search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
http: ignore superfluous WWW-Authenticate headers
[siplcs.git] / src / core / sipe-http-request.c
blobae3b865baa04fcc763ad3a95310f360093cbea49
1 /**
2 * @file sipe-http-request.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * SIPE HTTP request layer implementation
25 *
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <string.h>
39
40 #include <glib.h>
41
42 #include "sipmsg.h"
43 #include "sip-sec.h"
44 #include "sipe-backend.h"
45 #include "sipe-core.h"
46 #include "sipe-core-private.h"
47 #include "sipe-http.h"
48
49 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
50 #include "sipe-http-request.h"
51 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
52 #include "sipe-http-transport.h"
53
54 struct sipe_http_session {
55 gchar *cookie; /* extremely simplistic cookie jar :-) */
56 };
57
58 struct sipe_http_request {
59 struct sipe_http_connection_public *connection;
60
61 struct sipe_http_session *session;
62
63 gchar *path;
64 gchar *headers;
65 gchar *body; /* NULL for GET */
66 gchar *content_type; /* NULL if body == NULL */
67 gchar *authorization;
68
69 const gchar *domain; /* not copied */
70 const gchar *user; /* not copied */
71 const gchar *password; /* not copied */
72
73 sipe_http_response_callback *cb;
74 gpointer cb_data;
75
76 guint32 flags;
77 };
78
79 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
80 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
81 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
82
83 static void sipe_http_request_free(struct sipe_core_private *sipe_private,
84 struct sipe_http_request *req,
85 guint status)
86 {
87 if (req->cb)
88 /* Callback: aborted/failed/cancelled */
89 (*req->cb)(sipe_private,
90 status,
91 NULL,
92 NULL,
93 req->cb_data);
94 g_free(req->path);
95 g_free(req->headers);
96 g_free(req->body);
97 g_free(req->content_type);
98 g_free(req->authorization);
99 g_free(req);
100 }
101
102 static void sipe_http_request_send(struct sipe_http_connection_public *conn_public)
103 {
104 struct sipe_http_request *req = conn_public->pending_requests->data;
105 gchar *header;
106 gchar *content = NULL;
107 gchar *cookie = NULL;
108
109 if (req->body)
110 content = g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT "\r\n"
111 "Content-Type: %s\r\n",
112 strlen(req->body),
113 req->content_type);
114
115 if (req->session && req->session->cookie)
116 cookie = g_strdup_printf("Cookie: %s\r\n", req->session->cookie);
117
118 header = g_strdup_printf("%s /%s HTTP/1.1\r\n"
119 "Host: %s\r\n"
120 "User-Agent: Sipe/" PACKAGE_VERSION "\r\n"
121 "%s%s%s%s",
122 content ? "POST" : "GET",
123 req->path,
124 conn_public->host,
125 conn_public->cached_authorization ? conn_public->cached_authorization :
126 req->authorization ? req->authorization : "",
127 req->headers ? req->headers : "",
128 cookie ? cookie : "",
129 content ? content : "");
130 g_free(cookie);
131 g_free(content);
132
133 /* only use authorization once */
134 g_free(req->authorization);
135 req->authorization = NULL;
136
137 sipe_http_transport_send(conn_public,
138 header,
139 req->body);
140 g_free(header);
141 }
142
143 gboolean sipe_http_request_pending(struct sipe_http_connection_public *conn_public)
144 {
145 return(conn_public->pending_requests != NULL);
146 }
147
148 void sipe_http_request_next(struct sipe_http_connection_public *conn_public)
149 {
150 sipe_http_request_send(conn_public);
151 }
152
153 static void sipe_http_request_enqueue(struct sipe_core_private *sipe_private,
154 struct sipe_http_request *req,
155 const struct sipe_http_parsed_uri *parsed_uri)
156 {
157 struct sipe_http_connection_public *conn_public;
158
159 req->path = g_strdup(parsed_uri->path);
160 req->connection = conn_public = sipe_http_transport_new(sipe_private,
161 parsed_uri->host,
162 parsed_uri->port,
163 parsed_uri->tls);
164 if (!sipe_http_request_pending(conn_public))
165 req->flags |= SIPE_HTTP_REQUEST_FLAG_FIRST;
166
167 conn_public->pending_requests = g_slist_append(conn_public->pending_requests,
168 req);
169 }
170
171 static void sipe_http_request_drop_context(struct sipe_http_connection_public *conn_public)
172 {
173 g_free(conn_public->cached_authorization);
174 conn_public->cached_authorization = NULL;
175 sip_sec_destroy_context(conn_public->context);
176 conn_public->context = NULL;
177 }
178
179 static void sipe_http_request_finalize_negotiate(struct sipe_http_request *req,
180 struct sipmsg *msg)
181 {
182 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
183 /*
184 * Negotiate can send a final package in the successful response.
