XRootD
Loading...
Searching...
No Matches
XrdHttpUtils.cc
Go to the documentation of this file.
1//------------------------------------------------------------------------------
2// This file is part of XrdHTTP: A pragmatic implementation of the
3// HTTP/WebDAV protocol for the Xrootd framework
4//
5// Copyright (c) 2013 by European Organization for Nuclear Research (CERN)
6// Author: Fabrizio Furano <furano@cern.ch>
7// File Date: Apr 2013
8//------------------------------------------------------------------------------
9// XRootD is free software: you can redistribute it and/or modify
10// it under the terms of the GNU Lesser General Public License as published by
11// the Free Software Foundation, either version 3 of the License, or
12// (at your option) any later version.
13//
14// XRootD is distributed in the hope that it will be useful,
15// but WITHOUT ANY WARRANTY; without even the implied warranty of
16// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17// GNU General Public License for more details.
18//
19// You should have received a copy of the GNU Lesser General Public License
20// along with XRootD. If not, see <http://www.gnu.org/licenses/>.
21//------------------------------------------------------------------------------
22
23
24
25
26
27
28
29
41#include <cstring>
42#include <openssl/hmac.h>
43#include <openssl/bio.h>
44#include <openssl/buffer.h>
45#include <openssl/err.h>
46#include <openssl/ssl.h>
47
48#include <pthread.h>
49#include <memory>
50#include <vector>
51#include <algorithm>
52
53#include "XProtocol/XPtypes.hh"
55# include "sys/param.h"
57
58#if OPENSSL_VERSION_NUMBER < 0x10100000L
59static HMAC_CTX* HMAC_CTX_new() {
60 HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));
61 if (ctx) HMAC_CTX_init(ctx);
62 return ctx;
63}
64
65static void HMAC_CTX_free(HMAC_CTX *ctx) {
66 if (ctx) {
67 HMAC_CTX_cleanup(ctx);
68 OPENSSL_free(ctx);
69 }
70}
71#endif
72
73
74// GetHost from URL
75// Parse an URL and extract the host name and port
76// Return 0 if OK
77int parseURL(char *url, char *host, int &port, char **path) {
78 // http://x.y.z.w:p/path
79
80 *path = 0;
81
82 // look for the second slash
83 char *p = strstr(url, "//");
84 if (!p) return -1;
85
86
87 p += 2;
88
89 // look for the end of the host:port
90 char *p2 = strchr(p, '/');
91 if (!p2) return -1;
92
93 *path = p2;
94
95 char buf[256];
96 int l = std::min((int)(p2 - p), (int)sizeof (buf));
97 strncpy(buf, p, l);
98 buf[l] = '\0';
99
100 // Now look for :
101 p = strchr(buf, ':');
102 if (p) {
103 int l = std::min((int)(p - buf), (int)sizeof (buf));
104 strncpy(host, buf, l);
105 host[l] = '\0';
106
107 port = atoi(p + 1);
108 } else {
109 port = 0;
110
111
112 strcpy(host, buf);
113 }
114
115 return 0;
116}
117
118
119// Encode an array of bytes to base64
120
121void Tobase64(const unsigned char *input, int length, char *out) {
122 BIO *bmem, *b64;
123 BUF_MEM *bptr;
124
125 if (!out) return;
126
127 out[0] = '\0';
128
129 b64 = BIO_new(BIO_f_base64());
130 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
131 bmem = BIO_new(BIO_s_mem());
132 BIO_push(b64, bmem);
133 BIO_write(b64, input, length);
134
135 if (BIO_flush(b64) <= 0) {
136 BIO_free_all(b64);
137 return;
138 }
139
140 BIO_get_mem_ptr(b64, &bptr);
141
142
143 memcpy(out, bptr->data, bptr->length);
144 out[bptr->length] = '\0';
145
146 BIO_free_all(b64);
147
148 return;
149}
150
151
152static int
154{
155 if (isdigit(c)) {
156 return c - '0';
157 } else {
158 c = tolower(c);
159 if (c >= 'a' && c <= 'f') {
160 return c - 'a' + 10;
161 }
162 return -1;
163 }
164}
165
166
167// Decode a hex digest array to raw bytes.
