Newer
Older
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
***************************************************************************/
#include "curl_setup.h"
#ifndef CURL_DISABLE_HTTP
#ifdef HAVE_NETDB_H
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#include "transfer.h"
#include "sendf.h"
#include "formdata.h"
#include "progress.h"
#include "curl_base64.h"
#include "cookie.h"
#include "strequal.h"
#include "sslgen.h"
#include "http_digest.h"
#include "curl_ntlm_wb.h"
#include "http_negotiate.h"
#include "url.h"
#include "share.h"
#include "hostip.h"
#include "http.h"
#include "select.h"
#include "parsedate.h" /* for the week day and month names */
#include "strtoofft.h"
#include "multiif.h"
#include "rawstr.h"
#include "content_encoding.h"
#include "http_proxy.h"
#include "warnless.h"
#include "non-ascii.h"
#include "bundles.h"
#include "pipeline.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
/* The last #include file should be: */
Patrick Monnerat
committed
/*
* Forward declarations.
*/
Daniel Stenberg
committed
static int http_getsock_do(struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
static int http_should_fail(struct connectdata *conn);
static CURLcode https_connecting(struct connectdata *conn, bool *done);
static int https_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
#else
#define https_connecting(x,y) CURLE_COULDNT_CONNECT
Patrick Monnerat
committed
/*
* HTTP handler interface.
*/
const struct Curl_handler Curl_handler_http = {
"HTTP", /* scheme */
Curl_http_setup_conn, /* setup_connection */
Patrick Monnerat
committed
Curl_http, /* do_it */
Curl_http_done, /* done */
ZERO_NULL, /* do_more */
Patrick Monnerat
committed
Curl_http_connect, /* connect_it */
ZERO_NULL, /* connecting */
ZERO_NULL, /* doing */
ZERO_NULL, /* proto_getsock */
Daniel Stenberg
committed
http_getsock_do, /* doing_getsock */
ZERO_NULL, /* domore_getsock */
Daniel Stenberg
committed
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
Patrick Monnerat
committed
PORT_HTTP, /* defport */
Patrick Monnerat
committed
};
#ifdef USE_SSL
/*
* HTTPS handler interface.
*/
const struct Curl_handler Curl_handler_https = {
"HTTPS", /* scheme */
Curl_http_setup_conn, /* setup_connection */
Patrick Monnerat
committed
Curl_http, /* do_it */
Curl_http_done, /* done */
ZERO_NULL, /* do_more */
Patrick Monnerat
committed
Curl_http_connect, /* connect_it */
https_connecting, /* connecting */
ZERO_NULL, /* doing */
https_getsock, /* proto_getsock */
Daniel Stenberg
committed
http_getsock_do, /* doing_getsock */
ZERO_NULL, /* domore_getsock */
Daniel Stenberg
committed
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
Patrick Monnerat
committed
PORT_HTTPS, /* defport */
CURLPROTO_HTTP | CURLPROTO_HTTPS, /* protocol */
Patrick Monnerat
committed
};
#endif
CURLcode Curl_http_setup_conn(struct connectdata *conn)
{
/* allocate the HTTP-specific struct for the SessionHandle, only to survive
during this request */
DEBUGASSERT(conn->data->req.protop == NULL);
conn->data->req.protop = calloc(1, sizeof(struct HTTP));
if(!conn->data->req.protop)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
/*
* checkheaders() checks the linked list of custom HTTP headers for a
* particular header (prefix).
*
* Returns a pointer to the first matching header or NULL if none matched.
*/
Daniel Stenberg
committed
char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader)
{
struct curl_slist *head;
size_t thislen = strlen(thisheader);
for(head = data->set.headers; head; head=head->next) {
if(Curl_raw_nequal(head->data, thisheader, thislen))
return head->data;
}
return NULL;
}
/*
* Strip off leading and trailing whitespace from the value in the
* given HTTP header line and return a strdupped copy. Returns NULL in
* case of allocation failure. Returns an empty string if the header value
* consists entirely of whitespace.
