/* Read the request from a client socket.
*/
int fetch_request(t_session *session) {
char *new_reqbuf, *strstart, *strend;
long max_request_size, bytes_read, header_length = -1, content_length = -1, chunk_size_pos;
int result = 200, write_bytes, poll_result, upload_handle = -1, retval;
time_t deadline;
struct pollfd poll_data;
bool keep_reading = true, store_on_disk = false, chunked_request = false;
if (session->request_limit == false) {
deadline = session->time + NO_REQUEST_LIMIT_TIME;
max_request_size = NO_REQUEST_LIMIT_SIZE;
} else if (session->kept_alive == 0) {
deadline = session->time + session->binding->time_for_1st_request;
max_request_size = session->binding->max_request_size;
} else {
deadline = session->time + session->binding->time_for_request;
max_request_size = session->binding->max_request_size;
}
do {
/* Check if requestbuffer contains a complete request.
*/
if (session->request != NULL) {
if (header_length == -1) {
if ((strstart = strstr(session->request, "\r\n\r\n")) != NULL) {
*(strstart + 2) = '\0';
header_length = strstart + 4 - session->request;
session->header_length = header_length;
determine_request_method(session);
store_on_disk = (session->request_method == PUT) && session->binding->enable_alter;
if (store_on_disk) {
if ((session->uploaded_file = (char*)malloc(session->config->upload_directory_len + 15)) != NULL) {
strcpy(session->uploaded_file, session->config->upload_directory);
strcpy(session->uploaded_file + session->config->upload_directory_len, "/upload_XXXXXX");
umask(S_IWGRP | S_IWOTH);
if ((upload_handle = mkstemp(session->uploaded_file)) == -1) {
free(session->uploaded_file);
session->uploaded_file = NULL;
}
}
if (session->uploaded_file == NULL) {
log_error(session, "can't create temporary file for PUT request");
result = 500;
break;
}
session->uploaded_size = session->bytes_in_buffer - header_length;
if (write_buffer(upload_handle, session->request + header_length, session->uploaded_size) == -1) {
result = 500;
break;
}
session->bytes_in_buffer = header_length;
}
}
}
if (header_length != -1) {
if ((content_length == -1) && (chunked_request == false)) {
if ((strstart = strcasestr(session->request, hs_conlen)) != NULL) {
/* Request has Content-Length
*/
strstart += 16;
if ((strend = strstr(strstart, "\r\n")) != NULL) {
*strend = '\0';
content_length = str_to_int(strstart);
*strend = '\r';
if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) {
result = 500;
break;
}
if (store_on_disk) {
/* Write to file on disk
*/
session->content_length = 0;
if (content_length > session->binding->max_upload_size) {
result = 413;
break;
}
session->buffer_size = header_length + REQUEST_BUFFER_CHUNK;
if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) {
session->request = new_reqbuf;
} else {
session->error_cause = ec_SOCKET_READ_ERROR;
result = -1;
break;
}
} else {
/* Read into memory
*/
session->content_length = content_length;
if (header_length + content_length > max_request_size) {
session->error_cause = ec_MAX_REQUESTSIZE;
result = -1;
break;
}
if (header_length + content_length > session->buffer_size) {
session->buffer_size = header_length + content_length;
if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) {
session->request = new_reqbuf;
} else {
session->error_cause = ec_SOCKET_READ_ERROR;
result = -1;
break;
}
}
}
}
} else if (strcasestr(session->request, hs_chunked) != NULL) {
/* Chunked transfer encoding
*/
if (store_on_disk) {
log_error(session, "Chunked transfer encoding for PUT requests not supported.");
result = -1;
break;
}
chunked_request = true;
chunk_size_pos = 0;
} else {
/* No content
*/
session->content_length = 0;
if (store_on_disk) {
result = 411;
}
break;
}
}
if (content_length > -1) {
if (store_on_disk) {
if (session->uploaded_size == content_length) {
