void handlerThread(int csockIn) { int sopt = 1, csock = csockIn; ws_ctx_t *ws_ctx; bool useHixie = TRUE; ws_ctx = do_handshake(csock, &useHixie); if (ws_ctx == NULL) { handler_msg("No connection after handshake\n"); } else { settings.handler(ws_ctx, useHixie); if (pipe_error) { handler_emsg("Closing due to SIGPIPE\n"); } } if (ws_ctx) { ws_socket_free(ws_ctx); } else { shutdown(csock, SHUT_RDWR); close(csock); } handler_msg("handler exit\n"); }
int start_server() { int lsock, csock, pid, clilen, sopt = 1, i, res; struct sockaddr_in serv_addr, cli_addr; ws_ctx_t *ws_ctx; fd_set myset; struct timeval tv; /* Initialize buffers */ lsock = socket(AF_INET, SOCK_STREAM, 0); if (lsock < 0) { error("ERROR creating listener socket"); } bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(settings.listen_port); /* Resolve listen address */ if (settings.listen_host && (settings.listen_host[0] != '\0')) { if (resolve_host(&serv_addr.sin_addr, settings.listen_host) < -1) { error("Could not resolve listen address"); return 1; } } else { serv_addr.sin_addr.s_addr = INADDR_ANY; } setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, (char *)&sopt, sizeof(sopt)); if (bind(lsock, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { error("ERROR on binding listener socket"); return 1; } int optval = 1; if (setsockopt(lsock, IPPROTO_TCP, TCP_NODELAY, &optval, sizeof(int)) < 0) { error("Cannot set TCP_NODELAY option on listen address"); return 1; } listen(lsock,100); signal(SIGPIPE, signal_handler); // catch pipe if (settings.daemon) { ; // daemonize(lsock); } // Reep zombies signal(SIGCHLD, SIG_IGN); printf("Waiting for connections on %s:%d\n", settings.listen_host, settings.listen_port); while (websockify_loop) { clilen = sizeof(cli_addr); pipe_error = 0; pid = 0; // if (set_non_blocking(lsock) != 0) { // return; // } // Set Accept socket to non blocking to allow to cancel // requests while (websockify_loop) { tv.tv_sec = 0; tv.tv_usec = 200000; FD_ZERO(&myset); FD_SET(lsock, &myset); res = select(lsock+1, &myset, NULL, NULL, &tv); /* EINTR */ if (res < 0 && errno == EINTR) { continue; } if (res < 0) { perror("select"); return 1; } if (res > 0) { break; } } if (!websockify_loop) { fprintf(stderr, "Ending loop before accept\n"); return 0; } csock = accept(lsock, (struct sockaddr *) &cli_addr, &clilen); fprintf(stderr, "After accept\n"); if (csock < 0) { error("ERROR on accept"); continue; } handler_msg("got client connection from %s\n", inet_ntoa(cli_addr.sin_addr)); // if (set_blocking(lsock) != 0) { // return; // } if (!settings.run_once) { handler_msg("forking handler process not supported. Abort\n"); abort(); // pid = fork(); } if (pid == 0) { // handler process ws_ctx = do_handshake(csock); if (settings.run_once) { // Successful connection, stop listening for new // connections close(lsock); } if (ws_ctx == NULL) { handler_msg("No connection after handshake\n"); break; // Child process exits } settings.handler(ws_ctx); if (pipe_error) { handler_emsg("Closing due to SIGPIPE\n"); } break; // Child process exits } else { // parent process settings.handler_id += 1; } } if (pid == 0) { if (ws_ctx) { ws_socket_free(ws_ctx); free_ws_ctx(ws_ctx); } else { shutdown(csock, SHUT_RDWR); close(csock); } handler_msg("handler exit\n"); } else { handler_msg("websockify exit\n"); } return 0; }
