+++ /dev/null
-/*
- * UPnP WPS Device - Web connections
- * Copyright (c) 2000-2003 Intel Corporation
- * Copyright (c) 2006-2007 Sony Corporation
- * Copyright (c) 2008-2009 Atheros Communications
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
- *
- * See wps_upnp.c for more details on licensing and code history.
- */
-
-#include "includes.h"
-
-#include "common.h"
-#include "base64.h"
-#include "uuid.h"
-#include "httpread.h"
-#include "http_server.h"
-#include "wps_i.h"
-#include "wps_upnp.h"
-#include "wps_upnp_i.h"
-#include "upnp_xml.h"
-
-/***************************************************************************
- * Web connections (we serve pages of info about ourselves, handle
- * requests, etc. etc.).
- **************************************************************************/
-
-#define WEB_CONNECTION_TIMEOUT_SEC 30 /* Drop web connection after t.o. */
-#define WEB_CONNECTION_MAX_READ 8000 /* Max we'll read for TCP request */
-#define MAX_WEB_CONNECTIONS 10 /* max simultaneous web connects */
-
-
-static const char *urn_wfawlanconfig =
- "urn:schemas-wifialliance-org:service:WFAWLANConfig:1";
-static const char *http_server_hdr =
- "Server: unspecified, UPnP/1.0, unspecified\r\n";
-static const char *http_connection_close =
- "Connection: close\r\n";
-
-/*
- * "Files" that we serve via HTTP. The format of these files is given by
- * WFA WPS specifications. Extra white space has been removed to save space.
- */
-
-static const char wps_scpd_xml[] =
-"<?xml version=\"1.0\"?>\n"
-"<scpd xmlns=\"urn:schemas-upnp-org:service-1-0\">\n"
-"<specVersion><major>1</major><minor>0</minor></specVersion>\n"
-"<actionList>\n"
-"<action>\n"
-"<name>GetDeviceInfo</name>\n"
-"<argumentList>\n"
-"<argument>\n"
-"<name>NewDeviceInfo</name>\n"
-"<direction>out</direction>\n"
-"<relatedStateVariable>DeviceInfo</relatedStateVariable>\n"
-"</argument>\n"
-"</argumentList>\n"
-"</action>\n"
-"<action>\n"
-"<name>PutMessage</name>\n"
-"<argumentList>\n"
-"<argument>\n"
-"<name>NewInMessage</name>\n"
-"<direction>in</direction>\n"
-"<relatedStateVariable>InMessage</relatedStateVariable>\n"
-"</argument>\n"
-"<argument>\n"
-"<name>NewOutMessage</name>\n"
-"<direction>out</direction>\n"
-"<relatedStateVariable>OutMessage</relatedStateVariable>\n"
-"</argument>\n"
-"</argumentList>\n"
-"</action>\n"
-"<action>\n"
-"<name>PutWLANResponse</name>\n"
-"<argumentList>\n"
-"<argument>\n"
-"<name>NewMessage</name>\n"
-"<direction>in</direction>\n"
-"<relatedStateVariable>Message</relatedStateVariable>\n"
-"</argument>\n"
-"<argument>\n"
-"<name>NewWLANEventType</name>\n"
-"<direction>in</direction>\n"
-"<relatedStateVariable>WLANEventType</relatedStateVariable>\n"
-"</argument>\n"
-"<argument>\n"
-"<name>NewWLANEventMAC</name>\n"
-"<direction>in</direction>\n"
-"<relatedStateVariable>WLANEventMAC</relatedStateVariable>\n"
-"</argument>\n"
-"</argumentList>\n"
-"</action>\n"
-"<action>\n"
-"<name>SetSelectedRegistrar</name>\n"
-"<argumentList>\n"
-"<argument>\n"
-"<name>NewMessage</name>\n"
-"<direction>in</direction>\n"
-"<relatedStateVariable>Message</relatedStateVariable>\n"
-"</argument>\n"
-"</argumentList>\n"
-"</action>\n"
-"</actionList>\n"
-"<serviceStateTable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>Message</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>InMessage</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>OutMessage</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>DeviceInfo</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"yes\">\n"
-"<name>APStatus</name>\n"
-"<dataType>ui1</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"yes\">\n"
-"<name>STAStatus</name>\n"
-"<dataType>ui1</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"yes\">\n"
-"<name>WLANEvent</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>WLANEventType</name>\n"
-"<dataType>ui1</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>WLANEventMAC</name>\n"
-"<dataType>string</dataType>\n"
-"</stateVariable>\n"
-"<stateVariable sendEvents=\"no\">\n"
-"<name>WLANResponse</name>\n"
-"<dataType>bin.base64</dataType>\n"
-"</stateVariable>\n"
-"</serviceStateTable>\n"
-"</scpd>\n"
-;
-
-
-static const char *wps_device_xml_prefix =
- "<?xml version=\"1.0\"?>\n"
- "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n"
- "<specVersion>\n"
- "<major>1</major>\n"
- "<minor>0</minor>\n"
- "</specVersion>\n"
- "<device>\n"
- "<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1"
- "</deviceType>\n";
-
-static const char *wps_device_xml_postfix =
- "<serviceList>\n"
- "<service>\n"
- "<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1"
- "</serviceType>\n"
- "<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>"
- "\n"
- "<SCPDURL>" UPNP_WPS_SCPD_XML_FILE "</SCPDURL>\n"
- "<controlURL>" UPNP_WPS_DEVICE_CONTROL_FILE "</controlURL>\n"
- "<eventSubURL>" UPNP_WPS_DEVICE_EVENT_FILE "</eventSubURL>\n"
- "</service>\n"
- "</serviceList>\n"
- "</device>\n"
- "</root>\n";
-
-
-/* format_wps_device_xml -- produce content of "file" wps_device.xml
- * (UPNP_WPS_DEVICE_XML_FILE)
- */
-static void format_wps_device_xml(struct upnp_wps_device_interface *iface,
- struct upnp_wps_device_sm *sm,
- struct wpabuf *buf)
-{
- const char *s;
- char uuid_string[80];
-
- wpabuf_put_str(buf, wps_device_xml_prefix);
-
- /*
- * Add required fields with default values if not configured. Add
- * optional and recommended fields only if configured.