185 * We need to forward this to the context or otherwise it will
186 * never reach the ready state.
187 */
188 struct sipe_http_connection_public *conn_public = req->connection;
189
190 if (sip_sec_context_type(conn_public->context) == SIPE_AUTHENTICATION_TYPE_NEGOTIATE) {
191 const gchar *header = sipmsg_find_auth_header(msg, "Negotiate");
192
193 if (header) {
194 gchar **parts = g_strsplit(header, " ", 0);
195 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
196 gchar *token;
197
198 SIPE_DEBUG_INFO("sipe_http_request_finalize_negotiate: init context target '%s' token '%s'",
199 spn, parts[1] ? parts[1] : "<NULL>");
200
201 if (sip_sec_init_context_step(conn_public->context,
202 spn,
203 parts[1],
204 &token,
205 NULL)) {
206 g_free(token);
207 } else {
208 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_finalize_negotiate: security context init step failed, throwing away context");
209 sipe_http_request_drop_context(conn_public);
210 }
211
212 g_free(spn);
213 g_strfreev(parts);
214 }
215 }
216 #else
217 (void) req; /* keep compiler happy */
218 (void) msg; /* keep compiler happy */
219 #endif
220 }
221
222
223 /* TRUE indicates failure */
224 static gboolean sipe_http_request_response_redirection(struct sipe_core_private *sipe_private,
225 struct sipe_http_request *req,
226 struct sipmsg *msg)
227 {
228 const gchar *location = sipmsg_find_header(msg, "Location");
229 gboolean failed = TRUE;
230
231 sipe_http_request_finalize_negotiate(req, msg);
232
233 if (location) {
234 struct sipe_http_parsed_uri *parsed_uri = sipe_http_parse_uri(location);
235
236 if (parsed_uri) {
237 /* remove request from old connection */
238 struct sipe_http_connection_public *conn_public = req->connection;
239 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
240 req);
241
242 /* free old request data */
243 g_free(req->path);
244 req->flags &= ~SIPE_HTTP_REQUEST_FLAG_FIRST;
245
246 /* resubmit request on other connection */
247 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
248 failed = FALSE;
249
250 sipe_http_parsed_uri_free(parsed_uri);
251 } else
252 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
253 location);
254 } else
255 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
256
257 return(failed);
258 }
259
260 /* TRUE indicates failure */
261 static gboolean sipe_http_request_response_unauthorized(struct sipe_core_private *sipe_private,
262 struct sipe_http_request *req,
263 struct sipmsg *msg)
264 {
265 struct sipe_http_connection_public *conn_public = req->connection;
266 const gchar *header = NULL;
267 guint type;
268 gboolean failed = TRUE;
269
270 /*
271 * There are some buggy HTTP servers out there that add superfluous
272 * WWW-Authenticate: headers during the authentication handshake.
273 * Look only for the header of the active security context.
274 */
275 if (conn_public->context &&
276 ((header = sipmsg_find_auth_header(msg,
277 sip_sec_context_name(conn_public->context)))
278 != NULL)) {
279 type = sip_sec_context_type(conn_public->context);
280
281 } else {
282 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
283 #define DEBUG_STRING ", NTLM and Negotiate"
284 /* Use "Negotiate" unless the user requested "NTLM" */
285 if (sipe_private->authentication_type != SIPE_AUTHENTICATION_TYPE_NTLM)
286 header = sipmsg_find_auth_header(msg, "Negotiate");
287 if (header) {
288 type = SIPE_AUTHENTICATION_TYPE_NEGOTIATE;
289 } else
290 #else
291 #define DEBUG_STRING " and NTLM"
292 (void) sipe_private; /* keep compiler happy */
293 #endif
294 {
295 header = sipmsg_find_auth_header(msg, "NTLM");
296 type = SIPE_AUTHENTICATION_TYPE_NTLM;
297 }
298
299 /* only fall back to "Basic" after everything else fails */
300 if (!header) {
301 header = sipmsg_find_auth_header(msg, "Basic");
302 type = SIPE_AUTHENTICATION_TYPE_BASIC;
303 }
304 }
305
306 if (header) {
307 if (!conn_public->context) {
308 gboolean valid = req->flags & SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
309 conn_public->context = sip_sec_create_context(type,
310 !valid, /* Single Sign-On flag */
311 TRUE, /* connection-based for HTTP */
312 valid ? req->domain : NULL,
313 valid ? req->user : NULL,
314 valid ? req->password : NULL);
315 }
316
317
318 if (conn_public->context) {
319 gchar **parts = g_strsplit(header, " ", 0);
320 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
321 gchar *token;
322
323 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
324 spn, parts[1] ? parts[1] : "<NULL>");
325
326 if (sip_sec_init_context_step(conn_public->context,
327 spn,
328 parts[1],
329 &token,
330 NULL)) {
331
332 /* generate authorization header */
333 req->authorization = g_strdup_printf("Authorization: %s %s\r\n",
334 sip_sec_context_name(conn_public->context),
335 token ? token : "");
336 g_free(token);
337
338 /*
339 * authorization never changes for Basic
340 * authentication scheme, so we can keep it.
