mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-26 09:18:24 -05:00
b905c4a398
Clean up code so that UPnP implementation does not need to include all the HTTP functionality. In addition, make it easier to share HTTP server functionality with other components in the future.
1669 lines
44 KiB
C
1669 lines
44 KiB
C
/*
|
|
* UPnP WPS Device - Web connections
|
|
* Copyright (c) 2000-2003 Intel Corporation
|
|
* Copyright (c) 2006-2007 Sony Corporation
|
|
* Copyright (c) 2008-2009 Atheros Communications
|
|
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* See wps_upnp.c for more details on licensing and code history.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
|
|
#include "common.h"
|
|
#include "base64.h"
|
|
#include "uuid.h"
|
|
#include "httpread.h"
|
|
#include "http_server.h"
|
|
#include "wps_i.h"
|
|
#include "wps_upnp.h"
|
|
#include "wps_upnp_i.h"
|
|
#include "upnp_xml.h"
|
|
|
|
/***************************************************************************
|
|
* Web connections (we serve pages of info about ourselves, handle
|
|
* requests, etc. etc.).
|
|
**************************************************************************/
|
|
|
|
#define WEB_CONNECTION_TIMEOUT_SEC 30 /* Drop web connection after t.o. */
|
|
#define WEB_CONNECTION_MAX_READ 8000 /* Max we'll read for TCP request */
|
|
#define MAX_WEB_CONNECTIONS 10 /* max simultaneous web connects */
|
|
|
|
|
|
static const char *urn_wfawlanconfig =
|
|
"urn:schemas-wifialliance-org:service:WFAWLANConfig:1";
|
|
static const char *http_server_hdr =
|
|
"Server: unspecified, UPnP/1.0, unspecified\r\n";
|
|
static const char *http_connection_close =
|
|
"Connection: close\r\n";
|
|
|
|
/*
|
|
* Incoming web connections are recorded in this struct.
|
|
* A web connection is a TCP connection to us, the server;
|
|
* it is called a "web connection" because we use http and serve
|
|
* data that looks like web pages.
|
|
* State information is need to track the connection until we figure
|
|
* out what they want and what we want to do about it.
|
|
*/
|
|
struct web_connection {
|
|
/* double linked list */
|
|
struct web_connection *next;
|
|
struct web_connection *prev;
|
|
struct upnp_wps_device_sm *sm; /* parent */
|
|
int sd; /* socket to read from */
|
|
struct sockaddr_in cli_addr;
|
|
int sd_registered; /* nonzero if we must cancel registration */
|
|
struct httpread *hread; /* state machine for reading socket */
|
|
int n_rcvd_data; /* how much data read so far */
|
|
int done; /* internal flag, set when we've finished */
|
|
};
|
|
|
|
|
|
/*
|
|
* "Files" that we serve via HTTP. The format of these files is given by
|
|
* WFA WPS specifications. Extra white space has been removed to save space.
|
|
*/
|
|
|
|
static const char wps_scpd_xml[] =
|
|
"<?xml version=\"1.0\"?>\n"
|
|
"<scpd xmlns=\"urn:schemas-upnp-org:service-1-0\">\n"
|
|
"<specVersion><major>1</major><minor>0</minor></specVersion>\n"
|
|
"<actionList>\n"
|
|
"<action>\n"
|
|
"<name>GetDeviceInfo</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewDeviceInfo</name>\n"
|
|
"<direction>out</direction>\n"
|
|
"<relatedStateVariable>DeviceInfo</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>PutMessage</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewInMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>InMessage</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"<argument>\n"
|
|
"<name>NewOutMessage</name>\n"
|
|
"<direction>out</direction>\n"
|
|
"<relatedStateVariable>OutMessage</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>GetAPSettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"<argument>\n"
|
|
"<name>NewAPSettings</name>\n"
|
|
"<direction>out</direction>\n"
|
|
"<relatedStateVariable>APSettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>SetAPSettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>APSettings</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>APSettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>DelAPSettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewAPSettings</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>APSettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>GetSTASettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"<argument>\n"
|
|
"<name>NewSTASettings</name>\n"
|
|
"<direction>out</direction>\n"
|
|
"<relatedStateVariable>STASettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>SetSTASettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewSTASettings</name>\n"
|
|
"<direction>out</direction>\n"
|
|
"<relatedStateVariable>STASettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>DelSTASettings</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewSTASettings</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>STASettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>PutWLANResponse</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"<argument>\n"
|
|
"<name>NewWLANEventType</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>WLANEventType</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"<argument>\n"
|
|
"<name>NewWLANEventMAC</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>WLANEventMAC</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>SetSelectedRegistrar</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>RebootAP</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewAPSettings</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>APSettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>ResetAP</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>RebootSTA</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewSTASettings</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>APSettings</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"<action>\n"
|
|
"<name>ResetSTA</name>\n"
|
|
"<argumentList>\n"
|
|
"<argument>\n"
|
|
"<name>NewMessage</name>\n"
|
|
"<direction>in</direction>\n"
|
|
"<relatedStateVariable>Message</relatedStateVariable>\n"
|
|
"</argument>\n"
|
|
"</argumentList>\n"
|
|
"</action>\n"
|
|
"</actionList>\n"
|
|
"<serviceStateTable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>Message</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>InMessage</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>OutMessage</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>DeviceInfo</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>APSettings</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"yes\">\n"
|
|
"<name>APStatus</name>\n"
|
|
"<dataType>ui1</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>STASettings</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"yes\">\n"
|
|
"<name>STAStatus</name>\n"
|
|
"<dataType>ui1</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"yes\">\n"
|
|
"<name>WLANEvent</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>WLANEventType</name>\n"
|
|
"<dataType>ui1</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>WLANEventMAC</name>\n"
|
|
"<dataType>string</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"<stateVariable sendEvents=\"no\">\n"
|
|
"<name>WLANResponse</name>\n"
|
|
"<dataType>bin.base64</dataType>\n"
|
|
"</stateVariable>\n"
|
|
"</serviceStateTable>\n"
|
|
"</scpd>\n"
|
|
;
|
|
|
|
|
|
static const char *wps_device_xml_prefix =
|
|
"<?xml version=\"1.0\"?>\n"
|
|
"<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n"
|
|
"<specVersion>\n"
|
|
"<major>1</major>\n"
|
|
"<minor>0</minor>\n"
|
|
"</specVersion>\n"
|
|
"<device>\n"
|
|
"<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1"
|
|
"</deviceType>\n";
|
|
|
|
static const char *wps_device_xml_postfix =
|
|
"<serviceList>\n"
|
|
"<service>\n"
|
|
"<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1"
|
|
"</serviceType>\n"
|
|
"<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>"
|
|
"\n"
|
|
"<SCPDURL>" UPNP_WPS_SCPD_XML_FILE "</SCPDURL>\n"
|
|
"<controlURL>" UPNP_WPS_DEVICE_CONTROL_FILE "</controlURL>\n"
|
|
"<eventSubURL>" UPNP_WPS_DEVICE_EVENT_FILE "</eventSubURL>\n"
|
|
"</service>\n"
|
|
"</serviceList>\n"
|
|
"</device>\n"
|
|
"</root>\n";
|
|
|
|
|
|
/* format_wps_device_xml -- produce content of "file" wps_device.xml
|
|
* (UPNP_WPS_DEVICE_XML_FILE)
|
|
*/
|
|
static void format_wps_device_xml(struct upnp_wps_device_sm *sm,
|
|
struct wpabuf *buf)
|
|
{
|
|
const char *s;
|
|
char uuid_string[80];
|
|
|
|
wpabuf_put_str(buf, wps_device_xml_prefix);
|
|
|
|
/*
|
|
* Add required fields with default values if not configured. Add
|
|
* optional and recommended fields only if configured.
