lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
lighttpd1.4/src/mod_wstunnel.c

1326 lines
50 KiB

/*
* mod_wstunnel originally based off https://github.com/nori0428/mod_websocket
* Portions of this module Copyright(c) 2017, Glenn Strauss, All rights reserved
* Portions of this module Copyright(c) 2010, Norio Kobota, All rights reserved.
*/
/*
* Copyright(c) 2010, Norio Kobota, All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* - Neither the name of the 'incremental' nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
/* NOTES:
*
* mod_wstunnel has been largely rewritten from Norio Kobota mod_websocket.
*
* highlighted differences from Norio Kobota mod_websocket
* - re-coded to use lighttpd 1.4.46 buffer, chunkqueue, and gw_backend APIs
* - websocket.server "ext" value is no longer regex;
* operates similar to mod_proxy for either path prefix or extension match
* - validation of "origins" value is no longer regex; operates as suffix match
* (admin could use lighttpd.conf regex on "Origin" or "Sec-WebSocket-Origin"
* and reject non-matches with mod_access if such regex validation required)
* - websocket transparent proxy mode removed; functionality is now in mod_proxy
* Backend server which responds to Connection: upgrade and Upgrade: websocket
* should check "Origin" and/or "Sec-WebSocket-Origin". lighttpd.conf could
* additionally be configured to check
* $REQUEST_HEADER["Sec-WebSocket-Origin"] !~ "..."
* with regex, and mod_access used to reject non-matches, if desired.
* - connections to backend no longer block, but only first address returned
* by getaddrinfo() is used; lighttpd does not cycle through all addresses
* returned by DNS resolution. Note: DNS resolution occurs once at startup.
* - directives renamed from websocket.* to wstunnel.*
* - directive websocket.ping_interval replaced with wstunnel.ping-interval
* (note the '_' changed to '-')
* - directive websocket.timeout should be replaced with server.max-read-idle
* - attribute "type" is an independent directive wstunnel.frame-type
* (default is "text" unless "binary" is specified)
* - attribute "origins" is an independent directive wstunnel.origins
* - attribute "proto" removed; mod_proxy can proxy to backend websocket server
* - attribute "subproto" should be replaced with mod_setenv directive
* setenv.set-response-header = ( "Sec-WebSocket-Protocol" => "..." )
* if header is required
*
* not reviewed:
* - websocket protocol compliance has not been reviewed
* e.g. when to send 1000 Normal Closure and when to send 1001 Going Away
* - websocket protocol sanity checking has not been reviewed
*
* References:
* https://en.wikipedia.org/wiki/WebSocket
* https://tools.ietf.org/html/rfc6455
* https://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-00
*/
#include "first.h"
#include <sys/types.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include "gw_backend.h"
#include "base.h"
#include "array.h"
#include "buffer.h"
#include "chunk.h"
#include "fdevent.h"
#include "http_header.h"
#include "log.h"
#include "connections.h"
#define MOD_WEBSOCKET_LOG_NONE 0
#define MOD_WEBSOCKET_LOG_ERR 1
