PageRenderTime 118ms CodeModel.GetById 32ms RepoModel.GetById 2ms app.codeStats 0ms

/indra/newview/llxmlrpctransaction.cpp

https://bitbucket.org/lindenlab/viewer-beta/
C++ | 654 lines | 473 code | 111 blank | 70 comment | 31 complexity | 4dcbafbed2bfab92d182705d30fecfdd MD5 | raw file
Possible License(s): LGPL-2.1
  1. /**
  2. * @file llxmlrpctransaction.cpp
  3. * @brief LLXMLRPCTransaction and related class implementations
  4. *
  5. * $LicenseInfo:firstyear=2006&license=viewerlgpl$
  6. * Second Life Viewer Source Code
  7. * Copyright (C) 2010, Linden Research, Inc.
  8. *
  9. * This library is free software; you can redistribute it and/or
  10. * modify it under the terms of the GNU Lesser General Public
  11. * License as published by the Free Software Foundation;
  12. * version 2.1 of the License only.
  13. *
  14. * This library is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  17. * Lesser General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Lesser General Public
  20. * License along with this library; if not, write to the Free Software
  21. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  22. *
  23. * Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
  24. * $/LicenseInfo$
  25. */
  26. #include "llviewerprecompiledheaders.h"
  27. #include <openssl/x509_vfy.h>
  28. #include <openssl/ssl.h>
  29. #include "llsecapi.h"
  30. #include "llxmlrpctransaction.h"
  31. #include "llxmlrpclistener.h"
  32. #include "llcurl.h"
  33. #include "llviewercontrol.h"
  34. // Have to include these last to avoid queue redefinition!
  35. #include <xmlrpc-epi/xmlrpc.h>
  36. #include "llappviewer.h"
  37. #include "lltrans.h"
  38. // Static instance of LLXMLRPCListener declared here so that every time we
  39. // bring in this code, we instantiate a listener. If we put the static
  40. // instance of LLXMLRPCListener into llxmlrpclistener.cpp, the linker would
  41. // simply omit llxmlrpclistener.o, and shouting on the LLEventPump would do
  42. // nothing.
  43. static LLXMLRPCListener listener("LLXMLRPCTransaction");
  44. LLXMLRPCValue LLXMLRPCValue::operator[](const char* id) const
  45. {
  46. return LLXMLRPCValue(XMLRPC_VectorGetValueWithID(mV, id));
  47. }
  48. std::string LLXMLRPCValue::asString() const
  49. {
  50. const char* s = XMLRPC_GetValueString(mV);
  51. return s ? s : "";
  52. }
  53. int LLXMLRPCValue::asInt() const { return XMLRPC_GetValueInt(mV); }
  54. bool LLXMLRPCValue::asBool() const { return XMLRPC_GetValueBoolean(mV) != 0; }
  55. double LLXMLRPCValue::asDouble() const { return XMLRPC_GetValueDouble(mV); }
  56. LLXMLRPCValue LLXMLRPCValue::rewind()
  57. {
  58. return LLXMLRPCValue(XMLRPC_VectorRewind(mV));
  59. }
  60. LLXMLRPCValue LLXMLRPCValue::next()
  61. {
  62. return LLXMLRPCValue(XMLRPC_VectorNext(mV));
  63. }
  64. bool LLXMLRPCValue::isValid() const
  65. {
  66. return mV != NULL;
  67. }
  68. LLXMLRPCValue LLXMLRPCValue::createArray()
  69. {
  70. return LLXMLRPCValue(XMLRPC_CreateVector(NULL, xmlrpc_vector_array));
  71. }
  72. LLXMLRPCValue LLXMLRPCValue::createStruct()
  73. {
  74. return LLXMLRPCValue(XMLRPC_CreateVector(NULL, xmlrpc_vector_struct));
  75. }
  76. void LLXMLRPCValue::append(LLXMLRPCValue& v)
  77. {
  78. XMLRPC_AddValueToVector(mV, v.mV);
  79. }
  80. void LLXMLRPCValue::appendString(const std::string& v)
  81. {
  82. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueString(NULL, v.c_str(), 0));
  83. }
  84. void LLXMLRPCValue::appendInt(int v)
  85. {
  86. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueInt(NULL, v));
  87. }
  88. void LLXMLRPCValue::appendBool(bool v)
