/* * Safety test: only allow GET|POST dpi-urls from dpi-generated pages. */ int a_Capi_dpi_verify_request(BrowserWindow *bw, DilloUrl *url) { DilloUrl *referer; int allow = FALSE; /* test POST and GET */ if (dStrcasecmp(URL_SCHEME(url), "dpi") == 0 && URL_FLAGS(url) & (URL_Post + URL_Get)) { /* only allow dpi requests from dpi-generated urls */ if (a_Nav_stack_size(bw)) { referer = a_History_get_url(NAV_TOP_UIDX(bw)); if (dStrcasecmp(URL_SCHEME(referer), "dpi") == 0) { allow = TRUE; } } } else { allow = TRUE; } if (!allow) { MSG("a_Capi_dpi_verify_request: Permission Denied!\n"); MSG(" URL_STR : %s\n", URL_STR(url)); if (URL_FLAGS(url) & URL_Post) { MSG(" URL_DATA: %s\n", dStr_printable(URL_DATA(url), 1024)); } } return allow; }
/* * Check whether a URL scheme is downloadable. * Return: 1 enabled, 0 disabled. */ int a_Cache_download_enabled(const DilloUrl *url) { if (!dStrAsciiCasecmp(URL_SCHEME(url), "http") || !dStrAsciiCasecmp(URL_SCHEME(url), "https") || !dStrAsciiCasecmp(URL_SCHEME(url), "ftp")) return 1; return 0; }
/* * Make the HTTP header's Referer line according to preferences * (default is "host" i.e. "scheme://hostname/" ) */ static char *Http_get_referer(const DilloUrl *url) { char *referer = NULL; if (!strcmp(prefs.http_referer, "host")) { referer = dStrconcat("Referer: ", URL_SCHEME(url), "://", URL_AUTHORITY(url), "/", "\r\n", NULL); } else if (!strcmp(prefs.http_referer, "path")) { referer = dStrconcat("Referer: ", URL_SCHEME(url), "://", URL_AUTHORITY(url), URL_PATH_(url) ? URL_PATH(url) : "/", "\r\n", NULL); } if (!referer) referer = dStrdup(""); _MSG("http, referer='%s'\n", referer); return referer; }
/* * Return the host that contains a URL, or NULL if there is no such host. */ static AuthHost_t *Auth_host_by_url(const DilloUrl *url) { AuthHost_t *host; int i; for (i = 0; (host = dList_nth_data(auth_hosts, i)); i++) if (((dStrAsciiCasecmp(URL_SCHEME(url), host->scheme) == 0) && (dStrAsciiCasecmp(URL_AUTHORITY(url), host->authority) == 0))) return host; return NULL; }
static void Auth_do_auth_dialog_cb(const char *user, const char *password, void *vData) { AuthDialogData_t *data; AuthHost_t *host; AuthRealm_t *realm; data = (AuthDialogData_t *)vData; /* find or create the host */ if (!(host = Auth_host_by_url(data->url))) { /* create a new host */ host = dNew(AuthHost_t, 1); host->scheme = dStrdup(URL_SCHEME(data->url)); host->authority = dStrdup(URL_AUTHORITY(data->url)); host->realms = dList_new(1); dList_append(auth_hosts, host); } /* find or create the realm */ if (!(realm = Auth_realm_by_name(host, data->auth_parse->realm))) { realm = dNew0(AuthRealm_t, 1); realm->name = dStrdup(data->auth_parse->realm); realm->paths = dList_new(1); dList_append(host->realms, realm); } realm->type = data->auth_parse->type; dFree(realm->authorization); realm->authorization = NULL; Auth_realm_add_path(realm, URL_PATH(data->url)); if (realm->type == BASIC) { char *user_password = dStrconcat(user, ":", password, NULL); char *response = a_Misc_encode_base64(user_password); char *authorization = dStrconcat("Authorization: Basic ", response, "\r\n", NULL); dFree(realm->authorization); realm->authorization = authorization; dFree(response); dStrshred(user_password); dFree(user_password); } else if (realm->type == DIGEST) { dFree(realm->username); realm->username = dStrdup(user); realm->nonce_count = 0; dFree(realm->nonce); realm->nonce = dStrdup(data->auth_parse->nonce); dFree(realm->opaque); realm->opaque = dStrdup(data->auth_parse->opaque); realm->algorithm = data->auth_parse->algorithm; dFree(realm->domain); realm->domain = dStrdup(data->auth_parse->domain); realm->qop = data->auth_parse->qop; dFree(realm->cnonce); if (realm->qop != QOPNOTSET) realm->cnonce = a_Digest_create_cnonce(); if (!a_Digest_compute_digest(realm, user, password)) { MSG("Auth_do_auth_dialog_cb: a_Digest_compute_digest failed.\n"); dList_remove_fast(host->realms, realm); Auth_realm_delete(realm); } } else { MSG("Auth_do_auth_dialog_cb: Unknown auth type: %i\n", realm->type); } dStrshred((char *)password); }
