diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/http_client.c | 253 | ||||
| -rw-r--r-- | lib/http_client.h | 6 | ||||
| -rw-r--r-- | lib/oauth.c | 1 | ||||
| -rw-r--r-- | lib/oauth2.c | 76 | ||||
| -rw-r--r-- | lib/oauth2.h | 5 | ||||
| -rw-r--r-- | lib/proxy.c | 2 | ||||
| -rw-r--r-- | lib/ssl_nss.c | 4 |
7 files changed, 254 insertions, 93 deletions
diff --git a/lib/http_client.c b/lib/http_client.c index b384e1f0..b509c839 100644 --- a/lib/http_client.c +++ b/lib/http_client.c @@ -1,7 +1,7 @@ /********************************************************************\ * BitlBee -- An IRC to other IM-networks gateway * * * - * Copyright 2002-2012 Wilmer van der Gaast and others * + * Copyright 2002-2013 Wilmer van der Gaast and others * \********************************************************************/ /* HTTP(S) module */ @@ -68,6 +68,7 @@ struct http_request *http_dorequest( char *host, int port, int ssl, char *reques req->request = g_strdup( request ); req->request_length = strlen( request ); req->redir_ttl = 3; + req->content_length = -1; if( getenv( "BITLBEE_DEBUG" ) ) printf( "About to send HTTP request:\n%s\n", req->request ); @@ -95,7 +96,6 @@ struct http_request *http_dorequest_url( char *url_string, http_input_function f request = g_strdup_printf( "GET %s HTTP/1.0\r\n" "Host: %s\r\n" - "Connection: close\r\n" "User-Agent: BitlBee " BITLBEE_VERSION " " ARCH "/" CPU "\r\n" "\r\n", url->file, url->host ); @@ -192,14 +192,21 @@ static gboolean http_ssl_connected( gpointer data, int returncode, void *source, return http_connected( data, req->fd, cond ); } +typedef enum { + CR_OK, + CR_EOF, + CR_ERROR, + CR_ABORT, +} http_ret_t; + static gboolean http_handle_headers( struct http_request *req ); +static http_ret_t http_process_chunked_data( struct http_request *req, const char *buffer, int len ); +static http_ret_t http_process_data( struct http_request *req, const char *buffer, int len ); static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond ) { struct http_request *req = data; char buffer[4096]; - char *s; - size_t content_length; int st; if( req->inpa > 0 ) @@ -243,53 +250,25 @@ static gboolean http_incoming_data( gpointer data, int source, b_input_condition } } - if( st > 0 && !req->sbuf ) + if( st > 0 ) { - req->reply_headers = g_realloc( req->reply_headers, req->bytes_read + st + 1 ); - memcpy( req->reply_headers + req->bytes_read, buffer, st ); - req->bytes_read += st; + http_ret_t c; - st = 0; - } - - if( st >= 0 && ( req->flags & HTTPC_STREAMING ) ) - { - if( !req->reply_body && - ( strstr( req->reply_headers, "\r\n\r\n" ) || - strstr( req->reply_headers, "\n\n" ) ) ) - { - size_t hlen; - - /* We've now received all headers, so process them once - before we start feeding back data. */ - if( !http_handle_headers( req ) ) - return FALSE; - - hlen = req->reply_body - req->reply_headers; - - req->sblen = req->bytes_read - hlen; - req->sbuf = g_memdup( req->reply_body, req->sblen + 1 ); - req->reply_headers = g_realloc( req->reply_headers, hlen + 1 ); - - req->reply_body = req->sbuf; - } - - if( st > 0 ) - { - int pos = req->reply_body - req->sbuf; - req->sbuf = g_realloc( req->sbuf, req->sblen + st + 1 ); - memcpy( req->sbuf + req->sblen, buffer, st ); - req->bytes_read += st; - req->sblen += st; - req->sbuf[req->sblen] = '\0'; - req->reply_body = req->sbuf + pos; - req->body_size = req->sblen - pos; - } + if( req->flags & HTTPC_CHUNKED ) + c = http_process_chunked_data( req, buffer, st ); + else + c = http_process_data( req, buffer, st ); - if( req->reply_body ) - req->func( req ); + if( c == CR_EOF ) + goto eof; + else if( c == CR_ERROR || c == CR_ABORT ) + return FALSE; } + if( req->content_length != -1 && + req->body_size >= req->content_length ) + goto eof; + if( ssl_pending( req->ssl ) ) return http_incoming_data( data, source, cond ); @@ -310,14 +289,6 @@ eof: req->status_string = g_strdup( "Empty HTTP reply" ); goto cleanup; } - - if( !