Context Navigation

source: lib/http_client.c @ 792a93b

Last change on this file since 792a93b was 792a93b, checked in by Wilmer van der Gaast <wilmer@…>, at 2011-12-23T12:44:08Z
Merging SSL certificate verification for GnuTLS, with help from AopicieR.
Property mode set to `100644`
File size: 12.7 KB

Rev	Line
[8a9afe4]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
[03a8f8e]	4	* Copyright 2002-2011 Wilmer van der Gaast and others *
[8a9afe4]	5	\********************************************************************/
	6
[52b3a99]	7	/* HTTP(S) module */
[8a9afe4]	8
	9	/*
	10	This program is free software; you can redistribute it and/or modify
	11	it under the terms of the GNU General Public License as published by
	12	the Free Software Foundation; either version 2 of the License, or
	13	(at your option) any later version.
	14
	15	This program is distributed in the hope that it will be useful,
	16	but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	GNU General Public License for more details.
	19
	20	You should have received a copy of the GNU General Public License with
	21	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	22	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	23	Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
	26	#include <string.h>
[52b3a99]	27	#include <stdio.h>
[8a9afe4]	28
	29	#include "http_client.h"
[52b3a99]	30	#include "url.h"
[e4d6271]	31	#include "sock.h"
[8a9afe4]	32
	33
[ba9edaa]	34	static gboolean http_connected( gpointer data, int source, b_input_condition cond );
[486ddb5]	35	static gboolean http_ssl_connected( gpointer data, int returncode, void *source, b_input_condition cond );
[ba9edaa]	36	static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond );
[516a9c6]	37	static void http_free( struct http_request *req );
[8a9afe4]	38
	39
[516a9c6]	40	struct http_request http_dorequest( char host, int port, int ssl, char *request, http_input_function func, gpointer data )
[8a9afe4]	41	{
	42	struct http_request *req;
	43	int error = 0;
	44
	45	req = g_new0( struct http_request, 1 );
	46
	47	if( ssl )
	48	{
[a72dc2b]	49	req->ssl = ssl_connect( host, port, TRUE, http_ssl_connected, req );
[8a9afe4]	50	if( req->ssl == NULL )
	51	error = 1;
	52	}
	53	else
	54	{
	55	req->fd = proxy_connect( host, port, http_connected, req );
	56	if( req->fd < 0 )
	57	error = 1;
	58	}
	59
	60	if( error )
	61	{
[fb98634]	62	http_free( req );
	63	return NULL;
[8a9afe4]	64	}
	65
[52b3a99]	66	req->func = func;
	67	req->data = data;
[8a9afe4]	68	req->request = g_strdup( request );
	69	req->request_length = strlen( request );
[7885d0f]	70	req->redir_ttl = 3;
[8a9afe4]	71
[3f808ca]	72	if( getenv( "BITLBEE_DEBUG" ) )
	73	printf( "About to send HTTP request:\n%s\n", req->request );
	74
[8a9afe4]	75	return( req );
	76	}
	77
[516a9c6]	78	struct http_request http_dorequest_url( char url_string, http_input_function func, gpointer data )
[0790644]	79	{
	80	url_t *url = g_new0( url_t, 1 );
	81	char *request;
	82	void *ret;
	83
	84	if( !url_set( url, url_string ) )
	85	{
	86	g_free( url );
