d7/d59/XrdHttpUtils_8cc_source.html

//------------------------------------------------------------------------------

// This file is part of XrdHTTP: A pragmatic implementation of the

// HTTP/WebDAV protocol for the Xrootd framework

//

// Copyright (c) 2013 by European Organization for Nuclear Research (CERN)

// Author: Fabrizio Furano <furano@cern.ch>

// File Date: Apr 2013

//------------------------------------------------------------------------------

// XRootD is free software: you can redistribute it and/or modify

// it under the terms of the GNU Lesser General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.

//

// XRootD is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU General Public License for more details.

//

// You should have received a copy of the GNU Lesser General Public License

// along with XRootD.  If not, see <http://www.gnu.org/licenses/>.

//------------------------------------------------------------------------------


#include "XrdHttpUtils.hh"


#include <cstring>

#include <openssl/hmac.h>

#include <openssl/bio.h>

#include <openssl/buffer.h>

#include <openssl/err.h>

#include <openssl/ssl.h>


#include <pthread.h>

#include <memory>

#include <vector>

#include <algorithm>


#include "XProtocol/XPtypes.hh"

#include "XrdSec/XrdSecEntity.hh"

# include "sys/param.h"

#include "XrdOuc/XrdOucString.hh"


#if OPENSSL_VERSION_NUMBER < 0x10100000L


static HMAC_CTX* HMAC_CTX_new() {

  HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));

  if (ctx) HMAC_CTX_init(ctx);

  return ctx;

}


static void HMAC_CTX_free(HMAC_CTX *ctx) {

  if (ctx) {

    HMAC_CTX_cleanup(ctx);

    OPENSSL_free(ctx);

  }

}


#endif


// GetHost from URL

// Parse an URL and extract the host name and port

// Return 0 if OK


int parseURL(char *url, char *host, int &port, char **path) {

  // http://x.y.z.w:p/path


  *path = 0;


  // look for the second slash

  char *p = strstr(url, "//");

  if (!p) return -1;


  p += 2;


  // look for the end of the host:port

  char *p2 = strchr(p, '/');

  if (!p2) return -1;


  *path = p2;


  char buf[256];

  int l = std::min((int)(p2 - p), (int)sizeof (buf));

  strncpy(buf, p, l);

  buf[l] = '\0';


  // Now look for :

  p = strchr(buf, ':');

  if (p) {

    int l = std::min((int)(p - buf), (int)sizeof (buf));

    strncpy(host, buf, l);

    host[l] = '\0';


    port = atoi(p + 1);

  } else {

    port = 0;


    strcpy(host, buf);

  }


  return 0;

}


// Encode an array of bytes to base64


void Tobase64(const unsigned char *input, int length, char *out) {

  BIO *bmem, *b64;

  BUF_MEM *bptr;


  if (!out) return;


  out[0] = '\0';


  b64 = BIO_new(BIO_f_base64());

  BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);

  bmem = BIO_new(BIO_s_mem());

  BIO_push(b64, bmem);

  BIO_write(b64, input, length);


  if (BIO_flush(b64) <= 0) {

    BIO_free_all(b64);

    return;

  }


  BIO_get_mem_ptr(b64, &bptr);


  memcpy(out, bptr->data, bptr->length);

  out[bptr->length] = '\0';


  BIO_free_all(b64);


  return;

}


static int


char_to_int(int c)

{

  if (isdigit(c)) {

    return c - '0';

  } else {

    c = tolower(c);

    if (c >= 'a' && c <= 'f') {

      return c - 'a' + 10;

    }

    return -1;

  }

}


// Decode a hex digest array to raw bytes.

