void free_S3(S3 *s3)
{
if(s3) {
ne_buffer_destroy(s3->key_info.nb_name);
ne_buffer_destroy(s3->key_info.nb_etag);
ne_buffer_destroy(s3->key_info.nb_storage_class);
ne_buffer_destroy(s3->key_info.nb_owner_id);
ne_buffer_destroy(s3->key_info.nb_owner_display_name);
memset(s3->access_id,0,64);
memset(s3->secret_key,0,64);
ne_sock_exit();
free(s3);
}
}
/* Read the contents of file FILENAME into *DATUM. */
static int read_to_datum(const char *filename, gnutls_datum *datum)
{
FILE *f = fopen(filename, "r");
ne_buffer *buf;
char tmp[4192];
size_t len;
if (!f) {
return -1;
}
buf = ne_buffer_ncreate(8192);
while ((len = fread(tmp, 1, sizeof tmp, f)) > 0) {
ne_buffer_append(buf, tmp, len);
}
if (!feof(f)) {
fclose(f);
ne_buffer_destroy(buf);
return -1;
}
fclose(f);
datum->size = ne_buffer_size(buf);
datum->data = (unsigned char *)ne_buffer_finish(buf);
return 0;
}
/* Discover all locks on URI */
int ne_lock_discover(ne_session *sess, const char *uri,
ne_lock_result callback, void *userdata)
{
ne_propfind_handler *handler;
struct discover_ctx ctx = {0};
int ret;
ctx.results = callback;
ctx.userdata = userdata;
ctx.session = sess;
ctx.cdata = ne_buffer_create();
handler = ne_propfind_create(sess, uri, NE_DEPTH_ZERO,"PROPFIND");
ne_propfind_set_private(handler, ld_create, &ctx);
ne_xml_push_handler(ne_propfind_get_parser(handler),
ld_startelm, ld_cdata, end_element_ldisc, handler);
ret = ne_propfind_named(handler, lock_props, discover_results, &ctx);
ne_buffer_destroy(ctx.cdata);
ne_propfind_destroy(handler);
return ret;
}
static object_query_t *set_object_raw(object_query_t *req) {
int resp_code;
object_query_t *resp = NULL;
ne_buffer *req_body = NULL;
ne_buffer *resp_body = NULL;
assert(NULL != req);
/* Sanity check */
assert(SET_OBJECT_REQUEST == req->type);
assert(RAW_POST == req->mode);
/* Serialise request POST data */
req_body = set_object_serialise_raw(req);
/* Send request */
resp_body = ne_buffer_create();
assert(NULL != resp_body);
resp_code = send_http_request(session,
"POST", "/set_obj.htm", NULL, req_body, resp_body);
/*
* Repeat in case of 401 - Unauthorised
*
* Note that this is a WA of NMC sending Connection: close
* header in the 401 response, in which case neon closes
* connection (quite rightfully).
