summaryrefslogtreecommitdiffstats
path: root/libcli/http
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:20:00 +0000
commit8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch)
tree4099e8021376c7d8c05bdf8503093d80e9c7bad0 /libcli/http
parentInitial commit. (diff)
downloadsamba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz
samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libcli/http')
-rw-r--r--libcli/http/gensec/basic.c204
-rw-r--r--libcli/http/gensec/generic.c286
-rw-r--r--libcli/http/http.c882
-rw-r--r--libcli/http/http.h143
-rw-r--r--libcli/http/http_auth.c383
-rw-r--r--libcli/http/http_conn.c347
-rw-r--r--libcli/http/http_internal.h50
-rw-r--r--libcli/http/wscript_build21
8 files changed, 2316 insertions, 0 deletions
diff --git a/libcli/http/gensec/basic.c b/libcli/http/gensec/basic.c
new file mode 100644
index 0000000..c7a1bbb
--- /dev/null
+++ b/libcli/http/gensec/basic.c
@@ -0,0 +1,204 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library - Basic authentication mechanism gensec module
+
+ Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "auth/credentials/credentials.h"
+#include "lib/util/base64.h"
+
+_PUBLIC_ NTSTATUS gensec_http_basic_init(TALLOC_CTX *);
+
+struct gensec_http_basic_state {
+ enum {
+ GENSEC_HTTP_BASIC_START,
+ GENSEC_HTTP_BASIC_DONE,
+ GENSEC_HTTP_BASIC_ERROR,
+ } step;
+};
+
+static NTSTATUS gensec_http_basic_client_start(struct gensec_security *gensec)
+{
+ struct gensec_http_basic_state *state;
+
+ state = talloc_zero(gensec, struct gensec_http_basic_state);
+ if (state == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ gensec->private_data = state;
+
+ state->step = GENSEC_HTTP_BASIC_START;
+
+ return NT_STATUS_OK;
+}
+
+struct gensec_http_basic_update_state {
+ NTSTATUS status;
+ DATA_BLOB out;
+};
+
+static NTSTATUS gensec_http_basic_update_internal(struct gensec_security *gensec_ctx,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB in,
+ DATA_BLOB *out);
+
+static struct tevent_req *gensec_http_basic_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct gensec_security *gensec_security,
+ const DATA_BLOB in)
+{
+ struct tevent_req *req = NULL;
+ struct gensec_http_basic_update_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct gensec_http_basic_update_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = gensec_http_basic_update_internal(gensec_security,
+ state, in,
+ &state->out);
+ state->status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+}
+
+static NTSTATUS gensec_http_basic_update_internal(struct gensec_security *gensec_ctx,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB in,
+ DATA_BLOB *out)
+{
+ struct gensec_http_basic_state *state;
+ struct cli_credentials *creds;
+ char *tmp, *b64;
+
+ state = talloc_get_type_abort(gensec_ctx->private_data,
+ struct gensec_http_basic_state);
+ creds = gensec_get_credentials(gensec_ctx);
+
+ switch (gensec_ctx->gensec_role) {
+ case GENSEC_CLIENT:
+ switch (state->step) {
+ case GENSEC_HTTP_BASIC_START:
+ tmp = talloc_asprintf(mem_ctx, "%s\\%s:%s",
+ cli_credentials_get_domain(creds),
+ cli_credentials_get_username(creds),
+ cli_credentials_get_password(creds));
+ if (tmp == NULL) {
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_NO_MEMORY;
+ }
+ *out = data_blob_string_const(tmp);
+
+ b64 = base64_encode_data_blob(mem_ctx, *out);
+ if (b64 == NULL) {
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(tmp);
+
+ tmp = talloc_asprintf(mem_ctx, "Basic %s", b64);
+ if (tmp == NULL) {
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(b64);
+
+ *out = data_blob_string_const(tmp);
+ state->step = GENSEC_HTTP_BASIC_DONE;
+ return NT_STATUS_OK;
+
+ case GENSEC_HTTP_BASIC_DONE:
+ case GENSEC_HTTP_BASIC_ERROR:
+ default:
+ break;
+ }
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_INTERNAL_ERROR;
+
+ case GENSEC_SERVER:
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ state->step = GENSEC_HTTP_BASIC_ERROR;
+ return NT_STATUS_INTERNAL_ERROR;
+}
+
+static NTSTATUS gensec_http_basic_update_recv(struct tevent_req *req,
+ TALLOC_CTX *out_mem_ctx,
+ DATA_BLOB *out)
+{
+ struct gensec_http_basic_update_state *state =
+ tevent_req_data(req,
+ struct gensec_http_basic_update_state);
+ NTSTATUS status;
+
+ *out = data_blob_null;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ *out = state->out;
+ talloc_steal(out_mem_ctx, state->out.data);
+ status = state->status;
+ tevent_req_received(req);
+ return status;
+}
+
+static const struct gensec_security_ops gensec_http_basic_security_ops = {
+ .name = "http_basic",
+ .auth_type = 0,
+ .client_start = gensec_http_basic_client_start,
+ .update_send = gensec_http_basic_update_send,
+ .update_recv = gensec_http_basic_update_recv,
+ .enabled = true,
+ .priority = GENSEC_EXTERNAL,
+};
+
+_PUBLIC_ NTSTATUS gensec_http_basic_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS status;
+
+ status = gensec_register(ctx, &gensec_http_basic_security_ops);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to register '%s' gensec backend!\n",
+ gensec_http_basic_security_ops.name));
+ return status;
+ }
+
+ return status;
+}
diff --git a/libcli/http/gensec/generic.c b/libcli/http/gensec/generic.c
new file mode 100644
index 0000000..2f09b9d
--- /dev/null
+++ b/libcli/http/gensec/generic.c
@@ -0,0 +1,286 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library - NTLM authentication mechanism gensec module
+
+ Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "auth/auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "lib/util/base64.h"
+
+#undef strncasecmp
+
+_PUBLIC_ NTSTATUS gensec_http_generic_init(TALLOC_CTX *);
+
+struct gensec_http_generic_state {
+ struct gensec_security *sub;
+ DATA_BLOB prefix;
+};
+
+static NTSTATUS gensec_http_generic_client_start(struct gensec_security *gensec,
+ const char *prefix_str,
+ const char *mech_oid)
+{
+ NTSTATUS status;
+ struct gensec_http_generic_state *state;
+
+ state = talloc_zero(gensec, struct gensec_http_generic_state);
+ if (state == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ gensec->private_data = state;
+
+ state->prefix = data_blob_string_const(prefix_str);
+
+ status = gensec_subcontext_start(state, gensec, &state->sub);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return gensec_start_mech_by_oid(state->sub, mech_oid);
+}
+
+static NTSTATUS gensec_http_ntlm_client_start(struct gensec_security *gensec)
+{
+ return gensec_http_generic_client_start(gensec, "NTLM",
+ GENSEC_OID_NTLMSSP);
+}
+
+static NTSTATUS gensec_http_negotiate_client_start(struct gensec_security *gensec)
+{
+ return gensec_http_generic_client_start(gensec, "Negotiate",
+ GENSEC_OID_SPNEGO);
+}
+
+struct gensec_http_generic_update_state {
+ struct gensec_security *gensec;
+ DATA_BLOB sub_in;
+ NTSTATUS status;
+ DATA_BLOB out;
+};
+
+static void gensec_http_generic_update_done(struct tevent_req *subreq);
+
+static struct tevent_req *gensec_http_generic_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct gensec_security *gensec_ctx,
+ const DATA_BLOB in)
+{
+ struct gensec_http_generic_state *http_generic =
+ talloc_get_type_abort(gensec_ctx->private_data,
+ struct gensec_http_generic_state);
+ struct tevent_req *req = NULL;
+ struct gensec_http_generic_update_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct gensec_http_generic_update_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->gensec = gensec_ctx;
+
+ if (in.length) {
+ int cmp;
+ DATA_BLOB b64b;
+ size_t skip = 0;
+
+ if (in.length < http_generic->prefix.length) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ cmp = strncasecmp((const char *)in.data,
+ (const char *)http_generic->prefix.data,
+ http_generic->prefix.length);
+ if (cmp != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ if (in.length == http_generic->prefix.length) {
+ /*
+ * We expect more data, but the
+ * server just sent the prefix without
+ * a space prefixing base64 data.
