mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14364 Commits
28 Branches
Tree: f7aee39a9d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f7aee39a9d'
${ noResults }
rspamd/src/libutil/http_connection.c

http_connection.c 58KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436 
  1. /*-

  2.  * Copyright 2016 Vsevolod Stakhov

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *   http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. #include "config.h"

  17. #include "http_connection.h"

  18. #include "http_private.h"

  19. #include "http_message.h"

  20. #include "utlist.h"

  21. #include "util.h"

  22. #include "printf.h"

  23. #include "logger.h"

  24. #include "ref.h"

  25. #include "ottery.h"

  26. #include "keypair_private.h"

  27. #include "cryptobox.h"

  28. #include "libutil/ssl_util.h"

  29. #include "libserver/url.h"

  30. 

  31. #include "contrib/mumhash/mum.h"

  32. #include "contrib/http-parser/http_parser.h"

  33. #include "unix-std.h"

  34. 

  35. #include <openssl/err.h>

  36. 

  37. #define ENCRYPTED_VERSION " HTTP/1.0"

  38. 

  39. struct _rspamd_http_privbuf {

  40. 	rspamd_fstring_t *data;

  41. 	const gchar *zc_buf;

  42. 	gsize zc_remain;

  43. 	ref_entry_t ref;

  44. };

  45. 

  46. enum rspamd_http_priv_flags {

  47. 	RSPAMD_HTTP_CONN_FLAG_ENCRYPTED = 1 << 0,

  48. 	RSPAMD_HTTP_CONN_FLAG_NEW_HEADER = 1 << 1,

  49. 	RSPAMD_HTTP_CONN_FLAG_RESETED = 1 << 2,

  50. 	RSPAMD_HTTP_CONN_FLAG_TOO_LARGE = 1 << 3,

  51. 	RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED = 1 << 4,

  52. };

  53. 

  54. #define IS_CONN_ENCRYPTED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_ENCRYPTED)

  55. #define IS_CONN_RESETED(c) ((c)->flags & RSPAMD_HTTP_CONN_FLAG_RESETED)

  56. 

  57. struct rspamd_http_connection_private {

  58. 	struct rspamd_http_context *ctx;

  59. 	struct rspamd_ssl_connection *ssl;

  60. 	struct _rspamd_http_privbuf *buf;

  61. 	struct rspamd_keypair_cache *cache;

  62. 	struct rspamd_cryptobox_pubkey *peer_key;

  63. 	struct rspamd_cryptobox_keypair *local_key;

  64. 	struct rspamd_http_header *header;

  65. 	struct http_parser parser;

  66. 	struct http_parser_settings parser_cb;

  67. 	struct event ev;

  68. 	struct timeval tv;

  69. 	struct timeval *ptv;

  70. 	struct rspamd_http_message *msg;

  71. 	struct iovec *out;

  72. 	guint outlen;

  73. 	enum rspamd_http_priv_flags flags;

  74. 	gsize wr_pos;

  75. 	gsize wr_total;

  76. };

  77. 

  78. static const rspamd_ftok_t key_header = {

  79. 		.begin = "Key",

  80. 		.len = 3

  81. };

  82. static const rspamd_ftok_t date_header = {

  83. 		.begin = "Date",

  84. 		.len = 4

  85. };

  86. static const rspamd_ftok_t last_modified_header = {

  87. 		.begin = "Last-Modified",

  88. 		.len = 13

  89. };

  90. 

  91. 

  92. 

  93. #define HTTP_ERROR http_error_quark ()

  94. GQuark

  95. http_error_quark (void)

  96. {

  97. 	return g_quark_from_static_string ("http-error-quark");

  98. }

  99. 

  100. static void

  101. rspamd_http_privbuf_dtor (gpointer ud)

  102. {

  103. 	struct _rspamd_http_privbuf *p = (struct _rspamd_http_privbuf *)ud;

  104. 

  105. 	if (p->data) {

  106. 		rspamd_fstring_free (p->data);

  107. 	}

  108. 

  109. 	g_free (p);

  110. }

  111. 

  112. static const gchar *

  113. rspamd_http_code_to_str (gint code)

  114. {

  115. 	if (code == 200) {

  116. 		return "OK";

  117. 	}

  118. 	else if (code == 404) {

  119. 		return "Not found";

  120. 	}

  121. 	else if (code == 403 || code == 401) {

  122. 		return "Not authorized";

  123. 	}

  124. 	else if (code >= 400 && code < 500) {

  125. 		return "Bad request";

  126. 	}

  127. 	else if (code >= 300 && code < 400) {

  128. 		return "See Other";

  129. 	}

  130. 	else if (code >= 500 && code < 600) {

  131. 		return "Internal server error";

  132. 	}

  133. 

  134. 	return "Unknown error";

  135. }

  136. 

  137. static void

  138. rspamd_http_parse_key (rspamd_ftok_t *data, struct rspamd_http_connection *conn,

  139. 		struct rspamd_http_connection_private *priv)

  140. {

  141. 	guchar *decoded_id;

  142. 	const gchar *eq_pos;

  143. 	gsize id_len;

  144. 	struct rspamd_cryptobox_pubkey *pk;

  145. 

  146. 	if (priv->local_key == NULL) {

  147. 		/* In this case we cannot do anything, e.g. we cannot decrypt payload */

  148. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  149. 	}

  150. 	else {

  151. 		/* Check sanity of what we have */

  152. 		eq_pos = memchr (data->begin, '=', data->len);

  153. 		if (eq_pos != NULL) {

  154. 			decoded_id = rspamd_decode_base32 (data->begin, eq_pos - data->begin,

  155. 					&id_len);

  156. 

  157. 			if (decoded_id != NULL && id_len >= RSPAMD_KEYPAIR_SHORT_ID_LEN) {

  158. 				pk = rspamd_pubkey_from_base32 (eq_pos + 1,

  159. 						data->begin + data->len - eq_pos - 1,

  160. 						RSPAMD_KEYPAIR_KEX,

  161. 						RSPAMD_CRYPTOBOX_MODE_25519);

  162. 				if (pk != NULL) {

  163. 					if (memcmp (rspamd_keypair_get_id (priv->local_key),

  164. 							decoded_id,

  165. 							RSPAMD_KEYPAIR_SHORT_ID_LEN) == 0) {

  166. 						priv->msg->peer_key = pk;

  167. 

  168. 						if (priv->cache && priv->msg->peer_key) {

  169. 							rspamd_keypair_cache_process (priv->cache,

  170. 									priv->local_key,

  171. 									priv->msg->peer_key);

  172. 						}

  173. 					}

  174. 					else {

  175. 						rspamd_pubkey_unref (pk);

  176. 					}

  177. 				}

  178. 			}

  179. 

  180. 			priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  181. 			g_free (decoded_id);

  182. 		}

  183. 	}

  184. }

  185. 

  186. static inline void

  187. rspamd_http_check_special_header (struct rspamd_http_connection *conn,

  188. 		struct rspamd_http_connection_private *priv)

  189. {

  190. 	if (rspamd_ftok_casecmp (&priv->header->name, &date_header) == 0) {

  191. 		priv->msg->date = rspamd_http_parse_date (priv->header->value.begin,

  192. 				priv->header->value.len);

  193. 	}

  194. 	else if (rspamd_ftok_casecmp (&priv->header->name, &key_header) == 0) {

  195. 		rspamd_http_parse_key (&priv->header->value, conn, priv);

  196. 	}

  197. 	else if (rspamd_ftok_casecmp (&priv->header->name, &last_modified_header) == 0) {

  198. 		priv->msg->last_modified = rspamd_http_parse_date (

  199. 				priv->header->value.begin,

  200. 				priv->header->value.len);

  201. 	}

  202. }

  203. 

  204. static gint

  205. rspamd_http_on_url (http_parser * parser, const gchar *at, size_t length)

  206. {

  207. 	struct rspamd_http_connection *conn =

  208. 		(struct rspamd_http_connection *)parser->data;

  209. 	struct rspamd_http_connection_private *priv;

  210. 

  211. 	priv = conn->priv;

  212. 

  213. 	priv->msg->url = rspamd_fstring_append (priv->msg->url, at, length);

  214. 

  215. 	return 0;

  216. }

  217. 

  218. static gint

  219. rspamd_http_on_status (http_parser * parser, const gchar *at, size_t length)

  220. {

  221. 	struct rspamd_http_connection *conn =

  222. 		(struct rspamd_http_connection *)parser->data;

  223. 	struct rspamd_http_connection_private *priv;

  224. 

  225. 	priv = conn->priv;

  226. 

  227. 	if (parser->status_code != 200) {

  228. 		if (priv->msg->status == NULL) {

  229. 			priv->msg->status = rspamd_fstring_new ();

  230. 		}

  231. 

  232. 		priv->msg->status = rspamd_fstring_append (priv->msg->status, at, length);

  233. 	}

  234. 

  235. 	return 0;

  236. }

  237. 

  238. static void

  239. rspamd_http_finish_header (struct rspamd_http_connection *conn,

  240. 		struct rspamd_http_connection_private *priv)

  241. {

  242. 	struct rspamd_http_header *hdr;

  243. 

  244. 	priv->header->combined = rspamd_fstring_append (priv->header->combined,

  245. 			"\r\n", 2);

  246. 	priv->header->value.len = priv->header->combined->len -

  247. 			priv->header->name.len - 4;

  248. 	priv->header->value.begin = priv->header->combined->str +

  249. 			priv->header->name.len + 2;

  250. 	priv->header->name.begin = priv->header->combined->str;

  251. 

  252. 	HASH_FIND (hh, priv->msg->headers, priv->header->name.begin,

  253. 			priv->header->name.len, hdr);

  254. 

  255. 	if (hdr == NULL) {

  256. 		HASH_ADD_KEYPTR (hh, priv->msg->headers, priv->header->name.begin,

  257. 				priv->header->name.len, priv->header);

  258. 	}

  259. 

  260. 	DL_APPEND (hdr, priv->header);

  261. 

  262. 	rspamd_http_check_special_header (conn, priv);

  263. }

  264. 

  265. static void

  266. rspamd_http_init_header (struct rspamd_http_connection_private *priv)

  267. {

  268. 	priv->header = g_malloc0 (sizeof (struct rspamd_http_header));

  269. 	priv->header->combined = rspamd_fstring_new ();

  270. }

  271. 

  272. static gint

  273. rspamd_http_on_header_field (http_parser * parser,

  274. 	const gchar *at,

  275. 	size_t length)

  276. {

  277. 	struct rspamd_http_connection *conn =

  278. 		(struct rspamd_http_connection *)parser->data;

  279. 	struct rspamd_http_connection_private *priv;

  280. 

  281. 	priv = conn->priv;

  282. 

  283. 	if (priv->header == NULL) {

  284. 		rspamd_http_init_header (priv);

  285. 	}

  286. 	else if (priv->flags & RSPAMD_HTTP_CONN_FLAG_NEW_HEADER) {

  287. 		rspamd_http_finish_header (conn, priv);

  288. 		rspamd_http_init_header (priv);

  289. 	}

  290. 

  291. 	priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  292. 	priv->header->combined = rspamd_fstring_append (priv->header->combined,

  293. 			at, length);

  294. 

  295. 	return 0;

  296. }

  297. 

  298. static gint

  299. rspamd_http_on_header_value (http_parser * parser,

  300. 	const gchar *at,

  301. 	size_t length)

  302. {

  303. 	struct rspamd_http_connection *conn =

  304. 		(struct rspamd_http_connection *)parser->data;

  305. 	struct rspamd_http_connection_private *priv;

  306. 

  307. 	priv = conn->priv;

  308. 

  309. 	if (priv->header == NULL) {

  310. 		/* Should not happen */

  311. 		return -1;

  312. 	}

  313. 

  314. 	if (!(priv->flags & RSPAMD_HTTP_CONN_FLAG_NEW_HEADER)) {

  315. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  316. 		priv->header->combined = rspamd_fstring_append (priv->header->combined,

  317. 				": ", 2);

  318. 		priv->header->name.len = priv->header->combined->len - 2;

  319. 	}

  320. 

  321. 	priv->header->combined = rspamd_fstring_append (priv->header->combined,

  322. 			at, length);

  323. 

  324. 	return 0;

  325. }

  326. 

  327. static int

  328. rspamd_http_on_headers_complete (http_parser * parser)

  329. {

  330. 	struct rspamd_http_connection *conn =

  331. 		(struct rspamd_http_connection *)parser->data;

  332. 	struct rspamd_http_connection_private *priv;

  333. 	struct rspamd_http_message *msg;

  334. 	int ret;

  335. 

