search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Release 1.25.0 -- Buddy Idle Time, RTF
[siplcs.git] / src / core / sipe-http-request.c
blobed778852faba0acc8c874be668590940e6a7f559
1 /**
2 * @file sipe-http-request.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013-2018 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * SIPE HTTP request layer implementation
25 *
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <string.h>
39
40 #include <glib.h>
41
42 #include "sipe-common.h"
43 #include "sipmsg.h"
44 #include "sip-sec.h"
45 #include "sipe-backend.h"
46 #include "sipe-core.h"
47 #include "sipe-core-private.h"
48 #include "sipe-http.h"
49
50 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
51 #include "sipe-http-request.h"
52 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
53 #include "sipe-http-transport.h"
54
55 struct sipe_http_session {
56 GHashTable *cookie_jar;
57 };
58
59 struct sipe_http_request {
60 struct sipe_http_connection_public *connection;
61
62 struct sipe_http_session *session;
63
64 gchar *path;
65 gchar *headers;
66 gchar *body; /* NULL for GET */
67 gchar *content_type; /* NULL if body == NULL */
68 gchar *authorization;
69
70 const gchar *user; /* not copied */
71 const gchar *password; /* not copied */
72
73 sipe_http_response_callback *cb;
74 gpointer cb_data;
75
76 guint32 flags;
77 };
78
79 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
80 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
81 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
82 #define SIPE_HTTP_REQUEST_FLAG_HANDSHAKE 0x00000008
83
84 static void sipe_http_request_free(struct sipe_core_private *sipe_private,
85 struct sipe_http_request *req,
86 guint status)
87 {
88 if (req->cb)
89 /* Callback: aborted/failed/cancelled */
90 (*req->cb)(sipe_private,
91 status,
92 NULL,
93 NULL,
94 req->cb_data);
95 g_free(req->path);
96 g_free(req->headers);
97 g_free(req->body);
98 g_free(req->content_type);
99 g_free(req->authorization);
100 g_free(req);
101 }
102
103 static void add_cookie_cb(SIPE_UNUSED_PARAMETER const gchar *key,
104 const gchar *cookie,
105 GString *string)
106 {
107 g_string_append_printf(string, "Cookie: %s\r\n", cookie);
108 }
109
110 static void sipe_http_request_send(struct sipe_http_connection_public *conn_public)
111 {
112 struct sipe_http_request *req = conn_public->pending_requests->data;
113 gchar *header;
114 gchar *content = NULL;
115 gchar *cookie = NULL;
116
117 if (req->body)
118 content = g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT "\r\n"
119 "Content-Type: %s\r\n",
120 strlen(req->body),
121 req->content_type);
122
123 if (req->session && g_hash_table_size(req->session->cookie_jar)) {
124 GString *cookies = g_string_new("");
125 g_hash_table_foreach(req->session->cookie_jar,
126 (GHFunc) add_cookie_cb,
127 cookies);
128 cookie = g_string_free(cookies, FALSE);
129 }
130
131 header = g_strdup_printf("%s /%s HTTP/1.1\r\n"
132 "Host: %s\r\n"
133 "User-Agent: %s\r\n"
134 "%s%s%s%s",
135 content ? "POST" : "GET",
136 req->path,
137 conn_public->host,
138 sipe_core_user_agent(conn_public->sipe_private),
139 conn_public->cached_authorization ? conn_public->cached_authorization :
140 req->authorization ? req->authorization : "",
141 req->headers ? req->headers : "",
142 cookie ? cookie : "",
143 content ? content : "");
144 g_free(cookie);
145 g_free(content);
146
147 /* only use authorization once */
148 g_free(req->authorization);
149 req->authorization = NULL;
150
151 sipe_http_transport_send(conn_public,
152 header,
153 req->body);
154 g_free(header);
155 }
156
157 gboolean sipe_http_request_pending(struct sipe_http_connection_public *conn_public)
158 {
159 return(conn_public->pending_requests != NULL);
160 }
161
162 void sipe_http_request_next(struct sipe_http_connection_public *conn_public)
163 {
164 sipe_http_request_send(conn_public);
165 }
166
167 static void sipe_http_request_enqueue(struct sipe_core_private *sipe_private,
168 struct sipe_http_request *req,
169 const struct sipe_http_parsed_uri *parsed_uri)
170 {
171 struct sipe_http_connection_public *conn_public;
172
173 req->path = g_strdup(parsed_uri->path);
174 req->connection = conn_public = sipe_http_transport_new(sipe_private,
175 parsed_uri->host,
176 parsed_uri->port,
177 parsed_uri->tls);
178 if (!sipe_http_request_pending(conn_public))
179 req->flags |= SIPE_HTTP_REQUEST_FLAG_FIRST;
180
181 conn_public->pending_requests = g_slist_append(conn_public->pending_requests,
182 req);
183 }
184
185 static void sipe_http_request_drop_context(struct sipe_http_connection_public *conn_public)
186 {
187 g_free(conn_public->cached_authorization);
188 conn_public->cached_authorization = NULL;
189 sip_sec_destroy_context(conn_public->context);
190 conn_public->context = NULL;
191 }
192
193 static void sipe_http_request_finalize_negotiate(struct sipe_http_request *req,
194 struct sipmsg *msg)
195 {
196 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
197 /*
198 * Negotiate can send a final package in the successful response.
