2 * @file sipe-http-request.c
6 * Copyright (C) 2013-2015 SIPE Project <http://sipe.sourceforge.net/>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 * SIPE HTTP request layer implementation
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
44 #include "sipe-backend.h"
45 #include "sipe-core.h"
46 #include "sipe-core-private.h"
47 #include "sipe-http.h"
49 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
50 #include "sipe-http-request.h"
51 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
52 #include "sipe-http-transport.h"
54 struct sipe_http_session
{
55 gchar
*cookie
; /* extremely simplistic cookie jar :-) */
58 struct sipe_http_request
{
59 struct sipe_http_connection_public
*connection
;
61 struct sipe_http_session
*session
;
65 gchar
*body
; /* NULL for GET */
66 gchar
*content_type
; /* NULL if body == NULL */
69 const gchar
*user
; /* not copied */
70 const gchar
*password
; /* not copied */
72 sipe_http_response_callback
*cb
;
78 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
79 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
80 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
81 #define SIPE_HTTP_REQUEST_FLAG_HANDSHAKE 0x00000008
83 static void sipe_http_request_free(struct sipe_core_private
*sipe_private
,
84 struct sipe_http_request
*req
,
88 /* Callback: aborted/failed/cancelled */
89 (*req
->cb
)(sipe_private
,
97 g_free(req
->content_type
);
98 g_free(req
->authorization
);
102 static void sipe_http_request_send(struct sipe_http_connection_public
*conn_public
)
104 struct sipe_http_request
*req
= conn_public
->pending_requests
->data
;
106 gchar
*content
= NULL
;
107 gchar
*cookie
= NULL
;
110 content
= g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT
"\r\n"
111 "Content-Type: %s\r\n",
115 if (req
->session
&& req
->session
->cookie
)
116 cookie
= g_strdup_printf("Cookie: %s\r\n", req
->session
->cookie
);
118 header
= g_strdup_printf("%s /%s HTTP/1.1\r\n"
120 "User-Agent: Sipe/" PACKAGE_VERSION
"\r\n"
122 content
? "POST" : "GET",
125 conn_public
->cached_authorization
? conn_public
->cached_authorization
:
126 req
->authorization
? req
->authorization
: "",
127 req
->headers
? req
->headers
: "",
128 cookie
? cookie
: "",
129 content
? content
: "");
133 /* only use authorization once */
134 g_free(req
->authorization
);
135 req
->authorization
= NULL
;
137 sipe_http_transport_send(conn_public
,
143 gboolean
sipe_http_request_pending(struct sipe_http_connection_public
*conn_public
)
145 return(conn_public
->pending_requests
!= NULL
);
148 void sipe_http_request_next(struct sipe_http_connection_public
*conn_public
)
150 sipe_http_request_send(conn_public
);
153 static void sipe_http_request_enqueue(struct sipe_core_private
*sipe_private
,
154 struct sipe_http_request
*req
,
155 const struct sipe_http_parsed_uri
*parsed_uri
)
157 struct sipe_http_connection_public
*conn_public
;
159 req
->path
= g_strdup(parsed_uri
->path
);
160 req
->connection
= conn_public
= sipe_http_transport_new(sipe_private
,
164 if (!sipe_http_request_pending(conn_public
))
165 req
->flags
|= SIPE_HTTP_REQUEST_FLAG_FIRST
;
167 conn_public
->pending_requests
= g_slist_append(conn_public
->pending_requests
,
171 static void sipe_http_request_drop_context(struct sipe_http_connection_public
*conn_public
)
173 g_free(conn_public
->cached_authorization
);
174 conn_public
->cached_authorization
= NULL
;
175 sip_sec_destroy_context(conn_public
->context
);
176 conn_public
->context
= NULL
;
179 static void sipe_http_request_finalize_negotiate(struct sipe_http_request
*req
,
182 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
184 * Negotiate can send a final package in the successful response.
185 * We need to forward this to the context or otherwise it will
186 * never reach the ready state.
