1 /* 2 * Private HTTP definitions for CUPS. 3 * 4 * Copyright © 2020-2025 by OpenPrinting. 5 * Copyright 2007-2018 by Apple Inc. 6 * Copyright 1997-2007 by Easy Software Products, all rights reserved. 7 * 8 * Licensed under Apache License v2.0. See the file "LICENSE" for more 9 * information. 10 */ 11 12 #ifndef _CUPS_HTTP_PRIVATE_H_ 13 # define _CUPS_HTTP_PRIVATE_H_ 14 15 /* 16 * Include necessary headers... 17 */ 18 19 # include "config.h" 20 # include <cups/language.h> 21 # include <stddef.h> 22 # include <stdlib.h> 23 24 # ifdef __sun 25 # include <sys/select.h> 26 # endif /* __sun */ 27 28 # include <limits.h> 29 # ifdef _WIN32 30 # define _WINSOCK_DEPRECATED_NO_WARNINGS 1 31 # include <io.h> 32 # include <winsock2.h> 33 # define CUPS_SOCAST (const char *) 34 # else 35 # include <unistd.h> 36 # include <fcntl.h> 37 # include <sys/socket.h> 38 # define CUPS_SOCAST 39 # endif /* _WIN32 */ 40 41 # ifdef HAVE_GSSAPI 42 # ifdef HAVE_GSS_GSSAPI_H 43 # include <GSS/gssapi.h> 44 # elif defined(HAVE_GSSAPI_GSSAPI_H) 45 # include <gssapi/gssapi.h> 46 # elif defined(HAVE_GSSAPI_H) 47 # include <gssapi.h> 48 # endif /* HAVE_GSS_GSSAPI_H */ 49 # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE 50 # define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name 51 # endif /* !HAVE_GSS_C_NT_HOSTBASED_SERVICE */ 52 # endif /* HAVE_GSSAPI */ 53 54 # ifdef HAVE_AUTHORIZATION_H 55 # include <Security/Authorization.h> 56 # endif /* HAVE_AUTHORIZATION_H */ 57 58 # if defined(__APPLE__) && !defined(_SOCKLEN_T) 59 /* 60 * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of 61 * unsigned type for length values... 62 */ 63 64 typedef int socklen_t; 65 # endif /* __APPLE__ && !_SOCKLEN_T */ 66 67 # include <cups/http.h> 68 # include "ipp-private.h" 69 70 # ifdef HAVE_OPENSSL 71 # include <openssl/err.h> 72 # include <openssl/rand.h> 73 # include <openssl/ssl.h> 74 # elif defined(HAVE_GNUTLS) 75 # include <gnutls/gnutls.h> 76 # include <gnutls/x509.h> 77 # elif defined(HAVE_CDSASSL) 78 # include <CoreFoundation/CoreFoundation.h> 79 # include <Security/Security.h> 80 # include <Security/SecureTransport.h> 81 # ifdef HAVE_SECITEM_H 82 # include <Security/SecItem.h> 83 # endif /* HAVE_SECITEM_H */ 84 # ifdef HAVE_SECCERTIFICATE_H 85 # include <Security/SecCertificate.h> 86 # include <Security/SecIdentity.h> 87 # endif /* HAVE_SECCERTIFICATE_H */ 88 # elif defined(HAVE_SSPISSL) 89 # include <wincrypt.h> 90 # include <wintrust.h> 91 # include <schannel.h> 92 # define SECURITY_WIN32 93 # include <security.h> 94 # include <sspi.h> 95 # endif /* HAVE_OPENSSL */ 96 97 # ifndef _WIN32 98 # include <net/if.h> 99 # include <resolv.h> 100 # ifdef HAVE_GETIFADDRS 101 # include <ifaddrs.h> 102 # else 103 # include <sys/ioctl.h> 104 # ifdef HAVE_SYS_SOCKIO_H 105 # include <sys/sockio.h> 106 # endif /* HAVE_SYS_SOCKIO_H */ 107 # endif /* HAVE_GETIFADDRS */ 108 # endif /* !_WIN32 */ 109 110 111 /* 112 * C++ magic... 113 */ 114 115 # ifdef __cplusplus 116 extern "C" { 117 # endif /* __cplusplus */ 118 119 120 /* 121 * Constants... 