xref: /freebsd/contrib/wpa/src/wps/wps_upnp_event.c (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1 /*
2  * UPnP WPS Device - Event processing
3  * Copyright (c) 2000-2003 Intel Corporation
4  * Copyright (c) 2006-2007 Sony Corporation
5  * Copyright (c) 2008-2009 Atheros Communications
6  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7  *
8  * See wps_upnp.c for more details on licensing and code history.
9  */
10 
11 #include "includes.h"
12 #include <assert.h>
13 #include <fcntl.h>
14 
15 #include "common.h"
16 #include "eloop.h"
17 #include "uuid.h"
18 #include "httpread.h"
19 #include "wps_defs.h"
20 #include "wps_upnp.h"
21 #include "wps_upnp_i.h"
22 
23 /*
24  * Event message generation (to subscribers)
25  *
26  * We make a separate copy for each message for each subscriber. This memory
27  * wasted could be limited (adding code complexity) by sharing copies, keeping
28  * a usage count and freeing when zero.
29  *
30  * Sending a message requires using a HTTP over TCP NOTIFY
31  * (like a PUT) which requires a number of states..
32  */
33 
34 #define MAX_EVENTS_QUEUED 20   /* How far behind queued events */
35 #define EVENT_TIMEOUT_SEC 30   /* Drop sending event after timeout */
36 
37 /* How long to wait before sending event */
38 #define EVENT_DELAY_SECONDS 0
39 #define EVENT_DELAY_MSEC 0
40 
41 /*
42  * Event information that we send to each subscriber is remembered in this
43  * struct. The event cannot be sent by simple UDP; it has to be sent by a HTTP
44  * over TCP transaction which requires various states.. It may also need to be
45  * retried at a different address (if more than one is available).
46  *
47  * TODO: As an optimization we could share data between subscribers.
48  */
49 struct wps_event_ {
50 	struct wps_event_ *next;
51 	struct wps_event_ *prev;        /* double linked list */
52 	struct subscription *s;         /* parent */
53 	unsigned subscriber_sequence;   /* which event for this subscription*/
54 	int retry;                      /* which retry */
55 	struct subscr_addr *addr;       /* address to connect to */
56 	struct wpabuf *data;            /* event data to send */
57 	/* The following apply while we are sending an event message. */
58 	int sd;            /* -1 or socket descriptor for open connection */
59 	int sd_registered;        /* nonzero if we must cancel registration */
60 	struct httpread *hread; /* NULL or open connection for event msg */
61 };
62 
63 
64 static void event_timeout_handler(void *eloop_data, void *user_ctx);
65 
66 /* event_clean -- clean sockets etc. of event
67  * Leaves data, retry count etc. alone.
68  */
69 static void event_clean(struct wps_event_ *e)
70 {
71 	if (e->s->current_event == e) {
72 		eloop_cancel_timeout(event_timeout_handler, NULL, e);
73 		e->s->current_event = NULL;
74 	}
75 	if (e->sd_registered) {
76 		eloop_unregister_sock(e->sd, EVENT_TYPE_WRITE);
77 		e->sd_registered = 0;
78 	}
79 	if (e->sd != -1) {
80 		close(e->sd);
81 		e->sd = -1;
82 	}
83 	if (e->hread)
84 		httpread_destroy(e->hread);
85 	e->hread = NULL;
86 }
87 
88 
89 /* event_delete -- delete single unqueued event
90  * (be sure to dequeue first if need be)
91  */
92 void event_delete(struct wps_event_ *e)
93 {
94 	event_clean(e);
95 	wpabuf_free(e->data);
96 	os_free(e);
97 }
98 
99 
100 /* event_dequeue -- get next event from the queue
101  * Returns NULL if empty.
