int ne_get_content_type(ne_request *req, ne_content_type *ct) { const char *value; char *sep, *stype; value = ne_get_response_header(req, "Content-Type"); if (value == NULL || strchr(value, '/') == NULL) { return -1; } ct->value = ne_strdup(value); stype = strchr(ct->value, '/'); *stype++ = '\0'; ct->type = ct->value; ct->charset = NULL; sep = strchr(stype, ';'); if (sep) { char *tok; /* look for the charset parameter. TODO; probably better to * hand-carve a parser than use ne_token/strstr/shave here. */ *sep++ = '\0'; do { tok = ne_qtoken(&sep, ';', "\"\'"); if (tok) { tok = strstr(tok, "charset="); if (tok) ct->charset = ne_shave(tok+8, "\"\'"); } else { break; } } while (sep != NULL); } /* set subtype, losing any trailing whitespace */ ct->subtype = ne_shave(stype, " \t"); if (ct->charset == NULL && ne_strcasecmp(ct->type, "text") == 0) { /* 3280§3.1: text/xml without charset implies us-ascii. */ if (ne_strcasecmp(ct->subtype, "xml") == 0) ct->charset = "us-ascii"; /* 2616§3.7.1: subtypes of text/ default to charset ISO-8859-1. */ else ct->charset = "ISO-8859-1"; } return 0; }
int discard_request(ne_socket *sock) { char buffer[1024]; size_t offset = want_header?strlen(want_header):0; clength = 0; NE_DEBUG(NE_DBG_HTTP, "Discarding request...\n"); do { ONV(ne_sock_readline(sock, buffer, 1024) < 0, ("error reading line: %s", ne_sock_error(sock))); NE_DEBUG(NE_DBG_HTTP, "[req] %s", buffer); if (strncasecmp(buffer, "content-length:", 15) == 0) { clength = atoi(buffer + 16); } if (got_header != NULL && want_header != NULL && strncasecmp(buffer, want_header, offset) == 0 && buffer[offset] == ':') { char *value = buffer + offset + 1; if (*value == ' ') value++; got_header(ne_shave(value, "\r\n")); } } while (strcmp(buffer, "\r\n") != 0); return OK; }
char *readline(const char *prompt) { static char buf[256]; char *ret; if (prompt) { printf("%s", prompt); } ret = fgets(buf, 256, stdin); if (ret) { return ne_strdup(ne_shave(buf, "\r\n")); } else { return NULL; } }
static int lk_startelm(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { struct lock_ctx *ctx = userdata; int id; NE_DEBUG_WINSCP_CONTEXT(ne_get_session(ctx->req)); id = ne_xml_mapid(element_map, NE_XML_MAPLEN(element_map), nspace, name); NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: %s => %d\n", name, id); if (id == 0) return NE_XML_DECLINE; if (parent == 0 && ctx->token == NULL) { const char *token = ne_get_response_header(ctx->req, "Lock-Token"); /* at the root element; retrieve the Lock-Token header, * and bail if it wasn't given. */ if (token == NULL) { ne_xml_set_error(ctx->parser, _("LOCK response missing Lock-Token header")); return NE_XML_ABORT; } if (token[0] == '<') token++; ctx->token = ne_strdup(token); ne_shave(ctx->token, ">"); NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", ctx->token); } /* TODO: only accept 'prop' as root for LOCK response */ if (!can_accept(parent, id)) return NE_XML_DECLINE; if (id == ELM_activelock && !ctx->found) { /* a new activelock */ ne_lock_free(&ctx->active); memset(&ctx->active, 0, sizeof ctx->active); ctx->active.timeout = NE_TIMEOUT_INVALID; } ne_buffer_clear(ctx->cdata); return id; }
