XRootD
XrdHttpUtils.cc
Go to the documentation of this file.
1 //------------------------------------------------------------------------------
2 // This file is part of XrdHTTP: A pragmatic implementation of the
3 // HTTP/WebDAV protocol for the Xrootd framework
4 //
5 // Copyright (c) 2013 by European Organization for Nuclear Research (CERN)
6 // Author: Fabrizio Furano <furano@cern.ch>
7 // File Date: Apr 2013
8 //------------------------------------------------------------------------------
9 // XRootD is free software: you can redistribute it and/or modify
10 // it under the terms of the GNU Lesser General Public License as published by
11 // the Free Software Foundation, either version 3 of the License, or
12 // (at your option) any later version.
13 //
14 // XRootD is distributed in the hope that it will be useful,
15 // but WITHOUT ANY WARRANTY; without even the implied warranty of
16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 // GNU General Public License for more details.
18 //
19 // You should have received a copy of the GNU Lesser General Public License
20 // along with XRootD. If not, see <http://www.gnu.org/licenses/>.
21 //------------------------------------------------------------------------------
22 
23 
24 
25 
26 
27 
28 
29 
40 #include "XrdHttpUtils.hh"
41 
42 #include <cstring>
43 #include <openssl/hmac.h>
44 #include <openssl/bio.h>
45 #include <openssl/buffer.h>
46 #include <openssl/err.h>
47 #include <openssl/ssl.h>
48 # include "sys/param.h"
49 
50 #include <pthread.h>
51 #include <memory>
52 #include <vector>
53 #include <algorithm>
54 
55 #include "XrdSec/XrdSecEntity.hh"
56 #include "XrdOuc/XrdOucString.hh"
57 
58 #if OPENSSL_VERSION_NUMBER < 0x10100000L
59 static HMAC_CTX* HMAC_CTX_new() {
60  HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));
61  if (ctx) HMAC_CTX_init(ctx);
62  return ctx;
63 }
64 
65 static void HMAC_CTX_free(HMAC_CTX *ctx) {
66  if (ctx) {
67  HMAC_CTX_cleanup(ctx);
68  OPENSSL_free(ctx);
69  }
70 }
71 #endif
72 
73 
74 // GetHost from URL
75 // Parse an URL and extract the host name and port
76 // Return 0 if OK
77 int parseURL(char *url, char *host, int &port, char **path) {
78  // http://x.y.z.w:p/path
79 
80  *path = 0;
81 
82  // look for the second slash
83  char *p = strstr(url, "//");
84  if (!p) return -1;
85 
86 
87  p += 2;
88 
89  // look for the end of the host:port
90  char *p2 = strchr(p, '/');
91  if (!p2) return -1;
92 
93  *path = p2;
94 
95  char buf[256];
96  int l = std::min((int)(p2 - p), (int)sizeof (buf));
97  strncpy(buf, p, l);
98  buf[l] = '\0';
99 
100  // Now look for :
101  p = strchr(buf, ':');
102  if (p) {
103  int l = std::min((int)(p - buf), (int)sizeof (buf));
104  strncpy(host, buf, l);
105  host[l] = '\0';
106 
107  port = atoi(p + 1);
108  } else {
109  port = 0;
110 
111 
112  strcpy(host, buf);
113  }
114 
115  return 0;
116 }
117 
118 
119 // Encode an array of bytes to base64
120 
121 void Tobase64(const unsigned char *input, int length, char *out) {
122  BIO *bmem, *b64;
123  BUF_MEM *bptr;
124 
125  if (!out) return;
126 
127  out[0] = '\0';
128 
129  b64 = BIO_new(BIO_f_base64());
130  BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
131  bmem = BIO_new(BIO_s_mem());
132  BIO_push(b64, bmem);
133  BIO_write(b64, input, length);
134 
135  if (BIO_flush(b64) <= 0) {
136  BIO_free_all(b64);
137  return;
138  }
139 
140  BIO_get_mem_ptr(b64, &bptr);
141 
142 
143  memcpy(out, bptr->data, bptr->length);
144  out[bptr->length] = '\0';
145 
146  BIO_free_all(b64);
147 
148  return;
149 }
150 
151 
152 static int
153 char_to_int(int c)
154 {
155  if (isdigit(c)) {
156  return c - '0';
157  } else {
158  c = tolower(c);
159  if (c >= 'a' && c <= 'f') {
160  return c - 'a' + 10;
161  }
162  return -1;
163  }
164 }
165 
166 
167 // Decode a hex digest array to raw bytes.
168 //
169 bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out) {
170  for (int idx=0; idx < length; idx += 2) {
171  int upper = char_to_int(input[idx]);
172  int lower = char_to_int(input[idx+1]);
173  if ((upper < 0) || (lower < 0)) {
174  return false;
175  }
176  out[idx/2] = (upper << 4) + lower;
177  }
178  return true;
179 }
180 
181 
182 // Simple itoa function
183 std::string itos(long i) {
184  char buf[128];
185  sprintf(buf, "%ld", i);
186 
187  return buf;
188 }
189 
190 
191 
192 // Home made implementation of strchrnul
193 char *mystrchrnul(const char *s, int c) {
194  char *ptr = strchr((char *)s, c);
195 
196  if (!ptr)
197  return strchr((char *)s, '\0');
198 
199  return ptr;
200 }
201 
202 
203 
204 // Calculates the opaque arguments hash, needed for a secure redirection
205 //
206 // - hash is a string that will be filled with the hash
207 //
208 // - fn: the original filename that was requested
209 // - dhost: target redirection hostname
210 // - client: address:port of the client
211 // - tim: creation time of the url
212 // - tim_grace: validity time before and after creation time
213 //
214 // Input for the key (simple shared secret)
215 // - key
216 // - key length
217 //
218 
219 void calcHashes(
220  char *hash,
221 
222  const char *fn,
223 
224  kXR_int16 request,
225 
226  XrdSecEntity *secent,
227 
228  time_t tim,
229 
230  const char *key) {
231 
232 
233 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
234  EVP_MAC *mac;
235  EVP_MAC_CTX *ctx;
236  size_t len;
237 #else
238  HMAC_CTX *ctx;
239  unsigned int len;
240 #endif
241  unsigned char mdbuf[EVP_MAX_MD_SIZE];
242  char buf[64];
243  struct tm tms;
244 
245 
246  if (!hash) {
247  return;
248  }
249  hash[0] = '\0';
250 
251  if (!key) {
252  return;
253  }
254 
255  if (!fn || !secent) {
256  return;
257  }
258 
259 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
260 
261  mac = EVP_MAC_fetch(0, "sha256", 0);
262  ctx = EVP_MAC_CTX_new(mac);
263 
264  if (!ctx) {
265  return;
266  }
267 
268 
269  EVP_MAC_init(ctx, (const unsigned char *) key, strlen(key), 0);
270 
271 
272  if (fn)
273  EVP_MAC_update(ctx, (const unsigned char *) fn,
274  strlen(fn) + 1);
275 
276  EVP_MAC_update(ctx, (const unsigned char *) &request,
277  sizeof (request));
278 
279  if (secent->name)
280  EVP_MAC_update(ctx, (const unsigned char *) secent->name,
281  strlen(secent->name) + 1);
282 
283  if (secent->vorg)
284  EVP_MAC_update(ctx, (const unsigned char *) secent->vorg,
285  strlen(secent->vorg) + 1);
286 
287  if (secent->host)
288  EVP_MAC_update(ctx, (const unsigned char *) secent->host,
289  strlen(secent->host) + 1);
290 
291  if (secent->moninfo)
292  EVP_MAC_update(ctx, (const unsigned char *) secent->moninfo,
293  strlen(secent->moninfo) + 1);
294 
295  localtime_r(&tim, &tms);
296  strftime(buf, sizeof (buf), "%s", &tms);
297  EVP_MAC_update(ctx, (const unsigned char *) buf,
298  strlen(buf) + 1);
299 
300  EVP_MAC_final(ctx, mdbuf, &len, EVP_MAX_MD_SIZE);
301 
302  EVP_MAC_CTX_free(ctx);
303  EVP_MAC_free(mac);
304 
305 #else
306 
307  ctx = HMAC_CTX_new();
308 
309  if (!ctx) {
310  return;
311  }
312 
313 
314 
315  HMAC_Init_ex(ctx, (const void *) key, strlen(key), EVP_sha256(), 0);
316 
317 
318  if (fn)
319  HMAC_Update(ctx, (const unsigned char *) fn,
320  strlen(fn) + 1);
321 
322  HMAC_Update(ctx, (const unsigned char *) &request,
323  sizeof (request));
324 
325  if (secent->name)
326  HMAC_Update(ctx, (const unsigned char *) secent->name,
327  strlen(secent->name) + 1);
328 
329  if (secent->vorg)
330  HMAC_Update(ctx, (const unsigned char *) secent->vorg,
331  strlen(secent->vorg) + 1);
332 
333  if (secent->host)
334  HMAC_Update(ctx, (const unsigned char *) secent->host,
335  strlen(secent->host) + 1);
336 
337  if (secent->moninfo)
338  HMAC_Update(ctx, (const unsigned char *) secent->moninfo,
339  strlen(secent->moninfo) + 1);
340 
341  localtime_r(&tim, &tms);
342  strftime(buf, sizeof (buf), "%s", &tms);
343  HMAC_Update(ctx, (const unsigned char *) buf,
344  strlen(buf) + 1);
345 
346  HMAC_Final(ctx, mdbuf, &len);
347 
348  HMAC_CTX_free(ctx);
349 
350 #endif
351 
352  Tobase64(mdbuf, len / 2, hash);
353 }
354 
355 int compareHash(
356  const char *h1,
357  const char *h2) {
358 
359  if (h1 == h2) return 0;
360 
361  if (!h1 || !h2)
362  return 1;
363 
364  return strcmp(h1, h2);
365 
366 }
367 
368 // unquote a string and return a new one
369 
370 char *unquote(char *str) {
371  int l = strlen(str);
372  char *r = (char *) malloc(l + 1);
373  r[0] = '\0';
374  int i, j = 0;
375 
376  for (i = 0; i < l; i++) {
377 
378  if (str[i] == '%') {
379  char savec = str[i + 3];
380  str[i + 3] = '\0';
381 
382  r[j] = strtol(str + i + 1, 0, 16);
383  str[i + 3] = savec;
384 
385  i += 2;
386  } else r[j] = str[i];
387 
388  j++;
389  }
390 
391  r[j] = '\0';
392 
393  return r;
394 
395 }
396 
397 // Quote a string and return a new one
398 
399 char *quote(const char *str) {
400  int l = strlen(str);
401  char *r = (char *) malloc(l*3 + 1);
402  r[0] = '\0';
403  int i, j = 0;
404 
405  for (i = 0; i < l; i++) {
406  char c = str[i];
407 
408  switch (c) {
409  case ' ':
410  strcpy(r + j, "%20");
411  j += 3;
412  break;
413  case '[':
414  strcpy(r + j, "%5B");
415  j += 3;
416  break;
417  case ']':
418  strcpy(r + j, "%5D");
419  j += 3;
420  break;
421  case ':':
422  strcpy(r + j, "%3A");
423  j += 3;
424  break;
425  // case '/':
426  // strcpy(r + j, "%2F");
427  // j += 3;
428  // break;
429  case '#':
430  strcpy(r + j, "%23");
431  j += 3;
432  break;
433  case '\n':
434  strcpy(r + j, "%0A");
435  j += 3;
436  break;
437  case '\r':
438  strcpy(r + j, "%0D");
439  j += 3;
440  break;
441  case '=':
442  strcpy(r + j, "%3D");
443  j += 3;
444  break;
445  default:
446  r[j++] = c;
447  }
448  }
449 
450  r[j] = '\0';
451 
452  return r;
453 }
454 
455 
456 // Escape a string and return a new one
457 
458 char *escapeXML(const char *str) {
459  int l = strlen(str);
460  char *r = (char *) malloc(l*6 + 1);
461  r[0] = '\0';
462  int i, j = 0;
463 
464  for (i = 0; i < l; i++) {
465  char c = str[i];
466 
467  switch (c) {
468  case '"':
469  strcpy(r + j, "&quot;");
470  j += 6;
471  break;
472  case '&':
473  strcpy(r + j, "&amp;");
474  j += 5;
475  break;
476  case '<':
477  strcpy(r + j, "&lt;");
478  j += 4;
479  break;
480  case '>':
481  strcpy(r + j, "&gt;");
482  j += 4;
483  break;
484  case '\'':
485  strcpy(r + j, "&apos;");
486  j += 6;
487  break;
488 
489  default:
490  r[j++] = c;
491  }
492  }
493 
494  r[j] = '\0';
495 
496  return r;
497 }
498 
499 int mapXrdErrToHttp(XErrorCode xrdError) {
500 
501  int errNo = XProtocol::toErrno(xrdError);
502  return mapErrNoToHttp(errNo);
503 
504 }
505 
506 int mapErrNoToHttp(int errNo) {
507 
508  switch (errNo) {
509 
510  case EACCES:
511  case EROFS:
512  case EPERM:
513  return HTTP_FORBIDDEN;
514 
515  case EAUTH:
516  return HTTP_UNAUTHORIZED;
517 
518  case ENOENT:
519  return HTTP_NOT_FOUND;
520 
521  case EEXIST:
522  case EISDIR:
523  case ENOTDIR:
524  case ENOTEMPTY:
525  return HTTP_CONFLICT;
526 
527  case EXDEV:
528  return HTTP_UNPROCESSABLE_ENTITY;
529 
530  case ENAMETOOLONG:
531  return HTTP_URI_TOO_LONG;
532 
533  case ELOOP:
534  return HTTP_LOOP_DETECTED;
535 
536  case ENOSPC:
537  case EDQUOT:
538  return HTTP_INSUFFICIENT_STORAGE;
539 
540  case EFBIG:
541  return HTTP_PAYLOAD_TOO_LARGE;
542 
543  case EINVAL:
544  case EBADF:
545  case EFAULT:
546  case ENXIO:
547  case ESPIPE:
548  case EOVERFLOW:
549  return HTTP_BAD_REQUEST;
550 
551  case ENOTSUP: // EOPNOTSUPP
552  return HTTP_NOT_IMPLEMENTED;
553 
554  case EBUSY:
555  case EAGAIN:
556  case EINTR:
557  case ENOMEM:
558  case EMFILE:
559  case ENFILE:
560  case ETXTBSY:
561  return HTTP_SERVICE_UNAVAILABLE;
562 
563  case ETIMEDOUT:
564  return HTTP_GATEWAY_TIMEOUT;
565 
566  case ECONNREFUSED:
567  case ECONNRESET:
568  case ENETDOWN:
569  case ENETUNREACH:
570  case EHOSTUNREACH:
571  case EPIPE:
572  return HTTP_BAD_GATEWAY;
573 
574  default:
575  return HTTP_INTERNAL_SERVER_ERROR;
576  }
577 }
578 
579 std::string httpStatusToString(int status) {
580  switch (status) {
581  // 1xx Informational
582  case 100: return "Continue";
583  case 101: return "Switching Protocols";
584  case 102: return "Processing";
585  case 103: return "Early Hints";
586 
587  // 2xx Success
588  case 200: return "OK";
589  case 201: return "Created";
590  case 202: return "Accepted";
591  case 203: return "Non-Authoritative Information";
592  case 204: return "No Content";
593  case 205: return "Reset Content";
594  case 206: return "Partial Content";
595  case 207: return "Multi-Status";
596  case 208: return "Already Reported";
597  case 226: return "IM Used";
598 
599  // 3xx Redirection
600  case 300: return "Multiple Choices";
601  case 301: return "Moved Permanently";
602  case 302: return "Found";
603  case 303: return "See Other";
604  case 304: return "Not Modified";
605  case 305: return "Use Proxy";
606  case 307: return "Temporary Redirect";
607  case 308: return "Permanent Redirect";
608 
609  // 4xx Client Errors
610  case 400: return "Bad Request";
611  case 401: return "Unauthorized";
612  case 402: return "Payment Required";
613  case 403: return "Forbidden";
614  case 404: return "Not Found";
615  case 405: return "Method Not Allowed";
616  case 406: return "Not Acceptable";
617  case 407: return "Proxy Authentication Required";
618  case 408: return "Request Timeout";
619  case 409: return "Conflict";
620  case 410: return "Gone";
621  case 411: return "Length Required";
622  case 412: return "Precondition Failed";
623  case 413: return "Payload Too Large";
624  case 414: return "URI Too Long";
625  case 415: return "Unsupported Media Type";
626  case 416: return "Range Not Satisfiable";
627  case 417: return "Expectation Failed";
628  case 418: return "I'm a teapot";
629  case 421: return "Misdirected Request";
630  case 422: return "Unprocessable Entity";
631  case 423: return "Locked";
632  case 424: return "Failed Dependency";
633  case 425: return "Too Early";
634  case 426: return "Upgrade Required";
635  case 428: return "Precondition Required";
636  case 429: return "Too Many Requests";
637  case 431: return "Request Header Fields Too Large";
638  case 451: return "Unavailable For Legal Reasons";
639 
640  // 5xx Server Errors
641  case 500: return "Internal Server Error";
642  case 501: return "Not Implemented";
643  case 502: return "Bad Gateway";
644  case 503: return "Service Unavailable";
645  case 504: return "Gateway Timeout";
646  case 505: return "HTTP Version Not Supported";
647  case 506: return "Variant Also Negotiates";
648  case 507: return "Insufficient Storage";
649  case 508: return "Loop Detected";
650  case 510: return "Not Extended";
651  case 511: return "Network Authentication Required";
652 
653  default:
654  switch (status) {
655  case 100 ... 199: return "Informational";
656  case 200 ... 299: return "Success";
657  case 300 ... 399: return "Redirection";
658  case 400 ... 499: return "Client Error";
659  case 500 ... 599: return "Server Error";
660  default: return "Unknown";
661  }
662  }
663 }
XErrorCode
XErrorCode
Definition: XProtocol.hh:989
EAUTH
#define EAUTH
Definition: XProtocol.hh:1351
kXR_int16
short kXR_int16
Definition: XPtypes.hh:66
BIO_set_flags
void BIO_set_flags(BIO *bio, int flags)
Definition: XrdHttpProtocol.cc:179
parseURL
int parseURL(char *url, char *host, int &port, char **path)
Definition: XrdHttpUtils.cc:77
itos
std::string itos(long i)
Definition: XrdHttpUtils.cc:183
Tobase64
void Tobase64(const unsigned char *input, int length, char *out)
Definition: XrdHttpUtils.cc:121
compareHash
int compareHash(const char *h1, const char *h2)
Definition: XrdHttpUtils.cc:355
unquote
char * unquote(char *str)
Definition: XrdHttpUtils.cc:370
Fromhexdigest
bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out)
Definition: XrdHttpUtils.cc:169
mapXrdErrToHttp
int mapXrdErrToHttp(XErrorCode xrdError)
Definition: XrdHttpUtils.cc:499
char_to_int
static int char_to_int(int c)
Definition: XrdHttpUtils.cc:153
mapErrNoToHttp
int mapErrNoToHttp(int errNo)
Definition: XrdHttpUtils.cc:506
HMAC_CTX_free
static void HMAC_CTX_free(HMAC_CTX *ctx)
Definition: XrdHttpUtils.cc:65
HMAC_CTX_new
static HMAC_CTX * HMAC_CTX_new()
Definition: XrdHttpUtils.cc:59
calcHashes
void calcHashes(char *hash, const char *fn, kXR_int16 request, XrdSecEntity *secent, time_t tim, const char *key)
Definition: XrdHttpUtils.cc:219
escapeXML
char * escapeXML(const char *str)
Definition: XrdHttpUtils.cc:458
mystrchrnul
char * mystrchrnul(const char *s, int c)
Definition: XrdHttpUtils.cc:193
httpStatusToString
std::string httpStatusToString(int status)
Definition: XrdHttpUtils.cc:579
quote
char * quote(const char *str)
Definition: XrdHttpUtils.cc:399
XrdHttpUtils.hh
Utility functions for XrdHTTP.
HTTP_INSUFFICIENT_STORAGE
@ HTTP_INSUFFICIENT_STORAGE
Definition: XrdHttpUtils.hh:119
HTTP_BAD_REQUEST
@ HTTP_BAD_REQUEST
Definition: XrdHttpUtils.hh:81
HTTP_LOOP_DETECTED
@ HTTP_LOOP_DETECTED
Definition: XrdHttpUtils.hh:120
HTTP_SERVICE_UNAVAILABLE
@ HTTP_SERVICE_UNAVAILABLE
Definition: XrdHttpUtils.hh:115
HTTP_URI_TOO_LONG
@ HTTP_URI_TOO_LONG
Definition: XrdHttpUtils.hh:95
HTTP_UNAUTHORIZED
@ HTTP_UNAUTHORIZED
Definition: XrdHttpUtils.hh:82
HTTP_NOT_FOUND
@ HTTP_NOT_FOUND
Definition: XrdHttpUtils.hh:85
HTTP_FORBIDDEN
@ HTTP_FORBIDDEN
Definition: XrdHttpUtils.hh:84
HTTP_BAD_GATEWAY
@ HTTP_BAD_GATEWAY
Definition: XrdHttpUtils.hh:114
HTTP_GATEWAY_TIMEOUT
@ HTTP_GATEWAY_TIMEOUT
Definition: XrdHttpUtils.hh:116
HTTP_INTERNAL_SERVER_ERROR
@ HTTP_INTERNAL_SERVER_ERROR
Definition: XrdHttpUtils.hh:112
HTTP_PAYLOAD_TOO_LARGE
@ HTTP_PAYLOAD_TOO_LARGE
Definition: XrdHttpUtils.hh:94
HTTP_NOT_IMPLEMENTED
@ HTTP_NOT_IMPLEMENTED
Definition: XrdHttpUtils.hh:113
HTTP_UNPROCESSABLE_ENTITY
@ HTTP_UNPROCESSABLE_ENTITY
Definition: XrdHttpUtils.hh:101
HTTP_CONFLICT
@ HTTP_CONFLICT
Definition: XrdHttpUtils.hh:90
XProtocol::toErrno
static int toErrno(int xerr)
Definition: XProtocol.hh:1411
XrdSecEntity::vorg
char * vorg
Entity's virtual organization(s)
Definition: XrdSecEntity.hh:71
XrdSecEntity::name
char * name
Entity's name.
Definition: XrdSecEntity.hh:69
XrdSecEntity::moninfo
char * moninfo
Information for monitoring.
Definition: XrdSecEntity.hh:76
XrdSecEntity::host
char * host
Entity's host name dnr dependent.
Definition: XrdSecEntity.hh:70