static apr_status_t setup_request(serf_request_t *request,
void *setup_baton,
serf_bucket_t **req_bkt,
serf_response_acceptor_t *acceptor,
void **acceptor_baton,
serf_response_handler_t *handler,
void **handler_baton,
apr_pool_t *pool)
{
handler_baton_t *ctx = setup_baton;
serf_bucket_t *hdrs_bkt;
*req_bkt = serf_bucket_request_create("GET", ctx->full_path, NULL,
serf_request_get_alloc(request));
hdrs_bkt = serf_bucket_request_get_headers(*req_bkt);
/* FIXME: Shouldn't we be able to figure out the host ourselves? */
serf_bucket_headers_setn(hdrs_bkt, "Host", ctx->hostinfo);
serf_bucket_headers_setn(hdrs_bkt, "User-Agent",
"Serf/" SERF_VERSION_STRING);
/* Shouldn't serf do this for us? */
serf_bucket_headers_setn(hdrs_bkt, "Accept-Encoding", "gzip");
if (ctx->app_ctx->authn != NULL) {
serf_bucket_headers_setn(hdrs_bkt, "Authorization",
ctx->app_ctx->authn);
}
if (ctx->app_ctx->using_ssl) {
serf_bucket_alloc_t *req_alloc;
req_alloc = serf_request_get_alloc(request);
if (ctx->app_ctx->ssl_ctx == NULL) {
*req_bkt = serf_bucket_ssl_encrypt_create(*req_bkt, NULL,
ctx->app_ctx->bkt_alloc);
ctx->app_ctx->ssl_ctx =
serf_bucket_ssl_encrypt_context_get(*req_bkt);
}
else {
*req_bkt =
serf_bucket_ssl_encrypt_create(*req_bkt, ctx->app_ctx->ssl_ctx,
ctx->app_ctx->bkt_alloc);
}
}
#ifdef SERF_VERBOSE
printf("Url requesting: %s\n", ctx->full_path);
#endif
*acceptor = ctx->acceptor;
*acceptor_baton = ctx->acceptor_baton;
*handler = ctx->handler;
*handler_baton = ctx;
return APR_SUCCESS;
}
static apr_status_t setup_request(serf_request_t *request,
void *setup_baton,
serf_bucket_t **req_bkt,
serf_response_acceptor_t *acceptor,
void **acceptor_baton,
serf_response_handler_t *handler,
void **handler_baton,
apr_pool_t *pool)
{
handler_baton_t *ctx = setup_baton;
serf_bucket_t *hdrs_bkt;
serf_bucket_t *body_bkt;
if (ctx->req_body_path) {
apr_file_t *file;
apr_status_t status;
status = apr_file_open(&file, ctx->req_body_path, APR_READ,
APR_OS_DEFAULT, pool);
if (status) {
printf("Error opening file (%s)\n", ctx->req_body_path);
return status;
}
body_bkt = serf_bucket_file_create(file,
serf_request_get_alloc(request));
}
else {
body_bkt = NULL;
}
*req_bkt = serf_request_bucket_request_create(request, ctx->method,
ctx->path, body_bkt,
serf_request_get_alloc(request));
hdrs_bkt = serf_bucket_request_get_headers(*req_bkt);
serf_bucket_headers_setn(hdrs_bkt, "User-Agent",
"Serf/" SERF_VERSION_STRING);
/* Shouldn't serf do this for us? */
serf_bucket_headers_setn(hdrs_bkt, "Accept-Encoding", "gzip");
#ifdef CONNECTION_CLOSE_HDR
serf_bucket_headers_setn(hdrs_bkt, "Connection", "close");
#endif
/* Add the extra headers from the command line */
if (ctx->req_hdrs != NULL) {
serf_bucket_headers_do(ctx->req_hdrs, append_request_headers, hdrs_bkt);
}
*acceptor = ctx->acceptor;
*acceptor_baton = ctx->acceptor_baton;
*handler = ctx->handler;
*handler_baton = ctx;
return APR_SUCCESS;
}
static apr_status_t setup_request(serf_request_t *request,
void *vbaton,
serf_bucket_t **req_bkt,
serf_response_acceptor_t *acceptor,
void **acceptor_baton,
serf_response_handler_t *handler,
void **handler_baton,
apr_pool_t *pool)
{
s_baton_t *ctx = vbaton;
serf_bucket_t *hdrs_bkt;
*req_bkt = serf_bucket_request_create(ctx->r->method, ctx->r->unparsed_uri,
ctx->body_bkt,
serf_request_get_alloc(request));
hdrs_bkt = serf_bucket_request_get_headers(*req_bkt);
apr_table_do(copy_headers_in, hdrs_bkt, ctx->r->headers_in, NULL);
if (ctx->conf->preservehost) {
serf_bucket_headers_setn(hdrs_bkt, "Host",
apr_table_get(ctx->r->headers_in, "Host"));
}
else {
serf_bucket_headers_setn(hdrs_bkt, "Host", ctx->conf->url.hostname);
}
serf_bucket_headers_setn(hdrs_bkt, "Accept-Encoding", "gzip");
if (ctx->want_ssl) {
if (ctx->ssl_ctx == NULL) {
*req_bkt = serf_bucket_ssl_encrypt_create(*req_bkt, NULL,