122 */ 123 124 # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ 125 # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ 126 # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ 127 # define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */ 128 # define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */ 129 130 # define _HTTP_TLS_NONE 0 /* No TLS options */ 131 # define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */ 132 # define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */ 133 # define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */ 134 # define _HTTP_TLS_NO_SYSTEM 8 /* No system crypto policy */ 135 # define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */ 136 137 # define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */ 138 # define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */ 139 # define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */ 140 # define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */ 141 # define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */ 142 # define _HTTP_TLS_MAX 5 /* Highest known TLS version */ 143 144 145 /* 146 * Types and functions for SSL support... 147 */ 148 149 # ifdef HAVE_OPENSSL 150 typedef SSL *http_tls_t; 151 typedef X509 *http_tls_credentials_t; 152 153 # elif defined(HAVE_GNUTLS) 154 typedef gnutls_session_t http_tls_t; 155 typedef gnutls_certificate_credentials_t *http_tls_credentials_t; 156 157 # elif defined(HAVE_CDSASSL) 158 /* 159 * Darwin's Security framework provides its own SSL/TLS context structure 160 * for its IO and protocol management... 161 */ 162 163 typedef SSLContextRef http_tls_t; 164 typedef CFArrayRef http_tls_credentials_t; 165 166 # elif defined(HAVE_SSPISSL) 167 /* 168 * Windows' SSPI library gets a CUPS wrapper... 169 */ 170 171 typedef struct _http_sspi_s /**** SSPI/SSL data structure ****/ 172 { 173 CredHandle creds; /* Credentials */ 174 CtxtHandle context; /* SSL context */ 175 BOOL contextInitialized; /* Is context init'd? */ 176 SecPkgContext_StreamSizes streamSizes;/* SSL data stream sizes */ 177 BYTE *decryptBuffer; /* Data pre-decryption*/ 178 size_t decryptBufferLength; /* Length of decrypt buffer */ 179 size_t decryptBufferUsed; /* Bytes used in buffer */ 180 BYTE *readBuffer; /* Data post-decryption */ 181 int readBufferLength; /* Length of read buffer */ 182 int readBufferUsed; /* Bytes used in buffer */ 183 BYTE *writeBuffer; /* Data pre-encryption */ 184 int writeBufferLength; /* Length of write buffer */ 185 PCCERT_CONTEXT localCert, /* Local certificate */ 186 remoteCert; /* Remote (peer's) certificate */ 187 char error[256]; /* Most recent error message */ 188 } _http_sspi_t; 189 typedef _http_sspi_t *http_tls_t; 190 typedef PCCERT_CONTEXT http_tls_credentials_t; 191 192 # else 193 /* 194 * Otherwise define stub types since we have no SSL support... 195 */ 196 197 typedef void *http_tls_t; 198 typedef void *http_tls_credentials_t; 199 # endif /* HAVE_OPENSSL */ 200 201 typedef enum _http_coding_e /**** HTTP content coding enumeration ****/ 202 { 203 _HTTP_CODING_IDENTITY, /* No content coding */ 204 _HTTP_CODING_GZIP, /* LZ77+gzip decompression */ 205 _HTTP_CODING_DEFLATE, /* LZ77+zlib compression */ 206 _HTTP_CODING_GUNZIP, /* LZ77+gzip decompression */ 207 _HTTP_CODING_INFLATE /* LZ77+zlib decompression */ 208 } _http_coding_t; 209 210 typedef enum _http_mode_e /**** HTTP mode enumeration ****/ 211 { 212 _HTTP_MODE_CLIENT, /* Client connected to server */ 213 _HTTP_MODE_SERVER /* Server connected (accepted) from client */ 214 } _http_mode_t; 215 216 # ifndef _HTTP_NO_PRIVATE 217 struct _http_s /**** HTTP connection structure ****/ 218 { 219 int fd; /* File descriptor for this socket */ 220 int blocking; /* To block or not to block */ 221 int error; /* Last error on read */ 222 time_t activity; /* Time since last read/write */ 223 http_state_t state; /* State of client */ 224 http_status_t status; /* Status of last request */ 225 http_version_t version; /* Protocol version */ 226 http_keepalive_t keep_alive; /* Keep-alive supported? */ 227 struct sockaddr_in _hostaddr; /* Address of connected host (deprecated) */ 228 char hostname[HTTP_MAX_HOST], 229 /* Name of connected host */ 230 _fields[HTTP_FIELD_ACCEPT_ENCODING][HTTP_MAX_VALUE]; 231 /* Field values up to Accept-Encoding (deprecated) */ 232 char *data; /* Pointer to data buffer */ 233 http_encoding_t data_encoding; /* Chunked or not */ 234 int _data_remaining;/* Number of bytes left (deprecated) */ 235 int used; /* Number of bytes used in buffer */ 236 char buffer[HTTP_MAX_BUFFER]; 237 /* Buffer for incoming data */ 238 int _auth_type; /* Authentication in use (deprecated) */ 239 unsigned char _md5_state[88]; /* MD5 state (deprecated) */ 240 char nonce[HTTP_MAX_VALUE]; 241 /* Nonce value */ 242 unsigned nonce_count; /* Nonce count */ 243 http_tls_t tls; /* TLS state information */ 244 http_encryption_t encryption; /* Encryption requirements */ 245 246 /**** New in CUPS 1.1.19 ****/ 247 fd_set *input_set; /* select() set for httpWait() (deprecated) */ 248 http_status_t expect; /* Expect: header */ 249 char *cookie; /* Cookie value(s) */ 250 251 /**** New in CUPS 1.1.20 ****/ 252 char _authstring[HTTP_MAX_VALUE], 253 /* Current Authorization value (deprecated) */ 254 userpass[HTTP_MAX_VALUE]; 255 /* Username:password string */ 256 int digest_tries; /* Number of tries for digest auth */ 257 258 /**** New in CUPS 1.2 ****/ 259 off_t data_remaining; /* Number of bytes left */ 260 http_addr_t *hostaddr; /* Current host address and port */ 261 http_addrlist_t *addrlist; /* List of valid addresses */ 262 char wbuffer[HTTP_MAX_BUFFER]; 263 /* Buffer for outgoing data */ 264 int wused; /* Write buffer bytes used */ 265 266 /**** New in CUPS 1.3 ****/ 267 char *authstring; /* Current Authorization field */ 268 # ifdef HAVE_GSSAPI 269 gss_OID gssmech; /* Authentication mechanism */ 270 gss_ctx_id_t gssctx; /* Authentication context */ 271 gss_name_t gssname; /* Authentication server name */ 272 # endif /* HAVE_GSSAPI */ 273 # ifdef HAVE_AUTHORIZATION_H 274 AuthorizationRef auth_ref; /* Authorization ref */ 275 # endif /* HAVE_AUTHORIZATION_H */ 276 277 /**** New in CUPS 1.5 ****/ 278 http_tls_credentials_t tls_credentials; 279 /* TLS credentials */ 280 http_timeout_cb_t timeout_cb; /* Timeout callback */ 281 void *timeout_data; /* User data