  336. 	priv = conn->priv;

  337. 	msg = priv->msg;

  338. 

  339. 	if (priv->header != NULL) {

  340. 		rspamd_http_finish_header (conn, priv);

  341. 

  342. 		priv->header = NULL;

  343. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  344. 	}

  345. 

  346. 	if (msg->method == HTTP_HEAD) {

  347. 		/* We don't care about the rest */

  348. 		if (rspamd_event_pending (&priv->ev, EV_READ)) {

  349. 			event_del (&priv->ev);

  350. 		}

  351. 

  352. 		msg->code = parser->status_code;

  353. 		rspamd_http_connection_ref (conn);

  354. 		ret = conn->finish_handler (conn, msg);

  355. 

  356. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  357. 			rspamd_http_context_push_keepalive (conn->priv->ctx, conn,

  358. 					msg, conn->priv->ctx->ev_base);

  359. 			rspamd_http_connection_reset (conn);

  360. 		}

  361. 		else {

  362. 			conn->finished = TRUE;

  363. 		}

  364. 

  365. 		rspamd_http_connection_unref (conn);

  366. 

  367. 		return ret;

  368. 	}

  369. 

  370. 	/*

  371. 	 * HTTP parser sets content length to (-1) when it doesn't know the real

  372. 	 * length, for example, in case of chunked encoding.

  373. 	 *

  374. 	 * Hence, we skip body setup here

  375. 	 */

  376. 	if (parser->content_length != ULLONG_MAX && parser->content_length != 0) {

  377. 		if (conn->max_size > 0 &&

  378. 				parser->content_length > conn->max_size) {

  379. 			/* Too large message */

  380. 			priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE;

  381. 			return -1;

  382. 		}

  383. 

  384. 		if (!rspamd_http_message_set_body (msg, NULL, parser->content_length)) {

  385. 			return -1;

  386. 		}

  387. 	}

  388. 

  389. 	if (parser->flags & F_SPAMC) {

  390. 		msg->flags |= RSPAMD_HTTP_FLAG_SPAMC;

  391. 	}

  392. 

  393. 

  394. 	msg->method = parser->method;

  395. 	msg->code = parser->status_code;

  396. 

  397. 	return 0;

  398. }

  399. 

  400. static void

  401. rspamd_http_switch_zc (struct _rspamd_http_privbuf *pbuf,

  402. 		struct rspamd_http_message *msg)

  403. {

  404. 	pbuf->zc_buf = msg->body_buf.begin + msg->body_buf.len;

  405. 	pbuf->zc_remain = msg->body_buf.allocated_len - msg->body_buf.len;

  406. }

  407. 

  408. static int

  409. rspamd_http_on_body (http_parser * parser, const gchar *at, size_t length)

  410. {

  411. 	struct rspamd_http_connection *conn =

  412. 		(struct rspamd_http_connection *)parser->data;

  413. 	struct rspamd_http_connection_private *priv;

  414. 	struct rspamd_http_message *msg;

  415. 	struct _rspamd_http_privbuf *pbuf;

  416. 	const gchar *p;

  417. 

  418. 	priv = conn->priv;

  419. 	msg = priv->msg;

  420. 	pbuf = priv->buf;

  421. 	p = at;

  422. 

  423. 	if (!(msg->flags & RSPAMD_HTTP_FLAG_HAS_BODY)) {

  424. 		if (!rspamd_http_message_set_body (msg, NULL, parser->content_length)) {

  425. 			return -1;

  426. 		}

  427. 	}

  428. 

  429. 	if (conn->finished) {

  430. 		return 0;

  431. 	}

  432. 

  433. 	if (conn->max_size > 0 &&

  434. 			msg->body_buf.len + length > conn->max_size) {

  435. 		/* Body length overflow */

  436. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_TOO_LARGE;

  437. 		return -1;

  438. 	}

  439. 

  440. 	if (!pbuf->zc_buf) {

  441. 		if (!rspamd_http_message_append_body (msg, at, length)) {

  442. 			return -1;

  443. 		}

  444. 

  445. 		/* We might have some leftover in our private buffer */

  446. 		if (pbuf->data->len == length) {

  447. 			/* Switch to zero-copy mode */

  448. 			rspamd_http_switch_zc (pbuf, msg);

  449. 		}

  450. 	}

  451. 	else {

  452. 		if (msg->body_buf.begin + msg->body_buf.len != at) {

  453. 			/* Likely chunked encoding */

  454. 			memmove ((gchar *)msg->body_buf.begin + msg->body_buf.len, at, length);

  455. 			p = msg->body_buf.begin + msg->body_buf.len;

  456. 		}

  457. 

  458. 		/* Adjust zero-copy buf */

  459. 		msg->body_buf.len += length;

  460. 

  461. 		if (!(msg->flags & RSPAMD_HTTP_FLAG_SHMEM)) {

  462. 			msg->body_buf.c.normal->len += length;

  463. 		}

  464. 

  465. 		pbuf->zc_buf = msg->body_buf.begin + msg->body_buf.len;

  466. 		pbuf->zc_remain = msg->body_buf.allocated_len - msg->body_buf.len;

  467. 	}

  468. 

  469. 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) && !IS_CONN_ENCRYPTED (priv)) {

  470. 		/* Incremental update is impossible for encrypted requests so far */

  471. 		return (conn->body_handler (conn, msg, p, length));

  472. 	}

  473. 

  474. 	return 0;

  475. }

  476. 

  477. static int

  478. rspamd_http_on_body_decrypted (http_parser * parser, const gchar *at, size_t length)

  479. {

  480. 	struct rspamd_http_connection *conn =

  481. 		(struct rspamd_http_connection *)parser->data;

  482. 	struct rspamd_http_connection_private *priv;

  483. 

  484. 	priv = conn->priv;

  485. 

  486. 	if (priv->header != NULL) {

  487. 		rspamd_http_finish_header (conn, priv);

  488. 		priv->header = NULL;

  489. 	}

  490. 

  491. 	if (conn->finished) {

  492. 		return 0;

  493. 	}

  494. 

  495. 	if (priv->msg->body_buf.len == 0) {

  496. 

  497. 		priv->msg->body_buf.begin = at;

  498. 		priv->msg->method = parser->method;

  499. 		priv->msg->code = parser->status_code;

  500. 	}

  501. 

  502. 	priv->msg->body_buf.len += length;

  503. 

  504. 	return 0;

  505. }

  506. 

  507. static int

  508. rspamd_http_on_headers_complete_decrypted (http_parser *parser)

  509. {

  510. 	struct rspamd_http_connection *conn =

  511. 			(struct rspamd_http_connection *) parser->data;

  512. 	struct rspamd_http_connection_private *priv;

  513. 	struct rspamd_http_message *msg;

  514. 	int ret;

  515. 

  516. 	priv = conn->priv;

  517. 	msg = priv->msg;

  518. 

  519. 	if (priv->header != NULL) {

  520. 		rspamd_http_finish_header (conn, priv);

  521. 

  522. 		priv->header = NULL;

  523. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  524. 	}

  525. 

  526. 	if (parser->flags & F_SPAMC) {

  527. 		priv->msg->flags |= RSPAMD_HTTP_FLAG_SPAMC;

  528. 	}

  529. 

  530. 	if (msg->method == HTTP_HEAD) {

  531. 		/* We don't care about the rest */

  532. 		if (rspamd_event_pending (&priv->ev, EV_READ)) {

  533. 			event_del (&priv->ev);

  534. 		}

  535. 

  536. 		msg->code = parser->status_code;

  537. 		rspamd_http_connection_ref (conn);

  538. 		ret = conn->finish_handler (conn, msg);

  539. 

  540. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  541. 			rspamd_http_context_push_keepalive (conn->priv->ctx, conn,

  542. 					msg, conn->priv->ctx->ev_base);

  543. 			rspamd_http_connection_reset (conn);

  544. 		}

  545. 		else {

  546. 			conn->finished = TRUE;

  547. 		}

  548. 

  549. 		rspamd_http_connection_unref (conn);

  550. 

  551. 		return ret;

  552. 	}

  553. 

  554. 	priv->msg->method = parser->method;

  555. 	priv->msg->code = parser->status_code;

  556. 

  557. 	return 0;

  558. }

  559. 

  560. static int

  561. rspamd_http_decrypt_message (struct rspamd_http_connection *conn,

  562. 		struct rspamd_http_connection_private *priv,

  563. 		struct rspamd_cryptobox_pubkey *peer_key)

  564. {

  565. 	guchar *nonce, *m;

  566. 	const guchar *nm;

  567. 	gsize dec_len;

  568. 	struct rspamd_http_message *msg = priv->msg;

  569. 	struct rspamd_http_header *hdr, *hdrtmp, *hcur, *hcurtmp;

  570. 	struct http_parser decrypted_parser;

  571. 	struct http_parser_settings decrypted_cb;

  572. 	enum rspamd_cryptobox_mode mode;

  573. 

  574. 	mode = rspamd_keypair_alg (priv->local_key);

  575. 	nonce = msg->body_buf.str;

  576. 	m = msg->body_buf.str + rspamd_cryptobox_nonce_bytes (mode) +

  577. 			rspamd_cryptobox_mac_bytes (mode);

  578. 	dec_len = msg->body_buf.len - rspamd_cryptobox_nonce_bytes (mode) -

  579. 			rspamd_cryptobox_mac_bytes (mode);

  580. 

  581. 	if ((nm = rspamd_pubkey_get_nm (peer_key, priv->local_key)) == NULL) {

  582. 		nm = rspamd_pubkey_calculate_nm (peer_key, priv->local_key);

  583. 	}

  584. 

  585. 	if (!rspamd_cryptobox_decrypt_nm_inplace (m, dec_len, nonce,

  586. 			nm, m - rspamd_cryptobox_mac_bytes (mode), mode)) {

  587. 		msg_err ("cannot verify encrypted message, first bytes of the input: %*xs",

  588. 				(gint)MIN(msg->body_buf.len, 64), msg->body_buf.begin);

  589. 		return -1;

  590. 	}

  591. 

  592. 	/* Cleanup message */

  593. 	HASH_ITER (hh, msg->headers, hdr, hdrtmp) {

  594. 		HASH_DELETE (hh, msg->headers, hdr);

  595. 

  596. 		DL_FOREACH_SAFE (hdr, hcur, hcurtmp) {

  597. 			rspamd_fstring_free (hcur->combined);

  598. 			g_free (hcur);

  599. 		}

  600. 	}

  601. 

  602. 	msg->headers = NULL;

  603. 

  604. 	if (msg->url != NULL) {

  605. 		msg->url = rspamd_fstring_assign (msg->url, "", 0);

  606. 	}

  607. 

  608. 	msg->body_buf.len = 0;

  609. 

  610. 	memset (&decrypted_parser, 0, sizeof (decrypted_parser));

  611. 	http_parser_init (&decrypted_parser,

  612. 			conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  613. 

  614. 	memset (&decrypted_cb, 0, sizeof (decrypted_cb));

  615. 	decrypted_cb.on_url = rspamd_http_on_url;

  616. 	decrypted_cb.on_status = rspamd_http_on_status;

  617. 	decrypted_cb.on_header_field = rspamd_http_on_header_field;

  618. 	decrypted_cb.on_header_value = rspamd_http_on_header_value;

  619. 	decrypted_cb.on_headers_complete = rspamd_http_on_headers_complete_decrypted;

  620. 	decrypted_cb.on_body = rspamd_http_on_body_decrypted;

  621. 	decrypted_parser.data = conn;

  622. 	decrypted_parser.content_length = dec_len;

  623. 

  624. 	if (http_parser_execute (&decrypted_parser, &decrypted_cb, m,

  625. 			dec_len) != (size_t)dec_len) {

  626. 		msg_err ("HTTP parser error: %s when parsing encrypted request",

  627. 				http_errno_description (decrypted_parser.http_errno));

  628. 		return -1;

  629. 	}

  630. 

  631. 	return 0;

  632. }

  633. 

  634. static int

  635. rspamd_http_on_message_complete (http_parser * parser)

  636. {

  637. 	struct rspamd_http_connection *conn =

  638. 		(struct rspamd_http_connection *)parser->data;

  639. 	struct rspamd_http_connection_private *priv;

  640. 	int ret = 0;

  641. 	enum rspamd_cryptobox_mode mode;

  642. 