|
|
*/
|
|
s = sm->wps->friendly_name;
|
|
s = ((s && *s) ? s : "WPS Access Point");
|
|
xml_add_tagged_data(buf, "friendlyName", s);
|
|
|
|
s = sm->wps->dev.manufacturer;
|
|
s = ((s && *s) ? s : "");
|
|
xml_add_tagged_data(buf, "manufacturer", s);
|
|
|
|
if (sm->wps->manufacturer_url)
|
|
xml_add_tagged_data(buf, "manufacturerURL",
|
|
sm->wps->manufacturer_url);
|
|
|
|
if (sm->wps->model_description)
|
|
xml_add_tagged_data(buf, "modelDescription",
|
|
sm->wps->model_description);
|
|
|
|
s = sm->wps->dev.model_name;
|
|
s = ((s && *s) ? s : "");
|
|
xml_add_tagged_data(buf, "modelName", s);
|
|
|
|
if (sm->wps->dev.model_number)
|
|
xml_add_tagged_data(buf, "modelNumber",
|
|
sm->wps->dev.model_number);
|
|
|
|
if (sm->wps->model_url)
|
|
xml_add_tagged_data(buf, "modelURL", sm->wps->model_url);
|
|
|
|
if (sm->wps->dev.serial_number)
|
|
xml_add_tagged_data(buf, "serialNumber",
|
|
sm->wps->dev.serial_number);
|
|
|
|
uuid_bin2str(sm->wps->uuid, uuid_string, sizeof(uuid_string));
|
|
s = uuid_string;
|
|
/* Need "uuid:" prefix, thus we can't use xml_add_tagged_data()
|
|
* easily...
|
|
*/
|
|
wpabuf_put_str(buf, "<UDN>uuid:");
|
|
xml_data_encode(buf, s, os_strlen(s));
|
|
wpabuf_put_str(buf, "</UDN>\n");
|
|
|
|
if (sm->wps->upc)
|
|
xml_add_tagged_data(buf, "UPC", sm->wps->upc);
|
|
|
|
wpabuf_put_str(buf, wps_device_xml_postfix);
|
|
}
|
|
|
|
|
|
void web_connection_stop(struct web_connection *c)
|
|
{
|
|
struct upnp_wps_device_sm *sm = c->sm;
|
|
|
|
httpread_destroy(c->hread);
|
|
c->hread = NULL;
|
|
close(c->sd);
|
|
c->sd = -1;
|
|
if (c->next == c) {
|
|
sm->web_connections = NULL;
|
|
} else {
|
|
if (sm->web_connections == c)
|
|
sm->web_connections = c->next;
|
|
c->next->prev = c->prev;
|
|
c->prev->next = c->next;
|
|
}
|
|
os_free(c);
|
|
sm->n_web_connections--;
|
|
}
|
|
|
|
|
|
static void http_put_reply_code(struct wpabuf *buf, enum http_reply_code code)
|
|
{
|
|
wpabuf_put_str(buf, "HTTP/1.1 ");
|
|
switch (code) {
|
|
case HTTP_OK:
|
|
wpabuf_put_str(buf, "200 OK\r\n");
|
|
break;
|
|
case HTTP_BAD_REQUEST:
|
|
wpabuf_put_str(buf, "400 Bad request\r\n");
|
|
break;
|
|
case HTTP_PRECONDITION_FAILED:
|
|
wpabuf_put_str(buf, "412 Precondition failed\r\n");
|
|
break;
|
|
case HTTP_UNIMPLEMENTED:
|
|
wpabuf_put_str(buf, "501 Unimplemented\r\n");
|
|
break;
|
|
case HTTP_INTERNAL_SERVER_ERROR:
|
|
default:
|
|
wpabuf_put_str(buf, "500 Internal server error\r\n");
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
static void http_put_date(struct wpabuf *buf)
|
|
{
|
|
wpabuf_put_str(buf, "Date: ");
|
|
format_date(buf);
|
|
wpabuf_put_str(buf, "\r\n");
|
|
}
|
|
|
|
|
|
static void http_put_empty(struct wpabuf *buf, enum http_reply_code code)
|
|
{
|
|
http_put_reply_code(buf, code);
|
|
wpabuf_put_str(buf, http_server_hdr);
|
|
wpabuf_put_str(buf, http_connection_close);
|
|
wpabuf_put_str(buf, "Content-Length: 0\r\n"
|
|
"\r\n");
|
|
}
|
|
|
|
|
|
/* Given that we have received a header w/ GET, act upon it
|
|
*
|
|
* Format of GET (case-insensitive):
|
|
*
|
|
* First line must be:
|
|
* GET /<file> HTTP/1.1
|
|
* Since we don't do anything fancy we just ignore other lines.
