - BIO data */
3088 {
3089 if (!h)
3090 return (0);
3091
3092 h->init = 0;
3093 h->num = 0;
3094 h->ptr = NULL;
3095 h->flags = 0;
3096
3097 return (1);
3098 }
3099
3100
3101 /*
3102 * 'http_bio_puts()' - Send a string for OpenSSL.
3103 */
3104
3105 static int /* O - Bytes written */
3106 http_bio_puts(BIO *h, /* I - BIO data */
3107 const char *str) /* I - String to write */
3108 {
3109 #ifdef WIN32
3110 return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
3111 #else
3112 return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
3113 #endif /* WIN32 */
3114 }
3115
3116
3117 /*
3118 * 'http_bio_read()' - Read data for OpenSSL.
3119 */
3120
3121 static int /* O - Bytes read */
3122 http_bio_read(BIO *h, /* I - BIO data */
3123 char *buf, /* I - Buffer */
3124 int size) /* I - Number of bytes to read */
3125 {
3126 http_t *http; /* HTTP connection */
3127
3128
3129 http = (http_t *)h->ptr;
3130
3131 if (!http->blocking)
3132 {
3133 /*
3134 * Make sure we have data before we read...
3135 */
3136
3137 if (!_httpWait(http, 10000, 0))
3138 {
3139 #ifdef WIN32
3140 http->error = WSAETIMEDOUT;
3141 #else
3142 http->error = ETIMEDOUT;
3143 #endif /* WIN32 */
3144
3145 return (-1);
3146 }
3147 }
3148
3149 return (recv(http->fd, buf, size, 0));
3150 }
3151
3152
3153 /*
3154 * 'http_bio_write()' - Write data for OpenSSL.
3155 */
3156
3157 static int /* O - Bytes written */
3158 http_bio_write(BIO *h, /* I - BIO data */
3159 const char *buf, /* I - Buffer to write */
3160 int num) /* I - Number of bytes to write */
3161 {
3162 return (send(((http_t *)h->ptr)->fd, buf, num, 0));
3163 }
3164 #endif /* HAVE_SSL && HAVE_LIBSSL */
3165
3166
3167 #ifdef DEBUG
3168 /*
3169 * 'http_debug_hex()' - Do a hex dump of a buffer.
3170 */
3171
3172 static void
3173 http_debug_hex(const char *prefix, /* I - Prefix for line */
3174 const char *buffer, /* I - Buffer to dump */
3175 int bytes) /* I - Bytes to dump */
3176 {
3177 int i, j, /* Looping vars */
3178 ch; /* Current character */
3179 char line[255], /* Line buffer */
3180 *start, /* Start of line after prefix */
3181 *ptr; /* Pointer into line */
3182
3183
3184 if (_cups_debug_fd < 0 || _cups_debug_level < 6)
3185 return;
3186
3187 DEBUG_printf(("6%s: %d bytes:\n", prefix, bytes));
3188
3189 snprintf(line, sizeof(line), "6%s: ", prefix);
3190 start = line + strlen(line);
3191
3192 for (i = 0; i < bytes; i += 16)
3193 {
3194 for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
3195 sprintf(ptr, "%02X", buffer[i + j] & 255);
3196
3197 while (j < 16)
3198 {
3199 strcpy(ptr, " ");
3200 ptr += 2;
3201 j ++;
3202 }
3203
3204 strcpy(ptr, " ");
3205 ptr += 2;
3206
3207 for (j = 0; j < 16 && (i + j) < bytes; j ++)
3208 {
3209 ch = buffer[i + j] & 255;
3210
3211 if (ch < ' ' || ch >= 127)
3212 ch = '.';
3213
3214 *ptr++ = ch;
3215 }
3216
3217 *ptr = '\0';
3218 DEBUG_puts(line);
3219 }
3220 }
3221 #endif /* DEBUG */
3222
3223
3224 /*
3225 * 'http_field()' - Return the field index for a field name.
3226 */
3227
3228 static http_field_t /* O - Field index */
3229 http_field(const char *name) /* I - String name */
3230 {
3231 int i; /* Looping var */
3232
3233
3234 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3235 if (strcasecmp(name, http_fields[i]) == 0)
3236 return ((http_field_t)i);
3237
3238 return (HTTP_FIELD_UNKNOWN);
3239 }
3240
3241
3242 #ifdef HAVE_SSL
3243 /*
3244 * 'http_read_ssl()' - Read from a SSL/TLS connection.
3245 */
3246
3247 static int /* O - Bytes read */
3248 http_read_ssl(http_t *http, /* I - Connection to server */
3249 char *buf, /* I - Buffer to store data */
3250 int len) /* I - Length of buffer */
3251 {
3252 # if defined(HAVE_LIBSSL)
3253 return (SSL_read((SSL *)(http->tls), buf, len));
3254
3255 # elif defined(HAVE_GNUTLS)
3256 ssize_t result; /* Return value */
3257
3258
3259 result = gnutls_record_recv(http->tls, buf, len);
3260
3261 if (result < 0 && !errno)
3262 {
3263 /*
3264 * Convert GNU TLS error to errno value...