102  */
103 static struct wps_event_ *event_dequeue(struct subscription *s)
104 {
105 	struct wps_event_ **event_head = &s->event_queue;
106 	struct wps_event_ *e = *event_head;
107 	if (e == NULL)
108 		return NULL;
109 	e->next->prev = e->prev;
110 	e->prev->next = e->next;
111 	if (*event_head == e) {
112 		if (e == e->next) {
113 			/* last in queue */
114 			*event_head = NULL;
115 		} else {
116 			*event_head = e->next;
117 		}
118 	}
119 	s->n_queue--;
120 	e->next = e->prev = NULL;
121 	/* but parent "s" is still valid */
122 	return e;
123 }
124 
125 
126 /* event_enqueue_at_end -- add event to end of queue */
127 static void event_enqueue_at_end(struct subscription *s, struct wps_event_ *e)
128 {
129 	struct wps_event_ **event_head = &s->event_queue;
130 	if (*event_head == NULL) {
131 		*event_head = e->next = e->prev = e;
132 	} else {
133 		e->next = *event_head;
134 		e->prev = e->next->prev;
135 		e->prev->next = e;
136 		e->next->prev = e;
137 	}
138 	s->n_queue++;
139 }
140 
141 
142 /* event_enqueue_at_begin -- add event to begin of queue
143  * (appropriate for retrying event only)
144  */
145 static void event_enqueue_at_begin(struct subscription *s,
146 				   struct wps_event_ *e)
147 {
148 	struct wps_event_ **event_head = &s->event_queue;
149 	if (*event_head == NULL) {
150 		*event_head = e->next = e->prev = e;
151 	} else {
152 		e->prev = *event_head;
153 		e->next = e->prev->next;
154 		e->prev->next = e;
155 		e->next->prev = e;
156 		*event_head = e;
157 	}
158 	s->n_queue++;
159 }
160 
161 
162 /* event_delete_all -- delete entire event queue and current event */
163 void event_delete_all(struct subscription *s)
164 {
165 	struct wps_event_ *e;
166 	while ((e = event_dequeue(s)) != NULL)
167 		event_delete(e);
168 	if (s->current_event) {
169 		event_delete(s->current_event);
170 		/* will set: s->current_event = NULL;  */
171 	}
172 }
173 
174 
175 /**
176  * event_retry - Called when we had a failure delivering event msg
177  * @e: Event
178  * @do_next_address: skip address e.g. on connect fail
179  */
180 static void event_retry(struct wps_event_ *e, int do_next_address)
181 {
182 	struct subscription *s = e->s;
183 	struct upnp_wps_device_sm *sm = s->sm;
184 
185 	event_clean(e);
186 	/* will set: s->current_event = NULL; */
187 
188 	if (do_next_address)
189 		e->retry++;
190 	if (e->retry >= s->n_addr) {
191 		wpa_printf(MSG_DEBUG, "WPS UPnP: Giving up on sending event "
192 			   "for %s", e->addr->domain_and_port);
193 		return;
194 	}
195 	event_enqueue_at_begin(s, e);
196 	event_send_all_later(sm);
197 }
198 
199 
200 /* called if the overall event-sending process takes too long */
201 static void event_timeout_handler(void *eloop_data, void *user_ctx)
202 {
203 	struct wps_event_ *e = user_ctx;
204 	struct subscription *s = e->s;
205 
206 	assert(e == s->current_event);
207 
208 	wpa_printf(MSG_DEBUG, "WPS UPnP: Event send timeout");
209 	event_retry(e, 1);
210 }
211 
212 
213 /* event_got_response_handler -- called back when http response is received. */
214 static void event_got_response_handler(struct httpread *handle, void *cookie,
215 				       enum httpread_event en)
216 {
217 	struct wps_event_ *e = cookie;
218 	struct subscription *s = e->s;
219 	struct upnp_wps_device_sm *sm = s->sm;
220 	struct httpread *hread = e->hread;