*/
static char *copy_header_value(const char *h)
{
const char *start;
const char *end;
char *value;
size_t len;
DEBUGASSERT(h);
/* Find the end of the header name */
while(*h && (*h != ':'))
/* Skip over colon */
++h;
/* Find the first non-space letter */
start = h;
while(*start && ISSPACE(*start))
start++;
/* data is in the host encoding so
use '\r' and '\n' instead of 0x0d and 0x0a */
end = strchr(start, '\r');
if(!end)
end = strchr(start, '\n');
if(!end)
end = strchr(start, '\0');
/* skip all trailing space letters */
/* get length of the type */
len = end-start+1;
value = malloc(len + 1);
if(!value)
return NULL;
memcpy(value, start, len);
value[len] = 0; /* zero terminate */
return value;
}
* http_output_basic() sets up an Authorization: header (or the proxy version)
* for HTTP Basic authentication.
static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
{
size_t size = 0;
char *authorization = NULL;
struct SessionHandle *data = conn->data;
const char *user;
const char *pwd;
CURLcode error;
if(proxy) {
userp = &conn->allocptr.proxyuserpwd;
user = conn->proxyuser;
pwd = conn->proxypasswd;
}
else {
userp = &conn->allocptr.userpwd;
user = conn->user;
pwd = conn->passwd;
}
snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
error = Curl_base64_encode(data,
data->state.buffer, strlen(data->state.buffer),
&authorization, &size);
if(error)
return error;
if(!authorization)
return CURLE_REMOTE_ACCESS_DENIED;
Curl_safefree(*userp);
*userp = aprintf("%sAuthorization: Basic %s\r\n",
proxy?"Proxy-":"",
authorization);
free(authorization);
if(!*userp)
return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
/* pickoneauth() selects the most favourable authentication method from the
* ones available and the ones we want.
* return TRUE if one was picked
static bool pickoneauth(struct auth *pick)
{
Daniel Stenberg
committed
/* only deal with authentication we want */
unsigned long avail = pick->avail & pick->want;
Daniel Stenberg
committed
picked = TRUE;
/* The order of these checks is highly relevant, as this will be the order
of preference in case of the existence of multiple accepted types. */
Daniel Stenberg
committed
if(avail & CURLAUTH_GSSNEGOTIATE)
pick->picked = CURLAUTH_GSSNEGOTIATE;
else if(avail & CURLAUTH_DIGEST)
pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM)
pick->picked = CURLAUTH_NTLM;
else if(avail & CURLAUTH_NTLM_WB)
pick->picked = CURLAUTH_NTLM_WB;
Daniel Stenberg
committed
else if(avail & CURLAUTH_BASIC)
pick->picked = CURLAUTH_BASIC;
else {
pick->picked = CURLAUTH_PICKNONE; /* we select to use nothing */
picked = FALSE;
}
Daniel Stenberg
committed
pick->avail = CURLAUTH_NONE; /* clear it here */
}
Daniel Stenberg
committed
* Curl_http_perhapsrewind()
*
* If we are doing POST or PUT {
* If we have more data to send {
* If we are doing NTLM {
* Keep sending since we must not disconnect
* }
* else {
* If there is more than just a little data left to send, close
* the current connection by force.
* }
* }
* If we have sent any data {
* If we don't have track of all the data {
* call app to tell it to rewind
* }
* else {
* rewind internally so that the operation can restart fine
* }
* }
* }
*/
static CURLcode http_perhapsrewind(struct connectdata *conn)
{
struct SessionHandle *data = conn->data;
struct HTTP *http = data->req.protop;
curl_off_t bytessent;
curl_off_t expectsend = -1; /* default is unknown */
if(!http)
/* If this is still NULL, we have not reach very far and we can safely
skip this rewinding stuff */
return CURLE_OK;
Daniel Stenberg
committed
switch(data->set.httpreq) {
case HTTPREQ_GET:
case HTTPREQ_HEAD:
return CURLE_OK;
default:
break;
}
bytessent = http->writebytecount;
Daniel Stenberg
committed
if(conn->bits.authneg)
/* This is a state where we are known to be negotiating and we don't send
any data then. */
expectsend = 0;
else {
/* figure out how much data we are expected to send */
switch(data->set.httpreq) {
case HTTPREQ_POST:
if(data->set.postfieldsize != -1)
expectsend = data->set.postfieldsize;
Daniel Stenberg
committed
else if(data->set.postfields)
expectsend = (curl_off_t)strlen(data->set.postfields);
Daniel Stenberg
committed
break;
case HTTPREQ_PUT:
if(data->set.infilesize != -1)
expectsend = data->set.infilesize;
break;
case HTTPREQ_POST_FORM:
expectsend = http->postsize;
break;
default:
break;
}
}
