/*
- * "$Id: http.c 5373 2006-04-06 20:03:32Z mike $"
+ * "$Id: http.c 7850 2008-08-20 00:07:25Z mike $"
*
- * HTTP routines for the Common UNIX Printing System (CUPS).
+ * HTTP routines for CUPS.
*
- * Copyright 1997-2006 by Easy Software Products, all rights reserved.
+ * Copyright 2007-2011 by Apple Inc.
+ * Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
- * These coded instructions, statements, and computer programs are the
- * property of Easy Software Products and are protected by Federal
- * copyright law. Distribution and use rights are outlined in the file
- * "LICENSE.txt" which should have been included with this file. If this
- * file is missing or damaged please contact Easy Software Products
- * at:
- *
- * Attn: CUPS Licensing Information
- * Easy Software Products
- * 44141 Airport View Drive, Suite 204
- * Hollywood, Maryland 20636 USA
+ * This file contains Kerberos support code, copyright 2006 by
+ * Jelmer Vernooij.
*
- * Voice: (301) 373-9600
- * EMail: cups-info@cups.org
- * WWW: http://www.cups.org
+ * These coded instructions, statements, and computer programs are the
+ * property of Apple Inc. and are protected by Federal copyright
+ * law. Distribution and use rights are outlined in the file "LICENSE.txt"
+ * which should have been included with this file. If this file is
+ * file is missing or damaged, see the license at "http://www.cups.org/".
*
* This file is subject to the Apple OS-Developed Software exception.
*
* Contents:
*
- * httpBlocking() - Set blocking/non-blocking behavior on a connection.
- * httpCheck() - Check to see if there is a pending response from
- * the server.
- * httpClearCookie() - Clear the cookie value(s).
- * httpClearFields() - Clear HTTP request fields.
- * httpClose() - Close an HTTP connection...
- * httpConnect() - Connect to a HTTP server.
- * httpConnectEncrypt() - Connect to a HTTP server using encryption.
- * httpDelete() - Send a DELETE request to the server.
- * httpEncryption() - Set the required encryption on the link.
- * httpError() - Get the last error on a connection.
- * httpFlush() - Flush data from a HTTP connection.
- * httpFlushWrite() - Flush data in write buffer.
- * httpGet() - Send a GET request to the server.
- * httpGetBlocking() - Get the blocking/non-block state of a connection.
- * httpGetCookie() - Get any cookie data from the response.
- * httpGetFd() - Get the file descriptor associated with a
- * connection.
- * httpGetField() - Get a field value from a request/response.
- * httpGetLength() - Get the amount of data remaining from the
- * content-length or transfer-encoding fields.
- * httpGetLength2() - Get the amount of data remaining from the
- * content-length or transfer-encoding fields.
- * httpGetStatus() - Get the status of the last HTTP request.
- * httpGetSubField() - Get a sub-field value.
- * httpGets() - Get a line of text from a HTTP connection.
- * httpHead() - Send a HEAD request to the server.
- * httpInitialize() - Initialize the HTTP interface library and set the
- * default HTTP proxy (if any).
- * httpOptions() - Send an OPTIONS request to the server.
- * httpPost() - Send a POST request to the server.
- * httpPrintf() - Print a formatted string to a HTTP connection.
- * httpPut() - Send a PUT request to the server.
- * httpRead() - Read data from a HTTP connection.
- * httpRead2() - Read data from a HTTP connection.
- * _httpReadCDSA() - Read function for CDSA decryption code.
- * httpReconnect() - Reconnect to a HTTP server...
- * httpSetCookie() - Set the cookie value(s)...
- * httpSetExpect() - Set the Expect: header in a request.
- * httpSetField() - Set the value of an HTTP header.
- * httpSetLength() - Set the content-length and transfer-encoding.
- * httpTrace() - Send an TRACE request to the server.
- * httpUpdate() - Update the current HTTP state for incoming data.
- * httpWait() - Wait for data available on a connection.
- * httpWrite() - Write data to a HTTP connection.
- * httpWrite2() - Write data to a HTTP connection.
- * _httpWriteCDSA() - Write function for CDSA encryption code.
- * http_field() - Return the field index for a field name.
- * http_read_ssl() - Read from a SSL/TLS connection.
- * http_send() - Send a request with all fields and the trailing
- * blank line.
- * http_setup_ssl() - Set up SSL/TLS on a connection.
- * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
- * http_upgrade() - Force upgrade to TLS encryption.
- * http_wait() - Wait for data available on a connection.
- * http_write() - Write data to a connection.
- * http_write_ssl() - Write to a SSL/TLS connection.
+ * httpAddCredential() - Allocates and adds a single credential to an
+ * array.
+ * _httpBIOMethods() - Get the OpenSSL BIO methods for HTTP
+ * connections.
+ * httpBlocking() - Set blocking/non-blocking behavior on a
+ * connection.
+ * httpCheck() - Check to see if there is a pending response
+ * from the server.
+ * httpClearCookie() - Clear the cookie value(s).
+ * httpClearFields() - Clear HTTP request fields.
+ * httpClose() - Close an HTTP connection.
+ * httpConnect() - Connect to a HTTP server.
+ * httpConnectEncrypt() - Connect to a HTTP server using encryption.
+ * httpCopyCredentials() - Copy the credentials associated with an
+ * encrypted connection.
+ * _httpCreate() - Create an unconnected HTTP connection.
+ * _httpCreateCredentials() - Create credentials in the internal format.
+ * httpDelete() - Send a DELETE request to the server.
+ * _httpDisconnect() - Disconnect a HTTP connection.
+ * httpEncryption() - Set the required encryption on the link.
+ * httpError() - Get the last error on a connection.
+ * httpFlush() - Flush data from a HTTP connection.
+ * httpFlushWrite() - Flush data in write buffer.
+ * _httpFreeCredentials() - Free internal credentials.
+ * httpFreeCredentials() - Free an array of credentials.
+ * httpGet() - Send a GET request to the server.
+ * httpGetAuthString() - Get the current authorization string.
+ * httpGetBlocking() - Get the blocking/non-block state of a
+ * connection.
+ * httpGetCookie() - Get any cookie data from the response.
+ * httpGetFd() - Get the file descriptor associated with a
+ * connection.
+ * httpGetField() - Get a field value from a request/response.
+ * httpGetLength() - Get the amount of data remaining from the
+ * content-length or transfer-encoding fields.
+ * httpGetLength2() - Get the amount of data remaining from the
+ * content-length or transfer-encoding fields.
+ * httpGetStatus() - Get the status of the last HTTP request.
+ * httpGetSubField() - Get a sub-field value.
+ * httpGetSubField2() - Get a sub-field value.
+ * httpGets() - Get a line of text from a HTTP connection.
+ * httpHead() - Send a HEAD request to the server.
+ * httpInitialize() - Initialize the HTTP interface library and set
+ * the default HTTP proxy (if any).
+ * httpOptions() - Send an OPTIONS request to the server.
+ * _httpPeek() - Peek at data from a HTTP connection.
+ * httpPost() - Send a POST request to the server.
+ * httpPrintf() - Print a formatted string to a HTTP connection.
+ * httpPut() - Send a PUT request to the server.
+ * httpRead() - Read data from a HTTP connection.
+ * httpRead2() - Read data from a HTTP connection.
+ * _httpReadCDSA() - Read function for the CDSA library.
+ * _httpReadGNUTLS() - Read function for the GNU TLS library.
+ * httpReconnect() - Reconnect to a HTTP server.
+ * httpSetAuthString() - Set the current authorization string.
+ * httpSetCredentials() - Set the credentials associated with an
+ * encrypted connection.
+ * httpSetCookie() - Set the cookie value(s).
+ * httpSetExpect() - Set the Expect: header in a request.
+ * httpSetField() - Set the value of an HTTP header.
+ * httpSetLength() - Set the content-length and content-encoding.
+ * httpSetTimeout() - Set read/write timeouts and an optional
+ * callback.
+ * httpTrace() - Send an TRACE request to the server.
+ * _httpUpdate() - Update the current HTTP status for incoming
+ * data.
+ * httpUpdate() - Update the current HTTP state for incoming
+ * data.
+ * _httpWait() - Wait for data available on a connection (no
+ * flush).
+ * httpWait() - Wait for data available on a connection.
+ * httpWrite() - Write data to a HTTP connection.
+ * httpWrite2() - Write data to a HTTP connection.
+ * _httpWriteCDSA() - Write function for the CDSA library.
+ * _httpWriteGNUTLS() - Write function for the GNU TLS library.
+ * http_bio_ctrl() - Control the HTTP connection.
+ * http_bio_free() - Free OpenSSL data.
+ * http_bio_new() - Initialize an OpenSSL BIO structure.
+ * http_bio_puts() - Send a string for OpenSSL.
+ * http_bio_read() - Read data for OpenSSL.
+ * http_bio_write() - Write data for OpenSSL.
+ * http_debug_hex() - Do a hex dump of a buffer.
+ * http_field() - Return the field index for a field name.
+ * http_read_ssl() - Read from a SSL/TLS connection.
+ * http_locking_cb() - Lock/unlock a thread's mutex.
+ * http_send() - Send a request with all fields and the trailing
+ * blank line.
+ * http_set_credentials() - Set the SSL/TLS credentials.
+ * http_set_timeout() - Set the socket timeout values.
+ * http_set_wait() - Set the default wait value for reads.
+ * http_setup_ssl() - Set up SSL/TLS support on a connection.
+ * http_shutdown_ssl() - Shut down SSL/TLS on a connection.
+ * http_threadid_cb() - Return the current thread ID.
+ * http_upgrade() - Force upgrade to TLS encryption.
+ * http_write() - Write a buffer to a HTTP connection.
+ * http_write_chunk() - Write a chunked buffer.
+ * http_write_ssl() - Write to a SSL/TLS connection.
*/
/*
* Include necessary headers...
*/
-#include "http-private.h"
-#include "globals.h"
-#include "debug.h"
-#include <stdlib.h>
+#include "cups-private.h"
#include <fcntl.h>
-#include <errno.h>
-#ifndef WIN32
+#ifdef WIN32
+# include <tchar.h>
+#else
# include <signal.h>
# include <sys/time.h>
# include <sys/resource.h>
-#endif /* !WIN32 */
+#endif /* WIN32 */
+#ifdef HAVE_POLL
+# include <sys/poll.h>
+#endif /* HAVE_POLL */
/*
* Local functions...
*/
+#ifdef DEBUG
+static void http_debug_hex(const char *prefix, const char *buffer,
+ int bytes);
+#endif /* DEBUG */
static http_field_t http_field(const char *name);
static int http_send(http_t *http, http_state_t request,
const char *uri);
-static int http_wait(http_t *http, int msec);
static int http_write(http_t *http, const char *buffer,
int length);
static int http_write_chunk(http_t *http, const char *buffer,
int length);
#ifdef HAVE_SSL
static int http_read_ssl(http_t *http, char *buf, int len);
+# if defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
+static int http_set_credentials(http_t *http);
+# endif /* HAVE_CDSASSL ** HAVE_SECCERTIFICATECOPYDATA */
+static void http_set_timeout(int fd, double timeout);
+static void http_set_wait(http_t *http);
static int http_setup_ssl(http_t *http);
static void http_shutdown_ssl(http_t *http);
static int http_upgrade(http_t *http);
"User-Agent",
"WWW-Authenticate"
};
+#ifdef DEBUG
+static const char * const http_states[] =
+ {
+ "HTTP_WAITING",
+ "HTTP_OPTIONS",
+ "HTTP_GET",
+ "HTTP_GET_SEND",
+ "HTTP_HEAD",
+ "HTTP_POST",
+ "HTTP_POST_RECV",
+ "HTTP_POST_SEND",
+ "HTTP_PUT",
+ "HTTP_PUT_RECV",
+ "HTTP_DELETE",
+ "HTTP_TRACE",
+ "HTTP_CLOSE",
+ "HTTP_STATUS"
+ };
+#endif /* DEBUG */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
+/*
+ * BIO methods for OpenSSL...
+ */
+
+static int http_bio_write(BIO *h, const char *buf, int num);
+static int http_bio_read(BIO *h, char *buf, int size);
+static int http_bio_puts(BIO *h, const char *str);
+static long http_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int http_bio_new(BIO *h);
+static int http_bio_free(BIO *data);
+
+static BIO_METHOD http_bio_methods =
+ {
+ BIO_TYPE_SOCKET,
+ "http",
+ http_bio_write,
+ http_bio_read,
+ http_bio_puts,
+ NULL, /* http_bio_gets, */
+ http_bio_ctrl,
+ http_bio_new,
+ http_bio_free,
+ NULL,
+ };
+#endif /* HAVE_SSL && HAVE_LIBSSL */
+
+
+/*
+ * 'httpAddCredential()' - Allocates and adds a single credential to an array.
+ *
+ * Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array.
+ *
+ * @since CUPS 1.5/Mac OS X 10.7@
+ */
+
+int /* O - 0 on success, -1 on error */
+httpAddCredential(
+ cups_array_t *credentials, /* I - Credentials array */
+ const void *data, /* I - PEM-encoded X.509 data */
+ size_t datalen) /* I - Length of data */
+{
+ http_credential_t *credential; /* Credential data */
+
+
+ if ((credential = malloc(sizeof(http_credential_t))) != NULL)
+ {
+ credential->datalen = datalen;
+
+ if ((credential->data = malloc(datalen)) != NULL)
+ {
+ memcpy(credential->data, data, datalen);
+ cupsArrayAdd(credentials, credential);
+ return (0);
+ }
+
+ free(credential);
+ }
+
+ return (-1);
+}
+
+
+#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
+/*
+ * '_httpBIOMethods()' - Get the OpenSSL BIO methods for HTTP connections.
+ */
+
+BIO_METHOD * /* O - BIO methods for OpenSSL */
+_httpBIOMethods(void)
+{
+ return (&http_bio_methods);
+}
+#endif /* HAVE_SSL && HAVE_LIBSSL */
/*
*/
void
-httpBlocking(http_t *http, /* I - HTTP connection */
+httpBlocking(http_t *http, /* I - Connection to server */
int b) /* I - 1 = blocking, 0 = non-blocking */
{
if (http)
+ {
http->blocking = b;
+ http_set_wait(http);
+ }
}
*/
int /* O - 0 = no data, 1 = data available */
-httpCheck(http_t *http) /* I - HTTP connection */
+httpCheck(http_t *http) /* I - Connection to server */
{
return (httpWait(http, 0));
}
/*
* 'httpClearCookie()' - Clear the cookie value(s).
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
void
-httpClearCookie(http_t *http) /* I - HTTP connection */
+httpClearCookie(http_t *http) /* I - Connection to server */
{
if (!http)
return;
*/
void
-httpClearFields(http_t *http) /* I - HTTP connection */
+httpClearFields(http_t *http) /* I - Connection to server */
{
if (http)
{
memset(http->fields, 0, sizeof(http->fields));
- httpSetField(http, HTTP_FIELD_HOST, http->hostname);
+ if (http->hostname[0] == '/')
+ httpSetField(http, HTTP_FIELD_HOST, "localhost");
+ else
+ httpSetField(http, HTTP_FIELD_HOST, http->hostname);
+
+ if (http->field_authorization)
+ {
+ free(http->field_authorization);
+ http->field_authorization = NULL;
+ }
http->expect = (http_status_t)0;
}
/*
- * 'httpClose()' - Close an HTTP connection...
+ * 'httpClose()' - Close an HTTP connection.
*/
void
-httpClose(http_t *http) /* I - HTTP connection */
+httpClose(http_t *http) /* I - Connection to server */
{
- DEBUG_printf(("httpClose(http=%p)\n", http));
+#ifdef HAVE_GSSAPI
+ OM_uint32 minor_status; /* Minor status code */
+#endif /* HAVE_GSSAPI */
+
+
+ DEBUG_printf(("httpClose(http=%p)", http));
+
+ /*
+ * Range check input...
+ */
if (!http)
return;
- httpAddrFreeList(http->addrlist);
+ /*
+ * Close any open connection...
+ */
+
+ _httpDisconnect(http);
+
+ /*
+ * Free memory used...
+ */
- if (http->input_set)
- free(http->input_set);
+ httpAddrFreeList(http->addrlist);
if (http->cookie)
free(http->cookie);
-#ifdef HAVE_SSL
- if (http->tls)
- http_shutdown_ssl(http);
-#endif /* HAVE_SSL */
+#ifdef HAVE_GSSAPI
+ if (http->gssctx != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&minor_status, &http->gssctx, GSS_C_NO_BUFFER);
-#ifdef WIN32
- closesocket(http->fd);
-#else
- close(http->fd);
-#endif /* WIN32 */
+ if (http->gssname != GSS_C_NO_NAME)
+ gss_release_name(&minor_status, &http->gssname);
+#endif /* HAVE_GSSAPI */
+
+#ifdef HAVE_AUTHORIZATION_H
+ if (http->auth_ref)
+ AuthorizationFree(http->auth_ref, kAuthorizationFlagDefaults);
+#endif /* HAVE_AUTHORIZATION_H */
+
+ httpClearFields(http);
+
+ if (http->authstring && http->authstring != http->_authstring)
+ free(http->authstring);
free(http);
}
/*
* 'httpConnect()' - Connect to a HTTP server.
+ *
+ * This function is deprecated - use @link httpConnectEncrypt@ instead.