- */
- s = iface->wps->friendly_name;
- s = ((s && *s) ? s : "WPS Access Point");
- xml_add_tagged_data(buf, "friendlyName", s);
-
- s = iface->wps->dev.manufacturer;
- s = ((s && *s) ? s : "");
- xml_add_tagged_data(buf, "manufacturer", s);
-
- if (iface->wps->manufacturer_url)
- xml_add_tagged_data(buf, "manufacturerURL",
- iface->wps->manufacturer_url);
-
- if (iface->wps->model_description)
- xml_add_tagged_data(buf, "modelDescription",
- iface->wps->model_description);
-
- s = iface->wps->dev.model_name;
- s = ((s && *s) ? s : "");
- xml_add_tagged_data(buf, "modelName", s);
-
- if (iface->wps->dev.model_number)
- xml_add_tagged_data(buf, "modelNumber",
- iface->wps->dev.model_number);
-
- if (iface->wps->model_url)
- xml_add_tagged_data(buf, "modelURL", iface->wps->model_url);
-
- if (iface->wps->dev.serial_number)
- xml_add_tagged_data(buf, "serialNumber",
- iface->wps->dev.serial_number);
-
- uuid_bin2str(iface->wps->uuid, uuid_string, sizeof(uuid_string));
- s = uuid_string;
- /* Need "uuid:" prefix, thus we can't use xml_add_tagged_data()
- * easily...
- */
- wpabuf_put_str(buf, "<UDN>uuid:");
- xml_data_encode(buf, s, os_strlen(s));
- wpabuf_put_str(buf, "</UDN>\n");
-
- if (iface->wps->upc)
- xml_add_tagged_data(buf, "UPC", iface->wps->upc);
-
- wpabuf_put_str(buf, wps_device_xml_postfix);
-}
-
-
-static void http_put_reply_code(struct wpabuf *buf, enum http_reply_code code)
-{
- wpabuf_put_str(buf, "HTTP/1.1 ");
- switch (code) {
- case HTTP_OK:
- wpabuf_put_str(buf, "200 OK\r\n");
- break;
- case HTTP_BAD_REQUEST:
- wpabuf_put_str(buf, "400 Bad request\r\n");
- break;
- case HTTP_PRECONDITION_FAILED:
- wpabuf_put_str(buf, "412 Precondition failed\r\n");
- break;
- case HTTP_UNIMPLEMENTED:
- wpabuf_put_str(buf, "501 Unimplemented\r\n");
- break;
- case HTTP_INTERNAL_SERVER_ERROR:
- default:
- wpabuf_put_str(buf, "500 Internal server error\r\n");
- break;
- }
-}
-
-
-static void http_put_date(struct wpabuf *buf)
-{
- wpabuf_put_str(buf, "Date: ");
- format_date(buf);
- wpabuf_put_str(buf, "\r\n");
-}
-
-
-static void http_put_empty(struct wpabuf *buf, enum http_reply_code code)
-{
- http_put_reply_code(buf, code);
- wpabuf_put_str(buf, http_server_hdr);
- wpabuf_put_str(buf, http_connection_close);
- wpabuf_put_str(buf, "Content-Length: 0\r\n"
- "\r\n");
-}
-
-
-/* Given that we have received a header w/ GET, act upon it
- *
- * Format of GET (case-insensitive):
- *
- * First line must be:
- * GET /<file> HTTP/1.1
- * Since we don't do anything fancy we just ignore other lines.
- *
- * Our response (if no error) which includes only required lines is:
- * HTTP/1.1 200 OK
- * Connection: close
- * Content-Type: text/xml
- * Date: <rfc1123-date>
- *
- * Header lines must end with \r\n
- * Per RFC 2616, content-length: is not required but connection:close
- * would appear to be required (given that we will be closing it!).
- */
-static void web_connection_parse_get(struct upnp_wps_device_sm *sm,
- struct http_request *hreq,
- const char *filename)
-{
- struct wpabuf *buf; /* output buffer, allocated */
- char *put_length_here;
- char *body_start;
- enum {
- GET_DEVICE_XML_FILE,
- GET_SCPD_XML_FILE
- } req;
- size_t extra_len = 0;
- int body_length;
- char len_buf[10];
- struct upnp_wps_device_interface *iface;
-
- iface = dl_list_first(&sm->interfaces,
- struct upnp_wps_device_interface, list);
- if (iface == NULL) {
- http_request_deinit(hreq);
- return;
- }
-
- /*
- * It is not required that filenames be case insensitive but it is
- * allowed and cannot hurt here.
