1/* 2 * "$Id: http-private.h 12131 2014-08-28 23:38:16Z msweet $" 3 * 4 * Private HTTP definitions for CUPS. 5 * 6 * Copyright 2007-2014 by Apple Inc. 7 * Copyright 1997-2007 by Easy Software Products, all rights reserved. 8 * 9 * These coded instructions, statements, and computer programs are the 10 * property of Apple Inc. and are protected by Federal copyright 11 * law. Distribution and use rights are outlined in the file "LICENSE.txt" 12 * which should have been included with this file. If this file is 13 * file is missing or damaged, see the license at "http://www.cups.org/". 14 * 15 * This file is subject to the Apple OS-Developed Software exception. 16 */ 17 18#ifndef _CUPS_HTTP_PRIVATE_H_ 19# define _CUPS_HTTP_PRIVATE_H_ 20 21/* 22 * Include necessary headers... 23 */ 24 25# include "config.h" 26# include <cups/language.h> 27# include <stddef.h> 28# include <stdlib.h> 29 30# ifdef __sun 31# include <sys/select.h> 32# endif /* __sun */ 33 34# include <limits.h> 35# ifdef WIN32 36# include <io.h> 37# include <winsock2.h> 38# define CUPS_SOCAST (const char *) 39# else 40# include <unistd.h> 41# include <fcntl.h> 42# include <sys/socket.h> 43# define CUPS_SOCAST 44# endif /* WIN32 */ 45 46# ifdef HAVE_GSSAPI 47# ifdef HAVE_GSS_GSSAPI_H 48# include <GSS/gssapi.h> 49# elif defined(HAVE_GSSAPI_GSSAPI_H) 50# include <gssapi/gssapi.h> 51# elif defined(HAVE_GSSAPI_H) 52# include <gssapi.h> 53# endif /* HAVE_GSS_GSSAPI_H */ 54# ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE 55# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name 56# endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */ 57# endif /* HAVE_GSSAPI */ 58 59# ifdef HAVE_AUTHORIZATION_H 60# include <Security/Authorization.h> 61# endif /* HAVE_AUTHORIZATION_H */ 62 63# if defined(__APPLE__) && !defined(_SOCKLEN_T) 64/* 65 * MacOS X 10.2.x does not define socklen_t, and in fact uses an int instead of 66 * unsigned type for length values... 67 */ 68 69typedef int socklen_t; 70# endif /* __APPLE__ && !_SOCKLEN_T */ 71 72# include <cups/http.h> 73# include "md5-private.h" 74# include "ipp-private.h" 75 76# ifdef HAVE_GNUTLS 77# include <gnutls/gnutls.h> 78# include <gnutls/x509.h> 79# elif defined(HAVE_CDSASSL) 80# include <CoreFoundation/CoreFoundation.h> 81# include <Security/Security.h> 82# include <Security/SecureTransport.h> 83# ifdef HAVE_SECURETRANSPORTPRIV_H 84# include <Security/SecureTransportPriv.h> 85# endif /* HAVE_SECURETRANSPORTPRIV_H */ 86# ifdef HAVE_SECITEM_H 87# include <Security/SecItem.h> 88# endif /* HAVE_SECITEM_H */ 89# ifdef HAVE_SECBASEPRIV_H 90# include <Security/SecBasePriv.h> 91# endif /* HAVE_SECBASEPRIV_H */ 92# ifdef HAVE_SECCERTIFICATE_H 93# include <Security/SecCertificate.h> 94# include <Security/SecIdentity.h> 95# endif /* HAVE_SECCERTIFICATE_H */ 96# ifdef HAVE_SECCERTIFICATEPRIV_H 97# include <Security/SecCertificatePriv.h> 98# else 99# ifdef __cplusplus 100extern "C" { 101# endif /* __cplusplus */ 102extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length); 103extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime); 104extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate); 105# ifdef __cplusplus 106} 107# endif /* __cplusplus */ 108# endif /* HAVE_SECCERTIFICATEPRIV_H */ 109# ifdef HAVE_SECITEMPRIV_H 110# include <Security/SecItemPriv.h> 111# endif /* HAVE_SECITEMPRIV_H */ 112# ifdef HAVE_SECIDENTITYSEARCHPRIV_H 113# include <Security/SecIdentitySearchPriv.h> 114# endif /* HAVE_SECIDENTITYSEARCHPRIV_H */ 115# ifdef HAVE_SECPOLICYPRIV_H 116# include <Security/SecPolicyPriv.h> 117# endif /* HAVE_SECPOLICYPRIV_H */ 118# elif defined(HAVE_SSPISSL) 119# include <wincrypt.h> 