static gboolean
gst_neonhttp_src_set_proxy (GstNeonhttpSrc * src, const char *uri)
{
ne_uri_free (&src->proxy);
if (ne_uri_parse (uri, &src->proxy) != 0)
goto error;
if (src->proxy.scheme)
GST_WARNING ("The proxy schema shouldn't be defined (schema is '%s')",
src->proxy.scheme);
if (src->proxy.host && !src->proxy.port)
goto error;
if (!src->proxy.path || src->proxy.userinfo)
goto error;
return TRUE;
/* ERRORS */
error:
{
ne_uri_free (&src->proxy);
return FALSE;
}
}
static void
gst_neonhttp_src_dispose (GObject * gobject)
{
GstNeonhttpSrc *src = GST_NEONHTTP_SRC (gobject);
ne_uri_free (&src->uri);
ne_uri_free (&src->proxy);
g_free (src->user_agent);
if (src->cookies) {
g_strfreev (src->cookies);
src->cookies = NULL;
}
if (src->request) {
ne_request_destroy (src->request);
src->request = NULL;
}
if (src->session) {
ne_close_connection (src->session);
ne_session_destroy (src->session);
src->session = NULL;
}
if (src->location) {
ne_free (src->location);
}
if (src->query_string) {
ne_free (src->query_string);
}
G_OBJECT_CLASS (parent_class)->dispose (gobject);
}
/* Assign URL to RSRC. Use POOL for any allocations. */
static svn_error_t *
assign_rsrc_url(svn_ra_neon__resource_t *rsrc,
const char *url, apr_pool_t *pool)
{
char *url_path;
apr_size_t len;
ne_uri parsed_url;
/* Parse the PATH element out of the URL.
NOTE: mod_dav does not (currently) use an absolute URL, but simply a
server-relative path (i.e. this uri_parse is effectively a no-op).
*/
if (ne_uri_parse(url, &parsed_url) != 0)
{
ne_uri_free(&parsed_url);
return svn_error_createf(SVN_ERR_RA_DAV_MALFORMED_DATA, NULL,
_("Unable to parse URL '%s'"), url);
}
url_path = apr_pstrdup(pool, parsed_url.path);
ne_uri_free(&parsed_url);
/* Clean up trailing slashes from the URL. */
len = strlen(url_path);
if (len > 1 && url_path[len - 1] == '/')
url_path[len - 1] = '\0';
rsrc->url = url_path;
return SVN_NO_ERROR;
}
static gboolean
gst_neonhttp_src_set_location (GstNeonhttpSrc * src, const gchar * uri,
GError ** err)
{
ne_uri_free (&src->uri);
if (src->location) {
ne_free (src->location);
src->location = NULL;
}
if (src->query_string) {
ne_free (src->query_string);
src->query_string = NULL;
}
if (ne_uri_parse (uri, &src->uri) != 0)
goto parse_error;
if (src->uri.scheme == NULL)
src->uri.scheme = g_strdup ("http");
if (src->uri.host == NULL)
src->uri.host = g_strdup (DEFAULT_LOCATION);
if (src->uri.port == 0) {
if (!strcmp (src->uri.scheme, "https"))
src->uri.port = HTTPS_DEFAULT_PORT;
else
src->uri.port = HTTP_DEFAULT_PORT;
}
if (!src->uri.path)
src->uri.path = g_strdup ("");
src->query_string = g_strjoin ("?", src->uri.path, src->uri.query, NULL);
src->location = ne_uri_unparse (&src->uri);
return TRUE;
/* ERRORS */
parse_error:
{
if (src->location) {
ne_free (src->location);
src->location = NULL;
}
if (src->query_string) {
ne_free (src->query_string);
src->query_string = NULL;
}
ne_uri_free (&src->uri);
return FALSE;
}
}
/* Verifies an SSL server certificate. */
static int check_certificate(ne_session *sess, gnutls_session sock,
ne_ssl_certificate *chain)
{
int ret, failures = 0;
ne_uri server;
