| /* |
| * UPnP WPS Device - Web connections |
| * Copyright (c) 2000-2003 Intel Corporation |
| * Copyright (c) 2006-2007 Sony Corporation |
| * Copyright (c) 2008-2009 Atheros Communications |
| * Copyright (c) 2009, Jouni Malinen <j@w1.fi> |
| * |
| * See wps_upnp.c for more details on licensing and code history. |
| */ |
| |
| #include "includes.h" |
| |
| #include "common.h" |
| #include "base64.h" |
| #include "uuid.h" |
| #include "httpread.h" |
| #include "http_server.h" |
| #include "wps_i.h" |
| #include "wps_upnp.h" |
| #include "wps_upnp_i.h" |
| #include "upnp_xml.h" |
| |
| /*************************************************************************** |
| * Web connections (we serve pages of info about ourselves, handle |
| * requests, etc. etc.). |
| **************************************************************************/ |
| |
| #define WEB_CONNECTION_TIMEOUT_SEC 30 /* Drop web connection after t.o. */ |
| #define WEB_CONNECTION_MAX_READ 8000 /* Max we'll read for TCP request */ |
| #define MAX_WEB_CONNECTIONS 10 /* max simultaneous web connects */ |
| |
| |
| static const char *urn_wfawlanconfig = |
| "urn:schemas-wifialliance-org:service:WFAWLANConfig:1"; |
| static const char *http_server_hdr = |
| "Server: unspecified, UPnP/1.0, unspecified\r\n"; |
| static const char *http_connection_close = |
| "Connection: close\r\n"; |
| |
| /* |
| * "Files" that we serve via HTTP. The format of these files is given by |
| * WFA WPS specifications. Extra white space has been removed to save space. |
| */ |
| |
| static const char wps_scpd_xml[] = |
| "<?xml version=\"1.0\"?>\n" |
| "<scpd xmlns=\"urn:schemas-upnp-org:service-1-0\">\n" |
| "<specVersion><major>1</major><minor>0</minor></specVersion>\n" |
| "<actionList>\n" |
| "<action>\n" |
| "<name>GetDeviceInfo</name>\n" |
| "<argumentList>\n" |
| "<argument>\n" |
| "<name>NewDeviceInfo</name>\n" |
| "<direction>out</direction>\n" |
| "<relatedStateVariable>DeviceInfo</relatedStateVariable>\n" |
| "</argument>\n" |
| "</argumentList>\n" |
| "</action>\n" |
| "<action>\n" |
| "<name>PutMessage</name>\n" |
| "<argumentList>\n" |
| "<argument>\n" |
| "<name>NewInMessage</name>\n" |
| "<direction>in</direction>\n" |
| "<relatedStateVariable>InMessage</relatedStateVariable>\n" |
| "</argument>\n" |
| "<argument>\n" |
| "<name>NewOutMessage</name>\n" |
| "<direction>out</direction>\n" |
| "<relatedStateVariable>OutMessage</relatedStateVariable>\n" |
| "</argument>\n" |
| "</argumentList>\n" |
| "</action>\n" |
| "<action>\n" |
| "<name>PutWLANResponse</name>\n" |
| "<argumentList>\n" |
| "<argument>\n" |
| "<name>NewMessage</name>\n" |
| "<direction>in</direction>\n" |
| "<relatedStateVariable>Message</relatedStateVariable>\n" |
| "</argument>\n" |
| "<argument>\n" |
| "<name>NewWLANEventType</name>\n" |
| "<direction>in</direction>\n" |
| "<relatedStateVariable>WLANEventType</relatedStateVariable>\n" |
| "</argument>\n" |
| "<argument>\n" |
| "<name>NewWLANEventMAC</name>\n" |
| "<direction>in</direction>\n" |
| "<relatedStateVariable>WLANEventMAC</relatedStateVariable>\n" |
| "</argument>\n" |
| "</argumentList>\n" |
| "</action>\n" |
| "<action>\n" |
| "<name>SetSelectedRegistrar</name>\n" |
| "<argumentList>\n" |
| "<argument>\n" |
| "<name>NewMessage</name>\n" |
| "<direction>in</direction>\n" |
| "<relatedStateVariable>Message</relatedStateVariable>\n" |
| "</argument>\n" |
| "</argumentList>\n" |
| "</action>\n" |
| "</actionList>\n" |
| "<serviceStateTable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>Message</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>InMessage</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>OutMessage</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>DeviceInfo</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"yes\">\n" |
| "<name>APStatus</name>\n" |
| "<dataType>ui1</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"yes\">\n" |
| "<name>STAStatus</name>\n" |
| "<dataType>ui1</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"yes\">\n" |
| "<name>WLANEvent</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>WLANEventType</name>\n" |
| "<dataType>ui1</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>WLANEventMAC</name>\n" |
| "<dataType>string</dataType>\n" |
| "</stateVariable>\n" |
| "<stateVariable sendEvents=\"no\">\n" |
| "<name>WLANResponse</name>\n" |
| "<dataType>bin.base64</dataType>\n" |
| "</stateVariable>\n" |
| "</serviceStateTable>\n" |
| "</scpd>\n" |
| ; |
| |
| |
| static const char *wps_device_xml_prefix = |
| "<?xml version=\"1.0\"?>\n" |
| "<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n" |
| "<specVersion>\n" |
| "<major>1</major>\n" |
| "<minor>0</minor>\n" |
| "</specVersion>\n" |
| "<device>\n" |
| "<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1" |