|
|
*
|
|
* Our response (if no error) which includes only required lines is:
|
|
* HTTP/1.1 200 OK
|
|
* Connection: close
|
|
* Content-Type: text/xml
|
|
* Date: <rfc1123-date>
|
|
*
|
|
* Header lines must end with \r\n
|
|
* Per RFC 2616, content-length: is not required but connection:close
|
|
* would appear to be required (given that we will be closing it!).
|
|
*/
|
|
static void web_connection_parse_get(struct web_connection *c, char *filename)
|
|
{
|
|
struct upnp_wps_device_sm *sm = c->sm;
|
|
struct wpabuf *buf; /* output buffer, allocated */
|
|
char *put_length_here;
|
|
char *body_start;
|
|
enum {
|
|
GET_DEVICE_XML_FILE,
|
|
GET_SCPD_XML_FILE
|
|
} req;
|
|
size_t extra_len = 0;
|
|
int body_length;
|
|
char len_buf[10];
|
|
|
|
/*
|
|
* It is not required that filenames be case insensitive but it is
|
|
* allowed and cannot hurt here.
|
|
*/
|
|
if (filename == NULL)
|
|
filename = "(null)"; /* just in case */
|
|
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_XML_FILE) == 0) {
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for device XML");
|
|
req = GET_DEVICE_XML_FILE;
|
|
extra_len = 3000;
|
|
if (sm->wps->friendly_name)
|
|
extra_len += os_strlen(sm->wps->friendly_name);
|
|
if (sm->wps->manufacturer_url)
|
|
extra_len += os_strlen(sm->wps->manufacturer_url);
|
|
if (sm->wps->model_description)
|
|
extra_len += os_strlen(sm->wps->model_description);
|
|
if (sm->wps->model_url)
|
|
extra_len += os_strlen(sm->wps->model_url);
|
|
if (sm->wps->upc)
|
|
extra_len += os_strlen(sm->wps->upc);
|
|
} else if (!os_strcasecmp(filename, UPNP_WPS_SCPD_XML_FILE)) {
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for SCPD XML");
|
|
req = GET_SCPD_XML_FILE;
|
|
extra_len = os_strlen(wps_scpd_xml);
|
|
} else {
|
|
/* File not found */
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET file not found: %s",
|
|
filename);
|
|
buf = wpabuf_alloc(200);
|
|
if (buf == NULL)
|
|
return;
|
|
wpabuf_put_str(buf,
|
|
"HTTP/1.1 404 Not Found\r\n"
|
|
"Connection: close\r\n");
|
|
|
|
http_put_date(buf);
|
|
|
|
/* terminating empty line */
|
|
wpabuf_put_str(buf, "\r\n");
|
|
|
|
goto send_buf;
|
|
}
|
|
|
|
buf = wpabuf_alloc(1000 + extra_len);
|
|
if (buf == NULL)
|
|
return;
|
|
|
|
wpabuf_put_str(buf,
|
|
"HTTP/1.1 200 OK\r\n"
|
|
"Content-Type: text/xml; charset=\"utf-8\"\r\n");
|
|
wpabuf_put_str(buf, "Server: Unspecified, UPnP/1.0, Unspecified\r\n");
|
|
wpabuf_put_str(buf, "Connection: close\r\n");
|
|
wpabuf_put_str(buf, "Content-Length: ");
|
|
/*
|
|
* We will paste the length in later, leaving some extra whitespace.
|
|
* HTTP code is supposed to be tolerant of extra whitespace.
|
|
*/
|
|
put_length_here = wpabuf_put(buf, 0);
|
|
wpabuf_put_str(buf, " \r\n");
|
|
|
|
http_put_date(buf);
|
|
|
|
/* terminating empty line */
|
|
wpabuf_put_str(buf, "\r\n");
|
|
|
|
body_start = wpabuf_put(buf, 0);
|
|
|
|
switch (req) {
|
|
case GET_DEVICE_XML_FILE:
|
|
format_wps_device_xml(sm, buf);
|
|
break;
|
|
case GET_SCPD_XML_FILE:
|
|
wpabuf_put_str(buf, wps_scpd_xml);
|
|
break;
|
|
}
|
|
|
|
/* Now patch in the content length at the end */
|
|
body_length = (char *) wpabuf_put(buf, 0) - body_start;
|
|
os_snprintf(len_buf, 10, "%d", body_length);
|
|
os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
|
|
|
|
send_buf:
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_get_device_info(struct upnp_wps_device_sm *sm,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
static const char *name = "NewDeviceInfo";
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo");
|
|
if (sm->ctx->rx_req_get_device_info == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
*reply = sm->ctx->rx_req_get_device_info(sm->priv, &sm->peer);
|
|
if (*reply == NULL) {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Failed to get DeviceInfo");
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
*replyname = name;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_put_message(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
static const char *name = "NewOutMessage";
|
|
enum http_reply_code ret;
|
|
|
|
/*
|
|
* PutMessage is used by external UPnP-based Registrar to perform WPS
|
|
* operation with the access point itself; as compared with
|
|
* PutWLANResponse which is for proxying.