+ *
+ * @deprecated@
*/
http_t * /* O - New HTTP connection */
httpConnect(const char *host, /* I - Host to connect to */
int port) /* I - Port number */
{
- http_encryption_t encryption; /* Type of encryption to use */
+ return (httpConnectEncrypt(host, port, HTTP_ENCRYPT_IF_REQUESTED));
+}
+
+
+/*
+ * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
+ */
+
+http_t * /* O - New HTTP connection */
+httpConnectEncrypt(
+ const char *host, /* I - Host to connect to */
+ int port, /* I - Port number */
+ http_encryption_t encryption) /* I - Type of encryption to use */
+{
+ http_t *http; /* New HTTP connection */
+
+ DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)",
+ host, port, encryption));
/*
- * Set the default encryption status...
+ * Create the HTTP structure...
*/
- if (port == 443)
- encryption = HTTP_ENCRYPT_ALWAYS;
- else
- encryption = HTTP_ENCRYPT_IF_REQUESTED;
+ if ((http = _httpCreate(host, port, NULL, encryption, AF_UNSPEC)) == NULL)
+ return (NULL);
+
+ /*
+ * Connect to the remote system...
+ */
+
+ if (!httpReconnect(http))
+ return (http);
+
+ /*
+ * Could not connect to any known address - bail out!
+ */
+
+ httpAddrFreeList(http->addrlist);
+
+ free(http);
- return (httpConnectEncrypt(host, port, encryption));
+ return (NULL);
}
/*
- * 'httpConnectEncrypt()' - Connect to a HTTP server using encryption.
+ * 'httpCopyCredentials()' - Copy the credentials associated with an encrypted
+ * connection.
+ *
+ * @since CUPS 1.5/Mac OS X 10.7@
*/
-http_t * /* O - New HTTP connection */
-httpConnectEncrypt(
- const char *host, /* I - Host to connect to */
+int /* O - Status of call (0 = success) */
+httpCopyCredentials(
+ http_t *http, /* I - Connection to server */
+ cups_array_t **credentials) /* O - Array of credentials */
+{
+# ifdef HAVE_LIBSSL
+# elif defined(HAVE_GNUTLS)
+# elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
+ OSStatus error; /* Error code */
+ CFIndex count; /* Number of credentials */
+ CFArrayRef peerCerts; /* Peer certificates */
+ SecCertificateRef secCert; /* Certificate reference */
+ CFDataRef data; /* Certificate data */
+ int i; /* Looping var */
+# elif defined(HAVE_SSPISSL)
+# endif /* HAVE_LIBSSL */
+
+
+ if (credentials)
+ *credentials = NULL;
+
+ if (!http || !http->tls || !credentials)
+ return (-1);
+
+# ifdef HAVE_LIBSSL
+ return (-1);
+
+# elif defined(HAVE_GNUTLS)
+ return (-1);
+
+# elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
+ if (!(error = SSLCopyPeerCertificates(http->tls, &peerCerts)) && peerCerts)
+ {
+ if ((*credentials = cupsArrayNew(NULL, NULL)) != NULL)
+ {
+ for (i = 0, count = CFArrayGetCount(peerCerts); i < count; i++)
+ {
+ secCert = (SecCertificateRef)CFArrayGetValueAtIndex(peerCerts, i);
+ if ((data = SecCertificateCopyData(secCert)))
+ {
+ httpAddCredential(*credentials, CFDataGetBytePtr(data),
+ CFDataGetLength(data));
+ CFRelease(data);
+ }
+ }
+ }
+
+ CFRelease(peerCerts);
+ }
+
+ return (error);
+
+# elif defined(HAVE_SSPISSL)
+ return (-1);
+
+# else
+ return (-1);
+# endif /* HAVE_LIBSSL */
+}
+
+
+/*
+ * '_httpCreate()' - Create an unconnected HTTP connection.
+ */
+
+http_t * /* O - HTTP connection */
+_httpCreate(
+ const char *host, /* I - Hostname */
int port, /* I - Port number */
- http_encryption_t encryption) /* I - Type of encryption to use */
+ http_addrlist_t *addrlist, /* I - Address list or NULL */
+ http_encryption_t encryption, /* I - Encryption to use */
+ int family) /* I - Address family or AF_UNSPEC */
{
- http_t *http; /* New HTTP connection */
- http_addrlist_t *addrlist; /* Host address data */
- char service[255]; /* Service name */
+ http_t *http; /* New HTTP connection */
+ char service[255]; /* Service name */
- DEBUG_printf(("httpConnectEncrypt(host=\"%s\", port=%d, encryption=%d)\n",
- host ? host : "(null)", port, encryption));
+ DEBUG_printf(("4_httpCreate(host=\"%s\", port=%d, encryption=%d)",
+ host, port, encryption));
if (!host)
return (NULL);
sprintf(service, "%d", port);
- if ((addrlist = httpAddrGetList(host, AF_UNSPEC, service)) == NULL)
- return (NULL);
+ if (!addrlist)
+ if ((addrlist = httpAddrGetList(host, family, service)) == NULL)
+ return (NULL);
/*
* Allocate memory for the structure...
*/
- http = calloc(sizeof(http_t), 1);
- if (http == NULL)
+ if ((http = calloc(sizeof(http_t), 1)) == NULL)
+ {
+ httpAddrFreeList(addrlist);
return (NULL);
+ }
+
+ /*
+ * Initialize the HTTP data...
+ */
- http->version = HTTP_1_1;
- http->blocking = 1;
http->activity = time(NULL);
+ http->addrlist = addrlist;
+ http->blocking = 1;
http->fd = -1;
+#ifdef HAVE_GSSAPI
+ http->gssctx = GSS_C_NO_CONTEXT;
+ http->gssname = GSS_C_NO_NAME;
+#endif /* HAVE_GSSAPI */
+ http->version = HTTP_1_1;
- /*
- * Set the encryption status...
- */
+ strlcpy(http->hostname, host, sizeof(http->hostname));
if (port == 443) /* Always use encryption for https */
http->encryption = HTTP_ENCRYPT_ALWAYS;
else
http->encryption = encryption;
+ http_set_wait(http);
+
/*
- * Loop through the addresses we have until one of them connects...
+ * Return the new structure...
*/
- strlcpy(http->hostname, host, sizeof(http->hostname));
+ return (http);
+}
- /*
- * Connect to the remote system...
- */
- http->addrlist = addrlist;
+/*
+ * '_httpCreateCredentials()' - Create credentials in the internal format.
+ */
- if (!httpReconnect(http))
- return (http);
+http_tls_credentials_t /* O - Internal credentials */
+_httpCreateCredentials(
+ cups_array_t *credentials) /* I - Array of credentials */
+{
+ if (!credentials)
+ return (NULL);
- /*
- * Could not connect to any known address - bail out!
- */
+# ifdef HAVE_LIBSSL
+ return (NULL);
- httpAddrFreeList(addrlist);
+# elif defined(HAVE_GNUTLS)
+ return (NULL);
+
+# elif defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
+ CFMutableArrayRef peerCerts; /* Peer credentials reference */
+ SecCertificateRef secCert; /* Certificate reference */
+ CFDataRef data; /* Credential data reference */
+ http_credential_t *credential; /* Credential data */
- free(http);
+ if ((peerCerts = CFArrayCreateMutable(kCFAllocatorDefault,
+ cupsArrayCount(credentials),
+ &kCFTypeArrayCallBacks)) == NULL)
+ return (NULL);
+
+ for (credential = (http_credential_t *)cupsArrayFirst(credentials);
+ credential;
+ credential = (http_credential_t *)cupsArrayNext(credentials))
+ {
+ if ((data = CFDataCreate(kCFAllocatorDefault, credential->data,
+ credential->datalen)))
+ {
+ if ((secCert = SecCertificateCreateWithData(kCFAllocatorDefault, data))
+ != NULL)
+ {
+ CFArrayAppendValue(peerCerts, secCert);
+ CFRelease(secCert);
+ }
+
+ CFRelease(data);
+ }
+ }
+
+ return (peerCerts);
+
+# elif defined(HAVE_SSPISSL)
+ return (NULL);
+
+# else
return (NULL);
+# endif /* HAVE_LIBSSL */
}
*/
int /* O - Status of call (0 = success) */
-httpDelete(http_t *http, /* I - HTTP connection */
+httpDelete(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI to delete */
{
return (http_send(http, HTTP_DELETE, uri));
}
+/*
+ * '_httpDisconnect()' - Disconnect a HTTP connection.
+ */
+
+void
+_httpDisconnect(http_t *http) /* I - Connection to server */
+{
+#ifdef HAVE_SSL
+ if (http->tls)
+ http_shutdown_ssl(http);
+#endif /* HAVE_SSL */
+
+#ifdef WIN32
+ closesocket(http->fd);
+#else
+ close(http->fd);
+#endif /* WIN32 */
+
+ http->fd = -1;
+}
+
+
/*
* 'httpEncryption()' - Set the required encryption on the link.
*/
int /* O - -1 on error, 0 on success */
-httpEncryption(http_t *http, /* I - HTTP connection */
+httpEncryption(http_t *http, /* I - Connection to server */
http_encryption_t e) /* I - New encryption preference */
{
- DEBUG_printf(("httpEncryption(http=%p, e=%d)\n", http, e));
+ DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e));
#ifdef HAVE_SSL
if (!http)
*/
int /* O - Error code (errno) value */
-httpError(http_t *http) /* I - HTTP connection */
+httpError(http_t *http) /* I - Connection to server */
{
if (http)
return (http->error);
*/
void
-httpFlush(http_t *http) /* I - HTTP connection */
+httpFlush(http_t *http) /* I - Connection to server */
{
- char buffer[8192]; /* Junk buffer */
- int blocking; /* To block or not to block */
+ char buffer[8192]; /* Junk buffer */
+ int blocking; /* To block or not to block */
+ http_state_t oldstate; /* Old state */
- DEBUG_printf(("httpFlush(http=%p), state=%d\n", http, http->state));
+ DEBUG_printf(("httpFlush(http=%p), state=%s", http,
+ http_states[http->state]));
/*
* Temporarily set non-blocking mode so we don't get stuck in httpRead()...
* Read any data we can...
*/
+ oldstate = http->state;
while (httpRead2(http, buffer, sizeof(buffer)) > 0);
/*
http->blocking = blocking;
- if (http->state != HTTP_WAITING && http->fd >= 0)
+ if (http->state == oldstate && http->state != HTTP_WAITING && http->fd >= 0)
{
/*
* Didn't get the data back, so close the current connection.
/*
* 'httpFlushWrite()' - Flush data in write buffer.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
int /* O - Bytes written or -1 on error */
-httpFlushWrite(http_t *http) /* I - HTTP connection */
+httpFlushWrite(http_t *http) /* I - Connection to server */
{
int bytes; /* Bytes written */
- DEBUG_printf(("httpFlushWrite(http=%p)\n", http));
+ DEBUG_printf(("httpFlushWrite(http=%p)", http));
if (!http || !http->wused)
+ {
+ DEBUG_puts(http ? "1httpFlushWrite: Write buffer is empty." :
+ "1httpFlushWrite: No connection.");
return (0);
+ }
if (http->data_encoding == HTTP_ENCODE_CHUNKED)
bytes = http_write_chunk(http, http->wbuffer, http->wused);
http->wused = 0;
+ DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", bytes, errno));
+
return (bytes);
}
/*
- * 'httpGet()' - Send a GET request to the server.
+ * '_httpFreeCredentials()' - Free internal credentials.
*/
-int /* O - Status of call (0 = success) */
-httpGet(http_t *http, /* I - HTTP connection */
- const char *uri) /* I - URI to get */
+void
+_httpFreeCredentials(
+ http_tls_credentials_t credentials) /* I - Internal credentials */
{
- return (http_send(http, HTTP_GET, uri));
+ if (!credentials)
+ return;
+
+#ifdef HAVE_LIBSSL
+ (void)credentials;
+
+#elif defined(HAVE_GNUTLS)
+ (void)credentials;
+
+#elif defined(HAVE_CDSASSL)
+ CFRelease(credentials);
+
+#elif defined(HAVE_SSPISSL)
+ (void)credentials;
+
+#endif /* HAVE_LIBSSL */
}
/*
- * 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
- *
- * @since CUPS 1.2@
+ * 'httpFreeCredentials()' - Free an array of credentials.
*/
-int /* O - 1 if blocking, 0 if non-blocking */
-httpGetBlocking(http_t *http) /* I - HTTP connection */
+void
+httpFreeCredentials(
+ cups_array_t *credentials) /* I - Array of credentials */
{
- return (http ? http->blocking : 0);
+ http_credential_t *credential; /* Credential */
+
+
+ for (credential = (http_credential_t *)cupsArrayFirst(credentials);
+ credential;
+ credential = (http_credential_t *)cupsArrayNext(credentials))
+ {
+ cupsArrayRemove(credentials, credential);
+ free((void *)credential->data);
+ free(credential);
+ }
+
+ cupsArrayDelete(credentials);
}
/*
- * 'httpGetCookie()' - Get any cookie data from the response.
- *
- * @since CUPS 1.1.19@
+ * 'httpGet()' - Send a GET request to the server.
*/
-const char * /* O - Cookie data or NULL */
+int /* O - Status of call (0 = success) */
+httpGet(http_t *http, /* I - Connection to server */
+ const char *uri) /* I - URI to get */
+{
+ return (http_send(http, HTTP_GET, uri));
+}
+
+
+/*
+ * 'httpGetAuthString()' - Get the current authorization string.
+ *
+ * The authorization string is set by cupsDoAuthentication() and
+ * httpSetAuthString(). Use httpGetAuthString() to retrieve the
+ * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION
+ * value.
+ *
+ * @since CUPS 1.3/Mac OS X 10.5@
+ */
+
+char * /* O - Authorization string */
+httpGetAuthString(http_t *http) /* I - Connection to server */
+{
+ if (http)
+ return (http->authstring);
+ else
+ return (NULL);
+}
+
+
+/*
+ * 'httpGetBlocking()' - Get the blocking/non-block state of a connection.
+ *
+ * @since CUPS 1.2/Mac OS X 10.5@
+ */
+
+int /* O - 1 if blocking, 0 if non-blocking */
+httpGetBlocking(http_t *http) /* I - Connection to server */
+{
+ return (http ? http->blocking : 0);
+}
+
+
+/*
+ * 'httpGetCookie()' - Get any cookie data from the response.
+ *
+ * @since CUPS 1.1.19/Mac OS X 10.3@
+ */
+
+const char * /* O - Cookie data or NULL */
httpGetCookie(http_t *http) /* I - HTTP connecion */
{
return (http ? http->cookie : NULL);
/*
* 'httpGetFd()' - Get the file descriptor associated with a connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
int /* O - File descriptor or -1 if none */
-httpGetFd(http_t *http) /* I - HTTP connection */
+httpGetFd(http_t *http) /* I - Connection to server */
{
return (http ? http->fd : -1);
}
*/
const char * /* O - Field value */
-httpGetField(http_t *http, /* I - HTTP connection */
+httpGetField(http_t *http, /* I - Connection to server */
http_field_t field) /* I - Field to get */
{
if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
return (NULL);
+ else if (field == HTTP_FIELD_AUTHORIZATION &&
+ http->field_authorization)
+ {
+ /*
+ * Special case for WWW-Authenticate: as its contents can be
+ * longer than HTTP_MAX_VALUE...
+ */
+
+ return (http->field_authorization);
+ }
else
return (http->fields[field]);
}
*/
int /* O - Content length */
-httpGetLength(http_t *http) /* I - HTTP connection */
+httpGetLength(http_t *http) /* I - Connection to server */
{
/*
* Get the read content length and return the 32-bit value.
* This function returns the complete content length, even for
* content larger than 2^31 - 1.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
off_t /* O - Content length */
-httpGetLength2(http_t *http) /* I - HTTP connection */
+httpGetLength2(http_t *http) /* I - Connection to server */
{
- DEBUG_printf(("httpGetLength2(http=%p), state=%d\n", http, http->state));
+ DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http,
+ http_states[http->state]));
if (!http)
return (-1);
- if (!strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
+ if (!_cups_strcasecmp(http->fields[HTTP_FIELD_TRANSFER_ENCODING], "chunked"))
{
- DEBUG_puts("httpGetLength2: chunked request!");
+ DEBUG_puts("4httpGetLength2: chunked request!");
http->data_encoding = HTTP_ENCODE_CHUNKED;
http->data_remaining = 0;
* after the transfer is complete...
*/
- if (http->fields[HTTP_FIELD_CONTENT_LENGTH][0] == '\0')
- http->data_remaining = 2147483647;
+ if (!http->fields[HTTP_FIELD_CONTENT_LENGTH][0])
+ {
+ /*
+ * Default content length is 0 for errors and 2^31-1 for other
+ * successful requests...