| "</deviceType>\n"; |
| |
| static const char *wps_device_xml_postfix = |
| "<serviceList>\n" |
| "<service>\n" |
| "<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1" |
| "</serviceType>\n" |
| "<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>" |
| "\n" |
| "<SCPDURL>" UPNP_WPS_SCPD_XML_FILE "</SCPDURL>\n" |
| "<controlURL>" UPNP_WPS_DEVICE_CONTROL_FILE "</controlURL>\n" |
| "<eventSubURL>" UPNP_WPS_DEVICE_EVENT_FILE "</eventSubURL>\n" |
| "</service>\n" |
| "</serviceList>\n" |
| "</device>\n" |
| "</root>\n"; |
| |
| |
| /* format_wps_device_xml -- produce content of "file" wps_device.xml |
| * (UPNP_WPS_DEVICE_XML_FILE) |
| */ |
| static void format_wps_device_xml(struct upnp_wps_device_sm *sm, |
| struct wpabuf *buf) |
| { |
| const char *s; |
| char uuid_string[80]; |
| struct upnp_wps_device_interface *iface; |
| |
| iface = dl_list_first(&sm->interfaces, |
| struct upnp_wps_device_interface, list); |
| |
| wpabuf_put_str(buf, wps_device_xml_prefix); |
| |
| /* |
| * Add required fields with default values if not configured. Add |
| * optional and recommended fields only if configured. |
| */ |
| s = iface->wps->friendly_name; |
| s = ((s && *s) ? s : "WPS Access Point"); |
| xml_add_tagged_data(buf, "friendlyName", s); |
| |
| s = iface->wps->dev.manufacturer; |
| s = ((s && *s) ? s : ""); |
| xml_add_tagged_data(buf, "manufacturer", s); |
| |
| if (iface->wps->manufacturer_url) |
| xml_add_tagged_data(buf, "manufacturerURL", |
| iface->wps->manufacturer_url); |
| |
| if (iface->wps->model_description) |
| xml_add_tagged_data(buf, "modelDescription", |
| iface->wps->model_description); |
| |
| s = iface->wps->dev.model_name; |
| s = ((s && *s) ? s : ""); |
| xml_add_tagged_data(buf, "modelName", s); |
| |
| if (iface->wps->dev.model_number) |
| xml_add_tagged_data(buf, "modelNumber", |
| iface->wps->dev.model_number); |
| |
| if (iface->wps->model_url) |
| xml_add_tagged_data(buf, "modelURL", iface->wps->model_url); |
| |
| if (iface->wps->dev.serial_number) |
| xml_add_tagged_data(buf, "serialNumber", |
| iface->wps->dev.serial_number); |
| |
| uuid_bin2str(iface->wps->uuid, uuid_string, sizeof(uuid_string)); |
| s = uuid_string; |
| /* Need "uuid:" prefix, thus we can't use xml_add_tagged_data() |
| * easily... |
| */ |
| wpabuf_put_str(buf, "<UDN>uuid:"); |
| xml_data_encode(buf, s, os_strlen(s)); |
| wpabuf_put_str(buf, "</UDN>\n"); |
| |
| if (iface->wps->upc) |
| xml_add_tagged_data(buf, "UPC", iface->wps->upc); |
| |
| wpabuf_put_str(buf, wps_device_xml_postfix); |
| } |
| |
| |
| static void http_put_reply_code(struct wpabuf *buf, enum http_reply_code code) |
| { |
| wpabuf_put_str(buf, "HTTP/1.1 "); |
| switch (code) { |
| case HTTP_OK: |
| wpabuf_put_str(buf, "200 OK\r\n"); |
| break; |
| case HTTP_BAD_REQUEST: |
| wpabuf_put_str(buf, "400 Bad request\r\n"); |
| break; |
| case HTTP_PRECONDITION_FAILED: |
| wpabuf_put_str(buf, "412 Precondition failed\r\n"); |
| break; |
| case HTTP_UNIMPLEMENTED: |
| wpabuf_put_str(buf, "501 Unimplemented\r\n"); |
| break; |
| case HTTP_INTERNAL_SERVER_ERROR: |
| default: |
| wpabuf_put_str(buf, "500 Internal server error\r\n"); |
| break; |
| } |
| } |
| |
| |
| static void http_put_date(struct wpabuf *buf) |
| { |
| wpabuf_put_str(buf, "Date: "); |
| format_date(buf); |
| wpabuf_put_str(buf, "\r\n"); |
| } |
| |
| |
| static void http_put_empty(struct wpabuf *buf, enum http_reply_code code) |
| { |
| http_put_reply_code(buf, code); |
| wpabuf_put_str(buf, http_server_hdr); |
| wpabuf_put_str(buf, http_connection_close); |
| wpabuf_put_str(buf, "Content-Length: 0\r\n" |
| "\r\n"); |
| } |
| |
| |
| /* Given that we have received a header w/ GET, act upon it |
| * |
| * Format of GET (case-insensitive): |
| * |
| * First line must be: |
| * GET /<file> HTTP/1.1 |
| * Since we don't do anything fancy we just ignore other lines. |
| * |
| * Our response (if no error) which includes only required lines is: |
| * HTTP/1.1 200 OK |
| * Connection: close |
| * Content-Type: text/xml |
| * Date: <rfc1123-date> |
| * |
| * Header lines must end with \r\n |
| * Per RFC 2616, content-length: is not required but connection:close |
| * would appear to be required (given that we will be closing it!). |
| */ |
| static void web_connection_parse_get(struct upnp_wps_device_sm *sm, |
| struct http_request *hreq, char *filename) |
| { |
| struct wpabuf *buf; /* output buffer, allocated */ |
| char *put_length_here; |
| char *body_start; |
| enum { |
| GET_DEVICE_XML_FILE, |
| GET_SCPD_XML_FILE |
| } req; |
| size_t extra_len = 0; |
| int body_length; |
| char len_buf[10]; |
| struct upnp_wps_device_interface *iface; |
| |
| iface = dl_list_first(&sm->interfaces, |
| struct upnp_wps_device_interface, list); |
| |
