1/* 2 * UPnP WPS Device - Event processing 3 * Copyright (c) 2000-2003 Intel Corporation 4 * Copyright (c) 2006-2007 Sony Corporation 5 * Copyright (c) 2008-2009 Atheros Communications 6 * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi> 7 * 8 * See wps_upnp.c for more details on licensing and code history. 9 */ 10 11#include "includes.h" 12#include <assert.h> 13 14#include "common.h" 15#include "eloop.h" 16#include "uuid.h" 17#include "http_client.h" 18#include "wps_defs.h" 19#include "wps_upnp.h" 20#include "wps_upnp_i.h" 21 22/* 23 * Event message generation (to subscribers) 24 * 25 * We make a separate copy for each message for each subscriber. This memory 26 * wasted could be limited (adding code complexity) by sharing copies, keeping 27 * a usage count and freeing when zero. 28 * 29 * Sending a message requires using a HTTP over TCP NOTIFY 30 * (like a PUT) which requires a number of states.. 31 */ 32 33#define MAX_EVENTS_QUEUED 20 /* How far behind queued events */ 34#define MAX_FAILURES 10 /* Drop subscription after this many failures */ 35 36/* How long to wait before sending event */ 37#define EVENT_DELAY_SECONDS 0 38#define EVENT_DELAY_MSEC 0 39 40/* 41 * Event information that we send to each subscriber is remembered in this 42 * struct. The event cannot be sent by simple UDP; it has to be sent by a HTTP 43 * over TCP transaction which requires various states.. It may also need to be 44 * retried at a different address (if more than one is available). 45 * 46 * TODO: As an optimization we could share data between subscribers. 47 */ 48struct wps_event_ { 49 struct dl_list list; 50 struct subscription *s; /* parent */ 51 unsigned subscriber_sequence; /* which event for this subscription*/ 52 unsigned int retry; /* which retry */ 53 struct subscr_addr *addr; /* address to connect to */ 54 struct wpabuf *data; /* event data to send */ 55 struct http_client *http_event; 56}; 57 58 59/* event_clean -- clean sockets etc. of event 60 * Leaves data, retry count etc. alone. 61 */ 62static void event_clean(struct wps_event_ *e) 63{ 64 if (e->s->current_event == e) 65 e->s->current_event = NULL; 66 http_client_free(e->http_event); 67 e->http_event = NULL; 68} 69 70 71/* event_delete -- delete single unqueued event 72 * (be sure to dequeue first if need be) 73 */ 74static void event_delete(struct wps_event_ *e) 75{ 76 wpa_printf(MSG_DEBUG, "WPS UPnP: Delete event %p", e); 77 event_clean(e); 78 wpabuf_free(e->data); 79 os_free(e); 80} 81 82 83/* event_dequeue -- get next event from the queue 84 * Returns NULL if empty. 85 */ 86static struct wps_event_ *event_dequeue(struct subscription *s) 87{ 88 struct wps_event_ *e; 89 e = dl_list_first(&s->event_queue, struct wps_event_, list); 90 if (e) { 91 wpa_printf(MSG_DEBUG, "WPS UPnP: Dequeue event %p for " 92 "subscription %p", e, s); 93 dl_list_del(&e->list); 94 } 95 return e; 96} 97 98 99/* event_delete_all -- delete entire event queue and current event */ 100void event_delete_all(struct subscription *s) 101{ 102 struct wps_event_ *e; 103 while ((e = event_dequeue(s)) != NULL) 104 event_delete(e); 105 if (s->current_event) { 106 event_delete(s->current_event); 107 /* will set: s->current_event = NULL; */ 108 } 109} 110 111 112/** 113 * event_retry - Called when we had a failure delivering event msg 114 * @e: Event 115 * @do_next_address: skip address e.g. on connect fail 116 */ 117static void event_retry(struct wps_event_ *e, int do_next_address) 118{ 119 struct subscription *s = e->s; 120 struct upnp_wps_device_sm *sm = s->sm; 121 122 wpa_printf(MSG_DEBUG, "WPS UPnP: Retry event %p for subscription %p", 123 e, s); 124 event_clean(e); 125 /* will set: s->current_event = NULL; */ 126 127 if (do_next_address) { 128 e->retry++; 129 wpa_printf(MSG_DEBUG, "WPS UPnP: Try address %d", e->retry); 130 } 131 if (e->retry >= dl_list_len(&s->addr_list)) { 132 wpa_printf(MSG_DEBUG, "WPS UPnP: Giving up on sending event " 133 "for %s", e->addr->domain_and_port); 134 event_delete(e); 135 s->last_event_failed = 1; 136 if (!dl_list_empty(&s->event_queue)) 137 event_send_all_later(s->sm); 138 return; 139 } 140 dl_list_add(&s->event_queue, &e->list); 141 event_send_all_later(sm); 142} 143 144 145static