Skip to content

G
git2
Commit b9c5b15a by Edward Thomson
Options

http: use the new httpclient 

Untangle the notion of the http transport from the actual http
implementation.  The http transport now uses the httpclient.
parent bf55facf
Showing with 442 additions and 1409 deletions
src/transports/http.c
......@@ -22,406 +22,82 @@
#include "http.h"
#include "auth_negotiate.h"
#include "auth_ntlm.h"
#include "trace.h"
#include "streams/tls.h"
#include "streams/socket.h"
#include "httpclient.h"
bool git_http__expect_continue = false;
git_http_auth_scheme auth_schemes[] = {
{ GIT_HTTP_AUTH_NEGOTIATE, "Negotiate", GIT_CREDTYPE_DEFAULT, git_http_auth_negotiate },
{ GIT_HTTP_AUTH_NTLM, "NTLM", GIT_CREDTYPE_USERPASS_PLAINTEXT, git_http_auth_ntlm },
{ GIT_HTTP_AUTH_BASIC, "Basic", GIT_CREDTYPE_USERPASS_PLAINTEXT, git_http_auth_basic },
};
static const char *upload_pack_service = "upload-pack";
static const char *upload_pack_ls_service_url = "/info/refs?service=git-upload-pack";
static const char *upload_pack_service_url = "/git-upload-pack";
static const char *receive_pack_service = "receive-pack";
static const char *receive_pack_ls_service_url = "/info/refs?service=git-receive-pack";
static const char *receive_pack_service_url = "/git-receive-pack";
static const char *get_verb = "GET";
static const char *post_verb = "POST";
#define AUTH_HEADER_SERVER "Authorization"
#define AUTH_HEADER_PROXY "Proxy-Authorization"
#define SERVER_TYPE_REMOTE "remote"
#define SERVER_TYPE_PROXY "proxy"
typedef enum {
HTTP_STATE_NONE = 0,
HTTP_STATE_SENDING_REQUEST,
HTTP_STATE_RECEIVING_RESPONSE,
HTTP_STATE_DONE
} http_state;
#define OWNING_SUBTRANSPORT(s) ((http_subtransport *)(s)->parent.subtransport)
#define PARSE_ERROR_GENERIC -1
#define PARSE_ERROR_REPLAY -2
/** Look at the user field */
#define PARSE_ERROR_EXT -3
#define CHUNK_SIZE 4096
enum last_cb {
NONE,
FIELD,
VALUE
};
typedef struct {
git_http_method method;
const char *url;
const char *request_type;
const char *response_type;
unsigned chunked : 1;
} http_service;
typedef struct {
git_smart_subtransport_stream parent;
const char *service;
const char *service_url;
char *redirect_url;
const char *verb;
char *chunk_buffer;
unsigned chunk_buffer_len;
unsigned sent_request : 1,
received_response : 1,
chunked : 1;
const http_service *service;
http_state state;
unsigned replay_count;
} http_stream;
typedef struct {
git_net_url url;
git_stream *stream;
git_http_auth_t authtypes;
git_credtype_t credtypes;
git_cred *cred;
unsigned url_cred_presented : 1,
authenticated : 1;
git_http_authtype_t prior_authtype;
git_vector auth_challenges;
git_http_auth_context *auth_context;
unsigned auth_schemetypes;
unsigned url_cred_presented : 1;
} http_server;
typedef struct {
git_smart_subtransport parent;
transport_smart *owner;
git_stream *gitserver_stream;
bool connected;
http_server server;
http_server proxy;
char *proxy_url;
git_proxy_options proxy_opts;
/* Parser structures */
http_parser parser;
http_parser_settings settings;
gitno_buffer parse_buffer;
git_buf parse_header_name;
git_buf parse_header_value;
char parse_buffer_data[NETIO_BUFSIZE];
char *content_type;
char *content_length;
char *location;
enum last_cb last_cb;
int parse_error;
int error;
unsigned request_count;
unsigned parse_finished : 1,
keepalive : 1,
replay_count : 4;
} http_subtransport;
typedef struct {
http_stream *s;
http_subtransport *t;
/* Target buffer details from read() */
char *buffer;
size_t buf_size;
size_t *bytes_read;
} parser_context;
static git_http_auth_scheme *scheme_for_challenge(
const char *challenge,
git_cred *cred)
{
git_http_auth_scheme *scheme = NULL;
size_t i;
for (i = 0; i < ARRAY_SIZE(auth_schemes); i++) {
const char *scheme_name = auth_schemes[i].name;
const git_credtype_t scheme_types = auth_schemes[i].credtypes;
size_t scheme_len;
scheme_len = strlen(scheme_name);
if ((!cred || (cred->credtype & scheme_types)) &&
strncasecmp(challenge, scheme_name, scheme_len) == 0 &&
(challenge[scheme_len] == '\0' || challenge[scheme_len] == ' ')) {
scheme = &auth_schemes[i];
break;
}
}
return scheme;
}
static int apply_credentials(
git_buf *buf,
http_server *server,
const char *header_name)
{
git_buf token = GIT_BUF_INIT;
int error = 0;
if (!server->auth_context)
goto done;
if ((error = server->auth_context->next_token(&token, server->auth_context, server->cred)) < 0)
goto done;
error = git_buf_printf(buf, "%s: %s\r\n", header_name, token.ptr);
done:
git_buf_dispose(&token);
return error;
}
static int gen_request(
git_buf *buf,
http_stream *s,
size_t content_length)
{
http_subtransport *t = OWNING_SUBTRANSPORT(s);
const char *path = t->server.url.path ? t->server.url.path : "/";
const char *service_url = s->service_url;
size_t i;
/* If path already ends in /, remove the leading slash from service_url */
if ((git__suffixcmp(path, "/") == 0) && (git__prefixcmp(service_url, "/") == 0))
service_url++;
if (t->proxy_opts.type == GIT_PROXY_SPECIFIED)
git_buf_printf(buf, "%s %s://%s:%s%s%s HTTP/1.1\r\n",
s->verb,
t->server.url.scheme,
t->server.url.host,
t->server.url.port,
path, service_url);
else
git_buf_printf(buf, "%s %s%s HTTP/1.1\r\n",
s->verb, path, service_url);
git_buf_puts(buf, "User-Agent: ");
git_http__user_agent(buf);
git_buf_puts(buf, "\r\n");
git_buf_printf(buf, "Host: %s", t->server.url.host);
if (!git_net_url_is_default_port(&t->server.url))
git_buf_printf(buf, ":%s", t->server.url.port);
git_buf_puts(buf, "\r\n");
if (s->chunked || content_length > 0) {
git_buf_printf(buf, "Accept: application/x-git-%s-result\r\n", s->service);
git_buf_printf(buf, "Content-Type: application/x-git-%s-request\r\n", s->service);
if (s->chunked)
git_buf_puts(buf, "Transfer-Encoding: chunked\r\n");
else
git_buf_printf(buf, "Content-Length: %"PRIuZ "\r\n", content_length);
} else
git_buf_puts(buf, "Accept: */*\r\n");
for (i = 0; i < t->owner->custom_headers.count; i++) {
if (t->owner->custom_headers.strings[i])
git_buf_printf(buf, "%s\r\n", t->owner->custom_headers.strings[i]);
}
/* Apply proxy and server credentials to the request */
if (t->proxy_opts.type != GIT_PROXY_NONE &&
apply_credentials(buf, &t->proxy, AUTH_HEADER_PROXY) < 0)
return -1;
if (apply_credentials(buf, &t->server, AUTH_HEADER_SERVER) < 0)
return -1;
git_buf_puts(buf, "\r\n");
if (git_buf_oom(buf))
return -1;
return 0;
}
static int set_authentication_challenge(http_server *server)
{
const char *challenge;
if (git_vector_length(&server->auth_challenges) > 1) {
git_error_set(GIT_ERROR_NET, "received multiple authentication challenges");
return -1;
}
challenge = git_vector_get(&server->auth_challenges, 0);
if (server->auth_context->set_challenge)
return server->auth_context->set_challenge(server->auth_context, challenge);
else
return 0;
}
static int set_authentication_types(http_server *server)
{
git_http_auth_scheme *scheme;
char *challenge;
size_t i;
git_vector_foreach(&server->auth_challenges, i, challenge) {
if ((scheme = scheme_for_challenge(challenge, NULL)) != NULL) {
server->authtypes |= scheme->type;
server->credtypes |= scheme->credtypes;
}
}
return 0;
}
static bool auth_context_complete(http_server *server)
{
/* If there's no is_complete function, we're always complete */
if (!server->auth_context->is_complete)
return true;
if (server->auth_context->is_complete(server->auth_context))
return true;
return false;
}
static void free_auth_context(http_server *server)
{
if (!server->auth_context)
return;
if (server->auth_context->free)
server->auth_context->free(server->auth_context);
server->auth_context = NULL;
}
static int parse_authenticate_response(http_server *server)
{
/*
* If we think that we've completed authentication (ie, we've either
* sent a basic credential or we've sent the NTLM/Negotiate response)
* but we've got an authentication request from the server then our
* last authentication did not succeed. Start over.
