1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6 // HttpLog.h should generally be included first
7 #include "HttpLog.h"
8
9 #include "nsHttpAuthCache.h"
10
11 #include <algorithm>
12 #include <stdlib.h>
13
14 #include "mozilla/Attributes.h"
15 #include "nsString.h"
16 #include "nsCRT.h"
17 #include "nsIObserverService.h"
18 #include "mozilla/Services.h"
19 #include "mozilla/DebugOnly.h"
20 #include "nsNetUtil.h"
21
22 namespace mozilla {
23 namespace net {
24
GetAuthKey(const char * scheme,const char * host,int32_t port,nsACString const & originSuffix,nsCString & key)25 static inline void GetAuthKey(const char* scheme, const char* host,
26 int32_t port, nsACString const& originSuffix,
27 nsCString& key) {
28 key.Truncate();
29 key.Append(originSuffix);
30 key.Append(':');
31 key.Append(scheme);
32 key.AppendLiteral("://");
33 key.Append(host);
34 key.Append(':');
35 key.AppendInt(port);
36 }
37
38 // return true if the two strings are equal or both empty. an empty string
39 // is either null or zero length.
StrEquivalent(const char16_t * a,const char16_t * b)40 static bool StrEquivalent(const char16_t* a, const char16_t* b) {
41 static const char16_t emptyStr[] = {0};
42
43 if (!a) a = emptyStr;
44 if (!b) b = emptyStr;
45
46 return nsCRT::strcmp(a, b) == 0;
47 }
48
49 //-----------------------------------------------------------------------------
50 // nsHttpAuthCache <public>
51 //-----------------------------------------------------------------------------
52
nsHttpAuthCache()53 nsHttpAuthCache::nsHttpAuthCache()
54 : mDB(128), mObserver(new OriginClearObserver(this)) {
55 LOG(("nsHttpAuthCache::nsHttpAuthCache %p", this));
56
57 nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
58 if (obsSvc) {
59 obsSvc->AddObserver(mObserver, "clear-origin-attributes-data", false);
60 }
61 }
62
~nsHttpAuthCache()63 nsHttpAuthCache::~nsHttpAuthCache() {
64 LOG(("nsHttpAuthCache::~nsHttpAuthCache %p", this));
65
66 ClearAll();
67 nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
68 if (obsSvc) {
69 obsSvc->RemoveObserver(mObserver, "clear-origin-attributes-data");
70 mObserver->mOwner = nullptr;
71 }
72 }
73
GetAuthEntryForPath(const char * scheme,const char * host,int32_t port,const char * path,nsACString const & originSuffix,nsHttpAuthEntry ** entry)74 nsresult nsHttpAuthCache::GetAuthEntryForPath(const char* scheme,
75 const char* host, int32_t port,
76 const char* path,
77 nsACString const& originSuffix,
78 nsHttpAuthEntry** entry) {
79 LOG(("nsHttpAuthCache::GetAuthEntryForPath %p [path=%s]\n", this, path));
80
81 nsAutoCString key;
82 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
83 if (!node) return NS_ERROR_NOT_AVAILABLE;
84
85 *entry = node->LookupEntryByPath(path);
86 LOG((" returning %p", *entry));
87 return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
88 }
89
GetAuthEntryForDomain(const char * scheme,const char * host,int32_t port,const char * realm,nsACString const & originSuffix,nsHttpAuthEntry ** entry)90 nsresult nsHttpAuthCache::GetAuthEntryForDomain(const char* scheme,
91 const char* host, int32_t port,
92 const char* realm,
93 nsACString const& originSuffix,
94 nsHttpAuthEntry** entry)
95
96 {
97 LOG(("nsHttpAuthCache::GetAuthEntryForDomain %p [realm=%s]\n", this, realm));
98
99 nsAutoCString key;
100 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
101 if (!node) return NS_ERROR_NOT_AVAILABLE;
102
103 *entry = node->LookupEntryByRealm(realm);
104 LOG((" returning %p", *entry));
105 return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
106 }
107
