You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
358 lines
12 KiB
358 lines
12 KiB
4 months ago
|
/*
|
||
|
* Private HTTP definitions for CUPS.
|
||
|
*
|
||
|
* Copyright 2007-2018 by Apple Inc.
|
||
|
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
|
||
|
*
|
||
|
* Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||
|
* information.
|
||
|
*/
|
||
|
|
||
|
#ifndef _CUPS_HTTP_PRIVATE_H_
|
||
|
# define _CUPS_HTTP_PRIVATE_H_
|
||
|
|
||
|
/*
|
||
|
* Include necessary headers...
|
||
|
*/
|
||
|
|
||
|
# include "config.h"
|
||
|
# include <cups/language.h>
|
||
|
# include <stddef.h>
|
||
|
# include <stdlib.h>
|
||
|
|
||
|
# ifdef __sun
|
||
|
# include <sys/select.h>
|
||
|
# endif /* __sun */
|
||
|
|
||
|
# include <limits.h>
|
||
|
# ifdef _WIN32
|
||
|
# define _WINSOCK_DEPRECATED_NO_WARNINGS 1
|
||
|
# include <io.h>
|
||
|
# include <winsock2.h>
|
||
|
# define CUPS_SOCAST (const char *)
|
||
|
# else
|
||
|
# include <unistd.h>
|
||
|
# include <fcntl.h>
|
||
|
# include <sys/socket.h>
|
||
|
# define CUPS_SOCAST
|
||
|
# endif /* _WIN32 */
|
||
|
|
||
|
# ifdef HAVE_GSSAPI
|
||
|
# ifdef HAVE_GSS_GSSAPI_H
|
||
|
# include <GSS/gssapi.h>
|
||
|
# elif defined(HAVE_GSSAPI_GSSAPI_H)
|
||
|
# include <gssapi/gssapi.h>
|
||
|
# elif defined(HAVE_GSSAPI_H)
|
||
|
# include <gssapi.h>
|
||
|
# endif /* HAVE_GSS_GSSAPI_H */
|
||
|
# ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
|
||
|
# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
|
||
|
# endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
|
||
|
# endif /* HAVE_GSSAPI */
|
||
|
|
||
|
# ifdef HAVE_AUTHORIZATION_H
|
||
|
# include <Security/Authorization.h>
|
||
|
# endif /* HAVE_AUTHORIZATION_H */
|
||
|
|
||
|
# if defined(__APPLE__) && !defined(_SOCKLEN_T)
|
||
|
/*
|
||
|
* macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
|
||
|
* unsigned type for length values...
|
||
|
*/
|
||
|
|
||
|
typedef int socklen_t;