#define MOD_WEBSOCKET_LOG_WARN 2
#define MOD_WEBSOCKET_LOG_INFO 3
#define MOD_WEBSOCKET_LOG_DEBUG 4
#define DEBUG_LOG_ERR(format, ...) \
if (hctx->gw.conf.debug >= MOD_WEBSOCKET_LOG_ERR) { log_error(hctx->errh, __FILE__, __LINE__, (format), __VA_ARGS__); }
#define DEBUG_LOG_WARN(format, ...) \
if (hctx->gw.conf.debug >= MOD_WEBSOCKET_LOG_WARN) { log_error(hctx->errh, __FILE__, __LINE__, (format), __VA_ARGS__); }
#define DEBUG_LOG_INFO(format, ...) \
if (hctx->gw.conf.debug >= MOD_WEBSOCKET_LOG_INFO) { log_error(hctx->errh, __FILE__, __LINE__, (format), __VA_ARGS__); }
#define DEBUG_LOG_DEBUG(format, ...) \
if (hctx->gw.conf.debug >= MOD_WEBSOCKET_LOG_DEBUG) { log_error(hctx->errh, __FILE__, __LINE__, (format), __VA_ARGS__); }
typedef struct {
gw_plugin_config gw; /* start must match layout of gw_plugin_config */
const array *origins;
unsigned int frame_type;
unsigned short int ping_interval;
} plugin_config;
typedef struct plugin_data {
PLUGIN_DATA;
pid_t srv_pid; /* must match layout of gw_plugin_data through conf member */
plugin_config conf;
plugin_config defaults;
} plugin_data;
typedef enum {
MOD_WEBSOCKET_FRAME_STATE_INIT,
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
MOD_WEBSOCKET_FRAME_STATE_READ_LENGTH,
MOD_WEBSOCKET_FRAME_STATE_READ_EX_LENGTH,
MOD_WEBSOCKET_FRAME_STATE_READ_MASK,
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
MOD_WEBSOCKET_FRAME_STATE_READ_PAYLOAD
} mod_wstunnel_frame_state_t;
typedef enum {
MOD_WEBSOCKET_FRAME_TYPE_TEXT,
MOD_WEBSOCKET_FRAME_TYPE_BIN,
MOD_WEBSOCKET_FRAME_TYPE_CLOSE,
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
MOD_WEBSOCKET_FRAME_TYPE_PING,
MOD_WEBSOCKET_FRAME_TYPE_PONG
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
} mod_wstunnel_frame_type_t;
typedef struct {
uint64_t siz;
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
int siz_cnt;
int mask_cnt;
#define MOD_WEBSOCKET_MASK_CNT 4
unsigned char mask[MOD_WEBSOCKET_MASK_CNT];
/* _MOD_WEBSOCKET_SPEC_RFC_6455_ */
} mod_wstunnel_frame_control_t;
typedef struct {
mod_wstunnel_frame_state_t state;
mod_wstunnel_frame_control_t ctl;
mod_wstunnel_frame_type_t type, type_before, type_backend;
buffer *payload;
} mod_wstunnel_frame_t;
typedef struct {
gw_handler_ctx gw;
mod_wstunnel_frame_t frame;
int hybivers;
time_t ping_ts;
int subproto;
log_error_st *errh; /*(for mod_wstunnel module-specific DEBUG_*() macros)*/
plugin_config conf;
} handler_ctx;
/* prototypes */
static handler_t mod_wstunnel_handshake_create_response(handler_ctx *);
static int mod_wstunnel_frame_send(handler_ctx *, mod_wstunnel_frame_type_t, const char *, size_t);
static int mod_wstunnel_frame_recv(handler_ctx *);
#define _MOD_WEBSOCKET_SPEC_IETF_00_
#define _MOD_WEBSOCKET_SPEC_RFC_6455_
INIT_FUNC(mod_wstunnel_init) {
return calloc(1, sizeof(plugin_data));
}
static void mod_wstunnel_merge_config_cpv(plugin_config * const pconf, const config_plugin_value_t * const cpv) {
switch (cpv->k_id) { /* index into static config_plugin_keys_t cpk[] */
case 0: /* wstunnel.server */
if (cpv->vtype == T_CONFIG_LOCAL) {
gw_plugin_config * const gw = cpv->v.v;
pconf->gw.exts = gw->exts;
