Support for Private Asterisk HTTP Servers. More...

#include "asterisk/config.h"
#include "asterisk/tcptls.h"
#include "asterisk/linkedlists.h"

Include dependency graph for http.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	ast_http_auth
	HTTP authentication information. More...

struct	ast_http_uri
	Definition of a URI handler. More...

Typedefs
typedef int(*	ast_http_callback) (struct ast_tcptls_session_instance ser, const struct ast_http_uri urih, const char uri, enum ast_http_method method, struct ast_variable get_params, struct ast_variable *headers)
	HTTP Callbacks.

Enumerations
enum	ast_http_method { AST_HTTP_UNKNOWN = -1 , AST_HTTP_GET = 0 , AST_HTTP_POST , AST_HTTP_HEAD , AST_HTTP_PUT , AST_HTTP_DELETE , AST_HTTP_OPTIONS , AST_HTTP_MAX_METHOD }
	HTTP Request methods known by Asterisk. More...

Functions
const char *	ast_get_http_method (enum ast_http_method method) attribute_pure
	Return http method name string.

enum ast_http_method	ast_get_http_method_from_string (const char *method)
	Return http method from string.

void	ast_http_auth (struct ast_tcptls_session_instance ser, const char realm, const unsigned long nonce, const unsigned long opaque, int stale, const char *text)
	Send http "401 Unauthorized" response and close socket.

int	ast_http_body_discard (struct ast_tcptls_session_instance *ser)
	Read and discard any unread HTTP request body.

void	ast_http_body_read_status (struct ast_tcptls_session_instance *ser, int read_success)
	Update the body read success status.

struct ast_variable *	ast_http_create_basic_auth_header (const char userid, const char password)
	Create an HTTP authorization header.

void	ast_http_create_response (struct ast_tcptls_session_instance ser, int status_code, const char status_title, struct ast_str http_header_data, const char text)
	Creates and sends a formatted http response message.

void	ast_http_error (struct ast_tcptls_session_instance ser, int status, const char title, const char *text)
	Send HTTP error message and close socket.

const char *	ast_http_ftype2mtype (const char *ftype) attribute_pure
	Return mime type based on extension.

struct ast_http_auth *	ast_http_get_auth (struct ast_variable *headers)
	Get HTTP authentication information from headers.

struct ast_variable *	ast_http_get_cookies (struct ast_variable *headers)
	Get cookie from Request headers.

struct ast_json *	ast_http_get_json (struct ast_tcptls_session_instance ser, struct ast_variable headers)
	Get JSON from client Request Entity-Body, if content type is application/json.

struct ast_variable *	ast_http_get_post_vars (struct ast_tcptls_session_instance ser, struct ast_variable headers)
	Get post variables from client Request Entity-Body, if content type is application/x-www-form-urlencoded.

int	ast_http_header_match (const char name, const char expected_name, const char value, const char expected_value)
	Check if the header and value match (case insensitive) their associated expected values.

int	ast_http_header_match_in (const char name, const char expected_name, const char value, const char expected_value)
	Check if the header name matches the expected header name. If so, then check to see if the value can be located in the expected value.

int	ast_http_header_parse (char buf, char name, char *value)
	Parse a header into the given name/value strings.

uint32_t	ast_http_manid_from_vars (struct ast_variable *headers) attribute_pure
	Return manager id, if exist, from request headers.

struct ast_variable *	ast_http_parse_post_form (char buf, int content_length, const char content_type)
	Get post variables from an application/x-www-form-urlencoded buffer.

void	ast_http_prefix (char *buf, int len)
	Return the current prefix.

void	ast_http_request_close_on_completion (struct ast_tcptls_session_instance *ser)
	Request the HTTP connection be closed after this HTTP request.

int	ast_http_response_status_line (const char buf, const char version, int code)
	Parse the http response status line.

void	ast_http_send (struct ast_tcptls_session_instance ser, enum ast_http_method method, int status_code, const char status_title, struct ast_str http_header, struct ast_str out, int fd, unsigned int static_content)
	Generic function for sending HTTP/1.1 response.

int	ast_http_uri_link (struct ast_http_uri *urihandler)
	Register a URI handler.

void	ast_http_uri_unlink (struct ast_http_uri *urihandler)
	Unregister a URI handler.

void	ast_http_uri_unlink_all_with_key (const char *key)
	Unregister all handlers with matching key.

Detailed Description

Support for Private Asterisk HTTP Servers.

Note: Note: The Asterisk HTTP servers are extremely simple and minimal and only support the "GET" method.

Author: Mark Spencer marks.nosp@m.ter@.nosp@m.digiu.nosp@m.m.co.nosp@m.m

Note: In order to have TLS/SSL support, we need the openssl libraries. Still we can decide whether or not to use them by commenting in or out the DO_SSL macro. TLS/SSL support is basically implemented by reading from a config file (currently http.conf) the names of the certificate and cipher to use, and then run ssl_setup() to create an appropriate SSL_CTX (ssl_ctx) If we support multiple domains, presumably we need to read multiple certificates. When we are requested to open a TLS socket, we run make_file_from_fd() on the socket, to do the necessary setup. At the moment the context's name is hardwired in the function, but we can certainly make it into an extra parameter to the function. We declare most of ssl support variables unconditionally, because their number is small and this simplifies the code.; : the ssl-support variables (ssl_ctx, do_ssl, certfile, cipher) and their setup should be moved to a more central place, e.g. asterisk.conf and the source files that processes it. Similarly, ssl_setup() should be run earlier in the startup process so modules have it available.

