1/*
2 * "$Id: http-private.h 12131 2014-08-28 23:38:16Z msweet $"
3 *
4 * Private HTTP definitions for CUPS.
5 *
6 * Copyright 2007-2014 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file.  If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 */
17
18#ifndef _CUPS_HTTP_PRIVATE_H_
19#  define _CUPS_HTTP_PRIVATE_H_
20
21/*
22 * Include necessary headers...
23 */
24
25#  include "config.h"
26#  include <cups/language.h>
27#  include <stddef.h>
28#  include <stdlib.h>
29
30#  ifdef __sun
31#    include <sys/select.h>
32#  endif /* __sun */
33
34#  include <limits.h>
35#  ifdef WIN32
36#    include <io.h>
37#    include <winsock2.h>
38#    define CUPS_SOCAST (const char *)
39#  else
40#    include <unistd.h>
41#    include <fcntl.h>
42#    include <sys/socket.h>
43#    define CUPS_SOCAST
44#  endif /* WIN32 */
45
46#  ifdef HAVE_GSSAPI
47#    ifdef HAVE_GSS_GSSAPI_H
48#      include <GSS/gssapi.h>
49#    elif defined(HAVE_GSSAPI_GSSAPI_H)
50#      include <gssapi/gssapi.h>
51#    elif defined(HAVE_GSSAPI_H)
52#      include <gssapi.h>
53#    endif /* HAVE_GSS_GSSAPI_H */
54#    ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
55#      define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
56#    endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */
57#  endif /* HAVE_GSSAPI */
58
59#  ifdef HAVE_AUTHORIZATION_H
60#    include <Security/Authorization.h>
61#  endif /* HAVE_AUTHORIZATION_H */
62
63#  if defined(__APPLE__) && !defined(_SOCKLEN_T)
64/*
65 * MacOS X 10.2.x does not define socklen_t, and in fact uses an int instead of
66 * unsigned type for length values...
67 */
68
69typedef int socklen_t;
70#  endif /* __APPLE__ && !_SOCKLEN_T */
71
72#  include <cups/http.h>
73#  include "md5-private.h"
74#  include "ipp-private.h"
75
76#  ifdef HAVE_GNUTLS
77#    include <gnutls/gnutls.h>
78#    include <gnutls/x509.h>
79#  elif defined(HAVE_CDSASSL)
80#    include <CoreFoundation/CoreFoundation.h>
81#    include <Security/Security.h>
82#    include <Security/SecureTransport.h>
83#    ifdef HAVE_SECURETRANSPORTPRIV_H
84#      include <Security/SecureTransportPriv.h>
85#    endif /* HAVE_SECURETRANSPORTPRIV_H */
86#    ifdef HAVE_SECITEM_H
87#      include <Security/SecItem.h>
88#    endif /* HAVE_SECITEM_H */
89#    ifdef HAVE_SECBASEPRIV_H
90#      include <Security/SecBasePriv.h>
91#    endif /* HAVE_SECBASEPRIV_H */
92#    ifdef HAVE_SECCERTIFICATE_H
93#      include <Security/SecCertificate.h>
94#      include <Security/SecIdentity.h>
95#    endif /* HAVE_SECCERTIFICATE_H */
96#    ifdef HAVE_SECCERTIFICATEPRIV_H
97#      include <Security/SecCertificatePriv.h>
98#    else
99#      ifdef __cplusplus
100extern "C" {
101#      endif /* __cplusplus */
102extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
103extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
104extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
105#      ifdef __cplusplus
106}
107#      endif /* __cplusplus */
108#    endif /* HAVE_SECCERTIFICATEPRIV_H */
109#    ifdef HAVE_SECITEMPRIV_H
110#      include <Security/SecItemPriv.h>
111#    endif /* HAVE_SECITEMPRIV_H */
112#    ifdef HAVE_SECIDENTITYSEARCHPRIV_H
113#      include <Security/SecIdentitySearchPriv.h>
114#    endif /* HAVE_SECIDENTITYSEARCHPRIV_H */
115#    ifdef HAVE_SECPOLICYPRIV_H
116#      include <Security/SecPolicyPriv.h>
117#    endif /* HAVE_SECPOLICYPRIV_H */
118#  elif defined(HAVE_SSPISSL)
119#    include <wincrypt.h>
120#    include <wintrust.h>
121#    include <schannel.h>
122#    define SECURITY_WIN32
123#    include <security.h>
124#    include <sspi.h>
125#  endif /* HAVE_GNUTLS */
126
127#  ifndef WIN32
128#    include <net/if.h>
129#    ifdef HAVE_GETIFADDRS
130#      include <ifaddrs.h>
131#    else
132#      include <sys/ioctl.h>
133#      ifdef HAVE_SYS_SOCKIO_H
134#        include <sys/sockio.h>
135#      endif /* HAVE_SYS_SOCKIO_H */
136#    endif /* HAVE_GETIFADDRS */
137#  endif /* !WIN32 */
138
139#  ifdef HAVE_LIBZ
140#    include <zlib.h>
141#  endif /* HAVE_LIBZ */
142
143
144/*
145 * C++ magic...
