xref: /freebsd/contrib/wpa/src/wps/wps_upnp_web.c (revision a98ff317388a00b992f1bf8404dee596f9383f5e)
1 /*
2  * UPnP WPS Device - Web connections
3  * Copyright (c) 2000-2003 Intel Corporation
4  * Copyright (c) 2006-2007 Sony Corporation
5  * Copyright (c) 2008-2009 Atheros Communications
6  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7  *
8  * See wps_upnp.c for more details on licensing and code history.
9  */
10 
11 #include "includes.h"
12 
13 #include "common.h"
14 #include "base64.h"
15 #include "uuid.h"
16 #include "httpread.h"
17 #include "http_server.h"
18 #include "wps_i.h"
19 #include "wps_upnp.h"
20 #include "wps_upnp_i.h"
21 #include "upnp_xml.h"
22 
23 /***************************************************************************
24  * Web connections (we serve pages of info about ourselves, handle
25  * requests, etc. etc.).
26  **************************************************************************/
27 
28 #define WEB_CONNECTION_TIMEOUT_SEC 30   /* Drop web connection after t.o. */
29 #define WEB_CONNECTION_MAX_READ 8000    /* Max we'll read for TCP request */
30 #define MAX_WEB_CONNECTIONS 10          /* max simultaneous web connects */
31 
32 
33 static const char *urn_wfawlanconfig =
34 	"urn:schemas-wifialliance-org:service:WFAWLANConfig:1";
35 static const char *http_server_hdr =
36 	"Server: unspecified, UPnP/1.0, unspecified\r\n";
37 static const char *http_connection_close =
38 	"Connection: close\r\n";
39 
40 /*
41  * "Files" that we serve via HTTP. The format of these files is given by
42  * WFA WPS specifications. Extra white space has been removed to save space.
43  */
44 
45 static const char wps_scpd_xml[] =
46 "<?xml version=\"1.0\"?>\n"
47 "<scpd xmlns=\"urn:schemas-upnp-org:service-1-0\">\n"
48 "<specVersion><major>1</major><minor>0</minor></specVersion>\n"
49 "<actionList>\n"
50 "<action>\n"
51 "<name>GetDeviceInfo</name>\n"
52 "<argumentList>\n"
53 "<argument>\n"
54 "<name>NewDeviceInfo</name>\n"
55 "<direction>out</direction>\n"
56 "<relatedStateVariable>DeviceInfo</relatedStateVariable>\n"
57 "</argument>\n"
58 "</argumentList>\n"
59 "</action>\n"
60 "<action>\n"
61 "<name>PutMessage</name>\n"
62 "<argumentList>\n"
63 "<argument>\n"
64 "<name>NewInMessage</name>\n"
65 "<direction>in</direction>\n"
66 "<relatedStateVariable>InMessage</relatedStateVariable>\n"
67 "</argument>\n"
68 "<argument>\n"
69 "<name>NewOutMessage</name>\n"
70 "<direction>out</direction>\n"
71 "<relatedStateVariable>OutMessage</relatedStateVariable>\n"
72 "</argument>\n"
73 "</argumentList>\n"
74 "</action>\n"
75 "<action>\n"
76 "<name>PutWLANResponse</name>\n"
77 "<argumentList>\n"
78 "<argument>\n"
79 "<name>NewMessage</name>\n"
80 "<direction>in</direction>\n"
81 "<relatedStateVariable>Message</relatedStateVariable>\n"
82 "</argument>\n"
83 "<argument>\n"
84 "<name>NewWLANEventType</name>\n"
85 "<direction>in</direction>\n"
86 "<relatedStateVariable>WLANEventType</relatedStateVariable>\n"
87 "</argument>\n"
88 "<argument>\n"
89 "<name>NewWLANEventMAC</name>\n"
90 "<direction>in</direction>\n"
91 "<relatedStateVariable>WLANEventMAC</relatedStateVariable>\n"
92 "</argument>\n"
93 "</argumentList>\n"
94 "</action>\n"
95 "<action>\n"
96 "<name>SetSelectedRegistrar</name>\n"
97 "<argumentList>\n"
98 "<argument>\n"
99 "<name>NewMessage</name>\n"
100 "<direction>in</direction>\n"
101 "<relatedStateVariable>Message</relatedStateVariable>\n"
102 "</argument>\n"
103 "</argumentList>\n"
104 "</action>\n"
105 "</actionList>\n"
106 "<serviceStateTable>\n"
107 "<stateVariable sendEvents=\"no\">\n"
108 "<name>Message</name>\n"
109 "<dataType>bin.base64</dataType>\n"
110 "</stateVariable>\n"
111 "<stateVariable sendEvents=\"no\">\n"
112 "<name>InMessage</name>\n"
113 "<dataType>bin.base64</dataType>\n"
114 "</stateVariable>\n"
115 "<stateVariable sendEvents=\"no\">\n"
116 "<name>OutMessage</name>\n"
117 "<dataType>bin.base64</dataType>\n"
118 "</stateVariable>\n"
119 "<stateVariable sendEvents=\"no\">\n"
120 "<name>DeviceInfo</name>\n"
121 "<dataType>bin.base64</dataType>\n"
122 "</stateVariable>\n"
123 "<stateVariable sendEvents=\"yes\">\n"
124 "<name>APStatus</name>\n"
125 "<dataType>ui1</dataType>\n"
126 "</stateVariable>\n"
127 "<stateVariable sendEvents=\"yes\">\n"
128 "<name>STAStatus</name>\n"
129 "<dataType>ui1</dataType>\n"
130 "</stateVariable>\n"
131 "<stateVariable sendEvents=\"yes\">\n"
132 "<name>WLANEvent</name>\n"
133 "<dataType>bin.base64</dataType>\n"
134 "</stateVariable>\n"
135 "<stateVariable sendEvents=\"no\">\n"
136 "<name>WLANEventType</name>\n"
137 "<dataType>ui1</dataType>\n"
138 "</stateVariable>\n"
139 "<stateVariable sendEvents=\"no\">\n"
140 "<name>WLANEventMAC</name>\n"
141 "<dataType>string</dataType>\n"
142 "</stateVariable>\n"
143 "<stateVariable sendEvents=\"no\">\n"
144 "<name>WLANResponse</name>\n"
145 "<dataType>bin.base64</dataType>\n"
146 "</stateVariable>\n"
147 "</serviceStateTable>\n"
148 "</scpd>\n"
149 ;
150 
151 
152 static const char *wps_device_xml_prefix =
153 	"<?xml version=\"1.0\"?>\n"
154 	"<root xmlns=\"urn:schemas-upnp-org:device-1-0\">\n"
155 	"<specVersion>\n"
156 	"<major>1</major>\n"
157 	"<minor>0</minor>\n"
158 	"</specVersion>\n"
159 	"<device>\n"
160 	"<deviceType>urn:schemas-wifialliance-org:device:WFADevice:1"
161 	"</deviceType>\n";
162 
163 static const char *wps_device_xml_postfix =
164 	"<serviceList>\n"
165 	"<service>\n"
166 	"<serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1"
167 	"</serviceType>\n"
168 	"<serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>"
169 	"\n"
170 	"<SCPDURL>" UPNP_WPS_SCPD_XML_FILE "</SCPDURL>\n"
171 	"<controlURL>" UPNP_WPS_DEVICE_CONTROL_FILE "</controlURL>\n"
172 	"<eventSubURL>" UPNP_WPS_DEVICE_EVENT_FILE "</eventSubURL>\n"
173 	"</service>\n"
174 	"</serviceList>\n"
175 	"</device>\n"
176 	"</root>\n";
177 
178 
179 /* format_wps_device_xml -- produce content of "file" wps_device.xml
180  * (UPNP_WPS_DEVICE_XML_FILE)
181  */
182 static void format_wps_device_xml(struct upnp_wps_device_sm *sm,
183 				  struct wpabuf *buf)
184 {
185 	const char *s;
186 	char uuid_string[80];
187 	struct upnp_wps_device_interface *iface;
188 
189 	iface = dl_list_first(&sm->interfaces,
190 			      struct upnp_wps_device_interface, list);
191 
192 	wpabuf_put_str(buf, wps_device_xml_prefix);
193 
194 	/*
195 	 * Add required fields with default values if not configured. Add
196 	 * optional and recommended fields only if configured.