341 */
342 if (type == SIPE_AUTHENTICATION_TYPE_BASIC) {
343 g_free(conn_public->cached_authorization);
344 conn_public->cached_authorization = g_strdup(req->authorization);
345 }
346
347 /*
348 * Keep the request in the queue. As it is at
349 * the head it will be pulled automatically
350 * by the transport layer after returning.
351 */
352 failed = FALSE;
353
354 } else {
355 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed, throwing away context");
356 sipe_http_request_drop_context(conn_public);
357 }
358
359 g_free(spn);
360 g_strfreev(parts);
361 } else
362 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
363 } else
364 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only Basic" DEBUG_STRING " authentication schemes are supported");
365
366 return(failed);
367 }
368
369 static void sipe_http_request_response_callback(struct sipe_core_private *sipe_private,
370 struct sipe_http_request *req,
371 struct sipmsg *msg)
372 {
373 const gchar *hdr;
374
375 sipe_http_request_finalize_negotiate(req, msg);
376
377 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
378 if (req->session &&
379 ((hdr = sipmsg_find_header(msg, "Set-Cookie")) != NULL)) {
380 gchar **parts, **current;
381 const gchar *part;
382 gchar *new = NULL;
383
384 g_free(req->session->cookie);
385 req->session->cookie = NULL;
386
387 current = parts = g_strsplit(hdr, ";", 0);
388 while ((part = *current++) != NULL) {
389 /* strip these parts from cookie */
390 if (!(strstr(part, "path=") ||
391 strstr(part, "domain=") ||
392 strstr(part, "expires=") ||
393 strstr(part, "secure"))) {
394 gchar *tmp = new;
395 new = new ?
396 g_strconcat(new, ";", part, NULL) :
397 g_strdup(part);
398 g_free(tmp);
399 }
400 }
401 g_strfreev(parts);
402
403 if (new) {
404 req->session->cookie = new;
405 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
406 }
407 }
408
409 /* Callback: success */
410 (*req->cb)(sipe_private,
411 msg->response,
412 msg->headers,
413 msg->body,
414 req->cb_data);
415
416 /* remove completed request */
417 sipe_http_request_cancel(req);
418 }
419
420 void sipe_http_request_response(struct sipe_http_connection_public *conn_public,
421 struct sipmsg *msg)
422 {
423 struct sipe_core_private *sipe_private = conn_public->sipe_private;
424 struct sipe_http_request *req = conn_public->pending_requests->data;
425 gboolean failed;
426
427 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_REDIRECT) &&
428 (msg->response >= SIPE_HTTP_STATUS_REDIRECTION) &&
429 (msg->response < SIPE_HTTP_STATUS_CLIENT_ERROR)) {
430 failed = sipe_http_request_response_redirection(sipe_private,
431 req,
432 msg);
433
434 } else if (msg->response == SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED) {
435 failed = sipe_http_request_response_unauthorized(sipe_private,
436 req,
437 msg);
438
439 } else {
440 /* On some errors throw away the security context */
441 if (((msg->response == SIPE_HTTP_STATUS_CLIENT_FORBIDDEN) ||
442 (msg->response == SIPE_HTTP_STATUS_CLIENT_PROXY_AUTH) ||
443 (msg->response >= SIPE_HTTP_STATUS_SERVER_ERROR)) &&
444 conn_public->context) {
445 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
446 msg->response);
447 sipe_http_request_drop_context(conn_public);
448 }
449
450 /* All other cases are passed on to the user */
451 sipe_http_request_response_callback(sipe_private, req, msg);
452
453 /* req is no longer valid */
454 failed = FALSE;
455 }
456
457 if (failed) {
458 /* Callback: request failed */
459 (*req->cb)(sipe_private,
460 SIPE_HTTP_STATUS_FAILED,
461 NULL,
462 NULL,
463 req->cb_data);
464
465 /* remove failed request */
466 sipe_http_request_cancel(req);
467 }
468 }
469
470 void sipe_http_request_shutdown(struct sipe_http_connection_public *conn_public,
471 gboolean abort)
472 {
473 if (conn_public->pending_requests) {
474 GSList *entry = conn_public->pending_requests;
475 while (entry) {
476 sipe_http_request_free(conn_public->sipe_private,
477 entry->data,
478 abort ?