146 */
147
148#  ifdef __cplusplus
149extern "C" {
150#  endif /* __cplusplus */
151
152
153/*
154 * Constants...
155 */
156
157
158#define _HTTP_MAX_SBUFFER	65536	/* Size of (de)compression buffer */
159#define _HTTP_RESOLVE_DEFAULT	0	/* Just resolve with default options */
160#define _HTTP_RESOLVE_STDERR	1	/* Log resolve progress to stderr */
161#define _HTTP_RESOLVE_FQDN	2	/* Resolve to a FQDN */
162#define _HTTP_RESOLVE_FAXOUT	4	/* Resolve FaxOut service? */
163
164
165/*
166 * Types and functions for SSL support...
167 */
168
169#  ifdef HAVE_GNUTLS
170/*
171 * The GNU TLS library is more of a "bare metal" SSL/TLS library...
172 */
173
174typedef gnutls_session_t http_tls_t;
175typedef gnutls_certificate_credentials_t *http_tls_credentials_t;
176
177#  elif defined(HAVE_CDSASSL)
178/*
179 * Darwin's Security framework provides its own SSL/TLS context structure
180 * for its IO and protocol management...
181 */
182
183#    if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
184extern const char *cssmErrorString(int error);
185#    endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
186#    ifndef HAVE_SECITEMPRIV_H /* Declare constants from that header... */
187extern const CFTypeRef kSecClassCertificate;
188extern const CFTypeRef kSecClassIdentity;
189#    endif /* !HAVE_SECITEMPRIV_H */
190#    if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
191extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
192				CFStringRef idString, CSSM_KEYUSE keyUsage,
193				CFTypeRef keychainOrArray,
194				Boolean returnOnlyValidIdentities,
195				SecIdentitySearchRef* searchRef);
196#    endif /* !HAVE_SECIDENTITYSEARCHPRIV_H && HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY */
197#    if !defined(HAVE_SECPOLICYPRIV_H) && defined(HAVE_SECPOLICYSETVALUE) /* Declare prototype for function in that header... */
198extern OSStatus SecPolicySetValue(SecPolicyRef policyRef,
199                                  const CSSM_DATA *value);
200#    endif /* !HAVE_SECPOLICYPRIV_H && HAVE_SECPOLICYSETVALUE */
201
202typedef SSLContextRef	http_tls_t;
203typedef CFArrayRef	http_tls_credentials_t;
204
205#  elif defined(HAVE_SSPISSL)
206/*
207 * Windows' SSPI library gets a CUPS wrapper...
208 */
209
210typedef struct _http_sspi_s		/**** SSPI/SSL data structure ****/
211{
212  CredHandle	creds;			/* Credentials */
213  CtxtHandle	context;		/* SSL context */
214  BOOL		contextInitialized;	/* Is context init'd? */
215  SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */
216  BYTE		*decryptBuffer;		/* Data pre-decryption*/
217  size_t	decryptBufferLength;	/* Length of decrypt buffer */
218  size_t	decryptBufferUsed;	/* Bytes used in buffer */
219  BYTE		*readBuffer;		/* Data post-decryption */
220  int		readBufferLength;	/* Length of read buffer */
221  int		readBufferUsed;		/* Bytes used in buffer */
222  BYTE		*writeBuffer;		/* Data pre-encryption */
223  int		writeBufferLength;	/* Length of write buffer */
224  PCCERT_CONTEXT localCert,		/* Local certificate */
225		remoteCert;		/* Remote (peer's) certificate */
226  char		error[256];		/* Most recent error message */
227} _http_sspi_t;
228typedef _http_sspi_t *http_tls_t;
229typedef PCCERT_CONTEXT http_tls_credentials_t;
230
231#  else
232/*
233 * Otherwise define stub types since we have no SSL support...
