|
|
ecf709 |
From cfb82199afe237b4e892aaf2816db63279d7cb21 Mon Sep 17 00:00:00 2001
|
|
|
ecf709 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
ecf709 |
Date: Tue, 28 Feb 2017 14:14:40 +0100
|
|
|
ecf709 |
Subject: [PATCH 84/90] secrets: remove http-parser code in proxy provider
|
|
|
ecf709 |
|
|
|
ecf709 |
We switche to libcurl in previous patch. This just removes the unused code.
|
|
|
ecf709 |
|
|
|
ecf709 |
Resolves:
|
|
|
ecf709 |
https://pagure.io/SSSD/sssd/issue/3192
|
|
|
ecf709 |
|
|
|
ecf709 |
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
ecf709 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ecf709 |
(cherry picked from commit 06744bf5a47d5971a338281c8243b11cf72dac90)
|
|
|
ecf709 |
---
|
|
|
ecf709 |
src/responder/secrets/proxy.c | 581 ------------------------------------------
|
|
|
ecf709 |
1 file changed, 581 deletions(-)
|
|
|
ecf709 |
|
|
|
ecf709 |
diff --git a/src/responder/secrets/proxy.c b/src/responder/secrets/proxy.c
|
|
|
ecf709 |
index fe2f0134e233d9a98f499fe563abe0af69762514..3c495716010ac468c9e2f1fb6356529a8dbdc614 100644
|
|
|
ecf709 |
--- a/src/responder/secrets/proxy.c
|
|
|
ecf709 |
+++ b/src/responder/secrets/proxy.c
|
|
|
ecf709 |
@@ -395,587 +395,6 @@ done:
|
|
|
ecf709 |
return ret;
|
|
|
ecf709 |
}
|
|
|
ecf709 |
|
|
|
ecf709 |
-struct proxy_http_request {
|
|
|
ecf709 |
- struct sec_data *data;
|
|
|
ecf709 |
- size_t written;
|
|
|
ecf709 |
-};
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-struct proxy_http_reply {
|
|
|
ecf709 |
- http_parser parser;
|
|
|
ecf709 |
- bool complete;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- int status_code;
|
|
|
ecf709 |
- char *reason_phrase;
|
|
|
ecf709 |
- struct sec_kvp *headers;
|
|
|
ecf709 |
- int num_headers;
|
|
|
ecf709 |
- struct sec_data body;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- size_t received;
|
|
|
ecf709 |
-};
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-struct proxy_http_req_state {
|
|
|
ecf709 |
- struct tevent_context *ev;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- char *proxyname;
|
|
|
ecf709 |
- int port;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- struct resolv_hostent *hostent;
|
|
|
ecf709 |
- int hostidx;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- int sd;
|
|
|
ecf709 |
- struct tevent_fd *fde;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- struct proxy_http_request request;
|
|
|
ecf709 |
- struct proxy_http_reply *reply;
|
|
|
ecf709 |
-};
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int proxy_http_req_state_destroy(void *data);
|
|
|
ecf709 |
-static void proxy_http_req_gethostname_done(struct tevent_req *subreq);
|
|
|
ecf709 |
-static void proxy_http_req_connect_step(struct tevent_req *req);
|
|
|
ecf709 |
-static void proxy_http_req_connect_done(struct tevent_req *subreq);
|
|
|
ecf709 |
-static void proxy_fd_handler(struct tevent_context *ev, struct tevent_fd *fde,
|
|
|
ecf709 |
- uint16_t flags, void *ptr);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-struct tevent_req *proxy_http_req_send(struct proxy_context *pctx,
|
|
|
ecf709 |
- TALLOC_CTX *mem_ctx,
|
|
|
ecf709 |
- struct tevent_context *ev,
|
|
|
ecf709 |
- struct sec_req_ctx *secreq,
|
|
|
ecf709 |
- const char *http_uri,
|
|
|
ecf709 |
- struct sec_data *http_req)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- struct http_parser_url parsed;
|
|
|
ecf709 |
- struct tevent_req *req, *subreq;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req = tevent_req_create(mem_ctx, &state, struct proxy_http_req_state);
|
|
|
ecf709 |
- if (!req) return NULL;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- state->ev = ev;
|
|
|
ecf709 |
- state->request.data = http_req;
|
|
|
ecf709 |
- state->sd = -1;
|
|
|
ecf709 |
- talloc_set_destructor((TALLOC_CTX *)state,
|
|
|
ecf709 |
- proxy_http_req_state_destroy);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* STEP1: reparse URL to get hostname and port */
|
|
|
ecf709 |
- ret = http_parser_parse_url(http_uri, strlen(http_uri), 0, &parsed);
|
|
|
ecf709 |
- if (ret) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse URL [%s]: %d: %s\n",
|
|
|
ecf709 |
- http_uri, ret, sss_strerror(ret));
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!(parsed.field_set & (1 << UF_HOST))) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_CRIT_FAILURE, "No UF_HOST flag found\n");
|
|
|
ecf709 |
- ret = EINVAL;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- state->proxyname =
|
|
|
ecf709 |
- talloc_strndup(state,
|
|
|
ecf709 |
- &http_uri[parsed.field_data[UF_HOST].off],
|
|
|
ecf709 |
- parsed.field_data[UF_HOST].len);
|
|
|
ecf709 |
- if (!state->proxyname) {
|
|
|
ecf709 |