- */
- if (os_strcasecmp(filename, UPNP_WPS_DEVICE_XML_FILE) == 0) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for device XML");
- req = GET_DEVICE_XML_FILE;
- extra_len = 3000;
- if (iface->wps->friendly_name)
- extra_len += os_strlen(iface->wps->friendly_name);
- if (iface->wps->manufacturer_url)
- extra_len += os_strlen(iface->wps->manufacturer_url);
- if (iface->wps->model_description)
- extra_len += os_strlen(iface->wps->model_description);
- if (iface->wps->model_url)
- extra_len += os_strlen(iface->wps->model_url);
- if (iface->wps->upc)
- extra_len += os_strlen(iface->wps->upc);
- } else if (!os_strcasecmp(filename, UPNP_WPS_SCPD_XML_FILE)) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for SCPD XML");
- req = GET_SCPD_XML_FILE;
- extra_len = os_strlen(wps_scpd_xml);
- } else {
- /* File not found */
- wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET file not found: %s",
- filename);
- buf = wpabuf_alloc(200);
- if (buf == NULL) {
- http_request_deinit(hreq);
- return;
- }
- wpabuf_put_str(buf,
- "HTTP/1.1 404 Not Found\r\n"
- "Connection: close\r\n");
-
- http_put_date(buf);
-
- /* terminating empty line */
- wpabuf_put_str(buf, "\r\n");
-
- goto send_buf;
- }
-
- buf = wpabuf_alloc(1000 + extra_len);
- if (buf == NULL) {
- http_request_deinit(hreq);
- return;
- }
-
- wpabuf_put_str(buf,
- "HTTP/1.1 200 OK\r\n"
- "Content-Type: text/xml; charset=\"utf-8\"\r\n");
- wpabuf_put_str(buf, "Server: Unspecified, UPnP/1.0, Unspecified\r\n");
- wpabuf_put_str(buf, "Connection: close\r\n");
- wpabuf_put_str(buf, "Content-Length: ");
- /*
- * We will paste the length in later, leaving some extra whitespace.
- * HTTP code is supposed to be tolerant of extra whitespace.
- */
- put_length_here = wpabuf_put(buf, 0);
- wpabuf_put_str(buf, " \r\n");
-
- http_put_date(buf);
-
- /* terminating empty line */
- wpabuf_put_str(buf, "\r\n");
-
- body_start = wpabuf_put(buf, 0);
-
- switch (req) {
- case GET_DEVICE_XML_FILE:
- format_wps_device_xml(iface, sm, buf);
- break;
- case GET_SCPD_XML_FILE:
- wpabuf_put_str(buf, wps_scpd_xml);
- break;
- }
-
- /* Now patch in the content length at the end */
- body_length = (char *) wpabuf_put(buf, 0) - body_start;
- os_snprintf(len_buf, 10, "%d", body_length);
- os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
-
-send_buf:
- http_request_send_and_deinit(hreq, buf);
-}
-
-
-static void wps_upnp_peer_del(struct upnp_wps_peer *peer)
-{
- dl_list_del(&peer->list);
- if (peer->wps)
- wps_deinit(peer->wps);
- os_free(peer);
-}
-
-
-static enum http_reply_code
-web_process_get_device_info(struct upnp_wps_device_sm *sm,
- struct wpabuf **reply, const char **replyname)
-{
- static const char *name = "NewDeviceInfo";
- struct wps_config cfg;
- struct upnp_wps_device_interface *iface;
- struct upnp_wps_peer *peer;
-
- iface = dl_list_first(&sm->interfaces,
- struct upnp_wps_device_interface, list);
-
- wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo");
-
- if (!iface || iface->ctx->ap_pin == NULL)
- return HTTP_INTERNAL_SERVER_ERROR;
-
- peer = os_zalloc(sizeof(*peer));
- if (!peer)
- return HTTP_INTERNAL_SERVER_ERROR;
-
- /*
- * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS
- * registration over UPnP with the AP acting as an Enrollee. It should
- * be noted that this is frequently used just to get the device data,
- * i.e., there may not be any intent to actually complete the
- * registration.
- */
-
- os_memset(&cfg, 0, sizeof(cfg));
- cfg.wps = iface->wps;
- cfg.pin = (u8 *) iface->ctx->ap_pin;
- cfg.pin_len = os_strlen(iface->ctx->ap_pin);
- peer->wps = wps_init(&cfg);
- if (peer->wps) {
- enum wsc_op_code op_code;
- *reply = wps_get_msg(peer->wps, &op_code);
- if (*reply == NULL) {
- wps_deinit(peer->wps);
- peer->wps = NULL;
- }
- } else
- *reply = NULL;
- if (*reply == NULL) {
- wpa_printf(MSG_INFO, "WPS UPnP: Failed to get DeviceInfo");
- os_free(peer);
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- if (dl_list_len(&iface->peers) > 3) {
- struct upnp_wps_peer *old;
-
- old = dl_list_first(&iface->peers, struct upnp_wps_peer, list);
- if (old) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: Drop oldest active session");
- wps_upnp_peer_del(old);
- }
- }
- dl_list_add_tail(&iface->peers, &peer->list);
- /* TODO: Could schedule a timeout to free the entry */
-
- *replyname = name;
- return HTTP_OK;
-}
-
-
-static enum http_reply_code
-web_process_put_message(struct upnp_wps_device_sm *sm, char *data,
- struct wpabuf **reply, const char **replyname)
-{
- struct wpabuf *msg;
- static const char *name = "NewOutMessage";
- enum http_reply_code ret;
- enum wps_process_res res;
- enum wsc_op_code op_code;
- struct upnp_wps_device_interface *iface;
- struct wps_parse_attr attr;
- struct upnp_wps_peer *tmp, *peer;
-
- iface = dl_list_first(&sm->interfaces,
- struct upnp_wps_device_interface, list);
- if (!iface)
- return HTTP_INTERNAL_SERVER_ERROR;
-
- /*
- * PutMessage is used by external UPnP-based Registrar to perform WPS
- * operation with the access point itself; as compared with
- * PutWLANResponse which is for proxying.
