2015-06-22 11:11:21 +02:00
|
|
|
/******************************************************************************
|
|
|
|
* Icinga 2 *
|
2018-01-02 12:06:00 +01:00
|
|
|
* Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/) *
|
2015-06-22 11:11:21 +02:00
|
|
|
* *
|
|
|
|
* This program is free software; you can redistribute it and/or *
|
|
|
|
* modify it under the terms of the GNU General Public License *
|
|
|
|
* as published by the Free Software Foundation; either version 2 *
|
|
|
|
* of the License, or (at your option) any later version. *
|
|
|
|
* *
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
* GNU General Public License for more details. *
|
|
|
|
* *
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
* along with this program; if not, write to the Free Software Foundation *
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
|
|
|
******************************************************************************/
|
|
|
|
|
2015-08-29 01:16:16 +02:00
|
|
|
#include "remote/httpserverconnection.hpp"
|
2015-06-22 11:11:21 +02:00
|
|
|
#include "remote/httphandler.hpp"
|
2017-02-09 09:13:58 +01:00
|
|
|
#include "remote/httputility.hpp"
|
2015-06-22 11:11:21 +02:00
|
|
|
#include "remote/apilistener.hpp"
|
|
|
|
#include "remote/apifunction.hpp"
|
|
|
|
#include "remote/jsonrpc.hpp"
|
2017-09-11 16:51:13 +02:00
|
|
|
#include "base/base64.hpp"
|
2015-08-15 20:28:05 +02:00
|
|
|
#include "base/configtype.hpp"
|
2015-06-22 11:11:21 +02:00
|
|
|
#include "base/objectlock.hpp"
|
|
|
|
#include "base/utility.hpp"
|
|
|
|
#include "base/logger.hpp"
|
|
|
|
#include "base/exception.hpp"
|
|
|
|
#include "base/convert.hpp"
|
|
|
|
#include <boost/thread/once.hpp>
|
|
|
|
|
|
|
|
using namespace icinga;
|
|
|
|
|
2015-08-29 01:16:16 +02:00
|
|
|
static boost::once_flag l_HttpServerConnectionOnceFlag = BOOST_ONCE_INIT;
|
|
|
|
static Timer::Ptr l_HttpServerConnectionTimeoutTimer;
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2015-08-29 01:16:16 +02:00
|
|
|
HttpServerConnection::HttpServerConnection(const String& identity, bool authenticated, const TlsStream::Ptr& stream)
|
2016-08-24 19:59:13 +02:00
|
|
|
: m_Stream(stream), m_Seen(Utility::GetTime()), m_CurrentRequest(stream), m_PendingRequests(0)
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
2015-08-29 01:16:16 +02:00
|
|
|
boost::call_once(l_HttpServerConnectionOnceFlag, &HttpServerConnection::StaticInitialize);
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2016-06-14 08:19:13 +02:00
|
|
|
m_RequestQueue.SetName("HttpServerConnection");
|
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
if (authenticated)
|
2015-07-09 15:27:14 +02:00
|
|
|
m_ApiUser = ApiUser::GetByClientCN(identity);
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::StaticInitialize()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
2015-08-29 01:16:16 +02:00
|
|
|
l_HttpServerConnectionTimeoutTimer = new Timer();
|
2017-11-21 11:52:55 +01:00
|
|
|
l_HttpServerConnectionTimeoutTimer->OnTimerExpired.connect(std::bind(&HttpServerConnection::TimeoutTimerHandler));
|
2018-02-13 17:29:48 +01:00
|
|
|
l_HttpServerConnectionTimeoutTimer->SetInterval(5);
|
2015-08-29 01:16:16 +02:00
|
|
|
l_HttpServerConnectionTimeoutTimer->Start();
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::Start()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
2015-11-02 17:34:01 +01:00
|
|
|
/* the stream holds an owning reference to this object through the callback we're registering here */
|
2017-11-21 11:52:55 +01:00
|
|
|
m_Stream->RegisterDataHandler(std::bind(&HttpServerConnection::DataAvailableHandler, HttpServerConnection::Ptr(this)));
|
2015-06-22 11:11:21 +02:00
|
|
|
if (m_Stream->IsDataAvailable())
|
|
|
|
DataAvailableHandler();
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
ApiUser::Ptr HttpServerConnection::GetApiUser() const
