]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/http.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge changes from CUPS 1.6svn-r9939.
[thirdparty/cups.git] / cups / http.c
1 /*
2 * "$Id: http.c 7850 2008-08-20 00:07:25Z mike $"
3 *
4 * HTTP routines for CUPS.
5 *
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * This file contains Kerberos support code, copyright 2006 by
10 * Jelmer Vernooij.
11 *
12 * These coded instructions, statements, and computer programs are the
13 * property of Apple Inc. and are protected by Federal copyright
14 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
15 * which should have been included with this file. If this file is
16 * file is missing or damaged, see the license at "http://www.cups.org/".
17 *
18 * This file is subject to the Apple OS-Developed Software exception.
19 *
20 * Contents:
21 *
22 * httpAddCredential() - Allocates and adds a single credential to an
23 * array.
24 * _httpBIOMethods() - Get the OpenSSL BIO methods for HTTP
25 * connections.
26 * httpBlocking() - Set blocking/non-blocking behavior on a
27 * connection.
28 * httpCheck() - Check to see if there is a pending response
29 * from the server.
30 * httpClearCookie() - Clear the cookie value(s).
31 * httpClearFields() - Clear HTTP request fields.
32 * httpClose() - Close an HTTP connection.
33 * httpConnect() - Connect to a HTTP server.
34 * httpConnectEncrypt() - Connect to a HTTP server using encryption.
35 * httpCopyCredentials() - Copy the credentials associated with an
36 * encrypted connection.
37 * _httpConvertCredentials() - Convert credentials to the internal format.
38 * _httpCreate() - Create an unconnected HTTP connection.
39 * httpDelete() - Send a DELETE request to the server.
40 * _httpDisconnect() - Disconnect a HTTP connection.
41 * httpEncryption() - Set the required encryption on the link.
42 * httpError() - Get the last error on a connection.
43 * httpFlush() - Flush data from a HTTP connection.
44 * httpFlushWrite() - Flush data in write buffer.
45 * _httpFreeCredentials() - Free internal credentials.
46 * httpFreeCredentials() - Free an array of credentials.
47 * httpGet() - Send a GET request to the server.
48 * httpGetAuthString() - Get the current authorization string.
49 * httpGetBlocking() - Get the blocking/non-block state of a
50 * connection.
51 * httpGetCookie() - Get any cookie data from the response.
52 * httpGetFd() - Get the file descriptor associated with a
53 * connection.
54 * httpGetField() - Get a field value from a request/response.
55 * httpGetLength() - Get the amount of data remaining from the
56 * content-length or transfer-encoding fields.
57 * httpGetLength2() - Get the amount of data remaining from the
58 * content-length or transfer-encoding fields.
59 * httpGetStatus() - Get the status of the last HTTP request.
60 * httpGetSubField() - Get a sub-field value.
61 * httpGetSubField2() - Get a sub-field value.
62 * httpGets() - Get a line of text from a HTTP connection.
63 * httpHead() - Send a HEAD request to the server.
64 * httpInitialize() - Initialize the HTTP interface library and set
65 * the default HTTP proxy (if any).
66 * httpOptions() - Send an OPTIONS request to the server.
67 * _httpPeek() - Peek at data from a HTTP connection.
68 * httpPost() - Send a POST request to the server.
69 * httpPrintf() - Print a formatted string to a HTTP connection.
70 * httpPut() - Send a PUT request to the server.
71 * httpRead() - Read data from a HTTP connection.
72 * httpRead2() - Read data from a HTTP connection.
73 * _httpReadCDSA() - Read function for the CDSA library.
74 * _httpReadGNUTLS() - Read function for the GNU TLS library.
75 * httpReconnect() - Reconnect to a HTTP server.
76 * httpSetAuthString() - Set the current authorization string.
77 * httpSetCredentials() - Set the credentials associated with an
78 * encrypted connection.
79 * httpSetCookie() - Set the cookie value(s).
80 * httpSetExpect() - Set the Expect: header in a request.
81 * httpSetField() - Set the value of an HTTP header.
82 * httpSetLength() - Set the content-length and content-encoding.
83 * httpSetTimeout() - Set read/write timeouts and an optional
84 * callback.
85 * httpTrace() - Send an TRACE request to the server.
86 * _httpUpdate() - Update the current HTTP status for incoming
87 * data.
88 * httpUpdate() - Update the current HTTP state for incoming
89 * data.
90 * _httpWait() - Wait for data available on a connection (no
91 * flush).
92 * httpWait() - Wait for data available on a connection.
93 * httpWrite() - Write data to a HTTP connection.
94 * httpWrite2() - Write data to a HTTP connection.
95 * _httpWriteCDSA() - Write function for the CDSA library.
96 * _httpWriteGNUTLS() - Write function for the GNU TLS library.
97 * http_bio_ctrl() - Control the HTTP connection.
98 * http_bio_free() - Free OpenSSL data.
99 * http_bio_new() - Initialize an OpenSSL BIO structure.
100 * http_bio_puts() - Send a string for OpenSSL.
101 * http_bio_read() - Read data for OpenSSL.
102 * http_bio_write() - Write data for OpenSSL.
103 * http_debug_hex() - Do a hex dump of a buffer.
104 * http_field() - Return the field index for a field name.
105 * http_read_ssl() - Read from a SSL/TLS connection.
106 * http_locking_cb() - Lock/unlock a thread's mutex.
107 * http_send() - Send a request with all fields and the trailing
108 * blank line.
109 * http_set_credentials() - Set the SSL/TLS credentials.
110 * http_setup_ssl() - Set up SSL/TLS support on a connection.
111 * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
112 * http_threadid_cb() - Return the current thread ID.
113 * http_upgrade() - Force upgrade to TLS encryption.
114 * http_write() - Write a buffer to a HTTP connection.
115 * http_write_chunk() - Write a chunked buffer.
116 * http_write_ssl() - Write to a SSL/TLS connection.
117 */
118
119 /*
120 * Include necessary headers...
121 */
122
123 #include "cups-private.h"
124 #include <fcntl.h>
125 #ifdef WIN32
126 # include <tchar.h>
127 #else
128 # include <signal.h>
129 # include <sys/time.h>
130 # include <sys/resource.h>
131 #endif /* WIN32 */
132 #ifdef HAVE_POLL
133 # include <sys/poll.h>
134 #endif /* HAVE_POLL */
135
136
137 /*
138 * Some operating systems have done away with the Fxxxx constants for
139 * the fcntl() call; this works around that "feature"...
140 */
141
142 #ifndef FNONBLK
143 # define FNONBLK O_NONBLOCK
144 #endif /* !FNONBLK */
145
146
147 /*
148 * Local functions...
149 */
150
151 #ifdef DEBUG
152 static void http_debug_hex(const char *prefix, const char *buffer,
153 int bytes);
154 #endif /* DEBUG */
155 static http_field_t http_field(const char *name);
156 static int http_send(http_t *http, http_state_t request,
157 const char *uri);
158 static int http_write(http_t *http, const char *buffer,
159 int length);
160 static int http_write_chunk(http_t *http, const char *buffer,
161 int length);
162 #ifdef HAVE_SSL
163 static int http_read_ssl(http_t *http, char *buf, int len);
164 # if defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
165 static int http_set_credentials(http_t *http);
166 # endif /* HAVE_CDSASSL ** HAVE_SECCERTIFICATECOPYDATA */
167 static int http_setup_ssl(http_t *http);
168 static void http_shutdown_ssl(http_t *http);
169 static int http_upgrade(http_t *http);
170 static int http_write_ssl(http_t *http, const char *buf, int len);
171 #endif /* HAVE_SSL */
172
173
174 /*
175 * Local globals...
176 */
177
178 static const char * const http_fields[] =
179 {
180 "Accept-Language",
181 "Accept-Ranges",
182 "Authorization",
183 "Connection",
184 "Content-Encoding",
185 "Content-Language",
186 "Content-Length",
187 "Content-Location",
188 "Content-MD5",
189 "Content-Range",
190 "Content-Type",
191 "Content-Version",
192 "Date",
193 "Host",
194 "If-Modified-Since",
195 "If-Unmodified-since",
196 "Keep-Alive",
197 "Last-Modified",
198 "Link",
199 "Location",
200 "Range",
201 "Referer",
202 "Retry-After",
203 "Transfer-Encoding",
204 "Upgrade",
205 "User-Agent",
206 "WWW-Authenticate"
207 };
208 #ifdef DEBUG
209 static const char * const http_states[] =
210 {
211 "HTTP_WAITING",
212 "HTTP_OPTIONS",
213 "HTTP_GET",
214 "HTTP_GET_SEND",
215 "HTTP_HEAD",
216 "HTTP_POST",
217 "HTTP_POST_RECV",
218 "HTTP_POST_SEND",
219 "HTTP_PUT",
220 "HTTP_PUT_RECV",
221 "HTTP_DELETE",
222 "HTTP_TRACE",
223 "HTTP_CLOSE",
224 "HTTP_STATUS"
225 };
226 #endif /* DEBUG */
227
228
229 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
230 /*
231 * BIO methods for OpenSSL...
232 */
233
234 static int http_bio_write(BIO *h, const char *buf, int num);
235 static int http_bio_read(BIO *h, char *buf, int size);
236 static int http_bio_puts(BIO *h, const char *str);
237 static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
238 static int http_bio_new(BIO *h);
239 static int http_bio_free(BIO *data);
240
241 static BIO_METHOD http_bio_methods =
242 {
243 BIO_TYPE_SOCKET,
244 "http",
245 http_bio_write,
246 http_bio_read,
247 http_bio_puts,
248 NULL, /* http_bio_gets, */
249 http_bio_ctrl,
250 http_bio_new,
251 http_bio_free,
252 NULL,
253 };
254 #endif /* HAVE_SSL && HAVE_LIBSSL */
255
256
257 /*
258 * 'httpAddCredential()' - Allocates and adds a single credential to an array.
259 *
260 * Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array.
261 *
262 * @since CUPS 1.5/Mac OS X 10.7@
263 */
264
265 int /* O - 0 on success, -1 on error */
266 httpAddCredential(
267 cups_array_t *credentials, /* I - Credentials array */
268 const void *data, /* I - PEM-encoded X.509 data */
269 size_t datalen) /* I - Length of data */
270 {
271 http_credential_t *credential; /* Credential data */
272
273
274 if ((credential = malloc(sizeof(http_credential_t))) != NULL)
275 {
276 credential->datalen = datalen;
277
278 if ((credential->data = malloc(datalen)) != NULL)
279 {
280 memcpy(credential->data, data, datalen);
281 cupsArrayAdd(credentials, credential);
282 return (0);
283 }
284
285 free(credential);
286 }
287
288 return (-1);
289 }
290
291
292 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
293 /*
294 * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
295 */
296
297 BIO_METHOD * /* O - BIO methods for OpenSSL */
298 _httpBIOMethods(void)
299 {
300 return (&http_bio_methods);
301 }
302 #endif /* HAVE_SSL && HAVE_LIBSSL */
303
304
305 /*
306 * 'httpBlocking()' - Set blocking/non-blocking behavior on a connection.
307 */
308
309 void
310 httpBlocking(http_t *http, /* I - Connection to server */
311 int b) /* I - 1 = blocking, 0 = non-blocking */
312 {
313 if (http)
314 http->blocking = b;
315 }
316
317
318 /*
319 * 'httpCheck()' - Check to see if there is a pending response from the server.
320 */
321
322 int /* O - 0 = no data, 1 = data available */
323 httpCheck(http_t *http) /* I - Connection to server */
324 {
325 return (httpWait(http, 0));
326 }
327
328
329 /*
330 * 'httpClearCookie()' - Clear the cookie value(s).
331 *
332 * @since CUPS 1.1.19/Mac OS X 10.3@
333 */
334
335 void
336 httpClearCookie(http_t *http) /* I - Connection to server */
337 {
338 if (!http)
339 return;
340
341 if (http->cookie)
342 {
343 free(http->cookie);
344 http->cookie = NULL;
345 }
346 }
347
348
349 /*
350 * 'httpClearFields()' - Clear HTTP request fields.
351 */
352
353 void
354 httpClearFields(http_t *http) /* I - Connection to server */
355 {
356 if (http)
357 {
358 memset(http->fields, 0, sizeof(http->fields));
359 if (http->hostname[0] == '/')
360 httpSetField(http, HTTP_FIELD_HOST, "localhost");
361 else
362 httpSetField(http, HTTP_FIELD_HOST, http->hostname);
363
364 if (http->field_authorization)
365 {
366 free(http->field_authorization);
367 http->field_authorization = NULL;
368 }
369
370 http->expect = (http_status_t)0;
371 }
372 }
373
374
375 /*
376 * 'httpClose()' - Close an HTTP connection.
377 */
378
379 void
380 httpClose(http_t *http) /* I - Connection to server */
381 {
382 #ifdef HAVE_GSSAPI
383 OM_uint32 minor_status; /* Minor status code */
384 #endif /* HAVE_GSSAPI */
385
386
387 DEBUG_printf(("httpClose(http=%p)", http));
388
389 /*
390 * Range check input...
391 */
392
393 if (!http)
394 return;
395
396 /*
397 * Close any open connection...
398 */
399
400 _httpDisconnect(http);
401
402 /*
403 * Free memory used...
404 */
405
406 httpAddrFreeList(http->addrlist);
407
408 if (http->cookie)
409 free(http->cookie);
410
411 #ifdef HAVE_GSSAPI
412 if (http->gssctx != GSS_C_NO_CONTEXT)
413 gss_delete_sec_context(&minor_status, &http->gssctx, GSS_C_NO_BUFFER);
414
415 if (http->gssname != GSS_C_NO_NAME)
416 gss_release_name(&minor_status, &http->gssname);
417 #endif /* HAVE_GSSAPI */
418
419 #ifdef HAVE_AUTHORIZATION_H
420 if (http->auth_ref)
421 AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults);
422 #endif /* HAVE_AUTHORIZATION_H */
423
424 httpClearFields(http);
425
426 if (http->authstring && http->authstring != http->_authstring)
427 free(http->authstring);
428
429 free(http);
430 }
431
432
433 /*
434 * 'httpConnect()' - Connect to a HTTP server.
435 *
436 * This function is deprecated - use @link httpConnectEncrypt@ instead.
437 *
438 * @deprecated@
439 */
440
441 http_t * /* O - New HTTP connection */
442 httpConnect(const char *host, /* I - Host to connect to */
443 int port) /* I - Port number */
444 {
445 return (httpConnectEncrypt(host, port, HTTP_ENCRYPT_IF_REQUESTED));
446 }
447
448
449 /*
450 * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
451 */
452
453 http_t * /* O - New HTTP connection */
454 httpConnectEncrypt(
455 const char *host, /* I - Host to connect to */
456 int port, /* I - Port number */
457 http_encryption_t encryption) /* I - Type of encryption to use */
458 {
459 http_t *http; /* New HTTP connection */
460
461
462 DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)",
463 host, port, encryption));
464
465 /*
466 * Create the HTTP structure...
467 */
468
469 if ((http = _httpCreate(host, port, NULL, encryption, AF_UNSPEC)) == NULL)
470 return (NULL);
471
472 /*
473 * Connect to the remote system...
474 */
475
476 if (!httpReconnect(http))
477 return (http);
478
479 /*
480 * Could not connect to any known address - bail out!
481 */
482
483 httpAddrFreeList(http->addrlist);
484
485 free(http);
486
487 return (NULL);
488 }
489
490
491 /*
492 * 'httpCopyCredentials()' - Copy the credentials associated with an encrypted
493 * connection.
494 *
495 * @since CUPS 1.5/Mac OS X 10.7@
496 */
497
498 int /* O - Status of call (0 = success) */
499 httpCopyCredentials(
500 http_t *http, /* I - Connection to server */
501 cups_array_t **credentials) /* O - Array of credentials */
502 {
503 # ifdef HAVE_LIBSSL
504 # elif defined(HAVE_GNUTLS)
505 # elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
506 OSStatus error; /* Error code */
507 CFIndex count; /* Number of credentials */
508 CFArrayRef peerCerts; /* Peer certificates */
509 SecCertificateRef secCert; /* Certificate reference */
510 CFDataRef data; /* Certificate data */
511 int i; /* Looping var */
512 # elif defined(HAVE_SSPISSL)
513 # endif /* HAVE_LIBSSL */
514
515
516 if (credentials)
517 *credentials = NULL;
518
519 if (!http || !http->tls || !credentials)
520 return (-1);
521
522 # ifdef HAVE_LIBSSL
523 return (-1);
524
525 # elif defined(HAVE_GNUTLS)
526 return (-1);
527
528 # elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
529 if (!(error = SSLCopyPeerCertificates(http->tls, &peerCerts)) && peerCerts)
530 {
531 if ((*credentials = cupsArrayNew(NULL, NULL)) != NULL)
532 {
533 for (i = 0, count = CFArrayGetCount(peerCerts); i < count; i++)
534 {
535 secCert = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
536 if ((data = SecCertificateCopyData(secCert)))
537 {
538 httpAddCredential(*credentials, CFDataGetBytePtr(data),
539 CFDataGetLength(data));
540 CFRelease(data);
541 }
542 }
543 }
544
545 CFRelease(peerCerts);
546 }
547
548 return (error);
549
550 # elif defined(HAVE_SSPISSL)
551 return (-1);
552
553 # else
554 return (-1);
555 # endif /* HAVE_LIBSSL */
556 }
557
558
559 /*
560 * '_httpConvertCredentials()' - Convert credentials to the internal format.