197 	 */
198 	s = iface->wps->friendly_name;
199 	s = ((s && *s) ? s : "WPS Access Point");
200 	xml_add_tagged_data(buf, "friendlyName", s);
201 
202 	s = iface->wps->dev.manufacturer;
203 	s = ((s && *s) ? s : "");
204 	xml_add_tagged_data(buf, "manufacturer", s);
205 
206 	if (iface->wps->manufacturer_url)
207 		xml_add_tagged_data(buf, "manufacturerURL",
208 				    iface->wps->manufacturer_url);
209 
210 	if (iface->wps->model_description)
211 		xml_add_tagged_data(buf, "modelDescription",
212 				    iface->wps->model_description);
213 
214 	s = iface->wps->dev.model_name;
215 	s = ((s && *s) ? s : "");
216 	xml_add_tagged_data(buf, "modelName", s);
217 
218 	if (iface->wps->dev.model_number)
219 		xml_add_tagged_data(buf, "modelNumber",
220 				    iface->wps->dev.model_number);
221 
222 	if (iface->wps->model_url)
223 		xml_add_tagged_data(buf, "modelURL", iface->wps->model_url);
224 
225 	if (iface->wps->dev.serial_number)
226 		xml_add_tagged_data(buf, "serialNumber",
227 				    iface->wps->dev.serial_number);
228 
229 	uuid_bin2str(iface->wps->uuid, uuid_string, sizeof(uuid_string));
230 	s = uuid_string;
231 	/* Need "uuid:" prefix, thus we can't use xml_add_tagged_data()
232 	 * easily...
233 	 */
234 	wpabuf_put_str(buf, "<UDN>uuid:");
235 	xml_data_encode(buf, s, os_strlen(s));
236 	wpabuf_put_str(buf, "</UDN>\n");
237 
238 	if (iface->wps->upc)
239 		xml_add_tagged_data(buf, "UPC", iface->wps->upc);
240 
241 	wpabuf_put_str(buf, wps_device_xml_postfix);
242 }
243 
244 
245 static void http_put_reply_code(struct wpabuf *buf, enum http_reply_code code)
246 {
247 	wpabuf_put_str(buf, "HTTP/1.1 ");
248 	switch (code) {
249 	case HTTP_OK:
250 		wpabuf_put_str(buf, "200 OK\r\n");
251 		break;
252 	case HTTP_BAD_REQUEST:
253 		wpabuf_put_str(buf, "400 Bad request\r\n");
254 		break;
255 	case HTTP_PRECONDITION_FAILED:
256 		wpabuf_put_str(buf, "412 Precondition failed\r\n");
257 		break;
258 	case HTTP_UNIMPLEMENTED:
259 		wpabuf_put_str(buf, "501 Unimplemented\r\n");
260 		break;
261 	case HTTP_INTERNAL_SERVER_ERROR:
262 	default:
263 		wpabuf_put_str(buf, "500 Internal server error\r\n");
264 		break;
265 	}
266 }
267 
268 
269 static void http_put_date(struct wpabuf *buf)
270 {
271 	wpabuf_put_str(buf, "Date: ");
272 	format_date(buf);
273 	wpabuf_put_str(buf, "\r\n");
274 }
275 
276 
277 static void http_put_empty(struct wpabuf *buf, enum http_reply_code code)
278 {
279 	http_put_reply_code(buf, code);
280 	wpabuf_put_str(buf, http_server_hdr);
281 	wpabuf_put_str(buf, http_connection_close);
282 	wpabuf_put_str(buf, "Content-Length: 0\r\n"
283 		       "\r\n");
284 }
285 
286 
287 /* Given that we have received a header w/ GET, act upon it
288  *
289  * Format of GET (case-insensitive):
290  *
291  * First line must be:
292  *      GET /<file> HTTP/1.1
293  * Since we don't do anything fancy we just ignore other lines.
294  *
295  * Our response (if no error) which includes only required lines is:
296  * HTTP/1.1 200 OK
297  * Connection: close
298  * Content-Type: text/xml
299  * Date: <rfc1123-date>
300  *
301  * Header lines must end with \r\n
302  * Per RFC 2616, content-length: is not required but connection:close
303  * would appear to be required (given that we will be closing it!).
304  */
305 static void web_connection_parse_get(struct upnp_wps_device_sm *sm,
306 				     struct http_request *hreq, char *filename)
307 {
308 	struct wpabuf *buf; /* output buffer, allocated */
309 	char *put_length_here;
310 	char *body_start;
311 	enum {
312 		GET_DEVICE_XML_FILE,
313 		GET_SCPD_XML_FILE
314 	} req;
315 	size_t extra_len = 0;
316 	int body_length;
317 	char len_buf[10];
318 	struct upnp_wps_device_interface *iface;
319 
320 	iface = dl_list_first(&sm->interfaces,
321 			      struct upnp_wps_device_interface, list);
322 
323 	/*
324 	 * It is not required that filenames be case insensitive but it is
325 	 * allowed and cannot hurt here.