479 SIPE_HTTP_STATUS_ABORTED :
480 SIPE_HTTP_STATUS_FAILED);
481 entry = entry->next;
482 }
483 g_slist_free(conn_public->pending_requests);
484 conn_public->pending_requests = NULL;
485 }
486
487 if (conn_public->context) {
488 g_free(conn_public->cached_authorization);
489 conn_public->cached_authorization = NULL;
490 sip_sec_destroy_context(conn_public->context);
491 conn_public->context = NULL;
492 }
493 }
494
495 struct sipe_http_request *sipe_http_request_new(struct sipe_core_private *sipe_private,
496 const struct sipe_http_parsed_uri *parsed_uri,
497 const gchar *headers,
498 const gchar *body,
499 const gchar *content_type,
500 sipe_http_response_callback *callback,
501 gpointer callback_data)
502 {
503 struct sipe_http_request *req;
504 if (!parsed_uri)
505 return(NULL);
506 if (sipe_http_shutting_down(sipe_private)) {
507 SIPE_DEBUG_ERROR("sipe_http_request_new: new HTTP request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
508 "Host: %s\n"
509 "Port: %d\n"
510 "Path: %s\n"
511 "Headers: %s\n"
512 "Body: %s\n",
513 parsed_uri->host,
514 parsed_uri->port,
515 parsed_uri->path,
516 headers ? headers : "<NONE>",
517 body ? body : "<EMPTY>");
518 return(NULL);
519 }
520
521 req = g_new0(struct sipe_http_request, 1);
522 req->flags = 0;
523 req->cb = callback;
524 req->cb_data = callback_data;
525 if (headers)
526 req->headers = g_strdup(headers);
527 if (body) {
528 req->body = g_strdup(body);
529 req->content_type = g_strdup(content_type);
530 }
531
532 /* default authentication */
533 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO))
534 sipe_http_request_authentication(req,
535 sipe_private->authdomain,
536 sipe_private->authuser,
537 sipe_private->password);
538
539 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
540
541 return(req);
542 }
543
544 void sipe_http_request_ready(struct sipe_http_request *request)
545 {
546 struct sipe_http_connection_public *conn_public = request->connection;
547
548 /* pass first request on already opened connection through directly */
549 if ((request->flags & SIPE_HTTP_REQUEST_FLAG_FIRST) &&
550 conn_public->connected)
551 sipe_http_request_send(conn_public);
552 }
553
554 struct sipe_http_session *sipe_http_session_start(void)
555 {
556 return(g_new0(struct sipe_http_session, 1));
557 }
558
559 void sipe_http_session_close(struct sipe_http_session *session)
560 {
561 if (session) {
562 g_free(session->cookie);
563 g_free(session);
564 }
565 }
566
567 void sipe_http_request_cancel(struct sipe_http_request *request)
568 {
569 struct sipe_http_connection_public *conn_public = request->connection;
570 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
571 request);
572
573 /* cancelled by requester, don't use callback */
574 request->cb = NULL;
575
576 sipe_http_request_free(conn_public->sipe_private,
577 request,
578 SIPE_HTTP_STATUS_CANCELLED);
579 }
580
581 void sipe_http_request_session(struct sipe_http_request *request,
582 struct sipe_http_session *session)
583 {
584 request->session = session;
585 }
586
587 void sipe_http_request_allow_redirect(struct sipe_http_request *request)
588 {
589 request->flags |= SIPE_HTTP_REQUEST_FLAG_REDIRECT;
590 }
591
592 void sipe_http_request_authentication(struct sipe_http_request *request,
593 const gchar *domain,
594 const gchar *user,
595 const gchar *password)
596 {
597 request->flags |= SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
598 request->domain = domain;
599 request->user = user;
600 request->password = password;
601 }
602
603 /*
604 Local Variables:
605 mode: c
606 c-file-style: "bsd"
607 indent-tabs-mode: t
608 tab-width: 8
609 End:
610 */
A third-party Pidgin plugin for Microsoft LCS/OCS