00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033 #include "asterisk.h"
00034
00035 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 226101 $")
00036
00037 #include <sys/stat.h>
00038 #include <fcntl.h>
00039 #include <gmime/gmime.h>
00040 #if defined (__OpenBSD__) || defined(__FreeBSD__)
00041 #include <libgen.h>
00042 #endif
00043
00044 #include "asterisk/linkedlists.h"
00045 #include "asterisk/http.h"
00046 #include "asterisk/paths.h"
00047 #include "asterisk/tcptls.h"
00048 #include "asterisk/manager.h"
00049 #include "asterisk/cli.h"
00050 #include "asterisk/module.h"
00051 #include "asterisk/ast_version.h"
00052
00053 #define MAX_PREFIX 80
00054
00055
00056 struct mime_cbinfo {
00057 int count;
00058 const char *post_dir;
00059 };
00060
00061
00062 static char prefix[MAX_PREFIX];
00063
00064 static void post_raw(GMimePart *part, const char *post_dir, const char *fn)
00065 {
00066 char filename[PATH_MAX];
00067 GMimeDataWrapper *content;
00068 GMimeStream *stream;
00069 int fd;
00070
00071 snprintf(filename, sizeof(filename), "%s/%s", post_dir, fn);
00072
00073 ast_debug(1, "Posting raw data to %s\n", filename);
00074
00075 if ((fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666)) == -1) {
00076 ast_log(LOG_WARNING, "Unable to open %s for writing file from a POST!\n", filename);
00077
00078 return;
00079 }
00080
00081 stream = g_mime_stream_fs_new(fd);
00082
00083 content = g_mime_part_get_content_object(part);
00084 g_mime_data_wrapper_write_to_stream(content, stream);
00085 g_mime_stream_flush(stream);
00086
00087 g_object_unref(content);
00088 g_object_unref(stream);
00089 }
00090
00091 static GMimeMessage *parse_message(FILE *f)
00092 {
00093 GMimeMessage *message;
00094 GMimeParser *parser;
00095 GMimeStream *stream;
00096
00097 stream = g_mime_stream_file_new(f);
00098
00099 parser = g_mime_parser_new_with_stream(stream);
00100 g_mime_parser_set_respect_content_length(parser, 1);
00101
00102 g_object_unref(stream);
00103
00104 message = g_mime_parser_construct_message(parser);
00105
00106 g_object_unref(parser);
00107
00108 return message;
00109 }
00110
00111 static void process_message_callback(GMimeObject *part, gpointer user_data)
00112 {
00113 struct mime_cbinfo *cbinfo = user_data;
00114
00115 cbinfo->count++;
00116
00117
00118 if (GMIME_IS_MESSAGE_PART(part)) {
00119 ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MESSAGE_PART\n");
00120 return;
00121 } else if (GMIME_IS_MESSAGE_PARTIAL(part)) {
00122 ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MESSAGE_PARTIAL\n");
00123 return;
00124 } else if (GMIME_IS_MULTIPART(part)) {
00125 GList *l;
00126
00127 ast_log(LOG_WARNING, "Got unexpected GMIME_IS_MULTIPART, trying to process subparts\n");
00128 l = GMIME_MULTIPART(part)->subparts;
00129 while (l) {
00130 process_message_callback(l->data, cbinfo);
00131 l = l->next;
00132 }
00133 } else if (GMIME_IS_PART(part)) {
00134 const char *filename;
00135
00136 if (ast_strlen_zero(filename = g_mime_part_get_filename(GMIME_PART(part)))) {
00137 ast_debug(1, "Skipping part with no filename\n");
00138 return;
00139 }
00140
00141 post_raw(GMIME_PART(part), cbinfo->post_dir, filename);
00142 } else {
00143 ast_log(LOG_ERROR, "Encountered unknown MIME part. This should never happen!\n");
00144 }
00145 }
00146
00147 static int process_message(GMimeMessage *message, const char *post_dir)
00148 {
00149 struct mime_cbinfo cbinfo = {
00150 .count = 0,
00151 .post_dir = post_dir,
00152 };
00153
00154 g_mime_message_foreach_part(message, process_message_callback, &cbinfo);
00155
00156 return cbinfo.count;
00157 }
00158
00159
00160
00161 static int find_sequence(char * inbuf, int inlen, char * matchbuf, int matchlen)
00162 {
00163 int current;
00164 int comp;
00165 int found = 0;
00166
00167 for (current = 0; current < inlen-matchlen; current++, inbuf++) {
00168 if (*inbuf == *matchbuf) {
00169 found=1;
00170 for (comp = 1; comp < matchlen; comp++) {
00171 if (inbuf[comp] != matchbuf[comp]) {
00172 found = 0;
00173 break;
00174 }
00175 }
00176 if (found) {
00177 break;
00178 }
00179 }
00180 }
00181 if (found) {
00182 return current;
00183 } else {
00184 return -1;
00185 }
00186 }
00187
00188
00189
00190
00191
00192
00193
00194
00195
00196
