search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
filetransfer: use 'deallocate' callback in sipe_file_transfer
[siplcs.git] / src / core / sipe-http-request.c
blobc029c61454cd3205939be756161f59dd1bbc4473
1 /**
2 * @file sipe-http-request.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013-2015 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 *
23 *
24 * SIPE HTTP request layer implementation
25 *
26 * - request handling: creation, parameters, deletion, cancelling
27 * - session handling: creation, closing
28 * - client authorization handling
29 * - connection request queue handling
30 * - compile HTTP header contents and hand-off to transport layer
31 * - process HTTP response and hand-off to user callback
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #include <string.h>
39
40 #include <glib.h>
41
42 #include "sipmsg.h"
43 #include "sip-sec.h"
44 #include "sipe-backend.h"
45 #include "sipe-core.h"
46 #include "sipe-core-private.h"
47 #include "sipe-http.h"
48
49 #define _SIPE_HTTP_PRIVATE_IF_REQUEST
50 #include "sipe-http-request.h"
51 #define _SIPE_HTTP_PRIVATE_IF_TRANSPORT
52 #include "sipe-http-transport.h"
53
54 struct sipe_http_session {
55 gchar *cookie; /* extremely simplistic cookie jar :-) */
56 };
57
58 struct sipe_http_request {
59 struct sipe_http_connection_public *connection;
60
61 struct sipe_http_session *session;
62
63 gchar *path;
64 gchar *headers;
65 gchar *body; /* NULL for GET */
66 gchar *content_type; /* NULL if body == NULL */
67 gchar *authorization;
68
69 const gchar *user; /* not copied */
70 const gchar *password; /* not copied */
71
72 sipe_http_response_callback *cb;
73 gpointer cb_data;
74
75 guint32 flags;
76 };
77
78 #define SIPE_HTTP_REQUEST_FLAG_FIRST 0x00000001
79 #define SIPE_HTTP_REQUEST_FLAG_REDIRECT 0x00000002
80 #define SIPE_HTTP_REQUEST_FLAG_AUTHDATA 0x00000004
81 #define SIPE_HTTP_REQUEST_FLAG_HANDSHAKE 0x00000008
82
83 static void sipe_http_request_free(struct sipe_core_private *sipe_private,
84 struct sipe_http_request *req,
85 guint status)
86 {
87 if (req->cb)
88 /* Callback: aborted/failed/cancelled */
89 (*req->cb)(sipe_private,
90 status,
91 NULL,
92 NULL,
93 req->cb_data);
94 g_free(req->path);
95 g_free(req->headers);
96 g_free(req->body);
97 g_free(req->content_type);
98 g_free(req->authorization);
99 g_free(req);
100 }
101
102 static void sipe_http_request_send(struct sipe_http_connection_public *conn_public)
103 {
104 struct sipe_http_request *req = conn_public->pending_requests->data;
105 gchar *header;
106 gchar *content = NULL;
107 gchar *cookie = NULL;
108
109 if (req->body)
110 content = g_strdup_printf("Content-Length: %" G_GSIZE_FORMAT "\r\n"
111 "Content-Type: %s\r\n",
112 strlen(req->body),
113 req->content_type);
114
115 if (req->session && req->session->cookie)
116 cookie = g_strdup_printf("Cookie: %s\r\n", req->session->cookie);
117
118 header = g_strdup_printf("%s /%s HTTP/1.1\r\n"
119 "Host: %s\r\n"
120 "User-Agent: Sipe/" PACKAGE_VERSION "\r\n"
121 "%s%s%s%s",
122 content ? "POST" : "GET",
123 req->path,
124 conn_public->host,
125 conn_public->cached_authorization ? conn_public->cached_authorization :
126 req->authorization ? req->authorization : "",
127 req->headers ? req->headers : "",
128 cookie ? cookie : "",
129 content ? content : "");
130 g_free(cookie);
131 g_free(content);
132
133 /* only use authorization once */
134 g_free(req->authorization);
135 req->authorization = NULL;
136
137 sipe_http_transport_send(conn_public,
138 header,
139 req->body);
140 g_free(header);
141 }
142
143 gboolean sipe_http_request_pending(struct sipe_http_connection_public *conn_public)
144 {
145 return(conn_public->pending_requests != NULL);
146 }
147
148 void sipe_http_request_next(struct sipe_http_connection_public *conn_public)
149 {
150 sipe_http_request_send(conn_public);
151 }
152
153 static void sipe_http_request_enqueue(struct sipe_core_private *sipe_private,
