1
/*-
2
 * SPDX-License-Identifier: BSD-3-Clause
3
 *
4
 * Copyright (c) 2000-2014 Dag-Erling Smørgrav
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer
12
 *    in this position and unchanged.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 * 3. The name of the author may not be used to endorse or promote products
17
 *    derived from this software without specific prior written permission.
18
 *
19
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
 */
30

31
#include "bsd_compat.h"
32

33
#if !defined(TCP_NOPUSH) && defined(TCP_CORK)
34
#define TCP_NOPUSH TCP_CORK
35
#endif
36

37
/*
38
 * The following copyright applies to the base64 code:
39
 *
40
 *-
41
 * Copyright 1997 Massachusetts Institute of Technology
42
 *
43
 * Permission to use, copy, modify, and distribute this software and
44
 * its documentation for any purpose and without fee is hereby
45
 * granted, provided that both the above copyright notice and this
46
 * permission notice appear in all copies, that both the above
47
 * copyright notice and this permission notice appear in all
48
 * supporting documentation, and that the name of M.I.T. not be used
49
 * in advertising or publicity pertaining to distribution of the
50
 * software without specific, written prior permission.  M.I.T. makes
51
 * no representations about the suitability of this software for any
52
 * purpose.  It is provided "as is" without express or implied
53
 * warranty.
54
 *
55
 * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''.  M.I.T. DISCLAIMS
56
 * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE,
57
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
58
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
59
 * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
60
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
61
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
62
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
63
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
64
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
65
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66
 * SUCH DAMAGE.
67
 */
68

69
#include <sys/param.h>
70
#include <sys/socket.h>
71
#include <sys/time.h>
72

73
#include <ctype.h>
74
#include <err.h>
75
#include <errno.h>
76
#include <locale.h>
77
#include <netdb.h>
78
#include <stdarg.h>
79
#include <stdbool.h>
80
#include <stdio.h>
81
#include <stdlib.h>
82
#include <string.h>
83
#include <time.h>
84
#include <unistd.h>
85

86
#ifdef WITH_SSL
87
#include <openssl/md5.h>
88
#define MD5Init(c) MD5_Init(c)
89
#define MD5Update(c, data, len) MD5_Update(c, data, len)
90
#define MD5Final(md, c) MD5_Final(md, c)
91
#else
92
#include <md5.h>
93
#endif
94

95
#include <netinet/in.h>
96
#include <netinet/tcp.h>
97

98
#include "fetch.h"
99
#include "common.h"
100
#include "httperr.h"
101

102
/* Maximum number of redirects to follow */
103
#define MAX_REDIRECT 20
104

105
/* Persistent connection cache */
106
static conn_t *http_cached_conn;
107

108
static void
109
http_cache_flush(void)
110
{
111
	if (http_cached_conn != NULL) {
112
		fetch_close(http_cached_conn);
113
		http_cached_conn = NULL;
114
	}
115
}
116

117
/* Symbolic names for reply codes we care about */
118
#define HTTP_OK			200
119
#define HTTP_PARTIAL		206
120
#define HTTP_MOVED_PERM		301
121
#define HTTP_MOVED_TEMP		302
122
#define HTTP_SEE_OTHER		303
123
#define HTTP_NOT_MODIFIED	304
124
#define HTTP_USE_PROXY		305
125
#define HTTP_TEMP_REDIRECT	307
126
#define HTTP_PERM_REDIRECT	308
127
#define HTTP_NEED_AUTH		401
128
#define HTTP_NEED_PROXY_AUTH	407
129
#define HTTP_BAD_RANGE		416
130
#define HTTP_PROTOCOL_ERROR	999
131

132
#define HTTP_REDIRECT(xyz) ((xyz) == HTTP_MOVED_PERM \
133
			    || (xyz) == HTTP_MOVED_TEMP \
134
			    || (xyz) == HTTP_TEMP_REDIRECT \
135
			    || (xyz) == HTTP_PERM_REDIRECT \
136
			    || (xyz) == HTTP_USE_PROXY \
137
			    || (xyz) == HTTP_SEE_OTHER)
138

139
#define HTTP_ERROR(xyz) ((xyz) >= 400 && (xyz) <= 599)
140

141

142
/*****************************************************************************
143
 * I/O functions for decoding chunked streams
144
 */
145

146
struct httpio
147
{
148
	conn_t		*conn;		/* connection */
149
	int		 chunked;	/* chunked mode */
150
	int		 keep_alive;	/* eligible for connection reuse */
151
	char		*buf;		/* chunk buffer */
152
	size_t		 bufsize;	/* size of chunk buffer */
153
	size_t		 buflen;	/* amount of data currently in buffer */
154
	size_t		 bufpos;	/* current read offset in buffer */
155
	int		 eof;		/* end-of-file flag */
156
	int		 error;		/* error flag */
157
	size_t		 chunksize;	/* remaining size of current chunk */
158
	off_t		 contentlength;	/* Content-Length or -1 if unknown */
159
	off_t		 bytes_read;	/* total bytes read from body */
160
#ifndef NDEBUG
161
	size_t		 total;
162
#endif
163
	/* low speed limit tracking */
164
	time_t		 lowspeed_start;  /* when slow period began (0=none) */
165
	size_t		 lowspeed_bytes;  /* bytes received since lowspeed_start */
166
};
167

168
/*
169
 * Get next chunk header
170
 */
171
static int
172
http_new_chunk(struct httpio *io)
173
{
174
	char *p;
175

176
	if (fetch_getln(io->conn) == -1)
177
		return (-1);
178

179
	if (io->conn->buflen < 2 || !isxdigit((unsigned char)*io->conn->buf))
180
		return (-1);
181

182
	for (p = io->conn->buf; *p && !isspace((unsigned char)*p); ++p) {
183
		if (*p == ';')
184
			break;
185
		if (!isxdigit((unsigned char)*p))
186
			return (-1);
187
		if (isdigit((unsigned char)*p)) {
188
			io->chunksize = io->chunksize * 16 +
189
			    *p - '0';
190
		} else {
191
			io->chunksize = io->chunksize * 16 +
192
			    10 + tolower((unsigned char)*p) - 'a';
193
		}
194
	}
195

196
#ifndef NDEBUG
197
	if (fetchDebug) {
198
		io->total += io->chunksize;
199
		if (io->chunksize == 0)
200
			fprintf(stderr, "%s(): end of last chunk\n", __func__);
201
		else
202
			fprintf(stderr, "%s(): new chunk: %lu (%lu)\n",
203
			    __func__, (unsigned long)io->chunksize,
204
			    (unsigned long)io->total);
205
	}
206
#endif
207

208
	return (io->chunksize);
209
}
210

211
/*
212
 * Grow the input buffer to at least len bytes
213
 */
214
static inline int
215
http_growbuf(struct httpio *io, size_t len)
216
{
217
	char *tmp;
218

219
	if (io->bufsize >= len)
220
		return (0);
221

222
	if ((tmp = realloc(io->buf, len)) == NULL)
223
		return (-1);
224
	io->buf = tmp;
225
	io->bufsize = len;
226
	return (0);
227
}
228

229
/*
230
 * Fill the input buffer, do chunk decoding on the fly
231
 */
232
static ssize_t
233
http_fillbuf(struct httpio *io, size_t len)
234
{
235
	ssize_t nbytes;
236
	char ch;
237

238
	if (io->error)
239
		return (-1);
240
	if (io->eof)
241
		return (0);
242

243
	/* not chunked: just fetch the requested amount */
244
	if (io->chunked == 0) {
245
		/* limit read to remaining content if Content-Length is known */
246
		if (io->contentlength >= 0) {
247
			off_t remaining = io->contentlength - io->bytes_read;
248
			if (remaining <= 0) {
249
				io->eof = 1;
250
				return (0);
251
			}
252
			if ((off_t)len > remaining)
253
				len = (size_t)remaining;
254
		}
255
		if (http_growbuf(io, len) == -1)
256
			return (-1);
257
		if ((nbytes = fetch_read(io->conn, io->buf, len)) == -1) {
258
			io->error = errno;
259
			return (-1);
260
		}
261
		if (nbytes == 0) {
262
			io->eof = 1;
263
			return (0);
264
		}
265
		io->bytes_read += nbytes;
266
		io->buflen = nbytes;
267
		io->bufpos = 0;
268
		return (io->buflen);
269
	}
270

271
	/* chunked, but we ran out: get the next chunk header */
272
	if (io->chunksize == 0) {
273
		switch (http_new_chunk(io)) {
274
		case -1:
275
			io->error = EPROTO;
276
			return (-1);
277
		case 0:
278
			io->eof = 1;
279
			return (0);
280
		}
281
	}
282

283
	/* fetch the requested amount, but no more than the current chunk */
284
	if (len > io->chunksize)
285
		len = io->chunksize;
286
	if (http_growbuf(io, len) == -1)
287
		return (-1);
288
	if ((nbytes = fetch_read(io->conn, io->buf, len)) == -1) {
289
		io->error = errno;
290
		return (-1);
291
	}
292
	io->bufpos = 0;
293
	io->buflen = nbytes;
294
	io->chunksize -= nbytes;
295

296
	if (io->chunksize == 0) {
297
		if (fetch_read(io->conn, &ch, 1) != 1 || ch != '\r' ||
298
		    fetch_read(io->conn, &ch, 1) != 1 || ch != '\n')
299
			return (-1);
300
	}
301

302
	return (io->buflen);
303
}
304

305
/*
306
 * Read function
307
 */
308
static int
309
http_readfn(void *v, char *buf, int len)
310
{
311
	struct httpio *io = (struct httpio *)v;
312
	int rlen;
313

314
	if (io->error)
315
		return (-1);
316
	if (io->eof)
317
		return (0);
318

319
	/* empty buffer */
320
	if (!io->buf || io->bufpos == io->buflen) {
321
		if ((rlen = http_fillbuf(io, len)) < 0) {
322
			if ((errno = io->error) == EINTR)
323
				io->error = 0;
324
			return (-1);
325
		} else if (rlen == 0) {
326
			return (0);
327
		}
328
	}
329

330
	rlen = io->buflen - io->bufpos;
331
	if (len < rlen)
332
		rlen = len;
333
	memcpy(buf, io->buf + io->bufpos, rlen);
334
	io->bufpos += rlen;
335