561 */
562
563 http_tls_credentials_t /* O - Internal credentials */
564 _httpConvertCredentials(
565 cups_array_t *credentials) /* I - Array of credentials */
566 {
567 if (!credentials)
568 return (NULL);
569
570 # ifdef HAVE_LIBSSL
571 return (NULL);
572
573 # elif defined(HAVE_GNUTLS)
574 return (NULL);
575
576 # elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
577 CFMutableArrayRef peerCerts; /* Peer credentials reference */
578 SecCertificateRef secCert; /* Certificate reference */
579 CFDataRef data; /* Credential data reference */
580 http_credential_t *credential; /* Credential data */
581
582
583 if ((peerCerts = CFArrayCreateMutable(kCFAllocatorDefault,
584 cupsArrayCount(credentials),
585 &kCFTypeArrayCallBacks)) == NULL)
586 return (NULL);
587
588 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
589 credential;
590 credential = (http_credential_t *)cupsArrayNext(credentials))
591 {
592 if ((data = CFDataCreate(kCFAllocatorDefault, credential->data,
593 credential->datalen)))
594 {
595 if ((secCert = SecCertificateCreateWithData(kCFAllocatorDefault, data))
596 != NULL)
597 {
598 CFArrayAppendValue(peerCerts, secCert);
599 CFRelease(secCert);
600 }
601
602 CFRelease(data);
603 }
604 }
605
606 return (peerCerts);
607
608 # elif defined(HAVE_SSPISSL)
609 return (NULL);
610
611 # else
612 return (NULL);
613 # endif /* HAVE_LIBSSL */
614 }
615
616
617 /*
618 * '_httpCreate()' - Create an unconnected HTTP connection.
619 */
620
621 http_t * /* O - HTTP connection */
622 _httpCreate(
623 const char *host, /* I - Hostname */
624 int port, /* I - Port number */
625 http_addrlist_t *addrlist, /* I - Address list or NULL */
626 http_encryption_t encryption, /* I - Encryption to use */
627 int family) /* I - Address family or AF_UNSPEC */
628 {
629 http_t *http; /* New HTTP connection */
630 char service[255]; /* Service name */
631
632
633 DEBUG_printf(("4_httpCreate(host=\"%s\", port=%d, encryption=%d)",
634 host, port, encryption));
635
636 if (!host)
637 return (NULL);
638
639 httpInitialize();
640
641 /*
642 * Lookup the host...
643 */
644
645 sprintf(service, "%d", port);
646
647 if (!addrlist)
648 if ((addrlist = httpAddrGetList(host, family, service)) == NULL)
649 return (NULL);
650
651 /*
652 * Allocate memory for the structure...
653 */
654
655 if ((http = calloc(sizeof(http_t), 1)) == NULL)
656 {
657 httpAddrFreeList(addrlist);
658 return (NULL);
659 }
660
661 /*
662 * Initialize the HTTP data...
663 */
664
665 http->activity = time(NULL);
666 http->addrlist = addrlist;
667 http->blocking = 1;
668 http->fd = -1;
669 #ifdef HAVE_GSSAPI
670 http->gssctx = GSS_C_NO_CONTEXT;
671 http->gssname = GSS_C_NO_NAME;
672 #endif /* HAVE_GSSAPI */
673 http->version = HTTP_1_1;
674
675 strlcpy(http->hostname, host, sizeof(http->hostname));
676
677 if (port == 443) /* Always use encryption for https */
678 http->encryption = HTTP_ENCRYPT_ALWAYS;
679 else
680 http->encryption = encryption;
681
682 /*
683 * Return the new structure...
684 */
685
686 return (http);
687 }
688
689
690 /*
691 * 'httpDelete()' - Send a DELETE request to the server.
692 */
693
694 int /* O - Status of call (0 = success) */
695 httpDelete(http_t *http, /* I - Connection to server */
696 const char *uri) /* I - URI to delete */
697 {
698 return (http_send(http, HTTP_DELETE, uri));
699 }
700
701
702 /*
703 * '_httpDisconnect()' - Disconnect a HTTP connection.
704 */
705
706 void
707 _httpDisconnect(http_t *http) /* I - Connection to server */
708 {
709 #ifdef HAVE_SSL
710 if (http->tls)
711 http_shutdown_ssl(http);
712 #endif /* HAVE_SSL */
713
714 #ifdef WIN32
715 closesocket(http->fd);
716 #else
717 close(http->fd);
718 #endif /* WIN32 */
719
720 http->fd = -1;
721 }
722
723
724 /*
725 * 'httpEncryption()' - Set the required encryption on the link.
726 */
727
728 int /* O - -1 on error, 0 on success */
729 httpEncryption(http_t *http, /* I - Connection to server */
730 http_encryption_t e) /* I - New encryption preference */
731 {
732 DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
733
734 #ifdef HAVE_SSL
735 if (!http)
736 return (0);
737
738 http->encryption = e;
739
740 if ((http->encryption == HTTP_ENCRYPT_ALWAYS && !http->tls) ||
741 (http->encryption == HTTP_ENCRYPT_NEVER && http->tls))
742 return (httpReconnect(http));
743 else if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
744 return (http_upgrade(http));
745 else
746 return (0);
747 #else
748 if (e == HTTP_ENCRYPT_ALWAYS || e == HTTP_ENCRYPT_REQUIRED)
749 return (-1);
750 else
751 return (0);
752 #endif /* HAVE_SSL */
753 }
754
755
756 /*
757 * 'httpError()' - Get the last error on a connection.
758 */
759
760 int /* O - Error code (errno) value */
761 httpError(http_t *http) /* I - Connection to server */
762 {
763 if (http)
764 return (http->error);
765 else
766 return (EINVAL);
767 }
768
769
770 /*
771 * 'httpFlush()' - Flush data from a HTTP connection.
772 */
773
774 void
775 httpFlush(http_t *http) /* I - Connection to server */
776 {
777 char buffer[8192]; /* Junk buffer */
778 int blocking; /* To block or not to block */
779 http_state_t oldstate; /* Old state */
780
781
782 DEBUG_printf(("httpFlush(http=%p), state=%s", http,
783 http_states[http->state]));
784
785 /*
786 * Temporarily set non-blocking mode so we don't get stuck in httpRead()...
787 */
788
789 blocking = http->blocking;
790 http->blocking = 0;
791
792 /*
793 * Read any data we can...
794 */
795
796 oldstate = http->state;
797 while (httpRead2(http, buffer, sizeof(buffer)) > 0);
798
799 /*
800 * Restore blocking and reset the connection if we didn't get all of
801 * the remaining data...
802 */
803
804 http->blocking = blocking;
805
806 if (http->state == oldstate && http->state != HTTP_WAITING && http->fd >= 0)
807 {
808 /*
809 * Didn't get the data back, so close the current connection.
810 */
811
812 http->state = HTTP_WAITING;
813
814 #ifdef HAVE_SSL
815 if (http->tls)
816 http_shutdown_ssl(http);
817 #endif /* HAVE_SSL */
818
819 #ifdef WIN32
820 closesocket(http->fd);
821 #else
822 close(http->fd);
823 #endif /* WIN32 */
824
825 http->fd = -1;
826 }
827 }
828
829
830 /*
831 * 'httpFlushWrite()' - Flush data in write buffer.
832 *
833 * @since CUPS 1.2/Mac OS X 10.5@
834 */
835
836 int /* O - Bytes written or -1 on error */
837 httpFlushWrite(http_t *http) /* I - Connection to server */
838 {
839 int bytes; /* Bytes written */
840
841
842 DEBUG_printf(("httpFlushWrite(http=%p)", http));
843
844 if (!http || !http->wused)
845 {
846 DEBUG_puts(http ? "1httpFlushWrite: Write buffer is empty." :
847 "1httpFlushWrite: No connection.");
848 return (0);
849 }
850
851 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
852 bytes = http_write_chunk(http, http->wbuffer, http->wused);
853 else
854 bytes = http_write(http, http->wbuffer, http->wused);
855
856 http->wused = 0;
857
858 DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", bytes, errno));
859
860 return (bytes);
861 }
862
863
864 /*
865 * '_httpFreeCredentials()' - Free internal credentials.
866 */
867
868 void
869 _httpFreeCredentials(
870 http_tls_credentials_t credentials) /* I - Internal credentials */
871 {
872 if (!credentials)
873 return;
874
875 #ifdef HAVE_LIBSSL
876 (void)credentials;
877
878 #elif defined(HAVE_GNUTLS)
879 (void)credentials;
880
881 #elif defined(HAVE_CDSASSL)
882 CFRelease(credentials);
883
884 #elif defined(HAVE_SSPISSL)
885 (void)credentials;
886
887 #endif /* HAVE_LIBSSL */
888 }
889
890
891 /*
892 * 'httpFreeCredentials()' - Free an array of credentials.
893 */
894
895 void
896 httpFreeCredentials(
897 cups_array_t *credentials) /* I - Array of credentials */
898 {
899 http_credential_t *credential; /* Credential */
900
901
902 for (credential = (http_credential_t *)cupsArrayFirst(credentials);
903 credential;
904 credential = (http_credential_t *)cupsArrayNext(credentials))
905 {
906 cupsArrayRemove(credentials, credential);
907 free((void *)credential->data);
908 free(credential);
909 }
910
911 cupsArrayDelete(credentials);
912 }
913
914
915 /*
916 * 'httpGet()' - Send a GET request to the server.
917 */
918
919 int /* O - Status of call (0 = success) */
920 httpGet(http_t *http, /* I - Connection to server */
921 const char *uri) /* I - URI to get */
922 {
923 return (http_send(http, HTTP_GET, uri));
924 }
925
926
927 /*
928 * 'httpGetAuthString()' - Get the current authorization string.
929 *
930 * The authorization string is set by cupsDoAuthentication() and
931 * httpSetAuthString(). Use httpGetAuthString() to retrieve the
932 * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
933 * value.
934 *
935 * @since CUPS 1.3/Mac OS X 10.5@
936 */
937
938 char * /* O - Authorization string */
939 httpGetAuthString(http_t *http) /* I - Connection to server */
940 {
941 if (http)
942 return (http->authstring);
943 else
944 return (NULL);
945 }
946
947
948 /*
949 * 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
950 *
951 * @since CUPS 1.2/Mac OS X 10.5@
952 */
953
954 int /* O - 1 if blocking, 0 if non-blocking */
955 httpGetBlocking(http_t *http) /* I - Connection to server */
956 {
957 return (http ? http->blocking : 0);
958 }
959
960
961 /*
962 * 'httpGetCookie()' - Get any cookie data from the response.
963 *
964 * @since CUPS 1.1.19/Mac OS X 10.3@
965 */
966
967 const char * /* O - Cookie data or NULL */
968 httpGetCookie(http_t *http) /* I - HTTP connecion */
969 {
970 return (http ? http->cookie : NULL);
971 }
972
973
974 /*
975 * 'httpGetFd()' - Get the file descriptor associated with a connection.
976 *
977 * @since CUPS 1.2/Mac OS X 10.5@
978 */
979
980 int /* O - File descriptor or -1 if none */
981 httpGetFd(http_t *http) /* I - Connection to server */
982 {
983 return (http ? http->fd : -1);
984 }
985
986
987 /*
988 * 'httpGetField()' - Get a field value from a request/response.
989 */
990
991 const char * /* O - Field value */
992 httpGetField(http_t *http, /* I - Connection to server */
993 http_field_t field) /* I - Field to get */
994 {
995 if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
996 return (NULL);
997 else if (field == HTTP_FIELD_AUTHORIZATION &&
998 http->field_authorization)
999 {
1000 /*
1001 * Special case for WWW-Authenticate: as its contents can be
1002 * longer than HTTP_MAX_VALUE...
1003 */
1004
1005 return (http->field_authorization);
1006 }
1007 else
1008 return (http->fields[field]);
1009 }
1010
1011
1012 /*
1013 * 'httpGetLength()' - Get the amount of data remaining from the
1014 * content-length or transfer-encoding fields.
1015 *
1016 * This function is deprecated and will not return lengths larger than
1017 * 2^31 - 1; use httpGetLength2() instead.
1018 *
1019 * @deprecated@
1020 */
1021
1022 int /* O - Content length */
1023 httpGetLength(http_t *http) /* I - Connection to server */
1024 {
1025 /*
1026 * Get the read content length and return the 32-bit value.
1027 */
1028
1029 if (http)
1030 {
1031 httpGetLength2(http);
1032
1033 return (http->_data_remaining);
1034 }
1035 else
1036 return (-1);
1037 }
1038
1039
1040 /*
1041 * 'httpGetLength2()' - Get the amount of data remaining from the
1042 * content-length or transfer-encoding fields.
1043 *
1044 * This function returns the complete content length, even for
1045 * content larger than 2^31 - 1.
1046 *
1047 * @since CUPS 1.2/Mac OS X 10.5@
1048 */
1049
1050 off_t /* O - Content length */
1051 httpGetLength2(http_t *http) /* I - Connection to server */
1052 {
1053 DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
1054 http_states[http->state]));
1055
1056 if (!http)
1057 return (-1);
1058
1059 if (!_cups_strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
1060 {
1061 DEBUG_puts("4httpGetLength2: chunked request!");
1062
1063 http->data_encoding = HTTP_ENCODE_CHUNKED;
1064 http->data_remaining = 0;
1065 }
1066 else
1067 {
1068 http->data_encoding = HTTP_ENCODE_LENGTH;
1069
1070 /*
1071 * The following is a hack for HTTP servers that don't send a
1072 * content-length or transfer-encoding field...
1073 *
1074 * If there is no content-length then the connection must close
1075 * after the transfer is complete...
1076 */
1077
1078 if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
1079 {
1080 /*
1081 * Default content length is 0 for errors and 2^31-1 for other
1082 * successful requests...
1083 */
1084
1085 if (http->status >= HTTP_MULTIPLE_CHOICES)
1086 http->data_remaining = 0;
1087 else
1088 http->data_remaining = 2147483647;
1089 }
1090 else
1091 http->data_remaining = strtoll(http->fields[HTTP_FIELD_CONTENT_LENGTH],
1092 NULL, 10);
1093
1094 DEBUG_printf(("4httpGetLength2: content_length=" CUPS_LLFMT,
1095 CUPS_LLCAST http->data_remaining));
1096 }
1097
1098 if (http->data_remaining <= INT_MAX)
1099 http->_data_remaining = (int)http->data_remaining;
1100 else
1101 http->_data_remaining = INT_MAX;
1102
1103 return (http->data_remaining);
1104 }
1105
1106
1107 /*
1108 * 'httpGetStatus()' - Get the status of the last HTTP request.
1109 *
1110 * @since CUPS 1.2/Mac OS X 10.5@
1111 */
1112
1113 http_status_t /* O - HTTP status */
1114 httpGetStatus(http_t *http) /* I - Connection to server */
1115 {
1116 return (http ? http->status : HTTP_ERROR);
1117 }
1118
1119
1120 /*
1121 * 'httpGetSubField()' - Get a sub-field value.
1122 *
1123 * @deprecated@
1124 */
1125
1126 char * /* O - Value or NULL */
1127 httpGetSubField(http_t *http, /* I - Connection to server */
1128 http_field_t field, /* I - Field index */
1129 const char *name, /* I - Name of sub-field */
1130 char *value) /* O - Value string */
1131 {
1132 return (httpGetSubField2(http, field, name, value, HTTP_MAX_VALUE));
1133 }
1134
1135
1136 /*
1137 * 'httpGetSubField2()' - Get a sub-field value.