ws_ctx_t *do_handshake(int sock) { char handshake[4096], response[4096], sha1[29], trailer[17]; char *scheme, *pre; headers_t *headers; int len, ret, i, offset; ws_ctx_t * ws_ctx; // Peek, but don't read the data len = recv(sock, handshake, 1024, MSG_PEEK); handshake[len] = 0; if (len == 0) { handler_msg("ignoring empty handshake\n"); return NULL; } else if (bcmp(handshake, "<policy-file-request/>", 22) == 0) { len = recv(sock, handshake, 1024, 0); handshake[len] = 0; handler_msg("sending flash policy response\n"); send(sock, POLICY_RESPONSE, sizeof(POLICY_RESPONSE), 0); return NULL; } else if ((bcmp(handshake, "\x16", 1) == 0) || (bcmp(handshake, "\x80", 1) == 0)) { // SSL if (!settings.cert) { handler_msg("SSL connection but no cert specified\n"); return NULL; } else if (access(settings.cert, R_OK) != 0) { handler_msg("SSL connection but '%s' not found\n", settings.cert); return NULL; } ws_ctx = alloc_ws_ctx(); ws_socket_ssl(ws_ctx, sock, settings.cert, settings.key); if (! ws_ctx) { return NULL; } scheme = "wss"; handler_msg("using SSL socket\n"); } else if (settings.ssl_only) { handler_msg("non-SSL connection disallowed\n"); return NULL; } else { ws_ctx = alloc_ws_ctx(); ws_socket(ws_ctx, sock); if (! ws_ctx) { return NULL; } scheme = "ws"; handler_msg("using plain (not SSL) socket\n"); } offset = 0; for (i = 0; i < 10; i++) { len = ws_recv(ws_ctx, handshake+offset, 4096); if (len == 0) { handler_emsg("Client closed during handshake\n"); return NULL; } offset += len; handshake[offset] = 0; if (strstr(handshake, "\r\n\r\n")) { break; } usleep(10); } //handler_msg("handshake: %s\n", handshake); if (!parse_handshake(ws_ctx, handshake)) { handler_emsg("Invalid WS request\n"); return NULL; } headers = ws_ctx->headers; if (ws_ctx->hybi > 0) { handler_msg("using protocol HyBi/IETF 6455 %d\n", ws_ctx->hybi); gen_sha1(headers, sha1); sprintf(response, SERVER_HANDSHAKE_HYBI, sha1, "base64"); } else { if (ws_ctx->hixie == 76) { handler_msg("using protocol Hixie 76\n"); gen_md5(headers, trailer); pre = "Sec-"; } else { handler_msg("using protocol Hixie 75\n"); trailer[0] = '\0'; pre = ""; } sprintf(response, SERVER_HANDSHAKE_HIXIE, pre, headers->origin, pre, scheme, headers->host, headers->path, pre, "base64", trailer); } //handler_msg("response: %s\n", response); ws_send(ws_ctx, response, strlen(response)); return ws_ctx; }
int decode_hybi(unsigned char *src, size_t srclength, u_char *target, size_t targsize, unsigned int *opcode, unsigned int *left) { unsigned char *frame, *mask, *payload, save_char, cntstr[4];; int masked = 0; int i = 0, len, framecount = 0; size_t remaining; unsigned int target_offset = 0, hdr_length = 0, payload_length = 0; *left = srclength; frame = src; //printf("Deocde new frame\n"); while (1) { // Need at least two bytes of the header // Find beginning of next frame. First time hdr_length, masked and // payload_length are zero frame += hdr_length + 4*masked + payload_length; //printf("frame[0..3]: 0x%x 0x%x 0x%x 0x%x (tot: %d)\n", // (unsigned char) frame[0], // (unsigned char) frame[1], // (unsigned char) frame[2], // (unsigned char) frame[3], srclength); if (frame > src + srclength) { //printf("Truncated frame from client, need %d more bytes\n", frame - (src + srclength) ); break; } remaining = (src + srclength) - frame; if (remaining < 2) { //printf("Truncated frame header from client\n"); break; } framecount ++; *opcode = frame[0] & 0x0f; masked = (frame[1] & 0x80) >> 7; if (*opcode == 0x8) { // client sent orderly close frame break; } payload_length = frame[1] & 0x7f; if (payload_length < 126) { hdr_length = 2; //frame += 2 * sizeof(char); } else if (payload_length == 126) { payload_length = (frame[2] << 8) + frame[3]; hdr_length = 4; } else { handler_emsg("Receiving