	87	return NULL;
	88	}
	89
	90	if( url->proto != PROTO_HTTP && url->proto != PROTO_HTTPS )
	91	{
	92	g_free( url );
	93	return NULL;
	94	}
	95
	96	request = g_strdup_printf( "GET %s HTTP/1.0\r\n"
	97	"Host: %s\r\n"
[2423c93]	98	"Connection: close\r\n"
[1b5ab36]	99	"User-Agent: BitlBee " BITLBEE_VERSION " " ARCH "/" CPU "\r\n"
[0790644]	100	"\r\n", url->file, url->host );
	101
	102	ret = http_dorequest( url->host, url->port,
	103	url->proto == PROTO_HTTPS, request, func, data );
	104
	105	g_free( url );
	106	g_free( request );
[266fe2f]	107	return ret;
[0790644]	108	}
	109
[8a9afe4]	110	/* This one is actually pretty simple... Might get more calls if we can't write
	111	the whole request at once. */
[ba9edaa]	112	static gboolean http_connected( gpointer data, int source, b_input_condition cond )
[8a9afe4]	113	{
	114	struct http_request *req = data;
	115	int st;
	116
	117	if( source < 0 )
	118	goto error;
	119
	120	if( req->inpa > 0 )
[ba9edaa]	121	b_event_remove( req->inpa );
[8a9afe4]	122
	123	sock_make_nonblocking( req->fd );
	124
	125	if( req->ssl )
	126	{
	127	st = ssl_write( req->ssl, req->request + req->bytes_written,
	128	req->request_length - req->bytes_written );
	129	if( st < 0 )
	130	{
	131	if( ssl_errno != SSL_AGAIN )
	132	{
	133	ssl_disconnect( req->ssl );
	134	goto error;
	135	}
	136	}
	137	}
	138	else
	139	{
	140	st = write( source, req->request + req->bytes_written,
	141	req->request_length - req->bytes_written );
	142	if( st < 0 )
	143	{
	144	if( !sockerr_again() )
	145	{
[52b3a99]	146	closesocket( req->fd );
[8a9afe4]	147	goto error;
	148	}
	149	}
	150	}
	151
	152	if( st > 0 )
	153	req->bytes_written += st;
	154
	155	if( req->bytes_written < req->request_length )
[ba9edaa]	156	req->inpa = b_input_add( source,
[e046390]	157	req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_WRITE,
[ba9edaa]	158	http_connected, req );
[8a9afe4]	159	else
[e046390]	160	req->inpa = b_input_add( source, B_EV_IO_READ, http_incoming_data, req );
[8a9afe4]	161
[ba9edaa]	162	return FALSE;
[8a9afe4]	163
	164	error:
[a72dc2b]	165	if( req->status_string == NULL )
	166	req->status_string = g_strdup( "Error while writing HTTP request" );
[7deb447]	167
[8a9afe4]	168	req->func( req );
[fb98634]	169	http_free( req );
[ba9edaa]	170	return FALSE;
[8a9afe4]	171	}
	172
[486ddb5]	173	static gboolean http_ssl_connected( gpointer data, int returncode, void *source, b_input_condition cond )
[8a9afe4]	174	{
	175	struct http_request *req = data;
	176
	177	if( source == NULL )
[a72dc2b]	178	{
	179	if( returncode != 0 )
	180	{
	181	char *err = ssl_verify_strerror( returncode );
	182	req->status_string = g_strdup_printf(
	183	"Certificate verification problem 0x%x: %s",
	184	returncode, err ? err : "Unknown" );
	185	g_free( err );
	186	}
[8a9afe4]	187	return http_connected( data, -1, cond );
[a72dc2b]	188	}
[8a9afe4]	189
	190	req->fd = ssl_getfd( source );
	191
	192	return http_connected( data, req->fd, cond );
	193	}
	194
[ba9edaa]	195	static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond )
[8a9afe4]	196	{
