/** * Get the username and password from the basic authorization header sent by the client * * @param connection The MHD connection structure * @param password a pointer for the password * @return NULL if no username could be found, a pointer * to the username if found * @ingroup authentication */ char * MHD_basic_auth_get_username_password (struct MHD_Connection *connection, char** password) { const char *header; char *decode; const char *separator; char *user; if ( (NULL == (header = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_AUTHORIZATION))) || (0 != strncmp (header, _BASIC_BASE, strlen (_BASIC_BASE))) ) return NULL; header += strlen (_BASIC_BASE); if (NULL == (decode = BASE64Decode (header))) { #ifdef HAVE_MESSAGES MHD_DLOG (connection->daemon, _("Error decoding basic authentication\n")); #endif return NULL; } /* Find user:password pattern */ if (NULL == (separator = strchr (decode, ':'))) { #ifdef HAVE_MESSAGES MHD_DLOG(connection->daemon, _("Basic authentication doesn't contain ':' separator\n")); #endif free (decode); return NULL; } if (NULL == (user = strdup (decode))) { free (decode); return NULL; } user[separator - decode] = '\0'; /* cut off at ':' */ if (NULL != password) { *password = strdup (separator + 1); if (NULL == *password) { #ifdef HAVE_MESSAGES MHD_DLOG(connection->daemon, _("Failed to allocate memory for password\n")); #endif free (decode); free (user); return NULL; } } free (decode); return user; }
/** * This function was created to handle per-connection processing that * has to happen even if the socket cannot be read or written to. All * implementations (multithreaded, external select, internal select) * call this function. * * @param connection being handled * @return MHD_YES if we should continue to process the * connection (not dead yet), MHD_NO if it died */ static int MHD_tls_connection_handle_idle (struct MHD_Connection *connection) { unsigned int timeout; #if DEBUG_STATES MHD_DLOG (connection->daemon, "%s: state: %s\n", __FUNCTION__, MHD_state_to_string (connection->state)); #endif timeout = connection->daemon->connection_timeout; if ((connection->socket_fd != -1) && (timeout != 0) && (time (NULL) - timeout > connection->last_activity)) { MHD_tls_connection_close (connection, MHD_REQUEST_TERMINATED_TIMEOUT_REACHED); return MHD_NO; } switch (connection->state) { /* on newly created connections we might reach here before any reply has been received */ case MHD_TLS_CONNECTION_INIT: return MHD_YES; /* close connection if necessary */ case MHD_CONNECTION_CLOSED: if (connection->socket_fd != -1) MHD_tls_connection_close (connection, MHD_REQUEST_TERMINATED_COMPLETED_OK); return MHD_NO; default: return MHD_connection_handle_idle (connection); } return MHD_YES; }
/** * This function handles a particular SSL/TLS connection when * it has been determined that there is data to be read off a * socket. Message processing is done by message type which is * determined by peeking into the first message type byte of the * stream. * * Error message handling: all fatal level messages cause the * connection to be terminated. * * Application data is forwarded to the underlying daemon for * processing. * * @param connection : the source connection * @return MHD_YES if we should continue to process the * connection (not dead yet), MHD_NO if it died */ static int MHD_tls_connection_handle_read (struct MHD_Connection *connection) { int ret; connection->last_activity = time (NULL); if (connection->state == MHD_TLS_CONNECTION_INIT) { ret = gnutls_handshake (connection->tls_session); if (ret == GNUTLS_E_SUCCESS) { /* set connection state to enable HTTP processing */ connection->state = MHD_CONNECTION_INIT; return MHD_YES; } if ( (ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED) ) { /* handshake not done */ return MHD_YES; } /* handshake failed */ #if HAVE_MESSAGES MHD_DLOG (connection->daemon, "Error: received handshake message out of context\n"); #endif MHD_tls_connection_close (connection, MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_NO; } return MHD_connection_handle_read (connection); }
/** * Give gnuTLS chance to work on the TLS handshake. * * @param connection connection to handshake on * @return #MHD_YES on error or if the handshake is progressing * #MHD_NO if the handshake has completed successfully * and we should start to read/write data */ static int run_tls_handshake (struct MHD_Connection *connection) { int ret; connection->last_activity = MHD_monotonic_sec_counter (); if (MHD_TLS_CONNECTION_INIT == connection->state) { ret = gnutls_handshake (connection->tls_session); if (ret == GNUTLS_E_SUCCESS) { /* set connection state to enable HTTP processing */ connection->state = MHD_CONNECTION_INIT; return MHD_YES; } if ( (GNUTLS_E_AGAIN == ret) || (GNUTLS_E_INTERRUPTED == ret) ) { /* handshake not done */ return MHD_YES; } /* handshake failed */ #ifdef HAVE_MESSAGES MHD_DLOG (connection->daemon, _("Error: received handshake message out of context\n")); #endif MHD_connection_close_ (connection, MHD_REQUEST_TERMINATED_WITH_ERROR); return MHD_YES; } return MHD_NO; }