199 * We need to forward this to the context or otherwise it will
200 * never reach the ready state.
201 */
202 struct sipe_http_connection_public *conn_public = req->connection;
203
204 if (sip_sec_context_type(conn_public->context) == SIPE_AUTHENTICATION_TYPE_NEGOTIATE) {
205 const gchar *header = sipmsg_find_auth_header(msg, "Negotiate");
206
207 if (header) {
208 gchar **parts = g_strsplit(header, " ", 0);
209 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
210 gchar *token;
211
212 SIPE_DEBUG_INFO("sipe_http_request_finalize_negotiate: init context target '%s' token '%s'",
213 spn, parts[1] ? parts[1] : "<NULL>");
214
215 if (sip_sec_init_context_step(conn_public->context,
216 spn,
217 parts[1],
218 &token,
219 NULL)) {
220 g_free(token);
221 } else {
222 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_finalize_negotiate: security context init step failed, throwing away context");
223 sipe_http_request_drop_context(conn_public);
224 }
225
226 g_free(spn);
227 g_strfreev(parts);
228 }
229 }
230 #else
231 (void) req; /* keep compiler happy */
232 (void) msg; /* keep compiler happy */
233 #endif
234 }
235
236
237 /* TRUE indicates failure */
238 static gboolean sipe_http_request_response_redirection(struct sipe_core_private *sipe_private,
239 struct sipe_http_request *req,
240 struct sipmsg *msg)
241 {
242 const gchar *location = sipmsg_find_header(msg, "Location");
243 gboolean failed = TRUE;
244
245 sipe_http_request_finalize_negotiate(req, msg);
246
247 if (location) {
248 struct sipe_http_parsed_uri *parsed_uri = sipe_http_parse_uri(location);
249
250 if (parsed_uri) {
251 /* remove request from old connection */
252 struct sipe_http_connection_public *conn_public = req->connection;
253 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
254 req);
255
256 /* free old request data */
257 g_free(req->path);
258 req->flags &= ~( SIPE_HTTP_REQUEST_FLAG_FIRST |
259 SIPE_HTTP_REQUEST_FLAG_HANDSHAKE );
260
261 /* resubmit request on other connection */
262 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
263 failed = FALSE;
264
265 sipe_http_parsed_uri_free(parsed_uri);
266 } else
267 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
268 location);
269 } else
270 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
271
272 return(failed);
273 }
274
275 /* TRUE indicates failure */
276 static gboolean sipe_http_request_response_unauthorized(struct sipe_core_private *sipe_private,
277 struct sipe_http_request *req,
278 struct sipmsg *msg)
279 {
280 struct sipe_http_connection_public *conn_public = req->connection;
281 const gchar *header = NULL;
282 guint type;
283 gboolean failed = TRUE;
284
285 /*
286 * There are some buggy HTTP servers out there that add superfluous
287 * WWW-Authenticate: headers during the authentication handshake.