+ *
+ * It means the server rejects
+ * the request with.
+ */
+ tevent_req_nterror(req, NT_STATUS_LOGON_FAILURE);
+ return tevent_req_post(req, ev);
+ }
+
+ if (in.data[http_generic->prefix.length] != ' ') {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+ skip = http_generic->prefix.length + 1;
+
+ b64b = data_blob_const(in.data + skip, in.length - skip);
+ if (b64b.length != 0) {
+ char *b64 = NULL;
+
+ /*
+ * ensure it's terminated with \0' before
+ * passing to base64_decode_data_blob_talloc().
+ */
+ b64 = talloc_strndup(state, (const char *)b64b.data,
+ b64b.length);
+ if (tevent_req_nomem(b64, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->sub_in = base64_decode_data_blob_talloc(state,
+ b64);
+ TALLOC_FREE(b64);
+ if (tevent_req_nomem(state->sub_in.data, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+ }
+
+ subreq = gensec_update_send(state, ev,
+ http_generic->sub,
+ state->sub_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, gensec_http_generic_update_done, req);
+
+ return req;
+}
+
+static void gensec_http_generic_update_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct gensec_http_generic_update_state *state =
+ tevent_req_data(req,
+ struct gensec_http_generic_update_state);
+ struct gensec_http_generic_state *http_generic =
+ talloc_get_type_abort(state->gensec->private_data,
+ struct gensec_http_generic_state);
+ NTSTATUS status;
+ DATA_BLOB sub_out = data_blob_null;
+ char *b64 = NULL;
+ char *str = NULL;
+ int prefix_length;
+
+ status = gensec_update_recv(subreq, state, &sub_out);
+ TALLOC_FREE(subreq);
+ state->status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (sub_out.length == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ b64 = base64_encode_data_blob(state, sub_out);
+ data_blob_free(&sub_out);
+ if (tevent_req_nomem(b64, req)) {
+ return;
+ }
+
+ prefix_length = http_generic->prefix.length;
+ str = talloc_asprintf(state, "%*.*s %s", prefix_length, prefix_length,
+ (const char *)http_generic->prefix.data, b64);
+ TALLOC_FREE(b64);
+ if (tevent_req_nomem(str, req)) {
+ return;
+ }
+
+ state->out = data_blob_string_const(str);
+ tevent_req_done(req);
+}
+
+static NTSTATUS gensec_http_generic_update_recv(struct tevent_req *req,
+ TALLOC_CTX *out_mem_ctx,
+ DATA_BLOB *out)
+{
+ struct gensec_http_generic_update_state *state =
+ tevent_req_data(req,
+ struct gensec_http_generic_update_state);
+ NTSTATUS status;
+
+ *out = data_blob_null;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ *out = state->out;
+ talloc_steal(out_mem_ctx, state->out.data);
+ status = state->status;
+ tevent_req_received(req);
+ return status;
+}
+
+static const struct gensec_security_ops gensec_http_ntlm_security_ops = {
+ .name = "http_ntlm",
+ .auth_type = 0,
+ .client_start = gensec_http_ntlm_client_start,
+ .update_send = gensec_http_generic_update_send,
+ .update_recv = gensec_http_generic_update_recv,
+ .enabled = true,
+ .priority = GENSEC_EXTERNAL,
+};
+
+static const struct gensec_security_ops gensec_http_negotiate_security_ops = {
+ .name = "http_negotiate",
+ .auth_type = 0,
+ .client_start = gensec_http_negotiate_client_start,
+ .update_send = gensec_http_generic_update_send,
+ .update_recv = gensec_http_generic_update_recv,
+ .enabled = true,
+ .priority = GENSEC_EXTERNAL,
+ .glue = true,
+};
+
+_PUBLIC_ NTSTATUS gensec_http_generic_init(TALLOC_CTX *ctx)
+{
+ NTSTATUS status;
+
+ status = gensec_register(ctx, &gensec_http_ntlm_security_ops);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to register '%s' gensec backend!\n",
+ gensec_http_ntlm_security_ops.name));
+ return status;
+ }
+
+ status = gensec_register(ctx, &gensec_http_negotiate_security_ops);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to register '%s' gensec backend!\n",
+ gensec_http_negotiate_security_ops.name));
+ return status;
+ }
+
+ return status;
+}
diff --git a/libcli/http/http.c b/libcli/http/http.c
new file mode 100644
index 0000000..96c573a
--- /dev/null
+++ b/libcli/http/http.c
@@ -0,0 +1,882 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library
+
+ Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "http.h"
+#include "http_internal.h"
+#include "util/tevent_werror.h"
+#include "lib/util/dlinklist.h"
+
+#undef strcasecmp
+
+/**
+ * Determines if a response should have a body.
+ * @return 1 if the response MUST have a body; 0 if the response MUST NOT have
+ * a body. Returns -1 on error.
