search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:ntlm_auth: make logs more consistent with length check
[Samba.git] / libcli / http / http.c
blob6f22214f70617f5a6c91f178db3b67680842a989
1 /*
2 Unix SMB/CIFS implementation.
3
4 HTTP library
5
6 Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "lib/util/tevent_ntstatus.h"
24 #include "http.h"
25 #include "http_internal.h"
26 #include "util/tevent_werror.h"
27 #include "lib/util/dlinklist.h"
28
29 #undef strcasecmp
30
31 enum http_body_type {
32 BODY_NONE = 0,
33 BODY_CONTENT_LENGTH,
34 BODY_CHUNKED,
35 BODY_ERROR = -1
36 };
37
38 /**
39 * Determines if a response should have a body.
40 * @return 2 if response MUST use chunked encoding,
41 * 1 if the response MUST have a body;
42 * 0 if the response MUST NOT have a body.
43 * Returns -1 on error.
44 */
45 static enum http_body_type http_response_needs_body(
46 struct http_request *req)
47 {
48 struct http_header *h = NULL;
49
50 if (!req) {
51 return BODY_ERROR;
52 }
53
54 for (h = req->headers; h != NULL; h = h->next) {
55 int cmp;
56 int n;
57 char c;
58 unsigned long long v;
59
60 cmp = strcasecmp(h->key, "Transfer-Encoding");
61 if (cmp == 0) {
62 cmp = strcasecmp(h->value, "chunked");
63 if (cmp == 0) {
64 return BODY_CHUNKED;
65 }
66 /* unsupported Transfer-Encoding type */
67 DBG_ERR("Unsupported transfer encoding type %s\n",
68 h->value);
69 return BODY_ERROR;
70 }
71
72 cmp = strcasecmp(h->key, "Content-Length");
73 if (cmp != 0) {
74 continue;
75 }
76
77 n = sscanf(h->value, "%llu%c", &v, &c);
78 if (n != 1) {
79 return BODY_ERROR;
80 }
81
82 req->remaining_content_length = v;
83
84 if (v != 0) {
85 return BODY_CONTENT_LENGTH;
86 }
87
88 return BODY_NONE;
89 }
90
91 return BODY_NONE;
92 }
93 struct http_chunk
94 {
95 struct http_chunk *prev, *next;
96 DATA_BLOB blob;
97 };
98
99 struct http_read_response_state {
100 enum http_parser_state parser_state;
101 size_t max_headers_size;
102 uint64_t max_content_length;
103 DATA_BLOB buffer;
104 struct http_request *response;
105 struct http_chunk *chunks;
106 };
107
108 /**
109 * Parses the HTTP headers
110 */
111 static enum http_read_status http_parse_headers(struct http_read_response_state *state)
112 {
113 enum http_read_status status = HTTP_ALL_DATA_READ;
114 char *ptr = NULL;
115 char *line = NULL;
116 char *key = NULL;
117 char *value = NULL;
118 int n = 0;
119 enum http_body_type ret;
120
121 /* Sanity checks */
122 if (!state || !state->response) {
123 DEBUG(0, ("%s: Invalid Parameter\n", __func__));
124 return HTTP_DATA_CORRUPTED;
125 }
126
127 if (state->buffer.length > state->max_headers_size) {
128 DEBUG(0, ("%s: Headers too long: %zi, maximum length is %zi\n", __func__,
129 state->buffer.length, state->max_headers_size));
130 return HTTP_DATA_TOO_LONG;
131 }
132
133 line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
134 if (!line) {
135 DEBUG(0, ("%s: Memory error\n", __func__));
136 return HTTP_DATA_CORRUPTED;
137 }
138
139 ptr = strstr(line, "\r\n");
140 if (ptr == NULL) {
141 TALLOC_FREE(line);
142 return HTTP_MORE_DATA_EXPECTED;
143 }
144
145 state->response->headers_size += state->buffer.length;
146
147 if (strncmp(line, "\r\n", 2) == 0) {
148 DEBUG(11,("%s: All headers read\n", __func__));
149
150 ret = http_response_needs_body(state->response);
151 switch (ret) {
152 case BODY_CHUNKED:
153 DEBUG(11, ("%s: need to process chunks... %d\n", __func__,
154 state->response->response_code));
155 state->parser_state = HTTP_READING_CHUNK_SIZE;
156 break;
157 case BODY_CONTENT_LENGTH:
158 if (state->response->remaining_content_length <= state->max_content_length) {
159 DEBUG(11, ("%s: Start of read body\n", __func__));
160 state->parser_state = HTTP_READING_BODY;
161 break;
162 }
163 FALL_THROUGH;
