sysmocom/asterisk
11
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
asterisk/res/res_http_post.c
Josh Soref 9ae9893c63 res: Spelling fixes 
Correct typos of the following word families:

identifying
structures
actcount
initializer
attributes
statement
enough
locking
declaration
userevent
provides
unregister
session
execute
searches
verification
suppressed
prepared
passwords
recipients
event
because
brief
unidentified
redundancy
character
the
module
reload
operation
backslashes
accurate
incorrect
collision
initializing
instance
interpreted
buddies
omitted
manually
requires
queries
generator
scheduler
configuration has
owner
resource
performed
masquerade
apparently
routable

ASTERISK-29714

Change-Id: I88485116d2c59b776aa2e1f8b4ce8239a21decda
2021-11-15 16:37:34 -06:00

518 lines
14 KiB
C
Raw Blame History

/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 1999 - 2006, Digium, Inc.
*
* Mark Spencer <markster@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*!
* \file
* \brief HTTP POST upload support for Asterisk HTTP server
*
* \author Terry Wilson <twilson@digium.com
*
* \ref AstHTTP - AMI over the http protocol
*/
/*** MODULEINFO
<depend>gmime</depend>
<support_level>core</support_level>
***/
#include "asterisk.h"
#include <sys/stat.h>
#include <fcntl.h>
#include <gmime/gmime.h>
#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__) || defined(__NetBSD__) || defined(__Darwin__) || defined(SOLARIS)
#include <libgen.h>
#endif
#include "asterisk/linkedlists.h"
#include "asterisk/http.h"
#include "asterisk/paths.h" /* use ast_config_AST_DATA_DIR */
#include "asterisk/tcptls.h"
#include "asterisk/manager.h"
#include "asterisk/cli.h"
#include "asterisk/module.h"
#include "asterisk/ast_version.h"
#define MAX_PREFIX 80
/* gmime 2.4 provides a newer interface. */
#ifdef GMIME_TYPE_CONTENT_TYPE
#define AST_GMIME_VER_24
#endif
#if defined(GMIME_MAJOR_VERSION) && (GMIME_MAJOR_VERSION >= 3)
#define AST_GMIME_VER_30
#endif
/* just a little structure to hold callback info for gmime */
struct mime_cbinfo {
int count;
const char *post_dir;
};
/* all valid URIs must be prepended by the string in prefix. */
static char prefix[MAX_PREFIX];
static void post_raw(GMimePart *part, const char *post_dir, const char *fn)
{
char filename[PATH_MAX];
GMimeDataWrapper *content;
GMimeStream *stream;
int fd;
snprintf(filename, sizeof(filename), "%s/%s", post_dir, fn);
ast_debug(1, "Posting raw data to %s\n", filename);
if ((fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666)) == -1) {
ast_log(LOG_WARNING, "Unable to open %s for writing file from a POST!\n", filename);
return;
}
stream = g_mime_stream_fs_new(fd);
#ifdef AST_GMIME_VER_30
content = g_mime_part_get_content(part);
#else
content = g_mime_part_get_content_object(part);
#endif
g_mime_data_wrapper_write_to_stream(content, stream);
g_mime_stream_flush(stream);
#ifndef AST_GMIME_VER_24
g_object_unref(content);
#endif
g_object_unref(stream);
}
static GMimeMessage *parse_message(FILE *f)
{
GMimeMessage *message;
GMimeParser *parser;
GMimeStream *stream;
stream = g_mime_stream_file_new(f);
parser = g_mime_parser_new_with_stream(stream);
g_mime_parser_set_respect_content_length(parser, 1);
g_object_unref(stream);
message = g_mime_parser_construct_message(parser
#ifdef AST_GMIME_VER_30
, NULL
#endif
);
g_object_unref(parser);
return message;
}
#ifdef AST_GMIME_VER_24
static void process_message_callback(GMimeObject *parent, GMimeObject *part, gpointer user_data)
#else
static void process_message_callback(GMimeObject *part, gpointer user_data)
#endif
{
struct mime_cbinfo *cbinfo = user_data;
cbinfo->count++;
/* We strip off the headers before we get here, so should only see GMIME_IS_PART */
if (GMIME_IS_MESSAGE_PART(part)) {
ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MESSAGE_PART\n");
return;
} else if (GMIME_IS_MESSAGE_PARTIAL(part)) {
ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MESSAGE_PARTIAL\n");
return;
} else if (GMIME_IS_MULTIPART(part)) {
#ifndef AST_GMIME_VER_24
GList *l;
ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MULTIPART, trying to process subparts\n");
l = GMIME_MULTIPART(part)->subparts;
while (l) {
process_message_callback(l->data, cbinfo);
l = l->next;
}
#else
ast_log(LOG_WARNING, "Got unexpected MIME subpart.\n");
#endif
} else if (GMIME_IS_PART(part)) {
const char *filename;
if (ast_strlen_zero(filename = g_mime_part_get_filename(GMIME_PART(part)))) {
ast_debug(1, "Skipping part with no filename\n");
return;
}
post_raw(GMIME_PART(part), cbinfo->post_dir, filename);
} else {