pointer */ 282 double timeout_value; /* Timeout in seconds */ 283 int wait_value; /* httpWait value for timeout */ 284 # ifdef HAVE_GSSAPI 285 char gsshost[256]; /* Hostname for Kerberos */ 286 # endif /* HAVE_GSSAPI */ 287 288 /**** New in CUPS 1.7 ****/ 289 int tls_upgrade; /* Non-zero if we are doing an upgrade */ 290 _http_mode_t mode; /* _HTTP_MODE_CLIENT or _HTTP_MODE_SERVER */ 291 # ifdef HAVE_LIBZ 292 _http_coding_t coding; /* _HTTP_CODING_xxx */ 293 void *stream; /* (De)compression stream */ 294 unsigned char *sbuffer; /* (De)compression buffer */ 295 # endif /* HAVE_LIBZ */ 296 297 /**** New in CUPS 2.2.9 ****/ 298 char algorithm[65], /* Algorithm from WWW-Authenticate */ 299 nextnonce[HTTP_MAX_VALUE], 300 /* Next nonce value from Authentication-Info */ 301 opaque[HTTP_MAX_VALUE], 302 /* Opaque value from WWW-Authenticate */ 303 realm[HTTP_MAX_VALUE]; 304 /* Realm from WWW-Authenticate */ 305 306 /**** New in CUPS 2.3 ****/ 307 char *fields[HTTP_FIELD_MAX], 308 /* Allocated field values */ 309 *default_fields[HTTP_FIELD_MAX]; 310 /* Default field values, if any */ 311 }; 312 # endif /* !_HTTP_NO_PRIVATE */ 313 314 315 /* 316 * Some OS's don't have hstrerror(), most notably Solaris... 317 */ 318 319 # ifndef HAVE_HSTRERROR 320 extern const char *_cups_hstrerror(int error); 321 # define hstrerror _cups_hstrerror 322 # endif /* !HAVE_HSTRERROR */ 323 324 325 /* 326 * Prototypes... 327 */ 328 329 extern void _httpAddrSetPort(http_addr_t *addr, int port) _CUPS_PRIVATE; 330 extern http_tls_credentials_t 331 _httpCreateCredentials(cups_array_t *credentials) _CUPS_PRIVATE; 332 extern char *_httpDecodeURI(char *dst, const char *src, 333 size_t dstsize) _CUPS_PRIVATE; 334 extern void _httpDisconnect(http_t *http) _CUPS_PRIVATE; 335 extern char *_httpEncodeURI(char *dst, const char *src, 336 size_t dstsize) _CUPS_PRIVATE; 337 extern void _httpFreeCredentials(http_tls_credentials_t credentials) _CUPS_PRIVATE; 338 extern const char *_httpResolveURI(const char *uri, char *resolved_uri, 339 size_t resolved_size, int options, 340 int (*cb)(void *context), 341 void *context) _CUPS_PRIVATE; 342 extern int _httpSetDigestAuthString(http_t *http, const char *nonce, const char *method, const char *resource) _CUPS_PRIVATE; 343 extern const char *_httpStatus(cups_lang_t *lang, http_status_t status) _CUPS_PRIVATE; 344 extern void _httpTLSInitialize(void) _CUPS_PRIVATE; 345 extern size_t _httpTLSPending(http_t *http) _CUPS_PRIVATE; 346 extern int _httpTLSRead(http_t *http, char *buf, int len) _CUPS_PRIVATE; 347 extern void _httpTLSSetOptions(int options, int min_version, int max_version) _CUPS_PRIVATE; 348 extern int _httpTLSStart(http_t *http) _CUPS_PRIVATE; 349 extern void _httpTLSStop(http_t *http) _CUPS_PRIVATE; 350 extern int _httpTLSWrite(http_t *http, const char *buf, int len) _CUPS_PRIVATE; 351 extern int _httpUpdate(http_t *http, http_status_t *status) _CUPS_PRIVATE; 352 extern int _httpWait(http_t *http, int msec, int usessl) _CUPS_PRIVATE; 353 354 355 /* 356 * C++ magic... 357 */ 358 359 # ifdef __cplusplus 360 } 361 # endif /* __cplusplus */ 362 363 #endif /* !_CUPS_HTTP_PRIVATE_H_ */ 364