|
|
*/
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: PutMessage");
|
|
if (sm->ctx->rx_req_put_message == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
msg = xml_get_base64_item(data, "NewInMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
*reply = sm->ctx->rx_req_put_message(sm->priv, &sm->peer, msg);
|
|
wpabuf_free(msg);
|
|
if (*reply == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
*replyname = name;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_get_ap_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
static const char *name = "NewAPSettings";
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: GetAPSettings");
|
|
if (sm->ctx->rx_req_get_ap_settings == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
*reply = sm->ctx->rx_req_get_ap_settings(sm->priv, msg);
|
|
wpabuf_free(msg);
|
|
if (*reply == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
*replyname = name;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_set_ap_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: SetAPSettings");
|
|
msg = xml_get_base64_item(data, "NewAPSettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_set_ap_settings ||
|
|
sm->ctx->rx_req_set_ap_settings(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_del_ap_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: DelAPSettings");
|
|
msg = xml_get_base64_item(data, "NewAPSettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_del_ap_settings ||
|
|
sm->ctx->rx_req_del_ap_settings(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_get_sta_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
static const char *name = "NewSTASettings";
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: GetSTASettings");
|
|
if (sm->ctx->rx_req_get_sta_settings == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
*reply = sm->ctx->rx_req_get_sta_settings(sm->priv, msg);
|
|
wpabuf_free(msg);
|
|
if (*reply == NULL)
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
*replyname = name;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_set_sta_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: SetSTASettings");
|
|
msg = xml_get_base64_item(data, "NewSTASettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_set_sta_settings ||
|
|
sm->ctx->rx_req_set_sta_settings(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_del_sta_settings(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: DelSTASettings");
|
|
msg = xml_get_base64_item(data, "NewSTASettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_del_sta_settings ||
|
|
sm->ctx->rx_req_del_sta_settings(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_put_wlan_response(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
u8 macaddr[ETH_ALEN];
|
|
int ev_type;
|
|
int type;
|
|
char *val;
|
|
|
|
/*
|
|
* External UPnP-based Registrar is passing us a message to be proxied
|
|
* over to a Wi-Fi -based client of ours.
|
|
*/
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse");
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
val = xml_get_first_item(data, "NewWLANEventType");
|
|
if (val == NULL) {
|
|
wpabuf_free(msg);
|
|
return UPNP_ARG_VALUE_INVALID;
|
|
}
|
|
ev_type = atol(val);
|
|
os_free(val);
|
|
val = xml_get_first_item(data, "NewWLANEventMAC");
|
|
if (val == NULL || hwaddr_aton(val, macaddr)) {
|
|
wpabuf_free(msg);
|
|
os_free(val);
|
|
return UPNP_ARG_VALUE_INVALID;
|
|
}
|
|
os_free(val);
|
|
if (ev_type == UPNP_WPS_WLANEVENT_TYPE_EAP) {
|
|
struct wps_parse_attr attr;
|
|
if (wps_parse_msg(msg, &attr) < 0 ||
|
|
attr.msg_type == NULL)
|
|
type = -1;
|
|
else
|
|
type = *attr.msg_type;
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Message Type %d", type);
|
|
} else
|
|
type = -1;
|
|
if (!sm->ctx->rx_req_put_wlan_response ||
|
|
sm->ctx->rx_req_put_wlan_response(sm->priv, ev_type, macaddr, msg,
|
|
type)) {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Fail: sm->ctx->"
|
|
"rx_req_put_wlan_response");
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_set_selected_registrar(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply,
|
|
const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: SetSelectedRegistrar");
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_set_selected_registrar ||
|
|
sm->ctx->rx_req_set_selected_registrar(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_reboot_ap(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: RebootAP");
|
|
msg = xml_get_base64_item(data, "NewAPSettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_reboot_ap ||
|
|
sm->ctx->rx_req_reboot_ap(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_reset_ap(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: ResetAP");
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_reset_ap ||
|
|
sm->ctx->rx_req_reset_ap(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_reboot_sta(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: RebootSTA");
|
|
msg = xml_get_base64_item(data, "NewSTASettings", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_reboot_sta ||
|
|
sm->ctx->rx_req_reboot_sta(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static enum http_reply_code
|
|
web_process_reset_sta(struct upnp_wps_device_sm *sm, char *data,
|
|
struct wpabuf **reply, const char **replyname)
|
|
{
|
|
struct wpabuf *msg;
|
|
enum http_reply_code ret;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: ResetSTA");
|
|
msg = xml_get_base64_item(data, "NewMessage", &ret);
|
|
if (msg == NULL)
|
|
return ret;
|
|
if (!sm->ctx->rx_req_reset_sta ||
|
|
sm->ctx->rx_req_reset_sta(sm->priv, msg)) {
|
|
wpabuf_free(msg);
|
|
return HTTP_INTERNAL_SERVER_ERROR;
|
|
}
|
|
wpabuf_free(msg);
|
|
*replyname = NULL;
|
|
*reply = NULL;
|
|
return HTTP_OK;
|
|
}
|
|
|
|
|
|
static const char *soap_prefix =
|
|
"<?xml version=\"1.0\"?>\n"
|
|
"<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" "
|
|
"s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n"
|
|
"<s:Body>\n";
|
|
static const char *soap_postfix =
|
|
"</s:Body>\n</s:Envelope>\n";
|
|
|
|
static const char *soap_error_prefix =
|
|
"<s:Fault>\n"
|
|
"<faultcode>s:Client</faultcode>\n"
|
|
"<faultstring>UPnPError</faultstring>\n"
|
|
"<detail>\n"
|
|
"<UPnPError xmlns=\"urn:schemas-upnp-org:control-1-0\">\n";
|
|
static const char *soap_error_postfix =
|
|
"<errorDescription>Error</errorDescription>\n"
|
|
"</UPnPError>\n"
|
|
"</detail>\n"
|
|
"</s:Fault>\n";
|
|
|
|
static void web_connection_send_reply(struct web_connection *c,
|
|
enum http_reply_code ret,
|
|
const char *action, int action_len,
|
|
const struct wpabuf *reply,
|
|
const char *replyname)
|
|
{
|
|
struct wpabuf *buf;
|
|
char *replydata;
|
|
char *put_length_here = NULL;
|
|
char *body_start = NULL;
|
|
|
|
if (reply) {
|
|
size_t len;
|
|
replydata = (char *) base64_encode(wpabuf_head(reply),
|
|
wpabuf_len(reply), &len);
|
|
} else
|
|
replydata = NULL;
|
|
|
|
/* Parameters of the response:
|
|
* action(action_len) -- action we are responding to
|
|
* replyname -- a name we need for the reply
|
|
* replydata -- NULL or null-terminated string
|
|
*/
|
|
buf = wpabuf_alloc(1000 + (replydata ? os_strlen(replydata) : 0U) +
|
|
(action_len > 0 ? action_len * 2 : 0));
|
|
if (buf == NULL) {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Cannot allocate reply to "
|
|
"POST");
|
|
wpabuf_free(buf);
|
|
os_free(replydata);
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* Assuming we will be successful, put in the output header first.