164 case BODY_NONE:
165 DEBUG(11, ("%s: Skipping body for code %d\n", __func__,
166 state->response->response_code));
167 state->parser_state = HTTP_READING_DONE;
168 break;
169 case BODY_ERROR:
170 DEBUG(0, ("%s_: Error in http_response_needs_body\n", __func__));
171 TALLOC_FREE(line);
172 return HTTP_DATA_CORRUPTED;
173 break;
174 }
175
176 TALLOC_FREE(line);
177 return HTTP_ALL_DATA_READ;
178 }
179
180 n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
181 if (n != 2) {
182 DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
183 status = HTTP_DATA_CORRUPTED;
184 goto error;
185 }
186
187 if (http_add_header(state->response, &state->response->headers, key, value) == -1) {
188 DEBUG(0, ("%s: Error adding header\n", __func__));
189 status = HTTP_DATA_CORRUPTED;
190 goto error;
191 }
192
193 error:
194 free(key);
195 free(value);
196 TALLOC_FREE(line);
197 return status;
198 }
199
200 static bool http_response_process_chunks(struct http_read_response_state *state)
201 {
202 struct http_chunk *chunk = NULL;
203 struct http_request *resp = state->response;
204
205 for (chunk = state->chunks; chunk; chunk = chunk->next) {
206 DBG_DEBUG("processing chunk of size %zi\n",
207 chunk->blob.length);
208 if (resp->body.data == NULL) {
209 resp->body = chunk->blob;
210 chunk->blob = data_blob_null;
211 talloc_steal(resp, resp->body.data);
212 continue;
213 }
214
215 resp->body.data =
216 talloc_realloc(resp,
217 resp->body.data,
218 uint8_t,
219 resp->body.length + chunk->blob.length);
220 if (!resp->body.data) {
221 return false;
222 }
223 memcpy(resp->body.data + resp->body.length,
224 chunk->blob.data,
225 chunk->blob.length);
226
227 resp->body.length += chunk->blob.length;
228
229 TALLOC_FREE(chunk->blob.data);
230 chunk->blob = data_blob_null;
231 }
232 return true;
233 }
234
235 static enum http_read_status http_read_chunk_term(struct http_read_response_state *state)
236 {
237 enum http_read_status status = HTTP_ALL_DATA_READ;
238 char *ptr = NULL;
239 char *line = NULL;
240
241 /* Sanity checks */
242 if (!state || !state->response) {
243 DBG_ERR("%s: Invalid Parameter\n", __func__);
244 return HTTP_DATA_CORRUPTED;
245 }
246
247 line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
248 if (!line) {
249 DBG_ERR("%s: Memory error\n", __func__);
250 return HTTP_DATA_CORRUPTED;
251 }
252 ptr = strstr(line, "\r\n");
253 if (ptr == NULL) {
254 TALLOC_FREE(line);
255 return HTTP_MORE_DATA_EXPECTED;
256 }
257
258 if (strncmp(line, "\r\n", 2) == 0) {
259 /* chunk terminator */
260 if (state->parser_state == HTTP_READING_FINAL_CHUNK_TERM) {
261 if (http_response_process_chunks(state) == false) {
262 status = HTTP_DATA_CORRUPTED;
263 goto out;
264 }
265 state->parser_state = HTTP_READING_DONE;
266 } else {
267 state->parser_state = HTTP_READING_CHUNK_SIZE;
268 }
269 status = HTTP_ALL_DATA_READ;
270 goto out;
271 }
272
273 status = HTTP_DATA_CORRUPTED;
274 out:
275 TALLOC_FREE(line);
276 return status;
277 }
278
279 static enum http_read_status http_read_chunk_size(struct http_read_response_state *state)
280 {
281 enum http_read_status status = HTTP_ALL_DATA_READ;
282 char *ptr = NULL;
283 char *line = NULL;
284 char *value = NULL;
285 int n = 0;
286 unsigned long long v;
287
288 /* Sanity checks */
289 if (!state || !state->response) {
290 DBG_ERR("%s: Invalid Parameter\n", __func__);
291 return HTTP_DATA_CORRUPTED;
292 }
293
294 line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
295 if (!line) {
296 DBG_ERR("%s: Memory error\n", __func__);
297 return HTTP_DATA_CORRUPTED;
298 }
299 ptr = strstr(line, "\r\n");
300 if (ptr == NULL) {
301 TALLOC_FREE(line);
302 return HTTP_MORE_DATA_EXPECTED;
303 }
304
305 n = sscanf(line, "%m[^\r\n]\r\n", &value);
306 if (n != 1) {
