1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6 // HttpLog.h should generally be included first
7 #include "HttpLog.h"
8
9 #include "nsHttpAuthCache.h"
10
11 #include <algorithm>
12 #include <stdlib.h>
13
14 #include "mozilla/Attributes.h"
15 #include "nsString.h"
16 #include "nsCRT.h"
17 #include "nsIObserverService.h"
18 #include "mozilla/Services.h"
19 #include "mozilla/DebugOnly.h"
20 #include "nsNetUtil.h"
21
22 namespace mozilla {
23 namespace net {
24
GetAuthKey(const char * scheme,const char * host,int32_t port,nsACString const & originSuffix,nsCString & key)25 static inline void GetAuthKey(const char* scheme, const char* host,
26 int32_t port, nsACString const& originSuffix,
27 nsCString& key) {
28 key.Truncate();
29 key.Append(originSuffix);
30 key.Append(':');
31 key.Append(scheme);
32 key.AppendLiteral("://");
33 key.Append(host);
34 key.Append(':');
35 key.AppendInt(port);
36 }
37
38 // return true if the two strings are equal or both empty. an empty string
39 // is either null or zero length.
StrEquivalent(const char16_t * a,const char16_t * b)40 static bool StrEquivalent(const char16_t* a, const char16_t* b) {
41 static const char16_t emptyStr[] = {0};
42
43 if (!a) a = emptyStr;
44 if (!b) b = emptyStr;
45
46 return nsCRT::strcmp(a, b) == 0;
47 }
48
49 //-----------------------------------------------------------------------------
50 // nsHttpAuthCache <public>
51 //-----------------------------------------------------------------------------
52
nsHttpAuthCache()53 nsHttpAuthCache::nsHttpAuthCache()
54 : mDB(128), mObserver(new OriginClearObserver(this)) {
55 LOG(("nsHttpAuthCache::nsHttpAuthCache %p", this));
56
57 nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
58 if (obsSvc) {
59 obsSvc->AddObserver(mObserver, "clear-origin-attributes-data", false);
60 }
61 }
62
~nsHttpAuthCache()63 nsHttpAuthCache::~nsHttpAuthCache() {
64 LOG(("nsHttpAuthCache::~nsHttpAuthCache %p", this));
65
66 ClearAll();
67 nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
68 if (obsSvc) {
69 obsSvc->RemoveObserver(mObserver, "clear-origin-attributes-data");
70 mObserver->mOwner = nullptr;
71 }
72 }
73
GetAuthEntryForPath(const char * scheme,const char * host,int32_t port,const char * path,nsACString const & originSuffix,nsHttpAuthEntry ** entry)74 nsresult nsHttpAuthCache::GetAuthEntryForPath(const char* scheme,
75 const char* host, int32_t port,
76 const char* path,
77 nsACString const& originSuffix,
78 nsHttpAuthEntry** entry) {
79 LOG(("nsHttpAuthCache::GetAuthEntryForPath %p [path=%s]\n", this, path));
80
81 nsAutoCString key;
82 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
83 if (!node) return NS_ERROR_NOT_AVAILABLE;
84
85 *entry = node->LookupEntryByPath(path);
86 LOG((" returning %p", *entry));
87 return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
88 }
89
GetAuthEntryForDomain(const char * scheme,const char * host,int32_t port,const char * realm,nsACString const & originSuffix,nsHttpAuthEntry ** entry)90 nsresult nsHttpAuthCache::GetAuthEntryForDomain(const char* scheme,
91 const char* host, int32_t port,
92 const char* realm,
93 nsACString const& originSuffix,
94 nsHttpAuthEntry** entry)
95
96 {
97 LOG(("nsHttpAuthCache::GetAuthEntryForDomain %p [realm=%s]\n", this, realm));
98
99 nsAutoCString key;
100 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
101 if (!node) return NS_ERROR_NOT_AVAILABLE;
102
103 *entry = node->LookupEntryByRealm(realm);
104 LOG((" returning %p", *entry));
105 return *entry ? NS_OK : NS_ERROR_NOT_AVAILABLE;
106 }
107
SetAuthEntry(const char * scheme,const char * host,int32_t port,const char * path,const char * realm,const char * creds,const char * challenge,nsACString const & originSuffix,const nsHttpAuthIdentity * ident,nsISupports * metadata)108 nsresult nsHttpAuthCache::SetAuthEntry(const char* scheme, const char* host,
