97 Commits

Author SHA1 Message Date
Adrien Destugues
def1a05788 Made the wrong constructor private. 2014-06-11 19:27:03 +02:00
Adrien Destugues
895fa41e0b Make handling of Http Authentication thread safe
* Each BHttpAuthentication object is locked on all field accesses,
* They are owned by the BUrlContext and never deleted, so there is no
need for reference-counting them,
* The BUrlContext itself is now reference counted, and all BUrlRequests
hold a reference to it.

This makes sure using the BHttpAuthentication objects from requests is
thread-safe.
2014-06-11 14:11:01 +02:00
Adrien Destugues
463ffbfde4 First steps towards cookie jar thread-safety
* Change the semantics of the iterators copy constructor and assignment
operator: they now return a new iterator for the same cookie jar (and
same url for the UrlIterator). They don't try to point to the same
position as the copied iterator. The only purpose of these is to write
code such as:

Iterator it = jar.GetIterator();

so having a full copy isn't that useful.

* The per-domain cookie lists are now protected with a read-write lock.
The iterators retain a read lock while they are handling cookies from
that list. They get a write lock when doing Remove. Adding a cookie to
the jar also gets the write lock for the matching list

* Fix a memory leak when adding a new domain-list to the jar failed

* Simplify the declaration of the PrivateHashMap type (it would be
even simpler if HashMap was a public API)

* The domain hashmap is now a SynchronizedHashMap. It is locked as long
as an Iterator or UrlIterator exists, which may be a problem as these
are public APIs. Writing safe iterators for an hashmap with concurrent
accesses is not easy, so the API could be modified to return a list of
domains and a list of cookies for a given domain or URL instead. This
would suit the intended uses just as well.

* The jar now store const cookies, so there is no need to lock them for
access/modification. Updating a cookie is done by replacing it with
another one in the jar (with the same domain and value). There is still
the problem of deleting a cookie while other threads may still access
it, this will be fixed by making cookies BReferenceable.
2014-06-11 12:59:33 +02:00
Adrien Destugues
1cbab031fd More relaxing of cookie-setting rules
* Allow non-secure page to set (but not read) secure cookies
* Allow pages to set cookies for subdomains (but not access them)
2014-06-09 11:17:49 +02:00
Adrien Destugues
7f1f341e5f Forgot to commit changes to the header. 2014-06-06 19:11:03 +02:00
Stephan Aßmus
3df9235571 HttpRequest.h: Fixed some formatting 2014-06-06 00:23:48 +02:00
Stephan Aßmus
cb1a99c5f0 HttpHeaders: Small code refactorings
Also check BList::Add() for success when adding a BHttpHeader.
2014-06-06 00:23:47 +02:00
Adrien Destugues
cd805f6793 Remove some redundant fields
These were getting out of sync and causing trouble, and they are easy to
compute from existing information.

Fixes some problems detected by the testsuite where the user/password or
the host would sometime disappear from the URL.
2014-06-04 11:56:23 +02:00
Adrien Destugues
cfc4b62367 Network Kit: Prepare for HTTP range requests
* The DataReceived hook gets a position argument, making it possible for
listeners to handle out-of-order data (from two range requests at
different positions, for example)
* Adjust HaikuDepot (only user of the API in our sources)
* Add a copy constructor to HTTPRequest that copies the relevant
parameters from an existing request. Makes it easy to repeat a request
with a different range. Could be useful for restarting downloads, or
paralellizing them.
* Add SetRangeStart, SetRangeEnd calls to HTTPRequest, no implementation
yet. I'm putting all the API changes in this commit as it needs to be
synced with a matching haikuwebkit release.
* All archs must update to HaikuWebkit 1.3.0. Previous versions are
broken by this.
2014-04-12 08:57:26 +02:00
Julian Harnath
d10ecc2c41 Style fix: add parameter name
* As pointed out by Axel.
2014-02-22 13:51:55 +00:00
Julian Harnath
dad49763d8 Disallow copy-construction of BCertificate.
* Prevents accidential creation of multiple instances with
  ownership of same fPrivate.
2014-02-22 13:51:52 +00:00
Julian Harnath
c99d7ea45c Fix double-free crash in BSecureSocket when cert. verification fails
* BSecureSocket::CertificateVerificationFailed() took a BCertificate
  instance by value as parameter.
  BCertificate deletes internal data in its destructor. Passing an
  object by value creates a copy, so the copy attempted to delete
  the internal data again during its destruction.
  This caused mail_daemon to crash here when it came across a failed
  certificate.

