Home | History | Annotate | Download | only in cups
      1 /*
      2  * Private HTTP definitions for CUPS.
      3  *
      4  * Copyright 2007-2016 by Apple Inc.
      5  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
      6  *
      7  * These coded instructions, statements, and computer programs are the
      8  * property of Apple Inc. and are protected by Federal copyright
      9  * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
     10  * which should have been included with this file.  If this file is
     11  * missing or damaged, see the license at "http://www.cups.org/".
     12  *
     13  * This file is subject to the Apple OS-Developed Software exception.
     14  */
     15 
     16 #ifndef _CUPS_HTTP_PRIVATE_H_
     17 #  define _CUPS_HTTP_PRIVATE_H_
     18 
     19 /*
     20  * Include necessary headers...
     21  */
     22 
     23 #  include "config.h"
     24 #  include <cups/language.h>
     25 #  include <stddef.h>
     26 #  include <stdlib.h>
     27 
     28 #  ifdef __sun
     29 #    include <sys/select.h>
     30 #  endif /* __sun */
     31 
     32 #  include <limits.h>
     33 #  ifdef WIN32
     34 #    include <io.h>
     35 #    include <winsock2.h>
     36 #    define CUPS_SOCAST (const char *)
     37 #  else
     38 #    include <unistd.h>
     39 #    include <fcntl.h>
     40 #    include <sys/socket.h>
     41 #    define CUPS_SOCAST
     42 #  endif /* WIN32 */
     43 
     44 #  ifdef HAVE_GSSAPI
     45 #    ifdef HAVE_GSS_GSSAPI_H
     46 #      include <GSS/gssapi.h>
     47 #    elif defined(HAVE_GSSAPI_GSSAPI_H)
     48 #      include <gssapi/gssapi.h>
     49 #    elif defined(HAVE_GSSAPI_H)
     50 #      include <gssapi.h>
     51 #    endif /* HAVE_GSS_GSSAPI_H */
     52 #    ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
     53 #      define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
     54 #    endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
     55 #  endif /* HAVE_GSSAPI */
     56 
     57 #  ifdef HAVE_AUTHORIZATION_H
     58 #    include <Security/Authorization.h>
     59 #  endif /* HAVE_AUTHORIZATION_H */
     60 
     61 #  if defined(__APPLE__) && !defined(_SOCKLEN_T)
     62 /*
     63  * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
     64  * unsigned type for length values...
     65  */
     66 
     67 typedef int socklen_t;
     68 #  endif /* __APPLE__ && !_SOCKLEN_T */
     69 
     70 #  include <cups/http.h>
     71 #  include "md5-private.h"
     72 #  include "ipp-private.h"
     73 
     74 #  ifdef HAVE_GNUTLS
     75 #    include <gnutls/gnutls.h>
     76 #    include <gnutls/x509.h>
     77 #  elif defined(HAVE_CDSASSL)
     78 #    include <CoreFoundation/CoreFoundation.h>
     79 #    include <Security/Security.h>
     80 #    include <Security/SecureTransport.h>
     81 #    ifdef HAVE_SECURETRANSPORTPRIV_H
     82 #      include <Security/SecureTransportPriv.h>
     83 #    endif /* HAVE_SECURETRANSPORTPRIV_H */
     84 #    ifdef HAVE_SECITEM_H
     85 #      include <Security/SecItem.h>
     86 #    endif /* HAVE_SECITEM_H */
     87 #    ifdef HAVE_SECBASEPRIV_H
     88 #      include <Security/SecBasePriv.h>
     89 #    endif /* HAVE_SECBASEPRIV_H */
     90 #    ifdef HAVE_SECCERTIFICATE_H
     91 #      include <Security/SecCertificate.h>
     92 #      include <Security/SecIdentity.h>
     93 #    endif /* HAVE_SECCERTIFICATE_H */
     94 #    ifdef HAVE_SECCERTIFICATEPRIV_H
     95 #      include <Security/SecCertificatePriv.h>
     96 #    else
     97 #      ifdef __cplusplus
     98 extern "C" {
     99 #      endif /* __cplusplus */
    100 #      ifndef _SECURITY_VERSION_GREATER_THAN_57610_