  89. {
  90. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueBoolean(NULL, v));
  91. }
  92. void LLXMLRPCValue::appendDouble(double v)
  93. {
  94. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueDouble(NULL, v));
  95. }
  96. void LLXMLRPCValue::append(const char* id, LLXMLRPCValue& v)
  97. {
  98. XMLRPC_SetValueID(v.mV, id, 0);
  99. XMLRPC_AddValueToVector(mV, v.mV);
  100. }
  101. void LLXMLRPCValue::appendString(const char* id, const std::string& v)
  102. {
  103. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueString(id, v.c_str(), 0));
  104. }
  105. void LLXMLRPCValue::appendInt(const char* id, int v)
  106. {
  107. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueInt(id, v));
  108. }
  109. void LLXMLRPCValue::appendBool(const char* id, bool v)
  110. {
  111. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueBoolean(id, v));
  112. }
  113. void LLXMLRPCValue::appendDouble(const char* id, double v)
  114. {
  115. XMLRPC_AddValueToVector(mV, XMLRPC_CreateValueDouble(id, v));
  116. }
  117. void LLXMLRPCValue::cleanup()
  118. {
  119. XMLRPC_CleanupValue(mV);
  120. mV = NULL;
  121. }
  122. XMLRPC_VALUE LLXMLRPCValue::getValue() const
  123. {
  124. return mV;
  125. }
  126. class LLXMLRPCTransaction::Impl
  127. {
  128. public:
  129. typedef LLXMLRPCTransaction::EStatus EStatus;
  130. LLCurlEasyRequest* mCurlRequest;
  131. EStatus mStatus;
  132. CURLcode mCurlCode;
  133. std::string mStatusMessage;
  134. std::string mStatusURI;
  135. LLCurl::TransferInfo mTransferInfo;
  136. std::string mURI;
  137. char* mRequestText;
  138. int mRequestTextSize;
  139. std::string mProxyAddress;
  140. std::string mResponseText;
  141. XMLRPC_REQUEST mResponse;
  142. std::string mCertStore;
  143. LLPointer<LLCertificate> mErrorCert;
  144. Impl(const std::string& uri, XMLRPC_REQUEST request, bool useGzip);
  145. Impl(const std::string& uri,
  146. const std::string& method, LLXMLRPCValue params, bool useGzip);
  147. ~Impl();
  148. bool process();
  149. void setStatus(EStatus code,
  150. const std::string& message = "", const std::string& uri = "");
  151. void setCurlStatus(CURLcode);
  152. private:
  153. void init(XMLRPC_REQUEST request, bool useGzip);
  154. static int _sslCertVerifyCallback(X509_STORE_CTX *ctx, void *param);
  155. static CURLcode _sslCtxFunction(CURL * curl, void *sslctx, void *param);
  156. static size_t curlDownloadCallback(
  157. char* data, size_t size, size_t nmemb, void* user_data);
  158. };
  159. LLXMLRPCTransaction::Impl::Impl(const std::string& uri,
  160. XMLRPC_REQUEST request, bool useGzip)
  161. : mCurlRequest(0),
  162. mStatus(LLXMLRPCTransaction::StatusNotStarted),
  163. mURI(uri),
  164. mRequestText(0),
  165. mResponse(0)
  166. {
  167. init(request, useGzip);
  168. }
  169. LLXMLRPCTransaction::Impl::Impl(const std::string& uri,
  170. const std::string& method, LLXMLRPCValue params, bool useGzip)
  171. : mCurlRequest(0),
  172. mStatus(LLXMLRPCTransaction::StatusNotStarted),
  173. mURI(uri),
  174. mRequestText(0),
  175. mResponse(0)
  176. {
  177. XMLRPC_REQUEST request = XMLRPC_RequestNew();
  178. XMLRPC_RequestSetMethodName(request, method.c_str());
  179. XMLRPC_RequestSetRequestType(request, xmlrpc_request_call);
  180. XMLRPC_RequestSetData(request, params.getValue());
  181. init(request, useGzip);
  182. // DEV-28398: without this XMLRPC_RequestFree() call, it looks as though
  183. // the 'request' object is simply leaked. It's less clear to me whether we
  184. // should also ask to free request value data (second param 1), since the
  185. // data come from 'params'.