307 DBG_ERR("%s: Error parsing chunk size '%s'\n", __func__, line);
308 status = HTTP_DATA_CORRUPTED;
309 goto out;
310 }
311
312 DBG_DEBUG("Got chunk size string %s\n", value);
313 n = sscanf(value, "%llx", &v);
314 if (n != 1) {
315 DBG_ERR("%s: Error parsing chunk size '%s'\n", __func__, line);
316 status = HTTP_DATA_CORRUPTED;
317 goto out;
318 }
319 DBG_DEBUG("Got chunk size %llu 0x%llx\n", v, v);
320 if (v == 0) {
321 state->parser_state = HTTP_READING_FINAL_CHUNK_TERM;
322 } else {
323 state->parser_state = HTTP_READING_CHUNK;
324 }
325 state->response->remaining_content_length = v;
326 status = HTTP_ALL_DATA_READ;
327 out:
328 if (value) {
329 free(value);
330 }
331 TALLOC_FREE(line);
332 return status;
333 }
334
335 /**
336 * Parses the first line of a HTTP response
337 */
338 static bool http_parse_response_line(struct http_read_response_state *state)
339 {
340 bool status = true;
341 char *protocol;
342 char *msg = NULL;
343 char major;
344 char minor;
345 int code;
346 char *line = NULL;
347 int n;
348
349 /* Sanity checks */
350 if (!state) {
351 DEBUG(0, ("%s: Input parameter is NULL\n", __func__));
352 return false;
353 }
354
355 line = talloc_strndup(state, (char*)state->buffer.data, state->buffer.length);
356 if (!line) {
357 DEBUG(0, ("%s: Memory error\n", __func__));
358 return false;
359 }
360
361 n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
362 &protocol, &major, &minor, &code, &msg);
363
364 DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
365 "code->%d, message->%s\n", __func__, n, protocol, major, minor,
366 code, msg));
367
368 if (n != 5) {
369 DEBUG(0, ("%s: Error parsing header\n", __func__));
370 status = false;
371 goto error;
372 }
373
374 if (major != '1') {
375 DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
376 status = false;
377 goto error;
378 }
379
380 if (code == 0) {
381 DEBUG(0, ("%s: Bad response code '%d'\n", __func__, code));
382 status = false;
383 goto error;
384 }
385
386 if (msg == NULL) {
387 DEBUG(0, ("%s: Error parsing HTTP data\n", __func__));
388 status = false;
389 goto error;
390 }
391
392 state->response->major = major;
393 state->response->minor = minor;
394 state->response->response_code = code;
395 state->response->response_code_line = talloc_strndup(state->response,
396 msg, strlen(msg));
397
398 error:
399 free(protocol);
400 free(msg);
401 TALLOC_FREE(line);
402 return status;
403 }
404
405 /*
406 * Parses header lines from a request or a response into the specified
407 * request object given a buffer.
408 *
409 * Returns
410 * HTTP_DATA_CORRUPTED on error
411 * HTTP_MORE_DATA_EXPECTED when we need to read more headers
412 * HTTP_DATA_TOO_LONG on error
413 * HTTP_ALL_DATA_READ when all headers have been read
414 */
415 static enum http_read_status http_parse_firstline(struct http_read_response_state *state)
416 {
417 enum http_read_status status = HTTP_ALL_DATA_READ;
418 char *ptr = NULL;
419 char *line;
420
421 /* Sanity checks */
422 if (!state) {
423 DEBUG(0, ("%s: Invalid Parameter\n", __func__));
424 return HTTP_DATA_CORRUPTED;
425 }
426
427 if (state->buffer.length > state->max_headers_size) {
428 DEBUG(0, ("%s: Headers too long: %zi, maximum length is %zi\n", __func__,
429 state->buffer.length, state->max_headers_size));
430 return HTTP_DATA_TOO_LONG;
431 }
432
433 line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
434 if (!line) {
435 DEBUG(0, ("%s: Not enough memory\n", __func__));
436 return HTTP_DATA_CORRUPTED;
437 }
438
439 ptr = strstr(line, "\r\n");
440 if (ptr == NULL) {
441 TALLOC_FREE(line);
442 return HTTP_MORE_DATA_EXPECTED;
443 }
444
445 state->response->headers_size = state->buffer.length;
446 if (!http_parse_response_line(state)) {
447 status = HTTP_DATA_CORRUPTED;