unsigned int status;
memset(&server, 0, sizeof server);
ne_fill_server_uri(sess, &server);
ret = check_identity(&server, chain->subject, NULL);
ne_uri_free(&server);
if (ret < 0) {
ne_set_error(sess, _("Server certificate was missing commonName "
"attribute in subject name"));
return NE_ERROR;
}
else if (ret > 0) {
failures |= NE_SSL_IDMISMATCH;
}
failures |= check_chain_expiry(chain);
ret = gnutls_certificate_verify_peers2(sock, &status);
NE_DEBUG(NE_DBG_SSL, "ssl: Verify peers returned %d, status=%u\n",
ret, status);
if (ret != GNUTLS_E_SUCCESS) {
ne_set_error(sess, _("Could not verify server certificate: %s"),
gnutls_strerror(ret));
return NE_ERROR;
}
failures |= map_verify_failures(&status);
NE_DEBUG(NE_DBG_SSL, "ssl: Verification failures = %d (status = %u).\n",
failures, status);
if (status && status != GNUTLS_CERT_INVALID) {
char *errstr = verify_error_string(status);
ne_set_error(sess, _("Certificate verification error: %s"), errstr);
ne_free(errstr);
return NE_ERROR;
}
if (failures == 0) {
ret = NE_OK;
} else {
ne__ssl_set_verify_err(sess, failures);
ret = NE_ERROR;
if (sess->ssl_verify_fn
&& sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0)
ret = NE_OK;
}
return ret;
}
void close_connection(void)
{
ne_session_destroy(session.sess);
session.connected = 0;
printf(_("Connection to `%s' closed.\n"),
session.uri.host);
ne_uri_free(&session.uri);
if (session.lastwp)
ne_free(session.lastwp);
}
void ne_lock_free(struct ne_lock *lock)
{
ne_uri_free(&lock->uri);
if (lock->owner) {
ne_free(lock->owner);
lock->owner = NULL;
}
if (lock->token) {
ne_free(lock->token);
lock->token = NULL;
}
}
void session_free(void) {
if (b_uri) {
ne_uri_free(&uri);
b_uri = 0;
}
free((char*) username);
free((char*) password);
free((char*) base_directory);
username = password = base_directory = NULL;
}
static void handle_free (struct neon_handle * h)
{
ne_uri_free (h->purl);
g_free (h->purl);
destroy_rb (& h->rb);
pthread_mutex_destroy (& h->reader_status.mutex);
pthread_cond_destroy (& h->reader_status.cond);
g_free (h->icy_metadata.stream_name);
g_free (h->icy_metadata.stream_title);
g_free (h->icy_metadata.stream_url);
g_free (h->icy_metadata.stream_contenttype);
g_free (h->url);
g_free (h);
}
void upsdrv_cleanup(void)
{
free(subdriver->configure);
free(subdriver->subscribe);
free(subdriver->summary);
free(subdriver->getobject);
free(subdriver->setobject);
if (sock) {
ne_sock_close(sock);
}
if (session) {
ne_session_destroy(session);
}
ne_uri_free(&uri);
}
int session_set_uri(const char *s, const char *u, const char *p) {
int l;
assert(!b_uri);
assert(!username);
assert(!password);
if (ne_uri_parse(s, &uri)) {
fprintf(stderr, "Invalid URI <%s>\n", s);
goto finish;
}
b_uri = 1;
if (!uri.host) {
fprintf(stderr, "Missing host part in URI <%s>\n", s);
goto finish;
}
base_directory = strdup(uri.path);
l = strlen(base_directory);
if (base_directory[l-1] == '/')
((char*) base_directory)[l-1] = 0;
if (u)
username = strdup(u);
if (p)
password = strdup(p);
return 0;
finish:
if (b_uri) {
ne_uri_free(&uri);
b_uri = 0;
}
return -1;
}
svn_error_t *
svn_ra_neon__get_url_path(const char **urlpath,