  186. XMLRPC_RequestFree(request, 1);
  187. }
  188. // _sslCertVerifyCallback
  189. // callback called when a cert verification is requested.
  190. // calls SECAPI to validate the context
  191. int LLXMLRPCTransaction::Impl::_sslCertVerifyCallback(X509_STORE_CTX *ctx, void *param)
  192. {
  193. LLXMLRPCTransaction::Impl *transaction = (LLXMLRPCTransaction::Impl *)param;
  194. LLPointer<LLCertificateStore> store = gSecAPIHandler->getCertificateStore(transaction->mCertStore);
  195. LLPointer<LLCertificateChain> chain = gSecAPIHandler->getCertificateChain(ctx);
  196. LLSD validation_params = LLSD::emptyMap();
  197. LLURI uri(transaction->mURI);
  198. validation_params[CERT_HOSTNAME] = uri.hostName();
  199. try
  200. {
  201. // don't validate hostname. Let libcurl do it instead. That way, it'll handle redirects
  202. store->validate(VALIDATION_POLICY_SSL & (~VALIDATION_POLICY_HOSTNAME), chain, validation_params);
  203. }
  204. catch (LLCertValidationTrustException& cert_exception)
  205. {
  206. // this exception is is handled differently than the general cert
  207. // exceptions, as we allow the user to actually add the certificate
  208. // for trust.
  209. // therefore we pass back a different error code
  210. // NOTE: We're currently 'wired' to pass around CURL error codes. This is
  211. // somewhat clumsy, as we may run into errors that do not map directly to curl
  212. // error codes. Should be refactored with login refactoring, perhaps.
  213. transaction->mCurlCode = CURLE_SSL_CACERT;
  214. // set the status directly. set curl status generates error messages and we want
  215. // to use the fixed ones from the exceptions
  216. transaction->setStatus(StatusCURLError, cert_exception.getMessage(), std::string());
  217. // We should probably have a more generic way of passing information
  218. // back to the error handlers.
  219. transaction->mErrorCert = cert_exception.getCert();
  220. return 0;
  221. }
  222. catch (LLCertException& cert_exception)
  223. {
  224. transaction->mCurlCode = CURLE_SSL_PEER_CERTIFICATE;
  225. // set the status directly. set curl status generates error messages and we want
  226. // to use the fixed ones from the exceptions
  227. transaction->setStatus(StatusCURLError, cert_exception.getMessage(), std::string());
  228. transaction->mErrorCert = cert_exception.getCert();
  229. return 0;
  230. }
  231. catch (...)
  232. {
  233. // any other odd error, we just handle as a connect error.
  234. transaction->mCurlCode = CURLE_SSL_CONNECT_ERROR;
  235. transaction->setCurlStatus(CURLE_SSL_CONNECT_ERROR);
  236. return 0;
  237. }
  238. return 1;
  239. }
  240. // _sslCtxFunction
  241. // Callback function called when an SSL Context is created via CURL
  242. // used to configure the context for custom cert validate(<, <#const & xs#>, <#T * #>, <#long #>)tion
  243. // based on SECAPI
  244. CURLcode LLXMLRPCTransaction::Impl::_sslCtxFunction(CURL * curl, void *sslctx, void *param)
  245. {
  246. SSL_CTX * ctx = (SSL_CTX *) sslctx;
  247. // disable any default verification for server certs
  248. SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
  249. // set the verification callback.
