pax_global_header00006660000000000000000000000064141672730400014516gustar00rootroot0000000000000052 comment=23fbaab04d42543d9cb2528b68fac4e1bc5b46f0 neon-0.32.2/000077500000000000000000000000001416727304000125415ustar00rootroot00000000000000neon-0.32.2/.github/000077500000000000000000000000001416727304000141015ustar00rootroot00000000000000neon-0.32.2/.github/ISSUE_TEMPLATE/000077500000000000000000000000001416727304000162645ustar00rootroot00000000000000neon-0.32.2/.github/ISSUE_TEMPLATE/bug_report.md000066400000000000000000000010461416727304000207570ustar00rootroot00000000000000--- name: Bug report about: Create a report to help us improve title: '' labels: '' assignees: '' --- **Describe the bug** A clear and concise description of what the bug is, what happened and what you expected to happen. **Environment** - neon version: [e.g. 0.31.1] - OS: [e.g. Ubuntu] - SSL library version: [e.g. OpenSSL 1.1.1] **To Reproduce** Please provide a minimal code snippet using the neon API to trigger the issue. **Debugging output** Please include neon debugging output generated by e.g. `ne_debug_init(stderr, NE_DBG_HTTP);` neon-0.32.2/.github/workflows/000077500000000000000000000000001416727304000161365ustar00rootroot00000000000000neon-0.32.2/.github/workflows/ci.yml000066400000000000000000000016201416727304000172530ustar00rootroot00000000000000name: Build and test on: [push] jobs: build: runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [ubuntu-18.04, ubuntu-20.04] conf-shared: [--enable-static, --enable-shared ] conf-xml: [--with-expat, --with-libxml2 ] conf-ssl: [--without-ssl, --with-ssl=openssl, --with-ssl=gnutls] conf-memleak: [--disable-memleak, --enable-memleak] conf-debug: [--enable-debug, --disable-debug] steps: - uses: actions/checkout@v2 - run: ./autogen.sh - run: case ${{matrix.conf-ssl}} in *gnutls) sudo apt-get update && sudo apt-get -y install libgnutls28-dev gnutls-bin xmlto ;; esac - run: ./configure ${{matrix.conf-shared}} ${{matrix.conf-xml}} ${{matrix.conf-ssl}} ${{matrix.conf-memleak}} ${{matrix.conf-debug}} - run: make - run: make check neon-0.32.2/.gitignore000066400000000000000000000006501416727304000145320ustar00rootroot00000000000000/config.h.in /config.h /configure /config.status /config.log /conftest.c /Makefile /aclocal.m4 /*.cache /libtool /neon-config /reconf* /confdefs.h /ltmain.sh /ltconfig /config.sub /config.guess /*.out /*.log /.version /config.hw /neon.pc /clog /ChangeLog /install-sh /po/*.gmo /doc/*.? /doc/*.html /doc/*.pdf /doc/*.ps /doc/*.tex /doc/*.sgml /doc/*.junk /doc/html /doc/man /doc/man3 /doc/man1 /doc/version.xml /doc/date.xml neon-0.32.2/.package000066400000000000000000000000501416727304000141300ustar00rootroot00000000000000announce-list=neon@lists.manyfish.co.uk neon-0.32.2/.release.sh000077500000000000000000000014721416727304000146020ustar00rootroot00000000000000#!/bin/sh set -ex major=`echo $1 | awk -F. '{print $1;}'` minor=`echo $1 | awk -F. '{print $2;}'` release=`echo $1 | awk -F. '{print $3;}'` version=$1 for f in config.hw; do in=$f.in out=$f sed -e "s/@VERSION@/$version/g" \ -e "s/@MAJOR@/$major/g" \ -e "s/@MINOR@/$minor/g" \ -e "s/@RELEASE@/$release/g" \ -e "s,@top_srcdir@,`pwd`,g" < $in > $out done echo $1 > .version # for the documentation: date +"%e %B %Y" | tr -d '\n' > doc/date.xml echo -n $1 > doc/version.xml ALL_LINGUAS=`echo po/*.po | sed 's,po/,,g;s,\.po,,g'` # Try to create a valid Makefile tmp=`mktemp /tmp/neon-XXXXXX` sed -e 's,@SET_MAKE@,,;s,@SHELL@,/bin/sh,' \ -e "s,@top_srcdir@,`pwd`," \ -e "s,@srcdir@,`pwd`," \ -e "s,@ALL_LINGUAS@,${ALL_LINGUAS}," \ < Makefile.in > $tmp make -f $tmp docs compile-gmo rm -f $tmp neon-0.32.2/.travis.yml000066400000000000000000000025251416727304000146560ustar00rootroot00000000000000language: c os: linux dist: xenial addons: apt: packages: - xmlto - libxml2-dev - libnss3-tools - libproxy-dev env: global: - MARGS="-j2 check" matrix: include: - name: Disable-all env: CONF="--without-libproxy --without-gssapi --without-zlib --disable-nls --disable-debug --disable-webdav" - name: Static UBSan w/OpenSSL env: CONF="--enable-static --with-ssl=openssl" CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined" LIBS=-lubsan NEON_LIBS=-lubsan - name: Static 32-bit w/OpenSSL env: CONF="--enable-static --with-ssl=openssl" CC='gcc -m32' addons: apt: packages: - libc6-dev-i386 - gcc-multilib - libexpat1-dev:i386 - libssl-dev:i386 - lib32z1-dev - name: OpenSSL on arm64 arch: arm64 env: CONF="--with-ssl=openssl" - name: OpenSSL on s390x arch: s390x env: CONF="--with-ssl=openssl" - name: Copyright check env: CONF="--without-libproxy --without-gssapi --without-zlib --disable-nls --disable-debug --disable-webdav" MARGS="update-copyright" allow_failures: # s390x builds currently flaky - name: OpenSSL on s390x arch: s390x env: CONF="--with-ssl=openssl" script: ./autogen.sh && ./configure --enable-warnings $CONF && make $MARGS neon-0.32.2/AUTHORS000066400000000000000000000007241416727304000136140ustar00rootroot00000000000000neon is Copyright (C) 1999-2007 Joe Orton Portions are: Copyright (C) 1999-2000 Tommi Komulainen Copyright (C) 1999-2000 Peter Boos Copyright (C) 1991, 1995, 1996, 1997 Free Software Foundation, Inc. Copyright (C) 2004 Aleix Conchillo Flaque Copyright (C) 2004 Jiang Lei Copyright (C) 2004-2005 Vladimir Berezniker @ http://public.xdi.org/=vmpn neon-0.32.2/BUGS000066400000000000000000000031521416727304000132250ustar00rootroot00000000000000 Known problems/bugs in neon -*- text -*- --------------------------- * several reports of issues with long-lived sessions causing problems with GSSAPI auth using mod_auth_kerb. May be a server problem, but needs further investigation to be sure. * 2818 requires that a on rejection of the SSL server cert, a "bad certificate" message should be sent - this is not being done currently (and can probably only be done with OpenSSL by actually doing cert verification in the verify callback) * ne_lock_discover does not handle multiple (shared) locks on a single resource. * SSL session caching issues; only cache for clean shutdowns, and only cache on shutdown, since the SSL_SESSION may change during an ne_session? * perhaps allow a per-Server-header hack for "Darwin Streaming Server 4.0" which doesn't terminate the response headers: http://bugzilla.gnome.org/show_bug.cgi?id=366331 HTTP/1.1 200 OK Server: Darwin Streaming Server 4.0 Content-Type: audio/mpeg Cache-Control: no-cache Pragma: no-cache Connection: close W8޳����s0�� * for a server with multiple A addresses, a successful connect() will "pin" that address for future attempts to connect. If subsequently a connect() fails, neon should at least iterate through the entire address list and at best should do the DNS lookup again. * should 207 code strclean the error string from the response body? * load_client_cert fails with: load_client_cert: (did not fail to load clicert without pkey) on RHEL4 openssl. * --with-ca-bundle only allows trusting a PEM bundle; support by directory as well neon-0.32.2/INSTALL.win32000066400000000000000000000101421416727304000145310ustar00rootroot00000000000000Building neon on Windows uses a single Nmake neon.mak file. By placing various parameters on nmake's command line, you can specify exactly the features and behavior of the Neon libraries. The parameters are additive, so to add more features, add the command line options specified in the particular section below. All the builds described below should work with Microsoft VC++ 5 and 6. Build neon __________ This is the most basic version of the Neon library you can build. It does not require any third party libraries, but you do not get the full capabilities of Neon. Compile Neon with no parameters nmake /f neon.mak After compiling the library, the directory contains libneon.lib, against which you can link your program. Build neon with WebDAV support ______________________________ To compile Neon with WebDAV support, Neon must compile and link against a third-party XML parser, either expat, expat-lite, libxml or libxml2. This Windows neon.mak file is designed to compile and link against the pre-built Expat Windows libraries version 1.95.X or newer. This library is available for download from http://sourceforge.net/projects/expat/ Download the latest expat_win32bin package named expat_win32bin_X_YY_Z.exe and install it on your system. It wants to install itself into Q:\some\dir\Expat-X.Y.ZZ. Choose your installation location for expat and then compile Neon with nmake /f neon.mak EXPAT_SRC=\path\to\Expat-X.YY.Z NOTE: When you run your program make sure the LIBEXPAT.DLL from expat is accessible, i.e. is in your PATH. This should work with Microsoft VC++ 5 and 6. Build neon with dynamically linked SSL support ______________________________________________ To build neon on Windows with SSL support you need OpenSSL already installed on your system (I used OpenSSL 0.9.7g). It can be downloaded from http://www.openssl.org/source/openssl-0.9.7g.tar.gz After compiling OpenSSL, now simply point make to the OpenSSL sources: nmake /f neon.mak OPENSSL_SRC=\path\to\openssl NOTE: The include files for OpenSSL reside in inc32/ directory ("../openssl-0.9.7g/inc32"). NOTE: Make sure that your program is linked against libeay32.lib and ssleay32.lib (normally in "../openssl-0.9.7g/out32dll") and that libeay32.dll and ssleay32.dll is accessible, i.e. is in your PATH. Build neon with statically linked OpenSSL support _________________________________________________ If you want to statically link against OpenSSL, then add the OPENSSL_STATIC parameter. nmake /f neon.mak OPENSSL_SRC=\path\to\openssl OPENSSL_STATIC=yes Build neon with statically linked Zlib support ______________________________________________ If you want to build Neon with the capability to decompress compressed content, then you need to compile against the Zlib library. Neon's neon.mak file will compile and link the Zlib sources. You need Zlib 1.2.1 or later, as previous versions do not include build scripts for Win32. Here's how to compile in Zlib support. 1) Get one of the Zlib source file packages in Zip format from http://www.gzip.org/zlib/; for example, http://www.gzip.org/zlib/zlib121.zip 2) Unzip it. Now add the ZLIB_SRC parameter to Neon's neon.mak pointing to your newly compiled zlib. nmake /f neon.mak ZLIB_SRC=\path\to\zlib Build neon with dynamically linked Zlib support _______________________________________________ To build Neon with dynamically linked Zlib support, use the instructions for the statically linked Zlib support above and add the ZLIB_DLL parameter nmake /f neon.mak ZLIB_SRC=\path\to\zlib ZLIB_DLL=yes Build neon with IPv6 support ____________________________ To build neon with support for IPv6, use parameter ENABLE_IPV6. nmake /f neon.mak ENABLE_IPV6=yes This requires a copy of the Platform SDK which contains the IPv6 headers and libraries. Build neon with debugging support _________________________________ Set the DEBUG_BUILD parameter nmake /f neon.mak DEBUG_BUILD=yes It does not matter what value DEBUG_BUILD is set to, as long as it is not set to "". After compiling the library, the directory contains libneonD.lib, against which you can link your program. neon-0.32.2/Makefile.in000066400000000000000000000144761416727304000146220ustar00rootroot00000000000000# Copyright (C) 2001-2009 Joe Orton # Copyright (C) 1994, 1995-8, 1999, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. # libtool bits mostly stolen from libxml and libtool/demo SHELL = @SHELL@ prefix = @prefix@ exec_prefix = @exec_prefix@ bindir = @bindir@ libdir = @libdir@ mandir = @mandir@ man1dir = $(mandir)/man1 man3dir = $(mandir)/man3 datarootdir = @datarootdir@ datadir = @datadir@ docdir = $(datadir)/doc/neon-@NEON_VERSION@ includedir = @includedir@ neonincludes = $(includedir)/neon pkgconfigdir = $(libdir)/pkgconfig localedir = $(datadir)/locale top_srcdir = @top_srcdir@ top_builddir = . srcdir = @srcdir@ VPATH = @srcdir@ @SET_MAKE@ LDFLAGS = -L. @LDFLAGS@ LIBS = @LIBS@ CC = @CC@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL = @INSTALL@ transform = @program_transform_name@ LIBTOOL = @LIBTOOL@ XMLTO = xmlto GCOV = gcov XGETTEXT_OPTS = --keyword=_ --keyword=N_ --msgid-bugs-address=neon@lists.manyfish.co.uk \ --default-domain=neon --flag ne_print_request_header:3:c-format \ --flag ne_snprintf:3:c-format --flag ne_vsnprintf:3:c-format \ --flag ne_set_error:2:c-format POTFILE = $(top_srcdir)/po/neon.pot XGETTEXT = xgettext MSGFMT = msgfmt MSGMERGE = msgmerge LINGUAS = @ALL_LINGUAS@ # The headers to distribute - making up the public interface of neon DIST_HEADERS = ne_request.h ne_session.h ne_utils.h ne_uri.h ne_socket.h \ ne_basic.h ne_207.h ne_props.h ne_xml.h ne_dates.h ne_string.h \ ne_defs.h ne_locks.h ne_alloc.h ne_md5.h ne_i18n.h ne_redirect.h \ ne_auth.h ne_compress.h ne_acl.h ne_ssl.h ne_xmlreq.h ne_pkcs11.h \ ne_acl3744.h all: subdirs check: subdirs @cd test && $(MAKE) check # Useful for doing coverage analysis; use e.g.: # make TESTS=string-tests MODULE=ne_string.c cover cover: subdirs @rm -f src/*.*da test/common/*.*da test/*.*da @cd test && $(MAKE) check @cd src && $(GCOV) -cb $(MODULE) # as per 'cover' target; prints list of functions without 100% coverage uncover: subdirs @rm -f src/*.*da test/common/*.*da test/*.*da @cd test && $(MAKE) check @cd src && $(GCOV) -cb $(MODULE) @grep ^function src/$(MODULE).gcov | grep -v 'executed 100' | sort -nr -k 9,9 subdirs: @cd src && $(MAKE) # Regenerating the docs requires xmlto to be installed, this target is # executed when release tarballs are generated. docs: docs-man docs-html docs-man: rm -rf doc/man; mkdir -p doc/man $(XMLTO) -o `pwd`/doc/man -x $(srcdir)/doc/man.xsl man $(srcdir)/doc/manual.xml docs-pdf: $(XMLTO) -o `pwd`/doc pdf $(srcdir)/doc/manual.xml docs-ps: $(XMLTO) -o `pwd`/doc ps $(srcdir)/doc/manual.xml docs-html: test -d doc/html && rm -rf doc/html || true mkdir -p doc/html $(XMLTO) -o `pwd`/doc/html -x $(srcdir)/doc/html.xsl html $(srcdir)/doc/manual.xml # Validate the manual source docs-valid: xmllint --noout --valid $(srcdir)/doc/manual.xml clean: @cd src && $(MAKE) clean @cd test && $(MAKE) clean distclean: clean rm -rf Makefile config.h neon.pc config.status src/Makefile libtool config.log config.cache neon-config autom4te*.cache test/Makefile again: clean Makefile: $(srcdir)/Makefile.in @./config.status Makefile neon-config: $(srcdir)/neon-config.in @./config.status neon-config install-docs: install-man install-html install-html: $(INSTALL) -d $(DESTDIR)$(docdir)/html for d in doc/html/*.html; do \ $(INSTALL_DATA) $$d $(DESTDIR)$(docdir)/html; \ done install-man: $(INSTALL) -d $(DESTDIR)$(man3dir) $(INSTALL) -d $(DESTDIR)$(man1dir) for m in doc/man/*.3; do \ $(INSTALL_DATA) $$m $(DESTDIR)$(man3dir); done for m in doc/man/*.1; do \ $(INSTALL_DATA) $$m $(DESTDIR)$(man1dir); done install: install-@ALLOW_INSTALL@ install-memleak: @echo "ERROR: The neon internal memory leak checking code is for testing" @echo "ERROR: purposes only; this copy of neon must not be installed." @false install-yes: install-lib install-headers install-config install-docs install-nls # libtool does all the necessary magic here install-lib: subdirs $(INSTALL) -d $(DESTDIR)$(libdir) $(LIBTOOL) --mode=install $(INSTALL) src/libneon.la \ $(DESTDIR)$(libdir)/libneon.la install-headers: $(INSTALL) -d $(DESTDIR)$(neonincludes) @for h in $(DIST_HEADERS); do \ echo Installing $$h into $(DESTDIR)$(neonincludes); \ $(INSTALL_DATA) $(srcdir)/src/$$h $(DESTDIR)$(neonincludes)/$$h \ || exit 1; \ done install-config: neon-config neon.pc $(INSTALL) -d $(DESTDIR)$(bindir) @echo Installing neon-config into $(DESTDIR)$(bindir) @$(INSTALL_SCRIPT) neon-config \ $(DESTDIR)$(bindir)/`echo neon-config|sed '$(transform)'` $(INSTALL) -d $(DESTDIR)$(pkgconfigdir) $(INSTALL_DATA) neon.pc $(DESTDIR)$(pkgconfigdir)/neon.pc install-tests: install-lib @cd test && make install install-nls: install-nls-@NE_FLAG_I18N@ install-nls-no: @echo NLS not enabled. install-nls-yes: @for f in $(LINGUAS); do \ $(INSTALL) -d $(DESTDIR)$(localedir)/$$f/LC_MESSAGES; \ $(INSTALL_DATA) $(srcdir)/po/$$f.gmo $(DESTDIR)$(localedir)/$$f/LC_MESSAGES/neon.mo; \ done ChangeLog: svn log > $@ update-po: @xgettext $(XGETTEXT_OPTS) $(top_srcdir)/src/ne*.c -o $(POTFILE) @for f in $(LINGUAS); do \ echo "> Updating \"$$f\" catalog:"; \ $(MSGMERGE) --update $(top_srcdir)/po/$$f.po $(POTFILE); \ $(MSGFMT) --output /dev/null --check-format $(top_srcdir)/po/$$f.po || exit 1; \ done compile-gmo: @for f in $(LINGUAS); do \ echo "> Compiling \"$$f\" catalog:"; \ $(MSGFMT) --statistics -c -o po/$$f.gmo $(top_srcdir)/po/$$f.po; \ done update-copyright: Makefile @mv README.md README.orig @(sed -n '/^Copyright/q;p' < README.orig; \ grep -h Copyright src/*.[ch] po/*.po macros/*.m4 | \ sed -r 's/\(C\) [12].+[0-9],? /(C) /;s/^\#*//;s/^dnl//;s/<.*>//g;s/ @ .*//;s/[ ]*//;s/ *$$//;/Orton/d' | \ sort -u; echo '~~~') > README.md @diff -u README.orig README.md @rm -f README.orig doc-status: @echo -n "Missing docs for:" @for f in `nm src/.libs/libneon.so | grep ' T ' | colrm 1 11`; do \ test -f doc/man/$$f.3 || echo -n " $$f"; \ done; echo neon-0.32.2/NEWS000066400000000000000000002056611416727304000132520ustar00rootroot00000000000000Changes in release 0.32.2: * Fix auth handling for request-target of "*" (regressed since 0.31.x) * Fix bindtextdomain() detection on OS X (Daniel Macks) * Fix regeneration of docs in "make install" (Lonnie Abelbeck) * Fixes for NetBSD build (Thomas Klausner) Changes in release 0.32.1: * Fix configure CFLAGS handling in Kerberos detection. * Various spelling fixes. Changes in release 0.32.0: * Interface changes: - API and ABI backwards-compatible with 0.27.x and later - NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default; to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST (treated as a security enhancement, not an API/ABI break) * Interface clarifications: - ne_auth.h: use of non-ASCII usernames with the ne_auth_creds callback type is now rejected for Digest auth since the encoding is not specified. ne_add_auth() can be used instead. - ne_request.h: the ne_create_request_fn callback is passed the request-target using RFC 7230 terminology * New interfaces and features: - ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam() - ne_auth.h: added RFC 7616 (Digest authentication) support, including userhash=, username*= and SHA-2 algorithms (SHA-2 requires GnuTLS/OpenSSL). added NE_AUTH_LEGACY_DIGEST - ne_auth.h: added ne_add_auth() unified auth callback interface, accepts (only) UTF-8 usernames, uses a larger password buffer, and has different/improved attempt counter semantics. - RFC 7617 scoping rules are now applied for Basic authentication. - ne_ssl.h: added ne_ssl_cert_hdigest() - ne_socket.h: added ne_sock_shutdown() - sendmsg()/send() are used with the MSG_NOSIGNAL flag to write to sockets on Unix, rather than write()/writev(), avoiding SIGPIPE - explicit_bzero() is used where available to clear credentials * Bug fixes: - fixed TLS connection shutdown handling for OpenSSL 3 - fix various Coverity and cppcheck warnings (Sebastian Reschke) - Kerberos library detection uses pkg-config where possible. - fix some configure checks on Win32 (Christopher Degawa) - fix some configure errors on MacOS (Ryan Schmidt) Changes in release 0.31.2: * Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures. * Fix GCC 10 warning in PKCS#11 build. * Fix OpenSSL build w/o deprecated APIs (Rosen Penev). * Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke). * Fix hang on SSL connection close with IIS (issue #11). * Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich). Changes in release 0.31.1: * ADMIN: The neon website has moved to https://notroj.github.io/neon/ * Restore ne_md5_read_ctx() in OpenSSL build. * Fix gcc warnings on Ubuntu (Jan-Marek Glogowski). * Fix various spelling mistakes in docs and headers (thanks to FOSSIES). * Fix ne_asctime_parse() (Eugenij-W). * Fix build with LibreSSL (Juan RP). Changes in release 0.31.0: * Interface changes: - none, API and ABI backwards-compatible with 0.27.x and later * New interfaces and features: - add more gcc "nonnull" attributes to ne_request_* functions. - for OpenSSL builds, ne_md5 code uses the OpenSSL implementation - add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno) - ne_uri.h: add ne_path_escapef() in support of above - ne_207.h: add ne_207_set_flags() likewise in support of above * API clarification: - ne_version_match() behaviour now matches actual 0.27+ ABI history * Bug fixes: - fixes for OpenSSL 1.1.1 and TLSv1.3 support - fix crash with GnuTLS in client cert support (Henrik Holst) - fix possible crash in ne_set_request_flag() - fix build with libxml2 2.9.10 and later - fix handling lock timeouts >LONG_MAX (Giuseppe Castagno) Changes in release 0.30.2: * Add support for OpenSSL 1.1.x (Kurt Roeckx). * Fix PKCS#11 support under GnuTLS 3.x. - PKCS#11 API no longer supported with GnuTLS 2.x Changes in release 0.30.1: * Fix memory leak with GnuTLS (Werner Baumann, Patrick Ohly). * Fix possible crash after DNS lookup errors on Windows (Olivier Goffart). * Don't fail if the SSL cert changes between connections with OpenSSL, behaviour now matches that with GnuTLS. * Fix PKCS#11 support under OpenSSL with TLS 1.2. * Fix static linking with pkg-config file (Alan H). Changes in release 0.30.0: * Interface changes: - none, API and ABI backwards-compatible with 0.27.x and later * New interfaces and features: - ne_ssl.h: added ne_ssl_clicert_import, ne_ssl_context_get_flag - ne_session.h: added ne_set_addrlist2 - ne_socket.h: added ne_addr_canonical - ne_auth.h: added NE_AUTH_GSSAPI_ONLY, NE_AUTH_SSPI (Nathanael Rensen) - ne_basic.h: added NE_CAP_EXT_MKCOL options test - ne_request.h: support chunked bodies with negative length passed to ne_set_request_body_provider (Julien Reichel) * Bug fixes: - ne_path_escape: fix excessive memory allocation (Pierre Crokaert) - SSPI auth: use canonical server hostname, clear SSPI context after successful auth (Nathanael Rensen) - build fixes for Open Watcom compiler (NormW) - fix Win32 error code handling for local ne_sock_prebind bind failure - Win32: support LFS, thread-safe OpenSSL (Diego Santa Cruz) - GnuTLS: fix GnuTLS 3.x support (Matthias Petschick, Bartosz Brachaczek) Changes in release 0.29.6: * Don't abort SSL handshake with GnuTLS if a client cert is requested but none is configured/available (thanks to Patrick Ohly) * Fix the method string passed to create_request hooks to have the same lifetime as the request object (Patrick Ohly) * Docs updates. Changes in release 0.29.5: * Fix GnuTLS handshakes failures with 'TLS warning alert' (Bryan Cain) * Further fix for SSPI support on Win32 (Danil Shopyrin) Changes in release 0.29.4: * Fix SNI support (Tobias Gruetzmacher) * Fix possible Solaris linker errors if building static library * Win32: Fix Kerberos authentication support with SSPI (Danil Shopyrin) * Fix error handling when pulling a request body from an file (thanks to Lou Montulli) * Fix ne_request_dispatch() return value for SOCKS proxy failure cases * Tighten SSL cert ID checks to deny a wildcard match against an IP address Changes in release 0.29.3: * Change ne_sock_close() to no longer wait for SSL closure alert: - fixes possible hang with IIS servers when closing SSL connection - this reverts the behaviour with OpenSSL to match 0.28.x, and changes the behaviour with GnuTLS to match that with OpenSSL * Fix memory leak with GnuTLS * API clarification in ne_sock_close(): - SSL closure handling now documented - return value semantics fixed to describe the implementation Changes in release 0.29.2: * Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C) * Fix unnecessary re-authentication with SSPI (Danil Shopyrin) Changes in release 0.29.1: * Fixes for (Unix) NTLM implementation: - fix handling of session timeout (Kai Sommerfeld) - fix possible crash (basic@mozdev.org) * Fix unnecessary re-authentication with SSPI (Danil Shopyrin) * Build fixes for Win32: - fix use of socklen_t with recent SDKs (Stefan Kung) - fix USE_GETADDRINFO on Win2K (Kai Sommerfeld) * Fix build with versions of GnuTLS older than 2.8.0. Changes in release 0.29.0: * Interface changes: - none, API and ABI backwards-compatible with 0.28.x and 0.27.x * New interfaces and features: - added NTLM auth support for Unix builds (Kai Sommerfeld, Daniel Stenberg) - ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes - added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst) - added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(), and ne_session.h:ne_session_socks_proxy() - added support for system-default proxies: ne_session_system_proxy(), implemented using libproxy where available - ne_session.h: added NE_SESSFLAG_EXPECT100 session flag, SSL verification failure bits extended by NE_SSL_BADCHAIN and NE_SSL_REVOKED, better handling of failures within the cert chain (thanks to Ludwig Nussel) - ne_utils.h: added feature code NE_FEATURE_SYSPROXY - ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(), ne_iaddr_raw(), ne_iaddr_parse() - ne_string.h: ne_buffer_qappend(), ne_strnqdup() * Deprecated interfaces: - ne_acl.h is obsoleted by ne_acl3744.h (but is still present) - obsolete feature "NE_FEATURE_SOCKS" now never marked present * Other changes: - fix handling of "stale" flag in RFC2069-style Digest auth challenge - ne_free() implemented as a function on Win32 (thanks to Helge Hess) - symbol versioning used for new symbols, where supported - ensure SSL connections are closed cleanly with OpenSSL - fix build with OpenSSL 1.0 beta - updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis) Changes in release 0.28.6: * SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; could allow a Denial of Service attack by a malicious server. * SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a certificate subject name with OpenSSL; could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Changes in release 0.28.5: * Enable support for X.509v1 CA certificates in GnuTLS. * Fix handling of EINTR in connect() calls. * Fix use of builds with SOCK_CLOEXEC support on older Linux kernels. Changes in release 0.28.4: * Fix ne_forget_auth (Kai Sommerfeld) * GnuTLS support fixes: - fix handling of PKCS#12 client certs with multiple certs or keys - fix crash with OpenPGP certificate - use pkg-config data in configure, in preference to libgnutls-config * Add PKCS#11 support for OpenSSL builds (where pakchois is available) * Fix small memory leak in PKCS#11 code. * Fix build on Haiku (scott mc) Changes in release 0.28.3: * SECURITY (CVE-2008-3746): Fix potential NULL pointer dereference in Digest domain parameter support; could allow a DoS by a malicious server * Fix parsing of *-Authenticate response header with LWS after quoted value * Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash) * Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Kng) * Fix build on Netware (Guenter Knauf) * Document existing ne_uri_parse() API postcondition and ne_uri_resolve() pre/postconditions regarding the ->path field in ne_uri structures * Mark ne_{,buffer_}concat with sentinel attribute for GCC >= 4. * Distinguish the error message for an SSL handshake which fails after a client cert was requested. * Compile with PIC flags by default even for static library builds Changes in release 0.28.2: * Support "Proxy-Connection: Keep-Alive" for compatibility with HTTP/1.0 proxies which require persistent connections for NTLM authentication * Fix an fd leak in ne_ssl_{,cli}cert_read (GnuTLS only) * Enable fast initialization in GnuTLS. Changes in release 0.28.1: * Fix Win32 build * Fix build on SCO OpenServer 5.0.x (thanks to Nico Kadel-Garcia) * Fix handling of Digest domain parameter values without a trailing slash * Fix build against apr-util's bundled libexpat.la in Subversion * Add --without-pakchois to configure (Arfrever Frehtes Taifersar Arahesis) * zh message catalog renamed to zh_CN, translation updated (Dongsheng Song) Changes in release 0.28.0: * Interface changes: - none, API and ABI backwards-compatible with 0.27.x * New interfaces: - ne_pkcs11.h: added basic PKCS#11 support (requires GnuTLS and pakchois) - ne_auth.h: added NE_AUTH_ALL and NE_AUTH_DEFAULT constants - ne_socket.h: added ne_sock_peer(), ne_sock_prebind(), ne_sock_cipher() - ne_session.h: NE_SESSFLAG_TLSSNI flag added; TLS SNI support is enabled by default, where supported; ne_set_localaddr() added - ne_request.h: added close_conn hooks (Robert J. van der Boon) - ne_basic.h: added ne_options2() * Other changes: - add Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis) - add support for the 'domain' parameter in Digest authentication - fix fd leak in ne_sock_connect() error path (Andrew Teirney) - the FD_CLOEXEC flag is set on socket fds - fix timezone handling in ne_dates for more platforms (Alessandro Vesely) - fix ne_simple_propfind() to print XML namespaces in flat property values - fix ne_get_range() for unspecified end-range case (Henrik Holst) - fix ne_strclean() to be locale-independent and avoid possible Win32 crash - fix ne_get_error() to not "clean" localized error strings - fix ne_ssl_clicert_read() to fail for client certs missing cert or key - Win32: fix build with VS 2008 (Stefan Kueng) - Win32: fix neon.mak to not double-quote $(MAKE) (Henrik Holst) - improve strength of Digest cnonces in GnuTLS builds Changes in release 0.27.2: * Fix crash in GSSAPI Negotiate response header verification (regression since 0.26.x) Changes in release 0.27.1: * Fix regression in response progress counter for notifier/progress callbacks * Fix interface description for ne_set_notifier() callback; sr.total is set to -1 not 0 for an indeterminate response length Changes in release 0.27.0: * New interfaces: - ne_session.h: ne_fill_proxy_uri() retrieves configured proxy, ne_hook_post_headers() adds a hook after response headers are read, ne_set_connect_timeout() sets session connection timeout, NE_SESSFLAG_RFC4918, NE_SESSFLAG_CONNAUTH flags added - ne_socket.h: ne_sock_connect_timeout() sets connection timeout, ne_iaddr_reverse() performs reverse DNS lookup - ne_string.h: ne_buffer_snprintf() prints to a buffer object - ne_xml.h: ne_xml_resolve_nspace() resolves namespace prefixes * Interface changes: - ne_set_notifier() replaces ne_set_status(); finer-grained and type-safe connection status information now provided; obsoletes ne_set_progress() - ne_xml_dispatch_request() now only invokes the XML parser for response entities with an XML content-type, following RFC 3023 rules - ne_acl_set() now takes a "const" entries array - LFS compatibility functions *64 removed: all functions taking an off_t now take an ne_off_t which is off64_t for LFS builds * GnuTLS support now mostly feature-complete with OpenSSL support: - greatly improved SSL distinguished name handling with GnuTLS >= 1.7.8 * Other changes: - descriptive error messages for authentication failures - SSPI support uses canonical DNS server name (Yves Martin) - fixes for handling of "stale" parameter in Digest authentication - added support for URIs in SSL server certificate subjectAltName field - fix compiler warnings with expat 2.x - fix handling of "Transfer-Encoding: identity" responses from privoxy Changes in release 0.26.4: * Fix Negotiate Authentication-Info response header verification with GSSAPI * Fix multiple handlers with ne_add_{server,proxy}_auth (Werner Baumann) * Fix SSPI build with some versions of MinGW (Gisle Vanem) * Fix for SSPI segfault in response header verification (Mike DiCuccio) * Fix error strings for CONNECT SSL proxy tunnel request failure * Fix install-nls for VPATH builds (Hans Meine) * Fix use of unencrypted client certs with GnuTLS * Fix ne_lock* If: header insertion to use CRLF-terminated headers * Fix test suite failures on QNX by working around send() length limit * Fix handling of POSIX strerror_r failure case in ne_strerror * Fix alignment issues in test suite MD5 code Changes in release 0.26.3: * Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157) * Fix regression in handling of "attempt" argument passed to auth callbacks; ensure the value only increments for each invocation of the callback * Fix handling of "nextnonce" parameter in Digest authentication Changes in release 0.26.2: * Fix error reported for LOCK responses lacking a Lock-Token header. * Use Libs.private in neon.pc for newer versions of pkg-config. * Build fix for platforms without libintl.h. * Build fixes for MinGW. (Matthias Miller) * Build fix for h_errno detection on HP-UX 10. (Albert Chin) * Win32: enable debugging; build fixes with some SDKs. (Kiyo Kelvin Lee) Changes in release 0.26.1: * Build fixes for Win32 (D.J. Heap) and OS X. * Add Simplified Chinese translation (Dongsheng Song). Changes in release 0.26.0: * Added internationalization support: - ne_i18n.h exposes ne_i18n_init(), a process-global initializer which may be required for some applications - (partial) message catalogs for cs, de, fr, ja, nn, ru and tr - NE_FEATURE_I18N feature code added to indicate support * Added support for GnuTLS (thanks to Aleix Conchillo Flaque): - pass --with-ssl=gnutls to configure; GnuTLS >= 1.0.22 required - use --with-ca-bundle to specify a default SSL CA root bundle - some remaining issues with PKCS#12 certs in current GnuTLS releases, distinguished name handling is sub-standard relative to OpenSSL * Changes and additions to URI support: - ne_uri structure: add query, fragment fields; authinfo renamed to userinfo - ne_uri_parse() now takes a URI-reference as input rather than the previous pseudo-URI syntax; the query and fragment components are now parsed out. Many malformed URIs are now rejected - ne_uri_unparse() changed to respect the new fields - ne_uri_resolve(): new function; resolves relative URI references - ne_uri_copy(): new function, copies a URI structure * Changed results callbacks for ne_lock_discover, PROPFIND interfaces: - take URI as parsed ne_uri * structure rather than char * * Added functions which give control over authentication protocol use: - ne_add_server_auth(), ne_add_proxy_auth() * Added ne_unhook_* functions to remove hooks * Added ne_set_session_flags()/ne_get_session_flags() functions: - flags to disable persistent connection support, enable "ICY" protocol support, and to disable SSLv2 protocol support. - replaces ne_set_persist() * Added ne_set_request_flags()/ne_get_request_flags() functions: - flags to enable 100-continue support, mark requests as non-idempotent - replaces ne_set_request_expect100() * Change ne_md5.h interface to make struct ne_md5_ctx opaque: - added ne_md5_create_ctx(), ne_md5_destroy_ctx(), ne_md5_reset_ctx(), ne_md5_finish_ascii(); removed ne_md5_init_ctx() - fix alignment issues which could cause crashes in Digest code * Fixed ne_get_range(), added ne_get_range64() (thanks to Lennart Poettering) * Removed NE_FREE() macro from ne_alloc.h * Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions to ne_string.h - locale-independent string comparison * Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit() only has effect once called an equal number of times to _init(). * Added "--enable-threadsafe-ssl=posix" configure flag, to enable thread-safe SSL support using POSIX threads in OpenSSL/GnuTLS - NE_FEATURE_TS_SSL feature code added to indicate support * The manual is now licensed under the GPL rather than the GFDL Changes in release 0.25.5: * ne_ssl_clicert_decrypt(): catch and fail to load a client cert with mismatched key/cert pair. * Fix build issue on AIX 5.1. * Fix warnings if built against OpenSSL >= 0.9.8. * Win32: fix issues in SSPI implementation (Stefan Kng). Changes in release 0.25.4: * GSSAPI fixes for non-MIT implementations (Mikhail Teterin). * Fix ne_print_request_header() et al to use 8K buffer size on all platforms (fixes issue with long Destination: URLs on Win32). * Win32 build fix for !USE_GETADDRINFO configuration. * Documentation updates. Changes in release 0.25.3: * ne_lock() and ne_unlock(): fix cases where NE_ERROR would be returned instead of e.g. NE_AUTH on auth failure. * Prevent use of poll() on Darwin. * Fix gethostbyname-based resolver on LP64 platforms (Matthew Sanderson). Changes in release 0.25.2: * Really fix the Win32 build. Changes in release 0.25.1: * ne_get_content_type(): fix cases where the charset field was not set to NULL after successful return (Johannes Schneider) * Compressed response handling fixes: - fix double invocation of reader callback with len=0 - fix cases where the reader callback return value was ignored * Cache the new SSL session if the old one was expired (Robert Eiglmaier) * Win32: fix build issues. Changes in release 0.25.0: * New interfaces: - ne_get_response_header() replaces ne_add_response_header_handler - ne_read_response_to_fd() and ne_discard_response() for use with ne_begin_request/ne_end_request style response handling - ne_xmlreq.h: ne_xml_parse_response() and ne_xml_dispatch_request() - ne_has_support() for feature detection, replaces ne_support_ssl() - ne_set_addrlist() can be used to bypass normal DNS hostname resolver - ne_buffer_czappend(), convenience wrapper for ne_buffer_append. - ne_iaddr_typeof() returns type of a socket object - ne_get_content_type() replaces ne_content_type_handler() - ne_set_request_expect100() replaces ne_set_expect100() * New interfaces on LFS systems for large file support: - ne_set_request_body_fd64() call for using an fd opened using O_LARGEFILE - ne_set_request_body_provider64(), takes an off64_t length argument * Interface changes: - ne_set_request_body_fd takes offset and length arguments and returns void - ne_set_request_body_provider takes length as off_t rather than size_t; provider callbacks now MUST set session error string if returning an error - response body reader callback returns an integer and can abort the response - ne_decompress_destroy() returns void; errors are caught earlier - ne_xml_failed() replaces ne_xml_valid(), with different return value logic - ne_xml_parse() can return an error; ne_xml_parse_v() aborts the response if the parse either fails or is aborted by a handler returning NE_XML_ABORT - ne_path_escape() now escapes all but unreserved characters - ne_ssl_clicert_name() and ne_ssl_cert_identity() clarified to return UTF-8 - ne_ssl_clicert_name() clicert object argument is now const - ne_uri_parse()/ne_uri_free() memory handling clarified - removed the buffer length requirement for ne_read_response_block() * Bug fixes: - properly handle multiple Authentication challenges per request - fixes and improvements to the Negotiate auth implementation - handle proxies which send a 401 auth challenge to a CONNECT request - XML: handle the UTF-8 BOM even if the underlying parser does not - Win32: Fix timezone handling (Jiang Lei) - ne_lock_refresh() works and will update timeout of passed-in lock - persistent connection timeout handling fixes for CygWin et al - impose hard limit of 1024 props per resource in ne_props.h response parsing * New platform-specific features: - Win32: Negotiate/NTLM support using SSPI (Vladimir Berezniker) - Win32: Add IPv6 support using ENABLE_IPV6 neon.mak flag (Kai Sommerfeld) * Removed features: - the cookies interface has been removed - removed functions: ne_service_lookup(), ne_put_if_unmodified() - "qop=auth-int" support removed from Digest auth implementation * Default XML parser search changed to check for expat before libxml2. Changes in release 0.24.7: * Compression interface fixes: - fix issues handling content decoding and request retries from authentication challenges (Justin Erenkrantz) - fix places where reader callback would receive spurious size=0 calls - fix to pass user-supplied userdata to user-supplied acceptance callback * Fix for RFC2617-style digest authentication (Hideaki Takahashi). * Fix to pick up gethostbyname() on QNX 6.2. Changes in release 0.24.6: * SECURITY (CVE CAN-2004-0398): Fix sscanf overflow in ne_rfc1036_parse, thanks to Stefan Esser. * Link libneon against libexpat during Subversion build using bundled neon. * Win32 build script update (Jon Foster). Changes in release 0.24.5: * SECURITY (CVE CAN-2004-0179): Fix format string vulnerabilities in XML/207 response handling, reported by greuff@void.at. * Performance fix: avoid seeding the SSL PRNG if not creating an SSL socket. * ne_ssl_readable_dname() is now defined to return UTF-8 strings. * Fix case where gssapi/gssapi_generic.h was included but not present. * Fix ne_utils.c build on platforms where zlib does "#define const". * Fix use of ne_proppatch_operation with some C++ compilers. * Update libtool for fix to --enable-shared on Darwin. * BeOS: check for gethostbyname in -lbind (David Reid). Changes in release 0.24.4: * Ignore unclean SSL closure when response body is delimited by EOF ("Could not read response body: Secure connection truncated" errors with some buggy SSL servers). * Fix test/ssl.c syntax errors with C89 compilers (Radu Greab). Changes in release 0.24.3: * Respect configure's --datadir argument (Max Bowsher). * Fix build on Windows when OpenSSL is not used. * Fix use of SSLv2 (spurious "Server did not present certificate" error). * When using SSL via a proxy, prevent leaking server auth credentials to the proxy, or proxy auth credentials to the server. Changes in release 0.24.2: * Fix name resolver with some old versions of glibc. * Fix problems with configure's "time_t format string" detection. * Fix problems when a broken Kerberos installation is found. * When verifying SSL certificates, check iPaddress names in the subjectAltName extension. Changes in release 0.24.1: * Add support for "GSS-Negotiate" Kerberos authentication scheme (from Risko Gergely and Burjan Gabor). * Disable Nagle to improve performance of small requests (thanks to Jim Whitehead and Teng Xu). * Fix compatibility with OpenSSL 0.9.6 (broken in 0.24.0). * Fix prototype mismatch in ne_207.c. * Define ssize_t from ne_request.h for Win32. * Prevent segfault on zlib initialization failures. * ne_sock_init does not fail if PRNG could not be seeded. * Fix segfault in cookies code (Markus Mueller). * Documentation updates. Changes in release 0.24.0: * Major changes to XML interface: - have the start-element callback either accept, decline, abort, or return a state integer. - remove 'struct ne_xml_elm'; callbacks are passed {nspace, name} strings along with a state integer. - dropped "collect", "strip-leading-whitespace" modes - push responsibility for accumulating cdata onto caller; drop 'cdata' argument from end-element callback. - don't abort if no handler accepts a particular element, just ignore that branch of the tree. - dropped support for libxml 1.x and expat < 1.95.0. - guarantee that start_element callback is not passed attrs=NULL - add ne_xml_doc_encoding() to retrieve encoding of parsed XML document. * Major changes to SSL interface: - rewrite of interfaces for handling server and client certificates; ne_ssl.h: many new functions available. - only PKCS#12-encoded client certs are supported. - changes to most names of SSL-related functions operating on an ne_session, e.g. ne_ssl_load_cert->ne_ssl_trust_cert. - client cert provider callback is passed the set of acceptable CA names sent by the server - the entire chain of certs presented by server is now accessible * Remove unused ne_register_progress() from socket layer. * Changes to resolver interface: ne_addr_first and _next return const; ne_addr_print renamed to ne_iaddr_print; ne_iaddr_make and ne_iaddr_free have been added. * ne_request_create() now duplicates the method string passed in. * ne_redirect_location() will now return NULL in some cases. * Split socket creation to ne_sock_create() from ne_sock_connect: - should report connect() error messages properly on Win32. * Fix several memory leaks in error handling paths. * Add a pkg-config file, neon.pc.in. Changes in release 0.23.9: * Fix inability to connect on AIX 4.3. * neon-config exports includes needed for OpenSSL given by pkg-config. * ne_redirect_location will return NULL if redirect hooks have not been registered for the session (Ralf Mattes ). Changes in release 0.23.8: * SECURITY: Prevent control characters from being included in the reason_phrase field filled in by ne_parse_statusline(), and in the session error string. * Disable getaddrinfo() support on HP-UX; fix resolver for HP-UX 11.11. * Fix digest auth response verification for >9 responses in session (bug manifests as "Server was not authenticated correctly" error). * On Linux, skip slow lookup for IPv6 addresses when IPv6 support is not loaded in kernel (thanks to Daniel Stenberg for this technique). * Update to autoconf 2.57 and libtool 1.4.3. Changes in release 0.23.7: * Fix for handling EINTR during write() call (Sergey N Ushakov). * When available, use pkg-config to determine compiler flags needed to use OpenSSL headers and libraries. Changes in release 0.23.6: * Fixes for error handling in socket layer on Win32 from Johan Lindh and Sergey N Ushakov : - meaningful error messages rather than "No error" - handle persistent connection timeouts properly * Fix to use RFC2617-style digest auth when possible (had reverted to only using RFC2068-style in 0.16.1). * Fix NULL pointer dereference on certain ill-formed PROPFIND responses. * Allow ne_sock_init to re-initialize after ne_sock_finish has been called (Sergey N Ushakov). Changes in release 0.23.5: * Fix rejection of SSL server certificates which had commonName as the least specific attribute in the subject name. * Fix to dereference entities (e.g. "&") in attribute values with libxml. * Fix ne_socket.c build on HP-UX 10.20 (thanks to Branko ibej) * Remove misguided insistence on "secure" versions of zlib/OpenSSL; no checks for zlib version are now performed, only OpenSSL 0.9.6 is required. --with-force-ssl, --with-force-zlib option removed. * Add --with-egd[=PATH] option, conditionally enable EGD support; either using EGD socket at PATH, or fall back on system defaults. $EGDSOCKET and $HOME/.entropy are no longer used. * Add support for `--la-file' argument to neon-config, which prints the full path of the installed libneon.la file. Changes in release 0.23.4: * Ignore an unclean SSL shutdown on persistent connection timeout (fixing spurious "Secure connection truncated" errors). * Fix a segfault on second and subsequent requests using a given session, when the first fails with NE_LOOKUP. * Fix configure for gcc installations which produce warnings by default (such as gcc on hppa2.0n-hp-hpux11.00 using native as) Changes in release 0.23.3: * Further build fixes for Win32 (Blair Zajac). * Another fix for use of SSL against Tomcat 3.2. Changes in release 0.23.2: * Build fix for Win32 (Blair Zajac). Changes in release 0.23.1: * Identify as correct version, not 0.22. Changes in release 0.23.0: * Improved address resolver (ne_addr_*) replacing ne_name_lookup(): - use getaddrinfo() if found; include support for IPv6 (based on work by Noriaki Takamiya ) * For a hostname with multiple addresses, each address is tried in turn until a connection is made. * Support for seeding OpenSSL's PRNG via $EGDSOCKET or $HOME/.entropy, to enable SSL on platforms which lack a /dev/random device. * RFC2818 compliance for certificate identity checks in SSL: - use `dNSname' values in subjectAltName extension if present - hostname comparison fixed to not be case-sensitive * Fix interop with buggy SSL implementation in Tomcat 3.2. * Added NE_DBG_SSL debug channel. * ne_strerror changed to return the passed-in buffer. * Added ne_strnzcpy macro to ne_string.h. * Win32 build fixes, improvements, and documentation updates, from Blair Zajac . * Fix ne_sock_init so SIGPIPE signals are ignored even if SSL library initialization fails (e.g. platforms without /dev/random). * Added reference documentation: - ne_sock_init, ne_addr_*. Changes in release 0.22.0: * Remove the const qualifier from the reason_phrase field in ne_status. - ne_parse_statusline() now strdup's the reason_phrase * Remove the status_line argument from ne_207_end_propstat and _end_response * Change ne_session_create, ne_session_proxy, ne_sock_connect, and the 'port' field of the ne_uri structure to use an unsigned int for port numbers * ne_uri_defaultport returns unsigned and '0' on an unknown port (not -1). * Changes to hooks interface: - pass an ne_request pointer to per-request hooks - replace "accessor" hooks with ne_{get,set}_{request,session}_private * Authentication changes: - the hooks changes fix a segfault if auth is enabled for an SSL session through a proxy server - fix ne_forget_auth segfault if either proxy or server auth are not used * Improvements to persistent connection retry logic and error handling in request code; fixing some cases where some errors where incorrectly treated as a persistent connection timeout - a TCP RST at the appropriate time is now treated as a persistent connection timeout. - handle persistent connection timeouts on SSL connections * Changes to SSL support: - improved error handling - OpenSSL 0.9.6f or later is required for security fixes and functional correctness; 0.9.6 or later required for functional correctness - use --with-force-ssl to override OpenSSL version check - fix for proxy CONNECT tunnelling with some proxies (e.g. Traffic-Server) - fix potential segfault if client cert. provider callback is used - fix to use supplied password callback for PEM-encoded client certificates (Daniel Berlin ) * strerror_r is used if available for thread-safe error handling. * Remove ne_read_file(). * ne_version_match replaces ne_version_minimum (semantics changed slightly). * XML request bodies use a content-type of "application/xml" now; applications can use NE_XML_MEDIA_TYPE from ne_xml.h * Fix decompress code on big-endian or 64-bit platforms. * Fix to build on Darwin 6 (aka Mac OS X 10.2) (Wilfredo Snchez, ) * Win32 changes: - remove conflict between OpenSSL's X509_NAME and recent versions of the Platform SDK (Branko ibej) - fix inverted debug/non-debug build logic (Branko ibej) - add NODAV and OPENSSL_STATIC flags to neon.mak (Gerald Richter) Changes in release 0.21.3: * Fix segfault if using proxy server with SSL session and server certificate verification fails. * Fix leak of proxy hostname once per session (if a proxy is used). * Add --with-libs configure argument; e.g. --with-libs=/usr/local picks up any support libraries in /usr/local/{lib,include} Changes in release 0.21.2: * Fix 'make install' for VPATH builds. * Use $(mandir) for installing man pages (Rodney Dawes). * Follow some simple (yet illegal) relativeURI redirects. * Always build ne_compress.obj in Win32 build (Branko ibej). * Fix decompression logic bug (Justin Erenkrantz ) (could give a decompress failure for particular responses) * Fix ne_proppatch() to submit lock tokens for available locks. * More optimisation of ne_sock_readline. Changes in release 0.21.1: * Don't include default SSL port in Host request header, which can help interoperability with misbehaving servers (thanks to Rodney Dawes ). * Don't give a "truncated response" error from ne_decompress_destroy if the acceptance function returns non-zero. * Fix for Win32 build (Sander Striker ). * Fix for cookie name/value being free()d (thanks to Dan Mullen). * Optimisation of ne_sock_readline. Changes in release 0.21.0: * Socket layer implements read buffering; efficiency and performance improvement. Based on work by Jeff Johnson * Cleanup of socket interface: - renamed everything, s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/ - removed unused and inappropriate interfaces. - renaming done by Olof Oberg - see src/ChangeLog for the gory details. * Fix typoed 'ne_destroy_fn' typedef (Olof Oberg). * Support OpenSSL/ENGINE branch. * Bogus ne_utf8_encode/decode functions removed. * ne_base64() moved to ne_string.[ch]. * ne_token drops 'quotes' parameter; ne_qtoken added. * ne_buffer_create_sized renamed to ne_buffer_ncreate. * ne_xml_get_attr takes extra arguments and can resolve namespaces. * ne_accept_response function type takes const ne_status pointer. * Drop support for automatically following redirects: - ne_redirect_register just takes a session pointer - ne_redirect_location returns an ne_uri pointer * configure changes: --with-ssl and --with-socks no longer take a directory argument. To use SOCKS or SSL libraries/headers in non-system locations, use ./configure CPPFLAGS=-I/... LDFLAGS=-L/... * Reference documentation included for most of ne_alloc.h and ne_string.h, and parts of ne_session.h and ne_request.h. - see installed man pages, HTML documentation. Changes in release 0.20.0: * Major changes to DAV lock handling interface (ne_locks.h): - struct ne_lock uses a full URI structure to identify locked resource - ne_lock() requires that owner/token fields are malloc-allocated (or NULL) on entry - introduce a "lock store" type, ne_lock_store, to replace the lock session; accessor functions all renamed to ne_lockstore_*. - ne_lock_iterate replaced with a first/next "cursor"-style interface - If: headers use an absoluteURI (RFC2518 compliance fix). - fix for handling shared locks on DAV servers which return many active locks in the LOCK response (thanks to Keith Wannamaker) * Moved URI/path manipulation functions under ne_* namespace (ne_uri.h): - path handling functions renamed to ne_path_* - URI structure handling to ne_uri_*; struct uri becomes ne_uri. - ne_uri_parse doesn't take a 'defaults' parameter any more - if URI port is unspecified, ne_uri_parse sets port to 0 not -1. - added ne_uri_unparse and ne_uri_defaultport functions. * New 'ne_fill_server_uri' function to initialize a URI structure with the server details for a given session (useful with locks interface). * ne_decompress_{reader,destroy} are defined as passthrough-functions if zlib support is not enabled. * API change: ne_ssl_provide_fn returns void not int. * Added NE_SSL_FAILMASK for verify failure sanity check. * Removed return codes NE_SERVERAUTH and and NE_AUTHPROXY; correct documentation, NE_PROXYAUTH is given for proxy auth failure. * Require zlib >= 1.1.4 to avoid possible vulnerability in earlier versions. See http://www.gzip.org/zlib/advisory-2002-03-11.txt for more details. (version check can be skipped by passing --with-force-zlib to configure) * New 'ne_ssl_readable_dname' function to create a human-readable string from an X509 distinguished name. * Fix support for newer versions of libxml2 (thanks to Jon Trowbridge ). * Fix corruption of reason_phrase in status object returned by ne_propset_status. * More lenient handling of whitespace in response headers. * ne_content_type_handler will give a charset of "ISO-8859-1" if no charset parameter is specified for a text/* media type (as per RFC2616). * Miscellaneous cleanups and fixes (Jeff Johnson ). Changes in release 0.19.4: * Support bundled build of expat 1.95.x (Branko ibej). Changes in release 0.19.3: * For platforms lacking snprintf or vsnprintf in libc, require trio. * Add NE_FMT_OFF_T to fix Win32 build (Dan Berlin, Branko ibej). * Fix SSL support in Win32 build (Branko ibej). Changes in release 0.19.2: * Fix non-SSL build broken in 0.19.1. * Working SOCKSv5 support (thanks to Torsten Kalix ) Changes in release 0.19.1: * Add missing stubs for ne_ssl_* functions for non-SSL build. * Fix some error messages in new SSL code. Changes in release 0.19.0: * Major API change: ne_session_create now takes (scheme, hostname, port) arguments: a session is clarified to be "a group of requests to a certain server". - removal of ne_session_server, ne_set_secure, and ne_set_proxy_decider - ne_session_proxy returns void. - DNS lookups are delayed until request dispatch time. * Significant improvements to TLS/SSL support: - SSL is enabled if scheme passed to ne_session_create is "https" - new interfaces to load CA certs and to load SSL library's bundled CA certs - add server cert verification callback. An SSL connection to a server with an unknown CA will now fail unless a verification callback is used. - enable SSL session caching (performance improvement) - support for wildcard server certs where commonName is "*.example.com". - thanks to Tommi Komulainen for the contribution of code from mutt's IMAP/SSL implementation under the LGPL, from which bits of this were derived. * Improved SSL client certificate support: - far simpler interface, all done at ne_session.h level. - supports PKCS#12 and PEM-encoded certificates. - optional callback for only providing client when demanded by server. * Support for TLS upgrade is removed, since it isn't useful. * If NEON_SSL is defined, API extensions are available to: - allow access to the SSL_CTX * to adjust session SSL options - retrieve the server certificate (X509 *) * Decompress fixes: - fix potential segfault in ne_decompress_destroy - check the CRC of the deflated output (and fail if it doesn't match) - fail appropriately on truncated responses, and trailing bytes in response. * Added ne_set_read_timeout to use configurable timeout on socket reads. * Malformed response headers will be ignored rather than failing the request. * ne_set_error takes printf-style vararg. * Fixes for ne_get_range and improve error handling. * Functions which append to an ne_buffer do not return a success value, but they do use ne_realloc/ne_malloc under the hood now, so an OOM callback will be used (with the usual caveats). * XML interface does not strip leading whitespace from cdata by default, the NE_XML_STRIPWS flag is available to restore this feature if required. * Upgraded to libtool 1.4.2: - should fix --enable-shared on Mac OS X 10.1 * Test suite now contains over one hundred tests. Changes in release 0.18.5: * Removed old neon.dsp, neon.dsw. * Update Win32 build to add OpenSSL and zlib support (Branko ibej). * Fix ne_compress.c to compile on Win32 (Branko ibej). Changes in release 0.18.4: * Fixes for Content-Type parsing using ne_content_type_handler (Greg Stein) - also now parses the charset parameter from header value. * Removed ne_concat() function, which didn't work and wasn't used. Changes in release 0.18.3: * Fix parsing lock timeout from server (Arun Garg). * Send Timeout headers in LOCK and refresh LOCK requests (Arun Garg). * Updated neon.mak and config.hw.in for Win32 build (patch from Branko ibej ). * Define XML_BYTE_ORDER for bundled expat build in support macro NEON_XML_PARSER(). Changes in release 0.18.2: * Fix --with-neon=PATH in support macros. * Support DESTDIR in Makefile install targets (patch by Pawel Golaszewski ). * Portability fixes: - fix configure check for time_t on some platforms (e.g Solaris 2.6). - remove expect100_works bitfield in ne_session structure (thanks to Yan Periard ). Changes in release 0.18.1: * Minor fix for authentication: "attempt" counter was not reset correctly after authentication failed, so subsequent requests would not authenticate correctly either. * API change: ne_session_destroy returns void (there was no error case). * Portability fixes (non-GCC compilers, 64-bit platforms, UnixWare 7) * Optimisations in string manipulation routines. * config.hw is included in the release tarball again. * Improvements in the autoconf support macros: - check for neon-config in PATH if --with-neon is not given - stop if --with-neon is used, and the check for external neon fails - added NEON_WITHOUT_ACL to prevent build of ne_acl.o Changes in release 0.18.0: * API change: authentication callback is passed fixed-size username/password buffers, and an 'attempt' counter. Authentication is retried *forever* until either it succeeds, or the callback returns non-zero. * API clarifications: - ne_propname may have a NULL nspace field, indicating the property has no namespace. This holds for properties returned by the propfind interfaces. - added NE_ELM_PROPS_UNUSED as the lowest element number which should be used with handlers added to the XML parser returned by ne_propfind_get_parser. * Fixes and cleanups of lock discovery interface. * Fix for short write handling in ne_get() (thanks to rado ). * Fix for XML namespace prefix handling where a prefix could be mapped to an incorrect URI (e.g. in PROPFINDs against mod_dav with >10 namespaces used) * Add '--support ' option to neon-config; the script exits with success if given feature is supported. Known features are ssl, dav, zlib. * Support for SSL, DAV, zlib is exported by neon.m4 as shell variable NEON_SUPPORTS_{SSL,DAV,ZLIB}={yes,no} for bundled and external builds. * `neon-config --cflags` won't include -I/usr/include for SSL build. * Fix to call progress callbacks while sending request bodies again. * Test changes: - portability fixes, auth interface and progress tests. Changes in release 0.17.2: * Accept Status-Lines with no reason phrase (Jeremy Elson). * Fix handling of persistent connection timeout, and better error handling if sending a request fails. * Fix crashes in locking code. * Return parse error on XML namespace prefix declaration with an empty value. Thanks to Julian Reschke. * Allow passing property names with NULL namespace to ne_proppatch. * Fix for cross-compilation (Mo DeJong). * Moved ne_propname definition from ne_207.h to ne_props.h. * Test changes: - updated for Status-Line parsing changes (Jeremy Elson) - better persistent connection tests - fixed for --disable-webdav build Changes in release 0.17.1: * Add support for ACL method (Arun Garg ), see ne_acl.h. * Fixes and clean up of libraries exported via `neon-config --libs' * Fix timezone handling when parsing dates (on some platforms). * Upgrade to autoconf 2.52 and libtool 1.4 (thanks to Mo DeJong). * Cleanup/simplification of request dispatching: - better handling of error cases, including fix for a possible infinite loop when the server closes the connection prematurely. * Add '--without-zlib' configure option. * Test changes: - prettify output; imitate Perl test suite output. - add tests for interim 1xx responses, persistent connections, more unbounded operations. Changes in release 0.17.0: * Add support for decoding gzip Content-Encoding: see ne_compress.h. - built if zlib is found; `neon-config --cflags' will define NEON_ZLIB if so. * Rewrite hooks interface to register individual callbacks. - inspired by the Apache 2.0/APR hooks interface * Register cookies hooks using ne_cookie_register(). * Clean up configure scripts to enable use of autoconf 2.5x (Mo DeJong). * Use new endianess configure macro to allow cross-compiling (Mo DeJong). * Fix invalid C code in sock_init() in Win32 build (Mo DeJong). * Fix use of signal() on Win32 (Mo DeJong). * Workaround libxml 1.x string handling not being UTF-8. * Test changes: - add tests for decompression interface. Changes in release 0.16.1: * Also handle write errors in ne_get_range. * Dump request body blocks in debugging mode. * Fix ne_shave() causing memory corruption when the result should have been the empty string. * Refactor auth header parsing code; more efficient now. - fixes digest auth RFC2617-style broken in 0.16.0 Changes in release 0.16.0: * API change: ne_copy takes a depth parameter (thanks to Arun Garg, Medha Atre) * API change: validate callback to ne_xml also takes a userdata arg. * Added 'ne_lock_refresh' for performing lock refresh (Arun Garg). * Add SSL support to Win32 build (Peter Boos ) (see INSTALL.win32 for details). Compile with USE_DAV_LOCKS also. * Remove Server header parser for 100-continue support in ne_options. (and remove broken_expect100 from ne_server_capabilities). * Set SIGPIPE disposition to "ignored" in sock_init(). * On platforms with setvbuf(), turn off buffering for the debug log stream. * Ignore repeated calls to sock_init(). * Fixes to error handling in ne_get_range. * Minor improvements to memory handling in auth code. * Fix for start_propstat callback being called with NULL response argument when given invalid XML, causing a segfault in propfind code. * Test changes: - add regression test for the propfind segfault. - handle segfaults better (reap the child, flush the debug log). Changes in release 0.15.3: * Fix --with-expat=DIR build. Changes in release 0.15.2: * Fix Win32 for XML parser changes (Gerald Richter). * Substitute versions into config.hw at distribution time. * Add date parser for ISO8601-formatted dates as defined by RFC2518, e.g. the creationdate property (Taisuke Yamada ). * Fix Y2K bug in RFC1036 date parsing algorithm. * Test changes: - add tests for date parsing functions. Changes in release 0.15.1: * Win32 update from Gerald Richter - new files neon.mak, INSTALL.win32 * Fix for ne_socket.h includes (Mo DeJong). * More improvements for XML parser selection logic: - if parser is required, be sure to fail configure if none is found. - added --with-included-expat for bundled expat logic. * Rename --enable-debugging to --enable-debug (Mo DeJong). - added NEON_DEBUG macro to exported autoconf macros. * Call progress callbacks for request bodies. * Test changes: - check that reading response headers is a bounded operation. - use a pipe between child and parent to avoid race condition and tedious sleep(). Changes in release 0.15.0: * Major API renaming to use ne_/NE_ namespace: - http_ to ne_, HTTP_ to NE_, dav_ to ne_, DAV_ to NE_, neon_ to ne_ - hip_xml_ to ne_xml_, HIP_ELM_ to NE_ELM_, HIP_XML_ -> NE_XML_ - sbuffer_ to ne_buffer_ - DEBUG() to NE_DEBUG(), DEBUG_ to NE_DBG_ * Type renames: - http_req to ne_request - sbuffer to 'ne_buffer *' * Note, 'ne_buffer' is not an implicit pointer type, you must specify the '*' now, e.g. 'ne_buffer *buf = ne_buffer_create();'. * ne_buffer is no longer opaque. - ne_buffer_data() removed: use buf->data instead. - ne_buffer_size() is a macro. * Header renames and additions: - http_request.h -> ne_request.h - Session code split into ne_session.h - hip_xml.h -> ne_xml.h, nsocket.h -> ne_socket.h, http_utils.h -> ne_utils.h - neon_md5.h -> ne_md5.h, dav_207.h -> ne_207.h - http_basic.h and dav_basic.h merged into ne_basic.h * New functions: - ne_token and ne_shave, to obsolete split_string, shave_string. * Removed: ne_get_request_headers(). * autoconf changes: - disable building shared neon library by default. - option --enable-libxml is replaced by --with-libxml1 and --with-libxml2 to force use of a particular parser. * Fix auth code to only take MD5 digests of response body blocks when necessary (thanks to Kai Sommerfeld). * Fix alignment bug in MD5 code which could cause SIGBUS on Sparc architectures (Kai Sommerfeld). * Rewrite of request body handling: - ne_set_request_body_fd replaces _stream, using an int fd rather than a FILE *. - added ne_set_request_body_provider to give a callback which is called to provide request body blocks. - removal of 'use_body' hook in favour of 'ne_pull_request_body' function to allow hooks to manually read the request body. - ne_{put,get,post,put_if_unmodified} all take an integer fd rather than a FILE * stream. * Test changes: - added framework for testing "over the wire" (fork a server process) - added tests for response message length handling, chunked responses, header folding, sending request bodies. - start at listing RFC2616 requirements and whether they are met or not in test/STATUS. - test for MD5 alignment bug on Sparc (thanks to Kai Sommerfeld). Changes in release 0.14.0: * Add C++ inclusion safety to http_auth.h (Kai Sommerfeld). * Define ssize_t on Win32. (Kai Sommerfeld). * Add C++ inclusion safety to dav_locks.h and ne_alloc.h (thanks to Gregor Bornemann ). * Significant API change to properties code, to allow use of allprop and complex properties: - dav_propfind_set_complex and _set_flat are removed. - add parameter to dav_propfind_named to take the list of property names to be fetched. - new function dav_propfind_set_private to set private callback. - all properties not handled by caller are stored as flat properties. * Untested: add basic SOCKSv5 support: configure --with-socks. - please report success/failure to neon@webdav.org * Win32/MSVC build files from Magnus Sirwi . * Fix for expat detection from Shane Mayer . * Namespace-protect md5 code and more. - md5_* -> ne_md5_* - ascii_to_md5 -> ne_ascii_to_md5 (and moved to neon_md5.h) * Parse authinfo segment in URIs (Johan Lindh ). - added 'authinfo' field to struct uri. * New API: hip_xml_get_attr to retrieve attributes. * Store language for properties, access with dav_propset_lang. - only if property is defined on the property element itself. * Started a simple test suite (test/*). - includes some simple HTTP server tests. * Remove "Content-Length: 0" header for request with no body, fixing interop with Squid 2.3-STABLE1 (thanks to Kai Sommerfeld). * http_parse_statusline skips leading whitespace. (Johan Lindh). * Partial fix for timezone/date parsing problems. Changes in release 0.13.0: * Fix ne_strndup allocating one byte less than it should (Kai Sommerfeld) - if you use uri_parse, this bug may have caused subtle memory corruption in your application. * Revert API changes in 0.12: property values are not UTF-8 encoded/decoded internally. (thanks to Greg Stein) * Add another optional argument to NEON_BUNDLED macros, actions to be run if bundled build is *not* selected. * API change: added argument to http_add_hooks to register cleanup function for the cookie. * Removed dav_lock_unregister in favour of automatic cleanup when session is destroyed. * Fixed leaks in redirect code (Kai Sommerfeld). * Fixed crashes in hip_xml_destroy (Kai Sommerfeld). * Redirects to a different hostname/port/scheme are never followed: the request will fail with HTTP_REDIRECT instead. Redirect notification callback is only called for *followed* redirects. New API: http_redirect_location() for retrieving location of last redirect. * Authentication is now implemented as a hook, independently of http_request.c: - API change: removed 'hostname' argument from auth callbacks. - API change: you must now include http_auth.h from your application. - Also fixes case of using server and proxy authentication simultaneously * Added 'http_forget_auth' to clear authentication session. * New API: http_session_hook_private for retrieving private per-session cookie for hooks. * API change: http_set_request_body_stream has a return error value. * API change: http_set_request_body_buffer now takes the buffer length too. * New API: caller-pulls interface for reading response body: http_begin_request, http_end_request, http_read_response_block. An alternative to using the (much simpler) http_request_dispatch. * Make --disable-webdav build work. * New API: dav_propnames for retrieving property names. * New API: dav_propfind_get_request to access request object of handler. * API change: progress and connection status callbacks implemented at http_request.h level. Socket-level status callbacks removed, progress callbacks made per-socket. * Supports new expat (Sam TH ) * Supports libxml2 (in preference to libxml1). * API change: added namespace protection to base64 and dates functions: all have ne_ prefix now. * Fixed ranged GETs where a specific range is requested (Johan Lindh ). * Limit number of response header fields to 100. * Allow requests for the '*' URI even if a proxy server is in use. * libxml: Get useful error messages for parse errors. Changes in release 0.12.0: * Portability fixes to http_request.c and http_auth.c. - fixes digest auth on big-endian architectures. * Fix warnings from stray tokens after #endif's in uri.h and string_utils.h. * Add C++ inclusion safety to http_redirect.h (Kai Sommerfeld ). * Make redirects to a different host work (Kai Sommerfeld). * Fix reading response bodies when non-chunked and no Content-Length (Kai Sommerfeld). * API change: 'http_add_hooks takes a 'const' request object. * Fixed memory leaks in session hooks (thanks to Kai Sommerfeld). * Fix passing NULL props argument to dav_simple_propfind, to support allprop requests. **** MAJOR INTERFACE CHANGE **** - URIs passed to http_request_create() are NOT escaped by neon. You MUST do this yourself to remain HTTP compliant, using e.g. uri_abspath_escape. (Kai Sommerfeld) * Added --disable-webdav flag to configure, to disable DAV support in the library. This allows building neon without an XML parser. * Corresponding NEON_WITHOUT_WEBDAV macro for use in bundled builds. * Fix Makefile dependancies. * A bundled neon directory builds or doesn't build automatically (i.e. you recurse into it unconditionally). * API clarification: - dav_propset_status may return NULL if the server does not return a response for the given property (issue is open for debate). * API change up for debate: - Property values to dav_proppatch are UTF-8 encoded internally. - Property values in dav_propfind_* are UTF-8 decoded internally. * API additions: ne_realloc, ne_utf8_encode. Changes in release 0.11.0: * Added SSL client certificate support with 'sock_set_client_cert'. - Supports certs in PEM-encoded files. - Specify a callback for prompting the user for the password with sock_set_key_prompt. * Added 'ne_oom_callback', to register a callback which is used if malloc() returns NULL. (Mike Rosellini ) * Register appropriate callback with libxml to handle ). Changes in release 0.10.1: * Default expect-100 to OFF. Changes in release 0.10.0: * hip_xml API changes: - The search for a handler for a new child element begins at the handler of the parent element, and carries on up the stack. (previously, it always started from the base of the stack) - Documentation written: doc/parsing-xml.txt * Remove memory leaks and tidy debugging output in new properties code. * API changes to DAV locking interface: - New function: dav_lock_copy to copy a lock object. - Re-ordered arguments to callback of dav_lock_discover, and made the lock object passed back const. - Fix leaks and crashes due to vague interface definitions. * API change to dav_propfind_set_complex: use a callback to return the 'private' structure. * NEON_NORMAL_BUILD and NEON_LIBTOOL_BUILD macros defined for setting up neon's Makefile in a bundled build: see macros/neon.m4. * NEON_VPATH_BUNDLED macro added which takes separate srcdir and builddir arguments for supporting VPATH builds (thanks to Peter Moulder ). * Added optional final argument to NEON_(VPATH_)BUNDLED, which gives a set of actions to be run if the bundled build is chosen. * NEON_SSL checks for OpenSSL in /usr too. * API change: when using http_session_decide_proxy, it MUST be called before using http_session_server to prevent the DNS lookup on the origin server being optimised out. The real scheme in use is passed to the callback now. * New function, dav_207_ignore_unknown, to ignore any unknown XML fragments in the 207 response. Used by properties layer. Changes in release 0.9.2: * Fix using both dav_propfind_set_complex and dav_propfind_set_flat with the same propfind_handler. Changes in release 0.9.1: * dav_propfind interface - Guarantee that the 'private' structure will be initialized to zero on creation. - Make it the *callers* responsibility to free() the private structure. * Fix a few arguments/variables which mirrored globally declared symbols. Changes in release 0.9.0: * Removed old dav_propfind_* interface, replaced with a better, more powerful, and easier to use interface: - 'dav_simple_propfind' interface for just fetching "flat" (byte-string) properties. - 'dav_propfind_*' interface for fetching flat and/or "complex" (structured XML) properties. - Lets you retrieve the 'status' information, to see what happened if fetching the property failed (e.g 404 Not Found). * Fixes to doc/using-neon.txt (thanks to Greg Stein). * Allow building when srcdir != builddir (Mo DeJong ) Changes in release 0.8.1: * Fix segfault in PROPFIND code. Changes in release 0.8.0: * Fix for using COPY/MOVE over SSL (thanks to David Sloat). * Fix for using a proxy server and SSL. * Added 'http_get_scheme' API call. * Added 'http_redirect.h' to list of installed headers (thanks to everyone ;). * Changes for building on Windows (Peter Boos ) * Fixes for building on BeOS (Sam TH and David Reid ). * Add buffering to socket code for pre-BONE BeOS systems (David Reid). * Interface changes for hip_xml: - Renamed hip_xml_add_(mixed_)handler to hip_xml_push_(mixed_)handler - Documentation updates. - Added HIP_ELM_UNUSED for lowest element id which should be used. *** MAJOR INTERFACE CHANGE *** - Removed 'http_status *' pointer from http_request_dispatch. - Added http_get_status(req) to retrieve the response-status information instead. You don't have to declare an http_status object yourself now. * Similarly, added DAV_ELM_207_UNUSED for lowest element id which should be used by users of dav_207_* code (incl. use of dav_propfind_* code). * New NEON_* autoconf macro interface: - Use NEON_BUNDLED if sources are bundled, otherwise NEON_LIBRARY. - The NEON_XML_PARSER macro is NOT called automatically. You must call this yourself if using NEON_BUNDLED; see doc/using-neon.txt for details. * Fix use of 'socket' in nsocket.h function prototypes (Greg Stein). * Remove extra backslash at line 69 of src/Makefile.incl (Dirk Bergstrom). * Examples directory is now a separate package. Changes in release 0.7.7: * Another fix for linking against a libtool-built expat (Greg Stein). Changes in release 0.7.6: * Better check for closed SSL connection after doing SSL_peek. (thanks to Jeff Costlow ). * Attempt at correct sock_block() implementation for SSL. * sock_peek() will return SOCK_CLOSED correctly. Changes in release 0.7.5: * Fixed workaround for linking against a libtool-built expat (Greg Stein). Changes in release 0.7.4: * Fix for fd leak on connect failure (David Sloat ). * Fix for Digest auth against IIS5 (David Sloat). * Workaround for linking against a libtool-built libexpat.la (Greg Stein). Changes in release 0.7.3: * Check for -lsocket and -linet in configure. * Workaround for SSL problems. Changes in release 0.7.2: * Define SHELL in Makefile (thanks to Eric Mumpower ). * Added 'all' target to Makefile (Greg Stein ) * Added '--with-expat' argument to configure (Greg Stein) * Added 'dav_propfind_destroy' function. Changes in release 0.7.1: * Don't register response body/header authentication callbacks if no credentials-supplying callback has been registered (speed optimisation). Changes in release 0.7.0: * Deprecated use of 'NULL' to http_add_response_header_handler. New interface, http_add_response_header_catcher, to register a callback which is passed ALL response headers regardless of name. * Speed optimisation (~10%?): storing response-header handlers in a hash table for faster look. * New SBUFFER_CAST() macro for getting to the 'char *' of an sbuffer as fast as possible. Changes in release 0.6.1: * Fix for retrying request if connection is closed by server. * Make redirect hook work for >1 request per session. Changes in release 0.6.0: * New interface to allow following HTTP redirects (301/302 responses). A callback must be given to get user confirmation if the request method is not GET, HEAD, or PROPFIND. * New interface to determine whether the proxy server should be used for a given request: http_session_decide_proxy. * Fix nget build again. Support automatic redirects in 'nget'. * Add --with-extra-includes and --with-extra-libs configure parameters to point configure at Changes in release 0.5.1: * Prevent segfault if USE_DAV_LOCKS is defined, and a locking session is not registered (thanks to David Sloat). Changes in release 0.5.0: * Rename xmalloc, xstrdup etc to ne_malloc, ne_strdup etc. * Some speed optimisation in response-header reading. * Use 'off_t' rather than 'size_t' in sock_progress callback, sock_readfile_blocked, and sock_transfer. Changes in release 0.4.2: * Fix for sending request bodies after getting 100-continue response. Changes in release 0.4.1: * Fix nget build. Changes in release 0.4.0: * Install library headers into .../include/neon not .../include/libneon * Install all necessary library headers. * Compile support for WebDAV locking throughout the library * Rename md5.h to neon_md5.h (avoids conflict with md5.h in OpenSSL) * Rename socket.h to nsocket.h (avoids possible conflict with C library) * Update licensing notice on macros/neon*.m4: note that these files are NOT under the LGPL, and can be used in other packages regardless of the license the package uses. * Update NEON_LIBRARY m4 function to allow optional specification of names of bundled neon/expat source directories. * Increase socket read timeout to 60 seconds. * Added an POST method: from Sander Alberink . * Added 'http_get_request_headers' to return the sbuffer containing all request headers. * Allow passing NULL as name to http_add_response_header_handler: the handler callback is passed the entire header string, of ALL response headers. Changes in release 0.3.1: * Compile fix for dav_locks.c (thanks to Paul D'Anna) Changes in release 0.3.0: * Rewrite of socket handling layer. All sock_* functions changed. * Added basic SSL support: --with-ssl (requires OpenSSL). NOTE: Certificates are NOT presented for verification. * 'nget' accepts URL's using the 'https' scheme. * New example program, 'nserver', to display the Server: string, e.g. 'nserver https://www.eu.c2.net/' * Fixed request re-send when persistent connection times out. * "Hooks" support: allow external hooks into the HTTP request/ response dispatch loop. * New printf-style interface for adding request headers. * Make symbols used in header files C++-safe (Tom Bednarz). * WebDAV locking support: lock discovery, LOCK (exclusive/shared) UNLOCK. "If:" headers are sent as appropriate. Simple interface for implementors of new methods to indicate which locks are required for the method. * Primitive HTTP cookies support. * Primitive hack at a GNOME-based GUI example program "nbrowse". Enable build with --enable-gnome-examples. It crashes, and not much else. Requires GNOME and POSIX threads. Example usage: 'nbrowse dav.ics.uci.edu /msdav/' Many thanks to Lee Mallabone for Gtk help, and showing how to use Gtk and threads. Changes in release 0.2.0: * Use libtool: new configure options to select whether to build shared and/or static libraries. Should build shared libraries portably now. * Complete rewrite of the hip_xml interface to use opaque pointers. New functions: hip_xml_create, hip_xml_destroy: create parser. hip_xml_{set,get}_error: Access to error string. hip_xml_add_handler: Register callbacks for a set of elements. hip_xml_valid: Returns whether the parse was valid or not. Removed functions: hip_xml_init, hip_xml_finish. * Removed functions made reduntant by above changes in dav_207. * Don't include config.h in header files * Fix PROPFIND allprop request body (Michael Sobolev) * Added C++ safety macros around header files. * Added neon-config script for getting correct CFLAGS and LIBS values for using libneon in applications. Changes in release 0.1.1: * Fix for short writes in GET Changes in release 0.1.0: * Initial release. neon-0.32.2/README.md000066400000000000000000000050771416727304000140310ustar00rootroot00000000000000 [![Travis CI Build Status](https://travis-ci.com/notroj/neon.svg?branch=master)](https://travis-ci.com/github/notroj/neon) [![Build and test](https://github.com/notroj/neon/actions/workflows/ci.yml/badge.svg)](https://github.com/notroj/neon/actions/workflows/ci.yml) # neon _neon_ is an HTTP and WebDAV client library, with a C language API. Mailing list: neon@lists.manyfish.co.uk || Web site: https://notroj.github.io/neon/ The neon API and ABI are stable and maintain backwards compatibility since 0.27 through to current releases. Features: - High-level interface to HTTP and WebDAV methods. - Low-level interface to HTTP request handling, to allow implementing new methods easily. - Persistent connection support (HTTP/1.1 and HTTP/1.0 aware) - Basic and Digest authentication (RFC 7616/7617, including SHA-2, userhash) - Kerberos (Negotiate) and SSPI/NTLM authentication (Unix and Windows) - HTTP and SOCKS (v4/5) proxy support (including authentication) - SSL/TLS support using OpenSSL or GnuTLS (client certs via files or PKCS#11) - Generic WebDAV 207 XML response handling mechanism - XML parsing using expat or libxml2 - Easy generation of error messages from 207 error responses - Basic HTTP/1.1 methods: GET, PUT, HEAD, OPTIONS, conditional PUT - WebDAV resource manipulation: MOVE, COPY, DELETE, MKCOL. - WebDAV metadata support: set and remove properties (PROPPATCH), query any set of properties (PROPFIND). - WebDAV locking and ACL (RFC 3744) support - Autoconf macros supplied for easily embedding neon directly inside an application source tree. Provides lower-level interfaces to directly implement new HTTP methods, and higher-level interfaces so that you don't have to worry about the lower-level stuff. The neon library source code is licensed under the GNU Library GPL; see src/COPYING.LIB for full details. The manual and test suite are licensed under the terms of the GNU GPL; see test/COPYING for terms. The autoconf macros in the "macros" directory are under a less restrictive license, see each file for details. ~~~ neon is Copyright (C) 1999-2021 Joe Orton Portions are: Copyright (C) Aleix Conchillo Flaque Copyright (C) Arfrever Frehtes Taifersar Arahesis Copyright (C) Arun Garg Copyright (C) Daniel Stenberg Copyright (C) Free Software Foundation, Inc. Copyright (C) Henrik Holst Copyright (C) Jiang Lei Copyright (C) Kai Sommerfeld Copyright (C) Karl Ove Hufthammer. Copyright (C) Michael Sobolev Copyright (C) Nobuyuki Tsuchimura Copyright (C) Sylvain Glaize Copyright (C) Thomas Schultz Copyright (C) Vladimir Berezniker Copyright (C) Yves Martin ~~~ neon-0.32.2/THANKS000066400000000000000000000017501416727304000134570ustar00rootroot00000000000000Thanks go to the following people for contributing to neon development with code, patches, or good bug reports or suggestions. Arun Garg, Blair Zajac, Branko Èibej, Daniel Berlin, David Sloat, David Reid, Dirk Bergstrom, Ulrich Drepper, Gerald Richter, Greg Stein, Gregor Bornemann, Jeff Johnson, Jeremy Elson, Jim Whitehead, Johan Lindh, Justin Erenkrantz, Kai Sommerfeld, Keith Wannamaker, Lee Mallabone, Magnus Sirwiö, Markus Mueller, Max Bowsher, Michael Sobolev, Mike Rosellini, Mo DeJong, Noriaki Takamiya, Olof Oberg, Pawel Golaszewski, Peter Boos, Peter Moulder, rado, Risko Gergely, Rodney Dawes, Sam TH, Sander Alberink, Sander Striker, Stefan Esser, Shane Mayer, Taisuke Yamada, Teng Xu, Tom Bednarz, Tom Lee, Tommi Komulainen, Torsten Kalix, Wilfredo Sánchez, Daniel Veillard, Vladimir Berezniker, Jiang Lei, Werner Baumann, Mike DiCuccio, Gisle Vanem, Hans Meine, Laszlo Boszormenyi, Matthias Miller, Albert Chin, Kiyo Kelvin Lee, D.J. Heap, Dongsheng Song, Aleix Conchillo Flaque. neon-0.32.2/TODO000066400000000000000000000022441416727304000132330ustar00rootroot00000000000000 To Do List for neon -*- text -*- =================== Please submit feature requests to For one-point-oh ---------------- Longer term ----------- 6. PUT with ranges... ne_put_range 9. DeltaV support (http://www.webdav.org/deltav/). See also the subversion project (http://subversion.tigris.org/) who might build a versioning system over DAV. 14. Improved request-header manipulation... some kind of indexed table (a la Apache, libghttp, so we're sure we don't add the same header to the request twice. Better control over adding Cache-Control headers would be good too. 21. Storing multiple authentication "sessions" within an actual auth_session, so I can log into e.g. /foo/ and /bar/ (which are not in the same authentication domain) and switch between them without having to re-enter passwords all the time. 46. Asynchronous request-dispatching? Makes integration into GUI loop easy... any other reasons? Must leave existing request_dispatch interface intact. 50. opendir/readdir/closedir-esque interface for PROPFIND depth 1, a la EZDAV. (cadaver has it already) neon-0.32.2/autogen.sh000077500000000000000000000015551416727304000145500ustar00rootroot00000000000000#!/bin/sh rm -f ltconfig ltmain.sh config.cache aclocal.m4 config.guess config.sub # remove the autoconf cache rm -rf autom4te*.cache # create a .version file for configure.in if test ! -f .version; then # Building from SVN rather than in a release echo 0.0.0-dev > .version # for the documentation: date +"%e %B %Y" | tr -d '\n' > doc/date.xml echo 0.0.0-dev > doc/version.xml fi set -e printf "libtoolize... " LIBTOOLIZE=${LIBTOOLIZE:-`which libtoolize || which glibtoolize`} if ${LIBTOOLIZE} --help | grep -- --install > /dev/null; then ${LIBTOOLIZE} --copy --force --install >/dev/null; else ${LIBTOOLIZE} --copy --force >/dev/null fi printf "aclocal... " ${ACLOCAL:-aclocal} -I macros printf "autoheader... " ${AUTOHEADER:-autoheader} printf "autoconf... " ${AUTOCONF:-autoconf} -Wall echo okay. # remove the autoconf cache rm -rf autom4te*.cache neon-0.32.2/config.hw.in000066400000000000000000000047201416727304000147560ustar00rootroot00000000000000/* -*- c -*- Win32 config.h Copyright (C) 1999-2000, Peter Boos Copyright (C) 2002-2006, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #if defined(_WIN32) && !defined(WIN32) #define WIN32 #endif #ifdef WIN32 #define NEON_VERSION "@VERSION@" #define NE_VERSION_MAJOR (@MAJOR@) #define NE_VERSION_MINOR (@MINOR@) #define HAVE_ERRNO_H #define HAVE_LIMITS_H #define HAVE_STDLIB_H #define HAVE_STRING_H #define HAVE_MEMCPY #define HAVE_SETSOCKOPT #define HAVE_SSPI #define NE_HAVE_TS_SSL 1 /* Define to enable debugging */ #define NE_DEBUGGING 1 #define NE_FMT_SIZE_T "u" #define NE_FMT_SSIZE_T "d" #define NE_FMT_OFF_T "ld" #define NE_FMT_OFF64_T "I64d" #define NE_FMT_NE_OFF_T NE_FMT_OFF_T #ifndef NE_FMT_XML_SIZE #define NE_FMT_XML_SIZE "d" #endif /* needs adjusting for Win64... */ #define SIZEOF_INT 4 #define SIZEOF_LONG 4 /* Win32 uses a underscore, so we use a macro to eliminate that. */ #define snprintf _snprintf /* VS2008 has this already defined */ #if (_MSC_VER < 1500) #define vsnprintf _vsnprintf #endif #if defined(_MSC_VER) && _MSC_VER >= 1400 #define strcasecmp _strcmpi #define strncasecmp _strnicmp #else #define strcasecmp strcmpi #define strncasecmp strnicmp #endif #if defined(_MSC_VER) && _MSC_VER >= 1300 #define HAVE_STRTOLL #define strtoll _strtoi64 #endif #define ssize_t int #define inline __inline #if defined(NE_LFS) #define lseek64 _lseeki64 #define fstat64 _fstat64 #define stat64 __stat64 #else #define off_t _off_t #endif #ifndef USE_GETADDRINFO #define in_addr_t unsigned int #endif typedef int socklen_t; #include #define read _read #endif neon-0.32.2/configure.ac000066400000000000000000000143101416727304000150260ustar00rootroot00000000000000AC_PREREQ(2.58) dnl 2.58 required for AS_HELP_STRING dnl Extract the version (sans LF) from .version, created at release-time. m4_define(ne_version, [m4_translit(m4_include(.version), [ ])]) AC_INIT(neon, ne_version, [neon@lists.manyfish.co.uk]) AC_COPYRIGHT([Copyright 2000-2010 Joe Orton and others This configure script may be copied, distributed and modified under the terms of the GNU Library General Public license; see src/COPYING.LIB for more details.]) AC_CONFIG_HEADER(config.h) AC_CONFIG_SRCDIR(src/ne_request.c) NEON_WITH_LIBS # Pass through initial LDFLAGS verbatim to neon-config, so that extra # libraries which are detected (e.g. OpenSSL) can still be found when # building using the --libs output of neon-config. user_LDFLAGS=$LDFLAGS # By default, allow 'make install' to work. ALLOW_INSTALL=yes AC_DEFINE([_GNU_SOURCE], 1, [Always defined to enable GNU extensions]) AC_DEFINE([NEON_IS_LIBRARY], 1, [Defined when neon is built as a library]) AH_BOTTOM([ /* Enable leak-tracking versions of ne_*alloc when NEON_MEMLEAK is enabled */ #ifdef NEON_MEMLEAK # include "memleak.h" #endif]) AC_PROG_INSTALL AC_ARG_ENABLE(webdav, AS_HELP_STRING([--disable-webdav],[disable WebDAV support])) if test "$enable_webdav" = "no"; then NEON_WITHOUT_WEBDAV else # Yes, we do need an XML parser. The _BUNDLED macros handle # this normally. NEON_NEED_XML_PARSER=yes fi # The bundled macros also set this, which makes sure we recurse # into the 'src' directory. NEON_BUILD_BUNDLED=yes # Define NEON_VERSION etc and make the appropriate substitutions. NE_VERSIONS_BUNDLED LIBNEON_SOURCE_CHECKS dnl Avoid libtool 1.5 bug where configure fails if a C++ compiler dnl is not available. m4_ifdef([AC_LIBTOOL_TAGS], [AC_LIBTOOL_TAGS([])]) AC_DISABLE_SHARED m4_ifdef([LT_INIT], [LT_INIT], [AC_PROG_LIBTOOL]) AC_EXEEXT # Checks to compile test suite NEON_TEST # Use the libtool-type build. NEON_LIBTOOL_BUILD # Find an XML parser NEON_XML_PARSER # Internationalization support. NEON_I18N() # Extra checks for debugging, compiler warnings NEON_DEBUG # Leave till last to prevent CFLAGS affecting checks. NEON_WARNINGS CPPFLAGS="$CPPFLAGS -I\${top_builddir}" AC_ARG_ENABLE(memleak, AS_HELP_STRING([--enable-memleak], [for test builds only: enable memory leak checking])) if test "$enable_memleak" = "yes"; then CPPFLAGS="$CPPFLAGS -DNEON_MEMLEAK -I\$(top_srcdir)/src" # disable 'make install' ALLOW_INSTALL=memleak fi # Enable tests for optional features TESTS="\$(BASIC_TESTS)" HELPERS="" if test $NE_FLAG_SSL = yes; then # Only enable SSL tests if an openssl binary is found (needed to make # certs etc). AC_PATH_PROG(OPENSSL, openssl, notfound) if test "$OPENSSL" != "notfound"; then TESTS="$TESTS \$(SSL_TESTS)" HELPERS="$HELPERS \$(SSL_HELPERS)" else AC_MSG_WARN([no openssl binary in \$PATH: SSL tests disabled]) fi AC_PATH_PROG(CERTUTIL, certutil, notfound) AC_PATH_PROG(PK12UTIL, pk12util, notfound) fi if test $NE_FLAG_ZLIB = yes; then TESTS="$TESTS \$(ZLIB_TESTS)" HELPERS="$HELPERS \$(ZLIB_HELPERS)" fi if test x$enable_webdav != xno; then TESTS="$TESTS \$(DAV_TESTS)" fi AC_ARG_ENABLE(tests-install, AS_HELP_STRING([--enable-tests-install], [enable installation of the test suite]),, [enable_tests_install=no]) # If test suite installation is not required, it's more # efficient to link the test programs using -no-install: if test "$enable_tests_install" = "no"; then TEST_LDFLAGS="-no-install" fi AC_SUBST(TEST_LDFLAGS) AC_PATH_PROG(PKG_CONFIG, pkg-config, no) if test "$PKG_CONFIG" != "no"; then # pkg-config >= 0.18 will use "Libs.private" iff necessary, # older versions which don't recognize that field may always # need all libraries in Libs. if $PKG_CONFIG --atleast-pkgconfig-version=0.18; then :; else NEON_PC_LIBS=${NEON_LIBS} fi fi AC_SUBST(NEON_PC_LIBS) # Pass the interface version on to libtool when linking libneon.la NEON_LINK_FLAGS="-version-info ${NE_LIBTOOL_VERSINFO}" # If any non-default ABI variations are used, add them to the SONAME: ### disabled for backwards-compat with 0.27.x #if test "x${NE_LIBTOOL_RELEASE}y" != "xy"; then # NEON_LINK_FLAGS="${NEON_LINK_FLAGS} -release ${NE_LIBTOOL_RELEASE}" #fi gl_LD_VERSION_SCRIPT # If ld version scripts are supported, enable symbol versioning. # Otherwise, fall back to any libtool-supported symbol export # restrictions; ne__* symbols are not exported. if test "x$have_ld_version_script" = "xyes"; then NEON_LINK_FLAGS="$NEON_LINK_FLAGS -Wl,--version-script=\$(top_srcdir)/src/neon.vers" else NEON_LINK_FLAGS="$NEON_LINK_FLAGS -export-symbols-regex '^ne_[[^_]]'" fi if test x${enable_shared}${pic_mode}z = xnodefaultz; then CFLAGS="$CFLAGS -prefer-pic" AC_MSG_NOTICE([Using PIC for static library build]) fi if test x${enable_shared} = xno; then # Defining NE_PRIVATE as the empty string would work; using a # non-empty but redundant string 'extern' avoids any possible cpp # confusion with from an empty macro. CPPFLAGS="$CPPFLAGS -DNE_PRIVATE=extern" AC_MSG_NOTICE([Private symbol suppression disabled for static library build]) fi # Bundled language catalogs ALL_LINGUAS="cs de fr ja nn pl ru tr zh_CN" AC_SUBST(ALL_LINGUAS) AC_CONFIG_FILES([neon-config], [chmod +x neon-config]) AC_CONFIG_FILES([Makefile src/Makefile test/Makefile neon.pc]) AC_CONFIG_FILES([test/makekeys:test/makekeys.sh], [chmod +x test/makekeys]) AC_SUBST(NEON_VERSION) AC_SUBST(NEON_BUILD_BUNDLED) AC_SUBST(top_builddir) AC_SUBST(user_LDFLAGS) AC_SUBST(HELPERS) AC_SUBST(TESTS) AC_SUBST(ALLOW_INSTALL) AC_OUTPUT # for VPATH builds: test -d test/common || mkdir test/common AC_MSG_NOTICE([Configured to build AC_PACKAGE_STRING: Install prefix: ${prefix} Compiler: ${CC} XML Parser: ${neon_xml_parser_message} SSL library: ${ne_SSL_message} zlib support: ${ne_ZLIB_message} Build libraries: Shared=${enable_shared}, Static=${enable_static} ]) case $ALLOW_INSTALL in memleak) AC_MSG_NOTICE([Configured with development-only flags: WARNING: This copy of neon has been configured with memory leak checking WARNING: enabled, which should only be used in a development build of neon. WARNING: This neon library should not be installed for use by applications. ]);; esac neon-0.32.2/doc/000077500000000000000000000000001416727304000133065ustar00rootroot00000000000000neon-0.32.2/doc/TODO000066400000000000000000000134131416727304000140000ustar00rootroot00000000000000/* List of interfaces needing reference documentation. -*- c -*- */ /* ne_session.h */ ### DONE: basics ne_session *ne_session_create(const char *scheme, const char *hostname, int port); void ne_session_destroy(ne_session *sess); void ne_close_connection(ne_session *sess); void ne_session_proxy(ne_session *sess, const char *hostname, int port); ### DONE: error handling void ne_set_error(ne_session *sess, const char *format, ...); const char *ne_get_error(ne_session *sess); ### DONE: options void ne_set_useragent(ne_session *sess, const char *product); void ne_set_expect100(ne_session *sess, int use_expect100); void ne_set_persist(ne_session *sess, int persist); void ne_set_read_timeout(ne_session *sess, int timeout); ### TODO: progress + status callbcacks void ne_set_progress(ne_session *sess, ne_progress progress, void *userdata); ### TODO: status callback typedef enum ne_conn_status; typedef void (*ne_notify_status)(void *userdata, ne_conn_status status, const char *info); void ne_set_status(ne_session *sess, ne_notify_status status, void *userdata); ### DONE: SSL verification typedef struct ne_ssl_dname; char *ne_ssl_readable_dname(const ne_ssl_dname *dn); typedef struct ne_ssl_certificate; #define NE_SSL_* typedef int (*ne_ssl_verify_fn)(void *userdata, int failures, const ne_ssl_certificate *cert); void ne_ssl_set_verify(ne_session *sess, ne_ssl_verify_fn fn, void *userdata); ### DONE: SSL server certs int ne_ssl_load_ca(ne_session *sess, const char *file); int ne_ssl_load_default_ca(ne_session *sess); ### TODO: SSL client certs typedef int (*ne_ssl_keypw_fn)(void *userdata, char *pwbuf, size_t len); void ne_ssl_keypw_prompt(ne_session *sess, ne_ssl_keypw_fn fn, void *ud); int ne_ssl_load_pkcs12(ne_session *sess, const char *fn); int ne_ssl_load_pem(ne_session *sess, const char *certfn, const char *keyfn); typedef void (*ne_ssl_provide_fn)(void *userdata, ne_session *sess, const ne_ssl_dname *server); void ne_ssl_provide_ccert(ne_session *sess, ne_ssl_provide_fn fn, void *userdata); #ifdef NEON_SSL SSL_CTX *ne_ssl_get_context(ne_session *sess); X509 *ne_ssl_server_cert(ne_session *req); #endif ### TODO: utility functions int ne_version_pre_http11(ne_session *sess); const char *ne_get_server_hostport(ne_session *sess); const char *ne_get_scheme(ne_session *sess); void ne_fill_server_uri(ne_session *sess, ne_uri *uri); /* end of ne_session.h *****************************************/ /* ne_request.h */ ### DONE: request basics ne_request *ne_request_create(ne_session *sess, const char *method, const char *path); int ne_request_dispatch(ne_request *req); void ne_request_destroy(ne_request *req); ### DONE: request status const ne_status *ne_get_status(ne_request *req); ### TODO: request bodies void ne_set_request_body_buffer(ne_request *req, const char *buf, size_t count); int ne_set_request_body_fd(ne_request *req, int fd, size_t count); typedef ssize_t (*ne_provide_body)(void *userdata, char *buffer, size_t buflen); void ne_set_request_body_provider(ne_request *req, size_t size, ne_provide_body provider, void *userdata); ### TODO: response bodies typedef int (*ne_accept_response)(void *userdata, ne_request *req, ne_status *st); int ne_accept_2xx(void *userdata, ne_request *req, ne_status *st); int ne_accept_always(void *userdata, ne_request *req, ne_status *st); void ne_add_response_body_reader(ne_request *req, ne_accept_response accpt, ne_block_reader reader, void *userdata); ### TODO: response headers typedef void (*ne_header_handler)(void *userdata, const char *value); void ne_add_response_header_handler(ne_request *req, const char *name, ne_header_handler hdl, void *userdata); void ne_add_response_header_catcher(ne_request *req, ne_header_handler hdl, void *userdata); void ne_duplicate_header(void *userdata, const char *value); void ne_handle_numeric_header(void *userdata, const char *value); ### DONE: request headers void ne_add_request_header(ne_request *req, const char *name, const char *value); void ne_print_request_header(ne_request *req, const char *name, const char *format, ...); ### TODO: misc ne_session *ne_get_session(ne_request *req); ### TODO: caller-pulls request interface int ne_begin_request(ne_request *req); int ne_end_request(ne_request *req); ssize_t ne_read_response_block(ne_request *req, char *buffer, size_t buflen); ### TODO: hooks typedef void (*ne_free_hooks)(void *cookie); typedef void (*ne_create_request_fn)(void *userdata, ne_request *req, const char *method, const char *path); void ne_hook_create_request(ne_session *sess, ne_create_request_fn fn, void *userdata); typedef void (*ne_pre_send_fn)(void *userdata, ne_buffer *header); void ne_hook_pre_send(ne_session *sess, ne_pre_send_fn fn, void *userdata); typedef int (*ne_post_send_fn)(void *userdata, const ne_status *status); void ne_hook_post_send(ne_session *sess, ne_post_send_fn fn, void *userdata); typedef void (*ne_destroy_fn)(void *userdata); void ne_hook_destroy_request(ne_session *sess, ne_destroy_fn fn, void *userdata); void ne_hook_destroy_session(ne_session *sess, ne_destroy_fn fn, void *userdata); typedef void *(*ne_accessor_fn)(void *userdata); void ne_hook_session_accessor(ne_session *sess, const char *id, ne_accessor_fn, void *userdata); void ne_hook_request_accessor(ne_request *req, const char *id, ne_accessor_fn, void *userdata); void *ne_null_accessor(void *userdata); void *ne_session_hook_private(ne_session *sess, const char *id); void *ne_request_hook_private(ne_request *req, const char *id); /* ne_207.h */ /* ne_acl.h */ /* DONE: ne_alloc.h */ /* DONE: ne_auth.h */ /* ne_basic.h */ /* ne_compress.h */ /* ne_cookies.h */ /* ne_dates.h */ /* ne_locks.h */ /* ne_props.h */ /* ne_redirect.h */ /* ne_socket.h */ /* MOSTLY DONE: ne_string.h */ /* ne_uri.h */ /* ne_utils.h */ /* ne_xml.h */ neon-0.32.2/doc/biblio.xml000066400000000000000000000057601416727304000153000ustar00rootroot00000000000000 SSL-and-TLS <ulink url="http://www.rtfm.com/sslbook/">SSL and TLS: Designing and Building Secure Systems</ulink> EricRescorla 0-201-62598-3 Addison-Wesley March 2001 REC-XML-names World Wide Web Consortium <ulink url="http://www.w3.org/TR/REC-xml-names">Namespaces in XML</ulink> January 1999 RFC2616 <ulink url="http://www.ietf.org/rfc/rfc2616.txt">Hypertext Transfer Protocol—HTTP/1.1</ulink> RoyFielding JimGettys JeffMogul HenrikFrystyk LarryMasinter PaulLeach TimBerners-Lee IETF June 1999 RFC2518 <ulink url="http://www.ietf.org/rfc/rfc2518.txt">HTTP Extensions for Distributed Authoring—WEBDAV</ulink> YaronGoland JimWhitehead AsadFaizi SteveCarter DelJensen IETF February 1999 RFC3280 <ulink url="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</ulink> RusselHousley WarwickFord TimPolk DavidSolo IETF April 2002 neon-0.32.2/doc/feat.xml000066400000000000000000000061751416727304000147600ustar00rootroot00000000000000 Feature list The major features of the neon library are as follows: A high-level interface to common HTTP and WebDAV methods. This allows you to easily dispatch a GET or a MKCOL request against a resource with a single function call. A low-level interface for HTTP request handling; allowing you to implement requests using arbitrary methods and request headers, capture arbitrary response headers, and so on. Persistent connection support; neon groups a set of requests to a server into a "session"; requests within that session can use a persistent (also known as "keep-alive") connection. Modern HTTP authentication support: a complete implementation of the new authentication standard, RFC2617, supporting the Digest, Basic, and Negotiate protocols. Credentials are supplied by an application-defined callback as appropriate. Proxy server support; a session can be set to use a proxy server. Authentication is supported for the Proxy as well as the origin server. The system's proxy configuration can be optionally used, on some platforms. Complete SSL support; a simple interface for enabling SSL, hiding the complexity of using an SSL library directly. Client certificate support, callback-based server certificate verification, along with functions to load trusted CA certificates. Smartcard-based client certs are also supported via a wrapper interface for PKCS#11 modules. Compressed response support: responses compressed using the "deflate" algorithm can be transparently decompressed. Generic XML parsing interface for handling XML response bodies using SAX-like callbacks. Both the expat and libxml XML parser libraries are supported. WebDAV metadata support; set and remove properties, query properties (PROPFIND); simple interface for retrieving "flat" byte-string properties, more advanced support for parsing "complex" structured XML properties. Build environment support: the neon source tree is designed so that it can be embedded in your application's build tree; autoconf macros are supplied for integration. To get started quickly a script is included, to easily determine how to compile and link against an installed copy of neon Complete test suite: the neon test suite comprises half as many lines of source code as the library itself, including many tests for protocol compliance in network behaviour, and that the library implementation meets the guarantees made by the API. neon-0.32.2/doc/html.xsl000066400000000000000000000046031416727304000150050ustar00rootroot00000000000000 ../manual.css programlisting
neon-0.32.2/doc/man.xsl000066400000000000000000000015721416727304000146160ustar00rootroot00000000000000 neon-0.32.2/doc/manual.css000066400000000000000000000020631416727304000152760ustar00rootroot00000000000000 p, pre.funcsynopsisinfo { margin-left: 0.4em; margin-right: 0.4em; } span.term { margin-left: 0.6em; margin-bottom: 0.0em } div.legalnotice { font-size: 80%; margin-left: 2em; } a:visited { color: darkgreen; } div.navheader { border-top: 1px solid #bbf2bb; } div.navfooter { border-bottom: 1px solid #bbf2bb; } div.funcprototype { margin-top: 0.2em; margin-left: 0.4em; margin-bottom: 0.2em; } pre.programlisting, pre.screen { background-color: #dddddd; margin-left: 0.6em; margin-right: 1em; padding: 0.3em; width: 50em; } div.funcsynopsis, div.cmdsynopsis { background-color: #dddddd; margin-left: 0.4em; margin-right: 0.4em; padding: 0.1em; } div.warning { border: 1px solid #777777; } h1.title { border-bottom: thick solid #bbf2bb; padding-bottom: 0.1em; } div.toc { border-left: thick solid #bbf2bb; padding-left: 0.5em; } h2, h3 { padding-left: 0.2em; padding-top: -0.1em; } h2 { background-color: #bbf2bb; font-size: 110%; padding-bottom: 0.3em; padding-top: 0.2em; spacing-top: 0.1em; } h3 { border-bottom: 1px solid #bbf2bb; } neon-0.32.2/doc/manual.xml000066400000000000000000000160641416727304000153140ustar00rootroot00000000000000 %isoent; %isopub; NULL"> NUL"> start-element"> character-data"> end-element"> ]> neon HTTP/WebDAV client library JoeOrton neon@lists.manyfish.co.uk 2001-2021Joe Orton This document is free documentation; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This document is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Introduction This chapter provides an introduction to neon, giving an overview of the range of features offered, and some general guidelines for using the neon API. neon aims to provide a modern, flexible, and simple API in the C programming language for implementing HTTP and WebDAV support. The WebDAV functionality is entirely separate from the basic HTTP functionality; neon can be used simply as an HTTP client library, ignoring the WebDAV support if desired. §ion.features; §ion.using; §ion.security; The &neon; C language interface The documentation for the &neon; interface is split between this chapter, which gives a broad introduction to the abstractions exposed by the library, and , which gives a function-by-function breakdown of the interface. §ion.xml; neon API reference &date; neon &version; neon API reference &refneon; &refconfig; &refresolve; &refbuf; &refbufapp; &refbufutil; &refbufcr; &refbufdest; &refhash; &refparam; &referr; &refgetst; &reffeat; &refi18n; &refiaddr; &refalloc; &refsess; &refproxy; &refsessflags; &refreq; &refreqhdr; &refresphdr; &refopts; &refreqflags; &refreqbody; &refauth; &refshave; &refinit; &refsslcert; &refsslcert2; &refsslcertio; &refssldname; &refssltrust; &refsslvfy; &refclicert; &refstatus; &reftok; &refvers; &refxml; &biblio; neon-0.32.2/doc/parsing-xml.txt000066400000000000000000000127371416727304000163220ustar00rootroot00000000000000 Requirements for XML parsing in neon ------------------------------------ Before describing the interface given in neon for parsing XML, here are the requirements which it must satisfy: 1. to support using either libxml or expat as the underlying parser 2. to allow "independent" sections to handle parsing one XML document 3. to map element namespaces/names to an integer for easier comparison. A description of requirement (2) is useful since it is the "hard" requirement, and adds most of the complexity of interface: WebDAV PROPFIND responses are made up of a large boilerplate XML ... etc. neon should handle the parsing of these standard elements, and expose the meaning of the response using a convenient interface. But, within the elements, there may also be fragments of XML: neon can never know how to parse these, since they are property- and hence application-specific. The simplest example of this is the DAV:resourcetype property. So there is requirement (2) that two "independent" sections of code can handle the parsing of one XML document. Callback-based XML parsing -------------------------- There are two ways of parsing XML documents commonly used: 1. Build an in-memory tree of the document 2. Use callbacks Where practical, using callbacks is more efficient than building a tree, so this is what neon uses. The standard interface for callback-based XML parsing is called SAX, so understanding the SAX interface is useful to understanding the XML parsing interface provided by neon. The SAX interface works by registering callbacks which are called *as the XML is parsed*. The most important callbacks are for 'start element' and 'end element'. For instance, if the XML document below is parsed by a SAX-like interface: Say we have registered callbacks "startelm" for 'start element' and "endelm" for 'end element'. Simplified somewhat, the callbacks will be called in this order, with these arguments: 1. startelm("hello") 2. startelm("foobar") 3. endelm("foobar") 4. endelm("hello") See the expat 'xmlparse.h' header for a more complete definition of a SAX-like interface. The hip_xml interface --------------------- The hip_xml interface satisfies requirement (2) by introducing the "handler" concept. A handler is made up of these things: - a set of XML elements - a callback to validate an element - a callback which is called when an element is opened - a callback which is called when an element is closed - (optionally, a callback which is called for CDATA) Registering a handler essentially says: "If you encounter any of this set of elements, I want these callbacks to be called." Handlers are kept in a STACK inside hip_xml. The first handler registered becomes the BASE of the stack, subsequent handlers are PUSHed on top. During XML parsing, the handler which is used for an XML element is recorded. When a new element is started, the search for a handler for this element begins at the handler used for the parent element, and carries on up the stack. For the root element, the search always starts at the BASE of the stack. A user's guide to hip_xml ------------------------- The first thing to do when using hip_xml is to know what set of XML elements you are going to be parsing. This can usually be done by looking at the DTD provided for the documents you are going to be parsing. The DTD is also very useful in writing the 'validate' callback function, since it can tell you what parent/child pairs are valid, and which aren't. In this example, we'll parse XML documents which look like: foo bar So, given the set of elements, declare the element id's and the element array: #define ELM_listofthings (HIP_ELM_UNUSED) #define ELM_a_thing (HIP_ELM_UNUSED + 1) const static struct my_elms[] = { { "http://things.org/", "list-of-things", ELM_listofthings, 0 }, { "http://things.org/", "a-thing", ELM_a_thing, HIP_XML_CDATA }, { NULL } }; This declares we know about two elements: list-of-things, and a-thing, and that the 'a-thing' element contains character data. The definition of the validation callback is very simple: static int validate(hip_xml_elmid parent, hip_xml_elmid child) { /* Only allow 'list-of-things' as the root element. */ if (parent == HIP_ELM_root && child == ELM_listofthings || parent = ELM_listofthings && child == ELM_a_thing) { return HIP_XML_VALID; } else { return HIP_XML_INVALID; } } For this example, we can ignore the start-element callback, and just use the end-element callback: static int endelm(void *userdata, const struct hip_xml_elm *s, const char *cdata) { printf("Got a thing: %s\n", cdata); return 0; } This endelm callback just prints the cdata which was contained in the "a-thing" element. Now, on to parsing. A new parser object is created for parsing each XML document. Creating a new parser object is as simple as: hip_xml_parser *parser; parser = hip_xml_create(); Next register the handler, passing NULL as the start-element callback, and also as userdata, which we don't use here. hip_xml_push_handler(parser, my_elms, validate, NULL, endelm, NULL); Finally, call hip_xml_parse, passing the chunks of XML document to the hip_xml as you get them. The output should be: Got a thing: foo Got a thing: bar for the XML document. neon-0.32.2/doc/ref/000077500000000000000000000000001416727304000140625ustar00rootroot00000000000000neon-0.32.2/doc/ref/alloc.xml000066400000000000000000000053101416727304000156750ustar00rootroot00000000000000 ne_malloc 3 ne_malloc ne_calloc ne_realloc ne_strdup ne_strndup ne_oom_callback memory allocation wrappers #include <ne_alloc.h> void *ne_malloc size_t size void *ne_calloc size_t size void *ne_realloc void *size size_t len char *ne_strdup const char *s char *ne_strndup const char *s size_t size void ne_oom_callback void (*callback)(void) Description The functions ne_malloc, ne_calloc, ne_realloc, ne_strdup and ne_strdnup provide wrappers for the equivalent functions in the standard C library. The wrappers provide the extra guarantee that if the C library equivalent returns &null; when no memory is available, an optional callback will be called, and the library will then call abort(). ne_oom_callback registers a callback which will be invoked if an out of memory error is detected. Notes If the operating system uses optimistic memory allocation, the C library memory allocation routines will not return &null;, so it is not possible to gracefully handle memory allocation failures. neon-0.32.2/doc/ref/auth.xml000066400000000000000000000073231416727304000155520ustar00rootroot00000000000000 ne_set_server_auth 3 ne_set_server_auth ne_set_proxy_auth ne_forget_auth register authentication callbacks #include <ne_auth.h> typedef int (*ne_auth_creds) void *userdata const char *realm int attempt char *username char *password void ne_set_server_auth ne_session *session ne_auth_creds callback void *userdata void ne_set_proxy_auth ne_session *session ne_auth_creds callback void *userdata void ne_forget_auth ne_session *session Description The ne_auth_creds function type defines a callback which is invoked when a server or proxy server requires user authentication for a particular request. The realm string is supplied by the server. The attempt is a counter giving the number of times the request has been retried with different authentication credentials. The first time the callback is invoked for a particular request, attempt will be zero. To retry the request using new authentication credentials, the callback should return zero, and the username and password buffers must contain &nul;-terminated strings. The NE_ABUFSIZ constant gives the size of these buffers. If you only wish to allow the user one attempt to enter credentials, use the value of the attempt parameter as the return value of the callback. To abort the request, the callback should return a non-zero value; in which case the contents of the username and password buffers are ignored. The ne_forget_auth function can be used to discard the cached authentication credentials. Examples /* Function which prompts for a line of user input: */ extern char *prompt_for(const char *prompt); static int my_auth(void *userdata, const char *realm, int attempts, char *username, char *password) { strncpy(username, prompt_for("Username: "), NE_ABUFSIZ); strncpy(password, prompt_for("Password: "), NE_ABUFSIZ); return attempts; } int main(...) { &egsess; ne_set_server_auth(sess, my_auth, NULL); /* ... */ } neon-0.32.2/doc/ref/buf.xml000066400000000000000000000032771416727304000153710ustar00rootroot00000000000000 ne_buffer 3 ne_buffer string buffer handling #include <ne_string.h> typedef struct { char *data; size_t used; size_t length; } ne_buffer; Description The ne_buffer type represents an expandable memory buffer for holding &nul;-terminated strings. The data field points to the beginning of the string, the length of which is given by the used field. The current size of memory allocated is given by the length field. It is not recommended that the fields of a buffer are manipulated directly. The data pointer may change when the buffer is modified. A buffer is created using or , and destroyed using or . The functions , and are used to append data to a buffer. If the string referenced by the data pointer is modified directly (rather than using one of the functions listed above), ne_buffer_altered must be called. neon-0.32.2/doc/ref/bufapp.xml000066400000000000000000000056441416727304000160720ustar00rootroot00000000000000 ne_buffer_append 3 ne_buffer_append ne_buffer_zappend ne_buffer_concat append data to a string buffer #include <ne_string.h> void ne_buffer_append ne_buffer *buf const char *string size_t len void ne_buffer_zappend ne_buffer *buf const char *string void ne_buffer_concat ne_buffer *buf const char *str ... Description The ne_buffer_append and ne_buffer_zappend functions append a string to the end of a buffer; extending the buffer as necessary. The len passed to ne_buffer_append specifies the length of the string to append; there must be no &nul; terminator in the first len bytes of the string. ne_buffer_zappend must be passed a &nul;-terminated string. The ne_buffer_concat function takes a variable-length argument list following str; each argument must be a char * pointer to a &nul;-terminated string. A &null; pointer must be given as the last argument to mark the end of the list. The strings (including str) are appended to the buffer in the order given. None of the strings passed to ne_buffer_concat are modified. Examples The following code will output "Hello, world. And goodbye.". ne_buffer *buf = ne_buffer_create(); ne_buffer_zappend(buf, "Hello"); ne_buffer_concat(buf, ", world. ", "And ", "goodbye.", NULL); puts(buf->data); ne_buffer_destroy(buf); See also , , neon-0.32.2/doc/ref/bufcr.xml000066400000000000000000000027551416727304000157160ustar00rootroot00000000000000 ne_buffer_create 3 ne_buffer_create ne_buffer_ncreate create a string buffer #include <ne_alloc.h> ne_buffer *ne_buffer_create ne_buffer *ne_buffer_ncreate size_t size Description ne_buffer_create creates a new buffer object, with an implementation-defined initial size. ne_buffer_ncreate creates an ne_buffer where the minimum initial size is given in the size parameter. The buffer created will contain the empty string (""). Return value Both functions return a pointer to a new buffer object, and never &null;. See also neon-0.32.2/doc/ref/bufdest.xml000066400000000000000000000042211416727304000162370ustar00rootroot00000000000000 ne_buffer_destroy 3 ne_buffer_destroy ne_buffer_finish destroy a buffer object #include <ne_string.h> void ne_buffer_destroy ne_buffer *buf char *ne_buffer_finish ne_buffer *buf Description ne_buffer_destroy frees all memory associated with the buffer. ne_buffer_finish frees the buffer structure, but not the actual string stored in the buffer, which is returned and must be free()d by the caller. Any use of the buffer object after calling either of these functions gives undefined behaviour. Return value ne_buffer_finish returns the malloc-allocated string stored in the buffer. Examples An example use of ne_buffer_finish; the duplicate function returns a string made up of n copies of str: static char *duplicate(int n, const char *str) { ne_buffer *buf = ne_buffer_create(); while (n--) { ne_buffer_zappend(buf, str); } return ne_buffer_finish(buf); } See also , , neon-0.32.2/doc/ref/bufutil.xml000066400000000000000000000037061416727304000162640ustar00rootroot00000000000000 ne_buffer_clear 3 ne_buffer_clear ne_buffer_grow ne_buffer_altered clear, grow, or mark as altered a string buffer #include <ne_string.h> void ne_buffer_clear ne_buffer *buf void ne_buffer_altered ne_buffer *buf void ne_buffer_grow ne_buffer *buf size_t size Description The ne_buffer_clear function sets the string stored in buf to be the empty string (""). The ne_buffer_altered function must be used after the string stored in the buffer buf is modified by directly rather than using , or . The ne_buffer_grow function ensures that at least size bytes are allocated for the string; this can be used if a large amount of data is going to be appended to the buffer and may result in more efficient memory allocation. neon-0.32.2/doc/ref/clicert.xml000066400000000000000000000130401416727304000162270ustar00rootroot00000000000000 ne_ssl_client_cert 3 ne_ssl_clicert_read ne_ssl_clicert_name ne_ssl_clicert_encrypted ne_ssl_clicert_decrypt ne_ssl_clicert_owner ne_ssl_clicert_free SSL client certificate handling #include <ne_ssl.h> ne_ssl_client_cert *ne_ssl_clicert_read const char *filename const char *ne_ssl_clicert_name const ne_ssl_client_cert *ccert int ne_ssl_clicert_encrypted const ne_ssl_client_cert *ccert int ne_ssl_clicert_decrypt ne_ssl_client_cert *ccert const char *password const ne_ssl_certificate *ne_ssl_clicert_owner const ne_ssl_client_cert *ccert void ne_ssl_clicert_free ne_ssl_client_cert *ccert Description The ne_ssl_clicert_read function reads a client certificate from a PKCS#12-formatted file, and returns an ne_ssl_client_cert object. If the client certificate is encrypted, it must be decrypted before it is used. An ne_ssl_client_cert object holds a client certificate and the associated private key, not just a certificate; the term "client certificate" will used to refer to this pair. A client certificate can be in one of two states: encrypted or decrypted. The ne_ssl_clicert_encrypted function will return non-zero if the client certificate is in the encrypted state. A client certificate object returned by ne_ssl_clicert_read may be initially in either state, depending on whether the file was encrypted or not. ne_ssl_clicert_decrypt can be used to decrypt a client certificate using the appropriate password. This function must only be called if the object is in the encrypted state; if decryption fails, the certificate state does not change, so decryption can be attempted more than once using different passwords. A client certificate can be given a "friendly name" when it is created; ne_ssl_clicert_name will return this name (or &null; if no friendly name was specified). ne_ssl_clicert_name can be used when the client certificate is in either the encrypted or decrypted state, and will return the same string for the lifetime of the object. The function ne_ssl_clicert_owner returns the certificate part of the client certificate; it must only be called if the client certificate is in the decrypted state. When the client certificate is no longer needed, the ne_ssl_clicert_free function should be used to destroy the object. Return value ne_ssl_clicert_read returns a client certificate object, or &null; if the file could not be read. ne_ssl_clicert_encrypted returns zero if the object is in the decrypted state, or non-zero if it is in the encrypted state. ne_ssl_clicert_name returns a &nul;-terminated friendly name string, or &null;. ne_ssl_clicert_owner returns a certificate object. Examples The following code reads a client certificate and decrypts it if necessary, then loads it into an HTTP session. ne_ssl_client_cert *ccert; ccert = ne_ssl_clicert_read("/path/to/client.p12"); if (ccert == NULL) { /* handle error... */ } else if (ne_ssl_clicert_encrypted(ccert)) { char *password = prompt_for_password(); if (ne_ssl_clicert_decrypt(ccert, password)) { /* could not decrypt! handle error... */ } } ne_ssl_set_clicert(sess, ccert); See also neon-0.32.2/doc/ref/config.xml000066400000000000000000000073071416727304000160600ustar00rootroot00000000000000 neon neon-config 1 neon-config script providing information about installed copy of neon library neon-config feature Description The neon-config script provides information about an installed copy of the neon library. The and options instruct how to compile and link an application against the library; the and options can help determine whether the library meets the applications requirements. Options Print the flags which should be passed to the C compiler when compiling object files, when the object files use neon header files. Print the flags which should be passed to the linker when linking an application which uses the neon library Print the location of the libtool library script, libneon.la, which can be used to link against &neon; by applications using libtool. Print the version of the library dir If dir is given; relocate output of and as if neon was installed in given prefix directory. Otherwise, print the installation prefix of the library. feature The script exits with success if feature is supported by the library. Print help message; includes list of known features and whether they are supported or not. Example Below is a Makefile fragment which could be used to build an application against an installed neon library, when the neon-config script can be found in $PATH. CFLAGS = `neon-config --cflags` LIBS = `neon-config --libs` OBJECTS = myapp.o TARGET = myapp $(TARGET): $(OBJECTS) $(CC) $(LDFLAGS) -o $(TARGET) $(OBJECTS) $(LIBS) myapp.o: myapp.c $(CC) $(CFLAGS) -c myapp.c -o myapp.o neon-0.32.2/doc/ref/err.xml000066400000000000000000000047111416727304000153770ustar00rootroot00000000000000 ne_get_error 3 ne_get_error ne_set_error error handling for HTTP sessions #include <ne_session.h> const char *ne_get_error ne_sesssion *session void ne_set_error ne_sesssion *session const char *format ... Description The session error string is used to store any human-readable error information associated with any errors which occur whilst using the HTTP session. The ne_get_error function returns the current session error string. This string persists only until it is changed by a subsequent operation on the session. If localisation was enabled at build time, and if necessary enabled at run-time if necessary using , the returned string may have been translated into the user's current locale. The ne_set_error function can be used to set a new session error string, using a printf-style format string interface. Return value ne_set_error returns a constant &nul;-terminated string. In the default English locale, the returned string will not have a terminating . period character. Examples Retrieve the current error string: &egsess; ... printf("Error was: %s\n", ne_get_error(sess)); Set a new error string: &egsess; ... ne_set_error(sess, "Response missing header %s", "somestring"); neon-0.32.2/doc/ref/feat.xml000066400000000000000000000050501416727304000155230ustar00rootroot00000000000000 ne_has_support 3 ne_has_support determine feature support status #include <ne_utils.h> int ne_has_support int feature Description The ne_has_support function can be used to determine whether a particular optional feature, given by the feature code feature, is supported. The following feature codes are available: NE_FEATURE_SSL Indicates support for SSL/TLS NE_FEATURE_ZLIB Indicates support for compressed responses NE_FEATURE_IPV6 Indicates support for IPv6 NE_FEATURE_LFS Indicates support for large files NE_FEATURE_SOCKS Indicates support for SOCKSv5 NE_FEATURE_TS_SSL Indicates support for thread-safe SSL initialization — see Return value ne_has_support returns non-zero if the given feature is supported, or zero otherwise. See also , neon-0.32.2/doc/ref/getst.xml000066400000000000000000000033161416727304000157350ustar00rootroot00000000000000 ne_get_status 3 ne_get_status retrieve HTTP response status for request #include <ne_request.h> const ne_status *ne_get_status const ne_request *request Description The ne_get_status function returns a pointer to the HTTP status object giving the result of a request. The object returned only becomes valid once the request has been successfully dispatched (the return value of ne_request_dispatch or ne_begin_request was zero). The object remains valid until the associated request object is destroyed. See also , Example Display the response status code of applying the HEAD method to some resource. ne_request *req = ne_request_create(sess, "HEAD", "/foo/bar"); if (ne_request_dispatch(req)) /* handle errors... */ else printf("Response status code was %d\n", ne_get_status(req)->code); ne_request_destroy(req); neon-0.32.2/doc/ref/hash.xml000066400000000000000000000071201416727304000155270ustar00rootroot00000000000000 ne_strhash 3 ne_strhash ne_vstrhash string hash interface #include <ne_string.h> char *ne_strhash unsigned int flags ... char *ne_vstrhash unsigned int flags va_list ap Description The ne_strhash and ne_vstrhash functions can be used to create hashes. The varargs argument list must be const char * strings followed by a &null; terminator. The flags argument must select exactly one hash algorithm from the list below, which can be optionally bitwise-ORed with one of the formatting option. The hash is calculated for the concatenation of the argument list, without separators. Hash algorithms The following hash algorithms are available: NE_HASH_MD5 MD5 NE_HASH_SHA256 SHA-256 (SHA-2) NE_HASH_SHA512 SHA-512 (SHA-2) NE_HASH_SHA256_256 SHA-512/256 (SHA-2) Formatting options By default, the hash is returned as a hexadecimal lower-case character string. The following formatting options are available: NE_HASH_COLON colon-separated hex pairs, e.g. "aa:11:22..." NE_HASH_SPACE space-separated hex pairs, e.g. "aa 11 22..." Return value The return value is the ASCII hexadecimal representation of the hash as a malloc-allocated, NUL-terminated string, or &null; if the hash cannot be created. The string length is determined by the hash algorithm (and formatting options used). Support for hash algorithms is specific to the SSL toolkit with which &neon; is compiled. Some systems will further restrict hash availability at runtime, e.g. due to FIPS mode. neon-0.32.2/doc/ref/i18n.xml000066400000000000000000000042741416727304000153720ustar00rootroot00000000000000 ne_i18n_init 3 ne_i18n_init functions to initialize internationalization support #include <ne_i18n.h> void ne_i18n_init const char *encoding Description The ne_i18n_init function can be used to enable support for translated messages in the &neon; library. The encoding parameter, if non-&null;, specifies the character encoding required for generated translated string. If it is &null;, the appropriate character encoding for the process locale will be used. This call is only strictly necessary if either: &neon; has been installed into a different prefix than the gettext implementation on which it depends for i18n purposes, or the caller requires that translated messages are in a particular character encoding. If ne_i18n_init is never called, the message catalogs will not be found if case (a) applies (and so English error messages will be used), and will use the default character encoding specified by the process locale. The library will otherwise operate correctly. Note that the encoding used is a process-global setting and so results may be unexpected if other users of &neon; within the process call ne_i18n_init with a different encoding parameter. See also neon-0.32.2/doc/ref/iaddr.xml000066400000000000000000000147401416727304000156750ustar00rootroot00000000000000 ne_iaddr_make 3 ne_iaddr_make ne_iaddr_cmp ne_iaddr_print ne_iaddr_typeof ne_iaddr_parse ne_iaddr_raw ne_iaddr_reverse ne_iaddr_free functions to manipulate network addresses #include <ne_socket.h> typedef enum { ne_iaddr_ipv4 = 0, ne_iaddr_ipv6 } ne_iaddr_type; ne_inet_addr *ne_iaddr_make ne_iaddr_type type const unsigned char *raw int ne_iaddr_cmp const ne_inet_addr *ia1 const ne_inet_addr *ia2 char *ne_iaddr_print const ne_inet_addr *ia char *buffer size_t bufsiz ne_iaddr_type ne_iaddr_typeof const ne_inet_addr *ia ne_inet_addr *ne_iaddr_parse const char *address ne_iaddr_type type unsigned char *ne_iaddr_raw const ne_inet_addr *ia unsigned char *buffer int ne_iaddr_reverse const ne_inet_addr *ia char *buffer size_t buflen void ne_iaddr_free const ne_inet_addr *ia Description ne_iaddr_make creates an ne_inet_addr object from a raw binary network address; for instance the four bytes 0x7f 0x00 0x00 0x01 represent the IPv4 address 127.0.0.1. The object returned is suitable for passing to ne_sock_connect. A binary IPv4 address contains four bytes; a binary IPv6 address contains sixteen bytes; addresses passed must be in network byte order. ne_iaddr_cmp compares two network address objects; returning zero only if they are identical. The objects need not have the same address type; if the addresses are not of the same type, the return value is guaranteed to be non-zero. ne_iaddr_print prints a human-readable string representation of a network address into a buffer, for instance the string "127.0.0.1". ne_iaddr_typeof returns the type of the given network address object. ne_iaddr_parse parses a string representation of a network address (such as "127.0.0.1" and creates a network address object to represent the parsed address. ne_iaddr_raw writes the raw byte representation of a network address to the provided buffer. The bytes are written in network byte order; the buffer must be of suitable length for the type of address (4 bytes for an IPv4 address, 16 bytes for an IPv6 address). ne_iaddr_reverse performs a reverse name lookup on the address object, writing the (first) hostname associated with the IP address to the provided buffer. If the hostname is longer than the buffer it will be silently truncated; on success the string written to the buffer is always &nul;-terminated. ne_iaddr_free releases the memory associated with a network address object. Return value ne_iaddr_make returns &null; if the address type passed is not supported (for instance on a platform which does not support IPv6). ne_iaddr_print returns the buffer pointer, and never &null;. ne_iaddr_parse returns a network address object on success, or &null; on failure to parse the address parameter. ne_iaddr_reverse returns zero on success or non-zero if no hostname is associated with the address. ne_iaddr_raw returns the buffer parameter, and never &null;. Examples The following example connects a socket to port 80 at the address 127.0.0.1. unsigned char addr[] = "\0x7f\0x00\0x00\0x01"; ne_inet_addr *ia; ia = ne_iaddr_make(ne_iaddr_ipv4, addr); if (ia != NULL) { ne_socket *sock = ne_sock_connect(ia, 80); ne_iaddr_free(ia); /* ... */ } else { /* ... */ } See also neon-0.32.2/doc/ref/init.xml000066400000000000000000000111611416727304000155470ustar00rootroot00000000000000 ne_sock_init 3 ne_sock_init ne_sock_exit perform library initialization #include <ne_socket.h> int ne_sock_init void ne_sock_exit Description In some platforms and configurations, &neon; may be using some socket or SSL libraries which require global initialization before use. To perform this initialization, the ne_sock_init function must be called before any other library functions are used. Once all use of &neon; is complete, ne_sock_exit can be called to perform de-initialization of socket or SSL libraries, if necessary. Uses of ne_sock_init and ne_sock_exit are "reference counted"; if N calls to ne_sock_init are made, only the Nth call to ne_sock_exit will have effect. ne_sock_init will set the disposition of the SIGPIPE signal to ignored. No change is made to the SIGPIPE disposition by ne_sock_exit. Both the SSL libraries supported by &neon; — OpenSSL and GnuTLS — require callbacks to be registered to allow thread-safe use of SSL. These callbacks are stored as global variables and so their state persists for as long as the library in question is loaded into the process. If multiple users of the SSL library exist within the process, this can be problematic, particularly if one is dynamically loaded (and may subsequently be unloaded). If &neon; is configured using the --enable-threadsafe-ssl flag, thread-safe SSL support will be enabled automatically, as covered in the following section. Otherwise, it is not safe to use &neon; with SSL in a multi-threaded process. The function can be used to determine whether &neon; is built to enable thread-safety support in the SSL library. Thread-safe SSL with OpenSSL &neon; follows two simple rules when dealing with the OpenSSL locking callbacks: ne_sock_init will set thread-safety locking callbacks if and only if no locking callbacks are already registered. ne_sock_exit will unset the thread-safety locking callbacks if and only if the locking callbacks registered are those registered by ne_sock_init. Applications and libraries should be able to co-operate to ensure that SSL use is always thread-safe if similar rules are always followed. Thread-safe SSL with GnuTLS The cryptography library used by GnuTLS, libgcrypt, only supports an initialization operation to register thread-safety callbacks. ne_sock_init will register the thread-safe locking callbacks on first use; ne_sock_exit cannot unregister them. If multiple users of GnuTLS are present within the process, it is unsafe to dynamically unload &neon; from the process if &neon; is configured with thread-safe SSL support enabled (since the callbacks would be left pointing at unmapped memory once &neon; is unloaded). Return value ne_sock_init returns zero on success, or non-zero on error. If an error occurs, no further use of the &neon; library should be attempted. See also , neon-0.32.2/doc/ref/neon.xml000066400000000000000000000243501416727304000155470ustar00rootroot00000000000000 neon 3 neon HTTP and WebDAV client library Description neon is an HTTP and WebDAV client library. The major abstractions exposed are the HTTP session, created by ; and the HTTP request, created by . HTTP authentication is handled transparently for server and proxy servers, see ; complete SSL/TLS support is also included, see . Conventions Some conventions are used throughout the neon API, to provide a consistent and simple interface; these are documented below. Thread-safeness and global initialization &neon; itself is implemented to be thread-safe (avoiding any use of global state), but relies on the operating system providing a thread-safe resolver interface. Modern operating systems offer the thread-safe getaddrinfo interface, which &neon; supports; some others implement gethostbyname using thread-local storage. To allow thread-safe use of SSL in the OpenSSL and GnuTLS libraries &neon; must be configured using the --enable-threadsafe-ssl; if this is done, locking callbacks will be registered by ; note that care must be exercised if &neon; is used in conjunction with another library which uses OpenSSL or GnuTLS. Some platforms and libraries used by &neon; require global initialization before use; notably: The SIGPIPE signal disposition must be set to ignored or otherwise handled to avoid process termination when writing to a socket which has been shutdown by the peer. OpenSSL and GnuTLS require global initialization to load shared lookup tables. The Win32 socket library requires initialization before use. The function should be called before any other use of &neon; to perform any necessary initialization needed for the particular platform. Applications wishing to perform all the necessary process-global initialization steps themselves may omit to call (and ); &neon; neither checks whether these functions are called nor calls them itself. For some applications and configurations it may be necessary to call to initialize the support for internationalization in &neon;. Asynchronous signal safety No function in &neon; is defined to be async-signal safe - that is, no function is safe to call from a signal handler. Any call into the &neon; library from a signal handler will have undefined behaviour - in other words, it may crash the process. Functions using global state Any function in &neon; may modify the errno global variable as a side-effect. Except where explicitly documented, the value of errno is unspecified after any &neon; function call. Other than in the use of errno, the only functions which use or modify process-global state in &neon; are as follows: , , and , as described above ne_debug_init and ne_debug, if enabled at compile time; for debugging output for installing a process-global callback to be invoked on malloc failure Namespaces To avoid possible collisions between names used for symbols and preprocessor macros by an application and the libraries it uses, it is good practice for each library to reserve a particular namespace prefix. An application which ensures it uses no names with these prefixes is then guaranteed to avoid such collisions. The &neon; library reserves the use of the namespace prefixes ne_ and NE_. The libraries used by &neon; may also reserve certain namespaces; collisions between these libraries and a &neon;-based application will not be detected at compile time, since the underlying library interfaces are not exposed through the &neon; header files. Such collisions can only be detected at link time, when the linker attempts to resolve symbols. The following list documents some of the namespaces claimed by libraries used by &neon;; this list may be incomplete. SSL, ssl, TLS, tls, ERR_, BIO_, d2i_, i2d_, ASN1_ Some of the many prefixes used by the OpenSSL library; little attempt has been made to keep exported symbols within any particular prefixes for this library. gnutls_, gcry_, gpg_ Namespaces used by the GnuTLS library (and dependencies thereof) XML_, Xml[A-Z] Namespaces used by the expat library. xml[A-Z], html[A-Z], docb[A-Z] Namespaces used by the libxml2 library; a relatively small number of symbols are used without these prefixes. inflate, deflate, crc32, compress, uncompress, adler32, zlib Namespaces used by the zlib library; a relatively small number of symbols are used without these prefixes. krb5, gss, GSS, asn1, decode_krb5, encode_krb5, profile, mit Some of the prefixes used by the MIT GSSAPI library and dependencies thereof; a number of symbols lie outside these prefixes. pakchois_ Namespace used by the pakchois library. px_ Namespace used by the libproxy library. Argument validation &neon; does not attempt to validate that the parameters passed to functions conform to the API (for instance, checking that pointer arguments are not &null;). Any use of the &neon; API which is not documented to produce a certain behaviour results is said to produce undefined behaviour; it is likely that &neon; will segfault under these conditions. URI paths, WebDAV metadata The path strings passed to any function must be URI-encoded by the application; &neon; never performs any URI encoding or decoding internally. WebDAV property names and values must be valid UTF-8 encoded Unicode strings. User interaction As a pure library interface, &neon; will never produce output on stdout or stderr; all user interaction is the responsibility of the application. Memory handling neon does not attempt to cope gracefully with an out-of-memory situation; instead, by default, the abort function is called to immediately terminate the process. An application may register a custom function which will be called before abort in such a situation; see . Callbacks and userdata Whenever a callback is registered, a userdata pointer is also used to allow the application to associate a context with the callback. The userdata is of type void *, allowing any pointer to be used. Large File Support Since version 0.27.0, &neon; transparently uses the "LFS transitional" interfaces in functions which use file descriptors. This allows use of files larger than 2GiB on platforms with a native 32-bit off_t type, where LFS support is available. Some &neon; interfaces use the ne_off_t type, which is defined to be either off_t or off64_t according to whether LFS support is detected at build time. &neon; does not use or require the -D_FILE_OFFSET_BITS=64 macro definition. See also , , neon-0.32.2/doc/ref/opts.xml000066400000000000000000000100161416727304000155670ustar00rootroot00000000000000 ne_set_useragent 3 ne_set_useragent ne_set_read_timeout ne_set_connect_timeout ne_get_scheme ne_get_server_hostport common properties for HTTP sessions #include <ne_session.h> void ne_set_useragent ne_session *session const char *product void ne_set_read_timeout ne_session *session int timeout void ne_set_connect_timeout ne_session *session int timeout const char *ne_get_scheme ne_sesssion *session const char *ne_get_server_hostport ne_sesssion *session Description The User-Agent request header is used to identify the software which generated the request for statistical or debugging purposes. neon does not send a User-Agent header unless a call is made to the ne_set_useragent. ne_set_useragent must be passed a product string conforming to RFC2616's product token grammar; of the form "Product/Version". When neon reads from a socket, by default the read operation will time out after 60 seconds, and the request will fail giving an NE_TIMEOUT error. To configure this timeout interval, call ne_set_read_timeout giving the desired number of seconds as the timeout parameter. When a connection is being established to a server, normally only the system's TCP timeout handling will apply. To configure a specific (and probably shorter) timeout, the ne_set_connect_timeout can be used, giving the desired number of seconds as the timeout parameter. If 0 is passed, then the default behaviour of using the system TCP timeout will be used. The scheme used to initially create the session will be returned by ne_get_scheme. The hostport pair with which the session is associated will be returned by the ne_get_server_hostport; for example www.example.com:8080. Note that the :port will be omitted if the default port for the scheme is used. Examples Set a user-agent string: &egsess; ne_set_useragent(sess, "MyApplication/2.1"); Set a 30 second read timeout: &egsess; ne_set_read_timeout(sess, 30); See also , . neon-0.32.2/doc/ref/param.xml000066400000000000000000000045361416727304000157140ustar00rootroot00000000000000 ne_strparam 3 ne_strparam HTTP extended parameter value encoding #include <ne_string.h> char *ne_strparam const char *charset const char *lang const char *value Description The ne_strparam function can be used to encode an extended parameter value for an HTTP header, as defined in RFC 5987. The function takes as arguments the value to encode, using a given MIME charset character set, and lang language tag. The extended parameter encoding is used in HTTP protocol specifications to allow easily embedding special characters (such as quote marks, separators or non-ASCII) in header values. In accordance with RFC 5987, the charset argument must be either "UTF-8" or "IS0-8859-1", but the lang argument may be &null;. Return value The return value is either: &null; if the value parameter is a "regular parameter" and does not need extended encoding non-&null; the encoding of the input value as an extended parameter as a NUL-terminated, malloc-allocated string See also neon-0.32.2/doc/ref/proxy.xml000066400000000000000000000154401416727304000157710ustar00rootroot00000000000000 ne_session_proxy 3 ne_session_proxy ne_session_socks_proxy ne_session_system_proxy ne_set_addrlist configure proxy servers #include <ne_session.h> void ne_session_proxy ne_session *session const char *hostname unsigned int port void ne_session_system_proxy ne_session *session unsigned int flags void ne_session_socks_proxy ne_session *session enum ne_sock_sversion version const char *hostname unsigned int port const char *username const char *password void ne_set_addrlist ne_session *session const ne_inet_addr **addrlist size_t count Description One (and no more than one) of the functions ne_session_proxy, ne_session_system_proxy, ne_session_socks_proxy, ne_set_addrlist can be used to configure a proxy server for a given session object. If more than one function is invoked for any given session object, only the last call has effect. If one of the functions is to be used, it must be used before the creation of any request object for the session. HTTP proxy specification The ne_session_proxy function configures use of an HTTP proxy server for the session, the location of which is given by the hostname and port parameters. If the proxy requires authentication, should be used. System proxy configuration The ne_session_system_proxy function configures the session to use any proxy servers specified by the system configuration. Support for this function is platform-specific; if unsupported, the function has no effect. SOCKS proxy configuration The ne_session_socks_proxy function configures the session to use a SOCKS proxy. The version indicates which version of the SOCKS protocol should be used. The hostname and port parameters specify the SOCKS proxy location. Note that a server with only an IPv6 address cannot be used with SOCKS v4 or v4A. The interpretation of the other arguments depends on the version specified: NE_SOCK_SOCKSV4 (version 4) The username parameter must be non-&null;; the password parameter is ignored. NE_SOCK_SOCKSV4A (version 4A) The username parameter must be non-&null;; the password parameter is ignored. NE_SOCK_SOCKSV5 (version 5) The username parameter may be &null;; if it is non-&null;, the password parameter must also be non-&null;; otherwise, it is ignored.. Origin server address override The ne_set_addrlist function forces use of an address and port the a specified list when establishing a TCP connection, ignoring the "real" hostname and port identifying the origin server for the session (as passed to ne_session_create). The origin server's "real" hostname and port will still be used in the Host header in HTTP requests. When a connection is required, the library will iterate through the addrlist list, attempting to connect to the address addrlist[0] through to addrlist[count-1] in turn, until a connection can be established. Return Values None of the functions described here has a return value. Examples Create and destroy a session: ne_session *sess; sess = ne_session_create("http", "host.example.com", 80); ne_session_proxy(sess, "proxy.example.com", 3128); /* ... use sess ... */ ne_session_destroy(sess); See Also , , , neon-0.32.2/doc/ref/req.xml000066400000000000000000000144121416727304000153750ustar00rootroot00000000000000 ne_request_create 3 ne_request_create ne_request_dispatch ne_request_destroy low-level HTTP request handling #include <ne_request.h> ne_request *ne_request_create ne_session *session const char *method const char *path int ne_request_dispatch ne_request *req void ne_request_destroy ne_request *req Description The ne_request object represents an HTTP request and the associated response. The ne_request_create function creates a new request object for the given session. The target resource for the request is identified by the path, and the method to be performed on that resource via the method parameter. The path string used must conform to the abs_path definition given in RFC2396, with an optional "?query" part, and must be URI-escaped by the caller (for instance, using ne_path_escape). If the string comes from an untrusted source, failure to perform URI-escaping results in a security vulnerability. To dispatch a request, and process the response, the ne_request_dispatch function can be used. An alternative is to use the (more complex, but more flexible) combination of the ne_begin_request, ne_end_request, and ne_read_response_block functions; see ne_begin_request. To add extra headers in the request, the functions and can be used. To include a message body with the request, one of the functions ne_set_request_body_buffer, , or ne_set_request_body_provider can be used. The return value of ne_request_dispatch indicates merely whether the request was sent and the response read successfully. To discover the result of the operation, , along with any processing of the response headers and message body. A request can only be dispatched once: calling ne_request_dispatch more than once on a single ne_request object produces undefined behaviour. Once all processing associated with the request object is complete, use the ne_request_destroy function to destroy the resources associated with it. Any subsequent use of the request object produces undefined behaviour. If a request is being using a non-idempotent method such as POST, the NE_REQFLAG_IDEMPOTENT flag should be disabled; see . Return value The ne_request_create function returns a pointer to a request object (and never &null;). The ne_request_dispatch function returns zero if the request was dispatched successfully, and a non-zero error code otherwise. Errors NE_ERROR Request failed (see session error string) NE_LOOKUP The DNS lookup for the server (or proxy server) failed. NE_AUTH Authentication failed on the server. NE_PROXYAUTH Authentication failed on the proxy server. NE_CONNECT A connection to the server could not be established. NE_TIMEOUT A timeout occurred while waiting for the server to respond. Example An example of applying a MKCOL operation to the resource at the location http://www.example.com/foo/bar/: ne_session *sess = ne_session_create("http", "www.example.com", 80); ne_request *req = ne_request_create(sess, "MKCOL", "/foo/bar/"); if (ne_request_dispatch(req)) { printf("Request failed: %s\n", ne_get_error(sess)); } ne_request_destroy(req); See also , , , , , . neon-0.32.2/doc/ref/reqbody.xml000066400000000000000000000047641416727304000162640ustar00rootroot00000000000000 ne_set_request_body_buffer 3 ne_set_request_body_buffer ne_set_request_body_fd include a message body with a request #include <ne_request.h> void ne_set_request_body_buffer ne_request *req const char *buf size_t count int ne_set_request_body_fd ne_request *req int fd ne_off_t begin ne_off_t length Description The ne_set_request_body_buffer function specifies that a message body should be included with the body, which is stored in the count bytes buffer buf. The ne_set_request_body_fd function can be used to include a message body with a request which is read from a file descriptor. The body is read from the file descriptor fd, which must be a associated with a seekable file (not a pipe, socket, or FIFO). count bytes are read, beginning at offset begin (hence, passing begin as zero means the body is read from the beginning of the file). For all the above functions, the source of the request body must survive until the request has been dispatched; neither the memory buffer passed to ne_set_request_body_buffer nor the file descriptor passed to ne_set_request_body_fd are copied internally. See also neon-0.32.2/doc/ref/reqflags.xml000066400000000000000000000052021416727304000164070ustar00rootroot00000000000000 ne_set_request_flag 3 ne_set_request_flag ne_get_request_flag set and retrieve per-request flags #include <ne_request.h> void ne_set_request_flag ne_request *req ne_request_flag flag int value int ne_get_request_flag ne_request *req ne_request_flag flag Description The ne_set_request_flag function enables or disables a per-request flag. Passing a non-zero value argument enables the flag, and zero disables it. The following flags are defined: NE_REQFLAG_EXPECT100 enable this flag to use the "Expect: 100-continue" feature of HTTP/1.1, which allows the server to process request headers without reading the entire request body. This saves time and bandwidth if the server gives an authentication challenge (requiring the request to be resent), but has interoperability problems with some older servers. NE_REQFLAG_IDEMPOTENT disable this flag if the request uses a non-idempotent method such as POST Return value The ne_get_request_flag function returns zero if a flag is disabled, less than zero if the flag is not supported, or greater than zero if the flag is enabled. See also . neon-0.32.2/doc/ref/reqhdr.xml000066400000000000000000000037161416727304000161000ustar00rootroot00000000000000 ne_add_request_header 3 ne_add_request_header ne_print_request_header add headers to a request #include <ne_request.h> void ne_add_request_header ne_request *request const char *name const char *value void ne_print_request_header ne_request *request const char *name const char *format ... Description The functions ne_add_request_header and ne_print_request_header can be used to add headers to a request, before it is sent. ne_add_request_header simply adds a header of given name, with given value. ne_print_request_header adds a header of given name, taking the value from the printf-like format string parameter and subsequent variable-length argument list. See also neon-0.32.2/doc/ref/resolve.xml000066400000000000000000000120611416727304000162630ustar00rootroot00000000000000 ne_addr_resolve 3 ne_addr_resolve ne_addr_result ne_addr_first ne_addr_next ne_addr_error ne_addr_destroy functions to resolve hostnames to addresses #include <ne_socket.h> ne_sock_addr *ne_addr_resolve const char *hostname int flags int ne_addr_result const ne_sock_addr *addr const ne_inet_addr *ne_addr_first ne_sock_addr *addr const ne_inet_addr *ne_addr_next ne_sock_addr *addr char *ne_addr_error const ne_sock_addr *addr char *buffer size_t bufsiz void ne_addr_destroy ne_sock_addr *addr Description The ne_addr_resolve function resolves the given hostname, returning an ne_sock_addr object representing the address (or addresses) associated with the hostname. The flags parameter is currently unused, and must be passed as 0. The hostname passed to ne_addr_resolve can be a DNS hostname (e.g. "www.example.com") or an IPv4 dotted quad (e.g. "192.0.34.72"); or, on systems which support IPv6, an IPv6 hex address, which may be enclosed in brackets, e.g. "[::1]". To determine whether the hostname was successfully resolved, the ne_addr_result function is used, which returns non-zero if an error occurred. If an error did occur, the ne_addr_error function can be used, which will copy the error string into a given buffer (of size bufsiz). The functions ne_addr_first and ne_addr_next are used to retrieve the Internet addresses associated with an address object which has been successfully resolved. ne_addr_first returns the first address; ne_addr_next returns the next address after the most recent call to ne_addr_next or ne_addr_first, or &null; if there are no more addresses. The ne_inet_addr pointer returned by these functions can be passed to ne_sock_connect to connect a socket. After the address object has been used, it should be destroyed using ne_addr_destroy. Return value ne_addr_resolve returns a pointer to an address object, and never &null;. ne_addr_error returns the buffer parameter . Examples The code below prints out the set of addresses associated with the hostname www.google.com. ne_sock_addr *addr; char buf[256]; addr = ne_addr_resolve("www.google.com", 0); if (ne_addr_result(addr)) { printf("Could not resolve www.google.com: %s\n", ne_addr_error(addr, buf, sizeof buf)); } else { const ne_inet_addr *ia; printf("www.google.com:"); for (ia = ne_addr_first(addr); ia != NULL; ia = ne_addr_next(addr)) { printf(" %s", ne_iaddr_print(ia, buf, sizeof buf)); } putchar('\n'); } ne_addr_destroy(addr); See also neon-0.32.2/doc/ref/resphdr.xml000066400000000000000000000064431416727304000162620ustar00rootroot00000000000000 ne_get_response_header 3 ne_get_response_header ne_response_header_iterate functions to access response headers #include <ne_request.h> const char *ne_get_response_header ne_request *request const char *name void *ne_response_header_iterate ne_request *request void *cursor const char **name const char **value Description To retrieve the value of a response header field, the ne_get_response_header function can be used, and is given the name of the header to return. To iterate over all the response headers returned, the ne_response_header_iterate function can be used. This function takes a cursor parameter which should be &null; to retrieve the first header. The function stores the name and value of the next header header in the name and value parameters, and returns a new cursor pointer which can be passed to ne_response_header_iterate to retrieve the next header. Return value ne_get_response_header returns a string, or &null; if no header with that name was given. If used during request processing, the return value pointer is valid only until the next call to ne_begin_request, or else, until the request object is destroyed. Likewise, the cursor, names, and values returned by ne_response_header_iterate are only valid until the next call to ne_begin_request or until the request object is destroyed. Examples The following code will output the value of the Last-Modified header for a resource: ne_request *req = ne_request_create(sess, "GET", "/foo.txt"); if (ne_request_dispatch(req) == NE_OK) { const char *mtime = ne_get_response_header(req, "Last-Modified"); if (mtime) { printf("/foo.txt has last-modified value %s\n", mtime); } } ne_request_destroy(req); See also , . neon-0.32.2/doc/ref/sess.xml000066400000000000000000000106471416727304000155710ustar00rootroot00000000000000 ne_session_create 3 ne_session_create ne_close_connection ne_session_destroy set up HTTP sessions #include <ne_session.h> ne_session *ne_session_create const char *scheme const char *hostname unsigned int port void ne_close_connection ne_session *session void ne_session_destroy ne_session *session Description An ne_session object represents an HTTP session - a logical grouping of a sequence of HTTP requests made to a certain server. Any requests made using the session can use a persistent connection, share cached authentication credentials and any other common attributes. A new HTTP session is created using the ne_session_create function; the hostname and port parameters specify the origin server to use, along with the scheme (usually "http"). Before the first use of ne_session_create in a process, must have been called to perform any global initialization needed by any libraries used by &neon;. To enable SSL/TLS for the session, pass the string "https" as the scheme parameter, and either register a certificate verification function (see ) or trust the appropriate certificate (see , ). To use a proxy server for the session, it must be configured (see ) before any requests are created from session object. Further per-session options may be changed using the interface. If it is known that the session will not be used for a significant period of time, ne_close_connection can be called to close the connection, if one remains open. Use of this function is entirely optional, but it must not be called if there is a request active using the session. Once a session has been completed, ne_session_destroy must be called to destroy the resources associated with the session. Any subsequent use of the session pointer produces undefined behaviour. The session object must not be destroyed until after all associated request objects have been destroyed. Notes The hostname passed to ne_session_create is resolved when the first request using the session is dispatched; a DNS resolution failure can only be detected at that time (using the NE_LOOKUP error code); see for details. Return Values ne_session_create will return a pointer to a new session object (and never &null;). Examples Create and destroy a session: ne_session *sess; sess = ne_session_create("http", "host.example.com", 80); /* ... use sess ... */ ne_session_destroy(sess); See Also , , , neon-0.32.2/doc/ref/sessflags.xml000066400000000000000000000072431416727304000166040ustar00rootroot00000000000000 ne_set_session_flag 3 ne_set_session_flag ne_get_session_flag set and retrieve session flags #include <ne_request.h> void ne_set_session_flag ne_session *sess ne_session_flag flag int value int ne_get_session_flag ne_session *sess ne_session_flag flag Description The ne_set_session_flag function enables or disables a session flag. Passing a non-zero value argument enables the flag, and zero disables it. The following flags are defined: NE_SESSFLAG_PERSIST disable this flag to prevent use of persistent connections NE_SESSFLAG_ICYPROTO enable this flag to enable support for non-HTTP ShoutCast-style "ICY" responses NE_SESSFLAG_SSLv2 disable this flag to disable support for the SSLv2 protocol NE_SESSFLAG_RFC4918 enable this flag to enable support for RFC4918-only WebDAV features; losing backwards-compatibility with RFC2518 servers NE_SESSFLAG_CONNAUTH enable this flag if an RFC-violating connection-based HTTP authentication scheme is in use NE_SESSFLAG_TLS_SNI disable this flag if a server is used which does not correctly support the TLS SNI extension NE_SESSFLAG_EXPECT100 enable this flag to enable the request flag NE_REQFLAG_EXPECT100 for new requests Return value The ne_get_session_flag function returns zero if a flag is disabled, less than zero if the flag is not supported, or greater than zero if the flag is enabled. See also , . neon-0.32.2/doc/ref/shave.xml000066400000000000000000000023661416727304000157210ustar00rootroot00000000000000 ne_shave 3 ne_shave trim whitespace from a string #include <ne_string.h> char *ne_shave char *str const char *whitespace Description ne_shave returns a portion of str with any leading or trailing characters in the whitespace array removed. str may be modified. Note that the return value may not be equal to str. Examples The following code segment will output "fish": char s[] = ".!.fish!.!"; puts(ne_shave(s, ".!")); neon-0.32.2/doc/ref/sslca.xml000066400000000000000000000046271416727304000157220ustar00rootroot00000000000000 ne_ssl_load_ca 3 ne_ssl_load_ca ne_ssl_load_default_ca load SSL Certificate Authorities #include <ne_session.h> int ne_ssl_load_ca ne_session *session const char *filename int ne_ssl_load_default_ca ne_session *session Description To indicate that a given CA certificate is trusted by the user, the certificate can be loaded using the ne_ssl_load_ca function. The filename parameter given must specify the location of a PEM-encoded CA certificate. The SSL library in use by neon may include a default set of CA certificates; calling the ne_ssl_load_default_ca function will indicate that these CAs are trusted by the user. If no CA certificates are loaded, or the server presents a certificate which is invalid in some way, then the certificate must be manually verified (see ), otherwise the connection will fail. Return value Both ne_ssl_load_ca and ne_ssl_load_default_ca functions return 0 on success, or non-zero on failure. Examples Load the CA certificate stored in /path/to/cacert.pem: &egsess; if (ne_ssl_load_ca(sess, "/path/to/cacert.pem")) { printf("Could not load CA cert: %s\n", ne_get_error(sess)); } See also , neon-0.32.2/doc/ref/sslcert.xml000066400000000000000000000072301416727304000162650ustar00rootroot00000000000000 ne_ssl_cert_identity 3 ne_ssl_cert_identity ne_ssl_cert_signedby ne_ssl_cert_issuer ne_ssl_cert_subject functions to access certificate properties #include <ne_ssl.h> const char *ne_ssl_cert_identity const ne_ssl_certificate *cert const ne_ssl_certificate *ne_ssl_cert_signedby const ne_ssl_certificate *cert const ne_ssl_dname *ne_ssl_cert_subject const ne_ssl_certificate *cert const ne_ssl_dname *ne_ssl_cert_issuer const ne_ssl_certificate *cert Description The function ne_ssl_cert_identity retrieves the identity of a certificate; for an SSL server certificate, this will be the hostname for which the certificate was issued. In PKI parlance, the identity is the common name attribute of the distinguished name of the certificate subject. The functions ne_ssl_cert_subject and ne_ssl_cert_issuer can be used to access the objects representing the distinguished name of the subject and of the issuer of a certificate, respectively. If a certificate object is part of a certificate chain, then ne_ssl_cert_signedby can be used to find the certificate which signed a particular certificate. For a self-signed certificate or a certificate for which the full chain is not available, this function will return &null;. Return value ne_ssl_cert_issuer and ne_ssl_cert_subject are guaranteed to never return &null;. ne_ssl_cert_identity may return &null; if the certificate has no specific identity. ne_ssl_cert_signedby may return &null; as covered above. Examples The following function could be used to display information about a given certificate: void dump_cert(const ne_ssl_certificate *cert) { const char *id = ne_ssl_cert_identity(cert); char *dn; if (id) printf("Certificate was issued for '%s'.\n", id); dn = ne_ssl_readable_dname(ne_ssl_cert_subject(cert)); printf("Subject: %s\n", dn); free(dn); dn = ne_ssl_readable_dname(ne_ssl_cert_issuer(cert)); printf("Issuer: %s\n", dn); free(dn); } See also , neon-0.32.2/doc/ref/sslcert2.xml000066400000000000000000000026061416727304000163510ustar00rootroot00000000000000 ne_ssl_cert_cmp 3 ne_ssl_cert_cmp ne_ssl_cert_free functions to operate on certificate objects #include <ne_header.h> int ne_ssl_cert_cmp const ne_ssl_certificate *c1 const ne_ssl_certificate *c2 void ne_ssl_cert_free ne_ssl_certificate *cert Description The ne_ssl_cert_cmp function can be used to compare two certificate objects; it returns zero if they refer to the same certificate, and non-zero otherwise. The ne_ssl_cert_free function can be used to destroy a certificate object when it is no longer needed. neon-0.32.2/doc/ref/sslcertio.xml000066400000000000000000000066311416727304000166210ustar00rootroot00000000000000 ne_ssl_cert_read 3 ne_ssl_cert_read ne_ssl_cert_write ne_ssl_cert_import ne_ssl_cert_export functions to read or write certificates to and from files or strings #include <ne_ssl.h> ne_ssl_certificate *ne_ssl_cert_read const char *filename int ne_ssl_cert_write const ne_ssl_certificate *cert const char *filename ne_ssl_certificate *ne_ssl_cert_import const char *data char *ne_ssl_cert_export const ne_ssl_certificate *cert Description The ne_ssl_cert_write function writes a certificate to a file using the PEM encoding. The ne_ssl_cert_export function returns a base64-encoded &nul;-terminated string representing the certificate. This string is malloc-allocated and should be destroyed using free by the caller. The ne_ssl_cert_read function reads a certificate from a PEM-encoded file, and returns a certificate object. The ne_ssl_cert_import function returns a certificate object from a base64-encoded string, data, as returned by ne_ssl_cert_export. The certificate object returned by these functions should be destroyed using after use. Return value ne_ssl_cert_read returns &null; if a certificate could not be read from the file. ne_ssl_cert_write returns non-zero if the certificate could not be written to the file. ne_ssl_cert_export always returns a &nul;-terminated string, and never &null;. ne_ssl_cert_import returns &null; if the string was not a valid base64-encoded certificate. Encoding Formats The string produced by ne_ssl_cert_export is the base64 encoding of the DER representation of the certificate. The file written by ne_ssl_cert_write uses the PEM format: this is the base64 encoding of the DER representation with newlines every 64 characters, and start and end marker lines. neon-0.32.2/doc/ref/ssldname.xml000066400000000000000000000037441416727304000164220ustar00rootroot00000000000000 ne_ssl_dname 3 ne_ssl_readable_dname ne_ssl_dname_cmp SSL distinguished name handling #include <ne_ssl.h> const char *ne_ssl_readable_dname const ne_ssl_dname *dname int ne_ssl_dname_cmp const ne_ssl_dname *dn1 const ne_ssl_dname *dn2 Description The ne_ssl_readable_dname function creates a single-line, human-readable string out of an ne_ssl_dname object. The returned string is malloc()-allocated, and must be free()d by the caller. The ne_ssl_dname_cmp function compares two distinguished names, and returns zero if they are equal, or non-zero otherwise. Return value ne_ssl_readable_dname returns a malloc-allocated string, and never &null;. Examples See for an example use of ne_ssl_readable_dname. See also neon-0.32.2/doc/ref/ssltrust.xml000066400000000000000000000041121416727304000165050ustar00rootroot00000000000000 ne_ssl_trust_cert 3 ne_ssl_trust_cert ne_ssl_trust_default_ca functions to indicate that certificates are trusted #include <ne_session.h> void ne_ssl_trust_cert ne_session *session const ne_ssl_certificate *cert void ne_ssl_trust_default_ca ne_session *session Description To indicate that a given certificate is trusted by the user, the certificate object can be passed to ne_ssl_trust_cert. The certificate object is duplicated internally and can subsequently be destroyed. The SSL library in use by &neon; may include a default set of CA certificates; calling the ne_ssl_trust_default_ca function will indicate that these CAs are trusted by the user. Examples Load the CA certificate stored in /path/to/cacert.pem: &egsess; ne_ssl_certificate *cert = ne_ssl_cert_read("/path/to/cacert.pem"); if (cert) { ne_ssl_trust_cert(sess, cert); ne_ssl_cert_free(cert); } else { printf("Could not load CA cert: %s\n", ne_get_error(sess)); } See also , , neon-0.32.2/doc/ref/sslvfy.xml000066400000000000000000000122631416727304000161360ustar00rootroot00000000000000 ne_ssl_set_verify 3 ne_ssl_set_verify register an SSL certificate verification callback #include <ne_session.h> typedef int ne_ssl_verify_fn void *userdata int failures const ne_ssl_certificate *cert void ne_ssl_set_verify ne_session *session ne_ssl_verify_fn verify_fn void *userdata Description To enable manual SSL certificate verification, a callback can be registered using ne_ssl_set_verify. If such a callback is not registered, when a connection is established to an SSL server which does not present a certificate signed by a trusted CA (see ), or if the certificate presented is invalid in some way, the connection will fail. When the callback is invoked, the failures parameter gives a bitmask indicating in what way the automatic certificate verification failed. The value is equal to the bit-wise OR of one or more of the following constants (and is guaranteed to be non-zero): NE_SSL_NOTYETVALID The certificate is not yet valid. NE_SSL_EXPIRED The certificate has expired. NE_SSL_IDMISMATCH The hostname used for the session does not match the hostname to which the certificate was issued. NE_SSL_UNTRUSTED The Certificate Authority which signed the certificate is not trusted. Note that if either of the NE_SSL_IDMISMATCH or NE_SSL_UNTRUSTED failures is given, the connection may have been intercepted by a third party, and must not be presumed to be secure. The cert parameter passed to the callback represents the certificate which was presented by the server. If the server presented a chain of certificates, the chain can be accessed using . The cert object given is not valid after the callback returns. Return value The verification callback must return zero to indicate that the certificate should be trusted; and non-zero otherwise (in which case, the connection will fail). Examples The following code implements an example verification callback, using the dump_cert function from to display certification information. Notice that the hostname of the server used for the session is passed as the userdata parameter to the callback. static int my_verify(void *userdata, int failures, const ne_ssl_certificate *cert) { const char *hostname = userdata; dump_cert(cert); puts("Certificate verification failed - the connection may have been " "intercepted by a third party!"); if (failures & NE_SSL_IDMISMATCH) { const char *id = ne_ssl_cert_identity(cert); if (id) printf("Server certificate was issued to '%s' not '%s'.\n", id, hostname); else printf("The certificate was not issued for '%s'\n", hostname); } if (failures & NE_SSL_UNTRUSTED) puts("The certificate is not signed by a trusted Certificate Authority."); /* ... check for validity failures ... */ if (prompt_user()) return 1; /* fail verification */ else return 0; /* trust the certificate anyway */ } int main(...) { ne_session *sess = ne_session_create("https", "some.host.name", 443); ne_ssl_set_verify(sess, my_verify, "some.host.name"); ... } See also , , neon-0.32.2/doc/ref/status.xml000066400000000000000000000044721416727304000161360ustar00rootroot00000000000000 ne_status 3 ne_status HTTP status structure #include <ne_utils.h> typedef struct { int major_version, minor_version; int code, klass; const char *reason_phrase; } ne_status; Description An ne_status type represents an HTTP response status; used in response messages giving a result of request. The major_version and minor_version fields give the HTTP version supported by the server issuing the response. The code field gives the status code of the result (lying between 100 and 999 inclusive), and the klass field gives the classthe field is named klass not class so that the header can be used from a C++ program, in which class is a reserved word), which is equal to the most significant digit of the status. There are five classes of HTTP status code defined by RFC2616: 1xx Informational response. 2xx Success: the operation was successful 3xx Redirection 4xx Client error: the request made was incorrect in some manner. 