|
||
|
# endif /* __APPLE__ && !_SOCKLEN_T */
|
||
|
|
||
|
# include <cups/http.h>
|
||
|
# include "ipp-private.h"
|
||
|
|
||
|
# ifdef HAVE_GNUTLS
|
||
|
# include <gnutls/gnutls.h>
|
||
|
# include <gnutls/x509.h>
|
||
|
# elif defined(HAVE_CDSASSL)
|
||
|
# include <CoreFoundation/CoreFoundation.h>
|
||
|
# include <Security/Security.h>
|
||
|
# include <Security/SecureTransport.h>
|
||
|
# ifdef HAVE_SECITEM_H
|
||
|
# include <Security/SecItem.h>
|
||
|
# endif /* HAVE_SECITEM_H */
|
||
|
# ifdef HAVE_SECCERTIFICATE_H
|
||
|
# include <Security/SecCertificate.h>
|
||
|
# include <Security/SecIdentity.h>
|
||
|
# endif /* HAVE_SECCERTIFICATE_H */
|
||
|
# elif defined(HAVE_SSPISSL)
|
||
|
# include <wincrypt.h>
|
||
|
# include <wintrust.h>
|
||
|
# include <schannel.h>
|
||
|
# define SECURITY_WIN32
|
||
|
# include <security.h>
|
||
|
# include <sspi.h>
|
||
|
# endif /* HAVE_GNUTLS */
|
||
|
|
||
|
# ifndef _WIN32
|
||
|
# include <net/if.h>
|
||
|
# include <resolv.h>
|
||
|
# ifdef HAVE_GETIFADDRS
|
||
|
# include <ifaddrs.h>
|
||
|
# else
|
||
|
# include <sys/ioctl.h>
|
||
|
# ifdef HAVE_SYS_SOCKIO_H
|
||
|
# include <sys/sockio.h>
|
||
|
# endif /* HAVE_SYS_SOCKIO_H */
|
||
|
# endif /* HAVE_GETIFADDRS */
|
||
|
# endif /* !_WIN32 */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* C++ magic...
|
||
|
*/
|
||
|
|
||
|
# ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
# endif /* __cplusplus */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Constants...
|
||
|
*/
|
||
|
|
||
|
# define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
|
||
|
# define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
|
||
|
# define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
|
||
|
# define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
|
||
|
# define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
|
||
|
|
||
|
# define _HTTP_TLS_NONE 0 /* No TLS options */
|
||
|
# define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
|
||
|
# define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
|
||
|
# define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
|
||
|
# define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
|
||
|
|
||
|
# define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
|
||
|
# define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
|
||
|
# define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
|
||
|
# define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
|
||
|
# define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
|
||
|
# define _HTTP_TLS_MAX 5 /* Highest known TLS version */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Types and functions for SSL support...
|
||
|
*/
|
||
|
|
||
|
# ifdef HAVE_GNUTLS
|
||
|
/*
|
||
|
* The GNU TLS library is more of a "bare metal" SSL/TLS library...
|
||
|
*/
|
||
|
|
||
|
typedef gnutls_session_t http_tls_t;
|
||
|
typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
|
||
|
|
||
|
# elif defined(HAVE_CDSASSL)
|
||
|
/*
|
||
|
* Darwin's Security framework provides its own SSL/TLS context structure
|
||
|
* for its IO and protocol management...
|
||
|
*/
|
||
|
|
||
|
typedef SSLContextRef http_tls_t;
|
||
|
typedef CFArrayRef http_tls_credentials_t;
|
||
|
|
||
|
# elif defined(HAVE_SSPISSL)
|
||
|
/*
|
||
|
* Windows' SSPI library gets a CUPS wrapper...
|
||
|
*/
|
||
|
|
||
|
typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/
|
||
|
{
|
||
|
CredHandle creds; /* Credentials */
|
||
|
CtxtHandle context; /* SSL context */
|
||
|
BOOL contextInitialized; /* Is context init'd? */
|
||
|
SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
|
||
|
BYTE *decryptBuffer; /* Data pre-decryption*/
|
||
|
size_t decryptBufferLength; /* Length of decrypt buffer */
|
||
|
size_t decryptBufferUsed; /* Bytes used in buffer */
|
||
|
BYTE *readBuffer; /* Data post-decryption */
|
||
|
int readBufferLength; /* Length of read buffer */
|
||
|
int readBufferUsed; /* Bytes used in buffer */
|
||
|
BYTE *writeBuffer; /* Data pre-encryption */
|
||
|
int writeBufferLength; /* Length of write buffer */
|
||
|
PCCERT_CONTEXT localCert, /* Local certificate */
|
||
|
remoteCert; /* Remote (peer's) certificate */
|
||
|
char error[256]; /* Most recent error message */
|
||
|
} _http_sspi_t;
|
||
|
typedef _http_sspi_t *http_tls_t;
|
||
|
typedef PCCERT_CONTEXT http_tls_credentials_t;
|
||
|
|
||
|
# else
|
||
|
/*
|
||
|
* Otherwise define stub types since we have no SSL support...