168//
169bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out) {
170 for (int idx=0; idx < length; idx += 2) {
171 int upper = char_to_int(input[idx]);
172 int lower = char_to_int(input[idx+1]);
173 if ((upper < 0) || (lower < 0)) {
174 return false;
175 }
176 out[idx/2] = (upper << 4) + lower;
177 }
178 return true;
179}
180
181
182// Simple itoa function
183std::string itos(long i) {
184 char buf[128];
185 sprintf(buf, "%ld", i);
186
187 return buf;
188}
189
190
191
192// Home made implementation of strchrnul
193char *mystrchrnul(const char *s, int c) {
194 char *ptr = strchr((char *)s, c);
195
196 if (!ptr)
197 return strchr((char *)s, '\0');
198
199 return ptr;
200}
201
202
203
204// Calculates the opaque arguments hash, needed for a secure redirection
205//
206// - hash is a string that will be filled with the hash
207//
208// - fn: the original filename that was requested
209// - dhost: target redirection hostname
210// - client: address:port of the client
211// - tim: creation time of the url
212// - tim_grace: validity time before and after creation time
213//
214// Input for the key (simple shared secret)
215// - key
216// - key length
217//
218
220 char *hash,
221
222 const char *fn,
223
224 kXR_int16 request,
225
226 XrdSecEntity *secent,
227
228 time_t tim,
229
230 const char *key) {
231
232
233#if OPENSSL_VERSION_NUMBER >= 0x30000000L
234 EVP_MAC *mac;
235 EVP_MAC_CTX *ctx;
236 size_t len;
237#else
238 HMAC_CTX *ctx;
239 unsigned int len;
240#endif
241 unsigned char mdbuf[EVP_MAX_MD_SIZE];
242 char buf[64];
243 struct tm tms;
244
245
246 if (!hash) {
247 return;
248 }
249 hash[0] = '\0';
250
251 if (!key) {
252 return;
253 }
254
255 if (!fn || !secent) {
256 return;
257 }
258
259#if OPENSSL_VERSION_NUMBER >= 0x30000000L
260
261 mac = EVP_MAC_fetch(0, "sha256", 0);
262 ctx = EVP_MAC_CTX_new(mac);
263
264 if (!ctx) {
265 return;
266 }
267
268
269 EVP_MAC_init(ctx, (const unsigned char *) key, strlen(key), 0);
270
271
272 if (fn)
273 EVP_MAC_update(ctx, (const unsigned char *) fn,
274 strlen(fn) + 1);
275
276 EVP_MAC_update(ctx, (const unsigned char *) &request,
277 sizeof (request));
278
279 if (secent->name)
280 EVP_MAC_update(ctx, (const unsigned char *) secent->name,
281 strlen(secent->name) + 1);
282
283 if (secent->vorg)
284 EVP_MAC_update(ctx, (const unsigned char *) secent->vorg,
285 strlen(secent->vorg) + 1);
286
287 if (secent->host)
288 EVP_MAC_update(ctx, (const unsigned char *) secent->host,
289 strlen(secent->host) + 1);
290
291 if (secent->moninfo)
292 EVP_MAC_update(ctx, (const unsigned char *) secent->moninfo,
293 strlen(secent->moninfo) + 1);
294
295 localtime_r(&tim, &tms);
296 strftime(buf, sizeof (buf), "%s", &tms);
297 EVP_MAC_update(ctx, (const unsigned char *) buf,
298 strlen(buf) + 1);
299
300 EVP_MAC_final(ctx, mdbuf, &len, EVP_MAX_MD_SIZE);
301
302 EVP_MAC_CTX_free(ctx);
303 EVP_MAC_free(mac);
304
305#else
306
307 ctx = HMAC_CTX_new();
308
309 if (!ctx) {
310 return;
311 }
312
313
314
315 HMAC_Init_ex(ctx, (const void *) key, strlen(key), EVP_sha256(), 0);
316
317
318 if (fn)
319 HMAC_Update(ctx, (const unsigned char *) fn,
320 strlen(fn) + 1);
321
322 HMAC_Update(ctx, (const unsigned char *) &request,
323 sizeof (request));
324
325 if (secent->name)
326 HMAC_Update(ctx, (const unsigned char *) secent->name,
327 strlen(secent->name) + 1);
328
329 if (secent->vorg)
330 HMAC_Update(ctx, (const unsigned char *) secent->vorg,
331 strlen(secent->vorg) + 1);
332
333 if (secent->host)
334 HMAC_Update(ctx, (const unsigned char *) secent->host,