|
|
* Note: we do not keep connections alive (and httpread does
|
|
* not support it)... therefore we must have Connection: close.
|
|
*/
|
|
if (ret == HTTP_OK) {
|
|
wpabuf_put_str(buf,
|
|
"HTTP/1.1 200 OK\r\n"
|
|
"Content-Type: text/xml; "
|
|
"charset=\"utf-8\"\r\n");
|
|
} else {
|
|
wpabuf_printf(buf, "HTTP/1.1 %d Error\r\n", ret);
|
|
}
|
|
wpabuf_put_str(buf, http_connection_close);
|
|
|
|
wpabuf_put_str(buf, "Content-Length: ");
|
|
/*
|
|
* We will paste the length in later, leaving some extra whitespace.
|
|
* HTTP code is supposed to be tolerant of extra whitespace.
|
|
*/
|
|
put_length_here = wpabuf_put(buf, 0);
|
|
wpabuf_put_str(buf, " \r\n");
|
|
|
|
http_put_date(buf);
|
|
|
|
/* terminating empty line */
|
|
wpabuf_put_str(buf, "\r\n");
|
|
|
|
body_start = wpabuf_put(buf, 0);
|
|
|
|
if (ret == HTTP_OK) {
|
|
wpabuf_put_str(buf, soap_prefix);
|
|
wpabuf_put_str(buf, "<u:");
|
|
wpabuf_put_data(buf, action, action_len);
|
|
wpabuf_put_str(buf, "Response xmlns:u=\"");
|
|
wpabuf_put_str(buf, urn_wfawlanconfig);
|
|
wpabuf_put_str(buf, "\">\n");
|
|
if (replydata && replyname) {
|
|
/* TODO: might possibly need to escape part of reply
|
|
* data? ...
|
|
* probably not, unlikely to have ampersand(&) or left
|
|
* angle bracket (<) in it...
|
|
*/
|
|
wpabuf_printf(buf, "<%s>", replyname);
|
|
wpabuf_put_str(buf, replydata);
|
|
wpabuf_printf(buf, "</%s>\n", replyname);
|
|
}
|
|
wpabuf_put_str(buf, "</u:");
|
|
wpabuf_put_data(buf, action, action_len);
|
|
wpabuf_put_str(buf, "Response>\n");
|
|
wpabuf_put_str(buf, soap_postfix);
|
|
} else {
|
|
/* Error case */
|
|
wpabuf_put_str(buf, soap_prefix);
|
|
wpabuf_put_str(buf, soap_error_prefix);
|
|
wpabuf_printf(buf, "<errorCode>%d</errorCode>\n", ret);
|
|
wpabuf_put_str(buf, soap_error_postfix);
|
|
wpabuf_put_str(buf, soap_postfix);
|
|
}
|
|
os_free(replydata);
|
|
|
|
/* Now patch in the content length at the end */
|
|
if (body_start && put_length_here) {
|
|
int body_length = (char *) wpabuf_put(buf, 0) - body_start;
|
|
char len_buf[10];
|
|
os_snprintf(len_buf, sizeof(len_buf), "%d", body_length);
|
|
os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
|
|
}
|
|
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
}
|
|
|
|
|
|
static const char * web_get_action(struct web_connection *c,
|
|
const char *filename, size_t *action_len)
|
|
{
|
|
const char *match;
|
|
int match_len;
|
|
char *b;
|
|
char *action;
|
|
|
|
*action_len = 0;
|
|
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
|
|
filename);
|
|
return NULL;
|
|
}
|
|
/* The SOAPAction line of the header tells us what we want to do */
|
|
b = httpread_hdr_line_get(c->hread, "SOAPAction:");
|
|
if (b == NULL)
|
|
return NULL;
|
|
if (*b == '"')
|
|
b++;
|
|
else
|
|
return NULL;
|
|
match = urn_wfawlanconfig;
|
|
match_len = os_strlen(urn_wfawlanconfig) - 1;
|
|
if (os_strncasecmp(b, match, match_len))
|
|
return NULL;
|
|
b += match_len;
|
|
/* skip over version */
|
|
while (isgraph(*b) && *b != '#')
|
|
b++;
|
|
if (*b != '#')
|
|
return NULL;
|
|
b++;
|
|
/* Following the sharp(#) should be the action and a double quote */
|
|
action = b;
|
|
while (isgraph(*b) && *b != '"')
|
|
b++;
|
|
if (*b != '"')
|
|
return NULL;
|
|
*action_len = b - action;
|
|
return action;
|
|
}
|
|
|
|
|
|
/* Given that we have received a header w/ POST, act upon it
|
|
*
|
|
* Format of POST (case-insensitive):
|
|
*
|
|
* First line must be:
|
|
* POST /<file> HTTP/1.1
|
|
* Since we don't do anything fancy we just ignore other lines.
|
|
*
|
|
* Our response (if no error) which includes only required lines is:
|
|
* HTTP/1.1 200 OK
|
|
* Connection: close
|
|
* Content-Type: text/xml
|
|
* Date: <rfc1123-date>
|
|
*
|
|
* Header lines must end with \r\n
|
|
* Per RFC 2616, content-length: is not required but connection:close
|
|
* would appear to be required (given that we will be closing it!).