*/
if (401 == resp_code)
resp_code = send_http_request(session,
"POST", "/set_obj.htm", NULL, req_body, resp_body);
/* Deserialise response */
if (200 == resp_code)
resp = set_object_deserialise_raw(resp_body);
/* Cleanup */
if (NULL != req_body)
ne_buffer_destroy(req_body);
if (NULL != resp_body)
ne_buffer_destroy(resp_body);
return resp;
}
static int simple(void) {
ne_buffer *s = ne_buffer_create();
ON(s == NULL);
ne_buffer_zappend(s, "abcde");
ONCMP(s->data, "abcde");
ON(ne_buffer_size(s) != 5);
ne_buffer_destroy(s);
return OK;
}
static int grow(void)
{
ne_buffer *s = ne_buffer_ncreate(2);
ON(s == NULL);
ne_buffer_append(s, "a", 1);
ne_buffer_grow(s, 4);
ONCMP(s->data, "a");
ne_buffer_destroy(s);
return OK;
}
static int buf_concat(void)
{
ne_buffer *s = ne_buffer_create();
ON(s == NULL);
ne_buffer_concat(s, "a", "b", "c", "d", "e", "f", "g", NULL);
ONCMP(s->data, "abcdefg");
ON(ne_buffer_size(s) != 7);
ne_buffer_destroy(s);
return OK;
}
int s3_get_bucket(S3 *s3,const char *bucket,
const char *prefix,const char *marker,int max_keys,const char *delimiter,
const S3KeyInfoCallback *key_info_cb)
{
ne_request *req;
int err, retry;
ne_buffer *params;
if(!s3) return -1;
if(!bucket) return -1;
params = ne_buffer_create();
if(prefix) ne_buffer_concat(params,"prefix=",prefix,"/&",NULL);
if(marker) ne_buffer_concat(params,"marker=",marker,"&",NULL);
if(max_keys >= 0) {
char mk[16];
snprintf(mk,16,"%d",max_keys);
mk[15] = 0;
ne_buffer_concat(params,"max_keys=",max_keys,"&",NULL);
}
if(delimiter) ne_buffer_concat(params,"delimiter=",delimiter,"&",NULL);
s3_begin_session(s3);
req = s3_new_request(s3,"GET",bucket,NULL,params->data,NULL);
ne_buffer_destroy(params);
// send to server
do {
err = ne_begin_request(req);
if(err != NE_OK) err = -EIO;
else {
if(ne_get_status(req)->code != 200) {
s3_handle_error_response(s3,req);
err = -EACCES;
} else {
s3->key_info.key_info_cb = key_info_cb;
s3_parse_xml_response(s3,
req,
s3_xml_key_info_startelm,
s3_xml_key_info_cdata,
s3_xml_key_info_endelm,
&s3->key_info
);
}
retry = ne_end_request(req);
}
} while(retry == NE_RETRY);
ne_request_destroy(req);
s3_end_session(s3);
return err;
}
static int buf_concat3(void)
{
ne_buffer *s = ne_buffer_create();
ON(s == NULL);
ne_buffer_zappend(s, "foobar");
ne_buffer_concat(s, "norman", NULL);
ONCMP(s->data, "foobarnorman");
ON(ne_buffer_size(s) != 12);
ne_buffer_destroy(s);
return OK;
}
static int buf_concat2(void)
{
#define RES "alphabetagammadeltaepsilonetatheta"
ne_buffer *s = ne_buffer_create();
ON(s == NULL);
ne_buffer_concat(s, "alpha", "beta", "gamma", "delta", "epsilon",
"eta", "theta", NULL);
ONCMP(s->data, RES);
ON(ne_buffer_size(s) != strlen(RES));
ne_buffer_destroy(s);
return OK;
}
static int buf_print(void)
{
ne_buffer *buf = ne_buffer_create();
ne_buffer_czappend(buf, "foo-");
ne_buffer_snprintf(buf, 20, "bar-%s-asda", "norman");
ne_buffer_czappend(buf, "-bloo");