00197 static int readmimefile(FILE * fin, FILE * fout, char * boundary, int contentlen)
00198 {
00199 int find_filename = 0;
00200 char buf[4096];
00201 int marker;
00202 int x;
00203 int char_in_buf = 0;
00204 int num_to_read;
00205 int boundary_len;
00206 char * path_end, * path_start, * filespec;
00207
00208 if (NULL == fin || NULL == fout || NULL == boundary || 0 >= contentlen) {
00209 return -1;
00210 }
00211
00212 boundary_len = strlen(boundary);
00213 while (0 < contentlen || 0 < char_in_buf) {
00214
00215 if (contentlen > sizeof(buf) - char_in_buf) {
00216 num_to_read = sizeof(buf)- char_in_buf;
00217 } else {
00218 num_to_read = contentlen;
00219 }
00220
00221 if (0 < num_to_read) {
00222 if (fread(&(buf[char_in_buf]), 1, num_to_read, fin) < num_to_read) {
00223 ast_log(LOG_WARNING, "fread() failed: %s\n", strerror(errno));
00224 num_to_read = 0;
00225 }
00226 contentlen -= num_to_read;
00227 char_in_buf += num_to_read;
00228 }
00229
00230 if (find_filename) {
00231 path_end = filespec = NULL;
00232 x = strlen("filename=\"");
00233 marker = find_sequence(buf, char_in_buf, "filename=\"", x );
00234 if (0 <= marker) {
00235 marker += x;
00236 path_start = &buf[marker];
00237 for (path_end = path_start, x = 0; x < char_in_buf-marker; x++, path_end++) {
00238 if ('\\' == *path_end) {
00239 *path_end = '/';
00240 }
00241 if ('\"' == *path_end) {
00242 *path_end = '\0';
00243 filespec = basename(path_start);
00244 *path_end = '\"';
00245 break;
00246 }
00247 }
00248 }
00249 if (filespec) {
00250 if (fwrite(buf, 1, marker, fout) != marker) {
00251 ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
00252 }
00253 x = (int)(path_end+1 - filespec);
00254 if (fwrite(filespec, 1, x, fout) != x) {
00255 ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
00256 }
00257 x = (int)(path_end+1 - buf);
00258 memmove(buf, &(buf[x]), char_in_buf-x);
00259 char_in_buf -= x;
00260 }
00261 find_filename = 0;
00262 } else {
00263 marker = find_sequence(buf, char_in_buf, boundary, boundary_len);
00264 if (0 > marker) {
00265 if (char_in_buf < (boundary_len)) {
00266
00267 if (fwrite(buf, 1, char_in_buf, fout) != char_in_buf) {
00268 ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
00269 }
00270 char_in_buf = 0;
00271 } else {
00272
00273 if (fwrite(buf, 1, char_in_buf -(boundary_len -1), fout) != char_in_buf - (boundary_len - 1)) {
00274 ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
00275 }
00276 x = char_in_buf -(boundary_len -1);
00277 memmove(buf, &(buf[x]), char_in_buf-x);
00278 char_in_buf = (boundary_len -1);
00279 }
00280 } else {
00281
00282 if (fwrite(buf, 1, marker + boundary_len, fout) != marker + boundary_len) {
00283 ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
00284 }
00285 x = marker + boundary_len;
00286 memmove(buf, &(buf[x]), char_in_buf-x);
00287 char_in_buf -= marker + boundary_len;
00288 find_filename =1;
00289 }
00290 }
00291 }
00292 return 0;
00293 }
00294
00295
00296 static struct ast_str *http_post_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *vars, struct ast_variable *headers, int *status, char **title, int *contentlength)
00297 {
00298 struct ast_variable *var;
00299 unsigned long ident = 0;
00300 FILE *f;
00301 int content_len = 0;
00302 struct ast_str *post_dir;
00303 GMimeMessage *message;
00304 int message_count = 0;
00305 char * boundary_marker = NULL;
00306
00307 if (!urih) {
00308 return ast_http_error((*status = 400),
00309 (*title = ast_strdup("Missing URI handle")),
00310 NULL, "There was an error parsing the request");
00311 }
00312
00313 for (var = vars; var; var = var->next) {
00314 if (strcasecmp(var->name, "mansession_id")) {
00315 continue;
00316 }
00317
00318 if (sscanf(var->value, "%30lx", &ident) != 1) {
00319 return ast_http_error((*status = 400),
00320 (*title = ast_strdup("Bad Request")),
00321 NULL, "The was an error parsing the request.");
00322 }
00323
00324 if (!astman_verify_session_writepermissions(ident, EVENT_FLAG_CONFIG)) {
00325 return ast_http_error((*status = 401),
00326 (*title = ast_strdup("Unauthorized")),
00327 NULL, "You are not authorized to make this request.");
00328 }
00329
00330 break;
00331 }
00332
00333 if (!var) {
00334 return ast_http_error((*status = 401),
00335 (*title = ast_strdup("Unauthorized")),
00336 NULL, "You are not authorized to make this request.");