448 }
449
450 /* Next state, read HTTP headers */
451 state->parser_state = HTTP_READING_HEADERS;
452
453 TALLOC_FREE(line);
454 return status;
455 }
456
457 static enum http_read_status http_read_body(struct http_read_response_state *state)
458 {
459 struct http_request *resp = state->response;
460
461 if (state->buffer.length < resp->remaining_content_length) {
462 return HTTP_MORE_DATA_EXPECTED;
463 }
464
465 resp->body = state->buffer;
466 state->buffer = data_blob_null;
467 talloc_steal(resp, resp->body.data);
468 resp->remaining_content_length = 0;
469
470 state->parser_state = HTTP_READING_DONE;
471 return HTTP_ALL_DATA_READ;
472 }
473
474 static enum http_read_status http_read_chunk(struct http_read_response_state *state)
475 {
476 struct http_request *resp = state->response;
477 struct http_chunk *chunk = NULL;
478 size_t total = 0;
479 size_t prev = 0;
480
481 if (state->buffer.length < resp->remaining_content_length) {
482 return HTTP_MORE_DATA_EXPECTED;
483 }
484
485 for (chunk = state->chunks; chunk; chunk = chunk->next) {
486 total += chunk->blob.length;
487 }
488
489 prev = total;
490 total = total + state->buffer.length;
491 if (total < prev) {
492 DBG_ERR("adding chunklen %zu to buf len %zu "
493 "will overflow\n",
494 state->buffer.length,
495 prev);
496 return HTTP_DATA_CORRUPTED;
497 }
498 if (total > state->max_content_length) {
499 DBG_DEBUG("size %zu exceeds "
500 "max content len %"PRIu64" skipping body\n",
501 total,
502 state->max_content_length);
503 state->parser_state = HTTP_READING_DONE;
504 goto out;
505 }
506
507 /* chunk read */
508 chunk = talloc_zero(state, struct http_chunk);
509 if (chunk == NULL) {
510 DBG_ERR("%s: Memory error\n", __func__);
511 return HTTP_DATA_CORRUPTED;
512 }
513 chunk->blob = state->buffer;
514 talloc_steal(chunk, chunk->blob.data);
515 DLIST_ADD_END(state->chunks, chunk);
516 state->parser_state = HTTP_READING_CHUNK_TERM;
517 out:
518 state->buffer = data_blob_null;
519 resp->remaining_content_length = 0;
520 return HTTP_ALL_DATA_READ;
521 }
522
523 static enum http_read_status http_read_trailer(struct http_read_response_state *state)
524 {
525 enum http_read_status status = HTTP_DATA_CORRUPTED;
526 /* TODO */
527 return status;
528 }
529
530 static enum http_read_status http_parse_buffer(struct http_read_response_state *state)
531 {
532 if (!state) {
533 DEBUG(0, ("%s: Invalid parameter\n", __func__));
534 return HTTP_DATA_CORRUPTED;
535 }
536
537 switch (state->parser_state) {
538 case HTTP_READING_FIRSTLINE:
539 return http_parse_firstline(state);
540 case HTTP_READING_HEADERS:
541 return http_parse_headers(state);
542 case HTTP_READING_BODY:
543 return http_read_body(state);
544 break;
545 case HTTP_READING_FINAL_CHUNK_TERM:
546 case HTTP_READING_CHUNK_TERM:
547 return http_read_chunk_term(state);
548 break;
549 case HTTP_READING_CHUNK_SIZE:
550 return http_read_chunk_size(state);
551 break;
552 case HTTP_READING_CHUNK:
553 return http_read_chunk(state);
554 break;
555 case HTTP_READING_TRAILER:
556 return http_read_trailer(state);
557 break;
558 case HTTP_READING_DONE:
559 /* All read */
560 return HTTP_ALL_DATA_READ;
561 default:
562 DEBUG(0, ("%s: Illegal parser state %d\n", __func__,
563 state->parser_state));
564 break;
565 }
566 return HTTP_DATA_CORRUPTED;
567 }
568
569 static int http_header_is_valid_value(const char *value)
570 {
571 const char *p = NULL;
572
573 /* Sanity checks */
574 if (!value) {
575 DEBUG(0, ("%s: Invalid parameter\n", __func__));
576 return -1;
577 }
578 p = value;
579
580 while ((p = strpbrk(p, "\r\n")) != NULL) {
581 /* Expect only one new line */
582 p += strspn(p, "\r\n");
583 /* Expect a space or tab for continuation */
584 if (*p != ' ' && *p != '\t')
585 return (0);
586 }