5xx Server error See also . neon-0.32.2/doc/ref/tok.xml000066400000000000000000000043221416727304000154020ustar00rootroot00000000000000 ne_token 3 ne_token ne_qtoken string tokenizers #include <ne_string.h> char *ne_token char **str char sep char *ne_qtoken char **str char sep const char *quotes Description ne_token and ne_qtoken tokenize the string at the location stored in the pointer str. Each time the function is called, it returns the next token, and modifies the str pointer to point to the remainder of the string, or &null; if there are no more tokens in the string. A token is delimited by the separator character sep; if ne_qtoken is used any quoted segments of the string are skipped when searching for a separator. A quoted segment is enclosed in a pair of one of the characters given in the quotes string. The string being tokenized is modified each time the tokenizing function is called; replacing the next separator character with a &nul; terminator. Examples The following function prints out each token in a comma-separated string list, which is modified in-place: static void splitter(char *list) { do { printf("Token: %s\n", ne_token(&list, ',')); while (list); } neon-0.32.2/doc/ref/vers.xml000066400000000000000000000032521416727304000155650ustar00rootroot00000000000000 ne_version_match 3 ne_version_match ne_version_string library versioning #include <ne_utils.h> int ne_version_match int major int minor const char *ne_version_string Description The ne_version_match function returns non-zero if the library version is not of major version major, or the minor version is less than minor. For &neon; versions 0.x, every minor version is assumed to be incompatible with every other minor version. The ne_version_string function returns a string giving the library version. Examples To require &neon; 1.x, version 1.2 or later: if (ne_version_match(1, 2)) { printf("Library version out of date: 1.2 required, found %s.", ne_version_string()); exit(1); } neon-0.32.2/doc/ref/xml.xml000066400000000000000000000024471416727304000154130ustar00rootroot00000000000000 ne_xml_create 3 ne_xml_create ne_xml_destroy create and destroy an XML parser #include <ne_xml.h> ne_xml_parser *ne_xml_create void ne_xml_destroy ne_xml_parser *parser Description The ne_xml_create function creates an XML parser object, which can be used for parsing XML documents using stacked SAX handlers. Return value ne_xml_create returns a pointer to an XML parser object, and never &null; See also XXX neon-0.32.2/doc/refentry.xml000066400000000000000000000020301416727304000156610ustar00rootroot00000000000000 ne_foo 3 ne_foo ne_bar functions which do foo and bar #include <ne_header.h> void ne_set_useragent ne_session *session const char *product Description XXX Return value XXX Examples XXX See also XXX neon-0.32.2/doc/security.xml000066400000000000000000000117251416727304000157050ustar00rootroot00000000000000 HTTP Client Security &neon; is intended to be secure against a specific threat model: use of a malicious HTTP server. Under this threat model, a range of attacks are possible against a client when the user (or application) can be tricked into accessing an HTTP server which is controlled by an attacker. This section documents various types of possible attack and describes what mitigation is used in &neon;. CPU or memory consumption attacks &neon; uses fixed resource limits to prevent the following attacks: memory/CPU consumption attack using an unbounded number of response header fields memory consumption attack using an unbounded length of individual response header lines (or continuation headers) memory consumption attack against the PROPFIND code using an unbounded number of properties (propstat elements) per resource memory consumption attack against the PROPFIND code using an unbounded CDATA element in a "flat property" value Memory consumption attacks against applications based on &neon; by use of unbounded response length are also possible, but must be mitigated at application level. Memory consumption in &neon; itself is fixed and is not proportional to the response size. Test cases for all the above attacks are present in the &neon; test suite. SSL/TLS connection security When using a connection secured by SSL/TLS, it is necessary for clients to verify that the X.509 certificate presented by the server matches the server's expected identity. The algorithm required for this purpose is described in RFC 2818 and RFC 3280, and is implemented by &neon; in the following manner: the hostname argument passed to is the expected identity of the server the subjectAltName extension of the certificate is used for comparison against the expected identity, in preference to the Subject name's commonName attribute. the dNSName, iPAddress, and uniformResourceIdentifier classes of GeneralName are supported in subjectAltName comparison. if no subjectAltName is present in the certificate, the most specific commonName attribute in the Subject name is used for comparison instead. In the case where a server certificate is presented that does not match the expected identity (or is otherwise not trusted), &neon; will fail the request by default. This behaviour can be overridden by the use of a callback installed using , which allows the application to present the certificate details to a user for manual/off-line verification, if possible. Test cases for the correctness of the implementation of the identity verification algorithm are present in the &neon; test suite. Control character insertion in error messages Where error messages (as returned by () contain data supplied by the server, the untrusted data is sanitised to remove both control characters and non-ASCII characters. This prevents any attacks where such error messages are exposed to the user and can potentially distort the presentation of the interface (for example, through the use of a carriage return character in a text user interface). Attacks against authentication credentials Authentication credentials can be compromised by a "downgrade attack" by an active attacker; for example, where a MITM presents a Basic authentication challenge in place of the server's Digest challenge. &neon; mitigates these attacks by allowing the application (and hence, user) to specify that only a specific set of authentication protocols is permitted. &neon; supports the Digest and Negotiate authentication schemes, which both allow authentication of users without passing credentials in cleartext over the wire. The "domain" parameter is supported in Digest, allowing the server to restrict an authentication session to a particular set of URIs. neon-0.32.2/doc/ssl.xml000066400000000000000000000017771416727304000146450ustar00rootroot00000000000000 Secure connections: HTTP over SSL This section gives an introduction to SSL. The text is inspired by . &neon; supports the use of HTTP over SSLThe term SSL is used throughout this section to refer in general to both the SSL protocol developed by Netscape and its successor TLS, as adopted by the IETF. to implement secure connections. A secure connection in this context means a connection which has integrity, secrecy and is authenticated. Applications must go to some effort to correctly support secure connections—an application based on &neon; does not magically become secure simply by flicking a switch and enabling the use of SSL. neon-0.32.2/doc/using.xml000066400000000000000000000144301416727304000151570ustar00rootroot00000000000000 How to use neon from your application This section describes how to add &neon; support to an application. If you just want to quickly try out &neon;, use the script. The &neon; source code is designed to be easily embedded into an application source tree. &neon; has no dependencies on libraries other than an SSL toolkit and XML parser, though the source tree can be configured to have no support for SSL or XML if desired. To configure the &neon; source code some GNU autoconf macros are supplied, which can be used in a number of ways, as follows: autoconf macros are distributed in the 'macros' subdirectory of the neon distribution. Use the NEON_LIBRARY macro from your configure.in to check for the presence of the neon library installed on the system. The macro adds an '--with-neon=...' argument to configure, which allows the user to specify a location for the library (the standard /usr and /usr/local directories are checked automatically without having to be specified). The 'src' directory of the neon package can be imported directly into your application, if you do not wish to add an external dependency. If you wish to bundle, use the NEON_BUNDLED macro to configure neon in your application: here, the neon sources are bundled in a directory called 'libneon': NEON_BUNDLED(libneon, ...) If your application supports builds where srcdir != builddir, you should use the NEON_VPATH_BUNDLED macro like this: NEON_VPATH_BUNDLED(${srcdir}/libneon, libneon, ...) If you use this macro, a '--with-included-neon' option will be added to the generated configure script. This allows the user to force the bundled neon to be used in the application, rather than any neon library found on the system. If you allow neon to be configured this way, you must also configure an XML parser. Use the NEON_XML_PARSER macro to do this. The final argument to the _BUNDLED macros is a set of actions which are executed if the bundled build *is* chosen (rather than an external neon which might have been found on the user's system). In here, use either the NEON_LIBTOOL_BUILD or NEON_NORMAL_BUILD macro to set up the neon Makefile appropriately: including adding the neon source directory to the recursive make. A full fragment might be: NEON_BUNDLED(libneon, [ NEON_NORMAL_BUILD NEON_XML_PARSER SUBDIRS="libneon $SUBDIRS" ]) This means the bundled neon source directory (called 'libneon') is used if no neon is found on the system, and the standard XML parser search is used. Standards compliance &neon; is intended to be compliant with the IETF and W3C standards which it implements, with a few exceptions due to practical necessity or interoperability issues. These exceptions are documented in this section. RFC 2518, HTTP Extensions for Distributed Authoring—WebDAV &neon; is deliberately not compliant with section 23.4.2, and treats property names as a (namespace-URI, name) pair. This is generally considered to be correct behaviour by the WebDAV working group, and is likely to formally adopted in a future revision of the specification. RFC 2616, Hypertext Transfer Protocol—HTTP/1.1 There is some confusion in this specification about the use of the identity transfer-coding. &neon; ignores the Transfer-Encoding response header if it contains only the (now deprecated) identity token, and will determine the response message length as if the header was not present. &neon; will give an error if a response includes a Transfer-Encoding header with a value other than identity or chunked. RFC 2617, HTTP Authentication: Basic and Digest Access Authentication &neon; is not strictly compliant with the quoting rules given in the grammar for the Authorization header. The grammar requires that the qop and algorithm parameters are not quoted, however one widely deployed server implementation (Microsoft® IIS 5) rejects the request if these parameters are not quoted. &neon; sends these parameters with quotes—this is not known to cause any problems with other server implementations. Namespaces in XML The &neon; XML parser interface will accept and parse without error some XML documents which are well-formed according to the XML specification but do not conform to the "Namespaces in XML" specification . Specifically: the restrictions on the first character of the NCName rule are not all implemented; &neon; will allow any CombiningChar, Extender and some characters from the Digit class in this position. neon-0.32.2/doc/xml.xml000066400000000000000000000161531416727304000146360ustar00rootroot00000000000000 Parsing XML The &neon; XML interface is exposed by the ne_xml.h header file. This interface gives a wrapper around the standard SAX API used by XML parsers, with an additional abstraction, stacked SAX handlers, and also giving consistent XML Namespace support. Introduction to SAX A SAX-based parser works by emitting a sequence of events to reflect the tokens being parsed from the XML document. For example, parsing the following document fragment: world ]]> results in the following events: &startelm; "hello" &cdata; "world" &endelm; "hello" This example demonstrates the three event types used used in the subset of SAX exposed by the &neon; XML interface: &startelm;, &cdata; and &endelm;. In a C API, an event is implemented as a function callback; three callback types are used in &neon;, one for each type of event. Stacked SAX handlers WebDAV property values are represented as fragments of XML, transmitted as parts of larger XML documents over HTTP (notably in the body of the response to a PROPFIND request). When &neon; parses such documents, the SAX events generated for these property value fragments may need to be handled by the application, since &neon; has no knowledge of the structure of properties used by the application. To solve this problemThis problem only needs solving because the SAX interface is so inflexible when implemented as C function callbacks; a better approach would be to use an XML parser interface which is not based on callbacks. the &neon; XML interface introduces the concept of a SAX handler. A SAX handler comprises a &startelm;, &cdata; and &endelm; callback; the &startelm; callback being defined such that each handler may accept or decline the &startelm; event. Handlers are composed into a handler stack before parsing a document. When a new &startelm; event is generated by the XML parser, &neon; invokes each &startelm; callback in the handler stack in turn until one accepts the event. The handler which accepts the event will then be subsequently be passed &cdata; events if the element contains character data, followed by an &endelm; event when the element is closed. If no handler in the stack accepts a &startelm; event, the branch of the tree is ignored. To illustrate, given a handler A, which accepts the cat and age elements, and a handler B, which accepts the name element, the following document: An example XML document 3 Bob ]]> would be parsed as follows: A &startelm; "cat" → accept A &startelm; "age" → accept A &cdata; "3" A &endelm; "age" A &startelm; "name" → decline B &startelm; "name" → accept B &cdata; "Bob" B &endelm; "name" A &endelm; "cat" The search for a handler which will accept a &startelm; event begins at the handler of the parent element and continues toward the top of the stack. For the root element, it begins at the base of the stack. In the above example, handler A is at the base, and handler B at the top; if the name element had any children, only B's &startelm; would be invoked to accept them. Maintaining state To facilitate communication between independent handlers, a state integer is associated with each element being parsed. This integer is returned by &startelm; callback and is passed to the subsequent &cdata; and &endelm; callbacks associated with the element. The state integer of the parent element is also passed to each &startelm; callback, the value zero used for the root element (which by definition has no parent). To further extend : if handler A defines that the state of the root element cat will be 42, the event trace would be as follows: A &startelm; (parent = 0, "cat") → accept, state = 42 A &startelm; (parent = 42, "age") → accept, state = 50 A &cdata; (state = 50, "3") A &endelm; (state = 50, "age") A &startelm; (parent = 42, "name") → decline B &startelm; (parent = 42, "name") → accept, state = 99 B &cdata; (state = 99, "Bob") B &endelm; (state = 99, "name") A &endelm; (state = 42, "cat") To avoid collisions between state integers used by different handlers, the interface definition of any handler includes the range of integers it will use. XML namespaces To support XML namespaces, every element name is represented as a (namespace, name) pair. The &startelm; and &endelm; callbacks are passed namespace and name strings accordingly. If an element in the XML document has no declared namespace, the namespace given will be the empty string, "". neon-0.32.2/macros/000077500000000000000000000000001416727304000140255ustar00rootroot00000000000000neon-0.32.2/macros/.gitignore000066400000000000000000000000001416727304000160030ustar00rootroot00000000000000neon-0.32.2/macros/ChangeLog000066400000000000000000001023421416727304000156010ustar00rootroot00000000000000Sun Sep 12 18:38:13 2004 Joe Orton * neon.m4 (NEON_USE_EXTERNAL): Check for IDNA, LFS, SOCKS support. (NEON_SOCKS): Use common feature code for SOCKSv5 support. Fri Sep 10 20:52:54 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Safer autoheader template for declaring stpcpy as necessary for bundled neon builds. (NEON_WARNINGS): Drop -Winline. Wed Aug 25 19:44:26 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for poll. Sat Jul 3 11:39:01 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Pick up gethostbyname in -lsocket for QNX. Fri Apr 16 11:43:10 2004 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): If built using libtool, and --with-expat specifies a libexpat.la file, add the libexpat.la to NEON_LTLIBS. * neon.m4 (NEON_COMMON_CHECKS): Substitute NEON_LTLIBS. Tue Apr 13 20:51:59 2004 Joe Orton * neon.m4 (NEON_GSSAPI): Check for presence of gssapi/gssapi_generic.h. Wed Apr 7 13:16:33 2004 Joe Orton * neon.m4 (NE_LARGEFILE): Check for strtoq. Mon Mar 15 19:59:36 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Be safer around getaddrinfo blacklist for HP-UX and reference why it's needed. Sun Mar 7 11:15:44 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Use NE_LARGEFILE in-place rather than AC_REQUIRE'ing it. (NE_LARGEFILE): Add NE_LFS to CPPFLAGS for use in bundled builds. Mon Feb 23 23:02:54 2004 Joe Orton * neon.m4 (NE_SNPRINTF): Define HAVE_TRIO if trio is used. Mon Feb 23 00:22:39 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Give INCLUDES argument to AC_CHECK_HEADERS; prevent warning from cpp test for netinet/in.h on some platforms. Sun Feb 22 17:52:42 2004 Joe Orton * neon.m4 (NE_SEARCH_LIBS): Fix to run actions-if-found if function is found without needing additional libraries. (LIBNEON_SOURCE_CHECKS): Only check for gethostbyname if getaddrinfo is not found. Disable getaddrinfo on HP-UX 11.[01]* here rather than ne_socket.c. Sat Jan 24 17:49:50 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Also check for __tm_gmtoff in struct tm. Sat Jan 24 17:16:48 2004 Joe Orton * neon.m4: Remove -ansi-pedantic and -Wimplicit-prototypes for gcc 3.4 compatibility (thanks to Olaf Hering). Sat Jan 3 14:11:14 2004 Joe Orton * neon-test.m4: Check for stdint.h. Sat Jan 3 13:17:21 2004 Joe Orton * neon.m4 (NE_LARGEFILE): Add NE_LFS to neon-config --cflags output. Thu Jan 1 18:42:56 2004 Joe Orton * neon.m4 (NEON_FORMAT): Use C99 'll' rather than non-standard 'q' length modifier. Thu Jan 1 17:36:39 2004 Joe Orton * neon.m4 (NE_LARGEFILE): New macro. (LIBNEON_SOURCE_CHECKS): Call it. Sat Nov 15 09:25:43 2003 Joe Orton * neon.m4, neon-xml-parser.m4: Update for latest autoconf best-practice: s/AC_HELP_STRING/AS_HELP_STRING, replace AC_TRY_RUN with AC_RUN_IFELSE, AC_TRY_LINK_FUNC with AC_LINK_IFELSE, AC_TRY_COMPILE with AC_COMPILE_IFELSE, remove AC_LANG_C and AC_PROG_CC_STDC, Fri Nov 14 13:12:10 2003 Joe Orton * neon.m4 (NEON_LIBIDN): New macro. (LIBNEON_SOURCE_CHECKS): Use NEON_LIBIDN. Fri Nov 14 11:28:58 2003 Joe Orton * neon.m4 (NE_ENABLE_SUPPORT, NE_DISABLE_SUPPORT): New macros. Use throughout to flag support or lack of support for optional features. Thu Nov 13 20:25:28 2003 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for gethostbyname in -lbind too. Tue Oct 7 21:20:16 2003 Joe Orton * neon-test.m4 (NEON_TEST): Check for shutdown. Mon Sep 22 21:20:37 2003 Joe Orton * neon.m4 (NE_CHECK_FUNCS, NE_SEARCH_LIBS): Avoid clobbering ne_save_{LIBS,CPPFLAGS}. Sun Sep 14 10:51:34 2003 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for working AI_ADDRCONFIG flag for getaddrinfo(). Wed Sep 10 21:45:10 2003 Joe Orton * neon.m4 (NEON_GSSAPI): Restore CPPFLAGS and NEON_LIBS if GSSAPI detection fails. Thu Sep 4 21:29:06 2003 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for netinet/tcp.h. Wed Jul 23 21:17:40 2003 Joe Orton * neon.m4 (NEON_GSSAPI): New macro. Mon Apr 21 18:24:12 2003 Joe Orton * neon-xml-parser.m4 (HAVE_EXPAT): Fail if --with-expat is given but expat.h is not found. Wed Mar 26 20:29:11 2003 Joe Orton * neon.m4 (NEON_SSL): And add ne_stubssl to NEON_EXTRAOBJS for non-SSL build. Tue Mar 25 20:43:01 2003 Joe Orton * neon.m4 (NEON_SSL): Add ne_openssl to NEON_EXTRAOBJS. Mon Mar 17 20:34:55 2003 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for netdb.h. Sun Mar 16 14:22:02 2003 Joe Orton * neon-xml-parser.m4 (NE_XML_BUNDLED_EXPAT): Define HAVE_XMLPARSE_H. Sun Mar 16 11:47:35 2003 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Also fix non-included-expat build for when included expat is not an option. Sun Mar 16 11:20:23 2003 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Fix non-included-expat build broken in previous commit. Sun Mar 16 09:06:41 2003 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Fix --with-included-expat support. Sun Mar 9 10:08:57 2003 Joe Orton * neon.m4 (NEON_SSL): Fail if --with-ssl is given an argument. Sun Mar 9 08:55:04 2003 Joe Orton * neon.m4 (NE_SEARCH_LIBS): Bug fix to always compare against `extras' if given. Add support for optional `actions-if-found' argument. * neon-xml-parser.m4: Largely rewritten. Drop support for libxml 1.x; require expat 1.95.x. Sun Mar 9 08:50:22 2003 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for stpcpy. Mon Mar 3 22:15:56 2003 Joe Orton * neon.m4 (NE_CHECK_FUNCS): Check whether h_errno is declared. Wed Feb 19 21:35:20 2003 Joe Orton * neon.m4 (NEON_FORMAT): Revert use of 'z' modifier; breaks on CygWin. Tue Jan 14 17:06:07 2003 Joe Orton * neon.m4 (NEON_FORMAT): Prefer the C99 'z' modifier to printf size_t/ssize_t values where available. Fri Jan 3 23:12:20 2003 Joe Orton * neon.m4 (NE_PKG_CONFIG): New macro. (NEON_SSL): Use NE_PKG_CONFIG rather than PKG_CHECK_MODULES. Mon Dec 16 20:02:45 2002 Joe Orton * neon.m4 (NEON_SSL): Only check for OpenSSL <=0.9.6 if version is known to be <=0.9.7. Mon Dec 16 19:01:57 2002 Joe Orton * neon.m4: Use pkg-config data to determine location OpenSSL libraries/headers, if available. Tue Nov 19 11:21:31 2002 Joe Orton * neon-test.m4 (NEON_TEST): Suggest this macro is run before NEON_XML_PARSER. Mon Oct 7 22:22:12 2002 Joe Orton * neon.m4 (NE_CHECK_SSLVER): New macro. (NEON_SSL): Use NE_CHECK_SSLVER. Add --with-egd argument; conditionally enable EGD, optionally using only a specific EGD socket path, and only if using OpenSSL before 0.9.7. Tue Sep 24 21:36:01 2002 Joe Orton * neon.m4 (NE_ZLIB_VERSION): Removed macro. (NEON_ZLIB): Removed --with-force-zlib flag; don't check zlib version. (NEON_SSL): Removed --with-force-ssl flag, only require OpenSSL 0.9.6 or later. Sat Aug 31 17:28:15 2002 Joe Orton * neon.m4 (NEON_FORMAT_PREP): Add check for gcc -Wformat -Werror sanity. (NEON_FORMAT): Only use gcc -Wformat -Werror if sanity is assured. Fri Aug 30 22:07:59 2002 Joe Orton * neon.m4: Set NEON_INTERFACE_VERSION according to NEON_VERSION_MINOR, NEON_VERSION_RELEASE, for the duration of neon 0.x releases. Sun Aug 25 23:52:38 2002 Joe Orton * neon.m4 (NE_CHECK_FUNCS): New macro. (LIBNEON_SOURCE_CHECKS): Use NE_CHECK_FUNCS rather than AC_CHECK_FUNCS, so $NEON_LIBS are searched. Sun Aug 25 11:53:20 2002 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Require inet_ntop as well for USE_GETADDRINFO test. Sun Aug 18 22:50:09 2002 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Remove redundant check for SIGPIPE definition. Sun Aug 18 22:41:15 2002 Joe Orton * neon.m4 (NE_SEARCH_LIBS): Take optional fourth argument. (LIBNEON_SOURCE_CHECKS): Define USE_GETADDRINFO if getaddrinfo and gai_strerror are present. Otherwise, check for hstrerror, possibly in -lresolv. * neon-test.m4: Don't check for hstrerror(). Sun Aug 18 22:31:13 2002 Joe Orton * neon-xml-parser.m4 (NEON_FIND_PARSER_H, NEON_XML_LIBXML2): Re-order checks to skip redundant tests, speeding up common case. Fri Aug 9 19:47:14 2002 Joe Orton * neon.m4 (NEON_SSL): Require OpenSSL 0.9.6f or later. Wed Jul 31 23:01:17 2002 Joe Orton * strftime.m4, readline.m4: Removed from neon/macros CVS module. Tue Jul 30 19:09:20 2002 Joe Orton * neon.m4 (NEON_COMMON_CHECKS): Require AC_TYPE_SIZE_T, AC_TYPE_OFF_T. * neon-test.m4 (NEON_TEST): Require AC_TYPE_PID_T. Tue Jul 30 19:06:48 2002 Joe Orton * neon.m4 (NEON_SSL): Require OpenSSL 0.9.6e or later for security fixes; add --with-force-ssl to override version check. Fri Jul 26 00:01:07 2002 Joe Orton * neon.m4 (NE_MACOSX): Just check for any Darwin system. Sat Jul 20 10:40:29 2002 Joe Orton * neon.m4 (NEON_WITH_LIBS): Allow a colon-separated list of directories for --with-libs argument. Thu Jul 18 20:07:43 2002 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Require AC_FUNC_STRERROR_R. Wed Jul 17 23:26:51 2002 Joe Orton * neon.m4 (NEON_CHECK_VERSION): Rewrite to cache results, simplify, and use new ne_version_match. (NE_ZLIB_VERSION): Cache result. Fri Jul 5 12:57:56 2002 Joe Orton * neon.m4 (NEON_SSL): Fail if openssl/opensslv.h header is not found, or if OpenSSL version is earlier than 0.9.6. Sun Jun 16 14:04:18 2002 Joe Orton * neon.m4 (NEON_FORMAT): Take optional third argument giving format string specifier to use. (NEON_COMMON_CHECKS): Get format string for ssize_t; fix to use 'u' specifier for size_t format string. Thu Jun 13 20:34:35 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Undocument use of =DIR parameter to --with-expat, as it gives false expectations. Wed Jun 12 23:26:40 2002 Joe Orton * neon.m4 (NEON_WITH_LIBS): New macro. Mon Jun 10 22:31:50 2002 Joe Orton * neon.m4 (NEON_WARNINGS): Replace -ansi-pedantic with -pedantic. Sun May 26 19:08:12 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_LIBXML2): Check for libxml/xmlversion.h header too. Wed May 22 09:54:42 2002 Joe Orton * neon.m4 (NE_MACOSX): Cache result. (NE_COMMON_CHECKS): Simplify tm_gmtoff check further: use AC_CHECK_MEMBERS. Mon May 20 21:18:06 2002 Joe Orton * neon.m4 (NE_SEARCH_LIBS): Cache results. Mon May 20 20:55:04 2002 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Use AC_CACHE_CHECK to check for SIGPIPE in signal.h; don't invade the ac_ namespace with cache variables. Cache results of tm_gmtoff test too. Mon May 20 20:35:22 2002 Joe Orton * neon.m4 (NE_SNPRINTF): Simplify logic. Sun May 19 20:23:55 2002 Joe Orton * neon.m4 (NEON_WARNINGS): Remove with_warnings variable; simplify. Wed May 19 08:36:44 2004 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Declare stpcpy on modern "Linux-like" AIXes. Sun May 19 09:35:08 2002 Joe Orton * neon.m4 (NE_FIND_AR): Fix $PATH handling on some Linux platforms. Sun May 19 09:05:22 2002 Joe Orton * neon.m4 (NE_FIND_AR): New macro. (NEON_NORMAL_BUILD): Require NE_FIND_AR. * neon-test.m4: Require NE_FIND_AR. Check for hstrerror(). Fri May 17 23:37:19 2002 Joe Orton * neon.m4 (NEON_SSL): Allow --without-ssl again. Wed May 15 21:00:15 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_LIBXML2): sed '-L/usr/lib ' out of xml2-config --libs output. Sat May 11 15:30:38 2002 Joe Orton * neon.m4 (NEON_SOCKS): Moved and simplified from neon-socks.m4. Drop support for specifying directory argument; fail if --with-socks is given and socks.h is not found. * neon-socks.m4: Removed file. Sat May 11 15:22:36 2002 Joe Orton * neon.m4 (NEON_DEBUG): Moved and simplified from neon-debug.m4. * neon-debug.m4: Removed file. Sat May 11 13:40:29 2002 Joe Orton * neon.m4 (NEON_WARNINGS): Moved and simplified from neon-warnings.m4. * neon-warnings.m4: Removed file. Sat May 11 13:26:00 2002 Joe Orton * neon.m4 (NEON_SSL): Simplified version of NEON_SSL from neon-ssl.m4. Check for ssl.h; detect OpenSSL ENGINE correctly when -lcrypto requries -ldl. * neon-ssl.m4: Removed file. Sat May 11 13:16:27 2002 Joe Orton * neon.m4 (NE_SEARCH_LIBS): Allow passing 'extralibs' to include in library list when link against a specified library fails. Prepend found library/libraries to $NEON_LIBS. Sat May 11 12:40:24 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER), * neon.m4 (NEON_REPLACE_SNPRINTF): Use AC_LIBOBJ rather than modify LIBOBJS directly, to appease autoconf 2.53. Wed May 1 22:32:10 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_LIBXML1): Fix syntax error in libxml 1.x detection causing spurious or missing warning message. Thu Apr 25 07:38:33 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_EXTERNAL_EXPAT): Check for expat.h too, to support expat 1.95.x (Branko ibej). Tue Apr 23 21:09:55 2002 Joe Orton * neon-xml-parser.m4 (NEON_FIND_PARSER_H): New macro, factored out from NEON_XML_LIBXML2. (NEON_XML_LIBXML2, NEON_XML_LIBXML1): Use it. Tue Apr 23 20:54:30 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_LIBXML2): Check for parser.h or libxml/parser.h, or fail. Sat Apr 13 22:35:01 2002 Joe Orton * neon.m4 (NE_SNPRINTF): Define NEON_TRIO in NEON_CFLAGS, export it from 'neon-config --cflags' output. Fri Apr 5 23:40:00 2002 Joe Orton * neon.m4 (NEON_ZLIB, NE_ZLIB_VERSION): Add --with-force-zlib, to skip zlib version check. Simplify neon_zlib_message handling a little. Tue Mar 12 00:18:00 2002 Joe Orton * neon.m4 (NE_ZLIB_VERSION): New macro. (NEON_ZLIB): Use it to require zlib 1.1.4. Sun Mar 10 22:05:26 2002 Joe Orton * neon.m4 (NEON_ZLIB): Don't add ne_compress to NEON_EXTRAOBJS. Mon Mar 4 21:04:28 2002 Joe Orton * neon-ssl.m4 (NEON_SSL): Avoid adding -I/usr/include to CFLAGS during build as well as not exporting it via neon-config. Tue Feb 19 21:30:50 2002 Joe Orton * neon-socks.m4 (NEON_SOCKS): Fix configure argument name, export -L argument in NEON_LIBS, check for socks.h not sock.h, define NEON_SOCKS. Sun Jan 13 20:07:51 2002 Joe Orton * neon.m4 (NE_MACOSX): New macro. (NEON_COMMON_CHECKS): Call it. Sun Jan 6 21:35:08 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Add XML_BYTE_ORDER to CPPFLAGS; mini-expat doesn't pick up config.h. Tue Jan 1 23:30:03 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Set XML_BYTE_ORDER appropriately. Tue Jan 1 22:50:15 2002 Joe Orton * neon.m4 (NEON_CHECK_VERSION): Don't add libs for external neon to NEON_LIBS here. Tue Jan 1 22:44:05 2002 Joe Orton * neon-xml-parser.m4 (NEON_XML_LIBXML2, NEON_XML_LIBXML1): Alter CPPFLAGS only, not CFLAGS. Tue Jan 1 21:49:16 2002 Joe Orton * neon.m4 (NEON_USE_EXTERNAL): Factored out from NEON_COMMON. (NEON_COMMON): Use NEON_USE_EXTERNAL; simplify, improve reporting. * neon.m4 (NEON_COMMON_CHECKS): Move check for common headers here... (LIBNEON_SOURCE_CHECKS): from here. Tue Jan 1 21:44:33 2002 Joe Orton * neon-test.m4 (NEON_TEST): Check for AR and RANLIB. Fri Dec 14 22:39:57 2001 Joe Orton * neon-test.m4 (NEON_TEST): Pick up time_t definition from sys/time.h if present (fix for Solaris 2.6 and probably elsewhere). Fri Dec 14 22:39:32 2001 Joe Orton * neon.m4 (NEON_FORMAT): Allow passing in headers where type may be defined. Mon Dec 10 07:36:26 2001 Joe Orton * neon.m4 (NEON_COMMON): Fix --with-neon=PATH again. Sun Dec 9 21:40:47 2001 Joe Orton * neon-test.m4 (NEON_TEST): Determine how to print time_t. Sun Dec 9 11:50:03 2001 Joe Orton * neon.m4 (NEON_WITHOUT_ACL): New macro. (LIBNEON_SOURCE_CHECKS): Conditionally build ACL support. Sun Dec 9 01:06:32 2001 Joe Orton * neon.m4 (NEON_CHECK_VERSION): Use NEON_CONFIG as config script, drop first argument. Better error message if the link failed. (NEON_COMMON): Cleanup. Check for neon-config in PATH. Stop if --with-neon was given, and the external neon wasn't good enough. Sun Dec 9 00:17:19 2001 Joe Orton * neon-test.m4 (NEON_TEST): Requires NEON_COMMON_CHECKS. * neon-warnings.m4 (NEON_WARNINGS): Requires AC_PROG_CC. Sun Dec 9 00:13:47 2001 Joe Orton * neon.m4 (NEON_COMMON_CHECKS): New macro; runs common C language/compiler checks, which may be useful to neon applications regardless of whether a bundled or external neon is being used. Use AC_REQUIRE to prevent macros being expanded more than once. (LIBNEON_SOURCE_CHECKS, NEON_COMMON): Require NEON_COMMON_CHECKS to have been expanded. Sat Dec 8 00:56:34 2001 Joe Orton * neon.m4 (NEON_FORMAT): Rewrite to use cache results (should fix for cross-compiling), and for GCC, actually test for warnings - fix for Linux. Sat Dec 8 00:15:44 2001 Joe Orton * neon.m4 (NEON_CHECK_SUPPORT): Send --support output to /dev/null, in case it is from pre-0.18 and prints the usage message. Sat Dec 8 00:13:55 2001 Joe Orton * neon.m4 (NEON_COMMON): Prepend -lneon to NEON_LIBS rather than overwriting it when using bundled build. Mon Dec 3 19:49:28 2001 Joe Orton * neon.m4 (NEON_FORMAT_PREP, NEON_FORMAT): New macros. (LIBNEON_SOURCE_CHECKS): Call them. Mon Dec 3 19:43:11 2001 Joe Orton Fix gethostbyname() detection on Unixware 7: * neon.m4 (NEON_COMMON): Add -lneon to NEON_LIBS after performing source checks. (NE_SEARCH_LIBS): Test using libraries from NEON_LIBS too. Sat Nov 24 20:33:11 2001 Joe Orton * neon.m4 (NEON_CHECK_SUPPORT): New macro. (NEON_COMMON): Define NEON_SUPPORTS_{SSL,ZLIB} when using an external neon. Sat Nov 24 20:25:15 2001 Joe Orton * neon.m4 (NEON_WITHOUT_ZLIB): New function. (LIBNEON_SOURCE_CHECKS): Conditionally enable zlib support. Sun Nov 18 12:29:08 2001 Joe Orton * neon-ssl.m4 (NEON_SSL): Don't add -I/usr/include to NEON_CFLAGS. Sat Oct 27 12:20:08 2001 Joe Orton * neon.m4, neon-ssl.m4: Substitute NEON_SUPPORTS_ZLIB, NEON_SUPPORTS_DAV, NEON_SUPPORTS_SSL as "yes" or "no" appropriately. Thu Oct 25 14:29:53 2001 Mo DeJong * neon.m4 (NEON_NORMAL_BUILD): Use AC_CHECK_TOOL instead of AC_PATH_PROG so that cross compilation works properly. Sat Oct 6 13:36:58 2001 Joe Orton * neon.m4 (NEON_ZLIB): New macro. (LIBNEON_SOURCE_CHECKS): print warning if struct tm lacks tm_gmtoff. Sat Oct 6 12:39:09 2001 Joe Orton * neon.m4: Require autoconf 2.50. Use AC_HELP_STRING where possible, and AC_MSG_NOTICE instead of 'echo'. * neon-ssl.m4, neon-xml-parser.m4, neon-socks.m4: Quoting fixes for help strings. Tue Oct 2 21:13:24 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for tm_gmtoff in struct tm. Sun Sep 30 23:35:03 2001 Joe Orton * neon.m4 (NE_SEARCH_LIBS): AC_SEARCH_LIBS replacement, adds found libraries to NEON_LIBS instead. Sun Sep 30 11:11:19 2001 Joe Orton * neon-test.m4: New file. Sun Sep 30 11:09:58 2001 Joe Orton * neon.m4, neon-xml-parser.m4: Always add libs to $LIBS rather than $NEONLIBS. * neon.m4: Export NEON_CFLAGS. Sat Sep 29 14:12:53 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for zlib (zlib.h, inflate in -lz). Add ne_compress to NEON_EXTRAOBJS. Tue Sep 25 07:31:53 2001 Mo DeJong * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for instead of . Define HAVE_SIGPIPE if SIGPIPE is defined in . Mon Sep 24 20:16:47 2001 Joe Orton * neon-xml-parser.m4 (NEON_XML_EXTERNAL_EXPAT): Fix broken AC_DEFINE (Mo DeJong). Mon Sep 24 17:24:42 2001 Joe Orton * ac_c_bigendian_cross.m4: New file. * neon.m4: Use AC_C_BIGENDIAN_CROSS rather than AC_C_BIGENDIAN. Mon Sep 17 23:29:11 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Check for setvbuf(). Sun Sep 16 20:39:05 2001 Joe Orton * neon-ssl.m4 (NEON_SSL): Put SSL libs in LIBS rather than NEONLIBS (and lib paths). Sun Sep 16 20:36:53 2001 Joe Orton * neon.m4 (NEON_COMMON): Add library paths to NEONLIBS rather than LDFLAGS. Sat Jun 9 22:06:25 2001 Joe Orton * neon-debug.m4: New file. Thu May 31 00:04:51 2001 Joe Orton * neon.m4 (NEON_COMMON_BUILD): Update filenames. (NEON_CHECK_VERSION): Do simple AC_TRY_LINK and warn appropriately before checking version. Thu May 31 00:03:40 2001 Joe Orton * neon-warnings.m4: Add -Wbad-function-cast. Wed May 30 23:37:48 2001 Joe Orton * neon-xml-parser.m4: Added --with-libxml1 and --with-libxml2 arguments. Tue Apr 17 23:06:25 2001 Joe Orton * neon-ssl.m4: Define neon_ssl_message for configure output. Wed Apr 11 23:14:33 2001 Joe Orton * neon.m4 (NEON_COMMON_BUILD): Fix specifying a list of object files. Fri Apr 6 23:09:58 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Call NEON_SOCKS. Fri Apr 6 23:08:39 2001 Joe Orton * neon-socks.m4: Add basic SOCKSv5 support (untested). Mon Apr 2 21:42:40 2001 Joe Orton * neon.m4: Version is 0.13.0, interface version 13:0:0. Mon Apr 2 00:27:37 2001 Joe Orton * neon.m4: Move check for 'ar' program to NEON_NORMAL_BUILD, it's not necessary for libtool build. Mon Apr 2 00:17:58 2001 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Check for xmlversion.h header from libxml2. Sun Apr 1 21:23:26 2001 Joe Orton * neon-xml-parser.m4: Add expat2 support (Sam TH ). Wed Mar 21 10:56:03 2001 Joe Orton * neon-xml-parser.m4: Add libxml2 support. Sun Mar 4 15:45:21 2001 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Use an m4 ifelse rather than a shell test to code the conditional on whether an argument was passed to the macro or not. Sun Mar 4 15:23:47 2001 Joe Orton * neon.m4: Add "actions if not bundled" argument to *_BUNDLED macros. Mon Feb 26 22:52:24 2001 Joe Orton * neon.m4: Version is 0.12.0. Mon Feb 26 22:06:13 2001 Joe Orton * neon.m4: Versionn is 0.12.0-dev. Sun Feb 25 17:12:49 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Add checks for endianness (for md5 code), inline, and const. Sun Feb 25 17:00:07 2001 Joe Orton * neon.m4 (NEON_COMMON): Rename NEON_IS_BUNDLED to NEON_BUILD_BUNDLED. Sun Feb 25 16:52:19 2001 Joe Orton * neon.m4 (NEON_COMMON): Define NEON_IS_BUNDLED to "yes" or "no" appropriately. Sat Feb 24 00:06:09 2001 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Don't set NEON_NEED_XML_PARSER here. (NEON_COMMON): ... set it here instead. (NEON_WITHOUT_WEBDAV): New macro to disable WebDAV support. (NEON_COMMON_BUILD): Select default set of object files to build depending on whether DAV is enabled or not. Fri Feb 23 23:28:09 2001 Joe Orton * neon.m4 (NEON_COMMON_BUILD): Use an m4 'ifelse' for the number of args test. * neon.m4 (NEON_LIBTOOL_BUILD, NEON_NORMAL_BUILD, NEON_COMMON_BUILD): Set NEON_OBJEXT correctly (fixes dependancies). Sun Feb 4 14:55:10 2001 Joe Orton * neon.m4: Version is 0.11.0, interface version is 11:0:0. Sun Jan 28 17:16:27 2001 Joe Orton * neon.m4 (NEON_CHECK_VERSION): Run actions-if-okay if NEON_REQUIRE has not been called. Sun Jan 28 14:53:57 2001 Joe Orton * neon.m4 (NEON_REQUIRE, NEON_CHECK_VERSION): New macros. (NEON_COMMON): If a required version is defined, check that an external neon library matches it. Sun Jan 28 10:39:31 2001 Joe Orton * neon.m4: Define NEON_VERSION, NEON_VERSION_{MAJOR,MINOR} in config.h rather than substituting into neon_config.h. Sat Jan 27 22:55:42 2001 Joe Orton * neon.m4: Include version string in library message. Tue Jan 23 23:14:33 2001 Joe Orton * neon.m4 (NEON_VERSIONS): New macro. (NEON_COMMON): Call it from here. Mon Jan 15 22:26:54 2001 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Append rather than overwrite CFLAGS. Thu Jan 11 20:49:12 2001 Joe Orton * neon-ssl.m4: Check for OpenSSL in /usr too. Thu Jan 11 20:05:34 2001 Joe Orton * neon.m4 (NEON_VPATH_BUNDLED): New macro. (NEON_BUNDLED): Call NEON_COMMON_BUNDLED. (NEON_COMMON_BUNDLED): Abstracted from NEON_BUNDLED. Wed Jan 10 22:44:37 2001 Joe Orton * neon.m4 (NEON_LIBTOOL_BUILD, NEON_NORMAL_BUILD): Pass optional set of objects to build to these macros. Else, all objects go in NEONOBJS. (NEON_COMMON_BUILD): Implement that. Also substitute NEON_LINK_FLAGS. Mon Jan 8 22:23:51 2001 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Put XML parser libs in $NEONLIBS rather than $LIBS. Mon Jan 8 22:20:51 2001 Joe Orton * neon-ssl.m4 (NEON_SSL): Put OpenSSL libs in $NEONLIBS rather than LIBS. Sun Jan 7 17:30:54 2001 Joe Orton * neon.m4 (NEON_BUNDLED): Add optional second argument to specify builddir of bundled sources (Peter Moulder ). Wed Jan 3 21:33:05 2001 Joe Orton * neon.m4: Place libraries needed to use neon in NEONLIBS. Adding them to LIBS breaks bundled builds since libneon doesn't exist at configure-time, and configure uses $LIBS. Wed Jan 3 21:17:00 2001 Joe Orton * neon.m4 (NEON_COMMON_BUILD): Don't set top_builddir using 'pwd'. Wed Jan 3 21:15:04 2001 Joe Orton * neon.m4 (NEON_COMMON): If using bundled neon, add -L to LDFLAGS, and -lneon to LIBS. Fri Dec 22 23:13:39 2000 Joe Orton * neon.m4 (NEON_NORMAL_BUILD, NEON_COMMON_BUILD): New macros. Tue Dec 19 22:13:18 2000 Joe Orton * neon.m4 (NEON_LIBTOOL_BUILD): New macro. Wed Dec 13 22:07:07 2000 Joe Orton * neon.m4: Add a decent interface: NEON_LIBRARY for non-bundled case, NEON_BUNDLED for the bundled case. (LIBNEON_SOURCE_CHECKS): Always set NEON_NEED_XML_PARSER. * neon-xml-parser.m4 (NEON_XML_PARSER): Only execute if "$NEON_NEED_XML_PARSER" = "yes". Sun Nov 19 22:52:56 2000 Joe Orton * neon.m4, neon-ssl.m4, neon-warnings.m4, neon-xml-parser.m4: Clarify that the more liberal license applies to the m4 files only, not neon in general. Sun Nov 19 22:40:01 2000 Joe Orton * neon.m4 (NEON_LIBRARY): Don't call NEON_XML_PARSER, set NEON_NEED_XML_PARSER to "yes" if it needs to be called. Sun Nov 19 22:31:26 2000 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Switch to useing NEON_INCLUDED_EXPAT m4 macro rather than passing arguments. Sun Nov 19 22:20:36 2000 Joe Orton * neon.m4 (NEON_LIBRARY): Switch to using NEON_INCLUDED_SOURCE m4 macro rather than passing arguments to the NEON_LIBRARY macro. Sun Nov 5 23:26:18 2000 Joe Orton * neon-xml-parser.m4: Never set LIBS if using a libtool-built libexpat.la (Greg Stein). 2000-10-10 Joe Orton * neon-xml-parser.m4: If libexpat.la is included in the --with-expat parameter, then use a libtool-friendly LIBS. (Greg Stein) Sat Oct 7 19:16:08 2000 Joe Orton * neon-xml-parser.m4: Link against a libexpat.la if found in --with-expat location. (Greg Stein). Mon Sep 11 15:05:58 2000 Joe Orton * neon.m4: Use AC_SEARCH_LIBS for finding gethostbyname() and socket(). Mon Sep 11 15:03:45 2000 Joe Orton * neon.m4 (NEON_REPLACE_SNPRINTF): New macro. Fri Sep 8 14:30:37 2000 Joe Orton * neon.m4: Check for socket() in -lsocket, -linet. Thu Sep 7 00:11:51 2000 Joe Orton * neon-xml-parser.m4: Added --with-expat flag (patch by Greg Stein). Sun Aug 13 11:12:41 2000 Joe Orton * strftime.m4: New file, from fileutils-4.0i. Thu Jul 27 19:59:18 2000 Joe Orton * neon-ssl.m4: Append the SSL libs on the end of $LIBS rather than redefining it completely. Thu Jul 27 19:43:38 2000 Joe Orton * neon.m4: Define variable neon_library_message to describe what neon library is being used. Mon Jul 24 16:56:34 2000 Joe Orton * neon-ssl.m4: Put -lssl before -lcrypto in LIBS. Thu Jul 20 15:12:14 2000 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Pass directory name containing bundled expat sources as $1. * neon.m4 (NEON_LIBRARY): Pass directory name containing bundled neon sources as $1, and $2 is passed to NEON_XML_PARSER for similar use. Thu Jul 20 15:04:49 2000 Joe Orton * neon-ssl.m4: Rewritten from scratch. Support OpenSSL only. Thu Jul 20 12:41:23 2000 Joe Orton * neon.m4, neon-xml-parser.m4, neon_warnings.m4: Added licensing information. Wed Jul 19 19:30:24 2000 Joe Orton * neon-warnings.m4: New file. (NEON_WARNINGS): Macro for doing --enable-warnings. Sun Jun 18 12:12:23 2000 Joe Orton * neon.m4: Only add --with-included-neon flag if neon is bundled. Sun Jun 18 12:08:23 2000 Joe Orton * gnome-x-checks.m4: Imported from GNOME CVS macros module, adding: descriptive args to AC_DEFINE HAVE_LIBSM call, requiring Gtk 1.2.8 and the Gtk 'gthread' module. Mon May 29 15:10:24 2000 Joe Orton * neon.m4 (LIBNEON_SOURCE_CHECKS): Call NEON_SSL. Tue May 23 19:11:29 2000 Joe Orton * neon.m4: Renamed from neon-checks.m4. Sun May 21 23:52:27 2000 Joe Orton * neon-ssl.m4: New file. Sat May 13 21:08:54 2000 Joe Orton * acconfig.h: Added HAVE_LC_MESSAGE (my lcmessage.m4 is missing the appropriate description arguments). Sat May 13 21:08:40 2000 Joe Orton * acconfig.h: Added PACKAGE and VERSION. Sat May 13 21:02:29 2000 Joe Orton * socklen-arg-type.m4: Added file, modified from a KDE configure.in. Sat May 13 20:44:56 2000 Joe Orton * gnome-x-checks.m4: Added description arguments to AC_DEFINE(HAVE_LIBSM). Wed May 10 19:18:14 2000 Joe Orton * neon-xml-parser.m4: Error if no XML parser is found. Wed May 10 14:33:21 2000 Joe Orton * neon-checks.m4: New file. Wed May 10 14:26:57 2000 Joe Orton * neon-xml-parser.m4 (NEON_XML_PARSER): Use "neon_" prefix for variables. Wed May 10 13:47:04 2000 Joe Orton * acconfig.h: New file. Wed May 10 13:42:16 2000 Joe Orton * neon-xml-parser.m4: New file. Sun May 7 21:57:32 2000 Joe Orton * gnome-x-checks.m4 (GNOME_X_CHECKS): Check for Gtk 1.2.7 or later, passing "gthread" module argument. neon-0.32.2/macros/ld-version-script.m4000066400000000000000000000033641416727304000176610ustar00rootroot00000000000000# ld-version-script.m4 serial 3 dnl Copyright (C) 2008-2013 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Simon Josefsson # FIXME: The test below returns a false positive for mingw # cross-compiles, 'local:' statements does not reduce number of # exported symbols in a DLL. Use --disable-ld-version-script to work # around the problem. # gl_LD_VERSION_SCRIPT # -------------------- # Check if LD supports linker scripts, and define automake conditional # HAVE_LD_VERSION_SCRIPT if so. AC_DEFUN([gl_LD_VERSION_SCRIPT], [ AC_ARG_ENABLE([ld-version-script], AS_HELP_STRING([--enable-ld-version-script], [enable linker version script (default is enabled when possible)]), [have_ld_version_script=$enableval], []) if test -z "$have_ld_version_script"; then AC_MSG_CHECKING([if LD -Wl,--version-script works]) save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" cat > conftest.map < conftest.map < -*- autoconf -*- # # This file is free software; you may copy and/or distribute it with # or without modifications, as long as this notice is preserved. # This software is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. # The above license applies to THIS FILE ONLY, the neon library code # itself may be copied and distributed under the terms of the GNU # LGPL, see COPYING.LIB for more details # This file is part of the neon HTTP/WebDAV client library. # See http://www.webdav.org/neon/ for the latest version. # Please send any feedback to # Tests needed for the neon-test common test code. AC_DEFUN([NE_FORMAT_TIMET], [ NEON_FORMAT(time_t, [ #ifdef HAVE_SYS_TIME_H #include #endif]) ]) AC_DEFUN([NEON_TEST], [ AC_REQUIRE([NEON_COMMON_CHECKS]) AC_REQUIRE([NE_FORMAT_TIMET]) AC_REQUIRE([AC_TYPE_PID_T]) AC_REQUIRE([AC_HEADER_TIME]) dnl NEON_XML_PARSER may add things (e.g. -I/usr/local/include) to dnl CPPFLAGS which make "gcc -Werror" fail in NEON_FORMAT; suggest dnl this macro is used first. AC_BEFORE([$0], [NEON_XML_PARSER]) AC_CHECK_HEADERS(sys/time.h signal.h stdint.h locale.h) AC_CHECK_FUNCS(pipe isatty usleep shutdown setlocale gethostname) AC_REQUIRE([NE_FIND_AR]) ]) neon-0.32.2/macros/neon-xml-parser.m4000066400000000000000000000124751416727304000173270ustar00rootroot00000000000000# Copyright (C) 1998-2005, 2007 Joe Orton -*- autoconf -*- # # This file is free software; you may copy and/or distribute it with # or without modifications, as long as this notice is preserved. # This software is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. # The above license applies to THIS FILE ONLY, the neon library code # itself may be copied and distributed under the terms of the GNU # LGPL, see COPYING.LIB for more details # This file is part of the neon HTTP/WebDAV client library. # See http://www.webdav.org/neon/ for the latest version. # Please send any feedback to # Check for XML parser, supporting libxml 2.x and expat 1.95.x, # or a bundled copy of expat. # * Bundled expat if a directory name argument is passed # -> expat dir must contain minimal expat sources, i.e. # xmltok, xmlparse sub-directories. See sitecopy/cadaver for # examples of how to do this. # # Usage: # NEON_XML_PARSER() # or # NEON_XML_PARSER([expat-srcdir], [expat-builddir]) dnl Find expat: run $1 if found, else $2 AC_DEFUN([NE_XML_EXPAT], [ AC_CHECK_HEADER(expat.h, [AC_CHECK_LIB(expat, XML_SetXmlDeclHandler, [ AC_DEFINE(HAVE_EXPAT, 1, [Define if you have expat]) neon_xml_parser_message="expat" NEON_LIBS="$NEON_LIBS -lexpat" neon_xml_parser=expat AC_CHECK_TYPE(XML_Size, [NEON_FORMAT(XML_Size, [#include ])], [AC_DEFINE_UNQUOTED([NE_FMT_XML_SIZE], ["d"])], [#include ]) ], [$1])], [$1]) ]) dnl Find libxml2: run $1 if found, else $2 AC_DEFUN([NE_XML_LIBXML2], [ NE_PKG_CONFIG(NE_LX2, libxml-2.0, [], [AC_CHECK_TOOL(XML2_CONFIG, xml2-config) if test "x$XML2_CONFIG" != "xno"; then # xml2-config in some versions erroneously includes -I/include # in the --cflags output. NE_LX2_VERSION="`$XML2_CONFIG --version`" NE_LX2_CFLAGS="`$XML2_CONFIG --cflags | sed 's| -I/include||g'`" NE_LX2_LIBS="`$XML2_CONFIG --libs | sed 's|-L/usr/lib ||g'`" fi]) if test -n "${NE_LX2_VERSION+set}"; then neon_xml_parser_message="libxml $NE_LX2_VERSION" AC_DEFINE(HAVE_LIBXML, 1, [Define if you have libxml]) CPPFLAGS="$CPPFLAGS $NE_LX2_CFLAGS" NEON_LIBS="$NEON_LIBS $NE_LX2_LIBS" AC_CHECK_HEADERS(libxml/xmlversion.h libxml/parser.h,,[ AC_MSG_ERROR([could not find parser.h, libxml installation problem?])]) neon_xml_parser=libxml2 else $1 fi ]) dnl Configure for a bundled expat build. AC_DEFUN([NE_XML_BUNDLED_EXPAT], [ AC_REQUIRE([AC_C_BIGENDIAN]) # Define XML_BYTE_ORDER for expat sources. if test $ac_cv_c_bigendian = "yes"; then ne_xml_border=21 else ne_xml_border=12 fi # mini-expat doesn't pick up config.h CPPFLAGS="$CPPFLAGS -DXML_BYTE_ORDER=$ne_xml_border -DXML_DTD -I$1/xmlparse -I$1/xmltok" AC_DEFINE_UNQUOTED([NE_FMT_XML_SIZE], ["d"]) # Use the bundled expat sources AC_LIBOBJ($2/xmltok/xmltok) AC_LIBOBJ($2/xmltok/xmlrole) AC_LIBOBJ($2/xmlparse/xmlparse) AC_LIBOBJ($2/xmlparse/hashtable) AC_DEFINE(HAVE_EXPAT) AC_DEFINE(HAVE_XMLPARSE_H, 1, [Define if using expat which includes xmlparse.h]) ]) AC_DEFUN([NEON_XML_PARSER], [ dnl Switches to force choice of library AC_ARG_WITH([libxml2], AS_HELP_STRING([--with-libxml2], [force use of libxml 2.x])) AC_ARG_WITH([expat], AS_HELP_STRING([--with-expat], [force use of expat])) dnl Flag to force choice of included expat, if available. ifelse($#, 2, [ AC_ARG_WITH([included-expat], AS_HELP_STRING([--with-included-expat], [use bundled expat sources]),, with_included_expat=no)], with_included_expat=no) if test "$NEON_NEED_XML_PARSER" = "yes"; then # Find an XML parser neon_xml_parser=none # Forced choice of expat: case $with_expat in yes) NE_XML_EXPAT([AC_MSG_ERROR([expat library not found, cannot proceed])]) ;; no) ;; */libexpat.la) # Special case for Subversion ne_expdir=`echo $with_expat | sed 's:/libexpat.la$::'` AC_DEFINE(HAVE_EXPAT) AC_DEFINE_UNQUOTED([NE_FMT_XML_SIZE], ["d"]) CPPFLAGS="$CPPFLAGS -I$ne_expdir" if test "x${NEON_TARGET}" = "xlibneon.la"; then NEON_LTLIBS=$with_expat else # no dependency on libexpat => crippled libneon, so do partial install ALLOW_INSTALL=lib fi neon_xml_parser=expat neon_xml_parser_message="expat in $ne_expdir" ;; /*) AC_MSG_ERROR([--with-expat does not take a directory argument]) ;; esac # If expat wasn't specifically enabled and libxml was: if test "${neon_xml_parser}-${with_libxml2}-${with_included_expat}" = "none-yes-no"; then NE_XML_LIBXML2( [AC_MSG_ERROR([libxml2.x library not found, cannot proceed])]) fi # Otherwise, by default search for expat then libxml2: if test "${neon_xml_parser}-${with_included_expat}" = "none-no"; then NE_XML_EXPAT([NE_XML_LIBXML2([:])]) fi # If an XML parser still has not been found, fail or use the bundled expat if test "$neon_xml_parser" = "none"; then m4_if($1, [], [AC_MSG_ERROR([no XML parser was found: expat or libxml 2.x required])], [# Configure the bundled copy of expat NE_XML_BUNDLED_EXPAT($@) neon_xml_parser_message="bundled expat in $1"]) fi AC_MSG_NOTICE([XML parser used: $neon_xml_parser_message]) fi ]) neon-0.32.2/macros/neon.m4000066400000000000000000001154551416727304000152410ustar00rootroot00000000000000# Copyright (C) 1998-2009 Joe Orton -*- autoconf -*- # Copyright (C) 2004 Aleix Conchillo Flaque # # This file is free software; you may copy and/or distribute it with # or without modifications, as long as this notice is preserved. # This software is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. # The above license applies to THIS FILE ONLY, the neon library code # itself may be copied and distributed under the terms of the GNU # LGPL, see COPYING.LIB for more details # This file is part of the neon HTTP/WebDAV client library. # See http://www.webdav.org/neon/ for the latest version. # Please send any feedback to # # Usage: # # NEON_LIBRARY # or NEON_BUNDLED(srcdir, [ACTIONS-IF-BUNDLED], [ACTIONS-IF-NOT_BUNDLED]) # or NEON_VPATH_BUNDLED(srcdir, builddir, # [ACTIONS-IF-BUNDLED], [ACTIONS-IF-NOT-BUNDLED]) # # where srcdir is the location of bundled neon 'src' directory. # If using a VPATH-enabled build, builddir is the location of the # build directory corresponding to srcdir. # # If a bundled build *is* being used, ACTIONS-IF-BUNDLED will be # evaluated. These actions should ensure that 'make' is run # in srcdir, and that one of NEON_NORMAL_BUILD or NEON_LIBTOOL_BUILD # is called. # # After calling one of the above macros, if the NEON_NEED_XML_PARSER # variable is set to "yes", then you must configure an XML parser # too. You can do this your own way, or do it easily using the # NEON_XML_PARSER() macro. Example usage for where we have bundled the # neon sources in a directory called libneon, and bundled expat # sources in a directory called 'expat'. # # NEON_BUNDLED(libneon, [ # NEON_XML_PARSER(expat) # NEON_NORMAL_BUILD # ]) # # Alternatively, for a simple standalone app with neon as a # dependancy, use just: # # NEON_LIBRARY # # and rely on the user installing neon correctly. # # You are free to configure an XML parser any other way you like, # but the end result must be, either expat or libxml will get linked # in, and HAVE_EXPAT or HAVE_LIBXML is defined appropriately. # # To set up the bundled build environment, call # # NEON_NORMAL_BUILD # or # NEON_LIBTOOL_BUILD # # depending on whether you are using libtool to build, or not. # Both these macros take an optional argument specifying the set # of object files you wish to build: if the argument is not given, # all of neon will be built. AC_DEFUN([NEON_BUNDLED],[ neon_bundled_srcdir=$1 neon_bundled_builddir=$1 NEON_COMMON_BUNDLED([$2], [$3]) ]) AC_DEFUN([NEON_VPATH_BUNDLED],[ neon_bundled_srcdir=$1 neon_bundled_builddir=$2 NEON_COMMON_BUNDLED([$3], [$4]) ]) AC_DEFUN([NEON_COMMON_BUNDLED],[ AC_PREREQ(2.50) AC_ARG_WITH(included-neon, AS_HELP_STRING([--with-included-neon], [force use of included neon library]), [neon_force_included="$withval"], [neon_force_included="no"]) NEON_COMMON # The colons are here so there is something to evaluate # in case the argument was not passed. if test "$neon_force_included" = "yes"; then : $1 else : $2 fi ]) dnl Not got any bundled sources: AC_DEFUN([NEON_LIBRARY],[ AC_PREREQ(2.50) neon_force_included=no neon_bundled_srcdir= neon_bundled_builddir= NEON_COMMON ]) AC_DEFUN([NE_DEFINE_VERSIONS], [ NEON_VERSION="${NE_VERSION_MAJOR}.${NE_VERSION_MINOR}.${NE_VERSION_PATCH}${NE_VERSION_TAG}" AC_DEFINE_UNQUOTED([NEON_VERSION], ["${NEON_VERSION}"], [Define to be the neon version string]) AC_DEFINE_UNQUOTED([NE_VERSION_MAJOR], [(${NE_VERSION_MAJOR})], [Define to be neon library major version]) AC_DEFINE_UNQUOTED([NE_VERSION_MINOR], [(${NE_VERSION_MINOR})], [Define to be neon library minor version]) AC_DEFINE_UNQUOTED([NE_VERSION_PATCH], [(${NE_VERSION_PATCH})], [Define to be neon library patch version]) ]) AC_DEFUN([NE_VERSIONS_BUNDLED], [ # Define the current versions. NE_VERSION_MAJOR=0 NE_VERSION_MINOR=32 NE_VERSION_PATCH=2 NE_VERSION_TAG= # 0.32.x is backwards-compatible to 0.27.x, so AGE=5 NE_LIBTOOL_VERSINFO="32:${NE_VERSION_PATCH}:5" NE_DEFINE_VERSIONS ]) dnl Adds an ABI variation tag which will be added to the SONAME of dnl a shared library. e.g. NE_ADD_ABITAG(FOO) AC_DEFUN([NE_ADD_ABITAG], [ if test "x${NE_LIBTOOL_RELEASE}y" = "xy"; then NE_LIBTOOL_RELEASE="$1" else NE_LIBTOOL_RELEASE="${NE_LIBTOOL_RELEASE}-$1" fi ]) dnl Define the minimum required versions, usage: dnl NE_REQUIRE_VERSIONS([major-version], [minor-versions]) dnl e.g. dnl NE_REQUIRE_VERSIONS([0], [24 25]) dnl to require neon 0.24.x or neon 0.25.x. AC_DEFUN([NE_REQUIRE_VERSIONS], [ m4_define([ne_require_major], [$1]) m4_define([ne_require_minor], [$2]) ]) dnl Check that the external library found in a given location dnl matches the min. required version (if any). Requires that dnl NEON_CONFIG be set the the full path of a valid neon-config dnl script dnl dnl Usage: dnl NEON_CHECK_VERSION(ACTIONS-IF-OKAY, ACTIONS-IF-FAILURE) dnl AC_DEFUN([NEON_CHECK_VERSION], [ ne_libver=`$NEON_CONFIG --version | sed -e "s/neon //g"` m4_ifdef([ne_require_major], [ # Check whether the library is of required version ne_save_LIBS="$LIBS" ne_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS `$NEON_CONFIG --cflags`" LIBS="$LIBS `$NEON_CONFIG --libs`" # Check whether it's possible to link against neon AC_CACHE_CHECK([linking against neon], [ne_cv_lib_neon], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[#include ]], [[ne_version_match(0, 0);]])], [ne_cv_lib_neon=yes], [ne_cv_lib_neon=no])]) if test "$ne_cv_lib_neon" = "yes"; then ne_cv_lib_neonver=no for v in ne_require_minor; do case $ne_libver in ne_require_major.$v.*) ne_cv_lib_neonver=yes ;; esac done fi ne_goodver=$ne_cv_lib_neonver LIBS=$ne_save_LIBS CFLAGS=$ne_save_CFLAGS ], [ # NE_REQUIRE_VERSIONS not used; presume all versions OK! ne_goodver=yes ]) if test "$ne_goodver" = "yes"; then AC_MSG_NOTICE([using neon library $ne_libver]) $1 else AC_MSG_NOTICE([incompatible neon library version $ne_libver: wanted ne_require_major.ne_require_minor]) $2 fi]) dnl NEON_CHECK_SUPPORT(feature, var, name) AC_DEFUN([NEON_CHECK_SUPPORT], [ if $NEON_CONFIG --support $1 >/dev/null; then NE_ENABLE_SUPPORT($2, [$3 is supported by neon]) else NE_DISABLE_SUPPORT($2, [$3 is not supported by neon]) fi ]) dnl enable support for feature $1 with define NE_HAVE_$1, message $2 AC_DEFUN([NE_ENABLE_SUPPORT], [ NE_FLAG_$1=yes AC_SUBST(NE_FLAG_$1) AC_DEFINE([NE_HAVE_]$1, 1, [Defined if $1 is supported]) m4_if([$2], [], [ne_$1_message="support enabled" AC_MSG_NOTICE([$1 support is enabled])], [ne_$1_message="$2" AC_MSG_NOTICE([$2])]) ]) dnl Disable support for feature $1, giving message $2 AC_DEFUN([NE_DISABLE_SUPPORT], [ NE_FLAG_$1=no AC_SUBST(NE_FLAG_$1) m4_if([$2], [], [ne_$1_message="not supported" AC_MSG_NOTICE([$1 support is not enabled])], [ne_$1_message="$2" AC_MSG_NOTICE([$2])]) ]) AC_DEFUN([NEON_USE_EXTERNAL], [ # Configure to use an external neon, given a neon-config script # found at $NEON_CONFIG. neon_prefix=`$NEON_CONFIG --prefix` NEON_CHECK_VERSION([ # Pick up CFLAGS and LIBS needed CFLAGS="$CFLAGS `$NEON_CONFIG --cflags`" NEON_LIBS="$NEON_LIBS `$NEON_CONFIG --libs`" # Pick up library version set dummy `$NEON_CONFIG --version | sed 's/\./ /g'` NE_VERSION_MAJOR=[$]3; NE_VERSION_MINOR=[$]4; NE_VERSION_PATCH=[$]5 NE_DEFINE_VERSIONS neon_library_message="library in ${neon_prefix} (${NEON_VERSION})" neon_xml_parser_message="using whatever neon uses" NEON_CHECK_SUPPORT([ssl], [SSL], [SSL]) NEON_CHECK_SUPPORT([zlib], [ZLIB], [zlib]) NEON_CHECK_SUPPORT([ipv6], [IPV6], [IPv6]) NEON_CHECK_SUPPORT([lfs], [LFS], [LFS]) NEON_CHECK_SUPPORT([ts_ssl], [TS_SSL], [thread-safe SSL]) neon_got_library=yes if test $NE_FLAG_LFS = yes; then NEON_FORMAT(off64_t) AC_DEFINE_UNQUOTED([NE_FMT_NE_OFF_T], [NE_FMT_OFF64_T], [Define to be printf format string for ne_off_t]) else AC_DEFINE_UNQUOTED([NE_FMT_NE_OFF_T], [NE_FMT_OFF_T]) fi ], [neon_got_library=no]) ]) AC_DEFUN([NEON_COMMON],[ AC_REQUIRE([NEON_COMMON_CHECKS]) AC_ARG_WITH(neon, [ --with-neon[[=DIR]] specify location of neon library], [case $withval in yes|no) neon_force_external=$withval; neon_ext_path= ;; *) neon_force_external=yes; neon_ext_path=$withval ;; esac;], [ neon_force_external=no neon_ext_path= ]) if test "$neon_force_included" = "no"; then # There is no included neon source directory, or --with-included-neon # wasn't given (so we're not forced to use it). # Default to no external neon. neon_got_library=no if test "x$neon_ext_path" = "x"; then AC_PATH_PROG([NEON_CONFIG], neon-config, none) if test "x${NEON_CONFIG}" = "xnone"; then AC_MSG_NOTICE([no external neon library found]) elif test -x "${NEON_CONFIG}"; then NEON_USE_EXTERNAL else AC_MSG_NOTICE([ignoring non-executable ${NEON_CONFIG}]) fi else AC_MSG_CHECKING([for neon library in $neon_ext_path]) NEON_CONFIG="$neon_ext_path/bin/neon-config" if test -x ${NEON_CONFIG}; then AC_MSG_RESULT([found]) NEON_USE_EXTERNAL else AC_MSG_RESULT([not found]) # ...will fail since force_external=yes fi fi if test "$neon_got_library" = "no"; then if test $neon_force_external = yes; then AC_MSG_ERROR([could not use external neon library]) elif test -n "$neon_bundled_srcdir"; then # Couldn't find external neon, forced to use bundled sources neon_force_included="yes" else # Couldn't find neon, and don't have bundled sources AC_MSG_ERROR(could not find neon) fi fi fi if test "$neon_force_included" = "yes"; then NE_VERSIONS_BUNDLED AC_MSG_NOTICE([using bundled neon ($NEON_VERSION)]) NEON_BUILD_BUNDLED="yes" LIBNEON_SOURCE_CHECKS CFLAGS="$CFLAGS -I$neon_bundled_srcdir" NEON_LIBS="-L$neon_bundled_builddir -lneon $NEON_LIBS" NEON_NEED_XML_PARSER=yes neon_library_message="included libneon (${NEON_VERSION})" else # Don't need to configure an XML parser NEON_NEED_XML_PARSER=no NEON_BUILD_BUNDLED=no fi AC_SUBST(NEON_BUILD_BUNDLED) ]) dnl AC_SEARCH_LIBS done differently. Usage: dnl NE_SEARCH_LIBS(function, libnames, [extralibs], [actions-if-not-found], dnl [actions-if-found]) dnl Tries to find 'function' by linking against `-lLIB $NEON_LIBS' for each dnl LIB in libnames. If link fails and 'extralibs' is given, will also dnl try linking against `-lLIB extralibs $NEON_LIBS`. dnl Once link succeeds, `-lLIB [extralibs]` is prepended to $NEON_LIBS, and dnl `actions-if-found' are executed, if given. dnl If link never succeeds, run `actions-if-not-found', if given, else dnl give an error and fail configure. AC_DEFUN([NE_SEARCH_LIBS], [ AC_REQUIRE([NE_CHECK_OS]) AC_CACHE_CHECK([for library containing $1], [ne_cv_libsfor_$1], [ case $ne_cv_os_uname in MINGW*) ;; *) case $1 in getaddrinfo) ne__prologue="#include " ne__code="getaddrinfo(0,0,0,0);" ;; socket) ne__prologue="#include " ne__code="socket(0,0,0);" ;; bindtextdomain) ne__prologue="#include " ne__code="bindtextdomain(\"\",\"\");" ;; *) ne__prologue="" ne__code="$1();" ;; esac ;; esac AC_LINK_IFELSE([AC_LANG_PROGRAM([$ne__prologue], [$ne__code])], [ne_cv_libsfor_$1="none needed"], [ ne_sl_save_LIBS=$LIBS ne_cv_libsfor_$1="not found" for lib in $2; do case $ne_cv_os_uname in MINGW*) case $lib in ws2_32) ne__prologue="#include " case $1 in gethostbyname) ne__code="gethostbyname(\"\")" ;; socket) ne__code="socket(0,0,0);" ;; *) ne__code="$1();" ;; esac ;; *) ne__prologue="" ne__code="" ;; esac ;; *) ;; esac LIBS="$ne_sl_save_LIBS -l$lib $NEON_LIBS" AC_LINK_IFELSE([AC_LANG_PROGRAM([$ne__prologue], [$ne__code])], [ne_cv_libsfor_$1="-l$lib"; break]) m4_if($3, [], [], dnl If $3 is specified, then... [LIBS="$ne_sl_save_LIBS -l$lib $3 $NEON_LIBS" AC_LINK_IFELSE([AC_LANG_PROGRAM([$ne__prologue], [$ne__code])], [ne_cv_libsfor_$1="-l$lib $3"; break])]) done LIBS=$ne_sl_save_LIBS ]) ]) if test "$ne_cv_libsfor_$1" = "not found"; then m4_if([$4], [], [AC_MSG_ERROR([could not find library containing $1])], [$4]) elif test "$ne_cv_libsfor_$1" = "none needed"; then m4_if([$5], [], [:], [$5]) else NEON_LIBS="$ne_cv_libsfor_$1 $NEON_LIBS" $5 fi]) dnl Check for presence and suitability of zlib library AC_DEFUN([NEON_ZLIB], [ AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib], [disable zlib support]), ne_use_zlib=$withval, ne_use_zlib=yes) if test "$ne_use_zlib" = "yes"; then AC_CHECK_HEADER(zlib.h, [ AC_CHECK_LIB(z, inflate, [ NEON_LIBS="$NEON_LIBS -lz" NE_ENABLE_SUPPORT(ZLIB, [zlib support enabled, using -lz]) ], [NE_DISABLE_SUPPORT(ZLIB, [zlib library not found])]) ], [NE_DISABLE_SUPPORT(ZLIB, [zlib header not found])]) else NE_DISABLE_SUPPORT(ZLIB, [zlib not enabled]) fi ]) AC_DEFUN([NE_CHECK_OS], [ # Check for Darwin, which needs extra cpp and linker flags. AC_CACHE_CHECK([for uname], ne_cv_os_uname, [ ne_cv_os_uname=`uname -s 2>/dev/null` ]) if test "$ne_cv_os_uname" = "Darwin"; then CPPFLAGS="$CPPFLAGS -no-cpp-precomp" LDFLAGS="$LDFLAGS -flat_namespace" # poll has various issues in various Darwin releases if test x${ac_cv_func_poll+set} != xset; then ac_cv_func_poll=no fi fi ]) AC_DEFUN([NEON_COMMON_CHECKS], [ # These checks are done whether or not the bundled neon build # is used. ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC_USE_SYSTEM_EXTENSIONS], [AC_ISC_POSIX]) AC_REQUIRE([AC_PROG_CC]) AC_REQUIRE([AC_C_INLINE]) AC_REQUIRE([AC_C_CONST]) AC_REQUIRE([AC_TYPE_SIZE_T]) AC_REQUIRE([AC_TYPE_OFF_T]) AC_REQUIRE([NE_CHECK_OS]) AC_REQUIRE([AC_PROG_MAKE_SET]) AC_REQUIRE([AC_HEADER_STDC]) AC_CHECK_HEADERS([errno.h stdarg.h string.h stdlib.h sys/uio.h]) NEON_FORMAT(size_t,,u) dnl size_t is unsigned; use %u formats NEON_FORMAT(off_t) NEON_FORMAT(ssize_t) ]) AC_DEFUN([NEON_FORMAT_PREP], [ AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) AC_CHECK_SIZEOF(long long) if test "$GCC" = "yes"; then AC_CACHE_CHECK([for gcc -Wformat -Werror sanity], ne_cv_cc_werror, [ # See whether a simple test program will compile without errors. ne_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS -Wformat -Werror" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[int i = 42; printf("%d", i);]])], [ne_cv_cc_werror=yes], [ne_cv_cc_werror=no]) CPPFLAGS=$ne_save_CPPFLAGS]) ne_fmt_trycompile=$ne_cv_cc_werror else ne_fmt_trycompile=no fi ]) dnl Check for LFS support AC_DEFUN([NE_LARGEFILE], [ dnl Need the size of off_t AC_REQUIRE([NEON_COMMON_CHECKS]) if test -z "$ac_cv_sizeof_off_t"; then NE_DISABLE_SUPPORT(LFS, [LFS support omitted: off_t size unknown!]) elif test $ac_cv_sizeof_off_t != 4; then NE_DISABLE_SUPPORT(LFS, [LFS support unnecessary, off_t is not 32-bit]) AC_CHECK_FUNCS([strtoll strtoq], [break]) elif test -z "$ac_cv_sizeof_long_long"; then NE_DISABLE_SUPPORT(LFS, [LFS support omitted: long long size unknown]) elif test $ac_cv_sizeof_long_long != 8; then NE_DISABLE_SUPPORT(LFS, [LFS support omitted: long long not 64-bit]) else ne_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE" AC_CHECK_TYPE(off64_t, [ NEON_FORMAT(off64_t) ne_lfsok=no AC_CHECK_FUNCS([strtoll strtoq], [ne_lfsok=yes; break]) AC_CHECK_FUNCS([lseek64 fstat64], [], [ne_lfsok=no; break]) if test x$ne_lfsok = xyes; then NE_ENABLE_SUPPORT(LFS, [LFS (large file) support enabled]) NEON_CFLAGS="$NEON_CFLAGS -D_LARGEFILE64_SOURCE -DNE_LFS" ne_save_CPPFLAGS="$CPPFLAGS -DNE_LFS" else NE_DISABLE_SUPPORT(LFS, [LFS support omitted: 64-bit support functions not found]) fi], [NE_DISABLE_SUPPORT(LFS, [LFS support omitted: off64_t type not found])]) CPPFLAGS=$ne_save_CPPFLAGS fi if test "$NE_FLAG_LFS" = "yes"; then AC_DEFINE_UNQUOTED([NE_FMT_NE_OFF_T], [NE_FMT_OFF64_T], [Define to be printf format string for ne_off_t]) NE_ADD_ABITAG(LFS) else AC_DEFINE_UNQUOTED([NE_FMT_NE_OFF_T], [NE_FMT_OFF_T]) fi ]) dnl NEON_FORMAT(TYPE[, HEADERS[, [SPECIFIER]]) dnl dnl This macro finds out which modifier is needed to create a dnl printf format string suitable for printing integer type TYPE (which dnl may be an int, long, or long long). dnl The default specifier is 'd', if SPECIFIER is not given. dnl TYPE may be defined in HEADERS; sys/types.h is always used first. AC_DEFUN([NEON_FORMAT], [ AC_REQUIRE([NEON_FORMAT_PREP]) AC_CHECK_SIZEOF($1,, [AC_INCLUDES_DEFAULT $2]) dnl Work out which specifier character to use m4_ifdef([ne_spec], [m4_undefine([ne_spec])]) m4_if($#, 3, [m4_define(ne_spec,$3)], [m4_define(ne_spec,d)]) m4_ifdef([ne_cvar], [m4_undefine([ne_cvar])])dnl m4_define([ne_cvar], m4_translit(ne_cv_fmt_[$1], [ ], [_]))dnl AC_CACHE_CHECK([how to print $1], [ne_cvar], [ ne_cvar=none if test $ne_fmt_trycompile = yes; then oflags="$CPPFLAGS" # Consider format string mismatches as errors CPPFLAGS="$CPPFLAGS -Wformat -Werror" dnl obscured for m4 quoting: "for str in d ld lld; do" for str in ne_spec l]ne_spec[ ll]ne_spec[; do AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include $2 #include ]], [[$1 i = 1; printf("%$str", i);]])], [ne_cvar=$str; break]) done CPPFLAGS=$oflags else # Best guess. Don't have to be too precise since we probably won't # get a warning message anyway. case $ac_cv_sizeof_]m4_translit($1, [ ], [_])[ in $ac_cv_sizeof_int) ne_cvar="ne_spec" ;; $ac_cv_sizeof_long) ne_cvar="l]ne_spec[" ;; $ac_cv_sizeof_long_long) ne_cvar="ll]ne_spec[" ;; esac fi ]) if test "x$ne_cvar" = "xnone"; then AC_MSG_ERROR([format string for $1 not found]) fi AC_DEFINE_UNQUOTED([NE_FMT_]m4_translit($1, [a-z ], [A-Z_]), "$ne_cvar", [Define to be printf format string for $1]) ]) dnl Wrapper for AC_CHECK_FUNCS; uses libraries from $NEON_LIBS. AC_DEFUN([NE_CHECK_FUNCS], [ ne_cf_save_LIBS=$LIBS LIBS="$LIBS $NEON_LIBS" AC_CHECK_FUNCS($@) LIBS=$ne_cf_save_LIBS]) dnl Checks needed when compiling the neon source. AC_DEFUN([LIBNEON_SOURCE_CHECKS], [ dnl Run all the normal C language/compiler tests AC_REQUIRE([NEON_COMMON_CHECKS]) dnl Needed for building the MD5 code. AC_REQUIRE([AC_C_BIGENDIAN]) dnl Is strerror_r present; if so, which variant AC_REQUIRE([AC_FUNC_STRERROR_R]) AC_CHECK_HEADERS([sys/time.h limits.h sys/select.h arpa/inet.h libintl.h \ signal.h sys/socket.h netinet/in.h netinet/tcp.h netdb.h sys/poll.h \ sys/limits.h fcntl.h iconv.h],,, [AC_INCLUDES_DEFAULT /* netinet/tcp.h requires netinet/in.h on some platforms. */ #ifdef HAVE_NETINET_IN_H #include #endif]) AC_REQUIRE([NE_SNPRINTF]) AC_CACHE_CHECK([for timezone global], ne_cv_cc_timezone, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[time_t t = 0 - timezone; timezone = 1;]])], ne_cv_cc_timezone=yes, ne_cv_cc_timezone=no)]) if test "$ne_cv_cc_timezone" = "yes"; then AC_DEFINE([HAVE_TIMEZONE], 1, [Define if the timezone global is available]) fi dnl Check for large file support NE_LARGEFILE AC_REPLACE_FUNCS(strcasecmp) AC_CHECK_FUNCS([signal setvbuf setsockopt stpcpy poll fcntl getsockopt \ explicit_bzero sendmsg]) if test "x${ac_cv_func_poll}${ac_cv_header_sys_poll_h}y" = "xyesyesy"; then AC_DEFINE([NE_USE_POLL], 1, [Define if poll() should be used]) fi if test "$ac_cv_func_stpcpy" = "yes"; then AC_CHECK_DECLS(stpcpy) fi # Modern AIXes with the "Linux-like" libc have an undeclared stpcpy AH_BOTTOM([#if defined(HAVE_STPCPY) && defined(HAVE_DECL_STPCPY) && !HAVE_DECL_STPCPY && !defined(stpcpy) char *stpcpy(char *, const char *); #endif]) # Unixware 7 can only link gethostbyname with -lnsl -lsocket # Pick up -lsocket first, then the gethostbyname check will work. # Haiku requires -lnetwork for socket functions. NE_SEARCH_LIBS(socket, socket inet ws2_32 network) # Enable getaddrinfo support if it, gai_strerror and inet_ntop are # all available. NE_SEARCH_LIBS(getaddrinfo, nsl,, [ne_enable_gai=no], [# HP-UX boxes commonly get into a state where getaddrinfo is present # but borked: http://marc.theaimsgroup.com/?l=apr-dev&m=107730955207120&w=2 case x`uname -sr 2>/dev/null`y in xHP-UX*11.[[01]]*y) AC_MSG_NOTICE([getaddrinfo support disabled on HP-UX 11.0x/11.1x]) ;; *) ne_enable_gai=yes NE_CHECK_FUNCS(gai_strerror getnameinfo inet_ntop inet_pton,, [ne_enable_gai=no; break]) ;; esac ]) if test $ne_enable_gai = yes; then NE_ENABLE_SUPPORT(IPV6, [IPv6 support is enabled]) AC_DEFINE(USE_GETADDRINFO, 1, [Define if getaddrinfo() should be used]) AC_CACHE_CHECK([for working AI_ADDRCONFIG], [ne_cv_gai_addrconfig], [ AC_RUN_IFELSE([AC_LANG_PROGRAM([#include #include ], [struct addrinfo hints = {0}, *result; hints.ai_flags = AI_ADDRCONFIG; if (getaddrinfo("localhost", NULL, &hints, &result) != 0) return 1;])], ne_cv_gai_addrconfig=yes, ne_cv_gai_addrconfig=no, ne_cv_gai_addrconfig=no)]) if test $ne_cv_gai_addrconfig = yes; then AC_DEFINE(USE_GAI_ADDRCONFIG, 1, [Define if getaddrinfo supports AI_ADDRCONFIG]) fi else # Checks for non-getaddrinfo() based resolver interfaces. # QNX has gethostbyname in -lsocket. BeOS only has it in -lbind. # CygWin/Winsock2 has it in -lws2_32, allegedly. # Haiku requires -lnetwork for socket functions. NE_SEARCH_LIBS(gethostbyname, socket nsl bind ws2_32 network) NE_SEARCH_LIBS(hstrerror, resolv,,[:]) NE_CHECK_FUNCS(hstrerror) # Older Unixes don't declare h_errno. AC_CHECK_DECLS(h_errno,,,[#include ]) AC_CHECK_TYPE(in_addr_t,,[ AC_DEFINE([in_addr_t], [unsigned int], [Define if in_addr_t is not available])], [ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif ]) fi AC_CHECK_TYPES(socklen_t,, # Linux accept(2) says this should be size_t for SunOS 5... gah. [AC_DEFINE([socklen_t], [int], [Define if socklen_t is not available])],[ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif ]) AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,, [#include ]) if test ${ac_cv_member_struct_tm_tm_gmtoff}${ac_cv_member_struct_tm___tm_gmtoff}${ne_cv_cc_timezone} = nonono; then AC_MSG_WARN([no timezone handling in date parsing on this platform]) fi ifdef([neon_no_zlib], [NE_DISABLE_SUPPORT(ZLIB, [zlib not supported])], [NEON_ZLIB()]) # Conditionally enable ACL support AC_MSG_CHECKING([whether to enable ACL support in neon]) if test "x$neon_no_acl" = "xyes"; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_oldacl ne_acl3744" fi NEON_SSL() NEON_GSSAPI() NEON_LIBPROXY() AC_SUBST(NEON_CFLAGS) AC_SUBST(NEON_LIBS) AC_SUBST(NEON_LTLIBS) ]) dnl Call to put lib/snprintf.o in LIBOBJS and define HAVE_SNPRINTF_H dnl if snprintf isn't in libc. AC_DEFUN([NEON_REPLACE_SNPRINTF], [ # Check for snprintf AC_CHECK_FUNC(snprintf,,[ AC_DEFINE(HAVE_SNPRINTF_H, 1, [Define if need to include snprintf.h]) AC_LIBOBJ(lib/snprintf)]) ]) dnl turn off webdav, boo hoo. AC_DEFUN([NEON_WITHOUT_WEBDAV], [ neon_no_webdav=yes neon_no_acl=yes NEON_NEED_XML_PARSER=no neon_xml_parser_message="none needed" ]) dnl Turn off zlib support AC_DEFUN([NEON_WITHOUT_ZLIB], [ define(neon_no_zlib, yes) ]) AC_DEFUN([NEON_WITHOUT_ACL], [ # Turn off ACL support neon_no_acl=yes ]) dnl Common macro to NEON_LIBTOOL_BUILD and NEON_NORMAL_BUILD dnl Sets NEONOBJS appropriately if it has not already been set. dnl dnl NOT FOR EXTERNAL USE: use LIBTOOL_BUILD or NORMAL_BUILD. dnl AC_DEFUN([NEON_COMMON_BUILD], [ # Using the default set of object files to build. # Add the extension to EXTRAOBJS ne="$NEON_EXTRAOBJS" NEON_EXTRAOBJS= for o in $ne; do NEON_EXTRAOBJS="$NEON_EXTRAOBJS $o.$NEON_OBJEXT" done # Was DAV support explicitly turned off? if test "x$neon_no_webdav" = "xyes"; then # No WebDAV support NEONOBJS="$NEONOBJS \$(NEON_BASEOBJS)" NE_DISABLE_SUPPORT(DAV, [WebDAV support is not enabled]) NE_ADD_ABITAG(NODAV) else # WebDAV support NEONOBJS="$NEONOBJS \$(NEON_DAVOBJS)" NE_ENABLE_SUPPORT(DAV, [WebDAV support is enabled]) fi AC_SUBST(NEON_TARGET) AC_SUBST(NEON_OBJEXT) AC_SUBST(NEONOBJS) AC_SUBST(NEON_EXTRAOBJS) AC_SUBST(NEON_LINK_FLAGS) ]) # The libtoolized build case: AC_DEFUN([NEON_LIBTOOL_BUILD], [ NEON_TARGET=libneon.la NEON_OBJEXT=lo NEON_COMMON_BUILD($#, $*) ]) dnl Find 'ar' and 'ranlib', fail if ar isn't found. AC_DEFUN([NE_FIND_AR], [ # Search in /usr/ccs/bin for Solaris ne_PATH=$PATH:/usr/ccs/bin AC_CHECK_TOOL(AR, ar, notfound, $ne_PATH) if test "x$AR" = "xnotfound"; then AC_MSG_ERROR([could not find ar tool]) fi AC_CHECK_TOOL(RANLIB, ranlib, :, $ne_PATH) ]) # The non-libtool build case: AC_DEFUN([NEON_NORMAL_BUILD], [ NEON_TARGET=libneon.a NEON_OBJEXT=o AC_REQUIRE([NE_FIND_AR]) NEON_COMMON_BUILD($#, $*) ]) AC_DEFUN([NE_SNPRINTF], [ AC_CHECK_FUNCS(snprintf vsnprintf,,[ ne_save_LIBS=$LIBS LIBS="$LIBS -lm" # Always need -lm AC_CHECK_LIB(trio, trio_vsnprintf, [AC_CHECK_HEADERS(trio.h,, AC_MSG_ERROR([trio installation problem? libtrio found but not trio.h])) AC_MSG_NOTICE(using trio printf replacement library) NEON_LIBS="$NEON_LIBS -ltrio -lm" AC_DEFINE(HAVE_TRIO, 1, [Use trio printf replacement library])], [AC_MSG_NOTICE([no vsnprintf/snprintf detected in C library]) AC_MSG_ERROR([Install the trio library from http://daniel.haxx.se/projects/trio/])]) LIBS=$ne_save_LIBS break ])]) dnl Usage: NE_CHECK_OPENSSLVER(variable, version-string, version-hex) dnl Define 'variable' to 'yes' if OpenSSL version is >= version-hex AC_DEFUN([NE_CHECK_OPENSSLVER], [ AC_CACHE_CHECK([OpenSSL version is >= $2], $1, [ AC_EGREP_CPP(good, [#include #if OPENSSL_VERSION_NUMBER >= $3 good #endif], [$1=yes $4], [$1=no])])]) dnl Less noisy replacement for PKG_CHECK_MODULES AC_DEFUN([NE_PKG_CONFIG], [ m4_define([ne_cvar], m4_translit(ne_cv_pkg_[$2], [.-], [__]))dnl AC_PATH_PROG(PKG_CONFIG, pkg-config, no) if test "$PKG_CONFIG" = "no"; then : Not using pkg-config $4 else AC_CACHE_CHECK([for $2 pkg-config data], ne_cvar, [if $PKG_CONFIG $2; then ne_cvar=yes else ne_cvar=no fi]) if test "$ne_cvar" = "yes"; then $1_CFLAGS=`$PKG_CONFIG --cflags $2` $1_LIBS=`$PKG_CONFIG --libs $2` $1_VERSION=`$PKG_CONFIG --modversion $2` : Using provided pkg-config data $3 else : No pkg-config for $2 provided $4 fi fi m4_undefine([ne_cvar]) ]) dnl Check for an SSL library (GNU TLS or OpenSSL) AC_DEFUN([NEON_SSL], [ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=openssl|gnutls], [enable SSL support (default OpenSSL)])) AC_ARG_WITH(egd, [[ --with-egd[=PATH] enable EGD support [using EGD socket at PATH]]]) AC_ARG_WITH(pakchois, AS_HELP_STRING([--without-pakchois], [disable support for PKCS#11 using pakchois])) case $with_ssl in /*) AC_MSG_NOTICE([to use SSL libraries in non-standard locations, try --with-ssl --with-libs=$with_ssl]) AC_MSG_ERROR([--with-ssl does not take a path argument]) ;; yes|openssl) NE_PKG_CONFIG(NE_SSL, openssl, [AC_MSG_NOTICE(using OpenSSL $NE_SSL_VERSION library configuration from pkg-config) CPPFLAGS="$CPPFLAGS ${NE_SSL_CFLAGS}" NEON_LIBS="$NEON_LIBS ${NE_SSL_LIBS}"], [# Either OpenSSL library may require -ldl if built with dynamic engine support NE_SEARCH_LIBS(RSA_new, crypto, -ldl) NE_SEARCH_LIBS(SSL_library_init, ssl, -ldl) NE_SSL_VERSION="(0.9.7 or later)"]) AC_CHECK_HEADERS(openssl/ssl.h openssl/opensslv.h,, [AC_MSG_ERROR([OpenSSL headers not found, cannot enable SSL support])]) NE_CHECK_OPENSSLVER(ne_cv_lib_ssl097, 0.9.7, 0x00907000L) NE_CHECK_OPENSSLVER(ne_cv_lib_ssl110, 1.1.0, 0x10100000L) if test "$ne_cv_lib_ssl110" = "yes"; then NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using OpenSSL $NE_SSL_VERSION]) AC_DEFINE(HAVE_OPENSSL11, 1, [Enable OpenSSL 1.1 support]) elif test "$ne_cv_lib_ssl097" = "yes"; then # Enable EGD support if using 0.9.7 or newer AC_MSG_NOTICE([OpenSSL >= 0.9.7; EGD support not needed in neon]) NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using OpenSSL $NE_SSL_VERSION]) NE_CHECK_FUNCS(CRYPTO_set_idptr_callback SSL_SESSION_cmp) else # Fail if OpenSSL is older than 0.9.6 NE_CHECK_OPENSSLVER(ne_cv_lib_ssl096, 0.9.6, 0x00906000L) if test "$ne_cv_lib_ssl096" != "yes"; then AC_MSG_ERROR([OpenSSL 0.9.6 or later is required]) fi NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using OpenSSL (0.9.6 or later)]) case "$with_egd" in yes|no) ne_cv_lib_sslegd=$with_egd ;; /*) ne_cv_lib_sslegd=yes AC_DEFINE_UNQUOTED([EGD_PATH], "$with_egd", [Define to specific EGD socket path]) ;; *) # Guess whether EGD support is needed AC_CACHE_CHECK([whether to enable EGD support], [ne_cv_lib_sslegd], [if test -r /dev/random || test -r /dev/urandom; then ne_cv_lib_sslegd=no else ne_cv_lib_sslegd=yes fi]) ;; esac if test "$ne_cv_lib_sslegd" = "yes"; then AC_MSG_NOTICE([EGD support enabled for seeding OpenSSL PRNG]) AC_DEFINE([ENABLE_EGD], 1, [Define if EGD should be supported]) fi fi AC_DEFINE([HAVE_OPENSSL], 1, [Define if OpenSSL support is enabled]) NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_openssl" AC_DEFINE([HAVE_NTLM], 1, [Define if NTLM is supported]) ;; gnutls) NE_PKG_CONFIG(NE_SSL, gnutls, [AC_MSG_NOTICE(using GnuTLS configuration from pkg-config) CPPFLAGS="$CPPFLAGS ${NE_SSL_CFLAGS}" NEON_LIBS="$NEON_LIBS ${NE_SSL_LIBS}" ], [ # Fall back on libgnutls-config script AC_PATH_PROG(GNUTLS_CONFIG, libgnutls-config, no) if test "$GNUTLS_CONFIG" = "no"; then AC_MSG_ERROR([could not find libgnutls-config in \$PATH]) fi CPPFLAGS="$CPPFLAGS `$GNUTLS_CONFIG --cflags`" NEON_LIBS="$NEON_LIBS `$GNUTLS_CONFIG --libs`" NE_SSL_VERSION="`$GNUTLS_CONFIG --version`" ]) AC_CHECK_HEADER([gnutls/gnutls.h],, [AC_MSG_ERROR([could not find gnutls/gnutls.h in include path])]) NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using GnuTLS $NE_SSL_VERSION]) NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_gnutls" AC_DEFINE([HAVE_GNUTLS], 1, [Define if GnuTLS support is enabled]) # Check for functions in later releases NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ gnutls_certificate_get_issuer \ gnutls_certificate_get_x509_cas \ gnutls_x509_crt_sign2 \ gnutls_certificate_set_retrieve_function2 \ gnutls_privkey_import_ext]) # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) if test x${ac_cv_func_gnutls_x509_crt_sign2} != xyes; then AC_MSG_ERROR([GnuTLS version predates gnutls_x509_crt_sign2, newer version required (at least 1.2.0)]) fi # Check for iconv support if using the new RDN access functions: if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then AC_CHECK_FUNCS(iconv) fi ;; *) # Default to off; only create crypto-enabled binaries if requested. NE_DISABLE_SUPPORT(SSL, [SSL support is not enabled]) NE_DISABLE_SUPPORT(TS_SSL, [Thread-safe SSL support is not enabled]) NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_stubssl" ;; esac AC_SUBST(NEON_SUPPORTS_SSL) AC_ARG_WITH(ca-bundle, AS_HELP_STRING(--with-ca-bundle, specify filename of an SSL CA root bundle),, with_ca_bundle=no) case ${NE_FLAG_SSL}-${with_ca_bundle} in *-no) ;; yes-*) AC_DEFINE_UNQUOTED([NE_SSL_CA_BUNDLE], ["${with_ca_bundle}"], [Define to be filename of an SSL CA root bundle]) AC_MSG_NOTICE([Using ${with_ca_bundle} as default SSL CA bundle]) ;; esac AC_ARG_ENABLE(threadsafe-ssl, AS_HELP_STRING(--enable-threadsafe-ssl=posix, [enable SSL library thread-safety using POSIX threads: suitable CC/CFLAGS/LIBS must be used to make the POSIX library interfaces available]),, enable_threadsafe_ssl=no) case ${enable_threadsafe_ssl}X${ne_cv_lib_ssl110} in *Xyes) NE_ENABLE_SUPPORT(TS_SSL, [OpenSSL is natively thread-safe]) ;; posixX*|yesX*) ne_pthr_ok=yes AC_CHECK_FUNCS([pthread_mutex_init pthread_mutex_lock],,[ne_pthr_ok=no]) if test "${ne_pthr_ok}" = "no"; then AC_MSG_ERROR([could not find POSIX mutex interfaces; (try CC="${CC} -pthread"?)]) fi NE_ENABLE_SUPPORT(TS_SSL, [Thread-safe SSL supported using POSIX threads]) ;; *) NE_DISABLE_SUPPORT(TS_SSL, [Thread-safe SSL not supported]) ;; esac case ${with_pakchois}X${ac_cv_func_gnutls_privkey_import_ext}Y${ne_cv_lib_ssl097} in noX*Y*) ;; *X*Yyes|*XyesY*) # PKCS#11... ho! NE_PKG_CONFIG(NE_PK11, pakchois, [AC_MSG_NOTICE([[using pakchois $NE_PK11_VERSION for PKCS#11 support]]) AC_DEFINE(HAVE_PAKCHOIS, 1, [Define if pakchois library supported]) CPPFLAGS="$CPPFLAGS ${NE_PK11_CFLAGS}" NEON_LIBS="${NEON_LIBS} ${NE_PK11_LIBS}"], [AC_MSG_NOTICE([[pakchois library not found; no PKCS#11 support]])]) ;; esac ]) dnl -- end defun NEON_SSL dnl Check for Kerberos installation AC_DEFUN([NEON_GSSAPI], [ AC_ARG_WITH(gssapi, AS_HELP_STRING(--without-gssapi, disable GSSAPI support)) if test "$with_gssapi" != "no"; then ne_save_CFLAGS=$CFLAGS ne_save_LIBS=$NEON_LIBS NE_PKG_CONFIG(NE_GSSAPI, [krb5-gssapi], [AC_MSG_NOTICE(using GSSAPI configuration from pkg-config) KRB5_CONF_TOOL=pkgconf], [AC_PATH_PROG([KRB5_CONF_TOOL], krb5-config, none, $PATH:/usr/kerberos/bin) if test "x$KRB5_CONF_TOOL" != "xnone"; then NE_GSSAPI_LIBS="`${KRB5_CONF_TOOL} --libs gssapi`" NE_GSSAPI_CFLAGS="`${KRB5_CONF_TOOL} --cflags gssapi`" NE_GSSAPI_VERSION="`${KRB5_CONF_TOOL} --version`" fi]) else KRB5_CONF_TOOL=none fi if test "x$KRB5_CONF_TOOL" != "xnone"; then CFLAGS="$CFLAGS ${NE_GSSAPI_CFLAGS}" NEON_LIBS="${NEON_LIBS} ${NE_GSSAPI_LIBS}" # MIT and Heimdal put gssapi.h in different places AC_CHECK_HEADERS(gssapi/gssapi.h gssapi.h, [ NE_CHECK_FUNCS(gss_init_sec_context, [ ne_save_CFLAGS=$CFLAGS ne_save_LIBS=$NEON_LIBS AC_MSG_NOTICE([GSSAPI authentication support enabled, using $NE_GSSAPI_VERSION]) AC_DEFINE(HAVE_GSSAPI, 1, [Define if GSSAPI support is enabled]) AC_CHECK_HEADERS(gssapi/gssapi_generic.h) # Older versions of MIT Kerberos lack GSS_C_NT_HOSTBASED_SERVICE AC_CHECK_DECL([GSS_C_NT_HOSTBASED_SERVICE],, [AC_DEFINE([GSS_C_NT_HOSTBASED_SERVICE], gss_nt_service_name, [Define if GSS_C_NT_HOSTBASED_SERVICE is not defined otherwise])], [#ifdef HAVE_GSSAPI_GSSAPI_H #include #else #include #endif])]) break ]) CFLAGS=$ne_save_CFLAGS NEON_LIBS=$ne_save_LIBS fi]) AC_DEFUN([NEON_LIBPROXY], [ AC_ARG_WITH(libproxy, AS_HELP_STRING(--without-libproxy, disable libproxy support)) if test "x$with_libproxy" != "xno"; then NE_PKG_CONFIG(NE_PXY, libproxy-1.0, [AC_DEFINE(HAVE_LIBPROXY, 1, [Define if libproxy is supported]) CPPFLAGS="$CPPFLAGS $NE_PXY_CFLAGS" NEON_LIBS="$NEON_LIBS ${NE_PXY_LIBS}" NE_ENABLE_SUPPORT(LIBPXY, [libproxy support enabled using libproxy $NE_PXY_VERSION])], [NE_DISABLE_SUPPORT(LIBPXY, [libproxy support not enabled])]) else NE_DISABLE_SUPPORT(LIBPXY, [libproxy support not enabled]) fi ]) dnl Adds an --enable-warnings argument to configure to allow enabling dnl compiler warnings AC_DEFUN([NEON_WARNINGS],[ AC_REQUIRE([AC_PROG_CC]) dnl so that $GCC is set AC_ARG_ENABLE(warnings, AS_HELP_STRING(--enable-warnings, [enable compiler warnings])) if test "$enable_warnings" = "yes"; then case $GCC:`uname` in yes:*) CFLAGS="$CFLAGS -Wall -Wmissing-declarations -Wshadow -Wreturn-type -Wsign-compare -Wundef -Wpointer-arith -Wbad-function-cast -Wformat-security" if test -z "$with_ssl" -o "$with_ssl" = "no"; then # OpenSSL headers fail strict prototypes checks CFLAGS="$CFLAGS -Wstrict-prototypes" fi ;; no:OSF1) CFLAGS="$CFLAGS -check -msg_disable returnchecks -msg_disable alignment -msg_disable overflow" ;; no:IRIX) CFLAGS="$CFLAGS -fullwarn" ;; no:UnixWare) CFLAGS="$CFLAGS -v" ;; *) AC_MSG_WARN([warning flags unknown for compiler on this platform]) ;; esac fi ]) dnl Adds an --disable-debug argument to configure to allow disabling dnl debugging messages. dnl Usage: dnl NEON_WARNINGS([actions-if-debug-enabled], [actions-if-debug-disabled]) dnl AC_DEFUN([NEON_DEBUG], [ AC_ARG_ENABLE(debug, AS_HELP_STRING(--disable-debug,[disable runtime debugging messages])) # default is to enable debugging case $enable_debug in no) AC_MSG_NOTICE([debugging is disabled]) $2 ;; *) AC_MSG_NOTICE([debugging is enabled]) AC_DEFINE(NE_DEBUGGING, 1, [Define to enable debugging]) $1 ;; esac]) dnl Macro to optionally enable socks support AC_DEFUN([NEON_SOCKS], [ ]) AC_DEFUN([NEON_WITH_LIBS], [ AC_ARG_WITH([libs], [[ --with-libs=DIR[:DIR2...] look for support libraries in DIR/{bin,lib,include}]], [case $with_libs in yes|no) AC_MSG_ERROR([--with-libs must be passed a directory argument]) ;; *) ne_save_IFS=$IFS; IFS=: for dir in $with_libs; do ne_add_CPPFLAGS="$ne_add_CPPFLAGS -I${dir}/include" ne_add_LDFLAGS="$ne_add_LDFLAGS -L${dir}/lib" ne_add_PATH="${ne_add_PATH}${dir}/bin:" PKG_CONFIG_PATH=${PKG_CONFIG_PATH}${PKG_CONFIG_PATH+:}${dir}/lib/pkgconfig done IFS=$ne_save_IFS CPPFLAGS="${ne_add_CPPFLAGS} $CPPFLAGS" LDFLAGS="${ne_add_LDFLAGS} $LDFLAGS" PATH=${ne_add_PATH}$PATH export PKG_CONFIG_PATH ;; esac])]) AC_DEFUN([NEON_I18N], [ dnl Check for NLS iff libintl.h was detected. AC_ARG_ENABLE(nls, AS_HELP_STRING(--disable-nls, [disable internationalization support]),, [enable_nls=${ac_cv_header_libintl_h}]) if test x${enable_nls} = xyes; then # presume that dgettext() is available if bindtextdomain() is... # checking for dgettext() itself is awkward because gcc has a # builtin of that function, which confuses AC_CHECK_FUNCS et al. NE_SEARCH_LIBS(bindtextdomain, intl, -liconv ,[enable_nls=no]) NE_CHECK_FUNCS(bind_textdomain_codeset) fi if test "$enable_nls" = "no"; then NE_DISABLE_SUPPORT(I18N, [Internationalization support not enabled]) else NE_ENABLE_SUPPORT(I18N, [Internationalization support enabled]) eval localedir="${datadir}/locale" AC_DEFINE_UNQUOTED([LOCALEDIR], "$localedir", [Define to be location of localedir]) fi ]) neon-0.32.2/macros/socklen-arg-type.m4000066400000000000000000000017031416727304000174540ustar00rootroot00000000000000dnl This function is (C) 1997,98,99 Stephan Kulow (coolo@kde.org) dnl Modifications (C) Joe Orton 1999,2000 AC_DEFUN([SOCKLEN_ARG_TYPE],[ dnl Check for the type of the third argument of getsockname AC_MSG_CHECKING(for the third argument of getsockname) AC_CACHE_VAL(ac_cv_ksize_t, [AC_TRY_COMPILE([ #include #include ],[ socklen_t a=0; getsockname(0,(struct sockaddr*)0, &a); ], ac_cv_ksize_t=socklen_t, ac_cv_ksize_t=) if test -z "$ac_cv_ksize_t"; then ac_safe_cflags="$CFLAGS" if test "$GCC" = "yes"; then CFLAGS="-Werror $CFLAGS" fi AC_TRY_COMPILE([ #include #include ],[ int a=0; getsockname(0,(struct sockaddr*)0, &a); ], ac_cv_ksize_t=int, ac_cv_ksize_t=size_t) CFLAGS="$ac_safe_cflags" fi ]) if test -z "$ac_cv_ksize_t"; then ac_cv_ksize_t=int fi AC_MSG_RESULT($ac_cv_ksize_t) AC_DEFINE_UNQUOTED(ksize_t, $ac_cv_ksize_t, [Define to be the type of the third argument to getsockname]) ])neon-0.32.2/neon-config.in000066400000000000000000000036561416727304000153050ustar00rootroot00000000000000#! /bin/sh # Originally from libxml, Copyright (C) Daniel Veillard # Modifications for neon Copyright (C) 2000-2006 Joe Orton. prefix=@prefix@ exec_prefix=@exec_prefix@ includedir=@includedir@ libdir=@libdir@ usage() { cat <&2 ;; esac shift done exit 0 neon-0.32.2/neon.mak000066400000000000000000000161141416727304000141750ustar00rootroot00000000000000#**** neon Win32 -*- Makefile -*- ******************************************** # # Define DEBUG_BUILD to create a debug version of the library. !IF "$(OS)" == "Windows_NT" NULL= !ELSE NULL=nul !ENDIF ######## # Debug vs. Release build !IF "$(DEBUG_BUILD)" == "" INTDIR = Release CFLAGS = /MD /W3 /GX /O2 /D "NDEBUG" TARGET = .\libneon.lib !ELSE INTDIR = Debug CFLAGS = /MDd /W3 /Gm /GX /Zi /Od /D "_DEBUG" TARGET = .\libneonD.lib !ENDIF ######## # Whether to build SSPI !IF "$(SSPI_BUILD)" != "" CFLAGS = $(CFLAGS) /D HAVE_SSPI !ENDIF ######## # Support for Expat integration # # If EXPAT_SRC or EXPAT_INC are set, then assume compiling against a # pre-built binary Expat 1.95.X. You can use either EXPAT_SRC # to specify the top-level Expat directory, or EXPAT_INC to directly # specify the Expat include directory. (If both are set, EXPAT_SRC # is ignored). # # If EXPAT_SRC and EXPAT_INC are not set, then the user can # still set EXPAT_FLAGS to specify very specific compile behavior. # # If none of EXPAT_SRC, EXPAT_INC and EXPAT_FLAGS are set, disable # WebDAV support. !IF "$(EXPAT_INC)" == "" !IF "$(EXPAT_SRC)" != "" EXPAT_INC = $(EXPAT_SRC)\Source\Lib !ENDIF !ENDIF BUILD_EXPAT = 1 !IF "$(EXPAT_INC)" == "" !IFNDEF EXPAT_FLAGS EXPAT_FLAGS = BUILD_EXPAT = !ENDIF !ELSE EXPAT_FLAGS = /I "$(EXPAT_INC)" /D HAVE_EXPAT /D HAVE_EXPAT_H /D NE_HAVE_DAV !ENDIF ######## # Support for OpenSSL integration !IF "$(OPENSSL_SRC)" == "" OPENSSL_FLAGS = !ELSE OPENSSL_FLAGS = /I "$(OPENSSL_SRC)\inc32" /D NE_HAVE_SSL /D HAVE_OPENSSL !ENDIF ######## # Support for zlib integration !IF "$(ZLIB_SRC)" == "" ZLIB_FLAGS = ZLIB_LIBS = ZLIB_CLEAN = !ELSE ZLIB_CLEAN = ZLIB_CLEAN !IF "$(DEBUG_BUILD)" == "" ZLIB_STATICLIB = zlib.lib ZLIB_SHAREDLIB = zlib1.dll ZLIB_IMPLIB = zdll.lib ZLIB_LDFLAGS = /nologo /release !ELSE ZLIB_STATICLIB = zlib_d.lib ZLIB_SHAREDLIB = zlib1_d.dll ZLIB_IMPLIB = zdll_d.lib ZLIB_LDFLAGS = /nologo /debug !ENDIF ZLIB_FLAGS = /I "$(ZLIB_SRC)" /D NE_HAVE_ZLIB !IF "$(ZLIB_DLL)" == "" ZLIB_LIBS = "$(ZLIB_SRC)\$(ZLIB_STATICLIB)" !ELSE ZLIB_FLAGS = $(ZLIB_FLAGS) /D ZLIB_DLL ZLIB_LIBS = "$(ZLIB_SRC)\$(ZLIB_IMPLIB)" !ENDIF !ENDIF ######## # Support for IPv6 !IF "$(ENABLE_IPV6)" == "yes" IPV6_FLAGS = /D USE_GETADDRINFO !ENDIF # Exclude stuff we don't need from the Win32 headers WIN32_DEFS = /D WIN32_LEAN_AND_MEAN /D NOUSER /D NOGDI /D NONLS /D NOCRYPT CPP=cl.exe CPP_PROJ = /c /nologo $(CFLAGS) $(WIN32_DEFS) $(EXPAT_FLAGS) $(OPENSSL_FLAGS) $(ZLIB_FLAGS) $(IPV6_FLAGS) /D "HAVE_CONFIG_H" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" LIB32=link.exe -lib LIB32_FLAGS=/nologo /out:"$(TARGET)" LIB32_OBJS= \ "$(INTDIR)\ne_alloc.obj" \ "$(INTDIR)\ne_auth.obj" \ "$(INTDIR)\ne_basic.obj" \ "$(INTDIR)\ne_compress.obj" \ "$(INTDIR)\ne_dates.obj" \ "$(INTDIR)\ne_i18n.obj" \ "$(INTDIR)\ne_md5.obj" \ "$(INTDIR)\ne_pkcs11.obj" \ "$(INTDIR)\ne_redirect.obj" \ "$(INTDIR)\ne_request.obj" \ "$(INTDIR)\ne_session.obj" \ "$(INTDIR)\ne_socket.obj" \ "$(INTDIR)\ne_socks.obj" \ "$(INTDIR)\ne_sspi.obj" \ "$(INTDIR)\ne_string.obj" \ "$(INTDIR)\ne_uri.obj" \ "$(INTDIR)\ne_utils.obj" !IF "$(BUILD_EXPAT)" != "" LIB32_OBJS= \ $(LIB32_OBJS) \ "$(INTDIR)\ne_207.obj" \ "$(INTDIR)\ne_xml.obj" \ "$(INTDIR)\ne_xmlreq.obj" \ "$(INTDIR)\ne_oldacl.obj" \ "$(INTDIR)\ne_acl3744.obj" \ "$(INTDIR)\ne_props.obj" \ "$(INTDIR)\ne_locks.obj" !ENDIF !IF "$(OPENSSL_SRC)" != "" LIB32_OBJS = $(LIB32_OBJS) "$(INTDIR)\ne_openssl.obj" !IFDEF OPENSSL_STATIC LIB32_OBJS = $(LIB32_OBJS) "$(OPENSSL_SRC)\out32\libeay32.lib" \ "$(OPENSSL_SRC)\out32\ssleay32.lib" !ELSE LIB32_OBJS = $(LIB32_OBJS) "$(OPENSSL_SRC)\out32dll\libeay32.lib" \ "$(OPENSSL_SRC)\out32dll\ssleay32.lib" !ENDIF !ELSE # Provide ABI-compatibility stubs for SSL interface LIB32_OBJS = $(LIB32_OBJS) "$(INTDIR)\ne_stubssl.obj" !ENDIF !IF "$(ZLIB_SRC)" != "" LIB32_OBJS = $(LIB32_OBJS) $(ZLIB_LIBS) !ENDIF ALL: ".\src\config.h" "$(TARGET)" CLEAN: $(ZLIB_CLEAN) -@erase "$(INTDIR)\ne_207.obj" -@erase "$(INTDIR)\ne_alloc.obj" -@erase "$(INTDIR)\ne_oldacl.obj" -@erase "$(INTDIR)\ne_acl3744.obj" -@erase "$(INTDIR)\ne_auth.obj" -@erase "$(INTDIR)\ne_basic.obj" -@erase "$(INTDIR)\ne_compress.obj" -@erase "$(INTDIR)\ne_dates.obj" -@erase "$(INTDIR)\ne_i18n.obj" -@erase "$(INTDIR)\ne_locks.obj" -@erase "$(INTDIR)\ne_md5.obj" -@erase "$(INTDIR)\ne_props.obj" -@erase "$(INTDIR)\ne_redirect.obj" -@erase "$(INTDIR)\ne_request.obj" -@erase "$(INTDIR)\ne_session.obj" -@erase "$(INTDIR)\ne_openssl.obj" -@erase "$(INTDIR)\ne_stubssl.obj" -@erase "$(INTDIR)\ne_pkcs11.obj" -@erase "$(INTDIR)\ne_socket.obj" -@erase "$(INTDIR)\ne_socks.obj" -@erase "$(INTDIR)\ne_sspi.obj" -@erase "$(INTDIR)\ne_string.obj" -@erase "$(INTDIR)\ne_uri.obj" -@erase "$(INTDIR)\ne_utils.obj" -@erase "$(INTDIR)\ne_xml.obj" -@erase "$(INTDIR)\ne_xmlreq.obj" -@erase "$(TARGET)" -@erase ".\src\config.h" "$(TARGET)": $(DEF_FILE) $(LIB32_OBJS) -@if not exist "$(INTDIR)/$(NULL)" mkdir "$(INTDIR)" $(LIB32) @<< $(LIB32_FLAGS) $(DEF_FLAGS) $(LIB32_OBJS) << {src}.c{$(INTDIR)}.obj:: -@if not exist "$(INTDIR)/$(NULL)" mkdir "$(INTDIR)" $(CPP) @<< $(CPP_PROJ) $< << ".\src\config.h": config.hw -@if not exist "$(INTDIR)/$(NULL)" mkdir "$(INTDIR)" < nul echo Created config.h from config.hw << "$(INTDIR)\ne_207.obj": .\src\ne_207.c "$(INTDIR)\ne_alloc.obj": .\src\ne_alloc.c "$(INTDIR)\ne_acl3744.obj": .\src\ne_acl3744.c "$(INTDIR)\ne_oldacl.obj": .\src\ne_oldacl.c "$(INTDIR)\ne_auth.obj": .\src\ne_auth.c "$(INTDIR)\ne_basic.obj": .\src\ne_basic.c "$(INTDIR)\ne_compress.obj": .\src\ne_compress.c "$(INTDIR)\ne_dates.obj": .\src\ne_dates.c "$(INTDIR)\ne_i18n.obj": .\src\ne_i18n.c "$(INTDIR)\ne_locks.obj": .\src\ne_locks.c "$(INTDIR)\ne_md5.obj": .\src\ne_md5.c "$(INTDIR)\ne_props.obj": .\src\ne_props.c "$(INTDIR)\ne_redirect.obj": .\src\ne_redirect.c "$(INTDIR)\ne_request.obj": .\src\ne_request.c "$(INTDIR)\ne_session.obj": .\src\ne_session.c "$(INTDIR)\ne_openssl.obj": .\src\ne_openssl.c "$(INTDIR)\ne_stubssl.obj": .\src\ne_stubssl.c "$(INTDIR)\ne_pkcs11.obj": .\src\ne_pkcs11.c "$(INTDIR)\ne_socket.obj": .\src\ne_socket.c "$(INTDIR)\ne_socks.obj": .\src\ne_socks.c "$(INTDIR)\ne_sspi.obj": .\src\ne_sspi.c "$(INTDIR)\ne_string.obj": .\src\ne_string.c "$(INTDIR)\ne_uri.obj": .\src\ne_uri.c "$(INTDIR)\ne_utils.obj": .\src\ne_utils.c "$(INTDIR)\ne_xml.obj": .\src\ne_xml.c "$(INTDIR)\ne_xmlreq.obj": .\src\ne_xmlreq.c "$(ZLIB_SRC)\$(ZLIB_STATICLIB)": <, 2000-2002. # msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.4\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2002-04-09 11:12+0100\n" "Last-Translator: Petr Prazak \n" "Language-Team: cz\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-2\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "Neplatn dka HTTP stavu ve stavovm prvku na dku %d odpovdi:\n" "Stavov dka byla: %s" # src/console_fe.c:961 #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "Nelze se pipojit k serveru" # src/console_fe.c:961 #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "Nelze se pipojit k proxy serveru" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Je vyadovna autentizace na %s `%s':\n" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "Nelze zpracovat velikost bloku" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Nelze zpracovat velikost bloku" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "Nelze zpracovat velikost bloku" # src/console_fe.c:992 #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "Nelze zjistit dlku souboru: %s" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, fuzzy, c-format msgid "Range is not satisfiable" msgstr "Rozsah nen uspokojiv." #: src/ne_basic.c:188 #, fuzzy, c-format msgid "Resource does not support ranged GET requests" msgstr "Server nedovoluje sten pkazy GET." #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" # src/console_fe.c:992 #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "Nelze otevt soubor: " # src/console_fe.c:992 #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "Nelze otevt soubor: " #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" # src/console_fe.c:992 #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "Nelze zapsat do souboru: %s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" # src/console_fe.c:992 #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "Nelze zapsat do souboru: %s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 #, fuzzy msgid "Response exceeds maximum property count" msgstr "Odpov pekrocila maximln poet poloek v hlavicce." #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "Nelze zpracovat stavov dek odpovdi." #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: proxy server ukonil spojen." #: src/ne_request.c:199 #, fuzzy, c-format msgid "%s: connection was closed by server" msgstr "%s: server ukonil spojen." #: src/ne_request.c:204 #, fuzzy, c-format msgid "%s: connection timed out" msgstr "%s: spojen vyprelo." # src/console_fe.c:992 #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "Nelze zapsat do souboru: %s" # src/console_fe.c:992 #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "Nelze zapsat do souboru: %s" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" # src/console_fe.c:992 #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "Nelze zapsat do souboru: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "Nelze odeslat tlo poadavku" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "Nelze poslat poadavek" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "Nelze nast velikost bloku" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "Nelze zpracovat velikost bloku" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "Nelze nast tlo odpovdi" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "Nelze nast velikost bloku" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "Nelze pest stavov dek" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "Nelze zpracovat stavov dek odpovdi." #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "Nelze nast tlo odpovdi" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "Nelze poslat poadavek" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "Nelze nast tlo odpovdi" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "Chyba pi ten hlaviek odpovdi" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "Hlavika odpovdi je pli dlouh" #: src/ne_request.c:1217 #, fuzzy msgid "Response exceeded maximum number of header fields" msgstr "Odpov pekrocila maximln poet poloek v hlavicce." # src/console_fe.c:956 #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: Chyba: Nelze najt adresu vzdlenho potae (%s).\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" # src/console_fe.c:992 #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "Nelze zapsat do souboru: %s" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Nelze navzat SSL spojen pes proxy server." #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "Nelze navzat SSL spojen" # src/console_fe.c:961 #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "Nelze se pipojit k serveru" # src/console_fe.c:961 #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "Nelze se pipojit k proxy serveru" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "Nelze navzat SSL spojen pes proxy server." #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 #, fuzzy msgid "Connection closed" msgstr "Server ukonil spojen." #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 #, fuzzy msgid "Secure connection truncated" msgstr "Spojen vyprelo." #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "Spojen vyprelo." #: src/ne_socket.c:720 src/ne_socket.c:834 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Chyba: %s\n" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Chyba: %s\n" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "dek je pli dlouh" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "Pota nenalezen" #: src/ne_socket.c:1337 #, fuzzy msgid "Connection timed out" msgstr "%s: spojen vyprelo." #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "Nelze navzat SSL spojen" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "%s: spojen vyprelo." #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "Nelze odeslat tlo poadavku" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "Nelze nast tlo odpovdi" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "Nelze poslat poadavek" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "Nelze pest stavov dek" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "Je vyadovna autentizace na %s `%s':\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "Nelze poslat poadavek" # src/console_fe.c:961 #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "Nelze se pipojit k serveru" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" # src/console_fe.c:961 #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "Nelze se pipojit k serveru" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "Nelze nast tlo odpovdi" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" # src/console_fe.c:961 #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "Nelze se pipojit k serveru" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "Nelze nast tlo odpovdi" # src/console_fe.c:821 #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "Chyba zpracovn XML na dku %d: %s." # src/common.c:87 #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Neznm systmov chyba" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" # src/console_fe.c:821 #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "Chyba zpracovn XML na dku %d: %s." #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "Nelze nast tlo odpovdi" #, fuzzy #~ msgid "%s: %s" #~ msgstr "%s: Chyba: %s\n" neon-0.32.2/po/de.po000066400000000000000000000370661416727304000141230ustar00rootroot00000000000000# The German translation for sitecopy. # Copyright (C) 2000, Thomas Schultz # msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.3\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2002-01-13 13:37+0100\n" "Last-Translator: Thomas Schultz \n" "Language-Team: de\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "Ungltige HTTP Status-Zeile im Status-Element in Zeile %d der Antwort:\n" "Status-Zeile war: %s" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "Verbindungsaufbau zum Server gescheitert." #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "Verbindungsaufbau zum Proxy-Server gescheitert." #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Anmeldung wird bentigt auf %s `%s':\n" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "Parser-Fehler bei Ermittlung der Blockgre" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Parser-Fehler bei Ermittlung der Blockgre" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "Parser-Fehler bei Ermittlung der Blockgre" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "Konnte Lnge der Datei nicht herausfinden: %s" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, fuzzy, c-format msgid "Range is not satisfiable" msgstr "Range is not satisfiable." #: src/ne_basic.c:188 #, fuzzy, c-format msgid "Resource does not support ranged GET requests" msgstr "Server ermglicht keine teilweisen GETs." #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "Konnte Datei nicht ffnen: " #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "Konnte Datei nicht ffnen: " #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 #, fuzzy msgid "Response exceeds maximum property count" msgstr "Antwort hatte zu viele Header-Felder." #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "Konnte Status-Zeile des Servers nicht interpretieren." #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: Verbindung vom Proxy-Server geschlossen." #: src/ne_request.c:199 #, fuzzy, c-format msgid "%s: connection was closed by server" msgstr "%s: Verbindung vom Server geschlossen." #: src/ne_request.c:204 #, fuzzy, c-format msgid "%s: connection timed out" msgstr "%s: Verbindung wegen Zeitberschreitung geschlossen." #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "Konnte den Rumpf der Anfrage nicht schicken" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "Konnte keine Anfrage (request) schicken" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "Lesefehler bei Ermittlung der Blockgre" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "Parser-Fehler bei Ermittlung der Blockgre" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "Lesefehler bei Ermittlung der Blockgre" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "Konnte Status-Zeile des Servers nicht lesen" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "Konnte Status-Zeile des Servers nicht interpretieren." #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "Konnte keine Anfrage (request) schicken" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "Fehler beim Lesen der Kopfzeilen (header) der Antwort" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "Kopfzeilen (header) der Antwort zu lang" #: src/ne_request.c:1217 #, fuzzy msgid "Response exceeded maximum number of header fields" msgstr "Antwort hatte zu viele Header-Felder." #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: Fehler: Konnte den Namen des Servers nicht auflsen (%s).\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Konnte durch den Proxy-Server keine SSL-Verbindung herstellen" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "Konnte keine SSL-Sitzung herstellen" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "Verbindungsaufbau zum Server gescheitert." #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "Verbindungsaufbau zum Proxy-Server gescheitert." #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "Konnte durch den Proxy-Server keine SSL-Verbindung herstellen" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 #, fuzzy msgid "Connection closed" msgstr "Verbindung vom Server geschlossen" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 #, fuzzy msgid "Secure connection truncated" msgstr "Verbindung wegen Zeitberschreitung abgebrochen." #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "Verbindung wegen Zeitberschreitung abgebrochen." #: src/ne_socket.c:720 src/ne_socket.c:834 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Fehler: %s\n" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Fehler: %s\n" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "Zeile zu lang" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "Host nicht gefunden" #: src/ne_socket.c:1337 #, fuzzy msgid "Connection timed out" msgstr "%s: Verbindung wegen Zeitberschreitung geschlossen." #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "Konnte keine SSL-Sitzung herstellen" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "%s: Verbindung wegen Zeitberschreitung geschlossen." #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "Konnte den Rumpf der Anfrage nicht schicken" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "Konnte keine Anfrage (request) schicken" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "Konnte Status-Zeile des Servers nicht lesen" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "Anmeldung wird bentigt auf %s `%s':\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "Konnte keine Anfrage (request) schicken" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "Verbindungsaufbau zum Server gescheitert." #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "Verbindungsaufbau zum Server gescheitert." #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "Verbindungsaufbau zum Server gescheitert." #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "Konnte Rumpf der Antwort nicht lesen" #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "Fehler beim XML-Parsing in Zeile %d: %s." #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Unbekannter System-Fehler" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "Fehler beim XML-Parsing in Zeile %d: %s." #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "Konnte Rumpf der Antwort nicht lesen" #, fuzzy #~ msgid "%s: %s" #~ msgstr "%s: %s\n" neon-0.32.2/po/fr.po000066400000000000000000000366761416727304000141500ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) 2000 Sylvain Glaize # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sitecopy 0.9.3\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2000-01-31 00:00+0100\n" "Last-Translator: Sylvain Glaize \n" "Language-Team: fr\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "" #: src/ne_basic.c:188 #, c-format msgid "Resource does not support ranged GET requests" msgstr "" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "" #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:199 #, c-format msgid "%s: connection was closed by server" msgstr "" #: src/ne_request.c:204 #, c-format msgid "%s: connection timed out" msgstr "" #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "" #: src/ne_request.c:795 #, fuzzy msgid "Could not parse chunk size" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "" #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: erreur: impossible de trouver le nom de l'hte distant.\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, fuzzy, c-format msgid "Could not write to file: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:1598 #, fuzzy msgid "Could not connect to server" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:1600 #, fuzzy msgid "Could not connect to proxy server" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 msgid "Connection closed" msgstr "" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 msgid "Secure connection truncated" msgstr "" #: src/ne_socket.c:699 msgid "Secure connection reset" msgstr "" #: src/ne_socket.c:720 src/ne_socket.c:834 #, fuzzy, c-format msgid "SSL error: %s" msgstr "" "%s: dans issue_error\n" "%s" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "" "%s: dans issue_error\n" "%s" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "" #: src/ne_socket.c:1337 msgid "Connection timed out" msgstr "" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 msgid "connection not permitted" msgstr "" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" "%s: erreur dans le fichier de ressources la ligne %d:\n" "%s\n" #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Erreur systme inconnue" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" "%s: erreur dans le fichier de ressources la ligne %d:\n" "%s\n" #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" #, fuzzy #~ msgid "%s: %s" #~ msgstr "" #~ "%s: dans issue_error\n" #~ "%s" neon-0.32.2/po/ja.po000066400000000000000000000350041416727304000141130ustar00rootroot00000000000000# The Japanese translation for sitecopy # Copyright (C) 2000 Nobuyuki Tsuchimura # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sitecopy 0.10.14\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2001-01-16 07:32+0900\n" "Last-Translator: Nobuyuki Tsuchimura \n" "Language-Team: ja\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=EUC-JP\n" "Content-Transfer-Encoding: 8-bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "ץС³Ǥޤ" #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "ץС³Ǥޤ" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 #, fuzzy msgid "GSSAPI authentication error: " msgstr "%s ؤǧڤ %s ɬפǤ '%s':\n" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "chunk 礭ϤǤޤ" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "chunk 礭ϤǤޤ" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "chunk 礭ϤǤޤ" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "ե뤬ɤޤ: " #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "" #: src/ne_basic.c:188 #, fuzzy, c-format msgid "Resource does not support ranged GET requests" msgstr "Сեʬ򥵥ݡȤƤޤ" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "ե뤬ɤޤ: " #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "ե뤬񤱤ޤ: " #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "" #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "chunk 礭ϤǤޤ" #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: ³ץСڤޤ" #: src/ne_request.c:199 #, fuzzy, c-format msgid "%s: connection was closed by server" msgstr "%s: ³Сڤޤ" #: src/ne_request.c:204 #, fuzzy, c-format msgid "%s: connection timed out" msgstr "%s: ³ॢȤǤ" #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "ץС³Ǥޤ" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "chunk 礭ɤޤ" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "chunk 礭ϤǤޤ" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "response body ɤޤ" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "chunk 礭ɤޤ" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "response body ɤޤ" #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "response body ɤޤ" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "response body ɤޤ" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "" #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: 顼: СΥۥ̾ (%s) IP ɥ쥹ѴǤޤ\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "ե뤬񤱤ޤ: %s" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "ץС SSL ³Ǥޤ" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "ץС SSL ³Ǥޤ" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "ץС³Ǥޤ" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "ץС³Ǥޤ" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "ץС SSL ³Ǥޤ" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 #, fuzzy msgid "Connection closed" msgstr "%s: ³Сڤޤ" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 #, fuzzy msgid "Secure connection truncated" msgstr "³ॢȡ" #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "³ॢȡ" #: src/ne_socket.c:720 src/ne_socket.c:834 #, c-format msgid "SSL error: %s" msgstr "" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, c-format msgid "SSL alert received: %s" msgstr "" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "" #: src/ne_socket.c:1337 #, fuzzy msgid "Connection timed out" msgstr "%s: ³ॢȤǤ" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "ץС SSL ³Ǥޤ" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "%s: ³ॢȤǤ" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "response body ɤޤ" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "response body ɤޤ" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "chunk 礭ɤޤ" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "chunk 礭ɤޤ" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "%s ؤǧڤ %s ɬפǤ '%s':\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "ץС³Ǥޤ" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "ץС³Ǥޤ" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "ץС³Ǥޤ" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "response body ɤޤ" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "ץС³Ǥޤ" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "response body ɤޤ" #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" "%s: rcfile %d ԤǴְäƤޤ:\n" "%s\n" #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "̤ΤΥƥ२顼" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" "%s: rcfile %d ԤǴְäƤޤ:\n" "%s\n" #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "response body ɤޤ" #, fuzzy #~ msgid "%s: %s" #~ msgstr "桼̾: %s\n" neon-0.32.2/po/neon.pot000066400000000000000000000307501416727304000146470ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" #: src/ne_auth.c:165 #, c-format msgid "Could not authenticate to server: %s" msgstr "" #: src/ne_auth.c:170 #, c-format msgid "Could not authenticate to proxy server: %s" msgstr "" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 msgid "could not handle non-ASCII username in Digest challenge" msgstr "" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 msgid "could not parse domain in Digest challenge" msgstr "" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 msgid "could not parse challenge" msgstr "" #: src/ne_basic.c:98 #, c-format msgid "Could not determine file size: %s" msgstr "" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "" #: src/ne_basic.c:188 #, c-format msgid "Resource does not support ranged GET requests" msgstr "" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 msgid "Could not inflate data" msgstr "" #: src/ne_compress.c:293 msgid "Could not initialize zlib" msgstr "" #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, c-format msgid "Could not verify server certificate: %s" msgstr "" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, c-format msgid "SSL handshake failed: %s" msgstr "" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "" #: src/ne_redirect.c:92 #, c-format msgid "Could not parse redirect destination URL" msgstr "" #: src/ne_request.c:196 #, c-format msgid "%s: connection was closed by proxy server" msgstr "" #: src/ne_request.c:199 #, c-format msgid "%s: connection was closed by server" msgstr "" #: src/ne_request.c:204 #, c-format msgid "%s: connection timed out" msgstr "" #: src/ne_request.c:307 #, c-format msgid "Premature EOF in request body file" msgstr "" #: src/ne_request.c:314 #, c-format msgid "Failed reading request body file: %s" msgstr "" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "" #: src/ne_request.c:452 msgid "Could not send chunked request terminator" msgstr "" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "" #: src/ne_request.c:848 msgid "Could not read chunk delimiter" msgstr "" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "" #: src/ne_request.c:988 msgid "Could not parse response status line" msgstr "" #: src/ne_request.c:1000 msgid "Could not read interim response headers" msgstr "" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "" #: src/ne_request.c:1069 msgid "Too many interim responses" msgstr "" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "" #: src/ne_request.c:1232 #, c-format msgid "Could not resolve hostname `%s': %s" msgstr "" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "" #: src/ne_request.c:1525 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "" #: src/ne_request.c:1564 #, c-format msgid "Could not create socket" msgstr "" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 msgid "Connection closed" msgstr "" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 msgid "Secure connection truncated" msgstr "" #: src/ne_socket.c:699 msgid "Secure connection reset" msgstr "" #: src/ne_socket.c:720 src/ne_socket.c:834 #, c-format msgid "SSL error: %s" msgstr "" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, c-format msgid "SSL alert received: %s" msgstr "" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "" #: src/ne_socket.c:1337 msgid "Connection timed out" msgstr "" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 msgid "Could not create SSL structure" msgstr "" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 msgid "connection not permitted" msgstr "" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 msgid "Could not send message to proxy" msgstr "" #: src/ne_socks.c:133 msgid "Could not read initial response from proxy" msgstr "" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 msgid "Could not send login message" msgstr "" #: src/ne_socks.c:162 msgid "Could not read login reply" msgstr "" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 msgid "Authentication failed" msgstr "" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 msgid "Could not send connect request" msgstr "" #: src/ne_socks.c:215 msgid "Could not read connect reply" msgstr "" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 msgid "Could not connect" msgstr "" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 msgid "Could not read address in connect reply" msgstr "" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 msgid "could not establish connection to identd" msgstr "" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 msgid "Could not read response from proxy" msgstr "" #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" #: src/ne_xml.c:474 msgid "Unknown error" msgstr "" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "" #: src/ne_xmlreq.c:36 #, c-format msgid "Could not parse response: %s" msgstr "" neon-0.32.2/po/nn.po000066400000000000000000000377111416727304000141430ustar00rootroot00000000000000# Norwegian Nynorsk sitecopy translation. # Copyright (C) 2001 Karl Ove Hufthammer. # Karl Ove Hufthammer , 2002. # msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.4\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2002-11-07 18:11+0100\n" "Last-Translator: Karl Ove Hufthammer \n" "Language-Team: Norwegian Nynorsk \n" "Language: nn\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "Ugyldig HTTP-statuslinje i statuselement på linje %d av svaret:\n" "Statuslinja var: %s" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "Klarte ikkje kopla til tenaren." #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "Klarte ikkje kopla til mellomtenar" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Krev autentisering på %s «%s»:\n" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, fuzzy, c-format msgid "Negotiate response verification failure: %s" msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "Klarte ikkje tolka storleik på oppdelt svar" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Klarte ikkje tolka storleik på oppdelt svar" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "Klarte ikkje tolka storleik på oppdelt svar" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "Fann ikkje fillengda: %s" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, fuzzy, c-format msgid "Range is not satisfiable" msgstr "Området finst ikkje." #: src/ne_basic.c:188 #, fuzzy, c-format msgid "Resource does not support ranged GET requests" msgstr "Tenaren kan ikkje handtera kommandoar for delvis GET." #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "Klarte ikkje opna fil: " #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "Klarte ikkje opna fil: " #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 #, fuzzy msgid "Response exceeds maximum property count" msgstr "Svaret inneheld for mange header-felt." #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "Klarte ikkje tolka vidaresendingsadresse." #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: tilkoplinga vart lukka av mellomtenaren." #: src/ne_request.c:199 #, fuzzy, c-format msgid "%s: connection was closed by server" msgstr "%s: tilkoplinga vart lukka av tenaren." #: src/ne_request.c:204 #, fuzzy, c-format msgid "%s: connection timed out" msgstr "%s: sambandet vart tidsavbrote." #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "Klarte ikkje senda førespurnad" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "Klarte ikkje senda førespurnad" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "Klarte ikkje lesa storleik på oppdelt svar" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "Klarte ikkje tolka storleik på oppdelt svar" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "Klarte ikkje lesa svar" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "Klarte ikkje lesa storleik på oppdelt svar" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "Klarte ikkje lesa statuslinja" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "Klarte ikkje tolka statuslinja i svaret." #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "Klarte ikkje lesa svarlinje" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "Klarte ikkje senda førespurnad" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "Klarte ikkje lesa svarlinje" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "Feil ved lesing av svarhovud" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "For langt svarhovud" #: src/ne_request.c:1217 #, fuzzy msgid "Response exceeded maximum number of header fields" msgstr "Svaret inneheld for mange header-felt." #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: Feil: Fann ikkje adressa til nettverksvert (%s).\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "Klarte ikkje skriva til fil: %s" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Klarte ikkje oppretta SSL-tilkopling til mellomtenar" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "Klarte ikkje forhandla SSL-økt" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "Klarte ikkje kopla til tenaren." #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "Klarte ikkje kopla til mellomtenar" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "Klarte ikkje oppretta SSL-tilkopling til mellomtenar" #: src/ne_session.c:538 src/ne_session.c:549 #, fuzzy msgid "[invalid date]" msgstr "[ugyldig dato]" #: src/ne_session.c:562 #, fuzzy msgid "certificate is not yet valid" msgstr "Sertifikatet er gyldig" #: src/ne_session.c:563 #, fuzzy msgid "certificate has expired" msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_session.c:564 #, fuzzy msgid "certificate issued for a different hostname" msgstr "Sertifikatet er utferda av:" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 #, fuzzy msgid "bad certificate chain" msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_session.c:567 #, fuzzy msgid "certificate has been revoked" msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_session.c:572 #, fuzzy msgid "Server certificate verification failed: " msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 #, fuzzy msgid "Connection closed" msgstr "Tilkoplinga vart lukka av tenaren" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 #, fuzzy msgid "Secure connection truncated" msgstr "Sambandet vart tidsavbrote." #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "Sambandet vart tidsavbrote." #: src/ne_socket.c:720 src/ne_socket.c:834 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Feil: %s\n" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Feil: %s\n" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "For lang linje" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "Fann ikkje vert" #: src/ne_socket.c:1337 #, fuzzy msgid "Connection timed out" msgstr "%s: sambandet vart tidsavbrote." #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 #, fuzzy msgid "Client certificate verification failed" msgstr "Tenarsertifikatet er utgått på dato." #: src/ne_socket.c:1839 #, fuzzy msgid "SSL disabled due to lack of entropy" msgstr "SSL avslått grunna mangel på entropi" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "Klarte ikkje forhandla SSL-økt" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "%s: sambandet vart tidsavbrote." #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "Klarte ikkje senda førespurnad" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "Klarte ikkje lesa svar" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "Klarte ikkje senda førespurnad" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "Klarte ikkje lesa statuslinja" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "Krev autentisering på %s «%s»:\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "Klarte ikkje senda førespurnad" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "Klarte ikkje kopla til tenaren." #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "Klarte ikkje kopla til tenaren." #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "Klarte ikkje lesa svar" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "Klarte ikkje kopla til tenaren." #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "Klarte ikkje lesa svar" #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "XML-tolkingsfeil på linje %d: %s." #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Ukjend systemfeil" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "XML-tolkingsfeil på linje %d: %s." #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "Klarte ikkje lesa «LIST»-svar." #, fuzzy #~ msgid "Server certificate changed: connection intercepted?" #~ msgstr "Tenarsertifikatet er utgått på dato." #, fuzzy #~ msgid "SSL disabled due to library version mismatch" #~ msgstr "SSL avslått grunna mangel på entropi" #, fuzzy #~ msgid "%s: %s" #~ msgstr "%s: %s\n" #~ msgid "Server was not authenticated correctly." #~ msgstr "Tenaren vart ikkje rett autentisert." #~ msgid "Proxy server was not authenticated correctly." #~ msgstr "Mellomtenaren vart ikkje rett autentisert." neon-0.32.2/po/pl.po000066400000000000000000000451241416727304000141400ustar00rootroot00000000000000# The Polish translation for Neon. # Copyright (C) 2007-2009 Arfrever Frehtes Taifersar Arahesis # This file is distributed under the same license as the Neon package. # Arfrever Frehtes Taifersar Arahesis , 2007-2009. # msgid "" msgstr "" "Project-Id-Version: Neon 0.30.0\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2009-09-04 02:00+0200\n" "Last-Translator: Arfrever Frehtes Taifersar Arahesis \n" "Language-Team: Polish Neon Translator Arfrever Frehtes Taifersar Arahesis " "\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "Niewłaściwa linia statusu HTTP w elemencie statusu w linii %d odpowiedzi:\n" "Linia statusu była: %s" #: src/ne_auth.c:165 #, c-format msgid "Could not authenticate to server: %s" msgstr "Nie można autentykować się do serwera: %s" #: src/ne_auth.c:170 #, c-format msgid "Could not authenticate to proxy server: %s" msgstr "Nie można autentykować się do serwera proxy: %s" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "odrzucone wezwanie %s" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "brakująca domena w wezwaniu Basic" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "niewłaściwy żeton Negotiate" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "Błąd autentykacji GSSAPI: " #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "Porażka GSSAPI (kod %u)" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "ignorowanie pustej kontynuacji Negotiate" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" "weryfikacja odpowiedzi Negotiate nie udała się: niewłaściwy żeton nagłówka " "odpowiedzi" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "porażka weryfikacji odpowiedzi Negotiate: %s" #: src/ne_auth.c:760 #, fuzzy, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" "weryfikacja odpowiedzi Negotiate nie udała się: niewłaściwy żeton nagłówka " "odpowiedzi" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "nie można parsować domeny w wezwaniu Digest" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "nieznany algorytm w wezwaniu Digest" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "niekompatybilny algorytm w wezwaniu Digest" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "brakujący parametr w wezwaniu Digest" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "początkowe wezwanie Digest było nieaktualne" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "nieaktualne wezwanie Digest z nowym algorytmem lub domeną" #: src/ne_auth.c:971 #, fuzzy msgid "legacy Digest challenge not supported" msgstr "początkowe wezwanie Digest było nieaktualne" #: src/ne_auth.c:979 #, fuzzy, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "nieznany algorytm w wezwaniu Digest" #: src/ne_auth.c:993 msgid "could not parse domain in Digest challenge" msgstr "nie można parsować domeny w wezwaniu Digest" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "Porażka wzajemnego uwierzytelniania Digest: brakujące parametry" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność posłańca klienta" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: nie można parsować licznika " "posłańca" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność licznika posłańca " "(%u nie %u)" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność request-digest " "mismatch" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "wezwanie %s zignorowane" #: src/ne_auth.c:1562 msgid "could not parse challenge" msgstr "nie można parsować wezwania" #: src/ne_basic.c:98 #, c-format msgid "Could not determine file size: %s" msgstr "Nie można określić rozmiaru pliku: %s" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "Odpowiedź nie zawierała wymaganego zakresu" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "Zakres nie może być usatysfakcjonowany" #: src/ne_basic.c:188 #, c-format msgid "Resource does not support ranged GET requests" msgstr "Zasób nie obsługuje zakresowych żądań GET" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "%s: %s (kod %d)" #: src/ne_compress.c:232 msgid "Could not inflate data" msgstr "Nie można " #: src/ne_compress.c:293 msgid "Could not initialize zlib" msgstr "Nie można zainicjalizować zlib" #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "[niedrukowalne:#%lu]" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "[niedrukowalne]" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "podpisane przy użyciu niebezpiecznego algorytmu" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "nierozpoznane błędy (%u)" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "Certyfikat serwera nie posiada atrybutu commonName w nazwie tematu" #: src/ne_gnutls.c:966 #, c-format msgid "Could not verify server certificate: %s" msgstr "Nie można zweryfikować certyfikatu serwera: %s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "Błąd weryfikacji certyfikatu: %s" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "Uzgodnienie SSL nie udało się, certyfikat klienta został zażądany: %s" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, c-format msgid "SSL handshake failed: %s" msgstr "Uzgodnienie SSL nie udało się: %s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "Serwer nie wysłał łańcucha certyfikatu" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "Odpowiedź LOCK nie zawiera nagłówka Lock-Token" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "Odpowiedź nie zawiera aktywnej blokady dla %s" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" "Nie zwrócono żadnej aktywnej blokady dla <%s> w odpowiedzi LOCK refresh" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "Serwer SSL nie przedstawił certyfikatu" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "Odpowiedź przekracza maksymalną liczbę właściwości" #: src/ne_redirect.c:92 #, c-format msgid "Could not parse redirect destination URL" msgstr "Nie można parsować URL-u przeadresowanego celu" #: src/ne_request.c:196 #, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: połączenie zostało zamknięte przez serwer proxy" #: src/ne_request.c:199 #, c-format msgid "%s: connection was closed by server" msgstr "%s: połączenie zostało zamknięte przez serwer" #: src/ne_request.c:204 #, c-format msgid "%s: connection timed out" msgstr "%s: czas połączenia się skończył" #: src/ne_request.c:307 #, c-format msgid "Premature EOF in request body file" msgstr "" #: src/ne_request.c:314 #, c-format msgid "Failed reading request body file: %s" msgstr "" #: src/ne_request.c:334 msgid "offset invalid" msgstr "nieprawidłowe przesunięcie" #: src/ne_request.c:339 #, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "Nie można szukać przesunięcia %s pliku ciała żądania: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "Nie można wysłać ciała żądania" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "Nie można wysłać żądania połączenia" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "Nie można odczytać rozmiaru kawałka" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "Nie można parsować rozmiaru kawałka" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "Nie można odczytać ciała odpowiedzi" #: src/ne_request.c:848 msgid "Could not read chunk delimiter" msgstr "Nie można odczytać ogranicznika kawałka" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "Ogranicznik kawałka był nieprawidłowy" #: src/ne_request.c:964 #, fuzzy msgid "Could not read status line (TLS client certificate was requested)" msgstr "Uzgodnienie SSL nie udało się, certyfikat klienta został zażądany: %s" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "Nie można odczytać linii statusu" #: src/ne_request.c:988 msgid "Could not parse response status line" msgstr "Nie można parsować linii statusu odpowiedzi" #: src/ne_request.c:1000 msgid "Could not read interim response headers" msgstr "Nie można odczytać nagłówków tymczasowej odpowiedzi" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "Nie można wysłać żądania" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "Nie można odczytać nagłówków tymczasowej odpowiedzi" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "Błąd podczas odczytywania nagłówków odpowiedzi" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "Nagłówek odpowiedzi zbyt długi" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "Odpowiedź przekroczyła maksymalną liczbę pól nagłówka" #: src/ne_request.c:1232 #, c-format msgid "Could not resolve hostname `%s': %s" msgstr "Nie można rozwiązać nazwy hosta `%s': %s" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "Nieznane transfer-coding w odpowiedzi" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "Nieprawidłowe Content-Length w odpowiedzi" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "Nie można pisać do pliku: %s" #: src/ne_request.c:1525 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Nie można utworzyć połączenia SSL przez serwer proxy: %s" #: src/ne_request.c:1564 #, c-format msgid "Could not create socket" msgstr "Nie można utworzyć gniazda" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "Nie można połączyć się z serwerem" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "Nie można połączyć się z serwerem proxy" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "Nie można znaleźć adresu IPv4 nazwy hosta %s dla proxy SOCKS v4" #: src/ne_request.c:1701 #, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "Nie można nawiązać połączenia z proxy SOCKS (%s:%u): %s" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "[nieprawidłowa data]" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "certyfikat nie jest jeszcze poprawny" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "certyfikat wygasł" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "certyfikat wydany dla innej nazwy hosta" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "wydawca nie jest zaufany" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "zły łańcuch certyfikatu" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "certyfikat został unieważniony" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "Weryfikacja certyfikatu serwera nie powiodła się: " #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 msgid "Connection closed" msgstr "Połączenie zamknięte" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 msgid "Secure connection truncated" msgstr "Bezpieczne połączenie obcięte" #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "Bezpieczne połączenie obcięte" #: src/ne_socket.c:720 src/ne_socket.c:834 #, c-format msgid "SSL error: %s" msgstr "Błąd SSL: %s" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "Kod błędu SSL %d/%d/%lu" #: src/ne_socket.c:809 #, c-format msgid "SSL alert received: %s" msgstr "Alarm SSL otrzymany: %s" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "Odczytywanie gniazda SSL nie powiodło się" #: src/ne_socket.c:961 msgid "Line too long" msgstr "Linia zbyt długa" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "Host nieznaleziony" #: src/ne_socket.c:1337 msgid "Connection timed out" msgstr "Czas połączenia się skończył" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "Numer deskryptoru gniazda przekracza FD_SETSIZE" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "Rodzina gniazda niewspierana" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "Weryfikacja certyfikatu klienta nie powiodła się" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "SSL wyłączone z powodu braku entropii" #: src/ne_socket.c:1845 msgid "Could not create SSL structure" msgstr "Nie można utworzyć struktury SSL" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "porażka" #: src/ne_socks.c:68 msgid "connection not permitted" msgstr "połączenie niedozwolone" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "sieć nieosiągalna" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "host nieosiągalny" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "TTL utraciło ważność" #: src/ne_socks.c:80 msgid "command not supported" msgstr "polecenie niewspierane" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "typ adresu niewspierany" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "%s: nierozpoznany błąd (%u)" #: src/ne_socks.c:128 src/ne_socks.c:328 msgid "Could not send message to proxy" msgstr "Nie można wysłać wiadomości do proxy" #: src/ne_socks.c:133 msgid "Could not read initial response from proxy" msgstr "Nie można odczytać początkowej odpowiedzi od proxy" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "Nieprawidłowa wersja w odpowiedzi proxy" #: src/ne_socks.c:157 msgid "Could not send login message" msgstr "Nie można wysłać wiadomości logowania" #: src/ne_socks.c:162 msgid "Could not read login reply" msgstr "Nie można odczytać odpowiedzi logowania" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "Nieprawidłowa wersja w odpowiedzi logowania" #: src/ne_socks.c:168 msgid "Authentication failed" msgstr "Błąd uwierzytelniania" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "Brak akceptowalnej metody uwierzytelniania" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "Nieoczekiwana metoda uwierzytelniania wybrana" #: src/ne_socks.c:210 msgid "Could not send connect request" msgstr "Nie można wysłać żądania połączenia" #: src/ne_socks.c:215 msgid "Could not read connect reply" msgstr "Nie można odczytac odpowiedzi połączenia" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "Nieprawidłowa wersja w odpowiedzi połączenia" #: src/ne_socks.c:221 src/ne_socks.c:337 msgid "Could not connect" msgstr "Nie można połączyć się" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "Nie można odczytać długości FQDN w odpowiedzi połączenia" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "Nieznany typ adresu w odpowiedzi połączenia" #: src/ne_socks.c:245 msgid "Could not read address in connect reply" msgstr "Nie można odczytać adresu w odpowiedzi połączenia" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "żądanie odrzucone lub nieudane" #: src/ne_socks.c:269 msgid "could not establish connection to identd" msgstr "Nie można połączyć się z identd" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "odrzucone z powodu niezgodności użytkownika identd" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "%s: nierozpoznana porażka (%u)" #: src/ne_socks.c:333 msgid "Could not read response from proxy" msgstr "Nie można odczytać odpowiedzi od proxy" #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "Błąd podczas parsowania XML w linii %d: nieprawidłowa nazwa elementu" #: src/ne_xml.c:474 msgid "Unknown error" msgstr "Nieznany błąd" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "Nieprawidłowy Znacznik Kolejności Bajtów" #: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "Błąd podczas parsowania XML w linii %d: %s" #: src/ne_xmlreq.c:36 #, c-format msgid "Could not parse response: %s" msgstr "Nie można parsować odpowiedzi: %s" #~ msgid "Server certificate changed: connection intercepted?" #~ msgstr "Certyfikat serwera zmienił się: połączenie przechwycone?" #~ msgid "SSL disabled due to library version mismatch" #~ msgstr "SSL wyłączone z powodu niezgodności wersji biblioteki" neon-0.32.2/po/ru.po000066400000000000000000000350721416727304000141540ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) 1999 Michael Sobolev # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.5\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2002-11-11 14:28+0000\n" "Last-Translator: Michael Sobolev \n" "Language-Team: ru\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=koi8-r\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "%s: : : %s\n" #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "%s: : : %s\n" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "%s: : : %s\n" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "%s: : : %s\n" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "%s: : : %s\n" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "%s: : : %s\n" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "" #: src/ne_basic.c:188 #, c-format msgid "Resource does not support ranged GET requests" msgstr "" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "%s: : : %s\n" #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "%s: : : %s\n" #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "%s: : : %s\n" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "%s: : : %s\n" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "" #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "%s: : : %s\n" #: src/ne_request.c:196 #, c-format msgid "%s: connection was closed by proxy server" msgstr "" #: src/ne_request.c:199 #, c-format msgid "%s: connection was closed by server" msgstr "" #: src/ne_request.c:204 #, c-format msgid "%s: connection timed out" msgstr "" #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "%s: : : %s\n" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "%s: : : %s\n" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "%s: : : %s\n" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "%s: : : %s\n" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "" #: src/ne_request.c:795 #, fuzzy msgid "Could not parse chunk size" msgstr "%s: : : %s\n" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "%s: : : %s\n" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "%s: : : %s\n" #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "%s: : : %s\n" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "%s: : : %s\n" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "" #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: : : %s.\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, fuzzy, c-format msgid "Could not write to file: %s" msgstr "%s: : : %s\n" #: src/ne_request.c:1525 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "%s: : : %s\n" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 msgid "Connection closed" msgstr "" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 msgid "Secure connection truncated" msgstr "" #: src/ne_socket.c:699 msgid "Secure connection reset" msgstr "" #: src/ne_socket.c:720 src/ne_socket.c:834 #, c-format msgid "SSL error: %s" msgstr "" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, c-format msgid "SSL alert received: %s" msgstr "" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "" #: src/ne_socket.c:1337 msgid "Connection timed out" msgstr "" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 msgid "Could not create SSL structure" msgstr "" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 msgid "connection not permitted" msgstr "" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "%s: : : %s\n" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "%s: : : %s\n" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "%s: : : %s\n" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "%s: : : %s\n" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "%s: : : %s\n" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "%s: : : %s\n" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "%s: : : %s\n" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "%s: : : %s\n" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 msgid "Could not read address in connect reply" msgstr "" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 msgid "could not establish connection to identd" msgstr "" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "%s: : : %s\n" #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr " " #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "" #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "%s: : : %s\n" #, fuzzy #~ msgid "%s: %s" #~ msgstr "%s\n" neon-0.32.2/po/tr.po000066400000000000000000000356011416727304000141510ustar00rootroot00000000000000# sitecopy localization for turkish (tr) # Copyright (C) 2001 Free Software Foundation, Inc. # A. Sinan Unur , 2001. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: sitecopy-0.10.10\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2001-01-03 HO:MI+ZONE\n" "Last-Translator: A. Sinan Unur \n" "Language-Team: tr\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-9\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" #: src/ne_auth.c:165 #, fuzzy, c-format msgid "Could not authenticate to server: %s" msgstr "Sunucuyla balant kurulamad" #: src/ne_auth.c:170 #, fuzzy, c-format msgid "Could not authenticate to proxy server: %s" msgstr "Ara sunucuyla balant kurulamad" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "" #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" #: src/ne_auth.c:760 #, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "Para boyutu anlalamad" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "" #: src/ne_auth.c:971 msgid "legacy Digest challenge not supported" msgstr "" #: src/ne_auth.c:979 #, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "" #: src/ne_auth.c:993 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Para boyutu anlalamad" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "" #: src/ne_auth.c:1562 #, fuzzy msgid "could not parse challenge" msgstr "Para boyutu anlalamad" #: src/ne_basic.c:98 #, fuzzy, c-format msgid "Could not determine file size: %s" msgstr "Dosya alamad: " #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "" #: src/ne_basic.c:188 #, fuzzy, c-format msgid "Resource does not support ranged GET requests" msgstr "Sunucu ksmi GET ilemini desteklemiyor." #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "" #: src/ne_compress.c:232 #, fuzzy msgid "Could not inflate data" msgstr "Dosya alamad: " #: src/ne_compress.c:293 #, fuzzy msgid "Could not initialize zlib" msgstr "Dosyaya yazm yaplamad: " #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "%s dosyasna yazm yaplamad" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "%s dosyasna yazm yaplamad" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "" #: src/ne_redirect.c:92 #, fuzzy, c-format msgid "Could not parse redirect destination URL" msgstr "Durum satr anlalamad." #: src/ne_request.c:196 #, fuzzy, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: balant ara sunucu tarafinden kesildi." #: src/ne_request.c:199 #, fuzzy, c-format msgid "%s: connection was closed by server" msgstr "%s: balant sunucu tarafinden kesildi." #: src/ne_request.c:204 #, fuzzy, c-format msgid "%s: connection timed out" msgstr "%s: balant bekleme snr ald." #: src/ne_request.c:307 #, fuzzy, c-format msgid "Premature EOF in request body file" msgstr "%s dosyasna yazm yaplamad" #: src/ne_request.c:314 #, fuzzy, c-format msgid "Failed reading request body file: %s" msgstr "%s dosyasna yazm yaplamad" #: src/ne_request.c:334 msgid "offset invalid" msgstr "" #: src/ne_request.c:339 #, fuzzy, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "%s dosyasna yazm yaplamad" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "stek metni gnderilemedi" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "stek gnderilemedi" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "Para boyutu renilemedi" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "Para boyutu anlalamad" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "Yant metni okunamad" #: src/ne_request.c:848 #, fuzzy msgid "Could not read chunk delimiter" msgstr "Para boyutu renilemedi" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "Durum satr okunamad" #: src/ne_request.c:988 #, fuzzy msgid "Could not parse response status line" msgstr "Durum satr anlalamad." #: src/ne_request.c:1000 #, fuzzy msgid "Could not read interim response headers" msgstr "Yant metni okunamad" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "stek gnderilemedi" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "Yant metni okunamad" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "Yant balklar okunurken hata" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "Yant bal ok uzun" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "" #: src/ne_request.c:1232 #, fuzzy, c-format msgid "Could not resolve hostname `%s': %s" msgstr "%s: Hata: %s sunucusunun adresi bulunamad.\n" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "%s dosyasna yazm yaplamad" #: src/ne_request.c:1525 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Ara sunucu zerinden SSL balants kurulamad" #: src/ne_request.c:1564 #, fuzzy, c-format msgid "Could not create socket" msgstr "SSL balants kurulamad" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "Sunucuyla balant kurulamad" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "Ara sunucuyla balant kurulamad" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "Ara sunucu zerinden SSL balants kurulamad" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "" #: src/ne_session.c:566 msgid "bad certificate chain" msgstr "" #: src/ne_session.c:567 msgid "certificate has been revoked" msgstr "" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 #, fuzzy msgid "Connection closed" msgstr "Balant sunucu tarafndan kesildi" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 #, fuzzy msgid "Secure connection truncated" msgstr "Balant sre snr ald." #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "Balant sre snr ald." #: src/ne_socket.c:720 src/ne_socket.c:834 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Hata: %s\n" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" #: src/ne_socket.c:809 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Hata: %s\n" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "" #: src/ne_socket.c:961 msgid "Line too long" msgstr "Satr ok uzun" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "Sunucu bulunamad" #: src/ne_socket.c:1337 #, fuzzy msgid "Connection timed out" msgstr "%s: balant bekleme snr ald." #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "" #: src/ne_socket.c:1845 #, fuzzy msgid "Could not create SSL structure" msgstr "SSL balants kurulamad" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "%s: balant bekleme snr ald." #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "stek metni gnderilemedi" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "Yant metni okunamad" #: src/ne_socks.c:136 msgid "Invalid version in proxy response" msgstr "" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "stek gnderilemedi" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "Durum satr okunamad" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "%s dosyasna yazm yaplamad" #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "stek gnderilemedi" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "Sunucuyla balant kurulamad" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "Sunucuyla balant kurulamad" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "Yant metni okunamad" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "Sunucuyla balant kurulamad" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "Yant metni okunamad" #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" "%s: kurulum dosyasnda bozukluk var. satr %d:\n" "%s\n" #: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Bilinmeyen sistem hatas" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" #: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" "%s: kurulum dosyasnda bozukluk var. satr %d:\n" "%s\n" #: src/ne_xmlreq.c:36 #, fuzzy, c-format msgid "Could not parse response: %s" msgstr "Yant metni okunamad" #, fuzzy #~ msgid "%s: %s" #~ msgstr "%s: Hata: %s\n" #~ msgid "Server was not authenticated correctly." #~ msgstr "Server was not authenticated correctly." #~ msgid "Proxy server was not authenticated correctly." #~ msgstr "Proxy server was not authenticated correctly." neon-0.32.2/po/zh_CN.po000066400000000000000000000402701416727304000145230ustar00rootroot00000000000000# Simplified chinese message for neon # # Copyright (C) 2006-2008 Free Software Foundation, Inc. # This file is distributed under the same license as the neon package. # # Dongsheng Song , 2006-2008 # msgid "" msgstr "" "Project-Id-Version: neon 0.29.x\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" "POT-Creation-Date: 2021-09-20 10:49+0100\n" "PO-Revision-Date: 2008-03-03 11:20+0800\n" "Last-Translator: Dongsheng Song \n" "Language-Team: neon@webdav.org\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: src/ne_207.c:213 #, c-format msgid "" "Invalid HTTP status line in status element at line %d of response:\n" "Status line was: %s" msgstr "" "响应信息中 %d 行的状态元素中发现非法 HTTP 状态行:\n" "状态行是: %s" #: src/ne_auth.c:165 #, c-format msgid "Could not authenticate to server: %s" msgstr "不能认证到服务器: %s" #: src/ne_auth.c:170 #, c-format msgid "Could not authenticate to proxy server: %s" msgstr "不能认证到代理服务器: %s" #: src/ne_auth.c:428 #, c-format msgid "rejected %s challenge" msgstr "被拒绝的 %s 挑战" #: src/ne_auth.c:469 msgid "missing realm in Basic challenge" msgstr "在基本挑战中丢失了领域" #: src/ne_auth.c:483 msgid "cannot handle Basic challenge for username containing colon" msgstr "" #: src/ne_auth.c:588 msgid "invalid Negotiate token" msgstr "非法磋商令牌" #: src/ne_auth.c:611 msgid "GSSAPI authentication error: " msgstr "GSSAPI 认证错误: " #: src/ne_auth.c:624 #, c-format msgid "GSSAPI failure (code %u)" msgstr "GSSAPI 失败(代码 %u)" #: src/ne_auth.c:659 msgid "ignoring empty Negotiate continuation" msgstr "忽略后续的空磋商" #: src/ne_auth.c:674 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "校验协商响应失败:非法响应头令牌" #: src/ne_auth.c:696 #, c-format msgid "Negotiate response verification failure: %s" msgstr "磋商响应校验失败: %s" #: src/ne_auth.c:760 #, fuzzy, c-format msgid "SSPI response verification failed: invalid response header token" msgstr "校验协商响应失败:非法响应头令牌" #: src/ne_auth.c:918 #, fuzzy msgid "could not handle non-ASCII username in Digest challenge" msgstr "在摘要挑战中的不能解析域" #: src/ne_auth.c:947 msgid "unknown algorithm in Digest challenge" msgstr "在摘要挑战中的算法不可识别" #: src/ne_auth.c:951 msgid "incompatible algorithm in Digest challenge" msgstr "在摘要挑战中的算法不兼容" #: src/ne_auth.c:955 msgid "missing parameter in Digest challenge" msgstr "在摘要挑战中的参数丢失" #: src/ne_auth.c:959 msgid "initial Digest challenge was stale" msgstr "陈旧的初始化摘要挑战" #: src/ne_auth.c:966 msgid "stale Digest challenge with new algorithm or realm" msgstr "陈旧的摘要挑战用于新算法或新领域" #: src/ne_auth.c:971 #, fuzzy msgid "legacy Digest challenge not supported" msgstr "陈旧的初始化摘要挑战" #: src/ne_auth.c:979 #, fuzzy, c-format msgid "%s algorithm in Digest challenge not supported" msgstr "在摘要挑战中的算法不可识别" #: src/ne_auth.c:993 msgid "could not parse domain in Digest challenge" msgstr "在摘要挑战中的不能解析域" #: src/ne_auth.c:1272 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "摘要互相认证失败:参数遗漏" #: src/ne_auth.c:1277 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "摘要互相认证失败:客户现时不匹配" #: src/ne_auth.c:1287 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "摘要互相认证失败:不能解析现时计数" #: src/ne_auth.c:1292 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "摘要互相认证失败:现时计算不匹配 (应该是 %u,不是 %u)" #: src/ne_auth.c:1319 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "摘要互相认证失败:请求摘要不匹配" #: src/ne_auth.c:1457 #, c-format msgid "ignored %s challenge" msgstr "被忽略的 %s 挑战" #: src/ne_auth.c:1562 msgid "could not parse challenge" msgstr "不能解析挑战" #: src/ne_basic.c:98 #, c-format msgid "Could not determine file size: %s" msgstr "不能确定的文件大小:%s" #: src/ne_basic.c:149 #, c-format msgid "Response did not include requested range" msgstr "响应没有包含请求范围" #: src/ne_basic.c:183 #, c-format msgid "Range is not satisfiable" msgstr "不能满足的范围" #: src/ne_basic.c:188 #, c-format msgid "Resource does not support ranged GET requests" msgstr "资源不支持范围读取" #: src/ne_compress.c:184 #, c-format msgid "%s: %s (code %d)" msgstr "%s: %s (代码 %d)" #: src/ne_compress.c:232 msgid "Could not inflate data" msgstr "解压数据失败" #: src/ne_compress.c:293 msgid "Could not initialize zlib" msgstr "初始化 zlib 失败" #: src/ne_gnutls.c:184 #, c-format msgid "[unprintable:#%lu]" msgstr "[非打印字符:#%lu]" #: src/ne_gnutls.c:213 msgid "[unprintable]" msgstr "[非打印字符]" #: src/ne_gnutls.c:660 #, c-format msgid "Failed to import private key: %s" msgstr "" #: src/ne_gnutls.c:904 msgid "signed using insecure algorithm" msgstr "" #: src/ne_gnutls.c:907 #, c-format msgid "unrecognized errors (%u)" msgstr "" #: src/ne_gnutls.c:952 src/ne_openssl.c:483 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "服务器证书在主题名称遗漏了属性 commonName" #: src/ne_gnutls.c:966 #, fuzzy, c-format msgid "Could not verify server certificate: %s" msgstr "不能写入文件:%s" #: src/ne_gnutls.c:985 src/ne_openssl.c:470 #, c-format msgid "Certificate verification error: %s" msgstr "证书校验失败:%s" #: src/ne_gnutls.c:1018 src/ne_openssl.c:719 #, c-format msgid "SSL handshake failed, client certificate was requested: %s" msgstr "" #: src/ne_gnutls.c:1023 src/ne_openssl.c:724 #, fuzzy, c-format msgid "SSL handshake failed: %s" msgstr "SSL 协商失败:%s" #: src/ne_gnutls.c:1033 #, c-format msgid "Server did not send certificate chain" msgstr "服务器不能发送证书链" #: src/ne_locks.c:619 msgid "LOCK response missing Lock-Token header" msgstr "LOCK 的响应遗漏了 Lock-Token 行" #: src/ne_locks.c:794 #, c-format msgid "Response missing activelock for %s" msgstr "锁定 %s 的响应遗漏了主动锁" #: src/ne_locks.c:836 #, c-format msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "刷新锁定 %s 的响应没有返回主动锁" #: src/ne_openssl.c:744 #, c-format msgid "SSL server did not present certificate" msgstr "SSL 服务器不能呈现证书" #: src/ne_props.c:371 src/ne_props.c:435 msgid "Response exceeds maximum property count" msgstr "响应超过了属性的最大计数" #: src/ne_redirect.c:92 #, c-format msgid "Could not parse redirect destination URL" msgstr "不能解析重定向 URL" #: src/ne_request.c:196 #, c-format msgid "%s: connection was closed by proxy server" msgstr "%s: 连接被代理服务器关闭" #: src/ne_request.c:199 #, c-format msgid "%s: connection was closed by server" msgstr "%s: 连接被服务器关闭" #: src/ne_request.c:204 #, c-format msgid "%s: connection timed out" msgstr "%s: 连接超时" #: src/ne_request.c:307 #, c-format msgid "Premature EOF in request body file" msgstr "" #: src/ne_request.c:314 #, c-format msgid "Failed reading request body file: %s" msgstr "" #: src/ne_request.c:334 msgid "offset invalid" msgstr "非法偏移" #: src/ne_request.c:339 #, c-format msgid "Could not seek to offset %s of request body file: %s" msgstr "在请求主体文件不能定位到偏移 %s: %s" #: src/ne_request.c:425 msgid "Could not send request body" msgstr "不能发送请求主体" #: src/ne_request.c:452 #, fuzzy msgid "Could not send chunked request terminator" msgstr "不能发送请求" #: src/ne_request.c:788 msgid "Could not read chunk size" msgstr "不能读块大小" #: src/ne_request.c:795 msgid "Could not parse chunk size" msgstr "不能解析块大小" #: src/ne_request.c:832 msgid "Could not read response body" msgstr "不能读取响应主体" #: src/ne_request.c:848 msgid "Could not read chunk delimiter" msgstr "不能读块分割符" #: src/ne_request.c:851 msgid "Chunk delimiter was invalid" msgstr "非法的分割符" #: src/ne_request.c:964 msgid "Could not read status line (TLS client certificate was requested)" msgstr "" #: src/ne_request.c:965 msgid "Could not read status line" msgstr "不能读状态行" #: src/ne_request.c:988 msgid "Could not parse response status line" msgstr "不能解析响应状态行" #: src/ne_request.c:1000 msgid "Could not read interim response headers" msgstr "不能读临时响应头" #: src/ne_request.c:1035 msgid "Could not send request" msgstr "不能发送请求" #: src/ne_request.c:1069 #, fuzzy msgid "Too many interim responses" msgstr "不能读临时响应头" #: src/ne_request.c:1089 src/ne_request.c:1107 src/ne_request.c:1117 msgid "Error reading response headers" msgstr "读取响应头出错" #: src/ne_request.c:1135 #, c-format msgid "Response header too long" msgstr "响应头太长" #: src/ne_request.c:1217 msgid "Response exceeded maximum number of header fields" msgstr "响应头的域数量超出了最大数量" #: src/ne_request.c:1232 #, c-format msgid "Could not resolve hostname `%s': %s" msgstr "不能解析主机名称 “%s”: %s" #: src/ne_request.c:1362 msgid "Unknown transfer-coding in response" msgstr "响应中的传输代码未知" #: src/ne_request.c:1377 msgid "Invalid Content-Length in response" msgstr "非法的 Content-Length 响应域" #: src/ne_request.c:1452 #, c-format msgid "Could not write to file: %s" msgstr "不能写入文件:%s" #: src/ne_request.c:1525 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "不能通过代理服务器 “%s” 创建 SSL 连接" #: src/ne_request.c:1564 #, c-format msgid "Could not create socket" msgstr "不能创建套接字" #: src/ne_request.c:1598 msgid "Could not connect to server" msgstr "不能连接到服务器" #: src/ne_request.c:1600 msgid "Could not connect to proxy server" msgstr "不能连接到代理服务器" #: src/ne_request.c:1643 #, c-format msgid "Could not find IPv4 address of hostname %s for SOCKS v4 proxy" msgstr "" #: src/ne_request.c:1701 #, fuzzy, c-format msgid "Could not establish connection from SOCKS proxy (%s:%u): %s" msgstr "不能通过代理服务器 “%s” 创建 SSL 连接" #: src/ne_session.c:538 src/ne_session.c:549 msgid "[invalid date]" msgstr "[非法日期]" #: src/ne_session.c:562 msgid "certificate is not yet valid" msgstr "证书还未生效" #: src/ne_session.c:563 msgid "certificate has expired" msgstr "证书已经过时" #: src/ne_session.c:564 msgid "certificate issued for a different hostname" msgstr "此证书是为不同的主机名称颁发" #: src/ne_session.c:565 msgid "issuer is not trusted" msgstr "证书发行者不被信任" #: src/ne_session.c:566 #, fuzzy msgid "bad certificate chain" msgstr "证书已经过时" #: src/ne_session.c:567 #, fuzzy msgid "certificate has been revoked" msgstr "证书已经过时" #: src/ne_session.c:572 msgid "Server certificate verification failed: " msgstr "服务器证书校验失败" #: src/ne_socket.c:522 src/ne_socket.c:674 src/ne_socket.c:804 msgid "Connection closed" msgstr "连接关闭" #: src/ne_socket.c:679 msgid "Retry operation" msgstr "" #: src/ne_socket.c:693 src/ne_socket.c:708 src/ne_socket.c:818 msgid "Secure connection truncated" msgstr "安全连接切断" #: src/ne_socket.c:699 #, fuzzy msgid "Secure connection reset" msgstr "安全连接切断" #: src/ne_socket.c:720 src/ne_socket.c:834 #, c-format msgid "SSL error: %s" msgstr "SSL 错误:%s" #: src/ne_socket.c:723 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "SSL 错误代码 %d/%d/%lu" #: src/ne_socket.c:809 #, c-format msgid "SSL alert received: %s" msgstr "收到 SSL 警报: %s" #: src/ne_socket.c:830 msgid "SSL socket read failed" msgstr "SSL 套接字读取失败" #: src/ne_socket.c:961 msgid "Line too long" msgstr "行太长" #: src/ne_socket.c:1122 src/ne_socket.c:1128 msgid "Host not found" msgstr "没有发现主机" #: src/ne_socket.c:1337 msgid "Connection timed out" msgstr "连接超时" #: src/ne_socket.c:1530 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "套接字数量超过 FD_SETSIZE" #: src/ne_socket.c:1592 msgid "Socket family not supported" msgstr "" #: src/ne_socket.c:1823 msgid "Client certificate verification failed" msgstr "客户证书校验失败" #: src/ne_socket.c:1839 msgid "SSL disabled due to lack of entropy" msgstr "由于缺少熵,SSL 已经禁用" #: src/ne_socket.c:1845 msgid "Could not create SSL structure" msgstr "不能创建 SSL 结构" #: src/ne_socket.c:2017 msgid "Missing flags for socket shutdown" msgstr "" #: src/ne_socket.c:2035 src/ne_socket.c:2046 src/ne_socket.c:2061 msgid "Incomplete TLS closure" msgstr "" #: src/ne_socks.c:65 msgid "failure" msgstr "" #: src/ne_socks.c:68 #, fuzzy msgid "connection not permitted" msgstr "连接超时" #: src/ne_socks.c:71 msgid "network unreachable" msgstr "" #: src/ne_socks.c:74 msgid "host unreachable" msgstr "" #: src/ne_socks.c:77 msgid "TTL expired" msgstr "" #: src/ne_socks.c:80 msgid "command not supported" msgstr "" #: src/ne_socks.c:83 msgid "address type not supported" msgstr "" #: src/ne_socks.c:86 #, c-format msgid "%s: unrecognized error (%u)" msgstr "" #: src/ne_socks.c:128 src/ne_socks.c:328 #, fuzzy msgid "Could not send message to proxy" msgstr "不能发送请求主体" #: src/ne_socks.c:133 #, fuzzy msgid "Could not read initial response from proxy" msgstr "不能读取响应主体" #: src/ne_socks.c:136 #, fuzzy msgid "Invalid version in proxy response" msgstr "非法的 Content-Length 响应域" #: src/ne_socks.c:157 #, fuzzy msgid "Could not send login message" msgstr "不能发送请求" #: src/ne_socks.c:162 #, fuzzy msgid "Could not read login reply" msgstr "不能读状态行" #: src/ne_socks.c:165 msgid "Invalid version in login reply" msgstr "" #: src/ne_socks.c:168 #, fuzzy msgid "Authentication failed" msgstr "GSSAPI 认证错误: " #: src/ne_socks.c:172 msgid "No acceptable authentication method" msgstr "" #: src/ne_socks.c:174 msgid "Unexpected authentication method chosen" msgstr "" #: src/ne_socks.c:210 #, fuzzy msgid "Could not send connect request" msgstr "不能发送请求" #: src/ne_socks.c:215 #, fuzzy msgid "Could not read connect reply" msgstr "不能连接到服务器" #: src/ne_socks.c:218 msgid "Invalid version in connect reply" msgstr "" #: src/ne_socks.c:221 src/ne_socks.c:337 #, fuzzy msgid "Could not connect" msgstr "不能连接到服务器" #: src/ne_socks.c:235 msgid "Could not read FQDN length in connect reply" msgstr "" #: src/ne_socks.c:240 msgid "Unknown address type in connect reply" msgstr "" #: src/ne_socks.c:245 #, fuzzy msgid "Could not read address in connect reply" msgstr "不能读取响应主体" #: src/ne_socks.c:266 msgid "request rejected or failed" msgstr "" #: src/ne_socks.c:269 #, fuzzy msgid "could not establish connection to identd" msgstr "不能连接到服务器" #: src/ne_socks.c:272 msgid "rejected due to identd user mismatch" msgstr "" #: src/ne_socks.c:275 #, c-format msgid "%s: unrecognized failure (%u)" msgstr "" #: src/ne_socks.c:333 #, fuzzy msgid "Could not read response from proxy" msgstr "不能读取响应主体" #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "在 %d 行解析 XML 错误:非法元素名称" #: src/ne_xml.c:474 msgid "Unknown error" msgstr "未知错误" #: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "非法字节顺序标记(BOM)" #: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "在 %d 行解析 XML 错误: %s" #: src/ne_xmlreq.c:36 #, c-format msgid "Could not parse response: %s" msgstr "不能解析响应:%s" #~ msgid "Server certificate changed: connection intercepted?" #~ msgstr "服务器证书改变:是否被拦截攻击?" #~ msgid "SSL disabled due to library version mismatch" #~ msgstr "由于库版本不匹配,SSL 已经禁用" neon-0.32.2/src/000077500000000000000000000000001416727304000133305ustar00rootroot00000000000000neon-0.32.2/src/.gitignore000066400000000000000000000001771416727304000153250ustar00rootroot00000000000000*.lo .libs Makefile libneon.la libneon.a neon_config.h *.diff c++.c checkincl.c *.*.* *.out *log *.bb *.da *.bbg *.[is] *.gc* neon-0.32.2/src/COPYING.LIB000066400000000000000000000613031416727304000147730ustar00rootroot00000000000000 GNU LIBRARY GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the library GPL. It is numbered 2 because it goes with version 2 of the ordinary GPL.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Library General Public License, applies to some specially designated Free Software Foundation software, and to any other libraries whose authors decide to use it. You can use it for your libraries, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library, or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link a program with the library, you must provide complete object files to the recipients so that they can relink them with the library, after making changes to the library and recompiling it. And you must show them these terms so they know their rights. Our method of protecting your rights has two steps: (1) copyright the library, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the library. Also, for each distributor's protection, we want to make certain that everyone understands that there is no warranty for this free library. If the library is modified by someone else and passed on, we want its recipients to know that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that companies distributing free software will individually obtain patent licenses, thus in effect transforming the program into proprietary software. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License, which was designed for utility programs. This license, the GNU Library General Public License, applies to certain designated libraries. This license is quite different from the ordinary one; be sure to read it in full, and don't assume that anything in it is the same as in the ordinary license. The reason we have a separate public license for some libraries is that they blur the distinction we usually make between modifying or adding to a program and simply using it. Linking a program with a library, without changing the library, is in some sense simply using the library, and is analogous to running a utility program or application program. However, in a textual and legal sense, the linked executable is a combined work, a derivative of the original library, and the ordinary General Public License treats it as such. Because of this blurred distinction, using the ordinary General Public License for libraries did not effectively promote software sharing, because most developers did not use the libraries. We concluded that weaker conditions might promote sharing better. However, unrestricted linking of non-free programs would deprive the users of those programs of all benefit from the free status of the libraries themselves. This Library General Public License is intended to permit developers of non-free programs to use free libraries, while preserving your freedom as a user of such programs to change the free libraries that are incorporated in them. (We have not seen how to achieve this as regards changes in header files, but we have achieved it as regards changes in the actual functions of the Library.) The hope is that this will lead to faster development of free libraries. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, while the latter only works together with the library. Note that it is possible for a library to be covered by the ordinary General Public License rather than by this special one. GNU LIBRARY GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Library General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also compile or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. c) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. d) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Library General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! neon-0.32.2/src/ChangeLog000066400000000000000000005531721416727304000151170ustar00rootroot00000000000000Sun Sep 12 19:21:30 2004 Joe Orton * ne_locks.c (ne_lock_refresh): Fix to pass correct userdata to callbacks, and do call lk_cdata. Sun Sep 12 18:53:15 2004 Joe Orton * Makefile.in (libneon.a): Remove the archive first, avoiding strange problems when build $(OBJECTS) change. Sun Sep 12 18:40:50 2004 Joe Orton * ne_utils.h: Add NE_FEATURE_SOCKS. * ne_utils.c (ne_has_support): Add NE_FEATURE_SOCKS. (version_string): Use NE_HAVE_SOCKS, add NE_HAVE_IDNA. * ne_socket.c (ne_sock_init): Use NE_HAVE_SOCKS. Sun Sep 12 17:29:54 2004 Joe Orton * ne_utils.c (version_string): Declare as array rather than pointer; include "IPv6" component as necessary Sun Sep 12 15:51:38 2004 Joe Orton * ne_socket.c (ne_iaddr_typeof): New function. Sun Sep 12 12:00:10 2004 Joe Orton * ne_defs.h (ne_attribute_malloc): New macro. * ne_alloc.h: Use it to avoid warnings with older GCCs. Wed Aug 25 21:03:40 2004 Joe Orton * ne_string.h (split_string, split_string_c, pair_string, split_string_free, pair_string_free): Remove obsolete interfaces. Wed Aug 25 21:01:03 2004 Joe Orton * ne_cookies.c, ne_cookies.h: Drop cookies support: used old spec revision and wasn't very complete anyway. Wed Aug 25 20:40:26 2004 Joe Orton * ne_socket.c: Remove ne_read, ne_write macros and just use recv and send; remove unused SOCK_ERR macro. Wed Aug 25 20:27:43 2004 Joe Orton * ne_xml.c (declare_nspaces): Drop rejection of names including a colon to prevent breaking SVN deployments. Wed Aug 25 19:45:20 2004 Joe Orton * ne_socket.c (readable_raw): Use poll where available. (ne_sock_connect): Fail if not using poll and fd returned by socket() is greater than FD_SETSIZE. Wed Aug 25 18:40:28 2004 Joe Orton * ne_xml.h (ne_xml_parse): Clarify that a len=0 call is required to signify end-of-document. Wed Aug 25 18:37:13 2004 Joe Orton * ne_request.c (resolve_first, resolve_next): New functions. (lookup_host): Use them to allow user-forced addresses. * ne_session.c (ne_set_addrlist): New function. * ne_private.h (struct ne_session_s): Add addrlist, numaddrs, curaddr fields. Wed Aug 25 18:25:31 2004 Joe Orton * ne_xml.c (struct ne_xml_parser_s): Add bom_pos field. (ne_xml_parse): Skip over the UTF-8 Byte Order Mark since the XML parsers do not support it yet. Wed Jul 7 16:07:44 2004 Joe Orton * ne_request.c (do_connect): Fix ne_conn_connected status call (Shameek Basu). Mon Jul 5 18:40:35 2004 Joe Orton * ne_basic.c (ne_content_type_handler): Use us-ascii as default charset for text/xml, as per RFC3280. Mon Jul 5 10:56:19 2004 Joe Orton * ne_compress.c (struct ne_decompress_s): Add acceptor field. (gz_acceptor): New function. (ne_decompress_reader): Fix to pass the user-supplied userdata pointer to the user-supplied acceptor callback, via gz_acceptor. Mon Jul 5 10:52:40 2004 Joe Orton * ne_compress.c (do_inflate): Don't invoke the reader callback if no bytes where produced by inflate(). (process_footer): Call the reader callback with size=0 to indicate end-of-response for a good checksum match. Sat Jul 3 14:33:56 2004 Joe Orton * ne_auth.c (auth_challenge): Fix to set got_qop in challenge correctly (Hideaki Takahashi). Mon May 17 15:03:54 2004 Joe Orton * ne_socket.h (ne_addr_resolve): Clarify that 'flags' must be passed as zero for forwards-compat. Sun May 2 21:14:14 2004 Joe Orton Fix buffer overflow in RFC1036 date parser, CVE CAN-2004-0389. * ne_dates.c (RFC1036_FORMAT): Specify maximum field with for day name. (ne_rfc1123_parse, ne_rfc1036_parse, ne_asctime_parse): Make thread-safe; remove static buffers. Sun May 2 16:59:39 2004 Joe Orton * ne_dates.c [RFC1123_TEST] (main): Remove embedded test cases. Sun May 2 13:18:29 2004 Joe Orton * Makefile.in (LINK): Add -no-undefined. Fri Apr 16 22:53:59 2004 Joe Orton * ne_xml.c (declare_nspaces, expand_qname): Don't try to include document context in error strings. Fri Apr 16 11:44:34 2004 Joe Orton * Makefile.in (LIBS): Include NEON_LTLIBS. Wed Apr 14 10:39:53 2004 Joe Orton Fix format string vulnerabilities, CVE CAN-2004-0179: * ne_207.c (ne_simple_request): Avoid format string vulnerabilities. * ne_xml.c (ne_xml_set_error): Likewise. * ne_props.c (propfind): Likewise. * ne_locks.c (ne_lock, ne_lock_refresh): Likewise. Wed Apr 14 10:33:46 2004 Joe Orton * ne_auth.c (ah_post_send): Avoid false positives from gcc -Wformat-security. Tue Apr 13 20:51:41 2004 Joe Orton * ne_auth.c: Conditionally include gssapi_generic.h. Thu Apr 8 13:40:03 2004 Joe Orton * ne_props.h: Don't use an anonymous enum for the proppatch operation type, as some C++ compilers don't like it. Wed Apr 7 13:50:10 2004 Joe Orton * ne_request.c (add_fixed_headers): Don't both sending Keep-Alive header if persistent connections are disabled. Wed Apr 7 13:47:46 2004 Joe Orton * ne_auth.c (auth_challenge): Allow Negotiate challenges from a proxy. Wed Apr 7 13:36:55 2004 Joe Orton * ne_auth.c (clean_session): Remove redundant assignment of GSS_C_NO_CONTEXT; gss_delete_sec_context already does this. Wed Apr 7 13:33:10 2004 Joe Orton * ne_auth.c (get_gss_name): Handle failure case internally. (auth_register): Updated accordingly. Wed Apr 7 13:15:57 2004 Joe Orton * ne_request.c: Use strtoq to print off_t's where necessary. Wed Apr 7 11:14:24 2004 Joe Orton * ne_auth.c (get_gss_name): Take a hostname string. (auth_register): Pass proxy or server hostname to get_gss_name as appropriate. Wed Apr 7 11:09:50 2004 Joe Orton * ne_auth.c (continue_negotiate): If given no input token, and the gssctx is not in the initial state, reset it. Mon Mar 29 17:06:49 2004 Joe Orton * ne_auth.c: Adjust to cope with GSSAPI continuation: (struct auth_session_s): Store GSSAPI context, name and mechanism. (get_gss_name): Take an ne_session. (continue_negotiate): Renamed from gssapi_challenge; take input token, handle GSS_S_CONTINUE_NEEDED return value. (verify_digest_response): Renamed from verify_response. (verify_negotiate_response): New function. (auth_challenge): Cope with Negotiate responses which gratuitously break the auth-param grammar. (ah_post_send): Handle Negotiate responses. (free_auth, clean_session): Free persisted GSSAPI objects. (auth_register): Initialize GSSAPI objects. Sun Mar 28 03:03:17 2004 Joe Orton * ne_auth.c (get_gss_name): Don't leak token.value. Sun Mar 28 02:59:58 2004 Joe Orton * ne_auth.c (get_cnonce): Only use RAND_pseudo_bytes() if the PRNG is seeded. Sun Mar 28 02:47:20 2004 Joe Orton * ne_auth.c (gssapi_challenge, get_gss_name): Simplify. Sun Mar 28 02:35:48 2004 Joe Orton * ne_auth.c (request_gssapi, get_gss_name, auth_challenge): Implement the Negotiate protocol rather than the obsoleted GSS-Negotiate. (make_gss_error): New function. (gssapi_challenge): Use it for better error handling (set session error string); fix memory leaks. Don't delegate credentials. Sat Mar 27 20:49:24 2004 Joe Orton * ne_auth.c (ah_post_send): Clear auth header collector buffers after each request. Fri Mar 26 12:16:15 2004 Joe Orton * ne_socket.c (init_ssl): Just initialize the SSL library; delay seeding PRNG until really necessary (performance fix). (seed_ssl_prng): Split from init_ssl. (ne_sock_connect_ssl): Call seed_ssl_prng(). (ne_sock_init): Adjust since init_ssl() can't fail. Fri Mar 26 12:01:38 2004 Joe Orton * ne_utils.c: Include zlib.h before ne_*.h to fix issues on platforms where zconf.h does "#define const". Thu Mar 11 23:38:01 2004 Joe Orton * ne_openssl.c (provide_client_cert): Avoid malloc(0) when server sends no CA names in CertificateRequest. (ne_ssl_cert_write): Be paranoid and clear the OpenSSL error stack on write failures. Sun Mar 7 11:17:04 2004 Joe Orton * Makefile.in (CFLAGS): Don't use NEON_CFLAGS. Mon Feb 23 23:03:08 2004 Joe Orton * ne_string.c (ne_vsnprintf, ne_snprintf): New functions. Sun Feb 22 23:34:47 2004 Joe Orton * ne_private.h (struct ne_session_s): Remove expect100_works field. * ne_request.c (ne_set_request_expect100): New function. (ne_begin_request): Remove req->use_expect100 manipulation. (send_request): Handle enabling 100continue without a request body. * ne_session.c (ne_set_expect100): Removed function. Sun Feb 22 20:17:04 2004 Joe Orton * ne_socket.c (error_ossl): Check for ERR_reason_error_string returning NULL. Sun Feb 22 17:54:43 2004 Joe Orton * ne_socket.c: Don't disable getaddrinfo support here. Sun Feb 22 17:40:07 2004 Joe Orton * ne_utils.h (min): Remove definition to... * ne_uri.c (min): ...here. Sun Feb 22 17:31:35 2004 Joe Orton * ne_props.h: Give the 'type' enum a tag name. Sun Feb 22 17:27:28 2004 Joe Orton * ne_207.c (end_element): Strip whitespace from cdata. Sun Feb 22 16:27:58 2004 Joe Orton * ne_auth.c (struct auth_request): Make auth_hdr, auth_info_hdr fields into ne_buffer *'s. (ah_collect_header): New function. (ah_create): Create ne_buffers for auth_{,info_}hdr; use ah_collect_header rather than ne_duplicate_header to fix handling of multiple auth challenge headers. (ah_post_send): Adjust for char * -> ne_buffer *. (tokenize): Recognize a challenge scheme which is terminated with a comma (i.e. with no challange parameters). (auth_challenge): Fix handling of unrecognized challenges. (ah_destroy): Destroy ne_buffers. Sun Feb 22 15:04:46 2004 Joe Orton * ne_request.c (ne_set_request_body_provider64): New function. Sun Feb 15 13:37:03 2004 Joe Orton * ne_ssl.h: Define that ne_ssl_readable_dname returns UTF-8 encoded strings. * ne_openssl.c (ne_ssl_readable_dname): Convert dname strings to UTF-8, or use "???". Sat Feb 14 21:57:25 2004 Joe Orton * ne_xml.c (invalid_ncname_ch1): New macro. (declare_nspaces): Use it, to reject some more invalid namespace prefixes; also check for a colon anywhere in the NCName. (expand_qname): Likewise for the element name. Mon Feb 9 21:38:03 2004 Joe Orton * ne_dates.c [WIN32] (GMTOFF): Use gmt_to_local_win32; (gmt_to_local_win32): New function, from Jiang Lei. Mon Jan 26 14:38:05 2004 Joe Orton * ne_socket.c (ne_sock_connect_ssl): Check that OpenSSL version matches between library at run-time and headers at compile-time. Sat Jan 24 17:49:27 2004 Joe Orton * ne_dates.c (HAVE_STRUCT_TM___TM_GMTOFF): Alternative GMTOFF() macro. Sat Jan 24 16:49:30 2004 Joe Orton * ne_auth.c (basic_challenge): Cast first parameter to ne_base64 to unsigned char * to fix warnings with some compilers. Sat Jan 3 13:17:36 2004 Joe Orton * ne_request.h (ne_set_request_body_fd64): Define conditional on NE_LFS. * ne_request.c (ne_set_request_body_fd64): Likewise. Thu Jan 1 18:01:45 2004 Joe Orton * ne_request.c: Use NE_HAVE_LFS not _LARGEFILE64_SOURCE in conditional support for off64_t. Thu Jan 1 17:38:55 2004 Joe Orton * ne_request.h [_LARGEFILE64_SOURCE] (ne_set_request_body_fd64): New function. * ne_request.c: Define ne_lseek, ne_off_t, ne_strtoff, NE_OFFT_MAX, FMT_NE_OFF_T appropriately for _LARGEFILE64_SOURCE or otherwise. (struct ne_request_s): Use ne_off_t in place of off_t throughout. (body_fd_send): Use ne_lseek; reset 'remain' after seeking. (clength_hdr_handler): Use ne_off_t, ne_strtoff and NE_OFFT_MAX. (set_body_length): Take an ne_off_t length parameter; use FMT_NE_OFF_T to print it. (ne_set_request_body_fd64): New function. * ne_utils.h (NE_FEATURE_LFS): New feature. * ne_utils.c (ne_has_support): Support NE_FEATURE_LFS. Mon Nov 24 20:13:14 2003 Joe Orton * ne_request.c (struct ne_response): Split handling for chunked vs clength-delimited responses into a union. Use off_t for storing whole-length-of-response values. (read_response_block, ne_read_response_block): Update accordingly. (ne_begin_request): Remove unnecessary variable assignments. Sun Nov 23 16:03:22 2003 Joe Orton * ne_request.h (ne_set_request_body_fd): Take offset and length arguments, return void. (ne_set_request_body_provider): Take off_t length argument. * ne_request.c (struct ne_request_s): Store current position within buffer/file used as request body source. Store request body lengths using off_t type. (body_string_send): Adjust for renamed fields. (body_fd_send): Seek to requested offset; don't read past requested body length. (set_body_length): Renamed from set_body_size. * ne_basic.c (ne_put): Determine file size here; adjust for new ne_set_request_body_fd API. Sun Nov 23 15:05:12 2003 Joe Orton * ne_basic.c, ne_basic.h: Remove two-functions-in-one, ne_put_if_unmodified. Fri Nov 14 14:05:32 2003 Joe Orton * ne_utils.c (ne_has_support): Add NE_FEATURE_IDNA. Fri Nov 14 13:11:49 2003 Joe Orton * ne_session.c (set_hostinfo): [NE_HAVE_LIBIDN]: Use string from IDNA ToAscii operation on provided hostname if successful. Fri Nov 14 11:23:16 2003 Joe Orton All files: replace use of NEON_NODAV with NE_HAVE_DAV, NEON_SSL with NE_HAVE_SSL, NEON_ZLIB with NE_HAVE_ZLIB. Use NE_HAVE_DAV not USE_DAV_LOCKS. * ne_utils.c (ne_has_support): New feature detection interface, replaces ne_supports_ssl. Thu Nov 13 20:38:28 2003 Joe Orton * ne_request.c (ne_begin_request): Presume a 205 response has no message-body too; RFC2616 compliance fix. Thu Nov 13 20:31:07 2003 Joe Orton * ne_auth.c (ah_post_send): Treat a 401 response to a CONNECT request as a valid proxy auth challenge, to work around buggy proxies. Tue Nov 11 21:13:18 2003 Joe Orton Place library-internal symbols in the "ne__" namespace. * ne_request.c (ne__pull_request_body): Renamed from ne_pull_request_body; all callers updated. * ne_session.c (ne__negotiate_ssl): Renamed from ne_negotiate_ssl; all callers updated. Tue Nov 11 21:08:54 2003 Joe Orton * ne_alloc.h: Mark all allocation functions as having 'malloc' attribute for GCC. Tue Nov 11 20:36:12 2003 Joe Orton * ne_xml.h (ne_xml_failure): Replaces ne_xml_valid, inverted and more useful return value. * ne_xml.c (struct ne_xml_parser_s): Replace 'valid' field with 'failure', with inverted logic. (start_element, end_element, char_data): Check failure flag appropriately. Set failure flag to return value of callback. Set failure flag to positive integer on a parse error. (ne_xml_create): Don't initialize failure flag. (ne_xml_parse): Check/set failure flag appropriately. (sax_error): Only set an error string (and the error flag) if failure is zero. * ne_207.c (ne_simple_request): Adjust to use ne_xml_failure. * ne_locks.c (ne_lock, ne_lock_refresh): Likewise. * ne_props.c (propfind): Likewise. Wed Oct 22 22:19:19 2003 Joe Orton * ne_request.c (read_response_block): Treat an EOF without clean SSL closure as a valid request body delimiter in any case. Wed Oct 22 21:44:48 2003 Joe Orton * ne_defs.h (ne_attribute): New macro. * ne_request.h, ne_session.h, ne_utils.h: Use ne_attribute instead of littering #ifdef __GNUC__ and __attribute__ everywhere. Tue Oct 21 20:03:47 2003 Joe Orton Fix various strict signedness bugs: * ne_auth.c (auth_session): Make nonce_count argument unsigned. (get_cnonce): Use unsigned data buffer. (get_gss_name, gssapi_challenge): Use unsigned integers for status variables. (request_digest): Print nonce count as unsigned. (verify_response): Make nonce_count unsigned. Tue Oct 7 20:52:06 2003 Joe Orton When using SSL via a proxy, don't leak server auth credentials to the proxy, and vice versa. * ne_auth.c (auth_session): Add context field. (ah_create): Ignore challenges in a bad context. (ah_pre_send, ah_destroy): Check that the request-private cookie is not NULL. (auth_register): Take an isproxy flag; set context field appropriately in session structure. (ne_set_server_auth, ne_set_proxy_auth): Adjust accordingly. Tue Oct 7 19:58:52 2003 Joe Orton * ne_openssl.c (ne_negotiate_ssl): If the returned cert chain was NULL, try and create one from the peer certificate alone (fix for use of SSLv2 connections). Mon Sep 29 21:57:40 2003 Joe Orton * ne_auth.c [WIN32]: Include windows.h to fix non-SSL build. Thu Sep 25 20:05:18 2003 Joe Orton * ne_xml.c (ne_xml_create): Specify an initial error string. Sun Sep 21 23:00:10 2003 Joe Orton * ne_cookies.c (set_cookie_hdl): Strip whitespace around cookie name and value. Sun Sep 14 10:50:01 2003 Joe Orton * ne_socket.c (ne_addr_resolve): Use result of autoconf test for working AI_ADDRCONFIG support. Sat Sep 6 12:05:00 2003 Joe Orton * ne_openssl.c (check_identity): Take an optional server address argument; check identity against IPaddress extension too if given. (check_certificate): Optionally pass server address to check_identity. (populate_cert): Adjust accordingly. Thu Sep 4 21:41:38 2003 Joe Orton * ne_socket.c (ne_sock_init): Succeed even if PRNG was not seeded. Thu Sep 4 21:33:34 2003 Joe Orton * ne_session.c (ne_set_useragent): Build and store the entire User-Agent header field in sess->user_agent. * ne_request.c (add_fixed_headers): Adjust accordingly; avoid unnecessary calls to ne_buffer_*. Thu Sep 4 21:27:34 2003 Joe Orton * ne_socket.c: Include netinet/tcp.h. (ne_sock_connect): Disable the Nagle algorithm; thanks to Jim Whitehead and Teng Xu for the analysis. Thu Sep 4 11:24:04 2003 Joe Orton * ne_defs.h: Define ssize_t here for Win32. * ne_socket.h: Don't define ssize_t here. Tue Sep 2 20:20:16 2003 Joe Orton * ne_auth.c (auth_challenge): Update to use ne_token not split_string, patch by Tom Lee . Wed Jul 30 21:54:38 2003 Joe Orton * ne_cookies.c (set_cookie_hdl): Fix NULL pointer dereference; thanks to Markus Mueller . Fri Jul 25 11:05:52 2003 Joe Orton * ne_request.c (do_connect): On failure to connect, set error string and call ne_sock_close directly rather than using aborted(); fix leak of socket structure. Wed Jul 23 23:20:42 2003 Joe Orton Fix SEGV if inflateInit2 fails with Z_MEM_ERROR etc. * ne_compress.c (set_zlib_error): New function. (do_inflate, gz_reader): Use it. Wed Jul 23 22:50:50 2003 Joe Orton Add support for GSS-Negotiate; patch from Risko Gergely and Burjan Gabor: * ne_auth.c [HAVE_GSSAPI]: Include gssapi.h. (auth_scheme): Add auth_scheme_gssapi. (auth_session): Add gssapi_token. (clean_session): Free gssapi_token. (request_gssapi, get_gss_name, gssapi_challenge): New functions. (tokenize): Handle challenge with single token. (auth_challenge): Accept and process a GSS-Negotiate challenge. (ah_pre_send): Send GSS-Negotiate handshake. Wed Jul 23 22:46:28 2003 Joe Orton * ne_207.c (ne_207_set_response_handlers, ne_207_set_propstat_handlers): Fix to match declarations (thanks to Diego Trtara). Fri Jun 27 20:30:45 2003 Joe Orton * ne_openssl.c [OPENSSL_VERSION_NUMBER < 0x0090700fL]: Fix build against OpenSSL < 0.9.7. Sun Jun 22 23:07:45 2003 Joe Orton * ne_session.c (ne_session_destroy): Replace unnecessary use of NE_FREE with ne_free. (set_hostinfo): Don't free hostport/hostinfo here. (ne_session_proxy): Free existing proxy hostname here if necessary. Sat Jun 21 12:58:25 2003 Joe Orton * ne_request.c (ne_begin_request): Set or clear is_http11 flag for each request. Wed Jun 18 20:54:44 2003 Joe Orton * ne_socket.c: Add AI_ADDRCONFIG support; [USE_CHECK_IPV6]: Define only if __linux__. (init_ipv6) [USE_CHECK_IPV6]: New conditional. (ne_addr_resolve) [USE_ADDRCONFIG]: Use AI_ADDRCONFIG. Wed Jun 18 20:03:13 2003 Joe Orton * ne_socket.c (ne_sock_create): New function (renamed from create_sock). (ne_sock_connect): Take an ne_socket *, return int. (ne_sock_accept): Likewise. (ne_sock_close): Only call ne_close if fd is non-negative. * ne_request.c (aborted): Handle NE_SOCK_* errors specially. (do_connect): Adapt for ne_sock_create/connect interface. Set sess->connected here on success. (open_connection): Don't set sess->connected here. Sun Jun 15 12:14:22 2003 Joe Orton * ne_ssl.h (ne_ssl_cert_digest): Pass digest as a pointer rather than an array. Sun Jun 15 11:00:09 2003 Joe Orton * ne_stubssl.c (ne_ssl_cert_cmp): Add stub. Wed May 28 21:37:27 2003 Joe Orton * ne_openssl.c (ne_ssl_context_create): Enable workarounds in OpenSSL for better interop with buggy SSL servers. Fri May 23 23:13:30 2003 Joe Orton * ne_stubssl.c (ne_ssl_set_clicert): Add stub. Sat May 10 17:05:26 2003 Joe Orton * ne_xml.c: Rename struct ne_xml_handler to struct handler. Thu May 8 20:55:46 2003 Joe Orton * ne_openssl.c (ne_ssl_clicert_read): Pass "b" to fopen. Tue May 6 22:08:08 2003 Joe Orton * ne_openssl.c (check_certificate): Re-order verify failure handling to allow caller to set a custom session error string. Tue May 6 20:21:27 2003 Joe Orton * ne_md5.c (md5_stream): Restore. Sat Apr 26 19:21:03 2003 Joe Orton * ne_request.c (te_hdr_handler): Treat presence of any T-E response header as implying the response is chunked, regardless of value. Sat Apr 26 18:11:24 2003 Joe Orton * ne_xml.c: Rename struct ne_xml_nspace to struct namespace. Wed Apr 23 22:19:29 2003 Joe Orton * ne_openssl.c (ne_ssl_cert_export): Don't bother checking for i2d_X509() failure; no OpenSSL code ever checks, so everyone's doomed if it really can fail. Wed Apr 23 22:01:23 2003 Joe Orton * ne_openssl.c (ne_ssl_cert_import, ne_ssl_cert_export, ne_ssl_cert_write): Clear OpenSSL error stack on errors. Wed Apr 23 18:23:53 2003 Joe Orton * ne_stubssl.c (ne_ssl_cert_write, ne_ssl_cert_import, ne_ssl_cert_export): Add stubs. Wed Apr 23 14:05:32 2003 Joe Orton * ne_openssl.c (ne_ssl_cert_write): New function. Tue Apr 22 23:21:22 2003 Joe Orton * ne_string.c (ne_unbase64): Optimise out some redundant branches. Tue Apr 22 20:24:44 2003 Joe Orton * ne_openssl.c (ne_ssl_cert_export, ne_ssl_cert_import, ne_ssl_cert_cmp): New functions. Tue Apr 22 18:31:55 2003 Joe Orton * ne_string.c (ne_unbase64): New function. Tue Apr 22 15:53:41 2003 Joe Orton * ne_string.c (ne_base64): Fix encoding binary data; take unsigned argument. Tue Apr 22 13:07:48 2003 Joe Orton * ne_stubssl.c (ne_ssl_cert_validity): Add stub. Tue Apr 22 09:22:26 2003 Joe Orton * ne_openssl.c (ne_ssl_cert_validity): New function. (asn1time_to_string): Format into a fixed-size buffer. Tue Apr 22 08:38:30 2003 Joe Orton * ne_locks.c (ne_lock_discover, ne_lock): Don't leak the cdata buffer. * ne_props.c (ne_propfind_destroy): Don't leak the value buffer. Mon Apr 21 23:52:25 2003 Joe Orton * ne_xml.c (ne_xml_destroy): Free root element. Mon Apr 21 23:46:17 2003 Joe Orton * ne_openssl.c (dup_client_cert): Set decrypted state; dup the friendly name. (ne_ssl_clicert_free): Free friendly name. Mon Apr 21 19:44:55 2003 Joe Orton * ne_md5.h (ne_md5_buffer, ne_md5_stream): Remove unused functions. Mon Apr 21 18:17:14 2003 Joe Orton * ne_locks.c, ne_207.c: s/NE_ELM_/ELM_/ since no element ids are exported. Mon Apr 21 16:38:14 2003 Joe Orton Redesign the XML interface: have startelm callback map {nspace, name} onto a state integer or decline. Remove "valid"/"invalid"; don't abort the parse if no handler accepts an element. Push cdata accumulation down into the caller; drop collect mode, stripws mode. * ne_xml.h (ne_xml_elmid, struct ne_xml_elm): Removed. (ne_xml_startelm_cb): Return a state/acceptance integer, take a state integer, nspace, name and atts. (ne_xml_endelm_cb, ne_xml_cdata_cb): Take a state integer. (ne_xml_push_mixed_handler): Removed. (ne_xml_push_handler): Removed element list argument. (struct ne_xml_idmap, ne_xml_mapid): New interface. * ne_xml.c (struct element): Replaces ne_xml_state. Add name, nspace, state fields. (friendly_name, find_handler, parse_element, ne_xml_push_mixed_handler, push_handler): Removed functions. (declare_nspaces, expand_qname): Factored out from find_handler and parse_element. (start_element): Use expand_qname, declare_nspaces. Find appropriate handler here. Guarantee not to pass a NULL atts array to the start-element callback. Drop collect mode. (end_element): Drop collect mode (ne_xml_push_handler): Fold push_handler back in. (ne_xml_mapid): New function. * ne_207.h (NE_ELM_*): Don't export element id. (NE_207_STATE_PROP, NE_207_STATE_TOP): Export state integers. * ne_207.c (struct ne_207_parser_s): Add cdata field. (map207): Replace element list with idmap array. (can_handle): New function, replacing check_context logic. (start_element): Determine new state integer; only accept the element in valid states. Clear cdata. (end_element): Use state rather than element id. Do nothing for end of 'response' element if element is incomplete. (ne_207_create): Create cdata buffer. (ne_207_destroy): Destroy cdata buffer. (ne_207_ignore_unknown): Removed function. (ne_simple_request): Don't call ne_207_ignore_unknown. * ne_props.h (NE_PROPS_STATE_TOP): Define state. * ne_props.c (struct ne_propfind_handler_s): Add value and depth fields. (ELM_flatprop): Define state. (flat_elms): Removed array. (chardata): Append to value field when in ELM_flatprop state. (startelm): Decline everything other than elements within the 'prop' state. Collect flatprop contents. (endelm): Collect flatprop contents. * ne_locks.c (struct discover_ctx, struct lock_ctx): Store cdata. (element_map): Replace element list with idmap array. (can_accept): Replaces check_context callback. (ld_startelm, lk_cdata, ld_cdata): New functions. Mon Apr 14 00:04:20 2003 Joe Orton * ne_207.h (ne_207_start_response, ne_207_end_response, ne_207_start_propstat, ne_207_end_propstat): Use ANSI-style function pointers in typedefs. * ne_207.c (struct ne_207_parser_s): Updated accordingly. Mon Apr 14 00:02:10 2003 Joe Orton * ne_request.c (read_response_block): Better error messages for invalid chunks, don't use strncmp for a two-character comparison. Mon Apr 7 22:26:50 2003 Joe Orton * ne_stubssl.c (ne_ssl_cert_identity): New function. Mon Apr 7 22:16:16 2003 Joe Orton * ne_openssl.c (struct ne_ssl_certificate_s): Add identity field. (check_identity): Add optional identity argument. (populate_cert): Retrieve cert identity using check_identity. (check_certificate): Pass extra NULL to check_identity. (ne_ssl_cert_identity): New function. (ne_ssl_cert_free): Free the identity field. Mon Apr 7 21:29:54 2003 Joe Orton * ne_openssl.c (check_identity): Take a string hostname rather than a session object. (check_certificate): Adjust accordingly. Sun Apr 6 21:26:05 2003 Joe Orton * ne_string.h (NE_HEX2ASC): Cast result to char to avoid warnings with some compilers. Sun Apr 6 20:11:42 2003 Joe Orton * ne_openssl.c (ne_ssl_readable_dname): Include commonName or emailAddress in returned string if either is the only attribute. Sun Mar 30 10:54:20 2003 Joe Orton Split decryption of client certs into two steps * ne_openssl.c (ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt): New functions. (ne_ssl_client_cert_s): Add p12 and decrypted fields. (find_friendly_name): New function. (get_friendly_name): Removed function. (ne_ssl_clicert_read): Drop password callback; on decrypt failure, extract friendly name and set decrypted state of clicert. Sun Mar 30 10:54:01 2003 Joe Orton * ne_stubssl.c (ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt): New stubs. (ne_ssl_clicert_read): Adjusted for API change. Sat Mar 29 14:23:37 2003 Joe Orton * ne_openssl.c (ne_ssl_dname_cmp): New function. * ne_stubssl.c (ne_ssl_dname_cmp): New function. Sat Mar 29 13:52:47 2003 Joe Orton * ne_openssl.c (struct ne_ssl_client_cert_s): Add 'friendly_name' field. (get_friendly_name, ne_ssl_clicert_name): New functions. (ne_ssl_clicert_read): Store the cert's friendly name. * ne_stubssl.c (ne_ssl_clicert_name): New function. Sat Mar 29 13:16:14 2003 Joe Orton * ne_openssl.c (ne_ssl_clicert_owner): New function. Fri Mar 28 22:12:57 2003 Joe Orton * ne_stubssl.c (ne_ssl_cert_digest): New function. * ne_openssl.c (ne_ssl_cert_digest): New function. Wed Mar 26 20:41:57 2003 Joe Orton * ne_session.c (ne_ssl_trust_cert) [NEON_SSL]: Only build when SSL support is present. Wed Mar 26 20:01:00 2003 Joe Orton Begin abstraction of SSL layer to better isolate SSL-library-specific code, and to improve certificate handling interface. Drop support for PEM-encoded client certificates. * ne_session.h (ne_ssl_trust_cert): Replaces ne_ssl_load_ca, in conjunction with ne_ssl_load_cert. (ne_ssl_trust_default_ca): Replaces ne_ssl_load_default_ca. (ne_ssl_keypw_prompt): Removed function, no longer needed. (ne_ssl_set_clicert): Replaces ne_ssl_load_pkcs12, in conjunction with ne_ssl_clicert_read. (ne_ssl_provide_clicert): Replaces ne_ssl_provide_ccert, callback type changed. * ne_openssl.c: New file; much code moved from ne_session.c. * ne_privssl.h: New file, private interface between ne_socket.c and ne_openssl.c. * ne_ssl.h: New file. * ne_private.h (struct ne_session_s): Store pointers to ne_ssl_client_cert etc opaque objects, not OpenSSL structures. * ne_session.c: Most of ne_ssl_* moved to ne_openssl.c. (ne_session_create, ne_session_destroy): Use ne_ssl_cert_* etc to manage cert objects. * ne_socket.c (struct ne_socket_s): Replace SSL *, SSL_CTX * pointers with an ne_ssl_socket * pointer. (readable_ossl, error_ossl, read_ossl, write_ossl, ne_sock_close): Compensate for above change. (ne_sock_use_ssl): Removed function. (ne_sock_switch_ssl): Pass in SSL * as void for time being. (ne_sock_connect_ssl): Renamed and cleaned up version of ne_sock_use_ssl_os. (ne_sock_sslsock): New function. * Makefile.in: Add deps for ne_openssl.c. Sun Mar 23 13:02:58 2003 Joe Orton * ne_session.c (ne_set_useragent): Use ne_malloc. Sat Mar 22 21:06:45 2003 Joe Orton * ne_socket.c (raw_connect): Fill in sin6_family or sin_family since AIX 4.3 fails to do so. Wed Mar 19 20:44:11 2003 Joe Orton * ne_session.c [NEON_SSL] (free_client_cert): Build conditional on NEON_SSL. Mon Mar 17 20:33:32 2003 Joe Orton * ne_socket.c: Include netdb.h conditional on HAVE_NETDB_H. (fix build for older versions of CygWin). Sun Mar 16 23:30:20 2003 Joe Orton * ne_session.c (check_identity): Fix leak of subject alt. name structures. Sun Mar 16 19:21:22 2003 Joe Orton * ne_session.c (free_client_cert): New function. (ne_session_destroy, ne_ssl_load_pem, ne_ssl_load_pkcs12): Call it; prevent memory leak if ne_ssl_load_{pem,pkcs12} are called >1 per session. Sun Mar 16 18:00:34 2003 Joe Orton * ne_session.c (provide_client_cert): Free peer certificate after use. (ne_session_destroy): Free client cert and key if present. Sun Mar 16 14:23:05 2003 Joe Orton * ne_xml.c [HAVE_EXPAT]: Include xmlparse.h for bundled expat build. * ne_utils.c: Only include expat.h if HAVE_XMLPARSE_H is not defined. Wed Mar 12 15:04:13 2003 Joe Orton * ne_redirect.c (struct redirect): Add 'valid' field. (post_send): Set and clear 'valid' to keep track of whether stored URI is valid. (ne_redirect_location): Return NULL if stored URI is not valid. Wed Mar 12 14:52:49 2003 Joe Orton * ne_uri.c (ne_uri_free): Zero-initialize structure after free'ing. Tue Mar 11 22:01:11 2003 Joe Orton * ne_redirect.c (ne_redirect_location): Return NULL if no redirect session is registered, rather than SEGV; Ralf Mattes . Sun Mar 9 16:33:24 2003 Joe Orton Fix a memory leak if an XML parse error occurs during a PROPFIND response: * ne_props.c (ne_propfind_current_private): Return NULL if no propset is being processed. (free_propset): Free propset href here. (end_response): Don't free propset href here. Set current field of handler to NULL after free'ing propset. (ne_propfind_destroy): Free current propset if one was being processed. Sun Mar 9 11:53:58 2003 Joe Orton * ne_207.c (ne_207_destroy): Fix possible leak of reason_phrase string. Sun Mar 9 11:01:15 2003 Joe Orton * ne_utils.c (ne_parse_statusline): Use ne_strclean. * ne_session.c (ne_get_error): Use ne_strclean. Sun Mar 9 10:53:52 2003 Joe Orton * ne_xml.c: Remove broken "UTF-8 decoding" support used for libxml 1.x. Sun Mar 9 09:55:26 2003 Joe Orton * ne_xml.c: Drop support for expat < 1.95.0 and libxml 1.x. * ne_utils.c (version_string): Include expat version string. Sun Mar 9 09:54:00 2003 Joe Orton * ne_socket.c: Don't declare h_errno on Win32 either. Sun Mar 9 08:49:40 2003 Joe Orton * ne_string.c (do_concat) [HAVE_STPCPY]: Use stpcpy rather than strlen/memcpy, when available. Mon Mar 3 22:17:04 2003 Joe Orton * ne_socket.c [!USE_GETADDRINFO && !HAVE_DECL_H_ERRNO): Declare h_errno (fix build on SCO OpenServer 5.0). Sat Mar 1 21:22:19 2003 Joe Orton * ne_redirect.c (free_redirect): Fix once-per-session memory leak. Sat Mar 1 20:23:47 2003 Joe Orton Add implemention of simple memory leak tracking, for testing purposes. * ne_alloc.c [NEON_MEMLEAK] (tracking_malloc, ne_free_ml, ne_malloc_ml, ne_calloc_ml, ne_realloc_ml, ne_strdup_ml, ne_strndup_ml, ne_memleak_dump): New functions. * memleak.h: New header. Sat Mar 1 13:44:26 2003 Joe Orton First step towards automated memory leak tests. * ne_alloc.c (ne_free): New function. * All files: replace use of free() with ne_free(). Sat Mar 1 09:48:39 2003 Joe Orton * ne_uri.c (ne_path_unescape): Fix memory leak on invalid URI. Sat Mar 1 08:03:18 2003 Joe Orton * ne_string.c (ne_strclean): New function. Wed Feb 26 21:45:12 2003 Joe Orton * ne_request.c (ne_begin_request, proxy_tunnel, open_connection) [NEON_SSL] Don't build CONNECT tunnel support code if SSL is not supported. Wed Feb 26 21:44:18 2003 Joe Orton * ne_utils.c (ne_debug_init): Allow ne_debug_init(NULL, 0) to turn off debugging. Fix to produce debug output if the any of the specified "channels" are active, not all. (also fixing NE_DBG_FLUSH support). Tue Feb 25 23:12:31 2003 Joe Orton * ne_compress.c (process_footer): Mention number of extra bytes in error message for oversized footer. Sun Feb 23 21:19:20 2003 Joe Orton * ne_auth.c (verify_response): Fix to parse nonce count as hex string rather than decimal; fix verification of >9 responses. Thu Feb 13 20:35:45 2003 Joe Orton * ne_session.c (ne_set_useragent): Fix to append "neon/x.y.z" to application-supplied token rather prepend. Thu Feb 13 09:06:22 2003 Joe Orton * ne_request.c (open_connection): Fix for CONNECT tunnelling (regression since 0.23.x), thanks to Nathan Hand . Mon Feb 3 22:10:54 2003 Joe Orton Implement Daniel Stenberg's trick to avoid the slow AF_UNSPEC lookups on Linux: * ne_socket.c (init_ipv6, ipv6_disabled): New function and global. (ne_sock_init): Call init_ipv6. (ne_addr_resolve) [USE_GETADDRINFO]: Pass AF_INET in hints if ipv6_disabled is set. Mon Feb 3 20:55:47 2003 Joe Orton * ne_socket.c [__hpux && USE_GETADDRINFO]: Undefine USE_GETADDRINFO to work around broken implementation in HP-UX 11.11. Mon Jan 27 21:39:31 2003 Joe Orton * ne_socket.c (write_raw): Fix for handling EINTR during write(), from Sergey N Ushakov. Thu Jan 16 21:59:03 2003 Joe Orton Allow _init after _finish to succeed: Sergey N Ushakov. * ne_socket.c (init_result): New global variable. (ne_sock_init): Use init_result global rather than result. (ne_sock_finish): Clear init_result. Fri Dec 27 17:03:17 2002 Joe Orton * ne_request.c (build_request): Remove redundant call to ne_buffer_clear. Fri Dec 27 14:38:08 2002 Joe Orton * ne_request.c (ne_request_create): strdup the method string. (ne_request_destroy): free the method. Mon Dec 23 17:04:32 2002 Joe Orton * ne_socket.c (ne_write, ne_read, ne_close, ne_errno): Renamed macros from NEON_WRITE, NEON_READ, NEON_CLOSE, NEON_ERRNO. All callers changed. Mon Dec 23 16:58:43 2002 Joe Orton Add proper Win32 socket error handling, merged efforts of Johan Lindh and Sergey N Ushakov : * ne_socket.c (ne_errno, NE_ISINTR, NE_ISRESET, NE_ISCLOSED): New macros. [WIN32] (print_error): New function. (set_strerror) [WIN32]: Use print_error. (readable_raw, read_raw, write_raw): Use new error handling macros. (ne_addr_resolve) [WIN32]: Use WSAGetLastError() rather than h_errno. (ne_addr_error) [WIN32]: Use print_error. Tue Dec 10 21:41:26 2002 Joe Orton * ne_socket.c (ne_iaddr_print): Renamed from ne_addr_print for consistency with other ne_iaddr_ functions. Sun Dec 8 20:08:31 2002 Joe Orton * ne_auth.c (get_cnonce): Use GetCurrentThreadId() on Win32. Sun Nov 24 18:45:32 2002 Joe Orton * ne_auth.c: Remove qop_values and algorithm_names arrays. (request_digest): Inlined qop, algorithm name lookups accordingly. Sun Nov 24 16:45:39 2002 Joe Orton * ne_auth.h: Renamed ne_request_auth typedef to ne_auth_creds. * ne_auth.c (auth_session): Renamed reqcreds, recreds_ud fields to creds, userdata. (auth_register, ne_set_proxy_auth, ne_set_server_auth): Update for ne_request_auth rename. Fri Nov 22 17:39:35 2002 Joe Orton * ne_auth.c (auth_challenge): Fix support for RFC2617-style digest auth; notice the qop= parameter in challenge. Fix leak of parsed qop array. Fri Nov 22 17:08:01 2002 Joe Orton * ne_auth.c (get_cnonce): Rewrite to use either pseudo-random data from the SSL library (if available), or really-not-random data from gettimeofday/getpid otherwise. Sun Nov 17 22:13:49 2002 Joe Orton * ne_socket.c (ne_addr_print) [USE_GETADDRINFO]: Use the SACAST() macro. Sun Nov 17 19:29:23 2002 Joe Orton * ne_socket.c (ne_sock_connect): Make address argument const. (raw_connect): Make address argument const; adjust to use a copy of the sockaddr structure, which is correct anyway. (ne_addr_first, ne_addr_next): Make return pointer const. * ne_private.h (struct host_info): Store current address as const. Sun Nov 17 19:03:01 2002 Joe Orton * ne_socket.c (ne_register_progress): Removed function. * ne_socket.h (ne_block_reader, ne_progress, ne_register_progress): Removed. * ne_request.c (do_connect): Don't call ne_register_progress. * ne_request.h: Add ne_block_reader typedef. * ne_session.h: Include sys/types.h; add ne_progress typedef. Sun Nov 17 18:59:29 2002 Joe Orton * ne_socket.c (ne_iaddr_make, ne_iaddr_cmp, ne_iaddr_free): New functions. Mon Nov 11 19:51:24 2002 Joe Orton Allow discovery of document encoding. * ne_xml.c [HAVE_EXPAT]: (struct ne_xml_parser_s): Add encoding field. (decl_handler): New function. (ne_xml_doc_encoding): New function. Mon Nov 11 19:48:43 2002 Joe Orton * ne_xml.c (sax_handler): Use sax_error for fatal error callback. Fri Oct 11 23:50:01 2002 Joe Orton * ne_private.h (struct ne_session_s): Change 'connected' to be a simple boolean flag. * ne_session.c (ne_close_connection): Treat 'connected' as a boolean. * ne_request.c (open_connection): Greatly simplified. Fri Oct 11 00:46:52 2002 Joe Orton * ne_props.c (end_propstat): Fix NULL pointer dereference if no status object is given. Tue Oct 8 20:10:24 2002 Joe Orton * ne_xml.c (ne_xml_create) [!HAVE_EXPAT]: Set 'replaceEntities' flag in created parser so that entities are dereferenced in attribute values. Mon Oct 7 22:08:46 2002 Joe Orton * ne_socket.c (init_ssl): Attempt to seed PRNG using EGD socket at path EGD_PATH or a set of predetermined locations if EGD_PATH is not defined. No longer try $EGDSOCKET or $HOME/.entropy. Mon Oct 7 21:32:33 2002 Joe Orton * ne_auth.c (register_hooks): Removed function. (auth_register): Fold in register_hooks. Tue Sep 24 21:24:44 2002 Joe Orton * ne_request.c (ne_request_create): Pass Request-URI to create_request hooks. Tue Sep 24 20:42:45 2002 Joe Orton * ne_socket.c [__hpux]: Define _XOPEN_SOURCE_EXTENDED to 1, to pick up h_errno definition on HP-UX 10.20. Wed Sep 18 21:46:28 2002 Joe Orton * ne_compress.c (struct ne_decompress_s): Add zstrinit field. (gz_reader): Set zstrinit after inflateInit2 succeeds. (ne_decompress_destroy): Only call inflateEnd if zstrinit is set. Wed Sep 18 19:56:00 2002 Joe Orton * ne_auth.c: Remove incomplete domain support. Tue Sep 17 21:05:11 2002 Joe Orton Fix rejection of server certificates which have commonName as the least specific attribute. * ne_session.c (check_identity): Don't ignore commonName if it is the least specific attribute. Tue Sep 10 21:08:18 2002 Joe Orton * ne_request.c (lookup_host): Destroy cached address if resolve fails; fix segfault if a second request in the session is dispatched after the DNS lookup fails on the first. Mon Sep 9 22:26:03 2002 Joe Orton * ne_request.c (RETRY_RET): Treat SSL truncation as a legitimate persistent connection timeout. Fri Aug 30 21:58:45 2002 Joe Orton * ne_request.c (read_response_block): Clear can_persist flag if an EOF was read (fix for read-till-EOF response terminated by an unclean SSL shutdown). Mon Aug 26 18:05:00 2002 Joe Orton * ne_socket.c: Fix HAVE_LIMITS check (Blair Zajac). Sun Aug 25 23:29:06 2002 Joe Orton * ne_request.c (do_connect): Add debug message for connection attempt. Sun Aug 25 22:54:04 2002 Joe Orton * ne_socket.h (ne_addr_print): Make address argument const. Sun Aug 25 11:52:32 2002 Joe Orton * ne_socket.c (ne_addr_print): New function. Sun Aug 25 10:09:10 2002 Joe Orton Fix interop with Tomcat/3.2 SSL server, which performs an unclean shutdown on an HTTP/1.0 response without a C-L header. * ne_request.c (read_response_block): Ignore SSL connection truncation for a read-till-EOF response, where no reseponse content has been read yet. (ne_read_response_block): Always increase 'total' counter. Sun Aug 25 08:47:41 2002 Joe Orton * ne_request.c (aborted): Handle code=0 case specifically, and NE_SOCK_* as default. Sun Aug 25 08:24:48 2002 Joe Orton * ne_socket.h: Add `NE_SOCK_TRUNC' return value. * ne_socket.c (error_ossl): Return NE_SOCK_TRUNC when an EOF is received without a close_notify. Sat Aug 24 17:37:14 2002 Joe Orton * ne_socket.h (ne_inet_addr): New type. (ne_addr_first, ne_addr_next): New public interface. (ne_sock_connect): Change first parameter to ne_inet_addr. * ne_socket.c: Predefine ne_inet_addr for ne_socket.h, replacing ne_raw_addr. (ne_addr_first, ne_addr_first): Renamed from addr_first, addr_next; return type now ne_inet_addr; made public. (ne_sock_connect): Fold in make_socket() macro; just connect to single IP address passed in. * ne_private.h (struct host_info): Renamed 'addr' to 'address', dded 'current' field, removed 'resolved' field. * ne_request.c (lookup_host): Adjust for addr->address rename. (ne_begin_request): Call lookup_host if 'address' is NULL in host_info structure, don't use 'resolved' flag. (do_connect): Replaces init_socket; factor more code out from open_connection. Loop over available addresses until an ne_sock_connect call succeeds. (open_connection): Moved code into do_connect. * ne_session.c (ne_session_destroy): Adjust for addr->address rename. Sat Aug 24 13:45:26 2002 Joe Orton * ne_string.c (count_concat, do_concat): Compact into while() loops. Sat Aug 24 13:36:04 2002 Joe Orton * ne_private.h (VERSION_PRE11): Removed macro. (struct ne_session_s): Add is_http11 field; removed version_major, version_minor fields. * ne_request.c (add_fixed_headers): Use is_http11 flag rather than VERSION_PRE11 macro. (ne_begin_request): Set and use is_http11 flag. * ne_session.c (ne_version_pre_http11): Use is_http11 flag. (ne_session_create): Don't set version_major, version_minor fields. Sat Aug 24 09:00:13 2002 Joe Orton * ne_request.c (struct ne_request_s): Removed abs_path field. (ne_set_request_uri): Removed function. (ne_request_create): Set req->uri to be the actual Request-URI. Don't use an absoluteURI in Request-URI if using SSL via a proxy tunnel, or if passed-in path does not begin with a '/'. (build_request): Use pre-determined Request-URI. (proxy_tunnel): Pass true Request-URI to ne_request_create. (ne_request_destroy): Don't free abs_path. Sat Aug 24 00:37:25 2002 Joe Orton * ne_request.c (aborted): Fix handling of _CLOSED and _TIMEOUT socket errors, and of non-socket errors. Presume ne_sock_error cannot return NULL. Sat Aug 24 00:07:33 2002 Joe Orton * ne_cookies.c (set_cookie_hdl): Ensure that each cookie field is safe to free(). Fri Aug 23 23:46:58 2002 Joe Orton * ne_request.c (aborted): Close the connection after setting the session error, otherwise the socket error is lost. Fri Aug 23 22:50:30 2002 Joe Orton * ne_socket.c (ne_sock_init): Set SIGPIPE disposition before SSL library initalization, so it happens even if SSL library initialization fails. Fri Aug 23 22:03:26 2002 Joe Orton * ne_socket.c [USE_GETADDRINFO] (make_socket): Pass SOCK_STREAM to socket() rather than ai_socktype: on RHL6.2, ai_socktype is returned as zero. Wed Aug 21 18:06:36 2002 Joe Orton * ne_socket.c: Reinstate stdlib.h include. * ne_socket.h: Reinstate sys/socket.h include. Wed Aug 21 12:58:47 2002 Joe Orton * ne_socket.c (ne_addr_resolve): Accept IPv6 addresses enclosed in square brackets. Wed Aug 21 09:37:24 2002 Joe Orton * ne_uri.c (ne_uri_parse): Parse literal IPv6 address using the RFC2732 `[address]' syntax. Mon Aug 19 17:18:45 2002 Joe Orton * ne_socket.c (ne_addr_error): Override a horribly generic error message from gai_strerror(). Mon Aug 19 16:24:37 2002 Joe Orton * ne_socket.h: Remove netinet/in.h etc includes. (ne_sock_addr): Add new opaque type. (ne_addr_resolve, ne_addr_result, ne_addr_error, ne_addr_destroy): New functions. (ne_sock_connect): Changes address argument to `ne_sock_addr *'. (ne_name_lookup): Removed function. * ne_socket.c: Added netinet/in.h etc includes. (ne_sock_addr, ne_raw_addr): Define types. (make_socket): New macro. (ne_addr_resolve): Replace ne_name_lookup; store results (multiple addresses if returned) in returned ne_sock_addr object. Use getaddrinfo() if available. (raw_connect, addr_first, addr_next, ne_addr_result, ne_addr_error, ne_addr_destroy): New functions. (ne_sock_connect): Re-implement to loop through available addresses until a connect() succeeds; use make_socket, raw_connect auxiliaries. * ne_private.h (struct host_info): Store an ne_sock_addr pointer. * ne_request.c (lookup_host): Use new ne_addr_* interface. * ne_session.c (ne_session_destroy): Destroy address objects. Mon Aug 19 00:19:49 2002 Joe Orton * ne_socket.c: Move prng_seeded inside ifdef NEON_SSL region to prevent unused variable warning for non-SSL build. Sun Aug 18 23:21:21 2002 Joe Orton * ne_string.h (ne_strerror): Return buffer. Sun Aug 18 23:17:56 2002 Joe Orton * ne_socket.c (set_error): Use ne_strnzcpy. Sun Aug 18 23:14:07 2002 Joe Orton * ne_string.c (ne_strerror): Use ne_strnzcpy. Sun Aug 18 23:11:45 2002 Joe Orton * ne_string.h (ne_strnzcpy): New macro. Sun Aug 18 22:48:27 2002 Joe Orton * ne_socket.c (ne_sock_init): Check directly for SIGPIPE definition rather than HAVE_SIGPIPE. Sun Aug 18 13:49:49 2002 Joe Orton * ne_session.c (set_hostport): Use %u for printing unsigned int. Sun Aug 18 13:47:43 2002 Joe Orton * ne_utils.h (NE_DBG_SSL): New constant. * ne_session.c [NEON_SSL] (everywhere): Use NE_DBG_SSL channel for debugging messages. Sun Aug 18 08:17:19 2002 Joe Orton * ne_session.c (match_hostname): Fix to use case-insensitive string comparison. Sun Aug 18 08:10:12 2002 Joe Orton * ne_session.c (check_identity): Check the commonName if no alt. names of DNS type were found. Sun Aug 18 07:39:35 2002 Joe Orton * ne_session.c (check_identity): Use the most specific commonName attribute found, not the first. (for RFC2818 compliance) Sun Aug 18 01:54:53 2002 Joe Orton * ne_session.c (match_hostname): Invert return value. (check_identity): New function; split out commonName check from check_certificate, check subjectAltName extension instead if present. (check_certificate): Use check_identity. Sat Aug 17 19:59:21 2002 Joe Orton * ne_session.c (check_certificate): Extend debugging code to dump the whole certificate chain, but #if 0 it by default. Mon Aug 12 12:04:51 2002 Joe Orton * ne_request.c (aborted): Use NE_FMT_SSIZE_T to print ssize_t value. Mon Aug 12 11:08:35 2002 Joe Orton Support PRNG seeding via EGD to make SSL work on platforms which lack /dev/random: * ne_socket.c (init_ssl): New function. (ne_sock_init): Call init_ssl, set prng_seeded global on success. (ne_sock_use_ssl_os): Fail early if prng_seeded is not set, and RAND_status returns false. Tue Aug 6 07:18:30 2002 Joe Orton * ne_socket.c (ne_sock_use_ssl_os): Remove goto-based error handling. Don't call SSL_shutdown after SSL_connect fails. Mon Aug 5 23:18:55 2002 Joe Orton * ne_session.c (ne_ssl_keypw_prompt): Don't set SSL_CTX default password callbacks, since these are never invoked. Implement once, stub for !NEON_SSL is no longer needed. Mon Aug 5 21:01:54 2002 Joe Orton * ne_session.c (ne_ssl_load_pem): Pass private key prompt callback to PEM_read_X509, PEM_read_PrivateKey (patch by Daniel Berlin). Also handle errors properly; call ERR_get_error() to pop the errors of the error stack. Mon Aug 5 20:15:10 2002 Joe Orton * ne_session.c (provide_client_cert): Increase reference count on key and certificate, to prevent them being free'd too early. Sun Aug 4 22:35:27 2002 Joe Orton Fix `retry_after_abort' test in request.c: * ne_request.c (send_request): Don't use the 'persisted' flag until after a new connection has been opened, when it may have been reset. Sun Aug 4 17:26:37 2002 Joe Orton * ne_request.c (struct ne_request_s): Remove reqbuf field. (ne_request_create, ne_request_destroy): Don't (de)allocate reqbuf. (build_request): Allocate the returned buffer internally. (ne_begin_request): Destroy the buffer after use. Sun Aug 4 15:36:01 2002 Joe Orton * ne_session.c (ne_ssl_load_pem): Close file after use. Sun Aug 4 12:55:49 2002 Joe Orton Factor out EPIPE, ECONNRESET handling from write_raw: * ne_socket.c (MAP_ERR): New macro. (write_raw, error_ossl): Use MAP_ERR. Sun Aug 4 12:25:34 2002 Joe Orton * ne_socket.c (ne_sock_switch_ssl): New function. Sun Aug 4 12:24:23 2002 Joe Orton * ne_socket.c (ne_sock_switch_ssl): New function, really just for test suite. Sat Aug 3 22:11:33 2002 Joe Orton * ne_auth.c (ne_forget_auth): Fix segfault if either server or proxy auth is not in use. Sat Aug 3 22:06:32 2002 Joe Orton * ne_redirect.c (create, post_send, ne_redirect_register, ne_redirect_location): Updated for new hook interface. Sat Aug 3 19:02:33 2002 Joe Orton Adjustment of hook interface and use: fixing a design flaw causing a segfault in the auth hooks when two requests are used concurrently for a single session during a CONNECT tunnel. * ne_request.h, ne_session.h: (ne_get_request_private, ne_get_session_private): Replace ne_request_hook_private, ne_session_hook_private. (ne_set_session_private, ne_set_request_private): Replace ne_hook_session_accessor, ne_hook_request_accessor. * ne_request.h (ne_create_request_fn, ne_pre_send_fn, ne_post_send_fn): Add ne_request pointer as first argument. (ne_hook_destroy_request): Take ne_destroy_req_fn function. (ne_hook_destroy_session): Take ne_destroy_sess_fn function. * ne_request.c (struct ne_request_s): Renamed `accessor_hooks' field to `private'. (get_private): Renamed from call_access; don't invoke function. (ne_null_accessor): Removed function. * ne_auth.c (struct auth_class): Store hook id. (auth_session): Remove auth_request pointer. (ah_create): Store auth_request pointer as request-private data. (ah_pre_send, ah_post_send, ah_destroy): Retrieve auth_request pointer from request-private data. (register_hooks, ne_forget_auth): Use ne_{get,set}_session_private. * ne_locks.c (struct lh_req_cookie): New structure. (struct ne_lock_store_s): Remove submit_locks field. (lk_create, lk_pre_send, submit_lock, ne_lock_using_resource, ne_lock_using_parent, lk_destroy): Adjust to use lh_req_cookie pointer as request-private data. * ne_cookies.c (create, pre_send): Adjust for hook prototype changes. Wed Jul 31 23:46:17 2002 Joe Orton * ne_socket.c [NEON_SSL]: Include limits.h for INT_MAX definition. Mon Jul 29 20:55:57 2002 Joe Orton * ne_auth.c (struct auth_class): New structure; abstracts out proxy/server generic auth handling more cleanly. (ah_server_class, ah_proxy_class): Declare variables. (auth_session): Reference an auth_class structure. (auth_register): Replaces auth_create. (ne_set_server_auth, ne_set_proxy_auth): Simplify, use auth_register. (everywhere): Reference req_hdr etc via ->spec-> reference. Sun Jul 28 12:29:23 2002 Joe Orton * ne_request.c (proxy_tunnel): Reset 'persisted' flag, so that a newly tunnelled connection is not treated as persistent. Sun Jul 28 12:26:49 2002 Joe Orton * ne_string.h (CONCAT2, CONCAT3, CONCAT4): Removed macros. Thu Jul 25 23:16:00 2002 Joe Orton * ne_request.c (send_request): Don't clear retry until a status-line has been read. Thu Jul 25 00:03:17 2002 Joe Orton * ne_auth.c (basic_challenge, request_basic): Use ne_concat not the CONCAT? macros. * ne_basic.c (ne_mkcol): Use ne_concat not the CONCAT2 macro. Wed Jul 24 00:16:39 2002 Joe Orton * ne_string.c (count_concat, do_concat): Factored out from ne_buffer_concat. (ne_buffer_concat): Rewrite to use count_concat, do_concat. (ne_concat): New (resurrected) function. Thu Jul 18 21:52:12 2002 Joe Orton * ne_request.c (proxy_tunnel): Don't use server.hostport in Request-URI; always include `:port' even if default port is used; fix CONNECT through Inktomi Traffic-Server. Thu Jul 18 21:33:43 2002 Joe Orton * ne_request.c (aborted, ne_set_request_body_fd): Use ne_strerror. * ne_session.c (ne_ssl_load_pem, ne_ssl_load_pkcs12): Use ne_strerror. * ne_basic.c (get_to_fd): Use ne_strerror. Thu Jul 18 20:19:30 2002 Joe Orton * ne_string.c (ne_strerror): New function. * ne_socket.c (set_strerror): Move portability logic to ne_strerror; just use that here. Thu Jul 18 20:00:46 2002 Joe Orton * ne_socket.c (read_raw, write_raw): Don't re-evaluate 'errno', per Ulrich Drepper's advice. Wed Jul 17 23:47:01 2002 Joe Orton * ne_socket.c (struct ne_socket_s): Store buffer for error string. (set_error, set_strerror): New macros. (everywhere): Use set_error, set_strerror or ne_snprintf to set the socket error string. Wed Jul 17 23:19:18 2002 Joe Orton * ne_utils.c (ne_version_match): Fix inverted minor version test. Sun Jul 14 20:13:59 2002 Joe Orton * ne_uri.h (ne_uri): Store port as unsigned. * ne_uri.c (ne_uri_defaultport): Return unsigned int, and zero for undefined port. Sun Jul 14 20:07:35 2002 Joe Orton * ne_session.c (ne_session_proxy): Take port parameter as unsigned int, as per ne_session_create. Sun Jul 14 20:03:21 2002 Joe Orton * ne_request.c (strip_eol): Take ssize_t 'len' parameter. (read_message_header): Use ssize_t for 'n'. Sun Jul 14 12:45:40 2002 Joe Orton * ne_socket.c (ne_sock_use_ssl_os): Unconditionally enable SSL_MODE_AUTO_RETRY now OpenSSL 0.9.6 is required. Sun Jul 14 12:15:40 2002 Joe Orton * ne_xml.h (NE_XML_MEDIA_TYPE): New definition. * ne_acl.c (ne_acl_set), * ne_props.c (ne_proppatch, propfind): Use NE_XML_MEDIA_TYPE, rather than hard-coding the incorrect "text/xml" media type. Sun Jul 14 10:53:33 2002 Joe Orton * ne_utils.c (ne_version_match): Replace ne_version_minimum. Sat Jul 13 11:40:37 2002 Joe Orton * ne_session.c (ne_negotiate_ssl): Include socket error string in session error if SSL negotiation fails. Sat Jul 13 11:27:50 2002 Joe Orton * ne_socket.c (error_ossl): New function. (ERROR_SSL_STRING): Removed macro. (CAST2INT): New macro; safety harness for OpenSSL compatibility. (read_ossl, write_ossl): Use error_ossl, CAST2INT. (ne_sock_use_ssl_os): Use error_ssl. Sat Jul 13 11:16:07 2002 Joe Orton * ne_socket.c: Define ECONNRESET as WSAECONNRESET on Win32. Sat Jul 13 10:10:03 2002 Joe Orton * ne_private.h (struct ne_session_s): Replace 'reqcount' with 'persisted' flag. * ne_request.c (ne_end_request): Set 'persisted' flag if connection is left open. (send_request): Adjust to allow retry if 'persisted' flag is set. (init_socket): Clear 'persisted' flag here... (open_connection): ... rather than here. Wed Jul 10 22:51:39 2002 Joe Orton * ne_request.c (RETRY_RET): Retry on an NE_SOCK_RESET too. (send_request): Fix to only retry if not on the first request on a connection (close_not_retried test). Sun Jul 7 20:49:09 2002 Joe Orton * ne_socket.h: Add NE_SOCK_RESET return value; improve comments. * ne_socket.c (read_raw, write_raw): Return NE_SOCK_RESET if an ECONNRESET error is received when reading or writing. Sat Jul 6 13:30:15 2002 Joe Orton * ne_request.c (read_status_line, discard_headers): New functions, split out from send_request. (send_request_body): Move debugging here from send_request. (RETRY_RET): Renamed from CAN_RETRY. (send_request): Simplify: remove complex 100-continue graceful failure logic; use read_status_line, discard_headers, RETRY_RET. Fix to only send request body once (expect_100_once test case). Fix to not return NE_RETRY if reading status-line other than the first fails (fail_eof_continued test case). Fri Jul 5 21:47:49 2002 Joe Orton * ne_request.c (build_request): Fix from previous commit: clear the buffer before building the request. Fri Jul 5 21:00:20 2002 Joe Orton * ne_request.c (build_request): Fold Host header and Request-Line into single ne_buffer_concat call. Don't set req->use_expect100 here. Fold an if/else into an ?:. Optimise to use ne_buffer_append to add 100-continue, user-supplied headers, and trailing EOL, since they all have known lengths. (send_request): Take request data as argument. (ne_begin_request): Call build_request here; pass to send_request. Move Expect100 logic here. Fri Jul 5 17:12:56 2002 Joe Orton * ne_basic.c (ne_read_file): Removed function. Fri Jul 5 17:10:11 2002 Joe Orton * ne_compress.c (process_footer): Take unsigned char buffer. Store calculated CRC in a uLong. (do_inflate, gz_reader): Cast buffers to unsigned char for strict compatibility with zlib interface. Wed Jul 3 19:21:17 2002 Joe Orton * ne_request.c (struct ne_request_s): Use a fixed char array for respbuf field. (ne_request_create, ne_request_destroy): Don't allocate respbuf dynamically. (send_request): Move 'buffer' to appropriate scope. (ne_request_dispatch): Remove 'buffer'; read into respbuf. Tue Jul 2 08:35:05 2002 Joe Orton * ne_request.c (proxy_tunnel): Remove redundant sess->connected assignment. Sun Jun 30 21:04:50 2002 Joe Orton * ne_request.c (ne_begin_request): Only set host->resolved if lookup is successful. Sun Jun 30 18:25:51 2002 Joe Orton * ne_request.c (SOCK_ERR): New macro. (struct ne_request_s): Remove 'forced_close' field. (aborted): Renamed from set_sockerr; also closes connection and prints message in debug log. (send_request_body): Don't use set_sockerr or set forced_close. (read_response_block, read_message_header): Use SOCK_ERR; adjust to use aborted(). (ne_read_response_block, read_response_headers): Don't set forced_close. (CAN_RETRY): New macro. (send_request): Adjust to use CAN_RETRY(); use aborted() to make sure connection is closed in error cases. (ne_begin_request): Don't close connection here in error cases; don't use forced_close. (open_connection): Adjust to use aborted() not set_sockerr(). Sun Jun 30 17:26:41 2002 Joe Orton * ne_session.c (ne_close_connection): Clarify debug messages. Sun Jun 30 14:36:11 2002 Joe Orton * ne_request.c (read_response_block): Fail on chunk size lines which contain no valid chunk size digits. Sun Jun 30 12:35:35 2002 Joe Orton * ne_session.c (ne_negotiate_ssl): Use ne_get_session rather than req->session. * ne_request.c (struct header_handler, struct body_reader, struct ne_request_s): Moved from ne_private.h. Sun Jun 30 12:13:58 2002 Joe Orton Cleanup of response handling: * ne_private.h (struct ne_response): Replace 'is_chunked' field with 'mode' enum. * ne_request.c (te_hdr_handler): Set mode. (connection_hdr_handler): Reset can_persist for 'close'. (clength_hdr_handler): New function. (ne_request_create): Use clength_hdr_handler to parse Content-Length header. (read_response_block, ne_read_response_block): Adapt for 'mode' enum; simplify. (normalize_response_length): Removed function. (ne_begin_request): Fold in normalize_response_length logic. (ne_end_request): Simplify logic. Sun Jun 30 11:08:26 2002 Joe Orton * ne_session.c: Remove X509_NAME workaround in favour of a neon.mak change. Tue Jun 25 23:14:34 2002 Joe Orton * ne_session.c: Undefine X509_NAME if it is defined (by a Windows header). Tue Jun 25 22:51:15 2002 Joe Orton * ne_socket.c: Rename READ_BUFFER to RDBUFSIZ. Tue Jun 25 21:07:13 2002 Joe Orton * ne_private.h (struct host_info): Store port as unsigned int. * ne_session.c (set_hostport, set_hostinfo, ne_session_create): Take port argument as unsigned int. * ne_socket.c (ne_sock_connect): Take port argument as unsigned int. Tue Jun 25 20:59:14 2002 Joe Orton * ne_utils.h [__GNUCC__] (NE_DEBUG): Remove implementation using GNU C extensions. Sun Jun 23 22:47:52 2002 Joe Orton * ne_request.c (set_request_uri): Renamed from ne_set_request_uri; made static. (ne_request_create): Update accordingly. * ne_private.h (ne_set_request_uri): Removed prototype. Sun Jun 23 15:40:57 2002 Joe Orton * ne_request.c (send_request, ne_request_destroy): Free reason_phrase now it is malloc-allocated. Sun Jun 23 14:59:04 2002 Joe Orton Simplify given loss of const qualifier on ne_status.reason_phrase: * ne_props.c (struct propstat): Remove r_phrase field. (end_propstat, free_propset): Use status.reason_phrase not r_phrase field. Sun Jun 23 14:42:22 2002 Joe Orton * ne_207.h (ne_207_end_response, ne_207_end_propstat): Remove status_line parameter from callbacks. * ne_207.c (struct ne_207_parser_s): Remove status_line field. (end_element): Don't store status_line. (handle_error): Drop status_line argument, recreate dummy status line from status object. (end_response, end_propstat): Drop status_line arguments. * ne_props.c (end_propstat, end_response): Drop status_line arguments. Sun Jun 23 14:39:00 2002 Joe Orton * ne_utils.h (ne_status): Remove const qualifier from 'reason_phrase' field. * ne_utils.c (ne_parse_statusline): strdup the reason_phrase on successful return. Sun Jun 23 11:39:24 2002 Joe Orton * ne_compress.c (struct ne_decompress_s): Replace footer union with buffer. (BUF2UINT): New macro. (process_footer): Convert footer to integer in a portable manner, using BUF2UINT. Sun Jun 23 09:05:25 2002 Joe Orton * ne_compress.c (ne_decompress_s): Use unsigned int for 32-bit integers, not uLong (fix for 64-bit platforms). Wed Jun 19 18:46:40 2002 Joe Orton * ne_session.c (ne_session_destroy): Don't leak the proxy hostname. Sun Jun 16 14:09:31 2002 Joe Orton * ne_request.c (read_response_block): Use NE_FMT_SSIZE_T rather than %d, cast field precision argument to int. (ne_pull_request_body): Use ssize_t for store callback return value, use NE_FMT_SSIZE_T rather than %d, cast field precision argument to int. Sun Jun 16 12:15:19 2002 Joe Orton * ne_session.c (ne_negotiate_ssl): Don't leak peer certificate in error cases. Fix spelling mistake in error message. Sun Jun 16 11:23:23 2002 Joe Orton * ne_request.c (open_connection): When SSL negotation fails after doing CONNECT request, use ne_close_connection so that sess->connection is reset to 0, and ne_sock_close isn't called twice for the socket. Wed Jun 12 23:22:20 2002 Joe Orton * ne_props.c (ne_proppatch): Add missing call to ne_lock_using_resource. Mon Jun 10 20:45:27 2002 Joe Orton * ne_auth.c (verify_response): Remove redundant prototype, fix sscanf format string to use signed integer. Mon Jun 10 20:13:57 2002 Joe Orton * ne_compress.c (do_inflate): Continue calling inflate() whilst unconsumed input remains: fix from Justin Erenkrantz . Mon Jun 10 19:53:59 2002 Joe Orton * ne_socket.c (ne_sock_readline): If a complete line is found in the buffer, avoid the memmove() and simply copy the line directly out of the buffer. Sun Jun 9 11:39:20 2002 Joe Orton * ne_redirect.c (post_send): Perform simple relative URI resolution. Tue Jun 4 16:51:54 2002 Joe Orton * ne_uri.c (ne_path_parent): Simplify. Mon Jun 3 17:50:27 2002 Joe Orton * ne_cookies.c (set_cookie_hdl): Avoid free'ing cookie name/value, thanks to Dan Mullen. Mon Jun 3 17:45:33 2002 Joe Orton * ne_string.c (ne_base64): Use size_t for outlen. Mon Jun 3 17:42:34 2002 Joe Orton * ne_utils.h, ne_socket.h [WIN32]: Move ssize_t definition to ne_socket.h. Mon Jun 3 17:27:21 2002 Joe Orton * ne_request.c (read_response_block): Use correct types for passing to/from ne_sock_*. Mon Jun 3 11:32:20 2002 Joe Orton * ne_compress.c (ne_decompress_destroy): Don't fail if response reader callback is never invoked. Sun Jun 2 12:51:35 2002 Joe Orton * ne_socket.c (read_ossl, read_raw): Call readable_{ossl,raw} function here. (ne_sock_read, ne_sock_peek, ne_sock_readline): Remove explicit calls to ops->readable before ops->read. Thu May 30 22:00:07 2002 Joe Orton * ne_socket.c (ne_sock_readline): Optimise to use socket read buffer directly, and use ->read (and ->readable) functions. Tue May 28 17:00:34 2002 Joe Orton * ne_session.c (ne_session_destroy): Don't free proxy.hostport, since it's no longer set. Sun May 26 19:11:46 2002 Joe Orton * ne_xml.c: #error if no expat header is configured; flatten nested #if's, include libxml/xmlversion.h if present. Sun May 26 19:09:04 2002 Joe Orton * ne_utils.c: Include libxml/xmlversion.h if present. Sun May 26 11:55:30 2002 Joe Orton * ne_session.c (set_hostport): Renamed from get_hostport: set host_info field directly; take defaultport argument. (set_hostinfo): Don't use get_hostport. (ne_session_create): Use set_hostinfo and set_hostport; pass in default port correctly for http:/https:. Thu May 23 19:44:44 2002 Joe Orton * ne_xml.c (resolve_nspace): Split out from parse_element. (ne_xml_get_attr): Take parser object, and optional namespace; resolve the namespace if necessary. (parse_element): Use resolve_nspace. * ne_props.c (startelm): Use new ne_xml_get_attr interface. Wed May 22 22:29:05 2002 Joe Orton * ne_dates.c: Renamed HAVE_TM_GMTOFF to HAVE_STRUCT_TM_TM_GMTOFF from use of AC_CHECK_MEMBERS. Tue May 21 21:21:31 2002 Joe Orton * ne_redirect.c (ne_redirect_register): Drop confirm, notify, userdata arguments. (struct redirect): Drop most fields; add a uri structure. (auto_redirect): Removed function. (post_send): Remove functionality which retries a request with a different URI to automatically follow redirects. Qualify the URI if non-absolute. (create): Remove now redundant code. (ne_redirect_location): Return an ne_uri object. Sun May 19 18:53:22 2002 Joe Orton * ne_session.c (ne_set_useragent): Use strcat/malloc/strcpy directly, rather than CONCAT2; allow compiler optimisations. (AGENT): Renamed from NEON_USERAGENT, append space. Sun May 19 17:31:43 2002 Joe Orton Move everything exported by ne_socket.h into ne_*/NE_* namespace; purge inappropriate and unused interfaces. Renaming done by Olof Oberg. * ne_socket.h: (SOCK_FULL): Removed constant. (sock_call_progress, sock_transfer, sock_sendline, sock_send_string, sock_readfile_blocked): Removed functions. (NE_SOCK_ERROR, NE_SOCK_TIMEOUT, NE_SOCK_CLOSED): Renamed constants. (ne_progress, ne_block_reader): Renamed types. (ne_register_progress, ne_sock_init, ne_sock_exit, ne_sock_read, ne_sock_peek, ne_sock_block, ne_sock_fullwrite, ne_sock_readline, ne_sock_connect, ne_sock_accept, ne_sock_fd, ne_sock_error, ne_sock_read_timeout, ne_name_lookup, ne_service_lookup, ne_sock_use_ssl, ne_sock_use_ssl_os): Renamed functions. * ne_private.h, ne_request.c, ne_session.c: Update accordingly. * ne_request.c (build_request): Return the ne_buffer pointer. (send_request): Remove redundant strlen(), use known buffer length. * ne_request.h: Drop ne_block_reader definition. Sun May 19 13:32:12 2002 Joe Orton * ne_request.c (ne_get_session, ne_get_request): Take const request pointer. Sun May 19 13:21:17 2002 Joe Orton * ne_string.c (ne_buffer_ncreate): Renamed from ne_buffer_create_sized. * ne_session.c (check_certificate, provide_client_cert): Update accordingly. * ne_request.c (ne_request_create): Update accordingly. Sun May 19 13:12:14 2002 Joe Orton * ne_string.c (ne_token): Drop quotes parameter. (ne_qtoken): Split out from ne_token. * ne_basic.c (dav_hdr_handler, ne_content_type_handler): Use ne_qtoken. * ne_compress.c (find_token): Removed function. (gz_reader): Compare header value directly against "gzip", remove a stale comment. Sun May 19 09:45:28 2002 Joe Orton * ne_socket.h (sock_fullread): Return ssize_t; takes buflen as size_t. (sock_read, sock_peek): Fix prototypes to match actual definition. * ne_socket.c (write_raw): Return ssize_t. Sat May 18 14:53:45 2002 Joe Orton * ne_string.h (ne_buffer): Remove separate struct ne_buffer_s definition. * ne_string.c (ne_buffer_create_sized): Don't use struct ne_buffer_s. Sun May 12 11:33:02 2002 Joe Orton * ne_string.c (ne_base64): Moved from base64.c. * base64.c, base64.h: Removed files. * Makefile.in: Updated accordingly. * ne_auth.c: Don't include base64.h. Sun May 12 11:26:05 2002 Joe Orton * ne_string.h (ne_utf8_decode, ne_utf8_encode): Removed functions. Sat May 11 15:42:24 2002 Joe Orton As part of patch from Olof Oberg : * ne_request.h (ne_destroy_fn): Renamed from typo'ed ne_destory_fn. * ne_request.c (ne_request_destroy, ne_hook_destroy_request, ne_hook_destroy_session): Update accordingly. * ne_session.c (ne_session_destroy): Update accordingly. Thu May 9 21:44:15 2002 Joe Orton Major improvements to socket layer to incorporate socket read buffering and rewrite sock_readline, and add an abstraction layer to simplify SSL support. Grunt work by Jeff Johnson * ne_socket.c (struct iofns): New type. (struct nsocket_s): Store 'ops' pointer to I/O functions in use for the socket. Add buffer, bufpos, bufavail fields for read buffering. (sock_block, sock_read, sock_peek): Reimplement to add read buffer, simplify to use I/O functions abstraction. (readable_raw, read_raw, write_raw, readable_ossl, read_ossl, write_ossl): Factored out from sock_read/fullwrite, avoiding in-lined ifdefs. (sock_fullwrite): Just use ops->write. (sock_readline): Simplify greatly to exploit read-buffering, return ssize_t. (sock_fullread): Simplify, removing unnecessary local variables, return ssize_t. (create_sock, sock_enable_ssl_os): Set ops pointer. Wed May 8 11:54:48 2002 Joe Orton * ne_socket.c (sock_name_lookup): Avoid casts; use INADDR_NONE. [!INADDR_NONE]: Define to (unsigned long) -1. Wed May 1 22:19:18 2002 Joe Orton * ne_locks.h (ne_lock): Document that ->token and ->owner fields must be malloc-allocated if non-NULL. Wed May 1 22:15:41 2002 Joe Orton * ne_locks.c (get_ltoken_hdr): New function. (ne_lock): Correctly parse Coded-URL from Lock-Token response header. Wed May 1 22:03:08 2002 Joe Orton * ne_redirect.c (post_send): Adjust for ne_uri_parse handling of unspecified port. Wed May 1 22:00:50 2002 Joe Orton * ne_session.c (provide_client_cert): Fail if peer certificate not known when client cert requested. Wed May 1 21:58:35 2002 Joe Orton * ne_session.h (ne_ssl_provide_fn): Adjust callback typedef to return void. Wed May 1 21:52:40 2002 Joe Orton * ne_request.h: Remove NE_SERVERAUTH and NE_AUTHPROXY; fix NE_PROXYAUTH description. Wed May 1 21:32:54 2002 Joe Orton * ne_uri.c (ne_uri_parse): For consistency, port field is 0 if unspecified. Tue Apr 30 10:05:48 2002 Joe Orton * ne_string.c (shave_string): Removed function. Tue Apr 23 21:19:53 2002 Joe Orton * ne_props.c (start_propstat, startelm): Use ne_realloc not realloc (thanks to Jeff Johnson). Tue Apr 23 20:55:56 2002 Joe Orton * ne_xml.c: Include parser.h or libxml/parser.h, depending on which is found. Mon Apr 15 00:37:43 2002 Joe Orton * ne_request.c (build_request, send_request): Simplify logic. Sun Apr 14 16:59:50 2002 Joe Orton * ne_props.c: Remove unused accidental 'propstat' global. (struct propstat): Add r_phrase field. (end_propstat): Dup the reason_phrase string. (free_propset): Free the reason_phrase. Avoid another possible free(NULL) call. Sun Apr 14 12:00:54 2002 Joe Orton * ne_basic.c (ne_content_type_handler): For text/* media types, use default charset of ISO-8859-1. Sat Apr 13 23:11:07 2002 Joe Orton * ne_utils.h: Include trio.h if NEON_TRIO is defined. Sun Apr 7 17:38:14 2002 Joe Orton * ne_request.c (read_response_headers): Don't zero-initialize hdr. Sun Apr 7 17:15:23 2002 Joe Orton * ne_request.c (read_response_headers): Ignore whitespace between header name and colon, simplify logic a little. Sun Apr 7 14:09:07 2002 Joe Orton * ne_session.c (ne_ssl_readable_dname): New function. Sun Apr 7 12:32:25 2002 Joe Orton * ne_string.c (ne_buffer_destroy): Remove redundant check for data pointer being NULL. Wed Apr 3 19:44:59 2002 Joe Orton Optimisation/simplification of header name hashing. * ne_request.c (hash_and_lower): Renamed from hdr_hash; convert string to lower-case in-place too. (lower_string): Removed function. (ne_add_response_header_handler): Use hash_and_lower rather than lower_string. (HH_ITERATE): Change parameter name to 'ch'. Fri Mar 29 23:00:57 2002 Joe Orton * ne_uri.c (ne_uri_parse): Minor optimisation. Mon Mar 25 21:45:36 2002 Joe Orton Pass a lock context around during LOCK processing; search for the correct element in the response body. * ne_locks.c (ne_lock_create): Don't take a path argument. (ne_unlock): Constify lock parameter. (discover_results): Don't parse out href here... (ld_create): do it here instead; renamed from create_private. (lk_startelm): New function. (lk_endelm): Renamed from end_element_lock. (ne_lock): Require a Lock-Token response header; pass lock context to callbacks. Copy lock back out. Mon Mar 25 21:35:42 2002 Joe Orton * ne_session.h (NE_SSL_FAILMASK): New constant. (NE_SSL_*): Shift right one bit. Mon Mar 25 21:21:18 2002 Joe Orton * ne_session.c (ne_close_connection): Return void. Mon Mar 25 20:09:33 2002 Joe Orton * ne_props.c (free_propset): Avoid free(NULL). Mon Mar 11 19:59:04 2002 Joe Orton * ne_locks.c (ne_lock_using_parent): Iterate over the lock list by hand: check for infinite depth locks with cover the parent too (fixing if_covered_child test). Mon Mar 11 19:25:44 2002 Joe Orton * ne_request.c (ne_request_dispatch): Move variable to scope in which is is used. Sun Mar 10 22:04:58 2002 Joe Orton * Makefile.in (NEON_BASEOBJS): Always build ne_compress.o. Sun Mar 10 22:01:54 2002 Joe Orton * ne_compress.c [!NEON_ZLIB] (ne_decompress_reader, ne_decompress_destroy): Add stubs. Sun Mar 10 21:42:11 2002 Joe Orton * ne_locks.c (struct discover_ctx): Store an ne_session pointer. (discover_results): If lock URI is not an absoluteURI, qualify it using the server host/port/scheme from the session. Don't leak the lock object. (create_private): Simplify, use ne_lock_create. Thu Mar 7 20:08:07 2002 Joe Orton * ne_uri.c (ne_uri_defaultport): Fix default port number for https scheme. Wed Mar 6 21:22:23 2002 Joe Orton * ne_locks.c (lk_pre_send): Use an absoluteURI in the If: header. Wed Mar 6 21:15:00 2002 Joe Orton * ne_uri.c (ne_uri_unparse): New function. Tue Mar 5 22:57:00 2002 Joe Orton * ne_uri.c (ne_uri_cmp): Compare hostnames and schemes case-insensitively, and compare empty abspath and "/" as equivalent, as per RFC 2616. Tue Mar 5 20:53:54 2002 Joe Orton * ne_uri.c (ne_uri_defaultport): New function. Mon Mar 4 21:10:29 2002 Joe Orton * ne_uri.h (ne_uri): Renamed from struct uri. * ne_uri.c (ne_path_parent): Renamed from uri_parent. (ne_path_has_trailing_slash): Renamed from uri_has_trailing_slash. (uri_abspath, uri_absolute): Removed. (ne_uri_parse): Renamed from uri_parse, don't take a 'defaults' parameter. (ne_uri_free): Renamed from uri_free. (ne_path_unescape): Renamed from uri_unescape. (ne_path_escape): Renamed from uri_abspath_escape. (ne_uri_cmp): Renamed from uri_cmp. (ne_path_compare): Renamed from uri_compare. (ne_path_childof): Renamed from uri_childof. * ne_basic.c, ne_locks.c, ne_uri.c, ne_redirect.c, ne_session.c, ne_session.h: all callers changed. Mon Mar 4 01:03:23 2002 Joe Orton * ne_request.c (strip_eol): Fix potential segfault. Mon Mar 4 00:38:10 2002 Joe Orton * ne_locks.c (insert_lock): New function. (ne_lockstore_add, submit_lock): use insert_lock. Mon Mar 4 00:33:39 2002 Joe Orton * ne_locks.c (ne_lockstore_remove): Free list item. Mon Mar 4 00:31:08 2002 Joe Orton * ne_locks.c (free_list): Really destroy the lock. (ne_lock_free): Don't free the lock object itself. Mon Mar 4 00:17:18 2002 Joe Orton * ne_request.c (ne_request_destroy): Free accessor hook list. Sun Mar 3 20:35:09 2002 Joe Orton Changes to lock interface; replacing "lock session" with a lock store, which can be registered with an ne_session. Lock objects now store URI as complete URI structure. * ne_locks.h (struct ne_lock): Store URI as complete URI structure. Remove next/prev fields. (ne_lock_store): New type. * ne_locks.c (struct lock_list): New type. (struct ne_lock_store_s): Replaces ne_lock_session_s; store lock_list pointers for stored locks, cursor, and locks to submit. (ne_lock_create): New function. (lk_create): Renamed from create. (lk_pre_send): Renamed from pre_send; adjust for lock list type and to use URI path. (free_list): New function; split out from old 'destroy'. (lk_destroy): Renamed from destroy; use free_list. (ne_lockstore_create, ne_lockstore_destroy, ne_lockstore_first, ne_lockstore_next): New functions. (ne_lockstore_register): Most of old ne_lock_register. (submit_lock): Adjusted for lock_list type. (ne_lockstore_findbyuri): Renamed from ne_lock_find; use full URI structure. (ne_lock_using_resource, ne_lock_using_parent): Adjusted for lock_list/full URI changes. (ne_lock_iterate): Removed function. (ne_lockstore_add, ne_lockstore_remove): Renamed from ne_lock_add, ne_lock_copy; adjusted for lock_list/full URI. (ne_lock_copy): Adjusted for full URI. (ne_lock_create, ne_lock_destroy): New function. (ne_lock, ne_lock_refresh, ne_unlock): Adjusted for full URI. Sun Mar 3 15:23:40 2002 Joe Orton * ne_uri.c (uri_cmp): New function. Sun Mar 3 11:01:30 2002 Joe Orton * ne_session.c (ne_fill_server_uri): New function. Mon Feb 25 21:25:27 2002 Joe Orton * ne_utils.c (version_string): Add zlib version. Mon Feb 25 20:49:07 2002 Joe Orton * (everywhere): Replace use of snprintf, vsnprintf with ne_snprintf, ne_vsnprintf so that trio replacements are used when appropriate. * ne_dates.h: Pick up ne_utils.h for ne_{v,}snprintf defines. Sun Feb 24 11:23:05 2002 Joe Orton * ne_utils.h: Define ne_snprintf, ne_vsnprintf for trio or non-trio builds. Sun Feb 24 11:20:42 2002 Joe Orton * Makefile.in (check-incl): Add target to check that each header file can be included standalone. Sun Feb 24 11:17:54 2002 Joe Orton * ne_xml.h: Add missing sys/types.h include. Sun Feb 24 11:12:22 2002 Joe Orton * ne_utils.h: Remove HTTP_QUOTES, HTTP_WHITESPACE globals. * ne_cookies.c (set_cookie_hdl): Don't use HTTP_QUOTES, HTTP_WHITESPACE globals. Wed Feb 20 19:32:48 2002 Joe Orton * ne_request.c (set_sockerr, ne_set_request_body_fd, send_request): Use ne_set_error rather than accessing session error directly. Tue Feb 19 21:34:59 2002 Joe Orton * ne_utils.c (version_string) [NEON_SOCKS]: Mention SOCKSv5 support. * ne_socket.c (sock_init) [NEON_SOCKS]: Call SOCKSinit. Tue Feb 19 19:21:07 2002 Joe Orton * ne_request.c (open_connection): Remove notify_status call duplicated with ne_negotiate_ssl. Tue Feb 19 19:16:44 2002 Joe Orton * ne_socket.c (sock_get_version): Removed function. Tue Feb 19 19:12:52 2002 Joe Orton * ne_session.c (ne_ssl_provide_ccert): Moved outside ifdef NEON_SSL. [!NEON_SSL] (ne_ssl_load_pem, ne_ssl_load_pkcs12, ne_ssl_keypw_prompt): Added stubs. Sun Feb 17 21:15:34 2002 Joe Orton * ne_session.c (ne_session_create, ne_session_destroy): Only use the SSL context is SSL is being used for the session. Sun Feb 17 20:19:05 2002 Joe Orton Add back client certificate support, much improved. * ne_private.h (struct ne_session_s): Add client cert/key fields, provider, privkey password callbacks. * ne_socket.c (sock_init): Call PKCS12_PBE_add. (sock_enable_ssl_os): Add optional 'appdata' argument. (sock_enable_ssl): Adjust accordingly. * ne_session.c (provide_client_cert, privkey_prompt, ne_ssl_keypw_prompt, ne_ssl_load_pkcs12, ne_ssl_load_pem, ne_ssl_provide_ccert): New functions. (ne_negotiate_ssl): Pass session as appdata to sock_enable_ssl_os. Sun Feb 17 12:32:34 2002 Joe Orton * ne_session.c (make_dname): New function. (check_certificate): Use make_dname. Sun Feb 17 11:29:10 2002 Joe Orton * ne_basic.c (struct get_context): Remove unused 'progress' field, add 'session' field. (get_to_fd, content_range_hdr_handler, clength_hdr_handler): Set session error directly. (clength_hdr_handler): Also fix check for expected range. (everywhere): Initialize session field, don't set session error; use NE_FMT_OFF_T to print off_t's rather than casting to long int. Sat Feb 16 23:24:10 2002 Joe Orton * ne_xml.h (NE_XML_STRIPWS): New element flag. * ne_xml.c (start_element): Clear cdata buffer if not in mixed mode. (char_data): Only strip leading whitespace if NE_XML_STRIPWS is set for the element. Sat Feb 16 14:52:59 2002 Joe Orton * ne_compress.c (enum state): New state NE_Z_AFTER_DATA. (struct ne_decompress_s): Add fields for storing and parsing stream footer; add checksum field for storing current crc. (process_footer): New function. (do_inflate): Compute checksum. Switch to AFTER_DATA state and process footer after reading DEFLATE data. (gz_reader): Fail on trailing content. Handle AFTER_DATA state. (ne_decompress_destroy): Return error if final state was not PASSTHROUGH, or FINISHED. (ne_decompress_reader): Initialize crc. Sat Feb 16 14:26:54 2002 Joe Orton * ne_compress.c (ne_decompress_destroy): Fix potential segfault with use-after-free. Thu Feb 14 16:50:40 2002 Joe Orton * ne_request.c (read_response_headers): Ignore header lines without a ':', rather than failing the request. Tue Feb 12 20:17:49 2002 Joe Orton * ne_request.c (read_response_block): Read chunk size as unsigned using strtoul; check that it fits within an unsigned int (and hence, probably a size_t). Tue Feb 12 20:15:13 2002 Joe Orton * ne_string.h (STRIP_EOL): Removed macro. Mon Feb 11 22:11:03 2002 Joe Orton * ne_session.c (match_hostname): Match fully-qualified hostnames against commonName with leading "*." wildcard. Mon Feb 11 20:47:28 2002 Joe Orton * ne_session.c (match_hostname): New function. (check_certificate): Use it. Sun Feb 10 00:50:49 2002 Joe Orton * ne_request.c (lookup_host): Set error string on lookup failure. Sun Feb 10 00:34:42 2002 Joe Orton * ne_request.c (strip_eol): New function; more efficient STRIP_EOL. (send_request): Use strip_eol. (read_message_header): Use strip_eol, simplify, remove redundant variables. Sat Feb 9 21:02:31 2002 Joe Orton * ne_session.c (ne_set_error): Drop STRIP_EOL call. Sat Feb 9 21:01:01 2002 Joe Orton * ne_session.c (ne_set_error): Take printf-style format string + varargs list. Sat Feb 9 16:15:09 2002 Joe Orton * ne_socket.h (SOCKET_READ_TIMEOUT): Moved to ne_socket.c. * ne_socket.c (struct nsocket_s): Add rdtimeout field. (create_sock): Initialize rdtimeout to SOCKET_READ_TIMEOUT. (sock_read, sock_recv): Use ->rdtimeout field for read timeout. (sock_set_read_timeout): New function. * ne_private.h (struct ne_session_s): Add rdtimeout field. * ne_session.c (ne_set_read_timeout): New function. * ne_request.c (init_socket): New function. (open_connection): Use init_socket. Sat Feb 9 15:11:59 2002 Joe Orton * ne_session.c (ne_session_destroy): Don't leak the server cert. Sat Feb 9 09:59:11 2002 Joe Orton * ne_session.c (check_certificate): Only call verification callback once per certificate; watch for the server cert changing and fail if it does. Wed Feb 6 20:28:27 2002 Joe Orton * ne_session.c (check_certificate): Only call verification callback if failures is non-zero. (ne_ssl_load_ca): Renamed from ne_ssl_add_ca. (ne_ssl_load_default_ca): New function. Wed Feb 6 20:21:29 2002 Joe Orton * ne_socket.c (sock_init): Cache and return result of initialization. Wed Feb 6 01:12:20 2002 Joe Orton * ne_session.c (check_certificate): Ignore cert validity errors from OpenSSL since these are duplicated. Wed Feb 6 01:08:57 2002 Joe Orton * ne_session.c (ne_negotiate_ssl): Fix for invalidating cached SSL_SESSION. Wed Feb 6 01:03:37 2002 Joe Orton * ne_session.c [!NEON_SSL] (STUB): New function. (ne_negotiate_ssl, ne_ssl_add_ca): Implement using STUB. Tue Feb 5 19:56:43 2002 Joe Orton * ne_session.h (ne_ssl_certificate): New type. * ne_session.c (ne_session_create) [NEON_SSL]: Create the SSL_CTX structure. (ne_ssl_get_context): Return the SSL_CTX rather than setting it. (ne_session_destroy): Free the SSL_CTX. (asn1time_to_string): Function moved in from sslcerts.c. (check_certificate): Use OpenSSL's internal validity result. Pass back an ne_ssl_certificate to the verification function; including validity dates. (ne_ssl_add_ca): New function, registers CA certs. Sat Feb 2 14:05:26 2002 Joe Orton * ne_socket.c (sock_enable_ssl_os): Take an optional SSL_SESSION argument. * ne_private.h (struct ne_session_s): Add an SSL_SESSION field. * ne_session.c (ne_negotiate_ssl): Pass stored SSL session to sock_enable_ssl_os, cache session after successful negotiation. (ne_session_destroy): Free cached session. Sat Feb 2 10:45:46 2002 Joe Orton * ne_socket.c, ne_utils.c: Globally replace ENABLE_SSL cpp symbol with NEON_SSL. Sat Feb 2 09:43:27 2002 Joe Orton * ne_session.c (check_certificate): Use 1K on-stack buffer. Sat Feb 2 08:27:08 2002 Joe Orton * ne_private.h (struct host_info): Add 'resolved' flag. (struct ne_session_s): Add scheme field, rename have_proxy to use_proxy, remove proxy_decider. (struct ne_request_s): Remove use_proxy field. * ne_request.c (set_sockerr, ne_set_request_uri, build_request, open_connection): Use session->use_proxy field to determine whether proxy is used. (ne_request_create): Drop use of proxy_decider callback. (lookup_host): Moved here from ne_session.c. (ne_begin_request): Lookup server/proxy hostname if not already resolved. * ne_session.c (ne_session_create): Moved within file; takes scheme, and server hostname, port as arguments. (ne_ssl_enable, ne_session_decide_proxy, ne_session_server): Removed functions. (ne_get_scheme): Simply return scheme field. Fri Feb 1 23:12:38 2002 Joe Orton * ne_request.c (add_fixed_headers): Remove last traces of TLS upgrade support. Thu Jan 31 20:50:12 2002 Joe Orton * ne_private.h (struct ne_session_s): Rename use_secure to use_ssl; removed nssl_context, added SSL_CTX, server cert, verify callback pointers. * ne_request.c (send_request): Remove support for TLS upgrade. (open_connection): Use ne_negotiate_ssl; close socket properly if negotiation fails. * ne_session.c (ne_session_destroy): Free SSL_CTX stored in session. (ne_ssl_set_context, ne_ssl_set_verify, verify_err, getx509field, check_context, ne_negotiate_ssl, ne_ssl_server_cert): New functions. (ne_set_secure_context, ne_set_request_secure_upgrade, ne_set_accept_secure_upgrade): Removed functions. (ne_ssl_enable): Renamed from ne_set_secure. * ne_socket.c (struct nssl_context_s): Removed type. (sock_create_ssl_context, sock_destroy_ssl_context, sock_disable_*, key_prompt_cb, sock_set_key_prompt, sock_set_client_cert): Removed functions. (sock_enable_ssl_os): Renamed from sock_make_secure; take an SSL_CTX pointer, and optionally pass out the SSL structure. (sock_enable_ssl): New function. Wed Jan 30 19:47:42 2002 Joe Orton * ne_string.c (ne_buffer_concat, ne_buffer_zappend, ne_buffer_append, ne_buffer_grow): Don't return success value, presume universe ends at OOM. Sat Jan 26 10:57:42 2002 Joe Orton * ne_compress.c: Renamed enum state constants to have prefix NE_Z_, to avoid conflict with Windows headers (Branko ibej). Mon Jan 14 20:26:31 2002 Joe Orton * ne_string.c (ne_concat): Removed function - it didn't work, and it wasn't used. Mon Jan 14 02:09:38 2002 Joe Orton * ne_basic.c (ne_content_type_handler): Parse charset parameter. Sun Jan 13 14:29:00 2002 Joe Orton * ne_basic.c (ne_content_type_handler): Remove trailing '/' from parsed type, fix search for parms separator (Greg Stein). Sun Jan 13 12:07:51 2002 Joe Orton * ne_207.c (ne_simple_request): Drop unused Content-Type handling. Thu Jan 10 00:39:17 2002 Joe Orton * ne_request.c (hdr_hash): Mark as inline. Tue Jan 8 22:03:42 2002 Joe Orton * ne_locks.c (add_timeout_header): New function. (ne_lock, ne_lock_refresh): Send a Timeout header if lock->timeout is set. Mon Jan 7 21:48:38 2002 Joe Orton * ne_locks.c (parse_timeout): Fix parsing lock timeout (Arun Garg). Mon Dec 17 22:46:36 2001 Joe Orton * ne_private.h (struct ne_session_s): Make expect100_works a plain integer (rather than a bitfield). Sun Dec 9 14:04:27 2001 Joe Orton * ne_string.c (ne_buffer_grow, ne_buffer_create_sized): Don't zero-fill new memory. (ne_buffer_concat): Zero terminate the string as _grow doesn't do it. Sun Dec 9 13:31:55 2001 Joe Orton * ne_string.c (ne_buffer_zappend): Minor optimisation; implement using ne_buffer_append. Sun Dec 9 13:18:35 2001 Joe Orton * ne_string.c (ne_buffer_concat): Optimise to use time O(n) [n == total string length). Sun Dec 9 11:57:56 2001 Joe Orton * Makefile.in (NEON_DAVOBJS): Remove ne_acl.o. Sat Dec 8 01:11:30 2001 Joe Orton * ne_request.c (ne_pull_request_body): Use NE_FMT_SIZE_T in debugging message; cast size_t to int to avoid GCC warning for field size parameter. (set_body_size): Use NE_FMT_SIZE_T. * ne_xml.c (ne_xml_parse): Similarly. Mon Dec 3 19:56:07 2001 Joe Orton * ne_session.c (ne_session_destroy): Return void. Sat Dec 1 18:37:43 2001 Joe Orton * ne_auth.c (ah_create): Reset attempt counter here... (ah_post_send): ...rather than here. Tue Nov 27 21:26:01 2001 Joe Orton * ne_request.c (send_with_progress): Actually call the callback; fix for correct sock_fullwrite return codes. Tue Nov 27 20:20:40 2001 Joe Orton * ne_private.h (VERSION_PRE11): Define macro; as ne_version_pre_http11. * ne_session.c (ne_version_pre_http11): Use VERSION_PRE11. * ne_request.c (add_fixed_headers, build_request, ne_end_request): Use VERSION_PRE11. Sun Nov 18 19:32:56 2001 Joe Orton * ne_locks.c (discover_results): Check status is 2xx before invoking callback; pass NULL lock and non-NULL status pointer in failure cases. (create_private): Initialize lock to some "value unspecified" defaults. Sun Nov 18 19:25:10 2001 Joe Orton * ne_auth.c (auth_session): Rename 'tries' field to 'attempt'. (get_credentials, ah_pre_send, ah_post_send): Increment attempt counter only when requesting credentials; reset it to zero when no auth failure is signaled. Sun Nov 18 15:49:00 2001 Joe Orton * ne_auth.h (ne_request_auth): Pass username and password as buffers of size NE_ABUFSIZ to callback. Add 'attempt' argument. * ne_auth.c (auth_session): Store username in buffer. (get_credentials, basic_challenge, digest_challenge): Updated for callback prototype changes. (ah_post_send): Request credentials, and retry authentication until callback returns non-zero. Mon Nov 12 20:57:56 2001 Joe Orton * ne_basic.c (get_to_fd): Really cope with short writes (thanks to rado ). Sun Nov 4 15:09:03 2001 Joe Orton * ne_props.h: Define NE_ELM_PROPS_UNUSED for picking element ids for use with the propfind XML parser. Sat Nov 3 19:06:04 2001 Joe Orton * ne_props.c (NSPACE): New macro. (set_body, pnamecmp, startelm, free_propset): Handle property having NULL nspace element in propfind code. Sun Oct 28 22:04:49 2001 Joe Orton * ne_xml.c (parse_element): Prevent false matches of found prefix "abcde" against stored prefix "abcdeFGH". Compare case-sensitively. Fri Oct 26 20:28:03 2001 Joe Orton * ne_request.c (send_request): Fix case where persistent connection times out, and improve error handling. Thu Oct 25 20:42:24 2001 Joe Orton * ne_props.c (ne_proppatch): Really handle properties with a NULL namespace correctly; use the "D:" prefix for elements in the "DAV:" namespace; allow properties to have no namespace. Tue Oct 16 08:54:46 2001 Joe Orton * ne_xml.c (parse_element): Fail the parse if a namespace prefix definition is given with an empty value. Tue Oct 16 08:52:40 2001 Joe Orton * ne_props.h, ne_207.h: Move ne_propname definition into ne_props.h. Tue Oct 16 08:49:42 2001 Joe Orton * ne_props.c (ne_proppatch): Handle properties with a NULL nspace field correctly. Sun Oct 7 19:31:06 2001 Joe Orton * ne_acl.c (ne_acl_set) [USE_DAV_LOCKS]: Notify use of resource to locking code. Sun Oct 7 17:45:01 2001 Joe Orton * ne_acl.c, ne_acl.h: New files, contributed by Arun Garg . * Makefile.in: Add ne_acl.* to build. Sun Oct 7 16:10:05 2001 Joe Orton * ne_private (struct ne_session_s): Add 'reqcount' field. * ne_request.c (send_request): Refactor slightly; don't loop, but return NE_RETRY when appropriate. Increment reqcount. (ne_begin_request): Loop if send_request returns NE_RETRY. (open_connection): Reset reqcount field. Tue Oct 2 21:11:39 2001 Joe Orton * ne_dates.c (GMTOFF): New macro. (ne_iso8601_parse, ne_rfc1123_parse, ne_rfc1036_parse, ne_asctime_parse): Use new macro, fix up date handling on some platforms. Sat Sep 29 14:20:47 2001 Joe Orton * ne_compress.c (gz_reader): Fix tests 4 and 7: don't try to inflate after reading header if no bytes are left in the buffer. Sat Sep 29 14:04:11 2001 Joe Orton * ne_compress.c: Fix API; return an opaque object which must be destroyed later. (ne_decompress_reader): Renamed from ne_gzip_response_body_reader. Doesn't need the session object passed in any more. (ne_decompress_destroy): Merge of co_destroy, co_post_end. Sat Sep 29 13:50:43 2001 Joe Orton * ne_request.c (ne_get_session): New function. Sat Sep 29 12:52:31 2001 Joe Orton * ne_compress.c (parse_header): Bail if flags are set to something unexpected. Sat Sep 29 11:15:30 2001 Joe Orton * ne_compress.c, ne_compress.h: New files. * Makefile.in: Add deps for ne_compress. Thu Sep 27 09:05:24 2001 Joe Orton * ne_redirect.c: Adapted for new hooks interface. * ne_cookies.c: Adapted for new hooks interface. (ne_cookie_register): New function. Thu Sep 27 09:01:03 2001 Joe Orton * ne_auth.c, ne_locks.c: Adapted for new hooks interface. Store pointer to per-request object in the per-session object. Thu Sep 27 08:48:16 2001 Joe Orton Re-write hooks interface to register callbacks individually rather than as a block. Inspired by the Apache 2.0/APR hooks interface. * ne_private.h (struct hook): Store a callback, userdata, id. (struct hook_request): Removed. (struct ne_session_s): Store hooks lists for create_req, pre_send, post_send, destroy_req, destroy_sess, accessor. (struct ne_request_s): Store accessor hooks list. * ne_request.c (ne_add_hooks): Removed. (ne_hook_create_request, ne_hook_pre_send, ne_hook_post_send, ne_hook_destroy_request, ne_hook_destroy_session, ne_hook_session_accessor, ne_hook_request_accessor, ne_null_accessor, call_access, add_hook): New functions. (ne_request_create, ne_request_destroy, build_request, ne_end_request): Adapt for new interface. * ne_session.c (destroy_hooks): New function. (ne_session_destroy): Use it to destroy hooks lists appropriately. Tue Sep 25 07:46:32 2001 Joe Orton * ne_xml.c: Only decode UTF-8 for parsers other than libxml 1.x. Tue Sep 25 07:33:09 2001 Mo DeJong * src/ne_socket.c: Include instead of . (sock_init): Only use signal() to ignore SIGPIPE if both HAVE_SIGNAL and HAVE_SIGPIPE are defined. Tue Sep 25 07:09:53 2001 Mo DeJong * ne_socket.c (sock_init): Declare local variables before invoking any instructions since that is not valid C code. Sun Sep 23 10:30:54 2001 Joe Orton * ne_auth.c (struct auth_challenge): Make members const. (clean_session): Free the realm string. (basic_challenge, digest_challenge): strdup the realm string. (request_digest): opaque is no longer stored quoted. (tokenize): New function. (verify_response, auth_challenge): Rejig to use tokenize(). Sat Sep 22 20:17:00 2001 Joe Orton * ne_string.c (ne_shave): Fix possible memory corruption when result should be the empty string. Thu Sep 20 21:27:57 2001 Joe Orton * ne_request.c (ne_pull_request_body): Add debugging dump of body blocks. Thu Sep 20 21:23:43 2001 Joe Orton * ne_private.h: Remove obsolete 'if_locks' member from struct ne_request_s. Tue Sep 18 23:35:30 2001 Joe Orton * ne_basic.c (ne_get_range): Handle write errors too. Tue Sep 18 22:14:49 2001 Joe Orton * ne_xml.h (ne_xml_validate_cb): Take userdata parameter. * ne_xml.c (find_handler): Pass validate callback the handler's userdata. * ne_207.c, ne_props.c, ne_locks.c: All users changed. Tue Sep 18 21:49:14 2001 Joe Orton * ne_locks.c (ne_lock_refresh): New function. Tue Sep 18 21:17:29 2001 Joe Orton * ne_basic.c (copy_or_move): Take a depth parameter, add depth header, for COPY requests. (ne_copy): Take depth parameter, pass through. (ne_move): Adjusted accordingly. Mon Sep 17 23:29:58 2001 Joe Orton * ne_utils.c (ne_debug_init): Set debug stream to be unbuffered if setvbuf() is available. Mon Aug 27 00:36:37 2001 Joe Orton * ne_207.c (start_element, end_element): Remember when context is valid for a , and only invoke callback then. Sun Aug 26 22:30:39 2001 Joe Orton * ne_basic.c (ne_get_range): Better error handling. Cope with Apache's 416 problem. Sun Aug 26 18:58:47 2001 Joe Orton * ne_auth.c: Store unquoted challenge parameters in session object, prevent having to unquote/free them >1 times. Sun Aug 26 18:57:51 2001 Joe Orton * ne_socket.c (sock_init): Do nothing on any calls after first. Sun Aug 26 12:45:04 2001 Joe Orton * ne_basic.c (server_hdr_handler): Remove function. (ne_options): Don't add server_hdr_handler. Tue Jul 17 11:25:06 2001 Joe Orton * ne_socket.c (sock_init): Set signal dispostion for SIGPIPE to ignore. Sat Jun 30 12:11:44 2001 Joe Orton * ne_utils.c (ne_supports_ssl): New function. Tue Jun 19 21:57:49 2001 Joe Orton * ne_dates.c (ne_iso8601_parse): Fix month off-by-one bug, use separate vars for offsets. (ne_rfc1036_parse): Fix Y2K bug, parsing problem. Tue Jun 19 21:57:42 2001 Joe Orton * ne_dates.c (ne_iso8601_parse): New function. Sun Jun 10 15:39:40 2001 Joe Orton * ne_request.c (send_with_progress): New function. (send_request_body): Use send_with_progress to trigger progress callbacks if necessary. Sat Jun 9 15:42:33 2001 Joe Orton * ne_string.h: Bring back NE_ASC2HEX/HEX2ASC. * ne_md5.c: Use them. Sat Jun 9 15:42:08 2001 Joe Orton * ne_xml.h: Include ne_defs.h. Fri Jun 8 23:02:49 2001 Joe Orton * ne_socket.h, ne_socket.c: Update for includes (Mo DeJong). Fri Jun 8 21:34:00 2001 Joe Orton * ne_basic.c (dav_hdr_handler): Use ne_token. Sat Jun 2 14:37:07 2001 Joe Orton * ne_private.h: Renamed from http_private.h. Sat Jun 2 14:35:23 2001 Joe Orton * ne_auth.c, ne_auth.h: Renamed from http_auth.c, ne_auth.h. Sat Jun 2 14:35:02 2001 Joe Orton * ne_cookies.c, ne_cookies.h: Renamed from http_cookies.c, http_cookies.h. Sat Jun 2 14:34:51 2001 Joe Orton * ne_dates.c, ne_dates.h: Renamed from dates.c, dates.h Sat Jun 2 14:22:49 2001 Joe Orton * ne_redirect.c, ne_redirect.h: Renamed from http_redirect.c, http_redirec.h. Big rename... s/http_/ne_g/ Sat Jun 2 12:54:51 2001 Joe Orton * ne_md5.c (md5_process_block): Fix for word alignment issue on Sparc from Kai Sommerfeld. Wed May 30 23:15:31 2001 Joe Orton * ne_basic.c (ne_put, ne_get, ne_put_if_unmodified, ne_get_range, ne_post): Take an integer fd rather than FILE * stream. (get_to_fd): Write to fd rather than stream. Wed May 30 23:08:55 2001 Joe Orton * ne_i18n.h, ne_i18n.c: Renamed from neon_i18n.h, neon_i18n.c. * *.c: All changed accordingly. Wed May 30 23:02:47 2001 Joe Orton * ne_defs.h: Renamed from neon_defs.h. * *.h: All changed accordingly. Wed May 30 22:58:57 2001 Joe Orton * ne_md5.c, ne_md5.h: Renamed from md5.c, neon_md5.h Wed May 30 22:55:19 2001 Joe Orton * ne_utils.h: In-line ne_debug for GCC which can cope with varargs preprocessor macros. Wed May 30 00:43:05 2001 Joe Orton * http_auth.c (ah_use_body): Removed function. (digest_body): New function. (request_digest): Use ne_pull_request_body to find the MD5 digest of the request body, when necessary. Wed May 30 00:30:52 2001 Joe Orton * http_redirect.c: Store Request-URI, session pointer, and method string in redirect object. Avoid looking inside ne_request/ne_session internals. Wed May 30 00:04:30 2001 Joe Orton * ne_request.c: Re-implement request body handling in terms of a callback which provides the request body blocks on demand. Remove 'use_body' hook, in favour of the hooks calling ne_pull_request_body when necessary. (ne_pull_request_body, body_fd_send, body_string_send): New functions. (send_request_body): Re-implemented using ne_pull_request_body. (run_set_body_hooks): Removed function. (ne_set_request_body_fd): Replacement for ne_set_request_body_stream, using a raw fd rather than a FILE *. Tue May 29 22:39:39 2001 Joe Orton * dav_basic.h, dav_basic.h: Removed. Tue May 29 22:38:54 2001 Joe Orton * ne_207.c (ne_simple_request, etc): Copied in from dav_basic.c. Tue May 29 22:12:23 2001 Joe Orton * ne_locks.c, ne_locks.h, ne_props.c, ne_props.h, ne_207.c, ne_207.h: Big rename. dav_* -> ne_*, and so on. Tue May 29 22:06:24 2001 Joe Orton * ne_basic.c (ne_add_depth_header): Moved from dav_basic.c. Tue May 29 21:55:30 2001 Joe Orton * ne_props.c, ne_props.h: Renamed from dav_props.c, dav_props.h. Tue May 29 21:43:15 2001 Joe Orton * ne_207.c, ne_207.h: Renamed from dav_207.c, dav_207.h. Tue May 29 21:22:25 2001 Joe Orton * ne_locks.c, ne_locks.h: Renamed from dav_locks.c, dav_locks.h. Tue May 29 21:21:44 2001 Joe Orton * ne_socket.c (sock_fullwrite): Cast return value of SSL_write to size_t to prevent comparison of signed with unsigned. Tue May 29 21:05:27 2001 Joe Orton * ne_basic.c [!NEON_NODAV]: Move ne_copy, ne_mkcol, ne_move, ne_delete in here. Tue May 29 20:12:50 2001 Joe Orton * ne_uri.c, ne_uri.h: Renamed from uri.c, uri.h. Tue May 29 19:17:09 2001 Joe Orton * ne_socket.c, ne_socket.h: Renamed from socket.c, nsocket.h. Tue May 29 18:58:51 2001 Joe Orton * ne_basic.c (ne_mkcol, ne_copy, ne_move, ne_delete): Renamed from dav_*. Tue May 29 17:58:09 2001 Joe Orton * ne_basic.c (copy_or_move, dav_copy, dav_move, dav_delete, dav_mkcol): Copied in from dav_basic.c. Tue May 29 17:55:33 2001 Joe Orton * ne_basic.c, ne_basic.h: Renamed from http_basic.c, http_basic.h. Tue May 29 17:47:50 2001 Joe Orton * http_auth.c (ah_create, ah_pre_send): Add the response body handler in pre_send, and only if qop=auth-int. Wed May 16 20:54:51 2001 Joe Orton * ne_request.c (ne_get_request_headers): Removed function. Sat May 12 18:48:46 2001 Joe Orton * ne_request.c (read_message_header, read_response_headers): Use a fixed-size char * buffer argument rather than an ne_buffer. Append directly to it when header-folding. Mon May 7 10:42:38 2001 Joe Orton * ne_string.c (ne_token): Use an optimized search (strchr) if quotes is NULL. Mon May 7 01:33:48 2001 Joe Orton * http_auth.c (basic_challenge, get_cnonce): Updated for ne_base64 change. Mon May 7 01:32:22 2001 Joe Orton * base64.c (ne_base64): Take length parameter. [BASE64_TEST] (main): Remove function, obsoleted by test code. Wed May 2 12:06:59 2001 Joe Orton * ne_string.c, ne_string.h (ne_token, ne_shave): New functions, destined to replace split_string, shave_string, etc. * ne_string.c [SPLIT_STRING_TEST, PAIR_STRING_TEST] (main): Remove tests, functions are obsolete. Tue May 1 22:14:14 2001 Joe Orton * dates.c (ne_httpdate_parse): Moved from ne_utils.c. Tue May 1 21:55:45 2001 Joe Orton * ne_utils.c, ne_utils.h: Renamed from http_utils.c, http_utils.h. Big rename. http_* -> ne_*. neon_* -> ne_*. DEBUG() -> NE_DEBUG(). DEBUG_* -> NE_DBG_*. Tue May 1 21:35:10 2001 Joe Orton * ne_request.c: Updated for ne_buffer changes. Tue May 1 21:28:58 2001 Joe Orton * ne_string.h (ne_buffer_size): Implement as macro. * ne_string.c (ne_buffer_size): Remove function. Tue May 1 21:23:47 2001 Joe Orton * ne_string.c, ne_string.h: Make ne_buffer a transparent type, and no longer be an implicit pointer type. (ne_buffer_*): All changed. (ne_buffer_data, NE_BUFFER_CAST): Removed. Tue May 1 21:17:40 2001 Joe Orton * ne_string.c, ne_string.h: Renamed sbuffer -> ne_buffer. Implicit pointer removed ne_buffer type. Tue May 1 21:12:15 2001 Joe Orton * ne_string.c, ne_string.h: Renamed from string_utils.c, string_utils.h (CVS copy'n'delete). Tue May 1 20:49:46 2001 Joe Orton * md5.c (ASC2HEX, HEX2ASC): Moved here from string_utils.h. * string_utils.h: As above. Tue May 1 20:47:20 2001 Joe Orton * http_request.c, http_request.h: Removed files. * ne_request.c, ne_request.h: Copied from old http_request.[ch]. Renamed http_* -> ne_*. Tue May 1 20:43:11 2001 Joe Orton * hip_xml.c renamed to ne_xml.c, hip_xml.h renamed to ne_xml.h: CVS repository copy'n'delete. Tue May 1 20:41:03 2001 Joe Orton * hip_xml.c, hip_xml.h: Big rename. hip_xml_* -> ne_xml_*. Tue May 1 20:37:13 2001 Joe Orton * http_basic.c, http_basic.h: Big rename. http_* -> ne_*. Tue May 1 19:59:01 2001 Joe Orton * ne_session.c: Renamed http_* to ne_*. Tue May 1 19:55:47 2001 Joe Orton * ne_alloc.h (NE_FREE): Renamed from HTTP_FREE() in http_utils.h Tue May 1 19:54:42 2001 Joe Orton * socket.c (sock_make_secure): Set SSL_MODE_AUTO_RETRY when available. Mon Apr 30 00:36:34 2001 Joe Orton * ne_session.[ch]: New files, split down from http_request.[ch]. Sun Apr 29 15:02:23 2001 Joe Orton * uri.c [URITEST] (main): Remove, obsoleted by new test suite. Sun Apr 29 15:01:30 2001 Joe Orton * uri.c (uri_has_trailing_slash): Return false if uri is "". Sun Apr 29 13:53:41 2001 Joe Orton * dates.c (ne_asctime_parse, ne_rfc1123_date, ne_rfc1036_parse): Set tm_isdst to -1 in struct tm. Sun Apr 29 13:28:26 2001 Joe Orton * http_utils.c (http_parse_statusline): Skip leading whitespace. (Johan Lindh). (http_parse_statusline): Ensure status-code is not more than three digits. Sun Apr 29 13:26:47 2001 Joe Orton * http_request.c (build_request): Don't add "Content-Length: 0" header if no body: Squid 2.3-STABLE1 doesn't like this. Sun Apr 29 13:25:16 2001 Joe Orton * http_auth.c (everywhere): Renamed md5_* -> ne_md5_*. Sun Apr 29 13:24:12 2001 Joe Orton * md5.c: Renamed md5_* -> ne_md5_*. (ne_ascii_to_md5, ne_md5_to_ascii): Moved from string_utils.c. Thu Apr 26 22:39:05 2001 Joe Orton * uri.c (uri_parse): A zero-length URI is invalid. Wed Apr 25 23:11:51 2001 Joe Orton * dav_props.c (startelm): Check for xml:lang attribute and store as prop->lang. (dav_propset_lang): New function. (free_propset): Free lang. Wed Apr 25 23:08:52 2001 Joe Orton * hip_xml.c (hip_xml_get_attr): New function. Sun Apr 22 21:48:06 2001 Joe Orton * uri.c (uri_parse): Skip a userinfo@ segment if present (Johan Lindh ). Wed Apr 18 13:29:46 2001 Joe Orton * dav_locks.c (dav_lock_copy): Allow owner to be NULL. Tue Apr 17 22:57:50 2001 Joe Orton * ne_alloc.h, dav_locks.h: Add C++ inclusion safety. Tue Apr 17 22:56:50 2001 Joe Orton * uri.c (uri_parse): Correctly handle URIs with no scheme or hostport segments (i.e. just a path). Tue Apr 10 00:29:25 2001 Joe Orton * socket.c [HAVE_SOCKS_H]: Include socks.h for SOCKSv5 support. Wed Apr 4 21:41:47 2001 Joe Orton * http_utils.h [WIN32]: Define ssize_t (Kai). Tue Apr 3 21:03:28 2001 Joe Orton * dav_locks.c (dav_lock_discover): Cope with below API change. Tue Apr 3 20:43:50 2001 Joe Orton * dav_props.c (propfind): Register the flat element handler here, to pick up *any* properties and store them as 'flat' if they are not handled by a handler further down the stack. (make_elms, free_elms, dav_propfind_set_flat, dav_propfind_set_complex): Removed functions. (dav_propfind_named): Take the list of property names, and call set_body here. (dav_propfind_set_private): New function. Tue Apr 3 09:33:09 2001 Joe Orton * http_auth.h: Added C++ inclusion safety. (Kai Sommerfeld) Mon Apr 2 02:39:18 2001 Joe Orton * hip_xml.c (sax_error): Add parse error callback for libxml. Mon Apr 2 02:23:06 2001 Joe Orton * http_redirect.c (post_send): Clean up and fix logic. Only check for confirmation for same-server redirects. Mon Apr 2 02:13:48 2001 Joe Orton * http_redirect.c (http_redirect_location): New function. (destroy): Removed function. (create): Free location. (post_send): Only call notify callback for followed redirects. Mon Apr 2 01:55:27 2001 Joe Orton * http_request.c (http_set_request_uri): Allow using the '*' URI even when using a proxy server. Mon Apr 2 01:32:06 2001 Joe Orton * http_redirect.c (post_send): Give up on trying to follow a redirect to another server. Return HTTP_REDIRECT on such a redirect. * http_redirect.c (post_send): Fix leaks of URI object (Kai Sommerfeld). Mon Apr 2 01:08:33 2001 Joe Orton * http_request.c (read_response_headers): Don't read more than 100 response headers. Mon Apr 2 00:54:43 2001 Joe Orton * http_request.c (http_request_dispatch): Remove mapping of auth status codes to return values, the hook does it now. Mon Apr 2 00:53:20 2001 Joe Orton * http_request.c (http_set_request_uri): New function, split out from http_request_create. (http_request_create): Use it. Mon Apr 2 00:51:23 2001 Joe Orton * http_auth.c (http_set_proxy_auth, http_set_server_auth): Add failure codes. (ah_post_send): Return failure code if authentication fails. Mon Apr 2 00:19:17 2001 Joe Orton * http_utils.c: Pick up xmlversion.h from libxml2. (neon_version_string): Include libxml2 version string if defined. Sun Apr 1 21:40:00 2001 Joe Orton * http_basic.c (http_get_range): Fix total length calculation. (Johan Lindh ). (clength_hdr_handler): Use range->total. Sun Apr 1 21:26:09 2001 Joe Orton * hip_xml.c: Add expat2 support (Sam TH ). Sun Apr 1 21:07:19 2001 Joe Orton * string_utils.h (CONCAT2, CONCAT3, CONCAT4): Use ne_malloc. Sun Apr 1 20:59:09 2001 Joe Orton * dav_props.c (propfind, dav_proppatch): As below. Sun Apr 1 20:32:29 2001 Joe Orton * http_basic.c (http_post): Changed as per http_set_request_body_buffer change. * dav_locks.c (dav_lock): Likewise. Sun Apr 1 20:31:06 2001 Joe Orton * http_request.c (http_set_request_body_buffer): Pass in size parameter too. (send_request_body): Use sized rather than NUL-terminated buffer. Sun Apr 1 20:12:51 2001 Joe Orton * http_private.h: Added 'body_callback' request body type, and body_cb, body_ud fields to http_req. * http_request.c (http_set_request_body_provider): New function. (set_body_size): New function, factored out from old http_set_request_body_*. (http_set_request_body_stream, http_set_request_body_buffer): Use it. Sun Apr 1 19:56:17 2001 Joe Orton * dav_props.c: Replaced 'uri' and 'depth' fields in propfind handler object with an 'http_req' pointer. (dav_propfind_create): Create the request object here, and set the depth header. (propfind): Changed accordingly. (dav_propfind_destroy): Destroy request object too. * dav_props.c (dav_propfind_get_request): New function. Fri Mar 30 16:50:51 2001 Joe Orton * hip_xml.c (start_element): Quote attributes in collect (Kai Sommerfeld). Fri Mar 30 16:36:08 2001 Joe Orton * http_basic.c (http_put_if_unmodified): Changed as below. Thu Mar 22 14:05:52 2001 Joe Orton * http_utils.c (http_dateparse): Changed as below. * http_auth.c (get_conce, basic_challenge): Likewise. Thu Mar 22 14:04:54 2001 Joe Orton * dates.c (ne_rfc1123_date, ne_rfc1123_date, ne_asctime_parse, ne_rfc1036_parse): Added ne_ prefix. Thu Mar 22 14:03:12 2001 Joe Orton * base64.c (ne_base64): Renamed from base64. Tue Mar 20 20:34:44 2001 Joe Orton * dav_props.c (make_elms): Don't request UTF-8 decoding of property values. Tue Mar 20 20:33:39 2001 Joe Orton * string_utils.c (ne_utf8_decode): New function. Mon Mar 19 22:08:45 2001 Joe Orton * http_basic.c (get_callback): Removed function. (http_get, http_read_file, http_post): Use callbacks directly rather than indirectly through get_callback. Mon Mar 19 21:55:19 2001 Joe Orton * http_request.c (notify_status, http_set_status, http_set_progress): New functions: request status and progress callbacks. (open_connection, lookup_host): Use notify_status to trigger status callbacks, and register socket progress callbacks. Mon Mar 19 21:53:07 2001 Joe Orton * socket.c (sock_register_notify): Removed function. (sock_connect_u): Renamed to sock_connect. (sock_register_progress): Per-socket progress callbacks rather than global ones. (sock_call_progress): Take socket argument. (all callers changed). Mon Mar 19 21:52:50 2001 Joe Orton * socket.c (sock_get_version): New function. Mon Mar 19 13:59:21 2001 Joe Orton * dav_props.c (propfind): Destroy the handler. Mon Mar 19 13:36:55 2001 Joe Orton * dav_props.c (dav_propnames): New function. Wed Mar 14 22:42:12 2001 Joe Orton * http_request.h (http_begin_request, http_end_request, http_read_response_block): New functions. (http_request_dispatch): Reimplemented using new caller-pulls interface. Wed Mar 14 22:20:38 2001 Joe Orton * http_auth.c (ah_post_send): If authentication fails (i.e. bad credentials), clean the session details. Wed Mar 14 20:46:55 2001 Joe Orton * http_auth.c: Retry the request simply if it has not been tried before with authentication details, otherwise, fail on 40[17]. Wed Mar 14 20:12:52 2001 Joe Orton * http_request.c (open_connection): Make sure to close the connection, and return HTTP_CONNECT if the SSL negotiation fails. Tue Mar 6 18:37:43 2001 Joe Orton * ne_alloc.c (ne_strndup): Allocate n+1 bytes not 'n' (Kai Sommerfeld). Mon Mar 5 01:05:31 2001 Joe Orton * http_request.c: Moved local sbuffer variables of http_request_dispatch into http_req members 'reqbuf' and 'respbuf'. (build_request): Return a const char * of the request. (send_request): Call build_request directly, use req->respbuf. (http_request_dispatch): Don't call build_request. Removed 'goto' exception handling (hoorah). (http_request_create, http_request_destroy): Create and destroy reqbuf and respbuf here. Mon Mar 5 00:43:40 2001 Joe Orton * http_request.c (http_set_request_body_stream): Set req->body_size and Content-Length header here: return success value. (http_set_request_body_buffer): Likewise (but no return value). (get_request_bodysize): Removed function. (build_request): Add Content-Length: 0 header if no request body. Mon Mar 5 00:27:24 2001 Joe Orton * http_auth.c (http_forget_auth): New function. Mon Mar 5 00:25:15 2001 Joe Orton * http_request.c (http_request_hook_private): Renamed from http_get_hook_private. (http_session_hook_private): New function. * dav_locks.c (dav_lock_using_resource, dav_lock_using_parent): Renamed simiarly. Sun Mar 4 23:12:12 2001 Joe Orton * http_auth.c: Moved per-request state into struct auth_request. (request_digest): Take struct auth_request argument. (free_auth): New function. (http_add_hooks): Pass free_auth as cleanup function for auth session. Sun Mar 4 23:08:46 2001 Joe Orton * http_redirect.c (auto_redirect): Auto-redirect OPTIONS requests. (free_redirect): New function. (http_redirect_register): Pass cleanup function. Sun Mar 4 23:07:01 2001 Joe Orton * dav_locks.c (dav_lock_unregister): Removed function. (free_locks): New function. (dav_lock_register): Pass free_locks as cleanup function for hooks. Sun Mar 4 22:54:57 2001 Joe Orton * http_request.h (http_add_hooks): Added fourth argument to register a cleanup function for the cookie. Sun Mar 4 19:53:03 2001 Joe Orton * http_auth.c (request_digest): Use an sbuffer to create the header value. Sun Mar 4 19:44:18 2001 Joe Orton * http_auth.c: Remove namespace protection for private functions. s/http_auth/auth/g. Sun Mar 4 19:39:13 2001 Joe Orton * http_auth.c (ah_pre_send): Increase attempt counter here, ... (ah_post_send): instead of here. Sun Mar 4 18:40:03 2001 Joe Orton * http_request.c (http_request_dispatch): Simplify post_send hook invocation: run them until one doesn't return HTTP_OK. Don't run pre_send hooks here. Loop while a hook returns HTTP_RETRY. (build_request): Run pre_send hooks here. * http_request.c (read_response_body): Call normalize_response_length here. Sun Mar 4 18:12:26 2001 Joe Orton Re-implemented HTTP authentication using generic hooks interface. * http_auth.c: Added http_auth.h. (http_auth_init, http_auth_set_creds_cb, http_auth_new_request, http_auth_request_header): Removed functions, merged into new hooks code. (ah_create, ah_post_send, ah_pre_send, ah_use_body, ah_destroy): New functions. (auth_body_reader, http_set_server_auth, http_set_proxy_auth): Moved over from http_request.c and redone for hooks interface. * http_request.c (http_set_server_auth, http_set_proxy_auth, give_creds, auth_body_reader): Moved to http_auth.c. (http_accept_always): Renamed from always_accept_response and made public. (http_request_create, build_request, http_request_dispatch): Removed authentication code. Tue Feb 27 19:49:42 2001 Joe Orton * dav_props.c (set_body): Remove UTF-8 encoding again. Mon Feb 26 22:38:41 2001 Joe Orton Patch from Kai Sommerfeld to remove URI escaping from inside neon. * dav_207.c (end_element): Don't unescape href elements. * http_request.c (http_request_create): Don't escape Request-URI. * dav_basic.c (copy_or_move): Don't escape destination URI. Mon Feb 26 21:44:56 2001 Joe Orton * dav_props.c (set_body): UTF-8 encode the property name and value. (make_elms): Request UTF-8 decoding of property values. Mon Feb 26 21:40:14 2001 Joe Orton * hip_xml.c: Do perform UTF-8 decoding when using libxml. (char_data): Fix UTF-8 decoding bug where the byte after a multi-byte encoded sequence would be skipped. Sun Feb 25 20:04:05 2001 Joe Orton * string_utils.c (ne_utf8_encode): New function. Sun Feb 25 19:52:01 2001 Joe Orton * ne_alloc.c (ne_realloc): New function. Sun Feb 25 17:00:32 2001 Joe Orton * Makefile.in (all): Rename NEON_IS_BUNDLED to NEON_BUILD_BUNDLED. Sun Feb 25 16:52:43 2001 Joe Orton * Makefile.in (all): Build according to NEON_IS_BUNDLED. Fri Feb 23 23:38:10 2001 Joe Orton * Makefile.in: Fix deps: neon_config.h has gone. Fri Feb 23 22:57:47 2001 Joe Orton * dav_props.c (dav_simple_propfind): Support a NULL 'props' argument to do an allprop request, as per the advertising literature. Register a catch-all handler in this case. Fri Feb 23 22:16:42 2001 Joe Orton * http_request.c (http_session_destroy): Free up hooks list. Thu Feb 22 21:54:36 2001 Joe Orton * http_request.h (http_add_hooks): Make request_hooks 'const'. Thu Feb 15 08:36:56 2001 Joe Orton * http_request.c (read_response_body): Accept SOCK_CLOSED as end-of-response if we don't have a Content-Length (and not chunked). (Kai Sommerfeld). Thu Feb 15 08:36:23 2001 Joe Orton * http_request.c (add_fixed_headers): Don't add the Host header here. (http_request_dispatch): Add it here instead. * http_request.c (set_hostinfo): Dup the hostname. (http_session_destroy): Free the hostname. (Kai Sommerfeld). Thu Feb 15 08:35:49 2001 Joe Orton * http_private.h: Make hostname in struct host_info char *. (Kai Sommerfeld). Thu Feb 15 08:08:50 2001 Joe Orton * http_redirect.h: Add C++ header-inclusion safety macros (Kai Sommerfeld ). Wed Feb 14 23:37:57 2001 Joe Orton * http_request.c (read_response_body): Use a size_t for readlen, as read_response_block requires. Wed Feb 14 23:25:44 2001 Joe Orton * http_auth.c (request_digest): Fix incorrect signed-ness of buffer. Wed Feb 14 23:22:13 2001 Joe Orton * uri.h, string_utils.h: Comment-out tokens after #endif. Sun Feb 4 14:36:11 2001 Joe Orton * http_redirect.c (post_send): Prototype change. Sun Feb 4 14:31:42 2001 Joe Orton * socket.c: Added key_prompt, key_userdata, key_file to nssl_context. (sock_set_key_prompt, key_prompt_cb): New functions. (sock_make_secure): Set ctx->key_file to private key filename. Sun Feb 4 13:31:44 2001 Joe Orton * http_request.h: Make http_status argument of post_send a const pointer. Sun Feb 4 10:38:12 2001 Joe Orton * http_request.c (set_sockerr): Only use the socket error if it is NULL, else print generic "something went wrong"-type error message. Sun Feb 4 10:29:37 2001 Joe Orton * socket.c (sock_set_client_cert): Call SSL_CTX_check_private_key to ensure that the cert and private key match. Sun Feb 4 10:28:02 2001 Joe Orton * socket.c (sock_make_secure): In error cases after SSL_connect succeeds, call SSL_shutdown and assign sock->ssl = NULL before returning. Sat Feb 3 18:33:56 2001 Joe Orton * socket.c (sock_close): Call SSL_shutdown before close()'ing the fd. Sat Feb 3 18:30:48 2001 Joe Orton * socket.c: Store an default SSL_CTX in nsocket, to be used when no nssl_context is supplied. (create_socket): Create default SSL_CTX (sock_close): Free it here. (sock_make_secure): Use it here. Sat Feb 3 15:52:15 2001 Joe Orton * socket.c (sock_set_client_cert): New function. Sat Feb 3 15:48:51 2001 Joe Orton * socket.c: Rejig of nssl_context handling. An nssl_context is now really a wrapper for an SSL_CTX. (sock_create_ssl_context): Create the SSL_CTX here. (sock_disable_tlsv1, sock_disable_sslv2, sock_disable_sslv3): Set the SSL_CTX option directly. (sock_make_secure): Create an SSL_CTX if no nssl_context is supplied, otherwise use SSL_CTX from nssl_context. Sun Jan 28 13:52:03 2001 Joe Orton * http_utils.c (neon_version_minimum): New function. Sun Jan 28 10:37:28 2001 Joe Orton * neon_config.h.in: Removed file. * http_request.c, http_utils.c: Don't include neon_config.h. Sat Jan 27 22:52:37 2001 Joe Orton * socket.c: Use closesocket() as NEON_CLOSE (Markus Fleck ). Sat Jan 27 22:35:16 2001 Joe Orton * hip_xml.c: Add 'char_data' as libxml cdataBlock handler. Tue Jan 23 23:17:00 2001 Joe Orton * neon_config.h.in: Renamed from neon_config.h. Define NEON_VERSION_MAJOR and NEON_VERSION_MINOR too: all picked up from the NEON_VERSIONS macro. Sun Jan 21 22:07:34 2001 Joe Orton * string_utils.c (ne_concat): New function. Thu Jan 18 22:25:34 2001 Joe Orton * ne_alloc.h: Added ne_oom_callback. * ne_alloc.c: Added DO_MALLOC macro to do the malloc and oom callback test. (ne_malloc): Use DO_MALLOC. (ne_strdup, ne_calloc, ne_strndup): Reimplement using DO_MALLOC rather than calling ne_malloc(). Tue Jan 16 20:16:35 2001 Joe Orton * neon_config.h: Bumped version to 0.10.1. Tue Jan 16 20:14:40 2001 Joe Orton * http_request.c (http_session_create): Default expect-100 support to OFF. Mon Jan 15 22:59:33 2001 Joe Orton * neon_config.h: Bumped version to 0.10.0. Mon Jan 15 22:58:04 2001 Joe Orton * dav_basic.c (dav_simple_request): Use dav_207_ignore_unknown. Sun Jan 14 22:52:31 2001 Joe Orton * dav_props.c (propfind): Call dav_207_ignore_unknown. Sun Jan 14 22:49:06 2001 Joe Orton * dav_207.c: Don't handle unknown elements in normal handler. (ignore_cc, dav_207_ignore_unknown): New functions, for ignoring any unknown elements in the parse. Sun Jan 14 21:53:00 2001 Joe Orton * hip_xml.c: Renamed 'handlers' back to top_handlers. (push_handler): Now, p->root->handlers points to BASE of stack, p->top_handlers points to TOP of stack. (hip_xml_destroy): Changed to start from new BASE of stack. Sun Jan 14 10:50:09 2001 Joe Orton * http_request.c (http_session_server): Do perform the DNS lookup if we have a proxy_decider function, since that means we MIGHT need to know the IP address of the origin server. (http_request_create): Pass the real scheme back to the proxy decider callback. Wed Jan 10 22:43:16 2001 Joe Orton * Makefile.in: Rename OBJ_EXT to NEON_OBJEXT. Remove NEON_INTERFACE_VERSION, use NEON_LINK_FLAGS instead. Wed Jan 10 22:02:02 2001 Joe Orton * dav_locks.c (create_private): New function. (dav_lock_discover): Switch to using new dav_propfind_set_complex API. Wed Jan 10 21:59:36 2001 Joe Orton * dav_props.h (dav_propfind_set_complex): Switch the 'sizeof_private' argument for a callback 'creator': the return value of this callback is used as the 'private' field for the current resource. Mon Jan 8 22:09:55 2001 Joe Orton * dav_locks.h (dav_lock_result): Re-order arguments. Make lock object const. * dav_locks.c (dav_lock_copy): New function. (discover_results): Set lock->uri given href for current results. Free lock object after passing to results. Sun Jan 7 21:55:14 2001 Joe Orton * dav_locks.c (dav_lock): Destroy XML parser after use. Remove handling of Lock-Token header: it wasn't used and it leaked. Sun Jan 7 19:58:29 2001 Joe Orton * dav_props.c (free_propset): Free the property values, and the result set URI too. Sun Jan 7 16:58:19 2001 Joe Orton * http_request.c (read_response_block): Fix handling of SOCK_CLOSED from sock_read as end-of-connection. Sat Jan 6 15:02:57 2001 Joe Orton * hip_xml.c (struct hip_xml_parser): Renamed 'top_handlers' to 'handlers' in hip_xml_parser. (push_handler): New function. (hip_xml_push_handler, hip_xml_push_mixed_handler): Use push_handler. * hip_xml.c (find_handler): Begin the search for a new handler from the handler of the current (parent) element, and work up the stack. Sat Jan 6 11:15:17 2001 Joe Orton * hip_xml.c (find_handler): Display error message for unknown XML element as 'elmname (in nspace)' rather than 'nspace:elmname' since the latter produces confusing errors like 'DAV::displayname'. Wed Jan 3 21:34:44 2001 Joe Orton * Makefile.in: Hard-code top_builddir as '..' (possibly wrong, but true for all neon apps so far). Remove INCLUDES, now unused. Add top_srcdir. Fri Dec 22 22:51:27 2000 Joe Orton * dav_props.c: Added 'has_props' field to propfind_handler struct. (set_body): Only add leading 'prop' element if has_props is not set. Set has_props. Don't add trailing element here. (dav_propfind_named): ... add it here instead. (dav_propfind_set_complex, dav_propfind_set_flat): New set_body interface. Fri Dec 22 21:10:39 2000 Joe Orton * socket.c (sock_transfer): Don't use NEON_READ here, this is for reading from a non-socket fd. Wed Dec 20 00:19:34 2000 Joe Orton * neon_config.h: Bumped version to 0.9.1. Wed Dec 20 00:19:09 2000 Joe Orton * dav_props.c (free_propset): Don't free the private structure, make this the caller's responsibility. Wed Dec 20 00:12:36 2000 Joe Orton * dav_props.c (end_propstat): Rename propstat argument to 'pstat_v' to kill warnings. Tue Dec 19 23:42:39 2000 Joe Orton * dav_props.c (start_response): Zero-out the private structure on creation. Tue Dec 19 22:54:06 2000 Joe Orton * http_request.c (read_response_block): Rename local variable 'socket' to 'sock'. Tue Dec 19 22:52:56 2000 Joe Orton * http_request.h: Rename argument from 'stat' in post_send definition. Tue Dec 19 22:52:32 2000 Joe Orton * http_utils.h: Add 'const' to char * argument. Tue Dec 19 22:19:28 2000 Joe Orton * neon_config.h: Bumped version to 0.9.0. Tue Dec 19 22:12:19 2000 Joe Orton * Makefile.in: New file. Tue Dec 19 22:07:50 2000 Joe Orton * Makefile.incl: Removed file. Tue Dec 19 22:06:06 2000 Joe Orton * dav_locks.c (dav_lock_discover): New callback-based lock discovery interface. Re-implemented using new propfind interface. Tue Dec 19 21:22:43 2000 Joe Orton * dav_props.h: Replace old dav_propfind_* interface with better one. (dav_simple_propfind): Renamed from dav_get_props. (dav_propfind_current_private, dav_propfind_set_complex, dav_propfind_set_flat): New functions. (dav_propfind_get_current_resource): Removed function. (dav_propfind_named, dav_propfind_allprop): Change second argument to be the results callback. * dav_props.c: Replace implementatino of old interface with new one. (dav_simple_propfind): Re-implemented on top of new all-singing all-dancing dav_propfind_* interface. Sun Dec 17 18:24:50 2000 Joe Orton * dav_props.c: Add dav_get_props, and all its auxiliaries. Sun Dec 17 15:43:55 2000 Joe Orton * dav_props.c (propfind): Destroy the request after calling http_get_status. Sun Dec 17 18:04:58 2000 Joe Orton * hip_xml.c (find_handler): Allow using NULL as name and nspace in HIP_ELM_unknown elements. Sun Dec 17 18:03:03 2000 Joe Orton * dav_207.c (check_context): Don't handle the unknown element when it is a child of the prop element, this prevents handling allprop responses. Thu Dec 14 21:48:06 2000 Joe Orton * neon_config.h: Bumped version to 0.8.0. Thu Dec 14 21:43:31 2000 Joe Orton * dav_basic.c, dav_locks.c, dav_props.c (everywhere): Changed to new response-status interface, and _class->klass change. Thu Dec 14 21:37:38 2000 Joe Orton * http_request.c (http_get_status): Add new response-status interface. Thu Dec 14 21:30:25 2000 Joe Orton * http_basic.c (everywhere): Use new status interface. Thu Dec 14 21:25:03 2000 Joe Orton * http_private.h: Made http_status pointer in http_req a declared object. * http_request.h: Removed passing status pointer to http_request_dispatch. * http_request.c (everywhere): Removed passing extra http_status * to auxiliaries, use req->status instead. Renamed '_class' to 'klass' everywhere. Thu Dec 14 21:15:54 2000 Joe Orton * http_utils.h: Renamed '_class' member of http_status to 'klass'. (http_parse_statusline): Change accordingly. Wed Dec 13 23:00:23 2000 Joe Orton * socket.c: Changes for pre-BONE BeOS (David Reid ). Wed Dec 13 21:29:36 2000 Joe Orton * uri.c (ESCAPE): Explicitly cast the character to const unsigned int. (uri_abspath_escape): Make 'pnt' a normal const char *. Wed Dec 13 21:17:31 2000 Joe Orton * http_request.c: Remove netinet/in.h include, add limits.h include. (Peter Boos) (read_response_block): Make readlen a size_t (David Reid). Wed Dec 13 21:08:08 2000 Joe Orton * ne_alloc.h [WIN32]: Include stdlib.h. (Peter Boos) Wed Dec 13 20:54:27 2000 Joe Orton Patches from Peter Boos and David Reid for Win32 and BeOS changes respectively: * socket.c: Add NEON_READ, NEON_WRITE, NEON_CLOSE macros to use send/recv/closesocket for BeOS, send/recv/close for Win32, write/read/close otherwise. Include WinSock2.h in Windows. Add arpa/inet.h check. (sock_read, sock_write): Use the NEON_ macros. (sock_connect, sock_close): Use NEON_CLOSE. (sock_init): Winsock initialization. (sock_exit) Winsock cleanup. (sock_fullwrite): Use size_t rather than ssize_t for 'sent'. (sock_connect, sock_connect_u): Make 'port' parameter an unsigned short int. Wed Dec 13 20:42:18 2000 Joe Orton * http_basic.c (clength_hdr_handler): Use an off_t for len, to avoid comparison with size_t. Wed Dec 13 20:38:59 2000 Joe Orton * hip_xml.c (char_data): Use an 'int' for wslen, avoid comparison between size_t (which is signed) and int (which [is|might be?] unsigned). Wed Dec 13 20:29:12 2000 Joe Orton * nsocket.h [WIN32]: Use Windows headers rather than Unixy ones. (sock_exit): New function. Wed Dec 13 20:21:22 2000 Joe Orton * string_utils.c, string_utils.h, uri.h: Includes change (Peter Boos). Wed Dec 13 20:20:09 2000 Joe Orton * http_auth.c (http_auth_response_body): Don't make inline. Includes change. (both by Peter Boos). Wed Dec 13 20:18:38 2000 Joe Orton * uri.c (uri_unescape): Cast strtol return to (char). Includes change as below (both by Peter Boos). Wed Dec 13 20:07:38 2000 Joe Orton * base64.c, dates.c, dates.h, dav_207.c, dav_207.h, dav_basic.h, dav_locks.h, hip_xml.h, http_auth.h, http_basic.h, http_cookies.c, http_redirect.c, http_redirect.h, http_request.h, http_utils.c, md5.c, ne_alloc.c: Use #include "..." rather than #include <...> for neon headers. (Peter Boos ). Thu Dec 7 21:45:02 2000 Joe Orton * socket.c (sock_read): Return zero immediately if a zero count parameter is passed, following SUSv2 semantics. Thu Dec 7 21:41:36 2000 Joe Orton * nsocket.h (sock_readfile_blocked): Define an interface, allow taking -1 as the length parameter. Only return SOCK_CLOSED if length == -1 is NOT passed. Sun Nov 26 09:46:53 2000 Joe Orton * nsocket.h: Fix use of 'socket' in function prototypes. Sun Nov 19 00:29:48 2000 Joe Orton * nsocket.h: Increase read timeout to 120 seconds. Sun Nov 5 14:42:46 2000 Joe Orton * dav_locks.c: Fix element id's (fixes segfault when using locks). Thu Oct 26 22:28:17 2000 Joe Orton * socket.c (sock_peek): Return SOCK_CLOSED if recv() returns zero. Thu Oct 26 22:24:14 2000 Joe Orton * socket.c (sock_block): Return "got data" if SSL_pending indicates data pending. Otherwise select on socket as normal. Thu Oct 26 22:15:14 2000 Joe Orton * socket.c (sock_readline, sock_peek): Check whether SSL connection has been closed if SSL_peek returns 0 (thanks to Jeff Costlow ). Thu Oct 14 19:57:31 2000 Joe Orton * Makefile.incl: Fix spurius backslash at line 69 (thanks to Dirk Bergstrom ). Sat Oct 14 19:51:44 2000 Joe Orton * dav_basic.c (copy_or_move): Use http_get_scheme rather than hard-coding "http". 2000-10-02 Joe Orton * http_request.c (http_get_scheme): New function. Tue Oct 10 19:56:42 2000 Joe Orton * neon_config.h: Bumped version to 0.7.5. Sat Oct 7 19:26:58 2000 Joe Orton * neon_config.h: Bumped version to 0.7.4. Sat Oct 7 19:19:37 2000 Joe Orton * http_auth.c (request_digest): Quote algorithm and qop parameters in digest header. Sat Oct 7 19:15:29 2000 Joe Orton * socket.c (sock_connect_u): Don't leak the fd if connect fails (David Sloat). Sat Sep 16 16:49:57 2000 Joe Orton * hip_xml.h: Add 'HIP_ELM_UNUSED', defining lowest element ID which should be used. * hip_xml.c, hip_xml.h (hip_xml_push_handler, hip_xml_push_mixed_handler): Renamed from hip_xml_add_handler / hip_xml_add_mixed_handler to reflect stack-like usage of handlers. 'handlers' field of hip_xml_parser renamed to top_handler for same reason (globally search'n'replaced). * hip_xml.h: Documentation update. Thu Sep 14 22:37:33 2000 Joe Orton * http_auth.c (request_digest): Quote qop= value, fixes IIS5 interop. Thu Sep 14 00:40:04 2000 Joe Orton * socket.c (sock_connect_u): If connect() fails, close the socket before returning: thanks to David Sloat . Tue Sep 12 20:08:40 2000 Joe Orton * http_request.c (read_response_headers): Remove redundant tolower(). Tue Sep 12 00:41:39 2000 Joe Orton * neon_config.h: Bumped version to 0.7.3. Mon Sep 11 15:31:13 2000 Joe Orton * http_request.c, http_auth.c: Include snprintf.h if HAVE_SNPRINTF_H is defined. Fri Sep 8 10:46:53 2000 Joe Orton * neon_config.h: Bumped version to 0.7.2. Fri Sep 8 10:44:42 2000 Joe Orton * socket.c (sock_block): Return immediately if this is an SSL socket. Thu Sep 7 00:31:12 2000 Joe Orton * hip_xml.h: Correct order of hip_xml_validate_cb arguments in prototype (thanks to Greg Stein). Thu Sep 7 00:27:29 2000 Joe Orton * dav_props.c (propfind): Don't destroy the handler after use. (dav_propfind_destroy): New function. Thu Sep 7 00:08:45 2000 Joe Orton * Makefile.incl: Added targets for ne_alloc.o, string_utils.o, uri.o, base64.o. Tue Aug 15 21:53:53 2000 Joe Orton * neon_config.h: Bumped version to 0.7.1. Tue Aug 15 21:16:34 2000 Joe Orton * http_request.c (http_request_create): Only add authentication response body callbacks if a supply-credentials callback has been set for the session. (http_request_dispatch): Similarly for response header callbacks. Mon Aug 14 09:28:38 2000 Joe Orton * neon_config.h: Bumped version to 0.7.0. Mon Aug 14 09:23:54 2000 Joe Orton * string_utils.h (SBUFFER_CAST): New macro. Mon Aug 14 09:13:05 2000 Joe Orton * http_private.h: Use a hash table for storing response header handlers. Added response header 'catchers', which are passed ALL response headers. * http_request.c (http_add_response_header_handler): Place the handler in the correct hash bucket. (hdr_hash): New function. (http_add_response_header_catcher): New function. (http_request_destroy): Destroy the header catchers, and iterate over the hash table to destroy the handlers. (read_response_headers): Optimisation: hash and search for ':' in a single loop. Remove another local variable. Iterate through catchers too. Sun Aug 13 15:57:35 2000 Joe Orton * neon_config.h: Bumped version to 0.6.1. Sun Aug 13 15:50:42 2000 Joe Orton * http_request.c (send_request): Only go through the loop at most twice. Sun Aug 13 15:49:52 2000 Joe Orton * http_redirect.c (destroy): Don't free the redirect structure. Sat Aug 12 17:10:32 2000 Joe Orton * neon_config.h: Bumped version to 0.6.0. Sat Aug 12 16:48:47 2000 Joe Orton * http_request.c (http_session_decide_proxy): New function. (http_request_create): Call proxy "decider callback" to determine whether to use the proxy server for a given request or not. Sat Aug 12 16:39:10 2000 Joe Orton * Makefile.incl: Updated for http_private.h and http_redirect.[ch]. Sat Aug 12 16:36:49 2000 Joe Orton * http_request.c: Removed data structure definitions. * http_private.h: New file, contains data structure definitions. Interface NOT exported. Sat Aug 12 16:31:32 2000 Joe Orton * http_redirect.c (destroy): No return value. Sat Aug 12 16:04:02 2000 Joe Orton * http_redirect.[ch]: First cut at HTTP redirect handling. Sat Aug 12 11:05:13 2000 Joe Orton * neon_config.h: Bumped version to 0.5.1. Sat Aug 12 02:04:15 2000 Joe Orton * dav_locks.c (dav_lock_using_resource, dav_lock_using_parent): Prevent segfault if locking is not in use. Fri Aug 11 17:19:06 2000 Joe Orton * neon_config.h: Bumped version to 0.5.0. Fri Aug 11 16:31:23 2000 Joe Orton * http_request.c (read_message_header): Take a buffer for storing continuation lines. (read_response_headers): No need to strip EOL since read_message_header does this already. Use one less variable. Fri Aug 4 22:12:04 2000 Joe Orton * http_request.c (send_request): Don't retry sending the request more than once. Wed Aug 2 11:08:31 2000 Joe Orton * ne_alloc.[ch]: Renamed from xalloc.[ch]. Wed Aug 2 02:15:32 2000 Joe Orton * socket.c (sock_transfer): Return SOCK_CLOSED, or set sock->error appropriately on read failure. Tue Aug 1 13:04:27 2000 Joe Orton * socket.c, nsocket.h (sock_progress, sock_call_progress, sock_transfer, sock_readfile_blocked): Use 'off_t' not 'size_t' as file size type. Fri Jul 28 13:32:37 2000 Joe Orton * neon_config.h: Bumped version to 0.4.2. Fri Jul 28 13:31:38 2000 Joe Orton * http_request.c (send_request): Fix sending request body after getting 100-continue response. Fri Jul 28 11:26:47 2000 Joe Orton * neon_config.h: Bumped version to 0.4.1. Fri Jul 28 10:32:34 2000 Joe Orton * neon_config.h: Bumped version to 0.4.0. Fri Jul 28 10:28:21 2000 Joe Orton * http_basic.[ch] (http_post): New function, from Sander Alberink . Thu Jul 27 18:55:49 2000 Joe Orton * http_utils.c (neon_debug): No conditional compilation for function body: compile it all regardless of whether debugging is enabled or not, to allow applications to be debugged regardless of whether debugging is compiled into the library or not. Thu Jul 27 16:59:26 2000 Joe Orton * http_basic.c (clength_hdr_handler): Cast off_t to long int for printing. Tue Jul 25 18:14:15 2000 Joe Orton * http_request.c (read_message_header): Iterate over header handler list before placing zero-terminator at ':': if a handler has a NULL name field, pass it the entire header value. Tue Jul 25 18:00:49 2000 Joe Orton * http_request.c (http_get_request_headers): New function. Mon Jul 24 16:55:29 2000 Joe Orton * neon_config.h: Bumped version to 0.3.9. Mon Jul 24 16:54:33 2000 Joe Orton * http_basic.h: Use 'off_t' in http_content_range. * http_basic.c (http_get_range): Cast range values to (long int) to prevent compiler warnings. Thu Jul 20 20:03:30 2000 Joe Orton * http_request.[ch], socket.c, http_basic.c: Include nsocket.h not socket.h. Thu Jul 20 20:02:20 2000 Joe Orton * http_utils.c (version_string): Indicate which XML parser is supported. Thu Jul 20 20:01:12 2000 Joe Orton * nsocket.h: Renamed from socket.h. Thu Jul 20 15:02:35 2000 Joe Orton * http_utils.c, socket.c, http_request.c: SSL_ENABLE renamaed to ENABLE_SSL. Thu Jul 20 12:20:13 2000 Joe Orton * md5.c, http_auth.h: Include neon_md5.h. Thu Jul 20 12:19:23 2000 Joe Orton * neon_md5.h: Renamed from md5.h. Wed Jul 19 22:33:46 2000 Joe Orton * dav_basic.c (dav_simple_request): Don't leak ctype.value. Wed Jul 19 22:32:03 2000 Joe Orton * dav_207.c (check_context): Accept unknown elements. Wed Jul 19 22:31:10 2000 Joe Orton * dav_locks.c (dav_lock_iterate): Allow passing func as NULL. Wed Jul 19 22:26:13 2000 Joe Orton * socket.h (SOCKET_READ_TIMEOUT): Increase to 60. Wed Jul 19 22:25:51 2000 Joe Orton * dav_locks.h: Include http_request.h. Mon Jul 17 11:41:16 2000 Joe Orton * dates.c (asctime_parse, rfc1036_parse): Actually pass the string to sscanf (thanks to lclint). (rfc1123_date): Check for gmtime() returning NULL. Mon Jul 17 09:16:43 2000 Joe Orton * neon_config.h: Bumped version to 0.3.1. Mon Jul 17 09:07:58 2000 Joe Orton * dav_locks.c: Include limits.h: thanks to Paul D'Anna. Sun Jul 16 18:47:15 2000 Joe Orton * neon_config.h: Bumped version to 0.3.0. Sun Jul 16 16:44:25 2000 Joe Orton * neon_i18n.c (neon_i18n_init) [ENABLE_NLS && NEON_IS_LIBRARY]: New compilation conditions. Sun Jul 16 16:41:12 2000 Joe Orton * neon_i18n.c: New file. Sun Jul 16 16:15:02 2000 Joe Orton * string_utils.c (sbuffer_*): Change to assert postcondition (buf->used == strlen(buf->data) + 1). (sbuffer_append): Fix brokenness. Sun Jul 16 16:11:05 2000 Joe Orton * socket.c (sock_transfer): Increase sum length written correctly. Sun Jul 16 16:10:23 2000 Joe Orton * http_request.c (http_get_hook_private): New function. Sun Jul 16 16:07:11 2000 Joe Orton * hip_xml.c (find_handler): Call validate_cb for any handler which recognizes the element. Allow return codes HIP_XML_{VALID,INVALID,DECLINE} from validate_cb. If DECLINE is returned, continue searching handlers until one returns (IN)VALID. (start_element): Don't call validate_cb. * hip_xml.c (start_element, end_element): In collect mode, don't print namespace prefix if present. Sun Jul 16 15:30:19 2000 Joe Orton * dav_locks.[ch]: New file, code mainly taken from cadaver and adapted for neon HTTP request/response handling. Sun Jul 16 15:28:25 2000 Joe Orton * dav_basic.c (copy_or_move, dav_move, dav_copy): Pass overwrite as parameter. Sun Jul 16 15:26:24 2000 Joe Orton * uri.c (uri_compare): Fixed to only return equal if *shorter* string has no trailing slash. Sat Jul 15 20:14:07 2000 Joe Orton * dav_207.c (dav_207_get_current_response, dav_207_get_current_propstat): New functions. * dav_props.c (dav_propfind_get_current_resource): Implement using dav_207_get_current_response. Sat Jul 15 17:36:37 2000 Joe Orton * xalloc.c (xcalloc): New function. Sat Jul 15 14:11:14 2000 Joe Orton * http_utils.[ch] and elsewhere: Replace 'class' field of http_status with '_class' to be C++-safe. (patch from Tom Bednarz). Thu Jul 6 18:48:52 2000 Joe Orton * dav_basic.c (copy_or_move): Escape the destination URI. Thu Jul 6 18:45:51 2000 Joe Orton * dav_props.c (end_response): Added description parameter. Thu Jul 6 18:43:14 2000 Joe Orton * dav_207.[ch] (end_element): Fix handling of responsedescription. Add "description" parameter to dav_207_end_response callback, and pass the contents of responsedescription. * dav_basic.c (handle_error, end_response, end_propstat): Pass description and add to error string when present. Tue Jul 4 11:43:03 2000 Joe Orton * dav_basic.c, dav_props.c, http_basic.c: Use http_{add,print}_request_header rather than http_get_request_header. Tue Jul 4 11:41:00 2000 Joe Orton * http_request.[ch] (http_add_request_header, http_print_request_header): New functions. (http_get_request_header): Removed function. Mon Jul 3 21:50:40 2000 Joe Orton * http_request.c: Add basic support for TLS upgrade (RFC2817). (http_set_request_secure_upgrade, http_set_accept_secure_upgrade): New functions. (send_request): If upgrade is requested, and a 101 response is received, negotiate the TLS connection. (add_fixed_headers): Add Upgrade header if necessary. Mon Jul 3 21:46:00 2000 Joe Orton * http_request.c (send_request): Don't go into an infinite loop. (read_message_header): Simplyify checking for end-of-line. Tue Jun 13 00:29:42 2000 Joe Orton * http_request.c (http_session_proxy, http_session_server): Allow calling >1 time per session, to switch servers. (send_request): Only retry sending request once. Mon Jun 12 21:50:41 2000 Joe Orton * http_request.c (http_add_hooks): New function. Mon Jun 12 21:37:24 2000 Joe Orton * http_cookies.[ch]: Added basic cookies support. Mon Jun 12 21:33:33 2000 Joe Orton * socket.c (sock_create_ssl_context, sock_destroy_ssl_context, sock_disable_tlsv1, sock_disable_sslv2, sock_disable_sslv3, sock_make_secure): Added nssl_context handling. Mon Jun 12 21:29:52 2000 Joe Orton * http_request.c (http_request_dispatch, http_request_create, http_request_destroy, http_set_request_body_buffer, http_set_request_body_stream): Added hook support. Mon Jun 12 21:04:00 2000 Joe Orton * http_request.c (http_set_secure): Store an nssl_context. (open_connection): Give the nssl_context. Sun Jun 11 16:37:52 2000 Joe Orton * sslcerts.c: Import of SSL support from mutt, relicensed under the LGPL for use in neon by the author, Tommi Komulainen . Sun Jun 11 11:30:16 2000 Joe Orton * http_request.c (set_sockerr): Updated to use sock_get_error. Sun Jun 11 11:29:29 2000 Joe Orton * uri.c (uri_parse): Allow scheme to be omitted. Fri Jun 9 20:39:24 2000 Joe Orton * socket.c (sock_get_error): New function. (sock_*): Set sock->error and SOCK_ERROR on error. Mon May 29 16:32:46 2000 Joe Orton * uri.c (uri_abspath_escape): Allocate the exact amount of memory needed. Mon May 29 15:53:33 2000 Joe Orton * dav_basic.c (dav_simple_request): Correct invalid XML logic. Mon May 29 15:52:08 2000 Joe Orton * socket.c (create_sock, sock_accept, sock_get_fd): New functions. (sock_connect_u): Use create_sock. Sun May 28 21:00:37 2000 Joe Orton * http_utils.c (neon_version_string): New function. Sun May 28 19:36:45 2000 Joe Orton * socket.c (sock_connect_u): Zero out allocated nsocket object. Thu May 25 01:27:04 2000 Joe Orton * *.h: Include other neon headers with . Thu May 25 01:02:12 2000 Joe Orton * dav_props.c: Include stdlib.h for 'free'. Wed May 24 20:15:08 2000 Joe Orton * http_request.c (read_message_header): Return HTTP_RETRY if more headers to read, HTTP_OK on end-of-headers. (read_response_headers): Changed accordingly. Wed May 24 19:56:29 2000 Joe Orton * http_request.c (send_request_body): Return a SOCK_* code. (send_request): Re-send request if socket has been closed (due to persistent connection timeout). Wed May 24 19:00:01 2000 Joe Orton * hip_xml.c (find_element): Fix unknown element handling. Tue May 23 19:12:26 2000 Joe Orton * dav_props.c (propfind): Destroy the request body sbuffer after use. Tue May 23 15:43:42 2000 Joe Orton * socket.c (sock_make_secure) [SSL_ENABLE]: Conditionally compile SSL code. [!SSL_ENABLE]: Return failure. (sock_close) [SSL_ENABLE]: Conditionally compile SSL code. Tue May 23 15:37:53 2000 Joe Orton * http_request.c (http_session_create): Renamed from http_session_init. (http_session_destroy): Renamed frmo http_session_finish. Sun May 21 23:50:58 2000 Joe Orton * http_request.c (lookup_host): Use sock_name_lookup. Sun May 21 23:40:39 2000 Joe Orton * http_request.c (http_request_create): Allow passing NULL uri (internal use only). (http_set_secure): New function. (read_response_block, read_message_headers): Redone for new socket API. (build_request): Moved http_auth_new_request calls here (from http_request_dispatch). (send_request): Always call open_connection before sending the request. (read_message_header, read_response_headers): Looser check for empty line. (normalize_response_length): Set response body length to zero on 2xx class response whilst in CONNECT, if no other response body length is given. (http_request_dispatch): Don't close the connection on a HTTP/1.0 2xx class response after a CONNECT request. (proxy_tunnel): New function. (open_connection): Use an SSL connection where appropriate. Use proxy_tunnel for tunnelling through a proxy. Sun May 21 01:35:40 2000 Joe Orton * src/socket.c: Added 'nsocket' ADT for handling sockets. (sock_*): All changed to take 'nsocket *' argument rather than integer file descriptor. Added 'sock_secure_details' to sock_status enum. (sock_make_secure, sock_init): New function. (sock_peek): Renamed from sock_recv. (send_file_*, recv_file_*): Removed functions. (sock_name_lookup): Renamed from host_lookup. (sock_service_lookup): Renamed from get_tcp_port. (sock_block, sock_read, sock_fullwrite, sock_peek, sock_readline): Added SSL support. (sock_transfer): Use sock_fullwrite and sock_read. Sun May 21 01:25:03 2000 Joe Orton * http_request.c (http_request_destroy): Free header handlers and body readers. Sun May 21 01:24:30 2000 Joe Orton * dav_props.h: Removed obsolte got_property callback type. Sun May 21 01:23:59 2000 Joe Orton * dav_props.c (propfind): Free handler object after use. Sun May 21 01:23:12 2000 Joe Orton * dav_207.c (dav_207_destroy): Don't try to free the 'response' field. Sat May 20 21:45:32 2000 Joe Orton * http_request.c: Changed 'te' enum of struct http_response to 'is_chunked' boolean. Sun May 14 01:00:42 2000 Joe Orton * dav_props.c (propfind): Return error on parse error. Sun May 14 00:40:50 2000 Joe Orton * neon_config.h (NEON_VERSION): Bumped to 0.2.0. Sat May 13 23:31:28 2000 Joe Orton * neon_defs.h (BEGIN_NEON_DECLS, END_NEON_DECLS): Added C++ safety macros. * *.h: Surround with C++ safety macros. Sat May 13 22:36:06 2000 Joe Orton * hip_xml.c (hip_xml_destroy): Free handlers. Sat May 13 21:12:14 2000 Joe Orton * hip_xml.c (hip_xml_valid): Reversed return value. Sat May 13 21:11:17 2000 Joe Orton * http_utils.c: Renamed http_debug_mask to neon_debug_mask, similarly neon_debug_stream. (neon_debug_init): Renamed from http_debug_init. Sat May 13 19:24:40 2000 Joe Orton * http_utils.c: Initialize http_debug_mask to zero. (http_debug_init): New function. * http_utils.h: Fixed #ifdef DEBUGGING. Only define relevant DEBUG_* constants. Sat May 13 19:23:34 2000 Joe Orton * neon_config.h: New file. * http_request.c: Include neon_config.h for NEON_VERSION. Sat May 13 18:28:05 2000 Joe Orton * dav_props.c (dav_propfind_create): Create a hip_xml_parser, a 207 parser, register start+end response handlers with 207 layer. (propfind): Fix allprop (Michael Sobolev). * dav_basic.c (dav_simple_request): Create and destroy hip_xml_parser and 207 parser appropriately. Sat May 13 18:24:49 2000 Joe Orton * dav_207.c: Now takes an externally-declared hip_xml parser pointer. (dav_207_create, dav_207_destroy): New functions. (dav_207_init, dav_207_init_with_handler, dav_207_parse, dav_207_error, dav_207_finish): Removed functions. Sat May 13 17:32:45 2000 Joe Orton * hip_xml.[ch]: Rewritten to use opaque hip_xml_parser pointer. struct hip_xml_handler and struct hip_xml_state removed from external interface. struct hip_xml_elm * passed to startelm_cb and endelm_cb. (hip_xml_add_handler, hip_xml_valid, hip_xml_create, hip_xml_destroy, hip_xml_set_error, hip_xml_get_error): New functions. (hip_xml_init, hip_xml_destroy): Removed functions. Sat May 13 13:43:56 2000 Joe Orton * neon.h: Removed. Sat May 13 13:42:20 2000 Joe Orton * string_utils.h: Don't include config.h. (CONCAT*): Don't use xmalloc, use malloc and abort manually. Sat May 13 13:32:46 2000 Joe Orton * http_utils.h, dates.h, http_basic.h: Don't include config.h Sat May 13 13:31:37 2000 Joe Orton * hip_xml.[ch], dav_207.c: Use HIP_ERR_SIZE for size of parser error string. Sat May 13 13:30:40 2000 Joe Orton * Makefile.incl: Use obj_ext for object file extension. Thu May 11 18:21:53 2000 Joe Orton * neon.h: Bumped version to 0.1.1. Thu May 11 18:16:08 2000 Joe Orton * http_basic.c (get_to_fd): Fix short writes. Wed May 10 19:22:01 2000 Joe Orton * neon.h: Bumped version to 0.1.0. Wed May 10 17:46:48 2000 Joe Orton * uri.c (uri_parse, uri_free): New functions. Wed May 10 17:43:37 2000 Joe Orton * http_basic.c (get_to_fd, http_get): Set error appropriately if fwrite() fails. Wed May 10 14:25:38 2000 Joe Orton * http_utils.c (http_debug): New function. Wed May 10 14:25:08 2000 Joe Orton * http_basic.c (get_callback): Call sock_call_progress. Wed May 10 14:24:20 2000 Joe Orton * socket.c (sock_call_progress): New function. (many places): Use it. Wed May 10 14:22:48 2000 Joe Orton * uri.c (uri_has_trailing_slash): Moved from being inline. Tue May 9 23:34:25 2000 Joe Orton * dav_props.c: Use handler as userdata for 207 callbacks, unified handler and context structures. (start_prop, end_prop, start_propelm, end_propelm): Removed functions. (dav_propfind_get_current_resource): New function. Tue May 9 23:29:44 2000 Joe Orton * xalloc.[ch]: New files. Tue May 9 23:05:47 2000 Joe Orton * dav_207.[ch]: Removed property and property element callbacks. Tue May 9 23:01:00 2000 Joe Orton * dav_207.c: Use separate name/namespace for element names. (dav_207_init_with_handler): New function. (end_element): Unescape URI in href element. Tue May 9 19:54:07 2000 Joe Orton * dav_props.c (dav_propfind_allprop, dav_propfind_named, propfind, start_response, end_response, start_prop, end_prop, start_propelm, end_propelm): New functions; PROPFIND support. Tue May 9 19:45:17 2000 Joe Orton * http_request.c (build_request): Renamed from make_request. Tue May 9 19:36:01 2000 Joe Orton * socket.[ch]: Added sock_block_reader. Tue May 9 15:52:56 2000 Joe Orton * uri.c (uri_childof): Return false when parent is the same length as child. Sun May 7 15:07:49 2000 Joe Orton * dav_207.c: Separated element namespace/names. Tue May 2 16:40:59 2000 Joe Orton * hip_xml.[ch]: Added HIP_XML_UTF8DECODE flag. Tue May 2 16:16:57 2000 Joe Orton * hip_xml.[ch]: Separate element name and namespace. Mon May 1 00:21:24 2000 Joe Orton * dav_207.c (dav_accept_207): Moved function from dav_basic.c. * dav_basic.c (dav_accept_207, dav_parse_xml_block): Removed functions. Sun Apr 30 22:47:47 2000 Joe Orton * dav_props.[ch]: Renamed dav_proppatch_item to dav_proppatch_operation. Sun Apr 30 22:45:04 2000 Joe Orton * hip_xml.c (start_element): Clearer error message. Sun Apr 30 19:12:07 2000 Joe Orton * http_basic.c (http_content_type_handler, dav_hdr_handler): New functions. (http_options): Handle DAV header. Sun Apr 30 18:08:53 2000 Joe Orton * dav_props.c (dav_proppatch): New function. Sun Apr 30 18:05:55 2000 Joe Orton * dav_basic.c (handle_error): New function. (end_response, end_propstat): Use it. (dav_simple_request): Don't return the 207 error string if we get all 2xx class status elements. Sun Apr 30 16:56:41 2000 Joe Orton * dav_basic.c (dav_add_depth_header): New function. Sun Apr 30 14:49:06 2000 Joe Orton * dav_207.c (start_element): Unknown element is only a property if the parent is DAV:propstat. Sun Apr 30 14:43:28 2000 Joe Orton * dav_basic.c (end_response, end_propstat): Only write error line if we have status information and the status is not a 424. Sun Apr 30 14:28:23 2000 Joe Orton * dav_basic.h: Added DAV_DEPTH_*. Sun Apr 30 12:47:50 2000 Joe Orton * dav_207.c (check_context): Allow (and ignore) unknown elements anywhere other than as the root. Sun Apr 30 12:35:39 2000 Joe Orton * string_utils.h (ASC2HEX, HEX2ASC): New macros. Sun Apr 30 12:34:37 2000 Joe Orton * http_auth.c [STANDALONE]: Removed. (everywhere): Switch to using md5_to_ascii rather than md5_hexify. Sun Apr 30 12:32:35 2000 Joe Orton * http_request.c (read_response_block): Fixed to return errors properly and block length to parameter. (read_response_body): Changed accordingly. Sun Apr 30 12:29:45 2000 Joe Orton * hip_xml.c (friendly_name): New function, was PRETTY_NAME macro. (start_element, end_element): Fix COLLECT handling. (hip_xml_parse): Only write parse error if the document has not already been marked invalid. Sun Apr 30 12:28:36 2000 Joe Orton * dav_basic.c (dav_simple_request): Rewritten for new 207 interface. (start_response, end_response, end_propstat): New functions. Sun Apr 30 12:27:52 2000 Joe Orton * dav_207.c (dav_207_error): Return the parser error. Sat Apr 29 14:46:48 2000 Joe Orton * socket.c (sock_register_progress, sock_register_notify): New functions. (everywhere): Use progress + notify callbacks rather than fe_*. Sat Apr 29 14:15:23 2000 Joe Orton * string_utils.c (md5_to_ascii, ascii_to_md5): New functions. Sat Apr 29 13:55:39 2000 Joe Orton * hip_xml.c (hip_xml_init): abort() on out-of-memory. Sat Apr 29 12:56:11 2000 Joe Orton * neon_i18n.h: New file. Sat Apr 29 12:55:24 2000 Joe Orton * dav_207.[ch]: Re-implemented with sensible interface. Fri Apr 28 14:56:01 2000 Joe Orton * http_auth.c (http_auth_request_header): Renamed from http_auth_request. * http_request.c (make_request): As above. Thu Apr 13 11:52:14 2000 Joe Orton * http_basic.c (http_put): Switched URI and stream arguments. Thu Apr 13 09:51:21 2000 Joe Orton * http_request.c: Added user_agent field to session structure. (http_set_useragent): New function. (add_fixed_headers): Only set user-agent if sess->user_agent is set. Thu Apr 13 09:49:32 2000 Joe Orton * http_request.c (lookup_host): New function, split from set_hostinfo. (set_hostinfo): Doesn't perform DNS lookup. (http_session_server): Don't do a DNS lookup if we have a proxy. Wed Apr 12 22:32:21 2000 Joe Orton * http_request.c (http_request_dispatch, http_request_create): Store auth header values in local variables rather than request structure. (http_request_create): Don't leak everything on error. Handle http_auth_challenge return value. Wed Apr 12 22:30:06 2000 Joe Orton * http_basic.c (http_options): Pass server capabilites object, parse Server header to detect Apache/1.3.6 and before, indicating broken 100-continue support. (server_hdr_handler): New function. Mon Apr 10 17:42:07 2000 Joe Orton * socket.c: Use 'int' for return values. Mon Apr 10 17:41:40 2000 Joe Orton * http_auth.c (is_in_domain): Dummy implementation. Mon Apr 10 17:40:21 2000 Joe Orton * http_request.c: Handle read() returning 0 when it shouldn't. i18n'ized error messages. Mon Apr 10 14:45:09 2000 Joe Orton * dates.[ch], md5.[ch], base64.[ch]: Imported date handling utilities, MD5 checksum functions, and text->base64 converter. Mon Apr 10 14:44:08 2000 Joe Orton * Makefile.incl: Dependancies updated for socket.[ch]. Mon Apr 10 14:43:36 2000 Joe Orton * dav_207.c: Replaced malloc() calls with xmalloc() calls. Mon Apr 10 14:42:35 2000 Joe Orton * http_auth.c, uri.c, string_utils.h: Replaced malloc() calls with xmalloc() calls. Mon Apr 10 14:41:40 2000 Joe Orton * socket.[ch]: Imported socket handling utilities. Mon Apr 10 14:36:03 2000 Joe Orton * string_utils.h (CONCAT*): Use xmalloc. Mon Apr 10 13:52:17 2000 Joe Orton * http_request.c (set_sockerr): Added handling for socket errors. Sat Apr 8 13:49:07 2000 Joe Orton * string_utils.[ch]: Imported string utilites. Sat Apr 8 00:26:06 2000 Joe Orton * http_request.c (http_set_persist, http_set_expect100): New functions. Sat Apr 8 00:25:37 2000 Joe Orton * http_basic.c (http_options): New function. Fri Apr 7 13:01:35 2000 Joe Orton * neon.h: New file. Fri Apr 7 12:59:40 2000 Joe Orton * http_request.c (normalize_response_length, read_response_body): New functions. (http_add_response_body_reader): Take a callback to determine whether the body reader wants to read the response body. Fri Apr 7 11:46:41 2000 Joe Orton * http_request.c (http_set_server_auth, http_set_proxy_auth): New functions. (give_creds): Use supplied callbacks for authentication. (get_request_bodysize): Send Content-Length: 0 if no entity-body is being sent with a request. (te_hdr_handler, connection_hdr_handler): New functions. (make_request): Don't use Expect: 100-continue if server is not HTTP/1.1 compliant. (read_message_header): Only read until HTTP_MAXIMUM_HEADER_LENGTH bytes of header have been read. (read_response_headers): No hard-coded header handling. (http_request_create): Set req->method_is_head here. Thu Apr 6 14:39:28 2000 Joe Orton * hip_xml.c [HIP_XML_DECODE_UTF8] (decode_utf8_double): New function. (char_data) [HIP_XML_DECODE_UTF8]: Decode UTF-8. Tue Mar 28 13:54:51 2000 Joe Orton * Makefile.incl: Imported makefile fragment. Tue Mar 28 13:54:09 2000 Joe Orton * http_request.[ch] (http_get_error): New function. Thu Mar 23 18:48:42 2000 Joe Orton * hip_xml.[ch]: Imported generic XML parsing layer. * dav_207.[ch]: Imported generic WebDAV 207 response handling. * dav_basic.[ch]: Imported/implemented DAV response handling and basic Class 1 namespace methods. Thu Mar 23 18:46:14 2000 Joe Orton * http_request.c (add_hooks, run_hooks, http_add_destroy_hook): Adding hooks support. (add_fixed_headers): Send TE token in Connection header. Only send Keep-Alive header & token to pre-1.1 origin servers (i.e., not proxies). Thu Mar 23 12:49:01 2000 Joe Orton * http_auth.[ch], uri.[ch]: Imported HTTP authentication and URI handling modules. Thu Mar 23 12:47:05 2000 Joe Orton * http_utils.c: Imported HTTP utility functions. Thu Mar 23 12:44:38 2000 Joe Orton * http_request.[ch]: Implemented modular HTTP request handling. * http_basic.[ch]: Implemented basic HTTP methods GET, PUT, and PUT with If-Unmodified. neon-0.32.2/src/Makefile.in000066400000000000000000000163701416727304000154040ustar00rootroot00000000000000# # neon source directory Makefile # # Use the NEON_NORMAL_BUILD or NEON_LIBTOOL_BUILD autoconf # macros to set up this Makefile correctly. # SHELL = @SHELL@ # Installation paths prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ # Build paths VPATH = @srcdir@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ # Toolchain settings. CC = @CC@ AR = @AR@ RANLIB = @RANLIB@ LIBTOOL = @LIBTOOL@ # Flags CPPFLAGS = @DEFS@ @CPPFLAGS@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ NEON_LINK_FLAGS = @NEON_LINK_FLAGS@ # Note: don't substitute @LIBS@ in here; during a bundled # build of this directory, @LIBS@ may include -lneon. LIBS = @NEON_LIBS@ @NEON_LTLIBS@ COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) LT_COMPILE = $(LIBTOOL) --quiet --mode=compile --tag=CC $(COMPILE) LINK = $(LIBTOOL) --quiet --mode=link --tag=CC $(CC) -no-undefined $(LDFLAGS) NEON_BASEOBJS = ne_request.@NEON_OBJEXT@ ne_session.@NEON_OBJEXT@ \ ne_basic.@NEON_OBJEXT@ ne_string.@NEON_OBJEXT@ \ ne_uri.@NEON_OBJEXT@ ne_dates.@NEON_OBJEXT@ \ ne_alloc.@NEON_OBJEXT@ ne_md5.@NEON_OBJEXT@ \ ne_utils.@NEON_OBJEXT@ ne_socket.@NEON_OBJEXT@ \ ne_auth.@NEON_OBJEXT@ ne_redirect.@NEON_OBJEXT@ \ ne_compress.@NEON_OBJEXT@ ne_i18n.@NEON_OBJEXT@ \ ne_pkcs11.@NEON_OBJEXT@ ne_socks.@NEON_OBJEXT@ \ ne_ntlm.@NEON_OBJEXT@ NEON_DAVOBJS = $(NEON_BASEOBJS) \ ne_207.@NEON_OBJEXT@ ne_xml.@NEON_OBJEXT@ \ ne_props.@NEON_OBJEXT@ ne_locks.@NEON_OBJEXT@ \ ne_xmlreq.@NEON_OBJEXT@ OBJECTS = @NEONOBJS@ @NEON_EXTRAOBJS@ .SUFFIXES: .SUFFIXES: .c .lo .o NEON_TARGET = @NEON_TARGET@ # Thanks to gettext for this neat trick. all: all-@NEON_BUILD_BUNDLED@ all-yes: $(NEON_TARGET) all-no: @echo "Bundled neon build not being used." .c.lo: $(LT_COMPILE) -c $< -o $@ .c.o: $(COMPILE) -c $< -o $@ libneon.la: $(OBJECTS) $(LINK) -rpath $(libdir) $(NEON_LINK_FLAGS) -o $@ $(OBJECTS) $(LIBS) libneon.a: $(OBJECTS) @rm -f $@ $(AR) cru $@ $(OBJECTS) $(RANLIB) $@ clean: rm -f $(NEON_TARGET) *.o *.lo *.bbg *.bb *.gc* rm -rf .libs c++.c: find . -name ne_\*.h -print | sed 's/.*/#include "&"/;/ne_priv/d' > $@ echo "int main(void) {}" >> $@ check-c++: c++.c c++ -I. c++.c check-incl: @for f in ne_*.h; do \ echo Checking $$f...; \ echo "#include \"$$f\"" > checkincl.c; \ $(COMPILE) -c checkincl.c -o checkincl.o || exit 1; done # Update generated dependencies below; requires cc -MM as in gcc. update-deps: for f in `echo $(OBJECTS) | sed 's/\\.@NEON_OBJEXT@/.c/g;s/ne_openssl.c//;s/ne_gnutls.c//;s/ne_pkcs11.c//;s/ne_stubssl.c//'`; do \ $(CC) $(CPPFLAGS) -MM -c $$f; \ done | sed 's, \.\./, $$(top_builddir)/,g;s, /[^ ]*.h,,g;/^ .$$/d;s/\.o: /.@NEON''_OBJEXT@: /' > new-deps sed '/[-]--CUT---/q' Makefile.in > Makefile.new cat Makefile.new new-deps > Makefile.in rm new-deps Makefile.new ne_openssl.@NEON_OBJEXT@: ne_openssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ ne_request.h ne_utils.h ne_pkcs11.h ne_privssl.h ne_stubssl.@NEON_OBJEXT@: ne_stubssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_session.h \ ne_uri.h ne_socket.h ne_pkcs11.@NEON_OBJEXT@: ne_pkcs11.c $(top_builddir)/config.h ne_pkcs11.h ne_defs.h ne_session.h \ ne_ssl.h ne_uri.h ne_socket.h ne_internal.h ne_privssl.h \ ne_alloc.h ne_private.h ne_request.h ne_utils.h ne_string.h ne_gnutls.@NEON_OBJEXT@: ne_gnutls.c $(top_builddir)/config.h ne_ssl.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h \ ne_private.h ne_request.h ne_utils.h ne_privssl.h #### ---CUT--- DO NOT REMOVE THIS LINE. Generated dependencies follow. #### ne_request.@NEON_OBJEXT@: ne_request.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_alloc.h \ ne_request.h ne_utils.h ne_string.h ne_session.h ne_ssl.h ne_uri.h \ ne_socket.h ne_private.h ne_session.@NEON_OBJEXT@: ne_session.c $(top_builddir)/config.h ne_session.h ne_ssl.h ne_defs.h \ ne_uri.h ne_socket.h ne_alloc.h ne_utils.h ne_internal.h ne_string.h \ ne_dates.h ne_private.h ne_request.h ne_basic.@NEON_OBJEXT@: ne_basic.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_basic.h ne_207.h ne_xml.h ne_locks.h ne_dates.h ne_internal.h ne_string.@NEON_OBJEXT@: ne_string.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_string.h ne_uri.@NEON_OBJEXT@: ne_uri.c $(top_builddir)/config.h ne_string.h ne_defs.h ne_alloc.h ne_uri.h ne_dates.@NEON_OBJEXT@: ne_dates.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_dates.h \ ne_string.h ne_alloc.@NEON_OBJEXT@: ne_alloc.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_md5.@NEON_OBJEXT@: ne_md5.c $(top_builddir)/config.h ne_md5.h ne_defs.h ne_string.h ne_alloc.h ne_utils.@NEON_OBJEXT@: ne_utils.c $(top_builddir)/config.h ne_utils.h ne_defs.h ne_string.h \ ne_alloc.h ne_dates.h ne_socket.@NEON_OBJEXT@: ne_socket.c $(top_builddir)/config.h ne_privssl.h ne_ssl.h ne_defs.h \ ne_socket.h ne_internal.h ne_utils.h ne_string.h ne_alloc.h ne_sspi.h ne_auth.@NEON_OBJEXT@: ne_auth.c $(top_builddir)/config.h ne_md5.h ne_defs.h ne_dates.h \ ne_request.h ne_utils.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_auth.h ne_internal.h ne_ntlm.h ne_redirect.@NEON_OBJEXT@: ne_redirect.c $(top_builddir)/config.h ne_session.h ne_ssl.h ne_defs.h \ ne_uri.h ne_socket.h ne_request.h ne_utils.h ne_string.h ne_alloc.h \ ne_redirect.h ne_internal.h ne_compress.@NEON_OBJEXT@: ne_compress.c $(top_builddir)/config.h ne_request.h ne_utils.h \ ne_defs.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h \ ne_socket.h ne_compress.h ne_internal.h ne_i18n.@NEON_OBJEXT@: ne_i18n.c $(top_builddir)/config.h ne_i18n.h ne_defs.h ne_socks.@NEON_OBJEXT@: ne_socks.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_string.h \ ne_alloc.h ne_socket.h ne_ssl.h ne_utils.h ne_ntlm.@NEON_OBJEXT@: ne_ntlm.c ne_ntlm.h $(top_builddir)/config.h ne_defs.h ne_string.h \ ne_alloc.h ne_207.@NEON_OBJEXT@: ne_207.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_utils.h ne_xml.h \ ne_207.h ne_request.h ne_string.h ne_session.h ne_ssl.h ne_uri.h \ ne_socket.h ne_basic.h ne_internal.h ne_xml.@NEON_OBJEXT@: ne_xml.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_alloc.h \ ne_xml.h ne_utils.h ne_string.h ne_props.@NEON_OBJEXT@: ne_props.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_xml.h \ ne_props.h ne_request.h ne_utils.h ne_string.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_207.h ne_basic.h ne_locks.h ne_internal.h ne_locks.@NEON_OBJEXT@: ne_locks.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_request.h \ ne_utils.h ne_string.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_xml.h ne_locks.h ne_basic.h ne_props.h ne_207.h ne_internal.h \ ne_xmlreq.h ne_xmlreq.@NEON_OBJEXT@: ne_xmlreq.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_xmlreq.h \ ne_request.h ne_utils.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_xml.h ne_basic.h ne_oldacl.@NEON_OBJEXT@: ne_oldacl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_locks.h ne_acl.h ne_xml.h ne_acl3744.@NEON_OBJEXT@: ne_acl3744.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_locks.h ne_acl3744.h ne_xml.h neon-0.32.2/src/README000066400000000000000000000007201416727304000142070ustar00rootroot00000000000000This is the source directory of the 'neon' HTTP/WebDAV client library, which can be bundled inside other packages. For the complete neon package, see This source directory may be distributed and/or modified under the terms of the GNU Library General Public License, as given in COPYING.LIB. Please send questions, bug reports, feature requests, etc, regarding the neon library, to the mailing list at neon-0.32.2/src/memleak.h000066400000000000000000000041051416727304000151140ustar00rootroot00000000000000/* Memory leak wrappers Copyright (C) 2003-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* WARNING: THIS IS AN INTERNAL NEON INTERFACE AND MUST NOT BE USED * from NEON APPLICATIONS. */ /* This file contains an alternate interface to the memory allocation * wrappers in ne_alloc.c, which perform simple leak detection. It * MUST NOT BE INSTALLED, or used from neon applications. */ #ifndef MEMLEAK_H #define MEMLEAK_H #include #define ne_malloc(s) ne_malloc_ml(s, __FILE__, __LINE__) #define ne_calloc(s) ne_calloc_ml(s, __FILE__, __LINE__) #define ne_realloc(p, s) ne_realloc_ml(p, s, __FILE__, __LINE__) #define ne_strdup(s) ne_strdup_ml(s, __FILE__, __LINE__) #define ne_strndup(s, n) ne_strndup_ml(s, n, __FILE__, __LINE__) #define ne_free ne_free_ml /* Prototypes of allocation functions: */ void *ne_malloc_ml(size_t size, const char *file, int line); void *ne_calloc_ml(size_t size, const char *file, int line); void *ne_realloc_ml(void *ptr, size_t s, const char *file, int line); char *ne_strdup_ml(const char *s, const char *file, int line); char *ne_strndup_ml(const char *s, size_t n, const char *file, int line); void ne_free_ml(void *ptr); /* Dump the list of currently allocated blocks to 'f'. */ void ne_alloc_dump(FILE *f); /* Current number of bytes in allocated but not free'd. */ extern size_t ne_alloc_used; #endif /* MEMLEAK_H */ neon-0.32.2/src/ne_207.c000066400000000000000000000260571416727304000145000ustar00rootroot00000000000000/* WebDAV 207 multi-status response handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* Generic handling for WebDAV 207 Multi-Status responses. */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #include "ne_alloc.h" #include "ne_utils.h" #include "ne_xml.h" #include "ne_207.h" #include "ne_uri.h" #include "ne_basic.h" #include "ne_internal.h" struct ne_207_parser_s { ne_207_start_response *start_response; ne_207_end_response *end_response; ne_207_start_propstat *start_propstat; ne_207_end_propstat *end_propstat; ne_xml_parser *parser; void *userdata; unsigned int flags; ne_uri base; ne_buffer *cdata; /* remember whether we are in a response: the validation * doesn't encapsulate this since we only count as being * "in a response" when we've seen the href element. */ int in_response; /* current position */ void *response, *propstat; /* caching */ ne_status status; char *description, *href; }; #define ELM_multistatus 1 #define ELM_response 2 #define ELM_responsedescription 3 #define ELM_href 4 #define ELM_prop (NE_207_STATE_PROP) #define ELM_status 6 #define ELM_propstat 7 static const struct ne_xml_idmap map207[] = { { "DAV:", "multistatus", ELM_multistatus }, { "DAV:", "response", ELM_response }, { "DAV:", "responsedescription", ELM_responsedescription }, { "DAV:", "href", ELM_href }, { "DAV:", "propstat", ELM_propstat }, { "DAV:", "prop", ELM_prop }, { "DAV:", "status", ELM_status } }; /* Set the callbacks for the parser */ void ne_207_set_response_handlers(ne_207_parser *p, ne_207_start_response *start, ne_207_end_response *end) { p->start_response = start; p->end_response = end; } void ne_207_set_propstat_handlers(ne_207_parser *p, ne_207_start_propstat *start, ne_207_end_propstat *end) { p->start_propstat = start; p->end_propstat = end; } void *ne_207_get_current_response(ne_207_parser *p) { return p->response; } void *ne_207_get_current_propstat(ne_207_parser *p) { return p->propstat; } /* return non-zero if (child, parent) is an interesting element */ static int can_handle(int parent, int child) { return (parent == 0 && child == ELM_multistatus) || (parent == ELM_multistatus && child == ELM_response) || (parent == ELM_response && (child == ELM_href || child == ELM_status || child == ELM_propstat || child == ELM_responsedescription)) || (parent == ELM_propstat && (child == ELM_prop || child == ELM_status || child == ELM_responsedescription)); } static int cdata_207(void *userdata, int state, const char *buf, size_t len) { ne_207_parser *p = userdata; if ((state == ELM_href || state == ELM_responsedescription || state == ELM_status) && p->cdata->used + len < 2048) ne_buffer_append(p->cdata, buf, len); return 0; } static int start_element(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { ne_207_parser *p = userdata; int state = ne_xml_mapid(map207, NE_XML_MAPLEN(map207), nspace, name); if (!can_handle(parent, state)) return NE_XML_DECLINE; /* if not in a response, ignore everything. */ if (!p->in_response && state != ELM_response && state != ELM_multistatus && state != ELM_href) return NE_XML_DECLINE; if (state == ELM_propstat && p->start_propstat) { p->propstat = p->start_propstat(p->userdata, p->response); if (p->propstat == NULL) { return NE_XML_ABORT; } } ne_buffer_clear(p->cdata); return state; } #define GIVE_STATUS(p) ((p)->status.reason_phrase?&(p)->status:NULL) #define HAVE_CDATA(p) ((p)->cdata->used > 1) static int end_element(void *userdata, int state, const char *nspace, const char *name) { ne_207_parser *p = userdata; const char *cdata = ne_shave(p->cdata->data, "\r\n\t "); switch (state) { case ELM_responsedescription: if (HAVE_CDATA(p)) { if (p->description) ne_free(p->description); p->description = ne_strdup(cdata); } break; case ELM_href: /* Now we have the href, begin the response */ if (p->start_response && HAVE_CDATA(p)) { ne_uri ref, resolved; int ret; char *hh = NULL; if (p->flags & NE_207_MSSP_ESCAPING) { hh = ne_path_escapef(cdata, NE_PATH_NONURI); NE_DEBUG(NE_DBG_XML, "207: Enabled href escaping hacks [%s]->[%s]\n", cdata, hh); cdata = hh; } ret = ne_uri_parse(cdata, &ref); if (!ret) { ne_uri_resolve(&p->base, &ref, &resolved); p->response = p->start_response(p->userdata, &resolved); p->in_response = 1; ne_uri_free(&resolved); } else { NE_DEBUG(NE_DBG_XML, "207: Failed to parse href: [%s]\n", cdata); } ne_uri_free(&ref); if (hh) ne_free(hh); } break; case ELM_status: if (HAVE_CDATA(p)) { if (p->status.reason_phrase) ne_free(p->status.reason_phrase); if (ne_parse_statusline(cdata, &p->status)) { char buf[500]; NE_DEBUG(NE_DBG_HTTP, "Status line: %s\n", cdata); ne_snprintf(buf, 500, _("Invalid HTTP status line in status element " "at line %d of response:\nStatus line was: %s"), ne_xml_currentline(p->parser), cdata); ne_xml_set_error(p->parser, buf); return -1; } else { NE_DEBUG(NE_DBG_XML, "Decoded status line: %s\n", cdata); } } break; case ELM_propstat: if (p->end_propstat) p->end_propstat(p->userdata, p->propstat, GIVE_STATUS(p), p->description); p->propstat = NULL; if (p->description) ne_free(p->description); if (p->status.reason_phrase) ne_free(p->status.reason_phrase); p->description = p->status.reason_phrase = NULL; break; case ELM_response: if (!p->in_response) break; if (p->end_response) p->end_response(p->userdata, p->response, GIVE_STATUS(p), p->description); p->response = NULL; p->in_response = 0; if (p->description) ne_free(p->description); if (p->status.reason_phrase) ne_free(p->status.reason_phrase); p->description = p->status.reason_phrase = NULL; break; } return 0; } ne_207_parser *ne_207_create(ne_xml_parser *parser, const ne_uri *base, void *userdata) { ne_207_parser *p = ne_calloc(sizeof *p); p->parser = parser; p->userdata = userdata; p->cdata = ne_buffer_create(); ne_uri_copy(&p->base, base); /* Add handler for the standard 207 elements */ ne_xml_push_handler(parser, start_element, cdata_207, end_element, p); return p; } void ne_207_set_flags(ne_207_parser *p, unsigned int flags) { p->flags = flags; } void ne_207_destroy(ne_207_parser *p) { if (p->status.reason_phrase) ne_free(p->status.reason_phrase); ne_buffer_destroy(p->cdata); ne_uri_free(&p->base); ne_free(p); } int ne_accept_207(void *userdata, ne_request *req, const ne_status *status) { return (status->code == 207); } /* Handling of 207 errors: we keep a string buffer, and append * messages to it as they come down. * * Note, 424 means it would have worked but something else went wrong. * We will have had the error for "something else", so we display * that, and skip 424 errors. */ /* This is passed as userdata to the 207 code. */ struct context { char *href; ne_buffer *buf; unsigned int is_error; }; static void *start_response(void *userdata, const ne_uri *uri) { struct context *ctx = userdata; if (ctx->href) ne_free(ctx->href); ctx->href = ne_uri_unparse(uri); return NULL; } static void handle_error(struct context *ctx, const ne_status *status, const char *description) { if (status && status->klass != 2 && status->code != 424) { char buf[50]; ctx->is_error = 1; sprintf(buf, "%d", status->code); ne_buffer_concat(ctx->buf, ctx->href, ": ", buf, " ", status->reason_phrase, "\n", NULL); if (description != NULL) { /* TODO: these can be multi-line. Would be good to * word-wrap this at col 80. */ ne_buffer_concat(ctx->buf, " -> ", description, "\n", NULL); } } } static void end_response(void *userdata, void *response, const ne_status *status, const char *description) { struct context *ctx = userdata; handle_error(ctx, status, description); } static void end_propstat(void *userdata, void *propstat, const ne_status *status, const char *description) { struct context *ctx = userdata; handle_error(ctx, status, description); } /* Dispatch a DAV request and handle a 207 error response appropriately */ /* TODO: hook up Content-Type parsing; passing charset to XML parser */ int ne_simple_request(ne_session *sess, ne_request *req) { int ret; struct context ctx = {0}; ne_207_parser *p207; ne_xml_parser *p = ne_xml_create(); ne_uri base = {0}; /* Mock up a base URI; it should really be retrieved from the * request object. */ ne_fill_server_uri(sess, &base); base.path = ne_strdup("/"); p207 = ne_207_create(p, &base, &ctx); ne_uri_free(&base); /* The error string is progressively written into the * ne_buffer by the element callbacks */ ctx.buf = ne_buffer_create(); ne_207_set_response_handlers(p207, start_response, end_response); ne_207_set_propstat_handlers(p207, NULL, end_propstat); ne_add_response_body_reader(req, ne_accept_207, ne_xml_parse_v, p); ret = ne_request_dispatch(req); if (ret == NE_OK) { if (ne_get_status(req)->code == 207) { if (ne_xml_failed(p)) { /* The parse was invalid */ ne_set_error(sess, "%s", ne_xml_get_error(p)); ret = NE_ERROR; } else if (ctx.is_error) { /* If we've actually got any error information * from the 207, then set that as the error */ ne_set_error(sess, "%s", ctx.buf->data); ret = NE_ERROR; } } else if (ne_get_status(req)->klass != 2) { ret = NE_ERROR; } } ne_207_destroy(p207); ne_xml_destroy(p); ne_buffer_destroy(ctx.buf); if (ctx.href) ne_free(ctx.href); ne_request_destroy(req); return ret; } neon-0.32.2/src/ne_207.h000066400000000000000000000110201416727304000144650ustar00rootroot00000000000000/* WebDAV 207 multi-status response handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_207_H #define NE_207_H #include "ne_xml.h" #include "ne_request.h" /* for ne_request */ #include "ne_uri.h" /* for ne_uri */ NE_BEGIN_DECLS /* The defined state integer for the '{DAV:}prop' element. */ #define NE_207_STATE_PROP (50) /* This interface reserves the state integers 'x' where 0 < x < 100 */ #define NE_207_STATE_TOP (100) /* Handling of 207 multistatus XML documents. A "multistatus" * document is made up of a set of responses, each concerned with a * particular resource. Each response may have an associated result * status and failure description. A response is made up of a set of * propstats, each of which again may have an associated result status * and failure description. */ /* Start and end response callbacks trigger at the start and end of * each "response" within the multistatus body. 'uri' gives the URI * of the resource which is subject of this response. The return * value of a 'start_response' callback is passed as the 'response' * parameter to the corresponding 'end_response' parameter. */ typedef void *ne_207_start_response(void *userdata, const ne_uri *uri); typedef void ne_207_end_response(void *userdata, void *response, const ne_status *status, const char *description); /* Similarly, start and end callbacks for each propstat within the * response. The return value of the 'start_response' callback for * the response in which this propstat is contains is passed as the * 'response' parameter. The return value of each 'start_propstat' is * passed as the 'propstat' parameter' to the corresponding * 'end_propstat' callback. If the start_propstat callback returns * NULL, parsing is aborted (the XML parser error must be set by the * callback). */ typedef void *ne_207_start_propstat(void *userdata, void *response); typedef void ne_207_end_propstat(void *userdata, void *propstat, const ne_status *status, const char *description); typedef struct ne_207_parser_s ne_207_parser; /* Create 207 parser an add the handlers the the given parser's * handler stack. URI references in the 207 response will be resolved * relative to the base URI 'base'. */ ne_207_parser *ne_207_create(ne_xml_parser *parser, const ne_uri *base, void *userdata); /* Enable special href escaping hacks for Microsoft SharePoint. */ #define NE_207_MSSP_ESCAPING (0x0001) /* Set given flags for the parser. */ void ne_207_set_flags(ne_207_parser *p, unsigned int flags); /* Register response handling callbacks. */ void ne_207_set_response_handlers(ne_207_parser *p, ne_207_start_response *start, ne_207_end_response *end); /* Register propstat handling callbacks. */ void ne_207_set_propstat_handlers(ne_207_parser *p, ne_207_start_propstat *start, ne_207_end_propstat *end); /* Destroy the parser */ void ne_207_destroy(ne_207_parser *p); /* An acceptance function which only accepts 207 responses */ int ne_accept_207(void *userdata, ne_request *req, const ne_status *status); void *ne_207_get_current_propstat(ne_207_parser *p); void *ne_207_get_current_response(ne_207_parser *p); /* Dispatch request 'req', returning: * NE_ERROR: for a dispatch error, or a non-2xx response, or a * 207 response which contained a non-2xx propstat * NE_OK: for a 2xx response or a 207 response which contained * only 2xx-class propstats. * The request object is destroyed in both cases. */ int ne_simple_request(ne_session *sess, ne_request *req); NE_END_DECLS #endif /* NE_207_H */ neon-0.32.2/src/ne_acl.h000066400000000000000000000026571416727304000147340ustar00rootroot00000000000000/* Access control Copyright (C) 2001-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* * DEPRECATED ACL Interface. See ne_acl3744.h for replacement API. */ #ifndef NE_ACL_H #define NE_ACL_H #include "ne_session.h" NE_BEGIN_DECLS typedef struct { enum { ne_acl_href, ne_acl_property, ne_acl_all } apply; enum { ne_acl_grant, ne_acl_deny } type; char *principal; int read; int read_acl; int write; int write_acl; int read_cuprivset; } ne_acl_entry; /* Set the ACL for the given resource to the list of ACL entries. */ int ne_acl_set(ne_session *sess, const char *uri, const ne_acl_entry entries[], int numentries); NE_END_DECLS #endif /* NE_ACL_H */ neon-0.32.2/src/ne_acl3744.c000066400000000000000000000120531416727304000152400ustar00rootroot00000000000000/* Access control Copyright (C) 2001-2021, Joe Orton Copyright (C) 2001, Arun Garg Copyright (C) 2007 Henrik Holst This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* Contributed by Arun Garg */ #include "config.h" #include #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include "ne_request.h" #include "ne_locks.h" #include "ne_alloc.h" #include "ne_string.h" #include "ne_acl3744.h" #include "ne_uri.h" #include "ne_xml.h" /* for NE_XML_MEDIA_TYPE */ #define EOL "\r\n" static ne_buffer *acl_body(const ne_acl_entry *right, int count) { ne_buffer *body = ne_buffer_create(); int m; ne_buffer_zappend(body, "" EOL "" EOL); for (m = 0; m < count; m++) { const char *type; type = (right[m].type == ne_acl_grant ? "grant" : "deny"); ne_buffer_concat(body, "" EOL "", NULL); switch (right[m].target) { case ne_acl_all: ne_buffer_czappend(body, "" EOL); break; case ne_acl_authenticated: ne_buffer_czappend(body, "" EOL); break; case ne_acl_unauthenticated: ne_buffer_czappend(body, "" EOL); break; case ne_acl_self: ne_buffer_czappend(body, "" EOL); break; case ne_acl_property: ne_buffer_concat(body, "<", right[m].tname, "/>" EOL, NULL); break; case ne_acl_href: ne_buffer_concat(body, "", right[m].tname, "" EOL, NULL); break; } ne_buffer_concat(body, "" EOL "<", type, ">" EOL, NULL); if ((right[m].privileges & NE_ACL_READ) == NE_ACL_READ) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_WRITE) == NE_ACL_WRITE) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_WRITE_PROPERTIES) == NE_ACL_WRITE_PROPERTIES) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_WRITE_CONTENT) == NE_ACL_WRITE_CONTENT) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_UNLOCK) == NE_ACL_UNLOCK) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_READ_ACL) == NE_ACL_READ_ACL) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_READ_CUPRIVSET) == NE_ACL_READ_CUPRIVSET) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_WRITE_ACL) == NE_ACL_WRITE_ACL) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_BIND) == NE_ACL_BIND) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_UNBIND) == NE_ACL_UNBIND) ne_buffer_concat(body, "" "" "" EOL, NULL); if ((right[m].privileges & NE_ACL_ALL) == NE_ACL_ALL) ne_buffer_concat(body, "" "" "" EOL, NULL); ne_buffer_concat(body, "" EOL, NULL); ne_buffer_czappend(body, "" EOL); } ne_buffer_czappend(body, "" EOL); return body; } int ne_acl3744_set(ne_session *sess, const char *uri, const ne_acl_entry *entries, int numentries) { int ret; ne_request *req = ne_request_create(sess, "ACL", uri); ne_buffer *body = acl_body(entries, numentries); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, uri, 0); #endif ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); ret = ne_request_dispatch(req); ne_buffer_destroy(body); if (ret == NE_OK && ne_get_status(req)->code == 207) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } neon-0.32.2/src/ne_acl3744.h000066400000000000000000000052571416727304000152550ustar00rootroot00000000000000/* Access control Copyright (C) 2001-2021, Joe Orton Copyright (C) 2001, Arun Garg Copyright (C) 2007 Henrik Holst This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_ACL3744_H #define NE_ACL3744_H #include "ne_session.h" NE_BEGIN_DECLS #define NE_ACL_READ (0x0001) #define NE_ACL_WRITE (0x0002) #define NE_ACL_WRITE_PROPERTIES (0x0004) #define NE_ACL_WRITE_CONTENT (0x0008) #define NE_ACL_UNLOCK (0x0010) #define NE_ACL_READ_ACL (0x0020) #define NE_ACL_READ_CUPRIVSET (0x0040) #define NE_ACL_WRITE_ACL (0x0080) #define NE_ACL_BIND (0x0100) #define NE_ACL_UNBIND (0x0200) #define NE_ACL_ALL (0x0400) enum ne_acl_target { ne_acl_href, ne_acl_property, ne_acl_all, ne_acl_authenticated, ne_acl_unauthenticated, ne_acl_self }; enum ne_acl_optype { ne_acl_grant, ne_acl_deny }; /* A simplified representation of an Access Control Element (ACE): */ typedef struct { /* Identify the principal(s) to which this ACE applies: */ enum ne_acl_target target; /* Whether to grant or deny access: */ enum ne_acl_optype type; /* If target == ne_acl_href, tname must be non-NULL and give the * principal URL. If target == ne_acl_property, tname must be * non-NULL and be a property name, including an XML namespace * definition, if appropriate (the default namespace being * "DAV:"). This restricts access as described at: * http://tools.ietf.org/html/rfc3744#section-5.5.1 */ char *tname; /* The set of privileges to be restricted; a bit mask of one or * more of the NE_ACL_* constants defined above: */ unsigned int privileges; } ne_acl_entry; /* Set the ACL for the given resource to the list of ACL entries. */ int ne_acl3744_set(ne_session *sess, const char *path, const ne_acl_entry entries[], int numentries); NE_END_DECLS #endif /* NE_ACL3744_H */ neon-0.32.2/src/ne_alloc.c000066400000000000000000000110031416727304000152430ustar00rootroot00000000000000/* Replacement memory allocation handling etc. Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include #include "ne_alloc.h" static ne_oom_callback_fn oom; void ne_oom_callback(ne_oom_callback_fn callback) { oom = callback; } #ifndef NEON_MEMLEAK #define DO_MALLOC(ptr, len) do { \ ptr = malloc((len)); \ if (!ptr) { \ if (oom != NULL) \ oom(); \ abort(); \ } \ } while(0); void *ne_malloc(size_t len) { void *ptr; DO_MALLOC(ptr, len); return ptr; } void *ne_calloc(size_t len) { void *ptr; DO_MALLOC(ptr, len); return memset(ptr, 0, len); } void *ne_realloc(void *ptr, size_t len) { void *ret = realloc(ptr, len); if (!ret) { if (oom) oom(); abort(); } return ret; } #ifdef WIN32 /* Implemented only to ensure free is bound to the correct DLL. */ void ne_free(void *ptr) { free(ptr); } #endif char *ne_strdup(const char *s) { char *ret; DO_MALLOC(ret, strlen(s) + 1); return strcpy(ret, s); } char *ne_strndup(const char *s, size_t n) { char *new; DO_MALLOC(new, n+1); new[n] = '\0'; memcpy(new, s, n); return new; } #else /* NEON_MEMLEAK */ #include /* Memory-leak detection implementation: ne_malloc and friends are * #defined to ne_malloc_ml etc by memleak.h, which is conditionally * included by config.h. */ /* memory allocated be ne_*alloc, but not freed. */ size_t ne_alloc_used = 0; static struct block { void *ptr; size_t len; const char *file; int line; struct block *next; } *blocks = NULL; void ne_alloc_dump(FILE *f) { struct block *b; for (b = blocks; b != NULL; b = b->next) fprintf(f, "%" NE_FMT_SIZE_T "b@%s:%d%s", b->len, b->file, b->line, b->next?", ":""); } static void *tracking_malloc(size_t len, const char *file, int line) { void *ptr = malloc((len)); struct block *block; if (!ptr) { if (oom) oom(); abort(); } block = malloc(sizeof *block); if (block != NULL) { block->ptr = ptr; block->len = len; block->file = file; block->line = line; block->next = blocks; blocks = block; ne_alloc_used += len; } return ptr; } void *ne_malloc_ml(size_t size, const char *file, int line) { return tracking_malloc(size, file, line); } void *ne_calloc_ml(size_t size, const char *file, int line) { return memset(tracking_malloc(size, file, line), 0, size); } void *ne_realloc_ml(void *ptr, size_t s, const char *file, int line) { void *ret; struct block *b; if (ptr == NULL) return tracking_malloc(s, file, line); ret = realloc(ptr, s); if (!ret) { if (oom) oom(); abort(); } for (b = blocks; b != NULL; b = b->next) { if (b->ptr == ptr) { ne_alloc_used += s - b->len; b->ptr = ret; b->len = s; break; } } assert(b != NULL); return ret; } char *ne_strdup_ml(const char *s, const char *file, int line) { return strcpy(tracking_malloc(strlen(s) + 1, file, line), s); } char *ne_strndup_ml(const char *s, size_t n, const char *file, int line) { char *ret = tracking_malloc(n + 1, file, line); ret[n] = '\0'; return memcpy(ret, s, n); } void ne_free_ml(void *ptr) { struct block *b, *last = NULL; for (b = blocks; b != NULL; last = b, b = b->next) { if (b->ptr == ptr) { ne_alloc_used -= b->len; if (last) last->next = b->next; else blocks = b->next; free(b); break; } } free(ptr); } #endif /* NEON_MEMLEAK */ neon-0.32.2/src/ne_alloc.h000066400000000000000000000036511416727304000152620ustar00rootroot00000000000000/* Replacement memory allocation handling etc. Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_ALLOC_H #define NE_ALLOC_H #include #ifndef WIN32 #include #endif #include "ne_defs.h" NE_BEGIN_DECLS typedef void (*ne_oom_callback_fn)(void); /* Set callback which is called if malloc() returns NULL. */ void ne_oom_callback(ne_oom_callback_fn callback); #ifndef NEON_MEMLEAK /* Replacements for standard C library memory allocation functions, * which never return NULL. If the C library malloc() returns NULL, * neon will abort(); calling an OOM callback beforehand if one is * registered. The C library will only ever return NULL if the * operating system does not use optimistic memory allocation. */ void *ne_malloc(size_t size) ne_attribute_alloc_size(1) ne_attribute_malloc; void *ne_calloc(size_t size) ne_attribute_alloc_size(1) ne_attribute_malloc; void *ne_realloc(void *ptr, size_t s) ne_attribute_alloc_size(2); char *ne_strdup(const char *s) ne_attribute_malloc; char *ne_strndup(const char *s, size_t n) ne_attribute_malloc; #ifdef WIN32 void ne_free(void *ptr); #else #define ne_free free #endif #endif NE_END_DECLS #endif /* NE_ALLOC_H */ neon-0.32.2/src/ne_auth.c000066400000000000000000001631471416727304000151330ustar00rootroot00000000000000/* HTTP Authentication routines Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #ifdef HAVE_SYS_TIME_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_UNISTD_H #include /* for getpid() */ #endif #ifdef WIN32 #include /* for GetCurrentThreadId() etc */ #endif #ifdef HAVE_OPENSSL #include #elif defined(HAVE_GNUTLS) #include #if LIBGNUTLS_VERSION_NUMBER < 0x020b00 #include #else #include #endif #endif #include #include #include "ne_md5.h" #include "ne_dates.h" #include "ne_request.h" #include "ne_auth.h" #include "ne_string.h" #include "ne_utils.h" #include "ne_alloc.h" #include "ne_uri.h" #include "ne_internal.h" #ifdef HAVE_GSSAPI #ifdef HAVE_GSSAPI_GSSAPI_H #include #ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H #include #endif #else #include #endif #endif #ifdef HAVE_SSPI #include "ne_sspi.h" #endif #ifdef HAVE_NTLM #include "ne_ntlm.h" #endif #define HOOK_SERVER_ID "http://webdav.org/neon/hooks/server-auth" #define HOOK_PROXY_ID "http://webdav.org/neon/hooks/proxy-auth" typedef enum { auth_alg_md5 = 0, auth_alg_md5_sess, auth_alg_sha256, auth_alg_sha256_sess, auth_alg_sha512_256, auth_alg_sha512_256_sess, auth_alg_unknown } auth_algorithm; static const unsigned int alg_to_hash[] = { NE_HASH_MD5, NE_HASH_MD5, NE_HASH_SHA256, NE_HASH_SHA256, NE_HASH_SHA512_256, NE_HASH_SHA512_256, 0 }; static const char *const alg_to_name[] = { "MD5", "MD5-sess", "SHA-256", "SHA-256-sess", "SHA-512-256", "SHA-512-256-sess", "(unknown)", }; /* Selected method of qop which the client is using */ typedef enum { auth_qop_none, auth_qop_auth } auth_qop; /* A callback/userdata pair registered by the application for * a particular set of protocols. */ struct auth_handler { unsigned protomask; ne_auth_creds old_creds; ne_auth_provide new_creds; void *userdata; int attempt; /* number of invocations of this callback for * current request. */ struct auth_handler *next; }; /* A challenge */ struct auth_challenge { const struct auth_protocol *protocol; struct auth_handler *handler; const char *realm, *nonce, *opaque, *domain; unsigned int stale; /* if stale=true */ unsigned int got_qop; /* we were given a qop directive */ unsigned int qop_auth; /* "auth" token in qop attrib */ enum { userhash_none=0, userhash_true=1, userhash_false=2} userhash; auth_algorithm alg; struct auth_challenge *next; }; static const struct auth_class { const char *id, *req_hdr, *resp_hdr, *resp_info_hdr; int status_code; /* Response status-code to trap. */ int fail_code; /* NE_* request to fail with. */ unsigned protomask; /* protocol mask */ const char *error_noauth; /* Error message template use when * giving up authentication attempts. */ } ah_server_class = { HOOK_SERVER_ID, "Authorization", "WWW-Authenticate", "Authentication-Info", 401, NE_AUTH, 0, N_("Could not authenticate to server: %s") }, ah_proxy_class = { HOOK_PROXY_ID, "Proxy-Authorization", "Proxy-Authenticate", "Proxy-Authentication-Info", 407, NE_PROXYAUTH, NE_AUTH_PROXY, N_("Could not authenticate to proxy server: %s") }; /* Internal buffer size, which must be >= NE_ABUFSIZ. */ #define ABUFSIZE (NE_ABUFSIZ * 2) #define zero_and_free(s) do { ne__strzero(s, strlen(s)); ne_free(s); } while (0) /* Authentication session state. */ typedef struct { ne_session *sess; /* Which context will auth challenges be accepted? */ enum { AUTH_ANY, /* ignore nothing. */ AUTH_CONNECT, /* only in response to a CONNECT request. */ AUTH_NOTCONNECT /* only in non-CONNECT responsees */ } context; /* Protocol type for server/proxy auth. */ const struct auth_class *spec; /* The protocol used for this authentication session */ const struct auth_protocol *protocol; struct auth_handler *handlers; /*** Session details ***/ /* The username and password we are using to authenticate with */ char username[ABUFSIZE]; /* This used for Basic auth */ char *basic; #ifdef HAVE_GSSAPI /* for the GSSAPI/Negotiate scheme: */ char *gssapi_token; gss_ctx_id_t gssctx; gss_name_t gssname; gss_OID gssmech; #endif #ifdef HAVE_SSPI /* This is used for SSPI (Negotiate/NTLM) auth */ char *sspi_token; void *sspi_context; char *sspi_host; #endif #ifdef HAVE_NTLM /* This is used for NTLM auth */ ne_ntlm_context *ntlm_context; #endif /* These all used for Digest auth */ char *realm; char *nonce; char *cnonce; char *opaque; char **domains; /* list of paths given as domain. */ size_t ndomains; /* size of domains array */ char *userhash; char *username_star; auth_qop qop; auth_algorithm alg; unsigned int nonce_count; /* The hex representation of the H(A1) value */ char *h_a1; /* Part of the RHS of the response digest. */ char *response_rhs; } auth_session; struct auth_request { /*** Per-request details. ***/ ne_request *request; /* the request object. */ /* The method and URI we are using for the current request */ const char *uri; const char *method; int attempt; /* number of times this request has been retries due * to auth challenges. */ }; /* Used if this protocol takes an unquoted non-name/value-pair * parameter in the challenge. */ #define AUTH_FLAG_OPAQUE_PARAM (0x0001) /* Used if this Authentication-Info may be sent for non-40[17] * response for this protocol. */ #define AUTH_FLAG_VERIFY_NON40x (0x0002) /* Used for broken the connection-based auth schemes. */ #define AUTH_FLAG_CONN_AUTH (0x0004) struct auth_protocol { unsigned id; /* public NE_AUTH_* id. */ int strength; /* protocol strength for sort order. */ const char *name; /* protocol name. */ /* Parse the authentication challenge; returns zero on success, or * non-zero if this challenge be handled. 'attempt' is the number * of times the request has been resent due to auth challenges. * On failure, challenge_error() should be used to append an error * message to the error buffer 'errmsg'. */ int (*challenge)(auth_session *sess, int attempt, struct auth_challenge *chall, const char *uri, ne_buffer **errmsg); /* Return the string to send in the -Authenticate request header: * (ne_malloc-allocated, NUL-terminated string) */ char *(*response)(auth_session *sess, struct auth_request *req); /* Parse a Authentication-Info response; returns NE_* error code * on failure; on failure, the session error string must be * set. */ int (*verify)(struct auth_request *req, auth_session *sess, const char *value); int flags; /* AUTH_FLAG_* flags */ }; /* Helper function to append an error to the buffer during challenge * handling. Pass printf-style string. *errmsg may be NULL and is * allocated if necessary. errmsg must be non-NULL. */ static void challenge_error(ne_buffer **errmsg, const char *fmt, ...) ne_attribute((format(printf, 2, 3))); static int inside_domain(auth_session *sess, const char *req_uri); /* Free the domains array, precondition sess->ndomains > 0. */ static void free_domains(auth_session *sess) { do { ne_free(sess->domains[sess->ndomains - 1]); } while (--sess->ndomains); ne_free(sess->domains); sess->domains = NULL; } static void clean_session(auth_session *sess) { if (sess->basic) zero_and_free(sess->basic); if (sess->nonce) ne_free(sess->nonce); if (sess->cnonce) ne_free(sess->cnonce); if (sess->opaque) ne_free(sess->opaque); if (sess->realm) ne_free(sess->realm); if (sess->userhash) ne_free(sess->userhash); if (sess->username_star) ne_free(sess->username_star); if (sess->response_rhs) ne_free(sess->response_rhs); if (sess->h_a1) zero_and_free(sess->h_a1); sess->realm = sess->basic = sess->cnonce = sess->nonce = sess->opaque = sess->userhash = sess->response_rhs = sess->h_a1 = sess->username_star = NULL; if (sess->ndomains) free_domains(sess); #ifdef HAVE_GSSAPI { unsigned int major; if (sess->gssctx != GSS_C_NO_CONTEXT) gss_delete_sec_context(&major, &sess->gssctx, GSS_C_NO_BUFFER); } if (sess->gssapi_token) ne_free(sess->gssapi_token); sess->gssapi_token = NULL; #endif #ifdef HAVE_SSPI if (sess->sspi_token) ne_free(sess->sspi_token); sess->sspi_token = NULL; ne_sspi_destroy_context(sess->sspi_context); sess->sspi_context = NULL; #endif #ifdef HAVE_NTLM if (sess->ntlm_context) { ne__ntlm_destroy_context(sess->ntlm_context); sess->ntlm_context = NULL; } #endif sess->protocol = NULL; } /* Returns client nonce string. */ static char *get_cnonce(void) { unsigned char data[32]; #ifdef HAVE_GNUTLS if (1) { #if LIBGNUTLS_VERSION_NUMBER < 0x020b00 gcry_create_nonce(data, sizeof data); #else gnutls_rnd(GNUTLS_RND_NONCE, data, sizeof data); #endif return ne_base64(data, sizeof data); } else #elif defined(HAVE_OPENSSL) if (RAND_status() == 1 && RAND_bytes(data, sizeof data) >= 0) { return ne_base64(data, sizeof data); } else #endif /* HAVE_OPENSSL */ { /* Fallback sources of random data: all bad, but no good sources * are available. */ struct ne_md5_ctx *hash; char ret[33]; hash = ne_md5_create_ctx(); /* Uninitialized stack data; yes, happy valgrinders, this is * supposed to be here. */ ne_md5_process_bytes(data, sizeof data, hash); { #ifdef HAVE_GETTIMEOFDAY struct timeval tv; if (gettimeofday(&tv, NULL) == 0) ne_md5_process_bytes(&tv, sizeof tv, hash); #else /* HAVE_GETTIMEOFDAY */ time_t t = time(NULL); ne_md5_process_bytes(&t, sizeof t, hash); #endif } { #ifdef WIN32 DWORD pid = GetCurrentThreadId(); #else pid_t pid = getpid(); #endif ne_md5_process_bytes(&pid, sizeof pid, hash); } ne_md5_finish_ascii(hash, ret); ne_md5_destroy_ctx(hash); return ne_strdup(ret); } } /* Callback to retrieve user credentials for given session on given * attempt (pre request) for given challenge. Password is written to * pwbuf (of size ABUFSIZE). On error, challenge_error() is used * with errmsg. */ static int get_credentials(auth_session *sess, ne_buffer **errmsg, int attempt, struct auth_challenge *chall, char *pwbuf) { unsigned mask = chall->protocol->id | sess->spec->protomask; int rv; if (chall->handler->new_creds) rv = chall->handler->new_creds(chall->handler->userdata, attempt, mask, sess->realm, sess->username, pwbuf, ABUFSIZE); else rv = chall->handler->old_creds(chall->handler->userdata, sess->realm, chall->handler->attempt++, sess->username, pwbuf); if (rv == 0) return 0; challenge_error(errmsg, _("rejected %s challenge"), chall->protocol->name); return -1; } /* Return the scope of the Basic authentication domain following rule * in RFC 7617. Malloc-allocated path is returned. */ static char *get_scope_path(const char *uri) { ne_uri base, udot, parent; char *s; memset(&udot, 0, sizeof udot); udot.path = "."; if (ne_uri_parse(uri, &base) != 0) { /* Assume scope is whole origin. */ return ne_strdup("/"); } ne_uri_resolve(&base, &udot, &parent); s = parent.path; parent.path = NULL; ne_uri_free(&parent); ne_uri_free(&base); return s; } /* Examine a Basic auth challenge. * Returns 0 if an valid challenge, else non-zero. */ static int basic_challenge(auth_session *sess, int attempt, struct auth_challenge *parms, const char *uri, ne_buffer **errmsg) { char *tmp, password[ABUFSIZE]; /* Verify challenge... must have a realm */ if (parms->realm == NULL) { challenge_error(errmsg, _("missing realm in Basic challenge")); return -1; } clean_session(sess); sess->realm = ne_strdup(parms->realm); if (get_credentials(sess, errmsg, attempt, parms, password)) { /* Failed to get credentials */ return -1; } if (strchr(sess->username, ':') != NULL) { challenge_error(errmsg, _("cannot handle Basic challenge " "for username containing colon")); return -1; } tmp = ne_concat(sess->username, ":", password, NULL); sess->basic = ne_base64((unsigned char *)tmp, strlen(tmp)); ne_free(tmp); ne__strzero(password, sizeof password); if (sess->ndomains) free_domains(sess); /* is this really needed? */ if (strcmp(uri, "*") == 0) { /* If the request-target is "*" the auth scope is explicitly * the whole server. */ return 0; } sess->domains = ne_realloc(sess->domains, sizeof(*sess->domains)); sess->domains[0] = get_scope_path(uri); sess->ndomains = 1; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Basic auth scope is: %s\n", sess->domains[0]); return 0; } /* Add Basic authentication credentials to a request */ static char *request_basic(auth_session *sess, struct auth_request *req) { if (sess->ndomains && !inside_domain(sess, req->uri)) { return NULL; } return ne_concat("Basic ", sess->basic, "\r\n", NULL); } #ifdef HAVE_GSSAPI /* Add GSSAPI authentication credentials to a request */ static char *request_negotiate(auth_session *sess, struct auth_request *req) { if (sess->gssapi_token) return ne_concat("Negotiate ", sess->gssapi_token, "\r\n", NULL); else return NULL; } /* Create an GSSAPI name for server HOSTNAME; returns non-zero on * error. */ static void get_gss_name(gss_name_t *server, const char *hostname) { unsigned int major, minor; gss_buffer_desc token; token.value = ne_concat("HTTP@", hostname, NULL); token.length = strlen(token.value); major = gss_import_name(&minor, &token, GSS_C_NT_HOSTBASED_SERVICE, server); ne_free(token.value); if (GSS_ERROR(major)) { NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: gss_import_name failed.\n"); *server = GSS_C_NO_NAME; } } /* Append GSSAPI error(s) for STATUS of type TYPE to BUF; prepending * ": " to each error if *FLAG is non-zero, setting *FLAG after an * error has been appended. */ static void make_gss_error(ne_buffer *buf, int *flag, unsigned int status, int type) { unsigned int major, minor; unsigned int context = 0; do { gss_buffer_desc msg; major = gss_display_status(&minor, status, type, GSS_C_NO_OID, &context, &msg); if (major == GSS_S_COMPLETE && msg.length) { if ((*flag)++) ne_buffer_append(buf, ": ", 2); ne_buffer_append(buf, msg.value, msg.length); } if (msg.length) gss_release_buffer(&minor, &msg); } while (context); } /* Continue a GSS-API Negotiate exchange, using input TOKEN if * non-NULL. Returns non-zero on error, in which case *errmsg is * guaranteed to be non-NULL (i.e. an error message is set). */ static int continue_negotiate(auth_session *sess, const char *token, ne_buffer **errmsg) { unsigned int major, minor; gss_buffer_desc input = GSS_C_EMPTY_BUFFER; gss_buffer_desc output = GSS_C_EMPTY_BUFFER; unsigned char *bintoken = NULL; int ret; if (token) { input.length = ne_unbase64(token, &bintoken); if (input.length == 0) { challenge_error(errmsg, _("invalid Negotiate token")); return -1; } input.value = bintoken; NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Continuation token [%s]\n", token); } else if (sess->gssctx != GSS_C_NO_CONTEXT) { NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Reset incomplete context.\n"); gss_delete_sec_context(&minor, &sess->gssctx, GSS_C_NO_BUFFER); } major = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &sess->gssctx, sess->gssname, sess->gssmech, GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, &input, &sess->gssmech, &output, NULL, NULL); /* done with the input token. */ if (bintoken) ne_free(bintoken); if (GSS_ERROR(major)) { int flag = 0; challenge_error(errmsg, _("GSSAPI authentication error: ")); make_gss_error(*errmsg, &flag, major, GSS_C_GSS_CODE); make_gss_error(*errmsg, &flag, minor, GSS_C_MECH_CODE); return -1; } if (major == GSS_S_CONTINUE_NEEDED || major == GSS_S_COMPLETE) { NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: init_sec_context OK. (major=%d)\n", major); ret = 0; } else { challenge_error(errmsg, _("GSSAPI failure (code %u)"), major); ret = -1; } if (major != GSS_S_CONTINUE_NEEDED) { /* context no longer needed: destroy it */ gss_delete_sec_context(&minor, &sess->gssctx, GSS_C_NO_BUFFER); } if (output.length) { sess->gssapi_token = ne_base64(output.value, output.length); NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Output token: [%s]\n", sess->gssapi_token); gss_release_buffer(&minor, &output); } else { NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: No output token.\n"); } return ret; } /* Process a Negotiate challenge CHALL in session SESS; returns zero * if challenge is accepted. */ static int negotiate_challenge(auth_session *sess, int attempt, struct auth_challenge *chall, const char *uri, ne_buffer **errmsg) { const char *token = chall->opaque; /* Respect an initial challenge - which must have no input token, * or a continuation - which must have an input token. */ if (attempt == 0 || token) { return continue_negotiate(sess, token, errmsg); } else { challenge_error(errmsg, _("ignoring empty Negotiate continuation")); return -1; } } /* Verify the header HDR in a Negotiate response. */ static int verify_negotiate_response(struct auth_request *req, auth_session *sess, const char *hdr) { char *duphdr = ne_strdup(hdr); char *sep, *ptr = strchr(duphdr, ' '); int ret; ne_buffer *errmsg = NULL; if (!ptr || strncmp(hdr, "Negotiate", ptr - duphdr) != 0) { ne_set_error(sess->sess, _("Negotiate response verification failed: " "invalid response header token")); ne_free(duphdr); return NE_ERROR; } ptr++; if (strlen(ptr) == 0) { NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: No token in Negotiate response!\n"); ne_free(duphdr); return NE_OK; } if ((sep = strchr(ptr, ',')) != NULL) *sep = '\0'; if ((sep = strchr(ptr, ' ')) != NULL) *sep = '\0'; NE_DEBUG(NE_DBG_HTTPAUTH, "gssapi: Negotiate response token [%s]\n", ptr); ret = continue_negotiate(sess, ptr, &errmsg); if (ret) { ne_set_error(sess->sess, _("Negotiate response verification failure: %s"), errmsg->data); } if (errmsg) ne_buffer_destroy(errmsg); ne_free(duphdr); return ret ? NE_ERROR : NE_OK; } #endif #ifdef HAVE_SSPI static char *request_sspi(auth_session *sess, struct auth_request *request) { if (sess->sspi_token) return ne_concat(sess->protocol->name, " ", sess->sspi_token, "\r\n", NULL); else return NULL; } static int continue_sspi(auth_session *sess, int ntlm, const char *hdr) { int status; char *response = NULL; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge.\n"); if (!sess->sspi_context) { status = ne_sspi_create_context(&sess->sspi_context, sess->sspi_host, ntlm); if (status) { return status; } } status = ne_sspi_authenticate(sess->sspi_context, hdr, &response); if (status) { return status; } if (response && *response) { sess->sspi_token = response; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: SSPI challenge [%s]\n", sess->sspi_token); } return 0; } static int sspi_challenge(auth_session *sess, int attempt, struct auth_challenge *parms, const char *uri, ne_buffer **errmsg) { int ntlm = ne_strcasecmp(parms->protocol->name, "NTLM") == 0; return continue_sspi(sess, ntlm, parms->opaque); } static int verify_sspi(struct auth_request *req, auth_session *sess, const char *hdr) { int ntlm = ne_strncasecmp(hdr, "NTLM ", 5) == 0; char *ptr = strchr(hdr, ' '); if (!ptr) { ne_set_error(sess->sess, _("SSPI response verification failed: " "invalid response header token")); return NE_ERROR; } while(*ptr == ' ') ptr++; if (*ptr == '\0') { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: No token in SSPI response!