const char *url,
apr_pool_t *pool)
{
ne_uri parsed_url;
svn_error_t *err = SVN_NO_ERROR;
ne_uri_parse(url, &parsed_url);
if (parsed_url.path)
{
*urlpath = apr_pstrdup(pool, parsed_url.path);
}
else
{
err = svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL,
_("Neon was unable to parse URL '%s'"), url);
}
ne_uri_free(&parsed_url);
return err;
}
void ne_lock_using_parent(ne_request *req, const char *path)
{
NE_DEBUG_WINSCP_CONTEXT(ne_get_session(req));
struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID);
ne_uri u = {0};
struct lock_list *item;
char *parent;
if (lrc == NULL)
return;
parent = ne_path_parent(path);
if (parent == NULL)
return;
ne_fill_server_uri(ne_get_session(req), &u);
for (item = lrc->store->locks; item != NULL; item = item->next) {
/* Only care about locks which are on this server. */
u.path = item->lock->uri.path;
if (ne_uri_cmp(&u, &item->lock->uri))
continue;
/* This lock is needed if it is an infinite depth lock which
* covers the parent, or a lock on the parent itself. */
if ((item->lock->depth == NE_DEPTH_INFINITE &&
ne_path_childof(item->lock->uri.path, parent)) ||
ne_path_compare(item->lock->uri.path, parent) == 0) {
NE_DEBUG(NE_DBG_LOCKS, "Locked parent, %s on %s\n",
item->lock->token, item->lock->uri.path);
submit_lock(lrc, item->lock);
}
}
u.path = parent; /* handy: makes u.path valid and ne_free(parent). */
ne_uri_free(&u);
}
static int open_request (struct neon_handle * handle, uint64_t startbyte)
{
int ret;
const ne_status * status;
ne_uri * rediruri;
if (handle->purl->query && * (handle->purl->query))
{
SCONCAT3 (tmp, handle->purl->path, "?", handle->purl->query);
handle->request = ne_request_create (handle->session, "GET", tmp);
}
else
handle->request = ne_request_create (handle->session, "GET", handle->purl->path);
if (startbyte > 0)
ne_print_request_header (handle->request, "Range", "bytes=%"PRIu64"-", startbyte);
ne_print_request_header (handle->request, "Icy-MetaData", "1");
/* Try to connect to the server. */
_DEBUG ("<%p> Connecting...", handle);
ret = ne_begin_request (handle->request);
status = ne_get_status (handle->request);
_DEBUG ("<%p> Return: %d, Status: %d", handle, ret, status->code);
if (ret == NE_OK)
{
switch (status->code)
{
case 401:
/* Authorization required. Reconnect to authenticate */
_DEBUG ("Reconnecting due to 401");
ne_end_request (handle->request);
ret = ne_begin_request (handle->request);
break;
case 301:
case 302:
case 303:
case 307:
/* Redirect encountered. Reconnect. */
ne_end_request (handle->request);
ret = NE_REDIRECT;
break;
case 407:
/* Proxy auth required. Reconnect to authenticate */
_DEBUG ("Reconnecting due to 407");
ne_end_request (handle->request);
ret = ne_begin_request (handle->request);
break;
}
}
switch (ret)
{
case NE_OK:
if (status->code > 199 && status->code < 300)
{
/* URL opened OK */
_DEBUG ("<%p> URL opened OK", handle);
handle->content_start = startbyte;
handle->pos = startbyte;
handle_headers (handle);
return 0;
}
break;
case NE_REDIRECT:
/* We hit a redirect. Handle it. */
_DEBUG ("<%p> Redirect encountered", handle);
handle->redircount += 1;