ONN("snprintf return value", ne_buffer_snprintf(buf, 2, "---") != 1);
ONCMP(buf->data, "foo-bar-norman-asda-bloo-");
ne_buffer_destroy(buf);
return OK;
}
static int alter(void) {
ne_buffer *s = ne_buffer_create();
char *d;
ON(s == NULL);
ne_buffer_zappend(s, "abcdefg");
d = s->data;
ON(d == NULL);
d[2] = '\0';
ne_buffer_altered(s);
ONCMP(s->data, "ab");
ON(ne_buffer_size(s) != 2);
ne_buffer_zappend(s, "hijkl");
ONCMP(s->data, "abhijkl");
ne_buffer_destroy(s);
return OK;
}
static int append(void)
{
ne_buffer *s = ne_buffer_create();
ON(s == NULL);
ne_buffer_append(s, "a", 1);
ne_buffer_append(s, "b", 1);
ne_buffer_append(s, "c", 1);
ONCMP(s->data, "abc");
ON(ne_buffer_size(s) != 3);
ne_buffer_zappend(s, "hello");
ONCMP(s->data, "abchello");
ne_buffer_czappend(s, "world");
ONCMP(s->data, "abchelloworld");
ON(ne_buffer_size(s) != 13);
ne_buffer_destroy(s);
return OK;
}
int ne_lock_refresh(ne_session *sess, struct ne_lock *lock)
{
ne_request *req = ne_request_create(sess, "LOCK", lock->uri.path);
ne_xml_parser *parser = ne_xml_create();
int ret;
struct lock_ctx ctx;
memset(&ctx, 0, sizeof ctx);
ctx.cdata = ne_buffer_create();
ctx.req = req;
ctx.token = lock->token;
/* Handle the response and update *lock appropriately. */
ne_xml_push_handler(parser, lk_startelm, lk_cdata, lk_endelm, &ctx);
/* For a lock refresh, submitting only this lock token must be
* sufficient. */
ne_print_request_header(req, "If", "(<%s>)", lock->token);
add_timeout_header(req, lock->timeout);
ret = ne_xml_dispatch_request(req, parser);
if (ret == NE_OK) {
if (ne_get_status(req)->klass != 2) {
ret = NE_ERROR; /* and use default session error */
} else if (ne_xml_failed(parser)) {
ret = NE_ERROR;
ne_set_error(sess, "%s", ne_xml_get_error(parser));
} else if (!ctx.found) {
ne_set_error(sess, _("No activelock for <%s> returned in "
"LOCK refresh response"), lock->token);
ret = NE_ERROR;
} else /* success! */ {
/* update timeout for passed-in lock structure. */
lock->timeout = ctx.active.timeout;
}
}
ne_lock_free(&ctx.active);
ne_buffer_destroy(ctx.cdata);
ne_request_destroy(req);
ne_xml_destroy(parser);
return ret;
}
static object_query_t *set_object_form(object_query_t *req) {
int resp_code;
ne_buffer *req_body = NULL;
const char *ct = "multipart/form-data; boundary=" FORM_POST_BOUNDARY;
/* TODO: Single request doesn't seem to work
if (1 == object_query_size(req))
ct = "application/x-form-urlencoded";
*/
assert(NULL != req);
/* Sanity check */
assert(SET_OBJECT_REQUEST == req->type);
assert(FORM_POST == req->mode);
/* Serialise request POST data */
req_body = set_object_serialise_form(req);
/* Send request (response is ignored by the proto. spec v3) */
resp_code = send_http_request(session,
"POST", "/Forms/set_obj_2", ct, req_body, NULL);
/*
* Repeat in case of 401 - Unauthorised
*
* Note that this is a WA of NMC sending Connection: close
* header in the 401 response, in which case neon closes
* connection (quite rightfully).