1138 *
1139 * @since CUPS 1.2/Mac OS X 10.5@
1140 */
1141
1142 char * /* O - Value or NULL */
1143 httpGetSubField2(http_t *http, /* I - Connection to server */
1144 http_field_t field, /* I - Field index */
1145 const char *name, /* I - Name of sub-field */
1146 char *value, /* O - Value string */
1147 int valuelen) /* I - Size of value buffer */
1148 {
1149 const char *fptr; /* Pointer into field */
1150 char temp[HTTP_MAX_VALUE], /* Temporary buffer for name */
1151 *ptr, /* Pointer into string buffer */
1152 *end; /* End of value buffer */
1153
1154 DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
1155 "valuelen=%d)", http, field, name, value, valuelen));
1156
1157 if (!http || !name || !value || valuelen < 2 ||
1158 field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
1159 return (NULL);
1160
1161 end = value + valuelen - 1;
1162
1163 for (fptr = http->fields[field]; *fptr;)
1164 {
1165 /*
1166 * Skip leading whitespace...
1167 */
1168
1169 while (_cups_isspace(*fptr))
1170 fptr ++;
1171
1172 if (*fptr == ',')
1173 {
1174 fptr ++;
1175 continue;
1176 }
1177
1178 /*
1179 * Get the sub-field name...
1180 */
1181
1182 for (ptr = temp;
1183 *fptr && *fptr != '=' && !_cups_isspace(*fptr) &&
1184 ptr < (temp + sizeof(temp) - 1);
1185 *ptr++ = *fptr++);
1186
1187 *ptr = '\0';
1188
1189 DEBUG_printf(("4httpGetSubField2: name=\"%s\"", temp));
1190
1191 /*
1192 * Skip trailing chars up to the '='...
1193 */
1194
1195 while (_cups_isspace(*fptr))
1196 fptr ++;
1197
1198 if (!*fptr)
1199 break;
1200
1201 if (*fptr != '=')
1202 continue;
1203
1204 /*
1205 * Skip = and leading whitespace...
1206 */
1207
1208 fptr ++;
1209
1210 while (_cups_isspace(*fptr))
1211 fptr ++;
1212
1213 if (*fptr == '\"')
1214 {
1215 /*
1216 * Read quoted string...
1217 */
1218
1219 for (ptr = value, fptr ++;
1220 *fptr && *fptr != '\"' && ptr < end;
1221 *ptr++ = *fptr++);
1222
1223 *ptr = '\0';
1224
1225 while (*fptr && *fptr != '\"')
1226 fptr ++;
1227
1228 if (*fptr)
1229 fptr ++;
1230 }
1231 else
1232 {
1233 /*
1234 * Read unquoted string...
1235 */
1236
1237 for (ptr = value;
1238 *fptr && !_cups_isspace(*fptr) && *fptr != ',' && ptr < end;
1239 *ptr++ = *fptr++);
1240
1241 *ptr = '\0';
1242
1243 while (*fptr && !_cups_isspace(*fptr) && *fptr != ',')
1244 fptr ++;
1245 }
1246
1247 DEBUG_printf(("4httpGetSubField2: value=\"%s\"", value));
1248
1249 /*
1250 * See if this is the one...
1251 */
1252
1253 if (!strcmp(name, temp))
1254 {
1255 DEBUG_printf(("3httpGetSubField2: Returning \"%s\"", value));
1256 return (value);
1257 }
1258 }
1259
1260 value[0] = '\0';
1261
1262 DEBUG_puts("3httpGetSubField2: Returning NULL");
1263
1264 return (NULL);
1265 }
1266
1267
1268 /*
1269 * 'httpGets()' - Get a line of text from a HTTP connection.
1270 */
1271
1272 char * /* O - Line or NULL */
1273 httpGets(char *line, /* I - Line to read into */
1274 int length, /* I - Max length of buffer */
1275 http_t *http) /* I - Connection to server */
1276 {
1277 char *lineptr, /* Pointer into line */
1278 *lineend, /* End of line */
1279 *bufptr, /* Pointer into input buffer */
1280 *bufend; /* Pointer to end of buffer */
1281 int bytes, /* Number of bytes read */
1282 eol; /* End-of-line? */
1283
1284
1285 DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
1286
1287 if (http == NULL || line == NULL)
1288 return (NULL);
1289
1290 /*
1291 * Read a line from the buffer...
1292 */
1293
1294 http->error = 0;
1295 lineptr = line;
1296 lineend = line + length - 1;
1297 eol = 0;
1298
1299 while (lineptr < lineend)
1300 {
1301 /*
1302 * Pre-load the buffer as needed...
1303 */
1304
1305 #ifdef WIN32
1306 WSASetLastError(0);
1307 #else
1308 errno = 0;
1309 #endif /* WIN32 */
1310
1311 while (http->used == 0)
1312 {
1313 /*
1314 * No newline; see if there is more data to be read...
1315 */
1316
1317 while (!_httpWait(http, http->blocking ? 30000 : 10000, 1))
1318 {
1319 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
1320 continue;
1321
1322 DEBUG_puts("3httpGets: Timed out!");
1323 #ifdef WIN32
1324 http->error = WSAETIMEDOUT;
1325 #else
1326 http->error = ETIMEDOUT;
1327 #endif /* WIN32 */
1328 return (NULL);
1329 }
1330
1331 #ifdef HAVE_SSL
1332 if (http->tls)
1333 bytes = http_read_ssl(http, http->buffer + http->used,
1334 HTTP_MAX_BUFFER - http->used);
1335 else
1336 #endif /* HAVE_SSL */
1337 bytes = recv(http->fd, http->buffer + http->used,
1338 HTTP_MAX_BUFFER - http->used, 0);
1339
1340 DEBUG_printf(("4httpGets: read %d bytes...", bytes));
1341
1342 if (bytes < 0)
1343 {
1344 /*
1345 * Nope, can't get a line this time...
1346 */
1347
1348 #ifdef WIN32
1349 DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
1350
1351 if (WSAGetLastError() == WSAEINTR)
1352 continue;
1353 else if (WSAGetLastError() == WSAEWOULDBLOCK)
1354 {
1355 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
1356 continue;
1357
1358 http->error = WSAGetLastError();
1359 }
1360 else if (WSAGetLastError() != http->error)
1361 {
1362 http->error = WSAGetLastError();
1363 continue;
1364 }
1365
1366 #else
1367 DEBUG_printf(("3httpGets: recv() error %d!", errno));
1368
1369 if (errno == EINTR)
1370 continue;
1371 else if (errno == EWOULDBLOCK || errno == EAGAIN)
1372 {
1373 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
1374 continue;
1375 else if (!http->timeout_cb && errno == EAGAIN)
1376 continue;
1377
1378 http->error = errno;
1379 }
1380 else if (errno != http->error)
1381 {
1382 http->error = errno;
1383 continue;
1384 }
1385 #endif /* WIN32 */
1386
1387 return (NULL);
1388 }
1389 else if (bytes == 0)
1390 {
1391 http->error = EPIPE;
1392
1393 return (NULL);
1394 }
1395
1396 /*
1397 * Yup, update the amount used...
1398 */
1399
1400 http->used += bytes;
1401 }
1402
1403 /*
1404 * Now copy as much of the current line as possible...
1405 */
1406
1407 for (bufptr = http->buffer, bufend = http->buffer + http->used;
1408 lineptr < lineend && bufptr < bufend;)
1409 {
1410 if (*bufptr == 0x0a)
1411 {
1412 eol = 1;
1413 bufptr ++;
1414 break;
1415 }
1416 else if (*bufptr == 0x0d)
1417 bufptr ++;
1418 else
1419 *lineptr++ = *bufptr++;
1420 }
1421
1422 http->used -= (int)(bufptr - http->buffer);
1423 if (http->used > 0)
1424 memmove(http->buffer, bufptr, http->used);
1425
1426 if (eol)
1427 {
1428 /*
1429 * End of line...
1430 */
1431
1432 http->activity = time(NULL);
1433
1434 *lineptr = '\0';
1435
1436 DEBUG_printf(("3httpGets: Returning \"%s\"", line));
1437
1438 return (line);
1439 }
1440 }
1441
1442 DEBUG_puts("3httpGets: No new line available!");
1443
1444 return (NULL);
1445 }
1446
1447
1448 /*
1449 * 'httpHead()' - Send a HEAD request to the server.
1450 */
1451
1452 int /* O - Status of call (0 = success) */
1453 httpHead(http_t *http, /* I - Connection to server */
1454 const char *uri) /* I - URI for head */
1455 {
1456 DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
1457 return (http_send(http, HTTP_HEAD, uri));
1458 }
1459
1460
1461 /*
1462 * 'httpInitialize()' - Initialize the HTTP interface library and set the
1463 * default HTTP proxy (if any).
1464 */
1465
1466 void
1467 httpInitialize(void)
1468 {
1469 static int initialized = 0; /* Have we been called before? */
1470 #ifdef WIN32
1471 WSADATA winsockdata; /* WinSock data */
1472 #endif /* WIN32 */
1473 #ifdef HAVE_LIBSSL
1474 int i; /* Looping var */
1475 unsigned char data[1024]; /* Seed data */
1476 #endif /* HAVE_LIBSSL */
1477
1478
1479 _cupsGlobalLock();
1480 if (initialized)
1481 {
1482 _cupsGlobalUnlock();
1483 return;
1484 }
1485
1486 #ifdef WIN32
1487 WSAStartup(MAKEWORD(2,2), &winsockdata);
1488
1489 #elif !defined(SO_NOSIGPIPE)
1490 /*
1491 * Ignore SIGPIPE signals...
1492 */
1493
1494 # ifdef HAVE_SIGSET
1495 sigset(SIGPIPE, SIG_IGN);
1496
1497 # elif defined(HAVE_SIGACTION)
1498 struct sigaction action; /* POSIX sigaction data */
1499
1500
1501 memset(&action, 0, sizeof(action));
1502 action.sa_handler = SIG_IGN;
1503 sigaction(SIGPIPE, &action, NULL);
1504
1505 # else
1506 signal(SIGPIPE, SIG_IGN);
1507 # endif /* !SO_NOSIGPIPE */
1508 #endif /* WIN32 */
1509
1510 #ifdef HAVE_GNUTLS
1511 /*
1512 * Initialize GNU TLS...
1513 */
1514
1515 gnutls_global_init();
1516
1517 #elif defined(HAVE_LIBSSL)
1518 /*
1519 * Initialize OpenSSL...
1520 */
1521
1522 SSL_load_error_strings();
1523 SSL_library_init();
1524
1525 /*
1526 * Using the current time is a dubious random seed, but on some systems
1527 * it is the best we can do (on others, this seed isn't even used...)
1528 */
1529
1530 CUPS_SRAND(time(NULL));
1531
1532 for (i = 0; i < sizeof(data); i ++)
1533 data[i] = CUPS_RAND();
1534
1535 RAND_seed(data, sizeof(data));
1536 #endif /* HAVE_GNUTLS */
1537
1538 initialized = 1;
1539 _cupsGlobalUnlock();
1540 }
1541
1542
1543 /*
1544 * 'httpOptions()' - Send an OPTIONS request to the server.
1545 */
1546
1547 int /* O - Status of call (0 = success) */
1548 httpOptions(http_t *http, /* I - Connection to server */
1549 const char *uri) /* I - URI for options */
1550 {
1551 return (http_send(http, HTTP_OPTIONS, uri));
1552 }
1553
1554
1555 /*
1556 * '_httpPeek()' - Peek at data from a HTTP connection.
1557 *
1558 * This function copies available data from the given HTTP connection, reading
1559 * a buffer as needed. The data is still available for reading using
1560 * @link httpRead@ or @link httpRead2@.
1561 *
1562 * For non-blocking connections the usual timeouts apply.
1563 */
1564
1565 ssize_t /* O - Number of bytes copied */
1566 _httpPeek(http_t *http, /* I - Connection to server */
1567 char *buffer, /* I - Buffer for data */
1568 size_t length) /* I - Maximum number of bytes */
1569 {
1570 ssize_t bytes; /* Bytes read */
1571 char len[32]; /* Length string */
1572
1573
1574 DEBUG_printf(("_httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
1575 http, buffer, CUPS_LLCAST length));
1576
1577 if (http == NULL || buffer == NULL)
1578 return (-1);
1579
1580 http->activity = time(NULL);
1581 http->error = 0;
1582
1583 if (length <= 0)
1584 return (0);
1585
1586 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1587 http->data_remaining <= 0)
1588 {
1589 DEBUG_puts("2_httpPeek: Getting chunk length...");
1590
1591 if (httpGets(len, sizeof(len), http) == NULL)
1592 {
1593 DEBUG_puts("1_httpPeek: Could not get length!");
1594 return (0);
1595 }
1596
1597 http->data_remaining = strtoll(len, NULL, 16);
1598 if (http->data_remaining < 0)
1599 {
1600 DEBUG_puts("1_httpPeek: Negative chunk length!");
1601 return (0);
1602 }
1603 }
1604
1605 DEBUG_printf(("2_httpPeek: data_remaining=" CUPS_LLFMT,
1606 CUPS_LLCAST http->data_remaining));
1607
1608 if (http->data_remaining <= 0)
1609 {
1610 /*
1611 * A zero-length chunk ends a transfer; unless we are reading POST
1612 * data, go idle...
1613 */
1614
1615 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1616 httpGets(len, sizeof(len), http);
1617
1618 if (http->state == HTTP_POST_RECV)
1619 http->state ++;
1620 else
1621 http->state = HTTP_WAITING;
1622
1623 /*
1624 * Prevent future reads for this request...
1625 */
1626
1627 http->data_encoding = HTTP_ENCODE_LENGTH;
1628
1629 return (0);
1630 }
1631 else if (length > (size_t)http->data_remaining)
1632 length = (size_t)http->data_remaining;
1633
1634 if (http->used == 0)
1635 {
1636 /*
1637 * Buffer small reads for better performance...
1638 */
1639
1640 if (!http->blocking)
1641 {
1642 while (!httpWait(http, 10000))
1643 {
1644 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
1645 continue;
1646
1647 return (0);
1648 }
1649 }
1650
1651 if (http->data_remaining > sizeof(http->buffer))
1652 bytes = sizeof(http->buffer);
1653 else
1654 bytes = http->data_remaining;
1655
1656 #ifdef HAVE_SSL
1657 if (http->tls)
1658 bytes = http_read_ssl(http, http->buffer, bytes);
1659 else
1660 #endif /* HAVE_SSL */
1661 {
1662 DEBUG_printf(("2_httpPeek: reading %d bytes from socket into buffer...",
1663 (int)bytes));
1664
1665 bytes = recv(http->fd, http->buffer, bytes, 0);
1666
1667 DEBUG_printf(("2_httpPeek: read %d bytes from socket into buffer...",
1668 (int)bytes));
1669 }
1670
1671 if (bytes > 0)
1672 http->used = bytes;
1673 else if (bytes < 0)
1674 {
1675 #ifdef WIN32
1676 if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
1677 {
1678 http->error = WSAGetLastError();
1679 return (-1);
1680 }
1681 #else
1682 if (errno != EINTR && errno != EAGAIN)
1683 {
1684 http->error = errno;
1685 return (-1);
1686 }
1687 #endif /* WIN32 */
1688 }
1689 else
1690 {
1691 http->error = EPIPE;
1692 return (0);
1693 }
1694 }
1695
1696 if (http->used > 0)
1697 {
1698 if (length > (size_t)http->used)
1699 length = (size_t)http->used;
1700
1701 bytes = (ssize_t)length;
1702
1703 DEBUG_printf(("2_httpPeek: grabbing %d bytes from input buffer...",
1704 (int)bytes));
1705
1706 memcpy(buffer, http->buffer, length);
1707 }
1708 else
1709 bytes = 0;
1710
1711 if (bytes < 0)
1712 {
1713 #ifdef WIN32
1714 if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
1715 bytes = 0;
1716 else
1717 http->error = WSAGetLastError();
1718 #else
1719 if (errno == EINTR || errno == EAGAIN)
1720 bytes = 0;
1721 else
1722 http->error = errno;
1723 #endif /* WIN32 */
1724 }
1725 else if (bytes == 0)
1726 {
1727 http->error = EPIPE;
1728 return (0);
1729 }
1730
1731 #ifdef DEBUG
1732 http_debug_hex("_httpPeek", buffer, (int)bytes);
1733 #endif /* DEBUG */
1734
1735 return (bytes);
1736 }
1737
1738
1739 /*
1740 * 'httpPost()' - Send a POST request to the server.
