/*
- * "$Id$"
+ * "$Id: http.c 7850 2008-08-20 00:07:25Z mike $"
*
- * HTTP routines for the Common UNIX Printing System (CUPS).
+ * HTTP routines for CUPS.
*
- * Copyright 1997-2006 by Easy Software Products, all rights reserved.
+ * Copyright 2007-2010 by Apple Inc.
+ * Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Easy Software Products and are protected by Federal
- * copyright law. Distribution and use rights are outlined in the file
- * "LICENSE.txt" which should have been included with this file. If this
- * file is missing or damaged please contact Easy Software Products
- * at:
- *
- * Attn: CUPS Licensing Information
- * Easy Software Products
- * 44141 Airport View Drive, Suite 204
- * Hollywood, Maryland 20636 USA
+ * This file contains Kerberos support code, copyright 2006 by
+ * Jelmer Vernooij.
*
- * Voice: (301) 373-9600
- * EMail: cups-info@cups.org
- * WWW: http://www.cups.org
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*
* This file is subject to the Apple OS-Developed Software exception.
*
* Contents:
*
+ * _httpBIOMethods() - Get the OpenSSL BIO methods for HTTP connections.
* httpBlocking() - Set blocking/non-blocking behavior on a connection.
- * httpCheck() - Check to see if there is a pending response from
- * the server.
+ * httpCheck() - Check to see if there is a pending response from the
+ * server.
* httpClearCookie() - Clear the cookie value(s).
* httpClearFields() - Clear HTTP request fields.
- * httpClose() - Close an HTTP connection...
+ * httpClose() - Close an HTTP connection.
* httpConnect() - Connect to a HTTP server.
* httpConnectEncrypt() - Connect to a HTTP server using encryption.
+ * _httpCreate() - Create an unconnected HTTP connection.
* httpDelete() - Send a DELETE request to the server.
+ * _httpDisconnect() - Disconnect a HTTP connection.
* httpEncryption() - Set the required encryption on the link.
* httpError() - Get the last error on a connection.
* httpFlush() - Flush data from a HTTP connection.
* httpFlushWrite() - Flush data in write buffer.
* httpGet() - Send a GET request to the server.
+ * httpGetAuthString() - Get the current authorization string.
* httpGetBlocking() - Get the blocking/non-block state of a connection.
* httpGetCookie() - Get any cookie data from the response.
* httpGetFd() - Get the file descriptor associated with a
* content-length or transfer-encoding fields.
* httpGetStatus() - Get the status of the last HTTP request.
* httpGetSubField() - Get a sub-field value.
+ * httpGetSubField2() - Get a sub-field value.
* httpGets() - Get a line of text from a HTTP connection.
* httpHead() - Send a HEAD request to the server.
* httpInitialize() - Initialize the HTTP interface library and set the
* default HTTP proxy (if any).
* httpOptions() - Send an OPTIONS request to the server.
+ * _httpPeek() - Peek at data from a HTTP connection.
* httpPost() - Send a POST request to the server.
* httpPrintf() - Print a formatted string to a HTTP connection.
* httpPut() - Send a PUT request to the server.
* httpRead() - Read data from a HTTP connection.
* httpRead2() - Read data from a HTTP connection.
- * _httpReadCDSA() - Read function for CDSA decryption code.
- * httpReconnect() - Reconnect to a HTTP server...
- * httpSetCookie() - Set the cookie value(s)...
+ * _httpReadCDSA() - Read function for the CDSA library.
+ * _httpReadGNUTLS() - Read function for the GNU TLS library.
+ * httpReconnect() - Reconnect to a HTTP server.
+ * httpSetAuthString() - Set the current authorization string.
+ * httpSetCookie() - Set the cookie value(s).
* httpSetExpect() - Set the Expect: header in a request.
* httpSetField() - Set the value of an HTTP header.
- * httpSetLength() - Set the content-length and transfer-encoding.
+ * httpSetLength() - Set the content-length and content-encoding.
* httpTrace() - Send an TRACE request to the server.
* httpUpdate() - Update the current HTTP state for incoming data.
+ * _httpWait() - Wait for data available on a connection (no flush).
* httpWait() - Wait for data available on a connection.
* httpWrite() - Write data to a HTTP connection.
* httpWrite2() - Write data to a HTTP connection.
- * _httpWriteCDSA() - Write function for CDSA encryption code.
+ * _httpWriteCDSA() - Write function for the CDSA library.
+ * _httpWriteGNUTLS() - Write function for the GNU TLS library.
+ * http_bio_ctrl() - Control the HTTP connection.
+ * http_bio_free() - Free OpenSSL data.
+ * http_bio_new() - Initialize an OpenSSL BIO structure.
+ * http_bio_puts() - Send a string for OpenSSL.
+ * http_bio_read() - Read data for OpenSSL.
+ * http_bio_write() - Write data for OpenSSL.
+ * http_debug_hex() - Do a hex dump of a buffer.
* http_field() - Return the field index for a field name.
* http_read_ssl() - Read from a SSL/TLS connection.
+ * http_locking_cb() - Lock/unlock a thread's mutex.
* http_send() - Send a request with all fields and the trailing
* blank line.
- * http_setup_ssl() - Set up SSL/TLS on a connection.
+ * http_setup_ssl() - Set up SSL/TLS support on a connection.
* http_shutdown_ssl() - Shut down SSL/TLS on a connection.
+ * http_threadid_cb() - Return the current thread ID.
* http_upgrade() - Force upgrade to TLS encryption.
- * http_wait() - Wait for data available on a connection.
- * http_write() - Write data to a connection.
+ * http_write() - Write a buffer to a HTTP connection.
+ * http_write_chunk() - Write a chunked buffer.
* http_write_ssl() - Write to a SSL/TLS connection.
*/
* Include necessary headers...
*/
-#include "http-private.h"
-#include "globals.h"
-#include "debug.h"
-#include <stdlib.h>
+#include "cups-private.h"
#include <fcntl.h>
-#include <errno.h>
-#ifndef WIN32
+#ifdef WIN32
+# include <tchar.h>
+#else
# include <signal.h>
# include <sys/time.h>
# include <sys/resource.h>
-#endif /* !WIN32 */
+#endif /* WIN32 */
+#ifdef HAVE_POLL
+# include <sys/poll.h>
+#endif /* HAVE_POLL */
/*
* Local functions...
*/
+#ifdef DEBUG
+static void http_debug_hex(const char *prefix, const char *buffer,
+ int bytes);
+#endif /* DEBUG */
static http_field_t http_field(const char *name);
static int http_send(http_t *http, http_state_t request,
const char *uri);
-static int http_wait(http_t *http, int msec);
static int http_write(http_t *http, const char *buffer,
int length);
static int http_write_chunk(http_t *http, const char *buffer,
static void http_shutdown_ssl(http_t *http);
static int http_upgrade(http_t *http);
static int http_write_ssl(http_t *http, const char *buf, int len);
+
+# ifdef HAVE_GNUTLS
+# ifdef HAVE_PTHREAD_H
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+# endif /* HAVE_PTHREAD_H */
+
+# elif defined(HAVE_LIBSSL)
+static _cups_mutex_t *http_locks; /* OpenSSL lock mutexes */
+
+static void http_locking_cb(int mode, int type, const char *file,
+ int line);
+static unsigned long http_threadid_cb(void);
+# endif /* HAVE_GNUTLS */
#endif /* HAVE_SSL */
"User-Agent",
"WWW-Authenticate"
};
+#ifdef DEBUG
+static const char * const http_states[] =
+ {
+ "HTTP_WAITING",
+ "HTTP_OPTIONS",
+ "HTTP_GET",
+ "HTTP_GET_SEND",
+ "HTTP_HEAD",
+ "HTTP_POST",
+ "HTTP_POST_RECV",
+ "HTTP_POST_SEND",
+ "HTTP_PUT",
+ "HTTP_PUT_RECV",
+ "HTTP_DELETE",
+ "HTTP_TRACE",
+ "HTTP_CLOSE",
+ "HTTP_STATUS"
+ };
+#endif /* DEBUG */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
+/*
+ * BIO methods for OpenSSL...
+ */
+
+static int http_bio_write(BIO *h, const char *buf, int num);
+static int http_bio_read(BIO *h, char *buf, int size);
+static int http_bio_puts(BIO *h, const char *str);
+static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int http_bio_new(BIO *h);
+static int http_bio_free(BIO *data);
+
+static BIO_METHOD http_bio_methods =
+ {
+ BIO_TYPE_SOCKET,
+ "http",
+ http_bio_write,
+ http_bio_read,
+ http_bio_puts,
+ NULL, /* http_bio_gets, */
+ http_bio_ctrl,
+ http_bio_new,
+ http_bio_free,
+ NULL,
+ };
+
+
+/*
+ * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
+ */
+
+BIO_METHOD * /* O - BIO methods for OpenSSL */
+_httpBIOMethods(void)
+{
+ return (&http_bio_methods);
+}
+#endif /* HAVE_SSL && HAVE_LIBSSL */
/*
*/
void
-httpBlocking(http_t *http, /* I - HTTP connection */
+httpBlocking(http_t *http, /* I - Connection to server */
int b) /* I - 1 = blocking, 0 = non-blocking */
{
if (http)
*/
int /* O - 0 = no data, 1 = data available */
-httpCheck(http_t *http) /* I - HTTP connection */
+httpCheck(http_t *http) /* I - Connection to server */
{
return (httpWait(http, 0));
}
/*
* 'httpClearCookie()' - Clear the cookie value(s).
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
void
-httpClearCookie(http_t *http) /* I - HTTP connection */
+httpClearCookie(http_t *http) /* I - Connection to server */
{
if (!http)
return;
*/
void
-httpClearFields(http_t *http) /* I - HTTP connection */
+httpClearFields(http_t *http) /* I - Connection to server */
{
if (http)
{
memset(http->fields, 0, sizeof(http->fields));
- httpSetField(http, HTTP_FIELD_HOST, http->hostname);
+ if (http->hostname[0] == '/')
+ httpSetField(http, HTTP_FIELD_HOST, "localhost");
+ else
+ httpSetField(http, HTTP_FIELD_HOST, http->hostname);
+
+ if (http->field_authorization)
+ {
+ free(http->field_authorization);
+ http->field_authorization = NULL;
+ }
http->expect = (http_status_t)0;
}
/*
- * 'httpClose()' - Close an HTTP connection...
+ * 'httpClose()' - Close an HTTP connection.
*/
void
-httpClose(http_t *http) /* I - HTTP connection */
+httpClose(http_t *http) /* I - Connection to server */
{
- DEBUG_printf(("httpClose(http=%p)\n", http));
+#ifdef HAVE_GSSAPI
+ OM_uint32 minor_status; /* Minor status code */
+#endif /* HAVE_GSSAPI */
+
+
+ DEBUG_printf(("httpClose(http=%p)", http));
+
+ /*
+ * Range check input...
+ */
if (!http)
return;
- httpAddrFreeList(http->addrlist);
+ /*
+ * Close any open connection...