00337 }
00338
00339 if (!(f = tmpfile())) {
00340 ast_log(LOG_ERROR, "Could not create temp file.\n");
00341 return NULL;
00342 }
00343
00344 for (var = headers; var; var = var->next) {
00345 fprintf(f, "%s: %s\r\n", var->name, var->value);
00346
00347 if (!strcasecmp(var->name, "Content-Length")) {
00348 if ((sscanf(var->value, "%30u", &content_len)) != 1) {
00349 ast_log(LOG_ERROR, "Invalid Content-Length in POST request!\n");
00350 fclose(f);
00351
00352 return NULL;
00353 }
00354 ast_debug(1, "Got a Content-Length of %d\n", content_len);
00355 } else if (!strcasecmp(var->name, "Content-Type")) {
00356 boundary_marker = strstr(var->value, "boundary=");
00357 if (boundary_marker) {
00358 boundary_marker += strlen("boundary=");
00359 }
00360 }
00361 }
00362
00363 fprintf(f, "\r\n");
00364
00365 if (0 > readmimefile(ser->f, f, boundary_marker, content_len)) {
00366 if (option_debug) {
00367 ast_log(LOG_DEBUG, "Cannot find boundary marker in POST request.\n");
00368 }
00369 fclose(f);
00370
00371 return NULL;
00372 }
00373
00374 if (fseek(f, SEEK_SET, 0)) {
00375 ast_log(LOG_ERROR, "Failed to seek temp file back to beginning.\n");
00376 fclose(f);
00377
00378 return NULL;
00379 }
00380
00381 post_dir = urih->data;
00382
00383 message = parse_message(f);
00384
00385 if (!message) {
00386 ast_log(LOG_ERROR, "Error parsing MIME data\n");
00387
00388 return ast_http_error((*status = 400),
00389 (*title = ast_strdup("Bad Request")),
00390 NULL, "The was an error parsing the request.");
00391 }
00392
00393 if (!(message_count = process_message(message, ast_str_buffer(post_dir)))) {
00394 ast_log(LOG_ERROR, "Invalid MIME data, found no parts!\n");
00395 g_object_unref(message);
00396 return ast_http_error((*status = 400),
00397 (*title = ast_strdup("Bad Request")),
00398 NULL, "The was an error parsing the request.");
00399 }
00400
00401 g_object_unref(message);
00402
00403 return ast_http_error((*status = 200),
00404 (*title = ast_strdup("OK")),
00405 NULL, "File successfully uploaded.");
00406 }
00407
00408 static int __ast_http_post_load(int reload)
00409 {
00410 struct ast_config *cfg;
00411 struct ast_variable *v;
00412 struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
00413
00414 cfg = ast_config_load2("http.conf", "http", config_flags);
00415 if (cfg == CONFIG_STATUS_FILEMISSING || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
00416 return 0;
00417 }
00418
00419 if (reload) {
00420 ast_http_uri_unlink_all_with_key(__FILE__);
00421 }
00422
00423 if (cfg) {
00424 for (v = ast_variable_browse(cfg, "general"); v; v = v->next) {
00425 if (!strcasecmp(v->name, "prefix")) {
00426 ast_copy_string(prefix, v->value, sizeof(prefix));
00427 if (prefix[strlen(prefix)] == '/') {
00428 prefix[strlen(prefix)] = '\0';
00429 }
00430 }
00431 }
00432
00433 for (v = ast_variable_browse(cfg, "post_mappings"); v; v = v->next) {
00434 struct ast_http_uri *urih;
00435 struct ast_str *ds;
00436
00437 if (!(urih = ast_calloc(sizeof(*urih), 1))) {
00438 ast_config_destroy(cfg);
00439 return -1;
00440 }
00441
00442 if (!(ds = ast_str_create(32))) {
00443 ast_free(urih);
00444 ast_config_destroy(cfg);
00445 return -1;
00446 }
00447
00448 urih->description = ast_strdup("HTTP POST mapping");
00449 urih->uri = ast_strdup(v->name);
00450 ast_str_set(&ds, 0, "%s", v->value);
00451 urih->data = ds;
00452 urih->has_subtree = 0;
00453 urih->supports_get = 0;
00454 urih->supports_post = 1;
00455 urih->callback = http_post_callback;
00456 urih->key = __FILE__;
00457 urih->mallocd = urih->dmallocd = 1;
00458
00459 ast_http_uri_link(urih);
00460 }
00461
00462 ast_config_destroy(cfg);
00463 }
00464 return 0;
00465 }
00466
00467 static int unload_module(void)
00468 {
00469 ast_http_uri_unlink_all_with_key(__FILE__);
00470
00471 return 0;
00472 }
00473
00474 static int reload(void)
00475 {
00476 __ast_http_post_load(1);
00477
00478 return AST_MODULE_LOAD_SUCCESS;
00479 }
00480
00481 static int load_module(void)
00482 {
00483 g_mime_init(0);
00484
00485 __ast_http_post_load(0);
00486
00487 return AST_MODULE_LOAD_SUCCESS;
00488 }
00489
00490 AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_DEFAULT, "HTTP POST support",
00491 .load = load_module,
00492 .unload = unload_module,
00493 .reload = reload,
00494 );