288 * Look only for the header of the active security context.
289 */
290 if (conn_public->context) {
291 const gchar *name = sip_sec_context_name(conn_public->context);
292
293 header = sipmsg_find_auth_header(msg, name);
294 type = sip_sec_context_type(conn_public->context);
295
296 if (!header) {
297 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: expected authentication scheme %s not found",
298 name);
299 return(failed);
300 }
301
302 if (conn_public->cached_authorization) {
303 /*
304 * The "Basic" scheme doesn't have any state.
305 *
306 * If we enter here then we have already tried "Basic"
307 * authentication once for this request and it was
308 * rejected by the server. As all future requests will
309 * also be rejected, we need to abort here in order to
310 * prevent an endless request/401/request/... loop.
311 */
312 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: Basic authentication has failed for host '%s', please check user name and password!",
313 conn_public->host);
314 return(failed);
315 }
316
317 } else {
318 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
319 #define DEBUG_STRING ", NTLM and Negotiate"
320 /* Use "Negotiate" unless the user requested "NTLM" */
321 if (sipe_private->authentication_type != SIPE_AUTHENTICATION_TYPE_NTLM)
322 header = sipmsg_find_auth_header(msg, "Negotiate");
323 if (header) {
324 type = SIPE_AUTHENTICATION_TYPE_NEGOTIATE;
325 } else
326 #else
327 #define DEBUG_STRING " and NTLM"
328 (void) sipe_private; /* keep compiler happy */
329 #endif
330 {
331 header = sipmsg_find_auth_header(msg, "NTLM");
332 type = SIPE_AUTHENTICATION_TYPE_NTLM;
333 }
334
335 /* only fall back to "Basic" after everything else fails */
336 if (!header) {
337 header = sipmsg_find_auth_header(msg, "Basic");
338 type = SIPE_AUTHENTICATION_TYPE_BASIC;
339 }
340 }
341
342 if (header) {
343 if (!conn_public->context) {
344 gboolean valid = req->flags & SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
345 conn_public->context = sip_sec_create_context(type,
346 !valid, /* Single Sign-On flag */
347 TRUE, /* connection-based for HTTP */
348 valid ? req->user : NULL,
349 valid ? req->password : NULL);
350 }
351
352 if (conn_public->context) {
353 gchar **parts = g_strsplit(header, " ", 0);
354 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
355 gchar *token_out;
356 const gchar *token_in = parts[1];
357
358 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
359 spn, token_in ? token_in : "<NULL>");
360
361 /*
362 * If we receive a NULL token during the handshake
363 * then the authentication scheme has failed.
364 */
365 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_HANDSHAKE) &&
366 !token_in) {
367 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: authentication failed, throwing away context");
368 sipe_http_request_drop_context(conn_public);
369
370 } else if (sip_sec_init_context_step(conn_public->context,
371 spn,
372 token_in,
373 &token_out,
374 NULL)) {
375
376 /* handshake has started */
377 req->flags |= SIPE_HTTP_REQUEST_FLAG_HANDSHAKE;
378
379 /* generate authorization header */
380 req->authorization = g_strdup_printf("Authorization: %s %s\r\n",
381 sip_sec_context_name(conn_public->context),
382 token_out ? token_out : "");
383 g_free(token_out);
384
385 /*
386 * authorization never changes for Basic
387 * authentication scheme, so we can keep it.
388 */
389 if (type == SIPE_AUTHENTICATION_TYPE_BASIC) {
390 g_free(conn_public->cached_authorization);
391 conn_public->cached_authorization = g_strdup(req->authorization);
392 }
393
394 /*
395 * Keep the request in the queue. As it is at
396 * the head it will be pulled automatically
397 * by the transport layer after returning.