3265 */
3266
3267 switch (result)
3268 {
3269 case GNUTLS_E_INTERRUPTED :
3270 errno = EINTR;
3271 break;
3272
3273 case GNUTLS_E_AGAIN :
3274 errno = EAGAIN;
3275 break;
3276
3277 default :
3278 errno = EPIPE;
3279 break;
3280 }
3281
3282 result = -1;
3283 }
3284
3285 return ((int)result);
3286
3287 # elif defined(HAVE_CDSASSL)
3288 int result; /* Return value */
3289 OSStatus error; /* Error info */
3290 size_t processed; /* Number of bytes processed */
3291
3292
3293 error = SSLRead(http->tls, buf, len, &processed);
3294
3295 switch (error)
3296 {
3297 case 0 :
3298 result = (int)processed;
3299 break;
3300 case errSSLClosedGraceful :
3301 result = 0;
3302 break;
3303 case errSSLWouldBlock :
3304 if (processed)
3305 result = (int)processed;
3306 else
3307 {
3308 result = -1;
3309 errno = EINTR;
3310 }
3311 break;
3312 default :
3313 errno = EPIPE;
3314 result = -1;
3315 break;
3316 }
3317
3318 return (result);
3319 # elif defined(HAVE_SSPISSL)
3320 return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
3321 # endif /* HAVE_LIBSSL */
3322 }
3323 #endif /* HAVE_SSL */
3324
3325
3326 #ifdef HAVE_LIBSSL
3327 /*
3328 * 'http_locking_cb()' - Lock/unlock a thread's mutex.
3329 */
3330
3331 static void
3332 http_locking_cb(int mode, /* I - Lock mode */
3333 int type, /* I - Lock type */
3334 const char *file, /* I - Source file */
3335 int line) /* I - Line number */
3336 {
3337 if (mode & CRYPTO_LOCK)
3338 _cupsMutexLock(http_locks + type);
3339 else
3340 _cupsMutexUnlock(http_locks + type);
3341 }
3342 #endif /* HAVE_LIBSSL */
3343
3344
3345 /*
3346 * 'http_send()' - Send a request with all fields and the trailing blank line.
3347 */
3348
3349 static int /* O - 0 on success, non-zero on error */
3350 http_send(http_t *http, /* I - Connection to server */
3351 http_state_t request, /* I - Request code */
3352 const char *uri) /* I - URI */
3353 {
3354 int i; /* Looping var */
3355 char buf[1024]; /* Encoded URI buffer */
3356 static const char * const codes[] =
3357 { /* Request code strings */
3358 NULL,
3359 "OPTIONS",
3360 "GET",
3361 NULL,
3362 "HEAD",
3363 "POST",
3364 NULL,
3365 NULL,
3366 "PUT",
3367 NULL,
3368 "DELETE",
3369 "TRACE",
3370 "CLOSE"
3371 };
3372
3373
3374 DEBUG_printf(("7http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
3375 http, codes[request], uri));
3376
3377 if (http == NULL || uri == NULL)
3378 return (-1);
3379
3380 /*
3381 * Set the User-Agent field if it isn't already...
3382 */
3383
3384 if (!http->fields[HTTP_FIELD_USER_AGENT][0])
3385 httpSetField(http, HTTP_FIELD_USER_AGENT, CUPS_MINIMAL);
3386
3387 /*
3388 * Encode the URI as needed...
3389 */
3390
3391 _httpEncodeURI(buf, uri, sizeof(buf));
3392
3393 /*
3394 * See if we had an error the last time around; if so, reconnect...
3395 */
3396
3397 if (http->status == HTTP_ERROR || http->status >= HTTP_BAD_REQUEST)
3398 if (httpReconnect(http))
3399 return (-1);
3400
3401 /*
3402 * Flush any written data that is pending...
3403 */
3404
3405 if (http->wused)
3406 {
3407 if (httpFlushWrite(http) < 0)
3408 if (httpReconnect(http))
3409 return (-1);
3410 }
3411
3412 /*
3413 * Send the request header...