Definition in file http.h.

Typedef Documentation

◆ ast_http_callback

typedef int(* ast_http_callback) (struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *get_params, struct ast_variable *headers)

HTTP Callbacks.

Parameters

ser	TCP/TLS session object
urih	Registered URI handler struct for the URI.
uri	Remaining request URI path (also with the get_params removed).
method	enum ast_http_method GET, POST, etc.
get_params	URI argument list passed with the HTTP request.
headers	HTTP request header-name/value pair list

Note: Should use the ast_http_send() function for sending content allocated with ast_str and/or content from an opened file descriptor.

Status and status text should be sent as arguments to the ast_http_send() function to reflect the status of the request (200 or 304, for example). Content length is calculated by ast_http_send() automatically.

Static content may be indicated to the ast_http_send() function, to indicate that it may be cached.

For a need authentication response, the ast_http_auth() function should be used.

For an error response, the ast_http_error() function should be used.

Return values

0	Continue and process the next HTTP request.
-1	Fatal HTTP connection error. Force the HTTP connection closed.

Definition at line 99 of file http.h.

Enumeration Type Documentation

◆ ast_http_method

enum ast_http_method

HTTP Request methods known by Asterisk.

Enumerator
AST_HTTP_UNKNOWN	Unknown response
AST_HTTP_GET
AST_HTTP_POST
AST_HTTP_HEAD
AST_HTTP_PUT
AST_HTTP_DELETE
AST_HTTP_OPTIONS
AST_HTTP_MAX_METHOD	Last entry in ast_http_method enum

Definition at line 58 of file http.h.

                     {
    AST_HTTP_UNKNOWN = -1,   /*!< Unknown response */
    AST_HTTP_GET = 0,
    AST_HTTP_POST,
    AST_HTTP_HEAD,
    AST_HTTP_PUT,
    AST_HTTP_DELETE,
    AST_HTTP_OPTIONS,
    AST_HTTP_MAX_METHOD, /*!< Last entry in ast_http_method enum */
};

Function Documentation

◆ ast_get_http_method()

const char * ast_get_http_method ( enum ast_http_method method )

Return http method name string.

Since: 1.8

Definition at line 207 of file http.c.

{
    int x;
 
    for (x = 0; x < ARRAY_LEN(ast_http_methods_text); x++) {
        if (ast_http_methods_text[x].method == method) {
            return ast_http_methods_text[x].text;
        }
    }
 
    return NULL;
}

References ARRAY_LEN, ast_http_methods_text, method, NULL, and ast_cfhttp_methods_text::text.

Referenced by add_allow_header(), ast_ari_callback(), ast_ari_invoke(), auth_http_callback(), and handle_options().

◆ ast_get_http_method_from_string()

enum ast_http_method ast_get_http_method_from_string ( const char * method )

Return http method from string.

Definition at line 220 of file http.c.

{
    int x;
 
    for (x = 0; x < ARRAY_LEN(ast_http_methods_text); x++) {
        if (ast_strings_equal(method, ast_http_methods_text[x].text)) {
            return ast_http_methods_text[x].method;
        }
    }
 
    return AST_HTTP_UNKNOWN;
}

References ARRAY_LEN, ast_http_methods_text, AST_HTTP_UNKNOWN, ast_strings_equal(), ast_cfhttp_methods_text::method, method, and text.

Referenced by parse_rest_request_msg().

◆ ast_http_auth()

void ast_http_auth	(	struct ast_tcptls_session_instance *	ser,
		const char *	realm,
		const unsigned long	nonce,
		const unsigned long	opaque,
		int	stale,
		const char *	text
	)

Send http "401 Unauthorized" response and close socket.

Definition at line 688 of file http.c.

{
    int status_code = 401;
    char *status_title = "Unauthorized";
    struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH);
 
    if (http_header_data) {
        ast_str_set(&http_header_data,
                    0,
                    "WWW-authenticate: Digest algorithm=MD5, realm=\"%s\", nonce=\"%08lx\", qop=\"auth\", opaque=\"%08lx\"%s\r\n"
                    "Content-type: text/html\r\n",
                    realm ? realm : "Asterisk",
                    nonce,
                    opaque,
                    stale ? ", stale=true" : "");
    }
 
    ast_http_create_response(ser,
                             status_code,
                             status_title,
                             http_header_data,
                             text);
}

References ast_http_create_response(), ast_str_create, ast_str_set(), DEFAULT_RESPONSE_HEADER_LENGTH, and text.

◆ ast_http_body_discard()

int ast_http_body_discard ( struct ast_tcptls_session_instance * ser )

Read and discard any unread HTTP request body.

Since: 12.4.0

Parameters

ser	HTTP TCP/TLS session object.

Return values

0	on success.
-1	on error.

Definition at line 1185 of file http.c.