pconf->gw.exts_auth = gw->exts_auth;
pconf->gw.exts_resp = gw->exts_resp;
}
break;
case 1: /* wstunnel.balance */
/*if (cpv->vtype == T_CONFIG_LOCAL)*//*always true here for this param*/
pconf->gw.balance = (int)cpv->v.u;
break;
case 2: /* wstunnel.debug */
pconf->gw.debug = (int)cpv->v.u;
break;
case 3: /* wstunnel.map-extensions */
pconf->gw.ext_mapping = cpv->v.a;
break;
case 4: /* wstunnel.frame-type */
pconf->frame_type = cpv->v.u;
break;
case 5: /* wstunnel.origins */
pconf->origins = cpv->v.a;
break;
case 6: /* wstunnel.ping-interval */
pconf->ping_interval = cpv->v.shrt;
break;
default:/* should not happen */
return;
}
}
static void mod_wstunnel_merge_config(plugin_config * const pconf, const config_plugin_value_t *cpv) {
do {
mod_wstunnel_merge_config_cpv(pconf, cpv);
} while ((++cpv)->k_id != -1);
}
static void mod_wstunnel_patch_config(request_st * const r, plugin_data * const p) {
memcpy(&p->conf, &p->defaults, sizeof(plugin_config));
for (int i = 1, used = p->nconfig; i < used; ++i) {
if (config_check_cond(r, (uint32_t)p->cvlist[i].k_id))
mod_wstunnel_merge_config(&p->conf, p->cvlist+p->cvlist[i].v.u2[0]);
}
}
SETDEFAULTS_FUNC(mod_wstunnel_set_defaults) {
static const config_plugin_keys_t cpk[] = {
{ CONST_STR_LEN("wstunnel.server"),
T_CONFIG_ARRAY_KVARRAY,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.balance"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.debug"),
T_CONFIG_INT,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.map-extensions"),
T_CONFIG_ARRAY_KVSTRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.frame-type"),
T_CONFIG_STRING,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.origins"),
T_CONFIG_ARRAY_VLIST,
T_CONFIG_SCOPE_CONNECTION }
,{ CONST_STR_LEN("wstunnel.ping-interval"),
T_CONFIG_SHORT,
T_CONFIG_SCOPE_CONNECTION }
,{ NULL, 0,
T_CONFIG_UNSET,
T_CONFIG_SCOPE_UNSET }
};
plugin_data * const p = p_d;
if (!config_plugin_values_init(srv, p, cpk, "mod_wstunnel"))
return HANDLER_ERROR;
/* process and validate config directives
* (init i to 0 if global context; to 1 to skip empty global context) */
for (int i = !p->cvlist[0].v.u2[1]; i < p->nconfig; ++i) {
config_plugin_value_t *cpv = p->cvlist + p->cvlist[i].v.u2[0];
gw_plugin_config *gw = NULL;
for (; -1 != cpv->k_id; ++cpv) {
switch (cpv->k_id) {
case 0: /* wstunnel.server */
gw = calloc(1, sizeof(gw_plugin_config));
force_assert(gw);
if (!gw_set_defaults_backend(srv, (gw_plugin_data *)p, cpv->v.a,
gw, 0, cpk[cpv->k_id].k)) {
gw_plugin_config_free(gw);
return HANDLER_ERROR;
}
/* error if "mode" = "authorizer";
* wstunnel can not act as authorizer */
/*(check after gw_set_defaults_backend())*/
if (gw->exts_auth && gw->exts_auth->used) {
log_error(srv->errh, __FILE__, __LINE__,
"%s must not define any hosts with "
"attribute \"mode\" = \"authorizer\"", cpk[cpv->k_id].k);
gw_plugin_config_free(gw);
return HANDLER_ERROR;
}
cpv->v.v = gw;
cpv->vtype = T_CONFIG_LOCAL;
break;
case 1: /* wstunnel.balance */
cpv->v.u = (unsigned int)gw_get_defaults_balance(srv, cpv->v.b);
break;
case 2: /* wstunnel.debug */
case 3: /* wstunnel.map-extensions */
break;