109 int32_t port, const char* path,
110 const char* realm, const char* creds,
111 const char* challenge,
112 nsACString const& originSuffix,
113 const nsHttpAuthIdentity* ident,
114 nsISupports* metadata) {
115 nsresult rv;
116
117 LOG(("nsHttpAuthCache::SetAuthEntry %p [realm=%s path=%s metadata=%p]\n",
118 this, realm, path, metadata));
119
120 nsAutoCString key;
121 nsHttpAuthNode* node = LookupAuthNode(scheme, host, port, originSuffix, key);
122
123 if (!node) {
124 // create a new entry node and set the given entry
125 auto node = UniquePtr<nsHttpAuthNode>(new nsHttpAuthNode);
126 LOG((" new nsHttpAuthNode %p for key='%s'", node.get(), key.get()));
127 rv = node->SetAuthEntry(path, realm, creds, challenge, ident, metadata);
128 if (NS_FAILED(rv)) {
129 return rv;
130 }
131
132 mDB.InsertOrUpdate(key, std::move(node));
133 return NS_OK;
134 }
135
136 return node->SetAuthEntry(path, realm, creds, challenge, ident, metadata);
137 }
138
ClearAuthEntry(const char * scheme,const char * host,int32_t port,const char * realm,nsACString const & originSuffix)139 void nsHttpAuthCache::ClearAuthEntry(const char* scheme, const char* host,
140 int32_t port, const char* realm,
141 nsACString const& originSuffix) {
142 nsAutoCString key;
143 GetAuthKey(scheme, host, port, originSuffix, key);
144 LOG(("nsHttpAuthCache::ClearAuthEntry %p key='%s'\n", this, key.get()));
145 mDB.Remove(key);
146 }
147
ClearAll()148 void nsHttpAuthCache::ClearAll() {
149 LOG(("nsHttpAuthCache::ClearAll %p\n", this));
150 mDB.Clear();
151 }
152
153 //-----------------------------------------------------------------------------
154 // nsHttpAuthCache <private>
155 //-----------------------------------------------------------------------------
156
LookupAuthNode(const char * scheme,const char * host,int32_t port,nsACString const & originSuffix,nsCString & key)157 nsHttpAuthNode* nsHttpAuthCache::LookupAuthNode(const char* scheme,
158 const char* host, int32_t port,
159 nsACString const& originSuffix,
160 nsCString& key) {
161 GetAuthKey(scheme, host, port, originSuffix, key);
162 nsHttpAuthNode* result = mDB.Get(key);
163
164 LOG(("nsHttpAuthCache::LookupAuthNode %p key='%s' found node=%p", this,
165 key.get(), result));
166 return result;
167 }
168
NS_IMPL_ISUPPORTS(nsHttpAuthCache::OriginClearObserver,nsIObserver)169 NS_IMPL_ISUPPORTS(nsHttpAuthCache::OriginClearObserver, nsIObserver)
170
171 NS_IMETHODIMP
172 nsHttpAuthCache::OriginClearObserver::Observe(nsISupports* subject,
173 const char* topic,
174 const char16_t* data_unicode) {
175 NS_ENSURE_TRUE(mOwner, NS_ERROR_NOT_AVAILABLE);
176
177 OriginAttributesPattern pattern;
178 if (!pattern.Init(nsDependentString(data_unicode))) {
179 NS_ERROR("Cannot parse origin attributes pattern");
180 return NS_ERROR_FAILURE;
181 }
182
183 mOwner->ClearOriginData(pattern);
184 return NS_OK;
185 }
186
ClearOriginData(OriginAttributesPattern const & pattern)187 void nsHttpAuthCache::ClearOriginData(OriginAttributesPattern const& pattern) {
188 LOG(("nsHttpAuthCache::ClearOriginData %p", this));
189
190 for (auto iter = mDB.Iter(); !iter.Done(); iter.Next()) {
191 const nsACString& key = iter.Key();
192
193 // Extract the origin attributes suffix from the key.
194 int32_t colon = key.FindChar(':');
195 MOZ_ASSERT(colon != kNotFound);
196 nsDependentCSubstring oaSuffix = StringHead(key, colon);
197
198 // Build the OriginAttributes object of it...
199 OriginAttributes oa;
200 DebugOnly<bool> rv = oa.PopulateFromSuffix(oaSuffix);
201 MOZ_ASSERT(rv);
202
203 // ...and match it against the given pattern.