/* * Scan, allocate, and set things according to header info. * (This function needs the whole header to work) */ static void Cache_parse_header(CacheEntry_t *entry) { char *header = entry->Header->str; char *Length, *Type, *location_str, *encoding; #ifndef DISABLE_COOKIES Dlist *Cookies; #endif Dlist *warnings; void *data; int i; _MSG("Cache_parse_header\n"); if (entry->Header->len > 12) { if (header[9] == '1' && header[10] == '0' && header[11] == '0') { /* 100: Continue. The "real" header has not come yet. */ MSG("An actual 100 Continue header!\n"); entry->Flags &= ~CA_GotHeader; dStr_free(entry->Header, 1); entry->Header = dStr_new(""); return; } if (header[9] == '3' && header[10] == '0' && (location_str = Cache_parse_field(header, "Location"))) { /* 30x: URL redirection */ DilloUrl *location_url = a_Url_new(location_str,URL_STR_(entry->Url)); if (prefs.filter_auto_requests == PREFS_FILTER_SAME_DOMAIN && !a_Url_same_organization(entry->Url, location_url)) { /* don't redirect; just show body like usual (if any) */ MSG("Redirection not followed from %s to %s\n", URL_HOST(entry->Url), URL_STR(location_url)); a_Url_free(location_url); } else { entry->Flags |= CA_Redirect; if (header[11] == '1') entry->Flags |= CA_ForceRedirect; /* 301 Moved Permanently */ else if (header[11] == '2') entry->Flags |= CA_TempRedirect; /* 302 Temporary Redirect */ if (URL_FLAGS(location_url) & (URL_Post + URL_Get) && dStrAsciiCasecmp(URL_SCHEME(location_url), "dpi") == 0 && dStrAsciiCasecmp(URL_SCHEME(entry->Url), "dpi") != 0) { /* Forbid dpi GET and POST from non dpi-generated urls */ MSG("Redirection Denied! '%s' -> '%s'\n", URL_STR(entry->Url), URL_STR(location_url)); a_Url_free(location_url); } else { entry->Location = location_url; } } dFree(location_str); } else if (strncmp(header + 9, "401", 3) == 0) { entry->Auth = Cache_parse_multiple_fields(header, "WWW-Authenticate"); } else if (strncmp(header + 9, "404", 3) == 0) { entry->Flags |= CA_NotFound; } } if ((warnings = Cache_parse_multiple_fields(header, "Warning"))) { for (i = 0; (data = dList_nth_data(warnings, i)); ++i) { MSG_HTTP("%s\n", (char *)data); dFree(data); } dList_free(warnings); } /* * Get Transfer-Encoding and initialize decoder */ encoding = Cache_parse_field(header, "Transfer-Encoding"); entry->TransferDecoder = a_Decode_transfer_init(encoding); if ((Length = Cache_parse_field(header, "Content-Length")) != NULL) { if (encoding) { /* * If Transfer-Encoding is present, Content-Length must be ignored. * If the Transfer-Encoding is non-identity, it is an error. */ if (dStrAsciiCasecmp(encoding, "identity")) MSG_HTTP("Content-Length and non-identity Transfer-Encoding " "headers both present.\n"); } else { entry->Flags |= CA_GotLength; entry->ExpectedSize = MAX(strtol(Length, NULL, 10), 0); } dFree(Length); } dFree(encoding); /* free Transfer-Encoding */ #ifndef DISABLE_COOKIES if ((Cookies = Cache_parse_multiple_fields(header, "Set-Cookie"))) { CacheClient_t *client; for (i = 0; (client = dList_nth_data(ClientQueue, i)); ++i) { if (client->Url == entry->Url) { DilloWeb *web = client->Web; if (!web->requester || a_Url_same_organization(entry->Url, web->requester)) { char *server_date = Cache_parse_field(header, "Date"); a_Cookies_set(Cookies, entry->Url, server_date); dFree(server_date); break; } } } if (i >= dList_length(ClientQueue)) { MSG("Cache: cookies not accepted from '%s'\n", URL_STR(entry->Url)); } for (i = 0; (data = dList_nth_data(Cookies, i)); ++i) dFree(data); dList_free(Cookies); } #endif /* !DISABLE_COOKIES */ /* * Get Content-Encoding and initialize decoder */ encoding = Cache_parse_field(header, "Content-Encoding"); entry->ContentDecoder = a_Decode_content_init(encoding); dFree(encoding); if (entry->ExpectedSize > 0) { if (entry->ExpectedSize > HUGE_FILESIZE) { entry->Flags |= CA_HugeFile; } /* Avoid some reallocs. With MAX_INIT_BUF we avoid a SEGFAULT * with huge files (e.g. iso files). * Note: the buffer grows automatically. */ dStr_free(entry->Data, 1); entry->Data = dStr_sized_new(MIN(entry->ExpectedSize, MAX_INIT_BUF)); } /* Get Content-Type */ if ((Type = Cache_parse_field(header, "Content-Type"))) { /* This HTTP Content-Type is not trusted. It's checked against real data * in Cache_process_queue(); only then CA_GotContentType becomes true. */ a_Cache_set_content_type(entry->Url, Type, "http"); _MSG("TypeHdr {%s} {%s}\n", Type, URL_STR(entry->Url)); _MSG("TypeMeta {%s}\n", entry->TypeMeta); dFree(Type); } Cache_ref_data(entry); }
/* * CCC function for the CAPI module */ void a_Capi_ccc(int Op, int Branch, int Dir, ChainLink *Info, void *Data1, void *Data2) { capi_conn_t *conn; dReturn_if_fail( a_Chain_check("a_Capi_ccc", Op, Branch, Dir, Info) ); if (Branch == 1) { if (Dir == BCK) { /* Command sending branch */ switch (Op) { case OpStart: /* Data1 = conn; Data2 = {Web | server} */ conn = Data1; Capi_conn_ref(conn); Info->LocalKey = conn; conn->InfoSend = Info; if (strcmp(conn->server, "http") == 0) { a_Chain_link_new(Info, a_Capi_ccc, BCK, a_Http_ccc, 1, 1); a_Chain_bcb(OpStart, Info, Data2, NULL); } else { a_Chain_link_new(Info, a_Capi_ccc, BCK, a_Dpi_ccc, 1, 1); a_Chain_bcb(OpStart, Info, Data2, NULL); } break; case OpSend: /* Data1 = dbuf */ a_Chain_bcb(OpSend, Info, Data1, NULL); break; case OpEnd: conn = Info->LocalKey; conn->InfoSend = NULL; a_Chain_bcb(OpEnd, Info, NULL, NULL); Capi_conn_unref(conn); dFree(Info); break; case OpAbort: conn = Info->LocalKey; conn->InfoSend = NULL; a_Chain_bcb(OpAbort, Info, NULL, NULL); Capi_conn_unref(conn); dFree(Info); break; default: MSG_WARN("Unused CCC\n"); break; } } else { /* 1 FWD */ /* Command sending branch (status) */ switch (Op) { case OpSend: if (!Data2) { MSG_WARN("Capi.c: Opsend [1F] Data2 = NULL\n"); } else if (strcmp(Data2, "FD") == 0) { conn = Info->LocalKey; conn->SockFD = *(int*)Data1; /* communicate the FD through the answer branch */ a_Capi_ccc(OpSend, 2, BCK, conn->InfoRecv, &conn->SockFD, "FD"); } else if (strcmp(Data2, "DpidOK") == 0) { /* resume pending dpi requests */ Capi_conn_resume(); } break; case OpAbort: conn = Info->LocalKey; conn->InfoSend = NULL; if (Data2) { if (!strcmp(Data2, "DpidERROR")) { a_UIcmd_set_msg(conn->bw, "ERROR: can't start dpid daemon " "(URL scheme = '%s')!", conn->url ? URL_SCHEME(conn->url) : ""); } else if (!strcmp(Data2, "Both") && conn->InfoRecv) { /* abort the other branch too */ a_Capi_ccc(OpAbort, 2, BCK, conn->InfoRecv, NULL, NULL); } } /* if URL == expect-url */ a_Nav_cancel_expect_if_eq(conn->bw, conn->url); /* finish conn */ Capi_conn_unref(conn); dFree(Info); break; default: MSG_WARN("Unused CCC\n"); break; } } } else if (Branch == 2) { if (Dir == BCK) { /* Answer branch */ switch (Op) { case OpStart: /* Data1 = conn; Data2 = {"http" | "<dpi server name>"} */ conn = Data1; Capi_conn_ref(conn); Info->LocalKey = conn; conn->InfoRecv = Info; a_Chain_link_new(Info, a_Capi_ccc, BCK, a_Dpi_ccc, 2, 2); a_Chain_bcb(OpStart, Info, NULL, Data2); break; case OpSend: /* Data1 = FD */ if (Data2 && strcmp(Data2, "FD") == 0) { a_Chain_bcb(OpSend, Info, Data1, Data2); } break; case OpAbort: conn = Info->LocalKey; conn->InfoRecv = NULL; a_Chain_bcb(OpAbort, Info, NULL, NULL); /* remove