frames larger than 65535 bytes not supported\n"); return -1; } if ((hdr_length + 4*masked + payload_length) > remaining) { continue; } //printf(" payload_length: %u, raw remaining: %u\n", payload_length, remaining); payload = frame + hdr_length + 4*masked; if (*opcode != 1 && *opcode != 2) { handler_msg("Ignoring non-data frame, opcode 0x%x\n", *opcode); continue; } if (payload_length == 0) { handler_msg("Ignoring empty frame\n"); continue; } if ((payload_length > 0) && (!masked)) { handler_emsg("Received unmasked payload from client\n"); return -1; } // Terminate with a null for base64 decode save_char = payload[payload_length]; payload[payload_length] = '\0'; // unmask the data mask = payload - 4; for (i = 0; i < payload_length; i++) { payload[i] ^= mask[i%4]; } // base64 decode the data len = b64_pton((const char*)payload, target+target_offset, targsize); // Restore the first character of the next frame payload[payload_length] = save_char; if (len < 0) { handler_emsg("Base64 decode error code %d", len); return len; } target_offset += len; //printf(" len %d, raw %s\n", len, frame); } if (framecount > 1) { snprintf(cntstr, 3, "%d", framecount); traffic(cntstr); } *left = remaining; return target_offset; }
void start_server() { int lsock, csock, pid, clilen, sopt = 1, i; struct sockaddr_in serv_addr, cli_addr; ws_ctx_t *ws_ctx; /* Initialize buffers */ lsock = socket(AF_INET, SOCK_STREAM, 0); if (lsock < 0) { error("ERROR creating listener socket"); } bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(settings.listen_port); /* Resolve listen address */ if (settings.listen_host && (settings.listen_host[0] != '\0')) { if (resolve_host(&serv_addr.sin_addr, settings.listen_host) < -1) { fatal("Could not resolve listen address"); } } else { serv_addr.sin_addr.s_addr = INADDR_ANY; } setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, (char *)&sopt, sizeof(sopt)); if (bind(lsock, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { fatal("ERROR on binding listener socket"); } listen(lsock,100); signal(SIGPIPE, signal_handler); // catch pipe if (settings.daemon) { daemonize(lsock); } // Reep zombies signal(SIGCHLD, SIG_IGN); printf("Waiting for connections on %s:%d\n", settings.listen_host, settings.listen_port); while (1) { clilen = sizeof(cli_addr); pipe_error = 0; pid = 0; csock = accept(lsock, (struct sockaddr *) &cli_addr, &clilen); if (csock < 0) { error("ERROR on accept"); continue; } handler_msg("got client connection from %s\n", inet_ntoa(cli_addr.sin_addr)); if (!settings.run_once) { handler_msg("forking handler process\n"); pid = fork(); } if (pid == 0) { // handler process ws_ctx = do_handshake(csock); if (settings.run_once) { if (ws_ctx == NULL) { // Not a real WebSocket connection continue; } else { // Successful connection, stop listening for new // connections close(lsock); } } if (ws_ctx == NULL) { handler_msg("No connection after handshake\n"); break; // Child process exits } settings.handler(ws_ctx); if (pipe_error) { handler_emsg("Closing due to SIGPIPE\n"); } break; // Child process exits } else { // parent process settings.handler_id += 1; } } if (pid == 0) { if (ws_ctx) { ws_socket_free(ws_ctx); free_ws_ctx(ws_ctx); } else { shutdown(csock, SHUT_RDWR); close(csock); } handler_msg("handler exit\n"); } else { handler_msg("websockify exit\n"); } }
