Greenbone Security Assistant
Macros | Functions
gsad_http.c File Reference

HTTP handling. More...

#include "gsad_http.h"
#include "gsad_base.h"
#include "gsad_i18n.h"
#include "gsad_settings.h"
#include "utils.h"
#include <assert.h>
#include <gvm/base/networking.h>
#include <gvm/util/xmlutils.h>
#include <locale.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>

Macros

#define G_LOG_DOMAIN   "gsad http"
 GLib log domain. More...
 

Functions

content_type_t guess_content_type (const gchar *path)
 Guess a content type from a file extension. More...
 
void gsad_add_content_type_header (http_response_t *response, content_type_t *ct)
 Adds content-type header fields to a response. More...
 
int send_redirect_to_uri (http_connection_t *connection, const char *uri, const gchar *sid)
 Sends a HTTP redirection to an uri. More...
 
int send_response (http_connection_t *connection, const char *content, int status_code, const gchar *sid, content_type_t content_type, const char *content_disposition, size_t content_length)
 Sends a HTTP response. More...
 
int handler_send_response (http_connection_t *connection, http_response_t *response, cmd_response_data_t *response_data, const gchar *sid)
 Send response for handle_request. More...
 
int handler_create_response (http_connection_t *connection, gchar *data, cmd_response_data_t *response_data, const gchar *sid)
 Create and send a response. More...
 
http_response_tcreate_not_found_response (cmd_response_data_t *response_data)
 Create a default 404 (not found) http response. More...
 
int handler_send_reauthentication (http_connection_t *connection, int http_status_code, authentication_reason_t reason)
 Allow for reauthentication of a user. More...
 
int remove_sid (http_response_t *response)
 Attach expired SID cookie to response. More...
 
int attach_sid (http_response_t *response, const char *sid)
 Attach SID cookie to a response, resetting "expire" arg. More...
 
int attach_remove_sid (http_response_t *response, const gchar *sid)
 
static int file_reader (void *cls, uint64_t pos, char *buf, int max)
 Reads from a file. More...
 
http_response_tfile_content_response (http_connection_t *connection, const char *url, const char *path, cmd_response_data_t *response_data)
 Create a response to serve a file from a path. More...
 
static int append_param (void *string, enum MHD_ValueKind kind, const char *key, const char *value)
 Append a request param to a string. More...
 
gchar * reconstruct_url (http_connection_t *connection, const char *url)
 Reconstruct the URL for a connection. More...
 
void add_security_headers (http_response_t *response)
 Add security headers to a MHD response. More...
 
void add_guest_chart_content_security_headers (http_response_t *response)
 Add guest chart content security headers to a MHD response. More...
 
void add_cors_headers (http_response_t *response)
 
void add_forbid_caching_headers (http_response_t *response)
 Add header to forbid caching to a HTTP response. More...
 
int get_client_address (http_connection_t *conn, char *client_address)
 Get the client's address. More...
 
int serve_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, const char *filename, const char *content_type, const char *transfer_encoding, const char *data, uint64_t off, size_t size)
 Serves part of a POST request. More...
 
char * gsad_message (credentials_t *credentials, const char *title, const char *function, int line, const char *msg, cmd_response_data_t *response_data)
 Handles fatal errors. More...
 

Detailed Description

HTTP handling.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "gsad http"

GLib log domain.

Function Documentation

◆ add_cors_headers()

void add_cors_headers ( http_response_t response)

◆ add_forbid_caching_headers()

void add_forbid_caching_headers ( http_response_t response)

Add header to forbid caching to a HTTP response.

Parameters
[in]responseThe HTTP response to add the headers to.
[in]allow_caching1 to allow caching, 0 to forbid.

◆ add_guest_chart_content_security_headers()

void add_guest_chart_content_security_headers ( http_response_t response)

Add guest chart content security headers to a MHD response.

◆ add_security_headers()

void add_security_headers ( http_response_t response)

Add security headers to a MHD response.

◆ append_param()

static int append_param ( void *  string,
enum MHD_ValueKind  kind,
const char *  key,
const char *  value 
)
static

Append a request param to a string.

Parameters
[in]stringString.
[in]kindKind of request data.
[in]keyKey.
[in]valueValue.
Returns
MHD_YES.

◆ attach_remove_sid()

int attach_remove_sid ( http_response_t response,
const gchar *  sid 
)

Attach or remove session id

If sid is "0" the session id will be removed. Otherwise if the sid is not NULL the sid will be attached to the response.

Parameters
[in]responseHTTP response
[in]sidSession ID
Returns
MHD_YES on success, MHD_NO on failure

◆ attach_sid()

int attach_sid ( http_response_t response,
const char *  sid 
)

Attach SID cookie to a response, resetting "expire" arg.

Parameters
[in]responseResponse.
[in]sidSession ID.
Returns
MHD_NO in case of problems. MHD_YES if all is OK.

◆ create_not_found_response()

http_response_t* create_not_found_response ( cmd_response_data_t response_data)

Create a default 404 (not found) http response.

Parameters
[out]response_dataResponse data to return
Returns
A http response

◆ file_content_response()

http_response_t* file_content_response ( http_connection_t connection,
const char *  url,
const char *  path,
cmd_response_data_t response_data 
)

Create a response to serve a file from a path.

Parameters
[in]connectionConnection.
[in]urlRequested URL.
[in]pathPath to file.
[out]response_dataReturn response data
Returns
Response to send in combination with the response code. NULL only if file information could not be retrieved.