the cache entry for this URL */ a_Cache_entry_remove_by_url(conn->url); Capi_conn_unref(conn); dFree(Info); break; default: MSG_WARN("Unused CCC\n"); break; } } else { /* 2 FWD */ /* Server listening branch */ switch (Op) { case OpSend: conn = Info->LocalKey; if (strcmp(Data2, "send_page_2eof") == 0) { /* Data1 = dbuf */ DataBuf *dbuf = Data1; a_Cache_process_dbuf(IORead, dbuf->Buf, dbuf->Size, conn->url); } else if (strcmp(Data2, "send_status_message") == 0) { a_UIcmd_set_msg(conn->bw, "%s", Data1); } else if (strcmp(Data2, "chat") == 0) { a_UIcmd_set_msg(conn->bw, "%s", Data1); a_Bookmarks_chat_add(NULL, NULL, Data1); } else if (strcmp(Data2, "dialog") == 0) { a_Dpiapi_dialog(conn->bw, conn->server, Data1); } else if (strcmp(Data2, "reload_request") == 0) { a_Nav_reload(conn->bw); } else if (strcmp(Data2, "start_send_page") == 0) { /* prepare the cache to receive the data stream for this URL * * a_Capi_open_url() already added a new cache entry, * and a client for it. */ } break; case OpEnd: conn = Info->LocalKey; conn->InfoRecv = NULL; a_Cache_process_dbuf(IOClose, NULL, 0, conn->url); if (conn->InfoSend) { /* Propagate OpEnd to the sending branch too */ a_Capi_ccc(OpEnd, 1, BCK, conn->InfoSend, NULL, NULL); } Capi_conn_unref(conn); dFree(Info); break; default: MSG_WARN("Unused CCC\n"); break; } } } }
/* * Most used function for requesting a URL. * TODO: clean up the ad-hoc bindings with an API that allows dynamic * addition of new plugins. * * Return value: A primary key for identifying the client, * 0 if the client is aborted in the process. */ int a_Capi_open_url(DilloWeb *web, CA_Callback_t Call, void *CbData) { int reload; char *cmd, *server; capi_conn_t *conn = NULL; const char *scheme = URL_SCHEME(web->url); int safe = 0, ret = 0, use_cache = 0; /* reload test */ reload = (!(a_Capi_get_flags(web->url) & CAPI_IsCached) || (URL_FLAGS(web->url) & URL_E2EQuery)); if (web->flags & WEB_Download) { /* download request: if cached save from cache, else * for http, ftp or https, use the downloads dpi */ if (a_Capi_get_flags_with_redirection(web->url) & CAPI_IsCached) { if (web->filename) { if ((web->stream = fopen(web->filename, "w"))) { use_cache = 1; } else { MSG_WARN("Cannot open \"%s\" for writing.\n", web->filename); } } } else if (a_Cache_download_enabled(web->url)) { server = "downloads"; cmd = Capi_dpi_build_cmd(web, server); a_Capi_dpi_send_cmd(web->url, web->bw, cmd, server, 1); dFree(cmd); } } else if (Capi_url_uses_dpi(web->url, &server)) { /* dpi request */ if ((safe = a_Capi_dpi_verify_request(web->bw, web->url))) { if (dStrcasecmp(scheme, "dpi") == 0) { /* make "dpi:/" prefixed urls always reload. */ a_Url_set_flags(web->url, URL_FLAGS(web->url) | URL_E2EQuery); reload = 1; } if (reload) { a_Capi_conn_abort_by_url(web->url); /* Send dpip command */ cmd = Capi_dpi_build_cmd(web, server); a_Capi_dpi_send_cmd(web->url, web->bw, cmd, server, 1); dFree(cmd); } use_cache = 1; } dFree(server); } else if (!dStrcasecmp(scheme, "http")) { /* http request */ if (reload) { a_Capi_conn_abort_by_url(web->url); /* create a new connection and start the CCC operations */ conn = Capi_conn_new(web->url, web->bw, "http", "none"); /* start the reception branch before the query one because the DNS * may callback immediatly. This may avoid a race condition. */ a_Capi_ccc(OpStart, 2, BCK, a_Chain_new(), conn, "http"); a_Capi_ccc(OpStart, 1, BCK, a_Chain_new(), conn, web); } use_cache = 1; } else if (!dStrcasecmp(scheme, "about")) { /* internal request */ use_cache = 1; } if (use_cache) { if (!conn || (conn && Capi_conn_valid(conn))) { /* not aborted, let's continue... */ ret = a_Cache_open_url(web, Call, CbData); } } else { a_Web_free(web); } return ret; }