int parse_handshake(ws_ctx_t *ws_ctx, char *handshake) { char *start, *end; headers_t *headers = ws_ctx->headers; headers->key1[0] = '\0'; headers->key2[0] = '\0'; headers->key3[0] = '\0'; if ((strlen(handshake) < 92) || (bcmp(handshake, "GET ", 4) != 0)) { return 0; } start = handshake+4; end = strstr(start, " HTTP/1.1"); if (!end) { return 0; } strncpy(headers->path, start, end-start); headers->path[end-start] = '\0'; start = strstr(handshake, "\r\nHost: "); if (!start) { return 0; } start += 8; end = strstr(start, "\r\n"); strncpy(headers->host, start, end-start); headers->host[end-start] = '\0'; headers->origin[0] = '\0'; start = strstr(handshake, "\r\nOrigin: "); if (start) { start += 10; } else { start = strstr(handshake, "\r\nSec-WebSocket-Origin: "); if (!start) { return 0; } start += 24; } end = strstr(start, "\r\n"); strncpy(headers->origin, start, end-start); headers->origin[end-start] = '\0'; start = strstr(handshake, "\r\nSec-WebSocket-Version: "); if (start) { // RFC 6455 start += 25; end = strstr(start, "\r\n"); strncpy(headers->version, start, end-start); headers->version[end-start] = '\0'; start = strstr(handshake, "\r\nSec-WebSocket-Key: "); if (!start) { return 0; } start += 21; end = strstr(start, "\r\n"); strncpy(headers->key1, start, end-start); headers->key1[end-start] = '\0'; start = strstr(handshake, "\r\nConnection: "); if (!start) { return 0; } start += 14; end = strstr(start, "\r\n"); strncpy(headers->connection, start, end-start); headers->connection[end-start] = '\0'; start = strstr(handshake, "\r\nSec-WebSocket-Protocol: "); if (!start) { return 0; } start += 26; end = strstr(start, "\r\n"); strncpy(headers->protocols, start, end-start); headers->protocols[end-start] = '\0'; } else { handler_msg("Protocol is not supported (only RFC6455 is supported)\n"); } return 1; }
void start_server() { int lsock, csock, pid, clilen, sopt = 1, threadId; struct sockaddr_in serv_addr, cli_addr; ws_ctx_t *ws_ctx; #ifdef WIN32 WSADATA winsockdata; /* WinSock data */ #endif /* WIN32 */ /* Initialize buffers */ bufsize = 65536; if (! (tbuf = (char *)malloc(bufsize)) ) { fatal("malloc()"); } if (! (cbuf = (char *)malloc(bufsize)) ) { fatal("malloc()"); } if (! (tbuf_tmp = (char *)malloc(bufsize)) ) { fatal("malloc()"); } if (! (cbuf_tmp = (char *)malloc(bufsize)) ) { fatal("malloc()"); } WSAStartup(MAKEWORD(2,2), &winsockdata); lsock = socket(AF_INET, SOCK_STREAM, 0); if (lsock < 0) { error("ERROR creating listener socket"); printf("Error code %d when opening a socket", WSAGetLastError()); } bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(settings.listen_port); /* Resolve listen address */ if (settings.listen_host && (settings.listen_host[0] != '\0')) { if (resolve_host(&serv_addr.sin_addr, settings.listen_host) < -1) { fatal("Could not resolve listen address"); } } else { serv_addr.sin_addr.s_addr = INADDR_ANY; } setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, (char *)&sopt, sizeof(sopt)); if (bind(lsock, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) { fatal("ERROR on binding listener socket"); } listen(lsock,100); signal(SIGPIPE, NULL); // catch pipe #ifndef WINCE if (settings.daemon) { daemonize(lsock); } #endif // Reep zombies signal(SIGCHLD, SIG_IGN); printf("Waiting for connections on %s:%d\n", settings.listen_host, settings.listen_port); while (1) { clilen = sizeof(cli_addr); pipe_error = 0; pid = 0; csock = accept(lsock, (struct sockaddr *) &cli_addr, &clilen); if (csock < 0) { error("ERROR on accept"); printf("Error on accept error number %d", WSAGetLastError()); continue; } handler_msg("got client connection from %s\n", inet_ntoa(cli_addr.sin_addr)); /* base64 is 4 bytes for every 3 * 20 for WS '\x00' / '\xff' and good measure */ dbufsize = (bufsize * 3)/4 - 20; handler_msg("forking handler process\n"); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&handlerThread, (LPVOID)csock, 0, (LPDWORD)&threadId); settings.handler_id += 1; } if (pid == 0) { if (ws_ctx) { ws_socket_free(ws_ctx); } else { shutdown(csock, SHUT_RDWR); close(csock); } handler_msg("handler exit\n"); } else { handler_msg("wsproxy exit\n"); } }