SetAuthEntry(const char * scheme,const char * host,int32_t port,const char * path,const char * realm,const char * creds,const char * challenge,nsACString const & originSuffix,const nsHttpAuthIdentity * ident,nsISupports * metadata)108 nsresult nsHttpAuthCache::SetAuthEntry(const char* scheme, const char* host,
109 int32_t port, const char* path,
110 const char* realm, const char* creds,
111 const char* challenge,
112 nsACString const& originSuffix,
113 const nsHttpAuthIdentity* ident,
114 nsISupports* metadata) {
115 nsresult rv;
116
117 LOG(("nsHttpAuthCache::SetAuthEntry %p [realm=%s path=%s metadata=%p]\n",
118 this, realm, path, metadata));
119
120 nsAutoCString key;
121 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
122
123 if (!node) {
124 // create a new entry node and set the given entry
125 node = new nsHttpAuthNode();
126 LOG((" new nsHttpAuthNode %p for key='%s'", node, key.get()));
127 rv = node->SetAuthEntry(path, realm, creds, challenge, ident, metadata);
128 if (NS_FAILED(rv))
129 delete node;
130 else
131 mDB.Put(key, node);
132 return rv;
133 }
134
135 return node->SetAuthEntry(path, realm, creds, challenge, ident, metadata);
136 }
137
ClearAuthEntry(const char * scheme,const char * host,int32_t port,const char * realm,nsACString const & originSuffix)138 void nsHttpAuthCache::ClearAuthEntry(const char* scheme, const char* host,
139 int32_t port, const char* realm,
140 nsACString const& originSuffix) {
141 nsAutoCString key;
142 GetAuthKey(scheme, host, port, originSuffix, key);
143 LOG(("nsHttpAuthCache::ClearAuthEntry %p key='%s'\n", this, key.get()));
144 mDB.Remove(key);
145 }
146
ClearAll()147 void nsHttpAuthCache::ClearAll() {
148 LOG(("nsHttpAuthCache::ClearAll %p\n", this));
149 mDB.Clear();
150 }
151
152 //-----------------------------------------------------------------------------
153 // nsHttpAuthCache <private>
154 //-----------------------------------------------------------------------------
155
LookupAuthNode(const char * scheme,const char * host,int32_t port,nsACString const & originSuffix,nsCString & key)156 nsHttpAuthNode* nsHttpAuthCache::LookupAuthNode(const char* scheme,
157 const char* host, int32_t port,
158 nsACString const& originSuffix,
159 nsCString& key) {
160 GetAuthKey(scheme, host, port, originSuffix, key);
161 nsHttpAuthNode* result = mDB.Get(key);
162
163 LOG(("nsHttpAuthCache::LookupAuthNode %p key='%s' found node=%p", this,
164 key.get(), result));
165 return result;
166 }
167
NS_IMPL_ISUPPORTS(nsHttpAuthCache::OriginClearObserver,nsIObserver)168 NS_IMPL_ISUPPORTS(nsHttpAuthCache::OriginClearObserver, nsIObserver)
169
170 NS_IMETHODIMP
171 nsHttpAuthCache::OriginClearObserver::Observe(nsISupports* subject,
172 const char* topic,
173 const char16_t* data_unicode) {
174 NS_ENSURE_TRUE(mOwner, NS_ERROR_NOT_AVAILABLE);
175
176 OriginAttributesPattern pattern;
177 if (!pattern.Init(nsDependentString(data_unicode))) {
178 NS_ERROR("Cannot parse origin attributes pattern");
179 return NS_ERROR_FAILURE;
180 }
181
182 mOwner->ClearOriginData(pattern);
183 return NS_OK;
184 }
185
ClearOriginData(OriginAttributesPattern const & pattern)186 void nsHttpAuthCache::ClearOriginData(OriginAttributesPattern const& pattern) {
187 LOG(("nsHttpAuthCache::ClearOriginData %p", this));
188
189 for (auto iter = mDB.Iter(); !iter.Done(); iter.Next()) {
190 const nsACString& key = iter.Key();
191
192 // Extract the origin attributes suffix from the key.
193 int32_t colon = key.FindChar(':');
194 MOZ_ASSERT(colon != kNotFound);
195 nsDependentCSubstring oaSuffix = StringHead(key, colon);
196
197 // Build the OriginAttributes object of it...
198 OriginAttributes oa;
199 DebugOnly<bool> rv = oa.PopulateFromSuffix(oaSuffix);
200 MOZ_ASSERT(rv);
201
202 // ...and match it against the given pattern.