|
||
|
*/
|
||
|
|
||
|
typedef void *http_tls_t;
|
||
|
typedef void *http_tls_credentials_t;
|
||
|
# endif /* HAVE_GNUTLS */
|
||
|
|
||
|
typedef enum _http_coding_e /**** HTTP content coding enumeration ****/
|
||
|
{
|
||
|
_HTTP_CODING_IDENTITY, /* No content coding */
|
||
|
_HTTP_CODING_GZIP, /* LZ77+gzip decompression */
|
||
|
_HTTP_CODING_DEFLATE, /* LZ77+zlib compression */
|
||
|
_HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */
|
||
|
_HTTP_CODING_INFLATE /* LZ77+zlib decompression */
|
||
|
} _http_coding_t;
|
||
|
|
||
|
typedef enum _http_mode_e /**** HTTP mode enumeration ****/
|
||
|
{
|
||
|
_HTTP_MODE_CLIENT, /* Client connected to server */
|
||
|
_HTTP_MODE_SERVER /* Server connected (accepted) from client */
|
||
|
} _http_mode_t;
|
||
|
|
||
|
# ifndef _HTTP_NO_PRIVATE
|
||
|
struct _http_s /**** HTTP connection structure ****/
|
||
|
{
|
||
|
int fd; /* File descriptor for this socket */
|
||
|
int blocking; /* To block or not to block */
|
||
|
int error; /* Last error on read */
|
||
|
time_t activity; /* Time since last read/write */
|
||
|
http_state_t state; /* State of client */
|
||
|
http_status_t status; /* Status of last request */
|
||
|
http_version_t version; /* Protocol version */
|
||
|
http_keepalive_t keep_alive; /* Keep-alive supported? */
|
||
|
struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */
|
||
|
char hostname[HTTP_MAX_HOST],
|
||
|
/* Name of connected host */
|
||
|
_fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
|
||
|
/* Field values up to Accept-Encoding (deprecated) */
|
||
|
char *data; /* Pointer to data buffer */
|
||
|
http_encoding_t data_encoding; /* Chunked or not */
|
||
|
int _data_remaining;/* Number of bytes left (deprecated) */
|
||
|
int used; /* Number of bytes used in buffer */
|
||
|
char buffer[HTTP_MAX_BUFFER];
|
||
|
/* Buffer for incoming data */
|
||
|
int _auth_type; /* Authentication in use (deprecated) */
|
||
|
unsigned char _md5_state[88]; /* MD5 state (deprecated) */
|
||
|
char nonce[HTTP_MAX_VALUE];
|
||
|
/* Nonce value */
|
||
|
unsigned nonce_count; /* Nonce count */
|
||
|
http_tls_t tls; /* TLS state information */
|
||
|
http_encryption_t encryption; /* Encryption requirements */
|
||
|
|
||
|
/**** New in CUPS 1.1.19 ****/
|
||
|
fd_set *input_set; /* select() set for httpWait() (deprecated) */
|
||
|
http_status_t expect; /* Expect: header */
|
||
|
char *cookie; /* Cookie value(s) */
|
||
|
|
||
|
/**** New in CUPS 1.1.20 ****/
|
||
|
char _authstring[HTTP_MAX_VALUE],
|
||
|
/* Current Authorization value (deprecated) */
|
||
|
userpass[HTTP_MAX_VALUE];
|
||
|
/* Username:password string */
|
||
|
int digest_tries; /* Number of tries for digest auth */
|
||
|
|
||
|
/**** New in CUPS 1.2 ****/
|
||
|
off_t data_remaining; /* Number of bytes left */
|
||
|
http_addr_t *hostaddr; /* Current host address and port */
|
||
|
http_addrlist_t *addrlist; /* List of valid addresses */
|
||
|
char wbuffer[HTTP_MAX_BUFFER];
|
||
|
/* Buffer for outgoing data */
|
||
|
int wused; /* Write buffer bytes used */
|
||
|
|
||
|
/**** New in CUPS 1.3 ****/
|
||
|
char *authstring; /* Current Authorization field */
|
||
|
# ifdef HAVE_GSSAPI
|
||
|
gss_OID gssmech; /* Authentication mechanism */
|
||
|
gss_ctx_id_t gssctx; /* Authentication context */
|
||
|
gss_name_t gssname; /* Authentication server name */
|
||
|
# endif /* HAVE_GSSAPI */
|
||
|
# ifdef HAVE_AUTHORIZATION_H
|
||
|
AuthorizationRef auth_ref; /* Authorization ref */
|
||
|
# endif /* HAVE_AUTHORIZATION_H */
|
||
|
|
||
|
/**** New in CUPS 1.5 ****/
