search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
purple: work around broken dbus-server.h
[siplcs.git] / src / core / sipe-http-request.c
blob292ec2618481d72466a9ba0f184ed8356ad63d2e
1 /**
2 * @file sipe-http-request.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013-2016 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * SIPE HTTP request layer implementation
25 *
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <string.h>
39
40 #include <glib.h>
41
42 #include "sipe-common.h"
43 #include "sipmsg.h"
44 #include "sip-sec.h"
45 #include "sipe-backend.h"
46 #include "sipe-core.h"
47 #include "sipe-core-private.h"
48 #include "sipe-http.h"
49
50 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
51 #include "sipe-http-request.h"
52 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
53 #include "sipe-http-transport.h"
54
55 struct sipe_http_session {
56 GHashTable *cookie_jar;
57 };
58
59 struct sipe_http_request {
60 struct sipe_http_connection_public *connection;
61
62 struct sipe_http_session *session;
63
64 gchar *path;
65 gchar *headers;
66 gchar *body; /* NULL for GET */
67 gchar *content_type; /* NULL if body == NULL */
68 gchar *authorization;
69
70 const gchar *user; /* not copied */
71 const gchar *password; /* not copied */
72
73 sipe_http_response_callback *cb;
74 gpointer cb_data;
75
76 guint32 flags;
77 };
78
79 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
80 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
81 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
82 #define SIPE_HTTP_REQUEST_FLAG_HANDSHAKE 0x00000008
83
84 static void sipe_http_request_free(struct sipe_core_private *sipe_private,
85 struct sipe_http_request *req,
86 guint status)
87 {
88 if (req->cb)
89 /* Callback: aborted/failed/cancelled */
90 (*req->cb)(sipe_private,
91 status,
92 NULL,
93 NULL,
94 req->cb_data);
95 g_free(req->path);
96 g_free(req->headers);
97 g_free(req->body);
98 g_free(req->content_type);
99 g_free(req->authorization);
100 g_free(req);
101 }
102
103 static void add_cookie_cb(SIPE_UNUSED_PARAMETER const gchar *key,
104 const gchar *cookie,
105 GString *string)
106 {
107 g_string_append_printf(string, "Cookie: %s\r\n", cookie);
108 }
109
110 static void sipe_http_request_send(struct sipe_http_connection_public *conn_public)
111 {
112 struct sipe_http_request *req = conn_public->pending_requests->data;
113 gchar *header;
114 gchar *content = NULL;
115 gchar *cookie = NULL;
116
117 if (req->body)
118 content = g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT "\r\n"
119 "Content-Type: %s\r\n",
120 strlen(req->body),
121 req->content_type);
122
123 if (req->session && g_hash_table_size(req->session->cookie_jar)) {
124 GString *cookies = g_string_new("");
125 g_hash_table_foreach(req->session->cookie_jar,
126 (GHFunc) add_cookie_cb,
127 cookies);
128 cookie = g_string_free(cookies, FALSE);
129 }
130
131 header = g_strdup_printf("%s /%s HTTP/1.1\r\n"
132 "Host: %s\r\n"
133 "User-Agent: Sipe/" PACKAGE_VERSION "\r\n"
134 "%s%s%s%s",
135 content ? "POST" : "GET",
136 req->path,
137 conn_public->host,
138 conn_public->cached_authorization ? conn_public->cached_authorization :
139 req->authorization ? req->authorization : "",
140 req->headers ? req->headers : "",
141 cookie ? cookie : "",
142 content ? content : "");
143 g_free(cookie);
144 g_free(content);
145
146 /* only use authorization once */
147 g_free(req->authorization);
148 req->authorization = NULL;
149
150 sipe_http_transport_send(conn_public,
151 header,
152 req->body);
153 g_free(header);
154 }
155
156 gboolean sipe_http_request_pending(struct sipe_http_connection_public *conn_public)
157 {
158 return(conn_public->pending_requests != NULL);
159 }
160
161 void sipe_http_request_next(struct sipe_http_connection_public *conn_public)
162 {
163 sipe_http_request_send(conn_public);
164 }
165
166 static void sipe_http_request_enqueue(struct sipe_core_private *sipe_private,
