search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
http: on error response throw away security context
[siplcs.git] / src / core / sipe-http-request.c
blobfceba973fd09e398385fc79c330a44f344088350
1 /**
2 * @file sipe-http-request.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * SIPE HTTP request layer implementation
25 *
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <string.h>
39
40 #include <glib.h>
41
42 #include "sipmsg.h"
43 #include "sip-sec.h"
44 #include "sipe-backend.h"
45 #include "sipe-core.h"
46 #include "sipe-core-private.h"
47 #include "sipe-http.h"
48
49 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
50 #include "sipe-http-request.h"
51 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
52 #include "sipe-http-transport.h"
53
54 struct sipe_http_session {
55 gchar *cookie; /* extremely simplistic cookie jar :-) */
56 };
57
58 struct sipe_http_request {
59 struct sipe_http_connection_public *connection;
60
61 struct sipe_http_session *session;
62
63 gchar *path;
64 gchar *headers;
65 gchar *body; /* NULL for GET */
66 gchar *content_type; /* NULL if body == NULL */
67 gchar *authorization;
68
69 const gchar *domain; /* not copied */
70 const gchar *user; /* not copied */
71 const gchar *password; /* not copied */
72
73 sipe_http_response_callback *cb;
74 gpointer cb_data;
75
76 guint32 flags;
77 };
78
79 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
80 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
81 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
82
83 static void sipe_http_request_free(struct sipe_core_private *sipe_private,
84 struct sipe_http_request *req)
85 {
86 if (req->cb)
87 /* Callback: aborted */
88 (*req->cb)(sipe_private, 0, NULL, NULL, req->cb_data);
89 g_free(req->path);
90 g_free(req->headers);
91 g_free(req->body);
92 g_free(req->content_type);
93 g_free(req->authorization);
94 g_free(req);
95 }
96
97 static void sipe_http_request_send(struct sipe_http_connection_public *conn_public)
98 {
99 struct sipe_http_request *req = conn_public->pending_requests->data;
100 gchar *header;
101 gchar *content = NULL;
102 gchar *cookie = NULL;
103
104 if (req->body)
105 content = g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT "\r\n"
106 "Content-Type: %s\r\n",
107 strlen(req->body),
108 req->content_type);
109
110 if (req->session && req->session->cookie)
111 cookie = g_strdup_printf("Cookie: %s\r\n", req->session->cookie);
112
113 header = g_strdup_printf("%s /%s HTTP/1.1\r\n"
114 "Host: %s\r\n"
115 "User-Agent: Sipe/" PACKAGE_VERSION "\r\n"
116 "%s%s%s%s",
117 content ? "POST" : "GET",
118 req->path,
119 conn_public->host,
120 req->authorization ? req->authorization : "",
121 req->headers ? req->headers : "",
122 cookie ? cookie : "",
123 content ? content : "");
124 g_free(cookie);
125 g_free(content);
126
127 /* only use authorization once */
128 g_free(req->authorization);
129 req->authorization = NULL;
130
131 sipe_http_transport_send(conn_public,
132 header,
133 req->body);
134 g_free(header);
135 }
136
137 gboolean sipe_http_request_pending(struct sipe_http_connection_public *conn_public)
138 {
139 return(conn_public->pending_requests != NULL);
140 }
141
142 void sipe_http_request_next(struct sipe_http_connection_public *conn_public)
143 {
144 sipe_http_request_send(conn_public);
145 }
146
147 static void sipe_http_request_enqueue(struct sipe_core_private *sipe_private,
148 struct sipe_http_request *req,
149 const struct sipe_http_parsed_uri *parsed_uri)
150 {
151 struct sipe_http_connection_public *conn_public;
152
153 req->path = g_strdup(parsed_uri->path);
154 req->connection = conn_public = sipe_http_transport_new(sipe_private,
155 parsed_uri->host,
156 parsed_uri->port);
157 if (!sipe_http_request_pending(conn_public))
158 req->flags |= SIPE_HTTP_REQUEST_FLAG_FIRST;
159
160 conn_public->pending_requests = g_slist_append(conn_public->pending_requests,
161 req);
162 }
163
164 /* TRUE indicates failure */
165 static gboolean sipe_http_request_response_redirection(struct sipe_core_private *sipe_private,
166 struct sipe_http_request *req,
167 struct sipmsg *msg)