  643. 	if (conn->finished) {

  644. 		return 0;

  645. 	}

  646. 

  647. 	priv = conn->priv;

  648. 

  649. 	if ((conn->opts & RSPAMD_HTTP_REQUIRE_ENCRYPTION) && !IS_CONN_ENCRYPTED (priv)) {

  650. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED;

  651. 		msg_err ("unencrypted connection when encryption has been requested");

  652. 		return -1;

  653. 	}

  654. 

  655. 	if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && IS_CONN_ENCRYPTED (priv)) {

  656. 		mode = rspamd_keypair_alg (priv->local_key);

  657. 

  658. 		if (priv->local_key == NULL || priv->msg->peer_key == NULL ||

  659. 				priv->msg->body_buf.len < rspamd_cryptobox_nonce_bytes (mode) +

  660. 				rspamd_cryptobox_mac_bytes (mode)) {

  661. 			msg_err ("cannot decrypt message");

  662. 			return -1;

  663. 		}

  664. 

  665. 		/* We have keys, so we can decrypt message */

  666. 		ret = rspamd_http_decrypt_message (conn, priv, priv->msg->peer_key);

  667. 

  668. 		if (ret != 0) {

  669. 			return ret;

  670. 		}

  671. 

  672. 		if (conn->body_handler != NULL) {

  673. 			rspamd_http_connection_ref (conn);

  674. 			ret = conn->body_handler (conn,

  675. 					priv->msg,

  676. 					priv->msg->body_buf.begin,

  677. 					priv->msg->body_buf.len);

  678. 			rspamd_http_connection_unref (conn);

  679. 		}

  680. 	}

  681. 	else if ((conn->opts & RSPAMD_HTTP_BODY_PARTIAL) == 0 && conn->body_handler) {

  682. 		g_assert (conn->body_handler != NULL);

  683. 		rspamd_http_connection_ref (conn);

  684. 		ret = conn->body_handler (conn,

  685. 				priv->msg,

  686. 				priv->msg->body_buf.begin,

  687. 				priv->msg->body_buf.len);

  688. 		rspamd_http_connection_unref (conn);

  689. 	}

  690. 

  691. 	if (ret == 0) {

  692. 		if (rspamd_event_pending (&priv->ev, EV_READ)) {

  693. 			event_del (&priv->ev);

  694. 		}

  695. 

  696. 		rspamd_http_connection_ref (conn);

  697. 		ret = conn->finish_handler (conn, priv->msg);

  698. 

  699. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  700. 			rspamd_http_context_push_keepalive (conn->priv->ctx, conn,

  701. 					priv->msg, conn->priv->ctx->ev_base);

  702. 			rspamd_http_connection_reset (conn);

  703. 		}

  704. 		else {

  705. 			conn->finished = TRUE;

  706. 		}

  707. 

  708. 		rspamd_http_connection_unref (conn);

  709. 	}

  710. 

  711. 	return ret;

  712. }

  713. 

  714. static void

  715. rspamd_http_simple_client_helper (struct rspamd_http_connection *conn)

  716. {

  717. 	struct rspamd_http_connection_private *priv;

  718. 	gpointer ssl;

  719. 	gint request_method;

  720. 	rspamd_fstring_t *prev_host;

  721. 

  722. 	priv = conn->priv;

  723. 	ssl = priv->ssl;

  724. 	priv->ssl = NULL;

  725. 

  726. 	/* Preserve data */

  727. 	if (priv->msg) {

  728. 		request_method = priv->msg->method;

  729. 		/* Preserve host for keepalive */

  730. 		prev_host = priv->msg->host;

  731. 		priv->msg->host = NULL;

  732. 	}

  733. 

  734. 	rspamd_http_connection_reset (conn);

  735. 	priv->ssl = ssl;

  736. 

  737. 	/* Plan read message */

  738. 

  739. 	if (conn->opts & RSPAMD_HTTP_CLIENT_SHARED) {

  740. 		rspamd_http_connection_read_message_shared (conn, conn->ud,

  741. 				conn->priv->ptv);

  742. 	}

  743. 	else {

  744. 		rspamd_http_connection_read_message (conn, conn->ud,

  745. 				conn->priv->ptv);

  746. 	}

  747. 

  748. 	if (priv->msg) {

  749. 		priv->msg->method = request_method;

  750. 		priv->msg->host = prev_host;

  751. 	}

  752. 	else {

  753. 		if (prev_host) {

  754. 			rspamd_fstring_free (prev_host);

  755. 		}

  756. 	}

  757. }

  758. 

  759. static void

  760. rspamd_http_write_helper (struct rspamd_http_connection *conn)

  761. {

  762. 	struct rspamd_http_connection_private *priv;

  763. 	struct iovec *start;

  764. 	guint niov, i;

  765. 	gint flags = 0;

  766. 	gsize remain;

  767. 	gssize r;

  768. 	GError *err;

  769. 	struct iovec *cur_iov;

  770. 	struct msghdr msg;

  771. 

  772. 	priv = conn->priv;

  773. 

  774. 	if (priv->wr_pos == priv->wr_total) {

  775. 		goto call_finish_handler;

  776. 	}

  777. 

  778. 	start = &priv->out[0];

  779. 	niov = priv->outlen;

  780. 	remain = priv->wr_pos;

  781. 	/* We know that niov is small enough for that */

  782. 	cur_iov = alloca (niov * sizeof (struct iovec));

  783. 	memcpy (cur_iov, priv->out, niov * sizeof (struct iovec));

  784. 	for (i = 0; i < priv->outlen && remain > 0; i++) {

  785. 		/* Find out the first iov required */

  786. 		start = &cur_iov[i];

  787. 		if (start->iov_len <= remain) {

  788. 			remain -= start->iov_len;

  789. 			start = &cur_iov[i + 1];

  790. 			niov--;

  791. 		}

  792. 		else {

  793. 			start->iov_base = (void *)((char *)start->iov_base + remain);

  794. 			start->iov_len -= remain;

  795. 			remain = 0;

  796. 		}

  797. 	}

  798. 

  799. 	memset (&msg, 0, sizeof (msg));

  800. 	msg.msg_iov = start;

  801. 	msg.msg_iovlen = MIN (IOV_MAX, niov);

  802. 	g_assert (niov > 0);

  803. #ifdef MSG_NOSIGNAL

  804. 	flags = MSG_NOSIGNAL;

  805. #endif

  806. 

  807. 	if (priv->ssl) {

  808. 		r = rspamd_ssl_writev (priv->ssl, msg.msg_iov, msg.msg_iovlen);

  809. 	}

  810. 	else {

  811. 		r = sendmsg (conn->fd, &msg, flags);

  812. 	}

  813. 

  814. 	if (r == -1) {

  815. 		if (!priv->ssl) {

  816. 			err = g_error_new (HTTP_ERROR, errno, "IO write error: %s", strerror (errno));

  817. 			rspamd_http_connection_ref (conn);

  818. 			conn->error_handler (conn, err);

  819. 			rspamd_http_connection_unref (conn);

  820. 			g_error_free (err);

  821. 		}

  822. 

  823. 		return;

  824. 	}

  825. 	else {

  826. 		priv->wr_pos += r;

  827. 	}

  828. 

  829. 	if (priv->wr_pos >= priv->wr_total) {

  830. 		goto call_finish_handler;

  831. 	}

  832. 	else {

  833. 		/* Want to write more */

  834. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  835. 		event_add (&priv->ev, priv->ptv);

  836. 	}

  837. 

  838. 	return;

  839. 

  840. call_finish_handler:

  841. 	if ((conn->opts & RSPAMD_HTTP_CLIENT_SIMPLE) == 0) {

  842. 		rspamd_http_connection_ref (conn);

  843. 		conn->finished = TRUE;

  844. 		conn->finish_handler (conn, priv->msg);

  845. 		rspamd_http_connection_unref (conn);

  846. 	}

  847. 	else {

  848. 		/* Plan read message */

  849. 		rspamd_http_simple_client_helper (conn);

  850. 	}

  851. }

  852. 

  853. static gssize

  854. rspamd_http_try_read (gint fd,

  855. 		struct rspamd_http_connection *conn,

  856. 		struct rspamd_http_connection_private *priv,

  857. 		struct _rspamd_http_privbuf *pbuf,

  858. 		const gchar **buf_ptr)

  859. {

  860. 	gssize r;

  861. 	gchar *data;

  862. 	gsize len;

  863. 	struct rspamd_http_message *msg;

  864. 

  865. 	msg = priv->msg;

  866. 

  867. 	if (pbuf->zc_buf == NULL) {

  868. 		data = priv->buf->data->str;

  869. 		len = priv->buf->data->allocated;

  870. 	}

  871. 	else {

  872. 		data = (gchar *)pbuf->zc_buf;

  873. 		len = pbuf->zc_remain;

  874. 

  875. 		if (len == 0) {

  876. 			rspamd_http_message_grow_body (priv->msg, priv->buf->data->allocated);

  877. 			rspamd_http_switch_zc (pbuf, msg);

  878. 			data = (gchar *)pbuf->zc_buf;

  879. 			len = pbuf->zc_remain;

  880. 		}

  881. 	}

  882. 

  883. 	if (priv->ssl) {

  884. 		r = rspamd_ssl_read (priv->ssl, data, len);

  885. 	}

  886. 	else {

  887. 		r = read (fd, data, len);

  888. 	}

  889. 

  890. 	if (r <= 0) {

  891. 		return r;

  892. 	}

  893. 	else {

  894. 		if (pbuf->zc_buf == NULL) {

  895. 			priv->buf->data->len = r;

  896. 		}

  897. 		else {

  898. 			pbuf->zc_remain -= r;

  899. 			pbuf->zc_buf += r;

  900. 		}

  901. 	}

  902. 

  903. 	if (buf_ptr) {

  904. 		*buf_ptr = data;

  905. 	}

  906. 

  907. 	return r;

  908. }

  909. 

  910. static void

  911. rspamd_http_ssl_err_handler (gpointer ud, GError *err)

  912. {

  913. 	struct rspamd_http_connection *conn = (struct rspamd_http_connection *)ud;

  914. 

  915. 	rspamd_http_connection_ref (conn);

  916. 	conn->error_handler (conn, err);

  917. 	rspamd_http_connection_unref (conn);

  918. }

  919. 

  920. static void

  921. rspamd_http_event_handler (int fd, short what, gpointer ud)

  922. {

  923. 	struct rspamd_http_connection *conn = (struct rspamd_http_connection *)ud;

  924. 	struct rspamd_http_connection_private *priv;

  925. 	struct _rspamd_http_privbuf *pbuf;

  926. 	const gchar *d;

  927. 	gssize r;

  928. 	GError *err;

  929. 

  930. 	priv = conn->priv;

  931. 	pbuf = priv->buf;

  932. 	REF_RETAIN (pbuf);

  933. 	rspamd_http_connection_ref (conn);

  934. 

  935. 	if (what == EV_READ) {

  936. 		r = rspamd_http_try_read (fd, conn, priv, pbuf, &d);

  937. 

  938. 		if (r > 0) {

  939. 			if (http_parser_execute (&priv->parser, &priv->parser_cb,

  940. 					d, r) != (size_t)r || priv->parser.http_errno != 0) {

  941. 				if (priv->flags & RSPAMD_HTTP_CONN_FLAG_TOO_LARGE) {

  942. 					err = g_error_new (HTTP_ERROR, 413,

  943. 							"Request entity too large: %zu",

  944. 							(size_t)priv->parser.content_length);

  945. 				}

  946. 				else if (priv->flags & RSPAMD_HTTP_CONN_FLAG_ENCRYPTION_NEEDED) {

  947. 					err = g_error_new (HTTP_ERROR, 400,

  948. 							"Encryption required");

  949. 				}

  950. 				else {

  951. 					err = g_error_new (HTTP_ERROR, 500 + priv->parser.http_errno,

  952. 							"HTTP parser error: %s",

  953. 							http_errno_description (priv->parser.http_errno));

  954. 				}

  955. 

  956. 				if (!conn->finished) {

  957. 					conn->error_handler (conn, err);

  958. 				}

  959. 				else {

  960. 					msg_err ("got error after HTTP request is finished: %e", err);

  961. 				}

  962. 

  963. 				g_error_free (err);

  964. 

  965. 				REF_RELEASE (pbuf);

  966. 				rspamd_http_connection_unref (conn);

  967. 

