1 /*
2 * UPnP WPS Device - Event processing
3 * Copyright (c) 2000-2003 Intel Corporation
4 * Copyright (c) 2006-2007 Sony Corporation
5 * Copyright (c) 2008-2009 Atheros Communications
6 * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
7 *
8 * See wps_upnp.c for more details on licensing and code history.
9 */
10
11 #include "includes.h"
12 #include <assert.h>
13
14 #include "common.h"
15 #include "eloop.h"
16 #include "uuid.h"
17 #include "http_client.h"
18 #include "wps_defs.h"
19 #include "wps_upnp.h"
20 #include "wps_upnp_i.h"
21
22 /*
23 * Event message generation (to subscribers)
24 *
25 * We make a separate copy for each message for each subscriber. This memory
26 * wasted could be limited (adding code complexity) by sharing copies, keeping
27 * a usage count and freeing when zero.
28 *
29 * Sending a message requires using a HTTP over TCP NOTIFY
30 * (like a PUT) which requires a number of states..
31 */
32
33 #define MAX_EVENTS_QUEUED 20 /* How far behind queued events */
34 #define MAX_FAILURES 10 /* Drop subscription after this many failures */
35
36 /* How long to wait before sending event */
37 #define EVENT_DELAY_SECONDS 0
38 #define EVENT_DELAY_MSEC 0
39
40 /*
41 * Event information that we send to each subscriber is remembered in this
42 * struct. The event cannot be sent by simple UDP; it has to be sent by a HTTP
43 * over TCP transaction which requires various states.. It may also need to be
44 * retried at a different address (if more than one is available).
45 *
46 * TODO: As an optimization we could share data between subscribers.
47 */
48 struct wps_event_ {
49 struct dl_list list;
50 struct subscription *s; /* parent */
51 unsigned subscriber_sequence; /* which event for this subscription*/
52 unsigned int retry; /* which retry */
53 struct subscr_addr *addr; /* address to connect to */
54 struct wpabuf *data; /* event data to send */
55 struct http_client *http_event;
56 };
57
58
59 /* event_clean -- clean sockets etc. of event
60 * Leaves data, retry count etc. alone.
61 */
event_clean(struct wps_event_ * e)62 static void event_clean(struct wps_event_ *e)
63 {
64 if (e->s->current_event == e)
65 e->s->current_event = NULL;
66 http_client_free(e->http_event);
67 e->http_event = NULL;
68 }
69
70
71 /* event_delete -- delete single unqueued event
72 * (be sure to dequeue first if need be)
73 */
event_delete(struct wps_event_ * e)74 static void event_delete(struct wps_event_ *e)
75 {
76 wpa_printf(MSG_DEBUG, "WPS UPnP: Delete event %p", e);
77 event_clean(e);
78 wpabuf_free(e->data);
79 os_free(e);
80 }
81
82
83 /* event_dequeue -- get next event from the queue
84 * Returns NULL if empty.
