--- parser3/src/main/pa_http.C 2009/09/10 09:44:07 1.41 +++ parser3/src/main/pa_http.C 2015/10/08 18:29:15 1.67 @@ -1,12 +1,10 @@ /** @file Parser: http support functions. - Copyright(c) 2001-2009 ArtLebedev Group (http://www.artlebedev.com) + Copyright (c) 2001-2012 Art. Lebedev Studio (http://www.artlebedev.com) Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_HTTP_C="$Date: 2009/09/10 09:44:07 $"; - #include "pa_http.h" #include "pa_common.h" #include "pa_charsets.h" @@ -15,6 +13,14 @@ static const char * const IDENT_HTTP_C=" #include "pa_vfile.h" #include "pa_random.h" +volatile const char * IDENT_PA_HTTP_C="$Id: pa_http.C,v 1.67 2015/10/08 18:29:15 moko Exp $" IDENT_PA_HTTP_H; + +#ifdef _MSC_VER +#include +#else +#define closesocket close +#endif + // defines #define HTTP_METHOD_NAME "method" @@ -22,11 +28,9 @@ static const char * const IDENT_HTTP_C=" #define HTTP_BODY_NAME "body" #define HTTP_TIMEOUT_NAME "timeout" #define HTTP_HEADERS_NAME "headers" -#define HTTP_COOKIES_NAME "cookies" #define HTTP_FORM_ENCTYPE_NAME "enctype" #define HTTP_ANY_STATUS_NAME "any-status" -#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.form[...]$.method[post]] - // by default add charset to content-type +#define HTTP_OMIT_POST_CHARSET_NAME "omit-post-charset" // ^file::load[...;http://...;$.method[post]] by default adds charset to content-type #define HTTP_TABLES_NAME "tables" @@ -35,31 +39,42 @@ static const char * const IDENT_HTTP_C=" #define DEFAULT_USER_AGENT "parser3" -# ifndef INADDR_NONE -# define INADDR_NONE ((ulong) -1) -# endif +#ifndef INADDR_NONE +#define INADDR_NONE ((ulong) -1) +#endif #undef CRLF #define CRLF "\r\n" +// helpers + +class Cookies_table_template_columns: public ArrayString { +public: + Cookies_table_template_columns() { + *this+=new String("name"); + *this+=new String("value"); + *this+=new String("expires"); + *this+=new String("max-age"); + *this+=new String("domain"); + *this+=new String("path"); + *this+=new String("httponly"); + *this+=new String("secure"); + } +}; + + static bool set_addr(struct sockaddr_in *addr, const char* host, const short port){ memset(addr, 0, sizeof(*addr)); addr->sin_family=AF_INET; addr->sin_port=htons(port); if(host) { - ulong packed_ip=inet_addr(host); - if(packed_ip!=INADDR_NONE) - memcpy(&addr->sin_addr, &packed_ip, sizeof(packed_ip)); - else { - struct hostent *hostIP=gethostbyname(host); - if(hostIP) - memcpy(&addr->sin_addr, hostIP->h_addr, hostIP->h_length); - else - return false; - } - } else - addr->sin_addr.s_addr=INADDR_ANY; - return true; + struct hostent *hostIP=gethostbyname(host); + if(hostIP && hostIP->h_addrtype == AF_INET){ + memcpy(&addr->sin_addr, hostIP->h_addr, hostIP->h_length); + return true; + } + } + return false; } size_t guess_content_length(char* buf) { @@ -194,29 +209,6 @@ static void timeout_handler(int /*sig*/) } #endif -static size_t file_untaint(const char* str, size_t len) { - // untaint file from L_FILE_POST encoding - char* j=(char *)str; - const char* end=str+len-1; - for(const char* i=str; i<=end; i++, j++){ - if(*i=='\\' && i!=end){ - switch(*(i+1)){ - case '0': - *j='\0'; - i++; - continue; - case '\\': - *j='\\'; - i++; - continue; - } - } - if(i!=j) - *j=*i; - } - return j-str; // new length -} - static int http_request(char*& response, size_t& response_size, const char* host, short port, const char* request, size_t request_size, @@ -318,18 +310,30 @@ struct Http_pass_header_info { bool* content_type_url_encoded; }; #endif + +char *pa_http_safe_header_name(const char *name) { + char *result=pa_strdup(name); + char *n=result; + if(!pa_isalpha((unsigned char)*n)) + *n++ = '_'; + for(; *n; ++n) { + if (!pa_isalnum((unsigned char)*n) && *n != '-' && *n != '_') + *n = '_'; + } + return result; +} + static void http_pass_header(HashStringValue::key_type aname, HashStringValue::value_type avalue, Http_pass_header_info *info) { const char* name_cstr=aname.cstr(); - String name=String(capitalize(name_cstr), String::L_URI); - if(strcasecmp(name_cstr, HTTP_CONTENT_LENGTH)==0) return; - String value=attributed_meaning_to_string(*avalue, String::L_URI, false); + String name=String(pa_http_safe_header_name(capitalize(name_cstr)), String::L_AS_IS); + String value=attributed_meaning_to_string(*avalue, String::L_HTTP_HEADER, true); *info->request << name << ": " << value << CRLF; @@ -337,7 +341,7 @@ static void http_pass_header(HashStringV *info->user_agent_specified=true; if(strcasecmp(name_cstr, HTTP_CONTENT_TYPE)==0){ *info->content_type_specified=true; - *info->content_type_url_encoded=StrStartFromNC(value.cstr(), HTTP_CONTENT_TYPE_FORM_URLENCODED); + *info->content_type_url_encoded=pa_strncasecmp(value.cstr(), HTTP_CONTENT_TYPE_FORM_URLENCODED)==0; } } @@ -400,33 +404,69 @@ static void form_value2string( } else throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value can be string or table only (file is allowed for $."HTTP_METHOD_NAME"[POST] + $."HTTP_FORM_ENCTYPE_NAME"["HTTP_CONTENT_TYPE_MULTIPART_FORMDATA"])", value->type()); + "is %s, " HTTP_FORM_NAME " option value can be string or table only (file is allowed for $." HTTP_METHOD_NAME "[POST] + $." HTTP_FORM_ENCTYPE_NAME "[" HTTP_CONTENT_TYPE_MULTIPART_FORMDATA "])", value->type()); } const char* pa_form2string(HashStringValue& form, Request_charsets& charsets) { String string; form.for_each(form_value2string, &string); - return string.transcode_and_untaint_cstr(String::L_URI, &charsets); + return string.untaint_and_transcode_cstr(String::L_URI, &charsets); } struct FormPart { Request* r; const char* boundary; - String string; + String* string; Form_table_value2string_info* info; + + struct BinaryBlock{ + const char* ptr; + size_t length; + + BinaryBlock(String* astring, Request* r): ptr(astring->untaint_and_transcode_cstr(String::L_AS_IS, &r->charsets)), length(strlen(ptr)){} + BinaryBlock(const char* aptr, size_t alength): ptr(aptr), length(alength){} + }; + + Array blocks; + + FormPart(Request* ar, const char* aboundary): r(ar), boundary(aboundary), string(new String()){} + + const char *post(size_t &length){ + if(blocks.count()){ + blocks+=BinaryBlock(string, r); + + length=0; + for(size_t i=0; icharsets.source(), part.r->charsets.client()) + << name << "\""; if(file_name){ if(strcmp(file_name, NONAME_DAT)!=0) - part.string << "; filename=\"" << file_name << "\""; - part.string << CRLF HTTP_CONTENT_TYPE_CAPITALIZED ": " << part.r->mime_type_of(file_name); + *part.string << "; filename=\"" << file_name << "\""; + *part.string << CRLF HTTP_CONTENT_TYPE_CAPITALIZED ": " << part.r->mime_type_of(file_name); } - part.string << CRLF CRLF; + *part.string << CRLF CRLF; } static void form_string_value2part( @@ -435,7 +475,7 @@ static void form_string_value2part( FormPart& part) { form_part_boundary_header(part, key); - part.string << Charset::transcode(value, part.r->charsets.source(), part.r->charsets.client()) << CRLF; + *part.string << value << CRLF; } static void form_file_value2part( @@ -444,8 +484,10 @@ static void form_file_value2part( FormPart& part) { form_part_boundary_header(part, key, vfile.fields().get(name_name)->as_string().cstr()); - part.string.append_know_length(vfile.value_ptr(), vfile.value_size(), String::L_FILE_POST); - part.string << CRLF; + part.blocks+=FormPart::BinaryBlock(part.string, part.r); + part.blocks+=FormPart::BinaryBlock(vfile.value_ptr(), vfile.value_size()); + part.string=new String(); + *part.string << CRLF; } static void form_table_value2part(Table::element_type row, FormPart* part) { @@ -460,7 +502,7 @@ static void form_value2part( if(const String* svalue=value->get_string()) form_string_value2part(key, *svalue, part); else if(Table* tvalue=value->get_table()) { - Form_table_value2string_info info(key, part.string); + Form_table_value2string_info info(key, *part.string); part.info = &info; tvalue->for_each(form_table_value2part, &part); } else if(VFile* vfile=static_cast(value->as("file"))){ @@ -468,18 +510,15 @@ static void form_value2part( } else throw Exception(PARSER_RUNTIME, new String(key, String::L_TAINTED), - "is %s, "HTTP_FORM_NAME" option value can be string, table or file only", value->type()); + "is %s, " HTTP_FORM_NAME " option value can be string, table or file only", value->type()); } const char* pa_form2string_multipart(HashStringValue& form, Request& r, const char* boundary, size_t& post_size){ - FormPart formpart; - formpart.r=&r; - formpart.boundary=boundary; - formpart.info=NULL; + FormPart formpart(&r, boundary); form.for_each(form_value2part, formpart); - formpart.string << "--" << boundary << "--"; - post_size=formpart.string.length(); // very surprizing, but it calculates correct post_size even with binary files! - return formpart.string.untaint_cstr(String::L_AS_IS); // without transcoding + *formpart.string << "--" << boundary << "--"; + // @todo: return binary blocks here to save memory in pa_internal_file_read_http + return formpart.post(post_size); } static void find_headers_end(char* p, @@ -501,6 +540,82 @@ static void find_headers_end(char* p, headers_end_at=0; } +// Set-Cookie: name=value; Domain=docs.foo.com; Path=/accounts; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly +static ArrayString* parse_cookie(Request& r, const String& cookie) { + char *current=pa_strdup(cookie.cstr()); + + const String* name=0; + const String* value=&String::Empty; + const String* expires=&String::Empty; + const String* max_age=&String::Empty; + const String* path=&String::Empty; + const String* domain=&String::Empty; + const String* httponly=&String::Empty; + const String* secure=&String::Empty; + + bool first_pair=true; + + do { + if(char *meaning=search_stop(current, ';')) + if(char *attribute=search_stop(meaning, '=')) { + const String* sname=new String(unescape_chars(attribute, strlen(attribute), &r.charsets.source(), true/*don't convert '"' to space*/), String::L_TAINTED); + const String* smeaning=0; + if(meaning) + smeaning=new String(unescape_chars(meaning, strlen(meaning), &r.charsets.source(), true/*don't convert '"' to space*/), String::L_TAINTED); + + if(first_pair) { + // name + value + name=sname; + value=smeaning; + first_pair=false; + } else { + const String& slower=sname->change_case(r.charsets.source(), String::CC_LOWER); + + if(slower == "expires") + expires=smeaning; + else if(slower == "max-age") + max_age=smeaning; + else if(slower == "domain") + domain=smeaning; + else if(slower == "path") + path=smeaning; + else if(slower == "httponly") + httponly=new String("1", String::L_CLEAN); + else if(slower == "secure") + secure=new String("1", String::L_CLEAN); + else { + // todo@ ? + } + } + } + } while(current); + + if(!name) + return 0; + + ArrayString* result=new ArrayString(8); + *result+=name; + *result+=value; + *result+=expires; + *result+=max_age; + *result+=domain; + *result+=path; + *result+=httponly; + *result+=secure; + + return result; +} + +Table* parse_cookies(Request& r, Table *cookies){ + Table& result=*new Table(new Cookies_table_template_columns); + + for(Array_iterator i(*cookies); i.has_next(); ) + if(ArrayString* row=parse_cookie(r, *i.next()->get(0))) + result+=row; + + return &result; +} + /// @todo build .cookies field. use ^file.tables.SET-COOKIES.menu{ for now File_read_http_result pa_internal_file_read_http(Request& r, const String& file_spec, @@ -509,12 +624,12 @@ File_read_http_result pa_internal_file_r bool transcode_text_result) { File_read_http_result result; char host[MAX_STRING]; + const char *idna_host; const char* uri; - short port; + short port=80; const char* method="GET"; bool method_is_get=true; HashStringValue* form=0; - const char* body_cstr=0; int timeout_secs=2; bool fail_on_status_ne_200=true; bool omit_post_charset=false; @@ -522,6 +637,7 @@ File_read_http_result pa_internal_file_r Value* vcookies=0; Value* vbody=0; Charset *asked_remote_charset=0; + Charset* real_remote_charset=0; const char* user_cstr=0; const char* password_cstr=0; const char* encode=0; @@ -565,8 +681,11 @@ File_read_http_result pa_internal_file_r omit_post_charset=vomit_post_charset->as_bool(); } if(Value* vcharset_name=options->get(PA_CHARSET_NAME)) { - asked_remote_charset=&charsets.get(vcharset_name->as_string(). - change_case(r.charsets.source(), String::CC_UPPER)); + asked_remote_charset=&charsets.get(vcharset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); + } + if(Value* vresponse_charset_name=options->get(PA_RESPONSE_CHARSET_NAME)) { + valid_options++; + real_remote_charset=&charsets.get(vresponse_charset_name->as_string().change_case(r.charsets.source(), String::CC_UPPER)); } if(Value* vuser=options->get(HTTP_USER)) { valid_options++; @@ -578,9 +697,7 @@ File_read_http_result pa_internal_file_r } if(valid_options!=options->count()) - throw Exception(PARSER_RUNTIME, - 0, - INVALID_OPTION_PASSED); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } if(!asked_remote_charset) // defaulting to $request:charset asked_remote_charset=&(r.charsets).source(); @@ -589,37 +706,38 @@ File_read_http_result pa_internal_file_r if(method_is_get) throw Exception(PARSER_RUNTIME, 0, - "you can not use $."HTTP_FORM_ENCTYPE_NAME" option with method GET"); + "you can not use $." HTTP_FORM_ENCTYPE_NAME " option with method GET"); multipart=strcasecmp(encode, HTTP_CONTENT_TYPE_MULTIPART_FORMDATA)==0; if(!multipart && strcasecmp(encode, HTTP_CONTENT_TYPE_FORM_URLENCODED)!=0) throw Exception(PARSER_RUNTIME, 0, - "$."HTTP_FORM_ENCTYPE_NAME" option value can be "HTTP_CONTENT_TYPE_FORM_URLENCODED" or "HTTP_CONTENT_TYPE_MULTIPART_FORMDATA" only"); + "$." HTTP_FORM_ENCTYPE_NAME " option value can be " HTTP_CONTENT_TYPE_FORM_URLENCODED " or " HTTP_CONTENT_TYPE_MULTIPART_FORMDATA " only"); } if(vbody){ if(method_is_get) throw Exception(PARSER_RUNTIME, 0, - "you can not use $."HTTP_BODY_NAME" option with method GET"); + "you can not use $." HTTP_BODY_NAME " option with method GET"); if(form) throw Exception(PARSER_RUNTIME, 0, - "you can not use options $."HTTP_BODY_NAME" and $."HTTP_FORM_NAME" together"); + "you can not use options $." HTTP_BODY_NAME " and $." HTTP_FORM_NAME " together"); } //preparing request String& connect_string=*new String(file_spec); - String request_head_and_body; + const char* request; + size_t request_size; { // influence URLencoding of tainted pieces to String::L_URI lang Temp_client_charset temp(r.charsets, *asked_remote_charset); - const char* connect_string_cstr=connect_string.transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); + const char* connect_string_cstr=connect_string.untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); const char* current=connect_string_cstr; if(strncmp(current, "http://", 7)!=0) @@ -632,8 +750,15 @@ File_read_http_result pa_internal_file_r char* host_uri=lsplit(host, '/'); uri=host_uri?current+(host_uri-1-host):"/"; char* port_cstr=lsplit(host, ':'); - char* error_pos=0; - port=port_cstr?(short)strtol(port_cstr, &error_pos, 0):80; + + if (port_cstr){ + char* error_pos=0; + port=(short)strtol(port_cstr, &error_pos, 10); + if(port==0 || *error_pos) + throw Exception(PARSER_RUNTIME, &connect_string, "invalid port number '%s'", port_cstr); + } + + idna_host=pa_idna_encode(host, r.charsets.source()); // making request head String head; @@ -641,7 +766,10 @@ File_read_http_result pa_internal_file_r if(method_is_get && form) head << (strchr(uri, '?')!=0?"&":"?") << pa_form2string(*form, r.charsets); - head <<" HTTP/1.0" CRLF "Host: "<< host << CRLF; + head <<" HTTP/1.0" CRLF "Host: "<< idna_host; + if (port != 80) + head << ":" << port_cstr; + head << CRLF; char* boundary=0; @@ -676,6 +804,7 @@ File_read_http_result pa_internal_file_r "headers param must be hash"); }; + const char* request_body=0; size_t post_size=0; if(form && !method_is_get) { head << "Content-Type: " << (multipart ? HTTP_CONTENT_TYPE_MULTIPART_FORMDATA : HTTP_CONTENT_TYPE_FORM_URLENCODED); @@ -685,26 +814,26 @@ File_read_http_result pa_internal_file_r if(multipart) { head << "; boundary=" << boundary; - body_cstr=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); + request_body=pa_form2string_multipart(*form, r/*charsets & mime_type needed*/, boundary, post_size/*correct post_size returned here*/); } else { - body_cstr=pa_form2string(*form, r.charsets); - post_size=strlen(body_cstr); + request_body=pa_form2string(*form, r.charsets); + post_size=strlen(request_body); } head << CRLF; } else if(vbody) { // $.body was specified if(content_type_url_encoded){ // transcode + url-encode - body_cstr=vbody->as_string().transcode_and_untaint_cstr(String::L_URI, &(r.charsets)); + request_body=vbody->as_string().untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); } else { // content-type != application/x-www-form-urlencoded -> transcode only, don't url-encode! - body_cstr=Charset::transcode( + request_body=Charset::transcode( String::C(vbody->as_string().cstr(), vbody->as_string().length()), r.charsets.source(), *asked_remote_charset - ); + ).str; } - post_size=strlen(body_cstr); + post_size=strlen(request_body); } // http://www.ietf.org/rfc/rfc2617.txt @@ -730,32 +859,35 @@ File_read_http_result pa_internal_file_r } else throw Exception(PARSER_RUNTIME, 0, - "cookies param must be hash"); + "cookies param must be hash"); } - if(body_cstr) + if(request_body) head << "Content-Length: " << format(post_size, "%u") << CRLF; + + head << CRLF; + + const char *request_head=head.untaint_and_transcode_cstr(String::L_URI, &(r.charsets)); - // head + end of header - request_head_and_body << head.transcode_and_untaint_cstr(String::L_URI, &(r.charsets)) << CRLF; - - // body - if(body_cstr) - request_head_and_body << body_cstr; + if(request_body){ + size_t head_size = strlen(request_head); + request_size=post_size + head_size; + char *ptr=(char *)pa_malloc_atomic(request_size); + memcpy(ptr, request_head, head_size); + memcpy(ptr+head_size, request_body, post_size); + request=ptr; + } else { + request_size=strlen(request_head); + request=request_head; + } } - const char* request_cstr=request_head_and_body.cstr(); - size_t request_size=strlen(request_cstr); - - if(multipart) - request_size=file_untaint(request_cstr, request_size); - char* response; size_t response_size; // sending request int status_code=http_request(response, response_size, - host, port, request_cstr, request_size, + idna_host, port, request, request_size, timeout_secs, fail_on_status_ne_200); // processing results @@ -769,7 +901,6 @@ File_read_http_result pa_internal_file_r result.headers=new HashStringValue; VHash* vtables=new VHash; result.headers->put(HTTP_TABLES_NAME, vtables); - Charset* real_remote_charset=0; // undetected, yet if(headers_end_at) { *headers_end_at=0; @@ -792,7 +923,7 @@ File_read_http_result pa_internal_file_r "bad response from host - bad header \"%s\"", line.cstr()); const String::Body HEADER_NAME=line.mid(0, pos).change_case(r.charsets.source(), String::CC_UPPER); const String& HEADER_VALUE=line.mid(pos+1, line.length()).trim(String::TRIM_BOTH, " \t\r"); - if(as_text && HEADER_NAME==HTTP_CONTENT_TYPE_UPPER) + if(as_text && HEADER_NAME==HTTP_CONTENT_TYPE_UPPER && !real_remote_charset) real_remote_charset=detect_charset(HEADER_VALUE.cstr()); // tables @@ -820,12 +951,18 @@ File_read_http_result pa_internal_file_r result.headers->put(HEADER_NAME, new VString(HEADER_VALUE)); } + + // filling $.cookies + if(Value *vcookies=(Value *)tables.get("SET-COOKIE")) + result.headers->put(HTTP_COOKIES_NAME, new VTable(parse_cookies(r, vcookies->get_table()))); } if(as_text && raw_body_size>=3 && strncmp(raw_body, "\xEF\xBB\xBF", 3)==0){ // skip UTF-8 signature (BOM code) raw_body+=3; raw_body_size-=3; + if(!real_remote_charset) + real_remote_charset=&UTF8_charset; } // output response