- */
- wpa_printf(MSG_DEBUG, "WPS UPnP: PutMessage");
- msg = xml_get_base64_item(data, "NewInMessage", &ret);
- if (msg == NULL)
- return ret;
-
- if (wps_parse_msg(msg, &attr)) {
- wpa_printf(MSG_DEBUG,
- "WPS UPnP: Could not parse PutMessage - NewInMessage");
- wpabuf_free(msg);
- return HTTP_BAD_REQUEST;
- }
-
- /* Find a matching active peer session */
- peer = NULL;
- dl_list_for_each(tmp, &iface->peers, struct upnp_wps_peer, list) {
- if (!tmp->wps)
- continue;
- if (attr.enrollee_nonce &&
- os_memcmp(tmp->wps->nonce_e, attr.enrollee_nonce,
- WPS_NONCE_LEN) != 0)
- continue; /* Enrollee nonce mismatch */
- if (attr.msg_type &&
- *attr.msg_type != WPS_M2 &&
- *attr.msg_type != WPS_M2D &&
- attr.registrar_nonce &&
- os_memcmp(tmp->wps->nonce_r, attr.registrar_nonce,
- WPS_NONCE_LEN) != 0)
- continue; /* Registrar nonce mismatch */
- peer = tmp;
- break;
- }
- if (!peer) {
- /*
- Try to use the first entry in case message could work with
- * it. The actual handler function will reject this, if needed.
- * This maintains older behavior where only a single peer entry
- * was supported.
- */
- peer = dl_list_first(&iface->peers, struct upnp_wps_peer, list);
- }
- if (!peer || !peer->wps) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: No active peer entry found");
- wpabuf_free(msg);
- return HTTP_BAD_REQUEST;
- }
-
- res = wps_process_msg(peer->wps, WSC_UPnP, msg);
- if (res == WPS_FAILURE) {
- *reply = NULL;
- wpa_printf(MSG_DEBUG, "WPS UPnP: Drop active peer session");
- wps_upnp_peer_del(peer);
- } else {
- *reply = wps_get_msg(peer->wps, &op_code);
- }
- wpabuf_free(msg);
- if (*reply == NULL)
- return HTTP_INTERNAL_SERVER_ERROR;
- *replyname = name;
- return HTTP_OK;
-}
-
-
-static enum http_reply_code
-web_process_put_wlan_response(struct upnp_wps_device_sm *sm, char *data,
- struct wpabuf **reply, const char **replyname)
-{
- struct wpabuf *msg;
- enum http_reply_code ret;
- u8 macaddr[ETH_ALEN];
- int ev_type;
- int type;
- char *val;
- struct upnp_wps_device_interface *iface;
- int ok = 0;
-
- /*
- * External UPnP-based Registrar is passing us a message to be proxied
- * over to a Wi-Fi -based client of ours.
- */
-
- wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse");
- msg = xml_get_base64_item(data, "NewMessage", &ret);
- if (msg == NULL) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: Could not extract NewMessage "
- "from PutWLANResponse");
- return ret;
- }
- val = xml_get_first_item(data, "NewWLANEventType");
- if (val == NULL) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventType in "
- "PutWLANResponse");
- wpabuf_free(msg);
- return UPNP_ARG_VALUE_INVALID;
- }
- ev_type = atol(val);
- os_free(val);
- val = xml_get_first_item(data, "NewWLANEventMAC");
- if (val == NULL) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventMAC in "
- "PutWLANResponse");
- wpabuf_free(msg);
- return UPNP_ARG_VALUE_INVALID;
- }
- if (hwaddr_aton(val, macaddr)) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid NewWLANEventMAC in "
- "PutWLANResponse: '%s'", val);
-#ifdef CONFIG_WPS_STRICT
- {
- struct wps_parse_attr attr;
- if (wps_parse_msg(msg, &attr) < 0 || attr.version2) {
- wpabuf_free(msg);
- os_free(val);
- return UPNP_ARG_VALUE_INVALID;
- }
- }
-#endif /* CONFIG_WPS_STRICT */
- if (hwaddr_aton2(val, macaddr) > 0) {
- /*
- * At least some versions of Intel PROset seem to be
- * using dot-deliminated MAC address format here.