* Fix: pass BCertificate object as reference.
2014-02-22 02:09:55 +00:00
Adrien Destugues
67af469ef0 Fix time_t/bigtime_t mixup.
Thanks stippi for noticing!
2014-01-16 09:41:01 +01:00
Adrien Destugues
5ebdc79955 SecureSocket: add some certificate support
* Instead of creating an OpenSSL context ofor each socket, use a global
one and initialize it lazily when the first SecureSocket is created
* Load the certificates from our certificate list so SSL certificates
sent by servers can be validated.
* Add a callback for signalling that certificate validation failed, the
default implementation proceeds with the connection anyway (to keep the
old behavior).
* Introduce BCertificate class, that provides some information about a
certificate. Currently it's only used by the callback mentionned above,
but it will be possible to get the leaf certificate for the connection
after it's established.

Review of the API and implementation is welcome, before I start making
use of this in HttpRequest and WebKit to allow the user to accept new
certificates.
2014-01-15 17:45:21 +01:00
Adrien Destugues
3d864cd870 Remove B_PROT_* and related code
Use standard error codes instead.
This allows using error code returned by the underlying functions
directly, and makes it possible to use strerror for debugging. So, we
can also remove StatusString() from the various *Request classes.
2014-01-13 08:05:32 +01:00
Adrien Destugues
5b53e2e516 HttpRequest: close the connection on Stop()
When calling Stop(), we expect the request thread to exit as soon as
possible. Closing the connection unlocks it from any blocking read() or
write(), avoiding some lockup situations.
2014-01-02 08:38:03 +01:00
Adrien Destugues
824dd0a834 Reintroduce BUrlResult and add BDataRequest
* BUrlResult is back, with ContentType and Length methods.
* BHttpResult subclasses it and use HTTP header fields to implement
those
* Introduce BDataRequest for "data" URIs. These embed the data inside
the URI, either as plaintext or base64 encoded.
2013-12-11 17:29:25 +01:00
Adrien Destugues
509755e136 HttpRequest: remove fOutputBuffer
We can send the data directly to the output socket instead of copying it
into a BString first, at the cost of very slightly less information in
debug output.
2013-11-26 10:21:57 +01:00
Michael Lotz
dcc56bf748 BNetEndpoint: Fix socket leak and reduce Accept() overhead.
When using the copy constructor of BNetEndpoint the socket of the
original endpoint gets dup'ed. The Accept() method later directly reset
the fSocket member of the newly created BNetEndpoint to the socket
returned by accept(). The socket dup'ed by the copy constructor was
therefore leaked.

Of course dup'ing the socket and copying the local and remote addresses
is superfluous in the accept case, as these members all get set to new
values. To reduce that overhead there is now a new private constructor
that directly gets the final socket and remote and local address.
2013-11-24 22:36:29 +01:00
Stefano Ceccherini
41d4206692 Added family parameter to the GetRoutes() API.
Moved common code to a private file.
2013-11-18 10:13:26 +01:00
Stefano Ceccherini
905f910e53 Network route API: Second try (WIP).
Implement BNetworkRoster::GetRoutes() and BNetworkInterface::GetRoutes().
Also implement BNetworkInterface::GetDefaultGateway().
There is code duplication at the moment, and the api only supports IPV4.
2013-11-16 13:29:32 +01:00
Stefano Ceccherini
0074cea398 Implement BNetworkRoster::GetNextRoute()
Implement BNetworkRoster::GetNextRoute() and used it in Network preflet.
2013-11-15 21:59:28 +01:00
Adrien Destugues
564e256649 Various fixes to Services Kit
* Remove useless dummy protocol loop in UrlRequest
 * Stop HTTP requests before deleting the socket and other things the
loop may still be using
 * Deletion of items from the authentication map wasn't working
 * Remove some debug traces
2013-11-15 16:32:18 +01:00
John Scipione
c2c1ce1dc5 Style fixes to HttpRequest 2013-11-04 20:16:26 -05:00
John Scipione
f1e63b05cb Style fixes to HttpForm 2013-11-04 20:16:05 -05:00
Adrien Destugues
9ce2f7e386 Improve HTTP authentication support.
The authentication state is stored (in a hash map, using the domain+path
as a key) in the UrlContext class. It can then be reused for multiple
requests to the same place. We also lookup stored authentications for
parent directories and stop at the first we find.