3414 */
3415
3416 http->state = request;
3417 http->data_encoding = HTTP_ENCODE_FIELDS;
3418
3419 if (request == HTTP_POST || request == HTTP_PUT)
3420 http->state ++;
3421
3422 http->status = HTTP_CONTINUE;
3423
3424 #ifdef HAVE_SSL
3425 if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
3426 {
3427 httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
3428 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0,SSL/2.0,SSL/3.0");
3429 }
3430 #endif /* HAVE_SSL */
3431
3432 if (httpPrintf(http, "%s %s HTTP/1.1\r\n", codes[request], buf) < 1)
3433 {
3434 http->status = HTTP_ERROR;
3435 return (-1);
3436 }
3437
3438 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3439 if (http->fields[i][0] != '\0')
3440 {
3441 DEBUG_printf(("9http_send: %s: %s", http_fields[i],
3442 httpGetField(http, i)));
3443
3444 if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
3445 httpGetField(http, i)) < 1)
3446 {
3447 http->status = HTTP_ERROR;
3448 return (-1);
3449 }
3450 }
3451
3452 if (http->cookie)
3453 if (httpPrintf(http, "Cookie: $Version=0; %s\r\n", http->cookie) < 1)
3454 {
3455 http->status = HTTP_ERROR;
3456 return (-1);
3457 }
3458
3459 if (http->expect == HTTP_CONTINUE &&
3460 (http->state == HTTP_POST_RECV || http->state == HTTP_PUT_RECV))
3461 if (httpPrintf(http, "Expect: 100-continue\r\n") < 1)
3462 {
3463 http->status = HTTP_ERROR;
3464 return (-1);
3465 }
3466
3467 if (httpPrintf(http, "\r\n") < 1)
3468 {
3469 http->status = HTTP_ERROR;
3470 return (-1);
3471 }
3472
3473 if (httpFlushWrite(http) < 0)
3474 return (-1);
3475
3476 httpGetLength2(http);
3477 httpClearFields(http);
3478
3479 /*
3480 * The Kerberos and AuthRef authentication strings can only be used once...
3481 */
3482
3483 if (http->field_authorization && http->authstring &&
3484 (!strncmp(http->authstring, "Negotiate", 9) ||
3485 !strncmp(http->authstring, "AuthRef", 7)))
3486 {
3487 http->_authstring[0] = '\0';
3488
3489 if (http->authstring != http->_authstring)
3490 free(http->authstring);
3491
3492 http->authstring = http->_authstring;
3493 }
3494
3495 return (0);
3496 }
3497
3498
3499 #ifdef HAVE_SSL
3500 /*
3501 * 'http_set_credentials()' - Set the SSL/TLS credentials.
3502 */
3503
3504 static int /* O - Status of connection */
3505 http_set_credentials(http_t *http) /* I - Connection to server */
3506 {
3507 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
3508 # ifdef HAVE_CDSASSL
3509 OSStatus error = 0; /* Error code */
3510 http_tls_credentials_t credentials = NULL;
3511 /* TLS credentials */
3512 # endif /* HAVE_CDSASSL */
3513
3514
3515 DEBUG_printf(("7http_set_credentials(%p)", http));
3516
3517 # ifdef HAVE_LIBSSL
3518 return (-1);
3519
3520 # elif defined(HAVE_GNUTLS)
3521 return (-1);
3522
3523 # elif defined(HAVE_CDSASSL)
3524 /*
3525 * Prefer connection specific credentials...
3526 */
3527
3528 if ((credentials = http->tls_credentials) == NULL)
3529 credentials = cg->tls_credentials;
3530
3531 # if HAVE_SECPOLICYCREATESSL
3532 /*
3533 * Otherwise root around in the user's keychain to see if one can be found...
3534 */
3535
3536 if (!credentials)
3537 {
3538 CFDictionaryRef query; /* Query dictionary */
3539 CFTypeRef matches = NULL; /* Matching credentials */
3540 CFArrayRef dn_array = NULL;/* Distinguished names array */
3541 CFTypeRef keys[] = { kSecClass,
3542 kSecMatchLimit,
3543 kSecReturnRef };
3544 /* Keys for dictionary */
3545 CFTypeRef values[] = { kSecClassCertificate,
3546 kSecMatchLimitOne,
3547 kCFBooleanTrue };
3548 /* Values for dictionary */
3549
3550 /*
3551 * Get the names associated with the server.
3552 */
3553
3554 if ((error = SSLCopyDistinguishedNames(http->tls, &dn_array)) != noErr)
3555 {
3556 DEBUG_printf(("4http_set_credentials: SSLCopyDistinguishedNames, error=%d",
3557 (int)error));
3558 return (error);
3559 }
3560
3561 /*
3562 * Create a query which will return all identities that can sign and match
3563 * the passed in policy.