	197	struct http_request *req = data;
	198	int evil_server = 0;
	199	char buffer[2048];
	200	char end1, end2;
	201	int st;
	202
	203	if( req->inpa > 0 )
[ba9edaa]	204	b_event_remove( req->inpa );
[8a9afe4]	205
	206	if( req->ssl )
	207	{
	208	st = ssl_read( req->ssl, buffer, sizeof( buffer ) );
	209	if( st < 0 )
	210	{
	211	if( ssl_errno != SSL_AGAIN )
	212	{
[ad8b8a3]	213	/* goto cleanup; */
	214
	215	/* YAY! We have to deal with crappy Microsoft
	216	servers that LOVE to send invalid TLS
	217	packets that abort connections! \o/ */
	218
	219	goto got_reply;
[8a9afe4]	220	}
	221	}
	222	else if( st == 0 )
	223	{
	224	goto got_reply;
	225	}
	226	}
	227	else
	228	{
	229	st = read( req->fd, buffer, sizeof( buffer ) );
	230	if( st < 0 )
	231	{
	232	if( !sockerr_again() )
	233	{
[7deb447]	234	req->status_string = g_strdup( strerror( errno ) );
[8a9afe4]	235	goto cleanup;
	236	}
	237	}
	238	else if( st == 0 )
	239	{
	240	goto got_reply;
	241	}
	242	}
	243
	244	if( st > 0 )
	245	{
	246	req->reply_headers = g_realloc( req->reply_headers, req->bytes_read + st + 1 );
	247	memcpy( req->reply_headers + req->bytes_read, buffer, st );
[52b3a99]	248	req->bytes_read += st;
[8a9afe4]	249	}
	250
	251	/* There will be more! */
[ba9edaa]	252	req->inpa = b_input_add( req->fd,
[e046390]	253	req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_READ,
[ba9edaa]	254	http_incoming_data, req );
[8a9afe4]	255
[80acb6d]	256	if( ssl_pending( req->ssl ) )
	257	return http_incoming_data( data, source, cond );
	258	else
	259	return FALSE;
[8a9afe4]	260
	261	got_reply:
[0602496]	262	/* Maybe if the webserver is overloaded, or when there's bad SSL
	263	support... */
	264	if( req->bytes_read == 0 )
[7deb447]	265	{
	266	req->status_string = g_strdup( "Empty HTTP reply" );
[0602496]	267	goto cleanup;
[7deb447]	268	}
[0602496]	269
[8a9afe4]	270	/* Zero termination is very convenient. */
	271	req->reply_headers[req->bytes_read] = 0;
	272
	273	/* Find the separation between headers and body, and keep stupid
	274	webservers in mind. */
	275	end1 = strstr( req->reply_headers, "\r\n\r\n" );
	276	end2 = strstr( req->reply_headers, "\n\n" );
	277
	278	if( end2 && end2 < end1 )
	279	{
[52b3a99]	280	end1 = end2 + 1;
[8a9afe4]	281	evil_server = 1;
	282	}
[0eec386]	283	else if( end1 )
[52b3a99]	284	{
	285	end1 += 2;
	286	}
[0eec386]	287	else
[8a9afe4]	288	{
[7deb447]	289	req->status_string = g_strdup( "Malformed HTTP reply" );
[0eec386]	290	goto cleanup;
[52b3a99]	291	}
	292
[0eec386]	293	*end1 = 0;
	294
[bd31661]	295	if( getenv( "BITLBEE_DEBUG" ) )
[3f808ca]	296	printf( "HTTP response headers:\n%s\n", req->reply_headers );
[bd31661]	297
[0eec386]	298	if( evil_server )
	299	req->reply_body = end1 + 1;
	300	else
	301	req->reply_body = end1 + 2;
	302
[41e5202]	303	req->body_size = req->reply_headers + req->bytes_read - req->reply_body;
[0eec386]	304
[52b3a99]	305	if( ( end1 = strchr( req->reply_headers, ' ' ) ) != NULL )
	306	{
	307	if( sscanf( end1 + 1, "%d", &req->status_code ) != 1 )
[7deb447]	308	{
	309	req->status_string = g_strdup( "Can't parse status code" );