  968. 				return;

  969. 			}

  970. 		}

  971. 		else if (r == 0) {

  972. 			/* We can still call http parser */

  973. 			http_parser_execute (&priv->parser, &priv->parser_cb, d, r);

  974. 

  975. 			if (!conn->finished) {

  976. 				err = g_error_new (HTTP_ERROR,

  977. 						errno,

  978. 						"IO read error: unexpected EOF");

  979. 				conn->error_handler (conn, err);

  980. 				g_error_free (err);

  981. 			}

  982. 			REF_RELEASE (pbuf);

  983. 			rspamd_http_connection_unref (conn);

  984. 

  985. 			return;

  986. 		}

  987. 		else {

  988. 			if (!priv->ssl) {

  989. 				err = g_error_new (HTTP_ERROR,

  990. 						errno,

  991. 						"IO read error: %s",

  992. 						strerror (errno));

  993. 				conn->error_handler (conn, err);

  994. 				g_error_free (err);

  995. 			}

  996. 

  997. 			REF_RELEASE (pbuf);

  998. 			rspamd_http_connection_unref (conn);

  999. 

  1000. 			return;

  1001. 		}

  1002. 	}

  1003. 	else if (what == EV_TIMEOUT) {

  1004. 		/* Let's try to read from the socket first */

  1005. 		r = rspamd_http_try_read (fd, conn, priv, pbuf, &d);

  1006. 

  1007. 		if (r > 0) {

  1008. 			if (http_parser_execute (&priv->parser, &priv->parser_cb,

  1009. 					d, r) != (size_t)r || priv->parser.http_errno != 0) {

  1010. 				err = g_error_new (HTTP_ERROR, priv->parser.http_errno,

  1011. 						"HTTP parser error: %s",

  1012. 						http_errno_description (priv->parser.http_errno));

  1013. 

  1014. 				if (!conn->finished) {

  1015. 					conn->error_handler (conn, err);

  1016. 				}

  1017. 				else {

  1018. 					msg_err ("got error after HTTP request is finished: %e", err);

  1019. 				}

  1020. 

  1021. 				g_error_free (err);

  1022. 

  1023. 				REF_RELEASE (pbuf);

  1024. 				rspamd_http_connection_unref (conn);

  1025. 

  1026. 				return;

  1027. 			}

  1028. 		}

  1029. 		else if (r == 0) {

  1030. 			if (!conn->finished) {

  1031. 				err = g_error_new (HTTP_ERROR, ETIMEDOUT,

  1032. 						"IO timeout");

  1033. 				conn->error_handler (conn, err);

  1034. 				g_error_free (err);

  1035. 

  1036. 			}

  1037. 			REF_RELEASE (pbuf);

  1038. 			rspamd_http_connection_unref (conn);

  1039. 

  1040. 			return;

  1041. 		}

  1042. 		else {

  1043. 			err = g_error_new (HTTP_ERROR, ETIMEDOUT,

  1044. 					"IO timeout");

  1045. 			conn->error_handler (conn, err);

  1046. 			g_error_free (err);

  1047. 

  1048. 			REF_RELEASE (pbuf);

  1049. 			rspamd_http_connection_unref (conn);

  1050. 

  1051. 			return;

  1052. 		}

  1053. 	}

  1054. 	else if (what == EV_WRITE) {

  1055. 		rspamd_http_write_helper (conn);

  1056. 	}

  1057. 

  1058. 	REF_RELEASE (pbuf);

  1059. 	rspamd_http_connection_unref (conn);

  1060. }

  1061. 

  1062. static void

  1063. rspamd_http_parser_reset (struct rspamd_http_connection *conn)

  1064. {

  1065. 	struct rspamd_http_connection_private *priv = conn->priv;

  1066. 

  1067. 	http_parser_init (&priv->parser,

  1068. 		conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  1069. 

  1070. 	priv->parser_cb.on_url = rspamd_http_on_url;

  1071. 	priv->parser_cb.on_status = rspamd_http_on_status;

  1072. 	priv->parser_cb.on_header_field = rspamd_http_on_header_field;

  1073. 	priv->parser_cb.on_header_value = rspamd_http_on_header_value;

  1074. 	priv->parser_cb.on_headers_complete = rspamd_http_on_headers_complete;

  1075. 	priv->parser_cb.on_body = rspamd_http_on_body;

  1076. 	priv->parser_cb.on_message_complete = rspamd_http_on_message_complete;

  1077. }

  1078. 

  1079. struct rspamd_http_connection *

  1080. rspamd_http_connection_new (

  1081. 		struct rspamd_http_context *ctx,

  1082. 		gint fd,

  1083. 		rspamd_http_body_handler_t body_handler,

  1084. 		rspamd_http_error_handler_t error_handler,

  1085. 		rspamd_http_finish_handler_t finish_handler,

  1086. 		unsigned opts,

  1087. 		enum rspamd_http_connection_type type)

  1088. {

  1089. 	struct rspamd_http_connection *conn;

  1090. 	struct rspamd_http_connection_private *priv;

  1091. 

  1092. 	if (error_handler == NULL || finish_handler == NULL) {

  1093. 		return NULL;

  1094. 	}

  1095. 

  1096. 	conn = g_malloc0 (sizeof (struct rspamd_http_connection));

  1097. 	conn->opts = opts;

  1098. 	conn->type = type;

  1099. 	conn->body_handler = body_handler;

  1100. 	conn->error_handler = error_handler;

  1101. 	conn->finish_handler = finish_handler;

  1102. 	conn->fd = fd;

  1103. 	conn->ref = 1;

  1104. 	conn->finished = FALSE;

  1105. 

  1106. 	/* Init priv */

  1107. 	if (ctx == NULL) {

  1108. 		ctx = rspamd_http_context_default ();

  1109. 	}

  1110. 

  1111. 	priv = g_malloc0 (sizeof (struct rspamd_http_connection_private));

  1112. 	conn->priv = priv;

  1113. 	priv->ctx = ctx;

  1114. 

  1115. 	if (conn->type == RSPAMD_HTTP_CLIENT) {

  1116. 		priv->cache = ctx->client_kp_cache;

  1117. 		if (ctx->client_kp) {

  1118. 			priv->local_key = rspamd_keypair_ref (ctx->client_kp);

  1119. 		}

  1120. 	}

  1121. 	else {

  1122. 		priv->cache = ctx->server_kp_cache;

  1123. 	}

  1124. 

  1125. 	rspamd_http_parser_reset (conn);

  1126. 	priv->parser.data = conn;

  1127. 

  1128. 	return conn;

  1129. }

  1130. 

  1131. struct rspamd_http_connection *

  1132. rspamd_http_connection_new_keepalive (struct rspamd_http_context *ctx,

  1133. 		rspamd_http_body_handler_t body_handler,

  1134. 		rspamd_http_error_handler_t error_handler,

  1135. 		rspamd_http_finish_handler_t finish_handler,

  1136. 		rspamd_inet_addr_t *addr,

  1137. 		const gchar *host)

  1138. {

  1139. 	struct rspamd_http_connection *conn;

  1140. 	gint fd;

  1141. 

  1142. 	if (error_handler == NULL || finish_handler == NULL) {

  1143. 		return NULL;

  1144. 	}

  1145. 

  1146. 	if (ctx == NULL) {

  1147. 		ctx = rspamd_http_context_default ();

  1148. 	}

  1149. 

  1150. 	conn = rspamd_http_context_check_keepalive (ctx, addr, host);

  1151. 

  1152. 	if (conn) {

  1153. 		return conn;

  1154. 	}

  1155. 

  1156. 	fd = rspamd_inet_address_connect (addr, SOCK_STREAM, TRUE);

  1157. 

  1158. 	if (fd == -1) {

  1159. 		msg_info ("cannot connect to %s: %s", rspamd_inet_address_to_string (addr),

  1160. 				host);

  1161. 		return NULL;

  1162. 	}

  1163. 

  1164. 	conn = rspamd_http_connection_new (ctx, fd, body_handler, error_handler,

  1165. 			finish_handler,

  1166. 			RSPAMD_HTTP_CLIENT_SIMPLE|RSPAMD_HTTP_CLIENT_KEEP_ALIVE,

  1167. 			RSPAMD_HTTP_CLIENT);

  1168. 

  1169. 	if (conn) {

  1170. 		rspamd_http_context_prepare_keepalive (ctx, conn, addr, host);

  1171. 	}

  1172. 

  1173. 	return conn;

  1174. }

  1175. 

  1176. void

  1177. rspamd_http_connection_reset (struct rspamd_http_connection *conn)

  1178. {

  1179. 	struct rspamd_http_connection_private *priv;

  1180. 	struct rspamd_http_message *msg;

  1181. 

  1182. 	priv = conn->priv;

  1183. 	msg = priv->msg;

  1184. 

  1185. 	/* Clear request */

  1186. 	if (msg != NULL) {

  1187. 		if (msg->peer_key) {

  1188. 			priv->peer_key = msg->peer_key;

  1189. 			msg->peer_key = NULL;

  1190. 		}

  1191. 		rspamd_http_message_unref (msg);

  1192. 		priv->msg = NULL;

  1193. 	}

  1194. 

  1195. 	conn->finished = FALSE;

  1196. 	/* Clear priv */

  1197. 

  1198. 	if (!(priv->flags & RSPAMD_HTTP_CONN_FLAG_RESETED)) {

  1199. 

  1200. 		if (rspamd_event_pending (&priv->ev, EV_READ|EV_WRITE|EV_TIMEOUT)) {

  1201. 			event_del (&priv->ev);

  1202. 		}

  1203. 

  1204. 		rspamd_http_parser_reset (conn);

  1205. 	}

  1206. 

  1207. 	if (priv->buf != NULL) {

  1208. 		REF_RELEASE (priv->buf);

  1209. 		priv->buf = NULL;

  1210. 	}

  1211. 

  1212. 	if (priv->out != NULL) {

  1213. 		g_free (priv->out);

  1214. 		priv->out = NULL;

  1215. 	}

  1216. 

  1217. 	priv->flags |= RSPAMD_HTTP_CONN_FLAG_RESETED;

  1218. }

  1219. 

  1220. struct rspamd_http_message *

  1221. rspamd_http_connection_steal_msg (struct rspamd_http_connection *conn)

  1222. {

  1223. 	struct rspamd_http_connection_private *priv;

  1224. 	struct rspamd_http_message *msg;

  1225. 

  1226. 	priv = conn->priv;

  1227. 	msg = priv->msg;

  1228. 

  1229. 	/* Clear request */

  1230. 	if (msg != NULL) {

  1231. 		if (msg->peer_key) {

  1232. 			priv->peer_key = msg->peer_key;

  1233. 			msg->peer_key = NULL;

  1234. 		}

  1235. 		priv->msg = NULL;

  1236. 	}

  1237. 

  1238. 	return msg;

  1239. }

  1240. 

  1241. struct rspamd_http_message *

  1242. rspamd_http_connection_copy_msg (struct rspamd_http_message *msg, GError **err)

  1243. {

  1244. 	struct rspamd_http_message *new_msg;

  1245. 	struct rspamd_http_header *hdr, *nhdr, *nhdrs, *thdr, *hcur;

  1246. 	const gchar *old_body;

  1247. 	gsize old_len;

  1248. 	struct stat st;

  1249. 	union _rspamd_storage_u *storage;

  1250. 

  1251. 	new_msg = rspamd_http_new_message (msg->type);

  1252. 	new_msg->flags = msg->flags;

  1253. 

  1254. 	if (msg->body_buf.len > 0) {

  1255. 

  1256. 		if (msg->flags & RSPAMD_HTTP_FLAG_SHMEM) {

  1257. 			/* Avoid copying by just maping a shared segment */

  1258. 			new_msg->flags |= RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE;

  1259. 

  1260. 			storage = &new_msg->body_buf.c;

  1261. 			storage->shared.shm_fd = dup (msg->body_buf.c.shared.shm_fd);

  1262. 

  1263. 			if (storage->shared.shm_fd == -1) {

  1264. 				rspamd_http_message_unref (new_msg);

  1265. 				g_set_error (err, http_error_quark (), errno,

  1266. 						"cannot dup shmem fd: %d: %s",

  1267. 						msg->body_buf.c.shared.shm_fd, strerror (errno));

  1268. 

  1269. 				return NULL;

  1270. 			}

  1271. 