1741 */
1742
1743 int /* O - Status of call (0 = success) */
1744 httpPost(http_t *http, /* I - Connection to server */
1745 const char *uri) /* I - URI for post */
1746 {
1747 return (http_send(http, HTTP_POST, uri));
1748 }
1749
1750
1751 /*
1752 * 'httpPrintf()' - Print a formatted string to a HTTP connection.
1753 *
1754 * @private@
1755 */
1756
1757 int /* O - Number of bytes written */
1758 httpPrintf(http_t *http, /* I - Connection to server */
1759 const char *format, /* I - printf-style format string */
1760 ...) /* I - Additional args as needed */
1761 {
1762 int bytes; /* Number of bytes to write */
1763 char buf[16384]; /* Buffer for formatted string */
1764 va_list ap; /* Variable argument pointer */
1765
1766
1767 DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
1768
1769 va_start(ap, format);
1770 bytes = vsnprintf(buf, sizeof(buf), format, ap);
1771 va_end(ap);
1772
1773 DEBUG_printf(("3httpPrintf: %s", buf));
1774
1775 if (http->data_encoding == HTTP_ENCODE_FIELDS)
1776 return (httpWrite2(http, buf, bytes));
1777 else
1778 {
1779 if (http->wused)
1780 {
1781 DEBUG_puts("4httpPrintf: flushing existing data...");
1782
1783 if (httpFlushWrite(http) < 0)
1784 return (-1);
1785 }
1786
1787 return (http_write(http, buf, bytes));
1788 }
1789 }
1790
1791
1792 /*
1793 * 'httpPut()' - Send a PUT request to the server.
1794 */
1795
1796 int /* O - Status of call (0 = success) */
1797 httpPut(http_t *http, /* I - Connection to server */
1798 const char *uri) /* I - URI to put */
1799 {
1800 DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
1801 return (http_send(http, HTTP_PUT, uri));
1802 }
1803
1804
1805 /*
1806 * 'httpRead()' - Read data from a HTTP connection.
1807 *
1808 * This function is deprecated. Use the httpRead2() function which can
1809 * read more than 2GB of data.
1810 *
1811 * @deprecated@
1812 */
1813
1814 int /* O - Number of bytes read */
1815 httpRead(http_t *http, /* I - Connection to server */
1816 char *buffer, /* I - Buffer for data */
1817 int length) /* I - Maximum number of bytes */
1818 {
1819 return ((int)httpRead2(http, buffer, length));
1820 }
1821
1822
1823 /*
1824 * 'httpRead2()' - Read data from a HTTP connection.
1825 *
1826 * @since CUPS 1.2/Mac OS X 10.5@
1827 */
1828
1829 ssize_t /* O - Number of bytes read */
1830 httpRead2(http_t *http, /* I - Connection to server */
1831 char *buffer, /* I - Buffer for data */
1832 size_t length) /* I - Maximum number of bytes */
1833 {
1834 ssize_t bytes; /* Bytes read */
1835 char len[32]; /* Length string */
1836
1837
1838 DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
1839 http, buffer, CUPS_LLCAST length));
1840
1841 if (http == NULL || buffer == NULL)
1842 return (-1);
1843
1844 http->activity = time(NULL);
1845 http->error = 0;
1846
1847 if (length <= 0)
1848 return (0);
1849
1850 if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
1851 http->data_remaining <= 0)
1852 {
1853 DEBUG_puts("2httpRead2: Getting chunk length...");
1854
1855 if (httpGets(len, sizeof(len), http) == NULL)
1856 {
1857 DEBUG_puts("1httpRead2: Could not get length!");
1858 return (0);
1859 }
1860
1861 http->data_remaining = strtoll(len, NULL, 16);
1862 if (http->data_remaining < 0)
1863 {
1864 DEBUG_puts("1httpRead2: Negative chunk length!");
1865 return (0);
1866 }
1867 }
1868
1869 DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT,
1870 CUPS_LLCAST http->data_remaining));
1871
1872 if (http->data_remaining <= 0)
1873 {
1874 /*
1875 * A zero-length chunk ends a transfer; unless we are reading POST
1876 * data, go idle...
1877 */
1878
1879 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
1880 httpGets(len, sizeof(len), http);
1881
1882 if (http->state == HTTP_POST_RECV)
1883 http->state ++;
1884 else
1885 http->state = HTTP_WAITING;
1886
1887 /*
1888 * Prevent future reads for this request...
1889 */
1890
1891 http->data_encoding = HTTP_ENCODE_LENGTH;
1892
1893 return (0);
1894 }
1895 else if (length > (size_t)http->data_remaining)
1896 length = (size_t)http->data_remaining;
1897
1898 if (http->used == 0 && length <= 256)
1899 {
1900 /*
1901 * Buffer small reads for better performance...
1902 */
1903
1904 if (!http->blocking)
1905 {
1906 while (!httpWait(http, 10000))
1907 {
1908 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
1909 continue;
1910
1911 return (0);
1912 }
1913 }
1914
1915 if (http->data_remaining > sizeof(http->buffer))
1916 bytes = sizeof(http->buffer);
1917 else
1918 bytes = http->data_remaining;
1919
1920 #ifdef HAVE_SSL
1921 if (http->tls)
1922 bytes = http_read_ssl(http, http->buffer, bytes);
1923 else
1924 #endif /* HAVE_SSL */
1925 {
1926 DEBUG_printf(("2httpRead2: reading %d bytes from socket into buffer...",
1927 (int)bytes));
1928
1929 bytes = recv(http->fd, http->buffer, bytes, 0);
1930
1931 DEBUG_printf(("2httpRead2: read %d bytes from socket into buffer...",
1932 (int)bytes));
1933 }
1934
1935 if (bytes > 0)
1936 http->used = bytes;
1937 else if (bytes < 0)
1938 {
1939 #ifdef WIN32
1940 if (WSAGetLastError() != WSAEINTR)
1941 {
1942 http->error = WSAGetLastError();
1943 return (-1);
1944 }
1945 else if (WSAGetLastError() == WSAEWOULDBLOCK)
1946 {
1947 if (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data))
1948 {
1949 http->error = WSAEWOULDBLOCK;
1950 return (-1);
1951 }
1952 }
1953 #else
1954 if (errno == EWOULDBLOCK || errno == EAGAIN)
1955 {
1956 if (http->timeout_cb && !(*http->timeout_cb)(http, http->timeout_data))
1957 {
1958 http->error = errno;
1959 return (-1);
1960 }
1961 else if (!http->timeout_cb && errno != EAGAIN)
1962 {
1963 http->error = errno;
1964 return (-1);
1965 }
1966 }
1967 else if (errno != EINTR)
1968 {
1969 http->error = errno;
1970 return (-1);
1971 }
1972 #endif /* WIN32 */
1973 }
1974 else
1975 {
1976 http->error = EPIPE;
1977 return (0);
1978 }
1979 }
1980
1981 if (http->used > 0)
1982 {
1983 if (length > (size_t)http->used)
1984 length = (size_t)http->used;
1985
1986 bytes = (ssize_t)length;
1987
1988 DEBUG_printf(("2httpRead2: grabbing %d bytes from input buffer...",
1989 (int)bytes));
1990
1991 memcpy(buffer, http->buffer, length);
1992 http->used -= (int)length;
1993
1994 if (http->used > 0)
1995 memmove(http->buffer, http->buffer + length, http->used);
1996 }
1997 #ifdef HAVE_SSL
1998 else if (http->tls)
1999 {
2000 if (!http->blocking)
2001 {
2002 while (!httpWait(http, 10000))
2003 {
2004 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
2005 continue;
2006
2007 return (0);
2008 }
2009 }
2010
2011 bytes = (ssize_t)http_read_ssl(http, buffer, (int)length);
2012 }
2013 #endif /* HAVE_SSL */
2014 else
2015 {
2016 if (!http->blocking)
2017 {
2018 while (!httpWait(http, 10000))
2019 {
2020 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
2021 continue;
2022
2023 return (0);
2024 }
2025 }
2026
2027 DEBUG_printf(("2httpRead2: reading " CUPS_LLFMT " bytes from socket...",
2028 CUPS_LLCAST length));
2029
2030 #ifdef WIN32
2031 while ((bytes = (ssize_t)recv(http->fd, buffer, (int)length, 0)) < 0)
2032 {
2033 if (WSAGetLastError() == WSAEWOULDBLOCK)
2034 {
2035 if (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data))
2036 break;
2037 }
2038 else if (WSAGetLastError() != WSAEINTR)
2039 break;
2040 }
2041 #else
2042 while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
2043 {
2044 if (errno == EWOULDBLOCK || errno == EAGAIN)
2045 {
2046 if (http->timeout_cb && !(*http->timeout_cb)(http, http->timeout_data))
2047 break;
2048 else if (!http->timeout_cb && errno != EAGAIN)
2049 break;
2050 }
2051 else if (errno != EINTR)
2052 break;
2053 }
2054 #endif /* WIN32 */
2055
2056 DEBUG_printf(("2httpRead2: read " CUPS_LLFMT " bytes from socket...",
2057 CUPS_LLCAST bytes));
2058 }
2059
2060 if (bytes > 0)
2061 {
2062 http->data_remaining -= bytes;
2063
2064 if (http->data_remaining <= INT_MAX)
2065 http->_data_remaining = (int)http->data_remaining;
2066 else
2067 http->_data_remaining = INT_MAX;
2068 }
2069 else if (bytes < 0)
2070 {
2071 #ifdef WIN32
2072 if (WSAGetLastError() == WSAEINTR)
2073 bytes = 0;
2074 else
2075 http->error = WSAGetLastError();
2076 #else
2077 if (errno == EINTR || (errno == EAGAIN && !http->timeout_cb))
2078 bytes = 0;
2079 else
2080 http->error = errno;
2081 #endif /* WIN32 */
2082 }
2083 else
2084 {
2085 http->error = EPIPE;
2086 return (0);
2087 }
2088
2089 if (http->data_remaining == 0)
2090 {
2091 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
2092 httpGets(len, sizeof(len), http);
2093
2094 if (http->data_encoding != HTTP_ENCODE_CHUNKED)
2095 {
2096 if (http->state == HTTP_POST_RECV)
2097 http->state ++;
2098 else
2099 http->state = HTTP_WAITING;
2100 }
2101 }
2102
2103 #ifdef DEBUG
2104 http_debug_hex("httpRead2", buffer, (int)bytes);
2105 #endif /* DEBUG */
2106
2107 return (bytes);
2108 }
2109
2110
2111 #if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
2112 /*
2113 * '_httpReadCDSA()' - Read function for the CDSA library.
2114 */
2115
2116 OSStatus /* O - -1 on error, 0 on success */
2117 _httpReadCDSA(
2118 SSLConnectionRef connection, /* I - SSL/TLS connection */
2119 void *data, /* I - Data buffer */
2120 size_t *dataLength) /* IO - Number of bytes */
2121 {
2122 OSStatus result; /* Return value */
2123 ssize_t bytes; /* Number of bytes read */
2124 http_t *http; /* HTTP connection */
2125
2126
2127 http = (http_t *)connection;
2128
2129 if (!http->blocking)
2130 {
2131 /*
2132 * Make sure we have data before we read...
2133 */
2134
2135 while (!_httpWait(http, 10000, 0))
2136 {
2137 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
2138 continue;
2139
2140 http->error = ETIMEDOUT;
2141 return (-1);
2142 }
2143 }
2144
2145 do
2146 {
2147 bytes = recv(http->fd, data, *dataLength, 0);
2148 }
2149 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
2150
2151 if (bytes == *dataLength)
2152 {
2153 result = 0;
2154 }
2155 else if (bytes > 0)
2156 {
2157 *dataLength = bytes;
2158 result = errSSLWouldBlock;
2159 }
2160 else
2161 {
2162 *dataLength = 0;
2163
2164 if (bytes == 0)
2165 result = errSSLClosedGraceful;
2166 else if (errno == EAGAIN)
2167 result = errSSLWouldBlock;
2168 else
2169 result = errSSLClosedAbort;
2170 }
2171
2172 return (result);
2173 }
2174 #endif /* HAVE_SSL && HAVE_CDSASSL */
2175
2176
2177 #if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
2178 /*
2179 * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
2180 */
2181
2182 ssize_t /* O - Number of bytes read or -1 on error */
2183 _httpReadGNUTLS(
2184 gnutls_transport_ptr ptr, /* I - Connection to server */
2185 void *data, /* I - Buffer */
2186 size_t length) /* I - Number of bytes to read */
2187 {
2188 http_t *http; /* HTTP connection */
2189 ssize_t bytes; /* Bytes read */
2190
2191
2192 DEBUG_printf(("6_httpReadGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data, (int)length));
2193
2194 http = (http_t *)ptr;
2195
2196 if (!http->blocking)
2197 {
2198 /*
2199 * Make sure we have data before we read...
2200 */
2201
2202 while (!_httpWait(http, 10000, 0))
2203 {
2204 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
2205 continue;
2206
2207 http->error = ETIMEDOUT;
2208 return (-1);
2209 }
2210 }
2211
2212 bytes = recv(http->fd, data, length, 0);
2213 DEBUG_printf(("6_httpReadGNUTLS: bytes=%d", (int)bytes));
2214 return (bytes);
2215 }
2216 #endif /* HAVE_SSL && HAVE_GNUTLS */
2217
2218
2219 /*
2220 * 'httpReconnect()' - Reconnect to a HTTP server.
2221 */
2222
2223 int /* O - 0 on success, non-zero on failure */
2224 httpReconnect(http_t *http) /* I - Connection to server */
2225 {
2226 http_addrlist_t *addr; /* Connected address */
2227 #ifdef DEBUG
2228 http_addrlist_t *current; /* Current address */
2229 char temp[256]; /* Temporary address string */
2230 #endif /* DEBUG */
2231
2232
2233 DEBUG_printf(("httpReconnect(http=%p)", http));
2234
2235 if (!http)
2236 return (-1);
2237
2238 #ifdef HAVE_SSL
2239 if (http->tls)
2240 {
2241 DEBUG_puts("2httpReconnect: Shutting down SSL/TLS...");
2242 http_shutdown_ssl(http);
2243 }
2244 #endif /* HAVE_SSL */
2245
2246 /*
2247 * Close any previously open socket...
2248 */
2249
2250 if (http->fd >= 0)
2251 {
2252 DEBUG_printf(("2httpReconnect: Closing socket %d...", http->fd));
2253
2254 #ifdef WIN32
2255 closesocket(http->fd);
2256 #else
2257 close(http->fd);
2258 #endif /* WIN32 */
2259
2260 http->fd = -1;
2261 }
2262
2263 /*
2264 * Connect to the server...
2265 */
2266
2267 #ifdef DEBUG
2268 for (current = http->addrlist; current; current = current->next)
2269 DEBUG_printf(("2httpReconnect: Address %s:%d",
2270 httpAddrString(&(current->addr), temp, sizeof(temp)),
2271 _httpAddrPort(&(current->addr))));
2272 #endif /* DEBUG */
2273
2274 if ((addr = httpAddrConnect(http->addrlist, &(http->fd))) == NULL)
2275 {
2276 /*
2277 * Unable to connect...
2278 */
2279
2280 #ifdef WIN32
2281 http->error = WSAGetLastError();
2282 #else
2283 http->error = errno;
2284 #endif /* WIN32 */
2285 http->status = HTTP_ERROR;
2286
2287 DEBUG_printf(("1httpReconnect: httpAddrConnect failed: %s",
2288 strerror(http->error)));
2289
2290 return (-1);
2291 }
2292
2293 DEBUG_printf(("2httpReconnect: New socket=%d", http->fd));
2294
2295 if (http->timeout_value.tv_sec > 0)
2296 {
2297 #ifdef WIN32
2298 DWORD timeout_value = http->timeout_value.tv_sec * 1000 +
2299 http->timeout_value.tv_usec / 1000;
2300 /* Timeout in milliseconds */
2301
2302 setsockopt(http->fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout_value,
2303 sizeof(timeout_value));
2304 setsockopt(http->fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout_value,
2305 sizeof(timeout_value));
2306 #else
2307 setsockopt(http->fd, SOL_SOCKET, SO_RCVTIMEO, &(http->timeout_value),
2308 sizeof(http->timeout_value));
2309 setsockopt(http->fd, SOL_SOCKET, SO_SNDTIMEO, &(http->timeout_value),
2310 sizeof(http->timeout_value));
2311 #endif /* WIN32 */
2312 }
2313
2314 http->hostaddr = &(addr->addr);
2315 http->error = 0;
2316 http->status = HTTP_CONTINUE;
2317
2318 #ifdef HAVE_SSL
2319 if (http->encryption == HTTP_ENCRYPT_ALWAYS)
2320 {
2321 /*
2322 * Always do encryption via SSL.