static void parse_dav_header(const char *value, ne_server_capabilities *caps) { char *tokens = ne_strdup(value), *pnt = tokens; do { char *tok = ne_qtoken(&pnt, ',', "\"'"); if (!tok) break; tok = ne_shave(tok, " \r\t\n"); if (strcmp(tok, "1") == 0) { caps->dav_class1 = 1; } else if (strcmp(tok, "2") == 0) { caps->dav_class2 = 1; } else if (strcmp(tok, "<http://apache.org/dav/propset/fs/1>") == 0) { caps->dav_executable = 1; } } while (pnt != NULL); ne_free(tokens); }
static void parse_dav_header(const char *value, unsigned int *caps) { char *tokens = ne_strdup(value), *pnt = tokens; *caps = 0; do { char *tok = ne_qtoken(&pnt, ',', "\"'"); unsigned n; if (!tok) break; tok = ne_shave(tok, " \r\t\n"); for (n = 0; n < sizeof(options_map)/sizeof(options_map[0]); n++) { if (strcmp(tok, options_map[n].name) == 0) { *caps |= options_map[n].cap; } } } while (pnt != NULL); ne_free(tokens); }
static int init_rcfile(void) { int ret = 0; char buf[BUFSIZ]; struct stat st; FILE *f; if (rcfile == NULL) { rcfile = ne_concat(getenv("HOME"), "/.cadaverrc", NULL); if (stat(rcfile, &st) != 0) { NE_DEBUG(DEBUG_FILES, "No rcfile\n"); free(rcfile); return 0; } } f = fopen(rcfile, "r"); if (f == NULL) { printf(_("Could not read rcfile %s: %s\n"), rcfile, strerror(errno)); } else { for (;;) { if (fgets(buf, BUFSIZ, f) != NULL) { ret = execute_command(ne_shave(buf, "\r\n")); if (ret != 0) break; } else { break; } } fclose(f); } free(rcfile); return ret; }
/* Passed the value of a "(Proxy,WWW)-Authenticate: " header field. * Returns 0 if valid challenge was accepted; non-zero if no valid * challenge was found. */ static int auth_challenge(auth_session *sess, const char *value) { char *pnt, *key, *val, *hdr, sep; struct auth_challenge *chall = NULL, *challenges = NULL; int success; pnt = hdr = ne_strdup(value); NE_DEBUG(NE_DBG_HTTPAUTH, "Got new auth challenge: %s\n", value); /* The header value may be made up of one or more challenges. We * split it down into attribute-value pairs, then search for * schemes in the pair keys. */ while (!tokenize(&pnt, &key, &val, &sep, 1)) { if (val == NULL) { auth_scheme scheme; if (strcasecmp(key, "basic") == 0) { scheme = auth_scheme_basic; } else if (strcasecmp(key, "digest") == 0) { scheme = auth_scheme_digest; } #ifdef HAVE_GSSAPI else if (strcasecmp(key, "negotiate") == 0) { scheme = auth_scheme_gssapi; } #else #ifdef HAVE_SSPI else if (strcasecmp(key, "negotiate") == 0) { scheme = auth_scheme_sspi_negotiate; } else if (strcasecmp(key, "ntlm") == 0) { scheme = auth_scheme_sspi_ntlm; } #endif #endif else { NE_DEBUG(NE_DBG_HTTPAUTH, "Ignoring challenge '%s'.\n", key); chall = NULL; continue; } NE_DEBUG(NE_DBG_HTTPAUTH, "New '%s' challenge.\n", key); chall = ne_calloc(sizeof *chall); chall->scheme = scheme; chall->next = challenges; challenges = chall; if (sep == ' ' && (scheme == auth_scheme_gssapi || scheme == auth_scheme_sspi_negotiate || scheme == auth_scheme_sspi_ntlm) ) { /* Cope with the fact that the unquoted base64 * paramater token doesn't match the 2617 auth-param * grammar: */ chall->opaque = ne_shave(ne_token(&pnt, ','), " \t"); NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Negotiate parameter '%s'\n", chall->opaque); if (!pnt) break; /* stop parsing at end-of-string. */ } continue; } else if (chall == NULL) { /* Ignore pairs for an unknown challenge. */ NE_DEBUG(NE_DBG_HTTPAUTH, "Ignored pair: %s = %s\n", key, val); continue; } /* Strip quotes off value. */ val = ne_shave(val, "\"'"); NE_DEBUG(NE_DBG_HTTPAUTH, "Got pair: [%s] = [%s]\n", key, val); if (strcasecmp(key, "realm") == 0) { chall->realm = val; } else if (strcasecmp(key, "nonce") == 0) { chall->nonce = val; } else if (strcasecmp(key, "opaque") == 0) { chall->opaque = val; } else if (strcasecmp(key, "stale") == 0) { /* Truth value */ chall->stale = (strcasecmp(val, "true") == 0); } else if (strcasecmp(key, "algorithm") == 0) { if (strcasecmp(val, "md5") == 0) { chall->alg = auth_alg_md5; } else if (strcasecmp(val, "md5-sess") == 0) { chall->alg = auth_alg_md5_sess; } else { chall->alg = auth_alg_unknown; } } else if (strcasecmp(key, "qop") == 0) { /* iterate over each token in the value */ do { const char *tok = ne_shave(ne_token(&val, ','), " \t"); if (strcasecmp(tok, "auth") == 0) { chall->qop_auth = 1; } } while (val); chall->got_qop = chall->qop_auth; } } NE_DEBUG(NE_DBG_HTTPAUTH, "Finished parsing parameters.\n"); /* Did we find any challenges */ if (challenges == NULL) { ne_free(hdr); return -1; } success = 0; #ifdef HAVE_GSSAPI /* Ignore Negotiate challenges from origin servers which don't * come over SSL. */ if (sess->spec == &ah_proxy_class || sess->context != AUTH_ANY) { NE_DEBUG(NE_DBG_HTTPAUTH, "Looking for GSSAPI.\n"); /* Try a GSSAPI challenge */ for (chall = challenges; chall != NULL; chall = chall->next) { if (chall->scheme == auth_scheme_gssapi) { if (!gssapi_challenge(sess, chall)) { success = 1; break; } } } } #endif #ifdef HAVE_SSPI if (!success) { NE_DEBUG(NE_DBG_HTTPAUTH, "Looking for SSPI/Negotiate.\n"); for (chall = challenges; chall != NULL; chall = chall->next) { if (chall->scheme == auth_scheme_sspi_negotiate) { if (!sspi_challenge(sess, chall, 0)) { success = 1; break; } } } } if (!success) { NE_DEBUG(NE_DBG_HTTPAUTH, "Looking for SSPI/NTLM.\n"); for (chall = challenges; chall != NULL; chall = chall->next) { if (chall->scheme == auth_scheme_sspi_ntlm) { if (!sspi_challenge(sess, chall, 1)) { success = 1; break; } } } } #endif /* Try a digest challenge */ if (!success) { NE_DEBUG(NE_DBG_HTTPAUTH, "Looking for Digest challenges.\n"); for (chall = challenges; chall != NULL; chall = chall->next) { if (chall->scheme == auth_scheme_digest) { if (!digest_challenge(sess, chall)) { success = 1; break; } } } } if (!success) { NE_DEBUG(NE_DBG_HTTPAUTH, "No good Digest challenges, looking for Basic.\n"); for (chall = challenges; chall != NULL; chall = chall->next) { if (chall->scheme == auth_scheme_basic) { if (!basic_challenge(sess, chall)) { success = 1; break; } } } if (!success) { /* No good challenges - record this in the session state */ NE_DEBUG(NE_DBG_HTTPAUTH, "Did not understand any challenges.\n"); } } /* Remember whether we can now supply the auth details */ sess->can_handle = success; while (challenges != NULL) { chall = challenges->next; ne_free(challenges); challenges = chall; } ne_free(hdr); return !success; }
/* Pass this the value of the 'Authentication-Info:' header field, if * one is received. * Returns: * 0 if it gives a valid authentication for the server * non-zero otherwise (don't believe the response in this case!). */ static int verify_digest_response(struct auth_request *req, auth_session *sess, const char *value) { char *hdr, *pnt, *key, *val; auth_qop qop = auth_qop_none; char *nextnonce = NULL, /* for the nextnonce= value */ *rspauth = NULL, /* for the rspauth= value */ *cnonce = NULL, /* for the cnonce= value */ *nc = NULL, /* for the nc= value */ *qop_value = NULL; unsigned int nonce_count; int okay; if (!req->will_handle) { /* Ignore it */ return 0; } if (sess->scheme != auth_scheme_digest) { NE_DEBUG(NE_DBG_HTTPAUTH, "Found Auth-Info header not in response " " to Digest credentials - dodgy.