//


bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out) {

  for (int idx=0; idx < length; idx += 2) {

    int upper =  char_to_int(input[idx]);

    int lower =  char_to_int(input[idx+1]);

    if ((upper < 0) || (lower < 0)) {

      return false;

    }

    out[idx/2] = (upper << 4) + lower;

  }

  return true;

}


// Simple itoa function


std::string itos(long i) {

  char buf[128];

  sprintf(buf, "%ld", i);


  return buf;

}


// Home made implementation of strchrnul


char *mystrchrnul(const char *s, int c) {

  char *ptr = strchr((char *)s, c);


  if (!ptr)

    return strchr((char *)s, '\0');


  return ptr;

}


// Calculates the opaque arguments hash, needed for a secure redirection

//

// - hash is a string that will be filled with the hash

//

// - fn: the original filename that was requested

// - dhost: target redirection hostname

// - client: address:port of the client

// - tim: creation time of the url

// - tim_grace: validity time before and after creation time

//

// Input for the key (simple shared secret)

// - key

// - key length

//


void calcHashes(

        char *hash,


        const char *fn,


        kXR_int16 request,


        XrdSecEntity *secent,


        time_t tim,


        const char *key) {


#if OPENSSL_VERSION_NUMBER >= 0x30000000L

  EVP_MAC *mac;

  EVP_MAC_CTX *ctx;

  size_t len;

#else

  HMAC_CTX *ctx;

  unsigned int len;

#endif

  unsigned char mdbuf[EVP_MAX_MD_SIZE];

  char buf[64];

  struct tm tms;


  if (!hash) {

    return;

  }

  hash[0] = '\0';


  if (!key) {

    return;

  }


  if (!fn || !secent) {

    return;

  }


#if OPENSSL_VERSION_NUMBER >= 0x30000000L


  mac = EVP_MAC_fetch(0, "sha256", 0);

  ctx = EVP_MAC_CTX_new(mac);


  if (!ctx) {

     return;

  }


  EVP_MAC_init(ctx, (const unsigned char *) key, strlen(key), 0);


  if (fn)

    EVP_MAC_update(ctx, (const unsigned char *) fn,

          strlen(fn) + 1);


  EVP_MAC_update(ctx, (const unsigned char *) &request,

          sizeof (request));


  if (secent->name)

    EVP_MAC_update(ctx, (const unsigned char *) secent->name,

          strlen(secent->name) + 1);


  if (secent->vorg)

    EVP_MAC_update(ctx, (const unsigned char *) secent->vorg,

          strlen(secent->vorg) + 1);


  if (secent->host)

    EVP_MAC_update(ctx, (const unsigned char *) secent->host,

          strlen(secent->host) + 1);


  if (secent->moninfo)

    EVP_MAC_update(ctx, (const unsigned char *) secent->moninfo,

          strlen(secent->moninfo) + 1);


  localtime_r(&tim, &tms);

  strftime(buf, sizeof (buf), "%s", &tms);

  EVP_MAC_update(ctx, (const unsigned char *) buf,

          strlen(buf) + 1);


  EVP_MAC_final(ctx, mdbuf, &len, EVP_MAX_MD_SIZE);


  EVP_MAC_CTX_free(ctx);

  EVP_MAC_free(mac);


#else


  ctx = HMAC_CTX_new();


  if (!ctx) {

    return;

  }


  HMAC_Init_ex(ctx, (const void *) key, strlen(key), EVP_sha256(), 0);


  if (fn)

    HMAC_Update(ctx, (const unsigned char *) fn,

          strlen(fn) + 1);


  HMAC_Update(ctx, (const unsigned char *) &request,

          sizeof (request));


  if (secent->name)

    HMAC_Update(ctx, (const unsigned char *) secent->name,

          strlen(secent->name) + 1);


  if (secent->vorg)

    HMAC_Update(ctx, (const unsigned char *) secent->vorg,

          strlen(secent->vorg) + 1);


  if (secent->host)

    HMAC_Update(ctx, (const unsigned char *) secent->host,

          strlen(secent->host) + 1);


  if (secent->moninfo)

    HMAC_Update(ctx, (const unsigned char *) secent->moninfo,

          strlen(secent->moninfo) + 1);


  localtime_r(&tim, &tms);

  strftime(buf, sizeof (buf), "%s", &tms);

  HMAC_Update(ctx, (const unsigned char *) buf,

          strlen(buf) + 1);


  HMAC_Final(ctx, mdbuf, &len);