326 	 */
327 	if (filename == NULL)
328 		filename = "(null)"; /* just in case */
329 	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_XML_FILE) == 0) {
330 		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for device XML");
331 		req = GET_DEVICE_XML_FILE;
332 		extra_len = 3000;
333 		if (iface->wps->friendly_name)
334 			extra_len += os_strlen(iface->wps->friendly_name);
335 		if (iface->wps->manufacturer_url)
336 			extra_len += os_strlen(iface->wps->manufacturer_url);
337 		if (iface->wps->model_description)
338 			extra_len += os_strlen(iface->wps->model_description);
339 		if (iface->wps->model_url)
340 			extra_len += os_strlen(iface->wps->model_url);
341 		if (iface->wps->upc)
342 			extra_len += os_strlen(iface->wps->upc);
343 	} else if (!os_strcasecmp(filename, UPNP_WPS_SCPD_XML_FILE)) {
344 		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET for SCPD XML");
345 		req = GET_SCPD_XML_FILE;
346 		extra_len = os_strlen(wps_scpd_xml);
347 	} else {
348 		/* File not found */
349 		wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP GET file not found: %s",
350 			   filename);
351 		buf = wpabuf_alloc(200);
352 		if (buf == NULL) {
353 			http_request_deinit(hreq);
354 			return;
355 		}
356 		wpabuf_put_str(buf,
357 			       "HTTP/1.1 404 Not Found\r\n"
358 			       "Connection: close\r\n");
359 
360 		http_put_date(buf);
361 
362 		/* terminating empty line */
363 		wpabuf_put_str(buf, "\r\n");
364 
365 		goto send_buf;
366 	}
367 
368 	buf = wpabuf_alloc(1000 + extra_len);
369 	if (buf == NULL) {
370 		http_request_deinit(hreq);
371 		return;
372 	}
373 
374 	wpabuf_put_str(buf,
375 		       "HTTP/1.1 200 OK\r\n"
376 		       "Content-Type: text/xml; charset=\"utf-8\"\r\n");
377 	wpabuf_put_str(buf, "Server: Unspecified, UPnP/1.0, Unspecified\r\n");
378 	wpabuf_put_str(buf, "Connection: close\r\n");
379 	wpabuf_put_str(buf, "Content-Length: ");
380 	/*
381 	 * We will paste the length in later, leaving some extra whitespace.
382 	 * HTTP code is supposed to be tolerant of extra whitespace.
383 	 */
384 	put_length_here = wpabuf_put(buf, 0);
385 	wpabuf_put_str(buf, "        \r\n");
386 
387 	http_put_date(buf);
388 
389 	/* terminating empty line */
390 	wpabuf_put_str(buf, "\r\n");
391 
392 	body_start = wpabuf_put(buf, 0);
393 
394 	switch (req) {
395 	case GET_DEVICE_XML_FILE:
396 		format_wps_device_xml(sm, buf);
397 		break;
398 	case GET_SCPD_XML_FILE:
399 		wpabuf_put_str(buf, wps_scpd_xml);
400 		break;
401 	}
402 
403 	/* Now patch in the content length at the end */
404 	body_length = (char *) wpabuf_put(buf, 0) - body_start;
405 	os_snprintf(len_buf, 10, "%d", body_length);
406 	os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
407 
408 send_buf:
409 	http_request_send_and_deinit(hreq, buf);
410 }
411 
412 
413 static enum http_reply_code
414 web_process_get_device_info(struct upnp_wps_device_sm *sm,
415 			    struct wpabuf **reply, const char **replyname)
416 {
417 	static const char *name = "NewDeviceInfo";
418 	struct wps_config cfg;
419 	struct upnp_wps_device_interface *iface;
420 	struct upnp_wps_peer *peer;
421 
422 	iface = dl_list_first(&sm->interfaces,
423 			      struct upnp_wps_device_interface, list);
424 	peer = &iface->peer;
425 
426 	wpa_printf(MSG_DEBUG, "WPS UPnP: GetDeviceInfo");
427 
428 	if (iface->ctx->ap_pin == NULL)
429 		return HTTP_INTERNAL_SERVER_ERROR;
430 
431 	/*
432 	 * Request for DeviceInfo, i.e., M1 TLVs. This is a start of WPS
433 	 * registration over UPnP with the AP acting as an Enrollee. It should
434 	 * be noted that this is frequently used just to get the device data,
435 	 * i.e., there may not be any intent to actually complete the
436 	 * registration.
437 	 */
438 
439 	if (peer->wps)
440 		wps_deinit(peer->wps);
441 
442 	os_memset(&cfg, 0, sizeof(cfg));
443 	cfg.wps = iface->wps;
444 	cfg.pin = (u8 *) iface->ctx->ap_pin;
445 	cfg.pin_len = os_strlen(iface->ctx->ap_pin);
446 	peer->wps = wps_init(&cfg);
447 	if (peer->wps) {
448 		enum wsc_op_code op_code;
449 		*reply = wps_get_msg(peer->wps, &op_code);
450 		if (*reply == NULL) {
451 			wps_deinit(peer->wps);
452 			peer->wps = NULL;
453 		}
454 	} else
455 		*reply = NULL;
456 	if (*reply == NULL) {
457 		wpa_printf(MSG_INFO, "WPS UPnP: Failed to get DeviceInfo");
458 		return HTTP_INTERNAL_SERVER_ERROR;
459 	}
460 	*replyname = name;
461 	return HTTP_OK;
462 }
463 
464 
465 static enum http_reply_code
466 web_process_put_message(struct upnp_wps_device_sm *sm, char *data,
467 			struct wpabuf **reply, const char **replyname)
468 {
469 	struct wpabuf *msg;
470 	static const char *name = "NewOutMessage";
471 	enum http_reply_code ret;
472 	enum wps_process_res res;
473 	enum wsc_op_code op_code;
474 	struct upnp_wps_device_interface *iface;
475 
476 	iface = dl_list_first(&sm->interfaces,
477 			      struct upnp_wps_device_interface, list);
478 
479 	/*
480 	 * PutMessage is used by external UPnP-based Registrar to perform WPS
481 	 * operation with the access point itself; as compared with
482 	 * PutWLANResponse which is for proxying.