85 */
event_dequeue(struct subscription * s)86 static struct wps_event_ *event_dequeue(struct subscription *s)
87 {
88 struct wps_event_ *e;
89 e = dl_list_first(&s->event_queue, struct wps_event_, list);
90 if (e) {
91 wpa_printf(MSG_DEBUG, "WPS UPnP: Dequeue event %p for "
92 "subscription %p", e, s);
93 dl_list_del(&e->list);
94 }
95 return e;
96 }
97
98
99 /* wps_upnp_event_delete_all -- delete entire event queue and current event */
wps_upnp_event_delete_all(struct subscription * s)100 void wps_upnp_event_delete_all(struct subscription *s)
101 {
102 struct wps_event_ *e;
103 while ((e = event_dequeue(s)) != NULL)
104 event_delete(e);
105 if (s->current_event) {
106 event_delete(s->current_event);
107 /* will set: s->current_event = NULL; */
108 }
109 }
110
111
112 /**
113 * event_retry - Called when we had a failure delivering event msg
114 * @e: Event
115 * @do_next_address: skip address e.g. on connect fail
116 */
event_retry(struct wps_event_ * e,int do_next_address)117 static void event_retry(struct wps_event_ *e, int do_next_address)
118 {
119 struct subscription *s = e->s;
120 struct upnp_wps_device_sm *sm = s->sm;
121
122 wpa_printf(MSG_DEBUG, "WPS UPnP: Retry event %p for subscription %p",
123 e, s);
124 event_clean(e);
125 /* will set: s->current_event = NULL; */
126
127 if (do_next_address) {
128 e->retry++;
129 wpa_printf(MSG_DEBUG, "WPS UPnP: Try address %d", e->retry);
130 }
131 if (e->retry >= dl_list_len(&s->addr_list)) {
132 wpa_printf(MSG_DEBUG, "WPS UPnP: Giving up on sending event "
133 "for %s", e->addr->domain_and_port);
134 event_delete(e);
135 s->last_event_failed = 1;
136 if (!dl_list_empty(&s->event_queue))
137 wps_upnp_event_send_all_later(s->sm);
138 return;
139 }
140 dl_list_add(&s->event_queue, &e->list);
141 wps_upnp_event_send_all_later(sm);
142 }
143
144
event_build_message(struct wps_event_ * e)145 static struct wpabuf * event_build_message(struct wps_event_ *e)
146 {
147 struct wpabuf *buf;
148 char *b;
149
150 buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
151 wpabuf_len(e->data));
152 if (buf == NULL)
153 return NULL;
154 wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
155 wpabuf_put_str(buf, "SERVER: Unspecified, UPnP/1.0, Unspecified\r\n");
156 wpabuf_printf(buf, "HOST: %s\r\n", e->addr->domain_and_port);
157 wpabuf_put_str(buf, "CONTENT-TYPE: text/xml; charset=\"utf-8\"\r\n"
158 "NT: upnp:event\r\n"
159 "NTS: upnp:propchange\r\n");
160 wpabuf_put_str(buf, "SID: uuid:");
161 b = wpabuf_put(buf, 0);
162 uuid_bin2str(e->s->uuid, b, 80);
163 wpabuf_put(buf, os_strlen(b));
164 wpabuf_put_str(buf, "\r\n");
165 wpabuf_printf(buf, "SEQ: %u\r\n", e->subscriber_sequence);
166 wpabuf_printf(buf, "CONTENT-LENGTH: %d\r\n",
167 (int) wpabuf_len(e->data));
168 wpabuf_put_str(buf, "\r\n"); /* terminating empty line */
169 wpabuf_put_buf(buf, e->data);
170 return buf;
171 }
172
173
event_addr_failure(struct wps_event_ * e)174 static void event_addr_failure(struct wps_event_ *e)
175 {
176 struct subscription *s = e->s;
177
178 e->addr->num_failures++;
179 wpa_printf(MSG_DEBUG, "WPS UPnP: Failed to send event %p to %s "
180 "(num_failures=%u)",
181 e, e->addr->domain_and_port, e->addr->num_failures);
182
183 if (e->addr->num_failures < MAX_FAILURES) {
184 /* Try other addresses, if available */
185 event_retry(e, 1);
186 return;
187 }
188
189 /*
190 * If other side doesn't like what we say, forget about them.
191 * (There is no way to tell other side that we are dropping them...).
