search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
curl: Introduce concept of getting/putting handles from a common pool
[nbdkit.git] / plugins / curl / curl.c
blob105de29c60cfeeef6d76cbb9b0815518600798f9
1 /* nbdkit
2 * Copyright (C) 2014-2023 Red Hat Inc.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * * Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * * Neither the name of Red Hat nor the names of its contributors may be
16 * used to endorse or promote products derived from this software without
17 * specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
26 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <config.h>
34
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <stdarg.h>
38 #include <stdbool.h>
39 #include <stdint.h>
40 #include <inttypes.h>
41 #include <limits.h>
42 #include <string.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <assert.h>
46
47 #include <curl/curl.h>
48
49 #include <nbdkit-plugin.h>
50
51 #include "cleanup.h"
52
53 #include "curldefs.h"
54
55 /* Plugin configuration. */
56 const char *url = NULL; /* required */
57
58 const char *cainfo = NULL;
59 const char *capath = NULL;
60 char *cookie = NULL;
61 const char *cookiefile = NULL;
62 const char *cookiejar = NULL;
63 const char *cookie_script = NULL;
64 unsigned cookie_script_renew = 0;
65 bool followlocation = true;
66 struct curl_slist *headers = NULL;
67 const char *header_script = NULL;
68 unsigned header_script_renew = 0;
69 char *password = NULL;
70 #ifndef HAVE_CURLOPT_PROTOCOLS_STR
71 long protocols = CURLPROTO_ALL;
72 #else
73 const char *protocols = NULL;
74 #endif
75 const char *proxy = NULL;
76 char *proxy_password = NULL;
77 const char *proxy_user = NULL;
78 bool sslverify = true;
79 const char *ssl_cipher_list = NULL;
80 const char *ssl_version = NULL;
81 const char *tls13_ciphers = NULL;
82 bool tcp_keepalive = false;
83 bool tcp_nodelay = true;
84 uint32_t timeout = 0;
85 const char *unix_socket_path = NULL;
86 const char *user = NULL;
87 const char *user_agent = NULL;
88
89 /* Use '-D curl.verbose=1' to set. */
90 NBDKIT_DLL_PUBLIC int curl_debug_verbose = 0;
91
92 static void
93 curl_load (void)
94 {
95 CURLcode r;
96
97 r = curl_global_init (CURL_GLOBAL_DEFAULT);
98 if (r != CURLE_OK) {
99 nbdkit_error ("libcurl initialization failed: %d", (int) r);
100 exit (EXIT_FAILURE);
101 }
102 }
103
104 static void
105 curl_unload (void)
106 {
107 free (cookie);
108 if (headers)
109 curl_slist_free_all (headers);
110 free (password);
111 free (proxy_password);
112 scripts_unload ();
113 free_all_handles ();
114 curl_global_cleanup ();
115 }
116
117 #ifndef HAVE_CURLOPT_PROTOCOLS_STR
118 /* See <curl/curl.h> */
119 static struct { const char *name; long bitmask; } curl_protocols[] = {
120 { "http", CURLPROTO_HTTP },