/** * This function was created to handle per-connection processing that * has to happen even if the socket cannot be read or written to. All * implementations (multithreaded, external select, internal select) * call this function. * * @param connection being handled * @return MHD_YES if we should continue to process the * connection (not dead yet), MHD_NO if it died */ static int MHD_tls_connection_handle_idle (struct MHD_Connection *connection) { unsigned int timeout; #if DEBUG_STATES MHD_DLOG (connection->daemon, "%s: state: %s\n", __FUNCTION__, MHD_state_to_string (connection->state)); #endif timeout = connection->connection_timeout; if ( (timeout != 0) && (time (NULL) - timeout > connection->last_activity)) MHD_connection_close (connection, MHD_REQUEST_TERMINATED_TIMEOUT_REACHED); switch (connection->state) { /* on newly created connections we might reach here before any reply has been received */ case MHD_TLS_CONNECTION_INIT: return MHD_YES; /* close connection if necessary */ case MHD_CONNECTION_CLOSED: gnutls_bye (connection->tls_session, GNUTLS_SHUT_RDWR); return MHD_connection_handle_idle (connection); default: if ( (0 != gnutls_record_check_pending (connection->tls_session)) && (MHD_YES != MHD_tls_connection_handle_read (connection)) ) return MHD_YES; return MHD_connection_handle_idle (connection); } return MHD_YES; }
/** * Queues a response to request basic authentication from the client. * The given response object is expected to include the payload for * the response; the "WWW-Authenticate" header will be added and the * response queued with the 'UNAUTHORIZED' status code. * * @param connection The MHD connection structure * @param realm the realm presented to the client * @param response response object to modify and queue * @return #MHD_YES on success, #MHD_NO otherwise * @ingroup authentication */ int MHD_queue_basic_auth_fail_response (struct MHD_Connection *connection, const char *realm, struct MHD_Response *response) { int ret; int res; size_t hlen = strlen(realm) + strlen("Basic realm=\"\"") + 1; char *header; header = (char *) malloc(hlen); if (NULL == header) { #ifdef HAVE_MESSAGES MHD_DLOG(connection->daemon, "Failed to allocate memory for auth header\n"); #endif /* HAVE_MESSAGES */ return MHD_NO; } res = MHD_snprintf_ (header, hlen, "Basic realm=\"%s\"", realm); if (res > 0 && (size_t)res < hlen) ret = MHD_add_response_header (response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, header); else ret = MHD_NO; free(header); if (MHD_YES == ret) ret = MHD_queue_response (connection, MHD_HTTP_UNAUTHORIZED, response); else { #ifdef HAVE_MESSAGES MHD_DLOG (connection->daemon, _("Failed to add Basic auth header\n")); #endif /* HAVE_MESSAGES */ } return ret; }
/** * Resume handling of network data for suspended request. It is * safe to resume a suspended request at any time. Calling this * function on a request that was not previously suspended will * result in undefined behavior. * * If you are using this function in ``external'' select mode, you must * make sure to run #MHD_run() afterwards (before again calling * #MHD_get_fdset(), as otherwise the change may not be reflected in * the set returned by #MHD_get_fdset() and you may end up with a * request that is stuck until the next network activity. * * @param request the request to resume */ void MHD_request_resume (struct MHD_Request *request) { struct MHD_Daemon *daemon = request->daemon; if (daemon->disallow_suspend_resume) MHD_PANIC (_("Cannot resume connections without enabling MHD_ALLOW_SUSPEND_RESUME!\n")); MHD_mutex_lock_chk_ (&daemon->cleanup_connection_mutex); request->connection->resuming = true; daemon->resuming = true; MHD_mutex_unlock_chk_ (&daemon->cleanup_connection_mutex); if ( (MHD_ITC_IS_VALID_(daemon->itc)) && (! MHD_itc_activate_ (daemon->itc, "r")) ) { #ifdef HAVE_MESSAGES MHD_DLOG (daemon, MHD_SC_ITC_USE_FAILED, _("Failed to signal resume via inter-thread communication channel.")); #endif } }