154 struct sipe_http_request *req,
155 const struct sipe_http_parsed_uri *parsed_uri)
156 {
157 struct sipe_http_connection_public *conn_public;
158
159 req->path = g_strdup(parsed_uri->path);
160 req->connection = conn_public = sipe_http_transport_new(sipe_private,
161 parsed_uri->host,
162 parsed_uri->port,
163 parsed_uri->tls);
164 if (!sipe_http_request_pending(conn_public))
165 req->flags |= SIPE_HTTP_REQUEST_FLAG_FIRST;
166
167 conn_public->pending_requests = g_slist_append(conn_public->pending_requests,
168 req);
169 }
170
171 static void sipe_http_request_drop_context(struct sipe_http_connection_public *conn_public)
172 {
173 g_free(conn_public->cached_authorization);
174 conn_public->cached_authorization = NULL;
175 sip_sec_destroy_context(conn_public->context);
176 conn_public->context = NULL;
177 }
178
179 static void sipe_http_request_finalize_negotiate(struct sipe_http_request *req,
180 struct sipmsg *msg)
181 {
182 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
183 /*
184 * Negotiate can send a final package in the successful response.
185 * We need to forward this to the context or otherwise it will
186 * never reach the ready state.
187 */
188 struct sipe_http_connection_public *conn_public = req->connection;
189
190 if (sip_sec_context_type(conn_public->context) == SIPE_AUTHENTICATION_TYPE_NEGOTIATE) {
191 const gchar *header = sipmsg_find_auth_header(msg, "Negotiate");
192
193 if (header) {
194 gchar **parts = g_strsplit(header, " ", 0);
195 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
196 gchar *token;
197
198 SIPE_DEBUG_INFO("sipe_http_request_finalize_negotiate: init context target '%s' token '%s'",
199 spn, parts[1] ? parts[1] : "<NULL>");
200
201 if (sip_sec_init_context_step(conn_public->context,
202 spn,
203 parts[1],
204 &token,
205 NULL)) {
206 g_free(token);
207 } else {
208 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_finalize_negotiate: security context init step failed, throwing away context");
209 sipe_http_request_drop_context(conn_public);
210 }
211
212 g_free(spn);
213 g_strfreev(parts);
214 }
215 }
216 #else
217 (void) req; /* keep compiler happy */
218 (void) msg; /* keep compiler happy */
219 #endif
220 }
221
222
223 /* TRUE indicates failure */
224 static gboolean sipe_http_request_response_redirection(struct sipe_core_private *sipe_private,
225 struct sipe_http_request *req,
226 struct sipmsg *msg)
227 {
228 const gchar *location = sipmsg_find_header(msg, "Location");
229 gboolean failed = TRUE;
230
231 sipe_http_request_finalize_negotiate(req, msg);
232
233 if (location) {
234 struct sipe_http_parsed_uri *parsed_uri = sipe_http_parse_uri(location);
235
236 if (parsed_uri) {
237 /* remove request from old connection */
238 struct sipe_http_connection_public *conn_public = req->connection;
239 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
240 req);
241
242 /* free old request data */
243 g_free(req->path);
244 req->flags &= ~( SIPE_HTTP_REQUEST_FLAG_FIRST |
245 SIPE_HTTP_REQUEST_FLAG_HANDSHAKE );
246
247 /* resubmit request on other connection */
248 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
249 failed = FALSE;
250
251 sipe_http_parsed_uri_free(parsed_uri);
252 } else
253 SIPE_DEBUG_INFO("sipe_http_request_response_redirection: invalid redirection to '%s'",
254 location);
255 } else
256 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_redirection: no URL found?!?");
257
258 return(failed);
259 }
260
261 /* TRUE indicates failure */
262 static gboolean sipe_http_request_response_unauthorized(struct sipe_core_private *sipe_private,
263 struct sipe_http_request *req,
264 struct sipmsg *msg)
265 {
266 struct sipe_http_connection_public *conn_public = req->connection;
267 const gchar *header = NULL;
268 guint type;
269 gboolean failed = TRUE;
270
271 /*
272 * There are some buggy HTTP servers out there that add superfluous
273 * WWW-Authenticate: headers during the authentication handshake.