  250. SSL_CTX_set_cert_verify_callback(ctx, _sslCertVerifyCallback, param);
  251. // the calls are void
  252. return CURLE_OK;
  253. }
  254. void LLXMLRPCTransaction::Impl::init(XMLRPC_REQUEST request, bool useGzip)
  255. {
  256. if (!mCurlRequest)
  257. {
  258. mCurlRequest = new LLCurlEasyRequest();
  259. }
  260. if(!mCurlRequest->isValid())
  261. {
  262. llwarns << "mCurlRequest is invalid." << llendl ;
  263. delete mCurlRequest ;
  264. mCurlRequest = NULL ;
  265. return ;
  266. }
  267. mErrorCert = NULL;
  268. // mCurlRequest->setopt(CURLOPT_VERBOSE, 1); // useful for debugging
  269. mCurlRequest->setopt(CURLOPT_NOSIGNAL, 1);
  270. mCurlRequest->setWriteCallback(&curlDownloadCallback, (void*)this);
  271. BOOL vefifySSLCert = !gSavedSettings.getBOOL("NoVerifySSLCert");
  272. mCertStore = gSavedSettings.getString("CertStore");
  273. mCurlRequest->setopt(CURLOPT_SSL_VERIFYPEER, vefifySSLCert);
  274. mCurlRequest->setopt(CURLOPT_SSL_VERIFYHOST, vefifySSLCert ? 2 : 0);
  275. // Be a little impatient about establishing connections.
  276. mCurlRequest->setopt(CURLOPT_CONNECTTIMEOUT, 40L);
  277. mCurlRequest->setSSLCtxCallback(_sslCtxFunction, (void *)this);
  278. /* Setting the DNS cache timeout to -1 disables it completely.
  279. This might help with bug #503 */
  280. mCurlRequest->setopt(CURLOPT_DNS_CACHE_TIMEOUT, -1);
  281. mCurlRequest->slist_append("Content-Type: text/xml");
  282. if (useGzip)
  283. {
  284. mCurlRequest->setoptString(CURLOPT_ENCODING, "");
  285. }
  286. mRequestText = XMLRPC_REQUEST_ToXML(request, &mRequestTextSize);
  287. if (mRequestText)
  288. {
  289. mCurlRequest->setoptString(CURLOPT_POSTFIELDS, mRequestText);
  290. mCurlRequest->setopt(CURLOPT_POSTFIELDSIZE, mRequestTextSize);
  291. }
  292. else
  293. {
  294. setStatus(StatusOtherError);
  295. }
  296. mCurlRequest->sendRequest(mURI);
  297. }
  298. LLXMLRPCTransaction::Impl::~Impl()
  299. {
  300. if (mResponse)
  301. {
  302. XMLRPC_RequestFree(mResponse, 1);
  303. }
  304. if (mRequestText)
  305. {
  306. XMLRPC_Free(mRequestText);
  307. }
  308. delete mCurlRequest;
  309. mCurlRequest = NULL ;
  310. }
  311. bool LLXMLRPCTransaction::Impl::process()
  312. {
  313. if(!mCurlRequest || !mCurlRequest->isValid())
  314. {
  315. llwarns << "transaction failed." << llendl ;
  316. delete mCurlRequest ;
  317. mCurlRequest = NULL ;
  318. return true ; //failed, quit.