3564 */
3565
3566 query = CFDictionaryCreate(NULL,
3567 (const void**)(&keys[0]),
3568 (const void**)(&values[0]),
3569 sizeof(keys) / sizeof(keys[0]),
3570 &kCFTypeDictionaryKeyCallBacks,
3571 &kCFTypeDictionaryValueCallBacks);
3572 if (query)
3573 {
3574 error = SecItemCopyMatching(query, &matches);
3575 DEBUG_printf(("4http_set_credentials: SecItemCopyMatching, error=%d",
3576 (int)error));
3577 CFRelease(query);
3578 }
3579
3580 if (matches)
3581 CFRelease(matches);
3582
3583 if (dn_array)
3584 CFRelease(dn_array);
3585 }
3586 # endif /* HAVE_SECPOLICYCREATESSL */
3587
3588 if (credentials)
3589 {
3590 error = SSLSetCertificate(http->tls, credentials);
3591 DEBUG_printf(("4http_set_credentials: SSLSetCertificate, error=%d",
3592 (int)error));
3593 }
3594 else
3595 DEBUG_puts("4http_set_credentials: No credentials to set.");
3596
3597 return (error);
3598
3599 # elif defined(HAVE_SSPISSL)
3600 return (-1);
3601 # endif /* HAVE_LIBSSL */
3602 }
3603
3604
3605 /*
3606 * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
3607 */
3608
3609 static int /* O - Status of connection */
3610 http_setup_ssl(http_t *http) /* I - Connection to server */
3611 {
3612 _cups_globals_t *cg = _cupsGlobals();
3613 /* Pointer to library globals */
3614 int any_root; /* Allow any root */
3615
3616 # ifdef HAVE_LIBSSL
3617 SSL_CTX *context; /* Context for encryption */
3618 BIO *bio; /* BIO data */
3619 # elif defined(HAVE_GNUTLS)
3620 gnutls_certificate_client_credentials *credentials;
3621 /* TLS credentials */
3622 # elif defined(HAVE_CDSASSL)
3623 OSStatus error; /* Error code */
3624 const char *message = NULL; /* Error message */
3625 cups_array_t *credentials; /* Credentials array */
3626 char *hostname; /* Hostname */
3627 cups_array_t *names; /* CUPS distinguished names */
3628 CFArrayRef dn_array; /* CF distinguished names array */
3629 CFIndex count; /* Number of credentials */
3630 CFDataRef data; /* Certificate data */
3631 int i; /* Looping var */
3632 http_credential_t
3633 *credential; /* Credential data */
3634 # elif defined(HAVE_SSPISSL)
3635 TCHAR username[256]; /* Username returned from GetUserName() */
3636 TCHAR commonName[256]; /* Common name for certificate */
3637 DWORD dwSize; /* 32 bit size */
3638 # endif /* HAVE_LIBSSL */
3639
3640
3641 DEBUG_printf(("7http_setup_ssl(http=%p)", http));
3642
3643 /*
3644 * Always allow self-signed certificates for the local loopback address...
3645 */
3646
3647 if (httpAddrLocalhost(http->hostaddr))
3648 any_root = 1;
3649 else
3650 any_root = cg->any_root;
3651
3652 # ifdef HAVE_LIBSSL
3653 context = SSL_CTX_new(SSLv23_client_method());
3654
3655 SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
3656
3657 bio = BIO_new(_httpBIOMethods());
3658 BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
3659
3660 http->tls = SSL_new(context);
3661 SSL_set_bio(http->tls_credentials, bio, bio);
3662
3663 if (SSL_connect(http->tls) != 1)
3664 {
3665 # ifdef DEBUG
3666 unsigned long error; /* Error code */
3667
3668 while ((error = ERR_get_error()) != 0)
3669 DEBUG_printf(("8http_setup_ssl: %s", ERR_error_string(error, NULL)));
3670 # endif /* DEBUG */
3671
3672 SSL_CTX_free(context);
3673 SSL_free(http->tls);
3674 http->tls = NULL;
3675
3676 # ifdef WIN32
3677 http->error = WSAGetLastError();
3678 # else
3679 http->error = errno;
3680 # endif /* WIN32 */
3681 http->status = HTTP_ERROR;
3682
3683 return (HTTP_ERROR);
3684 }
3685
3686 # elif defined(HAVE_GNUTLS)
3687 credentials = (gnutls_certificate_client_credentials *)
3688 malloc(sizeof(gnutls_certificate_client_credentials));
3689 if (credentials == NULL)
3690 {
3691 http->error = errno;
3692 http->status = HTTP_ERROR;
3693
3694 return (-1);
3695 }
3696
3697 gnutls_certificate_allocate_credentials(credentials);
3698
3699 gnutls_init(&http->tls, GNUTLS_CLIENT);
3700 gnutls_set_default_priority(http->tls);
3701 gnutls_credentials_set(http->tls, GNUTLS_CRD_CERTIFICATE, *credentials);