struct wpabuf * event_build_message(struct wps_event_ *e) 146{ 147 struct wpabuf *buf; 148 char *b; 149 150 buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + 151 wpabuf_len(e->data)); 152 if (buf == NULL) 153 return NULL; 154 wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); 155 wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified\r\n"); 156 wpabuf_printf(buf, "HOST: %s\r\n", e->addr->domain_and_port); 157 wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n" 158 "NT: upnp:event\r\n" 159 "NTS: upnp:propchange\r\n"); 160 wpabuf_put_str(buf, "SID: uuid:"); 161 b = wpabuf_put(buf, 0); 162 uuid_bin2str(e->s->uuid, b, 80); 163 wpabuf_put(buf, os_strlen(b)); 164 wpabuf_put_str(buf, "\r\n"); 165 wpabuf_printf(buf, "SEQ: %u\r\n", e->subscriber_sequence); 166 wpabuf_printf(buf, "CONTENT-LENGTH: %d\r\n", 167 (int) wpabuf_len(e->data)); 168 wpabuf_put_str(buf, "\r\n"); /* terminating empty line */ 169 wpabuf_put_buf(buf, e->data); 170 return buf; 171} 172 173 174static void event_addr_failure(struct wps_event_ *e) 175{ 176 struct subscription *s = e->s; 177 178 e->addr->num_failures++; 179 wpa_printf(MSG_DEBUG, "WPS UPnP: Failed to send event %p to %s " 180 "(num_failures=%u)", 181 e, e->addr->domain_and_port, e->addr->num_failures); 182 183 if (e->addr->num_failures < MAX_FAILURES) { 184 /* Try other addresses, if available */ 185 event_retry(e, 1); 186 return; 187 } 188 189 /* 190 * If other side doesn't like what we say, forget about them. 191 * (There is no way to tell other side that we are dropping them...). 192 */ 193 wpa_printf(MSG_DEBUG, "WPS UPnP: Deleting subscription %p " 194 "address %s due to errors", s, e->addr->domain_and_port); 195 dl_list_del(&e->addr->list); 196 subscr_addr_delete(e->addr); 197 e->addr = NULL; 198 199 if (dl_list_empty(&s->addr_list)) { 200 /* if we've given up on all addresses */ 201 wpa_printf(MSG_DEBUG, "WPS UPnP: Removing subscription %p " 202 "with no addresses", s); 203 dl_list_del(&s->list); 204 subscription_destroy(s); 205 return; 206 } 207 208 /* Try other addresses, if available */ 209 event_retry(e, 0); 210} 211 212 213static void event_http_cb(void *ctx, struct http_client *c, 214 enum http_client_event event) 215{ 216 struct wps_event_ *e = ctx; 217 struct subscription *s = e->s; 218 219 wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP client callback: e=%p c=%p " 220 "event=%d", e, c, event); 221 switch (event) { 222 case HTTP_CLIENT_OK: 223 wpa_printf(MSG_DEBUG, 224 "WPS UPnP: Got event %p reply OK from %s", 225 e, e->addr->domain_and_port); 226 e->addr->num_failures = 0; 227 s->last_event_failed = 0; 228 event_delete(e); 229 230 /* Schedule sending more if there is more to send */ 231 if (!dl_list_empty(&s->event_queue)) 232 event_send_all_later(s->sm); 233 break; 234 case HTTP_CLIENT_FAILED: 235 wpa_printf(MSG_DEBUG, "WPS UPnP: Event send failure"); 236 event_addr_failure(e); 237 break; 238 case HTTP_CLIENT_INVALID_REPLY: 239 wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid reply"); 240 event_addr_failure(e); 241 break; 242 case HTTP_CLIENT_TIMEOUT: 243 wpa_printf(MSG_DEBUG, "WPS UPnP: Event send timeout"); 244 event_addr_failure(e); 245 break; 246 } 247} 248 249 250/* event_send_start -- prepare to send a event message to subscriber 251 * 252 * This gets complicated because: 253 * -- The message is sent via TCP and we have to keep the stream open 254 * for 30 seconds to get a response... then close it. 255 * -- But we might have other event happen in the meantime... 256 * we have to queue them, if we lose them then the subscriber will 257 * be forced to unsubscribe and subscribe again. 258 * -- If multiple URLs are provided then we are supposed to try successive 259 * ones after 30 second timeout. 260 * -- The URLs might use domain names instead of dotted decimal addresses, 261 * and resolution of those may cause unwanted sleeping. 262 * -- Doing the initial TCP connect can take a while, so we have to come 263 * back after connection and then send the data. 264 * 265 * Returns nonzero on error; 266 * 267 * Prerequisite: No current event send (s->current_event == NULL) 268 * and non-empty queue. 