/** * This function was created to handle per-connection processing that * has to happen even if the socket cannot be read or written to. All * implementations (multithreaded, external select, internal select) * call this function. * * @param connection being handled * @return #MHD_YES if we should continue to process the * connection (not dead yet), #MHD_NO if it died */ static int MHD_tls_connection_handle_idle (struct MHD_Connection *connection) { unsigned int timeout; #if DEBUG_STATES MHD_DLOG (connection->daemon, _("In function %s handling connection at state: %s\n"), __FUNCTION__, MHD_state_to_string (connection->state)); #endif timeout = connection->connection_timeout; if ( (timeout != 0) && (timeout <= (MHD_monotonic_sec_counter() - connection->last_activity))) MHD_connection_close_ (connection, MHD_REQUEST_TERMINATED_TIMEOUT_REACHED); switch (connection->state) { /* on newly created connections we might reach here before any reply has been received */ case MHD_TLS_CONNECTION_INIT: break; /* close connection if necessary */ case MHD_CONNECTION_CLOSED: return MHD_connection_handle_idle (connection); default: if ( (0 != gnutls_record_check_pending (connection->tls_session)) && (MHD_YES != MHD_tls_connection_handle_read (connection)) ) return MHD_YES; return MHD_connection_handle_idle (connection); } #ifdef EPOLL_SUPPORT return MHD_connection_epoll_update_ (connection); #else return MHD_YES; #endif }
/** * Run through the suspended connections and move any that are no * longer suspended back to the active state. * * @remark To be called only from thread that process * daemon's select()/poll()/etc. * * @param daemon daemon context * @return true if a connection was actually resumed */ bool MHD_resume_suspended_connections_ (struct MHD_Daemon *daemon) /* FIXME: rename connections -> requests? */ { struct MHD_Connection *pos; struct MHD_Connection *prev = NULL; bool ret; const bool used_thr_p_c = (MHD_TM_THREAD_PER_CONNECTION == daemon->threading_mode); mhd_assert (NULL == daemon->worker_pool); ret = false; MHD_mutex_lock_chk_ (&daemon->cleanup_connection_mutex); if (daemon->resuming) { prev = daemon->suspended_connections_tail; /* During shutdown check for resuming is forced. */ mhd_assert((NULL != prev) || (daemon->shutdown)); } daemon->resuming = false; while (NULL != (pos = prev)) { #ifdef UPGRADE_SUPPORT struct MHD_UpgradeResponseHandle * const urh = pos->request.urh; #else /* ! UPGRADE_SUPPORT */ static const void * const urh = NULL; #endif /* ! UPGRADE_SUPPORT */ prev = pos->prev; if ( (! pos->resuming) #ifdef UPGRADE_SUPPORT || ( (NULL != urh) && ( (! urh->was_closed) || (! urh->clean_ready) ) ) #endif /* UPGRADE_SUPPORT */ ) continue; ret = true; mhd_assert (pos->suspended); DLL_remove (daemon->suspended_connections_head, daemon->suspended_connections_tail, pos); pos->suspended = false; if (NULL == urh) { DLL_insert (daemon->connections_head, daemon->connections_tail, pos); if (! used_thr_p_c) { /* Reset timeout timer on resume. */ if (0 != pos->connection_timeout) pos->last_activity = MHD_monotonic_sec_counter(); if (pos->connection_timeout == daemon->connection_default_timeout) XDLL_insert (daemon->normal_timeout_head, daemon->normal_timeout_tail, pos); else XDLL_insert (daemon->manual_timeout_head, daemon->manual_timeout_tail, pos); } #ifdef EPOLL_SUPPORT if (MHD_ELS_EPOLL == daemon->event_loop_syscall) { if (0 != (pos->epoll_state & MHD_EPOLL_STATE_IN_EREADY_EDLL)) MHD_PANIC ("Resumed connection was already in EREADY set\n"); /* we always mark resumed connections as ready, as we might have missed the edge poll event during suspension */ EDLL_insert (daemon->eready_head, daemon->eready_tail, pos); pos->epoll_state |= MHD_EPOLL_STATE_IN_EREADY_EDLL | \ MHD_EPOLL_STATE_READ_READY | MHD_EPOLL_STATE_WRITE_READY; pos->epoll_state &= ~MHD_EPOLL_STATE_SUSPENDED; } #endif } #ifdef UPGRADE_SUPPORT else { struct MHD_Response *response = pos->request.response; /* Data forwarding was finished (for TLS connections) AND * application was closed upgraded connection. * Insert connection into cleanup list. */ if ( (NULL != response) && (MHD_TM_THREAD_PER_CONNECTION != daemon->threading_mode) && (NULL != response->termination_cb) ) response->termination_cb (response->termination_cb_cls, MHD_REQUEST_TERMINATED_COMPLETED_OK, &pos->request.client_context); DLL_insert (daemon->cleanup_head, daemon->cleanup_tail, pos); } #endif /* UPGRADE_SUPPORT */ pos->resuming = false; } MHD_mutex_unlock_chk_ (&daemon->cleanup_connection_mutex); if ( (used_thr_p_c) && (ret) ) { /* Wake up suspended connections. */ if (! MHD_itc_activate_(daemon->itc, "w")) { #ifdef HAVE_MESSAGES MHD_DLOG (daemon, MHD_SC_ITC_USE_FAILED, _("Failed to signal resume of connection via inter-thread communication channel.")); #endif } } return ret; }