{
    struct http_worker_private_data *request;
 
    request = ser->private_data;
    if (!ast_test_flag(&request->flags, HTTP_FLAG_HAS_BODY)
        || ast_test_flag(&request->flags, HTTP_FLAG_BODY_READ)) {
        /* No body to read or it has already been read. */
        return 0;
    }
    ast_set_flag(&request->flags, HTTP_FLAG_BODY_READ);
 
    ast_debug(1, "HTTP discarding unused request body\n");
 
    ast_assert(request->body_length != 0);
    if (0 < request->body_length) {
        if (http_body_discard_contents(ser, request->body_length, "body")) {
            ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
            return -1;
        }
        return 0;
    }
 
    /* parse chunked-body */
    for (;;) {
        int length;
 
        length = http_body_get_chunk_length(ser);
        if (length < 0) {
            ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
            return -1;
        }
        if (length == 0) {
            /* parsed last-chunk */
            break;
        }
 
        if (http_body_discard_contents(ser, length, "chunk-data")
            || http_body_check_chunk_sync(ser)) {
            ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
            return -1;
        }
    }
 
    /* Read and discard any trailer entity-header lines. */
    if (http_body_discard_chunk_trailer_headers(ser)) {
        ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
        return -1;
    }
    return 0;
}

References ast_assert, ast_debug, ast_set_flag, ast_test_flag, http_body_check_chunk_sync(), http_body_discard_chunk_trailer_headers(), http_body_discard_contents(), http_body_get_chunk_length(), HTTP_FLAG_BODY_READ, HTTP_FLAG_CLOSE_ON_COMPLETION, HTTP_FLAG_HAS_BODY, ast_tcptls_session_instance::private_data, and request().

Referenced by ast_http_send(), and ast_websocket_uri_cb().

◆ ast_http_body_read_status()

void ast_http_body_read_status	(	struct ast_tcptls_session_instance *	ser,
		int	read_success
	)

Update the body read success status.

Since: 12.4.0

Parameters

ser	HTTP TCP/TLS session object.
read_success	TRUE if body was read successfully.

Definition at line 964 of file http.c.

{
    struct http_worker_private_data *request;
 
    request = ser->private_data;
    if (!ast_test_flag(&request->flags, HTTP_FLAG_HAS_BODY)
        || ast_test_flag(&request->flags, HTTP_FLAG_BODY_READ)) {
        /* No body to read. */
        return;
    }
    ast_set_flag(&request->flags, HTTP_FLAG_BODY_READ);
    if (!read_success) {
        ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
    }
}

References ast_set_flag, ast_test_flag, HTTP_FLAG_BODY_READ, HTTP_FLAG_CLOSE_ON_COMPLETION, HTTP_FLAG_HAS_BODY, ast_tcptls_session_instance::private_data, and request().

Referenced by http_post_callback().

◆ ast_http_create_basic_auth_header()

struct ast_variable * ast_http_create_basic_auth_header	(	const char *	userid,
		const char *	password
	)

Create an HTTP authorization header.

The returned ast_variable must be freed with ast_variables_destroy()

Parameters

userid	User ID or "<userid>:<password>".
password	Password if not in userid.

Returns: ast_variable with name="Authorization" and value="Basic <base64enc>"

Return values

NULL	if memory allocation failed.

Definition at line 1726 of file http.c.

{
    int encoded_size = 0;
    int userinfo_len = 0;
    RAII_VAR(char *, userinfo, NULL, ast_free);
    char *encoded_userinfo = NULL;
    struct ast_variable *auth_header = NULL;
 
    if (ast_strlen_zero(userid)) {
        return NULL;
    }
 
    if (strchr(userid, ':')) {
        userinfo = ast_strdup(userid);
        userinfo_len = strlen(userinfo);
    } else {
        if (ast_strlen_zero(password)) {
            return NULL;
        }
        userinfo_len = ast_asprintf(&userinfo, "%s:%s", userid, password);
    }
    if (!userinfo) {
        return NULL;
    }
 
    /*
     * The header value is "Basic " + base64(userinfo).
     * Doubling the userinfo length then adding the length
     * of the "Basic " prefix is a conservative estimate of the
     * final encoded size.
     */
    encoded_size = userinfo_len * 2 * sizeof(char) + 1 + BASIC_LEN;
    encoded_userinfo = ast_alloca(encoded_size);
    strcpy(encoded_userinfo, BASIC_PREFIX); /* Safe */
    ast_base64encode(encoded_userinfo + BASIC_LEN, (unsigned char *)userinfo,
        userinfo_len, encoded_size - BASIC_LEN);
 
    auth_header = ast_variable_new("Authorization",
        encoded_userinfo, "");
 
    return auth_header;
}

References ast_alloca, ast_asprintf, ast_base64encode(), ast_free, ast_strdup, ast_strlen_zero(), ast_variable_new, BASIC_LEN, BASIC_PREFIX, NULL, and RAII_VAR.

Referenced by outbound_session_handler_thread(), and websocket_client_handshake().

◆ ast_http_create_response()

void ast_http_create_response	(	struct ast_tcptls_session_instance *	ser,
		int	status_code,
		const char *	status_title,
		struct ast_str *	http_header_data,
		const char *	text
	)

Creates and sends a formatted http response message.

Parameters

ser	TCP/TLS session object
status_code	HTTP response code (200/401/403/404/500)
status_title	English equivalent to the status_code parameter
http_header_data	The formatted text to use in the http header
text	Additional informational text to use in the response

Note: Function constructs response headers from the status_code, status_title and http_header_data parameters.

The response body is created as HTML content, from the status_code, status_title, and the text parameters.

The http_header_data parameter will be freed as a result of calling function.

Since: 13.2.0

Definition at line 633 of file http.c.

{
    char server_name[MAX_SERVER_NAME_LENGTH];
    struct ast_str *server_address = ast_str_create(MAX_SERVER_NAME_LENGTH);
    struct ast_str *out = ast_str_create(INITIAL_RESPONSE_BODY_BUFFER);
 
    if (!http_header_data || !server_address || !out) {
        ast_free(http_header_data);
        ast_free(server_address);
        ast_free(out);
        if (ser) {
            ast_debug(1, "HTTP closing session. OOM.\n");
            ast_tcptls_close_session_file(ser);
        }
        return;
    }
 
    if(!ast_strlen_zero(http_server_name)) {
        ast_xml_escape(http_server_name, server_name, sizeof(server_name));
        ast_str_set(&server_address,
                    0,
                    "<address>%s</address>\r\n",
                    server_name);
    }
 
    ast_str_set(&out,
                0,
                "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
                "<html><head>\r\n"
                "<title>%d %s</title>\r\n"
                "</head><body>\r\n"
                "<h1>%s</h1>\r\n"
                "<p>%s</p>\r\n"
                "<hr />\r\n"
                "%s"
                "</body></html>\r\n",
                status_code,
                status_title,
                status_title,
                text ? text : "",
                ast_str_buffer(server_address));
 
    ast_free(server_address);
 
    ast_http_send(ser,
                  AST_HTTP_UNKNOWN,
                  status_code,
                  status_title,
                  http_header_data,
                  out,
                  0,
                  0);
}

References ast_debug, ast_free, ast_http_send(), AST_HTTP_UNKNOWN, ast_str_buffer(), ast_str_create, ast_str_set(), ast_strlen_zero(), ast_tcptls_close_session_file(), ast_xml_escape(), http_server_name, INITIAL_RESPONSE_BODY_BUFFER, MAX_SERVER_NAME_LENGTH, out, and text.

Referenced by ast_http_auth(), and ast_http_error().

◆ ast_http_error()

void ast_http_error	(	struct ast_tcptls_session_instance *	ser,
		int	status,
		const char *	title,
		const char *	text
	)

Send HTTP error message and close socket.

Definition at line 714 of file http.c.

{
    struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH);
 
    if (http_header_data) {
        ast_str_set(&http_header_data, 0, "Content-type: text/html\r\n");
    }
 
    ast_http_create_response(ser,
                             status_code,
                             status_title,
                             http_header_data,
                             text);
}

References ast_http_create_response(), ast_str_create, ast_str_set(), DEFAULT_RESPONSE_HEADER_LENGTH, and text.

Referenced by ast_ari_callback(), ast_websocket_uri_cb(), auth_http_callback(), generic_http_callback(), handle_uri(), http_callback(), http_post_callback(), http_request_headers_get(), http_request_tracking_setup(), httpd_helper_thread(), httpd_process_request(), httpstatus_callback(), incoming_ws_http_callback(), phoneprov_callback(), static_callback(), and websocket_bad_request().

◆ ast_http_ftype2mtype()

const char * ast_http_ftype2mtype ( const char * ftype )

Return mime type based on extension.

Parameters

ftype filename extension

Returns: String containing associated MIME type

Since: 1.8

Definition at line 233 of file http.c.

{
    int x;
 
    if (ftype) {
        for (x = 0; x < ARRAY_LEN(mimetypes); x++) {
            if (!strcasecmp(ftype, mimetypes[x].ext)) {
                return mimetypes[x].mtype;
            }
        }
    }
    return NULL;
}

References ARRAY_LEN, ext, mimetypes, and NULL.

Referenced by build_profile(), and static_callback().

◆ ast_http_get_auth()

struct ast_http_auth * ast_http_get_auth ( struct ast_variable * headers )

Get HTTP authentication information from headers.

The returned object is AO2 managed, so clean up with ao2_cleanup().

Parameters

headers HTTP request headers.

Returns: HTTP auth structure.

Return values

NULL	if no supported HTTP auth headers present.

Since: 12

Definition at line 1669 of file http.c.

{
    struct ast_variable *v;
 
    for (v = headers; v; v = v->next) {
        const char *base64;
        char decoded[256] = {};
        char *username;
        char *password;
#ifdef AST_DEVMODE
        int cnt;
#endif /* AST_DEVMODE */
 
        if (strcasecmp("Authorization", v->name) != 0) {
            continue;
        }
 
        if (!ast_begins_with(v->value, BASIC_PREFIX)) {
            ast_log(LOG_DEBUG,
                "Unsupported Authorization scheme\n");
            continue;
        }
 
        /* Basic auth header parsing. RFC 2617, section 2.
         *   credentials = "Basic" basic-credentials
         *   basic-credentials = base64-user-pass
         *   base64-user-pass  = <base64 encoding of user-pass,
         *                        except not limited to 76 char/line>
         *   user-pass   = userid ":" password
         */
 
        base64 = v->value + BASIC_LEN;
 
        /* This will truncate "userid:password" lines to
         * sizeof(decoded). The array is long enough that this shouldn't
         * be a problem */
#ifdef AST_DEVMODE
        cnt =
#endif /* AST_DEVMODE */
        ast_base64decode((unsigned char*)decoded, base64,
            sizeof(decoded) - 1);
        ast_assert(cnt < sizeof(decoded));
 
        /* Split the string at the colon */
        password = decoded;
        username = strsep(&password, ":");
        if (!password) {
            ast_log(LOG_WARNING, "Invalid Authorization header\n");
            return NULL;
        }
 
        return auth_create(username, password);
    }
 
    return NULL;
}

References ast_assert, ast_base64decode(), ast_begins_with(), ast_log, auth_create(), base64, BASIC_LEN, BASIC_PREFIX, LOG_DEBUG, LOG_WARNING, ast_variable::name, ast_variable::next, NULL, strsep(), and ast_variable::value.

Referenced by authenticate_user(), and http_callback().

◆ ast_http_get_cookies()

struct ast_variable * ast_http_get_cookies ( struct ast_variable * headers )

Get cookie from Request headers.

Definition at line 1622 of file http.c.

{
    struct ast_variable *v, *cookies = NULL;
 
    for (v = headers; v; v = v->next) {
        if (!strcasecmp(v->name, "Cookie")) {
            ast_variables_destroy(cookies);
            cookies = parse_cookies(v->value);
        }
    }
    return cookies;
}

References ast_variables_destroy(), ast_variable::name, ast_variable::next, NULL, parse_cookies(), and ast_variable::value.

Referenced by ast_http_manid_from_vars(), and httpstatus_callback().

◆ ast_http_get_json()

struct ast_json * ast_http_get_json	(	struct ast_tcptls_session_instance *	ser,
		struct ast_variable *	headers
	)

Get JSON from client Request Entity-Body, if content type is application/json.

Parameters

ser	TCP/TLS session object
headers	List of HTTP headers

Returns: Parsed JSON content body

Return values

NULL	on error, if no content, or if different content type.

Since: 12

Definition at line 1380 of file http.c.

{
    int content_length = 0;
    struct ast_json *body;
    RAII_VAR(char *, buf, NULL, ast_free);
    RAII_VAR(char *, type, get_content_type(headers), ast_free);
 
    /* Use errno to distinguish errors from no body */
    errno = 0;
 
    if (ast_strlen_zero(type) || strcasecmp(type, "application/json")) {
        /* Content type is not JSON.  Don't read the body. */
        return NULL;
    }
 
    buf = ast_http_get_contents(&content_length, ser, headers);
    if (!buf || !content_length) {
        /*
         * errno already set
         * or it is not an error to have zero content
         */
        return NULL;
    }
 
    body = ast_json_load_buf(buf, content_length, NULL);
    if (!body) {
        /* Failed to parse JSON; treat as an I/O error */
        errno = EIO;
        return NULL;
    }
 
    return body;
}

References ast_free, ast_http_get_contents(), ast_json_load_buf(), ast_strlen_zero(), buf, errno, get_content_type(), NULL, RAII_VAR, and type.

Referenced by ast_ari_callback().

◆ ast_http_get_post_vars()

struct ast_variable * ast_http_get_post_vars	(	struct ast_tcptls_session_instance *	ser,
		struct ast_variable *	headers
	)

Get post variables from client Request Entity-Body, if content type is application/x-www-form-urlencoded.

Parameters

ser	TCP/TLS session object
headers	List of HTTP headers

Returns: List of variables within the POST body

Note: Since returned list is malloc'd, list should be free'd by the calling function

Since: 1.8

Definition at line 1455 of file http.c.

{
    int content_length = 0;
    RAII_VAR(char *, buf, NULL, ast_free);
    RAII_VAR(char *, type, get_content_type(headers), ast_free);
 
    /* Use errno to distinguish errors from no params */
    errno = 0;
 
    if (ast_strlen_zero(type) ||
        strcasecmp(type, "application/x-www-form-urlencoded")) {
        /* Content type is not form data.  Don't read the body. */
        return NULL;
    }
 
    buf = ast_http_get_contents(&content_length, ser, headers);
    if (!buf || !content_length) {
        /*
         * errno already set
         * or it is not an error to have zero content
         */
        return NULL;
    }
 
    return ast_http_parse_post_form(buf, content_length, type);
}

References ast_free, ast_http_get_contents(), ast_http_parse_post_form(), ast_strlen_zero(), buf, errno, get_content_type(), NULL, RAII_VAR, and type.

Referenced by ast_ari_callback(), auth_http_callback(), and generic_http_callback().

◆ ast_http_header_match()

int ast_http_header_match	(	const char *	name,
		const char *	expected_name,
		const char *	value,
		const char *	expected_value
	)

Check if the header and value match (case insensitive) their associated expected values.

Parameters

name	header name to check
expected_name	the expected name of the header
value	header value to check
expected_value	the expected value of the header

Return values

0	if the name and expected name do not match
-1	if the value and expected value do not match
1	if the both the name and value match their expected value

Since: 13

Definition at line 1844 of file http.c.

{
    if (strcasecmp(name, expected_name)) {
        /* no value to validate if names don't match */
        return 0;
    }
 
    if (strcasecmp(value, expected_value)) {
        ast_log(LOG_ERROR, "Invalid header value - expected %s "
            "received %s", value, expected_value);
        return -1;
    }
    return 1;
}

References ast_log, LOG_ERROR, name, and value.

Referenced by websocket_client_handshake_get_response().

◆ ast_http_header_match_in()

int ast_http_header_match_in	(	const char *	name,
		const char *	expected_name,
		const char *	value,
		const char *	expected_value
	)

Check if the header name matches the expected header name. If so, then check to see if the value can be located in the expected value.

Note: Both header and value checks are case insensitive.

Parameters

name	header name to check
expected_name	the expected name of the header
value	header value to check if in expected value
expected_value	the expected value(s)

Return values

0	if the name and expected name do not match
-1	if the value and is not in the expected value
1	if the name matches expected name and value is in expected value

Since: 13

Definition at line 1860 of file http.c.

{
    if (strcasecmp(name, expected_name)) {
        /* no value to validate if names don't match */
        return 0;
    }
 
    if (!strcasestr(expected_value, value)) {
        ast_log(LOG_ERROR, "Header '%s' - could not locate '%s' "
            "in '%s'\n", name, value, expected_value);
        return -1;
 
    }
    return 1;
}

References ast_log, LOG_ERROR, name, strcasestr(), and value.

Referenced by websocket_client_handshake_get_response().

◆ ast_http_header_parse()

int ast_http_header_parse	(	char *	buf,
		char **	name,
		char **	value
	)

Parse a header into the given name/value strings.

Note: This modifies the given buffer and the out parameters point (not allocated) to the start of the header name and header value, respectively.

Parameters

	buf	a string containing the name/value to point to
[out]	name	header name
[out]	value	header value

Return values

-1	if buf is empty
0	if buf could be separated into name and value
1	if name or value portion don't exist

Since: 13

Definition at line 1822 of file http.c.

{
    ast_trim_blanks(buf);
    if (ast_strlen_zero(buf)) {
        return -1;
    }
 
    *value = buf;
    *name = strsep(value, ":");
    if (!*value) {
        return 1;
    }
 
    *value = ast_skip_blanks(*value);
    if (ast_strlen_zero(*value) || ast_strlen_zero(*name)) {
        return 1;
    }
 
    remove_excess_lws(*value);
    return 0;
}

References ast_skip_blanks(), ast_strlen_zero(), ast_trim_blanks(), buf, name, remove_excess_lws(), strsep(), and value.

Referenced by websocket_client_handshake_get_response().

◆ ast_http_manid_from_vars()

uint32_t ast_http_manid_from_vars ( struct ast_variable * headers )

Return manager id, if exist, from request headers.

Parameters

headers List of HTTP headers

Returns: 32-bit associated manager session identifier

Since: 1.8

Definition at line 247 of file http.c.

{
    uint32_t mngid = 0;
    struct ast_variable *v, *cookies;
 
    cookies = ast_http_get_cookies(headers);
    for (v = cookies; v; v = v->next) {
        if (!strcasecmp(v->name, "mansession_id")) {
            sscanf(v->value, "%30x", &mngid);
            break;
        }
    }
    ast_variables_destroy(cookies);
    return mngid;
}

References ast_http_get_cookies(), ast_variables_destroy(), ast_variable::name, ast_variable::next, and ast_variable::value.

Referenced by generic_http_callback(), http_post_callback(), and static_callback().

◆ ast_http_parse_post_form()

struct ast_variable * ast_http_parse_post_form	(	char *	buf,
		int	content_length,
		const char *	content_type
	)

Get post variables from an application/x-www-form-urlencoded buffer.

Parameters

buf	input buffer
content_len	Buffer length
content_type	Content type (must be "application/x-www-form-urlencoded")

Warning: The input buffer will be modified by strsep() so pass in a copy if you need to keep the original.

Returns: List of ast_variables from the buffer. Must be freed with ast_variables_destroy().

Definition at line 1419 of file http.c.

{
    struct ast_variable *v, *post_vars=NULL, *prev = NULL;
    char *var, *val;
 
    /* Use errno to distinguish errors from no params */
    errno = 0;
 
    if (ast_strlen_zero(content_type) ||
        strcasecmp(content_type, "application/x-www-form-urlencoded") != 0) {
        /* Content type is not form data.  Don't read the body. */
        return NULL;
    }
 
    while ((val = strsep(&buf, "&"))) {
        var = strsep(&val, "=");
        if (val) {
            ast_uri_decode(val, ast_uri_http_legacy);
        } else  {
            val = "";
        }
        ast_uri_decode(var, ast_uri_http_legacy);
        if ((v = ast_variable_new(var, val, ""))) {
            if (post_vars) {
                prev->next = v;
            } else {
                post_vars = v;
            }
            prev = v;
        }
    }
 
    return post_vars;
}

References ast_strlen_zero(), ast_uri_decode(), ast_uri_http_legacy, ast_variable_new, buf, errno, NULL, strsep(), and var.

Referenced by ast_http_get_post_vars(), and parse_rest_request_msg().

◆ ast_http_prefix()

void ast_http_prefix	(	char *	buf,
		int	len
	)

Return the current prefix.

Parameters

[out]	buf	destination buffer for previous
[in]	len	length of prefix to copy

Since: 1.6.1

Definition at line 263 of file http.c.

{
    if (buf) {
        ast_copy_string(buf, prefix, len);
    }
}

References ast_copy_string(), buf, len(), and prefix.

◆ ast_http_request_close_on_completion()

void ast_http_request_close_on_completion ( struct ast_tcptls_session_instance * ser )

Request the HTTP connection be closed after this HTTP request.

Since: 12.4.0

Parameters

ser	HTTP TCP/TLS session object.

Note: Call before ast_http_error() to make the connection close.

Definition at line 903 of file http.c.

{
    struct http_worker_private_data *request = ser->private_data;
 
    ast_set_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION);
}

References ast_set_flag, HTTP_FLAG_CLOSE_ON_COMPLETION, ast_tcptls_session_instance::private_data, and request().

Referenced by ast_ari_callback(), ast_ari_invoke(), auth_http_callback(), generic_http_callback(), handle_uri(), http_callback(), http_post_callback(), httpstatus_callback(), static_callback(), and websocket_bad_request().

◆ ast_http_response_status_line()

int ast_http_response_status_line	(	const char *	buf,
		const char *	version,
		int	code
	)

Parse the http response status line.

Parameters

buf	the http response line information
version	the expected http version (e.g. HTTP/1.1)
code	the expected status code

Return values

-1	if version didn't match or status code conversion fails.

Returns: status code (>0)

Since: 13

Definition at line 1770 of file http.c.

{
    int status_code;
    size_t size = strlen(version);
 
    if (strncmp(buf, version, size) || buf[size] != ' ') {
        ast_log(LOG_ERROR, "HTTP version not supported - "
            "expected %s\n", version);
        return -1;
    }
 
    /* skip to status code (version + space) */
    buf += size + 1;
 
    if (sscanf(buf, "%d", &status_code) != 1) {
        ast_log(LOG_ERROR, "Could not read HTTP status code - "
            "%s\n", buf);
        return -1;
    }
 
    return status_code;
}

References ast_log, buf, LOG_ERROR, and version.

Referenced by websocket_client_handshake_get_response().

◆ ast_http_send()

void ast_http_send	(	struct ast_tcptls_session_instance *	ser,
		enum ast_http_method	method,
		int	status_code,
		const char *	status_title,
		struct ast_str *	http_header,
		struct ast_str *	out,
		int	fd,
		unsigned int	static_content
	)

Generic function for sending HTTP/1.1 response.

Parameters

ser	TCP/TLS session object
method	GET/POST/HEAD
status_code	HTTP response code (200/401/403/404/500)
status_title	English equivalent to the status_code parameter
http_header	An ast_str object containing all headers
out	An ast_str object containing the body of the response
fd	If out is NULL, a file descriptor where the body of the response is held (otherwise -1)
static_content	Zero if the content is dynamically generated and should not be cached; nonzero otherwise

Note: Function determines the HTTP response header from status_code, status_header, and http_header.

Extra HTTP headers MUST be present only in the http_header argument. The argument "out" should contain only content of the response (no headers!).

HTTP content can be constructed from the argument "out", if it is not NULL; otherwise, the function will read content from FD.

This function calculates the content-length http header itself.

Both the http_header and out arguments will be freed by this function; however, if FD is open, it will remain open.

Since: 1.8

Definition at line 522 of file http.c.

{
    struct timeval now = ast_tvnow();
    struct ast_tm tm;
    char timebuf[80];
    char buf[256];
    int len;
    int content_length = 0;
    int close_connection;
    struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
    int send_content;
 
    if (!ser || !server_header_field) {
        /* The connection is not open. */
        ast_free(http_header);
        ast_free(out);
        ast_free(server_header_field);
        return;
    }
 
    if(!ast_strlen_zero(http_server_name)) {
        ast_str_set(&server_header_field,
                    0,
                    "Server: %s\r\n",
                    http_server_name);
    }
 
    /*
     * We shouldn't be sending non-final status codes to this
     * function because we may close the connection before
     * returning.
     */
    ast_assert(200 <= status_code);
 
    if (session_keep_alive <= 0) {
        close_connection = 1;
    } else {
        struct http_worker_private_data *request;
 
        request = ser->private_data;
        if (!request
            || ast_test_flag(&request->flags, HTTP_FLAG_CLOSE_ON_COMPLETION)
            || ast_http_body_discard(ser)) {
            close_connection = 1;
        } else {
            close_connection = 0;
        }
    }
 
    ast_strftime(timebuf, sizeof(timebuf), "%a, %d %b %Y %H:%M:%S GMT", ast_localtime(&now, &tm, "GMT"));
 
    /* calc content length */
    if (out) {
        content_length += ast_str_strlen(out);
    }
 
    if (fd) {
        content_length += lseek(fd, 0, SEEK_END);
        lseek(fd, 0, SEEK_SET);
    }
 
    send_content = method != AST_HTTP_HEAD || status_code >= 400;
 
    /* send http header */
    if (ast_iostream_printf(ser->stream,
        "HTTP/1.1 %d %s\r\n"
        "%s"
        "Date: %s\r\n"
        "%s"
        "%s"
        "%s"
        "Content-Length: %d\r\n"
        "\r\n"
        "%s",
        status_code, status_title ? status_title : "OK",
        ast_str_buffer(server_header_field),
        timebuf,
        close_connection ? "Connection: close\r\n" : "",
        static_content ? "" : "Cache-Control: no-cache, no-store\r\n",
        http_header ? ast_str_buffer(http_header) : "",
        content_length,
        send_content && out && ast_str_strlen(out) ? ast_str_buffer(out) : ""
        ) <= 0) {
        ast_debug(1, "ast_iostream_printf() failed: %s\n", strerror(errno));
        close_connection = 1;
    } else if (send_content && fd) {
        /* send file content */
        while ((len = read(fd, buf, sizeof(buf))) > 0) {
            if (ast_iostream_write(ser->stream, buf, len) != len) {
                ast_debug(1, "ast_iostream_write() failed: %s\n", strerror(errno));
                close_connection = 1;
                break;
            }
        }
    }
 
    ast_free(http_header);
    ast_free(out);
    ast_free(server_header_field);
 
    if (close_connection) {
        ast_debug(1, "HTTP closing session.  status_code:%d\n", status_code);
        ast_tcptls_close_session_file(ser);
    } else {
        ast_debug(1, "HTTP keeping session open.  status_code:%d\n", status_code);
    }
}

References ast_assert, ast_debug, ast_free, ast_http_body_discard(), AST_HTTP_HEAD, ast_iostream_printf(), ast_iostream_write(), ast_localtime(), ast_str_buffer(), ast_str_create, ast_str_set(), ast_str_strlen(), ast_strftime(), ast_strlen_zero(), ast_tcptls_close_session_file(), ast_test_flag, ast_tvnow(), buf, errno, HTTP_FLAG_CLOSE_ON_COMPLETION, http_server_name, len(), MAX_SERVER_NAME_LENGTH, method, out, ast_tcptls_session_instance::private_data, request(), session_keep_alive, and ast_tcptls_session_instance::stream.

Referenced by ast_ari_callback(), ast_http_create_response(), auth_http_callback(), generic_http_callback(), handle_uri(), http_callback(), http_callback(), httpstatus_callback(), phoneprov_callback(), static_callback(), and websocket_bad_request().

◆ ast_http_uri_link()

int ast_http_uri_link ( struct ast_http_uri * urih )

Register a URI handler.

They are sorted by length of the string, not alphabetically. Duplicate entries are not replaced, but the insertion order (using <= and not just <) makes sure that more recent insertions hide older ones. On a lookup, we just scan the list and stop at the first matching entry.

Definition at line 739 of file http.c.

{
    struct ast_http_uri *uri;
    int len = strlen(urih->uri);
 
    AST_RWLIST_WRLOCK(&uris);
 
    urih->prefix = prefix;
 
    if ( AST_RWLIST_EMPTY(&uris) || strlen(AST_RWLIST_FIRST(&uris)->uri) <= len ) {
        AST_RWLIST_INSERT_HEAD(&uris, urih, entry);
        AST_RWLIST_UNLOCK(&uris);
        return 0;
    }
 
    AST_RWLIST_TRAVERSE(&uris, uri, entry) {
        if (AST_RWLIST_NEXT(uri, entry) &&
            strlen(AST_RWLIST_NEXT(uri, entry)->uri) <= len) {
            AST_RWLIST_INSERT_AFTER(&uris, uri, urih, entry);
            AST_RWLIST_UNLOCK(&uris);
 
            return 0;
        }
    }
 
    AST_RWLIST_INSERT_TAIL(&uris, urih, entry);
 
    AST_RWLIST_UNLOCK(&uris);
 
    return 0;
}

References AST_RWLIST_EMPTY, AST_RWLIST_FIRST, AST_RWLIST_INSERT_AFTER, AST_RWLIST_INSERT_HEAD, AST_RWLIST_INSERT_TAIL, AST_RWLIST_NEXT, AST_RWLIST_TRAVERSE, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, ast_http_uri::entry, len(), ast_http_uri::prefix, prefix, and ast_http_uri::uri.

Referenced by __ast_http_load(), __ast_http_post_load(), __init_manager(), load_module(), load_module(), load_module(), load_module(), load_module(), load_module(), reload_module(), and reload_module().

◆ ast_http_uri_unlink()

void ast_http_uri_unlink ( struct ast_http_uri * urihandler )

Unregister a URI handler.

Definition at line 771 of file http.c.

{
    AST_RWLIST_WRLOCK(&uris);
    AST_RWLIST_REMOVE(&uris, urih, entry);
    AST_RWLIST_UNLOCK(&uris);
}

References AST_RWLIST_REMOVE, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, and ast_http_uri::entry.

Referenced by __ast_http_load(), __init_manager(), load_module(), reload_module(), reload_module(), unload_module(), unload_module(), unload_module(), unload_module(), unload_module(), unload_module(), and unload_module().

◆ ast_http_uri_unlink_all_with_key()

void ast_http_uri_unlink_all_with_key ( const char * key )

Unregister all handlers with matching key.

Definition at line 778 of file http.c.

{
    struct ast_http_uri *urih;
    AST_RWLIST_WRLOCK(&uris);
    AST_RWLIST_TRAVERSE_SAFE_BEGIN(&uris, urih, entry) {
        if (!strcmp(urih->key, key)) {
            AST_RWLIST_REMOVE_CURRENT(entry);
            if (urih->dmallocd) {
                ast_free(urih->data);
            }
            if (urih->mallocd) {
                ast_free(urih);
            }
        }
    }
    AST_RWLIST_TRAVERSE_SAFE_END;
    AST_RWLIST_UNLOCK(&uris);
}

References ast_free, AST_RWLIST_REMOVE_CURRENT, AST_RWLIST_TRAVERSE_SAFE_BEGIN, AST_RWLIST_TRAVERSE_SAFE_END, AST_RWLIST_UNLOCK, AST_RWLIST_WRLOCK, ast_http_uri::data, ast_http_uri::dmallocd, ast_http_uri::entry, ast_http_uri::key, and ast_http_uri::mallocd.

Referenced by __ast_http_post_load(), and unload_module().

Data Structures

Typedefs

Enumerations

Functions

Detailed Description

Typedef Documentation

◆ ast_http_callback

Enumeration Type Documentation

◆ ast_http_method

Function Documentation

◆ ast_get_http_method()

◆ ast_get_http_method_from_string()

◆ ast_http_auth()

◆ ast_http_body_discard()

◆ ast_http_body_read_status()

◆ ast_http_create_basic_auth_header()

◆ ast_http_create_response()

◆ ast_http_error()

◆ ast_http_ftype2mtype()

◆ ast_http_get_auth()

◆ ast_http_get_cookies()

◆ ast_http_get_json()

◆ ast_http_get_post_vars()

◆ ast_http_header_match()

◆ ast_http_header_match_in()

◆ ast_http_header_parse()

◆ ast_http_manid_from_vars()

◆ ast_http_parse_post_form()

◆ ast_http_prefix()

◆ ast_http_request_close_on_completion()

◆ ast_http_response_status_line()

◆ ast_http_send()

◆ ast_http_uri_link()

◆ ast_http_uri_unlink()

◆ ast_http_uri_unlink_all_with_key()