  HMAC_CTX_free(ctx);


#endif


  Tobase64(mdbuf, len / 2, hash);

}


int compareHash(

        const char *h1,

        const char *h2) {


  if (h1 == h2) return 0;


  if (!h1 || !h2)

    return 1;


  return strcmp(h1, h2);


}


// unquote a string and return a new one


char *unquote(char *str) {

  int l = strlen(str);

  char *r = (char *) malloc(l + 1);

  r[0] = '\0';

  int i, j = 0;


  for (i = 0; i < l; i++) {


    if (str[i] == '%') {

      char savec = str[i + 3];

      str[i + 3] = '\0';


      r[j] = strtol(str + i + 1, 0, 16);

      str[i + 3] = savec;


      i += 2;

    } else r[j] = str[i];


    j++;

  }


  r[j] = '\0';


  return r;


}


// Quote a string and return a new one


char *quote(const char *str) {

  int l = strlen(str);

  char *r = (char *) malloc(l*3 + 1);

  r[0] = '\0';

  int i, j = 0;


  for (i = 0; i < l; i++) {

    char c = str[i];


    switch (c) {

      case ' ':

        strcpy(r + j, "%20");

        j += 3;

        break;

      case '[':

        strcpy(r + j, "%5B");

        j += 3;

        break;

      case ']':

        strcpy(r + j, "%5D");

        j += 3;

        break;

      case ':':

        strcpy(r + j, "%3A");

        j += 3;

        break;

      // case '/':

      //   strcpy(r + j, "%2F");

      //   j += 3;

      //   break;

      case '#':

         strcpy(r + j, "%23");

         j += 3;

         break;

      case '\n':

        strcpy(r + j, "%0A");

        j += 3;

        break;

      case '\r':

        strcpy(r + j, "%0D");

        j += 3;

        break;

      case '=':

        strcpy(r + j, "%3D");

        j += 3;

        break;

      default:

        r[j++] = c;

    }

  }


  r[j] = '\0';


  return r;

}


// Escape a string and return a new one


char *escapeXML(const char *str) {

  int l = strlen(str);

  char *r = (char *) malloc(l*6 + 1);

  r[0] = '\0';

  int i, j = 0;


  for (i = 0; i < l; i++) {

    char c = str[i];


    switch (c) {

      case '"':

        strcpy(r + j, "&quot;");

        j += 6;

        break;

      case '&':

        strcpy(r + j, "&amp;");

        j += 5;

        break;

      case '<':

        strcpy(r + j, "&lt;");

        j += 4;

        break;

      case '>':

        strcpy(r + j, "&gt;");

        j += 4;

        break;

      case '\'':

        strcpy(r + j, "&apos;");

        j += 6;

        break;


      default:

        r[j++] = c;

    }

  }


  r[j] = '\0';


  return r;

}


int mapErrNoToHttp(int errNo) {


  switch (errNo) {


    case EACCES:

    case EROFS:

      return HTTP_FORBIDDEN;


    case EPERM:

      return HTTP_UNAUTHORIZED;


    case ENOENT:

      return HTTP_NOT_FOUND;


    case EEXIST:

    case ENOTEMPTY:

      return HTTP_CONFLICT;


    case ENOTDIR:

    case EISDIR:

    case EXDEV:

      return HTTP_UNPROCESSABLE_ENTITY;


    case ENAMETOOLONG:

      return HTTP_URI_TOO_LONG;


    case ELOOP:

      return HTTP_LOOP_DETECTED;


    case ENOSPC:

    case EDQUOT:

      return HTTP_INSUFFICIENT_STORAGE;


    case EFBIG:

      return HTTP_PAYLOAD_TOO_LARGE;


    case EINVAL:

    case EBADF:

    case EFAULT:

    case ENXIO:

    case ESPIPE:

    case ENODEV:

    case EOVERFLOW:

      return HTTP_BAD_REQUEST;


    case ENOTSUP: // EOPNOTSUPP

      return HTTP_NOT_IMPLEMENTED;


    case EBUSY:

    case EAGAIN:

    case EINTR:

    case ENOMEM:

    case EMFILE:

    case ENFILE:

    case ETXTBSY:

      return HTTP_SERVICE_UNAVAILABLE;


    case ETIMEDOUT:

      return HTTP_GATEWAY_TIMEOUT;


    case ECONNREFUSED:

    case ECONNRESET:

    case ENETDOWN:

    case ENETUNREACH:

    case EHOSTUNREACH:

    case EPIPE:

      return HTTP_BAD_GATEWAY;


    default:

      return HTTP_INTERNAL_SERVER_ERROR;