192 */
193 wpa_printf(MSG_DEBUG, "WPS UPnP: Deleting subscription %p "
194 "address %s due to errors", s, e->addr->domain_and_port);
195 dl_list_del(&e->addr->list);
196 subscr_addr_delete(e->addr);
197 e->addr = NULL;
198
199 if (dl_list_empty(&s->addr_list)) {
200 /* if we've given up on all addresses */
201 wpa_printf(MSG_DEBUG, "WPS UPnP: Removing subscription %p "
202 "with no addresses", s);
203 dl_list_del(&s->list);
204 subscription_destroy(s);
205 return;
206 }
207
208 /* Try other addresses, if available */
209 event_retry(e, 0);
210 }
211
212
event_http_cb(void * ctx,struct http_client * c,enum http_client_event event)213 static void event_http_cb(void *ctx, struct http_client *c,
214 enum http_client_event event)
215 {
216 struct wps_event_ *e = ctx;
217 struct subscription *s = e->s;
218
219 wpa_printf(MSG_DEBUG, "WPS UPnP: HTTP client callback: e=%p c=%p "
220 "event=%d", e, c, event);
221 switch (event) {
222 case HTTP_CLIENT_OK:
223 wpa_printf(MSG_DEBUG,
224 "WPS UPnP: Got event %p reply OK from %s",
225 e, e->addr->domain_and_port);
226 e->addr->num_failures = 0;
227 s->last_event_failed = 0;
228 event_delete(e);
229
230 /* Schedule sending more if there is more to send */
231 if (!dl_list_empty(&s->event_queue))
232 wps_upnp_event_send_all_later(s->sm);
233 break;
234 case HTTP_CLIENT_FAILED:
235 wpa_printf(MSG_DEBUG, "WPS UPnP: Event send failure");
236 event_addr_failure(e);
237 break;
238 case HTTP_CLIENT_INVALID_REPLY:
239 wpa_printf(MSG_DEBUG, "WPS UPnP: Invalid reply");
240 event_addr_failure(e);
241 break;
242 case HTTP_CLIENT_TIMEOUT:
243 wpa_printf(MSG_DEBUG, "WPS UPnP: Event send timeout");
244 event_addr_failure(e);
245 break;
246 }
247 }
248
249
250 /* event_send_start -- prepare to send a event message to subscriber
251 *
252 * This gets complicated because:
253 * -- The message is sent via TCP and we have to keep the stream open
254 * for 30 seconds to get a response... then close it.
255 * -- But we might have other event happen in the meantime...
256 * we have to queue them, if we lose them then the subscriber will
257 * be forced to unsubscribe and subscribe again.
258 * -- If multiple URLs are provided then we are supposed to try successive
259 * ones after 30 second timeout.
260 * -- The URLs might use domain names instead of dotted decimal addresses,
261 * and resolution of those may cause unwanted sleeping.
262 * -- Doing the initial TCP connect can take a while, so we have to come
263 * back after connection and then send the data.
264 *
265 * Returns nonzero on error;
266 *
267 * Prerequisite: No current event send (s->current_event == NULL)
268 * and non-empty queue.
269 */
event_send_start(struct subscription * s)270 static int event_send_start(struct subscription *s)
271 {
272 struct wps_event_ *e;
273 unsigned int itry;
274 struct wpabuf *buf;
275
276 /*
277 * Assume we are called ONLY with no current event and ONLY with
278 * nonempty event queue and ONLY with at least one address to send to.
279 */
280 if (dl_list_empty(&s->addr_list) ||
281 s->current_event ||
282 dl_list_empty(&s->event_queue))
283 return -1;
284
285 s->current_event = e = event_dequeue(s);
286
287 /* Use address according to number of retries */
288 itry = 0;
289 dl_list_for_each(e->addr, &s->addr_list, struct subscr_addr, list)
290 if (itry++ == e->retry)
291 break;
292 if (itry < e->retry)
293 return -1;
294
295 buf = event_build_message(e);
296 if (buf == NULL) {
297 event_addr_failure(e);
298 return -1;
299 }
300
301 e->http_event = http_client_addr(&e->addr->saddr, buf, 0,
302 event_http_cb, e);
303 if (e->http_event == NULL) {
304 wpabuf_free(buf);
305 event_addr_failure(e);
306 return -1;
307 }
308
309 return 0;
310 }
311
312
313 /* event_send_all_later_handler -- actually send events as needed */
event_send_all_later_handler(void * eloop_data,void * user_ctx)314 static void event_send_all_later_handler(void *eloop_data, void *user_ctx)
315 {
316 struct upnp_wps_device_sm *sm = user_ctx;
317 struct subscription *s, *tmp;
318 int nerrors = 0;
319
320 sm->event_send_all_queued = 0;
321 dl_list_for_each_safe(s, tmp, &sm->subscriptions, struct subscription,
322 list) {
323 if (s->current_event == NULL /* not busy */ &&
324 !dl_list_empty(&s->event_queue) /* more to do */) {
325 if (event_send_start(s))
326 nerrors++;
327 }
328 }
329
330 if (nerrors) {
331 /* Try again later */
332 wps_upnp_event_send_all_later(sm);
333 }
334 }
335
336
337 /* wps_upnp_event_send_all_later -- schedule sending events to all subscribers
338 * that need it.