rediruri = (ne_uri *) ne_redirect_location (handle->session);
ne_request_destroy (handle->request);
handle->request = NULL;
if (! rediruri)
{
_ERROR ("<%p> Could not parse redirect response", (void *) handle);
return -1;
}
ne_uri_free (handle->purl);
ne_uri_copy (handle->purl, rediruri);
return 1;
}
/* Something went wrong. */
_ERROR ("<%p> Could not open URL: %d (%d)", (void *) handle, ret, status->code);
if (ret)
_ERROR ("<%p> neon error string: %s", (void *) handle, ne_get_error (handle->session));
ne_request_destroy (handle->request);
handle->request = NULL;
return -1;
}
/* Try to send the HTTP request to the Icecast server, and if possible deals with
* all the probable redirections (HTTP status code == 3xx)
*/
static gint
gst_neonhttp_src_send_request_and_redirect (GstNeonhttpSrc * src,
ne_session ** ses, ne_request ** req, gint64 offset, gboolean do_redir)
{
ne_session *session = NULL;
ne_request *request = NULL;
gchar **c;
gint res;
gint http_status = 0;
guint request_count = 0;
do {
if (src->proxy.host && src->proxy.port) {
session =
ne_session_create (src->uri.scheme, src->uri.host, src->uri.port);
ne_session_proxy (session, src->proxy.host, src->proxy.port);
} else if (src->proxy.host || src->proxy.port) {
/* both proxy host and port must be specified or none */
return HTTP_REQUEST_WRONG_PROXY;
} else {
session =
ne_session_create (src->uri.scheme, src->uri.host, src->uri.port);
}
if (src->connect_timeout > 0) {
ne_set_connect_timeout (session, src->connect_timeout);
}
if (src->read_timeout > 0) {
ne_set_read_timeout (session, src->read_timeout);
}
ne_set_session_flag (session, NE_SESSFLAG_ICYPROTO, 1);
ne_ssl_set_verify (session, ssl_verify_callback, src);
request = ne_request_create (session, "GET", src->query_string);
if (src->user_agent) {
ne_add_request_header (request, "User-Agent", src->user_agent);
}
for (c = src->cookies; c != NULL && *c != NULL; ++c) {
GST_INFO ("Adding header Cookie : %s", *c);
ne_add_request_header (request, "Cookies", *c);
}
if (src->iradio_mode)
ne_add_request_header (request, "icy-metadata", "1");
if (offset > 0) {
ne_print_request_header (request, "Range",
"bytes=%" G_GINT64_FORMAT "-", offset);
}
res = ne_begin_request (request);
if (res == NE_OK) {
/* When the HTTP status code is 3xx, it is not the SHOUTcast streaming content yet;
* Reload the HTTP request with a new URI value */
http_status = ne_get_status (request)->code;
if (STATUS_IS_REDIRECTION (http_status) && do_redir) {
const gchar *redir;
/* the new URI value to go when redirecting can be found on the 'Location' HTTP header */
redir = ne_get_response_header (request, "Location");
if (redir != NULL) {
ne_uri_free (&src->uri);
gst_neonhttp_src_set_location (src, redir, NULL);
GST_LOG_OBJECT (src, "Got HTTP Status Code %d", http_status);
GST_LOG_OBJECT (src, "Using 'Location' header [%s]", src->uri.host);
}
}
}
if ((res != NE_OK) ||
(offset == 0 && http_status != 200) ||
(offset > 0 && http_status != 206 &&
!STATUS_IS_REDIRECTION (http_status))) {
ne_request_destroy (request);
request = NULL;
ne_close_connection (session);
ne_session_destroy (session);