    101 typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
    102     kSecKeyUsageAll              = 0x7FFFFFFF
    103 };
    104 #       endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
    105 extern const void * kSecCSRChallengePassword;
    106 extern const void * kSecSubjectAltName;
    107 extern const void * kSecCertificateKeyUsage;
    108 extern const void * kSecCSRBasicContraintsPathLen;
    109 extern const void * kSecCertificateExtensions;
    110 extern const void * kSecCertificateExtensionsEncoded;
    111 extern const void * kSecOidCommonName;
    112 extern const void * kSecOidCountryName;
    113 extern const void * kSecOidStateProvinceName;
    114 extern const void * kSecOidLocalityName;
    115 extern const void * kSecOidOrganization;
    116 extern const void * kSecOidOrganizationalUnit;
    117 extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
    118 extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
    119 extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
    120 extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
    121 extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
    122 #      ifdef __cplusplus
    123 }
    124 #      endif /* __cplusplus */
    125 #    endif /* HAVE_SECCERTIFICATEPRIV_H */
    126 #    ifdef HAVE_SECITEMPRIV_H
    127 #      include <Security/SecItemPriv.h>
    128 #    endif /* HAVE_SECITEMPRIV_H */
    129 #    ifdef HAVE_SECIDENTITYSEARCHPRIV_H
    130 #      include <Security/SecIdentitySearchPriv.h>
    131 #    endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
    132 #    ifdef HAVE_SECPOLICYPRIV_H
    133 #      include <Security/SecPolicyPriv.h>
    134 #    endif /* HAVE_SECPOLICYPRIV_H */
    135 #  elif defined(HAVE_SSPISSL)
    136 #    include <wincrypt.h>
    137 #    include <wintrust.h>
    138 #    include <schannel.h>
    139 #    define SECURITY_WIN32
    140 #    include <security.h>
    141 #    include <sspi.h>
    142 #  endif /* HAVE_GNUTLS */
    143 
    144 #  ifndef WIN32
    145 #    include <net/if.h>
    146 #    include <resolv.h>
    147 #    ifdef HAVE_GETIFADDRS
    148 #      include <ifaddrs.h>
    149 #    else
    150 #      include <sys/ioctl.h>
    151 #      ifdef HAVE_SYS_SOCKIO_H
    152 #        include <sys/sockio.h>
    153 #      endif /* HAVE_SYS_SOCKIO_H */
    154 #    endif /* HAVE_GETIFADDRS */
    155 #  endif /* !WIN32 */
    156 
    157 #  ifdef HAVE_LIBZ
    158 #    include <zlib.h>
    159 #  endif /* HAVE_LIBZ */
    160 
    161 
    162 /*
    163  * C++ magic...
    164  */
    165 
    166 #  ifdef __cplusplus
    167 extern "C" {
    168 #  endif /* __cplusplus */
    169 
    170 
    171 /*
    172  * Constants...
    173  */
    174 
    175 
    176 #define _HTTP_MAX_SBUFFER	65536	/* Size of (de)compression buffer */
    177 #define _HTTP_RESOLVE_DEFAULT	0	/* Just resolve with default options */
    178 #define _HTTP_RESOLVE_STDERR	1	/* Log resolve progress to stderr */
    179 #define _HTTP_RESOLVE_FQDN	2	/* Resolve to a FQDN */
    180 #define _HTTP_RESOLVE_FAXOUT	4	/* Resolve FaxOut service? */
    181 
    182 #define _HTTP_TLS_NONE		0	/* No TLS options */
    183 #define _HTTP_TLS_ALLOW_RC4	1	/* Allow RC4 cipher suites */
    184 #define _HTTP_TLS_ALLOW_SSL3	2	/* Allow SSL 3.0 */
    185 #define _HTTP_TLS_ALLOW_DH	4	/* Allow DH/DHE key negotiation */
    186 #define _HTTP_TLS_DENY_TLS10	16	/* Deny TLS 1.0 */
    187 
    188 
    189 /*
    190  * Types and functions for SSL support...
    191  */
    192 
    193 #  ifdef HAVE_GNUTLS
    194 /*
    195  * The GNU TLS library is more of a "bare metal" SSL/TLS library...
