Home | History | Annotate | Download | only in wps
      1 /*
      2  * UPnP WPS Device - Event processing
      3  * Copyright (c) 2000-2003 Intel Corporation
      4  * Copyright (c) 2006-2007 Sony Corporation
      5  * Copyright (c) 2008-2009 Atheros Communications
      6  * Copyright (c) 2009-2010, Jouni Malinen <j (at) w1.fi>
      7  *
      8  * See wps_upnp.c for more details on licensing and code history.
      9  */
     10 
     11 #include "includes.h"
     12 #include <assert.h>
     13 
     14 #include "common.h"
     15 #include "eloop.h"
     16 #include "uuid.h"
     17 #include "http_client.h"
     18 #include "wps_defs.h"
     19 #include "wps_upnp.h"
     20 #include "wps_upnp_i.h"
     21 
     22 /*
     23  * Event message generation (to subscribers)
     24  *
     25  * We make a separate copy for each message for each subscriber. This memory
     26  * wasted could be limited (adding code complexity) by sharing copies, keeping
     27  * a usage count and freeing when zero.
     28  *
     29  * Sending a message requires using a HTTP over TCP NOTIFY
     30  * (like a PUT) which requires a number of states..
     31  */
     32 
     33 #define MAX_EVENTS_QUEUED 20   /* How far behind queued events */
     34 #define MAX_FAILURES 10 /* Drop subscription after this many failures */
     35 
     36 /* How long to wait before sending event */
     37 #define EVENT_DELAY_SECONDS 0
     38 #define EVENT_DELAY_MSEC 0
     39 
     40 /*
     41  * Event information that we send to each subscriber is remembered in this
     42  * struct. The event cannot be sent by simple UDP; it has to be sent by a HTTP
     43  * over TCP transaction which requires various states.. It may also need to be
     44  * retried at a different address (if more than one is available).
     45  *
     46  * TODO: As an optimization we could share data between subscribers.
     47  */
     48 struct wps_event_ {
     49 	struct dl_list list;
     50 	struct subscription *s;         /* parent */
     51 	unsigned subscriber_sequence;   /* which event for this subscription*/
     52 	unsigned int retry;             /* which retry */
     53 	struct subscr_addr *addr;       /* address to connect to */
     54 	struct wpabuf *data;            /* event data to send */
     55 	struct http_client *http_event;
     56 };
     57 
     58 
     59 /* event_clean -- clean sockets etc. of event
     60  * Leaves data, retry count etc. alone.
     61  */
     62 static void event_clean(struct wps_event_ *e)
     63 {
     64 	if (e->s->current_event == e)
     65 		e->s->current_event = NULL;
     66 	http_client_free(e->http_event);
     67 	e->http_event = NULL;
     68 }
     69 
     70 
     71 /* event_delete -- delete single unqueued event
     72  * (be sure to dequeue first if need be)
     73  */
     74 static void event_delete(struct wps_event_ *e)
     75 {
     76 	wpa_printf(MSG_DEBUG, "WPS UPnP: Delete event %p", e);
     77 	event_clean(e);
     78 	wpabuf_free(e->data);
     79 	os_free(e);
     80 }
     81 
     82 
     83 /* event_dequeue -- get next event from the queue
     84  * Returns NULL if empty.