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
return m_ApiUser;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
TlsStream::Ptr HttpServerConnection::GetStream() const
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
return m_Stream;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::Disconnect()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
2018-02-13 17:29:48 +01:00
|
|
|
boost::mutex::scoped_try_lock lock(m_DataHandlerMutex);
|
|
|
|
if (!lock.owns_lock()) {
|
|
|
|
Log(LogInformation, "HttpServerConnection", "Unable to disconnect Http client, I/O thread busy");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2015-08-29 01:16:16 +02:00
|
|
|
Log(LogDebug, "HttpServerConnection", "Http client disconnected");
|
2015-06-22 11:11:21 +02:00
|
|
|
|
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
|
|
|
listener->RemoveHttpClient(this);
|
|
|
|
|
2016-08-19 20:35:20 +02:00
|
|
|
m_CurrentRequest.~HttpRequest();
|
2017-11-30 08:36:35 +01:00
|
|
|
new (&m_CurrentRequest) HttpRequest(nullptr);
|
2016-08-19 20:35:20 +02:00
|
|
|
|
2016-08-22 16:35:16 +02:00
|
|
|
m_Stream->Close();
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
bool HttpServerConnection::ProcessMessage()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
bool res;
|
2018-02-08 14:54:52 +01:00
|
|
|
HttpResponse response(m_Stream, m_CurrentRequest);
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (!m_CurrentRequest.CompleteHeaders) {
|
|
|
|
try {
|
|
|
|
res = m_CurrentRequest.ParseHeader(m_Context, false);
|
|
|
|
} catch (const std::invalid_argument& ex) {
|
|
|
|
response.SetStatus(400, "Bad Request");
|
|
|
|
String msg = String("<h1>Bad Request</h1><p><pre>") + ex.what() + "</pre></p>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
response.Finish();
|
2015-10-27 15:26:19 +01:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_Stream->Shutdown();
|
|
|
|
return false;
|
|
|
|
} catch (const std::exception& ex) {
|
|
|
|
response.SetStatus(500, "Internal Server Error");
|
|
|
|
String msg = "<h1>Internal Server Error</h1><p><pre>" + DiagnosticInformation(ex) + "</pre></p>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
response.Finish();
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_Stream->Shutdown();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return res;
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (!m_CurrentRequest.CompleteHeaderCheck) {
|
|
|
|
m_CurrentRequest.CompleteHeaderCheck = true;
|
|
|
|
if (!ManageHeaders(response)) {
|
|
|
|
m_Stream->Shutdown();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (!m_CurrentRequest.CompleteBody) {
|
|
|
|
try {
|
|
|
|
res = m_CurrentRequest.ParseBody(m_Context, false);
|
|
|
|
} catch (const std::invalid_argument& ex) {
|
|
|
|
response.SetStatus(400, "Bad Request");
|
|
|
|
String msg = String("<h1>Bad Request</h1><p><pre>") + ex.what() + "</pre></p>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
response.Finish();
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_Stream->Shutdown();
|
|
|
|
return false;
|
|
|
|
} catch (const std::exception& ex) {
|
|
|
|
response.SetStatus(500, "Internal Server Error");
|
|
|
|
String msg = "<h1>Internal Server Error</h1><p><pre>" + DiagnosticInformation(ex) + "</pre></p>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
response.Finish();
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_Stream->Shutdown();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return res;
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_RequestQueue.Enqueue(std::bind(&HttpServerConnection::ProcessMessageAsync,
|
|
|
|
HttpServerConnection::Ptr(this), m_CurrentRequest, response, m_AuthenticatedUser));
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_Seen = Utility::GetTime();
|
|
|
|
m_PendingRequests++;
