526 lines
14 KiB
C
526 lines
14 KiB
C
|
/*
|
||
|
* UPnP WPS Device - Event processing
|
||
|
* Copyright (c) 2000-2003 Intel Corporation
|
||
|
* Copyright (c) 2006-2007 Sony Corporation
|
||
|
* Copyright (c) 2008-2009 Atheros Communications
|
||
|
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
|
||
|
*
|
||
|
* See wps_upnp.c for more details on licensing and code history.
|
||
|
*/
|
||
|
|
||
|
#include "includes.h"
|
||
|
#include <assert.h>
|
||
|
#include <fcntl.h>
|
||
|
|
||
|
#include "common.h"
|
||
|
#include "eloop.h"
|
||
|
#include "uuid.h"
|
||
|
#include "httpread.h"
|
||
|
#include "wps_upnp.h"
|
||
|
#include "wps_upnp_i.h"
|
||
|
|
||
|
/*
|
||
|
* Event message generation (to subscribers)
|
||
|
*
|
||
|
* We make a separate copy for each message for each subscriber. This memory
|
||
|
* wasted could be limited (adding code complexity) by sharing copies, keeping
|
||
|
* a usage count and freeing when zero.
|
||
|
*
|
||
|
* Sending a message requires using a HTTP over TCP NOTIFY
|
||
|
* (like a PUT) which requires a number of states..
|
||
|
*/
|
||
|
|
||
|
#define MAX_EVENTS_QUEUED 20 /* How far behind queued events */
|
||
|
#define EVENT_TIMEOUT_SEC 30 /* Drop sending event after timeout */
|
||
|
|
||
|
/* How long to wait before sending event */
|
||
|
#define EVENT_DELAY_SECONDS 0
|
||
|
#define EVENT_DELAY_MSEC 0
|
||
|
|
||
|
/*
|
||
|
* Event information that we send to each subscriber is remembered in this
|
||
|
* struct. The event cannot be sent by simple UDP; it has to be sent by a HTTP
|
||
|
* over TCP transaction which requires various states.. It may also need to be
|
||
|
* retried at a different address (if more than one is available).
|
||
|
*
|
||
|
* TODO: As an optimization we could share data between subscribers.
|
||
|
*/
|
||
|
struct wps_event_ {
|
||
|
struct wps_event_ *next;
|
||
|
struct wps_event_ *prev; /* double linked list */
|
||
|
struct subscription *s; /* parent */
|
||
|
unsigned subscriber_sequence; /* which event for this subscription*/
|
||
|
int retry; /* which retry */
|
||
|
struct subscr_addr *addr; /* address to connect to */
|
||
|
struct wpabuf *data; /* event data to send */
|
||
|
/* The following apply while we are sending an event message. */
|
||
|
int sd; /* -1 or socket descriptor for open connection */
|
||
|
int sd_registered; /* nonzero if we must cancel registration */
|
||
|
struct httpread *hread; /* NULL or open connection for event msg */
|
||
|
};
|
||
|
|
||
|
|
||
|
static void event_timeout_handler(void *eloop_data, void *user_ctx);
|
||
|
|
||
|
/* event_clean -- clean sockets etc. of event
|
||
|
* Leaves data, retry count etc. alone.
|
||
|
*/
|
||
|
static void event_clean(struct wps_event_ *e)
|
||
|
{
|
||
|
if (e->s->current_event == e) {
|
||
|
eloop_cancel_timeout(event_timeout_handler, NULL, e);
|
||
|
e->s->current_event = NULL;
|
||
|
}
|
||
|
if (e->sd_registered) {
|
||
|
eloop_unregister_sock(e->sd, EVENT_TYPE_WRITE);
|
||
|
e->sd_registered = 0;
|
||
|
}
|
||
|
if (e->sd != -1) {
|
||
|
close(e->sd);
|
||
|
e->sd = -1;
|
||
|
}
|
||
|
if (e->hread)
|
||
|
httpread_destroy(e->hread);
|
||
|
e->hread = NULL;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_delete -- delete single unqueued event
|
||
|
* (be sure to dequeue first if need be)
|
||
|
*/
|
||
|
void event_delete(struct wps_event_ *e)
|
||
|
{
|
||
|
event_clean(e);
|
||
|
wpabuf_free(e->data);
|
||
|
os_free(e);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_dequeue -- get next event from the queue
|
||
|
* Returns NULL if empty.
|
||
|
*/
|
||
|
static struct wps_event_ *event_dequeue(struct subscription *s)
|
||
|
{
|
||
|
struct wps_event_ **event_head = &s->event_queue;
|
||
|
struct wps_event_ *e = *event_head;
|
||
|
if (e == NULL)
|
||
|
return NULL;
|
||
|
e->next->prev = e->prev;
|
||
|
e->prev->next = e->next;
|
||
|
if (*event_head == e) {
|
||
|
if (e == e->next) {
|
||
|
/* last in queue */
|
||
|
*event_head = NULL;
|
||
|
} else {
|
||
|
*event_head = e->next;
|
||
|
}
|
||
|
}
|
||
|
s->n_queue--;
|
||
|
e->next = e->prev = NULL;
|
||
|
/* but parent "s" is still valid */
|
||
|
return e;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_enqueue_at_end -- add event to end of queue */
|
||
|
static void event_enqueue_at_end(struct subscription *s, struct wps_event_ *e)
|
||
|
{
|
||
|
struct wps_event_ **event_head = &s->event_queue;
|
||
|
if (*event_head == NULL) {
|
||
|
*event_head = e->next = e->prev = e;
|
||
|
} else {
|
||
|
e->next = *event_head;
|
||
|
e->prev = e->next->prev;
|
||
|
e->prev->next = e;
|
||
|
e->next->prev = e;
|
||
|
}
|
||
|
s->n_queue++;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_enqueue_at_begin -- add event to begin of queue
|
||
|
* (appropriate for retrying event only)
|
||
|
*/
|
||
|
static void event_enqueue_at_begin(struct subscription *s,
|
||
|
struct wps_event_ *e)
|
||
|
{
|
||
|
struct wps_event_ **event_head = &s->event_queue;
|
||
|
if (*event_head == NULL) {
|
||
|
*event_head = e->next = e->prev = e;
|
||
|
} else {
|
||
|
e->prev = *event_head;
|
||
|
e->next = e->prev->next;
|
||
|
e->prev->next = e;
|
||
|
e->next->prev = e;
|
||
|
*event_head = e;
|
||
|
}
|
||
|
s->n_queue++;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_delete_all -- delete entire event queue and current event */
|
||
|
void event_delete_all(struct subscription *s)
|
||
|
{
|
||
|
struct wps_event_ *e;
|
||
|
while ((e = event_dequeue(s)) != NULL)
|
||
|
event_delete(e);
|
||
|
if (s->current_event) {
|
||
|
event_delete(s->current_event);
|
||
|
/* will set: s->current_event = NULL; */
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* event_retry - Called when we had a failure delivering event msg
|
||
|
* @e: Event
|
||
|
* @do_next_address: skip address e.g. on connect fail
|
||
|
*/
|
||
|
static void event_retry(struct wps_event_ *e, int do_next_address)
|
||
|
{
|
||
|
struct subscription *s = e->s;
|
||
|
struct upnp_wps_device_sm *sm = s->sm;
|
||
|
|
||
|
event_clean(e);
|
||
|
/* will set: s->current_event = NULL; */
|
||
|
|
||
|
if (do_next_address)
|
||
|
e->retry++;
|
||
|
if (e->retry >= s->n_addr) {
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Giving up on sending event");
|
||
|
return;
|
||
|
}
|
||
|
event_enqueue_at_begin(s, e);
|
||
|
event_send_all_later(sm);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* called if the overall event-sending process takes too long */
|
||
|
static void event_timeout_handler(void *eloop_data, void *user_ctx)
|
||
|
{
|
||
|
struct wps_event_ *e = user_ctx;
|
||
|
struct subscription *s = e->s;
|
||
|
|
||
|
assert(e == s->current_event);
|
||
|
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Event send timeout");
|
||
|
event_retry(e, 1);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_got_response_handler -- called back when http response is received. */
|
||
|
static void event_got_response_handler(struct httpread *handle, void *cookie,
|
||
|
enum httpread_event en)
|
||
|
{
|
||
|
struct wps_event_ *e = cookie;
|
||
|
struct subscription *s = e->s;
|
||
|
struct upnp_wps_device_sm *sm = s->sm;
|
||
|
struct httpread *hread = e->hread;
|
||
|
int reply_code = 0;
|
||
|
|
||
|
assert(e == s->current_event);
|
||
|
eloop_cancel_timeout(event_timeout_handler, NULL, e);
|
||
|
|
||
|
if (en == HTTPREAD_EVENT_FILE_READY) {
|
||
|
if (httpread_hdr_type_get(hread) == HTTPREAD_HDR_TYPE_REPLY) {
|
||
|
reply_code = httpread_reply_code_get(hread);
|
||
|
if (reply_code == HTTP_OK) {
|
||
|
wpa_printf(MSG_DEBUG,
|
||
|
"WPS UPnP: Got event reply OK");
|
||
|
event_delete(e);
|
||
|
goto send_more;
|
||
|
} else {
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Got event "
|
||
|
"error reply code %d", reply_code);
|
||
|
goto bad;
|
||
|
}
|
||
|
} else {
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Got bogus event "
|
||
|
"response %d", en);
|
||
|
}
|
||
|
} else {
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Event response timeout/fail");
|
||
|
goto bad;
|
||
|
}
|
||
|
event_retry(e, 1);
|
||
|
goto send_more;
|
||
|
|
||
|
send_more:
|
||
|
/* Schedule sending more if there is more to send */
|
||
|
if (s->event_queue)
|
||
|
event_send_all_later(sm);
|
||
|
return;
|
||
|
|
||
|
bad:
|
||
|
/*
|
||
|
* If other side doesn't like what we say, forget about them.
|
||
|
* (There is no way to tell other side that we are dropping
|
||
|
* them...).
|
||
|
* Alternately, we could just do event_delete(e)
|
||
|
*/
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Deleting subscription due to errors");
|
||
|
subscription_unlink(s);
|
||
|
subscription_destroy(s);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_send_tx_ready -- actually write event message
|
||
|
*
|
||
|
* Prequisite: subscription socket descriptor has become ready to
|
||
|
* write (because connection to subscriber has been made).
|
||
|
*
|
||
|
* It is also possible that we are called because the connect has failed;
|
||
|
* it is possible to test for this, or we can just go ahead and then
|
||
|
* the write will fail.
|
||
|
*/
|
||
|
static void event_send_tx_ready(int sock, void *eloop_ctx, void *sock_ctx)
|
||
|
{
|
||
|
struct wps_event_ *e = sock_ctx;
|
||
|
struct subscription *s = e->s;
|
||
|
struct wpabuf *buf;
|
||
|
char *b;
|
||
|
|
||
|
assert(e == s->current_event);
|
||
|
assert(e->sd == sock);
|
||
|
|
||
|
buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
|
||
|
if (buf == NULL) {
|
||
|
event_retry(e, 0);
|
||
|
goto bad;
|
||
|
}
|
||
|
wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
|
||
|
wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified\r\n");
|
||
|
wpabuf_printf(buf, "HOST: %s\r\n", e->addr->domain_and_port);
|
||
|
wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n"
|
||
|
"NT: upnp:event\r\n"
|
||
|
"NTS: upnp:propchange\r\n");
|
||
|
wpabuf_put_str(buf, "SID: uuid:");
|
||
|
b = wpabuf_put(buf, 0);
|
||
|
uuid_bin2str(s->uuid, b, 80);
|
||
|
wpabuf_put(buf, os_strlen(b));
|
||
|
wpabuf_put_str(buf, "\r\n");
|
||
|
wpabuf_printf(buf, "SEQ: %u\r\n", e->subscriber_sequence);
|
||
|
wpabuf_printf(buf, "CONTENT-LENGTH: %d\r\n",
|
||
|
(int) wpabuf_len(e->data));
|
||
|
wpabuf_put_str(buf, "\r\n"); /* terminating empty line */
|
||
|
wpabuf_put_buf(buf, e->data);
|
||
|
|
||
|
/* Since the message size is pretty small, we should be
|
||
|
* able to get the operating system to buffer what we give it
|
||
|
* and not have to come back again later to write more...
|
||
|
*/
|
||
|
#if 0
|
||
|
/* we could: Turn blocking back on? */
|
||
|
fcntl(e->sd, F_SETFL, 0);
|
||
|
#endif
|
||
|
if (send_wpabuf(e->sd, buf) < 0) {
|
||
|
event_retry(e, 1);
|
||
|
goto bad;
|
||
|
}
|
||
|
wpabuf_free(buf);
|
||
|
buf = NULL;
|
||
|
|
||
|
if (e->sd_registered) {
|
||
|
e->sd_registered = 0;
|
||
|
eloop_unregister_sock(e->sd, EVENT_TYPE_WRITE);
|
||
|
}
|
||
|
/* Set up to read the reply */
|
||
|
e->hread = httpread_create(e->sd, event_got_response_handler,
|
||
|
e /* cookie */,
|
||
|
0 /* no data expected */,
|
||
|
EVENT_TIMEOUT_SEC);
|
||
|
if (e->hread == NULL) {
|
||
|
wpa_printf(MSG_ERROR, "WPS UPnP: httpread_create failed");
|
||
|
event_retry(e, 0);
|
||
|
goto bad;
|
||
|
}
|
||
|
return;
|
||
|
|
||
|
bad:
|
||
|
/* Schedule sending more if there is more to send */
|
||
|
if (s->event_queue)
|
||
|
event_send_all_later(s->sm);
|
||
|
wpabuf_free(buf);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_send_start -- prepare to send a event message to subscriber
|
||
|
*
|
||
|
* This gets complicated because:
|
||
|
* -- The message is sent via TCP and we have to keep the stream open
|
||
|
* for 30 seconds to get a response... then close it.
|
||
|
* -- But we might have other event happen in the meantime...
|
||
|
* we have to queue them, if we lose them then the subscriber will
|
||
|
* be forced to unsubscribe and subscribe again.
|
||
|
* -- If multiple URLs are provided then we are supposed to try successive
|
||
|
* ones after 30 second timeout.
|
||
|
* -- The URLs might use domain names instead of dotted decimal addresses,
|
||
|
* and resolution of those may cause unwanted sleeping.
|
||
|
* -- Doing the initial TCP connect can take a while, so we have to come
|
||
|
* back after connection and then send the data.
|
||
|
*
|
||
|
* Returns nonzero on error;
|
||
|
*
|
||
|
* Prerequisite: No current event send (s->current_event == NULL)
|
||
|
* and non-empty queue.
|
||
|
*/
|
||
|
static int event_send_start(struct subscription *s)
|
||
|
{
|
||
|
struct wps_event_ *e;
|
||
|
int itry;
|
||
|
|
||
|
/*
|
||
|
* Assume we are called ONLY with no current event and ONLY with
|
||
|
* nonempty event queue and ONLY with at least one address to send to.
|
||
|
*/
|
||
|
assert(s->addr_list != NULL);
|
||
|
assert(s->current_event == NULL);
|
||
|
assert(s->event_queue != NULL);
|
||
|
|
||
|
s->current_event = e = event_dequeue(s);
|
||
|
|
||
|
/* Use address acc. to no. of retries */
|
||
|
e->addr = s->addr_list;
|
||
|
for (itry = 0; itry < e->retry; itry++)
|
||
|
e->addr = e->addr->next;
|
||
|
|
||
|
e->sd = socket(AF_INET, SOCK_STREAM, 0);
|
||
|
if (e->sd < 0) {
|
||
|
event_retry(e, 0);
|
||
|
return -1;
|
||
|
}
|
||
|
/* set non-blocking so we don't sleep waiting for connection */
|
||
|
if (fcntl(e->sd, F_SETFL, O_NONBLOCK) != 0) {
|
||
|
event_retry(e, 0);
|
||
|
return -1;
|
||
|
}
|
||
|
/*
|
||
|
* Start the connect. It might succeed immediately but more likely will
|
||
|
* return errno EINPROGRESS.
|
||
|
*/
|
||
|
if (connect(e->sd, (struct sockaddr *) &e->addr->saddr,
|
||
|
sizeof(e->addr->saddr))) {
|
||
|
if (errno == EINPROGRESS) {
|
||
|
} else {
|
||
|
event_retry(e, 1);
|
||
|
return -1;
|
||
|
}
|
||
|
}
|
||
|
/* Call back when ready for writing (or on failure...). */
|
||
|
if (eloop_register_sock(e->sd, EVENT_TYPE_WRITE, event_send_tx_ready,
|
||
|
NULL, e)) {
|
||
|
event_retry(e, 0);
|
||
|
return -1;
|
||
|
}
|
||
|
e->sd_registered = 1;
|
||
|
/* Don't wait forever! */
|
||
|
if (eloop_register_timeout(EVENT_TIMEOUT_SEC, 0, event_timeout_handler,
|
||
|
NULL, e)) {
|
||
|
event_retry(e, 0);
|
||
|
return -1;
|
||
|
}
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_send_all_later_handler -- actually send events as needed */
|
||
|
void event_send_all_later_handler(void *eloop_data, void *user_ctx)
|
||
|
{
|
||
|
struct upnp_wps_device_sm *sm = user_ctx;
|
||
|
struct subscription *s;
|
||
|
struct subscription *s_old;
|
||
|
int nerrors = 0;
|
||
|
|
||
|
sm->event_send_all_queued = 0;
|
||
|
if ((s = sm->subscriptions) == NULL)
|
||
|
return;
|
||
|
do {
|
||
|
if (s->addr_list == NULL) {
|
||
|
/* if we've given up on all addresses */
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Removing "
|
||
|
"subscription with no addresses");
|
||
|
s_old = s;
|
||
|
s = s_old->next;
|
||
|
subscription_unlink(s_old);
|
||
|
subscription_destroy(s_old);
|
||
|
} else {
|
||
|
if (s->current_event == NULL /* not busy */ &&
|
||
|
s->event_queue != NULL /* more to do */) {
|
||
|
if (event_send_start(s))
|
||
|
nerrors++;
|
||
|
}
|
||
|
s = s->next;
|
||
|
}
|
||
|
} while (sm->subscriptions != NULL && s != sm->subscriptions);
|
||
|
|
||
|
if (nerrors) {
|
||
|
/* Try again later */
|
||
|
event_send_all_later(sm);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_send_all_later -- schedule sending events to all subscribers
|
||
|
* that need it.
|
||
|
* This avoids two problems:
|
||
|
* -- After getting a subscription, we should not send the first event
|
||
|
* until after our reply is fully queued to be sent back,
|
||
|
* -- Possible stack depth or infinite recursion issues.
|
||
|
*/
|
||
|
void event_send_all_later(struct upnp_wps_device_sm *sm)
|
||
|
{
|
||
|
/*
|
||
|
* The exact time in the future isn't too important. Waiting a bit
|
||
|
* might let us do several together.
|
||
|
*/
|
||
|
if (sm->event_send_all_queued)
|
||
|
return;
|
||
|
sm->event_send_all_queued = 1;
|
||
|
eloop_register_timeout(EVENT_DELAY_SECONDS, EVENT_DELAY_MSEC,
|
||
|
event_send_all_later_handler, NULL, sm);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* event_send_stop_all -- cleanup */
|
||
|
void event_send_stop_all(struct upnp_wps_device_sm *sm)
|
||
|
{
|
||
|
if (sm->event_send_all_queued)
|
||
|
eloop_cancel_timeout(event_send_all_later_handler, NULL, sm);
|
||
|
sm->event_send_all_queued = 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* event_add - Add a new event to a queue
|
||
|
* @s: Subscription
|
||
|
* @data: Event data (is copied; caller retains ownership)
|
||
|
* Returns: 0 on success, 1 on error
|
||
|
*/
|
||
|
int event_add(struct subscription *s, const struct wpabuf *data)
|
||
|
{
|
||
|
struct wps_event_ *e;
|
||
|
|
||
|
if (s->n_queue >= MAX_EVENTS_QUEUED) {
|
||
|
wpa_printf(MSG_DEBUG, "WPS UPnP: Too many events queued for "
|
||
|
"subscriber");
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
e = os_zalloc(sizeof(*e));
|
||
|
if (e == NULL)
|
||
|
return 1;
|
||
|
e->s = s;
|
||
|
e->sd = -1;
|
||
|
e->data = wpabuf_dup(data);
|
||
|
if (e->data == NULL) {
|
||
|
os_free(e);
|
||
|
return 1;
|
||
|
}
|
||
|
e->subscriber_sequence = s->next_subscriber_sequence++;
|
||
|
if (s->next_subscriber_sequence == 0)
|
||
|
s->next_subscriber_sequence++;
|
||
|
event_enqueue_at_end(s, e);
|
||
|
event_send_all_later(s->sm);
|
||
|
return 0;
|
||
|
}
|