336
	/* low speed limit check */
337
	if (fetchSpeedLimit > 0 && fetchSpeedTime > 0) {
338
		time_t now = time(NULL);
339
		if (io->lowspeed_start == 0) {
340
			io->lowspeed_start = now;
341
			io->lowspeed_bytes = rlen;
342
		} else {
343
			io->lowspeed_bytes += rlen;
344
			time_t elapsed = now - io->lowspeed_start;
345
			if (elapsed >= fetchSpeedTime) {
346
				if ((off_t)io->lowspeed_bytes / elapsed <
347
				    fetchSpeedLimit) {
348
					io->error = ETIMEDOUT;
349
					errno = ETIMEDOUT;
350
					fetch_syserr();
351
					return (-1);
352
				}
353
				/* reset window */
354
				io->lowspeed_start = now;
355
				io->lowspeed_bytes = 0;
356
			}
357
		}
358
	}
359

360
	return (rlen);
361
}
362

363
/*
364
 * Write function
365
 */
366
static int
367
http_writefn(void *v, const char *buf, int len)
368
{
369
	struct httpio *io = (struct httpio *)v;
370

371
	return (fetch_write(io->conn, buf, len));
372
}
373

374
/*
375
 * Drain any unread response body data
376
 */
377
static void
378
http_drain(struct httpio *io)
379
{
380
	char buf[4096];
381

382
	while (!io->eof && !io->error) {
383
		if (http_fillbuf(io, sizeof(buf)) <= 0)
384
			break;
385
		io->bufpos = io->buflen;
386
	}
387
}
388

389
/*
390
 * Close function — caches the connection for reuse when possible
391
 */
392
static int
393
http_closefn(void *v)
394
{
395
	struct httpio *io = (struct httpio *)v;
396
	int r;
397

398
	if (io->keep_alive && !io->error) {
399
		/* drain unread body so the connection is at a clean state */
400
		http_drain(io);
401
		if (!io->error) {
402
			/* connection is reusable — cache it */
403
			if (http_cached_conn != NULL)
404
				fetch_close(http_cached_conn);
405
			http_cached_conn = io->conn;
406
			/* clear leftover line buffer */
407
			io->conn->buflen = 0;
408
			DEBUGF("cached connection to %s:%d\n",
409
			    io->conn->cache_host, io->conn->cache_port);
410
			if (io->buf)
411
				free(io->buf);
412
			free(io);
413
			return (0);
414
		}
415
	}
416
	r = fetch_close(io->conn);
417
	if (io->buf)
418
		free(io->buf);
419
	free(io);
420
	return (r);
421
}
422

423
/*
424
 * Wrap a file descriptor up
425
 */
426
static FILE *
427
http_funopen(conn_t *conn, int chunked, int keep_alive, off_t clength)
428
{
429
	struct httpio *io;
430
	FILE *f;
431

432
	if ((io = calloc(1, sizeof(*io))) == NULL) {
433
		fetch_syserr();
434
		return (NULL);
435
	}
436
	io->conn = conn;
437
	io->chunked = chunked;
438
	io->keep_alive = keep_alive;
439
	io->contentlength = clength;
440
	io->bytes_read = 0;
441
	f = funopen(io, http_readfn, http_writefn, NULL, http_closefn);
442
	if (f == NULL) {
443
		fetch_syserr();
444
		free(io);
445
		return (NULL);
446
	}
447
	return (f);
448
}
449

450

451
/*****************************************************************************
452
 * Helper functions for talking to the server and parsing its replies
453
 */
454

455
/* Header types */
456
typedef enum {
457
	hdr_syserror = -2,
458
	hdr_error = -1,
459
	hdr_end = 0,
460
	hdr_unknown = 1,
461
	hdr_content_length,
462
	hdr_content_range,
463
	hdr_last_modified,
464
	hdr_location,
465
	hdr_transfer_encoding,
466
	hdr_www_authenticate,
467
	hdr_proxy_authenticate,
468
	hdr_connection,
469
} hdr_t;
470

471
/* Names of interesting headers */
472
static struct {
473
	hdr_t		 num;
474
	const char	*name;
475
} hdr_names[] = {
476
	{ hdr_content_length,		"Content-Length" },
477
	{ hdr_content_range,		"Content-Range" },
478
	{ hdr_last_modified,		"Last-Modified" },
479
	{ hdr_location,			"Location" },
480
	{ hdr_transfer_encoding,	"Transfer-Encoding" },
481
	{ hdr_www_authenticate,		"WWW-Authenticate" },
482
	{ hdr_proxy_authenticate,	"Proxy-Authenticate" },
483
	{ hdr_connection,		"Connection" },
484
	{ hdr_unknown,			NULL },
485
};
486

487
/*
488
 * Send a formatted line; optionally echo to terminal
489
 */
490
static int
491
http_cmd(conn_t *conn, const char *fmt, ...)
492
{
493
	va_list ap;
494
	size_t len;
495
	char *msg;
496
	int r;
497

498
	va_start(ap, fmt);
499
	len = vasprintf(&msg, fmt, ap);
500
	va_end(ap);
501

502
	if (msg == NULL) {
503
		errno = ENOMEM;
504
		fetch_syserr();
505
		return (-1);
506
	}
507

508
	r = fetch_putln(conn, msg, len);
509
	free(msg);
510

511
	if (r == -1) {
512
		fetch_syserr();
513
		return (-1);
514
	}
515

516
	return (0);
517
}
518

519
/*
520
 * Get and parse status line
521
 */
522
static int
523
http_get_reply(conn_t *conn)
524
{
525
	char *p;
526

527
	if (fetch_getln(conn) == -1)
528
		return (-1);
529
	/*
530
	 * A valid status line looks like "HTTP/m.n xyz reason" where m
531
	 * and n are the major and minor protocol version numbers and xyz
532
	 * is the reply code.
533
	 * Unfortunately, there are servers out there (NCSA 1.5.1, to name
534
	 * just one) that do not send a version number, so we can't rely
535
	 * on finding one, but if we do, insist on it being 1.0 or 1.1.
536
	 * We don't care about the reason phrase.
537
	 */
538
	if (strncmp(conn->buf, "HTTP", 4) != 0)
539
		return (HTTP_PROTOCOL_ERROR);
540
	p = conn->buf + 4;
541
	if (*p == '/') {
542
		if (p[1] != '1' || p[2] != '.' || (p[3] != '0' && p[3] != '1'))
543
			return (HTTP_PROTOCOL_ERROR);
544
		p += 4;
545
	}
546
	if (*p != ' ' ||
547
	    !isdigit((unsigned char)p[1]) ||
548
	    !isdigit((unsigned char)p[2]) ||
549
	    !isdigit((unsigned char)p[3]))
550
		return (HTTP_PROTOCOL_ERROR);
551

552
	conn->err = (p[1] - '0') * 100 + (p[2] - '0') * 10 + (p[3] - '0');
553
	return (conn->err);
554
}
555

556
/*
557
 * Check a header; if the type matches the given string, return a pointer
558
 * to the beginning of the value.
559
 */
560
static const char *
561
http_match(const char *str, const char *hdr)
562
{
563
	while (*str && *hdr &&
564
	    tolower((unsigned char)*str++) == tolower((unsigned char)*hdr++))
565
		/* nothing */;
566
	if (*str || *hdr != ':')
567
		return (NULL);
568
	while (*hdr && isspace((unsigned char)*++hdr))
569
		/* nothing */;
570
	return (hdr);
571
}
572

573

574
/*
575
 * Get the next header and return the appropriate symbolic code.  We
576
 * need to read one line ahead for checking for a continuation line
577
 * belonging to the current header (continuation lines start with
578
 * white space).
579
 *
580
 * We get called with a fresh line already in the conn buffer, either
581
 * from the previous http_next_header() invocation, or, the first
582
 * time, from a fetch_getln() performed by our caller.
583
 *
584
 * This stops when we encounter an empty line (we dont read beyond the header
585
 * area).
586
 *
587
 * Note that the "headerbuf" is just a place to return the result. Its
588
 * contents are not used for the next call. This means that no cleanup
589
 * is needed when ie doing another connection, just call the cleanup when
590
 * fully done to deallocate memory.
591
 */
592

593
/* Limit the max number of continuation lines to some reasonable value */
594
#define HTTP_MAX_CONT_LINES 10
595

596
/* Place into which to build a header from one or several lines */
597
typedef struct {
598
	char	*buf;		/* buffer */
599
	size_t	 bufsize;	/* buffer size */
600
	size_t	 buflen;	/* length of buffer contents */
601
} http_headerbuf_t;
602

603
static void
604
init_http_headerbuf(http_headerbuf_t *buf)
605
{
606
	buf->buf = NULL;
607
	buf->bufsize = 0;
608
	buf->buflen = 0;
609
}
610

611
static void
612
clean_http_headerbuf(http_headerbuf_t *buf)
613
{
614
	if (buf->buf)
615
		free(buf->buf);
616
	init_http_headerbuf(buf);
617
}
618

619
/* Remove whitespace at the end of the buffer */
620
static void
621
http_conn_trimright(conn_t *conn)
622
{
623
	while (conn->buflen &&
624
	       isspace((unsigned char)conn->buf[conn->buflen - 1]))
625
		conn->buflen--;
626
	conn->buf[conn->buflen] = '\0';
627
}
628

629
static hdr_t
630
http_next_header(conn_t *conn, http_headerbuf_t *hbuf, const char **p)
631
{
632
	unsigned int i, len;
633

634
	/*
635
	 * Have to do the stripping here because of the first line. So
636
	 * it's done twice for the subsequent lines. No big deal
637
	 */
638
	http_conn_trimright(conn);
639
	if (conn->buflen == 0)
640
		return (hdr_end);
641

642
	/* Copy the line to the headerbuf */
643
	if (hbuf->bufsize < conn->buflen + 1) {
644
		if ((hbuf->buf = realloc(hbuf->buf, conn->buflen + 1)) == NULL)
645
			return (hdr_syserror);
646
		hbuf->bufsize = conn->buflen + 1;
647
	}
648
	strcpy(hbuf->buf, conn->buf);
649
	hbuf->buflen = conn->buflen;
650