+ */
+
+ if (http->status >= HTTP_MULTIPLE_CHOICES)
+ http->data_remaining = 0;
+ else
+ http->data_remaining = 2147483647;
+ }
else
http->data_remaining = strtoll(http->fields[HTTP_FIELD_CONTENT_LENGTH],
NULL, 10);
- DEBUG_printf(("httpGetLength2: content_length=" CUPS_LLFMT "\n",
+ DEBUG_printf(("4httpGetLength2: content_length=" CUPS_LLFMT,
CUPS_LLCAST http->data_remaining));
}
/*
* 'httpGetStatus()' - Get the status of the last HTTP request.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
http_status_t /* O - HTTP status */
-httpGetStatus(http_t *http) /* I - HTTP connection */
+httpGetStatus(http_t *http) /* I - Connection to server */
{
return (http ? http->status : HTTP_ERROR);
}
*/
char * /* O - Value or NULL */
-httpGetSubField(http_t *http, /* I - HTTP connection */
+httpGetSubField(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
char *value) /* O - Value string */
/*
* 'httpGetSubField2()' - Get a sub-field value.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
char * /* O - Value or NULL */
-httpGetSubField2(http_t *http, /* I - HTTP connection */
+httpGetSubField2(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *name, /* I - Name of sub-field */
char *value, /* O - Value string */
*ptr, /* Pointer into string buffer */
*end; /* End of value buffer */
- DEBUG_printf(("httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, valuelen=%d)\n",
- http, field, name, value, valuelen));
+ DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, "
+ "valuelen=%d)", http, field, name, value, valuelen));
if (!http || !name || !value || valuelen < 2 ||
field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
* Skip leading whitespace...
*/
- while (isspace(*fptr & 255))
+ while (_cups_isspace(*fptr))
fptr ++;
if (*fptr == ',')
*/
for (ptr = temp;
- *fptr && *fptr != '=' && !isspace(*fptr & 255) &&
+ *fptr && *fptr != '=' && !_cups_isspace(*fptr) &&
ptr < (temp + sizeof(temp) - 1);
*ptr++ = *fptr++);
*ptr = '\0';
- DEBUG_printf(("httpGetSubField: name=\"%s\"\n", temp));
+ DEBUG_printf(("4httpGetSubField2: name=\"%s\"", temp));
/*
* Skip trailing chars up to the '='...
*/
- while (isspace(*fptr & 255))
+ while (_cups_isspace(*fptr))
fptr ++;
if (!*fptr)
fptr ++;
- while (isspace(*fptr & 255))
+ while (_cups_isspace(*fptr))
fptr ++;
if (*fptr == '\"')
*/
for (ptr = value;
- *fptr && !isspace(*fptr & 255) && *fptr != ',' && ptr < end;
+ *fptr && !_cups_isspace(*fptr) && *fptr != ',' && ptr < end;
*ptr++ = *fptr++);
*ptr = '\0';
- while (*fptr && !isspace(*fptr & 255) && *fptr != ',')
+ while (*fptr && !_cups_isspace(*fptr) && *fptr != ',')
fptr ++;
}
- DEBUG_printf(("httpGetSubField: value=\"%s\"\n", value));
+ DEBUG_printf(("4httpGetSubField2: value=\"%s\"", value));
/*
* See if this is the one...
*/
if (!strcmp(name, temp))
+ {
+ DEBUG_printf(("3httpGetSubField2: Returning \"%s\"", value));
return (value);
+ }
}
value[0] = '\0';
+ DEBUG_puts("3httpGetSubField2: Returning NULL");
+
return (NULL);
}
char * /* O - Line or NULL */
httpGets(char *line, /* I - Line to read into */
int length, /* I - Max length of buffer */
- http_t *http) /* I - HTTP connection */
+ http_t *http) /* I - Connection to server */
{
char *lineptr, /* Pointer into line */
*lineend, /* End of line */
eol; /* End-of-line? */
- DEBUG_printf(("httpGets(line=%p, length=%d, http=%p)\n", line, length, http));
+ DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http));
if (http == NULL || line == NULL)
return (NULL);
/*
* Read a line from the buffer...
*/
-
- lineptr = line;
- lineend = line + length - 1;
- eol = 0;
+
+ http->error = 0;
+ lineptr = line;
+ lineend = line + length - 1;
+ eol = 0;
while (lineptr < lineend)
{
* No newline; see if there is more data to be read...
*/
- if (!http->blocking && !http_wait(http, 1000))
+ while (!_httpWait(http, http->wait_value, 1))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ DEBUG_puts("3httpGets: Timed out!");
+#ifdef WIN32
+ http->error = WSAETIMEDOUT;
+#else
+ http->error = ETIMEDOUT;
+#endif /* WIN32 */
return (NULL);
+ }
#ifdef HAVE_SSL
if (http->tls)
bytes = recv(http->fd, http->buffer + http->used,
HTTP_MAX_BUFFER - http->used, 0);
- DEBUG_printf(("httpGets: read %d bytes...\n", bytes));
+ DEBUG_printf(("4httpGets: read %d bytes...", bytes));
if (bytes < 0)
{
*/
#ifdef WIN32
- if (WSAGetLastError() != http->error)
+ DEBUG_printf(("3httpGets: recv() error %d!", WSAGetLastError()));
+
+ if (WSAGetLastError() == WSAEINTR)
+ continue;
+ else if (WSAGetLastError() == WSAEWOULDBLOCK)
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ http->error = WSAGetLastError();
+ }
+ else if (WSAGetLastError() != http->error)
{
http->error = WSAGetLastError();
continue;
}
- DEBUG_printf(("httpGets: recv() error %d!\n", WSAGetLastError()));
#else
- DEBUG_printf(("httpGets: recv() error %d!\n", errno));
+ DEBUG_printf(("3httpGets: recv() error %d!", errno));
if (errno == EINTR)
continue;
+ else if (errno == EWOULDBLOCK || errno == EAGAIN)
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+ else if (!http->timeout_cb && errno == EAGAIN)
+ continue;
+
+ http->error = errno;
+ }
else if (errno != http->error)
{
http->error = errno;
*lineptr++ = *bufptr++;
}
- http->used -= bufptr - http->buffer;
+ http->used -= (int)(bufptr - http->buffer);
if (http->used > 0)
memmove(http->buffer, bufptr, http->used);
http->activity = time(NULL);
*lineptr = '\0';
-
- DEBUG_printf(("httpGets: Returning \"%s\"\n", line));
+
+ DEBUG_printf(("3httpGets: Returning \"%s\"", line));
return (line);
}
}
- DEBUG_puts("httpGets: No new line available!");
+ DEBUG_puts("3httpGets: No new line available!");
return (NULL);
}
*/
int /* O - Status of call (0 = success) */
-httpHead(http_t *http, /* I - HTTP connection */
+httpHead(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for head */
{
+ DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri));
return (http_send(http, HTTP_HEAD, uri));
}
void
httpInitialize(void)
{
+ static int initialized = 0; /* Have we been called before? */
+#ifdef WIN32
+ WSADATA winsockdata; /* WinSock data */
+#endif /* WIN32 */
#ifdef HAVE_LIBSSL
-# ifndef WIN32
- struct timeval curtime; /* Current time in microseconds */
-# endif /* !WIN32 */
- int i; /* Looping var */
- unsigned char data[1024]; /* Seed data */
+ int i; /* Looping var */
+ unsigned char data[1024]; /* Seed data */
#endif /* HAVE_LIBSSL */
-#ifdef WIN32
- WSADATA winsockdata; /* WinSock data */
- static int initialized = 0; /* Has WinSock been initialized? */
+ _cupsGlobalLock();
+ if (initialized)
+ {
+ _cupsGlobalUnlock();
+ return;
+ }
+
+#ifdef WIN32
+ WSAStartup(MAKEWORD(2,2), &winsockdata);
- if (!initialized)
- WSAStartup(MAKEWORD(1,1), &winsockdata);
#elif !defined(SO_NOSIGPIPE)
/*
* Ignore SIGPIPE signals...
# ifdef HAVE_SIGSET
sigset(SIGPIPE, SIG_IGN);
+
# elif defined(HAVE_SIGACTION)
struct sigaction action; /* POSIX sigaction data */
memset(&action, 0, sizeof(action));
action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL);
+
# else
signal(SIGPIPE, SIG_IGN);
# endif /* !SO_NOSIGPIPE */
#endif /* WIN32 */
#ifdef HAVE_GNUTLS
+ /*
+ * Initialize GNU TLS...
+ */
+
gnutls_global_init();
-#endif /* HAVE_GNUTLS */
-#ifdef HAVE_LIBSSL
+#elif defined(HAVE_LIBSSL)
+ /*
+ * Initialize OpenSSL...
+ */
+
SSL_load_error_strings();
SSL_library_init();
* it is the best we can do (on others, this seed isn't even used...)
*/
-#ifdef WIN32
-#else
- gettimeofday(&curtime, NULL);
- srand(curtime.tv_sec + curtime.tv_usec);
-#endif /* WIN32 */
+ CUPS_SRAND(time(NULL));
for (i = 0; i < sizeof(data); i ++)
- data[i] = rand(); /* Yes, this is a poor source of random data... */
+ data[i] = CUPS_RAND();
- RAND_seed(&data, sizeof(data));
-#endif /* HAVE_LIBSSL */
+ RAND_seed(data, sizeof(data));
+#endif /* HAVE_GNUTLS */
+
+ initialized = 1;
+ _cupsGlobalUnlock();
}
*/
int /* O - Status of call (0 = success) */
-httpOptions(http_t *http, /* I - HTTP connection */
+httpOptions(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for options */
{
return (http_send(http, HTTP_OPTIONS, uri));
/*
- * 'httpPost()' - Send a POST request to the server.
- */
-
-int /* O - Status of call (0 = success) */
-httpPost(http_t *http, /* I - HTTP connection */
- const char *uri) /* I - URI for post */
-{
- return (http_send(http, HTTP_POST, uri));
-}
-
-
-/*
- * 'httpPrintf()' - Print a formatted string to a HTTP connection.
- *
- * @private@
- */
-
-int /* O - Number of bytes written */
-httpPrintf(http_t *http, /* I - HTTP connection */
- const char *format, /* I - printf-style format string */
- ...) /* I - Additional args as needed */
-{
- int bytes; /* Number of bytes to write */
- char buf[16384]; /* Buffer for formatted string */
- va_list ap; /* Variable argument pointer */
-
-
- DEBUG_printf(("httpPrintf(http=%p, format=\"%s\", ...)\n", http, format));
-
- va_start(ap, format);
- bytes = vsnprintf(buf, sizeof(buf), format, ap);
- va_end(ap);
-
- DEBUG_printf(("httpPrintf: %s", buf));
-
- if (http->wused)
- {
- DEBUG_puts(" flushing existing data...");
-
- if (httpFlushWrite(http) < 0)
- return (-1);
- }
-
- return (http_write(http, buf, bytes));
-}
-
-
-/*
- * 'httpPut()' - Send a PUT request to the server.
- */
-
-int /* O - Status of call (0 = success) */
-httpPut(http_t *http, /* I - HTTP connection */
- const char *uri) /* I - URI to put */
-{
- return (http_send(http, HTTP_PUT, uri));
-}
-
-
-/*
- * 'httpRead()' - Read data from a HTTP connection.
- *
- * This function is deprecated. Use the httpRead2() function which can
- * read more than 2GB of data.
+ * '_httpPeek()' - Peek at data from a HTTP connection.
*
- * @deprecated@
- */
-
-int /* O - Number of bytes read */
-httpRead(http_t *http, /* I - HTTP connection */
- char *buffer, /* I - Buffer for data */
- int length) /* I - Maximum number of bytes */
-{
- return ((int)httpRead2(http, buffer, length));
-}
-
-
-/*
- * 'httpRead2()' - Read data from a HTTP connection.
+ * This function copies available data from the given HTTP connection, reading
+ * a buffer as needed. The data is still available for reading using
+ * @link httpRead@ or @link httpRead2@.
*
- * @since CUPS 1.2@
+ * For non-blocking connections the usual timeouts apply.
*/
-ssize_t /* O - Number of bytes read */
-httpRead2(http_t *http, /* I - HTTP connection */
+ssize_t /* O - Number of bytes copied */
+_httpPeek(http_t *http, /* I - Connection to server */
char *buffer, /* I - Buffer for data */
size_t length) /* I - Maximum number of bytes */
{
char len[32]; /* Length string */
- DEBUG_printf(("httpRead(http=%p, buffer=%p, length=%d)\n",
- http, buffer, length));
+ DEBUG_printf(("_httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
+ http, buffer, CUPS_LLCAST length));
if (http == NULL || buffer == NULL)
return (-1);
http->activity = time(NULL);
+ http->error = 0;
if (length <= 0)
return (0);
if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
http->data_remaining <= 0)
{
- DEBUG_puts("httpRead2: Getting chunk length...");
+ DEBUG_puts("2_httpPeek: Getting chunk length...");
if (httpGets(len, sizeof(len), http) == NULL)
{
- DEBUG_puts("httpRead2: Could not get length!");
+ DEBUG_puts("1_httpPeek: Could not get length!");
return (0);
}
http->data_remaining = strtoll(len, NULL, 16);
if (http->data_remaining < 0)
{
- DEBUG_puts("httpRead2: Negative chunk length!");
+ DEBUG_puts("1_httpPeek: Negative chunk length!");
return (0);
}
}
- DEBUG_printf(("httpRead2: data_remaining=" CUPS_LLFMT "\n",
+ DEBUG_printf(("2_httpPeek: data_remaining=" CUPS_LLFMT,
CUPS_LLCAST http->data_remaining));
if (http->data_remaining <= 0)
return (0);
}
- else if (length > http->data_remaining)
- length = http->data_remaining;
+ else if (length > (size_t)http->data_remaining)
+ length = (size_t)http->data_remaining;
- if (http->used == 0 && length <= 256)
+ if (http->used == 0)
{
/*
* Buffer small reads for better performance...
*/
- if (!http->blocking && !httpWait(http, 1000))
- return (0);
+ if (!http->blocking)
+ {
+ while (!httpWait(http, http->wait_value))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ return (0);
+ }
+ }
if (http->data_remaining > sizeof(http->buffer))
bytes = sizeof(http->buffer);
else
#endif /* HAVE_SSL */
{
- DEBUG_printf(("httpRead2: reading %d bytes from socket into buffer...\n",
- bytes));
+ DEBUG_printf(("2_httpPeek: reading %d bytes from socket into buffer...",
+ (int)bytes));
bytes = recv(http->fd, http->buffer, bytes, 0);
- DEBUG_printf(("httpRead2: read %d bytes from socket into buffer...\n",
- bytes));
+ DEBUG_printf(("2_httpPeek: read %d bytes from socket into buffer...",
+ (int)bytes));
}
if (bytes > 0)
else if (bytes < 0)
{
#ifdef WIN32
- http->error = WSAGetLastError();
- return (-1);
+ if (WSAGetLastError() != WSAEINTR && WSAGetLastError() != WSAEWOULDBLOCK)
+ {
+ http->error = WSAGetLastError();
+ return (-1);
+ }
#else
- if (errno != EINTR)
+ if (errno != EINTR && errno != EAGAIN)
{
http->error = errno;
return (-1);
if (http->used > 0)
{
- if (length > http->used)
- length = http->used;
+ if (length > (size_t)http->used)
+ length = (size_t)http->used;
- bytes = length;
+ bytes = (ssize_t)length;
- DEBUG_printf(("httpRead2: grabbing %d bytes from input buffer...\n", bytes));
+ DEBUG_printf(("2_httpPeek: grabbing %d bytes from input buffer...",
+ (int)bytes));
memcpy(buffer, http->buffer, length);
- http->used -= length;
-
- if (http->used > 0)
- memmove(http->buffer, http->buffer + length, http->used);
- }
-#ifdef HAVE_SSL
- else if (http->tls)
- {
- if (!http->blocking && !httpWait(http, 1000))
- return (0);
-
- bytes = http_read_ssl(http, buffer, length);
}
-#endif /* HAVE_SSL */
else
- {
- if (!http->blocking && !httpWait(http, 1000))
- return (0);
-
- DEBUG_printf(("httpRead2: reading %d bytes from socket...\n", length));
-
- while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
- if (errno != EINTR)
- break;
-
- DEBUG_printf(("httpRead2: read %d bytes from socket...\n", bytes));
- }
-
- if (bytes > 0)
- {
- http->data_remaining -= bytes;
+ bytes = 0;
- if (http->data_remaining <= INT_MAX)
- http->_data_remaining = (int)http->data_remaining;
- else
- http->_data_remaining = INT_MAX;
- }
- else if (bytes < 0)
+ if (bytes < 0)
{
#ifdef WIN32
- http->error = WSAGetLastError();
+ if (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEWOULDBLOCK)
+ bytes = 0;
+ else
+ http->error = WSAGetLastError();
#else
- if (errno == EINTR)
+ if (errno == EINTR || errno == EAGAIN)
bytes = 0;
else
http->error = errno;
#endif /* WIN32 */
}
- else
+ else if (bytes == 0)
{
http->error = EPIPE;
return (0);
}
- if (http->data_remaining == 0)
- {
- if (http->data_encoding == HTTP_ENCODE_CHUNKED)
- httpGets(len, sizeof(len), http);
-
- if (http->data_encoding != HTTP_ENCODE_CHUNKED)
- {
- if (http->state == HTTP_POST_RECV)
- http->state ++;
- else
- http->state = HTTP_WAITING;
- }
- }
-
#ifdef DEBUG
- {
- int i, j, ch;
- printf("httpRead2: Read %d bytes:\n", bytes);
- for (i = 0; i < bytes; i += 16)
- {
- printf(" ");
-
- for (j = 0; j < 16 && (i + j) < bytes; j ++)
- printf(" %02X", buffer[i + j] & 255);
-
- while (j < 16)
- {
- printf(" ");
- j ++;
- }
-
- printf(" ");
- for (j = 0; j < 16 && (i + j) < bytes; j ++)
- {
- ch = buffer[i + j] & 255;
-
- if (ch < ' ' || ch >= 127)
- ch = '.';
-
- putchar(ch);
- }
- putchar('\n');
- }
- }
+ http_debug_hex("_httpPeek", buffer, (int)bytes);
#endif /* DEBUG */
return (bytes);
}
-#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
/*
- * '_httpReadCDSA()' - Read function for CDSA decryption code.