  319. }
  320. switch(mStatus)
  321. {
  322. case LLXMLRPCTransaction::StatusComplete:
  323. case LLXMLRPCTransaction::StatusCURLError:
  324. case LLXMLRPCTransaction::StatusXMLRPCError:
  325. case LLXMLRPCTransaction::StatusOtherError:
  326. {
  327. return true;
  328. }
  329. case LLXMLRPCTransaction::StatusNotStarted:
  330. {
  331. setStatus(LLXMLRPCTransaction::StatusStarted);
  332. break;
  333. }
  334. default:
  335. {
  336. // continue onward
  337. }
  338. }
  339. if(!mCurlRequest->wait())
  340. {
  341. return false ;
  342. }
  343. while(1)
  344. {
  345. CURLcode result;
  346. bool newmsg = mCurlRequest->getResult(&result, &mTransferInfo);
  347. if (newmsg)
  348. {
  349. if (result != CURLE_OK)
  350. {
  351. if ((result != CURLE_SSL_PEER_CERTIFICATE) &&
  352. (result != CURLE_SSL_CACERT))
  353. {
  354. // if we have a curl error that's not already been handled
  355. // (a non cert error), then generate the error message as
  356. // appropriate
  357. setCurlStatus(result);
  358. llwarns << "LLXMLRPCTransaction CURL error "
  359. << mCurlCode << ": " << mCurlRequest->getErrorString() << llendl;
  360. llwarns << "LLXMLRPCTransaction request URI: "
  361. << mURI << llendl;
  362. }
  363. return true;
  364. }
  365. setStatus(LLXMLRPCTransaction::StatusComplete);
  366. mResponse = XMLRPC_REQUEST_FromXML(
  367. mResponseText.data(), mResponseText.size(), NULL);
  368. bool hasError = false;
  369. bool hasFault = false;
  370. int faultCode = 0;
  371. std::string faultString;
  372. LLXMLRPCValue error(XMLRPC_RequestGetError(mResponse));
  373. if (error.isValid())
  374. {
  375. hasError = true;
  376. faultCode = error["faultCode"].asInt();
  377. faultString = error["faultString"].asString();
  378. }
  379. else if (XMLRPC_ResponseIsFault(mResponse))
  380. {
  381. hasFault = true;
  382. faultCode = XMLRPC_GetResponseFaultCode(mResponse);
  383. faultString = XMLRPC_GetResponseFaultString(mResponse);
  384. }
  385. if (hasError || hasFault)
  386. {
  387. setStatus(LLXMLRPCTransaction::StatusXMLRPCError);
  388. llwarns << "LLXMLRPCTransaction XMLRPC "
  389. << (hasError ? "error " : "fault ")
  390. << faultCode << ": "
  391. << faultString << llendl;
  392. llwarns << "LLXMLRPCTransaction request URI: "
  393. << mURI << llendl;
  394. }
  395. return true;
  396. }
  397. else
  398. {
  399. break; // done
  400. }
  401. }
  402. return false;
  403. }
  404. void LLXMLRPCTransaction::Impl::setStatus(EStatus status,
  405. const std::string& message, const std::string& uri)
  406. {
  407. mStatus = status;
  408. mStatusMessage = message;
  409. mStatusURI = uri;
  410. if (mStatusMessage.empty())
  411. {
  412. switch (mStatus)
  413. {
  414. case StatusNotStarted:
  415. mStatusMessage = "(not started)";
  416. break;
  417. case StatusStarted:
  418. mStatusMessage = "(waiting for server response)";
  419. break;
  420. case StatusDownloading:
  421. mStatusMessage = "(reading server response)";
  422. break;
  423. case StatusComplete:
  424. mStatusMessage = "(done)";
  425. break;
  426. default:
  427. // Usually this means that there's a problem with the login server,
  428. // not with the client. Direct user to status page.