+ */
+
+ _httpDisconnect(http);
- if (http->input_set)
- free(http->input_set);
+ /*
+ * Free memory used...
+ */
+
+ httpAddrFreeList(http->addrlist);
if (http->cookie)
free(http->cookie);
-#ifdef HAVE_SSL
- if (http->tls)
- http_shutdown_ssl(http);
-#endif /* HAVE_SSL */
+#ifdef HAVE_GSSAPI
+ if (http->gssctx != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&minor_status, &http->gssctx, GSS_C_NO_BUFFER);
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ if (http->gssname != GSS_C_NO_NAME)
+ gss_release_name(&minor_status, &http->gssname);
+#endif /* HAVE_GSSAPI */
+
+#ifdef HAVE_AUTHORIZATION_H
+ if (http->auth_ref)
+ AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults);
+#endif /* HAVE_AUTHORIZATION_H */
+
+ httpClearFields(http);
+
+ if (http->authstring && http->authstring != http->_authstring)
+ free(http->authstring);
free(http);
}
/*
* 'httpConnect()' - Connect to a HTTP server.
+ *
+ * This function is deprecated - use @link httpConnectEncrypt@ instead.
+ *
+ * @deprecated@
*/
http_t * /* O - New HTTP connection */
httpConnect(const char *host, /* I - Host to connect to */
int port) /* I - Port number */
{
- http_encryption_t encryption; /* Type of encryption to use */
+ return (httpConnectEncrypt(host, port, HTTP_ENCRYPT_IF_REQUESTED));
+}
+
+
+/*
+ * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
+ */
+
+http_t * /* O - New HTTP connection */
+httpConnectEncrypt(
+ const char *host, /* I - Host to connect to */
+ int port, /* I - Port number */
+ http_encryption_t encryption) /* I - Type of encryption to use */
+{
+ http_t *http; /* New HTTP connection */
+
+ DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)",
+ host, port, encryption));
/*
- * Set the default encryption status...
+ * Create the HTTP structure...
*/
- if (port == 443)
- encryption = HTTP_ENCRYPT_ALWAYS;
- else
- encryption = HTTP_ENCRYPT_IF_REQUESTED;
+ if ((http = _httpCreate(host, port, encryption)) == NULL)
+ return (NULL);
- return (httpConnectEncrypt(host, port, encryption));
+ /*
+ * Connect to the remote system...
+ */
+
+ if (!httpReconnect(http))
+ return (http);
+
+ /*
+ * Could not connect to any known address - bail out!
+ */
+
+ httpAddrFreeList(http->addrlist);
+
+ free(http);
+
+ return (NULL);
}
/*
- * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
+ * '_httpCreate()' - Create an unconnected HTTP connection.
*/
-http_t * /* O - New HTTP connection */
-httpConnectEncrypt(
- const char *host, /* I - Host to connect to */
+http_t * /* O - HTTP connection */
+_httpCreate(
+ const char *host, /* I - Hostname */
int port, /* I - Port number */
- http_encryption_t encryption) /* I - Type of encryption to use */
+ http_encryption_t encryption) /* I - Encryption to use */
{
http_t *http; /* New HTTP connection */
http_addrlist_t *addrlist; /* Host address data */
char service[255]; /* Service name */
- DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)\n",
- host ? host : "(null)", port, encryption));
+ DEBUG_printf(("4_httpCreate(host=\"%s\", port=%d, encryption=%d)",
+ host, port, encryption));
if (!host)
return (NULL);
* Allocate memory for the structure...
*/
- http = calloc(sizeof(http_t), 1);
- if (http == NULL)
+ if ((http = calloc(sizeof(http_t), 1)) == NULL)
+ {
+ httpAddrFreeList(addrlist);
return (NULL);
+ }
+
+ /*
+ * Initialize the HTTP data...
+ */
- http->version = HTTP_1_1;
- http->blocking = 1;
http->activity = time(NULL);
+ http->addrlist = addrlist;
+ http->blocking = 1;
http->fd = -1;
+#ifdef HAVE_GSSAPI
+ http->gssctx = GSS_C_NO_CONTEXT;
+ http->gssname = GSS_C_NO_NAME;
+#endif /* HAVE_GSSAPI */
+ http->version = HTTP_1_1;
- /*
- * Set the encryption status...
- */
+ strlcpy(http->hostname, host, sizeof(http->hostname));
if (port == 443) /* Always use encryption for https */
http->encryption = HTTP_ENCRYPT_ALWAYS;
http->encryption = encryption;
/*
- * Loop through the addresses we have until one of them connects...
- */
-
- strlcpy(http->hostname, host, sizeof(http->hostname));
-
- /*
- * Connect to the remote system...
- */
-
- http->addrlist = addrlist;
-
- if (!httpReconnect(http))
- return (http);
-
- /*
- * Could not connect to any known address - bail out!
+ * Return the new structure...
*/
- httpAddrFreeList(addrlist);
-
- free(http);
-
- return (NULL);
+ return (http);
}
*/
int /* O - Status of call (0 = success) */
-httpDelete(http_t *http, /* I - HTTP connection */
+httpDelete(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI to delete */
{
return (http_send(http, HTTP_DELETE, uri));
}
+/*
+ * '_httpDisconnect()' - Disconnect a HTTP connection.
+ */
+
+void
+_httpDisconnect(http_t *http) /* I - Connection to server */
+{
+#ifdef HAVE_SSL
+ if (http->tls)
+ http_shutdown_ssl(http);
+#endif /* HAVE_SSL */
+
+#ifdef WIN32
+ closesocket(http->fd);
+#else
+ close(http->fd);
+#endif /* WIN32 */
+
+ http->fd = -1;
+}
+
+
/*
* 'httpEncryption()' - Set the required encryption on the link.
*/
int /* O - -1 on error, 0 on success */
-httpEncryption(http_t *http, /* I - HTTP connection */
+httpEncryption(http_t *http, /* I - Connection to server */
http_encryption_t e) /* I - New encryption preference */
{
- DEBUG_printf(("httpEncryption(http=%p, e=%d)\n", http, e));
+ DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
#ifdef HAVE_SSL
if (!http)
*/
int /* O - Error code (errno) value */
-httpError(http_t *http) /* I - HTTP connection */
+httpError(http_t *http) /* I - Connection to server */
{
if (http)
return (http->error);
*/
void
-httpFlush(http_t *http) /* I - HTTP connection */
+httpFlush(http_t *http) /* I - Connection to server */
{
- char buffer[8192]; /* Junk buffer */
- int blocking; /* To block or not to block */
+ char buffer[8192]; /* Junk buffer */
+ int blocking; /* To block or not to block */
+ http_state_t oldstate; /* Old state */
- DEBUG_printf(("httpFlush(http=%p), state=%d\n", http, http->state));
+ DEBUG_printf(("httpFlush(http=%p), state=%s", http,
+ http_states[http->state]));
/*
* Temporarily set non-blocking mode so we don't get stuck in httpRead()...
* Read any data we can...
*/
+ oldstate = http->state;
while (httpRead2(http, buffer, sizeof(buffer)) > 0);
/*
http->blocking = blocking;
- if (http->state != HTTP_WAITING && http->fd >= 0)
+ if (http->state == oldstate && http->state != HTTP_WAITING && http->fd >= 0)
{
/*
* Didn't get the data back, so close the current connection.
/*
* 'httpFlushWrite()' - Flush data in write buffer.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
int /* O - Bytes written or -1 on error */
-httpFlushWrite(http_t *http) /* I - HTTP connection */
+httpFlushWrite(http_t *http) /* I - Connection to server */
{
int bytes; /* Bytes written */
- DEBUG_printf(("httpFlushWrite(http=%p)\n", http));
+ DEBUG_printf(("httpFlushWrite(http=%p)", http));
if (!http || !http->wused)
+ {
+ DEBUG_puts(http ? "1httpFlushWrite: Write buffer is empty." :
+ "1httpFlushWrite: No connection.");
return (0);
+ }
if (http->data_encoding == HTTP_ENCODE_CHUNKED)
bytes = http_write_chunk(http, http->wbuffer, http->wused);
http->wused = 0;
+ DEBUG_printf(("1httpFlushWrite: Returning %d.", bytes));
+
return (bytes);
}
*/
int /* O - Status of call (0 = success) */
-httpGet(http_t *http, /* I - HTTP connection */
+httpGet(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI to get */
{
return (http_send(http, HTTP_GET, uri));
}
+/*
+ * 'httpGetAuthString()' - Get the current authorization string.
+ *
+ * The authorization string is set by cupsDoAuthentication() and
+ * httpSetAuthString(). Use httpGetAuthString() to retrieve the
+ * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
+ * value.
+ *
+ * @since CUPS 1.3/Mac OS X 10.5@
+ */
+
+char * /* O - Authorization string */
+httpGetAuthString(http_t *http) /* I - Connection to server */
+{
+ if (http)
+ return (http->authstring);
+ else
+ return (NULL);
+}
+
+
/*
* 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
int /* O - 1 if blocking, 0 if non-blocking */
-httpGetBlocking(http_t *http) /* I - HTTP connection */
+httpGetBlocking(http_t *http) /* I - Connection to server */
{
return (http ? http->blocking : 0);
}
/*
* 'httpGetCookie()' - Get any cookie data from the response.
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
const char * /* O - Cookie data or NULL */
/*
* 'httpGetFd()' - Get the file descriptor associated with a connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
int /* O - File descriptor or -1 if none */
-httpGetFd(http_t *http) /* I - HTTP connection */
+httpGetFd(http_t *http) /* I - Connection to server */
{
return (http ? http->fd : -1);
}
*/
const char * /* O - Field value */
-httpGetField(http_t *http, /* I - HTTP connection */
+httpGetField(http_t *http, /* I - Connection to server */
http_field_t field) /* I - Field to get */
{
if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
return (NULL);
+ else if (field == HTTP_FIELD_AUTHORIZATION &&
+ http->field_authorization)
+ {
+ /*
+ * Special case for WWW-Authenticate: as its contents can be
+ * longer than HTTP_MAX_VALUE...
+ */
+
+ return (http->field_authorization);
+ }
else
return (http->fields[field]);
}
*/
int /* O - Content length */
-httpGetLength(http_t *http) /* I - HTTP connection */
+httpGetLength(http_t *http) /* I - Connection to server */
{
/*
* Get the read content length and return the 32-bit value.
* This function returns the complete content length, even for
* content larger than 2^31 - 1.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
off_t /* O - Content length */
-httpGetLength2(http_t *http) /* I - HTTP connection */
+httpGetLength2(http_t *http) /* I - Connection to server */
{
- DEBUG_printf(("httpGetLength2(http=%p), state=%d\n", http, http->state));
+ DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
+ http_states[http->state]));
if (!http)
return (-1);
if (!strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
{
- DEBUG_puts("httpGetLength2: chunked request!");
+ DEBUG_puts("4httpGetLength2: chunked request!");
http->data_encoding = HTTP_ENCODE_CHUNKED;
http->data_remaining = 0;
* after the transfer is complete...