case 4: /* wstunnel.frame-type */
/*(default frame-type to "text" unless "binary" is specified)*/
cpv->v.u =
buffer_eq_icase_slen(cpv->v.b, CONST_STR_LEN("binary"));
break;
case 5: /* wstunnel.origins */
for (uint32_t j = 0; j < cpv->v.a->used; ++j) {
buffer *origin = &((data_string *)cpv->v.a->data[j])->value;
if (buffer_string_is_empty(origin)) {
log_error(srv->errh, __FILE__, __LINE__,
"unexpected empty string in %s", cpk[cpv->k_id].k);
return HANDLER_ERROR;
}
}
break;
case 6: /* wstunnel.ping-interval */
break;
default:/* should not happen */
break;
}
}
/* disable check-local for all exts (default enabled) */
if (gw && gw->exts) { /*(check after gw_set_defaults_backend())*/
gw_exts_clear_check_local(gw->exts);
}
}
/* default is 0 */
/*p->defaults.balance = (unsigned int)gw_get_defaults_balance(srv, NULL);*/
p->defaults.ping_interval = 0; /* do not send ping */
/* initialize p->defaults from global config context */
if (p->nconfig > 0 && p->cvlist->v.u2[1]) {
const config_plugin_value_t *cpv = p->cvlist + p->cvlist->v.u2[0];
if (-1 != cpv->k_id)
mod_wstunnel_merge_config(&p->defaults, cpv);
}
return HANDLER_GO_ON;
}
static handler_t wstunnel_create_env(gw_handler_ctx *gwhctx) {
handler_ctx *hctx = (handler_ctx *)gwhctx;
request_st * const r = hctx->gw.r;
handler_t rc;
if (0 == r->reqbody_length) {
http_response_upgrade_read_body_unknown(r);
chunkqueue_append_chunkqueue(r->reqbody_queue, r->read_queue);
}
rc = mod_wstunnel_handshake_create_response(hctx);
if (rc != HANDLER_GO_ON) return rc;
r->http_status = 101; /* Switching Protocols */
r->resp_body_started = 1;
hctx->ping_ts = log_epoch_secs;
gw_set_transparent(&hctx->gw);
return HANDLER_GO_ON;
}
static handler_t wstunnel_stdin_append(gw_handler_ctx *gwhctx) {
/* prepare websocket frames to backend */
/* (caller should verify r->reqbody_queue) */
/*assert(!chunkqueue_is_empty(r->reqbody_queue));*/
handler_ctx *hctx = (handler_ctx *)gwhctx;
if (0 == mod_wstunnel_frame_recv(hctx))
return HANDLER_GO_ON;
else {
/*(error)*/
/* future: might differentiate client close request from client error,
* and then send 1000 or 1001 */
request_st * const r = hctx->gw.r;
DEBUG_LOG_INFO("disconnected from client (fd=%d)", r->con->fd);
DEBUG_LOG_DEBUG("send close response to client (fd=%d)", r->con->fd);
mod_wstunnel_frame_send(hctx, MOD_WEBSOCKET_FRAME_TYPE_CLOSE, CONST_STR_LEN("1000")); /* 1000 Normal Closure */
gw_handle_request_reset(r, hctx->gw.plugin_data);
return HANDLER_FINISHED;
}
}
static handler_t wstunnel_recv_parse(request_st * const r, http_response_opts * const opts, buffer * const b, size_t n) {
handler_ctx *hctx = (handler_ctx *)opts->pdata;
DEBUG_LOG_DEBUG("recv data from backend (fd=%d), size=%zx", hctx->gw.fd, n);
if (0 == n) return HANDLER_FINISHED;
if (mod_wstunnel_frame_send(hctx,hctx->frame.type_backend,b->ptr,n) < 0) {
DEBUG_LOG_ERR("%s", "fail to send data to client");
return HANDLER_ERROR;
}
buffer_clear(b);
UNUSED(r);
return HANDLER_GO_ON;
}
static int wstunnel_is_allowed_origin(request_st * const r, handler_ctx * const hctx) {
/* If allowed origins is set (and not empty list), fail closed if no match.