\n"); return -1; } pnt = hdr = ne_strdup(value); NE_DEBUG(NE_DBG_HTTPAUTH, "Auth-Info header: %s\n", value); while (tokenize(&pnt, &key, &val, NULL, 0) == 0) { val = ne_shave(val, "\""); NE_DEBUG(NE_DBG_HTTPAUTH, "Pair: [%s] = [%s]\n", key, val); if (strcasecmp(key, "qop") == 0) { qop_value = val; if (strcasecmp(val, "auth") == 0) { qop = auth_qop_auth; } else { qop = auth_qop_none; } } else if (strcasecmp(key, "nextnonce") == 0) { nextnonce = val; } else if (strcasecmp(key, "rspauth") == 0) { rspauth = val; } else if (strcasecmp(key, "cnonce") == 0) { cnonce = val; } else if (strcasecmp(key, "nc") == 0) { nc = val; if (sscanf(val, "%x", &nonce_count) != 1) { NE_DEBUG(NE_DBG_HTTPAUTH, "Couldn't find nonce count.\n"); } else { NE_DEBUG(NE_DBG_HTTPAUTH, "Got nonce_count: %u\n", nonce_count); } } } /* Presume the worst */ okay = -1; if ((qop != auth_qop_none) && (qop_value != NULL)) { if ((rspauth == NULL) || (cnonce == NULL) || (nc == NULL)) { NE_DEBUG(NE_DBG_HTTPAUTH, "Missing rspauth, cnonce or nc with qop.\n"); } else { /* Have got rspauth, cnonce and nc */ if (strcmp(cnonce, sess->cnonce) != 0) { NE_DEBUG(NE_DBG_HTTPAUTH, "Response cnonce doesn't match.\n"); } else if (nonce_count != sess->nonce_count) { NE_DEBUG(NE_DBG_HTTPAUTH, "Response nonce count doesn't match.\n"); } else { /* Calculate and check the response-digest value. * joe: IMO the spec is slightly ambiguous as to whether * we use the qop which WE sent, or the qop which THEY * sent... */ struct ne_md5_ctx a2; unsigned char a2_md5[16], rdig_md5[16]; char a2_md5_ascii[33], rdig_md5_ascii[33]; NE_DEBUG(NE_DBG_HTTPAUTH, "Calculating response-digest.\n"); /* First off, H(A2) again. */ ne_md5_init_ctx(&a2); ne_md5_process_bytes(":", 1, &a2); ne_md5_process_bytes(req->uri, strlen(req->uri), &a2); ne_md5_finish_ctx(&a2, a2_md5); ne_md5_to_ascii(a2_md5, a2_md5_ascii); /* We have the stored digest-so-far of * H(A1) ":" unq(nonce-value) * [ ":" nc-value ":" unq(cnonce-value) ] for qop * in sess->stored_rdig, to save digesting them again. * */ if (qop != auth_qop_none) { /* Add in qop-value */ NE_DEBUG(NE_DBG_HTTPAUTH, "Digesting qop-value [%s:].\n", qop_value); ne_md5_process_bytes(qop_value, strlen(qop_value), &sess->stored_rdig); ne_md5_process_bytes(":", 1, &sess->stored_rdig); } /* Digest ":" H(A2) */ ne_md5_process_bytes(a2_md5_ascii, 32, &sess->stored_rdig); /* All done */ ne_md5_finish_ctx(&sess->stored_rdig, rdig_md5); ne_md5_to_ascii(rdig_md5, rdig_md5_ascii); NE_DEBUG(NE_DBG_HTTPAUTH, "Calculated response-digest of: " "[%s]\n", rdig_md5_ascii); NE_DEBUG(NE_DBG_HTTPAUTH, "Given response-digest of: " "[%s]\n", rspauth); /* And... do they match? */ okay = (strcasecmp(rdig_md5_ascii, rspauth) == 0)?0:-1; NE_DEBUG(NE_DBG_HTTPAUTH, "Matched: %s\n", okay?"nope":"YES!"); } } } else { NE_DEBUG(NE_DBG_HTTPAUTH, "No qop directive, auth okay.\n"); okay = 0; } /* Check for a nextnonce */ if (nextnonce != NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "Found nextnonce of [%s].\n", nextnonce); if (sess->nonce != NULL) ne_free(sess->nonce); sess->nonce = ne_strdup(nextnonce); } ne_free(hdr); return okay; }