398 */
399 failed = FALSE;
400
401 } else {
402 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed, throwing away context");
403 sipe_http_request_drop_context(conn_public);
404 }
405
406 g_free(spn);
407 g_strfreev(parts);
408 } else
409 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
410 } else
411 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only Basic" DEBUG_STRING " authentication schemes are supported");
412
413 return(failed);
414 }
415
416 static void sipe_http_request_response_callback(struct sipe_core_private *sipe_private,
417 struct sipe_http_request *req,
418 struct sipmsg *msg)
419 {
420 sipe_http_request_finalize_negotiate(req, msg);
421
422 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
423 if (req->session) {
424 guint instance = 0;
425 const gchar *hdr;
426
427 /* extract all cookies from header */
428 while ((hdr = sipmsg_find_header_instance(msg,
429 "Set-Cookie",
430 instance++)) != NULL) {
431 gchar **parts, **current;
432 const gchar *part;
433 gchar *new = NULL;
434
435 current = parts = g_strsplit(hdr, ";", 0);
436 while ((part = *current++) != NULL) {
437 /* strip these parts from cookie */
438 if (!(strstr(part, "path=") ||
439 strstr(part, "domain=") ||
440 strstr(part, "expires=") ||
441 strstr(part, "secure"))) {
442 gchar *tmp = new;
443 new = new ?
444 g_strconcat(new, ";", part, NULL) :
445 g_strdup(part);
446 g_free(tmp);
447 }
448 }
449
450 if (new) {
451 g_hash_table_insert(req->session->cookie_jar,
452 g_strdup(*parts),
453 new);
454 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
455 }
456 g_strfreev(parts);
457 }
458 }
459
460 /* Callback: success */
461 (*req->cb)(sipe_private,
462 msg->response,
463 msg->headers,
464 msg->body,
465 req->cb_data);
466
467 /* remove completed request */
468 sipe_http_request_cancel(req);
469 }
470
471 void sipe_http_request_response(struct sipe_http_connection_public *conn_public,
472 struct sipmsg *msg)
473 {
474 struct sipe_core_private *sipe_private = conn_public->sipe_private;
475 struct sipe_http_request *req = conn_public->pending_requests->data;
476 gboolean failed;
477
478 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_REDIRECT) &&
479 (msg->response >= SIPE_HTTP_STATUS_REDIRECTION) &&
480 (msg->response < SIPE_HTTP_STATUS_CLIENT_ERROR)) {
481 failed = sipe_http_request_response_redirection(sipe_private,
482 req,
483 msg);
484
485 } else if (msg->response == SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED) {
486 failed = sipe_http_request_response_unauthorized(sipe_private,
487 req,
488 msg);
489
490 } else {
491 /* On some errors throw away the security context */
492 if (((msg->response == SIPE_HTTP_STATUS_CLIENT_FORBIDDEN) ||
493 (msg->response == SIPE_HTTP_STATUS_CLIENT_PROXY_AUTH) ||
494 (msg->response >= SIPE_HTTP_STATUS_SERVER_ERROR)) &&
495 conn_public->context) {
496 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
497 msg->response);
498 sipe_http_request_drop_context(conn_public);
499 }
500
501 /* All other cases are passed on to the user */
502 sipe_http_request_response_callback(sipe_private, req, msg);
503
504 /* req is no longer valid */
505 failed = FALSE;
506 }
507
508 if (failed) {
509 /* Callback: request failed */
510 (*req->cb)(sipe_private,
511 SIPE_HTTP_STATUS_FAILED,
512 msg->headers,
513 NULL,
514 req->cb_data);
515
516 /* remove failed request */
517 sipe_http_request_cancel(req);
518 }
519 }
520
521 void sipe_http_request_shutdown(struct sipe_http_connection_public *conn_public,
522 gboolean abort)
523 {
524 if (conn_public->pending_requests) {
525 GSList *entry = conn_public->pending_requests;
526 guint status = abort ?