*/
if (server->auth_context && auth_context_complete(server)) {
free_auth_context(server);
server->authenticated = 0;
}
/*
* If we've begun authentication, give the challenge to the context.
* Otherwise, set up the types to prepare credentials.
*/
if (git_vector_length(&server->auth_challenges) == 0)
return 0;
else if (server->auth_context)
return set_authentication_challenge(server);
else
return set_authentication_types(server);
}
static int on_header_ready(http_subtransport *t)
{
git_buf *name = &t->parse_header_name;
git_buf *value = &t->parse_header_value;
if (!strcasecmp("Content-Type", git_buf_cstr(name))) {
if (t->content_type) {
git_error_set(GIT_ERROR_NET, "multiple Content-Type headers");
return -1;
}
t->content_type = git__strdup(git_buf_cstr(value));
GIT_ERROR_CHECK_ALLOC(t->content_type);
}
else if (!strcasecmp("Content-Length", git_buf_cstr(name))) {
if (t->content_length) {
git_error_set(GIT_ERROR_NET, "multiple Content-Length headers");
return -1;
}
t->content_length = git__strdup(git_buf_cstr(value));
GIT_ERROR_CHECK_ALLOC(t->content_length);
}
else if (!strcasecmp("Proxy-Authenticate", git_buf_cstr(name))) {
char *dup = git__strdup(git_buf_cstr(value));
GIT_ERROR_CHECK_ALLOC(dup);
if (git_vector_insert(&t->proxy.auth_challenges, dup) < 0)
return -1;
}
else if (!strcasecmp("WWW-Authenticate", git_buf_cstr(name))) {
char *dup = git__strdup(git_buf_cstr(value));
GIT_ERROR_CHECK_ALLOC(dup);
if (git_vector_insert(&t->server.auth_challenges, dup) < 0)
return -1;
}
else if (!strcasecmp("Location", git_buf_cstr(name))) {
if (t->location) {
git_error_set(GIT_ERROR_NET, "multiple Location headers");
return -1;
}
t->location = git__strdup(git_buf_cstr(value));
GIT_ERROR_CHECK_ALLOC(t->location);
}
return 0;
}
static int on_header_field(http_parser *parser, const char *str, size_t len)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
/* Both parse_header_name and parse_header_value are populated
* and ready for consumption */
if (VALUE == t->last_cb)
if (on_header_ready(t) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
if (NONE == t->last_cb || VALUE == t->last_cb)
git_buf_clear(&t->parse_header_name);
if (git_buf_put(&t->parse_header_name, str, len) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
t->last_cb = FIELD;
return 0;
}
static int on_header_value(http_parser *parser, const char *str, size_t len)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
assert(NONE != t->last_cb);
if (FIELD == t->last_cb)
git_buf_clear(&t->parse_header_value);
git_http_client *http_client;
} http_subtransport;
if (git_buf_put(&t->parse_header_value, str, len) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
static const http_service upload_pack_ls_service = {
GIT_HTTP_METHOD_GET, "/info/refs?service=git-upload-pack",
NULL,
"application/x-git-upload-pack-advertisement",
0
};
static const http_service upload_pack_service = {
GIT_HTTP_METHOD_POST, "/git-upload-pack",
"application/x-git-upload-pack-request",
"application/x-git-upload-pack-result",
0
};
static const http_service receive_pack_ls_service = {
GIT_HTTP_METHOD_GET, "/info/refs?service=git-receive-pack",
NULL,
"application/x-git-receive-pack-advertisement",
0
};
static const http_service receive_pack_service = {
GIT_HTTP_METHOD_POST, "/git-receive-pack",
"application/x-git-receive-pack-request",
"application/x-git-receive-pack-result",
1
};
t->last_cb = VALUE;
return 0;
}
#define SERVER_TYPE_REMOTE "remote"
#define SERVER_TYPE_PROXY "proxy"
GIT_INLINE(void) free_cred(git_cred **cred)
{
if (*cred) {
git_cred_free(*cred);
(*cred) = NULL;
}
}
#define OWNING_SUBTRANSPORT(s) ((http_subtransport *)(s)->parent.subtransport)
static int apply_url_credentials(
git_cred **cred,
......@@ -433,1101 +109,471 @@ static int apply_url_credentials(
return git_cred_userpass_plaintext_new(cred, username, password);
if ((allowed_types & GIT_CREDTYPE_DEFAULT) && *username == '\0' && *password == '\0')
return git_cred_default_new(cred);
return GIT_PASSTHROUGH;
}
static int init_auth(http_server *server)
{
git_http_auth_scheme *s, *scheme = NULL;
char *c, *challenge = NULL;
size_t i;
int error;
git_vector_foreach(&server->auth_challenges, i, c) {
s = scheme_for_challenge(c, server->cred);
if (s && !!(s->credtypes & server->credtypes)) {
scheme = s;
challenge = c;
break;
}
}
if (!scheme) {
git_error_set(GIT_ERROR_NET, "no authentication mechanism could be negotiated");
return -1;
}
if ((error = scheme->init_context(&server->auth_context, &server->url)) == GIT_PASSTHROUGH)
return 0;
else if (error < 0)
return error;
if (server->auth_context->set_challenge &&
(error = server->auth_context->set_challenge(server->auth_context, challenge)) < 0)
return error;
return 0;
}
static int on_auth_required(
http_parser *parser,
http_server *server,
const char *url,
const char *type,
git_cred_acquire_cb callback,
void *callback_payload)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
int error = 1;
if (parse_authenticate_response(server) < 0) {
t->parse_error = PARSE_ERROR_GENERIC;
return t->parse_error;
}
/* If we're in the middle of challenge/response auth, continue */
if (parser->status_code == 407 || parser->status_code == 401) {
if (server->auth_context && !auth_context_complete(server)) {
t->parse_error = PARSE_ERROR_REPLAY;
return 0;
}
}
/* Enforce a reasonable cap on the number of replays */
if (t->replay_count++ >= GIT_HTTP_REPLAY_MAX) {
git_error_set(GIT_ERROR_NET, "too many redirects or authentication replays");
return t->parse_error = PARSE_ERROR_GENERIC;
}
if (!server->credtypes) {
git_error_set(GIT_ERROR_NET, "%s requested authentication but did not negotiate mechanisms", type);