| /* |
| * It is not required that filenames be case insensitive but it is |
| * allowed and cannot hurt here. |
| */ |
| if (os_strcasecmp(filename, UPNP_WPS_DEVICE_XML_FILE) == 0) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for device XML"); |
| req = GET_DEVICE_XML_FILE; |
| extra_len = 3000; |
| if (iface->wps->friendly_name) |
| extra_len += os_strlen(iface->wps->friendly_name); |
| if (iface->wps->manufacturer_url) |
| extra_len += os_strlen(iface->wps->manufacturer_url); |
| if (iface->wps->model_description) |
| extra_len += os_strlen(iface->wps->model_description); |
| if (iface->wps->model_url) |
| extra_len += os_strlen(iface->wps->model_url); |
| if (iface->wps->upc) |
| extra_len += os_strlen(iface->wps->upc); |
| } else if (!os_strcasecmp(filename, UPNP_WPS_SCPD_XML_FILE)) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for SCPD XML"); |
| req = GET_SCPD_XML_FILE; |
| extra_len = os_strlen(wps_scpd_xml); |
| } else { |
| /* File not found */ |
| wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET file not found: %s", |
| filename); |
| buf = wpabuf_alloc(200); |
| if (buf == NULL) { |
| http_request_deinit(hreq); |
| return; |
| } |
| wpabuf_put_str(buf, |
| "HTTP/1.1 404 Not Found\r\n" |
| "Connection: close\r\n"); |
| |
| http_put_date(buf); |
| |
| /* terminating empty line */ |
| wpabuf_put_str(buf, "\r\n"); |
| |
| goto send_buf; |
| } |
| |
| buf = wpabuf_alloc(1000 + extra_len); |
| if (buf == NULL) { |
| http_request_deinit(hreq); |
| return; |
| } |
| |
| wpabuf_put_str(buf, |
| "HTTP/1.1 200 OK\r\n" |
| "Content-Type: text/xml; charset=\"utf-8\"\r\n"); |
| wpabuf_put_str(buf, "Server: Unspecified, UPnP/1.0, Unspecified\r\n"); |
| wpabuf_put_str(buf, "Connection: close\r\n"); |
| wpabuf_put_str(buf, "Content-Length: "); |
| /* |
| * We will paste the length in later, leaving some extra whitespace. |
| * HTTP code is supposed to be tolerant of extra whitespace. |
| */ |
| put_length_here = wpabuf_put(buf, 0); |
| wpabuf_put_str(buf, " \r\n"); |
| |
| http_put_date(buf); |
| |
| /* terminating empty line */ |
| wpabuf_put_str(buf, "\r\n"); |
| |
| body_start = wpabuf_put(buf, 0); |
| |
| switch (req) { |
| case GET_DEVICE_XML_FILE: |
| format_wps_device_xml(sm, buf); |
| break; |
| case GET_SCPD_XML_FILE: |
| wpabuf_put_str(buf, wps_scpd_xml); |
| break; |
| } |
| |
| /* Now patch in the content length at the end */ |
| body_length = (char *) wpabuf_put(buf, 0) - body_start; |
| os_snprintf(len_buf, 10, "%d", body_length); |
| os_memcpy(put_length_here, len_buf, os_strlen(len_buf)); |
| |
| send_buf: |
| http_request_send_and_deinit(hreq, buf); |
| } |
| |
| |
| static enum http_reply_code |
| web_process_get_device_info(struct upnp_wps_device_sm *sm, |
| struct wpabuf **reply, const char **replyname) |
| { |
| static const char *name = "NewDeviceInfo"; |
| struct wps_config cfg; |
| struct upnp_wps_device_interface *iface; |
| struct upnp_wps_peer *peer; |
| |
| iface = dl_list_first(&sm->interfaces, |
| struct upnp_wps_device_interface, list); |
| peer = &iface->peer; |
| |
| wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo"); |
| |
| if (iface->ctx->ap_pin == NULL) |
| return HTTP_INTERNAL_SERVER_ERROR; |
| |
| /* |
| * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS |
| * registration over UPnP with the AP acting as an Enrollee. It should |
| * be noted that this is frequently used just to get the device data, |
| * i.e., there may not be any intent to actually complete the |
| * registration. |
| */ |
| |
| if (peer->wps) |
| wps_deinit(peer->wps); |
| |
| os_memset(&cfg, 0, sizeof(cfg)); |
| cfg.wps = iface->wps; |
| cfg.pin = (u8 *) iface->ctx->ap_pin; |
| cfg.pin_len = os_strlen(iface->ctx->ap_pin); |
| peer->wps = wps_init(&cfg); |
| if (peer->wps) { |
| enum wsc_op_code op_code; |
| *reply = wps_get_msg(peer->wps, &op_code); |
| if (*reply == NULL) { |
| wps_deinit(peer->wps); |
| peer->wps = NULL; |
| } |
| } else |
| *reply = NULL; |
| if (*reply == NULL) { |
| wpa_printf(MSG_INFO, "WPS UPnP: Failed to get DeviceInfo"); |
| return HTTP_INTERNAL_SERVER_ERROR; |
| } |
| *replyname = name; |
| return HTTP_OK; |
| } |
| |
| |
| static enum http_reply_code |
| web_process_put_message(struct upnp_wps_device_sm *sm, char *data, |
| struct wpabuf **reply, const char **replyname) |
| { |
| struct wpabuf *msg; |
| static const char *name = "NewOutMessage"; |
| enum http_reply_code ret; |
| enum wps_process_res res; |
| enum wsc_op_code op_code; |
| struct upnp_wps_device_interface *iface; |
| |
| iface = dl_list_first(&sm->interfaces, |
| struct upnp_wps_device_interface, list); |
| |
| /* |
| * PutMessage is used by external UPnP-based Registrar to perform WPS |
| * operation with the access point itself; as compared with |