120# include <wintrust.h> 121# include <schannel.h> 122# define SECURITY_WIN32 123# include <security.h> 124# include <sspi.h> 125# endif /* HAVE_GNUTLS */ 126 127# ifndef WIN32 128# include <net/if.h> 129# ifdef HAVE_GETIFADDRS 130# include <ifaddrs.h> 131# else 132# include <sys/ioctl.h> 133# ifdef HAVE_SYS_SOCKIO_H 134# include <sys/sockio.h> 135# endif /* HAVE_SYS_SOCKIO_H */ 136# endif /* HAVE_GETIFADDRS */ 137# endif /* !WIN32 */ 138 139# ifdef HAVE_LIBZ 140# include <zlib.h> 141# endif /* HAVE_LIBZ */ 142 143 144/* 145 * C++ magic... 146 */ 147 148# ifdef __cplusplus 149extern "C" { 150# endif /* __cplusplus */ 151 152 153/* 154 * Constants... 155 */ 156 157 158#define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ 159#define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ 160#define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ 161#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ 162#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ 163 164 165/* 166 * Types and functions for SSL support... 167 */ 168 169# ifdef HAVE_GNUTLS 170/* 171 * The GNU TLS library is more of a "bare metal" SSL/TLS library... 172 */ 173 174typedef gnutls_session_t http_tls_t; 175typedef gnutls_certificate_credentials_t *http_tls_credentials_t; 176 177# elif defined(HAVE_CDSASSL) 178/* 179 * Darwin's Security framework provides its own SSL/TLS context structure 180 * for its IO and protocol management... 181 */ 182 183# if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */ 184extern const char *cssmErrorString(int error); 185# endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */ 186# ifndef HAVE_SECITEMPRIV_H /* Declare constants from that header... */ 187extern const CFTypeRef kSecClassCertificate; 188extern const CFTypeRef kSecClassIdentity; 189# endif /* !HAVE_SECITEMPRIV_H */ 190# if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */ 191extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy, 192 CFStringRef idString, CSSM_KEYUSE keyUsage, 193 CFTypeRef keychainOrArray, 194 Boolean returnOnlyValidIdentities, 195 SecIdentitySearchRef* searchRef); 196# endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */ 197# if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */ 198extern OSStatus SecPolicySetValue(SecPolicyRef policyRef, 199 const CSSM_DATA *value); 200# endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */ 201 202typedef SSLContextRef http_tls_t; 203typedef CFArrayRef http_tls_credentials_t; 204 205# elif defined(HAVE_SSPISSL) 206/* 207 * Windows' SSPI library gets a CUPS wrapper... 208 */ 209 210typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/ 211{ 212 CredHandle creds; /* Credentials */ 213 CtxtHandle context; /* SSL context */ 214 BOOL contextInitialized; /* Is context init'd? */ 215 SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */ 216 BYTE *decryptBuffer; /* Data pre-decryption*/ 217 size_t decryptBufferLength; /* Length of decrypt buffer */ 218 size_t decryptBufferUsed; /* Bytes used in buffer */ 219 BYTE *readBuffer; /* Data post-decryption */ 220 int readBufferLength; /* Length of read buffer */ 221 int readBufferUsed; /* Bytes used in buffer */ 222 BYTE *writeBuffer; /* Data pre-encryption */ 223 int writeBufferLength; /* Length of write buffer */ 224 PCCERT_CONTEXT localCert, /* Local certificate */ 225 remoteCert; /* Remote (peer's) certificate */ 226 char error[256]; /* Most recent error message */ 227} _http_sspi_t; 228typedef _http_sspi_t *http_tls_t; 229typedef PCCERT_CONTEXT http_tls_credentials_t; 230 231# else 232/* 233 * Otherwise define stub types since we have no SSL support... 