483 	 */
484 	wpa_printf(MSG_DEBUG, "WPS UPnP: PutMessage");
485 	msg = xml_get_base64_item(data, "NewInMessage", &ret);
486 	if (msg == NULL)
487 		return ret;
488 	res = wps_process_msg(iface->peer.wps, WSC_UPnP, msg);
489 	if (res == WPS_FAILURE)
490 		*reply = NULL;
491 	else
492 		*reply = wps_get_msg(iface->peer.wps, &op_code);
493 	wpabuf_free(msg);
494 	if (*reply == NULL)
495 		return HTTP_INTERNAL_SERVER_ERROR;
496 	*replyname = name;
497 	return HTTP_OK;
498 }
499 
500 
501 static enum http_reply_code
502 web_process_put_wlan_response(struct upnp_wps_device_sm *sm, char *data,
503 			      struct wpabuf **reply, const char **replyname)
504 {
505 	struct wpabuf *msg;
506 	enum http_reply_code ret;
507 	u8 macaddr[ETH_ALEN];
508 	int ev_type;
509 	int type;
510 	char *val;
511 	struct upnp_wps_device_interface *iface;
512 	int ok = 0;
513 
514 	/*
515 	 * External UPnP-based Registrar is passing us a message to be proxied
516 	 * over to a Wi-Fi -based client of ours.
517 	 */
518 
519 	wpa_printf(MSG_DEBUG, "WPS UPnP: PutWLANResponse");
520 	msg = xml_get_base64_item(data, "NewMessage", &ret);
521 	if (msg == NULL) {
522 		wpa_printf(MSG_DEBUG, "WPS UPnP: Could not extract NewMessage "
523 			   "from PutWLANResponse");
524 		return ret;
525 	}
526 	val = xml_get_first_item(data, "NewWLANEventType");
527 	if (val == NULL) {
528 		wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventType in "
529 			   "PutWLANResponse");
530 		wpabuf_free(msg);
531 		return UPNP_ARG_VALUE_INVALID;
532 	}
533 	ev_type = atol(val);
534 	os_free(val);
535 	val = xml_get_first_item(data, "NewWLANEventMAC");
536 	if (val == NULL) {
537 		wpa_printf(MSG_DEBUG, "WPS UPnP: No NewWLANEventMAC in "
538 			   "PutWLANResponse");
539 		wpabuf_free(msg);
540 		return UPNP_ARG_VALUE_INVALID;
541 	}
542 	if (hwaddr_aton(val, macaddr)) {
543 		wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid NewWLANEventMAC in "
544 			   "PutWLANResponse: '%s'", val);
545 #ifdef CONFIG_WPS_STRICT
546 		{
547 			struct wps_parse_attr attr;
548 			if (wps_parse_msg(msg, &attr) < 0 || attr.version2) {
549 				wpabuf_free(msg);
550 				os_free(val);
551 				return UPNP_ARG_VALUE_INVALID;
552 			}
553 		}
554 #endif /* CONFIG_WPS_STRICT */
555 		if (hwaddr_aton2(val, macaddr) > 0) {
556 			/*
557 			 * At least some versions of Intel PROset seem to be
558 			 * using dot-deliminated MAC address format here.
559 			 */
560 			wpa_printf(MSG_DEBUG, "WPS UPnP: Workaround - allow "
561 				   "incorrect MAC address format in "
562 				   "NewWLANEventMAC: %s -> " MACSTR,
563 				   val, MAC2STR(macaddr));
564 		} else {
565 			wpabuf_free(msg);
566 			os_free(val);
567 			return UPNP_ARG_VALUE_INVALID;
568 		}
569 	}
570 	os_free(val);
571 	if (ev_type == UPNP_WPS_WLANEVENT_TYPE_EAP) {
572 		struct wps_parse_attr attr;
573 		if (wps_parse_msg(msg, &attr) < 0 ||
574 		    attr.msg_type == NULL)
575 			type = -1;
576 		else
577 			type = *attr.msg_type;
578 		wpa_printf(MSG_DEBUG, "WPS UPnP: Message Type %d", type);
579 	} else
580 		type = -1;
581 	dl_list_for_each(iface, &sm->interfaces,
582 			 struct upnp_wps_device_interface, list) {
583 		if (iface->ctx->rx_req_put_wlan_response &&
584 		    iface->ctx->rx_req_put_wlan_response(iface->priv, ev_type,
585 							 macaddr, msg, type)
586 		    == 0)
587 			ok = 1;
588 	}
589 
590 	if (!ok) {
591 		wpa_printf(MSG_INFO, "WPS UPnP: Fail: sm->ctx->"
592 			   "rx_req_put_wlan_response");
593 		wpabuf_free(msg);
594 		return HTTP_INTERNAL_SERVER_ERROR;
595 	}
596 	wpabuf_free(msg);
597 	*replyname = NULL;
598 	*reply = NULL;
599 	return HTTP_OK;
600 }
601 
602 
603 static int find_er_addr(struct subscription *s, struct sockaddr_in *cli)
604 {
605 	struct subscr_addr *a;
606 
607 	dl_list_for_each(a, &s->addr_list, struct subscr_addr, list) {
608 		if (cli->sin_addr.s_addr == a->saddr.sin_addr.s_addr)
609 			return 1;
610 	}
611 	return 0;
612 }
613 
614 
615 static struct subscription * find_er(struct upnp_wps_device_sm *sm,
616 				     struct sockaddr_in *cli)
617 {
618 	struct subscription *s;
619 	dl_list_for_each(s, &sm->subscriptions, struct subscription, list)
620 		if (find_er_addr(s, cli))
621 			return s;
622 	return NULL;
623 }
624 
625 
626 static enum http_reply_code
627 web_process_set_selected_registrar(struct upnp_wps_device_sm *sm,
628 				   struct sockaddr_in *cli, char *data,
629 				   struct wpabuf **reply,
630 				   const char **replyname)
631 {
632 	struct wpabuf *msg;
633 	enum http_reply_code ret;
634 	struct subscription *s;
635 	struct upnp_wps_device_interface *iface;
636 	int err = 0;
637 
638 	wpa_printf(MSG_DEBUG, "WPS UPnP: SetSelectedRegistrar");
639 	s = find_er(sm, cli);
640 	if (s == NULL) {
641 		wpa_printf(MSG_DEBUG, "WPS UPnP: Ignore SetSelectedRegistrar "
642 			   "from unknown ER");
643 		return UPNP_ACTION_FAILED;
644 	}
645 	msg = xml_get_base64_item(data, "NewMessage", &ret);
646 	if (msg == NULL)
647 		return ret;
648 	dl_list_for_each(iface, &sm->interfaces,
649 			 struct upnp_wps_device_interface, list) {
650 		if (upnp_er_set_selected_registrar(iface->wps->registrar, s,
651 						   msg))
652 			err = 1;
653 	}
654 	wpabuf_free(msg);
655 	if (err)
656 		return HTTP_INTERNAL_SERVER_ERROR;
657 	*replyname = NULL;
658 	*reply = NULL;
659 	return HTTP_OK;
660 }
661 
662 
663 static const char *soap_prefix =
664 	"<?xml version=\"1.0\"?>\n"