203 if (pattern.Matches(oa)) {
204 iter.Remove();
205 }
206 }
207 }
208
209 //-----------------------------------------------------------------------------
210 // nsHttpAuthIdentity
211 //-----------------------------------------------------------------------------
212
Set(const char16_t * domain,const char16_t * user,const char16_t * pass)213 nsresult nsHttpAuthIdentity::Set(const char16_t* domain, const char16_t* user,
214 const char16_t* pass) {
215 char16_t *newUser, *newPass, *newDomain;
216
217 int domainLen = domain ? NS_strlen(domain) : 0;
218 int userLen = user ? NS_strlen(user) : 0;
219 int passLen = pass ? NS_strlen(pass) : 0;
220
221 int len = userLen + 1 + passLen + 1 + domainLen + 1;
222 newUser = (char16_t*)malloc(len * sizeof(char16_t));
223 if (!newUser) return NS_ERROR_OUT_OF_MEMORY;
224
225 if (user) memcpy(newUser, user, userLen * sizeof(char16_t));
226 newUser[userLen] = 0;
227
228 newPass = &newUser[userLen + 1];
229 if (pass) memcpy(newPass, pass, passLen * sizeof(char16_t));
230 newPass[passLen] = 0;
231
232 newDomain = &newPass[passLen + 1];
233 if (domain) memcpy(newDomain, domain, domainLen * sizeof(char16_t));
234 newDomain[domainLen] = 0;
235
236 // wait until the end to clear member vars in case input params
237 // reference our members!
238 if (mUser) free(mUser);
239 mUser = newUser;
240 mPass = newPass;
241 mDomain = newDomain;
242 return NS_OK;
243 }
244
Clear()245 void nsHttpAuthIdentity::Clear() {
246 if (mUser) {
247 free(mUser);
248 mUser = nullptr;
249 mPass = nullptr;
250 mDomain = nullptr;
251 }
252 }
253
Equals(const nsHttpAuthIdentity & ident) const254 bool nsHttpAuthIdentity::Equals(const nsHttpAuthIdentity& ident) const {
255 // we could probably optimize this with a single loop, but why bother?
256 return StrEquivalent(mUser, ident.mUser) &&
257 StrEquivalent(mPass, ident.mPass) &&
258 StrEquivalent(mDomain, ident.mDomain);
259 }
260
261 //-----------------------------------------------------------------------------
262 // nsHttpAuthEntry
263 //-----------------------------------------------------------------------------
264
~nsHttpAuthEntry()265 nsHttpAuthEntry::~nsHttpAuthEntry() {
266 if (mRealm) free(mRealm);
267
268 while (mRoot) {
269 nsHttpAuthPath* ap = mRoot;
270 mRoot = mRoot->mNext;
271 free(ap);
272 }
273 }
274
AddPath(const char * aPath)275 nsresult nsHttpAuthEntry::AddPath(const char* aPath) {
276 // null path matches empty path
277 if (!aPath) aPath = "";
278
279 nsHttpAuthPath* tempPtr = mRoot;
280 while (tempPtr) {
281 const char* curpath = tempPtr->mPath;
282 if (strncmp(aPath, curpath, strlen(curpath)) == 0)
283 return NS_OK; // subpath already exists in the list
284
285 tempPtr = tempPtr->mNext;
286 }
287
288 // Append the aPath
289 nsHttpAuthPath* newAuthPath;
290 int newpathLen = strlen(aPath);
291 newAuthPath = (nsHttpAuthPath*)malloc(sizeof(nsHttpAuthPath) + newpathLen);
292 if (!newAuthPath) return NS_ERROR_OUT_OF_MEMORY;
293
294 memcpy(newAuthPath->mPath, aPath, newpathLen + 1);
295 newAuthPath->mNext = nullptr;
296
297 if (!mRoot)
298 mRoot = newAuthPath; // first entry
299 else
300 mTail->mNext = newAuthPath; // Append newAuthPath
301
302 // update the tail pointer.
303 mTail = newAuthPath;
304 return NS_OK;
305 }
306
Set(const char * path,const char * realm,const char * creds,const char * chall,const nsHttpAuthIdentity * ident,nsISupports * metadata)307 nsresult nsHttpAuthEntry::Set(const char* path, const char* realm,
308 const char* creds, const char* chall,
309 const nsHttpAuthIdentity* ident,
310 nsISupports* metadata) {
311 char *newRealm, *newCreds, *newChall;
312
313 int realmLen = realm ? strlen(realm) : 0;
314 int credsLen = creds ? strlen(creds) : 0;
315 int challLen = chall ? strlen(chall) : 0;
316
317 int len = realmLen + 1 + credsLen + 1 + challLen + 1;
318 newRealm = (char*)malloc(len);
319 if (!newRealm) return NS_ERROR_OUT_OF_MEMORY;
320
321 if (realm) memcpy(newRealm, realm, realmLen);
322 newRealm[realmLen] = 0;
323
324 newCreds = &newRealm[realmLen + 1];
325 if (creds) memcpy(newCreds, creds, credsLen);
326 newCreds[credsLen] = 0;
327
328 newChall = &newCreds[credsLen + 1];
329 if (chall) memcpy(newChall, chall, challLen);
330 newChall[challLen] = 0;
331
332 nsresult rv = NS_OK;
333 if (ident) {
334 rv = mIdent.Set(*ident);
335 } else if (mIdent.IsEmpty()) {
336 // If we are not given an identity and our cached identity has not been
337 // initialized yet (so is currently empty), initialize it now by
338 // filling it with nulls. We need to do that because consumers expect
339 // that mIdent is initialized after this function returns.