- */
- wpa_printf(MSG_DEBUG, "WPS UPnP: Workaround - allow "
- "incorrect MAC address format in "
- "NewWLANEventMAC: %s -> " MACSTR,
- val, MAC2STR(macaddr));
- } else {
- wpabuf_free(msg);
- os_free(val);
- return UPNP_ARG_VALUE_INVALID;
- }
- }
- os_free(val);
- if (ev_type == UPNP_WPS_WLANEVENT_TYPE_EAP) {
- struct wps_parse_attr attr;
- if (wps_parse_msg(msg, &attr) < 0 ||
- attr.msg_type == NULL)
- type = -1;
- else
- type = *attr.msg_type;
- wpa_printf(MSG_DEBUG, "WPS UPnP: Message Type %d", type);
- } else
- type = -1;
- dl_list_for_each(iface, &sm->interfaces,
- struct upnp_wps_device_interface, list) {
- if (iface->ctx->rx_req_put_wlan_response &&
- iface->ctx->rx_req_put_wlan_response(iface->priv, ev_type,
- macaddr, msg, type)
- == 0)
- ok = 1;
- }
-
- if (!ok) {
- wpa_printf(MSG_INFO, "WPS UPnP: Fail: sm->ctx->"
- "rx_req_put_wlan_response");
- wpabuf_free(msg);
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- wpabuf_free(msg);
- *replyname = NULL;
- *reply = NULL;
- return HTTP_OK;
-}
-
-
-static int find_er_addr(struct subscription *s, struct sockaddr_in *cli)
-{
- struct subscr_addr *a;
-
- dl_list_for_each(a, &s->addr_list, struct subscr_addr, list) {
- if (cli->sin_addr.s_addr == a->saddr.sin_addr.s_addr)
- return 1;
- }
- return 0;
-}
-
-
-static struct subscription * find_er(struct upnp_wps_device_sm *sm,
- struct sockaddr_in *cli)
-{
- struct subscription *s;
- dl_list_for_each(s, &sm->subscriptions, struct subscription, list)
- if (find_er_addr(s, cli))
- return s;
- return NULL;
-}
-
-
-static enum http_reply_code
-web_process_set_selected_registrar(struct upnp_wps_device_sm *sm,
- struct sockaddr_in *cli, char *data,
- struct wpabuf **reply,
- const char **replyname)
-{
- struct wpabuf *msg;
- enum http_reply_code ret;
- struct subscription *s;
- struct upnp_wps_device_interface *iface;
- int err = 0;
-
- wpa_printf(MSG_DEBUG, "WPS UPnP: SetSelectedRegistrar");
- s = find_er(sm, cli);
- if (s == NULL) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: Ignore SetSelectedRegistrar "
- "from unknown ER");
- return UPNP_ACTION_FAILED;
- }
- msg = xml_get_base64_item(data, "NewMessage", &ret);
- if (msg == NULL)
- return ret;
- dl_list_for_each(iface, &sm->interfaces,
- struct upnp_wps_device_interface, list) {
- if (upnp_er_set_selected_registrar(iface->wps->registrar, s,
- msg))
- err = 1;
- }
- wpabuf_free(msg);
- if (err)
- return HTTP_INTERNAL_SERVER_ERROR;
- *replyname = NULL;
- *reply = NULL;
- return HTTP_OK;
-}
-
-
-static const char *soap_prefix =
- "<?xml version=\"1.0\"?>\n"
- "<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" "
- "s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n"
- "<s:Body>\n";
-static const char *soap_postfix =
- "</s:Body>\n</s:Envelope>\n";
-
-static const char *soap_error_prefix =
- "<s:Fault>\n"
- "<faultcode>s:Client</faultcode>\n"
- "<faultstring>UPnPError</faultstring>\n"
- "<detail>\n"
- "<UPnPError xmlns=\"urn:schemas-upnp-org:control-1-0\">\n";
-static const char *soap_error_postfix =
- "<errorDescription>Error</errorDescription>\n"
- "</UPnPError>\n"
- "</detail>\n"
- "</s:Fault>\n";
-
-static void web_connection_send_reply(struct http_request *req,
- enum http_reply_code ret,
- const char *action, int action_len,
- const struct wpabuf *reply,
- const char *replyname)
-{
- struct wpabuf *buf;
- char *replydata;
- char *put_length_here = NULL;
- char *body_start = NULL;
-
- if (reply) {
- size_t len;
- replydata = (char *) base64_encode(wpabuf_head(reply),
- wpabuf_len(reply), &len);
- } else
- replydata = NULL;
-
- /* Parameters of the response:
- * action(action_len) -- action we are responding to
- * replyname -- a name we need for the reply
- * replydata -- NULL or null-terminated string
- */
- buf = wpabuf_alloc(1000 + (replydata ? os_strlen(replydata) : 0U) +
- (action_len > 0 ? action_len * 2 : 0));
- if (buf == NULL) {
- wpa_printf(MSG_INFO, "WPS UPnP: Cannot allocate reply to "
- "POST");
- os_free(replydata);
- http_request_deinit(req);
- return;
- }
-
- /*
- * Assuming we will be successful, put in the output header first.
- * Note: we do not keep connections alive (and httpread does
- * not support it)... therefore we must have Connection: close.
- */
- if (ret == HTTP_OK) {
- wpabuf_put_str(buf,
- "HTTP/1.1 200 OK\r\n"
- "Content-Type: text/xml; "
- "charset=\"utf-8\"\r\n");
- } else {
- wpabuf_printf(buf, "HTTP/1.1 %d Error\r\n", ret);
- }
- wpabuf_put_str(buf, http_connection_close);
-
- wpabuf_put_str(buf, "Content-Length: ");
- /*
- * We will paste the length in later, leaving some extra whitespace.
- * HTTP code is supposed to be tolerant of extra whitespace.
- */
- put_length_here = wpabuf_put(buf, 0);
- wpabuf_put_str(buf, " \r\n");
-
- http_put_date(buf);
-
- /* terminating empty line */
- wpabuf_put_str(buf, "\r\n");
-
- body_start = wpabuf_put(buf, 0);
-
- if (ret == HTTP_OK) {
- wpabuf_put_str(buf, soap_prefix);
- wpabuf_put_str(buf, "<u:");
- wpabuf_put_data(buf, action, action_len);
- wpabuf_put_str(buf, "Response xmlns:u=\"");
- wpabuf_put_str(buf, urn_wfawlanconfig);
- wpabuf_put_str(buf, "\">\n");
- if (replydata && replyname) {
- /* TODO: might possibly need to escape part of reply
- * data? ...
- * probably not, unlikely to have ampersand(&) or left
- * angle bracket (<) in it...
