/*
* UPnP XML helper routines
* Copyright (c) 2000-2003 Intel Corporation
* Copyright (c) 2006-2007 Sony Corporation
* Copyright (c) 2008-2009 Atheros Communications
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
*
* See wps_upnp.c for more details on licensing and code history.
*/
#include "includes.h"
#include "common.h"
#include "base64.h"
#include "http.h"
#include "upnp_xml.h"
/*
* XML parsing and formatting
*
* XML is a markup language based on unicode; usually (and in our case,
* always!) based on utf-8. utf-8 uses a variable number of bytes per
* character. utf-8 has the advantage that all non-ASCII unicode characters are
* represented by sequences of non-ascii (high bit set) bytes, whereas ASCII
* characters are single ascii bytes, thus we can use typical text processing.
*
* (One other interesting thing about utf-8 is that it is possible to look at
* any random byte and determine if it is the first byte of a character as
* versus a continuation byte).
*
* The base syntax of XML uses a few ASCII punctionation characters; any
* characters that would appear in the payload data are rewritten using
* sequences, e.g., & for ampersand(&) and < for left angle bracket (<).
* Five such escapes total (more can be defined but that does not apply to our
* case). Thus we can safely parse for angle brackets etc.
*
* XML describes tree structures of tagged data, with each element beginning
* with an opening tag <label> and ending with a closing tag </label> with
* matching label. (There is also a self-closing tag <label/> which is supposed
* to be equivalent to <label></label>, i.e., no payload, but we are unlikely
* to see it for our purpose).
*
* Actually the opening tags are a little more complicated because they can
* contain "attributes" after the label (delimited by ascii space or tab chars)
* of the form attribute_label="value" or attribute_label='value'; as it turns
* out we do not have to read any of these attributes, just ignore them.
*
* Labels are any sequence of chars other than space, tab, right angle bracket
* (and ?), but may have an inner structure of <namespace><colon><plain_label>.
* As it turns out, we can ignore the namespaces, in fact we can ignore the
* entire tree hierarchy, because the plain labels we are looking for will be
* unique (not in general, but for this application). We do however have to be
* careful to skip over the namespaces.
*
* In generating XML we have to be more careful, but that is easy because
* everything we do is pretty canned. The only real care to take is to escape
* any special chars in our payload.
*/
/**
* xml_next_tag - Advance to next tag
* @in: Input
* @out: OUT: start of tag just after '<'
* @out_tagname: OUT: start of name of tag, skipping namespace
* @end: OUT: one after tag
* Returns: 0 on success, 1 on failure
*
* A tag has form:
* <left angle bracket><...><right angle bracket>
* Within the angle brackets, there is an optional leading forward slash (which
* makes the tag an ending tag), then an optional leading label (followed by
* colon) and then the tag name itself.
*
* Note that angle brackets present in the original data must have been encoded
* as < and > so they will not trouble us.
*/
int xml_next_tag(const char *in, const char **out,
const char **out_tagname, const char **end)
{
while (*in && *in != '<')
in++;
if (*in != '<')
return 1;
*out = ++in;
if (*in == '/')
in++;
*out_tagname = in; /* maybe */
while (isalnum(*in) || *in == '-')
in++;
if (*in == ':')
*out_tagname = ++in;
while (*in && *in != '>')
in++;
if (*in != '>')
return 1;
*end = ++in;
return 0;
}
/* xml_data_encode -- format data for xml file, escaping special characters.
*
* Note that we assume we are using utf8 both as input and as output!
* In utf8, characters may be classed as follows:
* 0xxxxxxx(2) -- 1 byte ascii char
* 11xxxxxx(2) -- 1st byte of multi-byte char w/ unicode value >= 0x80
* 110xxxxx(2) -- 1st byte of 2 byte sequence (5 payload bits here)
* 1110xxxx(2) -- 1st byte of 3 byte sequence (4 payload bits here)
* 11110xxx(2) -- 1st byte of 4 byte sequence (3 payload bits here)
* 10xxxxxx(2) -- extension byte (6 payload bits per byte)
* Some values implied by the above are however illegal because they
* do not represent unicode chars or are not the shortest encoding.