274 * Look only for the header of the active security context.
275 */
276 if (conn_public->context) {
277 const gchar *name = sip_sec_context_name(conn_public->context);
278
279 header = sipmsg_find_auth_header(msg, name);
280 type = sip_sec_context_type(conn_public->context);
281
282 if (!header) {
283 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: expected authentication scheme %s not found",
284 name);
285 return(failed);
286 }
287
288 if (conn_public->cached_authorization) {
289 /*
290 * The "Basic" scheme doesn't have any state.
291 *
292 * If we enter here then we have already tried "Basic"
293 * authentication once for this request and it was
294 * rejected by the server. As all future requests will
295 * also be rejected, we need to abort here in order to
296 * prevent an endless request/401/request/... loop.
297 */
298 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: Basic authentication has failed for host '%s', please check user name and password!",
299 conn_public->host);
300 return(failed);
301 }
302
303 } else {
304 #if defined(HAVE_GSSAPI_GSSAPI_H) || defined(HAVE_SSPI)
305 #define DEBUG_STRING ", NTLM and Negotiate"
306 /* Use "Negotiate" unless the user requested "NTLM" */
307 if (sipe_private->authentication_type != SIPE_AUTHENTICATION_TYPE_NTLM)
308 header = sipmsg_find_auth_header(msg, "Negotiate");
309 if (header) {
310 type = SIPE_AUTHENTICATION_TYPE_NEGOTIATE;
311 } else
312 #else
313 #define DEBUG_STRING " and NTLM"
314 (void) sipe_private; /* keep compiler happy */
315 #endif
316 {
317 header = sipmsg_find_auth_header(msg, "NTLM");
318 type = SIPE_AUTHENTICATION_TYPE_NTLM;
319 }
320
321 /* only fall back to "Basic" after everything else fails */
322 if (!header) {
323 header = sipmsg_find_auth_header(msg, "Basic");
324 type = SIPE_AUTHENTICATION_TYPE_BASIC;
325 }
326 }
327
328 if (header) {
329 if (!conn_public->context) {
330 gboolean valid = req->flags & SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
331 conn_public->context = sip_sec_create_context(type,
332 !valid, /* Single Sign-On flag */
333 TRUE, /* connection-based for HTTP */
334 valid ? req->user : NULL,
335 valid ? req->password : NULL);
336 }
337
338 if (conn_public->context) {
339 gchar **parts = g_strsplit(header, " ", 0);
340 gchar *spn = g_strdup_printf("HTTP/%s", conn_public->host);
341 gchar *token_out;
342 const gchar *token_in = parts[1];
343
344 SIPE_DEBUG_INFO("sipe_http_request_response_unauthorized: init context target '%s' token '%s'",
345 spn, token_in ? token_in : "<NULL>");
346
347 /*
348 * If we receive a NULL token during the handshake
349 * then the authentication scheme has failed.
350 */
351 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_HANDSHAKE) &&
352 !token_in) {
353 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: authentication failed, throwing away context");
354 sipe_http_request_drop_context(conn_public);
355
356 } else if (sip_sec_init_context_step(conn_public->context,
357 spn,
358 token_in,
359 &token_out,
360 NULL)) {
361
362 /* handshake has started */
363 req->flags |= SIPE_HTTP_REQUEST_FLAG_HANDSHAKE;
364
365 /* generate authorization header */
366 req->authorization = g_strdup_printf("Authorization: %s %s\r\n",
367 sip_sec_context_name(conn_public->context),
368 token_out ? token_out : "");
369 g_free(token_out);
370
371 /*
372 * authorization never changes for Basic
373 * authentication scheme, so we can keep it.
374 */
375 if (type == SIPE_AUTHENTICATION_TYPE_BASIC) {
376 g_free(conn_public->cached_authorization);
377 conn_public->cached_authorization = g_strdup(req->authorization);
378 }
379
380 /*
381 * Keep the request in the queue. As it is at
382 * the head it will be pulled automatically
383 * by the transport layer after returning.