    196  */
    197 
    198 typedef gnutls_session_t http_tls_t;
    199 typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
    200 
    201 #  elif defined(HAVE_CDSASSL)
    202 /*
    203  * Darwin's Security framework provides its own SSL/TLS context structure
    204  * for its IO and protocol management...
    205  */
    206 
    207 #    if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
    208 extern const char *cssmErrorString(int error);
    209 #    endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
    210 #    if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
    211 extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
    212 				CFStringRef idString, CSSM_KEYUSE keyUsage,
    213 				CFTypeRef keychainOrArray,
    214 				Boolean returnOnlyValidIdentities,
    215 				SecIdentitySearchRef* searchRef);
    216 #    endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
    217 #    if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
    218 extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
    219                                   const CSSM_DATA *value);
    220 #    endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
    221 
    222 typedef SSLContextRef	http_tls_t;
    223 typedef CFArrayRef	http_tls_credentials_t;
    224 
    225 #  elif defined(HAVE_SSPISSL)
    226 /*
    227  * Windows' SSPI library gets a CUPS wrapper...
    228  */
    229 
    230 typedef struct _http_sspi_s		/**** SSPI/SSL data structure ****/
    231 {
    232   CredHandle	creds;			/* Credentials */
    233   CtxtHandle	context;		/* SSL context */
    234   BOOL		contextInitialized;	/* Is context init'd? */
    235   SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
    236   BYTE		*decryptBuffer;		/* Data pre-decryption*/
    237   size_t	decryptBufferLength;	/* Length of decrypt buffer */
    238   size_t	decryptBufferUsed;	/* Bytes used in buffer */
    239   BYTE		*readBuffer;		/* Data post-decryption */
    240   int		readBufferLength;	/* Length of read buffer */
    241   int		readBufferUsed;		/* Bytes used in buffer */
    242   BYTE		*writeBuffer;		/* Data pre-encryption */
    243   int		writeBufferLength;	/* Length of write buffer */
    244   PCCERT_CONTEXT localCert,		/* Local certificate */
    245 		remoteCert;		/* Remote (peer's) certificate */
    246   char		error[256];		/* Most recent error message */
    247 } _http_sspi_t;
    248 typedef _http_sspi_t *http_tls_t;
    249 typedef PCCERT_CONTEXT http_tls_credentials_t;
    250 
    251 #  else
    252 /*
    253  * Otherwise define stub types since we have no SSL support...
    254  */
    255 
    256 typedef void *http_tls_t;
    257 typedef void *http_tls_credentials_t;
    258 #  endif /* HAVE_GNUTLS */
    259 
    260 typedef enum _http_coding_e		/**** HTTP content coding enumeration ****/
    261 {
    262   _HTTP_CODING_IDENTITY,		/* No content coding */
    263   _HTTP_CODING_GZIP,			/* LZ77+gzip decompression */
    264   _HTTP_CODING_DEFLATE,			/* LZ77+zlib compression */
    265   _HTTP_CODING_GUNZIP,			/* LZ77+gzip decompression */
    266   _HTTP_CODING_INFLATE			/* LZ77+zlib decompression */
    267 } _http_coding_t;
    268 
    269 typedef enum _http_mode_e		/**** HTTP mode enumeration ****/
    270 {
    271   _HTTP_MODE_CLIENT,			/* Client connected to server */
    272   _HTTP_MODE_SERVER			/* Server connected (accepted) from client */
    273 } _http_mode_t;
    274 
    275 #  ifndef _HTTP_NO_PRIVATE
    276 struct _http_s				/**** HTTP connection structure ****/
    277 {
    278   int			fd;		/* File descriptor for this socket */
    279   int			blocking;	/* To block or not to block */
    280   int			error;		/* Last error on read */
    281   time_t		activity;	/* Time since last read/write */
    282   http_state_t		state;		/* State of client */
    283   http_status_t		status;		/* Status of last request */
    284   http_version_t	version;	/* Protocol version */
    285   http_keepalive_t	keep_alive;	/* Keep-alive supported? */
    286   struct sockaddr_in	_hostaddr;	/* Address of connected host (deprecated) */
    287   char			hostname[HTTP_MAX_HOST],
    288   					/* Name of connected host */
    289 			fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
    290 					/* Field values up to Accept-Encoding */
    291   char			*data;		/* Pointer to data buffer */
    292   http_encoding_t	data_encoding;	/* Chunked or not */
    293   int			_data_remaining;/* Number of bytes left (deprecated) */
    294   int			used;		/* Number of bytes used in buffer */
    295   char			buffer[HTTP_MAX_BUFFER];
    296 					/* Buffer for incoming data */
    297   int			_auth_type;	/* Authentication in use (deprecated) */
    298   _cups_md5_state_t	md5_state;	/* MD5 state */
    299   char			nonce[HTTP_MAX_VALUE];
    300 					/* Nonce value */
    301   int			nonce_count;	/* Nonce count */
    302   http_tls_t		tls;		/* TLS state information */
    303   http_encryption_t	encryption;	/* Encryption requirements */
    304 
    305   /**** New in CUPS 1.1.19 ****/
    306   fd_set		*input_set;	/* select() set for httpWait() (deprecated) */
    307   http_status_t		expect;		/* Expect: header */
    308   char			*cookie;	/* Cookie value(s) */
    309 
    310   /**** New in CUPS 1.1.20 ****/
    311   char			_authstring[HTTP_MAX_VALUE],
    312 					/* Current Authorization value (deprecated) */
    313 			userpass[HTTP_MAX_VALUE];
    314 					/* Username:password string */
    315   int			digest_tries;	/* Number of tries for digest auth */
    316 
    317   /**** New in CUPS 1.2 ****/
    318   off_t			data_remaining;	/* Number of bytes left */
    319   http_addr_t		*hostaddr;	/* Current host address and port */
    320   http_addrlist_t	*addrlist;	/* List of valid addresses */
    321   char			wbuffer[HTTP_MAX_BUFFER];
    322 					/* Buffer for outgoing data */
    323   int			wused;		/* Write buffer bytes used */
    324 
    325   /**** New in CUPS 1.3 ****/
    326   char			*field_authorization;
    327 					/* Authorization field */
    328   char			*authstring;	/* Current Authorization field */
    329 #  ifdef HAVE_GSSAPI
    330   gss_OID 		gssmech;	/* Authentication mechanism */
    331   gss_ctx_id_t		gssctx;		/* Authentication context */
    332   gss_name_t		gssname;	/* Authentication server name */
    333 #  endif /* HAVE_GSSAPI */
    334 #  ifdef HAVE_AUTHORIZATION_H
    335   AuthorizationRef	auth_ref;	/* Authorization ref */
    336 #  endif /* HAVE_AUTHORIZATION_H */
    337 
    338   /**** New in CUPS 1.5 ****/
    339   http_tls_credentials_t tls_credentials;
    340 					/* TLS credentials */
    341   http_timeout_cb_t	timeout_cb;	/* Timeout callback */
    342   void			*timeout_data;	/* User data pointer */
    343   double		timeout_value;	/* Timeout in seconds */
    344   int			wait_value;	/* httpWait value for timeout */
    345 #  ifdef HAVE_GSSAPI
    346   char			gsshost[256];	/* Hostname for Kerberos */
    347 #  endif /* HAVE_GSSAPI */
    348 
    349   /**** New in CUPS 1.7 ****/
    350   int			tls_upgrade;	/* Non-zero if we are doing an upgrade */
    351   _http_mode_t		mode;		/* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
    352   char			*accept_encoding,
    353 					/* Accept-Encoding field */
    354 			*allow,		/* Allow field */
    355 			*server,	/* Server field */
    356 			*default_accept_encoding,
    357 			*default_server,
    358 			*default_user_agent;
    359 					/* Default field values */
    360 #  ifdef HAVE_LIBZ
    361   _http_coding_t	coding;		/* _HTTP_CODING_xxx */
    362   z_stream		stream;		/* (De)compression stream */
    363   Bytef			*sbuffer;	/* (De)compression buffer */
    364 #  endif /* HAVE_LIBZ */
    365 };
    366 #  endif /* !_HTTP_NO_PRIVATE */
    367 
    368 
    369 /*
    370  * Some OS's don't have hstrerror(), most notably Solaris...
    371  */
    372 
    373 #  ifndef HAVE_HSTRERROR
    374 extern const char *_cups_hstrerror(int error);
    375 #    define hstrerror _cups_hstrerror
    376 #  endif /* !HAVE_HSTRERROR */
    377 
    378 
    379 /*
    380  * Some OS's don't have getifaddrs() and freeifaddrs()...
    381  */
    382 
    383 #  if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
    384 #    ifdef ifa_dstaddr
    385 #      undef ifa_dstaddr
    386 #    endif /* ifa_dstaddr */
    387 #    ifndef ifr_netmask
    388 #      define ifr_netmask ifr_addr
    389 #    endif /* !ifr_netmask */
    390 
    391 struct ifaddrs				/**** Interface Structure ****/
    392 {
    393   struct ifaddrs	*ifa_next;	/* Next interface in list */
    394   char			*ifa_name;	/* Name of interface */
    395   unsigned int		ifa_flags;	/* Flags (up, point-to-point, etc.) */
    396   struct sockaddr	*ifa_addr,	/* Network address */
    397 			*ifa_netmask;	/* Address mask */
    398   union
    399   {
    400     struct sockaddr	*ifu_broadaddr;	/* Broadcast address of this interface. */
    401     struct sockaddr	*ifu_dstaddr;	/* Point-to-point destination address. */
    402   } ifa_ifu;
    403 
    404   void			*ifa_data;	/* Interface statistics */
    405 };
    406 
    407 #    ifndef ifa_broadaddr
    408 #      define ifa_broadaddr ifa_ifu.ifu_broadaddr
    409 #    endif /* !ifa_broadaddr */
    410 #    ifndef ifa_dstaddr
    411 #      define ifa_dstaddr ifa_ifu.ifu_dstaddr
    412 #    endif /* !ifa_dstaddr */
    413 
    414 extern int	_cups_getifaddrs(struct ifaddrs **addrs);
    415 #    define getifaddrs _cups_getifaddrs
    416 extern void	_cups_freeifaddrs(struct ifaddrs *addrs);
    417 #    define freeifaddrs _cups_freeifaddrs
    418 #  endif /* !WIN32 && !HAVE_GETIFADDRS */
    419 
    420 
    421 /*
    422  * Prototypes...
    423  */
    424 
    425 extern void		_httpAddrSetPort(http_addr_t *addr, int port);
    426 extern http_tls_credentials_t
    427 			_httpCreateCredentials(cups_array_t *credentials);
    428 extern char		*_httpDecodeURI(char *dst, const char *src,
    429 			                size_t dstsize);
    430 extern void		_httpDisconnect(http_t *http);
    431 extern char		*_httpEncodeURI(char *dst, const char *src,
    432 			                size_t dstsize);
    433 extern void		_httpFreeCredentials(http_tls_credentials_t credentials);
    434 extern const char	*_httpResolveURI(const char *uri, char *resolved_uri,
    435 			                 size_t resolved_size, int options,
    436 					 int (*cb)(void *context),
    437 					 void *context);
    438 extern const char	*_httpStatus(cups_lang_t *lang, http_status_t status);
    439 extern void		_httpTLSInitialize(void);
    440 extern size_t		_httpTLSPending(http_t *http);
    441 extern int		_httpTLSRead(http_t *http, char *buf, int len);
    442 extern int		_httpTLSSetCredentials(http_t *http);
    443 extern void		_httpTLSSetOptions(int options);
    444 extern int		_httpTLSStart(http_t *http);
    445 extern void		_httpTLSStop(http_t *http);
    446 extern int		_httpTLSWrite(http_t *http, const char *buf, int len);
    447 extern int		_httpUpdate(http_t *http, http_status_t *status);
    448 extern int		_httpWait(http_t *http, int msec, int usessl);
    449 
    450 
    451 /*
    452  * C++ magic...
    453  */
    454 
    455 #  ifdef __cplusplus
    456 }
    457 #  endif /* __cplusplus */
    458 
    459 #endif /* !_CUPS_HTTP_PRIVATE_H_ */
    460