221 	int reply_code = 0;
222 
223 	assert(e == s->current_event);
224 	eloop_cancel_timeout(event_timeout_handler, NULL, e);
225 
226 	if (en == HTTPREAD_EVENT_FILE_READY) {
227 		if (httpread_hdr_type_get(hread) == HTTPREAD_HDR_TYPE_REPLY) {
228 			reply_code = httpread_reply_code_get(hread);
229 			if (reply_code == HTTP_OK) {
230 				wpa_printf(MSG_DEBUG,
231 					   "WPS UPnP: Got event reply OK from "
232 					   "%s", e->addr->domain_and_port);
233 				event_delete(e);
234 				goto send_more;
235 			} else {
236 				wpa_printf(MSG_DEBUG, "WPS UPnP: Got event "
237 					   "error reply code %d from %s",
238 					   reply_code,
239 					   e->addr->domain_and_port);
240 				goto bad;
241 			}
242 		} else {
243 			wpa_printf(MSG_DEBUG, "WPS UPnP: Got bogus event "
244 				   "response %d from %s", en,
245 				   e->addr->domain_and_port);
246 		}
247 	} else {
248 		wpa_printf(MSG_DEBUG, "WPS UPnP: Event response timeout/fail "
249 			   "for %s", e->addr->domain_and_port);
250 		goto bad;
251 	}
252 	event_retry(e, 1);
253 	goto send_more;
254 
255 send_more:
256 	/* Schedule sending more if there is more to send */
257 	if (s->event_queue)
258 		event_send_all_later(sm);
259 	return;
260 
261 bad:
262 	/*
263 	 * If other side doesn't like what we say, forget about them.
264 	 * (There is no way to tell other side that we are dropping
265 	 * them...).
266 	 * Alternately, we could just do event_delete(e)
267 	 */
268 	wpa_printf(MSG_DEBUG, "WPS UPnP: Deleting subscription due to errors");
269 	subscription_unlink(s);
270 	subscription_destroy(s);
271 }
272 
273 
274 /* event_send_tx_ready -- actually write event message
275  *
276  * Prequisite: subscription socket descriptor has become ready to
277  * write (because connection to subscriber has been made).
278  *
279  * It is also possible that we are called because the connect has failed;
280  * it is possible to test for this, or we can just go ahead and then
281  * the write will fail.
282  */
283 static void event_send_tx_ready(int sock, void *eloop_ctx, void *sock_ctx)
284 {
285 	struct wps_event_ *e = sock_ctx;
286 	struct subscription *s = e->s;
287 	struct wpabuf *buf;
288 	char *b;
289 
290 	assert(e == s->current_event);
291 	assert(e->sd == sock);
292 
293 	buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
294 	if (buf == NULL) {
295 		event_retry(e, 0);
296 		goto bad;
297 	}
298 	wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
299 	wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified\r\n");
300 	wpabuf_printf(buf, "HOST: %s\r\n", e->addr->domain_and_port);
301 	wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n"
302 		       "NT: upnp:event\r\n"
303 		       "NTS: upnp:propchange\r\n");
304 	wpabuf_put_str(buf, "SID: uuid:");
305 	b = wpabuf_put(buf, 0);
306 	uuid_bin2str(s->uuid, b, 80);
307 	wpabuf_put(buf, os_strlen(b));
308 	wpabuf_put_str(buf, "\r\n");
309 	wpabuf_printf(buf, "SEQ: %u\r\n", e->subscriber_sequence);
310 	wpabuf_printf(buf, "CONTENT-LENGTH: %d\r\n",
311 		      (int) wpabuf_len(e->data));
312 	wpabuf_put_str(buf, "\r\n"); /* terminating empty line */
313 	wpabuf_put_buf(buf, e->data);
314 
315 	/* Since the message size is pretty small, we should be
316 	 * able to get the operating system to buffer what we give it
317 	 * and not have to come back again later to write more...