/* Received a complete PUT request */
break;
}
} else {
if (session->bytes_in_buffer >= header_length + content_length) {
/* Received a complete request */
break;
}
}
} else if (chunked_request) {
/* All chunks uploaded
*/
retval = all_chunks_uploaded(session->request + session->header_length,
session->bytes_in_buffer - session->header_length,
&chunk_size_pos);
if (retval == -1) {
result = 400;
break;
} else if (retval == 1) {
if ((session->content_length = merge_chunks(session->request + session->header_length,
session->bytes_in_buffer - session->header_length,
&(session->bytes_in_buffer))) == -1) {
result = -1;
}
break;
}
}
}
}
#ifdef ENABLE_SSL
poll_result = session->binding->use_ssl ? ssl_pending(&(session->ssl_context)) : 0;
if (poll_result == 0) {
#endif
poll_data.fd = session->client_socket;
poll_data.events = POLL_EVENT_BITS;
poll_result = poll(&poll_data, 1, 1000);
#ifdef ENABLE_SSL
}
#endif
switch (poll_result) {
case -1:
if (errno != EINTR) {
if (session->bytes_in_buffer == 0) {
session->error_cause = ec_CLIENT_DISCONNECTED;
} else {
session->error_cause = ec_SOCKET_READ_ERROR;
}
result = -1;
keep_reading = false;
}
break;
case 0:
if (session->force_quit) {
session->error_cause = ec_FORCE_QUIT;
result = -1;
keep_reading = false;
} else if (time(NULL) > deadline) {
session->error_cause = ec_TIMEOUT;
result = -1;
keep_reading = false;
}
break;
default:
if ((content_length == -1) && ((session->buffer_size - session->bytes_in_buffer) < 256)) {
session->buffer_size += REQUEST_BUFFER_CHUNK;
if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) {
session->request = new_reqbuf;
} else {
session->error_cause = ec_SOCKET_READ_ERROR;
result = -1;
keep_reading = false;
break;
}
}
/* Read from socket.
*/
#ifdef ENABLE_SSL
if (session->binding->use_ssl) {
bytes_read = ssl_receive(&(session->ssl_context), session->request + session->bytes_in_buffer,
session->buffer_size - session->bytes_in_buffer);
} else
#endif
bytes_read = recv(session->client_socket, session->request + session->bytes_in_buffer,
session->buffer_size - session->bytes_in_buffer, 0);
switch (bytes_read) {
case -1:
if (errno != EINTR) {
if (session->bytes_in_buffer == 0) {
session->error_cause = ec_CLIENT_DISCONNECTED;
} else {
session->error_cause = ec_SOCKET_READ_ERROR;
}
result = -1;
keep_reading = false;
}
break;
case 0:
session->error_cause = ec_CLIENT_DISCONNECTED;
result = -1;
keep_reading = false;
break;
default:
if (store_on_disk) {
/* Write to file on disk
*/
write_bytes = bytes_read;
if (session->uploaded_size + bytes_read > content_length) {
write_bytes -= ((session->uploaded_size + bytes_read) - content_length);
}
if (write_buffer(upload_handle, session->request + header_length, write_bytes) == -1) {
result = 500;
keep_reading = false;
break;
}
if ((session->uploaded_size += write_bytes) > session->binding->max_upload_size) {
keep_reading = false;
result = 413;
break;
}
if (write_bytes < bytes_read) {
memmove(session->request + header_length, session->request + header_length + write_bytes, bytes_read - write_bytes);
session->bytes_in_buffer += bytes_read - write_bytes;
keep_reading = false;
}
} else {
/* Read into memory
*/
session->bytes_in_buffer += bytes_read;
*(session->request + session->bytes_in_buffer) = '\0';
if (session->bytes_in_buffer > max_request_size) {
keep_reading = false;
session->error_cause = ec_MAX_REQUESTSIZE;
result = -1;
break;
}
}
}
}
} while (keep_reading);
if (upload_handle != -1) {
fsync(upload_handle);
close(upload_handle);
}
#ifdef ENABLE_TOMAHAWK
increment_transfer(TRANSFER_RECEIVED, header_length + content_length);
#endif
return result;
}
static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond )
{
struct http_request *req = data;
int evil_server = 0;
char buffer[2048];
char *end1, *end2;
int st;