*/
- if (http->fields[HTTP_FIELD_CONTENT_LENGTH][0] == '\0')
- http->data_remaining = 2147483647;
+ if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
+ {
+ /*
+ * Default content length is 0 for errors and 2^31-1 for other
+ * successful requests...
+ */
+
+ if (http->status >= HTTP_MULTIPLE_CHOICES)
+ http->data_remaining = 0;
+ else
+ http->data_remaining = 2147483647;
+ }
else
http->data_remaining = strtoll(http->fields[HTTP_FIELD_CONTENT_LENGTH],
NULL, 10);
- DEBUG_printf(("httpGetLength2: content_length=" CUPS_LLFMT "\n",
+ DEBUG_printf(("4httpGetLength2: content_length=" CUPS_LLFMT,
CUPS_LLCAST http->data_remaining));
}
/*
* 'httpGetStatus()' - Get the status of the last HTTP request.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
http_status_t /* O - HTTP status */
-httpGetStatus(http_t *http) /* I - HTTP connection */
+httpGetStatus(http_t *http) /* I - Connection to server */
{
return (http ? http->status : HTTP_ERROR);
}
*/
char * /* O - Value or NULL */
-httpGetSubField(http_t *http, /* I - HTTP connection */
+httpGetSubField(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
char *value) /* O - Value string */
/*
* 'httpGetSubField2()' - Get a sub-field value.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
char * /* O - Value or NULL */
-httpGetSubField2(http_t *http, /* I - HTTP connection */
+httpGetSubField2(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
char *value, /* O - Value string */
*ptr, /* Pointer into string buffer */
*end; /* End of value buffer */
- DEBUG_printf(("httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, valuelen=%d)\n",
- http, field, name, value, valuelen));
+ DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
+ "valuelen=%d)", http, field, name, value, valuelen));
if (!http || !name || !value || valuelen < 2 ||
field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
*ptr = '\0';
- DEBUG_printf(("httpGetSubField: name=\"%s\"\n", temp));
+ DEBUG_printf(("4httpGetSubField2: name=\"%s\"", temp));
/*
* Skip trailing chars up to the '='...
fptr ++;
}
- DEBUG_printf(("httpGetSubField: value=\"%s\"\n", value));
+ DEBUG_printf(("4httpGetSubField2: value=\"%s\"", value));
/*
* See if this is the one...
*/
if (!strcmp(name, temp))
+ {
+ DEBUG_printf(("3httpGetSubField2: Returning \"%s\"", value));
return (value);
+ }
}
value[0] = '\0';
+ DEBUG_puts("3httpGetSubField2: Returning NULL");
+
return (NULL);
}
char * /* O - Line or NULL */
httpGets(char *line, /* I - Line to read into */
int length, /* I - Max length of buffer */
- http_t *http) /* I - HTTP connection */
+ http_t *http) /* I - Connection to server */
{
char *lineptr, /* Pointer into line */
*lineend, /* End of line */
eol; /* End-of-line? */
- DEBUG_printf(("httpGets(line=%p, length=%d, http=%p)\n", line, length, http));
+ DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
if (http == NULL || line == NULL)
return (NULL);
/*
* Read a line from the buffer...
*/
-
- lineptr = line;
- lineend = line + length - 1;
- eol = 0;
+
+ http->error = 0;
+ lineptr = line;
+ lineend = line + length - 1;
+ eol = 0;
while (lineptr < lineend)
{
* No newline; see if there is more data to be read...
*/
- if (!http->blocking && !http_wait(http, 10000))
+ if (!http->blocking && !_httpWait(http, 10000, 1))
{
- DEBUG_puts("httpGets: Timed out!");
+ DEBUG_puts("3httpGets: Timed out!");
+#ifdef WIN32
+ http->error = WSAETIMEDOUT;
+#else
http->error = ETIMEDOUT;
+#endif /* WIN32 */
return (NULL);
}
bytes = recv(http->fd, http->buffer + http->used,
HTTP_MAX_BUFFER - http->used, 0);
- DEBUG_printf(("httpGets: read %d bytes...\n", bytes));
+ DEBUG_printf(("4httpGets: read %d bytes...", bytes));
if (bytes < 0)
{
*/
#ifdef WIN32
- if (WSAGetLastError() != http->error)
+ DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
+
+ if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
+ continue;
+ else if (WSAGetLastError() != http->error)
{
http->error = WSAGetLastError();
continue;
}
- DEBUG_printf(("httpGets: recv() error %d!\n", WSAGetLastError()));
#else
- DEBUG_printf(("httpGets: recv() error %d!\n", errno));
+ DEBUG_printf(("3httpGets: recv() error %d!", errno));
- if (errno == EINTR)
+ if (errno == EINTR || errno == EAGAIN)
continue;
else if (errno != http->error)
{
*lineptr++ = *bufptr++;
}
- http->used -= bufptr - http->buffer;
+ http->used -= (int)(bufptr - http->buffer);
if (http->used > 0)
memmove(http->buffer, bufptr, http->used);
http->activity = time(NULL);
*lineptr = '\0';
-
- DEBUG_printf(("httpGets: Returning \"%s\"\n", line));
+
+ DEBUG_printf(("3httpGets: Returning \"%s\"", line));
return (line);
}
}
- DEBUG_puts("httpGets: No new line available!");
+ DEBUG_puts("3httpGets: No new line available!");
return (NULL);
}
*/
int /* O - Status of call (0 = success) */
-httpHead(http_t *http, /* I - HTTP connection */
+httpHead(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for head */
{
+ DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
return (http_send(http, HTTP_HEAD, uri));
}
void
httpInitialize(void)
{
+ static int initialized = 0; /* Have we been called before? */
+#ifdef WIN32
+ WSADATA winsockdata; /* WinSock data */
+#endif /* WIN32 */
#ifdef HAVE_LIBSSL
-# ifndef WIN32
- struct timeval curtime; /* Current time in microseconds */
-# endif /* !WIN32 */
- int i; /* Looping var */
- unsigned char data[1024]; /* Seed data */
+ int i; /* Looping var */
+ unsigned char data[1024]; /* Seed data */
#endif /* HAVE_LIBSSL */
-#ifdef WIN32
- WSADATA winsockdata; /* WinSock data */
- static int initialized = 0; /* Has WinSock been initialized? */
+ _cupsGlobalLock();
+ if (initialized)
+ {
+ _cupsGlobalUnlock();
+ return;
+ }
+
+#ifdef WIN32
+ WSAStartup(MAKEWORD(1,1), &winsockdata);
- if (!initialized)
- WSAStartup(MAKEWORD(1,1), &winsockdata);
#elif !defined(SO_NOSIGPIPE)
/*
* Ignore SIGPIPE signals...
# ifdef HAVE_SIGSET
sigset(SIGPIPE, SIG_IGN);
+
# elif defined(HAVE_SIGACTION)
struct sigaction action; /* POSIX sigaction data */
memset(&action, 0, sizeof(action));
action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL);
+
# else
signal(SIGPIPE, SIG_IGN);
# endif /* !SO_NOSIGPIPE */
#endif /* WIN32 */
#ifdef HAVE_GNUTLS
+ /*
+ * Make sure we handle threading properly...
+ */
+
+# ifdef HAVE_PTHREAD_H
+ gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+# endif /* HAVE_PTHREAD_H */
+
+ /*
+ * Initialize GNU TLS...
+ */
+
gnutls_global_init();
-#endif /* HAVE_GNUTLS */
-#ifdef HAVE_LIBSSL
+#elif defined(HAVE_LIBSSL)
+ /*
+ * Initialize OpenSSL...
+ */
+
SSL_load_error_strings();
SSL_library_init();
+ /*
+ * Set the threading callbacks...
+ */
+
+ http_locks = calloc(CRYPTO_num_locks(), sizeof(_cups_mutex_t));
+# ifdef HAVE_PTHREAD_H
+ for (i = 0; i < CRYPTO_num_locks(); i ++)
+ pthread_mutex_init(http_locks + i, NULL);
+# endif /* HAVE_PTHREAD_H */
+
+ CRYPTO_set_id_callback(http_threadid_cb);
+ CRYPTO_set_locking_callback(http_locking_cb);
+
/*
* Using the current time is a dubious random seed, but on some systems
* it is the best we can do (on others, this seed isn't even used...)
*/
-#ifdef WIN32
-#else
- gettimeofday(&curtime, NULL);
- srand(curtime.tv_sec + curtime.tv_usec);
-#endif /* WIN32 */
+ CUPS_SRAND(time(NULL));
for (i = 0; i < sizeof(data); i ++)
- data[i] = rand(); /* Yes, this is a poor source of random data... */
+ data[i] = CUPS_RAND();
- RAND_seed(&data, sizeof(data));
-#endif /* HAVE_LIBSSL */
+ RAND_seed(data, sizeof(data));
+#endif /* HAVE_GNUTLS */
+
+ initialized = 1;
+ _cupsGlobalUnlock();
}
*/
int /* O - Status of call (0 = success) */
-httpOptions(http_t *http, /* I - HTTP connection */
+httpOptions(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for options */
{
return (http_send(http, HTTP_OPTIONS, uri));
/*
- * 'httpPost()' - Send a POST request to the server.
- */
-
-int /* O - Status of call (0 = success) */
-httpPost(http_t *http, /* I - HTTP connection */
- const char *uri) /* I - URI for post */
-{
- return (http_send(http, HTTP_POST, uri));
-}
-
-
-/*
- * 'httpPrintf()' - Print a formatted string to a HTTP connection.
+ * '_httpPeek()' - Peek at data from a HTTP connection.
*
- * @private@
+ * This function copies available data from the given HTTP connection, reading
+ * a buffer as needed. The data is still available for reading using
+ * @link httpRead@ or @link httpRead2@.
+ *
+ * For non-blocking connections the usual timeouts apply.
*/
-int /* O - Number of bytes written */
-httpPrintf(http_t *http, /* I - HTTP connection */
- const char *format, /* I - printf-style format string */
- ...) /* I - Additional args as needed */
+ssize_t /* O - Number of bytes copied */
+_httpPeek(http_t *http, /* I - Connection to server */
+ char *buffer, /* I - Buffer for data */
+ size_t length) /* I - Maximum number of bytes */
{
- int bytes; /* Number of bytes to write */
- char buf[16384]; /* Buffer for formatted string */
- va_list ap; /* Variable argument pointer */
+ ssize_t bytes; /* Bytes read */
+ char len[32]; /* Length string */
- DEBUG_printf(("httpPrintf(http=%p, format=\"%s\", ...)\n", http, format));
+ DEBUG_printf(("_httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
+ http, buffer, CUPS_LLCAST length));
- va_start(ap, format);
- bytes = vsnprintf(buf, sizeof(buf), format, ap);
- va_end(ap);
+ if (http == NULL || buffer == NULL)
+ return (-1);
- DEBUG_printf(("httpPrintf: %s", buf));
+ http->activity = time(NULL);
+ http->error = 0;
- if (http->wused)
+ if (length <= 0)
+ return (0);
+
+ if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
+ http->data_remaining <= 0)
{
- DEBUG_puts(" flushing existing data...");
+ DEBUG_puts("2_httpPeek: Getting chunk length...");
- if (httpFlushWrite(http) < 0)
- return (-1);
+ if (httpGets(len, sizeof(len), http) == NULL)
+ {
+ DEBUG_puts("1_httpPeek: Could not get length!");
+ return (0);
+ }
+
+ http->data_remaining = strtoll(len, NULL, 16);
+ if (http->data_remaining < 0)
+ {
+ DEBUG_puts("1_httpPeek: Negative chunk length!");
+ return (0);
+ }
+ }
+
+ DEBUG_printf(("2_httpPeek: data_remaining=" CUPS_LLFMT,
+ CUPS_LLCAST http->data_remaining));
+
+ if (http->data_remaining <= 0)
+ {
+ /*
+ * A zero-length chunk ends a transfer; unless we are reading POST
+ * data, go idle...