+ * 'httpPost()' - Send a POST request to the server.
*/
-OSStatus /* O - -1 on error, 0 on success */
-_httpReadCDSA(
- SSLConnectionRef connection, /* I - SSL/TLS connection */
- void *data, /* I - Data buffer */
- size_t *dataLength) /* IO - Number of bytes */
+int /* O - Status of call (0 = success) */
+httpPost(http_t *http, /* I - Connection to server */
+ const char *uri) /* I - URI for post */
{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- cdsa_conn_ref_t u; /* Connection reference union */
-
+ return (http_send(http, HTTP_POST, uri));
+}
- u.connection = connection;
- do
- bytes = recv(u.sock, data, *dataLength, 0);
- while (bytes == -1 && errno == EINTR);
+/*
+ * 'httpPrintf()' - Print a formatted string to a HTTP connection.
+ *
+ * @private@
+ */
+
+int /* O - Number of bytes written */
+httpPrintf(http_t *http, /* I - Connection to server */
+ const char *format, /* I - printf-style format string */
+ ...) /* I - Additional args as needed */
+{
+ int bytes; /* Number of bytes to write */
+ char buf[16384]; /* Buffer for formatted string */
+ va_list ap; /* Variable argument pointer */
+
+
+ DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format));
+
+ va_start(ap, format);
+ bytes = vsnprintf(buf, sizeof(buf), format, ap);
+ va_end(ap);
+
+ DEBUG_printf(("3httpPrintf: %s", buf));
+
+ if (http->data_encoding == HTTP_ENCODE_FIELDS)
+ return (httpWrite2(http, buf, bytes));
+ else
+ {
+ if (http->wused)
+ {
+ DEBUG_puts("4httpPrintf: flushing existing data...");
+
+ if (httpFlushWrite(http) < 0)
+ return (-1);
+ }
+
+ return (http_write(http, buf, bytes));
+ }
+}
+
+
+/*
+ * 'httpPut()' - Send a PUT request to the server.
+ */
+
+int /* O - Status of call (0 = success) */
+httpPut(http_t *http, /* I - Connection to server */
+ const char *uri) /* I - URI to put */
+{
+ DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri));
+ return (http_send(http, HTTP_PUT, uri));
+}
+
+
+/*
+ * 'httpRead()' - Read data from a HTTP connection.
+ *
+ * This function is deprecated. Use the httpRead2() function which can
+ * read more than 2GB of data.
+ *
+ * @deprecated@
+ */
+
+int /* O - Number of bytes read */
+httpRead(http_t *http, /* I - Connection to server */
+ char *buffer, /* I - Buffer for data */
+ int length) /* I - Maximum number of bytes */
+{
+ return ((int)httpRead2(http, buffer, length));
+}
+
+
+/*
+ * 'httpRead2()' - Read data from a HTTP connection.
+ *
+ * @since CUPS 1.2/Mac OS X 10.5@
+ */
+
+ssize_t /* O - Number of bytes read */
+httpRead2(http_t *http, /* I - Connection to server */
+ char *buffer, /* I - Buffer for data */
+ size_t length) /* I - Maximum number of bytes */
+{
+ ssize_t bytes; /* Bytes read */
+ char len[32]; /* Length string */
+
+
+ DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ")",
+ http, buffer, CUPS_LLCAST length));
+
+ if (http == NULL || buffer == NULL)
+ return (-1);
+
+ http->activity = time(NULL);
+ http->error = 0;
+
+ if (length <= 0)
+ return (0);
+
+ if (http->data_encoding == HTTP_ENCODE_CHUNKED &&
+ http->data_remaining <= 0)
+ {
+ DEBUG_puts("2httpRead2: Getting chunk length...");
+
+ if (httpGets(len, sizeof(len), http) == NULL)
+ {
+ DEBUG_puts("1httpRead2: Could not get length!");
+ return (0);
+ }
+
+ http->data_remaining = strtoll(len, NULL, 16);
+ if (http->data_remaining < 0)
+ {
+ DEBUG_puts("1httpRead2: Negative chunk length!");
+ return (0);
+ }
+ }
+
+ DEBUG_printf(("2httpRead2: data_remaining=" CUPS_LLFMT,
+ CUPS_LLCAST http->data_remaining));
+
+ if (http->data_remaining <= 0)
+ {
+ /*
+ * A zero-length chunk ends a transfer; unless we are reading POST
+ * data, go idle...
+ */
+
+ if (http->data_encoding == HTTP_ENCODE_CHUNKED)
+ httpGets(len, sizeof(len), http);
+
+ if (http->state == HTTP_POST_RECV)
+ http->state ++;
+ else
+ http->state = HTTP_WAITING;
+
+ /*
+ * Prevent future reads for this request...
+ */
+
+ http->data_encoding = HTTP_ENCODE_LENGTH;
+
+ return (0);
+ }
+ else if (length > (size_t)http->data_remaining)
+ length = (size_t)http->data_remaining;
+
+ if (http->used == 0 && length <= 256)
+ {
+ /*
+ * Buffer small reads for better performance...
+ */
+
+ if (!http->blocking)
+ {
+ while (!httpWait(http, http->wait_value))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ return (0);
+ }
+ }
+
+ if (http->data_remaining > sizeof(http->buffer))
+ bytes = sizeof(http->buffer);
+ else
+ bytes = http->data_remaining;
+
+#ifdef HAVE_SSL
+ if (http->tls)
+ bytes = http_read_ssl(http, http->buffer, bytes);
+ else
+#endif /* HAVE_SSL */
+ {
+ DEBUG_printf(("2httpRead2: reading %d bytes from socket into buffer...",
+ (int)bytes));
+
+ bytes = recv(http->fd, http->buffer, bytes, 0);
+
+ DEBUG_printf(("2httpRead2: read %d bytes from socket into buffer...",
+ (int)bytes));
+ }
+
+ if (bytes > 0)
+ http->used = bytes;
+ else if (bytes < 0)
+ {
+#ifdef WIN32
+ if (WSAGetLastError() != WSAEINTR)
+ {
+ http->error = WSAGetLastError();
+ return (-1);
+ }
+ else if (WSAGetLastError() == WSAEWOULDBLOCK)
+ {
+ if (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data))
+ {
+ http->error = WSAEWOULDBLOCK;
+ return (-1);
+ }
+ }
+#else
+ if (errno == EWOULDBLOCK || errno == EAGAIN)
+ {
+ if (http->timeout_cb && !(*http->timeout_cb)(http, http->timeout_data))
+ {
+ http->error = errno;
+ return (-1);
+ }
+ else if (!http->timeout_cb && errno != EAGAIN)
+ {
+ http->error = errno;
+ return (-1);
+ }
+ }
+ else if (errno != EINTR)
+ {
+ http->error = errno;
+ return (-1);
+ }
+#endif /* WIN32 */
+ }
+ else
+ {
+ http->error = EPIPE;
+ return (0);
+ }
+ }
+
+ if (http->used > 0)
+ {
+ if (length > (size_t)http->used)
+ length = (size_t)http->used;
+
+ bytes = (ssize_t)length;
+
+ DEBUG_printf(("2httpRead2: grabbing %d bytes from input buffer...",
+ (int)bytes));
+
+ memcpy(buffer, http->buffer, length);
+ http->used -= (int)length;
+
+ if (http->used > 0)
+ memmove(http->buffer, http->buffer + length, http->used);
+ }
+#ifdef HAVE_SSL
+ else if (http->tls)
+ {
+ if (!http->blocking)
+ {
+ while (!httpWait(http, http->wait_value))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ return (0);
+ }
+ }
+
+ bytes = (ssize_t)http_read_ssl(http, buffer, (int)length);
+ }
+#endif /* HAVE_SSL */
+ else
+ {
+ if (!http->blocking)
+ {
+ while (!httpWait(http, http->wait_value))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ return (0);
+ }
+ }
+
+ DEBUG_printf(("2httpRead2: reading " CUPS_LLFMT " bytes from socket...",
+ CUPS_LLCAST length));
+
+#ifdef WIN32
+ while ((bytes = (ssize_t)recv(http->fd, buffer, (int)length, 0)) < 0)
+ {
+ if (WSAGetLastError() == WSAEWOULDBLOCK)
+ {
+ if (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data))
+ break;
+ }
+ else if (WSAGetLastError() != WSAEINTR)
+ break;
+ }
+#else
+ while ((bytes = recv(http->fd, buffer, length, 0)) < 0)
+ {
+ if (errno == EWOULDBLOCK || errno == EAGAIN)
+ {
+ if (http->timeout_cb && !(*http->timeout_cb)(http, http->timeout_data))
+ break;
+ else if (!http->timeout_cb && errno != EAGAIN)
+ break;
+ }
+ else if (errno != EINTR)
+ break;
+ }
+#endif /* WIN32 */
+
+ DEBUG_printf(("2httpRead2: read " CUPS_LLFMT " bytes from socket...",
+ CUPS_LLCAST bytes));
+ }
+
+ if (bytes > 0)
+ {
+ http->data_remaining -= bytes;
+
+ if (http->data_remaining <= INT_MAX)
+ http->_data_remaining = (int)http->data_remaining;
+ else
+ http->_data_remaining = INT_MAX;
+ }
+ else if (bytes < 0)
+ {
+#ifdef WIN32
+ if (WSAGetLastError() == WSAEINTR)
+ bytes = 0;
+ else
+ http->error = WSAGetLastError();
+#else
+ if (errno == EINTR || (errno == EAGAIN && !http->timeout_cb))
+ bytes = 0;
+ else
+ http->error = errno;
+#endif /* WIN32 */
+ }
+ else
+ {
+ http->error = EPIPE;
+ return (0);
+ }
+
+ if (http->data_remaining == 0)
+ {
+ if (http->data_encoding == HTTP_ENCODE_CHUNKED)
+ httpGets(len, sizeof(len), http);
+
+ if (http->data_encoding != HTTP_ENCODE_CHUNKED)
+ {
+ if (http->state == HTTP_POST_RECV)
+ http->state ++;
+ else
+ http->state = HTTP_WAITING;
+ }
+ }
+
+#ifdef DEBUG
+ http_debug_hex("httpRead2", buffer, (int)bytes);
+#endif /* DEBUG */
+
+ return (bytes);
+}
+
+
+#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
+/*
+ * '_httpReadCDSA()' - Read function for the CDSA library.
+ */
+
+OSStatus /* O - -1 on error, 0 on success */
+_httpReadCDSA(
+ SSLConnectionRef connection, /* I - SSL/TLS connection */
+ void *data, /* I - Data buffer */
+ size_t *dataLength) /* IO - Number of bytes */
+{
+ OSStatus result; /* Return value */
+ ssize_t bytes; /* Number of bytes read */
+ http_t *http; /* HTTP connection */
+
+
+ http = (http_t *)connection;
+
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ while (!_httpWait(http, http->wait_value, 0))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ http->error = ETIMEDOUT;
+ return (-1);
+ }
+ }
+
+ do
+ {
+ bytes = recv(http->fd, data, *dataLength, 0);
+ }
+ while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
if (bytes == *dataLength)
+ {
result = 0;
+ }
else if (bytes > 0)
{
*dataLength = bytes;
*dataLength = 0;
if (bytes == 0)
- result = errSSLClosedAbort;
+ result = errSSLClosedGraceful;
else if (errno == EAGAIN)
result = errSSLWouldBlock;
- else if (errno == EPIPE)
- result = errSSLClosedAbort;
else
- result = errSSLInternal;
+ result = errSSLClosedAbort;
}
- return result;
+ return (result);
}
#endif /* HAVE_SSL && HAVE_CDSASSL */
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
+/*
+ * '_httpReadGNUTLS()' - Read function for the GNU TLS library.
+ */
+
+ssize_t /* O - Number of bytes read or -1 on error */
+_httpReadGNUTLS(
+ gnutls_transport_ptr ptr, /* I - Connection to server */
+ void *data, /* I - Buffer */
+ size_t length) /* I - Number of bytes to read */
+{
+ http_t *http; /* HTTP connection */
+ ssize_t bytes; /* Bytes read */
+
+
+ DEBUG_printf(("6_httpReadGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data, (int)length));
+
+ http = (http_t *)ptr;
+
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ while (!_httpWait(http, http->wait_value, 0))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ http->error = ETIMEDOUT;
+ return (-1);
+ }
+ }
+
+ bytes = recv(http->fd, data, length, 0);
+ DEBUG_printf(("6_httpReadGNUTLS: bytes=%d", (int)bytes));
+ return (bytes);
+}
+#endif /* HAVE_SSL && HAVE_GNUTLS */
+
+
/*
* 'httpReconnect()' - Reconnect to a HTTP server.
*/
int /* O - 0 on success, non-zero on failure */
-httpReconnect(http_t *http) /* I - HTTP connection */
+httpReconnect(http_t *http) /* I - Connection to server */
{
http_addrlist_t *addr; /* Connected address */
+#ifdef DEBUG
+ http_addrlist_t *current; /* Current address */
+ char temp[256]; /* Temporary address string */
+#endif /* DEBUG */
- DEBUG_printf(("httpReconnect(http=%p)\n", http));
+ DEBUG_printf(("httpReconnect(http=%p)", http));
if (!http)
return (-1);
#ifdef HAVE_SSL
if (http->tls)
+ {
+ DEBUG_puts("2httpReconnect: Shutting down SSL/TLS...");
http_shutdown_ssl(http);
+ }
#endif /* HAVE_SSL */
/*
if (http->fd >= 0)
{
+ DEBUG_printf(("2httpReconnect: Closing socket %d...", http->fd));
+
#ifdef WIN32
closesocket(http->fd);
#else
* Connect to the server...
*/
+#ifdef DEBUG
+ for (current = http->addrlist; current; current = current->next)
+ DEBUG_printf(("2httpReconnect: Address %s:%d",
+ httpAddrString(&(current->addr), temp, sizeof(temp)),
+ _httpAddrPort(&(current->addr))));
+#endif /* DEBUG */
+
if ((addr = httpAddrConnect(http->addrlist, &(http->fd))) == NULL)
{
/*
#endif /* WIN32 */
http->status = HTTP_ERROR;
+ DEBUG_printf(("1httpReconnect: httpAddrConnect failed: %s",
+ strerror(http->error)));
+
return (-1);
}
+ DEBUG_printf(("2httpReconnect: New socket=%d", http->fd));
+
+ if (http->timeout_value > 0)
+ http_set_timeout(http->fd, http->timeout_value);
+
http->hostaddr = &(addr->addr);
http->error = 0;
http->status = HTTP_CONTINUE;
if (http_setup_ssl(http) != 0)
{
-#ifdef WIN32
+# ifdef WIN32
closesocket(http->fd);
-#else
+# else
close(http->fd);
-#endif /* WIN32 */
+# endif /* WIN32 */
return (-1);
}
return (http_upgrade(http));
#endif /* HAVE_SSL */
+ DEBUG_printf(("1httpReconnect: Connected to %s:%d...",
+ httpAddrString(http->hostaddr, temp, sizeof(temp)),
+ _httpAddrPort(http->hostaddr)));
+
return (0);
}
/*
- * 'httpSetCookie()' - Set the cookie value(s)...
+ * 'httpSetAuthString()' - Set the current authorization string.
+ *
+ * This function just stores a copy of the current authorization string in
+ * the HTTP connection object. You must still call httpSetField() to set
+ * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(),
+ * httpHead(), httpOptions(), httpPost, or httpPut().
+ *
+ * @since CUPS 1.3/Mac OS X 10.5@
+ */
+
+void
+httpSetAuthString(http_t *http, /* I - Connection to server */
+ const char *scheme, /* I - Auth scheme (NULL to clear it) */
+ const char *data) /* I - Auth data (NULL for none) */
+{
+ /*
+ * Range check input...
+ */
+
+ if (!http)
+ return;
+
+ if (http->authstring && http->authstring != http->_authstring)
+ free(http->authstring);
+
+ http->authstring = http->_authstring;
+
+ if (scheme)
+ {
+ /*
+ * Set the current authorization string...
+ */
+
+ int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1;
+ char *temp;
+
+ if (len > (int)sizeof(http->_authstring))
+ {
+ if ((temp = malloc(len)) == NULL)
+ len = sizeof(http->_authstring);
+ else
+ http->authstring = temp;
+ }
+
+ if (data)
+ snprintf(http->authstring, len, "%s %s", scheme, data);
+ else
+ strlcpy(http->authstring, scheme, len);
+ }
+ else
+ {
+ /*
+ * Clear the current authorization string...
+ */
+
+ http->_authstring[0] = '\0';
+ }
+}
+
+
+/*
+ * 'httpSetCredentials()' - Set the credentials associated with an encrypted
+ * connection.
+ *
+ * @since CUPS 1.5/Mac OS X 10.7@
+ */
+
+int /* O - Status of call (0 = success) */
+httpSetCredentials(http_t *http, /* I - Connection to server */
+ cups_array_t *credentials) /* I - Array of credentials */
+{
+ if (!http || cupsArrayCount(credentials) < 1)
+ return (-1);
+
+ _httpFreeCredentials(http->tls_credentials);
+
+ http->tls_credentials = _httpCreateCredentials(credentials);
+
+ return (http->tls_credentials ? 0 : -1);
+}
+
+
+/*
+ * 'httpSetCookie()' - Set the cookie value(s).