\n"); return NE_OK; } return continue_sspi(sess, ntlm, ptr); } #endif /* Parse the "domain" challenge parameter and set the domains array up * in the session appropriately. */ static int parse_domain(auth_session *sess, const char *domain) { char *cp = ne_strdup(domain), *p = cp; ne_uri base; int invalid = 0; memset(&base, 0, sizeof base); ne_fill_server_uri(sess->sess, &base); do { char *token = ne_token(&p, ' '); ne_uri rel, absolute; if (ne_uri_parse(token, &rel) == 0) { /* Resolve relative to the Request-URI. */ base.path = "/"; ne_uri_resolve(&base, &rel, &absolute); /* Compare against the resolved path to check this URI has * the same (scheme, host, port) components; ignore it * otherwise: */ base.path = absolute.path; if (absolute.path && ne_uri_cmp(&absolute, &base) == 0) { sess->domains = ne_realloc(sess->domains, ++sess->ndomains * sizeof(*sess->domains)); sess->domains[sess->ndomains - 1] = absolute.path; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Using domain %s from %s\n", absolute.path, token); absolute.path = NULL; } else { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Ignoring domain %s\n", token); } ne_uri_free(&absolute); } else { invalid = 1; } ne_uri_free(&rel); } while (p && !invalid); if (invalid && sess->ndomains) { free_domains(sess); } ne_free(cp); base.path = NULL; ne_uri_free(&base); return invalid; } #ifdef HAVE_NTLM static char *request_ntlm(auth_session *sess, struct auth_request *request) { char *token = ne__ntlm_getRequestToken(sess->ntlm_context); if (token) { char *req = ne_concat(sess->protocol->name, " ", token, "\r\n", NULL); ne_free(token); return req; } else { return NULL; } } static int ntlm_challenge(auth_session *sess, int attempt, struct auth_challenge *parms, const char *uri, ne_buffer **errmsg) { int status; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: NTLM challenge.\n"); if (!parms->opaque && (!sess->ntlm_context || (attempt > 1))) { char password[ABUFSIZE]; if (get_credentials(sess, errmsg, attempt, parms, password)) { /* Failed to get credentials */ return -1; } if (sess->ntlm_context) { ne__ntlm_destroy_context(sess->ntlm_context); sess->ntlm_context = NULL; } sess->ntlm_context = ne__ntlm_create_context(sess->username, password); ne__strzero(password, sizeof password); } status = ne__ntlm_authenticate(sess->ntlm_context, parms->opaque); if (status) { return status; } return 0; } #endif /* HAVE_NTLM */ /* Returns the H(username:realm:password) used in the Digest H(A1) * calculation. */ static char *get_digest_h_urp(auth_session *sess, ne_buffer **errmsg, unsigned int hash, int attempt, struct auth_challenge *parms) { char password[ABUFSIZE], *h_urp; if (get_credentials(sess, errmsg, attempt, parms, password)) { /* Failed to get credentials */ return NULL; } /* Calculate userhash for this (realm, username) if required. * https://tools.ietf.org/html/rfc7616#section-3.4.4 */ if (parms->userhash == userhash_true) { sess->userhash = ne_strhash(hash, sess->username, ":", sess->realm, NULL); } else { /* Without userhash, for usernames which need some kind of * escaping, either: a) username* must be supported, which * is known if the server sent userhash=false, *and* the * caller has indicated the username really is UTF-8; or * else b) the challenge is an error since the username * cannot be sent safely. */ char *esc = ne_strparam("UTF-8", NULL, (unsigned char *)sess->username); if (esc) { if (parms->userhash == userhash_none || parms->handler->new_creds == NULL) { ne_free(esc); challenge_error(errmsg, _("could not handle non-ASCII " "username in Digest challenge")); ne__strzero(password, sizeof password); return NULL; } sess->username_star = esc; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Using username* => %s\n", esc); } } /* H(A1) calculation identical for 2069 or 2617/7616: * https://tools.ietf.org/html/rfc7616#section-3.4.2 */ h_urp = ne_strhash(hash, sess->username, ":", sess->realm, ":", password, NULL); ne__strzero(password, sizeof password); return h_urp; } /* Examine a digest challenge: return 0 if it is a valid Digest challenge, * else non-zero. */ static int digest_challenge(auth_session *sess, int attempt, struct auth_challenge *parms, const char *uri, ne_buffer **errmsg) { unsigned int hash; char *p, *h_urp = NULL; if (parms->alg == auth_alg_unknown) { challenge_error(errmsg, _("unknown algorithm in Digest challenge")); return -1; } else if (parms->alg == auth_alg_md5_sess && !parms->qop_auth) { challenge_error(errmsg, _("incompatible algorithm in Digest challenge")); return -1; } else if (parms->realm == NULL || parms->nonce == NULL) { challenge_error(errmsg, _("missing parameter in Digest challenge")); return -1; } else if (parms->stale && sess->realm == NULL) { challenge_error(errmsg, _("initial Digest challenge was stale")); return -1; } else if (parms->stale && (sess->alg != parms->alg || strcmp(sess->realm, parms->realm))) { /* With stale=true the realm and algorithm cannot change since these * require re-hashing H(A1) which defeats the point. */ challenge_error(errmsg, _("stale Digest challenge with new algorithm or realm")); return -1; } else if (!parms->got_qop && (parms->handler->protomask & NE_AUTH_LEGACY_DIGEST) == 0) { challenge_error(errmsg, _("legacy Digest challenge not supported")); return -1; } hash = alg_to_hash[parms->alg]; p = ne_strhash(hash, "", NULL); if (p == NULL) { challenge_error(errmsg, _("%s algorithm in Digest challenge not supported"), alg_to_name[parms->alg]); return -1; } ne_free(p); if (!parms->stale) { /* Non-stale challenge: clear session and request credentials. */ clean_session(sess); /* The domain parameter must be parsed after the session is * cleaned; ignore domain for proxy auth. */ if (parms->domain && sess->spec == &ah_server_class && parse_domain(sess, parms->domain)) { challenge_error(errmsg, _("could not parse domain in Digest challenge")); return -1; } sess->realm = ne_strdup(parms->realm); sess->alg = parms->alg; sess->cnonce = get_cnonce(); h_urp = get_digest_h_urp(sess, errmsg, hash, attempt, parms); if (h_urp == NULL) { return -1; } } else { /* Stale challenge: accept a new nonce or opaque. */ if (sess->nonce) ne_free(sess->nonce); if (sess->opaque && parms->opaque) ne_free(sess->opaque); } sess->nonce = ne_strdup(parms->nonce); if (parms->opaque) { sess->opaque = ne_strdup(parms->opaque); } if (parms->got_qop) { /* What type of qop are we to apply to the message? */ NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Got qop, using 2617-style.\n"); sess->nonce_count = 0; sess->qop = auth_qop_auth; } else { /* No qop at all/ */ sess->qop = auth_qop_none; } if (h_urp) { if (sess->alg == auth_alg_md5_sess || sess->alg == auth_alg_sha256_sess || sess->alg == auth_alg_sha512_256_sess) { sess->h_a1 = ne_strhash(hash, h_urp, ":", sess->nonce, ":", sess->cnonce, NULL); zero_and_free(h_urp); NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Session H(A1) is [%s]\n", sess->h_a1); } else { sess->h_a1 = h_urp; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: H(A1) is [%s]\n", sess->h_a1); } } NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Accepting digest challenge.\n"); return 0; } /* Returns non-zero if given Request-URI is inside the authentication * domain defined for the session. */ static int inside_domain(auth_session *sess, const char *req_uri) { int inside = 0; size_t n; ne_uri uri; /* Parse the Request-URI; it will be an absoluteURI if using a * proxy, and possibly '*'. */ if (strcmp(req_uri, "*") == 0 || ne_uri_parse(req_uri, &uri) != 0) { /* Presume outside the authentication domain. */ return 0; } for (n = 0; n < sess->ndomains && !inside; n++) { const char *d = sess->domains[n]; inside = strncmp(uri.path, d, strlen(d)) == 0; } NE_DEBUG(NE_DBG_HTTPAUTH, "auth: '%s' is inside auth domain: %d.\n", uri.path, inside); ne_uri_free(&uri); return inside; } /* Return Digest authentication credentials header value for the given * session. */ static char *request_digest(auth_session *sess, struct auth_request *req) { char *h_a2, *response; char nc_value[9] = {0}; const char *qop_value = "auth"; /* qop-value */ ne_buffer *ret; unsigned int hash = alg_to_hash[sess->alg]; /* Do not submit credentials if an auth domain is defined and this * request-uri fails outside it. */ if (sess->ndomains && !inside_domain(sess, req->uri)) { return NULL; } /* H(A2): https://tools.ietf.org/html/rfc7616#section-3.4.3 */ h_a2 = ne_strhash(hash, req->method, ":", req->uri, NULL); NE_DEBUG(NE_DBG_HTTPAUTH, "auth: H(A2): %s\n", h_a2); /* Calculate the 'response' to the Digest challenge to send the * server in the request. */ if (sess->qop == auth_qop_none) { /* RFC 2069 case, * https://tools.ietf.org/html/rfc2069#section-2.1.2 */ response = ne_strhash(hash, sess->h_a1, ":", sess->nonce, ":", h_a2, NULL); } else { /* For RFC 2617/7616-style; part of this calculation will be * needed again when verifying the (Proxy-)Authentication-Info * response header; that part is cached in sess->response_rhs. * https://tools.ietf.org/html/rfc7616#section-3.4.1 */ sess->nonce_count++; ne_snprintf(nc_value, 9, "%08x", sess->nonce_count); if (sess->response_rhs) ne_free(sess->response_rhs); sess->response_rhs = ne_concat(sess->nonce, ":", nc_value, ":", sess->cnonce, ":", qop_value, NULL); response = ne_strhash(hash, sess->h_a1, ":", sess->response_rhs, ":", h_a2, NULL); } ret = ne_buffer_create(); ne_buffer_concat(ret, "Digest realm=\"", sess->realm, "\", " "nonce=\"", sess->nonce, "\", " "uri=\"", req->uri, "\", " "response=\"", response, "\", " "algorithm=\"", alg_to_name[sess->alg], "\"", NULL); if (sess->username_star) { ne_buffer_concat(ret, ", username*=", sess->username_star, NULL); } else { ne_buffer_concat(ret, ", username=\"", sess->userhash ? sess->userhash : sess->username, "\"", NULL); } ne_free(response); ne_free(h_a2); if (sess->opaque != NULL) { ne_buffer_concat(ret, ", opaque=\"", sess->opaque, "\"", NULL); } if (sess->qop != auth_qop_none) { /* Add in cnonce and nc-value fields */ ne_buffer_concat(ret, ", cnonce=\"", sess->cnonce, "\", " "nc=", nc_value, ", " "qop=\"", qop_value, "\"", NULL); } if (sess->userhash) { ne_buffer_czappend(ret, ", userhash=true"); } ne_buffer_zappend(ret, "\r\n"); return ne_buffer_finish(ret); } /* Parse line of comma-separated key-value pairs. If 'ischall' == 1, * then also return a leading space-separated token, as *value == * NULL. Otherwise, if return value is 0, *key and *value will be * non-NULL. If return value is non-zero, parsing has ended. If * 'sep' is non-NULL and ischall is 1, the separator character is * written to *sep when a challenge is parsed. */ static int tokenize(char **hdr, char **key, char **value, char *sep, int ischall) { char *pnt = *hdr; enum { BEFORE_EQ, AFTER_EQ, AFTER_EQ_QUOTED } state = BEFORE_EQ; if (**hdr == '\0') return 1; *key = NULL; do { switch (state) { case BEFORE_EQ: if (*pnt == '=') { if (*key == NULL) return -1; *pnt = '\0'; *value = pnt + 1; state = AFTER_EQ; } else if ((*pnt == ' ' || *pnt == ',') && ischall && *key != NULL) { *value = NULL; if (sep) *sep = *pnt; *pnt = '\0'; *hdr = pnt + 1; return 0; } else if (*key == NULL && strchr(" \r\n\t", *pnt) == NULL) { *key = pnt; } break; case AFTER_EQ: if (*pnt == ',') { *pnt = '\0'; *hdr = pnt + 1; return 0; } else if (*pnt == '\"') { state = AFTER_EQ_QUOTED; } break; case AFTER_EQ_QUOTED: if (*pnt == '\"') { state = AFTER_EQ; *pnt = '\0'; } break; } } while (*++pnt != '\0'); if (state == BEFORE_EQ && ischall && *key != NULL) { *value = NULL; if (sep) *sep = '\0'; } *hdr = pnt; /* End of string: */ return 0; } /* Pass this the value of the 'Authentication-Info:' header field, if * one is received. * Returns: * 0 if it gives a valid authentication for the server * non-zero otherwise (don't believe the response in this case!). */ static int verify_digest_response(struct auth_request *req, auth_session *sess, const char *value) { char *hdr, *pnt, *key, *val; auth_qop qop = auth_qop_none; char *nextnonce, *rspauth, *cnonce, *nc, *qop_value; unsigned int nonce_count; int ret = NE_OK; nextnonce = rspauth = cnonce = nc = qop_value = NULL; pnt = hdr = ne_strdup(value); NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Got Auth-Info header: %s\n", value); while (tokenize(&pnt, &key, &val, NULL, 0) == 0) { val = ne_shave(val, "\""); if (ne_strcasecmp(key, "qop") == 0) { qop_value = val; if (ne_strcasecmp(val, "auth") == 0) { qop = auth_qop_auth; } else { qop = auth_qop_none; } } else if (ne_strcasecmp(key, "nextnonce") == 0) { nextnonce = val; } else if (ne_strcasecmp(key, "rspauth") == 0) { rspauth = val; } else if (ne_strcasecmp(key, "cnonce") == 0) { cnonce = val; } else if (ne_strcasecmp(key, "nc") == 0) { nc = val; } } if (qop == auth_qop_none) { /* The 2069-style A-I header only has the entity and nextnonce * parameters. */ NE_DEBUG(NE_DBG_HTTPAUTH, "auth: 2069-style A-I header.\n"); } else if (!rspauth || !cnonce || !nc) { ret = NE_ERROR; ne_set_error(sess->sess, _("Digest mutual authentication failure: " "missing parameters")); } else if (strcmp(cnonce, sess->cnonce) != 0) { ret = NE_ERROR; ne_set_error(sess->sess, _("Digest mutual authentication failure: " "client nonce mismatch")); } else if (nc) { char *ptr; errno = 0; nonce_count = strtoul(nc, &ptr, 16); if (*ptr != '\0' || errno) { ret = NE_ERROR; ne_set_error(sess->sess, _("Digest mutual authentication failure: " "could not parse nonce count")); } else if (nonce_count != sess->nonce_count) { ret = NE_ERROR; ne_set_error(sess->sess, _("Digest mutual authentication failure: " "nonce count mismatch (%u not %u)"), nonce_count, sess->nonce_count); } } /* Finally, for qop=auth cases, if everything else is OK, verify * the response-digest field. */ if (qop == auth_qop_auth && ret == NE_OK) { char *h_a2, *response; unsigned int hash = alg_to_hash[sess->alg]; h_a2 = ne_strhash(hash, ":", req->uri, NULL); response = ne_strhash(hash, sess->h_a1, ":", sess->response_rhs, ":", h_a2, NULL); ne_free(h_a2); ne_free(sess->response_rhs); sess->response_rhs = NULL; /* And... do they match? */ ret = ne_strcasecmp(response, rspauth) == 0 ? NE_OK : NE_ERROR; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: response-digest match: %s " "(expected [%s] vs actual [%s])\n", ret == NE_OK ? "yes" : "no", response, rspauth); if (ret) { ne_set_error(sess->sess, _("Digest mutual authentication failure: " "request-digest mismatch")); } ne_free(response); } /* Check for a nextnonce */ if (nextnonce != NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Found nextnonce of [%s].\n", nextnonce); ne_free(sess->nonce); sess->nonce = ne_strdup(nextnonce); sess->nonce_count = 0; } ne_free(hdr); return ret; } static const struct auth_protocol protocols[] = { { NE_AUTH_BASIC, 10, "Basic", basic_challenge, request_basic, NULL, 0 }, { NE_AUTH_DIGEST, 20, "Digest", digest_challenge, request_digest, verify_digest_response, 0 }, #ifdef HAVE_GSSAPI { NE_AUTH_GSSAPI_ONLY, 30, "Negotiate", negotiate_challenge, request_negotiate, verify_negotiate_response, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif #ifdef HAVE_SSPI { NE_AUTH_NTLM, 30, "NTLM", sspi_challenge, request_sspi, NULL, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, { NE_AUTH_SSPI, 30, "Negotiate", sspi_challenge, request_sspi, verify_sspi, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif #ifdef HAVE_NTLM { NE_AUTH_NTLM, 30, "NTLM", ntlm_challenge, request_ntlm, NULL, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif { 0 } }; /* Insert a new auth challenge 'chall' into list of challenges 'list'. * The challenge list is kept in sorted order of strength, with * highest strength first. */ static void insert_challenge(struct auth_challenge **list, struct auth_challenge *chall) { struct auth_challenge *cur, *prev; for (cur = *list, prev = NULL; cur != NULL; prev = cur, cur = cur->next) { if (chall->protocol->strength > cur->protocol->strength || (cur->protocol->id == NE_AUTH_DIGEST && chall->protocol->id == NE_AUTH_DIGEST && chall->alg > cur->alg)) { break; } } if (prev) { chall->next = prev->next; prev->next = chall; } else { chall->next = *list; *list = chall; } } static void challenge_error(ne_buffer **errbuf, const char *fmt, ...) { char err[128]; va_list ap; size_t len; va_start(ap, fmt); len = ne_vsnprintf(err, sizeof err, fmt, ap); va_end(ap); if (*errbuf == NULL) { *errbuf = ne_buffer_create(); ne_buffer_append(*errbuf, err, len); } else { ne_buffer_concat(*errbuf, ", ", err, NULL); } } /* Passed the value of a "(Proxy,WWW)-Authenticate: " header field. * Returns 0 if valid challenge was accepted; non-zero if no valid * challenge was found. */ static int auth_challenge(auth_session *sess, int attempt, const char *uri, const char *value) { char *pnt, *key, *val, *hdr, sep; struct auth_challenge *chall = NULL, *challenges = NULL; ne_buffer *errmsg = NULL; pnt = hdr = ne_strdup(value); /* The header value may be made up of one or more challenges. We * split it down into attribute-value pairs, then search for * schemes in the pair keys. */ while (!tokenize(&pnt, &key, &val, &sep, 1)) { if (val == NULL) { /* Special case, challenge token, not key=value pair: */ const struct auth_protocol *proto = NULL; struct auth_handler *hdl; size_t n; /* Accumulated challenge is now completed and can be * inserted into the list. */ if (chall) { insert_challenge(&challenges, chall); chall = NULL; } for (hdl = sess->handlers; hdl; hdl = hdl->next) { for (n = 0; protocols[n].id; n++) { if (protocols[n].id & hdl->protomask && ne_strcasecmp(key, protocols[n].name) == 0) { proto = &protocols[n]; break; } } if (proto) break; } if (proto == NULL) { /* Ignore this challenge. */ challenge_error(&errmsg, _("ignored %s challenge"), key); continue; } NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Got '%s' challenge.\n", proto->name); chall = ne_calloc(sizeof *chall); chall->protocol = proto; chall->handler = hdl; if ((proto->flags & AUTH_FLAG_OPAQUE_PARAM) && sep == ' ') { /* Cope with the fact that the unquoted base64 * parameter token doesn't match the 2617 auth-param * grammar: */ chall->opaque = ne_shave(ne_token(&pnt, ','), " \t"); NE_DEBUG(NE_DBG_HTTPAUTH, "auth: %s opaque parameter '%s'\n", proto->name, chall->opaque); if (!pnt) break; /* stop parsing at end-of-string. */ } continue; } else if (chall == NULL) { /* Ignore pairs for an unknown challenge. */ NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Ignored parameter: %s = %s\n", key, val); continue; } /* Strip quotes off value. */ val = ne_shave(val, "\"'"); if (ne_strcasecmp(key, "realm") == 0) { chall->realm = val; } else if (ne_strcasecmp(key, "nonce") == 0) { chall->nonce = val; } else if (ne_strcasecmp(key, "opaque") == 0) { chall->opaque = val; } else if (ne_strcasecmp(key, "stale") == 0) { /* Truth value */ chall->stale = (ne_strcasecmp(val, "true") == 0); } else if (ne_strcasecmp(key, "algorithm") == 0) { if (ne_strcasecmp(val, "md5") == 0) { chall->alg = auth_alg_md5; } else if (ne_strcasecmp(val, "md5-sess") == 0) { chall->alg = auth_alg_md5_sess; } else if (ne_strcasecmp(val, "sha-256") == 0) { chall->alg = auth_alg_sha256; } else if (ne_strcasecmp(val, "sha-256-sess") == 0) { chall->alg = auth_alg_sha256_sess; } else if (ne_strcasecmp(val, "sha-512-256") == 0) { chall->alg = auth_alg_sha512_256; } else if (ne_strcasecmp(val, "sha-512-256-sess") == 0) { chall->alg = auth_alg_sha512_256_sess; } else { chall->alg = auth_alg_unknown; } } else if (ne_strcasecmp(key, "qop") == 0) { /* iterate over each token in the value */ do { const char *tok = ne_shave(ne_token(&val, ','), " \t"); if (ne_strcasecmp(tok, "auth") == 0) { chall->qop_auth = 1; } } while (val); chall->got_qop = chall->qop_auth; } else if (ne_strcasecmp(key, "domain") == 0) { chall->domain = val; } else if (ne_strcasecmp(key, "userhash") == 0) { if (strcmp(val, "true") == 0) chall->userhash = userhash_true; else if (strcmp(val, "false") == 0) chall->userhash = userhash_false; else NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Ignored bogus userhash value '%s'\n", val); } } /* Insert the in-flight challenge (if any). */ if (chall) insert_challenge(&challenges, chall); sess->protocol = NULL; /* Iterate through the challenge list (which is sorted from * strongest to weakest) attempting to accept each one. */ for (chall = challenges; chall != NULL; chall = chall->next) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Trying %s challenge...\n", chall->protocol->name); if (chall->protocol->challenge(sess, attempt, chall, uri, &errmsg) == 0) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Accepted %s challenge.\n", chall->protocol->name); sess->protocol = chall->protocol; break; } } if (!sess->protocol) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: No challenges accepted.\n"); ne_set_error(sess->sess, _(sess->spec->error_noauth), errmsg ? errmsg->data : _("could not parse challenge")); } while (challenges != NULL) { chall = challenges->next; ne_free(challenges); challenges = chall; } ne_free(hdr); if (errmsg) ne_buffer_destroy(errmsg); return !(sess->protocol != NULL); } static void ah_create(ne_request *req, void *session, const char *method, const char *uri) { auth_session *sess = session; int is_connect = strcmp(method, "CONNECT") == 0; if (sess->context == AUTH_ANY || (is_connect && sess->context == AUTH_CONNECT) || (!is_connect && sess->context == AUTH_NOTCONNECT)) { struct auth_request *areq = ne_calloc(sizeof *areq); struct auth_handler *hdl; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Create for %s\n", sess->spec->resp_hdr); areq->method = method; areq->uri = uri; areq->request = req; ne_set_request_private(req, sess->spec->id, areq); /* For each new request, reset the attempt counter in every * registered handler. */ for (hdl = sess->handlers; hdl; hdl = hdl->next) { hdl->attempt = 0; } } } static void ah_pre_send(ne_request *r, void *cookie, ne_buffer *request) { auth_session *sess = cookie; struct auth_request *req = ne_get_request_private(r, sess->spec->id); if (sess->protocol && req) { char *value; NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Sending '%s' response.\n", sess->protocol->name); value = sess->protocol->response(sess, req); if (value != NULL) { ne_buffer_concat(request, sess->spec->req_hdr, ": ", value, NULL); ne_free(value); } } } static int ah_post_send(ne_request *req, void *cookie, const ne_status *status) { auth_session *sess = cookie; struct auth_request *areq = ne_get_request_private(req, sess->spec->id); const char *auth_hdr, *auth_info_hdr; int ret = NE_OK; if (!areq) return NE_OK; auth_hdr = ne_get_response_header(req, sess->spec->resp_hdr); auth_info_hdr = ne_get_response_header(req, sess->spec->resp_info_hdr); if (sess->context == AUTH_CONNECT && status->code == 401 && !auth_hdr) { /* Some broken proxies issue a 401 as a proxy auth challenge * to a CONNECT request; handle this here. */ auth_hdr = ne_get_response_header(req, "WWW-Authenticate"); auth_info_hdr = NULL; } #ifdef HAVE_GSSAPI /* whatever happens: forget the GSSAPI token cached thus far */ if (sess->gssapi_token) { ne_free(sess->gssapi_token); sess->gssapi_token = NULL; } #endif #ifdef HAVE_SSPI /* whatever happens: forget the SSPI token cached thus far */ if (sess->sspi_token) { ne_free(sess->sspi_token); sess->sspi_token = NULL; } #endif NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Post-send (#%d), code is %d (want %d), %s is %s\n", areq->attempt, status->code, sess->spec->status_code, sess->spec->resp_hdr, auth_hdr ? auth_hdr : "(none)"); if (auth_info_hdr && sess->protocol && sess->protocol->verify && (sess->protocol->flags & AUTH_FLAG_VERIFY_NON40x) == 0) { ret = sess->protocol->verify(areq, sess, auth_info_hdr); } else if (sess->protocol && sess->protocol->verify && (sess->protocol->flags & AUTH_FLAG_VERIFY_NON40x) && (status->klass == 2 || status->klass == 3) && auth_hdr) { ret = sess->protocol->verify(areq, sess, auth_hdr); } else if ((status->code == sess->spec->status_code || (status->code == 401 && sess->context == AUTH_CONNECT)) && auth_hdr) { /* note above: allow a 401 in response to a CONNECT request * from a proxy since some buggy proxies send that. */ NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Got challenge (code %d).\n", status->code); if (!auth_challenge(sess, areq->attempt++, areq->uri, auth_hdr)) { ret = NE_RETRY; } else { clean_session(sess); ret = sess->spec->fail_code; } /* Set or clear the conn-auth flag according to whether this * was an accepted challenge for a borked protocol. */ ne_set_session_flag(sess->sess, NE_SESSFLAG_CONNAUTH, sess->protocol && (sess->protocol->flags & AUTH_FLAG_CONN_AUTH)); } #ifdef HAVE_SSPI /* Clear the SSPI context after successful authentication. */ if (status->code != sess->spec->status_code && sess->sspi_context) { ne_sspi_clear_context(sess->sspi_context); } #endif return ret; } static void ah_destroy(ne_request *req, void *session) { auth_session *sess = session; struct auth_request *areq = ne_get_request_private(req, sess->spec->id); if (areq) { ne_free(areq); } } static void free_auth(void *cookie) { auth_session *sess = cookie; struct auth_handler *hdl, *next; #ifdef HAVE_GSSAPI if (sess->gssname != GSS_C_NO_NAME) { unsigned int major; gss_release_name(&major, &sess->gssname); } #endif for (hdl = sess->handlers; hdl; hdl = next) { next = hdl->next; ne_free(hdl); } clean_session(sess); #ifdef HAVE_SSPI if (sess->sspi_host) ne_free(sess->sspi_host); sess->sspi_host = NULL; #endif ne_free(sess); } static void auth_register(ne_session *sess, int isproxy, unsigned protomask, const struct auth_class *ahc, const char *id, ne_auth_creds old_creds, ne_auth_provide new_creds, void *userdata) { auth_session *ahs; struct auth_handler **hdl; /* Handle the _ALL and _DEFAULT protocol masks: */ if ((protomask & NE_AUTH_ALL) == NE_AUTH_ALL) { protomask |= NE_AUTH_BASIC | NE_AUTH_DIGEST | NE_AUTH_NEGOTIATE; } else if ((protomask & NE_AUTH_DEFAULT) == NE_AUTH_DEFAULT) { protomask |= NE_AUTH_BASIC | NE_AUTH_DIGEST; if (strcmp(ne_get_scheme(sess), "https") == 0 || isproxy) { protomask |= NE_AUTH_NEGOTIATE; } } /* For backwards-compatibility with older releases where DIGEST * used to be defined as WEAKEST, if only LEGACY_DIGEST is given, * that implies DIGEST|LEGACY_DIGEST. */ if ((protomask & (NE_AUTH_LEGACY_DIGEST|NE_AUTH_DIGEST)) == NE_AUTH_LEGACY_DIGEST) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: Legacy Digest support compatibility mode.\n"); protomask |= NE_AUTH_DIGEST; } if ((protomask & NE_AUTH_NEGOTIATE) == NE_AUTH_NEGOTIATE) { /* Map NEGOTIATE to NTLM | GSSAPI. */ protomask |= NE_AUTH_GSSAPI | NE_AUTH_NTLM; } if ((protomask & NE_AUTH_GSSAPI) == NE_AUTH_GSSAPI) { /* Map GSSAPI to GSSAPI_ONLY | SSPI. */ protomask |= NE_AUTH_GSSAPI_ONLY | NE_AUTH_SSPI; } ahs = ne_get_session_private(sess, id); if (ahs == NULL) { ahs = ne_calloc(sizeof *ahs); ahs->sess = sess; ahs->spec = ahc; if (strcmp(ne_get_scheme(sess), "https") == 0) { ahs->context = isproxy ? AUTH_CONNECT : AUTH_NOTCONNECT; } else { ahs->context = AUTH_ANY; } /* Register hooks */ ne_hook_create_request(sess, ah_create, ahs); ne_hook_pre_send(sess, ah_pre_send, ahs); ne_hook_post_send(sess, ah_post_send, ahs); ne_hook_destroy_request(sess, ah_destroy, ahs); ne_hook_destroy_session(sess, free_auth, ahs); ne_set_session_private(sess, id, ahs); } #ifdef HAVE_GSSAPI if ((protomask & NE_AUTH_GSSAPI_ONLY) && ahs->gssname == GSS_C_NO_NAME) { ne_uri uri = {0}; if (isproxy) ne_fill_proxy_uri(sess, &uri); else ne_fill_server_uri(sess, &uri); get_gss_name(&ahs->gssname, uri.host); ne_uri_free(&uri); } #endif #ifdef HAVE_SSPI if ((protomask & (NE_AUTH_NTLM|NE_AUTH_SSPI)) && !ahs->sspi_host) { ne_uri uri = {0}; if (isproxy) ne_fill_proxy_uri(sess, &uri); else ne_fill_server_uri(sess, &uri); ahs->sspi_host = uri.host; uri.host = NULL; ne_uri_free(&uri); } #endif /* Find the end of the handler list, and add a new one. */ hdl = &ahs->handlers; while (*hdl) hdl = &(*hdl)->next; *hdl = ne_malloc(sizeof **hdl); (*hdl)->protomask = protomask; (*hdl)->old_creds = old_creds; (*hdl)->new_creds = new_creds; (*hdl)->userdata = userdata; (*hdl)->next = NULL; (*hdl)->attempt = 0; } void ne_set_server_auth(ne_session *sess, ne_auth_creds creds, void *userdata) { auth_register(sess, 0, NE_AUTH_DEFAULT, &ah_server_class, HOOK_SERVER_ID, creds, NULL, userdata); } void ne_set_proxy_auth(ne_session *sess, ne_auth_creds creds, void *userdata) { auth_register(sess, 1, NE_AUTH_DEFAULT, &ah_proxy_class, HOOK_PROXY_ID, creds, NULL, userdata); } void ne_add_server_auth(ne_session *sess, unsigned protocol, ne_auth_creds creds, void *userdata) { auth_register(sess, 0, protocol, &ah_server_class, HOOK_SERVER_ID, creds, NULL, userdata); } void ne_add_proxy_auth(ne_session *sess, unsigned protocol, ne_auth_creds creds, void *userdata) { auth_register(sess, 1, protocol, &ah_proxy_class, HOOK_PROXY_ID, creds, NULL, userdata); } void ne_add_auth(ne_session *sess, unsigned protocol, ne_auth_provide new_creds, void *userdata) { auth_register(sess, 0, protocol, &ah_proxy_class, HOOK_PROXY_ID, NULL, new_creds, userdata); auth_register(sess, 0, protocol, &ah_server_class, HOOK_SERVER_ID, NULL, new_creds, userdata); } void ne_forget_auth(ne_session *sess) { auth_session *as; if ((as = ne_get_session_private(sess, HOOK_SERVER_ID)) != NULL) clean_session(as); if ((as = ne_get_session_private(sess, HOOK_PROXY_ID)) != NULL) clean_session(as); } neon-0.32.2/src/ne_auth.h000066400000000000000000000210341416727304000151240ustar00rootroot00000000000000/* HTTP authentication routines Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_AUTH_H #define NE_AUTH_H #include "ne_session.h" /* for ne_session */ NE_BEGIN_DECLS /* Size of username/password buffers passed to ne_auth_creds * callback. */ #define NE_ABUFSIZ (256) /* The callback used to request the username and password in the given * realm. The username and password must be copied into the buffers * which are both of size NE_ABUFSIZ. The 'attempt' parameter is zero * on the first call to the callback, and increases by one for each * invocation of the callback during an attempt to authenticate. * * The callback must return zero to indicate that authentication * should be attempted with the username/password, or non-zero to * cancel the request. (if non-zero, username and password are * ignored.) * * IMPORTANT NOTE: The callback will be invoked repeatedly until * either it returns non-zero, or authentication is successful. * * Hint: if you just wish to attempt authentication just once (even if * the user gets the username/password wrong), have the callback * function use 'attempt' value as the function return value. */ typedef int (*ne_auth_creds)(void *userdata, const char *realm, int attempt, char *username, char *password); /* Set callbacks to provide credentials for server and proxy * authentication, using the default set of authentication protocols. * userdata is passed as the first argument to the callback. */ void ne_set_server_auth(ne_session *sess, ne_auth_creds creds, void *userdata); void ne_set_proxy_auth(ne_session *sess, ne_auth_creds creds, void *userdata); /* As an alternative to using ne_set_server_auth and * ne_set_proxy_auth, the following interfaces may be used; these * allow control over which authentication protocol is used. */ /* NE_AUTH_BASIC: Basic authentication transmits the username and * password unprotected over the channel; this allows a passive attack * to steal the credentials if using an unsecured channel * (i.e. non-SSL). */ #define NE_AUTH_BASIC (0x0001) /* NE_AUTH_DIGEST: Digest authentication uses a hash of the username, * password, and certain aspects of the request, so prevents passive * attackers from obtaining the credentials; active attackers can * still modify most of the request/response if using an unsecured * channel. Supports algorithms from RFC 2617 and RFC 7616. */ #define NE_AUTH_DIGEST (0x0080) /* NE_AUTH_LEGACY_DIGEST: Using this flag together with NE_AUTH_DIGEST * enables support for the weaker, legacy version of the Digest * algorithm specified in RFC 2069 (obsoleted by RFC 2617, which was * published in June 1999). */ #define NE_AUTH_LEGACY_DIGEST (0x0002) /* NE_AUTH_NEGOTIATE: Negotiate uses GSSAPI/SSPI, or NTLM, to * authenticate the user; an active attacker can modify any of the * request/response at will, so this must not be used over an * unsecured channel. NE_AUTH_NEGOTIATE is currently equivalent to * use of (NE_AUTH_GSSAPI | NE_AUTH_NTLM). */ #define NE_AUTH_NEGOTIATE (0x0004) /* NE_AUTH_GSSAPI: Use GSSAPI or SSPI to authenticate the user; an * active attacker can modify any of the request/response at will, so * this must not be used over an unsecured channel. NE_AUTH_GSSAPI * is currently equivalent to (NE_AUTH_GSSAPI_ONLY | NE_AUTH_SSPI). */ #define NE_AUTH_GSSAPI (0x0008) /* NE_AUTH_NTLM: Use NTLM to authenticate the user; an active attacker * can modify any of the request/response at will, so this must not be * used over an unsecured channel. */ #define NE_AUTH_NTLM (0x0010) /* NE_AUTH_SSPI: Use SSPI to authenticate the user; an * active attacker can modify any of the request/response at will, so * this must not be used over an unsecured channel. */ #define NE_AUTH_SSPI (0x0020) /* NE_AUTH_GSSAPI_ONLY: Use GSSAPI to authenticate the user; an * active attacker can modify any of the request/response at will, so * this must not be used over an unsecured channel. */ #define NE_AUTH_GSSAPI_ONLY (0x0040) /* 0x0080: legacy definition of NE_AUTH_DIGEST in 0.31 and earlier */ /* The default set of supported protocols, as deemed appropriate for * the given session scheme. The interpretation of this flag may * change across versions, for example with older, less secure * protocols being removed from the default set. */ #define NE_AUTH_DEFAULT (0x1000) /* All protocols supported by the library. The interpretation of this * flag may change across versions. */ #define NE_AUTH_ALL (0x2000) /* If present in the protocol mask passed to ne_auth_provide, * indicates that proxy authentication is requested. */ #define NE_AUTH_PROXY (0x4000) /* Add a callback to provide credentials for server and proxy * authentication using a particular auth protocol or set of * protocols. The protocol is supplied as a bitmask of NE_AUTH_* * values. For NE_AUTH_NEGOTIATE, the creds and userdata arguments * are ignored and may be NULL. * * These functions may be called multiple times per session to * register callbacks for different protocols. If the server presents * more than one protocol in an auth challenge, the following * algorithm will be used to determine which callback is used: * * - iterate over the registered callbacks in the order registered * - for each each callback, iterate over the known set of protocols * in order of algorithm strength (strongest first). * - if the protocol mask for that callback matches the protocol, * attempt authentication using this protocol. * * Therefore, if multiple calls to ne_add_server_auth or * ne_add_proxy_auth are used for a given session, the caller must * ensure that the order in which those calls are made reflects the * precedence of protocols to be used. */ void ne_add_server_auth(ne_session *sess, unsigned protocol, ne_auth_creds creds, void *userdata); void ne_add_proxy_auth(ne_session *sess, unsigned protocol, ne_auth_creds creds, void *userdata); /* Alternative credentials provider callback, invoked when credentials * are required to authenticate the client to either a server or * proxy. 'protocol' is the authentication protocol number * (NE_AUTH_*) of the challenge, bitwise-ORed with NE_AUTH_PROXY when * the auth challenge is made by an HTTP proxy. * * 'realm' is the realm name. The 'attempt' counter reflects the * number of attempts to provide credentials to the server * (i.e. retried requests sent with a challenge response), NOT the * number of times the callback is invoked, unlike the ne_auth_creds * callback. * * The callback must return zero to indicate that authentication * should be attempted with the username/password, or non-zero to * cancel the request. (if non-zero, username and password are * ignored.) * * The username and password buffers have length 'buflen', which is * guaranteed to be >= NE_ABUFSIZ. The username must be provided as a * NUL-terminated UTF-8 encoding only. The password must be provided * as a NUL-terminated string. Additional protocol-specific * restrictions apply, e.g. username cannot contain a colon for Basic * auth. * * IMPORTANT NOTE: The callback will be invoked repeatedly until * either it returns non-zero, or authentication is successful. * * Hint: if you just wish to attempt authentication just once (even if * the user gets the username/password wrong), have the callback * function use 'attempt' value as the function return value. */ typedef int (*ne_auth_provide)(void *userdata, int attempt, unsigned protocol, const char *realm, char *username, char *password, size_t buflen); void ne_add_auth(ne_session *sess, unsigned protocol, ne_auth_provide creds, void *userdata); /* Clear any cached authentication credentials for the given * session. */ void ne_forget_auth(ne_session *sess); NE_END_DECLS #endif /* NE_AUTH_H */ neon-0.32.2/src/ne_basic.c000066400000000000000000000311331416727304000152400ustar00rootroot00000000000000/* Basic HTTP and WebDAV methods Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #include /* for struct stat */ #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include #include "ne_request.h" #include "ne_alloc.h" #include "ne_utils.h" #include "ne_basic.h" #include "ne_207.h" #ifdef NE_HAVE_DAV #include "ne_uri.h" #include "ne_locks.h" #endif #include "ne_dates.h" #include "ne_internal.h" int ne_getmodtime(ne_session *sess, const char *uri, time_t *modtime) { ne_request *req = ne_request_create(sess, "HEAD", uri); const char *value; int ret; ret = ne_request_dispatch(req); value = ne_get_response_header(req, "Last-Modified"); if (ret == NE_OK && ne_get_status(req)->klass != 2) { *modtime = -1; ret = NE_ERROR; } else if (value) { *modtime = ne_httpdate_parse(value); } else { *modtime = -1; } ne_request_destroy(req); return ret; } #ifdef NE_LFS #define ne_fstat fstat64 typedef struct stat64 struct_stat; #else #define ne_fstat fstat typedef struct stat struct_stat; #endif /* PUT's from fd to URI */ int ne_put(ne_session *sess, const char *uri, int fd) { ne_request *req; struct_stat st; int ret; if (ne_fstat(fd, &st)) { int errnum = errno; char buf[200]; ne_set_error(sess, _("Could not determine file size: %s"), ne_strerror(errnum, buf, sizeof buf)); return NE_ERROR; } req = ne_request_create(sess, "PUT", uri); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, uri, 0); ne_lock_using_parent(req, uri); #endif ne_set_request_body_fd(req, fd, 0, st.st_size); ret = ne_request_dispatch(req); if (ret == NE_OK && ne_get_status(req)->klass != 2) ret = NE_ERROR; ne_request_destroy(req); return ret; } /* Dispatch a GET request REQ, writing the response body to FD fd. If * RANGE is non-NULL, then it is the value of the Range request * header, e.g. "bytes=1-5". Returns an NE_* error code. */ static int dispatch_to_fd(ne_request *req, int fd, const char *range) { ne_session *const sess = ne_get_session(req); const ne_status *const st = ne_get_status(req); int ret; size_t rlen; /* length of bytespec after "bytes=" */ rlen = range ? strlen(range + 6) : 0; do { const char *value; ret = ne_begin_request(req); if (ret != NE_OK) break; value = ne_get_response_header(req, "Content-Range"); /* For a 206 response, check that a Content-Range header is * given which matches the Range request header. */ if (range && st->code == 206 && (value == NULL || strncmp(value, "bytes ", 6) != 0 || strncmp(range + 6, value + 6, rlen) || (range[5 + rlen] != '-' && value[6 + rlen] != '/'))) { ne_set_error(sess, _("Response did not include requested range")); return NE_ERROR; } if ((range && st->code == 206) || (!range && st->klass == 2)) { ret = ne_read_response_to_fd(req, fd); } else { ret = ne_discard_response(req); } if (ret == NE_OK) ret = ne_end_request(req); } while (ret == NE_RETRY); return ret; } static int get_range_common(ne_session *sess, const char *uri, const char *brange, int fd) { ne_request *req = ne_request_create(sess, "GET", uri); const ne_status *status; int ret; ne_add_request_header(req, "Range", brange); ne_add_request_header(req, "Accept-Ranges", "bytes"); ret = dispatch_to_fd(req, fd, brange); status = ne_get_status(req); if (ret == NE_OK && status->code == 416) { /* connection is terminated too early with Apache/1.3, so we check * this even if ret == NE_ERROR... */ ne_set_error(sess, _("Range is not satisfiable")); ret = NE_ERROR; } else if (ret == NE_OK) { if (status->klass == 2 && status->code != 206) { ne_set_error(sess, _("Resource does not support ranged GET requests")); ret = NE_ERROR; } else if (status->klass != 2) { ret = NE_ERROR; } } ne_request_destroy(req); return ret; } int ne_get_range(ne_session *sess, const char *uri, ne_content_range *range, int fd) { char brange[64]; if (range->end == -1) { ne_snprintf(brange, sizeof brange, "bytes=%" FMT_NE_OFF_T "-", range->start); } else { ne_snprintf(brange, sizeof brange, "bytes=%" FMT_NE_OFF_T "-%" FMT_NE_OFF_T, range->start, range->end); } return get_range_common(sess, uri, brange, fd); } /* Get to given fd */ int ne_get(ne_session *sess, const char *uri, int fd) { ne_request *req = ne_request_create(sess, "GET", uri); int ret; ret = dispatch_to_fd(req, fd, NULL); if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } /* Get to given fd */ int ne_post(ne_session *sess, const char *uri, int fd, const char *buffer) { ne_request *req = ne_request_create(sess, "POST", uri); int ret; ne_set_request_flag(req, NE_REQFLAG_IDEMPOTENT, 0); ne_set_request_body_buffer(req, buffer, strlen(buffer)); ret = dispatch_to_fd(req, fd, NULL); if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } int ne_get_content_type(ne_request *req, ne_content_type *ct) { const char *value; char *sep, *stype; value = ne_get_response_header(req, "Content-Type"); if (value == NULL || strchr(value, '/') == NULL) { return -1; } ct->value = ne_strdup(value); stype = strchr(ct->value, '/'); *stype++ = '\0'; ct->type = ct->value; ct->charset = NULL; sep = strchr(stype, ';'); if (sep) { char *tok; /* look for the charset parameter. TODO; probably better to * hand-carve a parser than use ne_token/strstr/shave here. */ *sep++ = '\0'; do { tok = ne_qtoken(&sep, ';', "\"\'"); if (tok) { tok = strstr(tok, "charset="); if (tok) ct->charset = ne_shave(tok+8, "\"\'"); } else { break; } } while (sep != NULL); } /* set subtype, losing any trailing whitespace */ ct->subtype = ne_shave(stype, " \t"); if (ct->charset == NULL && ne_strcasecmp(ct->type, "text") == 0) { /* 3280§3.1: text/xml without charset implies us-ascii. */ if (ne_strcasecmp(ct->subtype, "xml") == 0) ct->charset = "us-ascii"; /* 2616§3.7.1: subtypes of text/ default to charset ISO-8859-1. */ else ct->charset = "ISO-8859-1"; } return 0; } static const struct options_map { const char *name; unsigned int cap; } options_map[] = { { "1", NE_CAP_DAV_CLASS1 }, { "2", NE_CAP_DAV_CLASS2 }, { "3", NE_CAP_DAV_CLASS3 }, { "", NE_CAP_MODDAV_EXEC }, { "access-control", NE_CAP_DAV_ACL }, { "version-control", NE_CAP_VER_CONTROL }, { "checkout-in-place", NE_CAP_CO_IN_PLACE }, { "version-history", NE_CAP_VER_HISTORY }, { "workspace", NE_CAP_WORKSPACE }, { "update", NE_CAP_UPDATE }, { "label", NE_CAP_LABEL }, { "working-resource", NE_CAP_WORK_RESOURCE }, { "merge", NE_CAP_MERGE }, { "baseline", NE_CAP_BASELINE }, { "version-controlled-collection", NE_CAP_VC_COLLECTION }, { "extended-mkcol", NE_CAP_EXT_MKCOL } }; static void parse_dav_header(const char *value, unsigned int *caps) { char *tokens = ne_strdup(value), *pnt = tokens; *caps = 0; do { char *tok = ne_qtoken(&pnt, ',', "\"'"); unsigned n; if (!tok) break; tok = ne_shave(tok, " \r\t\n"); for (n = 0; n < sizeof(options_map)/sizeof(options_map[0]); n++) { if (strcmp(tok, options_map[n].name) == 0) { *caps |= options_map[n].cap; } } } while (pnt != NULL); ne_free(tokens); } int ne_options2(ne_session *sess, const char *uri, unsigned int *caps) { ne_request *req = ne_request_create(sess, "OPTIONS", uri); int ret = ne_request_dispatch(req); const char *header = ne_get_response_header(req, "DAV"); if (header) parse_dav_header(header, caps); if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } int ne_options(ne_session *sess, const char *path, ne_server_capabilities *caps) { int ret; unsigned int capmask = 0; memset(caps, 0, sizeof *caps); ret = ne_options2(sess, path, &capmask); caps->dav_class1 = capmask & NE_CAP_DAV_CLASS1 ? 1 : 0; caps->dav_class2 = capmask & NE_CAP_DAV_CLASS2 ? 1 : 0; caps->dav_executable = capmask & NE_CAP_MODDAV_EXEC ? 1 : 0; return ret; } #ifdef NE_HAVE_DAV void ne_add_depth_header(ne_request *req, int depth) { const char *value; switch(depth) { case NE_DEPTH_ZERO: value = "0"; break; case NE_DEPTH_ONE: value = "1"; break; default: value = "infinity"; break; } ne_add_request_header(req, "Depth", value); } static int copy_or_move(ne_session *sess, int is_move, int overwrite, int depth, const char *src, const char *dest) { ne_request *req = ne_request_create( sess, is_move?"MOVE":"COPY", src ); /* 2518 S8.9.2 says only use Depth: infinity with MOVE. */ if (!is_move) { ne_add_depth_header(req, depth); } #ifdef NE_HAVE_DAV if (is_move) { ne_lock_using_resource(req, src, NE_DEPTH_INFINITE); } ne_lock_using_resource(req, dest, NE_DEPTH_INFINITE); /* And we need to be able to add members to the destination's parent */ ne_lock_using_parent(req, dest); #endif if (ne_get_session_flag(sess, NE_SESSFLAG_RFC4918)) { ne_add_request_header(req, "Destination", dest); } else { ne_print_request_header(req, "Destination", "%s://%s%s", ne_get_scheme(sess), ne_get_server_hostport(sess), dest); } ne_add_request_header(req, "Overwrite", overwrite?"T":"F"); return ne_simple_request(sess, req); } int ne_copy(ne_session *sess, int overwrite, int depth, const char *src, const char *dest) { return copy_or_move(sess, 0, overwrite, depth, src, dest); } int ne_move(ne_session *sess, int overwrite, const char *src, const char *dest) { return copy_or_move(sess, 1, overwrite, 0, src, dest); } /* Deletes the specified resource. (and in only two lines of code!) */ int ne_delete(ne_session *sess, const char *uri) { ne_request *req = ne_request_create(sess, "DELETE", uri); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, uri, NE_DEPTH_INFINITE); ne_lock_using_parent(req, uri); #endif /* joe: I asked on the DAV WG list about whether we might get a * 207 error back from a DELETE... conclusion, you shouldn't if * you don't send the Depth header, since we might be an HTTP/1.1 * client and a 2xx response indicates success to them. But * it's all a bit unclear. In any case, DAV servers today do * return 207 to DELETE even if we don't send the Depth header. * So we handle 207 errors appropriately. */ return ne_simple_request(sess, req); } int ne_mkcol(ne_session *sess, const char *uri) { ne_request *req; char *real_uri; int ret; if (ne_path_has_trailing_slash(uri)) { real_uri = ne_strdup(uri); } else { real_uri = ne_concat(uri, "/", NULL); } req = ne_request_create(sess, "MKCOL", real_uri); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, real_uri, 0); ne_lock_using_parent(req, real_uri); #endif ret = ne_simple_request(sess, req); ne_free(real_uri); return ret; } #endif /* NE_HAVE_DAV */ neon-0.32.2/src/ne_basic.h000066400000000000000000000141511416727304000152460ustar00rootroot00000000000000/* HTTP/1.1 methods Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_BASIC_H #define NE_BASIC_H #include /* for time_t */ #include "ne_request.h" NE_BEGIN_DECLS /* Perform a GET request on resource at 'path', writing the entity * body which is returned to 'fd'. */ int ne_get(ne_session *sess, const char *path, int fd); /* Perform a PUT request on resource at 'path', reading the entity * body to submit from 'fd'. */ int ne_put(ne_session *sess, const char *path, int fd); #define NE_DEPTH_ZERO (0) #define NE_DEPTH_ONE (1) #define NE_DEPTH_INFINITE (2) /* For ne_copy and ne_move: * * If a resource exists at "dest" and overwrite is zero, the operation * will fail; if overwrite is non-zero, any existing resource will * be over-written. */ /* Copy resource from 'src to 'dest' paths. If 'src' identifies a * collection resource, depth may be NE_DEPTH_ZERO to request that the * collection and its properties are to be copied, or * NE_DEPTH_INFINITE to request that the collection and its contents * are to be copied. Returns NE_* error code. */ int ne_copy(ne_session *sess, int overwrite, int depth, const char *src, const char *dest); /* Move resource from 'src' to 'dest' path. Returns NE_* error * code. */ int ne_move(ne_session *sess, int overwrite, const char *src, const char *dest); /* Delete resource at 'path'. Returns NE_* error code. */ int ne_delete(ne_session *sess, const char *path); /* Create a collection at 'path', which is required to have a trailing * slash. Returns NE_* error code. */ int ne_mkcol(ne_session *sess, const char *path); /* Adds a Depth: header to a request. */ void ne_add_depth_header(ne_request *req, int depth); /* Retrieve modification time of resource at location 'path', using * the HEAD method, placing parsed time in *modtime. *modtime is set * to -1 if no Last-Modified response header was given, or the date * given could not be parsed. Returns NE_* error code. */ int ne_getmodtime(ne_session *sess, const char *path, time_t *modtime); typedef struct { const char *type, *subtype; const char *charset; char *value; } ne_content_type; /* Retrieve the content-type of the response; returns zero if response * had valid content-type, in which case all fields in *ctype are set * (and never NULL); the caller must free(ctype->value) after use. * Returns non-zero on error, in which case *ctype is not altered. */ int ne_get_content_type(ne_request *req, ne_content_type *ctype); /* DEPRECATED: Server capabilities. */ typedef struct { unsigned int dav_class1; /* True if Class 1 WebDAV server */ unsigned int dav_class2; /* True if Class 2 WebDAV server */ unsigned int dav_executable; /* True if supports the 'executable' * property a. la. mod_dav */ } ne_server_capabilities; /* DEPRECATED: Determines server capabilities (using OPTIONS). Use * ne_options2() instead. */ int ne_options(ne_session *sess, const char *path, ne_server_capabilities *caps); #define NE_CAP_DAV_CLASS1 (0x0001) /* Class 1 WebDAV (RFC 2518) */ #define NE_CAP_DAV_CLASS2 (0x0002) /* Class 2 WebDAV (RFC 2518) */ #define NE_CAP_DAV_CLASS3 (0x0004) /* Class 3 WebDAV (RFC 4918) */ #define NE_CAP_MODDAV_EXEC (0x0008) /* mod_dav "executable" property */ #define NE_CAP_DAV_ACL (0x0010) /* WebDAV ACL (RFC 3744) */ #define NE_CAP_VER_CONTROL (0x0020) /* DeltaV version-control */ #define NE_CAP_CO_IN_PLACE (0x0040) /* DeltaV checkout-in-place */ #define NE_CAP_VER_HISTORY (0x0080) /* DeltaV version-history */ #define NE_CAP_WORKSPACE (0x0100) /* DeltaV workspace */ #define NE_CAP_UPDATE (0x0200) /* DeltaV update */ #define NE_CAP_LABEL (0x0400) /* DeltaV label */ #define NE_CAP_WORK_RESOURCE (0x0800) /* DeltaV working-resouce */ #define NE_CAP_MERGE (0x1000) /* DeltaV merge */ #define NE_CAP_BASELINE (0x2000) /* DeltaV baseline */ #define NE_CAP_ACTIVITY (0x4000) /* DeltaV activity */ #define NE_CAP_VC_COLLECTION (0x8000) /* DeltaV version-controlled-collection */ #define NE_CAP_EXT_MKCOL (0x10000) /* extended-mkcol (RFC 5689) */ /* Determines resource capailities, using an OPTIONS request. On * return, *caps is set to a bit-mask of the above NE_CAP_* constants * describing the advertised resource capabilities. */ int ne_options2(ne_session *sess, const char *path, unsigned int *caps); /* Defines a range of bytes, starting at 'start' and ending * at 'end'. 'total' is the number of bytes in the range. */ typedef struct { ne_off_t start, end, total; } ne_content_range; /* Partial GET. range->start must be >= 0. range->total is ignored. * * If range->end is -1, then the rest of the resource from start is * requested, and range->total and end are filled in on success. * * Otherwise, bytes from range->start to range->end are requested. * * This will write to the CURRENT position of f; so if you want * to do a resume download, use: * struct ne_content_range range; * range.start = resume_from; * range.end = range.start + 999; (= 1000 bytes) * fseek(myfile, resume_from, SEEK_SET); * ne_get_range(sess, path, &range, myfile); */ int ne_get_range(ne_session *sess, const char *path, ne_content_range *range, int fd); /* Post using buffer as request-body: stream response into f */ int ne_post(ne_session *sess, const char *path, int fd, const char *buffer); NE_END_DECLS #endif /* NE_BASIC_H */ neon-0.32.2/src/ne_compress.c000066400000000000000000000324731416727304000160220ustar00rootroot00000000000000/* Handling of compressed HTTP responses Copyright (C) 2001-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include "ne_request.h" #include "ne_compress.h" #include "ne_utils.h" #include "ne_internal.h" #ifdef NE_HAVE_ZLIB #include /* Adds support for the 'gzip' Content-Encoding in HTTP. gzip is a * file format which wraps the DEFLATE compression algorithm. zlib * implements DEFLATE: we have to unwrap the gzip format (specified in * RFC1952) as it comes off the wire, and hand off chunks of data to * be inflated. */ struct ne_decompress_s { ne_request *request; /* associated request. */ ne_session *session; /* associated session. */ /* temporary buffer for holding inflated data. */ char outbuf[NE_BUFSIZ]; z_stream zstr; int zstrinit; /* non-zero if zstr has been initialized */ /* pass blocks back to this. */ ne_block_reader reader; ne_accept_response acceptor; void *userdata; /* buffer for gzip header bytes. */ unsigned char header[10]; size_t hdrcount; /* bytes in header */ unsigned char footer[8]; size_t footcount; /* bytes in footer. */ /* CRC32 checksum: odd that zlib uses uLong for this since it is a * 64-bit integer on LP64 platforms. */ uLong checksum; /* current state. */ enum state { NE_Z_BEFORE_DATA, /* not received any response blocks yet. */ NE_Z_PASSTHROUGH, /* response not compressed: passing through. */ NE_Z_IN_HEADER, /* received a few bytes of response data, but not * got past the gzip header yet. */ NE_Z_POST_HEADER, /* waiting for the end of the NUL-terminated bits. */ NE_Z_INFLATING, /* inflating response bytes. */ NE_Z_AFTER_DATA, /* after data; reading CRC32 & ISIZE */ NE_Z_FINISHED /* stream is finished. */ } state; }; /* Convert 'buf' to unsigned int; 'buf' must be 'unsigned char *' */ #define BUF2UINT(buf) ((((unsigned int)(buf)[3])<<24) + ((buf)[2]<<16) + ((buf)[1]<<8) + (buf)[0]) #define ID1 0x1f #define ID2 0x8b #define HDR_DONE 0 #define HDR_EXTENDED 1 #define HDR_ERROR 2 #define HDR_ID1(ctx) ((ctx)->header[0]) #define HDR_ID2(ctx) ((ctx)->header[1]) #define HDR_CMETH(ctx) ((ctx)->header[2]) #define HDR_FLAGS(ctx) ((ctx)->header[3]) #define HDR_MTIME(ctx) (BUF2UINT(&(ctx)->header[4])) #define HDR_XFLAGS(ctx) ((ctx)->header[8]) #define HDR_OS(ctx) ((ctx)->header[9]) /* parse_header parses the gzip header, sets the next state and returns * HDR_DONE: all done, bytes following are raw DEFLATE data. * HDR_EXTENDED: all done, expect a NUL-termianted string * before the DEFLATE data * HDR_ERROR: invalid header, give up (session error is set). */ static int parse_header(ne_decompress *ctx) { NE_DEBUG(NE_DBG_HTTP, "ID1: %d ID2: %d, cmeth %d, flags %d\n", HDR_ID1(ctx), HDR_ID2(ctx), HDR_CMETH(ctx), HDR_FLAGS(ctx)); if (HDR_ID1(ctx) != ID1 || HDR_ID2(ctx) != ID2 || HDR_CMETH(ctx) != 8) { ne_set_error(ctx->session, "Compressed stream invalid"); return HDR_ERROR; } NE_DEBUG(NE_DBG_HTTP, "mtime: %d, xflags: %d, os: %d\n", HDR_MTIME(ctx), HDR_XFLAGS(ctx), HDR_OS(ctx)); /* TODO: we can only handle one NUL-terminated extensions field * currently. Really, we should count the number of bits set, and * skip as many fields as bits set (bailing if any reserved bits * are set. */ if (HDR_FLAGS(ctx) == 8) { ctx->state = NE_Z_POST_HEADER; return HDR_EXTENDED; } else if (HDR_FLAGS(ctx) != 0) { ne_set_error(ctx->session, "Compressed stream not supported"); return HDR_ERROR; } NE_DEBUG(NE_DBG_HTTP, "compress: Good stream.\n"); ctx->state = NE_Z_INFLATING; return HDR_DONE; } /* Process extra 'len' bytes of 'buf' which were received after the * DEFLATE data. */ static int process_footer(ne_decompress *ctx, const unsigned char *buf, size_t len) { if (len + ctx->footcount > 8) { ne_set_error(ctx->session, "Too many bytes (%" NE_FMT_SIZE_T ") in gzip footer", len); return -1; } else { memcpy(ctx->footer + ctx->footcount, buf, len); ctx->footcount += len; if (ctx->footcount == 8) { uLong crc = BUF2UINT(ctx->footer) & 0xFFFFFFFF; if (crc == ctx->checksum) { ctx->state = NE_Z_FINISHED; NE_DEBUG(NE_DBG_HTTP, "compress: End of response; checksum match.\n"); } else { NE_DEBUG(NE_DBG_HTTP, "compress: End of response; checksum mismatch: " "given %lu vs computed %lu\n", crc, ctx->checksum); ne_set_error(ctx->session, "Checksum invalid for compressed stream"); return -1; } } } return 0; } /* A zlib function failed with 'code'; set the session error string * appropriately. */ static void set_zlib_error(ne_decompress *ctx, const char *msg, int code) { if (ctx->zstr.msg) ne_set_error(ctx->session, "%s: %s", msg, ctx->zstr.msg); else { const char *err; switch (code) { case Z_STREAM_ERROR: err = "stream error"; break; case Z_DATA_ERROR: err = "data corrupt"; break; case Z_MEM_ERROR: err = "out of memory"; break; case Z_BUF_ERROR: err = "buffer error"; break; case Z_VERSION_ERROR: err = "library version mismatch"; break; default: err = "unknown error"; break; } ne_set_error(ctx->session, _("%s: %s (code %d)"), msg, err, code); } } /* Inflate response buffer 'buf' of length 'len'. */ static int do_inflate(ne_decompress *ctx, const char *buf, size_t len) { int ret; ctx->zstr.avail_in = len; ctx->zstr.next_in = (unsigned char *)buf; ctx->zstr.total_in = 0; do { ctx->zstr.avail_out = sizeof ctx->outbuf; ctx->zstr.next_out = (unsigned char *)ctx->outbuf; ctx->zstr.total_out = 0; ret = inflate(&ctx->zstr, Z_NO_FLUSH); NE_DEBUG(NE_DBG_HTTP, "compress: inflate %d, %ld bytes out, %d remaining\n", ret, ctx->zstr.total_out, ctx->zstr.avail_in); #if 0 NE_DEBUG(NE_DBG_HTTPBODY, "Inflated body block (%ld):\n[%.*s]\n", ctx->zstr.total_out, (int)ctx->zstr.total_out, ctx->outbuf); #endif /* update checksum. */ ctx->checksum = crc32(ctx->checksum, (unsigned char *)ctx->outbuf, ctx->zstr.total_out); /* pass on the inflated data, if any */ if (ctx->zstr.total_out > 0) { int rret = ctx->reader(ctx->userdata, ctx->outbuf, ctx->zstr.total_out); if (rret) return rret; } } while (ret == Z_OK && ctx->zstr.avail_in > 0); if (ret == Z_STREAM_END) { NE_DEBUG(NE_DBG_HTTP, "compress: end of data stream, %d bytes remain.\n", ctx->zstr.avail_in); /* process the footer. */ ctx->state = NE_Z_AFTER_DATA; return process_footer(ctx, ctx->zstr.next_in, ctx->zstr.avail_in); } else if (ret != Z_OK) { set_zlib_error(ctx, _("Could not inflate data"), ret); return NE_ERROR; } return 0; } /* Callback which is passed blocks of the response body. */ static int gz_reader(void *ud, const char *buf, size_t len) { ne_decompress *ctx = ud; const char *zbuf; size_t count; const char *hdr; if (len == 0) { /* End of response: */ switch (ctx->state) { case NE_Z_BEFORE_DATA: hdr = ne_get_response_header(ctx->request, "Content-Encoding"); if (hdr && ne_strcasecmp(hdr, "gzip") == 0) { /* response was truncated: return error. */ break; } /* else, fall through */ case NE_Z_FINISHED: /* complete gzip response */ case NE_Z_PASSTHROUGH: /* complete uncompressed response */ return ctx->reader(ctx->userdata, buf, 0); default: /* invalid state: truncated response. */ break; } /* else: truncated response, fail. */ ne_set_error(ctx->session, "Compressed response was truncated"); return NE_ERROR; } switch (ctx->state) { case NE_Z_PASSTHROUGH: /* move along there. */ return ctx->reader(ctx->userdata, buf, len); case NE_Z_FINISHED: /* Could argue for tolerance, and ignoring trailing content; * but it could mean something more serious. */ if (len > 0) { ne_set_error(ctx->session, "Unexpected content received after compressed stream"); return NE_ERROR; } break; case NE_Z_BEFORE_DATA: /* work out whether this is a compressed response or not. */ hdr = ne_get_response_header(ctx->request, "Content-Encoding"); if (hdr && ne_strcasecmp(hdr, "gzip") == 0) { int ret; NE_DEBUG(NE_DBG_HTTP, "compress: got gzipped stream.\n"); /* inflateInit2() works here where inflateInit() doesn't. */ ret = inflateInit2(&ctx->zstr, -MAX_WBITS); if (ret != Z_OK) { set_zlib_error(ctx, _("Could not initialize zlib"), ret); return -1; } ctx->zstrinit = 1; } else { /* No Content-Encoding header: pass it on. TODO: we could * hack it and register the real callback now. But that * would require add_resp_body_rdr to have defined * ordering semantics etc etc */ ctx->state = NE_Z_PASSTHROUGH; return ctx->reader(ctx->userdata, buf, len); } ctx->state = NE_Z_IN_HEADER; /* FALLTHROUGH */ case NE_Z_IN_HEADER: /* copy as many bytes as possible into the buffer. */ if (len + ctx->hdrcount > 10) { count = 10 - ctx->hdrcount; } else { count = len; } memcpy(ctx->header + ctx->hdrcount, buf, count); ctx->hdrcount += count; /* have we got the full header yet? */ if (ctx->hdrcount != 10) { return 0; } buf += count; len -= count; switch (parse_header(ctx)) { case HDR_EXTENDED: if (len == 0) return 0; break; case HDR_ERROR: return NE_ERROR; case HDR_DONE: if (len > 0) { return do_inflate(ctx, buf, len); } break; } /* FALLTHROUGH */ case NE_Z_POST_HEADER: /* eating the filename string. */ zbuf = memchr(buf, '\0', len); if (zbuf == NULL) { /* not found it yet. */ return 0; } NE_DEBUG(NE_DBG_HTTP, "compress: skipped %" NE_FMT_SIZE_T " header bytes.\n", zbuf - buf); /* found end of string. */ len -= (1 + zbuf - buf); buf = zbuf + 1; ctx->state = NE_Z_INFLATING; if (len == 0) { /* end of string was at end of buffer. */ return 0; } /* FALLTHROUGH */ case NE_Z_INFLATING: return do_inflate(ctx, buf, len); case NE_Z_AFTER_DATA: return process_footer(ctx, (unsigned char *)buf, len); } return 0; } /* Prepare for a compressed response; may be called many times per * request, for auth retries etc. */ static void gz_pre_send(ne_request *r, void *ud, ne_buffer *req) { ne_decompress *ctx = ud; if (ctx->request == r) { NE_DEBUG(NE_DBG_HTTP, "compress: Initialization.\n"); /* (Re-)Initialize the context */ ctx->state = NE_Z_BEFORE_DATA; if (ctx->zstrinit) inflateEnd(&ctx->zstr); ctx->zstrinit = 0; ctx->hdrcount = ctx->footcount = 0; ctx->checksum = crc32(0L, Z_NULL, 0); } } /* Wrapper for user-passed acceptor function. */ static int gz_acceptor(void *userdata, ne_request *req, const ne_status *st) { ne_decompress *ctx = userdata; return ctx->acceptor(ctx->userdata, req, st); } /* A slightly ugly hack: the pre_send hook is scoped per-session, so * must check that the invoking request is this one, before doing * anything, and must be unregistered when the context is * destroyed. */ ne_decompress *ne_decompress_reader(ne_request *req, ne_accept_response acpt, ne_block_reader rdr, void *userdata) { ne_decompress *ctx = ne_calloc(sizeof *ctx); ne_add_request_header(req, "Accept-Encoding", "gzip"); ne_add_response_body_reader(req, gz_acceptor, gz_reader, ctx); ctx->reader = rdr; ctx->userdata = userdata; ctx->session = ne_get_session(req); ctx->request = req; ctx->acceptor = acpt; ne_hook_pre_send(ne_get_session(req), gz_pre_send, ctx); return ctx; } void ne_decompress_destroy(ne_decompress *ctx) { if (ctx->zstrinit) inflateEnd(&ctx->zstr); ne_unhook_pre_send(ctx->session, gz_pre_send, ctx); ne_free(ctx); } #else /* !NE_HAVE_ZLIB */ /* Pass-through interface present to provide ABI compatibility. */ ne_decompress *ne_decompress_reader(ne_request *req, ne_accept_response acpt, ne_block_reader rdr, void *userdata) { ne_add_response_body_reader(req, acpt, rdr, userdata); /* an arbitrary return value: don't confuse them by returning NULL. */ return (ne_decompress *)req; } void ne_decompress_destroy(ne_decompress *dc) { } #endif /* NE_HAVE_ZLIB */ neon-0.32.2/src/ne_compress.h000066400000000000000000000033221416727304000160160ustar00rootroot00000000000000/* Compressed HTTP response handling Copyright (C) 2001-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_COMPRESS_H #define NE_COMPRESS_H #include "ne_request.h" NE_BEGIN_DECLS typedef struct ne_decompress_s ne_decompress; /* Call this to register a 'reader' callback which will be passed * blocks of response body (if the 'acceptance' callback is * successful). If the response body is returned compressed by the * server, this reader will receive UNCOMPRESSED blocks. * * Returns pointer to context object which must be passed to * ne_decompress_destroy after the request has been dispatched, to * free any internal state. If an error occurs during decompression, * the request will be aborted and session error string set. */ ne_decompress *ne_decompress_reader(ne_request *req, ne_accept_response accpt, ne_block_reader rdr, void *userdata); /* Destroys decompression state. */ void ne_decompress_destroy(ne_decompress *ctx); NE_END_DECLS #endif /* NE_COMPRESS_H */ neon-0.32.2/src/ne_dates.c000066400000000000000000000163661416727304000152720ustar00rootroot00000000000000/* Date manipulation routines Copyright (C) 1999-2021, Joe Orton Copyright (C) 2004 Jiang Lei This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #include #ifdef HAVE_STDLIB_H #include #endif #include #ifdef HAVE_STRING_H #include #endif #ifdef WIN32 #include /* for TIME_ZONE_INFORMATION */ #endif #include "ne_alloc.h" #include "ne_dates.h" #include "ne_string.h" /* Generic date manipulation routines. */ /* ISO8601: 2001-01-01T12:30:00Z */ #define ISO8601_FORMAT_Z "%04d-%02d-%02dT%02d:%02d:%lfZ" #define ISO8601_FORMAT_M "%04d-%02d-%02dT%02d:%02d:%lf-%02d:%02d" #define ISO8601_FORMAT_P "%04d-%02d-%02dT%02d:%02d:%lf+%02d:%02d" /* RFC1123: Sun, 06 Nov 1994 08:49:37 GMT */ #define RFC1123_FORMAT "%3s, %02d %3s %4d %02d:%02d:%02d GMT" /* RFC850: Sunday, 06-Nov-94 08:49:37 GMT */ #define RFC1036_FORMAT "%10s %2d-%3s-%2d %2d:%2d:%2d GMT" /* asctime: Wed Jun 30 21:49:08 1993 */ #define ASCTIME_FORMAT "%3s %3s %2d %2d:%2d:%2d %4d" static const char rfc1123_weekdays[7][4] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; static const char short_months[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; #if defined(HAVE_STRUCT_TM_TM_GMTOFF) #define GMTOFF(t) ((t).tm_gmtoff) #elif defined(HAVE_STRUCT_TM___TM_GMTOFF) #define GMTOFF(t) ((t).__tm_gmtoff) #elif defined(WIN32) #define GMTOFF(t) (gmt_to_local_win32()) #elif defined(HAVE_TIMEZONE) /* FIXME: the following assumes fixed dst offset of 1 hour */ #define GMTOFF(t) (-timezone + ((t).tm_isdst > 0 ? 3600 : 0)) #else /* FIXME: work out the offset anyway. */ #define GMTOFF(t) (0) #endif #ifdef WIN32 time_t gmt_to_local_win32(void) { TIME_ZONE_INFORMATION tzinfo; DWORD dwStandardDaylight; long bias; dwStandardDaylight = GetTimeZoneInformation(&tzinfo); bias = tzinfo.Bias; if (dwStandardDaylight == TIME_ZONE_ID_STANDARD) bias += tzinfo.StandardBias; if (dwStandardDaylight == TIME_ZONE_ID_DAYLIGHT) bias += tzinfo.DaylightBias; return (- bias * 60); } #endif /* Returns the time/date GMT, in RFC1123-type format: eg * Sun, 06 Nov 1994 08:49:37 GMT. */ char *ne_rfc1123_date(time_t anytime) { struct tm *gmt; char *ret; gmt = gmtime(&anytime); if (gmt == NULL) return NULL; ret = ne_malloc(29 + 1); /* dates are 29 chars long */ /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */ ne_snprintf(ret, 30, RFC1123_FORMAT, rfc1123_weekdays[gmt->tm_wday], gmt->tm_mday, short_months[gmt->tm_mon], 1900 + gmt->tm_year, gmt->tm_hour, gmt->tm_min, gmt->tm_sec); return ret; } /* Takes an ISO-8601-formatted date string and returns the time_t. * Returns (time_t)-1 if the parse fails. */ time_t ne_iso8601_parse(const char *date) { struct tm gmt = {0}; int off_hour, off_min; double sec; off_t fix; time_t result; /* it goes: ISO8601: 2001-01-01T12:30:00+03:30 */ if (sscanf(date, ISO8601_FORMAT_P, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec, &off_hour, &off_min) == 8) { gmt.tm_sec = (int)sec; fix = - off_hour * 3600 - off_min * 60; } /* it goes: ISO8601: 2001-01-01T12:30:00-03:30 */ else if (sscanf(date, ISO8601_FORMAT_M, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec, &off_hour, &off_min) == 8) { gmt.tm_sec = (int)sec; fix = off_hour * 3600 + off_min * 60; } /* it goes: ISO8601: 2001-01-01T12:30:00Z */ else if (sscanf(date, ISO8601_FORMAT_Z, &gmt.tm_year, &gmt.tm_mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &sec) == 6) { gmt.tm_sec = (int)sec; fix = 0; } else { return (time_t)-1; } gmt.tm_year -= 1900; gmt.tm_isdst = -1; gmt.tm_mon--; result = mktime(&gmt) + fix; return result + GMTOFF(gmt); } /* Takes an RFC1123-formatted date string and returns the time_t. * Returns (time_t)-1 if the parse fails. */ time_t ne_rfc1123_parse(const char *date) { struct tm gmt = {0}; char wkday[4], mon[4]; int n; time_t result; /* it goes: Sun, 06 Nov 1994 08:49:37 GMT */ if (sscanf(date, RFC1123_FORMAT, wkday, &gmt.tm_mday, mon, &gmt.tm_year, &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec) != 7) return (time_t) -1; gmt.tm_year -= 1900; for (n=0; n<12; n++) if (strcmp(mon, short_months[n]) == 0) break; /* tm_mon comes out as 12 if the month is corrupt, which is desired, * since the mktime will then fail */ gmt.tm_mon = n; gmt.tm_isdst = -1; result = mktime(&gmt); return result + GMTOFF(gmt); } /* Takes a string containing a RFC1036-style date and returns the time_t */ time_t ne_rfc1036_parse(const char *date) { struct tm gmt = {0}; int n; char wkday[11], mon[4]; time_t result; /* RFC850/1036 style dates: Sunday, 06-Nov-94 08:49:37 GMT */ n = sscanf(date, RFC1036_FORMAT, wkday, &gmt.tm_mday, mon, &gmt.tm_year, &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec); if (n != 7) { return (time_t)-1; } for (n=0; n<12; n++) if (strcmp(mon, short_months[n]) == 0) break; /* tm_mon comes out as 12 if the month is corrupt, which is desired, * since the mktime will then fail */ /* Defeat Y2K bug. */ if (gmt.tm_year < 50) gmt.tm_year += 100; gmt.tm_mon = n; gmt.tm_isdst = -1; result = mktime(&gmt); return result + GMTOFF(gmt); } /* (as)ctime dates are like: * Wed Jun 30 21:49:08 1993 */ time_t ne_asctime_parse(const char *date) { struct tm gmt = {0}; int n; char wkday[4], mon[4]; time_t result; if (sscanf(date, ASCTIME_FORMAT, wkday, mon, &gmt.tm_mday, &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec, &gmt.tm_year) != 7) return (time_t)-1; gmt.tm_year -= 1900; for (n=0; n<12; n++) if (strcmp(mon, short_months[n]) == 0) break; /* tm_mon comes out as 12 if the month is corrupt, which is desired, * since the mktime will then fail */ gmt.tm_mon = n; gmt.tm_isdst = -1; result = mktime(&gmt); return result + GMTOFF(gmt); } /* HTTP-date parser */ time_t ne_httpdate_parse(const char *date) { time_t tmp; tmp = ne_rfc1123_parse(date); if (tmp == -1) { tmp = ne_rfc1036_parse(date); if (tmp == -1) tmp = ne_asctime_parse(date); } return tmp; } neon-0.32.2/src/ne_dates.h000066400000000000000000000031501416727304000152620ustar00rootroot00000000000000/* Date manipulation routines Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_DATES_H #define NE_DATES_H #include #include "ne_defs.h" NE_BEGIN_DECLS /* Date manipulation routines as per RFC1123 and RFC1036 */ /* Return current date/time in RFC1123 format */ char *ne_rfc1123_date(time_t anytime); /* Returns time from date/time using the subset of the ISO8601 format * referenced in RFC2518 (e.g as used in the creationdate property in * the DAV: namespace). */ time_t ne_iso8601_parse(const char *date); /* Returns time from date/time in RFC1123 format */ time_t ne_rfc1123_parse(const char *date); time_t ne_rfc1036_parse(const char *date); /* Parses asctime date string */ time_t ne_asctime_parse(const char *date); /* Parse an HTTP-date as per RFC2616 */ time_t ne_httpdate_parse(const char *date); NE_END_DECLS #endif /* NE_DATES_H */ neon-0.32.2/src/ne_defs.h000066400000000000000000000041141416727304000151040ustar00rootroot00000000000000/* Standard definitions for neon headers Copyright (C) 2003-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #undef NE_BEGIN_DECLS #undef NE_END_DECLS #ifdef __cplusplus # define NE_BEGIN_DECLS extern "C" { # define NE_END_DECLS } #else # define NE_BEGIN_DECLS /* empty */ # define NE_END_DECLS /* empty */ #endif #ifndef NE_DEFS_H #define NE_DEFS_H #include #ifdef NE_LFS # ifdef _MSC_VER typedef __int64 off64_t; # endif typedef off64_t ne_off_t; #else typedef off_t ne_off_t; #endif /* define ssize_t for Win32 */ #if defined(WIN32) && !defined(ssize_t) #define ssize_t int #endif #ifdef __NETWARE__ #include /* for time_t */ #endif #ifdef __GNUC__ #if __GNUC__ >= 3 #ifndef NE_PRIVATE #define NE_PRIVATE __attribute__((visibility ("hidden"))) #endif #define ne_attribute_malloc __attribute__((malloc)) #define ne_attribute_alloc_size(x) __attribute__((alloc_size(x))) #else #define ne_attribute_malloc #define ne_attribute_alloc_size(x) #endif #if __GNUC__ > 3 #define ne_attribute_sentinel __attribute__((sentinel)) #else #define ne_attribute_sentinel #endif #define ne_attribute(x) __attribute__(x) #else #define ne_attribute(x) #define ne_attribute_malloc #define ne_attribute_alloc_size(x) #define ne_attribute_sentinel #endif #ifndef NE_PRIVATE #define NE_PRIVATE #endif #ifndef NE_BUFSIZ #define NE_BUFSIZ 8192 #endif #endif /* NE_DEFS_H */ neon-0.32.2/src/ne_gnutls.c000066400000000000000000001315301416727304000154750ustar00rootroot00000000000000/* neon SSL/TLS support using GNU TLS Copyright (C) 2002-2021, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #include #ifdef NE_HAVE_TS_SSL #include #include #if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #include GCRY_THREAD_OPTION_PTHREAD_IMPL; #endif #else #if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #include #endif #endif #ifdef HAVE_ICONV #include #endif #include "ne_ssl.h" #include "ne_string.h" #include "ne_session.h" #include "ne_internal.h" #include "ne_private.h" #include "ne_privssl.h" #if LIBGNUTLS_VERSION_NUMBER >= 0x020302 /* The GnuTLS DN functions in 2.3.2 and later allow a simpler DN * abstraction to be used. */ #define HAVE_NEW_DN_API #endif struct ne_ssl_dname_s { #ifdef HAVE_NEW_DN_API gnutls_x509_dn_t dn; #else int subject; /* non-zero if this is the subject DN object */ gnutls_x509_crt_t cert; #endif }; struct ne_ssl_certificate_s { ne_ssl_dname subj_dn, issuer_dn; gnutls_x509_crt_t subject; ne_ssl_certificate *issuer; char *identity; }; struct ne_ssl_client_cert_s { gnutls_pkcs12_t p12; int decrypted; /* non-zero if successfully decrypted. */ int keyless; ne_ssl_certificate cert; gnutls_x509_privkey_t pkey; char *friendly_name; #ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT /* Signing callback & userdata provided by ne_pkcs11.c. It would * be better to rewrite the whole module to use gnutls_privkey_t * directly, but it seems impossible to dup such an object. */ gnutls_privkey_sign_func sign_func; void *sign_ud; #endif }; /* Returns the highest used index in subject (or issuer) DN of * certificate CERT for OID, or -1 if no RDNs are present in the DN * using that OID. */ static int oid_find_highest_index(gnutls_x509_crt_t cert, int subject, const char *oid) { int ret, idx = -1; do { size_t len = 0; if (subject) ret = gnutls_x509_crt_get_dn_by_oid(cert, oid, ++idx, 0, NULL, &len); else ret = gnutls_x509_crt_get_issuer_dn_by_oid(cert, oid, ++idx, 0, NULL, &len); } while (ret == GNUTLS_E_SHORT_MEMORY_BUFFER); return idx - 1; } #ifdef HAVE_GNUTLS_X509_DN_GET_RDN_AVA /* New-style RDN handling introduced in GnuTLS 1.7.x. */ #ifdef HAVE_ICONV static void convert_dirstring(ne_buffer *buf, const char *charset, gnutls_datum_t *data) { iconv_t id = iconv_open("UTF-8", charset); size_t inlen = data->size, outlen = buf->length - buf->used; char *inbuf = (char *)data->data; char *outbuf = buf->data + buf->used - 1; if (id == (iconv_t)-1) { char err[128], err2[128]; ne_snprintf(err, sizeof err, "[unprintable in %s: %s]", charset, ne_strerror(errno, err2, sizeof err2)); ne_buffer_zappend(buf, err); return; } ne_buffer_grow(buf, buf->used + 64); while (inlen && outlen && iconv(id, &inbuf, &inlen, &outbuf, &outlen) == 0) ; iconv_close(id); buf->used += buf->length - buf->used - outlen; buf->data[buf->used - 1] = '\0'; } #endif /* From section 11.13 of the Dubuisson ASN.1 bible: */ #define TAG_UTF8 (12) #define TAG_PRINTABLE (19) #define TAG_T61 (20) #define TAG_IA5 (22) #define TAG_VISIBLE (26) #define TAG_UNIVERSAL (28) #define TAG_BMP (30) static void append_dirstring(ne_buffer *buf, gnutls_datum_t *data, unsigned long tag) { switch (tag) { case TAG_UTF8: case TAG_IA5: case TAG_PRINTABLE: case TAG_VISIBLE: ne_buffer_append(buf, (char *)data->data, data->size); break; #ifdef HAVE_ICONV case TAG_T61: convert_dirstring(buf, "ISO-8859-1", data); break; case TAG_BMP: convert_dirstring(buf, "UCS-2BE", data); break; #endif default: { char tmp[128]; ne_snprintf(tmp, sizeof tmp, _("[unprintable:#%lu]"), tag); ne_buffer_zappend(buf, tmp); } break; } } /* OIDs to not include in readable DNs by default: */ #define OID_emailAddress "1.2.840.113549.1.9.1" #define OID_commonName "2.5.4.3" #define CMPOID(a,o) ((a)->oid.size == sizeof(o) \ && memcmp((a)->oid.data, o, strlen(o)) == 0) char *ne_ssl_readable_dname(const ne_ssl_dname *name) { gnutls_x509_dn_t dn; int ret, rdn = 0; ne_buffer *buf; gnutls_x509_ava_st val; #ifdef HAVE_NEW_DN_API dn = name->dn; #else if (name->subject) ret = gnutls_x509_crt_get_subject(name->cert, &dn); else ret = gnutls_x509_crt_get_issuer(name->cert, &dn); if (ret) return ne_strdup(_("[unprintable]")); #endif /* HAVE_NEW_DN_API */ buf = ne_buffer_create(); /* Find the highest rdn... */ while (gnutls_x509_dn_get_rdn_ava(dn, rdn++, 0, &val) == 0) ; /* ..then iterate back to the first: */ while (--rdn >= 0) { int ava = 0; /* Iterate through all AVAs for multivalued AVAs; better than * ne_openssl can do! */ do { ret = gnutls_x509_dn_get_rdn_ava(dn, rdn, ava, &val); /* If the *only* attribute to append is the common name or * email address, use it; otherwise skip those * attributes. */ if (ret == 0 && val.value.size > 0 && ((!CMPOID(&val, OID_emailAddress) && !CMPOID(&val, OID_commonName)) || (buf->used == 1 && rdn == 0))) { if (buf->used > 1) ne_buffer_append(buf, ", ", 2); append_dirstring(buf, &val.value, val.value_tag); } ava++; } while (ret == 0); } return ne_buffer_finish(buf); } #else /* !HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ /* Appends the value of RDN with given oid from certitifcate x5 * subject (if subject is non-zero), or issuer DN to buffer 'buf': */ static void append_rdn(ne_buffer *buf, gnutls_x509_crt_t x5, int subject, const char *oid) { int idx, top, ret; char rdn[50]; top = oid_find_highest_index(x5, subject, oid); for (idx = top; idx >= 0; idx--) { size_t rdnlen = sizeof rdn; if (subject) ret = gnutls_x509_crt_get_dn_by_oid(x5, oid, idx, 0, rdn, &rdnlen); else ret = gnutls_x509_crt_get_issuer_dn_by_oid(x5, oid, idx, 0, rdn, &rdnlen); if (ret < 0) return; if (buf->used > 1) { ne_buffer_append(buf, ", ", 2); } ne_buffer_append(buf, rdn, rdnlen); } } char *ne_ssl_readable_dname(const ne_ssl_dname *name) { ne_buffer *buf = ne_buffer_create(); int ret, idx = 0; do { char oid[32] = {0}; size_t oidlen = sizeof oid; ret = name->subject ? gnutls_x509_crt_get_dn_oid(name->cert, idx, oid, &oidlen) : gnutls_x509_crt_get_issuer_dn_oid(name->cert, idx, oid, &oidlen); if (ret == 0) { append_rdn(buf, name->cert, name->subject, oid); idx++; } } while (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); return ne_buffer_finish(buf); } #endif /* HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2) { char c1[1024], c2[1024]; size_t s1 = sizeof c1, s2 = sizeof c2; #ifdef HAVE_NEW_DN_API if (gnutls_x509_dn_export(dn1->dn, GNUTLS_X509_FMT_DER, c1, &s1)) return 1; if (gnutls_x509_dn_export(dn2->dn, GNUTLS_X509_FMT_DER, c2, &s2)) return -1; #else int ret; if (dn1->subject) ret = gnutls_x509_crt_get_dn(dn1->cert, c1, &s1); else ret = gnutls_x509_crt_get_issuer_dn(dn1->cert, c1, &s1); if (ret) return 1; if (dn2->subject) ret = gnutls_x509_crt_get_dn(dn2->cert, c2, &s2); else ret = gnutls_x509_crt_get_issuer_dn(dn2->cert, c2, &s2); if (ret) return -1; #endif /* HAVE_NEW_DN_API */ if (s1 != s2) return s2 - s1; return memcmp(c1, c2, s1); } void ne_ssl_clicert_free(ne_ssl_client_cert *cc) { if (cc->p12) gnutls_pkcs12_deinit(cc->p12); if (cc->decrypted) { if (cc->cert.identity) ne_free(cc->cert.identity); if (cc->pkey) gnutls_x509_privkey_deinit(cc->pkey); if (cc->cert.subject) gnutls_x509_crt_deinit(cc->cert.subject); } if (cc->friendly_name) ne_free(cc->friendly_name); ne_free(cc); } void ne_ssl_cert_validity_time(const ne_ssl_certificate *cert, time_t *from, time_t *until) { if (from) { *from = gnutls_x509_crt_get_activation_time(cert->subject); } if (until) { *until = gnutls_x509_crt_get_expiration_time(cert->subject); } } /* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. If 'server' is non-NULL, it must be the network address * of the server in use, and identity must be NULL. */ static int check_identity(const ne_uri *server, gnutls_x509_crt_t cert, char **identity) { char name[255]; unsigned int critical; int ret, seq = 0; int match = 0, found = 0; size_t len; const char *hostname; hostname = server ? server->host : ""; do { len = sizeof name - 1; ret = gnutls_x509_crt_get_subject_alt_name(cert, seq, name, &len, &critical); switch (ret) { case GNUTLS_SAN_DNSNAME: name[len] = '\0'; if (identity && !found) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, len, hostname); found = 1; break; case GNUTLS_SAN_IPADDRESS: { ne_inet_addr *ia; if (len == 4) ia = ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)name); else if (len == 16) ia = ne_iaddr_make(ne_iaddr_ipv6, (unsigned char *)name); else ia = NULL; if (ia) { char buf[128]; match = strcmp(hostname, ne_iaddr_print(ia, buf, sizeof buf)) == 0; if (identity) *identity = ne_strdup(buf); found = 1; ne_iaddr_free(ia); } else { NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported " "address type (length %" NE_FMT_SIZE_T "), skipped.\n", len); } } break; case GNUTLS_SAN_URI: { ne_uri uri; name[len] = '\0'; if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) { ne_uri tmp; if (identity && !found) *identity = ne_strdup(name); found = 1; if (server) { /* For comparison purposes, all that matters is * host, scheme and port; ignore the rest. */ memset(&tmp, 0, sizeof tmp); tmp.host = uri.host; tmp.scheme = uri.scheme; tmp.port = uri.port; match = ne_uri_cmp(server, &tmp) == 0; } } ne_uri_free(&uri); } break; default: break; } seq++; } while (!match && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { seq = oid_find_highest_index(cert, 1, GNUTLS_OID_X520_COMMON_NAME); if (seq >= 0) { len = sizeof name; name[0] = '\0'; ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, seq, 0, name, &len); if (ret == 0) { if (identity) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, len, hostname); } } else { return -1; } } if (*hostname) NE_DEBUG(NE_DBG_SSL, "ssl: Identity match for '%s': %s\n", hostname, match ? "good" : "bad"); return match ? 0 : 1; } /* Populate an ne_ssl_certificate structure from an X509 object. Note * that x5 is owned by returned cert object and must not be otherwise * freed by the caller. */ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, gnutls_x509_crt_t x5) { #ifdef HAVE_NEW_DN_API gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn); gnutls_x509_crt_get_issuer(x5, &cert->issuer_dn.dn); #else cert->subj_dn.cert = x5; cert->subj_dn.subject = 1; cert->issuer_dn.cert = x5; cert->issuer_dn.subject = 0; #endif cert->issuer = NULL; cert->subject = x5; cert->identity = NULL; check_identity(NULL, x5, &cert->identity); return cert; } /* Returns a copy certificate of certificate SRC. */ static gnutls_x509_crt_t x509_crt_copy(gnutls_x509_crt_t src) { int ret; size_t size = 0; gnutls_datum_t tmp; gnutls_x509_crt_t dest; if (gnutls_x509_crt_init(&dest) != 0) { return NULL; } if (gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, &size) != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_x509_crt_deinit(dest); return NULL; } tmp.data = ne_malloc(size); ret = gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, tmp.data, &size); if (ret == 0) { tmp.size = size; ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER); } if (ret) { gnutls_x509_crt_deinit(dest); dest = NULL; } ne_free(tmp.data); return dest; } /* Duplicate a client certificate, which must be in the decrypted state. */ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc) { int ret; ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc); newcc->decrypted = 1; if (cc->keyless) { newcc->keyless = 1; #ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT newcc->sign_func = cc->sign_func; newcc->sign_ud = cc->sign_ud; #endif } else { ret = gnutls_x509_privkey_init(&newcc->pkey); if (ret != 0) goto dup_error; ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); if (ret != 0) goto dup_error; } newcc->cert.subject = x509_crt_copy(cc->cert.subject); if (!newcc->cert.subject) goto dup_error; if (cc->friendly_name) newcc->friendly_name = ne_strdup(cc->friendly_name); populate_cert(&newcc->cert, newcc->cert.subject); return newcc; dup_error: if (newcc->pkey) gnutls_x509_privkey_deinit(newcc->pkey); if (newcc->cert.subject) gnutls_x509_crt_deinit(newcc->cert.subject); ne_free(newcc); return NULL; } /* Callback invoked when the SSL server requests a client certificate. */ static int provide_client_cert(gnutls_session_t session, const gnutls_datum_t *req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t *sign_algos, int sign_algos_length, #ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 gnutls_pcert_st **pcert, unsigned int *pcert_length, gnutls_privkey_t *pkey #else gnutls_retr2_st *st #endif ) { ne_session *sess = gnutls_session_get_ptr(session); if (!sess) { return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } NE_DEBUG(NE_DBG_SSL, "ssl: Client cert provider callback; %d CA names.\n", nreqs); if (!sess->client_cert && sess->ssl_provide_fn) { #ifdef HAVE_NEW_DN_API const ne_ssl_dname **dns; ne_ssl_dname *dnarray; unsigned dncount = 0; int n; dns = ne_malloc(nreqs * sizeof(ne_ssl_dname *)); dnarray = ne_calloc(nreqs * sizeof(ne_ssl_dname)); for (n = 0; n < nreqs; n++) { gnutls_x509_dn_t dn; if (gnutls_x509_dn_init(&dn) == 0) { dnarray[n].dn = dn; if (gnutls_x509_dn_import(dn, &req_ca_rdn[n]) == 0) { dns[dncount++] = &dnarray[n]; } else { gnutls_x509_dn_deinit(dn); } } } NE_DEBUG(NE_DBG_SSL, "ssl: Mapped %d CA names to %u DN objects.\n", nreqs, dncount); sess->ssl_provide_fn(sess->ssl_provide_ud, sess, dns, dncount); for (n = 0; n < nreqs; n++) { if (dnarray[n].dn) { gnutls_x509_dn_deinit(dnarray[n].dn); } } ne_free(dns); ne_free(dnarray); #else /* HAVE_NEW_DN_API */ /* Nothing to do here other than pretend no CA names were * given, and hope the caller can cope. */ sess->ssl_provide_fn(sess->ssl_provide_ud, sess, NULL, 0); #endif } if (sess->client_cert) { gnutls_certificate_type_t type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509 && (sess->client_cert->pkey || sess->client_cert->keyless)) { int ret; #ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 *pkey = gnutls_malloc(sizeof *pkey); gnutls_privkey_init(pkey); #ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT if (sess->client_cert->sign_func) { int algo = gnutls_x509_crt_get_pk_algorithm(sess->client_cert->cert.subject, NULL); NE_DEBUG(NE_DBG_SSL, "ssl: Signing for %s.\n", gnutls_pk_algorithm_get_name(algo)); ret = gnutls_privkey_import_ext(*pkey, algo, sess->client_cert->sign_ud, sess->client_cert->sign_func, NULL, 0); } else #endif if (sess->client_cert->keyless) { ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } else { ret = gnutls_privkey_import_x509(*pkey, sess->client_cert->pkey, 0); } if (ret) { NE_DEBUG(NE_DBG_SSL, "ssl: Failed to import private key: %s.\n", gnutls_strerror(ret)); ne_set_error(sess, _("Failed to import private key: %s"), gnutls_strerror(ret)); return ret; } *pcert = gnutls_calloc(1, sizeof **pcert); gnutls_pcert_import_x509(*pcert, sess->client_cert->cert.subject, 0); *pcert_length = 1; #else /* !HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 */ st->cert_type = type; st->ncerts = 1; st->cert.x509 = &sess->client_cert->cert.subject; st->key.x509 = sess->client_cert->pkey; /* tell GNU TLS not to deallocate the certs. */ st->deinit_all = 0; #endif } else { return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } } else { NE_DEBUG(NE_DBG_SSL, "ssl: No client certificate supplied.\n"); #ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 *pcert_length = 0; #else st->ncerts = 0; #endif sess->ssl_cc_requested = 1; return 0; } return 0; } void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert *cc) { sess->client_cert = dup_client_cert(cc); } ne_ssl_context *ne_ssl_context_create(int flags) { ne_ssl_context *ctx = ne_calloc(sizeof *ctx); gnutls_certificate_allocate_credentials(&ctx->cred); if (flags == NE_SSL_CTX_CLIENT) { #ifdef HAVE_GNUTLS_CERTIFICATE_SET_RETRIEVE_FUNCTION2 gnutls_certificate_set_retrieve_function2(ctx->cred, provide_client_cert); #else gnutls_certificate_client_set_retrieve_function(ctx->cred, provide_client_cert); #endif } gnutls_certificate_set_verify_flags(ctx->cred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); return ctx; } int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert, const char *key) { gnutls_certificate_set_x509_key_file(ctx->cred, cert, key, GNUTLS_X509_FMT_PEM); return 0; } int ne_ssl_context_set_verify(ne_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas) { ctx->verify = required; if (verify_cas) { gnutls_certificate_set_x509_trust_file(ctx->cred, verify_cas, GNUTLS_X509_FMT_PEM); } /* gnutls_certificate_send_x509_rdn_sequence in gnutls >= 1.2 can * be used to *suppress* sending the CA names, but not control it, * it seems. */ return 0; } void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) { /* SSLv2 not supported. */ } int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag) { return 0; } void ne_ssl_context_destroy(ne_ssl_context *ctx) { gnutls_certificate_free_credentials(ctx->cred); if (ctx->cache.client.data) { #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_free(ctx->cache.client.data); #else ne_free(ctx->cache.client.data); #endif } else if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); } ne_free(ctx); } #if !defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) && defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) /* Return the issuer of the given certificate, or NULL if none can be * found. */ static gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t *ca_list, unsigned int num_cas, gnutls_x509_crt_t cert) { unsigned int n; for (n = 0; n < num_cas; n++) { if (gnutls_x509_crt_check_issuer(cert, ca_list[n]) == 1) return ca_list[n]; } return NULL; } #endif /* Return the certificate chain sent by the peer, or NULL on error. */ static ne_ssl_certificate *make_peers_chain(gnutls_session_t sock, gnutls_certificate_credentials_t crd) { ne_ssl_certificate *current = NULL, *top = NULL; const gnutls_datum_t *certs; unsigned int n, count; ne_ssl_certificate *cert; certs = gnutls_certificate_get_peers(sock, &count); if (!certs) { return NULL; } NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count); for (n = 0; n < count; n++) { gnutls_x509_crt_t x5; if (gnutls_x509_crt_init(&x5) || gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) { if (top) { ne_ssl_cert_free(top); } return NULL; } cert = populate_cert(ne_calloc(sizeof *cert), x5); if (top == NULL) { current = top = cert; } else { current->issuer = cert; current = cert; } } #if defined(HAVE_GNUTLS_CERTIFICATE_GET_ISSUER) || defined(HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS) /* GnuTLS only returns the peers which were *sent* by the server * in the Certificate list during the handshake. Fill in the * complete chain manually against the certs we trust: */ if (current->issuer == NULL) { gnutls_x509_crt_t issuer; #ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER gnutls_x509_crt_t *ca_list; unsigned int num_cas; gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); #endif do { /* Look up the issuer. */ #ifndef HAVE_GNUTLS_CERTIFICATE_GET_ISSUER issuer = find_issuer(ca_list, num_cas, current->subject); #else if (gnutls_certificate_get_issuer(crd, current->subject, &issuer, 0)) issuer = NULL; #endif if (issuer) { issuer = x509_crt_copy(issuer); if (issuer == NULL) break; cert = populate_cert(ne_calloc(sizeof *cert), issuer); /* Check that the issuer does not match the current * cert. */ if (ne_ssl_cert_cmp(current, cert)) { current = current->issuer = cert; } else { ne_ssl_cert_free(cert); issuer = NULL; } } } while (issuer); } #endif return top; } /* Map from GnuTLS verify failure mask *status to NE_SSL_* failure * bitmask, which is returned. *status is modified, removing all * mapped bits. */ static int map_verify_failures(unsigned int *status) { static const struct { gnutls_certificate_status_t from; int to; } map[] = { { GNUTLS_CERT_REVOKED, NE_SSL_REVOKED }, #if LIBGNUTLS_VERSION_NUMBER >= 0x020800 { GNUTLS_CERT_NOT_ACTIVATED, NE_SSL_NOTYETVALID }, { GNUTLS_CERT_EXPIRED, NE_SSL_EXPIRED }, #endif { GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND, NE_SSL_UNTRUSTED }, { GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_CA, NE_SSL_UNTRUSTED } }; size_t n; int ret = 0; for (n = 0; n < sizeof(map)/sizeof(map[0]); n++) { if ((*status & map[n].from) == map[n].from) { *status &= ~map[n].from; ret |= map[n].to; } } return ret; } /* Return a malloc-allocated human-readable error string describing * GnuTLS verification error bitmask 'status'; return value must be * freed by the caller. */ static char *verify_error_string(unsigned int status) { ne_buffer *buf = ne_buffer_create(); /* sorry, i18n-ers */ if (status & GNUTLS_CERT_INSECURE_ALGORITHM) { ne_buffer_zappend(buf, _("signed using insecure algorithm")); } else { ne_buffer_snprintf(buf, 64, _("unrecognized errors (%u)"), status); } return ne_buffer_finish(buf); } /* Return NE_SSL_* failure bits after checking chain expiry. */ static int check_chain_expiry(ne_ssl_certificate *chain) { time_t before, after, now = time(NULL); ne_ssl_certificate *cert; int failures = 0; /* Check that all certs within the chain are inside their defined * validity period. Note that the errors flagged for the server * cert are different from the generic error for issues higher up * the chain. */ for (cert = chain; cert; cert = cert->issuer) { before = gnutls_x509_crt_get_activation_time(cert->subject); after = gnutls_x509_crt_get_expiration_time(cert->subject); if (now < before) failures |= (cert == chain) ? NE_SSL_NOTYETVALID : NE_SSL_BADCHAIN; else if (now > after) failures |= (cert == chain) ? NE_SSL_EXPIRED : NE_SSL_BADCHAIN; } return failures; } /* Verifies an SSL server certificate. */ static int check_certificate(ne_session *sess, gnutls_session_t sock, ne_ssl_certificate *chain) { int ret, failures = 0; ne_uri server; unsigned int status; memset(&server, 0, sizeof server); ne_fill_server_uri(sess, &server); ret = check_identity(&server, chain->subject, NULL); ne_uri_free(&server); if (ret < 0) { ne_set_error(sess, _("Server certificate was missing commonName " "attribute in subject name")); return NE_ERROR; } else if (ret > 0) { failures |= NE_SSL_IDMISMATCH; } failures |= check_chain_expiry(chain); ret = gnutls_certificate_verify_peers2(sock, &status); NE_DEBUG(NE_DBG_SSL, "ssl: Verify peers returned %d, status=%u\n", ret, status); if (ret != GNUTLS_E_SUCCESS) { ne_set_error(sess, _("Could not verify server certificate: %s"), gnutls_strerror(ret)); return NE_ERROR; } ret = map_verify_failures(&status); /* For CA expiry/not-yet-valid, mask out the failure bits if * they've been caught and treated as chain errors already by check_chain_expiry(). */ if ((ret & (NE_SSL_EXPIRED|NE_SSL_NOTYETVALID)) != 0 && (failures & NE_SSL_BADCHAIN) == NE_SSL_BADCHAIN) { ret &= ~(NE_SSL_EXPIRED|NE_SSL_NOTYETVALID); } failures |= ret; NE_DEBUG(NE_DBG_SSL, "ssl: Verification failures %d => %d (status = %u).\n", ret, failures, status); if (status && status != GNUTLS_CERT_INVALID) { char *errstr = verify_error_string(status); ne_set_error(sess, _("Certificate verification error: %s"), errstr); ne_free(errstr); return NE_ERROR; } if (failures == 0) { ret = NE_OK; } else { ne__ssl_set_verify_err(sess, failures); ret = NE_ERROR; if (sess->ssl_verify_fn && sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0) ret = NE_OK; } return ret; } /* Negotiate an SSL connection. */ int ne__negotiate_ssl(ne_session *sess) { ne_ssl_context *const ctx = sess->ssl_context; ne_ssl_certificate *chain; gnutls_session_t sock; NE_DEBUG(NE_DBG_SSL, "Negotiating SSL connection.\n"); /* Pass through the hostname if SNI is enabled. */ ctx->hostname = sess->flags[NE_SESSFLAG_TLS_SNI] ? sess->server.hostname : NULL; if (ne_sock_connect_ssl(sess->socket, ctx, sess)) { if (sess->ssl_cc_requested) { ne_set_error(sess, _("SSL handshake failed, " "client certificate was requested: %s"), ne_sock_error(sess->socket)); } else { ne_set_error(sess, _("SSL handshake failed: %s"), ne_sock_error(sess->socket)); } return NE_ERROR; } sock = ne__sock_sslsock(sess->socket); chain = make_peers_chain(sock, ctx->cred); if (chain == NULL) { ne_set_error(sess, _("Server did not send certificate chain")); return NE_ERROR; } if (sess->server_cert && ne_ssl_cert_cmp(sess->server_cert, chain) == 0) { /* Same cert as last time; presume OK. This is not optimal as * make_peers_chain() has already gone through and done the * expensive DER parsing stuff for the whole chain by now. */ ne_ssl_cert_free(chain); return NE_OK; } if (check_certificate(sess, sock, chain)) { ne_ssl_cert_free(chain); return NE_ERROR; } sess->server_cert = chain; return NE_OK; } const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert) { return &cert->issuer_dn; } const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert) { return &cert->subj_dn; } const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert) { return cert->issuer; } const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert) { return cert->identity; } void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert) { gnutls_x509_crt_t certs = cert->subject; gnutls_certificate_set_x509_trust(ctx->cred, &certs, 1); } void ne_ssl_trust_default_ca(ne_session *sess) { #ifdef NE_SSL_CA_BUNDLE gnutls_certificate_set_x509_trust_file(sess->ssl_context->cred, NE_SSL_CA_BUNDLE, GNUTLS_X509_FMT_PEM); #endif } /* Read the contents of file FILENAME into *DATUM. */ static int read_to_datum(const char *filename, gnutls_datum_t *datum) { FILE *f = fopen(filename, "r"); ne_buffer *buf; char tmp[4192]; size_t len; if (!f) { return -1; } buf = ne_buffer_ncreate(8192); while ((len = fread(tmp, 1, sizeof tmp, f)) > 0) { ne_buffer_append(buf, tmp, len); } if (!feof(f)) { fclose(f); ne_buffer_destroy(buf); return -1; } fclose(f); datum->size = ne_buffer_size(buf); datum->data = (unsigned char *)ne_buffer_finish(buf); return 0; } /* Parses a PKCS#12 structure and loads the certificate, private key * and friendly name if possible. Returns zero on success, non-zero * on error. */ static int pkcs12_parse(gnutls_pkcs12_t p12, gnutls_x509_privkey_t *pkey, gnutls_x509_crt_t *x5, char **friendly_name, const char *password) { gnutls_pkcs12_bag_t bag = NULL; int i, j, ret = 0; for (i = 0; ret == 0; ++i) { if (bag) gnutls_pkcs12_bag_deinit(bag); ret = gnutls_pkcs12_bag_init(&bag); if (ret < 0) continue; ret = gnutls_pkcs12_get_bag(p12, i, bag); if (ret < 0) continue; gnutls_pkcs12_bag_decrypt(bag, password); for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) { gnutls_pkcs12_bag_type_t type; gnutls_datum_t data; if (friendly_name && *friendly_name == NULL) { char *name = NULL; gnutls_pkcs12_bag_get_friendly_name(bag, j, &name); if (name) { if (name[0] == '.') name++; /* weird GnuTLS bug? */ *friendly_name = ne_strdup(name); } } type = gnutls_pkcs12_bag_get_type(bag, j); switch (type) { case GNUTLS_BAG_PKCS8_KEY: case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: /* Ignore any but the first key encountered; really * need to match up keyids. */ if (*pkey) break; gnutls_x509_privkey_init(pkey); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); if (ret < 0) continue; ret = gnutls_x509_privkey_import_pkcs8(*pkey, &data, GNUTLS_X509_FMT_DER, password, 0); if (ret < 0) continue; break; case GNUTLS_BAG_CERTIFICATE: /* Ignore any but the first cert encountered; again, * really need to match up keyids. */ if (*x5) break; ret = gnutls_x509_crt_init(x5); if (ret < 0) continue; ret = gnutls_pkcs12_bag_get_data(bag, j, &data); if (ret < 0) continue; ret = gnutls_x509_crt_import(*x5, &data, GNUTLS_X509_FMT_DER); if (ret < 0) continue; break; default: break; } } } /* Make sure last bag is freed */ if (bag) gnutls_pkcs12_bag_deinit(bag); /* Free in case of error */ if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (*x5) gnutls_x509_crt_deinit(*x5); if (*pkey) gnutls_x509_privkey_deinit(*pkey); if (friendly_name && *friendly_name) ne_free(*friendly_name); } if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = 0; return ret; } ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { gnutls_datum_t datum; ne_ssl_client_cert *cc; if (read_to_datum(filename, &datum)) return NULL; cc = ne_ssl_clicert_import(datum.data, datum.size); ne_free(datum.data); return cc; } ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen) { int ret; gnutls_datum_t data; gnutls_pkcs12_t p12; ne_ssl_client_cert *cc; char *friendly_name = NULL; gnutls_x509_crt_t cert = NULL; gnutls_x509_privkey_t pkey = NULL; /* The datum structure is not modified by gnutls_pkcs12_import, * cast safely: */ data.data = (unsigned char *)buffer; data.size = buflen; if (gnutls_pkcs12_init(&p12) != 0) { return NULL; } ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0); if (ret < 0) { gnutls_pkcs12_deinit(p12); return NULL; } if (gnutls_pkcs12_verify_mac(p12, "") == 0) { if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0 || !cert || !pkey) { gnutls_pkcs12_deinit(p12); return NULL; } cc = ne_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; cc->friendly_name = friendly_name; populate_cert(&cc->cert, cert); gnutls_pkcs12_deinit(p12); cc->p12 = NULL; return cc; } else { /* TODO: calling pkcs12_parse() here to find the friendly_name * seems to break horribly. */ cc = ne_calloc(sizeof *cc); cc->p12 = p12; return cc; } } #ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, gnutls_privkey_sign_func sign_func, void *userdata) { ne_ssl_client_cert *cc; gnutls_x509_crt_t x5; gnutls_datum_t datum; datum.data = (unsigned char *)der; datum.size = der_len; if (gnutls_x509_crt_init(&x5) || gnutls_x509_crt_import(x5, &datum, GNUTLS_X509_FMT_DER)) { NE_DEBUG(NE_DBG_SSL, "ssl: crt_import failed.\n"); return NULL; } cc = ne_calloc(sizeof *cc); cc->keyless = 1; cc->decrypted = 1; populate_cert(&cc->cert, x5); cc->sign_func = sign_func; cc->sign_ud = userdata; return cc; } #endif int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) { return !cc->decrypted; } int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) { int ret; gnutls_x509_crt_t cert = NULL; gnutls_x509_privkey_t pkey = NULL; if (gnutls_pkcs12_verify_mac(cc->p12, password) != 0) { return -1; } ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password); if (ret < 0) return ret; if (!cert || (!pkey && !cc->keyless)) { if (cert) gnutls_x509_crt_deinit(cert); if (pkey) gnutls_x509_privkey_deinit(pkey); return -1; } gnutls_pkcs12_deinit(cc->p12); populate_cert(&cc->cert, cert); cc->pkey = pkey; cc->decrypted = 1; cc->p12 = NULL; return 0; } const ne_ssl_certificate *ne_ssl_clicert_owner(const ne_ssl_client_cert *cc) { return &cc->cert; } const char *ne_ssl_clicert_name(const ne_ssl_client_cert *ccert) { return ccert->friendly_name; } ne_ssl_certificate *ne_ssl_cert_read(const char *filename) { int ret; gnutls_datum_t data; gnutls_x509_crt_t x5; if (read_to_datum(filename, &data)) return NULL; if (gnutls_x509_crt_init(&x5) != 0) return NULL; ret = gnutls_x509_crt_import(x5, &data, GNUTLS_X509_FMT_PEM); ne_free(data.data); if (ret < 0) { gnutls_x509_crt_deinit(x5); return NULL; } return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), x5); } int ne_ssl_cert_write(const ne_ssl_certificate *cert, const char *filename) { unsigned char buffer[10*1024]; size_t len = sizeof buffer; FILE *fp = fopen(filename, "w"); if (fp == NULL) return -1; if (gnutls_x509_crt_export(cert->subject, GNUTLS_X509_FMT_PEM, buffer, &len) < 0) { fclose(fp); return -1; } if (fwrite(buffer, len, 1, fp) != 1) { fclose(fp); return -1; } if (fclose(fp) != 0) return -1; return 0; } void ne_ssl_cert_free(ne_ssl_certificate *cert) { gnutls_x509_crt_deinit(cert->subject); if (cert->identity) ne_free(cert->identity); if (cert->issuer) ne_ssl_cert_free(cert->issuer); ne_free(cert); } int ne_ssl_cert_cmp(const ne_ssl_certificate *c1, const ne_ssl_certificate *c2) { char digest1[NE_SSL_DIGESTLEN], digest2[NE_SSL_DIGESTLEN]; if (ne_ssl_cert_digest(c1, digest1) || ne_ssl_cert_digest(c2, digest2)) { return -1; } return strcmp(digest1, digest2); } /* The certificate import/export format is the base64 encoding of the * raw DER; PEM without the newlines and wrapping. */ ne_ssl_certificate *ne_ssl_cert_import(const char *data) { int ret; size_t len; unsigned char *der; gnutls_datum_t buffer = { NULL, 0 }; gnutls_x509_crt_t x5; if (gnutls_x509_crt_init(&x5) != 0) return NULL; /* decode the base64 to get the raw DER representation */ len = ne_unbase64(data, &der); if (len == 0) return NULL; buffer.data = der; buffer.size = len; ret = gnutls_x509_crt_import(x5, &buffer, GNUTLS_X509_FMT_DER); ne_free(der); if (ret < 0) { gnutls_x509_crt_deinit(x5); return NULL; } return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), x5); } char *ne_ssl_cert_export(const ne_ssl_certificate *cert) { unsigned char *der; size_t len = 0; char *ret; /* find the length of the DER encoding. */ if (gnutls_x509_crt_export(cert->subject, GNUTLS_X509_FMT_DER, NULL, &len) != GNUTLS_E_SHORT_MEMORY_BUFFER) { return NULL; } der = ne_malloc(len); if (gnutls_x509_crt_export(cert->subject, GNUTLS_X509_FMT_DER, der, &len)) { ne_free(der); return NULL; } ret = ne_base64(der, len); ne_free(der); return ret; } static gnutls_digest_algorithm_t hash_to_alg(unsigned int flags) { switch (flags & NE_HASH_ALGMASK) { case NE_HASH_MD5: return GNUTLS_DIG_MD5; break; case NE_HASH_SHA256: return GNUTLS_DIG_SHA256; break; case NE_HASH_SHA512: return GNUTLS_DIG_SHA512; break; default: break; } return GNUTLS_DIG_UNKNOWN; } char *ne_ssl_cert_hdigest(const ne_ssl_certificate *cert, unsigned int flags) { gnutls_digest_algorithm_t alg = hash_to_alg(flags); unsigned char *dig; size_t len; char *rv; if (alg == GNUTLS_DIG_UNKNOWN) return NULL; if (gnutls_x509_crt_get_fingerprint(cert->subject, alg, NULL, &len) != GNUTLS_E_SHORT_MEMORY_BUFFER) { return NULL; } dig = ne_malloc(len); if (gnutls_x509_crt_get_fingerprint(cert->subject, alg, dig, &len) < 0) { ne_free(dig); return NULL; } rv = ne__strhash2hex(dig, len, flags); ne_free(dig); return rv; } int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char *digest) { char sha1[20], *p; int j; size_t len = sizeof sha1; if (gnutls_x509_crt_get_fingerprint(cert->subject, GNUTLS_DIG_SHA, sha1, &len) < 0) return -1; for (j = 0, p = digest; j < 20; j++) { *p++ = NE_HEX2ASC((sha1[j] >> 4) & 0x0f); *p++ = NE_HEX2ASC(sha1[j] & 0x0f); *p++ = ':'; } *--p = '\0'; return 0; } int ne__ssl_init(void) { #if LIBGNUTLS_VERSION_NUMBER < 0x020b01 #ifdef NE_HAVE_TS_SSL gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); #endif return gnutls_global_init(); } void ne__ssl_exit(void) { /* No way to unregister the thread callbacks. Doomed. */ #if LIBGNUTLS_VERSION_MAJOR > 1 || LIBGNUTLS_VERSION_MINOR > 3 \ || (LIBGNUTLS_VERSION_MINOR == 3 && LIBGNUTLS_VERSION_PATCH >= 3) /* It's safe to call gnutls_global_deinit() here only with * gnutls >= 1.3., since older versions don't refcount and * doing so would prevent any other use of gnutls within * the process. */ gnutls_global_deinit(); #endif } char *ne_vstrhash(unsigned int flags, va_list ap) { gnutls_digest_algorithm_t alg = hash_to_alg(flags); gnutls_hash_hd_t hd; unsigned char *out; const char *arg; unsigned len; char *rv; if (alg == GNUTLS_DIG_UNKNOWN) return NULL; if (gnutls_hash_init(&hd, alg) < 0) return NULL; while ((arg = va_arg(ap, const char *)) != NULL) gnutls_hash(hd, arg, strlen(arg)); len = gnutls_hash_get_len(alg); out = ne_malloc(len); gnutls_hash_deinit(hd, out); rv = ne__strhash2hex(out, len, flags); ne_free(out); return rv; } neon-0.32.2/src/ne_i18n.c000066400000000000000000000030011416727304000147270ustar00rootroot00000000000000/* Internationalization of neon Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include "ne_i18n.h" #ifdef HAVE_LIBINTL_H #include #endif void ne_i18n_init(const char *encoding) { #if defined(NE_HAVE_I18N) && defined(NEON_IS_LIBRARY) /* The bindtextdomain call is only enabled if neon is built as a * library rather than as a bundled source; it would be possible * in the future to allow it for bundled builds too, if the neon * message catalogs could be installed alongside the app's own * message catalogs. */ bindtextdomain("neon", LOCALEDIR); #ifdef HAVE_BIND_TEXTDOMAIN_CODESET if (encoding) { bind_textdomain_codeset("neon", encoding); } #endif /* HAVE_BIND_TEXTDOMAIN_CODESET */ #endif } neon-0.32.2/src/ne_i18n.h000066400000000000000000000037301416727304000147450ustar00rootroot00000000000000/* Internationalization of neon Copyright (C) 2005-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_I18N_H #define NE_I18N_H #include "ne_defs.h" NE_BEGIN_DECLS /* Initialize translated error messages within neon. If 'encoding' is * non-NULL, it specifies the character encoding for the generated * translated strings. If it is NULL, the appropriate character * encoding for the locale will be used. * * This call is only strictly necessary if either: * * a) neon has been installed into a different prefix than the * gettext() implementation on which it depends for i18n purposes, or * * b) the caller requires that translated messages are in a particular * character encoding. * * If ne_i18n_init() is never called, the message catalogs will not be * found if case (a) applies (and so English error messages will be * used), and will use the default character encoding specified by the * process locale. The library will otherwise operate correctly. * * Note that the encoding used is a process-global setting and so * results may be unexpected if other users of neon within the process * call ne_i18n_init() with a different encoding parameter. */ void ne_i18n_init(const char *encoding); NE_END_DECLS #endif /* NE_I18N_H */ neon-0.32.2/src/ne_internal.h000066400000000000000000000050331416727304000160000ustar00rootroot00000000000000/* Global interfaces private to neon. Copyright (C) 2005-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* NOTE WELL: The interfaces defined in this file are internal to neon * and MUST NOT be used by neon-based applications. */ #ifndef NE_INTERNAL_H #define NE_INTERNAL_H 1 #include "config.h" #ifdef HAVE_SYS_LIMITS_H #include #endif #ifdef HAVE_LIMITS_H #include /* for UINT_MAX etc */ #endif #include "ne_defs.h" #undef _ #ifdef NE_HAVE_I18N #include #define _(str) dgettext(PACKAGE_NAME, str) #else #define _(str) (str) #endif /* NE_ENABLE_NLS */ #define N_(str) (str) #if !defined(LONG_LONG_MAX) && defined(LLONG_MAX) #define LONG_LONG_MAX LLONG_MAX #elif !defined(LONG_LONG_MAX) && defined(LONGLONG_MAX) #define LONG_LONG_MAX LONGLONG_MAX #endif #if defined(NE_LFS) #define ne_lseek lseek64 #define FMT_NE_OFF_T NE_FMT_OFF64_T #define NE_OFFT_MAX LONG_LONG_MAX #ifdef HAVE_STRTOLL #define ne_strtoff strtoll #else #define ne_strtoff strtoq #endif #else /* !NE_LFS */ #define ne_lseek lseek #define FMT_NE_OFF_T NE_FMT_OFF_T #if defined(SIZEOF_LONG_LONG) && defined(LONG_LONG_MAX) \ && SIZEOF_OFF_T == SIZEOF_LONG_LONG #define NE_OFFT_MAX LONG_LONG_MAX #else #define NE_OFFT_MAX LONG_MAX #endif #if SIZEOF_OFF_T > SIZEOF_LONG && defined(HAVE_STRTOLL) #define ne_strtoff strtoll #elif SIZEOF_OFF_T > SIZEOF_LONG && defined(HAVE_STRTOQ) #define ne_strtoff strtoq #else #define ne_strtoff strtol #endif #endif /* NE_LFS */ #define NE_HASH_ALGMASK (0x000f) /* Return malloc-allocated ASCII hexadecimal representation of * input. */ NE_PRIVATE char *ne__strhash2hex(const unsigned char *digest, size_t len, unsigned int flags); #ifdef HAVE_EXPLICIT_BZERO #define ne__strzero(s, n) explicit_bzero(s, n) #else #define ne__strzero(s, n) memset(s, 0, n) #endif #endif /* NE_INTERNAL_H */ neon-0.32.2/src/ne_locks.c000066400000000000000000000560241416727304000153000ustar00rootroot00000000000000/* WebDAV Class 2 locking operations Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_LIMITS_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #include #include /* for isdigit() */ #include "ne_alloc.h" #include "ne_request.h" #include "ne_xml.h" #include "ne_locks.h" #include "ne_uri.h" #include "ne_basic.h" #include "ne_props.h" #include "ne_207.h" #include "ne_internal.h" #include "ne_xmlreq.h" #define HOOK_ID "http://webdav.org/neon/hooks/webdav-locking" /* A list of lock objects. */ struct lock_list { struct ne_lock *lock; struct lock_list *next, *prev; }; struct ne_lock_store_s { struct lock_list *locks; struct lock_list *cursor; /* current position in 'locks' */ }; struct lh_req_cookie { const ne_lock_store *store; struct lock_list *submit; }; /* Context for PROPFIND/lockdiscovery callbacks */ struct discover_ctx { ne_propfind_handler *phandler; ne_lock_result results; void *userdata; ne_buffer *cdata; }; /* Context for handling LOCK response */ struct lock_ctx { struct ne_lock active; /* activelock */ ne_request *req; /* the request in question */ ne_xml_parser *parser; char *token; /* the token we're after. */ int found; ne_buffer *cdata; }; /* use the "application" state space. */ #define ELM_LOCK_FIRST (NE_PROPS_STATE_TOP + 66) #define ELM_lockdiscovery (ELM_LOCK_FIRST) #define ELM_activelock (ELM_LOCK_FIRST + 1) #define ELM_lockscope (ELM_LOCK_FIRST + 2) #define ELM_locktype (ELM_LOCK_FIRST + 3) #define ELM_depth (ELM_LOCK_FIRST + 4) #define ELM_owner (ELM_LOCK_FIRST + 5) #define ELM_timeout (ELM_LOCK_FIRST + 6) #define ELM_locktoken (ELM_LOCK_FIRST + 7) #define ELM_lockinfo (ELM_LOCK_FIRST + 8) #define ELM_write (ELM_LOCK_FIRST + 9) #define ELM_exclusive (ELM_LOCK_FIRST + 10) #define ELM_shared (ELM_LOCK_FIRST + 11) #define ELM_href (ELM_LOCK_FIRST + 12) #define ELM_prop (NE_207_STATE_PROP) static const struct ne_xml_idmap element_map[] = { #define ELM(x) { "DAV:", #x, ELM_ ## x } ELM(lockdiscovery), ELM(activelock), ELM(prop), ELM(lockscope), ELM(locktype), ELM(depth), ELM(owner), ELM(timeout), ELM(locktoken), ELM(lockinfo), ELM(lockscope), ELM(locktype), ELM(write), ELM(exclusive), ELM(shared), ELM(href) /* no "lockentry" */ #undef ELM }; static const ne_propname lock_props[] = { { "DAV:", "lockdiscovery" }, { NULL } }; /* this simply registers the accessor for the function. */ static void lk_create(ne_request *req, void *session, const char *method, const char *uri) { struct lh_req_cookie *lrc = ne_malloc(sizeof *lrc); lrc->store = session; lrc->submit = NULL; ne_set_request_private(req, HOOK_ID, lrc); } static void lk_pre_send(ne_request *r, void *userdata, ne_buffer *req) { struct lh_req_cookie *lrc = ne_get_request_private(r, HOOK_ID); if (lrc->submit != NULL) { struct lock_list *item; int ntl = ne_get_session_flag(ne_get_session(r), NE_SESSFLAG_SHAREPOINT); /* Sharepoint doesn't like the more-accurate tagged-list * format for If: headers, so use the no-tag-list format iff * the Sharepoint hacks flag is enabled. See * */ if (ntl) NE_DEBUG(NE_DBG_LOCKS, "lock: Using no-tag-list If: header construction\n"); /* Add in the If header */ ne_buffer_zappend(req, ntl ? "If: (" : "If:"); for (item = lrc->submit; item != NULL; item = item->next) { if (ntl) { ne_buffer_concat(req, "<", item->lock->token, ">", item->next ? " " : "", NULL); } else { char *uri = ne_uri_unparse(&item->lock->uri); ne_buffer_concat(req, " <", uri, "> (<", item->lock->token, ">)", NULL); ne_free(uri); } } ne_buffer_zappend(req, ntl ? ")\r\n" : "\r\n"); } } /* Insert 'lock' into lock list *list. */ static void insert_lock(struct lock_list **list, struct ne_lock *lock) { struct lock_list *item = ne_malloc(sizeof *item); if (*list != NULL) { (*list)->prev = item; } item->prev = NULL; item->next = *list; item->lock = lock; *list = item; } static void free_list(struct lock_list *list, int destroy) { struct lock_list *next; while (list != NULL) { next = list->next; if (destroy) ne_lock_destroy(list->lock); ne_free(list); list = next; } } static void lk_destroy(ne_request *req, void *userdata) { struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID); free_list(lrc->submit, 0); ne_free(lrc); } void ne_lockstore_destroy(ne_lock_store *store) { free_list(store->locks, 1); ne_free(store); } ne_lock_store *ne_lockstore_create(void) { return ne_calloc(sizeof(ne_lock_store)); } #define CURSOR_RET(s) ((s)->cursor?(s)->cursor->lock:NULL) struct ne_lock *ne_lockstore_first(ne_lock_store *store) { store->cursor = store->locks; return CURSOR_RET(store); } struct ne_lock *ne_lockstore_next(ne_lock_store *store) { store->cursor = store->cursor->next; return CURSOR_RET(store); } void ne_lockstore_register(ne_lock_store *store, ne_session *sess) { /* Register the hooks */ ne_hook_create_request(sess, lk_create, store); ne_hook_pre_send(sess, lk_pre_send, store); ne_hook_destroy_request(sess, lk_destroy, store); } /* Submit the given lock for the given URI */ static void submit_lock(struct lh_req_cookie *lrc, struct ne_lock *lock) { struct lock_list *item; /* Check for dups */ for (item = lrc->submit; item != NULL; item = item->next) { if (ne_strcasecmp(item->lock->token, lock->token) == 0) return; } insert_lock(&lrc->submit, lock); } struct ne_lock *ne_lockstore_findbyuri(ne_lock_store *store, const ne_uri *uri) { struct lock_list *cur; for (cur = store->locks; cur != NULL; cur = cur->next) { if (ne_uri_cmp(&cur->lock->uri, uri) == 0) { return cur->lock; } } return NULL; } void ne_lock_using_parent(ne_request *req, const char *path) { struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID); ne_uri u = {0}; struct lock_list *item; char *parent; if (lrc == NULL) return; parent = ne_path_parent(path); if (parent == NULL) return; ne_fill_server_uri(ne_get_session(req), &u); for (item = lrc->store->locks; item != NULL; item = item->next) { /* Only care about locks which are on this server. */ u.path = item->lock->uri.path; if (ne_uri_cmp(&u, &item->lock->uri)) continue; /* This lock is needed if it is an infinite depth lock which * covers the parent, or a lock on the parent itself. */ if ((item->lock->depth == NE_DEPTH_INFINITE && ne_path_childof(item->lock->uri.path, parent)) || ne_path_compare(item->lock->uri.path, parent) == 0) { NE_DEBUG(NE_DBG_LOCKS, "Locked parent, %s on %s\n", item->lock->token, item->lock->uri.path); submit_lock(lrc, item->lock); } } u.path = parent; /* handy: makes u.path valid and ne_free(parent). */ ne_uri_free(&u); } void ne_lock_using_resource(ne_request *req, const char *uri, int depth) { struct lh_req_cookie *lrc = ne_get_request_private(req, HOOK_ID); struct lock_list *item; int match; if (lrc == NULL) return; /* Iterate over the list of stored locks to see if any of them * apply to this resource */ for (item = lrc->store->locks; item != NULL; item = item->next) { match = 0; if (depth == NE_DEPTH_INFINITE && ne_path_childof(uri, item->lock->uri.path)) { /* Case 1: this is a depth-infinity request which will * modify a lock somewhere inside the collection. */ NE_DEBUG(NE_DBG_LOCKS, "Has child: %s\n", item->lock->token); match = 1; } else if (ne_path_compare(uri, item->lock->uri.path) == 0) { /* Case 2: this request is directly on a locked resource */ NE_DEBUG(NE_DBG_LOCKS, "Has direct lock: %s\n", item->lock->token); match = 1; } else if (item->lock->depth == NE_DEPTH_INFINITE && ne_path_childof(item->lock->uri.path, uri)) { /* Case 3: there is a higher-up infinite-depth lock which * covers the resource that this request will modify. */ NE_DEBUG(NE_DBG_LOCKS, "Is child of: %s\n", item->lock->token); match = 1; } if (match) { submit_lock(lrc, item->lock); } } } void ne_lockstore_add(ne_lock_store *store, struct ne_lock *lock) { insert_lock(&store->locks, lock); } void ne_lockstore_remove(ne_lock_store *store, struct ne_lock *lock) { struct lock_list *item; /* Find the lock */ for (item = store->locks; item != NULL; item = item->next) if (item->lock == lock) break; /* API condition that lock is present in the store. */ assert(item); if (item->prev != NULL) { item->prev->next = item->next; } else { store->locks = item->next; } if (item->next != NULL) { item->next->prev = item->prev; } ne_free(item); } struct ne_lock *ne_lock_copy(const struct ne_lock *lock) { struct ne_lock *ret = ne_calloc(sizeof *ret); ne_uri_copy(&ret->uri, &lock->uri); ret->token = ne_strdup(lock->token); ret->depth = lock->depth; ret->type = lock->type; ret->scope = lock->scope; if (lock->owner) ret->owner = ne_strdup(lock->owner); ret->timeout = lock->timeout; return ret; } struct ne_lock *ne_lock_create(void) { struct ne_lock *lock = ne_calloc(sizeof *lock); lock->depth = NE_DEPTH_ZERO; lock->type = ne_locktype_write; lock->scope = ne_lockscope_exclusive; lock->timeout = NE_TIMEOUT_INVALID; return lock; } void ne_lock_free(struct ne_lock *lock) { ne_uri_free(&lock->uri); if (lock->owner) { ne_free(lock->owner); lock->owner = NULL; } if (lock->token) { ne_free(lock->token); lock->token = NULL; } } void ne_lock_destroy(struct ne_lock *lock) { ne_lock_free(lock); ne_free(lock); } int ne_unlock(ne_session *sess, const struct ne_lock *lock) { ne_request *req = ne_request_create(sess, "UNLOCK", lock->uri.path); int ret; ne_print_request_header(req, "Lock-Token", "<%s>", lock->token); /* UNLOCK of a lock-null resource removes the resource from the * parent collection; so an UNLOCK may modify the parent * collection. (somewhat counter-intuitive, and not easily derived * from 2518.) */ ne_lock_using_parent(req, lock->uri.path); ret = ne_request_dispatch(req); if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } static int parse_depth(const char *depth) { if (ne_strcasecmp(depth, "infinity") == 0) { return NE_DEPTH_INFINITE; } else if (isdigit(depth[0])) { return atoi(depth); } else { return -1; } } static long parse_timeout(const char *timeout) { if (ne_strcasecmp(timeout, "infinite") == 0) { return NE_TIMEOUT_INFINITE; } else if (strncasecmp(timeout, "Second-", 7) == 0) { unsigned long ut; /* The value for a lock timeout should be unsigned 32-bit per * but the * ne_lock API used a "long" timeout, so map anything bigger * to LONG_MAX. */ errno = 0; ut = strtoul(timeout+7, NULL, 10); if (ut == ULONG_MAX && errno == ERANGE) return NE_TIMEOUT_INVALID; if (ut > LONG_MAX) return LONG_MAX; else return (long)ut; } else { return NE_TIMEOUT_INVALID; } } static void discover_results(void *userdata, const ne_uri *uri, const ne_prop_result_set *set) { struct discover_ctx *ctx = userdata; struct ne_lock *lock = ne_propset_private(set); const ne_status *status = ne_propset_status(set, &lock_props[0]); /* Require at least that the lock has a token. */ if (lock->token) { if (status && status->klass != 2) { ctx->results(ctx->userdata, NULL, uri, status); } else { ctx->results(ctx->userdata, lock, uri, NULL); } } else if (status) { ctx->results(ctx->userdata, NULL, uri, status); } NE_DEBUG(NE_DBG_LOCKS, "End of response for %s\n", uri->path); } static int end_element_common(struct ne_lock *l, int state, const char *cdata) { switch (state) { case ELM_write: l->type = ne_locktype_write; break; case ELM_exclusive: l->scope = ne_lockscope_exclusive; break; case ELM_shared: l->scope = ne_lockscope_shared; break; case ELM_depth: NE_DEBUG(NE_DBG_LOCKS, "Got depth: %s\n", cdata); l->depth = parse_depth(cdata); if (l->depth == -1) { return -1; } break; case ELM_timeout: NE_DEBUG(NE_DBG_LOCKS, "Got timeout: %s\n", cdata); l->timeout = parse_timeout(cdata); if (l->timeout == NE_TIMEOUT_INVALID) { return -1; } break; case ELM_owner: l->owner = strdup(cdata); break; case ELM_href: l->token = strdup(cdata); break; } return 0; } /* End-element handler for lock discovery PROPFIND response */ static int end_element_ldisc(void *userdata, int state, const char *nspace, const char *name) { struct discover_ctx *ctx = userdata; struct ne_lock *lock = ne_propfind_current_private(ctx->phandler); return end_element_common(lock, state, ctx->cdata->data); } static inline int can_accept(int parent, int id) { return (parent == NE_XML_STATEROOT && id == ELM_prop) || (parent == ELM_prop && id == ELM_lockdiscovery) || (parent == ELM_lockdiscovery && id == ELM_activelock) || (parent == ELM_activelock && (id == ELM_lockscope || id == ELM_locktype || id == ELM_depth || id == ELM_owner || id == ELM_timeout || id == ELM_locktoken)) || (parent == ELM_lockscope && (id == ELM_exclusive || id == ELM_shared)) || (parent == ELM_locktype && id == ELM_write) || (parent == ELM_locktoken && id == ELM_href); } static int ld_startelm(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { struct discover_ctx *ctx = userdata; int id = ne_xml_mapid(element_map, NE_XML_MAPLEN(element_map), nspace, name); ne_buffer_clear(ctx->cdata); if (can_accept(parent, id)) return id; else return NE_XML_DECLINE; } #define MAX_CDATA (256) static int lk_cdata(void *userdata, int state, const char *cdata, size_t len) { struct lock_ctx *ctx = userdata; if (ctx->cdata->used + len < MAX_CDATA) ne_buffer_append(ctx->cdata, cdata, len); return 0; } static int ld_cdata(void *userdata, int state, const char *cdata, size_t len) { struct discover_ctx *ctx = userdata; if (ctx->cdata->used + len < MAX_CDATA) ne_buffer_append(ctx->cdata, cdata, len); return 0; } static int lk_startelm(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { struct lock_ctx *ctx = userdata; int id; id = ne_xml_mapid(element_map, NE_XML_MAPLEN(element_map), nspace, name); NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: %s => %d\n", name, id); if (id == 0) return NE_XML_DECLINE; if (parent == 0 && ctx->token == NULL) { const char *token = ne_get_response_header(ctx->req, "Lock-Token"); /* at the root element; retrieve the Lock-Token header, * and bail if it wasn't given. */ if (token == NULL) { ne_xml_set_error(ctx->parser, _("LOCK response missing Lock-Token header")); return NE_XML_ABORT; } if (token[0] == '<') token++; ctx->token = ne_strdup(token); ne_shave(ctx->token, ">"); NE_DEBUG(NE_DBG_LOCKS, "lk_startelm: Finding token %s\n", ctx->token); } /* TODO: only accept 'prop' as root for LOCK response */ if (!can_accept(parent, id)) return NE_XML_DECLINE; if (id == ELM_activelock && !ctx->found) { /* a new activelock */ ne_lock_free(&ctx->active); memset(&ctx->active, 0, sizeof ctx->active); ctx->active.timeout = NE_TIMEOUT_INVALID; } ne_buffer_clear(ctx->cdata); return id; } /* End-element handler for LOCK response */ static int lk_endelm(void *userdata, int state, const char *nspace, const char *name) { struct lock_ctx *ctx = userdata; if (ctx->found) return 0; if (end_element_common(&ctx->active, state, ctx->cdata->data)) return -1; if (state == ELM_activelock) { if (ctx->active.token && strcmp(ctx->active.token, ctx->token) == 0) { ctx->found = 1; } } return 0; } /* Creator callback for private structure. */ static void *ld_create(void *userdata, const ne_uri *uri) { struct ne_lock *lk = ne_lock_create(); ne_uri_copy(&lk->uri, uri); return lk; } /* Destructor callback for private structure. */ static void ld_destroy(void *userdata, void *private) { struct ne_lock *lk = private; ne_lock_destroy(lk); } /* Discover all locks on URI */ int ne_lock_discover(ne_session *sess, const char *uri, ne_lock_result callback, void *userdata) { ne_propfind_handler *handler; struct discover_ctx ctx = {0}; int ret; ctx.results = callback; ctx.userdata = userdata; ctx.cdata = ne_buffer_create(); ctx.phandler = handler = ne_propfind_create(sess, uri, NE_DEPTH_ZERO); ne_propfind_set_private(handler, ld_create, ld_destroy, &ctx); ne_xml_push_handler(ne_propfind_get_parser(handler), ld_startelm, ld_cdata, end_element_ldisc, &ctx); ret = ne_propfind_named(handler, lock_props, discover_results, &ctx); ne_buffer_destroy(ctx.cdata); ne_propfind_destroy(handler); return ret; } static void add_timeout_header(ne_request *req, long timeout) { if (timeout == NE_TIMEOUT_INFINITE) { ne_add_request_header(req, "Timeout", "Infinite"); } else if (timeout != NE_TIMEOUT_INVALID && timeout > 0) { ne_print_request_header(req, "Timeout", "Second-%ld", timeout); } /* just ignore it if timeout == 0 or invalid. */ } int ne_lock(ne_session *sess, struct ne_lock *lock) { ne_request *req = ne_request_create(sess, "LOCK", lock->uri.path); ne_buffer *body = ne_buffer_create(); ne_xml_parser *parser = ne_xml_create(); int ret; struct lock_ctx ctx; memset(&ctx, 0, sizeof ctx); ctx.cdata = ne_buffer_create(); ctx.req = req; ctx.parser = parser; /* LOCK is not idempotent. */ ne_set_request_flag(req, NE_REQFLAG_IDEMPOTENT, 0); ne_xml_push_handler(parser, lk_startelm, lk_cdata, lk_endelm, &ctx); /* Create the body */ ne_buffer_concat(body, "\n" "\n" " ", lock->scope==ne_lockscope_exclusive? "":"", "\n" "", NULL); if (lock->owner) { ne_buffer_concat(body, "", lock->owner, "\n", NULL); } ne_buffer_czappend(body, "\n"); ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); ne_add_depth_header(req, lock->depth); add_timeout_header(req, lock->timeout); /* TODO: * By 2518, we need this only if we are creating a lock-null resource. * Since we don't KNOW whether the lock we're given is a lock-null * or not, we cover our bases. */ ne_lock_using_parent(req, lock->uri.path); /* This one is clearer from 2518 sec 8.10.4. */ ne_lock_using_resource(req, lock->uri.path, lock->depth); ret = ne_xml_dispatch_request(req, parser); ne_buffer_destroy(body); ne_buffer_destroy(ctx.cdata); if (ret == NE_OK && ne_get_status(req)->klass == 2) { if (ne_get_status(req)->code == 207) { ret = NE_ERROR; /* TODO: set the error string appropriately */ } else if (ctx.found) { /* it worked: copy over real lock details if given. */ if (lock->token) ne_free(lock->token); lock->token = ctx.token; ctx.token = NULL; if (ctx.active.timeout != NE_TIMEOUT_INVALID) lock->timeout = ctx.active.timeout; lock->scope = ctx.active.scope; lock->type = ctx.active.type; if (ctx.active.depth >= 0) lock->depth = ctx.active.depth; if (ctx.active.owner) { if (lock->owner) ne_free(lock->owner); lock->owner = ctx.active.owner; ctx.active.owner = NULL; } } else { ret = NE_ERROR; ne_set_error(sess, _("Response missing activelock for %s"), ctx.token); } } else if (ret == NE_OK /* && status != 2xx */) { ret = NE_ERROR; } ne_lock_free(&ctx.active); if (ctx.token) ne_free(ctx.token); ne_request_destroy(req); ne_xml_destroy(parser); return ret; } int ne_lock_refresh(ne_session *sess, struct ne_lock *lock) { ne_request *req = ne_request_create(sess, "LOCK", lock->uri.path); ne_xml_parser *parser = ne_xml_create(); int ret; struct lock_ctx ctx; memset(&ctx, 0, sizeof ctx); ctx.cdata = ne_buffer_create(); ctx.req = req; ctx.token = lock->token; ctx.parser = parser; /* Handle the response and update *lock appropriately. */ ne_xml_push_handler(parser, lk_startelm, lk_cdata, lk_endelm, &ctx); /* For a lock refresh, submitting only this lock token must be * sufficient. */ ne_print_request_header(req, "If", "(<%s>)", lock->token); add_timeout_header(req, lock->timeout); ret = ne_xml_dispatch_request(req, parser); if (ret == NE_OK) { if (ne_get_status(req)->klass != 2) { ret = NE_ERROR; /* and use default session error */ } else if (!ctx.found) { ne_set_error(sess, _("No activelock for <%s> returned in " "LOCK refresh response"), lock->token); ret = NE_ERROR; } else /* success! */ { /* update timeout for passed-in lock structure. */ lock->timeout = ctx.active.timeout; } } ne_lock_free(&ctx.active); ne_buffer_destroy(ctx.cdata); ne_request_destroy(req); ne_xml_destroy(parser); return ret; } neon-0.32.2/src/ne_locks.h000066400000000000000000000146541416727304000153100ustar00rootroot00000000000000/* WebDAV Class 2 locking operations Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_LOCKS_H #define NE_LOCKS_H #include "ne_request.h" /* for ne_session + ne_request */ #include "ne_uri.h" /* for ne_uri */ NE_BEGIN_DECLS /* The scope of a lock */ enum ne_lock_scope { ne_lockscope_exclusive, ne_lockscope_shared }; /* Lock type. Only write locks are defined in RFC2518. */ enum ne_lock_type { ne_locktype_write }; /* A lock object. */ struct ne_lock { ne_uri uri; int depth; /* the depth of the lock (NE_DEPTH_*). */ enum ne_lock_type type; enum ne_lock_scope scope; char *token; /* the lock token: uniquely identifies this lock. */ char *owner; /* string describing the owner of the lock. */ long timeout; /* timeout in seconds. (or NE_TIMEOUT_*) */ }; /* NB: struct ne_lock Would be typedef'ed to ne_lock except lock is * a verb and a noun, so we already have ne_lock the function. Damn * the English language. */ #define NE_TIMEOUT_INFINITE -1 #define NE_TIMEOUT_INVALID -2 /* Create a depth zero, exclusive write lock, with default timeout * (allowing a server to pick a default). token, owner and uri are * unset. */ struct ne_lock *ne_lock_create(void); /* HINT: to initialize uri host/port/scheme for the lock's URI, use * ne_fill_server_uri from ne_session.h. */ /* Deep-copy a lock structure: strdup's any of path, token, owner, * hostport which are set. */ struct ne_lock *ne_lock_copy(const struct ne_lock *lock); /* Free a lock structure; free's any of any of the URI, token and * owner which are set, but not the lock object itself. */ void ne_lock_free(struct ne_lock *lock); /* Like ne_lock_free; but free's the lock object itself too. */ void ne_lock_destroy(struct ne_lock *lock); /* ne_lock_store: an opaque type which is used to store a set of lock * objects. */ typedef struct ne_lock_store_s ne_lock_store; /* Create a lock store. */ ne_lock_store *ne_lockstore_create(void); /* Register the lock store 'store' with the HTTP session 'sess': any * operations made using 'sess' which operate on a locked resource, * can use the locks from 'store' if needed. */ void ne_lockstore_register(ne_lock_store *store, ne_session *sess); /* Destroy a lock store, free'ing any locks remaining inside. */ void ne_lockstore_destroy(ne_lock_store *store); /* Add a lock to the store: the store then "owns" the lock object, and * you must not free it. The lock MUST have all of: * - a completed URI structure: scheme, host, port, and path all set * - a valid lock token * - a valid depth */ void ne_lockstore_add(ne_lock_store *store, struct ne_lock *lock); /* Remove given lock object from store: 'lock' MUST point to a lock * object which is known to be in the store. */ void ne_lockstore_remove(ne_lock_store *store, struct ne_lock *lock); /* Returns the first lock in the lock store, or NULL if the store is * empty. */ struct ne_lock *ne_lockstore_first(ne_lock_store *store); /* After ne_lockstore_first has been called; returns the next lock in * the lock store, or NULL if there are no more locks stored. * Behaviour is undefined if ne_lockstore_first has not been called on * 'store' since the store was created, or the last time this function * returned NULL for the store.. */ struct ne_lock *ne_lockstore_next(ne_lock_store *store); /* Find a lock in the store for the given server, and with the given * path. */ struct ne_lock *ne_lockstore_findbyuri(ne_lock_store *store, const ne_uri *uri); /* Issue a LOCK request for the given lock. Requires that the uri, * depth, type, scope, and timeout members of 'lock' are filled in. * owner and token must be malloc-allocated if not NULL; and may be * free()d by this function. On successful return, lock->token will * contain the lock token. */ int ne_lock(ne_session *sess, struct ne_lock *lock); /* Issue an UNLOCK request for the given lock */ int ne_unlock(ne_session *sess, const struct ne_lock *lock); /* Refresh a lock; returns an NE_* code. If lock->timeout is non-zero * on entry, the server is requested to update the lock timeout to the * given value (per RFC4918§7.7, servers MAY ignore the requested * timeout). On success, lock->timeout is updated to the new timeout * given by the server. */ int ne_lock_refresh(ne_session *sess, struct ne_lock *lock); /* Callback for lock discovery. If 'lock' is NULL, something went * wrong performing lockdiscovery for the resource, look at 'status' * for the details. * * If lock is non-NULL, at least lock->uri and lock->token will be * filled in; and status will be NULL. */ typedef void (*ne_lock_result)(void *userdata, const struct ne_lock *lock, const ne_uri *uri, const ne_status *status); /* Perform lock discovery on the given path. 'result' is called with * the results (possibly >1 times). */ int ne_lock_discover(ne_session *sess, const char *path, ne_lock_result result, void *userdata); /* The ne_lock_using_* functions should be used before dispatching a * request which modify resources. If a lock store has been * registered with the session associated with the request, and locks * are present in the lock store which cover the resources which are * being modified by the request, then the appropriate lock tokens are * submitted in the request headers. */ /* Indicate that request 'req' will modify the resource at 'path', and * is an operation of given 'depth'. */ void ne_lock_using_resource(ne_request *req, const char *path, int depth); /* Indicate that request 'req' will modify the parent collection of * the resource found at 'path' (for instance when removing the * resource from the collection). */ void ne_lock_using_parent(ne_request *req, const char *path); NE_END_DECLS #endif /* NE_LOCKS_H */ neon-0.32.2/src/ne_md5.c000066400000000000000000000360621416727304000146520ustar00rootroot00000000000000/* md5.c - Functions to compute MD5 message digest of files or memory blocks according to the definition of MD5 in RFC 1321 from April 1992. Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Written by Ulrich Drepper , 1995. */ #include "config.h" #include #include #include #ifdef HAVE_LIMITS_H # include #endif #ifdef HAVE_OPENSSL #include #endif #include "ne_md5.h" #include "ne_string.h" /* for NE_ASC2HEX */ #if SIZEOF_INT == 4 typedef unsigned int md5_uint32; #elif SIZEOF_LONG == 4 typedef unsigned long md5_uint32; #else # error "Cannot determine unsigned 32-bit data type." #endif #define md5_process_block ne_md5_process_block #define md5_process_bytes ne_md5_process_bytes #define md5_finish_ctx ne_md5_finish_ctx #define md5_read_ctx ne_md5_read_ctx #define md5_stream ne_md5_stream #define md5_ctx ne_md5_ctx #ifdef WORDS_BIGENDIAN # define SWAP(n) \ (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) #else # define SWAP(n) (n) #endif /* Structure to save state of computation between the single steps. */ struct md5_ctx { #ifdef HAVE_OPENSSL MD5_CTX ctx; #else md5_uint32 A; md5_uint32 B; md5_uint32 C; md5_uint32 D; md5_uint32 total[2]; md5_uint32 buflen; char buffer[128]; #endif }; #ifndef HAVE_OPENSSL /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. (RFC 1321, 3.1: Step 1) */ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; /* Initialize structure containing state of computation. (RFC 1321, 3.3: Step 3) */ static void md5_init_ctx (struct md5_ctx *ctx) { ctx->A = 0x67452301; ctx->B = 0xefcdab89; ctx->C = 0x98badcfe; ctx->D = 0x10325476; ctx->total[0] = ctx->total[1] = 0; ctx->buflen = 0; } struct ne_md5_ctx * ne_md5_create_ctx(void) { struct md5_ctx *ctx = ne_malloc(sizeof *ctx); md5_init_ctx(ctx); return ctx; } extern void ne_md5_reset_ctx(struct ne_md5_ctx *ctx) { md5_init_ctx(ctx); } struct ne_md5_ctx * ne_md5_dup_ctx(struct ne_md5_ctx *ctx) { return memcpy(ne_malloc(sizeof *ctx), ctx, sizeof *ctx); } void ne_md5_destroy_ctx(struct ne_md5_ctx *ctx) { ne_free(ctx); } /* Process the remaining bytes in the internal buffer and the usual prolog according to the standard and write the result to RESBUF. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ void * md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) { /* Take yet unprocessed bytes into account. */ md5_uint32 bytes = ctx->buflen; md5_uint32 swap_bytes; size_t pad; /* Now count remaining bytes. */ ctx->total[0] += bytes; if (ctx->total[0] < bytes) ++ctx->total[1]; pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; memcpy (&ctx->buffer[bytes], fillbuf, pad); /* Put the 64-bit file length in *bits* at the end of the buffer. Use memcpy to avoid aliasing problems. On most systems, this will be optimized away to the same code. */ swap_bytes = SWAP (ctx->total[0] << 3); memcpy (&ctx->buffer[bytes + pad], &swap_bytes, sizeof (swap_bytes)); swap_bytes = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); memcpy (&ctx->buffer[bytes + pad + 4], &swap_bytes, sizeof (swap_bytes)); /* Process last bytes. */ md5_process_block (ctx->buffer, bytes + pad + 8, ctx); return md5_read_ctx (ctx, resbuf); } void md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx) { /* When we already have some bits in our internal buffer concatenate both inputs first. */ if (ctx->buflen != 0) { size_t left_over = ctx->buflen; size_t add = 128 - left_over > len ? len : 128 - left_over; memcpy (&ctx->buffer[left_over], buffer, add); ctx->buflen += add; if (left_over + add > 64) { md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx); /* The regions in the following copy operation cannot overlap. */ memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], (left_over + add) & 63); ctx->buflen = (left_over + add) & 63; } buffer = (const char *) buffer + add; len -= add; } /* Process available complete blocks. */ if (len > 64) { md5_process_block (buffer, len & ~63, ctx); buffer = (const char *) buffer + (len & ~63); len &= 63; } /* Move remaining bytes in internal buffer. */ if (len > 0) { memcpy (ctx->buffer, buffer, len); ctx->buflen = len; } } /* These are the four functions used in the four steps of the MD5 algorithm and defined in the RFC 1321. The first function is a little bit optimized (as found in Colin Plumbs public domain implementation). */ /* #define FF(b, c, d) ((b & c) | (~b & d)) */ #define FF(b, c, d) (d ^ (b & (c ^ d))) #define FG(b, c, d) FF (d, b, c) #define FH(b, c, d) (b ^ c ^ d) #define FI(b, c, d) (c ^ (b | ~d)) /* Process LEN bytes of BUFFER, accumulating context into CTX. It is assumed that LEN % 64 == 0. */ void md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx) { md5_uint32 correct_words[16]; const unsigned char *words = buffer; const unsigned char *endp = words + len; md5_uint32 A = ctx->A; md5_uint32 B = ctx->B; md5_uint32 C = ctx->C; md5_uint32 D = ctx->D; /* First increment the byte count. RFC 1321 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ ctx->total[0] += len; if (ctx->total[0] < len) ++ctx->total[1]; /* Process all bytes in the buffer with 64 bytes in each round of the loop. */ while (words < endp) { md5_uint32 *cwp = correct_words; md5_uint32 A_save = A; md5_uint32 B_save = B; md5_uint32 C_save = C; md5_uint32 D_save = D; /* First round: using the given function, the context and a constant the next context is computed. Because the algorithms processing unit is a 32-bit word and it is determined to work on words in little endian byte order we perhaps have to change the byte order before the computation. To reduce the work for the next steps we store the swapped words in the array CORRECT_WORDS. */ #define OP(a, b, c, d, s, T) \ do \ { \ md5_uint32 WORD_ = (md5_uint32)words[0] | ((md5_uint32)words[1] << 8) \ | ((md5_uint32)words[2] << 16) | ((md5_uint32)words[3] << 24); \ a += FF (b, c, d) + (*cwp++ = WORD_) + T; \ words += 4; \ CYCLIC (a, s); \ a += b; \ } \ while (0) /* It is unfortunate that C does not provide an operator for cyclic rotation. Hope the C compiler is smart enough. */ #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) /* Before we start, one word to the strange constants. They are defined in RFC 1321 as T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 */ /* Round 1. */ OP (A, B, C, D, 7, 0xd76aa478); OP (D, A, B, C, 12, 0xe8c7b756); OP (C, D, A, B, 17, 0x242070db); OP (B, C, D, A, 22, 0xc1bdceee); OP (A, B, C, D, 7, 0xf57c0faf); OP (D, A, B, C, 12, 0x4787c62a); OP (C, D, A, B, 17, 0xa8304613); OP (B, C, D, A, 22, 0xfd469501); OP (A, B, C, D, 7, 0x698098d8); OP (D, A, B, C, 12, 0x8b44f7af); OP (C, D, A, B, 17, 0xffff5bb1); OP (B, C, D, A, 22, 0x895cd7be); OP (A, B, C, D, 7, 0x6b901122); OP (D, A, B, C, 12, 0xfd987193); OP (C, D, A, B, 17, 0xa679438e); OP (B, C, D, A, 22, 0x49b40821); /* For the second to fourth round we have the possibly swapped words in CORRECT_WORDS. Redefine the macro to take an additional first argument specifying the function to use. */ #undef OP #define OP(f, a, b, c, d, k, s, T) \ do \ { \ a += f (b, c, d) + correct_words[k] + T; \ CYCLIC (a, s); \ a += b; \ } \ while (0) /* Round 2. */ OP (FG, A, B, C, D, 1, 5, 0xf61e2562); OP (FG, D, A, B, C, 6, 9, 0xc040b340); OP (FG, C, D, A, B, 11, 14, 0x265e5a51); OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); OP (FG, A, B, C, D, 5, 5, 0xd62f105d); OP (FG, D, A, B, C, 10, 9, 0x02441453); OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); OP (FG, D, A, B, C, 14, 9, 0xc33707d6); OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); OP (FG, B, C, D, A, 8, 20, 0x455a14ed); OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); OP (FG, C, D, A, B, 7, 14, 0x676f02d9); OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); /* Round 3. */ OP (FH, A, B, C, D, 5, 4, 0xfffa3942); OP (FH, D, A, B, C, 8, 11, 0x8771f681); OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); OP (FH, B, C, D, A, 14, 23, 0xfde5380c); OP (FH, A, B, C, D, 1, 4, 0xa4beea44); OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); OP (FH, B, C, D, A, 6, 23, 0x04881d05); OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); /* Round 4. */ OP (FI, A, B, C, D, 0, 6, 0xf4292244); OP (FI, D, A, B, C, 7, 10, 0x432aff97); OP (FI, C, D, A, B, 14, 15, 0xab9423a7); OP (FI, B, C, D, A, 5, 21, 0xfc93a039); OP (FI, A, B, C, D, 12, 6, 0x655b59c3); OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); OP (FI, C, D, A, B, 10, 15, 0xffeff47d); OP (FI, B, C, D, A, 1, 21, 0x85845dd1); OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); OP (FI, C, D, A, B, 6, 15, 0xa3014314); OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); OP (FI, A, B, C, D, 4, 6, 0xf7537e82); OP (FI, D, A, B, C, 11, 10, 0xbd3af235); OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); OP (FI, B, C, D, A, 9, 21, 0xeb86d391); /* Add the starting values of the context. */ A += A_save; B += B_save; C += C_save; D += D_save; } /* Put checksum in context given as argument. */ ctx->A = A; ctx->B = B; ctx->C = C; ctx->D = D; } #else /* HAVE_OPENSSL */ struct ne_md5_ctx *ne_md5_create_ctx(void) { struct ne_md5_ctx *ctx = ne_malloc(sizeof *ctx); if (MD5_Init(&ctx->ctx) != 1) { ne_free(ctx); return NULL; } return ctx; } void ne_md5_process_block(const void *buffer, size_t len, struct ne_md5_ctx *ctx) { MD5_Update(&ctx->ctx, buffer, len); } void ne_md5_process_bytes(const void *buffer, size_t len, struct ne_md5_ctx *ctx) { MD5_Update(&ctx->ctx, buffer, len); } void *ne_md5_finish_ctx(struct ne_md5_ctx *ctx, void *resbuf) { MD5_Final(resbuf, &ctx->ctx); return resbuf; } struct ne_md5_ctx *ne_md5_dup_ctx(struct ne_md5_ctx *ctx) { return memcpy(ne_malloc(sizeof *ctx), ctx, sizeof *ctx); } void ne_md5_reset_ctx(struct ne_md5_ctx *ctx) { MD5_Init(&ctx->ctx); } void ne_md5_destroy_ctx(struct ne_md5_ctx *ctx) { ne_free(ctx); } #endif /* HAVE_OPENSSL */ /* Put result from CTX in first 16 bytes following RESBUF. The result must be in little endian byte order. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ void * md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) { #ifdef HAVE_OPENSSL #define SWAP_CTX(x) SWAP(ctx->ctx.x) #else #define SWAP_CTX(x) SWAP(ctx->x) #endif ((md5_uint32 *) resbuf)[0] = SWAP_CTX (A); ((md5_uint32 *) resbuf)[1] = SWAP_CTX (B); ((md5_uint32 *) resbuf)[2] = SWAP_CTX (C); ((md5_uint32 *) resbuf)[3] = SWAP_CTX (D); return resbuf; } /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ int md5_stream (FILE *stream, void *resblock) { /* Important: BLOCKSIZE must be a multiple of 64. */ #define BLOCKSIZE 4096 struct ne_md5_ctx *ctx; char buffer[BLOCKSIZE + 72]; size_t sum; /* Initialize the computation context. */ ctx = ne_md5_create_ctx (); /* Iterate over full file contents. */ while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the computation function processes the whole buffer so that with the next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ do { n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); sum += n; } while (sum < BLOCKSIZE && n != 0); if (n == 0 && ferror (stream)) return 1; /* If end of file is reached, end the loop. */ if (n == 0) break; /* Process buffer with BLOCKSIZE bytes. Note that BLOCKSIZE % 64 == 0 */ md5_process_block (buffer, BLOCKSIZE, ctx); } /* Add the last bytes if necessary. */ if (sum > 0) md5_process_bytes (buffer, sum, ctx); /* Construct result in desired memory. */ md5_finish_ctx (ctx, resblock); ne_md5_destroy_ctx (ctx); return 0; } /* Writes the ASCII representation of the MD5 digest into the * given buffer, which must be at least 33 characters long. */ void ne_md5_to_ascii(const unsigned char md5_buf[16], char *buffer) { int count; for (count = 0; count<16; count++) { buffer[count*2] = NE_HEX2ASC(md5_buf[count] >> 4); buffer[count*2+1] = NE_HEX2ASC(md5_buf[count] & 0x0f); } buffer[32] = '\0'; } /* Reads the ASCII representation of an MD5 digest. The buffer must * be at least 32 characters long. */ void ne_ascii_to_md5(const char *buffer, unsigned char md5_buf[16]) { int count; for (count = 0; count<16; count++) { md5_buf[count] = ((NE_ASC2HEX(buffer[count*2])) << 4) | NE_ASC2HEX(buffer[count*2+1]); } } char *ne_md5_finish_ascii(struct ne_md5_ctx *ctx, char buffer[33]) { md5_uint32 result[4]; ne_md5_finish_ctx(ctx, (void *)result); ne_md5_to_ascii((void *)result, buffer); return buffer; } neon-0.32.2/src/ne_md5.h000066400000000000000000000076521416727304000146620ustar00rootroot00000000000000/* Declaration of functions and data types used for MD5 sum computing library functions. Copyright (C) 2021, Joe Orton Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. The GNU C Library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with the GNU C Library; see the file COPYING.LIB. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef NE_MD5_H #define NE_MD5_H 1 #include #include "ne_defs.h" NE_BEGIN_DECLS /* * The following three functions are build up the low level used in * the functions `md5_stream' and `md5_buffer'. */ struct ne_md5_ctx; /* Create structure containing state of computation. Can return NULL * if the MD5 algorithm is prohibited (such as FIPS-enabled * systems). */ extern struct ne_md5_ctx *ne_md5_create_ctx(void); /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is necessary that LEN is a multiple of 64!!! */ extern void ne_md5_process_block(const void *buffer, size_t len, struct ne_md5_ctx *ctx); /* Starting with the result of former calls of this function (or the initialization function update the context for the next LEN bytes starting at BUFFER. It is NOT required that LEN is a multiple of 64. */ extern void ne_md5_process_bytes(const void *buffer, size_t len, struct ne_md5_ctx *ctx); /* Process the remaining bytes in the buffer and put result from CTX in first 16 bytes following RESBUF. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ extern void *ne_md5_finish_ctx(struct ne_md5_ctx *ctx, void *resbuf); /* Put result from CTX in first 16 bytes following RESBUF. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message digest. IMPORTANT: On some systems it is required that RESBUF is correctly aligned for a 32 bits value. */ extern void *ne_md5_read_ctx(const struct ne_md5_ctx *ctx, void *resbuf); /* Take a copy of the state structure. */ extern struct ne_md5_ctx *ne_md5_dup_ctx(struct ne_md5_ctx *ctx); /* Re-initialize the context structure. */ extern void ne_md5_reset_ctx(struct ne_md5_ctx *ctx); /* Destroy the context structure. */ extern void ne_md5_destroy_ctx(struct ne_md5_ctx *ctx); /* Compute MD5 message digest for bytes read from STREAM. The resulting message digest number will be written into the 16 bytes beginning at RESBLOCK. */ extern int ne_md5_stream(FILE *stream, void *resblock); /* Process the remaining bytes in the buffer and put ASCII representation of the resulting message digest from CTX in the first 33 bytes of BUFFER, including a trailing NUL terminator byte. Returns pointer to buffer. */ char *ne_md5_finish_ascii(struct ne_md5_ctx *ctx, char buffer[33]); /* MD5 ascii->binary conversion */ void ne_md5_to_ascii(const unsigned char md5_buf[16], char *buffer); void ne_ascii_to_md5(const char *buffer, unsigned char md5_buf[16]); NE_END_DECLS #endif /* NE_MD5_H */ neon-0.32.2/src/ne_ntlm.c000066400000000000000000000476041416727304000151430ustar00rootroot00000000000000/* Handling of NTLM Authentication Copyright (C) 2003, Daniel Stenberg Copyright (C) 2009, Kai Sommerfeld This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* NTLM details: http://davenport.sourceforge.net/ntlm.html http://www.innovation.ch/java/ntlm.html */ #include "ne_ntlm.h" #ifdef HAVE_NTLM #include "ne_string.h" typedef enum { NTLMSTATE_NONE, NTLMSTATE_TYPE1, NTLMSTATE_TYPE2, NTLMSTATE_TYPE3, NTLMSTATE_LAST } NTLMState; struct ne_ntlm_context_s { NTLMState state; unsigned char nonce[8]; char *user; char *passwd; char *requestToken; }; typedef enum { NTLM_NONE, /* not a ntlm */ NTLM_BAD, /* an ntlm, but one we don't like */ NTLM_FIRST, /* the first 401-reply we got with NTLM */ NTLM_FINE, /* an ntlm we act on */ NTLM_LAST /* last entry in this enum, don't use */ } ntlm; /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ #define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) /* Indicates that Unicode strings are supported for use in security buffer data. */ #define NTLMFLAG_NEGOTIATE_OEM (1<<1) /* Indicates that OEM strings are supported for use in security buffer data. */ #define NTLMFLAG_REQUEST_TARGET (1<<2) /* Requests that the server's authentication realm be included in the Type 2 message. */ /* unknown (1<<3) */ #define NTLMFLAG_NEGOTIATE_SIGN (1<<4) /* Specifies that authenticated communication between the client and server should carry a digital signature (message integrity). */ #define NTLMFLAG_NEGOTIATE_SEAL (1<<5) /* Specifies that authenticated communication between the client and server should be encrypted (message confidentiality). */ #define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) /* unknown purpose */ #define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) /* Indicates that the LAN Manager session key should be used for signing and sealing authenticated communications. */ #define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) /* unknown purpose */ #define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) /* Indicates that NTLM authentication is being used. */ /* unknown (1<<10) */ /* unknown (1<<11) */ #define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) /* Sent by the client in the Type 1 message to indicate that a desired authentication realm is included in the message. */ #define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) /* Sent by the client in the Type 1 message to indicate that the client workstation's name is included in the message. */ #define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) /* Sent by the server to indicate that the server and client are on the same machine. Implies that the client may use a pre-established local security context rather than responding to the challenge. */ #define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) /* Indicates that authenticated communication between the client and server should be signed with a "dummy" signature. */ #define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) /* Sent by the server in the Type 2 message to indicate that the target authentication realm is a domain. */ #define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) /* Sent by the server in the Type 2 message to indicate that the target authentication realm is a server. */ #define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) /* Sent by the server in the Type 2 message to indicate that the target authentication realm is a share. Presumably, this is for share-level authentication. Usage is unclear. */ #define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) /* Indicates that the NTLM2 signing and sealing scheme should be used for protecting authenticated communications. */ #define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) /* unknown purpose */ #define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) /* unknown purpose */ #define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) /* unknown purpose */ #define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) /* Sent by the server in the Type 2 message to indicate that it is including a Target Information block in the message. */ /* unknown (1<24) */ /* unknown (1<25) */ /* unknown (1<26) */ /* unknown (1<27) */ /* unknown (1<28) */ #define NTLMFLAG_NEGOTIATE_128 (1<<29) /* Indicates that 128-bit encryption is supported. */ #define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) /* unknown purpose */ #define NTLMFLAG_NEGOTIATE_56 (1<<31) /* Indicates that 56-bit encryption is supported. */ #ifdef HAVE_OPENSSL /* We need OpenSSL for the crypto lib to provide us with MD4 and DES */ /* -- WIN32 approved -- */ #include #include #include #include #include #include #include #include #if OPENSSL_VERSION_NUMBER < 0x00907001L #define DES_key_schedule des_key_schedule #define DES_cblock des_cblock #define DES_set_odd_parity des_set_odd_parity #define DES_set_key des_set_key #define DES_ecb_encrypt des_ecb_encrypt /* This is how things were done in the old days */ #define DESKEY(x) x #define DESKEYARG(x) x #else /* Modern version */ #define DESKEYARG(x) *x #define DESKEY(x) &x #endif /* Define this to make the type-3 message include the NT response message */ #define USE_NTRESPONSES 1 /* (*) = A "security buffer" is a triplet consisting of two shorts and one long: 1. a 'short' containing the length of the buffer in bytes 2. a 'short' containing the allocated space for the buffer in bytes 3. a 'long' containing the offset to the start of the buffer from the beginning of the NTLM message, in bytes. */ static ntlm ne_input_ntlm(ne_ntlm_context *ctx, const char *responseToken) { if(responseToken) { /* We got a type-2 message here: Index Description Content 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" (0x4e544c4d53535000) 8 NTLM Message Type long (0x02000000) 12 Target Name security buffer(*) 20 Flags long 24 Challenge 8 bytes (32) Context (optional) 8 bytes (two consecutive longs) (40) Target Information (optional) security buffer(*) 32 (48) start of data block */ unsigned char * buffer = NULL; int size = ne_unbase64(responseToken, &buffer); ctx->state = NTLMSTATE_TYPE2; /* we got a type-2 */ if(size >= 48) /* the nonce of interest is index [24 .. 31], 8 bytes */ memcpy(ctx->nonce, &buffer[24], 8); /* at index decimal 20, there's a 32bit NTLM flag field */ if (buffer) ne_free(buffer); } else { if(ctx->state >= NTLMSTATE_TYPE1) return NTLM_BAD; ctx->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ } return NTLM_FINE; } /* * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The * key schedule ks is also set. */ static void setup_des_key(unsigned char *key_56, DES_key_schedule DESKEYARG(ks)) { DES_cblock key; key[0] = key_56[0]; key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); key[7] = (key_56[6] << 1) & 0xFF; DES_set_odd_parity(&key); DES_set_key(&key, ks); } /* * takes a 21 byte array and treats it as 3 56-bit DES keys. The * 8 byte plaintext is encrypted with each key and the resulting 24 * bytes are stored in the results array. */ static void calc_resp(unsigned char *keys, unsigned char *plaintext, unsigned char *results) { DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, DESKEY(ks), DES_ENCRYPT); setup_des_key(keys+7, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8), DESKEY(ks), DES_ENCRYPT); setup_des_key(keys+14, DESKEY(ks)); DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16), DESKEY(ks), DES_ENCRYPT); } /* * Set up lanmanager and nt hashed passwords */ static void mkhash(char *password, unsigned char *nonce, /* 8 bytes */ unsigned char *lmresp /* must fit 0x18 bytes */ #ifdef USE_NTRESPONSES , unsigned char *ntresp /* must fit 0x18 bytes */ #endif ) { unsigned char lmbuffer[21]; #ifdef USE_NTRESPONSES unsigned char ntbuffer[21]; #endif unsigned char *pw; static const unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }; int i; int len = strlen(password); /* make it fit at least 14 bytes */ pw = ne_malloc(len<7?14:len*2); if(!pw) return; /* this will lead to a badly generated package */ if (len > 14) len = 14; for (i=0; i> 8) #define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \ (((x) >>16)&0xff), ((x)>>24) /* this is for creating ntlm header output */ static int ne_output_ntlm(ne_ntlm_context *ctx) { const char *domain=""; /* empty */ const char *host=""; /* empty */ int domlen=strlen(domain); int hostlen = strlen(host); int hostoff; /* host name offset */ int domoff; /* domain name offset */ int size; unsigned char ntlmbuf[256]; /* enough, unless the host/domain is very long */ if(!ctx->user || !ctx->passwd) /* no user, no auth */ return 0; /* OK */ switch(ctx->state) { case NTLMSTATE_TYPE1: default: /* for the weird cases we (re)start here */ hostoff = 32; domoff = hostoff + hostlen; /* Create and send a type-1 message: Index Description Content 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" (0x4e544c4d53535000) 8 NTLM Message Type long (0x01000000) 12 Flags long 16 Supplied Domain security buffer(*) 24 Supplied Workstation security buffer(*) 32 start of data block */ ne_snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c" "\x01%c%c%c" /* 32-bit type = 1 */ "%c%c%c%c" /* 32-bit NTLM flag field */ "%c%c" /* domain length */ "%c%c" /* domain allocated space */ "%c%c" /* domain name offset */ "%c%c" /* 2 zeroes */ "%c%c" /* host length */ "%c%c" /* host allocated space */ "%c%c" /* host name offset */ "%c%c" /* 2 zeroes */ "%s" /* host name */ "%s", /* domain string */ 0, /* trailing zero */ 0,0,0, /* part of type-1 long */ LONGQUARTET( NTLMFLAG_NEGOTIATE_OEM| /* 2 */ NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */ /* equals 0x0202 */ ), SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), 0,0, SHORTPAIR(hostlen), SHORTPAIR(hostlen), SHORTPAIR(hostoff), 0,0, host, domain); /* initial packet length */ size = 32 + hostlen + domlen; /* now keeper of the base64 encoded package size */ if (ctx->requestToken) ne_free(ctx->requestToken); ctx->requestToken = ne_base64(ntlmbuf, size); break; case NTLMSTATE_TYPE2: /* We received the type-2 already, create a type-3 message: Index Description Content 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" (0x4e544c4d53535000) 8 NTLM Message Type long (0x03000000) 12 LM/LMv2 Response security buffer(*) 20 NTLM/NTLMv2 Response security buffer(*) 28 Domain Name security buffer(*) 36 User Name security buffer(*) 44 Workstation Name security buffer(*) (52) Session Key (optional) security buffer(*) (60) Flags (optional) long 52 (64) start of data block */ { int lmrespoff; int ntrespoff; int useroff; unsigned char lmresp[0x18]; /* fixed-size */ #ifdef USE_NTRESPONSES unsigned char ntresp[0x18]; /* fixed-size */ #endif const char *user; int userlen; user = strchr(ctx->user, '\\'); if(!user) user = strchr(ctx->user, '/'); if (user) { domain = ctx->user; domlen = user - domain; user++; } else user = ctx->user; userlen = strlen(user); mkhash(ctx->passwd, &ctx->nonce[0], lmresp #ifdef USE_NTRESPONSES , ntresp #endif ); domoff = 64; /* always */ useroff = domoff + domlen; hostoff = useroff + userlen; lmrespoff = hostoff + hostlen; ntrespoff = lmrespoff + 0x18; /* Create the big type-3 message binary blob */ ne_snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c" "\x03%c%c%c" /* type-3, 32 bits */ "%c%c%c%c" /* LanManager length + allocated space */ "%c%c" /* LanManager offset */ "%c%c" /* 2 zeroes */ "%c%c" /* NT-response length */ "%c%c" /* NT-response allocated space */ "%c%c" /* NT-response offset */ "%c%c" /* 2 zeroes */ "%c%c" /* domain length */ "%c%c" /* domain allocated space */ "%c%c" /* domain name offset */ "%c%c" /* 2 zeroes */ "%c%c" /* user length */ "%c%c" /* user allocated space */ "%c%c" /* user offset */ "%c%c" /* 2 zeroes */ "%c%c" /* host length */ "%c%c" /* host allocated space */ "%c%c" /* host offset */ "%c%c%c%c%c%c" /* 6 zeroes */ "\xff\xff" /* message length */ "%c%c" /* 2 zeroes */ "\x01\x82" /* flags */ "%c%c" /* 2 zeroes */ /* domain string */ /* user string */ /* host string */ /* LanManager response */ /* NT response */ , 0, /* zero termination */ 0,0,0, /* type-3 long, the 24 upper bits */ SHORTPAIR(0x18), /* LanManager response length, twice */ SHORTPAIR(0x18), SHORTPAIR(lmrespoff), 0x0, 0x0, #ifdef USE_NTRESPONSES SHORTPAIR(0x18), /* NT-response length, twice */ SHORTPAIR(0x18), #else 0x0, 0x0, 0x0, 0x0, #endif SHORTPAIR(ntrespoff), 0x0, 0x0, SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), 0x0, 0x0, SHORTPAIR(userlen), SHORTPAIR(userlen), SHORTPAIR(useroff), 0x0, 0x0, SHORTPAIR(hostlen), SHORTPAIR(hostlen), SHORTPAIR(hostoff), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0); /* size is now 64 */ size=64; ntlmbuf[62]=ntlmbuf[63]=0; /* Make sure that the user and domain strings fit in the target buffer before we copy them there. */ if((size_t)size + userlen + domlen >= sizeof(ntlmbuf)) { return -1; } memcpy(&ntlmbuf[size], domain, domlen); size += domlen; memcpy(&ntlmbuf[size], user, userlen); size += userlen; /* we append the binary hashes to the end of the blob */ if(size < ((int)sizeof(ntlmbuf) - 0x18)) { memcpy(&ntlmbuf[size], lmresp, 0x18); size += 0x18; } #ifdef USE_NTRESPONSES if(size < ((int)sizeof(ntlmbuf) - 0x18)) { memcpy(&ntlmbuf[size], ntresp, 0x18); size += 0x18; } #endif ntlmbuf[56] = size & 0xff; ntlmbuf[57] = size >> 8; /* convert the binary blob into base64 */ ctx->requestToken = ne_base64(ntlmbuf, size); ctx->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ } break; case NTLMSTATE_TYPE3: /* connection is already authenticated, * don't send a header in future requests */ if (ctx->requestToken) ne_free(ctx->requestToken); ctx->requestToken = NULL; break; } return 0; /* OK */ } ne_ntlm_context *ne__ntlm_create_context(const char *userName, const char *password) { ne_ntlm_context *ctx = ne_calloc(sizeof(ne_ntlm_context)); ctx->state = NTLMSTATE_NONE; ctx->user = ne_strdup(userName); ctx->passwd = ne_strdup(password); return ctx; } void ne__ntlm_destroy_context(ne_ntlm_context *context) { if (context->user) ne_free(context->user); if (context->passwd) ne_free(context->passwd); if (context->requestToken) ne_free(context->requestToken); ne_free(context); } int ne__ntlm_authenticate(ne_ntlm_context *context, const char *responseToken) { if (context == NULL) { return -1; } else { if (!responseToken && (context->state == NTLMSTATE_TYPE3)) context->state = NTLMSTATE_NONE; if (context->state <= NTLMSTATE_TYPE3) { ntlm ntlmstatus = ne_input_ntlm(context, responseToken); if (ntlmstatus != NTLM_FINE) { return -1; } } } return ne_output_ntlm(context); } char *ne__ntlm_getRequestToken(ne_ntlm_context *context) { char *ret; if (context == NULL || !context->requestToken) { return NULL; } ret = ne_strdup(context->requestToken); ne_free(context->requestToken); context->requestToken = NULL; return ret; } #endif /* HAVE_OPENSSL */ #endif /* HAVE_NTLM */ neon-0.32.2/src/ne_ntlm.h000066400000000000000000000027211416727304000151370ustar00rootroot00000000000000/* Handling of NTLM Authentication Copyright (C) 2009, Kai Sommerfeld This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_NTLM_H #define NE_NTLM_H #include "config.h" /* PRIVATE TO NEON -- NOT PART OF THE EXTERNAL API. */ #ifdef HAVE_NTLM #include "ne_defs.h" typedef struct ne_ntlm_context_s ne_ntlm_context; NE_PRIVATE ne_ntlm_context *ne__ntlm_create_context(const char *userName, const char *password); NE_PRIVATE int ne__ntlm_clear_context(ne_ntlm_context *context); NE_PRIVATE void ne__ntlm_destroy_context(ne_ntlm_context *context); NE_PRIVATE int ne__ntlm_authenticate(ne_ntlm_context *context, const char *responseToken); NE_PRIVATE char *ne__ntlm_getRequestToken(ne_ntlm_context *context); #endif /* HAVE_NTLM */ #endif /* NE_NTLM_H */ neon-0.32.2/src/ne_oldacl.c000066400000000000000000000067621416727304000154270ustar00rootroot00000000000000/* Access control Copyright (C) 2001-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* Contributed by Arun Garg */ #include "config.h" #include #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include "ne_request.h" #include "ne_locks.h" #include "ne_alloc.h" #include "ne_string.h" #include "ne_acl.h" #include "ne_uri.h" #include "ne_xml.h" /* for NE_XML_MEDIA_TYPE */ #define EOL "\r\n" static ne_buffer *acl_body(const ne_acl_entry *right, int count) { ne_buffer *body = ne_buffer_create(); int m; ne_buffer_zappend(body, "" EOL "" EOL); for (m = 0; m < count; m++) { const char *type; type = (right[m].type == ne_acl_grant ? "grant" : "deny"); ne_buffer_concat(body, "" EOL "", NULL); switch (right[m].apply) { case ne_acl_all: ne_buffer_zappend(body, "" EOL); break; case ne_acl_property: ne_buffer_concat(body, "<", right[m].principal, "/>" EOL, NULL); break; case ne_acl_href: ne_buffer_concat(body, "", right[m].principal, "" EOL, NULL); break; } ne_buffer_concat(body, "" EOL "<", type, ">" EOL, NULL); if (right[m].read == 0) ne_buffer_concat(body, "" "" "" EOL, NULL); if (right[m].read_acl == 0) ne_buffer_concat(body, "" "" "" EOL, NULL); if (right[m].write == 0) ne_buffer_concat(body, "" "" "" EOL, NULL); if (right[m].write_acl == 0) ne_buffer_concat(body, "" "" "" EOL, NULL); if (right[m].read_cuprivset == 0) ne_buffer_concat(body, "" "" "" EOL, NULL); ne_buffer_concat(body, "" EOL, NULL); ne_buffer_zappend(body, "" EOL); } ne_buffer_zappend(body, "" EOL); return body; } int ne_acl_set(ne_session *sess, const char *uri, const ne_acl_entry *entries, int numentries) { int ret; ne_request *req = ne_request_create(sess, "ACL", uri); ne_buffer *body = acl_body(entries, numentries); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, uri, 0); #endif ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); ret = ne_request_dispatch(req); ne_buffer_destroy(body); if (ret == NE_OK && ne_get_status(req)->code == 207) { ret = NE_ERROR; } ne_request_destroy(req); return ret; } neon-0.32.2/src/ne_openssl.c000066400000000000000000001151631416727304000156500ustar00rootroot00000000000000/* neon SSL/TLS support using OpenSSL Copyright (C) 2002-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #ifdef HAVE_STRING_H #include #endif #include #include #include #include #include #include #include #include #ifdef NE_HAVE_TS_SSL #include /* for abort() */ #ifndef _WIN32 #include #endif #endif #include "ne_ssl.h" #include "ne_string.h" #include "ne_session.h" #include "ne_internal.h" #include "ne_md5.h" #include "ne_private.h" #include "ne_privssl.h" /* OpenSSL 0.9.6 compatibility */ #if OPENSSL_VERSION_NUMBER < 0x0090700fL #define PKCS12_unpack_authsafes M_PKCS12_unpack_authsafes #define PKCS12_unpack_p7data M_PKCS12_unpack_p7data /* cast away lack of const-ness */ #define OBJ_cmp(a,b) OBJ_cmp((ASN1_OBJECT *)(a), (ASN1_OBJECT *)(b)) #endif /* Second argument for d2i_X509() changed type in 0.9.8. */ #if OPENSSL_VERSION_NUMBER < 0x0090800fL typedef unsigned char ne_d2i_uchar; #else typedef const unsigned char ne_d2i_uchar; #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L #define X509_get0_notBefore X509_get_notBefore #define X509_get0_notAfter X509_get_notAfter #define X509_up_ref(x) x->references++ #define EVP_PKEY_up_ref(x) x->references++ #define EVP_MD_CTX_new() ne_calloc(sizeof(EVP_MD_CTX)) #define EVP_MD_CTX_free(ctx) ne_free(ctx) #define EVP_MD_CTX_reset EVP_MD_CTX_cleanup #define EVP_PKEY_get0_RSA(evp) (evp->pkey.rsa) #endif struct ne_ssl_dname_s { X509_NAME *dn; }; struct ne_ssl_certificate_s { ne_ssl_dname subj_dn, issuer_dn; X509 *subject; ne_ssl_certificate *issuer; char *identity; }; struct ne_ssl_client_cert_s { PKCS12 *p12; int decrypted; /* non-zero if successfully decrypted. */ ne_ssl_certificate cert; EVP_PKEY *pkey; char *friendly_name; }; #define NE_SSL_UNHANDLED (0x20) /* failure bit for unhandled case. */ /* Append an ASN.1 DirectoryString STR to buffer BUF as UTF-8. * Returns zero on success or non-zero on error. */ static int append_dirstring(ne_buffer *buf, ASN1_STRING *str) { unsigned char *tmp = (unsigned char *)""; /* initialize to workaround 0.9.6 bug */ int len; switch (str->type) { case V_ASN1_IA5STRING: /* definitely ASCII */ case V_ASN1_VISIBLESTRING: /* probably ASCII */ case V_ASN1_PRINTABLESTRING: /* subset of ASCII */ ne_buffer_qappend(buf, str->data, str->length); break; case V_ASN1_UTF8STRING: /* Fail for embedded NUL bytes. */ if (strlen((char *)str->data) != (size_t)str->length) { return -1; } ne_buffer_append(buf, (char *)str->data, str->length); break; case V_ASN1_UNIVERSALSTRING: case V_ASN1_T61STRING: /* let OpenSSL convert it as ISO-8859-1 */ case V_ASN1_BMPSTRING: len = ASN1_STRING_to_UTF8(&tmp, str); if (len > 0) { /* Fail if there were embedded NUL bytes. */ if (strlen((char *)tmp) != (size_t)len) { OPENSSL_free(tmp); return -1; } else { ne_buffer_append(buf, (char *)tmp, len); OPENSSL_free(tmp); } break; } else { ERR_clear_error(); return -1; } break; default: NE_DEBUG(NE_DBG_SSL, "Could not convert DirectoryString type %d\n", str->type); return -1; } return 0; } /* Returns a malloc-allocated version of IA5 string AS, escaped for * safety. */ static char *dup_ia5string(const ASN1_IA5STRING *as) { return ne_strnqdup(as->data, as->length); } char *ne_ssl_readable_dname(const ne_ssl_dname *name) { int n, flag = 0; ne_buffer *dump = ne_buffer_create(); const ASN1_OBJECT * const cname = OBJ_nid2obj(NID_commonName), * const email = OBJ_nid2obj(NID_pkcs9_emailAddress); for (n = X509_NAME_entry_count(name->dn); n > 0; n--) { X509_NAME_ENTRY *ent = X509_NAME_get_entry(name->dn, n-1); ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(ent); /* Skip commonName or emailAddress except if there is no other * attribute in dname. */ if ((OBJ_cmp(obj, cname) && OBJ_cmp(obj, email)) || (!flag && n == 1)) { if (flag++) ne_buffer_append(dump, ", ", 2); if (append_dirstring(dump, X509_NAME_ENTRY_get_data(ent))) ne_buffer_czappend(dump, "???"); } } return ne_buffer_finish(dump); } int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2) { return X509_NAME_cmp(dn1->dn, dn2->dn); } void ne_ssl_clicert_free(ne_ssl_client_cert *cc) { if (cc->p12) PKCS12_free(cc->p12); if (cc->decrypted) { if (cc->cert.identity) ne_free(cc->cert.identity); EVP_PKEY_free(cc->pkey); X509_free(cc->cert.subject); } if (cc->friendly_name) ne_free(cc->friendly_name); ne_free(cc); } /* Format an ASN1 time to a string. 'buf' must be at least of size * 'NE_SSL_VDATELEN'. */ static time_t asn1time_to_timet(const ASN1_TIME *atm) { struct tm tm = {0}; int i = atm->length; if (i < 10) return (time_t )-1; tm.tm_year = (atm->data[0]-'0') * 10 + (atm->data[1]-'0'); /* Deal with Year 2000 */ if (tm.tm_year < 70) tm.tm_year += 100; tm.tm_mon = (atm->data[2]-'0') * 10 + (atm->data[3]-'0') - 1; tm.tm_mday = (atm->data[4]-'0') * 10 + (atm->data[5]-'0'); tm.tm_hour = (atm->data[6]-'0') * 10 + (atm->data[7]-'0'); tm.tm_min = (atm->data[8]-'0') * 10 + (atm->data[9]-'0'); tm.tm_sec = (atm->data[10]-'0') * 10 + (atm->data[11]-'0'); #ifdef HAVE_TIMEZONE /* ANSI C time handling is... interesting. */ return mktime(&tm) - timezone; #else return mktime(&tm); #endif } void ne_ssl_cert_validity_time(const ne_ssl_certificate *cert, time_t *from, time_t *until) { if (from) { *from = asn1time_to_timet(X509_get0_notBefore(cert->subject)); } if (until) { *until = asn1time_to_timet(X509_get0_notAfter(cert->subject)); } } /* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. Logic specified by RFC 2818 and RFC 3280. */ static int check_identity(const ne_uri *server, X509 *cert, char **identity) { STACK_OF(GENERAL_NAME) *names; int match = 0, found = 0; const char *hostname; hostname = server ? server->host : ""; names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); if (names) { int n; /* subjectAltName contains a sequence of GeneralNames */ for (n = 0; n < sk_GENERAL_NAME_num(names) && !match; n++) { GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, n); /* handle dNSName and iPAddress name extensions only. */ if (nm->type == GEN_DNS) { char *name = dup_ia5string(nm->d.ia5); if (identity && !found) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, strlen(name), hostname); ne_free(name); found = 1; } else if (nm->type == GEN_IPADD) { /* compare IP address with server IP address. */ ne_inet_addr *ia; if (nm->d.ip->length == 4) ia = ne_iaddr_make(ne_iaddr_ipv4, nm->d.ip->data); else if (nm->d.ip->length == 16) ia = ne_iaddr_make(ne_iaddr_ipv6, nm->d.ip->data); else ia = NULL; /* ne_iaddr_make returns NULL if address type is unsupported */ if (ia != NULL) { /* address type was supported. */ char buf[128]; match = strcmp(hostname, ne_iaddr_print(ia, buf, sizeof buf)) == 0; found = 1; ne_iaddr_free(ia); } else { NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported " "address type (length %d), skipped.\n", nm->d.ip->length); } } else if (nm->type == GEN_URI) { char *name = dup_ia5string(nm->d.ia5); ne_uri uri; if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) { ne_uri tmp; if (identity && !found) *identity = ne_strdup(name); found = 1; if (server) { /* For comparison purposes, all that matters is * host, scheme and port; ignore the rest. */ memset(&tmp, 0, sizeof tmp); tmp.host = uri.host; tmp.scheme = uri.scheme; tmp.port = uri.port; match = ne_uri_cmp(server, &tmp) == 0; } } ne_uri_free(&uri); ne_free(name); } } /* free the whole stack. */ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); } /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { X509_NAME *subj = X509_get_subject_name(cert); X509_NAME_ENTRY *entry; ne_buffer *cname = ne_buffer_ncreate(30); int idx = -1, lastidx; /* find the most specific commonName attribute. */ do { lastidx = idx; idx = X509_NAME_get_index_by_NID(subj, NID_commonName, lastidx); } while (idx >= 0); if (lastidx < 0) { /* no commonName attributes at all. */ ne_buffer_destroy(cname); return -1; } /* extract the string from the entry */ entry = X509_NAME_get_entry(subj, lastidx); if (append_dirstring(cname, X509_NAME_ENTRY_get_data(entry))) { ne_buffer_destroy(cname); return -1; } if (identity) *identity = ne_strdup(cname->data); match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname); ne_buffer_destroy(cname); } NE_DEBUG(NE_DBG_SSL, "Identity match for '%s': %s\n", hostname, match ? "good" : "bad"); return match ? 0 : 1; } /* Populate an ne_ssl_certificate structure from an X509 object. */ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, X509 *x5) { cert->subj_dn.dn = X509_get_subject_name(x5); cert->issuer_dn.dn = X509_get_issuer_name(x5); cert->issuer = NULL; cert->subject = x5; /* Retrieve the cert identity; pass a dummy hostname to match. */ cert->identity = NULL; check_identity(NULL, x5, &cert->identity); return cert; } /* OpenSSL cert verification callback. This is invoked for *each* * error which is encountered whilst verifying the cert chain; multiple * invocations for any particular cert in the chain are possible. */ static int verify_callback(int ok, X509_STORE_CTX *ctx) { /* OpenSSL, living in its own little happy world of global state, * where userdata was just a twinkle in the eye of an API designer * yet to be born. Or... "Seriously, wtf?" */ SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); ne_session *sess = SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); int failures = 0; /* If there's no error, nothing to do here. */ if (ok) return ok; NE_DEBUG(NE_DBG_SSL, "ssl: Verify callback @ %d => %d\n", depth, err); /* Map the error code onto any of the exported cert validation * errors, if possible. */ switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_CERT_UNTRUSTED: case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: failures |= NE_SSL_UNTRUSTED; break; case X509_V_ERR_CERT_NOT_YET_VALID: failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_NOTYETVALID; break; case X509_V_ERR_CERT_HAS_EXPIRED: failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_EXPIRED; break; case X509_V_OK: break; default: /* Clear the failures bitmask so check_certificate knows this * is a bailout. */ sess->ssl_context->failures |= NE_SSL_UNHANDLED; NE_DEBUG(NE_DBG_SSL, "ssl: Unhandled verification error %d -> %s\n", err, X509_verify_cert_error_string(err)); return 0; } sess->ssl_context->failures |= failures; NE_DEBUG(NE_DBG_SSL, "ssl: Verify failures |= %d => %d\n", failures, sess->ssl_context->failures); return 1; } /* Return a linked list of certificate objects from an OpenSSL chain. */ static ne_ssl_certificate *make_chain(STACK_OF(X509) *chain) { int n, count = sk_X509_num(chain); ne_ssl_certificate *top = NULL, *current = NULL; NE_DEBUG(NE_DBG_SSL, "Chain depth: %d\n", count); for (n = 0; n < count; n++) { ne_ssl_certificate *cert = ne_malloc(sizeof *cert); populate_cert(cert, X509_dup(sk_X509_value(chain, n))); #ifdef NE_DEBUGGING if (ne_debug_mask & NE_DBG_SSL) { fprintf(ne_debug_stream, "Cert #%d:\n", n); X509_print_fp(ne_debug_stream, cert->subject); } #endif if (top == NULL) { current = top = cert; } else { current->issuer = cert; current = cert; } } return top; } /* Verifies an SSL server certificate. */ static int check_certificate(ne_session *sess, SSL *ssl, ne_ssl_certificate *chain) { X509 *cert = chain->subject; int ret, failures = sess->ssl_context->failures; ne_uri server; /* If the verification callback hit a case which can't be mapped * to one of the exported error bits, it's treated as a hard * failure rather than invoking the callback, which can't present * a useful error to the user. "Um, something is wrong. OK?" */ if (failures & NE_SSL_UNHANDLED) { long result = SSL_get_verify_result(ssl); ne_set_error(sess, _("Certificate verification error: %s"), X509_verify_cert_error_string(result)); return NE_ERROR; } /* Check certificate was issued to this server; pass URI of * server. */ memset(&server, 0, sizeof server); ne_fill_server_uri(sess, &server); ret = check_identity(&server, cert, NULL); ne_uri_free(&server); if (ret < 0) { ne_set_error(sess, _("Server certificate was missing commonName " "attribute in subject name")); return NE_ERROR; } else if (ret > 0) failures |= NE_SSL_IDMISMATCH; if (failures == 0) { /* verified OK! */ ret = NE_OK; } else { /* Set up the error string. */ ne__ssl_set_verify_err(sess, failures); ret = NE_ERROR; /* Allow manual override */ if (sess->ssl_verify_fn && sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0) ret = NE_OK; } return ret; } /* Duplicate a client certificate, which must be in the decrypted state. */ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc) { ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc); newcc->decrypted = 1; newcc->pkey = cc->pkey; if (cc->friendly_name) newcc->friendly_name = ne_strdup(cc->friendly_name); populate_cert(&newcc->cert, cc->cert.subject); X509_up_ref(cc->cert.subject); EVP_PKEY_up_ref(cc->pkey); return newcc; } /* Callback invoked when the SSL server requests a client certificate. */ static int provide_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) { ne_session *const sess = SSL_get_app_data(ssl); if (!sess->client_cert && sess->ssl_provide_fn) { ne_ssl_dname **dnames = NULL, *dnarray = NULL; int n, count = 0; STACK_OF(X509_NAME) *ca_list = SSL_get_client_CA_list(ssl); count = ca_list ? sk_X509_NAME_num(ca_list) : 0; if (count > 0) { dnames = ne_malloc(count * sizeof(ne_ssl_dname *)); dnarray = ne_malloc(count * sizeof(ne_ssl_dname)); for (n = 0; n < count; n++) { dnames[n] = &dnarray[n]; dnames[n]->dn = sk_X509_NAME_value(ca_list, n); } } NE_DEBUG(NE_DBG_SSL, "Calling client certificate provider...\n"); sess->ssl_provide_fn(sess->ssl_provide_ud, sess, (const ne_ssl_dname *const *)dnames, count); if (count) { ne_free(dnarray); ne_free(dnames); } } if (sess->client_cert) { ne_ssl_client_cert *const cc = sess->client_cert; NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); EVP_PKEY_up_ref(cc->pkey); X509_up_ref(cc->cert.subject); *cert = cc->cert.subject; *pkey = cc->pkey; return 1; } else { sess->ssl_cc_requested = 1; NE_DEBUG(NE_DBG_SSL, "No client certificate supplied.\n"); return 0; } } void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert *cc) { sess->client_cert = dup_client_cert(cc); } ne_ssl_context *ne_ssl_context_create(int mode) { ne_ssl_context *ctx = ne_calloc(sizeof *ctx); if (mode == NE_SSL_CTX_CLIENT) { ctx->ctx = SSL_CTX_new(SSLv23_client_method()); ctx->sess = NULL; /* set client cert callback. */ SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert); /* enable workarounds for buggy SSL server implementations */ SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL); SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, verify_callback); #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10101000L SSL_CTX_set_post_handshake_auth(ctx->ctx, 1); #endif } else if (mode == NE_SSL_CTX_SERVER) { ctx->ctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); #ifdef SSL_OP_NO_TICKET /* disable ticket support since it inhibits testing of session * caching. */ SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_TICKET); #endif } else { ne_free(ctx); return NULL; } return ctx; } void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) { long opts = SSL_CTX_get_options(ctx->ctx); switch (flag) { case NE_SSL_CTX_SSLv2: if (value) { /* Enable SSLv2 support; clear the "no SSLv2" flag. */ opts &= ~SSL_OP_NO_SSLv2; } else { /* Disable it: set the flag. */ opts |= SSL_OP_NO_SSLv2; } break; } SSL_CTX_set_options(ctx->ctx, opts); } int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag) { switch (flag) { case NE_SSL_CTX_SSLv2: #ifdef OPENSSL_NO_SSL2 return 0; #else return ! (SSL_CTX_get_options(ctx->ctx) & SSL_OP_NO_SSLv2); #endif default: break; } return 0; } int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert, const char *key) { int ret; ret = SSL_CTX_use_PrivateKey_file(ctx->ctx, key, SSL_FILETYPE_PEM); if (ret == 1) { ret = SSL_CTX_use_certificate_chain_file(ctx->ctx, cert); } return ret == 1 ? 