+ */
+
+ if (http->data_encoding == HTTP_ENCODE_CHUNKED)
+ httpGets(len, sizeof(len), http);
+
+ if (http->state == HTTP_POST_RECV)
+ http->state ++;
+ else
+ http->state = HTTP_WAITING;
+
+ /*
+ * Prevent future reads for this request...
+ */
+
+ http->data_encoding = HTTP_ENCODE_LENGTH;
+
+ return (0);
}
+ else if (length > (size_t)http->data_remaining)
+ length = (size_t)http->data_remaining;
+
+ if (http->used == 0)
+ {
+ /*
+ * Buffer small reads for better performance...
+ */
- return (http_write(http, buf, bytes));
+ if (!http->blocking && !httpWait(http, 10000))
+ return (0);
+
+ if (http->data_remaining > sizeof(http->buffer))
+ bytes = sizeof(http->buffer);
+ else
+ bytes = http->data_remaining;
+
+#ifdef HAVE_SSL
+ if (http->tls)
+ bytes = http_read_ssl(http, http->buffer, bytes);
+ else
+#endif /* HAVE_SSL */
+ {
+ DEBUG_printf(("2_httpPeek: reading %d bytes from socket into buffer...",
+ (int)bytes));
+
+ bytes = recv(http->fd, http->buffer, bytes, 0);
+
+ DEBUG_printf(("2_httpPeek: read %d bytes from socket into buffer...",
+ (int)bytes));
+ }
+
+ if (bytes > 0)
+ http->used = bytes;
+ else if (bytes < 0)
+ {
+#ifdef WIN32
+ if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
+ {
+ http->error = WSAGetLastError();
+ return (-1);
+ }
+#else
+ if (errno != EINTR && errno != EAGAIN)
+ {
+ http->error = errno;
+ return (-1);
+ }
+#endif /* WIN32 */
+ }
+ else
+ {
+ http->error = EPIPE;
+ return (0);
+ }
+ }
+
+ if (http->used > 0)
+ {
+ if (length > (size_t)http->used)
+ length = (size_t)http->used;
+
+ bytes = (ssize_t)length;
+
+ DEBUG_printf(("2_httpPeek: grabbing %d bytes from input buffer...",
+ (int)bytes));
+
+ memcpy(buffer, http->buffer, length);
+ }
+ else
+ bytes = 0;
+
+ if (bytes < 0)
+ {
+#ifdef WIN32
+ if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
+ bytes = 0;
+ else
+ http->error = WSAGetLastError();
+#else
+ if (errno == EINTR || errno == EAGAIN)
+ bytes = 0;
+ else
+ http->error = errno;
+#endif /* WIN32 */
+ }
+ else if (bytes == 0)
+ {
+ http->error = EPIPE;
+ return (0);
+ }
+
+#ifdef DEBUG
+ http_debug_hex("_httpPeek", buffer, (int)bytes);
+#endif /* DEBUG */
+
+ return (bytes);
+}
+
+
+/*
+ * 'httpPost()' - Send a POST request to the server.
+ */
+
+int /* O - Status of call (0 = success) */
+httpPost(http_t *http, /* I - Connection to server */
+ const char *uri) /* I - URI for post */
+{
+ return (http_send(http, HTTP_POST, uri));
+}
+
+
+/*
+ * 'httpPrintf()' - Print a formatted string to a HTTP connection.
+ *
+ * @private@
+ */
+
+int /* O - Number of bytes written */
+httpPrintf(http_t *http, /* I - Connection to server */
+ const char *format, /* I - printf-style format string */
+ ...) /* I - Additional args as needed */
+{
+ int bytes; /* Number of bytes to write */
+ char buf[16384]; /* Buffer for formatted string */
+ va_list ap; /* Variable argument pointer */
+
+
+ DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
+
+ va_start(ap, format);
+ bytes = vsnprintf(buf, sizeof(buf), format, ap);
+ va_end(ap);
+
+ DEBUG_printf(("3httpPrintf: %s", buf));
+
+ if (http->data_encoding == HTTP_ENCODE_FIELDS)
+ return (httpWrite2(http, buf, bytes));
+ else
+ {
+ if (http->wused)
+ {
+ DEBUG_puts("4httpPrintf: flushing existing data...");
+
+ if (httpFlushWrite(http) < 0)
+ return (-1);
+ }
+
+ return (http_write(http, buf, bytes));
+ }
}
*/
int /* O - Status of call (0 = success) */
-httpPut(http_t *http, /* I - HTTP connection */
+httpPut(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI to put */
{
+ DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
return (http_send(http, HTTP_PUT, uri));
}
*/
int /* O - Number of bytes read */
-httpRead(http_t *http, /* I - HTTP connection */
+httpRead(http_t *http, /* I - Connection to server */
char *buffer, /* I - Buffer for data */
int length) /* I - Maximum number of bytes */
{
/*
* 'httpRead2()' - Read data from a HTTP connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
ssize_t /* O - Number of bytes read */
-httpRead2(http_t *http, /* I - HTTP connection */
+httpRead2(http_t *http, /* I - Connection to server */
char *buffer, /* I - Buffer for data */
size_t length) /* I - Maximum number of bytes */
{
char len[32]; /* Length string */
- DEBUG_printf(("httpRead(http=%p, buffer=%p, length=%d)\n",
- http, buffer, length));
+ DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
+ http, buffer, CUPS_LLCAST length));
if (http == NULL || buffer == NULL)
return (-1);
http->activity = time(NULL);
+ http->error = 0;
if (length <= 0)
return (0);
if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
http->data_remaining <= 0)
{
- DEBUG_puts("httpRead2: Getting chunk length...");
+ DEBUG_puts("2httpRead2: Getting chunk length...");
if (httpGets(len, sizeof(len), http) == NULL)
{
- DEBUG_puts("httpRead2: Could not get length!");
+ DEBUG_puts("1httpRead2: Could not get length!");
return (0);
}
http->data_remaining = strtoll(len, NULL, 16);
if (http->data_remaining < 0)
{
- DEBUG_puts("httpRead2: Negative chunk length!");
+ DEBUG_puts("1httpRead2: Negative chunk length!");
return (0);
}
}
- DEBUG_printf(("httpRead2: data_remaining=" CUPS_LLFMT "\n",
+ DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT,
CUPS_LLCAST http->data_remaining));
if (http->data_remaining <= 0)
return (0);
}
- else if (length > http->data_remaining)
- length = http->data_remaining;
+ else if (length > (size_t)http->data_remaining)
+ length = (size_t)http->data_remaining;
if (http->used == 0 && length <= 256)
{
else
#endif /* HAVE_SSL */
{
- DEBUG_printf(("httpRead2: reading %d bytes from socket into buffer...\n",
- bytes));
+ DEBUG_printf(("2httpRead2: reading %d bytes from socket into buffer...",
+ (int)bytes));
bytes = recv(http->fd, http->buffer, bytes, 0);
- DEBUG_printf(("httpRead2: read %d bytes from socket into buffer...\n",
- bytes));
+ DEBUG_printf(("2httpRead2: read %d bytes from socket into buffer...",
+ (int)bytes));
}
if (bytes > 0)
else if (bytes < 0)
{
#ifdef WIN32
- http->error = WSAGetLastError();
- return (-1);
+ if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
+ {
+ http->error = WSAGetLastError();
+ return (-1);
+ }
#else
- if (errno != EINTR)
+ if (errno != EINTR && errno != EAGAIN)
{
http->error = errno;
return (-1);
if (http->used > 0)
{
- if (length > http->used)
- length = http->used;
+ if (length > (size_t)http->used)
+ length = (size_t)http->used;
- bytes = length;
+ bytes = (ssize_t)length;
- DEBUG_printf(("httpRead2: grabbing %d bytes from input buffer...\n", bytes));
+ DEBUG_printf(("2httpRead2: grabbing %d bytes from input buffer...",
+ (int)bytes));
memcpy(buffer, http->buffer, length);
- http->used -= length;
+ http->used -= (int)length;
if (http->used > 0)
memmove(http->buffer, http->buffer + length, http->used);
if (!http->blocking && !httpWait(http, 10000))
return (0);
- bytes = http_read_ssl(http, buffer, length);
+ bytes = (ssize_t)http_read_ssl(http, buffer, (int)length);
}
#endif /* HAVE_SSL */
else
if (!http->blocking && !httpWait(http, 10000))
return (0);
- DEBUG_printf(("httpRead2: reading %d bytes from socket...\n", length));
+ DEBUG_printf(("2httpRead2: reading " CUPS_LLFMT " bytes from socket...",
+ CUPS_LLCAST length));
+#ifdef WIN32
+ while ((bytes = (ssize_t) recv(http->fd, buffer, (int)length, 0)) < 0)
+ if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
+ break;
+#else
while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
- if (errno != EINTR)
+ if (errno != EINTR && errno != EAGAIN)
break;
+#endif /* WIN32 */
- DEBUG_printf(("httpRead2: read %d bytes from socket...\n", bytes));
+ DEBUG_printf(("2httpRead2: read " CUPS_LLFMT " bytes from socket...",
+ CUPS_LLCAST bytes));
}
if (bytes > 0)
else if (bytes < 0)
{
#ifdef WIN32
- http->error = WSAGetLastError();
+ if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
+ bytes = 0;
+ else
+ http->error = WSAGetLastError();
#else
- if (errno == EINTR)
+ if (errno == EINTR || errno == EAGAIN)
bytes = 0;
else
http->error = errno;
}
#ifdef DEBUG
- {
- int i, j, ch;
- printf("httpRead2: Read %d bytes:\n", bytes);
- for (i = 0; i < bytes; i += 16)
- {
- printf(" ");
-
- for (j = 0; j < 16 && (i + j) < bytes; j ++)
- printf(" %02X", buffer[i + j] & 255);
-
- while (j < 16)
- {
- printf(" ");
- j ++;
- }
-
- printf(" ");
- for (j = 0; j < 16 && (i + j) < bytes; j ++)
- {
- ch = buffer[i + j] & 255;
-
- if (ch < ' ' || ch >= 127)
- ch = '.';
-
- putchar(ch);
- }
- putchar('\n');
- }
- }
+ http_debug_hex("httpRead2", buffer, (int)bytes);
#endif /* DEBUG */
return (bytes);
#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
/*
- * '_httpReadCDSA()' - Read function for CDSA decryption code.