|
|
*/
|
|
static void web_connection_parse_post(struct web_connection *c,
|
|
const char *filename)
|
|
{
|
|
enum http_reply_code ret;
|
|
struct upnp_wps_device_sm *sm = c->sm;
|
|
char *data = httpread_data_get(c->hread); /* body of http msg */
|
|
const char *action;
|
|
size_t action_len;
|
|
const char *replyname = NULL; /* argument name for the reply */
|
|
struct wpabuf *reply = NULL; /* data for the reply */
|
|
|
|
ret = UPNP_INVALID_ACTION;
|
|
action = web_get_action(c, filename, &action_len);
|
|
if (action == NULL)
|
|
goto bad;
|
|
|
|
/*
|
|
* There are quite a few possible actions. Although we appear to
|
|
* support them all here, not all of them are necessarily supported by
|
|
* callbacks at higher levels.
|
|
*/
|
|
if (!os_strncasecmp("GetDeviceInfo", action, action_len))
|
|
ret = web_process_get_device_info(sm, &reply, &replyname);
|
|
else if (!os_strncasecmp("PutMessage", action, action_len))
|
|
ret = web_process_put_message(sm, data, &reply, &replyname);
|
|
else if (!os_strncasecmp("GetAPSettings", action, action_len))
|
|
ret = web_process_get_ap_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("SetAPSettings", action, action_len))
|
|
ret = web_process_set_ap_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("DelAPSettings", action, action_len))
|
|
ret = web_process_del_ap_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("GetSTASettings", action, action_len))
|
|
ret = web_process_get_sta_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("SetSTASettings", action, action_len))
|
|
ret = web_process_set_sta_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("DelSTASettings", action, action_len))
|
|
ret = web_process_del_sta_settings(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("PutWLANResponse", action, action_len))
|
|
ret = web_process_put_wlan_response(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("SetSelectedRegistrar", action, action_len))
|
|
ret = web_process_set_selected_registrar(sm, data, &reply,
|
|
&replyname);
|
|
else if (!os_strncasecmp("RebootAP", action, action_len))
|
|
ret = web_process_reboot_ap(sm, data, &reply, &replyname);
|
|
else if (!os_strncasecmp("ResetAP", action, action_len))
|
|
ret = web_process_reset_ap(sm, data, &reply, &replyname);
|
|
else if (!os_strncasecmp("RebootSTA", action, action_len))
|
|
ret = web_process_reboot_sta(sm, data, &reply, &replyname);
|
|
else if (!os_strncasecmp("ResetSTA", action, action_len))
|
|
ret = web_process_reset_sta(sm, data, &reply, &replyname);
|
|
else
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Unknown POST type");
|
|
|
|
bad:
|
|
if (ret != HTTP_OK)
|
|
wpa_printf(MSG_INFO, "WPS UPnP: POST failure ret=%d", ret);
|
|
web_connection_send_reply(c, ret, action, action_len, reply,
|
|
replyname);
|
|
wpabuf_free(reply);
|
|
}
|
|
|
|
|
|
/* Given that we have received a header w/ SUBSCRIBE, act upon it
|
|
*
|
|
* Format of SUBSCRIBE (case-insensitive):
|
|
*
|
|
* First line must be:
|
|
* SUBSCRIBE /wps_event HTTP/1.1
|
|
*
|
|
* Our response (if no error) which includes only required lines is:
|
|
* HTTP/1.1 200 OK
|
|
* Server: xx, UPnP/1.0, xx
|
|
* SID: uuid:xxxxxxxxx
|
|
* Timeout: Second-<n>
|
|
* Content-Length: 0
|
|
* Date: xxxx
|
|
*
|
|
* Header lines must end with \r\n
|
|
* Per RFC 2616, content-length: is not required but connection:close
|
|
* would appear to be required (given that we will be closing it!).
|
|
*/
|
|
static void web_connection_parse_subscribe(struct web_connection *c,
|
|
const char *filename)
|
|
{
|
|
struct upnp_wps_device_sm *sm = c->sm;
|
|
struct wpabuf *buf;
|
|
char *b;
|
|
char *hdr = httpread_hdr_get(c->hread);
|
|
char *h;
|
|
char *match;
|
|
int match_len;
|
|
char *end;
|
|
int len;
|
|
int got_nt = 0;
|
|
u8 uuid[UUID_LEN];
|
|
int got_uuid = 0;
|
|
char *callback_urls = NULL;
|
|
struct subscription *s = NULL;
|
|
enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
|
|
|
|
buf = wpabuf_alloc(1000);
|
|
if (buf == NULL)
|
|
return;
|
|
|
|
/* Parse/validate headers */
|
|
h = hdr;
|
|
/* First line: SUBSCRIBE /wps_event HTTP/1.1
|
|
* has already been parsed.
|
|
*/
|
|
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto error;
|
|
}
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE for event");
|
|
end = os_strchr(h, '\n');
|
|
|
|
for (; end != NULL; h = end + 1) {
|
|
/* Option line by option line */
|
|
h = end + 1;
|
|
end = os_strchr(h, '\n');
|
|
if (end == NULL)
|
|
break; /* no unterminated lines allowed */
|
|
|
|
/* NT assures that it is our type of subscription;
|
|
* not used for a renewl.
|
|
**/
|
|
match = "NT:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
match = "upnp:event";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) != 0) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto error;
|
|
}
|
|
got_nt = 1;
|
|
continue;
|
|
}
|
|
/* HOST should refer to us */
|
|
#if 0
|
|
match = "HOST:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
.....
|
|
}
|
|
#endif
|
|
/* CALLBACK gives one or more URLs for NOTIFYs
|
|
* to be sent as a result of the subscription.
|
|
* Each URL is enclosed in angle brackets.
|
|
*/
|
|
match = "CALLBACK:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
len = end - h;
|
|
os_free(callback_urls);
|
|
callback_urls = os_malloc(len + 1);
|
|
if (callback_urls == NULL) {
|
|
ret = HTTP_INTERNAL_SERVER_ERROR;
|
|
goto error;
|
|
}
|
|
os_memcpy(callback_urls, h, len);
|
|
callback_urls[len] = 0;
|
|
continue;
|
|
}
|
|
/* SID is only for renewal */
|
|
match = "SID:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
match = "uuid:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) != 0) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto error;
|
|
}
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
if (uuid_str2bin(h, uuid)) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto error;
|
|
}
|
|
got_uuid = 1;
|
|
continue;
|
|
}
|
|
/* TIMEOUT is requested timeout, but apparently we can
|
|
* just ignore this.