- ret = ENOMEM;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_LIBS, "proxy name: %s\n", state->proxyname);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (parsed.field_set & (1 << UF_PORT)) {
|
|
|
ecf709 |
- state->port = parsed.port;
|
|
|
ecf709 |
- } else if (parsed.field_set & (1 << UF_SCHEMA)) {
|
|
|
ecf709 |
- uint16_t off = parsed.field_data[UF_SCHEMA].off;
|
|
|
ecf709 |
- uint16_t len = parsed.field_data[UF_SCHEMA].len;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if ((len == 5) &&
|
|
|
ecf709 |
- (strncmp("https", &http_uri[off], len) == 0)) {
|
|
|
ecf709 |
- state->port = 443;
|
|
|
ecf709 |
- } else if ((len == 4) &&
|
|
|
ecf709 |
- (strncmp("http", &http_uri[off], len) == 0)) {
|
|
|
ecf709 |
- state->port = 80;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_LIBS, "proxy port: %d\n", state->port);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* STEP2: resolve hostname first */
|
|
|
ecf709 |
- subreq = resolv_gethostbyname_send(state, ev, pctx->resctx,
|
|
|
ecf709 |
- state->proxyname, IPV4_FIRST,
|
|
|
ecf709 |
- default_host_dbs);
|
|
|
ecf709 |
- if (subreq == NULL) {
|
|
|
ecf709 |
- ret = ENOMEM;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- tevent_req_set_callback(subreq, proxy_http_req_gethostname_done, req);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return req;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-done:
|
|
|
ecf709 |
- if (ret == EOK) {
|
|
|
ecf709 |
- tevent_req_done(req);
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- tevent_req_error(req, ret);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- tevent_req_post(req, ev);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return req;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_http_req_gethostname_done(struct tevent_req *subreq)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct tevent_req *req;
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- int resolv_status;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
ecf709 |
- state = tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL,
|
|
|
ecf709 |
- &state->hostent);
|
|
|
ecf709 |
- talloc_zfree(subreq);
|
|
|
ecf709 |
- if (ret != EOK) {
|
|
|
ecf709 |
- if (ret == ENOENT) {
|
|
|
ecf709 |
- /* Empty result, just quit */
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_INTERNAL, "No hostent found\n");
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- DEBUG(SSSDBG_OP_FAILURE,
|
|
|
ecf709 |
- "Could not resolve fqdn for this machine, error [%d]: %s, "
|
|
|
ecf709 |
- "resolver returned: [%d]: %s\n", ret, strerror(ret),
|
|
|
ecf709 |
- resolv_status, resolv_strerror(resolv_status));
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* EOK */
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_INTERNAL, "Found fqdn: %s\n", state->hostent->name);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* STEP3: connect to one of the servers */
|
|
|
ecf709 |
- proxy_http_req_connect_step(req);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-done:
|
|
|
ecf709 |
- if (ret == EOK) {
|
|
|
ecf709 |
- tevent_req_done(req);
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- tevent_req_error(req, ret);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_http_req_connect_step(struct tevent_req *req)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- struct sockaddr_storage *sockaddr;
|
|
|
ecf709 |
- char *ipaddr;
|
|
|
ecf709 |
- struct tevent_req *subreq;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- state = tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!state->hostent->addr_list[state->hostidx]) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_CRIT_FAILURE, "No more addresses to try.\n");
|
|
|
ecf709 |
- ret = ERR_SEC_NO_PROXY;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- sockaddr = resolv_get_sockaddr_address_index(state, state->hostent,
|
|
|
ecf709 |
- state->port, state->hostidx);
|
|
|
ecf709 |
- if (sockaddr == NULL) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_OP_FAILURE, "resolv_get_sockaddr_address() failed\n");
|
|
|
ecf709 |
- ret = EIO;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (DEBUG_IS_SET(SSSDBG_TRACE_FUNC)) {
|
|
|
ecf709 |
- ipaddr = resolv_get_string_address_index(state, state->hostent,
|
|
|
ecf709 |
- state->hostidx);
|
|
|
ecf709 |
- if (!ipaddr) {
|
|
|
ecf709 |
- ret = EFAULT;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_FUNC, "Connecting to %s:%d\n",
|
|
|
ecf709 |
- ipaddr, state->port);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* increase idx for next attempt */
|
|
|
ecf709 |
- state->hostidx++;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- subreq = sssd_async_socket_init_send(state, state->ev, sockaddr,
|
|
|
ecf709 |
- sizeof(struct sockaddr_storage),