234 */ 235 236typedef void *http_tls_t; 237typedef void *http_tls_credentials_t; 238# endif /* HAVE_GNUTLS */ 239 240typedef enum _http_coding_e /**** HTTP content coding enumeration ****/ 241{ 242 _HTTP_CODING_IDENTITY, /* No content coding */ 243 _HTTP_CODING_GZIP, /* LZ77+gzip decompression */ 244 _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */ 245 _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */ 246 _HTTP_CODING_INFLATE /* LZ77+zlib decompression */ 247} _http_coding_t; 248 249typedef enum _http_mode_e /**** HTTP mode enumeration ****/ 250{ 251 _HTTP_MODE_CLIENT, /* Client connected to server */ 252 _HTTP_MODE_SERVER /* Server connected (accepted) from client */ 253} _http_mode_t; 254 255# ifndef _HTTP_NO_PRIVATE 256struct _http_s /**** HTTP connection structure ****/ 257{ 258 int fd; /* File descriptor for this socket */ 259 int blocking; /* To block or not to block */ 260 int error; /* Last error on read */ 261 time_t activity; /* Time since last read/write */ 262 http_state_t state; /* State of client */ 263 http_status_t status; /* Status of last request */ 264 http_version_t version; /* Protocol version */ 265 http_keepalive_t keep_alive; /* Keep-alive supported? */ 266 struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */ 267 char hostname[HTTP_MAX_HOST], 268 /* Name of connected host */ 269 fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE]; 270 /* Field values up to Accept-Encoding */ 271 char *data; /* Pointer to data buffer */ 272 http_encoding_t data_encoding; /* Chunked or not */ 273 int _data_remaining;/* Number of bytes left (deprecated) */ 274 int used; /* Number of bytes used in buffer */ 275 char buffer[HTTP_MAX_BUFFER]; 276 /* Buffer for incoming data */ 277 int _auth_type; /* Authentication in use (deprecated) */ 278 _cups_md5_state_t md5_state; /* MD5 state */ 279 char nonce[HTTP_MAX_VALUE]; 280 /* Nonce value */ 281 int nonce_count; /* Nonce count */ 282 http_tls_t tls; /* TLS state information */ 283 http_encryption_t encryption; /* Encryption requirements */ 284 285 /**** New in CUPS 1.1.19 ****/ 286 fd_set *input_set; /* select() set for httpWait() (deprecated) */ 287 http_status_t expect; /* Expect: header */ 288 char *cookie; /* Cookie value(s) */ 289 290 /**** New in CUPS 1.1.20 ****/ 291 char _authstring[HTTP_MAX_VALUE], 292 /* Current Authorization value (deprecated) */ 293 userpass[HTTP_MAX_VALUE]; 294 /* Username:password string */ 295 int digest_tries; /* Number of tries for digest auth */ 296 297 /**** New in CUPS 1.2 ****/ 298 off_t data_remaining; /* Number of bytes left */ 299 http_addr_t *hostaddr; /* Current host address and port */ 300 http_addrlist_t *addrlist; /* List of valid addresses */ 301 char wbuffer[HTTP_MAX_BUFFER]; 302 /* Buffer for outgoing data */ 303 int wused; /* Write buffer bytes used */ 304 305 /**** New in CUPS 1.3 ****/ 306 char *field_authorization; 307 /* Authorization field */ 308 char *authstring; /* Current Authorization field */ 309# ifdef HAVE_GSSAPI 310 gss_OID gssmech; /* Authentication mechanism */ 311 gss_ctx_id_t gssctx; /* Authentication context */ 312 gss_name_t gssname; /* Authentication server name */ 313# endif /* HAVE_GSSAPI */ 314# ifdef HAVE_AUTHORIZATION_H 315 AuthorizationRef auth_ref; /* Authorization ref */ 316# endif /* HAVE_AUTHORIZATION_H */ 317 318 /**** New in CUPS 1.5 ****/ 319 http_tls_credentials_t tls_credentials; 320 /* TLS credentials */ 321 http_timeout_cb_t timeout_cb; /* Timeout callback */ 322 void *timeout_data; /* User data pointer */ 323 double timeout_value; /* Timeout in seconds */ 324 int wait_value; /* httpWait value for timeout */ 325# ifdef HAVE_GSSAPI 326 char gsshost[256]; /* Hostname