* Note that origin provided in request header has not been normalized, so
* change in case or other non-normal forms might not match allowed list */
const array * const allowed_origins = hctx->conf.origins;
const buffer *origin = NULL;
size_t olen;
if (NULL == allowed_origins || 0 == allowed_origins->used) {
DEBUG_LOG_INFO("%s", "allowed origins not specified");
return 1;
}
/* "Origin" header is preferred
* ("Sec-WebSocket-Origin" is from older drafts of websocket spec) */
origin = http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Origin"));
if (NULL == origin) {
origin =
http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Origin"));
}
olen = buffer_string_length(origin);
if (0 == olen) {
DEBUG_LOG_ERR("%s", "Origin header is invalid");
r->http_status = 400; /* Bad Request */
return 0;
}
for (size_t i = 0; i < allowed_origins->used; ++i) {
buffer *b = &((data_string *)allowed_origins->data[i])->value;
size_t blen = buffer_string_length(b);
if ((olen > blen ? origin->ptr[olen-blen-1] == '.' : olen == blen)
&& buffer_is_equal_right_len(origin, b, blen)) {
DEBUG_LOG_INFO("%s matches allowed origin: %s",origin->ptr,b->ptr);
return 1;
}
}
DEBUG_LOG_INFO("%s does not match any allowed origins", origin->ptr);
r->http_status = 403; /* Forbidden */
return 0;
}
static int wstunnel_check_request(request_st * const r, handler_ctx * const hctx) {
const buffer * const vers =
http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Version"));
const long hybivers = (NULL != vers)
? light_isdigit(*vers->ptr) ? strtol(vers->ptr, NULL, 10) : -1
: 0;
if (hybivers < 0 || hybivers > INT_MAX) {
DEBUG_LOG_ERR("%s", "invalid Sec-WebSocket-Version");
r->http_status = 400; /* Bad Request */
return -1;
}
/*(redundant since HTTP/1.1 required in mod_wstunnel_check_extension())*/
if (buffer_is_empty(r->http_host)) {
DEBUG_LOG_ERR("%s", "Host header does not exist");
r->http_status = 400; /* Bad Request */
return -1;
}
if (!wstunnel_is_allowed_origin(r, hctx)) {
return -1;
}
return (int)hybivers;
}
static void wstunnel_backend_error(gw_handler_ctx *gwhctx) {
handler_ctx *hctx = (handler_ctx *)gwhctx;
if (hctx->gw.state == GW_STATE_WRITE || hctx->gw.state == GW_STATE_READ) {
mod_wstunnel_frame_send(hctx, MOD_WEBSOCKET_FRAME_TYPE_CLOSE, CONST_STR_LEN("1001")); /* 1001 Going Away */
}
}
static void wstunnel_handler_ctx_free(void *gwhctx) {
handler_ctx *hctx = (handler_ctx *)gwhctx;
chunk_buffer_release(hctx->frame.payload);
}
static handler_t wstunnel_handler_setup (request_st * const r, plugin_data * const p) {
handler_ctx *hctx = r->plugin_ctx[p->id];
int hybivers;
hctx->errh = r->conf.errh;/*(for mod_wstunnel-specific DEBUG_* macros)*/
hctx->conf = p->conf; /*(copies struct)*/
hybivers = wstunnel_check_request(r, hctx);
if (hybivers < 0) return HANDLER_FINISHED;
hctx->hybivers = hybivers;
if (0 == hybivers) {
DEBUG_LOG_INFO("WebSocket Version = %s", "hybi-00");
}
else {
DEBUG_LOG_INFO("WebSocket Version = %d", hybivers);
}
hctx->gw.opts.backend = BACKEND_PROXY; /*(act proxy-like; not used)*/
hctx->gw.opts.pdata = hctx;
hctx->gw.opts.parse = wstunnel_recv_parse;
hctx->gw.stdin_append = wstunnel_stdin_append;
hctx->gw.create_env = wstunnel_create_env;
hctx->gw.handler_ctx_free = wstunnel_handler_ctx_free;