     85  */
     86 static struct wps_event_ *event_dequeue(struct subscription *s)
     87 {
     88 	struct wps_event_ *e;
     89 	e = dl_list_first(&s->event_queue, struct wps_event_, list);
     90 	if (e) {
     91 		wpa_printf(MSG_DEBUG, "WPS UPnP: Dequeue event %p for "
     92 			   "subscription %p", e, s);
     93 		dl_list_del(&e->list);
     94 	}
     95 	return e;
     96 }
     97 
     98 
     99 /* event_delete_all -- delete entire event queue and current event */
    100 void event_delete_all(struct subscription *s)
    101 {
    102 	struct wps_event_ *e;
    103 	while ((e = event_dequeue(s)) != NULL)
    104 		event_delete(e);
    105 	if (s->current_event) {
    106 		event_delete(s->current_event);
    107 		/* will set: s->current_event = NULL;  */
    108 	}
    109 }
    110 
    111 
    112 /**
    113  * event_retry - Called when we had a failure delivering event msg
    114  * @e: Event
    115  * @do_next_address: skip address e.g. on connect fail
    116  */
    117 static void event_retry(struct wps_event_ *e, int do_next_address)
    118 {
    119 	struct subscription *s = e->s;
    120 	struct upnp_wps_device_sm *sm = s->sm;
    121 
    122 	wpa_printf(MSG_DEBUG, "WPS UPnP: Retry event %p for subscription %p",
    123 		   e, s);
    124 	event_clean(e);
    125 	/* will set: s->current_event = NULL; */
    126 
    127 	if (do_next_address) {
    128 		e->retry++;
    129 		wpa_printf(MSG_DEBUG, "WPS UPnP: Try address %d", e->retry);
    130 	}
    131 	if (e->retry >= dl_list_len(&s->addr_list)) {
    132 		wpa_printf(MSG_DEBUG, "WPS UPnP: Giving up on sending event "
    133 			   "for %s", e->addr->domain_and_port);
    134 		event_delete(e);
    135 		s->last_event_failed = 1;
    136 		if (!dl_list_empty(&s->event_queue))
    137 			event_send_all_later(s->sm);
    138 		return;
    139 	}
    140 	dl_list_add(&s->event_queue, &e->list);
    141 	event_send_all_later(sm);
    142 }
    143 
    144 
    145 static struct wpabuf * event_build_message(struct wps_event_ *e)
    146 {
    147 	struct wpabuf *buf;
    148 	char *b;
    149 
    150 	buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
    151 	if (buf == NULL)
    152 		return NULL;
    153 	wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
    154 	wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified\r\n");
    155 	wpabuf_printf(buf, "HOST: %s\r\n", e->addr->domain_and_port);
    156 	wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n"
    157 		       "NT: upnp:event\r\n"
    158 		       "NTS: upnp:propchange\r\n");
    159 	wpabuf_put_str(buf, "SID: uuid:");
    160 	b = wpabuf_put(buf, 0);
    161 	uuid_bin2str(e->s->uuid, b, 80);
    162 	wpabuf_put(buf, os_strlen(b));
    163 	wpabuf_put_str(buf, "\r\n");
    164 	wpabuf_printf(buf, "SEQ: %u\r\n", e->subscriber_sequence);
    165 	wpabuf_printf(buf, "CONTENT-LENGTH: %d\r\n",
    166 		      (int) wpabuf_len(e->data));
    167 	wpabuf_put_str(buf, "\r\n"); /* terminating empty line */
    168 	wpabuf_put_buf(buf, e->data);
    169 	return buf;
    170 }
    171 
    172 
    173 static void event_addr_failure(struct wps_event_ *e)
    174 {
    175 	struct subscription *s = e->s;
    176 
    177 	e->addr->num_failures++;
    178 	wpa_printf(MSG_DEBUG, "WPS UPnP: Failed to send event %p to %s "
    179 		   "(num_failures=%u)",
    180 		   e, e->addr->domain_and_port, e->addr->num_failures);
    181 
    182 	if (e->addr->num_failures < MAX_FAILURES) {
    183 		/* Try other addresses, if available */
    184 		event_retry(e, 1);
    185 		return;
    186 	}
    187 
    188 	/*
    189 	 * If other side doesn't like what we say, forget about them.
    190 	 * (There is no way to tell other side that we are dropping them...).