ast_log(LOG_ERROR, "Encountered unknown MIME part. This should never happen!\n");
}
}
static int process_message(GMimeMessage *message, const char *post_dir)
{
struct mime_cbinfo cbinfo = {
.count = 0,
.post_dir = post_dir,
};
#ifdef AST_GMIME_VER_24
g_mime_message_foreach(message, process_message_callback, &cbinfo);
#else
g_mime_message_foreach_part(message, process_message_callback, &cbinfo);
#endif
return cbinfo.count;
}
/* Find a sequence of bytes within a binary array. */
static int find_sequence(char * inbuf, int inlen, char * matchbuf, int matchlen)
{
int current;
int comp;
int found = 0;
for (current = 0; current < inlen-matchlen; current++, inbuf++) {
if (*inbuf == *matchbuf) {
found=1;
for (comp = 1; comp < matchlen; comp++) {
if (inbuf[comp] != matchbuf[comp]) {
found = 0;
break;
}
}
if (found) {
break;
}
}
}
if (found) {
return current;
} else {
return -1;
}
}
/*
* The following is a work around to deal with how IE7 embeds the local file name
* within the Mime header using full WINDOWS file path with backslash directory delimiters.
* This section of code attempts to isolate the directory path and remove it
* from what is written into the output file. In addition, it changes
* esc chars (i.e. backslashes) to forward slashes.
* This function has two modes. The first to find a boundary marker. The
* second is to find the filename immediately after the boundary.
*/
static int readmimefile(struct ast_iostream *in, FILE *fout, char *boundary, int contentlen)
{
int find_filename = 0;
char buf[4096];
int marker;
int x;
int char_in_buf = 0;
int num_to_read;
int boundary_len;
char * path_end, * path_start, * filespec;
if (NULL == in || NULL == fout || NULL == boundary || 0 >= contentlen) {
return -1;
}
boundary_len = strlen(boundary);
while (0 < contentlen || 0 < char_in_buf) {
/* determine how much I will read into the buffer */
if (contentlen > sizeof(buf) - char_in_buf) {
num_to_read = sizeof(buf)- char_in_buf;
} else {
num_to_read = contentlen;
}
if (0 < num_to_read) {
if (ast_iostream_read(in, &(buf[char_in_buf]), num_to_read) < num_to_read) {
ast_log(LOG_WARNING, "read failed: %s\n", strerror(errno));
num_to_read = 0;
}
contentlen -= num_to_read;
char_in_buf += num_to_read;
}
/* If I am looking for the filename spec */
if (find_filename) {
path_end = filespec = NULL;
x = strlen("filename=\"");
marker = find_sequence(buf, char_in_buf, "filename=\"", x );
if (0 <= marker) {
marker += x; /* Index beyond the filename marker */
path_start = &buf[marker];
for (path_end = path_start, x = 0; x < char_in_buf-marker; x++, path_end++) {
if ('\\' == *path_end) { /* convert backslashes to forward slashes */
*path_end = '/';
}
if ('\"' == *path_end) { /* If at the end of the file name spec */
*path_end = '\0'; /* temporarily null terminate the file spec for basename */
filespec = basename(path_start);
*path_end = '\"';
break;
}
}
}
if (filespec) { /* If the file name path was found in the header */
if (fwrite(buf, 1, marker, fout) != marker) {
ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
}
x = (int)(path_end+1 - filespec);
if (fwrite(filespec, 1, x, fout) != x) {
ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
}
x = (int)(path_end+1 - buf);
memmove(buf, &(buf[x]), char_in_buf-x);
char_in_buf -= x;
}
find_filename = 0;
} else { /* I am looking for the boundary marker */
marker = find_sequence(buf, char_in_buf, boundary, boundary_len);
if (0 > marker) {
if (char_in_buf < (boundary_len)) {
/*no possibility to find the boundary, write all you have */
if (fwrite(buf, 1, char_in_buf, fout) != char_in_buf) {
ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
}
char_in_buf = 0;
} else {
/* write all except for area where the boundary marker could be */
if (fwrite(buf, 1, char_in_buf -(boundary_len -1), fout) != char_in_buf - (boundary_len - 1)) {
ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
}
x = char_in_buf -(boundary_len -1);
memmove(buf, &(buf[x]), char_in_buf-x);
char_in_buf = (boundary_len -1);
}
} else {
/* write up through the boundary, then look for filename in the rest */
if (fwrite(buf, 1, marker + boundary_len, fout) != marker + boundary_len) {
ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
}
x = marker + boundary_len;
memmove(buf, &(buf[x]), char_in_buf-x);
char_in_buf -= marker + boundary_len;
find_filename =1;
}
}
}
return 0;
}
static int http_post_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *get_vars, struct ast_variable *headers)
{
struct ast_variable *var;
uint32_t ident;
FILE *f;
int content_len = 0;
struct ast_str *post_dir;
GMimeMessage *message;
char *boundary_marker = NULL;
if (method != AST_HTTP_POST) {