ctx->bkt_alloc);
ctx->ssl_ctx = serf_bucket_ssl_encrypt_context_get(*req_bkt);
}
else {
*req_bkt = serf_bucket_ssl_encrypt_create(*req_bkt, ctx->ssl_ctx,
ctx->bkt_alloc);
}
}
*acceptor = accept_response;
*acceptor_baton = ctx;
*handler = handle_response;
*handler_baton = ctx;
return APR_SUCCESS;
}
static svn_error_t *
setup_propfind_headers(serf_bucket_t *headers,
void *setup_baton,
apr_pool_t *pool /* request pool */,
apr_pool_t *scratch_pool)
{
propfind_context_t *ctx = setup_baton;
serf_bucket_headers_setn(headers, "Depth", ctx->depth);
if (ctx->label)
{
serf_bucket_headers_setn(headers, "Label", ctx->label);
}
return SVN_NO_ERROR;
}
/* Implements serf__setup_request_func_t callback. */
static apr_status_t
serf__setup_request_basic_auth(const serf__authn_scheme_t *scheme,
peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
basic_authn_info_t *basic_info;
if (peer == HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
}
basic_info = authn_info->baton;
if (basic_info && basic_info->header && basic_info->value) {
serf_bucket_headers_setn(hdrs_bkt, basic_info->header,
basic_info->value);
return APR_SUCCESS;
}
return SERF_ERROR_AUTHN_FAILED;
}
static int copy_headers_in(void *vbaton, const char *key, const char *value)
{
serf_bucket_t *hdrs_bkt = (serf_bucket_t *)vbaton;
/* XXXXX: List of headers not to copy to serf. serf's serf_bucket_headers_setn,
* doesn't actually overwrite a header if we set it once, so we need to ignore anything
* we might want to toggle or combine.
*/
switch (key[0]) {
case 'a':
case 'A':
if (strcasecmp("Accept-Encoding", key) == 0) {
return 0;
}
break;
case 'c':
case 'C':
if (strcasecmp("Connection", key) == 0) {
return 0;
}
break;
case 'h':
case 'H':
if (strcasecmp("Host", key) == 0) {
return 0;
}
break;
case 'k':
case 'K':
if (strcasecmp("Keep-Alive", key) == 0) {
return 0;
}
break;
case 't':
case 'T':
if (strcasecmp("TE", key) == 0) {
return 0;
}
if (strcasecmp("Trailer", key) == 0) {
return 0;
}
break;
case 'u':
case 'U':
if (strcasecmp("Upgrade", key) == 0) {
return 0;
}
break;
default:
break;
}
serf_bucket_headers_setn(hdrs_bkt, key, value);
return 0;
}
static svn_error_t *
setup_request_basic_auth(svn_ra_serf__connection_t *conn,
serf_bucket_t *hdrs_bkt)
{
/* Take the default authentication header for this connection, if any. */
if (conn->auth_header && conn->auth_value)
{
serf_bucket_headers_setn(hdrs_bkt, conn->auth_header, conn->auth_value);
}
return SVN_NO_ERROR;
}
apr_status_t
serf__setup_request_digest_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
digest_authn_info_t *digest_info = (peer == HOST) ? conn->authn_baton :
conn->proxy_authn_baton;
apr_status_t status = APR_SUCCESS;
if (digest_info && digest_info->realm) {
const char *value;
apr_uri_t parsed_uri;
/* TODO: per request pool? */
/* Extract path from uri. */
status = apr_uri_parse(conn->pool, uri, &parsed_uri);
/* Build a new Authorization header. */
digest_info->header = (peer == HOST) ? "Authorization" :
"Proxy-Authorization";
value = build_auth_header(digest_info, parsed_uri.path, method,
conn->pool);
serf_bucket_headers_setn(hdrs_bkt, digest_info->header,
value);
digest_info->digest_nc++;
/* Store the uri of this request on the serf_request_t object, to make
it available when validating the Authentication-Info header of the
matching response. */
request->auth_baton = parsed_uri.path;
}
return status;
}
/* Setup the authn headers on this request message. */
apr_status_t
serf__setup_request_kerb_auth(int code,
serf_connection_t *conn,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
gss_authn_info_t *gss_info = (code == 401) ? conn->authn_baton :
conn->proxy_authn_baton;
if (gss_info && gss_info->header && gss_info->value) {
serf_bucket_headers_setn(hdrs_bkt, gss_info->header,
gss_info->value);