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
m_CurrentRequest.~HttpRequest();
|
|
|
|
new (&m_CurrentRequest) HttpRequest(m_Stream);
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
return false;
|
|
|
|
}
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
bool HttpServerConnection::ManageHeaders(HttpResponse& response)
|
|
|
|
{
|
|
|
|
if (m_CurrentRequest.Headers->Get("expect") == "100-continue") {
|
|
|
|
String continueResponse = "HTTP/1.1 100 Continue\r\n\r\n";
|
|
|
|
m_Stream->Write(continueResponse.CStr(), continueResponse.GetLength());
|
2015-07-09 15:27:14 +02:00
|
|
|
}
|
|
|
|
|
2016-04-04 16:38:47 +02:00
|
|
|
/* client_cn matched. */
|
2015-07-09 15:27:14 +02:00
|
|
|
if (m_ApiUser)
|
2018-02-08 14:54:52 +01:00
|
|
|
m_AuthenticatedUser = m_ApiUser;
|
|
|
|
else
|
|
|
|
m_AuthenticatedUser = ApiUser::GetByAuthHeader(m_CurrentRequest.Headers->Get("authorization"));
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
String requestUrl = m_CurrentRequest.RequestUrl->Format();
|
2015-10-16 15:32:02 +02:00
|
|
|
|
2018-01-30 13:34:26 +01:00
|
|
|
Socket::Ptr socket = m_Stream->GetSocket();
|
|
|
|
|
2015-09-30 08:41:09 +02:00
|
|
|
Log(LogInformation, "HttpServerConnection")
|
2018-02-08 14:54:52 +01:00
|
|
|
<< "Request: " << m_CurrentRequest.RequestMethod << " " << requestUrl
|
2018-01-30 13:34:26 +01:00
|
|
|
<< " (from " << (socket ? socket->GetPeerAddress() : "<unkown>")
|
2018-02-08 14:54:52 +01:00
|
|
|
<< ", user: " << (m_AuthenticatedUser ? m_AuthenticatedUser->GetName() : "<unauthenticated>") << ")";
|
2015-07-09 15:27:14 +02:00
|
|
|
|
2017-07-27 14:57:34 +02:00
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
|
|
|
|
|
|
|
if (!listener)
|
2018-02-08 14:54:52 +01:00
|
|
|
return false;
|
2017-07-27 14:57:34 +02:00
|
|
|
|
|
|
|
Array::Ptr headerAllowOrigin = listener->GetAccessControlAllowOrigin();
|
|
|
|
|
|
|
|
if (headerAllowOrigin->GetLength() != 0) {
|
2018-02-08 14:54:52 +01:00
|
|
|
String origin = m_CurrentRequest.Headers->Get("origin");
|
2017-07-27 14:57:34 +02:00
|
|
|
{
|
|
|
|
ObjectLock olock(headerAllowOrigin);
|
|
|
|
|
|
|
|
for (const String& allowedOrigin : headerAllowOrigin) {
|
|
|
|
if (allowedOrigin == origin)
|
|
|
|
response.AddHeader("Access-Control-Allow-Origin", origin);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (listener->GetAccessControlAllowCredentials())
|
|
|
|
response.AddHeader("Access-Control-Allow-Credentials", "true");
|
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
String accessControlRequestMethodHeader = m_CurrentRequest.Headers->Get("access-control-request-method");
|
2017-07-27 14:57:34 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (m_CurrentRequest.RequestMethod == "OPTIONS" && !accessControlRequestMethodHeader.IsEmpty()) {
|
2017-07-27 14:57:34 +02:00
|
|
|
response.SetStatus(200, "OK");
|
|
|
|
|
|
|
|
response.AddHeader("Access-Control-Allow-Methods", listener->GetAccessControlAllowMethods());
|
|
|
|
response.AddHeader("Access-Control-Allow-Headers", listener->GetAccessControlAllowHeaders());
|
|
|
|
|
|
|
|
String msg = "Preflight OK";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
|
|
|
|
response.Finish();
|
2018-02-08 14:54:52 +01:00
|
|
|
return false;
|
2017-07-27 14:57:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (m_CurrentRequest.RequestMethod != "GET" && m_CurrentRequest.Headers->Get("accept") != "application/json") {
|
2015-11-05 15:18:53 +01:00
|
|
|
response.SetStatus(400, "Wrong Accept header");
|
|
|
|
response.AddHeader("Content-Type", "text/html");
|
|
|
|
String msg = "<h1>Accept header is missing or not set to 'application/json'.</h1>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
2018-02-08 14:54:52 +01:00
|
|
|
response.Finish();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!m_AuthenticatedUser) {
|