if( req->inpa > 0 )
b_event_remove( req->inpa );
if( req->ssl )
{
st = ssl_read( req->ssl, buffer, sizeof( buffer ) );
if( st < 0 )
{
if( ssl_errno != SSL_AGAIN )
{
/* goto cleanup; */
/* YAY! We have to deal with crappy Microsoft
servers that LOVE to send invalid TLS
packets that abort connections! \o/ */
goto got_reply;
}
}
else if( st == 0 )
{
goto got_reply;
}
}
else
{
st = read( req->fd, buffer, sizeof( buffer ) );
if( st < 0 )
{
if( !sockerr_again() )
{
req->status_string = g_strdup( strerror( errno ) );
goto cleanup;
}
}
else if( st == 0 )
{
goto got_reply;
}
}
if( st > 0 )
{
req->reply_headers = g_realloc( req->reply_headers, req->bytes_read + st + 1 );
memcpy( req->reply_headers + req->bytes_read, buffer, st );
req->bytes_read += st;
}
/* There will be more! */
req->inpa = b_input_add( req->fd,
req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_READ,
http_incoming_data, req );
if( ssl_pending( req->ssl ) )
return http_incoming_data( data, source, cond );
else
return FALSE;
got_reply:
/* Maybe if the webserver is overloaded, or when there's bad SSL
support... */
if( req->bytes_read == 0 )
{
req->status_string = g_strdup( "Empty HTTP reply" );
goto cleanup;
}
/* Zero termination is very convenient. */
req->reply_headers[req->bytes_read] = 0;
/* Find the separation between headers and body, and keep stupid
webservers in mind. */
end1 = strstr( req->reply_headers, "\r\n\r\n" );
end2 = strstr( req->reply_headers, "\n\n" );
if( end2 && end2 < end1 )
{
end1 = end2 + 1;
evil_server = 1;
}
else if( end1 )
{
end1 += 2;
}
else
{
req->status_string = g_strdup( "Malformed HTTP reply" );
goto cleanup;
}
*end1 = 0;
if( getenv( "BITLBEE_DEBUG" ) )
printf( "HTTP response headers:\n%s\n", req->reply_headers );
if( evil_server )
req->reply_body = end1 + 1;
else
req->reply_body = end1 + 2;
req->body_size = req->reply_headers + req->bytes_read - req->reply_body;
if( ( end1 = strchr( req->reply_headers, ' ' ) ) != NULL )
{
if( sscanf( end1 + 1, "%d", &req->status_code ) != 1 )
{
req->status_string = g_strdup( "Can't parse status code" );
req->status_code = -1;
}
else
{
char *eol;
if( evil_server )
eol = strchr( end1, '\n' );
else
eol = strchr( end1, '\r' );
req->status_string = g_strndup( end1 + 1, eol - end1 - 1 );
/* Just to be sure... */
if( ( eol = strchr( req->status_string, '\r' ) ) )
*eol = 0;
if( ( eol = strchr( req->status_string, '\n' ) ) )
*eol = 0;
}
}
else
{
req->status_string = g_strdup( "Can't locate status code" );
req->status_code = -1;
}
if( ( ( req->status_code >= 301 && req->status_code <= 303 ) ||
req->status_code == 307 ) && req->redir_ttl-- > 0 )
{
char *loc, *new_request, *new_host;
int error = 0, new_port, new_proto;
/* We might fill it again, so let's not leak any memory. */
g_free( req->status_string );
req->status_string = NULL;
loc = strstr( req->reply_headers, "\nLocation: " );
if( loc == NULL ) /* We can't handle this redirect... */
{
req->status_string = g_strdup( "Can't locate Location: header" );
goto cleanup;
}
loc += 11;
while( *loc == ' ' )
loc ++;
/* TODO/FIXME: Possibly have to handle relative redirections,
and rewrite Host: headers. Not necessary for now, it's
enough for passport authentication like this. */
if( *loc == '/' )
{
/* Just a different pathname... */
/* Since we don't cache the servername, and since we
don't need this yet anyway, I won't implement it. */
req->status_string = g_strdup( "Can't handle recursive redirects" );
goto cleanup;
}
else
{
/* A whole URL */
url_t *url;
char *s;
const char *new_method;
s = strstr( loc, "\r\n" );
if( s == NULL )
goto cleanup;
url = g_new0( url_t, 1 );
*s = 0;
if( !url_set( url, loc ) )
{
req->status_string = g_strdup( "Malformed redirect URL" );
g_free( url );
goto cleanup;
}
/* Find all headers and, if necessary, the POST request contents.