    191 	 */
    192 	wpa_printf(MSG_DEBUG, "WPS UPnP: Deleting subscription %p "
    193 		   "address %s due to errors", s, e->addr->domain_and_port);
    194 	dl_list_del(&e->addr->list);
    195 	subscr_addr_delete(e->addr);
    196 	e->addr = NULL;
    197 
    198 	if (dl_list_empty(&s->addr_list)) {
    199 		/* if we've given up on all addresses */
    200 		wpa_printf(MSG_DEBUG, "WPS UPnP: Removing subscription %p "
    201 			   "with no addresses", s);
    202 		dl_list_del(&s->list);
    203 		subscription_destroy(s);
    204 		return;
    205 	}
    206 
    207 	/* Try other addresses, if available */
    208 	event_retry(e, 0);
    209 }
    210 
    211 
    212 static void event_http_cb(void *ctx, struct http_client *c,
    213 			  enum http_client_event event)
    214 {
    215 	struct wps_event_ *e = ctx;
    216 	struct subscription *s = e->s;
    217 
    218 	wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP client callback: e=%p c=%p "
    219 		   "event=%d", e, c, event);
    220 	switch (event) {
    221 	case HTTP_CLIENT_OK:
    222 		wpa_printf(MSG_DEBUG,
    223 			   "WPS UPnP: Got event %p reply OK from %s",
    224 			   e, e->addr->domain_and_port);
    225 		e->addr->num_failures = 0;
    226 		s->last_event_failed = 0;
    227 		event_delete(e);
    228 
    229 		/* Schedule sending more if there is more to send */
    230 		if (!dl_list_empty(&s->event_queue))
    231 			event_send_all_later(s->sm);
    232 		break;
    233 	case HTTP_CLIENT_FAILED:
    234 		wpa_printf(MSG_DEBUG, "WPS UPnP: Event send failure");
    235 		event_addr_failure(e);
    236 		break;
    237 	case HTTP_CLIENT_INVALID_REPLY:
    238 		wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid reply");
    239 		event_addr_failure(e);
    240 		break;
    241 	case HTTP_CLIENT_TIMEOUT:
    242 		wpa_printf(MSG_DEBUG, "WPS UPnP: Event send timeout");
    243 		event_addr_failure(e);
    244 		break;
    245 	}
    246 }
    247 
    248 
    249 /* event_send_start -- prepare to send a event message to subscriber
    250  *
    251  * This gets complicated because:
    252  * -- The message is sent via TCP and we have to keep the stream open
    253  *      for 30 seconds to get a response... then close it.
    254  * -- But we might have other event happen in the meantime...
    255  *      we have to queue them, if we lose them then the subscriber will
    256  *      be forced to unsubscribe and subscribe again.
    257  * -- If multiple URLs are provided then we are supposed to try successive
    258  *      ones after 30 second timeout.
    259  * -- The URLs might use domain names instead of dotted decimal addresses,
    260  *      and resolution of those may cause unwanted sleeping.
    261  * -- Doing the initial TCP connect can take a while, so we have to come
    262  *      back after connection and then send the data.
    263  *
    264  * Returns nonzero on error;
    265  *
    266  * Prerequisite: No current event send (s->current_event == NULL)
    267  *      and non-empty queue.
    268  */
    269 static int event_send_start(struct subscription *s)
    270 {
    271 	struct wps_event_ *e;
    272 	unsigned int itry;
    273 	struct wpabuf *buf;
    274 
    275 	/*
    276 	 * Assume we are called ONLY with no current event and ONLY with
    277 	 * nonempty event queue and ONLY with at least one address to send to.
    278 	 */
    279 	if (dl_list_empty(&s->addr_list))
    280 		return -1;
    281 	if (s->current_event)
    282 		return -1;
    283 	if (dl_list_empty(&s->event_queue))
    284 		return -1;
    285 
    286 	s->current_event = e = event_dequeue(s);
    287 
    288 	/* Use address according to number of retries */
    289 	itry = 0;
    290 	dl_list_for_each(e->addr, &s->addr_list, struct subscr_addr, list)
    291 		if (itry++ == e->retry)
    292 			break;
    293 	if (itry < e->retry)
    294 		return -1;
    295 
    296 	buf = event_build_message(e);
    297 	if (buf == NULL) {
    298 		event_retry(e, 0);
    299 		return -1;
    300 	}
    301 
    302 	e->http_event = http_client_addr(&e->addr->saddr, buf, 0,
    303 					 event_http_cb, e);
    304 	if (e->http_event == NULL) {
    305 		wpabuf_free(buf);
    306 		event_retry(e, 0);
    307 		return -1;
    308 	}
    309 
    310 	return 0;
    311 }
    312 
    313 
    314 /* event_send_all_later_handler -- actually send events as needed */
    315 static void event_send_all_later_handler(void *eloop_data, void *user_ctx)
    316 {
    317 	struct upnp_wps_device_sm *sm = user_ctx;
    318 	struct subscription *s, *tmp;
    319 	int nerrors = 0;
    320 
    321 	sm->event_send_all_queued = 0;
    322 	dl_list_for_each_safe(s, tmp, &sm->subscriptions, struct subscription,
    323 			      list) {
    324 		if (s->current_event == NULL /* not busy */ &&
    325 		    !dl_list_empty(&s->event_queue) /* more to do */) {
    326 			if (event_send_start(s))
    327 				nerrors++;
    328 		}
    329 	}
    330 
    331 	if (nerrors) {
    332 		/* Try again later */
    333 		event_send_all_later(sm);
    334 	}
    335 }
    336 
    337 
    338 /* event_send_all_later -- schedule sending events to all subscribers
    339  * that need it.