587 return 1;
588 }
589
590 static int http_add_header_internal(TALLOC_CTX *mem_ctx,
591 struct http_header **headers,
592 const char *key, const char *value,
593 bool replace)
594 {
595 struct http_header *tail = NULL;
596 struct http_header *h = NULL;
597
598 /* Sanity checks */
599 if (!headers || !key || !value) {
600 DEBUG(0, ("Invalid parameter\n"));
601 return -1;
602 }
603
604
605
606 if (replace) {
607 for (h = *headers; h != NULL; h = h->next) {
608 if (strcasecmp(key, h->key) == 0) {
609 break;
610 }
611 }
612
613 if (h != NULL) {
614 /* Replace header value */
615 if (h->value) {
616 talloc_free(h->value);
617 }
618 h->value = talloc_strdup(h, value);
619 DEBUG(11, ("%s: Replaced HTTP header: key '%s', value '%s'\n",
620 __func__, h->key, h->value));
621 return 0;
622 }
623 }
624
625 /* Add new header */
626 h = talloc(mem_ctx, struct http_header);
627 h->key = talloc_strdup(h, key);
628 h->value = talloc_strdup(h, value);
629 DLIST_ADD_END(*headers, h);
630 tail = DLIST_TAIL(*headers);
631 if (tail != h) {
632 DEBUG(0, ("%s: Error adding header\n", __func__));
633 return -1;
634 }
635 DEBUG(11, ("%s: Added HTTP header: key '%s', value '%s'\n",
636 __func__, h->key, h->value));
637 return 0;
638 }
639
640 int http_add_header(TALLOC_CTX *mem_ctx,
641 struct http_header **headers,
642 const char *key, const char *value)
643 {
644 if (strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
645 DEBUG(0, ("%s: Dropping illegal header key\n", __func__));
646 return -1;
647 }
648
649 if (!http_header_is_valid_value(value)) {
650 DEBUG(0, ("%s: Dropping illegal header value\n", __func__));
651 return -1;
652 }
653
654 return (http_add_header_internal(mem_ctx, headers, key, value, false));
655 }
656
657 int http_replace_header(TALLOC_CTX *mem_ctx,
658 struct http_header **headers,
659 const char *key, const char *value)
660 {
661 if (strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
662 DEBUG(0, ("%s: Dropping illegal header key\n", __func__));
663 return -1;
664 }
665
666 if (!http_header_is_valid_value(value)) {
667 DEBUG(0, ("%s: Dropping illegal header value\n", __func__));
668 return -1;
669 }
670
671 return (http_add_header_internal(mem_ctx, headers, key, value, true));
672 }
673
674 /**
675 * Remove a header from the headers list.
676 *
677 * Returns 0, if the header was successfully removed.
678 * Returns -1, if the header could not be found.
679 */
680 int http_remove_header(struct http_header **headers, const char *key)
681 {
682 struct http_header *header;
683
684 /* Sanity checks */
685 if (!headers || !key) {
686 DEBUG(0, ("%s: Invalid parameter\n", __func__));
687 return -1;
688 }
689
690 for(header = *headers; header != NULL; header = header->next) {
691 if (strcmp(key, header->key) == 0) {
692 DLIST_REMOVE(*headers, header);
693 return 0;
694 }
695 }
696 return -1;
697 }
698
699 static int http_read_response_next_vector(struct tstream_context *stream,
700 void *private_data,
701 TALLOC_CTX *mem_ctx,
702 struct iovec **_vector,
703 size_t *_count)
704 {
705 struct http_read_response_state *state;
706 struct iovec *vector;
707
708 /* Sanity checks */
709 if (!stream || !private_data || !_vector || !_count) {
710 DEBUG(0, ("%s: Invalid Parameter\n", __func__));
711 return -1;
712 }
713
714 state = talloc_get_type_abort(private_data, struct http_read_response_state);
715 vector = talloc_array(mem_ctx, struct iovec, 1);
716 if (!vector) {
717 DEBUG(0, ("%s: No more memory\n", __func__));
718 return -1;
719 }
720
721 if (state->buffer.data == NULL) {
722 /* Allocate buffer */
723 state->buffer.data = talloc_zero_array(state, uint8_t, 1);
724 if (!state->buffer.data) {
725 DEBUG(0, ("%s: No more memory\n", __func__));
726 return -1;
727 }
728 state->buffer.length = 1;