318 	 */
319 #if 0
320 	/* we could: Turn blocking back on? */
321 	fcntl(e->sd, F_SETFL, 0);
322 #endif
323 	wpa_printf(MSG_DEBUG, "WPS UPnP: Sending event to %s",
324 		   e->addr->domain_and_port);
325 	if (send_wpabuf(e->sd, buf) < 0) {
326 		event_retry(e, 1);
327 		goto bad;
328 	}
329 	wpabuf_free(buf);
330 	buf = NULL;
331 
332 	if (e->sd_registered) {
333 		e->sd_registered = 0;
334 		eloop_unregister_sock(e->sd, EVENT_TYPE_WRITE);
335 	}
336 	/* Set up to read the reply */
337 	e->hread = httpread_create(e->sd, event_got_response_handler,
338 				   e /* cookie */,
339 				   0 /* no data expected */,
340 				   EVENT_TIMEOUT_SEC);
341 	if (e->hread == NULL) {
342 		wpa_printf(MSG_ERROR, "WPS UPnP: httpread_create failed");
343 		event_retry(e, 0);
344 		goto bad;
345 	}
346 	return;
347 
348 bad:
349 	/* Schedule sending more if there is more to send */
350 	if (s->event_queue)
351 		event_send_all_later(s->sm);
352 	wpabuf_free(buf);
353 }
354 
355 
356 /* event_send_start -- prepare to send a event message to subscriber
357  *
358  * This gets complicated because:
359  * -- The message is sent via TCP and we have to keep the stream open
360  *      for 30 seconds to get a response... then close it.
361  * -- But we might have other event happen in the meantime...
362  *      we have to queue them, if we lose them then the subscriber will
363  *      be forced to unsubscribe and subscribe again.
364  * -- If multiple URLs are provided then we are supposed to try successive
365  *      ones after 30 second timeout.
366  * -- The URLs might use domain names instead of dotted decimal addresses,
367  *      and resolution of those may cause unwanted sleeping.
368  * -- Doing the initial TCP connect can take a while, so we have to come
369  *      back after connection and then send the data.
370  *
371  * Returns nonzero on error;
372  *
373  * Prerequisite: No current event send (s->current_event == NULL)
374  *      and non-empty queue.
375  */
376 static int event_send_start(struct subscription *s)
377 {
378 	struct wps_event_ *e;
379 	int itry;
380 
381 	/*
382 	 * Assume we are called ONLY with no current event and ONLY with
383 	 * nonempty event queue and ONLY with at least one address to send to.
384 	 */
385 	assert(s->addr_list != NULL);
386 	assert(s->current_event == NULL);
387 	assert(s->event_queue != NULL);
388 
389 	s->current_event = e = event_dequeue(s);
390 
391 	/* Use address acc. to no. of retries */
392 	e->addr = s->addr_list;
393 	for (itry = 0; itry < e->retry; itry++)
394 		e->addr = e->addr->next;
395 
396 	e->sd = socket(AF_INET, SOCK_STREAM, 0);
397 	if (e->sd < 0) {
398 		event_retry(e, 0);
399 		return -1;
400 	}
401 	/* set non-blocking so we don't sleep waiting for connection */
402 	if (fcntl(e->sd, F_SETFL, O_NONBLOCK) != 0) {
403 		event_retry(e, 0);
404 		return -1;
405 	}
406 	/*
407 	 * Start the connect. It might succeed immediately but more likely will
408 	 * return errno EINPROGRESS.