121 { "https", CURLPROTO_HTTPS },
122 { "ftp", CURLPROTO_FTP },
123 { "ftps", CURLPROTO_FTPS },
124 { "scp", CURLPROTO_SCP },
125 { "sftp", CURLPROTO_SFTP },
126 { "telnet", CURLPROTO_TELNET },
127 { "ldap", CURLPROTO_LDAP },
128 { "ldaps", CURLPROTO_LDAPS },
129 { "dict", CURLPROTO_DICT },
130 { "file", CURLPROTO_FILE },
131 { "tftp", CURLPROTO_TFTP },
132 { "imap", CURLPROTO_IMAP },
133 { "imaps", CURLPROTO_IMAPS },
134 { "pop3", CURLPROTO_POP3 },
135 { "pop3s", CURLPROTO_POP3S },
136 { "smtp", CURLPROTO_SMTP },
137 { "smtps", CURLPROTO_SMTPS },
138 { "rtsp", CURLPROTO_RTSP },
139 { "rtmp", CURLPROTO_RTMP },
140 { "rtmpt", CURLPROTO_RTMPT },
141 { "rtmpe", CURLPROTO_RTMPE },
142 { "rtmpte", CURLPROTO_RTMPTE },
143 { "rtmps", CURLPROTO_RTMPS },
144 { "rtmpts", CURLPROTO_RTMPTS },
145 { "gopher", CURLPROTO_GOPHER },
146 #ifdef CURLPROTO_SMB
147 { "smb", CURLPROTO_SMB },
148 #endif
149 #ifdef CURLPROTO_SMBS
150 { "smbs", CURLPROTO_SMBS },
151 #endif
152 #ifdef CURLPROTO_MQTT
153 { "mqtt", CURLPROTO_MQTT },
154 #endif
155 { NULL }
156 };
157
158 /* Parse the protocols parameter. */
159 static int
160 parse_protocols (const char *value)
161 {
162 size_t n, i;
163
164 protocols = 0;
165
166 while (*value) {
167 n = strcspn (value, ",");
168 for (i = 0; curl_protocols[i].name != NULL; ++i) {
169 if (strlen (curl_protocols[i].name) == n &&
170 strncmp (value, curl_protocols[i].name, n) == 0) {
171 protocols |= curl_protocols[i].bitmask;
172 goto found;
173 }
174 }
175 nbdkit_error ("protocols: protocol name not found: %.*s", (int) n, value);
176 return -1;
177
178 found:
179 value += n;
180 if (*value == ',')
181 value++;
182 }
183
184 if (protocols == 0) {
185 nbdkit_error ("protocols: empty list of protocols is not allowed");
186 return -1;
187 }
188
189 nbdkit_debug ("curl: protocols: %ld", protocols);
190
191 return 0;
192 }
193 #endif /* !HAVE_CURLOPT_PROTOCOLS_STR */
194
195 /* Called for each key=value passed on the command line. */
196 static int
197 curl_config (const char *key, const char *value)
198 {
199 int r;
200
201 if (strcmp (key, "cainfo") == 0) {
202 cainfo = value;
203 }
204
205 else if (strcmp (key, "capath") == 0) {
206 capath = value;
207 }
208
209 else if (strcmp (key, "cookie") == 0) {
210 free (cookie);
211 if (nbdkit_read_password (value, &cookie) == -1)
212 return -1;
213 }
214
215 else if (strcmp (key, "cookiefile") == 0) {
216 /* Reject cookiefile=- because it will cause libcurl to try to
217 * read from stdin when we connect.
218 */
219 if (strcmp (value, "-") == 0) {
220 nbdkit_error ("cookiefile parameter cannot be \"-\"");
221 return -1;
222 }
223 cookiefile = value;
224 }
225
226 else if (strcmp (key, "cookiejar") == 0) {
227 /* Reject cookiejar=- because it will cause libcurl to try to
228 * write to stdout.