| * PutWLANResponse which is for proxying. |
| */ |
| wpa_printf(MSG_DEBUG, "WPS UPnP: PutMessage"); |
| msg = xml_get_base64_item(data, "NewInMessage", &ret); |
| if (msg == NULL) |
| return ret; |
| res = wps_process_msg(iface->peer.wps, WSC_UPnP, msg); |
| if (res == WPS_FAILURE) |
| *reply = NULL; |
| else |
| *reply = wps_get_msg(iface->peer.wps, &op_code); |
| wpabuf_free(msg); |
| if (*reply == NULL) |
| return HTTP_INTERNAL_SERVER_ERROR; |
| *replyname = name; |
| return HTTP_OK; |
| } |
| |
| |
| static enum http_reply_code |
| web_process_put_wlan_response(struct upnp_wps_device_sm *sm, char *data, |
| struct wpabuf **reply, const char **replyname) |
| { |
| struct wpabuf *msg; |
| enum http_reply_code ret; |
| u8 macaddr[ETH_ALEN]; |
| int ev_type; |
| int type; |
| char *val; |
| struct upnp_wps_device_interface *iface; |
| int ok = 0; |
| |
| /* |
| * External UPnP-based Registrar is passing us a message to be proxied |
| * over to a Wi-Fi -based client of ours. |
| */ |
| |
| wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse"); |
| msg = xml_get_base64_item(data, "NewMessage", &ret); |
| if (msg == NULL) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Could not extract NewMessage " |
| "from PutWLANResponse"); |
| return ret; |
| } |
| val = xml_get_first_item(data, "NewWLANEventType"); |
| if (val == NULL) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventType in " |
| "PutWLANResponse"); |
| wpabuf_free(msg); |
| return UPNP_ARG_VALUE_INVALID; |
| } |
| ev_type = atol(val); |
| os_free(val); |
| val = xml_get_first_item(data, "NewWLANEventMAC"); |
| if (val == NULL) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventMAC in " |
| "PutWLANResponse"); |
| wpabuf_free(msg); |
| return UPNP_ARG_VALUE_INVALID; |
| } |
| if (hwaddr_aton(val, macaddr)) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid NewWLANEventMAC in " |
| "PutWLANResponse: '%s'", val); |
| #ifdef CONFIG_WPS_STRICT |
| { |
| struct wps_parse_attr attr; |
| if (wps_parse_msg(msg, &attr) < 0 || attr.version2) { |
| wpabuf_free(msg); |
| os_free(val); |
| return UPNP_ARG_VALUE_INVALID; |
| } |
| } |
| #endif /* CONFIG_WPS_STRICT */ |
| if (hwaddr_aton2(val, macaddr) > 0) { |
| /* |
| * At least some versions of Intel PROset seem to be |
| * using dot-deliminated MAC address format here. |
| */ |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Workaround - allow " |
| "incorrect MAC address format in " |
| "NewWLANEventMAC: %s -> " MACSTR, |
| val, MAC2STR(macaddr)); |
| } else { |
| wpabuf_free(msg); |
| os_free(val); |
| return UPNP_ARG_VALUE_INVALID; |
| } |
| } |
| os_free(val); |
| if (ev_type == UPNP_WPS_WLANEVENT_TYPE_EAP) { |
| struct wps_parse_attr attr; |
| if (wps_parse_msg(msg, &attr) < 0 || |
| attr.msg_type == NULL) |
| type = -1; |
| else |
| type = *attr.msg_type; |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Message Type %d", type); |
| } else |
| type = -1; |
| dl_list_for_each(iface, &sm->interfaces, |
| struct upnp_wps_device_interface, list) { |
| if (iface->ctx->rx_req_put_wlan_response && |
| iface->ctx->rx_req_put_wlan_response(iface->priv, ev_type, |
| macaddr, msg, type) |
| == 0) |
| ok = 1; |
| } |
| |
| if (!ok) { |
| wpa_printf(MSG_INFO, "WPS UPnP: Fail: sm->ctx->" |
| "rx_req_put_wlan_response"); |
| wpabuf_free(msg); |
| return HTTP_INTERNAL_SERVER_ERROR; |
| } |
| wpabuf_free(msg); |
| *replyname = NULL; |
| *reply = NULL; |
| return HTTP_OK; |
| } |
| |
| |
| static int find_er_addr(struct subscription *s, struct sockaddr_in *cli) |
| { |
| struct subscr_addr *a; |
| |
| dl_list_for_each(a, &s->addr_list, struct subscr_addr, list) { |
| if (cli->sin_addr.s_addr == a->saddr.sin_addr.s_addr) |
| return 1; |
| } |
| return 0; |
| } |
| |
| |
| static struct subscription * find_er(struct upnp_wps_device_sm *sm, |
| struct sockaddr_in *cli) |
| { |
| struct subscription *s; |
| dl_list_for_each(s, &sm->subscriptions, struct subscription, list) |
| if (find_er_addr(s, cli)) |
| return s; |
| return NULL; |
| } |
| |
| |
| static enum http_reply_code |
| web_process_set_selected_registrar(struct upnp_wps_device_sm *sm, |
| struct sockaddr_in *cli, char *data, |
| struct wpabuf **reply, |
| const char **replyname) |
| { |
| struct wpabuf *msg; |
| enum http_reply_code ret; |
| struct subscription *s; |
| struct upnp_wps_device_interface *iface; |
| int err = 0; |
| |
| wpa_printf(MSG_DEBUG, "WPS UPnP: SetSelectedRegistrar"); |
| s = find_er(sm, cli); |
| if (s == NULL) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Ignore SetSelectedRegistrar " |
| "from unknown ER"); |
| return UPNP_ACTION_FAILED; |
| } |
| msg = xml_get_base64_item(data, "NewMessage", &ret); |
| if (msg == NULL) |
| return ret; |
| dl_list_for_each(iface, &sm->interfaces, |
| struct upnp_wps_device_interface, list) { |
| if (upnp_er_set_selected_registrar(iface->wps->registrar, s, |
| msg)) |
| err = 1; |
| } |
| wpabuf_free(msg); |
| if (err) |
| return HTTP_INTERNAL_SERVER_ERROR; |
| *replyname = NULL; |
| *reply = NULL; |
| return HTTP_OK; |
| } |
| |
| |
| static const char *soap_prefix = |
| "<?xml version=\"1.0\"?>\n" |
| "<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" " |
| "s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n" |
| "<s:Body>\n"; |
| static const char *soap_postfix = |
| "</s:Body>\n</s:Envelope>\n"; |
| |
| static const char *soap_error_prefix = |
| "<s:Fault>\n" |
| "<faultcode>s:Client</faultcode>\n" |
| "<faultstring>UPnPError</faultstring>\n" |
| "<detail>\n" |
| "<UPnPError xmlns=\"urn:schemas-upnp-org:control-1-0\">\n"; |
| static const char *soap_error_postfix = |
| "<errorDescription>Error</errorDescription>\n" |
| "</UPnPError>\n" |
| "</detail>\n" |
| "</s:Fault>\n"; |
| |
| static void web_connection_send_reply(struct http_request *req, |
| enum http_reply_code ret, |
| const char *action, int action_len, |
| const struct wpabuf *reply, |
| const char *replyname) |
| { |
| struct wpabuf *buf; |
| char *replydata; |
| char *put_length_here = NULL; |
| char *body_start = NULL; |
| |
| if (reply) { |
| size_t len; |
| replydata = (char *) base64_encode(wpabuf_head(reply), |
| wpabuf_len(reply), &len); |
| } else |
| replydata = NULL; |
| |
| /* Parameters of the response: |
| * action(action_len) -- action we are responding to |
| * replyname -- a name we need for the reply |
| * replydata -- NULL or null-terminated string |
| */ |
| buf = wpabuf_alloc(1000 + (replydata ? os_strlen(replydata) : 0U) + |
| (action_len > 0 ? action_len * 2 : 0)); |
| if (buf == NULL) { |
| wpa_printf(MSG_INFO, "WPS UPnP: Cannot allocate reply to " |
| "POST"); |
| os_free(replydata); |
| http_request_deinit(req); |
| return; |
| } |
| |
| /* |
| * Assuming we will be successful, put in the output header first. |
| * Note: we do not keep connections alive (and httpread does |
| * not support it)... therefore we must have Connection: close. |
| */ |
| if (ret == HTTP_OK) { |
| wpabuf_put_str(buf, |
| "HTTP/1.1 200 OK\r\n" |
| "Content-Type: text/xml; " |
| "charset=\"utf-8\"\r\n"); |
| } else { |
| wpabuf_printf(buf, "HTTP/1.1 %d Error\r\n", ret); |
| } |
| wpabuf_put_str(buf, http_connection_close); |
| |
| wpabuf_put_str(buf, "Content-Length: "); |
| /* |
| * We will paste the length in later, leaving some extra whitespace. |
| * HTTP code is supposed to be tolerant of extra whitespace. |
| */ |
| put_length_here = wpabuf_put(buf, 0); |
| wpabuf_put_str(buf, " \r\n"); |
| |
| http_put_date(buf); |
| |
| /* terminating empty line */ |
| wpabuf_put_str(buf, "\r\n"); |
| |
| body_start = wpabuf_put(buf, 0); |
| |
| if (ret == HTTP_OK) { |
| wpabuf_put_str(buf, soap_prefix); |
| wpabuf_put_str(buf, "<u:"); |
| wpabuf_put_data(buf, action, action_len); |
| wpabuf_put_str(buf, "Response xmlns:u=\""); |
| wpabuf_put_str(buf, urn_wfawlanconfig); |
| wpabuf_put_str(buf, "\">\n"); |
| if (replydata && replyname) { |
| /* TODO: might possibly need to escape part of reply |
| * data? ... |
| * probably not, unlikely to have ampersand(&) or left |
| * angle bracket (<) in it... |
| */ |
| wpabuf_printf(buf, "<%s>", replyname); |
| wpabuf_put_str(buf, replydata); |
| wpabuf_printf(buf, "</%s>\n", replyname); |
| } |
| wpabuf_put_str(buf, "</u:"); |
| wpabuf_put_data(buf, action, action_len); |
| wpabuf_put_str(buf, "Response>\n"); |
| wpabuf_put_str(buf, soap_postfix); |
| } else { |
| /* Error case */ |
| wpabuf_put_str(buf, soap_prefix); |
| wpabuf_put_str(buf, soap_error_prefix); |
| wpabuf_printf(buf, "<errorCode>%d</errorCode>\n", ret); |
| wpabuf_put_str(buf, soap_error_postfix); |
| wpabuf_put_str(buf, soap_postfix); |
| } |
| os_free(replydata); |
| |
| /* Now patch in the content length at the end */ |
| if (body_start && put_length_here) { |
| int body_length = (char *) wpabuf_put(buf, 0) - body_start; |
| char len_buf[10]; |
| os_snprintf(len_buf, sizeof(len_buf), "%d", body_length); |
| os_memcpy(put_length_here, len_buf, os_strlen(len_buf)); |
| } |
| |
| http_request_send_and_deinit(req, buf); |
| } |
| |
| |
| static const char * web_get_action(struct http_request *req, |
| size_t *action_len) |
| { |
| const char *match; |
| int match_len; |
| char *b; |
| char *action; |
| |
| *action_len = 0; |
| /* The SOAPAction line of the header tells us what we want to do */ |
| b = http_request_get_hdr_line(req, "SOAPAction:"); |
| if (b == NULL) |
| return NULL; |
| if (*b == '"') |
| b++; |
| else |
| return NULL; |
| match = urn_wfawlanconfig; |
| match_len = os_strlen(urn_wfawlanconfig) - 1; |
| if (os_strncasecmp(b, match, match_len)) |
| return NULL; |