|
|
*/
|
|
}
|
|
|
|
if (got_uuid) {
|
|
/* renewal */
|
|
if (callback_urls) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto error;
|
|
}
|
|
s = subscription_renew(sm, uuid);
|
|
if (s == NULL) {
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto error;
|
|
}
|
|
} else if (callback_urls) {
|
|
if (!got_nt) {
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto error;
|
|
}
|
|
s = subscription_start(sm, callback_urls);
|
|
if (s == NULL) {
|
|
ret = HTTP_INTERNAL_SERVER_ERROR;
|
|
goto error;
|
|
}
|
|
callback_urls = NULL; /* is now owned by subscription */
|
|
} else {
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto error;
|
|
}
|
|
|
|
/* success */
|
|
http_put_reply_code(buf, HTTP_OK);
|
|
wpabuf_put_str(buf, http_server_hdr);
|
|
wpabuf_put_str(buf, http_connection_close);
|
|
wpabuf_put_str(buf, "Content-Length: 0\r\n");
|
|
wpabuf_put_str(buf, "SID: uuid:");
|
|
/* subscription id */
|
|
b = wpabuf_put(buf, 0);
|
|
uuid_bin2str(s->uuid, b, 80);
|
|
wpabuf_put(buf, os_strlen(b));
|
|
wpabuf_put_str(buf, "\r\n");
|
|
wpabuf_printf(buf, "Timeout: Second-%d\r\n", UPNP_SUBSCRIBE_SEC);
|
|
http_put_date(buf);
|
|
/* And empty line to terminate header: */
|
|
wpabuf_put_str(buf, "\r\n");
|
|
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
os_free(callback_urls);
|
|
return;
|
|
|
|
error:
|
|
/* Per UPnP spec:
|
|
* Errors
|
|
* Incompatible headers
|
|
* 400 Bad Request. If SID header and one of NT or CALLBACK headers
|
|
* are present, the publisher must respond with HTTP error
|
|
* 400 Bad Request.
|
|
* Missing or invalid CALLBACK
|
|
* 412 Precondition Failed. If CALLBACK header is missing or does not
|
|
* contain a valid HTTP URL, the publisher must respond with HTTP
|
|
* error 412 Precondition Failed.
|
|
* Invalid NT
|
|
* 412 Precondition Failed. If NT header does not equal upnp:event,
|
|
* the publisher must respond with HTTP error 412 Precondition
|
|
* Failed.
|
|
* [For resubscription, use 412 if unknown uuid].
|
|
* Unable to accept subscription
|
|
* 5xx. If a publisher is not able to accept a subscription (such as
|
|
* due to insufficient resources), it must respond with a
|
|
* HTTP 500-series error code.
|
|
* 599 Too many subscriptions (not a standard HTTP error)
|
|
*/
|
|
http_put_empty(buf, ret);
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
}
|
|
|
|
|
|
/* Given that we have received a header w/ UNSUBSCRIBE, act upon it
|
|
*
|
|
* Format of UNSUBSCRIBE (case-insensitive):
|
|
*
|
|
* First line must be:
|
|
* UNSUBSCRIBE /wps_event HTTP/1.1
|
|
*
|
|
* Our response (if no error) which includes only required lines is:
|
|
* HTTP/1.1 200 OK
|
|
* Content-Length: 0
|
|
*
|
|
* Header lines must end with \r\n
|
|
* Per RFC 2616, content-length: is not required but connection:close
|
|
* would appear to be required (given that we will be closing it!).
|
|
*/
|
|
static void web_connection_parse_unsubscribe(struct web_connection *c,
|
|
const char *filename)
|
|
{
|
|
struct upnp_wps_device_sm *sm = c->sm;
|
|
struct wpabuf *buf;
|
|
char *hdr = httpread_hdr_get(c->hread);
|
|
char *h;
|
|
char *match;
|
|
int match_len;
|
|
char *end;
|
|
u8 uuid[UUID_LEN];
|
|
int got_uuid = 0;
|
|
struct subscription *s = NULL;
|
|
enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
|
|
|
|
/* Parse/validate headers */
|
|
h = hdr;
|
|
/* First line: UNSUBSCRIBE /wps_event HTTP/1.1
|
|
* has already been parsed.
|
|
*/
|
|
if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto send_msg;
|
|
}
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP UNSUBSCRIBE for event");
|
|
end = os_strchr(h, '\n');
|
|
|
|
for (; end != NULL; h = end + 1) {
|
|
/* Option line by option line */
|
|
h = end + 1;
|
|
end = os_strchr(h, '\n');
|
|
if (end == NULL)
|
|
break; /* no unterminated lines allowed */
|
|
|
|
/* HOST should refer to us */
|
|
#if 0
|
|
match = "HOST:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
.....
|
|
}
|
|
#endif
|
|
/* SID is only for renewal */
|
|
match = "SID:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) == 0) {
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
match = "uuid:";
|
|
match_len = os_strlen(match);
|
|
if (os_strncasecmp(h, match, match_len) != 0) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto send_msg;
|
|
}
|
|
h += match_len;
|
|
while (*h == ' ' || *h == '\t')
|
|
h++;
|
|
if (uuid_str2bin(h, uuid)) {
|
|
ret = HTTP_BAD_REQUEST;
|
|
goto send_msg;
|
|
}
|
|
got_uuid = 1;
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if (got_uuid) {
|
|
s = subscription_find(sm, uuid);
|
|
if (s) {
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Unsubscribing %p %s",
|
|
s,
|
|
(s && s->addr_list &&
|
|
s->addr_list->domain_and_port) ?