+ * '_httpReadCDSA()' - Read function for the CDSA library.
*/
OSStatus /* O - -1 on error, 0 on success */
void *data, /* I - Data buffer */
size_t *dataLength) /* IO - Number of bytes */
{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- cdsa_conn_ref_t u; /* Connection reference union */
+ OSStatus result; /* Return value */
+ ssize_t bytes; /* Number of bytes read */
+ http_t *http; /* HTTP connection */
+
+ http = (http_t *)connection;
- u.connection = connection;
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ if (!_httpWait(http, 10000, 0))
+ {
+ http->error = ETIMEDOUT;
+ return (-1);
+ }
+ }
do
- bytes = recv(u.sock, data, *dataLength, 0);
- while (bytes == -1 && errno == EINTR);
+ {
+ bytes = recv(http->fd, data, *dataLength, 0);
+ }
+ while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
if (bytes == *dataLength)
+ {
result = 0;
+ }
else if (bytes > 0)
{
*dataLength = bytes;
result = errSSLClosedAbort;
}
- return result;
+ return (result);
}
#endif /* HAVE_SSL && HAVE_CDSASSL */
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
+/*
+ * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
+ */
+
+ssize_t /* O - Number of bytes read or -1 on error */
+_httpReadGNUTLS(
+ gnutls_transport_ptr ptr, /* I - Connection to server */
+ void *data, /* I - Buffer */
+ size_t length) /* I - Number of bytes to read */
+{
+ http_t *http; /* HTTP connection */
+
+
+ http = (http_t *)ptr;
+
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ if (!_httpWait(http, 10000, 0))
+ {
+ http->error = ETIMEDOUT;
+ return (-1);
+ }
+ }
+
+ return (recv(http->fd, data, length, 0));
+}
+#endif /* HAVE_SSL && HAVE_GNUTLS */
+
+
/*
* 'httpReconnect()' - Reconnect to a HTTP server.
*/
int /* O - 0 on success, non-zero on failure */
-httpReconnect(http_t *http) /* I - HTTP connection */
+httpReconnect(http_t *http) /* I - Connection to server */
{
http_addrlist_t *addr; /* Connected address */
+#ifdef DEBUG
+ http_addrlist_t *current; /* Current address */
+ char temp[256]; /* Temporary address string */
+#endif /* DEBUG */
- DEBUG_printf(("httpReconnect(http=%p)\n", http));
+ DEBUG_printf(("httpReconnect(http=%p)", http));
if (!http)
return (-1);
#ifdef HAVE_SSL
if (http->tls)
+ {
+ DEBUG_puts("2httpReconnect: Shutting down SSL/TLS...");
http_shutdown_ssl(http);
+ }
#endif /* HAVE_SSL */
/*
if (http->fd >= 0)
{
+ DEBUG_printf(("2httpReconnect: Closing socket %d...", http->fd));
+
#ifdef WIN32
closesocket(http->fd);
#else
* Connect to the server...
*/
+#ifdef DEBUG
+ for (current = http->addrlist; current; current = current->next)
+ DEBUG_printf(("2httpReconnect: Address %s:%d",
+ httpAddrString(&(current->addr), temp, sizeof(temp)),
+ _httpAddrPort(&(current->addr))));
+#endif /* DEBUG */
+
if ((addr = httpAddrConnect(http->addrlist, &(http->fd))) == NULL)
{
/*
#endif /* WIN32 */
http->status = HTTP_ERROR;
+ DEBUG_printf(("1httpReconnect: httpAddrConnect failed: %s",
+ strerror(http->error)));
+
return (-1);
}
+ DEBUG_printf(("2httpReconnect: New socket=%d", http->fd));
+
http->hostaddr = &(addr->addr);
http->error = 0;
http->status = HTTP_CONTINUE;
if (http->encryption == HTTP_ENCRYPT_ALWAYS)
{
/*
- * Always do encryption via SSL.
+ * Always do encryption via SSL.
+ */
+
+ if (http_setup_ssl(http) != 0)
+ {
+# ifdef WIN32
+ closesocket(http->fd);
+# else
+ close(http->fd);
+# endif /* WIN32 */
+
+ return (-1);
+ }
+ }
+ else if (http->encryption == HTTP_ENCRYPT_REQUIRED)
+ return (http_upgrade(http));
+#endif /* HAVE_SSL */
+
+ DEBUG_printf(("1httpReconnect: Connected to %s:%d...",
+ httpAddrString(http->hostaddr, temp, sizeof(temp)),
+ _httpAddrPort(http->hostaddr)));
+
+ return (0);
+}
+
+
+/*
+ * 'httpSetAuthString()' - Set the current authorization string.
+ *
+ * This function just stores a copy of the current authorization string in
+ * the HTTP connection object. You must still call httpSetField() to set
+ * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
+ * httpHead(), httpOptions(), httpPost, or httpPut().
+ *
+ * @since CUPS 1.3/Mac OS X 10.5@
+ */
+
+void
+httpSetAuthString(http_t *http, /* I - Connection to server */
+ const char *scheme, /* I - Auth scheme (NULL to clear it) */
+ const char *data) /* I - Auth data (NULL for none) */
+{
+ /*
+ * Range check input...
+ */
+
+ if (!http)
+ return;
+
+ if (http->authstring && http->authstring != http->_authstring)
+ free(http->authstring);
+
+ http->authstring = http->_authstring;
+
+ if (scheme)
+ {
+ /*
+ * Set the current authorization string...
*/
- if (http_setup_ssl(http) != 0)
- {
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
+ char *temp;
- return (-1);
+ if (len > (int)sizeof(http->_authstring))
+ {
+ if ((temp = malloc(len)) == NULL)
+ len = sizeof(http->_authstring);
+ else
+ http->authstring = temp;
}
+
+ if (data)
+ snprintf(http->authstring, len, "%s %s", scheme, data);
+ else
+ strlcpy(http->authstring, scheme, len);
}
- else if (http->encryption == HTTP_ENCRYPT_REQUIRED)
- return (http_upgrade(http));
-#endif /* HAVE_SSL */
+ else
+ {
+ /*
+ * Clear the current authorization string...
+ */
- return (0);
+ http->_authstring[0] = '\0';
+ }
}
/*
- * 'httpSetCookie()' - Set the cookie value(s)...
+ * 'httpSetCookie()' - Set the cookie value(s).
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
void
*
* Currently only HTTP_CONTINUE is supported for the "expect" argument.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
void
-httpSetExpect(http_t *http, /* I - HTTP connection */
+httpSetExpect(http_t *http, /* I - Connection to server */
http_status_t expect) /* I - HTTP status to expect (HTTP_CONTINUE) */
{
if (http)
*/
void
-httpSetField(http_t *http, /* I - HTTP connection */
+httpSetField(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *value) /* I - Value */
{
return;
strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
+
+ if (field == HTTP_FIELD_AUTHORIZATION)
+ {
+ /*
+ * Special case for Authorization: as its contents can be
+ * longer than HTTP_MAX_VALUE
+ */
+
+ if (http->field_authorization)
+ free(http->field_authorization);
+
+ http->field_authorization = strdup(value);
+ }
+ else if (field == HTTP_FIELD_HOST)
+ {
+ /*
+ * Special-case for Host: as we don't want a trailing "." on the hostname and
+ * need to bracket IPv6 numeric addresses.
+ */
+
+ char *ptr = strchr(value, ':');
+
+ if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
+ {
+ /*
+ * Bracket IPv6 numeric addresses...
+ *
+ * This is slightly inefficient (basically copying twice), but is an edge
+ * case and not worth optimizing...
+ */
+
+ snprintf(http->fields[HTTP_FIELD_HOST],
+ sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
+ }
+ else
+ {
+ /*
+ * Check for a trailing dot on the hostname...
+ */
+
+ ptr = http->fields[HTTP_FIELD_HOST];
+
+ if (*ptr)
+ {
+ ptr += strlen(ptr) - 1;
+
+ if (*ptr == '.')
+ *ptr = '\0';
+ }
+ }
+ }
}
/*
* 'httpSetLength()' - Set the content-length and content-encoding.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
void
-httpSetLength(http_t *http, /* I - HTTP connection */
+httpSetLength(http_t *http, /* I - Connection to server */
size_t length) /* I - Length (0 for chunked) */
{
if (!http)
*/
int /* O - Status of call (0 = success) */
-httpTrace(http_t *http, /* I - HTTP connection */
+httpTrace(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for trace */
{
return (http_send(http, HTTP_TRACE, uri));
*/
http_status_t /* O - HTTP status */
-httpUpdate(http_t *http) /* I - HTTP connection */
+httpUpdate(http_t *http) /* I - Connection to server */
{
char line[32768], /* Line from connection... */
*value; /* Pointer to value on line */
status; /* Request status */
- DEBUG_printf(("httpUpdate(http=%p), state=%d\n", http, http->state));
+ DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
+ http_states[http->state]));
/*
* Flush pending data, if any...
if (http->wused)
{
- DEBUG_puts(" flushing buffer...");
+ DEBUG_puts("2httpUpdate: flushing buffer...");
if (httpFlushWrite(http) < 0)
return (HTTP_ERROR);
while (httpGets(line, sizeof(line), http) != NULL)
{
- DEBUG_printf(("httpUpdate: Got \"%s\"\n", line));
+ DEBUG_printf(("2httpUpdate: Got \"%s\"", line));
if (line[0] == '\0')
{
return (http->status);
}
- else if (strncmp(line, "HTTP/", 5) == 0)
+ else if (!strncmp(line, "HTTP/", 5))
{
/*
* Got the beginning of a response...
}
else if ((field = http_field(line)) == HTTP_FIELD_UNKNOWN)
{
- DEBUG_printf(("httpUpdate: unknown field %s seen!\n", line));
+ DEBUG_printf(("1httpUpdate: unknown field %s seen!", line));
continue;
}
else
}
else
{
+ DEBUG_printf(("1httpUpdate: Bad response line \"%s\"!", line));
http->status = HTTP_ERROR;
return (HTTP_ERROR);
}
*/
if (http->error == EPIPE && http->status > HTTP_CONTINUE)
+ {
+ DEBUG_printf(("1httpUpdate: Returning status %d...", http->status));
return (http->status);
+ }
if (http->error)
{
- DEBUG_printf(("httpUpdate: socket error %d - %s\n", http->error,
+ DEBUG_printf(("1httpUpdate: socket error %d - %s", http->error,
strerror(http->error)));
http->status = HTTP_ERROR;
return (HTTP_ERROR);
}
+/*
+ * '_httpWait()' - Wait for data available on a connection (no flush).