665 	"<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" "
666 	"s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n"
667 	"<s:Body>\n";
668 static const char *soap_postfix =
669 	"</s:Body>\n</s:Envelope>\n";
670 
671 static const char *soap_error_prefix =
672 	"<s:Fault>\n"
673 	"<faultcode>s:Client</faultcode>\n"
674 	"<faultstring>UPnPError</faultstring>\n"
675 	"<detail>\n"
676 	"<UPnPError xmlns=\"urn:schemas-upnp-org:control-1-0\">\n";
677 static const char *soap_error_postfix =
678 	"<errorDescription>Error</errorDescription>\n"
679 	"</UPnPError>\n"
680 	"</detail>\n"
681 	"</s:Fault>\n";
682 
683 static void web_connection_send_reply(struct http_request *req,
684 				      enum http_reply_code ret,
685 				      const char *action, int action_len,
686 				      const struct wpabuf *reply,
687 				      const char *replyname)
688 {
689 	struct wpabuf *buf;
690 	char *replydata;
691 	char *put_length_here = NULL;
692 	char *body_start = NULL;
693 
694 	if (reply) {
695 		size_t len;
696 		replydata = (char *) base64_encode(wpabuf_head(reply),
697 						   wpabuf_len(reply), &len);
698 	} else
699 		replydata = NULL;
700 
701 	/* Parameters of the response:
702 	 *      action(action_len) -- action we are responding to
703 	 *      replyname -- a name we need for the reply
704 	 *      replydata -- NULL or null-terminated string
705 	 */
706 	buf = wpabuf_alloc(1000 + (replydata ? os_strlen(replydata) : 0U) +
707 			   (action_len > 0 ? action_len * 2 : 0));
708 	if (buf == NULL) {
709 		wpa_printf(MSG_INFO, "WPS UPnP: Cannot allocate reply to "
710 			   "POST");
711 		os_free(replydata);
712 		http_request_deinit(req);
713 		return;
714 	}
715 
716 	/*
717 	 * Assuming we will be successful, put in the output header first.
718 	 * Note: we do not keep connections alive (and httpread does
719 	 * not support it)... therefore we must have Connection: close.
720 	 */
721 	if (ret == HTTP_OK) {
722 		wpabuf_put_str(buf,
723 			       "HTTP/1.1 200 OK\r\n"
724 			       "Content-Type: text/xml; "
725 			       "charset=\"utf-8\"\r\n");
726 	} else {
727 		wpabuf_printf(buf, "HTTP/1.1 %d Error\r\n", ret);
728 	}
729 	wpabuf_put_str(buf, http_connection_close);
730 
731 	wpabuf_put_str(buf, "Content-Length: ");
732 	/*
733 	 * We will paste the length in later, leaving some extra whitespace.
734 	 * HTTP code is supposed to be tolerant of extra whitespace.
735 	 */
736 	put_length_here = wpabuf_put(buf, 0);
737 	wpabuf_put_str(buf, "        \r\n");
738 
739 	http_put_date(buf);
740 
741 	/* terminating empty line */
742 	wpabuf_put_str(buf, "\r\n");
743 
744 	body_start = wpabuf_put(buf, 0);
745 
746 	if (ret == HTTP_OK) {
747 		wpabuf_put_str(buf, soap_prefix);
748 		wpabuf_put_str(buf, "<u:");
749 		wpabuf_put_data(buf, action, action_len);
750 		wpabuf_put_str(buf, "Response xmlns:u=\"");
751 		wpabuf_put_str(buf, urn_wfawlanconfig);
752 		wpabuf_put_str(buf, "\">\n");
753 		if (replydata && replyname) {
754 			/* TODO: might possibly need to escape part of reply
755 			 * data? ...
756 			 * probably not, unlikely to have ampersand(&) or left
757 			 * angle bracket (<) in it...
758 			 */
759 			wpabuf_printf(buf, "<%s>", replyname);
760 			wpabuf_put_str(buf, replydata);
761 			wpabuf_printf(buf, "</%s>\n", replyname);
762 		}
763 		wpabuf_put_str(buf, "</u:");
764 		wpabuf_put_data(buf, action, action_len);
765 		wpabuf_put_str(buf, "Response>\n");
766 		wpabuf_put_str(buf, soap_postfix);
767 	} else {
768 		/* Error case */
769 		wpabuf_put_str(buf, soap_prefix);
770 		wpabuf_put_str(buf, soap_error_prefix);
771 		wpabuf_printf(buf, "<errorCode>%d</errorCode>\n", ret);
772 		wpabuf_put_str(buf, soap_error_postfix);
773 		wpabuf_put_str(buf, soap_postfix);
774 	}
775 	os_free(replydata);
776 
777 	/* Now patch in the content length at the end */
778 	if (body_start && put_length_here) {
779 		int body_length = (char *) wpabuf_put(buf, 0) - body_start;
780 		char len_buf[10];
781 		os_snprintf(len_buf, sizeof(len_buf), "%d", body_length);
782 		os_memcpy(put_length_here, len_buf, os_strlen(len_buf));
783 	}
784 
785 	http_request_send_and_deinit(req, buf);
786 }
787 
788 
789 static const char * web_get_action(struct http_request *req,
790 				   size_t *action_len)
791 {
792 	const char *match;
793 	int match_len;
794 	char *b;
795 	char *action;
796 
797 	*action_len = 0;
798 	/* The SOAPAction line of the header tells us what we want to do */
799 	b = http_request_get_hdr_line(req, "SOAPAction:");
800 	if (b == NULL)
801 		return NULL;
802 	if (*b == '"')
803 		b++;
804 	else
805 		return NULL;
806 	match = urn_wfawlanconfig;
807 	match_len = os_strlen(urn_wfawlanconfig) - 1;
808 	if (os_strncasecmp(b, match, match_len))
809 		return NULL;
810 	b += match_len;
811 	/* skip over version */
812 	while (isgraph(*b) && *b != '#')
813 		b++;
814 	if (*b != '#')
815 		return NULL;
816 	b++;
817 	/* Following the sharp(#) should be the action and a double quote */
818 	action = b;
819 	while (isgraph(*b) && *b != '"')
820 		b++;
821 	if (*b != '"')
822 		return NULL;
823 	*action_len = b - action;
824 	return action;
825 }
826 
827 
828 /* Given that we have received a header w/ POST, act upon it
829  *
830  * Format of POST (case-insensitive):
831  *
832  * First line must be:
833  *      POST /<file> HTTP/1.1
834  * Since we don't do anything fancy we just ignore other lines.