2323 */
2324
2325 if (http_setup_ssl(http) != 0)
2326 {
2327 # ifdef WIN32
2328 closesocket(http->fd);
2329 # else
2330 close(http->fd);
2331 # endif /* WIN32 */
2332
2333 return (-1);
2334 }
2335 }
2336 else if (http->encryption == HTTP_ENCRYPT_REQUIRED)
2337 return (http_upgrade(http));
2338 #endif /* HAVE_SSL */
2339
2340 DEBUG_printf(("1httpReconnect: Connected to %s:%d...",
2341 httpAddrString(http->hostaddr, temp, sizeof(temp)),
2342 _httpAddrPort(http->hostaddr)));
2343
2344 return (0);
2345 }
2346
2347
2348 /*
2349 * 'httpSetAuthString()' - Set the current authorization string.
2350 *
2351 * This function just stores a copy of the current authorization string in
2352 * the HTTP connection object. You must still call httpSetField() to set
2353 * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
2354 * httpHead(), httpOptions(), httpPost, or httpPut().
2355 *
2356 * @since CUPS 1.3/Mac OS X 10.5@
2357 */
2358
2359 void
2360 httpSetAuthString(http_t *http, /* I - Connection to server */
2361 const char *scheme, /* I - Auth scheme (NULL to clear it) */
2362 const char *data) /* I - Auth data (NULL for none) */
2363 {
2364 /*
2365 * Range check input...
2366 */
2367
2368 if (!http)
2369 return;
2370
2371 if (http->authstring && http->authstring != http->_authstring)
2372 free(http->authstring);
2373
2374 http->authstring = http->_authstring;
2375
2376 if (scheme)
2377 {
2378 /*
2379 * Set the current authorization string...
2380 */
2381
2382 int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
2383 char *temp;
2384
2385 if (len > (int)sizeof(http->_authstring))
2386 {
2387 if ((temp = malloc(len)) == NULL)
2388 len = sizeof(http->_authstring);
2389 else
2390 http->authstring = temp;
2391 }
2392
2393 if (data)
2394 snprintf(http->authstring, len, "%s %s", scheme, data);
2395 else
2396 strlcpy(http->authstring, scheme, len);
2397 }
2398 else
2399 {
2400 /*
2401 * Clear the current authorization string...
2402 */
2403
2404 http->_authstring[0] = '\0';
2405 }
2406 }
2407
2408
2409 /*
2410 * 'httpSetCredentials()' - Set the credentials associated with an encrypted
2411 * connection.
2412 *
2413 * @since CUPS 1.5/Mac OS X 10.7@
2414 */
2415
2416 int /* O - Status of call (0 = success) */
2417 httpSetCredentials(http_t *http, /* I - Connection to server */
2418 cups_array_t *credentials) /* I - Array of credentials */
2419 {
2420 if (!http || cupsArrayCount(credentials) < 1)
2421 return (-1);
2422
2423 _httpFreeCredentials(http->tls_credentials);
2424
2425 http->tls_credentials = _httpConvertCredentials(credentials);
2426
2427 return (http->tls_credentials ? 0 : -1);
2428 }
2429
2430
2431 /*
2432 * 'httpSetCookie()' - Set the cookie value(s).
2433 *
2434 * @since CUPS 1.1.19/Mac OS X 10.3@
2435 */
2436
2437 void
2438 httpSetCookie(http_t *http, /* I - Connection */
2439 const char *cookie) /* I - Cookie string */
2440 {
2441 if (!http)
2442 return;
2443
2444 if (http->cookie)
2445 free(http->cookie);
2446
2447 if (cookie)
2448 http->cookie = strdup(cookie);
2449 else
2450 http->cookie = NULL;
2451 }
2452
2453
2454 /*
2455 * 'httpSetExpect()' - Set the Expect: header in a request.
2456 *
2457 * Currently only HTTP_CONTINUE is supported for the "expect" argument.
2458 *
2459 * @since CUPS 1.2/Mac OS X 10.5@
2460 */
2461
2462 void
2463 httpSetExpect(http_t *http, /* I - Connection to server */
2464 http_status_t expect) /* I - HTTP status to expect (HTTP_CONTINUE) */
2465 {
2466 if (http)
2467 http->expect = expect;
2468 }
2469
2470
2471 /*
2472 * 'httpSetField()' - Set the value of an HTTP header.
2473 */
2474
2475 void
2476 httpSetField(http_t *http, /* I - Connection to server */
2477 http_field_t field, /* I - Field index */
2478 const char *value) /* I - Value */
2479 {
2480 if (http == NULL ||
2481 field < HTTP_FIELD_ACCEPT_LANGUAGE ||
2482 field > HTTP_FIELD_WWW_AUTHENTICATE ||
2483 value == NULL)
2484 return;
2485
2486 strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
2487
2488 if (field == HTTP_FIELD_AUTHORIZATION)
2489 {
2490 /*
2491 * Special case for Authorization: as its contents can be
2492 * longer than HTTP_MAX_VALUE
2493 */
2494
2495 if (http->field_authorization)
2496 free(http->field_authorization);
2497
2498 http->field_authorization = strdup(value);
2499 }
2500 else if (field == HTTP_FIELD_HOST)
2501 {
2502 /*
2503 * Special-case for Host: as we don't want a trailing "." on the hostname and
2504 * need to bracket IPv6 numeric addresses.
2505 */
2506
2507 char *ptr = strchr(value, ':');
2508
2509 if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
2510 {
2511 /*
2512 * Bracket IPv6 numeric addresses...
2513 *
2514 * This is slightly inefficient (basically copying twice), but is an edge
2515 * case and not worth optimizing...
2516 */
2517
2518 snprintf(http->fields[HTTP_FIELD_HOST],
2519 sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
2520 }
2521 else
2522 {
2523 /*
2524 * Check for a trailing dot on the hostname...
2525 */
2526
2527 ptr = http->fields[HTTP_FIELD_HOST];
2528
2529 if (*ptr)
2530 {
2531 ptr += strlen(ptr) - 1;
2532
2533 if (*ptr == '.')
2534 *ptr = '\0';
2535 }
2536 }
2537 }
2538 }
2539
2540
2541 /*
2542 * 'httpSetLength()' - Set the content-length and content-encoding.
2543 *
2544 * @since CUPS 1.2/Mac OS X 10.5@
2545 */
2546
2547 void
2548 httpSetLength(http_t *http, /* I - Connection to server */
2549 size_t length) /* I - Length (0 for chunked) */
2550 {
2551 if (!http)
2552 return;
2553
2554 if (!length)
2555 {
2556 strcpy(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked");
2557 http->fields[HTTP_FIELD_CONTENT_LENGTH][0] = '\0';
2558 }
2559 else
2560 {
2561 http->fields[HTTP_FIELD_TRANSFER_ENCODING][0] = '\0';
2562 snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE,
2563 CUPS_LLFMT, CUPS_LLCAST length);
2564 }
2565 }
2566
2567
2568 /*
2569 * 'httpSetTimeout()' - Set read/write timeouts and an optional callback.
2570 *
2571 * The optional timeout callback receives both the HTTP connection and a user
2572 * data pointer and must return 1 to continue or 0 to error (time) out.
2573 *
2574 * @since CUPS 1.5/Mac OS X 10.7@
2575 */
2576
2577 void
2578 httpSetTimeout(
2579 http_t *http, /* I - Connection to server */
2580 double timeout, /* I - Number of seconds for timeout,
2581 must be greater than 0 */
2582 http_timeout_cb_t cb, /* I - Callback function or NULL */
2583 void *user_data) /* I - User data pointer */
2584 {
2585 if (!http || timeout <= 0.0)
2586 return;
2587
2588 http->timeout_cb = cb;
2589 http->timeout_data = user_data;
2590 http->timeout_value.tv_sec = (int)timeout;
2591 http->timeout_value.tv_usec = (int)(timeout * 1000000) % 1000000;
2592
2593 if (http->fd >= 0)
2594 {
2595 #ifdef WIN32
2596 DWORD timeout_value = http->timeout_value.tv_sec * 1000 +
2597 http->timeout_value.tv_usec / 1000;
2598 /* Timeout in milliseconds */
2599
2600 setsockopt(http->fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout_value,
2601 sizeof(timeout_value));
2602 setsockopt(http->fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout_value,
2603 sizeof(timeout_value));
2604
2605 #else
2606 setsockopt(http->fd, SOL_SOCKET, SO_RCVTIMEO, &(http->timeout_value),
2607 sizeof(http->timeout_value));
2608 setsockopt(http->fd, SOL_SOCKET, SO_SNDTIMEO, &(http->timeout_value),
2609 sizeof(http->timeout_value));
2610 #endif /* WIN32 */
2611 }
2612 }
2613
2614
2615 /*
2616 * 'httpTrace()' - Send an TRACE request to the server.
2617 */
2618
2619 int /* O - Status of call (0 = success) */
2620 httpTrace(http_t *http, /* I - Connection to server */
2621 const char *uri) /* I - URI for trace */
2622 {
2623 return (http_send(http, HTTP_TRACE, uri));
2624 }
2625
2626
2627 /*
2628 * '_httpUpdate()' - Update the current HTTP status for incoming data.
2629 *
2630 * Note: Unlike httpUpdate(), this function does not flush pending write data
2631 * and only retrieves a single status line from the HTTP connection.
2632 */
2633
2634 int /* O - 1 to continue, 0 to stop */
2635 _httpUpdate(http_t *http, /* I - Connection to server */
2636 http_status_t *status) /* O - Current HTTP status */
2637 {
2638 char line[32768], /* Line from connection... */
2639 *value; /* Pointer to value on line */
2640 http_field_t field; /* Field index */
2641 int major, minor; /* HTTP version numbers */
2642
2643
2644 DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", http, status,
2645 http_states[http->state]));
2646
2647 /*
2648 * Grab a single line from the connection...
2649 */
2650
2651 if (!httpGets(line, sizeof(line), http))
2652 {
2653 *status = HTTP_ERROR;
2654 return (0);
2655 }
2656
2657 DEBUG_printf(("2_httpUpdate: Got \"%s\"", line));
2658
2659 if (line[0] == '\0')
2660 {
2661 /*
2662 * Blank line means the start of the data section (if any). Return
2663 * the result code, too...
2664 *
2665 * If we get status 100 (HTTP_CONTINUE), then we *don't* change states.
2666 * Instead, we just return HTTP_CONTINUE to the caller and keep on
2667 * tryin'...
2668 */
2669
2670 if (http->status == HTTP_CONTINUE)
2671 {
2672 *status = http->status;
2673 return (0);
2674 }
2675
2676 if (http->status < HTTP_BAD_REQUEST)
2677 http->digest_tries = 0;
2678
2679 #ifdef HAVE_SSL
2680 if (http->status == HTTP_SWITCHING_PROTOCOLS && !http->tls)
2681 {
2682 if (http_setup_ssl(http) != 0)
2683 {
2684 # ifdef WIN32
2685 closesocket(http->fd);
2686 # else
2687 close(http->fd);
2688 # endif /* WIN32 */
2689
2690 *status = http->status = HTTP_ERROR;
2691 return (0);
2692 }
2693
2694 *status = HTTP_CONTINUE;
2695 return (0);
2696 }
2697 #endif /* HAVE_SSL */
2698
2699 httpGetLength2(http);
2700
2701 switch (http->state)
2702 {
2703 case HTTP_GET :
2704 case HTTP_POST :
2705 case HTTP_POST_RECV :
2706 case HTTP_PUT :
2707 http->state ++;
2708 case HTTP_POST_SEND :
2709 case HTTP_HEAD :
2710 break;
2711
2712 default :
2713 http->state = HTTP_WAITING;
2714 break;
2715 }
2716
2717 *status = http->status;
2718 return (0);
2719 }
2720 else if (!strncmp(line, "HTTP/", 5))
2721 {
2722 /*
2723 * Got the beginning of a response...
2724 */
2725
2726 int intstatus; /* Status value as an integer */
2727
2728 if (sscanf(line, "HTTP/%d.%d%d", &major, &minor, &intstatus) != 3)
2729 {
2730 *status = http->status = HTTP_ERROR;
2731 return (0);
2732 }
2733
2734 http->version = (http_version_t)(major * 100 + minor);
2735 *status = http->status = (http_status_t)intstatus;
2736 }
2737 else if ((value = strchr(line, ':')) != NULL)
2738 {
2739 /*
2740 * Got a value...
2741 */
2742
2743 *value++ = '\0';
2744 while (_cups_isspace(*value))
2745 value ++;
2746
2747 /*
2748 * Be tolerants of servers that send unknown attribute fields...
2749 */
2750
2751 if (!_cups_strcasecmp(line, "expect"))
2752 {
2753 /*
2754 * "Expect: 100-continue" or similar...
2755 */
2756
2757 http->expect = (http_status_t)atoi(value);
2758 }
2759 else if (!_cups_strcasecmp(line, "cookie"))
2760 {
2761 /*
2762 * "Cookie: name=value[; name=value ...]" - replaces previous cookies...
2763 */
2764
2765 httpSetCookie(http, value);
2766 }
2767 else if ((field = http_field(line)) != HTTP_FIELD_UNKNOWN)
2768 httpSetField(http, field, value);
2769 #ifdef DEBUG
2770 else
2771 DEBUG_printf(("1_httpUpdate: unknown field %s seen!", line));
2772 #endif /* DEBUG */
2773 }
2774 else
2775 {
2776 DEBUG_printf(("1_httpUpdate: Bad response line \"%s\"!", line));
2777 *status = http->status = HTTP_ERROR;
2778 return (0);
2779 }
2780
2781 return (1);
2782 }
2783
2784
2785 /*
2786 * 'httpUpdate()' - Update the current HTTP state for incoming data.
2787 */
2788
2789 http_status_t /* O - HTTP status */
2790 httpUpdate(http_t *http) /* I - Connection to server */
2791 {
2792 http_status_t status; /* Request status */
2793
2794
2795 DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
2796 http_states[http->state]));
2797
2798 /*
2799 * Flush pending data, if any...
2800 */
2801
2802 if (http->wused)
2803 {
2804 DEBUG_puts("2httpUpdate: flushing buffer...");
2805
2806 if (httpFlushWrite(http) < 0)
2807 return (HTTP_ERROR);
2808 }
2809
2810 /*
2811 * If we haven't issued any commands, then there is nothing to "update"...
2812 */
2813
2814 if (http->state == HTTP_WAITING)
2815 return (HTTP_CONTINUE);
2816
2817 /*
2818 * Grab all of the lines we can from the connection...
2819 */
2820
2821 while (_httpUpdate(http, &status));
2822
2823 /*
2824 * See if there was an error...
2825 */
2826
2827 if (http->error == EPIPE && http->status > HTTP_CONTINUE)
2828 {
2829 DEBUG_printf(("1httpUpdate: Returning status %d...", http->status));
2830 return (http->status);
2831 }
2832
2833 if (http->error)
2834 {
2835 DEBUG_printf(("1httpUpdate: socket error %d - %s", http->error,
2836 strerror(http->error)));
2837 http->status = HTTP_ERROR;
2838 return (HTTP_ERROR);
2839 }
2840
2841 /*
2842 * Return the current status...
2843 */
2844
2845 return (status);
2846 }
2847
2848
2849 /*
2850 * '_httpWait()' - Wait for data available on a connection (no flush).
2851 */
2852
2853 int /* O - 1 if data is available, 0 otherwise */
2854 _httpWait(http_t *http, /* I - Connection to server */
2855 int msec, /* I - Milliseconds to wait */
2856 int usessl) /* I - Use SSL context? */
2857 {
2858 #ifdef HAVE_POLL
2859 struct pollfd pfd; /* Polled file descriptor */
2860 #else
2861 fd_set input_set; /* select() input set */
2862 struct timeval timeout; /* Timeout */
2863 #endif /* HAVE_POLL */
2864 int nfds; /* Result from select()/poll() */
2865
2866
2867 DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
2868
2869 if (http->fd < 0)
2870 {
2871 DEBUG_printf(("5_httpWait: Returning 0 since fd=%d", http->fd));
2872 return (0);
2873 }
2874
2875 /*
2876 * Check the SSL/TLS buffers for data first...