conn->bits.rewindaftersend = FALSE; /* default */
if((expectsend == -1) || (expectsend > bytessent)) {
/* There is still data left to send */
Daniel Stenberg
committed
if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
(data->state.authhost.picked == CURLAUTH_NTLM) ||
(data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
Daniel Stenberg
committed
if(((expectsend - bytessent) < 2000) ||
(conn->ntlm.state != NTLMSTATE_NONE) ||
(conn->proxyntlm.state != NTLMSTATE_NONE)) {
Daniel Stenberg
committed
/* The NTLM-negotiation has started *OR* there is just a little (<2K)
data left to send, keep on sending. */
/* rewind data when completely done sending! */
if(!conn->bits.authneg) {
Daniel Stenberg
committed
conn->bits.rewindaftersend = TRUE;
infof(data, "Rewind stream after send\n");
}
Daniel Stenberg
committed
return CURLE_OK;
}
if(conn->bits.close)
/* this is already marked to get closed */
return CURLE_OK;
infof(data, "NTLM send, close instead of sending %" FORMAT_OFF_T
Daniel Stenberg
committed
/* This is not NTLM or many bytes left to send: close
Daniel Stenberg
committed
*/
conn->bits.close = TRUE;
Daniel Stenberg
committed
data->req.size = 0; /* don't download any more than 0 bytes */
Daniel Stenberg
committed
/* There still is data left to send, but this connection is marked for
closure so we can safely do the rewind right now */
}
if(bytessent)
Daniel Stenberg
committed
/* we rewind now at once since if we already sent something */
return Curl_readrewind(conn);
return CURLE_OK;
}
/*
* Curl_http_auth_act() gets called when all HTTP headers have been received
* and it checks what authentication methods that are available and decides
* which one (if any) to use. It will set 'newurl' if an auth method was
*/
CURLcode Curl_http_auth_act(struct connectdata *conn)
{
struct SessionHandle *data = conn->data;
bool pickhost = FALSE;
bool pickproxy = FALSE;
CURLcode code = CURLE_OK;
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
Daniel Stenberg
committed
/* this is a transient response code, ignore */
return CURLE_OK;
if(data->state.authproblem)
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
Daniel Stenberg
committed
if(conn->bits.user_passwd &&
Daniel Stenberg
committed
((data->req.httpcode == 401) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
pickhost = pickoneauth(&data->state.authhost);
Daniel Stenberg
committed
if(!pickhost)
data->state.authproblem = TRUE;
}
Daniel Stenberg
committed
if(conn->bits.proxy_user_passwd &&
Daniel Stenberg
committed
((data->req.httpcode == 407) ||
(conn->bits.authneg && data->req.httpcode < 300))) {
pickproxy = pickoneauth(&data->state.authproxy);
Daniel Stenberg
committed
if(!pickproxy)
data->state.authproblem = TRUE;
}
if(pickhost || pickproxy) {
Daniel Stenberg
committed
/* In case this is GSS auth, the newurl field is already allocated so
we must make sure to free it before allocating a new one. As figured
out in bug #2284386 */
Curl_safefree(data->req.newurl);
Daniel Stenberg
committed
data->req.newurl = strdup(data->change.url); /* clone URL */
if(!data->req.newurl)
if((data->set.httpreq != HTTPREQ_GET) &&
Daniel Stenberg
committed
(data->set.httpreq != HTTPREQ_HEAD) &&
!conn->bits.rewindaftersend) {
if(code)
return code;
}
}
Daniel Stenberg
committed
else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) &&
Daniel Stenberg
committed
/* no (known) authentication available,
authentication is not "done" yet and
no authentication seems to be required and
we didn't try HEAD or GET */
if((data->set.httpreq != HTTPREQ_GET) &&
(data->set.httpreq != HTTPREQ_HEAD)) {
Daniel Stenberg
committed
data->req.newurl = strdup(data->change.url); /* clone URL */
if(!data->req.newurl)
data->state.authhost.done = TRUE;
Daniel Stenberg
committed
}
}
failf (data, "The requested URL returned error: %d",
Daniel Stenberg
committed
data->req.httpcode);
code = CURLE_HTTP_RETURNED_ERROR;
}
return code;
}
/*
* Output the correct authentication header depending on the auth type
* and whether or not it is to a proxy.
*/
static CURLcode
output_auth_headers(struct connectdata *conn,
struct auth *authstatus,
const char *request,
const char *path,
bool proxy)
{
struct SessionHandle *data = conn->data;
const char *auth=NULL;
CURLcode result = CURLE_OK;
#ifdef USE_HTTP_NEGOTIATE
Daniel Stenberg
committed
struct negotiatedata *negdata = proxy?