188 struct sipe_http_connection_public
*conn_public
= req
->connection
;
190 if (sip_sec_context_type(conn_public
->context
) == SIPE_AUTHENTICATION_TYPE_NEGOTIATE
) {
191 const gchar
*header
= sipmsg_find_auth_header(msg
, "Negotiate");
194 gchar
**parts
= g_strsplit(header
, " ", 0);
195 gchar
*spn
= g_strdup_printf("HTTP/%s", conn_public
->host
);
198 SIPE_DEBUG_INFO("sipe_http_request_finalize_negotiate: init context target '%s' token '%s'",
199 spn
, parts
[1] ? parts
[1] : "<NULL>");
201 if (sip_sec_init_context_step(conn_public
->context
,
208 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_finalize_negotiate: security context init step failed, throwing away context");
209 sipe_http_request_drop_context(conn_public
);
217 (void) req
; /* keep compiler happy */
218 (void) msg
; /* keep compiler happy */
223 /* TRUE indicates failure */
224 static gboolean
sipe_http_request_response_redirection(struct sipe_core_private
*sipe_private
,
225 struct sipe_http_request
*req
,
228 const gchar
*location
= sipmsg_find_header(msg
, "Location");
229 gboolean failed
= TRUE
;
231 sipe_http_request_finalize_negotiate(req
, msg
);
234 struct sipe_http_parsed_uri
*parsed_uri
= sipe_http_parse_uri(location
);
237 /* remove request from old connection */
238 struct sipe_http_connection_public
*conn_public
= req
->connection
;
239 conn_public
->pending_requests
= g_slist_remove(conn_public
->pending_requests
,
242 /* free old request data */
244 req
->flags
&= ~( SIPE_HTTP_REQUEST_FLAG_FIRST
|
245 SIPE_HTTP_REQUEST_FLAG_HANDSHAKE
);
247 /* resubmit request on other connection */
248 sipe_http_request_enqueue(sipe_private
, req
, parsed_uri
);
251 sipe_http_parsed_uri_free(parsed_uri
);
253 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
256 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
261 /* TRUE indicates failure */
262 static gboolean
sipe_http_request_response_unauthorized(struct sipe_core_private
*sipe_private
,
263 struct sipe_http_request
*req
,
266 struct sipe_http_connection_public
*conn_public
= req
->connection
;
267 const gchar
*header
= NULL
;
269 gboolean failed
= TRUE
;
272 * There are some buggy HTTP servers out there that add superfluous
273 * WWW-Authenticate: headers during the authentication handshake.
274 * Look only for the header of the active security context.
276 if (conn_public
->context
) {
277 const gchar
*name
= sip_sec_context_name(conn_public
->context
);
279 header
= sipmsg_find_auth_header(msg
, name
);
280 type
= sip_sec_context_type(conn_public
->context
);
283 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: expected authentication scheme %s not found",
288 if (conn_public
->cached_authorization
) {
290 * The "Basic" scheme doesn't have any state.
292 * If we enter here then we have already tried "Basic"
293 * authentication once for this request and it was
294 * rejected by the server. As all future requests will
295 * also be rejected, we need to abort here in order to
296 * prevent an endless request/401/request/... loop.
298 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: Basic authentication has failed for host '%s', please check user name and password!",
304 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
305 #define DEBUG_STRING ", NTLM and Negotiate"
306 /* Use "Negotiate" unless the user requested "NTLM" */
307 if (sipe_private
->authentication_type
!= SIPE_AUTHENTICATION_TYPE_NTLM
)
308 header
= sipmsg_find_auth_header(msg
, "Negotiate");
310 type
= SIPE_AUTHENTICATION_TYPE_NEGOTIATE
;
313 #define DEBUG_STRING " and NTLM"
314 (void) sipe_private
; /* keep compiler happy */
317 header
= sipmsg_find_auth_header(msg
, "NTLM");
318 type
= SIPE_AUTHENTICATION_TYPE_NTLM
;
321 /* only fall back to "Basic" after everything else fails */
323 header
= sipmsg_find_auth_header(msg
, "Basic");
324 type
= SIPE_AUTHENTICATION_TYPE_BASIC
;
329 if (!conn_public
->context
) {
330 gboolean valid
= req
->flags
& SIPE_HTTP_REQUEST_FLAG_AUTHDATA
;
331 conn_public
->context
= sip_sec_create_context(type
,
332 !valid
, /* Single Sign-On flag */
333 TRUE
, /* connection-based for HTTP */
334 valid
? req
->user
: NULL
,
335 valid
? req
->password
: NULL
);
338 if (conn_public
->context
) {
339 gchar
**parts
= g_strsplit(header
, " ", 0);
340 gchar
*spn
= g_strdup_printf("HTTP/%s", conn_public
->host
);
342 const gchar
*token_in
= parts
[1];
344 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
345 spn
, token_in
? token_in
: "<NULL>");
348 * If we receive a NULL token during the handshake
349 * then the authentication scheme has failed.