|
|
|
ecf709 |
- SEC_NET_TIMEOUT);
|
|
|
ecf709 |
- if (!subreq) {
|
|
|
ecf709 |
- ret = EIO;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- tevent_req_set_callback(subreq, proxy_http_req_connect_done, req);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-done:
|
|
|
ecf709 |
- if (ret == EOK) {
|
|
|
ecf709 |
- tevent_req_done(req);
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- tevent_req_error(req, ret);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_http_req_connect_done(struct tevent_req *subreq)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct tevent_req *req;
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
ecf709 |
- state = tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = sssd_async_socket_init_recv(subreq, &state->sd);
|
|
|
ecf709 |
- talloc_zfree(subreq);
|
|
|
ecf709 |
- if (ret != EOK) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ecf709 |
- "sssd_async_socket_init request failed: [%d]: %s.\n",
|
|
|
ecf709 |
- ret, sss_strerror(ret));
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* try next server if any */
|
|
|
ecf709 |
- proxy_http_req_connect_step(req);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* EOK */
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_FUNC, "Connected to %s\n", state->hostent->name);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- state->fde = tevent_add_fd(state->ev, state, state->sd,
|
|
|
ecf709 |
- TEVENT_FD_WRITE, proxy_fd_handler,
|
|
|
ecf709 |
- req);
|
|
|
ecf709 |
- if (!state->fde) {
|
|
|
ecf709 |
- ret = EIO;
|
|
|
ecf709 |
- goto done;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-done:
|
|
|
ecf709 |
- if (ret == EOK) {
|
|
|
ecf709 |
- tevent_req_done(req);
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- tevent_req_error(req, ret);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-int proxy_http_req_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
|
|
|
ecf709 |
- struct proxy_http_reply **reply)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_req_state *state =
|
|
|
ecf709 |
- tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- *reply = talloc_move(mem_ctx, &state->reply);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return EOK;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int proxy_http_req_state_destroy(void *data)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_req_state *state =
|
|
|
ecf709 |
- talloc_get_type(data, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!state) return 0;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (state->sd != -1) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_FUNC, "closing socket [%d]\n", state->sd);
|
|
|
ecf709 |
- close(state->sd);
|
|
|
ecf709 |
- state->sd = -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int proxy_wire_send(int fd, struct proxy_http_request *req)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct sec_data data;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- data.data = req->data->data + req->written;
|
|
|
ecf709 |
- data.length = req->data->length - req->written;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = sec_send_data(fd, &data);
|
|
|
ecf709 |
- if (ret != EOK && ret != EAGAIN) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
ecf709 |
- "sec_send_data failed [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
ecf709 |
- return ret;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req->written = req->data->length - data.length;
|
|
|
ecf709 |
- return ret;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_fd_send(void *data)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- struct tevent_req * req;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req = talloc_get_type(data, struct tevent_req);
|
|
|
ecf709 |
- state = tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = proxy_wire_send(state->sd, &state->request);
|
|
|
ecf709 |
- if (ret == EAGAIN) {
|
|
|
ecf709 |
- /* not all data was sent, loop again */
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- if (ret != EOK) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to send data, aborting!\n");
|
|
|
ecf709 |
- tevent_req_error(req, ret);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* ok all sent, wait for reply now */
|
|
|
ecf709 |
- TEVENT_FD_NOT_WRITEABLE(state->fde);
|
|
|
ecf709 |
- TEVENT_FD_READABLE(state->fde);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static bool ph_received_data(struct proxy_http_reply *reply, size_t length)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- reply->received += length;
|
|
|
ecf709 |
- if (reply->received > SEC_REQUEST_MAX_SIZE) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE, "Request too big, aborting!\n");
|
|
|