&data->state.proxyneg:&data->state.negotiate;
#endif
(void)request;
(void)path;
#endif
#ifdef USE_HTTP_NEGOTIATE
if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
Daniel Stenberg
committed
negdata->context && !GSS_ERROR(negdata->status)) {
auth="GSS-Negotiate";
result = Curl_output_negotiate(conn, proxy);
if(result)
return result;
authstatus->done = TRUE;
Daniel Stenberg
committed
negdata->state = GSS_AUTHSENT;
}
else
#endif
#ifdef USE_NTLM
if(authstatus->picked == CURLAUTH_NTLM) {
auth="NTLM";
result = Curl_output_ntlm(conn, proxy);
if(result)
return result;
}
else
#endif
#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
if(authstatus->picked == CURLAUTH_NTLM_WB) {
auth="NTLM_WB";
result = Curl_output_ntlm_wb(conn, proxy);
if(result)
return result;
}
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(authstatus->picked == CURLAUTH_DIGEST) {
auth="Digest";
result = Curl_output_digest(conn,
proxy,
(const unsigned char *)request,
(const unsigned char *)path);
if(result)
return result;
}
else
#endif
if(authstatus->picked == CURLAUTH_BASIC) {
/* Basic */
if((proxy && conn->bits.proxy_user_passwd &&
Daniel Stenberg
committed
!Curl_checkheaders(data, "Proxy-authorization:")) ||
(!proxy && conn->bits.user_passwd &&
Daniel Stenberg
committed
!Curl_checkheaders(data, "Authorization:"))) {
auth="Basic";
result = http_output_basic(conn, proxy);
if(result)
}
/* NOTE: this function should set 'done' TRUE, as the other auth
functions work that way */
authstatus->done = TRUE;
}
if(auth) {
infof(data, "%s auth using %s with user '%s'\n",
proxy?"Proxy":"Server", auth,
proxy?(conn->proxyuser?conn->proxyuser:""):
(conn->user?conn->user:""));
authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
}
else
authstatus->multi = FALSE;
return CURLE_OK;
}
Daniel Stenberg
committed
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication
* method. conn->data->state.authdone is set to TRUE when authentication is
* done.
Daniel Stenberg
committed
*
* @param conn all information about the current connection
* @param request pointer to the request keyword
* @param path pointer to the requested path
* @param proxytunnel boolean if this is the request setting up a "proxy
* tunnel"
* @returns CURLcode
*/
CURLcode
Curl_http_output_auth(struct connectdata *conn,
const char *request,
const char *path,
bool proxytunnel) /* TRUE if this is the request setting
up the proxy tunnel */
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
struct auth *authhost;
struct auth *authproxy;
DEBUGASSERT(data);
authhost = &data->state.authhost;
authproxy = &data->state.authproxy;
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
conn->bits.user_passwd)
/* continue please */ ;
else {
authhost->done = TRUE;
authproxy->done = TRUE;
return CURLE_OK; /* no authentication with no user or password */
}
if(authhost->want && !authhost->picked)
/* The app has selected one or more methods, but none has been picked
so far by a server round-trip. Then we set the picked one to the
want one, and if this is one single bit it'll be used instantly. */
authhost->picked = authhost->want;
if(authproxy->want && !authproxy->picked)
Daniel Stenberg
committed
/* The app has selected one or more methods, but none has been picked so
far by a proxy round-trip. Then we set the picked one to the want one,
and if this is one single bit it'll be used instantly. */
authproxy->picked = authproxy->want;
#ifndef CURL_DISABLE_PROXY
/* Send proxy authentication header if needed */
Daniel Stenberg
committed
if(conn->bits.httpproxy &&
(conn->bits.tunnel_proxy == proxytunnel)) {
result = output_auth_headers(conn, authproxy, request, path, TRUE);
if(result)
return result;
}
else
#else
(void)proxytunnel;
#endif /* CURL_DISABLE_PROXY */
/* we have no proxy so let's pretend we're done authenticating
with it */
authproxy->done = TRUE;
/* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow ||
Daniel Stenberg
committed
conn->bits.netrc ||
!data->state.first_host ||
data->set.http_disable_hostname_check_before_authentication ||
Curl_raw_equal(data->state.first_host, conn->host.name)) {
result = output_auth_headers(conn, authhost, request, path, FALSE);
}
else
authhost->done = TRUE;
return result;
}
/*
* Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
* headers. They are dealt with both in the transfer.c main loop and in the
* proxy CONNECT loop.