351 if ((req
->flags
& SIPE_HTTP_REQUEST_FLAG_HANDSHAKE
) &&
353 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: authentication failed, throwing away context");
354 sipe_http_request_drop_context(conn_public
);
356 } else if (sip_sec_init_context_step(conn_public
->context
,
362 /* handshake has started */
363 req
->flags
|= SIPE_HTTP_REQUEST_FLAG_HANDSHAKE
;
365 /* generate authorization header */
366 req
->authorization
= g_strdup_printf("Authorization: %s %s\r\n",
367 sip_sec_context_name(conn_public
->context
),
368 token_out
? token_out
: "");
372 * authorization never changes for Basic
373 * authentication scheme, so we can keep it.
375 if (type
== SIPE_AUTHENTICATION_TYPE_BASIC
) {
376 g_free(conn_public
->cached_authorization
);
377 conn_public
->cached_authorization
= g_strdup(req
->authorization
);
381 * Keep the request in the queue. As it is at
382 * the head it will be pulled automatically
383 * by the transport layer after returning.
388 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed, throwing away context");
389 sipe_http_request_drop_context(conn_public
);
395 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
397 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only Basic" DEBUG_STRING
" authentication schemes are supported");
402 static void sipe_http_request_response_callback(struct sipe_core_private
*sipe_private
,
403 struct sipe_http_request
*req
,
408 sipe_http_request_finalize_negotiate(req
, msg
);
410 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
412 ((hdr
= sipmsg_find_header(msg
, "Set-Cookie")) != NULL
)) {
413 gchar
**parts
, **current
;
417 g_free(req
->session
->cookie
);
418 req
->session
->cookie
= NULL
;
420 current
= parts
= g_strsplit(hdr
, ";", 0);
421 while ((part
= *current
++) != NULL
) {
422 /* strip these parts from cookie */
423 if (!(strstr(part
, "path=") ||
424 strstr(part
, "domain=") ||
425 strstr(part
, "expires=") ||
426 strstr(part
, "secure"))) {
429 g_strconcat(new, ";", part
, NULL
) :
437 req
->session
->cookie
= new;
438 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
442 /* Callback: success */
443 (*req
->cb
)(sipe_private
,
449 /* remove completed request */
450 sipe_http_request_cancel(req
);
453 void sipe_http_request_response(struct sipe_http_connection_public
*conn_public
,
456 struct sipe_core_private
*sipe_private
= conn_public
->sipe_private
;
457 struct sipe_http_request
*req
= conn_public
->pending_requests
->data
;
460 if ((req
->flags
& SIPE_HTTP_REQUEST_FLAG_REDIRECT
) &&
461 (msg
->response
>= SIPE_HTTP_STATUS_REDIRECTION
) &&
462 (msg
->response
< SIPE_HTTP_STATUS_CLIENT_ERROR
)) {
463 failed
= sipe_http_request_response_redirection(sipe_private
,
467 } else if (msg
->response
== SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED
) {
468 failed
= sipe_http_request_response_unauthorized(sipe_private
,
473 /* On some errors throw away the security context */
474 if (((msg
->response
== SIPE_HTTP_STATUS_CLIENT_FORBIDDEN
) ||
475 (msg
->response
== SIPE_HTTP_STATUS_CLIENT_PROXY_AUTH
) ||
476 (msg
->response
>= SIPE_HTTP_STATUS_SERVER_ERROR
)) &&
477 conn_public
->context
) {
478 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
480 sipe_http_request_drop_context(conn_public
);
483 /* All other cases are passed on to the user */