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
void
*
* Currently only HTTP_CONTINUE is supported for the "expect" argument.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
void
-httpSetExpect(http_t *http, /* I - HTTP connection */
+httpSetExpect(http_t *http, /* I - Connection to server */
http_status_t expect) /* I - HTTP status to expect (HTTP_CONTINUE) */
{
if (http)
*/
void
-httpSetField(http_t *http, /* I - HTTP connection */
+httpSetField(http_t *http, /* I - Connection to server */
http_field_t field, /* I - Field index */
const char *value) /* I - Value */
{
return;
strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
+
+ if (field == HTTP_FIELD_AUTHORIZATION)
+ {
+ /*
+ * Special case for Authorization: as its contents can be
+ * longer than HTTP_MAX_VALUE
+ */
+
+ if (http->field_authorization)
+ free(http->field_authorization);
+
+ http->field_authorization = strdup(value);
+ }
+ else if (field == HTTP_FIELD_HOST)
+ {
+ /*
+ * Special-case for Host: as we don't want a trailing "." on the hostname and
+ * need to bracket IPv6 numeric addresses.
+ */
+
+ char *ptr = strchr(value, ':');
+
+ if (value[0] != '[' && ptr && strchr(ptr + 1, ':'))
+ {
+ /*
+ * Bracket IPv6 numeric addresses...
+ *
+ * This is slightly inefficient (basically copying twice), but is an edge
+ * case and not worth optimizing...
+ */
+
+ snprintf(http->fields[HTTP_FIELD_HOST],
+ sizeof(http->fields[HTTP_FIELD_HOST]), "[%s]", value);
+ }
+ else
+ {
+ /*
+ * Check for a trailing dot on the hostname...
+ */
+
+ ptr = http->fields[HTTP_FIELD_HOST];
+
+ if (*ptr)
+ {
+ ptr += strlen(ptr) - 1;
+
+ if (*ptr == '.')
+ *ptr = '\0';
+ }
+ }
+ }
}
/*
* 'httpSetLength()' - Set the content-length and content-encoding.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
void
-httpSetLength(http_t *http, /* I - HTTP connection */
+httpSetLength(http_t *http, /* I - Connection to server */
size_t length) /* I - Length (0 for chunked) */
{
if (!http)
}
+/*
+ * 'httpSetTimeout()' - Set read/write timeouts and an optional callback.
+ *
+ * The optional timeout callback receives both the HTTP connection and a user
+ * data pointer and must return 1 to continue or 0 to error (time) out.
+ *
+ * @since CUPS 1.5/Mac OS X 10.7@
+ */
+
+void
+httpSetTimeout(
+ http_t *http, /* I - Connection to server */
+ double timeout, /* I - Number of seconds for timeout,
+ must be greater than 0 */
+ http_timeout_cb_t cb, /* I - Callback function or NULL */
+ void *user_data) /* I - User data pointer */
+{
+ if (!http || timeout <= 0.0)
+ return;
+
+ http->timeout_cb = cb;
+ http->timeout_data = user_data;
+ http->timeout_value = timeout;
+
+ if (http->fd >= 0)
+ http_set_timeout(http->fd, timeout);
+
+ http_set_wait(http);
+}
+
+
/*
* 'httpTrace()' - Send an TRACE request to the server.
*/
int /* O - Status of call (0 = success) */
-httpTrace(http_t *http, /* I - HTTP connection */
+httpTrace(http_t *http, /* I - Connection to server */
const char *uri) /* I - URI for trace */
{
return (http_send(http, HTTP_TRACE, uri));
/*
- * 'httpUpdate()' - Update the current HTTP state for incoming data.
+ * '_httpUpdate()' - Update the current HTTP status for incoming data.
+ *
+ * Note: Unlike httpUpdate(), this function does not flush pending write data
+ * and only retrieves a single status line from the HTTP connection.
*/
-http_status_t /* O - HTTP status */
-httpUpdate(http_t *http) /* I - HTTP connection */
+int /* O - 1 to continue, 0 to stop */
+_httpUpdate(http_t *http, /* I - Connection to server */
+ http_status_t *status) /* O - Current HTTP status */
{
char line[32768], /* Line from connection... */
*value; /* Pointer to value on line */
http_field_t field; /* Field index */
- int major, minor, /* HTTP version numbers */
- status; /* Request status */
+ int major, minor; /* HTTP version numbers */
+
+
+ DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", http, status,
+ http_states[http->state]));
+
+ /*
+ * Grab a single line from the connection...
+ */
+
+ if (!httpGets(line, sizeof(line), http))
+ {
+ *status = HTTP_ERROR;
+ return (0);
+ }
+
+ DEBUG_printf(("2_httpUpdate: Got \"%s\"", line));
+
+ if (line[0] == '\0')
+ {
+ /*
+ * Blank line means the start of the data section (if any). Return
+ * the result code, too...
+ *
+ * If we get status 100 (HTTP_CONTINUE), then we *don't* change states.
+ * Instead, we just return HTTP_CONTINUE to the caller and keep on
+ * tryin'...
+ */
+
+ if (http->status == HTTP_CONTINUE)
+ {
+ *status = http->status;
+ return (0);
+ }
+
+ if (http->status < HTTP_BAD_REQUEST)
+ http->digest_tries = 0;
+
+#ifdef HAVE_SSL
+ if (http->status == HTTP_SWITCHING_PROTOCOLS && !http->tls)
+ {
+ if (http_setup_ssl(http) != 0)
+ {
+# ifdef WIN32
+ closesocket(http->fd);
+# else
+ close(http->fd);
+# endif /* WIN32 */
+
+ *status = http->status = HTTP_ERROR;
+ return (0);
+ }
+
+ *status = HTTP_CONTINUE;
+ return (0);
+ }
+#endif /* HAVE_SSL */
+
+ httpGetLength2(http);
+
+ switch (http->state)
+ {
+ case HTTP_GET :
+ case HTTP_POST :
+ case HTTP_POST_RECV :
+ case HTTP_PUT :
+ http->state ++;
+ case HTTP_POST_SEND :
+ case HTTP_HEAD :
+ break;
+
+ default :
+ http->state = HTTP_WAITING;
+ break;
+ }
+
+ *status = http->status;
+ return (0);
+ }
+ else if (!strncmp(line, "HTTP/", 5))
+ {
+ /*
+ * Got the beginning of a response...
+ */
+
+ int intstatus; /* Status value as an integer */
+
+ if (sscanf(line, "HTTP/%d.%d%d", &major, &minor, &intstatus) != 3)
+ {
+ *status = http->status = HTTP_ERROR;
+ return (0);
+ }
+
+ http->version = (http_version_t)(major * 100 + minor);
+ *status = http->status = (http_status_t)intstatus;
+ }
+ else if ((value = strchr(line, ':')) != NULL)
+ {
+ /*
+ * Got a value...
+ */
+
+ *value++ = '\0';
+ while (_cups_isspace(*value))
+ value ++;
+
+ /*
+ * Be tolerants of servers that send unknown attribute fields...
+ */
+
+ if (!_cups_strcasecmp(line, "expect"))
+ {
+ /*
+ * "Expect: 100-continue" or similar...
+ */
+
+ http->expect = (http_status_t)atoi(value);
+ }
+ else if (!_cups_strcasecmp(line, "cookie"))
+ {
+ /*
+ * "Cookie: name=value[; name=value ...]" - replaces previous cookies...
+ */
+
+ httpSetCookie(http, value);
+ }
+ else if ((field = http_field(line)) != HTTP_FIELD_UNKNOWN)
+ httpSetField(http, field, value);
+#ifdef DEBUG
+ else
+ DEBUG_printf(("1_httpUpdate: unknown field %s seen!", line));
+#endif /* DEBUG */
+ }
+ else
+ {
+ DEBUG_printf(("1_httpUpdate: Bad response line \"%s\"!", line));
+ *status = http->status = HTTP_ERROR;
+ return (0);
+ }
+
+ return (1);
+}
+
+/*
+ * 'httpUpdate()' - Update the current HTTP state for incoming data.
+ */
+
+http_status_t /* O - HTTP status */
+httpUpdate(http_t *http) /* I - Connection to server */
+{
+ http_status_t status; /* Request status */
- DEBUG_printf(("httpUpdate(http=%p), state=%d\n", http, http->state));
+
+ DEBUG_printf(("httpUpdate(http=%p), state=%s", http,
+ http_states[http->state]));
/*
* Flush pending data, if any...
if (http->wused)
{
- DEBUG_puts(" flushing buffer...");
+ DEBUG_puts("2httpUpdate: flushing buffer...");
if (httpFlushWrite(http) < 0)
return (HTTP_ERROR);
* Grab all of the lines we can from the connection...
*/
- while (httpGets(line, sizeof(line), http) != NULL)
+ while (_httpUpdate(http, &status));
+
+ /*
+ * See if there was an error...
+ */
+
+ if (http->error == EPIPE && http->status > HTTP_CONTINUE)
+ {
+ DEBUG_printf(("1httpUpdate: Returning status %d...", http->status));
+ return (http->status);
+ }
+
+ if (http->error)
{
- DEBUG_printf(("httpUpdate: Got \"%s\"\n", line));
+ DEBUG_printf(("1httpUpdate: socket error %d - %s", http->error,
+ strerror(http->error)));
+ http->status = HTTP_ERROR;
+ return (HTTP_ERROR);
+ }
- if (line[0] == '\0')
- {
- /*
- * Blank line means the start of the data section (if any). Return
- * the result code, too...
- *
- * If we get status 100 (HTTP_CONTINUE), then we *don't* change states.
- * Instead, we just return HTTP_CONTINUE to the caller and keep on
- * tryin'...
- */
+ /*
+ * Return the current status...
+ */
- if (http->status == HTTP_CONTINUE)
- return (http->status);
+ return (status);
+}
- if (http->status < HTTP_BAD_REQUEST)
- http->digest_tries = 0;
-#ifdef HAVE_SSL
- if (http->status == HTTP_SWITCHING_PROTOCOLS && !http->tls)
- {
- if (http_setup_ssl(http) != 0)
- {
-# ifdef WIN32
- closesocket(http->fd);
-# else
- close(http->fd);
-# endif /* WIN32 */
+/*
+ * '_httpWait()' - Wait for data available on a connection (no flush).
+ */
- return (HTTP_ERROR);
- }
+int /* O - 1 if data is available, 0 otherwise */
+_httpWait(http_t *http, /* I - Connection to server */
+ int msec, /* I - Milliseconds to wait */
+ int usessl) /* I - Use SSL context? */
+{
+#ifdef HAVE_POLL
+ struct pollfd pfd; /* Polled file descriptor */
+#else
+ fd_set input_set; /* select() input set */
+ struct timeval timeout; /* Timeout */
+#endif /* HAVE_POLL */
+ int nfds; /* Result from select()/poll() */
- return (HTTP_CONTINUE);
- }
-#endif /* HAVE_SSL */
- httpGetLength2(http);
+ DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl));
- switch (http->state)
- {
- case HTTP_GET :
- case HTTP_POST :
- case HTTP_POST_RECV :
- case HTTP_PUT :
- http->state ++;
- case HTTP_POST_SEND :
- case HTTP_HEAD :
- break;
+ if (http->fd < 0)
+ {
+ DEBUG_printf(("5_httpWait: Returning 0 since fd=%d", http->fd));
+ return (0);
+ }
- default :
- http->state = HTTP_WAITING;
- break;
- }
+ /*
+ * Check the SSL/TLS buffers for data first...
+ */
- return (http->status);
- }
- else if (strncmp(line, "HTTP/", 5) == 0)
+#ifdef HAVE_SSL
+ if (http->tls && usessl)
+ {
+# ifdef HAVE_LIBSSL
+ if (SSL_pending(http->tls))
{
- /*
- * Got the beginning of a response...
- */
-
- if (sscanf(line, "HTTP/%d.%d%d", &major, &minor, &status) != 3)
- return (HTTP_ERROR);
-
- http->version = (http_version_t)(major * 100 + minor);
- http->status = (http_status_t)status;
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
}
- else if ((value = strchr(line, ':')) != NULL)
- {
- /*
- * Got a value...
- */
-
- *value++ = '\0';
- while (isspace(*value & 255))
- value ++;
- /*
- * Be tolerants of servers that send unknown attribute fields...
- */
-
- if (!strcasecmp(line, "expect"))
- {
- /*
- * "Expect: 100-continue" or similar...
- */
+# elif defined(HAVE_GNUTLS)
+ if (gnutls_record_check_pending(http->tls))
+ {
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
+ }
- http->expect = (http_status_t)atoi(value);
- }
- else if (!strcasecmp(line, "cookie"))
- {
- /*
- * "Cookie: name=value[; name=value ...]" - replaces previous cookies...
- */
+# elif defined(HAVE_CDSASSL)
+ size_t bytes; /* Bytes that are available */
- httpSetCookie(http, value);
- }
- else if ((field = http_field(line)) == HTTP_FIELD_UNKNOWN)
- {
- DEBUG_printf(("httpUpdate: unknown field %s seen!\n", line));
- continue;
- }
- else
- httpSetField(http, field, value);
- }
- else
+ if (!SSLGetBufferedReadSize(http->tls, &bytes) &&
+ bytes > 0)
{
- http->status = HTTP_ERROR;
- return (HTTP_ERROR);
+ DEBUG_puts("5_httpWait: Return 1 since there is pending SSL data.");
+ return (1);
}
+# endif /* HAVE_LIBSSL */
}
+#endif /* HAVE_SSL */
/*
- * See if there was an error...
+ * Then try doing a select() or poll() to poll the socket...
*/
- if (http->error == EPIPE && http->status > HTTP_CONTINUE)
- return (http->status);
+#ifdef HAVE_POLL
+ pfd.fd = http->fd;
+ pfd.events = POLLIN;
- if (http->error)
+ while ((nfds = poll(&pfd, 1, msec)) < 0 &&
+ (errno == EINTR || errno == EAGAIN));
+
+#else
+ do
{
- DEBUG_printf(("httpUpdate: socket error %d - %s\n", http->error,
- strerror(http->error)));
- http->status = HTTP_ERROR;
- return (HTTP_ERROR);
+ FD_ZERO(&input_set);
+ FD_SET(http->fd, &input_set);
+
+ DEBUG_printf(("6_httpWait: msec=%d, http->fd=%d", msec, http->fd));
+
+ if (msec >= 0)
+ {
+ timeout.tv_sec = msec / 1000;
+ timeout.tv_usec = (msec % 1000) * 1000;
+
+ nfds = select(http->fd + 1, &input_set, NULL, NULL, &timeout);
+ }
+ else
+ nfds = select(http->fd + 1, &input_set, NULL, NULL, NULL);
+
+ DEBUG_printf(("6_httpWait: select() returned %d...", nfds));
}
+# ifdef WIN32
+ while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
+ WSAGetLastError() == WSAEWOULDBLOCK));
+# else
+ while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
+# endif /* WIN32 */
+#endif /* HAVE_POLL */
- /*
- * If we haven't already returned, then there is nothing new...
- */
+ DEBUG_printf(("5_httpWait: returning with nfds=%d, errno=%d...", nfds,
+ errno));
- return (HTTP_CONTINUE);
+ return (nfds > 0);
}
/*
* 'httpWait()' - Wait for data available on a connection.
*
- * @since CUPS 1.1.19@
+ * @since CUPS 1.1.19/Mac OS X 10.3@
*/
int /* O - 1 if data is available, 0 otherwise */
-httpWait(http_t *http, /* I - HTTP connection */
+httpWait(http_t *http, /* I - Connection to server */
int msec) /* I - Milliseconds to wait */
{
/*
* First see if there is data in the buffer...
*/
+ DEBUG_printf(("2httpWait(http=%p, msec=%d)", http, msec));
+
if (http == NULL)
return (0);
if (http->used)
+ {
+ DEBUG_puts("3httpWait: Returning 1 since there is buffered data ready.");
return (1);
+ }
+
+ /*
+ * Flush pending data, if any...
+ */
+
+ if (http->wused)
+ {
+ DEBUG_puts("3httpWait: Flushing write buffer.");
+
+ if (httpFlushWrite(http) < 0)
+ return (0);
+ }
/*
* If not, check the SSL/TLS buffers and do a select() on the connection...
*/
- return (http_wait(http, msec));
+ return (_httpWait(http, msec, 1));
}
*
* @deprecated@
*/
-
+
int /* O - Number of bytes written */
-httpWrite(http_t *http, /* I - HTTP connection */
+httpWrite(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
int length) /* I - Number of bytes to write */
{
/*
* 'httpWrite2()' - Write data to a HTTP connection.
*
- * @since CUPS 1.2@
+ * @since CUPS 1.2/Mac OS X 10.5@
*/
-
+
ssize_t /* O - Number of bytes written */
-httpWrite2(http_t *http, /* I - HTTP connection */
+httpWrite2(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer for data */
size_t length) /* I - Number of bytes to write */
{
ssize_t bytes; /* Bytes written */
- DEBUG_printf(("httpWrite(http=%p, buffer=%p, length=%d)\n", http,
- buffer, length));
+ DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http,
+ buffer, CUPS_LLCAST length));
/*
* Range check input...
{
if (http->wused && (length + http->wused) > sizeof(http->wbuffer))
{
- DEBUG_printf((" flushing buffer (wused=%d, length=%d)\n",
- http->wused, length));
+ DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length="
+ CUPS_LLFMT ")", http->wused, CUPS_LLCAST length));
httpFlushWrite(http);
}
- if ((length + http->wused) <= sizeof(http->wbuffer))
+ if ((length + http->wused) <= sizeof(http->wbuffer) &&
+ length < sizeof(http->wbuffer))
{
/*
* Write to buffer...