3702 gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr)http);
3703 gnutls_transport_set_pull_function(http->tls, _httpReadGNUTLS);
3704 gnutls_transport_set_push_function(http->tls, _httpWriteGNUTLS);
3705
3706 if ((gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
3707 {
3708 http->error = errno;
3709 http->status = HTTP_ERROR;
3710
3711 gnutls_deinit(http->tls);
3712 gnutls_certificate_free_credentials(*credentials);
3713 free(credentials);
3714 http->tls = NULL;
3715
3716 return (-1);
3717 }
3718
3719 http->tls_credentials = credentials;
3720
3721 # elif defined(HAVE_CDSASSL)
3722 if ((error = SSLNewContext(false, &http->tls)))
3723 {
3724 http->error = error;
3725 http->status = HTTP_ERROR;
3726
3727 return (-1);
3728 }
3729
3730 error = SSLSetConnection(http->tls, http);
3731 DEBUG_printf(("4http_setup_ssl: SSLSetConnection, error=%d", (int)error));
3732
3733 if (!error)
3734 {
3735 error = SSLSetIOFuncs(http->tls, _httpReadCDSA, _httpWriteCDSA);
3736 DEBUG_printf(("4http_setup_ssl: SSLSetIOFuncs, error=%d", (int)error));
3737 }
3738
3739 if (!error)
3740 {
3741 error = SSLSetProtocolVersionEnabled(http->tls, kSSLProtocol2, false);
3742 DEBUG_printf(("4http_setup_ssl: SSLSetProtocolVersionEnabled, error=%d",
3743 (int)error));
3744 }
3745
3746 if (!error)
3747 {
3748 error = SSLSetAllowsAnyRoot(http->tls, any_root);
3749 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsAnyRoot(%d), error=%d",
3750 any_root, (int)error));
3751 }
3752
3753 if (!error)
3754 {
3755 error = SSLSetAllowsExpiredCerts(http->tls, cg->expired_certs);
3756 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredCerts(%d), error=%d",
3757 cg->expired_certs, (int)error));
3758 }
3759
3760 if (!error)
3761 {
3762 error = SSLSetAllowsExpiredRoots(http->tls, cg->expired_root);
3763 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredRoots(%d), error=%d",
3764 cg->expired_root, (int)error));
3765 }
3766
3767 if (!error)
3768 {
3769 if (cg->client_cert_cb)
3770 {
3771 error = SSLSetSessionOption(http->tls,
3772 kSSLSessionOptionBreakOnCertRequested, true);
3773 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnCertRequested, "
3774 "error=%d", (int)error));
3775 }
3776 else
3777 {
3778 error = http_set_credentials(http);
3779 DEBUG_printf(("4http_setup_ssl: http_set_credentials, error=%d",
3780 (int)error));
3781 }
3782 }
3783
3784 /*
3785 * If there's a server certificate callback installed let it evaluate the
3786 * certificate(s) during the handshake...
3787 */
3788
3789 if (!error && cg->server_cert_cb != NULL)
3790 {
3791 error = SSLSetEnableCertVerify(http->tls, false);
3792 DEBUG_printf(("4http_setup_ssl: SSLSetEnableCertVerify, error=%d",
3793 (int)error));
3794
3795 if (!error)
3796 {
3797 error = SSLSetSessionOption(http->tls,
3798 kSSLSessionOptionBreakOnServerAuth, true);
3799 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnServerAuth, "
3800 "error=%d", (int)error));
3801 }
3802 }
3803
3804 if (!error)
3805 {
3806 hostname = httpAddrLocalhost(http->hostaddr) ? "localhost" : http->hostname;
3807 error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
3808
3809 DEBUG_printf(("4http_setup_ssl: SSLSetPeerDomainName, error=%d",
3810 (int)error));
3811 }
3812
3813 if (!error)
3814 {
3815 int done = 0; /* Are we done yet? */
3816
3817 while (!error && !done)
3818 {
3819 error = SSLHandshake(http->tls);
3820
3821 DEBUG_printf(("4_httpWait: SSLHandshake returned %d.", (int)error));
3822
3823 switch (error)
3824 {
3825 case noErr :
3826 done = 1;
3827 break;
3828
3829 case errSSLWouldBlock :
3830 usleep(1000);
3831 break;
3832
3833 case errSSLServerAuthCompleted :
3834 error = 0;
3835 if (cg->server_cert_cb)
3836 {
3837 error = httpCopyCredentials(http, &credentials);
3838 if (!error)
3839 {
3840 error = (cg->server_cert_cb)(http, http->tls, credentials,
3841 cg->server_cert_data);
3842 httpFreeCredentials(credentials);
3843 }
3844