*/
if (401 == resp_code) {
resp_code = send_http_request(session,
"POST", "/Forms/set_obj_2", ct, req_body, NULL);
}
/* Cleanup */
if (NULL != req_body)
ne_buffer_destroy(req_body);
return NULL;
}
static int qappend(void)
{
static const struct {
const char *in;
size_t inlen;
const char *out;
} ts[] = {
{ "", 0, "" },
{ "a", 1, "a" },
{ "b", 2, "b\\x00" },
{ "alpha\0alpha", 11, "alpha\\x00alpha" },
{ "a\tb", 3, "a\\x09b" },
{ NULL }
};
unsigned n;
for (n = 0; ts[n].in; n++) {
ne_buffer *buf = ne_buffer_create();
char *s;
const unsigned char *in = (const unsigned char *)ts[n].in;
ne_buffer_qappend(buf, in, ts[n].inlen);
ONCMP(buf->data, ts[n].out);
ONV(strlen(buf->data) + 1 != buf->used,
("bad buffer length for '%s': %" NE_FMT_SIZE_T,
ts[n].out, buf->used));
s = ne_strnqdup(in, ts[n].inlen);
ONCMP(s, ts[n].out);
ne_free(s);
ne_buffer_destroy(buf);
}
return OK;
}
int ne_acl_set(ne_session *sess, const char *uri,
ne_acl_entry *entries, int numentries)
{
int ret;
ne_request *req = ne_request_create(sess, "ACL", uri);
ne_buffer *body = acl_body(entries, numentries);
#ifdef NE_HAVE_DAV
ne_lock_using_resource(req, uri, 0);
#endif
ne_set_request_body_buffer(req, body->data, ne_buffer_size(body));
ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE);
ret = ne_request_dispatch(req);
ne_buffer_destroy(body);
if (ret == NE_OK && ne_get_status(req)->code == 207) {
ret = NE_ERROR;
}
ne_request_destroy(req);
return ret;
}
static ne_request *s3_new_request(const S3 *s3,const char *method,const char *bucket,const char *key,const char *params,const char *content_type)
{
ne_buffer *date, *signing_string, *request_str;
ne_request *req;
char *sig, *p;
time_t t;
if(!s3) return NULL;
if(!method) return NULL;
if(!bucket) return NULL;
if(!s3->session) return NULL;
// create some string buffers
date = ne_buffer_create();
signing_string = ne_buffer_create();
request_str = ne_buffer_create();
// get the time
t = time(NULL);
ne_buffer_zappend(date,asctime(gmtime(&t)));
if(date->data[date->used - 2] == '\n')
date->data[date->used - 2] = 0;
ne_buffer_altered(date);
// create request
if(key) ne_buffer_concat(request_str,"/",bucket,"/",key,NULL);
else ne_buffer_concat(request_str,"/",bucket,NULL);
if(params && params[0] != 0) {
ne_buffer_zappend(request_str,"?");
ne_buffer_zappend(request_str,params);
}
req = ne_request_create(s3->session,method,request_str->data);
// Add date header
ne_add_request_header(req,"Date",date->data);
// Add content-type header
if(content_type) ne_add_request_header(req,"Content-Type",content_type);
else content_type = "";
// construct signing string
p = strrchr(request_str->data,'?');
if(p) {
*p = 0;
ne_buffer_altered(request_str);
}
ne_buffer_concat(signing_string,method,"\n\n",content_type,"\n",date->data,"\n",request_str->data,NULL);
// sign the string
sig = s3_sign_string(s3,signing_string->data);
// construct signed header
ne_print_request_header(req,"Authorization","AWS %s:%s",s3->access_id,sig);
ne_buffer_destroy(date);
ne_buffer_destroy(signing_string);
ne_buffer_destroy(request_str);
free(sig);
return req;
}
int ne_lock(ne_session *sess, struct ne_lock *lock)
{
ne_request *req = ne_request_create(sess, "LOCK", lock->uri.path);
ne_buffer *body = ne_buffer_create();
ne_xml_parser *parser = ne_xml_create();
int ret, parse_failed;
struct lock_ctx ctx;
memset(&ctx, 0, sizeof ctx);
ctx.cdata = ne_buffer_create();
ctx.req = req;
ne_xml_push_handler(parser, lk_startelm, lk_cdata, lk_endelm, &ctx);
/* Create the body */
ne_buffer_concat(body, "<?xml version=\"1.0\" encoding=\"utf-8\"?>" EOL
"<lockinfo xmlns='DAV:'>" EOL " <lockscope>",
lock->scope==ne_lockscope_exclusive?
"<exclusive/>":"<shared/>",
"</lockscope>" EOL
"<locktype><write/></locktype>", NULL);
if (lock->owner) {
ne_buffer_concat(body, "<owner>", lock->owner, "</owner>" EOL, NULL);
}
ne_buffer_zappend(body, "</lockinfo>" EOL);
ne_set_request_body_buffer(req, body->data, ne_buffer_size(body));
/* ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); */
/* Just to test whether sever accepts both text/xml and application/xml */
ne_add_request_header(req, "Content-Type", "text/xml");
ne_add_depth_header(req, lock->depth);
add_timeout_header(req, lock->timeout);
/* TODO:
* By 2518, we need this only if we are creating a lock-null resource.