|
|
s->addr_list->domain_and_port : "-null-");
|
|
subscription_unlink(s);
|
|
subscription_destroy(s);
|
|
}
|
|
} else {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Unsubscribe fails (not "
|
|
"found)");
|
|
ret = HTTP_PRECONDITION_FAILED;
|
|
goto send_msg;
|
|
}
|
|
|
|
ret = HTTP_OK;
|
|
|
|
send_msg:
|
|
buf = wpabuf_alloc(200);
|
|
if (buf == NULL)
|
|
return;
|
|
http_put_empty(buf, ret);
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
}
|
|
|
|
|
|
/* Send error in response to unknown requests */
|
|
static void web_connection_unimplemented(struct web_connection *c)
|
|
{
|
|
struct wpabuf *buf;
|
|
buf = wpabuf_alloc(200);
|
|
if (buf == NULL)
|
|
return;
|
|
http_put_empty(buf, HTTP_UNIMPLEMENTED);
|
|
send_wpabuf(c->sd, buf);
|
|
wpabuf_free(buf);
|
|
}
|
|
|
|
|
|
|
|
/* Called when we have gotten an apparently valid http request.
|
|
*/
|
|
static void web_connection_check_data(struct web_connection *c)
|
|
{
|
|
struct httpread *hread = c->hread;
|
|
enum httpread_hdr_type htype = httpread_hdr_type_get(hread);
|
|
/* char *data = httpread_data_get(hread); */
|
|
char *filename = httpread_uri_get(hread);
|
|
|
|
c->done = 1;
|
|
if (!filename) {
|
|
wpa_printf(MSG_INFO, "WPS UPnP: Could not get HTTP URI");
|
|
return;
|
|
}
|
|
/* Trim leading slashes from filename */
|
|
while (*filename == '/')
|
|
filename++;
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Got HTTP request type %d from %s:%d",
|
|
htype, inet_ntoa(c->cli_addr.sin_addr),
|
|
htons(c->cli_addr.sin_port));
|
|
|
|
switch (htype) {
|
|
case HTTPREAD_HDR_TYPE_GET:
|
|
web_connection_parse_get(c, filename);
|
|
break;
|
|
case HTTPREAD_HDR_TYPE_POST:
|
|
web_connection_parse_post(c, filename);
|
|
break;
|
|
case HTTPREAD_HDR_TYPE_SUBSCRIBE:
|
|
web_connection_parse_subscribe(c, filename);
|
|
break;
|
|
case HTTPREAD_HDR_TYPE_UNSUBSCRIBE:
|
|
web_connection_parse_unsubscribe(c, filename);
|
|
break;
|
|
/* We are not required to support M-POST; just plain
|
|
* POST is supposed to work, so we only support that.
|
|
* If for some reason we need to support M-POST, it is
|
|
* mostly the same as POST, with small differences.
|
|
*/
|
|
default:
|
|
/* Send 501 for anything else */
|
|
web_connection_unimplemented(c);
|
|
break;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* called back when we have gotten request */
|
|
static void web_connection_got_file_handler(struct httpread *handle,
|
|
void *cookie,
|
|
enum httpread_event en)
|
|
{
|
|
struct web_connection *c = cookie;
|
|
|
|
if (en == HTTPREAD_EVENT_FILE_READY)
|
|
web_connection_check_data(c);
|
|
web_connection_stop(c);
|
|
}
|
|
|
|
|
|
/* web_connection_start - Start web connection
|
|
* @sm: WPS UPnP state machine from upnp_wps_device_init()
|
|
* @sd: Socket descriptor
|
|
* @addr: Client address
|
|
*
|
|
* The socket descriptor sd is handed over for ownership by the WPS UPnP
|
|
* state machine.
|
|
*/
|
|
static void web_connection_start(void *ctx, int sd, struct sockaddr_in *addr)
|
|
{
|
|
struct upnp_wps_device_sm *sm = ctx;
|
|
struct web_connection *c = NULL;
|
|
|
|
/* if too many connections, bail */
|
|
if (sm->n_web_connections >= MAX_WEB_CONNECTIONS) {
|
|
close(sd);
|
|
return;
|
|
}
|
|
|
|
c = os_zalloc(sizeof(*c));
|
|
if (c == NULL)
|
|
return;
|
|
os_memcpy(&c->cli_addr, addr, sizeof(c->cli_addr));
|
|
c->sm = sm;
|
|
c->sd = sd;
|
|
#if 0
|
|
/*
|
|
* Setting non-blocking should not be necessary for read, and can mess
|
|
* up sending where blocking might be better.
|
|
*/
|
|
if (fcntl(sd, F_SETFL, O_NONBLOCK) != 0)
|
|
break;
|
|
#endif
|
|
c->hread = httpread_create(c->sd, web_connection_got_file_handler,
|
|
c /* cookie */,
|
|
WEB_CONNECTION_MAX_READ,
|
|
WEB_CONNECTION_TIMEOUT_SEC);
|
|
if (c->hread == NULL)
|
|
goto fail;
|
|
if (sm->web_connections) {
|
|
c->next = sm->web_connections;
|
|
c->prev = c->next->prev;
|
|
c->prev->next = c;
|
|
c->next->prev = c;
|
|
} else {
|
|
sm->web_connections = c->next = c->prev = c;
|
|
}
|
|
sm->n_web_connections++;
|
|
return;
|
|
|
|
fail:
|
|
if (c)
|
|
web_connection_stop(c);
|
|
}
|
|
|
|
|
|
/*
|
|
* Listening for web connections
|
|
* We have a single TCP listening port, and hand off connections as we get
|
|
* them.
|
|
*/
|
|
|
|
void web_listener_stop(struct upnp_wps_device_sm *sm)
|
|
{
|
|
http_server_deinit(sm->web_srv);
|
|
sm->web_srv = NULL;
|
|
}
|
|
|
|
|
|
int web_listener_start(struct upnp_wps_device_sm *sm)
|
|
{
|
|
struct in_addr addr;
|
|
addr.s_addr = sm->ip_addr;
|
|
sm->web_srv = http_server_init(&addr, -1, web_connection_start, sm);
|
|
if (sm->web_srv == NULL) {
|
|
web_listener_stop(sm);
|
|
return -1;
|
|
}
|
|
sm->web_port = http_server_get_port(sm->web_srv);
|
|
|
|
return 0;
|
|
}
|