835  *
836  * Our response (if no error) which includes only required lines is:
837  * HTTP/1.1 200 OK
838  * Connection: close
839  * Content-Type: text/xml
840  * Date: <rfc1123-date>
841  *
842  * Header lines must end with \r\n
843  * Per RFC 2616, content-length: is not required but connection:close
844  * would appear to be required (given that we will be closing it!).
845  */
846 static void web_connection_parse_post(struct upnp_wps_device_sm *sm,
847 				      struct sockaddr_in *cli,
848 				      struct http_request *req,
849 				      const char *filename)
850 {
851 	enum http_reply_code ret;
852 	char *data = http_request_get_data(req); /* body of http msg */
853 	const char *action = NULL;
854 	size_t action_len = 0;
855 	const char *replyname = NULL; /* argument name for the reply */
856 	struct wpabuf *reply = NULL; /* data for the reply */
857 
858 	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_CONTROL_FILE)) {
859 		wpa_printf(MSG_INFO, "WPS UPnP: Invalid POST filename %s",
860 			   filename);
861 		ret = HTTP_NOT_FOUND;
862 		goto bad;
863 	}
864 
865 	ret = UPNP_INVALID_ACTION;
866 	action = web_get_action(req, &action_len);
867 	if (action == NULL)
868 		goto bad;
869 
870 	if (!os_strncasecmp("GetDeviceInfo", action, action_len))
871 		ret = web_process_get_device_info(sm, &reply, &replyname);
872 	else if (!os_strncasecmp("PutMessage", action, action_len))
873 		ret = web_process_put_message(sm, data, &reply, &replyname);
874 	else if (!os_strncasecmp("PutWLANResponse", action, action_len))
875 		ret = web_process_put_wlan_response(sm, data, &reply,
876 						    &replyname);
877 	else if (!os_strncasecmp("SetSelectedRegistrar", action, action_len))
878 		ret = web_process_set_selected_registrar(sm, cli, data, &reply,
879 							 &replyname);
880 	else
881 		wpa_printf(MSG_INFO, "WPS UPnP: Unknown POST type");
882 
883 bad:
884 	if (ret != HTTP_OK)
885 		wpa_printf(MSG_INFO, "WPS UPnP: POST failure ret=%d", ret);
886 	web_connection_send_reply(req, ret, action, action_len, reply,
887 				  replyname);
888 	wpabuf_free(reply);
889 }
890 
891 
892 /* Given that we have received a header w/ SUBSCRIBE, act upon it
893  *
894  * Format of SUBSCRIBE (case-insensitive):
895  *
896  * First line must be:
897  *      SUBSCRIBE /wps_event HTTP/1.1
898  *
899  * Our response (if no error) which includes only required lines is:
900  * HTTP/1.1 200 OK
901  * Server: xx, UPnP/1.0, xx
902  * SID: uuid:xxxxxxxxx
903  * Timeout: Second-<n>
904  * Content-Length: 0
905  * Date: xxxx
906  *
907  * Header lines must end with \r\n
908  * Per RFC 2616, content-length: is not required but connection:close
909  * would appear to be required (given that we will be closing it!).
910  */
911 static void web_connection_parse_subscribe(struct upnp_wps_device_sm *sm,
912 					   struct http_request *req,
913 					   const char *filename)
914 {
915 	struct wpabuf *buf;
916 	char *b;
917 	char *hdr = http_request_get_hdr(req);
918 	char *h;
919 	char *match;
920 	int match_len;
921 	char *end;
922 	int len;
923 	int got_nt = 0;
924 	u8 uuid[UUID_LEN];
925 	int got_uuid = 0;
926 	char *callback_urls = NULL;
927 	struct subscription *s = NULL;
928 	enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
929 
930 	buf = wpabuf_alloc(1000);
931 	if (buf == NULL) {
932 		http_request_deinit(req);
933 		return;
934 	}
935 
936 	wpa_hexdump_ascii(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE",
937 			  (u8 *) hdr, os_strlen(hdr));
938 
939 	/* Parse/validate headers */
940 	h = hdr;
941 	/* First line: SUBSCRIBE /wps_event HTTP/1.1
942 	 * has already been parsed.
943 	 */
944 	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
945 		ret = HTTP_PRECONDITION_FAILED;
946 		goto error;
947 	}
948 	wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP SUBSCRIBE for event");
949 	end = os_strchr(h, '\n');
950 
951 	for (; end != NULL; h = end + 1) {
952 		/* Option line by option line */
953 		h = end + 1;
954 		end = os_strchr(h, '\n');
955 		if (end == NULL)
956 			break; /* no unterminated lines allowed */
957 
958 		/* NT assures that it is our type of subscription;
959 		 * not used for a renewal.
960 		 **/
961 		match = "NT:";
962 		match_len = os_strlen(match);
963 		if (os_strncasecmp(h, match, match_len) == 0) {
964 			h += match_len;
965 			while (*h == ' ' || *h == '\t')
966 				h++;
967 			match = "upnp:event";
968 			match_len = os_strlen(match);
969 			if (os_strncasecmp(h, match, match_len) != 0) {
970 				ret = HTTP_BAD_REQUEST;
971 				goto error;
972 			}
973 			got_nt = 1;
974 			continue;
975 		}
976 		/* HOST should refer to us */
977 #if 0
978 		match = "HOST:";
979 		match_len = os_strlen(match);
980 		if (os_strncasecmp(h, match, match_len) == 0) {
981 			h += match_len;
982 			while (*h == ' ' || *h == '\t')
983 				h++;
984 			.....
985 		}
986 #endif
987 		/* CALLBACK gives one or more URLs for NOTIFYs
988 		 * to be sent as a result of the subscription.
989 		 * Each URL is enclosed in angle brackets.