2015-10-16 15:32:02 +02:00
|
|
|
Log(LogWarning, "HttpServerConnection")
|
2018-02-08 14:54:52 +01:00
|
|
|
<< "Unauthorized request: " << m_CurrentRequest.RequestMethod << " " << requestUrl;
|
2017-02-09 09:13:58 +01:00
|
|
|
|
2015-07-09 15:27:14 +02:00
|
|
|
response.SetStatus(401, "Unauthorized");
|
|
|
|
response.AddHeader("WWW-Authenticate", "Basic realm=\"Icinga 2\"");
|
2017-02-09 09:13:58 +01:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
if (m_CurrentRequest.Headers->Get("accept") == "application/json") {
|
2018-01-11 11:17:38 +01:00
|
|
|
Dictionary::Ptr result = new Dictionary({
|
|
|
|
{ "error", 401 },
|
|
|
|
{ "status", "Unauthorized. Please check your user credentials." }
|
|
|
|
});
|
2017-02-09 09:13:58 +01:00
|
|
|
|
2017-12-20 15:31:05 +01:00
|
|
|
HttpUtility::SendJsonBody(response, nullptr, result);
|
2017-02-09 09:13:58 +01:00
|
|
|
} else {
|
|
|
|
response.AddHeader("Content-Type", "text/html");
|
|
|
|
String msg = "<h1>Unauthorized. Please check your user credentials.</h1>";
|
|
|
|
response.WriteBody(msg.CStr(), msg.GetLength());
|
|
|
|
}
|
2018-02-08 14:54:52 +01:00
|
|
|
|
|
|
|
response.Finish();
|
|
|
|
return false;
|
2015-07-09 15:27:14 +02:00
|
|
|
}
|
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
return true;
|
|
|
|
}
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2018-02-08 14:54:52 +01:00
|
|
|
void HttpServerConnection::ProcessMessageAsync(HttpRequest& request, HttpResponse& response, const ApiUser::Ptr& user)
|
|
|
|
{
|
|
|
|
try {
|
|
|
|
HttpHandler::ProcessRequest(user, request, response);
|
|
|
|
} catch (const std::exception& ex) {
|
|
|
|
Log(LogCritical, "HttpServerConnection")
|
|
|
|
<< "Unhandled exception while processing Http request: " << DiagnosticInformation(ex);
|
|
|
|
HttpUtility::SendJsonError(response, nullptr, 503, "Unhandled exception" , DiagnosticInformation(ex));
|
|
|
|
}
|
|
|
|
|
|
|
|
response.Finish();
|
2015-06-22 11:11:21 +02:00
|
|
|
m_PendingRequests--;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::DataAvailableHandler()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
2016-02-01 08:35:55 +01:00
|
|
|
bool close = false;
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2016-02-01 08:35:55 +01:00
|
|
|
if (!m_Stream->IsEof()) {
|
|
|
|
boost::mutex::scoped_lock lock(m_DataHandlerMutex);
|
2015-06-22 11:11:21 +02:00
|
|
|
|
2016-02-01 08:35:55 +01:00
|
|
|
try {
|
|
|
|
while (ProcessMessage())
|
|
|
|
; /* empty loop body */
|
|
|
|
} catch (const std::exception& ex) {
|
|
|
|
Log(LogWarning, "HttpServerConnection")
|
2017-12-19 15:50:05 +01:00
|
|
|
<< "Error while reading Http request: " << DiagnosticInformation(ex);
|
2016-01-13 10:30:38 +01:00
|
|
|
|
2016-02-01 08:35:55 +01:00
|
|
|
close = true;
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
close = true;
|
2016-01-13 10:30:38 +01:00
|
|
|
|
2016-02-01 08:35:55 +01:00
|
|
|
if (close)
|
2016-01-13 10:30:38 +01:00
|
|
|
Disconnect();
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::CheckLiveness()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
if (m_Seen < Utility::GetTime() - 10 && m_PendingRequests == 0) {
|
2015-08-29 01:16:16 +02:00
|
|
|
Log(LogInformation, "HttpServerConnection")
|
2017-12-19 15:50:05 +01:00
|
|
|
<< "No messages for Http connection have been received in the last 10 seconds.";
|
2015-06-22 11:11:21 +02:00
|
|
|
Disconnect();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void HttpServerConnection::TimeoutTimerHandler()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
ApiListener::Ptr listener = ApiListener::GetInstance();
|
|
|
|
|
2016-08-25 06:19:44 +02:00
|
|
|
for (const HttpServerConnection::Ptr& client : listener->GetHttpClients()) {
|
2015-06-22 11:11:21 +02:00
|
|
|
client->CheckLiveness();
|
|
|
|
}
|
|
|
|
}
|
2015-09-22 17:58:12 +02:00
|
|
|
|