339 * This avoids two problems:
340 * -- After getting a subscription, we should not send the first event
341 * until after our reply is fully queued to be sent back,
342 * -- Possible stack depth or infinite recursion issues.
343 */
wps_upnp_event_send_all_later(struct upnp_wps_device_sm * sm)344 void wps_upnp_event_send_all_later(struct upnp_wps_device_sm *sm)
345 {
346 /*
347 * The exact time in the future isn't too important. Waiting a bit
348 * might let us do several together.
349 */
350 if (sm->event_send_all_queued)
351 return;
352 sm->event_send_all_queued = 1;
353 eloop_register_timeout(EVENT_DELAY_SECONDS, EVENT_DELAY_MSEC,
354 event_send_all_later_handler, NULL, sm);
355 }
356
357
358 /* wps_upnp_event_send_stop_all -- cleanup */
wps_upnp_event_send_stop_all(struct upnp_wps_device_sm * sm)359 void wps_upnp_event_send_stop_all(struct upnp_wps_device_sm *sm)
360 {
361 if (sm->event_send_all_queued)
362 eloop_cancel_timeout(event_send_all_later_handler, NULL, sm);
363 sm->event_send_all_queued = 0;
364 }
365
366
367 /**
368 * wps_upnp_event_add - Add a new event to a queue
369 * @s: Subscription
370 * @data: Event data (is copied; caller retains ownership)
371 * @probereq: Whether this is a Probe Request event
372 * Returns: 0 on success, -1 on error, 1 on max event queue limit reached
373 */
wps_upnp_event_add(struct subscription * s,const struct wpabuf * data,int probereq)374 int wps_upnp_event_add(struct subscription *s, const struct wpabuf *data,
375 int probereq)
376 {
377 struct wps_event_ *e;
378 unsigned int len;
379
380 len = dl_list_len(&s->event_queue);
381 if (len >= MAX_EVENTS_QUEUED) {
382 wpa_printf(MSG_DEBUG, "WPS UPnP: Too many events queued for "
383 "subscriber %p", s);
384 if (probereq)
385 return 1;
386
387 /* Drop oldest entry to allow EAP event to be stored. */
388 e = event_dequeue(s);
389 if (!e)
390 return 1;
391 event_delete(e);
392 }
393
394 if (s->last_event_failed && probereq && len > 0) {
395 /*
396 * Avoid queuing frames for subscribers that may have left
397 * without unsubscribing.
398 */
399 wpa_printf(MSG_DEBUG, "WPS UPnP: Do not queue more Probe "
400 "Request frames for subscription %p since last "
401 "delivery failed", s);
402 return -1;
403 }
404
405 e = os_zalloc(sizeof(*e));
406 if (e == NULL)
407 return -1;
408 dl_list_init(&e->list);
409 e->s = s;
410 e->data = wpabuf_dup(data);
411 if (e->data == NULL) {
412 os_free(e);
413 return -1;
414 }
415 e->subscriber_sequence = s->next_subscriber_sequence++;
416 if (s->next_subscriber_sequence == 0)
417 s->next_subscriber_sequence++;
418 wpa_printf(MSG_DEBUG, "WPS UPnP: Queue event %p for subscriber %p "
419 "(queue len %u)", e, s, len + 1);
420 dl_list_add_tail(&s->event_queue, &e->list);
421 wps_upnp_event_send_all_later(s->sm);
422 return 0;
423 }
424