651
	/*
652
	 * Fetch possible continuation lines. Stop at 1st non-continuation
653
	 * and leave it in the conn buffer
654
	 */
655
	for (i = 0; i < HTTP_MAX_CONT_LINES; i++) {
656
		if (fetch_getln(conn) == -1)
657
			return (hdr_syserror);
658

659
		/*
660
		 * Note: we carry on the idea from the previous version
661
		 * that a pure whitespace line is equivalent to an empty
662
		 * one (so it's not continuation and will be handled when
663
		 * we are called next)
664
		 */
665
		http_conn_trimright(conn);
666
		if (conn->buf[0] != ' ' && conn->buf[0] != "\t"[0])
667
			break;
668

669
		/* Got a continuation line. Concatenate to previous */
670
		len = hbuf->buflen + conn->buflen;
671
		if (hbuf->bufsize < len + 1) {
672
			len *= 2;
673
			if ((hbuf->buf = realloc(hbuf->buf, len + 1)) == NULL)
674
				return (hdr_syserror);
675
			hbuf->bufsize = len + 1;
676
		}
677
		strcpy(hbuf->buf + hbuf->buflen, conn->buf);
678
		hbuf->buflen += conn->buflen;
679
	}
680

681
	/*
682
	 * We could check for malformed headers but we don't really care.
683
	 * A valid header starts with a token immediately followed by a
684
	 * colon; a token is any sequence of non-control, non-whitespace
685
	 * characters except "()<>@,;:\\\"{}".
686
	 */
687
	for (i = 0; hdr_names[i].num != hdr_unknown; i++)
688
		if ((*p = http_match(hdr_names[i].name, hbuf->buf)) != NULL)
689
			return (hdr_names[i].num);
690

691
	return (hdr_unknown);
692
}
693

694
/**************************
695
 * [Proxy-]Authenticate header parsing
696
 */
697

698
/*
699
 * Read doublequote-delimited string into output buffer obuf (allocated
700
 * by caller, whose responsibility it is to ensure that it's big enough)
701
 * cp points to the first char after the initial '"'
702
 * Handles \ quoting
703
 * Returns pointer to the first char after the terminating double quote, or
704
 * NULL for error.
705
 */
706
static const char *
707
http_parse_headerstring(const char *cp, char *obuf)
708
{
709
	for (;;) {
710
		switch (*cp) {
711
		case 0: /* Unterminated string */
712
			*obuf = 0;
713
			return (NULL);
714
		case '"': /* Ending quote */
715
			*obuf = 0;
716
			return (++cp);
717
		case '\\':
718
			if (*++cp == 0) {
719
				*obuf = 0;
720
				return (NULL);
721
			}
722
			/* FALLTHROUGH */
723
		default:
724
			*obuf++ = *cp++;
725
		}
726
	}
727
}
728

729
/* Http auth challenge schemes */
730
typedef enum {HTTPAS_UNKNOWN, HTTPAS_BASIC,HTTPAS_DIGEST} http_auth_schemes_t;
731

732
/* Data holder for a Basic or Digest challenge. */
733
typedef struct {
734
	http_auth_schemes_t scheme;
735
	char	*realm;
736
	char	*qop;
737
	char	*nonce;
738
	char	*opaque;
739
	char	*algo;
740
	int	 stale;
741
	int	 nc; /* Nonce count */
742
} http_auth_challenge_t;
743

744
static void
745
init_http_auth_challenge(http_auth_challenge_t *b)
746
{
747
	b->scheme = HTTPAS_UNKNOWN;
748
	b->realm = b->qop = b->nonce = b->opaque = b->algo = NULL;
749
	b->stale = b->nc = 0;
750
}
751

752
static void
753
clean_http_auth_challenge(http_auth_challenge_t *b)
754
{
755
	if (b->realm)
756
		free(b->realm);
757
	if (b->qop)
758
		free(b->qop);
759
	if (b->nonce)
760
		free(b->nonce);
761
	if (b->opaque)
762
		free(b->opaque);
763
	if (b->algo)
764
		free(b->algo);
765
	init_http_auth_challenge(b);
766
}
767

768
/* Data holder for an array of challenges offered in an http response. */
769
#define MAX_CHALLENGES 10
770
typedef struct {
771
	http_auth_challenge_t *challenges[MAX_CHALLENGES];
772
	int	count; /* Number of parsed challenges in the array */
773
	int	valid; /* We did parse an authenticate header */
774
} http_auth_challenges_t;
775

776
static void
777
init_http_auth_challenges(http_auth_challenges_t *cs)
778
{
779
	int i;
780
	for (i = 0; i < MAX_CHALLENGES; i++)
781
		cs->challenges[i] = NULL;
782
	cs->count = cs->valid = 0;
783
}
784

785
static void
786
clean_http_auth_challenges(http_auth_challenges_t *cs)
787
{
788
	int i;
789
	/* We rely on non-zero pointers being allocated, not on the count */
790
	for (i = 0; i < MAX_CHALLENGES; i++) {
791
		if (cs->challenges[i] != NULL) {
792
			clean_http_auth_challenge(cs->challenges[i]);
793
			free(cs->challenges[i]);
794
		}
795
	}
796
	init_http_auth_challenges(cs);
797
}
798

799
/*
800
 * Enumeration for lexical elements. Separators will be returned as their own
801
 * ascii value
802
 */
803
typedef enum {HTTPHL_WORD=256, HTTPHL_STRING=257, HTTPHL_END=258,
804
	      HTTPHL_ERROR = 259} http_header_lex_t;
805

806
/*
807
 * Determine what kind of token comes next and return possible value
808
 * in buf, which is supposed to have been allocated big enough by
809
 * caller. Advance input pointer and return element type.
810
 */
811
static int
812
http_header_lex(const char **cpp, char *buf)
813
{
814
	size_t l;
815
	/* Eat initial whitespace */
816
	*cpp += strspn(*cpp, " \t");
817
	if (**cpp == 0)
818
		return (HTTPHL_END);
819

820
	/* Separator ? */
821
	if (**cpp == ',' || **cpp == '=')
822
		return (*((*cpp)++));
823

824
	/* String ? */
825
	if (**cpp == '"') {
826
		*cpp = http_parse_headerstring(++*cpp, buf);
827
		if (*cpp == NULL)
828
			return (HTTPHL_ERROR);
829
		return (HTTPHL_STRING);
830
	}
831

832
	/* Read other token, until separator or whitespace */
833
	l = strcspn(*cpp, " \t,=");
834
	memcpy(buf, *cpp, l);
835
	buf[l] = 0;
836
	*cpp += l;
837
	return (HTTPHL_WORD);
838
}
839

840
/*
841
 * Read challenges from http xxx-authenticate header and accumulate them
842
 * in the challenges list structure.
843
 *
844
 * Headers with multiple challenges are specified by rfc2617, but
845
 * servers (ie: squid) often send them in separate headers instead,
846
 * which in turn is forbidden by the http spec (multiple headers with
847
 * the same name are only allowed for pure comma-separated lists, see
848
 * rfc2616 sec 4.2).
849
 *
850
 * We support both approaches anyway
851
 */
852
static int
853
http_parse_authenticate(const char *cp, http_auth_challenges_t *cs)
854
{
855
	int ret = -1;
856
	http_header_lex_t lex;
857
	char *key = malloc(strlen(cp) + 1);
858
	char *value = malloc(strlen(cp) + 1);
859
	char *buf = malloc(strlen(cp) + 1);
860

861
	if (key == NULL || value == NULL || buf == NULL) {
862
		fetch_syserr();
863
		goto out;
864
	}
865

866
	/* In any case we've seen the header and we set the valid bit */
867
	cs->valid = 1;
868

869
	/* Need word first */
870
	lex = http_header_lex(&cp, key);
871
	if (lex != HTTPHL_WORD)
872
		goto out;
873

874
	/* Loop on challenges */
875
	for (; cs->count < MAX_CHALLENGES; cs->count++) {
876
		cs->challenges[cs->count] =
877
			malloc(sizeof(http_auth_challenge_t));
878
		if (cs->challenges[cs->count] == NULL) {
879
			fetch_syserr();
880
			goto out;
881
		}
882
		init_http_auth_challenge(cs->challenges[cs->count]);
883
		if (strcasecmp(key, "basic") == 0) {
884
			cs->challenges[cs->count]->scheme = HTTPAS_BASIC;
885
		} else if (strcasecmp(key, "digest") == 0) {
886
			cs->challenges[cs->count]->scheme = HTTPAS_DIGEST;
887
		} else {
888
			cs->challenges[cs->count]->scheme = HTTPAS_UNKNOWN;
889
			/*
890
			 * Continue parsing as basic or digest may
891
			 * follow, and the syntax is the same for
892
			 * all. We'll just ignore this one when
893
			 * looking at the list
894
			 */
895
		}
896

897
		/* Loop on attributes */
898
		for (;;) {
899
			/* Key */
900
			lex = http_header_lex(&cp, key);
901
			if (lex != HTTPHL_WORD)
902
				goto out;
903

904
			/* Equal sign */
905
			lex = http_header_lex(&cp, buf);
906
			if (lex != '=')
907
				goto out;
908

909
			/* Value */
910
			lex = http_header_lex(&cp, value);
911
			if (lex != HTTPHL_WORD && lex != HTTPHL_STRING)
912
				goto out;
913

914
			if (strcasecmp(key, "realm") == 0) {
915
				cs->challenges[cs->count]->realm =
916
				    strdup(value);
917
			} else if (strcasecmp(key, "qop") == 0) {
918
				cs->challenges[cs->count]->qop =
919
				    strdup(value);
920
			} else if (strcasecmp(key, "nonce") == 0) {
921
				cs->challenges[cs->count]->nonce =
922
				    strdup(value);
923
			} else if (strcasecmp(key, "opaque") == 0) {
924
				cs->challenges[cs->count]->opaque =
925
				    strdup(value);
926
			} else if (strcasecmp(key, "algorithm") == 0) {
927
				cs->challenges[cs->count]->algo =
928
				    strdup(value);
929
			} else if (strcasecmp(key, "stale") == 0) {
930
				cs->challenges[cs->count]->stale =
931
				    strcasecmp(value, "no");
932
			} else {
933
				/* ignore unknown attributes */
934
			}
935

936
			/* Comma or Next challenge or End */
937
			lex = http_header_lex(&cp, key);
938
			/*
939
			 * If we get a word here, this is the beginning of the
940
			 * next challenge. Break the attributes loop
941
			 */
942
			if (lex == HTTPHL_WORD)
943
				break;
944