* Since we don't KNOW whether the lock we're given is a lock-null
* or not, we cover our bases.
*/
ne_lock_using_parent(req, lock->uri.path);
/* This one is clearer from 2518 sec 8.10.4. */
ne_lock_using_resource(req, lock->uri.path, lock->depth);
ret = ne_xml_dispatch_request(req, parser);
ne_buffer_destroy(body);
ne_buffer_destroy(ctx.cdata);
parse_failed = ne_xml_failed(parser);
if (ret == NE_OK && ne_get_status(req)->klass == 2) {
if (ctx.token == NULL) {
ret = NE_ERROR;
ne_set_error(sess, _("No Lock-Token header given"));
}
else if (parse_failed) {
ret = NE_ERROR;
ne_set_error(sess, "%s", ne_xml_get_error(parser));
}
else if (ne_get_status(req)->code == 207) {
ret = NE_ERROR;
/* TODO: set the error string appropriately */
}
else if (ctx.found) {
/* it worked: copy over real lock details if given. */
if (lock->token) ne_free(lock->token);
lock->token = ctx.token;
ctx.token = NULL;
if (ctx.active.timeout != NE_TIMEOUT_INVALID)
lock->timeout = ctx.active.timeout;
lock->scope = ctx.active.scope;
lock->type = ctx.active.type;
if (ctx.active.depth >= 0)
lock->depth = ctx.active.depth;
if (ctx.active.owner) {
if (lock->owner) ne_free(lock->owner);
lock->owner = ctx.active.owner;
ctx.active.owner = NULL;
}
} else {
ret = NE_ERROR;
ne_set_error(sess, _("Response missing activelock for %s"),
ctx.token);
}
} else if (ret == NE_OK /* && status != 2xx */) {
ret = NE_ERROR;
}
ne_lock_free(&ctx.active);
if (ctx.token) ne_free(ctx.token);
ne_request_destroy(req);
ne_xml_destroy(parser);
return ret;
}
/* Continue a GSS-API Negotiate exchange, using input TOKEN if
* non-NULL. Returns non-zero on error. */
static int continue_negotiate(auth_session *sess, const char *token)
{
unsigned int major, minor;
gss_buffer_desc input = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output = GSS_C_EMPTY_BUFFER;
unsigned char *bintoken = NULL;
int ret;
if (token) {
input.length = ne_unbase64(token, &bintoken);
if (input.length == 0) {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Invalid input [%s].\n",
token);
return -1;
}
input.value = bintoken;
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Continuation token [%s]\n", token);
}
else if (sess->gssctx != GSS_C_NO_CONTEXT) {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Reset incomplete context.\n");
gss_delete_sec_context(&minor, &sess->gssctx, GSS_C_NO_BUFFER);
}
major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &sess->gssctx,
sess->gssname, sess->gssmech,
GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE,
GSS_C_NO_CHANNEL_BINDINGS,
&input, &sess->gssmech, &output, NULL, NULL);
/* done with the input token. */
if (bintoken) ne_free(bintoken);
if (GSS_ERROR(major)) {
ne_buffer *err = ne_buffer_create();
int flag = 0;
make_gss_error(err, &flag, major, GSS_C_GSS_CODE);
make_gss_error(err, &flag, minor, GSS_C_MECH_CODE);
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Error: %s\n", err->data);
ne_set_error(sess->sess, _("GSSAPI authentication error (%s)"),
err->data);
ne_buffer_destroy(err);
return -1;
}
if (major == GSS_S_CONTINUE_NEEDED || major == GSS_S_COMPLETE) {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: init_sec_context OK. (major=%d)\n",
major);
ret = 0;
}
else {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Init failure %d.\n", major);
ret = -1;
}
if (major != GSS_S_CONTINUE_NEEDED) {
/* context no longer needed: destroy it */
gss_delete_sec_context(&minor, &sess->gssctx, GSS_C_NO_BUFFER);
}
if (output.length) {
sess->gssapi_token = ne_base64(output.value, output.length);
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Output token: [%s]\n",
sess->gssapi_token);
gss_release_buffer(&minor, &output);
} else {
NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: No output token.\n");
}
return ret;
}
/* Check certificate identity. Returns zero if identity matches; 1 if
* identity does not match, or <0 if the certificate had no identity.