    340  * This avoids two problems:
    341  * -- After getting a subscription, we should not send the first event
    342  *      until after our reply is fully queued to be sent back,
    343  * -- Possible stack depth or infinite recursion issues.
    344  */
    345 void event_send_all_later(struct upnp_wps_device_sm *sm)
    346 {
    347 	/*
    348 	 * The exact time in the future isn't too important. Waiting a bit
    349 	 * might let us do several together.
    350 	 */
    351 	if (sm->event_send_all_queued)
    352 		return;
    353 	sm->event_send_all_queued = 1;
    354 	eloop_register_timeout(EVENT_DELAY_SECONDS, EVENT_DELAY_MSEC,
    355 			       event_send_all_later_handler, NULL, sm);
    356 }
    357 
    358 
    359 /* event_send_stop_all -- cleanup */
    360 void event_send_stop_all(struct upnp_wps_device_sm *sm)
    361 {
    362 	if (sm->event_send_all_queued)
    363 		eloop_cancel_timeout(event_send_all_later_handler, NULL, sm);
    364 	sm->event_send_all_queued = 0;
    365 }
    366 
    367 
    368 /**
    369  * event_add - Add a new event to a queue
    370  * @s: Subscription
    371  * @data: Event data (is copied; caller retains ownership)
    372  * @probereq: Whether this is a Probe Request event
    373  * Returns: 0 on success, -1 on error, 1 on max event queue limit reached
    374  */
    375 int event_add(struct subscription *s, const struct wpabuf *data, int probereq)
    376 {
    377 	struct wps_event_ *e;
    378 	unsigned int len;
    379 
    380 	len = dl_list_len(&s->event_queue);
    381 	if (len >= MAX_EVENTS_QUEUED) {
    382 		wpa_printf(MSG_DEBUG, "WPS UPnP: Too many events queued for "
    383 			   "subscriber %p", s);
    384 		if (probereq)
    385 			return 1;
    386 
    387 		/* Drop oldest entry to allow EAP event to be stored. */
    388 		e = event_dequeue(s);
    389 		if (!e)
    390 			return 1;
    391 		event_delete(e);
    392 	}
    393 
    394 	if (s->last_event_failed && probereq && len > 0) {
    395 		/*
    396 		 * Avoid queuing frames for subscribers that may have left
    397 		 * without unsubscribing.
    398 		 */
    399 		wpa_printf(MSG_DEBUG, "WPS UPnP: Do not queue more Probe "
    400 			   "Request frames for subscription %p since last "
    401 			   "delivery failed", s);
    402 		return -1;
    403 	}
    404 
    405 	e = os_zalloc(sizeof(*e));
    406 	if (e == NULL)
    407 		return -1;
    408 	dl_list_init(&e->list);
    409 	e->s = s;
    410 	e->data = wpabuf_dup(data);
    411 	if (e->data == NULL) {
    412 		os_free(e);
    413 		return -1;
    414 	}
    415 	e->subscriber_sequence = s->next_subscriber_sequence++;
    416 	if (s->next_subscriber_sequence == 0)
    417 		s->next_subscriber_sequence++;
    418 	wpa_printf(MSG_DEBUG, "WPS UPnP: Queue event %p for subscriber %p "
    419 		   "(queue len %u)", e, s, len + 1);
    420 	dl_list_add_tail(&s->event_queue, &e->list);
    421 	event_send_all_later(s->sm);
    422 	return 0;
    423 }
    424