+ */
+
+int /* O - 1 if data is available, 0 otherwise */
+_httpWait(http_t *http, /* I - Connection to server */
+ int msec, /* I - Milliseconds to wait */
+ int usessl) /* I - Use SSL context? */
+{
+#ifdef HAVE_POLL
+ struct pollfd pfd; /* Polled file descriptor */
+#else
+ fd_set input_set; /* select() input set */
+ struct timeval timeout; /* Timeout */
+#endif /* HAVE_POLL */
+ int nfds; /* Result from select()/poll() */
+
+
+ DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
+
+ if (http->fd < 0)
+ {
+ DEBUG_printf(("5_httpWait: Returning 0 since fd=%d", http->fd));
+ return (0);
+ }
+
+ /*
+ * Check the SSL/TLS buffers for data first...
+ */
+
+#ifdef HAVE_SSL
+ if (http->tls && usessl)
+ {
+# ifdef HAVE_LIBSSL
+ if (SSL_pending((SSL *)(http->tls)))
+ {
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
+ }
+
+# elif defined(HAVE_GNUTLS)
+ if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
+ {
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
+ }
+
+# elif defined(HAVE_CDSASSL)
+ size_t bytes; /* Bytes that are available */
+
+ if (!SSLGetBufferedReadSize(((http_tls_t *)(http->tls))->session, &bytes) &&
+ bytes > 0)
+ {
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
+ }
+# endif /* HAVE_LIBSSL */
+ }
+#endif /* HAVE_SSL */
+
+ /*
+ * Then try doing a select() or poll() to poll the socket...
+ */
+
+#ifdef HAVE_POLL
+ pfd.fd = http->fd;
+ pfd.events = POLLIN;
+
+ while ((nfds = poll(&pfd, 1, msec)) < 0 &&
+ (errno == EINTR || errno == EAGAIN));
+
+#else
+ do
+ {
+ FD_ZERO(&input_set);
+ FD_SET(http->fd, &input_set);
+
+ DEBUG_printf(("6_httpWait: msec=%d, http->fd=%d", msec, http->fd));
+
+ if (msec >= 0)
+ {
+ timeout.tv_sec = msec / 1000;
+ timeout.tv_usec = (msec % 1000) * 1000;
+
+ nfds = select(http->fd + 1, &input_set, NULL, NULL, &timeout);
+ }
+ else
+ nfds = select(http->fd + 1, &input_set, NULL, NULL, NULL);
+
+ DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
+ }
+# ifdef WIN32
+ while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
+ WSAGetLastError() == WSAEWOULDBLOCK));
+# else
+ while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
+# endif /* WIN32 */
+#endif /* HAVE_POLL */
+
+ DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
+ errno));
+
+ return (nfds > 0);
+}
+
+
/*
* 'httpWait()' - Wait for data available on a connection.
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
int /* O - 1 if data is available, 0 otherwise */
-httpWait(http_t *http, /* I - HTTP connection */
+httpWait(http_t *http, /* I - Connection to server */
int msec) /* I - Milliseconds to wait */
{
/*
if (http->used)
return (1);
+ /*
+ * Flush pending data, if any...
+ */
+
+ if (http->wused)
+ {
+ if (httpFlushWrite(http) < 0)
+ return (0);
+ }
+
/*
* If not, check the SSL/TLS buffers and do a select() on the connection...
*/
- return (http_wait(http, msec));
+ return (_httpWait(http, msec, 1));
}
*
* @deprecated@
*/
-
+
int /* O - Number of bytes written */
-httpWrite(http_t *http, /* I - HTTP connection */
+httpWrite(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
int length) /* I - Number of bytes to write */
{
/*
* 'httpWrite2()' - Write data to a HTTP connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
-
+
ssize_t /* O - Number of bytes written */
-httpWrite2(http_t *http, /* I - HTTP connection */
+httpWrite2(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
size_t length) /* I - Number of bytes to write */
{
ssize_t bytes; /* Bytes written */
- DEBUG_printf(("httpWrite(http=%p, buffer=%p, length=%d)\n", http,
- buffer, length));
+ DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
+ buffer, CUPS_LLCAST length));
/*
* Range check input...
{
if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
{
- DEBUG_printf((" flushing buffer (wused=%d, length=%d)\n",
- http->wused, length));
+ DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
+ CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
httpFlushWrite(http);
}
- if ((length + http->wused) <= sizeof(http->wbuffer))
+ if ((length + http->wused) <= sizeof(http->wbuffer) &&
+ length < sizeof(http->wbuffer))
{
/*
* Write to buffer...
*/
- DEBUG_printf((" copying %d bytes to wbuffer...\n", length));
+ DEBUG_printf(("2httpWrite2: Copying " CUPS_LLFMT " bytes to wbuffer...",
+ CUPS_LLCAST length));
memcpy(http->wbuffer + http->wused, buffer, length);
- http->wused += length;
- bytes = length;
+ http->wused += (int)length;
+ bytes = (ssize_t)length;
}
else
{
* Otherwise write the data directly...
*/
- DEBUG_printf((" writing %d bytes to socket...\n", length));
+ DEBUG_printf(("2httpWrite2: Writing " CUPS_LLFMT " bytes to socket...",
+ CUPS_LLCAST length));
if (http->data_encoding == HTTP_ENCODE_CHUNKED)
- bytes = http_write_chunk(http, buffer, length);
+ bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
else
- bytes = http_write(http, buffer, length);
+ bytes = (ssize_t)http_write(http, buffer, (int)length);
- DEBUG_printf((" wrote %d bytes...\n", bytes));
+ DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
+ CUPS_LLCAST bytes));
}
if (http->data_encoding == HTTP_ENCODE_LENGTH)
* data, go idle...
*/
- DEBUG_puts("httpWrite: changing states...");
+ DEBUG_puts("2httpWrite: changing states...");
if (http->wused)
httpFlushWrite(http);
http->state = HTTP_WAITING;
}
- return (bytes);
+ return (bytes);
+}
+
+
+#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
+/*
+ * '_httpWriteCDSA()' - Write function for the CDSA library.
+ */
+
+OSStatus /* O - -1 on error, 0 on success */
+_httpWriteCDSA(
+ SSLConnectionRef connection, /* I - SSL/TLS connection */
+ const void *data, /* I - Data buffer */
+ size_t *dataLength) /* IO - Number of bytes */
+{
+ OSStatus result; /* Return value */
+ ssize_t bytes; /* Number of bytes read */
+ http_t *http; /* HTTP connection */
+
+
+ http = (http_t *)connection;
+
+ do
+ {
+ bytes = write(http->fd, data, *dataLength);
+ }
+ while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
+
+ if (bytes == *dataLength)
+ {
+ result = 0;
+ }
+ else if (bytes >= 0)
+ {
+ *dataLength = bytes;
+ result = errSSLWouldBlock;
+ }
+ else
+ {
+ *dataLength = 0;
+
+ if (errno == EAGAIN)
+ result = errSSLWouldBlock;
+ else
+ result = errSSLClosedAbort;
+ }
+
+ return (result);
+}
+#endif /* HAVE_SSL && HAVE_CDSASSL */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
+/*
+ * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
+ */
+
+ssize_t /* O - Number of bytes written or -1 on error */
+_httpWriteGNUTLS(
+ gnutls_transport_ptr ptr, /* I - Connection to server */
+ const void *data, /* I - Data buffer */
+ size_t length) /* I - Number of bytes to write */
+{
+ return (send(((http_t *)ptr)->fd, data, length, 0));
+}
+#endif /* HAVE_SSL && HAVE_GNUTLS */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
+/*
+ * 'http_bio_ctrl()' - Control the HTTP connection.
+ */
+
+static long /* O - Result/data */
+http_bio_ctrl(BIO *h, /* I - BIO data */
+ int cmd, /* I - Control command */
+ long arg1, /* I - First argument */
+ void *arg2) /* I - Second argument */
+{
+ switch (cmd)
+ {
+ default :
+ return (0);
+
+ case BIO_CTRL_RESET :
+ h->ptr = NULL;
+ return (0);
+
+ case BIO_C_SET_FILE_PTR :
+ h->ptr = arg2;
+ h->init = 1;
+ return (1);
+
+ case BIO_C_GET_FILE_PTR :
+ if (arg2)
+ {
+ *((void **)arg2) = h->ptr;
+ return (1);
+ }
+ else
+ return (0);
+
+ case BIO_CTRL_DUP :
+ case BIO_CTRL_FLUSH :
+ return (1);
+ }
+}
+
+
+/*
+ * 'http_bio_free()' - Free OpenSSL data.
+ */
+
+static int /* O - 1 on success, 0 on failure */
+http_bio_free(BIO *h) /* I - BIO data */
+{
+ if (!h)
+ return (0);
+
+ if (h->shutdown)
+ {
+ h->init = 0;
+ h->flags = 0;
+ }
+
+ return (1);
+}
+
+
+/*
+ * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
+ */
+
+static int /* O - 1 on success, 0 on failure */
+http_bio_new(BIO *h) /* I - BIO data */
+{
+ if (!h)
+ return (0);
+
+ h->init = 0;
+ h->num = 0;
+ h->ptr = NULL;
+ h->flags = 0;
+
+ return (1);
+}
+
+
+/*
+ * 'http_bio_puts()' - Send a string for OpenSSL.
+ */
+
+static int /* O - Bytes written */
+http_bio_puts(BIO *h, /* I - BIO data */
+ const char *str) /* I - String to write */
+{
+#ifdef WIN32
+ return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
+#else
+ return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
+#endif /* WIN32 */
+}
+
+
+/*
+ * 'http_bio_read()' - Read data for OpenSSL.
+ */
+
+static int /* O - Bytes read */
+http_bio_read(BIO *h, /* I - BIO data */
+ char *buf, /* I - Buffer */
+ int size) /* I - Number of bytes to read */
+{
+ http_t *http; /* HTTP connection */
+
+
+ http = (http_t *)h->ptr;
+
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ if (!_httpWait(http, 10000, 0))
+ {
+#ifdef WIN32
+ http->error = WSAETIMEDOUT;
+#else
+ http->error = ETIMEDOUT;
+#endif /* WIN32 */
+
+ return (-1);
+ }
+ }
+
+ return (recv(http->fd, buf, size, 0));
}
-#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
/*
- * '_httpWriteCDSA()' - Write function for CDSA encryption code.
+ * 'http_bio_write()' - Write data for OpenSSL.
*/
-OSStatus /* O - -1 on error, 0 on success */
-_httpWriteCDSA(
- SSLConnectionRef connection, /* I - SSL/TLS connection */
- const void *data, /* I - Data buffer */
- size_t *dataLength) /* IO - Number of bytes */
+static int /* O - Bytes written */
+http_bio_write(BIO *h, /* I - BIO data */
+ const char *buf, /* I - Buffer to write */
+ int num) /* I - Number of bytes to write */
{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- cdsa_conn_ref_t u; /* Connection reference union */
+ return (send(((http_t *)h->ptr)->fd, buf, num, 0));
+}
+#endif /* HAVE_SSL && HAVE_LIBSSL */
- u.connection = connection;
+#ifdef DEBUG
+/*
+ * 'http_debug_hex()' - Do a hex dump of a buffer.