3845 DEBUG_printf(("4_httpWait: Server certificate callback returned "
3846 "%d.", (int)error));
3847 }
3848 break;
3849
3850 case errSSLClientCertRequested :
3851 error = 0;
3852
3853 if (cg->client_cert_cb)
3854 {
3855 names = NULL;
3856 if (!(error = SSLCopyDistinguishedNames(http->tls, &dn_array)) &&
3857 dn_array)
3858 {
3859 if ((names = cupsArrayNew(NULL, NULL)) != NULL)
3860 {
3861 for (i = 0, count = CFArrayGetCount(dn_array); i < count; i++)
3862 {
3863 data = (CFDataRef)CFArrayGetValueAtIndex(dn_array, i);
3864
3865 if ((credential = malloc(sizeof(*credential))))
3866 {
3867 credential->datalen = CFDataGetLength(data);
3868 if ((credential->data = malloc(credential->datalen)))
3869 {
3870 memcpy((void *)credential->data, CFDataGetBytePtr(data),
3871 credential->datalen);
3872 cupsArrayAdd(names, credential);
3873 }
3874 }
3875 }
3876 }
3877
3878 CFRelease(dn_array);
3879 }
3880
3881 if (!error)
3882 {
3883 error = (cg->client_cert_cb)(http, http->tls, names,
3884 cg->client_cert_data);
3885
3886 DEBUG_printf(("4_httpWait: Client certificate callback "
3887 "returned %d.", (int)error));
3888 }
3889
3890 httpFreeCredentials(names);
3891 }
3892 break;
3893
3894 case errSSLUnknownRootCert :
3895 message = _("Unable to establish a secure connection to host "
3896 "(untrusted certificate).");
3897 break;
3898
3899 case errSSLNoRootCert :
3900 message = _("Unable to establish a secure connection to host "
3901 "(self-signed certificate).");
3902 break;
3903
3904 case errSSLCertExpired :
3905 message = _("Unable to establish a secure connection to host "
3906 "(expired certificate).");
3907 break;
3908
3909 case errSSLCertNotYetValid :
3910 message = _("Unable to establish a secure connection to host "
3911 "(certificate not yet valid).");
3912 break;
3913
3914 case errSSLHostNameMismatch :
3915 message = _("Unable to establish a secure connection to host "
3916 "(host name mismatch).");
3917 break;
3918
3919 case errSSLXCertChainInvalid :
3920 message = _("Unable to establish a secure connection to host "
3921 "(certificate chain invalid).");
3922 break;
3923
3924 case errSSLConnectionRefused :
3925 message = _("Unable to establish a secure connection to host "
3926 "(peer dropped connection before responding).");
3927 break;
3928
3929 default :
3930 break;
3931 }
3932 }
3933 }
3934
3935 if (error)
3936 {
3937 http->error = error;
3938 http->status = HTTP_ERROR;
3939 errno = ECONNREFUSED;
3940
3941 SSLDisposeContext(http->tls);
3942 http->tls = NULL;
3943
3944 /*
3945 * If an error string wasn't set by the callbacks use a generic one...
3946 */
3947
3948 if (!message)
3949 #ifdef HAVE_CSSMERRORSTRING
3950 message = cssmErrorString(error);
3951 #else
3952 message = _("Unable to establish a secure connection to host.");
3953 #endif /* HAVE_CSSMERRORSTRING */
3954
3955 _cupsSetError(IPP_PKI_ERROR, message, 1);
3956
3957 return (-1);
3958 }
3959
3960 # elif defined(HAVE_SSPISSL)
3961 http->tls = _sspiAlloc();
3962
3963 if (!http->tls)
3964 return (-1);
3965
3966 http->tls->sock = http->fd;
3967 dwSize = sizeof(username) / sizeof(TCHAR);
3968 GetUserName(username, &dwSize);
3969 _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
3970 sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
3971
3972 if (!_sspiGetCredentials(http->tls_credentials, L"ClientContainer",
3973 commonName, FALSE))
3974 {
3975 _sspiFree(http->tls_credentials);
3976 http->tls_credentials = NULL;
3977 return (-1);
3978 }
3979
3980 _sspiSetAllowsAnyRoot(http->tls_credentials, TRUE);
3981 _sspiSetAllowsExpiredCerts(http->tls_credentials, TRUE);
3982
3983 if (!_sspiConnect(http->tls_credentials, http->hostname))
3984 {
3985 _sspiFree(http->tls_credentials);
3986 http->tls_credentials = NULL;
3987 return (-1);
3988 }
3989 # endif /* HAVE_CDSASSL */
3990
3991 return (0);
3992 }
3993 #endif /* HAVE_SSL */
3994
3995
3996 #ifdef HAVE_SSL
3997 /*
3998 * 'http_shutdown_ssl()' - Shut down SSL/TLS on a connection.