Skip the old Host: header though. This crappy code here means
anything using this http_client MUST put the Host: header at
the top. */
if( !( ( s = strstr( req->request, "\r\nHost: " ) ) &&
( s = strstr( s + strlen( "\r\nHost: " ), "\r\n" ) ) ) )
{
req->status_string = g_strdup( "Error while rebuilding request string" );
g_free( url );
goto cleanup;
}
/* More or less HTTP/1.0 compliant, from my reading of RFC 2616.
Always perform a GET request unless we received a 301. 303 was
meant for this but it's HTTP/1.1-only and we're specifically
speaking HTTP/1.0. ...
Well except someone at identi.ca's didn't bother reading any
RFCs and just return HTTP/1.1-specific status codes to HTTP/1.0
requests. Fuckers. So here we are, handle 301..303,307. */
if( strncmp( req->request, "GET", 3 ) == 0 )
/* GETs never become POSTs. */
new_method = "GET";
else if( req->status_code == 302 || req->status_code == 303 )
/* 302 de-facto becomes GET, 303 as specified by RFC 2616#10.3.3 */
new_method = "GET";
else
/* 301 de-facto should stay POST, 307 specifally RFC 2616#10.3.8 */
new_method = "POST";
/* Okay, this isn't fun! We have to rebuild the request... :-( */
new_request = g_strdup_printf( "%s %s HTTP/1.0\r\nHost: %s%s",
new_method, url->file, url->host, s );
new_host = g_strdup( url->host );
new_port = url->port;
new_proto = url->proto;
/* If we went from POST to GET, truncate the request content. */
if( new_request[0] != req->request[0] && new_request[0] == 'G' &&
( s = strstr( new_request, "\r\n\r\n" ) ) )
s[4] = '\0';
g_free( url );
}
if( req->ssl )
ssl_disconnect( req->ssl );
else
closesocket( req->fd );
req->fd = -1;
req->ssl = NULL;
if( getenv( "BITLBEE_DEBUG" ) )
printf( "New headers for redirected HTTP request:\n%s\n", new_request );
if( new_proto == PROTO_HTTPS )
{
req->ssl = ssl_connect( new_host, new_port, TRUE, http_ssl_connected, req );
if( req->ssl == NULL )
error = 1;
}
else
{
req->fd = proxy_connect( new_host, new_port, http_connected, req );
if( req->fd < 0 )
error = 1;
}
g_free( new_host );
if( error )
{
req->status_string = g_strdup( "Connection problem during redirect" );
g_free( new_request );
goto cleanup;
}
g_free( req->request );
g_free( req->reply_headers );
req->request = new_request;
req->request_length = strlen( new_request );
req->bytes_read = req->bytes_written = req->inpa = 0;
req->reply_headers = req->reply_body = NULL;
return FALSE;
}
/* Assume that a closed connection means we're finished, this indeed
breaks with keep-alive connections and faulty connections. */
req->finished = 1;
cleanup:
if( req->ssl )
ssl_disconnect( req->ssl );
else
closesocket( req->fd );
if( getenv( "BITLBEE_DEBUG" ) && req )
printf( "Finishing HTTP request with status: %s\n",
req->status_string ? req->status_string : "NULL" );
req->func( req );
http_free( req );
return FALSE;
}
static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition cond )
{
struct im_connection *ic = data;
struct jabber_data *jd = ic->proto_data;
char buf[512];
int st;
if( jd->fd == -1 )
return FALSE;
if( jd->ssl )
st = ssl_read( jd->ssl, buf, sizeof( buf ) );
else
st = read( jd->fd, buf, sizeof( buf ) );
if( st > 0 )
{
/* Parse. */
if( xt_feed( jd->xt, buf, st ) < 0 )
{
imcb_error( ic, "XML stream error" );
imc_logout( ic, TRUE );
return FALSE;
}
/* Execute all handlers. */
if( !xt_handle( jd->xt, NULL, 1 ) )
{
/* Don't do anything, the handlers should have
aborted the connection already. */
return FALSE;
}
if( jd->flags & JFLAG_STREAM_RESTART )
{