2877 */
2878
2879 #ifdef HAVE_SSL
2880 if (http->tls && usessl)
2881 {
2882 # ifdef HAVE_LIBSSL
2883 if (SSL_pending(http->tls))
2884 {
2885 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2886 return (1);
2887 }
2888
2889 # elif defined(HAVE_GNUTLS)
2890 if (gnutls_record_check_pending(http->tls))
2891 {
2892 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2893 return (1);
2894 }
2895
2896 # elif defined(HAVE_CDSASSL)
2897 size_t bytes; /* Bytes that are available */
2898
2899 if (!SSLGetBufferedReadSize(http->tls, &bytes) &&
2900 bytes > 0)
2901 {
2902 DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
2903 return (1);
2904 }
2905 # endif /* HAVE_LIBSSL */
2906 }
2907 #endif /* HAVE_SSL */
2908
2909 /*
2910 * Then try doing a select() or poll() to poll the socket...
2911 */
2912
2913 #ifdef HAVE_POLL
2914 pfd.fd = http->fd;
2915 pfd.events = POLLIN;
2916
2917 while ((nfds = poll(&pfd, 1, msec)) < 0 &&
2918 (errno == EINTR || errno == EAGAIN));
2919
2920 #else
2921 do
2922 {
2923 FD_ZERO(&input_set);
2924 FD_SET(http->fd, &input_set);
2925
2926 DEBUG_printf(("6_httpWait: msec=%d, http->fd=%d", msec, http->fd));
2927
2928 if (msec >= 0)
2929 {
2930 timeout.tv_sec = msec / 1000;
2931 timeout.tv_usec = (msec % 1000) * 1000;
2932
2933 nfds = select(http->fd + 1, &input_set, NULL, NULL, &timeout);
2934 }
2935 else
2936 nfds = select(http->fd + 1, &input_set, NULL, NULL, NULL);
2937
2938 DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
2939 }
2940 # ifdef WIN32
2941 while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
2942 WSAGetLastError() == WSAEWOULDBLOCK));
2943 # else
2944 while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
2945 # endif /* WIN32 */
2946 #endif /* HAVE_POLL */
2947
2948 DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
2949 errno));
2950
2951 return (nfds > 0);
2952 }
2953
2954
2955 /*
2956 * 'httpWait()' - Wait for data available on a connection.
2957 *
2958 * @since CUPS 1.1.19/Mac OS X 10.3@
2959 */
2960
2961 int /* O - 1 if data is available, 0 otherwise */
2962 httpWait(http_t *http, /* I - Connection to server */
2963 int msec) /* I - Milliseconds to wait */
2964 {
2965 /*
2966 * First see if there is data in the buffer...
2967 */
2968
2969 DEBUG_printf(("2httpWait(http=%p, msec=%d)", http, msec));
2970
2971 if (http == NULL)
2972 return (0);
2973
2974 if (http->used)
2975 {
2976 DEBUG_puts("3httpWait: Returning 1 since there is buffered data ready.");
2977 return (1);
2978 }
2979
2980 /*
2981 * Flush pending data, if any...
2982 */
2983
2984 if (http->wused)
2985 {
2986 DEBUG_puts("3httpWait: Flushing write buffer.");
2987
2988 if (httpFlushWrite(http) < 0)
2989 return (0);
2990 }
2991
2992 /*
2993 * If not, check the SSL/TLS buffers and do a select() on the connection...
2994 */
2995
2996 return (_httpWait(http, msec, 1));
2997 }
2998
2999
3000 /*
3001 * 'httpWrite()' - Write data to a HTTP connection.
3002 *
3003 * This function is deprecated. Use the httpWrite2() function which can
3004 * write more than 2GB of data.
3005 *
3006 * @deprecated@
3007 */
3008
3009 int /* O - Number of bytes written */
3010 httpWrite(http_t *http, /* I - Connection to server */
3011 const char *buffer, /* I - Buffer for data */
3012 int length) /* I - Number of bytes to write */
3013 {
3014 return ((int)httpWrite2(http, buffer, length));
3015 }
3016
3017
3018 /*
3019 * 'httpWrite2()' - Write data to a HTTP connection.
3020 *
3021 * @since CUPS 1.2/Mac OS X 10.5@
3022 */
3023
3024 ssize_t /* O - Number of bytes written */
3025 httpWrite2(http_t *http, /* I - Connection to server */
3026 const char *buffer, /* I - Buffer for data */
3027 size_t length) /* I - Number of bytes to write */
3028 {
3029 ssize_t bytes; /* Bytes written */
3030
3031
3032 DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
3033 buffer, CUPS_LLCAST length));
3034
3035 /*
3036 * Range check input...
3037 */
3038
3039 if (http == NULL || buffer == NULL)
3040 return (-1);
3041
3042 /*
3043 * Mark activity on the connection...
3044 */
3045
3046 http->activity = time(NULL);
3047
3048 /*
3049 * Buffer small writes for better performance...
3050 */
3051
3052 if (length > 0)
3053 {
3054 if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
3055 {
3056 DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
3057 CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
3058
3059 httpFlushWrite(http);
3060 }
3061
3062 if ((length + http->wused) <= sizeof(http->wbuffer) &&
3063 length < sizeof(http->wbuffer))
3064 {
3065 /*
3066 * Write to buffer...
3067 */
3068
3069 DEBUG_printf(("2httpWrite2: Copying " CUPS_LLFMT " bytes to wbuffer...",
3070 CUPS_LLCAST length));
3071
3072 memcpy(http->wbuffer + http->wused, buffer, length);
3073 http->wused += (int)length;
3074 bytes = (ssize_t)length;
3075 }
3076 else
3077 {
3078 /*
3079 * Otherwise write the data directly...
3080 */
3081
3082 DEBUG_printf(("2httpWrite2: Writing " CUPS_LLFMT " bytes to socket...",
3083 CUPS_LLCAST length));
3084
3085 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
3086 bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
3087 else
3088 bytes = (ssize_t)http_write(http, buffer, (int)length);
3089
3090 DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
3091 CUPS_LLCAST bytes));
3092 }
3093
3094 if (http->data_encoding == HTTP_ENCODE_LENGTH)
3095 http->data_remaining -= bytes;
3096 }
3097 else
3098 bytes = 0;
3099
3100 /*
3101 * Handle end-of-request processing...
3102 */
3103
3104 if ((http->data_encoding == HTTP_ENCODE_CHUNKED && length == 0) ||
3105 (http->data_encoding == HTTP_ENCODE_LENGTH && http->data_remaining == 0))
3106 {
3107 /*
3108 * Finished with the transfer; unless we are sending POST or PUT
3109 * data, go idle...
3110 */
3111
3112 DEBUG_puts("2httpWrite: changing states...");
3113
3114 if (http->wused)
3115 httpFlushWrite(http);
3116
3117 if (http->data_encoding == HTTP_ENCODE_CHUNKED)
3118 {
3119 /*
3120 * Send a 0-length chunk at the end of the request...
3121 */
3122
3123 http_write(http, "0\r\n\r\n", 5);
3124
3125 /*
3126 * Reset the data state...
3127 */
3128
3129 http->data_encoding = HTTP_ENCODE_LENGTH;
3130 http->data_remaining = 0;
3131 }
3132 }
3133
3134 return (bytes);
3135 }
3136
3137
3138 #if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
3139 /*
3140 * '_httpWriteCDSA()' - Write function for the CDSA library.
3141 */
3142
3143 OSStatus /* O - -1 on error, 0 on success */
3144 _httpWriteCDSA(
3145 SSLConnectionRef connection, /* I - SSL/TLS connection */
3146 const void *data, /* I - Data buffer */
3147 size_t *dataLength) /* IO - Number of bytes */
3148 {
3149 OSStatus result; /* Return value */
3150 ssize_t bytes; /* Number of bytes read */
3151 http_t *http; /* HTTP connection */
3152
3153
3154 http = (http_t *)connection;
3155
3156 do
3157 {
3158 bytes = write(http->fd, data, *dataLength);
3159 }
3160 while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
3161
3162 if (bytes == *dataLength)
3163 {
3164 result = 0;
3165 }
3166 else if (bytes >= 0)
3167 {
3168 *dataLength = bytes;
3169 result = errSSLWouldBlock;
3170 }
3171 else
3172 {
3173 *dataLength = 0;
3174
3175 if (errno == EAGAIN)
3176 result = errSSLWouldBlock;
3177 else
3178 result = errSSLClosedAbort;
3179 }
3180
3181 return (result);
3182 }
3183 #endif /* HAVE_SSL && HAVE_CDSASSL */
3184
3185
3186 #if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
3187 /*
3188 * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
3189 */
3190
3191 ssize_t /* O - Number of bytes written or -1 on error */
3192 _httpWriteGNUTLS(
3193 gnutls_transport_ptr ptr, /* I - Connection to server */
3194 const void *data, /* I - Data buffer */
3195 size_t length) /* I - Number of bytes to write */
3196 {
3197 ssize_t bytes; /* Bytes written */
3198
3199
3200 DEBUG_printf(("6_httpWriteGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data,
3201 (int)length));
3202 http_debug_hex("_httpWriteGNUTLS", data, (int)length);
3203
3204 bytes = send(((http_t *)ptr)->fd, data, length, 0);
3205 DEBUG_printf(("_httpWriteGNUTLS: bytes=%d", (int)bytes));
3206 return (bytes);
3207 }
3208 #endif /* HAVE_SSL && HAVE_GNUTLS */
3209
3210
3211 #if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
3212 /*
3213 * 'http_bio_ctrl()' - Control the HTTP connection.
3214 */
3215
3216 static long /* O - Result/data */
3217 http_bio_ctrl(BIO *h, /* I - BIO data */
3218 int cmd, /* I - Control command */
3219 long arg1, /* I - First argument */
3220 void *arg2) /* I - Second argument */
3221 {
3222 switch (cmd)
3223 {
3224 default :
3225 return (0);
3226
3227 case BIO_CTRL_RESET :
3228 h->ptr = NULL;
3229 return (0);
3230
3231 case BIO_C_SET_FILE_PTR :
3232 h->ptr = arg2;
3233 h->init = 1;
3234 return (1);
3235
3236 case BIO_C_GET_FILE_PTR :
3237 if (arg2)
3238 {
3239 *((void **)arg2) = h->ptr;
3240 return (1);
3241 }
3242 else
3243 return (0);
3244
3245 case BIO_CTRL_DUP :
3246 case BIO_CTRL_FLUSH :
3247 return (1);
3248 }
3249 }
3250
3251
3252 /*
3253 * 'http_bio_free()' - Free OpenSSL data.
3254 */
3255
3256 static int /* O - 1 on success, 0 on failure */
3257 http_bio_free(BIO *h) /* I - BIO data */
3258 {
3259 if (!h)
3260 return (0);
3261
3262 if (h->shutdown)
3263 {
3264 h->init = 0;
3265 h->flags = 0;
3266 }
3267
3268 return (1);
3269 }
3270
3271
3272 /*
3273 * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
3274 */
3275
3276 static int /* O - 1 on success, 0 on failure */
3277 http_bio_new(BIO *h) /* I - BIO data */
3278 {
3279 if (!h)
3280 return (0);
3281
3282 h->init = 0;
3283 h->num = 0;
3284 h->ptr = NULL;
3285 h->flags = 0;
3286
3287 return (1);
3288 }
3289
3290
3291 /*
3292 * 'http_bio_puts()' - Send a string for OpenSSL.
3293 */
3294
3295 static int /* O - Bytes written */
3296 http_bio_puts(BIO *h, /* I - BIO data */
3297 const char *str) /* I - String to write */
3298 {
3299 #ifdef WIN32
3300 return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
3301 #else
3302 return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
3303 #endif /* WIN32 */
3304 }
3305
3306
3307 /*
3308 * 'http_bio_read()' - Read data for OpenSSL.
3309 */
3310
3311 static int /* O - Bytes read */
3312 http_bio_read(BIO *h, /* I - BIO data */
3313 char *buf, /* I - Buffer */
3314 int size) /* I - Number of bytes to read */
3315 {
3316 http_t *http; /* HTTP connection */
3317
3318
3319 http = (http_t *)h->ptr;
3320
3321 if (!http->blocking)
3322 {
3323 /*
3324 * Make sure we have data before we read...
3325 */
3326
3327 while (!_httpWait(http, 10000, 0))
3328 {
3329 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
3330 continue;
3331
3332 #ifdef WIN32
3333 http->error = WSAETIMEDOUT;
3334 #else
3335 http->error = ETIMEDOUT;
3336 #endif /* WIN32 */
3337
3338 return (-1);
3339 }
3340 }
3341
3342 return (recv(http->fd, buf, size, 0));
3343 }
3344
3345
3346 /*
3347 * 'http_bio_write()' - Write data for OpenSSL.
3348 */
3349
3350 static int /* O - Bytes written */
3351 http_bio_write(BIO *h, /* I - BIO data */
3352 const char *buf, /* I - Buffer to write */
3353 int num) /* I - Number of bytes to write */
3354 {
3355 return (send(((http_t *)h->ptr)->fd, buf, num, 0));
3356 }
3357 #endif /* HAVE_SSL && HAVE_LIBSSL */
3358
3359
3360 #ifdef DEBUG
3361 /*
3362 * 'http_debug_hex()' - Do a hex dump of a buffer.
3363 */
3364
3365 static void
3366 http_debug_hex(const char *prefix, /* I - Prefix for line */
3367 const char *buffer, /* I - Buffer to dump */
3368 int bytes) /* I - Bytes to dump */
3369 {
3370 int i, j, /* Looping vars */
3371 ch; /* Current character */
3372 char line[255], /* Line buffer */
3373 *start, /* Start of line after prefix */
3374 *ptr; /* Pointer into line */
3375
3376
3377 if (_cups_debug_fd < 0 || _cups_debug_level < 6)
3378 return;
3379
3380 DEBUG_printf(("6%s: %d bytes:\n", prefix, bytes));
3381
3382 snprintf(line, sizeof(line), "6%s: ", prefix);
3383 start = line + strlen(line);
3384
3385 for (i = 0; i < bytes; i += 16)
3386 {
3387 for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
3388 sprintf(ptr, "%02X", buffer[i + j] & 255);
3389
3390 while (j < 16)
3391 {
3392 strcpy(ptr, " ");
3393 ptr += 2;
3394 j ++;
3395 }
3396
3397 strcpy(ptr, " ");
3398 ptr += 2;
3399
3400 for (j = 0; j < 16 && (i + j) < bytes; j ++)
3401 {
3402 ch = buffer[i + j] & 255;
3403
3404 if (ch < ' ' || ch >= 127)
3405 ch = '.';
3406
3407 *ptr++ = ch;
3408 }
3409
3410 *ptr = '\0';
3411 DEBUG_puts(line);
3412 }
3413 }
3414 #endif /* DEBUG */
3415
3416
3417 /*
3418 * 'http_field()' - Return the field index for a field name.
3419 */
3420
3421 static http_field_t /* O - Field index */
3422 http_field(const char *name) /* I - String name */
3423 {
3424 int i; /* Looping var */
3425
3426
3427 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3428 if (_cups_strcasecmp(name, http_fields[i]) == 0)
3429 return ((http_field_t)i);
3430
3431 return (HTTP_FIELD_UNKNOWN);
3432 }
3433
3434
3435 #ifdef HAVE_SSL
3436 /*
3437 * 'http_read_ssl()' - Read from a SSL/TLS connection.
3438 */
3439
3440 static int /* O - Bytes read */
3441 http_read_ssl(http_t *http, /* I - Connection to server */
3442 char *buf, /* I - Buffer to store data */
3443 int len) /* I - Length of buffer */
3444 {
3445 # if defined(HAVE_LIBSSL)
3446 return (SSL_read((SSL *)(http->tls), buf, len));
3447
3448 # elif defined(HAVE_GNUTLS)
3449 ssize_t result; /* Return value */
3450
3451
3452 result = gnutls_record_recv(http->tls, buf, len);
3453
3454 if (result < 0 && !errno)
3455 {
3456 /*
3457 * Convert GNU TLS error to errno value...
3458 */
3459
3460 switch (result)
3461 {
3462 case GNUTLS_E_INTERRUPTED :
3463 errno = EINTR;
3464 break;
3465
3466 case GNUTLS_E_AGAIN :
3467 errno = EAGAIN;
3468 break;
3469
3470 default :
3471 errno = EPIPE;
3472 break;
3473 }
3474
3475 result = -1;
3476 }
3477
3478 return ((int)result);
3479
3480 # elif defined(HAVE_CDSASSL)
3481 int result; /* Return value */
3482 OSStatus error; /* Error info */
3483 size_t processed; /* Number of bytes processed */
3484
3485
3486 error = SSLRead(http->tls, buf, len, &processed);
3487
3488 switch (error)
3489 {
3490 case 0 :
3491 result = (int)processed;
3492 break;
3493
3494 case errSSLWouldBlock :
3495 if (processed)
3496 result = (int)processed;
3497 else
3498 {
3499 result = -1;
3500 errno = EINTR;
3501 }
3502 break;
3503
3504 case errSSLClosedGraceful :
3505 default :
3506 if (processed)
3507 result = (int)processed;
3508 else
3509 {
3510 result = -1;
3511 errno = EPIPE;
3512 }
3513 break;
3514 }
3515
3516 return (result);
3517 # elif defined(HAVE_SSPISSL)
3518 return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
3519 # endif /* HAVE_LIBSSL */
3520 }
3521 #endif /* HAVE_SSL */
3522
3523
3524 /*
3525 * 'http_send()' - Send a request with all fields and the trailing blank line.