335 strlen(secent->host) + 1);
336
337 if (secent->moninfo)
338 HMAC_Update(ctx, (const unsigned char *) secent->moninfo,
339 strlen(secent->moninfo) + 1);
340
341 localtime_r(&tim, &tms);
342 strftime(buf, sizeof (buf), "%s", &tms);
343 HMAC_Update(ctx, (const unsigned char *) buf,
344 strlen(buf) + 1);
345
346 HMAC_Final(ctx, mdbuf, &len);
347
348 HMAC_CTX_free(ctx);
349
350#endif
351
352 Tobase64(mdbuf, len / 2, hash);
353}
354
356 const char *h1,
357 const char *h2) {
358
359 if (h1 == h2) return 0;
360
361 if (!h1 || !h2)
362 return 1;
363
364 return strcmp(h1, h2);
365
366}
367
368
369
370
371
372
373// unquote a string and return a new one
374
375char *unquote(char *str) {
376 int l = strlen(str);
377 char *r = (char *) malloc(l + 1);
378 r[0] = '\0';
379 int i, j = 0;
380
381 for (i = 0; i < l; i++) {
382
383 if (str[i] == '%') {
384 char savec = str[i + 3];
385 str[i + 3] = '\0';
386
387 r[j] = strtol(str + i + 1, 0, 16);
388 str[i + 3] = savec;
389
390 i += 2;
391 } else r[j] = str[i];
392
393 j++;
394 }
395
396 r[j] = '\0';
397
398 return r;
399
400}
401
402// Quote a string and return a new one
403
404char *quote(const char *str) {
405 int l = strlen(str);
406 char *r = (char *) malloc(l*3 + 1);
407 r[0] = '\0';
408 int i, j = 0;
409
410 for (i = 0; i < l; i++) {
411 char c = str[i];
412
413 switch (c) {
414 case ' ':
415 strcpy(r + j, "%20");
416 j += 3;
417 break;
418 case '[':
419 strcpy(r + j, "%5B");
420 j += 3;
421 break;
422 case ']':
423 strcpy(r + j, "%5D");
424 j += 3;
425 break;
426 case ':':
427 strcpy(r + j, "%3A");
428 j += 3;
429 break;
430 // case '/':
431 // strcpy(r + j, "%2F");
432 // j += 3;
433 // break;
434 case '#':
435 strcpy(r + j, "%23");
436 j += 3;
437 break;
438 case '\n':
439 strcpy(r + j, "%0A");
440 j += 3;
441 break;
442 case '\r':
443 strcpy(r + j, "%0D");
444 j += 3;
445 break;
446 default:
447 r[j++] = c;
448 }
449 }
450
451 r[j] = '\0';
452
453 return r;
454}
455
456
457// Escape a string and return a new one
458
459char *escapeXML(const char *str) {
460 int l = strlen(str);
461 char *r = (char *) malloc(l*6 + 1);
462 r[0] = '\0';
463 int i, j = 0;
464
465 for (i = 0; i < l; i++) {
466 char c = str[i];
467
468 switch (c) {
469 case '"':
470 strcpy(r + j, "&quot;");
471 j += 6;
472 break;
473 case '&':
474 strcpy(r + j, "&amp;");
475 j += 5;
476 break;
477 case '<':
478 strcpy(r + j, "&lt;");
479 j += 4;
480 break;
481 case '>':
482 strcpy(r + j, "&gt;");
483 j += 4;
484 break;
485 case '\'':
486 strcpy(r + j, "&apos;");
487 j += 6;
488 break;
489
490 default:
491 r[j++] = c;
492 }
493 }
494
495 r[j] = '\0';
496
497 return r;
498}
499
500
501
short kXR_int16
Definition XPtypes.hh:66
void BIO_set_flags(BIO *bio, int flags)
int parseURL(char *url, char *host, int &port, char **path)
std::string itos(long i)
void Tobase64(const unsigned char *input, int length, char *out)
int compareHash(const char *h1, const char *h2)
static HMAC_CTX * HMAC_CTX_new()
bool Fromhexdigest(const unsigned char *input, int length, unsigned char *out)
char * unquote(char *str)
char * quote(const char *str)
char * escapeXML(const char *str)
static int char_to_int(int c)
char * mystrchrnul(const char *s, int c)
static void HMAC_CTX_free(HMAC_CTX *ctx)
void calcHashes(char *hash, const char *fn, kXR_int16 request, XrdSecEntity *secent, time_t tim, const char *key)
char * vorg
Entity's virtual organization(s)
char * name
Entity's name.
char * moninfo
Information for monitoring.
char * host
Entity's host name dnr dependent.