session = NULL;
if (offset > 0 && http_status != 206 &&
!STATUS_IS_REDIRECTION (http_status)) {
src->seekable = FALSE;
}
}
/* if - NE_OK */
if (STATUS_IS_REDIRECTION (http_status) && do_redir) {
++request_count;
GST_LOG_OBJECT (src, "redirect request_count is now %d", request_count);
if (request_count < MAX_HTTP_REDIRECTS_NUMBER && do_redir) {
GST_INFO_OBJECT (src, "Redirecting to %s", src->uri.host);
} else {
GST_WARNING_OBJECT (src, "Will not redirect, try again with a "
"different URI or redirect location %s", src->uri.host);
}
/* FIXME: when not redirecting automatically, shouldn't we post a
* redirect element message on the bus? */
}
/* do the redirect, go back to send another HTTP request now using the 'Location' */
} while (do_redir && (request_count < MAX_HTTP_REDIRECTS_NUMBER)
&& STATUS_IS_REDIRECTION (http_status));
if (session) {
*ses = session;
*req = request;
}
return res;
}
void ne_session_system_proxy(ne_session *sess, unsigned int flags)
{
#ifdef HAVE_LIBPROXY
pxProxyFactory *pxf = px_proxy_factory_new();
struct host_info *hi, **lasthi;
char *url, **proxies;
ne_uri uri;
unsigned n;
free_proxies(sess);
/* Create URI for session to pass off to libproxy */
memset(&uri, 0, sizeof uri);
ne_fill_server_uri(sess, &uri);
uri.path = "/"; /* make valid URI structure. */
url = ne_uri_unparse(&uri);
uri.path = NULL;
/* Get list of pseudo-URIs from libproxy: */
proxies = px_proxy_factory_get_proxies(pxf, url);
for (n = 0, lasthi = &sess->proxies; proxies[n]; n++) {
enum proxy_type ptype;
ne_uri_free(&uri);
NE_DEBUG(NE_DBG_HTTP, "sess: libproxy #%u=%s\n",
n, proxies[n]);
if (ne_uri_parse(proxies[n], &uri))
continue;
if (!uri.scheme) continue;
if (ne_strcasecmp(uri.scheme, "http") == 0)
ptype = PROXY_HTTP;
else if (ne_strcasecmp(uri.scheme, "socks") == 0)
ptype = PROXY_SOCKS;
else if (ne_strcasecmp(uri.scheme, "direct") == 0)
ptype = PROXY_NONE;
else
continue;
/* Hostname/port required for http/socks schemes. */
if (ptype != PROXY_NONE && !(uri.host && uri.port))
continue;
/* Do nothing if libproxy returned only a single "direct://"
* entry -- a single "direct" (noop) proxy is equivalent to
* having none. */
if (n == 0 && proxies[1] == NULL && ptype == PROXY_NONE)
break;
NE_DEBUG(NE_DBG_HTTP, "sess: Got proxy %s://%s:%d\n",
uri.scheme, uri.host ? uri.host : "(none)",
uri.port);
hi = *lasthi = ne_calloc(sizeof *hi);
if (ptype == PROXY_NONE) {
/* A "direct" URI requires an attempt to connect directly to
* the origin server, so dup the server details. */
set_hostinfo(hi, ptype, sess->server.hostname,
sess->server.port);
}
else {
/* SOCKS/HTTP proxy. */
set_hostinfo(hi, ptype, uri.host, uri.port);
if (ptype == PROXY_HTTP)
sess->any_proxy_http = 1;
else if (ptype == PROXY_SOCKS)
sess->socks_ver = NE_SOCK_SOCKSV5;
}
lasthi = &hi->next;
}
/* Free up the proxies array: */
for (n = 0; proxies[n]; n++)
free(proxies[n]);
free(proxies[n]);
ne_free(url);
ne_uri_free(&uri);
px_proxy_factory_free(pxf);
#endif
}
/* Check certificate identity. Returns zero if identity matches; 1 if
* identity does not match, or <0 if the certificate had no identity.