945
			if (lex == HTTPHL_END) {
946
				/* End while looking for ',' is normal exit */
947
				cs->count++;
948
				ret = 0;
949
				goto out;
950
			}
951
			/* Anything else is an error */
952
			if (lex != ',')
953
				goto out;
954

955
		} /* End attributes loop */
956
	} /* End challenge loop */
957

958
	/*
959
	 * Challenges max count exceeded. This really can't happen
960
	 * with normal data, something's fishy -> error
961
	 */
962

963
out:
964
	if (key)
965
		free(key);
966
	if (value)
967
		free(value);
968
	if (buf)
969
		free(buf);
970
	return (ret);
971
}
972

973

974
/*
975
 * Parse a last-modified header
976
 */
977
static int
978
http_parse_mtime(const char *p, time_t *mtime)
979
{
980
	char locale[64], *r;
981
	struct tm tm;
982

983
	memset(&tm, 0, sizeof(tm));
984
	strlcpy(locale, setlocale(LC_TIME, NULL), sizeof(locale));
985
	setlocale(LC_TIME, "C");
986
	r = strptime(p, "%a, %d %b %Y %H:%M:%S GMT", &tm);
987
	/*
988
	 * Some proxies use UTC in response, but it should still be
989
	 * parsed. RFC2616 states GMT and UTC are exactly equal for HTTP.
990
	 */
991
	if (r == NULL)
992
		r = strptime(p, "%a, %d %b %Y %H:%M:%S UTC", &tm);
993
	/* XXX should add support for date-2 and date-3 */
994
	setlocale(LC_TIME, locale);
995
	if (r == NULL)
996
		return (-1);
997
	DEBUGF("last modified: [%04d-%02d-%02d %02d:%02d:%02d]\n",
998
	    tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
999
	    tm.tm_hour, tm.tm_min, tm.tm_sec);
1000
	*mtime = timegm(&tm);
1001
	return (0);
1002
}
1003

1004
/*
1005
 * Parse a content-length header
1006
 */
1007
static int
1008
http_parse_length(const char *p, off_t *length)
1009
{
1010
	off_t len;
1011

1012
	for (len = 0; *p && isdigit((unsigned char)*p); ++p)
1013
		len = len * 10 + (*p - '0');
1014
	if (*p)
1015
		return (-1);
1016
	DEBUGF("content length: [%lld]\n", (long long)len);
1017
	*length = len;
1018
	return (0);
1019
}
1020

1021
/*
1022
 * Parse a content-range header
1023
 */
1024
static int
1025
http_parse_range(const char *p, off_t *offset, off_t *length, off_t *size)
1026
{
1027
	off_t first, last, len;
1028

1029
	if (strncasecmp(p, "bytes ", 6) != 0)
1030
		return (-1);
1031
	p += 6;
1032
	if (*p == '*') {
1033
		first = last = -1;
1034
		++p;
1035
	} else {
1036
		for (first = 0; *p && isdigit((unsigned char)*p); ++p)
1037
			first = first * 10 + *p - '0';
1038
		if (*p != '-')
1039
			return (-1);
1040
		for (last = 0, ++p; *p && isdigit((unsigned char)*p); ++p)
1041
			last = last * 10 + *p - '0';
1042
	}
1043
	if (first > last || *p != '/')
1044
		return (-1);
1045
	for (len = 0, ++p; *p && isdigit((unsigned char)*p); ++p)
1046
		len = len * 10 + *p - '0';
1047
	if (*p || len < last - first + 1)
1048
		return (-1);
1049
	if (first == -1) {
1050
		DEBUGF("content range: [*/%lld]\n", (long long)len);
1051
		*length = 0;
1052
	} else {
1053
		DEBUGF("content range: [%lld-%lld/%lld]\n",
1054
		    (long long)first, (long long)last, (long long)len);
1055
		*length = last - first + 1;
1056
	}
1057
	*offset = first;
1058
	*size = len;
1059
	return (0);
1060
}
1061

1062

1063
/*****************************************************************************
1064
 * Helper functions for authorization
1065
 */
1066

1067
/*
1068
 * Base64 encoding
1069
 */
1070
static char *
1071
http_base64(const char *src)
1072
{
1073
	static const char base64[] =
1074
	    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1075
	    "abcdefghijklmnopqrstuvwxyz"
1076
	    "0123456789+/";
1077
	char *str, *dst;
1078
	size_t l;
1079
	int t;
1080

1081
	l = strlen(src);
1082
	if ((str = malloc(((l + 2) / 3) * 4 + 1)) == NULL)
1083
		return (NULL);
1084
	dst = str;
1085

1086
	while (l >= 3) {
1087
		t = (src[0] << 16) | (src[1] << 8) | src[2];
1088
		dst[0] = base64[(t >> 18) & 0x3f];
1089
		dst[1] = base64[(t >> 12) & 0x3f];
1090
		dst[2] = base64[(t >> 6) & 0x3f];
1091
		dst[3] = base64[(t >> 0) & 0x3f];
1092
		src += 3; l -= 3;
1093
		dst += 4;
1094
	}
1095

1096
	switch (l) {
1097
	case 2:
1098
		t = (src[0] << 16) | (src[1] << 8);
1099
		dst[0] = base64[(t >> 18) & 0x3f];
1100
		dst[1] = base64[(t >> 12) & 0x3f];
1101
		dst[2] = base64[(t >> 6) & 0x3f];
1102
		dst[3] = '=';
1103
		dst += 4;
1104
		break;
1105
	case 1:
1106
		t = src[0] << 16;
1107
		dst[0] = base64[(t >> 18) & 0x3f];
1108
		dst[1] = base64[(t >> 12) & 0x3f];
1109
		dst[2] = dst[3] = '=';
1110
		dst += 4;
1111
		break;
1112
	case 0:
1113
		break;
1114
	}
1115

1116
	*dst = 0;
1117
	return (str);
1118
}
1119

1120

1121
/*
1122
 * Extract authorization parameters from environment value.
1123
 * The value is like scheme:realm:user:pass
1124
 */
1125
typedef struct {
1126
	char	*scheme;
1127
	char	*realm;
1128
	char	*user;
1129
	char	*password;
1130
} http_auth_params_t;
1131

1132
static void
1133
init_http_auth_params(http_auth_params_t *s)
1134
{
1135
	s->scheme = s->realm = s->user = s->password = NULL;
1136
}
1137

1138
static void
1139
clean_http_auth_params(http_auth_params_t *s)
1140
{
1141
	if (s->scheme)
1142
		free(s->scheme);
1143
	if (s->realm)
1144
		free(s->realm);
1145
	if (s->user)
1146
		free(s->user);
1147
	if (s->password)
1148
		free(s->password);
1149
	init_http_auth_params(s);
1150
}
1151

1152
static int
1153
http_authfromenv(const char *p, http_auth_params_t *parms)
1154
{
1155
	int ret = -1;
1156
	char *v, *ve;
1157
	char *str = strdup(p);
1158

1159
	if (str == NULL) {
1160
		fetch_syserr();
1161
		return (-1);
1162
	}
1163
	v = str;
1164

1165
	if ((ve = strchr(v, ':')) == NULL)
1166
		goto out;
1167

1168
	*ve = 0;
1169
	if ((parms->scheme = strdup(v)) == NULL) {
1170
		fetch_syserr();
1171
		goto out;
1172
	}
1173
	v = ve + 1;
1174

1175
	if ((ve = strchr(v, ':')) == NULL)
1176
		goto out;
1177

1178
	*ve = 0;
1179
	if ((parms->realm = strdup(v)) == NULL) {
1180
		fetch_syserr();
1181
		goto out;
1182
	}
1183
	v = ve + 1;
1184

1185
	if ((ve = strchr(v, ':')) == NULL)
1186
		goto out;
1187

1188
	*ve = 0;
1189
	if ((parms->user = strdup(v)) == NULL) {
1190
		fetch_syserr();
1191
		goto out;
1192
	}
1193
	v = ve + 1;
1194

1195

1196
	if ((parms->password = strdup(v)) == NULL) {
1197
		fetch_syserr();
1198
		goto out;
1199
	}
1200
	ret = 0;
1201
out:
1202
	if (ret == -1)
1203
		clean_http_auth_params(parms);
1204
	if (str)
1205
		free(str);
1206
	return (ret);
1207
}
1208

1209

1210
/*
1211
 * Digest response: the code to compute the digest is taken from the
1212
 * sample implementation in RFC2616
1213
 */
1214
#define IN const
1215
#define OUT
1216

1217
#define HASHLEN 16
1218
typedef char HASH[HASHLEN];
1219
#define HASHHEXLEN 32
1220
typedef char HASHHEX[HASHHEXLEN+1];
1221

1222
static const char *hexchars = "0123456789abcdef";
1223
static void
1224
CvtHex(IN HASH Bin, OUT HASHHEX Hex)
1225
{
1226
	unsigned short i;
1227
	unsigned char j;
1228

1229
	for (i = 0; i < HASHLEN; i++) {
1230
		j = (Bin[i] >> 4) & 0xf;
1231
		Hex[i*2] = hexchars[j];
1232
		j = Bin[i] & 0xf;
1233
		Hex[i*2+1] = hexchars[j];
1234
	}
1235
	Hex[HASHHEXLEN] = '\0';
1236
};
1237

1238
/* calculate H(A1) as per spec */
1239
static void
1240
DigestCalcHA1(
1241
	IN char * pszAlg,
1242
	IN char * pszUserName,
1243
	IN char * pszRealm,
1244
	IN char * pszPassword,
1245
	IN char * pszNonce,
1246
	IN char * pszCNonce,
1247
	OUT HASHHEX SessionKey
1248
	)
1249
{
1250
	MD5_CTX Md5Ctx;
1251
	HASH HA1;
1252

1253
	MD5Init(&Md5Ctx);
1254
	MD5Update(&Md5Ctx, pszUserName, strlen(pszUserName));
1255
	MD5Update(&Md5Ctx, ":", 1);
1256
	MD5Update(&Md5Ctx, pszRealm, strlen(pszRealm));
1257
	MD5Update(&Md5Ctx, ":", 1);
1258
	MD5Update(&Md5Ctx, pszPassword, strlen(pszPassword));
1259
	MD5Final(HA1, &Md5Ctx);
1260
	if (strcasecmp(pszAlg, "md5-sess") == 0) {
1261