167 struct sipe_http_request *req,
168 const struct sipe_http_parsed_uri *parsed_uri)
169 {
170 struct sipe_http_connection_public *conn_public;
171
172 req->path = g_strdup(parsed_uri->path);
173 req->connection = conn_public = sipe_http_transport_new(sipe_private,
174 parsed_uri->host,
175 parsed_uri->port,
176 parsed_uri->tls);
177 if (!sipe_http_request_pending(conn_public))
178 req->flags |= SIPE_HTTP_REQUEST_FLAG_FIRST;
179
180 conn_public->pending_requests = g_slist_append(conn_public->pending_requests,
181 req);
182 }
183
184 static void sipe_http_request_drop_context(struct sipe_http_connection_public *conn_public)
185 {
186 g_free(conn_public->cached_authorization);
187 conn_public->cached_authorization = NULL;
188 sip_sec_destroy_context(conn_public->context);
189 conn_public->context = NULL;
190 }
191
192 static void sipe_http_request_finalize_negotiate(struct sipe_http_request *req,
193 struct sipmsg *msg)
194 {
195 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
196 /*
197 * Negotiate can send a final package in the successful response.
198 * We need to forward this to the context or otherwise it will
199 * never reach the ready state.
200 */
201 struct sipe_http_connection_public *conn_public = req->connection;
202
203 if (sip_sec_context_type(conn_public->context) == SIPE_AUTHENTICATION_TYPE_NEGOTIATE) {
204 const gchar *header = sipmsg_find_auth_header(msg, "Negotiate");
205
206 if (header) {
207 gchar **parts = g_strsplit(header, " ", 0);
208 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
209 gchar *token;
210
211 SIPE_DEBUG_INFO("sipe_http_request_finalize_negotiate: init context target '%s' token '%s'",
212 spn, parts[1] ? parts[1] : "<NULL>");
213
214 if (sip_sec_init_context_step(conn_public->context,
215 spn,
216 parts[1],
217 &token,
218 NULL)) {
219 g_free(token);
220 } else {
221 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_finalize_negotiate: security context init step failed, throwing away context");
222 sipe_http_request_drop_context(conn_public);
223 }
224
225 g_free(spn);
226 g_strfreev(parts);
227 }
228 }
229 #else
230 (void) req; /* keep compiler happy */
231 (void) msg; /* keep compiler happy */
232 #endif
233 }
234
235
236 /* TRUE indicates failure */
237 static gboolean sipe_http_request_response_redirection(struct sipe_core_private *sipe_private,
238 struct sipe_http_request *req,
239 struct sipmsg *msg)
240 {
241 const gchar *location = sipmsg_find_header(msg, "Location");
242 gboolean failed = TRUE;
243
244 sipe_http_request_finalize_negotiate(req, msg);
245
246 if (location) {
247 struct sipe_http_parsed_uri *parsed_uri = sipe_http_parse_uri(location);
248
249 if (parsed_uri) {
250 /* remove request from old connection */
251 struct sipe_http_connection_public *conn_public = req->connection;
252 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
253 req);
254
255 /* free old request data */
256 g_free(req->path);
257 req->flags &= ~( SIPE_HTTP_REQUEST_FLAG_FIRST |
258 SIPE_HTTP_REQUEST_FLAG_HANDSHAKE );
259
260 /* resubmit request on other connection */
261 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
262 failed = FALSE;
263
264 sipe_http_parsed_uri_free(parsed_uri);
265 } else
266 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
267 location);
268 } else
269 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
270
271 return(failed);
272 }
273
274 /* TRUE indicates failure */
275 static gboolean sipe_http_request_response_unauthorized(struct sipe_core_private *sipe_private,
276 struct sipe_http_request *req,
277 struct sipmsg *msg)
278 {
279 struct sipe_http_connection_public *conn_public = req->connection;
280 const gchar *header = NULL;
281 guint type;
282 gboolean failed = TRUE;
283
284 /*
285 * There are some buggy HTTP servers out there that add superfluous
286 * WWW-Authenticate: headers during the authentication handshake.