729
730 /* Return now, nothing to parse yet */
731 vector[0].iov_base = (void *)(state->buffer.data);
732 vector[0].iov_len = 1;
733 *_vector = vector;
734 *_count = 1;
735 return 0;
736 }
737
738 switch (http_parse_buffer(state)) {
739 case HTTP_ALL_DATA_READ:
740 if (state->parser_state == HTTP_READING_DONE) {
741 /* Full request or response parsed */
742 *_vector = NULL;
743 *_count = 0;
744 } else {
745 /* Free current buffer and allocate new one */
746 TALLOC_FREE(state->buffer.data);
747 state->buffer.data = talloc_zero_array(state, uint8_t, 1);
748 if (!state->buffer.data) {
749 return -1;
750 }
751 state->buffer.length = 1;
752
753 vector[0].iov_base = (void *)(state->buffer.data);
754 vector[0].iov_len = 1;
755 *_vector = vector;
756 *_count = 1;
757 }
758 break;
759 case HTTP_MORE_DATA_EXPECTED: {
760 size_t toread = 1;
761 size_t total;
762 if (state->parser_state == HTTP_READING_BODY ||
763 state->parser_state == HTTP_READING_CHUNK) {
764 struct http_request *resp = state->response;
765 toread = resp->remaining_content_length -
766 state->buffer.length;
767 }
768
769 total = toread + state->buffer.length;
770
771 if (total < state->buffer.length) {
772 DBG_ERR("adding %zu to buf len %zu "
773 "will overflow\n",
774 toread,
775 state->buffer.length);
776 return -1;
777 }
778
779 /*
780 * test if content-length message exceeds the
781 * specified max_content_length
782 * Note: This check won't be hit at the moment
783 * due to an existing check in parse_headers
784 * which will skip the body. Check is here
785 * for completeness and to cater for future
786 * code changes.
787 */
788 if (state->parser_state == HTTP_READING_BODY) {
789 if (total > state->max_content_length) {
790 DBG_ERR("content size %zu exceeds "
791 "max content len %"PRIu64"\n",
792 total,
793 state->max_content_length);
794 return -1;
795 }
796 }
797
798 state->buffer.data =
799 talloc_realloc(state, state->buffer.data,
800 uint8_t,
801 state->buffer.length + toread);
802 if (!state->buffer.data) {
803 return -1;
804 }
805 state->buffer.length += toread;
806 vector[0].iov_base = (void *)(state->buffer.data +
807 state->buffer.length - toread);
808 vector[0].iov_len = toread;
809 *_vector = vector;
810 *_count = 1;
811 break;
812 }
813 case HTTP_DATA_CORRUPTED:
814 case HTTP_REQUEST_CANCELED:
815 case HTTP_DATA_TOO_LONG:
816 return -1;
817 break;
818 default:
819 DEBUG(0, ("%s: Unexpected status\n", __func__));
820 break;
821 }
822 return 0;
823 }
824
825
826 /**
827 * Reads a HTTP response
828 */
829 static void http_read_response_done(struct tevent_req *);
830 struct tevent_req *http_read_response_send(TALLOC_CTX *mem_ctx,
831 struct tevent_context *ev,
832 struct http_conn *http_conn,
833 size_t max_content_length)
834 {
835 struct tevent_req *req;
836 struct tevent_req *subreq;
837 struct http_read_response_state *state;
838
839 DEBUG(11, ("%s: Reading HTTP response\n", __func__));
840
841 /* Sanity checks */
842 if (ev == NULL || http_conn == NULL) {
843 DEBUG(0, ("%s: Invalid parameter\n", __func__));
844 return NULL;
845 }
846
847 req = tevent_req_create(mem_ctx, &state, struct http_read_response_state);
848 if (req == NULL) {
849 return NULL;
850 }
851
852 state->max_headers_size = HTTP_MAX_HEADER_SIZE;
853 state->max_content_length = (uint64_t)max_content_length;
854 state->parser_state = HTTP_READING_FIRSTLINE;
855 state->response = talloc_zero(state, struct http_request);
856 if (tevent_req_nomem(state->response, req)) {
857 return tevent_req_post(req, ev);
858 }
859
860 subreq = tstream_readv_pdu_send(state, ev, http_conn->tstreams.active,
861 http_read_response_next_vector,
862 state);
863 if (tevent_req_nomem(subreq,req)) {
864 return tevent_req_post(req, ev);
865 }