1262
		MD5Init(&Md5Ctx);
1263
		MD5Update(&Md5Ctx, HA1, HASHLEN);
1264
		MD5Update(&Md5Ctx, ":", 1);
1265
		MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
1266
		MD5Update(&Md5Ctx, ":", 1);
1267
		MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
1268
		MD5Final(HA1, &Md5Ctx);
1269
	}
1270
	CvtHex(HA1, SessionKey);
1271
}
1272

1273
/* calculate request-digest/response-digest as per HTTP Digest spec */
1274
static void
1275
DigestCalcResponse(
1276
	IN HASHHEX HA1,           /* H(A1) */
1277
	IN char * pszNonce,       /* nonce from server */
1278
	IN char * pszNonceCount,  /* 8 hex digits */
1279
	IN char * pszCNonce,      /* client nonce */
1280
	IN char * pszQop,         /* qop-value: "", "auth", "auth-int" */
1281
	IN char * pszMethod,      /* method from the request */
1282
	IN char * pszDigestUri,   /* requested URL */
1283
	IN HASHHEX HEntity,       /* H(entity body) if qop="auth-int" */
1284
	OUT HASHHEX Response      /* request-digest or response-digest */
1285
	)
1286
{
1287
#if 0
1288
	DEBUGF("Calc: HA1[%s] Nonce[%s] qop[%s] method[%s] URI[%s]\n",
1289
	    HA1, pszNonce, pszQop, pszMethod, pszDigestUri);
1290
#endif
1291
	MD5_CTX Md5Ctx;
1292
	HASH HA2;
1293
	HASH RespHash;
1294
	HASHHEX HA2Hex;
1295

1296
	// calculate H(A2)
1297
	MD5Init(&Md5Ctx);
1298
	MD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
1299
	MD5Update(&Md5Ctx, ":", 1);
1300
	MD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
1301
	if (strcasecmp(pszQop, "auth-int") == 0) {
1302
		MD5Update(&Md5Ctx, ":", 1);
1303
		MD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
1304
	}
1305
	MD5Final(HA2, &Md5Ctx);
1306
	CvtHex(HA2, HA2Hex);
1307

1308
	// calculate response
1309
	MD5Init(&Md5Ctx);
1310
	MD5Update(&Md5Ctx, HA1, HASHHEXLEN);
1311
	MD5Update(&Md5Ctx, ":", 1);
1312
	MD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
1313
	MD5Update(&Md5Ctx, ":", 1);
1314
	if (*pszQop) {
1315
		MD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
1316
		MD5Update(&Md5Ctx, ":", 1);
1317
		MD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
1318
		MD5Update(&Md5Ctx, ":", 1);
1319
		MD5Update(&Md5Ctx, pszQop, strlen(pszQop));
1320
		MD5Update(&Md5Ctx, ":", 1);
1321
	}
1322
	MD5Update(&Md5Ctx, HA2Hex, HASHHEXLEN);
1323
	MD5Final(RespHash, &Md5Ctx);
1324
	CvtHex(RespHash, Response);
1325
}
1326

1327
/*
1328
 * Generate/Send a Digest authorization header
1329
 * This looks like: [Proxy-]Authorization: credentials
1330
 *
1331
 *  credentials      = "Digest" digest-response
1332
 *  digest-response  = 1#( username | realm | nonce | digest-uri
1333
 *                      | response | [ algorithm ] | [cnonce] |
1334
 *                      [opaque] | [message-qop] |
1335
 *                          [nonce-count]  | [auth-param] )
1336
 *  username         = "username" "=" username-value
1337
 *  username-value   = quoted-string
1338
 *  digest-uri       = "uri" "=" digest-uri-value
1339
 *  digest-uri-value = request-uri   ; As specified by HTTP/1.1
1340
 *  message-qop      = "qop" "=" qop-value
1341
 *  cnonce           = "cnonce" "=" cnonce-value
1342
 *  cnonce-value     = nonce-value
1343
 *  nonce-count      = "nc" "=" nc-value
1344
 *  nc-value         = 8LHEX
1345
 *  response         = "response" "=" request-digest
1346
 *  request-digest = <"> 32LHEX <">
1347
 */
1348
static int
1349
http_digest_auth(conn_t *conn, const char *hdr, http_auth_challenge_t *c,
1350
		 http_auth_params_t *parms, struct url *url)
1351
{
1352
	int r;
1353
	char noncecount[10];
1354
	char cnonce[40];
1355
	char *options = NULL;
1356

1357
	if (!c->realm || !c->nonce) {
1358
		DEBUGF("realm/nonce not set in challenge\n");
1359
		return(-1);
1360
	}
1361
	if (!c->algo)
1362
		c->algo = strdup("");
1363

1364
	if (asprintf(&options, "%s%s%s%s",
1365
	    *c->algo? ",algorithm=" : "", c->algo,
1366
	    c->opaque? ",opaque=" : "", c->opaque?c->opaque:"") < 0)
1367
		return (-1);
1368

1369
	if (!c->qop) {
1370
		c->qop = strdup("");
1371
		*noncecount = 0;
1372
		*cnonce = 0;
1373
	} else {
1374
		c->nc++;
1375
		sprintf(noncecount, "%08x", c->nc);
1376
		/* We don't try very hard with the cnonce ... */
1377
		sprintf(cnonce, "%x%lx", getpid(), (unsigned long)time(0));
1378
	}
1379

1380
	HASHHEX HA1;
1381
	DigestCalcHA1(c->algo, parms->user, c->realm,
1382
		      parms->password, c->nonce, cnonce, HA1);
1383
	DEBUGF("HA1: [%s]\n", HA1);
1384
	HASHHEX digest, null;
1385
	memset(null, 0, sizeof(null));
1386
	DigestCalcResponse(HA1, c->nonce, noncecount, cnonce, c->qop,
1387
			   "GET", url->doc, null, digest);
1388

1389
	if (c->qop[0]) {
1390
		r = http_cmd(conn, "%s: Digest username=\"%s\",realm=\"%s\","
1391
			     "nonce=\"%s\",uri=\"%s\",response=\"%s\","
1392
			     "qop=\"auth\", cnonce=\"%s\", nc=%s%s",
1393
			     hdr, parms->user, c->realm,
1394
			     c->nonce, url->doc, digest,
1395
			     cnonce, noncecount, options);
1396
	} else {
1397
		r = http_cmd(conn, "%s: Digest username=\"%s\",realm=\"%s\","
1398
			     "nonce=\"%s\",uri=\"%s\",response=\"%s\"%s",
1399
			     hdr, parms->user, c->realm,
1400
			     c->nonce, url->doc, digest, options);
1401
	}
1402
	if (options)
1403
		free(options);
1404
	return (r);
1405
}
1406

1407
/*
1408
 * Encode username and password
1409
 */
1410
static int
1411
http_basic_auth(conn_t *conn, const char *hdr, const char *usr, const char *pwd)
1412
{
1413
	char *upw, *auth;
1414
	int r;
1415

1416
	DEBUGF("basic: usr: [%s]\n", usr);
1417
	DEBUGF("basic: pwd: [%s]\n", pwd);
1418
	if (asprintf(&upw, "%s:%s", usr, pwd) == -1)
1419
		return (-1);
1420
	auth = http_base64(upw);
1421
	free(upw);
1422
	if (auth == NULL)
1423
		return (-1);
1424
	r = http_cmd(conn, "%s: Basic %s", hdr, auth);
1425
	free(auth);
1426
	return (r);
1427
}
1428

1429
/*
1430
 * Chose the challenge to answer and call the appropriate routine to
1431
 * produce the header.
1432
 */
1433
static int
1434
http_authorize(conn_t *conn, const char *hdr, http_auth_challenges_t *cs,
1435
	       http_auth_params_t *parms, struct url *url)
1436
{
1437
	http_auth_challenge_t *digest = NULL;
1438
	int i;
1439

1440
	/* If user or pass are null we're not happy */
1441
	if (!parms->user || !parms->password) {
1442
		DEBUGF("NULL usr or pass\n");
1443
		return (-1);
1444
	}
1445

1446
	/* Look for a Digest */
1447
	for (i = 0; i < cs->count; i++) {
1448
		if (cs->challenges[i]->scheme == HTTPAS_DIGEST)
1449
			digest = cs->challenges[i];
1450
	}
1451

1452
	/* Error if "Digest" was specified and there is no Digest challenge */
1453
	if (!digest &&
1454
	    (parms->scheme && strcasecmp(parms->scheme, "digest") == 0)) {
1455
		DEBUGF("Digest auth in env, not supported by peer\n");
1456
		return (-1);
1457
	}
1458
	/*
1459
	 * If "basic" was specified in the environment, or there is no Digest
1460
	 * challenge, do the basic thing. Don't need a challenge for this,
1461
	 * so no need to check basic!=NULL
1462
	 */
1463
	if (!digest ||
1464
	    (parms->scheme && strcasecmp(parms->scheme, "basic") == 0))
1465
		return (http_basic_auth(conn,hdr,parms->user,parms->password));
1466

1467
	/* Else, prefer digest. We just checked that it's not NULL */
1468
	return (http_digest_auth(conn, hdr, digest, parms, url));
1469
}
1470

1471
/*
1472
 * Send custom headers from a newline-separated string.
1473
 * Each line should be a complete "Header-Name: value" pair.
1474
 * Empty lines and lines without a colon are silently skipped.
1475
 */
1476
static void
1477
http_custom_headers(conn_t *conn, const char *hdrs)
1478
{
1479
	const char *p, *eol;
1480
	size_t len;
1481

1482
	for (p = hdrs; *p != '\0'; p = eol) {
1483
		eol = strpbrk(p, "\r\n");
1484
		if (eol == NULL)
1485
			eol = p + strlen(p);
1486
		len = eol - p;
1487
		/* skip empty lines and lines without ':' */
1488
		if (len > 0 && memchr(p, ':', len) != NULL)
1489
			http_cmd(conn, "%.*s", (int)len, p);
1490
		/* skip past \r\n or \n */
1491
		if (*eol == '\r')
1492
			eol++;
1493
		if (*eol == '\n')
1494
			eol++;
1495
	}
1496
}
1497