3526 */
3527
3528 static int /* O - 0 on success, non-zero on error */
3529 http_send(http_t *http, /* I - Connection to server */
3530 http_state_t request, /* I - Request code */
3531 const char *uri) /* I - URI */
3532 {
3533 int i; /* Looping var */
3534 char buf[1024]; /* Encoded URI buffer */
3535 static const char * const codes[] =
3536 { /* Request code strings */
3537 NULL,
3538 "OPTIONS",
3539 "GET",
3540 NULL,
3541 "HEAD",
3542 "POST",
3543 NULL,
3544 NULL,
3545 "PUT",
3546 NULL,
3547 "DELETE",
3548 "TRACE",
3549 "CLOSE"
3550 };
3551
3552
3553 DEBUG_printf(("7http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
3554 http, codes[request], uri));
3555
3556 if (http == NULL || uri == NULL)
3557 return (-1);
3558
3559 /*
3560 * Set the User-Agent field if it isn't already...
3561 */
3562
3563 if (!http->fields[HTTP_FIELD_USER_AGENT][0])
3564 httpSetField(http, HTTP_FIELD_USER_AGENT, CUPS_MINIMAL);
3565
3566 /*
3567 * Encode the URI as needed...
3568 */
3569
3570 _httpEncodeURI(buf, uri, sizeof(buf));
3571
3572 /*
3573 * See if we had an error the last time around; if so, reconnect...
3574 */
3575
3576 if (http->status == HTTP_ERROR || http->status >= HTTP_BAD_REQUEST)
3577 if (httpReconnect(http))
3578 return (-1);
3579
3580 /*
3581 * Flush any written data that is pending...
3582 */
3583
3584 if (http->wused)
3585 {
3586 if (httpFlushWrite(http) < 0)
3587 if (httpReconnect(http))
3588 return (-1);
3589 }
3590
3591 /*
3592 * Send the request header...
3593 */
3594
3595 http->state = request;
3596 http->data_encoding = HTTP_ENCODE_FIELDS;
3597
3598 if (request == HTTP_POST || request == HTTP_PUT)
3599 http->state ++;
3600
3601 http->status = HTTP_CONTINUE;
3602
3603 #ifdef HAVE_SSL
3604 if (http->encryption == HTTP_ENCRYPT_REQUIRED && !http->tls)
3605 {
3606 httpSetField(http, HTTP_FIELD_CONNECTION, "Upgrade");
3607 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0,SSL/2.0,SSL/3.0");
3608 }
3609 #endif /* HAVE_SSL */
3610
3611 if (httpPrintf(http, "%s %s HTTP/1.1\r\n", codes[request], buf) < 1)
3612 {
3613 http->status = HTTP_ERROR;
3614 return (-1);
3615 }
3616
3617 for (i = 0; i < HTTP_FIELD_MAX; i ++)
3618 if (http->fields[i][0] != '\0')
3619 {
3620 DEBUG_printf(("9http_send: %s: %s", http_fields[i],
3621 httpGetField(http, i)));
3622
3623 if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
3624 httpGetField(http, i)) < 1)
3625 {
3626 http->status = HTTP_ERROR;
3627 return (-1);
3628 }
3629 }
3630
3631 if (http->cookie)
3632 if (httpPrintf(http, "Cookie: $Version=0; %s\r\n", http->cookie) < 1)
3633 {
3634 http->status = HTTP_ERROR;
3635 return (-1);
3636 }
3637
3638 if (http->expect == HTTP_CONTINUE &&
3639 (http->state == HTTP_POST_RECV || http->state == HTTP_PUT_RECV))
3640 if (httpPrintf(http, "Expect: 100-continue\r\n") < 1)
3641 {
3642 http->status = HTTP_ERROR;
3643 return (-1);
3644 }
3645
3646 if (httpPrintf(http, "\r\n") < 1)
3647 {
3648 http->status = HTTP_ERROR;
3649 return (-1);
3650 }
3651
3652 if (httpFlushWrite(http) < 0)
3653 return (-1);
3654
3655 httpGetLength2(http);
3656 httpClearFields(http);
3657
3658 /*
3659 * The Kerberos and AuthRef authentication strings can only be used once...
3660 */
3661
3662 if (http->field_authorization && http->authstring &&
3663 (!strncmp(http->authstring, "Negotiate", 9) ||
3664 !strncmp(http->authstring, "AuthRef", 7)))
3665 {
3666 http->_authstring[0] = '\0';
3667
3668 if (http->authstring != http->_authstring)
3669 free(http->authstring);
3670
3671 http->authstring = http->_authstring;
3672 }
3673
3674 return (0);
3675 }
3676
3677
3678 #ifdef HAVE_SSL
3679 # if defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
3680 /*
3681 * 'http_set_credentials()' - Set the SSL/TLS credentials.
3682 */
3683
3684 static int /* O - Status of connection */
3685 http_set_credentials(http_t *http) /* I - Connection to server */
3686 {
3687 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
3688 OSStatus error = 0; /* Error code */
3689 http_tls_credentials_t credentials = NULL;
3690 /* TLS credentials */
3691
3692
3693 DEBUG_printf(("7http_set_credentials(%p)", http));
3694
3695 /*
3696 * Prefer connection specific credentials...
3697 */
3698
3699 if ((credentials = http->tls_credentials) == NULL)
3700 credentials = cg->tls_credentials;
3701
3702 # if HAVE_SECPOLICYCREATESSL
3703 /*
3704 * Otherwise root around in the user's keychain to see if one can be found...
3705 */
3706
3707 if (!credentials)
3708 {
3709 CFDictionaryRef query; /* Query dictionary */
3710 CFTypeRef matches = NULL; /* Matching credentials */
3711 CFArrayRef dn_array = NULL;/* Distinguished names array */
3712 CFTypeRef keys[] = { kSecClass,
3713 kSecMatchLimit,
3714 kSecReturnRef };
3715 /* Keys for dictionary */
3716 CFTypeRef values[] = { kSecClassCertificate,
3717 kSecMatchLimitOne,
3718 kCFBooleanTrue };
3719 /* Values for dictionary */
3720
3721 /*
3722 * Get the names associated with the server.
3723 */
3724
3725 if ((error = SSLCopyDistinguishedNames(http->tls, &dn_array)) != noErr)
3726 {
3727 DEBUG_printf(("4http_set_credentials: SSLCopyDistinguishedNames, error=%d",
3728 (int)error));
3729 return (error);
3730 }
3731
3732 /*
3733 * Create a query which will return all identities that can sign and match
3734 * the passed in policy.
3735 */
3736
3737 query = CFDictionaryCreate(NULL,
3738 (const void**)(&keys[0]),
3739 (const void**)(&values[0]),
3740 sizeof(keys) / sizeof(keys[0]),
3741 &kCFTypeDictionaryKeyCallBacks,
3742 &kCFTypeDictionaryValueCallBacks);
3743 if (query)
3744 {
3745 error = SecItemCopyMatching(query, &matches);
3746 DEBUG_printf(("4http_set_credentials: SecItemCopyMatching, error=%d",
3747 (int)error));
3748 CFRelease(query);
3749 }
3750
3751 if (matches)
3752 CFRelease(matches);
3753
3754 if (dn_array)
3755 CFRelease(dn_array);
3756 }
3757 # endif /* HAVE_SECPOLICYCREATESSL */
3758
3759 if (credentials)
3760 {
3761 error = SSLSetCertificate(http->tls, credentials);
3762 DEBUG_printf(("4http_set_credentials: SSLSetCertificate, error=%d",
3763 (int)error));
3764 }
3765 else
3766 DEBUG_puts("4http_set_credentials: No credentials to set.");
3767
3768 return (error);
3769 }
3770 # endif /* HAVE_CDSASSL && HAVE_SECCERTIFICATECOPYDATA */
3771
3772
3773 /*
3774 * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
3775 */
3776
3777 static int /* O - 0 on success, -1 on failure */
3778 http_setup_ssl(http_t *http) /* I - Connection to server */
3779 {
3780 _cups_globals_t *cg = _cupsGlobals();
3781 /* Pointer to library globals */
3782 int any_root; /* Allow any root */
3783
3784 # ifdef HAVE_LIBSSL
3785 SSL_CTX *context; /* Context for encryption */
3786 BIO *bio; /* BIO data */
3787 const char *message = NULL;/* Error message */
3788 # elif defined(HAVE_GNUTLS)
3789 int status; /* Status of handshake */
3790 gnutls_certificate_client_credentials *credentials;
3791 /* TLS credentials */
3792 # elif defined(HAVE_CDSASSL)
3793 OSStatus error; /* Error code */
3794 char *hostname; /* Hostname */
3795 const char *message = NULL;/* Error message */
3796 # ifdef HAVE_SECCERTIFICATECOPYDATA
3797 cups_array_t *credentials; /* Credentials array */
3798 cups_array_t *names; /* CUPS distinguished names */
3799 CFArrayRef dn_array; /* CF distinguished names array */
3800 CFIndex count; /* Number of credentials */
3801 CFDataRef data; /* Certificate data */
3802 int i; /* Looping var */
3803 http_credential_t *credential; /* Credential data */
3804 # endif /* HAVE_SECCERTIFICATECOPYDATA */
3805 # elif defined(HAVE_SSPISSL)
3806 TCHAR username[256]; /* Username returned from GetUserName() */
3807 TCHAR commonName[256];/* Common name for certificate */
3808 DWORD dwSize; /* 32 bit size */
3809 # endif /* HAVE_LIBSSL */
3810
3811
3812 DEBUG_printf(("7http_setup_ssl(http=%p)", http));
3813
3814 /*
3815 * Always allow self-signed certificates for the local loopback address...
3816 */
3817
3818 if (httpAddrLocalhost(http->hostaddr))
3819 any_root = 1;
3820 else
3821 any_root = cg->any_root;
3822
3823 # ifdef HAVE_LIBSSL
3824 (void)any_root;
3825
3826 context = SSL_CTX_new(SSLv23_client_method());
3827
3828 SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
3829
3830 bio = BIO_new(_httpBIOMethods());
3831 BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
3832
3833 http->tls = SSL_new(context);
3834 SSL_set_bio(http->tls, bio, bio);
3835
3836 if (SSL_connect(http->tls) != 1)
3837 {
3838 unsigned long error; /* Error code */
3839
3840 while ((error = ERR_get_error()) != 0)
3841 {
3842 message = ERR_error_string(error, NULL);
3843 DEBUG_printf(("8http_setup_ssl: %s", message));
3844 }
3845
3846 SSL_CTX_free(context);
3847 SSL_free(http->tls);
3848 http->tls = NULL;
3849
3850 # ifdef WIN32
3851 http->error = WSAGetLastError();
3852 # else
3853 http->error = errno;
3854 # endif /* WIN32 */
3855 http->status = HTTP_ERROR;
3856
3857 if (!message)
3858 message = _("Unable to establish a secure connection to host.");
3859
3860 _cupsSetError(IPP_PKI_ERROR, message, 1);
3861
3862 return (-1);
3863 }
3864
3865 # elif defined(HAVE_GNUTLS)
3866 credentials = (gnutls_certificate_client_credentials *)
3867 malloc(sizeof(gnutls_certificate_client_credentials));
3868 if (credentials == NULL)
3869 {
3870 DEBUG_printf(("8http_setup_ssl: Unable to allocate credentials: %s",
3871 strerror(errno)));
3872 http->error = errno;
3873 http->status = HTTP_ERROR;
3874 _cupsSetHTTPError(HTTP_ERROR);
3875
3876 return (-1);
3877 }
3878
3879 gnutls_certificate_allocate_credentials(credentials);
3880
3881 gnutls_init(&http->tls, GNUTLS_CLIENT);
3882 gnutls_set_default_priority(http->tls);
3883 gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, http->hostname, strlen(http->hostname));
3884 gnutls_credentials_set(http->tls, GNUTLS_CRD_CERTIFICATE, *credentials);
3885 gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr)http);
3886 gnutls_transport_set_pull_function(http->tls, _httpReadGNUTLS);
3887 gnutls_transport_set_push_function(http->tls, _httpWriteGNUTLS);
3888
3889 while ((status = gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
3890 {
3891 DEBUG_printf(("8http_setup_ssl: gnutls_handshake returned %d (%s)",
3892 status, gnutls_strerror(status)));
3893
3894 if (gnutls_error_is_fatal(status))
3895 {
3896 http->error = EIO;
3897 http->status = HTTP_ERROR;
3898
3899 _cupsSetError(IPP_PKI_ERROR, gnutls_strerror(status), 0);
3900
3901 gnutls_deinit(http->tls);
3902 gnutls_certificate_free_credentials(*credentials);
3903 free(credentials);
3904 http->tls = NULL;
3905
3906 return (-1);
3907 }
3908 }
3909
3910 http->tls_credentials = credentials;
3911
3912 # elif defined(HAVE_CDSASSL)
3913 if ((error = SSLNewContext(false, &http->tls)))
3914 {
3915 http->error = errno;
3916 http->status = HTTP_ERROR;
3917 _cupsSetHTTPError(HTTP_ERROR);
3918
3919 return (-1);
3920 }
3921
3922 error = SSLSetConnection(http->tls, http);
3923 DEBUG_printf(("4http_setup_ssl: SSLSetConnection, error=%d", (int)error));
3924
3925 if (!error)
3926 {
3927 error = SSLSetIOFuncs(http->tls, _httpReadCDSA, _httpWriteCDSA);
3928 DEBUG_printf(("4http_setup_ssl: SSLSetIOFuncs, error=%d", (int)error));
3929 }
3930
3931 if (!error)
3932 {
3933 error = SSLSetAllowsAnyRoot(http->tls, any_root);
3934 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsAnyRoot(%d), error=%d",
3935 any_root, (int)error));
3936 }
3937
3938 if (!error)
3939 {
3940 error = SSLSetAllowsExpiredCerts(http->tls, cg->expired_certs);
3941 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredCerts(%d), error=%d",
3942 cg->expired_certs, (int)error));
3943 }
3944
3945 if (!error)
3946 {
3947 error = SSLSetAllowsExpiredRoots(http->tls, cg->expired_root);
3948 DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredRoots(%d), error=%d",
3949 cg->expired_root, (int)error));
3950 }
3951
3952 # ifdef HAVE_SSLSETPROTOCOLVERSIONMAX
3953 if (!error)
3954 {
3955 error = SSLSetProtocolVersionMax(http->tls, kTLSProtocol1);
3956 DEBUG_printf(("4http_setup_ssl: SSLSetProtocolVersionMax(kTLSProtocol1), "
3957 "error=%d", (int)error));
3958 }
3959 # endif /* HAVE_SSLSETPROTOCOLVERSIONMAX */
3960
3961 # ifdef HAVE_SECCERTIFICATECOPYDATA
3962 if (!error)
3963 {
3964 if (cg->client_cert_cb)
3965 {
3966 error = SSLSetSessionOption(http->tls,
3967 kSSLSessionOptionBreakOnCertRequested, true);
3968 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnCertRequested, "
3969 "error=%d", (int)error));
3970 }
3971 else
3972 {
3973 error = http_set_credentials(http);
3974 DEBUG_printf(("4http_setup_ssl: http_set_credentials, error=%d",
3975 (int)error));
3976 }
3977 }
3978
3979 /*
3980 * If there's a server certificate callback installed let it evaluate the
3981 * certificate(s) during the handshake...