409 	 */
410 	if (connect(e->sd, (struct sockaddr *) &e->addr->saddr,
411 		    sizeof(e->addr->saddr))) {
412 		if (errno != EINPROGRESS) {
413 			event_retry(e, 1);
414 			return -1;
415 		}
416 	}
417 	/* Call back when ready for writing (or on failure...). */
418 	if (eloop_register_sock(e->sd, EVENT_TYPE_WRITE, event_send_tx_ready,
419 				NULL, e)) {
420 		event_retry(e, 0);
421 		return -1;
422 	}
423 	e->sd_registered = 1;
424 	/* Don't wait forever! */
425 	if (eloop_register_timeout(EVENT_TIMEOUT_SEC, 0, event_timeout_handler,
426 				   NULL, e)) {
427 		event_retry(e, 0);
428 		return -1;
429 	}
430 	return 0;
431 }
432 
433 
434 /* event_send_all_later_handler -- actually send events as needed */
435 void event_send_all_later_handler(void *eloop_data, void *user_ctx)
436 {
437 	struct upnp_wps_device_sm *sm = user_ctx;
438 	struct subscription *s;
439 	struct subscription *s_old;
440 	int nerrors = 0;
441 
442 	sm->event_send_all_queued = 0;
443 	s = sm->subscriptions;
444 	if (s == NULL)
445 		return;
446 	do {
447 		if (s->addr_list == NULL) {
448 			/* if we've given up on all addresses */
449 			wpa_printf(MSG_DEBUG, "WPS UPnP: Removing "
450 				   "subscription with no addresses");
451 			s_old = s;
452 			s = s_old->next;
453 			subscription_unlink(s_old);
454 			subscription_destroy(s_old);
455 		} else {
456 			if (s->current_event == NULL /* not busy */ &&
457 			    s->event_queue != NULL /* more to do */) {
458 				if (event_send_start(s))
459 					nerrors++;
460 			}
461 			s = s->next;
462 		}
463 	} while (sm->subscriptions != NULL && s != sm->subscriptions);
464 
465 	if (nerrors) {
466 		/* Try again later */
467 		event_send_all_later(sm);
468 	}
469 }
470 
471 
472 /* event_send_all_later -- schedule sending events to all subscribers
473  * that need it.
474  * This avoids two problems:
475  * -- After getting a subscription, we should not send the first event
476  *      until after our reply is fully queued to be sent back,
477  * -- Possible stack depth or infinite recursion issues.
478  */
479 void event_send_all_later(struct upnp_wps_device_sm *sm)
480 {
481 	/*
482 	 * The exact time in the future isn't too important. Waiting a bit
483 	 * might let us do several together.
484 	 */
485 	if (sm->event_send_all_queued)
486 		return;
487 	sm->event_send_all_queued = 1;
488 	eloop_register_timeout(EVENT_DELAY_SECONDS, EVENT_DELAY_MSEC,
489 			       event_send_all_later_handler, NULL, sm);
490 }
491 
492 
493 /* event_send_stop_all -- cleanup */
494 void event_send_stop_all(struct upnp_wps_device_sm *sm)
495 {
496 	if (sm->event_send_all_queued)
497 		eloop_cancel_timeout(event_send_all_later_handler, NULL, sm);
498 	sm->event_send_all_queued = 0;
499 }
500 
501 
502 /**
503  * event_add - Add a new event to a queue
504  * @s: Subscription
505  * @data: Event data (is copied; caller retains ownership)
506  * Returns: 0 on success, 1 on error
507  */
508 int event_add(struct subscription *s, const struct wpabuf *data)
509 {
510 	struct wps_event_ *e;
511 
512 	if (s->n_queue >= MAX_EVENTS_QUEUED) {
513 		wpa_printf(MSG_DEBUG, "WPS UPnP: Too many events queued for "
514 			   "subscriber");
515 		return 1;
516 	}
517 
518 	e = os_zalloc(sizeof(*e));
519 	if (e == NULL)
520 		return 1;
521 	e->s = s;
522 	e->sd = -1;
523 	e->data = wpabuf_dup(data);
524 	if (e->data == NULL) {
525 		os_free(e);
526 		return 1;
527 	}
528 	e->subscriber_sequence = s->next_subscriber_sequence++;
529 	if (s->next_subscriber_sequence == 0)
530 		s->next_subscriber_sequence++;
531 	event_enqueue_at_end(s, e);
532 	event_send_all_later(s->sm);
533 	return 0;
534 }
535