1498

1499
/*****************************************************************************
1500
 * Helper functions for connecting to a server or proxy
1501
 */
1502

1503
/*
1504
 * Connect to the correct HTTP server or proxy.
1505
 */
1506
static conn_t *
1507
http_connect(struct url *URL, struct url *purl, const char *flags)
1508
{
1509
	struct url *curl;
1510
	conn_t *conn;
1511
	hdr_t h;
1512
	http_headerbuf_t headerbuf;
1513
	const char *p;
1514
	int verbose;
1515
	int af, val;
1516
	int serrno;
1517
	bool isproxyauth = false;
1518
	http_auth_challenges_t proxy_challenges;
1519

1520
#ifdef INET6
1521
	af = AF_UNSPEC;
1522
#else
1523
	af = AF_INET;
1524
#endif
1525

1526
	verbose = CHECK_FLAG('v');
1527
	if (CHECK_FLAG('4'))
1528
		af = AF_INET;
1529
#ifdef INET6
1530
	else if (CHECK_FLAG('6'))
1531
		af = AF_INET6;
1532
#endif
1533

1534
	curl = (purl != NULL) ? purl : URL;
1535

1536
	/*
1537
	 * Try to reuse a cached connection.  Only for direct (non-proxy)
1538
	 * connections where host, port, and scheme match.
1539
	 */
1540
	if (purl == NULL && http_cached_conn != NULL) {
1541
		int is_ssl = (strcmp(URL->scheme, SCHEME_HTTPS) == 0);
1542
		if (strcmp(http_cached_conn->cache_host, URL->host) == 0 &&
1543
		    http_cached_conn->cache_port == URL->port &&
1544
		    http_cached_conn->cache_ssl == is_ssl) {
1545
			conn = http_cached_conn;
1546
			http_cached_conn = NULL;
1547
			DEBUGF("reusing cached connection to %s:%d\n",
1548
			    URL->host, URL->port);
1549
			val = 1;
1550
#ifdef TCP_NOPUSH
1551
			setsockopt(conn->sd, IPPROTO_TCP, TCP_NOPUSH,
1552
			    &val, sizeof(val));
1553
#endif
1554
			return (conn);
1555
		}
1556
		/* stale cache — different host */
1557
		http_cache_flush();
1558
	}
1559

1560
retry:
1561
	if ((conn = fetch_connect(curl->host, curl->port, af, verbose)) == NULL)
1562
		/* fetch_connect() has already set an error code */
1563
		return (NULL);
1564

1565
	/* record connection identity for later cache matching */
1566
	strlcpy(conn->cache_host, URL->host, sizeof(conn->cache_host));
1567
	conn->cache_port = URL->port;
1568
	conn->cache_ssl = (strcmp(URL->scheme, SCHEME_HTTPS) == 0);
1569
	init_http_headerbuf(&headerbuf);
1570
	if (strcmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
1571
		init_http_auth_challenges(&proxy_challenges);
1572
		http_cmd(conn, "CONNECT %s:%d HTTP/1.1", URL->host, URL->port);
1573
		http_cmd(conn, "Host: %s:%d", URL->host, URL->port);
1574
		if (isproxyauth) {
1575
			http_auth_params_t aparams;
1576
			init_http_auth_params(&aparams);
1577
			if (*purl->user || *purl->pwd) {
1578
				aparams.user = strdup(purl->user);
1579
				aparams.password = strdup(purl->pwd);
1580
			} else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL &&
1581
				    *p != '\0') {
1582
				if (http_authfromenv(p, &aparams) < 0) {
1583
					http_seterr(HTTP_NEED_PROXY_AUTH);
1584
					fetch_syserr();
1585
					goto ouch;
1586
				}
1587
			} else if (fetch_netrc_auth(purl) == 0) {
1588
				aparams.user = strdup(purl->user);
1589
				aparams.password = strdup(purl->pwd);
1590
			} else {
1591
				/*
1592
				 * No auth information found in system - exiting
1593
				 * with warning.
1594
				 */
1595
				warnx("Missing username and/or password set");
1596
				fetch_syserr();
1597
				goto ouch;
1598
			}
1599
			http_authorize(conn, "Proxy-Authorization",
1600
			    &proxy_challenges, &aparams, purl);
1601
			clean_http_auth_params(&aparams);
1602
		}
1603
		http_cmd(conn, "");
1604
		/* Get reply from CONNECT Tunnel attempt */
1605
		int httpreply = http_get_reply(conn);
1606
		if (httpreply != HTTP_OK) {
1607
			http_seterr(httpreply);
1608
			/* If the error is a 407/HTTP_NEED_PROXY_AUTH */
1609
			if (httpreply == HTTP_NEED_PROXY_AUTH &&
1610
			    ! isproxyauth) {
1611
				/* Try again with authentication. */
1612
				clean_http_headerbuf(&headerbuf);
1613
				fetch_close(conn);
1614
				isproxyauth = true;
1615
				goto retry;
1616
			}
1617
			goto ouch;
1618
		}
1619
		/* Read and discard the rest of the proxy response */
1620
		if (fetch_getln(conn) < 0) {
1621
			fetch_syserr();
1622
			goto ouch;
1623
		}
1624
		do {
1625
			switch ((h = http_next_header(conn, &headerbuf, &p))) {
1626
			case hdr_syserror:
1627
				fetch_syserr();
1628
				goto ouch;
1629
			case hdr_error:
1630
				http_seterr(HTTP_PROTOCOL_ERROR);
1631
				goto ouch;
1632
			default:
1633
				/* ignore */ ;
1634
			}
1635
		} while (h > hdr_end);
1636
	}
1637
	if (strcmp(URL->scheme, SCHEME_HTTPS) == 0 &&
1638
	    fetch_ssl(conn, URL, verbose) == -1) {
1639
		/* grrr */
1640
		errno = EAUTH;
1641
		fetch_syserr();
1642
		goto ouch;
1643
	}
1644

1645
	val = 1;
1646
#ifdef TCP_NOPUSH
1647
	setsockopt(conn->sd, IPPROTO_TCP, TCP_NOPUSH, &val, sizeof(val));
1648
#endif
1649

1650
	clean_http_headerbuf(&headerbuf);
1651
	return (conn);
1652
ouch:
1653
	serrno = errno;
1654
	clean_http_headerbuf(&headerbuf);
1655
	fetch_close(conn);
1656
	errno = serrno;
1657
	return (NULL);
1658
}
1659

1660
static struct url *
1661
http_get_proxy(struct url * url, const char *flags)
1662
{
1663
	struct url *purl;
1664
	char *p;
1665

1666
	if (flags != NULL && strchr(flags, 'd') != NULL)
1667
		return (NULL);
1668
	if (fetch_no_proxy_match(url->host))
1669
		return (NULL);
1670
	if (((p = getenv("HTTP_PROXY")) || (p = getenv("http_proxy"))) &&
1671
	    *p && (purl = fetchParseURL(p))) {
1672
		if (!*purl->scheme)
1673
			strcpy(purl->scheme, SCHEME_HTTP);
1674
		if (!purl->port)
1675
			purl->port = fetch_default_proxy_port(purl->scheme);
1676
		if (strcmp(purl->scheme, SCHEME_HTTP) == 0)
1677
			return (purl);
1678
		fetchFreeURL(purl);
1679
	}
1680
	return (NULL);
1681
}
1682

1683
static void
1684
http_print_html(FILE *out, FILE *in)
1685
{
1686
	ssize_t len = 0;
1687
	size_t cap;
1688
	char *line = NULL, *p, *q;
1689
	int comment, tag;
1690

1691
	comment = tag = 0;
1692
	while ((len = getline(&line, &cap, in)) >= 0) {
1693
		while (len && isspace((unsigned char)line[len - 1]))
1694
			--len;
1695
		for (p = q = line; q < line + len; ++q) {
1696
			if (comment && *q == '-') {
1697
				if (q + 2 < line + len &&
1698
				    strcmp(q, "-->") == 0) {
1699
					tag = comment = 0;
1700
					q += 2;
1701
				}
1702
			} else if (tag && !comment && *q == '>') {
1703
				p = q + 1;
1704
				tag = 0;
1705
			} else if (!tag && *q == '<') {
1706
				if (q > p)
1707
					fwrite(p, q - p, 1, out);
1708
				tag = 1;
1709
				if (q + 3 < line + len &&
1710
				    strcmp(q, "<!--") == 0) {
1711
					comment = 1;
1712
					q += 3;
1713
				}
1714
			}
1715
		}
1716
		if (!tag && q > p)
1717
			fwrite(p, q - p, 1, out);
1718
		fputc('\n', out);
1719
	}
1720

1721
	free(line);
1722
}
1723

1724

1725
/*****************************************************************************
1726
 * Core
1727
 */
1728

1729
FILE *
1730
http_request(struct url *URL, const char *op, struct url_stat *us,
1731
	struct url *purl, const char *flags)
1732
{
1733

1734
	return (http_request_body(URL, op, us, purl, flags, NULL, NULL));
1735
}
1736

1737
/*
1738
 * Send a request and process the reply
1739
 *
1740
 * XXX This function is way too long, the do..while loop should be split
1741
 * XXX off into a separate function.
1742
 */
1743
FILE *
1744
http_request_body(struct url *URL, const char *op, struct url_stat *us,
1745
	struct url *purl, const char *flags, const char *content_type,
1746
	const char *body)
1747
{
1748
	char timebuf[80];
1749
	char hbuf[MAXHOSTNAMELEN + 7], *host;
1750
	conn_t *conn;
1751
	struct url *url, *new;
1752
	int chunked, conn_close, direct, from_cache, ims, noredirect, verbose;
1753
	int e, i, n, val;
1754
	off_t offset, clength, length, size;
1755
	time_t mtime;
1756
	const char *p;
1757
	FILE *f;
1758
	hdr_t h;
1759
	struct tm *timestruct;
1760
	http_headerbuf_t headerbuf;
1761
	http_auth_challenges_t server_challenges;
1762
	http_auth_challenges_t proxy_challenges;
1763
	size_t body_len;
1764

1765
	/* The following calls don't allocate anything */
1766
	init_http_headerbuf(&headerbuf);
1767
	init_http_auth_challenges(&server_challenges);
1768
	init_http_auth_challenges(&proxy_challenges);
1769