*/
- DEBUG_printf((" copying %d bytes to wbuffer...\n", length));
+ DEBUG_printf(("2httpWrite2: Copying " CUPS_LLFMT " bytes to wbuffer...",
+ CUPS_LLCAST length));
memcpy(http->wbuffer + http->wused, buffer, length);
- http->wused += length;
- bytes = length;
+ http->wused += (int)length;
+ bytes = (ssize_t)length;
}
else
{
* Otherwise write the data directly...
*/
- DEBUG_printf((" writing %d bytes to socket...\n", length));
+ DEBUG_printf(("2httpWrite2: Writing " CUPS_LLFMT " bytes to socket...",
+ CUPS_LLCAST length));
if (http->data_encoding == HTTP_ENCODE_CHUNKED)
- bytes = http_write_chunk(http, buffer, length);
+ bytes = (ssize_t)http_write_chunk(http, buffer, (int)length);
else
- bytes = http_write(http, buffer, length);
+ bytes = (ssize_t)http_write(http, buffer, (int)length);
- DEBUG_printf((" wrote %d bytes...\n", bytes));
+ DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...",
+ CUPS_LLCAST bytes));
}
if (http->data_encoding == HTTP_ENCODE_LENGTH)
* data, go idle...
*/
- DEBUG_puts("httpWrite: changing states...");
+ DEBUG_puts("2httpWrite: changing states...");
if (http->wused)
httpFlushWrite(http);
http->data_encoding = HTTP_ENCODE_LENGTH;
http->data_remaining = 0;
}
-
- if (http->state == HTTP_POST_RECV)
- http->state ++;
- else if (http->state == HTTP_PUT_RECV)
- http->state = HTTP_STATUS;
- else
- http->state = HTTP_WAITING;
}
return (bytes);
#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
/*
- * '_httpWriteCDSA()' - Write function for CDSA encryption code.
+ * '_httpWriteCDSA()' - Write function for the CDSA library.
*/
OSStatus /* O - -1 on error, 0 on success */
const void *data, /* I - Data buffer */
size_t *dataLength) /* IO - Number of bytes */
{
- OSStatus result; /* Return value */
- ssize_t bytes; /* Number of bytes read */
- cdsa_conn_ref_t u; /* Connection reference union */
+ OSStatus result; /* Return value */
+ ssize_t bytes; /* Number of bytes read */
+ http_t *http; /* HTTP connection */
- u.connection = connection;
+ http = (http_t *)connection;
do
- bytes = write(u.sock, data, *dataLength);
- while (bytes == -1 && errno == EINTR);
+ {
+ bytes = write(http->fd, data, *dataLength);
+ }
+ while (bytes == -1 && (errno == EINTR || errno == EAGAIN));
if (bytes == *dataLength)
+ {
result = 0;
+ }
else if (bytes >= 0)
{
*dataLength = bytes;
else
{
*dataLength = 0;
-
+
if (errno == EAGAIN)
result = errSSLWouldBlock;
- else if (errno == EPIPE)
- result = errSSLClosedAbort;
else
- result = errSSLInternal;
+ result = errSSLClosedAbort;
+ }
+
+ return (result);
+}
+#endif /* HAVE_SSL && HAVE_CDSASSL */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS)
+/*
+ * '_httpWriteGNUTLS()' - Write function for the GNU TLS library.
+ */
+
+ssize_t /* O - Number of bytes written or -1 on error */
+_httpWriteGNUTLS(
+ gnutls_transport_ptr ptr, /* I - Connection to server */
+ const void *data, /* I - Data buffer */
+ size_t length) /* I - Number of bytes to write */
+{
+ ssize_t bytes; /* Bytes written */
+
+
+ DEBUG_printf(("6_httpWriteGNUTLS(ptr=%p, data=%p, length=%d)", ptr, data,
+ (int)length));
+ http_debug_hex("_httpWriteGNUTLS", data, (int)length);
+
+ bytes = send(((http_t *)ptr)->fd, data, length, 0);
+ DEBUG_printf(("_httpWriteGNUTLS: bytes=%d", (int)bytes));
+ return (bytes);
+}
+#endif /* HAVE_SSL && HAVE_GNUTLS */
+
+
+#if defined(HAVE_SSL) && defined(HAVE_LIBSSL)
+/*
+ * 'http_bio_ctrl()' - Control the HTTP connection.
+ */
+
+static long /* O - Result/data */
+http_bio_ctrl(BIO *h, /* I - BIO data */
+ int cmd, /* I - Control command */
+ long arg1, /* I - First argument */
+ void *arg2) /* I - Second argument */
+{
+ switch (cmd)
+ {
+ default :
+ return (0);
+
+ case BIO_CTRL_RESET :
+ h->ptr = NULL;
+ return (0);
+
+ case BIO_C_SET_FILE_PTR :
+ h->ptr = arg2;
+ h->init = 1;
+ return (1);
+
+ case BIO_C_GET_FILE_PTR :
+ if (arg2)
+ {
+ *((void **)arg2) = h->ptr;
+ return (1);
+ }
+ else
+ return (0);
+
+ case BIO_CTRL_DUP :
+ case BIO_CTRL_FLUSH :
+ return (1);
+ }
+}
+
+
+/*
+ * 'http_bio_free()' - Free OpenSSL data.
+ */
+
+static int /* O - 1 on success, 0 on failure */
+http_bio_free(BIO *h) /* I - BIO data */
+{
+ if (!h)
+ return (0);
+
+ if (h->shutdown)
+ {
+ h->init = 0;
+ h->flags = 0;
+ }
+
+ return (1);
+}
+
+
+/*
+ * 'http_bio_new()' - Initialize an OpenSSL BIO structure.
+ */
+
+static int /* O - 1 on success, 0 on failure */
+http_bio_new(BIO *h) /* I - BIO data */
+{
+ if (!h)
+ return (0);
+
+ h->init = 0;
+ h->num = 0;
+ h->ptr = NULL;
+ h->flags = 0;
+
+ return (1);
+}
+
+
+/*
+ * 'http_bio_puts()' - Send a string for OpenSSL.
+ */
+
+static int /* O - Bytes written */
+http_bio_puts(BIO *h, /* I - BIO data */
+ const char *str) /* I - String to write */
+{
+#ifdef WIN32
+ return (send(((http_t *)h->ptr)->fd, str, (int)strlen(str), 0));
+#else
+ return (send(((http_t *)h->ptr)->fd, str, strlen(str), 0));
+#endif /* WIN32 */
+}
+
+
+/*
+ * 'http_bio_read()' - Read data for OpenSSL.
+ */
+
+static int /* O - Bytes read */
+http_bio_read(BIO *h, /* I - BIO data */
+ char *buf, /* I - Buffer */
+ int size) /* I - Number of bytes to read */
+{
+ http_t *http; /* HTTP connection */
+
+
+ http = (http_t *)h->ptr;
+
+ if (!http->blocking)
+ {
+ /*
+ * Make sure we have data before we read...
+ */
+
+ while (!_httpWait(http, http->wait_value, 0))
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+#ifdef WIN32
+ http->error = WSAETIMEDOUT;
+#else
+ http->error = ETIMEDOUT;
+#endif /* WIN32 */
+
+ return (-1);
+ }
}
- return result;
+ return (recv(http->fd, buf, size, 0));
+}
+
+
+/*
+ * 'http_bio_write()' - Write data for OpenSSL.
+ */
+
+static int /* O - Bytes written */
+http_bio_write(BIO *h, /* I - BIO data */
+ const char *buf, /* I - Buffer to write */
+ int num) /* I - Number of bytes to write */
+{
+ return (send(((http_t *)h->ptr)->fd, buf, num, 0));
+}
+#endif /* HAVE_SSL && HAVE_LIBSSL */
+
+
+#ifdef DEBUG
+/*
+ * 'http_debug_hex()' - Do a hex dump of a buffer.
+ */
+
+static void
+http_debug_hex(const char *prefix, /* I - Prefix for line */
+ const char *buffer, /* I - Buffer to dump */
+ int bytes) /* I - Bytes to dump */
+{
+ int i, j, /* Looping vars */
+ ch; /* Current character */
+ char line[255], /* Line buffer */
+ *start, /* Start of line after prefix */
+ *ptr; /* Pointer into line */
+
+
+ if (_cups_debug_fd < 0 || _cups_debug_level < 6)
+ return;
+
+ DEBUG_printf(("6%s: %d bytes:\n", prefix, bytes));
+
+ snprintf(line, sizeof(line), "6%s: ", prefix);
+ start = line + strlen(line);
+
+ for (i = 0; i < bytes; i += 16)
+ {
+ for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2)
+ sprintf(ptr, "%02X", buffer[i + j] & 255);
+
+ while (j < 16)
+ {
+ strcpy(ptr, " ");
+ ptr += 2;
+ j ++;
+ }
+
+ strcpy(ptr, " ");
+ ptr += 2;
+
+ for (j = 0; j < 16 && (i + j) < bytes; j ++)
+ {
+ ch = buffer[i + j] & 255;
+
+ if (ch < ' ' || ch >= 127)
+ ch = '.';
+
+ *ptr++ = ch;
+ }
+
+ *ptr = '\0';
+ DEBUG_puts(line);
+ }
}
-#endif /* HAVE_SSL && HAVE_CDSASSL */
+#endif /* DEBUG */
/*
* 'http_field()' - Return the field index for a field name.
*/
-static http_field_t /* O - Field index */
-http_field(const char *name) /* I - String name */
+static http_field_t /* O - Field index */
+http_field(const char *name) /* I - String name */
{
- int i; /* Looping var */
+ int i; /* Looping var */
for (i = 0; i < HTTP_FIELD_MAX; i ++)
- if (strcasecmp(name, http_fields[i]) == 0)
+ if (_cups_strcasecmp(name, http_fields[i]) == 0)
return ((http_field_t)i);
return (HTTP_FIELD_UNKNOWN);
*/
static int /* O - Bytes read */
-http_read_ssl(http_t *http, /* I - HTTP connection */
+http_read_ssl(http_t *http, /* I - Connection to server */
char *buf, /* I - Buffer to store data */
int len) /* I - Length of buffer */
{
return (SSL_read((SSL *)(http->tls), buf, len));
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len));
+ ssize_t result; /* Return value */
+
+
+ result = gnutls_record_recv(http->tls, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
+ return ((int)result);
# elif defined(HAVE_CDSASSL)
int result; /* Return value */
size_t processed; /* Number of bytes processed */
- error = SSLRead((SSLContextRef)http->tls, buf, len, &processed);
+ error = SSLRead(http->tls, buf, len, &processed);
switch (error)
{
case 0 :
result = (int)processed;
break;
- case errSSLClosedGraceful :
- result = 0;
- break;
+
case errSSLWouldBlock :
if (processed)
result = (int)processed;
errno = EINTR;
}
break;
+
+ case errSSLClosedGraceful :
default :
- errno = EPIPE;
- result = -1;
+ if (processed)
+ result = (int)processed;
+ else
+ {
+ result = -1;
+ errno = EPIPE;
+ }
break;
}
return (result);
+# elif defined(HAVE_SSPISSL)
+ return _sspiRead((_sspi_struct_t*) http->tls, buf, len);
# endif /* HAVE_LIBSSL */
}
#endif /* HAVE_SSL */
*/
static int /* O - 0 on success, non-zero on error */
-http_send(http_t *http, /* I - HTTP connection */
+http_send(http_t *http, /* I - Connection to server */
http_state_t request, /* I - Request code */
const char *uri) /* I - URI */
{
int i; /* Looping var */
- char *ptr, /* Pointer in buffer */
- buf[1024]; /* Encoded URI buffer */
+ char buf[1024]; /* Encoded URI buffer */
static const char * const codes[] =
{ /* Request code strings */
NULL,
"TRACE",
"CLOSE"
};
- static const char hex[] = "0123456789ABCDEF";
- /* Hex digits */
- DEBUG_printf(("http_send(http=%p, request=HTTP_%s, uri=\"%s\")\n",
+ DEBUG_printf(("7http_send(http=%p, request=HTTP_%s, uri=\"%s\")",
http, codes[request], uri));
if (http == NULL || uri == NULL)
* Encode the URI as needed...
*/
- for (ptr = buf; *uri != '\0' && ptr < (buf + sizeof(buf) - 1); uri ++)
- if (*uri <= ' ' || *uri >= 127)
- {
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = '%';
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = hex[(*uri >> 4) & 15];
- if (ptr < (buf + sizeof(buf) - 1))
- *ptr ++ = hex[*uri & 15];
- }
- else
- *ptr ++ = *uri;
-
- *ptr = '\0';
+ _httpEncodeURI(buf, uri, sizeof(buf));
/*
* See if we had an error the last time around; if so, reconnect...
if (httpReconnect(http))
return (-1);
+ /*
+ * Flush any written data that is pending...
+ */
+
+ if (http->wused)
+ {
+ if (httpFlushWrite(http) < 0)
+ if (httpReconnect(http))
+ return (-1);
+ }
+
/*
* Send the request header...
*/
- http->state = request;
+ http->state = request;
+ http->data_encoding = HTTP_ENCODE_FIELDS;
+
if (request == HTTP_POST || request == HTTP_PUT)
http->state ++;
for (i = 0; i < HTTP_FIELD_MAX; i ++)
if (http->fields[i][0] != '\0')
{
- DEBUG_printf(("%s: %s\n", http_fields[i], http->fields[i]));
+ DEBUG_printf(("9http_send: %s: %s", http_fields[i],
+ httpGetField(http, i)));
- if (httpPrintf(http, "%s: %s\r\n", http_fields[i], http->fields[i]) < 1)
+ if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
+ httpGetField(http, i)) < 1)
{
http->status = HTTP_ERROR;
return (-1);
return (-1);
}
- if (httpPrintf(http, "\r\n") < 1)
+ if (httpPrintf(http, "\r\n") < 1)
+ {
+ http->status = HTTP_ERROR;
+ return (-1);
+ }
+
+ if (httpFlushWrite(http) < 0)
+ return (-1);
+
+ httpGetLength2(http);
+ httpClearFields(http);
+
+ /*
+ * The Kerberos and AuthRef authentication strings can only be used once...
+ */
+
+ if (http->field_authorization && http->authstring &&
+ (!strncmp(http->authstring, "Negotiate", 9) ||
+ !strncmp(http->authstring, "AuthRef", 7)))
+ {
+ http->_authstring[0] = '\0';
+
+ if (http->authstring != http->_authstring)
+ free(http->authstring);
+
+ http->authstring = http->_authstring;
+ }
+
+ return (0);
+}
+
+
+#ifdef HAVE_SSL
+# if defined(HAVE_CDSASSL) && defined(HAVE_SECCERTIFICATECOPYDATA)
+/*
+ * 'http_set_credentials()' - Set the SSL/TLS credentials.
+ */
+
+static int /* O - Status of connection */
+http_set_credentials(http_t *http) /* I - Connection to server */
+{
+ _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
+ OSStatus error = 0; /* Error code */
+ http_tls_credentials_t credentials = NULL;
+ /* TLS credentials */
+
+
+ DEBUG_printf(("7http_set_credentials(%p)", http));
+
+ /*
+ * Prefer connection specific credentials...
+ */
+
+ if ((credentials = http->tls_credentials) == NULL)
+ credentials = cg->tls_credentials;
+
+# if HAVE_SECPOLICYCREATESSL
+ /*
+ * Otherwise root around in the user's keychain to see if one can be found...
+ */
+
+ if (!credentials)
+ {
+ CFDictionaryRef query; /* Query dictionary */
+ CFTypeRef matches = NULL; /* Matching credentials */
+ CFArrayRef dn_array = NULL;/* Distinguished names array */
+ CFTypeRef keys[] = { kSecClass,
+ kSecMatchLimit,
+ kSecReturnRef };
+ /* Keys for dictionary */
+ CFTypeRef values[] = { kSecClassCertificate,
+ kSecMatchLimitOne,
+ kCFBooleanTrue };
+ /* Values for dictionary */
+
+ /*
+ * Get the names associated with the server.
+ */
+
+ if ((error = SSLCopyDistinguishedNames(http->tls, &dn_array)) != noErr)
+ {
+ DEBUG_printf(("4http_set_credentials: SSLCopyDistinguishedNames, error=%d",
+ (int)error));
+ return (error);
+ }
+
+ /*
+ * Create a query which will return all identities that can sign and match
+ * the passed in policy.
+ */
+
+ query = CFDictionaryCreate(NULL,
+ (const void**)(&keys[0]),
+ (const void**)(&values[0]),
+ sizeof(keys) / sizeof(keys[0]),
+ &kCFTypeDictionaryKeyCallBacks,
+ &kCFTypeDictionaryValueCallBacks);
+ if (query)
+ {
+ error = SecItemCopyMatching(query, &matches);
+ DEBUG_printf(("4http_set_credentials: SecItemCopyMatching, error=%d",
+ (int)error));
+ CFRelease(query);
+ }
+
+ if (matches)
+ CFRelease(matches);
+
+ if (dn_array)
+ CFRelease(dn_array);
+ }
+# endif /* HAVE_SECPOLICYCREATESSL */
+
+ if (credentials)
+ {
+ error = SSLSetCertificate(http->tls, credentials);
+ DEBUG_printf(("4http_set_credentials: SSLSetCertificate, error=%d",
+ (int)error));
+ }
+ else
+ DEBUG_puts("4http_set_credentials: No credentials to set.");
+
+ return (error);
+}
+# endif /* HAVE_CDSASSL && HAVE_SECCERTIFICATECOPYDATA */
+
+
+/*
+ * 'http_set_timeout()' - Set the socket timeout values.