  }

}


std::string httpStatusToString(int status) {

  switch (status) {

    // 1xx Informational

    case 100: return "Continue";

    case 101: return "Switching Protocols";

    case 102: return "Processing";

    case 103: return "Early Hints";


    // 2xx Success

    case 200: return "OK";

    case 201: return "Created";

    case 202: return "Accepted";

    case 203: return "Non-Authoritative Information";

    case 204: return "No Content";

    case 205: return "Reset Content";

    case 206: return "Partial Content";

    case 207: return "Multi-Status";

    case 208: return "Already Reported";

    case 226: return "IM Used";


    // 3xx Redirection

    case 300: return "Multiple Choices";

    case 301: return "Moved Permanently";

    case 302: return "Found";

    case 303: return "See Other";

    case 304: return "Not Modified";

    case 305: return "Use Proxy";

    case 307: return "Temporary Redirect";

    case 308: return "Permanent Redirect";


    // 4xx Client Errors

    case 400: return "Bad Request";

    case 401: return "Unauthorized";

    case 402: return "Payment Required";

    case 403: return "Forbidden";

    case 404: return "Not Found";

    case 405: return "Method Not Allowed";

    case 406: return "Not Acceptable";

    case 407: return "Proxy Authentication Required";

    case 408: return "Request Timeout";

    case 409: return "Conflict";

    case 410: return "Gone";

    case 411: return "Length Required";

    case 412: return "Precondition Failed";

    case 413: return "Payload Too Large";

    case 414: return "URI Too Long";

    case 415: return "Unsupported Media Type";

    case 416: return "Range Not Satisfiable";

    case 417: return "Expectation Failed";

    case 418: return "I'm a teapot";

    case 421: return "Misdirected Request";

    case 422: return "Unprocessable Entity";

    case 423: return "Locked";

    case 424: return "Failed Dependency";

    case 425: return "Too Early";

    case 426: return "Upgrade Required";

    case 428: return "Precondition Required";

    case 429: return "Too Many Requests";

    case 431: return "Request Header Fields Too Large";

    case 451: return "Unavailable For Legal Reasons";


    // 5xx Server Errors

    case 500: return "Internal Server Error";

    case 501: return "Not Implemented";

    case 502: return "Bad Gateway";

    case 503: return "Service Unavailable";

    case 504: return "Gateway Timeout";

    case 505: return "HTTP Version Not Supported";

    case 506: return "Variant Also Negotiates";

    case 507: return "Insufficient Storage";

    case 508: return "Loop Detected";

    case 510: return "Not Extended";

    case 511: return "Network Authentication Required";


    default:

      switch (status) {

        case 100 ... 199: return "Informational";

        case 200 ... 299: return "Success";

        case 300 ... 399: return "Redirection";

        case 400 ... 499: return "Client Error";

        case 500 ... 599: return "Server Error";

        default: return "Unknown";

      }

  }

}


XPtypes.hh

kXR_int16
short kXR_int16
Definition XPtypes.hh:66

BIO_set_flags
void BIO_set_flags(BIO *bio, int flags)
Definition XrdHttpProtocol.cc:179

parseURL
int parseURL(char *url, char *host, int &port, char **path)
Definition XrdHttpUtils.cc:78

itos
std::string itos(long i)
Definition XrdHttpUtils.cc:184

Tobase64
void Tobase64(const unsigned char *input, int length, char *out)
Definition XrdHttpUtils.cc:122

compareHash
int compareHash(const char *h1, const char *h2)
Definition XrdHttpUtils.cc:356