1770
	direct = CHECK_FLAG('d');
1771
	noredirect = CHECK_FLAG('A');
1772
	verbose = CHECK_FLAG('v');
1773
	ims = CHECK_FLAG('i');
1774

1775
	if (direct && purl) {
1776
		fetchFreeURL(purl);
1777
		purl = NULL;
1778
	}
1779

1780
	/* try the provided URL first */
1781
	url = URL;
1782

1783
	n = MAX_REDIRECT;
1784
	i = 0;
1785

1786
	e = HTTP_PROTOCOL_ERROR;
1787
	do {
1788
		new = NULL;
1789
		chunked = 0;
1790
		conn_close = 0;
1791
		offset = 0;
1792
		clength = -1;
1793
		length = -1;
1794
		size = -1;
1795
		mtime = 0;
1796

1797
		/* check port */
1798
		if (!url->port)
1799
			url->port = fetch_default_port(url->scheme);
1800

1801
		/* connect to server or proxy */
1802
		from_cache = (http_cached_conn != NULL);
1803
		if ((conn = http_connect(url, purl, flags)) == NULL)
1804
			goto ouch;
1805

1806
		/* append port number only if necessary */
1807
		host = url->host;
1808
		if (url->port != fetch_default_port(url->scheme)) {
1809
			snprintf(hbuf, sizeof(hbuf), "%s:%d", host, url->port);
1810
			host = hbuf;
1811
		}
1812

1813
		/* send request */
1814
		if (verbose)
1815
			fetch_info("requesting %s://%s%s",
1816
			    url->scheme, host, url->doc);
1817
		if (purl && strcmp(url->scheme, SCHEME_HTTPS) != 0) {
1818
			http_cmd(conn, "%s %s://%s%s HTTP/1.1",
1819
			    op, url->scheme, host, url->doc);
1820
		} else {
1821
			http_cmd(conn, "%s %s HTTP/1.1",
1822
			    op, url->doc);
1823
		}
1824

1825
		if (ims && url->ims_time) {
1826
			timestruct = gmtime((time_t *)&url->ims_time);
1827
			(void)strftime(timebuf, 80, "%a, %d %b %Y %T GMT",
1828
			    timestruct);
1829
			if (verbose)
1830
				fetch_info("If-Modified-Since: %s", timebuf);
1831
			http_cmd(conn, "If-Modified-Since: %s", timebuf);
1832
		}
1833
		/* virtual host */
1834
		http_cmd(conn, "Host: %s", host);
1835

1836
		/*
1837
		 * Proxy authorization: we only send auth after we received
1838
		 * a 407 error. We do not first try basic anyway (changed
1839
		 * when support was added for digest-auth)
1840
		 */
1841
		if (purl && proxy_challenges.valid) {
1842
			http_auth_params_t aparams;
1843
			init_http_auth_params(&aparams);
1844
			if (*purl->user || *purl->pwd) {
1845
				aparams.user = strdup(purl->user);
1846
				aparams.password = strdup(purl->pwd);
1847
			} else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL &&
1848
				   *p != '\0') {
1849
				if (http_authfromenv(p, &aparams) < 0) {
1850
					http_seterr(HTTP_NEED_PROXY_AUTH);
1851
					goto ouch;
1852
				}
1853
			} else if (fetch_netrc_auth(purl) == 0) {
1854
				aparams.user = strdup(purl->user);
1855
				aparams.password = strdup(purl->pwd);
1856
			}
1857
			http_authorize(conn, "Proxy-Authorization",
1858
				       &proxy_challenges, &aparams, url);
1859
			clean_http_auth_params(&aparams);
1860
		}
1861

1862
		/*
1863
		 * Server authorization: we never send "a priori"
1864
		 * Basic auth, which used to be done if user/pass were
1865
		 * set in the url. This would be weird because we'd send the
1866
		 * password in the clear even if Digest is finally to be
1867
		 * used (it would have made more sense for the
1868
		 * pre-digest version to do this when Basic was specified
1869
		 * in the environment)
1870
		 */
1871
		if (server_challenges.valid) {
1872
			http_auth_params_t aparams;
1873
			init_http_auth_params(&aparams);
1874
			if (*url->user || *url->pwd) {
1875
				aparams.user = strdup(url->user);
1876
				aparams.password = strdup(url->pwd);
1877
			} else if ((p = getenv("HTTP_AUTH")) != NULL &&
1878
				   *p != '\0') {
1879
				if (http_authfromenv(p, &aparams) < 0) {
1880
					http_seterr(HTTP_NEED_AUTH);
1881
					goto ouch;
1882
				}
1883
			} else if (fetch_netrc_auth(url) == 0) {
1884
				aparams.user = strdup(url->user);
1885
				aparams.password = strdup(url->pwd);
1886
			} else if (fetchAuthMethod &&
1887
				   fetchAuthMethod(url) == 0) {
1888
				aparams.user = strdup(url->user);
1889
				aparams.password = strdup(url->pwd);
1890
			} else {
1891
				http_seterr(HTTP_NEED_AUTH);
1892
				goto ouch;
1893
			}
1894
			http_authorize(conn, "Authorization",
1895
				       &server_challenges, &aparams, url);
1896
			clean_http_auth_params(&aparams);
1897
		}
1898

1899
		/* other headers */
1900
		if ((p = getenv("HTTP_ACCEPT")) != NULL) {
1901
			if (*p != '\0')
1902
				http_cmd(conn, "Accept: %s", p);
1903
		} else {
1904
			http_cmd(conn, "Accept: */*");
1905
		}
1906
		if ((p = getenv("HTTP_REFERER")) != NULL && *p != '\0') {
1907
			if (strcasecmp(p, "auto") == 0)
1908
				http_cmd(conn, "Referer: %s://%s%s",
1909
				    url->scheme, host, url->doc);
1910
			else
1911
				http_cmd(conn, "Referer: %s", p);
1912
		}
1913
		if ((p = getenv("HTTP_USER_AGENT")) != NULL) {
1914
			/* no User-Agent if defined but empty */
1915
			if  (*p != '\0')
1916
				http_cmd(conn, "User-Agent: %s", p);
1917
		} else {
1918
			/* default User-Agent */
1919
			http_cmd(conn, "User-Agent: %s " _LIBFETCH_VER,
1920
			    getprogname());
1921
		}
1922
		if (url->offset > 0)
1923
			http_cmd(conn, "Range: bytes=%lld-", (long long)url->offset);
1924

1925
		/* custom headers from the API and environment */
1926
		if (fetchCustomHTTPHeaders != NULL)
1927
			http_custom_headers(conn, fetchCustomHTTPHeaders);
1928
		if ((p = getenv("HTTP_HEADERS")) != NULL && *p != '\0')
1929
			http_custom_headers(conn, p);
1930

1931
		if (body) {
1932
			body_len = strlen(body);
1933
			http_cmd(conn, "Content-Length: %zu", body_len);
1934
			if (content_type != NULL)
1935
				http_cmd(conn, "Content-Type: %s", content_type);
1936
		}
1937

1938
		http_cmd(conn, "");
1939

1940
		if (body)
1941
			fetch_write(conn, body, body_len);
1942

1943
		/*
1944
		 * Force the queued request to be dispatched.  Normally, one
1945
		 * would do this with shutdown(2) but squid proxies can be
1946
		 * configured to disallow such half-closed connections.  To
1947
		 * be compatible with such configurations, fiddle with socket
1948
		 * options to force the pending data to be written.
1949
		 */
1950
		val = 0;
1951
#ifdef TCP_NOPUSH
1952
		setsockopt(conn->sd, IPPROTO_TCP, TCP_NOPUSH, &val,
1953
			   sizeof(val));
1954
#endif
1955
		val = 1;
1956
		setsockopt(conn->sd, IPPROTO_TCP, TCP_NODELAY, &val,
1957
			   sizeof(val));
1958

1959
		/* get reply */
1960
		switch (http_get_reply(conn)) {
1961
		case HTTP_OK:
1962
		case HTTP_PARTIAL:
1963
		case HTTP_NOT_MODIFIED:
1964
			/* fine */
1965
			break;
1966
		case HTTP_MOVED_PERM:
1967
		case HTTP_MOVED_TEMP:
1968
		case HTTP_TEMP_REDIRECT:
1969
		case HTTP_PERM_REDIRECT:
1970
		case HTTP_SEE_OTHER:
1971
		case HTTP_USE_PROXY:
1972
			/*
1973
			 * Not so fine, but we still have to read the
1974
			 * headers to get the new location.
1975
			 */
1976
			break;
1977
		case HTTP_NEED_AUTH:
1978
			if (server_challenges.valid) {
1979
				/*
1980
				 * We already sent out authorization code,
1981
				 * so there's nothing more we can do.
1982
				 */
1983
				http_seterr(conn->err);
1984
				goto ouch;
1985
			}
1986
			/* try again, but send the password this time */
1987
			if (verbose)
1988
				fetch_info("server requires authorization");
1989
			break;
1990
		case HTTP_NEED_PROXY_AUTH:
1991
			if (proxy_challenges.valid) {
1992
				/*
1993
				 * We already sent our proxy
1994
				 * authorization code, so there's
1995
				 * nothing more we can do. */
1996
				http_seterr(conn->err);
1997
				goto ouch;
1998
			}
1999
			/* try again, but send the password this time */
2000
			if (verbose)
2001
				fetch_info("proxy requires authorization");
2002
			break;
2003
		case HTTP_BAD_RANGE:
2004
			/*
2005
			 * This can happen if we ask for 0 bytes because
2006
			 * we already have the whole file.  Consider this
2007
			 * a success for now, and check sizes later.
2008
			 */
2009
			break;
2010
		case HTTP_PROTOCOL_ERROR:
2011
			/* fall through */
2012
		case -1:
2013
			/*
2014
			 * If we got this connection from the cache, the
2015
			 * server may have closed it while idle.  Retry
2016
			 * once with a fresh connection.
2017
			 */
2018
			if (from_cache) {
2019
				if (verbose)
2020
					fetch_info("stale cached connection, "
2021
					    "retrying");
2022
				fetch_close(conn);
2023
				conn = NULL;
2024
				from_cache = 0;
2025
				continue;
2026
			}
2027
			fetch_syserr();
2028
			goto ouch;
2029
		default:
2030
			http_seterr(conn->err);
2031
			if (!verbose)
2032
				goto ouch;
2033
			/* fall through so we can get the full error message */
2034
		}
2035