287 * Look only for the header of the active security context.
288 */
289 if (conn_public->context) {
290 const gchar *name = sip_sec_context_name(conn_public->context);
291
292 header = sipmsg_find_auth_header(msg, name);
293 type = sip_sec_context_type(conn_public->context);
294
295 if (!header) {
296 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: expected authentication scheme %s not found",
297 name);
298 return(failed);
299 }
300
301 if (conn_public->cached_authorization) {
302 /*
303 * The "Basic" scheme doesn't have any state.
304 *
305 * If we enter here then we have already tried "Basic"
306 * authentication once for this request and it was
307 * rejected by the server. As all future requests will
308 * also be rejected, we need to abort here in order to
309 * prevent an endless request/401/request/... loop.
310 */
311 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: Basic authentication has failed for host '%s', please check user name and password!",
312 conn_public->host);
313 return(failed);
314 }
315
316 } else {
317 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
318 #define DEBUG_STRING ", NTLM and Negotiate"
319 /* Use "Negotiate" unless the user requested "NTLM" */
320 if (sipe_private->authentication_type != SIPE_AUTHENTICATION_TYPE_NTLM)
321 header = sipmsg_find_auth_header(msg, "Negotiate");
322 if (header) {
323 type = SIPE_AUTHENTICATION_TYPE_NEGOTIATE;
324 } else
325 #else
326 #define DEBUG_STRING " and NTLM"
327 (void) sipe_private; /* keep compiler happy */
328 #endif
329 {
330 header = sipmsg_find_auth_header(msg, "NTLM");
331 type = SIPE_AUTHENTICATION_TYPE_NTLM;
332 }
333
334 /* only fall back to "Basic" after everything else fails */
335 if (!header) {
336 header = sipmsg_find_auth_header(msg, "Basic");
337 type = SIPE_AUTHENTICATION_TYPE_BASIC;
338 }
339 }
340
341 if (header) {
342 if (!conn_public->context) {
343 gboolean valid = req->flags & SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
344 conn_public->context = sip_sec_create_context(type,
345 !valid, /* Single Sign-On flag */
346 TRUE, /* connection-based for HTTP */
347 valid ? req->user : NULL,
348 valid ? req->password : NULL);
349 }
350
351 if (conn_public->context) {
352 gchar **parts = g_strsplit(header, " ", 0);
353 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
354 gchar *token_out;
355 const gchar *token_in = parts[1];
356
357 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
358 spn, token_in ? token_in : "<NULL>");
359
360 /*
361 * If we receive a NULL token during the handshake
362 * then the authentication scheme has failed.
363 */
364 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_HANDSHAKE) &&
365 !token_in) {
366 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: authentication failed, throwing away context");
367 sipe_http_request_drop_context(conn_public);
368
369 } else if (sip_sec_init_context_step(conn_public->context,
370 spn,
371 token_in,
372 &token_out,
373 NULL)) {
374
375 /* handshake has started */
376 req->flags |= SIPE_HTTP_REQUEST_FLAG_HANDSHAKE;
377
378 /* generate authorization header */
379 req->authorization = g_strdup_printf("Authorization: %s %s\r\n",
380 sip_sec_context_name(conn_public->context),
381 token_out ? token_out : "");
382 g_free(token_out);
383
384 /*
385 * authorization never changes for Basic
386 * authentication scheme, so we can keep it.
387 */
388 if (type == SIPE_AUTHENTICATION_TYPE_BASIC) {
389 g_free(conn_public->cached_authorization);
390 conn_public->cached_authorization = g_strdup(req->authorization);
391 }
392
393 /*
394 * Keep the request in the queue. As it is at
395 * the head it will be pulled automatically
396 * by the transport layer after returning.