| b += match_len; |
| /* skip over version */ |
| while (isgraph(*b) && *b != '#') |
| b++; |
| if (*b != '#') |
| return NULL; |
| b++; |
| /* Following the sharp(#) should be the action and a double quote */ |
| action = b; |
| while (isgraph(*b) && *b != '"') |
| b++; |
| if (*b != '"') |
| return NULL; |
| *action_len = b - action; |
| return action; |
| } |
| |
| |
| /* Given that we have received a header w/ POST, act upon it |
| * |
| * Format of POST (case-insensitive): |
| * |
| * First line must be: |
| * POST /<file> HTTP/1.1 |
| * Since we don't do anything fancy we just ignore other lines. |
| * |
| * Our response (if no error) which includes only required lines is: |
| * HTTP/1.1 200 OK |
| * Connection: close |
| * Content-Type: text/xml |
| * Date: <rfc1123-date> |
| * |
| * Header lines must end with \r\n |
| * Per RFC 2616, content-length: is not required but connection:close |
| * would appear to be required (given that we will be closing it!). |
| */ |
| static void web_connection_parse_post(struct upnp_wps_device_sm *sm, |
| struct sockaddr_in *cli, |
| struct http_request *req, |
| const char *filename) |
| { |
| enum http_reply_code ret; |
| char *data = http_request_get_data(req); /* body of http msg */ |
| const char *action = NULL; |
| size_t action_len = 0; |
| const char *replyname = NULL; /* argument name for the reply */ |
| struct wpabuf *reply = NULL; /* data for the reply */ |
| |
| if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) { |
| wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s", |
| filename); |
| ret = HTTP_NOT_FOUND; |
| goto bad; |
| } |
| |
| ret = UPNP_INVALID_ACTION; |
| action = web_get_action(req, &action_len); |
| if (action == NULL) |
| goto bad; |
| |
| if (!os_strncasecmp("GetDeviceInfo", action, action_len)) |
| ret = web_process_get_device_info(sm, &reply, &replyname); |
| else if (!os_strncasecmp("PutMessage", action, action_len)) |
| ret = web_process_put_message(sm, data, &reply, &replyname); |
| else if (!os_strncasecmp("PutWLANResponse", action, action_len)) |
| ret = web_process_put_wlan_response(sm, data, &reply, |
| &replyname); |
| else if (!os_strncasecmp("SetSelectedRegistrar", action, action_len)) |
| ret = web_process_set_selected_registrar(sm, cli, data, &reply, |
| &replyname); |
| else |
| wpa_printf(MSG_INFO, "WPS UPnP: Unknown POST type"); |
| |
| bad: |
| if (ret != HTTP_OK) |
| wpa_printf(MSG_INFO, "WPS UPnP: POST failure ret=%d", ret); |
| web_connection_send_reply(req, ret, action, action_len, reply, |
| replyname); |
| wpabuf_free(reply); |
| } |
| |
| |
| /* Given that we have received a header w/ SUBSCRIBE, act upon it |
| * |
| * Format of SUBSCRIBE (case-insensitive): |
| * |
| * First line must be: |
| * SUBSCRIBE /wps_event HTTP/1.1 |
| * |
| * Our response (if no error) which includes only required lines is: |
| * HTTP/1.1 200 OK |
| * Server: xx, UPnP/1.0, xx |
| * SID: uuid:xxxxxxxxx |
| * Timeout: Second-<n> |
| * Content-Length: 0 |
| * Date: xxxx |
| * |
| * Header lines must end with \r\n |
| * Per RFC 2616, content-length: is not required but connection:close |
| * would appear to be required (given that we will be closing it!). |
| */ |
| static void web_connection_parse_subscribe(struct upnp_wps_device_sm *sm, |
| struct http_request *req, |
| const char *filename) |
| { |
| struct wpabuf *buf; |
| char *b; |
| char *hdr = http_request_get_hdr(req); |
| char *h; |
| char *match; |
| int match_len; |
| char *end; |
| int len; |
| int got_nt = 0; |
| u8 uuid[UUID_LEN]; |
| int got_uuid = 0; |
| char *callback_urls = NULL; |
| struct subscription *s = NULL; |
| enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR; |
| |
| buf = wpabuf_alloc(1000); |
| if (buf == NULL) { |
| http_request_deinit(req); |
| return; |
| } |
| |
| wpa_hexdump_ascii(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE", |
| (u8 *) hdr, os_strlen(hdr)); |
| |
| /* Parse/validate headers */ |
| h = hdr; |
| /* First line: SUBSCRIBE /wps_event HTTP/1.1 |
| * has already been parsed. |
| */ |
| if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) { |
| ret = HTTP_PRECONDITION_FAILED; |
| goto error; |
| } |
| wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE for event"); |
| end = os_strchr(h, '\n'); |
| |
| for (; end != NULL; h = end + 1) { |
| /* Option line by option line */ |
| h = end + 1; |
| end = os_strchr(h, '\n'); |
| if (end == NULL) |
| break; /* no unterminated lines allowed */ |
| |
| /* NT assures that it is our type of subscription; |
| * not used for a renewal. |
| **/ |
| match = "NT:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| match = "upnp:event"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) != 0) { |
| ret = HTTP_BAD_REQUEST; |
| goto error; |
| } |
| got_nt = 1; |
| continue; |
| } |
| /* HOST should refer to us */ |
| #if 0 |
| match = "HOST:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| ..... |
| } |
| #endif |
| /* CALLBACK gives one or more URLs for NOTIFYs |
| * to be sent as a result of the subscription. |
| * Each URL is enclosed in angle brackets. |
| */ |
| match = "CALLBACK:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| len = end - h; |
| os_free(callback_urls); |
| callback_urls = dup_binstr(h, len); |
| if (callback_urls == NULL) { |
| ret = HTTP_INTERNAL_SERVER_ERROR; |
| goto error; |
| } |
| continue; |
| } |
| /* SID is only for renewal */ |
| match = "SID:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| match = "uuid:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) != 0) { |
| ret = HTTP_BAD_REQUEST; |
| goto error; |
| } |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| if (uuid_str2bin(h, uuid)) { |
| ret = HTTP_BAD_REQUEST; |
| goto error; |
| } |
| got_uuid = 1; |
| continue; |
| } |
| /* TIMEOUT is requested timeout, but apparently we can |
| * just ignore this. |
| */ |
| } |
| |
| if (got_uuid) { |
| /* renewal */ |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Subscription renewal"); |
| if (callback_urls) { |
| ret = HTTP_BAD_REQUEST; |
| goto error; |
| } |
| s = subscription_renew(sm, uuid); |
| if (s == NULL) { |
| char str[80]; |
| uuid_bin2str(uuid, str, sizeof(str)); |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Could not find " |
| "SID %s", str); |
| ret = HTTP_PRECONDITION_FAILED; |
| goto error; |
| } |
| } else if (callback_urls) { |
| wpa_printf(MSG_DEBUG, "WPS UPnP: New subscription"); |
| if (!got_nt) { |
| ret = HTTP_PRECONDITION_FAILED; |
| goto error; |
| } |
| s = subscription_start(sm, callback_urls); |
| if (s == NULL) { |
| ret = HTTP_INTERNAL_SERVER_ERROR; |
| goto error; |
| } |
| } else { |
| ret = HTTP_PRECONDITION_FAILED; |
| goto error; |
| } |
| |
| /* success */ |
| http_put_reply_code(buf, HTTP_OK); |
| wpabuf_put_str(buf, http_server_hdr); |
| wpabuf_put_str(buf, http_connection_close); |
| wpabuf_put_str(buf, "Content-Length: 0\r\n"); |
| wpabuf_put_str(buf, "SID: uuid:"); |
| /* subscription id */ |
| b = wpabuf_put(buf, 0); |
| uuid_bin2str(s->uuid, b, 80); |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Assigned SID %s", b); |
| wpabuf_put(buf, os_strlen(b)); |
| wpabuf_put_str(buf, "\r\n"); |
| wpabuf_printf(buf, "Timeout: Second-%d\r\n", UPNP_SUBSCRIBE_SEC); |
| http_put_date(buf); |
| /* And empty line to terminate header: */ |
| wpabuf_put_str(buf, "\r\n"); |
| |
| os_free(callback_urls); |
| http_request_send_and_deinit(req, buf); |
| return; |
| |
| error: |
| /* Per UPnP spec: |
| * Errors |
| * Incompatible headers |
| * 400 Bad Request. If SID header and one of NT or CALLBACK headers |
| * are present, the publisher must respond with HTTP error |
| * 400 Bad Request. |
| * Missing or invalid CALLBACK |
| * 412 Precondition Failed. If CALLBACK header is missing or does not |
| * contain a valid HTTP URL, the publisher must respond with HTTP |
| * error 412 Precondition Failed. |
| * Invalid NT |
| * 412 Precondition Failed. If NT header does not equal upnp:event, |
| * the publisher must respond with HTTP error 412 Precondition |
| * Failed. |
| * [For resubscription, use 412 if unknown uuid]. |
| * Unable to accept subscription |
| * 5xx. If a publisher is not able to accept a subscription (such as |
| * due to insufficient resources), it must respond with a |
| * HTTP 500-series error code. |
| * 599 Too many subscriptions (not a standard HTTP error) |
| */ |
| wpa_printf(MSG_DEBUG, "WPS UPnP: SUBSCRIBE failed - return %d", ret); |
| http_put_empty(buf, ret); |
| http_request_send_and_deinit(req, buf); |
| os_free(callback_urls); |
| } |
| |
| |
| /* Given that we have received a header w/ UNSUBSCRIBE, act upon it |
| * |
| * Format of UNSUBSCRIBE (case-insensitive): |
| * |
| * First line must be: |
| * UNSUBSCRIBE /wps_event HTTP/1.1 |
| * |
| * Our response (if no error) which includes only required lines is: |
| * HTTP/1.1 200 OK |
| * Content-Length: 0 |
| * |
| * Header lines must end with \r\n |
| * Per RFC 2616, content-length: is not required but connection:close |
| * would appear to be required (given that we will be closing it!). |
| */ |
| static void web_connection_parse_unsubscribe(struct upnp_wps_device_sm *sm, |
| struct http_request *req, |
| const char *filename) |
| { |
| struct wpabuf *buf; |
| char *hdr = http_request_get_hdr(req); |
| char *h; |
| char *match; |
| int match_len; |
| char *end; |
| u8 uuid[UUID_LEN]; |
| int got_uuid = 0; |
| struct subscription *s = NULL; |
| enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR; |
| |
| /* Parse/validate headers */ |
| h = hdr; |