234 */
235
236typedef void *http_tls_t;
237typedef void *http_tls_credentials_t;
238#  endif /* HAVE_GNUTLS */
239
240typedef enum _http_coding_e		/**** HTTP content coding enumeration ****/
241{
242  _HTTP_CODING_IDENTITY,		/* No content coding */
243  _HTTP_CODING_GZIP,			/* LZ77+gzip decompression */
244  _HTTP_CODING_DEFLATE,			/* LZ77+zlib compression */
245  _HTTP_CODING_GUNZIP,			/* LZ77+gzip decompression */
246  _HTTP_CODING_INFLATE			/* LZ77+zlib decompression */
247} _http_coding_t;
248
249typedef enum _http_mode_e		/**** HTTP mode enumeration ****/
250{
251  _HTTP_MODE_CLIENT,			/* Client connected to server */
252  _HTTP_MODE_SERVER			/* Server connected (accepted) from client */
253} _http_mode_t;
254
255#  ifndef _HTTP_NO_PRIVATE
256struct _http_s				/**** HTTP connection structure ****/
257{
258  int			fd;		/* File descriptor for this socket */
259  int			blocking;	/* To block or not to block */
260  int			error;		/* Last error on read */
261  time_t		activity;	/* Time since last read/write */
262  http_state_t		state;		/* State of client */
263  http_status_t		status;		/* Status of last request */
264  http_version_t	version;	/* Protocol version */
265  http_keepalive_t	keep_alive;	/* Keep-alive supported? */
266  struct sockaddr_in	_hostaddr;	/* Address of connected host (deprecated) */
267  char			hostname[HTTP_MAX_HOST],
268  					/* Name of connected host */
269			fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE];
270					/* Field values up to Accept-Encoding */
271  char			*data;		/* Pointer to data buffer */
272  http_encoding_t	data_encoding;	/* Chunked or not */
273  int			_data_remaining;/* Number of bytes left (deprecated) */
274  int			used;		/* Number of bytes used in buffer */
275  char			buffer[HTTP_MAX_BUFFER];
276					/* Buffer for incoming data */
277  int			_auth_type;	/* Authentication in use (deprecated) */
278  _cups_md5_state_t	md5_state;	/* MD5 state */
279  char			nonce[HTTP_MAX_VALUE];
280					/* Nonce value */
281  int			nonce_count;	/* Nonce count */
282  http_tls_t		tls;		/* TLS state information */
283  http_encryption_t	encryption;	/* Encryption requirements */
284
285  /**** New in CUPS 1.1.19 ****/
286  fd_set		*input_set;	/* select() set for httpWait() (deprecated) */
287  http_status_t		expect;		/* Expect: header */
288  char			*cookie;	/* Cookie value(s) */
289
290  /**** New in CUPS 1.1.20 ****/
291  char			_authstring[HTTP_MAX_VALUE],
292					/* Current Authorization value (deprecated) */
293			userpass[HTTP_MAX_VALUE];
294					/* Username:password string */
295  int			digest_tries;	/* Number of tries for digest auth */
296
297  /**** New in CUPS 1.2 ****/
298  off_t			data_remaining;	/* Number of bytes left */
299  http_addr_t		*hostaddr;	/* Current host address and port */
300  http_addrlist_t	*addrlist;	/* List of valid addresses */
301  char			wbuffer[HTTP_MAX_BUFFER];
302					/* Buffer for outgoing data */
303  int			wused;		/* Write buffer bytes used */
304
305  /**** New in CUPS 1.3 ****/
306  char			*field_authorization;
307					/* Authorization field */
308  char			*authstring;	/* Current Authorization field */
309#  ifdef HAVE_GSSAPI
310  gss_OID 		gssmech;	/* Authentication mechanism */
311  gss_ctx_id_t		gssctx;		/* Authentication context */
312  gss_name_t		gssname;	/* Authentication server name */
313#  endif /* HAVE_GSSAPI */
314#  ifdef HAVE_AUTHORIZATION_H
315  AuthorizationRef	auth_ref;	/* Authorization ref */
316#  endif /* HAVE_AUTHORIZATION_H */
317
318  /**** New in CUPS 1.5 ****/
319  http_tls_credentials_t tls_credentials;
320					/* TLS credentials */
321  http_timeout_cb_t	timeout_cb;	/* Timeout callback */
322  void			*timeout_data;	/* User data pointer */
323  double		timeout_value;	/* Timeout in seconds */
324  int			wait_value;	/* httpWait value for timeout */
325#  ifdef HAVE_GSSAPI
326  char			gsshost[256];	/* Hostname for Kerberos */
327#  endif /* HAVE_GSSAPI */
328
329  /**** New in CUPS 1.7 ****/
330  int			tls_upgrade;	/* Non-zero if we are doing an upgrade */
331  _http_mode_t		mode;		/* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */
332  char			*accept_encoding,
333					/* Accept-Encoding field */
334			*allow,		/* Allow field */
335			*server,	/* Server field */
336			*default_accept_encoding,
337			*default_server,
338			*default_user_agent;
339					/* Default field values */
340#  ifdef HAVE_LIBZ
341  _http_coding_t	coding;		/* _HTTP_CODING_xxx */
342  z_stream		stream;		/* (De)compression stream */
343  Bytef			*sbuffer;	/* (De)compression buffer */
344#  endif /* HAVE_LIBZ */
345};
346#  endif /* !_HTTP_NO_PRIVATE */
347
348
349/*
350 * Some OS's don't have hstrerror(), most notably Solaris...