/* We should send each token only once. */
gss_info->header = NULL;
gss_info->value = NULL;
return APR_SUCCESS;
}
return SERF_ERROR_AUTHN_FAILED;
}
/* Setup the authn headers on this request message. */
apr_status_t
serf__setup_request_spnego_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
serf_context_t *ctx = conn->ctx;
gss_authn_info_t *gss_info = (peer == HOST) ? conn->authn_info.baton :
ctx->proxy_authn_info.baton;
/* If we have an ongoing authentication handshake, the handler of the
previous response will have created the authn headers for this request
already. */
if (gss_info && gss_info->header && gss_info->value) {
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Set Negotiate authn header on retried request.\n");
serf_bucket_headers_setn(hdrs_bkt, gss_info->header,
gss_info->value);
/* Remember that we're using this request for authentication
handshake. */
request->auth_baton = (void*) TRUE;
/* We should send each token only once. */
gss_info->header = NULL;
gss_info->value = NULL;
return APR_SUCCESS;
}
switch (gss_info->pstate) {
case pstate_init:
/* We shouldn't normally arrive here, do nothing. */
break;
case pstate_undecided: /* fall through */
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Assume for now that the server supports persistent "
"SPNEGO authentication.\n");
/* Nothing to do here. */
break;
case pstate_stateful:
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"SPNEGO on this connection is persistent, "
"don't set authn header on next request.\n");
/* Nothing to do here. */
break;
case pstate_stateless:
{
apr_status_t status;
/* Authentication on this connection is known to be stateless.
Add an initial Negotiate token for the server, to bypass the
40x response we know we'll otherwise receive.
(RFC 4559 section 4.2) */
serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt,
"Add initial Negotiate header to request.\n");
status = do_auth(peer,
code,
gss_info,
conn,
request,
0l, /* no response authn header */
conn->pool);
if (status)
return status;
serf_bucket_headers_setn(hdrs_bkt, gss_info->header,
gss_info->value);
/* Remember that we're using this request for authentication
handshake. */
request->auth_baton = (void*) TRUE;
/* We should send each token only once. */
gss_info->header = NULL;
gss_info->value = NULL;
break;
}
}
return APR_SUCCESS;
}
/* Implements serf__setup_request_func_t callback. */
static apr_status_t
serf__setup_request_digest_auth(peer_t peer,
int code,
serf_connection_t *conn,
serf_request_t *request,
const char *method,
const char *uri,
serf_bucket_t *hdrs_bkt)
{
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
digest_authn_info_t *digest_info;
apr_status_t status;
if (peer == HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
}
digest_info = authn_info->baton;
if (digest_info && digest_info->realm) {
const char *value;
const char *path;
/* TODO: per request pool? */
/* for request 'CONNECT serf.googlecode.com:443', the uri also should be
serf.googlecode.com:443. apr_uri_parse can't handle this, so special
case. */
if (strcmp(method, "CONNECT") == 0)
path = uri;
else {
apr_uri_t parsed_uri;
/* Extract path from uri. */
status = apr_uri_parse(conn->pool, uri, &parsed_uri);
if (status)
return status;
path = parsed_uri.path;
}
/* Build a new Authorization header. */
digest_info->header = (peer == HOST) ? "Authorization" :
"Proxy-Authorization";
status = build_auth_header(&value, digest_info, path, method,
conn->pool);
if (status)
return status;
serf_bucket_headers_setn(hdrs_bkt, digest_info->header,
value);
digest_info->digest_nc++;
/* Store the uri of this request on the serf_request_t object, to make
it available when validating the Authentication-Info header of the
matching response. */
request->auth_baton = (void *)path;
}
return APR_SUCCESS;
}