[52b3a99]	310	req->status_code = -1;
[7deb447]	311	}
	312	else
	313	{
	314	char *eol;
	315
	316	if( evil_server )
	317	eol = strchr( end1, '\n' );
	318	else
	319	eol = strchr( end1, '\r' );
	320
	321	req->status_string = g_strndup( end1 + 1, eol - end1 - 1 );
	322
	323	/* Just to be sure... */
	324	if( ( eol = strchr( req->status_string, '\r' ) ) )
	325	*eol = 0;
	326	if( ( eol = strchr( req->status_string, '\n' ) ) )
	327	*eol = 0;
	328	}
[52b3a99]	329	}
	330	else
	331	{
[7deb447]	332	req->status_string = g_strdup( "Can't locate status code" );
[52b3a99]	333	req->status_code = -1;
	334	}
	335
[3f808ca]	336	if( ( ( req->status_code >= 301 && req->status_code <= 303 ) \|\|
	337	req->status_code == 307 ) && req->redir_ttl-- > 0 )
[52b3a99]	338	{
	339	char loc, new_request, *new_host;
	340	int error = 0, new_port, new_proto;
	341
[7deb447]	342	/* We might fill it again, so let's not leak any memory. */
	343	g_free( req->status_string );
	344	req->status_string = NULL;
	345
[52b3a99]	346	loc = strstr( req->reply_headers, "\nLocation: " );
	347	if( loc == NULL ) /* We can't handle this redirect... */
[7deb447]	348	{
	349	req->status_string = g_strdup( "Can't locate Location: header" );
[52b3a99]	350	goto cleanup;
[7deb447]	351	}
[52b3a99]	352
	353	loc += 11;
	354	while( *loc == ' ' )
	355	loc ++;
	356
	357	/* TODO/FIXME: Possibly have to handle relative redirections,
	358	and rewrite Host: headers. Not necessary for now, it's
	359	enough for passport authentication like this. */
	360
	361	if( *loc == '/' )
	362	{
	363	/* Just a different pathname... */
	364
	365	/* Since we don't cache the servername, and since we
	366	don't need this yet anyway, I won't implement it. */
	367
[7deb447]	368	req->status_string = g_strdup( "Can't handle recursive redirects" );
	369
[52b3a99]	370	goto cleanup;
	371	}
[8a9afe4]	372	else
[52b3a99]	373	{
	374	/* A whole URL */
	375	url_t *url;
	376	char *s;
[03a8f8e]	377	const char *new_method;
[52b3a99]	378
	379	s = strstr( loc, "\r\n" );
	380	if( s == NULL )
	381	goto cleanup;
	382
	383	url = g_new0( url_t, 1 );
	384	*s = 0;
	385
	386	if( !url_set( url, loc ) )
	387	{
[7deb447]	388	req->status_string = g_strdup( "Malformed redirect URL" );
[52b3a99]	389	g_free( url );
	390	goto cleanup;
	391	}
	392
[03a8f8e]	393	/* Find all headers and, if necessary, the POST request contents.
	394	Skip the old Host: header though. This crappy code here means
	395	anything using this http_client MUST put the Host: header at
	396	the top. */
[dff732d]	397	if( !( ( s = strstr( req->request, "\r\nHost: " ) ) &&
	398	( s = strstr( s + strlen( "\r\nHost: " ), "\r\n" ) ) ) )
[52b3a99]	399	{
[7deb447]	400	req->status_string = g_strdup( "Error while rebuilding request string" );
[52b3a99]	401	g_free( url );
	402	goto cleanup;
	403	}
	404
[03a8f8e]	405	/* More or less HTTP/1.0 compliant, from my reading of RFC 2616.
	406	Always perform a GET request unless we received a 301. 303 was
	407	meant for this but it's HTTP/1.1-only and we're specifically
[3f808ca]	408	speaking HTTP/1.0. ...
