/*
* HTTP support routines for CUPS.
*
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2019 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Apple Inc. and are protected by Federal copyright
- * law. Distribution and use rights are outlined in the file "LICENSE.txt"
- * which should have been included with this file. If this file is
- * missing or damaged, see the license at "http://www.cups.org/".
- *
- * This file is subject to the Apple OS-Developed Software exception.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
*/
/*
*/
#include "cups-private.h"
+#include "debug-internal.h"
#ifdef HAVE_DNSSD
# include <dns_sd.h>
-# ifdef WIN32
+# ifdef _WIN32
# include <io.h>
# elif defined(HAVE_POLL)
# include <poll.h>
# else
# include <sys/select.h>
-# endif /* WIN32 */
+# endif /* _WIN32 */
#elif defined(HAVE_AVAHI)
# include <avahi-client/client.h>
# include <avahi-client/lookup.h>
size_t bufsize) /* I - Size of buffer */
{
char data[1024]; /* Source string for MD5 */
- _cups_md5_state_t md5state; /* MD5 state */
unsigned char md5sum[16]; /* MD5 digest/sum */
port, name ? name : server, number,
(unsigned)CUPS_RAND() & 0xffff, (unsigned)CUPS_RAND() & 0xffff);
- _cupsMD5Init(&md5state);
- _cupsMD5Append(&md5state, (unsigned char *)data, (int)strlen(data));
- _cupsMD5Finish(&md5state, md5sum);
+ cupsHashData("md5", (unsigned char *)data, strlen(data), md5sum, sizeof(md5sum));
/*
* Generate the UUID from the MD5...
/*
* 'httpDecode64_2()' - Base64-decode a string.
*
+ * The caller must initialize "outlen" to the maximum size of the decoded
+ * string before calling @code httpDecode64_2@. On return "outlen" contains the
+ * decoded length of the string.
+ *
* @since CUPS 1.1.21/macOS 10.4@
*/
char * /* O - Encoded string */
httpEncode64_2(char *out, /* I - String to write to */
- int outlen, /* I - Size of output string */
+ int outlen, /* I - Maximum size of output string */
const char *in, /* I - String to read from */
int inlen) /* I - Size of input string */
{
*/
const char * /* O - Date/time string */
-httpGetDateString(time_t t) /* I - UNIX time */
+httpGetDateString(time_t t) /* I - Time in seconds */
{
_cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
*/
const char * /* O - Date/time string */
-httpGetDateString2(time_t t, /* I - UNIX time */
+httpGetDateString2(time_t t, /* I - Time in seconds */
char *s, /* I - String buffer */
int slen) /* I - Size of string buffer */
{
- struct tm *tdate; /* UNIX date/time data */
+ struct tm tdate; /* UNIX date/time data */
- tdate = gmtime(&t);
- if (tdate)
- snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate->tm_wday], tdate->tm_mday, http_months[tdate->tm_mon], tdate->tm_year + 1900, tdate->tm_hour, tdate->tm_min, tdate->tm_sec);
- else
- s[0] = '\0';
+ gmtime_r(&t, &tdate);
+
+ snprintf(s, (size_t)slen, "%s, %02d %s %d %02d:%02d:%02d GMT", http_days[tdate.tm_wday], tdate.tm_mday, http_months[tdate.tm_mon], tdate.tm_year + 1900, tdate.tm_hour, tdate.tm_min, tdate.tm_sec);
return (s);
}
* 'httpGetDateTime()' - Get a time value from a formatted date/time string.
*/
-time_t /* O - UNIX time */
+time_t /* O - Time in seconds */
httpGetDateTime(const char *s) /* I - Date/time string */
{
int i; /* Looping var */
DEBUG_printf(("4httpGetDateTime: day=%d, mon=\"%s\", year=%d, hour=%d, "
"min=%d, sec=%d", day, mon, year, hour, min, sec));
+ /*
+ * Check for invalid year (RFC 7231 says it's 4DIGIT)
+ */
+
+ if (year > 9999)
+ return (0);
+
/*
* Convert the month name to a number from 0 to 11.
*/
*ptr = '\0';
- if (*uri != ':')
+ if (*uri != ':' || *scheme == '.' || !*scheme)
{
*scheme = '\0';
return (HTTP_URI_STATUS_BAD_SCHEME);
}
+/*
+ * '_httpSetDigestAuthString()' - Calculate a Digest authentication response
+ * using the appropriate RFC 2068/2617/7616
+ * algorithm.
+ */
+
+int /* O - 1 on success, 0 on failure */
+_httpSetDigestAuthString(
+ http_t *http, /* I - HTTP connection */
+ const char *nonce, /* I - Nonce value */
+ const char *method, /* I - HTTP method */
+ const char *resource) /* I - HTTP resource path */
+{
+ char kd[65], /* Final MD5/SHA-256 digest */
+ ha1[65], /* Hash of username:realm:password */
+ ha2[65], /* Hash of method:request-uri */
+ username[HTTP_MAX_VALUE],
+ /* username:password */
+ *password, /* Pointer to password */
+ temp[1024], /* Temporary string */
+ digest[1024]; /* Digest auth data */
+ unsigned char hash[32]; /* Hash buffer */
+ size_t hashsize; /* Size of hash */
+ _cups_globals_t *cg = _cupsGlobals(); /* Per-thread globals */
+
+
+ DEBUG_printf(("2_httpSetDigestAuthString(http=%p, nonce=\"%s\", method=\"%s\", resource=\"%s\")", (void *)http, nonce, method, resource));
+
+ if (nonce && *nonce && strcmp(nonce, http->nonce))
+ {
+ strlcpy(http->nonce, nonce, sizeof(http->nonce));
+
+ if (nonce == http->nextnonce)
+ http->nextnonce[0] = '\0';
+
+ http->nonce_count = 1;
+ }
+ else
+ http->nonce_count ++;
+
+ strlcpy(username, http->userpass, sizeof(username));
+ if ((password = strchr(username, ':')) != NULL)
+ *password++ = '\0';
+ else
+ return (0);
+
+ if (http->algorithm[0])
+ {
+ /*
+ * Follow RFC 2617/7616...
+ */
+
+ int i; /* Looping var */
+ char cnonce[65]; /* cnonce value */
+ const char *hashalg; /* Hashing algorithm */
+
+ for (i = 0; i < 64; i ++)
+ cnonce[i] = "0123456789ABCDEF"[CUPS_RAND() & 15];
+ cnonce[64] = '\0';
+
+ if (!_cups_strcasecmp(http->algorithm, "MD5"))
+ {
+ /*
+ * RFC 2617 Digest with MD5
+ */
+
+ if (cg->digestoptions == _CUPS_DIGESTOPTIONS_DENYMD5)
+ {
+ DEBUG_puts("3_httpSetDigestAuthString: MD5 Digest is disabled.");
+ return (0);
+ }
+
+ hashalg = "md5";
+ }
+ else if (!_cups_strcasecmp(http->algorithm, "SHA-256"))
+ {
+ /*
+ * RFC 7616 Digest with SHA-256
+ */
+
+ hashalg = "sha2-256";
+ }
+ else
+ {
+ /*
+ * Some other algorithm we don't support, skip this one...
+ */
+
+ return (0);
+ }
+
+ /*
+ * Calculate digest value...
+ */
+
+ /* H(A1) = H(username:realm:password) */
+ snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
+ hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, ha1, sizeof(ha1));
+
+ /* H(A2) = H(method:uri) */
+ snprintf(temp, sizeof(temp), "%s:%s", method, resource);
+ hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, ha2, sizeof(ha2));
+
+ /* KD = H(H(A1):nonce:nc:cnonce:qop:H(A2)) */
+ snprintf(temp, sizeof(temp), "%s:%s:%08x:%s:%s:%s", ha1, http->nonce, http->nonce_count, cnonce, "auth", ha2);
+ hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, kd, sizeof(kd));
+
+ /*
+ * Pass the RFC 2617/7616 WWW-Authenticate header...
+ */
+
+ if (http->opaque[0])
+ snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", algorithm=%s, qop=auth, opaque=\"%s\", cnonce=\"%s\", nc=%08x, uri=\"%s\", response=\"%s\"", cupsUser(), http->realm, http->nonce, http->algorithm, http->opaque, cnonce, http->nonce_count, resource, kd);
+ else
+ snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", algorithm=%s, qop=auth, cnonce=\"%s\", nc=%08x, uri=\"%s\", response=\"%s\"", username, http->realm, http->nonce, http->algorithm, cnonce, http->nonce_count, resource, kd);
+ }
+ else
+ {
+ /*
+ * Use old RFC 2069 Digest method...
+ */
+
+ /* H(A1) = H(username:realm:password) */
+ snprintf(temp, sizeof(temp), "%s:%s:%s", username, http->realm, password);
+ hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, ha1, sizeof(ha1));
+
+ /* H(A2) = H(method:uri) */
+ snprintf(temp, sizeof(temp), "%s:%s", method, resource);
+ hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, ha2, sizeof(ha2));
+
+ /* KD = H(H(A1):nonce:H(A2)) */
+ snprintf(temp, sizeof(temp), "%s:%s:%s", ha1, http->nonce, ha2);
+ hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
+ cupsHashString(hash, hashsize, kd, sizeof(kd));
+
+ /*
+ * Pass the old RFC 2069 WWW-Authenticate header...
+ */
+
+ snprintf(digest, sizeof(digest), "username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\"", username, http->realm, http->nonce, resource, kd);
+ }
+
+ httpSetAuthString(http, "Digest", digest);
+
+ return (1);
+}
+
+
/*
* 'httpStateString()' - Return the string describing a HTTP state value.
*
case HTTP_STATUS_MOVED_PERMANENTLY :
s = _("Moved Permanently");
break;
+ case HTTP_STATUS_FOUND :
+ s = _("Found");
+ break;
case HTTP_STATUS_SEE_OTHER :
s = _("See Other");
break;
* 'httpStatus()' - Return a short string describing a HTTP status code.
*
* The returned string is localized to the current POSIX locale and is based
- * on the status strings defined in RFC 2616.
+ * on the status strings defined in RFC 7231.
*/
const char * /* O - Localized status string */
_http_uribuf_t uribuf; /* URI buffer */
int offline = 0; /* offline-report state set? */
# ifdef HAVE_DNSSD
-# ifdef WIN32
-# pragma comment(lib, "dnssd.lib")
-# endif /* WIN32 */
DNSServiceRef ref, /* DNS-SD master service reference */
domainref = NULL,/* DNS-SD service reference for domain */
ippref = NULL, /* DNS-SD service reference for network IPP */
FD_ZERO(&input_set);
FD_SET(DNSServiceRefSockFD(ref), &input_set);
-# ifdef WIN32
+# ifdef _WIN32
stimeout.tv_sec = (long)timeout;
# else
stimeout.tv_sec = timeout;
-# endif /* WIN32 */
+# endif /* _WIN32 */
stimeout.tv_usec = 0;
fds = select(DNSServiceRefSockFD(ref)+1, &input_set, NULL, NULL,