* Actually, we can almost entirely ignore the above and just do
* text processing same as for ascii text.
*
* XML is written with arbitrary unicode characters, except that five
* characters have special meaning and so must be escaped where they
* appear in payload data... which we do here.
*/
void xml_data_encode(struct wpabuf *buf, const char *data, int len)
{
int i;
for (i = 0; i < len; i++) {
u8 c = ((u8 *) data)[i];
if (c == '<') {
wpabuf_put_str(buf, "<");
continue;
}
if (c == '>') {
wpabuf_put_str(buf, ">");
continue;
}
if (c == '&') {
wpabuf_put_str(buf, "&");
continue;
}
if (c == '\'') {
wpabuf_put_str(buf, "'");
continue;
}
if (c == '"') {
wpabuf_put_str(buf, """);
continue;
}
/*
* We could try to represent control characters using the
* sequence: &#x; where x is replaced by a hex numeral, but not
* clear why we would do this.
*/
wpabuf_put_u8(buf, c);
}
}
/* xml_add_tagged_data -- format tagged data as a new xml line.
*
* tag must not have any special chars.
* data may have special chars, which are escaped.
*/
void xml_add_tagged_data(struct wpabuf *buf, const char *tag, const char *data)
{
wpabuf_printf(buf, "<%s>", tag);
xml_data_encode(buf, data, os_strlen(data));
wpabuf_printf(buf, "</%s>\n", tag);
}
/* A POST body looks something like (per upnp spec):
* <?xml version="1.0"?>
* <s:Envelope
* xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
* s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
* <s:Body>
* <u:actionName xmlns:u="urn:schemas-upnp-org:service:serviceType:v">
* <argumentName>in arg value</argumentName>
* other in args and their values go here, if any
* </u:actionName>
* </s:Body>
* </s:Envelope>
*
* where :
* s: might be some other namespace name followed by colon
* u: might be some other namespace name followed by colon
* actionName will be replaced according to action requested
* schema following actionName will be WFA scheme instead
* argumentName will be actual argument name
* (in arg value) will be actual argument value
*/
char * xml_get_first_item(const char *doc, const char *item)
{
const char *match = item;
int match_len = os_strlen(item);
const char *tag, *tagname, *end;
char *value;
/*
* This is crude: ignore any possible tag name conflicts and go right
* to the first tag of this name. This should be ok for the limited
* domain of UPnP messages.
*/
for (;;) {
if (xml_next_tag(doc, &tag, &tagname, &end))
return NULL;
doc = end;
if (!os_strncasecmp(tagname, match, match_len) &&
*tag != '/' &&
(tagname[match_len] == '>' ||
!isgraph(tagname[match_len]))) {
break;
}
}
end = doc;
while (*end && *end != '<')
end++;
value = os_zalloc(1 + (end - doc));
if (value == NULL)
return NULL;
os_memcpy(value, doc, end - doc);
return value;
}
struct wpabuf * xml_get_base64_item(const char *data, const char *name,
enum http_reply_code *ret)
{
char *msg;
struct wpabuf *buf;
unsigned char *decoded;
size_t len;
msg = xml_get_first_item(data, name);
if (msg == NULL) {
*ret = UPNP_ARG_VALUE_INVALID;
return NULL;
}
decoded = base64_decode((unsigned char *) msg, os_strlen(msg), &len);
os_free(msg);
if (decoded == NULL) {
*ret = UPNP_OUT_OF_MEMORY;
return NULL;
}
buf = wpabuf_alloc_ext_data(decoded, len);
if (buf == NULL) {
os_free(decoded);
*ret = UPNP_OUT_OF_MEMORY;
return NULL;
}
return buf;
}