+ */
+static int http_response_needs_body(struct http_request *req)
+{
+ struct http_header *h = NULL;
+
+ if (!req) return -1;
+
+ for (h = req->headers; h != NULL; h = h->next) {
+ int cmp;
+ int n;
+ char c;
+ unsigned long long v;
+
+ cmp = strcasecmp(h->key, "Content-Length");
+ if (cmp != 0) {
+ continue;
+ }
+
+ n = sscanf(h->value, "%llu%c", &v, &c);
+ if (n != 1) {
+ return -1;
+ }
+
+ req->remaining_content_length = v;
+
+ if (v != 0) {
+ return 1;
+ }
+
+ return 0;
+ }
+
+ return 0;
+}
+
+struct http_read_response_state {
+ enum http_parser_state parser_state;
+ size_t max_headers_size;
+ uint64_t max_content_length;
+ DATA_BLOB buffer;
+ struct http_request *response;
+};
+
+/**
+ * Parses the HTTP headers
+ */
+static enum http_read_status http_parse_headers(struct http_read_response_state *state)
+{
+ enum http_read_status status = HTTP_ALL_DATA_READ;
+ char *ptr = NULL;
+ char *line = NULL;
+ char *key = NULL;
+ char *value = NULL;
+ int n = 0;
+ int ret;
+
+ /* Sanity checks */
+ if (!state || !state->response) {
+ DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+ return HTTP_DATA_CORRUPTED;
+ }
+
+ if (state->buffer.length > state->max_headers_size) {
+ DEBUG(0, ("%s: Headers too long: %zi, maximum length is %zi\n", __func__,
+ state->buffer.length, state->max_headers_size));
+ return HTTP_DATA_TOO_LONG;
+ }
+
+ line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
+ if (!line) {
+ DEBUG(0, ("%s: Memory error\n", __func__));
+ return HTTP_DATA_CORRUPTED;
+ }
+
+ ptr = strstr(line, "\r\n");
+ if (ptr == NULL) {
+ TALLOC_FREE(line);
+ return HTTP_MORE_DATA_EXPECTED;
+ }
+
+ state->response->headers_size += state->buffer.length;
+
+ if (strncmp(line, "\r\n", 2) == 0) {
+ DEBUG(11,("%s: All headers read\n", __func__));
+
+ ret = http_response_needs_body(state->response);
+ switch (ret) {
+ case 1:
+ if (state->response->remaining_content_length <= state->max_content_length) {
+ DEBUG(11, ("%s: Start of read body\n", __func__));
+ state->parser_state = HTTP_READING_BODY;
+ break;
+ }
+ FALL_THROUGH;
+ case 0:
+ DEBUG(11, ("%s: Skipping body for code %d\n", __func__,
+ state->response->response_code));
+ state->parser_state = HTTP_READING_DONE;
+ break;
+ case -1:
+ DEBUG(0, ("%s_: Error in http_response_needs_body\n", __func__));
+ TALLOC_FREE(line);
+ return HTTP_DATA_CORRUPTED;
+ break;
+ }
+
+ TALLOC_FREE(line);
+ return HTTP_ALL_DATA_READ;
+ }
+
+ n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
+ if (n != 2) {
+ DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
+ status = HTTP_DATA_CORRUPTED;
+ goto error;
+ }
+
+ if (http_add_header(state->response, &state->response->headers, key, value) == -1) {
+ DEBUG(0, ("%s: Error adding header\n", __func__));
+ status = HTTP_DATA_CORRUPTED;
+ goto error;
+ }
+
+error:
+ free(key);
+ free(value);
+ TALLOC_FREE(line);
+ return status;
+}
+
+/**
+ * Parses the first line of a HTTP response
+ */
+static bool http_parse_response_line(struct http_read_response_state *state)
+{
+ bool status = true;
+ char *protocol;
+ char *msg = NULL;
+ char major;
+ char minor;
+ int code;
+ char *line = NULL;
+ int n;
+
+ /* Sanity checks */
+ if (!state) {
+ DEBUG(0, ("%s: Input parameter is NULL\n", __func__));
+ return false;
+ }
+
+ line = talloc_strndup(state, (char*)state->buffer.data, state->buffer.length);
+ if (!line) {
+ DEBUG(0, ("%s: Memory error\n", __func__));
+ return false;
+ }
+
+ n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
+ &protocol, &major, &minor, &code, &msg);
+
+ DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
+ "code->%d, message->%s\n", __func__, n, protocol, major, minor,
+ code, msg));
+
+ if (n != 5) {
+ DEBUG(0, ("%s: Error parsing header\n", __func__));
+ status = false;
+ goto error;
+ }
+
+ if (major != '1') {
+ DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
+ status = false;
+ goto error;
+ }
+
+ if (code == 0) {
+ DEBUG(0, ("%s: Bad response code '%d'\n", __func__, code));
+ status = false;
+ goto error;
+ }
+
+ if (msg == NULL) {
+ DEBUG(0, ("%s: Error parsing HTTP data\n", __func__));
+ status = false;
+ goto error;
+ }
+
+ state->response->major = major;
+ state->response->minor = minor;
+ state->response->response_code = code;
+ state->response->response_code_line = talloc_strndup(state->response,
+ msg, strlen(msg));
+
+error:
+ free(protocol);
+ free(msg);
+ TALLOC_FREE(line);
+ return status;
+}
+
+/*
+ * Parses header lines from a request or a response into the specified
+ * request object given a buffer.
+ *
+ * Returns
+ * HTTP_DATA_CORRUPTED on error
+ * HTTP_MORE_DATA_EXPECTED when we need to read more headers
+ * HTTP_DATA_TOO_LONG on error
+ * HTTP_ALL_DATA_READ when all headers have been read
+ */
+static enum http_read_status http_parse_firstline(struct http_read_response_state *state)
+{
+ enum http_read_status status = HTTP_ALL_DATA_READ;
+ char *ptr = NULL;
+ char *line;
+
+ /* Sanity checks */
+ if (!state) {
+ DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+ return HTTP_DATA_CORRUPTED;
+ }
+
+ if (state->buffer.length > state->max_headers_size) {
+ DEBUG(0, ("%s: Headers too long: %zi, maximum length is %zi\n", __func__,
+ state->buffer.length, state->max_headers_size));
+ return HTTP_DATA_TOO_LONG;
+ }
+
+ line = talloc_strndup(state, (char *)state->buffer.data, state->buffer.length);
+ if (!line) {
+ DEBUG(0, ("%s: Not enough memory\n", __func__));
+ return HTTP_DATA_CORRUPTED;
+ }
+
+ ptr = strstr(line, "\r\n");
+ if (ptr == NULL) {
+ TALLOC_FREE(line);
+ return HTTP_MORE_DATA_EXPECTED;
+ }
+
+ state->response->headers_size = state->buffer.length;
+ if (!http_parse_response_line(state)) {
+ status = HTTP_DATA_CORRUPTED;
+ }
+
+ /* Next state, read HTTP headers */
+ state->parser_state = HTTP_READING_HEADERS;
+
+ TALLOC_FREE(line);
+ return status;
+}
+
+static enum http_read_status http_read_body(struct http_read_response_state *state)
+{
+ struct http_request *resp = state->response;
+
+ if (state->buffer.length < resp->remaining_content_length) {
+ return HTTP_MORE_DATA_EXPECTED;
+ }
+
+ resp->body = state->buffer;
+ state->buffer = data_blob_null;
+ talloc_steal(resp, resp->body.data);
+ resp->remaining_content_length = 0;
+
+ state->parser_state = HTTP_READING_DONE;
+ return HTTP_ALL_DATA_READ;
+}
+
+static enum http_read_status http_read_trailer(struct http_read_response_state *state)
+{
+ enum http_read_status status = HTTP_DATA_CORRUPTED;
+ /* TODO */
+ return status;
+}
+
+static enum http_read_status http_parse_buffer(struct http_read_response_state *state)
+{
+ if (!state) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return HTTP_DATA_CORRUPTED;
+ }
+
+ switch (state->parser_state) {
+ case HTTP_READING_FIRSTLINE:
+ return http_parse_firstline(state);
+ case HTTP_READING_HEADERS:
+ return http_parse_headers(state);
+ case HTTP_READING_BODY:
+ return http_read_body(state);
+ break;
+ case HTTP_READING_TRAILER:
+ return http_read_trailer(state);
+ break;
+ case HTTP_READING_DONE:
+ /* All read */
+ return HTTP_ALL_DATA_READ;
+ default:
+ DEBUG(0, ("%s: Illegal parser state %d\n", __func__,
+ state->parser_state));
+ break;
+ }
+ return HTTP_DATA_CORRUPTED;
+}
+
+static int http_header_is_valid_value(const char *value)
+{
+ const char *p = NULL;
+
+ /* Sanity checks */
+ if (!value) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return -1;
+ }
+ p = value;
+
+ while ((p = strpbrk(p, "\r\n")) != NULL) {
+ /* Expect only one new line */
+ p += strspn(p, "\r\n");
+ /* Expect a space or tab for continuation */
+ if (*p != ' ' && *p != '\t')
+ return (0);
+ }
+ return 1;
+}
+
+static int http_add_header_internal(TALLOC_CTX *mem_ctx,
+ struct http_header **headers,
+ const char *key, const char *value,
+ bool replace)
+{
+ struct http_header *tail = NULL;
+ struct http_header *h = NULL;
+
+ /* Sanity checks */
+ if (!headers || !key || !value) {
+ DEBUG(0, ("Invalid parameter\n"));
+ return -1;
+ }
+
+
+
+ if (replace) {
+ for (h = *headers; h != NULL; h = h->next) {
+ if (strcasecmp(key, h->key) == 0) {
+ break;
+ }
+ }
+
+ if (h != NULL) {
+ /* Replace header value */
+ if (h->value) {
+ talloc_free(h->value);
+ }
+ h->value = talloc_strdup(h, value);
+ DEBUG(11, ("%s: Replaced HTTP header: key '%s', value '%s'\n",
+ __func__, h->key, h->value));
+ return 0;
+ }
+ }
+
+ /* Add new header */
+ h = talloc(mem_ctx, struct http_header);
+ h->key = talloc_strdup(h, key);
+ h->value = talloc_strdup(h, value);
+ DLIST_ADD_END(*headers, h);
+ tail = DLIST_TAIL(*headers);
+ if (tail != h) {
+ DEBUG(0, ("%s: Error adding header\n", __func__));
+ return -1;
+ }
+ DEBUG(11, ("%s: Added HTTP header: key '%s', value '%s'\n",
+ __func__, h->key, h->value));
+ return 0;
+}
+
+int http_add_header(TALLOC_CTX *mem_ctx,
+ struct http_header **headers,
+ const char *key, const char *value)
+{
+ if (strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
+ DEBUG(0, ("%s: Dropping illegal header key\n", __func__));
+ return -1;
+ }
+
+ if (!http_header_is_valid_value(value)) {
+ DEBUG(0, ("%s: Dropping illegal header value\n", __func__));
+ return -1;
+ }
+
+ return (http_add_header_internal(mem_ctx, headers, key, value, false));
+}
+
+int http_replace_header(TALLOC_CTX *mem_ctx,
+ struct http_header **headers,
+ const char *key, const char *value)
+{
+ if (strchr(key, '\r') != NULL || strchr(key, '\n') != NULL) {
+ DEBUG(0, ("%s: Dropping illegal header key\n", __func__));
+ return -1;
+ }
+
+ if (!http_header_is_valid_value(value)) {
+ DEBUG(0, ("%s: Dropping illegal header value\n", __func__));
+ return -1;
+ }
+
+ return (http_add_header_internal(mem_ctx, headers, key, value, true));
+}
+
+/**
+ * Remove a header from the headers list.
+ *
+ * Returns 0, if the header was successfully removed.
+ * Returns -1, if the header could not be found.
+ */
+int http_remove_header(struct http_header **headers, const char *key)
+{
+ struct http_header *header;
+
+ /* Sanity checks */
+ if (!headers || !key) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return -1;
+ }
+
+ for(header = *headers; header != NULL; header = header->next) {
+ if (strcmp(key, header->key) == 0) {
+ DLIST_REMOVE(*headers, header);
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static int http_read_response_next_vector(struct tstream_context *stream,
+ void *private_data,
+ TALLOC_CTX *mem_ctx,
+ struct iovec **_vector,
+ size_t *_count)
+{
+ struct http_read_response_state *state;
+ struct iovec *vector;
+
+ /* Sanity checks */
+ if (!stream || !private_data || !_vector || !_count) {
+ DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+ return -1;
+ }
+
+ state = talloc_get_type_abort(private_data, struct http_read_response_state);
+ vector = talloc_array(mem_ctx, struct iovec, 1);
+ if (!vector) {
+ DEBUG(0, ("%s: No more memory\n", __func__));
+ return -1;
+ }
+
+ if (state->buffer.data == NULL) {
+ /* Allocate buffer */
+ state->buffer.data = talloc_zero_array(state, uint8_t, 1);
+ if (!state->buffer.data) {
+ DEBUG(0, ("%s: No more memory\n", __func__));
+ return -1;
+ }
+ state->buffer.length = 1;
+
+ /* Return now, nothing to parse yet */
+ vector[0].iov_base = (void *)(state->buffer.data);
+ vector[0].iov_len = 1;
+ *_vector = vector;
+ *_count = 1;
+ return 0;
+ }
+
+ switch (http_parse_buffer(state)) {
+ case HTTP_ALL_DATA_READ:
+ if (state->parser_state == HTTP_READING_DONE) {
+ /* Full request or response parsed */
+ *_vector = NULL;
+ *_count = 0;
+ } else {
+ /* Free current buffer and allocate new one */
+ TALLOC_FREE(state->buffer.data);
+ state->buffer.data = talloc_zero_array(state, uint8_t, 1);
+ if (!state->buffer.data) {
+ return -1;
+ }
+ state->buffer.length = 1;
+
+ vector[0].iov_base = (void *)(state->buffer.data);
+ vector[0].iov_len = 1;
+ *_vector = vector;
+ *_count = 1;
+ }
+ break;
+ case HTTP_MORE_DATA_EXPECTED:
+ /* TODO Optimize, allocating byte by byte */
+ state->buffer.data = talloc_realloc(state, state->buffer.data,
+ uint8_t, state->buffer.length + 1);
+ if (!state->buffer.data) {
+ return -1;
+ }
+ state->buffer.length++;
+ vector[0].iov_base = (void *)(state->buffer.data +
+ state->buffer.length - 1);
+ vector[0].iov_len = 1;
+ *_vector = vector;
+ *_count = 1;
+ break;
+ case HTTP_DATA_CORRUPTED:
+ case HTTP_REQUEST_CANCELED:
+ case HTTP_DATA_TOO_LONG:
+ return -1;
+ break;
+ default:
+ DEBUG(0, ("%s: Unexpected status\n", __func__));
+ break;
+ }
+ return 0;
+}
+
+
+/**
+ * Reads a HTTP response
+ */
+static void http_read_response_done(struct tevent_req *);
+struct tevent_req *http_read_response_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct http_conn *http_conn,
+ size_t max_content_length)
+{
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct http_read_response_state *state;
+
+ DEBUG(11, ("%s: Reading HTTP response\n", __func__));
+
+ /* Sanity checks */
+ if (ev == NULL || http_conn == NULL) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NULL;
+ }
+
+ req = tevent_req_create(mem_ctx, &state, struct http_read_response_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->max_headers_size = HTTP_MAX_HEADER_SIZE;
+ state->max_content_length = (uint64_t)max_content_length;
+ state->parser_state = HTTP_READING_FIRSTLINE;
+ state->response = talloc_zero(state, struct http_request);
+ if (tevent_req_nomem(state->response, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = tstream_readv_pdu_send(state, ev, http_conn->tstreams.active,
+ http_read_response_next_vector,
+ state);
+ if (tevent_req_nomem(subreq,req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, http_read_response_done, req);
+
+ return req;
+}
+
+static void http_read_response_done(struct tevent_req *subreq)
+{
+ NTSTATUS status;
+ struct tevent_req *req;
+ int ret;
+ int sys_errno;
+
+ if (!subreq) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return;
+ }
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+
+ ret = tstream_readv_pdu_recv(subreq, &sys_errno);
+ DEBUG(11, ("%s: HTTP response read (%d bytes)\n", __func__, ret));
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix_common(sys_errno);
+ DEBUG(0, ("%s: Failed to read HTTP response: %s\n",
+ __func__, nt_errstr(status)));
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS http_read_response_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct http_request **response)
+{
+ NTSTATUS status;
+ struct http_read_response_state *state;
+
+ if (!mem_ctx || !response || !req) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ state = tevent_req_data(req, struct http_read_response_state);
+ *response = state->response;
+ talloc_steal(mem_ctx, state->response);
+
+ tevent_req_received(req);
+
+ return NT_STATUS_OK;
+}
+
+static const char *http_method_str(enum http_cmd_type type)
+{
+ const char *method;
+
+ switch (type) {
+ case HTTP_REQ_POST:
+ method = "POST";
+ break;
+ case HTTP_REQ_RPC_IN_DATA:
+ method = "RPC_IN_DATA";
+ break;
+ case HTTP_REQ_RPC_OUT_DATA:
+ method = "RPC_OUT_DATA";
+ break;
+ default:
+ method = NULL;
+ break;
+ }
+
+ return method;
+}
+
+static NTSTATUS http_push_request_line(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *buffer,
+ const struct http_request *req)
+{
+ const char *method;
+ char *str;
+
+ /* Sanity checks */
+ if (!buffer || !req) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ method = http_method_str(req->type);
+ if (method == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ str = talloc_asprintf(mem_ctx, "%s %s HTTP/%c.%c\r\n", method,
+ req->uri, req->major, req->minor);
+ if (str == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ if (!data_blob_append(mem_ctx, buffer, str, strlen(str))) {
+ talloc_free(str);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ talloc_free(str);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS http_push_headers(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
+ struct http_request *req)
+{
+ struct http_header *header = NULL;
+ char *header_str = NULL;
+ size_t len;
+
+ /* Sanity checks */
+ if (!blob || !req) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ for (header = req->headers; header != NULL; header = header->next) {
+ header_str = talloc_asprintf(mem_ctx, "%s: %s\r\n",
+ header->key, header->value);
+ if (header_str == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ len = strlen(header_str);
+ if (!data_blob_append(mem_ctx, blob, header_str, len)) {
+ talloc_free(header_str);
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_free(header_str);
+ }
+
+ if (!data_blob_append(mem_ctx, blob, "\r\n",2)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+static NTSTATUS http_push_body(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
+ struct http_request *req)
+{
+ /* Sanity checks */
+ if (!blob || !req) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (req->body.length) {
+ if (!data_blob_append(mem_ctx, blob, req->body.data,
+ req->body.length)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct http_send_request_state {
+ struct tevent_context *ev;
+ struct loadparm_context *lp_ctx;
+ struct cli_credentials *credentials;
+ struct http_request *request;
+ DATA_BLOB buffer;
+ struct iovec iov;
+ ssize_t nwritten;
+ int sys_errno;
+};
+
+/**
+ * Sends and HTTP request
+ */
+static void http_send_request_done(struct tevent_req *);
+struct tevent_req *http_send_request_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct http_conn *http_conn,
+ struct http_request *request)
+{
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct http_send_request_state *state = NULL;
+ NTSTATUS status;
+
+ DEBUG(11, ("%s: Sending HTTP request\n", __func__));
+
+ /* Sanity checks */
+ if (ev == NULL || request == NULL || http_conn == NULL) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NULL;
+ }
+
+ req = tevent_req_create(mem_ctx, &state, struct http_send_request_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->ev = ev;
+ state->request = request;
+
+ /* Push the request line */
+ status = http_push_request_line(state, &state->buffer, state->request);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+
+ /* Push the headers */
+ status = http_push_headers(mem_ctx, &state->buffer, request);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+
+ /* Push the body */
+ status = http_push_body(mem_ctx, &state->buffer, request);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+
+ state->iov.iov_base = (char *) state->buffer.data;
+ state->iov.iov_len = state->buffer.length;
+ subreq = tstream_writev_queue_send(state,
+ ev,
+ http_conn->tstreams.active,
+ http_conn->send_queue,
+ &state->iov, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, http_send_request_done, req);
+
+ return req;
+}
+
+static void http_send_request_done(struct tevent_req *subreq)
+{
+ NTSTATUS status;
+ struct tevent_req *req;
+ struct http_send_request_state *state;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct http_send_request_state);
+
+ state->nwritten = tstream_writev_queue_recv(subreq, &state->sys_errno);
+ TALLOC_FREE(subreq);
+ if (state->nwritten == -1 && state->sys_errno != 0) {
+ status = map_nt_error_from_unix_common(state->sys_errno);
+ DEBUG(0, ("%s: Failed to send HTTP request: %s\n",
+ __func__, nt_errstr(status)));
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS http_send_request_recv(struct tevent_req *req)
+{
+ NTSTATUS status;
+
+ if (!req) {
+ DEBUG(0, ("%s: Invalid parameter\n", __func__));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ tevent_req_received(req);
+
+ return NT_STATUS_OK;
+}
diff --git a/libcli/http/http.h b/libcli/http/http.h
new file mode 100644
index 0000000..8941547
--- /dev/null
+++ b/libcli/http/http.h
@@ -0,0 +1,143 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library
+
+ Copyright (C) 2013 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _HTTP_H_
+#define _HTTP_H_
+
+#include <limits.h>
+#include <sys/uio.h>
+
+#include <tevent.h>
+#include "lib/tsocket/tsocket.h"
+
+/* Response codes */
+#define HTTP_OK 200 /* request completed ok */
+#define HTTP_NOCONTENT 204 /* request does not have content */
+#define HTTP_MOVEPERM 301 /* uri moved permanently */
+#define HTTP_MOVETEMP 302 /* uri moved temporarily */
+#define HTTP_NOTMODIFIED 304 /* page was not modified from last */
+#define HTTP_BADREQUEST 400 /* invalid http request was made */
+#define HTTP_NOTFOUND 404 /* could not find content for uri */
+#define HTTP_BADMETHOD 405 /* method not allowed for this uri */
+#define HTTP_ENTITYTOOLARGE 413 /* */
+#define HTTP_EXPECTATIONFAILED 417 /* can't handle this expectation */
+#define HTTP_INTERNAL 500 /* internal error */
+#define HTTP_NOTIMPLEMENTED 501 /* not implemented */
+#define HTTP_SERVUNAVAIL 503 /* server is not available */
+
+#define HTTP_MAX_HEADER_SIZE 0x1FFFF
+
+struct cli_credentials;
+
+enum http_cmd_type {
+ HTTP_REQ_GET = 1 << 0,
+ HTTP_REQ_POST = 1 << 1,
+ HTTP_REQ_HEAD = 1 << 2,
+ HTTP_REQ_PUT = 1 << 3,
+ HTTP_REQ_DELETE = 1 << 4,
+ HTTP_REQ_OPTIONS = 1 << 5,
+ HTTP_REQ_TRACE = 1 << 6,
+ HTTP_REQ_CONNECT = 1 << 7,
+ HTTP_REQ_PATCH = 1 << 8,
+ HTTP_REQ_RPC_IN_DATA = 1 << 9,
+ HTTP_REQ_RPC_OUT_DATA = 1 << 10,
+};
+
+enum http_auth_method {
+ HTTP_AUTH_BASIC=1,
+ HTTP_AUTH_NTLM,
+ HTTP_AUTH_NEGOTIATE,
+};
+
+struct http_header {
+ struct http_header *next, *prev;
+ char *key;
+ char *value;
+};
+
+struct http_request {
+ enum http_cmd_type type; /* HTTP command type */
+ char major; /* HTTP version major number */
+ char minor; /* HTTP version minor number */
+ char *uri; /* URI after HTTP request was parsed */
+ struct http_header *headers;
+ size_t headers_size;
+ unsigned int response_code; /* HTTP response code */
+ char *response_code_line; /* Readable response */
+ uint64_t remaining_content_length; /* data not represent in body */
+ DATA_BLOB body;
+};
+
+/* HTTP header handling functions */
+int http_remove_header(struct http_header **, const char *);
+int http_add_header(TALLOC_CTX *, struct http_header **, const char *, const char *);
+int http_replace_header(TALLOC_CTX *, struct http_header **, const char *, const char *);
+
+/* HTTP(s) connect */
+
+struct http_conn;
+struct tstream_tls_params;
+
+struct tevent_req *http_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *http_server,
+ uint16_t http_port,
+ struct cli_credentials *credentials,
+ struct tstream_tls_params *tls_params);
+int http_connect_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct http_conn **http_conn);
+
+struct tevent_req *http_disconnect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct http_conn *http_conn);
+int http_disconnect_recv(struct tevent_req *req);
+
+struct tevent_queue *http_conn_send_queue(struct http_conn *http_conn);
+struct tstream_context *http_conn_tstream(struct http_conn *http_conn);
+
+/* HTTP request */
+struct tevent_req *http_send_request_send(TALLOC_CTX *,
+ struct tevent_context *,
+ struct http_conn *,
+ struct http_request *);
+NTSTATUS http_send_request_recv(struct tevent_req *);
+
+/* HTTP response */
+struct tevent_req *http_read_response_send(TALLOC_CTX *,
+ struct tevent_context *,
+ struct http_conn *,
+ size_t max_content_length);
+NTSTATUS http_read_response_recv(struct tevent_req *,
+ TALLOC_CTX *,
+ struct http_request **);
+
+/* HTTP authenticated request */
+struct tevent_req *http_send_auth_request_send(TALLOC_CTX *,
+ struct tevent_context *,
+ struct http_conn *,
+ const struct http_request *,
+ struct cli_credentials *,
+ struct loadparm_context *,
+ enum http_auth_method);
+NTSTATUS http_send_auth_request_recv(struct tevent_req *);
+
+#endif /* _HTTP_H_ */
diff --git a/libcli/http/http_auth.c b/libcli/http/http_auth.c
new file mode 100644
index 0000000..3dcf52c
--- /dev/null
+++ b/libcli/http/http_auth.c
@@ -0,0 +1,383 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library
+
+ Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "http.h"
+#include "http_internal.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/param/param.h"
+#include "tevent.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "lib/util/data_blob.h"
+
+#undef strcasecmp
+#undef strncasecmp
+
+/**
+ * Copy the request headers from src to dst
+ */
+static NTSTATUS http_copy_header(const struct http_request *src,
+ struct http_request *dst)
+{
+ struct http_header *h;
+
+ dst->type = src->type;
+ dst->major = src->major;
+ dst->minor = src->minor;
+ dst->uri = talloc_strdup(dst, src->uri);
+
+ for (h = src->headers; h != NULL; h = h->next) {
+ http_add_header(dst, &dst->headers, h->key, h->value);
+ }
+ dst->headers_size = src->headers_size;
+
+ return NT_STATUS_OK;
+}
+
+/*
+ * Retrieve the WWW-Authenticate header from server response based on the
+ * authentication scheme being used.
+ */
+static NTSTATUS http_parse_auth_response(const DATA_BLOB prefix,
+ struct http_request *auth_response,
+ DATA_BLOB *in)
+{
+ struct http_header *h;
+
+ for (h = auth_response->headers; h != NULL; h = h->next) {
+ int cmp;
+
+ cmp = strcasecmp(h->key, "WWW-Authenticate");
+ if (cmp != 0) {
+ continue;
+ }
+
+ cmp = strncasecmp(h->value,
+ (const char *)prefix.data,
+ prefix.length);
+ if (cmp != 0) {
+ continue;
+ }
+
+ *in = data_blob_string_const(h->value);
+ return NT_STATUS_OK;
+ }
+
+ return NT_STATUS_NOT_SUPPORTED;
+}
+
+struct http_auth_state {
+ struct tevent_context *ev;
+
+ struct http_conn *http_conn;
+
+ enum http_auth_method auth;
+ DATA_BLOB prefix;
+
+ struct gensec_security *gensec_ctx;
+ NTSTATUS gensec_status;
+
+ const struct http_request *original_request;
+ struct http_request *next_request;
+ struct http_request *auth_response;
+};
+
+
+static void http_send_auth_request_gensec_done(struct tevent_req *subreq);
+static void http_send_auth_request_http_req_done(struct tevent_req *subreq);
+static void http_send_auth_request_http_rep_done(struct tevent_req *subreq);
+
+struct tevent_req *http_send_auth_request_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct http_conn *http_conn,
+ const struct http_request *original_request,
+ struct cli_credentials *credentials,
+ struct loadparm_context *lp_ctx,
+ enum http_auth_method auth)
+{
+ struct tevent_req *req = NULL;
+ struct http_auth_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+ DATA_BLOB gensec_in = data_blob_null;
+ NTSTATUS status;
+ struct http_header *h = NULL;
+ const char *mech_name = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct http_auth_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->http_conn = http_conn;
+ state->auth = auth;
+ state->original_request = original_request;
+
+ status = gensec_init();
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = gensec_client_start(state, &state->gensec_ctx,
+ lpcfg_gensec_settings(state, lp_ctx));
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = gensec_set_credentials(state->gensec_ctx, credentials);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ for (h = original_request->headers; h != NULL; h = h->next) {
+ int cmp;
+
+ cmp = strcasecmp(h->key, "Host");
+ if (cmp != 0) {
+ continue;
+ }
+
+ status = gensec_set_target_service(state->gensec_ctx, "http");
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = gensec_set_target_hostname(state->gensec_ctx, h->value);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ break;
+ }
+
+ switch (state->auth) {
+ case HTTP_AUTH_BASIC:
+ mech_name = "http_basic";
+ state->prefix = data_blob_string_const("Basic");
+ break;
+ case HTTP_AUTH_NTLM:
+ mech_name = "http_ntlm";
+ state->prefix = data_blob_string_const("NTLM");
+ break;
+ case HTTP_AUTH_NEGOTIATE:
+ mech_name = "http_negotiate";
+ state->prefix = data_blob_string_const("Negotiate");
+ break;
+ default:
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
+ status = gensec_start_mech_by_name(state->gensec_ctx, mech_name);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = gensec_update_send(state, state->ev,
+ state->gensec_ctx,
+ gensec_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, http_send_auth_request_gensec_done, req);
+
+ return req;
+}
+
+static void http_send_auth_request_gensec_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct http_auth_state *state =
+ tevent_req_data(req,
+ struct http_auth_state);
+ DATA_BLOB gensec_out = data_blob_null;
+ NTSTATUS status;
+ int ret;
+
+ TALLOC_FREE(state->auth_response);
+
+ status = gensec_update_recv(subreq, state, &gensec_out);
+ TALLOC_FREE(subreq);
+ state->gensec_status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->next_request = talloc_zero(state, struct http_request);
+ if (tevent_req_nomem(state->next_request, req)) {
+ return;
+ }
+
+ status = http_copy_header(state->original_request, state->next_request);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (!NT_STATUS_IS_OK(state->gensec_status)) {
+ /*
+ * More preprocessing required before we
+ * can include the content.
+ */
+ ret = http_replace_header(state->next_request,
+ &state->next_request->headers,
+ "Content-Length", "0");
+ if (ret != 0) {
+ tevent_req_oom(req);
+ return;
+ }
+ } else {
+ state->next_request->body = state->original_request->body;
+ }
+
+ if (gensec_out.length > 0) {
+ ret = http_add_header(state->next_request,
+ &state->next_request->headers,
+ "Authorization",
+ (char *)gensec_out.data);
+ if (ret != 0) {
+ tevent_req_oom(req);
+ return;
+ }
+ data_blob_free(&gensec_out);
+ }
+
+ subreq = http_send_request_send(state, state->ev,
+ state->http_conn,
+ state->next_request);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ http_send_auth_request_http_req_done,
+ req);
+}
+
+static void http_send_auth_request_http_req_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct http_auth_state *state =
+ tevent_req_data(req,
+ struct http_auth_state);
+ NTSTATUS status;
+
+ TALLOC_FREE(state->next_request);
+
+ status = http_send_request_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /*
+ * If no more processing required, it is done
+ *
+ * The caller will use http_read_response_send/recv
+ * in order to get the high level response.
+ */
+ if (NT_STATUS_IS_OK(state->gensec_status)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ /*
+ * If more processing required, read the response from server
+ *
+ * We may get an empty RPCH Echo packet from the server
+ * on the "RPC_OUT_DATA" path. We need to consume this
+ * from the socket, but for now we just ignore the bytes.
+ */
+ subreq = http_read_response_send(state, state->ev,
+ state->http_conn,
+ UINT16_MAX);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ http_send_auth_request_http_rep_done,
+ req);
+}
+
+static void http_send_auth_request_http_rep_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct http_auth_state *state =
+ tevent_req_data(req,
+ struct http_auth_state);
+ DATA_BLOB gensec_in = data_blob_null;
+ NTSTATUS status;
+
+ status = http_read_response_recv(subreq, state,
+ &state->auth_response);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /*
+ * We we asked for up to UINT16_MAX bytes of
+ * content, we don't expect
+ * state->auth_response->remaining_content_length
+ * to be set.
+ *
+ * For now we just ignore any bytes in
+ * state->auth_response->body.
+ */
+ if (state->auth_response->remaining_content_length != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ status = http_parse_auth_response(state->prefix,
+ state->auth_response,
+ &gensec_in);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev,
+ state->gensec_ctx,
+ gensec_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, http_send_auth_request_gensec_done, req);
+}
+
+NTSTATUS http_send_auth_request_recv(struct tevent_req *req)
+{
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ tevent_req_received(req);
+
+ return NT_STATUS_OK;
+}
diff --git a/libcli/http/http_conn.c b/libcli/http/http_conn.c
new file mode 100644
index 0000000..ac39a0a
--- /dev/null
+++ b/libcli/http/http_conn.c
@@ -0,0 +1,347 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library
+
+ Copyright (C) 2019 Ralph Boehme <slow@samba.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "libcli/dns/dns_lookup.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/util/util_net.h"
+#include "lib/tls/tls.h"
+#include "lib/util/tevent_unix.h"
+#include "http.h"
+#include "http_internal.h"
+
+struct http_connect_state {
+ struct tevent_context *ev;
+ const char *http_server;
+ const char *http_server_ip;
+ uint16_t http_port;
+ struct tsocket_address *local_address;
+ struct tsocket_address *remote_address;
+ struct cli_credentials *credentials;
+ struct tstream_tls_params *tls_params;
+
+ struct http_conn *http_conn;
+};
+
+static void http_connect_dns_done(struct tevent_req *subreq);
+static void http_connect_tcp_connect(struct tevent_req *req);
+static void http_connect_tcp_done(struct tevent_req *subreq);
+static void http_connect_tls_done(struct tevent_req *subreq);