  429. mStatusMessage = LLTrans::getString("server_is_down");
  430. mStatusURI = "http://status.secondlifegrid.net/";
  431. }
  432. }
  433. }
  434. void LLXMLRPCTransaction::Impl::setCurlStatus(CURLcode code)
  435. {
  436. std::string message;
  437. std::string uri = "http://secondlife.com/community/support.php";
  438. switch (code)
  439. {
  440. case CURLE_COULDNT_RESOLVE_HOST:
  441. message =
  442. "DNS could not resolve the host name.\n"
  443. "Please verify that you can connect to the www.secondlife.com\n"
  444. "web site. If you can, but continue to receive this error,\n"
  445. "please go to the support section and report this problem.";
  446. break;
  447. case CURLE_SSL_PEER_CERTIFICATE:
  448. message =
  449. "The login server couldn't verify itself via SSL.\n"
  450. "If you continue to receive this error, please go\n"
  451. "to the Support section of the SecondLife.com web site\n"
  452. "and report the problem.";
  453. break;
  454. case CURLE_SSL_CACERT:
  455. case CURLE_SSL_CONNECT_ERROR:
  456. message =
  457. "Often this means that your computer\'s clock is set incorrectly.\n"
  458. "Please go to Control Panels and make sure the time and date\n"
  459. "are set correctly.\n"
  460. "Also check that your network and firewall are set up correctly.\n"
  461. "If you continue to receive this error, please go\n"
  462. "to the Support section of the SecondLife.com web site\n"
  463. "and report the problem.";
  464. break;
  465. default:
  466. break;
  467. }
  468. mCurlCode = code;
  469. setStatus(StatusCURLError, message, uri);
  470. }
  471. size_t LLXMLRPCTransaction::Impl::curlDownloadCallback(
  472. char* data, size_t size, size_t nmemb, void* user_data)
  473. {
  474. Impl& impl(*(Impl*)user_data);
  475. size_t n = size * nmemb;
  476. impl.mResponseText.append(data, n);
  477. if (impl.mStatus == LLXMLRPCTransaction::StatusStarted)
  478. {
  479. impl.setStatus(LLXMLRPCTransaction::StatusDownloading);
  480. }
  481. return n;
  482. }
  483. LLXMLRPCTransaction::LLXMLRPCTransaction(
  484. const std::string& uri, XMLRPC_REQUEST request, bool useGzip)
  485. : impl(* new Impl(uri, request, useGzip))
  486. { }
  487. LLXMLRPCTransaction::LLXMLRPCTransaction(
  488. const std::string& uri,
  489. const std::string& method, LLXMLRPCValue params, bool useGzip)
  490. : impl(* new Impl(uri, method, params, useGzip))
  491. { }
  492. LLXMLRPCTransaction::~LLXMLRPCTransaction()
  493. {
  494. delete &impl;
  495. }
  496. bool LLXMLRPCTransaction::process()
  497. {
  498. return impl.process();
  499. }
  500. LLXMLRPCTransaction::EStatus LLXMLRPCTransaction::status(int* curlCode)
  501. {
  502. if (curlCode)
  503. {
  504. *curlCode =
  505. (impl.mStatus == StatusCURLError)
  506. ? impl.mCurlCode
  507. : CURLE_OK;
  508. }
  509. return impl.mStatus;
  510. }
  511. std::string LLXMLRPCTransaction::statusMessage()
  512. {
  513. return impl.mStatusMessage;
  514. }
  515. LLPointer<LLCertificate> LLXMLRPCTransaction::getErrorCert()
  516. {
  517. return impl.mErrorCert;
  518. }
  519. std::string LLXMLRPCTransaction::statusURI()
  520. {
  521. return impl.mStatusURI;
  522. }
  523. XMLRPC_REQUEST LLXMLRPCTransaction::response()
  524. {
  525. return impl.mResponse;
  526. }
  527. LLXMLRPCValue LLXMLRPCTransaction::responseValue()
  528. {
  529. return LLXMLRPCValue(XMLRPC_RequestGetData(impl.mResponse));
  530. }
  531. F64 LLXMLRPCTransaction::transferRate()
  532. {
  533. if (impl.mStatus != StatusComplete)
  534. {
  535. return 0.0L;
  536. }
  537. double rate_bits_per_sec = impl.mTransferInfo.mSpeedDownload * 8.0;
  538. LL_INFOS("AppInit") << "Buffer size: " << impl.mResponseText.size() << " B" << LL_ENDL;
  539. LL_DEBUGS("AppInit") << "Transfer size: " << impl.mTransferInfo.mSizeDownload << " B" << LL_ENDL;
  540. LL_DEBUGS("AppInit") << "Transfer time: " << impl.mTransferInfo.mTotalTime << " s" << LL_ENDL;
  541. LL_INFOS("AppInit") << "Transfer rate: " << rate_bits_per_sec / 1000.0 << " Kb/s" << LL_ENDL;
  542. return rate_bits_per_sec;
  543. }