Authentication state is not stored on disk (unlike cookies), and there
can only be one for each domain+path.
2013-10-28 17:29:20 +01:00
Adrien Destugues
b7617ddd68 Network Cookie Jar: implement assignment operator.
This change is needed for implementing cookie persistence in Web+ using
the network kit backend.

The current implementation requires the user to unarchive the cookie
jar, then hand it over to the BUrlContext which will copy it to its own
field. This makes the code simpler, but maybe doing a complete copy
(with all the cookies) is an heavy operation and could be avoided.
2013-10-28 17:29:19 +01:00
Adrien Destugues
c52c444c27 Add file: protocol handler. 2013-10-24 17:41:03 +02:00
Adrien Destugues
f6782201f0 Move UrlResult to HttpResult
* Remove the fRawData field, as handling it is too complicated (it's
not easy to have proper copy semantics on a BDataIO) and it's not used
anyway, as the listener DataReceived call is enough to get the data and
handle it.
 * All the remaining fields are HTTP-only, so rename the class to
HttpResult and attach it to HttpRequest instead of UrlRequest.
2013-10-24 17:41:02 +02:00
Adrien Destugues
b3d13a000c Network Kit: Coverity scan review and fixes
CID 1108353, 1108335: memory leak.
CID 610473: unused variable.
CID 1108446, 1108433, 1108432, 1108419, 1108400, 991710, 991713, 991712,
	610098, 610097, 610096, 610095: uninitialized field
CID 1108421: unused field

Change the ownership of the result for Url/HttpRequests. The request now
owns its result and you either access it by reference while the request
is live, or copy it to keep it after the request destruction. To help
with that, get BUrlResult copy constructor and assignment operator to
work.

Performance issue: copying the BUrlResult also copies the underlying
BMallocIO data. This should be shared between the BUrlResult objects to
make the copy lighter. The case of BUrlSynchronousRequest is now
particularly inefficient, with at least 2 copies needed to get at the
result.
2013-10-21 09:21:00 +02:00
Adrien Destugues
25b034e99c HttpRequest: docs and memory management fixes
* Now takes ownership of headers, form data and input data
 * Split Set* and Adopt* methods to help with proper use of this (Set
does a copy)
 * Write documentation.
2013-10-17 14:24:20 +02:00
Adrien Destugues
ced0e0be04 BUrl: use a regex to parse URLs
* The RFC provide a regular expression for URI parsing, so just use it.
 * Allows parsing URIs with missing components (no scheme or authority)
 * This allows to parse relative URLs as expected
 * Can also handle things such as data: or mailto:
 * Also more fixes to handling of incomplete URIs, some flags weren't
always set to the right values.

This gets Windows Live Mail (or is it called Outlook?) working, with
some other fixes on WebKit side.
2013-10-16 21:01:43 +02:00
Adrien Destugues
400153ebf5 BUrl: parse URLs using a regular expression.
* RFC3986 provides the regexp to parse URIs properly
 * Code is simpler and safer
 * Avoids an infinite loop when trying to parse some data: URIs
2013-10-16 13:51:54 +02:00
Adrien Destugues
7696f7dd54 HttpRequest: allow custom http methods
* The W3C XmlHttpRequest testsuite likes to use "CHICKEN" as a method.
 * Also add constants for all specified methods in HTTP 1.1.
2013-10-15 14:43:09 +02:00
Adrien Destugues
f6f14c5d1c Make BUrlProtocolAsynchronousListener inherit BUrlProtocolListener
* With so long class names, there's no way I'm going to follow the 64
char limit on commit headlines.
 * The class share the same API, so having them separate is not very
useful.
 * This makes it possible to use the same listener in either synchronous
or asycnhronous mode (or both, for different requests)
2013-10-15 10:16:33 +02:00
Adrien Destugues
c9d31eeed6 More cookie fixes
* Add some error handling in NetworkCookie and don't add broken cookies
(or should I say crumbs?) to the cookie jar
 * More control on the path and domain, as well as the expiration time