hctx->gw.backend_error = wstunnel_backend_error;
hctx->gw.response = chunk_buffer_acquire();
hctx->frame.state = MOD_WEBSOCKET_FRAME_STATE_INIT;
hctx->frame.ctl.siz = 0;
hctx->frame.payload = chunk_buffer_acquire();
unsigned int binary = hctx->conf.frame_type; /*(0 = "text"; 1 = "binary")*/
if (!binary) {
const buffer *vb =
http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Protocol"));
if (NULL != vb) {
for (const char *s = vb->ptr; *s; ++s) {
while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s;
if (buffer_eq_icase_ssn(s, CONST_STR_LEN("binary"))) {
s += sizeof("binary")-1;
while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s;
if (*s==','||*s=='\0') {
hctx->subproto = 1;
binary = 1;
break;
}
}
else if (buffer_eq_icase_ssn(s, CONST_STR_LEN("base64"))) {
s += sizeof("base64")-1;
while (*s==' '||*s=='\t'||*s=='\r'||*s=='\n') ++s;
if (*s==','||*s=='\0') {
hctx->subproto = -1;
break;
}
}
s = strchr(s, ',');
if (NULL == s) break;
}
}
}
if (binary) {
DEBUG_LOG_INFO("%s", "will recv binary data from backend");
hctx->frame.type = MOD_WEBSOCKET_FRAME_TYPE_BIN;
hctx->frame.type_before = MOD_WEBSOCKET_FRAME_TYPE_BIN;
hctx->frame.type_backend = MOD_WEBSOCKET_FRAME_TYPE_BIN;
}
else {
DEBUG_LOG_INFO("%s", "will recv text data from backend");
hctx->frame.type = MOD_WEBSOCKET_FRAME_TYPE_TEXT;
hctx->frame.type_before = MOD_WEBSOCKET_FRAME_TYPE_TEXT;
hctx->frame.type_backend = MOD_WEBSOCKET_FRAME_TYPE_TEXT;
}
return HANDLER_GO_ON;
}
static handler_t mod_wstunnel_check_extension(request_st * const r, void *p_d) {
plugin_data *p = p_d;
const buffer *vb;
handler_t rc;
if (NULL != r->handler_module)
return HANDLER_GO_ON;
if (r->http_method != HTTP_METHOD_GET)
return HANDLER_GO_ON;
if (r->http_version != HTTP_VERSION_1_1)
return HANDLER_GO_ON;
/*
* Connection: upgrade, keep-alive, ...
* Upgrade: WebSocket, ...
*/
vb = http_header_request_get(r, HTTP_HEADER_UPGRADE, CONST_STR_LEN("Upgrade"));
if (NULL == vb
|| !http_header_str_contains_token(CONST_BUF_LEN(vb), CONST_STR_LEN("websocket")))
return HANDLER_GO_ON;
vb = http_header_request_get(r, HTTP_HEADER_CONNECTION, CONST_STR_LEN("Connection"));
if (NULL == vb
|| !http_header_str_contains_token(CONST_BUF_LEN(vb), CONST_STR_LEN("upgrade")))
return HANDLER_GO_ON;
mod_wstunnel_patch_config(r, p);
if (NULL == p->conf.gw.exts) return HANDLER_GO_ON;
rc = gw_check_extension(r, (gw_plugin_data *)p, 1, sizeof(handler_ctx));
return (HANDLER_GO_ON == rc && r->handler_module == p->self)
? wstunnel_handler_setup(r, p)
: rc;
}
TRIGGER_FUNC(mod_wstunnel_handle_trigger) {
const plugin_data * const p = p_d;
const time_t cur_ts = log_epoch_secs + 1;
gw_handle_trigger(srv, p_d);
for (uint32_t i = 0; i < srv->conns.used; ++i) {
connection *con = srv->conns.ptr[i];
request_st * const r = &con->request;
handler_ctx *hctx = r->plugin_ctx[p->id];
if (NULL == hctx || r->handler_module != p->self)
continue;
if (hctx->gw.state != GW_STATE_WRITE && hctx->gw.state != GW_STATE_READ)
continue;
if (cur_ts - con->read_idle_ts > r->conf.max_read_idle) {
DEBUG_LOG_INFO("timeout client (fd=%d)", con->fd);
mod_wstunnel_frame_send(hctx,MOD_WEBSOCKET_FRAME_TYPE_CLOSE,NULL,0);
gw_handle_request_reset(r, p_d);
joblist_append(con);
/* avoid server.c closing connection with error due to max_read_idle