397 */
398 failed = FALSE;
399
400 } else {
401 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed, throwing away context");
402 sipe_http_request_drop_context(conn_public);
403 }
404
405 g_free(spn);
406 g_strfreev(parts);
407 } else
408 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
409 } else
410 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only Basic" DEBUG_STRING " authentication schemes are supported");
411
412 return(failed);
413 }
414
415 static void sipe_http_request_response_callback(struct sipe_core_private *sipe_private,
416 struct sipe_http_request *req,
417 struct sipmsg *msg)
418 {
419 sipe_http_request_finalize_negotiate(req, msg);
420
421 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
422 if (req->session) {
423 guint instance = 0;
424 const gchar *hdr;
425
426 /* extract all cookies from header */
427 while ((hdr = sipmsg_find_header_instance(msg,
428 "Set-Cookie",
429 instance++)) != NULL) {
430 gchar **parts, **current;
431 const gchar *part;
432 gchar *new = NULL;
433
434 current = parts = g_strsplit(hdr, ";", 0);
435 while ((part = *current++) != NULL) {
436 /* strip these parts from cookie */
437 if (!(strstr(part, "path=") ||
438 strstr(part, "domain=") ||
439 strstr(part, "expires=") ||
440 strstr(part, "secure"))) {
441 gchar *tmp = new;
442 new = new ?
443 g_strconcat(new, ";", part, NULL) :
444 g_strdup(part);
445 g_free(tmp);
446 }
447 }
448
449 if (new) {
450 g_hash_table_insert(req->session->cookie_jar,
451 g_strdup(*parts),
452 new);
453 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
454 }
455 g_strfreev(parts);
456 }
457 }
458
459 /* Callback: success */
460 (*req->cb)(sipe_private,
461 msg->response,
462 msg->headers,
463 msg->body,
464 req->cb_data);
465
466 /* remove completed request */
467 sipe_http_request_cancel(req);
468 }
469
470 void sipe_http_request_response(struct sipe_http_connection_public *conn_public,
471 struct sipmsg *msg)
472 {
473 struct sipe_core_private *sipe_private = conn_public->sipe_private;
474 struct sipe_http_request *req = conn_public->pending_requests->data;
475 gboolean failed;
476
477 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_REDIRECT) &&
478 (msg->response >= SIPE_HTTP_STATUS_REDIRECTION) &&
479 (msg->response < SIPE_HTTP_STATUS_CLIENT_ERROR)) {
480 failed = sipe_http_request_response_redirection(sipe_private,
481 req,
482 msg);
483
484 } else if (msg->response == SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED) {
485 failed = sipe_http_request_response_unauthorized(sipe_private,
486 req,
487 msg);
488
489 } else {
490 /* On some errors throw away the security context */
491 if (((msg->response == SIPE_HTTP_STATUS_CLIENT_FORBIDDEN) ||
492 (msg->response == SIPE_HTTP_STATUS_CLIENT_PROXY_AUTH) ||
493 (msg->response >= SIPE_HTTP_STATUS_SERVER_ERROR)) &&
494 conn_public->context) {
495 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
496 msg->response);
497 sipe_http_request_drop_context(conn_public);
498 }
499
500 /* All other cases are passed on to the user */
501 sipe_http_request_response_callback(sipe_private, req, msg);
502
503 /* req is no longer valid */
504 failed = FALSE;
505 }
506
507 if (failed) {
508 /* Callback: request failed */
509 (*req->cb)(sipe_private,
510 SIPE_HTTP_STATUS_FAILED,
511 msg->headers,
512 NULL,
513 req->cb_data);
514
515 /* remove failed request */
516 sipe_http_request_cancel(req);
517 }
518 }
519
520 void sipe_http_request_shutdown(struct sipe_http_connection_public *conn_public,
521 gboolean abort)
522 {
523 if (conn_public->pending_requests) {
524 GSList *entry = conn_public->pending_requests;
525 while (entry) {
526 sipe_http_request_free(conn_public->sipe_private,
527 entry->data,
528 abort ?