0 : -1; } int ne_ssl_context_set_verify(ne_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas) { if (required) { SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); } if (ca_names) { SSL_CTX_set_client_CA_list(ctx->ctx, SSL_load_client_CA_file(ca_names)); } if (verify_cas) { SSL_CTX_load_verify_locations(ctx->ctx, verify_cas, NULL); } return 0; } void ne_ssl_context_destroy(ne_ssl_context *ctx) { SSL_CTX_free(ctx->ctx); if (ctx->sess) SSL_SESSION_free(ctx->sess); ne_free(ctx); } #if !defined(HAVE_SSL_SESSION_CMP) && !defined(SSL_SESSION_cmp) \ && defined(OPENSSL_VERSION_NUMBER) \ && OPENSSL_VERSION_NUMBER > 0x10000000L /* OpenSSL 1.0 removed SSL_SESSION_cmp for no apparent reason - hoping * it is reasonable to assume that comparing the session IDs is * sufficient. */ static int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b) { const unsigned char *session1_buf, *session2_buf; unsigned int session1_len, session2_len; session1_buf = SSL_SESSION_get_id(a, &session1_len); session2_buf = SSL_SESSION_get_id(b, &session2_len); return session1_len == session2_len && memcmp(session1_buf, session2_buf, session1_len) == 0; } #endif /* For internal use only. */ int ne__negotiate_ssl(ne_session *sess) { ne_ssl_context *ctx = sess->ssl_context; SSL *ssl; STACK_OF(X509) *chain; int freechain = 0; /* non-zero if chain should be free'd. */ NE_DEBUG(NE_DBG_SSL, "Doing SSL negotiation.\n"); /* Pass through the hostname if SNI is enabled. */ ctx->hostname = sess->flags[NE_SESSFLAG_TLS_SNI] ? sess->server.hostname : NULL; sess->ssl_cc_requested = 0; ctx->failures = 0; if (ne_sock_connect_ssl(sess->socket, ctx, sess)) { if (ctx->sess) { /* remove cached session. */ SSL_SESSION_free(ctx->sess); ctx->sess = NULL; } if (sess->ssl_cc_requested) { ne_set_error(sess, _("SSL handshake failed, " "client certificate was requested: %s"), ne_sock_error(sess->socket)); } else { ne_set_error(sess, _("SSL handshake failed: %s"), ne_sock_error(sess->socket)); } return NE_ERROR; } ssl = ne__sock_sslsock(sess->socket); chain = SSL_get_peer_cert_chain(ssl); /* For an SSLv2 connection, the cert chain will always be NULL. */ if (chain == NULL) { X509 *cert = SSL_get_peer_certificate(ssl); if (cert) { chain = sk_X509_new_null(); sk_X509_push(chain, cert); freechain = 1; } } if (chain == NULL || sk_X509_num(chain) == 0) { ne_set_error(sess, _("SSL server did not present certificate")); return NE_ERROR; } if (sess->server_cert && X509_cmp(sk_X509_value(chain, 0), sess->server_cert->subject) == 0) { /* Same leaf cert used as last time - no need to reverify. */ if (freechain) sk_X509_free(chain); /* no longer need the chain */ } else { /* new connection: create the chain. */ ne_ssl_certificate *cert = make_chain(chain); if (freechain) sk_X509_free(chain); /* no longer need the chain */ if (check_certificate(sess, ssl, cert)) { NE_DEBUG(NE_DBG_SSL, "SSL certificate checks failed: %s\n", sess->error); ne_ssl_cert_free(cert); return NE_ERROR; } /* remember the chain. */ sess->server_cert = cert; } if (ctx->sess) { SSL_SESSION *newsess = SSL_get0_session(ssl); /* Replace the session if it has changed. */ if (newsess != ctx->sess || SSL_SESSION_cmp(ctx->sess, newsess)) { SSL_SESSION_free(ctx->sess); ctx->sess = SSL_get1_session(ssl); /* bumping the refcount */ } } else { /* Store the session. */ ctx->sess = SSL_get1_session(ssl); } return NE_OK; } const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert) { return &cert->issuer_dn; } const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert) { return &cert->subj_dn; } const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert) { return cert->issuer; } const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert) { return cert->identity; } void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert) { X509_STORE *store = SSL_CTX_get_cert_store(ctx->ctx); X509_STORE_add_cert(store, cert->subject); } void ne_ssl_trust_default_ca(ne_session *sess) { X509_STORE *store = SSL_CTX_get_cert_store(sess->ssl_context->ctx); #ifdef NE_SSL_CA_BUNDLE X509_STORE_load_locations(store, NE_SSL_CA_BUNDLE, NULL); #else X509_STORE_set_default_paths(store); #endif } /* Find a friendly name in a PKCS12 structure the hard way, without * decrypting the parts which are encrypted.. */ static char *find_friendly_name(PKCS12 *p12) { STACK_OF(PKCS7) *safes = PKCS12_unpack_authsafes(p12); int n, m; char *name = NULL; if (safes == NULL) return NULL; /* Iterate over the unpacked authsafes: */ for (n = 0; n < sk_PKCS7_num(safes) && !name; n++) { PKCS7 *safe = sk_PKCS7_value(safes, n); STACK_OF(PKCS12_SAFEBAG) *bags; /* Only looking for unencrypted authsafes. */ if (OBJ_obj2nid(safe->type) != NID_pkcs7_data) continue; bags = PKCS12_unpack_p7data(safe); if (!bags) continue; /* Iterate through the bags, picking out a friendly name */ for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && !name; m++) { PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, m); name = PKCS12_get_friendlyname(bag); } sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(safes, PKCS7_free); return name; } static ne_ssl_client_cert *parse_client_cert(PKCS12 *p12) { X509 *cert; EVP_PKEY *pkey; ne_ssl_client_cert *cc; if (p12 == NULL) { ERR_clear_error(); return NULL; } /* Try parsing with no password. */ if (PKCS12_parse(p12, NULL, &pkey, &cert, NULL) == 1) { /* Success - no password needed for decryption. */ int len = 0; unsigned char *name; if (!cert || !pkey) { PKCS12_free(p12); return NULL; } name = X509_alias_get0(cert, &len); cc = ne_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; if (name && len > 0) cc->friendly_name = ne_strndup((char *)name, len); populate_cert(&cc->cert, cert); PKCS12_free(p12); return cc; } else { /* Failed to parse the file */ int err = ERR_get_error(); ERR_clear_error(); if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 && ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE) { /* Decryption error due to bad password. */ cc = ne_calloc(sizeof *cc); cc->friendly_name = find_friendly_name(p12); cc->p12 = p12; return cc; } else { /* Some parse error, give up. */ PKCS12_free(p12); return NULL; } } } ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen) { ne_d2i_uchar *p; PKCS12 *p12; p = buffer; p12 = d2i_PKCS12(NULL, &p, buflen); return parse_client_cert(p12); } ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { PKCS12 *p12; FILE *fp; fp = fopen(filename, "rb"); if (fp == NULL) return NULL; p12 = d2i_PKCS12_fp(fp, NULL); fclose(fp); return parse_client_cert(p12); } #ifdef HAVE_PAKCHOIS ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, const RSA_METHOD *method) { ne_ssl_client_cert *cc; ne_d2i_uchar *p; X509 *x5; EVP_PKEY *pubkey, *privkey; RSA *rsa; p = der; x5 = d2i_X509(NULL, &p, der_len); /* p is incremented */ if (x5 == NULL) { ERR_clear_error(); return NULL; } pubkey = X509_get_pubkey(x5); if (EVP_PKEY_base_id(pubkey) != EVP_PKEY_RSA) { X509_free(x5); NE_DEBUG(NE_DBG_SSL, "ssl: Only RSA private keys are supported via PKCS#11.\n"); return NULL; } /* Duplicate the public parameters of the RSA key. */ rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pubkey)); /* Done with the copied public key. */ EVP_PKEY_free(pubkey); /* Switch to using customer RSA_METHOD for RSA object. */ RSA_set_method(rsa, method); /* Set up new EVP_PKEY. */ privkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(privkey, rsa); cc = ne_calloc(sizeof *cc); cc->decrypted = 1; cc->pkey = privkey; populate_cert(&cc->cert, x5); return cc; } #endif int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) { return !cc->decrypted; } int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) { X509 *cert; EVP_PKEY *pkey; if (PKCS12_parse(cc->p12, password, &pkey, &cert, NULL) != 1) { ERR_clear_error(); return -1; } if (X509_check_private_key(cert, pkey) != 1) { ERR_clear_error(); X509_free(cert); EVP_PKEY_free(pkey); NE_DEBUG(NE_DBG_SSL, "Decrypted private key/cert are not matched."); return -1; } PKCS12_free(cc->p12); populate_cert(&cc->cert, cert); cc->pkey = pkey; cc->decrypted = 1; cc->p12 = NULL; return 0; } const ne_ssl_certificate *ne_ssl_clicert_owner(const ne_ssl_client_cert *cc) { return &cc->cert; } const char *ne_ssl_clicert_name(const ne_ssl_client_cert *ccert) { return ccert->friendly_name; } ne_ssl_certificate *ne_ssl_cert_read(const char *filename) { FILE *fp = fopen(filename, "r"); X509 *cert; if (fp == NULL) return NULL; cert = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (cert == NULL) { NE_DEBUG(NE_DBG_SSL, "d2i_X509_fp failed: %s\n", ERR_reason_error_string(ERR_get_error())); ERR_clear_error(); return NULL; } return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), cert); } int ne_ssl_cert_write(const ne_ssl_certificate *cert, const char *filename) { FILE *fp = fopen(filename, "w"); if (fp == NULL) return -1; if (PEM_write_X509(fp, cert->subject) != 1) { ERR_clear_error(); fclose(fp); return -1; } if (fclose(fp) != 0) return -1; return 0; } void ne_ssl_cert_free(ne_ssl_certificate *cert) { X509_free(cert->subject); if (cert->issuer) ne_ssl_cert_free(cert->issuer); if (cert->identity) ne_free(cert->identity); ne_free(cert); } int ne_ssl_cert_cmp(const ne_ssl_certificate *c1, const ne_ssl_certificate *c2) { return X509_cmp(c1->subject, c2->subject); } /* The certificate import/export format is the base64 encoding of the * raw DER; PEM without the newlines and wrapping. */ ne_ssl_certificate *ne_ssl_cert_import(const char *data) { unsigned char *der; ne_d2i_uchar *p; size_t len; X509 *x5; /* decode the base64 to get the raw DER representation */ len = ne_unbase64(data, &der); if (len == 0) return NULL; p = der; x5 = d2i_X509(NULL, &p, len); /* p is incremented */ ne_free(der); if (x5 == NULL) { ERR_clear_error(); return NULL; } return populate_cert(ne_calloc(sizeof(struct ne_ssl_certificate_s)), x5); } char *ne_ssl_cert_export(const ne_ssl_certificate *cert) { int len; unsigned char *der, *p; char *ret; /* find the length of the DER encoding. */ len = i2d_X509(cert->subject, NULL); p = der = ne_malloc(len); i2d_X509(cert->subject, &p); /* p is incremented */ ret = ne_base64(der, len); ne_free(der); return ret; } static const EVP_MD *hash_to_md(unsigned int flags) { switch (flags & NE_HASH_ALGMASK) { case NE_HASH_MD5: return EVP_md5(); case NE_HASH_SHA256: return EVP_sha256(); #ifdef HAVE_OPENSSL11 case NE_HASH_SHA512: return EVP_sha512(); case NE_HASH_SHA512_256: return EVP_sha512_256(); #endif default: break; } return NULL; } #if SHA_DIGEST_LENGTH != 20 # error SHA digest length is not 20 bytes #endif char *ne_ssl_cert_hdigest(const ne_ssl_certificate *cert, unsigned int flags) { const EVP_MD *md = hash_to_md(flags); unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int len; if (!md) return NULL; if (!X509_digest(cert->subject, md, dig, &len)) { ERR_clear_error(); return NULL; } return ne__strhash2hex(dig, len, flags); } int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char *digest) { unsigned char sha1[EVP_MAX_MD_SIZE]; unsigned int len, j; char *p; if (!X509_digest(cert->subject, EVP_sha1(), sha1, &len) || len != 20) { ERR_clear_error(); return -1; } for (j = 0, p = digest; j < 20; j++) { *p++ = NE_HEX2ASC((sha1[j] >> 4) & 0x0f); *p++ = NE_HEX2ASC(sha1[j] & 0x0f); *p++ = ':'; } p[-1] = '\0'; return 0; } char *ne_vstrhash(unsigned int flags, va_list ap) { EVP_MD_CTX *ctx; const EVP_MD *md = hash_to_md(flags); unsigned char v[EVP_MAX_MD_SIZE]; unsigned int vlen; const char *arg; ctx = EVP_MD_CTX_new(); if (!ctx) return NULL; if (EVP_DigestInit(ctx, md) != 1) { EVP_MD_CTX_free(ctx); return NULL; } while ((arg = va_arg(ap, const char *)) != NULL) EVP_DigestUpdate(ctx, arg, strlen(arg)); EVP_DigestFinal_ex(ctx, v, &vlen); EVP_MD_CTX_free(ctx); return ne__strhash2hex(v, vlen, flags); } #if defined(NE_HAVE_TS_SSL) && OPENSSL_VERSION_NUMBER < 0x10100000L /* From OpenSSL 1.1.0 locking callbacks are no longer needed. */ #define WITH_OPENSSL_LOCKING (1) /* Implementation of locking callbacks to make OpenSSL thread-safe. * If the OpenSSL API was better designed, this wouldn't be necessary. * In OpenSSL releases without CRYPTO_set_idptr_callback, it's not * possible to implement the locking in a POSIX-compliant way, since * it's necessary to cast from a pthread_t to an unsigned long at some * point. */ #ifndef _WIN32 static pthread_mutex_t *locks; #else static HANDLE *locks; #endif static size_t num_locks; #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK /* Named to be obvious when it shows up in a backtrace. */ static unsigned long thread_id_neon(void) { #ifndef _WIN32 /* This will break if pthread_t is a structure; upgrading OpenSSL * >= 0.9.9 (which does not require this callback) is the only * solution. */ return (unsigned long) pthread_self(); #else return (unsigned long) GetCurrentThreadId(); #endif } #endif /* Another great API design win for OpenSSL: no return value! So if * the lock/unlock fails, all that can be done is to abort. */ static void thread_lock_neon(int mode, int n, const char *file, int line) { if (mode & CRYPTO_LOCK) { #ifndef _WIN32 if (pthread_mutex_lock(&locks[n])) { #else if (WaitForSingleObject(locks[n], INFINITE)) { #endif abort(); } } else { #ifndef _WIN32 if (pthread_mutex_unlock(&locks[n])) { #else if (!ReleaseMutex(locks[n])) { #endif abort(); } } } /* ID_CALLBACK_IS_{NEON,OTHER} evaluate as true if the currently * registered OpenSSL ID callback is the neon function (_NEON), or has * been overwritten by some other app (_OTHER). */ #ifdef HAVE_CRYPTO_SET_IDPTR_CALLBACK #define ID_CALLBACK_IS_OTHER (0) #define ID_CALLBACK_IS_NEON (1) #else #define ID_CALLBACK_IS_OTHER (CRYPTO_get_id_callback() != NULL) #define ID_CALLBACK_IS_NEON (CRYPTO_get_id_callback() == thread_id_neon) #endif #endif /* NE_HAVE_TS_SSL && OPENSSL_VERSION_NUMBER < 1.1.1 */ int ne__ssl_init(void) { #if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_malloc_init(); SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_algorithms(); #ifdef WITH_OPENSSL_LOCKING /* If some other library has already come along and set up the * thread-safety callbacks, then it must be presumed that the * other library will have a longer lifetime in the process than * neon. If the library which has installed the callbacks is * unloaded, then all bets are off. */ if (ID_CALLBACK_IS_OTHER || CRYPTO_get_locking_callback() != NULL) { NE_DEBUG(NE_DBG_SOCKET, "ssl: OpenSSL thread-safety callbacks already installed.\n"); NE_DEBUG(NE_DBG_SOCKET, "ssl: neon will not replace existing callbacks.\n"); } else { size_t n; num_locks = CRYPTO_num_locks(); /* For releases where CRYPTO_set_idptr_callback is present, * the default ID callback should be sufficient. */ #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK CRYPTO_set_id_callback(thread_id_neon); #endif CRYPTO_set_locking_callback(thread_lock_neon); locks = malloc(num_locks * sizeof *locks); for (n = 0; n < num_locks; n++) { #ifndef _WIN32 if (pthread_mutex_init(&locks[n], NULL)) { #else if ((locks[n] = CreateMutex(NULL, FALSE, NULL)) == NULL) { #endif NE_DEBUG(NE_DBG_SOCKET, "ssl: Failed to initialize pthread mutex.\n"); return -1; } } NE_DEBUG(NE_DBG_SOCKET, "ssl: Initialized OpenSSL thread-safety callbacks " "for %" NE_FMT_SIZE_T " locks.\n", num_locks); } #endif #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ return 0; } void ne__ssl_exit(void) { /* Cannot call ERR_free_strings() etc here in case any other code * in the process using OpenSSL. */ #ifdef WITH_OPENSSL_LOCKING /* Only unregister the callbacks if some *other* library has not * come along in the mean-time and trampled over the callbacks * installed by neon. */ if (CRYPTO_get_locking_callback() == thread_lock_neon && ID_CALLBACK_IS_NEON) { size_t n; #ifndef HAVE_CRYPTO_SET_IDPTR_CALLBACK CRYPTO_set_id_callback(NULL); #endif CRYPTO_set_locking_callback(NULL); for (n = 0; n < num_locks; n++) { #ifndef _WIN32 pthread_mutex_destroy(&locks[n]); #else CloseHandle(locks[n]); #endif } free(locks); } #endif } neon-0.32.2/src/ne_pkcs11.c000066400000000000000000000452011416727304000152620ustar00rootroot00000000000000/* neon PKCS#11 support Copyright (C) 2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include "ne_pkcs11.h" #ifdef HAVE_PAKCHOIS #include #include #include #include "ne_internal.h" #include "ne_alloc.h" #include "ne_private.h" #include "ne_privssl.h" struct ne_ssl_pkcs11_provider_s { pakchois_module_t *module; ne_ssl_pkcs11_pin_fn pin_fn; void *pin_data; pakchois_session_t *session; ne_ssl_client_cert *clicert; ck_object_handle_t privkey; ck_key_type_t keytype; #ifdef HAVE_OPENSSL RSA_METHOD *method; #endif }; /* To do list for PKCS#11 support: - propagate error strings back to ne_session; use new pakchois_error() for pakchois API 0.2 - add API to specify a particular slot number to use for clicert - add API to specify a particular cert ID for clicert - find a certificate which has an issuer matching the CA dnames given by GnuTLS - make sure subject name matches between pubkey and privkey - check error handling & fail gracefully if the token is ejected mid-session - add API to enumerate/search provided certs and allow direct choice? (or just punt) - the session<->provider interface requires that one clicert is used for all sessions. remove this limitation - add API to import all CA certs as trusted (CKA_CERTIFICATE_CATEGORY seems to be unused unfortunately; just add all X509 certs with CKA_TRUSTED set to true)) - make DSA work */ #ifdef HAVE_OPENSSL #include #include #if defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) #define PK11_RSA_ERR (RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) #else #define PK11_RSA_ERR (RSA_F_RSA_EAY_PRIVATE_ENCRYPT) #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L /* Compatibility functions for OpenSSL < 1.1.0: */ #define RSA_meth_get0_app_data(rsa) (void *)(rsa->app_data) static RSA_METHOD *RSA_meth_new(const char *name, int flags) { RSA_METHOD *m = ne_calloc(sizeof *m); m->name = name; m->flags = flags; return m; } #define RSA_meth_free ne_free #define RSA_meth_set_priv_enc(m, f) (m)->rsa_priv_enc = (f) #define RSA_meth_set0_app_data(m, f) (m)->app_data = (void *)(f) #endif /* RSA_METHOD ->rsa_private_encrypt callback. */ static int pk11_rsa_encrypt(int mlen, const unsigned char *m, unsigned char *sigret, RSA *r, int padding) { const RSA_METHOD *method = RSA_get_method(r); ne_ssl_pkcs11_provider *prov = RSA_meth_get0_app_data(method); ck_rv_t rv; struct ck_mechanism mech; unsigned long len; if (!prov->session || prov->privkey == CK_INVALID_HANDLE) { NE_DEBUG(NE_DBG_SSL, "pk11: Cannot sign, no session/key.\n"); RSAerr(PK11_RSA_ERR,ERR_R_RSA_LIB); return 0; } if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING) { NE_DEBUG(NE_DBG_SSL, "pk11: Cannot sign, unknown padding mode '%d'.\n", padding); RSAerr(PK11_RSA_ERR,ERR_R_RSA_LIB); return 0; } mech.mechanism = padding == RSA_PKCS1_PADDING ? CKM_RSA_PKCS : CKM_RSA_X_509; mech.parameter = NULL; mech.parameter_len = 0; /* Initialize signing operation; using the private key discovered * earlier. */ rv = pakchois_sign_init(prov->session, &mech, prov->privkey); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: SignInit failed: %lx.\n", rv); RSAerr(PK11_RSA_ERR, ERR_R_RSA_LIB); return 0; } len = RSA_size(r); rv = pakchois_sign(prov->session, (unsigned char *)m, mlen, sigret, &len); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: Sign failed.\n"); RSAerr(PK11_RSA_ERR, ERR_R_RSA_LIB); return 0; } NE_DEBUG(NE_DBG_SSL, "pk11: Signed successfully.\n"); return len; } /* Return an RSA_METHOD which will use the PKCS#11 provider to * implement the signing operation. */ static RSA_METHOD *pk11_rsa_method(ne_ssl_pkcs11_provider *prov) { RSA_METHOD *m = RSA_meth_new("neon PKCS#11", RSA_METHOD_FLAG_NO_CHECK); RSA_meth_set_priv_enc(m, pk11_rsa_encrypt); RSA_meth_set0_app_data(m, prov); return m; } #endif #ifdef HAVE_GNUTLS static int pk11_sign_callback(gnutls_privkey_t pkey, void *userdata, const gnutls_datum_t *raw_data, gnutls_datum_t *signature); #endif static int pk11_find_x509(ne_ssl_pkcs11_provider *prov, pakchois_session_t *pks, unsigned char *certid, unsigned long *cid_len) { struct ck_attribute a[3]; ck_object_class_t class; ck_certificate_type_t type; ck_rv_t rv; ck_object_handle_t obj; unsigned long count; int found = 0; /* Find objects with cert class and X.509 cert type. */ class = CKO_CERTIFICATE; type = CKC_X_509; a[0].type = CKA_CLASS; a[0].value = &class; a[0].value_len = sizeof class; a[1].type = CKA_CERTIFICATE_TYPE; a[1].value = &type; a[1].value_len = sizeof type; rv = pakchois_find_objects_init(pks, a, 2); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: FindObjectsInit failed.\n"); return 0; } while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK && count == 1) { unsigned char value[8192], subject[8192]; a[0].type = CKA_VALUE; a[0].value = value; a[0].value_len = sizeof value; a[1].type = CKA_ID; a[1].value = certid; a[1].value_len = *cid_len; a[2].type = CKA_SUBJECT; a[2].value = subject; a[2].value_len = sizeof subject; if (pakchois_get_attribute_value(pks, obj, a, 3) == CKR_OK) { ne_ssl_client_cert *cc; #ifdef HAVE_GNUTLS cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, pk11_sign_callback, prov); #else cc = ne__ssl_clicert_exkey_import(value, a[0].value_len, prov->method); #endif if (cc) { NE_DEBUG(NE_DBG_SSL, "pk11: Imported X.509 cert.\n"); prov->clicert = cc; found = 1; *cid_len = a[1].value_len; break; } } else { NE_DEBUG(NE_DBG_SSL, "pk11: Skipped cert, missing attrs.\n"); } } pakchois_find_objects_final(pks); return found; } #ifdef HAVE_OPENSSL /* No DSA support for OpenSSL (yet, anyway). */ #define KEYTYPE_IS_DSA(kt) (0) #else #define KEYTYPE_IS_DSA(kt) (kt == CKK_DSA) #endif static int pk11_find_pkey(ne_ssl_pkcs11_provider *prov, pakchois_session_t *pks, unsigned char *certid, unsigned long cid_len) { struct ck_attribute a[3]; ck_object_class_t class; ck_rv_t rv; ck_object_handle_t obj; unsigned long count; int found = 0; class = CKO_PRIVATE_KEY; /* Find an object with private key class and a certificate ID * which matches the certificate. */ /* FIXME: also match the cert subject. */ a[0].type = CKA_CLASS; a[0].value = &class; a[0].value_len = sizeof class; a[1].type = CKA_ID; a[1].value = certid; a[1].value_len = cid_len; rv = pakchois_find_objects_init(pks, a, 2); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: FindObjectsInit failed.\n"); /* TODO: error propagation */ return 0; } rv = pakchois_find_objects(pks, &obj, 1, &count); if (rv == CKR_OK && count == 1) { NE_DEBUG(NE_DBG_SSL, "pk11: Found private key.\n"); a[0].type = CKA_KEY_TYPE; a[0].value = &prov->keytype; a[0].value_len = sizeof prov->keytype; if (pakchois_get_attribute_value(pks, obj, a, 1) == CKR_OK && (prov->keytype == CKK_RSA || KEYTYPE_IS_DSA(prov->keytype))) { found = 1; prov->privkey = obj; } else { NE_DEBUG(NE_DBG_SSL, "pk11: Could not determine key type.\n"); } } pakchois_find_objects_final(pks); return found; } static int find_client_cert(ne_ssl_pkcs11_provider *prov, pakchois_session_t *pks) { unsigned char certid[8192]; unsigned long cid_len = sizeof certid; /* TODO: match cert subject too. */ return pk11_find_x509(prov, pks, certid, &cid_len) && pk11_find_pkey(prov, pks, certid, cid_len); } #ifdef HAVE_GNUTLS /* Callback invoked by GnuTLS to provide the signature. The signature * operation is handled here by the PKCS#11 provider. */ static int pk11_sign_callback(gnutls_privkey_t pkey, void *userdata, const gnutls_datum_t *hash, gnutls_datum_t *signature) { ne_ssl_pkcs11_provider *prov = userdata; ck_rv_t rv; struct ck_mechanism mech; unsigned long siglen; if (!prov->session || prov->privkey == CK_INVALID_HANDLE) { NE_DEBUG(NE_DBG_SSL, "pk11: Cannot sign, no session/key.\n"); return GNUTLS_E_NO_CERTIFICATE_FOUND; } mech.mechanism = prov->keytype == CKK_DSA ? CKM_DSA : CKM_RSA_PKCS; mech.parameter = NULL; mech.parameter_len = 0; /* Initialize signing operation; using the private key discovered * earlier. */ rv = pakchois_sign_init(prov->session, &mech, prov->privkey); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: SignInit failed: %lx.\n", rv); return GNUTLS_E_PK_SIGN_FAILED; } /* Work out how long the signature must be: */ rv = pakchois_sign(prov->session, hash->data, hash->size, NULL, &siglen); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: Sign1 failed.\n"); return GNUTLS_E_PK_SIGN_FAILED; } signature->data = gnutls_malloc(siglen); signature->size = siglen; rv = pakchois_sign(prov->session, hash->data, hash->size, signature->data, &siglen); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: Sign2 failed.\n"); return GNUTLS_E_PK_SIGN_FAILED; } NE_DEBUG(NE_DBG_SSL, "pk11: Signed successfully.\n"); return 0; } #endif static void terminate_string(unsigned char *str, size_t len) { unsigned char *ptr = str + len - 1; assert(len > 0); while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str) ptr--; if (ptr == str + len - 1) str[len-1] = '\0'; else ptr[1] = '\0'; } static int pk11_login(ne_ssl_pkcs11_provider *prov, ck_slot_id_t slot_id, pakchois_session_t *pks, struct ck_slot_info *sinfo) { struct ck_token_info tinfo; int attempt = 0; ck_rv_t rv; if (pakchois_get_token_info(prov->module, slot_id, &tinfo) != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: GetTokenInfo failed\n"); /* TODO: propagate error. */ return -1; } if ((tinfo.flags & CKF_LOGIN_REQUIRED) == 0) { NE_DEBUG(NE_DBG_SSL, "pk11: No login required.\n"); return 0; } /* For a token with a "protected" (out-of-band) authentication * path, calling login with a NULL username is all that is * required. */ if (tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) { if (pakchois_login(pks, CKU_USER, NULL, 0) == CKR_OK) { return 0; } else { NE_DEBUG(NE_DBG_SSL, "pk11: Protected login failed.\n"); /* TODO: error propagation. */ return -1; } } /* Otherwise, PIN entry is necessary for login, so fail if there's * no callback. */ if (!prov->pin_fn) { NE_DEBUG(NE_DBG_SSL, "pk11: No pin callback but login required.\n"); /* TODO: propagate error. */ return -1; } terminate_string(sinfo->slot_description, sizeof sinfo->slot_description); do { char pin[NE_SSL_P11PINLEN]; unsigned int flags = 0; /* If login has been attempted once already, check the token * status again, the flags might change. */ if (attempt) { if (pakchois_get_token_info(prov->module, slot_id, &tinfo) != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: GetTokenInfo failed\n"); /* TODO: propagate error. */ return -1; } } if (tinfo.flags & CKF_USER_PIN_COUNT_LOW) flags |= NE_SSL_P11PIN_COUNT_LOW; if (tinfo.flags & CKF_USER_PIN_FINAL_TRY) flags |= NE_SSL_P11PIN_FINAL_TRY; terminate_string(tinfo.label, sizeof tinfo.label); if (prov->pin_fn(prov->pin_data, attempt++, (char *)sinfo->slot_description, (char *)tinfo.label, flags, pin)) { return -1; } rv = pakchois_login(pks, CKU_USER, (unsigned char *)pin, strlen(pin)); ne__strzero(pin, sizeof pin); } while (rv == CKR_PIN_INCORRECT); NE_DEBUG(NE_DBG_SSL, "pk11: Login result = %lu\n", rv); return (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : -1; } static void pk11_provide(void *userdata, ne_session *sess, const ne_ssl_dname *const *dnames, int dncount) { ne_ssl_pkcs11_provider *prov = userdata; ck_slot_id_t *slots; unsigned long scount, n; if (prov->clicert) { NE_DEBUG(NE_DBG_SSL, "pk11: Using existing clicert.\n"); ne_ssl_set_clicert(sess, prov->clicert); return; } if (pakchois_get_slot_list(prov->module, 1, NULL, &scount) != CKR_OK || scount == 0) { NE_DEBUG(NE_DBG_SSL, "pk11: No slots.\n"); /* TODO: propagate error. */ return; } slots = ne_malloc(scount * sizeof *slots); if (pakchois_get_slot_list(prov->module, 1, slots, &scount) != CKR_OK) { ne_free(slots); NE_DEBUG(NE_DBG_SSL, "pk11: Really, no slots?\n"); /* TODO: propagate error. */ return; } NE_DEBUG(NE_DBG_SSL, "pk11: Found %ld slots.\n", scount); for (n = 0; n < scount; n++) { pakchois_session_t *pks; ck_rv_t rv; struct ck_slot_info sinfo; if (pakchois_get_slot_info(prov->module, slots[n], &sinfo) != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: GetSlotInfo failed\n"); continue; } if ((sinfo.flags & CKF_TOKEN_PRESENT) == 0) { NE_DEBUG(NE_DBG_SSL, "pk11: slot empty, ignoring\n"); continue; } rv = pakchois_open_session(prov->module, slots[n], CKF_SERIAL_SESSION, NULL, NULL, &pks); if (rv != CKR_OK) { NE_DEBUG(NE_DBG_SSL, "pk11: could not open slot, %ld (%ld: %ld)\n", rv, n, slots[n]); continue; } if (pk11_login(prov, slots[n], pks, &sinfo) == 0) { if (find_client_cert(prov, pks)) { NE_DEBUG(NE_DBG_SSL, "pk11: Setup complete.\n"); prov->session = pks; ne_ssl_set_clicert(sess, prov->clicert); ne_free(slots); return; } } pakchois_close_session(pks); } ne_free(slots); } static int pk11_init(ne_ssl_pkcs11_provider **provider, pakchois_module_t *module) { ne_ssl_pkcs11_provider *prov; prov = *provider = ne_calloc(sizeof *prov); prov->module = module; prov->privkey = CK_INVALID_HANDLE; #ifdef HAVE_OPENSSL prov->method = pk11_rsa_method(prov); #endif return NE_PK11_OK; } int ne_ssl_pkcs11_provider_init(ne_ssl_pkcs11_provider **provider, const char *name) { pakchois_module_t *pm; if (pakchois_module_load(&pm, name) == CKR_OK) { return pk11_init(provider, pm); } else { return NE_PK11_FAILED; } } int ne_ssl_pkcs11_nss_provider_init(ne_ssl_pkcs11_provider **provider, const char *name, const char *directory, const char *cert_prefix, const char *key_prefix, const char *secmod_db) { pakchois_module_t *pm; if (pakchois_module_nssload(&pm, name, directory, cert_prefix, key_prefix, secmod_db) == CKR_OK) { return pk11_init(provider, pm); } else { return NE_PK11_FAILED; } } void ne_ssl_pkcs11_provider_pin(ne_ssl_pkcs11_provider *provider, ne_ssl_pkcs11_pin_fn fn, void *userdata) { provider->pin_fn = fn; provider->pin_data = userdata; } void ne_ssl_set_pkcs11_provider(ne_session *sess, ne_ssl_pkcs11_provider *provider) { ne_ssl_provide_clicert(sess, pk11_provide, provider); } void ne_ssl_pkcs11_provider_destroy(ne_ssl_pkcs11_provider *prov) { if (prov->session) { pakchois_close_session(prov->session); } if (prov->clicert) { ne_ssl_clicert_free(prov->clicert); } pakchois_module_destroy(prov->module); #ifdef HAVE_OPENSSL RSA_meth_free(prov->method); #endif ne_free(prov); } #else /* !HAVE_PAKCHOIS */ int ne_ssl_pkcs11_provider_init(ne_ssl_pkcs11_provider **provider, const char *name) { return NE_PK11_NOTIMPL; } int ne_ssl_pkcs11_nss_provider_init(ne_ssl_pkcs11_provider **provider, const char *name, const char *directory, const char *cert_prefix, const char *key_prefix, const char *secmod_db) { return NE_PK11_NOTIMPL; } void ne_ssl_pkcs11_provider_destroy(ne_ssl_pkcs11_provider *provider) { } void ne_ssl_pkcs11_provider_pin(ne_ssl_pkcs11_provider *provider, ne_ssl_pkcs11_pin_fn fn, void *userdata) { } void ne_ssl_set_pkcs11_provider(ne_session *sess, ne_ssl_pkcs11_provider *provider) { } #endif /* HAVE_PAKCHOIS */ neon-0.32.2/src/ne_pkcs11.h000066400000000000000000000113211416727304000152630ustar00rootroot00000000000000/* PKCS#11 support for neon Copyright (C) 2008-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_PKCS11_H #define NE_PKCS11_H 1 #include "ne_defs.h" #include "ne_session.h" NE_BEGIN_DECLS typedef struct ne_ssl_pkcs11_provider_s ne_ssl_pkcs11_provider; #define NE_PK11_OK (0) #define NE_PK11_NOTIMPL (-1) #define NE_PK11_FAILED (-2) /* Initialize a PKCS#11 provider of given name. Returns NE_OK on * success, NE_PK11_FAILED if the provider could not be * loaded/initialized, and NE_PK11_NOTIMPL if PKCS#11 is not * supported. On success, *provider is set to non-NULL. */ int ne_ssl_pkcs11_provider_init(ne_ssl_pkcs11_provider **provider, const char *name); /* Initialize a NSS softoken pseudo-PKCS#11 provider of given name * (e.g. "softokn3") to supply a client certificate if requested, * using database in given directory name; the other parameters may be * NULL. Returns NE_OK on success, NE_PK11_FAILED if the provider * could not be loaded/initialized, and NE_PK11_NOTIMPL if PKCS#11 is * not supported. On success, *provider is set to non-NULL. */ int ne_ssl_pkcs11_nss_provider_init(ne_ssl_pkcs11_provider **provider, const char *name, const char *directory, const char *cert_prefix, const char *key_prefix, const char *secmod_db); /* Destroy a PKCS#11 provider object. */ void ne_ssl_pkcs11_provider_destroy(ne_ssl_pkcs11_provider *provider); /* Flags passed to PIN entry callback: */ #define NE_SSL_P11PIN_COUNT_LOW (0x01) /* an incorrect PIN has been * entered. */ #define NE_SSL_P11PIN_FINAL_TRY (0x02) /* token will become locked if * entered PIN is incorrect */ /* Size of buffer passed to PIN entry callback: */ #define NE_SSL_P11PINLEN (256) /* Callback for PKCS#11 PIN entry. The callback provides the PIN code * to unlock the token with label 'token_label' in the slot described * by 'slot_descr'. * * The PIN code, as a NUL-terminated ASCII string, should be copied * into the 'pin' buffer (of fixed length NE_SSL_P11PINLEN), and * return 0 to indicate success. Alternatively, the callback may * return -1 to indicate failure and cancel PIN entry (in which case, * the contents of the 'pin' parameter are ignored). * * When a PIN is required, the callback will be invoked repeatedly * (and indefinitely) until either the returned PIN code is correct, * the callback returns failure, or the token refuses login (e.g. when * the token is locked due to too many incorrect PINs!). For the * first such invocation, the 'attempt' counter will have value zero; * it will increase by one for each subsequent attempt. * * The NE_SSL_P11PIN_COUNT_LOW and/or NE_SSL_P11PIN_FINAL_TRY hints * may be set in the 'flags' argument, if these hints are made * available by the token; not all tokens expose these hints. */ typedef int (*ne_ssl_pkcs11_pin_fn)(void *userdata, int attempt, const char *slot_descr, const char *token_label, unsigned int flags, char *pin); /* Set the PIN entry callback for the given provider. This is * necessary for some (but not all) types of token. For tokens which * implement an out-of-band ("protected") authentication path, the PIN * entry callback will not be invoked. */ void ne_ssl_pkcs11_provider_pin(ne_ssl_pkcs11_provider *provider, ne_ssl_pkcs11_pin_fn fn, void *userdata); /* Set up a given PKCS#11 provider to supply an appropriate client * certificate if requested by the server. A provider may be * configured for use in multiple sessions. */ void ne_ssl_set_pkcs11_provider(ne_session *sess, ne_ssl_pkcs11_provider *provider); NE_END_DECLS #endif /* NE_PKCS11_H */ neon-0.32.2/src/ne_private.h000066400000000000000000000114441416727304000156410ustar00rootroot00000000000000/* HTTP Request Handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* THIS IS NOT A PUBLIC INTERFACE. You CANNOT include this header file * from an application. */ #ifndef NE_PRIVATE_H #define NE_PRIVATE_H #include "ne_request.h" #include "ne_socket.h" #include "ne_ssl.h" struct host_info { /* Type of host represented: */ enum proxy_type { PROXY_NONE = 0, PROXY_HTTP, /* an HTTP proxy */ PROXY_SOCKS /* a SOCKS proxy */ } proxy; unsigned int port; /* If hostname is non-NULL, host is identified by this hostname. */ char *hostname, *hostport; /* If address is non-NULL, the result of resolving ->hostname. */ ne_sock_addr *address; /* If current non-NULL, current network address used in ->address. */ const ne_inet_addr *current; /* If override is non-NULL, the host is identified by this network * address. */ const ne_inet_addr *network; struct host_info *next; }; /* Store every registered callback in a generic container, and cast * the function pointer when calling it. */ struct hook { void (*fn)(void); void *userdata; const char *id; /* non-NULL for accessors. */ struct hook *next; }; #define HAVE_HOOK(st,func) (st->hook->hooks->func != NULL) #define HOOK_FUNC(st, func) (*st->hook->hooks->func) /* Session support. */ struct ne_session_s { /* Connection information */ ne_socket *socket; /* non-zero if connection has been established. */ int connected; /* non-zero if connection has persisted beyond one request. */ int persisted; int is_http11; /* >0 if connected server is known to be * HTTP/1.1 compliant. */ char *scheme; /* Server host details. */ struct host_info server; /* Proxy host details, or NULL if not using a proxy. */ struct host_info *proxies; /* Most recently used proxy server. */ struct host_info *prev_proxy; /* Pointer to the active .server or .proxies as appropriate: */ struct host_info *nexthop; /* Local address to which sockets should be bound. */ const ne_inet_addr *local_addr; /* Settings */ int use_ssl; /* whether a secure connection is required */ int in_connect; /* doing a proxy CONNECT */ int any_proxy_http; /* whether any configured proxy is an HTTP proxy */ enum ne_sock_sversion socks_ver; char *socks_user, *socks_password; int flags[NE_SESSFLAG_LAST]; ne_progress progress_cb; void *progress_ud; ne_notify_status notify_cb; void *notify_ud; int rdtimeout, cotimeout; /* read, connect timeouts. */ struct hook *create_req_hooks, *pre_send_hooks, *post_send_hooks, *post_headers_hooks, *destroy_req_hooks, *destroy_sess_hooks, *close_conn_hooks, *private; char *user_agent; /* full User-Agent: header field */ #ifdef NE_HAVE_SSL ne_ssl_client_cert *client_cert; ne_ssl_certificate *server_cert; ne_ssl_context *ssl_context; int ssl_cc_requested; /* set to non-zero if a client cert was * requested during initial handshake, but * none could be provided. */ #endif /* Server cert verification callback: */ ne_ssl_verify_fn ssl_verify_fn; void *ssl_verify_ud; /* Client cert provider callback: */ ne_ssl_provide_fn ssl_provide_fn; void *ssl_provide_ud; ne_session_status_info status; /* Error string */ char error[512]; }; /* Pushes block of 'count' bytes at 'buf'. Returns non-zero on * error. */ typedef int (*ne_push_fn)(void *userdata, const char *buf, size_t count); /* Do the SSL negotiation. */ NE_PRIVATE int ne__negotiate_ssl(ne_session *sess); /* Set the session error appropriate for SSL verification failures. */ NE_PRIVATE void ne__ssl_set_verify_err(ne_session *sess, int failures); /* Return non-zero if hostname from certificate (cn) matches hostname * used for session (hostname); follows RFC2818 logic. */ NE_PRIVATE int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname); #endif /* HTTP_PRIVATE_H */ neon-0.32.2/src/ne_privssl.h000066400000000000000000000056201416727304000156700ustar00rootroot00000000000000/* SSL interface definitions internal to neon. Copyright (C) 2003-2021, Joe Orton Copyright (C) 2004, Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* THIS IS NOT A PUBLIC INTERFACE. You CANNOT include this header file * from an application. */ #ifndef NE_PRIVSSL_H #define NE_PRIVSSL_H /* This is the private interface between ne_socket, ne_gnutls and * ne_openssl. */ #include "ne_ssl.h" #include "ne_socket.h" #ifdef HAVE_OPENSSL #include struct ne_ssl_context_s { SSL_CTX *ctx; SSL_SESSION *sess; const char *hostname; /* for SNI */ int failures; /* bitmask of exposed failure bits. */ }; typedef SSL *ne_ssl_socket; /* Create a clicert object from cert DER {der, der_len}, using given * RSA_METHOD for the RSA object. */ NE_PRIVATE ne_ssl_client_cert * ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, const RSA_METHOD *method); #endif /* HAVE_OPENSSL */ #ifdef HAVE_GNUTLS #include #ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT #include #endif struct ne_ssl_context_s { gnutls_certificate_credentials_t cred; int verify; /* non-zero if client cert verification required */ const char *hostname; /* for SNI */ /* Session cache. */ union ne_ssl_scache { struct { gnutls_datum_t key, data; } server; #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_datum_t client; #else struct { char *data; size_t len; } client; #endif } cache; }; typedef gnutls_session_t ne_ssl_socket; NE_PRIVATE ne_ssl_client_cert * ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len, gnutls_privkey_sign_func sign_func, void *userdata); #endif /* HAVE_GNUTLS */ #ifdef NE_HAVE_SSL NE_PRIVATE ne_ssl_socket ne__sock_sslsock(ne_socket *sock); /* Process-global initialization of the SSL library; returns non-zero * on error. */ NE_PRIVATE int ne__ssl_init(void); /* Process-global de-initialization of the SSL library. */ NE_PRIVATE void ne__ssl_exit(void); #endif #endif /* NE_PRIVSSL_H */ neon-0.32.2/src/ne_props.c000066400000000000000000000450651416727304000153330ustar00rootroot00000000000000/* WebDAV property manipulation Copyright (C) 2000-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #include "ne_alloc.h" #include "ne_xml.h" #include "ne_props.h" #include "ne_basic.h" #include "ne_locks.h" #include "ne_internal.h" /* don't store flat props with a value > 10K */ #define MAX_FLATPROP_LEN (102400) struct ne_propfind_handler_s { ne_session *sess; ne_request *request; int has_props; /* whether we've already written some * props to the body. */ ne_buffer *body; ne_207_parser *parser207; ne_xml_parser *parser; /* Creator/destructor callbacks. */ ne_props_create_complex creator; ne_props_destroy_complex destructor; void *cd_userdata; /* Current propset, or NULL if none being processed. */ ne_prop_result_set *current; ne_buffer *value; /* current flat property value */ int depth; /* nesting depth within a flat property */ ne_props_result callback; void *userdata; }; #define ELM_flatprop (NE_207_STATE_TOP - 1) /* We build up the results of one 'response' element in memory. */ struct prop { char *name, *nspace, *value, *lang; /* Store a ne_propname here too, for convenience. pname.name = * name, pname.nspace = nspace, but they are const'ed in pname. */ ne_propname pname; }; #define NSPACE(x) ((x) ? (x) : "") struct propstat { struct prop *props; int numprops; ne_status status; }; /* Results set. */ struct ne_prop_result_set_s { struct propstat *pstats; int numpstats, counter; void *private; ne_uri uri; }; #define MAX_PROP_COUNTER (1024) static int startelm(void *userdata, int state, const char *nspace, const char *name, const char **atts); static int endelm(void *userdata, int state, const char *nspace, const char *name); /* Handle character data; flat property value. */ static int chardata(void *userdata, int state, const char *data, size_t len) { ne_propfind_handler *hdl = userdata; if (state == ELM_flatprop && hdl->value->length < MAX_FLATPROP_LEN) ne_buffer_append(hdl->value, data, len); return 0; } ne_xml_parser *ne_propfind_get_parser(ne_propfind_handler *handler) { return handler->parser; } ne_request *ne_propfind_get_request(ne_propfind_handler *handler) { return handler->request; } static int propfind(ne_propfind_handler *handler, ne_props_result results, void *userdata) { int ret; ne_request *req = handler->request; /* Register the flat property handler to catch any properties * which the user isn't handling as 'complex'. */ ne_xml_push_handler(handler->parser, startelm, chardata, endelm, handler); handler->callback = results; handler->userdata = userdata; ne_set_request_body_buffer(req, handler->body->data, ne_buffer_size(handler->body)); ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); ne_add_response_body_reader(req, ne_accept_207, ne_xml_parse_v, handler->parser); ret = ne_request_dispatch(req); if (ret == NE_OK && ne_get_status(req)->klass != 2) { ret = NE_ERROR; } else if (ne_xml_failed(handler->parser)) { ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); ret = NE_ERROR; } return ret; } static void set_body(ne_propfind_handler *hdl, const ne_propname *names) { ne_buffer *body = hdl->body; int n; if (!hdl->has_props) { ne_buffer_czappend(body, "\n"); hdl->has_props = 1; } for (n = 0; names[n].name != NULL; n++) { ne_buffer_concat(body, "<", names[n].name, " xmlns=\"", NSPACE(names[n].nspace), "\"/>\n", NULL); } } int ne_propfind_allprop(ne_propfind_handler *handler, ne_props_result results, void *userdata) { ne_buffer_czappend(handler->body, "\n"); return propfind(handler, results, userdata); } int ne_propfind_named(ne_propfind_handler *handler, const ne_propname *props, ne_props_result results, void *userdata) { set_body(handler, props); ne_buffer_czappend(handler->body, "\n"); return propfind(handler, results, userdata); } /* The easy one... PROPPATCH */ int ne_proppatch(ne_session *sess, const char *uri, const ne_proppatch_operation *items) { ne_request *req = ne_request_create(sess, "PROPPATCH", uri); ne_buffer *body = ne_buffer_create(); int n, ret; /* Create the request body */ ne_buffer_czappend(body, "\n" ""); for (n = 0; items[n].name != NULL; n++) { const char *elm = (items[n].type == ne_propset) ? "set" : "remove"; /* value */ ne_buffer_concat(body, "" "<", items[n].name->name, NULL); if (items[n].name->nspace) { ne_buffer_concat(body, " xmlns=\"", items[n].name->nspace, "\"", NULL); } if (items[n].type == ne_propset) { ne_buffer_concat(body, ">", items[n].value, NULL); } else { ne_buffer_append(body, ">", 1); } ne_buffer_concat(body, "name, ">\n", NULL); } ne_buffer_czappend(body, "\n"); ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); #ifdef NE_HAVE_DAV ne_lock_using_resource(req, uri, NE_DEPTH_ZERO); #endif ret = ne_simple_request(sess, req); ne_buffer_destroy(body); return ret; } /* Compare two property names. */ static int pnamecmp(const ne_propname *pn1, const ne_propname *pn2) { if (pn1->nspace == NULL && pn2->nspace != NULL) { return 1; } else if (pn1->nspace != NULL && pn2->nspace == NULL) { return -1; } else if (pn1->nspace == NULL) { return strcmp(pn1->name, pn2->name); } else { return (strcmp(pn1->nspace, pn2->nspace) || strcmp(pn1->name, pn2->name)); } } /* Find property in 'set' with name 'pname'. If found, set pstat_ret * to the containing propstat, likewise prop_ret, and returns zero. * If not found, returns non-zero. */ static int findprop(const ne_prop_result_set *set, const ne_propname *pname, struct propstat **pstat_ret, struct prop **prop_ret) { int ps, p; for (ps = 0; ps < set->numpstats; ps++) { for (p = 0; p < set->pstats[ps].numprops; p++) { struct prop *prop = &set->pstats[ps].props[p]; if (pnamecmp(&prop->pname, pname) == 0) { if (pstat_ret != NULL) *pstat_ret = &set->pstats[ps]; if (prop_ret != NULL) *prop_ret = prop; return 0; } } } return -1; } const char *ne_propset_value(const ne_prop_result_set *set, const ne_propname *pname) { struct prop *prop; if (findprop(set, pname, NULL, &prop)) { return NULL; } else { return prop->value; } } const char *ne_propset_lang(const ne_prop_result_set *set, const ne_propname *pname) { struct prop *prop; if (findprop(set, pname, NULL, &prop)) { return NULL; } else { return prop->lang; } } void *ne_propfind_current_private(ne_propfind_handler *handler) { return handler->current ? handler->current->private : NULL; } void *ne_propset_private(const ne_prop_result_set *set) { return set->private; } int ne_propset_iterate(const ne_prop_result_set *set, ne_propset_iterator iterator, void *userdata) { int ps, p; for (ps = 0; ps < set->numpstats; ps++) { for (p = 0; p < set->pstats[ps].numprops; p++) { struct prop *prop = &set->pstats[ps].props[p]; int ret = iterator(userdata, &prop->pname, prop->value, &set->pstats[ps].status); if (ret) return ret; } } return 0; } const ne_status *ne_propset_status(const ne_prop_result_set *set, const ne_propname *pname) { struct propstat *pstat; if (findprop(set, pname, &pstat, NULL)) { /* TODO: it is tempting to return a dummy status object here * rather than NULL, which says "Property result was not given * by server." but I'm not sure if this is best left to the * client. */ return NULL; } else { return &pstat->status; } } static void *start_response(void *userdata, const ne_uri *uri) { ne_prop_result_set *set = ne_calloc(sizeof(*set)); ne_propfind_handler *hdl = userdata; ne_uri_copy(&set->uri, uri); if (hdl->creator) { set->private = hdl->creator(hdl->cd_userdata, &set->uri); } hdl->current = set; return set; } static void *start_propstat(void *userdata, void *response) { ne_prop_result_set *set = response; ne_propfind_handler *hdl = userdata; struct propstat *pstat; int n; if (++hdl->current->counter == MAX_PROP_COUNTER) { ne_xml_set_error(hdl->parser, _("Response exceeds maximum property count")); return NULL; } n = set->numpstats; set->pstats = ne_realloc(set->pstats, sizeof(struct propstat) * (n+1)); set->numpstats = n+1; pstat = &set->pstats[n]; memset(pstat, 0, sizeof(*pstat)); /* And return this as the new pstat. */ return &set->pstats[n]; } static int startelm(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { ne_propfind_handler *hdl = userdata; struct propstat *pstat = ne_207_get_current_propstat(hdl->parser207); struct prop *prop; int n; const char *lang; /* Just handle all children of propstat and their descendants. */ if ((parent != NE_207_STATE_PROP && parent != ELM_flatprop) || pstat == NULL) return NE_XML_DECLINE; if (parent == ELM_flatprop) { /* collecting the flatprop value. */ hdl->depth++; if (hdl->value->used < MAX_FLATPROP_LEN) { const char **a = atts; ne_buffer_concat(hdl->value, "<", nspace, name, NULL); while (a[0] && hdl->value->used < MAX_FLATPROP_LEN) { const char *nsep = strchr(a[0], ':'), *pfx; /* Resolve the attribute namespace prefix, if any. * Ignore a failure to resolve the namespace prefix. */ pfx = nsep ? ne_xml_resolve_nspace(hdl->parser, a[0], nsep - a[0]) : NULL; if (pfx) { ne_buffer_concat(hdl->value, " ", pfx, nsep + 1, "='", a[1], "'", NULL); } else { ne_buffer_concat(hdl->value, " ", a[0], "='", a[1], "'", NULL); } a += 2; } ne_buffer_czappend(hdl->value, ">"); } return ELM_flatprop; } /* Enforce maximum number of properties per resource to prevent a * memory exhaustion attack by a hostile server. */ if (++hdl->current->counter == MAX_PROP_COUNTER) { ne_xml_set_error(hdl->parser, _("Response exceeds maximum property count")); return NE_XML_ABORT; } /* Add a property to this propstat */ n = pstat->numprops; pstat->props = ne_realloc(pstat->props, sizeof(struct prop) * (n + 1)); pstat->numprops = n+1; /* Fill in the new property. */ prop = &pstat->props[n]; prop->pname.name = prop->name = ne_strdup(name); if (nspace[0] == '\0') { prop->pname.nspace = prop->nspace = NULL; } else { prop->pname.nspace = prop->nspace = ne_strdup(nspace); } prop->value = NULL; NE_DEBUG(NE_DBG_XML, "Got property #%d: {%s}%s.\n", n, NSPACE(prop->nspace), prop->name); /* This is under discussion at time of writing (April '01), and it * looks like we need to retrieve the xml:lang property from any * element here or above. * * Also, I think we might need attribute namespace handling here. */ lang = ne_xml_get_attr(hdl->parser, atts, NULL, "xml:lang"); if (lang != NULL) { prop->lang = ne_strdup(lang); NE_DEBUG(NE_DBG_XML, "Property language is %s\n", prop->lang); } else { prop->lang = NULL; } hdl->depth = 0; return ELM_flatprop; } static int endelm(void *userdata, int state, const char *nspace, const char *name) { ne_propfind_handler *hdl = userdata; struct propstat *pstat = ne_207_get_current_propstat(hdl->parser207); int n; if (hdl->depth > 0) { /* nested. */ if (hdl->value->used < MAX_FLATPROP_LEN) ne_buffer_concat(hdl->value, "", NULL); hdl->depth--; } else { /* end of the current property value */ n = pstat->numprops - 1; pstat->props[n].value = ne_buffer_finish(hdl->value); hdl->value = ne_buffer_create(); } return 0; } static void end_propstat(void *userdata, void *pstat_v, const ne_status *status, const char *description) { struct propstat *pstat = pstat_v; /* Nothing to do if no status was given. */ if (!status) return; /* If we get a non-2xx response back here, we wipe the value for * each of the properties in this propstat, so the caller knows to * look at the status instead. It's annoying, since for each prop * we will have done an unnecessary strdup("") above, but there is * no easy way round that given the fact that we don't know * whether we've got an error or not till after we get the * property element. * * Interestingly IIS breaks the 2518 DTD and puts the status * element first in the propstat. This is useful since then we * *do* know whether each subsequent empty prop element means, but * we can't rely on that here. */ if (status->klass != 2) { int n; for (n = 0; n < pstat->numprops; n++) { ne_free(pstat->props[n].value); pstat->props[n].value = NULL; } } /* copy the status structure, and dup the reason phrase. */ pstat->status = *status; pstat->status.reason_phrase = ne_strdup(status->reason_phrase); } /* Frees up a results set */ static void free_propset(ne_propfind_handler *handler, ne_prop_result_set *set) { int n; if (handler->destructor && set->private) { handler->destructor(handler->cd_userdata, set->private); } for (n = 0; n < set->numpstats; n++) { int m; struct propstat *p = &set->pstats[n]; for (m = 0; m < p->numprops; m++) { if (p->props[m].nspace) ne_free(p->props[m].nspace); ne_free(p->props[m].name); if (p->props[m].lang) ne_free(p->props[m].lang); if (p->props[m].value) ne_free(p->props[m].value); p->props[m].nspace = p->props[m].lang = p->props[m].value = NULL; } if (p->status.reason_phrase) ne_free(p->status.reason_phrase); if (p->props) ne_free(p->props); } if (set->pstats) ne_free(set->pstats); ne_uri_free(&set->uri); ne_free(set); } static void end_response(void *userdata, void *resource, const ne_status *status, const char *description) { ne_propfind_handler *handler = userdata; ne_prop_result_set *set = resource; /* Pass back the results for this resource. */ if (handler->callback && set->numpstats > 0) handler->callback(handler->userdata, &set->uri, set); /* Clean up the propset tree we've just built. */ free_propset(handler, set); handler->current = NULL; } ne_propfind_handler * ne_propfind_create(ne_session *sess, const char *uri, int depth) { ne_propfind_handler *ret = ne_calloc(sizeof(ne_propfind_handler)); ne_uri base = {0}; ne_fill_server_uri(sess, &base); base.path = ne_strdup(uri); ret->parser = ne_xml_create(); ret->parser207 = ne_207_create(ret->parser, &base, ret); ret->sess = sess; ret->body = ne_buffer_create(); ret->request = ne_request_create(sess, "PROPFIND", uri); ret->value = ne_buffer_create(); ne_add_depth_header(ret->request, depth); ne_207_set_response_handlers(ret->parser207, start_response, end_response); ne_207_set_propstat_handlers(ret->parser207, start_propstat, end_propstat); if (ne_get_session_flag(sess, NE_SESSFLAG_SHAREPOINT)) ne_207_set_flags(ret->parser207, NE_207_MSSP_ESCAPING); /* The start of the request body is fixed: */ ne_buffer_czappend(ret->body, "\n" ""); ne_uri_free(&base); return ret; } /* Destroy a propfind handler */ void ne_propfind_destroy(ne_propfind_handler *handler) { ne_buffer_destroy(handler->value); if (handler->current) free_propset(handler, handler->current); ne_207_destroy(handler->parser207); ne_xml_destroy(handler->parser); ne_buffer_destroy(handler->body); ne_request_destroy(handler->request); ne_free(handler); } int ne_simple_propfind(ne_session *sess, const char *href, int depth, const ne_propname *props, ne_props_result results, void *userdata) { ne_propfind_handler *hdl; int ret; hdl = ne_propfind_create(sess, href, depth); if (props != NULL) { ret = ne_propfind_named(hdl, props, results, userdata); } else { ret = ne_propfind_allprop(hdl, results, userdata); } ne_propfind_destroy(hdl); return ret; } int ne_propnames(ne_session *sess, const char *href, int depth, ne_props_result results, void *userdata) { ne_propfind_handler *hdl; int ret; hdl = ne_propfind_create(sess, href, depth); ne_buffer_czappend(hdl->body, ""); ret = propfind(hdl, results, userdata); ne_propfind_destroy(hdl); return ret; } void ne_propfind_set_private(ne_propfind_handler *hdl, ne_props_create_complex creator, ne_props_destroy_complex destructor, void *userdata) { hdl->creator = creator; hdl->destructor = destructor; hdl->cd_userdata = userdata; } neon-0.32.2/src/ne_props.h000066400000000000000000000234251416727304000153340ustar00rootroot00000000000000/* WebDAV Properties manipulation Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_PROPS_H #define NE_PROPS_H #include "ne_request.h" #include "ne_207.h" NE_BEGIN_DECLS /* There are two interfaces for fetching properties. The first is * 'ne_simple_propfind', which is relatively simple, and easy to use, * but only lets you fetch FLAT properties, i.e. properties which are * just a string of bytes. The complex interface is 'ne_propfind_*', * which is complicated, and hard to use, but lets you parse * structured properties, i.e. properties which have XML content. */ /* The 'ne_simple_propfind' interface. *** * * ne_simple_propfind allows you to fetch a set of properties for a * single resource, or a tree of resources. You set the operation * going by passing these arguments: * * - the session which should be used. * - the URI and the depth of the operation (0, 1, infinite) * - the names of the properties which you want to fetch * - a results callback, and the userdata for the callback. * * For each resource found, the results callback is called, passing * you two things along with the userdata you passed in originally: * * - the URI of the resource (const ne_uri *uri) * - the properties results set (const ne_prop_result_set *results) * */ /* The name of a WebDAV property. 'nspace' may be NULL. */ typedef struct { const char *nspace, *name; } ne_propname; typedef struct ne_prop_result_set_s ne_prop_result_set; /* Get the value of a given property. Will return NULL if there was an * error fetching this property on this resource. Call * ne_propset_result to get the response-status if so. */ const char *ne_propset_value(const ne_prop_result_set *set, const ne_propname *propname); /* Returns the status structure for fetching the given property on * this resource. This function will return NULL if the server did not * return the property (which is a server error). */ const ne_status *ne_propset_status(const ne_prop_result_set *set, const ne_propname *propname); /* Returns the private pointer for the given propset. */ void *ne_propset_private(const ne_prop_result_set *set); /* Return language string of property (may be NULL). */ const char *ne_propset_lang(const ne_prop_result_set *set, const ne_propname *pname); /* ne_propset_iterate iterates over a properties result set, * calling the callback for each property in the set. userdata is * passed as the first argument to the callback. value may be NULL, * indicating an error occurred fetching this property: look at * status for the error in that case. * * If the iterator returns non-zero, ne_propset_iterate will return * immediately with that value. */ typedef int (*ne_propset_iterator)(void *userdata, const ne_propname *pname, const char *value, const ne_status *status); /* Iterate over all the properties in 'set', calling 'iterator' * for each, passing 'userdata' as the first argument to callback. * * Returns: * whatever value iterator returns. */ int ne_propset_iterate(const ne_prop_result_set *set, ne_propset_iterator iterator, void *userdata); /* Callback for handling the results of fetching properties for a * single resource (identified by URI 'uri'). The results are stored * in the result set 'results': use ne_propset_* to examine this * object. */ typedef void (*ne_props_result)(void *userdata, const ne_uri *uri, const ne_prop_result_set *results); /* Fetch properties for a resource (if depth == NE_DEPTH_ZERO), * or a tree of resources (if depth == NE_DEPTH_ONE or _INFINITE). * * Names of the properties required must be given in 'props', * or if props is NULL, *all* properties are fetched. * * 'results' is called for each resource in the response, userdata is * passed as the first argument to the callback. It is important to * note that the callback is called as the response is read off the * socket, so don't do anything silly in it (e.g. sleep(100), or call * any functions which use this session). * * Note that if 'depth' is NE_DEPTH_INFINITY, some servers may refuse * the request. * * Returns NE_*. */ int ne_simple_propfind(ne_session *sess, const char *path, int depth, const ne_propname *props, ne_props_result results, void *userdata); /* The properties of a resource can be manipulated using ne_proppatch. * A single proppatch request may include any number of individual * "set" and "remove" operations, and is defined to have * "all-or-nothing" semantics, so either all the operations succeed, * or none do. */ /* A proppatch operation may either set a property to have a new * value, in which case 'type' must be ne_propset, and 'value' must be * non-NULL; or it can remove a property; in which case 'type' must be * ne_propremove, and 'value' is ignored. In both cases, 'name' must * be set to the name of the property to alter. */ enum ne_proppatch_optype { ne_propset, ne_propremove }; typedef struct { const ne_propname *name; enum ne_proppatch_optype type; const char *value; } ne_proppatch_operation; /* Execute a set of property operations 'ops' on 'path'. 'ops' is an * array terminated by an operation with a NULL 'name' field. Returns * NE_*. */ int ne_proppatch(ne_session *sess, const char *path, const ne_proppatch_operation *ops); /* Retrieve property names for the resources at 'path'. 'results' * callback is called for each resource. Use 'ne_propset_iterate' on * the passed results object to retrieve the list of property names. * */ int ne_propnames(ne_session *sess, const char *path, int depth, ne_props_result results, void *userdata); /* The complex, you-do-all-the-work, property fetch interface: */ struct ne_propfind_handler_s; typedef struct ne_propfind_handler_s ne_propfind_handler; /* Retrieve the 'private' pointer for the current propset for the * given handler, as returned by the ne_props_create_complex callback * installed using 'ne_propfind_set_private'. If this callback was * not registered, this function will return NULL. */ void *ne_propfind_current_private(ne_propfind_handler *handler); /* Create a PROPFIND handler, for the given resource or set of * resources. * * Depth must be one of NE_DEPTH_*. */ ne_propfind_handler * ne_propfind_create(ne_session *sess, const char *path, int depth); /* Return the XML parser for the given handler (only need if you want * to handle complex properties). */ ne_xml_parser *ne_propfind_get_parser(ne_propfind_handler *handler); /* This interface reserves the state integer range 'x' where 0 < x * and x < NE_PROPS_STATE_TOP. */ #define NE_PROPS_STATE_TOP (NE_207_STATE_TOP + 100) /* Return the request object for the given handler. You MUST NOT use * ne_set_request_body_* on this request object. (this call is only * needed if for instance, you want to add extra headers to the * PROPFIND request). The result of using the request pointer after * ne_propfind_destroy(handler) has been called is undefined. */ ne_request *ne_propfind_get_request(ne_propfind_handler *handler); /* A "complex property" has a value which is structured XML. To handle * complex properties, you must set up and register an XML handler * which will understand the elements which make up such properties. * The handler must be registered with the parser returned by * 'ne_propfind_get_parser'. * * To store the parsed value of the property, a 'private' structure is * allocated in each propset (i.e. one per resource). When parsing the * property value elements, for each new resource encountered in the * response, the 'creator' callback is called to retrieve a 'private' * structure for this resource. When the private structure is no longer * needed, the 'destructor' callback is called to deallocate any * memory, if necessary. * * Whilst in XML element callbacks you will have registered to handle * complex properties, you can use the 'ne_propfind_current_private' * call to retrieve the pointer to this private structure. * * To retrieve this 'private' structure from the propset in the * results callback, simply call 'ne_propset_private'. * */ typedef void *(*ne_props_create_complex)(void *userdata, const ne_uri *uri); typedef void (*ne_props_destroy_complex)(void *userdata, void *complex); void ne_propfind_set_private(ne_propfind_handler *handler, ne_props_create_complex creator, ne_props_destroy_complex destructor, void *userdata); /* Fetch all properties. * * Returns NE_*. */ int ne_propfind_allprop(ne_propfind_handler *handler, ne_props_result result, void *userdata); /* Fetch all properties with names listed in array 'names', which is * terminated by a property with a NULL name field. For each resource * encountered, the result callback will be invoked, passing in * 'userdata' as the first argument. * * Returns NE_*. */ int ne_propfind_named(ne_propfind_handler *handler, const ne_propname *names, ne_props_result result, void *userdata); /* Destroy a propfind handler after use. */ void ne_propfind_destroy(ne_propfind_handler *handler); NE_END_DECLS #endif /* NE_PROPS_H */ neon-0.32.2/src/ne_redirect.c000066400000000000000000000071351416727304000157650ustar00rootroot00000000000000/* HTTP-redirect support Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #include "ne_session.h" #include "ne_request.h" #include "ne_alloc.h" #include "ne_uri.h" #include "ne_redirect.h" #include "ne_internal.h" #include "ne_string.h" #define REDIRECT_ID "http://www.webdav.org/neon/hooks/http-redirect" struct redirect { char *requri; int valid; /* non-zero if .uri contains a redirect */ ne_uri uri; ne_session *sess; }; static void create(ne_request *req, void *session, const char *method, const char *uri) { struct redirect *red = session; if (red->requri) ne_free(red->requri); red->requri = ne_strdup(uri); } #define REDIR(n) ((n) == 301 || (n) == 302 || (n) == 303 || \ (n) == 307) static int post_send(ne_request *req, void *private, const ne_status *status) { struct redirect *red = private; const char *location = ne_get_response_header(req, "Location"); ne_buffer *path = NULL; int ret; /* Don't do anything for non-redirect status or no Location header. */ if (!REDIR(status->code) || location == NULL) return NE_OK; if (strstr(location, "://") == NULL && location[0] != '/') { char *pnt; path = ne_buffer_create(); ne_buffer_zappend(path, red->requri); pnt = strrchr(path->data, '/'); if (pnt && pnt[1] != '\0') { /* Chop off last path segment. */ pnt[1] = '\0'; ne_buffer_altered(path); } ne_buffer_zappend(path, location); location = path->data; } /* free last uri. */ ne_uri_free(&red->uri); /* Parse the Location header */ if (ne_uri_parse(location, &red->uri) || red->uri.path == NULL) { red->valid = 0; ne_set_error(red->sess, _("Could not parse redirect destination URL")); ret = NE_ERROR; } else { /* got a valid redirect. */ red->valid = 1; ret = NE_REDIRECT; if (!red->uri.host) { /* Not an absoluteURI: breaks 2616 but everybody does it. */ ne_fill_server_uri(red->sess, &red->uri); } } if (path) ne_buffer_destroy(path); return ret; } static void free_redirect(void *cookie) { struct redirect *red = cookie; ne_uri_free(&red->uri); if (red->requri) ne_free(red->requri); ne_free(red); } void ne_redirect_register(ne_session *sess) { struct redirect *red = ne_calloc(sizeof *red); red->sess = sess; ne_hook_create_request(sess, create, red); ne_hook_post_send(sess, post_send, red); ne_hook_destroy_session(sess, free_redirect, red); ne_set_session_private(sess, REDIRECT_ID, red); } const ne_uri *ne_redirect_location(ne_session *sess) { struct redirect *red = ne_get_session_private(sess, REDIRECT_ID); if (red && red->valid) return &red->uri; else return NULL; } neon-0.32.2/src/ne_redirect.h000066400000000000000000000027531416727304000157730ustar00rootroot00000000000000/* HTTP-redirect support Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_REDIRECT_H #define NE_REDIRECT_H #include "ne_request.h" NE_BEGIN_DECLS /* Register redirect handling for the session: if a valid redirect * (30x) response is given for any request in this session, the * request will fail with the NE_REDIRECT code, and the destination of * the redirect can be retrieved using ne_redirect_location(). */ void ne_redirect_register(ne_session *sess); /* Returns location of last redirect for the session. Returns NULL if * no redirect has been encountered for given session, or the last * redirect encountered could not be parsed. */ const ne_uri *ne_redirect_location(ne_session *sess); NE_END_DECLS #endif /* NE_REDIRECT_H */ neon-0.32.2/src/ne_request.c000066400000000000000000001505051416727304000156540ustar00rootroot00000000000000/* HTTP request/response handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* This is the HTTP client request/response implementation. * The goal of this code is to be modular and simple. */ #include "config.h" #include #include #include #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_internal.h" #include "ne_alloc.h" #include "ne_request.h" #include "ne_string.h" /* for ne_buffer */ #include "ne_utils.h" #include "ne_socket.h" #include "ne_uri.h" #include "ne_private.h" #define SOCK_ERR(req, op, msg) do { ssize_t sret = (op); \ if (sret < 0) return aborted(req, msg, sret); } while (0) #define EOL "\r\n" struct body_reader { ne_block_reader handler; ne_accept_response accept_response; unsigned int use; void *userdata; struct body_reader *next; }; struct field { char *name, *value; size_t vlen; struct field *next; }; /* Maximum number of interim responses. */ #define MAX_INTERIM_RESPONSES (128) /* Maximum number of header fields per response: */ #define MAX_HEADER_FIELDS (100) /* Size of hash table; 43 is the smallest prime for which the common * header names hash uniquely using the *33 hash function. */ #define HH_HASHSIZE (43) /* Hash iteration step: *33 known to be a good hash for ASCII, see RSE. */ #define HH_ITERATE(hash, ch) (((hash)*33 + (unsigned char)(ch)) % HH_HASHSIZE) /* pre-calculated hash values for given header names: */ #define HH_HV_CONNECTION (0x14) #define HH_HV_PROXY_CONNECTION (0x1A) #define HH_HV_CONTENT_LENGTH (0x13) #define HH_HV_TRANSFER_ENCODING (0x07) struct ne_request_s { char *method, *target; /* method and request-target */ ne_buffer *headers; /* request headers */ /* Request body. */ ne_provide_body body_cb; void *body_ud; /* Request body source: file or buffer (if not callback). */ union { struct { int fd; ne_off_t offset, length; ne_off_t remain; /* remaining bytes to send. */ } file; struct { /* length bytes @ buffer = whole body. * remain bytes @ pnt = remaining bytes to send */ const char *buffer, *pnt; size_t length, remain; } buf; } body; ne_off_t body_length; /* length of request body */ /* temporary store for response lines. */ char respbuf[NE_BUFSIZ]; /**** Response ***/ /* The transfer encoding types */ struct ne_response { enum { R_TILLEOF = 0, /* read till eof */ R_NO_BODY, /* implicitly no body (HEAD, 204, 304) */ R_CHUNKED, /* using chunked transfer-encoding */ R_CLENGTH /* using given content-length */ } mode; union { /* clen: used if mode == R_CLENGTH; total and bytes * remaining to be read of response body. */ struct { ne_off_t total, remain; } clen; /* chunk: used if mode == R_CHUNKED; total and bytes * remaining to be read of current chunk */ struct { size_t total, remain; } chunk; } body; ne_off_t progress; /* number of bytes read of response */ } resp; struct hook *private; /* response header fields */ struct field *response_headers[HH_HASHSIZE]; unsigned int current_index; /* response_headers cursor for iterator */ /* List of callbacks which are passed response body blocks */ struct body_reader *body_readers; /*** Miscellaneous ***/ unsigned int method_is_head; unsigned int can_persist; int flags[NE_REQFLAG_LAST]; ne_session *session; ne_status status; }; static int open_connection(ne_session *sess); /* Returns hash value for header 'name', converting it to lower-case * in-place. */ static inline unsigned int hash_and_lower(char *name) { char *pnt; unsigned int hash = 0; for (pnt = name; *pnt != '\0'; pnt++) { *pnt = ne_tolower(*pnt); hash = HH_ITERATE(hash,*pnt); } return hash; } /* Abort a request due to an non-recoverable HTTP protocol error, * whilst doing 'doing'. 'code', if non-zero, is the socket error * code, NE_SOCK_*, or if zero, is ignored. */ static int aborted(ne_request *req, const char *doing, ssize_t code) { ne_session *sess = req->session; int ret = NE_ERROR; NE_DEBUG(NE_DBG_HTTP, "Aborted request (%" NE_FMT_SSIZE_T "): %s\n", code, doing); switch(code) { case NE_SOCK_CLOSED: if (sess->nexthop->proxy != PROXY_NONE) { ne_set_error(sess, _("%s: connection was closed by proxy server"), doing); } else { ne_set_error(sess, _("%s: connection was closed by server"), doing); } break; case NE_SOCK_TIMEOUT: ne_set_error(sess, _("%s: connection timed out"), doing); ret = NE_TIMEOUT; break; case NE_SOCK_ERROR: case NE_SOCK_RESET: case NE_SOCK_TRUNC: ne_set_error(sess, "%s: %s", doing, ne_sock_error(sess->socket)); break; case 0: ne_set_error(sess, "%s", doing); break; } ne_close_connection(sess); return ret; } static void notify_status(ne_session *sess, ne_session_status status) { if (sess->notify_cb) { sess->notify_cb(sess->notify_ud, status, &sess->status); } } static void *get_private(const struct hook *hk, const char *id) { for (; hk != NULL; hk = hk->next) if (strcmp(hk->id, id) == 0) return hk->userdata; return NULL; } void *ne_get_request_private(ne_request *req, const char *id) { return get_private(req->private, id); } void *ne_get_session_private(ne_session *sess, const char *id) { return get_private(sess->private, id); } void ne_set_request_private(ne_request *req, const char *id, void *userdata) { struct hook *hk = ne_malloc(sizeof (struct hook)), *pos; if (req->private != NULL) { for (pos = req->private; pos->next != NULL; pos = pos->next) /* nullop */; pos->next = hk; } else { req->private = hk; } hk->id = id; hk->fn = NULL; hk->userdata = userdata; hk->next = NULL; } static ssize_t body_string_send(void *userdata, char *buffer, size_t count) { ne_request *req = userdata; if (count == 0) { req->body.buf.remain = req->body.buf.length; req->body.buf.pnt = req->body.buf.buffer; } else { /* if body_left == 0 we fall through and return 0. */ if (req->body.buf.remain < count) count = req->body.buf.remain; memcpy(buffer, req->body.buf.pnt, count); req->body.buf.pnt += count; req->body.buf.remain -= count; } return count; } static ssize_t body_fd_send(void *userdata, char *buffer, size_t count) { ne_request *req = userdata; if (count) { ssize_t ret; if (req->body.file.remain == 0) return 0; /* Casts here are necessary for LFS platforms for safe and * warning-free assignment/comparison between 32-bit size_t * and 64-bit off64_t: */ if ((ne_off_t)count > req->body.file.remain) count = (size_t)req->body.file.remain; ret = read(req->body.file.fd, buffer, count); if (ret > 0) { req->body.file.remain -= ret; return ret; } else if (ret == 0) { ne_set_error(req->session, _("Premature EOF in request body file")); } else if (ret < 0) { char err[200]; int errnum = errno; ne_set_error(req->session, _("Failed reading request body file: %s"), ne_strerror(errnum, err, sizeof err)); } return -1; } else { ne_off_t newoff; /* rewind for next send. */ newoff = ne_lseek(req->body.file.fd, req->body.file.offset, SEEK_SET); if (newoff == req->body.file.offset) { req->body.file.remain = req->body.file.length; return 0; } else { char err[200], offstr[20]; if (newoff == -1) { /* errno was set */ ne_strerror(errno, err, sizeof err); } else { ne_strnzcpy(err, _("offset invalid"), sizeof err); } ne_snprintf(offstr, sizeof offstr, "%" FMT_NE_OFF_T, req->body.file.offset); ne_set_error(req->session, _("Could not seek to offset %s" " of request body file: %s"), offstr, err); return -1; } } } /* For accurate persistent connection handling, for any write() or * read() operation for a new request on an already-open connection, * an EOF or RST error MUST be treated as a persistent connection * timeout, and the request retried on a new connection. Once a * read() operation has succeeded, any subsequent error MUST be * treated as fatal. A 'retry' flag is used; retry=1 represents the * first case, retry=0 the latter. */ /* RETRY_RET() crafts a function return value given the 'retry' flag, * the socket error 'code', and the return value 'acode' from the * aborted() function. */ #define RETRY_RET(retry, code, acode) \ ((((code) == NE_SOCK_CLOSED || (code) == NE_SOCK_RESET || \ (code) == NE_SOCK_TRUNC) && retry) ? NE_RETRY : (acode)) /* For sending chunks, an 8-byte prefix is reserved at the beginning * of the buffer. This is large enough for a trailing \r\n for the * previous chunk, the chunk size, and the \r\n following the * chunk-size. */ #define CHUNK_OFFSET (8) #define CHUNK_TERM "\r\n0\r\n\r\n" #define CHUNK_NULL_TERM "0\r\n\r\n" /* Sends the request body; returns 0 on success or an NE_* error code. * If retry is non-zero; will return NE_RETRY on persistent connection * timeout. On error, the session error string is set and the * connection is closed. */ static int send_request_body(ne_request *req, int retry) { ne_session *const sess = req->session; char buffer[NE_BUFSIZ], *start; ssize_t bytes; size_t buflen; int chunked = req->body_length < 0, chunknum = 0; int ret; NE_DEBUG(NE_DBG_HTTP, "Sending request body:\n"); /* Set up status union and (start, buflen) as the buffer to be * passed the supplied callback. */ if (chunked) { start = buffer + CHUNK_OFFSET; buflen = sizeof(buffer) - CHUNK_OFFSET; req->session->status.sr.total = -1; } else { start = buffer; buflen = sizeof buffer; req->session->status.sr.total = req->body_length; } req->session->status.sr.progress = 0; notify_status(sess, ne_status_sending); /* tell the source to start again from the beginning. */ if (req->body_cb(req->body_ud, NULL, 0) != 0) { ne_close_connection(sess); return NE_ERROR; } while ((bytes = req->body_cb(req->body_ud, start, buflen)) > 0) { req->session->status.sr.progress += bytes; if (chunked) { /* Overwrite the buffer prefix with the appropriate chunk * size; since ne_snprintf always NUL-terminates, the \n * is omitted and placed over the NUL afterwards. */ if (chunknum++ == 0) ne_snprintf(buffer, CHUNK_OFFSET, "%06x\r", (unsigned)bytes); else ne_snprintf(buffer, CHUNK_OFFSET, "\r\n%04x\r", (unsigned)bytes); buffer[CHUNK_OFFSET - 1] = '\n'; bytes += CHUNK_OFFSET; } ret = ne_sock_fullwrite(sess->socket, buffer, bytes); if (ret < 0) { int aret = aborted(req, _("Could not send request body"), ret); return RETRY_RET(retry, ret, aret); } NE_DEBUG(NE_DBG_HTTPBODY, "Body block (%" NE_FMT_SSIZE_T " bytes):\n[%.*s]\n", bytes, (int)bytes, buffer); /* invoke progress callback */ notify_status(sess, ne_status_sending); } if (bytes) { NE_DEBUG(NE_DBG_HTTP, "Request body provider failed with " "%" NE_FMT_SSIZE_T "\n", bytes); ne_close_connection(sess); return NE_ERROR; } if (chunked) { if (chunknum == 0) ret = ne_sock_fullwrite(sess->socket, CHUNK_NULL_TERM, sizeof(CHUNK_NULL_TERM) - 1); else ret = ne_sock_fullwrite(sess->socket, CHUNK_TERM, sizeof(CHUNK_TERM) - 1); if (ret < 0) { int aret = aborted(req, _("Could not send chunked " "request terminator"), ret); return RETRY_RET(retry, ret, aret); } } return NE_OK; } /* Set up buffer for initial request headers. */ static ne_buffer *initial_request_headers(ne_request *req) { ne_session *const sess = req->session; ne_buffer *hdrs = ne_buffer_create(); if (sess->user_agent) { ne_buffer_zappend(hdrs, sess->user_agent); } /* If persistent connections are disabled, just send Connection: * close; otherwise, send Connection: Keep-Alive to pre-1.1 origin * servers to try harder to get a persistent connection, except if * using a proxy as per 2068§19.7.1. Always add TE: trailers. */ if (!sess->flags[NE_SESSFLAG_PERSIST]) { ne_buffer_czappend(hdrs, "Connection: TE, close" EOL); } else if (!sess->is_http11 && !sess->any_proxy_http) { ne_buffer_czappend(hdrs, "Keep-Alive: " EOL "Connection: TE, Keep-Alive" EOL); } else if (!req->session->is_http11 && !sess->any_proxy_http) { ne_buffer_czappend(hdrs, "Keep-Alive: " EOL "Proxy-Connection: Keep-Alive" EOL "Connection: TE" EOL); } else { ne_buffer_czappend(hdrs, "Connection: TE" EOL); } ne_buffer_concat(hdrs, "TE: trailers" EOL "Host: ", req->session->server.hostport, EOL, NULL); return hdrs; } int ne_accept_always(void *userdata, ne_request *req, const ne_status *st) { return 1; } int ne_accept_2xx(void *userdata, ne_request *req, const ne_status *st) { return (st->klass == 2); } ne_request *ne_request_create(ne_session *sess, const char *method, const char *path) { ne_request *req = ne_calloc(sizeof *req); req->session = sess; /* Presume the method is idempotent by default. */ req->flags[NE_REQFLAG_IDEMPOTENT] = 1; /* Expect-100 default follows the corresponding session flag. */ req->flags[NE_REQFLAG_EXPECT100] = sess->flags[NE_SESSFLAG_EXPECT100]; /* Add in the fixed headers */ req->headers = initial_request_headers(req); /* Set the standard stuff */ req->method = ne_strdup(method); req->method_is_head = (strcmp(method, "HEAD") == 0); /* Only use an absoluteURI here when we might be using an HTTP * proxy, and SSL is in use: some servers can't parse them. */ if (sess->any_proxy_http && !req->session->use_ssl && path[0] == '/') req->target = ne_concat(req->session->scheme, "://", req->session->server.hostport, path, NULL); else req->target = ne_strdup(path); { struct hook *hk; for (hk = sess->create_req_hooks; hk != NULL; hk = hk->next) { ne_create_request_fn fn = (ne_create_request_fn)hk->fn; fn(req, hk->userdata, req->method, req->target); } } return req; } /* Set the request body length to 'length' */ static void set_body_length(ne_request *req, ne_off_t length) { req->body_length = length; if (length >= 0) ne_print_request_header(req, "Content-Length", "%" FMT_NE_OFF_T, length); else /* length < 0 => chunked body */ ne_add_request_header(req, "Transfer-Encoding", "chunked"); } void ne_set_request_body_buffer(ne_request *req, const char *buffer, size_t size) { req->body.buf.buffer = buffer; req->body.buf.length = size; req->body_cb = body_string_send; req->body_ud = req; set_body_length(req, size); } void ne_set_request_body_provider(ne_request *req, ne_off_t bodysize, ne_provide_body provider, void *ud) { req->body_cb = provider; req->body_ud = ud; set_body_length(req, bodysize); } void ne_set_request_body_fd(ne_request *req, int fd, ne_off_t offset, ne_off_t length) { req->body.file.fd = fd; req->body.file.offset = offset; req->body.file.length = length; req->body_cb = body_fd_send; req->body_ud = req; set_body_length(req, length); } void ne_set_request_flag(ne_request *req, ne_request_flag flag, int value) { if (flag < (ne_request_flag)NE_REQFLAG_LAST) { req->flags[flag] = value; } } int ne_get_request_flag(ne_request *req, ne_request_flag flag) { if (flag < (ne_request_flag)NE_REQFLAG_LAST) { return req->flags[flag]; } return -1; } void ne_add_request_header(ne_request *req, const char *name, const char *value) { ne_buffer_concat(req->headers, name, ": ", value, EOL, NULL); } void ne_print_request_header(ne_request *req, const char *name, const char *format, ...) { va_list params; char buf[NE_BUFSIZ]; va_start(params, format); ne_vsnprintf(buf, sizeof buf, format, params); va_end(params); ne_buffer_concat(req->headers, name, ": ", buf, EOL, NULL); } /* Returns the value of the response header 'name', for which the hash * value is 'h', or NULL if the header is not found. */ static inline char *get_response_header_hv(ne_request *req, unsigned int h, const char *name) { struct field *f; for (f = req->response_headers[h]; f; f = f->next) if (strcmp(f->name, name) == 0) return f->value; return NULL; } const char *ne_get_response_header(ne_request *req, const char *name) { char *lcname = ne_strdup(name); unsigned int hash = hash_and_lower(lcname); char *value = get_response_header_hv(req, hash, lcname); ne_free(lcname); return value; } /* The return value of the iterator function is a pointer to the * struct field of the previously returned header. */ void *ne_response_header_iterate(ne_request *req, void *iterator, const char **name, const char **value) { struct field *f = iterator; unsigned int n; if (f == NULL) { n = 0; } else if ((f = f->next) == NULL) { n = req->current_index + 1; } if (f == NULL) { while (n < HH_HASHSIZE && req->response_headers[n] == NULL) n++; if (n == HH_HASHSIZE) return NULL; /* no more headers */ f = req->response_headers[n]; req->current_index = n; } *name = f->name; *value = f->value; return f; } /* Removes the response header 'name', which has hash value 'hash'. */ static void remove_response_header(ne_request *req, const char *name, unsigned int hash) { struct field **ptr = req->response_headers + hash; while (*ptr) { struct field *const f = *ptr; if (strcmp(f->name, name) == 0) { *ptr = f->next; ne_free(f->name); ne_free(f->value); ne_free(f); return; } ptr = &f->next; } } /* Free all stored response headers. */ static void free_response_headers(ne_request *req) { int n; for (n = 0; n < HH_HASHSIZE; n++) { struct field **ptr = req->response_headers + n; while (*ptr) { struct field *const f = *ptr; *ptr = f->next; ne_free(f->name); ne_free(f->value); ne_free(f); } } } void ne_add_response_body_reader(ne_request *req, ne_accept_response acpt, ne_block_reader rdr, void *userdata) { struct body_reader *new = ne_malloc(sizeof *new); new->accept_response = acpt; new->handler = rdr; new->userdata = userdata; new->next = req->body_readers; req->body_readers = new; } void ne_request_destroy(ne_request *req) { struct body_reader *rdr, *next_rdr; struct hook *hk, *next_hk; ne_free(req->target); ne_free(req->method); for (rdr = req->body_readers; rdr != NULL; rdr = next_rdr) { next_rdr = rdr->next; ne_free(rdr); } free_response_headers(req); ne_buffer_destroy(req->headers); NE_DEBUG(NE_DBG_HTTP, "Running destroy hooks.\n"); for (hk = req->session->destroy_req_hooks; hk; hk = next_hk) { ne_destroy_req_fn fn = (ne_destroy_req_fn)hk->fn; next_hk = hk->next; fn(req, hk->userdata); } for (hk = req->private; hk; hk = next_hk) { next_hk = hk->next; ne_free(hk); } if (req->status.reason_phrase) ne_free(req->status.reason_phrase); NE_DEBUG(NE_DBG_HTTP, "Request ends.\n"); ne_free(req); } /* Reads a block of the response into BUFFER, which is of size * *BUFLEN. Returns zero on success or non-zero on error. On * success, *BUFLEN is updated to be the number of bytes read into * BUFFER (which will be 0 to indicate the end of the response). On * error, the connection is closed and the session error string is * set. */ static int read_response_block(ne_request *req, struct ne_response *resp, char *buffer, size_t *buflen) { ne_socket *const sock = req->session->socket; size_t willread; ssize_t readlen; switch (resp->mode) { case R_CHUNKED: /* Chunked transfer-encoding: chunk syntax is "SIZE CRLF CHUNK * CRLF SIZE CRLF CHUNK CRLF ..." followed by zero-length * chunk: "CHUNK CRLF 0 CRLF". resp.chunk.remain contains the * number of bytes left to read in the current chunk. */ if (resp->body.chunk.remain == 0) { unsigned long chunk_len; char *ptr; /* Read the chunk size line into a temporary buffer. */ SOCK_ERR(req, ne_sock_readline(sock, req->respbuf, sizeof req->respbuf), _("Could not read chunk size")); NE_DEBUG(NE_DBG_HTTP, "[chunk] < %s", req->respbuf); chunk_len = strtoul(req->respbuf, &ptr, 16); /* limit chunk size to <= UINT_MAX, so it will probably * fit in a size_t. */ if (ptr == req->respbuf || chunk_len == ULONG_MAX || chunk_len > UINT_MAX) { return aborted(req, _("Could not parse chunk size"), 0); } NE_DEBUG(NE_DBG_HTTP, "Got chunk size: %lu\n", chunk_len); resp->body.chunk.remain = chunk_len; } willread = resp->body.chunk.remain > *buflen ? *buflen : resp->body.chunk.remain; break; case R_CLENGTH: willread = resp->body.clen.remain > (off_t)*buflen ? *buflen : (size_t)resp->body.clen.remain; break; case R_TILLEOF: willread = *buflen; break; case R_NO_BODY: default: willread = 0; break; } if (willread == 0) { *buflen = 0; return 0; } NE_DEBUG(NE_DBG_HTTP, "Reading %" NE_FMT_SIZE_T " bytes of response body.\n", willread); readlen = ne_sock_read(sock, buffer, willread); /* EOF is only valid when response body is delimited by it. * Strictly, an SSL truncation should not be treated as an EOF in * any case, but SSL servers are just too buggy. */ if (resp->mode == R_TILLEOF && (readlen == NE_SOCK_CLOSED || readlen == NE_SOCK_TRUNC)) { NE_DEBUG(NE_DBG_HTTP, "Got EOF.\n"); req->can_persist = 0; readlen = 0; } else if (readlen < 0) { return aborted(req, _("Could not read response body"), readlen); } else { NE_DEBUG(NE_DBG_HTTP, "Got %" NE_FMT_SSIZE_T " bytes.\n", readlen); } /* safe to cast: readlen guaranteed to be >= 0 above */ *buflen = (size_t)readlen; NE_DEBUG(NE_DBG_HTTPBODY, "Read block (%" NE_FMT_SSIZE_T " bytes):\n[%.*s]\n", readlen, (int)readlen, buffer); if (resp->mode == R_CHUNKED) { resp->body.chunk.remain -= readlen; if (resp->body.chunk.remain == 0) { char crlfbuf[2]; /* If we've read a whole chunk, read a CRLF */ readlen = ne_sock_fullread(sock, crlfbuf, 2); if (readlen < 0) return aborted(req, _("Could not read chunk delimiter"), readlen); else if (crlfbuf[0] != '\r' || crlfbuf[1] != '\n') return aborted(req, _("Chunk delimiter was invalid"), 0); } } else if (resp->mode == R_CLENGTH) { resp->body.clen.remain -= readlen; } resp->progress += readlen; return NE_OK; } ssize_t ne_read_response_block(ne_request *req, char *buffer, size_t buflen) { struct body_reader *rdr; size_t readlen = buflen; struct ne_response *const resp = &req->resp; if (read_response_block(req, resp, buffer, &readlen)) return -1; if (readlen) { req->session->status.sr.progress += readlen; notify_status(req->session, ne_status_recving); } for (rdr = req->body_readers; rdr!=NULL; rdr=rdr->next) { if (rdr->use && rdr->handler(rdr->userdata, buffer, readlen) != 0) { ne_close_connection(req->session); return -1; } } return readlen; } /* Build the request string, returning the buffer. */ static ne_buffer *build_request(ne_request *req) { struct hook *hk; ne_buffer *buf = ne_buffer_create(); /* Add Request-Line and headers: */ ne_buffer_concat(buf, req->method, " ", req->target, " HTTP/1.1" EOL, NULL); /* Add custom headers: */ ne_buffer_append(buf, req->headers->data, ne_buffer_size(req->headers)); if (req->body_length && req->flags[NE_REQFLAG_EXPECT100]) { ne_buffer_czappend(buf, "Expect: 100-continue\r\n"); } NE_DEBUG(NE_DBG_HTTP, "Running pre_send hooks\n"); for (hk = req->session->pre_send_hooks; hk!=NULL; hk = hk->next) { ne_pre_send_fn fn = (ne_pre_send_fn)hk->fn; fn(req, hk->userdata, buf); } ne_buffer_czappend(buf, "\r\n"); return buf; } #ifdef NE_DEBUGGING #define DEBUG_DUMP_REQUEST(x) dump_request(x) static void dump_request(const char *request) { if (ne_debug_mask & NE_DBG_HTTPPLAIN) { /* Display everything mode */ NE_DEBUG(NE_DBG_HTTP, "Sending request headers:\n%s", request); } else if (ne_debug_mask & NE_DBG_HTTP) { /* Blank out the Authorization parameters */ char *reqdebug = ne_strdup(request), *pnt = reqdebug; while ((pnt = strstr(pnt, "Authorization: ")) != NULL) { for (pnt += 15; *pnt != '\r' && *pnt != '\0'; pnt++) { *pnt = 'x'; } } NE_DEBUG(NE_DBG_HTTP, "Sending request headers:\n%s", reqdebug); ne_free(reqdebug); } } #else #define DEBUG_DUMP_REQUEST(x) #endif /* DEBUGGING */ /* remove trailing EOL from 'buf', where strlen(buf) == *len. *len is * adjusted in accordance with any changes made to the string to * remain equal to strlen(buf). */ static inline void strip_eol(char *buf, ssize_t *len) { char *pnt = buf + *len - 1; while (pnt >= buf && (*pnt == '\r' || *pnt == '\n')) { *pnt-- = '\0'; (*len)--; } } #ifdef NE_HAVE_SSL #define SSL_CC_REQUESTED(_r) (_r->session->ssl_cc_requested) #else #define SSL_CC_REQUESTED(_r) (0) #endif /* Read and parse response status-line into 'status'. 'retry' is non-zero * if an NE_RETRY should be returned if an EOF is received. */ static int read_status_line(ne_request *req, ne_status *status, int retry) { char *buffer = req->respbuf; ssize_t ret; ret = ne_sock_readline(req->session->socket, buffer, sizeof req->respbuf); if (ret <= 0) { const char *errstr = SSL_CC_REQUESTED(req) ? _("Could not read status line (TLS client certificate was requested)") : _("Could not read status line"); int aret = aborted(req, errstr, ret); return RETRY_RET(retry, ret, aret); } NE_DEBUG(NE_DBG_HTTP, "[status-line] < %s", buffer); strip_eol(buffer, &ret); if (status->reason_phrase) ne_free(status->reason_phrase); memset(status, 0, sizeof *status); /* Hack to allow ShoutCast-style servers, if requested. */ if (req->session->flags[NE_SESSFLAG_ICYPROTO] && strncmp(buffer, "ICY ", 4) == 0 && strlen(buffer) > 8 && buffer[7] == ' ') { status->code = atoi(buffer + 4); status->major_version = 1; status->minor_version = 0; status->reason_phrase = ne_strclean(ne_strdup(buffer + 8)); status->klass = buffer[4] - '0'; NE_DEBUG(NE_DBG_HTTP, "[status-line] ICY protocol; code %d\n", status->code); } else if (ne_parse_statusline(buffer, status)) { return aborted(req, _("Could not parse response status line"), 0); } return 0; } /* Discard a set of message headers. */ static int discard_headers(ne_request *req) { do { SOCK_ERR(req, ne_sock_readline(req->session->socket, req->respbuf, sizeof req->respbuf), _("Could not read interim response headers")); NE_DEBUG(NE_DBG_HTTP, "[discard] < %s", req->respbuf); } while (strcmp(req->respbuf, EOL) != 0); return NE_OK; } /* Send the request, and read the response Status-Line. Returns: * NE_RETRY connection closed by server; persistent connection * timeout * NE_OK success * NE_* error * On NE_RETRY and NE_* responses, the connection will have been * closed already. */ static int send_request(ne_request *req, const ne_buffer *request) { ne_session *const sess = req->session; ne_status *const status = &req->status; int sentbody = 0; /* zero until body has been sent. */ int ret, retry; /* retry non-zero whilst the request should be retried */ unsigned count; ssize_t sret; /* Send the Request-Line and headers */ NE_DEBUG(NE_DBG_HTTP, "Sending request-line and headers:\n"); /* Open the connection if necessary */ ret = open_connection(sess); if (ret) return ret; /* Allow retry if a persistent connection has been used. */ retry = sess->persisted; sret = ne_sock_fullwrite(req->session->socket, request->data, ne_buffer_size(request)); if (sret < 0) { int aret = aborted(req, _("Could not send request"), sret); return RETRY_RET(retry, sret, aret); } if (!req->flags[NE_REQFLAG_EXPECT100] && req->body_length) { /* Send request body, if not using 100-continue. */ ret = send_request_body(req, retry); if (ret) { return ret; } } NE_DEBUG(NE_DBG_HTTP, "Request sent; retry is %d.\n", retry); /* Loop eating interim 1xx responses; RFC 7231§6.2 says clients * MUST be able to parse unsolicited interim responses. */ for (count = 0; count < MAX_INTERIM_RESPONSES && (ret = read_status_line(req, status, retry)) == NE_OK && status->klass == 1; count++) { NE_DEBUG(NE_DBG_HTTP, "[req] Interim %d response %d.\n", status->code, count); retry = 0; /* successful read() => never retry now. */ /* Discard headers with the interim response. */ if ((ret = discard_headers(req)) != NE_OK) break; if (req->flags[NE_REQFLAG_EXPECT100] && (status->code == 100) && req->body_length && !sentbody) { /* Send the body after receiving the first 100 Continue */ if ((ret = send_request_body(req, 0)) != NE_OK) break; sentbody = 1; } } if (count == MAX_INTERIM_RESPONSES) { return aborted(req, _("Too many interim responses"), 0); } return ret; } /* Read a message header from sock into buf, which has size 'buflen'. * * Returns: * NE_RETRY: Success, read a header into buf. * NE_OK: End of headers reached. * NE_ERROR: Error (session error is set, connection closed). */ static int read_message_header(ne_request *req, char *buf, size_t buflen) { ssize_t n; ne_socket *sock = req->session->socket; n = ne_sock_readline(sock, buf, buflen); if (n <= 0) return aborted(req, _("Error reading response headers"), n); NE_DEBUG(NE_DBG_HTTP, "[hdr] %s", buf); strip_eol(buf, &n); if (n == 0) { NE_DEBUG(NE_DBG_HTTP, "End of headers.\n"); return NE_OK; } buf += n; buflen -= n; while (buflen > 0) { char ch; /* Collect any extra lines into buffer */ SOCK_ERR(req, ne_sock_peek(sock, &ch, 1), _("Error reading response headers")); if (ch != ' ' && ch != '\t') { /* No continuation of this header: stop reading. */ return NE_RETRY; } /* Otherwise, read the next line onto the end of 'buf'. */ n = ne_sock_readline(sock, buf, buflen); if (n <= 0) { return aborted(req, _("Error reading response headers"), n); } NE_DEBUG(NE_DBG_HTTP, "[cont] %s", buf); strip_eol(buf, &n); /* assert(buf[0] == ch), which implies len(buf) > 0. * Otherwise the TCP stack is lying, but we'll be paranoid. * This might be a \t, so replace it with a space for ease of * parsing; this is permitted by RFC 7230§3.5. */ if (n) buf[0] = ' '; /* ready for the next header. */ buf += n; buflen -= n; } ne_set_error(req->session, _("Response header too long")); return NE_ERROR; } #define MAX_HEADER_LEN (8192) /* Add a respnose header field for the given request, using * precalculated hash value. */ static void add_response_header(ne_request *req, unsigned int hash, char *name, char *value) { struct field **nextf = &req->response_headers[hash]; size_t vlen = strlen(value); while (*nextf) { struct field *const f = *nextf; if (strcmp(f->name, name) == 0) { if (vlen + f->vlen < MAX_HEADER_LEN) { /* merge the header field */ f->value = ne_realloc(f->value, f->vlen + vlen + 3); memcpy(f->value + f->vlen, ", ", 2); memcpy(f->value + f->vlen + 2, value, vlen + 1); f->vlen += vlen + 2; } return; } nextf = &f->next; } (*nextf) = ne_malloc(sizeof **nextf); (*nextf)->name = ne_strdup(name); (*nextf)->value = ne_strdup(value); (*nextf)->vlen = vlen; (*nextf)->next = NULL; } /* Read response headers. Returns NE_* code, sets session error and * closes connection on error. */ static int read_response_headers(ne_request *req) { char hdr[MAX_HEADER_LEN]; int ret, count = 0; while ((ret = read_message_header(req, hdr, sizeof hdr)) == NE_RETRY && ++count < MAX_HEADER_FIELDS) { char *pnt; unsigned int hash = 0; /* Strip any trailing whitespace */ pnt = hdr + strlen(hdr) - 1; while (pnt > hdr && (*pnt == ' ' || *pnt == '\t')) *pnt-- = '\0'; /* Convert the header name to lower case and hash it. */ for (pnt = hdr; (*pnt != '\0' && *pnt != ':' && *pnt != ' ' && *pnt != '\t'); pnt++) { *pnt = ne_tolower(*pnt); hash = HH_ITERATE(hash,*pnt); } /* Skip over any whitespace before the colon. */ while (*pnt == ' ' || *pnt == '\t') *pnt++ = '\0'; /* ignore header lines which lack a ':'. */ if (*pnt != ':') continue; /* NUL-terminate at the colon (when no whitespace before) */ *pnt++ = '\0'; /* Skip any whitespace after the colon... */ while (*pnt == ' ' || *pnt == '\t') pnt++; /* pnt now points to the header value. */ NE_DEBUG(NE_DBG_HTTP, "Header Name: [%s], Value: [%s]\n", hdr, pnt); add_response_header(req, hash, hdr, pnt); } if (count == MAX_HEADER_FIELDS) ret = aborted( req, _("Response exceeded maximum number of header fields"), 0); return ret; } /* Perform any necessary DNS lookup for the host given by *info; * returns NE_ code with error string set on error. */ static int lookup_host(ne_session *sess, struct host_info *info) { NE_DEBUG(NE_DBG_HTTP, "Doing DNS lookup on %s...\n", info->hostname); sess->status.lu.hostname = info->hostname; notify_status(sess, ne_status_lookup); info->address = ne_addr_resolve(info->hostname, 0); if (ne_addr_result(info->address)) { char buf[256]; ne_set_error(sess, _("Could not resolve hostname `%s': %s"), info->hostname, ne_addr_error(info->address, buf, sizeof buf)); ne_addr_destroy(info->address); info->address = NULL; return NE_LOOKUP; } else { return NE_OK; } } int ne_begin_request(ne_request *req) { struct body_reader *rdr; ne_buffer *data; const ne_status *const st = &req->status; const char *value; struct hook *hk; int ret, forced_closure = 0; /* If a non-idempotent request is sent on a persisted connection, * then it is impossible to distinguish between a server failure * and a connection timeout if an EOF/RST is received. So don't * do that. */ if (!req->flags[NE_REQFLAG_IDEMPOTENT] && req->session->persisted && !req->session->flags[NE_SESSFLAG_CONNAUTH]) { NE_DEBUG(NE_DBG_HTTP, "req: Closing connection for non-idempotent " "request.\n"); ne_close_connection(req->session); } /* Build the request string, and send it */ data = build_request(req); DEBUG_DUMP_REQUEST(data->data); ret = send_request(req, data); /* Retry this once after a persistent connection timeout. */ if (ret == NE_RETRY) { NE_DEBUG(NE_DBG_HTTP, "Persistent connection timed out, retrying.\n"); ret = send_request(req, data); } ne_buffer_destroy(data); if (ret != NE_OK) return ret == NE_RETRY ? NE_ERROR : ret; /* Determine whether server claims HTTP/1.1 compliance. */ req->session->is_http11 = (st->major_version == 1 && st->minor_version > 0) || st->major_version > 1; /* Persistent connections supported implicitly in HTTP/1.1 */ if (req->session->is_http11) req->can_persist = 1; ne_set_error(req->session, "%d %s", st->code, st->reason_phrase); /* Empty the response header hash, in case this request was * retried: */ free_response_headers(req); /* Read the headers */ ret = read_response_headers(req); if (ret) return ret; /* check the Connection header */ value = get_response_header_hv(req, HH_HV_CONNECTION, "connection"); if (value) { char *vcopy = ne_strdup(value), *ptr = vcopy; do { char *token = ne_shave(ne_token(&ptr, ','), " \t"); unsigned int hash = hash_and_lower(token); if (strcmp(token, "close") == 0) { req->can_persist = 0; forced_closure = 1; } else if (strcmp(token, "keep-alive") == 0) { req->can_persist = 1; } else if (!req->session->is_http11 && strcmp(token, "connection")) { /* Strip the header per 2616§14.10, last para. Avoid * danger from "Connection: connection". */ remove_response_header(req, token, hash); } } while (ptr); ne_free(vcopy); } /* Support "Proxy-Connection: keep-alive" for compatibility with * some HTTP/1.0 proxies; it is risky to do this, because an * intermediary proxy may not support this HTTP/1.0 extension, but * will not strip the header either. Persistent connection * support is enabled based on the presence of this header if: * a) it is *necessary* to do so due to the use of a connection-auth * scheme, and * b) connection closure was not forced via "Connection: close". */ if (req->session->nexthop->proxy == PROXY_HTTP && !req->session->is_http11 && !forced_closure && req->session->flags[NE_SESSFLAG_CONNAUTH]) { value = get_response_header_hv(req, HH_HV_PROXY_CONNECTION, "proxy-connection"); if (value && ne_strcasecmp(value, "keep-alive") == 0) { NE_DEBUG(NE_DBG_HTTP, "req: Using persistent connection " "for HTTP/1.0 proxy requiring conn-auth hack.\n"); req->can_persist = 1; } } /* Decide which method determines the response message-length per * RFC 7230§3.3.3, method cases follow: */ #ifdef NE_HAVE_SSL /* Case (2) is special-cased first for CONNECT: the response has * no body, and the connection can persist. */ if (req->session->in_connect && st->klass == 2) { req->resp.mode = R_NO_BODY; req->can_persist = 1; } else #endif /* Case (1), HEAD requests and 204, 304 responses have no response * body, regardless of what headers are present. */ if (req->method_is_head || st->code == 204 || st->code == 304) { req->resp.mode = R_NO_BODY; } /* Case (3), chunked transer-encoding.. */ else if ((value = get_response_header_hv(req, HH_HV_TRANSFER_ENCODING, "transfer-encoding")) != NULL && ne_strcasecmp(value, "identity") != 0) { /* Otherwise, fail iff an unknown transfer-coding is used. */ if (ne_strcasecmp(value, "chunked") == 0) { req->resp.mode = R_CHUNKED; req->resp.body.chunk.remain = 0; } else { return aborted(req, _("Unknown transfer-coding in response"), 0); } } /* Case (4) and (5), content-length delimited. */ else if ((value = get_response_header_hv(req, HH_HV_CONTENT_LENGTH, "content-length")) != NULL) { char *endptr = NULL; ne_off_t len = ne_strtoff(value, &endptr, 10); if (*value && len != NE_OFFT_MAX && len >= 0 && endptr && *endptr == '\0') { req->resp.mode = R_CLENGTH; req->resp.body.clen.total = req->resp.body.clen.remain = len; } else { /* Per case (4), an invalid C-L must be treated as an error. */ return aborted(req, _("Invalid Content-Length in response"), 0); } } /* Case (7), response delimited by EOF. */ else { req->resp.mode = R_TILLEOF; /* otherwise: read-till-eof mode */ } NE_DEBUG(NE_DBG_HTTP, "Running post_headers hooks\n"); for (hk = req->session->post_headers_hooks; hk != NULL; hk = hk->next) { ne_post_headers_fn fn = (ne_post_headers_fn)hk->fn; fn(req, hk->userdata, &req->status); } /* Prepare for reading the response entity-body. Call each of the * body readers and ask them whether they want to accept this * response or not. */ for (rdr = req->body_readers; rdr != NULL; rdr=rdr->next) { rdr->use = rdr->accept_response(rdr->userdata, req, st); } req->session->status.sr.progress = 0; req->session->status.sr.total = req->resp.mode == R_CLENGTH ? req->resp.body.clen.total : -1; notify_status(req->session, ne_status_recving); return NE_OK; } int ne_end_request(ne_request *req) { struct hook *hk; int ret; /* Read headers in chunked trailers */ if (req->resp.mode == R_CHUNKED) { ret = read_response_headers(req); if (ret) return ret; } else { ret = NE_OK; } NE_DEBUG(NE_DBG_HTTP, "Running post_send hooks\n"); for (hk = req->session->post_send_hooks; ret == NE_OK && hk != NULL; hk = hk->next) { ne_post_send_fn fn = (ne_post_send_fn)hk->fn; ret = fn(req, hk->userdata, &req->status); } /* Close the connection if persistent connections are disabled or * not supported by the server. */ if (!req->session->flags[NE_SESSFLAG_PERSIST] || !req->can_persist) ne_close_connection(req->session); else req->session->persisted = 1; return ret; } int ne_read_response_to_fd(ne_request *req, int fd) { ssize_t len; while ((len = ne_read_response_block(req, req->respbuf, sizeof req->respbuf)) > 0) { const char *block = req->respbuf; do { ssize_t ret = write(fd, block, len); if (ret == -1 && errno == EINTR) { continue; } else if (ret < 0) { char err[200]; ne_strerror(errno, err, sizeof err); ne_set_error(ne_get_session(req), _("Could not write to file: %s"), err); return NE_ERROR; } else { len -= ret; block += ret; } } while (len > 0); } return len == 0 ? NE_OK : NE_ERROR; } int ne_discard_response(ne_request *req) { ssize_t len; do { len = ne_read_response_block(req, req->respbuf, sizeof req->respbuf); } while (len > 0); return len == 0 ? NE_OK : NE_ERROR; } int ne_request_dispatch(ne_request *req) { int ret; do { ret = ne_begin_request(req); if (ret == NE_OK) ret = ne_discard_response(req); if (ret == NE_OK) ret = ne_end_request(req); } while (ret == NE_RETRY); NE_DEBUG(NE_DBG_HTTP | NE_DBG_FLUSH, "Request ends, status %d class %dxx, error line:\n%s\n", req->status.code, req->status.klass, req->session->error); return ret; } const ne_status *ne_get_status(const ne_request *req) { return &req->status; } ne_session *ne_get_session(const ne_request *req) { return req->session; } #ifdef NE_HAVE_SSL /* Create a CONNECT tunnel through the proxy server. * Returns HTTP_* */ static int proxy_tunnel(ne_session *sess) { /* Hack up an HTTP CONNECT request... */ ne_request *req; int ret = NE_OK; char ruri[200]; /* Can't use server.hostport here; Request-URI must include `:port' */ ne_snprintf(ruri, sizeof ruri, "%s:%u", sess->server.hostname, sess->server.port); req = ne_request_create(sess, "CONNECT", ruri); sess->in_connect = 1; ret = ne_request_dispatch(req); sess->in_connect = 0; sess->persisted = 0; /* don't treat this is a persistent connection. */ if (ret != NE_OK || !sess->connected || req->status.klass != 2) { char *err = ne_strdup(sess->error); ne_set_error(sess, _("Could not create SSL connection " "through proxy server: %s"), err); ne_free(err); if (ret == NE_OK) ret = NE_ERROR; } ne_request_destroy(req); return ret; } #endif /* Return the first resolved address for the given host. */ static const ne_inet_addr *resolve_first(struct host_info *host) { return host->network ? host->network : ne_addr_first(host->address); } /* Return the next resolved address for the given host or NULL if * there are no more addresses. */ static const ne_inet_addr *resolve_next(struct host_info *host) { return host->network ? NULL : ne_addr_next(host->address); } /* Make new TCP connection to server at 'host' of type 'name'. Note * that once a connection to a particular network address has * succeeded, that address will be used first for the next attempt to * connect. */ static int do_connect(ne_session *sess, struct host_info *host) { int ret; /* Resolve hostname if necessary. */ if (host->address == NULL && host->network == NULL) { ret = lookup_host(sess, host); if (ret) return ret; } if ((sess->socket = ne_sock_create()) == NULL) { ne_set_error(sess, _("Could not create socket")); return NE_ERROR; } if (sess->cotimeout) ne_sock_connect_timeout(sess->socket, sess->cotimeout); if (sess->local_addr) ne_sock_prebind(sess->socket, sess->local_addr, 0); if (host->current == NULL) host->current = resolve_first(host); sess->status.ci.hostname = host->hostname; do { sess->status.ci.address = host->current; notify_status(sess, ne_status_connecting); #ifdef NE_DEBUGGING if (ne_debug_mask & NE_DBG_HTTP) { char buf[150]; NE_DEBUG(NE_DBG_HTTP, "req: Connecting to %s:%u\n", ne_iaddr_print(host->current, buf, sizeof buf), host->port); } #endif ret = ne_sock_connect(sess->socket, host->current, host->port); } while (ret && /* try the next address... */ (host->current = resolve_next(host)) != NULL); if (ret) { const char *msg; if (host->proxy == PROXY_NONE) msg = _("Could not connect to server"); else msg = _("Could not connect to proxy server"); ne_set_error(sess, "%s: %s", msg, ne_sock_error(sess->socket)); ne_sock_close(sess->socket); return ret == NE_SOCK_TIMEOUT ? NE_TIMEOUT : NE_CONNECT; } if (sess->rdtimeout) ne_sock_read_timeout(sess->socket, sess->rdtimeout); notify_status(sess, ne_status_connected); sess->nexthop = host; sess->connected = 1; /* clear persistent connection flag. */ sess->persisted = 0; return NE_OK; } /* For a SOCKSv4 proxy only, the IP address of the origin server (in * addition to the proxy) must be known, and must be an IPv4 address. * Returns NE_*; connection closed and error string set on error. */ static int socks_origin_lookup(ne_session *sess) { const ne_inet_addr *ia; int ret; ret = lookup_host(sess, &sess->server); if (ret) { /* lookup_host already set the error string. */ ne_close_connection(sess); return ret; } /* Find the first IPv4 address available for the server. */ for (ia = ne_addr_first(sess->server.address); ia && ne_iaddr_typeof(ia) == ne_iaddr_ipv6; ia = ne_addr_next(sess->server.address)) { /* noop */ } /* ... if any */ if (ia == NULL) { ne_set_error(sess, _("Could not find IPv4 address of " "hostname %s for SOCKS v4 proxy"), sess->server.hostname); ne_close_connection(sess); return NE_LOOKUP; } sess->server.current = ia; return ret; } static int open_connection(ne_session *sess) { int ret; if (sess->connected) return NE_OK; if (!sess->proxies) { ret = do_connect(sess, &sess->server); if (ret) { sess->nexthop = NULL; return ret; } } else { struct host_info *hi; /* Attempt to re-use proxy to avoid iterating through * unnecessarily. */ if (sess->prev_proxy) ret = do_connect(sess, sess->prev_proxy); else ret = NE_ERROR; /* Otherwise, try everything - but omitting prev_proxy if that * has already been tried. */ for (hi = sess->proxies; hi && ret; hi = hi->next) { if (hi != sess->prev_proxy) ret = do_connect(sess, hi); } if (ret == NE_OK && sess->nexthop->proxy == PROXY_SOCKS) { /* Special-case for SOCKS v4 proxies, which require the * client to resolve the origin server IP address. */ if (sess->socks_ver == NE_SOCK_SOCKSV4) { ret = socks_origin_lookup(sess); } if (ret == NE_OK) { /* Perform the SOCKS handshake, instructing the proxy * to set up the connection to the origin server. */ ret = ne_sock_proxy(sess->socket, sess->socks_ver, sess->server.current, sess->server.hostname, sess->server.port, sess->socks_user, sess->socks_password); if (ret) { ne_set_error(sess, _("Could not establish connection from " "SOCKS proxy (%s:%u): %s"), sess->nexthop->hostname, sess->nexthop->port, ne_sock_error(sess->socket)); ne_close_connection(sess); ret = NE_ERROR; } } } if (ret != NE_OK) { sess->nexthop = NULL; sess->prev_proxy = NULL; return ret; } /* Success - make this proxy stick. */ sess->prev_proxy = hi; } #ifdef NE_HAVE_SSL /* Negotiate SSL layer if required. */ if (sess->use_ssl && !sess->in_connect) { /* Set up CONNECT tunnel if using an HTTP proxy. */ if (sess->nexthop->proxy == PROXY_HTTP) ret = proxy_tunnel(sess); if (ret == NE_OK) { ret = ne__negotiate_ssl(sess); if (ret != NE_OK) ne_close_connection(sess); } } #endif return ret; } neon-0.32.2/src/ne_request.h000066400000000000000000000344731416727304000156660ustar00rootroot00000000000000/* HTTP Request Handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_REQUEST_H #define NE_REQUEST_H #include "ne_utils.h" /* For ne_status */ #include "ne_string.h" /* For ne_buffer */ #include "ne_session.h" NE_BEGIN_DECLS #define NE_OK (0) /* Success */ #define NE_ERROR (1) /* Generic error; use ne_get_error(session) for message */ #define NE_LOOKUP (2) /* Server or proxy hostname lookup failed */ #define NE_AUTH (3) /* User authentication failed on server */ #define NE_PROXYAUTH (4) /* User authentication failed on proxy */ #define NE_CONNECT (5) /* Could not connect to server */ #define NE_TIMEOUT (6) /* Connection timed out */ #define NE_FAILED (7) /* The precondition failed */ #define NE_RETRY (8) /* Retry request (ne_end_request ONLY) */ #define NE_REDIRECT (9) /* See ne_redirect.h */ /* Opaque object representing a single HTTP request. */ typedef struct ne_request_s ne_request; /***** Request Handling *****/ /* Create a request in session 'sess', with given method and path. * 'path' must conform to the 'abs_path' grammar in RFC2396, with an * optional "? query" part, and MUST be URI-escaped by the caller. */ ne_request *ne_request_create(ne_session *sess, const char *method, const char *path) ne_attribute((nonnull)); /* The request body will be taken from 'size' bytes of 'buffer'. */ void ne_set_request_body_buffer(ne_request *req, const char *buffer, size_t size) ne_attribute((nonnull)); /* The request body will be taken from 'length' bytes read from the * file descriptor 'fd', starting from file offset 'offset'. */ void ne_set_request_body_fd(ne_request *req, int fd, ne_off_t offset, ne_off_t length) ne_attribute((nonnull)); /* "Pull"-based request body provider: a callback which is invoked to * provide blocks of request body on demand. * * Before each time the body is provided, the callback will be called * once with buflen == 0. The body may have to be provided >1 time * per request (for authentication retries etc.). * * For a call with buflen == 0, the callback must return zero on success * or non-zero on error; the session error string must be set on error. * For a call with buflen > 0, the callback must return: * <0 : error, abort request; session error string must be set. * 0 : ignore 'buffer' contents, end of body. * 0 < x <= buflen : buffer contains x bytes of body data. */ typedef ssize_t (*ne_provide_body)(void *userdata, char *buffer, size_t buflen); /* Install a callback which is invoked as needed to provide the * request body, a block at a time. The total size of the request * body is 'length'; the callback must ensure that it returns no more * than 'length' bytes in total. If 'length' is set to -1, then the * total size of the request is unknown by the caller and chunked * transfer will be used. */ void ne_set_request_body_provider(ne_request *req, ne_off_t length, ne_provide_body provider, void *userdata) ne_attribute((nonnull (1))); /* Handling response bodies; two callbacks must be provided: * * 1) 'acceptance' callback: determines whether you want to handle the * response body given the response-status information, e.g., if you * only want 2xx responses, say so here. * * 2) 'reader' callback: passed blocks of the response-body as they * arrive, if the acceptance callback returned non-zero. */ /* 'acceptance' callback type. Return non-zero to accept the response, * else zero to ignore it. */ typedef int (*ne_accept_response)(void *userdata, ne_request *req, const ne_status *st); /* An 'acceptance' callback which only accepts 2xx-class responses. * Ignores userdata. */ int ne_accept_2xx(void *userdata, ne_request *req, const ne_status *st); /* An acceptance callback which accepts all responses. Ignores * userdata. */ int ne_accept_always(void *userdata, ne_request *req, const ne_status *st); /* Callback for reading a block of data. Returns zero on success, or * non-zero on error. If returning an error, the response will be * aborted and the callback will not be invoked again. The request * dispatch (or ne_read_response_block call) will fail with NE_ERROR; * the session error string should have been set by the callback. */ typedef int (*ne_block_reader)(void *userdata, const char *buf, size_t len); /* Add a response reader for the given request, with the given * acceptance function. userdata is passed as the first argument to * the acceptance + reader callbacks. * * The acceptance callback is called once each time the request is * sent: it may be sent >1 time because of authentication retries etc. * For each time the acceptance callback is called, if it returns * non-zero, blocks of the response body will be passed to the reader * callback as the response is read. After all the response body has * been read, the callback will be called with a 'len' argument of * zero. */ void ne_add_response_body_reader(ne_request *req, ne_accept_response accpt, ne_block_reader reader, void *userdata); /* Retrieve the value of the response header field with given name; * returns NULL if no response header with given name was found. The * return value is valid only until the next call to either * ne_request_destroy or ne_begin_request for this request. */ const char *ne_get_response_header(ne_request *req, const char *name); /* Iterator interface for response headers: if passed a NULL cursor, * returns the first header; if passed a non-NULL cursor pointer, * returns the next header. The return value is a cursor pointer: if * it is non-NULL, *name and *value are set to the name and value of * the header field. If the return value is NULL, no more headers are * found, *name and *value are undefined. * * The order in which response headers is returned is undefined. Both * the cursor and name/value pointers are valid only until the next * call to either ne_request_destroy or ne_begin_request for this * request. */ void *ne_response_header_iterate(ne_request *req, void *cursor, const char **name, const char **value); /* Adds a header to the request with given name and value. */ void ne_add_request_header(ne_request *req, const char *name, const char *value); /* Adds a header to the request with given name, using printf-like * format arguments for the value. */ void ne_print_request_header(ne_request *req, const char *name, const char *format, ...) ne_attribute((format(printf, 3, 4))); /* ne_request_dispatch: Sends the given request, and reads the * response. Returns: * - NE_OK if the request was sent and response read successfully * - NE_AUTH, NE_PROXYAUTH for a server or proxy server authentication error * - NE_CONNECT if connection could not be established * - NE_TIMEOUT if an timeout occurred sending or reading from the server * - NE_ERROR for other fatal dispatch errors * On any error, the session error string is set. On success or * authentication error, the actual response-status can be retrieved using * ne_get_status(). */ int ne_request_dispatch(ne_request *req); /* Returns a pointer to the response status information for the given * request; pointer is valid until request object is destroyed. */ const ne_status *ne_get_status(const ne_request *req) ne_attribute((const)); /* Returns pointer to session associated with request. */ ne_session *ne_get_session(const ne_request *req) ne_attribute((const)); /* Destroy memory associated with request pointer */ void ne_request_destroy(ne_request *req); /* "Caller-pulls" request interface. This is an ALTERNATIVE interface * to ne_request_dispatch: either use that, or do all this yourself: * * caller must call: * 1. ne_begin_request (fail if returns non-NE_OK) * 2. while(ne_read_response_block(...) > 0) ... loop ...; * (fail if ne_read_response_block returns <0) * 3. ne_end_request * * ne_end_request and ne_begin_request both return an NE_* code; if * ne_end_request returns NE_RETRY, you must restart the loop from (1) * above. */ int ne_begin_request(ne_request *req); int ne_end_request(ne_request *req); /* Read a block of the response into the passed buffer of size 'buflen'. * * Returns: * <0 - error, stop reading. * 0 - end of response * >0 - number of bytes read into buffer. */ ssize_t ne_read_response_block(ne_request *req, char *buffer, size_t buflen); /* Read response blocks until end of response; exactly equivalent to * calling ne_read_response_block() until it returns 0. Returns * non-zero on error. */ int ne_discard_response(ne_request *req); /* Read response blocks until end of response, writing content to the * given file descriptor. Returns NE_ERROR on error. */ int ne_read_response_to_fd(ne_request *req, int fd); /* Defined request flags: */ typedef enum ne_request_flag_e { NE_REQFLAG_EXPECT100 = 0, /* enable this flag to enable use of the * "Expect: 100-continue" for the * request. */ NE_REQFLAG_IDEMPOTENT, /* disable this flag if the request uses a * non-idempotent method such as POST. */ NE_REQFLAG_LAST /* enum sentinel value */ } ne_request_flag; /* Set a new value for a particular request flag. */ void ne_set_request_flag(ne_request *req, ne_request_flag flag, int value); /* Return 0 if the given flag is not set, >0 it is set, or -1 if the * flag is not supported. */ int ne_get_request_flag(ne_request *req, ne_request_flag flag); /**** Request hooks handling *****/ typedef void (*ne_free_hooks)(void *cookie); /* Hook called when a request is created; passed the method and * request-target as used in the request-line (RFC7230§5.3). The * create_request hook is called exactly once per request. */ typedef void (*ne_create_request_fn)(ne_request *req, void *userdata, const char *method, const char *target); void ne_hook_create_request(ne_session *sess, ne_create_request_fn fn, void *userdata); /* Hook called before the request is sent. 'header' is the raw HTTP * header before the trailing CRLF is added; more headers can be added * here. A pre_send hook may be called >1 time per request if the * request is retried due to a post_send hook returning NE_RETRY. */ typedef void (*ne_pre_send_fn)(ne_request *req, void *userdata, ne_buffer *header); void ne_hook_pre_send(ne_session *sess, ne_pre_send_fn fn, void *userdata); /* Hook called directly after the response headers have been read, but * before the resposnse body has been read. 'status' is the response * status-code. A post_header hook may be called >1 time per request * if the request is retried due to a post_send hook returning * NE_RETRY. */ typedef void (*ne_post_headers_fn)(ne_request *req, void *userdata, const ne_status *status); void ne_hook_post_headers(ne_session *sess, ne_post_headers_fn fn, void *userdata); /* Hook called after the request is dispatched (request sent, and * the entire response read). If an error occurred reading the response, * this hook will not run. May return: * NE_OK everything is okay * NE_RETRY try sending the request again. * anything else signifies an error, and the request is failed. The return * code is passed back the _dispatch caller, so the session error must * also be set appropriately (ne_set_error). */ typedef int (*ne_post_send_fn)(ne_request *req, void *userdata, const ne_status *status); void ne_hook_post_send(ne_session *sess, ne_post_send_fn fn, void *userdata); /* Hook called when the function is destroyed. */ typedef void (*ne_destroy_req_fn)(ne_request *req, void *userdata); void ne_hook_destroy_request(ne_session *sess, ne_destroy_req_fn fn, void *userdata); typedef void (*ne_destroy_sess_fn)(void *userdata); /* Hook called when the session is about to be destroyed. */ void ne_hook_destroy_session(ne_session *sess, ne_destroy_sess_fn fn, void *userdata); typedef void (*ne_close_conn_fn)(void *userdata); /* Hook called when the connection is closed; note that this hook * may be called *AFTER* the destroy_session hook. */ void ne_hook_close_conn(ne_session *sess, ne_close_conn_fn fn, void *userdata); /* The ne_unhook_* functions remove a hook registered with the given * session. If a hook is found which was registered with a given * function 'fn', and userdata pointer 'userdata', then it will be * removed from the hooks list. * * It is unsafe to use any of these functions from a hook function to * unregister itself, except for ne_unhook_destroy_request. */ void ne_unhook_create_request(ne_session *sess, ne_create_request_fn fn, void *userdata); void ne_unhook_pre_send(ne_session *sess, ne_pre_send_fn fn, void *userdata); void ne_unhook_post_headers(ne_session *sess, ne_post_headers_fn fn, void *userdata); void ne_unhook_post_send(ne_session *sess, ne_post_send_fn fn, void *userdata); void ne_unhook_destroy_request(ne_session *sess, ne_destroy_req_fn fn, void *userdata); void ne_unhook_destroy_session(ne_session *sess, ne_destroy_sess_fn fn, void *userdata); void ne_unhook_close_conn(ne_session *sess, ne_close_conn_fn fn, void *userdata); /* Store an opaque context for the request, 'priv' is returned by a * call to ne_request_get_private with the same ID. */ void ne_set_request_private(ne_request *req, const char *id, void *priv); void *ne_get_request_private(ne_request *req, const char *id); NE_END_DECLS #endif /* NE_REQUEST_H */ neon-0.32.2/src/ne_session.c000066400000000000000000000471271416727304000156540ustar00rootroot00000000000000/* HTTP session handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_LIBPROXY #include #endif #include "ne_session.h" #include "ne_alloc.h" #include "ne_utils.h" #include "ne_internal.h" #include "ne_string.h" #include "ne_dates.h" #include "ne_private.h" /* Destroy a a list of hooks. */ static void destroy_hooks(struct hook *hooks) { struct hook *nexthk; while (hooks) { nexthk = hooks->next; ne_free(hooks); hooks = nexthk; } } static void free_hostinfo(struct host_info *hi) { if (hi->hostname) ne_free(hi->hostname); if (hi->hostport) ne_free(hi->hostport); if (hi->address) ne_addr_destroy(hi->address); } /* Destroy the sess->proxies array. */ static void free_proxies(ne_session *sess) { struct host_info *hi, *nexthi; for (hi = sess->proxies; hi; hi = nexthi) { nexthi = hi->next; free_hostinfo(hi); ne_free(hi); } sess->proxies = NULL; sess->any_proxy_http = 0; } void ne_session_destroy(ne_session *sess) { struct hook *hk; NE_DEBUG(NE_DBG_HTTP, "sess: Destroying session.\n"); /* Run the destroy hooks. */ for (hk = sess->destroy_sess_hooks; hk != NULL; hk = hk->next) { ne_destroy_sess_fn fn = (ne_destroy_sess_fn)hk->fn; fn(hk->userdata); } /* Close the connection; note that the notifier callback could * still be invoked here. */ if (sess->connected) { ne_close_connection(sess); } destroy_hooks(sess->create_req_hooks); destroy_hooks(sess->pre_send_hooks); destroy_hooks(sess->post_headers_hooks); destroy_hooks(sess->post_send_hooks); destroy_hooks(sess->destroy_req_hooks); destroy_hooks(sess->destroy_sess_hooks); destroy_hooks(sess->close_conn_hooks); destroy_hooks(sess->private); ne_free(sess->scheme); free_hostinfo(&sess->server); free_proxies(sess); if (sess->user_agent) ne_free(sess->user_agent); if (sess->socks_user) ne_free(sess->socks_user); if (sess->socks_password) ne_free(sess->socks_password); #ifdef NE_HAVE_SSL if (sess->ssl_context) ne_ssl_context_destroy(sess->ssl_context); if (sess->server_cert) ne_ssl_cert_free(sess->server_cert); if (sess->client_cert) ne_ssl_clicert_free(sess->client_cert); #endif ne_free(sess); } int ne_version_pre_http11(ne_session *s) { return !s->is_http11; } /* Stores the "hostname[:port]" segment */ static void set_hostport(struct host_info *host, unsigned int defaultport) { size_t len = strlen(host->hostname); host->hostport = ne_malloc(len + 10); strcpy(host->hostport, host->hostname); if (host->port != defaultport) ne_snprintf(host->hostport + len, 9, ":%u", host->port); } /* Stores the hostname/port in *info, setting up the "hostport" * segment correctly. */ static void set_hostinfo(struct host_info *hi, enum proxy_type type, const char *hostname, unsigned int port) { hi->hostname = ne_strdup(hostname); hi->port = port; hi->proxy = type; } ne_session *ne_session_create(const char *scheme, const char *hostname, unsigned int port) { ne_session *sess = ne_calloc(sizeof *sess); NE_DEBUG(NE_DBG_HTTP, "HTTP session to %s://%s:%d begins.\n", scheme, hostname, port); strcpy(sess->error, "Unknown error."); /* use SSL if scheme is https */ sess->use_ssl = !strcmp(scheme, "https"); /* set the hostname/port */ set_hostinfo(&sess->server, PROXY_NONE, hostname, port); set_hostport(&sess->server, sess->use_ssl?443:80); #ifdef NE_HAVE_SSL if (sess->use_ssl) { ne_inet_addr *ia; sess->ssl_context = ne_ssl_context_create(0); sess->flags[NE_SESSFLAG_SSLv2] = 1; /* If the hostname parses as an IP address, don't * enable SNI by default. */ ia = ne_iaddr_parse(hostname, ne_iaddr_ipv4); if (ia == NULL) ia = ne_iaddr_parse(hostname, ne_iaddr_ipv6); if (ia) { ne_iaddr_free(ia); } else { sess->flags[NE_SESSFLAG_TLS_SNI] = 1; } NE_DEBUG(NE_DBG_SSL, "ssl: SNI %s by default.\n", sess->flags[NE_SESSFLAG_TLS_SNI] ? "enabled" : "disabled"); } #endif sess->scheme = ne_strdup(scheme); /* Set flags which default to on: */ sess->flags[NE_SESSFLAG_PERSIST] = 1; return sess; } void ne_session_proxy(ne_session *sess, const char *hostname, unsigned int port) { free_proxies(sess); sess->proxies = ne_calloc(sizeof *sess->proxies); sess->any_proxy_http = 1; set_hostinfo(sess->proxies, PROXY_HTTP, hostname, port); } void ne_session_socks_proxy(ne_session *sess, enum ne_sock_sversion vers, const char *hostname, unsigned int port, const char *username, const char *password) { free_proxies(sess); sess->proxies = ne_calloc(sizeof *sess->proxies); set_hostinfo(sess->proxies, PROXY_SOCKS, hostname, port); sess->socks_ver = vers; if (username) sess->socks_user = ne_strdup(username); if (password) sess->socks_password = ne_strdup(password); } void ne_session_system_proxy(ne_session *sess, unsigned int flags) { #ifdef HAVE_LIBPROXY pxProxyFactory *pxf = px_proxy_factory_new(); struct host_info *hi, **lasthi; char *url, **proxies; ne_uri uri; unsigned n; free_proxies(sess); /* Create URI for session to pass off to libproxy */ memset(&uri, 0, sizeof uri); ne_fill_server_uri(sess, &uri); uri.path = "/"; /* make valid URI structure. */ url = ne_uri_unparse(&uri); uri.path = NULL; /* Get list of pseudo-URIs from libproxy: */ proxies = px_proxy_factory_get_proxies(pxf, url); for (n = 0, lasthi = &sess->proxies; proxies[n]; n++) { enum proxy_type ptype; ne_uri_free(&uri); NE_DEBUG(NE_DBG_HTTP, "sess: libproxy #%u=%s\n", n, proxies[n]); if (ne_uri_parse(proxies[n], &uri)) continue; if (!uri.scheme) continue; if (ne_strcasecmp(uri.scheme, "http") == 0) ptype = PROXY_HTTP; else if (ne_strcasecmp(uri.scheme, "socks") == 0) ptype = PROXY_SOCKS; else if (ne_strcasecmp(uri.scheme, "direct") == 0) ptype = PROXY_NONE; else continue; /* Hostname/port required for http/socks schemes. */ if (ptype != PROXY_NONE && !(uri.host && uri.port)) continue; /* Do nothing if libproxy returned only a single "direct://" * entry -- a single "direct" (noop) proxy is equivalent to * having none. */ if (n == 0 && proxies[1] == NULL && ptype == PROXY_NONE) break; NE_DEBUG(NE_DBG_HTTP, "sess: Got proxy %s://%s:%d\n", uri.scheme, uri.host ? uri.host : "(none)", uri.port); hi = *lasthi = ne_calloc(sizeof *hi); if (ptype == PROXY_NONE) { /* A "direct" URI requires an attempt to connect directly to * the origin server, so dup the server details. */ set_hostinfo(hi, ptype, sess->server.hostname, sess->server.port); } else { /* SOCKS/HTTP proxy. */ set_hostinfo(hi, ptype, uri.host, uri.port); if (ptype == PROXY_HTTP) sess->any_proxy_http = 1; else if (ptype == PROXY_SOCKS) sess->socks_ver = NE_SOCK_SOCKSV5; } lasthi = &hi->next; } /* Free up the proxies array: */ for (n = 0; proxies[n]; n++) free(proxies[n]); free(proxies[n]); ne_free(url); ne_uri_free(&uri); px_proxy_factory_free(pxf); #endif } void ne_set_addrlist2(ne_session *sess, unsigned int port, const ne_inet_addr **addrs, size_t n) { struct host_info *hi, **lasthi; size_t i; free_proxies(sess); lasthi = &sess->proxies; for (i = 0; i < n; i++) { *lasthi = hi = ne_calloc(sizeof *hi); hi->proxy = PROXY_NONE; hi->network = addrs[i]; hi->port = port; lasthi = &hi->next; } } void ne_set_addrlist(ne_session *sess, const ne_inet_addr **addrs, size_t n) { ne_set_addrlist2(sess, sess->server.port, addrs, n); } void ne_set_localaddr(ne_session *sess, const ne_inet_addr *addr) { sess->local_addr = addr; } void ne_set_error(ne_session *sess, const char *format, ...) { va_list params; va_start(params, format); ne_vsnprintf(sess->error, sizeof sess->error, format, params); va_end(params); } void ne_set_session_flag(ne_session *sess, ne_session_flag flag, int value) { if (flag < NE_SESSFLAG_LAST) { sess->flags[flag] = value; #ifdef NE_HAVE_SSL if (flag == NE_SESSFLAG_SSLv2 && sess->ssl_context) { ne_ssl_context_set_flag(sess->ssl_context, NE_SSL_CTX_SSLv2, value); sess->flags[flag] = ne_ssl_context_get_flag(sess->ssl_context, NE_SSL_CTX_SSLv2); } #endif } } int ne_get_session_flag(ne_session *sess, ne_session_flag flag) { if (flag < NE_SESSFLAG_LAST) { return sess->flags[flag]; } return -1; } static void progress_notifier(void *userdata, ne_session_status status, const ne_session_status_info *info) { ne_session *sess = userdata; if (status == ne_status_sending || status == ne_status_recving) { sess->progress_cb(sess->progress_ud, info->sr.progress, info->sr.total); } } void ne_set_progress(ne_session *sess, ne_progress progress, void *userdata) { if (progress) { sess->progress_cb = progress; sess->progress_ud = userdata; ne_set_notifier(sess, progress_notifier, sess); } else { ne_set_notifier(sess, NULL, NULL); } } void ne_set_notifier(ne_session *sess, ne_notify_status status, void *userdata) { sess->notify_cb = status; sess->notify_ud = userdata; } void ne_set_read_timeout(ne_session *sess, int timeout) { sess->rdtimeout = timeout; } void ne_set_connect_timeout(ne_session *sess, int timeout) { sess->cotimeout = timeout; } #define UAHDR "User-Agent: " #define AGENT " neon/" NEON_VERSION "\r\n" void ne_set_useragent(ne_session *sess, const char *token) { if (sess->user_agent) ne_free(sess->user_agent); sess->user_agent = ne_malloc(strlen(UAHDR) + strlen(AGENT) + strlen(token) + 1); #ifdef HAVE_STPCPY strcpy(stpcpy(stpcpy(sess->user_agent, UAHDR), token), AGENT); #else strcat(strcat(strcpy(sess->user_agent, UAHDR), token), AGENT); #endif } const char *ne_get_server_hostport(ne_session *sess) { return sess->server.hostport; } const char *ne_get_scheme(ne_session *sess) { return sess->scheme; } void ne_fill_server_uri(ne_session *sess, ne_uri *uri) { uri->host = ne_strdup(sess->server.hostname); uri->port = sess->server.port; uri->scheme = ne_strdup(sess->scheme); } void ne_fill_proxy_uri(ne_session *sess, ne_uri *uri) { if (sess->proxies) { struct host_info *hi = sess->nexthop ? sess->nexthop : sess->proxies; if (hi->proxy == PROXY_HTTP) { uri->host = ne_strdup(hi->hostname); uri->port = hi->port; } } } const char *ne_get_error(ne_session *sess) { return sess->error; } void ne_close_connection(ne_session *sess) { if (sess->connected) { struct hook *hk; NE_DEBUG(NE_DBG_SOCKET, "sess: Closing connection.\n"); if (sess->notify_cb) { sess->status.cd.hostname = sess->nexthop->hostname; sess->notify_cb(sess->notify_ud, ne_status_disconnected, &sess->status); } /* Run the close_conn hooks. */ for (hk = sess->close_conn_hooks; hk != NULL; hk = hk->next) { ne_close_conn_fn fn = (ne_close_conn_fn)hk->fn; fn(hk->userdata); } ne_sock_close(sess->socket); sess->socket = NULL; NE_DEBUG(NE_DBG_SOCKET, "sess: Connection closed.\n"); } else { NE_DEBUG(NE_DBG_SOCKET, "sess: Not closing closed connection.\n"); } sess->connected = 0; } void ne_ssl_set_verify(ne_session *sess, ne_ssl_verify_fn fn, void *userdata) { sess->ssl_verify_fn = fn; sess->ssl_verify_ud = userdata; } void ne_ssl_provide_clicert(ne_session *sess, ne_ssl_provide_fn fn, void *userdata) { sess->ssl_provide_fn = fn; sess->ssl_provide_ud = userdata; } void ne_ssl_trust_cert(ne_session *sess, const ne_ssl_certificate *cert) { #ifdef NE_HAVE_SSL if (sess->ssl_context) { ne_ssl_context_trustcert(sess->ssl_context, cert); } #endif } void ne_ssl_cert_validity(const ne_ssl_certificate *cert, char *from, char *until) { #ifdef NE_HAVE_SSL time_t tf, tu; char *date; ne_ssl_cert_validity_time(cert, &tf, &tu); if (from) { if (tf != (time_t) -1) { date = ne_rfc1123_date(tf); ne_strnzcpy(from, date, NE_SSL_VDATELEN); ne_free(date); } else { ne_strnzcpy(from, _("[invalid date]"), NE_SSL_VDATELEN); } } if (until) { if (tu != (time_t) -1) { date = ne_rfc1123_date(tu); ne_strnzcpy(until, date, NE_SSL_VDATELEN); ne_free(date); } else { ne_strnzcpy(until, _("[invalid date]"), NE_SSL_VDATELEN); } } #endif } #ifdef NE_HAVE_SSL void ne__ssl_set_verify_err(ne_session *sess, int failures) { static const struct { int bit; const char *str; } reasons[] = { { NE_SSL_NOTYETVALID, N_("certificate is not yet valid") }, { NE_SSL_EXPIRED, N_("certificate has expired") }, { NE_SSL_IDMISMATCH, N_("certificate issued for a different hostname") }, { NE_SSL_UNTRUSTED, N_("issuer is not trusted") }, { NE_SSL_BADCHAIN, N_("bad certificate chain") }, { NE_SSL_REVOKED, N_("certificate has been revoked") }, { 0, NULL } }; int n, flag = 0; ne_strnzcpy(sess->error, _("Server certificate verification failed: "), sizeof sess->error); for (n = 0; reasons[n].bit; n++) { if (failures & reasons[n].bit) { if (flag) strncat(sess->error, ", ", sizeof sess->error - 1); strncat(sess->error, _(reasons[n].str), sizeof sess->error - 1); flag = 1; } } } /* This doesn't actually implement complete RFC 2818 logic; omits * "f*.example.com" support for simplicity. */ int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname) { const char *dot; NE_DEBUG(NE_DBG_SSL, "ssl: Match common name '%s' against '%s'\n", cn, hostname); if (strncmp(cn, "*.", 2) == 0 && cnlen > 2 && (dot = strchr(hostname, '.')) != NULL) { ne_inet_addr *ia; /* Prevent wildcard CN matches against anything which can be * parsed as an IP address (i.e. a CN of "*.1.1.1" should not * be match 8.1.1.1). draft-saintandre-tls-server-id-check * will require some more significant changes to cert ID * verification which will probably obviate this check, but * this is a desirable policy tightening in the mean time. */ ia = ne_iaddr_parse(hostname, ne_iaddr_ipv4); if (ia == NULL) ia = ne_iaddr_parse(hostname, ne_iaddr_ipv6); if (ia) { NE_DEBUG(NE_DBG_SSL, "ssl: Denying wildcard match for numeric " "IP address.\n"); ne_iaddr_free(ia); return 0; } hostname = dot + 1; cn += 2; cnlen -= 2; } return cnlen == strlen(hostname) && !ne_strcasecmp(cn, hostname); } #endif /* NE_HAVE_SSL */ typedef void (*void_fn)(void); #define ADD_HOOK(hooks, fn, ud) add_hook(&(hooks), NULL, (void_fn)(fn), (ud)) static void add_hook(struct hook **hooks, const char *id, void_fn fn, void *ud) { struct hook *hk = ne_malloc(sizeof (struct hook)), *pos; if (*hooks != NULL) { for (pos = *hooks; pos->next != NULL; pos = pos->next) /* nullop */; pos->next = hk; } else { *hooks = hk; } hk->id = id; hk->fn = fn; hk->userdata = ud; hk->next = NULL; } void ne_hook_create_request(ne_session *sess, ne_create_request_fn fn, void *userdata) { ADD_HOOK(sess->create_req_hooks, fn, userdata); } void ne_hook_pre_send(ne_session *sess, ne_pre_send_fn fn, void *userdata) { ADD_HOOK(sess->pre_send_hooks, fn, userdata); } void ne_hook_post_send(ne_session *sess, ne_post_send_fn fn, void *userdata) { ADD_HOOK(sess->post_send_hooks, fn, userdata); } void ne_hook_post_headers(ne_session *sess, ne_post_headers_fn fn, void *userdata) { ADD_HOOK(sess->post_headers_hooks, fn, userdata); } void ne_hook_destroy_request(ne_session *sess, ne_destroy_req_fn fn, void *userdata) { ADD_HOOK(sess->destroy_req_hooks, fn, userdata); } void ne_hook_destroy_session(ne_session *sess, ne_destroy_sess_fn fn, void *userdata) { ADD_HOOK(sess->destroy_sess_hooks, fn, userdata); } void ne_hook_close_conn(ne_session *sess, ne_close_conn_fn fn, void *userdata) { ADD_HOOK(sess->close_conn_hooks, fn, userdata); } void ne_set_session_private(ne_session *sess, const char *id, void *userdata) { add_hook(&sess->private, id, NULL, userdata); } static void remove_hook(struct hook **hooks, void_fn fn, void *ud) { struct hook **p = hooks; while (*p) { if ((*p)->fn == fn && (*p)->userdata == ud) { struct hook *next = (*p)->next; ne_free(*p); (*p) = next; break; } p = &(*p)->next; } } #define REMOVE_HOOK(hooks, fn, ud) remove_hook(&hooks, (void_fn)fn, ud) void ne_unhook_create_request(ne_session *sess, ne_create_request_fn fn, void *userdata) { REMOVE_HOOK(sess->create_req_hooks, fn, userdata); } void ne_unhook_pre_send(ne_session *sess, ne_pre_send_fn fn, void *userdata) { REMOVE_HOOK(sess->pre_send_hooks, fn, userdata); } void ne_unhook_post_headers(ne_session *sess, ne_post_headers_fn fn, void *userdata) { REMOVE_HOOK(sess->post_headers_hooks, fn, userdata); } void ne_unhook_post_send(ne_session *sess, ne_post_send_fn fn, void *userdata) { REMOVE_HOOK(sess->post_send_hooks, fn, userdata); } void ne_unhook_destroy_request(ne_session *sess, ne_destroy_req_fn fn, void *userdata) { REMOVE_HOOK(sess->destroy_req_hooks, fn, userdata); } void ne_unhook_destroy_session(ne_session *sess, ne_destroy_sess_fn fn, void *userdata) { REMOVE_HOOK(sess->destroy_sess_hooks, fn, userdata); } void ne_unhook_close_conn(ne_session *sess, ne_close_conn_fn fn, void *userdata) { REMOVE_HOOK(sess->close_conn_hooks, fn, userdata); } neon-0.32.2/src/ne_session.h000066400000000000000000000365251416727304000156610ustar00rootroot00000000000000/* HTTP session handling Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_SESSION_H #define NE_SESSION_H 1 #include #include "ne_ssl.h" #include "ne_uri.h" /* for ne_uri */ #include "ne_defs.h" #include "ne_socket.h" NE_BEGIN_DECLS typedef struct ne_session_s ne_session; /* Create a session to the given server, using the given scheme. If * "https" is passed as the scheme, SSL will be used to connect to the * server. */ ne_session *ne_session_create(const char *scheme, const char *hostname, unsigned int port); /* Finish an HTTP session */ void ne_session_destroy(ne_session *sess); /* Prematurely force the connection to be closed for the given * session. */ void ne_close_connection(ne_session *sess); /* Configure an HTTP proxy server for the session. This function will * override (remove) any proxy servers previously configured, and must * be called before any requests are created using this session. */ void ne_session_proxy(ne_session *sess, const char *hostname, unsigned int port); /* Configure a SOCKS proxy server which will be used for the session. * The SOCKS protocol version 'vers' will be used to contact the * proxy at given 'hostname' and 'port'. * * If SOCKSv4 or v4a are used, username must be non-NULL. For v5, * username may be NULL, in which case, password is ignored. If * username is non-NULL, password must also be non-NULL. * * This function will override (remove) any proxy servers previously * configured, and must be called before any requests are created * using this session. */ void ne_session_socks_proxy(ne_session *sess, enum ne_sock_sversion vers, const char *hostname, unsigned int port, const char *username, const char *password); /* Configure use of proxy servers from any system-wide default sources * which are configured at build time. This function will override * (remove) any proxy servers previously configured, and must be * called before any requests are created using this session. The * 'flags' parameter must be zero. */ void ne_session_system_proxy(ne_session *sess, unsigned int flags); /* Defined session flags: */ typedef enum ne_session_flag_e { NE_SESSFLAG_PERSIST = 0, /* disable this flag to prevent use of * persistent connections. */ NE_SESSFLAG_ICYPROTO, /* enable this flag to enable support for * non-HTTP ShoutCast-style "ICY" responses. */ NE_SESSFLAG_SSLv2, /* disable this flag to disable support for * SSLv2, if supported by the SSL library. */ NE_SESSFLAG_RFC4918, /* enable this flag to enable support for * RFC4918-only WebDAV features; losing * backwards-compatibility with RFC2518 * servers. */ NE_SESSFLAG_CONNAUTH, /* enable this flag if an awful, broken, * RFC-violating, connection-based HTTP * authentication scheme is in use. */ NE_SESSFLAG_TLS_SNI, /* disable this flag to disable use of the * TLS Server Name Indication extension. */ NE_SESSFLAG_EXPECT100, /* enable this flag to enable the flag * NE_REQFLAG_EXPECT100 for new requests. */ NE_SESSFLAG_SHAREPOINT, /* this flag enables various workarounds * to improve interoperability with * SharePoint */ NE_SESSFLAG_LAST /* enum sentinel value */ } ne_session_flag; /* Set a new value for a particular session flag. */ void ne_set_session_flag(ne_session *sess, ne_session_flag flag, int value); /* Return 0 if the given flag is not set, >0 it is set, or -1 if the * flag is not supported. */ int ne_get_session_flag(ne_session *sess, ne_session_flag flag); /* Bypass the normal name resolution; force the use of specific set of * addresses for this session, addrs[0]...addrs[n-1]. The 'addrs' * array and pointed-to objects must remain valid until the session is * destroyed. This function will override (remove) any proxy servers * previously configured, and must be called before any requests are * created using this session. */ void ne_set_addrlist(ne_session *sess, const ne_inet_addr **addrs, size_t n); /* Bypass the normal name resolution; force the use of specific set of * addresses for this session, addrs[0]...addrs[n-1]. The 'addrs' * array and pointed-to objects must remain valid until the session is * destroyed. This function will override (remove) any proxy servers * previously configured, and must be called before any requests are * created using this session. Port number 'port' will be used * instead of the "real" session port, to connect to the proxy. */ void ne_set_addrlist2(ne_session *sess, unsigned int port, const ne_inet_addr **addrs, size_t n); /* Bind connections to the specified local address. If the address * determined for the remote host has a different family (type) to * 'addr', 'addr' will be ignored. The 'addr' object must remain * valid until the session is destroyed. */ void ne_set_localaddr(ne_session *sess, const ne_inet_addr *addr); /* DEPRECATED: Progress callback. */ typedef void (*ne_progress)(void *userdata, ne_off_t progress, ne_off_t total); /* DEPRECATED API: Set a progress callback for the session; this is * deprecated in favour of ne_set_notifier(). The progress callback * is invoked for after each block of the request and response body to * indicate request and response progress (there is no way to * distinguish between the two using this interface alone). * If progress is NULL, any existing callback is deregistered and will * no longer be invoked. * * NOTE: Use of this interface is mutually exclusive with the use of * ne_set_notifier(). A call to ne_set_progress() removes the * notifier callback, and vice versa. */ void ne_set_progress(ne_session *sess, ne_progress progress, void *userdata); /* Store an opaque context for the session, 'priv' is returned by a * call to ne_session_get_private with the same ID. */ void ne_set_session_private(ne_session *sess, const char *id, void *priv); void *ne_get_session_private(ne_session *sess, const char *id); /* Status event type. NOTE: More event types may be added in * subsequent releases, so callers must ignore unknown status types * for forwards-compatibility. */ typedef enum { ne_status_lookup = 0, /* looking up hostname */ ne_status_connecting, /* connecting to host */ ne_status_connected, /* connected to host */ ne_status_sending, /* sending a request body */ ne_status_recving, /* receiving a response body */ ne_status_disconnected /* disconnected from host */ } ne_session_status; /* Status event information union; the relevant structure within * corresponds to the event type. WARNING: the size of this union is * not limited by ABI constraint; it may be extended with additional * members of different size, or existing members may be extended. */ typedef union ne_session_status_info_u { struct /* ne_status_lookup */ { /* The hostname which is being resolved: */ const char *hostname; } lu; struct /* ne_status_connecting */ { /* The hostname and network address to which a connection * attempt is being made: */ const char *hostname; const ne_inet_addr *address; } ci; struct /* ne_status_connected, ne_status_disconnected */ { /* The hostname to which a connection has just been * established or closed: */ const char *hostname; } cd; struct /* ne_status_sending and ne_status_recving */ { /* Request/response body transfer progress; if total == -1, * the total size is unknown; otherwise, total gives the total * number of bytes which will be transferred. progress gives * the number of bytes transferred so far. */ ne_off_t progress, total; } sr; } ne_session_status_info; /* Callback invoked to notify a new session status event, given by the * 'status' argument. On invocation, the contents of exactly one of * the structures in the info union will be valid, as indicated * above. */ typedef void (*ne_notify_status)(void *userdata, ne_session_status status, const ne_session_status_info *info); /* Set a status notification callback for the session, to report * session status events. Only one notification callback per session * can be registered; the most recent of successive calls to this * function takes effect. If status is NULL, any existing callback * is deregistered and will no longer be invoked. * * NOTE: Use of this interface is mutually exclusive with the use of * ne_set_progress(). A call to ne_set_notifier() removes the * progress callback, and vice versa. */ void ne_set_notifier(ne_session *sess, ne_notify_status status, void *userdata); /* Certificate verification failures. */ /* NE_SSL_NOTYETVALID: the certificate is not yet valid. */ #define NE_SSL_NOTYETVALID (0x01) /* NE_SSL_EXPIRED: the certificate has expired. */ #define NE_SSL_EXPIRED (0x02) /* NE_SSL_IDMISMATCH: the hostname for which the certificate was * issued does not match the hostname of the server; this could mean * that the connection is being intercepted. */ #define NE_SSL_IDMISMATCH (0x04) /* NE_SSL_UNTRUSTED: the certificate authority which signed the server * certificate is not trusted: there is no indicatation the server is * who they claim to be: */ #define NE_SSL_UNTRUSTED (0x08) /* NE_SSL_BADCHAIN: the certificate chain contained a certificate * other than the server cert which failed verification for a reason * other than lack of trust; for example, due to a CA cert being * outside its validity period. */ #define NE_SSL_BADCHAIN (0x10) /* N.B.: 0x20 is reserved. */ /* NE_SSL_REVOKED: the server certificate has been revoked by the * issuing authority. */ #define NE_SSL_REVOKED (0x40) /* For purposes of forwards-compatibility, the bitmask of all * currently exposed failure bits is given as NE_SSL_FAILMASK. If the * expression (failures & ~NE_SSL_FAILMASK) is non-zero a failure type * is present which the application does not recognize but must treat * as a verification failure nonetheless. */ #define NE_SSL_FAILMASK (0x5f) /* A callback which is used when server certificate verification is * needed. The reasons for verification failure are given in the * 'failures' parameter, which is a binary OR of one or more of the * above NE_SSL_* values. failures is guaranteed to be non-zero. The * callback must return zero to accept the certificate: a non-zero * return value will fail the SSL negotiation. */ typedef int (*ne_ssl_verify_fn)(void *userdata, int failures, const ne_ssl_certificate *cert); /* Install a callback to handle server certificate verification. This * is required when the CA certificate is not known for the server * certificate, or the server cert has other verification problems. */ void ne_ssl_set_verify(ne_session *sess, ne_ssl_verify_fn fn, void *userdata); /* Use the given client certificate for the session. The client cert * MUST be in the decrypted state, otherwise behaviour is undefined. * The 'clicert' object is duplicated internally so can be destroyed * by the caller. */ void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert *clicert); /* Indicate that the certificate 'cert' is trusted; the 'cert' object * is duplicated internally so can be destroyed by the caller. This * function has no effect for non-SSL sessions. */ void ne_ssl_trust_cert(ne_session *sess, const ne_ssl_certificate *cert); /* If the SSL library provided a default set of CA certificates, trust * this set of CAs. */ void ne_ssl_trust_default_ca(ne_session *sess); /* Callback used to load a client certificate on demand. If dncount * is > 0, the 'dnames' array dnames[0] through dnames[dncount-1] * gives the list of CA names which the server indicated were * acceptable. The callback should load an appropriate client * certificate and then pass it to 'ne_ssl_set_clicert'. */ typedef void (*ne_ssl_provide_fn)(void *userdata, ne_session *sess, const ne_ssl_dname *const *dnames, int dncount); /* Register a function to be called when the server requests a client * certificate. */ void ne_ssl_provide_clicert(ne_session *sess, ne_ssl_provide_fn fn, void *userdata); /* Set the timeout (in seconds) used when reading from a socket. The * timeout value must be greater than zero. */ void ne_set_read_timeout(ne_session *sess, int timeout); /* Set the timeout (in seconds) used when making a connection. The * timeout value must be greater than zero. */ void ne_set_connect_timeout(ne_session *sess, int timeout); /* Sets the user-agent string. neon/VERSION will be appended, to make * the full header "User-Agent: product neon/VERSION". * If this function is not called, the User-Agent header is not sent. * The product string must follow the RFC 7231§5.5.3 format, i.e. * product = token ["/" product-version] * product-version = token * where token is an alphanumeric string. */ void ne_set_useragent(ne_session *sess, const char *product); /* Returns non-zero if next-hop server does not claim compliance to * HTTP/1.1 or later. */ int ne_version_pre_http11(ne_session *sess); /* Returns the 'hostport' URI segment for the end-server, e.g. * "my.server.com:8080". */ const char *ne_get_server_hostport(ne_session *sess); /* Returns the URL scheme being used for the current session, omitting * the trailing ':'; e.g. "http" or "https". */ const char *ne_get_scheme(ne_session *sess); /* Sets the host, scheme, and port fields of the given URI structure * to that of the configured server and scheme for the session; host * and scheme are malloc-allocated. No other fields in the URI * structure are changed. */ void ne_fill_server_uri(ne_session *sess, ne_uri *uri); /* If a proxy is configured, sets the host and port fields in the * given URI structure to that of the proxy. If multiple proxies are * configured, the active is used if any, otherwise the first. The * hostname is malloc-allocated. No other fields in the URI structure * are changed; if no proxy is configured or a non-HTTP proxy is in * use, no fields are changed. */ void ne_fill_proxy_uri(ne_session *sess, ne_uri *uri); /* Set the error string for the session; takes printf-like format * string. */ void ne_set_error(ne_session *sess, const char *format, ...) ne_attribute((format (printf, 2, 3))); /* Retrieve the error string for the session */ const char *ne_get_error(ne_session *sess); NE_END_DECLS #endif /* NE_SESSION_H */ neon-0.32.2/src/ne_socket.c000066400000000000000000001576611416727304000154660ustar00rootroot00000000000000/* Socket handling routines Copyright (C) 1998-2021, Joe Orton Copyright (C) 2004 Aleix Conchillo Flaque This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* portions were originally under GPL in Mutt, http://www.mutt.org/ Relicensed under LGPL for neon, http://www.webdav.org/neon/ */ #include "config.h" #include #ifdef HAVE_SYS_UIO_H #include /* writev(2) */ #endif #ifdef HAVE_SYS_TIME_H #include #endif #include #ifdef HAVE_SYS_SOCKET_H #include #endif #ifdef NE_USE_POLL #include #elif defined(HAVE_SYS_SELECT_H) #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_TCP_H #include #endif #ifdef HAVE_ARPA_INET_H #include #endif #ifdef HAVE_NETDB_H #include #endif #ifdef WIN32 #include #include #ifdef USE_GETADDRINFO #include #include #endif #endif #if defined(HAVE_OPENSSL) && defined(HAVE_LIMITS_H) #include /* for INT_MAX */ #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_SIGNAL_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_FCNTL_H #include #endif #ifdef HAVE_SOCKS_H #include #endif #ifdef HAVE_OPENSSL #include #include #include /* for PKCS12_PBE_add */ #include #include /* for OPENSSL_VERSION_NUMBER */ #endif #ifdef HAVE_GNUTLS #include #endif #define NE_INET_ADDR_DEFINED /* A slightly ugly hack: change the ne_inet_addr definition to be the * real address type used. The API only exposes ne_inet_addr as a * pointer to an opaque object, so this should be well-defined * behaviour. It avoids the hassle of a real wrapper ne_inet_addr * structure, or losing type-safety by using void *. */ #ifdef USE_GETADDRINFO typedef struct addrinfo ne_inet_addr; #else typedef struct in_addr ne_inet_addr; #endif #include "ne_privssl.h" /* MUST come after ne_inet_addr is defined */ /* To avoid doing AAAA queries unless absolutely necessary, either use * AI_ADDRCONFIG where available, or a run-time check for working IPv6 * support; the latter is only known to work on Linux. */ #if defined(USE_GETADDRINFO) && !defined(USE_GAI_ADDRCONFIG) && defined(__linux__) #define USE_CHECK_IPV6 #endif /* "Be Conservative In What You Build". */ #if defined(HAVE_FCNTL) && defined(O_NONBLOCK) && defined(F_SETFL) \ && defined(HAVE_GETSOCKOPT) && defined(SO_ERROR) \ && defined(HAVE_SOCKLEN_T) && defined(SOL_SOCKET) \ && defined(EINPROGRESS) #define USE_NONBLOCKING_CONNECT #endif #include "ne_internal.h" #include "ne_utils.h" #include "ne_string.h" #include "ne_socket.h" #include "ne_alloc.h" #include "ne_sspi.h" #if defined(__BEOS__) && !defined(BONE_VERSION) /* pre-BONE */ #define ne_close(s) closesocket(s) #define ne_errno errno #elif defined(WIN32) #define ne_close(s) closesocket(s) #define ne_errno WSAGetLastError() #else /* really Unix! */ #define ne_close(s) close(s) #define ne_errno errno #endif #ifdef WIN32 #define NE_ISRESET(e) ((e) == WSAECONNABORTED || (e) == WSAETIMEDOUT || \ (e) == WSAECONNRESET || (e) == WSAENETRESET) #define NE_ISCLOSED(e) ((e) == WSAESHUTDOWN || (e) == WSAENOTCONN) #define NE_ISINTR(e) (0) #define NE_ISINPROGRESS(e) ((e) == WSAEWOULDBLOCK) /* says MSDN */ #else /* Unix */ /* Also treat ECONNABORTED and ENOTCONN as "connection reset" errors; * both can be returned by Winsock-based sockets layers e.g. CygWin */ #ifndef ECONNABORTED #define ECONNABORTED ECONNRESET #endif #ifndef ENOTCONN #define ENOTCONN ECONNRESET #endif #define NE_ISRESET(e) ((e) == ECONNRESET || (e) == ECONNABORTED || (e) == ENOTCONN) #define NE_ISCLOSED(e) ((e) == EPIPE) #define NE_ISINTR(e) ((e) == EINTR) #define NE_ISINPROGRESS(e) ((e) == EINPROGRESS) #endif /* Socket read timeout */ #define SOCKET_READ_TIMEOUT 120 /* Critical I/O functions on a socket: useful abstraction for easily * handling SSL I/O alongside raw socket I/O. */ struct iofns { /* Read up to 'len' bytes into 'buf' from socket. Return <0 on * error or EOF, or >0; number of bytes read. */ ssize_t (*sread)(ne_socket *s, char *buf, size_t len); /* Write up to 'len' bytes from 'buf' to socket. Return number of * bytes written on success, or <0 on error. */ ssize_t (*swrite)(ne_socket *s, const char *buf, size_t len); /* Wait up to 'n' seconds for socket to become readable. Returns * 0 when readable, otherwise NE_SOCK_TIMEOUT or NE_SOCK_ERROR. */ int (*readable)(ne_socket *s, int n); /* Write up to 'count' blocks described by 'vector' to socket. * Return number of bytes written on success, or <0 on error. */ ssize_t (*swritev)(ne_socket *s, const struct ne_iovec *vector, int count); }; static const ne_inet_addr dummy_laddr; struct ne_socket_s { int fd; unsigned int lport; const ne_inet_addr *laddr; void *progress_ud; int rdtimeout, cotimeout; /* timeouts */ const struct iofns *ops; #ifdef NE_HAVE_SSL ne_ssl_socket ssl; #endif /* The read buffer: ->buffer stores byte which have been read; as * these are consumed and passed back to the caller, bufpos * advances through ->buffer. ->bufavail gives the number of * bytes which remain to be consumed in ->buffer (from ->bufpos), * and is hence always <= RDBUFSIZ. */ char *bufpos; size_t bufavail; #define RDBUFSIZ 4096 char buffer[RDBUFSIZ]; /* Error string. */ char error[192]; }; /* ne_sock_addr represents an Internet address. */ struct ne_sock_addr_s { #ifdef USE_GETADDRINFO struct addrinfo *result, *cursor; #else struct in_addr *addrs; size_t cursor, count; char *name; #endif int errnum; }; /* set_error: set socket error string to 'str'. */ #define set_error(s, str) ne_strnzcpy((s)->error, (str), sizeof (s)->error) /* set_strerror: set socket error to system error string for 'errnum' */ #ifdef WIN32 /* Print system error message to given buffer. */ static void print_error(int errnum, char *buffer, size_t buflen) { if (FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, (DWORD) errnum, 0, buffer, buflen, NULL) == 0) ne_snprintf(buffer, buflen, "Socket error %d", errnum); } #define set_strerror(s, e) print_error((e), (s)->error, sizeof (s)->error) #else /* not WIN32 */ #define set_strerror(s, e) ne_strerror((e), (s)->error, sizeof (s)->error) #endif #ifdef HAVE_OPENSSL /* Seed the SSL PRNG, if necessary; returns non-zero on failure. */ static int seed_ssl_prng(void) { /* Check whether the PRNG has already been seeded. */ if (RAND_status() == 1) return 0; #if defined(EGD_PATH) NE_DEBUG(NE_DBG_SOCKET, "Seeding PRNG from " EGD_PATH "...\n"); if (RAND_egd(EGD_PATH) != -1) return 0; #elif defined(ENABLE_EGD) { static const char *paths[] = { "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" }; size_t n; for (n = 0; n < sizeof(paths) / sizeof(char *); n++) { NE_DEBUG(NE_DBG_SOCKET, "Seeding PRNG from %s...\n", paths[n]); if (RAND_egd(paths[n]) != -1) return 0; } } #endif /* EGD_PATH */ NE_DEBUG(NE_DBG_SOCKET, "No entropy source found; could not seed PRNG.\n"); return -1; } #endif /* HAVE_OPENSSL */ #ifdef USE_CHECK_IPV6 static int ipv6_disabled = 0; /* On Linux kernels, IPv6 is typically built as a loadable module, and * socket(AF_INET6, ...) will fail if this module is not loaded, so * the slow AAAA lookups can be avoided for this common case. */ static void init_ipv6(void) { int fd = socket(AF_INET6, SOCK_STREAM, 0); if (fd < 0) ipv6_disabled = 1; else close(fd); } #elif defined(AF_INET6) #define ipv6_disabled (0) #else #define ipv6_disabled (1) #endif /* If init_state is N where > 0, ne_sock_init has been called N times; * if == 0, library is not initialized; if < 0, library initialization * has failed. */ static int init_state = 0; int ne_sock_init(void) { #ifdef WIN32 WORD wVersionRequested; WSADATA wsaData; int err; #endif if (init_state > 0) { init_state++; return 0; } else if (init_state < 0) { return -1; } #ifdef WIN32 wVersionRequested = MAKEWORD(2, 2); err = WSAStartup(wVersionRequested, &wsaData); if (err != 0) { return init_state = -1; } #ifdef HAVE_SSPI if (ne_sspi_init() < 0) { return init_state = -1; } #endif #endif #ifdef NE_HAVE_SOCKS SOCKSinit("neon"); #endif #if defined(HAVE_SIGNAL) && defined(SIGPIPE) (void) signal(SIGPIPE, SIG_IGN); #endif #ifdef USE_CHECK_IPV6 init_ipv6(); #endif #ifdef NE_HAVE_SSL if (ne__ssl_init()) { return init_state = -1; } #endif init_state = 1; return 0; } void ne_sock_exit(void) { if (init_state > 0 && --init_state == 0) { #ifdef WIN32 WSACleanup(); #endif #ifdef NE_HAVE_SSL ne__ssl_exit(); #endif #ifdef HAVE_SSPI ne_sspi_deinit(); #endif } } /* Await readability (rdwr = 0) or writability (rdwr != 0) for socket * fd for secs seconds. Returns <0 on error, zero on timeout, >0 if * data is available. */ static int raw_poll(int fdno, int rdwr, int secs) { int ret; #ifdef NE_USE_POLL struct pollfd fds; int timeout = secs > 0 ? secs * 1000 : -1; fds.fd = fdno; fds.events = rdwr == 0 ? POLLIN : POLLOUT; fds.revents = 0; do { ret = poll(&fds, 1, timeout); } while (ret < 0 && NE_ISINTR(ne_errno)); #else fd_set rdfds, wrfds, exfds; struct timeval timeout, *tvp = (secs >= 0 ? &timeout : NULL); /* Init the fd set */ FD_ZERO(&rdfds); FD_ZERO(&wrfds); FD_ZERO(&exfds); /* Note that (amazingly) the FD_SET macro does not expand * correctly on Netware if not inside a compound statement * block. */ if (rdwr == 0) { FD_SET(fdno, &rdfds); } else { FD_SET(fdno, &wrfds); } FD_SET(fdno, &exfds); if (tvp) { tvp->tv_sec = secs; tvp->tv_usec = 0; } do { ret = select(fdno + 1, &rdfds, &wrfds, &exfds, tvp); } while (ret < 0 && NE_ISINTR(ne_errno)); #endif return ret; } int ne_sock_block(ne_socket *sock, int n) { if (sock->bufavail) return 0; return sock->ops->readable(sock, n); } /* Cast address object AD to type 'sockaddr_TY' */ #define SACAST(ty, ad) ((struct sockaddr_##ty *)(ad)) ssize_t ne_sock_read(ne_socket *sock, char *buffer, size_t buflen) { ssize_t bytes; #if 0 NE_DEBUG(NE_DBG_SOCKET, "buf: at %d, %d avail [%s]\n", sock->bufpos - sock->buffer, sock->bufavail, sock->bufpos); #endif if (sock->bufavail > 0) { /* Deliver buffered data. */ if (buflen > sock->bufavail) buflen = sock->bufavail; memcpy(buffer, sock->bufpos, buflen); sock->bufpos += buflen; sock->bufavail -= buflen; return buflen; } else if (buflen >= sizeof sock->buffer) { /* No need for read buffer. */ return sock->ops->sread(sock, buffer, buflen); } else { /* Fill read buffer. */ bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); if (bytes <= 0) return bytes; if (buflen > (size_t)bytes) buflen = bytes; memcpy(buffer, sock->buffer, buflen); sock->bufpos = sock->buffer + buflen; sock->bufavail = bytes - buflen; return buflen; } } ssize_t ne_sock_peek(ne_socket *sock, char *buffer, size_t buflen) { ssize_t bytes; if (sock->bufavail) { /* just return buffered data. */ bytes = sock->bufavail; } else { /* fill the buffer. */ bytes = sock->ops->sread(sock, sock->buffer, sizeof sock->buffer); if (bytes <= 0) return bytes; sock->bufpos = sock->buffer; sock->bufavail = bytes; } if (buflen > (size_t)bytes) buflen = bytes; memcpy(buffer, sock->bufpos, buflen); return buflen; } /* Await data on raw fd in socket. */ static int readable_raw(ne_socket *sock, int secs) { int ret = raw_poll(sock->fd, 0, secs); if (ret < 0) { set_strerror(sock, ne_errno); return NE_SOCK_ERROR; } return (ret == 0) ? NE_SOCK_TIMEOUT : 0; } static ssize_t read_raw(ne_socket *sock, char *buffer, size_t len) { ssize_t ret; ret = readable_raw(sock, sock->rdtimeout); if (ret) return ret; do { ret = recv(sock->fd, buffer, len, 0); } while (ret == -1 && NE_ISINTR(ne_errno)); if (ret == 0) { set_error(sock, _("Connection closed")); ret = NE_SOCK_CLOSED; } else if (ret < 0) { int errnum = ne_errno; ret = NE_ISRESET(errnum) ? NE_SOCK_RESET : NE_SOCK_ERROR; set_strerror(sock, errnum); } return ret; } #define MAP_ERR(e) (NE_ISCLOSED(e) ? NE_SOCK_CLOSED : \ (NE_ISRESET(e) ? NE_SOCK_RESET : NE_SOCK_ERROR)) #ifdef MSG_NOSIGNAL #define SEND_FLAGS MSG_NOSIGNAL #else #define SEND_FLAGS (0) #endif static ssize_t write_raw(ne_socket *sock, const char *data, size_t length) { ssize_t ret; #ifdef __QNX__ /* Test failures seen on QNX over loopback, if passing large * buffer lengths to send(). */ if (length > 8192) length = 8192; #endif do { ret = send(sock->fd, data, length, SEND_FLAGS); } while (ret == -1 && NE_ISINTR(ne_errno)); if (ret < 0) { int errnum = ne_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } return ret; } static ssize_t writev_raw(ne_socket *sock, const struct ne_iovec *vector, int count) { ssize_t ret; #ifdef WIN32 LPWSABUF wasvector = (LPWSABUF)ne_malloc(count * sizeof(WSABUF)); DWORD total; int i; for (i = 0; i < count; i++){ wasvector[i].buf = vector[i].base; wasvector[i].len = vector[i].len; } ret = WSASend(sock->fd, wasvector, count, &total, 0, NULL, NULL); if (ret == 0) ret = total; ne_free(wasvector); #elif defined(MSG_NOSIGNAL) && defined(HAVE_SENDMSG) struct msghdr m; memset(&m, 0, sizeof m); m.msg_iov = (struct iovec *)vector; m.msg_iovlen = count; do { ret = sendmsg(sock->fd, &m, MSG_NOSIGNAL); } while (ret == -1 && NE_ISINTR(ne_errno)); #else const struct iovec *vec = (const struct iovec *) vector; do { ret = writev(sock->fd, vec, count); } while (ret == -1 && NE_ISINTR(ne_errno)); #endif if (ret < 0) { int errnum = ne_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } return ret; } #ifdef NE_HAVE_SSL static ssize_t writev_dummy(ne_socket *sock, const struct ne_iovec *vector, int count) { return sock->ops->swrite(sock, vector[0].base, vector[0].len); } #endif static const struct iofns iofns_raw = { read_raw, write_raw, readable_raw, writev_raw }; #ifdef HAVE_OPENSSL static int error_ossl(ne_socket *sock, int sret); #endif #ifdef HAVE_OPENSSL /* OpenSSL I/O function implementations. */ static int readable_ossl(ne_socket *sock, int secs) { #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L /* Sufficient for TLSv1.2 and earlier. */ if (SSL_pending(sock->ssl)) return 0; return readable_raw(sock, secs); #else /* TLSv1.3 sends a lot more handshake data so the presence of data * on the socket - i.e. poll() returning 1, is an insufficient * test for app-data readability. */ char pending; int ret; size_t bytes; /* Loop while no app data is pending, each time attempting a one * byte peek, and retrying the poll if that fails due to absence * of app data. */ while (!SSL_pending(sock->ssl)) { ret = readable_raw(sock, secs); if (ret == NE_SOCK_TIMEOUT) { return ret; } ret = SSL_peek_ex(sock->ssl, &pending, 1, &bytes); if (ret) { /* App data definitely available. */ break; } else { /* If this gave SSL_ERROR_WANT_READ, loop and probably * block again, else some other error happened. */ ret = error_ossl(sock, ret); if (ret != NE_SOCK_RETRY) return ret; } } return 0; #endif /* OPENSSL_VERSION_NUMBER < 1.1.1 */ } /* SSL error handling, according to SSL_get_error(3). */ static int error_ossl(ne_socket *sock, int sret) { int errnum = SSL_get_error(sock->ssl, sret); unsigned long err; if (errnum == SSL_ERROR_ZERO_RETURN) { set_error(sock, _("Connection closed")); NE_DEBUG(NE_DBG_SSL, "ssl: Got TLS closure.\n"); return NE_SOCK_CLOSED; } else if (errnum == SSL_ERROR_WANT_READ) { set_error(sock, _("Retry operation")); return NE_SOCK_RETRY; } /* for all other errors, look at the OpenSSL error stack */ err = ERR_get_error(); NE_DEBUG(NE_DBG_SSL, "ssl: Got OpenSSL error stack %lu\n", err); if (ERR_GET_LIB(err) == ERR_LIB_SSL) { int reason = ERR_GET_REASON(err); #ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING /* OpenSSL 3 signals truncation this way. */ if (reason == SSL_R_UNEXPECTED_EOF_WHILE_READING) { set_error(sock, _("Secure connection truncated")); return NE_SOCK_TRUNC; } else #endif if (reason == SSL_R_PROTOCOL_IS_SHUTDOWN) { set_error(sock, _("Secure connection reset")); return NE_SOCK_RESET; } } if (err == 0) { /* Empty error stack, presume this is a system call error: */ if (sret == 0) { /* EOF without close_notify, possible truncation */ set_error(sock, _("Secure connection truncated")); return NE_SOCK_TRUNC; } else { /* Other socket error. */ errnum = ne_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } } if (ERR_reason_error_string(err)) { ne_snprintf(sock->error, sizeof sock->error, _("SSL error: %s"), ERR_reason_error_string(err)); } else { ne_snprintf(sock->error, sizeof sock->error, _("SSL error code %d/%d/%lu"), sret, errnum, err); } /* make sure the error stack is now empty. */ ERR_clear_error(); return NE_SOCK_ERROR; } /* Work around OpenSSL's use of 'int' rather than 'size_t', to prevent * accidentally passing a negative number, etc. */ #define CAST2INT(n) (((n) > INT_MAX) ? INT_MAX : (n)) static ssize_t read_ossl(ne_socket *sock, char *buffer, size_t len) { int ret; do { ret = readable_ossl(sock, sock->rdtimeout); if (ret) return ret; ret = SSL_read(sock->ssl, buffer, CAST2INT(len)); if (ret <= 0) ret = error_ossl(sock, ret); } while (ret == NE_SOCK_RETRY); return ret; } static ssize_t write_ossl(ne_socket *sock, const char *data, size_t len) { int ret, ilen = CAST2INT(len); ret = SSL_write(sock->ssl, data, ilen); /* ssl.h says SSL_MODE_ENABLE_PARTIAL_WRITE must be enabled to * have SSL_write return < length... so, SSL_write should never * return < length. */ if (ret != ilen) return error_ossl(sock, ret); return ret; } static const struct iofns iofns_ssl = { read_ossl, write_ossl, readable_ossl, writev_dummy }; #elif defined(HAVE_GNUTLS) /* Return zero if an alert value can be ignored. */ static int check_alert(ne_socket *sock, ssize_t ret) { const char *alert; if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED) { alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); NE_DEBUG(NE_DBG_SOCKET, "TLS warning alert: %s\n", alert); return 0; } else if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { alert = gnutls_alert_get_name(gnutls_alert_get(sock->ssl)); NE_DEBUG(NE_DBG_SOCKET, "TLS fatal alert: %s\n", alert); return -1; } return ret; } static int readable_gnutls(ne_socket *sock, int secs) { if (gnutls_record_check_pending(sock->ssl)) { return 0; } return readable_raw(sock, secs); } static ssize_t error_gnutls(ne_socket *sock, ssize_t sret) { ssize_t ret; switch (sret) { case 0: ret = NE_SOCK_CLOSED; set_error(sock, _("Connection closed")); break; case GNUTLS_E_FATAL_ALERT_RECEIVED: ret = NE_SOCK_ERROR; ne_snprintf(sock->error, sizeof sock->error, _("SSL alert received: %s"), gnutls_alert_get_name(gnutls_alert_get(sock->ssl))); break; #if GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 99) case GNUTLS_E_PREMATURE_TERMINATION: #else case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: #endif ret = NE_SOCK_TRUNC; set_error(sock, _("Secure connection truncated")); break; case GNUTLS_E_INVALID_SESSION: ret = NE_SOCK_RESET; set_error(sock, ("SSL socket terminated")); break; case GNUTLS_E_PUSH_ERROR: ret = NE_SOCK_RESET; set_error(sock, ("SSL socket write failed")); break; case GNUTLS_E_PULL_ERROR: ret = NE_SOCK_RESET; set_error(sock, _("SSL socket read failed")); break; default: ret = NE_SOCK_ERROR; ne_snprintf(sock->error, sizeof sock->error, _("SSL error: %s"), gnutls_strerror(sret)); } return ret; } #define RETRY_GNUTLS(sock, ret) ((ret < 0) \ && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN \ || check_alert(sock, ret) == 0)) static ssize_t read_gnutls(ne_socket *sock, char *buffer, size_t len) { ssize_t ret; unsigned reneg = 1; /* number of allowed rehandshakes */ ret = readable_gnutls(sock, sock->rdtimeout); if (ret) return ret; do { do { ret = gnutls_record_recv(sock->ssl, buffer, len); } while (RETRY_GNUTLS(sock, ret)); } while (ret == GNUTLS_E_REHANDSHAKE && reneg-- && (ret = gnutls_handshake(sock->ssl)) == GNUTLS_E_SUCCESS); if (ret <= 0) ret = error_gnutls(sock, ret); return ret; } static ssize_t write_gnutls(ne_socket *sock, const char *data, size_t len) { ssize_t ret; do { ret = gnutls_record_send(sock->ssl, data, len); } while (RETRY_GNUTLS(sock, ret)); if (ret < 0) return error_gnutls(sock, ret); return ret; } static const struct iofns iofns_ssl = { read_gnutls, write_gnutls, readable_gnutls, writev_dummy }; #endif int ne_sock_fullwrite(ne_socket *sock, const char *data, size_t len) { ssize_t ret; do { ret = sock->ops->swrite(sock, data, len); if (ret > 0) { data += ret; len -= ret; } } while (ret > 0 && len > 0); return ret < 0 ? ret : 0; } int ne_sock_fullwritev(ne_socket *sock, const struct ne_iovec *vector, int count) { ssize_t ret; do { ret = sock->ops->swritev(sock, vector, count); if (ret > 0) { while (count && (size_t)ret >= vector[0].len) { ret -= vector[0].len; count--; vector++; } if (ret && count) { /* Partial buffer sent; send the rest. */ ret = ne_sock_fullwrite(sock, (char *)vector[0].base + ret, vector[0].len - ret); count--; vector++; } } } while (count && ret >= 0); return ret < 0 ? ret : 0; } ssize_t ne_sock_readline(ne_socket *sock, char *buf, size_t buflen) { char *lf; size_t len; if ((lf = memchr(sock->bufpos, '\n', sock->bufavail)) == NULL && sock->bufavail < RDBUFSIZ) { /* The buffered data does not contain a complete line: move it * to the beginning of the buffer. */ if (sock->bufavail) memmove(sock->buffer, sock->bufpos, sock->bufavail); sock->bufpos = sock->buffer; /* Loop filling the buffer whilst no newline is found in the data * buffered so far, and there is still buffer space available */ do { /* Read more data onto end of buffer. */ ssize_t ret = sock->ops->sread(sock, sock->buffer + sock->bufavail, RDBUFSIZ - sock->bufavail); if (ret < 0) return ret; sock->bufavail += ret; } while ((lf = memchr(sock->buffer, '\n', sock->bufavail)) == NULL && sock->bufavail < RDBUFSIZ); } if (lf) len = lf - sock->bufpos + 1; else len = buflen; /* fall into "line too long" error... */ if ((len + 1) > buflen) { set_error(sock, _("Line too long")); return NE_SOCK_ERROR; } memcpy(buf, sock->bufpos, len); buf[len] = '\0'; /* consume the line from buffer: */ sock->bufavail -= len; sock->bufpos += len; return len; } ssize_t ne_sock_fullread(ne_socket *sock, char *buffer, size_t buflen) { ssize_t len; while (buflen > 0) { len = ne_sock_read(sock, buffer, buflen); if (len < 0) return len; buflen -= len; buffer += len; } return 0; } #ifndef INADDR_NONE #define INADDR_NONE ((in_addr_t) -1) #endif #if !defined(USE_GETADDRINFO) && !defined(WIN32) && !HAVE_DECL_H_ERRNO /* Ancient versions of netdb.h don't export h_errno. */ extern int h_errno; #endif /* This implementation does not attempt to support IPv6 using * gethostbyname2 et al. */ ne_sock_addr *ne_addr_resolve(const char *hostname, int flags) { ne_sock_addr *addr = ne_calloc(sizeof *addr); #ifdef USE_GETADDRINFO struct addrinfo hints = {0}; char *pnt; hints.ai_socktype = SOCK_STREAM; if (flags & NE_ADDR_CANON) { hints.ai_flags = AI_CANONNAME; } #ifdef AF_INET6 if (hostname[0] == '[' && ((pnt = strchr(hostname, ']')) != NULL)) { char *hn = ne_strdup(hostname + 1); hn[pnt - hostname - 1] = '\0'; #ifdef AI_NUMERICHOST /* added in the RFC2553 API */ hints.ai_flags |= AI_NUMERICHOST; #endif hints.ai_family = AF_INET6; addr->errnum = getaddrinfo(hn, NULL, &hints, &addr->result); ne_free(hn); } else #endif /* AF_INET6 */ { #ifdef USE_GAI_ADDRCONFIG /* added in the RFC3493 API */ hints.ai_flags |= AI_ADDRCONFIG; hints.ai_family = AF_UNSPEC; addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); #else hints.ai_family = ipv6_disabled ? AF_INET : AF_UNSPEC; addr->errnum = getaddrinfo(hostname, NULL, &hints, &addr->result); #endif } #else /* Use gethostbyname() */ in_addr_t laddr; struct hostent *hp; laddr = inet_addr(hostname); if (laddr == INADDR_NONE) { hp = gethostbyname(hostname); if (hp == NULL) { #ifdef WIN32 addr->errnum = WSAGetLastError(); #else addr->errnum = h_errno; #endif } else if (hp->h_length != sizeof(struct in_addr)) { /* fail gracefully if somebody set RES_USE_INET6 */ addr->errnum = NO_RECOVERY; } else { size_t n; /* count addresses */ for (n = 0; hp->h_addr_list[n] != NULL; n++) /* noop */; addr->count = n; addr->addrs = ne_malloc(n * sizeof *addr->addrs); for (n = 0; n < addr->count; n++) memcpy(&addr->addrs[n], hp->h_addr_list[n], hp->h_length); if (hp->h_name && hp->h_name[0]) addr->name = ne_strdup(hp->h_name); } } else { addr->addrs = ne_malloc(sizeof *addr->addrs); addr->count = 1; memcpy(addr->addrs, &laddr, sizeof *addr->addrs); } #endif return addr; } int ne_addr_result(const ne_sock_addr *addr) { return addr->errnum; } const char *ne_addr_canonical(const ne_sock_addr *addr) { #ifdef USE_GETADDRINFO return addr->result ? addr->result->ai_canonname : NULL; #else return addr->name; #endif } const ne_inet_addr *ne_addr_first(ne_sock_addr *addr) { #ifdef USE_GETADDRINFO addr->cursor = addr->result->ai_next; return addr->result; #else addr->cursor = 0; return &addr->addrs[0]; #endif } const ne_inet_addr *ne_addr_next(ne_sock_addr *addr) { #ifdef USE_GETADDRINFO struct addrinfo *ret = addr->cursor; if (addr->cursor) addr->cursor = addr->cursor->ai_next; #else struct in_addr *ret; if (++addr->cursor < addr->count) ret = &addr->addrs[addr->cursor]; else ret = NULL; #endif return ret; } char *ne_addr_error(const ne_sock_addr *addr, char *buf, size_t bufsiz) { #ifdef WIN32 print_error(addr->errnum, buf, bufsiz); #else const char *err; #ifdef USE_GETADDRINFO /* override horrible generic "Name or service not known" error. */ if (addr->errnum == EAI_NONAME) err = _("Host not found"); else err = gai_strerror(addr->errnum); #elif defined(HAVE_HSTRERROR) err = hstrerror(addr->errnum); #else err = _("Host not found"); #endif ne_strnzcpy(buf, err, bufsiz); #endif /* WIN32 */ return buf; } char *ne_iaddr_print(const ne_inet_addr *ia, char *buf, size_t bufsiz) { #if defined(USE_GETADDRINFO) && defined(HAVE_INET_NTOP) const char *ret; #ifdef AF_INET6 if (ia->ai_family == AF_INET6) { struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); ret = inet_ntop(AF_INET6, &in6->sin6_addr, buf, bufsiz); } else #endif if (ia->ai_family == AF_INET) { struct sockaddr_in *in = SACAST(in, ia->ai_addr); ret = inet_ntop(AF_INET, &in->sin_addr, buf, bufsiz); } else ret = NULL; if (ret == NULL) ne_strnzcpy(buf, "[IP address]", bufsiz); #elif defined(USE_GETADDRINFO) && defined(NI_NUMERICHOST) /* use getnameinfo instead for Win32, which lacks inet_ntop: */ if (getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, NULL, 0, NI_NUMERICHOST)) ne_strnzcpy(buf, "[IP address]", bufsiz); #else /* USE_GETADDRINFO */ ne_strnzcpy(buf, inet_ntoa(*ia), bufsiz); #endif return buf; } unsigned char *ne_iaddr_raw(const ne_inet_addr *ia, unsigned char *buf) { #ifdef USE_GETADDRINFO #ifdef AF_INET6 if (ia->ai_family == AF_INET6) { struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); return memcpy(buf, in6->sin6_addr.s6_addr, sizeof in6->sin6_addr.s6_addr); } else #endif /* AF_INET6 */ { struct sockaddr_in *in = SACAST(in, ia->ai_addr); return memcpy(buf, &in->sin_addr.s_addr, sizeof in->sin_addr.s_addr); } #else /* !USE_GETADDRINFO */ return memcpy(buf, &ia->s_addr, sizeof ia->s_addr); #endif } ne_inet_addr *ne_iaddr_parse(const char *addr, ne_iaddr_type type) { #if defined(USE_GETADDRINFO) && defined(HAVE_INET_PTON) char dst[sizeof(struct in6_addr)]; int af = type == ne_iaddr_ipv6 ? AF_INET6 : AF_INET; if (inet_pton(af, addr, dst) != 1) { return NULL; } return ne_iaddr_make(type, (unsigned char *)dst); #elif defined(USE_GETADDRINFO) && !defined(HAVE_INET_PTON) /* For Windows, which lacks inet_pton(). */ struct addrinfo *ai, *rv, hints; memset(&hints, 0, sizeof hints); hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_NUMERICHOST; hints.ai_family = type == ne_iaddr_ipv6 ? AF_INET6 : AF_INET; if (getaddrinfo(addr, NULL, &hints, &ai)) { return NULL; } /* Copy the returned addrinfo, since it needs to be ne_free()-able * later; must only call freeaddrinfo() on ai. */ rv = ne_calloc(sizeof *rv); memcpy(rv, ai, sizeof *rv); rv->ai_next = NULL; rv->ai_canonname = NULL; rv->ai_addr = ne_calloc(ai->ai_addrlen); memcpy(rv->ai_addr, ai->ai_addr, ai->ai_addrlen); freeaddrinfo(ai); return rv; #else /* !USE_GETADDRINFO */ struct in_addr a; if (type == ne_iaddr_ipv6) { return NULL; } #ifdef WIN32 /* inet_addr() is broken because INADDR_NONE is a valid * broadcast address, so only use it on Windows. */ a.s_addr = inet_addr(addr); if (a.s_addr == INADDR_NONE) { return NULL; } #else /* !WIN32 */ if (inet_aton(addr, &a) == 0) { return NULL; } #endif return ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)&a.s_addr); #endif /* !USE_GETADDRINFO */ } int ne_iaddr_reverse(const ne_inet_addr *ia, char *buf, size_t bufsiz) { #ifdef USE_GETADDRINFO return getnameinfo(ia->ai_addr, ia->ai_addrlen, buf, bufsiz, NULL, 0, 0); #else struct hostent *hp; /* Cast to const void *; some old libc headers apparently expect * const char * here. */ hp = gethostbyaddr((const void *)ia, sizeof *ia, AF_INET); if (hp && hp->h_name) { ne_strnzcpy(buf, hp->h_name, bufsiz); return 0; } return -1; #endif } void ne_addr_destroy(ne_sock_addr *addr) { #ifdef USE_GETADDRINFO /* Note that ->result is only valid for successful invocations of * getaddrinfo. */ if (!addr->errnum && addr->result) freeaddrinfo(addr->result); #else if (addr->addrs) ne_free(addr->addrs); if (addr->name) ne_free(addr->name); #endif ne_free(addr); } /* Perform a connect() for given fd, handling EINTR retries. Returns * zero on success or -1 on failure, in which case, ne_errno is set * appropriately. */ static int raw_connect(int fd, const struct sockaddr *sa, size_t salen) { int ret; do { ret = connect(fd, sa, salen); } while (ret < 0 && NE_ISINTR(ne_errno)); return ret; } /* Perform a connect() for fd to address sa of length salen, with a * timeout if supported on this platform. Returns zero on success or * NE_SOCK_* on failure, with sock->error set appropriately. */ static int timed_connect(ne_socket *sock, int fd, const struct sockaddr *sa, size_t salen) { int ret; #ifdef USE_NONBLOCKING_CONNECT if (sock->cotimeout) { int errnum, flags; /* Get flags and then set O_NONBLOCK. */ flags = fcntl(fd, F_GETFL); if (flags & O_NONBLOCK) { /* This socket was created using SOCK_NONBLOCK... flip the * bit for restoring flags later. */ flags &= ~O_NONBLOCK; } else if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1) { set_strerror(sock, errno); return NE_SOCK_ERROR; } ret = raw_connect(fd, sa, salen); if (ret == -1) { errnum = ne_errno; if (NE_ISINPROGRESS(errnum)) { ret = raw_poll(fd, 1, sock->cotimeout); if (ret > 0) { /* poll got data */ socklen_t len = sizeof(errnum); /* Check whether there is a pending error for the * socket. Per Stevens UNPv1§15.4, Solaris will * return a pending error via errno by failing the * getsockopt() call. */ errnum = 0; if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &errnum, &len)) errnum = errno; if (errnum == 0) { ret = 0; } else { set_strerror(sock, errnum); ret = NE_SOCK_ERROR; } } else if (ret == 0) { /* poll timed out */ set_error(sock, _("Connection timed out")); ret = NE_SOCK_TIMEOUT; } else /* poll failed */ { set_strerror(sock, errno); ret = NE_SOCK_ERROR; } } else /* non-EINPROGRESS error from connect() */ { set_strerror(sock, errnum); ret = NE_SOCK_ERROR; } } /* Reset to old flags; fail on error if no previous error. */ if (fcntl(fd, F_SETFL, flags) == -1 && !ret) { set_strerror(sock, errno); ret = NE_SOCK_ERROR; } } else #endif /* USE_NONBLOCKING_CONNECT */ { ret = raw_connect(fd, sa, salen); if (ret < 0) { set_strerror(sock, ne_errno); ret = NE_SOCK_ERROR; } } return ret; } /* Connect socket to address 'addr' on given 'port'. Returns zero on * success or NE_SOCK_* on failure with sock->error set * appropriately. */ static int connect_socket(ne_socket *sock, int fd, const ne_inet_addr *addr, unsigned int port) { #ifdef USE_GETADDRINFO #ifdef AF_INET6 /* fill in the _family field for AIX 4.3, which forgets to do so. */ if (addr->ai_family == AF_INET6) { struct sockaddr_in6 in6; memcpy(&in6, addr->ai_addr, sizeof in6); in6.sin6_port = port; in6.sin6_family = AF_INET6; return timed_connect(sock, fd, (struct sockaddr *)&in6, sizeof in6); } else #endif if (addr->ai_family == AF_INET) { struct sockaddr_in in; memcpy(&in, addr->ai_addr, sizeof in); in.sin_port = port; in.sin_family = AF_INET; return timed_connect(sock, fd, (struct sockaddr *)&in, sizeof in); } else { set_strerror(sock, EINVAL); return NE_SOCK_ERROR; } #else struct sockaddr_in sa = {0}; sa.sin_family = AF_INET; sa.sin_port = port; sa.sin_addr = *addr; return timed_connect(sock, fd, (struct sockaddr *)&sa, sizeof sa); #endif } ne_socket *ne_sock_create(void) { ne_socket *sock = ne_calloc(sizeof *sock); sock->rdtimeout = SOCKET_READ_TIMEOUT; sock->cotimeout = 0; sock->bufpos = sock->buffer; sock->ops = &iofns_raw; sock->fd = -1; return sock; } #ifdef USE_GETADDRINFO #define ia_family(a) ((a)->ai_family) #define ia_proto(a) ((a)->ai_protocol) #else #define ia_family(a) AF_INET #define ia_proto(a) 0 #endif void ne_sock_prebind(ne_socket *sock, const ne_inet_addr *addr, unsigned int port) { sock->lport = port; sock->laddr = addr ? addr : &dummy_laddr; } /* Bind socket 'fd' to address/port 'addr' and 'port', for subsequent * connect() to address of family 'peer_family'. */ static int do_bind(int fd, int peer_family, const ne_inet_addr *addr, unsigned int port) { #if defined(HAVE_SETSOCKOPT) && defined(SO_REUSEADDR) && defined(SOL_SOCKET) { int flag = 1; (void) setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &flag, sizeof flag); /* An error here is not fatal, so ignore it. */ } #endif #if defined(USE_GETADDRINFO) && defined(AF_INET6) /* Use a sockaddr_in6 if an AF_INET6 local address is specified, or * if no address is specified and the peer address is AF_INET6: */ if ((addr != &dummy_laddr && addr->ai_family == AF_INET6) || (addr == &dummy_laddr && peer_family == AF_INET6)) { struct sockaddr_in6 in6; if (addr == &dummy_laddr) memset(&in6, 0, sizeof in6); else memcpy(&in6, addr->ai_addr, sizeof in6); in6.sin6_port = htons(port); /* fill in the _family field for AIX 4.3, which forgets to do so. */ in6.sin6_family = AF_INET6; #ifdef __NetBSD__ in6.sin6_len = sizeof in6; #endif return bind(fd, (struct sockaddr *)&in6, sizeof in6); } else #endif { struct sockaddr_in in; if (addr == &dummy_laddr) memset(&in, 0, sizeof in); else { #ifdef USE_GETADDRINFO memcpy(&in, addr->ai_addr, sizeof in); #else in.sin_addr = *addr; #endif } in.sin_port = htons(port); in.sin_family = AF_INET; #ifdef __NetBSD__ in.sin_len = sizeof in; #endif return bind(fd, (struct sockaddr *)&in, sizeof in); } } #ifdef SOCK_CLOEXEC /* sock_cloexec is initialized to SOCK_CLOEXEC and cleared to zero if * a socket() call ever fails with EINVAL; not strictly thread-safe * but in practice it will not matter if two threads race accessing * the variable. */ static int sock_cloexec = SOCK_CLOEXEC; #define RETRY_ON_EINVAL #else #define sock_cloexec 0 #endif int ne_sock_connect(ne_socket *sock, const ne_inet_addr *addr, unsigned int port) { int fd, ret; int type = SOCK_STREAM | sock_cloexec; #if defined(RETRY_ON_EINVAL) && defined(SOCK_NONBLOCK) \ && defined(USE_NONBLOCKING_CONNECT) /* If the SOCK_NONBLOCK flag is defined, and the retry-on-EINVAL * logic is enabled, and the socket has a configured timeout, then * also use the SOCK_NONBLOCK flag to save enabling O_NONBLOCK * later. */ if (sock->cotimeout && sock_cloexec) { type |= SOCK_NONBLOCK; } #endif /* use SOCK_STREAM rather than ai_socktype: some getaddrinfo * implementations do not set ai_socktype, e.g. RHL6.2. */ fd = socket(ia_family(addr), type, ia_proto(addr)); #ifdef RETRY_ON_EINVAL /* Handle forwards compat for new glibc on an older kernels; clear * the sock_cloexec flag and retry the call: */ if (fd < 0 && sock_cloexec && errno == EINVAL) { sock_cloexec = 0; fd = socket(ia_family(addr), SOCK_STREAM, ia_proto(addr)); } #endif if (fd < 0) { set_strerror(sock, ne_errno); return -1; } #if !defined(NE_USE_POLL) && !defined(WIN32) if (fd > FD_SETSIZE) { ne_close(fd); set_error(sock, _("Socket descriptor number exceeds FD_SETSIZE")); return NE_SOCK_ERROR; } #endif #if defined(HAVE_FCNTL) && defined(F_GETFD) && defined(F_SETFD) \ && defined(FD_CLOEXEC) /* Set the FD_CLOEXEC bit for the new fd, if the socket was not * created with the CLOEXEC bit already set. */ if (!sock_cloexec && (ret = fcntl(fd, F_GETFD)) >= 0) { fcntl(fd, F_SETFD, ret | FD_CLOEXEC); /* ignore failure; not a critical error. */ } #endif if (sock->laddr && (sock->laddr == &dummy_laddr || ia_family(sock->laddr) == ia_family(addr))) { ret = do_bind(fd, ia_family(addr), sock->laddr, sock->lport); if (ret < 0) { int errnum = ne_errno; ne_close(fd); set_strerror(sock, errnum); return NE_SOCK_ERROR; } } #if defined(HAVE_SETSOCKOPT) && (defined(TCP_NODELAY) || defined(WIN32)) { /* Disable the Nagle algorithm. */ int flag = 1; setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &flag, sizeof flag); } #endif ret = connect_socket(sock, fd, addr, htons(port)); if (ret == 0) sock->fd = fd; else ne_close(fd); return ret; } ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port) { union saun { struct sockaddr sa; struct sockaddr_in sin; #if defined(USE_GETADDRINFO) && defined(AF_INET6) struct sockaddr_in6 sin6; #endif } saun; socklen_t len = sizeof saun; ne_inet_addr *ia; struct sockaddr *sad = (struct sockaddr *)&saun; if (getpeername(sock->fd, sad, &len) != 0) { set_strerror(sock, errno); return NULL; } #if !defined(USE_GETADDRINFO) || !defined(AF_INET6) if (sad->sa_family != AF_INET) { set_error(sock, _("Socket family not supported")); return NULL; } #endif ia = ne_calloc(sizeof *ia); #ifdef USE_GETADDRINFO ia->ai_addr = ne_malloc(len); ia->ai_addrlen = len; memcpy(ia->ai_addr, sad, len); ia->ai_family = saun.sa.sa_family; #else memcpy(ia, &saun.sin.sin_addr.s_addr, sizeof *ia); #endif #if defined(USE_GETADDRINFO) && defined(AF_INET6) *port = ntohs(saun.sa.sa_family == AF_INET ? saun.sin.sin_port : saun.sin6.sin6_port); #else *port = ntohs(saun.sin.sin_port); #endif return ia; } ne_inet_addr *ne_iaddr_make(ne_iaddr_type type, const unsigned char *raw) { ne_inet_addr *ia; #if !defined(AF_INET6) || !defined(USE_GETADDRINFO) /* fail if IPv6 address is given if IPv6 is not supported. */ if (type == ne_iaddr_ipv6) return NULL; #endif ia = ne_calloc(sizeof *ia); #ifdef USE_GETADDRINFO /* ai_protocol and ai_socktype aren't used by connect_socket() so * ignore them here. (for now) */ if (type == ne_iaddr_ipv4) { struct sockaddr_in *in4 = ne_calloc(sizeof *in4); ia->ai_family = AF_INET; ia->ai_addr = (struct sockaddr *)in4; ia->ai_addrlen = sizeof *in4; in4->sin_family = AF_INET; #ifdef __NetBSD__ in4->sin_len = sizeof *in4; #endif memcpy(&in4->sin_addr.s_addr, raw, sizeof in4->sin_addr.s_addr); } #ifdef AF_INET6 else { struct sockaddr_in6 *in6 = ne_calloc(sizeof *in6); ia->ai_family = AF_INET6; ia->ai_addr = (struct sockaddr *)in6; ia->ai_addrlen = sizeof *in6; in6->sin6_family = AF_INET6; #ifdef __NetBSD__ in6->sin6_len = sizeof *in6; #endif memcpy(&in6->sin6_addr, raw, sizeof in6->sin6_addr.s6_addr); } #endif #else /* !USE_GETADDRINFO */ memcpy(&ia->s_addr, raw, sizeof ia->s_addr); #endif return ia; } ne_iaddr_type ne_iaddr_typeof(const ne_inet_addr *ia) { #if defined(USE_GETADDRINFO) && defined(AF_INET6) return ia->ai_family == AF_INET6 ? ne_iaddr_ipv6 : ne_iaddr_ipv4; #else return ne_iaddr_ipv4; #endif } int ne_iaddr_cmp(const ne_inet_addr *i1, const ne_inet_addr *i2) { #ifdef USE_GETADDRINFO if (i1->ai_family != i2->ai_family) return i2->ai_family - i1->ai_family; if (i1->ai_family == AF_INET) { struct sockaddr_in *in1 = SACAST(in, i1->ai_addr), *in2 = SACAST(in, i2->ai_addr); return memcmp(&in1->sin_addr.s_addr, &in2->sin_addr.s_addr, sizeof in1->sin_addr.s_addr); } #ifdef AF_INET6 else if (i1->ai_family == AF_INET6) { struct sockaddr_in6 *in1 = SACAST(in6, i1->ai_addr), *in2 = SACAST(in6, i2->ai_addr); return memcmp(in1->sin6_addr.s6_addr, in2->sin6_addr.s6_addr, sizeof in1->sin6_addr.s6_addr); } #endif /* AF_INET6 */ else return -1; #else return memcmp(&i1->s_addr, &i2->s_addr, sizeof i1->s_addr); #endif /* USE_GETADDRINFO */ } void ne_iaddr_free(ne_inet_addr *addr) { #ifdef USE_GETADDRINFO ne_free(addr->ai_addr); #endif ne_free(addr); } int ne_sock_accept(ne_socket *sock, int listener) { int fd = accept(listener, NULL, NULL); if (fd < 0) { set_strerror(sock, ne_errno); return -1; } sock->fd = fd; return 0; } int ne_sock_fd(const ne_socket *sock) { return sock->fd; } void ne_sock_read_timeout(ne_socket *sock, int timeout) { sock->rdtimeout = timeout; } void ne_sock_connect_timeout(ne_socket *sock, int timeout) { sock->cotimeout = timeout; } #ifdef NE_HAVE_SSL #ifdef HAVE_GNUTLS /* Dumb server session cache implementation for GNUTLS; holds a single * session. */ /* Copy datum 'src' to 'dest'. */ static void copy_datum(gnutls_datum_t *dest, gnutls_datum_t *src) { dest->size = src->size; dest->data = memcpy(gnutls_malloc(src->size), src->data, src->size); } /* Callback to store a session 'data' with id 'key'. */ static int store_sess(void *userdata, gnutls_datum_t key, gnutls_datum_t data) { ne_ssl_context *ctx = userdata; if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); } copy_datum(&ctx->cache.server.key, &key); copy_datum(&ctx->cache.server.data, &data); return 0; } /* Returns non-zero if d1 and d2 are the same datum. */ static int match_datum(gnutls_datum_t *d1, gnutls_datum_t *d2) { return d1->size == d2->size && memcmp(d1->data, d2->data, d1->size) == 0; } /* Callback to retrieve a session of id 'key'. */ static gnutls_datum_t retrieve_sess(void *userdata, gnutls_datum_t key) { ne_ssl_context *ctx = userdata; gnutls_datum_t ret = { NULL, 0 }; if (match_datum(&ctx->cache.server.key, &key)) { copy_datum(&ret, &ctx->cache.server.data); } return ret; } /* Callback to remove a session of id 'key'; stub needed but * implementation seems unnecessary. */ static int remove_sess(void *userdata, gnutls_datum_t key) { return -1; } #endif int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) { int ret; ne_ssl_socket ssl; #if defined(HAVE_OPENSSL) ssl = SSL_new(ctx->ctx); SSL_set_fd(ssl, sock->fd); sock->ssl = ssl; ret = SSL_accept(ssl); if (ret != 1) { return error_ossl(sock, ret); } if (SSL_session_reused(ssl)) { NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); } #elif defined(HAVE_GNUTLS) unsigned int verify_status; gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); gnutls_set_default_priority(ssl); /* Set up dummy session cache. */ gnutls_db_set_store_function(ssl, store_sess); gnutls_db_set_retrieve_function(ssl, retrieve_sess); gnutls_db_set_remove_function(ssl, remove_sess); gnutls_db_set_ptr(ssl, ctx); if (ctx->verify) gnutls_certificate_server_set_request(ssl, GNUTLS_CERT_REQUIRE); sock->ssl = ssl; gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); ret = gnutls_handshake(ssl); if (ret < 0) { return error_gnutls(sock, ret); } if (ctx->verify && (gnutls_certificate_verify_peers2(ssl, &verify_status) || verify_status)) { set_error(sock, _("Client certificate verification failed")); return NE_SOCK_ERROR; } #endif sock->ops = &iofns_ssl; return 0; } int ne_sock_connect_ssl(ne_socket *sock, ne_ssl_context *ctx, void *userdata) { int ret; #if defined(HAVE_OPENSSL) SSL *ssl; if (seed_ssl_prng()) { set_error(sock, _("SSL disabled due to lack of entropy")); return NE_SOCK_ERROR; } sock->ssl = ssl = SSL_new(ctx->ctx); if (!ssl) { set_error(sock, _("Could not create SSL structure")); return NE_SOCK_ERROR; } SSL_set_app_data(ssl, userdata); #if OPENSSL_VERSION_NUMBER < 0x10101000L SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); #else SSL_clear_mode(ssl, SSL_MODE_AUTO_RETRY); #endif SSL_set_fd(ssl, sock->fd); sock->ops = &iofns_ssl; #ifdef SSL_set_tlsext_host_name if (ctx->hostname) { /* Try to enable SNI, but ignore failure (should only fail for * >255 char hostnames, which are probably not legal * anyway). */ if (SSL_set_tlsext_host_name(ssl, ctx->hostname) != 1) { ERR_clear_error(); } } #endif if (ctx->sess) SSL_set_session(ssl, ctx->sess); ret = SSL_connect(ssl); if (ret != 1) { error_ossl(sock, ret); SSL_free(ssl); sock->ssl = NULL; return NE_SOCK_ERROR; } #elif defined(HAVE_GNUTLS) /* DH and RSA params are set in ne_ssl_context_create */ gnutls_init(&sock->ssl, GNUTLS_CLIENT); gnutls_set_default_priority(sock->ssl); gnutls_session_set_ptr(sock->ssl, userdata); gnutls_credentials_set(sock->ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); if (ctx->hostname) { gnutls_server_name_set(sock->ssl, GNUTLS_NAME_DNS, ctx->hostname, strlen(ctx->hostname)); } gnutls_transport_set_ptr(sock->ssl, (gnutls_transport_ptr_t)(long)sock->fd); if (ctx->cache.client.data) { #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_session_set_data(sock->ssl, ctx->cache.client.data, ctx->cache.client.size); #else gnutls_session_set_data(sock->ssl, ctx->cache.client.data, ctx->cache.client.len); #endif } sock->ops = &iofns_ssl; do { ret = gnutls_handshake(sock->ssl); } while (RETRY_GNUTLS(sock, ret)); if (ret < 0) { error_gnutls(sock, ret); return NE_SOCK_ERROR; } if (!gnutls_session_is_resumed(sock->ssl)) { /* New session. The old method of using the _get_data * function seems to be broken with 1.3.0 and later*/ #if defined(HAVE_GNUTLS_SESSION_GET_DATA2) gnutls_session_get_data2(sock->ssl, &ctx->cache.client); #else ctx->cache.client.len = 0; if (gnutls_session_get_data(sock->ssl, NULL, &ctx->cache.client.len) == 0) { ctx->cache.client.data = ne_malloc(ctx->cache.client.len); gnutls_session_get_data(sock->ssl, ctx->cache.client.data, &ctx->cache.client.len); } #endif } #endif return 0; } ne_ssl_socket ne__sock_sslsock(ne_socket *sock) { return sock->ssl; } #endif int ne_sock_sessid(ne_socket *sock, unsigned char *buf, size_t *buflen) { #ifdef NE_HAVE_SSL #ifdef HAVE_GNUTLS if (sock->ssl) { return gnutls_session_get_id(sock->ssl, buf, buflen); } else { return -1; } #else SSL_SESSION *sess; const unsigned char *idbuf; unsigned int idlen; if (!sock->ssl) { return -1; } sess = SSL_get0_session(sock->ssl); idbuf = SSL_SESSION_get_id(sess, &idlen); if (!buf) { *buflen = idlen; return 0; } if (*buflen < idlen) { return -1; } *buflen = idlen; memcpy(buf, idbuf, idlen); return 0; #endif #else return -1; #endif } char *ne_sock_cipher(ne_socket *sock) { #ifdef NE_HAVE_SSL if (sock->ssl) { #ifdef HAVE_OPENSSL const char *name = SSL_get_cipher(sock->ssl); return ne_strdup(name); #elif defined(HAVE_GNUTLS) const char *name = gnutls_cipher_get_name(gnutls_cipher_get(sock->ssl)); return ne_strdup(name); #endif } else #endif /* NE_HAVE_SSL */ { return NULL; } } const char *ne_sock_error(const ne_socket *sock) { return sock->error; } void ne_sock_set_error(ne_socket *sock, const char *format, ...) { va_list params; va_start(params, format); ne_vsnprintf(sock->error, sizeof sock->error, format, params); va_end(params); } int ne_sock_shutdown(ne_socket *sock, unsigned int flags) { int ret; if (!flags) { set_error(sock, _("Missing flags for socket shutdown")); return NE_SOCK_ERROR; } #if defined(HAVE_OPENSSL) if (sock->ssl) { int state = SSL_get_shutdown(sock->ssl); NE_DEBUG(NE_DBG_SSL, "ssl: Shutdown state: %ssent | %sreceived.