384 */
385 failed = FALSE;
386
387 } else {
388 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context init step failed, throwing away context");
389 sipe_http_request_drop_context(conn_public);
390 }
391
392 g_free(spn);
393 g_strfreev(parts);
394 } else
395 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: security context creation failed");
396 } else
397 SIPE_DEBUG_INFO_NOFORMAT("sipe_http_request_response_unauthorized: only Basic" DEBUG_STRING " authentication schemes are supported");
398
399 return(failed);
400 }
401
402 static void sipe_http_request_response_callback(struct sipe_core_private *sipe_private,
403 struct sipe_http_request *req,
404 struct sipmsg *msg)
405 {
406 const gchar *hdr;
407
408 sipe_http_request_finalize_negotiate(req, msg);
409
410 /* Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net */
411 if (req->session &&
412 ((hdr = sipmsg_find_header(msg, "Set-Cookie")) != NULL)) {
413 gchar **parts, **current;
414 const gchar *part;
415 gchar *new = NULL;
416
417 g_free(req->session->cookie);
418 req->session->cookie = NULL;
419
420 current = parts = g_strsplit(hdr, ";", 0);
421 while ((part = *current++) != NULL) {
422 /* strip these parts from cookie */
423 if (!(strstr(part, "path=") ||
424 strstr(part, "domain=") ||
425 strstr(part, "expires=") ||
426 strstr(part, "secure"))) {
427 gchar *tmp = new;
428 new = new ?
429 g_strconcat(new, ";", part, NULL) :
430 g_strdup(part);
431 g_free(tmp);
432 }
433 }
434 g_strfreev(parts);
435
436 if (new) {
437 req->session->cookie = new;
438 SIPE_DEBUG_INFO("sipe_http_request_response_callback: cookie: %s", new);
439 }
440 }
441
442 /* Callback: success */
443 (*req->cb)(sipe_private,
444 msg->response,
445 msg->headers,
446 msg->body,
447 req->cb_data);
448
449 /* remove completed request */
450 sipe_http_request_cancel(req);
451 }
452
453 void sipe_http_request_response(struct sipe_http_connection_public *conn_public,
454 struct sipmsg *msg)
455 {
456 struct sipe_core_private *sipe_private = conn_public->sipe_private;
457 struct sipe_http_request *req = conn_public->pending_requests->data;
458 gboolean failed;
459
460 if ((req->flags & SIPE_HTTP_REQUEST_FLAG_REDIRECT) &&
461 (msg->response >= SIPE_HTTP_STATUS_REDIRECTION) &&
462 (msg->response < SIPE_HTTP_STATUS_CLIENT_ERROR)) {
463 failed = sipe_http_request_response_redirection(sipe_private,
464 req,
465 msg);
466
467 } else if (msg->response == SIPE_HTTP_STATUS_CLIENT_UNAUTHORIZED) {
468 failed = sipe_http_request_response_unauthorized(sipe_private,
469 req,
470 msg);
471
472 } else {
473 /* On some errors throw away the security context */
474 if (((msg->response == SIPE_HTTP_STATUS_CLIENT_FORBIDDEN) ||
475 (msg->response == SIPE_HTTP_STATUS_CLIENT_PROXY_AUTH) ||
476 (msg->response >= SIPE_HTTP_STATUS_SERVER_ERROR)) &&
477 conn_public->context) {
478 SIPE_DEBUG_INFO("sipe_http_request_response: response was %d, throwing away security context",
479 msg->response);
480 sipe_http_request_drop_context(conn_public);
481 }
482
483 /* All other cases are passed on to the user */
484 sipe_http_request_response_callback(sipe_private, req, msg);
485
486 /* req is no longer valid */
487 failed = FALSE;
488 }
489
490 if (failed) {
491 /* Callback: request failed */
492 (*req->cb)(sipe_private,
493 SIPE_HTTP_STATUS_FAILED,
494 NULL,
495 NULL,
496 req->cb_data);
497
498 /* remove failed request */
499 sipe_http_request_cancel(req);
500 }
501 }
502
503 void sipe_http_request_shutdown(struct sipe_http_connection_public *conn_public,
504 gboolean abort)
505 {
506 if (conn_public->pending_requests) {
507 GSList *entry = conn_public->pending_requests;
508 while (entry) {
509 sipe_http_request_free(conn_public->sipe_private,
510 entry->data,
511 abort ?