	409
	410	Well except someone at identi.ca's didn't bother reading any
	411	RFCs and just return HTTP/1.1-specific status codes to HTTP/1.0
	412	requests. Fuckers. So here we are, handle 301..303,307. */
	413	if( strncmp( req->request, "GET", 3 ) == 0 )
	414	/* GETs never become POSTs. */
	415	new_method = "GET";
	416	else if( req->status_code == 302 \|\| req->status_code == 303 )
	417	/* 302 de-facto becomes GET, 303 as specified by RFC 2616#10.3.3 */
	418	new_method = "GET";
	419	else
	420	/* 301 de-facto should stay POST, 307 specifally RFC 2616#10.3.8 */
	421	new_method = "POST";
[03a8f8e]	422
	423	/* Okay, this isn't fun! We have to rebuild the request... :-( */
	424	new_request = g_strdup_printf( "%s %s HTTP/1.0\r\nHost: %s%s",
	425	new_method, url->file, url->host, s );
	426
[52b3a99]	427	new_host = g_strdup( url->host );
	428	new_port = url->port;
	429	new_proto = url->proto;
	430
[03a8f8e]	431	/* If we went from POST to GET, truncate the request content. */
	432	if( new_request[0] != req->request[0] && new_request[0] == 'G' &&
	433	( s = strstr( new_request, "\r\n\r\n" ) ) )
	434	s[4] = '\0';
	435
[52b3a99]	436	g_free( url );
	437	}
	438
	439	if( req->ssl )
	440	ssl_disconnect( req->ssl );
	441	else
	442	closesocket( req->fd );
	443
	444	req->fd = -1;
[7deb447]	445	req->ssl = NULL;
[52b3a99]	446
[bd31661]	447	if( getenv( "BITLBEE_DEBUG" ) )
[3f808ca]	448	printf( "New headers for redirected HTTP request:\n%s\n", new_request );
[bd31661]	449
[52b3a99]	450	if( new_proto == PROTO_HTTPS )
	451	{
[a72dc2b]	452	req->ssl = ssl_connect( new_host, new_port, TRUE, http_ssl_connected, req );
[52b3a99]	453	if( req->ssl == NULL )
	454	error = 1;
	455	}
	456	else
	457	{
	458	req->fd = proxy_connect( new_host, new_port, http_connected, req );
	459	if( req->fd < 0 )
	460	error = 1;
	461	}
[2db811a]	462	g_free( new_host );
[52b3a99]	463
	464	if( error )
	465	{
[7deb447]	466	req->status_string = g_strdup( "Connection problem during redirect" );
[52b3a99]	467	g_free( new_request );
	468	goto cleanup;
	469	}
	470
	471	g_free( req->request );
	472	g_free( req->reply_headers );
	473	req->request = new_request;
	474	req->request_length = strlen( new_request );
	475	req->bytes_read = req->bytes_written = req->inpa = 0;
	476	req->reply_headers = req->reply_body = NULL;
	477
[ba9edaa]	478	return FALSE;
[8a9afe4]	479	}
	480
	481	/* Assume that a closed connection means we're finished, this indeed
	482	breaks with keep-alive connections and faulty connections. */
	483	req->finished = 1;
	484
	485	cleanup:
	486	if( req->ssl )
	487	ssl_disconnect( req->ssl );
	488	else
[52b3a99]	489	closesocket( req->fd );
[8a9afe4]	490
[bd31661]	491	if( getenv( "BITLBEE_DEBUG" ) && req )
[3f808ca]	492	printf( "Finishing HTTP request with status: %s\n",
[bd31661]	493	req->status_string ? req->status_string : "NULL" );
	494
[8a9afe4]	495	req->func( req );
[fb98634]	496	http_free( req );
	497	return FALSE;
	498	}
	499
[516a9c6]	500	static void http_free( struct http_request *req )
[fb98634]	501	{
[8a9afe4]	502	g_free( req->request );
	503	g_free( req->reply_headers );
[7deb447]	504	g_free( req->status_string );
[8a9afe4]	505	g_free( req );
	506	}
[fb98634]	507

Note: See TracBrowser for help on using the repository browser.

Download in other formats: