http.c 9.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492
  1. #include <u.h>
  2. #include <libc.h>
  3. #include <bio.h>
  4. #include <ip.h>
  5. #include <plumb.h>
  6. #include <thread.h>
  7. #include <fcall.h>
  8. #include <9p.h>
  9. #include <libsec.h>
  10. #include <auth.h>
  11. #include "dat.h"
  12. #include "fns.h"
  13. char PostContentType[] = "application/octet-stream";
  14. int httpdebug;
  15. typedef struct HttpState HttpState;
  16. struct HttpState
  17. {
  18. int fd;
  19. Client *c;
  20. char *location;
  21. char *setcookie;
  22. char *netaddr;
  23. char *credentials;
  24. char autherror[ERRMAX];
  25. Ibuf b;
  26. };
  27. static void
  28. location(HttpState *hs, char *value)
  29. {
  30. if(hs->location == nil)
  31. hs->location = estrdup(value);
  32. }
  33. static void
  34. contenttype(HttpState *hs, char *value)
  35. {
  36. if(hs->c->contenttype != nil)
  37. free(hs->c->contenttype);
  38. hs->c->contenttype = estrdup(value);
  39. }
  40. static void
  41. setcookie(HttpState *hs, char *value)
  42. {
  43. char *s, *t;
  44. Fmt f;
  45. s = hs->setcookie;
  46. fmtstrinit(&f);
  47. if(s)
  48. fmtprint(&f, "%s", s);
  49. fmtprint(&f, "set-cookie: ");
  50. fmtprint(&f, "%s", value);
  51. fmtprint(&f, "\n");
  52. t = fmtstrflush(&f);
  53. if(t){
  54. free(s);
  55. hs->setcookie = t;
  56. }
  57. }
  58. static char*
  59. unquote(char *s, char **ps)
  60. {
  61. char *p;
  62. if(*s != '"'){
  63. p = strpbrk(s, " \t\r\n");
  64. *p++ = 0;
  65. *ps = p;
  66. return s;
  67. }
  68. for(p=s+1; *p; p++){
  69. if(*p == '\"'){
  70. *p++ = 0;
  71. break;
  72. }
  73. if(*p == '\\' && *(p+1)){
  74. p++;
  75. continue;
  76. }
  77. }
  78. memmove(s, s+1, p-(s+1));
  79. s[p-(s+1)] = 0;
  80. *ps = p;
  81. return s;
  82. }
  83. static char*
  84. servername(char *addr)
  85. {
  86. char *p;
  87. if(strncmp(addr, "tcp!", 4) == 0
  88. || strncmp(addr, "net!", 4) == 0)
  89. addr += 4;
  90. addr = estrdup(addr);
  91. p = addr+strlen(addr);
  92. if(p>addr && *(p-1) == 's')
  93. p--;
  94. if(p>addr+5 && strcmp(p-5, "!http") == 0)
  95. p[-5] = 0;
  96. return addr;
  97. }
  98. void
  99. wwwauthenticate(HttpState *hs, char *line)
  100. {
  101. char cred[64], *user, *pass, *realm, *s, *spec, *name;
  102. Fmt fmt;
  103. UserPasswd *up;
  104. spec = nil;
  105. up = nil;
  106. cred[0] = 0;
  107. hs->autherror[0] = 0;
  108. if(cistrncmp(line, "basic ", 6) != 0){
  109. werrstr("unknown auth: %s", line);
  110. goto error;
  111. }
  112. line += 6;
  113. if(cistrncmp(line, "realm=", 6) != 0){
  114. werrstr("missing realm: %s", line);
  115. goto error;
  116. }
  117. line += 6;
  118. user = hs->c->url->user;
  119. pass = hs->c->url->passwd;
  120. if(user==nil || pass==nil){
  121. realm = unquote(line, &line);
  122. fmtstrinit(&fmt);
  123. name = servername(hs->netaddr);
  124. fmtprint(&fmt, "proto=pass service=http server=%q realm=%q", name, realm);
  125. free(name);
  126. if(hs->c->url->user)
  127. fmtprint(&fmt, " user=%q", hs->c->url->user);
  128. spec = fmtstrflush(&fmt);
  129. if(spec == nil)
  130. goto error;
  131. if((up = auth_getuserpasswd(nil, "%s", spec)) == nil)
  132. goto error;
  133. user = up->user;
  134. pass = up->passwd;
  135. }
  136. if((s = smprint("%s:%s", user, pass)) == nil)
  137. goto error;
  138. free(up);
  139. enc64(cred, sizeof(cred), (uchar*)s, strlen(s));
  140. memset(s, 0, strlen(s));
  141. free(s);
  142. hs->credentials = smprint("Basic %s", cred);
  143. if(hs->credentials == nil)
  144. goto error;
  145. return;
  146. error:
  147. free(up);
  148. free(spec);
  149. snprint(hs->autherror, sizeof hs->autherror, "%r");
  150. }
  151. struct {
  152. char *name; /* Case-insensitive */
  153. void (*fn)(HttpState *hs, char *value);
  154. } hdrtab[] = {
  155. { "location:", location },
  156. { "content-type:", contenttype },
  157. { "set-cookie:", setcookie },
  158. { "www-authenticate:", wwwauthenticate },
  159. };
  160. static int
  161. httprcode(HttpState *hs)
  162. {
  163. int n;
  164. char *p;
  165. char buf[256];
  166. n = readline(&hs->b, buf, sizeof(buf)-1);
  167. if(n <= 0)
  168. return n;
  169. if(httpdebug)
  170. fprint(2, "-> %s\n", buf);
  171. p = strchr(buf, ' ');
  172. if(memcmp(buf, "HTTP/", 5) != 0 || p == nil){
  173. werrstr("bad response from server");
  174. return -1;
  175. }
  176. buf[n] = 0;
  177. return atoi(p+1);
  178. }
  179. /*
  180. * read a single mime header, collect continuations.
  181. *
  182. * this routine assumes that there is a blank line twixt
  183. * the header and the message body, otherwise bytes will
  184. * be lost.
  185. */
  186. static int
  187. getheader(HttpState *hs, char *buf, int n)
  188. {
  189. char *p, *e;
  190. int i;
  191. n--;
  192. p = buf;
  193. for(e = p + n; ; p += i){
  194. i = readline(&hs->b, p, e-p);
  195. if(i < 0)
  196. return i;
  197. if(p == buf){
  198. /* first line */
  199. if(strchr(buf, ':') == nil)
  200. break; /* end of headers */
  201. } else {
  202. /* continuation line */
  203. if(*p != ' ' && *p != '\t'){
  204. unreadline(&hs->b, p);
  205. *p = 0;
  206. break; /* end of this header */
  207. }
  208. }
  209. }
  210. if(httpdebug)
  211. fprint(2, "-> %s\n", buf);
  212. return p-buf;
  213. }
  214. static int
  215. httpheaders(HttpState *hs)
  216. {
  217. char buf[2048];
  218. char *p;
  219. int i, n;
  220. for(;;){
  221. n = getheader(hs, buf, sizeof(buf));
  222. if(n < 0)
  223. return -1;
  224. if(n == 0)
  225. return 0;
  226. // print("http header: '%.*s'\n", n, buf);
  227. for(i = 0; i < nelem(hdrtab); i++){
  228. n = strlen(hdrtab[i].name);
  229. if(cistrncmp(buf, hdrtab[i].name, n) == 0){
  230. /* skip field name and leading white */
  231. p = buf + n;
  232. while(*p == ' ' || *p == '\t')
  233. p++;
  234. (*hdrtab[i].fn)(hs, p);
  235. break;
  236. }
  237. }
  238. }
  239. }
  240. int
  241. httpopen(Client *c, Url *url)
  242. {
  243. int fd, code, redirect, authenticate;
  244. char *cookies;
  245. Ioproc *io;
  246. HttpState *hs;
  247. if(httpdebug)
  248. fprint(2, "httpopen\n");
  249. io = c->io;
  250. hs = emalloc(sizeof(*hs));
  251. hs->c = c;
  252. hs->netaddr = estrdup(netmkaddr(url->host, 0, url->scheme));
  253. c->aux = hs;
  254. if(httpdebug)
  255. fprint(2, "dial %s\n", hs->netaddr);
  256. fd = iotlsdial(io, hs->netaddr, 0, 0, 0, url->ischeme==UShttps);
  257. if(fd < 0){
  258. Error:
  259. if(httpdebug)
  260. fprint(2, "iodial: %r\n");
  261. free(hs->netaddr);
  262. close(hs->fd);
  263. hs->fd = -1;
  264. free(hs);
  265. c->aux = nil;
  266. return -1;
  267. }
  268. hs->fd = fd;
  269. if(httpdebug)
  270. fprint(2, "<- %s %s HTTP/1.0\n<- Host: %s\n",
  271. c->havepostbody? "POST": " GET", url->http.page_spec, url->host);
  272. ioprint(io, fd, "%s %s HTTP/1.0\r\nHost: %s\r\n",
  273. c->havepostbody? "POST" : "GET", url->http.page_spec, url->host);
  274. if(httpdebug)
  275. fprint(2, "<- User-Agent: %s\n", c->ctl.useragent);
  276. if(c->ctl.useragent)
  277. ioprint(io, fd, "User-Agent: %s\r\n", c->ctl.useragent);
  278. if(c->ctl.sendcookies){
  279. /* should we use url->page here? sometimes it is nil. */
  280. cookies = httpcookies(url->host, url->http.page_spec, 0);
  281. if(cookies && cookies[0])
  282. ioprint(io, fd, "%s", cookies);
  283. if(httpdebug)
  284. fprint(2, "<- %s", cookies);
  285. free(cookies);
  286. }
  287. if(c->havepostbody){
  288. ioprint(io, fd, "Content-type: %s\r\n", PostContentType);
  289. ioprint(io, fd, "Content-length: %ud\r\n", c->npostbody);
  290. if(httpdebug){
  291. fprint(2, "<- Content-type: %s\n", PostContentType);
  292. fprint(2, "<- Content-length: %ud\n", c->npostbody);
  293. }
  294. }
  295. if(c->authenticate){
  296. ioprint(io, fd, "Authorization: %s\r\n", c->authenticate);
  297. if(httpdebug)
  298. fprint(2, "<- Authorization: %s\n", c->authenticate);
  299. }
  300. ioprint(io, fd, "\r\n");
  301. if(c->havepostbody)
  302. if(iowrite(io, fd, c->postbody, c->npostbody) != c->npostbody)
  303. goto Error;
  304. c->havepostbody = 0;
  305. redirect = 0;
  306. authenticate = 0;
  307. initibuf(&hs->b, io, fd);
  308. code = httprcode(hs);
  309. switch(code){
  310. case -1: /* connection timed out */
  311. goto Error;
  312. /*
  313. case Eof:
  314. werrstr("EOF from HTTP server");
  315. goto Error;
  316. */
  317. case 200: /* OK */
  318. case 201: /* Created */
  319. case 202: /* Accepted */
  320. case 204: /* No Content */
  321. #ifdef NOT_DEFINED
  322. if(ofile == nil && r->start != 0)
  323. sysfatal("page changed underfoot");
  324. #endif
  325. break;
  326. case 206: /* Partial Content */
  327. werrstr("Partial Content (206)");
  328. goto Error;
  329. case 301: /* Moved Permanently */
  330. case 302: /* Moved Temporarily */
  331. redirect = 1;
  332. break;
  333. case 304: /* Not Modified */
  334. break;
  335. case 400: /* Bad Request */
  336. werrstr("Bad Request (400)");
  337. goto Error;
  338. case 401: /* Unauthorized */
  339. if(c->authenticate){
  340. werrstr("Authentication failed (401)");
  341. goto Error;
  342. }
  343. authenticate = 1;
  344. break;
  345. case 402: /* ??? */
  346. werrstr("Unauthorized (402)");
  347. goto Error;
  348. case 403: /* Forbidden */
  349. werrstr("Forbidden by server (403)");
  350. goto Error;
  351. case 404: /* Not Found */
  352. werrstr("Not found on server (404)");
  353. goto Error;
  354. case 405: /* Method Not Allowed */
  355. werrstr("Method not allowed (405)");
  356. goto Error;
  357. case 407: /* Proxy auth */
  358. werrstr("Proxy authentication required (407)");
  359. goto Error;
  360. case 500: /* Internal server error */
  361. werrstr("Server choked (500)");
  362. goto Error;
  363. case 501: /* Not implemented */
  364. werrstr("Server can't do it (501)");
  365. goto Error;
  366. case 502: /* Bad gateway */
  367. werrstr("Bad gateway (502)");
  368. goto Error;
  369. case 503: /* Service unavailable */
  370. werrstr("Service unavailable (503)");
  371. goto Error;
  372. default:
  373. /* Bogus: we should treat unknown code XYZ as code X00 */
  374. werrstr("Unknown response code %d", code);
  375. goto Error;
  376. }
  377. if(httpheaders(hs) < 0)
  378. goto Error;
  379. if(c->ctl.acceptcookies && hs->setcookie)
  380. httpsetcookie(hs->setcookie, url->host, url->path);
  381. if(authenticate){
  382. if(!hs->credentials){
  383. if(hs->autherror[0])
  384. werrstr("%s", hs->autherror);
  385. else
  386. werrstr("unauthorized; no www-authenticate: header");
  387. return -1;
  388. }
  389. c->authenticate = hs->credentials;
  390. hs->credentials = nil;
  391. }
  392. if(redirect){
  393. if(!hs->location){
  394. werrstr("redirection without Location: header");
  395. return -1;
  396. }
  397. c->redirect = hs->location;
  398. hs->location = nil;
  399. }
  400. return 0;
  401. }
  402. int
  403. httpread(Client *c, Req *r)
  404. {
  405. char *dst;
  406. HttpState *hs;
  407. int n;
  408. long rlen, tot, len;
  409. hs = c->aux;
  410. dst = r->ofcall.data;
  411. len = r->ifcall.count;
  412. tot = 0;
  413. while (tot < len){
  414. rlen = len - tot;
  415. n = readibuf(&hs->b, dst + tot, rlen);
  416. if(n == 0)
  417. break;
  418. else if(n < 0){
  419. if(tot == 0)
  420. return -1;
  421. else
  422. return tot;
  423. }
  424. tot += n;
  425. }
  426. r->ofcall.count = tot;
  427. return 0;
  428. }
  429. void
  430. httpclose(Client *c)
  431. {
  432. HttpState *hs;
  433. hs = c->aux;
  434. if(hs == nil)
  435. return;
  436. ioclose(c->io, hs->fd);
  437. hs->fd = -1;
  438. free(hs->location);
  439. free(hs->setcookie);
  440. free(hs->netaddr);
  441. free(hs->credentials);
  442. free(hs);
  443. c->aux = nil;
  444. }