ecf709 |
- return true;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- return false;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void ph_append_string(TALLOC_CTX *memctx, char **dest,
|
|
|
ecf709 |
- const char *src, size_t len)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- if (*dest) {
|
|
|
ecf709 |
- *dest = talloc_strndup_append_buffer(*dest, src, len);
|
|
|
ecf709 |
- } else {
|
|
|
ecf709 |
- *dest = talloc_strndup(memctx, src, len);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_message_begin(http_parser *parser)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_INTERNAL, "HTTP Message parsing begins\n");
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-#if ((HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2))
|
|
|
ecf709 |
-static int ph_on_status(http_parser *parser, const char *at, size_t length)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_reply *reply =
|
|
|
ecf709 |
- talloc_get_type(parser->data, struct proxy_http_reply);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (ph_received_data(reply, length)) return -1;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ph_append_string(reply, &reply->reason_phrase, at, length);
|
|
|
ecf709 |
- if (!reply->reason_phrase) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to store reason phrase, aborting client!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-#endif
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_header_field(http_parser *parser,
|
|
|
ecf709 |
- const char *at, size_t length)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_reply *reply =
|
|
|
ecf709 |
- talloc_get_type(parser->data, struct proxy_http_reply);
|
|
|
ecf709 |
- int n = reply->num_headers;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (ph_received_data(reply, length)) return -1;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!reply->headers) {
|
|
|
ecf709 |
- reply->headers = talloc_zero_array(reply, struct sec_kvp, 10);
|
|
|
ecf709 |
- } else if ((n % 10 == 0) &&
|
|
|
ecf709 |
- (reply->headers[n - 1].value)) {
|
|
|
ecf709 |
- reply->headers = talloc_realloc(reply, reply->headers,
|
|
|
ecf709 |
- struct sec_kvp, n + 10);
|
|
|
ecf709 |
- if (reply->headers) {
|
|
|
ecf709 |
- memset(&reply->headers[n], 0, sizeof(struct sec_kvp) * 10);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- if (!reply->headers) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to store headers, aborting client!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!n || reply->headers[n - 1].value) {
|
|
|
ecf709 |
- /* new field */
|
|
|
ecf709 |
- n++;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- ph_append_string(reply->headers, &reply->headers[n - 1].name, at, length);
|
|
|
ecf709 |
- if (!reply->headers[n - 1].name) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to store header name, aborting client!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_header_value(http_parser *parser,
|
|
|
ecf709 |
- const char *at, size_t length)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_reply *reply =
|
|
|
ecf709 |
- talloc_get_type(parser->data, struct proxy_http_reply);
|
|
|
ecf709 |
- int n = reply->num_headers;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (ph_received_data(reply, length)) return -1;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!reply->headers) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Invalid headers pointer, aborting client!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (reply->headers[n].name && !reply->headers[n].value) {
|
|
|
ecf709 |
- /* we increment on new value */
|
|
|
ecf709 |
- n = ++reply->num_headers;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ph_append_string(reply->headers, &reply->headers[n - 1].value, at, length);
|
|
|
ecf709 |
- if (!reply->headers[n - 1].value) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to store header value, aborting client!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_headers_complete(http_parser *parser)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- /* TODO: if message has no body we should return 1 */
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_body(http_parser *parser, const char *at, size_t length)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_reply *reply =
|
|
|
ecf709 |
- talloc_get_type(parser->data, struct proxy_http_reply);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (ph_received_data(reply, length)) return -1;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* FIXME: body may be binary */
|
|
|
ecf709 |
- ph_append_string(reply, &reply->body.data, at, length);
|
|
|
ecf709 |
- if (!reply->body.data) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to store body, aborting!\n");
|
|
|
ecf709 |
- return -1;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- reply->body.length += length;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static int ph_on_message_complete(http_parser *parser)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- struct proxy_http_reply *reply =
|
|
|
ecf709 |
- talloc_get_type(parser->data, struct proxy_http_reply);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- reply->status_code = parser->status_code;
|
|
|
ecf709 |
- reply->complete = true;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- return 0;
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static http_parser_settings ph_callbacks = {
|
|
|
ecf709 |
- .on_message_begin = ph_on_message_begin,
|
|
|
ecf709 |
-#if ((HTTP_PARSER_VERSION_MAJOR >= 2) && (HTTP_PARSER_VERSION_MINOR >= 2))
|
|
|
ecf709 |
- .on_status = ph_on_status,
|
|
|
ecf709 |
-#endif
|
|
|
ecf709 |
- .on_header_field = ph_on_header_field,
|
|
|
ecf709 |
- .on_header_value = ph_on_header_value,
|
|
|
ecf709 |
- .on_headers_complete = ph_on_headers_complete,
|
|
|
ecf709 |
- .on_body = ph_on_body,
|
|
|
ecf709 |
- .on_message_complete = ph_on_message_complete
|
|
|
ecf709 |
-};
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_fd_recv(void *data)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- char buffer[SEC_PACKET_MAX_RECV_SIZE];
|
|
|
ecf709 |
- struct sec_data packet = { buffer,
|
|
|
ecf709 |
- SEC_PACKET_MAX_RECV_SIZE };
|
|
|
ecf709 |
- struct proxy_http_req_state *state;
|
|
|
ecf709 |
- struct tevent_req *req;
|
|
|
ecf709 |
- bool must_complete = false;
|
|
|
ecf709 |
- int ret;
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- req = talloc_get_type(data, struct tevent_req);
|
|
|
ecf709 |
- state = tevent_req_data(req, struct proxy_http_req_state);
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!state->reply) {
|
|
|
ecf709 |
- /* A new reply */
|
|
|
ecf709 |
- state->reply = talloc_zero(state, struct proxy_http_reply);
|
|
|
ecf709 |
- if (!state->reply) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to allocate reply, aborting!\n");
|
|
|
ecf709 |
- tevent_req_error(req, ENOMEM);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- http_parser_init(&state->reply->parser, HTTP_RESPONSE);
|
|
|
ecf709 |
- state->reply->parser.data = state->reply;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = sec_recv_data(state->sd, &packet);
|
|
|
ecf709 |
- switch (ret) {
|
|
|
ecf709 |
- case ENODATA:
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_ALL, "Server closed connection.\n");
|
|
|
ecf709 |
- /* if we got no content length and the request is not complete,
|
|
|
ecf709 |
- * then 0 length will indicate EOF to the parser, otherwise we
|
|
|
ecf709 |
- * have an error */
|
|
|
ecf709 |
- must_complete = true;
|
|
|
ecf709 |
- break;
|
|
|
ecf709 |
- case EAGAIN:
|
|
|
ecf709 |
- DEBUG(SSSDBG_TRACE_ALL,
|
|
|
ecf709 |
- "Interrupted before any data could be read, retry later\n");
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- case EOK:
|
|
|
ecf709 |
- /* all fine */
|
|
|
ecf709 |
- break;
|
|
|
ecf709 |
- default:
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to receive data (%d, %s), aborting\n",
|
|
|
ecf709 |
- ret, sss_strerror(ret));
|
|
|
ecf709 |
- tevent_req_error(req, EIO);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- ret = http_parser_execute(&state->reply->parser, &ph_callbacks,
|
|
|
ecf709 |
- packet.data, packet.length);
|
|
|
ecf709 |
- if (ret != packet.length) {
|
|
|
ecf709 |
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
ecf709 |
- "Failed to parse request, aborting!\n");
|
|
|
ecf709 |
- tevent_req_error(req, EIO);
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- if (!state->reply->complete) {
|
|
|
ecf709 |
- if (must_complete) {
|
|
|
ecf709 |
- tevent_req_error(req, EIO);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
- return;
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-
|
|
|
ecf709 |
- /* do not read anymore, server is done sending */
|
|
|
ecf709 |
- TEVENT_FD_NOT_READABLE(state->fde);
|
|
|
ecf709 |
- tevent_req_done(req);
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
-static void proxy_fd_handler(struct tevent_context *ev, struct tevent_fd *fde,
|
|
|
ecf709 |
- uint16_t flags, void *data)
|
|
|
ecf709 |
-{
|
|
|
ecf709 |
- if (flags & TEVENT_FD_READ) {
|
|
|
ecf709 |
- proxy_fd_recv(data);
|
|
|
ecf709 |
- } else if (flags & TEVENT_FD_WRITE) {
|
|
|
ecf709 |
- proxy_fd_send(data);
|
|
|
ecf709 |
- }
|
|
|
ecf709 |
-}
|
|
|
ecf709 |
-
|
|
|
ecf709 |
struct proxy_secret_state {
|
|
|
ecf709 |
struct tevent_context *ev;
|
|
|
ecf709 |
struct sec_req_ctx *secreq;
|
|
|
ecf709 |
--
|
|
|
ecf709 |
2.9.3
|
|
|
ecf709 |
|