3982 */
3983
3984 if (!error && cg->server_cert_cb != NULL)
3985 {
3986 error = SSLSetEnableCertVerify(http->tls, false);
3987 DEBUG_printf(("4http_setup_ssl: SSLSetEnableCertVerify, error=%d",
3988 (int)error));
3989
3990 if (!error)
3991 {
3992 error = SSLSetSessionOption(http->tls,
3993 kSSLSessionOptionBreakOnServerAuth, true);
3994 DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnServerAuth, "
3995 "error=%d", (int)error));
3996 }
3997 }
3998 # endif /* HAVE_SECCERTIFICATECOPYDATA */
3999
4000 if (!error)
4001 {
4002 hostname = httpAddrLocalhost(http->hostaddr) ? "localhost" : http->hostname;
4003 error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
4004
4005 DEBUG_printf(("4http_setup_ssl: SSLSetPeerDomainName, error=%d",
4006 (int)error));
4007 }
4008
4009 if (!error)
4010 {
4011 int done = 0; /* Are we done yet? */
4012
4013 while (!error && !done)
4014 {
4015 error = SSLHandshake(http->tls);
4016
4017 DEBUG_printf(("4_httpWait: SSLHandshake returned %d.", (int)error));
4018
4019 switch (error)
4020 {
4021 case noErr :
4022 done = 1;
4023 break;
4024
4025 case errSSLWouldBlock :
4026 usleep(1000);
4027 break;
4028
4029 # ifdef HAVE_SECCERTIFICATECOPYDATA
4030 case errSSLServerAuthCompleted :
4031 error = 0;
4032 if (cg->server_cert_cb)
4033 {
4034 error = httpCopyCredentials(http, &credentials);
4035 if (!error)
4036 {
4037 error = (cg->server_cert_cb)(http, http->tls, credentials,
4038 cg->server_cert_data);
4039 httpFreeCredentials(credentials);
4040 }
4041
4042 DEBUG_printf(("4_httpWait: Server certificate callback returned "
4043 "%d.", (int)error));
4044 }
4045 break;
4046
4047 case errSSLClientCertRequested :
4048 error = 0;
4049
4050 if (cg->client_cert_cb)
4051 {
4052 names = NULL;
4053 if (!(error = SSLCopyDistinguishedNames(http->tls, &dn_array)) &&
4054 dn_array)
4055 {
4056 if ((names = cupsArrayNew(NULL, NULL)) != NULL)
4057 {
4058 for (i = 0, count = CFArrayGetCount(dn_array); i < count; i++)
4059 {
4060 data = (CFDataRef)CFArrayGetValueAtIndex(dn_array, i);
4061
4062 if ((credential = malloc(sizeof(*credential))))
4063 {
4064 credential->datalen = CFDataGetLength(data);
4065 if ((credential->data = malloc(credential->datalen)))
4066 {
4067 memcpy((void *)credential->data, CFDataGetBytePtr(data),
4068 credential->datalen);
4069 cupsArrayAdd(names, credential);
4070 }
4071 }
4072 }
4073 }
4074
4075 CFRelease(dn_array);
4076 }
4077
4078 if (!error)
4079 {
4080 error = (cg->client_cert_cb)(http, http->tls, names,
4081 cg->client_cert_data);
4082
4083 DEBUG_printf(("4_httpWait: Client certificate callback "
4084 "returned %d.", (int)error));
4085 }
4086
4087 httpFreeCredentials(names);
4088 }
4089 break;
4090 # endif /* HAVE_SECCERTIFICATECOPYDATA */
4091
4092 case errSSLUnknownRootCert :
4093 message = _("Unable to establish a secure connection to host "
4094 "(untrusted certificate).");
4095 break;
4096
4097 case errSSLNoRootCert :
4098 message = _("Unable to establish a secure connection to host "
4099 "(self-signed certificate).");
4100 break;
4101
4102 case errSSLCertExpired :
4103 message = _("Unable to establish a secure connection to host "
4104 "(expired certificate).");
4105 break;
4106
4107 case errSSLCertNotYetValid :
4108 message = _("Unable to establish a secure connection to host "
4109 "(certificate not yet valid).");
4110 break;
4111
4112 case errSSLHostNameMismatch :
4113 message = _("Unable to establish a secure connection to host "
4114 "(host name mismatch).");
4115 break;
4116
4117 case errSSLXCertChainInvalid :
4118 message = _("Unable to establish a secure connection to host "
4119 "(certificate chain invalid).");
4120 break;
4121
4122 case errSSLConnectionRefused :
4123 message = _("Unable to establish a secure connection to host "
4124 "(peer dropped connection before responding).");
4125 break;
4126
4127 default :
4128 break;
4129 }
4130 }
4131 }
4132
4133 if (error)
4134 {
4135 http->error = error;
4136 http->status = HTTP_ERROR;
4137 errno = ECONNREFUSED;
4138
4139 SSLDisposeContext(http->tls);
4140 http->tls = NULL;
4141
4142 /*
4143 * If an error string wasn't set by the callbacks use a generic one...
4144 */
4145
4146 if (!message)
4147 #ifdef HAVE_CSSMERRORSTRING
4148 message = cssmErrorString(error);
4149 #else
4150 message = _("Unable to establish a secure connection to host.");
4151 #endif /* HAVE_CSSMERRORSTRING */
4152
4153 _cupsSetError(IPP_PKI_ERROR, message, 1);
4154
4155 return (-1);
4156 }
4157
4158 # elif defined(HAVE_SSPISSL)
4159 http->tls = _sspiAlloc();
4160
4161 if (!http->tls)
4162 {
4163 return (-1);
4164
4165 http->tls->sock = http->fd;
4166 dwSize = sizeof(username) / sizeof(TCHAR);
4167 GetUserName(username, &dwSize);
4168 _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
4169 sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
4170
4171 if (!_sspiGetCredentials(http->tls_credentials, L"ClientContainer",
4172 commonName, FALSE))
4173 {
4174 _sspiFree(http->tls_credentials);
4175 http->tls_credentials = NULL;
4176
4177 http->error = EIO;
4178 http->status = HTTP_ERROR;
4179
4180 _cupsSetError(IPP_PKI_ERROR,
4181 _("Unable to establish a secure connection to host."), 1);
4182
4183 return (-1);
4184 }
4185
4186 _sspiSetAllowsAnyRoot(http->tls_credentials, TRUE);
4187 _sspiSetAllowsExpiredCerts(http->tls_credentials, TRUE);
4188
4189 if (!_sspiConnect(http->tls_credentials, http->hostname))
4190 {
4191 _sspiFree(http->tls_credentials);
4192 http->tls_credentials = NULL;
4193
4194 http->error = EIO;
4195 http->status = HTTP_ERROR;
4196
4197 _cupsSetError(IPP_PKI_ERROR,
4198 _("Unable to establish a secure connection to host."), 1);
4199
4200 return (-1);
4201 }
4202 # endif /* HAVE_CDSASSL */
4203
4204 return (0);
4205 }
4206 #endif /* HAVE_SSL */
4207
4208
4209 #ifdef HAVE_SSL
4210 /*
4211 * 'http_shutdown_ssl()' - Shut down SSL/TLS on a connection.
4212 */
4213
4214 static void
4215 http_shutdown_ssl(http_t *http) /* I - Connection to server */
4216 {
4217 # ifdef HAVE_LIBSSL
4218 SSL_CTX *context; /* Context for encryption */
4219
4220 context = SSL_get_SSL_CTX(http->tls);
4221
4222 SSL_shutdown(http->tls);
4223 SSL_CTX_free(context);
4224 SSL_free(http->tls);
4225
4226 # elif defined(HAVE_GNUTLS)
4227 gnutls_certificate_client_credentials *credentials;
4228 /* TLS credentials */
4229
4230 credentials = (gnutls_certificate_client_credentials *)(http->tls_credentials);
4231
4232 gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
4233 gnutls_deinit(http->tls);
4234 gnutls_certificate_free_credentials(*credentials);
4235 free(credentials);
4236
4237 # elif defined(HAVE_CDSASSL)
4238 while (SSLClose(http->tls) == errSSLWouldBlock)
4239 usleep(1000);
4240
4241 SSLDisposeContext(http->tls);
4242
4243 if (http->tls_credentials)
4244 CFRelease(http->tls_credentials);
4245
4246 # elif defined(HAVE_SSPISSL)
4247 _sspiFree(http->tls_credentials);
4248 # endif /* HAVE_LIBSSL */
4249
4250 http->tls = NULL;
4251 http->tls_credentials = NULL;
4252 }
4253 #endif /* HAVE_SSL */
4254
4255
4256 #ifdef HAVE_SSL
4257 /*
4258 * 'http_upgrade()' - Force upgrade to TLS encryption.
4259 */
4260
4261 static int /* O - Status of connection */
4262 http_upgrade(http_t *http) /* I - Connection to server */
4263 {
4264 int ret; /* Return value */
4265 http_t myhttp; /* Local copy of HTTP data */
4266
4267
4268 DEBUG_printf(("7http_upgrade(%p)", http));
4269
4270 /*
4271 * Flush the connection to make sure any previous "Upgrade" message
4272 * has been read.
4273 */
4274
4275 httpFlush(http);
4276
4277 /*
4278 * Copy the HTTP data to a local variable so we can do the OPTIONS
4279 * request without interfering with the existing request data...
4280 */
4281
4282 memcpy(&myhttp, http, sizeof(myhttp));
4283
4284 /*
4285 * Send an OPTIONS request to the server, requiring SSL or TLS
4286 * encryption on the link...
4287 */
4288
4289 http->field_authorization = NULL; /* Don't free the auth string */
4290
4291 httpClearFields(http);
4292 httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
4293 httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0, SSL/3.0");
4294
4295 if ((ret = httpOptions(http, "*")) == 0)
4296 {
4297 /*
4298 * Wait for the secure connection...
4299 */
4300
4301 while (httpUpdate(http) == HTTP_CONTINUE);
4302 }
4303
4304 /*
4305 * Restore the HTTP request data...
4306 */
4307
4308 memcpy(http->fields, myhttp.fields, sizeof(http->fields));
4309 http->data_encoding = myhttp.data_encoding;
4310 http->data_remaining = myhttp.data_remaining;
4311 http->_data_remaining = myhttp._data_remaining;
4312 http->expect = myhttp.expect;
4313 http->field_authorization = myhttp.field_authorization;
4314 http->digest_tries = myhttp.digest_tries;
4315
4316 /*
4317 * See if we actually went secure...
4318 */
4319
4320 if (!http->tls)
4321 {
4322 /*
4323 * Server does not support HTTP upgrade...
4324 */
4325
4326 DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
4327
4328 # ifdef WIN32
4329 closesocket(http->fd);
4330 # else
4331 close(http->fd);
4332 # endif
4333
4334 http->fd = -1;
4335
4336 return (-1);
4337 }
4338 else
4339 return (ret);
4340 }
4341 #endif /* HAVE_SSL */
4342
4343
4344 /*
4345 * 'http_write()' - Write a buffer to a HTTP connection.
4346 */
4347
4348 static int /* O - Number of bytes written */
4349 http_write(http_t *http, /* I - Connection to server */
4350 const char *buffer, /* I - Buffer for data */
4351 int length) /* I - Number of bytes to write */
4352 {
4353 int tbytes, /* Total bytes sent */
4354 bytes; /* Bytes sent */
4355
4356
4357 DEBUG_printf(("2http_write(http=%p, buffer=%p, length=%d)", http, buffer,
4358 length));
4359 http->error = 0;
4360 tbytes = 0;
4361
4362 while (length > 0)
4363 {
4364 #ifdef HAVE_SSL
4365 if (http->tls)
4366 bytes = http_write_ssl(http, buffer, length);
4367 else
4368 #endif /* HAVE_SSL */
4369 bytes = send(http->fd, buffer, length, 0);
4370
4371 if (bytes < 0)
4372 {
4373 #ifdef WIN32
4374 if (WSAGetLastError() == WSAEINTR)
4375 continue;
4376 else if (WSAGetLastError() == WSAEWOULDBLOCK)
4377 {
4378 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
4379 continue;
4380
4381 http->error = WSAGetLastError();
4382 }
4383 else if (WSAGetLastError() != http->error &&
4384 WSAGetLastError() != WSAECONNRESET)
4385 {
4386 http->error = WSAGetLastError();
4387 continue;
4388 }
4389
4390 #else
4391 if (errno == EINTR)
4392 continue;
4393 else if (errno == EWOULDBLOCK || errno == EAGAIN)
4394 {
4395 if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
4396 continue;
4397 else if (!http->timeout_cb && errno == EAGAIN)
4398 continue;
4399
4400 http->error = errno;
4401 }
4402 else if (errno != http->error && errno != ECONNRESET)
4403 {
4404 http->error = errno;
4405 continue;
4406 }
4407 #endif /* WIN32 */
4408
4409 DEBUG_printf(("3http_write: error writing data (%s).",
4410 strerror(http->error)));
4411
4412 return (-1);
4413 }
4414
4415 buffer += bytes;
4416 tbytes += bytes;
4417 length -= bytes;
4418 }
4419
4420 #ifdef DEBUG
4421 http_debug_hex("http_write", buffer - tbytes, tbytes);
4422 #endif /* DEBUG */
4423
4424 DEBUG_printf(("3http_write: Returning %d.", tbytes));
4425
4426 return (tbytes);
4427 }
4428
4429
4430 /*
4431 * 'http_write_chunk()' - Write a chunked buffer.
4432 */
4433
4434 static int /* O - Number bytes written */
4435 http_write_chunk(http_t *http, /* I - Connection to server */
4436 const char *buffer, /* I - Buffer to write */
4437 int length) /* I - Length of buffer */
4438 {
4439 char header[255]; /* Chunk header */
4440 int bytes; /* Bytes written */
4441
4442
4443 DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=%d)",
4444 http, buffer, length));
4445
4446 /*
4447 * Write the chunk header, data, and trailer.
4448 */
4449
4450 sprintf(header, "%x\r\n", length);
4451 if (http_write(http, header, (int)strlen(header)) < 0)
4452 {
4453 DEBUG_puts("8http_write_chunk: http_write of length failed!");
4454 return (-1);
4455 }
4456
4457 if ((bytes = http_write(http, buffer, length)) < 0)
4458 {
4459 DEBUG_puts("8http_write_chunk: http_write of buffer failed!");
4460 return (-1);
4461 }
4462
4463 if (http_write(http, "\r\n", 2) < 0)
4464 {
4465 DEBUG_puts("8http_write_chunk: http_write of CR LF failed!");
4466 return (-1);
4467 }
4468
4469 return (bytes);
4470 }
4471
4472
4473 #ifdef HAVE_SSL
4474 /*
4475 * 'http_write_ssl()' - Write to a SSL/TLS connection.
4476 */
4477
4478 static int /* O - Bytes written */
4479 http_write_ssl(http_t *http, /* I - Connection to server */
4480 const char *buf, /* I - Buffer holding data */
4481 int len) /* I - Length of buffer */
4482 {
4483 ssize_t result; /* Return value */
4484
4485
4486 DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
4487
4488 # if defined(HAVE_LIBSSL)
4489 result = SSL_write((SSL *)(http->tls), buf, len);
4490
4491 # elif defined(HAVE_GNUTLS)
4492 result = gnutls_record_send(http->tls, buf, len);
4493
4494 if (result < 0 && !errno)
4495 {
4496 /*
4497 * Convert GNU TLS error to errno value...
4498 */
4499
4500 switch (result)
4501 {
4502 case GNUTLS_E_INTERRUPTED :
4503 errno = EINTR;
4504 break;
4505
4506 case GNUTLS_E_AGAIN :
4507 errno = EAGAIN;
4508 break;
4509
4510 default :
4511 errno = EPIPE;
4512 break;
4513 }
4514
4515 result = -1;
4516 }
4517
4518 # elif defined(HAVE_CDSASSL)
4519 OSStatus error; /* Error info */
4520 size_t processed; /* Number of bytes processed */
4521
4522
4523 error = SSLWrite(http->tls, buf, len, &processed);
4524
4525 switch (error)
4526 {
4527 case 0 :
4528 result = (int)processed;
4529 break;
4530
4531 case errSSLWouldBlock :
4532 if (processed)
4533 result = (int)processed;
4534 else
4535 {
4536 result = -1;
4537 errno = EINTR;
4538 }
4539 break;
4540
4541 case errSSLClosedGraceful :
4542 default :
4543 if (processed)
4544 result = (int)processed;
4545 else
4546 {
4547 result = -1;
4548 errno = EPIPE;
4549 }
4550 break;
4551 }
4552 # elif defined(HAVE_SSPISSL)
4553 return _sspiWrite((_sspi_struct_t *)http->tls, (void *)buf, len);
4554 # endif /* HAVE_LIBSSL */
4555
4556 DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
4557
4558 return ((int)result);
4559 }
4560 #endif /* HAVE_SSL */
4561
4562
4563 /*
4564 * End of "$Id: http.c 7850 2008-08-20 00:07:25Z mike $".
4565 */
Unnamed repository; edit this file 'description' to name the repository.