+
+struct tevent_req *http_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *http_server,
+ uint16_t http_port,
+ struct cli_credentials *credentials,
+ struct tstream_tls_params *tls_params)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct http_connect_state *state = NULL;
+ int ret;
+
+ DBG_DEBUG("Connecting to [%s] over HTTP%s\n",
+ http_server, tls_params != NULL ? "S" : "");
+
+ req = tevent_req_create(mem_ctx, &state, struct http_connect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ *state = (struct http_connect_state) {
+ .ev = ev,
+ .http_port = http_port,
+ .credentials = credentials,
+ .tls_params = tls_params,
+ };
+
+ state->http_server = talloc_strdup(state, http_server);
+ if (tevent_req_nomem(state->http_server, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->http_conn = talloc_zero(state, struct http_conn);
+ if (tevent_req_nomem(state->http_conn, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->http_conn->send_queue = tevent_queue_create(state->http_conn,
+ "HTTP send queue");
+ if (tevent_req_nomem(state->http_conn->send_queue, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ NULL,
+ 0,
+ &state->local_address);
+ if (ret != 0) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
+ }
+
+ if (!is_ipaddress(http_server)) {
+ subreq = dns_lookup_send(state,
+ ev,
+ NULL,
+ http_server,
+ DNS_QCLASS_IN,
+ DNS_QTYPE_A);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, http_connect_dns_done, req);
+ return req;
+ }
+ state->http_server_ip = state->http_server;
+
+ http_connect_tcp_connect(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void http_connect_dns_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct http_connect_state *state = tevent_req_data(
+ req, struct http_connect_state);
+ struct dns_name_packet *dns_reply = NULL;
+ struct dns_res_rec *an = NULL;
+ uint16_t i;
+ int ret;
+
+ ret = dns_lookup_recv(subreq, state, &dns_reply);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ tevent_req_error(req, ret);
+ return;
+ }
+
+ for (i = 0; i < dns_reply->ancount; i++) {
+ an = &dns_reply->answers[i];
+ if (an->rr_type == DNS_QTYPE_A) {
+ break;
+ }
+ }
+ if (i >= dns_reply->ancount) {
+ tevent_req_error(req, ENOENT);
+ return;
+ }
+
+ state->http_server_ip = talloc_strdup(state, an->rdata.ipv4_record);
+ if (tevent_req_nomem(state->http_server_ip, req)) {
+ return;
+ }
+ http_connect_tcp_connect(req);
+}
+
+static void http_connect_tcp_connect(struct tevent_req *req)
+{
+ struct http_connect_state *state = tevent_req_data(
+ req, struct http_connect_state);
+ struct tevent_req *subreq = NULL;
+ int ret;
+
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ state->http_server_ip,
+ state->http_port,
+ &state->remote_address);
+ if (ret != 0) {
+ int saved_errno = errno;
+
+ DBG_ERR("Cannot create remote socket address, error: %s (%d)\n",
+ strerror(errno), errno);
+ tevent_req_error(req, saved_errno);
+ return;
+ }
+
+ subreq = tstream_inet_tcp_connect_send(state,
+ state->ev,
+ state->local_address,
+ state->remote_address);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, http_connect_tcp_done, req);
+}
+
+static void http_connect_tcp_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct http_connect_state *state = tevent_req_data(
+ req, struct http_connect_state);
+ int error;
+ int ret;
+
+ ret = tstream_inet_tcp_connect_recv(subreq,
+ &error,
+ state->http_conn,
+ &state->http_conn->tstreams.raw,
+ NULL);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ tevent_req_error(req, error);
+ return;
+ }
+
+ state->http_conn->tstreams.active = state->http_conn->tstreams.raw;
+ DBG_DEBUG("Socket connected\n");
+
+ if (state->tls_params == NULL) {
+ tevent_req_done(req);
+ return;
+ }
+
+ DBG_DEBUG("Starting TLS\n");
+
+ subreq = tstream_tls_connect_send(state,
+ state->ev,
+ state->http_conn->tstreams.active,
+ state->tls_params);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, http_connect_tls_done, req);
+}
+
+static void http_connect_tls_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct http_connect_state *state = tevent_req_data(
+ req, struct http_connect_state);
+ int error;
+ int ret;
+
+ ret = tstream_tls_connect_recv(subreq,
+ &error,
+ state->http_conn,
+ &state->http_conn->tstreams.tls);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ tevent_req_error(req, error);
+ return;
+ }
+
+ state->http_conn->tstreams.active = state->http_conn->tstreams.tls;
+
+ DBG_DEBUG("TLS handshake completed\n");
+ tevent_req_done(req);
+}
+
+int http_connect_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct http_conn **http_conn)
+{
+ struct http_connect_state *state = tevent_req_data(
+ req, struct http_connect_state);
+ int error;
+
+ if (tevent_req_is_unix_error(req, &error)) {
+ tevent_req_received(req);
+ return error;
+ }
+
+ *http_conn = talloc_move(mem_ctx, &state->http_conn);
+ tevent_req_received(req);
+
+ return 0;
+}
+
+struct tevent_queue *http_conn_send_queue(struct http_conn *http_conn)
+{
+ return http_conn->send_queue;
+}
+
+struct tstream_context *http_conn_tstream(struct http_conn *http_conn)
+{
+ return http_conn->tstreams.active;
+}
+
+struct http_conn_disconnect_state {
+ struct tevent_context *ev;
+ struct http_conn *http_conn;
+};
+
+static void http_conn_disconnect_done(struct tevent_req *subreq);
+
+struct tevent_req *http_disconnect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct http_conn *http_conn)
+{
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct http_conn_disconnect_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct http_conn_disconnect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ *state = (struct http_conn_disconnect_state) {
+ .ev = ev,
+ .http_conn = http_conn,
+ };
+
+ if (http_conn->tstreams.active == NULL) {
+ tevent_req_error(req, ENOTCONN);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = tstream_disconnect_send(state, ev, http_conn->tstreams.active);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, http_conn_disconnect_done, req);
+
+ return req;
+}
+
+static void http_conn_disconnect_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ int ret;
+ int error;
+
+ ret = tstream_disconnect_recv(subreq, &error);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ tevent_req_error(req, error);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+int http_disconnect_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_unix(req);
+}
diff --git a/libcli/http/http_internal.h b/libcli/http/http_internal.h
new file mode 100644
index 0000000..ec17f7e
--- /dev/null
+++ b/libcli/http/http_internal.h
@@ -0,0 +1,50 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ HTTP library
+
+ Copyright (C) 2014 Samuel Cabrero <samuelcabrero@kernevil.me>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _HTTP_INTERNAL_H_
+#define _HTTP_INTERNAL_H_
+
+enum http_parser_state {
+ HTTP_READING_FIRSTLINE,
+ HTTP_READING_HEADERS,
+ HTTP_READING_BODY,
+ HTTP_READING_TRAILER,
+ HTTP_READING_DONE,
+};
+
+enum http_read_status {
+ HTTP_ALL_DATA_READ,
+ HTTP_MORE_DATA_EXPECTED,
+ HTTP_DATA_CORRUPTED,
+ HTTP_REQUEST_CANCELED,
+ HTTP_DATA_TOO_LONG,
+};
+
+struct http_conn {
+ struct tevent_queue *send_queue;
+ struct {
+ struct tstream_context *raw;
+ struct tstream_context *tls;
+ struct tstream_context *active;
+ } tstreams;
+};
+
+#endif /* _HTTP_INTERNAL_H_ */
diff --git a/libcli/http/wscript_build b/libcli/http/wscript_build
new file mode 100644
index 0000000..da8768f
--- /dev/null
+++ b/libcli/http/wscript_build
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+bld.SAMBA_LIBRARY('http',
+ source='http.c http_auth.c http_conn.c',
+ deps='talloc tevent gensec dns_lookup',
+ private_library=True,
+)
+
+bld.SAMBA_MODULE('gensec_http_basic',
+ source='gensec/basic.c',
+ subsystem='gensec',
+ init_function='gensec_http_basic_init',
+ deps='samba-util auth_session'
+)
+
+bld.SAMBA_MODULE('gensec_http_generic',
+ source='gensec/generic.c',
+ subsystem='gensec',
+ init_function='gensec_http_generic_init',
+ deps='samba-util auth_session'
+)