We now pass Opera cookie testsuite functionality tests, as well as some
of the negative tests (we even do better than curl). Not going further
right now as this works well enough for positive cases and most
security/privacy issues are fixed (cross domain and cross path cookie
setting or spying).
2013-10-14 15:21:51 +02:00
Adrien Destugues
a5ac24f00c BUrl: add a Redirect method
* This takes a relative path as a parameter, and modifies the object to
point to the given location.
 * '..' is not handled yet, and will be sent as-is to the server.
 * Makes it possible to follow more types of 302 redirects

In particular, I can now run the tests from Opera's testsuite
(testsuite.opera.com), which shows I have more work to do on cookie
handling.
2013-10-11 08:32:25 +02:00
Adrien Destugues
8ca6eeb77c HttpRequest: missing fields initializations
* Some fields weren't initialized, leading to random crashes later on
 * Remove the enum that was used for protocol options
 * Use a single field to track the request state, instead of separate
booleans.
2013-10-09 15:46:10 +02:00
Adrien Destugues
780967d8ac Cleanup and fix cookies handling
* The cookie jar iterator now use a BObjectList instead of a BList
 * Add a convenience method to the cookie jar to add a cookie by BUrl
and raw cookie string.
 * Remove some methods in BNetworkCookie that could lead to invalid
cookies (cross-domain or with no domain at all).
 * Make the cookie parsing able to report errors
 * Fix off-by-one error in domain cookies validation.
2013-10-09 12:08:46 +02:00
Adrien Destugues
afd547b368 Refactor UrlRequest/UrlProtocol in the Service Kit
* Remove the BUrlRequest class, which was only delegating work to
BUrlProtocol and subclasses
 * Rename BUrlProtocol to BUrlRequest, and BUrlRequestHttp to BHttpRequest
 * Creating a request is now done through the BUrlProtocolRoster. For
now there is just a static MakeRequest method, this will be completed
when we get to actually allowing add-ons to provide different request
handlers.

This allows cleanup of the API for requests:
 * Remove the universal SetOption method with constants, and have
dedicated setters for each protocol option.
 * Setters can now have multiple parameters, for example you can give
BHTTPRequest a BDataIO and a known size
 * In this case, the BHttpRequest will not use HTTP chunked transfers,
which were always used before and made most servers unhappy (tested and
failed with lighttpd, google accounts and github).
2013-10-08 11:42:05 +02:00
Adrien Destugues
49e7165f9d Use ssize_t to allow returning a negative error code 2013-10-04 16:57:02 +02:00
Adrien Destugues
2ec188b903 Fix thread safety issue in chunked http transfers.
* The use of a static variable for storing the chunk size made it shared between all instances of BUrlProtoclHttp.
* Inline the function at the single place where it is used, and allocate the variable on the stack instead.

The whole receiving loop should be split into chunked and non-chunked variants to improve code readability.
2013-08-27 20:36:29 +02:00
Alexander von Gluck IV
ae4da1002b netserver: Add EAP defines for WPA enterprise
* Working towards #8850
2013-07-17 20:16:49 -05:00
Hamish Morrison
2675e31a0c BUrlRequest: fix various issues
* Remove unused headers interface from BUrlProtocol
* Change confusing function names
* Style fixes and whitespace cleanup
2013-02-10 20:46:24 +00:00
Hamish Morrison
64a1f5a020 NetworkCookieJar: various small fixes and updated tests 2013-02-09 17:10:10 +00:00
Hamish Morrison
c8bc218363 NetworkCookie: fix domain/path matching, and validity checks 2013-02-09 17:10:05 +00:00
Hamish Morrison
33462ef54a NetworkCookie: bring SetCookie parsing in line with RFC 6265 2013-02-09 17:09:53 +00:00
Hamish Morrison
2db5d2bc95 NetworkCookie: remove unused cookie attributes and add HttpOnly 2013-02-09 16:09:34 +00:00
Hamish Morrison
05f42aaba4 NetworkCookie: set the default path according to RFC 6265 2013-02-09 16:02:15 +00:00
Niels Sascha Reedijk
f00edeb7e3 Automatically pick port 443 for HTTPS 2013-02-07 18:06:45 +00:00