\n", (state & SSL_SENT_SHUTDOWN) ? "" : "not ", (state & SSL_RECEIVED_SHUTDOWN) ? "" : "not "); if ((flags == NE_SOCK_BOTH || flags == NE_SOCK_SEND) && (state & SSL_SENT_SHUTDOWN) == 0) { NE_DEBUG(NE_DBG_SSL, "ssl: Sending closure.\n"); ret = SSL_shutdown(sock->ssl); if (ret == 0) { set_error(sock, _("Incomplete TLS closure")); return NE_SOCK_RETRY; } else if (ret != 1) { return error_ossl(sock, ret); } } if (flags == NE_SOCK_RECV || flags == NE_SOCK_BOTH) { /* Returns whether the receive side is shutdown or not yet. */ if ((state & SSL_RECEIVED_SHUTDOWN) == 0) { set_error(sock, _("Incomplete TLS closure")); return NE_SOCK_RETRY; } /* For recv-only shutdown, must not complete TCP-level * shutdown until the TLS shutdown is complete. */ if (flags == NE_SOCK_RECV) { return 0; } } } #elif defined(HAVE_GNUTLS) if (sock->ssl) { if (flags == NE_SOCK_RECV) { /* unclear how to handle */ set_error(sock, _("Incomplete TLS closure")); return NE_SOCK_RETRY; } ret = gnutls_bye(sock->ssl, flags == NE_SOCK_SEND ? GNUTLS_SHUT_WR : GNUTLS_SHUT_RDWR); if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) { return NE_SOCK_RETRY; } } #endif #ifdef _WIN32 int how = flags == NE_SOCK_RECV ? SD_RECEIVE : (flags == NE_SOCK_SEND ? SD_SEND : SD_BOTH); #else int how = flags == NE_SOCK_RECV ? SHUT_RD : (flags == NE_SOCK_SEND ? SHUT_WR : SHUT_RDWR); #endif ret = shutdown(sock->fd, how); if (ret < 0) { int errnum = ne_errno; set_strerror(sock, errnum); return MAP_ERR(errnum); } return ret; } int ne_sock_close(ne_socket *sock) { int ret; if (sock->fd != -1) { /* Ignore errors. */ (void) ne_sock_shutdown(sock, NE_SOCK_SEND); } #if defined(HAVE_OPENSSL) if (sock->ssl) { SSL_free(sock->ssl); } #elif defined(HAVE_GNUTLS) if (sock->ssl) { gnutls_deinit(sock->ssl); } #endif ret = sock->fd < 0 ? 0 : ne_close(sock->fd); ne_free(sock); return ret; } neon-0.32.2/src/ne_socket.h000066400000000000000000000321531416727304000154570ustar00rootroot00000000000000/* socket handling interface Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_SOCKET_H #define NE_SOCKET_H #include #ifdef WIN32 #include /* for size_t */ #endif #include "ne_defs.h" #include "ne_ssl.h" /* for ne_ssl_context */ NE_BEGIN_DECLS #define NE_SOCK_ERROR (-1) /* Read/Write timed out */ #define NE_SOCK_TIMEOUT (-2) /* Socket was closed */ #define NE_SOCK_CLOSED (-3) /* Connection was reset (e.g. server crashed) */ #define NE_SOCK_RESET (-4) /* Secure connection was closed without proper SSL shutdown. */ #define NE_SOCK_TRUNC (-5) /* Retry operation later. */ #define NE_SOCK_RETRY (-6) /* ne_socket represents a TCP socket. */ typedef struct ne_socket_s ne_socket; /* ne_sock_addr represents an address object. */ typedef struct ne_sock_addr_s ne_sock_addr; #ifndef NE_INET_ADDR_DEFINED typedef struct ne_inet_addr_s ne_inet_addr; #endif /* Perform process-global initialization of any libraries in use. * Returns non-zero on error. */ int ne_sock_init(void); /* Perform process-global shutdown of any libraries in use. This * function only has effect when it has been called an equal number of * times to ne_sock_init() for the process. */ void ne_sock_exit(void); #define NE_ADDR_CANON (0x01) /* Resolve the given hostname. Hex string IPv6 addresses (e.g. `::1') * may be enclosed in brackets (e.g. `[::1]'). 'flags' should be * zero, or if NE_ADDR_CANON is passed, the canonical name for the * hostname will be determined. */ ne_sock_addr *ne_addr_resolve(const char *hostname, int flags); /* Returns zero if name resolution was successful, non-zero on * error. */ int ne_addr_result(const ne_sock_addr *addr); /* Returns the first network address associated with the 'addr' * object. Undefined behaviour if ne_addr_result returns non-zero for * 'addr'; otherwise, never returns NULL. */ const ne_inet_addr *ne_addr_first(ne_sock_addr *addr); /* Returns the next network address associated with the 'addr' object, * or NULL if there are no more. */ const ne_inet_addr *ne_addr_next(ne_sock_addr *addr); /* NB: the pointers returned by ne_addr_first and ne_addr_next are * valid until ne_addr_destroy is called for the corresponding * ne_sock_addr object. They must not be passed to ne_iaddr_free. */ /* If name resolution fails, copies the error string into 'buffer', * which is of size 'bufsiz'. 'buffer' is returned. */ char *ne_addr_error(const ne_sock_addr *addr, char *buffer, size_t bufsiz); /* Returns the canonical name of the host as a NUL-terminated string, * if NE_ADDR_CANON was used, and name resolution was successful. * Otherwise, returns NULL. */ const char *ne_addr_canonical(const ne_sock_addr *addr); /* Destroys an address object created by ne_addr_resolve. */ void ne_addr_destroy(ne_sock_addr *addr); /* Network address type; IPv4 or IPv6 */ typedef enum { ne_iaddr_ipv4 = 0, ne_iaddr_ipv6 } ne_iaddr_type; /* Create a network address object from raw byte representation (in * network byte order) of given type. 'raw' must be four bytes for an * IPv4 address, 16 bytes for an IPv6 address. May return NULL if * address type is not supported. */ ne_inet_addr *ne_iaddr_make(ne_iaddr_type type, const unsigned char *raw); /* Compare two network address objects i1 and i2; returns zero if they * are equivalent or non-zero otherwise. */ int ne_iaddr_cmp(const ne_inet_addr *i1, const ne_inet_addr *i2); /* Return the type of the given network address object. */ ne_iaddr_type ne_iaddr_typeof(const ne_inet_addr *ia); /* Print the string representation of network address 'ia' into the * buffer 'buffer', which is of length 'bufsiz'. Returns 'buffer'. */ char *ne_iaddr_print(const ne_inet_addr *ia, char *buffer, size_t bufsiz); /* Dump the raw byte representation (in network byte order) of address * 'ia' into the buffer 'buffer', which must be of a suitable length * (4 bytes for an IPv4 address, 16 bytes for an IPv6 address). * Returns 'buffer'. */ unsigned char *ne_iaddr_raw(const ne_inet_addr *ia, unsigned char *buffer); /* Perform the reverse name lookup on network address 'ia', placing * the returned name in the 'buf' buffer (of length 'bufsiz') if * successful. Returns zero on success, or non-zero on error. */ int ne_iaddr_reverse(const ne_inet_addr *ia, char *buf, size_t bufsiz); /* Convert network address string 'addr' (for example, "127.0.0.1") * into a network address object. Returns NULL on parse error. If * non-NULL, return value must be freed using ne_iaddr_free. */ ne_inet_addr *ne_iaddr_parse(const char *addr, ne_iaddr_type type); /* Destroy a network address object created using ne_iaddr_make or * ne_iaddr_parse. */ void ne_iaddr_free(ne_inet_addr *addr); /* Create a socket object; returns NULL on error. */ ne_socket *ne_sock_create(void); /* Specify an address to which the local end of the socket will be * bound during a subsequent ne_sock_connect() call. If the address * passed to ne_sock_connect() is of a different type (family) to * 'addr', 'addr' is ignored. Either 'addr' may be NULL, to use the * given port with unspecified address, or 'port' may be 0, to use the * given address with an unspecified port. * * (Note: This function is not equivalent to a BSD socket bind(), it * only takes effect during the _connect() call). */ void ne_sock_prebind(ne_socket *sock, const ne_inet_addr *addr, unsigned int port); /* Connect the socket to server at address 'addr' on port 'port'. * Returns zero on success, NE_SOCK_TIMEOUT if a timeout occurs when a * non-zero connect timeout is configured (and is supported), or * NE_SOCK_ERROR on failure. */ int ne_sock_connect(ne_socket *sock, const ne_inet_addr *addr, unsigned int port); /* Read up to 'count' bytes from socket into 'buffer'. Returns: * NE_SOCK_* on error, * >0 length of data read into buffer (may be less than 'count') */ ssize_t ne_sock_read(ne_socket *sock, char *buffer, size_t count); /* Read up to 'count' bytes into 'buffer', leaving the data available * in the socket buffer to be returned by a subsequent call to * ne_sock_read or ne_sock_peek. Returns: * NE_SOCK_* on error, * >0 length of data read into buffer. */ ssize_t ne_sock_peek(ne_socket *sock, char *buffer, size_t count); /* Block for up to 'n' seconds until data becomes available for reading * from the socket. Returns: * NE_SOCK_* on error, * NE_SOCK_TIMEOUT if no data arrives in 'n' seconds, * 0 if data arrived on the socket. */ int ne_sock_block(ne_socket *sock, int n); /* Write 'count' bytes of 'data' to the socket. Guarantees to either * write all the bytes or to fail. Returns 0 on success, or NE_SOCK_* * on error. */ int ne_sock_fullwrite(ne_socket *sock, const char *data, size_t count); /* I/O vector. */ struct ne_iovec { void *base; size_t len; }; /* Writes 'count' blocks described by 'vector' to the socket. * Guarantees to either write all the bytes or to fail. Count must be * greater than zero and smaller than the system-defined maximum * vector limit. Returns 0 on success, or NE_SOCK_* on error. */ int ne_sock_fullwritev(ne_socket *sock, const struct ne_iovec *vector, int count); /* Read an LF-terminated line into 'buffer', and NUL-terminate it. * At most 'len' bytes are read (including the NUL terminator). * Returns: * NE_SOCK_* on error, * >0 number of bytes read (including NUL terminator) */ ssize_t ne_sock_readline(ne_socket *sock, char *buffer, size_t len); /* Read exactly 'len' bytes into buffer, or fail; returns 0 on * success, NE_SOCK_* on error. */ ssize_t ne_sock_fullread(ne_socket *sock, char *buffer, size_t len); /* Accepts a connection from listening socket 'fd' and places the * socket in 'sock'. Returns zero on success or -1 on failure. */ int ne_sock_accept(ne_socket *sock, int fd); /* Returns the file descriptor used for socket 'sock'. */ int ne_sock_fd(const ne_socket *sock); /* Return address of peer, or NULL on error. The returned address * must be destroyed by caller using ne_iaddr_free. */ ne_inet_addr *ne_sock_peer(ne_socket *sock, unsigned int *port); /* Flags for ne_sock_shutdown(): */ #define NE_SOCK_RECV (1) #define NE_SOCK_SEND (2) #define NE_SOCK_BOTH (3) /* Shut down the socket in one or both directions, without destroying * the socket object. Flags must be one of NE_SOCK_RECV/SEND/BOTH. * For a non-TLS socket, performs the directional shutdown according * to flags. * For a TLS socket: * - if flags are NE_SOCK_SEND or NE_SOCK_BOTH, sends the TLS * close_notify. Returns NE_SOCK_RETRY if the TLS connection has * not been closed by the peer. * - if flags are NE_SOCK_RECV, returns NE_SOCK_RETRY if the * TLS close_notify has not been closed by the peer. * In NE_SOCK_SEND or NE_SOCK_BOTH is specified, and the bidirectional * TLS shutdown has completed, the TCP shutdown will also be completed * as for a non-TLS socket. */ int ne_sock_shutdown(ne_socket *sock, unsigned int flags); /* Close the socket if it is open, and destroy the socket object. If * SSL is in use for the socket, a closure alert is sent to initiate a * clean shutdown, but this function does not wait for the peer's * response. Returns zero on success, or non-zero on failure. */ int ne_sock_close(ne_socket *sock); /* Return current error string for socket. */ const char *ne_sock_error(const ne_socket *sock); /* Set the error string for the socket; takes printf-like format * string. */ void ne_sock_set_error(ne_socket *sock, const char *format, ...) ne_attribute((format (printf, 2, 3))); /* Set read timeout for socket, in seconds; must be a non-zero * positive integer. */ void ne_sock_read_timeout(ne_socket *sock, int timeout); /* Set connect timeout for socket, in seconds; must be a positive * integer. If a timeout of 'zero' is used then then no explicit * timeout handling will be used for ne_sock_connect(), and the * connect call will only timeout as dictated by the TCP stack. */ void ne_sock_connect_timeout(ne_socket *sock, int timeout); /* Negotiate an SSL connection on socket as an SSL server, using given * SSL context. */ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx); /* Negotiate an SSL connection on socket as an SSL client, using given * SSL context. The 'userdata' parameter is associated with the * underlying SSL library's socket structure for use in callbacks. * Returns zero on success, or non-zero on error. */ int ne_sock_connect_ssl(ne_socket *sock, ne_ssl_context *ctx, void *userdata); /* Retrieve the session ID of the current SSL session. If 'buf' is * non-NULL, on success, copies at most *buflen bytes to 'buf' and * sets *buflen to the exact number of bytes copied. If 'buf' is * NULL, on success, sets *buflen to the length of the session ID. * Returns zero on success, non-zero on error. */ int ne_sock_sessid(ne_socket *sock, unsigned char *buf, size_t *buflen); /* Return human-readable name of SSL/TLS cipher used for connection, * or NULL if none. The format of this string is not intended to be * fixed or parseable, but is informational only. Return value is * NUL-terminated malloc-allocated string if not NULL, which must be * freed by the caller. */ char *ne_sock_cipher(ne_socket *sock); /* SOCKS proxy protocol version: */ enum ne_sock_sversion { NE_SOCK_SOCKSV4 = 0, NE_SOCK_SOCKSV4A, NE_SOCK_SOCKSV5 }; /* Given a socket 'sock' which is connected to a SOCKS proxy, initiate * a connection to a destination server using that proxy, specified * either by network address or hostname, at given port 'port'. * * If 'vers' is NE_SOCKS_V4, addr must be an IPv4 address; hostname * and password are ignored; username must be non-NULL. * * If 'vers' is NE_SOCKS_V4A, hostname must be non-NULL; addr is * ignored; password is ignored; username must be non-NULL. * * If 'vers' is NE_SOCKS_V5, addr may be NULL, in which case hostname * must be non-NULL. addr if non-NULL may be an IPv4 or IPv6 address; * username may be NULL, in which case password is ignored. If * username is non-NULL password must also be non-NULL. * * Returns 0 on success, or NE_SOCK_* on failure - in which case, the * socket error string is set. On failure, the socket must be closed * by the caller. */ int ne_sock_proxy(ne_socket *sock, enum ne_sock_sversion vers, const ne_inet_addr *addr, const char *hostname, unsigned int port, const char *username, const char *password); NE_END_DECLS #endif /* NE_SOCKET_H */ neon-0.32.2/src/ne_socks.c000066400000000000000000000233311416727304000153020ustar00rootroot00000000000000/* SOCKS proxy support for neon Copyright (C) 2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include "ne_internal.h" #include "ne_string.h" #include "ne_socket.h" #include "ne_utils.h" #include /* SOCKS protocol reference: v4: http://www.ufasoft.com/doc/socks4_protocol.htm v4a http://www.smartftp.com/Products/SmartFTP/RFC/socks4a.protocol v5: http://tools.ietf.org/html/rfc1928 ...v5 auth: http://tools.ietf.org/html/rfc1929 */ #define V5_REPLY_OK 0 #define V5_REPLY_FAIL 1 #define V5_REPLY_DISALLOW 2 #define V5_REPLY_NET_UNREACH 3 #define V5_REPLY_HOST_UNREACH 4 #define V5_REPLY_CONN_REFUSED 5 #define V5_REPLY_TTL_EXPIRED 6 #define V5_REPLY_CMD_UNSUPPORTED 7 #define V5_REPLY_TYPE_UNSUPPORTED 8 #define V5_VERSION 0x05 #define V5_ADDR_IPV4 0x01 #define V5_ADDR_FQDN 0x03 #define V5_ADDR_IPV6 0x04 #define V5_CMD_CONNECT 0x01 #define V5_AUTH_NONE 0x00 #define V5_AUTH_USER 0x02 #define V5_AUTH_NOMETH 0xFF /* Fail with given V5 error code in given context. */ static int v5fail(ne_socket *sock, unsigned int code, const char *context) { const char *err; switch (code) { case V5_REPLY_FAIL: err = _("failure"); break; case V5_REPLY_DISALLOW: err = _("connection not permitted"); break; case V5_REPLY_NET_UNREACH: err = _("network unreachable"); break; case V5_REPLY_HOST_UNREACH: err = _("host unreachable"); break; case V5_REPLY_TTL_EXPIRED: err = _("TTL expired"); break; case V5_REPLY_CMD_UNSUPPORTED: err = _("command not supported"); break; case V5_REPLY_TYPE_UNSUPPORTED: err = _("address type not supported"); break; default: ne_sock_set_error(sock, _("%s: unrecognized error (%u)"), context, code); return NE_SOCK_ERROR; } ne_sock_set_error(sock, "%s: %s", context, err); return NE_SOCK_ERROR; } /* Fail with given error string. */ static int fail(ne_socket *sock, const char *error) { ne_sock_set_error(sock, "%s", error); return NE_SOCK_ERROR; } /* Fail with given NE_SOCK_* error code and given context. */ static int sofail(ne_socket *sock, ssize_t ret, const char *context) { char *err = ne_strdup(ne_sock_error(sock)); ne_sock_set_error(sock, "%s: %s", context, err); ne_free(err); return NE_SOCK_ERROR; } /* SOCKSv5 proxy. */ static int v5_proxy(ne_socket *sock, const ne_inet_addr *addr, const char *hostname, unsigned int port, const char *username, const char *password) { unsigned char msg[1024], *p; unsigned int len; int ret; ssize_t n; p = msg; *p++ = V5_VERSION; *p++ = 2; /* Two supported auth protocols; none and user. */ *p++ = V5_AUTH_NONE; *p++ = V5_AUTH_USER; ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); if (ret) { return sofail(sock, ret, _("Could not send message to proxy")); } n = ne_sock_fullread(sock, (char *)msg, 2); if (n) { return sofail(sock, ret, _("Could not read initial response from proxy")); } else if (msg[0] != V5_VERSION) { return fail(sock, _("Invalid version in proxy response")); } /* Authenticate, if necessary. */ switch (msg[1]) { case V5_AUTH_NONE: break; case V5_AUTH_USER: p = msg; *p++ = 0x01; len = strlen(username) & 0xff; *p++ = len; memcpy(p, username, len); p += len; len = strlen(password) & 0xff; *p++ = len; memcpy(p, password, len); p += len; ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); if (ret) { return sofail(sock, ret, _("Could not send login message")); } n = ne_sock_fullread(sock, (char *)msg, 2); if (n) { return sofail(sock, ret, _("Could not read login reply")); } else if (msg[0] != 1) { return fail(sock, _("Invalid version in login reply")); } else if (msg[1] != 0) { return fail(sock, _("Authentication failed")); } break; case V5_AUTH_NOMETH: return fail(sock, _("No acceptable authentication method")); default: return fail(sock, _("Unexpected authentication method chosen")); } /* Send the CONNECT command. */ p = msg; *p++ = V5_VERSION; *p++ = V5_CMD_CONNECT; *p++ = 0; /* reserved */ if (addr) { unsigned char raw[16]; if (ne_iaddr_typeof(addr) == ne_iaddr_ipv4) { len = 4; *p++ = V5_ADDR_IPV4; } else { len = 16; *p++ = V5_ADDR_IPV6; } memcpy(p, ne_iaddr_raw(addr, raw), len); p += len; } else { len = strlen(hostname) & 0xff; *p++ = V5_ADDR_FQDN; *p++ = len; memcpy(p, hostname, len); p += len; } *p++ = (port >> 8) & 0xff; *p++ = port & 0xff; ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); if (ret) { return sofail(sock, ret, _("Could not send connect request")); } n = ne_sock_fullread(sock, (char *)msg, 4); if (n) { return sofail(sock, n, _("Could not read connect reply")); } if (msg[0] != V5_VERSION) { return fail(sock, _("Invalid version in connect reply")); } if (msg[1] != V5_REPLY_OK) { return v5fail(sock, msg[1], _("Could not connect")); } switch (msg[3]) { case V5_ADDR_IPV4: len = 4; break; case V5_ADDR_IPV6: len = 16; break; case V5_ADDR_FQDN: n = ne_sock_read(sock, (char *)msg, 1); if (n != 1) { return sofail(sock, n, _("Could not read FQDN length in connect reply")); } len = msg[0]; break; default: return fail(sock, _("Unknown address type in connect reply")); } n = ne_sock_fullread(sock, (char *)msg, len + 2); if (n) { return sofail(sock, n, _("Could not read address in connect reply")); } return 0; } #define V4_VERSION 0x04 #define V4_CMD_STREAM 0x01 #define V4_REP_OK 0x5a /* request granted */ #define V4_REP_FAIL 0x5b /* request rejected or failed */ #define V4_REP_NOIDENT 0x5c /* request failed, could connect to identd */ #define V4_REP_IDFAIL 0x5d /* request failed, identd denial */ /* Fail for given SOCKSv4 error code. */ static int v4fail(ne_socket *sock, unsigned int code, const char *context) { const char *err; switch (code) { case V4_REP_FAIL: err = _("request rejected or failed"); break; case V4_REP_NOIDENT: err = _("could not establish connection to identd"); break; case V4_REP_IDFAIL: err = _("rejected due to identd user mismatch"); break; default: ne_sock_set_error(sock, _("%s: unrecognized failure (%u)"), context, code); return NE_SOCK_ERROR; } ne_sock_set_error(sock, "%s: %s", context, err); return NE_SOCK_ERROR; } /* SOCKS v4 or v4A proxy. */ static int v4_proxy(ne_socket *sock, enum ne_sock_sversion vers, const ne_inet_addr *addr, const char *hostname, unsigned int port, const char *username) { unsigned char msg[1024], raw[16], *p; ssize_t n; int ret; p = msg; *p++ = V4_VERSION; *p++ = V4_CMD_STREAM; *p++ = (port >> 8) & 0xff; *p++ = port & 0xff; if (vers == NE_SOCK_SOCKSV4A) { /* A bogus address is used to signify use of the hostname, * 0.0.0.X where X != 0. */ memcpy(p, "\x00\x00\x00\xff", 4); } else { /* API precondition that addr is IPv4; if it's not this will * just copy out the first four bytes of the v6 address; * garbage in => garbage out. */ memcpy(p, ne_iaddr_raw(addr, raw), 4); } p += 4; if (username) { unsigned int len = strlen(username) & 0xff; memcpy(p, username, len); p += len; } *p++ = '\0'; if (vers == NE_SOCK_SOCKSV4A) { unsigned int len = strlen(hostname) & 0xff; memcpy(p, hostname, len); p += len; *p++ = '\0'; } ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); if (ret) { return sofail(sock, ret, _("Could not send message to proxy")); } n = ne_sock_fullread(sock, (char *)msg, 8); if (n) { return sofail(sock, ret, _("Could not read response from proxy")); } if (msg[1] != V4_REP_OK) { return v4fail(sock, ret, _("Could not connect")); } return 0; } int ne_sock_proxy(ne_socket *sock, enum ne_sock_sversion vers, const ne_inet_addr *addr, const char *hostname, unsigned int port, const char *username, const char *password) { if (vers == NE_SOCK_SOCKSV5) { return v5_proxy(sock, addr, hostname, port, username, password); } else { return v4_proxy(sock, vers, addr, hostname, port, username); } } neon-0.32.2/src/ne_ssl.h000066400000000000000000000214611416727304000147700ustar00rootroot00000000000000/* SSL/TLS abstraction layer for neon Copyright (C) 2003-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ /* ne_ssl.h defines an interface for loading and accessing the * properties of SSL certificates. */ #ifndef NE_SSL_H #define NE_SSL_H 1 #include #include "ne_defs.h" NE_BEGIN_DECLS /* A "distinguished name"; a unique name for some entity. */ typedef struct ne_ssl_dname_s ne_ssl_dname; /* Returns a single-line string representation of a distinguished * name, intended to be human-readable (e.g. "Acme Ltd., Norfolk, * GB"). Return value is a UTF-8-encoded malloc-allocated string and * must be free'd by the caller. */ char *ne_ssl_readable_dname(const ne_ssl_dname *dn); /* Returns zero if 'dn1' and 'dn2' refer to same name, or non-zero if * they are different. */ int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2); /* An SSL certificate. */ typedef struct ne_ssl_certificate_s ne_ssl_certificate; /* Read a certificate from a file in PEM format; returns NULL if the * certificate could not be parsed. */ ne_ssl_certificate *ne_ssl_cert_read(const char *filename); /* Write a certificate to a file in PEM format; returns non-zero if * the certificate could not be written. */ int ne_ssl_cert_write(const ne_ssl_certificate *cert, const char *filename); /* Export a certificate to a base64-encoded, NUL-terminated string. * The returned string is malloc-allocated and must be free()d by the * caller. */ char *ne_ssl_cert_export(const ne_ssl_certificate *cert); /* Import a certificate from a base64-encoded string as returned by * ne_ssl_cert_export(). Returns a certificate object or NULL if * 'data' was not valid. */ ne_ssl_certificate *ne_ssl_cert_import(const char *data); /* Returns the identity of the certificate, or NULL if none is given. * For a server certificate this will be the hostname of the server to * which the cert was issued. A NUL-terminated UTF-8-encoded string * is returned, which is valid for the lifetime of the certificate * object. */ const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert); /* Return the certificate of the entity which signed certificate * 'cert'. Returns NULL if 'cert' is self-signed or the issuer * certificate is not available; if non-NULL, the pointer is valid for * the lifetime of the certificate object. */ const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert); /* Returns the distinguished name of the certificate issuer. */ const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert); /* Returns the distinguished name of the certificate subject. */ const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert); #define NE_SSL_DIGESTLEN (60) /* Calculate the certificate digest ("fingerprint") and format it as a * NUL-terminated hex string in 'digest', of the form "aa:bb:...:ff". * Returns zero on success or non-zero if there was an internal error * whilst calculating the digest. 'digest' must be at least * NE_SSL_DIGESTLEN bytes in length. */ int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char *digest); /* Calculate the certificate digest ("fingerprint") and format it as a * NUL-terminated hex string using the hash algorithm and formatting * flags exactly as if flags was passed to ne_strhash(). Returns NULL * on error. */ char *ne_ssl_cert_hdigest(const ne_ssl_certificate *cert, unsigned int flags); /* Copy the validity times for the certificate 'cert' into 'from' and * 'until' (either may be NULL). If the time cannot be represented by * a time_t value, then (time_t)-1 will be written. */ void ne_ssl_cert_validity_time(const ne_ssl_certificate *cert, time_t *from, time_t *until); #define NE_SSL_VDATELEN (30) /* Copy the validity times into buffers 'from' and 'until' as * NUL-terminated human-readable strings, using RFC 1123-style date * formatting (and not localized, so always using English month/week * names). The buffers must be at least NE_SSL_VDATELEN bytes in * length, and either may be NULL. */ void ne_ssl_cert_validity(const ne_ssl_certificate *cert, char *from, char *until); /* Returns zero if 'c1' and 'c2' refer to the same certificate, or * non-zero otherwise. */ int ne_ssl_cert_cmp(const ne_ssl_certificate *c1, const ne_ssl_certificate *c2); /* Deallocate memory associated with certificate. */ void ne_ssl_cert_free(ne_ssl_certificate *cert); /* A client certificate (and private key). A client certificate * object has state; the object is either in the "encrypted" or * "decrypted" state. */ typedef struct ne_ssl_client_cert_s ne_ssl_client_cert; /* Read a client certificate (and private key) in PKCS#12 format from * file 'filename'; returns NULL if the file could not be parsed, or * otherwise returning a client certificate object. The returned * object may be in either the encrypted or decrypted state. */ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename); /* Read a client certificate (and private key) in PKCS#12 format from * 'buffer', of length 'buflen', returning NULL if the certificate * could not be parsed, or otherwise returning a client certificate * object. The returned object may be in either the encrypted or * decrypted state. */ ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen); /* Returns non-zero if client cert is in the encrypted state. */ int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *ccert); /* Returns the "friendly name" given for the client cert, or NULL if * none given. Returns a NUL-terminated, UTF-8-encoded string. This * function may be used on a ccert object in either encrypted or * decrypted state. */ const char *ne_ssl_clicert_name(const ne_ssl_client_cert *ccert); /* Decrypt the encrypted client cert using the given password. * Returns non-zero on failure, in which case, the ccert object * remains in the encrypted state and the function may be called again * with a different password. This function has undefined behaviour * for a ccert object which is in the decrypted state. */ int ne_ssl_clicert_decrypt(ne_ssl_client_cert *ccert, const char *password); /* Return the actual certificate part of the client certificate (never * returns NULL). This function has undefined behaviour for a ccert * object which is in the encrypted state. */ const ne_ssl_certificate *ne_ssl_clicert_owner(const ne_ssl_client_cert *ccert); /* Destroy a client certificate object. This function may be used on * a ccert object in either the encrypted or decrypted state. */ void ne_ssl_clicert_free(ne_ssl_client_cert *ccert); /* SSL context object. The interfaces to manipulate an SSL context * are only needed when interfacing directly with ne_socket.h. */ typedef struct ne_ssl_context_s ne_ssl_context; /* Context creation modes: */ #define NE_SSL_CTX_CLIENT (0) /* client context */ #define NE_SSL_CTX_SERVER (1) /* default server context */ #define NE_SSL_CTX_SERVERv2 (2) /* SSLv2-specific server context */ /* Create an SSL context. */ ne_ssl_context *ne_ssl_context_create(int mode); /* Client mode: trust the given certificate 'cert' in context 'ctx'. */ void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert); /* Server mode: use given cert and key (filenames to PEM certificates). */ int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert, const char *key); /* Server mode: set client cert verification options: required is non-zero if * a client cert is required, if ca_names is non-NULL it is a filename containing * a set of PEM certs from which CA names are sent in the ccert request. */ int ne_ssl_context_set_verify(ne_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas); #define NE_SSL_CTX_SSLv2 (0) /* Set a flag for the SSL context. */ void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value); /* Return flag value. */ int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag); /* Destroy an SSL context. */ void ne_ssl_context_destroy(ne_ssl_context *ctx); NE_END_DECLS #endif neon-0.32.2/src/ne_sspi.c000066400000000000000000000412761416727304000151460ustar00rootroot00000000000000/* Microsoft SSPI based authentication routines Copyright (C) 2004-2005, Vladimir Berezniker @ http://public.xdi.org/=vmpn Copyright (C) 2007, Yves Martin This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include "ne_utils.h" #include "ne_string.h" #include "ne_socket.h" #include "ne_sspi.h" #ifdef HAVE_SSPI #define SEC_SUCCESS(Status) ((Status) >= 0) #ifndef SECURITY_ENTRYPOINT /* Missing in MingW 3.7 */ #define SECURITY_ENTRYPOINT "InitSecurityInterfaceA" #endif struct SSPIContextStruct { CtxtHandle context; char *serverName; CredHandle credentials; int continueNeeded; int authfinished; char *mechanism; int ntlm; ULONG maxTokenSize; }; typedef struct SSPIContextStruct SSPIContext; static ULONG negotiateMaxTokenSize = 0; static ULONG ntlmMaxTokenSize = 0; static HINSTANCE hSecDll = NULL; static PSecurityFunctionTable pSFT = NULL; static int initialized = 0; /* * Query specified package for it's maximum token size. */ static int getMaxTokenSize(char *package, ULONG * maxTokenSize) { SECURITY_STATUS status; SecPkgInfo *packageSecurityInfo = NULL; status = pSFT->QuerySecurityPackageInfo(package, &packageSecurityInfo); if (status == SEC_E_OK) { *maxTokenSize = packageSecurityInfo->cbMaxToken; if (pSFT->FreeContextBuffer(packageSecurityInfo) != SEC_E_OK) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unable to free security package info."); } } else { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: QuerySecurityPackageInfo [failed] [%x].", status); return -1; } return 0; } /* * Initialize all the SSPI data */ static void initDll(HINSTANCE hSecDll) { INIT_SECURITY_INTERFACE initSecurityInterface = NULL; initSecurityInterface = (INIT_SECURITY_INTERFACE) GetProcAddress(hSecDll, SECURITY_ENTRYPOINT); if (initSecurityInterface == NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Obtaining security interface [fail].\n"); initialized = -1; return; } else { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Obtaining security interface [ok].\n"); } pSFT = (initSecurityInterface) (); if (pSFT == NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Security Function Table [fail].\n"); initialized = -2; return; } else { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Security Function Table [ok].\n"); } if (getMaxTokenSize("Negotiate", &negotiateMaxTokenSize)) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unable to get negotiate maximum packet size"); initialized = -3; } if (getMaxTokenSize("NTLM", &ntlmMaxTokenSize)) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unable to get negotiate maximum packet size"); initialized = -3; } } /* * This function needs to be called at least once before using any other. */ int ne_sspi_init(void) { if (initialized) { return 0; } NE_DEBUG(NE_DBG_SOCKET, "sspiInit\n"); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading security dll.\n"); hSecDll = LoadLibrary("security.dll"); if (hSecDll == NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of security dll [fail].\n"); } else { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Loading of security dll [ok].\n"); initDll(hSecDll); if (initialized == 0) { initialized = 1; } } NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: sspiInit [%d].\n", initialized); if (initialized < 0) { return initialized; } else { return 0; } } /* * This function can be called to free resources used by SSPI. */ int ne_sspi_deinit(void) { NE_DEBUG(NE_DBG_SOCKET, "sspi: DeInit\n"); if (initialized <= 0) { return initialized; } pSFT = NULL; if (hSecDll != NULL) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unloading security dll.\n"); if (FreeLibrary(hSecDll)) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unloading of security dll [ok].\n"); } else { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unloading of security dll [fail].\n"); return -1; } hSecDll = NULL; } initialized = 0; return 0; } /* * Simplification wrapper around AcquireCredentialsHandle as most of * the parameters do not change. */ static int acquireCredentialsHandle(CredHandle * credentials, char *package) { SECURITY_STATUS status; TimeStamp timestamp; status = pSFT->AcquireCredentialsHandle(NULL, package, SECPKG_CRED_OUTBOUND, NULL, NULL, NULL, NULL, credentials, ×tamp); if (status != SEC_E_OK) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: AcquireCredentialsHandle [fail] [%x].\n", status); return -1; } return 0; } /* * Wrapper around initializeSecurityContext. Supplies several * default parameters as well as logging in case of errors. */ static SECURITY_STATUS initializeSecurityContext(CredHandle * credentials, CtxtHandle * context, char *spn, ULONG contextReq, SecBufferDesc * inBuffer, CtxtHandle * newContext, SecBufferDesc * outBuffer) { ULONG contextAttributes; SECURITY_STATUS status; status = pSFT->InitializeSecurityContext(credentials, context, spn, contextReq, 0, SECURITY_NETWORK_DREP, inBuffer, 0, newContext, outBuffer, &contextAttributes, NULL); if (!SEC_SUCCESS(status)) { if (status == SEC_E_INVALID_TOKEN) { NE_DEBUG(NE_DBG_HTTPAUTH, "InitializeSecurityContext [fail] SEC_E_INVALID_TOKEN.\n"); } else if (status == SEC_E_UNSUPPORTED_FUNCTION) { NE_DEBUG(NE_DBG_HTTPAUTH, "InitializeSecurityContext [fail] SEC_E_UNSUPPORTED_FUNCTION.\n"); } else { NE_DEBUG(NE_DBG_HTTPAUTH, "InitializeSecurityContext [fail] [%x].\n", status); } } return status; } /* * Validates that the pointer is not NULL and converts it to its real type. */ static int getContext(void *context, SSPIContext **sspiContext) { if (!context) { return -1; } *sspiContext = context; return 0; } /* * Verifies that the buffer descriptor point only to one buffer and * returns the pointer to it. */ static int getSingleBufferDescriptor(SecBufferDesc *secBufferDesc, SecBuffer **secBuffer) { if (secBufferDesc->cBuffers != 1) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: fillBufferDescriptor " "[fail] numbers of descriptor buffers. 1 != [%d].\n", secBufferDesc->cBuffers); return -1; } *secBuffer = secBufferDesc->pBuffers; return 0; } /* * Decodes BASE64 string into SSPI SecBuffer */ static int base64ToBuffer(const char *token, SecBufferDesc * secBufferDesc) { SecBuffer *buffer; if (getSingleBufferDescriptor(secBufferDesc, &buffer)) { return -1; } buffer->BufferType = SECBUFFER_TOKEN; buffer->cbBuffer = ne_unbase64(token, (unsigned char **) &buffer->pvBuffer); if (buffer->cbBuffer == 0) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Unable to decode BASE64 SSPI token.\n"); return -1; } return 0; } /* * Creates a SecBuffer of a specified size. */ static int makeBuffer(SecBufferDesc * secBufferDesc, ULONG size) { SecBuffer *buffer; if (getSingleBufferDescriptor(secBufferDesc, &buffer)) { return -1; } buffer->BufferType = SECBUFFER_TOKEN; buffer->cbBuffer = size; buffer->pvBuffer = ne_calloc(size); return 0; } /* * Frees data allocated in the buffer. */ static int freeBuffer(SecBufferDesc * secBufferDesc) { SecBuffer *buffer; if (getSingleBufferDescriptor(secBufferDesc, &buffer)) { return -1; } if (buffer->cbBuffer > 0 && buffer->pvBuffer) { ne_free(buffer->pvBuffer); buffer->cbBuffer = 0; buffer->pvBuffer = NULL; } return 0; } /* * Canonicalize a server host name if possible. * The returned pointer must be freed after usage. */ static char *canonical_hostname(const char *serverName) { const char *hostname; ne_sock_addr *addr; addr = ne_addr_resolve(serverName, NE_ADDR_CANON); if (ne_addr_result(addr) || ne_addr_canonical(addr) == NULL) { /* Lookup failed */ char buf[256]; NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Could not resolve IP address for `%s': %s\n", serverName, ne_addr_error(addr, buf, sizeof buf)); hostname = ne_strdup(serverName); } else { hostname = ne_strdup(ne_addr_canonical(addr)); } ne_addr_destroy(addr); return hostname; } /* * Create a context to authenticate to specified server, using either * ntlm or negotiate. */ int ne_sspi_create_context(void **context, char *serverName, int ntlm) { SSPIContext *sspiContext; char *canonicalName; if (initialized <= 0) { return -1; } sspiContext = ne_calloc(sizeof(SSPIContext)); sspiContext->continueNeeded = 0; if (ntlm) { sspiContext->mechanism = "NTLM"; sspiContext->serverName = ne_strdup(serverName); sspiContext->maxTokenSize = ntlmMaxTokenSize; } else { sspiContext->mechanism = "Negotiate"; /* Canonicalize to conform to GSSAPI behavior */ canonicalName = canonical_hostname(serverName); sspiContext->serverName = ne_concat("HTTP/", canonicalName, NULL); ne_free(canonicalName); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Created context with SPN '%s'\n", sspiContext->serverName); sspiContext->maxTokenSize = negotiateMaxTokenSize; } sspiContext->ntlm = ntlm; sspiContext->authfinished = 0; *context = sspiContext; return 0; } /* * Resets the context */ static void resetContext(SSPIContext * sspiContext) { pSFT->DeleteSecurityContext(&(sspiContext->context)); #if defined(_MSC_VER) && _MSC_VER <= 1200 pSFT->FreeCredentialHandle(&(sspiContext->credentials)); #else pSFT->FreeCredentialsHandle(&(sspiContext->credentials)); #endif sspiContext->continueNeeded = 0; } /* * Initializes supplied SecBufferDesc to point to supplied SecBuffer * that is also initialized; */ static void initSingleEmptyBuffer(SecBufferDesc * bufferDesc, SecBuffer * buffer) { buffer->BufferType = SECBUFFER_EMPTY; buffer->cbBuffer = 0; buffer->pvBuffer = NULL; bufferDesc->cBuffers = 1; bufferDesc->ulVersion = SECBUFFER_VERSION; bufferDesc->pBuffers = buffer; } /* * Destroys the supplied context. */ int ne_sspi_destroy_context(void *context) { int status; SSPIContext *sspiContext; if (initialized <= 0) { return -1; } status = getContext(context, &sspiContext); if (status) { return status; } resetContext(sspiContext); if (sspiContext->serverName) { ne_free(sspiContext->serverName); sspiContext->serverName = NULL; } ne_free(sspiContext); return 0; } int ne_sspi_clear_context(void *context) { int status; SSPIContext *sspiContext; if (initialized <= 0) { return -1; } status = getContext(context, &sspiContext); if (status) { return status; } sspiContext->authfinished = 0; sspiContext->continueNeeded = 0; return 0; } /* * Processes received authentication tokens as well as supplies the * response token. */ int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken) { SecBufferDesc outBufferDesc; SecBuffer outBuffer; int status; SECURITY_STATUS securityStatus; ULONG contextFlags; SSPIContext *sspiContext; if (initialized <= 0) { return -1; } status = getContext(context, &sspiContext); if (status) { return status; } /* TODO: Not sure what flags should be set. joe: this needs to be * driven by the ne_auth interface; the GSSAPI code needs similar * flags. */ contextFlags = ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH; initSingleEmptyBuffer(&outBufferDesc, &outBuffer); status = makeBuffer(&outBufferDesc, sspiContext->maxTokenSize); if (status) { return status; } if (base64Token) { SecBufferDesc inBufferDesc; SecBuffer inBuffer; if (!sspiContext->continueNeeded) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Got an unexpected token.\n"); return -1; } initSingleEmptyBuffer(&inBufferDesc, &inBuffer); status = base64ToBuffer(base64Token, &inBufferDesc); if (status) { freeBuffer(&outBufferDesc); return status; } securityStatus = initializeSecurityContext(&sspiContext->credentials, &(sspiContext->context), sspiContext->serverName, contextFlags, &inBufferDesc, &(sspiContext->context), &outBufferDesc); if (securityStatus == SEC_E_OK) { sspiContext->authfinished = 1; } freeBuffer(&inBufferDesc); } else { if (sspiContext->continueNeeded) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Expected a token from server.\n"); return -1; } if (sspiContext->authfinished && (sspiContext->credentials.dwLower || sspiContext->credentials.dwUpper)) { if (sspiContext->authfinished) { freeBuffer(&outBufferDesc); sspiContext->authfinished = 0; NE_DEBUG(NE_DBG_HTTPAUTH,"sspi: failing because starting over from failed try.\n"); return -1; } sspiContext->authfinished = 0; } /* Reset any existing context since we are starting over */ resetContext(sspiContext); if (acquireCredentialsHandle (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandle failed.\n"); return -1; } securityStatus = initializeSecurityContext(&sspiContext->credentials, NULL, sspiContext->serverName, contextFlags, NULL, &(sspiContext->context), &outBufferDesc); } if (securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_COMPLETE_NEEDED) { SECURITY_STATUS compleStatus = pSFT->CompleteAuthToken(&(sspiContext->context), &outBufferDesc); if (compleStatus != SEC_E_OK) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: CompleteAuthToken failed.\n"); return -1; } } if (securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_CONTINUE_NEEDED) { sspiContext->continueNeeded = 1; } else { sspiContext->continueNeeded = 0; } if (!(securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_COMPLETE_NEEDED || securityStatus == SEC_I_CONTINUE_NEEDED || securityStatus == SEC_E_OK)) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: initializeSecurityContext [failed] [%x].\n", securityStatus); freeBuffer(&outBufferDesc); return -1; } *responseToken = ne_base64(outBufferDesc.pBuffers->pvBuffer, outBufferDesc.pBuffers->cbBuffer); freeBuffer(&outBufferDesc); return 0; } #endif /* HAVE_SSPI */ neon-0.32.2/src/ne_sspi.h000066400000000000000000000027031416727304000151430ustar00rootroot00000000000000/* Microsoft SSPI based authentication routines Copyright (C) 2004-2005, Vladimir Berezniker @ http://public.xdi.org/=vmpn This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_SSPI_H #define NE_SSPI_H /* Win32 SSPI-based authentication interfaces. PRIVATE TO NEON -- NOT * PART OF THE EXTERNAL API. */ #ifdef HAVE_SSPI #include #define SECURITY_WIN32 #include int ne_sspi_init(void); int ne_sspi_deinit(void); int ne_sspi_create_context(void **context, char * serverName, int ntlm); int ne_sspi_destroy_context(void *context); int ne_sspi_clear_context(void *context); int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken); #endif /* HAVE_SSPI */ #endif /* NE_SSPI_H */ neon-0.32.2/src/ne_string.c000066400000000000000000000512621416727304000154720ustar00rootroot00000000000000/* String utility functions Copyright (C) 1999-2021, Joe Orton strcasecmp/strncasecmp implementations are: Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc. This file is part of the GNU C Library. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include #include #include "ne_alloc.h" #include "ne_string.h" #include "ne_internal.h" #ifndef NE_HAVE_SSL #include "ne_md5.h" #define NEED_VSTRHASH #endif char *ne_token(char **str, char separator) { char *ret = *str, *pnt = strchr(*str, separator); if (pnt) { *pnt = '\0'; *str = pnt + 1; } else { /* no separator found: return end of string. */ *str = NULL; } return ret; } char *ne_qtoken(char **str, char separator, const char *quotes) { char *pnt, *ret = NULL; for (pnt = *str; *pnt != '\0'; pnt++) { char *quot = strchr(quotes, *pnt); if (quot) { char *qclose = strchr(pnt+1, *quot); if (!qclose) { /* no closing quote: invalid string. */ return NULL; } pnt = qclose; } else if (*pnt == separator) { /* found end of token. */ *pnt = '\0'; ret = *str; *str = pnt + 1; return ret; } } /* no separator found: return end of string. */ ret = *str; *str = NULL; return ret; } char *ne_shave(char *str, const char *whitespace) { char *pnt, *ret = str; while (*ret != '\0' && strchr(whitespace, *ret) != NULL) { ret++; } /* pnt points at the NUL terminator. */ pnt = &ret[strlen(ret)]; while (pnt > ret && strchr(whitespace, *(pnt-1)) != NULL) { pnt--; } *pnt = '\0'; return ret; } void ne_buffer_clear(ne_buffer *buf) { memset(buf->data, 0, buf->length); buf->used = 1; } /* Grows for given size, returns 0 on success, -1 on error. */ void ne_buffer_grow(ne_buffer *buf, size_t newsize) { #define NE_BUFFER_GROWTH 512 if (newsize > buf->length) { /* If it's not big enough already... */ buf->length = ((newsize / NE_BUFFER_GROWTH) + 1) * NE_BUFFER_GROWTH; /* Reallocate bigger buffer */ buf->data = ne_realloc(buf->data, buf->length); } } static size_t count_concat(va_list *ap) { size_t total = 0; char *next; while ((next = va_arg(*ap, char *)) != NULL) total += strlen(next); return total; } static void do_concat(char *str, va_list *ap) { char *next; while ((next = va_arg(*ap, char *)) != NULL) { #ifdef HAVE_STPCPY str = stpcpy(str, next); #else size_t len = strlen(next); memcpy(str, next, len); str += len; #endif } } void ne_buffer_concat(ne_buffer *buf, ...) { va_list ap; ssize_t total; va_start(ap, buf); total = buf->used + count_concat(&ap); va_end(ap); /* Grow the buffer */ ne_buffer_grow(buf, total); va_start(ap, buf); do_concat(buf->data + buf->used - 1, &ap); va_end(ap); buf->used = total; buf->data[total - 1] = '\0'; } char *ne_concat(const char *str, ...) { va_list ap; size_t total, slen = strlen(str); char *ret; va_start(ap, str); total = slen + count_concat(&ap); va_end(ap); ret = memcpy(ne_malloc(total + 1), str, slen); va_start(ap, str); do_concat(ret + slen, &ap); va_end(ap); ret[total] = '\0'; return ret; } /* Append zero-terminated string... returns 0 on success or -1 on * realloc failure. */ void ne_buffer_zappend(ne_buffer *buf, const char *str) { ne_buffer_append(buf, str, strlen(str)); } void ne_buffer_append(ne_buffer *buf, const char *data, size_t len) { ne_buffer_grow(buf, buf->used + len); memcpy(buf->data + buf->used - 1, data, len); buf->used += len; buf->data[buf->used - 1] = '\0'; } size_t ne_buffer_snprintf(ne_buffer *buf, size_t max, const char *fmt, ...) { va_list ap; size_t ret; ne_buffer_grow(buf, buf->used + max); va_start(ap, fmt); ret = ne_vsnprintf(buf->data + buf->used - 1, max, fmt, ap); va_end(ap); buf->used += ret; return ret; } ne_buffer *ne_buffer_create(void) { return ne_buffer_ncreate(512); } ne_buffer *ne_buffer_ncreate(size_t s) { ne_buffer *buf = ne_malloc(sizeof(*buf)); buf->data = ne_malloc(s); buf->data[0] = '\0'; buf->length = s; buf->used = 1; return buf; } void ne_buffer_destroy(ne_buffer *buf) { ne_free(buf->data); ne_free(buf); } char *ne_buffer_finish(ne_buffer *buf) { char *ret = buf->data; ne_free(buf); return ret; } void ne_buffer_altered(ne_buffer *buf) { buf->used = strlen(buf->data) + 1; } /* ascii_quote[n] gives the number of bytes needed by * ne_buffer_qappend() to append character 'n'. */ static const unsigned char ascii_quote[256] = { 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 }; static const char hex_chars[16] = "0123456789abcdef"; /* Return the expected number of bytes needed to append the string * beginning at byte 's', where 'send' points to the last byte after * 's'. */ static size_t qappend_count(const unsigned char *s, const unsigned char *send) { const unsigned char *p; size_t ret; for (p = s, ret = 0; p < send; p++) { ret += ascii_quote[*p]; } return ret; } /* Append the string 's', up to but not including 'send', to string * 'dest', quoting along the way. Returns pointer to NUL. */ static char *quoted_append(char *dest, const unsigned char *s, const unsigned char *send) { const unsigned char *p; char *q = dest; for (p = s; p < send; p++) { if (ascii_quote[*p] == 1) { *q++ = *p; } else { *q++ = '\\'; *q++ = 'x'; *q++ = hex_chars[(*p >> 4) & 0x0f]; *q++ = hex_chars[*p & 0x0f]; } } /* NUL terminate after the last character */ *q = '\0'; return q; } void ne_buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) { const unsigned char *dend = data + len; char *q, *qs; ne_buffer_grow(buf, buf->used + qappend_count(data, dend)); /* buf->used >= 1, so this is safe. */ qs = buf->data + buf->used - 1; q = quoted_append(qs, data, dend); /* used already accounts for a NUL, so increment by number of * characters appended, *before* the NUL. */ buf->used += q - qs; } char *ne_strnqdup(const unsigned char *data, size_t len) { const unsigned char *dend = data + len; char *dest = ne_malloc(qappend_count(data, dend) + 1); quoted_append(dest, data, dend); return dest; } static const char b64_alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789+/="; char *ne_base64(const unsigned char *text, size_t inlen) { /* The tricky thing about this is doing the padding at the end, * doing the bit manipulation requires a bit of concentration only */ char *buffer, *point; size_t outlen; /* Use 'buffer' to store the output. Work out how big it should be... * This must be a multiple of 4 bytes */ outlen = (inlen*4)/3; if ((inlen % 3) > 0) /* got to pad */ outlen += 4 - (inlen % 3); buffer = ne_malloc(outlen + 1); /* +1 for the \0 */ /* now do the main stage of conversion, 3 bytes at a time, * leave the trailing bytes (if there are any) for later */ for (point=buffer; inlen>=3; inlen-=3, text+=3) { *(point++) = b64_alphabet[ (*text)>>2 ]; *(point++) = b64_alphabet[ ((*text)<<4 & 0x30) | (*(text+1))>>4 ]; *(point++) = b64_alphabet[ ((*(text+1))<<2 & 0x3c) | (*(text+2))>>6 ]; *(point++) = b64_alphabet[ (*(text+2)) & 0x3f ]; } /* Now deal with the trailing bytes */ if (inlen > 0) { /* We always have one trailing byte */ *(point++) = b64_alphabet[ (*text)>>2 ]; *(point++) = b64_alphabet[ (((*text)<<4 & 0x30) | (inlen==2?(*(text+1))>>4:0)) ]; *(point++) = (inlen==1?'=':b64_alphabet[ (*(text+1))<<2 & 0x3c ]); *(point++) = '='; } /* Null-terminate */ *point = '\0'; return buffer; } /* VALID_B64: fail if 'ch' is not a valid base64 character */ #define VALID_B64(ch) (((ch) >= 'A' && (ch) <= 'Z') || \ ((ch) >= 'a' && (ch) <= 'z') || \ ((ch) >= '0' && (ch) <= '9') || \ (ch) == '/' || (ch) == '+' || (ch) == '=') /* DECODE_B64: decodes a valid base64 character. */ #define DECODE_B64(ch) ((ch) >= 'a' ? ((ch) + 26 - 'a') : \ ((ch) >= 'A' ? ((ch) - 'A') : \ ((ch) >= '0' ? ((ch) + 52 - '0') : \ ((ch) == '+' ? 62 : 63)))) size_t ne_unbase64(const char *data, unsigned char **out) { size_t inlen = strlen(data); unsigned char *outp; const unsigned char *in; if (inlen == 0 || (inlen % 4) != 0) return 0; outp = *out = ne_malloc(inlen * 3 / 4); for (in = (const unsigned char *)data; *in; in += 4) { unsigned int tmp; if (!VALID_B64(in[0]) || !VALID_B64(in[1]) || !VALID_B64(in[2]) || !VALID_B64(in[3]) || in[0] == '=' || in[1] == '=' || (in[2] == '=' && in[3] != '=')) { ne_free(*out); return 0; } tmp = (DECODE_B64(in[0]) & 0x3f) << 18 | (DECODE_B64(in[1]) & 0x3f) << 12; *outp++ = (tmp >> 16) & 0xff; if (in[2] != '=') { tmp |= (DECODE_B64(in[2]) & 0x3f) << 6; *outp++ = (tmp >> 8) & 0xff; if (in[3] != '=') { tmp |= DECODE_B64(in[3]) & 0x3f; *outp++ = tmp & 0xff; } } } return outp - *out; } /* Character map array; ascii_clean[n] = isprint(n) ? n : 0x20. Used * by ne_strclean as a locale-independent isprint(). */ static const unsigned char ascii_clean[256] = { 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 }; char *ne_strclean(char *str) { unsigned char *pnt; for (pnt = (unsigned char *)str; *pnt; pnt++) *pnt = (char)ascii_clean[*pnt]; return str; } char *ne_strerror(int errnum, char *buf, size_t buflen) { #ifdef HAVE_STRERROR_R #ifdef STRERROR_R_CHAR_P /* glibc-style strerror_r which may-or-may-not use provided buffer. */ char *ret = strerror_r(errnum, buf, buflen); if (ret != buf) ne_strnzcpy(buf, ret, buflen); #else /* POSIX-style strerror_r: */ char tmp[256]; if (strerror_r(errnum, tmp, sizeof tmp) == 0) ne_strnzcpy(buf, tmp, buflen); else ne_snprintf(buf, buflen, "Unknown error %d", errnum); #endif #else /* no strerror_r: */ ne_strnzcpy(buf, strerror(errnum), buflen); #endif return buf; } /* Wrapper for ne_snprintf. */ size_t ne_snprintf(char *str, size_t size, const char *fmt, ...) { va_list ap; va_start(ap, fmt); #ifdef HAVE_TRIO trio_vsnprintf(str, size, fmt, ap); #else vsnprintf(str, size, fmt, ap); #endif va_end(ap); str[size-1] = '\0'; return strlen(str); } /* Wrapper for ne_vsnprintf. */ size_t ne_vsnprintf(char *str, size_t size, const char *fmt, va_list ap) { #ifdef HAVE_TRIO trio_vsnprintf(str, size, fmt, ap); #else vsnprintf(str, size, fmt, ap); #endif str[size-1] = '\0'; return strlen(str); } /* Locale-independent strcasecmp implementations. */ static const unsigned char ascii_tolower[256] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; #define TOLOWER(ch) ascii_tolower[ch] const unsigned char *ne_tolower_array(void) { return ascii_tolower; } int ne_strcasecmp(const char *s1, const char *s2) { const unsigned char *p1 = (const unsigned char *) s1; const unsigned char *p2 = (const unsigned char *) s2; unsigned char c1, c2; if (p1 == p2) return 0; do { c1 = TOLOWER(*p1++); c2 = TOLOWER(*p2++); if (c1 == '\0') break; } while (c1 == c2); return c1 - c2; } int ne_strncasecmp(const char *s1, const char *s2, size_t n) { const unsigned char *p1 = (const unsigned char *) s1; const unsigned char *p2 = (const unsigned char *) s2; unsigned char c1, c2; if (p1 == p2 || n == 0) return 0; do { c1 = TOLOWER(*p1++); c2 = TOLOWER(*p2++); if (c1 == '\0' || c1 != c2) return c1 - c2; } while (--n > 0); return c1 - c2; } char *ne_strhash(unsigned int flags, ...) { va_list ap; char *rv; va_start(ap, flags); rv = ne_vstrhash(flags, ap); va_end(ap); return rv; } #ifdef NEED_VSTRHASH char *ne_vstrhash(unsigned int flags, va_list ap) { const char *arg; struct ne_md5_ctx *ctx; unsigned int resbuf[4]; if ((flags & NE_HASH_ALGMASK) != NE_HASH_MD5) return NULL; ctx = ne_md5_create_ctx(); if (!ctx) return NULL; while ((arg = va_arg(ap, const char *)) != NULL) ne_md5_process_bytes(arg, strlen(arg), ctx); ne_md5_finish_ctx(ctx, resbuf); ne_md5_destroy_ctx(ctx); return ne__strhash2hex((void *)&resbuf, sizeof resbuf, flags); } #endif #define HEX2ASC(a) (hex_chars[((unsigned char)(a)) & 0xf]) char *ne__strhash2hex(const unsigned char *digest, size_t len, unsigned int flags) { unsigned char sep = '\0'; size_t step = 2; char *rv, *p; size_t n; assert(len > 0); if ((flags & NE_HASH_COLON)) { step = 3; sep = ':'; } else if ((flags & NE_HASH_SPACE)) { step = 3; sep = ' '; } p = rv = ne_malloc(len * step + 1); for (n = 0; n < len; n++) { *p++ = HEX2ASC(digest[n] >> 4); *p++ = HEX2ASC(digest[n] & 0x0f); if (sep) *p++ = sep; } if (sep) p--; *p = '\0'; return rv; } /* Determines whether a character is valid in a regular parameter (NQ) * not (QT). Per https://tools.ietf.org/html/rfc5987#section-3.2.1 * every character in attr-char is NQ, everything else is QT. */ #define QT 3 #define NQ 1 static const unsigned char ext_notation[256] = { /* 0xXX x0 x2 x4 x6 x8 xA xC xE */ /* 0x */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* 1x */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* 2x */ QT, NQ, QT, NQ, NQ, QT, NQ, QT, QT, QT, QT, NQ, QT, NQ, NQ, QT, /* 3x */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* 4x */ QT, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, /* 5x */ NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, QT, QT, QT, NQ, NQ, /* 6x */ NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, /* 7x */ NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, NQ, QT, NQ, QT, NQ, QT, /* 8x */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* 9x */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Ax */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Bx */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Cx */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Dx */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Ex */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, /* Fx */ QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT, QT }; #undef QT #undef NQ char *ne_strparam(const char *charset, const char *lang, const unsigned char *value) { const unsigned char *p; size_t count = 0; char *rv, *rp; /* Determine length required for the value. */ for (p = value; *p; p++) count += ext_notation[*p]; /* If length == input length, no encoding is required, return * NULL. */ if (count == strlen((const char *)value)) return NULL; /* +3 accounts for '' and trailing NUL */ rv = ne_malloc(strlen(charset) + (lang ? strlen(lang) : 0) + count + 3); memcpy(rv, charset, strlen(charset)); rp = rv + strlen(charset); *rp++ = '\''; if (lang) { memcpy(rp, lang, strlen(lang)); rp += strlen(lang); } *rp++ = '\''; for (p = value; *p; p++) { if (ext_notation[*p] == 1) { *rp++ = *p; } else { *rp++ = '%'; *rp++ = HEX2ASC(*p >> 4); *rp++ = HEX2ASC(*p & 0x0f); } } *rp = '\0'; return rv; } neon-0.32.2/src/ne_string.h000066400000000000000000000217501416727304000154760ustar00rootroot00000000000000/* String utility functions Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_STRING_H #define NE_STRING_H #include "ne_defs.h" #include "ne_alloc.h" #include NE_BEGIN_DECLS /* ne_token and ne_qtoken return the next token in *str before either * the next separator character 'sep' or the NUL terminator. * ne_qtoken skips over any parts quoted using a pair of any one of * the characters given in 'quotes'. After returning, *str will point * to the next character after the separator, or NULL if no separator * character was found. * * ne_qtoken will return NULL if unterminated quotes are found. */ char *ne_token(char **str, char sep); char *ne_qtoken(char **str, char sep, const char *quotes); /* Return portion of 'str' with any characters in 'whitespace' shaved * off the beginning and end. Modifies str in-place. */ char *ne_shave(char *str, const char *whitespace); /* Cleanse 'str' of non-printable (e.g. control) characters. 'str' is * modified in-place, and returned. */ char *ne_strclean(char *str) ne_attribute((nonnull)); /* Encode 'len' bytes of 'text' to base64. Returns malloc-allocated * NUL-terminated buffer which the caller must free(). */ char *ne_base64(const unsigned char *text, size_t len) ne_attribute_malloc; /* Decode NUL-terminated base64-encoded string 'data', placing * malloc-allocated raw decoder output in '*out'. Returns length, or * zero on decode error (in which case the content of *out is * undefined). */ size_t ne_unbase64(const char *data, unsigned char **out); /* Dynamically-allocated string buffer. A string buffer which grows * dynamically . (Strings are zero-terminated still). A * string buffer ne_buffer which grows dynamically with the string. */ typedef struct { char *data; /* contents: NUL-terminated string */ size_t used; /* strlen(data) + 1 */ size_t length; /* number of bytes allocated */ } ne_buffer; /* Create a new string buffer object. */ ne_buffer *ne_buffer_create(void); /* Create a new string buffer object with at least 'size' bytes of * allocated space. */ ne_buffer *ne_buffer_ncreate(size_t size); /* Returns size of data in buffer, equiv to strlen(ne_buffer_data(buf)) */ #define ne_buffer_size(buf) ((buf)->used - 1) /* Concatenate all given strings onto the end of the buffer. The * strings must all be NUL-terminated, and MUST be followed by a NULL * argument marking the end of the list. */ void ne_buffer_concat(ne_buffer *buf, ...) ne_attribute_sentinel; /* Append a NUL-terminated string 'str' to buf. */ void ne_buffer_zappend(ne_buffer *buf, const char *str); /* Append 'len' bytes of 'data' to buf, where 'data' does not contain * a NUL terminator. (A NUL terminator is appended to buf) */ void ne_buffer_append(ne_buffer *buf, const char *data, size_t len); /* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and * ASCII control characters, are escaped. (Note that this includes * the NUL byte). */ void ne_buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len); /* Print a string to the end of the buffer using printf-style format * string 'format' and subsqeuent arguments. At most 'max' characters * are appended; the number of characters appended (excluding the NUL * terminator) is returned. Behaviour is undefined if 'max' is passed * as zero. */ size_t ne_buffer_snprintf(ne_buffer *buf, size_t max, const char *format, ...) ne_attribute((format(printf, 3, 4))); /* Append a literal, NUL-terminated constant string 'str' to buffer * 'buf'. */ #define ne_buffer_czappend(buf, str) \ ne_buffer_append((buf), (str), sizeof((str)) - 1) /* Clear the string buffer 'buf', making it equivalent to the empty * string. */ void ne_buffer_clear(ne_buffer *buf); /* Grow the allocated size of string buffer 'buf' to at least 'size' * bytes. */ void ne_buffer_grow(ne_buffer *buf, size_t size); /* Re-establish the 'used' invariant if the string buffer data field is * altered directly. */ void ne_buffer_altered(ne_buffer *buf); /* Destroy the string buffer object 'buf' without deallocating the * data string. The data string must subsequently be freed using * ne_free(). */ char *ne_buffer_finish(ne_buffer *buf); /* Destroy a string buffer object. */ void ne_buffer_destroy(ne_buffer *buf); /* Thread-safe strerror() wrapper; place system error for errno value * 'errnum' in 'buffer', which is of length 'buflen'. Returns * 'buffer'. */ char *ne_strerror(int errnum, char *buffer, size_t buflen); /* ne_strnzcpy copies at most 'n'-1 bytes of 'src' to 'dest', and * ensures that 'dest' is subsequently NUL-terminated. */ #define ne_strnzcpy(dest, src, n) do { size_t ne__nm1 = (n) - 1; \ strncpy(dest, src, ne__nm1); dest[ne__nm1] = '\0'; } while (0) /* Return a malloc-allocated copy of 'data', of length 'len', with all * non-ASCII bytes, and ASCII control characters escaped. (Note that * the escaping includes the NUL byte). */ char *ne_strnqdup(const unsigned char *data, size_t len) ne_attribute_malloc; /* Return malloc-allocated concatenation of all NUL-terminated string * arguments, up to a terminating NULL pointer. */ char *ne_concat(const char *str, ...) ne_attribute_sentinel; /* Hash algorithms: */ #define NE_HASH_MD5 (0x0001) /* MD5 */ #define NE_HASH_SHA256 (0x0002) /* SHA-256 (SHA-2) */ #define NE_HASH_SHA512 (0x0003) /* SHA-512 (SHA-2) */ #define NE_HASH_SHA512_256 (0x0004) /* SHA-512/256 (SHA-2) */ /* Optional hash output formatting options: */ #define NE_HASH_COLON (0x1000) /* Colon-separated pairs */ #define NE_HASH_SPACE (0x2000) /* Space-separated pairs */ /* Calculate hash over concatenation of NUL-terminated const char * * string arguments, up to a terminating NULL pointer, and return as a * malloc-allocated ASCII hex string. 'flags' comprises exactly one * of the algorithms indicated by the NE_HASH_* values above, which * may optionally be combined with the formatting options. Returns * NULL if the hash type is not supported or an internal error * occurs. */ char *ne_strhash(unsigned int flags, ...) ne_attribute_sentinel ne_attribute_malloc; /* Equivalent of ne_strhash(), taking va_list argument; the behaviour * is otherwise identical. */ char *ne_vstrhash(unsigned int flags, va_list ap) ne_attribute_malloc; /* Wrapper for snprintf: always NUL-terminates returned buffer, and * returns strlen(str). */ size_t ne_snprintf(char *str, size_t size, const char *fmt, ...) ne_attribute((format(printf, 3, 4))); /* Wrapper for vsnprintf. */ size_t ne_vsnprintf(char *str, size_t size, const char *fmt, va_list ap) ne_attribute((format(printf, 3, 0))); /* Implementations of strcasecmp and strncasecmp which behave as * defined by the ANSI C strcasecmp() and strncasecmp() when in the * POSIX locale; i.e. ignoring the process locale. */ /* Compares 's1' and 's2', ignoring differences in case. */ int ne_strcasecmp(const char *s1, const char *s2); /* Compares up to 'n' characters of 's1' and 's2', ignoring * differences in case. */ int ne_strncasecmp(const char *s1, const char *s2, size_t n); /* Return lowercase 'c' as in POSIX locale; note difference from ANSI * C semantics as both the argument and return value are unsigned * char. */ #define ne_tolower(c) (ne_tolower_array()[(unsigned char)c]) const unsigned char *ne_tolower_array(void) ne_attribute((const)); /* Convert an ASCII hexadecimal character in the ranges '0'..'9' * 'a'..'f' 'A'..'F' to its numeric equivalent. */ #define NE_ASC2HEX(x) (((x) <= '9') ? ((x) - '0') : \ (ne_tolower((x)) + 10 - 'a')) /* Convert an integer in the range 0..15 to the equivalent (lowercase) * ASCII hexadecimal equivalent character, in the range '0..9,'a..f' */ #define NE_HEX2ASC(x) ((char) ((x) > 9 ? ((x) - 10 + 'a') : ((x) + '0'))) /* Encodes a extended parameter value for HTTP headers, as defined in * RFC 5987. Returns a malloc-allocated string if the parameter * 'value' needs to be encoded as an extended parameter, or NULL if it * can be used as a regular parameter. The charset must be either * "UTF-8" or "ISO-8859-1", but the language value can be NULL. */ char *ne_strparam(const char *charset, const char *lang, const unsigned char *value) ne_attribute((nonnull (1, 3))) ne_attribute_malloc; NE_END_DECLS #endif /* NE_STRING_H */ neon-0.32.2/src/ne_stubssl.c000066400000000000000000000066071416727304000156660ustar00rootroot00000000000000/* Stubs for SSL support when no SSL library has been configured Copyright (C) 2002-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include /* for NULL */ #include "ne_ssl.h" #include "ne_session.h" char *ne_ssl_readable_dname(const ne_ssl_dname *dn) { return NULL; } ne_ssl_certificate *ne_ssl_cert_read(const char *filename) { return NULL; } int ne_ssl_cert_cmp(const ne_ssl_certificate *c1, const ne_ssl_certificate *c2) { return 1; } const ne_ssl_certificate *ne_ssl_cert_signedby(const ne_ssl_certificate *cert) { return NULL; } const ne_ssl_dname *ne_ssl_cert_issuer(const ne_ssl_certificate *cert) { return NULL; } const ne_ssl_dname *ne_ssl_cert_subject(const ne_ssl_certificate *cert) { return NULL; } void ne_ssl_cert_free(ne_ssl_certificate *cert) {} ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { return NULL; } const ne_ssl_certificate *ne_ssl_clicert_owner(const ne_ssl_client_cert *ccert) { return NULL; } int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *ccert) { return -1; } int ne_ssl_clicert_decrypt(ne_ssl_client_cert *ccert, const char *password) { return -1; } void ne_ssl_clicert_free(ne_ssl_client_cert *ccert) {} void ne_ssl_trust_default_ca(ne_session *sess) {} ne_ssl_context *ne_ssl_context_create(int mode) { return NULL; } void ne_ssl_context_trustcert(ne_ssl_context *ctx, const ne_ssl_certificate *cert) {} int ne_ssl_context_set_verify(ne_ssl_context *ctx, int required, const char *ca_names, const char *verify_cas) { return -1; } void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value) {} void ne_ssl_context_destroy(ne_ssl_context *ctx) {} int ne_ssl_cert_digest(const ne_ssl_certificate *cert, char digest[60]) { return -1; } char *ne_ssl_cert_hdigest(const ne_ssl_certificate *cert, unsigned int flags) { return NULL; } void ne_ssl_cert_validity_time(const ne_ssl_certificate *cert, time_t *from, time_t *until) {} const char *ne_ssl_cert_identity(const ne_ssl_certificate *cert) { return NULL; } const char *ne_ssl_clicert_name(const ne_ssl_client_cert *ccert) { return NULL; } int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2) { return -1; } int ne_ssl_cert_write(const ne_ssl_certificate *cert, const char *filename) { return -1; } char *ne_ssl_cert_export(const ne_ssl_certificate *cert) { return NULL; } ne_ssl_certificate *ne_ssl_cert_import(const char *data) { return NULL; } void ne_ssl_set_clicert(ne_session *sess, const ne_ssl_client_cert *cc) {} neon-0.32.2/src/ne_uri.c000066400000000000000000000427631416727304000147710ustar00rootroot00000000000000/* URI manipulation routines. Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include #include #include "ne_string.h" /* for ne_buffer */ #include "ne_alloc.h" #include "ne_uri.h" /* URI ABNF from RFC 3986: */ #define PS (0x0001) /* "+" */ #define PC (0x0002) /* "%" */ #define DS (0x0004) /* "-" */ #define DT (0x0008) /* "." */ #define US (0x0010) /* "_" */ #define TD (0x0020) /* "~" */ #define FS (0x0040) /* "/" */ #define CL (0x0080) /* ":" */ #define AT (0x0100) /* "@" */ #define QU (0x0200) /* "?" */ #define DG (0x0400) /* DIGIT */ #define AL (0x0800) /* ALPHA */ #define GD (0x1000) /* gen-delims = "#" / "[" / "]" * ... except ":", "/", "@", and "?" */ #define SD (0x2000) /* sub-delims = "!" / "$" / "&" / "'" / "(" / ")" * / "*" / "+" / "," / ";" / "=" * ... except "+" which is PS */ #define OT (0x4000) /* others */ /* UNUSED (0x8000) .. only remaining bit. */ #define URI_ALPHA (AL) #define URI_DIGIT (DG) #define URI_NONURI (OT) /* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" */ #define URI_UNRESERVED (AL | DG | DS | DT | US | TD) /* scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) */ #define URI_SCHEME (AL | DG | PS | DS | DT) /* real sub-delims definition, including "+" */ #define URI_SUBDELIM (PS | SD) /* real gen-delims definition, including ":", "/", "@" and "?" */ #define URI_GENDELIM (GD | CL | FS | AT | QU) /* userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) */ #define URI_USERINFO (URI_UNRESERVED | PC | URI_SUBDELIM | CL) /* pchar = unreserved / pct-encoded / sub-delims / ":" / "@" */ #define URI_PCHAR (URI_UNRESERVED | PC | URI_SUBDELIM | CL | AT) /* invented: segchar = pchar / "/" */ #define URI_SEGCHAR (URI_PCHAR | FS) /* query = *( pchar / "/" / "?" ) */ #define URI_QUERY (URI_PCHAR | FS | QU) /* fragment == query */ #define URI_FRAGMENT URI_QUERY /* any characters which should be path-escaped: */ #define URI_ESCAPE ((URI_GENDELIM & ~(FS)) | URI_SUBDELIM | OT | PC) static const unsigned short uri_chars[256] = { /* 0xXX x0 x2 x4 x6 x8 xA xC xE */ /* 0x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* 1x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* 2x */ OT, SD, OT, GD, SD, PC, SD, SD, SD, SD, SD, PS, SD, DS, DT, FS, /* 3x */ DG, DG, DG, DG, DG, DG, DG, DG, DG, DG, CL, SD, OT, SD, OT, QU, /* 4x */ AT, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, /* 5x */ AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, GD, OT, GD, OT, US, /* 6x */ OT, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, /* 7x */ AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, AL, OT, OT, OT, TD, OT, /* 8x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* 9x */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Ax */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Bx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Cx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Dx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Ex */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, /* Fx */ OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT, OT }; #define uri_lookup(ch) (uri_chars[(unsigned char)ch]) char *ne_path_parent(const char *uri) { size_t len = strlen(uri); const char *pnt = uri + len - 1; /* skip trailing slash (parent of "/foo/" is "/") */ if (pnt >= uri && *pnt == '/') pnt--; /* find previous slash */ while (pnt > uri && *pnt != '/') pnt--; if (pnt < uri || (pnt == uri && *pnt != '/')) return NULL; return ne_strndup(uri, pnt - uri + 1); } int ne_path_has_trailing_slash(const char *uri) { size_t len = strlen(uri); return ((len > 0) && (uri[len-1] == '/')); } unsigned int ne_uri_defaultport(const char *scheme) { /* Scheme matching is case-insensitive per RFC 3986§3.1 */ if (ne_strcasecmp(scheme, "http") == 0) return 80; else if (ne_strcasecmp(scheme, "https") == 0) return 443; else return 0; } int ne_uri_parse(const char *uri, ne_uri *parsed) { const char *p, *s; memset(parsed, 0, sizeof *parsed); p = s = uri; /* => s = p = URI-reference */ if (uri_lookup(*p) & URI_ALPHA) { while (uri_lookup(*p) & URI_SCHEME) p++; if (*p == ':') { parsed->scheme = ne_strndup(uri, p - s); s = p + 1; } } /* => s = heir-part, or s = relative-part */ if (s[0] == '/' && s[1] == '/') { const char *pa; /* => s = "//" authority path-abempty (from expansion of * either heir-part of relative-part) */ /* authority = [ userinfo "@" ] host [ ":" port ] */ s = pa = s + 2; /* => s = authority */ while (*pa != '/' && *pa != '\0') pa++; /* => pa = path-abempty */ p = s; while (p < pa && uri_lookup(*p) & URI_USERINFO) p++; if (*p == '@') { parsed->userinfo = ne_strndup(s, p - s); s = p + 1; } /* => s = host */ if (s[0] == '[') { p = s + 1; while (*p != ']' && p < pa) p++; if (p == pa || (p + 1 != pa && p[1] != ':')) { /* Ill-formed IP-literal. */ return -1; } p++; /* => p = colon */ } else { /* Find the colon. */ p = pa; while (*p != ':' && p > s) p--; } if (p == s) { p = pa; /* No colon; => p = path-abempty */ } else if (p + 1 != pa) { /* => p = colon */ parsed->port = atoi(p + 1); } parsed->host = ne_strndup(s, p - s); s = pa; if (*s == '\0') { s = "/"; /* FIXME: scheme-specific. */ } } /* => s = path-abempty / path-absolute / path-rootless * / path-empty / path-noscheme */ p = s; while (uri_lookup(*p) & URI_SEGCHAR) p++; /* => p = [ "?" query ] [ "#" fragment ] */ parsed->path = ne_strndup(s, p - s); if (*p != '\0') { s = p++; while (uri_lookup(*p) & URI_QUERY) p++; /* => p = [ "#" fragment ] */ /* => s = [ "?" query ] [ "#" fragment ] */ if (*s == '?') { parsed->query = ne_strndup(s + 1, p - s - 1); if (*p != '\0') { s = p++; while (uri_lookup(*p) & URI_FRAGMENT) p++; } } /* => p now points to the next character after the * URI-reference; which should be the NUL byte. */ if (*s == '#') { parsed->fragment = ne_strndup(s + 1, p - s - 1); } else if (*p || *s != '?') { return -1; } } return 0; } /* This function directly implements the "Merge Paths" algorithm * described in RFC 3986 section 5.2.3. */ static char *merge_paths(const ne_uri *base, const char *path) { const char *p; if (base->host && base->path[0] == '\0') { return ne_concat("/", path, NULL); } p = strrchr(base->path, '/'); if (p == NULL) { return ne_strdup(path); } else { size_t len = p - base->path + 1; char *ret = ne_malloc(strlen(path) + len + 1); memcpy(ret, base->path, len); memcpy(ret + len, path, strlen(path) + 1); return ret; } } /* This function directly implements the "Remove Dot Segments" * algorithm described in RFC 3986 section 5.2.4. */ static char *remove_dot_segments(const char *path) { char *in, *inc, *out; inc = in = ne_strdup(path); out = ne_malloc(strlen(path) + 1); out[0] = '\0'; while (in[0]) { /* case 2.A: */ if (strncmp(in, "./", 2) == 0) { in += 2; } else if (strncmp(in, "../", 3) == 0) { in += 3; } /* case 2.B: */ else if (strncmp(in, "/./", 3) == 0) { in += 2; } else if (strcmp(in, "/.") == 0) { in[1] = '\0'; } /* case 2.C: */ else if (strncmp(in, "/../", 4) == 0 || strcmp(in, "/..") == 0) { char *p; /* Make the next character in the input buffer a "/": */ if (in[3] == '\0') { /* terminating "/.." case */ in += 2; in[0] = '/'; } else { /* "/../" prefix case */ in += 3; } /* Trim the last component from the output buffer, or * empty it. */ p = strrchr(out, '/'); if (p) { *p = '\0'; } else { out[0] = '\0'; } } /* case 2.D: */ else if (strcmp(in, ".") == 0 || strcmp(in, "..") == 0) { in[0] = '\0'; } /* case 2.E */ else { char *p; /* Search for the *second* "/" if the leading character is * already "/": */ p = strchr(in + (in[0] == '/'), '/'); /* Otherwise, copy the whole string */ if (p == NULL) p = strchr(in, '\0'); strncat(out, in, p - in); in = p; } } ne_free(inc); return out; } /* Copy authority components from 'src' to 'dest' if defined. */ static void copy_authority(ne_uri *dest, const ne_uri *src) { if (src->host) dest->host = ne_strdup(src->host); dest->port = src->port; if (src->userinfo) dest->userinfo = ne_strdup(src->userinfo); } /* This function directly implements the "Transform References" * algorithm described in RFC 3986 section 5.2.2. */ ne_uri *ne_uri_resolve(const ne_uri *base, const ne_uri *relative, ne_uri *target) { memset(target, 0, sizeof *target); if (relative->scheme) { target->scheme = ne_strdup(relative->scheme); copy_authority(target, relative); target->path = remove_dot_segments(relative->path); if (relative->query) target->query = ne_strdup(relative->query); } else { if (relative->host) { copy_authority(target, relative); target->path = remove_dot_segments(relative->path); if (relative->query) target->query = ne_strdup(relative->query); } else { if (relative->path[0] == '\0') { target->path = ne_strdup(base->path); if (relative->query) { target->query = ne_strdup(relative->query); } else if (base->query) { target->query = ne_strdup(base->query); } } else { if (relative->path[0] == '/') { target->path = remove_dot_segments(relative->path); } else { char *merged = merge_paths(base, relative->path); target->path = remove_dot_segments(merged); ne_free(merged); } if (relative->query) target->query = ne_strdup(relative->query); } copy_authority(target, base); } if (base->scheme) target->scheme = ne_strdup(base->scheme); } if (relative->fragment) target->fragment = ne_strdup(relative->fragment); return target; } ne_uri *ne_uri_copy(ne_uri *dest, const ne_uri *src) { memset(dest, 0, sizeof *dest); if (src->scheme) dest->scheme = ne_strdup(src->scheme); copy_authority(dest, src); if (src->path) dest->path = ne_strdup(src->path); if (src->query) dest->query = ne_strdup(src->query); if (src->fragment) dest->fragment = ne_strdup(src->fragment); return dest; } void ne_uri_free(ne_uri *u) { if (u->host) ne_free(u->host); if (u->path) ne_free(u->path); if (u->scheme) ne_free(u->scheme); if (u->userinfo) ne_free(u->userinfo); if (u->fragment) ne_free(u->fragment); if (u->query) ne_free(u->query); memset(u, 0, sizeof *u); } char *ne_path_unescape(const char *uri) { const char *pnt; char *ret, *retpos, buf[5] = { "0x00" }; retpos = ret = ne_malloc(strlen(uri) + 1); for (pnt = uri; *pnt != '\0'; pnt++) { if (*pnt == '%') { if (!isxdigit((unsigned char) pnt[1]) || !isxdigit((unsigned char) pnt[2])) { /* Invalid URI */ ne_free(ret); return NULL; } buf[2] = *++pnt; buf[3] = *++pnt; /* bit faster than memcpy */ *retpos++ = (char)strtol(buf, NULL, 16); } else { *retpos++ = *pnt; } } *retpos = '\0'; return ret; } /* CH must be an unsigned char; evaluates to 1 if CH should be * percent-encoded (note !!x == x ? 1 : 0). */ #define path_escape_ch(ch, mask) (!!(uri_lookup(ch) & (mask))) char *ne_path_escape(const char *path) { return ne_path_escapef(path, NE_PATH_NONRES); } char *ne_path_escapef(const char *path, unsigned int flags) { const unsigned char *pnt; char *ret, *p; size_t count = 0; unsigned short mask = 0; if (flags & NE_PATH_NONRES) mask |= URI_ESCAPE; if (flags & NE_PATH_NONURI) mask |= URI_NONURI; for (pnt = (const unsigned char *)path; *pnt != '\0'; pnt++) { count += path_escape_ch(*pnt, mask); } if (count == 0) { return ne_strdup(path); } p = ret = ne_malloc(strlen(path) + 2 * count + 1); for (pnt = (const unsigned char *)path; *pnt != '\0'; pnt++) { if (path_escape_ch(*pnt, mask)) { /* Escape it - % */ sprintf(p, "%%%02x", (unsigned char) *pnt); p += 3; } else { *p++ = *pnt; } } *p = '\0'; return ret; } #undef path_escape_ch #define CMPWITH(field, func) \ do { \ if (u1->field) { \ if (!u2->field) return -1; \ n = func(u1->field, u2->field); \ if (n) return n; \ } else if (u2->field) { \ return 1; \ } \ } while (0) #define CMP(field) CMPWITH(field, strcmp) #define CASECMP(field) CMPWITH(field, ne_strcasecmp) /* As specified by RFC 2616, section 3.2.3. */ int ne_uri_cmp(const ne_uri *u1, const ne_uri *u2) { int n; CMP(path); CASECMP(host); CASECMP(scheme); CMP(query); CMP(fragment); CMP(userinfo); return u2->port - u1->port; } #undef CMP #undef CASECMP #undef CMPWITH /* TODO: implement properly */ int ne_path_compare(const char *a, const char *b) { int ret = ne_strcasecmp(a, b); if (ret) { /* This logic says: "If the lengths of the two URIs differ by * exactly one, and the LONGER of the two URIs has a trailing * slash and the SHORTER one DOESN'T, then..." */ int traila = ne_path_has_trailing_slash(a), trailb = ne_path_has_trailing_slash(b), lena = strlen(a), lenb = strlen(b); if (traila != trailb && abs(lena - lenb) == 1 && ((traila && lena > lenb) || (trailb && lenb > lena))) { /* Compare them, ignoring the trailing slash on the longer * URI */ if (strncasecmp(a, b, lena < lenb ? lena : lenb) == 0) ret = 0; } } return ret; } char *ne_uri_unparse(const ne_uri *uri) { ne_buffer *buf = ne_buffer_create(); if (uri->scheme) { ne_buffer_concat(buf, uri->scheme, ":", NULL); } if (uri->host) { ne_buffer_czappend(buf, "//"); if (uri->userinfo) { ne_buffer_concat(buf, uri->userinfo, "@", NULL); } ne_buffer_zappend(buf, uri->host); if (uri->port > 0 && (!uri->scheme || ne_uri_defaultport(uri->scheme) != uri->port)) { char str[20]; ne_snprintf(str, 20, ":%d", uri->port); ne_buffer_zappend(buf, str); } } ne_buffer_zappend(buf, uri->path); if (uri->query) { ne_buffer_concat(buf, "?", uri->query, NULL); } if (uri->fragment) { ne_buffer_concat(buf, "#", uri->fragment, NULL); } return ne_buffer_finish(buf); } /* Give it a path segment, it returns non-zero if child is * a child of parent. */ int ne_path_childof(const char *parent, const char *child) { char *root = ne_strdup(child); int ret; if (strlen(parent) >= strlen(child)) { ret = 0; } else { /* root is the first of child, equal to length of parent */ root[strlen(parent)] = '\0'; ret = (ne_path_compare(parent, root) == 0); } ne_free(root); return ret; } neon-0.32.2/src/ne_uri.h000066400000000000000000000105521416727304000147650ustar00rootroot00000000000000/* URI manipulation routines. Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_URI_H #define NE_URI_H #include "ne_defs.h" NE_BEGIN_DECLS /* Return a copy of a path string with anything other than * "unreserved" and the forward-slash character percent-encoded * according to the URI encoding rules. Returns a malloc-allocated * string and never NULL. */ char *ne_path_escape(const char *path); /* NE_PATH_NONRES - anything other than "unreserved" and the * forward-slash character percent-encoded according to the URI * encoding rules; same rules as ne_path_escape(). */ #define NE_PATH_NONRES (0x0001) /* Escape any characters outside of those allowed in URIs. */ #define NE_PATH_NONURI (0x0002) /* Return a copy of a path string with escaping applied per rules * determined by any combination of NE_PATH_* flags given. Returns a * malloc-allocated string and never NULL. */ char *ne_path_escapef(const char *path, unsigned int flags); /* Return a decoded copy of a percent-encoded path string. Returns * malloc-allocated path on success, or NULL if the string contained * any syntactically invalid percent-encoding sequences. */ char *ne_path_unescape(const char *epath); /* Returns malloc-allocated parent of path, or NULL if path has no * parent (such as "/"). */ char *ne_path_parent(const char *path); /* Returns strcmp-like value giving comparison between p1 and p2, * ignoring trailing-slashes. */ int ne_path_compare(const char *p1, const char *p2); /* Returns non-zero if child is a child of parent */ int ne_path_childof(const char *parent, const char *child); /* Returns non-zero if path has a trailing slash character */ int ne_path_has_trailing_slash(const char *path); /* Return the default port for the given scheme, or 0 if none is * known. */ unsigned int ne_uri_defaultport(const char *scheme); typedef struct { char *scheme; char *host, *userinfo; unsigned int port; char *path, *query, *fragment; } ne_uri; /* Parse a URI-reference 'uri' and place parsed components in *parsed. * Returns zero on success, non-zero on parse error. On successful or * error return, all the 'char *' fields of *parsed are either set to * NULL, or point to malloc-allocated NUL-terminated strings; * ne_uri_free can be used to free any set fields. On success, * parsed->path is guaranteed to be non-NULL. */ int ne_uri_parse(const char *uri, ne_uri *parsed); /* Turns a URI structure back into a string. The returned string is * malloc-allocated, and must be freed by the caller. */ char *ne_uri_unparse(const ne_uri *uri); /* Resolve a relative URI 'relative', with respect to base URI 'base', * placing the resultant URI in '*result'. At least both base->path * and relative->path must be non-NULL. On return, all the 'char *' * fields of *result are either set to NULL or point to * malloc-allocated NUL-terminated strings. result->path is * guaranteed to be non-NULL. ne_uri_free can be used to free the * result structure after use. Returns 'result'. */ ne_uri *ne_uri_resolve(const ne_uri *base, const ne_uri *relative, ne_uri *result); /* Compares URIs u1 and u2, returns non-zero if they are found to be * non-equal. The sign of the return value is <0 if 'u1' is less than * 'u2', or >0 if 'u2' is greater than 'u1'. */ int ne_uri_cmp(const ne_uri *u1, const ne_uri *u2); /* Copy components of URI 'src' to destination 'dest'. Returns * 'dest'. */ ne_uri *ne_uri_copy(ne_uri *dest, const ne_uri *src); /* Frees any non-NULL fields of parsed URI structure *parsed. All * fields are then zero-initialized. */ void ne_uri_free(ne_uri *parsed); NE_END_DECLS #endif /* NE_URI_H */ neon-0.32.2/src/ne_utils.c000066400000000000000000000132271416727304000153230ustar00rootroot00000000000000/* HTTP utility functions Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #ifdef HAVE_STRING_H #include #endif #include #include /* isdigit() for ne_parse_statusline */ #ifdef NE_HAVE_ZLIB #include #endif #ifdef HAVE_OPENSSL #include #endif #ifdef HAVE_GNUTLS #include #endif /* libxml2: pick up the version string. */ #if defined(HAVE_LIBXML) #include #elif defined(HAVE_EXPAT) && !defined(HAVE_XMLPARSE_H) #include #endif #include "ne_utils.h" #include "ne_string.h" /* for ne_strdup */ #include "ne_dates.h" int ne_debug_mask = 0; FILE *ne_debug_stream = NULL; void ne_debug_init(FILE *stream, int mask) { ne_debug_stream = stream; ne_debug_mask = mask; #if defined(HAVE_SETVBUF) && defined(_IONBF) /* If possible, turn off buffering on the debug log. this is very * helpful if debugging segfaults. */ if (stream) setvbuf(stream, NULL, _IONBF, 0); #endif } void ne_debug(int ch, const char *template, ...) { va_list params; if ((ch & ne_debug_mask) == 0) return; fflush(stdout); va_start(params, template); vfprintf(ne_debug_stream, template, params); va_end(params); if ((ch & NE_DBG_FLUSH) == NE_DBG_FLUSH) fflush(ne_debug_stream); } #define NE_STRINGIFY(x) # x #define NE_EXPAT_VER(x,y,z) NE_STRINGIFY(x) "." NE_STRINGIFY(y) "." NE_STRINGIFY(z) static const char version_string[] = "neon " NEON_VERSION ": " #ifdef NEON_IS_LIBRARY "Library build" #else "Bundled build" #endif #ifdef NE_HAVE_IPV6 ", IPv6" #endif #ifdef HAVE_EXPAT ", Expat" /* expat >=1.95.2 exported the version */ #ifdef XML_MAJOR_VERSION " " NE_EXPAT_VER(XML_MAJOR_VERSION, XML_MINOR_VERSION, XML_MICRO_VERSION) #endif #else /* !HAVE_EXPAT */ #ifdef HAVE_LIBXML ", libxml " LIBXML_DOTTED_VERSION #endif /* HAVE_LIBXML */ #endif /* !HAVE_EXPAT */ #if defined(NE_HAVE_ZLIB) && defined(ZLIB_VERSION) ", zlib " ZLIB_VERSION #endif /* NE_HAVE_ZLIB && ... */ #ifdef NE_HAVE_SOCKS ", SOCKSv5" #endif #ifdef NE_HAVE_LFS ", LFS" #endif #ifdef HAVE_OPENSSL #ifdef OPENSSL_VERSION_TEXT ", " OPENSSL_VERSION_TEXT #else "OpenSSL (unknown version)" #endif /* OPENSSL_VERSION_TEXT */ #ifdef NE_HAVE_TS_SSL " (thread-safe)" #endif #endif /* HAVE_OPENSSL */ #ifdef HAVE_GNUTLS ", GNU TLS " LIBGNUTLS_VERSION #endif /* HAVE_GNUTLS */ #ifdef HAVE_SSPI ", SSPI" #endif /* HAVE_SSPI */ #ifdef HAVE_PAKCHOIS ", PKCS#11" #endif #ifdef NE_HAVE_LIBPXY ", libproxy" #endif "." ; const char *ne_version_string(void) { return version_string; } #define LAST_COMPAT_ZERO_MINOR (27) int ne_version_match(int major, int minor) { return ! (NE_VERSION_MAJOR == 0 && (minor <= NE_VERSION_MINOR && minor >= LAST_COMPAT_ZERO_MINOR)); } int ne_has_support(int feature) { switch (feature) { #if defined(NE_HAVE_SSL) || defined(NE_HAVE_ZLIB) || defined(NE_HAVE_IPV6) \ || defined(NE_HAVE_SOCKS) || defined(NE_HAVE_LFS) \ || defined(NE_HAVE_TS_SSL) || defined(NE_HAVE_I18N) || defined(HAVE_SSPI) #ifdef NE_HAVE_SSL case NE_FEATURE_SSL: #endif #ifdef NE_HAVE_ZLIB case NE_FEATURE_ZLIB: #endif #ifdef NE_HAVE_IPV6 case NE_FEATURE_IPV6: #endif #ifdef NE_HAVE_SOCKS case NE_FEATURE_SOCKS: #endif #ifdef NE_HAVE_LFS case NE_FEATURE_LFS: #endif #ifdef NE_HAVE_TS_SSL case NE_FEATURE_TS_SSL: #endif #ifdef NE_HAVE_I18N case NE_FEATURE_I18N: #endif #ifdef HAVE_SSPI case NE_FEATURE_SSPI: #endif return 1; #endif /* NE_HAVE_* */ default: return 0; } } int ne_parse_statusline(const char *status_line, ne_status *st) { const char *part; int major, minor, status_code, klass; /* skip leading garbage if any. */ part = strstr(status_line, "HTTP/"); if (part == NULL) return -1; minor = major = 0; /* Parse version string, skipping leading zeroes. */ for (part += 5; *part != '\0' && isdigit(*part); part++) major = major*10 + (*part-'0'); if (*part++ != '.') return -1; for (;*part != '\0' && isdigit(*part); part++) minor = minor*10 + (*part-'0'); if (*part != ' ') return -1; /* Skip any spaces */ for (; *part == ' '; part++) /* noop */; /* Parse the Status-Code; part now points at the first Y in * "HTTP/x.x YYY". */ if (!isdigit(part[0]) || !isdigit(part[1]) || !isdigit(part[2]) || (part[3] != '\0' && part[3] != ' ')) return -1; status_code = 100*(part[0]-'0') + 10*(part[1]-'0') + (part[2]-'0'); klass = part[0]-'0'; /* Skip whitespace between status-code and reason-phrase */ for (part+=3; *part == ' ' || *part == '\t'; part++) /* noop */; /* part now may be pointing to \0 if reason phrase is blank */ /* Fill in the results */ st->major_version = major; st->minor_version = minor; st->reason_phrase = ne_strclean(ne_strdup(part)); st->code = status_code; st->klass = klass; return 0; } neon-0.32.2/src/ne_utils.h000066400000000000000000000077321416727304000153340ustar00rootroot00000000000000/* HTTP utility functions Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_UTILS_H #define NE_UTILS_H #include #include #include #include "ne_defs.h" #ifdef NEON_TRIO #include #endif NE_BEGIN_DECLS /* Returns a human-readable library version string describing the * version and build information; for example: * "neon 0.2.0: Library build, OpenSSL support" */ const char *ne_version_string(void); /* Returns non-zero if neon library version is backwards-compatible * with ABI at given (major, minor). */ int ne_version_match(int major, int minor); /* Feature codes: */ #define NE_FEATURE_SSL (1) /* SSL/TLS support */ #define NE_FEATURE_ZLIB (2) /* zlib compression in compress interface */ #define NE_FEATURE_IPV6 (3) /* IPv6 is supported in resolver */ #define NE_FEATURE_LFS (4) /* large file support */ #define NE_FEATURE_SOCKS (5) /* SOCKSv5 support */ #define NE_FEATURE_TS_SSL (6) /* Thread-safe SSL/TLS support */ #define NE_FEATURE_I18N (7) /* i18n error message support */ #define NE_FEATURE_SSPI (8) /* NTLM/Negotiate authentication protocol via SSPI */ /* Returns non-zero if library is built with support for the given * NE_FEATURE_* feature code 'code'. */ int ne_has_support(int feature); /* Debugging macro to allow code to be optimized out if debugging is * disabled at build time. */ #ifndef NE_DEBUGGING #define NE_DEBUG if (0) ne_debug #else /* DEBUGGING */ #define NE_DEBUG ne_debug #endif /* DEBUGGING */ /* Debugging masks. */ #define NE_DBG_SOCKET (1<<0) /* raw socket */ #define NE_DBG_HTTP (1<<1) /* HTTP request/response handling */ #define NE_DBG_XML (1<<2) /* XML parser */ #define NE_DBG_HTTPAUTH (1<<3) /* HTTP authentication (hiding credentials) */ #define NE_DBG_HTTPPLAIN (1<<4) /* plaintext HTTP authentication */ #define NE_DBG_LOCKS (1<<5) /* WebDAV locking */ #define NE_DBG_XMLPARSE (1<<6) /* low-level XML parser */ #define NE_DBG_HTTPBODY (1<<7) /* HTTP response body blocks */ #define NE_DBG_SSL (1<<8) /* SSL/TLS */ #define NE_DBG_FLUSH (1<<30) /* always flush debugging */ /* Send debugging output to 'stream', for all of the given debug * channels. To disable debugging, pass 'stream' as NULL and 'mask' * as 0. */ void ne_debug_init(FILE *stream, int mask); /* The current debug mask and stream set by the last call to * ne_debug_init. */ extern int ne_debug_mask; extern FILE *ne_debug_stream; /* Produce debug output if any of channels 'ch' is enabled for * debugging. */ void ne_debug(int ch, const char *, ...) ne_attribute((format(printf, 2, 3))); /* Storing an HTTP status result */ typedef struct { int major_version; int minor_version; int code; /* Status-Code value */ int klass; /* Class of Status-Code (1-5) */ char *reason_phrase; } ne_status; /* NB: couldn't use 'class' in ne_status because it would clash with * the C++ reserved word. */ /* Parse 'status_line' using the the RFC2616 Status-Line grammar. * s->reason_phrase is malloc-allocated if non-NULL, and must be * free'd by the caller. Returns 0 on success, in which case all * fields of '*s' will be set; or -1 on parse error, in which case * '*s' is unmodified. */ int ne_parse_statusline(const char *status_line, ne_status *s); NE_END_DECLS #endif /* NE_UTILS_H */ neon-0.32.2/src/ne_xml.c000066400000000000000000000510461416727304000147640ustar00rootroot00000000000000/* Wrapper interface to XML parser Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STRINGS_H #include #endif #include "ne_internal.h" #include "ne_alloc.h" #include "ne_xml.h" #include "ne_utils.h" #include "ne_string.h" #if defined(HAVE_EXPAT) /* expat support: */ #ifdef HAVE_XMLPARSE_H #include "xmlparse.h" #else #include #endif typedef XML_Char ne_xml_char; #if !defined(XML_MAJOR_VERSION) #define NEED_BOM_HANDLING #elif XML_MAJOR_VERSION < 2 && XML_MINOR_VERSION == 95 && XML_MICRO_VERSION < 2 #define NEED_BOM_HANDLING #endif #elif defined(HAVE_LIBXML) /* libxml2 support: */ #include #include typedef xmlChar ne_xml_char; #if LIBXML_VERSION < 20619 /* 2.6.19 and earlier have broken BOM handling */ #define NEED_BOM_HANDLING #endif #else /* not HAVE_LIBXML */ # error need an XML parser #endif /* not HAVE_EXPAT */ /* Approx. one screen of text: */ #define ERR_SIZE (2048) struct handler { ne_xml_startelm_cb *startelm_cb; /* start-element callback */ ne_xml_endelm_cb *endelm_cb; /* end-element callback */ ne_xml_cdata_cb *cdata_cb; /* character-data callback. */ void *userdata; /* userdata for the above. */ struct handler *next; /* next handler in stack. */ }; #ifdef HAVE_LIBXML static void sax_error(void *ctx, const char *msg, ...); #endif struct element { const ne_xml_char *nspace; ne_xml_char *name; int state; /* opaque state integer */ /* Namespaces declared in this element */ ne_xml_char *default_ns; /* A default namespace */ struct namespace *nspaces; /* List of other namespace scopes */ struct handler *handler; /* Handler for this element */ struct element *parent; /* parent element, or NULL */ }; /* We pass around a ne_xml_parser as the userdata in the parsing * library. This maintains the current state of the parse and various * other bits and bobs. Within the parse, we store the current branch * of the tree, i.e., the current element and all its parents, up to * the root, but nothing other than that. */ struct ne_xml_parser_s { struct element *root; /* the root of the document */ struct element *current; /* current element in the branch */ struct handler *top_handlers; /* always points at the * handler on top of the stack. */ int failure; /* zero whilst parse should continue */ int prune; /* if non-zero, depth within a dead branch */ #ifdef NEED_BOM_HANDLING int bom_pos; #endif #ifdef HAVE_EXPAT XML_Parser parser; char *encoding; #else xmlParserCtxtPtr parser; #endif char error[ERR_SIZE]; }; /* The callback handlers */ static void start_element(void *userdata, const ne_xml_char *name, const ne_xml_char **atts); static void end_element(void *userdata, const ne_xml_char *name); static void char_data(void *userdata, const ne_xml_char *cdata, int len); static const char *resolve_nspace(const struct element *elm, const char *prefix, size_t pfxlen); /* Linked list of namespace scopes */ struct namespace { ne_xml_char *name; ne_xml_char *uri; struct namespace *next; }; #ifdef HAVE_LIBXML /* Could be const as far as we care, but libxml doesn't want that */ static xmlSAXHandler sax_handler = { NULL, /* internalSubset */ NULL, /* isStandalone */ NULL, /* hasInternalSubset */ NULL, /* hasExternalSubset */ NULL, /* resolveEntity */ NULL, /* getEntity */ NULL, /* entityDecl */ NULL, /* notationDecl */ NULL, /* attributeDecl */ NULL, /* elementDecl */ NULL, /* unparsedEntityDecl */ NULL, /* setDocumentLocator */ NULL, /* startDocument */ NULL, /* endDocument */ start_element, /* startElement */ end_element, /* endElement */ NULL, /* reference */ char_data, /* characters */ NULL, /* ignorableWhitespace */ NULL, /* processingInstruction */ NULL, /* comment */ NULL, /* xmlParserWarning */ sax_error, /* xmlParserError */ sax_error, /* fatal error (never called by libxml2?) */ NULL, /* getParameterEntity */ char_data /* cdataBlock */ }; /* empty attributes array to mimic expat behaviour */ static const char *const empty_atts[] = {NULL, NULL}; /* macro for determining the attributes array to pass */ #define PASS_ATTS(atts) (atts ? (const char **)(atts) : empty_atts) #else #define PASS_ATTS(atts) ((const char **)(atts)) /* XML declaration callback for expat. */ static void decl_handler(void *userdata, const XML_Char *version, const XML_Char *encoding, int standalone) { ne_xml_parser *p = userdata; if (encoding) p->encoding = ne_strdup(encoding); } #endif /* HAVE_LIBXML */ int ne_xml_currentline(ne_xml_parser *p) { #ifdef HAVE_EXPAT return XML_GetCurrentLineNumber(p->parser); #else return p->parser->input->line; #endif } const char *ne_xml_doc_encoding(const ne_xml_parser *p) { #ifdef HAVE_LIBXML return p->parser->encoding; #else return p->encoding; #endif } /* The first character of the REC-xml-names "NCName" rule excludes * "Digit | '.' | '-' | '_' | CombiningChar | Extender"; the XML * parser will not enforce this rule in a namespace declaration since * it treats the entire attribute name as a REC-xml "Name" rule. It's * too hard to check for all of CombiningChar | Digit | Extender here, * but the valid_ncname_ch1 macro catches some of the rest. */ /* Return non-zero if 'ch' is an invalid start character for an NCName: */ #define invalid_ncname_ch1(ch) ((ch) == '\0' || strchr("-.0123456789", (ch)) != NULL) /* Subversion repositories have been deployed which use property names * marshalled as NCNames including a colon character; these should * also be rejected but will be allowed for the time being. */ #define invalid_ncname(xn) (invalid_ncname_ch1((xn)[0])) /* Extract the namespace prefix declarations from 'atts'. */ static int declare_nspaces(ne_xml_parser *p, struct element *elm, const ne_xml_char **atts) { int n; for (n = 0; atts && atts[n]; n += 2) { if (strcmp(atts[n], "xmlns") == 0) { /* New default namespace */ elm->default_ns = ne_strdup(atts[n+1]); } else if (strncmp(atts[n], "xmlns:", 6) == 0) { struct namespace *ns; /* Reject some invalid NCNames as namespace prefix, and an * empty URI as the namespace URI */ if (invalid_ncname(atts[n] + 6) || atts[n+1][0] == '\0') { ne_snprintf(p->error, ERR_SIZE, ("XML parse error at line %d: invalid namespace " "declaration"), ne_xml_currentline(p)); return -1; } /* New namespace scope */ ns = ne_calloc(sizeof(*ns)); ns->next = elm->nspaces; elm->nspaces = ns; ns->name = ne_strdup(atts[n]+6); /* skip the xmlns= */ ns->uri = ne_strdup(atts[n+1]); } } return 0; } /* Expand an XML qualified name, which may include a namespace prefix * as well as the local part. */ static int expand_qname(ne_xml_parser *p, struct element *elm, const ne_xml_char *qname) { const ne_xml_char *pfx; pfx = strchr(qname, ':'); if (pfx == NULL) { struct element *e = elm; /* Find default namespace; guaranteed to terminate as the root * element always has default_ns="". */ while (e->default_ns == NULL) e = e->parent; elm->name = ne_strdup(qname); elm->nspace = e->default_ns; } else if (invalid_ncname(pfx + 1) || qname == pfx) { ne_snprintf(p->error, ERR_SIZE, _("XML parse error at line %d: invalid element name"), ne_xml_currentline(p)); return -1; } else { const char *uri = resolve_nspace(elm, qname, pfx-qname); if (uri) { elm->name = ne_strdup(pfx+1); elm->nspace = uri; } else { ne_snprintf(p->error, ERR_SIZE, ("XML parse error at line %d: undeclared namespace prefix"), ne_xml_currentline(p)); return -1; } } return 0; } /* Called with the start of a new element. */ static void start_element(void *userdata, const ne_xml_char *name, const ne_xml_char **atts) { ne_xml_parser *p = userdata; struct element *elm; struct handler *hand; int state = NE_XML_DECLINE; if (p->failure) return; if (p->prune) { p->prune++; return; } /* Create a new element */ elm = ne_calloc(sizeof *elm); elm->parent = p->current; p->current = elm; if (declare_nspaces(p, elm, atts) || expand_qname(p, elm, name)) { p->failure = 1; return; } /* Find a handler which will accept this element (or abort the parse) */ for (hand = elm->parent->handler; hand && state == NE_XML_DECLINE; hand = hand->next) { elm->handler = hand; state = hand->startelm_cb(hand->userdata, elm->parent->state, elm->nspace, elm->name, PASS_ATTS(atts)); } NE_DEBUG(NE_DBG_XML, "XML: start-element (%d, {%s, %s}) => %d\n", elm->parent->state, elm->nspace, elm->name, state); if (state > 0) elm->state = state; else if (state == NE_XML_DECLINE) /* prune this branch. */ p->prune++; else /* state < 0 => abort parse */ p->failure = state; } /* Destroys an element structure. */ static void destroy_element(struct element *elm) { struct namespace *this_ns, *next_ns; ne_free(elm->name); /* Free the namespaces */ this_ns = elm->nspaces; while (this_ns != NULL) { next_ns = this_ns->next; ne_free(this_ns->name); ne_free(this_ns->uri); ne_free(this_ns); this_ns = next_ns; } if (elm->default_ns) ne_free(elm->default_ns); ne_free(elm); } /* cdata SAX callback */ static void char_data(void *userdata, const ne_xml_char *data, int len) { ne_xml_parser *p = userdata; struct element *elm = p->current; if (p->failure || p->prune) return; if (elm->handler->cdata_cb) { p->failure = elm->handler->cdata_cb(elm->handler->userdata, elm->state, data, len); NE_DEBUG(NE_DBG_XML, "XML: char-data (%d) returns %d\n", elm->state, p->failure); } } /* Called with the end of an element */ static void end_element(void *userdata, const ne_xml_char *name) { ne_xml_parser *p = userdata; struct element *elm = p->current; if (p->failure) return; if (p->prune) { if (p->prune-- > 1) return; } else if (elm->handler->endelm_cb) { p->failure = elm->handler->endelm_cb(elm->handler->userdata, elm->state, elm->nspace, elm->name); if (p->failure) { NE_DEBUG(NE_DBG_XML, "XML: end-element for %d failed with %d.\n", elm->state, p->failure); } } NE_DEBUG(NE_DBG_XML, "XML: end-element (%d, {%s, %s})\n", elm->state, elm->nspace, elm->name); /* move back up the tree */ p->current = elm->parent; p->prune = 0; destroy_element(elm); } #if defined(HAVE_EXPAT) && XML_MAJOR_VERSION > 1 /* Stop the parser if an entity declaration is hit. */ static void entity_declaration(void *userData, const XML_Char *entityName, int is_parameter_entity, const XML_Char *value, int value_length, const XML_Char *base, const XML_Char *systemId, const XML_Char *publicId, const XML_Char *notationName) { ne_xml_parser *parser = userData; NE_DEBUG(NE_DBG_XMLPARSE, "XML: entity declaration [%s]. Failing.\n", entityName); XML_StopParser(parser->parser, XML_FALSE); } #elif defined(HAVE_EXPAT) /* A noop default_handler. */ static void default_handler(void *userData, const XML_Char *s, int len) { } #endif /* Find a namespace definition for 'prefix' in given element, where * length of prefix is 'pfxlen'. Returns the URI or NULL. */ static const char *resolve_nspace(const struct element *elm, const char *prefix, size_t pfxlen) { const struct element *s; /* Search up the tree. */ for (s = elm; s != NULL; s = s->parent) { const struct namespace *ns; /* Iterate over defined spaces on this node. */ for (ns = s->nspaces; ns != NULL; ns = ns->next) { if (strlen(ns->name) == pfxlen && memcmp(ns->name, prefix, pfxlen) == 0) return ns->uri; } } return NULL; } const char *ne_xml_resolve_nspace(ne_xml_parser *parser, const char *prefix, size_t length) { if (prefix) { return resolve_nspace(parser->current, prefix, length); } else { struct element *e = parser->current; while (e->default_ns == NULL) e = e->parent; return e->default_ns; } } ne_xml_parser *ne_xml_create(void) { ne_xml_parser *p = ne_calloc(sizeof *p); /* Placeholder for the root element */ p->current = p->root = ne_calloc(sizeof *p->root); p->root->default_ns = ""; p->root->state = 0; ne_strnzcpy(p->error, _("Unknown error"), sizeof p->error); #ifdef HAVE_EXPAT p->parser = XML_ParserCreate(NULL); if (p->parser == NULL) { abort(); } XML_SetElementHandler(p->parser, start_element, end_element); XML_SetCharacterDataHandler(p->parser, char_data); XML_SetUserData(p->parser, (void *) p); XML_SetXmlDeclHandler(p->parser, decl_handler); /* Prevent the "billion laughs" attack against expat by disabling * internal entity expansion. With 2.x, forcibly stop the parser * if an entity is declared - this is safer and a more obvious * failure mode. With older versions, installing a noop * DefaultHandler means that internal entities will be expanded as * the empty string, which is also sufficient to prevent the * attack. */ #if XML_MAJOR_VERSION > 1 XML_SetEntityDeclHandler(p->parser, entity_declaration); #else XML_SetDefaultHandler(p->parser, default_handler); #endif #else /* HAVE_LIBXML */ p->parser = xmlCreatePushParserCtxt(&sax_handler, (void *)p, NULL, 0, NULL); if (p->parser == NULL) { abort(); } #if LIBXML_VERSION < 20602 p->parser->replaceEntities = 1; #else /* Enable expansion of entities, and disable network access. */ xmlCtxtUseOptions(p->parser, XML_PARSE_NOENT | XML_PARSE_NONET); #endif #endif /* HAVE_LIBXML || HAVE_EXPAT */ return p; } void ne_xml_push_handler(ne_xml_parser *p, ne_xml_startelm_cb *startelm_cb, ne_xml_cdata_cb *cdata_cb, ne_xml_endelm_cb *endelm_cb, void *userdata) { struct handler *hand = ne_calloc(sizeof(struct handler)); hand->startelm_cb = startelm_cb; hand->cdata_cb = cdata_cb; hand->endelm_cb = endelm_cb; hand->userdata = userdata; /* If this is the first handler registered, update the * base pointer too. */ if (p->top_handlers == NULL) { p->root->handler = hand; p->top_handlers = hand; } else { p->top_handlers->next = hand; p->top_handlers = hand; } } int ne_xml_parse_v(void *userdata, const char *block, size_t len) { ne_xml_parser *p = userdata; return ne_xml_parse(p, (const ne_xml_char *)block, len); } #define BOM_UTF8 "\xEF\xBB\xBF" /* UTF-8 BOM */ int ne_xml_parse(ne_xml_parser *p, const char *block, size_t len) { int ret, flag; /* duck out if it's broken */ if (p->failure) { NE_DEBUG(NE_DBG_XMLPARSE, "XML: Failed; ignoring %" NE_FMT_SIZE_T " bytes.\n", len); return p->failure; } if (len == 0) { flag = -1; block = ""; NE_DEBUG(NE_DBG_XMLPARSE, "XML: End of document.\n"); } else { NE_DEBUG(NE_DBG_XMLPARSE, "XML: Parsing %" NE_FMT_SIZE_T " bytes.\n", len); flag = 0; } #ifdef NEED_BOM_HANDLING if (p->bom_pos < 3) { NE_DEBUG(NE_DBG_XMLPARSE, "Checking for UTF-8 BOM.\n"); while (len > 0 && p->bom_pos < 3 && block[0] == BOM_UTF8[p->bom_pos]) { block++; len--; p->bom_pos++; } if (len == 0) return 0; if (p->bom_pos == 0) { p->bom_pos = 3; /* no BOM */ } else if (p->bom_pos > 0 && p->bom_pos < 3) { ne_strnzcpy(p->error, _("Invalid Byte Order Mark"), sizeof p->error); return p->failure = 1; } } #endif /* Note, don't write a parser error if p->failure, since an error * will already have been written in that case. */ #ifdef HAVE_EXPAT ret = XML_Parse(p->parser, block, len, flag); NE_DEBUG(NE_DBG_XMLPARSE, "XML: XML_Parse returned %d\n", ret); if (ret == 0 && p->failure == 0) { ne_snprintf(p->error, ERR_SIZE, "XML parse error at line %" NE_FMT_XML_SIZE ": %s", XML_GetCurrentLineNumber(p->parser), XML_ErrorString(XML_GetErrorCode(p->parser))); p->failure = 1; NE_DEBUG(NE_DBG_XMLPARSE, "XML: Parse error: %s\n", p->error); } #else ret = xmlParseChunk(p->parser, block, len, flag); NE_DEBUG(NE_DBG_XMLPARSE, "XML: xmlParseChunk returned %d\n", ret); /* Parse errors are normally caught by the sax_error() callback, * which clears p->valid. */ if (p->parser->errNo && p->failure == 0) { ne_snprintf(p->error, ERR_SIZE, "XML parse error at line %d", ne_xml_currentline(p)); p->failure = 1; NE_DEBUG(NE_DBG_XMLPARSE, "XML: Parse error: %s\n", p->error); } #endif return p->failure; } int ne_xml_failed(ne_xml_parser *p) { return p->failure; } void ne_xml_destroy(ne_xml_parser *p) { struct element *elm, *parent; struct handler *hand, *next; /* Free up the handlers on the stack: the root element has the * pointer to the base of the handler stack. */ for (hand = p->root->handler; hand!=NULL; hand=next) { next = hand->next; ne_free(hand); } /* Clean up remaining elements */ for (elm = p->current; elm != p->root; elm = parent) { parent = elm->parent; destroy_element(elm); } /* free root element */ ne_free(p->root); #ifdef HAVE_EXPAT XML_ParserFree(p->parser); if (p->encoding) ne_free(p->encoding); #else xmlFreeParserCtxt(p->parser); #endif ne_free(p); } void ne_xml_set_error(ne_xml_parser *p, const char *msg) { ne_snprintf(p->error, ERR_SIZE, "%s", msg); } #ifdef HAVE_LIBXML static void sax_error(void *ctx, const char *msg, ...) { ne_xml_parser *p = ctx; va_list ap; char buf[1024]; va_start(ap, msg); ne_vsnprintf(buf, 1024, msg, ap); va_end(ap); if (p->failure == 0) { ne_snprintf(p->error, ERR_SIZE, _("XML parse error at line %d: %s"), p->parser->input->line, buf); p->failure = 1; } } #endif const char *ne_xml_get_error(ne_xml_parser *p) { return p->error; } const char * ne_xml_get_attr(ne_xml_parser *p, const char **attrs, const char *nspace, const char *name) { int n; for (n = 0; attrs[n] != NULL; n += 2) { char *pnt = strchr(attrs[n], ':'); if (!nspace && !pnt && strcmp(attrs[n], name) == 0) { return attrs[n+1]; } else if (nspace && pnt) { /* If a namespace is given, and the local part matches, * then resolve the namespace and compare that too. */ if (strcmp(pnt + 1, name) == 0) { const char *uri = resolve_nspace(p->current, attrs[n], pnt - attrs[n]); if (uri && strcmp(uri, nspace) == 0) return attrs[n+1]; } } } return NULL; } int ne_xml_mapid(const struct ne_xml_idmap map[], size_t maplen, const char *nspace, const char *name) { size_t n; for (n = 0; n < maplen; n++) if (strcmp(name, map[n].name) == 0 && strcmp(nspace, map[n].nspace) == 0) return map[n].id; return 0; } neon-0.32.2/src/ne_xml.h000066400000000000000000000152261416727304000147710ustar00rootroot00000000000000/* neon XML parser interface Copyright (C) 1999-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_XML_H #define NE_XML_H #include /* for size_t */ #include "ne_defs.h" NE_BEGIN_DECLS /* The neon XML interface filters a streamed XML tree through a stack * of SAX "handlers". A handler is made up of three callbacks * (start-element, char-data, end-element). Each start-element event * is passed to each handler in the stack in turn until one until one * accepts the element. This handler then receives subsequent * char-data and end-element events for the element. * * For each new start-element event, the search up the handler stack * begins with the handler for the parent element (for the root * element, at the base of the stack). * * For each accepted element, a "state" integer is stored, which is * passed to the corresponding char-data and end-element callbacks for * the element. This integer is also passed to the start-element * callback of child elements so they can determine context. * * If no handler in the stack accepts a particular element, it (and * its children, if any) is ignored. */ #define NE_XML_DECLINE (0) #define NE_XML_ABORT (-1) /* A start-element callback for element with given namespace/name. * The callback may return: * <0 => abort the parse (NE_XML_ABORT) * 0 => decline this element (NE_XML_DECLINE) * >0 => accept this element; value is state for this element. * * The 'parent' integer is the state returned by the handler of the * parent element. The attributes array gives name/value pairs * in atts[n] and atts[n+1] from n=0 up to atts[n]==NULL. */ typedef int ne_xml_startelm_cb(void *userdata, int parent, const char *nspace, const char *name, const char **atts); /* state for the root element */ #define NE_XML_STATEROOT (0) /* Character data callback; may return non-zero to abort the parse. */ typedef int ne_xml_cdata_cb(void *userdata, int state, const char *cdata, size_t len); /* End element callback; may return non-zero to abort the parse. */ typedef int ne_xml_endelm_cb(void *userdata, int state, const char *nspace, const char *name); typedef struct ne_xml_parser_s ne_xml_parser; /* Create an XML parser. */ ne_xml_parser *ne_xml_create(void); /* Push a new handler on the stack of parser 'p'. 'cdata' and/or * 'endelm' may be NULL; startelm must be non-NULL. */ void ne_xml_push_handler(ne_xml_parser *p, ne_xml_startelm_cb *startelm, ne_xml_cdata_cb *cdata, ne_xml_endelm_cb *endelm, void *userdata); /* ne_xml_failed returns non-zero if there was an error during * parsing, or zero if the parse completed successfully. The return * value is equal to that of the last ne_xml_parse() call for this * parser object. */ int ne_xml_failed(ne_xml_parser *p); /* Set error string for parser. (The string may be truncated * internally). */ void ne_xml_set_error(ne_xml_parser *p, const char *msg); /* Return the error string (and never NULL). After ne_xml_failed * returns >0, this will describe the parse error. Otherwise it will * be a default error string. */ const char *ne_xml_get_error(ne_xml_parser *p); /* Parse the given block of input of length len. Parser must be * called with len=0 to signify the end of the document (for that * case, the block argument is ignored). Returns zero on success, or * non-zero on error: for an XML syntax error, a positive number is * returned; if parsing is aborted by a caller-supplied callback, that * callback's return value is returned. */ int ne_xml_parse(ne_xml_parser *p, const char *block, size_t len); /* As ne_xml_parse, casting (ne_xml_parser *)userdata internally. * (This function can be passed to ne_add_response_body_reader) */ int ne_xml_parse_v(void *userdata, const char *block, size_t len); /* Return current line of document during parsing or after parsing is * complete. */ int ne_xml_currentline(ne_xml_parser *p); /* From a start_element callback which was passed 'attrs' using given * parser, return attribute of given name and namespace. If nspace is * NULL, no namespace resolution is performed. Note that this call is * context-specific; if called outside a start_element callback, * behaviour is undefined. */ const char *ne_xml_get_attr(ne_xml_parser *parser, const char **attrs, const char *nspace, const char *name); /* From a start_element callback, resolve a given XML Namespace * prefix, if defined. Given a non-NULL prefix, returns the namespace * URI which corresponds to the prefix 'prefix' (of length 'length'), * or NULL if no such namespace prefix is defined. Given a NULL * prefix, returns the default namespace URI or the empty string if * none is defined. Note that this call is context-specific; if * called outside a start_element callback, behaviour is undefined. */ const char *ne_xml_resolve_nspace(ne_xml_parser *parser, const char *prefix, size_t length); /* Return the encoding of the document being parsed. May return NULL * if no encoding is defined or if the XML declaration has not yet * been parsed. */ const char *ne_xml_doc_encoding(const ne_xml_parser *p); /* Destroy the parser object. */ void ne_xml_destroy(ne_xml_parser *p); /* A utility interface for mapping {nspace, name} onto an integer. */ struct ne_xml_idmap { const char *nspace, *name; int id; }; /* Return the size of an idmap array */ #define NE_XML_MAPLEN(map) (sizeof(map) / sizeof(struct ne_xml_idmap)) /* Return the 'id' corresponding to {nspace, name}, or zero. */ int ne_xml_mapid(const struct ne_xml_idmap map[], size_t maplen, const char *nspace, const char *name); /* media type, appropriate for adding to a Content-Type header */ #define NE_XML_MEDIA_TYPE "application/xml" NE_END_DECLS #endif /* NE_XML_H */ neon-0.32.2/src/ne_xmlreq.c000066400000000000000000000061611416727304000154720ustar00rootroot00000000000000/* XML/HTTP response handling Copyright (C) 2004-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include "config.h" #include #include #include "ne_internal.h" #include "ne_xmlreq.h" #include "ne_basic.h" #include "ne_string.h" /* Handle an XML response parse error, setting session error string * and closing the connection. */ static int parse_error(ne_session *sess, ne_xml_parser *parser) { ne_set_error(sess, _("Could not parse response: %s"), ne_xml_get_error(parser)); ne_close_connection(sess); return NE_ERROR; } int ne_xml_parse_response(ne_request *req, ne_xml_parser *parser) { char buf[8000]; ssize_t bytes; int ret = 0; while ((bytes = ne_read_response_block(req, buf, sizeof buf)) > 0) { ret = ne_xml_parse(parser, buf, bytes); if (ret) return parse_error(ne_get_session(req), parser); } if (bytes == 0) { /* Tell the parser that end of document was reached: */ if (ne_xml_parse(parser, NULL, 0) == 0) return NE_OK; else return parse_error(ne_get_session(req), parser); } else { return NE_ERROR; } } /* Returns non-zero if given content-type is an XML media type, * following the RFC 3023 rules. */ static int media_type_is_xml(const ne_content_type *ctype) { size_t stlen; return (ne_strcasecmp(ctype->type, "text") == 0 && ne_strcasecmp(ctype->subtype, "xml") == 0) || (ne_strcasecmp(ctype->type, "application") == 0 && ne_strcasecmp(ctype->subtype, "xml") == 0) || ((stlen = strlen(ctype->subtype)) > 4 && ne_strcasecmp(ctype->subtype + stlen - 4, "+xml") == 0); } int ne_xml_dispatch_request(ne_request *req, ne_xml_parser *parser) { int ret; do { int parseit = 0; ret = ne_begin_request(req); if (ret) break; if (ne_get_status(req)->klass == 2) { ne_content_type ctype; if (ne_get_content_type(req, &ctype) == 0) { parseit = media_type_is_xml(&ctype); ne_free(ctype.value); } } if (parseit) ret = ne_xml_parse_response(req, parser); else ret = ne_discard_response(req); if (ret == NE_OK) ret = ne_end_request(req); } while (ret == NE_RETRY); return ret; } neon-0.32.2/src/ne_xmlreq.h000066400000000000000000000036651416727304000155050ustar00rootroot00000000000000/* XML/HTTP response handling Copyright (C) 2004-2021, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef NE_XMLREQ_H #define NE_XMLREQ_H #include "ne_request.h" #include "ne_xml.h" NE_BEGIN_DECLS /* Read the HTTP response body using calls to ne_read_response_block * (so must be enclosed by ne_begin_request/ne_end_request calls), and * parse it as an XML document, using the given parser. Returns NE_* * error codes. If an XML parse error occurs, the session error * string is set to the XML parser's error string, and NE_ERROR is * returned. */ int ne_xml_parse_response(ne_request *req, ne_xml_parser *parser); /* Dispatch the HTTP request, parsing the response body as an XML * document using the given parser, if the response status class is * 2xx and an XML media type is specified for the response entity. If * a non-2xx response code is given, or a non-XML media type is * specified, then the response body will be silently discarded. * * Returns NE_* error codes. If an XML parse error occurs, the * session error string is set to the XML parser's error string, and * NE_ERROR is returned. */ int ne_xml_dispatch_request(ne_request *req, ne_xml_parser *parser); NE_END_DECLS #endif /* NE_XMLREQ_H */ neon-0.32.2/src/neon.vers000066400000000000000000000011711416727304000151700ustar00rootroot00000000000000# GNU linker version script for neon. # All symbols in <= 0.28.x use default unversioned. NEON_0_29 { ne_iaddr_raw; ne_sock_writev; ne_sock_fullwritev; ne_sock_set_error; ne_sock_proxy; ne_session_system_proxy; ne_session_socks_proxy; ne_acl3744_set; ne_buffer_qappend; ne_strnqdup; }; NEON_0_30 { ne_ssl_clicert_import; ne_addr_canonical; ne_ssl_context_get_flag; ne_set_addrlist2; }; NEON_0_31 { ne_path_escapef; ne_207_set_flags; }; NEON_0_32 { ne_strhash; ne_vstrhash; ne_strparam; ne_add_auth; ne_ssl_cert_hdigest; ne_sock_shutdown; }; neon-0.32.2/test/000077500000000000000000000000001416727304000135205ustar00rootroot00000000000000neon-0.32.2/test/.gdbinit000066400000000000000000000001041416727304000151340ustar00rootroot00000000000000handle SIGPIPE noprint pass nostop handle SIGUSR1 print pass nostop neon-0.32.2/test/.gitignore000066400000000000000000000010151416727304000155050ustar00rootroot00000000000000/tests /*-tests /Makefile /request /*.log* /server /regress /compress /*.gz /*.lo /*.tmp /.libs /acl /oldacl /acl3744 /auth /lock /basic /ssl /xml /stubs /ca /ca-stamp /ssigned.pem /wildcard.* /*.cert /*.csr /fqdn.pem /wrongcn.pem /socket /redirect /session /*.out /core* /props /socket-ssl /resolve /cookies /*.bb /*.da /*.bbg /ca*.pem /chain.pem /*.p12 /client.* /clientdsa.* /output.pem /libtest.* /clog /largefile /xmlreq /sparse.bin /*.gc* /random.txt /nssdb* /makekeys /ca2 /ca1 /ca3 /foobar.txt /server.key /hello.txt neon-0.32.2/test/COPYING000066400000000000000000000430761416727304000145650ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. neon-0.32.2/test/ChangeLog000066400000000000000000001330551416727304000153010ustar00rootroot00000000000000Wed Aug 25 21:05:28 2004 Joe Orton * cookies.c: Removed. * Makefile.in: Updated. Wed Aug 25 19:47:28 2004 Joe Orton * socket.c (do_connect, begin): Simplify do_connect use. Wed Aug 25 18:28:19 2004 Joe Orton * xml.c (matches, fail_parse): Test for UTF-8 BOM handling. Mon Jul 5 18:41:07 2004 Joe Orton * basic.c (content_type): Test for correct default charset for text/xml content-type by RFC3280. Mon Jul 5 10:59:17 2004 Joe Orton Add XFAIL regression tests for trio of ne_compress.c bugs: * compress.c (reader): Validate that a size=0 call comes only after the expected response data, and use struct string. (do_fetch): Pass a struct string to reader and adapt for failure logic. (auth_cb, retry_compress_helper, retry_compress, retry_notcompress): New tests. Sun Jul 4 21:55:00 2004 Joe Orton * utils.c (serve_sstring_slowly, serve_sstring): Moved from sockets.c, renamed from serve_string_slowly, serve_sstring. * sockets.c: All callers updated. Sun May 2 21:16:45 2004 Joe Orton * util-tests.c (regress_dates): Add regression tests. Wed Apr 14 10:45:43 2004 Joe Orton * props.c (regress, patch_regress): Add regression tests for CAN-2004-0179 issues. Thu Apr 8 13:57:04 2004 Joe Orton * largefile.c (read_large_response): Go faster: turn off debugging during request dispatch. Wed Apr 7 13:39:37 2004 Joe Orton * auth.c (basic): Add some multi-scheme challenges. Wed Apr 7 13:14:16 2004 Joe Orton * request.c (s_progress): Use NE_FMT_OFF_T for printing off_t's throughout. Sun Feb 22 23:38:05 2004 Joe Orton * request.c (expect_100_once, serve_100_once): Adjust for new 100-continue interface. (expect_100_nobody): New test. Sun Feb 22 20:39:15 2004 Joe Orton * cookies.c (parsing): Use ne_cookie_empty_cache. Sun Feb 22 17:28:41 2004 Joe Orton * props.c (pfind_simple): Test for whitespace handling. Sun Feb 22 16:31:52 2004 Joe Orton * auth.c (basic): Test handling of Basic challenge in presence of multiple challenges. Sun Feb 15 12:34:13 2004 Joe Orton * makekeys.sh, openssl.conf: Create new utf8subj.cert, bmpsubj.cert, t61subj.cert certificates. * ssl.c (dname_readable): Test that ne_ssl_readable_dname always gives back UTF-8. Sat Feb 14 21:59:17 2004 Joe Orton * xml.c (fail_parse): Add tests for invalid NCNames in namespace prefix declaration and as element names. Sun Jan 25 15:21:56 2004 Joe Orton * largefile.c (serve_large_response, read_large_response): New test. Sat Jan 24 18:10:14 2004 Joe Orton * Makefile.in: Fix test suite for 'make' implementatinos which don't handle single-suffix inference rules. Sat Jan 3 14:10:14 2004 Joe Orton * largefile.c (send_high_offset): Renamed from send_large_file. Sat Jan 3 13:57:16 2004 Joe Orton * Makefile.in (BASIC_TESTS): Add cookies. Thu Jan 1 17:42:30 2004 Joe Orton * util-tests.c (support): Check for NE_FEATURE_LFS. * largefile.c: New file. * Makefile.in: Add lfs-check, largefile, largefile.lo targets. Sat Nov 15 08:04:22 2003 Joe Orton * request.c (idna_hostname, dup_header, serve_check_host): New test. Fri Nov 14 14:06:57 2003 Joe Orton * util-tests.c (support): Test for NE_FEATURE_IDNA. Fri Nov 14 11:26:29 2003 Joe Orton * acl.c: Remove NEON_NODAV condition. * stubs.c: Use new NE_HAVE_* conditions. * util-tests.c (supports): Test new ne_has_support interface. Thu Nov 13 20:33:44 2003 Joe Orton * request.c (no_body_205): New test. Tue Nov 11 20:36:43 2003 Joe Orton Adjust for ne_xml_valid->ne_xml_failure API change. * xml.c (chardata, startelm_abort, endelm_abort, parse_match): Check for propagation of negative failure codes. (fail_parse): Check for positive failure code. (attributes): Use ne_xml_failure. Sat Oct 25 00:11:29 2003 Joe Orton * ssl.c (fail_truncated_eof): Remove test. Tue Oct 21 20:29:46 2003 Joe Orton * ssl.c (fail_tunnel, proxy_tunnel): Fix non-C89 code, Radu Greab. Thu Oct 9 19:42:13 2003 Joe Orton * socket.c (ssl_closure): Fix occassional spurious errors. Tue Oct 7 20:23:35 2003 Joe Orton * ssl.c (ssl_server): Handle several requests if required. (tunnel_header): New function. (serve_tunnel): Fail with a 500 if the request included an Authenticate header; take an ssl_server_args pointer as userdata. (fail_tunnel, proxy_tunnel): Adjust accordingly. (apt_post_send): Adjust for 401 check. (auth_tunnel_creds): New test. Wed Oct 1 00:30:25 2003 Joe Orton * ssl.c (simple_sslv2): Regression test. (ssl_server): Create SSL_CTX locally; optionally create an SSLv2-only server. (init_ssl): Do not create the SSL_CTX. Wed Sep 17 19:57:22 2003 Joe Orton * ssl.c: Refactor around single SSL server function. (ssl_server): Combination of do_ssl_response and old serve_* functions. All callers updated. Sun Sep 14 12:27:22 2003 Joe Orton * socket.c (write_reset, read_reset): Skip if no RESET was returned. Sun Sep 14 11:01:08 2003 Joe Orton * Makefile.in: Fix building the 'resolve' tool. Sat Sep 6 12:29:53 2003 Joe Orton * makekeys.sh, openssl.conf: Generate altname5.cert with an IPv4 address in the subjectAltName attribute. * ssl.c (ipaddr_altname): Test for IPv4 address in subjectAltName. Sat Sep 6 12:28:55 2003 Joe Orton * Makefile.in: Clear the SUFFIXES list; use standard make syntax; fix build of 'basic' on some platforms. Sat Aug 30 18:59:24 2003 Joe Orton * Makefile.in: Rewrite to use libtool to build object files and libtest. * run.sh: Don't set LD_LIBRARY_PATH. Wed Jul 23 23:25:39 2003 Joe Orton * compress.c (do_fetch): Check for response truncation for success case. (fail_corrupt1, fail_corrupt2): New tests. Sat Jun 21 12:59:49 2003 Joe Orton * request.c (versions): Fix and enable test. Wed Jun 18 20:09:59 2003 Joe Orton * request.c (is_alive): Adapt for new socket API. * socket.c (do_connect, addr_connect): Likewise. Tue May 20 20:14:03 2003 Joe Orton * ssl.c (cert_fingerprint): Fix for VPATH builds. Sat May 10 17:13:05 2003 Joe Orton * xml.c (matches): Add regression test for prefix matching bug fixed in 0.18.0. Sat Apr 26 19:22:29 2003 Joe Orton * request.c (any_te_header): New function. Wed Apr 23 18:24:19 2003 Joe Orton * stubs.c (stub_ssl): Test ne_ssl_cert_import, ne_ssl_cert_export, ne_ssl_cert_write stubs. Wed Apr 23 14:05:38 2003 Joe Orton * ssl.c (read_write): New function. Wed Apr 23 00:34:44 2003 Joe Orton * ssl.c (cache_cert, verify_cache): New functions. Wed Apr 23 00:14:14 2003 Joe Orton * ssl.c (any_ssl_request): Free the cert after passing it to ne_ssl_trust_cert. Tue Apr 22 23:24:33 2003 Joe Orton * string-tests.c (unbase64): Improve coverage. Tue Apr 22 20:25:15 2003 Joe Orton * ssl.c (import_export, flatten_pem, cert_compare): New functions. Tue Apr 22 18:32:43 2003 Joe Orton * string-tests.c (b64_check, unbase64): New functions. (base64): Use b64_check. Tue Apr 22 15:54:04 2003 Joe Orton * string-tests.c (base64): Test decoding binary data which contains bytes with the high bit set. Tue Apr 22 14:18:03 2003 Joe Orton * string-tests.c (base64): Moved here... * util-tests.c (base64): ...from here. Tue Apr 22 13:17:48 2003 Joe Orton * ssl.c (just_serve_string, fail_not_ssl): New functions. Tue Apr 22 13:09:13 2003 Joe Orton * stubs.c (stub_ssl): Test ne_ssl_cert_validity stub. Tue Apr 22 11:35:10 2003 Joe Orton * request.c (versions): Run test as XFAIL. Tue Apr 22 11:33:43 2003 Joe Orton * util-tests.c (version_string): New function. Tue Apr 22 09:23:27 2003 Joe Orton * ssl.c (check_validity, cert_validity): New functions. Mon Apr 21 19:45:39 2003 Joe Orton * util-tests.c (digest_md5): Replace ne_md5_buffer. (md5): Use digest_md5; test 500-byte string. Mon Apr 21 18:38:02 2003 Joe Orton * xml.c (fail_parse): Call ne_xml_parse with length=0 finish parse. Mon Apr 21 17:18:45 2003 Joe Orton * props.c: Add tests for ne_207.h interface and ne_simple_propfind from ne_props.h. * xml.c: Add tests for new XML interface. * Makefile.in: Run props tests before lock since the latter is implemented using the former. Mon Apr 7 22:27:18 2003 Joe Orton * stubs.c (stub_ssl): Test for ne_ssl_cert_identity stub. Mon Apr 7 22:17:56 2003 Joe Orton * ssl.c (cert_fingerprint): Renamed from fingerprint. (check_identity, cert_identities): New functions. Sun Apr 6 20:18:30 2003 Joe Orton * stubs.c (stub_ssl): Adjust for new clicert API. Sun Apr 6 20:12:48 2003 Joe Orton * ssl.c (dname_compare): Renamed from comparisons. (dname_readable): New function. * makekeys.sh: Create justmail.cert. Sun Apr 6 20:00:18 2003 Joe Orton * ssl.c (keypw_prompt): Removed function. (init, load_client_cert, client_cert_provided): Adapt for new clicert API. (ccert_unencrypted): New function. Fri Apr 4 22:34:12 2003 Joe Orton * request.c (fail_request_with_error): Refactored from fail_request; check for a particular error string. (fail_request): Use fail_request_with_error. (invalid_response_gives_error): New function. (fail_long_header): Use it. (fail_corrupt_chunks): New function. Sat Mar 29 14:39:20 2003 Joe Orton * ssl.c (comparisons): New function. * stubs.c (stub_ssl): Test ne_ssl_dname_cmp. Sat Mar 29 13:58:37 2003 Joe Orton * makekeys.sh: Generate noclient.p12. * ssl.c (load_client_cert): Test ne_ssl_clicert_name. * stubs.c (stub_ssl): Check for ne_ssl_clicert_name stub. Sat Mar 29 13:31:35 2003 Joe Orton * ssl.c (load_client_cert): Test ne_ssl_clicert_owner. Fri Mar 28 22:13:55 2003 Joe Orton * ssl.c (fingerprint): New function. * stubs.c (stub_ssl): Check for ne_ssl_cert_digest stub. Wed Mar 26 22:52:15 2003 Joe Orton * ssl.c (fail_missing_CN): New function. * makekeys.sh: Generate missingcn.cert. * openssl.conf: Allow commonName to be omitted from CSR. Wed Mar 26 22:41:48 2003 Joe Orton * ssl.c (load_server_certs): Renamed from load_ca; test loading non-existent file. Wed Mar 26 20:38:08 2003 Joe Orton * stubs.c (stub_ssl): Updated for new SSL interface. Tue Mar 25 20:32:07 2003 Joe Orton Update tests for changes to SSL interface: * socket.c (init_ssl): Use ne_ssl_context_create, ne_ssl_cert_read, ne_ssl_ctx_trustcert. (begin): Use ne_sock_connect_ssl. * ssl.c (serve_ssl_chained, trust_default_ca, load_client_cert, check_dname, check_cert_dnames, check_cert, check_chain, parse_chain, cc_check_dnames, cc_provided_dnames): New functions. (serve_ccert): Always trust SERVER_CERT; optionally call SSL_CTX_set_client_CA_list. (any_ssl_request, load_ca, fail_truncated_eof): Use ne_ssl_cert_read and ne_ssl_trust_cert. (keypw_prompt): Fail if userdata is NULL. (fail_load_ccerts, load_pkcs12_ccert, load_pem_ccert, check_DNs): Removed functions. (parse_cert): Use check_cert. (client_cert_provided, client_cert_pkcs12): Rewritten for new API. * makekeys.sh: Generate calist.pem, unclient.p12. Wed Mar 12 22:36:27 2003 Joe Orton * redirect.c (simple): Fold in tests for 30[237] redirects for better coverage. (no_redirect): Another test for _location returning NULL. Wed Mar 12 22:29:45 2003 Joe Orton * redirect.c (process_redir): Factored out from check_redir. (no_redirect): New function. Sun Mar 9 17:46:37 2003 Joe Orton * lock.c (fail_discover): New function. Sat Mar 1 10:53:58 2003 Joe Orton * uri-tests.c (authinfo): Removed. (escapes): Test nothing-to-escape and invalid URI cases. (compares): Gain 100% branch coverage in ne_path_compare. (default_port): Test unknown scheme case. (parse): Test authinfo here, and some edge cases. (unparse): Fill in port if default. Sat Mar 1 09:20:42 2003 Joe Orton * socket.c (multi_init): New function. Sat Mar 1 08:04:09 2003 Joe Orton * string-tests.c (cleaner): New function. Wed Feb 26 22:13:14 2003 Joe Orton * request.c (fail_eof_chunk, fail_eof_badclen): New tests. Wed Feb 26 21:54:39 2003 Joe Orton * util-tests.c (support): New function. (bad_sl, accept_sl): More status-lines. Tue Feb 25 21:06:18 2003 Joe Orton * ssl.c (do_ssl_response): Fail if response contains "Proxy-Authorization" header. (apt_post_send, apt_creds, auth_proxy_tunnel): New functions. Thu Nov 28 21:25:01 2002 Joe Orton * request.c (te_over_clength2): New test. Sun Nov 17 18:59:04 2002 Joe Orton * socket.c (addr_make_v4, addr_make_v6, addr_compare): New functions. Fri Oct 11 00:49:01 2002 Joe Orton * props.c (regress): Moved from regress.c:propfind_segv; add regression test for ne_props.c segfault fixed in rev 1.83. * regress.c: Removed. Tue Oct 8 20:06:55 2002 Joe Orton * xml.c (matches): Add tests that entities in attribute values are dereferenced by the XML parser. Fri Oct 4 17:10:19 2002 Joe Orton * request.c (no_body_bad_clength, no_body_empty_clength): New tests. (expect_no_body): Use better paths in the requests. Tue Sep 24 21:27:33 2002 Joe Orton * request.c (fail_long_header, versions, hook_create_req): New functions. Tue Sep 17 21:08:17 2002 Joe Orton * openssl.conf (neonca): Make 'countryName' optional in CA policy. (reqDN.CNfirst): New section. * makekeys.sh: Generate 'cnfirst.cert', which has commonName as first attribute in subject DN. * ssl.c (commonName_first): New function. Tue Sep 10 21:11:18 2002 Joe Orton * request.c (fail_double_lookup): New function. Sun Aug 25 23:16:33 2002 Joe Orton * ssl.c (do_ssl_response): Add 'unclean' argument. (all callers changed). (serve_response_unclean, empty_truncated_eof, fail_truncated_eof): New functions. Sun Aug 25 19:16:00 2002 Joe Orton * socket.c (resolve_numeric): Test ne_addr_print too. Sun Aug 25 13:39:37 2002 Joe Orton * resolve.c: New file. Sun Aug 25 11:25:12 2002 Joe Orton * request.c (is_alive): Update for new ne_addr_* interface. Sun Aug 25 08:31:16 2002 Joe Orton * socket.c (serve_truncate, ssl_truncate): New functions. Sun Aug 25 08:28:17 2002 Joe Orton * socket.c (do_connect): New function; use new ne_sock_connect/ne_addr interface. (begin) [SOCKET_SSL, !SOCKET_SSL]: Use do_connect. (resolve_numeric): Adjust for new ne_addr interface. (resolve_ipv6): Disable test. Sat Aug 24 08:50:06 2002 Joe Orton * request.c (fail_statusline): New function. Fri Aug 23 22:52:38 2002 Joe Orton * ssl.c (init): FAILHARD if initialization fails. Wed Aug 21 13:29:58 2002 Joe Orton * uri-tests.c (null_uri): Removed test. (parse): More tests including IPv6 address tests; use ONCMP macro. (failparse): New function. (unparse): Add URI with IPv6 address. Wed Aug 21 13:28:37 2002 Joe Orton * socket.c (resolve_ipv6): New function. Mon Aug 19 16:59:46 2002 Joe Orton * socket.c (resolve): Adapt for new ne_addr_resolve interface. (resolve_numeric): New test. * request.c (is_alive): Use new ne_addr_resolve interface. Mon Aug 19 16:57:53 2002 Joe Orton * socket.c (begin): Fix handling of connect failure. (TO_BEGIN): Handle errors from to_begin properly. Sun Aug 18 23:37:34 2002 Joe Orton * string-tests.c (str_errors): Check return value and behaviour when error string is truncated, an Sun Aug 18 23:31:51 2002 Joe Orton * util-tests.c (str_errors): Moved to... * string-tests.c (str_errors): here. Sun Aug 18 23:11:28 2002 Joe Orton * string-tests.c (strnzcpy): New function. Sun Aug 18 08:18:24 2002 Joe Orton * ssl.c (caseless_match): New function. * makekeys.sh: Create caseless.cert. Sun Aug 18 08:12:32 2002 Joe Orton * ssl.c (notdns_altname): New function. * makekeys.sh: Create altname4.cert. * openssl.conf (altExt4): New section. Sun Aug 18 07:42:30 2002 Joe Orton * ssl.c (multi_commonName): New function. * openssl.conf (req): Use distinguished_name section as specificied by $REQDN. (reqDN.doubleCN): New section. * makekeys.sh: Set $REQDN; create twocn.cert. Sun Aug 18 00:47:19 2002 Joe Orton * ssl.c (accept_signed_cert): New function, factored out from simple. (simple): Use accept_signed_cert. (subject_altname, two_subject_altname, two_subject_altname2): New function. * openssl.conf: Add extension sections altExt, altExt2, altExt3. * makekeys.sh: Generate altname.cert, altname2.cert, altname3.cert. Sat Aug 17 18:41:42 2002 Joe Orton * makekeys.sh (csr_fields): New function; generate output for `openssl req'. Sat Aug 17 18:27:36 2002 Joe Orton * makekeys.sh: Add CA and REQ variables to simplify OpenSSL invocation. Pass -config to req rather than relying on installed default configuration. * openssl.conf: Add `req' and `reqDN' sections to allow use with `openssl req' command. Add CA basic constraint extention to certificates used. Sat Aug 10 10:42:57 2002 Joe Orton * makekeys.sh: Use openssl binary as ${OPENSSL}. * Makefile.in: Pick up OPENSSL from configure, and pass it through to makekeys.sh. Sat Aug 10 10:18:15 2002 Joe Orton * socket.c (begin): Don't use run-time initialization. * request.c (s_progress): Fix warnings on FreeBSD. Mon Aug 5 21:08:24 2002 Joe Orton * ssl.c (ccert_provider, client_cert_provided): New functions. (fail_load_ccerts): Enable function. Sun Aug 4 22:32:43 2002 Joe Orton * request.c (serve_abort, retry_after_abort): New functions. Sun Aug 4 13:28:47 2002 Joe Orton * request.c (continued_header): New function. Sun Aug 4 12:54:52 2002 Joe Orton * socket.c [SOCKET_SSL] (ssl_closure): New function; use instead of read_reset, write_reset for SOCKET_SSL build. Sun Aug 4 12:27:34 2002 Joe Orton Build socket.c twice, once for testing over SSL connections: * Makefile.in (socket-ssl.o, socket-ssl): New targets. (SSL_TESTS): Include socket-ssl target. * socket.c [SOCKET_SSL] (init_ssl, wrap_serve): New functions. [SOCKET_SSL] (begin): Alternate implementation. Sat Aug 3 22:20:59 2002 Joe Orton * session.c (privates): New function. Sat Aug 3 22:20:14 2002 Joe Orton * auth.c (fail_auth_cb, tunnel_regress): New function. Sat Aug 3 22:12:48 2002 Joe Orton * auth.c (forget_regress): New function. Sun Jul 28 12:24:02 2002 Joe Orton * lock.c (lock_timeout, submit_test, lock_shared): Use ne_concat, not CONCAT? macros. * ssl.c (init, fail_expired, fail_notvalid): Likewise. Thu Jul 25 00:04:47 2002 Joe Orton * string-tests.c (buf_concat, buf_concat2, buf_concat3): Renamed from concat, concat1, concat3). (concat): New function. Sun Jul 14 11:42:03 2002 Joe Orton * util-tests.c (versioning): New function. Thu Jul 11 17:24:29 2002 Joe Orton * request.c (no_headers): New function. Wed Jul 10 22:58:01 2002 Joe Orton * utils.c (any_2xx_request_body): New function. Wed Jul 10 22:44:12 2002 Joe Orton * request.c (ptimeout_eof, ptimeout_eof2, close_not_retried, serve_close2): New functions. (abort_respbody): Rejoin child earlier for reliable results. Sun Jul 7 12:17:11 2002 Joe Orton * socket.c (expect_eof): Better error reporting. (good_close): Split from finish(). (finish): Use good_close. (expect_write_closed, write_reset, read_reset): Add tests that an ECONNRESET is treated as a SOCK_CLOSED failure. Sun Jul 7 08:38:12 2002 Joe Orton * utils.c (serve_response): Use discard_body(). Sun Jul 7 08:28:56 2002 Joe Orton * socket.c (serve_expect, full_write, small_writes, large_writes, echo_server, echo_expect, echo_lines): New functions. Sat Jul 6 13:11:33 2002 Joe Orton * request.c (serve_eof, fail_early_eof, fail_eof_continued, fail_eof_headers): New functions. Sat Jul 6 08:58:17 2002 Joe Orton * request.c (serve_100_once, expect_100_once): New functions. Fri Jul 5 21:43:58 2002 Joe Orton * auth.c (username): Use the correct spelling of Aladdin. (auth_hdr): Simplify debug messages. (auth_serve): Fail if no Authorization header is given. (basic): Check for response status. Fri Jul 5 21:41:02 2002 Joe Orton * utils.c (any_2xx_request): New function. Sun Jun 30 17:10:59 2002 Joe Orton * request.c (fail_noserver): Factor out from host_not_found. (fail_lookup): Equivalent to old host_not_found. (fail_connect, abort_respbody): New function. Sun Jun 30 14:32:32 2002 Joe Orton * request.c (fail_chunksize): New function. Sun Jun 30 10:39:17 2002 Joe Orton * request.c (test_persist): Factor out from persist; take response and response body as arguments. (persist_http11): New function, equivalent to old persist. (persist_chunked, persist_http10): New functions. Sun Jun 30 10:25:07 2002 Joe Orton * utils.c (serve_response): Factor out from single_serve_string, many_serve_string. (single_serve_string, many_serve_string): Use serve_response. Sun Jun 30 09:13:55 2002 Joe Orton * request.c (expect_response, persist, persist_timeout, multi_header): Rely on the fact that the test framework will reap the server. (expect_no_body, no_body_304, no_body_204, no_body_HEAD, no_body_chunks): New functions. Tue Jun 25 23:05:42 2002 Joe Orton * request.c (trailing_header): New function. Sun Jun 23 23:00:03 2002 Joe Orton * ssl.c (no_verify): Fix sixth argument to any_ssl_request. Sun Jun 23 15:21:06 2002 Joe Orton * Makefile.in (grind): New target. * run.sh: Respect $HARNESS. Sun Jun 23 15:20:38 2002 Joe Orton * props.c: New file. Sun Jun 23 09:37:10 2002 Joe Orton * makekeys.sh: Ignore failure from `hostname -[sdf]' commands, as appropriate tests are skipped on failure. Sun Jun 23 08:33:50 2002 Joe Orton * request.c (host_not_found): Use any_request(); simplify. (proxy_no_resolve): New function. Sun Jun 16 11:40:19 2002 Joe Orton * ssl.c (do_ssl_response): Succeed if connection is closed by client after negotiation. (serve_tunnel, fail_tunnel, proxy_tunnel): New functions. Mon Jun 10 21:18:03 2002 Joe Orton * redirect.c (check_redir): Await server child before returning. Sun Jun 9 13:05:25 2002 Joe Orton * socket.c (DECL): Don't use run-time initialization. (single_read, single_peek, small_reads, read_and_peek, line_closure, larger_read, line_toolong): Use DECL, as last declaration. Sun Jun 9 13:03:36 2002 Joe Orton * compress.c (reader, do_fetch): Check that inflated data is of expected length. Sun Jun 9 11:40:54 2002 Joe Orton * redirect.c (struct redir_args): Add 'path' field. (any_request): Use path in Request-URI. (simple, redir_303, non_absolute): Fill in path. (relative_1, relative_2): New functions. Tue Jun 4 16:56:08 2002 Joe Orton * uri-tests.c (parents): Improve ne_path_parent tests. Mon Jun 3 18:22:31 2002 Joe Orton * cookies.c: New file. Sun Jun 2 10:06:42 2002 Joe Orton * basic.c (dav_capabilities): New function. Sat Jun 1 10:39:04 2002 Joe Orton * socket.c (to_begin, to_end, peek_timeout, read_timeout, readline_timeout, fullread_timeout): New functions. Sat Jun 1 10:38:13 2002 Joe Orton * request.c (read_timeout): Use sleepy_server. (hung_server): Removed. Sat Jun 1 10:32:45 2002 Joe Orton * utils.c (sleepy_server): New function. Thu May 30 20:00:40 2002 Joe Orton * socket.c (finish): New function, factored out from common code. (small_reads, read_and_peek, larger_read): Use it. (line_simple, line_closure, line_empty, line_toolong, line_mingle, line_chunked): New functions. Sun May 26 14:54:52 2002 Joe Orton * request.c (fill_uri, match_hostport, hostports): Moved functions to session.c. * session.c: New file. Fri May 24 08:14:21 2002 Joe Orton * request.c (match_hostport, hostports): New functions. Tue May 21 21:29:25 2002 Joe Orton * redirect.c: New file. Sun May 19 18:25:48 2002 Joe Orton * auth.c, lock.c, regress.c, socket.c, ssl.c, utils.c, utils.h: Update for socket API change; s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/. Wed May 8 19:41:24 2002 Joe Orton * ssl.c (do_ssl_response): Take response body as parameter; all callers changed. (serve_eof, simple_eof): New functions. Wed May 8 17:17:27 2002 Joe Orton * socket.c: New file. * sock-tests.c: Removed file. * Makefile.in: Updated accordingly. Wed May 8 11:53:35 2002 Joe Orton * request.c (host_not_found): New function. Wed May 1 21:41:02 2002 Joe Orton * uri-tests.c (parse): New function. (simple, simple_ssl): Adjust for ne_uri_parse port default. Tue Apr 23 21:39:09 2002 Joe Orton * request.c (read_timeout): Better diagnostic for test failure cases. Sun Apr 14 12:00:19 2002 Joe Orton * basic.c (content_type): Updated to reflect default charset ISO-8859-1 for text/ media types. Sun Apr 7 17:35:21 2002 Joe Orton * run.sh: Set MALLOC_CHECK_ so glibc's heap corruption detection is enabled. Sun Apr 7 17:30:37 2002 Joe Orton * compress.c (do_fetch): Reset 'failed' flag to zero each time. Wed Apr 3 20:16:43 2002 Joe Orton * request.c (NO_BODY): Renamed from NOBODY (all callers changed). (empty_header, ignore_header_ws, ignore_header_ws2): New tests. (ignore_header_ws3): Renamed from ignore_header_spaces. Tue Apr 2 21:09:33 2002 Joe Orton * request.c (expect_header_value): New function. (ignore_header_case, ignore_header_spaces, ignore_header_tabs): New tests. Mon Mar 25 21:51:24 2002 Joe Orton * lock.c (multi_lock_response, lock_shared): New function. (lock_compare): Factored out from discover_results. (discover, lock_timeout, submit_test): Adjust for lock API changes. Mon Mar 25 21:36:55 2002 Joe Orton * ssl.c (fail_ssl_request): Check failure bits against NE_SSL_FAILMASK. Sun Mar 10 22:07:48 2002 Joe Orton * stubs.c (stub_decompress, sd_reader): New function. Sun Mar 10 21:39:29 2002 Joe Orton * lock.c (activelock): New function, factored out from lock_response. (lock_response): Use activelock; adjust argument types. (make_lock): Adjusted for lock_response arg changes. (discard_response, serve_discovery, discover_result, discover): New functions. Wed Mar 6 22:22:04 2002 Joe Orton * lock.c (submit_test): Handle failures gracefully. Wed Mar 6 21:23:27 2002 Joe Orton * lock.c (submit_test): Update to expect an absoluteURI in If: headers. Wed Mar 6 21:17:37 2002 Joe Orton * uri-tests.c (unparse): New function. Tue Mar 5 22:59:37 2002 Joe Orton * uri-tests.c (cmp): Checks for case-insensitive comparison, and empty path, "/" equivalence. Mon Mar 4 01:07:03 2002 Joe Orton * request.c (blank_response): Add test for potential segfault in strip_eol (would fail if run under Electric Fence). Sun Mar 3 20:50:01 2002 Joe Orton * lock.c (make_lock, store_single, store_several, got_if_header, serve_verify_if, do_request, submit_test, if_simple, if_under_infinite, if_infinite_over, if_child, if_covered_child): New tests. (lock_timeout): Adjusted for API changes. Sun Mar 3 15:29:05 2002 Joe Orton * uri-tests.c (cmp_differ, cmp): New functions. Sun Mar 3 11:08:36 2002 Joe Orton * request.c (fill_uri): New function. Sun Feb 17 21:31:21 2002 Joe Orton * ssl.c (fqdn_match): Removed test. Sun Feb 17 20:32:16 2002 Joe Orton * makekeys.sh: Create keypair for client cert. * ssl.c (do_ssl_response, any_ssl_request, all callers thereof): Better error handling. (serve_ccert, load_pem_ccert, keypw_prompt, load_pkcs12_ccert, fail_load_ccerts, client_cert_pem, client_cert_pkcs12): New functions. Sun Feb 17 11:54:19 2002 Joe Orton * basic.c (do_range): Factored out from get_range/fail_range_length. (get_range, fail_range_length): Use do_range. (fail_range_units, fail_range_notrange, fail_range_unsatify): New tests. Sun Feb 17 11:36:00 2002 Joe Orton * basic.c (get_range, fail_range_length): New functions. Sat Feb 16 23:29:40 2002 Joe Orton * xml.c: New file. * Makefile.in (DAV_TESTS): Add xml tests. Sat Feb 16 15:26:27 2002 Joe Orton * compress.c (do_fetch): Rename from fetch(); add 'expect_fail' paramater. (fetch): Re-implement using do_fetch. (fail_trailing, fail_bad_csum, fail_truncate): New functions. * Makefile.in (trailing.gz, truncated.gz, badcsum.gz): New helper files. Thu Feb 14 19:09:42 2002 Joe Orton * request.c (everywhere): Simplify use of expect_response. Thu Feb 14 19:05:48 2002 Joe Orton * request.c (ignore_bad_headers): New function. Mon Feb 11 22:06:40 2002 Joe Orton * makekeys.sh: If the hostname command is clever enough to give FQDN, hostname, domainname, then create wildcard.cert; cert with a wildcard commonName. * ssl.c (wildcard_match): New function Mon Feb 11 21:55:52 2002 Joe Orton * ssl.c (any_ssl_request): Take session pointer, don't initialize here. (DEFSESS): New macro. (everywhere): Use DEFSESS rather than passing pointer-to- session pointer. Mon Feb 11 20:44:44 2002 Joe Orton * ssl.c (fqdn_match): Test for FQDN matching against non-qualified FQDN. (makekeys.sh): Create server cert with FQDN. Sun Feb 10 12:36:55 2002 Joe Orton * request.c (chunk_oversize): New function. Sat Feb 9 21:12:47 2002 Joe Orton * request.c (reason_phrase): New function. Sat Feb 9 16:50:58 2002 Joe Orton * request.c (read_timeout, hung_server): New functions. Thu Feb 7 22:58:31 2002 Joe Orton * ssl.c (cache_verify, no_verify, count_vfy): New functions. Thu Feb 7 19:39:33 2002 Joe Orton * ssl.c (any_ssl_request): Take server function as argument: all callers changed. (fail_ssl_request): Renamed from failreq; uses any_ssl_request. Wed Feb 6 20:43:32 2002 Joe Orton * ssl.c (load_ca): New function. Wed Feb 6 20:36:15 2002 Joe Orton * ssl.c (any_ssl_request): Make ca_cert and verify_fn arguments optional. (trustall): Removed function. (simple): Use the CA cert; no need for a verify function. (parse_cert): Don't give a CA cert, force use of verify function. (failreq): Bug fix, don't trust server cert as CA. (fail_wrongCN, fail_notvalid, fail_expired): Pass server cert as CA cert server cert is self-signed. Tue Feb 5 20:33:42 2002 Joe Orton * ssl.c (fail_untrusted_ca, fail_self_signed): New tests. (fail_serve): New function. (failreq, any_ssl_request): Take ca cert argument. (check_DNs, trustall, get_failures): Adjust for new verify callback interface. Sat Feb 2 14:18:11 2002 Joe Orton * ssl.c (do_ssl_response): Factored out from serve_ssl. (serve_ssl): Use do_ssl_response. (serve_scache, session_cache): New functions. Thu Jan 31 21:09:58 2002 Joe Orton * Makefile.in (ca-stamp): New target. * makekeys.sh: New helper script. * ssl.c (parse_cert, fail_wrongCN, fail_expired, fail_notvalid): New tests. (any_ssl_request, trustall, check_DNs, failreq): New auxiliaries. Thu Jan 31 20:42:38 2002 Joe Orton * wrongcn.pem, notvalid.pem, expired.pem, server.key: New files. * Makefile.in: Remove targets to generate certs. Wed Jan 30 21:15:33 2002 Joe Orton * Makefile.in (wrongcn.pem): New target. Wed Jan 30 19:58:18 2002 Joe Orton * string-tests.c: Updated for ne_buffer API change. Sat Jan 26 11:23:34 2002 Joe Orton * Makefile.in: Pick up appropriate TESTS, HELPERS from configure. (ssltests*, davtests*): Remove crud. * compress.c: Presume zlib support present if built. Sun Jan 20 23:29:37 2002 Joe Orton * ssl.c: New file. * Makefile.in (ssltests-no, ssltests-yes, server.pem, server.key): New targets. (check): Conditionally run SSL tests. Sun Jan 20 13:20:56 2002 Joe Orton * Makefile.in (davtests-no, davtests-yes): Separate test programs which require DAV support; only run if DAV is enabled. * Makefile.in (test): Pass SRCDIR env var through to run.sh. * run.sh: Pass SRCDIR as argv[1] to test programs. * compress.c (init): New function. Use 'newsfn' global for filename of NEWS file. Sun Jan 20 13:06:40 2002 Joe Orton * Makefile.in: Fixes for VPATH build Mon Jan 14 01:58:39 2002 Joe Orton * basic.c (content_type): Add harsher charset handling tests. Sun Jan 13 14:01:57 2002 Joe Orton * lock.c (lock_timeout): Use make_session. * acl.c (test_acl): Use make_session. * auth.c (basic, retries): Use make_session. Sun Jan 13 14:01:13 2002 Joe Orton * utils.c (make_session): New function. Sun Jan 13 14:00:34 2002 Joe Orton * basic.c (content_type): Rename ctype to ct; check if charset is unexpectedly set. Sun Jan 13 13:58:07 2002 Joe Orton * basic.c: New file. * Makefile.in: Add `basic' test suite. Mon Jan 7 22:05:33 2002 Joe Orton * Makefile.in: Don't pass CFLAGS to CC when linking. Mon Jan 7 21:46:03 2002 Joe Orton * lock.c: New file. * Makefile.in: Add 'lock' to TESTS, build lock. Mon Jan 7 21:17:21 2002 Joe Orton * skeleton.c: Add skeleton test suite. Tue Jan 1 21:47:09 2002 Joe Orton * Makefile.in: Use CPPFLAGS correctly. Sun Dec 9 14:02:50 2001 Joe Orton * string-tests.c (ONCMP): New macro. (everywhere): Use it. (grow): Add ne_buffer_grow test. Sun Dec 9 13:12:27 2001 Joe Orton * string-tests.c (concat2, concat3): New ne_buffer_concat tests. Sat Dec 1 18:35:29 2001 Joe Orton * utils.c (any_request): Don't set the error context. Sat Dec 1 12:21:48 2001 Joe Orton * auth.c (retry_failure, retry_fail_cb, retry_fail_serve): New functions. Tue Nov 27 21:24:22 2001 Joe Orton * request.c (s_progress, provide_progress, send_progress): New functions. Sun Nov 18 19:11:23 2001 Joe Orton * auth.c (send_response): New function. (auth_serve): Simplify using send_response. (retry_serve, retry_cb, retries): New functions. Sat Nov 17 22:32:29 2001 Joe Orton * auth.c (auth_serve, basic): Simplify, use a persistent connection and any_request() to work with --disable-dav builds. Sat Nov 17 22:30:43 2001 Joe Orton * utils.c (any_request): New function. Sun Oct 28 19:38:05 2001 Joe Orton * Makefile.in: Use explicit link rules. Fri Oct 26 20:08:33 2001 Joe Orton * request.c (persist_timeout): Test behaviour when connection closes after between 1 and 10 requests. Fri Oct 26 20:04:27 2001 Joe Orton * utils.c (many_serve_string): New function. Sun Oct 7 17:48:53 2001 Joe Orton * utils.c: New file. * request.c (single_serve_string): Moved to utils.c. * Makefile.in: Link utils.o into all libtest.a. Move libtest.a into this directory. Sun Oct 7 15:01:47 2001 Joe Orton * request.c (persist, persist_timeout, serve_twice, is_alive): New functions. (closed_connection): Avoid race condition. Sat Oct 6 14:33:42 2001 Joe Orton * request.c (prepare_request, finish_request): Renamed from make_request, destroy_request. (skip_interim_1xx, skip_many_1xx, skip_1xx_hdrs): New functions. Wed Oct 3 00:03:33 2001 Joe Orton * request.c (fail_request): Optionally include a request body, and optionally presume the server runs "forever". (all callers changed). (serve_close, closed_connection): New function. Sat Sep 29 14:08:16 2001 Joe Orton * compress.c (fetch): Update for new decompression API. Sat Sep 29 11:21:56 2001 Joe Orton * compress.c: New file. * Makefile.in: Build compress test, and some its helpers. Add -lneon to LIBS, and pick up NEON_CFLAGS. Thu Sep 27 20:31:51 2001 Joe Orton * utils.h: New file. * request.c: Moved ONREQ() into utils.h Mon Aug 27 00:34:56 2001 Joe Orton * regress.c: New file. Mon Aug 27 00:33:13 2001 Joe Orton * request.c (discard_request): Moved into common/child.c. (make_request, destroy_request): Convenience functions. (serve_non_http, not_http): New test. Sun Jun 24 22:15:46 2001 Joe Orton * test.[ch], child.[ch]: Moved into 'common' subdir. * Makefile.in: Updated likewise. Tue Jun 19 22:00:06 2001 Joe Orton * util-tests.c (parse_dates): Test date parsers. Sun Jun 10 17:36:11 2001 Joe Orton * request.c (infinite_headers, unbounded_headers): New test. Sun Jun 10 16:38:53 2001 Joe Orton * child.c [HAVE_PIPE]: Use a pipe between child and parent to know when the child is ready to accept connections. Avoids boring sleep()ing. Fri Jun 8 21:19:35 2001 Joe Orton * tests.c (segv, main): Remove SEGV handler in favour of useful core dumps. Mon Jun 4 01:15:52 2001 Joe Orton * child.c (server_socket): Set socket family correctly. Thu May 31 08:58:41 2001 Joe Orton * util-tests.c (md5_alignment): New test for MD5 alignment issue on Sparc. Thu May 31 00:40:43 2001 Joe Orton * child.c (minisleep): Just sleep for a second anyway. Thu May 31 00:19:16 2001 Joe Orton * child.c (server_socket): Casts for bind and setsockopt arguments. Thu May 31 00:02:21 2001 Joe Orton * request.c (send_bodies): Test callback-provided request bodies. Wed May 30 22:37:08 2001 Joe Orton * tests.c (child_segv): New function. (in_child): Install different SEGV handler. (segv): Sleep so the re-raised SEGV signal gets handled and we dump core. Wed May 30 19:24:32 2001 Joe Orton * request.c (send_bodies): New test for sending request bodies. Wed May 16 21:19:49 2001 Joe Orton * request.c (expect_response): Renamed, fold together single_request and do_get_request. (all callers changed) Wed May 16 20:59:19 2001 Joe Orton * request.c (construct_get, run_request): New functions. (fold_headers, fold_many_headers, multi_header): New tests. Sat May 12 17:37:36 2001 Joe Orton * server.c: Renamed from http-tests.c. Sat May 12 17:35:05 2001 Joe Orton * child.c (minisleep): New function. (spawn_server, reap_server): New functions. (server_child): Call in_child. Sat May 12 17:33:57 2001 Joe Orton * tests.c (main): Open two log files for debugging messages. (in_child): Switch to debug using child log. Sat May 12 11:18:18 2001 Joe Orton * tests.c (main): Call sock_init. (segv): Re-raise SEGV signal after printing message. Mon May 7 10:38:50 2001 Joe Orton * request.c (chunk_syntax_1, chunk_syntax_2, chunk_syntax_3, chunk_syntax_4, chunk_syntax_5): Split down from chunk_syntax. Mon May 7 10:37:38 2001 Joe Orton * util-tests.c (base64): Update for ne_base64() changes. Add tests for binary data. Sun May 6 23:55:36 2001 Joe Orton * tests.h (ON): Use global buffer 'on_err_buf'. Make 'name' variable public. Sun May 6 23:53:06 2001 Joe Orton * request.c (single_serve_string): General version of single_serve_*. (single_request): Pass in expected response body. (single_get_*): Use new single_request/single_serve_string. (chunk_syntax): Add some tests for chunk syntax. Sun May 6 22:29:36 2001 Joe Orton * child.c, child.h: New files, split down from request.c. Sun May 6 21:53:28 2001 Joe Orton * request.c (spawn_server): Sleep for a while to let the server get going. (do_request): Use passed parameters when creating request. Sun May 6 21:34:27 2001 Joe Orton * request.c (spawn_server): Use callback to handle the server side of connection. (single_request): New function. (single_get_eof, single_get_clength, single_get_chunked): New functions. (reap_server): New function. Sun May 6 20:02:32 2001 Joe Orton * request.c: New file. Wed May 2 12:08:53 2001 Joe Orton * string-tests.c (token1, token2, nulls, empty, quoted, badquotes, shave, combo): New tests for ne_token and ne_shave. Wed May 2 12:04:52 2001 Joe Orton * string-tests.c: Updated for sbuffer -> ne_buffer changes. Wed May 2 01:08:45 2001 Joe Orton * Makefile.in (check): Alias for test goal. Wed May 2 01:08:36 2001 Joe Orton * tests.c (segv): Disable SEGV handler once handling it. Sun Apr 29 14:57:59 2001 Joe Orton * uri-tests.c (slash): Check behaviour of passing zero-length URI. Sun Apr 29 13:43:59 2001 Joe Orton * Makefile.in (clean): New target. (libtest.a): Depend on libneon to force rebuilds when necessary. (all): Build but don't test. Sun Apr 29 13:41:13 2001 Joe Orton * util-tests.c: Add status line with leading garbage. Sun Apr 29 13:39:53 2001 Joe Orton * util-tests.c (status_lines): Add some tests for invalid status lines too. Sun Apr 29 13:38:31 2001 Joe Orton * tests.c (main): Use basename(argv[0]) as suite name. Fail if no tests are in the functions vector. Sun Apr 29 11:06:45 2001 Joe Orton * tests.c (segv): New function. (main): Add SIGSEGV handler. Fri Apr 27 00:00:12 2001 Joe Orton * util-tests.c (base64): New test. Thu Apr 26 22:39:44 2001 Joe Orton * uri-tests.c (just_hostname, just_path, null_uri): New tests. Thu Apr 26 22:03:58 2001 Joe Orton * util-tests.c (md5): Test of MD5 functions. Mon Apr 23 23:08:02 2001 Joe Orton * http-tests.c (simple_head): Add HEAD test. Mon Apr 23 22:49:52 2001 Joe Orton * http-tests.c (simple_get): Check for EOF after reading response body of HTTP/1.0 GET request. (null_resource): New function, test for 404 on null resource. neon-0.32.2/test/Makefile.in000066400000000000000000000154011416727304000155660ustar00rootroot00000000000000# Makefile for neon test suite. SHELL = @SHELL@ CPPFLAGS = @CPPFLAGS@ -I. -I$(top_srcdir)/src -I$(top_srcdir)/test/common CFLAGS = @CFLAGS@ @NEON_CFLAGS@ LDFLAGS = @LDFLAGS@ DEFS = @DEFS@ top_builddir = .. top_srcdir = @top_srcdir@ srcdir = @srcdir@ VPATH = @srcdir@ LIBS = @LIBS@ TEST_LIBS = $(LIBTEST) $(LIBS) CC = @CC@ OPENSSL = @OPENSSL@ HELPERS = @HELPERS@ foobar.txt BASIC_TESTS = uri-tests util-tests string-tests socket \ session request auth basic stubs redirect ZLIB_TESTS = compress ZLIB_HELPERS = file1.gz file2.gz trailing.gz badcsum.gz truncated.gz \ corrupt1.gz corrupt2.gz empty.gz random.txt hello.txt hello.gz DAV_TESTS = xml xmlreq oldacl acl3744 props lock SSL_TESTS = socket-ssl ssl SSL_HELPERS = ca-stamp TESTS = @TESTS@ VALGRIND = valgrind --tool=memcheck --leak-check=yes --trace-children=no --show-reachable=yes # Make every object depend on libneon.la to force a rebuild on any src/* changes OBJDEPS = $(srcdir)/common/tests.h $(srcdir)/common/child.h $(srcdir)/utils.h \ $(top_builddir)/config.h $(top_builddir)/src/libneon.la # Test program just depends on libtest DEPS = $(LIBTEST) LDADD = $(DEPS) $(LIBS) LIBTEST = libtest.la LIBNEON = $(top_builddir)/src/libneon.la LIBTOOL = @LIBTOOL@ --silent TEST_LDFLAGS = @TEST_LDFLAGS@ LINK = $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(TEST_LDFLAGS) COMPILE = $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL = @INSTALL@ TEST_INSTALL_DIR = $(libdir)/neon-tests INSTALL_HELPERS = $(HELPERS) server.key makekeys \ $(srcdir)/openssl.conf $(srcdir)/notvalid.pem \ $(srcdir)/expired.pem .SUFFIXES: .SUFFIXES: .lo .c # By default, compile but don't run the tests. all: $(TESTS) clean: rm -f $(TESTS) $(HELPERS) *.o *.lo common/*.o common/*.lo libtest.*a *.log rm -f *.gc* *.da *.bb* common/*.bb* common/*.gc* common/*.da rm -rf ca ca2 .libs nssdb* rm -f ca-stamp client.key *.csr ssigned.pem wrongcn.pem \ server.cert client.cert *.p12 *.cert sparse.bin check: $(TESTS) $(HELPERS) @SRCDIR=$(srcdir) $(SHELL) $(srcdir)/run.sh $(TESTS) grind: $(TESTS) $(HELPERS) @SRCDIR=$(srcdir) HARNESS="$(VALGRIND)" $(SHELL) $(srcdir)/run.sh $(TESTS) lfs-check: largefile $(LFS_HELPERS) @SRCDIR=$(srcdir) $(SHELL) $(srcdir)/run.sh largefile install: $(TESTS) $(HELPERS) @$(INSTALL) -d $(DESTDIR)$(TEST_INSTALL_DIR) @$(INSTALL) -d $(DESTDIR)$(TEST_INSTALL_DIR)/bin @$(INSTALL) -d $(DESTDIR)$(TEST_INSTALL_DIR)/data @for t in $(TESTS); do \ $(LIBTOOL) --mode=install \ $(INSTALL_PROGRAM) $$t $(DESTDIR)$(TEST_INSTALL_DIR)/bin; \ done @for h in $(INSTALL_HELPERS); do \ $(INSTALL_DATA) $$h $(DESTDIR)$(TEST_INSTALL_DIR)/data; \ done @$(INSTALL_PROGRAM) -p $(srcdir)/run-tests.sh $(DESTDIR)$(TEST_INSTALL_DIR) NEWS = $(top_srcdir)/NEWS file1.gz: $(NEWS) gzip -c --no-name $(NEWS) > $@ file2.gz: $(NEWS) gzip -c --name $(NEWS) > $@ hello.txt: echo hello world > $@ hello.gz: hello.txt gzip -c hello.txt > $@ # gzip file with trailing bytes. trailing.gz: $(NEWS) gzip -c --no-name $(NEWS) > $@ echo "hello, world" >> $@ truncated.gz: file1.gz dd if=file1.gz of=$@ bs=2048 count=2 badcsum.gz: file1.gz dd of=$@ if=file1.gz bs=1 count=`perl -e 'printf "%d", (stat("file1.gz"))[7] - 8;'` echo 'broken!' >> $@ corrupt1.gz: file1.gz dd of=$@ if=file1.gz bs=1 count=500 cat $(NEWS) >> $@ corrupt2.gz: $(NEWS) cat $(NEWS) > $@ empty.gz: touch $@ random.txt: $(NEWS) cat $(NEWS) > $@ foobar.txt: echo foobar > $@ # Dummy target to create the CA keys etc. makekeys stderr is redirected # since it changes for every invocation; not helpful for regression # testing. ca-stamp: makekeys $(srcdir)/openssl.conf rm -rf ca ca2 OPENSSL=$(OPENSSL) \ $(SHELL) makekeys $(srcdir) 2>makekeys.out @echo timestamp > ca-stamp Makefile: $(srcdir)/Makefile.in cd .. && ./config.status test/Makefile makekeys: $(srcdir)/makekeys.sh cd .. && ./config.status test/makekeys LIBOBJS = common/tests.lo common/child.lo utils.lo util-socks.lo $(LIBTEST): $(LIBOBJS) $(LINK) -o $(LIBTEST) $(LIBOBJS) $(LIBNEON) $(LIBS) .c.lo: $(COMPILE) -c $< -o $@ # Recompile socket.c with SOCKET_SSL defined socket-ssl.lo: $(srcdir)/socket.c $(HDRS) $(COMPILE) -DSOCKET_SSL -c $(srcdir)/socket.c -o $@ socket-ssl: socket-ssl.lo $(LIBTEST) $(LINK) -o $@ socket-ssl.lo $(TEST_LIBS) resolve: resolve.lo $(LIBNEON) $(LINK) -o $@ resolve.lo $(LIBNEON) common/tests.lo: $(srcdir)/common/tests.c $(OBJDEPS) common/child.lo: $(srcdir)/common/child.c $(OBJDEPS) utils.lo: $(srcdir)/utils.c $(OBJDEPS) util-socks.lo: $(srcdir)/util-socks.c $(OBJDEPS) auth.lo: $(srcdir)/auth.c $(OBJDEPS) uri-tests.lo: $(srcdir)/uri-tests.c $(OBJDEPS) util-tests.lo: $(srcdir)/util-tests.c $(OBJDEPS) string-tests.lo: $(srcdir)/string-tests.c $(OBJDEPS) socket.lo: $(srcdir)/socket.c $(OBJDEPS) server.lo: $(srcdir)/server.c $(OBJDEPS) request.lo: $(srcdir)/request.c $(OBJDEPS) regress.lo: $(srcdir)/regress.c $(OBJDEPS) compress.lo: $(srcdir)/compress.c $(OBJDEPS) oldacl.lo: $(srcdir)/oldacl.c $(OBJDEPS) acl3744.lo: $(srcdir)/acl3744.c $(OBJDEPS) utils.lo: $(srcdir)/utils.c $(OBJDEPS) stubs.lo: $(srcdir)/stubs.c $(OBJDEPS) props.lo: $(srcdir)/props.c $(OBJDEPS) session.lo: $(srcdir)/session.c $(OBJDEPS) redirect.lo: $(srcdir)/redirect.c $(OBJDEPS) basic.lo: $(srcdir)/basic.c $(OBJDEPS) ssl.lo: $(srcdir)/ssl.c $(OBJDEPS) lock.lo: $(srcdir)/lock.c $(OBJDEPS) largefile.lo: $(srcdir)/largefile.c $(OBJDEPS) auth: auth.lo $(DEPS) $(LINK) -o $@ auth.lo $(LDADD) basic: basic.lo $(DEPS) $(LINK) -o $@ basic.lo $(LDADD) uri-tests: uri-tests.lo $(DEPS) $(LINK) -o $@ uri-tests.lo $(LDADD) util-tests: util-tests.lo $(DEPS) $(LINK) -o $@ util-tests.lo $(LDADD) string-tests: string-tests.lo $(DEPS) $(LINK) -o $@ string-tests.lo $(LDADD) socket: socket.lo $(DEPS) $(LINK) -o $@ socket.lo $(LDADD) server: server.lo $(DEPS) $(LINK) -o $@ server.lo $(LDADD) request: request.lo $(DEPS) $(LINK) -o $@ request.lo $(LDADD) regress: regress.lo $(DEPS) $(LINK) -o $@ regress.lo $(LDADD) compress: compress.lo $(DEPS) $(LINK) -o $@ compress.lo $(LDADD) oldacl: oldacl.lo $(DEPS) $(LINK) -o $@ oldacl.lo $(LDADD) acl3744: acl3744.lo $(DEPS) $(LINK) -o $@ acl3744.lo $(LDADD) utils: utils.lo $(DEPS) $(LINK) -o $@ utils.lo $(LDADD) stubs: stubs.lo $(DEPS) $(LINK) -o $@ stubs.lo $(LDADD) props: props.lo $(DEPS) $(LINK) -o $@ props.lo $(LDADD) session: session.lo $(DEPS) $(LINK) -o $@ session.lo $(LDADD) redirect: redirect.lo $(DEPS) $(LINK) -o $@ redirect.lo $(LDADD) ssl: ssl.lo $(DEPS) $(LINK) -o $@ ssl.lo $(LDADD) xml: xml.lo $(DEPS) $(LINK) -o $@ xml.lo $(LDADD) xmlreq: xmlreq.lo $(DEPS) $(LINK) -o $@ xmlreq.lo $(LDADD) lock: lock.lo $(DEPS) $(LINK) -o $@ lock.lo $(LDADD) largefile: largefile.lo $(DEPS) $(LINK) -o $@ largefile.lo $(LDADD) neon-0.32.2/test/README000066400000000000000000000023521416727304000144020ustar00rootroot00000000000000 Stupidly Simple Test Suite for neon ----------------------------------- The aim of the test suite is two-fold: 1. ensure compliance to the relevant RFCs in network behaviour. 2. ensure that the promises made by the public API are met by the current implementation. The file `STATUS' makes an attempt at listing RFC requirements and how the test suite tests whether neon meets them or not (it's not finished yet). The test suite is licensed under the GPL. Important Note About Test Failures ---------------------------------- Note that a test failure either means a bug in the test or a bug in the code itself. On platforms without pipe(), there is a race condition in the code which forks a server process: if you get random failures on a slow or loaded box, increase the sleep time in common/child.c:minisleep(). Extra Stuff ----------- server-tests requires that you have a running HTTP server on localhost port 80, and you have copied htdocs/* to server-htdocs-root/test/* Credits ------- This test suite is inspired by the Subversion project, discussion on the subversion mailing list, and seeing chromatic's talks on XP. The presentation is inspired by the standard Perl test suite. Imitation is the greatest form of flattery, right? neon-0.32.2/test/STATUS000066400000000000000000000044721416727304000144750ustar00rootroot00000000000000 -*- text -*- This document attempts to list RFC requirements and determine whether neon meets them, or where they do not apply, etc. Yes: test written, succeeds No: test written, but currently fails ???: no test written ---: feature not supported App: this is an application issue not a neon issue RFC2616 ======= 3.1: MUST treat major/minor as separate digits Yes 3.1: MUST ignore leading zeros Yes 3.1: MUST only send HTTP/1.1 when appropriate ??? 3.2.2: MUST use abs_path of "/" in Request-URI App 3.2.3: comparisons of host names MUST be case-insensitive Yes comparisons of scheme names MUST be ... Yes comparison of empty abs_path equivalent to "/" No/--- 3.3.1: MUST accept three date formats App/Yes [2] MUST only generate RFC1123-style dates App 3.3.1: MUST use GMT for http-dates ??? MUST assume GMT when parsing asctime dates ??? 3.4.1: MUST respect charset label provided Yes/App 3.5*: content codings App 3.6: MUST requirements for multiple transfer-codings --- [4] 3.6.1: parsing of chunked transfer coding Yes MUST be able to handle "chunked" transfer-coding Yes MUST ignore unknown chunk-extension extensions Yes 3.7: parsing of Content-Type headers Yes 3.7: MUST NOT have LWS between type/subtype in C-T hdr App SHOULD only send parameters to "new HTTP apps" (>1.0?) App 3.7.1: MUST represent HTTP message in canonical form App MUST accept CRLF/CR/LF as line-breaks in text/* media App MUST NOT use only CR or LF in HTTP control structures ??? MUST specify charset if not ISO-8859-1 App 3.7.2: multipart types --- 3.8: SHOULD have short product token Yes/App [5] SHOULD use product-version for version identifier Yes/App only product-version differs between versions Yes/App 3.9: Content Negotiation ---/App 3.10: Language Tags ---/App 3.11: Entity Tags ---/App [2]: date parser is provided which handles all three formats, but no handling of the Date header is present within neon. [3]: not sure if neon should be handling of this internally. [4]: neon only supports using just chunked Transfer-Coding or none. [5]: these reflect that applications may add their own product tokens alongside neon's. neon-0.32.2/test/acl3744.c000066400000000000000000000043111416727304000147440ustar00rootroot00000000000000/* Dummy ACL tests Copyright (C) 2001-2007, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "ne_acl3744.h" #include "tests.h" #include "child.h" #include "utils.h" /**** DUMMY TESTS: just makes sure the stuff doesn't dump core. */ static int test_acl(const char *uri, ne_acl_entry *es, int nume) { ne_session *sess; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK\r\n" "Connection: close\r\n\r\n")); ON(ne_acl3744_set(sess, uri, es, nume)); CALL(await_server()); ne_session_destroy(sess); return OK; } static int grant_all(void) { ne_acl_entry e = {0}; e.target = ne_acl_all; e.type = ne_acl_grant; e.privileges = NE_ACL_ALL; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_all(void) { ne_acl_entry e = {0}; e.target = ne_acl_all; e.type = ne_acl_deny; e.privileges = NE_ACL_ALL; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_one(void) { ne_acl_entry e = {0}; e.target = ne_acl_href; e.tname = "http://webdav.org/users/joe"; e.type = ne_acl_deny; e.privileges = NE_ACL_ALL; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_byprop(void) { ne_acl_entry e = {0}; e.target = ne_acl_property; e.type = ne_acl_deny; e.tname = "owner"; e.privileges = NE_ACL_ALL; CALL(test_acl("/foo", &e, 1)); return OK; } ne_test tests[] = { T(grant_all), T(deny_all), T(deny_one), T(deny_byprop), T(NULL) }; neon-0.32.2/test/auth.c000066400000000000000000001410701416727304000146300ustar00rootroot00000000000000/* Authentication tests Copyright (C) 2001-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_md5.h" #include "ne_string.h" #include "ne_request.h" #include "ne_auth.h" #include "ne_basic.h" #include "tests.h" #include "child.h" #include "utils.h" static const char username[] = "Aladdin", password[] = "open sesame"; static const char *alt_username, *alt_username_star; static int auth_failed; static int has_sha256 = 0, has_sha512_256 = 0; #define BASIC_WALLY "Basic realm=WallyWorld" #define CHAL_WALLY "WWW-Authenticate: " BASIC_WALLY #define EOL "\r\n" static int auth_cb(void *userdata, const char *realm, int tries, char *un, char *pw) { if (strcmp(realm, "WallyWorld")) { NE_DEBUG(NE_DBG_HTTP, "Got wrong realm '%s'!