+ */
+
+static void
+http_set_timeout(int fd, /* I - File descriptor */
+ double timeout) /* I - Timeout in seconds */
+{
+#ifdef WIN32
+ DWORD tv = (DWORD)(timeout * 1000);
+ /* Timeout in milliseconds */
+
+ setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(tv));
+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(tv));
+
+#else
+ struct timeval tv; /* Timeout in secs and usecs */
+
+ tv.tv_sec = (int)timeout;
+ tv.tv_usec = (int)(1000000 * fmod(timeout, 1.0));
+
+ setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
+ setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
+#endif /* WIN32 */
+}
+
+
+/*
+ * 'http_set_wait()' - Set the default wait value for reads.
+ */
+
+static void
+http_set_wait(http_t *http) /* I - Connection to server */
+{
+ if (http->blocking)
+ {
+ http->wait_value = (int)(http->timeout_value * 1000);
+
+ if (http->wait_value <= 0)
+ http->wait_value = 60000;
+ }
+ else
+ http->wait_value = 10000;
+}
+
+
+/*
+ * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
+ */
+
+static int /* O - 0 on success, -1 on failure */
+http_setup_ssl(http_t *http) /* I - Connection to server */
+{
+ _cups_globals_t *cg = _cupsGlobals();
+ /* Pointer to library globals */
+ int any_root; /* Allow any root */
+
+# ifdef HAVE_LIBSSL
+ SSL_CTX *context; /* Context for encryption */
+ BIO *bio; /* BIO data */
+ const char *message = NULL;/* Error message */
+# elif defined(HAVE_GNUTLS)
+ int status; /* Status of handshake */
+ gnutls_certificate_client_credentials *credentials;
+ /* TLS credentials */
+# elif defined(HAVE_CDSASSL)
+ OSStatus error; /* Error code */
+ char *hostname; /* Hostname */
+ const char *message = NULL;/* Error message */
+# ifdef HAVE_SECCERTIFICATECOPYDATA
+ cups_array_t *credentials; /* Credentials array */
+ cups_array_t *names; /* CUPS distinguished names */
+ CFArrayRef dn_array; /* CF distinguished names array */
+ CFIndex count; /* Number of credentials */
+ CFDataRef data; /* Certificate data */
+ int i; /* Looping var */
+ http_credential_t *credential; /* Credential data */
+# endif /* HAVE_SECCERTIFICATECOPYDATA */
+# elif defined(HAVE_SSPISSL)
+ TCHAR username[256]; /* Username returned from GetUserName() */
+ TCHAR commonName[256];/* Common name for certificate */
+ DWORD dwSize; /* 32 bit size */
+# endif /* HAVE_LIBSSL */
+
+
+ DEBUG_printf(("7http_setup_ssl(http=%p)", http));
+
+ /*
+ * Always allow self-signed certificates for the local loopback address...
+ */
+
+ if (httpAddrLocalhost(http->hostaddr))
+ any_root = 1;
+ else
+ any_root = cg->any_root;
+
+# ifdef HAVE_LIBSSL
+ (void)any_root;
+
+ context = SSL_CTX_new(SSLv23_client_method());
+
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
+
+ bio = BIO_new(_httpBIOMethods());
+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
+
+ http->tls = SSL_new(context);
+ SSL_set_bio(http->tls, bio, bio);
+
+ if (SSL_connect(http->tls) != 1)
+ {
+ unsigned long error; /* Error code */
+
+ while ((error = ERR_get_error()) != 0)
+ {
+ message = ERR_error_string(error, NULL);
+ DEBUG_printf(("8http_setup_ssl: %s", message));
+ }
+
+ SSL_CTX_free(context);
+ SSL_free(http->tls);
+ http->tls = NULL;
+
+# ifdef WIN32
+ http->error = WSAGetLastError();
+# else
+ http->error = errno;
+# endif /* WIN32 */
+ http->status = HTTP_ERROR;
+
+ if (!message)
+ message = _("Unable to establish a secure connection to host.");
+
+ _cupsSetError(IPP_PKI_ERROR, message, 1);
+
+ return (-1);
+ }
+
+# elif defined(HAVE_GNUTLS)
+ credentials = (gnutls_certificate_client_credentials *)
+ malloc(sizeof(gnutls_certificate_client_credentials));
+ if (credentials == NULL)
+ {
+ DEBUG_printf(("8http_setup_ssl: Unable to allocate credentials: %s",
+ strerror(errno)));
+ http->error = errno;
+ http->status = HTTP_ERROR;
+ _cupsSetHTTPError(HTTP_ERROR);
+
+ return (-1);
+ }
+
+ gnutls_certificate_allocate_credentials(credentials);
+
+ gnutls_init(&http->tls, GNUTLS_CLIENT);
+ gnutls_set_default_priority(http->tls);
+ gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, http->hostname, strlen(http->hostname));
+ gnutls_credentials_set(http->tls, GNUTLS_CRD_CERTIFICATE, *credentials);
+ gnutls_transport_set_ptr(http->tls, (gnutls_transport_ptr)http);
+ gnutls_transport_set_pull_function(http->tls, _httpReadGNUTLS);
+ gnutls_transport_set_push_function(http->tls, _httpWriteGNUTLS);
+
+ while ((status = gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
+ {
+ DEBUG_printf(("8http_setup_ssl: gnutls_handshake returned %d (%s)",
+ status, gnutls_strerror(status)));
+
+ if (gnutls_error_is_fatal(status))
+ {
+ http->error = EIO;
+ http->status = HTTP_ERROR;
+
+ _cupsSetError(IPP_PKI_ERROR, gnutls_strerror(status), 0);
+
+ gnutls_deinit(http->tls);
+ gnutls_certificate_free_credentials(*credentials);
+ free(credentials);
+ http->tls = NULL;
+
+ return (-1);
+ }
+ }
+
+ http->tls_credentials = credentials;
+
+# elif defined(HAVE_CDSASSL)
+ if ((error = SSLNewContext(false, &http->tls)))
+ {
+ http->error = errno;
+ http->status = HTTP_ERROR;
+ _cupsSetHTTPError(HTTP_ERROR);
+
+ return (-1);
+ }
+
+ error = SSLSetConnection(http->tls, http);
+ DEBUG_printf(("4http_setup_ssl: SSLSetConnection, error=%d", (int)error));
+
+ if (!error)
+ {
+ error = SSLSetIOFuncs(http->tls, _httpReadCDSA, _httpWriteCDSA);
+ DEBUG_printf(("4http_setup_ssl: SSLSetIOFuncs, error=%d", (int)error));
+ }
+
+ if (!error)
+ {
+ error = SSLSetAllowsAnyRoot(http->tls, any_root);
+ DEBUG_printf(("4http_setup_ssl: SSLSetAllowsAnyRoot(%d), error=%d",
+ any_root, (int)error));
+ }
+
+ if (!error)
+ {
+ error = SSLSetAllowsExpiredCerts(http->tls, cg->expired_certs);
+ DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredCerts(%d), error=%d",
+ cg->expired_certs, (int)error));
+ }
+
+ if (!error)
+ {
+ error = SSLSetAllowsExpiredRoots(http->tls, cg->expired_root);
+ DEBUG_printf(("4http_setup_ssl: SSLSetAllowsExpiredRoots(%d), error=%d",
+ cg->expired_root, (int)error));
+ }
+
+# ifdef HAVE_SSLSETPROTOCOLVERSIONMAX
+ if (!error)
+ {
+ error = SSLSetProtocolVersionMax(http->tls, kTLSProtocol1);
+ DEBUG_printf(("4http_setup_ssl: SSLSetProtocolVersionMax(kTLSProtocol1), "
+ "error=%d", (int)error));
+ }
+# endif /* HAVE_SSLSETPROTOCOLVERSIONMAX */
+
+# ifdef HAVE_SECCERTIFICATECOPYDATA
+ if (!error)
+ {
+ if (cg->client_cert_cb)
+ {
+ error = SSLSetSessionOption(http->tls,
+ kSSLSessionOptionBreakOnCertRequested, true);
+ DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnCertRequested, "
+ "error=%d", (int)error));
+ }
+ else
+ {
+ error = http_set_credentials(http);
+ DEBUG_printf(("4http_setup_ssl: http_set_credentials, error=%d",
+ (int)error));
+ }
+ }
+
+ /*
+ * If there's a server certificate callback installed let it evaluate the
+ * certificate(s) during the handshake...
+ */
+
+ if (!error && cg->server_cert_cb != NULL)
+ {
+ error = SSLSetEnableCertVerify(http->tls, false);
+ DEBUG_printf(("4http_setup_ssl: SSLSetEnableCertVerify, error=%d",
+ (int)error));
+
+ if (!error)
+ {
+ error = SSLSetSessionOption(http->tls,
+ kSSLSessionOptionBreakOnServerAuth, true);
+ DEBUG_printf(("4http_setup_ssl: kSSLSessionOptionBreakOnServerAuth, "
+ "error=%d", (int)error));
+ }
+ }
+# endif /* HAVE_SECCERTIFICATECOPYDATA */
+
+ if (!error)
{
- http->status = HTTP_ERROR;
- return (-1);
+ hostname = httpAddrLocalhost(http->hostaddr) ? "localhost" : http->hostname;
+ error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
+
+ DEBUG_printf(("4http_setup_ssl: SSLSetPeerDomainName, error=%d",
+ (int)error));
}
- httpGetLength2(http);
- httpClearFields(http);
+ if (!error)
+ {
+ int done = 0; /* Are we done yet? */
- return (0);
-}
+ while (!error && !done)
+ {
+ error = SSLHandshake(http->tls);
+ DEBUG_printf(("4http_setup_ssl: SSLHandshake returned %d.", (int)error));
-#ifdef HAVE_SSL
-/*
- * 'http_setup_ssl()' - Set up SSL/TLS support on a connection.
- */
+ switch (error)
+ {
+ case noErr :
+ done = 1;
+ break;
-static int /* O - Status of connection */
-http_setup_ssl(http_t *http) /* I - HTTP connection */
-{
-# ifdef HAVE_LIBSSL
- SSL_CTX *context; /* Context for encryption */
- SSL *conn; /* Connection for encryption */
-# elif defined(HAVE_GNUTLS)
- http_tls_t *conn; /* TLS session object */
- gnutls_certificate_client_credentials *credentials;
- /* TLS credentials */
-# elif defined(HAVE_CDSASSL)
- SSLContextRef conn; /* Context for encryption */
- OSStatus error; /* Error info */
-# endif /* HAVE_LIBSSL */
+ case errSSLWouldBlock :
+ usleep(1000);
+ break;
+# ifdef HAVE_SECCERTIFICATECOPYDATA
+ case errSSLServerAuthCompleted :
+ error = 0;
+ if (cg->server_cert_cb)
+ {
+ error = httpCopyCredentials(http, &credentials);
+ if (!error)
+ {
+ error = (cg->server_cert_cb)(http, http->tls, credentials,
+ cg->server_cert_data);
+ httpFreeCredentials(credentials);
+ }
+
+ DEBUG_printf(("4http_setup_ssl: Server certificate callback returned "
+ "%d.", (int)error));
+ }
+ break;
- DEBUG_printf(("http_setup_ssl(http=%p)\n", http));
+ case errSSLClientCertRequested :
+ error = 0;
+
+ if (cg->client_cert_cb)
+ {
+ names = NULL;
+ if (!(error = SSLCopyDistinguishedNames(http->tls, &dn_array)) &&
+ dn_array)
+ {
+ if ((names = cupsArrayNew(NULL, NULL)) != NULL)
+ {
+ for (i = 0, count = CFArrayGetCount(dn_array); i < count; i++)
+ {
+ data = (CFDataRef)CFArrayGetValueAtIndex(dn_array, i);
+
+ if ((credential = malloc(sizeof(*credential))))
+ {
+ credential->datalen = CFDataGetLength(data);
+ if ((credential->data = malloc(credential->datalen)))
+ {
+ memcpy((void *)credential->data, CFDataGetBytePtr(data),
+ credential->datalen);
+ cupsArrayAdd(names, credential);
+ }
+ }
+ }
+ }
+
+ CFRelease(dn_array);
+ }
+
+ if (!error)
+ {
+ error = (cg->client_cert_cb)(http, http->tls, names,
+ cg->client_cert_data);
+
+ DEBUG_printf(("4http_setup_ssl: Client certificate callback "
+ "returned %d.", (int)error));
+ }
+
+ httpFreeCredentials(names);
+ }
+ break;
+# endif /* HAVE_SECCERTIFICATECOPYDATA */
-# ifdef HAVE_LIBSSL
- context = SSL_CTX_new(SSLv23_client_method());
+ case errSSLUnknownRootCert :
+ message = _("Unable to establish a secure connection to host "
+ "(untrusted certificate).");
+ break;
- SSL_CTX_set_options(context, SSL_OP_NO_SSLv2); /* Only use SSLv3 or TLS */
+ case errSSLNoRootCert :
+ message = _("Unable to establish a secure connection to host "
+ "(self-signed certificate).");
+ break;
- conn = SSL_new(context);
+ case errSSLCertExpired :
+ message = _("Unable to establish a secure connection to host "
+ "(expired certificate).");
+ break;
- SSL_set_fd(conn, http->fd);
- if (SSL_connect(conn) != 1)
- {
-# ifdef DEBUG
- unsigned long error; /* Error code */
+ case errSSLCertNotYetValid :
+ message = _("Unable to establish a secure connection to host "
+ "(certificate not yet valid).");
+ break;
- while ((error = ERR_get_error()) != 0)
- printf("http_setup_ssl: %s\n", ERR_error_string(error, NULL));
-# endif /* DEBUG */
+ case errSSLHostNameMismatch :
+ message = _("Unable to establish a secure connection to host "
+ "(host name mismatch).");
+ break;
- SSL_CTX_free(context);
- SSL_free(conn);
+ case errSSLXCertChainInvalid :
+ message = _("Unable to establish a secure connection to host "
+ "(certificate chain invalid).");
+ break;
-# ifdef WIN32
- http->error = WSAGetLastError();
-# else
- http->error = errno;
-# endif /* WIN32 */
- http->status = HTTP_ERROR;
+ case errSSLConnectionRefused :
+ message = _("Unable to establish a secure connection to host "
+ "(peer dropped connection before responding).");
+ break;
- return (HTTP_ERROR);
+ default :
+ break;
+ }
+ }
}
-# elif defined(HAVE_GNUTLS)
- conn = (http_tls_t *)malloc(sizeof(http_tls_t));
-
- if (conn == NULL)
+ if (error)
{
- http->error = errno;
+ http->error = error;
http->status = HTTP_ERROR;
+ errno = ECONNREFUSED;
- return (-1);
- }
+ SSLDisposeContext(http->tls);
+ http->tls = NULL;
- credentials = (gnutls_certificate_client_credentials *)
- malloc(sizeof(gnutls_certificate_client_credentials));
- if (credentials == NULL)
- {
- free(conn);
+ /*
+ * If an error string wasn't set by the callbacks use a generic one...
+ */
- http->error = errno;
- http->status = HTTP_ERROR;
+ if (!message)
+#ifdef HAVE_CSSMERRORSTRING
+ message = cssmErrorString(error);
+#else
+ message = _("Unable to establish a secure connection to host.");
+#endif /* HAVE_CSSMERRORSTRING */
+
+ _cupsSetError(IPP_PKI_ERROR, message, 1);
return (-1);
}
- gnutls_certificate_allocate_credentials(credentials);
-
- gnutls_init(&(conn->session), GNUTLS_CLIENT);
- gnutls_set_default_priority(conn->session);
- gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, *credentials);
- gnutls_transport_set_ptr(conn->session,
- (gnutls_transport_ptr)((long)http->fd));
+# elif defined(HAVE_SSPISSL)
+ http->tls = _sspiAlloc();
- if ((gnutls_handshake(conn->session)) != GNUTLS_E_SUCCESS)
+ if (!http->tls)
{
- http->error = errno;
- http->status = HTTP_ERROR;
-
return (-1);
- }
-
- conn->credentials = credentials;
-
-# elif defined(HAVE_CDSASSL)
- cdsa_conn_ref_t u; /* Connection reference union */
+ http->tls->sock = http->fd;
+ dwSize = sizeof(username) / sizeof(TCHAR);
+ GetUserName(username, &dwSize);
+ _sntprintf_s(commonName, sizeof(commonName) / sizeof(TCHAR),
+ sizeof(commonName) / sizeof(TCHAR), TEXT("CN=%s"), username);
- error = SSLNewContext(false, &conn);
+ if (!_sspiGetCredentials(http->tls_credentials, L"ClientContainer",
+ commonName, FALSE))
+ {
+ _sspiFree(http->tls_credentials);
+ http->tls_credentials = NULL;
- if (!error)
- error = SSLSetIOFuncs(conn, _httpReadCDSA, _httpWriteCDSA);
+ http->error = EIO;
+ http->status = HTTP_ERROR;
- if (!error)
- {
- /*
- * Use a union to resolve warnings about int/pointer size mismatches...