ast_http_error(ser, 501, "Not Implemented", "Attempt to use unimplemented / unsupported method");
return 0;
}
if (!urih) {
ast_http_error(ser, 400, "Missing URI handle", "There was an error parsing the request");
return 0;
}
ident = ast_http_manid_from_vars(headers);
if (!ident || !astman_is_authed(ident)) {
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 403, "Access Denied", "Sorry, I cannot let you do that, Dave.");
return 0;
}
if (!astman_verify_session_writepermissions(ident, EVENT_FLAG_CONFIG)) {
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 401, "Unauthorized", "You are not authorized to make this request.");
return 0;
}
if (!(f = tmpfile())) {
ast_log(LOG_ERROR, "Could not create temp file.\n");
ast_http_error(ser, 500, "Internal server error", "Could not create temp file.");
return 0;
}
for (var = headers; var; var = var->next) {
fprintf(f, "%s: %s\r\n", var->name, var->value);
if (!strcasecmp(var->name, "Content-Length")) {
if ((sscanf(var->value, "%30u", &content_len)) != 1) {
ast_log(LOG_ERROR, "Invalid Content-Length in POST request!\n");
fclose(f);
ast_http_request_close_on_completion(ser);
ast_http_error(ser, 400, "Bad Request", "Invalid Content-Length in POST request!");
return 0;
}
ast_debug(1, "Got a Content-Length of %d\n", content_len);
} else if (!strcasecmp(var->name, "Content-Type")) {
boundary_marker = strstr(var->value, "boundary=");
if (boundary_marker) {
boundary_marker += strlen("boundary=");
}
}
}
fprintf(f, "\r\n");
/*
* Always mark the body read as failed.
*
* XXX Should change readmimefile() to always be sure to read
* the entire body so we can update the read status and
* potentially keep the connection open.
*/
ast_http_body_read_status(ser, 0);
if (0 > readmimefile(ser->stream, f, boundary_marker, content_len)) {
ast_debug(1, "Cannot find boundary marker in POST request.\n");
fclose(f);
ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request.");
return 0;
}
if (fseek(f, SEEK_SET, 0)) {
ast_log(LOG_ERROR, "Failed to seek temp file back to beginning.\n");
fclose(f);
ast_http_error(ser, 500, "Internal server error", "Failed to seek temp file back to beginning.");
return 0;
}
post_dir = urih->data;
message = parse_message(f); /* Takes ownership and will close f */
if (!message) {
ast_log(LOG_ERROR, "Error parsing MIME data\n");
ast_http_error(ser, 400, "Bad Request", "There was an error parsing the request.");
return 0;
}
if (!process_message(message, ast_str_buffer(post_dir))) {
ast_log(LOG_ERROR, "Invalid MIME data, found no parts!\n");
g_object_unref(message);
ast_http_error(ser, 400, "Bad Request", "There was an error parsing the request.");
return 0;
}
g_object_unref(message);
/* XXX Passing 200 to the error response routine? */
ast_http_error(ser, 200, "OK", "File successfully uploaded.");
return 0;
}
static int __ast_http_post_load(int reload)
{
struct ast_config *cfg;
struct ast_variable *v;
struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
cfg = ast_config_load2("http.conf", "http", config_flags);
if (!cfg || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
return 0;
}
if (reload) {
ast_http_uri_unlink_all_with_key(__FILE__);
}
for (v = ast_variable_browse(cfg, "general"); v; v = v->next) {
if (!strcasecmp(v->name, "prefix")) {
ast_copy_string(prefix, v->value, sizeof(prefix));
if (prefix[strlen(prefix)] == '/') {
prefix[strlen(prefix)] = '\0';
}
}
}
for (v = ast_variable_browse(cfg, "post_mappings"); v; v = v->next) {
struct ast_http_uri *urih;
struct ast_str *ds;
if (!(urih = ast_calloc(sizeof(*urih), 1))) {
ast_config_destroy(cfg);
return -1;
}
if (!(ds = ast_str_create(32))) {
ast_free(urih);
ast_config_destroy(cfg);
return -1;
}
urih->description = ast_strdup("HTTP POST mapping");
urih->uri = ast_strdup(v->name);
ast_str_set(&ds, 0, "%s", v->value);
urih->data = ds;
urih->has_subtree = 0;
urih->callback = http_post_callback;
urih->key = __FILE__;
urih->mallocd = urih->dmallocd = 1;
ast_http_uri_link(urih);
}
ast_config_destroy(cfg);
return 0;
}
static int unload_module(void)
{
ast_http_uri_unlink_all_with_key(__FILE__);
return 0;
}
static int reload(void)
{
__ast_http_post_load(1);
return AST_MODULE_LOAD_SUCCESS;
}
static int load_module(void)
{
g_mime_init(
#ifndef AST_GMIME_VER_30
0
#endif
);
__ast_http_post_load(0);
return AST_MODULE_LOAD_SUCCESS;
}
AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_DEFAULT, "HTTP POST support",
.support_level = AST_MODULE_SUPPORT_CORE,
.load = load_module,
.unload = unload_module,
.reload = reload,
.requires = "http",
);
Reference in a new issue View git blame Copy permalink