204 if (pattern.Matches(oa)) {
205 iter.Remove();
206 }
207 }
208 }
209
CollectKeys(nsTArray<nsCString> & aValue)210 void nsHttpAuthCache::CollectKeys(nsTArray<nsCString>& aValue) {
211 AppendToArray(aValue, mDB.Keys());
212 }
213
214 //-----------------------------------------------------------------------------
215 // nsHttpAuthIdentity
216 //-----------------------------------------------------------------------------
217
Set(const char16_t * domain,const char16_t * user,const char16_t * pass)218 nsresult nsHttpAuthIdentity::Set(const char16_t* domain, const char16_t* user,
219 const char16_t* pass) {
220 char16_t *newUser, *newPass, *newDomain;
221
222 int domainLen = domain ? NS_strlen(domain) : 0;
223 int userLen = user ? NS_strlen(user) : 0;
224 int passLen = pass ? NS_strlen(pass) : 0;
225
226 int len = userLen + 1 + passLen + 1 + domainLen + 1;
227 newUser = (char16_t*)malloc(len * sizeof(char16_t));
228 if (!newUser) return NS_ERROR_OUT_OF_MEMORY;
229
230 if (user) memcpy(newUser, user, userLen * sizeof(char16_t));
231 newUser[userLen] = 0;
232
233 newPass = &newUser[userLen + 1];
234 if (pass) memcpy(newPass, pass, passLen * sizeof(char16_t));
235 newPass[passLen] = 0;
236
237 newDomain = &newPass[passLen + 1];
238 if (domain) memcpy(newDomain, domain, domainLen * sizeof(char16_t));
239 newDomain[domainLen] = 0;
240
241 // wait until the end to clear member vars in case input params
242 // reference our members!
243 if (mUser) free(mUser);
244 mUser = newUser;
245 mPass = newPass;
246 mDomain = newDomain;
247 return NS_OK;
248 }
249
Clear()250 void nsHttpAuthIdentity::Clear() {
251 if (mUser) {
252 free(mUser);
253 mUser = nullptr;
254 mPass = nullptr;
255 mDomain = nullptr;
256 }
257 }
258
Equals(const nsHttpAuthIdentity & ident) const259 bool nsHttpAuthIdentity::Equals(const nsHttpAuthIdentity& ident) const {
260 // we could probably optimize this with a single loop, but why bother?
261 return StrEquivalent(mUser, ident.mUser) &&
262 StrEquivalent(mPass, ident.mPass) &&
263 StrEquivalent(mDomain, ident.mDomain);
264 }
265
266 //-----------------------------------------------------------------------------
267 // nsHttpAuthEntry
268 //-----------------------------------------------------------------------------
269
~nsHttpAuthEntry()270 nsHttpAuthEntry::~nsHttpAuthEntry() {
271 if (mRealm) free(mRealm);
272
273 while (mRoot) {
274 nsHttpAuthPath* ap = mRoot;
275 mRoot = mRoot->mNext;
276 free(ap);
277 }
278 }
279
AddPath(const char * aPath)280 nsresult nsHttpAuthEntry::AddPath(const char* aPath) {
281 // null path matches empty path
282 if (!aPath) aPath = "";
283
284 nsHttpAuthPath* tempPtr = mRoot;
285 while (tempPtr) {
286 const char* curpath = tempPtr->mPath;
287 if (strncmp(aPath, curpath, strlen(curpath)) == 0) {
288 return NS_OK; // subpath already exists in the list
289 }
290
291 tempPtr = tempPtr->mNext;
292 }
293
294 // Append the aPath
295 nsHttpAuthPath* newAuthPath;
296 int newpathLen = strlen(aPath);
297 newAuthPath = (nsHttpAuthPath*)malloc(sizeof(nsHttpAuthPath) + newpathLen);
298 if (!newAuthPath) return NS_ERROR_OUT_OF_MEMORY;
299
300 memcpy(newAuthPath->mPath, aPath, newpathLen + 1);
301 newAuthPath->mNext = nullptr;
302
303 if (!mRoot) {
304 mRoot = newAuthPath; // first entry
305 } else {
306 mTail->mNext = newAuthPath; // Append newAuthPath
307 }
308
309 // update the tail pointer.
310 mTail = newAuthPath;
311 return NS_OK;
312 }
313
Set(const char * path,const char * realm,const char * creds,const char * chall,const nsHttpAuthIdentity * ident,nsISupports * metadata)314 nsresult nsHttpAuthEntry::Set(const char* path, const char* realm,
315 const char* creds, const char* chall,
316 const nsHttpAuthIdentity* ident,
317 nsISupports* metadata) {
318 char *newRealm, *newCreds, *newChall;
319
320 int realmLen = realm ? strlen(realm) : 0;
321 int credsLen = creds ? strlen(creds) : 0;
322 int challLen = chall ? strlen(chall) : 0;
323
324 int len = realmLen + 1 + credsLen + 1 + challLen + 1;
325 newRealm = (char*)malloc(len);
326 if (!newRealm) return NS_ERROR_OUT_OF_MEMORY;
327
328 if (realm) memcpy(newRealm, realm, realmLen);
329 newRealm[realmLen] = 0;
330
331 newCreds = &newRealm[realmLen + 1];
332 if (creds) memcpy(newCreds, creds, credsLen);
333 newCreds[credsLen] = 0;
334
335 newChall = &newCreds[credsLen + 1];
336 if (chall) memcpy(newChall, chall, challLen);
337 newChall[challLen] = 0;
338
339 nsresult rv = NS_OK;
340 if (ident) {
341 rv = mIdent.Set(*ident);
342 } else if (mIdent.IsEmpty()) {
343 // If we are not given an identity and our cached identity has not been
344 // initialized yet (so is currently empty), initialize it now by
345 // filling it with nulls. We need to do that because consumers expect
346 // that mIdent is initialized after this function returns.