* If 'identity' is non-NULL, store the malloc-allocated identity in
* *identity. Logic specified by RFC 2818 and RFC 3280. */
static int check_identity(const ne_uri *server, X509 *cert, char **identity)
{
STACK_OF(GENERAL_NAME) *names;
int match = 0, found = 0;
const char *hostname;
hostname = server ? server->host : "";
names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (names) {
int n;
/* subjectAltName contains a sequence of GeneralNames */
for (n = 0; n < sk_GENERAL_NAME_num(names) && !match; n++) {
GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, n);
/* handle dNSName and iPAddress name extensions only. */
if (nm->type == GEN_DNS) {
char *name = dup_ia5string(nm->d.ia5);
if (identity && !found) *identity = ne_strdup(name);
match = ne__ssl_match_hostname(name, strlen(name), hostname);
free(name);
found = 1;
}
else if (nm->type == GEN_IPADD) {
/* compare IP address with server IP address. */
ne_inet_addr *ia;
if (nm->d.ip->length == 4)
ia = ne_iaddr_make(ne_iaddr_ipv4, nm->d.ip->data);
else if (nm->d.ip->length == 16)
ia = ne_iaddr_make(ne_iaddr_ipv6, nm->d.ip->data);
else
ia = NULL;
/* ne_iaddr_make returns NULL if address type is unsupported */
if (ia != NULL) { /* address type was supported. */
char buf[128];
match = strcmp(hostname,
ne_iaddr_print(ia, buf, sizeof buf)) == 0;
found = 1;
ne_iaddr_free(ia);
} else {
NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported "
"address type (length %d), skipped.\n",
nm->d.ip->length);
}
}
else if (nm->type == GEN_URI) {
char *name = dup_ia5string(nm->d.ia5);
ne_uri uri;
if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) {
ne_uri tmp;
if (identity && !found) *identity = ne_strdup(name);
found = 1;
if (server) {
/* For comparison purposes, all that matters is
* host, scheme and port; ignore the rest. */
memset(&tmp, 0, sizeof tmp);
tmp.host = uri.host;
tmp.scheme = uri.scheme;
tmp.port = uri.port;
match = ne_uri_cmp(server, &tmp) == 0;
}
}
ne_uri_free(&uri);
free(name);
}
}
/* free the whole stack. */
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
/* Check against the commonName if no DNS alt. names were found,
* as per RFC3280. */
if (!found) {
X509_NAME *subj = X509_get_subject_name(cert);
X509_NAME_ENTRY *entry;
ne_buffer *cname = ne_buffer_ncreate(30);
int idx = -1, lastidx;
/* find the most specific commonName attribute. */
do {
lastidx = idx;
idx = X509_NAME_get_index_by_NID(subj, NID_commonName, lastidx);
} while (idx >= 0);
if (lastidx < 0) {
/* no commonName attributes at all. */
ne_buffer_destroy(cname);
return -1;
}
/* extract the string from the entry */
entry = X509_NAME_get_entry(subj, lastidx);
if (append_dirstring(cname, X509_NAME_ENTRY_get_data(entry))) {
ne_buffer_destroy(cname);
return -1;
}
if (identity) *identity = ne_strdup(cname->data);
match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname);
ne_buffer_destroy(cname);
}
NE_DEBUG(NE_DBG_SSL, "Identity match for '%s': %s\n", hostname,
match ? "good" : "bad");
return match ? 0 : 1;
}
/* Check certificate identity. Returns zero if identity matches; 1 if
* identity does not match, or <0 if the certificate had no identity.
* If 'identity' is non-NULL, store the malloc-allocated identity in
* *identity. If 'server' is non-NULL, it must be the network address
* of the server in use, and identity must be NULL. */
static int check_identity(const ne_uri *server, gnutls_x509_crt cert,
char **identity)
{
char name[255];
unsigned int critical;
int ret, seq = 0;
int match = 0, found = 0;
size_t len;
const char *hostname;
hostname = server ? server->host : "";
do {
len = sizeof name - 1;
ret = gnutls_x509_crt_get_subject_alt_name(cert, seq, name, &len,
&critical);
switch (ret) {
case GNUTLS_SAN_DNSNAME:
name[len] = '\0';
if (identity && !found) *identity = ne_strdup(name);
