277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
|
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
-
-
-
+
+
+
+
+
+
+
+
-
+
+
+
+
+
+
+
+
+
+
|
write_err:
http_close();
return 0;
}
/*
** Sign the content in pSend, compress it, and send it to the server
** via HTTP. Get a reply, uncompress the reply, and store the reply
** in pRecv. pRecv is assumed to be uninitialized when
** Sign the content in pSend, compress it (if compression is turned on),
** encrypt it (if security is turned on), and send it to the server
** via HTTP. Get a reply, decrypt and uncompress the reply, and store
** the reply in pRecv. pRecv is assumed to be uninitialized when
** this routine is called - this routine will initialize it.
**
** The server address is contain in the "g" global structure. The
** url_parse() routine should have been called prior to this routine
** in order to fill this structure appropriately.
*/
void http_exchange(Blob *pSend, Blob *pRecv){
Blob login; /* The "login" card at the beginning of the payload */
Blob nonce; /* The password verificatin nonce on the login card */
Blob sig; /* The signature on the login card */
Blob pw; /* The user password prefixed by the nonce */
Blob login, nonce, sig, pw, payload, hdr;
Blob payload; /* The HTTP request payload */
Blob hdr; /* The HTTP request header */
const char *zSep;
int i;
int cnt = 0;
/* Compute the login card. This card is of the form:
**
** login USERID NONCE SIGNATURE
**
** The NONCE is a unique string - never to be reused. In this case,
** the nonce is the SHA1 hash of the rest of the payload. The SIGNATURE
** is the SHA1 hash of the NONCE and the user password concatenated.
*/
blob_zero(&nonce);
blob_zero(&pw);
sha1sum_blob(pSend, &nonce);
blob_copy(&pw, &nonce);
blob_zero(&login);
if( g.urlUser==0 ){
user_select();
|
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
|
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
+
+
+
+
+
+
|
/* printf("presig=[%s]\n", blob_str(&pw)); */
sha1sum_blob(&pw, &sig);
blob_appendf(&login, "login %s %b %b\n", g.urlUser, &nonce, &sig);
}
blob_reset(&nonce);
blob_reset(&pw);
blob_reset(&sig);
/* Construct the payload, which includes the login card.
*/
if( g.fHttpTrace ){
payload = login;
blob_append(&payload, blob_buffer(pSend), blob_size(pSend));
}else{
blob_compress2(&login, pSend, &payload);
blob_reset(&login);
}
/* Construct the HTTP request header
*/
blob_zero(&hdr);
i = strlen(g.urlPath);
if( i>0 && g.urlPath[i-1]=='/' ){
zSep = "";
}else{
zSep = "/";
}
|
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
|
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
|
+
+
+
+
+
+
+
+
|
out = fopen(zOutFile, "w");
if( out ){
fwrite(blob_buffer(&hdr), 1, blob_size(&hdr), out);
fwrite(blob_buffer(&payload), 1, blob_size(&payload), out);
fclose(out);
}
}
/* Send the header and payload to the server. Get the reply. If
** the first attempt is unsuccessful, do a second attempt.
*/
for(cnt=0; cnt<2; cnt++){
if( http_send_recv(&hdr, &payload, pRecv) ) break;
}
if( cnt>=2 ){
fossil_fatal("connection to server failed");
}
blob_reset(&hdr);
blob_reset(&payload);
/* Process the reply. pRecv contains only the payload of the
** reply message, not the header.
*/
if( g.fHttpTrace ){
printf("HTTP RECEIVE:\n%s\n=======================\n", blob_str(pRecv));
}else{
blob_uncompress(pRecv, pRecv);
}
}
|