2036
		/* get headers. http_next_header expects one line readahead */
2037
		if (fetch_getln(conn) == -1) {
2038
			fetch_syserr();
2039
			goto ouch;
2040
		}
2041
		do {
2042
			switch ((h = http_next_header(conn, &headerbuf, &p))) {
2043
			case hdr_syserror:
2044
				fetch_syserr();
2045
				goto ouch;
2046
			case hdr_error:
2047
				http_seterr(HTTP_PROTOCOL_ERROR);
2048
				goto ouch;
2049
			case hdr_content_length:
2050
				http_parse_length(p, &clength);
2051
				break;
2052
			case hdr_content_range:
2053
				http_parse_range(p, &offset, &length, &size);
2054
				break;
2055
			case hdr_last_modified:
2056
				http_parse_mtime(p, &mtime);
2057
				break;
2058
			case hdr_location:
2059
				if (!HTTP_REDIRECT(conn->err))
2060
					break;
2061
				/*
2062
				 * if the A flag is set, we don't follow
2063
				 * temporary redirects.
2064
				 */
2065
				if (noredirect &&
2066
				    conn->err != HTTP_MOVED_PERM &&
2067
				    conn->err != HTTP_PERM_REDIRECT &&
2068
				    conn->err != HTTP_USE_PROXY) {
2069
					n = 1;
2070
					break;
2071
				}
2072
				if (new)
2073
					free(new);
2074
				if (verbose)
2075
					fetch_info("%d redirect to %s",
2076
					    conn->err, p);
2077
				if (*p == '/')
2078
					/* absolute path */
2079
					new = fetchMakeURL(url->scheme, url->host,
2080
					    url->port, p, url->user, url->pwd);
2081
				else
2082
					new = fetchParseURL(p);
2083
				if (new == NULL) {
2084
					/* XXX should set an error code */
2085
					DEBUGF("failed to parse new URL\n");
2086
					goto ouch;
2087
				}
2088

2089
				/* Only copy credentials if the host matches */
2090
				if (strcmp(new->host, url->host) == 0 &&
2091
				    !*new->user && !*new->pwd) {
2092
					strcpy(new->user, url->user);
2093
					strcpy(new->pwd, url->pwd);
2094
				}
2095
				new->offset = url->offset;
2096
				new->length = url->length;
2097
				new->ims_time = url->ims_time;
2098
				break;
2099
			case hdr_transfer_encoding:
2100
				/* XXX weak test*/
2101
				chunked = (strcasecmp(p, "chunked") == 0);
2102
				break;
2103
			case hdr_www_authenticate:
2104
				if (conn->err != HTTP_NEED_AUTH)
2105
					break;
2106
				if (http_parse_authenticate(p, &server_challenges) == 0)
2107
					++n;
2108
				break;
2109
			case hdr_proxy_authenticate:
2110
				if (conn->err != HTTP_NEED_PROXY_AUTH)
2111
					break;
2112
				if (http_parse_authenticate(p, &proxy_challenges) == 0)
2113
					++n;
2114
				break;
2115
			case hdr_connection:
2116
				if (strcasecmp(p, "close") == 0)
2117
					conn_close = 1;
2118
				break;
2119
			case hdr_end:
2120
				/* fall through */
2121
			case hdr_unknown:
2122
				/* ignore */
2123
				break;
2124
			}
2125
		} while (h > hdr_end);
2126

2127
		/* we need to provide authentication */
2128
		if (conn->err == HTTP_NEED_AUTH ||
2129
		    conn->err == HTTP_NEED_PROXY_AUTH) {
2130
			e = conn->err;
2131
			if ((conn->err == HTTP_NEED_AUTH &&
2132
			     !server_challenges.valid) ||
2133
			    (conn->err == HTTP_NEED_PROXY_AUTH &&
2134
			     !proxy_challenges.valid)) {
2135
				/* 401/7 but no www/proxy-authenticate ?? */
2136
				DEBUGF("%03d without auth header\n", conn->err);
2137
				goto ouch;
2138
			}
2139
			fetch_close(conn);
2140
			conn = NULL;
2141
			continue;
2142
		}
2143

2144
		/* requested range not satisfiable */
2145
		if (conn->err == HTTP_BAD_RANGE) {
2146
			if (url->offset > 0 && url->length == 0) {
2147
				/* asked for 0 bytes; fake it */
2148
				offset = url->offset;
2149
				clength = -1;
2150
				conn->err = HTTP_OK;
2151
				break;
2152
			} else {
2153
				http_seterr(conn->err);
2154
				goto ouch;
2155
			}
2156
		}
2157

2158
		/* we have a hit or an error */
2159
		if (conn->err == HTTP_OK
2160
		    || conn->err == HTTP_NOT_MODIFIED
2161
		    || conn->err == HTTP_PARTIAL
2162
		    || HTTP_ERROR(conn->err))
2163
			break;
2164

2165
		/* all other cases: we got a redirect */
2166
		e = conn->err;
2167
		clean_http_auth_challenges(&server_challenges);
2168
		fetch_close(conn);
2169
		conn = NULL;
2170
		if (!new) {
2171
			DEBUGF("redirect with no new location\n");
2172
			break;
2173
		}
2174
		if (url != URL)
2175
			fetchFreeURL(url);
2176
		url = new;
2177
	} while (++i < n);
2178

2179
	/* we failed, or ran out of retries */
2180
	if (conn == NULL) {
2181
		http_seterr(e);
2182
		goto ouch;
2183
	}
2184

2185
	DEBUGF("offset %lld, length %lld, size %lld, clength %lld\n",
2186
	    (long long)offset, (long long)length,
2187
	    (long long)size, (long long)clength);
2188

2189
	if (conn->err == HTTP_NOT_MODIFIED) {
2190
		http_seterr(HTTP_NOT_MODIFIED);
2191
		return (NULL);
2192
	}
2193

2194
	/* check for inconsistencies */
2195
	if (clength != -1 && length != -1 && clength != length) {
2196
		http_seterr(HTTP_PROTOCOL_ERROR);
2197
		goto ouch;
2198
	}
2199
	if (clength == -1)
2200
		clength = length;
2201
	if (clength != -1)
2202
		length = offset + clength;
2203
	if (length != -1 && size != -1 && length != size) {
2204
		http_seterr(HTTP_PROTOCOL_ERROR);
2205
		goto ouch;
2206
	}
2207
	if (size == -1)
2208
		size = length;
2209

2210
	/* fill in stats */
2211
	if (us) {
2212
		us->size = size;
2213
		us->atime = us->mtime = mtime;
2214
	}
2215

2216
	/* too far? */
2217
	if (URL->offset > 0 && offset > URL->offset) {
2218
		http_seterr(HTTP_PROTOCOL_ERROR);
2219
		goto ouch;
2220
	}
2221

2222
	/* report back real offset and size */
2223
	URL->offset = offset;
2224
	URL->length = clength;
2225

2226
	/* wrap it up in a FILE */
2227
	if ((f = http_funopen(conn, chunked, !conn_close && purl == NULL, clength)) == NULL) {
2228
		fetch_syserr();
2229
		goto ouch;
2230
	}
2231

2232
	if (url != URL)
2233
		fetchFreeURL(url);
2234
	if (purl)
2235
		fetchFreeURL(purl);
2236

2237
	if (HTTP_ERROR(conn->err)) {
2238
		http_print_html(stderr, f);
2239
		fclose(f);
2240
		f = NULL;
2241
	}
2242
	clean_http_headerbuf(&headerbuf);
2243
	clean_http_auth_challenges(&server_challenges);
2244
	clean_http_auth_challenges(&proxy_challenges);
2245
	return (f);
2246

2247
ouch:
2248
	if (url != URL)
2249
		fetchFreeURL(url);
2250
	if (purl)
2251
		fetchFreeURL(purl);
2252
	if (conn != NULL)
2253
		fetch_close(conn);
2254
	clean_http_headerbuf(&headerbuf);
2255
	clean_http_auth_challenges(&server_challenges);
2256
	clean_http_auth_challenges(&proxy_challenges);
2257
	return (NULL);
2258
}
2259

2260

2261
/*****************************************************************************
2262
 * Entry points
2263
 */
2264

2265
/*
2266
 * Retrieve and stat a file by HTTP
2267
 */
2268
FILE *
2269
fetchXGetHTTP(struct url *URL, struct url_stat *us, const char *flags)
2270
{
2271
	return (http_request(URL, "GET", us, http_get_proxy(URL, flags), flags));
2272
}
2273

2274
/*
2275
 * Retrieve a file by HTTP
2276
 */
2277
FILE *
2278
fetchGetHTTP(struct url *URL, const char *flags)
2279
{
2280
	return (fetchXGetHTTP(URL, NULL, flags));
2281
}
2282

2283
/*
2284
 * Store a file by HTTP
2285
 */
2286
FILE *
2287
fetchPutHTTP(struct url *URL __unused, const char *flags __unused)
2288
{
2289
	warnx("fetchPutHTTP(): not implemented");
2290
	return (NULL);
2291
}
2292

2293
/*
2294
 * Get an HTTP document's metadata
2295
 */
2296
int
2297
fetchStatHTTP(struct url *URL, struct url_stat *us, const char *flags)
2298
{
2299
	FILE *f;
2300

2301
	f = http_request(URL, "HEAD", us, http_get_proxy(URL, flags), flags);
2302
	if (f == NULL)
2303
		return (-1);
2304
	fclose(f);
2305
	return (0);
2306
}
2307

2308
/*
2309
 * List a directory
2310
 */
2311
struct url_ent *
2312
fetchListHTTP(struct url *url __unused, const char *flags __unused)
2313
{
2314
	warnx("fetchListHTTP(): not implemented");
2315
	return (NULL);
2316
}
2317

2318
/*
2319
 * Arbitrary HTTP verb and content requests
2320
 */
2321
FILE *
2322
fetchReqHTTP(struct url *URL, const char *method, const char *flags,
2323
	const char *content_type, const char *body)
2324
{
2325

2326
	return (http_request_body(URL, method, NULL, http_get_proxy(URL, flags),
2327
	    flags, content_type, body));
2328
}
2329

2330