+ */
- do
- bytes = write(u.sock, data, *dataLength);
- while (bytes == -1 && errno == EINTR);
+static void
+http_debug_hex(const char *prefix, /* I - Prefix for line */
+ const char *buffer, /* I - Buffer to dump */
+ int bytes) /* I - Bytes to dump */
+{
+ int i, j, /* Looping vars */
+ ch; /* Current character */
+ char line[255], /* Line buffer */
+ *start, /* Start of line after prefix */
+ *ptr; /* Pointer into line */
- if (bytes == *dataLength)
- result = 0;
- else if (bytes >= 0)
- {
- *dataLength = bytes;
- result = errSSLWouldBlock;
- }
- else
+
+ if (_cups_debug_fd < 0 || _cups_debug_level < 6)
+ return;
+
+ DEBUG_printf(("6%s: %d bytes:\n", prefix, bytes));
+
+ snprintf(line, sizeof(line), "6%s: ", prefix);
+ start = line + strlen(line);
+
+ for (i = 0; i < bytes; i += 16)
{
- *dataLength = 0;
-
- if (errno == EAGAIN)
- result = errSSLWouldBlock;
- else
- result = errSSLClosedAbort;
- }
+ for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
+ sprintf(ptr, "%02X", buffer[i + j] & 255);
+
+ while (j < 16)
+ {
+ strcpy(ptr, " ");
+ ptr += 2;
+ j ++;
+ }
- return result;
+ strcpy(ptr, " ");
+ ptr += 2;
+
+ for (j = 0; j < 16 && (i + j) < bytes; j ++)
+ {
+ ch = buffer[i + j] & 255;
+
+ if (ch < ' ' || ch >= 127)
+ ch = '.';
+
+ *ptr++ = ch;
+ }
+
+ *ptr = '\0';
+ DEBUG_puts(line);
+ }
}
-#endif /* HAVE_SSL && HAVE_CDSASSL */
+#endif /* DEBUG */
/*
* 'http_field()' - Return the field index for a field name.
*/
-static http_field_t /* O - Field index */
-http_field(const char *name) /* I - String name */
+static http_field_t /* O - Field index */
+http_field(const char *name) /* I - String name */
{
- int i; /* Looping var */
+ int i; /* Looping var */
for (i = 0; i < HTTP_FIELD_MAX; i ++)
*/
static int /* O - Bytes read */
-http_read_ssl(http_t *http, /* I - HTTP connection */
+http_read_ssl(http_t *http, /* I - Connection to server */
char *buf, /* I - Buffer to store data */
int len) /* I - Length of buffer */
{
return (SSL_read((SSL *)(http->tls), buf, len));
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len));
+ ssize_t result; /* Return value */
+
+
+ result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
+ return ((int)result);
# elif defined(HAVE_CDSASSL)
int result; /* Return value */
}
return (result);
+# elif defined(HAVE_SSPISSL)
+ return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
# endif /* HAVE_LIBSSL */
}
#endif /* HAVE_SSL */
+#ifdef HAVE_LIBSSL
+/*
+ * 'http_locking_cb()' - Lock/unlock a thread's mutex.
+ */
+
+static void
+http_locking_cb(int mode, /* I - Lock mode */
+ int type, /* I - Lock type */
+ const char *file, /* I - Source file */
+ int line) /* I - Line number */
+{
+ if (mode & CRYPTO_LOCK)
+ _cupsMutexLock(http_locks + type);
+ else
+ _cupsMutexUnlock(http_locks + type);
+}
+#endif /* HAVE_LIBSSL */
+
+
/*
* 'http_send()' - Send a request with all fields and the trailing blank line.
*/
static int /* O - 0 on success, non-zero on error */
-http_send(http_t *http, /* I - HTTP connection */
+http_send(http_t *http, /* I - Connection to server */
http_state_t request, /* I - Request code */
const char *uri) /* I - URI */
{
int i; /* Looping var */
- char *ptr, /* Pointer in buffer */
- buf[1024]; /* Encoded URI buffer */
+ char buf[1024]; /* Encoded URI buffer */
static const char * const codes[] =
{ /* Request code strings */
NULL,
"TRACE",
"CLOSE"
};
- static const char hex[] = "0123456789ABCDEF";
- /* Hex digits */
- DEBUG_printf(("http_send(http=%p, request=HTTP_%s, uri=\"%s\")\n",
+ DEBUG_printf(("7http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
http, codes[request], uri));
if (http == NULL || uri == NULL)
* Encode the URI as needed...
*/
- for (ptr = buf; *uri != '\0' && ptr < (buf + sizeof(buf) - 1); uri ++)
- if (*uri <= ' ' || *uri >= 127)
- {
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = '%';
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = hex[(*uri >> 4) & 15];
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = hex[*uri & 15];
- }
- else
- *ptr ++ = *uri;
-
- *ptr = '\0';
+ _httpEncodeURI(buf, uri, sizeof(buf));
/*
* See if we had an error the last time around; if so, reconnect...
if (httpReconnect(http))
return (-1);
+ /*
+ * Flush any written data that is pending...
+ */
+
+ if (http->wused)
+ {
+ if (httpFlushWrite(http) < 0)
+ if (httpReconnect(http))
+ return (-1);
+ }
+
/*
* Send the request header...
*/
- http->state = request;
+ http->state = request;
+ http->data_encoding = HTTP_ENCODE_FIELDS;
+
if (request == HTTP_POST || request == HTTP_PUT)
http->state ++;
for (i = 0; i < HTTP_FIELD_MAX; i ++)
if (http->fields[i][0] != '\0')
{
- DEBUG_printf(("%s: %s\n", http_fields[i], http->fields[i]));
+ DEBUG_printf(("9http_send: %s: %s", http_fields[i],
+ httpGetField(http, i)));
- if (httpPrintf(http, "%s: %s\r\n", http_fields[i], http->fields[i]) < 1)
+ if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
+ httpGetField(http, i)) < 1)
{
http->status = HTTP_ERROR;
return (-1);
return (-1);
}
+ if (httpFlushWrite(http) < 0)
+ return (-1);
+
httpGetLength2(http);
httpClearFields(http);
+ /*
+ * The Kerberos and AuthRef authentication strings can only be used once...
+ */
+
+ if (http->field_authorization && http->authstring &&
+ (!strncmp(http->authstring, "Negotiate", 9) ||
+ !strncmp(http->authstring, "AuthRef", 7)))
+ {
+ http->_authstring[0] = '\0';
+
+ if (http->authstring != http->_authstring)
+ free(http->authstring);
+
+ http->authstring = http->_authstring;
+ }
+
return (0);
}
*/
static int /* O - Status of connection */
-http_setup_ssl(http_t *http) /* I - HTTP connection */
+http_setup_ssl(http_t *http) /* I - Connection to server */
{
# ifdef HAVE_LIBSSL
SSL_CTX *context; /* Context for encryption */
SSL *conn; /* Connection for encryption */
+ BIO *bio; /* BIO data */
# elif defined(HAVE_GNUTLS)
http_tls_t *conn; /* TLS session object */
gnutls_certificate_client_credentials *credentials;
# elif defined(HAVE_CDSASSL)
OSStatus error; /* Error code */
http_tls_t *conn; /* CDSA connection information */
- cdsa_conn_ref_t u; /* Connection reference union */
+# elif defined(HAVE_SSPISSL)
+ TCHAR username[256]; /* Username returned from GetUserName() */
+ TCHAR commonName[256]; /* Common name for certificate */
+ DWORD dwSize; /* 32 bit size */
+ _sspi_struct_t *conn; /* SSPI connection information */
# endif /* HAVE_LIBSSL */
- DEBUG_printf(("http_setup_ssl(http=%p)\n", http));
+ DEBUG_printf(("7http_setup_ssl(http=%p)", http));
# ifdef HAVE_LIBSSL
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
+ bio = BIO_new(_httpBIOMethods());
+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
+
conn = SSL_new(context);
+ SSL_set_bio(conn, bio, bio);
- SSL_set_fd(conn, http->fd);
if (SSL_connect(conn) != 1)
{
# ifdef DEBUG
unsigned long error; /* Error code */
while ((error = ERR_get_error()) != 0)
- printf("http_setup_ssl: %s\n", ERR_error_string(error, NULL));
+ DEBUG_printf(("8http_setup_ssl: %s", ERR_error_string(error, NULL)));
# endif /* DEBUG */
SSL_CTX_free(context);
gnutls_init(&(conn->session), GNUTLS_CLIENT);
gnutls_set_default_priority(conn->session);
gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, *credentials);
- gnutls_transport_set_ptr(conn->session,
- (gnutls_transport_ptr)((long)http->fd));
+ gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr)http);
+ gnutls_transport_set_pull_function(conn->session, _httpReadGNUTLS);
+ gnutls_transport_set_push_function(conn->session, _httpWriteGNUTLS);
if ((gnutls_handshake(conn->session)) != GNUTLS_E_SUCCESS)
{
http->error = errno;
http->status = HTTP_ERROR;
+ gnutls_deinit(conn->session);
+ gnutls_certificate_free_credentials(*credentials);
+ free(credentials);
+ free(conn);
+
return (-1);
}
* Use a union to resolve warnings about int/pointer size mismatches...
*/
- u.connection = NULL;
- u.sock = http->fd;
- error = SSLSetConnection(conn->session, u.connection);
+ error = SSLSetConnection(conn->session, http);
if (!error)
error = SSLSetIOFuncs(conn->session, _httpReadCDSA, _httpWriteCDSA);
free(conn);
+ return (-1);
+ }
+# elif defined(HAVE_SSPISSL)
+ conn = _sspiAlloc();
+
+ if (!conn)
+ return (-1);
+
+ conn->sock = http->fd;
+ dwSize = sizeof(username) / sizeof(TCHAR);
+ GetUserName(username, &dwSize);
+ _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
+ sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
+
+ if (!_sspiGetCredentials(conn, L"ClientContainer", commonName, FALSE))
+ {
+ _sspiFree(conn);
+ return (-1);
+ }
+
+ _sspiSetAllowsAnyRoot(conn, TRUE);
+ _sspiSetAllowsExpiredCerts(conn, TRUE);
+
+ if (!_sspiConnect(conn, http->hostname))
+ {
+ _sspiFree(conn);
return (-1);
}
# endif /* HAVE_CDSASSL */
*/
static void
-http_shutdown_ssl(http_t *http) /* I - HTTP connection */
+http_shutdown_ssl(http_t *http) /* I - Connection to server */
{
# ifdef HAVE_LIBSSL
SSL_CTX *context; /* Context for encryption */
CFRelease(conn->certsArray);
free(conn);
+# elif defined(HAVE_SSPISSL)
+ _sspi_struct_t *conn; /* SSPI connection information */
+
+ conn = (_sspi_struct_t*)(http->tls);
+ _sspiFree(conn);
# endif /* HAVE_LIBSSL */
http->tls = NULL;
#endif /* HAVE_SSL */
+#ifdef HAVE_LIBSSL
+/*
+ * 'http_threadid_cb()' - Return the current thread ID.