jd->flags &= ~JFLAG_STREAM_RESTART;
jabber_start_stream( ic );
}
/* Garbage collection. */
xt_cleanup( jd->xt, NULL, 1 );
/* This is a bit hackish, unfortunately. Although xmltree
has nifty event handler stuff, it only calls handlers
when nodes are complete. Since the server should only
send an opening <stream:stream> tag, we have to check
this by hand. :-( */
if( !( jd->flags & JFLAG_STREAM_STARTED ) && jd->xt && jd->xt->root )
{
if( g_strcasecmp( jd->xt->root->name, "stream:stream" ) == 0 )
{
jd->flags |= JFLAG_STREAM_STARTED;
/* If there's no version attribute, assume
this is an old server that can't do SASL
authentication. */
if( !sasl_supported( ic ) )
{
/* If there's no version= tag, we suppose
this server does NOT implement: XMPP 1.0,
SASL and TLS. */
if( set_getbool( &ic->acc->set, "tls" ) )
{
imcb_error( ic, "TLS is turned on for this "
"account, but is not supported by this server" );
imc_logout( ic, FALSE );
return FALSE;
}
else
{
return jabber_init_iq_auth( ic );
}
}
}
else
{
imcb_error( ic, "XML stream error" );
imc_logout( ic, TRUE );
return FALSE;
}
}
}
else if( st == 0 || ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) )
{
closesocket( jd->fd );
jd->fd = -1;
imcb_error( ic, "Error while reading from server" );
imc_logout( ic, TRUE );
return FALSE;
}
if( ssl_pending( jd->ssl ) )
/* OpenSSL empties the TCP buffers completely but may keep some
data in its internap buffers. select() won't see that, but
ssl_pending() does. */
return jabber_read_callback( data, fd, cond );
else
return TRUE;
}
static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond )
{
struct http_request *req = data;
char buffer[4096];
int st;
if( req->inpa > 0 )
{
b_event_remove( req->inpa );
req->inpa = 0;
}
if( req->ssl )
{
st = ssl_read( req->ssl, buffer, sizeof( buffer ) );
if( st < 0 )
{
if( ssl_errno != SSL_AGAIN )
{
/* goto cleanup; */
/* YAY! We have to deal with crappy Microsoft
servers that LOVE to send invalid TLS
packets that abort connections! \o/ */
goto eof;
}
}
else if( st == 0 )
{
goto eof;
}
}
else
{
st = read( req->fd, buffer, sizeof( buffer ) );
if( st < 0 )
{
if( !sockerr_again() )
{
req->status_string = g_strdup( strerror( errno ) );
goto cleanup;
}
}
else if( st == 0 )
{
goto eof;
}
}
if( st > 0 )
{
http_ret_t c;
if( req->flags & HTTPC_CHUNKED )
c = http_process_chunked_data( req, buffer, st );
else
c = http_process_data( req, buffer, st );
if( c == CR_EOF )
goto eof;
else if( c == CR_ERROR || c == CR_ABORT )
return FALSE;
}
if( req->content_length != -1 &&
req->body_size >= req->content_length )
goto eof;
if( ssl_pending( req->ssl ) )
return http_incoming_data( data, source, cond );
/* There will be more! */
req->inpa = b_input_add( req->fd,
req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_READ,
http_incoming_data, req );
return FALSE;
eof:
req->flags |= HTTPC_EOF;
/* Maybe if the webserver is overloaded, or when there's bad SSL
support... */
if( req->bytes_read == 0 )
{
req->status_string = g_strdup( "Empty HTTP reply" );
goto cleanup;
}
cleanup:
/* Avoid g_source_remove warnings */
req->inpa = 0;
if( req->ssl )
ssl_disconnect( req->ssl );
else
closesocket( req->fd );
if( req->body_size < req->content_length )
{
req->status_code = -1;
g_free( req->status_string );
req->status_string = g_strdup( "Response truncated" );
}
if( getenv( "BITLBEE_DEBUG" ) && req )
printf( "Finishing HTTP request with status: %s\n",
req->status_string ? req->status_string : "NULL" );
req->func( req );
http_free( req );
return FALSE;
}