( req->flags & HTTPC_STREAMING ) ) - { - /* Returns FALSE if we were redirected, in which case we should abort - and not run any callback yet. */ - if( !http_handle_headers( req ) ) - return FALSE; - } cleanup: if( req->ssl ) @@ -325,17 +296,12 @@ cleanup: else closesocket( req->fd ); - if( ( s = get_rfc822_header( req->reply_headers, "Content-Length", 0 ) ) && - sscanf( s, "%zd", &content_length ) == 1 ) + if( req->body_size < req->content_length ) { - if( content_length < req->body_size ) - { - req->status_code = -1; - g_free( req->status_string ); - req->status_string = g_strdup( "Response truncated" ); - } + req->status_code = -1; + g_free( req->status_string ); + req->status_string = g_strdup( "Response truncated" ); } - g_free( s ); if( getenv( "BITLBEE_DEBUG" ) && req ) printf( "Finishing HTTP request with status: %s\n", @@ -346,11 +312,120 @@ cleanup: return FALSE; } +static http_ret_t http_process_chunked_data( struct http_request *req, const char *buffer, int len ) +{ + char *chunk, *eos, *s; + + if( len < 0 ) + return TRUE; + + if( len > 0 ) + { + req->cbuf = g_realloc( req->cbuf, req->cblen + len + 1 ); + memcpy( req->cbuf + req->cblen, buffer, len ); + req->cblen += len; + req->cbuf[req->cblen] = '\0'; + } + + /* Turns out writing a proper chunked-encoding state machine is not + that simple. :-( I've tested this one feeding it byte by byte so + I hope it's solid now. */ + chunk = req->cbuf; + eos = req->cbuf + req->cblen; + while( TRUE ) + { + int clen = 0; + + /* Might be a \r\n from the last chunk. */ + s = chunk; + while( isspace( *s ) ) + s ++; + /* Chunk length. Might be incomplete. */ + if( s < eos && sscanf( s, "%x", &clen ) != 1 ) + return CR_ERROR; + while( isxdigit( *s ) ) + s ++; + + /* If we read anything here, it *must* be \r\n. */ + if( strncmp( s, "\r\n", MIN( 2, eos - s ) ) != 0 ) + return CR_ERROR; + s += 2; + + if( s >= eos ) + break; + + /* 0-length chunk means end of response. */ + if( clen == 0 ) + return CR_EOF; + + /* Wait for the whole chunk to arrive. */ + if( s + clen > eos ) + break; + if( http_process_data( req, s, clen ) != CR_OK ) + return CR_ABORT; + + chunk = s + clen; + } + + if( chunk != req->cbuf ) + { + req->cblen = eos - chunk; + s = g_memdup( chunk, req->cblen + 1 ); + g_free( req->cbuf ); + req->cbuf = s; + } + + return CR_OK; +} + +static http_ret_t http_process_data( struct http_request *req, const char *buffer, int len ) +{ + if( len <= 0 ) + return CR_OK; + + if( !req->reply_body ) + { + req->reply_headers = g_realloc( req->reply_headers, req->bytes_read + len + 1 ); + memcpy( req->reply_headers + req->bytes_read, buffer, len ); + req->bytes_read += len; + req->reply_headers[req->bytes_read] = '\0'; + + if( strstr( req->reply_headers, "\r\n\r\n" ) || + strstr( req->reply_headers, "\n\n" ) ) + { + /* We've now received all headers. Look for something + interesting. */ + if( !http_handle_headers( req ) ) + return CR_ABORT; + + /* Start parsing the body as chunked if required. */ + if( req->flags & HTTPC_CHUNKED ) + return http_process_chunked_data( req, NULL, 0 ); + } + } + else + { + int pos = req->reply_body - req->sbuf; + req->sbuf = g_realloc( req->sbuf, req->sblen + len + 1 ); + memcpy( req->sbuf + req->sblen, buffer, len ); + req->bytes_read += len; + req->sblen += len; + req->sbuf[req->sblen] = '\0'; + req->reply_body = req->sbuf + pos; + req->body_size = req->sblen - pos; + } + + if( ( req->flags & HTTPC_STREAMING ) && req->reply_body ) + req->func( req ); + + return CR_OK; +} + /* Splits headers and body. Checks result code, in case of 300s it'll handle redirects. If this returns FALSE, don't call any callbacks! */ static gboolean http_handle_headers( struct http_request *req ) { - char *end1, *end2; + char *end1, *end2, *s; int evil_server = 0; /* Zero termination is very convenient. */ @@ -376,7 +451,7 @@ static gboolean http_handle_headers( struct http_request *req ) return TRUE; } - *end1 = 0; + *end1 = '\0'; if( getenv( "BITLBEE_DEBUG" ) ) printf( "HTTP response headers:\n%s\n", req->reply_headers ); @@ -386,7 +461,10 @@ static gboolean http_handle_headers( struct http_request *req ) else req->reply_body = end1 + 2; - req->body_size = req->reply_headers + req->bytes_read - req->reply_body; + /* Separately allocated space for headers and body. */ + req->sblen = req->body_size = req->reply_headers + req->bytes_read - req->reply_body; + req->sbuf = req->reply_body = g_memdup( req->reply_body, req->body_size + 1 ); + req->reply_headers = g_realloc( req->reply_headers, end1 - req->reply_headers + 1 ); if( ( end1 = strchr( req->reply_headers, ' ' ) ) != NULL ) { @@ -451,7 +529,7 @@ static gboolean http_handle_headers( struct http_request *req ) /* Since we don't cache the servername, and since we don't need this yet anyway, I won't implement it. */ - req->status_string = g_strdup( "Can't handle recursive redirects" ); + req->status_string = g_strdup( "Can't handle relative redirects" ); return TRUE; } @@ -459,7 +537,7 @@ static gboolean http_handle_headers( struct http_request *req ) { /* A whole URL */ url_t *url; - char *s; + char *s, *version, *headers; const char *new_method; s = strstr( loc, "\r\n" ); @@ -487,6 +565,7 @@ static gboolean http_handle_headers( struct http_request *req ) g_free( url ); return TRUE; } + headers = s; /* More or less HTTP/1.0 compliant, from my reading of RFC 2616. Always perform a GET request unless we received a 301. 303 was @@ -506,9 +585,19 @@ static gboolean http_handle_headers( struct http_request *req ) /* 301 de-facto should stay POST, 307 specifally RFC 2616#10.3.8 */ new_method = "POST"; + if( ( version = strstr( req->request, " HTTP/" ) ) && + ( s = strstr( version, "\r\n" ) ) ) + { + version ++; + version = g_strndup( version, s - version ); + } + else + version = g_strdup( "HTTP/1.0" ); + /* Okay, this isn't fun! We have to rebuild the request... :-( */ - new_request = g_strdup_printf( "%s %s HTTP/1.0\r\nHost: %s%s", - new_method, url->file, url->host, s ); + new_request = g_strdup_printf( "%s %s %s\r\nHost: %s%s", + new_method, url->file, version, + url->host, headers ); new_host = g_strdup( url->host ); new_port = url->port; @@ -520,6 +609,7 @@ static gboolean http_handle_headers( struct http_request *req ) s[4] = '\0'; g_free( url ); + g_free( version ); } if( req->ssl ) @@ -556,13 +646,35 @@ static gboolean http_handle_headers( struct http_request *req ) g_free( req->request ); g_free( req->reply_headers ); + g_free( req->sbuf ); req->request = new_request; req->request_length = strlen( new_request ); req->bytes_read = req->bytes_written = req->inpa = 0; req->reply_headers = req->reply_body = NULL; + req->sbuf = req->cbuf = NULL; + req->sblen = req->cblen = 0; return FALSE; } + + if( ( s = get_rfc822_header( req->reply_headers, "Content-Length", 0 ) ) && + sscanf( s, "%d", &req->content_length ) != 1 ) + req->content_length = -1; + g_free( s ); + + if( ( s = get_rfc822_header( req->reply_headers, "Transfer-Encoding", 0 ) ) ) + { + if( strcasestr( s, "chunked" ) ) + { + req->flags |= HTTPC_CHUNKED; + req->cbuf = req->sbuf; + req->cblen = req->sblen; + + req->reply_body = req->sbuf = g_strdup( "" ); + req->body_size = req->sblen = 0; + } + g_free( s ); + } return TRUE; } @@ -606,5 +718,6 @@ static void http_free( struct http_request *req ) g_free( req->reply_headers ); g_free( req->status_string ); g_free( req->sbuf ); + g_free( req->cbuf ); g_free( req ); } diff --git a/lib/http_client.h b/lib/http_client.h index ca427118..1b86f228 100644 --- a/lib/http_client.h +++ b/lib/http_client.h @@ -41,6 +41,7 @@ typedef enum http_client_flags { HTTPC_STREAMING = 1, HTTPC_EOF = 2, + HTTPC_CHUNKED = 4, /* Let's reserve 0x1000000+ for lib users. */ } http_client_flags_t; @@ -76,10 +77,15 @@ struct http_request int inpa; int bytes_written; int bytes_read; + int content_length; /* "Content-Length:" header or -1 */ /* Used in streaming mode. Caller should read from reply_body. */ char *sbuf; size_t sblen; + + /* Chunked encoding only. Raw chunked stream is decoded from here. */ + char *cbuf; + size_t cblen; }; /* The _url variant is probably more useful than the raw version. The raw diff --git a/lib/oauth.c b/lib/oauth.c index 04949e1b..c78b4a43 100644 --- a/lib/oauth.c +++ b/lib/oauth.c @@ -261,7 +261,6 @@ static void *oauth_post_request( const char *url, GSList **params_, http_input_f "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %zd\r\n" - "Connection: close\r\n" "\r\n" "%s", url_p.file, url_p.host, strlen( post ), post ); g_free( post ); diff --git a/lib/oauth2.c b/lib/oauth2.c index 6921a6d5..bfd4b143 100644 --- a/lib/oauth2.c +++ b/lib/oauth2.c @@ -1,9 +1,9 @@ /***************************************************************************\ * * * BitlBee - An IRC to IM gateway * -* Simple OAuth client (consumer) implementation. * +* Simple OAuth2 client (consumer) implementation. * * * -* Copyright 2010-2012 Wilmer van der Gaast <wilmer@gaast.net> * +* Copyright 2010-2013 Wilmer van der Gaast <wilmer@gaast.net> * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -21,11 +21,28 @@ * * \***************************************************************************/ +/* Out of protest, I should rename this file. OAuth2 is a pathetic joke, and + of all things, DEFINITELY NOT A STANDARD. The only thing various OAuth2 + implementations have in common is that name, wrongfully stolen from + a pretty nice standard called OAuth 1.0a. That, and the fact that they + use JSON. Wait, no, Facebook's version doesn't use JSON. For some of its + responses. + + Apparently too many people were too retarded to comprehend the elementary + bits of crypto in OAuth 1.0a (took me one afternoon to implement) so + the standard was replaced with what comes down to a complicated scheme + around what's really just application-specific passwords. + + And then a bunch of mostly incompatible implementations. Great work, guys. + + http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ */ + #include <glib.h> #include "http_client.h" #include "oauth2.h" #include "oauth.h" #include "json.h" +#include "json_util.h" #include "url.h" char *oauth2_url( const struct oauth2_service *sp ) @@ -78,7 +95,6 @@ int oauth2_access_token( const struct oauth2_service *sp, "Host: %s\r\n" "Content-Type: application/x-www-form-urlencoded\r\n" "Content-Length: %zd\r\n" - "Connection: close\r\n" "\r\n" "%s", url_p.file, url_p.host, strlen( args_s ), args_s ); g_free( args_s ); @@ -98,10 +114,35 @@ int oauth2_access_token( const struct oauth2_service *sp, return req != NULL; } +static char* oauth2_parse_error( json_value *e ) +{ + /* This does a reasonable job with some of the flavours of error + responses I've seen. Because apparently it's not standardised. */ + + if( e->type == json_object ) + { + /* Facebook style */ + const char *msg = json_o_str( e, "message" ); + const char *type = json_o_str( e, "type" ); + json_value *code_o = json_o_get( e, "code" ); + int code = 0; + + if( code_o && code_o->type == json_integer ) + code = code_o->u.integer; + + return g_strdup_printf( "Error %d: %s", code, msg ? msg : type ? type : "Unknown error" ); + } + else if( e->type == json_string ) + { + return g_strdup( e->u.string.ptr ); + } + return NULL; +} + static void oauth2_access_token_done( struct http_request *req ) { struct oauth2_access_token_data *cb_data = req->data; - char *atoken = NULL, *rtoken = NULL; + char *atoken = NULL, *rtoken = NULL, *error = NULL; char *content_type; if( getenv( "BITLBEE_DEBUG" ) && req->reply_body ) @@ -109,24 +150,22 @@ static void oauth2_access_token_done( struct http_request *req ) content_type = get_rfc822_header( req->reply_headers, "Content-Type", 0 ); - if( req->status_code != 200 ) - { - } - else if( content_type && strstr( content_type, "application/json" ) ) + if( content_type && ( strstr( content_type, "application/json" ) || + strstr( content_type, "text/javascript" ) ) ) { json_value *js = json_parse( req->reply_body ); if( js && js->type == json_object ) { - int i; - - for( i = 0; i < js->u.object.length; i ++ ) + JSON_O_FOREACH( js, k, v ) { - if( js->u.object.values[i].value->type != json_string ) + if( strcmp( k, "error" ) == 0 ) + error = oauth2_parse_error( v ); + if( v->type != json_string ) continue; - if( strcmp( js->u.object.values[i].name, "access_token" ) == 0 ) - atoken = g_strdup( js->u.object.values[i].value->u.string.ptr ); - if( strcmp( js->u.object.values[i].name, "refresh_token" ) == 0 ) - rtoken = g_strdup( js->u.object.values[i].value->u.string.ptr ); + if( strcmp( k, "access_token" ) == 0 ) + atoken = g_strdup( v->u.string.ptr ); + if( strcmp( k, "refresh_token" ) == 0 ) + rtoken = g_strdup( v->u.string.ptr ); } } json_value_free( js ); @@ -143,10 +182,13 @@ static void oauth2_access_token_done( struct http_request *req ) } if( getenv( "BITLBEE_DEBUG" ) ) printf( "Extracted atoken=%s rtoken=%s\n", atoken, rtoken ); + if( !atoken && !rtoken && !error ) + error = g_strdup( "Unusuable response" ); - cb_data->func( cb_data->data, atoken, rtoken ); + cb_data->func( cb_data->data, atoken, rtoken, error ); g_free( content_type ); g_free( atoken ); g_free( rtoken ); + g_free( error ); g_free( cb_data ); } diff --git a/lib/oauth2.h b/lib/oauth2.h index c8d18963..b3811f49 100644 --- a/lib/oauth2.h +++ b/lib/oauth2.h @@ -3,7 +3,7 @@ * BitlBee - An IRC to IM gateway * * Simple OAuth2 client (consumer) implementation. * * * -* Copyright 2010-2011 Wilmer van der Gaast <wilmer@gaast.net> * +* Copyright 2010-2013 Wilmer van der Gaast <wilmer@gaast.net> * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -24,7 +24,8 @@ /* Implementation mostly based on my experience with writing the previous OAuth module, and from http://code.google.com/apis/accounts/docs/OAuth2.html . */ -typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, const char *rtoken ); +typedef void (*oauth2_token_callback)( gpointer data, const char *atoken, + const char *rtoken, const char *error ); struct oauth2_service { diff --git a/lib/proxy.c b/lib/proxy.c index 3e5c9d49..b6b02d72 100644 --- a/lib/proxy.c +++ b/lib/proxy.c @@ -157,7 +157,7 @@ static int proxy_connect_none(const char *host, unsigned short port_, struct PHB event_debug("bind( %d, \"%s\" ) failure\n", fd, global.conf->iface_out); } - event_debug("proxy_connect_none( \"%s\", %d ) = %d\n", host, port, fd); + event_debug("proxy_connect_none( \"%s\", %d ) = %d\n", host, port_, fd); if (connect(fd, phb->gai_cur->ai_addr, phb->gai_cur->ai_addrlen) < 0 && !sockerr_again()) { event_debug( "connect failed: %s\n", strerror(errno)); diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c index e8de884f..045cd322 100644 --- a/lib/ssl_nss.c +++ b/lib/ssl_nss.c @@ -151,7 +151,7 @@ void *ssl_starttls(int fd, char *hostname, gboolean verify, conn->fd = fd; conn->func = func; conn->data = data; - conn->hostname = hostname; + conn->hostname = g_strdup(hostname); /* For now, SSL verification is globally enabled by setting the cafile setting in bitlbee.conf. Commented out by default because probably @@ -295,7 +295,7 @@ void ssl_disconnect(void *conn_) if (conn->prfd) PR_Close(conn->prfd); - g_free(conn->hostname); + g_free(conn->hostname); g_free(conn); } |