match = ne__ssl_match_hostname(name, len, hostname);
found = 1;
break;
case GNUTLS_SAN_IPADDRESS: {
ne_inet_addr *ia;
if (len == 4)
ia = ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)name);
else if (len == 16)
ia = ne_iaddr_make(ne_iaddr_ipv6, (unsigned char *)name);
else
ia = NULL;
if (ia) {
char buf[128];
match = strcmp(hostname,
ne_iaddr_print(ia, buf, sizeof buf)) == 0;
if (identity) *identity = ne_strdup(buf);
found = 1;
ne_iaddr_free(ia);
} else {
NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported "
"address type (length %" NE_FMT_SIZE_T "), skipped.\n",
len);
}
} break;
case GNUTLS_SAN_URI: {
ne_uri uri;
name[len] = '\0';
if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) {
ne_uri tmp;
if (identity && !found) *identity = ne_strdup(name);
found = 1;
if (server) {
/* For comparison purposes, all that matters is
* host, scheme and port; ignore the rest. */
memset(&tmp, 0, sizeof tmp);
tmp.host = uri.host;
tmp.scheme = uri.scheme;
tmp.port = uri.port;
match = ne_uri_cmp(server, &tmp) == 0;
}
}
ne_uri_free(&uri);
} break;
default:
break;
}
seq++;
} while (!match && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
/* Check against the commonName if no DNS alt. names were found,
* as per RFC3280. */
if (!found) {
seq = oid_find_highest_index(cert, 1, GNUTLS_OID_X520_COMMON_NAME);
if (seq >= 0) {
len = sizeof name;
name[0] = '\0';
ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
seq, 0, name, &len);
if (ret == 0) {
if (identity) *identity = ne_strdup(name);
match = ne__ssl_match_hostname(name, len, hostname);
}
} else {
return -1;
}
}
if (*hostname)
NE_DEBUG(NE_DBG_SSL, "ssl: Identity match for '%s': %s\n", hostname,
match ? "good" : "bad");
return match ? 0 : 1;
}
/* FIXME: Leaky as a bucket */
void open_connection(const char *url)
{
char *proxy_host = get_option(opt_proxy), *pnt;
ne_server_capabilities caps;
int ret, use_ssl = 0;
ne_session *sess;
if (session.connected) {
close_connection();
} else {
ne_uri_free(&session.uri);
if (session.lastwp) {
ne_free(session.lastwp);
session.lastwp = NULL;
}
}
/* Single argument: see whether we have a path or scheme */
if (strchr(url, '/') == NULL) {
/* No path, no scheme -> just a hostname */
pnt = strchr(url, ':');
if (pnt != NULL) {
*pnt++ = '\0';
session.uri.port = atoi(pnt);
} else {
session.uri.port = 80;
}
session.uri.host = ne_strdup(url);
session.uri.scheme = ne_strdup("http");
} else {
/* Parse the URL */
if (ne_uri_parse(url, &session.uri) || session.uri.host == NULL) {
printf(_("Could not parse URL `%s'\n"), url);
return;
}
if (session.uri.scheme == NULL)
session.uri.scheme = ne_strdup("http");
if (!session.uri.port)
session.uri.port = ne_uri_defaultport(session.uri.scheme);
if (strcasecmp(session.uri.scheme, "https") == 0) {
if (!ne_has_support(NE_FEATURE_SSL)) {
printf(_("SSL is not enabled.\n"));
return;
}
use_ssl = 1;
}
}
session.sess = ne_session_create(session.uri.scheme, session.uri.host,
session.uri.port);
sess = session.sess;
if (use_ssl && setup_ssl()) {
return;
}
ne_lockstore_register(session.locks, sess);
ne_redirect_register(sess);
ne_set_notifier(sess, notifier, NULL);
if (session.uri.path == NULL) {
session.uri.path = ne_strdup("/");
} else {
if (!ne_path_has_trailing_slash(session.uri.path)) {
pnt = ne_concat(session.uri.path, "/", NULL);
free(session.uri.path);
session.uri.path = pnt;
}
}
/* Get the proxy details */
if (proxy_host != NULL) {
if (get_option(opt_proxy_port) != NULL) {
proxy_port = atoi(get_option(opt_proxy_port));
} else {
proxy_port = 8080;
}
proxy_hostname = proxy_host;
}
#ifdef ENABLE_NETRC
{
netrc_entry *found;
found = search_netrc(netrc_list, session.uri.host);
if (found != NULL) {
if (found->account && found->password) {
server_username = found->account;