t->parse_error = PARSE_ERROR_GENERIC;
return t->parse_error;
}
free_auth_context(server);
free_cred(&server->cred);
/* Start with URL-specified credentials, if there were any. */
if (!server->url_cred_presented && server->url.username && server->url.password) {
error = apply_url_credentials(&server->cred, server->credtypes, server->url.username, server->url.password);
server->url_cred_presented = 1;
if (error == GIT_PASSTHROUGH) {
/* treat GIT_PASSTHROUGH as if callback isn't set */
error = 1;
}
}
if (error > 0 && callback) {
error = callback(&server->cred, url, server->url.username, server->credtypes, callback_payload);
if (error == GIT_PASSTHROUGH) {
/* treat GIT_PASSTHROUGH as if callback isn't set */
error = 1;
}
}
if (error > 0) {
git_error_set(GIT_ERROR_NET, "%s authentication required but no callback set",
type);
t->parse_error = PARSE_ERROR_GENERIC;
return t->parse_error;
} else if (error < 0) {
t->error = error;
t->parse_error = PARSE_ERROR_EXT;
return t->parse_error;
}
assert(server->cred);
if (!(server->cred->credtype & server->credtypes)) {
git_error_set(GIT_ERROR_NET, "%s credential provider returned an invalid cred type", type);
t->parse_error = PARSE_ERROR_GENERIC;
return t->parse_error;
}
/* Successfully acquired a credential. Start an auth context. */
if (init_auth(server) < 0) {
t->parse_error = PARSE_ERROR_GENERIC;
return t->parse_error;
}
t->parse_error = PARSE_ERROR_REPLAY;
return 0;
}
static void on_auth_success(http_server *server)
{
server->url_cred_presented = 0;
server->authenticated = 1;
}
static int on_headers_complete(http_parser *parser)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
http_stream *s = ctx->s;
git_buf buf = GIT_BUF_INIT;
/* Both parse_header_name and parse_header_value are populated
* and ready for consumption. */
if (t->last_cb == VALUE && on_header_ready(t) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
/* Check for a proxy authentication failure. */
if (parser->status_code == 407 && get_verb == s->verb)
return on_auth_required(
parser,
&t->proxy,
t->proxy_opts.url,
SERVER_TYPE_PROXY,
t->proxy_opts.credentials,
t->proxy_opts.payload);
else
on_auth_success(&t->proxy);
/* Check for an authentication failure. */
if (parser->status_code == 401 && get_verb == s->verb)
return on_auth_required(
parser,
&t->server,
t->owner->url,
SERVER_TYPE_REMOTE,
t->owner->cred_acquire_cb,
t->owner->cred_acquire_payload);
else
on_auth_success(&t->server);
/* Check for a redirect.
* Right now we only permit a redirect to the same hostname. */
if ((parser->status_code == 301 ||
parser->status_code == 302 ||
(parser->status_code == 303 && get_verb == s->verb) ||
parser->status_code == 307 ||
parser->status_code == 308) &&
t->location) {
if (git_net_url_apply_redirect(&t->server.url, t->location, s->service_url) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
t->connected = 0;
t->parse_error = PARSE_ERROR_REPLAY;
return 0;
}
/* Check for a 200 HTTP status code. */
if (parser->status_code != 200) {
git_error_set(GIT_ERROR_NET,
"unexpected HTTP status code: %d",
parser->status_code);
return t->parse_error = PARSE_ERROR_GENERIC;
}
/* The response must contain a Content-Type header. */
if (!t->content_type) {
git_error_set(GIT_ERROR_NET, "no Content-Type header in response");
return t->parse_error = PARSE_ERROR_GENERIC;
}
/* The Content-Type header must match our expectation. */
if (get_verb == s->verb)
git_buf_printf(&buf,
"application/x-git-%s-advertisement",
ctx->s->service);
else
git_buf_printf(&buf,
"application/x-git-%s-result",
ctx->s->service);
if (git_buf_oom(&buf))
return t->parse_error = PARSE_ERROR_GENERIC;
if (strcmp(t->content_type, git_buf_cstr(&buf))) {
git_buf_dispose(&buf);
git_error_set(GIT_ERROR_NET,
"invalid Content-Type: %s",
t->content_type);
return t->parse_error = PARSE_ERROR_GENERIC;
}
git_buf_dispose(&buf);
return 0;
}
static int on_message_complete(http_parser *parser)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
t->parse_finished = 1;
t->keepalive = http_should_keep_alive(parser);
return 0;
}
static int on_body_fill_buffer(http_parser *parser, const char *str, size_t len)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
/* If there's no buffer set, we're explicitly ignoring the body. */
if (ctx->buffer) {
if (ctx->buf_size < len) {
git_error_set(GIT_ERROR_NET, "can't fit data in the buffer");
return t->parse_error = PARSE_ERROR_GENERIC;
}
memcpy(ctx->buffer, str, len);
ctx->buffer += len;
ctx->buf_size -= len;
}
*(ctx->bytes_read) += len;
return 0;
}
static void clear_parser_state(http_subtransport *t)
{
http_parser_init(&t->parser, HTTP_RESPONSE);
gitno_buffer_setup_fromstream(t->server.stream,
&t->parse_buffer,
t->parse_buffer_data,
sizeof(t->parse_buffer_data));
t->last_cb = NONE;
t->parse_error = 0;
t->parse_finished = 0;
t->keepalive = 0;
git_buf_dispose(&t->parse_header_name);
git_buf_init(&t->parse_header_name, 0);
git_buf_dispose(&t->parse_header_value);
git_buf_init(&t->parse_header_value, 0);
git__free(t->content_type);
t->content_type = NULL;
git__free(t->content_length);
t->content_length = NULL;
git__free(t->location);
t->location = NULL;
git_vector_free_deep(&t->proxy.auth_challenges);
git_vector_free_deep(&t->server.auth_challenges);
}
static int write_chunk(git_stream *io, const char *buffer, size_t len)
{
git_buf buf = GIT_BUF_INIT;
/* Chunk header */
git_buf_printf(&buf, "%" PRIxZ "\r\n", len);
if (git_buf_oom(&buf))
return -1;
if (git_stream__write_full(io, buf.ptr, buf.size, 0) < 0) {
git_buf_dispose(&buf);
return -1;
}
git_buf_dispose(&buf);
/* Chunk body */
if (len > 0 && git_stream__write_full(io, buffer, len, 0) < 0)