168 {
169 const gchar *location = sipmsg_find_header(msg, "Location");
170 gboolean failed = TRUE;
171
172 if (location) {
173 struct sipe_http_parsed_uri *parsed_uri = sipe_http_parse_uri(location);
174
175 if (parsed_uri) {
176 /* remove request from old connection */
177 struct sipe_http_connection_public *conn_public = req->connection;
178 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
179 req);
180
181 /* free old request data */
182 g_free(req->path);
183 req->flags &= ~SIPE_HTTP_REQUEST_FLAG_FIRST;
184
185 /* resubmit request on other connection */
186 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
187 failed = FALSE;
188
189 sipe_http_parsed_uri_free(parsed_uri);
190 } else
191 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
192 location);
193 } else
194 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
195
196 return(failed);
197 }
198
199 /* TRUE indicates failure */
200 static gboolean sipe_http_request_response_unauthorized(struct sipe_core_private *sipe_private,
201 struct sipe_http_request *req,
202 struct sipmsg *msg)
203 {
204 const gchar *header = NULL;
205 const gchar *name;
206 guint type;
207 gboolean failed = TRUE;
208
209 #if defined(HAVE_LIBKRB5) || defined(HAVE_SSPI)
210 #define DEBUG_STRING "NTLM and Negotiate authentications are"
211 /* Use "Negotiate" unless the user requested "NTLM" */
212 if (sipe_private->authentication_type != SIPE_AUTHENTICATION_TYPE_NTLM)
213 header = sipmsg_find_auth_header(msg, "Negotiate");
214 if (header) {
215 type = SIPE_AUTHENTICATION_TYPE_NEGOTIATE;
216 name = "Negotiate";
217 } else
218 #else
219 #define DEBUG_STRING "NTLM authentication is"
220 (void) sipe_private; /* keep compiler happy */
221 #endif
222 {
223 header = sipmsg_find_auth_header(msg, "NTLM");
224 type = SIPE_AUTHENTICATION_TYPE_NTLM;
225 name = "NTLM";
226 }
227
228 if (header) {
229 struct sipe_http_connection_public *conn_public = req->connection;
230
231 if (!conn_public->context) {
232 gboolean valid = req->flags & SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
233 conn_public->context = sip_sec_create_context(type,
234 !valid, /* Single Sign-On flag */
235 TRUE, /* connection-based for HTTP */
236 valid ? req->domain : NULL,
237 valid ? req->user : NULL,
238 valid ? req->password : NULL);
239 }
240
241
242 if (conn_public->context) {
243 gchar **parts = g_strsplit(header, " ", 0);
244 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
245 gchar *token;
246
247 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
248 spn, parts[1] ? parts[1] : "<NULL>");
249
250 if (sip_sec_init_context_step(conn_public->context,
251 spn,
252 parts[1],
253 &token,
254 NULL)) {
255
256 /* generate authorization header */
257 req->authorization = g_strdup_printf("Authorization: %s %s\r\n",
258 name,
259 token ? token : "");
260 g_free(token);
261
262 /*
263 * Keep the request in the queue. As it is at
264 * the head it will be pulled automatically
265 * by the transport layer after returning.
266 */
267 failed = FALSE;
268
269 } else
270 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed");
271
272 g_free(spn);
273 g_strfreev(parts);
274 } else
275 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
276 } else
277 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only " DEBUG_STRING " supported");
278
279 return(failed);
280 }
281
282 static void sipe_http_request_response_callback(struct sipe_core_private *sipe_private,
283 struct sipe_http_request *req,
284 struct sipmsg *msg)
285 {
286 const gchar *hdr;
287
288 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
289 if (req->session &&
290 ((hdr = sipmsg_find_header(msg, "Set-Cookie")) != NULL)) {
291 gchar **parts, **current;
292 const gchar *part;
293 gchar *new = NULL;
294
295 g_free(req->session->cookie);
296 req->session->cookie = NULL;
297
298 current = parts = g_strsplit(hdr, ";", 0);
299 while ((part = *current++) != NULL) {
300 /* strip these parts from cookie */
301 if (!(strstr(part, "path=") ||
302 strstr(part, "domain=") ||
303 strstr(part, "expires=") ||
304 strstr(part, "secure"))) {
305 gchar *tmp = new;
306 new = new ?
307 g_strconcat(new, ";", part, NULL) :
308 g_strdup(part);
309 g_free(tmp);
310 }
311 }
312 g_strfreev(parts);
313
314 if (new) {
315 req->session->cookie = new;
316 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
317 }
318 }
319
320 /* Callback: success */
321 (*req->cb)(sipe_private,
322 msg->response,
323 msg->headers,
324 msg->body,
325 req->cb_data);
326
327 /* remove completed request */
328 sipe_http_request_cancel(req);
329 }
330
331 void sipe_http_request_response(struct sipe_http_connection_public *conn_public,
332 struct sipmsg *msg)
333 {
334 struct sipe_core_private *sipe_private = conn_public->sipe_private;
335 struct sipe_http_request *req = conn_public->pending_requests->data;
336 gboolean failed;
337
338 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_REDIRECT) &&
339 (msg->response >= SIPE_HTTP_STATUS_REDIRECTION) &&
340 (msg->response < SIPE_HTTP_STATUS_CLIENT_ERROR)) {
341 failed = sipe_http_request_response_redirection(sipe_private,
342 req,
343 msg);
344
345 } else if (msg->response == SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED) {
346 failed = sipe_http_request_response_unauthorized(sipe_private,
347 req,
348 msg);
349
350 } else {
351 /* On error throw away the security context */
352 if ((msg->response >= SIPE_HTTP_STATUS_CLIENT_ERROR) &&
353 conn_public->context) {
354 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
355 msg->response);
356 sip_sec_destroy_context(conn_public->context);
357 conn_public->context = NULL;
358 }
359
360 /* All other cases are passed on to the user */
361 sipe_http_request_response_callback(sipe_private, req, msg);
362
363 /* req is no longer valid */
364 failed = FALSE;
365 }
366
367 if (failed) {
368 /* Callback: request failed */
369 (*req->cb)(sipe_private, 0, NULL, NULL, req->cb_data);
370
371 /* remove failed request */
372 sipe_http_request_cancel(req);
373 }
374 }
375
376 void sipe_http_request_shutdown(struct sipe_http_connection_public *conn_public)
377 {
378 if (conn_public->pending_requests) {
379 GSList *entry = conn_public->pending_requests;
380 while (entry) {
381 sipe_http_request_free(conn_public->sipe_private,
382 entry->data);
383 entry = entry->next;
384 }
385 g_slist_free(conn_public->pending_requests);
386 conn_public->pending_requests = NULL;
387 }
388
389 if (conn_public->context) {
390 sip_sec_destroy_context(conn_public->context);
391 conn_public->context = NULL;
392 }
393 }
394
395 struct sipe_http_request *sipe_http_request_new(struct sipe_core_private *sipe_private,
396 const struct sipe_http_parsed_uri *parsed_uri,
397 const gchar *headers,
398 const gchar *body,
399 const gchar *content_type,
400 sipe_http_response_callback *callback,
401 gpointer callback_data)
402 {
403 struct sipe_http_request *req;
404 if (!parsed_uri)
405 return(NULL);
406
407 req = g_new0(struct sipe_http_request, 1);
408 req->flags = 0;
409 req->cb = callback;
410 req->cb_data = callback_data;
411 if (headers)
412 req->headers = g_strdup(headers);
413 if (body) {
414 req->body = g_strdup(body);
415 req->content_type = g_strdup(content_type);
416 }
417
418 /* default authentication */
419 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO))
420 sipe_http_request_authentication(req,
421 sipe_private->authdomain,
422 sipe_private->authuser,
423 sipe_private->password);
424
425 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
426
427 return(req);
428 }
429
430 void sipe_http_request_ready(struct sipe_http_request *request)
431 {
432 struct sipe_http_connection_public *conn_public = request->connection;
433
434 /* pass first request on already opened connection through directly */
435 if ((request->flags & SIPE_HTTP_REQUEST_FLAG_FIRST) &&
436 conn_public->connected)
437 sipe_http_request_send(conn_public);
438 }
439
440 struct sipe_http_session *sipe_http_session_start(void)
441 {
442 return(g_new0(struct sipe_http_session, 1));
443 }
444
445 void sipe_http_session_close(struct sipe_http_session *session)
446 {
447 if (session) {
448 g_free(session->cookie);
449 g_free(session);
450 }
451 }
452
453 void sipe_http_request_cancel(struct sipe_http_request *request)
454 {
455 struct sipe_http_connection_public *conn_public = request->connection;
456 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
457 request);
458
459 /* cancelled by requester, don't use callback */
460 request->cb = NULL;
461
462 sipe_http_request_free(conn_public->sipe_private, request);
463 }
464
465 void sipe_http_request_session(struct sipe_http_request *request,
466 struct sipe_http_session *session)
467 {
468 request->session = session;
469 }
470
471 void sipe_http_request_allow_redirect(struct sipe_http_request *request)
472 {
473 request->flags |= SIPE_HTTP_REQUEST_FLAG_REDIRECT;
474 }
475
476 void sipe_http_request_authentication(struct sipe_http_request *request,
477 const gchar *domain,
478 const gchar *user,
479 const gchar *password)
480 {
481 request->flags |= SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
482 request->domain = domain;
483 request->user = user;
484 request->password = password;
485 }
486
487 /*
488 Local Variables:
489 mode: c
490 c-file-style: "bsd"
491 indent-tabs-mode: t
492 tab-width: 8
493 End:
494 */
A third-party Pidgin plugin for Microsoft LCS/OCS