3999 */
4000
4001 static void
4002 http_shutdown_ssl(http_t *http) /* I - Connection to server */
4003 {
4004 # ifdef HAVE_LIBSSL
4005 SSL_CTX *context; /* Context for encryption */
4006
4007 context = SSL_get_SSL_CTX(http->tls_credentials);
4008
4009 SSL_shutdown(http->tls_credentials);
4010 SSL_CTX_free(context);
4011 SSL_free(http->tls_credentials);
4012
4013 # elif defined(HAVE_GNUTLS)
4014 gnutls_certificate_client_credentials *credentials;
4015 /* TLS credentials */
4016
4017 credentials = (gnutls_certificate_client_credentials *)(http->tls_credentials);
4018
4019 gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
4020 gnutls_deinit(http->tls);
4021 gnutls_certificate_free_credentials(*credentials);
4022 free(credentials);
4023
4024 # elif defined(HAVE_CDSASSL)
4025 while (SSLClose(http->tls) == errSSLWouldBlock)
4026 usleep(1000);
4027
4028 SSLDisposeContext(http->tls);
4029
4030 if (http->tls_credentials)
4031 CFRelease(http->tls_credentials);
4032
4033 # elif defined(HAVE_SSPISSL)
4034 _sspiFree(http->tls_credentials);
4035 # endif /* HAVE_LIBSSL */
4036
4037 http->tls = NULL;
4038 http->tls_credentials = NULL;
4039 }
4040 #endif /* HAVE_SSL */
4041
4042
4043 #ifdef HAVE_LIBSSL
4044 /*
4045 * 'http_threadid_cb()' - Return the current thread ID.
4046 */
4047
4048 static unsigned long /* O - Thread ID */
4049 http_threadid_cb(void)
4050 {
4051 # ifdef HAVE_PTHREAD_H
4052 return ((unsigned long)pthread_self());
4053 # else
4054 return (0);
4055 # endif /* HAVE_PTHREAD_H */
4056 }
4057 #endif /* HAVE_LIBSSL */
4058
4059
4060 #ifdef HAVE_SSL
4061 /*
4062 * 'http_upgrade()' - Force upgrade to TLS encryption.
4063 */
4064
4065 static int /* O - Status of connection */
4066 http_upgrade(http_t *http) /* I - Connection to server */
4067 {
4068 int ret; /* Return value */
4069 http_t myhttp; /* Local copy of HTTP data */
4070
4071
4072 DEBUG_printf(("7http_upgrade(%p)", http));
4073
4074 /*
4075 * Flush the connection to make sure any previous "Upgrade" message
4076 * has been read.
4077 */
4078
4079 httpFlush(http);
4080
4081 /*
4082 * Copy the HTTP data to a local variable so we can do the OPTIONS
4083 * request without interfering with the existing request data...
4084 */
4085
4086 memcpy(&myhttp, http, sizeof(myhttp));
4087
4088 /*
4089 * Send an OPTIONS request to the server, requiring SSL or TLS
4090 * encryption on the link...
4091 */
4092
4093 http->field_authorization = NULL; /* Don't free the auth string */
4094
4095 httpClearFields(http);
4096 httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
4097 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0, SSL/3.0");
4098
4099 if ((ret = httpOptions(http, "*")) == 0)
4100 {
4101 /*
4102 * Wait for the secure connection...
4103 */
4104
4105 while (httpUpdate(http) == HTTP_CONTINUE);
4106 }
4107
4108 /*
4109 * Restore the HTTP request data...
4110 */
4111
4112 memcpy(http->fields, myhttp.fields, sizeof(http->fields));
4113 http->data_encoding = myhttp.data_encoding;
4114 http->data_remaining = myhttp.data_remaining;
4115 http->_data_remaining = myhttp._data_remaining;
4116 http->expect = myhttp.expect;
4117 http->field_authorization = myhttp.field_authorization;
4118 http->digest_tries = myhttp.digest_tries;
4119
4120 /*
4121 * See if we actually went secure...
4122 */
4123
4124 if (!http->tls)
4125 {
4126 /*
4127 * Server does not support HTTP upgrade...
4128 */
4129
4130 DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
4131
4132 # ifdef WIN32
4133 closesocket(http->fd);
4134 # else
4135 close(http->fd);
4136 # endif
4137
4138 http->fd = -1;
4139
4140 return (-1);
4141 }
4142 else
4143 return (ret);
4144 }
4145 #endif /* HAVE_SSL */
4146
4147
4148 /*
4149 * 'http_write()' - Write a buffer to a HTTP connection.