351 */
352
353#  ifndef HAVE_HSTRERROR
354extern const char *_cups_hstrerror(int error);
355#    define hstrerror _cups_hstrerror
356#  endif /* !HAVE_HSTRERROR */
357
358
359/*
360 * Some OS's don't have getifaddrs() and freeifaddrs()...
361 */
362
363#  if !defined(WIN32) && !defined(HAVE_GETIFADDRS)
364#    ifdef ifa_dstaddr
365#      undef ifa_dstaddr
366#    endif /* ifa_dstaddr */
367#    ifndef ifr_netmask
368#      define ifr_netmask ifr_addr
369#    endif /* !ifr_netmask */
370
371struct ifaddrs				/**** Interface Structure ****/
372{
373  struct ifaddrs	*ifa_next;	/* Next interface in list */
374  char			*ifa_name;	/* Name of interface */
375  unsigned int		ifa_flags;	/* Flags (up, point-to-point, etc.) */
376  struct sockaddr	*ifa_addr,	/* Network address */
377			*ifa_netmask;	/* Address mask */
378  union
379  {
380    struct sockaddr	*ifu_broadaddr;	/* Broadcast address of this interface. */
381    struct sockaddr	*ifu_dstaddr;	/* Point-to-point destination address. */
382  } ifa_ifu;
383
384  void			*ifa_data;	/* Interface statistics */
385};
386
387#    ifndef ifa_broadaddr
388#      define ifa_broadaddr ifa_ifu.ifu_broadaddr
389#    endif /* !ifa_broadaddr */
390#    ifndef ifa_dstaddr
391#      define ifa_dstaddr ifa_ifu.ifu_dstaddr
392#    endif /* !ifa_dstaddr */
393
394extern int	_cups_getifaddrs(struct ifaddrs **addrs);
395#    define getifaddrs _cups_getifaddrs
396extern void	_cups_freeifaddrs(struct ifaddrs *addrs);
397#    define freeifaddrs _cups_freeifaddrs
398#  endif /* !WIN32 && !HAVE_GETIFADDRS */
399
400
401/*
402 * Prototypes...
403 */
404
405extern void		_httpAddrSetPort(http_addr_t *addr, int port);
406extern http_tls_credentials_t
407			_httpCreateCredentials(cups_array_t *credentials);
408extern char		*_httpDecodeURI(char *dst, const char *src,
409			                size_t dstsize);
410extern void		_httpDisconnect(http_t *http);
411extern char		*_httpEncodeURI(char *dst, const char *src,
412			                size_t dstsize);
413extern void		_httpFreeCredentials(http_tls_credentials_t credentials);
414extern const char	*_httpResolveURI(const char *uri, char *resolved_uri,
415			                 size_t resolved_size, int options,
416					 int (*cb)(void *context),
417					 void *context);
418extern const char	*_httpStatus(cups_lang_t *lang, http_status_t status);
419extern void		_httpTLSInitialize(void);
420extern size_t		_httpTLSPending(http_t *http);
421extern int		_httpTLSRead(http_t *http, char *buf, int len);
422extern int		_httpTLSSetCredentials(http_t *http);
423extern int		_httpTLSStart(http_t *http);
424extern void		_httpTLSStop(http_t *http);
425extern int		_httpTLSWrite(http_t *http, const char *buf, int len);
426extern int		_httpUpdate(http_t *http, http_status_t *status);
427extern int		_httpWait(http_t *http, int msec, int usessl);
428
429
430/*
431 * C++ magic...
432 */
433
434#  ifdef __cplusplus
435}
436#  endif /* __cplusplus */
437
438#endif /* !_CUPS_HTTP_PRIVATE_H_ */
439
440/*
441 * End of "$Id: http-private.h 12131 2014-08-28 23:38:16Z msweet $".
442 */
443