  1272. 			if (fstat (storage->shared.shm_fd, &st) == -1) {

  1273. 				g_set_error (err, http_error_quark (), errno,

  1274. 						"cannot stat shmem fd: %d: %s",

  1275. 						storage->shared.shm_fd, strerror (errno));

  1276. 				rspamd_http_message_unref (new_msg);

  1277. 

  1278. 				return NULL;

  1279. 			}

  1280. 

  1281. 			/* We don't own segment, so do not try to touch it */

  1282. 

  1283. 			if (msg->body_buf.c.shared.name) {

  1284. 				storage->shared.name = msg->body_buf.c.shared.name;

  1285. 				REF_RETAIN (storage->shared.name);

  1286. 			}

  1287. 

  1288. 			new_msg->body_buf.str = mmap (NULL, st.st_size,

  1289. 					PROT_READ, MAP_SHARED,

  1290. 					storage->shared.shm_fd, 0);

  1291. 

  1292. 			if (new_msg->body_buf.str == MAP_FAILED) {

  1293. 				g_set_error (err, http_error_quark (), errno,

  1294. 						"cannot mmap shmem fd: %d: %s",

  1295. 						storage->shared.shm_fd, strerror (errno));

  1296. 				rspamd_http_message_unref (new_msg);

  1297. 

  1298. 				return NULL;

  1299. 			}

  1300. 

  1301. 			new_msg->body_buf.begin = new_msg->body_buf.str;

  1302. 			new_msg->body_buf.len = msg->body_buf.len;

  1303. 			new_msg->body_buf.begin = new_msg->body_buf.str +

  1304. 					(msg->body_buf.begin - msg->body_buf.str);

  1305. 		}

  1306. 		else {

  1307. 			old_body = rspamd_http_message_get_body (msg, &old_len);

  1308. 

  1309. 			if (!rspamd_http_message_set_body (new_msg, old_body, old_len)) {

  1310. 				g_set_error (err, http_error_quark (), errno,

  1311. 						"cannot set body for message, length: %zd",

  1312. 						old_len);

  1313. 				rspamd_http_message_unref (new_msg);

  1314. 

  1315. 				return NULL;

  1316. 			}

  1317. 		}

  1318. 	}

  1319. 

  1320. 	if (msg->url) {

  1321. 		if (new_msg->url) {

  1322. 			new_msg->url = rspamd_fstring_append (new_msg->url, msg->url->str,

  1323. 								msg->url->len);

  1324. 		}

  1325. 		else {

  1326. 			new_msg->url = rspamd_fstring_new_init (msg->url->str,

  1327. 					msg->url->len);

  1328. 		}

  1329. 	}

  1330. 

  1331. 	if (msg->host) {

  1332. 		new_msg->host = rspamd_fstring_new_init (msg->host->str,

  1333. 				msg->host->len);

  1334. 	}

  1335. 

  1336. 	new_msg->method = msg->method;

  1337. 	new_msg->port = msg->port;

  1338. 	new_msg->date = msg->date;

  1339. 	new_msg->last_modified = msg->last_modified;

  1340. 

  1341. 	HASH_ITER (hh, msg->headers, hdr, thdr) {

  1342. 		nhdrs = NULL;

  1343. 

  1344. 		DL_FOREACH (hdr, hcur) {

  1345. 			nhdr = g_malloc (sizeof (struct rspamd_http_header));

  1346. 

  1347. 			nhdr->combined = rspamd_fstring_new_init (hcur->combined->str,

  1348. 					hcur->combined->len);

  1349. 			nhdr->name.begin = nhdr->combined->str +

  1350. 					(hcur->name.begin - hcur->combined->str);

  1351. 			nhdr->name.len = hcur->name.len;

  1352. 			nhdr->value.begin = nhdr->combined->str +

  1353. 					(hcur->value.begin - hcur->combined->str);

  1354. 			nhdr->value.len = hcur->value.len;

  1355. 			DL_APPEND (nhdrs, nhdr);

  1356. 		}

  1357. 

  1358. 		HASH_ADD_KEYPTR (hh, new_msg->headers, nhdrs->name.begin,

  1359. 				nhdrs->name.len, nhdrs);

  1360. 	}

  1361. 

  1362. 	return new_msg;

  1363. }

  1364. 

  1365. void

  1366. rspamd_http_connection_free (struct rspamd_http_connection *conn)

  1367. {

  1368. 	struct rspamd_http_connection_private *priv;

  1369. 

  1370. 	priv = conn->priv;

  1371. 

  1372. 	if (priv != NULL) {

  1373. 		rspamd_http_connection_reset (conn);

  1374. 

  1375. 		if (priv->ssl) {

  1376. 			rspamd_ssl_connection_free (priv->ssl);

  1377. 			priv->ssl = NULL;

  1378. 		}

  1379. 

  1380. 		if (priv->local_key) {

  1381. 			rspamd_keypair_unref (priv->local_key);

  1382. 		}

  1383. 		if (priv->peer_key) {

  1384. 			rspamd_pubkey_unref (priv->peer_key);

  1385. 		}

  1386. 

  1387. 		g_free (priv);

  1388. 	}

  1389. 

  1390. 	if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  1391. 		/* Fd is owned by a connection */

  1392. 		close (conn->fd);

  1393. 	}

  1394. 

  1395. 	g_free (conn);

  1396. }

  1397. 

  1398. static void

  1399. rspamd_http_connection_read_message_common (struct rspamd_http_connection *conn,

  1400. 		gpointer ud, struct timeval *timeout,

  1401. 		gint flags)

  1402. {

  1403. 	struct rspamd_http_connection_private *priv = conn->priv;

  1404. 	struct rspamd_http_message *req;

  1405. 

  1406. 	conn->ud = ud;

  1407. 	req = rspamd_http_new_message (

  1408. 		conn->type == RSPAMD_HTTP_SERVER ? HTTP_REQUEST : HTTP_RESPONSE);

  1409. 	priv->msg = req;

  1410. 	req->flags = flags;

  1411. 

  1412. 	if (flags & RSPAMD_HTTP_FLAG_SHMEM) {

  1413. 		req->body_buf.c.shared.shm_fd = -1;

  1414. 	}

  1415. 

  1416. 	if (priv->peer_key) {

  1417. 		priv->msg->peer_key = priv->peer_key;

  1418. 		priv->peer_key = NULL;

  1419. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  1420. 	}

  1421. 

  1422. 	if (timeout == NULL) {

  1423. 		priv->ptv = NULL;

  1424. 	}

  1425. 	else {

  1426. 		memmove (&priv->tv, timeout, sizeof (struct timeval));

  1427. 		priv->ptv = &priv->tv;

  1428. 	}

  1429. 

  1430. 	priv->header = NULL;

  1431. 	priv->buf = g_malloc0 (sizeof (*priv->buf));

  1432. 	REF_INIT_RETAIN (priv->buf, rspamd_http_privbuf_dtor);

  1433. 	priv->buf->data = rspamd_fstring_sized_new (8192);

  1434. 	priv->flags |= RSPAMD_HTTP_CONN_FLAG_NEW_HEADER;

  1435. 

  1436. 	event_set (&priv->ev,

  1437. 		conn->fd,

  1438. 		EV_READ | EV_PERSIST,

  1439. 		rspamd_http_event_handler,

  1440. 		conn);

  1441. 

  1442. 	event_base_set (priv->ctx->ev_base, &priv->ev);

  1443. 

  1444. 	priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  1445. 	event_add (&priv->ev, priv->ptv);

  1446. }

  1447. 

  1448. void

  1449. rspamd_http_connection_read_message (struct rspamd_http_connection *conn,

  1450. 		gpointer ud, struct timeval *timeout)

  1451. {

  1452. 	rspamd_http_connection_read_message_common (conn, ud, timeout, 0);

  1453. }

  1454. 

  1455. void

  1456. rspamd_http_connection_read_message_shared (struct rspamd_http_connection *conn,

  1457. 		gpointer ud, struct timeval *timeout)

  1458. {

  1459. 	rspamd_http_connection_read_message_common (conn, ud, timeout,

  1460. 			RSPAMD_HTTP_FLAG_SHMEM);

  1461. }

  1462. 

  1463. static void

  1464. rspamd_http_connection_encrypt_message (

  1465. 		struct rspamd_http_connection *conn,

  1466. 		struct rspamd_http_message *msg,

  1467. 		struct rspamd_http_connection_private *priv,

  1468. 		guchar *pbody,

  1469. 		guint bodylen,

  1470. 		guchar *pmethod,

  1471. 		guint methodlen,

  1472. 		guint preludelen,

  1473. 		gint hdrcount,

  1474. 		guchar *np,

  1475. 		guchar *mp,

  1476. 		struct rspamd_cryptobox_pubkey *peer_key)

  1477. {

  1478. 	struct rspamd_cryptobox_segment *segments;

  1479. 	guchar *crlfp;

  1480. 	const guchar *nm;

  1481. 	gint i, cnt;

  1482. 	guint outlen;

  1483. 	struct rspamd_http_header *hdr, *htmp, *hcur;

  1484. 	enum rspamd_cryptobox_mode mode;

  1485. 

  1486. 	mode = rspamd_keypair_alg (priv->local_key);

  1487. 	crlfp = mp + rspamd_cryptobox_mac_bytes (mode);

  1488. 

  1489. 	outlen = priv->out[0].iov_len + priv->out[1].iov_len;

  1490. 	/*

  1491. 	 * Create segments from the following:

  1492. 	 * Method, [URL], CRLF, nheaders, CRLF, body

  1493. 	 */

  1494. 	segments = g_new (struct rspamd_cryptobox_segment, hdrcount + 5);

  1495. 

  1496. 	segments[0].data = pmethod;

  1497. 	segments[0].len = methodlen;

  1498. 

  1499. 	if (conn->type != RSPAMD_HTTP_SERVER) {

  1500. 		segments[1].data = msg->url->str;

  1501. 		segments[1].len = msg->url->len;

  1502. 		/* space + HTTP version + crlf */

  1503. 		segments[2].data = crlfp;

  1504. 		segments[2].len = preludelen - 2;

  1505. 		crlfp += segments[2].len;

  1506. 		i = 3;

  1507. 	}

  1508. 	else {

  1509. 		/* Here we send just CRLF */

  1510. 		segments[1].data = crlfp;

  1511. 		segments[1].len = 2;

  1512. 		crlfp += segments[1].len;

  1513. 

  1514. 		i = 2;

  1515. 	}

  1516. 

  1517. 

  1518. 	HASH_ITER (hh, msg->headers, hdr, htmp) {

  1519. 		DL_FOREACH (hdr, hcur) {

  1520. 			segments[i].data = hcur->combined->str;

  1521. 			segments[i++].len = hcur->combined->len;

  1522. 		}

  1523. 	}

  1524. 

  1525. 	/* crlfp should point now at the second crlf */

  1526. 	segments[i].data = crlfp;

  1527. 	segments[i++].len = 2;

  1528. 

  1529. 	if (pbody) {

  1530. 		segments[i].data = pbody;

  1531. 		segments[i++].len = bodylen;

  1532. 	}

  1533. 

  1534. 	cnt = i;

  1535. 

  1536. 	if ((nm = rspamd_pubkey_get_nm (peer_key, priv->local_key)) == NULL) {

  1537. 		nm = rspamd_pubkey_calculate_nm (peer_key, priv->local_key);

  1538. 	}

  1539. 

  1540. 	rspamd_cryptobox_encryptv_nm_inplace (segments, cnt, np, nm, mp, mode);

  1541. 

  1542. 	/*

  1543. 	 * iov[0] = base HTTP request

  1544. 	 * iov[1] = CRLF

  1545. 	 * iov[2] = nonce

  1546. 	 * iov[3] = mac

  1547. 	 * iov[4..i] = encrypted HTTP request/reply

  1548. 	 */

  1549. 	priv->out[2].iov_base = np;

  1550. 	priv->out[2].iov_len = rspamd_cryptobox_nonce_bytes (mode);

  1551. 	priv->out[3].iov_base = mp;

  1552. 	priv->out[3].iov_len = rspamd_cryptobox_mac_bytes (mode);

  1553. 

  1554. 	outlen += rspamd_cryptobox_nonce_bytes (mode) +

  1555. 			rspamd_cryptobox_mac_bytes (mode);

  1556. 

  1557. 	for (i = 0; i < cnt; i ++) {

  1558. 		priv->out[i + 4].iov_base = segments[i].data;

  1559. 		priv->out[i + 4].iov_len = segments[i].len;

  1560. 		outlen += segments[i].len;

  1561. 	}

  1562. 