527 SIPE_HTTP_STATUS_ABORTED :
528 SIPE_HTTP_STATUS_FAILED;
529 gboolean warn = conn_public->connected && !abort;
530 while (entry) {
531 struct sipe_http_request *req = entry->data;
532
533 if (warn) {
534 SIPE_DEBUG_ERROR("sipe_http_request_shutdown: pending request at shutdown: could indicate missing _ready() call on request. Debugging information:\n"
535 "Host: %s\n"
536 "Port: %d\n"
537 "Path: %s\n"
538 "Method: %s\n",
539 conn_public->host,
540 conn_public->port,
541 req->path,
542 req->body ? "POST" : "GET");
543 }
544
545 sipe_http_request_free(conn_public->sipe_private,
546 req,
547 status);
548 entry = entry->next;
549 }
550 g_slist_free(conn_public->pending_requests);
551 conn_public->pending_requests = NULL;
552 }
553
554 if (conn_public->context) {
555 g_free(conn_public->cached_authorization);
556 conn_public->cached_authorization = NULL;
557 sip_sec_destroy_context(conn_public->context);
558 conn_public->context = NULL;
559 }
560 }
561
562 struct sipe_http_request *sipe_http_request_new(struct sipe_core_private *sipe_private,
563 const struct sipe_http_parsed_uri *parsed_uri,
564 const gchar *headers,
565 const gchar *body,
566 const gchar *content_type,
567 sipe_http_response_callback *callback,
568 gpointer callback_data)
569 {
570 struct sipe_http_request *req;
571 if (!parsed_uri)
572 return(NULL);
573 if (sipe_http_shutting_down(sipe_private)) {
574 SIPE_DEBUG_ERROR("sipe_http_request_new: new HTTP request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
575 "Host: %s\n"
576 "Port: %d\n"
577 "Path: %s\n"
578 "Headers: %s\n"
579 "Body: %s\n",
580 parsed_uri->host,
581 parsed_uri->port,
582 parsed_uri->path,
583 headers ? headers : "<NONE>",
584 body ? body : "<EMPTY>");
585 return(NULL);
586 }
587
588 req = g_new0(struct sipe_http_request, 1);
589 req->flags = 0;
590 req->cb = callback;
591 req->cb_data = callback_data;
592 if (headers)
593 req->headers = g_strdup(headers);
594 if (body) {
595 req->body = g_strdup(body);
596 req->content_type = g_strdup(content_type);
597 }
598
599 /* default authentication */
600 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO))
601 sipe_http_request_authentication(req,
602 sipe_private->authuser,
603 sipe_private->password);
604
605 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
606
607 return(req);
608 }
609
610 void sipe_http_request_ready(struct sipe_http_request *request)
611 {
612 struct sipe_http_connection_public *conn_public = request->connection;
613
614 /* pass first request on already opened connection through directly */
615 if ((request->flags & SIPE_HTTP_REQUEST_FLAG_FIRST) &&
616 conn_public->connected)
617 sipe_http_request_send(conn_public);
618 }
619
620 struct sipe_http_session *sipe_http_session_start(void)
621 {
622 struct sipe_http_session *session = g_new0(struct sipe_http_session, 1);
623 session->cookie_jar = g_hash_table_new_full(g_str_hash,
624 g_str_equal,
625 g_free,
626 g_free);
627 return(session);
628 }
629
630 void sipe_http_session_close(struct sipe_http_session *session)
631 {
632 if (session) {
633 g_hash_table_destroy(session->cookie_jar);
634 g_free(session);
635 }
636 }
637
638 void sipe_http_request_cancel(struct sipe_http_request *request)
639 {
640 struct sipe_http_connection_public *conn_public = request->connection;
641 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
642 request);
643
644 /* cancelled by requester, don't use callback */
645 request->cb = NULL;
646
647 sipe_http_request_free(conn_public->sipe_private,
648 request,
649 SIPE_HTTP_STATUS_CANCELLED);
650 }
651
652 void sipe_http_request_session(struct sipe_http_request *request,
653 struct sipe_http_session *session)
654 {
655 request->session = session;
656 }
657
658 void sipe_http_request_allow_redirect(struct sipe_http_request *request)
659 {
660 request->flags |= SIPE_HTTP_REQUEST_FLAG_REDIRECT;
661 }
662
663 void sipe_http_request_authentication(struct sipe_http_request *request,
664 const gchar *user,
665 const gchar *password)
666 {
667 request->flags |= SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
668 request->user = user;
669 request->password = password;
670 }
671
672 /*
673 Local Variables:
674 mode: c
675 c-file-style: "bsd"
676 indent-tabs-mode: t
677 tab-width: 8
678 End:
679 */
A third-party Pidgin plugin for Microsoft LCS/OCS