347 rv = mIdent.Set(nullptr, nullptr, nullptr);
348 }
349 if (NS_FAILED(rv)) {
350 free(newRealm);
351 return rv;
352 }
353
354 rv = AddPath(path);
355 if (NS_FAILED(rv)) {
356 free(newRealm);
357 return rv;
358 }
359
360 // wait until the end to clear member vars in case input params
361 // reference our members!
362 if (mRealm) free(mRealm);
363
364 mRealm = newRealm;
365 mCreds = newCreds;
366 mChallenge = newChall;
367 mMetaData = metadata;
368
369 return NS_OK;
370 }
371
372 //-----------------------------------------------------------------------------
373 // nsHttpAuthNode
374 //-----------------------------------------------------------------------------
375
nsHttpAuthNode()376 nsHttpAuthNode::nsHttpAuthNode() {
377 LOG(("Creating nsHttpAuthNode @%p\n", this));
378 }
379
~nsHttpAuthNode()380 nsHttpAuthNode::~nsHttpAuthNode() {
381 LOG(("Destroying nsHttpAuthNode @%p\n", this));
382
383 mList.Clear();
384 }
385
LookupEntryByPath(const char * path)386 nsHttpAuthEntry* nsHttpAuthNode::LookupEntryByPath(const char* path) {
387 // null path matches empty path
388 if (!path) path = "";
389
390 // look for an entry that either matches or contains this directory.
391 // ie. we'll give out credentials if the given directory is a sub-
392 // directory of an existing entry.
393 for (uint32_t i = 0; i < mList.Length(); ++i) {
394 const auto& entry = mList[i];
395 nsHttpAuthPath* authPath = entry->RootPath();
396 while (authPath) {
397 const char* entryPath = authPath->mPath;
398 // proxy auth entries have no path, so require exact match on
399 // empty path string.
400 if (entryPath[0] == '\0') {
401 if (path[0] == '\0') {
402 return entry.get();
403 }
404 } else if (strncmp(path, entryPath, strlen(entryPath)) == 0) {
405 return entry.get();
406 }
407
408 authPath = authPath->mNext;
409 }
410 }
411 return nullptr;
412 }
413
LookupEntryItrByRealm(const char * realm) const414 nsHttpAuthNode::EntryList::const_iterator nsHttpAuthNode::LookupEntryItrByRealm(
415 const char* realm) const {
416 // null realm matches empty realm
417 if (!realm) realm = "";
418
419 return std::find_if(mList.cbegin(), mList.cend(), [&realm](const auto& val) {
420 return strcmp(realm, val->Realm()) == 0;
421 });
422 }
423
LookupEntryByRealm(const char * realm)424 nsHttpAuthEntry* nsHttpAuthNode::LookupEntryByRealm(const char* realm) {
425 auto itr = LookupEntryItrByRealm(realm);
426 if (itr != mList.cend()) {
427 return itr->get();
428 }
429
430 return nullptr;
431 }
432
SetAuthEntry(const char * path,const char * realm,const char * creds,const char * challenge,const nsHttpAuthIdentity * ident,nsISupports * metadata)433 nsresult nsHttpAuthNode::SetAuthEntry(const char* path, const char* realm,
434 const char* creds, const char* challenge,
435 const nsHttpAuthIdentity* ident,
436 nsISupports* metadata) {
437 // look for an entry with a matching realm
438 nsHttpAuthEntry* entry = LookupEntryByRealm(realm);
439 if (!entry) {
440 // We want the latest identity be at the begining of the list so that
441 // the newest working credentials are sent first on new requests.
442 // Changing a realm is sometimes used to "timeout" authrozization.
443 mList.InsertElementAt(
444 0, WrapUnique(new nsHttpAuthEntry(path, realm, creds, challenge, ident,
445 metadata)));
446 } else {
447 // update the entry...
448 nsresult rv = entry->Set(path, realm, creds, challenge, ident, metadata);
449 NS_ENSURE_SUCCESS(rv, rv);
450 }
451
452 return NS_OK;
453 }
454
ClearAuthEntry(const char * realm)455 void nsHttpAuthNode::ClearAuthEntry(const char* realm) {
456 auto idx = LookupEntryItrByRealm(realm);
457 if (idx != mList.cend()) {
458 mList.RemoveElementAt(idx);
459 }
460 }
461
462 } // namespace net
463 } // namespace mozilla
464