+ */
+
+static unsigned long /* O - Thread ID */
+http_threadid_cb(void)
+{
+# ifdef HAVE_PTHREAD_H
+ return ((unsigned long)pthread_self());
+# else
+ return (0);
+# endif /* HAVE_PTHREAD_H */
+}
+#endif /* HAVE_LIBSSL */
+
+
#ifdef HAVE_SSL
/*
* 'http_upgrade()' - Force upgrade to TLS encryption.
*/
static int /* O - Status of connection */
-http_upgrade(http_t *http) /* I - HTTP connection */
+http_upgrade(http_t *http) /* I - Connection to server */
{
int ret; /* Return value */
http_t myhttp; /* Local copy of HTTP data */
- DEBUG_printf(("http_upgrade(%p)\n", http));
+ DEBUG_printf(("7http_upgrade(%p)", http));
+
+ /*
+ * Flush the connection to make sure any previous "Upgrade" message
+ * has been read.
+ */
+
+ httpFlush(http);
/*
* Copy the HTTP data to a local variable so we can do the OPTIONS
* encryption on the link...
*/
- httpClearFields(&myhttp);
- httpSetField(&myhttp, HTTP_FIELD_CONNECTION, "upgrade");
- httpSetField(&myhttp, HTTP_FIELD_UPGRADE, "TLS/1.0, SSL/2.0, SSL/3.0");
+ http->field_authorization = NULL; /* Don't free the auth string */
+
+ httpClearFields(http);
+ httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.0, SSL/2.0, SSL/3.0");
- if ((ret = httpOptions(&myhttp, "*")) == 0)
+ if ((ret = httpOptions(http, "*")) == 0)
{
/*
* Wait for the secure connection...
*/
- while (httpUpdate(&myhttp) == HTTP_CONTINUE);
+ while (httpUpdate(http) == HTTP_CONTINUE);
}
- httpFlush(&myhttp);
-
/*
- * Copy the HTTP data back over, if any...
+ * Restore the HTTP request data...
*/
- http->fd = myhttp.fd;
- http->error = myhttp.error;
- http->activity = myhttp.activity;
- http->status = myhttp.status;
- http->version = myhttp.version;
- http->keep_alive = myhttp.keep_alive;
- http->used = myhttp.used;
-
- if (http->used)
- memcpy(http->buffer, myhttp.buffer, http->used);
-
- http->auth_type = myhttp.auth_type;
- http->nonce_count = myhttp.nonce_count;
-
- memcpy(http->nonce, myhttp.nonce, sizeof(http->nonce));
-
- http->tls = myhttp.tls;
- http->encryption = myhttp.encryption;
+ memcpy(http->fields, myhttp.fields, sizeof(http->fields));
+ http->data_encoding = myhttp.data_encoding;
+ http->data_remaining = myhttp.data_remaining;
+ http->_data_remaining = myhttp._data_remaining;
+ http->expect = myhttp.expect;
+ http->field_authorization = myhttp.field_authorization;
+ http->digest_tries = myhttp.digest_tries;
/*
* See if we actually went secure...
* Server does not support HTTP upgrade...
*/
- DEBUG_puts("Server does not support HTTP upgrade!");
+ DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
# ifdef WIN32
closesocket(http->fd);
#endif /* HAVE_SSL */
-/*
- * 'http_wait()' - Wait for data available on a connection.
- */
-
-static int /* O - 1 if data is available, 0 otherwise */
-http_wait(http_t *http, /* I - HTTP connection */
- int msec) /* I - Milliseconds to wait */
-{
-#ifndef WIN32
- struct rlimit limit; /* Runtime limit */
- int set_size; /* Size of select set */
-#endif /* !WIN32 */
- struct timeval timeout; /* Timeout */
- int nfds; /* Result from select() */
-
-
- DEBUG_printf(("http_wait(http=%p, msec=%d)\n", http, msec));
-
- if (http->fd < 0)
- return (0);
-
- /*
- * Check the SSL/TLS buffers for data first...
- */
-
-#ifdef HAVE_SSL
- if (http->tls)
- {
-# ifdef HAVE_LIBSSL
- if (SSL_pending((SSL *)(http->tls)))
- return (1);
-# elif defined(HAVE_GNUTLS)
- if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
- return (1);
-# elif defined(HAVE_CDSASSL)
- size_t bytes; /* Bytes that are available */
-
- if (!SSLGetBufferedReadSize(((http_tls_t *)http->tls)->session, &bytes) && bytes > 0)
- return (1);
-# endif /* HAVE_LIBSSL */
- }
-#endif /* HAVE_SSL */
-
- /*
- * Then try doing a select() to poll the socket...
- */
-
- if (!http->input_set)
- {
-#ifdef WIN32
- /*
- * Windows has a fixed-size select() structure, different (surprise,
- * surprise!) from all UNIX implementations. Just allocate this
- * fixed structure...
- */
-
- http->input_set = calloc(1, sizeof(fd_set));
-#else
- /*
- * Allocate the select() input set based upon the max number of file
- * descriptors available for this process...
- */
-
- getrlimit(RLIMIT_NOFILE, &limit);
-
- set_size = (limit.rlim_cur + 31) / 8 + 4;
- if (set_size < sizeof(fd_set))
- set_size = sizeof(fd_set);
-
- http->input_set = calloc(1, set_size);
-#endif /* WIN32 */
-
- if (!http->input_set)
- return (0);
- }
-
- do
- {
- FD_SET(http->fd, http->input_set);
-
- DEBUG_printf(("http_wait: msec=%d, http->fd=%d\n", msec, http->fd));
-
- if (msec >= 0)
- {
- timeout.tv_sec = msec / 1000;
- timeout.tv_usec = (msec % 1000) * 1000;
-
- nfds = select(http->fd + 1, http->input_set, NULL, NULL, &timeout);
- }
- else
- nfds = select(http->fd + 1, http->input_set, NULL, NULL, NULL);
-
- DEBUG_printf(("http_wait: select() returned %d...\n", nfds));
- }
-#ifdef WIN32
- while (nfds < 0 && WSAGetLastError() == WSAEINTR);
-#else
- while (nfds < 0 && errno == EINTR);
-#endif /* WIN32 */
-
- FD_CLR(http->fd, http->input_set);
-
- DEBUG_printf(("http_wait: returning with nfds=%d...\n", nfds));
-
- return (nfds > 0);
-}
-
-
/*
* 'http_write()' - Write a buffer to a HTTP connection.
*/
-
+
static int /* O - Number of bytes written */
-http_write(http_t *http, /* I - HTTP connection */
- const char *buffer, /* I - Buffer for data */
- int length) /* I - Number of bytes to write */
+http_write(http_t *http, /* I - Connection to server */
+ const char *buffer, /* I - Buffer for data */
+ int length) /* I - Number of bytes to write */
{
int tbytes, /* Total bytes sent */
bytes; /* Bytes sent */
- tbytes = 0;
+ DEBUG_printf(("2http_write(http=%p, buffer=%p, length=%d)", http, buffer,
+ length));
+ http->error = 0;
+ tbytes = 0;
while (length > 0)
{
if (bytes < 0)
{
#ifdef WIN32
- if (WSAGetLastError() != http->error)
+ if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
+ continue;
+ else if (WSAGetLastError() != http->error && WSAGetLastError() != WSAECONNRESET)
{
http->error = WSAGetLastError();
continue;
}
#else
- if (errno == EINTR)
+ if (errno == EINTR || errno == EAGAIN)
continue;
else if (errno != http->error && errno != ECONNRESET)
{
}
#endif /* WIN32 */
- DEBUG_puts("http_write: error writing data...\n");
+ DEBUG_printf(("3http_write: error writing data (%s).",
+ strerror(http->error)));
return (-1);
}
}
#ifdef DEBUG
- {
- int i, j, ch;
- printf("http_write: wrote %d bytes: \n", tbytes);
- for (i = 0, buffer -= tbytes; i < tbytes; i += 16)
- {
- printf(" ");
-
- for (j = 0; j < 16 && (i + j) < tbytes; j ++)
- printf(" %02X", buffer[i + j] & 255);
-
- while (j < 16)
- {
- printf(" ");
- j ++;
- }
-
- printf(" ");
- for (j = 0; j < 16 && (i + j) < tbytes; j ++)
- {
- ch = buffer[i + j] & 255;
-
- if (ch < ' ' || ch == 127)
- ch = '.';
-
- putchar(ch);
- }
- putchar('\n');
- }
- }
+ http_debug_hex("http_write", buffer - tbytes, tbytes);
#endif /* DEBUG */
+ DEBUG_printf(("3http_write: Returning %d.", tbytes));
+
return (tbytes);
}
*/
static int /* O - Number bytes written */
-http_write_chunk(http_t *http, /* I - HTTP connection */
+http_write_chunk(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer to write */
int length) /* I - Length of buffer */
{
char header[255]; /* Chunk header */
int bytes; /* Bytes written */
- DEBUG_printf(("http_write_chunk(http=%p, buffer=%p, length=%d)\n",
+
+ DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=%d)",
http, buffer, length));
/*
*/
sprintf(header, "%x\r\n", length);
- if (http_write(http, header, strlen(header)) < 0)
+ if (http_write(http, header, (int)strlen(header)) < 0)
{
- DEBUG_puts(" http_write of length failed!");
+ DEBUG_puts("8http_write_chunk: http_write of length failed!");
return (-1);
}
if ((bytes = http_write(http, buffer, length)) < 0)
{
- DEBUG_puts(" http_write of buffer failed!");
+ DEBUG_puts("8http_write_chunk: http_write of buffer failed!");
return (-1);
}
if (http_write(http, "\r\n", 2) < 0)
{
- DEBUG_puts(" http_write of CR LF failed!");
+ DEBUG_puts("8http_write_chunk: http_write of CR LF failed!");
return (-1);
}
*/
static int /* O - Bytes written */
-http_write_ssl(http_t *http, /* I - HTTP connection */
+http_write_ssl(http_t *http, /* I - Connection to server */
const char *buf, /* I - Buffer holding data */
int len) /* I - Length of buffer */
{
+ ssize_t result; /* Return value */
+
+
+ DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
+
# if defined(HAVE_LIBSSL)
- return (SSL_write((SSL *)(http->tls), buf, len));
+ result = SSL_write((SSL *)(http->tls), buf, len);
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len));
+ result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
# elif defined(HAVE_CDSASSL)
- int result; /* Return value */
OSStatus error; /* Error info */
size_t processed; /* Number of bytes processed */
else
{
result = -1;
- errno = EINTR;
+ errno = EINTR;
}
break;
default :
- errno = EPIPE;
+ errno = EPIPE;
result = -1;
break;
}
-
- return (result);
+# elif defined(HAVE_SSPISSL)
+ return _sspiWrite((_sspi_struct_t*) http->tls, (void*) buf, len);
# endif /* HAVE_LIBSSL */
+
+ DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
+
+ return ((int)result);
}
#endif /* HAVE_SSL */
/*
- * End of "$Id$".
+ * End of "$Id: http.c 7850 2008-08-20 00:07:25Z mike $".
*/
projects / thirdparty / cups.git / blobdiff