529 SIPE_HTTP_STATUS_ABORTED :
530 SIPE_HTTP_STATUS_FAILED);
531 entry = entry->next;
532 }
533 g_slist_free(conn_public->pending_requests);
534 conn_public->pending_requests = NULL;
535 }
536
537 if (conn_public->context) {
538 g_free(conn_public->cached_authorization);
539 conn_public->cached_authorization = NULL;
540 sip_sec_destroy_context(conn_public->context);
541 conn_public->context = NULL;
542 }
543 }
544
545 struct sipe_http_request *sipe_http_request_new(struct sipe_core_private *sipe_private,
546 const struct sipe_http_parsed_uri *parsed_uri,
547 const gchar *headers,
548 const gchar *body,
549 const gchar *content_type,
550 sipe_http_response_callback *callback,
551 gpointer callback_data)
552 {
553 struct sipe_http_request *req;
554 if (!parsed_uri)
555 return(NULL);
556 if (sipe_http_shutting_down(sipe_private)) {
557 SIPE_DEBUG_ERROR("sipe_http_request_new: new HTTP request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
558 "Host: %s\n"
559 "Port: %d\n"
560 "Path: %s\n"
561 "Headers: %s\n"
562 "Body: %s\n",
563 parsed_uri->host,
564 parsed_uri->port,
565 parsed_uri->path,
566 headers ? headers : "<NONE>",
567 body ? body : "<EMPTY>");
568 return(NULL);
569 }
570
571 req = g_new0(struct sipe_http_request, 1);
572 req->flags = 0;
573 req->cb = callback;
574 req->cb_data = callback_data;
575 if (headers)
576 req->headers = g_strdup(headers);
577 if (body) {
578 req->body = g_strdup(body);
579 req->content_type = g_strdup(content_type);
580 }
581
582 /* default authentication */
583 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO))
584 sipe_http_request_authentication(req,
585 sipe_private->authuser,
586 sipe_private->password);
587
588 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
589
590 return(req);
591 }
592
593 void sipe_http_request_ready(struct sipe_http_request *request)
594 {
595 struct sipe_http_connection_public *conn_public = request->connection;
596
597 /* pass first request on already opened connection through directly */
598 if ((request->flags & SIPE_HTTP_REQUEST_FLAG_FIRST) &&
599 conn_public->connected)
600 sipe_http_request_send(conn_public);
601 }
602
603 struct sipe_http_session *sipe_http_session_start(void)
604 {
605 struct sipe_http_session *session = g_new0(struct sipe_http_session, 1);
606 session->cookie_jar = g_hash_table_new_full(g_str_hash,
607 g_str_equal,
608 g_free,
609 g_free);
610 return(session);
611 }
612
613 void sipe_http_session_close(struct sipe_http_session *session)
614 {
615 if (session) {
616 g_hash_table_destroy(session->cookie_jar);
617 g_free(session);
618 }
619 }
620
621 void sipe_http_request_cancel(struct sipe_http_request *request)
622 {
623 struct sipe_http_connection_public *conn_public = request->connection;
624 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
625 request);
626
627 /* cancelled by requester, don't use callback */
628 request->cb = NULL;
629
630 sipe_http_request_free(conn_public->sipe_private,
631 request,
632 SIPE_HTTP_STATUS_CANCELLED);
633 }
634
635 void sipe_http_request_session(struct sipe_http_request *request,
636 struct sipe_http_session *session)
637 {
638 request->session = session;
639 }
640
641 void sipe_http_request_allow_redirect(struct sipe_http_request *request)
642 {
643 request->flags |= SIPE_HTTP_REQUEST_FLAG_REDIRECT;
644 }
645
646 void sipe_http_request_authentication(struct sipe_http_request *request,
647 const gchar *user,
648 const gchar *password)
649 {
650 request->flags |= SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
651 request->user = user;
652 request->password = password;
653 }
654
655 /*
656 Local Variables:
657 mode: c
658 c-file-style: "bsd"
659 indent-tabs-mode: t
660 tab-width: 8
661 End:
662 */
A third-party Pidgin plugin for Microsoft LCS/OCS