|
||
|
http_tls_credentials_t tls_credentials;
|
||
|
/* TLS credentials */
|
||
|
http_timeout_cb_t timeout_cb; /* Timeout callback */
|
||
|
void *timeout_data; /* User data pointer */
|
||
|
double timeout_value; /* Timeout in seconds */
|
||
|
int wait_value; /* httpWait value for timeout */
|
||
|
# ifdef HAVE_GSSAPI
|
||
|
char gsshost[256]; /* Hostname for Kerberos */
|
||
|
# endif /* HAVE_GSSAPI */
|
||
|
|
||
|
/**** New in CUPS 1.7 ****/
|
||
|
int tls_upgrade; /* Non-zero if we are doing an upgrade */
|
||
|
_http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
|
||
|
# ifdef HAVE_LIBZ
|
||
|
_http_coding_t coding; /* _HTTP_CODING_xxx */
|
||
|
void *stream; /* (De)compression stream */
|
||
|
unsigned char *sbuffer; /* (De)compression buffer */
|
||
|
# endif /* HAVE_LIBZ */
|
||
|
|
||
|
/**** New in CUPS 2.2.9 ****/
|
||
|
char algorithm[65], /* Algorithm from WWW-Authenticate */
|
||
|
nextnonce[HTTP_MAX_VALUE],
|
||
|
/* Next nonce value from Authentication-Info */
|
||
|
opaque[HTTP_MAX_VALUE],
|
||
|
/* Opaque value from WWW-Authenticate */
|
||
|
realm[HTTP_MAX_VALUE];
|
||
|
/* Realm from WWW-Authenticate */
|
||
|
|
||
|
/**** New in CUPS 2.3 ****/
|
||
|
char *fields[HTTP_FIELD_MAX],
|
||
|
/* Allocated field values */
|
||
|
*default_fields[HTTP_FIELD_MAX];
|
||
|
/* Default field values, if any */
|
||
|
};
|
||
|
# endif /* !_HTTP_NO_PRIVATE */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Some OS's don't have hstrerror(), most notably Solaris...
|
||
|
*/
|
||
|
|
||
|
# ifndef HAVE_HSTRERROR
|
||
|
extern const char *_cups_hstrerror(int error);
|
||
|
# define hstrerror _cups_hstrerror
|
||
|
# endif /* !HAVE_HSTRERROR */
|
||
|
|
||
|
|
||
|
/*
|
||
|
* Prototypes...
|
||
|
*/
|
||
|
|
||
|
extern void _httpAddrSetPort(http_addr_t *addr, int port) _CUPS_PRIVATE;
|
||
|
extern http_tls_credentials_t
|
||
|
_httpCreateCredentials(cups_array_t *credentials) _CUPS_PRIVATE;
|
||
|
extern char *_httpDecodeURI(char *dst, const char *src,
|
||
|
size_t dstsize) _CUPS_PRIVATE;
|
||
|
extern void _httpDisconnect(http_t *http) _CUPS_PRIVATE;
|
||
|
extern char *_httpEncodeURI(char *dst, const char *src,
|
||
|
size_t dstsize) _CUPS_PRIVATE;
|
||
|
extern void _httpFreeCredentials(http_tls_credentials_t credentials) _CUPS_PRIVATE;
|
||
|
extern const char *_httpResolveURI(const char *uri, char *resolved_uri,
|
||
|
size_t resolved_size, int options,
|
||
|
int (*cb)(void *context),
|
||
|
void *context) _CUPS_PRIVATE;
|
||
|
extern int _httpSetDigestAuthString(http_t *http, const char *nonce, const char *method, const char *resource) _CUPS_PRIVATE;
|
||
|
extern const char *_httpStatus(cups_lang_t *lang, http_status_t status) _CUPS_PRIVATE;
|
||
|
extern void _httpTLSInitialize(void) _CUPS_PRIVATE;
|
||
|
extern size_t _httpTLSPending(http_t *http) _CUPS_PRIVATE;
|
||
|
extern int _httpTLSRead(http_t *http, char *buf, int len) _CUPS_PRIVATE;
|
||
|
extern void _httpTLSSetOptions(int options, int min_version, int max_version) _CUPS_PRIVATE;
|
||
|
extern int _httpTLSStart(http_t *http) _CUPS_PRIVATE;
|
||
|
extern void _httpTLSStop(http_t *http) _CUPS_PRIVATE;
|
||
|
extern int _httpTLSWrite(http_t *http, const char *buf, int len) _CUPS_PRIVATE;
|
||
|
extern int _httpUpdate(http_t *http, http_status_t *status) _CUPS_PRIVATE;
|
||
|
extern int _httpWait(http_t *http, int msec, int usessl) _CUPS_PRIVATE;
|
||
|
|
||
|
|
||
|
/*
|
||
|
* C++ magic...
|
||
|
*/
|
||
|
|
||
|
# ifdef __cplusplus
|
||
|
}
|
||
|
# endif /* __cplusplus */
|
||
|
|
||
|
#endif /* !_CUPS_HTTP_PRIVATE_H_ */
|