*/
CURLcode Curl_http_input_auth(struct connectdata *conn,
int httpcode,
const char *header) /* the first non-space */
{
/*
* This resource requires authentication
*/
struct SessionHandle *data = conn->data;
unsigned long *availp;
const char *start;
Daniel Stenberg
committed
if(httpcode == 407) {
start = header+strlen("Proxy-authenticate:");
availp = &data->info.proxyauthavail;
authp = &data->state.authproxy;
}
else {
start = header+strlen("WWW-Authenticate:");
availp = &data->info.httpauthavail;
authp = &data->state.authhost;
/* pass all white spaces */
Daniel Stenberg
committed
while(*start && ISSPACE(*start))
start++;
/*
* Here we check if we want the specific single authentication (using ==) and
* if we do, we initiate usage of it.
*
* If the provided authentication is wanted as one out of several accepted
* types (using &), we OR this authentication type to the authavail
* variable.
*
* Note:
*
* ->picked is first set to the 'want' value (one or more bits) before the
* request is sent, and then it is again set _after_ all response 401/407
* headers have been received but then only to a single preferred method
* (bit).
*
*/
while(*start) {
#ifdef USE_HTTP_NEGOTIATE
if(checkprefix("GSS-Negotiate", start) ||
checkprefix("Negotiate", start)) {
int neg;
*availp |= CURLAUTH_GSSNEGOTIATE;
authp->avail |= CURLAUTH_GSSNEGOTIATE;
if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
if(data->state.negotiate.state == GSS_AUTHSENT) {
/* if we sent GSS authentication in the outgoing request and we get
this back, we're in trouble */
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
Daniel Stenberg
committed
else {
neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start);
if(neg == 0) {
DEBUGASSERT(!data->req.newurl);
data->req.newurl = strdup(data->change.url);
if(!data->req.newurl)
return CURLE_OUT_OF_MEMORY;
data->state.authproblem = FALSE;
/* we received GSS auth info and we dealt with it fine */
data->state.negotiate.state = GSS_AUTHRECV;
}
else
data->state.authproblem = TRUE;
Daniel Stenberg
committed
}
}
}
else
#endif
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
#ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */
if(checkprefix("NTLM", start)) {
*availp |= CURLAUTH_NTLM;
authp->avail |= CURLAUTH_NTLM;
if(authp->picked == CURLAUTH_NTLM ||
authp->picked == CURLAUTH_NTLM_WB) {
/* NTLM authentication is picked and activated */
CURLcode ntlm =
Curl_input_ntlm(conn, (httpcode == 407)?TRUE:FALSE, start);
if(CURLE_OK == ntlm) {
data->state.authproblem = FALSE;
#ifdef NTLM_WB_ENABLED
if(authp->picked == CURLAUTH_NTLM_WB) {
*availp &= ~CURLAUTH_NTLM;
authp->avail &= ~CURLAUTH_NTLM;
*availp |= CURLAUTH_NTLM_WB;
authp->avail |= CURLAUTH_NTLM_WB;
/* Get the challenge-message which will be passed to
* ntlm_auth for generating the type 3 message later */
while(*start && ISSPACE(*start))
start++;
if(checkprefix("NTLM", start)) {
start += strlen("NTLM");
while(*start && ISSPACE(*start))
start++;
if(*start)
if((conn->challenge_header = strdup(start)) == NULL)
return CURLE_OUT_OF_MEMORY;
}
}
#endif
}
else {
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
}
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(checkprefix("Digest", start)) {
if((authp->avail & CURLAUTH_DIGEST) != 0) {
infof(data, "Ignoring duplicate digest auth header.\n");
}
else {
CURLdigest dig;
*availp |= CURLAUTH_DIGEST;
authp->avail |= CURLAUTH_DIGEST;
/* We call this function on input Digest headers even if Digest
* authentication isn't activated yet, as we need to store the
* incoming data from this header in case we are gonna use
* Digest. */
dig = Curl_input_digest(conn, (httpcode == 407)?TRUE:FALSE, start);
if(CURLDIGEST_FINE != dig) {
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
}
else
#endif
if(checkprefix("Basic", start)) {
*availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) {
/* We asked for Basic authentication but got a 40X back
anyway, which basically means our name+password isn't
valid. */
authp->avail = CURLAUTH_NONE;
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
}
/* there may be multiple methods on one line, so keep reading */
while(*start && *start != ',') /* read up to the next comma */
start++;
if(*start == ',') /* if we're on a comma, skip it */
start++;
while(*start && ISSPACE(*start))
start++;
}
return CURLE_OK;
}
Daniel Stenberg
committed
/**
* http_should_fail() determines whether an HTTP response has gotten us
Daniel Stenberg
committed
*
* @param conn all information about the current connection
*
* @retval 0 communications should continue
*
* @retval 1 communications should not continue
*/
static int http_should_fail(struct connectdata *conn)
Daniel Stenberg
committed
{
struct SessionHandle *data;
Daniel Stenberg
committed
int httpcode;
Daniel Stenberg
committed
DEBUGASSERT(conn);
Daniel Stenberg
committed
data = conn->data;
DEBUGASSERT(data);
Daniel Stenberg
committed
Daniel Stenberg
committed
httpcode = data->req.httpcode;