* (might instead run joblist after plugins_call_handle_trigger())*/
con->read_idle_ts = cur_ts;
continue;
}
if (0 != hctx->hybivers
&& hctx->conf.ping_interval > 0
&& (time_t)hctx->conf.ping_interval + hctx->ping_ts < cur_ts) {
hctx->ping_ts = cur_ts;
mod_wstunnel_frame_send(hctx, MOD_WEBSOCKET_FRAME_TYPE_PING, CONST_STR_LEN("ping"));
joblist_append(con);
continue;
}
}
return HANDLER_GO_ON;
}
int mod_wstunnel_plugin_init(plugin *p);
int mod_wstunnel_plugin_init(plugin *p) {
p->version = LIGHTTPD_VERSION_ID;
p->name = "wstunnel";
p->init = mod_wstunnel_init;
p->cleanup = gw_free;
p->set_defaults = mod_wstunnel_set_defaults;
p->handle_request_reset = gw_handle_request_reset;
p->handle_uri_clean = mod_wstunnel_check_extension;
p->handle_subrequest = gw_handle_subrequest;
p->handle_trigger = mod_wstunnel_handle_trigger;
p->handle_waitpid = gw_handle_waitpid_cb;
return 0;
}
/*
* modified from Norio Kobota mod_websocket_handshake.c
*/
#ifdef _MOD_WEBSOCKET_SPEC_IETF_00_
#include "sys-crypto-md.h" /* lighttpd */
#include "sys-endian.h" /* lighttpd */
static int get_key3(request_st * const r, char *buf) {
/* 8 bytes should have been sent with request
* for draft-ietf-hybi-thewebsocketprotocol-00 */
chunkqueue *cq = r->reqbody_queue;
size_t bytes = 8;
/*(caller should ensure bytes available prior to calling this routine)*/
/*assert(chunkqueue_length(cq) >= 8);*/
for (chunk *c = cq->first; NULL != c; c = c->next) {
/*(chunk_remaining_length() on MEM_CHUNK)*/
size_t n = (size_t)(buffer_string_length(c->mem) - c->offset);
/*(expecting 8 bytes to be in memory directly after headers)*/
if (c->type != MEM_CHUNK) break; /* FILE_CHUNK not handled here */
if (n > bytes) n = bytes;
memcpy(buf, c->mem->ptr+c->offset, n);
buf += n;
if (0 == (bytes -= n)) break;
}
if (0 != bytes) return -1;
chunkqueue_mark_written(cq, 8);
return 0;
}
static int get_key_number(uint32_t *ret, const buffer *b) {
const char * const s = b->ptr;
size_t j = 0;
unsigned long n;
uint32_t sp = 0;
char tmp[10 + 1]; /* #define UINT32_MAX_STRLEN 10 */
for (size_t i = 0, used = buffer_string_length(b); i < used; ++i) {
if (light_isdigit(s[i])) {
tmp[j] = s[i];
if (++j >= sizeof(tmp)) return -1;
}
else if (s[i] == ' ') ++sp; /* count num spaces */
}
tmp[j] = '\0';
n = strtoul(tmp, NULL, 10);
if (n > UINT32_MAX || 0 == sp || !light_isdigit(*tmp)) return -1;
*ret = (uint32_t)n / sp;
return 0;
}
static int create_MD5_sum(request_st * const r) {
uint32_t buf[4]; /* MD5 binary hash len */
li_MD5_CTX ctx;
const buffer *key1 =
http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Key1"));
const buffer *key2 =
http_header_request_get(r, HTTP_HEADER_OTHER, CONST_STR_LEN("Sec-WebSocket-Key2"));
if (NULL == key1 || get_key_number(buf+0, key1) < 0 ||
NULL == key2 || get_key_number(buf+1, key2) < 0 ||
get_key3(r, (char *)(buf+2)) < 0) {
return -1;
}
#ifdef __BIG_ENDIAN__
#define ws_htole32(s,u)\
(s)[0]=((u)>>24); \
(s)[1]=((u)>>16); \
(s)[2]=((u)>>8); \
(s)[3]=((u))
ws_htole32((unsigned char *)(buf+0), buf[0]);
ws_htole32((unsigned char *)(buf+1), buf[1]);
#endif
li_MD5_Init(&ctx);
li_MD5_Update(&ctx, buf, sizeof(buf));
li_MD5_Final((unsigned char *)buf, &ctx); /*(overwrite buf[] with result)*/
chunkqueue_append_mem(r->write_queue, (char *)buf, sizeof(buf));