for Kerberos */ 327# endif /* HAVE_GSSAPI */ 328 329 /**** New in CUPS 1.7 ****/ 330 int tls_upgrade; /* Non-zero if we are doing an upgrade */ 331 _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */ 332 char *accept_encoding, 333 /* Accept-Encoding field */ 334 *allow, /* Allow field */ 335 *server, /* Server field */ 336 *default_accept_encoding, 337 *default_server, 338 *default_user_agent; 339 /* Default field values */ 340# ifdef HAVE_LIBZ 341 _http_coding_t coding; /* _HTTP_CODING_xxx */ 342 z_stream stream; /* (De)compression stream */ 343 Bytef *sbuffer; /* (De)compression buffer */ 344# endif /* HAVE_LIBZ */ 345}; 346# endif /* !_HTTP_NO_PRIVATE */ 347 348 349/* 350 * Some OS's don't have hstrerror(), most notably Solaris... 351 */ 352 353# ifndef HAVE_HSTRERROR 354extern const char *_cups_hstrerror(int error); 355# define hstrerror _cups_hstrerror 356# endif /* !HAVE_HSTRERROR */ 357 358 359/* 360 * Some OS's don't have getifaddrs() and freeifaddrs()... 361 */ 362 363# if !defined(WIN32) && !defined(HAVE_GETIFADDRS) 364# ifdef ifa_dstaddr 365# undef ifa_dstaddr 366# endif /* ifa_dstaddr */ 367# ifndef ifr_netmask 368# define ifr_netmask ifr_addr 369# endif /* !ifr_netmask */ 370 371struct ifaddrs /**** Interface Structure ****/ 372{ 373 struct ifaddrs *ifa_next; /* Next interface in list */ 374 char *ifa_name; /* Name of interface */ 375 unsigned int ifa_flags; /* Flags (up, point-to-point, etc.) */ 376 struct sockaddr *ifa_addr, /* Network address */ 377 *ifa_netmask; /* Address mask */ 378 union 379 { 380 struct sockaddr *ifu_broadaddr; /* Broadcast address of this interface. */ 381 struct sockaddr *ifu_dstaddr; /* Point-to-point destination address. */ 382 } ifa_ifu; 383 384 void *ifa_data; /* Interface statistics */ 385}; 386 387# ifndef ifa_broadaddr 388# define ifa_broadaddr ifa_ifu.ifu_broadaddr 389# endif /* !ifa_broadaddr */ 390# ifndef ifa_dstaddr 391# define ifa_dstaddr ifa_ifu.ifu_dstaddr 392# endif /* !ifa_dstaddr */ 393 394extern int _cups_getifaddrs(struct ifaddrs **addrs); 395# define getifaddrs _cups_getifaddrs 396extern void _cups_freeifaddrs(struct ifaddrs *addrs); 397# define freeifaddrs _cups_freeifaddrs 398# endif /* !WIN32 && !HAVE_GETIFADDRS */ 399 400 401/* 402 * Prototypes... 403 */ 404 405extern void _httpAddrSetPort(http_addr_t *addr, int port); 406extern http_tls_credentials_t 407 _httpCreateCredentials(cups_array_t *credentials); 408extern char *_httpDecodeURI(char *dst, const char *src, 409 size_t dstsize); 410extern void _httpDisconnect(http_t *http); 411extern char *_httpEncodeURI(char *dst, const char *src, 412 size_t dstsize); 413extern void _httpFreeCredentials(http_tls_credentials_t credentials); 414extern const char *_httpResolveURI(const char *uri, char *resolved_uri, 415 size_t resolved_size, int options, 416 int (*cb)(void *context), 417 void *context); 418extern const char *_httpStatus(cups_lang_t *lang, http_status_t status); 419extern void _httpTLSInitialize(void); 420extern size_t _httpTLSPending(http_t *http); 421extern int _httpTLSRead(http_t *http, char *buf, int len); 422extern int _httpTLSSetCredentials(http_t *http); 423extern int _httpTLSStart(http_t *http); 424extern void _httpTLSStop(http_t *http); 425extern int _httpTLSWrite(http_t *http, const char *buf, int len); 426extern int _httpUpdate(http_t *http, http_status_t *status); 427extern int _httpWait(http_t *http, int msec, int usessl); 428 429 430/* 431 * C++ magic... 432 */ 433 434# ifdef __cplusplus 435} 436# endif /* __cplusplus */ 437 438#endif /* !_CUPS_HTTP_PRIVATE_H_ */ 439 440/* 441 * End of "$Id: http-private.h 12131 2014-08-28 23:38:16Z msweet $". 442 */ 443