- */
- wpabuf_printf(buf, "<%s>", replyname);
- wpabuf_put_str(buf, replydata);
- wpabuf_printf(buf, "</%s>\n", replyname);
- }
- wpabuf_put_str(buf, "</u:");
- wpabuf_put_data(buf, action, action_len);
- wpabuf_put_str(buf, "Response>\n");
- wpabuf_put_str(buf, soap_postfix);
- } else {
- /* Error case */
- wpabuf_put_str(buf, soap_prefix);
- wpabuf_put_str(buf, soap_error_prefix);
- wpabuf_printf(buf, "<errorCode>%d</errorCode>\n", ret);
- wpabuf_put_str(buf, soap_error_postfix);
- wpabuf_put_str(buf, soap_postfix);
- }
- os_free(replydata);
-
- /* Now patch in the content length at the end */
- if (body_start && put_length_here) {
- int body_length = (char *) wpabuf_put(buf, 0) - body_start;
- char len_buf[10];
- os_snprintf(len_buf, sizeof(len_buf), "%d", body_length);
- os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
- }
-
- http_request_send_and_deinit(req, buf);
-}
-
-
-static const char * web_get_action(struct http_request *req,
- size_t *action_len)
-{
- const char *match;
- int match_len;
- char *b;
- char *action;
-
- *action_len = 0;
- /* The SOAPAction line of the header tells us what we want to do */
- b = http_request_get_hdr_line(req, "SOAPAction:");
- if (b == NULL)
- return NULL;
- if (*b == '"')
- b++;
- else
- return NULL;
- match = urn_wfawlanconfig;
- match_len = os_strlen(urn_wfawlanconfig) - 1;
- if (os_strncasecmp(b, match, match_len))
- return NULL;
- b += match_len;
- /* skip over version */
- while (isgraph(*b) && *b != '#')
- b++;
- if (*b != '#')
- return NULL;
- b++;
- /* Following the sharp(#) should be the action and a double quote */
- action = b;
- while (isgraph(*b) && *b != '"')
- b++;
- if (*b != '"')
- return NULL;
- *action_len = b - action;
- return action;
-}
-
-
-/* Given that we have received a header w/ POST, act upon it
- *
- * Format of POST (case-insensitive):
- *
- * First line must be:
- * POST /<file> HTTP/1.1
- * Since we don't do anything fancy we just ignore other lines.
- *
- * Our response (if no error) which includes only required lines is:
- * HTTP/1.1 200 OK
- * Connection: close
- * Content-Type: text/xml
- * Date: <rfc1123-date>
- *
- * Header lines must end with \r\n
- * Per RFC 2616, content-length: is not required but connection:close
- * would appear to be required (given that we will be closing it!).
- */
-static void web_connection_parse_post(struct upnp_wps_device_sm *sm,
- struct sockaddr_in *cli,
- struct http_request *req,
- const char *filename)
-{
- enum http_reply_code ret;
- char *data = http_request_get_data(req); /* body of http msg */
- const char *action = NULL;
- size_t action_len = 0;
- const char *replyname = NULL; /* argument name for the reply */
- struct wpabuf *reply = NULL; /* data for the reply */
-
- if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
- wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
- filename);
- ret = HTTP_NOT_FOUND;
- goto bad;
- }
-
- ret = UPNP_INVALID_ACTION;
- action = web_get_action(req, &action_len);
- if (action == NULL)
- goto bad;
-
- if (!os_strncasecmp("GetDeviceInfo", action, action_len))
- ret = web_process_get_device_info(sm, &reply, &replyname);
- else if (!os_strncasecmp("PutMessage", action, action_len))
- ret = web_process_put_message(sm, data, &reply, &replyname);
- else if (!os_strncasecmp("PutWLANResponse", action, action_len))
- ret = web_process_put_wlan_response(sm, data, &reply,
- &replyname);
- else if (!os_strncasecmp("SetSelectedRegistrar", action, action_len))
- ret = web_process_set_selected_registrar(sm, cli, data, &reply,
- &replyname);
- else
- wpa_printf(MSG_INFO, "WPS UPnP: Unknown POST type");
-
-bad:
- if (ret != HTTP_OK)
- wpa_printf(MSG_INFO, "WPS UPnP: POST failure ret=%d", ret);
- web_connection_send_reply(req, ret, action, action_len, reply,
- replyname);
- wpabuf_free(reply);
-}
-
-
-/* Given that we have received a header w/ SUBSCRIBE, act upon it
- *
- * Format of SUBSCRIBE (case-insensitive):
- *
- * First line must be:
- * SUBSCRIBE /wps_event HTTP/1.1
- *
- * Our response (if no error) which includes only required lines is:
- * HTTP/1.1 200 OK
- * Server: xx, UPnP/1.0, xx
- * SID: uuid:xxxxxxxxx
- * Timeout: Second-<n>
- * Content-Length: 0
- * Date: xxxx
- *
- * Header lines must end with \r\n
- * Per RFC 2616, content-length: is not required but connection:close
- * would appear to be required (given that we will be closing it!).
- */
-static void web_connection_parse_subscribe(struct upnp_wps_device_sm *sm,
- struct http_request *req,
- const char *filename)
-{
- struct wpabuf *buf;
- char *b;
- char *hdr = http_request_get_hdr(req);
- char *h;
- char *match;
- int match_len;
- char *end;
- int len;
- int got_nt = 0;
- u8 uuid[UUID_LEN];
- int got_uuid = 0;
- char *callback_urls = NULL;
- struct subscription *s = NULL;
- enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
-
- buf = wpabuf_alloc(1000);
- if (buf == NULL) {
- http_request_deinit(req);
- return;
- }
-
- wpa_hexdump_ascii(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE",
- (u8 *) hdr, os_strlen(hdr));
-
- /* Parse/validate headers */
- h = hdr;
- /* First line: SUBSCRIBE /wps_event HTTP/1.1
- * has already been parsed.
- */
- if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
- ret = HTTP_PRECONDITION_FAILED;
- goto error;
- }
- wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE for event");
- end = os_strchr(h, '\n');
-
- while (end) {
- /* Option line by option line */
- h = end + 1;
- end = os_strchr(h, '\n');
- if (end == NULL)
- break; /* no unterminated lines allowed */
-
- /* NT assures that it is our type of subscription;
- * not used for a renewal.
- **/
- match = "NT:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- match = "upnp:event";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) != 0) {
- ret = HTTP_BAD_REQUEST;
- goto error;
- }
- got_nt = 1;
- continue;
- }
- /* HOST should refer to us */
-#if 0
- match = "HOST:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- .....
- }
-#endif
- /* CALLBACK gives one or more URLs for NOTIFYs
- * to be sent as a result of the subscription.
- * Each URL is enclosed in angle brackets.
- */
- match = "CALLBACK:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- len = end - h;
- os_free(callback_urls);
- callback_urls = dup_binstr(h, len);
- if (callback_urls == NULL) {
- ret = HTTP_INTERNAL_SERVER_ERROR;
- goto error;
- }
- if (len > 0 && callback_urls[len - 1] == '\r')
- callback_urls[len - 1] = '\0';
- continue;
- }
- /* SID is only for renewal */
- match = "SID:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- match = "uuid:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) != 0) {
- ret = HTTP_BAD_REQUEST;
- goto error;
- }
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- if (uuid_str2bin(h, uuid)) {
- ret = HTTP_BAD_REQUEST;
- goto error;
- }
- got_uuid = 1;
- continue;
- }
- /* TIMEOUT is requested timeout, but apparently we can
- * just ignore this.
- */
- }
-
- if (got_uuid) {
- /* renewal */
- wpa_printf(MSG_DEBUG, "WPS UPnP: Subscription renewal");
- if (callback_urls) {
- ret = HTTP_BAD_REQUEST;
- goto error;
- }
- s = subscription_renew(sm, uuid);
- if (s == NULL) {
- char str[80];
- uuid_bin2str(uuid, str, sizeof(str));
- wpa_printf(MSG_DEBUG, "WPS UPnP: Could not find "
- "SID %s", str);
- ret = HTTP_PRECONDITION_FAILED;
- goto error;
- }
- } else if (callback_urls) {
- wpa_printf(MSG_DEBUG, "WPS UPnP: New subscription");
- if (!got_nt) {
- ret = HTTP_PRECONDITION_FAILED;
- goto error;
- }
- s = subscription_start(sm, callback_urls);
- if (s == NULL) {
- ret = HTTP_INTERNAL_SERVER_ERROR;
- goto error;
- }
- } else {
- ret = HTTP_PRECONDITION_FAILED;
- goto error;
- }
-
- /* success */
- http_put_reply_code(buf, HTTP_OK);
- wpabuf_put_str(buf, http_server_hdr);
- wpabuf_put_str(buf, http_connection_close);
- wpabuf_put_str(buf, "Content-Length: 0\r\n");
- wpabuf_put_str(buf, "SID: uuid:");
- /* subscription id */
- b = wpabuf_put(buf, 0);
- uuid_bin2str(s->uuid, b, 80);
- wpa_printf(MSG_DEBUG, "WPS UPnP: Assigned SID %s", b);
- wpabuf_put(buf, os_strlen(b));
- wpabuf_put_str(buf, "\r\n");
- wpabuf_printf(buf, "Timeout: Second-%d\r\n", UPNP_SUBSCRIBE_SEC);
- http_put_date(buf);
- /* And empty line to terminate header: */
- wpabuf_put_str(buf, "\r\n");
-
- os_free(callback_urls);
- http_request_send_and_deinit(req, buf);
- return;
-
-error:
- /* Per UPnP spec:
- * Errors
- * Incompatible headers
- * 400 Bad Request. If SID header and one of NT or CALLBACK headers
- * are present, the publisher must respond with HTTP error
- * 400 Bad Request.
- * Missing or invalid CALLBACK
- * 412 Precondition Failed. If CALLBACK header is missing or does not
- * contain a valid HTTP URL, the publisher must respond with HTTP
- * error 412 Precondition Failed.
- * Invalid NT
- * 412 Precondition Failed. If NT header does not equal upnp:event,
- * the publisher must respond with HTTP error 412 Precondition
- * Failed.
- * [For resubscription, use 412 if unknown uuid].
- * Unable to accept subscription
- * 5xx. If a publisher is not able to accept a subscription (such as
- * due to insufficient resources), it must respond with a
- * HTTP 500-series error code.
- * 599 Too many subscriptions (not a standard HTTP error)
- */
- wpa_printf(MSG_DEBUG, "WPS UPnP: SUBSCRIBE failed - return %d", ret);
- http_put_empty(buf, ret);
- http_request_send_and_deinit(req, buf);
- os_free(callback_urls);
-}
-
-
-/* Given that we have received a header w/ UNSUBSCRIBE, act upon it
- *
- * Format of UNSUBSCRIBE (case-insensitive):
- *
- * First line must be:
- * UNSUBSCRIBE /wps_event HTTP/1.1
- *
- * Our response (if no error) which includes only required lines is:
- * HTTP/1.1 200 OK
- * Content-Length: 0
- *
- * Header lines must end with \r\n
- * Per RFC 2616, content-length: is not required but connection:close
- * would appear to be required (given that we will be closing it!).
- */
-static void web_connection_parse_unsubscribe(struct upnp_wps_device_sm *sm,
- struct http_request *req,
- const char *filename)
-{
- struct wpabuf *buf;
- char *hdr = http_request_get_hdr(req);
- char *h;
- char *match;
- int match_len;
- char *end;
- u8 uuid[UUID_LEN];
- int got_uuid = 0;
- struct subscription *s = NULL;
- enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
-
- /* Parse/validate headers */
- h = hdr;
- /* First line: UNSUBSCRIBE /wps_event HTTP/1.1
- * has already been parsed.