| /* First line: UNSUBSCRIBE /wps_event HTTP/1.1 |
| * has already been parsed. |
| */ |
| if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) { |
| ret = HTTP_PRECONDITION_FAILED; |
| goto send_msg; |
| } |
| wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP UNSUBSCRIBE for event"); |
| end = os_strchr(h, '\n'); |
| |
| for (; end != NULL; h = end + 1) { |
| /* Option line by option line */ |
| h = end + 1; |
| end = os_strchr(h, '\n'); |
| if (end == NULL) |
| break; /* no unterminated lines allowed */ |
| |
| /* HOST should refer to us */ |
| #if 0 |
| match = "HOST:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| ..... |
| } |
| #endif |
| match = "SID:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| match = "uuid:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) != 0) { |
| ret = HTTP_BAD_REQUEST; |
| goto send_msg; |
| } |
| h += match_len; |
| while (*h == ' ' || *h == '\t') |
| h++; |
| if (uuid_str2bin(h, uuid)) { |
| ret = HTTP_BAD_REQUEST; |
| goto send_msg; |
| } |
| got_uuid = 1; |
| continue; |
| } |
| |
| match = "NT:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| ret = HTTP_BAD_REQUEST; |
| goto send_msg; |
| } |
| |
| match = "CALLBACK:"; |
| match_len = os_strlen(match); |
| if (os_strncasecmp(h, match, match_len) == 0) { |
| ret = HTTP_BAD_REQUEST; |
| goto send_msg; |
| } |
| } |
| |
| if (got_uuid) { |
| s = subscription_find(sm, uuid); |
| if (s) { |
| struct subscr_addr *sa; |
| sa = dl_list_first(&s->addr_list, struct subscr_addr, |
| list); |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Unsubscribing %p %s", |
| s, (sa && sa->domain_and_port) ? |
| sa->domain_and_port : "-null-"); |
| dl_list_del(&s->list); |
| subscription_destroy(s); |
| } else { |
| wpa_printf(MSG_INFO, "WPS UPnP: Could not find matching subscription to unsubscribe"); |
| ret = HTTP_PRECONDITION_FAILED; |
| goto send_msg; |
| } |
| } else { |
| wpa_printf(MSG_INFO, "WPS UPnP: Unsubscribe fails (not " |
| "found)"); |
| ret = HTTP_PRECONDITION_FAILED; |
| goto send_msg; |
| } |
| |
| ret = HTTP_OK; |
| |
| send_msg: |
| buf = wpabuf_alloc(200); |
| if (buf == NULL) { |
| http_request_deinit(req); |
| return; |
| } |
| http_put_empty(buf, ret); |
| http_request_send_and_deinit(req, buf); |
| } |
| |
| |
| /* Send error in response to unknown requests */ |
| static void web_connection_unimplemented(struct http_request *req) |
| { |
| struct wpabuf *buf; |
| buf = wpabuf_alloc(200); |
| if (buf == NULL) { |
| http_request_deinit(req); |
| return; |
| } |
| http_put_empty(buf, HTTP_UNIMPLEMENTED); |
| http_request_send_and_deinit(req, buf); |
| } |
| |
| |
| |
| /* Called when we have gotten an apparently valid http request. |
| */ |
| static void web_connection_check_data(void *ctx, struct http_request *req) |
| { |
| struct upnp_wps_device_sm *sm = ctx; |
| enum httpread_hdr_type htype = http_request_get_type(req); |
| char *filename = http_request_get_uri(req); |
| struct sockaddr_in *cli = http_request_get_cli_addr(req); |
| |
| if (!filename) { |
| wpa_printf(MSG_INFO, "WPS UPnP: Could not get HTTP URI"); |
| http_request_deinit(req); |
| return; |
| } |
| /* Trim leading slashes from filename */ |
| while (*filename == '/') |
| filename++; |
| |
| wpa_printf(MSG_DEBUG, "WPS UPnP: Got HTTP request type %d from %s:%d", |
| htype, inet_ntoa(cli->sin_addr), htons(cli->sin_port)); |
| |
| switch (htype) { |
| case HTTPREAD_HDR_TYPE_GET: |
| web_connection_parse_get(sm, req, filename); |
| break; |
| case HTTPREAD_HDR_TYPE_POST: |
| web_connection_parse_post(sm, cli, req, filename); |
| break; |
| case HTTPREAD_HDR_TYPE_SUBSCRIBE: |
| web_connection_parse_subscribe(sm, req, filename); |
| break; |
| case HTTPREAD_HDR_TYPE_UNSUBSCRIBE: |
| web_connection_parse_unsubscribe(sm, req, filename); |
| break; |
| |
| /* We are not required to support M-POST; just plain |
| * POST is supposed to work, so we only support that. |
| * If for some reason we need to support M-POST, it is |
| * mostly the same as POST, with small differences. |
| */ |
| default: |
| /* Send 501 for anything else */ |
| web_connection_unimplemented(req); |
| break; |
| } |
| } |
| |
| |
| /* |
| * Listening for web connections |
| * We have a single TCP listening port, and hand off connections as we get |
| * them. |
| */ |
| |
| void web_listener_stop(struct upnp_wps_device_sm *sm) |
| { |
| http_server_deinit(sm->web_srv); |
| sm->web_srv = NULL; |
| } |
| |
| |
| int web_listener_start(struct upnp_wps_device_sm *sm) |
| { |
| struct in_addr addr; |
| addr.s_addr = sm->ip_addr; |
| sm->web_srv = http_server_init(&addr, -1, web_connection_check_data, |
| sm); |
| if (sm->web_srv == NULL) { |
| web_listener_stop(sm); |
| return -1; |
| } |
| sm->web_port = http_server_get_port(sm->web_srv); |
| |
| return 0; |
| } |