\n", realm); return -1; } strcpy(un, userdata ? userdata : username); strcpy(pw, password); return tries; } static int auth_provide_cb(void *userdata, int attempt, unsigned protocol, const char *realm, char *un, char *pw, size_t buflen) { if (strcmp(realm, "WallyWorld")) { NE_DEBUG(NE_DBG_HTTP, "Got wrong realm '%s'!\n", realm); return -1; } strcpy(un, alt_username); strcpy(pw, password); return attempt; } static void auth_hdr(char *value) { #define B "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" auth_failed = strcmp(value, B); NE_DEBUG(NE_DBG_HTTP, "Got auth header: [%s]\nWanted header: [%s]\n" "Result: %d\n", value, B, auth_failed); #undef B } /* Sends a response with given response-code. If hdr is not NULL, * sends that header string too (appending an EOL). If eoc is * non-zero, request must be last sent down a connection; otherwise, * clength 0 is sent to maintain a persistent connection. */ static int send_response(ne_socket *sock, const char *hdr, int code, int eoc) { char buffer[BUFSIZ]; sprintf(buffer, "HTTP/1.1 %d Blah Blah" EOL, code); if (hdr) { strcat(buffer, hdr); strcat(buffer, EOL); } if (eoc) { strcat(buffer, "Connection: close" EOL EOL); } else { strcat(buffer, "Content-Length: 0" EOL EOL); } return SEND_STRING(sock, buffer); } /* Server function which sends two responses: first requires auth, * second doesn't. */ static int auth_serve(ne_socket *sock, void *userdata) { char *hdr = userdata; auth_failed = 1; /* Register globals for discard_request. */ got_header = auth_hdr; want_header = "Authorization"; discard_request(sock); send_response(sock, hdr, 401, 0); discard_request(sock); send_response(sock, NULL, auth_failed?500:200, 1); return 0; } static int init(void) { char *p; p = ne_strhash(NE_HASH_SHA256, "", NULL); has_sha256 = p != NULL; if (p) ne_free(p); p = ne_strhash(NE_HASH_SHA512_256, "", NULL); has_sha512_256 = p != NULL; if (p) ne_free(p); return lookup_localhost(); } /* Test that various Basic auth challenges are correctly handled. */ static int basic(void) { const char *hdrs[] = { /* simplest case */ CHAL_WALLY, /* several challenges, one header */ "WWW-Authenticate: BarFooScheme, " BASIC_WALLY, /* several challenges, one header */ CHAL_WALLY ", BarFooScheme realm=\"PenguinWorld\"", /* whitespace tests. */ "WWW-Authenticate: Basic realm=WallyWorld ", /* nego test. */ "WWW-Authenticate: Negotiate fish, Basic realm=WallyWorld", /* nego test. */ "WWW-Authenticate: Negotiate fish, bar=boo, Basic realm=WallyWorld", /* nego test. */ "WWW-Authenticate: Negotiate, Basic realm=WallyWorld", /* multi-header case 1 */ "WWW-Authenticate: BarFooScheme\r\n" CHAL_WALLY, /* multi-header cases 1 */ CHAL_WALLY "\r\n" "WWW-Authenticate: BarFooScheme bar=\"foo\"", /* multi-header case 3 */ "WWW-Authenticate: FooBarChall foo=\"bar\"\r\n" CHAL_WALLY "\r\n" "WWW-Authenticate: BarFooScheme bar=\"foo\"", /* quoting test; fails to handle scheme properly with <= 0.28.2. */ "WWW-Authenticate: Basic realm=\"WallyWorld\" , BarFooScheme" }; size_t n; for (n = 0; n < sizeof(hdrs)/sizeof(hdrs[0]); n++) { ne_session *sess; CALL(make_session(&sess, auth_serve, (void *)hdrs[n])); ne_set_server_auth(sess, auth_cb, NULL); CALL(any_2xx_request(sess, "/norman")); ne_session_destroy(sess); CALL(await_server()); } return OK; } static int retry_serve(ne_socket *sock, void *ud) { discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, NULL, 200, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, NULL, 200, 0); discard_request(sock); send_response(sock, NULL, 200, 0); discard_request(sock); send_response(sock, NULL, 200, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, NULL, 200, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, CHAL_WALLY, 401, 0); discard_request(sock); send_response(sock, NULL, 200, 0); return OK; } static int retry_cb(void *userdata, const char *realm, int tries, char *un, char *pw) { int *count = userdata; /* dummy creds; server ignores them anyway. */ strcpy(un, "a"); strcpy(pw, "b"); switch (*count) { case 0: case 1: if (tries == *count) { *count += 1; return 0; } else { t_context("On request #%d, got attempt #%d", *count, tries); *count = -1; return 1; } break; case 2: case 3: /* server fails a subsequent request, check that tries has * reset to zero. */ if (tries == 0) { *count += 1; return 0; } else { t_context("On retry after failure #%d, tries was %d", *count, tries); *count = -1; return 1; } break; case 4: case 5: if (tries > 1) { t_context("Attempt counter reached #%d", tries); *count = -1; return 1; } return tries; default: t_context("Count reached %d!?", *count); *count = -1; } return 1; } /* Test that auth retries are working correctly. */ static int retries(void) { ne_session *sess; int count = 0; CALL(make_session(&sess, retry_serve, NULL)); ne_set_server_auth(sess, retry_cb, &count); /* This request will be 401'ed twice, then succeed. */ ONREQ(any_request(sess, "/foo")); /* auth_cb will have set up context. */ CALL(count != 2); /* this request will be 401'ed once, then succeed. */ ONREQ(any_request(sess, "/foo")); /* auth_cb will have set up context. */ CALL(count != 3); /* some 20x requests. */ ONREQ(any_request(sess, "/foo")); ONREQ(any_request(sess, "/foo")); /* this request will be 401'ed once, then succeed. */ ONREQ(any_request(sess, "/foo")); /* auth_cb will have set up context. */ CALL(count != 4); /* First request is 401'ed by the server at both attempts. */ ONV(any_request(sess, "/foo") != NE_AUTH, ("auth succeeded, should have failed: %s", ne_get_error(sess))); count++; /* Second request is 401'ed first time, then will succeed if * retried. 0.18.0 didn't reset the attempt counter though so * this didn't work. */ ONV(any_request(sess, "/foo") == NE_AUTH, ("auth failed on second try, should have succeeded: %s", ne_get_error(sess))); return destroy_and_wait(sess); } /* crashes with neon <0.22 */ static int forget_regress(void) { ne_session *sess = ne_session_create("http", "localhost", 1234); ne_forget_auth(sess); ne_session_destroy(sess); return OK; } static int fail_auth_cb(void *ud, const char *realm, int attempt, char *un, char *pw) { return 1; } /* this may trigger a segfault in neon 0.21.x and earlier. */ static int tunnel_regress(void) { ne_session *sess; CALL(proxied_session_server(&sess, "http", "localhost", 443, single_serve_string, "HTTP/1.1 401 Auth failed.\r\n" "WWW-Authenticate: Basic realm=asda\r\n" "Content-Length: 0\r\n\r\n")); ne_set_server_auth(sess, fail_auth_cb, NULL); any_request(sess, "/foo"); return destroy_and_wait(sess); } /* regression test for parsing a Negotiate challenge with on parameter * token. */ static int negotiate_regress(void) { ne_session *sess; CALL(session_server(&sess, single_serve_string, "HTTP/1.1 401 Auth failed.\r\n" "WWW-Authenticate: Negotiate\r\n" "Content-Length: 0\r\n\r\n")); ne_set_server_auth(sess, fail_auth_cb, NULL); any_request(sess, "/foo"); return destroy_and_wait(sess); } static char *digest_hdr = NULL; static void dup_header(char *header) { if (digest_hdr) ne_free(digest_hdr); digest_hdr = ne_strdup(header); } #define PARM_PROXY (0x0001) #define PARM_NEXTNONCE (0x0002) #define PARM_RFC2617 (0x0004) #define PARM_AINFO (0x0008) #define PARM_USERHASH (0x0010) /* userhash=true */ #define PARM_UHFALSE (0x0020) /* userhash=false */ #define PARM_ALTUSER (0x0040) #define PARM_LEGACY (0x0080) #define PARM_LEGACY_ONLY (0x0100) struct digest_parms { const char *realm, *nonce, *opaque, *domain; enum { ALG_MD5 = 0, ALG_MD5_SESS, ALG_SHA256, ALG_SHA256_SESS, ALG_SHA512_256, ALG_SHA512_256_SESS } alg; unsigned int flags; int num_requests; int stale; enum digest_failure { fail_not, fail_bogus_alg, fail_req0_stale, fail_req0_2069_stale, fail_omit_qop, fail_omit_realm, fail_omit_nonce, fail_ai_bad_nc, fail_ai_bad_nc_syntax, fail_ai_bad_digest, fail_ai_bad_cnonce, fail_ai_omit_cnonce, fail_ai_omit_digest, fail_ai_omit_nc, fail_outside_domain, fail_2069_weak } failure; }; struct digest_state { const char *realm, *nonce, *uri, *username, *username_star, *password, *algorithm, *qop, *method, *opaque; char userhash[64]; char *cnonce, *digest, *ncval; long nc; int count; int uhash_bool; }; static char *hash(struct digest_parms *p, ...) ne_attribute_sentinel; static char *hash(struct digest_parms *p, ...) { va_list ap; unsigned int flags; char *h; switch (p->alg) { case ALG_SHA512_256_SESS: case ALG_SHA512_256: flags = NE_HASH_SHA512_256; break; case ALG_SHA256_SESS: case ALG_SHA256: flags = NE_HASH_SHA256; break; default: flags = NE_HASH_MD5; break; } va_start(ap, p); h = ne_vstrhash(flags, ap); va_end(ap); if (h == NULL) abort(); return h; } /* Write the request-digest into 'digest' (or response-digest if * auth_info is non-zero) for given digest auth state and * parameters. */ static char *make_digest(struct digest_state *state, struct digest_parms *parms, int auth_info) { char *h_a1, *h_a2, *rv; h_a1 = hash(parms, state->username, ":", state->realm, ":", state->password, NULL); if (parms->alg == ALG_MD5_SESS || parms->alg == ALG_SHA256_SESS || parms->alg == ALG_SHA512_256_SESS) { char *sess_h_a1; sess_h_a1 = hash(parms, h_a1, ":", state->nonce, ":", state->cnonce, NULL); ne_free(h_a1); h_a1 = sess_h_a1; } h_a2 = hash(parms, !auth_info ? state->method : "", ":", state->uri, NULL); if (parms->flags & PARM_RFC2617) { rv = hash(parms, h_a1, ":", state->nonce, ":", state->ncval, ":", state->cnonce, ":", state->qop, ":", h_a2, NULL); } else { /* RFC2069-style */ rv = hash(parms, h_a1, ":", state->nonce, ":", h_a2, NULL); } ne_free(h_a2); ne_free(h_a1); return rv; } /* Verify that the response-digest matches expected state. */ static int check_digest(struct digest_state *state, struct digest_parms *parms) { char *digest; digest = make_digest(state, parms, 0); ONV(digest == NULL, ("failed to create digest for %s", state->algorithm)); ONV(strcmp(digest, state->digest), ("bad digest; expected %s got %s", state->digest, digest)); ne_free(digest); return OK; } #define DIGCMP(field) \ do { \ ONCMP(state->field, newstate.field, \ "Digest response header", #field); \ } while (0) #define NPARAM(field, param) \ do { \ if (ne_strcasecmp(name, param) == 0) { \ ONV(newstate.field != NULL, \ ("received multiple %s params: %s, %s", param, \ newstate.field, val)); \ newstate.field = val; \ } \ } while (0) #define PARAM(field) NPARAM(field, #field) /* Verify that Digest auth request header, 'header', meets expected * state and parameters. */ static int verify_digest_header(struct digest_state *state, struct digest_parms *parms, char *header) { char *ptr; struct digest_state newstate = {0}; ptr = ne_token(&header, ' '); ONCMP("Digest", ptr, "Digest response", "scheme name"); while (header) { char *name, *val; ptr = ne_qtoken(&header, ',', "\"\'"); ONN("quoting broken", ptr == NULL); name = ne_shave(ptr, " "); val = strchr(name, '='); ONV(val == NULL, ("bad name/value pair: %s", name)); *val++ = '\0'; val = ne_shave(val, "\"\' "); NE_DEBUG(NE_DBG_HTTP, "got field: [%s] = [%s]\n", name, val); PARAM(uri); PARAM(realm); PARAM(username); PARAM(nonce); PARAM(algorithm); PARAM(qop); PARAM(opaque); PARAM(cnonce); NPARAM(username_star, "username*"); if (ne_strcasecmp(name, "nc") == 0) { long nc = strtol(val, NULL, 16); ONV(nc != state->nc, ("got bad nonce count: %ld (%s) not %ld", nc, val, state->nc)); state->ncval = ne_strdup(val); } else if (ne_strcasecmp(name, "response") == 0) { state->digest = ne_strdup(val); } else if (ne_strcasecmp(name, "userhash") == 0 ) { newstate.uhash_bool = strcmp(val, "true") == 0; } } ONN("cnonce param missing or short for 2617-style auth", (parms->flags & PARM_RFC2617) && (newstate.cnonce == NULL || strlen(newstate.cnonce) < 32)); if (alt_username_star) { ONN("unexpected userhash=true sent", newstate.uhash_bool); ONN("username* missing", newstate.username_star == NULL); ONCMP(alt_username_star, newstate.username_star, "Digest field", "username*"); } else if (parms->flags & PARM_USERHASH) { ONN("userhash missing", !newstate.uhash_bool); ONCMP(state->userhash, newstate.username, "Digest username (userhash) field", "userhash"); } else { ONN("unexpected userhash=true sent", newstate.uhash_bool); DIGCMP(username); } DIGCMP(realm); if (!parms->domain) DIGCMP(uri); DIGCMP(nonce); DIGCMP(opaque); DIGCMP(algorithm); if (parms->flags & PARM_RFC2617) { DIGCMP(qop); } if (newstate.cnonce) { state->cnonce = ne_strdup(newstate.cnonce); } if (parms->domain) { state->uri = ne_strdup(newstate.uri); } ONN("no digest param given", !state->digest); CALL(check_digest(state, parms)); state->nc++; return OK; } static char *make_authinfo_header(struct digest_state *state, struct digest_parms *parms) { ne_buffer *buf = ne_buffer_create(); char *digest, *ncval, *cnonce; if (parms->failure == fail_ai_bad_digest) { digest = ne_strdup("fish"); } else { digest = make_digest(state, parms, 1); } if (parms->failure == fail_ai_bad_nc_syntax) { ncval = "zztop"; } else if (parms->failure == fail_ai_bad_nc) { ncval = "999"; } else { ncval = state->ncval; } if (parms->failure == fail_ai_bad_cnonce) { cnonce = "another-fish"; } else { cnonce = state->cnonce; } if ((parms->flags & PARM_PROXY)) { ne_buffer_czappend(buf, "Proxy-"); } ne_buffer_czappend(buf, "Authentication-Info: "); if ((parms->flags & PARM_RFC2617) == 0) { ne_buffer_concat(buf, "rspauth=\"", digest, "\"", NULL); } else { if (parms->failure != fail_ai_omit_nc) { ne_buffer_concat(buf, "nc=", ncval, ", ", NULL); } if (parms->failure != fail_ai_omit_cnonce) { ne_buffer_concat(buf, "cnonce=\"", cnonce, "\", ", NULL); } if (parms->failure != fail_ai_omit_digest) { ne_buffer_concat(buf, "rspauth=\"", digest, "\", ", NULL); } if (parms->flags & PARM_NEXTNONCE) { state->nonce = ne_concat("next-", state->nonce, NULL); ne_buffer_concat(buf, "nextnonce=\"", state->nonce, "\", ", NULL); state->nc = 1; } ne_buffer_czappend(buf, "qop=\"auth\""); } ne_free(digest); return ne_buffer_finish(buf); } static char *make_digest_header(struct digest_state *state, struct digest_parms *parms) { ne_buffer *buf = ne_buffer_create(); const char *algorithm; algorithm = parms->failure == fail_bogus_alg ? "fish" : state->algorithm; ne_buffer_concat(buf, (parms->flags & PARM_PROXY) ? "Proxy-Authenticate" : "WWW-Authenticate", ": Digest " "realm=\"", parms->realm, "\", ", NULL); if (parms->flags & PARM_RFC2617) { ne_buffer_concat(buf, "algorithm=\"", algorithm, "\", ", "qop=\"", state->qop, "\", ", NULL); } if (parms->opaque) { ne_buffer_concat(buf, "opaque=\"", parms->opaque, "\", ", NULL); } if (parms->domain) { ne_buffer_concat(buf, "domain=\"", parms->domain, "\", ", NULL); } if (parms->flags & PARM_USERHASH) { ne_buffer_czappend(buf, "userhash=true, "); } else if (parms->flags & PARM_UHFALSE) { ne_buffer_czappend(buf, "userhash=false, "); } if (parms->failure == fail_req0_stale || parms->failure == fail_req0_2069_stale || parms->stale == parms->num_requests) { ne_buffer_concat(buf, "stale='true', ", NULL); } ne_buffer_concat(buf, "nonce=\"", state->nonce, "\"", NULL); return ne_buffer_finish(buf); } /* Server process for Digest auth handling. */ static int serve_digest(ne_socket *sock, void *userdata) { struct digest_parms *parms = userdata; struct digest_state state; char resp[NE_BUFSIZ], *rspdigest; if ((parms->flags & PARM_PROXY)) state.uri = "http://www.example.com/fish"; else if (parms->domain) state.uri = "/fish/0"; else state.uri = "/fish"; state.method = "GET"; state.realm = parms->realm; state.nonce = parms->nonce; state.opaque = parms->opaque; if (parms->flags & PARM_ALTUSER) state.username = alt_username; else state.username = username; state.password = password; state.nc = 1; switch (parms->alg) { case ALG_SHA512_256: state.algorithm = "SHA-512-256"; break; case ALG_SHA512_256_SESS: state.algorithm = "SHA-512-256-sess"; break; case ALG_SHA256: state.algorithm = "SHA-256"; break; case ALG_SHA256_SESS: state.algorithm = "SHA-256-sess"; break; case ALG_MD5_SESS: state.algorithm = "MD5-sess"; break; default: case ALG_MD5: state.algorithm = "MD5"; break; } state.qop = "auth"; if (parms->flags & PARM_USERHASH) { char *uh = hash(parms, username, ":", parms->realm, NULL); ONN("userhash too long", strlen(uh) >= sizeof state.userhash); ne_strnzcpy(state.userhash, uh, sizeof state.userhash); ne_free(uh); } state.cnonce = state.digest = state.ncval = NULL; parms->num_requests += parms->stale ? 1 : 0; NE_DEBUG(NE_DBG_HTTP, ">>>> Response sequence begins, %d requests.\n", parms->num_requests); want_header = (parms->flags & PARM_PROXY) ? "Proxy-Authorization" : "Authorization"; digest_hdr = NULL; got_header = dup_header; CALL(discard_request(sock)); ONV(digest_hdr != NULL, ("got unwarranted WWW-Auth header: %s", digest_hdr)); rspdigest = make_digest_header(&state, parms); ne_snprintf(resp, sizeof resp, "HTTP/1.1 %d Auth Denied\r\n" "%s\r\n" "Content-Length: 0\r\n" "\r\n", (parms->flags & PARM_PROXY) ? 407 : 401, rspdigest); ne_free(rspdigest); SEND_STRING(sock, resp); /* Give up now if we've sent a challenge which should force the * client to fail immediately: */ if (parms->failure == fail_bogus_alg || parms->failure == fail_req0_stale || parms->failure == fail_req0_2069_stale) { return OK; } do { digest_hdr = NULL; CALL(discard_request(sock)); if (digest_hdr && parms->domain && (parms->num_requests & 1) != 0) { SEND_STRING(sock, "HTTP/1.1 400 Used Auth Outside Domain\r\n\r\n"); return OK; } else if (digest_hdr == NULL && parms->domain && (parms->num_requests & 1) != 0) { /* Do nothing. */ NE_DEBUG(NE_DBG_HTTP, "No Authorization header sent, good.\n"); } else { ONN("no Authorization header sent", digest_hdr == NULL); ONERR(sock, verify_digest_header(&state, parms, digest_hdr)); } if (parms->num_requests == parms->stale) { char *dig; state.nonce = ne_concat("stale-", state.nonce, NULL); state.nc = 1; dig = make_digest_header(&state, parms); ne_snprintf(resp, sizeof resp, "HTTP/1.1 %d Auth Denied\r\n" "%s\r\n" "Content-Length: 0\r\n" "\r\n", (parms->flags & PARM_PROXY) ? 407 : 401, dig); ne_free(dig); } else if (parms->flags & PARM_AINFO) { char *ai = make_authinfo_header(&state, parms); ne_snprintf(resp, sizeof resp, "HTTP/1.1 200 Well, if you insist\r\n" "Content-Length: 0\r\n" "%s\r\n" "\r\n", ai); ne_free(ai); } else { ne_snprintf(resp, sizeof resp, "HTTP/1.1 200 You did good\r\n" "Content-Length: 0\r\n" "\r\n"); } SEND_STRING(sock, resp); NE_DEBUG(NE_DBG_HTTP, "Handled request; %d requests remain.\n", parms->num_requests - 1); } while (--parms->num_requests); return OK; } static int test_digest(struct digest_parms *parms) { ne_session *sess; unsigned proto = NE_AUTH_DIGEST; if ((parms->flags & PARM_LEGACY)) proto |= NE_AUTH_LEGACY_DIGEST; else if ((parms->flags & PARM_LEGACY_ONLY)) proto = NE_AUTH_LEGACY_DIGEST; NE_DEBUG(NE_DBG_HTTP, ">>>> Request sequence begins " "(reqs=%d, nonce=%s, rfc=%s, stale=%d, proxy=%d).\n", parms->num_requests, parms->nonce, (parms->flags & PARM_RFC2617) ? "2617" : "2069", parms->stale, !!(parms->flags & PARM_PROXY)); if ((parms->flags & PARM_PROXY)) { CALL(proxied_session_server(&sess, "http", "www.example.com", 80, serve_digest, parms)); ne_set_proxy_auth(sess, auth_cb, NULL); } else { CALL(session_server(&sess, serve_digest, parms)); if ((parms->flags & PARM_ALTUSER)) ne_add_auth(sess, proto, auth_provide_cb, NULL); else ne_add_server_auth(sess, proto, auth_cb, NULL); } do { CALL(any_2xx_request(sess, "/fish")); } while (--parms->num_requests); return destroy_and_wait(sess); } /* Test for RFC2617-style Digest auth. */ static int digest(void) { struct digest_parms parms[] = { /* RFC 2617-style */ { "WallyWorld", "this-is-a-nonce", NULL, NULL, ALG_MD5, PARM_RFC2617, 1, 0, fail_not }, { "WallyWorld", "this-is-also-a-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617, 1, 0, fail_not }, /* ... with A-I */ { "WallyWorld", "nonce-nonce-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617 | PARM_AINFO, 1, 0, fail_not }, /* ... with md5-sess. */ { "WallyWorld", "nonce-nonce-nonce", "opaque-string", NULL, ALG_MD5_SESS, PARM_RFC2617 | PARM_AINFO, 1, 0, fail_not }, /* many requests, with changing nonces; tests for next-nonce handling bug. */ { "WallyWorld", "this-is-a-nonce", "opaque-thingy", NULL, ALG_MD5, PARM_RFC2617 | PARM_AINFO | PARM_NEXTNONCE, 20, 0, fail_not }, /* staleness. */ { "WallyWorld", "this-is-a-nonce", "opaque-thingy", NULL, ALG_MD5, PARM_RFC2617 | PARM_AINFO, 3, 2, fail_not }, /* 2069 + stale */ { "WallyWorld", "this-is-a-nonce", NULL, NULL, ALG_MD5, PARM_LEGACY|PARM_AINFO, 3, 2, fail_not }, /* RFC 7616-style */ { "WallyWorld", "new-day-new-nonce", "new-opaque", NULL, ALG_MD5, PARM_RFC2617 | PARM_USERHASH, 1, 0, fail_not }, /* ... userhash=false */ { "WallyWorld", "just-another-nonce", "new-opaque", NULL, ALG_MD5, PARM_RFC2617 | PARM_UHFALSE, 1, 0, fail_not }, /* RFC 2069-style */ { "WallyWorld", "lah-di-da-di-dah", NULL, NULL, ALG_MD5, PARM_LEGACY, 1, 0, fail_not }, { "WallyWorld", "lah-lah-lah-lah", NULL, NULL, ALG_MD5, PARM_LEGACY_ONLY, 1, 0, fail_not }, { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_LEGACY, 1, 0, fail_not }, { "WallyWorld", "fee-fi-fo-fum", "opaque-string", NULL, ALG_MD5, PARM_AINFO|PARM_LEGACY, 1, 0, fail_not }, /* Proxy auth */ { "WallyWorld", "this-is-also-a-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617|PARM_PROXY, 1, 0, fail_not }, /* Proxy + nextnonce */ { "WallyWorld", "this-is-also-a-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617|PARM_AINFO|PARM_PROXY, 1, 0, fail_not }, { NULL } }; size_t n; for (n = 0; parms[n].realm; n++) { CALL(test_digest(&parms[n])); } return OK; } static int digest_sha256(void) { struct digest_parms parms[] = { { "WallyWorld", "nonce-sha-nonce", "opaque-string", NULL, ALG_SHA256, PARM_RFC2617, 1, 0, fail_not }, { "WallyWorld", "nonce-sha-nonce", "opaque-string", NULL, ALG_SHA256, PARM_RFC2617|PARM_AINFO, 1, 0, fail_not }, { "WallyWorld", "nonce-sha-session", "opaque-string", NULL, ALG_SHA256_SESS, PARM_RFC2617|PARM_AINFO, 1, 0, fail_not }, { "WallyWorld", "nonce-sha-nonce", "opaque-string", NULL, ALG_SHA256, PARM_RFC2617|PARM_AINFO, 8, 0, fail_not }, { NULL }, }; size_t n; if (!has_sha256) { t_context("SHA-256 not supported"); return SKIP; } for (n = 0; parms[n].realm; n++) { CALL(test_digest(&parms[n])); } return OK; } static int digest_sha512_256(void) { struct digest_parms parms[] = { { "WallyWorld", "nonce-sha5-nonce", "opaque-string", NULL, ALG_SHA512_256, PARM_RFC2617, 1, 0, fail_not }, { "WallyWorld", "nonce-sha5-nonce", "opaque-string", NULL, ALG_SHA512_256, PARM_RFC2617|PARM_AINFO, 1, 0, fail_not }, { "WallyWorld", "nonce-sha5-session", "opaque-string", NULL, ALG_SHA512_256_SESS, PARM_RFC2617|PARM_AINFO, 1, 0, fail_not }, { "WallyWorld", "nonce-sha-nonce", "opaque-string", NULL, ALG_SHA512_256_SESS, PARM_RFC2617|PARM_AINFO, 20, 0, fail_not }, { NULL }, }; size_t n; if (!has_sha512_256) { t_context("SHA-512/256 not supported"); return SKIP; } for (n = 0; parms[n].realm; n++) { CALL(test_digest(&parms[n])); } return OK; } static int digest_username_star(void) { static const struct { const char *username_raw, *username_star; } ts[] = { { "Aladdin", NULL }, { "Ałâddín", "UTF-8''A%c5%82%c3%a2dd%c3%adn" }, { "Jäsøn Doe", "UTF-8''J%c3%a4s%c3%b8n%20Doe" }, { "foo bar", "UTF-8''foo%20bar"}, { "foo\"bar", "UTF-8''foo%22bar" }, { NULL, NULL } }; unsigned n; int ret = OK; for (n = 0; ret == OK && ts[n].username_raw; n++) { struct digest_parms parms = { "WallyWorld", "nonce-sha5-nonce", "opaque-string", NULL, ALG_MD5, PARM_RFC2617|PARM_UHFALSE|PARM_ALTUSER, 1, 0, fail_not }; alt_username = ts[n].username_raw; alt_username_star = ts[n].username_star; ret = test_digest(&parms); } alt_username = NULL; alt_username_star = NULL; return ret; } static int digest_failures(void) { struct digest_parms parms; static const struct { enum digest_failure mode; const char *message; } fails[] = { { fail_ai_bad_nc, "nonce count mismatch" }, { fail_ai_bad_nc_syntax, "could not parse nonce count" }, { fail_ai_bad_digest, "digest mismatch" }, { fail_ai_bad_cnonce, "client nonce mismatch" }, { fail_ai_omit_nc, "missing parameters" }, { fail_ai_omit_digest, "missing parameters" }, { fail_ai_omit_cnonce, "missing parameters" }, { fail_bogus_alg, "unknown algorithm" }, { fail_req0_stale, "initial Digest challenge was stale" }, { fail_req0_2069_stale, "initial Digest challenge was stale" }, { fail_2069_weak, "legacy Digest challenge not supported" }, { fail_not, NULL } }; unsigned n; memset(&parms, 0, sizeof parms); parms.realm = "WallyWorld"; parms.nonce = "random-invented-string"; parms.opaque = NULL; parms.flags = PARM_AINFO; parms.num_requests = 1; for (n = 0; fails[n].message; n++) { ne_session *sess; int ret; parms.failure = fails[n].mode; if (parms.failure == fail_req0_2069_stale || parms.failure == fail_2069_weak) parms.flags &= ~PARM_RFC2617; else parms.flags |= PARM_RFC2617; NE_DEBUG(NE_DBG_HTTP, ">>> New Digest failure test, " "expecting failure '%s'\n", fails[n].message); CALL(session_server(&sess, serve_digest, &parms)); ne_set_server_auth(sess, auth_cb, NULL); ret = any_2xx_request(sess, "/fish"); ONV(ret == NE_OK, ("request success (iter %u); expecting error '%s'", n, fails[n].message)); ONV(strstr(ne_get_error(sess), fails[n].message) == NULL, ("request fails with error '%s'; expecting '%s'", ne_get_error(sess), fails[n].message)); ne_session_destroy(sess); if (fails[n].mode == fail_bogus_alg || fails[n].mode == fail_req0_stale || fails[n].mode == fail_2069_weak) { reap_server(); } else { CALL(await_server()); } } return OK; } static int fail_cb(void *userdata, const char *realm, int tries, char *un, char *pw) { ne_buffer *buf = userdata; char str[64]; if (strcmp(realm, "colonic") == 0 && ne_buffer_size(buf) == 0) { ne_strnzcpy(un, "user:name", NE_ABUFSIZ); ne_strnzcpy(pw, "passwerd", NE_ABUFSIZ); return 0; } ne_snprintf(str, sizeof str, "<%s, %d>", realm, tries); ne_buffer_zappend(buf, str); return -1; } static int fail_challenge(void) { static const struct { const char *resp, *error, *challs; } ts[] = { /* only possible Basic parse failure. */ { "Basic", "missing realm in Basic challenge" }, { "Basic realm=\"colonic\"", "username containing colon" }, /* Digest parameter invalid/omitted failure cases: */ { "Digest algorithm=MD5, qop=auth, nonce=\"foo\"", "missing parameter in Digest challenge" }, { "Digest algorithm=MD5, qop=auth, realm=\"foo\"", "missing parameter in Digest challenge" }, { "Digest algorithm=ZEBEDEE-GOES-BOING, qop=auth, realm=\"foo\"", "unknown algorithm in Digest challenge" }, { "Digest algorithm=MD5-sess, realm=\"foo\"", "incompatible algorithm in Digest challenge" }, { "Digest algorithm=MD5, qop=auth, nonce=\"foo\", realm=\"foo\", " "domain=\"http://[::1/\"", "could not parse domain" }, /* Multiple challenge failure cases: */ { "Basic, Digest", "missing parameter in Digest challenge, missing realm in Basic challenge" }, { "Digest realm=\"foo\", algorithm=MD5, qop=auth, nonce=\"foo\"," " Basic realm=\"foo\"", "rejected Digest challenge, rejected Basic challenge" }, { "WhizzBangAuth realm=\"foo\", " "Basic realm='foo'", "ignored WhizzBangAuth challenge, rejected Basic challenge" }, { "", "could not parse challenge" }, /* neon 0.26.x regression in "attempt" handling. */ { "Basic realm=\"foo\", " "Digest realm=\"bar\", algorithm=MD5, qop=auth, nonce=\"foo\"", "rejected Digest challenge, rejected Basic challenge" , "" /* Digest challenge first, Basic second. */ } }; unsigned n; for (n = 0; n < sizeof(ts)/sizeof(ts[0]); n++) { char resp[512]; ne_session *sess; int ret; ne_buffer *buf = ne_buffer_create(); ne_snprintf(resp, sizeof resp, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: %s\r\n" "Content-Length: 0\r\n" "\r\n", ts[n].resp); CALL(multi_session_server(&sess, "http", "localhost", 2, single_serve_string, resp)); ne_set_server_auth(sess, fail_cb, buf); ret = any_2xx_request(sess, "/fish"); ONV(ret == NE_OK, ("request success (iter %u); expecting error '%s'", n, ts[n].error)); ONV(strstr(ne_get_error(sess), ts[n].error) == NULL, ("request fails with error '%s'; expecting '%s'", ne_get_error(sess), ts[n].error)); if (ts[n].challs) { ONCMP(ts[n].challs, buf->data, "challenge callback", "invocation order"); } ne_session_destroy(sess); ne_buffer_destroy(buf); reap_server(); } return OK; } struct multi_context { int id; ne_buffer *buf; }; static int multi_cb(void *userdata, const char *realm, int tries, char *un, char *pw) { struct multi_context *ctx = userdata; ne_buffer_snprintf(ctx->buf, 128, "[id=%d, realm=%s, tries=%d]", ctx->id, realm, tries); return -1; } static int multi_handler(void) { ne_session *sess; struct multi_context c[2]; unsigned n; ne_buffer *buf = ne_buffer_create(); CALL(make_session(&sess, single_serve_string, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: Basic realm='fish'," " Digest realm='food', algorithm=MD5, qop=auth, nonce=gaga\r\n" "Content-Length: 0\r\n" "\r\n")); for (n = 0; n < 2; n++) { c[n].buf = buf; c[n].id = n + 1; } ne_add_server_auth(sess, NE_AUTH_BASIC, multi_cb, &c[0]); ne_add_server_auth(sess, NE_AUTH_DIGEST, multi_cb, &c[1]); any_request(sess, "/fish"); ONCMP("[id=2, realm=food, tries=0]" "[id=1, realm=fish, tries=0]", buf->data, "multiple callback", "invocation order"); ne_buffer_destroy(buf); return destroy_and_wait(sess); } static int multi_rfc7616(void) { ne_session *sess; struct multi_context c[2]; unsigned n; ne_buffer *buf, *exp; buf = ne_buffer_create(); CALL(make_session(&sess, single_serve_string, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: " "Digest realm='sha512-realm', algorithm=SHA-512-256, qop=auth, nonce=gaga, " "Basic realm='basic-realm', " "Digest realm='md5-realm', algorithm=MD5, qop=auth, nonce=gaga, " "Digest realm='sha256-realm', algorithm=SHA-256, qop=auth, nonce=gaga\r\n" "Content-Length: 0\r\n" "\r\n")); for (n = 0; n < 2; n++) { c[n].buf = buf; c[n].id = n + 1; } ne_add_server_auth(sess, NE_AUTH_BASIC, multi_cb, &c[0]); ne_add_server_auth(sess, NE_AUTH_DIGEST, multi_cb, &c[1]); any_request(sess, "/fish"); exp = ne_buffer_create(); n = 0; if (has_sha512_256) ne_buffer_snprintf(exp, 100, "[id=2, realm=sha512-realm, tries=%u]", n++); if (has_sha256) ne_buffer_snprintf(exp, 100, "[id=2, realm=sha256-realm, tries=%u]", n++); ne_buffer_snprintf(exp, 100, "[id=2, realm=md5-realm, tries=%u]" "[id=1, realm=basic-realm, tries=0]", n); ONV(strcmp(exp->data, buf->data), ("unexpected callback ordering.\n" "expected: %s\n" "actual: %s\n", exp->data, buf->data)); ne_buffer_destroy(buf); ne_buffer_destroy(exp); return destroy_and_wait(sess); } static int multi_provider_cb(void *userdata, int attempt, unsigned protocol, const char *realm, char *un, char *pw, size_t buflen) { ne_buffer *buf = userdata; const char *ctx; if (buflen == NE_ABUFSIZ) { NE_DEBUG(NE_DBG_HTTPAUTH, "auth: FAILED for short buffer length.\n"); return -1; } if ((protocol & NE_AUTH_PROXY) == NE_AUTH_PROXY) { ctx = "proxy"; protocol ^= NE_AUTH_PROXY; } else { ctx = "server"; } ne_buffer_snprintf(buf, 128, "[%s: proto=%u, realm=%s, attempt=%d]", ctx, protocol, realm, attempt); ne_strnzcpy(un, "foo", buflen); ne_strnzcpy(pw, "bar", buflen); return protocol == NE_AUTH_BASIC ? 0 : -1; } static int serve_provider(ne_socket *s, void *userdata) { CALL(serve_response(s, "HTTP/1.1 407 Proxy Auth Plz\r\n" "Proxy-Authenticate: Basic realm='proxy-realm'\r\n" "Content-Length: 0\r\n" "\r\n")); CALL(serve_response(s, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: " " Digest realm='sha512-realm', algorithm=SHA-512-256, qop=auth, nonce=gaga, " " Basic realm='basic-realm', " " Digest realm='md5-realm', algorithm=MD5, qop=auth, nonce=gaga, " " Digest realm='sha256-realm', algorithm=SHA-256, qop=auth, nonce=gaga\r\n" "Content-Length: 0\r\n" "\r\n")); CALL(serve_response(s, "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: " " Digest realm='sha512-realm', algorithm=SHA-512-256, qop=auth, nonce=gaga, " " Basic realm='basic-realm'\r\n" "Content-Length: 0\r\n" "\r\n")); return serve_response(s, "HTTP/1.1 200 OK\r\n" "Content-Length: 0\r\n" "\r\n"); } static int multi_provider(void) { ne_session *sess; ne_buffer *buf = ne_buffer_create(), *exp; CALL(make_session(&sess, serve_provider, NULL)); ne_add_auth(sess, NE_AUTH_DIGEST|NE_AUTH_BASIC, multi_provider_cb, buf); ONREQ(any_request(sess, "/fish")); exp = ne_buffer_create(); ne_buffer_snprintf(exp, 100, "[proxy: proto=%u, realm=proxy-realm, attempt=0]", NE_AUTH_BASIC); if (has_sha512_256) ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha512-realm, attempt=0]", NE_AUTH_DIGEST); if (has_sha256) ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha256-realm, attempt=0]", NE_AUTH_DIGEST); ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=md5-realm, attempt=0]" "[server: proto=%u, realm=basic-realm, attempt=0]", NE_AUTH_DIGEST, NE_AUTH_BASIC); if (has_sha512_256) ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=sha512-realm, attempt=1]", NE_AUTH_DIGEST); ne_buffer_snprintf(exp, 100, "[server: proto=%u, realm=basic-realm, attempt=1]", NE_AUTH_BASIC); ONV(strcmp(exp->data, buf->data), ("unexpected callback ordering.\n" "expected: %s\n" "actual: %s\n", exp->data, buf->data)); ne_buffer_destroy(buf); ne_buffer_destroy(exp); return destroy_and_wait(sess); } static int domains(void) { ne_session *sess; struct digest_parms parms; memset(&parms, 0, sizeof parms); parms.realm = "WallyWorld"; parms.flags = PARM_RFC2617; parms.nonce = "agoog"; parms.domain = "http://localhost:4242/fish/ https://example.com /agaor /other"; parms.num_requests = 6; CALL(proxied_session_server(&sess, "http", "localhost", 4242, serve_digest, &parms)); ne_set_server_auth(sess, auth_cb, NULL); CALL(any_2xx_request(sess, "/fish/0")); CALL(any_2xx_request(sess, "/outside")); CALL(any_2xx_request(sess, "/others")); CALL(any_2xx_request(sess, "/fish")); CALL(any_2xx_request(sess, "/fish/2")); CALL(any_2xx_request(sess, "*")); return destroy_and_wait(sess); } /* This segfaulted with 0.28.0 through 0.28.2 inclusive. */ static int CVE_2008_3746(void) { ne_session *sess; struct digest_parms parms; memset(&parms, 0, sizeof parms); parms.realm = "WallyWorld"; parms.flags = PARM_RFC2617; parms.nonce = "agoog"; parms.domain = "foo"; parms.num_requests = 1; CALL(proxied_session_server(&sess, "http", "www.example.com", 80, serve_digest, &parms)); ne_set_server_auth(sess, auth_cb, NULL); any_2xx_request(sess, "/fish/0"); return destroy_and_wait(sess); } static int defaults(void) { ne_session *sess; CALL(make_session(&sess, auth_serve, CHAL_WALLY)); ne_add_server_auth(sess, NE_AUTH_DEFAULT, auth_cb, NULL); CALL(any_2xx_request(sess, "/norman")); ne_session_destroy(sess); CALL(await_server()); CALL(make_session(&sess, auth_serve, CHAL_WALLY)); ne_add_server_auth(sess, NE_AUTH_ALL, auth_cb, NULL); CALL(any_2xx_request(sess, "/norman")); return destroy_and_wait(sess); } static void fail_hdr(char *value) { auth_failed = 1; } static int serve_forgotten(ne_socket *sock, void *userdata) { auth_failed = 0; got_header = fail_hdr; want_header = "Authorization"; CALL(discard_request(sock)); if (auth_failed) { /* Should not get initial Auth header. Eek. */ send_response(sock, NULL, 403, 1); return 0; } send_response(sock, CHAL_WALLY, 401, 0); got_header = auth_hdr; CALL(discard_request(sock)); if (auth_failed) { send_response(sock, NULL, 403, 1); return 0; } send_response(sock, NULL, 200, 0); ne_sock_read_timeout(sock, 5); /* Last time; should get no Auth header. */ got_header = fail_hdr; CALL(discard_request(sock)); send_response(sock, NULL, auth_failed ? 500 : 200, 1); return 0; } static int forget(void) { ne_session *sess; CALL(make_session(&sess, serve_forgotten, NULL)); ne_set_server_auth(sess, auth_cb, NULL); CALL(any_2xx_request(sess, "/norman")); ne_forget_auth(sess); CALL(any_2xx_request(sess, "/norman")); ne_session_destroy(sess); return await_server(); } static int serve_basic_scope_checker(ne_socket *sock, void *userdata) { /* --- GET /fish/0.txt -- first request */ digest_hdr = NULL; got_header = dup_header; want_header = "Authorization"; CALL(discard_request(sock)); if (digest_hdr) { t_context("Got WWW-Auth header on initial request"); return error_response(sock, FAIL); } send_response(sock, CHAL_WALLY, 401, 0); /* Retry of GET /fish/0 - expect Basic creds */ auth_failed = 1; got_header = auth_hdr; CALL(discard_request(sock)); if (auth_failed) { t_context("bad Basic Auth on first request"); return error_response(sock, FAIL); } send_response(sock, CHAL_WALLY, 200, 0); /* --- GET /not/inside -- second request */ got_header = dup_header; CALL(discard_request(sock)); if (digest_hdr) { t_context("Basic auth sent outside of credentials scope"); return error_response(sock, FAIL); } send_response(sock, CHAL_WALLY, 200, 0); /* --- GET /fish/1 -- third request */ got_header = auth_hdr; CALL(discard_request(sock)); send_response(sock, NULL, auth_failed?500:200, 1); return 0; } /* Check that Basic auth follows the RFC7617 rules around scope. */ static int basic_scope(void) { ne_session *sess; CALL(make_session(&sess, serve_basic_scope_checker, NULL)); ne_set_server_auth(sess, auth_cb, NULL); CALL(any_2xx_request(sess, "/fish/0.txt")); /* must use auth */ CALL(any_2xx_request(sess, "/not/inside")); /* must NOT use auth credentials */ CALL(any_2xx_request(sess, "/fish/1")); /* must use auth credentials */ return destroy_and_wait(sess); } /* Test for scope of "*" */ static int serve_star_scope_checker(ne_socket *sock, void *userdata) { /* --- OPTIONS * -- first request */ digest_hdr = NULL; got_header = dup_header; want_header = "Authorization"; CALL(discard_request(sock)); if (digest_hdr) { t_context("Got WWW-Auth header on initial request"); return error_response(sock, FAIL); } send_response(sock, CHAL_WALLY, 401, 0); /* Retry of OPTIONS * - expect Basic creds */ auth_failed = 1; got_header = auth_hdr; CALL(discard_request(sock)); if (auth_failed) { t_context("No Basic Auth in OPTIONS request"); return error_response(sock, FAIL); } send_response(sock, CHAL_WALLY, 200, 0); return 0; } /* Test for the scope of "*". */ static int star_scope(void) { ne_session *sess; CALL(make_session(&sess, serve_star_scope_checker, NULL)); ne_set_server_auth(sess, auth_cb, NULL); CALL(any_2xx_request_method(sess, "OPTIONS", "*")); /* must use auth */ return destroy_and_wait(sess); } /* proxy auth, proxy AND origin */ ne_test tests[] = { T(init), T(basic), T(retries), T(forget_regress), T(tunnel_regress), T(negotiate_regress), T(digest), T(digest_sha256), T(digest_sha512_256), T(digest_failures), T(digest_username_star), T(fail_challenge), T(multi_handler), T(multi_rfc7616), T(multi_provider), T(domains), T(defaults), T(CVE_2008_3746), T(forget), T(basic_scope), T(star_scope), T(NULL) }; neon-0.32.2/test/basic.c000066400000000000000000000214551416727304000147540ustar00rootroot00000000000000/* Tests for high-level HTTP interface (ne_basic.h) Copyright (C) 2002-2008, 2012, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include #include "ne_basic.h" #include "tests.h" #include "child.h" #include "utils.h" static int content_type(void) { int n; static const struct { const char *value, *type, *subtype, *charset; } ctypes[] = { { "foo/bar", "foo", "bar", NULL }, { "foo/bar ", "foo", "bar", NULL }, { "application/xml", "application", "xml", NULL }, /* text/ subtypes default to charset ISO-8859-1, per 2616. */ { "text/lemon", "text", "lemon", "ISO-8859-1" }, /* text/xml defaults to charset us-ascii, per 3280 */ { "text/xml", "text", "xml", "us-ascii" }, #undef TXU #define TXU "text", "xml", "utf-8" /* 2616 doesn't *say* that charset can be quoted, but bets are * that some servers do it anyway. */ { "text/xml; charset=utf-8", TXU }, { "text/xml; charset=utf-8; foo=bar", TXU }, { "text/xml;charset=utf-8", TXU }, { "text/xml ;charset=utf-8", TXU }, { "text/xml;charset=utf-8;foo=bar", TXU }, { "text/xml; foo=bar; charset=utf-8", TXU }, { "text/xml; foo=bar; charset=utf-8; bar=foo", TXU }, { "text/xml; charset=\"utf-8\"", TXU }, { "text/xml; charset='utf-8'", TXU }, { "text/xml; foo=bar; charset=\"utf-8\"; bar=foo", TXU }, #undef TXU /* badly quoted charset should come out as NULL */ { "foo/lemon; charset=\"utf-8", "foo", "lemon", NULL }, { NULL } }; for (n = 0; ctypes[n].value != NULL; n++) { ne_content_type ct; ne_session *sess; ne_request *req; char resp[200]; int rv; ct.type = ct.subtype = ct.charset = ct.value = "unset"; ne_snprintf(resp, sizeof resp, "HTTP/1.0 200 OK\r\n" "Content-Length: 0\r\n" "Content-Type: %s\r\n" "\r\n", ctypes[n].value); CALL(make_session(&sess, single_serve_string, resp)); req = ne_request_create(sess, "GET", "/anyfoo"); ONREQ(ne_request_dispatch(req)); rv = ne_get_content_type(req, &ct); ONV(rv == 0 && !ctypes[n].type, ("expected c-t parse failure for %s", ctypes[n].value)); ONV(rv != 0 && ctypes[n].type, ("c-t parse failure %d for %s", rv, ctypes[n].value)); ne_request_destroy(req); ne_session_destroy(sess); CALL(await_server()); if (rv) continue; ONV(strcmp(ct.type, ctypes[n].type), ("for `%s': type was `%s'", ctypes[n].value, ct.type)); ONV(strcmp(ct.subtype, ctypes[n].subtype), ("for `%s': subtype was `%s'", ctypes[n].value, ct.subtype)); ONV(ctypes[n].charset && ct.charset == NULL, ("for `%s': charset unset", ctypes[n].value)); ONV(ctypes[n].charset == NULL && ct.charset != NULL, ("for `%s': unexpected charset `%s'", ctypes[n].value, ct.charset)); ONV(ctypes[n].charset && ct.charset && strcmp(ctypes[n].charset, ct.charset), ("for `%s': charset was `%s'", ctypes[n].value, ct.charset)); ne_free(ct.value); } return OK; } /* Do ranged GET for range 'start' to 'end'; with 'resp' as response. * If 'fail' is non-NULL, expect ne_get_range to fail, and fail the * test with given message if it doesn't. */ static int do_range(off_t start, off_t end, const char *fail, char *resp) { ne_session *sess; ne_content_range range = {0}; int fd, ret; CALL(make_session(&sess, single_serve_string, resp)); range.start = start; range.end = end; fd = open("/dev/null", O_WRONLY); ret = ne_get_range(sess, "/foo", &range, fd); close(fd); ne_close_connection(sess); CALL(await_server()); if (fail) { #if 0 t_warning("error was %s", ne_get_error(sess)); #endif ONV(ret == NE_OK, ("%s", fail)); } else { ONREQ(ret); } ne_session_destroy(sess); return OK; } static int get_range(void) { return do_range(1, 10, NULL, "HTTP/1.1 206 Widgets\r\n" "Connection: close\r\n" "Content-Range: bytes 1-10/10\r\n" "Content-Length: 10\r\n\r\nabcdefghij"); } static int get_eof_range(void) { return do_range(1, -1, NULL, "HTTP/1.1 206 Widgets\r\n" "Connection: close\r\n" "Content-Range: bytes 1-10/10\r\n" "Content-Length: 10\r\n\r\nabcdefghij"); } static int fail_range_length(void) { return do_range(1, 10, "range response length mismatch should fail", "HTTP/1.1 206 Widgets\r\n" "Connection: close\r\n" "Content-Range: bytes 1-2/2\r\n" "Content-Length: 2\r\n\r\nab"); } static int fail_range_units(void) { return do_range(1, 2, "range response units check should fail", "HTTP/1.1 206 Widgets\r\n" "Connection: close\r\n" "Content-Range: fish 1-2/2\r\n" "Content-Length: 2\r\n\r\nab"); } static int fail_range_notrange(void) { return do_range(1, 2, "non-ranged response should fail", "HTTP/1.1 200 Widgets\r\n" "Connection: close\r\n" "Content-Range: bytes 1-2/2\r\n" "Content-Length: 2\r\n\r\nab"); } static int fail_range_unsatify(void) { return do_range(1, 2, "unsatisfiable range should fail", "HTTP/1.1 416 No Go\r\n" "Connection: close\r\n" "Content-Length: 2\r\n\r\nab"); } static int dav_capabilities(void) { static const struct { const char *hdrs; unsigned int class1, class2, exec; } caps[] = { { "DAV: 1,2\r\n", 1, 1, 0 }, { "DAV: 1 2\r\n", 0, 0, 0 }, /* these aren't strictly legal DAV: headers: */ { "DAV: 2,1\r\n", 1, 1, 0 }, { "DAV: 1, 2 \r\n", 1, 1, 0 }, { "DAV: 1\r\nDAV:2\r\n", 1, 1, 0 }, { NULL, 0, 0, 0 } }; char resp[BUFSIZ]; int n; for (n = 0; caps[n].hdrs != NULL; n++) { ne_server_capabilities c = {0}; ne_session *sess; ne_snprintf(resp, BUFSIZ, "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "%s" "\r\n", caps[n].hdrs); CALL(make_session(&sess, single_serve_string, resp)); ONREQ(ne_options(sess, "/foo", &c)); ONV(c.dav_class1 != caps[n].class1, ("class1 was %d not %d", c.dav_class1, caps[n].class1)); ONV(c.dav_class2 != caps[n].class2, ("class2 was %d not %d", c.dav_class2, caps[n].class2)); ONV(c.dav_executable != caps[n].exec, ("class2 was %d not %d", c.dav_executable, caps[n].exec)); CALL(destroy_and_wait(sess)); } return OK; } static int get(void) { ne_session *sess; int fd; CALL(make_session(&sess, single_serve_string, "HTTP/1.0 200 OK\r\n" "Content-Length: 5\r\n" "\r\n" "abcde")); fd = open("/dev/null", O_WRONLY); ONREQ(ne_get(sess, "/getit", fd)); close(fd); return destroy_and_wait(sess); } #define CLASS_12 (NE_CAP_DAV_CLASS1 | NE_CAP_DAV_CLASS2) static int options2(void) { static const struct { const char *hdrs; unsigned int caps; } ts[] = { { "1,2\r\n", CLASS_12 }, { "1 2\r\n", 0 }, /* these aren't strictly legal headers: */ { "2,1\r\n", CLASS_12 }, { " 1, 2 \r\n", CLASS_12 }, { "1\r\nDAV:2\r\n", CLASS_12 }, /* extended types */ { "1, 2, extended-mkcol", CLASS_12 | NE_CAP_EXT_MKCOL }, { NULL, 0 } }; char resp[BUFSIZ]; int n; for (n = 0; ts[n].hdrs != NULL; n++) { ne_session *sess; unsigned int caps; ne_snprintf(resp, BUFSIZ, "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "Content-Length: 0\r\n" "DAV: %s" "\r\n\r\n", ts[n].hdrs); CALL(make_session(&sess, single_serve_string, resp)); ONREQ(ne_options2(sess, "/foo", &caps)); ONV(caps != ts[n].caps, ("capabilities for 'DAV: %s' were 0x%x, expected 0x%x", ts[n].hdrs, caps, ts[n].caps)); CALL(destroy_and_wait(sess)); } return OK; } ne_test tests[] = { T(lookup_localhost), T(content_type), T(get_range), T(get_eof_range), T(fail_range_length), T(fail_range_units), T(fail_range_notrange), T(fail_range_unsatify), T(dav_capabilities), T(get), T(options2), T(NULL) }; neon-0.32.2/test/common/000077500000000000000000000000001416727304000150105ustar00rootroot00000000000000neon-0.32.2/test/common/ChangeLog000066400000000000000000000163221416727304000165660ustar00rootroot00000000000000Wed Aug 25 19:27:26 2004 Joe Orton * child.c (reset_socket): New function. Mon Jul 5 18:38:08 2004 Joe Orton * tests.c (main): Print 'xfail' for expected failures. Tue Oct 7 21:19:56 2003 Joe Orton * child.c (close_socket): New function. (server_child, spawn_server_repeat): Use it. Fri Jul 25 12:13:59 2003 Joe Orton Add support for test type which is expected to fail memory leak checks. * tests.h (T_XLEAKY, T_EXPECT_LEAKS): New defines. * test.c (main) [NEON_MEMLEAK]: If T_EXPECT_LEAKS is set, fail if the test did not leak memory. Wed Jun 18 20:10:45 2003 Joe Orton * child.c (server_child, spawn_server_repeat): Adapt for new socket API. Sun Mar 9 17:52:11 2003 Joe Orton * test.h (T_EXPECT_FAIL): New constant. (T_XFAIL): New test function wrapper. * tests.c (main): Handle expected failures. Sat Mar 1 21:04:35 2003 Joe Orton Extend the ne_test structure with a 'flags' field which can optionally request leak checking at run-time. * tests.h (ne_test): Add 'flags' field. (T_CHECK_LEAKS): New flag. (T): Use T_CHECK_LEAKS flag by default. (T_LEAKY): Like T, but with no flags set. * tests.c (main) [NEON_MEMLEAK]: If leak checking is requested, if a test passes, but leaks memory, fail the test. Wed Feb 26 21:52:15 2003 Joe Orton * tests.c (main): Test the "disable debugging" mode of ne_debug_init, NE_DBG_FLUSH, and a ne_debug() with no output. Fri Aug 23 22:54:35 2002 Joe Orton * tests.c (main): Call ne_sock_init after ne_debug_init, so that debugging messages are caught from ne_sock_init. Print a warning message if ne_sock_init fails. Wed Aug 21 13:29:20 2002 Joe Orton * tests.h (ONCMP): New macro. Mon Aug 19 16:53:20 2002 Joe Orton * child.c (lookup_localhost): Just use inet_addr to resolve 127.0.0.1. Sun Aug 18 13:50:30 2002 Joe Orton * tests.c (TEST_DEBUG): Add NE_DBG_SSL. Sat Aug 10 10:19:18 2002 Joe Orton * child.c (server_send): Fix declaration. (discard_body): Use NE_FMT_SSIZE_T for print ssize_t's. Sat Jul 6 08:42:37 2002 Joe Orton * child.c (discard_body): New function. Sun Jun 30 10:26:33 2002 Joe Orton * child.c (server_send): New function. (discard_request): Fail with appropriate error. Sun Jun 30 09:03:51 2002 Joe Orton * tests.c (main): Reap server after each test has run. Sun Jun 30 09:00:43 2002 Joe Orton * child.c (reap_server): Set `child' to 0 so child can't be reaped twice. Sun Jun 23 12:09:09 2002 Joe Orton * child.c (serve_file): Use large buffer when sending in chunked mode to support large chunk sizes. Sun Jun 23 09:35:09 2002 Joe Orton * child.c (serve_file): Use NE_FMT_OFF_T and NE_FMT_SSIZE_T. Thu May 30 21:57:39 2002 Joe Orton * child.c (minisleep): Export function. Sun May 19 18:23:19 2002 Joe Orton * child.c, tests.c: s/sock_/ne_sock_/, s/SOCK_/NE_SOCK_/ for socket layer API change. * child.h (SEND_STRING): New macro. Sun May 19 08:57:21 2002 Joe Orton * child.c (lookup_hostname): Conditionally use hstrerror(). Mon Feb 25 20:54:56 2002 Joe Orton * tests.c (t_context): Use ne_vsnprintf. Mon Feb 11 21:52:23 2002 Joe Orton * child.c (lookup_hostname): New function. (server_child, do_listen): Pass around struct in_addr argument. (spawn_server_addr): Renamed from spawn_server, take bind_local flag to use localhost or "real" hostname to bind to. (spawn_server): New function, use spawn_server Mon Feb 11 20:51:27 2002 Joe Orton * child.c (minisleep) [HAVE_USLEEP]: Use nice short usleep() rather than boring long sleep(). Sat Feb 2 14:15:25 2002 Joe Orton * child.c (spawn_server_repeat): Exit child process (with failure) if the server callback fails. Fri Jan 4 22:06:17 2002 Joe Orton * tests.h: Add SKIPREST result value. * tests.c (TEST_DEBUG): Add NE_DBG_LOCKS. (main): Support SKIPREST. Tue Jan 1 20:36:58 2002 Joe Orton * tests.h: Make test_suite symbol have external linkage. Sat Nov 10 22:28:55 2001 Joe Orton * tests.c, test.h: Export name of test suite. Sun Nov 4 13:56:42 2001 Joe Orton * child.c (discard_request): Support retrieving arbitrary header values from request via want_request, got_request globals. Wed Oct 24 21:41:39 2001 Joe Orton * tests.h (ONV): New macro. (ON, ONN): Redefine in terms of ONV. Wed Oct 24 20:44:59 2001 Joe Orton * tests.c (main, t_warning, segv): Use colours when stdout is a terminal device. Wed Oct 24 20:36:38 2001 Joe Orton * tests.c (t_context, t_warning): Renamed from i_am, warning. (t_context): Take printf varargs. * tests.h (ONN, ON): Update, simplify. * child.c: Update. Tue Oct 23 22:15:17 2001 Joe Orton * tests.c (main): Vertically align results after warnings. Tue Oct 2 23:36:44 2001 Joe Orton * child.c (do_listen): Refactored from server_socket, only does bind/listen. (spawn_server): Moved awaken/accept calls here. (spawn_server_repeat, dead_server): New functions. Sun Sep 30 10:14:35 2001 Joe Orton * tests.h: Use a function/name structure for tests, add 'T' macro for easily writing initializers. Rename 'name' global variable to 'test_context' to avoid parameter name collisions. * child.c (spawn_server): Update accordingly. * tests.c (i_am): Update accordingly. (main): Update; prettify output using new 'name' from test structure. Cope better when all tests in a suite are skipped. Sat Sep 29 11:04:40 2001 Joe Orton * child.c (serve_file): If 'chunks' is set in argument object, then deliver the file as a series of chunks. Thu Sep 27 20:28:45 2001 Joe Orton * child.c (serve_file): New function. Thu Sep 27 20:28:41 2001 Joe Orton * child.c (discard_request): Reset clength. Mon Aug 27 00:31:09 2001 Joe Orton * tests.c (test_num): Expose test counter. (segv): Handle segfault nicely. Mon Aug 27 00:30:20 2001 Joe Orton * child.c (discard_request): New function, from request.c in neon/test. Wed Aug 8 22:09:21 2001 Joe Orton * tests.c, test.h: Only define test_argc/argv once. Mon Jul 16 16:30:28 2001 Joe Orton * tests.c (warning): Take printf-style arguments list. Mon Jul 16 16:16:08 2001 Joe Orton * tests.c (main): Cope with skipped tests properly. Mon Jul 16 16:00:59 2001 Joe Orton * tests.c (warning): New function. (main): Cope with warnings. Sun Jul 8 16:09:33 2001 Joe Orton * tests.c (main): Export argc/argv as test_argc, test_argv. neon-0.32.2/test/common/README000066400000000000000000000001401416727304000156630ustar00rootroot00000000000000 Simple test framework for neon; licensed under the GNU GPL. Copyright (C) 2001-2002 Joe Orton neon-0.32.2/test/common/child.c000066400000000000000000000302141416727304000162370ustar00rootroot00000000000000/* Framework for testing with a server process Copyright (C) 2001-2010, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include #include #include #include #include #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #include #include #include #include "ne_socket.h" #include "ne_utils.h" #include "ne_string.h" #include "tests.h" #include "child.h" static pid_t child = 0; int clength; static struct in_addr lh_addr, hn_addr; static int have_lh_addr; const char *want_header = NULL; got_header_fn got_header = NULL; char *local_hostname = NULL; /* If we have pipe(), then use a pipe between the parent and child to * know when the child is ready to accept incoming connections. * Otherwise use boring sleep()s trying to avoid the race condition * between listen() and connect() in the two processes. */ #ifdef HAVE_PIPE #define USE_PIPE 1 #endif int lookup_localhost(void) { /* this will break if a system is set up so that `localhost' does * not resolve to 127.0.0.1, but... */ lh_addr.s_addr = inet_addr("127.0.0.1"); have_lh_addr = 1; return OK; } int lookup_hostname(void) { char buf[BUFSIZ]; struct hostent *ent; local_hostname = NULL; ONV(gethostname(buf, BUFSIZ) < 0, ("gethostname failed: %s", strerror(errno))); ent = gethostbyname(buf); #ifdef HAVE_HSTRERROR ONV(ent == NULL, ("could not resolve `%s': %s", buf, hstrerror(h_errno))); #else ONV(ent == NULL, ("could not resolve `%s'", buf)); #endif local_hostname = ne_strdup(ent->h_name); return OK; } static int do_listen(struct in_addr addr, int port) { int ls = socket(AF_INET, SOCK_STREAM, 0); struct sockaddr_in saddr = {0}; int val = 1; setsockopt(ls, SOL_SOCKET, SO_REUSEADDR, (void *)&val, sizeof(int)); saddr.sin_addr = addr; saddr.sin_port = htons(port); saddr.sin_family = AF_INET; if (bind(ls, (struct sockaddr *)&saddr, sizeof(saddr))) { printf("bind failed: %s\n", strerror(errno)); return -1; } if (listen(ls, 5)) { printf("listen failed: %s\n", strerror(errno)); return -1; } return ls; } void minisleep(void) { #ifdef HAVE_USLEEP usleep(500); #else sleep(1); #endif } int reset_socket(ne_socket *sock) { #ifdef SO_LINGER /* Stevens' magic trick to send an RST on close(). */ struct linger l = {1, 0}; return setsockopt(ne_sock_fd(sock), SOL_SOCKET, SO_LINGER, &l, sizeof l); #else return 1; #endif } /* close 'sock', performing lingering close to avoid premature RST. */ static int close_socket(ne_socket *sock) { int ret; char buf[20]; ret = ne_sock_shutdown(sock, NE_SOCK_SEND); if (ret == 0) { NE_DEBUG(NE_DBG_SOCKET, "ssl: Socket cleanly closed.\n"); } else { NE_DEBUG(NE_DBG_SOCKET, "sock: Socket closed uncleanly: %s\n", ne_sock_error(sock)); } NE_DEBUG(NE_DBG_SSL, "sock: Lingering close...\n"); ne_sock_read_timeout(sock, 5); while (ne_sock_read(sock, buf, sizeof buf) > 0); NE_DEBUG(NE_DBG_SSL, "sock: Closing socket.\n"); ret = ne_sock_close(sock); NE_DEBUG(NE_DBG_SSL, "sock: Socket closed (%d).\n", ret); return ret; } /* This runs as the child process. */ static int server_child(int readyfd, struct in_addr addr, int port, server_fn callback, void *userdata) { ne_socket *s = ne_sock_create(); int ret, listener; in_child(); listener = do_listen(addr, port); if (listener < 0) return FAIL; #ifdef USE_PIPE /* Tell the parent we're ready for the request. */ if (write(readyfd, "a", 1) != 1) abort(); #endif ONN("accept failed", ne_sock_accept(s, listener)); ret = callback(s, userdata); close_socket(s); return ret; } int spawn_server(int port, server_fn fn, void *ud) { return spawn_server_addr(1, port, fn, ud); } int spawn_server_addr(int bind_local, int port, server_fn fn, void *ud) { int fds[2]; struct in_addr addr; addr = bind_local?lh_addr:hn_addr; #ifdef USE_PIPE if (pipe(fds)) { perror("spawn_server: pipe"); return FAIL; } #else /* avoid using uninitialized variable. */ fds[0] = fds[1] = 0; #endif child = fork(); ONN("fork server", child == -1); if (child == 0) { /* this is the child. */ int ret; ret = server_child(fds[1], addr, port, fn, ud); #ifdef USE_PIPE close(fds[0]); close(fds[1]); #endif /* print the error out otherwise it gets lost. */ if (ret) { printf("server child failed (%s): %s\n", tests[test_num].name, test_context); } /* and quit the child. */ NE_DEBUG(NE_DBG_HTTP, "child exiting with %d\n", ret); exit(ret); } else { char ch; #ifdef USE_PIPE if (read(fds[0], &ch, 1) < 0) perror("parent read"); close(fds[0]); close(fds[1]); #else minisleep(); #endif return OK; } } int new_spawn_server(int count, server_fn fn, void *userdata, unsigned int *port) { ne_inet_addr *addr = NULL; int ret; ret = new_spawn_server2(count, fn, userdata, &addr, port); if (addr) ne_iaddr_free(addr); return ret; } int new_spawn_server2(int count, server_fn fn, void *userdata, ne_inet_addr **addr, unsigned int *port) { struct sockaddr_in sa; socklen_t salen = sizeof sa; int ls; if (!have_lh_addr) lookup_localhost(); ls = do_listen(lh_addr, 0); ONN("could not bind/listen fd for server", ls < 0); ONV(getsockname(ls, &sa, &salen) != 0, ("could not get socket name for listening fd: %s", strerror(errno))); *port = ntohs(sa.sin_port); *addr = ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)&lh_addr.s_addr); NE_DEBUG(NE_DBG_SOCKET, "child using port %u\n", *port); NE_DEBUG(NE_DBG_SOCKET, "child forking now...\n"); child = fork(); ONN("failed to fork server", child == -1); if (child == 0) { int ret, iter = 1; in_child(); NE_DEBUG(NE_DBG_SOCKET, ">>> child spawned, port %u, %d iterations.\n", *port, count); do { ne_socket *sock = ne_sock_create(); char errbuf[256]; int cret; NE_DEBUG(NE_DBG_HTTP, "child iteration #%d (of %d), " "awaiting connection...\n", iter, count); if (ne_sock_accept(sock, ls)) { t_context("Server child could not accept connection: %s", ne_sock_error(sock)); exit(FAIL); } NE_DEBUG(NE_DBG_HTTP, "child got connection, invoking server\n"); ret = fn(sock, userdata); NE_DEBUG(NE_DBG_HTTP, "child iteration #%d returns %d\n", iter, ret); cret = close_socket(sock); NE_DEBUG(NE_DBG_HTTP, "child closed connection, %d: %s.\n", cret, cret ? ne_strerror(cret, errbuf, sizeof errbuf) : "no error"); } while (ret == 0 && ++iter <= count); NE_DEBUG(NE_DBG_HTTP, "child terminating with %d\n", ret); exit(ret); } close(ls); return OK; } int dead_server(void) { int status; if (waitpid(child, &status, WNOHANG)) { /* child quit already! */ return FAIL; } NE_DEBUG(NE_DBG_HTTP, "child has not quit.\n"); return OK; } int destroy_and_wait(ne_session *sess) { ne_session_destroy(sess); return await_server(); } int await_server(void) { int status, code; (void) wait(&status); /* so that we aren't reaped by mistake. */ child = 0; if (WIFEXITED(status)) { code = WEXITSTATUS(status); ONV(code, ("server process terminated abnormally: %s (%d)", code == FAIL ? "FAIL" : "error", code)); } else { ONV(WIFSIGNALED(status), ("server process terminated by signal %d", WTERMSIG(status))); } return OK; } int reap_server(void) { int status; if (child != 0) { (void) kill(child, SIGTERM); minisleep(); (void) wait(&status); child = 0; } return OK; } ssize_t server_send(ne_socket *sock, const char *str, size_t len) { NE_DEBUG(NE_DBG_HTTP, "Sending: %.*s\n", (int)len, str); return ne_sock_fullwrite(sock, str, len); } int discard_request(ne_socket *sock) { char buffer[1024]; size_t offset = want_header?strlen(want_header):0; clength = 0; NE_DEBUG(NE_DBG_HTTP, "Discarding request...\n"); do { ONV(ne_sock_readline(sock, buffer, 1024) < 0, ("error reading line: %s", ne_sock_error(sock))); NE_DEBUG(NE_DBG_HTTP, "[req] %s", buffer); if (strncasecmp(buffer, "content-length:", 15) == 0) { clength = atoi(buffer + 16); } if (got_header != NULL && want_header != NULL && strncasecmp(buffer, want_header, offset) == 0 && buffer[offset] == ':') { char *value = buffer + offset + 1; if (*value == ' ') value++; got_header(ne_shave(value, "\r\n")); } } while (strcmp(buffer, "\r\n") != 0); return OK; } int error_response(ne_socket *sock, int ret) { char resp[1024]; ne_snprintf(resp, sizeof resp, "HTTP/1.1 500 Server Test Failed\r\n" "X-Neon-Context: %s\r\n" "Content-Length: 0\r\n" "Connection: close\r\n" "\r\n", test_context); SEND_STRING(sock, resp); return ret; } int discard_body(ne_socket *sock) { while (clength > 0) { char buf[BUFSIZ]; size_t bytes = clength; ssize_t ret; if (bytes > sizeof(buf)) bytes = sizeof(buf); NE_DEBUG(NE_DBG_HTTP, "Discarding %" NE_FMT_SIZE_T " bytes.\n", bytes); ret = ne_sock_read(sock, buf, bytes); ONV(ret < 0, ("socket read failed (%" NE_FMT_SSIZE_T "): %s", ret, ne_sock_error(sock))); clength -= ret; NE_DEBUG(NE_DBG_HTTP, "Got %" NE_FMT_SSIZE_T " bytes.\n", ret); } NE_DEBUG(NE_DBG_HTTP, "Discard successful.\n"); return OK; } int serve_file(ne_socket *sock, void *ud) { char buffer[BUFSIZ]; struct stat st; struct serve_file_args *args = ud; ssize_t ret; int fd; CALL(discard_request(sock)); ne_sock_fullread(sock, buffer, clength); fd = open(args->fname, O_RDONLY); if (fd < 0) { SEND_STRING(sock, "HTTP/1.0 404 File Not Found\r\n" "Content-Length: 0\r\n\r\n"); return 0; } ONN("fstat fd", fstat(fd, &st)); SEND_STRING(sock, "HTTP/1.0 200 OK\r\n"); if (args->chunks) { sprintf(buffer, "Transfer-Encoding: chunked\r\n"); } else { sprintf(buffer, "Content-Length: %" NE_FMT_OFF_T "\r\n", st.st_size); } if (args->headers) { strcat(buffer, args->headers); } strcat(buffer, "\r\n"); SEND_STRING(sock, buffer); NE_DEBUG(NE_DBG_HTTP, "Serving %s (%" NE_FMT_OFF_T " bytes).\n", args->fname, st.st_size); if (args->chunks) { char buf[1024]; while ((ret = read(fd, &buf, args->chunks)) > 0) { /* this is a small integer, cast it explicitly to avoid * warnings with printing an ssize_t. */ sprintf(buffer, "%x\r\n", (unsigned int)ret); SEND_STRING(sock, buffer); ONN("writing body", ne_sock_fullwrite(sock, buf, ret)); SEND_STRING(sock, "\r\n"); } SEND_STRING(sock, "0\r\n\r\n"); } else { while ((ret = read(fd, buffer, BUFSIZ)) > 0) { ONN("writing body", ne_sock_fullwrite(sock, buffer, ret)); } } ONN("error reading from file", ret < 0); (void) close(fd); return OK; } neon-0.32.2/test/common/child.h000066400000000000000000000111101416727304000162360ustar00rootroot00000000000000/* Framework for testing with a server process Copyright (C) 2001-2004, 2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifndef CHILD_H #define CHILD_H 1 #include "config.h" #ifdef HAVE_STRING_H #include /* for strlen() */ #endif #include "ne_socket.h" #include "ne_session.h" /* Test which does DNS lookup on "localhost": this must be the first * named test. */ int lookup_localhost(void); /* Test which looks up real local hostname. */ int lookup_hostname(void); /* set to local hostname if lookup_hostname succeeds. */ extern char *local_hostname; /* Callback for spawn_server. */ typedef int (*server_fn)(ne_socket *sock, void *userdata); /* Spawns server child process: * - forks child process. * - child process listens on localhost at given port. * - when you connect to it, 'fn' is run... * fn is passed the client/server socket as first argument, * and userdata as second. * - the socket is closed when 'fn' returns, so don't close in in 'fn'. */ int spawn_server(int port, server_fn fn, void *userdata); /* Like spawn_server; if bind_local is non-zero, binds server to * localhost, otherwise, binds server to real local hostname. (must * have called lookup_localhost or lookup_hostname as appropriate * beforehand). */ int spawn_server_addr(int bind_local, int port, server_fn fn, void *userdata); /* Forks a server child process running 'fn(userdata)' on an * unspecified port. Sets test suite error on failure; on success, * sets *port to bound port number. */ int new_spawn_server(int count, server_fn fn, void *userdata, unsigned int *port); /* As per new_spawn_server, but also returns the bound address as *addr. */ int new_spawn_server2(int count, server_fn fn, void *userdata, ne_inet_addr **addr, unsigned int *port); /* Blocks until child process exits, and gives return code of 'fn'. */ int await_server(void); /* Destroys session 'sess' and then is equivalent to await_server. */ int destroy_and_wait(ne_session *sess); /* Kills child process. */ int reap_server(void); /* Returns non-zero if server process has already died. */ int dead_server(void); /* If discard_request comes across a header called 'want_header', it * will call got_header passing the header field value. */ extern const char *want_header; typedef void (*got_header_fn)(char *value); extern got_header_fn got_header; /* Send string to child; ne_sock_fullwrite with debugging. */ ssize_t server_send(ne_socket *sock, const char *data, size_t len); /* Utility macro: send given string down socket. */ #define SEND_STRING(sock, str) server_send((sock), (str), strlen((str))) /* If test result 'err' is not OK, return an HTTP 500 error response * including the test context in a response header. */ #define ONERR(sock, err) do { int ret_ = (err); if (ret_) return error_response(sock, ret_); } while (0) /* Send an HTTP error response including the test context in a * response header. */ int error_response(ne_socket *sock, int ret); /* Tries to ensure that the socket will be closed using RST rather * than FIN. */ int reset_socket(ne_socket *sock); /* Utility function: discard request. Sets context on error. */ int discard_request(ne_socket *sock); /* Utility function: discard request body. Sets context on error. */ int discard_body(ne_socket *sock); struct serve_file_args { const char *fname; const char *headers; int chunks; }; /* Utility function: callback for spawn_server: pass pointer to * serve_file_args as userdata, and args->fname is served as a 200 * request. If args->headers is non-NULL, it must be a set of * CRLF-terminated lines which is added in to the response headers. * If args->chunks is non-zero, the file is delivered using chunks of * that size. */ int serve_file(ne_socket *sock, void *ud); /* set to value of C-L header by discard_request. */ extern int clength; /* Sleep for a short time. */ void minisleep(void); #endif /* CHILD_H */ neon-0.32.2/test/common/run.sh000077500000000000000000000003371416727304000161560ustar00rootroot00000000000000#!/bin/sh rm -f debug.log rm -f child.log # for shared builds. LD_LIBRARY_PATH=../src/.libs:$LD_LIBRARY_PATH export LD_LIBRARY_PATH for f in $*; do if ./$f; then : else echo FAILURE exit 1 fi done exit 0 neon-0.32.2/test/common/tests.c000066400000000000000000000261121416727304000163200ustar00rootroot00000000000000/* Stupidly simple test framework Copyright (C) 2001-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include #ifdef HAVE_SIGNAL_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_LOCALE_H #include #endif #include "ne_string.h" #include "ne_utils.h" #include "ne_socket.h" #include "ne_i18n.h" #include "tests.h" #include "child.h" char test_context[BUFSIZ]; int have_context = 0; static FILE *child_debug, *debug; char **test_argv; int test_argc; const char *test_suite; int test_num; static int quiet, count; /* statistics for all tests so far */ static int passes = 0, fails = 0, skipped = 0, warnings = 0; /* per-test globals: */ static int warned, aborted = 0; static const char *test_name; /* current test name */ static int use_colour = 0; static int flag_child; /* resource for ANSI escape codes: * http://www.isthe.com/chongo/tech/comp/ansi_escapes.html */ #define COL(x) do { if (use_colour) printf("\033[" x "m"); } while (0) #define NOCOL COL("00") void t_context(const char *context, ...) { va_list ap; va_start(ap, context); ne_vsnprintf(test_context, BUFSIZ, context, ap); va_end(ap); if (flag_child) { NE_DEBUG(NE_DBG_HTTP, "context: %s\n", test_context); } have_context = 1; } void t_warning(const char *str, ...) { va_list ap; COL("43;01"); printf("WARNING:"); NOCOL; putchar(' '); va_start(ap, str); vprintf(str, ap); va_end(ap); warnings++; warned++; putchar('\n'); } #define TEST_DEBUG \ (NE_DBG_HTTP | NE_DBG_SOCKET | NE_DBG_HTTPBODY | NE_DBG_HTTPAUTH | \ NE_DBG_LOCKS | NE_DBG_XMLPARSE | NE_DBG_XML | NE_DBG_SSL | \ NE_DBG_HTTPPLAIN) #define W(m) do { if (write(0, m, strlen(m)) < 0) _exit(99); } while(0) #define W_RED(m) do { if (use_colour) W("\033[41;37;01m"); \ W(m); if (use_colour) W("\033[00m\n"); } while (0); /* Signal handler for child processes. */ static void child_segv(int signo) { signal(SIGSEGV, SIG_DFL); signal(SIGABRT, SIG_DFL); W_RED("Fatal signal in child!"); kill(getpid(), SIGSEGV); minisleep(); } /* Signal handler for parent process. */ static void parent_segv(int signo) { signal(SIGSEGV, SIG_DFL); signal(SIGABRT, SIG_DFL); if (signo == SIGSEGV) { W_RED("FAILED - segmentation fault"); } else if (signo == SIGABRT) { W_RED("ABORTED"); } reap_server(); kill(getpid(), SIGSEGV); minisleep(); } void in_child(void) { ne_debug_init(child_debug, TEST_DEBUG); NE_DEBUG(TEST_DEBUG, "**** Child forked for test %s ****\n", test_name); signal(SIGSEGV, child_segv); signal(SIGABRT, child_segv); flag_child = 1; } static const char dots[] = "......................"; static void print_prefix(int n) { if (quiet) { printf("\r%s%.*s %2u/%2u ", test_suite, (int) (strlen(dots) - strlen(test_suite)), dots, n + 1, count); } else { if (warned) { printf(" %s ", dots); } else { printf("\r%2d. %s%.*s ", n, test_name, (int) (strlen(dots) - strlen(test_name)), dots); } } fflush(stdout); } int main(int argc, char *argv[]) { int n; char *tmp; /* get basename(argv[0]) */ test_suite = strrchr(argv[0], '/'); if (test_suite == NULL) { test_suite = argv[0]; } else { test_suite++; } if (strncmp(test_suite, "lt-", 3) == 0) test_suite += 3; #ifdef HAVE_SETLOCALE setlocale(LC_MESSAGES, ""); #endif ne_i18n_init(NULL); #if defined(HAVE_ISATTY) && defined(STDOUT_FILENO) if (isatty(STDOUT_FILENO)) { use_colour = 1; } #endif test_argc = argc; test_argv = argv; debug = fopen("debug.log", "a"); if (debug == NULL) { fprintf(stderr, "%s: Could not open debug.log: %s\n", test_suite, strerror(errno)); return -1; } child_debug = fopen("child.log", "a"); if (child_debug == NULL) { fprintf(stderr, "%s: Could not open child.log: %s\n", test_suite, strerror(errno)); fclose(debug); return -1; } if (tests[0].fn == NULL) { printf("-> no tests found in `%s'\n", test_suite); return -1; } /* install special SEGV handler. */ signal(SIGSEGV, parent_segv); signal(SIGABRT, parent_segv); /* test the "no-debugging" mode of ne_debug. */ ne_debug_init(NULL, 0); NE_DEBUG(TEST_DEBUG, "This message should go to /dev/null"); /* enable debugging for real. */ ne_debug_init(debug, TEST_DEBUG); NE_DEBUG(TEST_DEBUG | NE_DBG_FLUSH, "Version string: %s\n", ne_version_string()); /* another silly test. */ NE_DEBUG(0, "This message should also go to /dev/null"); if (ne_sock_init()) { COL("43;01"); printf("WARNING:"); NOCOL; printf(" Socket library initialization failed.\n"); } if ((tmp = getenv("TEST_QUIET")) != NULL && strcmp(tmp, "1") == 0) { quiet = 1; } if (!quiet) printf("-> running `%s':\n", test_suite); for (count = 0; tests[count].fn; count++) /* nullop */; for (n = 0; !aborted && tests[n].fn != NULL; n++) { int result, is_xfail = 0; #ifdef NEON_MEMLEAK size_t allocated = ne_alloc_used; int is_xleaky = 0; #endif test_name = tests[n].name; print_prefix(n); have_context = 0; test_num = n; warned = 0; fflush(stdout); NE_DEBUG(TEST_DEBUG, "******* Running test %d: %s ********\n", n, test_name); /* run the test. */ result = tests[n].fn(); #ifdef NEON_MEMLEAK /* issue warnings for memory leaks, if requested */ if ((tests[n].flags & T_CHECK_LEAKS) && result == OK && ne_alloc_used > allocated) { t_context("memory leak of %" NE_FMT_SIZE_T " bytes", ne_alloc_used - allocated); fprintf(debug, "Blocks leaked: "); ne_alloc_dump(debug); result = FAIL; } else if (tests[n].flags & T_EXPECT_LEAKS && result == OK && ne_alloc_used == allocated) { t_context("expected memory leak not detected"); result = FAIL; } else if (tests[n].flags & T_EXPECT_LEAKS && result == OK) { fprintf(debug, "Blocks leaked (expected): "); ne_alloc_dump(debug); is_xleaky = 1; } #endif if (tests[n].flags & T_EXPECT_FAIL) { if (result == OK) { t_context("test passed but expected failure"); result = FAIL; } else if (result == FAIL) { result = OK; is_xfail = 1; } } print_prefix(n); switch (result) { case OK: passes++; if (is_xfail) { COL("32;07"); printf("XFAIL"); } else if (!quiet) { COL("32"); printf("pass"); } NOCOL; if (quiet && is_xfail) { printf(" - %s", test_name); if (have_context) { printf(" (%s)", test_context); } } if (warned && !quiet) { printf(" (with %d warning%s)", warned, (warned > 1)?"s":""); } #ifdef NEON_MEMLEAK if (is_xleaky) { if (quiet) { printf("expected leak - %s: %" NE_FMT_SIZE_T " bytes", test_name, ne_alloc_used - allocated); } else { printf(" (expected leak, %" NE_FMT_SIZE_T " bytes)", ne_alloc_used - allocated); } } #endif if (!quiet || is_xfail) putchar('\n'); break; case FAILHARD: aborted = 1; COL("41;37;01"); printf("fatal error - "); NOCOL; /* fall-through */ case FAIL: COL("41;37;01"); printf("FAIL"); NOCOL; if (quiet) { printf(" - %s", test_name); } if (have_context) { printf(" (%s)", test_context); } putchar('\n'); fails++; break; case SKIPREST: aborted = 1; /* fall-through */ case SKIP: COL("44;37;01"); printf("SKIPPED"); NOCOL; if (quiet) { printf(" - %s", test_name); } if (have_context) { printf(" (%s)", test_context); } putchar('\n'); skipped++; break; default: COL("41;37;01"); printf("OOPS"); NOCOL; printf(" unexpected test result `%d'\n", result); break; } reap_server(); if (quiet) { print_prefix(n); } } /* discount skipped tests */ if (skipped) { if (!quiet) printf("-> %d %s.\n", skipped, skipped == 1 ? "test was skipped" : "tests were skipped"); n -= skipped; } /* print the summary. */ if (skipped && n == 0) { if (quiet) puts("(all skipped)"); else printf("<- all tests skipped for `%s'.\n", test_suite); } else { if (quiet) { printf("\r%s%.*s %2u/%2u ", test_suite, (int) (strlen(dots) - strlen(test_suite)), dots, passes, count); if (fails == 0) { COL("32"); printf("passed"); NOCOL; putchar(' '); } else { printf("passed, %d failed ", fails); } if (skipped) printf("(%d skipped) ", skipped); } else /* !quiet */ printf("<- summary for `%s': " "of %d tests run: %d passed, %d failed. %.1f%%\n", test_suite, n, passes, fails, 100*(float)passes/n); if (warnings) { if (quiet) { printf("(%d warning%s)\n", warnings, warnings > 1 ? "s" : ""); } else { printf("-> %d warning%s issued.\n", warnings, warnings==1?" was":"s were"); } } else if (quiet) { putchar('\n'); } } if (fclose(debug)) { fprintf(stderr, "Error closing debug.log: %s\n", strerror(errno)); fails = 1; } if (fclose(child_debug)) { fprintf(stderr, "Error closing child.log: %s\n", strerror(errno)); fails = 1; } ne_sock_exit(); return fails; } neon-0.32.2/test/common/tests.h000066400000000000000000000105401416727304000163230ustar00rootroot00000000000000/* Stupidly simple test framework Copyright (C) 2001-2004, Joe Orton This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef TESTS_H #define TESTS_H 1 #ifdef HAVE_STRING_H #include #endif #include #define OK 0 #define FAIL 1 #define FAILHARD 2 /* fail and skip all succeeding tests in this suite. */ #define SKIP 3 /* test was skipped because precondition was not met */ #define SKIPREST 4 /* skipped, and skip all succeeding tests in suite */ /* A test function. Must return any of OK, FAIL, FAILHARD, SKIP, or * SKIPREST. May call t_warning() any number of times. If not * returning OK, optionally call t_context to provide an error * message. */ typedef int (*test_func)(void); typedef struct { test_func fn; /* the function to test. */ const char *name; /* the name of the test. */ int flags; } ne_test; /* possible values for flags: */ #define T_CHECK_LEAKS (1) /* check for memory leaks */ #define T_EXPECT_FAIL (2) /* expect failure */ #define T_EXPECT_LEAKS (4) /* expect memory leak failures */ /* array of tests to run: must be defined by each test suite. */ extern ne_test tests[]; /* define a test function which has the same name as the function, * and does check for memory leaks. */ #define T(fn) { fn, #fn, T_CHECK_LEAKS } /* define a test function which is expected to return FAIL. */ #define T_XFAIL(fn) { fn, #fn, T_EXPECT_FAIL | T_CHECK_LEAKS } /* define a test function which isn't checked for memory leaks. */ #define T_LEAKY(fn) { fn, #fn, 0 } /* define a test function which is expected to fail memory leak checks */ #define T_XLEAKY(fn) { fn, #fn, T_EXPECT_LEAKS } /* current test number */ extern int test_num; /* name of test suite */ extern const char *test_suite; /* Provide result context message. */ void t_context(const char *ctx, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif /* __GNUC__ */ ; extern char test_context[]; /* the command-line arguments passed in to the test suite: */ extern char **test_argv; extern int test_argc; /* child process should call this. */ void in_child(void); /* issue a warning. */ void t_warning(const char *str, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif /* __GNUC__ */ ; /* Macros for easily writing is-not-zero comparison tests; the ON* * macros fail the function if a comparison is not zero. * * ONV(x,vs) takes a comparison X, and a printf varargs list for * the failure message. * e.g. ONV(strcmp(bar, "foo"), ("bar was %s not 'foo'", bar)) * * ON(x) takes a comparison X, and uses the line number for the failure * message. e.g. ONV(strcmp(bar, "foo")) * * ONN(n, x) takes a comparison X, and a flat string failure message. * e.g. ONN("foo was wrong", strcmp(bar, "foo")) */ #define ONV(x,vs) do { if ((x)) { t_context vs; return FAIL; } } while (0) #define ON(x) ONV((x), ("line %d", __LINE__ )) #define ONN(n,x) ONV((x), (n)) /* ONCMP(exp, act, name): 'exp' is the expected string, 'act' is the * actual string for some field 'name'. Succeeds if strcmp(exp,act) * == 0 or both are NULL. */ #define ONCMP(exp, act, ctx, name) do { \ ONV(exp && !act, ("%s: " name " was NULL, expected '%s'", ctx, exp)); \ ONV(!exp && act, ("%s: " name " was '%s', expected NULL", ctx, act)); \ ONV(exp && strcmp(exp, act), ("%s: " name " was '%s' not '%s'", ctx, act, exp)); \ } while (0) /* return immediately with result of test 'x' if it fails. */ #define CALL(x) do { int t_ret = (x); if (t_ret != OK) return t_ret; } while (0) /* PRECOND: skip current test if condition 'x' is not true. */ #define PRECOND(x) do { if (!(x)) { return SKIP; } } while (0) #endif /* TESTS_H */ neon-0.32.2/test/compress.c000066400000000000000000000246221416727304000155250ustar00rootroot00000000000000/* tests for compressed response handling. Copyright (C) 2001-2008, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #ifdef HAVE_UNISTD_H #include #endif #include "ne_compress.h" #include "ne_auth.h" #include "tests.h" #include "child.h" #include "utils.h" static enum { f_partial = 0, f_mismatch, f_complete } failed; static const char newsfn[] = "random.txt", hellofn[] = "hello.txt"; static int init(void) { return lookup_localhost(); } #define EXTRA_DEBUG 0 /* disabled by default */ static int reader(void *ud, const char *block, size_t len) { struct string *b = ud; #if EXTRA_DEBUG NE_DEBUG(NE_DBG_HTTP, "reader: got (%d): [[[%.*s]]]\n", (int)len, (int)len, block); #endif if (failed == f_mismatch) return -1; /* catch multiple len == 0 call as issued by 0.25.0 only: */ if (failed == f_complete) { NE_DEBUG(NE_DBG_HTTP, "reader: called after complete, len=%d\n", (int)len); failed = f_mismatch; return -1; } if (failed == f_partial && len == 0) { if (b->len != 0) { NE_DEBUG(NE_DBG_HTTP, "reader: got length %d at EOF\n", (int)b->len); failed = f_mismatch; } else { failed = f_complete; } return 0; } if (len > b->len || memcmp(b->data, block, len) != 0) { NE_DEBUG(NE_DBG_HTTP, "reader: failed, got [[%.*s]] not [[%.*s]]\n", (int)len, block, (int)b->len, b->data); failed = f_mismatch; return -1; } else { b->data += len; b->len -= len; #if EXTRA_DEBUG NE_DEBUG(NE_DBG_HTTP, "reader: OK, %d bytes remaining\n", (int)b->len); #endif } return 0; } static int do_fetch(const char *realfn, const char *gzipfn, int chunked, int expect_fail) { ne_session *sess; ne_request *req; int ret; ne_buffer *buf = ne_buffer_create(); struct serve_file_args sfargs; ne_decompress *dc; struct string body; CALL(file_to_buffer(realfn, buf)); body.data = buf->data; body.len = buf->used - 1; failed = f_partial; if (gzipfn) { sfargs.fname = gzipfn; sfargs.headers = "Content-Encoding: gzip\r\n"; } else { sfargs.fname = realfn; sfargs.headers = NULL; } sfargs.chunks = chunked; CALL(make_session(&sess, serve_file, &sfargs)); req = ne_request_create(sess, "GET", "/"); dc = ne_decompress_reader(req, ne_accept_2xx, reader, &body); #ifdef NE_DEBUGGING ne_debug_init(ne_debug_stream, ne_debug_mask & ~NE_DBG_HTTPBODY); #endif ret = ne_request_dispatch(req); #ifdef NE_DEBUGGING ne_debug_init(ne_debug_stream, ne_debug_mask | NE_DBG_HTTPBODY); #endif ONN("file not served", ne_get_status(req)->code != 200); ONN("decompress succeeded", expect_fail && !ret); ONV(!expect_fail && ret, ("decompress failed: %s", ne_get_error(sess))); NE_DEBUG(NE_DBG_HTTP, "session error: %s\n", ne_get_error(sess)); ne_decompress_destroy(dc); ne_request_destroy(req); ne_session_destroy(sess); ne_buffer_destroy(buf); if (expect_fail) { /* if the decompress callback fails, the connection may * be aborted and hence the server will abort. */ reap_server(); } else { CALL(await_server()); } if (!expect_fail) { ONN("inflated response truncated", failed == f_partial); ONN("inflated response mismatch", failed == f_mismatch); } return OK; } static int fetch(const char *realfn, const char *gzipfn, int chunked) { return do_fetch(realfn, gzipfn, chunked, 0); } /* Test the no-compression case. */ static int not_compressed(void) { return fetch(newsfn, NULL, 0); } static int simple(void) { return fetch(newsfn, "file1.gz", 0); } /* Triggers -fsanitizer=shift. */ static int hello(void) { return fetch(hellofn, "hello.gz", 0); } /* file1.gz has an embedded filename. */ static int withname(void) { return fetch(newsfn, "file2.gz", 0); } /* deliver various different sizes of chunks: tests the various * decoding cases. */ static int chunked_1b_wn(void) { return fetch(newsfn, "file2.gz", 1); } static int chunked_1b(void) { return fetch(newsfn, "file1.gz", 1); } static int chunked_12b(void) { return fetch(newsfn, "file2.gz", 12); } static int chunked_20b(void) { return fetch(newsfn, "file2.gz", 20); } static int chunked_10b(void) { return fetch(newsfn, "file1.gz", 10); } static int chunked_10b_wn(void) { return fetch(newsfn, "file2.gz", 10); } static int fail_trailing(void) { return do_fetch(newsfn, "trailing.gz", 0, 1); } static int fail_trailing_1b(void) { return do_fetch(newsfn, "trailing.gz", 1, 1); } static int fail_truncate(void) { return do_fetch(newsfn, "truncated.gz", 0, 1); } static int fail_bad_csum(void) { return do_fetch(newsfn, "badcsum.gz", 0, 1); } static int fail_corrupt1(void) { return do_fetch(newsfn, "corrupt1.gz", 0, 1); } static int fail_corrupt2(void) { return do_fetch(newsfn, "corrupt2.gz", 0, 1); } static int fail_empty(void) { return do_fetch(newsfn, "empty.gz", 0, 1); } static int notcomp_empty(void) { return fetch("empty.gz", NULL, 0); } static int auth_cb(void *userdata, const char *realm, int tries, char *un, char *pw) { strcpy(un, "foo"); strcpy(pw, "bar"); return tries; } static int retry_compress_helper(ne_accept_response acceptor, struct double_serve_args *args, struct string *expect) { ne_session *sess; ne_request *req; ne_decompress *dc; CALL(make_session(&sess, double_serve_sstring, args)); ne_set_server_auth(sess, auth_cb, NULL); req = ne_request_create(sess, "GET", "/"); dc = ne_decompress_reader(req, acceptor, reader, expect); failed = f_partial; ONREQ(ne_request_dispatch(req)); ne_decompress_destroy(dc); ONN("got bad response body", failed != f_complete); ne_request_destroy(req); return destroy_and_wait(sess); } #define SSTRING(x) { x, sizeof(x) - 1 } static struct double_serve_args retry_gz_args = { SSTRING("HTTP/1.1 401 Get Away\r\n" "Content-Encoding: gzip\r\n" "WWW-Authenticate: Basic realm=WallyWorld\r\n" "Content-Length: 5\r\n" "\r\n" "abcde"), SSTRING("HTTP/1.1 200 OK\r\n" "Server: foo\r\n" "Content-Length: 5\r\n" "Connection: close\r\n" "\r\n" "hello") }; /* Test where the response to the retried request does *not* have * a content-encoding, whereas the original 401 response did. */ static int retry_notcompress(void) { struct string expect = { "hello", 5 }; return retry_compress_helper(ne_accept_2xx, &retry_gz_args, &expect); } static struct double_serve_args retry_gz_args2 = { SSTRING("HTTP/1.1 401 Get Away\r\n" "Content-Encoding: gzip\r\n" "WWW-Authenticate: Basic realm=WallyWorld\r\n" "Content-Length: 25\r\n" "\r\n" "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\xcb\x48\xcd\xc9\xc9\x07" "\x00\x86\xa6\x10\x36\x05\x00\x00\x00"), SSTRING("HTTP/1.1 200 OK\r\n" "Server: foo\r\n" "Content-Encoding: gzip\r\n" "Content-Length: 25\r\n" "Connection: close\r\n" "\r\n" "\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\x2b\xcf\x2f\xca\x49\x01" "\x00\x43\x11\x77\x3a\x05\x00\x00\x00") }; static int retry_accept(void *ud, ne_request *req, const ne_status *st) { struct string *expect = ud; NE_DEBUG(NE_DBG_HTTP, "retry_accept callback for %d response\n", st->code); if (expect->len == 4 && strcmp(expect->data, "fish") == 0) { /* first time through */ expect->data = "hello"; } else { expect->data = "world"; } expect->len = 5; failed = f_partial; /* reset the state */ return 1; } /* Test where the response to the retried request *does* have a * content-encoding, as did the original 401 response. */ static int retry_compress(void) { struct string expect = { "fish", 4 }; return retry_compress_helper(retry_accept, &retry_gz_args2, &expect); } #define READER_ABORT_ERR "reader_abort error string" static int reader_abort(void *ud, const char *buf, size_t len) { ne_session *sess = ud; ne_set_error(sess, READER_ABORT_ERR); return len; } /* check that a callback abort does abort the response */ static int compress_abort(void) { ne_session *sess; ne_request *req; struct serve_file_args sfargs; ne_decompress *dc; int ret; sfargs.fname = "file1.gz"; sfargs.headers = "Content-Encoding: gzip\r\n"; sfargs.chunks = 0; CALL(make_session(&sess, serve_file, &sfargs)); req = ne_request_create(sess, "GET", "/abort"); dc = ne_decompress_reader(req, ne_accept_2xx, reader_abort, sess); ret = ne_request_dispatch(req); reap_server(); ONN("request was not aborted", ret != NE_ERROR); ONV(strcmp(ne_get_error(sess), READER_ABORT_ERR), ("session error was %s not %s", ne_get_error(sess), READER_ABORT_ERR)); reap_server(); ne_decompress_destroy(dc); ne_request_destroy(req); ne_session_destroy(sess); return OK; } ne_test tests[] = { T_LEAKY(init), T(not_compressed), T(simple), T(hello), T(withname), T(fail_trailing), T(fail_trailing_1b), T(fail_bad_csum), T(fail_truncate), T(fail_corrupt1), T(fail_corrupt2), T(fail_empty), T(notcomp_empty), T(chunked_1b), T(chunked_1b_wn), T(chunked_12b), T(chunked_20b), T(chunked_10b), T(chunked_10b_wn), T(retry_notcompress), T(retry_compress), T(compress_abort), T(NULL) }; neon-0.32.2/test/expired.pem000066400000000000000000000022301416727304000156600ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDODCCAuKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCR0Ix FzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlkZ2UxGjAY BgNVBAoTEU5lb24gSGFja2VycyBMdGQuMRUwEwYDVQQLEwxOZW9uIFFBIERlcHQx EjAQBgNVBAMTCWxvY2FsaG9zdDEeMBwGCSqGSIb3DQEJARYPbmVvbkB3ZWJkYXYu b3JnMB4XDTAyMDEyMTIwMzkwNFoXDTAyMDEzMTIwMzkwNFowgaExCzAJBgNVBAYT AkdCMRcwFQYDVQQIEw5DYW1icmlkZ2VzaGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdl MRowGAYDVQQKExFOZW9uIEhhY2tlcnMgTHRkLjEVMBMGA1UECxMMTmVvbiBRQSBE ZXB0MRIwEAYDVQQDEwlsb2NhbGhvc3QxHjAcBgkqhkiG9w0BCQEWD25lb25Ad2Vi ZGF2Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDzRU5sZ8+CWQPvPkqJw9Kl oEgT2FqzZR9RT/qbJuRBmRphiRr0g7JOh5Mr7LXaKShedFLhGidutyKKwIZJnRht AgMBAAGjggEBMIH+MB0GA1UdDgQWBBRFA3ktzHSuD9uB6mJOWoElmOtknzCBzgYD VR0jBIHGMIHDgBRFA3ktzHSuD9uB6mJOWoElmOtkn6GBp6SBpDCBoTELMAkGA1UE BhMCR0IxFzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlk Z2UxGjAYBgNVBAoTEU5lb24gSGFja2VycyBMdGQuMRUwEwYDVQQLEwxOZW9uIFFB IERlcHQxEjAQBgNVBAMTCWxvY2FsaG9zdDEeMBwGCSqGSIb3DQEJARYPbmVvbkB3 ZWJkYXYub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQBDSFbe 9EjP+IyZ4vhJSk66gLSN8CnafoGm5JHpNOHy5gWLh7j0a/dxWRd4gpoBYBB6Y9rO YV6Eq3njdj0gu+NN -----END CERTIFICATE----- neon-0.32.2/test/htdocs/000077500000000000000000000000001416727304000150045ustar00rootroot00000000000000neon-0.32.2/test/htdocs/plain000066400000000000000000000000131416727304000160240ustar00rootroot00000000000000Test file. neon-0.32.2/test/largefile.c000066400000000000000000000116771416727304000156320ustar00rootroot00000000000000/* Tests for LFS support in neon Copyright (C) 2004-2006, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include #include #ifdef HAVE_STDINT_H #include #endif #include "ne_request.h" #include "child.h" #include "utils.h" #include "tests.h" #ifndef INT64_C #define INT64_C(x) x ## LL #endif static const char data[] = "Hello, world.\n"; static off64_t point = INT64_C(2) << 32; #define SPARSE "sparse.bin" /* make a sparse large file */ static int make_sparse_file(void) { int fd = open64(SPARSE, O_CREAT | O_TRUNC | O_WRONLY, 0644); ONN("could not create large file " SPARSE, fd < 0); ONN("seek to point", lseek64(fd, point, SEEK_SET) != point); ONN("could not write to file", write(fd, data, strlen(data)) != (ssize_t)strlen(data)); ONN("close failed", close(fd)); return OK; } /* server function which checks that the request body sent was the * same as the 'data' array. */ static int serve_check_body(ne_socket *sock, void *userdata) { CALL(discard_request(sock)); if (clength != (ssize_t)strlen(data)) { CALL(discard_body(sock)); SEND_STRING(sock, "HTTP/1.0 400 Bad Request Body Length\r\n" "\r\n"); } else { char buf[20]; if (ne_sock_fullread(sock, buf, clength) == 0) { SEND_STRING(sock, "HTTP/1.0 200 OK Then!\r\n\r\n"); } } return 0; } /* sends a small segment of the file from a high offset. */ static int send_high_offset(void) { int ret, fd = open64(SPARSE, O_RDONLY); ne_session *sess; ne_request *req; ONN("could not open sparse file", fd < 0); CALL(make_session(&sess, serve_check_body, NULL)); req = ne_request_create(sess, "PUT", "/sparse"); ne_set_request_body_fd(req, fd, point, strlen(data)); ret = ne_request_dispatch(req); CALL(await_server()); ONV(ret != NE_OK || ne_get_status(req)->klass != 2, ("request failed: %s", ne_get_error(sess))); ne_request_destroy(req); ne_session_destroy(sess); close(fd); return OK; } #if 1 #define RESPSIZE INT64_C(4295008256) #define RESPSTR "4295008256" #else #define RESPSIZE INT64_C(2147491840) /* 2^31+8192 */ #define RESPSTR "2147491840" #endif /* Reads a request, sends a large response, reads a request, then * sends a little response. */ static int serve_large_response(ne_socket *sock, void *ud) { int n = 0; char empty[8192]; CALL(discard_request(sock)); SEND_STRING(sock, "HTTP/1.1 200 OK\r\n" "Content-Length: " RESPSTR "\r\n" "Server: BigFileServerTM\r\n" "\r\n"); memset(empty, 0, sizeof empty); for (n = 0; n < RESPSIZE/sizeof(empty); n++) { if (ne_sock_fullwrite(sock, empty, sizeof empty)) { NE_DEBUG(NE_DBG_SOCKET, "fullwrite failed\n"); return 1; } } NE_DEBUG(NE_DBG_SOCKET, "Wrote %d lots of %d\n", n, (int)sizeof empty); CALL(discard_request(sock)); SEND_STRING(sock, "HTTP/1.1 200 OK\r\n" "Connection: close\r\n\r\n"); return 0; } static int read_large_response(void) { ne_session *sess; ne_request *req; off64_t count = 0; int ret; char buf[8192]; #ifdef NE_DEBUGGING int old_mask = ne_debug_mask; #endif CALL(make_session(&sess, serve_large_response, NULL)); req = ne_request_create(sess, "GET", "/foo"); ret = ne_begin_request(req); #ifdef NE_DEBUGGING ne_debug_init(ne_debug_stream, ne_debug_mask & ~(NE_DBG_HTTPBODY|NE_DBG_HTTP)); #endif if (ret == NE_OK) { while ((ret = ne_read_response_block(req, buf, sizeof buf)) > 0) count += ret; if (ret == NE_OK) ret = ne_end_request(req); } #ifdef NE_DEBUGGING ne_debug_init(ne_debug_stream, old_mask); #endif ONV(ret, ("request failed: %s", ne_get_error(sess))); ONV(count != RESPSIZE, ("response body was %" NE_FMT_OFF64_T " not %" NE_FMT_OFF64_T, count, RESPSIZE)); ne_request_destroy(req); CALL(any_2xx_request(sess, "/bar")); CALL(await_server()); ne_session_destroy(sess); return OK; } ne_test tests[] = { T(make_sparse_file), T(send_high_offset), T(read_large_response), T(NULL), }; neon-0.32.2/test/lock.c000066400000000000000000000456051416727304000146260ustar00rootroot00000000000000/* lock tests Copyright (C) 2002-2010, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_request.h" #include "ne_locks.h" #include "ne_socket.h" #include "ne_basic.h" #include "ne_auth.h" #include "tests.h" #include "child.h" #include "utils.h" #define EOL "\r\n" /* returns an activelock XML element. */ static char *activelock(enum ne_lock_scope scope, int depth, const char *owner, unsigned long timeout, const char *token_href) { static char buf[BUFSIZ]; ne_snprintf(buf, BUFSIZ, "\n" "\n" "\n" "%d\n" "%s\n" "Second-%lu\n" "%s\n" "", scope==ne_lockscope_exclusive?"exclusive":"shared", depth, owner, timeout, token_href); return buf; } /* return body of LOCK response for given lock. */ static char *lock_response(enum ne_lock_scope scope, int depth, const char *owner, unsigned long timeout, const char *token_href) { static char buf[BUFSIZ]; ne_snprintf(buf, sizeof buf, "\n" "" "%s\n", activelock(scope, depth, owner, timeout, token_href)); return buf; } /* return body of LOCK response where response gives multiple * activelocks (i.e. shared locks). */ static char *multi_lock_response(struct ne_lock **locks) { ne_buffer *buf = ne_buffer_create(); int n; ne_buffer_zappend(buf, "\n" "" ""); for (n = 0; locks[n] != NULL; n++) { char *lk = activelock(locks[n]->scope, locks[n]->depth, locks[n]->owner, locks[n]->timeout, locks[n]->token); ne_buffer_zappend(buf, lk); } ne_buffer_zappend(buf, ""); return ne_buffer_finish(buf); } static char *discover_response(const char *href, const struct ne_lock *lk) { static char buf[BUFSIZ]; ne_snprintf(buf, BUFSIZ, "\n" "\n" "%s\n" "%s\n" "HTTP/1.1 200 OK\n" "\n", href, activelock(lk->scope, lk->depth, lk->owner, 7200, lk->token)); return buf; } static struct ne_lock *make_lock(const char *path, const char *token, enum ne_lock_scope scope, int depth) { struct ne_lock *lock = ne_calloc(sizeof *lock); if (lock->token) lock->token = ne_strdup(token); lock->scope = scope; lock->depth = depth; lock->uri.host = ne_strdup("localhost"); lock->uri.scheme = ne_strdup("http"); lock->uri.path = ne_strdup(path); lock->uri.port = 7777; return lock; } /* Tests for lock store handling. */ static int store_single(void) { ne_lock_store *store = ne_lockstore_create(); struct ne_lock *lk = make_lock("/foo", "blah", ne_lockscope_exclusive, 0); struct ne_lock *lk2; ONN("create failed", store == NULL); ONN("new lock store not empty", ne_lockstore_first(store) != NULL); ne_lockstore_add(store, lk); ONN("lock not found in store", ne_lockstore_first(store) != lk); ONN(">1 locks in store?", ne_lockstore_next(store) != NULL); lk2 = ne_lockstore_findbyuri(store, &lk->uri); ONN("lock not found by URI", lk2 == NULL); ONN("other lock found by URI", lk2 != lk); ne_lockstore_remove(store, lk); ONN("store not empty after removing lock", ne_lockstore_first(store) != NULL); ONN("lock still found after removing lock", ne_lockstore_findbyuri(store, &lk->uri) != NULL); ne_lockstore_destroy(store); ne_lock_destroy(lk); return OK; } static int store_several(void) { ne_lock_store *store = ne_lockstore_create(); struct ne_lock *lk = make_lock("/foo", "blah", ne_lockscope_exclusive, 0); struct ne_lock *lk2 = make_lock("/bar", "blee", ne_lockscope_exclusive, 0); struct ne_lock *lf, *lf2; ONN("create failed", store == NULL); ne_lockstore_add(store, lk); ne_lockstore_add(store, lk2); lf = ne_lockstore_first(store); ONN("lock store empty", lf == NULL); lf2 = ne_lockstore_next(store); ONN("lock store >2 locks", ne_lockstore_next(store) != NULL); /* guarantee that _first, _next returned either of the * combinations: (lf, lf2) or (lf2, lf) */ ONN("found wrong locks", ((lf != lk && lf != lk2) || (lf2 != lk && lf2 != lk2) || (lf == lf2))); ONN("first find failed", ne_lockstore_findbyuri(store, &lk->uri) != lk); ONN("second find failed", ne_lockstore_findbyuri(store, &lk2->uri) != lk2); ne_lockstore_remove(store, lk); ne_lock_destroy(lk); ONN("remove left stray lock?", ne_lockstore_first(store) != lk2); ONN("remove left >1 lock?", ne_lockstore_next(store) != NULL); ne_lockstore_remove(store, lk2); ne_lock_destroy(lk2); ONN("store not empty after removing all locks", ne_lockstore_first(store) != NULL); ne_lockstore_destroy(store); return OK; } /* Use a fake session forced to use port 7777 to the origin, to * simplify the tests. */ static int fake_session(ne_session **sess, server_fn fn, void *userdata) { return proxied_session_server(sess, "http", "localhost", 7777, fn, userdata); } /* regression test for <= 0.18.2, where timeout field was not parsed correctly. */ static int lock_timeout(void) { ne_session *sess; char *resp, *rbody = lock_response(ne_lockscope_exclusive, 0, "me", 6500, "opaquelocktoken:foo"); struct ne_lock *lock = ne_lock_create(); resp = ne_concat("HTTP/1.1 200 OK\r\n" "Server: neon-test-server\r\n" "Content-type: application/xml" EOL "Lock-Token: " EOL "Connection: close\r\n\r\n", rbody, NULL); CALL(fake_session(&sess, single_serve_string, resp)); ne_free(resp); ne_fill_server_uri(sess, &lock->uri); lock->uri.path = ne_strdup("/foo"); lock->timeout = 5; ONREQ(ne_lock(sess, lock)); ONN("lock timeout ignored in response", lock->timeout != 6500); ne_session_destroy(sess); ne_lock_destroy(lock); CALL(await_server()); return OK; } #define LONG_TIMEOUT (4294967295UL) /* Lock timeouts should be allowed up to 2^32-1, but ne_lock uses a * signed long to store timeouts, so this would fail with 32-bit long. */ static int lock_long_timeout(void) { ne_session *sess; char *resp, *rbody = lock_response(ne_lockscope_exclusive, 0, "me", LONG_TIMEOUT, "opaquelocktoken:foo"); struct ne_lock *lock = ne_lock_create(); resp = ne_concat("HTTP/1.1 200 OK\r\n" "Server: neon-test-server\r\n" "Content-type: application/xml" EOL "Lock-Token: " EOL "Connection: close\r\n\r\n", rbody, NULL); CALL(fake_session(&sess, single_serve_string, resp)); ne_free(resp); ne_fill_server_uri(sess, &lock->uri); lock->uri.path = ne_strdup("/foo"); lock->timeout = 5; ONREQ(ne_lock(sess, lock)); ne_session_destroy(sess); ne_lock_destroy(lock); CALL(await_server()); return OK; } static int verify_if; static const char *verify_if_expect; static void got_if_header(char *value) { verify_if = !strcmp(verify_if_expect, value); NE_DEBUG(NE_DBG_HTTP, "Verified If header, %d: got [%s] expected [%s]\n", verify_if, value, verify_if_expect); } /* Server callback which checks that an If: header is received. */ static int serve_verify_if(ne_socket *sock, void *userdata) { /* tell us about If headers in the request. */ want_header = "If"; got_header = got_if_header; verify_if_expect = userdata; verify_if = 0; CALL(discard_request(sock)); if (verify_if) { ON(SEND_STRING(sock, "HTTP/1.1 200 OK" EOL)); } else { ON(SEND_STRING(sock, "HTTP/1.1 403 Wrong If Header" EOL)); } ON(SEND_STRING(sock, "Connection: close" EOL EOL)); return OK; } /* Make a request which will require a lock. */ static int do_request(ne_session *sess, const char *path, int depth, int modparent) { ne_request *req = ne_request_create(sess, "RANDOM", path); if (depth > 0) { ne_add_depth_header(req, depth); } if (depth != -1) ne_lock_using_resource(req, path, depth); if (modparent) ne_lock_using_parent(req, path); ONREQ(ne_request_dispatch(req)); ONV(ne_get_status(req)->code != 200, ("request failed: %s", ne_get_error(sess))); ne_request_destroy(req); return OK; } /* If modparent is non-zero; the request is flagged to * modify the parent resource too. */ #define LOCK_MODPARENT (0x01) /* Enable SharePoint hacks. */ #define LOCK_SHAREPOINT (0x02) /* Tests If: header submission, for a lock of depth 'lockdepth' at * 'lockpath', with a request to 'reqpath' which Depth header of * 'reqdepth'. 'flags' is bitwise-or of LOCK_* flags above. */ static int submit_test(const char *lockpath, int lockdepth, const char *reqpath, int reqdepth, unsigned int flags) { ne_lock_store *store = ne_lockstore_create(); ne_session *sess; struct ne_lock *lk = ne_lock_create(); char *expect_if; int ret; if (flags & LOCK_SHAREPOINT) expect_if = ne_strdup("()"); else expect_if = ne_concat(" ()", NULL); CALL(fake_session(&sess, serve_verify_if, expect_if)); ne_free(expect_if); if (flags & LOCK_SHAREPOINT) ne_set_session_flag(sess, NE_SESSFLAG_SHAREPOINT, 1); ne_fill_server_uri(sess, &lk->uri); lk->uri.path = ne_strdup(lockpath); lk->token = ne_strdup("somelocktoken"); lk->depth = lockdepth; /* register the lock store, and add our lock for "/foo" to it. */ ne_lockstore_register(store, sess); ne_lockstore_add(store, lk); ret = do_request(sess, reqpath, reqdepth, flags & LOCK_MODPARENT); CALL(await_server()); ne_lockstore_destroy(store); ne_session_destroy(sess); return ret; } static int if_simple(void) { return submit_test("/foo", 0, "/foo", 0, 0); } static int if_under_infinite(void) { return submit_test("/foo", NE_DEPTH_INFINITE, "/foo/bar", 0, 0); } static int if_infinite_over(void) { return submit_test("/foo/bar", 0, "/foo/", NE_DEPTH_INFINITE, 0); } static int if_child(void) { return submit_test("/foo/", 0, "/foo/bar", 0, LOCK_MODPARENT); } /* this is a special test, where the PARENT resource of "/foo/bar" is * modified, but NOT "/foo/bar" itself. An UNLOCK request on a * lock-null resource can do this; see ne_unlock() for the comment. * Regression test for neon <= 0.19.3, which didn't handle this * correctly. */ static int if_covered_child(void) { return submit_test("/", NE_DEPTH_INFINITE, "/foo/bar", -1, LOCK_MODPARENT); } static int if_sharepoint(void) { return submit_test("/foo-sharepoint", 0, "/foo-sharepoint", 0, LOCK_SHAREPOINT); } static int serve_discovery(ne_socket *sock, void *userdata) { char buf[BUFSIZ], *resp = userdata; ON(discard_request(sock)); ONN("no PROPFIND body", clength == 0); ON(ne_sock_read(sock, buf, clength) < 0); ON(SEND_STRING(sock, "HTTP/1.0 207 OK" EOL "Connection: close" EOL EOL)); ON(SEND_STRING(sock, resp)); return OK; } struct result_args { struct ne_lock *lock; int result; }; static int lock_compare(const char *ctx, const struct ne_lock *a, const struct ne_lock *b) { ONV(!a->uri.host || !a->uri.scheme || !a->uri.path, ("URI structure incomplete in %s", ctx)); ONV(ne_uri_cmp(&a->uri, &b->uri) != 0, ("URI comparison failed for %s: %s not %s", ctx, ne_uri_unparse(&a->uri), ne_uri_unparse(&b->uri))); ONV(a->depth != b->depth, ("%s depth was %d not %d", ctx, a->depth, b->depth)); ONV(a->scope != b->scope, ("%s scope was %d not %d", ctx, a->scope, b->scope)); ONV(a->type != b->type, ("%s type was %d not %d", ctx, a->type, b->type)); return OK; } static void discover_result(void *userdata, const struct ne_lock *lk, const ne_uri *uri, const ne_status *st) { struct result_args *args = userdata; args->result = lock_compare("discovered lock", lk, args->lock); } static int discover(void) { ne_session *sess; char *response; int ret; struct result_args args; args.lock = ne_lock_create(); args.lock->owner = ne_strdup("someowner"); args.lock->token = ne_strdup("sometoken"); args.lock->uri.host = ne_strdup("localhost"); args.lock->uri.port = 7777; args.lock->uri.scheme = ne_strdup("http"); /* default */ args.result = FAIL; t_context("results callback never invoked"); response = discover_response("/lockme", args.lock); CALL(fake_session(&sess, serve_discovery, response)); args.lock->uri.path = ne_strdup("/lockme"); ret = ne_lock_discover(sess, "/lockme", discover_result, &args); CALL(await_server()); ONREQ(ret); ne_lock_destroy(args.lock); ne_session_destroy(sess); return args.result; } /* Check that the token for the response header */ static int lock_shared(void) { ne_session *sess; char *resp, *rbody; struct ne_lock *lock, *resplocks[3]; #define FILLK(l, s) do { \ (l)->token = strdup("opaquelocktoken:" s); \ (l)->owner = strdup("owner " s); \ (l)->uri.path = strdup("/" s); (l)->uri.host = strdup("localhost"); \ (l)->uri.scheme = strdup("http"); (l)->uri.port = 7777; } while (0) resplocks[0] = ne_lock_create(); resplocks[1] = ne_lock_create(); resplocks[2] = NULL; FILLK(resplocks[0], "alpha"); FILLK(resplocks[1], "beta"); resplocks[0]->timeout = 100; resplocks[1]->timeout = 200; rbody = multi_lock_response(resplocks); resp = ne_concat("HTTP/1.1 200 OK\r\n" "Server: neon-test-server\r\n" "Content-type: application/xml" EOL "Lock-Token: " EOL "Connection: close\r\n\r\n", rbody, NULL); ne_free(rbody); CALL(fake_session(&sess, single_serve_string, resp)); ne_free(resp); lock = ne_lock_create(); ne_fill_server_uri(sess, &lock->uri); lock->uri.path = ne_strdup("/beta"); ONREQ(ne_lock(sess, lock)); CALL(await_server()); CALL(lock_compare("returned lock", resplocks[1], lock)); ne_session_destroy(sess); ne_lock_destroy(lock); ne_lock_destroy(resplocks[0]); ne_lock_destroy(resplocks[1]); return OK; } static void dummy_discover(void *userdata, const struct ne_lock *lock, const ne_uri *uri, const ne_status *status) { } /* This failed with neon 0.25.x and earlier when memory leak detection * is enabled. */ static int fail_discover(void) { ne_session *sess; int ret; CALL(fake_session(&sess, single_serve_string, "HTTP/1.0 207 OK\r\n" "Connection: close\r\n" "\r\n" "\n" "\n" "/foo/bar\n" "\n")); ret = ne_lock_discover(sess, "/foo", dummy_discover, NULL); ONN("discovery okay for response with invalid XML!?", ret != NE_ERROR); return destroy_and_wait(sess); } static int no_creds(void *ud, const char *realm, int attempt, char *username, char *password) { return -1; } static int fail_lockauth(void) { ne_session *sess; struct ne_lock *lock; int ret; struct many_serve_args args; args.str = "HTTP/1.1 401 Auth Denied\r\n" "WWW-Authenticate: Basic realm=\"realm@host\"\r\n" "Content-Length: 0\r\n" "\r\n"; args.count = 2; CALL(fake_session(&sess, many_serve_string, &args)); ne_set_server_auth(sess, no_creds, NULL); lock = make_lock("/foo", NULL, ne_lockscope_exclusive, NE_DEPTH_ZERO); ret = ne_lock(sess, lock); ONV(ret != NE_AUTH, ("attempt to lock did not fail with NE_AUTH: %d (%s)", ret, ne_get_error(sess))); ne_lock_destroy(lock); lock = make_lock("/bar", "fish", ne_lockscope_exclusive, NE_DEPTH_ZERO); lock->token = ne_strdup("opaquelocktoken:gah"); ret = ne_unlock(sess, lock); ONV(ret != NE_AUTH, ("attempt to unlock did not fail with NE_AUTH: %d (%s)", ret, ne_get_error(sess))); ne_lock_destroy(lock); return destroy_and_wait(sess); } /* Regression test for neon 0.25.0 regression in ne_lock() error * handling. */ static int fail_noheader(void) { ne_session *sess; char *resp, *rbody = lock_response(ne_lockscope_exclusive, 0, "me", 6500, "opaquelocktoken:foo"); struct ne_lock *lock = ne_lock_create(); int ret; resp = ne_concat("HTTP/1.1 200 OK\r\n" "Server: neon-test-server\r\n" "Content-type: application/xml" EOL "Connection: close\r\n\r\n", rbody, NULL); CALL(fake_session(&sess, single_serve_string, resp)); ne_free(resp); ne_fill_server_uri(sess, &lock->uri); lock->uri.path = ne_strdup("/foo"); lock->timeout = NE_TIMEOUT_INFINITE; ret = ne_lock(sess, lock); ONN("LOCK request did not fail", ret != NE_ERROR); ONV(strstr(ne_get_error(sess), "LOCK response missing Lock-Token header") == NULL, ("unexpected error: %s", ne_get_error(sess))); ne_session_destroy(sess); ne_lock_destroy(lock); return await_server(); } ne_test tests[] = { T(lookup_localhost), T(store_single), T(store_several), T(if_simple), T(if_under_infinite), T(if_infinite_over), T(if_child), T(if_covered_child), T(if_sharepoint), T(lock_timeout), T(lock_long_timeout), T(lock_shared), T(discover), T(fail_discover), T(fail_lockauth), T(fail_noheader), T(NULL) }; neon-0.32.2/test/makekeys.sh000077500000000000000000000174101416727304000156730ustar00rootroot00000000000000#!/bin/sh # Helper script to create CA and server certificates. srcdir=${1-.} OPENSSL=@OPENSSL@ CONF=${srcdir}/openssl.conf REQ="${OPENSSL} req -config ${CONF}" CA="${OPENSSL} ca -config ${CONF} -batch" # MKCERT makes a self-signed cert MKCERT="${REQ} -x509 -new -days 900" REQDN=reqDN STRMASK=default CADIR=./ca export REQDN STRMASK CADIR asn1date() { date -d "$1" "+%y%m%d%H%M%SZ" } openssl version 1>&2 set -ex for i in ca ca1 ca2 ca3; do rm -rf $i mkdir $i touch $i/index.txt echo 01 > $i/serial ${OPENSSL} genrsa -rand ${srcdir}/../configure 2048 > $i/key.pem done ${OPENSSL} genrsa -rand ${srcdir}/../configure 2048 > client.key ${OPENSSL} genrsa -rand ${srcdir}/../configure 2048 > server.key ${OPENSSL} dsaparam -genkey -rand ${srcdir}/../configure 1024 > client.dsap ${OPENSSL} gendsa client.dsap > clientdsa.key ${MKCERT} -key ca/key.pem -out ca/cert.pem < T61String csr_fields "`echo -e 'H\0350llo World'`" localhost | ${REQ} -new -key server.key -out t61subj.csr STRMASK=pkix # => BMPString csr_fields "`echo -e 'H\0350llo World'`" localhost | ${REQ} -new -key server.key -out bmpsubj.csr STRMASK=utf8only # => UTF8String csr_fields "`echo -e 'H\0350llo World'`" localhost | ${REQ} -new -key server.key -out utf8subj.csr STRMASK=default ### produce a set of CA certs csr_fields "First Random CA" "first.example.com" "CAs Ltd." Lincoln Lincolnshire | \ ${MKCERT} -key server.key -out ca1.pem csr_fields "Second Random CA" "second.example.com" "CAs Ltd." Falmouth Cornwall | \ ${MKCERT} -key server.key -out ca2.pem csr_fields "Third Random CA" "third.example.com" "CAs Ltd." Ipswich Suffolk | \ ${MKCERT} -key server.key -out ca3.pem csr_fields "Fourth Random CA" "fourth.example.com" "CAs Ltd." Norwich Norfolk | \ ${MKCERT} -key server.key -out ca4.pem cat ca/cert.pem ca[1234].pem > calist.pem csr_fields "Wildcard Cert Dept" "*.example.com" | \ ${REQ} -new -key server.key -out wildcard.csr csr_fields "Wildcard IP Cert" "*.0.0.1" | \ ${REQ} -new -key server.key -out wildip.csr csr_fields "Neon Client Cert" ignored.example.com | \ ${REQ} -new -key client.key -out client.csr csr_fields "Neon Client Cert" ignored.example.com | \ ${REQ} -new -key clientdsa.key -out clientdsa.csr ### requests using special DN. REQDN=reqDN.doubleCN csr_fields "Double CN Dept" "nohost.example.com localhost" | ${REQ} -new -key server.key -out twocn.csr REQDN=reqDN.CNfirst echo localhost | ${REQ} -new -key server.key -out cnfirst.csr REQDN=reqDN.missingCN echo GB | ${REQ} -new -key server.key -out missingcn.csr REQDN=reqDN.justEmail echo blah@example.com | ${REQ} -new -key server.key -out justmail.csr # presume AVAs will come out in least->most specific order still... REQDN=reqDN.twoOU csr_fields "Second OU Dept First OU Dept" | ${REQ} -new -key server.key -out twoou.csr ### don't put ${REQ} invocations after here for f in server client clientdsa twocn caseless cnfirst \ t61subj bmpsubj utf8subj \ missingcn justmail twoou wildcard wildip wrongcn; do ${CA} -days 900 -in ${f}.csr -out ${f}.cert done ${CA} -startdate `asn1date "2 days ago"` -enddate `asn1date "yesterday"` -in expired.csr -out expired.cert ${CA} -startdate `asn1date "tomorrow"` -enddate `asn1date "2 days"` -in notyet.csr -out notyet.cert for n in 1 2 3 4 5 6 7 8 9; do ${CA} -extensions altExt${n} -days 900 \ -in altname${n}.csr -out altname${n}.cert done # Sign this CSR using the intermediary CA CADIR=./ca2 ${CA} -days 900 -in server.csr -out ca2server.cert # And create a file with the concatenation of both EE and intermediary # cert. cat ca2server.cert ca2/cert.pem > ca2server.pem # sign with expired CA CADIR=./ca1 ${CA} -days 3 -in server.csr -out ca1server.cert # sign with not yet valid CA CADIR=./ca3 ${CA} -days 3 -in server.csr -out ca3server.cert MKPKCS12="${OPENSSL} pkcs12 -export -passout stdin -in client.cert -inkey client.key" # generate a PKCS12 cert from the client cert: -passOUT because it's the # passphrase on the OUTPUT cert, confusing... echo foobar | ${MKPKCS12} -name "Just A Neon Client Cert" -out client.p12 # generate a PKCS#12 cert with no password and a friendly name echo | ${MKPKCS12} -name "An Unencrypted Neon Client Cert" -out unclient.p12 # PKCS#12 cert with DSA key echo | ${OPENSSL} pkcs12 -name "An Unencrypted Neon DSA Client Cert" \ -export -passout stdin \ -in clientdsa.cert -inkey clientdsa.key \ -out dsaclient.p12 # generate a PKCS#12 cert with no friendly name echo | ${MKPKCS12} -out noclient.p12 # generate a PKCS#12 cert with no private keys echo | ${MKPKCS12} -nokeys -out nkclient.p12 # generate a PKCS#12 cert without the cert echo | ${MKPKCS12} -nokeys -out ncclient.p12 # generate an encoded PKCS#12 cert with no private keys echo foobar | ${MKPKCS12} -nokeys -out enkclient.p12 # a PKCS#12 cert including a bundled CA cert echo foobar | ${MKPKCS12} -certfile ca/cert.pem -name "A Neon Client Cert With CA" -out clientca.p12 ### a file containing a complete chain cat ca/cert.pem server.cert > chain.pem ### NSS database initialization, for testing PKCS#11. CERTUTIL=@CERTUTIL@ PK12UTIL=@PK12UTIL@ if [ ${CERTUTIL} != "notfound" -a ${PK12UTIL} != "notfound" ]; then rm -rf nssdb nssdb-dsa mkdir nssdb nssdb-dsa echo foobar > nssdb.pw ${CERTUTIL} -d nssdb -N -f nssdb.pw ${PK12UTIL} -d nssdb -K foobar -W '' -i unclient.p12 ${CERTUTIL} -d nssdb-dsa -N -f nssdb.pw ${PK12UTIL} -d nssdb-dsa -K foobar -W '' -i dsaclient.p12 rm -f nssdb.pw fi neon-0.32.2/test/neon.prio000066400000000000000000000001011416727304000153420ustar00rootroot00000000000000[overrides] insecure-sig-for-cert = [priorities] SYSTEM=LEGACY neon-0.32.2/test/notvalid.pem000066400000000000000000000022301416727304000160400ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIDODCCAuKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCR0Ix FzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlkZ2UxGjAY BgNVBAoTEU5lb24gSGFja2VycyBMdGQuMRUwEwYDVQQLEwxOZW9uIFFBIERlcHQx EjAQBgNVBAMTCWxvY2FsaG9zdDEeMBwGCSqGSIb3DQEJARYPbmVvbkB3ZWJkYXYu b3JnMB4XDTIzMTIyNzIwNDAyOVoXDTIzMTIyODIwNDAyOVowgaExCzAJBgNVBAYT AkdCMRcwFQYDVQQIEw5DYW1icmlkZ2VzaGlyZTESMBAGA1UEBxMJQ2FtYnJpZGdl MRowGAYDVQQKExFOZW9uIEhhY2tlcnMgTHRkLjEVMBMGA1UECxMMTmVvbiBRQSBE ZXB0MRIwEAYDVQQDEwlsb2NhbGhvc3QxHjAcBgkqhkiG9w0BCQEWD25lb25Ad2Vi ZGF2Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDzRU5sZ8+CWQPvPkqJw9Kl oEgT2FqzZR9RT/qbJuRBmRphiRr0g7JOh5Mr7LXaKShedFLhGidutyKKwIZJnRht AgMBAAGjggEBMIH+MB0GA1UdDgQWBBRFA3ktzHSuD9uB6mJOWoElmOtknzCBzgYD VR0jBIHGMIHDgBRFA3ktzHSuD9uB6mJOWoElmOtkn6GBp6SBpDCBoTELMAkGA1UE BhMCR0IxFzAVBgNVBAgTDkNhbWJyaWRnZXNoaXJlMRIwEAYDVQQHEwlDYW1icmlk Z2UxGjAYBgNVBAoTEU5lb24gSGFja2VycyBMdGQuMRUwEwYDVQQLEwxOZW9uIFFB IERlcHQxEjAQBgNVBAMTCWxvY2FsaG9zdDEeMBwGCSqGSIb3DQEJARYPbmVvbkB3 ZWJkYXYub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADQQA80TYV 2F4QLveuldmxGoIOq5hHGxCR6aVsdtm4PGY49R5/ObCAgdWw/JV/Tc448JAz5QvU ahr1x9kA4Vo5NZ4q -----END CERTIFICATE----- neon-0.32.2/test/nulca.pem000066400000000000000000000112501416727304000153240ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: ce:4e:0c:d6:f7:2b:d6:6c Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA Validity Not Before: Aug 4 06:49:34 2009 GMT Not After : Aug 2 06:49:34 2019 GMT Subject: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ca:bc:b4:01:72:0a:f4:a3:ce:c0:04:8c:43:fd: 5d:27:4f:12:38:d3:11:ef:cc:1f:10:02:ef:e2:b8: 24:3c:dd:2f:bf:1f:d2:27:11:d9:51:59:d2:f7:a7: c0:3d:38:a4:ff:64:86:ef:dc:f5:95:ca:49:34:8f: 46:21:00:54:04:46:a0:d7:11:a1:48:a8:bd:68:27: f9:b2:72:c0:79:28:49:bb:55:b0:19:a0:6a:6f:70: 8e:8a:43:a8:a3:e7:d1:13:a0:af:38:4b:09:cb:29: ca:26:c6:0c:3c:4b:20:fd:2f:08:ca:90:c6:41:35: 31:ae:db:16:09:69:99:0c:fd:d1:ce:71:44:24:4f: 4a:d5:c2:e1:1b:7a:c0:e3:4f:ef:72:8c:1e:32:83: 5c:bc:2e:29:f1:3e:a6:7b:be:4b:10:d5:c9:5a:5a: 3b:c3:f7:c4:0a:44:f7:41:d9:e8:c7:8c:17:d8:a0: 86:5e:9c:5b:19:85:96:ca:68:db:d8:dc:3b:b2:26: 79:f8:b1:07:2d:c3:2c:fa:e5:51:8e:aa:da:15:5a: 56:fb:dc:f3:05:90:ac:05:d1:54:3b:6d:f5:14:fa: 9d:0e:85:da:e9:6f:5d:46:12:f3:02:0a:a2:fe:4b: 45:b6:4e:7e:41:34:cc:ab:cc:ca:b2:4a:7f:4d:66: 55:81 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A X509v3 Authority Key Identifier: keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A DirName:/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=CA/CN=NULL-friendly CA serial:CE:4E:0C:D6:F7:2B:D6:6C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 02:c9:aa:28:0b:d4:c6:34:2c:a9:b6:99:29:f9:b9:42:97:c5: c0:25:0d:1c:cc:35:65:a1:03:97:0d:88:7e:69:99:48:98:4b: 77:f6:09:1b:e6:fc:6e:52:ab:68:d1:8d:eb:2e:51:c5:7b:94: 7d:b5:b9:d2:1f:9a:85:67:04:51:21:97:ec:c1:1f:92:8b:74: c0:3d:69:17:c1:60:4a:b2:67:6f:47:51:ef:ca:38:d4:d2:c1: 4c:f8:8e:3c:ab:63:cd:84:67:1e:bf:5e:38:d0:89:f6:ee:a8: 2d:e6:51:72:c0:b3:ed:ca:5e:58:f7:a8:23:9c:64:dc:92:81: 56:e5:5e:2d:70:58:cc:f3:f1:3e:00:ff:41:9a:5f:01:28:22: da:55:39:4c:c2:50:e8:27:e5:89:55:c0:b6:b2:10:28:2d:9e: d6:27:b1:ec:d6:74:f8:a6:31:e9:f5:79:06:46:ab:a8:54:95: 8f:7e:33:45:5c:fa:32:a6:0b:2f:61:b6:0d:f9:42:66:9b:b8: 60:be:3d:1d:83:9d:0d:b7:04:13:4c:52:9c:e8:e1:a5:82:fd: 29:b0:2d:f4:f7:0a:30:a1:8d:01:cb:db:5d:dd:a4:b8:36:09: 84:56:a9:ea:54:80:3e:fa:18:be:13:89:c7:d4:38:1f:7f:25: ad:5b:22:23 -----BEGIN CERTIFICATE----- MIIERTCCAy2gAwIBAgIJAM5ODNb3K9ZsMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV BAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAV BgNVBAoTDk15IENvbXBhbnkgTHRkMQswCQYDVQQLEwJDQTEZMBcGA1UEAxMQTlVM TC1mcmllbmRseSBDQTAeFw0wOTA4MDQwNjQ5MzRaFw0xOTA4MDIwNjQ5MzRaMHQx CzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB05ld2J1 cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMQswCQYDVQQLEwJDQTEZMBcGA1UE AxMQTlVMTC1mcmllbmRseSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMq8tAFyCvSjzsAEjEP9XSdPEjjTEe/MHxAC7+K4JDzdL78f0icR2VFZ0ven wD04pP9khu/c9ZXKSTSPRiEAVARGoNcRoUiovWgn+bJywHkoSbtVsBmgam9wjopD qKPn0ROgrzhLCcspyibGDDxLIP0vCMqQxkE1Ma7bFglpmQz90c5xRCRPStXC4Rt6 wONP73KMHjKDXLwuKfE+pnu+SxDVyVpaO8P3xApE90HZ6MeMF9ighl6cWxmFlspo 29jcO7ImefixBy3DLPrlUY6q2hVaVvvc8wWQrAXRVDtt9RT6nQ6F2ulvXUYS8wIK ov5LRbZOfkE0zKvMyrJKf01mVYECAwEAAaOB2TCB1jAdBgNVHQ4EFgQUCmk5X50w BBgILgIO5uqdsib24mowgaYGA1UdIwSBnjCBm4AUCmk5X50wBBgILgIO5uqdsib2 4mqheKR2MHQxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNV BAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMQswCQYDVQQLEwJD QTEZMBcGA1UEAxMQTlVMTC1mcmllbmRseSBDQYIJAM5ODNb3K9ZsMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAALJqigL1MY0LKm2mSn5uUKXxcAlDRzM NWWhA5cNiH5pmUiYS3f2CRvm/G5Sq2jRjesuUcV7lH21udIfmoVnBFEhl+zBH5KL dMA9aRfBYEqyZ29HUe/KONTSwUz4jjyrY82EZx6/XjjQifbuqC3mUXLAs+3KXlj3 qCOcZNySgVblXi1wWMzz8T4A/0GaXwEoItpVOUzCUOgn5YlVwLayECgtntYnsezW dPimMen1eQZGq6hUlY9+M0Vc+jKmCy9htg35QmabuGC+PR2DnQ23BBNMUpzo4aWC /SmwLfT3CjChjQHL213dpLg2CYRWqepUgD76GL4TicfUOB9/Ja1bIiM= -----END CERTIFICATE----- neon-0.32.2/test/nulcn.pem000066400000000000000000000104471416727304000153500ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA Validity Not Before: Aug 4 07:33:43 2009 GMT Not After : Aug 2 07:33:43 2019 GMT Subject: CN=www.bank.com\x00.badguy.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:cd:26:70:96:a9:a6:5d:3e:9c:ed:0f:08:15:5a: 7c:17:25:68:68:af:13:b9:ad:41:fa:12:54:e2:84: 72:7d:58:d1:e2:40:42:c1:59:ed:05:3d:aa:10:53: 70:00:88:3a:77:a0:c0:56:9e:ac:7d:21:2a:71:44: 51:08:bc:17:07:da:a8:a3:76:dc:51:bc:1b:8a:f6: 02:1a:55:bf:46:b4:44:6b:27:5e:be:e5:17:8b:56: b2:c6:82:36:11:83:a8:bf:f7:2f:0d:17:f6:cd:47: b5:6f:2b:a6:41:b6:8d:33:5f:ea:ea:8b:b1:1a:e2: 99:38:ff:59:5b:0a:a1:71:13:ca:37:3f:b9:b0:1e: 91:9a:c8:93:35:0c:4a:e0:9d:f4:d2:61:c7:4e:5b: 41:0a:7c:31:54:99:db:f5:65:ce:80:d3:c2:02:37: 64:fd:54:12:7b:ea:ac:85:59:5c:17:e1:2e:f6:d0: a8:f2:d0:2e:94:59:2f:c2:a6:5f:da:07:de:7b:2e: 14:07:ed:e4:27:24:37:9d:09:2e:b1:f9:5a:48:b9: 80:24:43:e6:cb:c7:6e:35:df:d5:69:34:ff:e6:d6: 9e:e8:76:66:6e:5f:59:01:3c:96:3b:ec:72:0b:3c: 1e:95:0f:ce:68:13:9c:22:dd:1b:b5:44:28:50:4a: 05:7f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 33:15:24:BE:DA:66:3A:06:8B:D9:27:34:3A:AF:62:40:E4:95:66:5D X509v3 Authority Key Identifier: keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A Signature Algorithm: sha1WithRSAEncryption 32:65:23:1f:c8:d9:53:84:82:d0:0a:eb:14:51:24:03:bc:6c: 1b:2a:5a:fe:1b:f0:e8:69:0c:2b:19:86:cf:7f:32:76:d8:2b: d2:cf:8b:c4:d1:b6:5b:9c:60:a3:99:2e:92:72:06:ce:de:8b: d2:a2:d2:89:7c:13:a9:0b:4e:be:12:09:e5:d6:28:3a:ac:a7: 26:56:94:7f:13:ee:64:7d:de:94:60:75:c1:bc:55:97:d4:aa: 13:8e:02:d8:b0:b0:70:53:ae:18:53:ce:aa:b2:2c:85:3e:e3: f3:e1:26:f3:fa:5c:ee:f8:7b:0b:c6:39:b5:04:33:5e:ae:b8: 5e:0e:66:cc:a8:c0:6a:0d:ec:60:c1:c5:d9:39:ea:bd:1b:8f: 1c:7d:16:38:b1:e8:c8:37:01:aa:4b:99:df:e4:0f:10:be:61: ee:9a:cf:cd:27:05:46:00:60:d8:6a:74:08:32:3c:8b:90:01: 6a:07:33:0c:6c:90:db:ea:fb:6a:17:1a:76:bb:73:14:27:e1: a4:7e:d5:dd:30:b1:5d:f2:0e:aa:d4:b2:d5:4c:f6:4f:91:2a: 07:f4:37:c1:cf:48:19:c5:fe:7e:92:96:a8:df:50:6a:31:92: a3:b1:14:fe:41:cc:49:62:98:4d:ea:c5:ba:05:2d:49:c3:22: 72:ef:41:09 -----BEGIN CERTIFICATE----- MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k bHkgQ0EwHhcNMDkwODA0MDczMzQzWhcNMTkwODAyMDczMzQzWjAjMSEwHwYDVQQD Exh3d3cuYmFuay5jb20ALmJhZGd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDNJnCWqaZdPpztDwgVWnwXJWhorxO5rUH6ElTihHJ9WNHiQELB We0FPaoQU3AAiDp3oMBWnqx9ISpxRFEIvBcH2qijdtxRvBuK9gIaVb9GtERrJ16+ 5ReLVrLGgjYRg6i/9y8NF/bNR7VvK6ZBto0zX+rqi7Ea4pk4/1lbCqFxE8o3P7mw HpGayJM1DErgnfTSYcdOW0EKfDFUmdv1Zc6A08ICN2T9VBJ76qyFWVwX4S720Kjy 0C6UWS/Cpl/aB957LhQH7eQnJDedCS6x+VpIuYAkQ+bLx24139VpNP/m1p7odmZu X1kBPJY77HILPB6VD85oE5wi3Ru1RChQSgV/AgMBAAGjezB5MAkGA1UdEwQCMAAw LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G A1UdDgQWBBQzFSS+2mY6BovZJzQ6r2JA5JVmXTAfBgNVHSMEGDAWgBQKaTlfnTAE GAguAg7m6p2yJvbiajANBgkqhkiG9w0BAQUFAAOCAQEAMmUjH8jZU4SC0ArrFFEk A7xsGypa/hvw6GkMKxmGz38ydtgr0s+LxNG2W5xgo5kuknIGzt6L0qLSiXwTqQtO vhIJ5dYoOqynJlaUfxPuZH3elGB1wbxVl9SqE44C2LCwcFOuGFPOqrIshT7j8+Em 8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B CQ== -----END CERTIFICATE----- neon-0.32.2/test/nulsan.pem000066400000000000000000000106211416727304000155230ustar00rootroot00000000000000Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA Validity Not Before: Aug 4 06:53:05 2009 GMT Not After : Aug 2 06:53:05 2019 GMT Subject: CN=www.badguy.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:cd:26:70:96:a9:a6:5d:3e:9c:ed:0f:08:15:5a: 7c:17:25:68:68:af:13:b9:ad:41:fa:12:54:e2:84: 72:7d:58:d1:e2:40:42:c1:59:ed:05:3d:aa:10:53: 70:00:88:3a:77:a0:c0:56:9e:ac:7d:21:2a:71:44: 51:08:bc:17:07:da:a8:a3:76:dc:51:bc:1b:8a:f6: 02:1a:55:bf:46:b4:44:6b:27:5e:be:e5:17:8b:56: b2:c6:82:36:11:83:a8:bf:f7:2f:0d:17:f6:cd:47: b5:6f:2b:a6:41:b6:8d:33:5f:ea:ea:8b:b1:1a:e2: 99:38:ff:59:5b:0a:a1:71:13:ca:37:3f:b9:b0:1e: 91:9a:c8:93:35:0c:4a:e0:9d:f4:d2:61:c7:4e:5b: 41:0a:7c:31:54:99:db:f5:65:ce:80:d3:c2:02:37: 64:fd:54:12:7b:ea:ac:85:59:5c:17:e1:2e:f6:d0: a8:f2:d0:2e:94:59:2f:c2:a6:5f:da:07:de:7b:2e: 14:07:ed:e4:27:24:37:9d:09:2e:b1:f9:5a:48:b9: 80:24:43:e6:cb:c7:6e:35:df:d5:69:34:ff:e6:d6: 9e:e8:76:66:6e:5f:59:01:3c:96:3b:ec:72:0b:3c: 1e:95:0f:ce:68:13:9c:22:dd:1b:b5:44:28:50:4a: 05:7f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 33:15:24:BE:DA:66:3A:06:8B:D9:27:34:3A:AF:62:40:E4:95:66:5D X509v3 Authority Key Identifier: keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A X509v3 Subject Alternative Name: DNS:www.bank.com Signature Algorithm: sha1WithRSAEncryption 27:6e:7d:b3:a9:86:52:57:6a:a0:c6:30:6c:1e:94:09:a7:6f: ad:fe:11:9f:be:32:8d:01:7b:8b:94:66:d7:7c:b6:b1:90:fc: e4:f5:b6:32:bc:6c:71:23:b1:18:88:d6:47:bc:da:07:c7:5e: 46:71:3a:e6:40:6e:c1:7f:1d:56:96:70:65:d8:51:a9:dc:9e: a5:06:00:98:e7:1e:10:bc:82:ba:00:e5:4e:a2:0f:3e:ec:8a: dd:6f:c6:c9:c1:ec:ed:6d:7c:31:3e:66:87:47:a1:8b:15:3c: 21:7e:ec:21:78:3d:21:70:72:ba:70:c3:64:f8:1d:4f:d9:d0: 27:3c:3e:7e:a2:59:ae:be:9a:d3:00:44:a7:72:3a:e3:3f:c8: 9b:c5:8f:b1:94:fe:00:0f:6e:b8:14:88:f1:03:50:91:51:af: f0:1e:f7:b8:5a:a4:57:35:2d:f1:ad:c8:ae:dd:29:61:14:7d: ea:d1:34:80:5c:1b:fd:eb:43:dc:21:6d:c6:44:f9:3b:54:76: c4:91:5b:ac:a4:8e:72:e7:d8:24:ff:a7:5a:c0:ef:27:c3:d7: e4:f9:7f:55:8d:0d:30:ec:a2:d9:6d:c8:76:f4:be:94:3d:12: 32:4a:91:4f:db:c3:e7:76:07:5a:12:97:18:b7:15:00:98:59: 21:89:3e:35 -----BEGIN CERTIFICATE----- MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd 9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH 3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8 HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG +EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu 3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w 7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41 -----END CERTIFICATE----- neon-0.32.2/test/nulsrv.key000066400000000000000000000032131416727304000155620ustar00rootroot00000000000000-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAzSZwlqmmXT6c7Q8IFVp8FyVoaK8Tua1B+hJU4oRyfVjR4kBC wVntBT2qEFNwAIg6d6DAVp6sfSEqcURRCLwXB9qoo3bcUbwbivYCGlW/RrREayde vuUXi1ayxoI2EYOov/cvDRf2zUe1byumQbaNM1/q6ouxGuKZOP9ZWwqhcRPKNz+5 sB6RmsiTNQxK4J300mHHTltBCnwxVJnb9WXOgNPCAjdk/VQSe+qshVlcF+Eu9tCo 8tAulFkvwqZf2gfeey4UB+3kJyQ3nQkusflaSLmAJEPmy8duNd/VaTT/5tae6HZm bl9ZATyWO+xyCzwelQ/OaBOcIt0btUQoUEoFfwIDAQABAoIBAF55tl3b8O5+GDyf sIRM8FqkconLHtViccDdUlQi1KrfDYEZQOTUKfBA7qGoGytTkUFoOUtqtVrGvEn/ QSY5oI2QaBsncNz/ONvs4RkJphXEjMGgFuTokcgsfBYo/wdfz4XgKr3n7FOrE2YH /v/CNxKSuJedD0mnUxLJnXfs1F5DAE+nE88T2LsWLqo8Jxr/6wFnazaAYmtkQd3/ BNBn9a7K79G81e7FkRSIc+7De7iju6UMy010qY6UNyFw9hSWQgjxzxwiyFvRuu4C w4xRJo2z0vEL6TSnNZEpTVVAbBd8XYSjh/627uXBah8W50X4BWLOd1umgU1hJDXe cXIWVZkCgYEA9QXcOdOPzuQ6wQYEi7qvTKSRdUJ+D3BCbqSHyWEe4RotWqs9WV1F FFpaRO/aiIdqpVZE8YJlcAcKtIXBS/byKUfOFzHX2QvROmPlcavXrVtFnNsBQpIn hyYjs/z/vbFDgugLBKVsgEaZzlJeygbI61r2NjVnst7NzP9L8ZxFgDsCgYEA1ldI nZcXekaqpUAMCSdZPDcfocVUb8UjvRZf90EruWymbrJQxzym5HaX20MFFh1BKC+a JEexxhlbfth/zgX6Pux7fqxSJM11DBG1aik7t4GMRu1bfflpQjdQUXGn2YPI5Quz R6QPcXhLVLY8b8PJu2jSKjV0cDN02dFwEFv9340CgYBRpUhDBJow6KAjXav6G5T6 RwQpPKTg5Ble4PhWREST4bMnOVRSCOBR7eGSgxIg2G7S9TI3/6lpcQ9CJCfK9liv JLwpwnQYYPWxLURxYj+WBonlwJxk4GrHgA/5k95sCTtjzYqOW8kR3XS26X+odiZR NphAa/9H/TI6kv9tXRNTrQKBgGoREVciwLR6qdFSq2IQPcFlidq02r7gsHnOy7iA YJHGqWmYBg9B/ViLM0SGmsrBuU+Yls+jRt7AB53ypvQd0yM2RTp/LbsWjPhm/v5E 309E5VTn+mGRfbwNwUo8UxJ5e32U16f5EMdW/vgxoiCwo3CBQ5ctkqw/WnC7ipgd 3bi1AoGAbJSdtaFdF0kSikqvcPEJMFBR24dT7W+JIXeuFHYbRkQGSVZLGxuAkbL5 1mY+qclcvzfijH0wNFRP1Z3M5eFERALwI25YOrZGtI1ncIeKV+yFwkYC54XfZUvr hQO0wVIbTaE3N9fDIs0rHbSc1GJUhVr+2IsTW/ybHgdfDZMuXOI= -----END RSA PRIVATE KEY----- neon-0.32.2/test/oldacl.c000066400000000000000000000041151416727304000151230ustar00rootroot00000000000000/* Dummy ACL tests Copyright (C) 2001-2003, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "ne_acl.h" #include "tests.h" #include "child.h" #include "utils.h" /**** DUMMY TESTS: just makes sure the stuff doesn't dump core. */ static int test_acl(const char *uri, ne_acl_entry *es, int nume) { ne_session *sess; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK\r\n" "Connection: close\r\n\r\n")); ON(ne_acl_set(sess, uri, es, nume)); CALL(await_server()); ne_session_destroy(sess); return OK; } static int grant_all(void) { ne_acl_entry e = {0}; e.apply = ne_acl_all; e.type = ne_acl_grant; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_all(void) { ne_acl_entry e = {0}; e.apply = ne_acl_all; e.type = ne_acl_deny; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_one(void) { ne_acl_entry e = {0}; e.apply = ne_acl_href; e.type = ne_acl_deny; e.principal = "http://webdav.org/users/joe"; CALL(test_acl("/foo", &e, 1)); return OK; } static int deny_byprop(void) { ne_acl_entry e = {0}; e.apply = ne_acl_property; e.type = ne_acl_deny; e.principal = "owner"; CALL(test_acl("/foo", &e, 1)); return OK; } ne_test tests[] = { T(grant_all), T(deny_all), T(deny_one), T(deny_byprop), T(NULL) }; neon-0.32.2/test/openssl.conf000066400000000000000000000056371416727304000160650ustar00rootroot00000000000000[ca] default_ca = neonca [neonca] dir = ${ENV::CADIR} database = $dir/index.txt new_certs_dir = $dir certificate = $dir/cert.pem serial = $dir/serial private_key = $dir/key.pem policy = policy_any default_md = sha256 x509_extensions = issuedExt unique_subject = no default_bits = 2048 # same as neonca1 just +basicConstraints and without certificate to # allow creation of the initial self signed certificate [neoncainit] dir = ${ENV::CADIR} database = $dir/index.txt new_certs_dir = $dir serial = $dir/serial private_key = $dir/key.pem policy = policy_any default_md = sha256 x509_extensions = issuedExt unique_subject = no basicConstraints = CA:TRUE default_bits = 2048 [policy_any] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [req] distinguished_name = $ENV::REQDN x509_extensions = caExt string_mask = $ENV::STRMASK default_bits = 2048 [caExt] basicConstraints = CA:true [issuedExt] basicConstraints = CA:false # subjectAltName extension sections [altExt1] subjectAltName = DNS:localhost # 2+3: AltNames with multiple entries to test the matching logic [altExt2] subjectAltName = DNS:nohost.example.com, DNS:localhost [altExt3] subjectAltName = DNS:localhost, DNS:nohost.example.com # an AltName with no DNS entries; should use commonName instead for # identity check [altExt4] subjectAltName = email:neon@webdav.org # an AltName with IP address [altExt5] subjectAltName = IP:127.0.0.1 # an AltName with a bad IP address [altExt6] subjectAltName = IP:1.2.3.4 # an AltName with a good URI [altExt7] subjectAltName = URI:https://localhost:7777/ # an AltName with a bad URI [altExt8] subjectAltName = URI:http://nohost.example.com/ # AltName with wildcard [altExt9] subjectAltName = DNS:*.example.com [reqDN] countryName = Country Name stateOrProvinceName = State or Province Name localityName = Locality Name organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name (eg, your name or your server\'s hostname) emailAddress = Email Address # a DN which gives two commonName attributes. [reqDN.doubleCN] countryName = Country Name stateOrProvinceName = State or Province Name localityName = Locality Name organizationName = Organization Name organizationalUnitName = Organizational Unit Name 0.commonName = Common Name 1.commonName = Common Name emailAddress = Email Address [reqDN.twoOU] countryName = Country Name stateOrProvinceName = State or Province Name localityName = Locality Name organizationName = Organization Name 0.organizationalUnitName = Organizational Unit Name 1.organizationalUnitName = Organizational Unit Name commonName = Common Name (eg, your name or your server\'s hostname) emailAddress = Email Address [reqDN.CNfirst] commonName = Common Name [reqDN.missingCN] countryName = CountryName [reqDN.justEmail] emailAddress = CountryName neon-0.32.2/test/props.c000066400000000000000000000555721416727304000150450ustar00rootroot00000000000000/* Tests for property handling Copyright (C) 2002-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_props.h" #include "tests.h" #include "child.h" #include "utils.h" static const ne_propname p_alpha = {"DAV:", "alpha"}, p_beta = {"http://webdav.org/random/namespace", "beta"}; /* Tests little except that ne_proppatch() doesn't segfault. */ static int patch_simple(void) { ne_session *sess; ne_proppatch_operation ops[] = { { &p_alpha, ne_propset, "fish" }, { &p_beta, ne_propremove, NULL }, { NULL, ne_propset, NULL } }; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 Goferit\r\n" "Connection: close\r\n\r\n")); ONREQ(ne_proppatch(sess, "/fish", ops)); return destroy_and_wait(sess); } #define RESP207 "HTTP/1.0 207 Stuff\r\n" "Server: foo\r\n\r\n" static void dummy_results(void *ud, const ne_uri *uri, const ne_prop_result_set *rset) { NE_DEBUG(NE_DBG_HTTP, "dummy_results.\n"); } /* Regression tests for propfind bodies which caused segfaults. */ static int regress(void) { static const char *bodies[] = { RESP207 "\n" "" "" "" "", /* segfaults with neon <= 0.23.5 */ RESP207 "" "/foo/" "" "HTTP/1.1 404 Not Found" "", /* format string handling with neon <= 0.24.4 */ RESP207 "" "/foo/" "" "%s%s%s%s" "", NULL, }; ne_session *sess; int n; for (n = 0; bodies[n] != NULL; n++) { CALL(make_session(&sess, single_serve_string, (void *)bodies[n])); ne_simple_propfind(sess, "/", 0, NULL, dummy_results, NULL); ne_session_destroy(sess); CALL(await_server()); } return OK; } static int patch_regress(void) { static const char *bodies[] = { /* format string handling bugs with neon <= 0.24.4 */ RESP207 "" "/foo/" "HTTP/1.1 500 Bad Voodoo" "%s%s%s%s" "", RESP207 "" "/foo/" "HTTP/1.1 %s%s%s%s", NULL }; ne_session *sess; int n; static const ne_propname pn = { "DAV:", "foobar" }; ne_proppatch_operation pops[] = { { &pn, ne_propset, "fish" }, { NULL, ne_propset, NULL } }; for (n = 0; bodies[n] != NULL; n++) { CALL(make_session(&sess, single_serve_string, (void *)bodies[n])); ne_proppatch(sess, "/", pops); ne_session_destroy(sess); CALL(await_server()); } return OK; } static int pstat_count; /* tos_*: set of 207 callbacks which serialize the data back into a * text stream, which can be easily checked for correctness. */ static void *tos_startresp(void *buf, const ne_uri *uri) { ne_buffer_concat(buf, "start-resp[", uri->path, "];", NULL); pstat_count = 0; return ne_strdup(uri->path); } static void tos_status_descr(ne_buffer *buf, const ne_status *status, const char *description) { if (status) { char s[50]; ne_snprintf(s, sizeof s, "-status={%d %s}", status->code, status->reason_phrase); ne_buffer_zappend(buf, s); } if (description) ne_buffer_concat(buf, "-descr={", description, "}", NULL); } static void tos_endresp(void *buf, void *response, const ne_status *status, const char *description) { char *href = response; ne_buffer_concat(buf, "end-resp[", href, "]", NULL); ne_free(href); tos_status_descr(buf, status, description); ne_buffer_zappend(buf, ";"); } static void *tos_startpstat(void *buf, void *resphref) { char num[20], *href; sprintf(num, "-%d", ++pstat_count); href = ne_concat(resphref, num, NULL); ne_buffer_concat(buf, "start-pstat[", href, "];", NULL); return href; } static void tos_endpstat(void *buf, void *href, const ne_status *status, const char *description) { ne_buffer_concat(buf, "end-pstat[", href, "]", NULL); tos_status_descr(buf, status, description); ne_buffer_zappend(buf, ";"); ne_free(href); } struct propctx { ne_207_parser *p207; ne_buffer *buf; }; #define STATE_myprop (NE_PROPS_STATE_TOP) static int tos_startprop(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { if (parent == NE_207_STATE_PROP && strcmp(nspace, "DAV:") == 0 && (strcmp(name, "propone") == 0 || strcmp(name, "proptwo") == 0)) { /* Handle this! */ struct propctx *ctx = userdata; char *resphref = ne_207_get_current_response(ctx->p207); char *pstathref = ne_207_get_current_propstat(ctx->p207); ne_buffer_concat(ctx->buf, "start-prop[", resphref, ",", pstathref, ",", name, "];", NULL); return STATE_myprop; } else { return NE_XML_DECLINE; } } static int tos_cdata(void *userdata, int state, const char *cdata, size_t len) { struct propctx *ctx = userdata; ne_buffer_zappend(ctx->buf, "cdata-prop["); ne_buffer_append(ctx->buf, cdata, len); ne_buffer_zappend(ctx->buf, "];"); return 0; } static int tos_endprop(void *userdata, int state, const char *nspace, const char *name) { struct propctx *ctx = userdata; ne_buffer_concat(ctx->buf, "end-prop[", name, "];", NULL); return 0; } static int run_207_response(char *resp, const char *expected) { ne_buffer *buf = ne_buffer_create(); ne_session *sess; ne_xml_parser *p = ne_xml_create(); ne_207_parser *p207; ne_request *req; ne_uri base = {0}; struct propctx ctx; CALL(session_server(&sess, single_serve_string, resp)); req = ne_request_create(sess, "PROPFIND", "/foo"); ne_fill_server_uri(sess, &base); base.path = ne_strdup("/foo"); p207 = ne_207_create(p, &base, buf); ne_uri_free(&base); ne_add_response_body_reader(req, ne_accept_207, ne_xml_parse_v, p); ne_207_set_response_handlers(p207, tos_startresp, tos_endresp); ne_207_set_propstat_handlers(p207, tos_startpstat, tos_endpstat); ctx.buf = buf; ctx.p207 = p207; ne_xml_push_handler(p, tos_startprop, tos_cdata, tos_endprop, &ctx); ONREQ(ne_request_dispatch(req)); CALL(await_server()); ONV(ne_xml_failed(p), ("parse error in response body: %s", ne_xml_get_error(p))); ONV(strcmp(buf->data, expected), ("comparison failed.\n" "expected string: `%s'\n" "got string: `%s'", expected, buf->data)); ne_buffer_destroy(buf); ne_207_destroy(p207); ne_xml_destroy(p); ne_request_destroy(req); ne_session_destroy(sess); return OK; } /* Macros for easily writing a 207 response body; all expand to * a string literal. */ #define MULTI_207(x) "HTTP/1.0 207 Foo\r\nConnection: close\r\n\r\n" \ "\r\n" \ "" x "" #define RESP_207(href, x) "" href "" x \ "" #define PSTAT_207(x) "" x "" #define STAT_207(s) "HTTP/1.1 " s "" #define DESCR_207(d) "" d "" #define DESCR_REM "The end of the world, as we know it" #define PROPS_207(x) "" x "" #define APROP_207(n, c) "" c "" /* Tests for the 207 interface: send a 207 response body, compare the * re-serialized string returned with that expected. */ static int two_oh_seven(void) { static char *ts[][2] = { { MULTI_207(RESP_207("/foo", "")), "start-resp[/foo];end-resp[/foo];" }, /* test for response status handling */ { MULTI_207(RESP_207("/bar", STAT_207("200 OK"))), "start-resp[/bar];end-resp[/bar]-status={200 OK};" }, /* test that empty description == NULL description argument */ { MULTI_207(RESP_207("/bar", STAT_207("200 OK") DESCR_207(""))), "start-resp[/bar];end-resp[/bar]-status={200 OK};" }, /* test multiple responses */ { MULTI_207(RESP_207("/hello/world", STAT_207("200 OK")) RESP_207("/foo/bar", STAT_207("999 French Fries"))), "start-resp[/hello/world];end-resp[/hello/world]-status={200 OK};" "start-resp[/foo/bar];end-resp[/foo/bar]" "-status={999 French Fries};" }, /* test multiple propstats in multiple responses */ { MULTI_207(RESP_207("/al/pha", PSTAT_207(STAT_207("321 Une")) PSTAT_207(STAT_207("432 Deux")) PSTAT_207(STAT_207("543 Trois"))) RESP_207("/be/ta", PSTAT_207(STAT_207("787 Quatre")) PSTAT_207(STAT_207("878 Cinq")))), "start-resp[/al/pha];" "start-pstat[/al/pha-1];end-pstat[/al/pha-1]-status={321 Une};" "start-pstat[/al/pha-2];end-pstat[/al/pha-2]-status={432 Deux};" "start-pstat[/al/pha-3];end-pstat[/al/pha-3]-status={543 Trois};" "end-resp[/al/pha];" "start-resp[/be/ta];" "start-pstat[/be/ta-1];end-pstat[/be/ta-1]-status={787 Quatre};" "start-pstat[/be/ta-2];end-pstat[/be/ta-2]-status={878 Cinq};" "end-resp[/be/ta];" }, /* test that incomplete responses are completely ignored. */ { MULTI_207("" RESP_207("/", STAT_207("123 Hoorah")) "" "hello" "" RESP_207("/bar", STAT_207("200 OK"))), "start-resp[/];end-resp[/]-status={123 Hoorah};" "start-resp[/bar];end-resp[/bar]-status={200 OK};" }, /* tests for propstat status */ { MULTI_207(RESP_207("/pstat", PSTAT_207("" STAT_207("666 Doomed")))), "start-resp[/pstat];start-pstat[/pstat-1];" "end-pstat[/pstat-1]-status={666 Doomed};end-resp[/pstat];" }, { MULTI_207(RESP_207("/pstat", PSTAT_207(""))), "start-resp[/pstat];start-pstat[/pstat-1];" "end-pstat[/pstat-1];end-resp[/pstat];" }, /* tests for responsedescription handling */ { MULTI_207(RESP_207("/bar", STAT_207("200 OK") DESCR_207(DESCR_REM))), "start-resp[/bar];end-resp[/bar]-status={200 OK}" "-descr={" DESCR_REM "};" }, { MULTI_207(RESP_207("/bar", PSTAT_207(STAT_207("456 Too Hungry") DESCR_207("Not enough food available")) STAT_207("200 OK") DESCR_207("Not " DESCR_REM))), "start-resp[/bar];" "start-pstat[/bar-1];end-pstat[/bar-1]-status={456 Too Hungry}" "-descr={Not enough food available};" "end-resp[/bar]-status={200 OK}-descr={Not " DESCR_REM "};" }, /* intermingle some random elements and cdata to make sure * they are ignored. */ { MULTI_207("blargl" RESP_207("/bar", "" PSTAT_207("blergl") STAT_207("200 OK") "foop" DESCR_207(DESCR_REM) "carroon") "carapi"), "start-resp[/bar];start-pstat[/bar-1];end-pstat[/bar-1];" "end-resp[/bar]-status={200 OK}-descr={" DESCR_REM "};" }, /* test for properties within a 207. */ { MULTI_207(RESP_207("/alpha", PSTAT_207(PROPS_207( APROP_207("propone", "hello") APROP_207("proptwo", "foobar")) STAT_207("200 OK")))), "start-resp[/alpha];start-pstat[/alpha-1];" "start-prop[/alpha,/alpha-1,propone];cdata-prop[hello];" "end-prop[propone];" "start-prop[/alpha,/alpha-1,proptwo];cdata-prop[foobar];" "end-prop[proptwo];" "end-pstat[/alpha-1]-status={200 OK};end-resp[/alpha];" } }; size_t n; for (n = 0; n < sizeof(ts)/sizeof(ts[0]); n++) CALL(run_207_response(ts[n][0], ts[n][1])); return OK; } /* Serialize propfind result callbacks into a string */ static int simple_iterator(void *vbuf, const ne_propname *name, const char *value, const ne_status *st) { char code[20]; ne_buffer *buf = vbuf; ne_buffer_concat(buf, "prop:[{", name->nspace, ",", name->name, "}=", NULL); if (value) ne_buffer_concat(buf, "'", value, "'", NULL); else ne_buffer_zappend(buf, "#novalue#"); sprintf(code, ":{%d ", st->code); if (st->reason_phrase) ne_buffer_concat(buf, code, st->reason_phrase, "}];", NULL); else ne_buffer_concat(buf, code, "#noreason#}];", NULL); return 0; } static void simple_results(void *buf, const ne_uri *uri, const ne_prop_result_set *rset) { ne_buffer_concat(buf, "results(", uri->path, ",", NULL); ne_propset_iterate(rset, simple_iterator, buf); ne_buffer_czappend(buf, ")//"); } /* Test function to compare two long strings and print a digestible * failure message. */ static int diffcmp(const char *expected, const char *actual) { size_t n; if (!strcmp(expected, actual)) return OK; NE_DEBUG(NE_DBG_HTTP, "diffcmp: Expect: [%s]\n" "diffcmp: Actual: [%s]\n", expected, actual); for (n = 0; expected[n] && actual[n]; n++) { if (expected[n] != actual[n]) { t_context("difference at byte %" NE_FMT_SIZE_T ": " "`%.10s...' not `%.10s...'", n, actual+n, expected+n); break; } } return FAIL; } /* PROPFIND creator callback. */ static void *pf_creator(void *userdata, const ne_uri *uri) { ne_buffer *buf = userdata; NE_DEBUG(NE_DBG_HTTP, "pf: Creator at %s\n", uri->path); ne_buffer_concat(buf, "creator[", uri->path, "]//", NULL); return ne_strdup(uri->path); } /* PROPFIND destructor callback. */ static void pf_destructor(void *userdata, void *private) { ne_buffer *buf = userdata; char *cookie = private; NE_DEBUG(NE_DBG_HTTP, "pf: Destructor at %s\n", cookie); ne_buffer_concat(buf, "destructor[", cookie, "]//", NULL); ne_free(cookie); } /* PROPFIND test type. */ enum pftype { PF_SIMPLE, /* using ne_simple_propfind */ PF_NAMED, /* using ne_propfind_named */ PF_SP_NAMED, /* using ne_propfind_named w/SHAREPOINT hacks */ PF_ALLPROP /* using ne_propfind_allprop */ }; static int run_propfind(const ne_propname *props, char *resp, int depth, const char *expected, enum pftype type) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); CALL(make_session(&sess, single_serve_string, resp)); if (type == PF_SIMPLE) { ONREQ(ne_simple_propfind(sess, "/propfind", depth, props, simple_results, buf)); } else { ne_propfind_handler *hdl; if (type == PF_SP_NAMED) { ne_set_session_flag(sess, NE_SESSFLAG_SHAREPOINT, 1); type = PF_NAMED; } hdl = ne_propfind_create(sess, "/propfind", depth); ne_propfind_set_private(hdl, pf_creator, pf_destructor, buf); if (type == PF_NAMED) { ONREQ(ne_propfind_named(hdl, props, simple_results, buf)); } else { ONREQ(ne_propfind_allprop(hdl, simple_results, buf)); } ne_propfind_destroy(hdl); } ne_session_destroy(sess); CALL(await_server()); CALL(diffcmp(expected, buf->data)); ne_buffer_destroy(buf); return OK; } /* a PROPFIND response body for the {DAV:}fishbone property, using * given property value and status. */ #define FISHBONE_RESP(value, status) MULTI_207(RESP_207("/foop", \ PSTAT_207(PROPS_207(APROP_207("fishbone", value)) \ STAT_207(status)))) static int propfind(void) { static const struct { char *resp; const char *expected; int depth; enum pftype type; } ts[] = { /* simple single property. */ { FISHBONE_RESP("hello, world", "212 Well OK"), "results(/foop,prop:[{DAV:,fishbone}='hello, world':{212 Well OK}];)//", 0, PF_SIMPLE }, /* property with some nested elements. */ { FISHBONE_RESP("this is a property fish value", "299 Just About OK"), "results(/foop,prop:[{DAV:,fishbone}=" "'this is a property " "fish value':" "{299 Just About OK}];)//", 0, PF_SIMPLE }, /* failed to fetch a property. */ { FISHBONE_RESP("property value is ignored", "404 Il n'ya pas de property"), "results(/foop,prop:[{DAV:,fishbone}=#novalue#:" "{404 Il n'ya pas de property}];)//", 0, PF_SIMPLE }, #if 0 /* propstat missing status should be ignored; if a response contains no * valid propstats, it should also be ignored. */ { MULTI_207(RESP_207("/alpha", PSTAT_207(APROP_207("fishbone", "unseen"))) RESP_207("/beta", PSTAT_207(APROP_207("fishbone", "hello, world") STAT_207("200 OK")))), "results(/beta,prop:[{DAV:,fishbone}='hello, world':{200 OK}];)//", 0, PF_SIMPLE }, #endif /* props on several resources */ { MULTI_207(RESP_207("/alpha", PSTAT_207(PROPS_207(APROP_207("fishbone", "strike one")) STAT_207("234 First is OK"))) RESP_207("/beta", PSTAT_207(PROPS_207(APROP_207("fishbone", "strike two")) STAT_207("256 Second is OK")))), "results(/alpha,prop:[{DAV:,fishbone}='strike one':{234 First is OK}];)//" "results(/beta,prop:[{DAV:,fishbone}='strike two':{256 Second is OK}];)//", 0, PF_SIMPLE}, /* whitespace handling. */ { MULTI_207(RESP_207("\r\nhttp://localhost/alpha ", PSTAT_207(PROPS_207(APROP_207("alpha", "beta")) "\r\nHTTP/1.1 200 OK "))), "results(/alpha,prop:[{DAV:,alpha}='beta':{200 OK}];)//", 0, PF_SIMPLE}, /* attribute handling. */ { MULTI_207(RESP_207("\r\nhttp://localhost/alpha ", PSTAT_207(PROPS_207("" "beta") "\r\nHTTP/1.1 200 OK "))), "results(/alpha,prop:[{DAV:,alpha}='beta':{200 OK}];)//", 0, PF_SIMPLE}, /* "complex" propfinds. */ { FISHBONE_RESP("hello, world", "212 Well OK"), "creator[/foop]//" "results(/foop,prop:[{DAV:,fishbone}='hello, world':{212 Well OK}];)//" "destructor[/foop]//", 0, PF_NAMED }, /* 207 with badly encoded URI in href */ { MULTI_207(RESP_207("http://example.com/foo€bar", \ PSTAT_207(PROPS_207(APROP_207("fishbone", "hello, world")) \ STAT_207("209 Good News")))), "creator[/foo%e2%82%acbar]//" "results(/foo%e2%82%acbar,prop:[{DAV:,fishbone}='hello, world':{209 Good News}];)//" "destructor[/foo%e2%82%acbar]//", 0, PF_SP_NAMED }, { MULTI_207(RESP_207("/foo%20bar/€bar", \ PSTAT_207(PROPS_207(APROP_207("fishbone", "hello, world")) \ STAT_207("209 Good News")))), "creator[/foo%20bar/%e2%82%acbar]//" "results(/foo%20bar/%e2%82%acbar,prop:[{DAV:,fishbone}='hello, world':{209 Good News}];)//" "destructor[/foo%20bar/%e2%82%acbar]//", 0, PF_SP_NAMED } }; const ne_propname pset1[] = { { "DAV:", "fishbone", }, { NULL, NULL } }; size_t n; for (n = 0; n < sizeof(ts)/sizeof(ts[0]); n++) { const ne_propname *pset = pset1; CALL(run_propfind(pset, ts[n].resp, ts[n].depth, ts[n].expected, ts[n].type)); } return OK; } static int unbounded_response(const char *header, const char *repeats) { ne_session *sess; struct infinite i = { header, repeats}; CALL(make_session(&sess, serve_infinite, &i)); ONN("unbounded PROPFIND response did not fail", ne_simple_propfind(sess, "/", 0, NULL, dummy_results, NULL) != NE_ERROR); CALL(reap_server()); ne_session_destroy(sess); return OK; } static int unbounded_propstats(void) { return unbounded_response( RESP207 "\n" "" "/", ""); } static int unbounded_props(void) { return unbounded_response( RESP207 "\n" "" "/", "hello, world"); } ne_test tests[] = { T(two_oh_seven), T(patch_simple), T(propfind), T(regress), T(patch_regress), T(unbounded_props), T(unbounded_propstats), T(NULL) }; neon-0.32.2/test/redirect.c000066400000000000000000000122111416727304000154620ustar00rootroot00000000000000/* Tests for 3xx redirect interface (ne_redirect.h) Copyright (C) 2002-2003, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_redirect.h" #include "tests.h" #include "child.h" #include "utils.h" struct redir_args { int code; const char *dest; const char *path; }; static int serve_redir(ne_socket *sock, void *ud) { struct redir_args *args = ud; char buf[BUFSIZ]; CALL(discard_request(sock)); ne_snprintf(buf, BUFSIZ, "HTTP/1.0 %d Get Ye Away\r\n" "Content-Length: 0\r\n" "Location: %s\r\n\n", args->code, args->dest); SEND_STRING(sock, buf); return OK; } /* Run a request to 'path' and retrieve the redirect destination to * *redir. */ static int process_redir(ne_session *sess, const char *path, const ne_uri **redir) { int ret = any_request(sess, path); ONV(ret != NE_REDIRECT, ("request got %d (%s) rather than NE_REDIRECT", ret, ne_get_error(sess))); *redir = ne_redirect_location(sess); return OK; } static int check_redir(struct redir_args *args, const char *expect) { ne_session *sess; const ne_uri *loc; char *unp; char *full_expect = NULL; CALL(make_session(&sess, serve_redir, args)); ne_redirect_register(sess); if (expect[0] == '/') { ne_uri uri = {0}; ne_fill_server_uri(sess, &uri); uri.path = (char *)expect; full_expect = ne_uri_unparse(&uri); expect = full_expect; uri.path = NULL; ne_uri_free(&uri); } CALL(process_redir(sess, args->path, &loc)); ONN("redirect location was NULL", loc == NULL); unp = ne_uri_unparse(loc); ONV(strcmp(unp, expect), ("redirected to `%s' not `%s'", unp, expect)); ne_free(unp); ne_session_destroy(sess); CALL(await_server()); if (full_expect) ne_free(full_expect); return OK; } #define DEST "http://foo.com/blah/blah/bar" #define PATH "/redir/me" static int simple(void) { struct redir_args args[] = { {301, DEST, PATH}, {302, DEST, PATH}, {303, DEST, PATH}, {307, DEST, PATH}, {0, NULL, NULL} }; int n; for (n = 0; args[n].code; n++) CALL(check_redir(&args[n], DEST)); return OK; } /* check that a non-absoluteURI is qualified properly */ static int non_absolute(void) { struct redir_args args = {302, "/foo/bar/blah", PATH}; return check_redir(&args, "/foo/bar/blah"); } static int relative_1(void) { struct redir_args args = {302, "norman", "/foo/bar"}; return check_redir(&args, "/foo/norman"); } static int relative_2(void) { struct redir_args args = {302, "wishbone", "/foo/bar/"}; return check_redir(&args, "/foo/bar/wishbone"); } #if 0 /* could implement failure on self-referential redirects, but * realistically, the application must implement a max-redirs count * check, so it's kind of redundant. Mozilla takes this approach. */ static int fail_loop(void) { ne_session *sess; CALL(make_session(&sess, serve_redir, "http://localhost:7777/foo/bar")); ne_redirect_register(sess); ONN("followed looping redirect", any_request(sess, "/foo/bar") != NE_ERROR); ne_session_destroy(sess); return OK; } #endif #define RESP1 "HTTP/1.1 200 OK\r\n" "Content-Length: 0\r\n\r\n" #define RESP2 "HTTP/1.0 302 Get Ye Away\r\n" "Location: /blah\r\n" "\r\n" /* ensure that ne_redirect_location returns NULL when no redirect has * been encountered, or redirect hooks aren't registered. */ static int no_redirect(void) { ne_session *sess; const ne_uri *loc; struct double_serve_args resp; resp.first.data = RESP1; resp.first.len = strlen(RESP1); resp.second.data = RESP2; resp.second.len = strlen(RESP2); CALL(session_server(&sess, double_serve_sstring, &resp)); ONN("redirect non-NULL before register", ne_redirect_location(sess)); ne_redirect_register(sess); ONN("initial redirect non-NULL", ne_redirect_location(sess)); ONREQ(any_request(sess, "/noredir")); ONN("redirect non-NULL after non-redir req", ne_redirect_location(sess)); CALL(process_redir(sess, "/foo", &loc)); CALL(await_server()); ne_session_destroy(sess); return OK; } ne_test tests[] = { T(lookup_localhost), T(simple), T(non_absolute), T(relative_1), T(relative_2), T(no_redirect), T(NULL) }; neon-0.32.2/test/request.c000066400000000000000000001771561416727304000153750ustar00rootroot00000000000000/* HTTP request handling tests Copyright (C) 2001-2010, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include /* for time() */ #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include #include #include "ne_request.h" #include "ne_socket.h" #include "tests.h" #include "child.h" #include "utils.h" static char buffer[BUFSIZ]; static ne_session *def_sess; static ne_request *def_req; /* Last (real) port used by fail_request_with_error(). */ static unsigned int fail_request_last_port; static int prepare_request(server_fn fn, void *ud) { static char uri[100]; unsigned int port; CALL(new_spawn_server(1, fn, ud, &port)); def_sess = ne_session_create("http", "localhost", port); sprintf(uri, "/test%d", test_num); def_req = ne_request_create(def_sess, "GET", uri); return OK; } static int finish_request(void) { ne_request_destroy(def_req); return destroy_and_wait(def_sess); } #define RESP200 "HTTP/1.1 200 OK\r\n" "Server: neon-test-server\r\n" #define TE_CHUNKED "Transfer-Encoding: chunked\r\n" /* takes response body chunks and appends them to a buffer. */ static int collector(void *ud, const char *data, size_t len) { ne_buffer *buf = ud; ne_buffer_append(buf, data, len); return 0; } typedef ne_request *(*construct_request)(ne_session *sess, void *userdata); /* construct a get request, callback for run_request. */ static ne_request *construct_get(ne_session *sess, void *userdata) { ne_request *r = ne_request_create(sess, "GET", "/"); ne_buffer *buf = userdata; ne_add_response_body_reader(r, ne_accept_2xx, collector, buf); return r; } /* run a request created by callback 'cb' in session 'sess'. */ static int run_request(ne_session *sess, int status, construct_request cb, void *userdata) { ne_request *req = cb(sess, userdata); ON(req == NULL); ONREQ(ne_request_dispatch(req)); ONV(ne_get_status(req)->code != status, ("response status-code was %d not %d", ne_get_status(req)->code, status)); ne_request_destroy(req); return OK; } /* Runs a server function 'fn', expecting to get a header 'name' with * value 'value' in the response. If 'value' is NULL, expects that * *no* header of that name is present. */ static int expect_header_value(const char *name, const char *value, server_fn fn, void *userdata) { ne_session *sess; ne_request *req; const char *gotval; CALL(make_session(&sess, fn, userdata)); req = ne_request_create(sess, "FOO", "/bar"); ONREQ(ne_request_dispatch(req)); ne_close_connection(sess); CALL(await_server()); gotval = ne_get_response_header(req, name); ONV(value && !gotval, ("header '%s: %s' not sent", name, value)); ONV(!value && gotval, ("header '%s: %s' not expected", name, gotval)); ONV(value && gotval && strcmp(gotval, value), ("header '%s' mis-match: got '%s' not '%s'", name, gotval, value)); ne_request_destroy(req); ne_session_destroy(sess); return OK; } /* runs a server function 'fn', expecting response body to be equal to * 'expect' */ static int expect_response(const char *expect, server_fn fn, void *userdata) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); CALL(session_server(&sess, fn, userdata)); CALL(run_request(sess, 200, construct_get, buf)); ne_session_destroy(sess); CALL(await_server()); ONN("response body match", strcmp(buf->data, expect)); ne_buffer_destroy(buf); return OK; } #define EMPTY_RESP RESP200 "Content-Length: 0\r\n\r\n" /* Process a request with given method and response, expecting to get * a zero-length response body. A second request is sent down the * connection (to ensure that the response isn't silently eaten), so * 'resp' must be an HTTP/1.1 response with no 'Connection: close' * header. */ static int expect_no_body(const char *method, const char *resp) { ne_session *sess; ne_request *req; ssize_t ret; char *r = ne_malloc(strlen(resp) + sizeof(EMPTY_RESP)); strcpy(r, resp); strcat(r, EMPTY_RESP); CALL(session_server(&sess, single_serve_string, r)); ne_free(r); req = ne_request_create(sess, method, "/first"); ONN("failed to begin request", ne_begin_request(req)); ret = ne_read_response_block(req, buffer, BUFSIZ); ONV(ret != 0, ("got response block of size %" NE_FMT_SSIZE_T, ret)); ONN("failed to end request", ne_end_request(req)); /* process following request; makes sure that nothing extra has * been eaten by the first request. */ ONV(any_request(sess, "/second"), ("second request on connection failed: %s",ne_get_error(sess))); ne_request_destroy(req); return destroy_and_wait(sess); } static int reason_phrase(void) { ne_session *sess; CALL(make_session(&sess, single_serve_string, RESP200 "Connection: close\r\n\r\n")); ONREQ(any_request(sess, "/foo")); ne_close_connection(sess); CALL(await_server()); ONV(strcmp(ne_get_error(sess), "200 OK"), ("reason phrase mismatch: got `%s' not `200 OK'", ne_get_error(sess))); ne_session_destroy(sess); return OK; } static int single_get_eof(void) { return expect_response("a", single_serve_string, RESP200 "Connection: close\r\n" "\r\n" "a"); } static int single_get_clength(void) { return expect_response("a", single_serve_string, RESP200 "Content-Length: \t\t 1 \t\t\r\n" "\r\n" "a" "bbbbbbbbasdasd"); } static int single_get_chunked(void) { return expect_response("a", single_serve_string, RESP200 TE_CHUNKED "\r\n" "1\r\n" "a\r\n" "0\r\n" "\r\n" "g;lkjalskdjalksjd"); } static int no_body_304(void) { return expect_no_body("GET", "HTTP/1.1 304 Not Mfodified\r\n" "Content-Length: 5\r\n\r\n"); } static int no_body_204(void) { return expect_no_body("GET", "HTTP/1.1 204 Not Modified\r\n" "Content-Length: 5\r\n\r\n"); } static int no_body_HEAD(void) { return expect_no_body("HEAD", "HTTP/1.1 200 OK\r\n" "Content-Length: 5\r\n\r\n"); } static int no_headers(void) { return expect_response("abcde", single_serve_string, "HTTP/1.1 200 OK\r\n\r\n" "abcde"); } #define CHUNK(len, data) #len "\r\n" data "\r\n" #define ABCDE_CHUNKS CHUNK(1, "a") CHUNK(1, "b") \ CHUNK(1, "c") CHUNK(1, "d") \ CHUNK(1, "e") CHUNK(0, "") static int chunks(void) { /* lots of little chunks. */ return expect_response("abcde", single_serve_string, RESP200 TE_CHUNKED "\r\n" ABCDE_CHUNKS); } static int te_header(void) { return expect_response("abcde", single_serve_string, RESP200 "Transfer-Encoding: CHUNKED\r\n" "\r\n" ABCDE_CHUNKS); } static int te_identity(void) { /* http://bugzilla.gnome.org/show_bug.cgi?id=310636 says privoxy * uses the "identity" transfer-coding. */ return expect_response("abcde", single_serve_string, RESP200 "Transfer-Encoding: identity\r\n" "Content-Length: 5\r\n" "\r\n" "abcde"); } static int chunk_numeric(void) { /* leading zero's */ return expect_response("0123456789abcdef", single_serve_string, RESP200 TE_CHUNKED "\r\n" "000000010\r\n" "0123456789abcdef\r\n" "000000000\r\n" "\r\n"); } static int chunk_extensions(void) { /* chunk-extensions. */ return expect_response("0123456789abcdef", single_serve_string, RESP200 TE_CHUNKED "\r\n" "000000010; foo=bar; norm=fish\r\n" "0123456789abcdef\r\n" "000000000\r\n" "\r\n"); } static int chunk_trailers(void) { /* trailers. */ return expect_response("abcde", single_serve_string, RESP200 TE_CHUNKED "\r\n" "00000005; foo=bar; norm=fish\r\n" "abcde\r\n" "000000000\r\n" "X-Hello: world\r\n" "X-Another: header\r\n" "\r\n"); } static int chunk_oversize(void) { #define BIG (20000) char *body = ne_malloc(BIG + 1); static const char rnd[] = "abcdefghijklm"; int n; ne_buffer *buf = ne_buffer_create(); for (n = 0; n < BIG; n++) { body[n] = rnd[n % (sizeof(rnd) - 1)]; } body[n] = '\0'; #undef BIG ne_buffer_concat(buf, RESP200 TE_CHUNKED "\r\n" "4E20\r\n", body, "\r\n", "0\r\n\r\n", NULL); CALL(expect_response(body, single_serve_string, buf->data)); ne_buffer_destroy(buf); ne_free(body); return OK; } static int te_over_clength(void) { /* T-E dominates over C-L. */ return expect_response("abcde", single_serve_string, RESP200 TE_CHUNKED "Content-Length: 300\r\n" "\r\n" ABCDE_CHUNKS); } /* te_over_clength with the headers the other way round; check for * ordering problems. */ static int te_over_clength2(void) { return expect_response("abcde", single_serve_string, RESP200 "Content-Length: 300\r\n" TE_CHUNKED "\r\n" ABCDE_CHUNKS); } /* obscure case which is possibly a valid request by 2616, but should * be handled correctly in any case. neon <0.22.0 tries to * eat the response body, which is probably incorrect. */ static int no_body_chunks(void) { return expect_no_body("HEAD", "HTTP/1.1 204 Not Modified\r\n" TE_CHUNKED "\r\n"); } static int serve_twice(ne_socket *sock, void *userdata) { const char *resp = userdata; CALL(discard_request(sock)); SEND_STRING(sock, resp); CALL(discard_request(sock)); SEND_STRING(sock, resp); return OK; } /* Test persistent connection handling: serve 'response' twice on a * single TCP connection, expecting to get a response body equal to * 'body' both times. */ static int test_persist_p(const char *response, const char *body, int proxy) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); if (proxy) { CALL(proxied_session_server(&sess, "http", "localhost", 1234, serve_twice, (void *)response)); ne_set_session_flag(sess, NE_SESSFLAG_CONNAUTH, 1); } else { CALL(session_server(&sess, serve_twice, (void *)response)); } CALL(run_request(sess, 200, construct_get, buf)); ONV(strcmp(buf->data, body), ("response #1 mismatch: [%s] not [%s]", buf->data, body)); /* Run it again. */ ne_buffer_clear(buf); CALL(run_request(sess, 200, construct_get, buf)); ne_session_destroy(sess); ON(await_server()); ONV(strcmp(buf->data, body), ("response #2 mismatch: [%s] not [%s]", buf->data, body)); ne_buffer_destroy(buf); return OK; } static int test_persist(const char *response, const char *body) { return test_persist_p(response, body, 0); } static int persist_http11(void) { return test_persist(RESP200 "Content-Length: 5\r\n\r\n" "abcde", "abcde"); } static int persist_chunked(void) { return test_persist(RESP200 TE_CHUNKED "\r\n" ABCDE_CHUNKS, "abcde"); } static int persist_http10(void) { return test_persist("HTTP/1.0 200 OK\r\n" "Connection: keep-alive\r\n" "Content-Length: 5\r\n\r\n" "abcde", "abcde"); } static int persist_proxy_http10(void) { return test_persist_p("HTTP/1.0 200 OK\r\n" "Proxy-Connection: keep-alive\r\n" "Content-Length: 5\r\n\r\n" "abcde", "abcde", 1); } /* Server function for fail_early_eof */ static int serve_eof(ne_socket *sock, void *ud) { const char *resp = ud; /* dummy request/response. */ CALL(discard_request(sock)); CALL(SEND_STRING(sock, RESP200 "Content-Length: 0\r\n\r\n")); /* real request/response. */ CALL(discard_request(sock)); CALL(SEND_STRING(sock, resp)); return OK; } /* Utility function: 'resp' is a truncated response; such that an EOF * arrives early during response processing; but NOT as a valid * premature EOF due to a persistent connection timeout. It is an * error if the request is then retried, and the test fails. */ static int fail_early_eof(const char *resp) { ne_session *sess; unsigned int port; CALL(new_spawn_server(3, serve_eof, (char *)resp, &port)); sess = ne_session_create("http", "localhost", port); ONREQ(any_request(sess, "/foo")); ONN("request retried after early EOF", any_request(sess, "/foobar") == NE_OK); CALL(reap_server()); ne_session_destroy(sess); return OK; } /* This failed with neon <0.22. */ static int fail_eof_continued(void) { return fail_early_eof("HTTP/1.1 100 OK\r\n\r\n"); } static int fail_eof_headers(void) { return fail_early_eof("HTTP/1.1 200 OK\r\nJimbob\r\n"); } static int fail_eof_chunk(void) { return fail_early_eof(RESP200 TE_CHUNKED "\r\n" "1\r\n" "a"); } static int fail_eof_badclen(void) { return fail_early_eof(RESP200 "Content-Length: 10\r\n\r\n" "abcde"); } /* Persistent connection timeout where a FIN is sent to terminate the * connection, which is caught by a 0 return from the read() when the * second request reads the status-line. */ static int ptimeout_eof(void) { ne_session *sess; unsigned int port; CALL(new_spawn_server(4, single_serve_string, RESP200 "Content-Length: 0\r\n" "\r\n", &port)); sess = ne_session_create("http", "localhost", port); CALL(any_2xx_request(sess, "/first")); CALL(any_2xx_request(sess, "/second")); ONN("server died prematurely?", dead_server()); reap_server(); ne_session_destroy(sess); return OK; } /* Persistent connection timeout where a FIN is sent to terminate the * connection, but the request fails in the write() call which sends * the body. */ static int ptimeout_eof2(void) { ne_session *sess; unsigned int port; CALL(new_spawn_server(4, single_serve_string, RESP200 "Content-Length: 0\r\n" "\r\n", &port)); sess = ne_session_create("http", "localhost", port); CALL(any_2xx_request(sess, "/first")); minisleep(); CALL(any_2xx_request_body(sess, "/second")); ONN("server died prematurely?", dead_server()); reap_server(); ne_session_destroy(sess); return OK; } /* TODO: add a ptimeout_reset too, if an RST can be reliably generated * mid-connection. */ static int incr_server(ne_socket *sock, void *arg) { struct many_serve_args *msa = arg; CALL(many_serve_string(sock, msa)); msa->count++; return OK; } /* Emulates a persistent connection timeout on the server. This tests * the timeout occurring after between 1 and 10 requests down the * connection. */ static int persist_timeout(void) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); struct many_serve_args args; unsigned int port; int n; args.str = RESP200 "Content-Length: 5\r\n\r\n" "abcde"; args.count = 1; CALL(new_spawn_server(9, incr_server, &args, &port)); sess = ne_session_create("http", "localhost", port); for (args.count = 1; args.count < 10; args.count++) { for (n = 0; n < args.count; n++) { ONV(run_request(sess, 200, construct_get, buf), ("%d of %d, request failed: %s", n, args.count, ne_get_error(sess))); ONV(strcmp(buf->data, "abcde"), ("%d of %d, response body mismatch", n, args.count)); /* Ready for next time. */ ne_buffer_clear(buf); } } ne_session_destroy(sess); ne_buffer_destroy(buf); return OK; } /* Test that an HTTP/1.0 server is not presumed to support persistent * connections by default. */ static int no_persist_http10(void) { ne_session *sess; unsigned int port; CALL(new_spawn_server(4, single_serve_string, "HTTP/1.0 200 OK\r\n" "Content-Length: 5\r\n\r\n" "abcde" "Hello, world - what a nice day!\r\n", &port)); sess = ne_session_create("http", "localhost", port); /* if the connection is treated as persistent, the status-line for * the second request will be "Hello, world...", which will * fail. */ ONREQ(any_request(sess, "/foobar")); ONREQ(any_request(sess, "/foobar")); ONN("server died prematurely?", dead_server()); CALL(reap_server()); ne_session_destroy(sess); return OK; } static int ignore_bad_headers(void) { return expect_response("abcde", single_serve_string, RESP200 "Stupid Header\r\n" "ReallyStupidHeader\r\n" "Content-Length: 5\r\n" "\r\n" "abcde"); } static int fold_headers(void) { return expect_response("abcde", single_serve_string, RESP200 "Content-Length: \r\n 5\r\n" "\r\n" "abcde"); } static int fold_many_headers(void) { return expect_response("abcde", single_serve_string, RESP200 "Content-Length: \r\n \r\n \r\n \r\n 5\r\n" "\r\n" "abcde"); } #define NO_BODY "Content-Length: 0\r\n\r\n" static int empty_header(void) { return expect_header_value("ranDom-HEader", "", single_serve_string, RESP200 "RANDom-HeADEr:\r\n" NO_BODY); } static int ignore_header_case(void) { return expect_header_value("ranDom-HEader", "noddy", single_serve_string, RESP200 "RANDom-HeADEr: noddy\r\n" NO_BODY); } static int ignore_header_ws(void) { return expect_header_value("ranDom-HEader", "fishy", single_serve_string, RESP200 "RANDom-HeADEr: fishy\r\n" NO_BODY); } static int ignore_header_ws2(void) { return expect_header_value("ranDom-HEader", "fishy", single_serve_string, RESP200 "RANDom-HeADEr \t : fishy\r\n" NO_BODY); } static int ignore_header_ws3(void) { return expect_header_value("ranDom-HEader", "fishy", single_serve_string, RESP200 "RANDom-HeADEr: fishy \r\n" NO_BODY); } static int ignore_header_tabs(void) { return expect_header_value("ranDom-HEader", "geezer", single_serve_string, RESP200 "RANDom-HeADEr: \t \tgeezer\r\n" NO_BODY); } static int trailing_header(void) { return expect_header_value("gONe", "fishing", single_serve_string, RESP200 TE_CHUNKED "\r\n0\r\n" "Hello: world\r\n" "GONE: fishing\r\n" "\r\n"); } static int continued_header(void) { return expect_header_value("hello", "w o r l d", single_serve_string, RESP200 "Hello: \n\tw\r\n\to r l\r\n\td \r\n" NO_BODY); } /* check headers callbacks are working correctly. */ static int multi_header(void) { return expect_header_value("X-Header", "jim, jab, jar", single_serve_string, RESP200 "X-Header: jim\r\n" "x-header: jab\r\n" "x-Header: jar\r\n" "Content-Length: 0\r\n\r\n"); } /* check headers callbacks are working correctly. */ static int multi_header2(void) { return expect_header_value("X-Header", "jim, jab, jar", single_serve_string, RESP200 "X-Header: jim \r\n" "x-header: jab \r\n" "x-Header: jar \r\n" "Content-Length: 0\r\n\r\n"); } /* RFC 2616 14.10: headers listed in Connection must be stripped on * receiving an HTTP/1.0 message in case there was a pre-1.1 proxy * somewhere. */ static int strip_http10_connhdr(void) { return expect_header_value("X-Widget", NULL, single_serve_string, "HTTP/1.0 200 OK\r\n" "Connection: x-widget\r\n" "x-widget: blah\r\n" "Content-Length: 0\r\n" "\r\n"); } static int strip_http10_connhdr2(void) { return expect_header_value("X-Widget", NULL, single_serve_string, "HTTP/1.0 200 OK\r\n" "Connection: connection, x-fish, x-widget\r\n" "x-widget: blah\r\n" "Content-Length: 0\r\n" "\r\n"); } static int post_send_retry(ne_request *req, void *userdata, const ne_status *status) { return status->code == 400 ? NE_RETRY : NE_OK; } /* Test that the stored response headers are forgotten if the request * is retried. */ static int reset_headers(void) { ne_session *sess; ne_request *req; const char *value; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 400 Hit me again\r\n" "Content-Length: 0\r\n" "X-Foo: bar\r\n" "\r\n" "HTTP/1.1 200 Thank you kindly\r\n" "Content-Length: 0\r\n" "X-Foo: hello fair world\r\n" "\r\n")); ne_hook_post_send(sess, post_send_retry, NULL); req = ne_request_create(sess, "GET", "/foo"); ONREQ(ne_request_dispatch(req)); value = ne_get_response_header(req, "X-Foo"); ONCMP("hello fair world", value, "response header", "X-Foo"); ne_request_destroy(req); return destroy_and_wait(sess); } static int iterate_none(void) { ne_session *sess; ne_request *req; CALL(make_session(&sess, single_serve_string, "HTTP/1.0 200 OK\r\n\r\n")); req = ne_request_create(sess, "GET", "/"); ONREQ(ne_request_dispatch(req)); ONN("iterator was not NULL for no headers", ne_response_header_iterate(req, NULL, NULL, NULL) != NULL); ne_request_destroy(req); return destroy_and_wait(sess); } #define MANY_HEADERS (90) static int iterate_many(void) { ne_request *req; ne_buffer *buf = ne_buffer_create(); ne_session *sess; int n; struct header { char name[10], value[10]; int seen; } hdrs[MANY_HEADERS]; void *cursor = NULL; const char *name, *value; ne_buffer_czappend(buf, "HTTP/1.0 200 OK\r\n"); for (n = 0; n < MANY_HEADERS; n++) { sprintf(hdrs[n].name, "x-%d", n); sprintf(hdrs[n].value, "Y-%d", n); hdrs[n].seen = 0; ne_buffer_concat(buf, hdrs[n].name, ": ", hdrs[n].value, "\r\n", NULL); } ne_buffer_czappend(buf, "\r\n"); CALL(make_session(&sess, single_serve_string, buf->data)); req = ne_request_create(sess, "GET", "/foo"); ONREQ(ne_request_dispatch(req)); while ((cursor = ne_response_header_iterate(req, cursor, &name, &value))) { ONV(strncmp(name, "x-", 2) || strncmp(value, "Y-", 2) || strcmp(name + 2, value + 2) || (n = atoi(name + 2)) >= MANY_HEADERS || n < 0, ("bad name/value pair: %s = %s", name, value)); NE_DEBUG(NE_DBG_HTTP, "iterate: got pair (%d): %s = %s\n", n, name, value); ONV(hdrs[n].seen == 1, ("duplicate pair %d", n)); hdrs[n].seen = 1; } for (n = 0; n < MANY_HEADERS; n++) { ONV(hdrs[n].seen == 0, ("unseen pair %d", n)); } ne_buffer_destroy(buf); ne_request_destroy(req); return destroy_and_wait(sess); } struct s1xx_args { int count; int hdrs; }; static int serve_1xx(ne_socket *sock, void *ud) { struct s1xx_args *args = ud; CALL(discard_request(sock)); do { if (args->hdrs) { SEND_STRING(sock, "HTTP/1.1 100 Continue\r\n" "Random: header\r\n" "Another: header\r\n\r\n"); } else { SEND_STRING(sock, "HTTP/1.1 100 Continue\r\n\r\n"); } } while (--args->count > 0); SEND_STRING(sock, RESP200 "Content-Length: 0\r\n\r\n"); return OK; } #define sess def_sess static int skip_interim_1xx(void) { struct s1xx_args args = {0, 0}; ON(prepare_request(serve_1xx, &args)); ONREQ(ne_request_dispatch(def_req)); return finish_request(); } static int skip_many_1xx(void) { struct s1xx_args args = {5, 0}; ON(prepare_request(serve_1xx, &args)); ONREQ(ne_request_dispatch(def_req)); return finish_request(); } static int skip_1xx_hdrs(void) { struct s1xx_args args = {5, 5}; ON(prepare_request(serve_1xx, &args)); ONREQ(ne_request_dispatch(def_req)); return finish_request(); } #undef sess /* server for expect_100_once: serves a 100-continue request, and * fails if the request body is sent twice. */ static int serve_100_once(ne_socket *sock, void *ud) { struct s1xx_args args = {2, 0}; char ch; CALL(serve_1xx(sock, &args)); CALL(discard_body(sock)); ONN("body was served twice", ne_sock_read(sock, &ch, 1) == 1); return OK; } /* regression test; fails with neon <0.22, where the request body was * served *every* time a 1xx response was received, rather than just * once. */ static int expect_100_once(void) { ne_session *sess; ne_request *req; char body[BUFSIZ]; CALL(make_session(&sess, serve_100_once, NULL)); req = ne_request_create(sess, "GET", "/foo"); ne_set_request_flag(req, NE_REQFLAG_EXPECT100, 1); ONN("expect100 flag ignored", ne_get_request_flag(req, NE_REQFLAG_EXPECT100) != 1); memset(body, 'A', sizeof(body)); ne_set_request_body_buffer(req, body, sizeof(body)); ONREQ(ne_request_dispatch(req)); ne_request_destroy(req); return destroy_and_wait(sess); } /* regression test for enabling 100-continue without sending a body. */ static int expect_100_nobody(void) { ne_session *sess; ne_request *req; CALL(make_session(&sess, serve_100_once, NULL)); req = ne_request_create(sess, "GET", "/foo"); ne_set_request_flag(req, NE_REQFLAG_EXPECT100, 1); ONREQ(ne_request_dispatch(req)); ne_request_destroy(req); return destroy_and_wait(sess); } struct body { char *body; size_t size; }; static int want_body(ne_socket *sock, void *userdata) { struct body *b = userdata; char *buf = ne_malloc(b->size); clength = 0; CALL(discard_request(sock)); ONN("request has c-l header", clength == 0); ONN("request length", clength != (int)b->size); NE_DEBUG(NE_DBG_HTTP, "reading body of %" NE_FMT_SIZE_T " bytes...\n", b->size); ON(ne_sock_fullread(sock, buf, b->size)); ON(SEND_STRING(sock, RESP200 "Content-Length: 0\r\n\r\n")); ON(memcmp(buf, b->body, b->size)); ne_free(buf); return OK; } static ssize_t provide_body(void *userdata, char *buf, size_t buflen) { static const char *pnt; static size_t left; struct body *b = userdata; if (buflen == 0) { pnt = b->body; left = b->size; } else { if (left < buflen) buflen = left; memcpy(buf, pnt, buflen); left -= buflen; } return buflen; } static int send_bodies(void) { unsigned int n, m; struct body bodies[] = { { "abcde", 5 }, { "\0\0\0\0\0\0", 6 }, { NULL, 50000 }, { NULL } }; #define BIG 2 /* make the body with some cruft. */ bodies[BIG].body = ne_malloc(bodies[BIG].size); for (n = 0; n < bodies[BIG].size; n++) { bodies[BIG].body[n] = (char)n%80; } for (m = 0; m < 2; m++) { for (n = 0; bodies[n].body != NULL; n++) { ne_session *sess; ne_request *req; CALL(session_server(&sess, want_body, &(bodies[n]))); req = ne_request_create(sess, "PUT", "/"); ON(req == NULL); if (m == 0) { ne_set_request_body_buffer(req, bodies[n].body, bodies[n].size); } else { ne_set_request_body_provider(req, bodies[n].size, provide_body, &bodies[n]); } ONREQ(ne_request_dispatch(req)); ne_request_destroy(req); CALL(destroy_and_wait(sess)); } } ne_free(bodies[BIG].body); return OK; } /* Utility function: run a request using the given server fn, and the * request should fail. If 'error' is non-NULL, it must be a substring * of the error string. */ static int fail_request_with_error(int with_body, server_fn fn, void *ud, int forever, const char *error) { ne_session *sess; ne_request *req; unsigned int port; int ret; CALL(new_spawn_server(forever ? 100 : 1, fn, ud, &port)); sess = ne_session_create("http", "localhost", port); req = ne_request_create(sess, "GET", "/"); if (with_body) { static const char *body = "random stuff"; ne_set_request_body_buffer(req, body, strlen(body)); } /* request should fail. */ ret = ne_request_dispatch(req); ONN("request succeeded", ret == NE_OK); if (!forever) { /* reap the server, don't care what it's doing. */ reap_server(); } NE_DEBUG(NE_DBG_HTTP, "Response gave error `%s'\n", ne_get_error(sess)); ONV(error && strstr(ne_get_error(sess), error) == NULL, ("failed with error `%s', no `%s'", ne_get_error(sess), error)); if (!forever) ONV(any_request(sess, "/fail/to/connect") != NE_CONNECT, ("subsequent request re-used connection?")); ne_request_destroy(req); ne_session_destroy(sess); fail_request_last_port = port; return OK; } /* Run a random GET request which is given 'body' as the response; the * request must fail, and 'error' must be found in the error * string. */ static int invalid_response_gives_error(const char *resp, const char *error) { return fail_request_with_error(0, single_serve_string, (void *)resp, 0, error); } /* Utility function: run a request using the given server fn, and the * request must fail. */ static int fail_request(int with_body, server_fn fn, void *ud, int forever) { return fail_request_with_error(with_body, fn, ud, forever, NULL); } static int unbounded_headers(void) { struct infinite i = { RESP200, "x-foo: bar\r\n" }; return fail_request(0, serve_infinite, &i, 0); } static int blank_response(void) { return fail_request(0, single_serve_string, "\r\n", 0); } static int serve_non_http(ne_socket *sock, void *ud) { SEND_STRING(sock, "Hello Mum.\n"); ne_sock_readline(sock, buffer, BUFSIZ); return OK; } /* Test behaviour when not speaking to an HTTP server. Regression test * for infinite loop. */ static int not_http(void) { return fail_request(0, serve_non_http, NULL, 0); } static int unbounded_folding(void) { struct infinite i = { "HTTP/1.0 200 OK\r\nFoo: bar\r\n", " hello there.\r\n" }; return fail_request(0, serve_infinite, &i, 0); } static int serve_close(ne_socket *sock, void *ud) { /* do nothing; the socket will be closed. */ return 0; } /* Returns non-zero if port is alive. */ static int is_alive(int port) { ne_sock_addr *addr; ne_socket *sock = ne_sock_create(); const ne_inet_addr *ia; int connected = 0; addr = ne_addr_resolve("localhost", 0); for (ia = ne_addr_first(addr); ia && !connected; ia = ne_addr_next(addr)) connected = ne_sock_connect(sock, ia, port) == 0; ne_addr_destroy(addr); if (sock == NULL) return 0; else { ne_sock_close(sock); return 1; } } /* This is a regression test for neon 0.17.0 and earlier, which goes * into an infinite loop if a request with a body is sent to a server * which simply closes the connection. */ static int closed_connection(void) { int ret; /* This spawns a server process which will run the 'serve_close' * response function 200 times, then die. This guarantees that the * request eventually fails... */ CALL(fail_request(1, serve_close, NULL, 1)); /* if server died -> infinite loop was detected. */ ret = !is_alive(fail_request_last_port); reap_server(); ONN("server aborted, infinite loop?", ret); return OK; } static int serve_close2(ne_socket *sock, void *userdata) { int *count = userdata; *count += 1; if (*count == 1) return 0; NE_DEBUG(NE_DBG_HTTP, "Re-entered! Buggy client.\n"); CALL(discard_request(sock)); CALL(SEND_STRING(sock, RESP200 "Content-Length: 0\r\n\r\n")); return 0; } /* As closed_connection(); but check that the client doesn't retry * after receiving the EOF on the first request down a new * connection. */ static int close_not_retried(void) { int count = 0; ne_session *sess; unsigned int port; CALL(new_spawn_server(3, serve_close2, &count, &port)); sess = ne_session_create("http", "localhost", port); ONN("request was retried after EOF", any_request(sess, "/foo") == NE_OK); reap_server(); ne_session_destroy(sess); return OK; } static enum { prog_error, /* error */ prog_transfer, /* doing a transfer */ prog_done /* finished. */ } prog_state = prog_transfer; static ne_off_t prog_last = -1, prog_total; #define FOFF "%" NE_FMT_NE_OFF_T /* callback for send_progress. */ static void s_progress(void *userdata, ne_off_t prog, ne_off_t total) { NE_DEBUG(NE_DBG_HTTP, "progress callback: " FOFF "/" FOFF ".\n", prog, total); switch (prog_state) { case prog_error: case prog_done: return; case prog_transfer: if (total != prog_total) { t_context("total unexpected: " FOFF " not " FOFF "", total, prog_total); prog_state = prog_error; } else if (prog > total) { t_context("first progress was invalid (" FOFF "/" FOFF ")", prog, total); prog_state = prog_error; } else if (prog_last != -1 && prog_last > prog) { t_context("progress went backwards: " FOFF " to " FOFF, prog_last, prog); prog_state = prog_error; } else if (prog_last == prog) { t_context("no progress made! " FOFF " to " FOFF, prog_last, prog); prog_state = prog_error; } else if (prog == total) { prog_state = prog_done; } break; } prog_last = prog; } #undef FOFF static ssize_t provide_progress(void *userdata, char *buf, size_t bufsiz) { int *count = userdata; if (*count >= 0 && buf != NULL) { buf[0] = 'a'; *count -= 1; return 1; } else { return 0; } } static int send_progress(void) { static int count = 200; ON(prepare_request(single_serve_string, RESP200 "Connection: close\r\n\r\n")); prog_total = 200; ne_set_progress(def_sess, s_progress, NULL); ne_set_request_body_provider(def_req, count, provide_progress, &count); #define sess def_sess ONREQ(ne_request_dispatch(def_req)); #undef sess ON(finish_request()); CALL(prog_state == prog_error); return OK; } static int read_timeout(void) { ne_session *sess; ne_request *req; time_t start, finish; int ret; CALL(make_session(&sess, sleepy_server, NULL)); /* timeout after one second. */ ne_set_read_timeout(sess, 1); req = ne_request_create(sess, "GET", "/timeout"); time(&start); ret = ne_request_dispatch(req); time(&finish); reap_server(); ONN("request succeeded, should have timed out", ret == NE_OK); ONV(ret != NE_TIMEOUT, ("request failed non-timeout error: %s", ne_get_error(sess))); ONN("timeout ignored, or very slow machine", finish - start > 3); ne_request_destroy(req); ne_session_destroy(sess); return OK; } /* expect failure code 'code', for request to given hostname and port, * without running a server. */ static int fail_noserver(const char *hostname, unsigned int port, int code) { ne_session *sess = ne_session_create("http", hostname, port); int ret = any_request(sess, "/foo"); ne_session_destroy(sess); ONV(ret == NE_OK, ("request to server at %s:%u succeeded?!", hostname, port)); ONV(ret != code, ("request failed with %d not %d", ret, code)); return OK; } static int fail_lookup(void) { return fail_noserver("no.such.domain", 4242, NE_LOOKUP); } /* neon 0.23.0 to 0.23.3: if a nameserver lookup failed, subsequent * requests on the session would crash. */ static int fail_double_lookup(void) { ne_session *sess = ne_session_create("http", "nonesuch.invalid", 80); ONN("request did not give lookup failure", any_request(sess, "/foo") != NE_LOOKUP); ONN("second request did not give lookup failure", any_request(sess, "/bar") != NE_LOOKUP); ne_session_destroy(sess); return OK; } static int fail_connect(void) { return fail_noserver("localhost", 32767, NE_CONNECT); } /* Test that the origin server hostname is NOT resolved for a proxied * request. */ static int proxy_no_resolve(void) { ne_session *sess; int ret; CALL(proxied_session_server(&sess, "http", "no.such.server.invalid", 80, single_serve_string, RESP200 "Content-Length: 0\r\n\r\n")); ret = any_request(sess, "/foo"); ONN("origin server name resolved when proxy used", ret == NE_LOOKUP); return destroy_and_wait(sess); } /* If the chunk size is entirely invalid, the request should be * aborted. Fails with neon <0.22; invalid chunk sizes would be * silently treated as 'zero'. */ static int fail_chunksize(void) { return fail_request(0, single_serve_string, RESP200 TE_CHUNKED "\r\n" "ZZZZZ\r\n\r\n", 0); } /* in neon <0.22, if an error occcurred whilst reading the response * body, the connection would not be closed (though this test will * succeed in neon <0.22 since it the previous test fails). */ static int abort_respbody(void) { ne_session *sess; CALL(make_session(&sess, single_serve_string, RESP200 TE_CHUNKED "\r\n" "zzz\r\n" RESP200 "Content-Length: 0\r\n\r\n")); /* connection must be aborted on the first request, since it * contains an invalid chunk size. */ ONN("invalid chunk size was accepted?", any_request(sess, "/foo") != NE_ERROR); ne_close_connection(sess); CALL(await_server()); /* second request should fail since server has gone away. */ ONN("connection was not aborted", any_request(sess, "/foo") == NE_OK); ne_session_destroy(sess); return OK; } static int serve_then_abort(ne_socket *sock, void *ud) { int *flag = ud; if (*flag == 1) { CALL(single_serve_string(sock, RESP200 "Content-Length: 0\r\n\r\n" RESP200 TE_CHUNKED "\r\n" "zzzzz\r\n")); *flag = 0; } exit(0); } /* Test that after an aborted request on a persistent connection, a * failure of the *subsequent* request is not treated as a persistent * connection timeout and retried. */ static int retry_after_abort(void) { ne_session *sess; int flag = 1; /* Serve two responses down a single persistent connection, the * second of which is invalid and will cause the request to be * aborted. */ CALL(make_session(&sess, serve_then_abort, &flag)); ONREQ(any_request(sess, "/first")); ONN("second request should fail", any_request(sess, "/second") == NE_OK); ne_close_connection(sess); CALL(await_server()); /* A third attempt to connect to the server should fail to * connect, though this is racy since someone else might come * along and steal the port... oh well. */ ONN("third request was retried", any_request(sess, "/third") != NE_CONNECT); ne_session_destroy(sess); return OK; } /* Fail to parse the response status line: check the error message is * sane. Failed during 0.23-dev briefly, and possibly with 0.22.0 * too. */ static int fail_statusline(void) { ne_session *sess; int ret; CALL(make_session(&sess, single_serve_string, "Fish.