* If 'identity' is non-NULL, store the malloc-allocated identity in
* *identity. Logic specified by RFC 2818 and RFC 3280. */
static int check_identity(const ne_uri *server, X509 *cert, char **identity)
{
STACK_OF(GENERAL_NAME) *names;
int match = 0, found = 0;
const char *hostname;
hostname = server ? server->host : "";
names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (names) {
int n;
/* subjectAltName contains a sequence of GeneralNames */
for (n = 0; n < sk_GENERAL_NAME_num(names) && !match; n++) {
GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, n);
/* handle dNSName and iPAddress name extensions only. */
if (nm->type == GEN_DNS) {
char *name = dup_ia5string(nm->d.ia5);
if (identity && !found) *identity = ne_strdup(name);
match = ne__ssl_match_hostname(name, strlen(name), hostname);
free(name);
found = 1;
}
else if (nm->type == GEN_IPADD) {
/* compare IP address with server IP address. */
ne_inet_addr *ia;
if (nm->d.ip->length == 4)
ia = ne_iaddr_make(ne_iaddr_ipv4, nm->d.ip->data);
else if (nm->d.ip->length == 16)
ia = ne_iaddr_make(ne_iaddr_ipv6, nm->d.ip->data);
else
ia = NULL;
/* ne_iaddr_make returns NULL if address type is unsupported */
if (ia != NULL) { /* address type was supported. */
char buf[128];
match = strcmp(hostname,
ne_iaddr_print(ia, buf, sizeof buf)) == 0;
found = 1;
ne_iaddr_free(ia);
} else {
NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported "
"address type (length %d), skipped.\n",
nm->d.ip->length);
}
}
else if (nm->type == GEN_URI) {
char *name = dup_ia5string(nm->d.ia5);
ne_uri uri;
if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) {
ne_uri tmp;
if (identity && !found) *identity = ne_strdup(name);
found = 1;
if (server) {
/* For comparison purposes, all that matters is
* host, scheme and port; ignore the rest. */
memset(&tmp, 0, sizeof tmp);
tmp.host = uri.host;
tmp.scheme = uri.scheme;
tmp.port = uri.port;
match = ne_uri_cmp(server, &tmp) == 0;
}
}
ne_uri_free(&uri);
free(name);
}
}
/* free the whole stack. */
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
/* Check against the commonName if no DNS alt. names were found,
* as per RFC3280. */
if (!found) {
X509_NAME *subj = X509_get_subject_name(cert);
X509_NAME_ENTRY *entry;
ne_buffer *cname = ne_buffer_ncreate(30);
int idx = -1, lastidx;
/* find the most specific commonName attribute. */
do {
lastidx = idx;
idx = X509_NAME_get_index_by_NID(subj, NID_commonName, lastidx);
} while (idx >= 0);
if (lastidx < 0) {
/* no commonName attributes at all. */
ne_buffer_destroy(cname);
return -1;
}
/* extract the string from the entry */
entry = X509_NAME_get_entry(subj, lastidx);
if (append_dirstring(cname, X509_NAME_ENTRY_get_data(entry))) {
ne_buffer_destroy(cname);
return -1;
}
if (identity) *identity = ne_strdup(cname->data);
match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname);
ne_buffer_destroy(cname);
}
NE_DEBUG(NE_DBG_SSL, "Identity match for '%s': %s\n", hostname,
match ? "good" : "bad");
return match ? 0 : 1;
}