server_password = found->password;
}
}
}
#endif /* ENABLE_NETRC */
#ifdef NE_SESSFLAG_EXPECT100
ne_set_session_flag(session.sess, NE_SESSFLAG_EXPECT100, get_bool_option(opt_expect100));
#endif /* NE_SESSFLAG_EXPECT100 */
session.connected = 0;
ne_set_useragent(session.sess, "cadaver/" PACKAGE_VERSION);
ne_set_server_auth(session.sess, supply_creds_server, NULL);
ne_set_proxy_auth(session.sess, supply_creds_proxy, NULL);
if (proxy_host) {
ne_session_proxy(session.sess, proxy_hostname, proxy_port);
}
ret = ne_options(session.sess, session.uri.path, &caps);
switch (ret) {
case NE_OK:
session.connected = true;
if (set_path(session.uri.path)) {
close_connection();
}
break;
case NE_CONNECT:
if (proxy_host) {
printf(_("Could not connect to `%s' on port %d:\n%s\n"),
proxy_hostname, proxy_port, ne_get_error(session.sess));
} else {
printf(_("Could not connect to `%s' on port %d:\n%s\n"),
session.uri.host, session.uri.port, ne_get_error(session.sess));
}
break;
case NE_LOOKUP:
puts(ne_get_error(session.sess));
break;
default:
printf(_("Could not open collection:\n%s\n"),
ne_get_error(session.sess));
break;
}
}
svn_error_t *
svn_ra_neon__search_for_starting_props(svn_ra_neon__resource_t **rsrc,
const char **missing_path,
svn_ra_neon__session_t *sess,
const char *url,
apr_pool_t *pool)
{
svn_error_t *err = SVN_NO_ERROR;
apr_size_t len;
svn_stringbuf_t *path_s;
ne_uri parsed_url;
svn_stringbuf_t *lopped_path =
svn_stringbuf_create(url, pool); /* initialize to make sure it'll fit
without reallocating */
apr_pool_t *iterpool = svn_pool_create(pool);
/* Split the url into its component pieces (scheme, host, path,
etc). We want the path part. */
ne_uri_parse(url, &parsed_url);
if (parsed_url.path == NULL)
{
ne_uri_free(&parsed_url);
return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL,
_("Neon was unable to parse URL '%s'"), url);
}
svn_stringbuf_setempty(lopped_path);
path_s = svn_stringbuf_create(parsed_url.path, pool);
ne_uri_free(&parsed_url);
/* Try to get the starting_props from the public url. If the
resource no longer exists in HEAD, we'll get a failure. That's
fine: just keep removing components and trying to get the
starting_props from parent directories. */
while (! svn_path_is_empty(path_s->data))
{
svn_pool_clear(iterpool);
err = svn_ra_neon__get_starting_props(rsrc, sess, path_s->data,
NULL, iterpool);
if (! err)
break; /* found an existing parent! */
if (err->apr_err != SVN_ERR_FS_NOT_FOUND)
return err; /* found a _real_ error */
/* else... lop off the basename and try again. */
svn_stringbuf_set(lopped_path,
svn_path_join(svn_path_basename(path_s->data, iterpool),
lopped_path->data, iterpool));
len = path_s->len;
svn_path_remove_component(path_s);
/* if we detect an infinite loop, get out. */
if (path_s->len == len)
return svn_error_quick_wrap
(err, _("The path was not part of a repository"));
svn_error_clear(err);
}
/* error out if entire URL was bogus (not a single part of it exists
in the repository!) */
if (svn_path_is_empty(path_s->data))
return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL,
_("No part of path '%s' was found in "
"repository HEAD"), parsed_url.path);
/* Duplicate rsrc out of iterpool into pool */
{
apr_hash_index_t *hi;
svn_ra_neon__resource_t *tmp = apr_pcalloc(pool, sizeof(*tmp));
tmp->url = apr_pstrdup(pool, (*rsrc)->url);
tmp->is_collection = (*rsrc)->is_collection;
tmp->pool = pool;
tmp->propset = apr_hash_make(pool);
for (hi = apr_hash_first(iterpool, (*rsrc)->propset);
hi; hi = apr_hash_next(hi))
{
const void *key;
void *val;
apr_hash_this(hi, &key, NULL, &val);
apr_hash_set(tmp->propset, apr_pstrdup(pool, key), APR_HASH_KEY_STRING,
svn_string_dup(val, pool));
}
*rsrc = tmp;
}
*missing_path = lopped_path->data;
svn_pool_destroy(iterpool);
return SVN_NO_ERROR;
}