  1563. 	priv->wr_total = outlen;

  1564. 

  1565. 	g_free (segments);

  1566. }

  1567. 

  1568. static void

  1569. rspamd_http_detach_shared (struct rspamd_http_message *msg)

  1570. {

  1571. 	rspamd_fstring_t *cpy_str;

  1572. 

  1573. 	cpy_str = rspamd_fstring_new_init (msg->body_buf.begin, msg->body_buf.len);

  1574. 	rspamd_http_message_set_body_from_fstring_steal (msg, cpy_str);

  1575. }

  1576. 

  1577. gint

  1578. rspamd_http_message_write_header (const gchar* mime_type, gboolean encrypted,

  1579. 		gchar *repbuf, gsize replen, gsize bodylen, gsize enclen, const gchar* host,

  1580. 		struct rspamd_http_connection* conn, struct rspamd_http_message* msg,

  1581. 		rspamd_fstring_t** buf,

  1582. 		struct rspamd_http_connection_private* priv,

  1583. 		struct rspamd_cryptobox_pubkey* peer_key)

  1584. {

  1585. 	gchar datebuf[64];

  1586. 	gint meth_len = 0;

  1587. 	const gchar *conn_type = "close";

  1588. 

  1589. 	if (conn->type == RSPAMD_HTTP_SERVER) {

  1590. 		/* Format reply */

  1591. 		if (msg->method < HTTP_SYMBOLS) {

  1592. 			rspamd_ftok_t status;

  1593. 

  1594. 			rspamd_http_date_format (datebuf, sizeof (datebuf), msg->date);

  1595. 

  1596. 			if (mime_type == NULL) {

  1597. 				mime_type =

  1598. 						encrypted ? "application/octet-stream" : "text/plain";

  1599. 			}

  1600. 

  1601. 			if (msg->status == NULL || msg->status->len == 0) {

  1602. 				if (msg->code == 200) {

  1603. 					RSPAMD_FTOK_ASSIGN (&status, "OK");

  1604. 				}

  1605. 				else if (msg->code == 404) {

  1606. 					RSPAMD_FTOK_ASSIGN (&status, "Not Found");

  1607. 				}

  1608. 				else if (msg->code == 403) {

  1609. 					RSPAMD_FTOK_ASSIGN (&status, "Forbidden");

  1610. 				}

  1611. 				else if (msg->code >= 500 && msg->code < 600) {

  1612. 					RSPAMD_FTOK_ASSIGN (&status, "Internal Server Error");

  1613. 				}

  1614. 				else {

  1615. 					RSPAMD_FTOK_ASSIGN (&status, "Undefined Error");

  1616. 				}

  1617. 			}

  1618. 			else {

  1619. 				status.begin = msg->status->str;

  1620. 				status.len = msg->status->len;

  1621. 			}

  1622. 

  1623. 			if (encrypted) {

  1624. 				/* Internal reply (encrypted) */

  1625. 				if (mime_type) {

  1626. 					meth_len =

  1627. 							rspamd_snprintf (repbuf, replen,

  1628. 									"HTTP/1.1 %d %T\r\n"

  1629. 											"Connection: close\r\n"

  1630. 											"Server: %s\r\n"

  1631. 											"Date: %s\r\n"

  1632. 											"Content-Length: %z\r\n"

  1633. 											"Content-Type: %s", /* NO \r\n at the end ! */

  1634. 									msg->code, &status, "rspamd/" RVERSION,

  1635. 									datebuf,

  1636. 									bodylen, mime_type);

  1637. 				}

  1638. 				else {

  1639. 					meth_len =

  1640. 							rspamd_snprintf (repbuf, replen,

  1641. 									"HTTP/1.1 %d %T\r\n"

  1642. 											"Connection: close\r\n"

  1643. 											"Server: %s\r\n"

  1644. 											"Date: %s\r\n"

  1645. 											"Content-Length: %z", /* NO \r\n at the end ! */

  1646. 									msg->code, &status, "rspamd/" RVERSION,

  1647. 									datebuf,

  1648. 									bodylen);

  1649. 				}

  1650. 				enclen += meth_len;

  1651. 				/* External reply */

  1652. 				rspamd_printf_fstring (buf,

  1653. 						"HTTP/1.1 200 OK\r\n"

  1654. 						"Connection: close\r\n"

  1655. 						"Server: rspamd\r\n"

  1656. 						"Date: %s\r\n"

  1657. 						"Content-Length: %z\r\n"

  1658. 						"Content-Type: application/octet-stream\r\n",

  1659. 						datebuf, enclen);

  1660. 			}

  1661. 			else {

  1662. 				if (mime_type) {

  1663. 					meth_len =

  1664. 							rspamd_printf_fstring (buf,

  1665. 									"HTTP/1.1 %d %T\r\n"

  1666. 											"Connection: close\r\n"

  1667. 											"Server: %s\r\n"

  1668. 											"Date: %s\r\n"

  1669. 											"Content-Length: %z\r\n"

  1670. 											"Content-Type: %s\r\n",

  1671. 									msg->code, &status, "rspamd/" RVERSION,

  1672. 									datebuf,

  1673. 									bodylen, mime_type);

  1674. 				}

  1675. 				else {

  1676. 					meth_len =

  1677. 							rspamd_printf_fstring (buf,

  1678. 									"HTTP/1.1 %d %T\r\n"

  1679. 											"Connection: close\r\n"

  1680. 											"Server: %s\r\n"

  1681. 											"Date: %s\r\n"

  1682. 											"Content-Length: %z\r\n",

  1683. 									msg->code, &status, "rspamd/" RVERSION,

  1684. 									datebuf,

  1685. 									bodylen);

  1686. 				}

  1687. 			}

  1688. 		}

  1689. 		else {

  1690. 			/* Legacy spamd reply */

  1691. 			if (msg->flags & RSPAMD_HTTP_FLAG_SPAMC) {

  1692. 				gsize real_bodylen;

  1693. 				goffset eoh_pos;

  1694. 				GString tmp;

  1695. 

  1696. 				/* Unfortunately, spamc protocol is deadly brain damaged */

  1697. 				tmp.str = (gchar *)msg->body_buf.begin;

  1698. 				tmp.len = msg->body_buf.len;

  1699. 

  1700. 				if (rspamd_string_find_eoh (&tmp, &eoh_pos) != -1 &&

  1701. 						bodylen > eoh_pos) {

  1702. 					real_bodylen = bodylen - eoh_pos;

  1703. 				}

  1704. 				else {

  1705. 					real_bodylen = bodylen;

  1706. 				}

  1707. 

  1708. 				rspamd_printf_fstring (buf, "SPAMD/1.1 0 EX_OK\r\n"

  1709. 						"Content-length: %z\r\n",

  1710. 						real_bodylen);

  1711. 			}

  1712. 			else {

  1713. 				rspamd_printf_fstring (buf, "RSPAMD/1.3 0 EX_OK\r\n");

  1714. 			}

  1715. 		}

  1716. 	}

  1717. 	else {

  1718. 		if (conn->opts & RSPAMD_HTTP_CLIENT_KEEP_ALIVE) {

  1719. 			conn_type = "keep-alive";

  1720. 		}

  1721. 

  1722. 		/* Format request */

  1723. 		enclen += msg->url->len + strlen (http_method_str (msg->method)) + 1;

  1724. 

  1725. 		if (host == NULL && msg->host == NULL) {

  1726. 			/* Fallback to HTTP/1.0 */

  1727. 			if (encrypted) {

  1728. 				rspamd_printf_fstring (buf,

  1729. 						"%s %s HTTP/1.0\r\n"

  1730. 						"Content-Length: %z\r\n"

  1731. 						"Content-Type: application/octet-stream\r\n"

  1732. 						"Connection: %s\r\n",

  1733. 						"POST",

  1734. 						"/post",

  1735. 						enclen,

  1736. 						conn_type);

  1737. 			}

  1738. 			else {

  1739. 				rspamd_printf_fstring (buf,

  1740. 						"%s %V HTTP/1.0\r\n"

  1741. 						"Content-Length: %z\r\n"

  1742. 						"Connection: %s\r\n",

  1743. 						http_method_str (msg->method),

  1744. 						msg->url,

  1745. 						bodylen,

  1746. 						conn_type);

  1747. 

  1748. 				if (bodylen > 0) {

  1749. 					if (mime_type == NULL) {

  1750. 						mime_type = "text/plain";

  1751. 					}

  1752. 

  1753. 					rspamd_printf_fstring (buf,

  1754. 							"Content-Type: %s\r\n",

  1755. 							mime_type);

  1756. 				}

  1757. 			}

  1758. 		}

  1759. 		else {

  1760. 			if (encrypted) {

  1761. 				if (host != NULL) {

  1762. 					rspamd_printf_fstring (buf,

  1763. 							"%s %s HTTP/1.1\r\n"

  1764. 							"Connection: %s\r\n"

  1765. 							"Host: %s\r\n"

  1766. 							"Content-Length: %z\r\n"

  1767. 							"Content-Type: application/octet-stream\r\n",

  1768. 							"POST",

  1769. 							"/post",

  1770. 							conn_type,

  1771. 							host,

  1772. 							enclen);

  1773. 				}

  1774. 				else {

  1775. 					rspamd_printf_fstring (buf,

  1776. 							"%s %s HTTP/1.1\r\n"

  1777. 							"Connection: %s\r\n"

  1778. 							"Host: %V\r\n"

  1779. 							"Content-Length: %z\r\n"

  1780. 							"Content-Type: application/octet-stream\r\n",

  1781. 							"POST",

  1782. 							"/post",

  1783. 							conn_type,

  1784. 							msg->host,

  1785. 							enclen);

  1786. 				}

  1787. 			}

  1788. 			else {

  1789. 				if (host != NULL) {

  1790. 					rspamd_printf_fstring (buf,

  1791. 							"%s %V HTTP/1.1\r\n"

  1792. 							"Connection: %s\r\n"

  1793. 							"Host: %s\r\n"

  1794. 							"Content-Length: %z\r\n",

  1795. 							http_method_str (msg->method),

  1796. 							msg->url,

  1797. 							conn_type,

  1798. 							host,

  1799. 							bodylen);

  1800. 				}

  1801. 				else {

  1802. 					rspamd_printf_fstring (buf,

  1803. 							"%s %V HTTP/1.1\r\n"

  1804. 							"Connection: %s\r\n"

  1805. 							"Host: %V\r\n"

  1806. 							"Content-Length: %z\r\n",

  1807. 							http_method_str (msg->method),

  1808. 							msg->url,

  1809. 							conn_type,

  1810. 							msg->host,

  1811. 							bodylen);

  1812. 				}

  1813. 

  1814. 				if (bodylen > 0) {

  1815. 					if (mime_type != NULL) {

  1816. 						rspamd_printf_fstring (buf,

  1817. 								"Content-Type: %s\r\n",

  1818. 								mime_type);

  1819. 					}

  1820. 				}

  1821. 			}

  1822. 		}

  1823. 

  1824. 		if (encrypted) {

  1825. 			GString *b32_key, *b32_id;

  1826. 

  1827. 			b32_key = rspamd_keypair_print (priv->local_key,

  1828. 					RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_BASE32);

  1829. 			b32_id = rspamd_pubkey_print (peer_key,

  1830. 					RSPAMD_KEYPAIR_ID_SHORT | RSPAMD_KEYPAIR_BASE32);

  1831. 			/* XXX: add some fuzz here */

  1832. 			rspamd_printf_fstring (&*buf, "Key: %v=%v\r\n", b32_id, b32_key);

  1833. 			g_string_free (b32_key, TRUE);

  1834. 			g_string_free (b32_id, TRUE);

  1835. 		}

  1836. 	}

  1837. 

  1838. 	return meth_len;

  1839. }

  1840. 

  1841. static void

  1842. rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn,

  1843. 											 struct rspamd_http_message *msg,

  1844. 											 const gchar *host,

  1845. 											 const gchar *mime_type,

  1846. 											 gpointer ud,

  1847. 											 struct timeval *timeout,

  1848. 											 gboolean allow_shared)

  1849. {

  1850. 	struct rspamd_http_connection_private *priv = conn->priv;

  1851. 	struct rspamd_http_header *hdr, *htmp, *hcur;

  1852. 	gchar repbuf[512], *pbody;

  1853. 	gint i, hdrcount, meth_len = 0, preludelen = 0;

  1854. 	gsize bodylen, enclen = 0;

  1855. 	rspamd_fstring_t *buf;

  1856. 	gboolean encrypted = FALSE;

  1857. 	guchar nonce[rspamd_cryptobox_MAX_NONCEBYTES], mac[rspamd_cryptobox_MAX_MACBYTES];

  1858. 	guchar *np = NULL, *mp = NULL, *meth_pos = NULL;

  1859. 	struct rspamd_cryptobox_pubkey *peer_key = NULL;

  1860. 	enum rspamd_cryptobox_mode mode;

  1861. 	GError *err;

  1862. 