return -1;
/* Chunk footer */
if (git_stream__write_full(io, "\r\n", 2, 0) < 0)
return -1;
return 0;
}
static int load_proxy_config(http_subtransport *t)
{
int error;
switch (t->owner->proxy.type) {
case GIT_PROXY_NONE:
return 0;
case GIT_PROXY_AUTO:
git__free(t->proxy_url);
t->proxy_url = NULL;
git_proxy_options_init(&t->proxy_opts, GIT_PROXY_OPTIONS_VERSION);
if ((error = git_remote__get_http_proxy(t->owner->owner,
!strcmp(t->server.url.scheme, "https"), &t->proxy_url)) < 0)
return error;
if (!t->proxy_url)
return 0;
t->proxy_opts.type = GIT_PROXY_SPECIFIED;
t->proxy_opts.url = t->proxy_url;
t->proxy_opts.credentials = t->owner->proxy.credentials;
t->proxy_opts.certificate_check = t->owner->proxy.certificate_check;
t->proxy_opts.payload = t->owner->proxy.payload;
break;
case GIT_PROXY_SPECIFIED:
memcpy(&t->proxy_opts, &t->owner->proxy, sizeof(git_proxy_options));
break;
default:
assert(0);
return -1;
}
git_net_url_dispose(&t->proxy.url);
return git_net_url_parse(&t->proxy.url, t->proxy_opts.url);
}
static int check_certificate(
git_stream *stream,
git_net_url *url,
int is_valid,
git_transport_certificate_check_cb cert_cb,
void *cert_cb_payload)
{
git_cert *cert;
git_error_state last_error = {0};
int error;
if ((error = git_stream_certificate(&cert, stream)) < 0)
return error;
git_error_state_capture(&last_error, GIT_ECERTIFICATE);
error = cert_cb(cert, is_valid, url->host, cert_cb_payload);
if (error == GIT_PASSTHROUGH && !is_valid)
return git_error_state_restore(&last_error);
else if (error == GIT_PASSTHROUGH)
error = 0;
else if (error && !git_error_last())
git_error_set(GIT_ERROR_NET, "user rejected certificate for %s", url->host);
git_error_state_free(&last_error);
return error;
}
static int stream_connect(
git_stream *stream,
git_net_url *url,
git_transport_certificate_check_cb cert_cb,
void *cb_payload)
{
int error;
GIT_ERROR_CHECK_VERSION(stream, GIT_STREAM_VERSION, "git_stream");
error = git_stream_connect(stream);
if (error && error != GIT_ECERTIFICATE)
return error;
if (git_stream_is_encrypted(stream) && cert_cb != NULL)
error = check_certificate(stream, url, !error, cert_cb, cb_payload);
return error;
}
static int gen_connect_req(git_buf *buf, http_subtransport *t)
{
git_buf_printf(buf, "CONNECT %s:%s HTTP/1.1\r\n",
t->server.url.host, t->server.url.port);
git_buf_puts(buf, "User-Agent: ");
git_http__user_agent(buf);
git_buf_puts(buf, "\r\n");
git_buf_printf(buf, "Host: %s\r\n", t->proxy.url.host);
if (apply_credentials(buf, &t->proxy, AUTH_HEADER_PROXY) < 0)
return -1;
git_buf_puts(buf, "\r\n");
return git_buf_oom(buf) ? -1 : 0;
}
static int proxy_headers_complete(http_parser *parser)
{
parser_context *ctx = (parser_context *) parser->data;
http_subtransport *t = ctx->t;
/* Both parse_header_name and parse_header_value are populated
* and ready for consumption. */
if (t->last_cb == VALUE && on_header_ready(t) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
/*
* Capture authentication headers for the proxy or final endpoint,
* these may be 407/401 (authentication is not complete) or a 200
* (informing us that auth has completed).
*/
if (parse_authenticate_response(&t->proxy) < 0)
return t->parse_error = PARSE_ERROR_GENERIC;
/* If we're in the middle of challenge/response auth, continue */
if (parser->status_code == 407) {
if (t->proxy.auth_context && !auth_context_complete(&t->proxy)) {
t->parse_error = PARSE_ERROR_REPLAY;
return 0;
}
}
/* Enforce a reasonable cap on the number of replays */
if (t->replay_count++ >= GIT_HTTP_REPLAY_MAX) {
git_error_set(GIT_ERROR_NET, "too many redirects or authentication replays");
return t->parse_error = PARSE_ERROR_GENERIC;
}
/* Check for a proxy authentication failure. */
if (parser->status_code == 407)
return on_auth_required(
parser,
&t->proxy,
t->proxy_opts.url,
SERVER_TYPE_PROXY,
t->proxy_opts.credentials,
t->proxy_opts.payload);
if (parser->status_code != 200) {
git_error_set(GIT_ERROR_NET, "unexpected status code from proxy: %d",
parser->status_code);
return t->parse_error = PARSE_ERROR_GENERIC;
}
if (!t->content_length || strcmp(t->content_length, "0") == 0)
t->parse_finished = 1;
return 0;
}
static int proxy_connect(
git_stream **out, git_stream *proxy_stream, http_subtransport *t)
{
git_buf request = GIT_BUF_INIT;
static http_parser_settings proxy_parser_settings = {0};
size_t bytes_read = 0, bytes_parsed;
parser_context ctx;
bool auth_replay;
int error;
/* Use the parser settings only to parser headers. */
proxy_parser_settings.on_header_field = on_header_field;
proxy_parser_settings.on_header_value = on_header_value;
proxy_parser_settings.on_headers_complete = proxy_headers_complete;
proxy_parser_settings.on_message_complete = on_message_complete;
replay:
clear_parser_state(t);
auth_replay = false;
gitno_buffer_setup_fromstream(proxy_stream,
&t->parse_buffer,
t->parse_buffer_data,
sizeof(t->parse_buffer_data));
if ((error = gen_connect_req(&request, t)) < 0)
goto done;
if ((error = git_stream__write_full(proxy_stream, request.ptr,
request.size, 0)) < 0)
goto done;
git_buf_dispose(&request);
while (!bytes_read && !t->parse_finished) {
t->parse_buffer.offset = 0;
if ((error = gitno_recv(&t->parse_buffer)) < 0) {
goto done;
} else if (error == 0 && t->request_count > 0) {
/* Server closed a keep-alive socket; reconnect. */
auth_replay = true;
goto done;
} else if (error == 0) {
git_error_set(GIT_ERROR_NET, "unexpected disconnection from server");
error = -1;
goto done;
}
/*
* This call to http_parser_execute will invoke the on_*
* callbacks. Since we don't care about the body of the response,
* we can set our buffer to NULL.