229 */
230 if (strcmp (value, "-") == 0) {
231 nbdkit_error ("cookiejar parameter cannot be \"-\"");
232 return -1;
233 }
234 cookiejar = value;
235 }
236
237 else if (strcmp (key, "cookie-script") == 0) {
238 cookie_script = value;
239 }
240
241 else if (strcmp (key, "cookie-script-renew") == 0) {
242 if (nbdkit_parse_unsigned ("cookie-script-renew", value,
243 &cookie_script_renew) == -1)
244 return -1;
245 }
246
247 else if (strcmp (key, "followlocation") == 0) {
248 r = nbdkit_parse_bool (value);
249 if (r == -1)
250 return -1;
251 followlocation = r;
252 }
253
254 else if (strcmp (key, "header") == 0) {
255 headers = curl_slist_append (headers, value);
256 if (headers == NULL) {
257 nbdkit_error ("curl_slist_append: %m");
258 return -1;
259 }
260 }
261
262 else if (strcmp (key, "header-script") == 0) {
263 header_script = value;
264 }
265
266 else if (strcmp (key, "header-script-renew") == 0) {
267 if (nbdkit_parse_unsigned ("header-script-renew", value,
268 &header_script_renew) == -1)
269 return -1;
270 }
271
272 else if (strcmp (key, "password") == 0) {
273 free (password);
274 if (nbdkit_read_password (value, &password) == -1)
275 return -1;
276 }
277
278 else if (strcmp (key, "protocols") == 0) {
279 #ifndef HAVE_CURLOPT_PROTOCOLS_STR
280 if (parse_protocols (value) == -1)
281 return -1;
282 #else
283 protocols = value;
284 #endif
285 }
286
287 else if (strcmp (key, "proxy") == 0) {
288 proxy = value;
289 }
290
291 else if (strcmp (key, "proxy-password") == 0) {
292 free (proxy_password);
293 if (nbdkit_read_password (value, &proxy_password) == -1)
294 return -1;
295 }
296
297 else if (strcmp (key, "proxy-user") == 0)
298 proxy_user = value;
299
300 else if (strcmp (key, "sslverify") == 0) {
301 r = nbdkit_parse_bool (value);
302 if (r == -1)
303 return -1;
304 sslverify = r;
305 }
306
307 else if (strcmp (key, "ssl-version") == 0)
308 ssl_version = value;
309
310 else if (strcmp (key, "ssl-cipher-list") == 0)
311 ssl_cipher_list = value;
312
313 else if (strcmp (key, "tls13-ciphers") == 0)
314 tls13_ciphers = value;
315
316 else if (strcmp (key, "tcp-keepalive") == 0) {
317 r = nbdkit_parse_bool (value);
318 if (r == -1)
319 return -1;
320 tcp_keepalive = r;
321 }
322
323 else if (strcmp (key, "tcp-nodelay") == 0) {
324 r = nbdkit_parse_bool (value);
325 if (r == -1)
326 return -1;
327 tcp_nodelay = r;
328 }
329
330 else if (strcmp (key, "timeout") == 0) {
331 if (nbdkit_parse_uint32_t ("timeout", value, &timeout) == -1)
332 return -1;
333 #if LONG_MAX < UINT32_MAX
334 /* C17 5.2.4.2.1 requires that LONG_MAX is at least 2^31 - 1.
335 * However a large positive number might still exceed the limit.
336 */
337 if (timeout > LONG_MAX) {
338 nbdkit_error ("timeout is too large");
339 return -1;
340 }
341 #endif
342 }
343
344 else if (strcmp (key, "unix-socket-path") == 0 ||
345 strcmp (key, "unix_socket_path") == 0)
346 unix_socket_path = value;
347
348 else if (strcmp (key, "url") == 0)
349 url = value;
350
351 else if (strcmp (key, "user") == 0)
352 user = value;
353
354 else if (strcmp (key, "user-agent") == 0)
355 user_agent = value;
356
357 else {
358 nbdkit_error ("unknown parameter '%s'", key);
359 return -1;
360 }
361
362 return 0;
363 }
364
365 /* Check the user did pass a url parameter. */
366 static int
367 curl_config_complete (void)
368 {
369 if (url == NULL) {
370 nbdkit_error ("you must supply the url=<URL> parameter "
371 "after the plugin name on the command line");
372 return -1;
373 }
374
375 if (headers && header_script) {
376 nbdkit_error ("header and header-script cannot be used at the same time");
377 return -1;
378 }
379
380 if (!header_script && header_script_renew) {