◆ file_reader()

static int file_reader ( void *  cls,
uint64_t  pos,
char *  buf,
int  max 
)
static

Reads from a file.

Parameters
[in]clsFile.
[in]posPosition in file to start reading.
[out]bufBuffer to read into.
[in]maxMaximum number of bytes to read.
Returns
The number of bytes read.

◆ get_client_address()

int get_client_address ( http_connection_t conn,
char *  client_address 
)

Get the client's address.

Parameters
[in]connConnection.
[out]client_addressBuffer to store client address. Must have at least INET6_ADDRSTRLEN bytes.
Returns
0 success, 1 invalid UTF-8 in X-Real-IP header

◆ gsad_add_content_type_header()

void gsad_add_content_type_header ( http_response_t response,
content_type_t ct 
)

Adds content-type header fields to a response.

This function should be called only once per response and is the only function where values of enum content_types are translated into strings.

Parameters
[in,out]responseResponse to add header to.
[in]ctContent Type to set.

◆ gsad_message()

char* gsad_message ( credentials_t credentials,
const char *  title,
const char *  function,
int  line,
const char *  msg,
cmd_response_data_t response_data 
)

Handles fatal errors.

Todo:
Make it accept formatted strings.
Parameters
[in]credentialsUser authentication information.
[in]titleThe title for the message.
[in]functionThe function in which the error occurred.
[in]lineThe line number at which the error occurred.
[in]msgThe response message.
[out]response_dataExtra data return for the HTTP response.
Returns
An XML document as a newly allocated string.

◆ guess_content_type()

content_type_t guess_content_type ( const gchar *  path)

Guess a content type from a file extension.

Parameters
[in]pathfilename with extension
Returns
a content_type_t for the file

◆ handler_create_response()

int handler_create_response ( http_connection_t connection,
gchar *  data,
cmd_response_data_t response_data,
const gchar *  sid 
)

Create and send a response.

The passed response data will be freed and can't be used afterwards

Parameters
[in]connectionConnection handle, e.g. used to send response.
[in]dataData to send in response
[in]response_dataResponse data struct. Response data will be freed.
[in]sidSession ID, or NULL. "0" to remove session.
Returns
MHD_YES on success, else MHD_NO.

◆ handler_send_reauthentication()

int handler_send_reauthentication ( http_connection_t connection,
int  http_status_code,
authentication_reason_t  reason 
)

Allow for reauthentication of a user.

Parameters
[in]connectionConnection handle, e.g. used to send response.
[in]http_status_codeHTTP status code for the response.
[in]reasonReason for re-authentication
Returns
MHD_YES on success. MHD_NO on errors.

◆ handler_send_response()

int handler_send_response ( http_connection_t connection,
http_response_t response,
cmd_response_data_t response_data,
const gchar *  sid 
)

Send response for handle_request.

The passed response data will be freed and can't be used afterwards

Parameters
[in]connectionConnection handle, e.g. used to send response.
[in]responseResponse.
[in]response_dataResponse data struct. Response data will be freed.
[in]sidSession ID, or NULL. "0" to remove session.
Returns
MHD_YES on success, else MHD_NO.

◆ reconstruct_url()

gchar* reconstruct_url ( http_connection_t connection,
const char *  url 
)

Reconstruct the URL for a connection.

Parameters
[in]connectionConnection.
[in]urlBase part of URL.
Returns
URL.

◆ remove_sid()

int remove_sid ( http_response_t response)

Attach expired SID cookie to response.

Parameters
[in]responseResponse.
Returns
MHD_NO in case of problems. MHD_YES if all is OK.

◆ send_redirect_to_uri()

int send_redirect_to_uri ( http_connection_t connection,
const char *  uri,
const gchar *  sid 
)

Sends a HTTP redirection to an uri.

Parameters
[in]connectionThe connection handle.
[in]uriThe full URI to redirect to.
[in]sidSession ID to add, or NULL.
Returns
MHD_NO in case of a problem. Else MHD_YES.

◆ send_response()

int send_response ( http_connection_t connection,
const char *  content,
int  status_code,
const gchar *  sid,
content_type_t  content_type,
const char *  content_disposition,
size_t  content_length 
)

Sends a HTTP response.

Parameters
[in]connectionThe connection handle.
[in]contentThe content.
[in]status_codeThe HTTP status code.
[in]sidSession ID, or NULL.
[in]content_typeThe content type.
[in]content_dispositionThe content disposition or NULL.
[in]content_lengthContent length, 0 for strlen (content).
Returns
MHD_YES on success, MHD_NO on error.

◆ serve_post()

int serve_post ( void *  coninfo_cls,
enum MHD_ValueKind  kind,
const char *  key,
const char *  filename,
const char *  content_type,
const char *  transfer_encoding,
const char *  data,
uint64_t  off,
size_t  size 
)

Serves part of a POST request.

Implements an MHD_PostDataIterator.

Called one or more times to collect the multiple parts (key/value pairs) of a POST request. Fills the params of a gsad_connection_info.

After serve_post, the connection info is free'd.

Parameters
[in,out]coninfo_clsConnection info (a gsad_connection_info).
[in]kindType of request data (header, cookie, etc.).
[in]keyName of data (name of request variable).
[in]filenameName of uploaded file if any, else NULL.
[in]content_typeMIME type of data if known, else NULL.
[in]transfer_encodingTransfer encoding if known, else NULL.
[in]dataData.
[in]offOffset into entire data.
[in]sizeSize of data, in bytes.
Returns
MHD_YES to continue iterating over post data, MHD_NO to stop.