  1863. 	conn->ud = ud;

  1864. 	priv->msg = msg;

  1865. 

  1866. 	if (timeout == NULL) {

  1867. 		priv->ptv = NULL;

  1868. 	}

  1869. 	else if (timeout != &priv->tv) {

  1870. 		memcpy (&priv->tv, timeout, sizeof (struct timeval));

  1871. 		priv->ptv = &priv->tv;

  1872. 	}

  1873. 

  1874. 	priv->header = NULL;

  1875. 	priv->buf = g_malloc0 (sizeof (*priv->buf));

  1876. 	REF_INIT_RETAIN (priv->buf, rspamd_http_privbuf_dtor);

  1877. 	priv->buf->data = rspamd_fstring_sized_new (512);

  1878. 	buf = priv->buf->data;

  1879. 

  1880. 	if (priv->peer_key && priv->local_key) {

  1881. 		priv->msg->peer_key = priv->peer_key;

  1882. 		priv->peer_key = NULL;

  1883. 		priv->flags |= RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  1884. 	}

  1885. 

  1886. 	if (msg->peer_key != NULL) {

  1887. 		if (priv->local_key == NULL) {

  1888. 			/* Automatically generate a temporary keypair */

  1889. 			priv->local_key = rspamd_keypair_new (RSPAMD_KEYPAIR_KEX,

  1890. 					RSPAMD_CRYPTOBOX_MODE_25519);

  1891. 		}

  1892. 

  1893. 		encrypted = TRUE;

  1894. 

  1895. 		if (priv->cache) {

  1896. 			rspamd_keypair_cache_process (priv->cache,

  1897. 					priv->local_key, priv->msg->peer_key);

  1898. 		}

  1899. 	}

  1900. 

  1901. 	if (encrypted && (msg->flags &

  1902. 			(RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE|RSPAMD_HTTP_FLAG_SHMEM))) {

  1903. 		/* We cannot use immutable body to encrypt message in place */

  1904. 		allow_shared = FALSE;

  1905. 		rspamd_http_detach_shared (msg);

  1906. 	}

  1907. 

  1908. 	if (allow_shared) {

  1909. 		gchar tmpbuf[64];

  1910. 

  1911. 		if (!(msg->flags & RSPAMD_HTTP_FLAG_SHMEM) ||

  1912. 				msg->body_buf.c.shared.name == NULL) {

  1913. 			allow_shared = FALSE;

  1914. 		}

  1915. 		else {

  1916. 			/* Insert new headers */

  1917. 			rspamd_http_message_add_header (msg, "Shm",

  1918. 					msg->body_buf.c.shared.name->shm_name);

  1919. 			rspamd_snprintf (tmpbuf, sizeof (tmpbuf), "%d",

  1920. 					(int)(msg->body_buf.begin - msg->body_buf.str));

  1921. 			rspamd_http_message_add_header (msg, "Shm-Offset",

  1922. 					tmpbuf);

  1923. 			rspamd_snprintf (tmpbuf, sizeof (tmpbuf), "%z",

  1924. 					msg->body_buf.len);

  1925. 			rspamd_http_message_add_header (msg, "Shm-Length",

  1926. 					tmpbuf);

  1927. 		}

  1928. 	}

  1929. 

  1930. 	if (priv->ctx->config.user_agent) {

  1931. 		rspamd_http_message_add_header (msg, "User-Agent",

  1932. 				priv->ctx->config.user_agent);

  1933. 	}

  1934. 

  1935. 	if (encrypted) {

  1936. 		mode = rspamd_keypair_alg (priv->local_key);

  1937. 

  1938. 		if (msg->body_buf.len == 0) {

  1939. 			pbody = NULL;

  1940. 			bodylen = 0;

  1941. 			msg->method = HTTP_GET;

  1942. 		}

  1943. 		else {

  1944. 			pbody = (gchar *)msg->body_buf.begin;

  1945. 			bodylen = msg->body_buf.len;

  1946. 			msg->method = HTTP_POST;

  1947. 		}

  1948. 

  1949. 		if (conn->type == RSPAMD_HTTP_SERVER) {

  1950. 			/*

  1951. 			 * iov[0] = base reply

  1952. 			 * iov[1] = CRLF

  1953. 			 * iov[2] = nonce

  1954. 			 * iov[3] = mac

  1955. 			 * iov[4] = encrypted reply

  1956. 			 * iov[6] = encrypted crlf

  1957. 			 * iov[7..n] = encrypted headers

  1958. 			 * iov[n + 1] = encrypted crlf

  1959. 			 * [iov[n + 2] = encrypted body]

  1960. 			 */

  1961. 			priv->outlen = 7;

  1962. 			enclen = rspamd_cryptobox_nonce_bytes (mode) +

  1963. 					rspamd_cryptobox_mac_bytes (mode) +

  1964. 					4 + /* 2 * CRLF */

  1965. 					bodylen;

  1966. 		}

  1967. 		else {

  1968. 			/*

  1969. 			 * iov[0] = base request

  1970. 			 * iov[1] = CRLF

  1971. 			 * iov[2] = nonce

  1972. 			 * iov[3] = mac

  1973. 			 * iov[4] = encrypted method + space

  1974. 			 * iov[5] = encrypted url

  1975. 			 * iov[7] = encrypted prelude

  1976. 			 * iov[8..n] = encrypted headers

  1977. 			 * iov[n + 1] = encrypted crlf

  1978. 			 * [iov[n + 2] = encrypted body]

  1979. 			 */

  1980. 			priv->outlen = 8;

  1981. 

  1982. 			if (bodylen > 0) {

  1983. 				if (mime_type != NULL) {

  1984. 					preludelen = rspamd_snprintf (repbuf, sizeof (repbuf), "%s\r\n"

  1985. 									"Content-Length: %z\r\n"

  1986. 									"Content-Type: %s\r\n"

  1987. 									"\r\n", ENCRYPTED_VERSION, bodylen,

  1988. 							mime_type);

  1989. 				}

  1990. 				else {

  1991. 					preludelen = rspamd_snprintf (repbuf, sizeof (repbuf), "%s\r\n"

  1992. 							"Content-Length: %z\r\n"

  1993. 							""

  1994. 							"\r\n", ENCRYPTED_VERSION, bodylen);

  1995. 				}

  1996. 			}

  1997. 			else {

  1998. 				preludelen = rspamd_snprintf (repbuf, sizeof (repbuf),

  1999. 						"%s\r\n\r\n",

  2000. 						ENCRYPTED_VERSION);

  2001. 			}

  2002. 

  2003. 			enclen = rspamd_cryptobox_nonce_bytes (mode) +

  2004. 					rspamd_cryptobox_mac_bytes (mode) +

  2005. 					preludelen + /* version [content-length] + 2 * CRLF */

  2006. 					bodylen;

  2007. 		}

  2008. 

  2009. 		if (bodylen > 0) {

  2010. 			priv->outlen ++;

  2011. 		}

  2012. 	}

  2013. 	else {

  2014. 		if (msg->method < HTTP_SYMBOLS) {

  2015. 			if (msg->body_buf.len == 0 || allow_shared) {

  2016. 				pbody = NULL;

  2017. 				bodylen = 0;

  2018. 				priv->outlen = 2;

  2019. 

  2020. 				if (msg->method == HTTP_INVALID) {

  2021. 					msg->method = HTTP_GET;

  2022. 				}

  2023. 			}

  2024. 			else {

  2025. 				pbody = (gchar *)msg->body_buf.begin;

  2026. 				bodylen = msg->body_buf.len;

  2027. 				priv->outlen = 3;

  2028. 

  2029. 				if (msg->method == HTTP_INVALID) {

  2030. 					msg->method = HTTP_POST;

  2031. 				}

  2032. 			}

  2033. 		}

  2034. 		else if (msg->body_buf.len > 0) {

  2035. 			allow_shared = FALSE;

  2036. 			pbody = (gchar *)msg->body_buf.begin;

  2037. 			bodylen = msg->body_buf.len;

  2038. 			priv->outlen = 2;

  2039. 		}

  2040. 		else {

  2041. 			/* Invalid body for spamc method */

  2042. 			abort ();

  2043. 		}

  2044. 	}

  2045. 

  2046. 	peer_key = msg->peer_key;

  2047. 

  2048. 	priv->wr_total = bodylen + 2;

  2049. 

  2050. 	hdrcount = 0;

  2051. 

  2052. 	if (msg->method < HTTP_SYMBOLS) {

  2053. 		HASH_ITER (hh, msg->headers, hdr, htmp) {

  2054. 			DL_FOREACH (hdr, hcur) {

  2055. 				/* <name: value\r\n> */

  2056. 				priv->wr_total += hcur->combined->len;

  2057. 				enclen += hcur->combined->len;

  2058. 				priv->outlen ++;

  2059. 				hdrcount ++;

  2060. 			}

  2061. 		}

  2062. 	}

  2063. 

  2064. 	/* Allocate iov */

  2065. 	priv->out = g_malloc0 (sizeof (struct iovec) * priv->outlen);

  2066. 	priv->wr_pos = 0;

  2067. 

  2068. 	meth_len = rspamd_http_message_write_header (mime_type, encrypted,

  2069. 			repbuf, sizeof (repbuf), bodylen, enclen,

  2070. 			host, conn, msg,

  2071. 			&buf, priv, peer_key);

  2072. 	priv->wr_total += buf->len;

  2073. 

  2074. 	/* Setup external request body */

  2075. 	priv->out[0].iov_base = buf->str;

  2076. 	priv->out[0].iov_len = buf->len;

  2077. 

  2078. 	/* Buf will be used eventually for encryption */

  2079. 	if (encrypted) {

  2080. 		gint meth_offset, nonce_offset, mac_offset;

  2081. 		mode = rspamd_keypair_alg (priv->local_key);

  2082. 

  2083. 		ottery_rand_bytes (nonce, rspamd_cryptobox_nonce_bytes (mode));

  2084. 		memset (mac, 0, rspamd_cryptobox_mac_bytes (mode));

  2085. 		meth_offset = buf->len;

  2086. 

  2087. 		if (conn->type == RSPAMD_HTTP_SERVER) {

  2088. 			buf = rspamd_fstring_append (buf, repbuf, meth_len);

  2089. 		}

  2090. 		else {

  2091. 			meth_len = strlen (http_method_str (msg->method)) + 1; /* + space */

  2092. 			buf = rspamd_fstring_append (buf, http_method_str (msg->method),

  2093. 					meth_len - 1);

  2094. 			buf = rspamd_fstring_append (buf, " ", 1);

  2095. 		}

  2096. 

  2097. 		nonce_offset = buf->len;

  2098. 		buf = rspamd_fstring_append (buf, nonce,

  2099. 				rspamd_cryptobox_nonce_bytes (mode));

  2100. 		mac_offset = buf->len;

  2101. 		buf = rspamd_fstring_append (buf, mac,

  2102. 				rspamd_cryptobox_mac_bytes (mode));

  2103. 

  2104. 		/* Need to be encrypted */

  2105. 		if (conn->type == RSPAMD_HTTP_SERVER) {

  2106. 			buf = rspamd_fstring_append (buf, "\r\n\r\n", 4);

  2107. 		}

  2108. 		else {

  2109. 			buf = rspamd_fstring_append (buf, repbuf, preludelen);

  2110. 		}

  2111. 

  2112. 		meth_pos = buf->str + meth_offset;

  2113. 		np = buf->str + nonce_offset;

  2114. 		mp = buf->str + mac_offset;

  2115. 	}

  2116. 

  2117. 	/* During previous writes, buf might be reallocated and changed */

  2118. 	priv->buf->data = buf;

  2119. 