269 */ 270static int event_send_start(struct subscription *s) 271{ 272 struct wps_event_ *e; 273 unsigned int itry; 274 struct wpabuf *buf; 275 276 /* 277 * Assume we are called ONLY with no current event and ONLY with 278 * nonempty event queue and ONLY with at least one address to send to. 279 */ 280 if (dl_list_empty(&s->addr_list) || 281 s->current_event || 282 dl_list_empty(&s->event_queue)) 283 return -1; 284 285 s->current_event = e = event_dequeue(s); 286 287 /* Use address according to number of retries */ 288 itry = 0; 289 dl_list_for_each(e->addr, &s->addr_list, struct subscr_addr, list) 290 if (itry++ == e->retry) 291 break; 292 if (itry < e->retry) 293 return -1; 294 295 buf = event_build_message(e); 296 if (buf == NULL) { 297 event_addr_failure(e); 298 return -1; 299 } 300 301 e->http_event = http_client_addr(&e->addr->saddr, buf, 0, 302 event_http_cb, e); 303 if (e->http_event == NULL) { 304 wpabuf_free(buf); 305 event_addr_failure(e); 306 return -1; 307 } 308 309 return 0; 310} 311 312 313/* event_send_all_later_handler -- actually send events as needed */ 314static void event_send_all_later_handler(void *eloop_data, void *user_ctx) 315{ 316 struct upnp_wps_device_sm *sm = user_ctx; 317 struct subscription *s, *tmp; 318 int nerrors = 0; 319 320 sm->event_send_all_queued = 0; 321 dl_list_for_each_safe(s, tmp, &sm->subscriptions, struct subscription, 322 list) { 323 if (s->current_event == NULL /* not busy */ && 324 !dl_list_empty(&s->event_queue) /* more to do */) { 325 if (event_send_start(s)) 326 nerrors++; 327 } 328 } 329 330 if (nerrors) { 331 /* Try again later */ 332 event_send_all_later(sm); 333 } 334} 335 336 337/* event_send_all_later -- schedule sending events to all subscribers 338 * that need it. 339 * This avoids two problems: 340 * -- After getting a subscription, we should not send the first event 341 * until after our reply is fully queued to be sent back, 342 * -- Possible stack depth or infinite recursion issues. 343 */ 344void event_send_all_later(struct upnp_wps_device_sm *sm) 345{ 346 /* 347 * The exact time in the future isn't too important. Waiting a bit 348 * might let us do several together. 349 */ 350 if (sm->event_send_all_queued) 351 return; 352 sm->event_send_all_queued = 1; 353 eloop_register_timeout(EVENT_DELAY_SECONDS, EVENT_DELAY_MSEC, 354 event_send_all_later_handler, NULL, sm); 355} 356 357 358/* event_send_stop_all -- cleanup */ 359void event_send_stop_all(struct upnp_wps_device_sm *sm) 360{ 361 if (sm->event_send_all_queued) 362 eloop_cancel_timeout(event_send_all_later_handler, NULL, sm); 363 sm->event_send_all_queued = 0; 364} 365 366 367/** 368 * event_add - Add a new event to a queue 369 * @s: Subscription 370 * @data: Event data (is copied; caller retains ownership) 371 * @probereq: Whether this is a Probe Request event 372 * Returns: 0 on success, -1 on error, 1 on max event queue limit reached 373 */ 374int event_add(struct subscription *s, const struct wpabuf *data, int probereq) 375{ 376 struct wps_event_ *e; 377 unsigned int len; 378 379 len = dl_list_len(&s->event_queue); 380 if (len >= MAX_EVENTS_QUEUED) { 381 wpa_printf(MSG_DEBUG, "WPS UPnP: Too many events queued for " 382 "subscriber %p", s); 383 if (probereq) 384 return 1; 385 386 /* Drop oldest entry to allow EAP event to be stored. */ 387 e = event_dequeue(s); 388 if (!e) 389 return 1; 390 event_delete(e); 391 } 392 393 if (s->last_event_failed && probereq && len > 0) { 394 /* 395 * Avoid queuing frames for subscribers that may have left 396 * without unsubscribing. 397 */ 398 wpa_printf(MSG_DEBUG, "WPS UPnP: Do not queue more Probe " 399 "Request frames for subscription %p since last " 400 "delivery failed", s); 401 return -1; 402 } 403 404 e = os_zalloc(sizeof(*e)); 405 if (e == NULL) 406 return -1; 407 dl_list_init(&e->list); 408 e->s = s; 409 e->data = wpabuf_dup(data); 410 if (e->data == NULL) { 411 os_free(e); 412 return -1; 413 } 414 e->subscriber_sequence = s->next_subscriber_sequence++; 415 if (s->next_subscriber_sequence == 0) 416 s->next_subscriber_sequence++; 417 wpa_printf(MSG_DEBUG, "WPS UPnP: Queue event %p for subscriber %p " 418 "(queue len %u)", e, s, len + 1); 419 dl_list_add_tail(&s->event_queue, &e->list); 420 event_send_all_later(s->sm); 421 return 0; 422} 423