484 sipe_http_request_response_callback(sipe_private
, req
, msg
);
486 /* req is no longer valid */
491 /* Callback: request failed */
492 (*req
->cb
)(sipe_private
,
493 SIPE_HTTP_STATUS_FAILED
,
498 /* remove failed request */
499 sipe_http_request_cancel(req
);
503 void sipe_http_request_shutdown(struct sipe_http_connection_public
*conn_public
,
506 if (conn_public
->pending_requests
) {
507 GSList
*entry
= conn_public
->pending_requests
;
509 sipe_http_request_free(conn_public
->sipe_private
,
512 SIPE_HTTP_STATUS_ABORTED
:
513 SIPE_HTTP_STATUS_FAILED
);
516 g_slist_free(conn_public
->pending_requests
);
517 conn_public
->pending_requests
= NULL
;
520 if (conn_public
->context
) {
521 g_free(conn_public
->cached_authorization
);
522 conn_public
->cached_authorization
= NULL
;
523 sip_sec_destroy_context(conn_public
->context
);
524 conn_public
->context
= NULL
;
528 struct sipe_http_request
*sipe_http_request_new(struct sipe_core_private
*sipe_private
,
529 const struct sipe_http_parsed_uri
*parsed_uri
,
530 const gchar
*headers
,
532 const gchar
*content_type
,
533 sipe_http_response_callback
*callback
,
534 gpointer callback_data
)
536 struct sipe_http_request
*req
;
539 if (sipe_http_shutting_down(sipe_private
)) {
540 SIPE_DEBUG_ERROR("sipe_http_request_new: new HTTP request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
549 headers
? headers
: "<NONE>",
550 body
? body
: "<EMPTY>");
554 req
= g_new0(struct sipe_http_request
, 1);
557 req
->cb_data
= callback_data
;
559 req
->headers
= g_strdup(headers
);
561 req
->body
= g_strdup(body
);
562 req
->content_type
= g_strdup(content_type
);
565 /* default authentication */
566 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO
))
567 sipe_http_request_authentication(req
,
568 sipe_private
->authuser
,
569 sipe_private
->password
);
571 sipe_http_request_enqueue(sipe_private
, req
, parsed_uri
);
576 void sipe_http_request_ready(struct sipe_http_request
*request
)
578 struct sipe_http_connection_public
*conn_public
= request
->connection
;
580 /* pass first request on already opened connection through directly */
581 if ((request
->flags
& SIPE_HTTP_REQUEST_FLAG_FIRST
) &&
582 conn_public
->connected
)
583 sipe_http_request_send(conn_public
);
586 struct sipe_http_session
*sipe_http_session_start(void)
588 return(g_new0(struct sipe_http_session
, 1));
591 void sipe_http_session_close(struct sipe_http_session
*session
)
594 g_free(session
->cookie
);
599 void sipe_http_request_cancel(struct sipe_http_request
*request
)
601 struct sipe_http_connection_public
*conn_public
= request
->connection
;
602 conn_public
->pending_requests
= g_slist_remove(conn_public
->pending_requests
,
605 /* cancelled by requester, don't use callback */
608 sipe_http_request_free(conn_public
->sipe_private
,
610 SIPE_HTTP_STATUS_CANCELLED
);
613 void sipe_http_request_session(struct sipe_http_request
*request
,
614 struct sipe_http_session
*session
)
616 request
->session
= session
;
619 void sipe_http_request_allow_redirect(struct sipe_http_request
*request
)
621 request
->flags
|= SIPE_HTTP_REQUEST_FLAG_REDIRECT
;
624 void sipe_http_request_authentication(struct sipe_http_request
*request
,
626 const gchar
*password
)
628 request
->flags
|= SIPE_HTTP_REQUEST_FLAG_AUTHDATA
;
629 request
->user
= user
;
630 request
->password
= password
;