- */
+ _cupsSetError(IPP_PKI_ERROR,
+ _("Unable to establish a secure connection to host."), 1);
- u.connection = NULL;
- u.sock = http->fd;
- error = SSLSetConnection(conn, u.connection);
+ return (-1);
}
- if (!error)
- error = SSLSetAllowsExpiredCerts(conn, true);
-
- if (!error)
- error = SSLSetAllowsAnyRoot(conn, true);
+ _sspiSetAllowsAnyRoot(http->tls_credentials, TRUE);
+ _sspiSetAllowsExpiredCerts(http->tls_credentials, TRUE);
- if (!error)
+ if (!_sspiConnect(http->tls_credentials, http->hostname))
{
- while ((error = SSLHandshake(conn)) == errSSLWouldBlock)
- usleep(1000);
- }
+ _sspiFree(http->tls_credentials);
+ http->tls_credentials = NULL;
- if (error != 0)
- {
- http->error = error;
+ http->error = EIO;
http->status = HTTP_ERROR;
- SSLDisposeContext(conn);
-
- close(http->fd);
+ _cupsSetError(IPP_PKI_ERROR,
+ _("Unable to establish a secure connection to host."), 1);
return (-1);
}
# endif /* HAVE_CDSASSL */
- http->tls = conn;
return (0);
}
#endif /* HAVE_SSL */
*/
static void
-http_shutdown_ssl(http_t *http) /* I - HTTP connection */
+http_shutdown_ssl(http_t *http) /* I - Connection to server */
{
# ifdef HAVE_LIBSSL
- SSL_CTX *context; /* Context for encryption */
- SSL *conn; /* Connection for encryption */
-
+ SSL_CTX *context; /* Context for encryption */
- conn = (SSL *)(http->tls);
- context = SSL_get_SSL_CTX(conn);
+ context = SSL_get_SSL_CTX(http->tls);
- SSL_shutdown(conn);
+ SSL_shutdown(http->tls);
SSL_CTX_free(context);
- SSL_free(conn);
+ SSL_free(http->tls);
# elif defined(HAVE_GNUTLS)
- http_tls_t *conn; /* Encryption session */
gnutls_certificate_client_credentials *credentials;
- /* TLS credentials */
+ /* TLS credentials */
+ credentials = (gnutls_certificate_client_credentials *)(http->tls_credentials);
- conn = (http_tls_t *)(http->tls);
- credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
-
- gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
- gnutls_deinit(conn->session);
+ gnutls_bye(http->tls, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(http->tls);
gnutls_certificate_free_credentials(*credentials);
free(credentials);
- free(conn);
# elif defined(HAVE_CDSASSL)
- while (SSLClose((SSLContextRef)http->tls) == errSSLWouldBlock)
+ while (SSLClose(http->tls) == errSSLWouldBlock)
usleep(1000);
- SSLDisposeContext((SSLContextRef)http->tls);
+ SSLDisposeContext(http->tls);
+
+ if (http->tls_credentials)
+ CFRelease(http->tls_credentials);
+
+# elif defined(HAVE_SSPISSL)
+ _sspiFree(http->tls_credentials);
# endif /* HAVE_LIBSSL */
- http->tls = NULL;
+ http->tls = NULL;
+ http->tls_credentials = NULL;
}
#endif /* HAVE_SSL */
* 'http_upgrade()' - Force upgrade to TLS encryption.
*/
-static int /* O - Status of connection */
-http_upgrade(http_t *http) /* I - HTTP connection */
+static int /* O - Status of connection */
+http_upgrade(http_t *http) /* I - Connection to server */
{
- int ret; /* Return value */
- http_t myhttp; /* Local copy of HTTP data */
+ int ret; /* Return value */
+ http_t myhttp; /* Local copy of HTTP data */
- DEBUG_printf(("http_upgrade(%p)\n", http));
+ DEBUG_printf(("7http_upgrade(%p)", http));
+
+ /*
+ * Flush the connection to make sure any previous "Upgrade" message
+ * has been read.
+ */
+
+ httpFlush(http);
/*
* Copy the HTTP data to a local variable so we can do the OPTIONS
* encryption on the link...
*/
- httpClearFields(&myhttp);
- httpSetField(&myhttp, HTTP_FIELD_CONNECTION, "upgrade");
- httpSetField(&myhttp, HTTP_FIELD_UPGRADE, "TLS/1.0, SSL/2.0, SSL/3.0");
+ http->field_authorization = NULL; /* Don't free the auth string */
- if ((ret = httpOptions(&myhttp, "*")) == 0)
+ httpClearFields(http);
+ httpSetField(http, HTTP_FIELD_CONNECTION, "upgrade");
+ httpSetField(http, HTTP_FIELD_UPGRADE, "TLS/1.2, TLS/1.1, TLS/1.0, SSL/3.0");
+
+ if ((ret = httpOptions(http, "*")) == 0)
{
/*
* Wait for the secure connection...
*/
- while (httpUpdate(&myhttp) == HTTP_CONTINUE);
+ while (httpUpdate(http) == HTTP_CONTINUE);
}
- httpFlush(&myhttp);
-
/*
- * Copy the HTTP data back over, if any...
+ * Restore the HTTP request data...
*/
- http->fd = myhttp.fd;
- http->error = myhttp.error;
- http->activity = myhttp.activity;
- http->status = myhttp.status;
- http->version = myhttp.version;
- http->keep_alive = myhttp.keep_alive;
- http->used = myhttp.used;
-
- if (http->used)
- memcpy(http->buffer, myhttp.buffer, http->used);
-
- http->auth_type = myhttp.auth_type;
- http->nonce_count = myhttp.nonce_count;
-
- memcpy(http->nonce, myhttp.nonce, sizeof(http->nonce));
-
- http->tls = myhttp.tls;
- http->encryption = myhttp.encryption;
+ memcpy(http->fields, myhttp.fields, sizeof(http->fields));
+ http->data_encoding = myhttp.data_encoding;
+ http->data_remaining = myhttp.data_remaining;
+ http->_data_remaining = myhttp._data_remaining;
+ http->expect = myhttp.expect;
+ http->field_authorization = myhttp.field_authorization;
+ http->digest_tries = myhttp.digest_tries;
/*
* See if we actually went secure...
* Server does not support HTTP upgrade...
*/
- DEBUG_puts("Server does not support HTTP upgrade!");
+ DEBUG_puts("8http_upgrade: Server does not support HTTP upgrade!");
# ifdef WIN32
closesocket(http->fd);
/*
- * 'http_wait()' - Wait for data available on a connection.
+ * 'http_write()' - Write a buffer to a HTTP connection.
*/
-static int /* O - 1 if data is available, 0 otherwise */
-http_wait(http_t *http, /* I - HTTP connection */
- int msec) /* I - Milliseconds to wait */
+static int /* O - Number of bytes written */
+http_write(http_t *http, /* I - Connection to server */
+ const char *buffer, /* I - Buffer for data */
+ int length) /* I - Number of bytes to write */
{
-#ifndef WIN32
- struct rlimit limit; /* Runtime limit */
- int set_size; /* Size of select set */
-#endif /* !WIN32 */
- struct timeval timeout; /* Timeout */
- int nfds; /* Result from select() */
-
-
- DEBUG_printf(("http_wait(http=%p, msec=%d)\n", http, msec));
-
- if (http->fd < 0)
- return (0);
-
- /*
- * Check the SSL/TLS buffers for data first...
- */
-
-#ifdef HAVE_SSL
- if (http->tls)
- {
-# ifdef HAVE_LIBSSL
- if (SSL_pending((SSL *)(http->tls)))
- return (1);
-# elif defined(HAVE_GNUTLS)
- if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
- return (1);
-# elif defined(HAVE_CDSASSL)
- size_t bytes; /* Bytes that are available */
+ int tbytes, /* Total bytes sent */
+ bytes; /* Bytes sent */
- if (!SSLGetBufferedReadSize((SSLContextRef)http->tls, &bytes) && bytes > 0)
- return (1);
-# endif /* HAVE_LIBSSL */
- }
-#endif /* HAVE_SSL */
- /*
- * Then try doing a select() to poll the socket...
- */
+ DEBUG_printf(("2http_write(http=%p, buffer=%p, length=%d)", http, buffer,
+ length));
+ http->error = 0;
+ tbytes = 0;
- if (!http->input_set)
+ while (length > 0)
{
-#ifdef WIN32
- /*
- * Windows has a fixed-size select() structure, different (surprise,
- * surprise!) from all UNIX implementations. Just allocate this
- * fixed structure...
- */
-
- http->input_set = calloc(1, sizeof(fd_set));
+ if (http->timeout_cb)
+ {
+#ifdef HAVE_POLL
+ struct pollfd pfd; /* Polled file descriptor */
#else
- /*
- * Allocate the select() input set based upon the max number of file
- * descriptors available for this process...
- */
-
- getrlimit(RLIMIT_NOFILE, &limit);
+ fd_set output_set; /* Output ready for write? */
+ struct timeval timeout; /* Timeout value */
+#endif /* HAVE_POLL */
+ int nfds; /* Result from select()/poll() */
- set_size = (limit.rlim_cur + 31) / 8 + 4;
- if (set_size < sizeof(fd_set))
- set_size = sizeof(fd_set);
+ do
+ {
+#ifdef HAVE_POLL
+ pfd.fd = http->fd;
+ pfd.events = POLLOUT;
- http->input_set = calloc(1, set_size);
-#endif /* WIN32 */
+ while ((nfds = poll(&pfd, 1, http->wait_value)) < 0 &&
+ (errno == EINTR || errno == EAGAIN));
- if (!http->input_set)
- return (0);
- }
+#else
+ do
+ {
+ FD_ZERO(&output_set);
+ FD_SET(http->fd, &output_set);
- do
- {
- FD_SET(http->fd, http->input_set);
+ timeout.tv_sec = http->wait_value / 1000;
+ timeout.tv_usec = 1000 * (http->wait_value % 1000);
- if (msec >= 0)
- {
- timeout.tv_sec = msec / 1000;
- timeout.tv_usec = (msec % 1000) * 1000;
+ nfds = select(http->fd + 1, NULL, &output_set, NULL, &timeout);
+ }
+# ifdef WIN32
+ while (nfds < 0 && (WSAGetLastError() == WSAEINTR ||
+ WSAGetLastError() == WSAEWOULDBLOCK));
+# else
+ while (nfds < 0 && (errno == EINTR || errno == EAGAIN));
+# endif /* WIN32 */
+#endif /* HAVE_POLL */
- nfds = select(http->fd + 1, http->input_set, NULL, NULL, &timeout);
- }
- else
- nfds = select(http->fd + 1, http->input_set, NULL, NULL, NULL);
- }
+ if (nfds < 0)
+ {
+ http->error = errno;
+ return (-1);
+ }
+ else if (nfds == 0 && !(*http->timeout_cb)(http, http->timeout_data))
+ {
#ifdef WIN32
- while (nfds < 0 && WSAGetLastError() == WSAEINTR);
+ http->error = ESAEWOULDBLOCK;
#else
- while (nfds < 0 && errno == EINTR);
+ http->error = EWOULDBLOCK;
#endif /* WIN32 */
+ return (-1);
+ }
+ }
+ while (nfds <= 0);
+ }
- FD_CLR(http->fd, http->input_set);
-
- return (nfds > 0);
-}
-
-
-/*
- * 'http_write()' - Write a buffer to a HTTP connection.
- */
-
-static int /* O - Number of bytes written */
-http_write(http_t *http, /* I - HTTP connection */
- const char *buffer, /* I - Buffer for data */
- int length) /* I - Number of bytes to write */
-{
- int tbytes, /* Total bytes sent */
- bytes; /* Bytes sent */
-
-
- tbytes = 0;
-
- while (length > 0)
- {
#ifdef HAVE_SSL
if (http->tls)
bytes = http_write_ssl(http, buffer, length);
if (bytes < 0)
{
#ifdef WIN32
- if (WSAGetLastError() != http->error)
+ if (WSAGetLastError() == WSAEINTR)
+ continue;
+ else if (WSAGetLastError() == WSAEWOULDBLOCK)
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+
+ http->error = WSAGetLastError();
+ }
+ else if (WSAGetLastError() != http->error &&
+ WSAGetLastError() != WSAECONNRESET)
{
http->error = WSAGetLastError();
continue;
}
+
#else
if (errno == EINTR)
continue;
+ else if (errno == EWOULDBLOCK || errno == EAGAIN)
+ {
+ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data))
+ continue;
+ else if (!http->timeout_cb && errno == EAGAIN)
+ continue;
+
+ http->error = errno;
+ }
else if (errno != http->error && errno != ECONNRESET)
{
http->error = errno;
}
#endif /* WIN32 */
- DEBUG_puts("http_write: error writing data...\n");
+ DEBUG_printf(("3http_write: error writing data (%s).",
+ strerror(http->error)));
return (-1);
}
}
#ifdef DEBUG
- {
- int i, j, ch;
- printf("http_write: wrote %d bytes: \n", tbytes);
- for (i = 0, buffer -= tbytes; i < tbytes; i += 16)
- {
- printf(" ");
-
- for (j = 0; j < 16 && (i + j) < tbytes; j ++)
- printf(" %02X", buffer[i + j] & 255);
-
- while (j < 16)
- {
- printf(" ");
- j ++;
- }
-
- printf(" ");
- for (j = 0; j < 16 && (i + j) < tbytes; j ++)
- {
- ch = buffer[i + j] & 255;
-
- if (ch < ' ' || ch == 127)
- ch = '.';
-
- putchar(ch);
- }
- putchar('\n');
- }
- }
+ http_debug_hex("http_write", buffer - tbytes, tbytes);
#endif /* DEBUG */
+ DEBUG_printf(("3http_write: Returning %d.", tbytes));
+
return (tbytes);
}
*/
static int /* O - Number bytes written */
-http_write_chunk(http_t *http, /* I - HTTP connection */
+http_write_chunk(http_t *http, /* I - Connection to server */
const char *buffer, /* I - Buffer to write */
int length) /* I - Length of buffer */
{
char header[255]; /* Chunk header */
int bytes; /* Bytes written */
- DEBUG_printf(("http_write_chunk(http=%p, buffer=%p, length=%d)\n",
+
+ DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=%d)",
http, buffer, length));
/*
*/
sprintf(header, "%x\r\n", length);
- if (http_write(http, header, strlen(header)) < 0)
+ if (http_write(http, header, (int)strlen(header)) < 0)
{
- DEBUG_puts(" http_write of length failed!");
+ DEBUG_puts("8http_write_chunk: http_write of length failed!");
return (-1);
}
if ((bytes = http_write(http, buffer, length)) < 0)
{
- DEBUG_puts(" http_write of buffer failed!");
+ DEBUG_puts("8http_write_chunk: http_write of buffer failed!");
return (-1);
}
if (http_write(http, "\r\n", 2) < 0)
{
- DEBUG_puts(" http_write of CR LF failed!");
+ DEBUG_puts("8http_write_chunk: http_write of CR LF failed!");
return (-1);
}
*/
static int /* O - Bytes written */
-http_write_ssl(http_t *http, /* I - HTTP connection */
+http_write_ssl(http_t *http, /* I - Connection to server */
const char *buf, /* I - Buffer holding data */
int len) /* I - Length of buffer */
{
+ ssize_t result; /* Return value */
+
+
+ DEBUG_printf(("2http_write_ssl(http=%p, buf=%p, len=%d)", http, buf, len));
+
# if defined(HAVE_LIBSSL)
- return (SSL_write((SSL *)(http->tls), buf, len));
+ result = SSL_write((SSL *)(http->tls), buf, len);
# elif defined(HAVE_GNUTLS)
- return (gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len));
+ result = gnutls_record_send(http->tls, buf, len);
+
+ if (result < 0 && !errno)
+ {
+ /*
+ * Convert GNU TLS error to errno value...
+ */
+
+ switch (result)
+ {
+ case GNUTLS_E_INTERRUPTED :
+ errno = EINTR;
+ break;
+
+ case GNUTLS_E_AGAIN :
+ errno = EAGAIN;
+ break;
+
+ default :
+ errno = EPIPE;
+ break;
+ }
+
+ result = -1;
+ }
+
# elif defined(HAVE_CDSASSL)
- int result; /* Return value */
OSStatus error; /* Error info */
size_t processed; /* Number of bytes processed */
- error = SSLWrite((SSLContextRef)http->tls, buf, len, &processed);
+ error = SSLWrite(http->tls, buf, len, &processed);
switch (error)
{
case 0 :
result = (int)processed;
break;
- case errSSLClosedGraceful :
- result = 0;
- break;
+
case errSSLWouldBlock :
if (processed)
result = (int)processed;
else
{
result = -1;
- errno = EINTR;
+ errno = EINTR;
}
break;
+
+ case errSSLClosedGraceful :
default :
- errno = EPIPE;
- result = -1;
+ if (processed)
+ result = (int)processed;
+ else
+ {
+ result = -1;
+ errno = EPIPE;
+ }
break;
}
-
- return (result);
+# elif defined(HAVE_SSPISSL)
+ return _sspiWrite((_sspi_struct_t *)http->tls, (void *)buf, len);
# endif /* HAVE_LIBSSL */
+
+ DEBUG_printf(("3http_write_ssl: Returning %d.", (int)result));
+
+ return ((int)result);
}
#endif /* HAVE_SSL */
/*
- * End of "$Id: http.c 5373 2006-04-06 20:03:32Z mike $".
+ * End of "$Id: http.c 7850 2008-08-20 00:07:25Z mike $".
*/
projects / thirdparty / cups.git / blobdiff