Daniel Stenberg
committed
/*
** If we haven't been asked to fail on error,
** don't fail.
*/
Daniel Stenberg
committed
if(!data->set.http_fail_on_error)
Daniel Stenberg
committed
return 0;
/*
** Any code < 400 is never terminal.
*/
Daniel Stenberg
committed
if(httpcode < 400)
Daniel Stenberg
committed
return 0;
Daniel Stenberg
committed
if(data->state.resume_from &&
(data->set.httpreq==HTTPREQ_GET) &&
(httpcode == 416)) {
/* "Requested Range Not Satisfiable", just proceed and
pretend this is no error */
return 0;
}
Daniel Stenberg
committed
/*
** Any code >= 400 that's not 401 or 407 is always
** a terminal error
*/
Daniel Stenberg
committed
if((httpcode != 401) &&
(httpcode != 407))
Daniel Stenberg
committed
return 1;
/*
** All we have left to deal with is 401 and 407
*/
Daniel Stenberg
committed
DEBUGASSERT((httpcode == 401) || (httpcode == 407));
Daniel Stenberg
committed
/*
** Examine the current authentication state to see if this
** is an error. The idea is for this function to get
** called after processing all the headers in a response
** message. So, if we've been to asked to authenticate a
** particular stage, and we've done it, we're OK. But, if
** we're already completely authenticated, it's not OK to
** get another 401 or 407.
**
** It is possible for authentication to go stale such that
** the client needs to reauthenticate. Once that info is
** available, use it here.
*/
/*
** Either we're not authenticating, or we're supposed to
** be authenticating something else. This is an error.
*/
Daniel Stenberg
committed
if((httpcode == 401) && !conn->bits.user_passwd)
Daniel Stenberg
committed
if((httpcode == 407) && !conn->bits.proxy_user_passwd)
return data->state.authproblem;
Daniel Stenberg
committed
}
/*
* readmoredata() is a "fread() emulation" to provide POST and/or request
* data. It is used when a huge POST is to be made and the entire chunk wasn't
* sent in the first send(). This function will then be called from the
* transfer.c loop when more data is to be sent to the peer.
*
* Returns the amount of bytes it filled the buffer with.
*/
static size_t readmoredata(char *buffer,
size_t size,
size_t nitems,
void *userp)
Daniel Stenberg
committed
{
struct connectdata *conn = (struct connectdata *)userp;
struct HTTP *http = conn->data->req.protop;
size_t fullsize = size * nitems;
Daniel Stenberg
committed
if(0 == http->postsize)
/* nothing to return */
return 0;
Daniel Stenberg
committed
/* make sure that a HTTP request is never sent away chunked! */
conn->data->req.forbidchunk = (http->sending == HTTPSEND_REQUEST)?TRUE:FALSE;
Daniel Stenberg
committed
if(http->postsize <= (curl_off_t)fullsize) {
memcpy(buffer, http->postdata, (size_t)http->postsize);
fullsize = (size_t)http->postsize;
Daniel Stenberg
committed
if(http->backup.postsize) {
/* move backup data into focus and continue on that */
http->postdata = http->backup.postdata;
http->postsize = http->backup.postsize;
conn->fread_func = http->backup.fread_func;
Daniel Stenberg
committed
conn->fread_in = http->backup.fread_in;
http->sending++; /* move one step up */
http->backup.postsize=0;
}
else
http->postsize = 0;
return fullsize;
}
memcpy(buffer, http->postdata, fullsize);
http->postdata += fullsize;
http->postsize -= fullsize;
return fullsize;
}