4150 */
4151
4152 static int /* O - Number of bytes written */
4153 http_write(http_t *http, /* I - Connection to server */
4154 const char *buffer, /* I - Buffer for data */
4155 int length) /* I - Number of bytes to write */
4156 {
4157 int tbytes, /* Total bytes sent */
4158 bytes; /* Bytes sent */
4159
4160
4161 DEBUG_printf(("2http_write(http=%p, buffer=%p, length=%d)", http, buffer,
4162 length));
4163 http->error = 0;
4164 tbytes = 0;
4165
4166 while (length > 0)
4167 {
4168 #ifdef HAVE_SSL
4169 if (http->tls)
4170 bytes = http_write_ssl(http, buffer, length);
4171 else
4172 #endif /* HAVE_SSL */
4173 bytes = send(http->fd, buffer, length, 0);
4174
4175 if (bytes < 0)
4176 {
4177 #ifdef WIN32
4178 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
4179 continue;
4180 else if (WSAGetLastError() != http->error && WSAGetLastError() != WSAECONNRESET)
4181 {
4182 http->error = WSAGetLastError();
4183 continue;
4184 }
4185 #else
4186 if (errno == EINTR || errno == EAGAIN)
4187 continue;
4188 else if (errno != http->error && errno != ECONNRESET)
4189 {
4190 http->error = errno;
4191 continue;
4192 }
4193 #endif /* WIN32 */
4194
4195 DEBUG_printf(("3http_write: error writing data (%s).",
4196 strerror(http->error)));
4197
4198 return (-1);
4199 }
4200
4201 buffer += bytes;
4202 tbytes += bytes;
4203 length -= bytes;
4204 }
4205
4206 #ifdef DEBUG
4207 http_debug_hex("http_write", buffer - tbytes, tbytes);
4208 #endif /* DEBUG */
4209
4210 DEBUG_printf(("3http_write: Returning %d.", tbytes));
4211
4212 return (tbytes);
4213 }
4214
4215
4216 /*
4217 * 'http_write_chunk()' - Write a chunked buffer.
4218 */
4219
4220 static int /* O - Number bytes written */
4221 http_write_chunk(http_t *http, /* I - Connection to server */
4222 const char *buffer, /* I - Buffer to write */
4223 int length) /* I - Length of buffer */
4224 {
4225 char header[255]; /* Chunk header */
4226 int bytes; /* Bytes written */
4227
4228
4229 DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=%d)",
4230 http, buffer, length));
4231
4232 /*
4233 * Write the chunk header, data, and trailer.
4234 */
4235
4236 sprintf(header, "%x\r\n", length);
4237 if (http_write(http, header, (int)strlen(header)) < 0)
4238 {
4239 DEBUG_puts("8http_write_chunk: http_write of length failed!");
4240 return (-1);
4241 }
4242
4243 if ((bytes = http_write(http, buffer, length)) < 0)
4244 {
4245 DEBUG_puts("8http_write_chunk: http_write of buffer failed!");
4246 return (-1);
4247 }
4248
4249 if (http_write(http, "\r\n", 2) < 0)
4250 {
4251 DEBUG_puts("8http_write_chunk: http_write of CR LF failed!");
4252 return (-1);
4253 }
4254
4255 return (bytes);
4256 }
4257
4258
4259 #ifdef HAVE_SSL
4260 /*
4261 * 'http_write_ssl()' - Write to a SSL/TLS connection.
4262 */
4263
4264 static int /* O - Bytes written */
4265 http_write_ssl(http_t *http, /* I - Connection to server */
4266 const char *buf, /* I - Buffer holding data */
4267 int len) /* I - Length of buffer */
4268 {
4269 ssize_t result; /* Return value */
4270
4271
4272 DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
4273
4274 # if defined(HAVE_LIBSSL)
4275 result = SSL_write((SSL *)(http->tls), buf, len);
4276
4277 # elif defined(HAVE_GNUTLS)
4278 result = gnutls_record_send(http->tls, buf, len);
4279
4280 if (result < 0 && !errno)
4281 {
4282 /*
4283 * Convert GNU TLS error to errno value...
4284 */
4285
4286 switch (result)
4287 {
4288 case GNUTLS_E_INTERRUPTED :
4289 errno = EINTR;
4290 break;
4291
4292 case GNUTLS_E_AGAIN :
4293 errno = EAGAIN;
4294 break;
4295
4296 default :
4297 errno = EPIPE;
4298 break;
4299 }
4300
4301 result = -1;
4302 }
4303
4304 # elif defined(HAVE_CDSASSL)
4305 OSStatus error; /* Error info */
4306 size_t processed; /* Number of bytes processed */
4307
4308
4309 error = SSLWrite(http->tls, buf, len, &processed);
4310
4311 switch (error)
4312 {
4313 case 0 :
4314 result = (int)processed;
4315 break;
4316 case errSSLClosedGraceful :
4317 result = 0;
4318 break;
4319 case errSSLWouldBlock :
4320 if (processed)
4321 result = (int)processed;
4322 else
4323 {
4324 result = -1;
4325 errno = EINTR;
4326 }
4327 break;
4328 default :
4329 errno = EPIPE;
4330 result = -1;
4331 break;
4332 }
4333 # elif defined(HAVE_SSPISSL)
4334 return _sspiWrite((_sspi_struct_t*) http->tls, (void*) buf, len);
4335 # endif /* HAVE_LIBSSL */
4336
4337 DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
4338
4339 return ((int)result);
4340 }
4341 #endif /* HAVE_SSL */
4342
4343
4344 /*
4345 * End of "$Id: http.c 7850 2008-08-20 00:07:25Z mike $".
4346 */
Unnamed repository; edit this file 'description' to name the repository.