\r\n")); ret = any_request(sess, "/fail"); ONV(ret != NE_ERROR, ("request failed with %d not NE_ERROR", ret)); ne_close_connection(sess); ONV(strstr(ne_get_error(sess), "Could not parse response status line") == NULL, ("session error was `%s'", ne_get_error(sess))); ne_session_destroy(sess); return OK; } #define LEN (9000) static int fail_long_header(void) { char resp[LEN + 500] = "HTTP/1.1 200 OK\r\n" "Server: fish\r\n"; size_t len = strlen(resp); /* add a long header */ memset(resp + len, 'a', LEN); resp[len + LEN] = '\0'; strcat(resp, "\r\n\r\n"); return invalid_response_gives_error(resp, "Line too long"); } static int fail_on_invalid(void) { static const struct { const char *resp, *error; } ts[] = { /* non-chunked TE. */ { RESP200 "transfer-encoding: punked\r\n" "\r\n" ABCDE_CHUNKS , "Unknown transfer-coding" }, /* chunk without trailing CRLF */ { RESP200 TE_CHUNKED "\r\n" "5\r\n" "abcdeFISH", "delimiter was invalid" }, /* chunk with CR then EOF */ { RESP200 TE_CHUNKED "\r\n" "5\r\n" "abcde\n", "not read chunk delimiter" }, /* chunk with CR then notLF */ { RESP200 TE_CHUNKED "\r\n" "5\r\n" "abcde\rZZZ", "delimiter was invalid" }, /* chunk size overflow */ { RESP200 TE_CHUNKED "\r\n" "800000000\r\n" "abcde\r\n", "Could not parse chunk size" }, /* EOF at chunk size */ { RESP200 TE_CHUNKED "\r\n", "Could not read chunk size" }, /* negative C-L */ { RESP200 "Content-Length: -1\r\n" "\r\n" "abcde", "Invalid Content-Length" }, /* invalid C-Ls */ { RESP200 "Content-Length: 5, 3\r\n" "\r\n" "abcde", "Invalid Content-Length" }, { RESP200 "Content-Length: 5z\r\n" "\r\n" "abcde", "Invalid Content-Length" }, { RESP200 "Content-Length: z5\r\n" "\r\n" "abcde", "Invalid Content-Length" }, /* stupidly-large C-L */ { RESP200 "Content-Length: 99999999999999999999999999\r\n" "\r\n" "abcde", "Invalid Content-Length" }, { NULL, NULL } }; int n; for (n = 0; ts[n].resp; n++) CALL(invalid_response_gives_error(ts[n].resp, ts[n].error)); return OK; } static int versions(void) { ne_session *sess; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK\r\n" "Content-Length: 0\r\n\r\n" "HTTP/1.0 200 OK\r\n" "Content-Length: 0\r\n\r\n")); ONREQ(any_request(sess, "/http11")); ONN("did not detect HTTP/1.1 compliance", ne_version_pre_http11(sess) != 0); ONREQ(any_request(sess, "/http10")); ONN("did not detect lack of HTTP/1.1 compliance", ne_version_pre_http11(sess) == 0); ne_session_destroy(sess); return OK; } struct cr_args { const char *method, *uri; int result; }; static void hk_createreq(ne_request *req, void *userdata, const char *method, const char *requri) { struct cr_args *args = userdata; args->result = 1; /* presume failure */ if (strcmp(args->method, method)) t_context("Hook got method %s not %s", method, args->method); else if (strcmp(args->uri, requri)) t_context("Hook got Req-URI %s not %s", requri, args->uri); else args->result = 0; } static int hook_create_req(void) { ne_session *sess; struct cr_args args; ne_uri uri; char *u; CALL(make_session(&sess, single_serve_string, EMPTY_RESP EMPTY_RESP)); ne_hook_create_request(sess, hk_createreq, &args); args.method = "GET"; args.uri = "/foo"; args.result = -1; ONREQ(any_request(sess, "/foo")); ONN("first hook never called", args.result == -1); if (args.result) return FAIL; memset(&uri, 0, sizeof uri); ne_fill_server_uri(sess, &uri); uri.path = "/bar"; args.uri = u = ne_uri_unparse(&uri); args.result = -1; ne_free(uri.host); ne_free(uri.scheme); /* force use of absoluteURI in request-uri */ ne_session_proxy(sess, "localhost", 7777); ONREQ(any_request(sess, "/bar")); ONN("second hook never called", args.result == -1); if (args.result) return FAIL; ne_free(u); ne_session_destroy(sess); return OK; } static int serve_check_method(ne_socket *sock, void *ud) { char *method = ud; char buf[20]; size_t methlen = strlen(method); if (ne_sock_read(sock, buf, methlen) != (ssize_t)methlen) return -1; ONN("method corrupted", memcmp(buf, method, methlen)); return single_serve_string(sock, "HTTP/1.1 204 OK\r\n\r\n"); } /* Test that the method string passed to ne_request_create is * strdup'ed. */ static int dup_method(void) { char method[] = "FOO"; ne_session *sess; ne_request *req; CALL(make_session(&sess, serve_check_method, method)); req = ne_request_create(sess, method, "/bar"); strcpy(method, "ZZZ"); ONREQ(ne_request_dispatch(req)); ne_request_destroy(req); return destroy_and_wait(sess); } static int abortive_reader(void *userdata, const char *buf, size_t len) { ne_session *sess = userdata; if (len == 5 && strncmp(buf, "abcde", 5) == 0) { ne_set_error(sess, "Reader callback failed"); } else { ne_set_error(sess, "Reader callback called with length %" NE_FMT_SIZE_T, len); } return NE_ERROR; } static int abort_reader(void) { ne_session *sess; ne_request *req; int ret; CALL(make_session(&sess, single_serve_string, RESP200 "Content-Length: 5\r\n\r\n" "abcde" "HTTP/1.1 200 OK\r\n" "Content-Length: 0\r\n\r\n")); req = ne_request_create(sess, "GET", "/foo"); ne_add_response_body_reader(req, ne_accept_2xx, abortive_reader, sess); ret = ne_request_dispatch(req); ONV(ret != NE_ERROR, ("request did not fail with NE_ERROR: %d", ret)); ONV(strcmp(ne_get_error(sess), "Reader callback failed") != 0, ("unexpected session error string: %s", ne_get_error(sess))); ne_request_destroy(req); /* test that the connection was closed. */ ONN("connection not closed after aborted response", any_2xx_request(sess, "/failmeplease") == OK); return destroy_and_wait(sess); } /* attempt and fail to send request from offset 500 of /dev/null. */ static int send_bad_offset(void) { ne_session *sess; ne_request *req; int ret, fds[2]; CALL(make_session(&sess, single_serve_string, RESP200 "Content-Length: 0\r\n" "\r\n")); /* create a pipe, on which seek is guaranteed to fail. */ ONN("could not create pipe", pipe(fds) != 0); req = ne_request_create(sess, "PUT", "/null"); ne_set_request_body_fd(req, fds[0], 500, 5); ret = ne_request_dispatch(req); close(fds[0]); close(fds[1]); ONN("request dispatched with bad offset!", ret == NE_OK); ONV(ret != NE_ERROR, ("request failed with unexpected error code %d: %s", ret, ne_get_error(sess))); ONV(strstr(ne_get_error(sess), "Could not seek") == NULL, ("bad error message from seek failure: %s", ne_get_error(sess))); reap_server(); ne_request_destroy(req); ne_session_destroy(sess); return OK; } static void thook_create_req(ne_request *req, void *userdata, const char *method, const char *requri) { ne_buffer *buf = userdata; ne_buffer_concat(buf, "(create,", method, ",", requri, ")\n", NULL); } static void hook_pre_send(ne_request *req, void *userdata, ne_buffer *header) { ne_buffer *buf = userdata; ne_buffer_czappend(buf, "(pre-send)\n"); } /* Returns a static string giving a comma-separated representation of * the status structure passed in. */ static char *status_to_string(const ne_status *status) { static char sbuf[128]; ne_snprintf(sbuf, sizeof sbuf, "HTTP/%d.%d,%d,%s", status->major_version, status->minor_version, status->code, status->reason_phrase); return sbuf; } static void hook_post_headers(ne_request *req, void *userdata, const ne_status *status) { ne_buffer *buf = userdata; ne_buffer_concat(buf, "(post-headers,", status_to_string(status), ")\n", NULL); } static int hook_post_send(ne_request *req, void *userdata, const ne_status *status) { ne_buffer *buf = userdata; ne_buffer_concat(buf, "(post-send,", status_to_string(status), ")\n", NULL); return NE_OK; } static void hook_destroy_req(ne_request *req, void *userdata) { ne_buffer *buf = userdata; ne_buffer_czappend(buf, "(destroy-req)\n"); } static void hook_destroy_sess(void *userdata) { ne_buffer *buf = userdata; ne_buffer_czappend(buf, "(destroy-sess)\n"); } static void hook_close_conn(void *userdata) { ne_buffer *buf = userdata; ne_buffer_czappend(buf, "(close-conn)\n"); } static int hooks(void) { ne_buffer *buf = ne_buffer_create(); ne_session *sess; struct many_serve_args args; args.str = RESP200 "Content-Length: 0\r\n" "\r\n"; args.count = 3; CALL(make_session(&sess, many_serve_string, &args)); ne_hook_create_request(sess, thook_create_req, buf); ne_hook_pre_send(sess, hook_pre_send, buf); ne_hook_post_headers(sess, hook_post_headers, buf); ne_hook_post_send(sess, hook_post_send, buf); ne_hook_destroy_request(sess, hook_destroy_req, buf); ne_hook_destroy_session(sess, hook_destroy_sess, buf); ne_hook_close_conn(sess, hook_close_conn, buf); CALL(any_2xx_request(sess, "/first")); ONCMP("(create,GET,/first)\n" "(pre-send)\n" "(post-headers,HTTP/1.1,200,OK)\n" "(post-send,HTTP/1.1,200,OK)\n" "(destroy-req)\n", buf->data, "hook ordering", "first result"); ne_buffer_clear(buf); /* Unhook for mismatched fn/ud pointers: */ ne_unhook_create_request(sess, hk_createreq, buf); ne_unhook_create_request(sess, thook_create_req, sess); /* Unhook real functions. */ ne_unhook_pre_send(sess, hook_pre_send, buf); ne_unhook_destroy_request(sess, hook_destroy_req, buf); ne_unhook_post_headers(sess, hook_post_headers, buf); CALL(any_2xx_request(sess, "/second")); ONCMP("(create,GET,/second)\n" "(post-send,HTTP/1.1,200,OK)\n", buf->data, "hook ordering", "second result"); ne_buffer_clear(buf); /* Double hook create, double hook then double unhook post. */ ne_hook_create_request(sess, thook_create_req, buf); ne_hook_post_send(sess, hook_post_send, buf); ne_unhook_post_send(sess, hook_post_send, buf); ne_unhook_post_send(sess, hook_post_send, buf); CALL(any_2xx_request(sess, "/third")); ONCMP("(create,GET,/third)\n" "(create,GET,/third)\n", buf->data, "hook ordering", "third result"); ne_buffer_clear(buf); ne_session_destroy(sess); CALL(await_server()); ONCMP("(destroy-sess)\n" "(close-conn)\n", buf->data, "hook ordering", "first destroyed session"); ne_buffer_clear(buf); sess = ne_session_create("http", "www.example.com", 80); ne_hook_destroy_session(sess, hook_destroy_sess, buf); ne_unhook_destroy_session(sess, hook_destroy_sess, buf); ne_session_destroy(sess); ONCMP("", buf->data, "hook ordering", "second destroyed session"); ne_buffer_destroy(buf); return OK; } static void hook_self_destroy_req(ne_request *req, void *userdata) { ne_unhook_destroy_request(ne_get_session(req), hook_self_destroy_req, userdata); } /* Test that it's safe to call ne_unhook_destroy_request from a * destroy_request hook. */ static int hook_self_destroy(void) { ne_session *sess = ne_session_create("http", "localhost", 1234); ne_hook_destroy_request(sess, hook_self_destroy_req, NULL); ne_request_destroy(ne_request_create(sess, "GET", "/")); ne_session_destroy(sess); return OK; } static int icy_protocol(void) { ne_session *sess; CALL(make_session(&sess, single_serve_string, "ICY 200 OK\r\n" "Content-Length: 0\r\n\r\n")); ne_set_session_flag(sess, NE_SESSFLAG_ICYPROTO, 1); ONREQ(any_request(sess, "/foo")); return destroy_and_wait(sess); } static void status_cb(void *userdata, ne_session_status status, const ne_session_status_info *info) { ne_buffer *buf = userdata; char scratch[512]; switch (status) { case ne_status_lookup: ne_buffer_concat(buf, "lookup(", info->lu.hostname, ")-", NULL); break; case ne_status_connecting: ne_iaddr_print(info->ci.address, scratch, sizeof scratch); ne_buffer_concat(buf, "connecting(", info->lu.hostname, ",", scratch, ")-", NULL); break; case ne_status_disconnected: ne_buffer_czappend(buf, "dis"); /* fallthrough */ case ne_status_connected: ne_buffer_concat(buf, "connected(", info->cd.hostname, ")-", NULL); break; case ne_status_sending: case ne_status_recving: ne_snprintf(scratch, sizeof scratch, "%" NE_FMT_NE_OFF_T ",%" NE_FMT_NE_OFF_T, info->sr.progress, info->sr.total); ne_buffer_concat(buf, status == ne_status_sending ? "send" : "recv", "(", scratch, ")-", NULL); break; default: ne_buffer_czappend(buf, "bork!"); break; } } static int status(void) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); char expect[1024]; ne_snprintf(expect, sizeof expect, "lookup(127.0.0.1)-" "connecting(127.0.0.1,127.0.0.1)-" "connected(127.0.0.1)-" "send(0,5000)-" "send(5000,5000)-" "recv(0,5)-" "recv(5,5)-" "disconnected(127.0.0.1)-"); CALL(make_session(&sess, single_serve_string, RESP200 "Content-Length: 5\r\n\r\n" "abcde")); ne_set_notifier(sess, status_cb, buf); CALL(any_2xx_request_body(sess, "/status")); ne_session_destroy(sess); CALL(await_server()); ONV(strcmp(expect, buf->data), ("status event sequence mismatch: got [%s] not [%s]", buf->data, expect)); ne_buffer_destroy(buf); return OK; } static int status_chunked(void) { ne_session *sess; ne_buffer *buf = ne_buffer_create(); char expect[1024]; /* This sequence is not exactly guaranteed by the API, but it's * what the current implementation should do. */ ne_snprintf(expect, sizeof expect, "lookup(127.0.0.1)-" "connecting(127.0.0.1,127.0.0.1)-" "connected(127.0.0.1)-" "send(0,5000)-" "send(5000,5000)-" "recv(0,-1)-" "recv(1,-1)-" "recv(2,-1)-" "recv(3,-1)-" "recv(4,-1)-" "recv(5,-1)-" "disconnected(127.0.0.1)-"); CALL(make_session(&sess, single_serve_string, RESP200 TE_CHUNKED "\r\n" ABCDE_CHUNKS)); ne_set_notifier(sess, status_cb, buf); CALL(any_2xx_request_body(sess, "/status")); ne_session_destroy(sess); CALL(await_server()); ONV(strcmp(expect, buf->data), ("status event sequence mismatch: got [%s] not [%s]", buf->data, expect)); ne_buffer_destroy(buf); return OK; } static const unsigned char raw_127[4] = "\x7f\0\0\01"; /* 127.0.0.1 */ static int local_addr(void) { ne_session *sess; ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); CALL(make_session(&sess, single_serve_string, RESP200 "Connection: close\r\n\r\n")); ne_set_localaddr(sess, ia); ONREQ(any_request(sess, "/foo")); ne_session_destroy(sess); ne_iaddr_free(ia); return reap_server(); } /* Regression in 0.27.0, ne_set_progress(sess, NULL, NULL) should * register the progress callback. */ static int dereg_progress(void) { ne_session *sess; CALL(make_session(&sess, single_serve_string, RESP200 TE_CHUNKED "\r\n" ABCDE_CHUNKS)); ne_set_progress(sess, NULL, NULL); ONREQ(any_request(sess, "/foo")); return destroy_and_wait(sess); } static int addrlist(void) { ne_session *sess; ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); const ne_inet_addr *ial[1]; unsigned int port; CALL(new_spawn_server(1, single_serve_string, EMPTY_RESP, &port)); sess = ne_session_create("http", "www.example.com", port); ial[0] = ia; ne_set_addrlist(sess, ial, 1); CALL(any_2xx_request(sess, "/blah")); ne_iaddr_free(ia); return destroy_and_wait(sess); } static int socks_session(ne_session **sess, struct socks_server *srv, const char *hostname, unsigned int port, server_fn server, void *userdata) { unsigned int realport; srv->server = server; srv->userdata = userdata; CALL(new_spawn_server(1, socks_server, srv, &realport)); *sess = ne_session_create("http", hostname, port); ne_session_socks_proxy(*sess, srv->version, "localhost", realport, srv->username, srv->password); return OK; } static int socks_proxy(void) { ne_session *sess; struct socks_server srv = {0}; srv.version = NE_SOCK_SOCKSV5; srv.failure = fail_none; srv.expect_port = 4242; srv.expect_addr = NULL; srv.expect_fqdn = "socks.example.com"; srv.username = "bloggs"; srv.password = "guessme"; CALL(socks_session(&sess, &srv, srv.expect_fqdn, srv.expect_port, single_serve_string, EMPTY_RESP)); CALL(any_2xx_request(sess, "/blee")); return destroy_and_wait(sess); } static int socks_v4_proxy(void) { ne_session *sess; struct socks_server srv = {0}; srv.version = NE_SOCK_SOCKSV4; srv.failure = fail_none; srv.expect_port = 4242; srv.expect_addr = ne_iaddr_parse("127.0.0.1", ne_iaddr_ipv4); srv.expect_fqdn = "localhost"; srv.username = "bloggs"; srv.password = "guessme"; CALL(socks_session(&sess, &srv, srv.expect_fqdn, srv.expect_port, single_serve_string, EMPTY_RESP)); CALL(any_2xx_request(sess, "/blee")); ne_iaddr_free(srv.expect_addr); return destroy_and_wait(sess); } /* Server function which serves the request body back as the response * body. */ static int serve_mirror(ne_socket *sock, void *userdata) { char response[1024]; CALL(discard_request(sock)); ONV(clength == 0 || (size_t)clength > sizeof buffer, ("C-L out of bounds: %d", clength)); ONV(ne_sock_fullread(sock, buffer, clength), ("read failed: %s", ne_sock_error(sock))); ne_snprintf(response, sizeof response, "HTTP/1.0 200 OK\r\n" "Content-Length: %d\r\n" "\r\n", clength); ONN("send response header failed", server_send(sock, response, strlen(response))); ONN("send response body failed", server_send(sock, buffer, clength)); ONV(ne_sock_read(sock, buffer, 1) != NE_SOCK_CLOSED, ("client sent data after request: %c", buffer[0])); return OK; } /* Test for ne_set_request_body_fd() bug in <= 0.29.3. */ static int send_length(void) { ne_session *sess; ne_request *req; int fd; ne_buffer *buf = ne_buffer_create(); fd = open("foobar.txt", O_RDONLY); ONV(fd < 0, ("open random.txt failed: %s", strerror(errno))); CALL(make_session(&sess, serve_mirror, NULL)); req = ne_request_create(sess, "GET", "/foo"); ne_set_request_body_fd(req, fd, 0, 3); ne_add_response_body_reader(req, ne_accept_2xx, collector, buf); ONREQ(ne_request_dispatch(req)); ONCMP("foo", buf->data, "response body", "match"); ne_request_destroy(req); ne_session_destroy(sess); ne_buffer_destroy(buf); close(fd); return await_server(); } /* Test for error code for a SOCKS proxy failure, bug in <= 0.29.3. */ static int socks_fail(void) { ne_session *sess; struct socks_server srv = {0}; int ret; srv.version = NE_SOCK_SOCKSV5; srv.failure = fail_init_vers; srv.expect_port = 4242; srv.expect_addr = ne_iaddr_parse("127.0.0.1", ne_iaddr_ipv4); srv.expect_fqdn = "localhost"; srv.username = "bloggs"; srv.password = "guessme"; CALL(socks_session(&sess, &srv, srv.expect_fqdn, srv.expect_port, single_serve_string, EMPTY_RESP)); ret = any_request(sess, "/blee"); ONV(ret != NE_ERROR, ("request failed with %d not NE_ERROR", ret)); ONV(strstr(ne_get_error(sess), "Could not establish connection from SOCKS proxy") == NULL || strstr(ne_get_error(sess), "Invalid version in proxy response") == NULL, ("unexpected error string: %s", ne_get_error(sess))); ne_iaddr_free(srv.expect_addr); return destroy_and_wait(sess); } static int safe_flags(void) { ne_session *sess = ne_session_create("http", "localhost", 80); ne_request *req = ne_request_create(sess, "GET", "/"); ne_set_request_flag(req, NE_REQFLAG_LAST, 0xAAAAAAAA); ONN("flags array bound check failed", ne_get_session(req) != sess); ne_request_destroy(req); ne_session_destroy(sess); return OK; } static int fail_excess_1xx(void) { struct s1xx_args args = {200, 0}; return fail_request_with_error(0, serve_1xx, &args, 0, "Too many interim responses"); } /* TODO: test that ne_set_notifier(, NULL, NULL) DTRT too. */ ne_test tests[] = { T(lookup_localhost), T(single_get_clength), T(single_get_eof), T(single_get_chunked), T(no_body_204), T(no_body_304), T(no_body_HEAD), T(no_headers), T(chunks), T(te_header), T(te_identity), T(reason_phrase), T(chunk_numeric), T(chunk_extensions), T(chunk_trailers), T(chunk_oversize), T(te_over_clength), T(te_over_clength2), T(no_body_chunks), T(persist_http11), T(persist_chunked), T(persist_http10), T(persist_proxy_http10), T(persist_timeout), T(no_persist_http10), T(ptimeout_eof), T(ptimeout_eof2), T(closed_connection), T(close_not_retried), T(send_progress), T(ignore_bad_headers), T(fold_headers), T(fold_many_headers), T(multi_header), T(multi_header2), T(empty_header), T(trailing_header), T(ignore_header_case), T(ignore_header_ws), T(ignore_header_ws2), T(ignore_header_ws3), T(ignore_header_tabs), T(strip_http10_connhdr), T(strip_http10_connhdr2), T(continued_header), T(reset_headers), T(iterate_none), T(iterate_many), T(skip_interim_1xx), T(skip_many_1xx), T(skip_1xx_hdrs), T(send_bodies), T(expect_100_once), T(expect_100_nobody), T(unbounded_headers), T(unbounded_folding), T(blank_response), T(not_http), T(fail_eof_continued), T(fail_eof_headers), T(fail_eof_chunk), T(fail_eof_badclen), T(fail_long_header), T(fail_on_invalid), T(read_timeout), T(fail_connect), T(proxy_no_resolve), T(fail_chunksize), T(abort_respbody), T(retry_after_abort), T(fail_statusline), T(dup_method), T(versions), T(hook_create_req), T(abort_reader), T(send_bad_offset), T(hooks), T(hook_self_destroy), T(icy_protocol), T(status), T(status_chunked), T(local_addr), T(dereg_progress), T(addrlist), T(socks_proxy), T(socks_v4_proxy), T(send_length), T(socks_fail), T(fail_lookup), T(fail_double_lookup), T(safe_flags), T(fail_excess_1xx), T(NULL) }; neon-0.32.2/test/resolve.c000066400000000000000000000031251416727304000153440ustar00rootroot00000000000000/* Test program for the neon resolver interface Copyright (C) 2002-2003, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include "ne_socket.h" int main(int argc, char **argv) { ne_sock_addr *addr; char buf[256]; int ret = 0; if (argc < 2) { printf("Usage: %s hostname\n", argv[0]); return 1; } if (ne_sock_init()) { printf("%s: Failed to initialize socket library.\n", argv[0]); return 1; } addr = ne_addr_resolve(argv[1], 0); if (ne_addr_result(addr)) { printf("Could not resolve `%s': %s\n", argv[1], ne_addr_error(addr, buf, sizeof buf)); ret = 2; } else { const ne_inet_addr *ia; printf("Resolved `%s' OK:", argv[1]); for (ia = ne_addr_first(addr); ia; ia = ne_addr_next(addr)) { printf(" <%s>", ne_iaddr_print(ia, buf, sizeof buf)); } putchar('\n'); } ne_addr_destroy(addr); return ret; } neon-0.32.2/test/run-tests.sh000066400000000000000000000011701416727304000160170ustar00rootroot00000000000000#!/bin/sh # # This script can be used to run the installed neon test suite # against an installed copy of the neon library. # # enable glibc malloc safety checks MALLOC_CHECK_=2 MALLOC_PERTURB_=242 export MALLOC_CHECK_ MALLOC_PERTURB_ cd data if test -x ../bin/ssl; then rm -rf ca touch ../configure echo "INIT: generating SSL ceritifcates..." if sh ./makekeys 2> makekeys.out; then :; else echo FAIL: could not generate SSL certificates exit 2 fi fi for t in ../bin/*; do if ${t}; then :; else echo FAIL: ${t} exit 1 fi done echo "PASS: all tests passed" exit 0 neon-0.32.2/test/run.sh000066400000000000000000000007311416727304000146610ustar00rootroot00000000000000#!/bin/sh rm -f debug.log child.log ulimit -c unlimited ulimit -t 120 unset LANG unset LC_MESSAGES # Enable glibc heap consistency checks, and memory randomization. MALLOC_CHECK_=2 MALLOC_PERTURB_=`expr $RANDOM % 255 2>/dev/null` export MALLOC_CHECK_ MALLOC_PERTURB_ export GNUTLS_SYSTEM_PRIORITY_FILE=$PWD/neon.prio export TEST_QUIET=${TEST_QUIET:-1} RETVAL=0 for f in $*; do if ${HARNESS} ./$f ${SRCDIR}; then : else RETVAL=$? fi done exit $RETVAL neon-0.32.2/test/session.c000066400000000000000000000122711416727304000153520ustar00rootroot00000000000000/* Tests for session handling Copyright (C) 2002-2006, 2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_session.h" #include "tests.h" static int fill_uri(void) { ne_uri uri = {0}; ne_session *sess = ne_session_create("http", "localhost", 1234); ne_fill_server_uri(sess, &uri); ONCMP("localhost", uri.host, "fill_uri", "host"); ONN("port mis-match", uri.port != 1234); ONCMP("http", uri.scheme, "fill_uri", "scheme"); ne_session_destroy(sess); ne_uri_free(&uri); return OK; } static int fill_proxy_uri(void) { ne_uri uri = {0}; ne_session *sess = ne_session_create("http", "localhost", 1234); ne_fill_proxy_uri(sess, &uri); ONN("no proxy host should be set", uri.host != NULL); ONN("no proxy port should be set", uri.port != 0); ne_session_proxy(sess, "www.example.com", 345); ne_fill_proxy_uri(sess, &uri); ONCMP("www.example.com", uri.host, "fill_proxy_uri", "host"); ONN("proxy port mis-match", uri.port != 345); ne_session_destroy(sess); ne_uri_free(&uri); return OK; } static int match_hostport(const char *scheme, const char *hostname, int port, const char *hostport) { ne_session *sess = ne_session_create(scheme, hostname, port); const char *hp = ne_get_server_hostport(sess); ONV(strcmp(hp, hostport), ("hostport incorrect for %s: `%s' not `%s'", scheme, hp, hostport)); ne_session_destroy(sess); return OK; } static int hostports(void) { static const struct { const char *scheme, *hostname; int port; const char *hostport; } hps[] = { { "http", "host.name", 80, "host.name" }, { "http", "host.name", 555, "host.name:555" }, { "http", "host.name", 443, "host.name:443" }, { "https", "host.name", 80, "host.name:80" }, { "https", "host.name", 443, "host.name" }, { "https", "host.name", 700, "host.name:700" }, { NULL } }; int n; for (n = 0; hps[n].scheme; n++) { CALL(match_hostport(hps[n].scheme, hps[n].hostname, hps[n].port, hps[n].hostport)); } return OK; } /* Check that ne_set_error is passing through to printf correctly. */ static int errors(void) { ne_session *sess = ne_session_create("http", "foo.com", 80); #define EXPECT "foo, hello world, 100, bar!" ne_set_error(sess, "foo, %s, %d, bar!", "hello world", 100); ONV(strcmp(ne_get_error(sess), EXPECT), ("session error was `%s' not `%s'", ne_get_error(sess), EXPECT)); #undef EXPECT ne_session_destroy(sess); return OK; } #define ID1 "foo" #define ID2 "bar" static int privates(void) { ne_session *sess = ne_session_create("http", "localhost", 80); char *v1 = "hello", *v2 = "world"; ne_set_session_private(sess, ID1, v1); ne_set_session_private(sess, ID2, v2); #define PRIV(msg, id, val) \ ONN(msg, ne_get_session_private(sess, id) != val) PRIV("private #1 wrong", ID1, v1); PRIV("private #2 wrong", ID2, v2); PRIV("unknown id wrong", "no such ID", NULL); ne_session_destroy(sess); return OK; } /* test that ne_session_create doesn't really care what scheme you * give it, and that ne_get_scheme() works. */ static int get_scheme(void) { static const char *schemes[] = { "http", "https", "ftp", "ldap", "foobar", NULL }; int n; for (n = 0; schemes[n]; n++) { ne_session *sess = ne_session_create(schemes[n], "localhost", 80); ONV(strcmp(ne_get_scheme(sess), schemes[n]), ("scheme was `%s' not `%s'!", ne_get_scheme(sess), schemes[n])); ne_session_destroy(sess); } return OK; } static int flags(void) { ne_session *sess = ne_session_create("https", "localhost", 443); ne_set_session_flag(sess, NE_SESSFLAG_PERSIST, 1); ONN("persist flag was not set", ne_get_session_flag(sess, NE_SESSFLAG_PERSIST) != 1); ne_set_session_flag(sess, NE_SESSFLAG_LAST, 1); ONN("unsupported flag was recognized", ne_get_session_flag(sess, NE_SESSFLAG_LAST) != -1); ne_session_destroy(sess); return OK; } static int proxies(void) { ne_session *sess = ne_session_create("https", "localhost", 443); ne_session_proxy(sess, "http", 80); ne_set_addrlist2(sess, 80, NULL, 0); ne_session_destroy(sess); return OK; } ne_test tests[] = { T(fill_uri), T(fill_proxy_uri), T(hostports), T(errors), T(privates), T(get_scheme), T(flags), T(proxies), T(NULL) }; neon-0.32.2/test/skeleton.c000066400000000000000000000023151416727304000155110ustar00rootroot00000000000000/* neon test suite Copyright (C) 2002-2003, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_request.h" #include "ne_socket.h" #include "tests.h" #include "child.h" #include "utils.h" static int foo(void) { /* This is a skeleton test suite file. */ return OK; } ne_test tests[] = { T(foo), /* test functions here */ /* end of test functions. */ T(NULL) }; neon-0.32.2/test/socket.c000066400000000000000000001203101416727304000151510ustar00rootroot00000000000000/* Socket handling tests Copyright (C) 2002-2011, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /* This module can be compiled with -DSOCKET_SSL enabled, to run all * the tests over an SSL connection. */ #include "config.h" #include #include /* for AF_INET6 */ #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_UNISTD_H #include /* for gethostname() */ #endif #include /* for time() */ #include "ne_socket.h" #include "ne_utils.h" #include "ne_alloc.h" #include "child.h" #include "tests.h" #include "utils.h" #ifdef SOCKET_SSL #include "ne_ssl.h" ne_ssl_context *server_ctx, *client_ctx; #endif static ne_sock_addr *localhost; static char buffer[BUFSIZ]; #if defined(AF_INET6) && defined(USE_GETADDRINFO) #define TEST_IPV6 #endif /* tests for doing init/finish multiple times. */ static int multi_init(void) { int res1 = ne_sock_init(), res2 = ne_sock_init(); ONV(res1 != res2, ("cached init result changed from %d to %d", res1, res2)); ne_sock_exit(); ne_sock_exit(); ne_sock_exit(); res1 = ne_sock_init(); ONV(res1 != res2, ("re-init after exit gave %d not %d", res1, res2)); ne_sock_exit(); res2 = ne_sock_init(); ONV(res1 != res2, ("second time, cached init result changed from %d to %d", res1, res2)); return OK; } /* Create and connect *sock to address addr on given port. */ static int do_connect(ne_socket **sock, ne_sock_addr *addr, unsigned int port) { const ne_inet_addr *ia; *sock = ne_sock_create(); ONN("could not create socket", *sock == NULL); for (ia = ne_addr_first(addr); ia; ia = ne_addr_next(addr)) { if (ne_sock_connect(*sock, ia, port) == 0) return OK; } t_context("could not connect to server: %s", ne_sock_error(*sock)); ne_sock_close(*sock); return FAIL; } static int close_and_wait(ne_socket *sock) { int ret = ne_sock_close(sock); ONV(ret, ("failed closing socket: %d", ret)); return await_server(); } #ifdef SOCKET_SSL static int init_ssl(void) { char *server_key; ne_ssl_certificate *cert; /* take srcdir as argv[1]. */ if (test_argc > 1) { server_key = ne_concat(test_argv[1], "/server.key", NULL); } else { server_key = ne_strdup("server.key"); } ONN("sock_init failed", ne_sock_init()); server_ctx = ne_ssl_context_create(1); ONN("SSL_CTX_new failed", server_ctx == NULL); ne_ssl_context_keypair(server_ctx, "server.cert", server_key); client_ctx = ne_ssl_context_create(0); ONN("SSL_CTX_new failed for client", client_ctx == NULL); cert = ne_ssl_cert_read("ca/cert.pem"); ONN("could not load ca/cert.pem", cert == NULL); ne_ssl_context_trustcert(client_ctx, cert); ne_free(server_key); return OK; } #endif static int resolve(void) { char buf[256]; localhost = ne_addr_resolve("localhost", 0); ONV(ne_addr_result(localhost), ("could not resolve `localhost': %s", ne_addr_error(localhost, buf, sizeof buf))); /* and again for child.c */ return lookup_localhost(); } static int serve_close(ne_socket *sock, void *ud) { return 0; } #ifdef SOCKET_SSL struct serve_pair { server_fn fn; void *userdata; }; static int wrap_serve(ne_socket *sock, void *ud) { struct serve_pair *pair = ud; if (ne_sock_accept_ssl(sock, server_ctx)) { NE_DEBUG(NE_DBG_SOCKET, "SSL_accept failed: %s\n", ne_sock_error(sock)); return 1; } NE_DEBUG(NE_DBG_SOCKET, "SSL accept okay.\n"); return pair->fn(sock, pair->userdata); } static int begin(ne_socket **sock, server_fn fn, void *ud) { struct serve_pair pair; unsigned int port; pair.fn = fn; pair.userdata = ud; CALL(new_spawn_server(1, wrap_serve, &pair, &port)); CALL(do_connect(sock, localhost, port)); ONV(ne_sock_connect_ssl(*sock, client_ctx, NULL), ("SSL negotiation failed: %s", ne_sock_error(*sock))); return OK; } #else /* non-SSL begin() function. */ static int begin(ne_socket **sock, server_fn fn, void *ud) { unsigned int port; CALL(new_spawn_server(1, fn, ud, &port)); return do_connect(sock, localhost, port); } #endif static int resolve_numeric(void) { ne_sock_addr *addr = ne_addr_resolve("127.0.0.1", 0); ONV(ne_addr_result(addr), ("failed to resolve 127.0.0.1: %s", ne_addr_error(addr, buffer, sizeof buffer))); ONN("ne_addr_first returned NULL", ne_addr_first(addr) == NULL); ONN("ne_iaddr_print didn't return buffer", ne_iaddr_print(ne_addr_first(addr), buffer, sizeof buffer) != buffer); ONV(strcmp(buffer, "127.0.0.1"), ("ntop gave `%s' not 127.0.0.1", buffer)); ne_addr_destroy(addr); return OK; } #if 0 static int resolve_ipv6(void) { char err[256]; ne_sock_addr *addr = ne_addr_resolve("[::1]", 0); ONV(ne_addr_result(addr), ("could not resolve `[::1]': %s", ne_addr_error(addr, err, sizeof err))); ne_addr_destroy(addr); return OK; } #endif static const unsigned char raw_127[4] = "\x7f\0\0\01", /* 127.0.0.1 */ raw6_nuls[16] = /* :: */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; #ifdef TEST_IPV6 static const unsigned char raw6_cafe[16] = /* feed::cafe */ "\xfe\xed\0\0\0\0\0\0\0\0\0\0\0\0\xca\xfe", raw6_babe[16] = /* cafe:babe:: */ "\xca\xfe\xba\xbe\0\0\0\0\0\0\0\0\0\0\0\0"; #endif /* Check the given inet addr is 127.0.0.1. */ static int check_is_raw127(const ne_inet_addr *ia) { unsigned char raw[5]; raw[4] = 'Z'; ONN("bogus ne_iaddr_typeof return", ne_iaddr_typeof(ia) != ne_iaddr_ipv4); ONN("ne_iaddr_raw gave bad retval", ne_iaddr_raw(ia, raw) != raw); ONN("raw address mismatch", memcmp(raw, raw_127, 4) != 0); ONN("ne_iaddr_raw buffer overflow", raw[4] != 'Z'); return OK; } static int addr_make_v4(void) { ne_inet_addr *ia; char pr[50]; ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("ne_iaddr_make returned NULL", ia == NULL); ne_iaddr_print(ia, pr, sizeof pr); ONV(strcmp(pr, "127.0.0.1"), ("address was %s not 127.0.0.1", pr)); CALL(check_is_raw127(ia)); ne_iaddr_free(ia); return OK; } static int parse_v4(void) { ne_inet_addr *ia; ia = ne_iaddr_parse("127.0.0.1", ne_iaddr_ipv4); ONN("parse failed", ia == NULL); CALL(check_is_raw127(ia)); ne_iaddr_free(ia); return OK; } static int addr_make_v6(void) { #ifdef TEST_IPV6 struct { const unsigned char *addr; const char *rep; } as[] = { { raw6_cafe, "feed::cafe" }, { raw6_babe, "cafe:babe::" }, { raw6_nuls, "::" }, { NULL, NULL } }; int n; for (n = 0; as[n].rep != NULL; n++) { ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv6, as[n].addr); char pr[128]; unsigned char raw[17]; ONV(ia == NULL, ("could not make address for '%s'", as[n].rep)); ne_iaddr_print(ia, pr, sizeof pr); ONV(strcmp(pr, as[n].rep), ("address %d was '%s' not '%s'", n, pr, as[n].rep)); ONN("bogus ne_iaddr_typeof return", ne_iaddr_typeof(ia) != ne_iaddr_ipv6); raw[16] = 'Z'; ONN("ne_iaddr_raw gave bad retval", ne_iaddr_raw(ia, raw) != raw); ONN("raw address mismatch", memcmp(raw, as[n].addr, 4) != 0); ONN("ne_iaddr_raw buffer overflow", raw[16] != 'Z'); ne_iaddr_free(ia); ia = ne_iaddr_parse(as[n].rep, ne_iaddr_ipv6); ONV(ia == NULL, ("ne_iaddr_parse failed for %s", as[n].rep)); ONN("bogus ne_iaddr_typeof return", ne_iaddr_typeof(ia) != ne_iaddr_ipv6); ONN("ne_iaddr_raw gave bad retval", ne_iaddr_raw(ia, raw) != raw); ONN("raw address mismatch", memcmp(raw, as[n].addr, 4) != 0); ONN("ne_iaddr_raw buffer overflow", raw[16] != 'Z'); ne_iaddr_free(ia); } return OK; #else /* should fail when lacking IPv6 support. */ ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv6, raw6_nuls); ONN("ne_iaddr_make did not return NULL", ia != NULL); ONN("ne_iaddr_parse did not return NULL", ne_iaddr_parse("127.0.0.1", ne_iaddr_ipv6)); #endif return OK; } static const unsigned char raw_1234[] = "\x01\x02\x03\x04"; static int addr_compare(void) { ne_inet_addr *ia1, *ia2; int ret; ia1 = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ia2 = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("addr_make returned NULL", !ia1 || !ia2); ret = ne_iaddr_cmp(ia1, ia2); ONV(ret != 0, ("comparison of equal IPv4 addresses was %d", ret)); ne_iaddr_free(ia2); ia2 = ne_iaddr_make(ne_iaddr_ipv4, raw_1234); ret = ne_iaddr_cmp(ia1, ia2); ONN("comparison of unequal IPv4 addresses was zero", ret == 0); #ifdef TEST_IPV6 ne_iaddr_free(ia2); ia2 = ne_iaddr_make(ne_iaddr_ipv6, raw6_cafe); ONN("could not make IPv6 address", !ia2); ret = ne_iaddr_cmp(ia1, ia2); ONN("comparison of IPv4 and IPv6 addresses was zero", ret == 0); ne_iaddr_free(ia1); ia1 = ne_iaddr_make(ne_iaddr_ipv6, raw6_cafe); ret = ne_iaddr_cmp(ia1, ia2); ONN("comparison of equal IPv6 addresses was not zero", ret != 0); ne_iaddr_free(ia1); ia1 = ne_iaddr_make(ne_iaddr_ipv6, raw6_babe); ret = ne_iaddr_cmp(ia1, ia2); ONN("comparison of unequal IPv6 address was zero", ret == 0); #endif ne_iaddr_free(ia1); ne_iaddr_free(ia2); return OK; } static int addr_reverse(void) { ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); char buf[128], *syshost = NULL; int match; #ifdef HAVE_GETHOSTNAME char host[128]; if (gethostname(host, sizeof host) == 0) { syshost = host; } #endif ONN("ne_iaddr_make returned NULL", ia == NULL); ONN("reverse lookup for 127.0.0.1 failed", ne_iaddr_reverse(ia, buf, sizeof buf) != 0); NE_DEBUG(NE_DBG_SOCKET, "Reverse lookup for 127.0.0.1 => %s\n", buf); match = strcmp(buf, "localhost.localdomain") == 0 || strcmp(buf, "localhost") == 0; if (!match && syshost) /* If the returned name has the system hostname as a prefix, that's * good enough. */ match = strncmp(buf, syshost, strlen(syshost)) == 0; if (!match) t_warning("reverse lookup for 127.0.0.1 got '%s'", buf); ONN("reverse lookup for 127.0.0.1 got empty string", strlen(buf) == 0); ne_iaddr_free(ia); return OK; } static int addr_canonical(void) { ne_sock_addr *sa; const char *h; sa = ne_addr_resolve("localhost", NE_ADDR_CANON); ONN("could not resolve localhost", sa == NULL); h = ne_addr_canonical(sa); ONN("no canonical name for localhost", h == NULL); NE_DEBUG(NE_DBG_SOCKET, "canonical name: %s\n", h); ne_addr_destroy(sa); return OK; } static int just_connect(void) { ne_socket *sock; CALL(begin(&sock, serve_close, NULL)); return close_and_wait(sock); } /* Connect to an address crafted using ne_iaddr_make rather than from * the resolver. */ static int addr_connect(void) { ne_socket *sock = ne_sock_create(); ne_inet_addr *ia; unsigned int port; ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("ne_iaddr_make returned NULL", ia == NULL); CALL(new_spawn_server(1, serve_close, NULL, &port)); ONN("could not connect", ne_sock_connect(sock, ia, port)); ne_iaddr_free(ia); return close_and_wait(sock); } static int addr_peer(void) { ne_socket *sock = ne_sock_create(); ne_inet_addr *ia, *ia2; unsigned int port = 9999, realport; int ret; ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("ne_iaddr_make returned NULL", ia == NULL); CALL(new_spawn_server(1, serve_close, NULL, &realport)); ONN("could not connect", ne_sock_connect(sock, ia, realport)); ia2 = ne_sock_peer(sock, &port); ret = ne_iaddr_cmp(ia, ia2); ONV(ret != 0, ("comparison of peer with server address was %d", ret)); ONV(port != realport, ("got peer port %u, expected %u", port, realport)); ne_sock_close(sock); CALL(await_server()); ne_iaddr_free(ia); ne_iaddr_free(ia2); return OK; } /* Exect a read() to return EOF */ static int expect_close(ne_socket *sock) { ssize_t n = ne_sock_read(sock, buffer, 1); ONV(n > 0, ("read got %" NE_FMT_SSIZE_T " bytes not closure", n)); ONV(n < 0 && n != NE_SOCK_CLOSED, ("read got error not closure: `%s'", ne_sock_error(sock))); return OK; } static int good_close(ne_socket *sock) { NE_DEBUG(NE_DBG_SOCKET, "Socket error was %s\n", ne_sock_error(sock)); ONN("close failed", ne_sock_close(sock)); return OK; } /* Finish a test, closing socket and rejoining child. If eof is non-zero, * expects to read EOF from the socket before closing. */ static int finish(ne_socket *sock, int eof) { if (eof) CALL(expect_close(sock)); else ne_sock_shutdown(sock, NE_SOCK_SEND); CALL(good_close(sock)); return await_server(); } /* Exect a ne_sock_peek() to return EOF */ static int expect_peek_close(ne_socket *sock) { ssize_t n = ne_sock_read(sock, buffer, 1); ONV(n != NE_SOCK_CLOSED, ("peek gave %" NE_FMT_SSIZE_T " not closure", n)); return OK; } /* Test that just does a connect then a close. */ static int read_close(void) { ne_socket *sock; CALL(begin(&sock, serve_close, NULL)); CALL(expect_close(sock)); ONN("close failed", ne_sock_close(sock)); return await_server(); } /* Test that just does an open then a close. */ static int open_close(void) { ONN("close of newly opened socket failed", ne_sock_close(ne_sock_create())); return OK; } /* Test that just does a connect then a close (but gets the close via * ne_sock_peek). */ static int peek_close(void) { ne_socket *sock; CALL(begin(&sock, serve_close, NULL)); CALL(expect_peek_close(sock)); ONN("close failed", ne_sock_close(sock)); return await_server(); } /* Don't change this string. */ #define STR "Hello, World." /* do a sock_peek() on sock for 'len' bytes, and expect 'str'. */ static int peek_expect(ne_socket *sock, const char *str, size_t len) { ssize_t ret; memset(buffer, '@', sizeof buffer); ret = ne_sock_peek(sock, buffer, len); ONV((ssize_t)len != ret, ("peek got %" NE_FMT_SSIZE_T " bytes not %" NE_FMT_SIZE_T, ret, len)); ONV(memcmp(str, buffer, len), ("peek mismatch: `%.*s' not `%.*s'", (int)len, buffer, (int)len, str)); ONV(buffer[len] != '@', ("buffer overrun: %" NE_FMT_SSIZE_T "nth byte was '%c' not '@'", len, buffer[len])); return OK; } /* do a sock_read() on sock for 'len' bytes, and expect 'str'. */ static int read_expect(ne_socket *sock, const char *str, size_t len) { ssize_t ret = ne_sock_read(sock, buffer, len); ONV((ssize_t)len != ret, ("read got %" NE_FMT_SSIZE_T " bytes (%s) not %" NE_FMT_SIZE_T, ret, ne_sock_error(sock), len)); ONV(memcmp(str, buffer, len), ("read mismatch: `%.*s' not `%.*s'", (int)len, buffer, (int)len, str)); return OK; } /* do a sock_read() on sock for 'len' bytes, and expect 'str'. */ static int fullread_expect(ne_socket *sock, const char *str, size_t len) { ssize_t ret = ne_sock_fullread(sock, buffer, len); ONV(ret, ("fullread failed (%" NE_FMT_SSIZE_T "): %s", ret, ne_sock_error(sock))); ONV(memcmp(str, buffer, len), ("fullread mismatch: `%.*s' not `%.*s'", (int)len, buffer, (int)len, str)); return OK; } #define FULLREAD(str) CALL(fullread_expect(sock, str, strlen(str))) /* Declare a struct string */ #define DECL(var,str) struct string var = { str, 0 }; var.len = strlen(str) #define DECL_LONG(var,ch,n) struct string var; var.data = memset(ne_malloc(n), ch, n); var.len = n; /* Test a simple read. */ static int single_read(void) { ne_socket *sock; DECL(hello, STR); CALL(begin(&sock, serve_sstring, &hello)); CALL(read_expect(sock, STR, strlen(STR))); CALL(expect_close(sock)); CALL(good_close(sock)); return await_server(); } /* Test a simple peek. */ static int single_peek(void) { ne_socket *sock; DECL(hello, STR); CALL(begin(&sock, serve_sstring, &hello)); CALL(peek_expect(sock, STR, strlen(STR))); return finish(sock, 0); } /* Test lots of 1-byte reads. */ static int small_reads(void) { ne_socket *sock; char *pnt; DECL(hello, STR); CALL(begin(&sock, serve_sstring, &hello)); /* read the string byte-by-byte. */ for (pnt = hello.data; *pnt; pnt++) { CALL(read_expect(sock, pnt, 1)); } return finish(sock, 1); } /* peek or read, expecting to get given string. */ #define READ(str) CALL(read_expect(sock, str, strlen(str))) #define PEEK(str) CALL(peek_expect(sock, str, strlen(str))) /* Stress out the read buffer handling a little. */ static int read_and_peek(void) { ne_socket *sock; DECL(hello, STR); CALL(begin(&sock, serve_sstring, &hello)); PEEK("Hello"); PEEK("Hell"); PEEK(STR); READ("He"); PEEK("llo, "); READ("l"); PEEK("lo, World."); READ("lo, Worl"); PEEK("d."); PEEK("d"); READ("d."); return finish(sock, 1); } /* Read more bytes than were written. */ static int larger_read(void) { ne_socket *sock; ssize_t nb; DECL(hello, STR); CALL(begin(&sock, serve_sstring, &hello)); nb = ne_sock_read(sock, buffer, hello.len + 10); ONV(nb != (ssize_t)hello.len, ("read gave too many bytes (%" NE_FMT_SSIZE_T ")", nb)); ONN("read gave wrong data", memcmp(buffer, hello.data, hello.len)); return finish(sock, 1); } static int line_expect(ne_socket *sock, const char *line) { ssize_t ret = ne_sock_readline(sock, buffer, BUFSIZ); size_t len = strlen(line); NE_DEBUG(NE_DBG_SOCKET, " -> expected=%s -> actual=%s", line, buffer); ONV(ret == NE_SOCK_CLOSED, ("socket closed, expecting `%s'", line)); ONV(ret < 0, ("socket error `%s', expecting `%s'", ne_sock_error(sock), line)); ONV((size_t)ret != len || strcmp(line, buffer), ("readline mismatch: `%s' not `%s'", buffer, line)); return OK; } #define LINE(x) CALL(line_expect(sock, x)) #define STR2 "Goodbye, cruel world." static int line_simple(void) { ne_socket *sock; DECL(oneline, STR "\n" STR2 "\n"); CALL(begin(&sock, serve_sstring, &oneline)); LINE(STR "\n"); LINE(STR2 "\n"); return finish(sock, 1); } static int line_closure(void) { ne_socket *sock; ssize_t ret; DECL(oneline, STR "\n" "foobar"); CALL(begin(&sock, serve_sstring, &oneline)); LINE(STR "\n"); ret = ne_sock_readline(sock, buffer, BUFSIZ); ONV(ret != NE_SOCK_CLOSED, ("readline got %" NE_FMT_SSIZE_T " not EOF: %s", ret, ne_sock_error(sock))); return finish(sock, 0); } /* check that empty lines are handled correctly. */ static int line_empty(void) { ne_socket *sock; DECL(oneline, "\n\na\n\n"); CALL(begin(&sock, serve_sstring, &oneline)); LINE("\n"); LINE("\n"); LINE("a\n"); LINE("\n"); return finish(sock, 1); } static int line_toolong(void) { ne_socket *sock; ssize_t ret; DECL(oneline, "AAAAAA\n"); CALL(begin(&sock, serve_sstring, &oneline)); ret = ne_sock_readline(sock, buffer, 5); ONV(ret != NE_SOCK_ERROR, ("readline should fail on long line: %" NE_FMT_SSIZE_T, ret)); reap_server(); ne_sock_close(sock); return OK; } #define OVERLEN (9000) static int line_overflow(void) { ne_socket *sock; ssize_t ret; DECL_LONG(line, 'A', OVERLEN); CALL(begin(&sock, serve_sstring, &line)); PEEK("A"); /* fill the read buffer */ ret = ne_sock_readline(sock, buffer, OVERLEN); ONV(ret != NE_SOCK_ERROR, ("readline should fail on overlong line: %" NE_FMT_SSIZE_T, ret)); ne_free(line.data); return finish(sock, 0); } /* readline()s mingled with other operations: buffering tests. */ static int line_mingle(void) { ne_socket *sock; DECL(oneline, "alpha\nbeta\ndelta\ngamma\n"); CALL(begin(&sock, serve_sstring, &oneline)); READ("a"); LINE("lpha\n"); READ("beta"); LINE("\n"); PEEK("d"); PEEK("delt"); LINE("delta\n"); READ("gam"); LINE("ma\n"); return finish(sock, 1); } /* readline which needs multiple read() calls. */ static int line_chunked(void) { ne_socket *sock; DECL(oneline, "this is a line\n"); CALL(begin(&sock, serve_sstring_slowly, &oneline)); LINE("this is a line\n"); return finish(sock, 1); } static int line_long_chunked(void) { ne_socket *sock; ssize_t ret; DECL_LONG(line, 'Z', OVERLEN); CALL(begin(&sock, serve_sstring_slowly, &line)); FULLREAD("ZZZZZZZZ"); /* fill the buffer */ ret = ne_sock_readline(sock, buffer, sizeof buffer); ONV(ret != NE_SOCK_ERROR, ("readline gave %" NE_FMT_SSIZE_T " not failure", ret)); reap_server(); ne_sock_close(sock); ne_free(line.data); return OK; } static time_t to_start, to_finish; static int to_begin(ne_socket **sock) { CALL(begin(sock, sleepy_server, NULL)); ne_sock_read_timeout(*sock, 1); to_start = time(NULL); return OK; } static int to_end(ne_socket *sock) { to_finish = time(NULL); reap_server(); /* hopefully it's hung. */ ONN("timeout ignored, or very slow machine", to_finish - to_start > 3); ONN("close failed", ne_sock_close(sock)); return OK; } #define TO_BEGIN ne_socket *sock; CALL(to_begin(&sock)) #define TO_OP(x) do { int to_ret = (x); \ ONV(to_ret != NE_SOCK_TIMEOUT, ("operation did not timeout: got %d (%s)", to_ret, ne_sock_error(sock))); \ } while (0) #define TO_FINISH return to_end(sock) #ifndef TEST_CONNECT_TIMEOUT #define TEST_CONNECT_TIMEOUT 0 #endif #if TEST_CONNECT_TIMEOUT /* No obvious way to reliably test a connect() timeout. But * www.example.com seems to drop packets on ports other than 80 so * that actually works pretty well. Disabled by default. */ static int connect_timeout(void) { static const unsigned char example_dot_com[] = "\xC0\x00\x22\xA6"; ne_socket *sock = ne_sock_create(); ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv4, example_dot_com); ne_sock_connect_timeout(sock, 1); TO_OP(ne_sock_connect(sock, ia, 8080)); ne_iaddr_free(ia); ne_sock_close(sock); return OK; } #endif static int peek_timeout(void) { TO_BEGIN; TO_OP(ne_sock_peek(sock, buffer, 1)); TO_FINISH; } static int read_timeout(void) { TO_BEGIN; TO_OP(ne_sock_read(sock, buffer, 1)); TO_FINISH; } static int readline_timeout(void) { TO_BEGIN; TO_OP(ne_sock_readline(sock, buffer, 1)); TO_FINISH; } static int fullread_timeout(void) { TO_BEGIN; TO_OP(ne_sock_fullread(sock, buffer, 1)); TO_FINISH; } static int serve_expect(ne_socket *sock, void *ud) { struct string *str = ud; ssize_t ret; while (str->len && (ret = ne_sock_read(sock, buffer, sizeof(buffer))) > 0) { NE_DEBUG(NE_DBG_SOCKET, "Got %" NE_FMT_SSIZE_T " bytes.\n", ret); ONV(memcmp(str->data, buffer, ret), ("unexpected data: [%.*s] not [%.*s]", (int)ret, buffer, (int)ret, str->data)); str->data += ret; str->len -= ret; NE_DEBUG(NE_DBG_SOCKET, "%" NE_FMT_SIZE_T " bytes left.\n", str->len); } NE_DEBUG(NE_DBG_SOCKET, "All data read.\n"); return OK; } #define WRITEL(str) CALL(full_write(sock, str, strlen(str))); \ minisleep() static int small_writes(void) { ne_socket *sock; DECL(str, "This\nIs\nSome\nText.\n"); CALL(begin(&sock, serve_expect, &str)); WRITEL("This\n"); WRITEL("Is\n"); WRITEL("Some\n"); WRITEL("Text.\n"); return finish(sock, 1); } static int large_writes(void) { #define LARGE_SIZE (123456) struct string str; ne_socket *sock; ssize_t n; str.data = ne_malloc(LARGE_SIZE); str.len = LARGE_SIZE; for (n = 0; n < LARGE_SIZE; n++) str.data[n] = 41 + n % 130; CALL(begin(&sock, serve_expect, &str)); CALL(full_write(sock, str.data, str.len)); ne_free(str.data); return finish(sock, 1); } static int full_writev(ne_socket *sock, struct ne_iovec *vec, int count) { int ret = ne_sock_fullwritev(sock, vec, count); NE_DEBUG(NE_DBG_SOCKET, "wrote vector (%d)\n", count); ONV(ret, ("writev failed (%d): %s", ret, ne_sock_error(sock))); return OK; } #undef LARGE_SIZE #define LARGE_SIZE (123456 * 4) static int large_writev(void) { struct string str; ne_socket *sock; ssize_t n; struct ne_iovec vec[4]; str.data = ne_malloc(LARGE_SIZE); str.len = LARGE_SIZE; for (n = 0; n < LARGE_SIZE; n++) str.data[n] = 41 + n % 130; for (n = 0; n < 4; n++) { vec[n].base = str.data + n * LARGE_SIZE / 4; vec[n].len = LARGE_SIZE / 4; } CALL(begin(&sock, serve_expect, &str)); CALL(full_writev(sock, vec, 4)); ne_free(str.data); return finish(sock, 1); } /* echoes back lines. */ static int echo_server(ne_socket *sock, void *ud) { ssize_t ret; while ((ret = ne_sock_readline(sock, buffer, sizeof(buffer))) > 0) { NE_DEBUG(NE_DBG_SOCKET, "Line: %s", buffer); ONN("write failed", ne_sock_fullwrite(sock, buffer, ret)); NE_DEBUG(NE_DBG_SOCKET, "Wrote line.\n"); } ONV(ret != NE_SOCK_CLOSED, ("unexpected readline failure: %s", ne_sock_error(sock))); NE_DEBUG(NE_DBG_SOCKET, "ssl: Readline got closure\n"); return 0; } static int echo_expect(ne_socket *sock, const char *line) { CALL(full_write(sock, line, strlen(line))); return line_expect(sock, line); } #define ECHO(line) CALL(echo_expect(sock, line)) static int echo_lines(void) { ne_socket *sock; CALL(begin(&sock, echo_server, NULL)); ECHO("hello,\n"); ECHO("\n"); ECHO("world\n"); return finish(sock, 0); } #ifdef SOCKET_SSL static int serve_wait_close(ne_socket *sock, void *ud) { ONV(ne_sock_read(sock, buffer, 1) != NE_SOCK_CLOSED, ("failed waiting for TLS closure: %s", ne_sock_error(sock))); return 0; } static int ssl_shutdown(void) { ne_socket *sock; int ret; CALL(begin(&sock, serve_wait_close, NULL)); ONV(ne_sock_shutdown(sock, NE_SOCK_RECV) != NE_SOCK_RETRY, ("TLS socket closed too early")); ret = ne_sock_shutdown(sock, NE_SOCK_SEND); if (ret == NE_SOCK_RETRY) { /* Wait for closure. */ ret = ne_sock_read(sock, buffer, 0); ONV(ret != NE_SOCK_CLOSED, ("read for closure didn't get closure: %d/%s", ret, ne_sock_error(sock))); } else { ONV(ret, ("socket shutdown unexpected state: %d/%s", ret, ne_sock_error(sock))); } CALL(await_server()); ne_sock_close(sock); return OK; } static int ssl_closure(void) { ne_socket *sock; ssize_t ret; CALL(begin(&sock, serve_close, NULL)); CALL(full_write(sock, "a", 1)); ne_sock_shutdown(sock, NE_SOCK_SEND); CALL(await_server()); do { ret = ne_sock_fullwrite(sock, "a", 1); } while (ret == 0); ONV(ret != NE_SOCK_RESET && ret != NE_SOCK_CLOSED, ("write got %" NE_FMT_SSIZE_T " not reset or closure: %s", ret, ne_sock_error(sock))); ne_sock_close(sock); return OK; } static int serve_truncate(ne_socket *sock, void *userdata) { if (ne_sock_read(sock, buffer, 1) != 1) NE_DEBUG(NE_DBG_SOCKET, "serve_truncate failed to read a byte.\n"); NE_DEBUG(NE_DBG_SOCKET, "read a byte, exiting...\n"); exit(0); } /* when an EOF is received without a clean shutdown (close_notify message). */ static int ssl_truncate(void) { ne_socket *sock; int ret; CALL(begin(&sock, serve_truncate, NULL)); CALL(full_write(sock, "a", 1)); ret = ne_sock_read(sock, buffer, 1); ONV(ret != NE_SOCK_TRUNC, ("socket got error %d not truncation: `%s'", ret, ne_sock_error(sock))); ne_sock_close(sock); CALL(await_server()); return OK; } #else /* use W Richard Stevens' SO_LINGER trick to elicit a TCP RST */ static int serve_reset(ne_socket *sock, void *ud) { ONV(ne_sock_read(sock, buffer, 1) != 1, ("socket read error `%s'", ne_sock_error(sock))); ONV(buffer[0] != 'R', ("got unexpected byte %c from client", buffer[0])); reset_socket(sock); exit(0); return 0; } static int write_reset(void) { ne_socket *sock; int ret; CALL(begin(&sock, serve_reset, NULL)); CALL(full_write(sock, "R", 1)); CALL(await_server()); ret = ne_sock_fullwrite(sock, "a", 1); if (ret == 0) { ne_sock_close(sock); return SKIP; } if (ret == NE_SOCK_CLOSED) { t_warning("got EOF, failed to elicit TCP RST"); } else { ONV(ret != NE_SOCK_RESET, ("write got %d not reset: %s", ret, ne_sock_error(sock))); } return good_close(sock); } static int read_reset(void) { ne_socket *sock; ssize_t ret; CALL(begin(&sock, serve_reset, NULL)); CALL(full_write(sock, "R", 1)); CALL(await_server()); ret = ne_sock_read(sock, buffer, 1); if (ret == NE_SOCK_CLOSED) { ne_sock_close(sock); return SKIP; } ONV(ret != NE_SOCK_RESET, ("read got %" NE_FMT_SSIZE_T " not reset: %s", ret, ne_sock_error(sock))); return good_close(sock); } #endif static int expect_block_timeout(ne_socket *sock, int timeout, const char *msg) { int ret; NE_DEBUG(NE_DBG_SOCKET, "blocking for %d\n", timeout); ret = ne_sock_block(sock, timeout); ONV(ret != NE_SOCK_TIMEOUT, ( "ne_sock_block got %d not timeout: %s", ret, msg)); return OK; } static int blocking(void) { ne_socket *sock; int ret; CALL(begin(&sock, echo_server, NULL)); CALL(expect_block_timeout(sock, 1, "with non-zero timeout")); WRITEL("Hello, world.\n"); /* poll for data */ do { ret = ne_sock_block(sock, 1); } while (ret == NE_SOCK_TIMEOUT); ONV(ret != 0, ("ne_sock_block never got data: %d", ret)); PEEK("Hello,"); ret = ne_sock_block(sock, 1); ONV(ret != 0, ("ne_sock_block failed after peek: %d", ret)); LINE("Hello, world.\n"); return finish(sock, 0); } static int block_timeout(void) { TO_BEGIN; TO_OP(ne_sock_block(sock, 1)); TO_FINISH; } #ifndef SOCKET_SSL /* Waits for EOF from read-side and then sends "abcd". */ static int serve_shutdown(ne_socket *sock, void *userdata) { ONV(ne_sock_read(sock, buffer, 1) != NE_SOCK_CLOSED, ("expected to get closure")); CALL(full_write(sock, "abcd", 4)); return 0; } static int bidi(void) { ne_socket *sock; CALL(begin(&sock, serve_shutdown, NULL)); CALL(expect_block_timeout(sock, 1, "read should timeout before closure")); ONV(ne_sock_shutdown(sock, NE_SOCK_SEND) != 0, ("shutdown failed: `%s'", ne_sock_error(sock))); FULLREAD("abcd"); return finish(sock, 1); } #endif static int ssl_session_id(void) { ne_socket *sock; unsigned char buf[128]; size_t len1; CALL(begin(&sock, serve_close, NULL)); #ifdef SOCKET_SSL len1 = 0; ONN("retrieve session id length", ne_sock_sessid(sock, NULL, &len1)); if (len1 == 0) { /* recent versions of OpenSSL seem to do this, not sure * why or whether it's bad. */ finish(sock, 1); t_context("zero-length session ID, cannot test further"); return SKIP; } if (len1 < sizeof buf) { buf[len1] = 'Z'; } { size_t len2; len2 = sizeof buf; ONN("could not retrieve session id", ne_sock_sessid(sock, buf, &len2)); ONN("buffer size changed!?", len1 != len2); } ONN("buffer written past expected end", len1 < sizeof buf && buf[len1] != 'Z'); /* Attempt retrieval into too-short buffer: */ len1 = 0; ONN("success for buffer overflow case", ne_sock_sessid(sock, buf, &len1) == 0); #else len1 = sizeof buf; ONN("retrieved session id for non-SSL socket!?", ne_sock_sessid(sock, buf, &len1) == 0); #endif ne_sock_close(sock); return await_server(); } static int serve_ppeer(ne_socket *sock, void *ud) { unsigned int port = 99999; ne_inet_addr *ia = ne_sock_peer(sock, &port); char buf[128], line[256]; if (ia == NULL) ne_snprintf(line, sizeof line, "error: %s", ne_sock_error(sock)); else ne_snprintf(line, sizeof line, "%s@%u\n", ne_iaddr_print(ia, buf, sizeof buf), port); CALL(full_write(sock, line, strlen(line))); ne_iaddr_free(ia); return OK; } static int try_prebind(int addr, int port) { ne_socket *sock = ne_sock_create(); ne_inet_addr *ia; char buf[128], line[256]; unsigned int srvport; ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("ne_iaddr_make returned NULL", ia == NULL); CALL(new_spawn_server(1, serve_ppeer, NULL, &srvport)); ne_sock_prebind(sock, addr ? ia : NULL, port ? 7778 : 0); ONN("could not connect", ne_sock_connect(sock, ia, srvport)); ne_snprintf(line, sizeof line, "%s@%d\n", ne_iaddr_print(ia, buf, sizeof buf), 7778); if (!port) { /* Don't know what port will be chosen, so... */ ssize_t ret = ne_sock_readline(sock, buffer, BUFSIZ); ONV(ret < 0, ("socket error `%s'", ne_sock_error(sock))); ONV(strncmp(line, buffer, strchr(line, '@') - line) != 0, ("bad address: '%s', expecting '%s'", buffer, line)); } else { LINE(line); } ne_sock_close(sock); CALL(await_server()); ne_iaddr_free(ia); return OK; } static int prebind(void) { CALL(try_prebind(1, 0)); CALL(try_prebind(0, 1)); CALL(try_prebind(1, 1)); return OK; } static int serve_cipher(ne_socket *sock, void *ud) { char *ciph = ne_sock_cipher(sock); char *s = ciph && strlen(ciph) ? ciph : "NULL"; CALL(full_write(sock, s, strlen(s))); if (ciph) ne_free(ciph); return OK; } static int cipher(void) { ne_socket *sock; #ifdef SOCKET_SSL char *ciph; CALL(begin(&sock, serve_cipher, NULL)); ciph = ne_sock_cipher(sock); ONN("NULL/empty cipher", ciph == NULL || strlen(ciph) == 0); FULLREAD(ciph); ne_free(ciph); #else CALL(begin(&sock, serve_cipher, NULL)); ONN("non-NULL cipher for non-SSL socket", ne_sock_cipher(sock) != NULL); FULLREAD("NULL"); #endif return finish(sock, 1); } static int error(void) { ne_socket *sock = ne_sock_create(); ne_sock_set_error(sock, "%s:%s", "fish", "42"); ONCMP("fish:42", ne_sock_error(sock), "socket error", "set"); ne_sock_close(sock); return OK; } static int begin_socks(ne_socket **sock, struct socks_server *srv, server_fn server, void *userdata) { unsigned int port; srv->server = server; srv->userdata = userdata; srv->say_hello = 1; CALL(new_spawn_server(1, socks_server, srv, &port)); return do_connect(sock, localhost, port); } static int socks_proxy(void) { static const struct { enum ne_sock_sversion version; int addr; const char *fqdn; unsigned int port; const char *username, *password; } ts[] = { { NE_SOCK_SOCKSV4, 4, NULL, 55555, NULL, NULL }, { NE_SOCK_SOCKSV4, 4, NULL, 55555, "foobar", NULL }, { NE_SOCK_SOCKSV4A, 0, "www.example.com", 55555, NULL, NULL }, { NE_SOCK_SOCKSV5, 0, "www.example.com", 55555, NULL, NULL }, { NE_SOCK_SOCKSV5, 4, NULL, 55555, NULL, NULL }, #ifdef TEST_IPV6 { NE_SOCK_SOCKSV5, 6, NULL, 55555, NULL, NULL }, #endif { NE_SOCK_SOCKSV5, 0, "www.example.com", 55555, "norman", "foobar" } }; unsigned n; for (n = 0; n < sizeof(ts)/sizeof(ts[n]); n++) { ne_socket *sock; struct socks_server arg = {0}; int ret; arg.version = ts[n].version; arg.expect_port = ts[n].port; if (ts[n].addr == 4) arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw_127); #ifdef TEST_IPV6 else if (ts[n].addr == 6) arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw6_cafe); #endif else arg.expect_fqdn = ts[n].fqdn; arg.username = ts[n].username; arg.password = ts[n].password; CALL(begin_socks(&sock, &arg, echo_server, NULL)); ret = ne_sock_proxy(sock, ts[n].version, arg.expect_addr, ts[n].fqdn, ts[n].port, ts[n].username, ts[n].password); ONV(ret, ("proxy connect #%u gave %d", n, ret)); FULLREAD("ok!\n"); ECHO("hello,\n"); ECHO("\n"); ECHO("world\n"); if (ts[n].addr) ne_iaddr_free(arg.expect_addr); CALL(finish(sock, 0)); } return OK; } static int fail_socks(void) { static const struct { enum ne_sock_sversion version; enum socks_failure failure; const char *expect; const char *username, *password; } ts[] = { { NE_SOCK_SOCKSV5, fail_init_vers, "Invalid version in proxy response", NULL, NULL }, { NE_SOCK_SOCKSV5, fail_init_trunc, "Could not read initial response from proxy: Connection closed", NULL, NULL }, { NE_SOCK_SOCKSV5, fail_init_close, "Could not read initial response from proxy: Connection closed", NULL, NULL }, { NE_SOCK_SOCKSV5, fail_no_auth, "No acceptable authentication method", NULL, NULL }, { NE_SOCK_SOCKSV5, fail_bogus_auth, "Unexpected authentication method chosen", NULL, NULL }, { NE_SOCK_SOCKSV5, fail_auth_close, "Could not read login reply: Connection closed", "foo", "bar" }, { NE_SOCK_SOCKSV5, fail_auth_denied, "Authentication failed", "foo", "bar" } }; unsigned n; for (n = 0; n < sizeof(ts)/sizeof(ts[n]); n++) { ne_socket *sock; struct socks_server arg = {0}; int ret; arg.version = ts[n].version; arg.failure = ts[n].failure; arg.expect_port = 5555; arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw_127); arg.username = ts[n].username; arg.password = ts[n].password; CALL(begin_socks(&sock, &arg, echo_server, NULL)); ret = ne_sock_proxy(sock, ts[n].version, arg.expect_addr, NULL, arg.expect_port, ts[n].username, ts[n].password); ONV(ret == 0, ("proxy connect #%u succeeded, expected failure '%s'", n, ts[n].expect)); if (ret != 0 && strstr(ne_sock_error(sock), ts[n].expect) == NULL) { t_warning("proxy connect #%u got unexpected failure '%s', wanted '%s'", n, ne_sock_error(sock), ts[n].expect); } ne_iaddr_free(arg.expect_addr); CALL(finish(sock, 0)); } return OK; } ne_test tests[] = { T(multi_init), T_LEAKY(resolve), T(resolve_numeric), #ifdef SOCKET_SSL T_LEAKY(init_ssl), #endif T(addr_make_v4), T(parse_v4), T(addr_make_v6), T(addr_compare), T(addr_reverse), T(just_connect), T(addr_connect), T(addr_peer), T(addr_canonical), T(read_close), T(peek_close), T(open_close), T(single_read), T(single_peek), T(small_reads), T(read_and_peek), T(larger_read), T(ssl_session_id), T(cipher), T(line_simple), T(line_closure), T(line_empty), T(line_toolong), T(line_overflow), T(line_mingle), T(line_chunked), T(line_long_chunked), T(small_writes), T(large_writes), T(large_writev), T(echo_lines), T(blocking), T(prebind), T(error), #ifdef SOCKET_SSL T(ssl_shutdown), T(ssl_closure), T(ssl_truncate), #else T(write_reset), T(read_reset), T(bidi), #endif #if TEST_CONNECT_TIMEOUT T(connect_timeout), #endif T(read_timeout), T(peek_timeout), T(readline_timeout), T(fullread_timeout), T(block_timeout), T(socks_proxy), T(fail_socks), T(NULL) }; neon-0.32.2/test/ssl.c000066400000000000000000001617611416727304000145010ustar00rootroot00000000000000/* neon test suite Copyright (C) 2002-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_request.h" #include "ne_socket.h" #include "ne_ssl.h" #include "ne_auth.h" #include "tests.h" #include "child.h" #include "utils.h" #ifndef NE_HAVE_SSL /* this file shouldn't be built if SSL is not enabled. */ #error SSL not supported #endif #include "ne_pkcs11.h" #define SERVER_CERT "server.cert" #define CA2_SERVER_CERT "ca2server.pem" #define CA_CERT "ca/cert.pem" #define P12_PASSPHRASE "foobar" #define SERVER_DNAME "Neon QA Dept, Neon Hackers Ltd, " \ "Cambridge, Cambridgeshire, GB" #define CACERT_DNAME "Random Dept, Neosign, Oakland, California, US" static char *srcdir = "."; static char *server_key = NULL; static ne_ssl_certificate *def_ca_cert = NULL, *def_server_cert; static ne_ssl_client_cert *def_cli_cert; static char *nul_cn_fn; static int check_dname(const ne_ssl_dname *dn, const char *expected, const char *which) ne_attribute((nonnull)); static int check_cert_dnames(const ne_ssl_certificate *cert, const char *subject, const char *issuer) ne_attribute((nonnull (2))); /* Arguments for running the SSL server */ struct ssl_server_args { char *cert; /* the server cert to present. */ const char *response; /* the response to send. */ int numreqs; /* number of request/responses to handle over the SSL connection. */ /* client cert handling: */ int require_cc; /* require a client cert if non-NULL */ const char *ca_list; /* file of CA certs to verify client cert against */ int fail_silently; /* exit with success if handshake fails */ /* session caching: */ int cache; /* use the session cache if non-zero */ struct ssl_session { unsigned char id[128]; size_t len; } session; int count; /* internal use. */ int use_ssl2; /* force use of SSLv2 only */ const char *key; }; /* default response string if args->response is NULL */ #define DEF_RESP "HTTP/1.0 200 OK\r\nContent-Length: 0\r\n\r\n" /* An SSL server inna bun. */ static int ssl_server(ne_socket *sock, void *userdata) { struct ssl_server_args *args = userdata; int ret; char buf[BUFSIZ]; const char *key; static ne_ssl_context *ctx = NULL; if (ctx == NULL) { ctx = ne_ssl_context_create(args->use_ssl2 ? NE_SSL_CTX_SERVERv2 : NE_SSL_CTX_SERVER); } ONV(ctx == NULL, ("could not create SSL context")); key = args->key ? args->key : server_key; NE_DEBUG(NE_DBG_HTTP, "SSL server init with keypair (%s, %s).\n", args->cert, key); ONV(ne_ssl_context_keypair(ctx, args->cert, key), ("failed to load server keypair: ...")); if (args->require_cc && !args->ca_list) { args->ca_list = CA_CERT; } ne_ssl_context_set_verify(ctx, args->require_cc, args->ca_list, args->ca_list); ret = ne_sock_accept_ssl(sock, ctx); if (ret && args->fail_silently) { return 0; } ONV(ret, ("SSL accept failed: %s", ne_sock_error(sock))); args->count++; /* loop handling requests: */ do { const char *response = args->response ? args->response : DEF_RESP; ret = ne_sock_read(sock, buf, BUFSIZ - 1); if (ret == NE_SOCK_CLOSED) return 0; /* connection closed by parent; give up. */ ONV(ret < 0, ("SSL read failed (%d): %s", ret, ne_sock_error(sock))); buf[ret] = '\0'; NE_DEBUG(NE_DBG_HTTP, "Request over SSL was: [%s]\n", buf); if (strstr(buf, "Proxy-Authorization:") != NULL) { NE_DEBUG(NE_DBG_HTTP, "Got Proxy-Auth header over SSL!\n"); response = "HTTP/1.1 500 Client Leaks Credentials\r\n" "Content-Length: 0\r\n" "\r\n"; } ONV(ne_sock_fullwrite(sock, response, strlen(response)), ("SSL write failed: %s", ne_sock_error(sock))); } while (--args->numreqs > 0); if (args->cache) { unsigned char sessid[128]; size_t len = sizeof sessid; ONN("could not retrieve session ID", ne_sock_sessid(sock, sessid, &len)); #ifdef NE_DEBUGGING { char *b64 = ne_base64(sessid, len); NE_DEBUG(NE_DBG_SSL, "Session id retrieved (%d): [%s]\n", args->count, b64); ne_free(b64); } #endif if (args->count == 1) { /* save the session. */ memcpy(args->session.id, sessid, len); args->session.len = len; } else { /* Compare with stored session. */ ONN("cached session not used", args->session.len != len || memcmp(args->session.id, sessid, len)); } } return 0; } /* serve_ssl wrapper which ignores server failure and always succeeds */ static int fail_serve(ne_socket *sock, void *ud) { struct ssl_server_args args = {0}; args.cert = ud; ssl_server(sock, &args); return OK; } #define DEFSESS (ne_session_create("https", "localhost", 7777)) static int make_ssl_session_port(ne_session **sess, const char *hostname, int port, server_fn fn, void *userdata) { return fakeproxied_session_server(sess, "https", hostname, port, fn, userdata); } static int make_ssl_session(ne_session **sess, const char *hostname, server_fn fn, void *userdata) { return make_ssl_session_port(sess, hostname ? hostname : "localhost", 7777, fn, userdata); } /* Runs SSL server which will accept 'count' connections, running * ssl_server as callback with given 'args'. */ static int multi_ssl_session(int count, ne_session **sess, struct ssl_server_args *args) { return fakeproxied_multi_session_server(count, sess, "https", "localhost", 7777, ssl_server, args); } static int load_and_trust_cert(ne_session *sess, const char *ca_cert) { ne_ssl_certificate *ca = ne_ssl_cert_read(ca_cert); ONV(ca == NULL, ("could not load CA cert `%s'", ca_cert)); ne_ssl_trust_cert(sess, ca); ne_ssl_cert_free(ca); return OK; } static int make_ssl_request(struct ssl_server_args *args, const char *ca_cert, const char *hostname, ne_ssl_verify_fn verify_fn, void *verify_ud) { ne_session *sess; CALL(make_ssl_session(&sess, hostname, ssl_server, args)); if (ca_cert) CALL(load_and_trust_cert(sess, ca_cert)); if (verify_fn) ne_ssl_set_verify(sess, verify_fn, verify_ud); CALL(any_2xx_request(sess, "/foo")); return destroy_and_wait(sess); } /* Run a request in the given session. */ static int any_ssl_request(ne_session *sess, server_fn fn, void *server_ud, char *ca_cert, ne_ssl_verify_fn verify_fn, void *verify_ud) { if (ca_cert) { CALL(load_and_trust_cert(sess, ca_cert)); } CALL(spawn_server(7777, fn, server_ud)); if (verify_fn) ne_ssl_set_verify(sess, verify_fn, verify_ud); ONREQ(any_request(sess, "/foo")); return await_server(); } static int init(void) { /* take srcdir as argv[1] for VPATH builds. */ if (test_argc > 1) { srcdir = test_argv[1]; } /* take srcdir as argv[1]. */ server_key = "server.key"; if (ne_sock_init()) { t_context("could not initialize socket/SSL library."); return FAILHARD; } def_ca_cert = ne_ssl_cert_read(CA_CERT); if (def_ca_cert == NULL) { t_context("couldn't load CA cert %s", CA_CERT); return FAILHARD; } def_server_cert = ne_ssl_cert_read(SERVER_CERT); if (def_server_cert == NULL) { t_context("couldn't load server cert %s", SERVER_CERT); return FAILHARD; } /* tests for the encrypted client cert, client.p12 */ def_cli_cert = ne_ssl_clicert_read("client.p12"); if (def_cli_cert == NULL) { t_context("could not load client.p12"); return FAILHARD; } if (!ne_ssl_clicert_encrypted(def_cli_cert)) { ne_ssl_clicert_free(def_cli_cert); def_cli_cert = NULL; t_context("client.p12 is not encrypted!?"); return FAIL; } if (ne_ssl_clicert_decrypt(def_cli_cert, P12_PASSPHRASE)) { ne_ssl_clicert_free(def_cli_cert); def_cli_cert = NULL; t_context("failed to decrypt client.p12"); return FAIL; } nul_cn_fn = ne_concat(srcdir, "/nulcn.pem", NULL); return OK; } /* just check the result codes of loading server certs. */ static int load_server_certs(void) { ne_ssl_certificate *cert; cert = ne_ssl_cert_read("Makefile"); ONN("invalid CA cert file loaded successfully", cert != NULL); cert = ne_ssl_cert_read("nonesuch.pem"); ONN("non-existent 'nonesuch.pem' loaded successfully", cert != NULL); cert = ne_ssl_cert_read("ssigned.pem"); ONN("could not load ssigned.pem", cert == NULL); ne_ssl_cert_free(cert); return OK; } static int trust_default_ca(void) { ne_session *sess = DEFSESS; ne_ssl_trust_default_ca(sess); ne_session_destroy(sess); return OK; } #define CC_NAME "Just A Neon Client Cert" /* Tests for loading client certificates */ static int load_client_cert(void) { ne_ssl_client_cert *cc; const ne_ssl_certificate *cert; const char *name; cc = ne_ssl_clicert_read("client.p12"); ONN("could not load client.p12", cc == NULL); ONN("client.p12 not encrypted!?", !ne_ssl_clicert_encrypted(cc)); name = ne_ssl_clicert_name(cc); if (name == NULL) { t_warning("no friendly name given"); } else { ONV(strcmp(name, CC_NAME), ("friendly name was %s not %s", name, CC_NAME)); } ONN("failed to decrypt", ne_ssl_clicert_decrypt(cc, P12_PASSPHRASE)); ne_ssl_clicert_free(cc); cc = ne_ssl_clicert_read("client.p12"); ONN("decrypted client.p12 with incorrect password!?", ne_ssl_clicert_decrypt(cc, "barfoo") == 0); ne_ssl_clicert_free(cc); /* tests for the unencrypted client cert, client2.p12 */ cc = ne_ssl_clicert_read("unclient.p12"); ONN("could not load unencrypted cert unclient.p12", cc == NULL); ONN("unencrypted cert marked encrypted?", ne_ssl_clicert_encrypted(cc)); cert = ne_ssl_clicert_owner(cc); ONN("client cert had no certificate", cert == NULL); CALL(check_dname(ne_ssl_cert_subject(cert), "Neon Client Cert, Neon Hackers Ltd, " "Cambridge, Cambridgeshire, GB", "client cert subject")); CALL(check_dname(ne_ssl_cert_issuer(cert), CACERT_DNAME, "client cert issuer")); ne_ssl_clicert_free(cc); /* test for ccert without a friendly name, noclient.p12 */ cc = ne_ssl_clicert_read("noclient.p12"); ONN("could not load noclient.p12", cc == NULL); name = ne_ssl_clicert_name(cc); ONV(name != NULL, ("noclient.p12 had friendly name `%s'", name)); ne_ssl_clicert_free(cc); /* test for ccert with a bundled CA. */ cc = ne_ssl_clicert_read("clientca.p12"); ONN("could not load clientca.p12", cc == NULL); ONN("encrypted cert marked unencrypted?", !ne_ssl_clicert_encrypted(cc)); ONN("could not decrypt clientca.p12", ne_ssl_clicert_decrypt(cc, P12_PASSPHRASE)); ne_ssl_clicert_free(cc); /* test for ccert without a private key, nkclient.p12 */ cc = ne_ssl_clicert_read("nkclient.p12"); ONN("did not fail to load clicert without pkey", cc != NULL); /* test for ccert without a cert, ncclient.p12 */ cc = ne_ssl_clicert_read("ncclient.p12"); ONN("did not fail to load clicert without cert", cc != NULL); /* tests for loading bogus files. */ cc = ne_ssl_clicert_read("Makefile"); ONN("loaded Makefile as client cert!?", cc != NULL); /* test for loading nonexistent file. */ cc = ne_ssl_clicert_read("nosuch.pem"); ONN("loaded nonexistent file as client cert!?", cc != NULL); return OK; } static int clicert_import(void) { ne_ssl_client_cert *cc; ne_buffer *buf = ne_buffer_create(); CALL(file_to_buffer("client.p12", buf)); cc = ne_ssl_clicert_import((unsigned char *)buf->data, ne_buffer_size(buf)); ONN("could not import client cert from buffer", cc == NULL); ONN("failed to decrypt", ne_ssl_clicert_decrypt(cc, P12_PASSPHRASE)); ne_ssl_clicert_free(cc); ne_buffer_destroy(buf); return OK; } /* Test that 'cert', which is signed by CA_CERT, is accepted * unconditionally. */ static int accept_signed_cert_for_hostname(char *cert, const char *hostname) { struct ssl_server_args args = {cert, 0}; /* no verify callback needed. */ return make_ssl_request(&args, CA_CERT, hostname, NULL, NULL); } static int accept_signed_cert(char *cert) { return accept_signed_cert_for_hostname(cert, "localhost"); } static int simple(void) { return accept_signed_cert(SERVER_CERT); } #if 0 /* No longer works for modern SSL libraries, rightly so. */ /* Test for SSL operation when server uses SSLv2 */ static int simple_sslv2(void) { ne_session *sess = ne_session_create("https", "localhost", 7777); struct ssl_server_args args = {SERVER_CERT, 0}; args.use_ssl2 = 1; ne_set_session_flag(sess, NE_SESSFLAG_SSLv2, 1); if (ne_get_session_flag(sess, NE_SESSFLAG_SSLv2) != 1) { t_context("no SSLv2 support in SSL library"); ne_session_destroy(sess); return SKIP; } CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); return OK; } #endif /* Test read-til-EOF behaviour with SSL. */ static int simple_eof(void) { struct ssl_server_args args = {SERVER_CERT, 0}; args.response = "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "\r\n" "This is a response body, like it or not."; return make_ssl_request(&args, CA_CERT, NULL, NULL, NULL); } static int intermediary(void) { struct ssl_server_args args = {CA2_SERVER_CERT, 0}; return make_ssl_request(&args, CA_CERT, NULL, NULL, NULL); } static int empty_truncated_eof(void) { struct ssl_server_args args = {0}; args.cert = SERVER_CERT; args.response = "HTTP/1.0 200 OK\r\n" "\r\n"; return make_ssl_request(&args, CA_CERT, NULL, NULL, NULL); } /* Server function which just sends a string then EOF. */ static int just_serve_string(ne_socket *sock, void *userdata) { const char *str = userdata; server_send(sock, str, strlen(str)); return 0; } /* test for the SSL negotiation failing. */ static int fail_not_ssl(void) { ne_session *sess; int ret; CALL(make_ssl_session(&sess, NULL, just_serve_string, "Hello, world.\n")); ret = any_request(sess, "/bar"); ONN("request did not fail", ret != NE_ERROR); return destroy_and_wait(sess); } static int wildcard_match(void) { struct ssl_server_args args = {"wildcard.cert", 0}; return make_ssl_request(&args, CA_CERT, "bar.example.com", NULL, NULL); } static int wildcard_match_altname(void) { struct ssl_server_args args = {"altname9.cert", 0}; return make_ssl_request(&args, CA_CERT, "foo.example.com", NULL, NULL); } /* Check that hostname comparisons are not cases-sensitive. */ static int caseless_match(void) { return accept_signed_cert("caseless.cert"); } /* Test that the subjectAltName extension has precedence over the * commonName attribute */ static int subject_altname(void) { return accept_signed_cert("altname1.cert"); } /* tests for multiple altNames. */ static int two_subject_altname(void) { return accept_signed_cert("altname2.cert"); } static int two_subject_altname2(void) { return accept_signed_cert("altname3.cert"); } /* Test that a subject altname with *only* an eMail entry is * ignored, and the commonName is used instead. */ static int notdns_altname(void) { return accept_signed_cert("altname4.cert"); } static int ipaddr_altname(void) { return accept_signed_cert_for_hostname("altname5.cert", "127.0.0.1"); } static int uri_altname(void) { return accept_signed_cert_for_hostname("altname7.cert", "localhost"); } /* test that the *most specific* commonName attribute is used. */ static int multi_commonName(void) { return accept_signed_cert("twocn.cert"); } /* regression test for neon <= 0.23.4 where if commonName was the first * RDN in the subject DN, it was ignored. */ static int commonName_first(void) { return accept_signed_cert("cnfirst.cert"); } static int check_dname(const ne_ssl_dname *dn, const char *expected, const char *which) { char *dname; ONV(dn == NULL, ("certificate %s dname was NULL", which)); dname = ne_ssl_readable_dname(dn); NE_DEBUG(NE_DBG_SSL, "Got dname `%s', expecting `%s'\n", dname, expected); ONV(!dname || strcmp(dname, expected), ("certificate %s dname was `%s' not `%s'", which, dname, expected)); ne_free(dname); return 0; } /* Check that the readable subject issuer dnames of 'cert' match * 'subject' and 'issuer' (if non-NULL). */ static int check_cert_dnames(const ne_ssl_certificate *cert, const char *subject, const char *issuer) { ONN("no server certificate presented", cert == NULL); CALL(check_dname(ne_ssl_cert_subject(cert), subject, "subject")); return issuer ? check_dname(ne_ssl_cert_issuer(cert), issuer, "issuer") : OK; } /* Verify callback which checks that the certificate presented has the * predetermined subject and issuer DN (as per makekeys.sh). */ static int check_cert(void *userdata, int fs, const ne_ssl_certificate *cert) { int *ret = userdata; if (check_cert_dnames(cert, SERVER_DNAME, CACERT_DNAME) == FAIL) *ret = -1; else *ret = 1; return 0; } /* Check that certificate attributes are passed correctly. */ static int parse_cert(void) { struct ssl_server_args args = {SERVER_CERT, 0}; int ret = 0; /* don't give a CA cert; should force the verify callback to be * used. */ CALL(make_ssl_request(&args, NULL, NULL, check_cert, &ret)); ONN("cert verification never called", ret == 0); if (ret == -1) return FAIL; return OK; } #define WRONGCN_DNAME "Bad Hostname Department, Neon Hackers Ltd, " \ "Cambridge, Cambridgeshire, GB" /* Check the certificate chain presented against known dnames. */ static int check_chain(void *userdata, int fs, const ne_ssl_certificate *cert) { int *ret = userdata; if (check_cert_dnames(cert, WRONGCN_DNAME, CACERT_DNAME) == FAIL) { *ret = -1; return 0; } cert = ne_ssl_cert_signedby(cert); if (cert == NULL) { t_context("no CA cert in chain"); *ret = -1; return 0; } if (check_cert_dnames(cert, CACERT_DNAME, CACERT_DNAME) == FAIL) { *ret = -1; return 0; } *ret = 1; return 0; } /* Check that certificate attributes are passed correctly. */ static int parse_chain(void) { int ret = 0; struct ssl_server_args args = {"wrongcn.cert", 0}; args.ca_list = CA_CERT; /* The cert is signed by the CA but has a CN mismatch, so will * force the verification callback to be invoked. */ CALL(make_ssl_request(&args, CA_CERT, NULL, check_chain, &ret)); ONN("cert verification never called", ret == 0); if (ret == -1) return FAIL; return OK; } static int count_vfy(void *userdata, int fs, const ne_ssl_certificate *c) { int *count = userdata; (*count)++; return 0; } static int no_verify(void) { int count = 0; struct ssl_server_args args = {SERVER_CERT, 0}; CALL(make_ssl_request(&args, CA_CERT, NULL, count_vfy, &count)); ONN("verify callback called unnecessarily", count != 0); return OK; } /* Checks that the verify callback is only called on the first * connection to the SSL server, and not on subsequent connections. */ static int cache_verify(void) { ne_session *sess; int count = 0; struct ssl_server_args args = {SERVER_CERT, 0}; CALL(multi_ssl_session(2, &sess, &args)); ne_ssl_set_verify(sess, count_vfy, &count); ONREQ(any_request(sess, "/foo-alpha")); ONREQ(any_request(sess, "/foo-beta")); ONV(count != 1, ("verify callback result not cached: called %d times", count)); ne_session_destroy(sess); return OK; } /* Copy failures into *userdata, and fail verification. */ static int get_failures(void *userdata, int fs, const ne_ssl_certificate *c) { int *out = userdata; *out = fs; return -1; } /* Helper function for expected-to-fail SSL tests. * * An SSL server is spawned using 'cert' and 'key' as the key pair. * The client will trust CA cert 'cacert', and use 'host' as the server * name. If realhost is non-NULL, this address will be used to connect * to in favour of host; the server is otherwise identified as 'host'. * 'msg' must be a substring of the error string. * 'failures' must equal the failure bitmask passed to the verify * callback in the client. * If none of the expected conditions is met, 'errstr' will be * used in the test failure context. */ static int fail_ssl_request_with_error2(char *cert, char *key, char *cacert, const char *host, const char *realhost, const char *msg, int failures, const char *errstr) { ne_session *sess = ne_session_create("https", host, 7777); int gotf = 0, ret; struct ssl_server_args args = {0}; ne_sock_addr *addr = NULL; const ne_inet_addr **list = NULL; if (realhost) { size_t n; const ne_inet_addr *ia; addr = ne_addr_resolve(realhost, 0); ONV(ne_addr_result(addr), ("fake hostname lookup failed for %s", realhost)); NE_DEBUG(NE_DBG_SSL, "ssl: Using fake hostname '%s'\n", realhost); for (n = 0, ia = ne_addr_first(addr); ia; ia = ne_addr_next(addr)) n++; NE_DEBUG(NE_DBG_SSL, "ssl: Address count '%lu'\n", n); list = ne_calloc(n * sizeof(*list)); for (n = 0, ia = ne_addr_first(addr); ia; ia = ne_addr_next(addr)) list[n++] = ia; ne_set_addrlist(sess, list, n); } args.cert = cert; args.key = key; args.fail_silently = 1; ret = any_ssl_request(sess, ssl_server, &args, cacert, get_failures, &gotf); ONV(gotf == 0, ("no error in verification callback; request rv %d error string: %s", ret, ne_get_error(sess))); ONV(gotf & ~NE_SSL_FAILMASK, ("verification flags %x outside mask %x", gotf, NE_SSL_FAILMASK)); /* check the failure flags were as expected. */ ONV(failures != gotf, ("verification flags were %d not %d", gotf, failures)); /* and check that the request was failed too. */ ONV(ret == NE_OK, ("%s", msg)); ONV(errstr && strstr(ne_get_error(sess), errstr) == NULL, ("unexpected failure message '%s', wanted '%s'", ne_get_error(sess), errstr)); ne_session_destroy(sess); if (addr) ne_addr_destroy(addr); if (list) ne_free(list); return OK; } /* Helper function: run a request using the given self-signed server * certificate, and expect the request to fail with the given * verification failure flags. */ static int fail_ssl_request_with_error(char *cert, char *cacert, const char *host, const char *msg, int failures, const char *errstr) { return fail_ssl_request_with_error2(cert, NULL, cacert, host, NULL, msg, failures, errstr); } /* Helper function: run a request using the given self-signed server * certificate, and expect the request to fail with the given * verification failure flags. */ static int fail_ssl_request(char *cert, char *cacert, const char *host, const char *msg, int failures) { return fail_ssl_request_with_error(cert, cacert, host, msg, failures, NULL); } /* Note that the certs used for fail_* are mostly self-signed, so the * cert is passed as CA cert and server cert to fail_ssl_request. */ /* Check that a certificate with the incorrect commonName attribute is * flagged as such. */ static int fail_wrongCN(void) { return fail_ssl_request_with_error("wrongcn.cert", "ca/cert.pem", "localhost", "certificate with incorrect CN was accepted", NE_SSL_IDMISMATCH, "certificate issued for a different hostname"); } #define SRCDIR(s) ne_concat(srcdir, "/" s, NULL) #if 0 static int fail_nul_cn(void) { char *key = SRCDIR("nulsrv.key"), *ca = SRCDIR("nulca.pem"); CALL(fail_ssl_request_with_error2(nul_cn_fn, key, ca, "www.bank.com", "localhost", "certificate with incorrect CN was accepted", NE_SSL_IDMISMATCH|NE_SSL_EXPIRED|NE_SSL_BADCHAIN, "certificate issued for a different hostname")); ne_free(key); ne_free(ca); return OK; } static int fail_nul_san(void) { char *cert = SRCDIR("nulsan.pem"), *key = SRCDIR("nulsrv.key"), *ca = SRCDIR("nulca.pem"); CALL(fail_ssl_request_with_error2(cert, key, ca, "www.bank.com", "localhost", "certificate with incorrect CN was accepted", NE_SSL_IDMISMATCH|NE_SSL_EXPIRED|NE_SSL_BADCHAIN, "certificate issued for a different hostname")); ne_free(cert); ne_free(key); ne_free(ca); return OK; } #endif /* Check that an expired certificate is flagged as such. */ static int fail_expired(void) { return fail_ssl_request_with_error("expired.cert", CA_CERT, "localhost", "expired certificate was accepted", NE_SSL_EXPIRED, "certificate has expired"); } static int fail_notvalid(void) { return fail_ssl_request_with_error("notyet.cert", CA_CERT, "localhost", "not yet valid certificate was accepted", NE_SSL_NOTYETVALID, "certificate is not yet valid"); } /* Check that a server cert with a random issuer and self-signed cert * fail with UNTRUSTED. */ static int fail_untrusted_ca(void) { return fail_ssl_request_with_error("server.cert", NULL, "localhost", "untrusted CA.", NE_SSL_UNTRUSTED, "issuer is not trusted"); } static int fail_self_signed(void) { return fail_ssl_request("ssigned.pem", NULL, "localhost", "self-signed cert", NE_SSL_UNTRUSTED); } /* Test for failure when a server cert is presented which has no * commonName (and no alt names either). */ static int fail_missing_CN(void) { ne_session *sess = DEFSESS; ONN("accepted server cert with missing commonName", any_ssl_request(sess, fail_serve, "missingcn.cert", SERVER_CERT, NULL, NULL) == NE_OK); ONV(strstr(ne_get_error(sess), "missing commonName") == NULL, ("unexpected session error `%s'", ne_get_error(sess))); ne_session_destroy(sess); return OK; } /* test for a bad ipAddress altname */ static int fail_bad_ipaltname(void) { return fail_ssl_request("altname6.cert", CA_CERT, "127.0.0.1", "bad IP altname cert", NE_SSL_IDMISMATCH); } /* test for a ipAddress which matched against the hostname as per neon * 0.24 behaviour. */ static int fail_host_ipaltname(void) { return fail_ssl_request("altname5.cert", CA_CERT, "localhost", "bad IP altname cert", NE_SSL_IDMISMATCH); } static int fail_bad_urialtname(void) { return fail_ssl_request("altname8.cert", CA_CERT, "localhost", "bad URI altname cert", NE_SSL_IDMISMATCH); } static int fail_wildcard(void) { return fail_ssl_request("altname9.cert", CA_CERT, "localhost", "subjaltname not honored", NE_SSL_IDMISMATCH); } static int fail_wildcard_ip(void) { return fail_ssl_request("wildip.cert", CA_CERT, "127.0.0.1", "wildcard IP", NE_SSL_IDMISMATCH); } static int fail_ca_expired(void) { return fail_ssl_request_with_error("ca1server.cert", "ca1/cert.pem", "localhost", "issuer ca expired", NE_SSL_BADCHAIN, "bad certificate chain"); } static int fail_ca_notyetvalid(void) { return fail_ssl_request("ca3server.cert", "ca3/cert.pem", "localhost", "issuer ca not yet valid", NE_SSL_BADCHAIN); } #if 0 /* Test that the SSL session is cached across connections. */ static int session_cache(void) { struct ssl_server_args args = {0}; ne_session *sess; args.cert = SERVER_CERT; args.cache = 1; CALL(multi_session_server(&sess, "https", "localhost", 2, ssl_server, &args)); ne_ssl_trust_cert(sess, def_ca_cert); ONREQ(any_request(sess, "/req1")); ONREQ(any_request(sess, "/req2")); return destroy_and_wait(sess); } #endif /* Callback for client_cert_provider; takes a c. cert as userdata and * registers it. */ static void ccert_provider(void *userdata, ne_session *sess, const ne_ssl_dname *const *dns, int dncount) { const ne_ssl_client_cert *cc = userdata; ne_ssl_set_clicert(sess, cc); } /* Test that the on-demand client cert provider callback is used. */ static int client_cert_provided(void) { ne_session *sess = DEFSESS; ne_ssl_client_cert *cc; struct ssl_server_args args = {SERVER_CERT, NULL}; args.require_cc = 1; cc = ne_ssl_clicert_read("client.p12"); ONN("could not load client.p12", cc == NULL); ONN("could not decrypt client.p12", ne_ssl_clicert_decrypt(cc, P12_PASSPHRASE)); ne_ssl_provide_clicert(sess, ccert_provider, cc); CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); ne_ssl_clicert_free(cc); return OK; } #define DN_COUNT 5 static void cc_check_dnames(void *userdata, ne_session *sess, const ne_ssl_dname *const *dns, int dncount) { int n, *ret = userdata; static const char *expected[DN_COUNT] = { CACERT_DNAME, "First Random CA, CAs Ltd., Lincoln, Lincolnshire, GB", "Second Random CA, CAs Ltd., Falmouth, Cornwall, GB", "Third Random CA, CAs Ltd., Ipswich, Suffolk, GB", "Fourth Random CA, CAs Ltd., Norwich, Norfolk, GB" }; ne_ssl_set_clicert(sess, def_cli_cert); if (dncount != DN_COUNT) { t_context("dname count was %d not %d", dncount, DN_COUNT); *ret = -1; return; } for (n = 0; n < DN_COUNT; n++) { char which[5]; sprintf(which, "%d", n); if (check_dname(dns[n], expected[n], which) == FAIL) { *ret = -1; return; } } *ret = 1; } /* Test for the list of acceptable dnames sent to the client. */ static int cc_provided_dnames(void) { int check = 0; ne_session *sess = DEFSESS; struct ssl_server_args args = {SERVER_CERT, NULL}; args.require_cc = 1; args.ca_list = "calist.pem"; PRECOND(def_cli_cert); ne_ssl_provide_clicert(sess, cc_check_dnames, &check); CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); ONN("provider function not called", check == 0); return (check == -1) ? FAIL : OK; } /* Tests use of a client certificate. */ static int client_cert_pkcs12(void) { ne_session *sess = DEFSESS; struct ssl_server_args args = {SERVER_CERT, NULL}; args.require_cc = 1; PRECOND(def_cli_cert); ne_ssl_set_clicert(sess, def_cli_cert); CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); return OK; } /* Test use of a PKCS#12 cert with an embedded CA cert - fails with <= * 0.28.3 in GnuTLS build. */ static int client_cert_ca(void) { ne_session *sess = DEFSESS; struct ssl_server_args args = {SERVER_CERT, NULL}; ne_ssl_client_cert *cc; args.require_cc = 1; cc = ne_ssl_clicert_read("clientca.p12"); ONN("could not load clientca.p12", cc == NULL); ONN("encrypted cert marked unencrypted?", !ne_ssl_clicert_encrypted(cc)); ONN("could not decrypt clientca.p12", ne_ssl_clicert_decrypt(cc, P12_PASSPHRASE)); ne_ssl_set_clicert(sess, cc); CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_ssl_clicert_free(cc); ne_session_destroy(sess); return OK; } /* Tests use of an unencrypted client certificate. */ static int ccert_unencrypted(void) { ne_session *sess = DEFSESS; ne_ssl_client_cert *ccert; struct ssl_server_args args = {SERVER_CERT, NULL}; args.require_cc = 1; ccert = ne_ssl_clicert_read("unclient.p12"); ONN("could not load unclient.p12", ccert == NULL); ONN("unclient.p12 was encrypted", ne_ssl_clicert_encrypted(ccert)); ne_ssl_set_clicert(sess, ccert); CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_ssl_clicert_free(ccert); ne_session_destroy(sess); return OK; } #define NOCERT_MESSAGE "client certificate was requested" /* random SSL read may fail like this with TLSv1.3 */ #define NOCERT_ALT "certificate required" /* Tests for useful error message if a handshake fails where a client * cert was requested. */ static int no_client_cert(void) { ne_session *sess; struct ssl_server_args args = {SERVER_CERT, NULL}; int ret; args.require_cc = 1; args.fail_silently = 1; CALL(make_ssl_session(&sess, NULL, ssl_server, &args)); ne_ssl_trust_cert(sess, def_ca_cert); ret = any_request(sess, "/failme"); ONV(ret != NE_ERROR, ("unexpected result %d: %s", ret, ne_get_error(sess))); ONV(strstr(ne_get_error(sess), NOCERT_MESSAGE) == NULL && strstr(ne_get_error(sess), NOCERT_ALT) == NULL, ("error message was '%s', missing '%s'", ne_get_error(sess), NOCERT_MESSAGE)); reap_server(); ne_session_destroy(sess); return OK; } /* non-zero if a server auth header was received */ static int got_server_auth; /* Utility function which accepts the 'tunnel' header. */ static void tunnel_header(char *value) { got_server_auth = 1; } /* Server which acts as a proxy accepting a CONNECT request. */ static int serve_tunnel(ne_socket *sock, void *ud) { struct ssl_server_args *args = ud; /* check for a server auth function */ want_header = "Authorization"; got_header = tunnel_header; got_server_auth = 0; /* give the plaintext tunnel reply, acting as the proxy */ CALL(discard_request(sock)); if (got_server_auth) { SEND_STRING(sock, "HTTP/1.1 500 Leaked Server Auth Creds\r\n" "Content-Length: 0\r\n" "Server: serve_tunnel\r\n\r\n"); return 0; } else { SEND_STRING(sock, "HTTP/1.1 200 OK\r\nServer: serve_tunnel\r\n\r\n"); return ssl_server(sock, args); } } /* neon versions <= 0.21.2 segfault here because ne_sock_close would * be called twice on the socket after the server cert verification * fails. */ static int fail_tunnel(void) { ne_session *sess = ne_session_create("https", "example.com", 443); struct ssl_server_args args = {SERVER_CERT, NULL}; ne_session_proxy(sess, "localhost", 7777); ONN("server cert verification didn't fail", any_ssl_request(sess, serve_tunnel, &args, CA_CERT, NULL, NULL) != NE_ERROR); ne_session_destroy(sess); return OK; } static int proxy_tunnel(void) { ne_session *sess = ne_session_create("https", "localhost", 443); struct ssl_server_args args = {SERVER_CERT, NULL}; ne_session_proxy(sess, "localhost", 7777); /* CA cert is trusted, so no verify callback should be needed. */ CALL(any_ssl_request(sess, serve_tunnel, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); return OK; } #define RESP_0LENGTH "HTTP/1.1 200 OK\r\n" "Content-Length: 0\r\n" "\r\n" /* a tricky test which requires spawning a second server process in * time for a new connection after a 407. */ static int apt_post_send(ne_request *req, void *ud, const ne_status *st) { int *code = ud; if (st->code == *code) { struct ssl_server_args args = {SERVER_CERT, NULL}; if (*code == 407) args.numreqs = 2; args.response = RESP_0LENGTH; NE_DEBUG(NE_DBG_HTTP, "Got challenge, awaiting server...\n"); CALL(await_server()); NE_DEBUG(NE_DBG_HTTP, "Spawning proper tunnel server...\n"); /* serve *two* 200 OK responses. */ CALL(spawn_server(7777, serve_tunnel, &args)); NE_DEBUG(NE_DBG_HTTP, "Spawned.\n"); } return OK; } static int apt_creds(void *userdata, const char *realm, int attempt, char *username, char *password) { strcpy(username, "foo"); strcpy(password, "bar"); return attempt; } /* Test for using SSL over a CONNECT tunnel via a proxy server which * requires authentication. Broke briefly between 0.23.x and * 0.24.0. */ static int auth_proxy_tunnel(void) { ne_session *sess = ne_session_create("https", "localhost", 443); int ret, code = 407; ne_session_proxy(sess, "localhost", 7777); ne_hook_post_send(sess, apt_post_send, &code); ne_set_proxy_auth(sess, apt_creds, NULL); ne_ssl_trust_cert(sess, def_ca_cert); CALL(spawn_server(7777, single_serve_string, "HTTP/1.0 407 I WANT MORE BISCUITS\r\n" "Proxy-Authenticate: Basic realm=\"bigbluesea\"\r\n" "Connection: close\r\n" "\r\n")); /* run two requests over the tunnel. */ ret = any_2xx_request(sess, "/foobar"); if (!ret) ret = any_2xx_request(sess, "/foobar2"); CALL(ret); return destroy_and_wait(sess); } /* Regression test to check that server credentials aren't sent to the * proxy in a CONNECT request. */ static int auth_tunnel_creds(void) { ne_session *sess = ne_session_create("https", "localhost", 443); int code = 401; struct ssl_server_args args = {SERVER_CERT, 0}; ne_session_proxy(sess, "localhost", 7777); ne_hook_post_send(sess, apt_post_send, &code); ne_set_server_auth(sess, apt_creds, NULL); ne_ssl_trust_cert(sess, def_ca_cert); args.response = "HTTP/1.1 401 I want a Shrubbery\r\n" "WWW-Authenticate: Basic realm=\"bigredocean\"\r\n" "Server: Python\r\n" "Content-Length: 0\r\n" "\r\n"; CALL(spawn_server(7777, serve_tunnel, &args)); CALL(any_2xx_request(sess, "/foobar")); return destroy_and_wait(sess); } static int auth_tunnel_fail(void) { ne_session *sess = ne_session_create("https", "localhost", 443); int ret; CALL(spawn_server(7777, single_serve_string, "HTTP/1.1 407 Nyaaaaah\r\n" "Proxy-Authenticate: GaBoogle\r\n" "Connection: close\r\n" "\r\n")); ne_session_proxy(sess, "localhost", 7777); ne_set_proxy_auth(sess, apt_creds, NULL); ret = any_request(sess, "/bar"); ONV(ret != NE_PROXYAUTH, ("bad error code for tunnel failure: %d", ret)); ONV(strstr(ne_get_error(sess), "GaBoogle") == NULL, ("bad error string for tunnel failure: %s", ne_get_error(sess))); return destroy_and_wait(sess); } /* compare against known digest of notvalid.pem. Via: * $ openssl x509 -fingerprint -sha1 -noout -in notvalid.pem */ #define THE_DIGEST "cf:5c:95:93:76:c6:3c:01:8b:62:" \ "b1:6f:f7:7f:42:32:ac:e6:69:1b" static int cert_fingerprint(void) { char *fn = ne_concat(srcdir, "/notvalid.pem", NULL); ne_ssl_certificate *cert = ne_ssl_cert_read(fn); char digest[60]; ne_free(fn); ONN("could not load notvalid.pem", cert == NULL); ONN("failed to digest", ne_ssl_cert_digest(cert, digest)); ne_ssl_cert_free(cert); ONV(strcmp(digest, THE_DIGEST), ("digest was %s not %s", digest, THE_DIGEST)); return OK; } static int cert_hdigests(void) { static const struct { unsigned int flags; const char *digest; } ts[] = { { NE_HASH_MD5|NE_HASH_COLON, "76:26:eb:db:09:e8:53:5c:79:61:0c:30:3d:77:ed:65" }, { NE_HASH_MD5, "7626ebdb09e8535c79610c303d77ed65" }, { NE_HASH_SHA256, "ea4a4f4f08a91a83e841e772171a2befa3f6e576b5cd9f5cd6d12e9683fe89b3" }, { NE_HASH_SHA512, "35373c533f4000ee9b6173a45eedae732f6c953dcf76f5fba5ffb7be380de559893d0679e94051950be2a5917fa7922fbf50ef10222d5be4eea53ba948cf7703" }, { 0, NULL } }; unsigned int n, passed = 0; char *fn = ne_concat(srcdir, "/notvalid.pem", NULL); ne_ssl_certificate *cert = ne_ssl_cert_read(fn); ONN("could not load notvalid.pem", cert == NULL); for (n = 0; ts[n].flags; n++) { char *dig = ne_ssl_cert_hdigest(cert, ts[n].flags); /* Can reasonably for almost any hash (either too modern or * too old), so what can you do? */ if (dig == NULL) { t_warning("failed to htdigest with flags %u", ts[n].flags); continue; } NE_DEBUG(NE_DBG_SSL, "ssl: hDigest %u got %s, expected %s\n", ts[n].flags, dig, ts[n].digest); ONV(strcmp(dig, ts[n].digest), ("digest was %s not %s", dig, ts[n].digest)); passed++; ne_free(dig); } ONN("no algorithms supported for ne_ssl_cert_hdigest", passed == 0); ne_ssl_cert_free(cert); ne_free(fn); return OK; } /* verify that identity of certificate in filename 'fname' is 'identity' */ static int check_identity(const char *fname, const char *identity) { ne_ssl_certificate *cert = ne_ssl_cert_read(fname); const char *id; ONV(cert == NULL, ("could not read cert `%s'", fname)); id = ne_ssl_cert_identity(cert); if (identity) { ONV(id == NULL, ("certificate `%s' had no identity", fname)); ONV(strcmp(id, identity), ("certificate `%s' had identity `%s' not `%s'", fname, id, identity)); } else { ONV(id != NULL, ("certificate `%s' had identity `%s' (expected none)", fname, id)); } ne_ssl_cert_free(cert); return OK; } /* check certificate identities. */ static int cert_identities(void) { static const struct { const char *fname, *identity; } certs[] = { { "ssigned.pem", "localhost" }, { "twocn.cert", "localhost" }, { "altname1.cert", "localhost" }, { "altname2.cert", "nohost.example.com" }, { "altname4.cert", "localhost" }, { "ca4.pem", "fourth.example.com" }, { "altname8.cert", "http://nohost.example.com/" }, { NULL, NULL } }; int n; for (n = 0; certs[n].fname != NULL; n++) CALL(check_identity(certs[n].fname, certs[n].identity)); return OK; } static int nulcn_identity(void) { ne_ssl_certificate *cert = ne_ssl_cert_read(nul_cn_fn); const char *id; ONN("could not read nulcn.pem", cert == NULL); id = ne_ssl_cert_identity(cert); ONN("embedded NUL byte not quoted", id != NULL && strcmp(id, "www.bank.com") == 0); ne_ssl_cert_free(cert); return OK; } static int check_validity(const char *fname, const char *from, const char *until) { char actfrom[NE_SSL_VDATELEN], actuntil[NE_SSL_VDATELEN]; ne_ssl_certificate *cert; cert = ne_ssl_cert_read(fname); ONV(cert == NULL, ("could not load cert `%s'", fname)); /* cover all calling combos for nice coverage analysis */ ne_ssl_cert_validity(cert, NULL, NULL); ne_ssl_cert_validity(cert, actfrom, NULL); ne_ssl_cert_validity(cert, NULL, actuntil); ne_ssl_cert_validity(cert, actfrom, actuntil); ONV(strcmp(actfrom, from), ("%s: start time was `%s' not `%s'", fname, actfrom, from)); ONV(strcmp(actuntil, until), ("%s: end time was `%s' not `%s'", fname, actuntil, until)); ne_ssl_cert_free(cert); return OK; } /* ceritificate validity times. */ static int cert_validity(void) { char *cert = ne_concat(srcdir, "/expired.pem", NULL); CALL(check_validity(cert, "Mon, 21 Jan 2002 20:39:04 GMT", "Thu, 31 Jan 2002 20:39:04 GMT")); ne_free(cert); cert = ne_concat(srcdir, "/notvalid.pem", NULL); CALL(check_validity(cert, "Wed, 27 Dec 2023 20:40:29 GMT", "Thu, 28 Dec 2023 20:40:29 GMT")); ne_free(cert); return OK; } /* dname comparisons. */ static int dname_compare(void) { ne_ssl_certificate *ssigned; const ne_ssl_dname *dn1, *dn2; dn1 = ne_ssl_cert_subject(def_server_cert); dn2 = ne_ssl_cert_subject(def_server_cert); ONN("identical subject names not equal", ne_ssl_dname_cmp(dn1, dn2) != 0); dn2 = ne_ssl_cert_issuer(def_server_cert); ONN("issuer and subject names equal for signed cert", ne_ssl_dname_cmp(dn1, dn2) == 0); dn1 = ne_ssl_cert_subject(def_ca_cert); ONN("issuer of signed cert not equal to subject of CA cert", ne_ssl_dname_cmp(dn1, dn2) != 0); ssigned = ne_ssl_cert_read("ssigned.pem"); ONN("could not load ssigned.pem", ssigned == NULL); dn1 = ne_ssl_cert_subject(ssigned); dn2 = ne_ssl_cert_issuer(ssigned); ONN("issuer and subject names not equal for self-signed cert", ne_ssl_dname_cmp(dn1, dn2)); ne_ssl_cert_free(ssigned); return OK; } /* The dname with the UTF-8 encoding of the Unicode string: * "Hllo World". */ #define I18N_DNAME "H\xc3\xa8llo World, Neon Hackers Ltd, Cambridge, Cambridgeshire, GB" /* N.B. t61subj.cert encodes an ISO-8859-1 string in a T61String * field, which is strictly wrong but the common usage. */ /* tests for ne_ssl_readable_dname */ static int dname_readable(void) { struct { const char *cert; const char *subjdn, *issuerdn; } ts[] = { { "justmail.cert", "blah@example.com", NULL }, { "t61subj.cert", I18N_DNAME, NULL }, { "bmpsubj.cert", I18N_DNAME, NULL }, { "utf8subj.cert", I18N_DNAME, NULL }, { "twoou.cert", "First OU Dept, Second OU Dept, Neon Hackers Ltd, " "Cambridge, Cambridgeshire, GB", NULL } }; size_t n; for (n = 0; n < sizeof(ts)/sizeof(ts[0]); n++) { ne_ssl_certificate *cert = ne_ssl_cert_read(ts[n].cert); ONV(cert == NULL, ("could not load cert %s", ts[n].cert)); CALL(check_cert_dnames(cert, ts[n].subjdn, ts[n].issuerdn)); ne_ssl_cert_free(cert); } return OK; } /* test cert comparisons */ static int cert_compare(void) { ne_ssl_certificate *c1, *c2; c1 = ne_ssl_cert_read("server.cert"); c2 = ne_ssl_cert_read("server.cert"); ONN("identical certs don't compare equal", ne_ssl_cert_cmp(c1, c2) != 0); ONN("identical certs don't compare equal", ne_ssl_cert_cmp(c2, c1) != 0); ne_ssl_cert_free(c2); c2 = ne_ssl_cert_read("ssigned.pem"); ONN("different certs don't compare different", ne_ssl_cert_cmp(c1, c2) == 0); ONN("different certs don't compare different", ne_ssl_cert_cmp(c2, c1) == 0); ne_ssl_cert_free(c2); ne_ssl_cert_free(c1); return OK; } /* Extract raw base64 string from a PEM file */ static int flatten_pem(const char *fname, char **out) { FILE *fp = fopen(fname, "r"); char buf[80]; size_t outlen = 0; int ignore = 1; ONV(fp == NULL, ("could not open %s", fname)); *out = NULL; while (fgets(buf, sizeof buf, fp) != NULL) { size_t len = strlen(buf) - 1; if (len < 1) continue; /* look for the wrapper lines. */ if (strncmp(buf, "-----", 5) == 0) { ignore = !ignore; continue; } /* ignore until the first wrapper line */ if (ignore) continue; *out = realloc(*out, outlen + len + 1); memcpy(*out + outlen, buf, len); outlen += len; } (*out)[outlen] = '\0'; fclose(fp); return OK; } /* check export cert data 'actual' against expected data 'expected */ static int check_exported_data(const char *actual, const char *expected) { ONN("could not export cert", actual == NULL); ONN("export data contained newline", strchr(actual, '\r') || strchr(actual, '\n')); ONV(strcmp(actual, expected), ("exported cert differed from expected:\n" "actual: %s\nexpected: %s", actual, expected)); return OK; } /* Test import and export of certificates. The export format is PEM * without the line feeds and wrapping; compare against . */ static int import_export(void) { char *expected, *actual; ne_ssl_certificate *cert, *imp; CALL(flatten_pem("server.cert", &expected)); cert = ne_ssl_cert_read("server.cert"); ONN("could not load server.cert", cert == NULL); /* export the cert to and compare it with the PEM file */ actual = ne_ssl_cert_export(cert); CALL(check_exported_data(actual, expected)); /* import the exported cert data, check it looks the same */ imp = ne_ssl_cert_import(actual); ONN("failed to import exported cert", imp == NULL); ONN("imported cert was different to original", ne_ssl_cert_cmp(imp, cert)); /* re-export the imported cert and check that looks the same */ ne_free(actual); actual = ne_ssl_cert_export(imp); CALL(check_exported_data(actual, expected)); ne_ssl_cert_free(imp); /* try importing from bogus data */ imp = ne_ssl_cert_import("!!"); ONN("imported bogus cert from bogus base64", imp != NULL); imp = ne_ssl_cert_import("aaaa"); ONN("imported bogus cert from valid base64", imp != NULL); ne_ssl_cert_free(cert); ne_free(actual); ne_free(expected); return OK; } /* Test write/read */ static int read_write(void) { ne_ssl_certificate *c1, *c2; c1 = ne_ssl_cert_read("server.cert"); ONN("could not load server.cert", c1 == NULL); ONN("could not write output.pem", ne_ssl_cert_write(c1, "output.pem")); ONN("wrote to nonexistent directory", ne_ssl_cert_write(c1, "nonesuch/output.pem") == 0); c2 = ne_ssl_cert_read("output.pem"); ONN("could not read output.pem", c2 == NULL); ONN("read of output.pem differs from original", ne_ssl_cert_cmp(c2, c1)); ne_ssl_cert_free(c1); ne_ssl_cert_free(c2); return OK; } /* A verification callback which caches the passed cert. */ static int verify_cache(void *userdata, int fs, const ne_ssl_certificate *cert) { char **cache = userdata; if (*cache == NULL) { *cache = ne_ssl_cert_export(cert); return 0; } else { return -1; } } /* Test a common use of the SSL API; cache the server cert across * sessions. */ static int cache_cert(void) { ne_session *sess = DEFSESS; char *cache = NULL; ne_ssl_certificate *cert; struct ssl_server_args args = {0}; args.cert = "ssigned.pem"; args.cache = 1; ONREQ(any_ssl_request(sess, ssl_server, &args, CA_CERT, verify_cache, &cache)); ne_session_destroy(sess); ONN("no cert was cached", cache == NULL); /* make a real cert */ cert = ne_ssl_cert_import(cache); ONN("could not import cached cert", cert == NULL); ne_free(cache); /* create a new session */ sess = DEFSESS; /* trust the cert */ ne_ssl_trust_cert(sess, cert); ne_ssl_cert_free(cert); /* now, the request should succeed without manual verification */ ONREQ(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); ne_session_destroy(sess); return OK; } static int nonssl_trust(void) { ne_session *sess = ne_session_create("http", "www.example.com", 80); ne_ssl_trust_cert(sess, def_ca_cert); ne_session_destroy(sess); return OK; } /* PIN password provider callback. */ static int pkcs11_pin(void *userdata, int attempt, const char *slot_descr, const char *token_label, unsigned int flags, char *pin) { char *sekrit = userdata; NE_DEBUG(NE_DBG_SSL, "pkcs11: slot = [%s], token = [%s]\n", slot_descr, token_label); if (attempt == 0) { strcpy(pin, sekrit); return 0; } else { return -1; } } static int nss_pkcs11_test(const char *dbname) { ne_session *sess = DEFSESS; struct ssl_server_args args = {SERVER_CERT, NULL}; ne_ssl_pkcs11_provider *prov; int ret; args.require_cc = 1; if (access(dbname, R_OK|X_OK)) { t_warning("NSS required for PKCS#11 testing"); return SKIP; } ret = ne_ssl_pkcs11_nss_provider_init(&prov, "softokn3", dbname, NULL, NULL, NULL); if (ret) { if (ret == NE_PK11_NOTIMPL) t_context("pakchois library required for PKCS#11 support"); else t_context("could not load NSS softokn3 PKCS#11 provider"); return SKIP; } ne_ssl_pkcs11_provider_pin(prov, pkcs11_pin, "foobar"); ne_ssl_set_pkcs11_provider(sess, prov); ret = any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL); ne_session_destroy(sess); ne_ssl_pkcs11_provider_destroy(prov); return ret; } static int pkcs11(void) { return nss_pkcs11_test("nssdb"); } static int pkcs11_dsa(void) { return nss_pkcs11_test("nssdb-dsa"); } /* TODO: code paths still to test in cert verification: * - server cert changes between connections: Mozilla gives * a "bad MAC decode" error for this; can do better? * - server presents no certificate (using ADH ciphers)... can * only really happen if they mess with the SSL_CTX and enable * ADH cipher manually; but good to check the failure case is * safe. * - SSL cert changes between connections; handle as normal & re-verify * From the SSL book: * - an early FIN should be returned as a possible truncation attack, * NOT just an NE_SOCK_CLOSED. * - unexpected close_notify is an error but not an attack. * - never attempt session resumption after any aborted connection. */ ne_test tests[] = { T_LEAKY(init), T(load_server_certs), T(trust_default_ca), T(cert_fingerprint), T(cert_hdigests), T(cert_identities), T(cert_validity), T(cert_compare), T(dname_compare), T(dname_readable), T(import_export), T(read_write), T(load_client_cert), T(clicert_import), T(simple), #if 0 T(simple_sslv2), #endif T(simple_eof), T(empty_truncated_eof), T(fail_not_ssl), T(cache_cert), T(intermediary), T(client_cert_pkcs12), T(ccert_unencrypted), T(client_cert_provided), T(cc_provided_dnames), T(no_client_cert), T(client_cert_ca), T(parse_cert), T(parse_chain), T(no_verify), T(cache_verify), T(wildcard_match), T(wildcard_match_altname), T(caseless_match), T(subject_altname), T(two_subject_altname), T(two_subject_altname2), T(notdns_altname), T(ipaddr_altname), T(uri_altname), T(multi_commonName), T(commonName_first), T(fail_wrongCN), T(fail_expired), T(fail_notvalid), T(fail_untrusted_ca), T(fail_self_signed), T(fail_missing_CN), T(fail_host_ipaltname), T(fail_bad_ipaltname), T(fail_bad_urialtname), T(fail_wildcard), T(fail_wildcard_ip), T(fail_ca_notyetvalid), T(fail_ca_expired), T(nulcn_identity), #if 0 /* These certs were created with a SHA#1 digest so are rejected by * modern TLS libraries. */ T(fail_nul_cn), T(fail_nul_san), #endif #if 0 T(session_cache), #endif T(fail_tunnel), T(proxy_tunnel), T(auth_proxy_tunnel), T(auth_tunnel_creds), T(auth_tunnel_fail), T(nonssl_trust), T(pkcs11), T_XFAIL(pkcs11_dsa), /* unclear why this fails currently. */ T(NULL) }; neon-0.32.2/test/string-tests.c000066400000000000000000000531641416727304000163430ustar00rootroot00000000000000/* String handling tests Copyright (C) 2001-2007, 2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #ifdef HAVE_ERRNO_H #include /* for the ENOENT definitions in str_errors */ #endif #include "ne_string.h" #include "ne_utils.h" #include "tests.h" #undef ONCMP #define ONCMP(a,b) ONV(!a || strcmp(a, b), \ ("result was [%s] not [%s]", a, b)) static int simple(void) { ne_buffer *s = ne_buffer_create(); ON(s == NULL); ne_buffer_zappend(s, "abcde"); ONCMP(s->data, "abcde"); ON(ne_buffer_size(s) != 5); ne_buffer_destroy(s); return OK; } static int buf_concat(void) { ne_buffer *s = ne_buffer_create(); ON(s == NULL); ne_buffer_concat(s, "a", "b", "c", "d", "e", "f", "g", NULL); ONCMP(s->data, "abcdefg"); ON(ne_buffer_size(s) != 7); ne_buffer_destroy(s); return OK; } static int buf_concat2(void) { #define RES "alphabetagammadeltaepsilonetatheta" ne_buffer *s = ne_buffer_create(); ON(s == NULL); ne_buffer_concat(s, "alpha", "beta", "gamma", "delta", "epsilon", "eta", "theta", NULL); ONCMP(s->data, RES); ON(ne_buffer_size(s) != strlen(RES)); ne_buffer_destroy(s); return OK; } static int buf_concat3(void) { ne_buffer *s = ne_buffer_create(); ON(s == NULL); ne_buffer_zappend(s, "foobar"); ne_buffer_concat(s, "norman", NULL); ONCMP(s->data, "foobarnorman"); ON(ne_buffer_size(s) != 12); ne_buffer_destroy(s); return OK; } static int append(void) { ne_buffer *s = ne_buffer_create(); ON(s == NULL); ne_buffer_append(s, "a", 1); ne_buffer_append(s, "b", 1); ne_buffer_append(s, "c", 1); ONCMP(s->data, "abc"); ON(ne_buffer_size(s) != 3); ne_buffer_zappend(s, "hello"); ONCMP(s->data, "abchello"); ne_buffer_czappend(s, "world"); ONCMP(s->data, "abchelloworld"); ON(ne_buffer_size(s) != 13); ne_buffer_destroy(s); return OK; } static int grow(void) { ne_buffer *s = ne_buffer_ncreate(2); ON(s == NULL); ne_buffer_append(s, "a", 1); ne_buffer_grow(s, 4); ONCMP(s->data, "a"); ne_buffer_destroy(s); return OK; } static int alter(void) { ne_buffer *s = ne_buffer_create(); char *d; ON(s == NULL); ne_buffer_zappend(s, "abcdefg"); d = s->data; ON(d == NULL); d[2] = '\0'; ne_buffer_altered(s); ONCMP(s->data, "ab"); ON(ne_buffer_size(s) != 2); ne_buffer_zappend(s, "hijkl"); ONCMP(s->data, "abhijkl"); ne_buffer_destroy(s); return OK; } /* Macros for testing ne_token. */ #define TEST(res) do { \ char *tok = ne_token(&pnt, ','); \ ONN(res ": return", tok == NULL); \ ONN(res ": compare", strcmp(tok, (res))); \ ONN(res ": modify", pnt == NULL); \ } while (0) #define LASTTEST(res) do { \ char *tok = ne_token(&pnt, ','); \ ONN(res ": last return", tok == NULL); \ ONN(res ": last compare", strcmp(tok, (res))); \ ONN(res ": last modify", pnt != NULL); \ } while (0) #define QTEST(res) do { \ char *tok = ne_qtoken(&pnt, ',', QUOTES); \ ONN(res ": return", tok == NULL); \ ONN(res ": compare", strcmp(tok, (res))); \ ONN(res ": modify", pnt == NULL); \ } while (0) #define QLASTTEST(res) do { \ char *tok = ne_qtoken(&pnt, ',', QUOTES); \ ONN(res ": last return", tok == NULL); \ ONN(res ": last compare", strcmp(tok, (res))); \ ONN(res ": last modify", pnt != NULL); \ } while (0) static int token1(void) { char *str = ne_strdup("a,b,c,d"), *pnt = str; TEST("a"); TEST("b"); TEST("c"); LASTTEST("d"); ne_free(str); return OK; } static int token2(void) { char *str = ne_strdup("norman,fishing, elsewhere"), *pnt = str; TEST("norman"); TEST("fishing"); LASTTEST(" elsewhere"); ne_free(str); return OK; } static int nulls(void) { char *str = ne_strdup("alpha,,gamma"), *pnt = str; TEST("alpha"); TEST(""); LASTTEST("gamma"); ne_free(str); pnt = str = ne_strdup(",,,wooo"); TEST(""); TEST(""); TEST(""); LASTTEST("wooo"); ne_free(str); pnt = str = ne_strdup("wooo,,,"); TEST("wooo"); TEST(""); TEST(""); LASTTEST(""); ne_free(str); return OK; } static int empty(void) { char *str = ne_strdup(""), *pnt = str; LASTTEST(""); ne_free(str); return OK; } #undef QUOTES #define QUOTES "'" static int quoted(void) { char *str = ne_strdup("alpha,'beta, a fish called HELLO!?',sandwiches"); char *pnt = str; QTEST("alpha"); QTEST("'beta, a fish called HELLO!?'"); QLASTTEST("sandwiches"); ne_free(str); return OK; } static int badquotes(void) { char *str = ne_strdup("alpha,'blah"), *pnt = str; QTEST("alpha"); ON(ne_qtoken(&pnt, ',', QUOTES) != NULL); ne_free(str); return OK; } /* for testing ne_shave. */ #undef TEST #define TEST(str, ws, res) do { \ char *s = ne_strdup((str)); \ char *r = ne_shave(s, (ws)); \ ONN("[" str "]", strcmp(r, (res))); \ ne_free(s); \ } while (0) static int shave(void) { TEST(" b ", " ", "b"); TEST("b", " ", "b"); TEST(" b ", " ", "b"); TEST("--bbb-----", "-", "bbb"); TEST("hello, world ", " ", "hello, world"); TEST("<<><<<><<<<<><<", "<>", "this is foo"); TEST("09809812342347I once saw an helicopter0012312312398", "0123456789", "I once saw an helicopter"); return OK; } /* Regression test for ne_shave call which should produce an empty * string. */ static int shave_regress(void) { TEST("\"\"", "\"", ""); return OK; } /* Test the ne_token/ne_shave combination. */ #undef TEST #undef LASTTEST #define TEST(res) do { \ char *tok = ne_token(&pnt, ','); \ ONN(res ": return", tok == NULL); \ tok = ne_shave(tok, " "); \ ONN(res ": shave", tok == NULL); \ ONN(res ": compare", strcmp(tok, (res))); \ ONN(res ": modify", pnt == NULL); \ } while (0) #define LASTTEST(res) do { \ char *tok = ne_token(&pnt, ','); \ ONN(res ": last return", tok == NULL); \ tok = ne_shave(tok, " "); \ ONN(res ": last shave", tok == NULL); \ ONN(res ": last compare", strcmp(tok, (res))); \ ONN(res ": last modify", pnt != NULL); \ } while (0) /* traditional use of ne_token/ne_shave. */ static int combo(void) { char *str = ne_strdup(" fred , mary, jim , alice, david"), *pnt = str; TEST("fred"); TEST("mary"); TEST("jim"); TEST("alice"); LASTTEST("david"); ne_free(str); return 0; } static int concat(void) { #define CAT(res, args) do { char *str = ne_concat args; \ ONCMP(str, res); \ ne_free(str); } while (0) CAT("alphabeta", ("alpha", "beta", NULL)); CAT("alpha", ("alpha", "", "", NULL)); CAT("", ("", NULL)); CAT("", ("", "", "", NULL)); CAT("alpha", ("", "a", "lph", "", "a", NULL)); return OK; } static int str_errors(void) { char expect[200], actual[200]; strncpy(expect, strerror(ENOENT), sizeof(expect)-1); ONN("ne_strerror did not return passed-in buffer", ne_strerror(ENOENT, actual, sizeof(actual)) != actual); ONV(strcmp(expect, actual), ("error from ENOENT was `%s' not `%s'", actual, expect)); /* Test truncated error string is still NUL-terminated. */ ne_strerror(ENOENT, actual, 6); NE_DEBUG(NE_DBG_HTTP, "error: %s\n", actual); ONN("truncated string had wrong length", strlen(actual) != 5); ne_strerror(-1, actual, 6); ONN("truncated string for bad error had wrong length", strlen(actual) != 5); return OK; } static int strnzcpy(void) { char buf[16]; ne_strnzcpy(buf, "abcdefghi", 5); ONV(strcmp(buf, "abcd"), ("result was `%s' not `abcd'", buf)); ne_strnzcpy(buf, "ab", 5); ONV(strcmp(buf, "ab"), ("result was `%s' not `ab'", buf)); return OK; } #define FOX_STRING "The quick brown fox jumped over the lazy dog" #define PUNC_STRING "<>,.;'#:@~[]{}!\"$%^&*()_+-=" static int cleaner(void) { static const char *strings[] = { "alpha", "alpha", "pretty\033[41mcolours", "pretty [41mcolours", "beta\n", "beta ", "del\rt\na", "del t a", FOX_STRING, FOX_STRING, "0123456789", "0123456789", PUNC_STRING, PUNC_STRING, "\01blah blee\05bloo", " blah blee bloo", NULL, }; unsigned int n; for (n = 0; strings[n]; n+=2) { char *act = ne_strclean(ne_strdup(strings[n])); ONV(strcmp(act, strings[n+1]), ("cleansed to `%s' not `%s'", act, strings[n+1])); ne_free(act); } return OK; } /* Check that raw data 'raw', of length 'len', has base64 encoding * of 'expected'. */ static int b64_check(const unsigned char *raw, size_t len, const char *expected) { char *encoded = ne_base64(raw, len); unsigned char *decoded; size_t dlen; ONV(strcmp(encoded, expected), ("base64(\"%s\") gave \"%s\" not \"%s\"", raw, encoded, expected)); dlen = ne_unbase64(encoded, &decoded); ONV(dlen != len, ("decoded `%s' length was %" NE_FMT_SIZE_T " not %" NE_FMT_SIZE_T, expected, dlen, len)); ONV(memcmp(raw, decoded, dlen), ("decoded `%s' as `%.*s' not `%.*s'", expected, (int)dlen, decoded, (int)dlen, raw)); ne_free(decoded); ne_free(encoded); return OK; } /* ALLBITS: base64 encoding of "\0..\377" */ #define ALLBITS \ "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKiss" \ "LS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZ" \ "WltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWG" \ "h4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKz" \ "tLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g" \ "4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==" static int base64(void) { unsigned char bits[256]; size_t n; #define B64B(x, l, y) CALL(b64_check((unsigned char *)x, l, y)) #define B64(x, y) B64B(x, strlen(x), y) /* invent these with * $ printf "string" | uuencode -m blah */ B64("a", "YQ=="); B64("bb", "YmI="); B64("ccc", "Y2Nj"); B64("Hello, world", "SGVsbG8sIHdvcmxk"); B64("Aladdin:open sesame", "QWxhZGRpbjpvcGVuIHNlc2FtZQ=="); B64("I once saw a dog called norman.\n", "SSBvbmNlIHNhdyBhIGRvZyBjYWxsZWQgbm9ybWFuLgo="); B64("The quick brown fox jumped over the lazy dog", "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQgb3ZlciB0aGUgbGF6eSBkb2c="); /* binary data.. * $ printf "string" | wc -c # get the length * $ printf "string" | uuencode -m blah # get the base64 */ B64B("\0\0\0\0\0\n", 6, "AAAAAAAK"); B64B("I once wished \0 upon a \0 fish.", 30, "SSBvbmNlIHdpc2hlZCAAIHVwb24gYSAAIGZpc2gu"); B64B("\201\202\203\204", 4, "gYKDhA=="); for (n = 0; n < sizeof bits; n++) bits[n] = (unsigned char)n; CALL(b64_check(bits, sizeof bits, ALLBITS)); #undef B64 #undef B64B return OK; } static int unbase64(void) { static const char *ts[] = { "", "a", "ab", "abc", "}bcd", "a}cd", "ab}d", "abc}", " ", "^bcd", "a^cd", "ab^d", "abc^", "====", "=bcd", "a=cd", "ab=d", "a==d", "a=c=", NULL }; size_t n; for (n = 0; ts[n]; n++) { unsigned char *tmp; ONV(ne_unbase64(ts[n], &tmp) != 0, ("invalid string `%s' was decoded", ts[n])); } return OK; } static int printing(void) { struct { const char *in, *out; size_t pass, ret; } ts[] = { { "alpha", "alpha", 10, 5 }, { "alpha", "alph", 5, 4 }, { "foobar", "", 1, 0 }, { NULL, NULL, 0, 0} }; size_t n; for (n = 0; ts[n].in; n++) { char buf[512]; size_t ret; memset(buf, 'A', sizeof buf); ret = ne_snprintf(buf, ts[n].pass, "%s", ts[n].in); ONCMP(ts[n].out, buf); ONV(ret != ts[n].ret, ("got return value %" NE_FMT_SIZE_T " not %" NE_FMT_SIZE_T, ret, ts[n].ret)); /* byte past the NUL must still be 'A' */ ONN("buffer over-ran!", buf[ret + 1] != 'A'); } return OK; } static int casecmp(void) { static const struct { const char *left, *right; int expect; } ts[] = { { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 0 }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz", 0 }, { "foo", "bar", 1 }, { "!#:[@\377", "!#:[@\377", 0 }, { "bar", "foo", -1 }, { "foop", "foo", 1 }, { "foo", "foop", -1 }, { NULL, NULL, 0 } }; size_t n; for (n = 0; ts[n].left; n++) { int actual; actual = ne_strcasecmp(ts[n].left, ts[n].right); ONV(ts[n].expect == 0 && actual != 0, ("strcasecmp(%s, %s) gave %d, expected 0", ts[n].left, ts[n].right, actual)); ONV(ts[n].expect > 0 && actual <= 0, ("strcasecmp(%s, %s) gave %d, expected > 0", ts[n].left, ts[n].right, actual)); ONV(ts[n].expect < 0 && actual >= 0, ("strcasecmp(%s, %s) gave %d, expected < 0", ts[n].left, ts[n].right, actual)); } ONN("comparison of identical pointers did not give zero", ne_strcasecmp(ts[0].left, ts[0].left) != 0); return OK; } static int casencmp(void) { static const struct { const char *left, *right; size_t n; int expect; } ts[] = { { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 30, 0 }, { "abcdefghijklmnopqrstuvwxyz", "ABCDEFGHIJKLMNOPQRSTUVWXYZ", 10, 0 }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZ", "abcdefghijklmnopqrstuvwxyz", 0, 0 }, { "foo", "bar", 3, 1 }, { "bar", "foo", 4, -1 }, { "bar", "foo", 3, -1 }, { "foop", "foo", 4, 1 }, { "foo", "foop", 4, -1 }, { "bee", "bar", 0, 0}, { NULL, NULL, 0, 0 } }; size_t n; for (n = 0; ts[n].left; n++) { int actual; actual = ne_strncasecmp(ts[n].left, ts[n].right, ts[n].n); ONV(ts[n].expect == 0 && actual != 0, ("strncasecmp(%s, %s, %" NE_FMT_SIZE_T ") gave %d, expected 0", ts[n].left, ts[n].right, ts[n].n, actual)); ONV(ts[n].expect > 0 && actual <= 0, ("strncasecmp(%s, %s, %" NE_FMT_SIZE_T ") gave %d, expected > 0", ts[n].left, ts[n].right, ts[n].n, actual)); ONV(ts[n].expect < 0 && actual >= 0, ("strncasecmp(%s, %s, %" NE_FMT_SIZE_T ") gave %d, expected < 0", ts[n].left, ts[n].right, ts[n].n, actual)); } ONN("comparison of identical pointers did not give zero", ne_strncasecmp(ts[0].left, ts[0].left, 5) != 0); return OK; } static int buf_print(void) { ne_buffer *buf = ne_buffer_create(); ne_buffer_czappend(buf, "foo-"); ne_buffer_snprintf(buf, 20, "bar-%s-asda", "norman"); ne_buffer_czappend(buf, "-bloo"); ONN("snprintf return value", ne_buffer_snprintf(buf, 2, "---") != 1); ONCMP(buf->data, "foo-bar-norman-asda-bloo-"); ne_buffer_destroy(buf); return OK; } static int qappend(void) { static const struct { const char *in; size_t inlen; const char *out; } ts[] = { { "", 0, "" }, { "a", 1, "a" }, { "b", 2, "b\\x00" }, { "alpha\0alpha", 11, "alpha\\x00alpha" }, { "a\tb", 3, "a\\x09b" }, { "foo\x7f" "bar", 7, "foo\\x7fbar" }, { NULL } }; unsigned n; for (n = 0; ts[n].in; n++) { ne_buffer *buf = ne_buffer_create(); char *s; const unsigned char *in = (const unsigned char *)ts[n].in; ne_buffer_qappend(buf, in, ts[n].inlen); ONCMP(buf->data, ts[n].out); ONV(strlen(buf->data) + 1 != buf->used, ("bad buffer length for '%s': %" NE_FMT_SIZE_T, ts[n].out, buf->used)); s = ne_strnqdup(in, ts[n].inlen); ONCMP(s, ts[n].out); ne_free(s); ne_buffer_destroy(buf); } return OK; } static char *test_vstrhash(unsigned int flags, ...) { va_list ap; char *rv; va_start(ap, flags); rv = ne_vstrhash(flags, ap); va_end(ap); return rv; } #define TEST1 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" #define TEST1_SHA "248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1" #define ONVEC(args, expect) \ do { char *h = ne_strhash args; ONCMP(h, expect); ne_free(h); } while (0) static int strhash(void) { ONN("zero flags must return NULL", ne_strhash(0, "", NULL) != NULL); ONN("zero flags must return NULL for vstrhash", test_vstrhash(0, "", NULL) != NULL); ONN("no alg flags must return NULL", ne_strhash(NE_HASH_COLON, "", NULL) != NULL); ONN("no alg flags must return NULL", ne_strhash(NE_HASH_SPACE, "", NULL) != NULL); ONVEC((NE_HASH_MD5, "", NULL), "d41d8cd98f00b204e9800998ecf8427e"); ONVEC((NE_HASH_MD5, "foo", "ba", "r", NULL), "3858f62230ac3c915f300c664312c63f"); ONVEC((NE_HASH_MD5|NE_HASH_SPACE, "foo", "ba", "r", NULL), "38 58 f6 22 30 ac 3c 91 5f 30 0c 66 43 12 c6 3f"); return OK; } static int strhash_sha_256(void) { char *p = ne_strhash(NE_HASH_SHA256, "", NULL); if (p == NULL) { t_context("SHA-2-256 not supported"); return SKIP; } ne_free(p); ONVEC((NE_HASH_SHA256, TEST1, NULL), TEST1_SHA); ONVEC((NE_HASH_SHA256, "foobar", "foo", "bar", "f", "oobar", NULL), "d173c93898d3ca8455a4526e0af2a1aee9b91c8ec19adac16e6e8be2da09436c"); return OK; } /* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf */ #define TEST1_512 "abc" #define TEST1_512_MDC "dd:af:35:a1:93:61:7a:ba:cc:41:73:49:ae:20:41:31:12:e6:fa:4e:89:a9:7e:a2:0a:9e:ee:e6:4b:55:d3:9a:21:92:99:2a:27:4f:c1:a8:36:ba:3c:23:a3:fe:eb:bd:45:4d:44:23:64:3c:e8:0e:2a:9a:c9:4f:a5:4c:a4:9f" #define TEST2_512_1 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrl" #define TEST2_512_2 "mnopqrsmnopqrstnopqrstu" #define TEST2_512_MD "8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909" /* NIST examples from https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf */ #define TEST1_512_256 "abc" #define TEST1_512_256_MD "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23" #define TEST2_512_256_1 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijkl" #define TEST2_512_256_2 "mnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" #define TEST2_512_256_MD "3928e184fb8690f840da3988121d31be65cb9d3ef83ee6146feac861e19b563a" #define TEST2_512_256_MDC "39:28:e1:84:fb:86:90:f8:40:da:39:88:12:1d:31:be:65:cb:9d:3e:f8:3e:e6:14:6f:ea:c8:61:e1:9b:56:3a" static int strhash_sha_512(void) { char *p = ne_strhash(NE_HASH_SHA512, "", NULL); if (p == NULL) { t_context("SHA-2-512 not supported"); return SKIP; } ne_free(p); ONVEC((NE_HASH_SHA512|NE_HASH_COLON, TEST1_512, NULL), TEST1_512_MDC); ONVEC((NE_HASH_SHA512, TEST2_512_1, TEST2_512_2, NULL), TEST2_512_MD); return OK; } static int strhash_sha_512_256(void) { char *p = ne_strhash(NE_HASH_SHA512_256, "", NULL); if (p == NULL) { t_context("SHA-2-512/256 not supported"); return SKIP; } ne_free(p); ONVEC((NE_HASH_SHA512_256, TEST1_512_256, NULL), TEST1_512_256_MD); ONVEC((NE_HASH_SHA512_256, TEST2_512_256_1, TEST2_512_256_2, NULL), TEST2_512_256_MD); ONVEC((NE_HASH_SHA512_256|NE_HASH_COLON, TEST2_512_256_1, TEST2_512_256_2, NULL), TEST2_512_256_MDC); return OK; } static int strparam(void) { static const struct { const char *charset, *lang; const char *value; const char *expect; } ts[] = { { "UTF-8", NULL, "foobar", NULL }, { "UTF-8", NULL, "foo@bar", "UTF-8''foo%40bar" }, { "UTF-8", NULL, "foo bar", "UTF-8''foo%20bar" }, { "iso-8859-1", "en", "\xA3 rates", "iso-8859-1'en'%a3%20rates" }, { "UTF-8", NULL, "£ and € rates", "UTF-8''%c2%a3%20and%20%e2%82%ac%20rates" }, { NULL } }; unsigned n; for (n = 0; ts[n].charset; n++) { char *act = ne_strparam(ts[n].charset, ts[n].lang, (const unsigned char *)ts[n].value); if (ts[n].expect == NULL) { ONV(act != NULL, ("expected NULL output for '%s'", ts[n].value)); } else { ONCMP(act, ts[n].expect); ne_free(act); } } return OK; } ne_test tests[] = { T(simple), T(buf_concat), T(buf_concat2), T(buf_concat3), T(append), T(grow), T(alter), T(token1), T(token2), T(nulls), T(empty), T(quoted), T(badquotes), T(shave), T(shave_regress), T(combo), T(concat), T(str_errors), T(strnzcpy), T(cleaner), T(base64), T(unbase64), T(printing), T(casecmp), T(casencmp), T(buf_print), T(qappend), T(strhash), T(strhash_sha_256), T(strhash_sha_512), T(strhash_sha_512_256), T(strparam), T(NULL) }; neon-0.32.2/test/stubs.c000066400000000000000000000134231416727304000150270ustar00rootroot00000000000000/* neon test suite Copyright (C) 2002-2005, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ /** These tests show that the stub functions produce appropriate * results to provide ABI-compatibility when a particular feature is * not supported by the library. **/ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_request.h" #include "ne_socket.h" #include "ne_compress.h" #include "ne_pkcs11.h" #include "tests.h" #include "child.h" #include "utils.h" #if defined(NE_HAVE_ZLIB) && defined(NE_HAVE_SSL) #define NO_TESTS 1 #endif #define EOL "\r\n" #ifndef NE_HAVE_ZLIB static int sd_result = OK; static int sd_reader(void *ud, const char *block, size_t len) { const char *expect = ud; if (strncmp(expect, block, len) != 0) { sd_result = FAIL; t_context("decompress reader got bad data"); } return 0; } static int stub_decompress(void) { ne_session *sess; ne_decompress *dc; ne_request *req; int ret; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK" EOL "Connection: close" EOL EOL "abcde")); req = ne_request_create(sess, "GET", "/foo"); dc = ne_decompress_reader(req, ne_accept_2xx, sd_reader, "abcde"); ret = ne_request_dispatch(req); CALL(await_server()); ONREQ(ret); ne_decompress_destroy(dc); ne_request_destroy(req); ne_session_destroy(sess); /* This is a skeleton test suite file. */ return sd_result; } #endif #ifndef NE_HAVE_SSL static int stub_ssl(void) { ne_session *sess = ne_session_create("https", "localhost", 1234); ne_ssl_certificate *cert; ne_ssl_client_cert *cc; /* these should all fail when SSL is not supported. */ cert = ne_ssl_cert_read("Makefile"); if (cert) { char *dn, digest[60], date[NE_SSL_VDATELEN]; const ne_ssl_certificate *issuer; /* This branch should never be executed, but lets pretend it * will to prevent the compiler optimising this code away if * it's placed after the cert != NULL test. And all that * needs to be tested is that these functions link OK. */ dn = ne_ssl_readable_dname(ne_ssl_cert_subject(cert)); ONN("this code shouldn't run", dn != NULL); dn = ne_ssl_readable_dname(ne_ssl_cert_issuer(cert)); ONN("this code shouldn't run", dn != NULL); issuer = ne_ssl_cert_signedby(cert); ONN("this code shouldn't run", issuer != NULL); ONN("this code shouldn't run", ne_ssl_cert_digest(cert, digest)); ne_ssl_cert_validity(cert, date, date); ONN("this code shouldn't run", ne_ssl_dname_cmp(ne_ssl_cert_subject(cert), ne_ssl_cert_issuer(cert))); ONN("this code shouldn't run", ne_ssl_cert_identity(issuer) != NULL); ONN("this code shouldn't run", ne_ssl_cert_export(cert) != NULL); ONN("this code shouldn't run", ne_ssl_cert_hdigest(cert, NE_HASH_MD5) != NULL); } ONN("this code shouldn't run", ne_ssl_cert_import("foo") != NULL); ONN("this code shouldn't run", ne_ssl_cert_read("Makefile") != NULL); ONN("this code shouldn't succeed", ne_ssl_cert_cmp(NULL, NULL) == 0); ONN("certificate load succeeded", cert != NULL); ne_ssl_cert_free(cert); cc = ne_ssl_clicert_read("Makefile"); if (cc) { const char *name; /* dead branch as above. */ cert = (void *)ne_ssl_clicert_owner(cc); ONN("this code shouldn't run", cert != NULL); name = ne_ssl_clicert_name(cc); ONN("this code shouldn't run", name != NULL); ONN("this code shouldn't run", ne_ssl_clicert_decrypt(cc, "fubar")); ne_ssl_set_clicert(sess, cc); } ONN("client certificate load succeeded", cc != NULL); ne_ssl_clicert_free(cc); ne_ssl_trust_default_ca(sess); ne_session_destroy(sess); return OK; } static int stub_pkcs11(void) { ne_session *sess = ne_session_create("https", "localhost", 1234); ne_ssl_pkcs11_provider *prov; if (ne_ssl_pkcs11_provider_init(&prov, "neon-test-failure-case") == NE_PK11_OK) { ONN("this code shouldn't run", prov != NULL); ne_ssl_pkcs11_provider_pin(prov, NULL, NULL); /* noop */ ne_ssl_set_pkcs11_provider(sess, prov); /* noop */ ne_ssl_pkcs11_provider_destroy(prov); } ONN("must return NOTIMPL", ne_ssl_pkcs11_provider_init(&prov, "neon-test-failure-case-2") != NE_PK11_NOTIMPL); if (ne_ssl_pkcs11_nss_provider_init(&prov, "neon-test-failure-case", "neon-test", NULL, NULL, NULL) == NE_PK11_OK) { ONN("this code shouldn't run", prov != NULL); ne_ssl_pkcs11_provider_destroy(prov); } ne_session_destroy(sess); return OK; } #endif #ifdef NO_TESTS static int null_test(void) { return OK; } #endif ne_test tests[] = { #ifndef NE_HAVE_ZLIB T(stub_decompress), #endif #ifndef NE_HAVE_SSL T(stub_ssl), T(stub_pkcs11), #endif /* to prevent failure when SSL and zlib are supported. */ #ifdef NO_TESTS T(null_test), #endif T(NULL) }; neon-0.32.2/test/uri-tests.c000066400000000000000000000452331416727304000156320ustar00rootroot00000000000000/* URI handling tests Copyright (C) 2001-2006, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #include "ne_uri.h" #include "ne_alloc.h" #include "tests.h" static int simple(void) { ne_uri p = {0}; ON(ne_uri_parse("http://www.webdav.org/foo", &p)); ON(strcmp(p.host, "www.webdav.org")); ON(strcmp(p.path, "/foo")); ON(strcmp(p.scheme, "http")); ON(p.port); ON(p.userinfo != NULL); ne_uri_free(&p); return 0; } static int simple_ssl(void) { ne_uri p = {0}; ON(ne_uri_parse("https://webdav.org/", &p)); ON(strcmp(p.scheme, "https")); ON(p.port); ne_uri_free(&p); return OK; } static int no_path(void) { ne_uri p = {0}; ON(ne_uri_parse("https://webdav.org", &p)); ON(strcmp(p.path, "/")); ne_uri_free(&p); return OK; } static int escapes(void) { static const struct { const char *plain, *escaped; unsigned int flags; } paths[] = { { "/foo%", "/foo%25", 0 }, { "/foo bar", "/foo%20bar", 0, }, { "/foo_bar", "/foo_bar", 0 }, { "/foobar", "/foobar", 0 }, { "/a\xb9\xb2\xb3\xbc\xbd/", "/a%b9%b2%b3%bc%bd/", 0 }, { "/foo%20\xb9\xb2\xb3\xbc\xbd/", "/foo%20%b9%b2%b3%bc%bd/", NE_PATH_NONURI }, { "/foo bar/", "/foo%20bar/", NE_PATH_NONURI }, { NULL, NULL} }; size_t n; for (n = 0; paths[n].plain; n++) { char *esc; if (paths[n].flags) esc = ne_path_escapef(paths[n].plain, paths[n].flags); else esc = ne_path_escape(paths[n].plain); ONCMP(paths[n].escaped, esc, paths[n].plain, "escape"); if (!paths[n].flags) { char *un = ne_path_unescape(esc); ONCMP(paths[n].plain, un, paths[n].plain, "unescape"); ne_free(un); } ne_free(esc); } ONN("unescape accepted invalid URI", ne_path_unescape("/foo%zzbar") != NULL); ONN("unescape accepted invalid URI", ne_path_unescape("/foo%1zbar") != NULL); return OK; } static int parents(void) { static const struct { const char *path, *parent; } ps[] = { { "/a/b/c", "/a/b/" }, { "/a/b/c/", "/a/b/" }, { "/alpha/beta", "/alpha/" }, { "/foo", "/" }, { "norman", NULL }, { "/", NULL }, { "", NULL }, { NULL, NULL } }; int n; for (n = 0; ps[n].path != NULL; n++) { char *p = ne_path_parent(ps[n].path); if (ps[n].parent == NULL) { ONV(p != NULL, ("parent of `%s' was `%s' not NULL", ps[n].path, p)); } else { ONV(p == NULL, ("parent of `%s' was NULL", ps[n].path)); ONV(strcmp(p, ps[n].parent), ("parent of `%s' was `%s' not `%s'", ps[n].path, p, ps[n].parent)); ne_free(p); } } return OK; } static int compares(void) { const char *alpha = "/alpha"; ON(ne_path_compare("/a", "/a/") != 0); ON(ne_path_compare("/a/", "/a") != 0); ON(ne_path_compare("/ab", "/a/") == 0); ON(ne_path_compare("/a/", "/ab") == 0); ON(ne_path_compare("/a/", "/a/") != 0); ON(ne_path_compare("/alpha/", "/beta/") == 0); ON(ne_path_compare("/alpha", "/b") == 0); ON(ne_path_compare("/alpha/", "/alphash") == 0); ON(ne_path_compare("/fish/", "/food") == 0); ON(ne_path_compare(alpha, alpha) != 0); ON(ne_path_compare("/a/b/c/d", "/a/b/c/") == 0); return OK; } static int cmp(void) { static const struct { const char *left, *right; } eq[] = { { "http://example.com/alpha", "http://example.com/alpha" }, { "//example.com/alpha", "//example.com/alpha" }, { "http://example.com/alpha#foo", "http://example.com/alpha#foo" }, { "http://example.com/alpha?bar", "http://example.com/alpha?bar" }, { "http://jim@example.com/alpha", "http://jim@example.com/alpha" }, { "HTTP://example.com/alpha", "http://example.com/alpha" }, { "http://example.com/", "http://example.com" }, { "http://Example.Com/", "http://example.com" }, { NULL, NULL} }, diff[] = { { "http://example.com/alpha", "http://example.com/beta" }, { "http://example.com/alpha", "https://example.com/alpha" }, { "http://example.com/alpha", "http://www.example.com/alpha" }, { "http://example.com:443/alpha", "http://example.com:8080/alpha" }, { "http://example.com/alpha", "http://jim@example.com/alpha" }, { "http://bob@example.com/alpha", "http://jim@example.com/alpha" }, { "http://example.com/alpha", "http://example.com/alpha?fish" }, { "http://example.com/alpha?fish", "http://example.com/alpha?food" }, { "http://example.com/alpha", "http://example.com/alpha#foo" }, { "http://example.com/alpha#bar", "http://example.com/alpha#foo" }, { "http://example.com/alpha", "//example.com/alpha" }, { "http://example.com/alpha", "///alpha" }, { NULL, NULL} }; size_t n; for (n = 0; eq[n].left; n++) { ne_uri alpha, beta; int r1, r2; ONV(ne_uri_parse(eq[n].left, &alpha), ("could not parse left URI '%s'", eq[n].left)); ONV(ne_uri_parse(eq[n].right, &beta), ("could not parse right URI '%s'", eq[n].right)); r1 = ne_uri_cmp(&alpha, &beta); r2 = ne_uri_cmp(&beta, &alpha); ONV(r1 != 0, ("cmp('%s', '%s') = %d not zero", eq[n].left, eq[n].right, r1)); ONV(r2 != 0, ("cmp('%s', '%s') = %d not zero", eq[n].right, eq[n].left, r2)); ne_uri_free(&alpha); ne_uri_free(&beta); } for (n = 0; diff[n].left; n++) { ne_uri alpha, beta; int r1, r2; ONV(ne_uri_parse(diff[n].left, &alpha), ("could not parse left URI '%s'", diff[n].left)); ONV(ne_uri_parse(diff[n].right, &beta), ("could not parse right URI '%s'", diff[n].right)); r1 = ne_uri_cmp(&alpha, &beta); r2 = ne_uri_cmp(&beta, &alpha); ONV(r1 == 0, ("'%s' and '%s' did not compare as different", diff[n].left, diff[n].right)); ONV(((r1 > 0) != (r2 < 0) || (r1 < 0) != (r2 > 0)), ("'%s' and '%s' did not compare reflexively (%d vs %d)", diff[n].left, diff[n].right, r1, r2)); ne_uri_free(&alpha); ne_uri_free(&beta); } return OK; } static int children(void) { ON(ne_path_childof("/a", "/a/b") == 0); ON(ne_path_childof("/a/", "/a/b") == 0); ON(ne_path_childof("/aa/b/c", "/a/b/c/d/e") != 0); ON(ne_path_childof("////", "/a") != 0); return OK; } static int slash(void) { ON(ne_path_has_trailing_slash("/a/") == 0); ON(ne_path_has_trailing_slash("/a") != 0); { /* check the uri == "" case. */ char *foo = "/"; ON(ne_path_has_trailing_slash(&foo[1])); } return OK; } static int default_port(void) { ONN("default http: port incorrect", ne_uri_defaultport("http") != 80); ONN("default https: port incorrect", ne_uri_defaultport("https") != 443); ONN("unspecified scheme: port incorrect", ne_uri_defaultport("ldap") != 0); return OK; } static int parse(void) { static const struct test_uri { const char *uri, *scheme, *host; unsigned int port; const char *path, *userinfo, *query, *fragment; } uritests[] = { { "http://webdav.org/norman", "http", "webdav.org", 0, "/norman", NULL, NULL, NULL }, { "http://webdav.org:/norman", "http", "webdav.org", 0, "/norman", NULL, NULL, NULL }, { "https://webdav.org/foo", "https", "webdav.org", 0, "/foo", NULL, NULL, NULL }, { "http://webdav.org:8080/bar", "http", "webdav.org", 8080, "/bar", NULL, NULL, NULL }, { "http://a/b", "http", "a", 0, "/b", NULL, NULL, NULL }, { "http://webdav.org/bar:fish", "http", "webdav.org", 0, "/bar:fish", NULL, NULL, NULL }, { "http://webdav.org", "http", "webdav.org", 0, "/", NULL, NULL, NULL }, { "http://webdav.org/fish@food", "http", "webdav.org", 0, "/fish@food", NULL, NULL, NULL }, /* query/fragments */ { "http://foo/bar?alpha", "http", "foo", 0, "/bar", NULL, "alpha", NULL }, { "http://foo/bar?alpha#beta", "http", "foo", 0, "/bar", NULL, "alpha", "beta" }, { "http://foo/bar#alpha?beta", "http", "foo", 0, "/bar", NULL, NULL, "alpha?beta" }, { "http://foo/bar#beta", "http", "foo", 0, "/bar", NULL, NULL, "beta" }, { "http://foo/bar?#beta", "http", "foo", 0, "/bar", NULL, "", "beta" }, { "http://foo/bar?alpha?beta", "http", "foo", 0, "/bar", NULL, "alpha?beta", NULL }, /* Examples from RFC39861.1.2: */ { "ftp://ftp.is.co.za/rfc/rfc1808.txt", "ftp", "ftp.is.co.za", 0, "/rfc/rfc1808.txt", NULL, NULL, NULL }, { "http://www.ietf.org/rfc/rfc2396.txt", "http", "www.ietf.org", 0, "/rfc/rfc2396.txt", NULL, NULL, NULL }, { "ldap://[2001:db8::7]/c=GB?objectClass?one", "ldap", "[2001:db8::7]", 0, "/c=GB", NULL, "objectClass?one", NULL }, { "mailto:John.Doe@example.com", "mailto", NULL, 0, "John.Doe@example.com", NULL, NULL, NULL }, { "news:comp.infosystems.www.servers.unix", "news", NULL, 0, "comp.infosystems.www.servers.unix", NULL, NULL, NULL }, { "tel:+1-816-555-1212", "tel", NULL, 0, "+1-816-555-1212", NULL, NULL, NULL }, { "telnet://192.0.2.16:80/", "telnet", "192.0.2.16", 80, "/", NULL, NULL, NULL }, { "urn:oasis:names:specification:docbook:dtd:xml:4.1.2", "urn", NULL, 0, "oasis:names:specification:docbook:dtd:xml:4.1.2", NULL}, /* userinfo */ { "ftp://jim:bob@jim.com", "ftp", "jim.com", 0, "/", "jim:bob", NULL, NULL }, { "ldap://fred:bloggs@fish.com/foobar", "ldap", "fish.com", 0, "/foobar", "fred:bloggs", NULL, NULL }, /* IPv6 literals: */ { "http://[::1]/foo", "http", "[::1]", 0, "/foo", NULL, NULL, NULL }, { "http://[a:a:a:a::0]/foo", "http", "[a:a:a:a::0]", 0, "/foo", NULL, NULL, NULL }, { "http://[::1]:8080/bar", "http", "[::1]", 8080, "/bar", NULL, NULL, NULL }, { "ftp://[feed::cafe]:555", "ftp", "[feed::cafe]", 555, "/", NULL, NULL, NULL }, { "DAV:", "DAV", NULL, 0, "", NULL, NULL, NULL }, /* Some odd cases: heir-part and relative-ref will both match * with a zero-length expansion of "authority" (since * * reg-name can be zero-length); so a triple-slash URI-ref * will be matched as "//" followed by a zero-length authority * followed by a path of "/". */ { "foo:///", "foo", "", 0, "/", NULL, NULL, NULL }, { "///", NULL, "", 0, "/", NULL, NULL, NULL }, /* port grammar is "*DIGIT" so may be empty: */ { "ftp://[feed::cafe]:", "ftp", "[feed::cafe]", 0, "/", NULL, NULL, NULL }, { "ftp://[feed::cafe]:/", "ftp", "[feed::cafe]", 0, "/", NULL, NULL, NULL }, { "http://foo:/", "http", "foo", 0, "/", NULL, NULL, NULL }, /* URI-references: */ { "//foo.com/bar", NULL, "foo.com", 0, "/bar", NULL, NULL, NULL }, { "//foo.com", NULL, "foo.com", 0, "/", NULL, NULL, NULL }, { "//[::1]/foo", NULL, "[::1]", 0, "/foo", NULL, NULL, NULL }, { "/bar", NULL, NULL, 0, "/bar", NULL, NULL, NULL }, /* path-absolute */ { "foo/bar", NULL, NULL, 0, "foo/bar", NULL, NULL, NULL }, /* path-noscheme */ { "", NULL, NULL, 0, "", NULL, NULL, NULL }, /* path-empty */ /* CVE-2007-0157: buffer under-read in 0.26.[012]. */ { "http://webdav.org\xFF", "http", "webdav.org\xFF", 0, "/", NULL, NULL, NULL }, { NULL } }; int n; for (n = 0; uritests[n].uri != NULL; n++) { ne_uri res; const struct test_uri *e = &uritests[n]; ONV(ne_uri_parse(e->uri, &res) != 0, ("'%s': parse failed", e->uri)); ONV(res.port != e->port, ("'%s': parsed port was %d not %d", e->uri, res.port, e->port)); ONCMP(e->scheme, res.scheme, e->uri, "scheme"); ONCMP(e->host, res.host, e->uri, "host"); ONV(strcmp(res.path, e->path), ("'%s': parsed path was '%s' not '%s'", e->uri, res.path, e->path)); ONCMP(e->userinfo, res.userinfo, e->uri, "userinfo"); ONCMP(e->query, res.query, e->uri, "query"); ONCMP(e->fragment, res.fragment, e->uri, "fragment"); ne_uri_free(&res); } return OK; } static int failparse(void) { static const char *uris[] = { "http://[::1/", "http://[::1]f:80/", "http://[::1]]:80/", "http://foo/bar asda", "http://fish/[foo]/bar", NULL }; int n; for (n = 0; uris[n] != NULL; n++) { ne_uri p; ONV(ne_uri_parse(uris[n], &p) == 0, ("`%s' did not fail to parse", uris[n])); ne_uri_free(&p); } return 0; } static int unparse(void) { const char *uris[] = { "http://foo.com/bar", "https://bar.com/foo/wishbone", "http://www.random.com:8000/", "http://[::1]:8080/", "ftp://ftp.foo.bar/abc/def", "ftp://joe@bar.com/abc/def", "http://a/b?c#d", "http://a/b?c", "http://a/b#d", "mailto:foo@bar.com", "//foo.com/bar", "//foo.com:8080/bar", NULL }; int n; for (n = 0; uris[n] != NULL; n++) { ne_uri parsed; char *unp; ONV(ne_uri_parse(uris[n], &parsed), ("failed to parse %s", uris[n])); if (parsed.port == 0 && parsed.scheme) parsed.port = ne_uri_defaultport(parsed.scheme); unp = ne_uri_unparse(&parsed); ONV(strcmp(unp, uris[n]), ("unparse got %s from %s", unp, uris[n])); ne_uri_free(&parsed); ne_free(unp); } return OK; } #define BASE "http://a/b/c/d;p?q" static int resolve(void) { static const struct { const char *base, *relative, *expected; } ts[] = { /* Examples from RFC39865.4: */ { BASE, "g:h", "g:h" }, { BASE, "g", "http://a/b/c/g" }, { BASE, "./g", "http://a/b/c/g" }, { BASE, "g/", "http://a/b/c/g/" }, { BASE, "/g", "http://a/g" }, { BASE, "//g", "http://g/" }, /* NOTE: modified to mandate non-empty path */ { BASE, "?y", "http://a/b/c/d;p?y" }, { BASE, "g?y", "http://a/b/c/g?y" }, { BASE, "#s", "http://a/b/c/d;p?q#s" }, { BASE, "g#s", "http://a/b/c/g#s" }, { BASE, "g?y#s", "http://a/b/c/g?y#s" }, { BASE, ";x", "http://a/b/c/;x" }, { BASE, "g;x", "http://a/b/c/g;x" }, { BASE, "g;x?y#s", "http://a/b/c/g;x?y#s" }, { BASE, "", "http://a/b/c/d;p?q" }, { BASE, ".", "http://a/b/c/" }, { BASE, "./", "http://a/b/c/" }, { BASE, "..", "http://a/b/" }, { BASE, "../", "http://a/b/" }, { BASE, "../g", "http://a/b/g" }, { BASE, "../..", "http://a/" }, { BASE, "../../", "http://a/" }, { BASE, "../../g", "http://a/g" }, { BASE, "../../../g", "http://a/g" }, { BASE, "../../../../g", "http://a/g" }, { BASE, "/./g", "http://a/g" }, { BASE, "/../g", "http://a/g" }, { BASE, "g.", "http://a/b/c/g." }, { BASE, ".g", "http://a/b/c/.g" }, { BASE, "g..", "http://a/b/c/g.." }, { BASE, "..g", "http://a/b/c/..g" }, { BASE, "./../g", "http://a/b/g" }, { BASE, "./g/.", "http://a/b/c/g/" }, { BASE, "g/./h", "http://a/b/c/g/h" }, { BASE, "g/../h", "http://a/b/c/h" }, { BASE, "g;x=1/./y", "http://a/b/c/g;x=1/y" }, { BASE, "g;x=1/../y", "http://a/b/c/y" }, { BASE, "g?y/./x", "http://a/b/c/g?y/./x" }, { BASE, "g?y/../x", "http://a/b/c/g?y/../x" }, { BASE, "g#s/./x", "http://a/b/c/g#s/./x" }, { BASE, "g#s/../x", "http://a/b/c/g#s/../x" }, { BASE, "http:g", "http:g" }, /* Additional examples: */ { BASE, ".", "http://a/b/c/" }, { "http://foo.com/alpha/beta", "../gamma", "http://foo.com/gamma" }, { "http://foo.com/alpha//beta", "../gamma", "http://foo.com/alpha/gamma" }, { "http://foo.com", "../gamma", "http://foo.com/gamma" }, { "", "zzz:.", "zzz:" }, { "", "zzz:./foo", "zzz:foo" }, { "", "zzz:../foo", "zzz:foo" }, { "", "zzz:/./foo", "zzz:/foo" }, { "", "zzz:/.", "zzz:/" }, { "", "zzz:/../", "zzz:/" }, { "", "zzz:.", "zzz:" }, { "", "zzz:..", "zzz:" }, { "", "zzz://foo@bar/", "zzz://foo@bar/" }, { "", "zzz://foo/?bar", "zzz://foo/?bar" }, { "zzz://foo/?bar", "//baz/?jam", "zzz://baz/?jam" }, { "zzz://foo/baz?biz", "", "zzz://foo/baz?biz" }, { "zzz://foo/baz", "", "zzz://foo/baz" }, { "//foo/baz", "", "//foo/baz" }, { NULL, NULL, NULL } }; size_t n; for (n = 0; ts[n].base; n++) { ne_uri base, relative, resolved; char *actual; ONV(ne_uri_parse(ts[n].base, &base), ("could not parse base URI '%s'", ts[n].base)); ONV(ne_uri_parse(ts[n].relative, &relative), ("could not parse input URI '%s'", ts[n].relative)); ONN("bad pointer was returned", ne_uri_resolve(&base, &relative, &resolved) != &resolved); ONN("NULL path after resolve", resolved.path == NULL); actual = ne_uri_unparse(&resolved); ONCMP(ts[n].expected, actual, ts[n].relative, "output mismatch"); ne_uri_free(&relative); ne_uri_free(&resolved); ne_uri_free(&base); ne_free(actual); } return OK; } static int copy(void) { static const char *ts[] = { "http://jim@foo.com:8080/bar?baz#bee", "", NULL, }; size_t n; for (n = 0; ts[n]; n++) { ne_uri parsed, parsed2; char *actual; ONV(ne_uri_parse(ts[n], &parsed), ("could not parse URI '%s'", ts[n])); ONN("ne_uri_copy returned wrong pointer", ne_uri_copy(&parsed2, &parsed) != &parsed2); actual = ne_uri_unparse(&parsed2); ONCMP(ts[n], actual, "copied URI", "unparsed URI"); ne_uri_free(&parsed2); ne_uri_free(&parsed); ne_free(actual); } return OK; } ne_test tests[] = { T(simple), T(simple_ssl), T(no_path), T(escapes), T(parents), T(compares), T(cmp), T(children), T(slash), T(default_port), T(parse), T(failparse), T(unparse), T(resolve), T(copy), T(NULL) }; neon-0.32.2/test/util-socks.c000066400000000000000000000214641416727304000157700ustar00rootroot00000000000000/* SOCKS server utils. Copyright (C) 2008, 2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #include /* for time() */ #include "ne_socket.h" #include "ne_utils.h" #include "ne_alloc.h" #include "child.h" #include "tests.h" #include "utils.h" #define V5_METH_NONE 0x00 #define V5_METH_AUTH 0x02 #define V5_ADDR_IPV4 0x01 #define V5_ADDR_FQDN 0x03 #define V5_ADDR_IPV6 0x04 static int read_socks_string(ne_socket *sock, const char *ctx, unsigned char *buf, unsigned int *olen) { unsigned char len; ssize_t ret; ret = ne_sock_read(sock, (char *)&len, 1); ONV(ret != 1, ("%s length read failed: %s", ctx, ne_sock_error(sock))); ONV(len == 0, ("%s gave zero-length string", ctx)); ret = ne_sock_fullread(sock, (char *)buf, len); ONV(ret != 0, ("%s string read failed, got %" NE_FMT_SSIZE_T " bytes (%s)", ctx, ret, ne_sock_error(sock))); *olen = len; return OK; } static int read_socks_byte(ne_socket *sock, const char *ctx, unsigned char *buf) { ONV(ne_sock_read(sock, (char *)buf, 1) != 1, ("%s byte read failed: %s", ctx, ne_sock_error(sock))); return OK; } static int expect_socks_byte(ne_socket *sock, const char *ctx, unsigned char c) { unsigned char b; CALL(read_socks_byte(sock, ctx, &b)); ONV(b != c, ("%s got byte %hx not %hx", ctx, b, c)); return OK; } static int read_socks_0string(ne_socket *sock, const char *ctx, unsigned char *buf, unsigned *len) { unsigned char *end = buf + *len, *p = buf; while (p < end) { CALL(read_socks_byte(sock, ctx, p)); if (*p == '\0') break; p++; } *len = p - buf; return OK; } int socks_server(ne_socket *sock, void *userdata) { struct socks_server *srv = userdata; unsigned char buf[1024]; unsigned int len, port, version; unsigned char atype; ssize_t ret; version = srv->version == NE_SOCK_SOCKSV5 ? 5 : 4; ne_sock_read_timeout(sock, 5); CALL(expect_socks_byte(sock, "client version", version)); if (version != 5) { unsigned char raw[16]; CALL(expect_socks_byte(sock, "v4 command", 0x01)); ret = ne_sock_fullread(sock, (char *)buf, 6); ONV(ret != 0, ("v4 address read failed with %" NE_FMT_SSIZE_T " (%s)", ret, ne_sock_error(sock))); ONN("bad v4A bogus address", srv->version == NE_SOCK_SOCKSV4A && srv->expect_addr == NULL && memcmp(buf + 2, "\0\0\0", 3) != 0 && buf[6] != 0); ONN("v4 server with no expected address! fail", srv->version == NE_SOCK_SOCKSV4 && srv->expect_addr == NULL); if (srv->expect_addr) { ONN("v4 address mismatch", memcmp(ne_iaddr_raw(srv->expect_addr, raw), buf + 2, 4) != 0); } port = (buf[0] << 8) | buf[1]; ONV(port != srv->expect_port, ("got bad v4 port %u, expected %u", port, srv->expect_port)); len = sizeof buf; CALL(read_socks_0string(sock, "v4 username read", buf, &len)); ONV(srv->username == NULL && len, ("unexpected v4 username %s", buf)); ONV(srv->username && !len, ("no v4 username given, expected %s", srv->username)); ONV(srv->username && len && strcmp(srv->username, (char *)buf), ("bad v4 username, expected %s got %s", srv->username, buf)); if (srv->expect_addr == NULL) { len = sizeof buf; CALL(read_socks_0string(sock, "v4A hostname read", buf, &len)); ONV(strcmp(srv->expect_fqdn, (char *)buf) != 0, ("bad v4A hostname: %s not %s", buf, srv->expect_fqdn)); } { static const char msg[] = "\x00\x5A" "\x00\x00" "\x00\x00\x00\x00" "ok!\n"; if (srv->say_hello) CALL(full_write(sock, msg, 12)); else CALL(full_write(sock, msg, 8)); } return srv->server(sock, srv->userdata); } CALL(read_socks_string(sock, "client method list", buf, &len)); if (srv->failure == fail_init_vers) { CALL(full_write(sock, "\x01\x02", 2)); return OK; } else if (srv->failure == fail_init_close) { return OK; } else if (srv->failure == fail_init_trunc) { CALL(full_write(sock, "\x05", 1)); return OK; } else if (srv->failure == fail_no_auth) { CALL(full_write(sock, "\x05\xff", 2)); return OK; } else if (srv->failure == fail_bogus_auth) { CALL(full_write(sock, "\x05\xfe", 2)); return OK; } ONN("client did not advertise no-auth method", memchr(buf, V5_METH_NONE, len) == NULL); if (srv->username) { int match = 0; ONN("client did not advertise authn method", memchr(buf, V5_METH_AUTH, len) == NULL); CALL(full_write(sock, "\x05\x02", 2)); CALL(expect_socks_byte(sock, "client auth version", 0x01)); CALL(read_socks_string(sock, "client username", buf, &len)); match = len == strlen(srv->username) && memcmp(buf, srv->username, len) == 0; CALL(read_socks_string(sock, "client password", buf, &len)); match = match && len == strlen(srv->password) && memcmp(buf, srv->password, len) == 0; if (srv->failure == fail_auth_close) { return OK; } if (match && srv->failure != fail_auth_denied) { CALL(full_write(sock, "\x01\x00", 2)); } else { CALL(full_write(sock, "\x01\x01", 2)); } if (srv->failure == fail_auth_denied) { return OK; } } else { CALL(full_write(sock, "\x05\x00", 2)); } CALL(expect_socks_byte(sock, "command version", version)); CALL(expect_socks_byte(sock, "command number", 0x01)); CALL(read_socks_byte(sock, "reserved byte", buf)); CALL(read_socks_byte(sock, "address type", &atype)); ONN("bad address type byte", (atype != V5_ADDR_IPV4 && atype != V5_ADDR_IPV6 && atype != V5_ADDR_FQDN)); if (atype == V5_ADDR_FQDN) { ONN("unexpected FQDN from client", srv->expect_fqdn == NULL); CALL(read_socks_string(sock, "read FQDN", buf, &len)); ONV(len != strlen(srv->expect_fqdn) || memcmp(srv->expect_fqdn, buf, len) != 0, ("FQDN mismatch: %.*s not %s", len, buf, srv->expect_fqdn)); } else { unsigned char raw[16]; ONN("unexpected IP literal from client", srv->expect_addr == NULL); ONV((atype == V5_ADDR_IPV4 && ne_iaddr_typeof(srv->expect_addr) != ne_iaddr_ipv4) || (atype == V5_ADDR_IPV6 && ne_iaddr_typeof(srv->expect_addr) != ne_iaddr_ipv6), ("address type mismatch: %hx not %d", atype, ne_iaddr_typeof(srv->expect_addr))); len = atype == V5_ADDR_IPV4 ? 4 : 16; ret = ne_sock_fullread(sock, (char *)buf, len); ONV(ret != 0, ("address read failed with %" NE_FMT_SSIZE_T " (%s)", ret, ne_sock_error(sock))); ne_iaddr_raw(srv->expect_addr, raw); ONN("address mismatch", memcmp(raw, buf, len) != 0); } CALL(read_socks_byte(sock, "port high byte", buf)); CALL(read_socks_byte(sock, "port low byte", buf + 1)); port = (buf[0] << 8) | buf[1]; ONV(port != srv->expect_port, ("got bad port %u, expected %u", port, srv->expect_port)); { static const char msg[] = "\x05\x00\x00" "\x01" "\x00\x00\x00\x00" "\x00\x00" "ok!\n"; if (srv->say_hello) CALL(full_write(sock, msg, 14)); else CALL(full_write(sock, msg, 10)); } return srv->server(sock, srv->userdata); } neon-0.32.2/test/util-tests.c000066400000000000000000000232721416727304000160070ustar00rootroot00000000000000/* utils tests Copyright (C) 2001-2006, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_STRING_H #include #endif #include "ne_utils.h" #include "ne_md5.h" #include "ne_alloc.h" #include "ne_dates.h" #include "ne_string.h" #include "tests.h" static const struct { const char *status; int major, minor, code; const char *rp; } accept_sl[] = { /* These are really valid. */ { "HTTP/1.1 200 OK", 1, 1, 200, "OK" }, { "HTTP/1.1000 200 OK", 1, 1000, 200, "OK" }, { "HTTP/1000.1000 200 OK", 1000, 1000, 200, "OK" }, { "HTTP/00001.1 200 OK", 1, 1, 200, "OK" }, { "HTTP/1.00001 200 OK", 1, 1, 200, "OK" }, { "HTTP/99.99 999 99999", 99, 99, 999, "99999" }, { "HTTP/1.1 100 ", 1, 1, 100, "" }, /* these aren't really valid but we should be able to parse them. */ { "HTTP/1.1 100", 1, 1, 100, "" }, { "HTTP/1.1 200 OK", 1, 1, 200, "OK" }, { "HTTP/1.1 200 \t OK", 1, 1, 200, "OK" }, { " HTTP/1.1 200 OK", 1, 1, 200, "OK" }, { "Norman is a dog HTTP/1.1 200 OK", 1, 1, 200, "OK" }, { NULL } }; static const char *const bad_sl[] = { "", "HTTP/1.1 1000 OK", "HTTP/1.1 1000", "HTTP/-1.1 100 OK", "HTTP/1.1 -100 OK", "HTTP/ 200 OK", "HTTP/", "HTTP/1.1A 100 OK", "HTTP/1.", "HTTP/1.1 1", "Fish/1.1 100 OK", "HTTP/1.1 10", "HTTP", "H\0TP/1.1 100 OK", NULL }; static int status_lines(void) { ne_status s; int n; for (n = 0; accept_sl[n].status != NULL; n++) { ONV(ne_parse_statusline(accept_sl[n].status, &s), ("valid #%d: parse", n)); ONV(accept_sl[n].major != s.major_version, ("valid #%d: major", n)); ONV(accept_sl[n].minor != s.minor_version, ("valid #%d: minor", n)); ONV(accept_sl[n].code != s.code, ("valid #%d: code", n)); ONV(strcmp(accept_sl[n].rp, s.reason_phrase), ("valid #%d: reason phrase", n)); ne_free(s.reason_phrase); } for (n = 0; bad_sl[n] != NULL; n++) { ONV(ne_parse_statusline(bad_sl[n], &s) == 0, ("invalid #%d", n)); } return OK; } /* Write MD5 of 'len' bytes of 'str' to 'digest' */ static const unsigned char *digest_md5(const char *data, size_t len, unsigned int digest[4]) { struct ne_md5_ctx *ctx; #define CHUNK 100 ctx = ne_md5_create_ctx(); if (!ctx) { return (unsigned char *)"NO-MD5-SUPPORT"; } /* exercise the buffering interface */ while (len > CHUNK) { ne_md5_process_bytes(data, CHUNK, ctx); len -= CHUNK; data += CHUNK; } ne_md5_process_bytes(data, len, ctx); ne_md5_finish_ctx(ctx, digest); ne_md5_destroy_ctx(ctx); return (unsigned char *)digest; } static int md5(void) { unsigned int buf[4], buf2[4] = {0}; char ascii[33] = {0}; char zzzs[500]; ne_md5_to_ascii(digest_md5("", 0, buf), ascii); ONN("MD5(null)", strcmp(ascii, "d41d8cd98f00b204e9800998ecf8427e")); ne_md5_to_ascii(digest_md5("foobar", 7, buf), ascii); ONN("MD5(foobar)", strcmp(ascii, "b4258860eea29e875e2ee4019763b2bb")); /* $ perl -e 'printf "z"x500' | md5sum * 8b9323bd72250ea7f1b2b3fb5046391a - */ memset(zzzs, 'z', sizeof zzzs); ne_md5_to_ascii(digest_md5(zzzs, sizeof zzzs, buf), ascii); ONN("MD5(\"z\"x512)", strcmp(ascii, "8b9323bd72250ea7f1b2b3fb5046391a")); ne_ascii_to_md5(ascii, (unsigned char *)buf2); ON(memcmp(buf, buf2, 16)); return OK; } static int md5_alignment(void) { char *bb = ne_malloc(66); struct ne_md5_ctx *ctx; /* regression test for a bug in md5.c in <0.15.0 on SPARC, where * the process_bytes function would SIGBUS if the buffer argument * isn't 32-bit aligned. Won't trigger on x86 though. */ ctx = ne_md5_create_ctx(); ONN("could not create MD5 context", ctx == NULL); ne_md5_process_bytes(bb + 1, 65, ctx); ne_md5_destroy_ctx(ctx); ne_free(bb); return OK; } #define INIT_MD5 "0123456789abcdeffedcba9876543210" static int md5_read(void) { union { unsigned int int32[4]; unsigned char buf[16]; } u; struct ne_md5_ctx *ctx = ne_md5_create_ctx(); void *rv; char hex[33]; rv = ne_md5_read_ctx(ctx, u.buf); ONN("bogus return value", rv != u.buf); ne_md5_to_ascii(u.buf, hex); ONV(strcmp(INIT_MD5, hex) != 0, ("read context was %s not %s", hex, INIT_MD5)); ne_md5_destroy_ctx(ctx); return OK; } static const struct { const char *str; time_t time; enum { d_rfc1123, d_iso8601, d_rfc1036, d_asctime } type; } good_dates[] = { { "Fri, 08 Jun 2001 22:59:46 GMT", 992041186, d_rfc1123 }, { "Friday, 08-Jun-01 22:59:46 GMT", 992041186, d_rfc1036 }, { "Wednesday, 06-Jun-01 22:59:46 GMT", 991868386, d_rfc1036 }, { "Wed Jun 06 22:59:46 2001", 991868386, d_asctime }, /* some different types of ISO8601 dates. */ { "2001-06-08T22:59:46Z", 992041186, d_iso8601 }, { "2001-06-08T22:59:46.9Z", 992041186, d_iso8601 }, { "2001-06-08T26:00:46+03:01", 992041186, d_iso8601 }, { "2001-06-08T20:58:46-02:01", 992041186, d_iso8601 }, { NULL } }; static int parse_dates(void) { int n; for (n = 0; good_dates[n].str != NULL; n++) { time_t res; const char *str = good_dates[n].str; switch (good_dates[n].type) { case d_rfc1036: res = ne_rfc1036_parse(str); break; case d_iso8601: res = ne_iso8601_parse(str); break; case d_rfc1123: res = ne_rfc1123_parse(str); break; case d_asctime: res = ne_asctime_parse(str); break; default: res = -1; break; } ONV(res == -1, ("date %d parse", n)); #define FT "%" NE_FMT_TIME_T ONV(res != good_dates[n].time, ( "date %d incorrect (" FT " not " FT ")", n, res, good_dates[n].time)); } return OK; } #define BAD_DATE(format, result) \ ONN(format " date parse must fail", result != -1) /* Test for bad dates; trigger segfaults in ne_rfc1036_parse() in * <=0.24.5. */ static int bad_dates(void) { static const char *dates[] = { "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "Friday, 08-Jun-01", }; size_t n; for (n = 0; n < sizeof(dates)/sizeof(dates[0]); n++) { BAD_DATE("rfc1036", ne_rfc1036_parse(dates[n])); BAD_DATE("iso8601", ne_iso8601_parse(dates[n])); BAD_DATE("rfc1123", ne_rfc1123_parse(dates[n])); BAD_DATE("asctime", ne_asctime_parse(dates[n])); } return OK; } #define GOOD(n,m,msg) ONV(ne_version_match(n,m), \ ("match of " msg " failed (%d.%d)", n, m)) #define BAD(n,m,msg) ONV(ne_version_match(n,m) == 0, \ ("match of " msg " succeeded (%d.%d)", n, m)) static int versioning(void) { GOOD(NE_VERSION_MAJOR, NE_VERSION_MINOR, "current version"); BAD(NE_VERSION_MAJOR + 1, 0, "later major"); BAD(NE_VERSION_MAJOR, NE_VERSION_MINOR + 1, "later minor"); #if NE_VERSION_MAJOR > 0 BAD(NE_VERSION_MAJOR - 1, 0, "earlier major"); #if NE_VERSION_MINOR > 0 GOOD(NE_VERSION_MAJOR, NE_VERSION_MINOR - 1, "earlier minor"); #endif /* NE_VERSION_MINOR > 0 */ #else /* where NE_VERSION_MAJOR == 0 */ BAD(0, 26, "earlier minor for 0.x"); GOOD(0, 27, "current version back-compat to 0.27"); GOOD(0, 28, "current version back-compat to 0.28"); GOOD(0, 29, "current version back-compat to 0.29"); GOOD(0, 30, "current version back-compat to 0.30"); #endif return OK; } #undef GOOD #undef BAD /* basic ne_version_string() sanity tests */ static int version_string(void) { char buf[1024]; ne_snprintf(buf, sizeof buf, "%s", ne_version_string()); NE_DEBUG(NE_DBG_HTTP, "Version string: %s\n", buf); ONN("version string too long", strlen(buf) > 200); ONN("version string contained newline", strchr(buf, '\n') != NULL); return OK; } static int support(void) { #ifdef NE_HAVE_SSL ONN("SSL support not advertised", !ne_has_support(NE_FEATURE_SSL)); #else ONN("SSL support advertised", ne_has_support(NE_FEATURE_SSL)); #endif #ifdef NE_HAVE_ZLIB ONN("zlib support not advertised", !ne_has_support(NE_FEATURE_ZLIB)); #else ONN("zlib support advertised", ne_has_support(NE_FEATURE_ZLIB)); #endif #ifdef NE_HAVE_IPV6 ONN("IPv6 support not advertised", !ne_has_support(NE_FEATURE_IPV6)); #else ONN("IPv6 support advertised", ne_has_support(NE_FEATURE_IPV6)); #endif #ifdef NE_HAVE_LFS ONN("LFS support not advertised", !ne_has_support(NE_FEATURE_LFS)); #else ONN("LFS support advertised", ne_has_support(NE_FEATURE_LFS)); #endif #ifdef NE_HAVE_TS_SSL ONN("Thread-safe SSL support not advertised", !ne_has_support(NE_FEATURE_TS_SSL)); #else ONN("Thread-safe SSL support advertised", ne_has_support(NE_FEATURE_TS_SSL)); #endif #ifdef NE_HAVE_I18N ONN("i18n support not advertised", !ne_has_support(NE_FEATURE_I18N)); #else ONN("i18n SSL support advertised", ne_has_support(NE_FEATURE_I18N)); #endif return OK; } ne_test tests[] = { T(status_lines), T(md5), T(md5_alignment), T(md5_read), T(parse_dates), T(bad_dates), T(versioning), T(version_string), T(support), T(NULL) }; neon-0.32.2/test/utils.c000066400000000000000000000163261416727304000150340ustar00rootroot00000000000000/* Utility functions for HTTP client tests Copyright (C) 2001-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #ifdef HAVE_UNISTD_H #include /* for sleep() */ #endif #ifdef HAVE_STDLIB_H #include #endif #include #include "ne_session.h" #include "child.h" #include "tests.h" #include "utils.h" int serve_response(ne_socket *s, const char *response) { CALL(discard_request(s)); CALL(discard_body(s)); ONN("failed to send response", SEND_STRING(s, response)); return OK; } int single_serve_string(ne_socket *s, void *userdata) { const char *str = userdata; return serve_response(s, str); } int double_serve_sstring(ne_socket *s, void *userdata) { struct double_serve_args *args = userdata; struct string *str; CALL(discard_request(s)); CALL(discard_body(s)); str = &args->first; NE_DEBUG(NE_DBG_SOCKET, "Serving string: [[[%.*s]]]\n", (int)str->len, str->data); ONN("write failed", ne_sock_fullwrite(s, str->data, str->len)); CALL(discard_request(s)); CALL(discard_body(s)); str = &args->second; NE_DEBUG(NE_DBG_SOCKET, "Serving string: [[[%.*s]]]\n", (int)str->len, str->data); ONN("write failed", ne_sock_fullwrite(s, str->data, str->len)); return OK; } int sleepy_server(ne_socket *sock, void *userdata) { sleep(10); return 0; } int many_serve_string(ne_socket *s, void *userdata) { int n; struct many_serve_args *args = userdata; for (n = 0; n < args->count; n++) { NE_DEBUG(NE_DBG_HTTP, "Serving response %d\n", n); CALL(serve_response(s, args->str)); } return OK; } int any_request(ne_session *sess, const char *uri) { ne_request *req = ne_request_create(sess, "GET", uri); int ret = ne_request_dispatch(req); ne_request_destroy(req); return ret; } int any_2xx_request_method(ne_session *sess, const char *method, const char *uri) { ne_request *req = ne_request_create(sess, method, uri); int ret = ne_request_dispatch(req); int klass = ne_get_status(req)->klass; const char *context = ne_get_response_header(req, "X-Neon-Context"); if (ret != NE_OK || klass != 2) { if (context) t_context("request failed, server error: %s", context); else t_context("request failed: %s", ne_get_error(sess)); ret = FAIL; } else { ret = OK; } ne_request_destroy(req); return ret; } int any_2xx_request(ne_session *sess, const char *uri) { return any_2xx_request_method(sess, "GET", uri); } int any_2xx_request_body(ne_session *sess, const char *uri) { ne_request *req = ne_request_create(sess, "GET", uri); #define BSIZE 5000 char *body = memset(ne_malloc(BSIZE), 'A', BSIZE); int ret; ne_set_request_body_buffer(req, body, BSIZE); ret = ne_request_dispatch(req); ne_free(body); ONV(ret != NE_OK || ne_get_status(req)->klass != 2, ("request failed: %s", ne_get_error(sess))); ne_request_destroy(req); return ret; } int serve_sstring(ne_socket *sock, void *ud) { struct string *str = ud; NE_DEBUG(NE_DBG_SOCKET, "Serving string: [[[%.*s]]]\n", (int)str->len, str->data); ONN("write failed", ne_sock_fullwrite(sock, str->data, str->len)); return 0; } int serve_sstring_slowly(ne_socket *sock, void *ud) { struct string *str = ud; size_t n; NE_DEBUG(NE_DBG_SOCKET, "Slowly serving string: [[[%.*s]]]\n", (int)str->len, str->data); for (n = 0; n < str->len; n++) { ONN("write failed", ne_sock_fullwrite(sock, &str->data[n], 1)); minisleep(); } return 0; } int serve_infinite(ne_socket *sock, void *ud) { struct infinite *i = ud; CALL(discard_request(sock)); SEND_STRING(sock, i->header); while (server_send(sock, i->repeat, strlen(i->repeat)) == 0) /* nullop */; return OK; } int full_write(ne_socket *sock, const char *data, size_t len) { int ret = ne_sock_fullwrite(sock, data, len); NE_DEBUG(NE_DBG_SOCKET, "wrote: [%.*s]\n", (int)len, data); ONV(ret, ("write failed (%d): %s", ret, ne_sock_error(sock))); return OK; } int multi_session_server(ne_session **sess, const char *scheme, const char *hostname, int count, server_fn fn, void *userdata) { unsigned int port; CALL(new_spawn_server(count, fn, userdata, &port)); *sess = ne_session_create(scheme, hostname, port); return OK; } int session_server(ne_session **sess, server_fn fn, void *userdata) { return multi_session_server(sess, "http", "127.0.0.1", 1, fn, userdata); } int proxied_session_server(ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata) { unsigned int port; CALL(new_spawn_server(1, fn, userdata, &port)); *sess = ne_session_create(scheme, host, fakeport); NE_DEBUG(NE_DBG_HTTP, "test: Using proxied session to port %u.\n", port); ne_session_proxy(*sess, "127.0.0.1", port); return OK; } static void fakesess_destroy(void *userdata) { ne_inet_addr *addr = userdata; ne_iaddr_free(addr); } int fakeproxied_session_server(ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata) { return fakeproxied_multi_session_server(1, sess, scheme, host, fakeport, fn, userdata); } int fakeproxied_multi_session_server(int count, ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata) { unsigned int port; ne_inet_addr *addr; const ne_inet_addr *alist[1]; CALL(new_spawn_server2(count, fn, userdata, &addr, &port)); alist[0] = addr; *sess = ne_session_create(scheme, host, fakeport); ne_set_addrlist2(*sess, port, alist, 1); ne_hook_destroy_session(*sess, fakesess_destroy, addr); return OK; } int make_session(ne_session **sess, server_fn fn, void *ud) { return session_server(sess, fn, ud); } int file_to_buffer(const char *filename, ne_buffer *buf) { char buffer[BUFSIZ]; int fd; ssize_t n; fd = open(filename, O_RDONLY); ONV(fd < 0, ("could not open file %s", filename)); while ((n = read(fd, buffer, BUFSIZ)) > 0) { ne_buffer_append(buf, buffer, n); } close(fd); return 0; } neon-0.32.2/test/utils.h000066400000000000000000000125771416727304000150450ustar00rootroot00000000000000/* neon-specific test utils Copyright (C) 2001-2009, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #ifndef UTILS_H #define UTILS_H 1 #include "ne_request.h" #include "child.h" #define ONREQ(x) do { int _ret = (x); if (_ret) { t_context("line %d: HTTP error:\n%s", __LINE__, ne_get_error(sess)); return FAIL; } } while (0); int single_serve_string(ne_socket *s, void *userdata); int serve_response(ne_socket *s, const char *response); struct many_serve_args { int count; const char *str; }; /* Serves args->str response args->count times down a single * connection. */ int many_serve_string(ne_socket *s, void *userdata); /* Run a request using URI on the session. */ int any_request(ne_session *sess, const char *uri); /* Run a request using URI on the session; fail on a non-2xx response. */ int any_2xx_request(ne_session *sess, const char *uri); /* As above but with a request body. */ int any_2xx_request_body(ne_session *sess, const char *uri); /* As any_2xx_request but with a specified method. */ int any_2xx_request_method(ne_session *sess, const char *method, const char *uri); /* makes *session, spawns server which will run 'fn(userdata, * socket)'. sets error context if returns non-zero, i.e use like: * CALL(make_session(...)); */ int make_session(ne_session **sess, server_fn fn, void *userdata); /* Server which sleeps for 10 seconds then closes the socket. */ int sleepy_server(ne_socket *sock, void *userdata); struct string { char *data; size_t len; }; struct double_serve_args { struct string first, second; }; /* Serve a struct string. */ int serve_sstring(ne_socket *sock, void *ud); /* Discards an HTTP request, serves response ->first, discards another * HTTP request, then serves response ->second. */ int double_serve_sstring(ne_socket *s, void *userdata); /* Serve a struct string slowly. */ int serve_sstring_slowly(ne_socket *sock, void *ud); struct infinite { const char *header, *repeat; }; /* Pass a "struct infinite *" as userdata, this function sends * ->header and then loops sending ->repeat forever. */ int serve_infinite(ne_socket *sock, void *ud); /* SOCKS server stuff. */ struct socks_server { enum ne_sock_sversion version; enum socks_failure { fail_none = 0, fail_init_vers, fail_init_close, fail_init_trunc, fail_no_auth, fail_bogus_auth, fail_auth_close, fail_auth_denied } failure; unsigned int expect_port; ne_inet_addr *expect_addr; const char *expect_fqdn; const char *username; const char *password; int say_hello; server_fn server; void *userdata; }; int socks_server(ne_socket *sock, void *userdata); int full_write(ne_socket *sock, const char *data, size_t len); /* Create a session with server process running fn(userdata). Sets * test suite error on failure; initializes *sess with a new session * on success. Uses an unspecified hostname/port for the server. */ int session_server(ne_session **sess, server_fn fn, void *userdata); /* Create a session for scheme with server process running count * multiple iterations fn(userdata). Sets test suite error on * failure; initializes *sess with a new session on success. Uses an * unspecified hostname/port for the server. */ int multi_session_server(ne_session **sess, const char *scheme, const char *hostname, int count, server_fn fn, void *userdata); /* Create a session with server process running fn(userdata). Sets * test suite error on failure; initializes *sess with a new session * on success. Uses an unspecified hostname/port for the server; * session is created as if using origin 'host:fakeport' via HTTP * proxy to spawned server. */ int proxied_session_server(ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata); /* As per proxied_session_server, but uses a "fake" (direct) TCP proxy * rather than an HTTP proxy. */ int fakeproxied_session_server(ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata); /* As per fakeproxied_session_server, but also takes an iteration * count. */ int fakeproxied_multi_session_server(int count, ne_session **sess, const char *scheme, const char *host, unsigned int fakeport, server_fn fn, void *userdata); /* Read contents of file 'filename' into buffer 'buf'. */ int file_to_buffer(const char *filename, ne_buffer *buf); #endif /* UTILS_H */ neon-0.32.2/test/xml.c000066400000000000000000000454621416727304000144770ustar00rootroot00000000000000/* neon test suite Copyright (C) 2002-2007, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_xml.h" #include "tests.h" #include "child.h" #include "utils.h" #define ABORT (-42) /* magic code for abort handlers */ #define EVAL_DEFAULT "eval-xmlns-default" #define EVAL_SPECIFIC "eval-xmlns-specific-" struct context { ne_buffer *buf; ne_xml_parser *parser; }; /* A set of SAX handlers which serialize SAX events back into a * pseudo-XML-like string. */ static int startelm(void *userdata, int state, const char *nspace, const char *name, const char **atts) { struct context *ctx = userdata; ne_buffer *buf = ctx->buf; int n; if (strcmp(name, "decline") == 0) return NE_XML_DECLINE; if (strcmp(name, EVAL_DEFAULT) == 0) { const char *val = ne_xml_resolve_nspace(ctx->parser, NULL, 0); ne_buffer_concat(ctx->buf, EVAL_DEFAULT "=[", val, "]", NULL); return NE_XML_DECLINE; } else if (strncmp(name, EVAL_SPECIFIC, strlen(EVAL_SPECIFIC)) == 0) { const char *which = name + strlen(EVAL_SPECIFIC); const char *r = ne_xml_resolve_nspace(ctx->parser, which, strlen(which)); ne_buffer_concat(ctx->buf, name, "=[", r, "]", NULL); return NE_XML_DECLINE; } ne_buffer_concat(buf, "<", "{", nspace, "}", name, NULL); for (n = 0; atts && atts[n] != NULL; n+=2) { ne_buffer_concat(buf, " ", atts[n], "='", atts[n+1], "'", NULL); } ne_buffer_zappend(buf, ">"); return state + 1; } static int chardata(void *userdata, int state, const char *cdata, size_t len) { struct context *ctx = userdata; ne_buffer_append(ctx->buf, cdata, len); return strncmp(cdata, "!ABORT!", len) == 0 ? ABORT : NE_XML_DECLINE; } static int endelm(void *userdata, int state, const char *nspace, const char *name) { struct context *ctx = userdata; ne_buffer_concat(ctx->buf, "", NULL); return 0; } /* A set of SAX handlers which do as above, but change some element * names; used to check nested SAX handling is working properly. */ static int startelm_xform(void *userdata, int state, const char *nspace, const char *name, const char **atts) { if (strcmp(nspace, "two") == 0) return startelm(userdata, state, nspace, "xform", atts); else return NE_XML_DECLINE; } static int endelm_xform(void *userdata, int state, const char *nspace, const char *name) { if (strcmp(nspace, "two") == 0) return endelm(userdata, state, nspace, "xform"); else return NE_XML_DECLINE; } /* A set of SAX handlers which verify that state handling is working * correctly. */ static int startelm_state(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { struct context *ctx = userdata; int n; if (strcmp(nspace, "state") != 0) return NE_XML_DECLINE; for (n = 0; atts[n]; n += 2) { if (strcmp(atts[n], "parent") == 0) { int expected = atoi(atts[n+1]); if (expected != parent) { char err[50]; sprintf(err, "parent state of %s was %d not %d", name, parent, expected); ne_buffer_zappend(ctx->buf, err); } } } return atoi(name+1); } static int endelm_state(void *userdata, int state, const char *nspace, const char *name) { int expected = atoi(name + 1); struct context *ctx = userdata; if (state != expected) ne_buffer_concat(ctx->buf, "wrong state in endelm of ", name, NULL); return 0; } /* A set of SAX handlers which verify that abort handling is working * correctly. */ static int startelm_abort(void *userdata, int parent, const char *nspace, const char *name, const char **atts) { struct context *ctx = userdata; if (strcmp(name, "abort-start") == 0) { ne_buffer_zappend(ctx->buf, "ABORT"); return ABORT; } else return startelm(ctx, parent, nspace, name, atts); } static int endelm_abort(void *userdata, int state, const char *nspace, const char *name) { struct context *ctx = userdata; if (strcmp(name, "abort-end") == 0) { ne_buffer_zappend(ctx->buf, "ABORT"); return ABORT; } else return 0; } /* Test mode for parse_match: */ enum match_type { match_valid = 0, /* test that the parse succeeds */ match_invalid, /* test that the parse fails */ match_nohands, /* test with no handlers registered */ match_encoding, /* test whether the encoding is equal to the result string */ match_chunked /* parse the document one byte at a time */ }; static int parse_match(const char *doc, const char *result, enum match_type t) { const char *origdoc = doc; ne_xml_parser *p = ne_xml_create(); ne_buffer *buf = ne_buffer_create(); int ret; struct context ctx; ctx.buf = buf; ctx.parser = p; if (t == match_invalid) ne_xml_push_handler(p, startelm_abort, chardata, endelm_abort, &ctx); if (t != match_encoding && t != match_nohands) { ne_xml_push_handler(p, startelm_state, NULL, endelm_state, &ctx); ne_xml_push_handler(p, startelm, chardata, endelm, &ctx); ne_xml_push_handler(p, startelm_xform, chardata, endelm_xform, &ctx); } if (t == match_chunked) { do { ret = ne_xml_parse(p, doc++, 1); } while (ret == 0 && *doc); } else { ret = ne_xml_parse(p, doc, strlen(doc)); } if (ret == 0) { ne_xml_parse(p, "", 0); } ONV(ret != ne_xml_failed(p), ("'%s': ne_xml_failed gave %d not %d", origdoc, ne_xml_failed(p), ret)); if (t == match_invalid) ONV(ret != ABORT, ("for '%s': parse got %d not abort failure: %s", origdoc, ret, buf->data)); else ONV(ret, ("for '%s': parse failed: %s", origdoc, ne_xml_get_error(p))); if (t == match_encoding) { const char *enc = ne_xml_doc_encoding(p); ONV(strcmp(enc, result), ("for '%s': encoding was `%s' not `%s'", origdoc, enc, result)); } else if (t == match_valid || t == match_chunked) { ONV(strcmp(result, buf->data), ("for '%s': result mismatch: %s not %s", origdoc, buf->data, result)); } ne_xml_destroy(p); ne_buffer_destroy(buf); return OK; } static int matches(void) { #define PFX "\r\n" #define E(ns, n) "<{" ns "}" n ">" static const struct { const char *in, *out; enum match_type invalid; } ms[] = { /*** Simplest tests ***/ { PFX "", "<{}hello>"}, { PFX "", "<{}hello foo='bar'>"}, /*** Tests for character data handling. ***/ { PFX " world", "<{}hello> world"}, /* test for cdata between elements. */ { PFX "\r\n world", "<{}hello>\n<{}wide> world"}, /* UTF-8 XML Byte Order Mark */ { "\xEF\xBB\xBF" PFX "", "<{}hello>" }, /* UTF-8 XML Byte Order Mark */ { "\xEF\xBB\xBF" PFX "", "<{}hello>", match_chunked }, /* UTF-8 XML Byte Order Mark sans prolog */ { "\xEF\xBB\xBF" "", "<{}hello>" }, /*** Tests for namespace handling. ***/ #define NSA "xmlns:foo='bar'" { PFX "", "<{bar}widget " NSA ">" "" }, /* inherited namespace expansion. */ { PFX "", "<{}widget " NSA ">" E("bar", "norman") ""}, { PFX "" "", "<{}widget " NSA " xmlns:abc='def' xmlns:g='z'>" E("bar", "norman") ""}, /* empty namespace default takes precedence. */ { PFX "" "", "<{foo}widget xmlns='foo'><{}smidgen xmlns=''>" E("", "norman") "" }, /* inherited empty namespace default */ { PFX "", "<{foo}bar xmlns='foo'><{}grok xmlns=''>" E("", "fish") "" }, /* regression test for neon <= 0.23.5 with libxml2, where the * "dereference entities" flag was not set by default. */ { PFX "", "<{}widget foo='no&body'>" }, { PFX "", "<{}widget foo='no body'>" }, /* tests for declined branches */ { PFX "fish" "yesgoodbye", "<{}hello><{}world>yesgoodbye" }, { PFX "fishbar", "<{}hello>" E("", "fish") "" }, /* tests for nested SAX handlers */ { PFX "", "<{two}hello xmlns='two'>" E("two", "xform") ""}, /* test for nspace resolution. */ { PFX "<" EVAL_DEFAULT "/>", "<{fish}hello xmlns='fish'>" EVAL_DEFAULT "=[fish]" "" }, { PFX "<" EVAL_DEFAULT "/>", "<{}hello>" EVAL_DEFAULT "=[]" }, { PFX "<" EVAL_SPECIFIC "foo/>", "<{}hello xmlns:foo='bar'>" EVAL_SPECIFIC "foo=[bar]" }, /* tests for state handling */ { PFX "", "" }, { PFX "", "" }, { PFX "blah", "" }, /* tests for abort handling */ { PFX "", "<{}hello><{}merry>ABORT", match_invalid }, { PFX "fish", "<{}hello><{}merry><{}abort-end>ABORT", match_invalid }, { PFX "!ABORT!", "<{}hello>!ABORT!", match_invalid }, { PFX "!ABORT!", "<{}hello>!ABORT!", match_invalid }, { PFX "!ABORT!", "<{}hello>!ABORT!", match_invalid }, /* tests for encodings */ { "", "ISO-8859-1", match_encoding }, { "", "UTF-8", match_encoding }, /* test that parse is valid even with no handlers registered. */ { PFX "world", "", match_nohands }, /* regression test for prefix matching bug fixed in 0.18.0 */ #define THENS "xmlns:d='foo' xmlns:dd='bar'" { PFX "", "<{foo}hello " THENS ">" }, /**** end of list ****/ { NULL, NULL } }; int n; for (n = 0; ms[n].in != NULL; n++) { CALL(parse_match(ms[n].in, ms[n].out, ms[n].invalid)); } return OK; } static int mapping(void) { static const struct ne_xml_idmap map[] = { { "fee", "bar", 1 }, { "foo", "bar", 2 }, { "bar", "foo", 3 }, { "", "bob", 4 }, { "balloon", "buffoon", 5}, { NULL, NULL, 0} }; int n; for (n = 0; map[n].id; n++) { int id = ne_xml_mapid(map, NE_XML_MAPLEN(map) - 1, map[n].nspace, map[n].name); ONV(id != map[n].id, ("mapped to id %d not %d", id, map[n].id)); } n = ne_xml_mapid(map, NE_XML_MAPLEN(map) - 1, "no-such", "element"); ONV(n != 0, ("unknown element got id %d not zero", n)); return OK; } /* Test for some parse failures */ static int fail_parse(void) { static const char *docs[] = { "foo", PFX "", /* malformed namespace declarations */ PFX "", PFX "", PFX "", PFX "", PFX "", PFX "", /* element names which are not valid QNames. */ PFX "", PFX "<:fee/>", PFX "<0fish/>", PFX "", PFX "", PFX "", PFX "", #if 0 /* currently disabled to allow SVN to work */ PFX "", PFX "", PFX "", PFX "", #endif /* These are tests of XML parser itself really... */ /* 2-byte encoding of '.': */ PFX "" "\x2F\xC0\xAE\x2E\x2F" "", /* 3-byte encoding of '.': */ PFX "" "\x2F\xE0\x80\xAE\x2E\x2F" "", /* 4-byte encoding of '.': */ PFX "" "\x2F\xF0\x80\x80\xAE\x2E\x2F" "", /* 5-byte encoding of '.': */ PFX "" "\x2F\xF8\x80\x80\x80\xAE\x2E\x2F" "", /* 6-byte encoding of '.': */ PFX "" "\x2F\xFC\x80\x80\x80\x80\xAE\x2E\x2F" "", /* two-byte encoding of '<' must not be parsed as a '<': */ PFX "\xC0\xBC" "foo>", /* Invalid UTF-8 XML Byte Order Marks */ "\xEF\xBB" PFX "", "\xEF" PFX "", "\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]>\ &laugh30;\ ", NULL }; int n; for (n = 0; docs[n]; n++) { ne_xml_parser *p = ne_xml_create(); const char *err; ne_xml_parse(p, docs[n], strlen(docs[n])); ne_xml_parse(p, "", 0); ONV(ne_xml_failed(p) <= 0, ("`%s' did not get positive parse error", docs[n])); err = ne_xml_get_error(p); NE_DEBUG(NE_DBG_HTTP, "Parse error for '%s': %s\n", docs[n], err); ONV(strstr(err, "parse error") == NULL && strstr(err, "Invalid Byte Order Mark") == NULL, ("bad error %s", err)); ne_xml_destroy(p); } return OK; } static int check_attrib(ne_xml_parser *p, const char **atts, const char *nspace, const char *name, const char *value) { const char *act = ne_xml_get_attr(p, atts, nspace, name); char err[50]; int ret = 0; if (value == NULL) { if (act != NULL) { sprintf(err, "attribute %s was set to %s", name, act); ret = NE_XML_ABORT; } } else { if (act == NULL) { sprintf(err, "attribute %s not found", name); ret = NE_XML_ABORT; } else if (strcmp(act, value) != 0) { sprintf(err, "attribute %s was %s not %s", name, act, value); ret = NE_XML_ABORT; } } if (ret == NE_XML_ABORT) ne_xml_set_error(p, err); return ret; } static int startelm_attrib(void *userdata, int state, const char *nspace, const char *name, const char **atts) { ne_xml_parser *p = userdata; if (strcmp(name, "hello") == 0) { CALL(check_attrib(p, atts, NULL, "first", "second")); CALL(check_attrib(p, atts, NULL, "third", "")); CALL(check_attrib(p, atts, "garth", "bar", "asda")); CALL(check_attrib(p, atts, "giraffe", "bar", NULL)); CALL(check_attrib(p, atts, "hot", "dog", NULL)); CALL(check_attrib(p, atts, NULL, "nonesuch", NULL)); } else if (strcmp(name, "goodbye") == 0) { if (atts[0] != NULL) { ne_xml_set_error(p, "non-empty attrib array"); return 1; } } return 1; } static int attributes(void) { ne_xml_parser *p = ne_xml_create(); static const char doc[] = PFX ""; ne_xml_push_handler(p, startelm_attrib, NULL, NULL, p); ne_xml_parse_v(p, doc, strlen(doc)); ONV(ne_xml_failed(p), ("parse error: %s", ne_xml_get_error(p))); ne_xml_destroy(p); return OK; } /* Test for the get/set error interface */ static int errors(void) { ne_xml_parser *p = ne_xml_create(); const char *err; ONV(strcmp(ne_xml_get_error(p), "Unknown error") != 0, ("initial error string unspecified")); ne_xml_set_error(p, "Fish food"); err = ne_xml_get_error(p); ONV(strcmp(err, "Fish food"), ("wrong error %s!", err)); ne_xml_destroy(p); return 0; } ne_test tests[] = { T(matches), T(mapping), T(fail_parse), T(attributes), T(errors), T(NULL) }; neon-0.32.2/test/xmlreq.c000066400000000000000000000114101416727304000151710ustar00rootroot00000000000000/* Test cases for the ne_xmlreq.h interface. Copyright (C) 2005-2006, Joe Orton This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "config.h" #include #ifdef HAVE_STDLIB_H #include #endif #ifdef HAVE_UNISTD_H #include #endif #include "ne_xmlreq.h" #include "tests.h" #include "utils.h" /* Dummy start_element callback; takes int * userdata and toggles the * pointed-to int iff the root element has name "hello". Accepts all * elements. */ static int startelm(void *userdata, int state, const char *nspace, const char *name, const char **atts) { int *flag = userdata; if (state == NE_XML_STATEROOT && strcmp(name, "hello") == 0) { *flag = !*flag; } return ++state; } static int success(void) { ne_session *sess; ne_request *req; ne_xml_parser *parser; int flag = 0; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK\r\n" "Content-Type: text/xml\r\n" "Connection: close\r\n" "\r\n" "\n" "")); req = ne_request_create(sess, "PARSE", "/"); parser = ne_xml_create(); ne_xml_push_handler(parser, startelm, NULL, NULL, &flag); ONREQ(ne_xml_dispatch_request(req, parser)); ONN("XML parser not invoked", !flag); ne_xml_destroy(parser); ne_request_destroy(req); ne_session_destroy(sess); return await_server(); } static int failure(void) { ne_session *sess; ne_request *req; ne_xml_parser *parser; CALL(make_session(&sess, single_serve_string, "HTTP/1.1 200 OK\r\n" "Content-Type: text/xml\r\n" "Connection: close\r\n" "\r\n" "\n" "")); req = ne_request_create(sess, "PARSE", "/"); parser = ne_xml_create(); ONN("XML parse did not fail", ne_xml_dispatch_request(req, parser) == NE_OK); NE_DEBUG(NE_DBG_HTTP, "error string: %s\n", ne_get_error(sess)); ONV(strstr(ne_get_error(sess), "200 OK") != NULL, ("no error string set on parse error: '%s'", ne_get_error(sess))); ne_xml_destroy(parser); ne_request_destroy(req); ne_session_destroy(sess); return await_server(); } static int types(void) { static const struct { const char *type; int is_xml; } ts[] = { { "text/xml", 1 }, { "tExT/XmL", 1 }, { "text/html", 0 }, { "application/foo+xml", 1 }, { "aPpLiCaTION/FoOOO+xMl", 1 }, { "application/xml", 1 }, { "application/+xml", 0 }, { "application/fish+xml2", 0 }, { "foo/bar+xml", 1 }, { "f/b", 0 }, { "garble garble wotsit", 0 } }; unsigned n; for (n = 0; n < sizeof(ts)/sizeof(ts[0]); n++) { char resp[128]; ne_session *sess; ne_request *req; ne_xml_parser *parser; int flag = 0; ne_snprintf(resp, sizeof resp, "HTTP/1.1 200 OK\r\n" "Content-Type: %s\r\n" "Connection: close\r\n" "\r\n" "\n" "", ts[n].type); CALL(make_session(&sess, single_serve_string, resp)); req = ne_request_create(sess, "PARSE", "/"); parser = ne_xml_create(); ne_xml_push_handler(parser, startelm, NULL, NULL, &flag); ONREQ(ne_xml_dispatch_request(req, parser)); ONV(flag && !ts[n].is_xml, ("XML parser invoked for non-XML type: %s", ts[n].type)); ONV(!flag && ts[n].is_xml, ("XML parser not invoked for XML type: %s", ts[n].type)); ne_xml_destroy(parser); ne_request_destroy(req); ne_session_destroy(sess); CALL(await_server()); } return OK; } ne_test tests[] = { T(success), T(failure), T(types), T(NULL) };