990 		 */
991 		match = "CALLBACK:";
992 		match_len = os_strlen(match);
993 		if (os_strncasecmp(h, match, match_len) == 0) {
994 			h += match_len;
995 			while (*h == ' ' || *h == '\t')
996 				h++;
997 			len = end - h;
998 			os_free(callback_urls);
999 			callback_urls = os_malloc(len + 1);
1000 			if (callback_urls == NULL) {
1001 				ret = HTTP_INTERNAL_SERVER_ERROR;
1002 				goto error;
1003 			}
1004 			os_memcpy(callback_urls, h, len);
1005 			callback_urls[len] = 0;
1006 			continue;
1007 		}
1008 		/* SID is only for renewal */
1009 		match = "SID:";
1010 		match_len = os_strlen(match);
1011 		if (os_strncasecmp(h, match, match_len) == 0) {
1012 			h += match_len;
1013 			while (*h == ' ' || *h == '\t')
1014 				h++;
1015 			match = "uuid:";
1016 			match_len = os_strlen(match);
1017 			if (os_strncasecmp(h, match, match_len) != 0) {
1018 				ret = HTTP_BAD_REQUEST;
1019 				goto error;
1020 			}
1021 			h += match_len;
1022 			while (*h == ' ' || *h == '\t')
1023 				h++;
1024 			if (uuid_str2bin(h, uuid)) {
1025 				ret = HTTP_BAD_REQUEST;
1026 				goto error;
1027 			}
1028 			got_uuid = 1;
1029 			continue;
1030 		}
1031 		/* TIMEOUT is requested timeout, but apparently we can
1032 		 * just ignore this.
1033 		 */
1034 	}
1035 
1036 	if (got_uuid) {
1037 		/* renewal */
1038 		wpa_printf(MSG_DEBUG, "WPS UPnP: Subscription renewal");
1039 		if (callback_urls) {
1040 			ret = HTTP_BAD_REQUEST;
1041 			goto error;
1042 		}
1043 		s = subscription_renew(sm, uuid);
1044 		if (s == NULL) {
1045 			char str[80];
1046 			uuid_bin2str(uuid, str, sizeof(str));
1047 			wpa_printf(MSG_DEBUG, "WPS UPnP: Could not find "
1048 				   "SID %s", str);
1049 			ret = HTTP_PRECONDITION_FAILED;
1050 			goto error;
1051 		}
1052 	} else if (callback_urls) {
1053 		wpa_printf(MSG_DEBUG, "WPS UPnP: New subscription");
1054 		if (!got_nt) {
1055 			ret = HTTP_PRECONDITION_FAILED;
1056 			goto error;
1057 		}
1058 		s = subscription_start(sm, callback_urls);
1059 		if (s == NULL) {
1060 			ret = HTTP_INTERNAL_SERVER_ERROR;
1061 			goto error;
1062 		}
1063 	} else {
1064 		ret = HTTP_PRECONDITION_FAILED;
1065 		goto error;
1066 	}
1067 
1068 	/* success */
1069 	http_put_reply_code(buf, HTTP_OK);
1070 	wpabuf_put_str(buf, http_server_hdr);
1071 	wpabuf_put_str(buf, http_connection_close);
1072 	wpabuf_put_str(buf, "Content-Length: 0\r\n");
1073 	wpabuf_put_str(buf, "SID: uuid:");
1074 	/* subscription id */
1075 	b = wpabuf_put(buf, 0);
1076 	uuid_bin2str(s->uuid, b, 80);
1077 	wpa_printf(MSG_DEBUG, "WPS UPnP: Assigned SID %s", b);
1078 	wpabuf_put(buf, os_strlen(b));
1079 	wpabuf_put_str(buf, "\r\n");
1080 	wpabuf_printf(buf, "Timeout: Second-%d\r\n", UPNP_SUBSCRIBE_SEC);
1081 	http_put_date(buf);
1082 	/* And empty line to terminate header: */
1083 	wpabuf_put_str(buf, "\r\n");
1084 
1085 	os_free(callback_urls);
1086 	http_request_send_and_deinit(req, buf);
1087 	return;
1088 
1089 error:
1090 	/* Per UPnP spec:
1091 	* Errors
1092 	* Incompatible headers
1093 	*   400 Bad Request. If SID header and one of NT or CALLBACK headers
1094 	*     are present, the publisher must respond with HTTP error
1095 	*     400 Bad Request.
1096 	* Missing or invalid CALLBACK
1097 	*   412 Precondition Failed. If CALLBACK header is missing or does not
1098 	*     contain a valid HTTP URL, the publisher must respond with HTTP
1099 	*     error 412 Precondition Failed.
1100 	* Invalid NT
1101 	*   412 Precondition Failed. If NT header does not equal upnp:event,
1102 	*     the publisher must respond with HTTP error 412 Precondition
1103 	*     Failed.
1104 	* [For resubscription, use 412 if unknown uuid].
1105 	* Unable to accept subscription
1106 	*   5xx. If a publisher is not able to accept a subscription (such as
1107 	*     due to insufficient resources), it must respond with a
1108 	*     HTTP 500-series error code.
1109 	*   599 Too many subscriptions (not a standard HTTP error)
1110 	*/
1111 	wpa_printf(MSG_DEBUG, "WPS UPnP: SUBSCRIBE failed - return %d", ret);
1112 	http_put_empty(buf, ret);
1113 	http_request_send_and_deinit(req, buf);
1114 	os_free(callback_urls);
1115 }
1116 
1117 
1118 /* Given that we have received a header w/ UNSUBSCRIBE, act upon it
1119  *
1120  * Format of UNSUBSCRIBE (case-insensitive):
1121  *
1122  * First line must be:
1123  *      UNSUBSCRIBE /wps_event HTTP/1.1
1124  *
1125  * Our response (if no error) which includes only required lines is:
1126  * HTTP/1.1 200 OK
1127  * Content-Length: 0
1128  *
1129  * Header lines must end with \r\n
1130  * Per RFC 2616, content-length: is not required but connection:close
1131  * would appear to be required (given that we will be closing it!).
1132  */
1133 static void web_connection_parse_unsubscribe(struct upnp_wps_device_sm *sm,
1134 					     struct http_request *req,
1135 					     const char *filename)
1136 {
1137 	struct wpabuf *buf;
1138 	char *hdr = http_request_get_hdr(req);
1139 	char *h;
1140 	char *match;
1141 	int match_len;
1142 	char *end;
1143 	u8 uuid[UUID_LEN];
1144 	int got_uuid = 0;
1145 	struct subscription *s = NULL;
1146 	enum http_reply_code ret = HTTP_INTERNAL_SERVER_ERROR;
1147 
1148 	/* Parse/validate headers */
1149 	h = hdr;
1150 	/* First line: UNSUBSCRIBE /wps_event HTTP/1.1
1151 	 * has already been parsed.