HMAC_CTX_new
static HMAC_CTX * HMAC_CTX_new()
Definition XrdHttpUtils.cc:60

Fromhexdigest
bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out)
Definition XrdHttpUtils.cc:170

unquote
char * unquote(char *str)
Definition XrdHttpUtils.cc:371

quote
char * quote(const char *str)
Definition XrdHttpUtils.cc:400

escapeXML
char * escapeXML(const char *str)
Definition XrdHttpUtils.cc:459

char_to_int
static int char_to_int(int c)
Definition XrdHttpUtils.cc:154

mapErrNoToHttp
int mapErrNoToHttp(int errNo)
Definition XrdHttpUtils.cc:500

mystrchrnul
char * mystrchrnul(const char *s, int c)
Definition XrdHttpUtils.cc:194

HMAC_CTX_free
static void HMAC_CTX_free(HMAC_CTX *ctx)
Definition XrdHttpUtils.cc:66

calcHashes
void calcHashes(char *hash, const char *fn, kXR_int16 request, XrdSecEntity *secent, time_t tim, const char *key)
Definition XrdHttpUtils.cc:220

httpStatusToString
std::string httpStatusToString(int status)
Definition XrdHttpUtils.cc:573

XrdHttpUtils.hh
Utility functions for XrdHTTP.

HTTP_INSUFFICIENT_STORAGE
@ HTTP_INSUFFICIENT_STORAGE
Definition XrdHttpUtils.hh:118

HTTP_BAD_REQUEST
@ HTTP_BAD_REQUEST
Definition XrdHttpUtils.hh:80

HTTP_LOOP_DETECTED
@ HTTP_LOOP_DETECTED
Definition XrdHttpUtils.hh:119

HTTP_SERVICE_UNAVAILABLE
@ HTTP_SERVICE_UNAVAILABLE
Definition XrdHttpUtils.hh:114

HTTP_URI_TOO_LONG
@ HTTP_URI_TOO_LONG
Definition XrdHttpUtils.hh:94

HTTP_UNAUTHORIZED
@ HTTP_UNAUTHORIZED
Definition XrdHttpUtils.hh:81

HTTP_NOT_FOUND
@ HTTP_NOT_FOUND
Definition XrdHttpUtils.hh:84

HTTP_FORBIDDEN
@ HTTP_FORBIDDEN
Definition XrdHttpUtils.hh:83

HTTP_BAD_GATEWAY
@ HTTP_BAD_GATEWAY
Definition XrdHttpUtils.hh:113

HTTP_GATEWAY_TIMEOUT
@ HTTP_GATEWAY_TIMEOUT
Definition XrdHttpUtils.hh:115

HTTP_INTERNAL_SERVER_ERROR
@ HTTP_INTERNAL_SERVER_ERROR
Definition XrdHttpUtils.hh:111

HTTP_PAYLOAD_TOO_LARGE
@ HTTP_PAYLOAD_TOO_LARGE
Definition XrdHttpUtils.hh:93

HTTP_NOT_IMPLEMENTED
@ HTTP_NOT_IMPLEMENTED
Definition XrdHttpUtils.hh:112

HTTP_UNPROCESSABLE_ENTITY
@ HTTP_UNPROCESSABLE_ENTITY
Definition XrdHttpUtils.hh:100

HTTP_CONFLICT
@ HTTP_CONFLICT
Definition XrdHttpUtils.hh:89

XrdOucString.hh

XrdSecEntity.hh

XrdSecEntity
Definition XrdSecEntity.hh:65

XrdSecEntity::vorg
char * vorg
Entity's virtual organization(s)
Definition XrdSecEntity.hh:71

XrdSecEntity::name
char * name
Entity's name.
Definition XrdSecEntity.hh:69

XrdSecEntity::moninfo
char * moninfo
Information for monitoring.
Definition XrdSecEntity.hh:76

XrdSecEntity::host
char * host
Entity's host name dnr dependent.
Definition XrdSecEntity.hh:70