340 rv = mIdent.Set(nullptr, nullptr, nullptr);
341 }
342 if (NS_FAILED(rv)) {
343 free(newRealm);
344 return rv;
345 }
346
347 rv = AddPath(path);
348 if (NS_FAILED(rv)) {
349 free(newRealm);
350 return rv;
351 }
352
353 // wait until the end to clear member vars in case input params
354 // reference our members!
355 if (mRealm) free(mRealm);
356
357 mRealm = newRealm;
358 mCreds = newCreds;
359 mChallenge = newChall;
360 mMetaData = metadata;
361
362 return NS_OK;
363 }
364
365 //-----------------------------------------------------------------------------
366 // nsHttpAuthNode
367 //-----------------------------------------------------------------------------
368
nsHttpAuthNode()369 nsHttpAuthNode::nsHttpAuthNode() {
370 LOG(("Creating nsHttpAuthNode @%p\n", this));
371 }
372
~nsHttpAuthNode()373 nsHttpAuthNode::~nsHttpAuthNode() {
374 LOG(("Destroying nsHttpAuthNode @%p\n", this));
375
376 mList.Clear();
377 }
378
LookupEntryByPath(const char * path)379 nsHttpAuthEntry* nsHttpAuthNode::LookupEntryByPath(const char* path) {
380 // null path matches empty path
381 if (!path) path = "";
382
383 // look for an entry that either matches or contains this directory.
384 // ie. we'll give out credentials if the given directory is a sub-
385 // directory of an existing entry.
386 for (uint32_t i = 0; i < mList.Length(); ++i) {
387 const auto& entry = mList[i];
388 nsHttpAuthPath* authPath = entry->RootPath();
389 while (authPath) {
390 const char* entryPath = authPath->mPath;
391 // proxy auth entries have no path, so require exact match on
392 // empty path string.
393 if (entryPath[0] == '\0') {
394 if (path[0] == '\0') {
395 return entry.get();
396 }
397 } else if (strncmp(path, entryPath, strlen(entryPath)) == 0) {
398 return entry.get();
399 }
400
401 authPath = authPath->mNext;
402 }
403 }
404 return nullptr;
405 }
406
LookupEntryItrByRealm(const char * realm) const407 nsHttpAuthNode::EntryList::const_iterator nsHttpAuthNode::LookupEntryItrByRealm(
408 const char* realm) const {
409 // null realm matches empty realm
410 if (!realm) realm = "";
411
412 return std::find_if(mList.cbegin(), mList.cend(), [&realm](const auto& val) {
413 return strcmp(realm, val->Realm()) == 0;
414 });
415 }
416
LookupEntryByRealm(const char * realm)417 nsHttpAuthEntry* nsHttpAuthNode::LookupEntryByRealm(const char* realm) {
418 auto itr = LookupEntryItrByRealm(realm);
419 if (itr != mList.cend()) {
420 return itr->get();
421 }
422
423 return nullptr;
424 }
425
SetAuthEntry(const char * path,const char * realm,const char * creds,const char * challenge,const nsHttpAuthIdentity * ident,nsISupports * metadata)426 nsresult nsHttpAuthNode::SetAuthEntry(const char* path, const char* realm,
427 const char* creds, const char* challenge,
428 const nsHttpAuthIdentity* ident,
429 nsISupports* metadata) {
430 // look for an entry with a matching realm
431 nsHttpAuthEntry* entry = LookupEntryByRealm(realm);
432 if (!entry) {
433 // We want the latest identity be at the begining of the list so that
434 // the newest working credentials are sent first on new requests.
435 // Changing a realm is sometimes used to "timeout" authrozization.
436 mList.InsertElementAt(
437 0, WrapUnique(new nsHttpAuthEntry(path, realm, creds, challenge, ident,
438 metadata)));
439 } else {
440 // update the entry...
441 nsresult rv = entry->Set(path, realm, creds, challenge, ident, metadata);
442 NS_ENSURE_SUCCESS(rv, rv);
443 }
444
445 return NS_OK;
446 }
447
ClearAuthEntry(const char * realm)448 void nsHttpAuthNode::ClearAuthEntry(const char* realm) {
449 auto idx = LookupEntryItrByRealm(realm);
450 if (idx != mList.cend()) {
451 mList.RemoveElementAt(idx);
452 }
453 }
454
455 } // namespace net
456 } // namespace mozilla
457