*/
ctx.t = t;
ctx.s = NULL;
ctx.buffer = NULL;
ctx.buf_size = 0;
ctx.bytes_read = &bytes_read;
return git_cred_default_new(cred);
/* Set the context, call the parser, then unset the context. */
t->parser.data = &ctx;
return GIT_PASSTHROUGH;
}
bytes_parsed = http_parser_execute(&t->parser,
&proxy_parser_settings, t->parse_buffer.data, t->parse_buffer.offset);
GIT_INLINE(void) free_cred(git_cred **cred)
{
if (*cred) {
git_cred_free(*cred);
(*cred) = NULL;
}
}
t->parser.data = NULL;
static int handle_auth(
http_server *server,
const char *server_type,
const char *url,
unsigned int allowed_schemetypes,
unsigned int allowed_credtypes,
git_cred_acquire_cb callback,
void *callback_payload)
{
int error = 1;
/* Ensure that we didn't get a redirect; unsupported. */
if (t->location) {
git_error_set(GIT_ERROR_NET, "proxy server sent unsupported redirect during CONNECT");
error = -1;
goto done;
}
if (server->cred)
free_cred(&server->cred);
/* Replay the request with authentication headers. */
if (PARSE_ERROR_REPLAY == t->parse_error) {
auth_replay = true;
} else if (t->parse_error < 0) {
error = t->parse_error == PARSE_ERROR_EXT ? PARSE_ERROR_EXT : -1;
goto done;
}
/* Start with URL-specified credentials, if there were any. */
if ((allowed_credtypes & GIT_CREDTYPE_USERPASS_PLAINTEXT) &&
!server->url_cred_presented &&
server->url.username &&
server->url.password) {
error = apply_url_credentials(&server->cred, allowed_credtypes, server->url.username, server->url.password);
server->url_cred_presented = 1;
if (bytes_parsed != t->parse_buffer.offset) {
git_error_set(GIT_ERROR_NET,
"HTTP parser error: %s",
http_errno_description((enum http_errno)t->parser.http_errno));
error = -1;
goto done;
}
/* treat GIT_PASSTHROUGH as if callback isn't set */
if (error == GIT_PASSTHROUGH)
error = 1;
}
t->request_count++;
if (auth_replay) {
if (t->keepalive && t->parse_finished)
goto replay;
if (error > 0 && callback) {
error = callback(&server->cred, url, server->url.username, allowed_credtypes, callback_payload);
return PARSE_ERROR_REPLAY;
/* treat GIT_PASSTHROUGH as if callback isn't set */
if (error == GIT_PASSTHROUGH)
error = 1;
}
if ((error = git_tls_stream_wrap(out, proxy_stream, t->server.url.host)) == 0)
error = stream_connect(*out, &t->server.url,
t->owner->certificate_check_cb,
t->owner->message_cb_payload);
if (error > 0) {
git_error_set(GIT_ERROR_NET, "%s authentication required but no callback set", server_type);
error = -1;
}
/*
* Since we've connected via a HTTPS proxy tunnel, we don't behave
* as if we have an HTTP proxy.
*/
t->proxy_opts.type = GIT_PROXY_NONE;
t->replay_count = 0;
t->request_count = 0;
if (!error)
server->auth_schemetypes = allowed_schemetypes;
done:
return error;
}
static void reset_auth_connection(http_server *server)
GIT_INLINE(int) handle_remote_auth(
http_stream *stream,
git_http_response *response)
{
/*
* If we've authenticated and we're doing "normal"
* authentication with a request affinity (Basic, Digest)
* then we want to _keep_ our context, since authentication
* survives even through non-keep-alive connections. If
* we've authenticated and we're doing connection-based
* authentication (NTLM, Negotiate) - indicated by the presence
* of an `is_complete` callback - then we need to restart
* authentication on a new connection.
*/
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
if (response->server_auth_credtypes == 0) {
git_error_set(GIT_ERROR_NET, "server requires authentication that we do not support");
return -1;
}
if (server->authenticated &&
server->auth_context &&
server->auth_context->connection_affinity) {
server->prior_authtype = server->auth_context->type;
/* Otherwise, prompt for credentials. */
return handle_auth(
&transport->server,
SERVER_TYPE_REMOTE,
transport->owner->url,
response->server_auth_schemetypes,
response->server_auth_credtypes,
transport->owner->cred_acquire_cb,
transport->owner->cred_acquire_payload);
}
free_auth_context(server);
GIT_INLINE(int) handle_proxy_auth(
http_stream *stream,
git_http_response *response)
{
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
server->url_cred_presented = 0;
server->authenticated = 0;
if (response->proxy_auth_credtypes == 0) {
git_error_set(GIT_ERROR_NET, "proxy requires authentication that we do not support");
return -1;
}
/* Otherwise, prompt for credentials. */
return handle_auth(
&transport->proxy,
SERVER_TYPE_PROXY,
transport->owner->proxy.url,
response->server_auth_schemetypes,
response->proxy_auth_credtypes,
transport->owner->proxy.credentials,
transport->owner->proxy.payload);
}
static int http_connect(http_subtransport *t)
static int handle_response(
bool *complete,
http_stream *stream,
git_http_response *response,
bool allow_replay)
{
git_net_url *url;
git_stream *proxy_stream = NULL, *stream = NULL;
git_transport_certificate_check_cb cert_cb;
void *cb_payload;
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
int error;
auth_replay:
if (t->connected && t->keepalive && t->parse_finished)
return 0;
if ((error = load_proxy_config(t)) < 0)
return error;
*complete = false;
if (t->server.stream) {
git_stream_close(t->server.stream);
git_stream_free(t->server.stream);
t->server.stream = NULL;
if (allow_replay && git_http_response_is_redirect(response)) {
if (!response->location) {
git_error_set(GIT_ERROR_NET, "redirect without location");
return -1;
}
if (t->proxy.stream) {
git_stream_close(t->proxy.stream);
git_stream_free(t->proxy.stream);
t->proxy.stream = NULL;
if (git_net_url_apply_redirect(&transport->server.url, response->location, stream->service->url) < 0) {
return -1;
}
reset_auth_connection(&t->server);
reset_auth_connection(&t->proxy);
t->connected = 0;
t->keepalive = 0;
t->request_count = 0;
if (t->proxy_opts.type == GIT_PROXY_SPECIFIED) {
url = &t->proxy.url;
cert_cb = t->proxy_opts.certificate_check;
cb_payload = t->proxy_opts.payload;
} else {
url = &t->server.url;
cert_cb = t->owner->certificate_check_cb;
cb_payload = t->owner->message_cb_payload;
return 0;
} else if (git_http_response_is_redirect(response)) {
git_error_set(GIT_ERROR_NET, "unexpected redirect");
return -1;
}
if (strcmp(url->scheme, "https") == 0)
error = git_tls_stream_new(&stream, url->host, url->port);
else
error = git_socket_stream_new(&stream, url->host, url->port);
if (error < 0)
goto on_error;
/* If we're in the middle of challenge/response auth, continue. */
if (allow_replay && response->resend_credentials) {
return 0;
} else if (allow_replay && response->status == 401) {
if ((error = handle_remote_auth(stream, response)) < 0)
return error;
if ((error = stream_connect(stream, url, cert_cb, cb_payload)) < 0)
goto on_error;
return git_http_client_skip_body(transport->http_client);
} else if (allow_replay && response->status == 407) {
if ((error = handle_proxy_auth(stream, response)) < 0)
return error;
/*
* At this point we have a connection to the remote server or to
* a proxy. If it's a proxy and the remote server is actually
* an HTTPS connection, then we need to build a CONNECT tunnel.