ws_ctx_t *do_handshake(int sock, bool* useHixie) { char handshake[4096], response[4096], trailer[17], hashDataB64[256]; char *scheme, *pre; headers_t headers; int len, i; u_char hashTemp[5]; ws_ctx_t * ws_ctx; SHA1Context sha1context; ws_ctx = ws_socket(sock); // Peek, but don't read the data len = ws_recv(ws_ctx, handshake, 1024); if (len < 1) { handler_msg("recv error %d in do_handshake\n", WSAGetLastError()); } handshake[len] = 0; if (len == 0) { handler_msg("ignoring empty handshake\n"); return NULL; } else if (bcmp(handshake, "<policy-file-request/>", 22) == 0) { handshake[len] = 0; handler_msg("sending flash policy response\n"); send(sock, policy_response, sizeof(policy_response) - 1, 0); return NULL; } else if ((bcmp(handshake, "\x16", 1) == 0) || (bcmp(handshake, "\x80", 1) == 0)) { // SSL if (!settings.cert) { handler_msg("SSL connection but no cert specified\n"); return NULL; } else if (access(settings.cert, R_OK) != 0) { handler_msg("SSL connection but '%s' not found\n", settings.cert); return NULL; } //ws_ctx = ws_socket_ssl(sock, settings.cert, settings.key); if (! ws_ctx) { return NULL; } scheme = "wss"; handler_msg("using SSL socket\n"); } else if (settings.ssl_only) { handler_msg("non-SSL connection disallowed\n"); return NULL; } else { ws_ctx = ws_socket(sock); if (! ws_ctx) { return NULL; } scheme = "ws"; handler_msg("using plain (not SSL) socket\n"); } //len = ws_recv(ws_ctx, handshake, 4096); if (len == 0) { handler_emsg("Client closed during handshake\n"); return NULL; } else if (len == -1) { return ws_ctx; } handshake[len] = 0; if (!parse_handshake(handshake, &headers)) { handler_emsg("Invalid WS request\n"); return NULL; } if (headers.version[0] != '\0') { //strcpy((char*)headers.key1, (const char *)"dGhlIHNhbXBsZSBub25jZQ=="); strncat(headers.key1, websocket_GUID, strlen(websocket_GUID)); SHA1Reset(&sha1context); //sha1context.Length_High = 0; //sha1context.Length_Low = strlen(headers.key1); SHA1Input(&sha1context, (const unsigned char*)&(headers.key1), strlen(headers.key1)); SHA1Result(&sha1context); for (i = 0; i < 5; i++) { hashTemp[i * 4] = ((u_char*)sha1context.Message_Digest)[i * 4 + 3]; hashTemp[i * 4 + 1] = ((u_char*)sha1context.Message_Digest)[i * 4 + 2]; hashTemp[i * 4 + 2] = ((u_char*)sha1context.Message_Digest)[i * 4 + 1]; hashTemp[i * 4 + 3] = ((u_char*)sha1context.Message_Digest)[i * 4]; } b64_ntop((const u_char*)&hashTemp, 5 * sizeof(int), (char*)&hashDataB64, 256); //b64_pton((const char*)sha1context.Message_Digest, (u_char*)&hashDataB64, 256); sprintf(response, server_handshake_hybi, headers.upgrade, headers.connection, hashDataB64); handler_msg("response: %s\n", response); ws_send(ws_ctx, response, strlen(response)); *useHixie = FALSE; return ws_ctx; } if (headers.key3[0] != '\0') { gen_md5(&headers, trailer); pre = "Sec-"; handler_msg("using protocol version 76\n"); } else { trailer[0] = '\0'; pre = ""; handler_msg("using protocol version 75\n"); } sprintf(response, server_handshake, pre, headers.origin, pre, scheme, headers.host, headers.path, "", trailer); handler_msg("response: %s\n", response); ws_send(ws_ctx, response, strlen(response)); return ws_ctx; }