  2120. 	if (encrypted) {

  2121. 		/* Finish external HTTP request */

  2122. 		priv->out[1].iov_base = "\r\n";

  2123. 		priv->out[1].iov_len = 2;

  2124. 		/* Encrypt the real request */

  2125. 		rspamd_http_connection_encrypt_message (conn, msg, priv, pbody, bodylen,

  2126. 				meth_pos, meth_len, preludelen, hdrcount, np, mp, peer_key);

  2127. 	}

  2128. 	else {

  2129. 		i = 1;

  2130. 		if (msg->method < HTTP_SYMBOLS) {

  2131. 			HASH_ITER (hh, msg->headers, hdr, htmp) {

  2132. 				DL_FOREACH (hdr, hcur) {

  2133. 					priv->out[i].iov_base = hcur->combined->str;

  2134. 					priv->out[i++].iov_len = hcur->combined->len;

  2135. 				}

  2136. 			}

  2137. 

  2138. 			priv->out[i].iov_base = "\r\n";

  2139. 			priv->out[i++].iov_len = 2;

  2140. 		}

  2141. 		else {

  2142. 			/* No CRLF for compatibility reply */

  2143. 			priv->wr_total -= 2;

  2144. 		}

  2145. 

  2146. 		if (pbody != NULL) {

  2147. 			priv->out[i].iov_base = pbody;

  2148. 			priv->out[i++].iov_len = bodylen;

  2149. 		}

  2150. 	}

  2151. 

  2152. 	priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_RESETED;

  2153. 

  2154. 	if (rspamd_event_pending (&priv->ev, EV_TIMEOUT|EV_WRITE|EV_READ)) {

  2155. 		event_del (&priv->ev);

  2156. 	}

  2157. 

  2158. 	if (msg->flags & RSPAMD_HTTP_FLAG_SSL) {

  2159. 		gpointer ssl_ctx = (msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY) ?

  2160. 				priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx;

  2161. 

  2162. 		event_base_set (priv->ctx->ev_base, &priv->ev);

  2163. 

  2164. 		if (!ssl_ctx) {

  2165. 			err = g_error_new (HTTP_ERROR, errno, "ssl message requested "

  2166. 					"with no ssl ctx");

  2167. 			rspamd_http_connection_ref (conn);

  2168. 			conn->error_handler (conn, err);

  2169. 			rspamd_http_connection_unref (conn);

  2170. 			g_error_free (err);

  2171. 			return;

  2172. 		}

  2173. 		else {

  2174. 			if (priv->ssl) {

  2175. 				/* Cleanup the existing connection */

  2176. 				rspamd_ssl_connection_free (priv->ssl);

  2177. 			}

  2178. 

  2179. 			priv->ssl = rspamd_ssl_connection_new (ssl_ctx, priv->ctx->ev_base,

  2180. 					!(msg->flags & RSPAMD_HTTP_FLAG_SSL_NOVERIFY));

  2181. 			g_assert (priv->ssl != NULL);

  2182. 

  2183. 			if (!rspamd_ssl_connect_fd (priv->ssl, conn->fd, host, &priv->ev,

  2184. 					priv->ptv, rspamd_http_event_handler,

  2185. 					rspamd_http_ssl_err_handler, conn)) {

  2186. 

  2187. 				err = g_error_new (HTTP_ERROR, errno,

  2188. 						"ssl connection error: ssl error=%s, errno=%s",

  2189. 						ERR_error_string (ERR_get_error (), NULL),

  2190. 						strerror (errno));

  2191. 				rspamd_http_connection_ref (conn);

  2192. 				conn->error_handler (conn, err);

  2193. 				rspamd_http_connection_unref (conn);

  2194. 				g_error_free (err);

  2195. 				return;

  2196. 			}

  2197. 		}

  2198. 	}

  2199. 	else {

  2200. 		event_set (&priv->ev, conn->fd, EV_WRITE, rspamd_http_event_handler, conn);

  2201. 		event_base_set (priv->ctx->ev_base, &priv->ev);

  2202. 

  2203. 		event_add (&priv->ev, priv->ptv);

  2204. 	}

  2205. }

  2206. 

  2207. void

  2208. rspamd_http_connection_write_message (struct rspamd_http_connection *conn,

  2209. 									  struct rspamd_http_message *msg,

  2210. 									  const gchar *host,

  2211. 									  const gchar *mime_type,

  2212. 									  gpointer ud,

  2213. 									  struct timeval *timeout)

  2214. {

  2215. 	rspamd_http_connection_write_message_common (conn, msg, host, mime_type,

  2216. 			ud, timeout, FALSE);

  2217. }

  2218. 

  2219. void

  2220. rspamd_http_connection_write_message_shared (struct rspamd_http_connection *conn,

  2221. 											 struct rspamd_http_message *msg,

  2222. 											 const gchar *host,

  2223. 											 const gchar *mime_type,

  2224. 											 gpointer ud,

  2225. 											 struct timeval *timeout)

  2226. {

  2227. 	rspamd_http_connection_write_message_common (conn, msg, host, mime_type,

  2228. 			ud, timeout, TRUE);

  2229. }

  2230. 

  2231. 

  2232. void

  2233. rspamd_http_connection_set_max_size (struct rspamd_http_connection *conn,

  2234. 		gsize sz)

  2235. {

  2236. 	conn->max_size = sz;

  2237. }

  2238. 

  2239. void

  2240. rspamd_http_connection_set_key (struct rspamd_http_connection *conn,

  2241. 		struct rspamd_cryptobox_keypair *key)

  2242. {

  2243. 	struct rspamd_http_connection_private *priv = conn->priv;

  2244. 

  2245. 	g_assert (key != NULL);

  2246. 	priv->local_key = rspamd_keypair_ref (key);

  2247. }

  2248. 

  2249. const struct rspamd_cryptobox_pubkey*

  2250. rspamd_http_connection_get_peer_key (struct rspamd_http_connection *conn)

  2251. {

  2252. 	struct rspamd_http_connection_private *priv = conn->priv;

  2253. 

  2254. 	if (priv->peer_key) {

  2255. 		return priv->peer_key;

  2256. 	}

  2257. 	else if (priv->msg) {

  2258. 		return priv->msg->peer_key;

  2259. 	}

  2260. 

  2261. 	return NULL;

  2262. }

  2263. 

  2264. gboolean

  2265. rspamd_http_connection_is_encrypted (struct rspamd_http_connection *conn)

  2266. {

  2267. 	struct rspamd_http_connection_private *priv = conn->priv;

  2268. 

  2269. 	if (priv->peer_key != NULL) {

  2270. 		return TRUE;

  2271. 	}

  2272. 	else if (priv->msg) {

  2273. 		return priv->msg->peer_key != NULL;

  2274. 	}

  2275. 

  2276. 	return FALSE;

  2277. }

  2278. 

  2279. GHashTable *

  2280. rspamd_http_message_parse_query (struct rspamd_http_message *msg)

  2281. {

  2282. 	GHashTable *res;

  2283. 	rspamd_fstring_t *key = NULL, *value = NULL;

  2284. 	rspamd_ftok_t *key_tok = NULL, *value_tok = NULL;

  2285. 	const gchar *p, *c, *end;

  2286. 	struct http_parser_url u;

  2287. 	enum {

  2288. 		parse_key,

  2289. 		parse_eqsign,

  2290. 		parse_value,

  2291. 		parse_ampersand

  2292. 	} state = parse_key;

  2293. 

  2294. 	res = g_hash_table_new_full (rspamd_ftok_icase_hash,

  2295. 			rspamd_ftok_icase_equal,

  2296. 			rspamd_fstring_mapped_ftok_free,

  2297. 			rspamd_fstring_mapped_ftok_free);

  2298. 

  2299. 	if (msg->url && msg->url->len > 0) {

  2300. 		http_parser_parse_url (msg->url->str, msg->url->len, TRUE, &u);

  2301. 

  2302. 		if (u.field_set & (1 << UF_QUERY)) {

  2303. 			p = msg->url->str + u.field_data[UF_QUERY].off;

  2304. 			c = p;

  2305. 			end = p + u.field_data[UF_QUERY].len;

  2306. 

  2307. 			while (p <= end) {

  2308. 				switch (state) {

  2309. 				case parse_key:

  2310. 					if ((p == end || *p == '&') && p > c) {

  2311. 						/* We have a single parameter without a value */

  2312. 						key = rspamd_fstring_new_init (c, p - c);

  2313. 						key_tok = rspamd_ftok_map (key);

  2314. 						key_tok->len = rspamd_url_decode (key->str, key->str,

  2315. 								key->len);

  2316. 

  2317. 						value = rspamd_fstring_new_init ("", 0);

  2318. 						value_tok = rspamd_ftok_map (value);

  2319. 

  2320. 						g_hash_table_replace (res, key_tok, value_tok);

  2321. 						state = parse_ampersand;

  2322. 					}

  2323. 					else if (*p == '=' && p > c) {

  2324. 						/* We have something like key=value */

  2325. 						key = rspamd_fstring_new_init (c, p - c);

  2326. 						key_tok = rspamd_ftok_map (key);

  2327. 						key_tok->len = rspamd_url_decode (key->str, key->str,

  2328. 								key->len);

  2329. 

  2330. 						state = parse_eqsign;

  2331. 					}

  2332. 					else {

  2333. 						p ++;

  2334. 					}

  2335. 					break;

  2336. 

  2337. 				case parse_eqsign:

  2338. 					if (*p != '=') {

  2339. 						c = p;

  2340. 						state = parse_value;

  2341. 					}

  2342. 					else {

  2343. 						p ++;

  2344. 					}

  2345. 					break;

  2346. 

  2347. 				case parse_value:

  2348. 					if ((p == end || *p == '&') && p >= c) {

  2349. 						g_assert (key != NULL);

  2350. 						if (p > c) {

  2351. 							value = rspamd_fstring_new_init (c, p - c);

  2352. 							value_tok = rspamd_ftok_map (value);

  2353. 							value_tok->len = rspamd_url_decode (value->str,

  2354. 									value->str,

  2355. 									value->len);

  2356. 							/* Detect quotes for value */

  2357. 							if (value_tok->begin[0] == '"') {

  2358. 								memmove (value->str, value->str + 1,

  2359. 										value_tok->len - 1);

  2360. 								value_tok->len --;

  2361. 							}

  2362. 							if (value_tok->begin[value_tok->len - 1] == '"') {

  2363. 								value_tok->len --;

  2364. 							}

  2365. 						}

  2366. 						else {

  2367. 							value = rspamd_fstring_new_init ("", 0);

  2368. 							value_tok = rspamd_ftok_map (value);

  2369. 						}

  2370. 

  2371. 						g_hash_table_replace (res, key_tok, value_tok);

  2372. 						key = value = NULL;

  2373. 						key_tok = value_tok = NULL;

  2374. 						state = parse_ampersand;

  2375. 					}

  2376. 					else {

  2377. 						p ++;

  2378. 					}

  2379. 					break;

  2380. 

  2381. 				case parse_ampersand:

  2382. 					if (p != end && *p != '&') {

  2383. 						c = p;

  2384. 						state = parse_key;

  2385. 					}

  2386. 					else {

  2387. 						p ++;

  2388. 					}

  2389. 					break;

  2390. 				}

  2391. 			}

  2392. 		}

  2393. 

  2394. 		if (state != parse_ampersand && key != NULL) {

  2395. 			rspamd_fstring_free (key);

  2396. 		}

  2397. 	}

  2398. 

  2399. 	return res;

  2400. }

  2401. 

  2402. 

  2403. struct rspamd_http_message *

  2404. rspamd_http_message_ref (struct rspamd_http_message *msg)

  2405. {

  2406. 	REF_RETAIN (msg);

  2407. 

  2408. 	return msg;

  2409. }

  2410. 

  2411. void

  2412. rspamd_http_message_unref (struct rspamd_http_message *msg)

  2413. {

  2414. 	REF_RELEASE (msg);

  2415. }

  2416. 

  2417. void

  2418. rspamd_http_connection_disable_encryption (struct rspamd_http_connection *conn)

  2419. {

  2420. 	struct rspamd_http_connection_private *priv;

  2421. 

  2422. 	priv = conn->priv;

  2423. 

  2424. 	if (priv) {

  2425. 		if (priv->local_key) {

  2426. 			rspamd_keypair_unref (priv->local_key);

  2427. 		}

  2428. 		if (priv->peer_key) {

  2429. 			rspamd_pubkey_unref (priv->peer_key);

  2430. 		}

  2431. 

  2432. 		priv->local_key = NULL;

  2433. 		priv->peer_key = NULL;

  2434. 		priv->flags &= ~RSPAMD_HTTP_CONN_FLAG_ENCRYPTED;

  2435. 	}

  2436. }