*/
if (t->proxy_opts.type == GIT_PROXY_SPECIFIED &&
strcmp(t->server.url.scheme, "https") == 0) {
proxy_stream = stream;
stream = NULL;
error = proxy_connect(&stream, proxy_stream, t);
if (error == PARSE_ERROR_REPLAY) {
git_stream_close(proxy_stream);
git_stream_free(proxy_stream);
goto auth_replay;
} else if (error < 0) {
goto on_error;
}
return git_http_client_skip_body(transport->http_client);
} else if (response->status == 401 || response->status == 407) {
git_error_set(GIT_ERROR_NET, "unexpected authentication failure");
return -1;
}
t->proxy.stream = proxy_stream;
t->server.stream = stream;
t->connected = 1;
return 0;
if (response->status != 200) {
git_error_set(GIT_ERROR_NET, "unexpected http status code: %d", response->status);
return -1;
}
on_error:
if (stream) {
git_stream_close(stream);
git_stream_free(stream);
/* The response must contain a Content-Type header. */
if (!response->content_type) {
git_error_set(GIT_ERROR_NET, "no content-type header in response");
return -1;
}
if (proxy_stream) {
git_stream_close(proxy_stream);
git_stream_free(proxy_stream);
/* The Content-Type header must match our expectation. */
if (strcmp(response->content_type, stream->service->response_type) != 0) {
git_error_set(GIT_ERROR_NET, "invalid content-type: '%s'", response->content_type);
return -1;
}
return error;
*complete = true;
stream->state = HTTP_STATE_RECEIVING_RESPONSE;
return 0;
}
static int http_stream_read(
git_smart_subtransport_stream *stream,
char *buffer,
size_t buf_size,
size_t *bytes_read)
static int lookup_proxy(
bool *out_use,
http_subtransport *transport)
{
http_stream *s = (http_stream *)stream;
http_subtransport *t = OWNING_SUBTRANSPORT(s);
parser_context ctx;
size_t bytes_parsed;
git_buf request = GIT_BUF_INIT;
bool auth_replay;
const char *proxy;
git_remote *remote;
bool use_ssl;
char *config = NULL;
int error = 0;
replay:
*bytes_read = 0;
auth_replay = false;
*out_use = false;
git_net_url_dispose(&transport->proxy.url);
switch (transport->owner->proxy.type) {
case GIT_PROXY_SPECIFIED:
proxy = transport->owner->proxy.url;
break;
assert(t->connected);
case GIT_PROXY_AUTO:
remote = transport->owner->owner;
use_ssl = !strcmp(transport->server.url.scheme, "https");
if (!s->sent_request) {
git_buf_clear(&request);
clear_parser_state(t);
error = git_remote__get_http_proxy(remote, use_ssl, &config);
if ((error = gen_request(&request, s, 0)) < 0 ||
(error = git_stream__write_full(t->server.stream, request.ptr, request.size, 0)) < 0)
if (error || !config)
goto done;
s->sent_request = 1;
}
proxy = config;
break;
if (!s->received_response) {
if (s->chunked) {
assert(s->verb == post_verb);
default:
return 0;
}
/* Flush, if necessary */
if (s->chunk_buffer_len > 0) {
if ((error = write_chunk(t->server.stream, s->chunk_buffer, s->chunk_buffer_len)) < 0)
if (!proxy ||
(error = git_net_url_parse(&transport->proxy.url, proxy)) < 0)
goto done;
s->chunk_buffer_len = 0;
}
*out_use = true;
/* Write the final chunk. */
if ((error = git_stream__write_full(t->server.stream,
"0\r\n\r\n", 5, 0)) < 0)
goto done;
}
done:
git__free(config);
return error;
}
s->received_response = 1;
static int generate_request(
git_net_url *url,
git_http_request *request,
http_stream *stream,
size_t len)
{
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
bool use_proxy = false;
int error;
if ((error = git_net_url_joinpath(url,
&transport->server.url, stream->service->url)) < 0 ||
(error = lookup_proxy(&use_proxy, transport)) < 0)
return error;
request->method = stream->service->method;
request->url = url;
request->credentials = transport->server.cred;
request->proxy = use_proxy ? &transport->proxy.url : NULL;
request->proxy_credentials = transport->proxy.cred;
if (stream->service->method == GIT_HTTP_METHOD_POST) {
request->chunked = stream->service->chunked;
request->content_length = stream->service->chunked ? 0 : len;
request->content_type = stream->service->request_type;
request->accept = stream->service->response_type;
request->expect_continue = git_http__expect_continue;
}
while (!*bytes_read && !t->parse_finished) {
size_t data_offset;
return 0;
}
/*
* Make the parse_buffer think it's as full of data as
* the buffer, so it won't try to recv more data than
* we can put into it.
*
* data_offset is the actual data offset from which we
* should tell the parser to start reading.
/*
* Read from an HTTP transport - for the first invocation of this function
* (ie, when stream->state == HTTP_STATE_NONE), we'll send a GET request
* to the remote host. We will stream that data back on all subsequent
* calls.
*/
if (buf_size >= t->parse_buffer.len)
t->parse_buffer.offset = 0;
else
t->parse_buffer.offset = t->parse_buffer.len - buf_size;
static int http_stream_read(
git_smart_subtransport_stream *s,
char *buffer,
size_t buffer_size,
size_t *out_len)
{
http_stream *stream = (http_stream *)s;
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
git_net_url url = GIT_NET_URL_INIT;
git_net_url proxy_url = GIT_NET_URL_INIT;
git_http_request request = {0};
git_http_response response = {0};
bool complete;
int error;
data_offset = t->parse_buffer.offset;
*out_len = 0;
if ((error = gitno_recv(&t->parse_buffer)) < 0) {
goto done;
} else if (error == 0 && t->request_count > 0) {
/* Server closed a keep-alive socket; reconnect. */
auth_replay = true;
goto done;
} else if (error == 0) {
git_error_set(GIT_ERROR_NET, "unexpected disconnection from server");
error = -1;
goto done;
if (stream->state == HTTP_STATE_NONE) {
stream->state = HTTP_STATE_SENDING_REQUEST;
stream->replay_count = 0;
}
/*
* This call to http_parser_execute will result in invocations
* of the on_* family of callbacks, including on_body_fill_buffer
* which will write into the target buffer. Set up the buffer
* for it to write into _unless_ we got an auth failure; in
* that case we only care about the headers and don't need to
* bother copying the body.
* Formulate the URL, send the request and read the response
* headers. Some of the request body may also be read.
*/
ctx.t = t;
ctx.s = s;
ctx.buffer = auth_replay ? NULL : buffer;
ctx.buf_size = auth_replay ? 0 : buf_size;
ctx.bytes_read = bytes_read;
/* Set the context, call the parser, then unset the context. */
t->parser.data = &ctx;
bytes_parsed = http_parser_execute(&t->parser,
&t->settings,
t->parse_buffer.data + data_offset,
t->parse_buffer.offset - data_offset);
t->parser.data = NULL;
/* On a 401, read the rest of the response then retry. */
if (t->parse_error == PARSE_ERROR_REPLAY) {
auth_replay = true;
} else if (t->parse_error == PARSE_ERROR_EXT) {
error = t->error;
goto done;
} else if (t->parse_error < 0) {
error = -1;
while (stream->state == HTTP_STATE_SENDING_REQUEST &&
stream->replay_count < GIT_HTTP_REPLAY_MAX) {
git_net_url_dispose(&url);
git_net_url_dispose(&proxy_url);
git_http_response_dispose(&response);
if ((error = generate_request(&url, &request, stream, 0)) < 0 ||
(error = git_http_client_send_request(
transport->http_client, &request)) < 0 ||
(error = git_http_client_read_response(
&response, transport->http_client)) < 0 ||
(error = handle_response(&complete, stream, &response, true)) < 0)
goto done;
if (complete)
break;
stream->replay_count++;
}
if (bytes_parsed != t->parse_buffer.offset - data_offset) {
git_error_set(GIT_ERROR_NET,
"HTTP parser error: %s",
http_errno_description((enum http_errno)t->parser.http_errno));
if (stream->state == HTTP_STATE_SENDING_REQUEST) {
git_error_set(GIT_ERROR_NET, "too many redirects or authentication replays");
error = -1;
goto done;
}
}
t->request_count++;
assert (stream->state == HTTP_STATE_RECEIVING_RESPONSE);
if (auth_replay) {
s->sent_request = 0;
error = git_http_client_read_body(transport->http_client, buffer, buffer_size);
if ((error = http_connect(t)) < 0)
return error;
goto replay;
if (error > 0) {
*out_len = error;
error = 0;
}
done:
git_buf_dispose(&request);
git_net_url_dispose(&url);
git_net_url_dispose(&proxy_url);
git_http_response_dispose(&response);
return error;
}
static int http_stream_write_chunked(
git_smart_subtransport_stream *stream,
/*
* Write to an HTTP transport - for the first invocation of this function
* (ie, when stream->state == HTTP_STATE_NONE), we'll send a POST request
* to the remote host. If we're sending chunked data, then subsequent calls
* will write the additional data given in the buffer. If we're not chunking,
* then the caller should have given us all the data in the original call.