- */
- if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
- ret = HTTP_PRECONDITION_FAILED;
- goto send_msg;
- }
- wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP UNSUBSCRIBE for event");
- end = os_strchr(h, '\n');
-
- while (end) {
- /* Option line by option line */
- h = end + 1;
- end = os_strchr(h, '\n');
- if (end == NULL)
- break; /* no unterminated lines allowed */
-
- /* HOST should refer to us */
-#if 0
- match = "HOST:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- .....
- }
-#endif
- match = "SID:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- match = "uuid:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) != 0) {
- ret = HTTP_BAD_REQUEST;
- goto send_msg;
- }
- h += match_len;
- while (*h == ' ' || *h == '\t')
- h++;
- if (uuid_str2bin(h, uuid)) {
- ret = HTTP_BAD_REQUEST;
- goto send_msg;
- }
- got_uuid = 1;
- continue;
- }
-
- match = "NT:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- ret = HTTP_BAD_REQUEST;
- goto send_msg;
- }
-
- match = "CALLBACK:";
- match_len = os_strlen(match);
- if (os_strncasecmp(h, match, match_len) == 0) {
- ret = HTTP_BAD_REQUEST;
- goto send_msg;
- }
- }
-
- if (got_uuid) {
- char str[80];
-
- uuid_bin2str(uuid, str, sizeof(str));
-
- s = subscription_find(sm, uuid);
- if (s) {
- struct subscr_addr *sa;
- sa = dl_list_first(&s->addr_list, struct subscr_addr,
- list);
- wpa_printf(MSG_DEBUG,
- "WPS UPnP: Unsubscribing %p (SID %s) %s",
- s, str, (sa && sa->domain_and_port) ?
- sa->domain_and_port : "-null-");
- dl_list_del(&s->list);
- subscription_destroy(s);
- } else {
- wpa_printf(MSG_INFO,
- "WPS UPnP: Could not find matching subscription to unsubscribe (SID %s)",
- str);
- ret = HTTP_PRECONDITION_FAILED;
- goto send_msg;
- }
- } else {
- wpa_printf(MSG_INFO, "WPS UPnP: Unsubscribe fails (not "
- "found)");
- ret = HTTP_PRECONDITION_FAILED;
- goto send_msg;
- }
-
- ret = HTTP_OK;
-
-send_msg:
- buf = wpabuf_alloc(200);
- if (buf == NULL) {
- http_request_deinit(req);
- return;
- }
- http_put_empty(buf, ret);
- http_request_send_and_deinit(req, buf);
-}
-
-
-/* Send error in response to unknown requests */
-static void web_connection_unimplemented(struct http_request *req)
-{
- struct wpabuf *buf;
- buf = wpabuf_alloc(200);
- if (buf == NULL) {
- http_request_deinit(req);
- return;
- }
- http_put_empty(buf, HTTP_UNIMPLEMENTED);
- http_request_send_and_deinit(req, buf);
-}
-
-
-
-/* Called when we have gotten an apparently valid http request.
- */
-static void web_connection_check_data(void *ctx, struct http_request *req)
-{
- struct upnp_wps_device_sm *sm = ctx;
- enum httpread_hdr_type htype = http_request_get_type(req);
- char *filename = http_request_get_uri(req);
- struct sockaddr_in *cli = http_request_get_cli_addr(req);
-
- if (!filename) {
- wpa_printf(MSG_INFO, "WPS UPnP: Could not get HTTP URI");
- http_request_deinit(req);
- return;
- }
- /* Trim leading slashes from filename */
- while (*filename == '/')
- filename++;
-
- wpa_printf(MSG_DEBUG, "WPS UPnP: Got HTTP request type %d from %s:%d",
- htype, inet_ntoa(cli->sin_addr), htons(cli->sin_port));
-
- switch (htype) {
- case HTTPREAD_HDR_TYPE_GET:
- web_connection_parse_get(sm, req, filename);
- break;
- case HTTPREAD_HDR_TYPE_POST:
- web_connection_parse_post(sm, cli, req, filename);
- break;
- case HTTPREAD_HDR_TYPE_SUBSCRIBE:
- web_connection_parse_subscribe(sm, req, filename);
- break;
- case HTTPREAD_HDR_TYPE_UNSUBSCRIBE:
- web_connection_parse_unsubscribe(sm, req, filename);
- break;
-
- /* We are not required to support M-POST; just plain
- * POST is supposed to work, so we only support that.
- * If for some reason we need to support M-POST, it is
- * mostly the same as POST, with small differences.
- */
- default:
- /* Send 501 for anything else */
- web_connection_unimplemented(req);
- break;
- }
-}
-
-
-/*
- * Listening for web connections
- * We have a single TCP listening port, and hand off connections as we get
- * them.
- */
-
-void web_listener_stop(struct upnp_wps_device_sm *sm)
-{
- http_server_deinit(sm->web_srv);
- sm->web_srv = NULL;
-}
-
-
-int web_listener_start(struct upnp_wps_device_sm *sm)
-{
- struct in_addr addr;
- addr.s_addr = sm->ip_addr;
- sm->web_srv = http_server_init(&addr, -1, web_connection_check_data,
- sm);
- if (sm->web_srv == NULL) {
- web_listener_stop(sm);
- return -1;
- }
- sm->web_port = http_server_get_port(sm->web_srv);
-
- return 0;
-}