381 nbdkit_error ("header-script-renew cannot be used without header-script");
382 return -1;
383 }
384
385 if (cookie && cookie_script) {
386 nbdkit_error ("cookie and cookie-script cannot be used at the same time");
387 return -1;
388 }
389
390 if (!cookie_script && cookie_script_renew) {
391 nbdkit_error ("cookie-script-renew cannot be used without cookie-script");
392 return -1;
393 }
394
395 return 0;
396 }
397
398 #define curl_config_help \
399 "cainfo=<CAINFO> Path to Certificate Authority file.\n" \
400 "capath=<CAPATH> Path to directory with CA certificates.\n" \
401 "cookie=<COOKIE> Set HTTP/HTTPS cookies.\n" \
402 "cookiefile= Enable cookie processing.\n" \
403 "cookiefile=<FILENAME> Read cookies from file.\n" \
404 "cookiejar=<FILENAME> Read and write cookies to jar.\n" \
405 "cookie-script=<SCRIPT> Script to set HTTP/HTTPS cookies.\n" \
406 "cookie-script-renew=<SECS> Time to renew HTTP/HTTPS cookies.\n" \
407 "followlocation=false Do not follow redirects.\n" \
408 "header=<HEADER> Set HTTP/HTTPS header.\n" \
409 "header-script=<SCRIPT> Script to set HTTP/HTTPS headers.\n" \
410 "header-script-renew=<SECS> Time to renew HTTP/HTTPS headers.\n" \
411 "password=<PASSWORD> The password for the user account.\n" \
412 "protocols=PROTO,PROTO,.. Limit protocols allowed.\n" \
413 "proxy=<PROXY> Set proxy URL.\n" \
414 "proxy-password=<PASSWORD> The proxy password.\n" \
415 "proxy-user=<USER> The proxy user.\n" \
416 "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \
417 "sslverify=false Do not verify SSL certificate of remote host.\n" \
418 "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \
419 "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \
420 "tls13-ciphers=C1:C2:.. Specify TLS 1.3 cipher suites to be used.\n" \
421 "tcp-keepalive=true Enable TCP keepalives.\n" \
422 "tcp-nodelay=false Disable Nagle’s algorithm.\n" \
423 "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \
424 "url=<URL> (required) The disk image URL to serve.\n" \
425 "user=<USER> The user to log in as.\n" \
426 "user-agent=<USER-AGENT> Send user-agent header for HTTP/HTTPS."
427
428 /* Translate CURLcode to nbdkit_error. */
429 #define display_curl_error(ch, r, fs, ...) \
430 do { \
431 nbdkit_error ((fs ": %s: %s"), ## __VA_ARGS__, \
432 curl_easy_strerror ((r)), (ch)->errbuf); \
433 } while (0)
434
435 /* Create the per-connection handle. */
436 static void *
437 curl_open (int readonly)
438 {
439 struct handle *h;
440
441 h = calloc (1, sizeof *h);
442 if (h == NULL) {
443 nbdkit_error ("calloc: %m");
444 return NULL;
445 }
446 h->readonly = readonly;
447
448 return h;
449 }
450
451 /* Free up the per-connection handle. */
452 static void
453 curl_close (void *handle)
454 {
455 struct handle *h = handle;
456
457 free (h);
458 }
459
460 #define THREAD_MODEL NBDKIT_THREAD_MODEL_SERIALIZE_REQUESTS
461
462 /* Calls get_handle() ... put_handle() to get a handle for the length
463 * of the current scope.
464 */
465 #define GET_HANDLE_FOR_CURRENT_SCOPE(ch) \
466 CLEANUP_PUT_HANDLE struct curl_handle *ch = get_handle ();
467 #define CLEANUP_PUT_HANDLE __attribute__((cleanup (cleanup_put_handle)))
468 static void
469 cleanup_put_handle (void *chp)
470 {
471 struct curl_handle *ch = * (struct curl_handle **) chp;
472
473 if (ch != NULL)
474 put_handle (ch);
475 }
476
477 /* Get the file size. */
478 static int64_t
479 curl_get_size (void *handle)
480 {
481 GET_HANDLE_FOR_CURRENT_SCOPE (ch);
482 if (ch == NULL)
483 return -1;
484
485 return ch->exportsize;
486 }
487
488 /* Multi-conn is safe for read-only connections, but HTTP does not
489 * have any concept of flushing so we cannot use it for read-write
490 * connections.