* The caller should call http_stream_read_response to get the result.
*/
static int http_stream_write(
git_smart_subtransport_stream *s,
const char *buffer,
size_t len)
{
http_stream *s = GIT_CONTAINER_OF(stream, http_stream, parent);
http_subtransport *t = OWNING_SUBTRANSPORT(s);
assert(t->connected);
/* Send the request, if necessary */
if (!s->sent_request) {
git_buf request = GIT_BUF_INIT;
clear_parser_state(t);
if (gen_request(&request, s, 0) < 0)
return -1;
http_stream *stream = GIT_CONTAINER_OF(s, http_stream, parent);
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
git_net_url url = GIT_NET_URL_INIT;
git_http_request request = {0};
git_http_response response = {0};
int error;
if (git_stream__write_full(t->server.stream, request.ptr,
request.size, 0) < 0) {
git_buf_dispose(&request);
return -1;
}
while (stream->state == HTTP_STATE_NONE &&
stream->replay_count < GIT_HTTP_REPLAY_MAX) {
git_buf_dispose(&request);
git_net_url_dispose(&url);
git_http_response_dispose(&response);
s->sent_request = 1;
}
if ((error = generate_request(&url, &request, stream, len)) < 0 ||
(error = git_http_client_send_request(
transport->http_client, &request)) < 0)
goto done;
if (len > CHUNK_SIZE) {
/* Flush, if necessary */
if (s->chunk_buffer_len > 0) {
if (write_chunk(t->server.stream,
s->chunk_buffer, s->chunk_buffer_len) < 0)
return -1;
if (request.expect_continue &&
git_http_client_has_response(transport->http_client)) {
bool complete;
s->chunk_buffer_len = 0;
/*
* If we got a response to an expect/continue, then
* it's something other than a 100 and we should
* deal with the response somehow.
*/
if ((error = git_http_client_read_response(&response, transport->http_client)) < 0 ||
(error = handle_response(&complete, stream, &response, true)) < 0)
goto done;
} else {
stream->state = HTTP_STATE_SENDING_REQUEST;
}
/* Write chunk directly */
if (write_chunk(t->server.stream, buffer, len) < 0)
return -1;
stream->replay_count++;
}
else {
/* Append as much to the buffer as we can */
int count = min(CHUNK_SIZE - s->chunk_buffer_len, len);
if (!s->chunk_buffer) {
s->chunk_buffer = git__malloc(CHUNK_SIZE);
GIT_ERROR_CHECK_ALLOC(s->chunk_buffer);
if (stream->state == HTTP_STATE_NONE) {
git_error_set(GIT_ERROR_NET,
"too many redirects or authentication replays");
error = -1;
goto done;
}
memcpy(s->chunk_buffer + s->chunk_buffer_len, buffer, count);
s->chunk_buffer_len += count;
buffer += count;
len -= count;
/* Is the buffer full? If so, then flush */
if (CHUNK_SIZE == s->chunk_buffer_len) {
if (write_chunk(t->server.stream,
s->chunk_buffer, s->chunk_buffer_len) < 0)
return -1;
s->chunk_buffer_len = 0;
assert(stream->state == HTTP_STATE_SENDING_REQUEST);
if (len > 0) {
memcpy(s->chunk_buffer, buffer, len);
s->chunk_buffer_len = len;
}
}
}
error = git_http_client_send_body(transport->http_client, buffer, len);
return 0;
done:
git_http_response_dispose(&response);
git_net_url_dispose(&url);
return error;
}
static int http_stream_write_single(
git_smart_subtransport_stream *stream,
const char *buffer,
size_t len)
/*
* Read from an HTTP transport after it has been written to. This is the
* response from a POST request made by http_stream_write.
*/
static int http_stream_read_response(
git_smart_subtransport_stream *s,
char *buffer,
size_t buffer_size,
size_t *out_len)
{
http_stream *s = GIT_CONTAINER_OF(stream, http_stream, parent);
http_subtransport *t = OWNING_SUBTRANSPORT(s);
git_buf request = GIT_BUF_INIT;
assert(t->connected);
if (s->sent_request) {
git_error_set(GIT_ERROR_NET, "subtransport configured for only one write");
return -1;
}
clear_parser_state(t);
http_stream *stream = (http_stream *)s;
http_subtransport *transport = OWNING_SUBTRANSPORT(stream);
git_http_response response = {0};
bool complete;
int error;
if (gen_request(&request, s, len) < 0)
return -1;
*out_len = 0;
if (git_stream__write_full(t->server.stream, request.ptr, request.size, 0) < 0)
goto on_error;
if (stream->state == HTTP_STATE_SENDING_REQUEST) {
if ((error = git_http_client_read_response(&response, transport->http_client)) < 0 ||
(error = handle_response(&complete, stream, &response, false)) < 0)
goto done;
if (len && git_stream__write_full(t->server.stream, buffer, len, 0) < 0)
goto on_error;
assert(complete);
stream->state = HTTP_STATE_RECEIVING_RESPONSE;
}
git_buf_dispose(&request);
s->sent_request = 1;
error = git_http_client_read_body(transport->http_client, buffer, buffer_size);
return 0;
if (error > 0) {
*out_len = error;
error = 0;
}
on_error:
git_buf_dispose(&request);
return -1;
done:
git_http_response_dispose(&response);
return error;
}
static void http_stream_free(git_smart_subtransport_stream *stream)
{
http_stream *s = GIT_CONTAINER_OF(stream, http_stream, parent);
if (s->chunk_buffer)
git__free(s->chunk_buffer);
git__free(s);
}
static int http_stream_alloc(http_subtransport *t,
git_smart_subtransport_stream **stream)
{
http_stream *s;
if (!stream)
return -1;
s = git__calloc(sizeof(http_stream), 1);
GIT_ERROR_CHECK_ALLOC(s);
s->parent.subtransport = &t->parent;
s->parent.read = http_stream_read;
s->parent.write = http_stream_write_single;
s->parent.free = http_stream_free;
*stream = (git_smart_subtransport_stream *)s;
return 0;
}
static int http_uploadpack_ls(
http_subtransport *t,
git_smart_subtransport_stream **stream)
{
http_stream *s;
if (http_stream_alloc(t, stream) < 0)
return -1;
s = (http_stream *)*stream;
s->service = upload_pack_service;
s->service_url = upload_pack_ls_service_url;
s->verb = get_verb;
return 0;
}
static int http_uploadpack(
http_subtransport *t,
git_smart_subtransport_stream **stream)
{
http_stream *s;
if (http_stream_alloc(t, stream) < 0)
return -1;
s = (http_stream *)*stream;
s->service = upload_pack_service;
s->service_url = upload_pack_service_url;
s->verb = post_verb;
return 0;
}
static int http_receivepack_ls(
http_subtransport *t,
git_smart_subtransport_stream **stream)
{
http_stream *s;
if (http_stream_alloc(t, stream) < 0)
return -1;
s = (http_stream *)*stream;
s->service = receive_pack_service;