866 tevent_req_set_callback(subreq, http_read_response_done, req);
867
868 return req;
869 }
870
871 static void http_read_response_done(struct tevent_req *subreq)
872 {
873 NTSTATUS status;
874 struct tevent_req *req;
875 enum http_body_type ret;
876 int sys_errno;
877
878 if (!subreq) {
879 DEBUG(0, ("%s: Invalid parameter\n", __func__));
880 return;
881 }
882
883 req = tevent_req_callback_data(subreq, struct tevent_req);
884
885 ret = tstream_readv_pdu_recv(subreq, &sys_errno);
886 DEBUG(11, ("%s: HTTP response read (%d bytes)\n", __func__, ret));
887 TALLOC_FREE(subreq);
888 if (ret == -1) {
889 status = map_nt_error_from_unix_common(sys_errno);
890 DEBUG(0, ("%s: Failed to read HTTP response: %s\n",
891 __func__, nt_errstr(status)));
892 tevent_req_nterror(req, status);
893 return;
894 }
895
896 tevent_req_done(req);
897 }
898
899 NTSTATUS http_read_response_recv(struct tevent_req *req,
900 TALLOC_CTX *mem_ctx,
901 struct http_request **response)
902 {
903 NTSTATUS status;
904 struct http_read_response_state *state;
905
906 if (!mem_ctx || !response || !req) {
907 DEBUG(0, ("%s: Invalid parameter\n", __func__));
908 return NT_STATUS_INVALID_PARAMETER;
909 }
910 if (tevent_req_is_nterror(req, &status)) {
911 tevent_req_received(req);
912 return status;
913 }
914
915 state = tevent_req_data(req, struct http_read_response_state);
916 *response = state->response;
917 talloc_steal(mem_ctx, state->response);
918
919 tevent_req_received(req);
920
921 return NT_STATUS_OK;
922 }
923
924 static const char *http_method_str(enum http_cmd_type type)
925 {
926 const char *method;
927
928 switch (type) {
929 case HTTP_REQ_POST:
930 method = "POST";
931 break;
932 case HTTP_REQ_RPC_IN_DATA:
933 method = "RPC_IN_DATA";
934 break;
935 case HTTP_REQ_RPC_OUT_DATA:
936 method = "RPC_OUT_DATA";
937 break;
938 default:
939 method = NULL;
940 break;
941 }
942
943 return method;
944 }
945
946 static NTSTATUS http_push_request_line(TALLOC_CTX *mem_ctx,
947 DATA_BLOB *buffer,
948 const struct http_request *req)
949 {
950 const char *method;
951 char *str;
952
953 /* Sanity checks */
954 if (!buffer || !req) {
955 DEBUG(0, ("%s: Invalid parameter\n", __func__));
956 return NT_STATUS_INVALID_PARAMETER;
957 }
958
959 method = http_method_str(req->type);
960 if (method == NULL) {
961 return NT_STATUS_INVALID_PARAMETER;
962 }
963
964 str = talloc_asprintf(mem_ctx, "%s %s HTTP/%c.%c\r\n", method,
965 req->uri, req->major, req->minor);
966 if (str == NULL)
967 return NT_STATUS_NO_MEMORY;
968
969 if (!data_blob_append(mem_ctx, buffer, str, strlen(str))) {
970 talloc_free(str);
971 return NT_STATUS_NO_MEMORY;
972 }
973
974 talloc_free(str);
975 return NT_STATUS_OK;
976 }
977
978 static NTSTATUS http_push_headers(TALLOC_CTX *mem_ctx,
979 DATA_BLOB *blob,
980 struct http_request *req)
981 {
982 struct http_header *header = NULL;
983 char *header_str = NULL;
984 size_t len;
985
986 /* Sanity checks */
987 if (!blob || !req) {
988 DEBUG(0, ("%s: Invalid parameter\n", __func__));
989 return NT_STATUS_INVALID_PARAMETER;
990 }
991
992 for (header = req->headers; header != NULL; header = header->next) {
993 header_str = talloc_asprintf(mem_ctx, "%s: %s\r\n",
994 header->key, header->value);
995 if (header_str == NULL) {
996 return NT_STATUS_NO_MEMORY;
997 }
998
999 len = strlen(header_str);
1000 if (!data_blob_append(mem_ctx, blob, header_str, len)) {
1001 talloc_free(header_str);
1002 return NT_STATUS_NO_MEMORY;
1003 }
1004 talloc_free(header_str);
1005 }
1006
1007 if (!data_blob_append(mem_ctx, blob, "\r\n",2)) {
1008 return NT_STATUS_NO_MEMORY;
1009 }
1010
1011 return NT_STATUS_OK;
1012 }
1013
1014
1015 static NTSTATUS http_push_body(TALLOC_CTX *mem_ctx,
1016 DATA_BLOB *blob,
1017 struct http_request *req)
1018 {
1019 /* Sanity checks */
1020 if (!blob || !req) {
1021 DEBUG(0, ("%s: Invalid parameter\n", __func__));
1022 return NT_STATUS_INVALID_PARAMETER;
1023 }
1024
1025 if (req->body.length) {
1026 if (!data_blob_append(mem_ctx, blob, req->body.data,
1027 req->body.length)) {
1028 return NT_STATUS_NO_MEMORY;
1029 }
1030 }
1031
1032 return NT_STATUS_OK;
1033 }
1034
1035 struct http_send_request_state {
1036 struct tevent_context *ev;
1037 struct loadparm_context *lp_ctx;
1038 struct cli_credentials *credentials;
1039 struct http_request *request;
1040 DATA_BLOB buffer;
1041 struct iovec iov;
1042 ssize_t nwritten;
1043 int sys_errno;
1044 };
1045
1046 /**
1047 * Sends and HTTP request
1048 */
1049 static void http_send_request_done(struct tevent_req *);
1050 struct tevent_req *http_send_request_send(TALLOC_CTX *mem_ctx,
1051 struct tevent_context *ev,
1052 struct http_conn *http_conn,
1053 struct http_request *request)
1054 {
1055 struct tevent_req *req;
1056 struct tevent_req *subreq;
1057 struct http_send_request_state *state = NULL;
1058 NTSTATUS status;
1059
1060 DEBUG(11, ("%s: Sending HTTP request\n", __func__));
1061
1062 /* Sanity checks */
1063 if (ev == NULL || request == NULL || http_conn == NULL) {
1064 DEBUG(0, ("%s: Invalid parameter\n", __func__));
1065 return NULL;
1066 }
1067
1068 req = tevent_req_create(mem_ctx, &state, struct http_send_request_state);
1069 if (req == NULL) {
1070 return NULL;
1071 }
1072
1073 state->ev = ev;
1074 state->request = request;
1075
1076 /* Push the request line */
1077 status = http_push_request_line(state, &state->buffer, state->request);
1078 if (!NT_STATUS_IS_OK(status)) {
1079 tevent_req_nterror(req, status);
1080 return tevent_req_post(req, ev);
1081 }
1082
1083 /* Push the headers */
1084 status = http_push_headers(mem_ctx, &state->buffer, request);
1085 if (!NT_STATUS_IS_OK(status)) {
1086 tevent_req_nterror(req, status);
1087 return tevent_req_post(req, ev);
1088 }
1089
1090 /* Push the body */
1091 status = http_push_body(mem_ctx, &state->buffer, request);
1092 if (!NT_STATUS_IS_OK(status)) {
1093 tevent_req_nterror(req, status);
1094 return tevent_req_post(req, ev);
1095 }
1096
1097 state->iov.iov_base = (char *) state->buffer.data;
1098 state->iov.iov_len = state->buffer.length;
1099 subreq = tstream_writev_queue_send(state,
1100 ev,
1101 http_conn->tstreams.active,
1102 http_conn->send_queue,
1103 &state->iov, 1);
1104 if (tevent_req_nomem(subreq, req)) {
1105 return tevent_req_post(req, ev);
1106 }
1107 tevent_req_set_callback(subreq, http_send_request_done, req);
1108
1109 return req;
1110 }
1111
1112 static void http_send_request_done(struct tevent_req *subreq)
1113 {
1114 NTSTATUS status;
1115 struct tevent_req *req;
1116 struct http_send_request_state *state;
1117
1118 req = tevent_req_callback_data(subreq, struct tevent_req);
1119 state = tevent_req_data(req, struct http_send_request_state);
1120
1121 state->nwritten = tstream_writev_queue_recv(subreq, &state->sys_errno);
1122 TALLOC_FREE(subreq);
1123 if (state->nwritten == -1 && state->sys_errno != 0) {
1124 status = map_nt_error_from_unix_common(state->sys_errno);
1125 DEBUG(0, ("%s: Failed to send HTTP request: %s\n",
1126 __func__, nt_errstr(status)));
1127 tevent_req_nterror(req, status);
1128 return;
1129 }
1130
1131 tevent_req_done(req);
1132 }
1133
1134 NTSTATUS http_send_request_recv(struct tevent_req *req)
1135 {
1136 NTSTATUS status;
1137
1138 if (!req) {
1139 DEBUG(0, ("%s: Invalid parameter\n", __func__));
1140 return NT_STATUS_INVALID_PARAMETER;
1141 }
1142
1143 if (tevent_req_is_nterror(req, &status)) {
1144 tevent_req_received(req);
1145 return status;
1146 }
1147
1148 tevent_req_received(req);
1149
1150 return NT_STATUS_OK;
1151 }
Samba GIT mirror