491 */
492 static int
493 curl_can_multi_conn (void *handle)
494 {
495 struct handle *h = handle;
496
497 return !! h->readonly;
498 }
499
500 /* Read data from the remote server. */
501 static int
502 curl_pread (void *handle, void *buf, uint32_t count, uint64_t offset)
503 {
504 CURLcode r;
505 char range[128];
506
507 GET_HANDLE_FOR_CURRENT_SCOPE (ch);
508 if (ch == NULL)
509 return -1;
510
511 /* Run the scripts if necessary and set headers in the handle. */
512 if (do_scripts (ch) == -1) return -1;
513
514 /* Tell the write_cb where we want the data to be written. write_cb
515 * will update this if the data comes in multiple sections.
516 */
517 ch->write_buf = buf;
518 ch->write_count = count;
519
520 curl_easy_setopt (ch->c, CURLOPT_HTTPGET, 1L);
521
522 /* Make an HTTP range request. */
523 snprintf (range, sizeof range, "%" PRIu64 "-%" PRIu64,
524 offset, offset + count);
525 curl_easy_setopt (ch->c, CURLOPT_RANGE, range);
526
527 /* The assumption here is that curl will look after timeouts. */
528 r = curl_easy_perform (ch->c);
529 if (r != CURLE_OK) {
530 display_curl_error (ch, r, "pread: curl_easy_perform");
531 return -1;
532 }
533
534 /* Could use curl_easy_getinfo here to obtain further information
535 * about the connection.
536 */
537
538 /* As far as I understand the cURL API, this should never happen. */
539 assert (ch->write_count == 0);
540
541 return 0;
542 }
543
544 /* Write data to the remote server. */
545 static int
546 curl_pwrite (void *handle, const void *buf, uint32_t count, uint64_t offset)
547 {
548 CURLcode r;
549 char range[128];
550
551 GET_HANDLE_FOR_CURRENT_SCOPE (ch);
552 if (ch == NULL)
553 return -1;
554
555 /* Run the scripts if necessary and set headers in the handle. */
556 if (do_scripts (ch) == -1) return -1;
557
558 /* Tell the read_cb where we want the data to be read from. read_cb
559 * will update this if the data comes in multiple sections.
560 */
561 ch->read_buf = buf;
562 ch->read_count = count;
563
564 curl_easy_setopt (ch->c, CURLOPT_UPLOAD, 1L);
565
566 /* Make an HTTP range request. */
567 snprintf (range, sizeof range, "%" PRIu64 "-%" PRIu64,
568 offset, offset + count);
569 curl_easy_setopt (ch->c, CURLOPT_RANGE, range);
570
571 /* The assumption here is that curl will look after timeouts. */
572 r = curl_easy_perform (ch->c);
573 if (r != CURLE_OK) {
574 display_curl_error (ch, r, "pwrite: curl_easy_perform");
575 return -1;
576 }
577
578 /* Could use curl_easy_getinfo here to obtain further information
579 * about the connection.
580 */
581
582 /* As far as I understand the cURL API, this should never happen. */
583 assert (ch->read_count == 0);
584
585 return 0;
586 }
587
588 static struct nbdkit_plugin plugin = {
589 .name = "curl",
590 .version = PACKAGE_VERSION,
591 .load = curl_load,
592 .unload = curl_unload,
593 .config = curl_config,
594 .config_complete = curl_config_complete,
595 .config_help = curl_config_help,
596 .magic_config_key = "url",
597 .open = curl_open,
598 .close = curl_close,
599 .get_size = curl_get_size,
600 .can_multi_conn = curl_can_multi_conn,
601 .pread = curl_pread,
602 .pwrite = curl_pwrite,
603 };
604
605 NBDKIT_REGISTER_PLUGIN(plugin)
Liberally-licensed kit for writing user-space NBD servers