1152 	 */
1153 	if (os_strcasecmp(filename, UPNP_WPS_DEVICE_EVENT_FILE) != 0) {
1154 		ret = HTTP_PRECONDITION_FAILED;
1155 		goto send_msg;
1156 	}
1157 	wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP UNSUBSCRIBE for event");
1158 	end = os_strchr(h, '\n');
1159 
1160 	for (; end != NULL; h = end + 1) {
1161 		/* Option line by option line */
1162 		h = end + 1;
1163 		end = os_strchr(h, '\n');
1164 		if (end == NULL)
1165 			break; /* no unterminated lines allowed */
1166 
1167 		/* HOST should refer to us */
1168 #if 0
1169 		match = "HOST:";
1170 		match_len = os_strlen(match);
1171 		if (os_strncasecmp(h, match, match_len) == 0) {
1172 			h += match_len;
1173 			while (*h == ' ' || *h == '\t')
1174 				h++;
1175 			.....
1176 		}
1177 #endif
1178 		/* SID is only for renewal */
1179 		match = "SID:";
1180 		match_len = os_strlen(match);
1181 		if (os_strncasecmp(h, match, match_len) == 0) {
1182 			h += match_len;
1183 			while (*h == ' ' || *h == '\t')
1184 				h++;
1185 			match = "uuid:";
1186 			match_len = os_strlen(match);
1187 			if (os_strncasecmp(h, match, match_len) != 0) {
1188 				ret = HTTP_BAD_REQUEST;
1189 				goto send_msg;
1190 			}
1191 			h += match_len;
1192 			while (*h == ' ' || *h == '\t')
1193 				h++;
1194 			if (uuid_str2bin(h, uuid)) {
1195 				ret = HTTP_BAD_REQUEST;
1196 				goto send_msg;
1197 			}
1198 			got_uuid = 1;
1199 			continue;
1200 		}
1201 	}
1202 
1203 	if (got_uuid) {
1204 		s = subscription_find(sm, uuid);
1205 		if (s) {
1206 			struct subscr_addr *sa;
1207 			sa = dl_list_first(&s->addr_list, struct subscr_addr,
1208 					   list);
1209 			wpa_printf(MSG_DEBUG, "WPS UPnP: Unsubscribing %p %s",
1210 				   s, (sa && sa->domain_and_port) ?
1211 				   sa->domain_and_port : "-null-");
1212 			dl_list_del(&s->list);
1213 			subscription_destroy(s);
1214 		}
1215 	} else {
1216 		wpa_printf(MSG_INFO, "WPS UPnP: Unsubscribe fails (not "
1217 			   "found)");
1218 		ret = HTTP_PRECONDITION_FAILED;
1219 		goto send_msg;
1220 	}
1221 
1222 	ret = HTTP_OK;
1223 
1224 send_msg:
1225 	buf = wpabuf_alloc(200);
1226 	if (buf == NULL) {
1227 		http_request_deinit(req);
1228 		return;
1229 	}
1230 	http_put_empty(buf, ret);
1231 	http_request_send_and_deinit(req, buf);
1232 }
1233 
1234 
1235 /* Send error in response to unknown requests */
1236 static void web_connection_unimplemented(struct http_request *req)
1237 {
1238 	struct wpabuf *buf;
1239 	buf = wpabuf_alloc(200);
1240 	if (buf == NULL) {
1241 		http_request_deinit(req);
1242 		return;
1243 	}
1244 	http_put_empty(buf, HTTP_UNIMPLEMENTED);
1245 	http_request_send_and_deinit(req, buf);
1246 }
1247 
1248 
1249 
1250 /* Called when we have gotten an apparently valid http request.
1251  */
1252 static void web_connection_check_data(void *ctx, struct http_request *req)
1253 {
1254 	struct upnp_wps_device_sm *sm = ctx;
1255 	enum httpread_hdr_type htype = http_request_get_type(req);
1256 	char *filename = http_request_get_uri(req);
1257 	struct sockaddr_in *cli = http_request_get_cli_addr(req);
1258 
1259 	if (!filename) {
1260 		wpa_printf(MSG_INFO, "WPS UPnP: Could not get HTTP URI");
1261 		http_request_deinit(req);
1262 		return;
1263 	}
1264 	/* Trim leading slashes from filename */
1265 	while (*filename == '/')
1266 		filename++;
1267 
1268 	wpa_printf(MSG_DEBUG, "WPS UPnP: Got HTTP request type %d from %s:%d",
1269 		   htype, inet_ntoa(cli->sin_addr), htons(cli->sin_port));
1270 
1271 	switch (htype) {
1272 	case HTTPREAD_HDR_TYPE_GET:
1273 		web_connection_parse_get(sm, req, filename);
1274 		break;
1275 	case HTTPREAD_HDR_TYPE_POST:
1276 		web_connection_parse_post(sm, cli, req, filename);
1277 		break;
1278 	case HTTPREAD_HDR_TYPE_SUBSCRIBE:
1279 		web_connection_parse_subscribe(sm, req, filename);
1280 		break;
1281 	case HTTPREAD_HDR_TYPE_UNSUBSCRIBE:
1282 		web_connection_parse_unsubscribe(sm, req, filename);
1283 		break;
1284 
1285 		/* We are not required to support M-POST; just plain
1286 		 * POST is supposed to work, so we only support that.
1287 		 * If for some reason we need to support M-POST, it is
1288 		 * mostly the same as POST, with small differences.
1289 		 */
1290 	default:
1291 		/* Send 501 for anything else */
1292 		web_connection_unimplemented(req);
1293 		break;
1294 	}
1295 }
1296 
1297 
1298 /*
1299  * Listening for web connections
1300  * We have a single TCP listening port, and hand off connections as we get
1301  * them.
1302  */
1303 
1304 void web_listener_stop(struct upnp_wps_device_sm *sm)
1305 {
1306 	http_server_deinit(sm->web_srv);
1307 	sm->web_srv = NULL;
1308 }
1309 
1310 
1311 int web_listener_start(struct upnp_wps_device_sm *sm)
1312 {
1313 	struct in_addr addr;
1314 	addr.s_addr = sm->ip_addr;
1315 	sm->web_srv = http_server_init(&addr, -1, web_connection_check_data,
1316 				       sm);
1317 	if (sm->web_srv == NULL) {
1318 		web_listener_stop(sm);
1319 		return -1;
1320 	}
1321 	sm->web_port = http_server_get_port(sm->web_srv);
1322 
1323 	return 0;
1324 }
1325