512 SIPE_HTTP_STATUS_ABORTED :
513 SIPE_HTTP_STATUS_FAILED);
514 entry = entry->next;
515 }
516 g_slist_free(conn_public->pending_requests);
517 conn_public->pending_requests = NULL;
518 }
519
520 if (conn_public->context) {
521 g_free(conn_public->cached_authorization);
522 conn_public->cached_authorization = NULL;
523 sip_sec_destroy_context(conn_public->context);
524 conn_public->context = NULL;
525 }
526 }
527
528 struct sipe_http_request *sipe_http_request_new(struct sipe_core_private *sipe_private,
529 const struct sipe_http_parsed_uri *parsed_uri,
530 const gchar *headers,
531 const gchar *body,
532 const gchar *content_type,
533 sipe_http_response_callback *callback,
534 gpointer callback_data)
535 {
536 struct sipe_http_request *req;
537 if (!parsed_uri)
538 return(NULL);
539 if (sipe_http_shutting_down(sipe_private)) {
540 SIPE_DEBUG_ERROR("sipe_http_request_new: new HTTP request during shutdown: THIS SHOULD NOT HAPPEN! Debugging information:\n"
541 "Host: %s\n"
542 "Port: %d\n"
543 "Path: %s\n"
544 "Headers: %s\n"
545 "Body: %s\n",
546 parsed_uri->host,
547 parsed_uri->port,
548 parsed_uri->path,
549 headers ? headers : "<NONE>",
550 body ? body : "<EMPTY>");
551 return(NULL);
552 }
553
554 req = g_new0(struct sipe_http_request, 1);
555 req->flags = 0;
556 req->cb = callback;
557 req->cb_data = callback_data;
558 if (headers)
559 req->headers = g_strdup(headers);
560 if (body) {
561 req->body = g_strdup(body);
562 req->content_type = g_strdup(content_type);
563 }
564
565 /* default authentication */
566 if (!SIPE_CORE_PRIVATE_FLAG_IS(SSO))
567 sipe_http_request_authentication(req,
568 sipe_private->authuser,
569 sipe_private->password);
570
571 sipe_http_request_enqueue(sipe_private, req, parsed_uri);
572
573 return(req);
574 }
575
576 void sipe_http_request_ready(struct sipe_http_request *request)
577 {
578 struct sipe_http_connection_public *conn_public = request->connection;
579
580 /* pass first request on already opened connection through directly */
581 if ((request->flags & SIPE_HTTP_REQUEST_FLAG_FIRST) &&
582 conn_public->connected)
583 sipe_http_request_send(conn_public);
584 }
585
586 struct sipe_http_session *sipe_http_session_start(void)
587 {
588 return(g_new0(struct sipe_http_session, 1));
589 }
590
591 void sipe_http_session_close(struct sipe_http_session *session)
592 {
593 if (session) {
594 g_free(session->cookie);
595 g_free(session);
596 }
597 }
598
599 void sipe_http_request_cancel(struct sipe_http_request *request)
600 {
601 struct sipe_http_connection_public *conn_public = request->connection;
602 conn_public->pending_requests = g_slist_remove(conn_public->pending_requests,
603 request);
604
605 /* cancelled by requester, don't use callback */
606 request->cb = NULL;
607
608 sipe_http_request_free(conn_public->sipe_private,
609 request,
610 SIPE_HTTP_STATUS_CANCELLED);
611 }
612
613 void sipe_http_request_session(struct sipe_http_request *request,
614 struct sipe_http_session *session)
615 {
616 request->session = session;
617 }
618
619 void sipe_http_request_allow_redirect(struct sipe_http_request *request)
620 {
621 request->flags |= SIPE_HTTP_REQUEST_FLAG_REDIRECT;
622 }
623
624 void sipe_http_request_authentication(struct sipe_http_request *request,
625 const gchar *user,
626 const gchar *password)
627 {
628 request->flags |= SIPE_HTTP_REQUEST_FLAG_AUTHDATA;
629 request->user = user;
630 request->password = password;
631 }
632
633 /*
634 Local Variables:
635 mode: c
636 c-file-style: "bsd"
637 indent-tabs-mode: t
638 tab-width: 8
639 End:
640 */
A third-party Pidgin plugin for Microsoft LCS/OCS