s->service_url = receive_pack_ls_service_url;
s->verb = get_verb;
return 0;
}
static int http_receivepack(
http_subtransport *t,
git_smart_subtransport_stream **stream)
static const http_service *select_service(git_smart_service_t action)
{
http_stream *s;
if (http_stream_alloc(t, stream) < 0)
return -1;
s = (http_stream *)*stream;
/* Use Transfer-Encoding: chunked for this request */
s->chunked = 1;
s->parent.write = http_stream_write_chunked;
s->service = receive_pack_service;
s->service_url = receive_pack_service_url;
s->verb = post_verb;
switch (action) {
case GIT_SERVICE_UPLOADPACK_LS:
return &upload_pack_ls_service;
case GIT_SERVICE_UPLOADPACK:
return &upload_pack_service;
case GIT_SERVICE_RECEIVEPACK_LS:
return &receive_pack_ls_service;
case GIT_SERVICE_RECEIVEPACK:
return &receive_pack_service;
}
return 0;
return NULL;
}
static int http_action(
git_smart_subtransport_stream **stream,
git_smart_subtransport *subtransport,
git_smart_subtransport_stream **out,
git_smart_subtransport *t,
const char *url,
git_smart_service_t action)
{
http_subtransport *t = GIT_CONTAINER_OF(subtransport, http_subtransport, parent);
int ret;
http_subtransport *transport = GIT_CONTAINER_OF(t, http_subtransport, parent);
http_stream *stream;
const http_service *service;
int error;
assert(out && t);
assert(stream);
*out = NULL;
/*
* If we've seen a redirect then preserve the location that we've
......@@ -1536,103 +582,89 @@ static int http_action(
* have redirected us from HTTP->HTTPS and is using an auth mechanism
* that would be insecure in plaintext (eg, HTTP Basic).
*/
if ((!t->server.url.host || !t->server.url.port || !t->server.url.path) &&
(ret = git_net_url_parse(&t->server.url, url)) < 0)
return ret;
assert(t->server.url.host && t->server.url.port && t->server.url.path);
if ((ret = http_connect(t)) < 0)
return ret;
if (!git_net_url_valid(&transport->server.url) &&
(error = git_net_url_parse(&transport->server.url, url)) < 0)
return error;
switch (action) {
case GIT_SERVICE_UPLOADPACK_LS:
return http_uploadpack_ls(t, stream);
if ((service = select_service(action)) == NULL) {
git_error_set(GIT_ERROR_NET, "invalid action");
return -1;
}
case GIT_SERVICE_UPLOADPACK:
return http_uploadpack(t, stream);
stream = git__calloc(sizeof(http_stream), 1);
GIT_ERROR_CHECK_ALLOC(stream);
case GIT_SERVICE_RECEIVEPACK_LS:
return http_receivepack_ls(t, stream);
if (!transport->http_client) {
git_http_client_options opts = {0};
case GIT_SERVICE_RECEIVEPACK:
return http_receivepack(t, stream);
}
opts.server_certificate_check_cb = transport->owner->certificate_check_cb;
opts.server_certificate_check_payload = transport->owner->message_cb_payload;
opts.proxy_certificate_check_cb = transport->owner->proxy.certificate_check;
opts.proxy_certificate_check_payload = transport->owner->proxy.payload;
*stream = NULL;
if (git_http_client_new(&transport->http_client, &opts) < 0)
return -1;
}
static int http_close(git_smart_subtransport *subtransport)
{
http_subtransport *t = GIT_CONTAINER_OF(subtransport, http_subtransport, parent);
clear_parser_state(t);
}
t->connected = 0;
stream->service = service;
stream->parent.subtransport = &transport->parent;
if (t->server.stream) {
git_stream_close(t->server.stream);
git_stream_free(t->server.stream);
t->server.stream = NULL;
if (service->method == GIT_HTTP_METHOD_GET) {
stream->parent.read = http_stream_read;
} else {
stream->parent.write = http_stream_write;
stream->parent.read = http_stream_read_response;
}
if (t->proxy.stream) {
git_stream_close(t->proxy.stream);
git_stream_free(t->proxy.stream);
t->proxy.stream = NULL;
}
stream->parent.free = http_stream_free;
free_cred(&t->server.cred);
free_cred(&t->proxy.cred);
*out = (git_smart_subtransport_stream *)stream;
return 0;
}
free_auth_context(&t->server);
free_auth_context(&t->proxy);
static int http_close(git_smart_subtransport *t)
{
http_subtransport *transport = GIT_CONTAINER_OF(t, http_subtransport, parent);
t->server.url_cred_presented = false;
t->proxy.url_cred_presented = false;
free_cred(&transport->server.cred);
free_cred(&transport->proxy.cred);
git_net_url_dispose(&t->server.url);
git_net_url_dispose(&t->proxy.url);
transport->server.url_cred_presented = false;
transport->proxy.url_cred_presented = false;
git__free(t->proxy_url);
t->proxy_url = NULL;
git_net_url_dispose(&transport->server.url);
git_net_url_dispose(&transport->proxy.url);
return 0;
}
static void http_free(git_smart_subtransport *subtransport)
static void http_free(git_smart_subtransport *t)
{
http_subtransport *t = GIT_CONTAINER_OF(subtransport, http_subtransport, parent);
http_subtransport *transport = GIT_CONTAINER_OF(t, http_subtransport, parent);
git_http_client_free(transport->http_client);
http_close(subtransport);
git__free(t);
http_close(t);
git__free(transport);
}
int git_smart_subtransport_http(git_smart_subtransport **out, git_transport *owner, void *param)
{
http_subtransport *t;
http_subtransport *transport;
GIT_UNUSED(param);
if (!out)
return -1;
t = git__calloc(sizeof(http_subtransport), 1);
GIT_ERROR_CHECK_ALLOC(t);
assert(out);
t->owner = (transport_smart *)owner;
t->parent.action = http_action;
t->parent.close = http_close;
t->parent.free = http_free;
transport = git__calloc(sizeof(http_subtransport), 1);
GIT_ERROR_CHECK_ALLOC(transport);
t->settings.on_header_field = on_header_field;
t->settings.on_header_value = on_header_value;
t->settings.on_headers_complete = on_headers_complete;
t->settings.on_body = on_body_fill_buffer;
t->settings.on_message_complete = on_message_complete;
transport->owner = (transport_smart *)owner;
transport->parent.action = http_action;
transport->parent.close = http_close;
transport->parent.free = http_free;
*out = (git_smart_subtransport *) t;
*out = (git_smart_subtransport *) transport;
return 0;
}
......
src/transports/http.h
......@@ -9,6 +9,7 @@
#define INCLUDE_transports_http_h__
#include "buffer.h"
#include "httpclient.h"
#define GIT_HTTP_REPLAY_MAX 15
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment