2020-03-26 06:48:34 +00:00
|
|
|
/*
|
|
|
|
|
* libwebsockets - small server side websockets and web server implementation
|
|
|
|
|
*
|
2021-06-10 00:08:37 -07:00
|
|
|
* Copyright (C) 2019 - 2021 Andy Green <andy@warmcat.com>
|
2020-03-26 06:48:34 +00:00
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
* of this software and associated documentation files (the "Software"), to
|
|
|
|
|
* deal in the Software without restriction, including without limitation the
|
|
|
|
|
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
|
|
|
* sell copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
|
|
|
* IN THE SOFTWARE.
|
|
|
|
|
*
|
|
|
|
|
* This file contains the stuff related to secure streams policy, it's always
|
|
|
|
|
* built if LWS_WITH_SECURE_STREAMS enabled.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <private-lib-core.h>
|
|
|
|
|
|
2020-06-24 20:15:46 +01:00
|
|
|
#if defined(LWS_WITH_SYS_SMD)
|
|
|
|
|
const lws_ss_policy_t pol_smd = {
|
|
|
|
|
.flags = 0, /* have to set something for windows */
|
|
|
|
|
};
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
const lws_ss_policy_t *
|
|
|
|
|
lws_ss_policy_lookup(const struct lws_context *context, const char *streamtype)
|
|
|
|
|
{
|
|
|
|
|
const lws_ss_policy_t *p = context->pss_policies;
|
|
|
|
|
|
|
|
|
|
if (!streamtype)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2020-06-24 20:15:46 +01:00
|
|
|
#if defined(LWS_WITH_SYS_SMD)
|
|
|
|
|
if (!strcmp(streamtype, LWS_SMD_STREAMTYPENAME))
|
|
|
|
|
return &pol_smd;
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
while (p) {
|
|
|
|
|
if (!strcmp(p->streamtype, streamtype))
|
|
|
|
|
return p;
|
|
|
|
|
p = p->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2020-10-07 17:51:58 +01:00
|
|
|
_lws_ss_set_metadata(lws_ss_metadata_t *omd, const char *name,
|
|
|
|
|
const void *value, size_t len)
|
2020-03-26 06:48:34 +00:00
|
|
|
{
|
2020-10-07 17:51:58 +01:00
|
|
|
/*
|
|
|
|
|
* If there was already a heap-based value, it's about to go out of
|
|
|
|
|
* scope due to us trashing the pointer. So free it first and clear
|
|
|
|
|
* its flag indicating it's heap-based.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (omd->value_on_lws_heap) {
|
2020-10-11 07:29:47 +01:00
|
|
|
lws_free_set_NULL(omd->value__may_own_heap);
|
2020-10-07 17:51:58 +01:00
|
|
|
omd->value_on_lws_heap = 0;
|
2020-03-26 06:48:34 +00:00
|
|
|
}
|
|
|
|
|
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
// lwsl_notice("%s: %s %s\n", __func__, name, (const char *)value);
|
|
|
|
|
|
|
|
|
|
omd->name = name;
|
2020-10-11 07:29:47 +01:00
|
|
|
omd->value__may_own_heap = (void *)value;
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
omd->length = len;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-07 17:51:58 +01:00
|
|
|
int
|
|
|
|
|
lws_ss_set_metadata(struct lws_ss_handle *h, const char *name,
|
|
|
|
|
const void *value, size_t len)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *omd = lws_ss_get_handle_metadata(h, name);
|
|
|
|
|
|
2021-08-10 06:35:59 +01:00
|
|
|
lws_service_assert_loop_thread(h->context, h->tsi);
|
|
|
|
|
|
2021-06-10 00:08:37 -07:00
|
|
|
if (omd)
|
|
|
|
|
return _lws_ss_set_metadata(omd, name, value, len);
|
|
|
|
|
|
|
|
|
|
#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
|
|
|
|
|
if (h->policy->flags & LWSSSPOLF_DIRECT_PROTO_STR) {
|
|
|
|
|
omd = lws_ss_get_handle_instant_metadata(h, name);
|
|
|
|
|
if (!omd) {
|
|
|
|
|
omd = lws_zalloc(sizeof(*omd), "imetadata");
|
|
|
|
|
if (!omd) {
|
|
|
|
|
lwsl_err("%s OOM\n", __func__);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
omd->name = name;
|
|
|
|
|
omd->next = h->instant_metadata;
|
|
|
|
|
h->instant_metadata = omd;
|
|
|
|
|
}
|
|
|
|
|
omd->value__may_own_heap = (void *)value;
|
2021-08-03 01:42:06 -07:00
|
|
|
omd->length = len;
|
2021-06-10 00:08:37 -07:00
|
|
|
|
|
|
|
|
return 0;
|
2020-10-07 17:51:58 +01:00
|
|
|
}
|
2021-06-10 00:08:37 -07:00
|
|
|
#endif
|
2020-10-07 17:51:58 +01:00
|
|
|
|
2021-06-10 00:08:37 -07:00
|
|
|
lwsl_info("%s: unknown metadata %s\n", __func__, name);
|
|
|
|
|
return 1;
|
2020-10-07 17:51:58 +01:00
|
|
|
}
|
|
|
|
|
|
2021-03-14 10:44:41 +00:00
|
|
|
int
|
|
|
|
|
_lws_ss_alloc_set_metadata(lws_ss_metadata_t *omd, const char *name,
|
|
|
|
|
const void *value, size_t len)
|
|
|
|
|
{
|
|
|
|
|
uint8_t *p;
|
|
|
|
|
int n;
|
|
|
|
|
|
|
|
|
|
if (omd->value_on_lws_heap) {
|
|
|
|
|
lws_free_set_NULL(omd->value__may_own_heap);
|
|
|
|
|
omd->value_on_lws_heap = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = lws_malloc(len, __func__);
|
|
|
|
|
if (!p)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
n = _lws_ss_set_metadata(omd, name, p, len);
|
|
|
|
|
if (n) {
|
|
|
|
|
lws_free(p);
|
|
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(p, value, len);
|
|
|
|
|
|
|
|
|
|
omd->value_on_lws_heap = 1;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
lws_ss_alloc_set_metadata(struct lws_ss_handle *h, const char *name,
|
|
|
|
|
const void *value, size_t len)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *omd = lws_ss_get_handle_metadata(h, name);
|
|
|
|
|
|
2021-08-10 06:35:59 +01:00
|
|
|
lws_service_assert_loop_thread(h->context, h->tsi);
|
|
|
|
|
|
2021-03-14 10:44:41 +00:00
|
|
|
if (!omd) {
|
|
|
|
|
lwsl_info("%s: unknown metadata %s\n", __func__, name);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return _lws_ss_alloc_set_metadata(omd, name, value, len);
|
|
|
|
|
}
|
|
|
|
|
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
int
|
|
|
|
|
lws_ss_get_metadata(struct lws_ss_handle *h, const char *name,
|
|
|
|
|
const void **value, size_t *len)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *omd = lws_ss_get_handle_metadata(h, name);
|
2021-06-10 00:08:37 -07:00
|
|
|
#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
|
|
|
|
|
int n;
|
|
|
|
|
#endif
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
|
2021-08-10 06:35:59 +01:00
|
|
|
lws_service_assert_loop_thread(h->context, h->tsi);
|
|
|
|
|
|
2021-06-10 00:08:37 -07:00
|
|
|
if (omd) {
|
|
|
|
|
*value = omd->value__may_own_heap;
|
|
|
|
|
*len = omd->length;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
|
2022-02-09 11:59:06 +00:00
|
|
|
if (!(h->policy->flags & LWSSSPOLF_DIRECT_PROTO_STR) || !h->wsi)
|
2021-06-10 00:08:37 -07:00
|
|
|
goto bail;
|
|
|
|
|
|
|
|
|
|
n = lws_http_string_to_known_header(name, strlen(name));
|
|
|
|
|
if (n != LWS_HTTP_NO_KNOWN_HEADER) {
|
|
|
|
|
*len = (size_t)lws_hdr_total_length(h->wsi, n);
|
|
|
|
|
if (!*len)
|
|
|
|
|
goto bail;
|
|
|
|
|
*value = lws_hdr_simple_ptr(h->wsi, n);
|
|
|
|
|
if (!*value)
|
|
|
|
|
goto bail;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#if defined(LWS_WITH_CUSTOM_HEADERS)
|
|
|
|
|
n = lws_hdr_custom_length(h->wsi, (const char *)name,
|
|
|
|
|
(int)strlen(name));
|
|
|
|
|
if (n <= 0)
|
|
|
|
|
goto bail;
|
|
|
|
|
*value = lwsac_use(&h->imd_ac, (size_t)(n+1), (size_t)(n+1));
|
|
|
|
|
if (!*value) {
|
|
|
|
|
lwsl_err("%s ac OOM\n", __func__);
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
return 1;
|
|
|
|
|
}
|
2021-06-10 00:08:37 -07:00
|
|
|
if (lws_hdr_custom_copy(h->wsi, (char *)(*value), n+1, name,
|
|
|
|
|
(int)strlen(name))) {
|
|
|
|
|
/* waste n+1 bytes until ss is destryed */
|
|
|
|
|
goto bail;
|
|
|
|
|
}
|
|
|
|
|
*len = (size_t)n;
|
2020-03-26 06:48:34 +00:00
|
|
|
|
|
|
|
|
return 0;
|
2021-06-10 00:08:37 -07:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
bail:
|
|
|
|
|
#endif
|
|
|
|
|
lwsl_info("%s: unknown metadata %s\n", __func__, name);
|
|
|
|
|
|
|
|
|
|
return 1;
|
2020-03-26 06:48:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lws_ss_metadata_t *
|
|
|
|
|
lws_ss_get_handle_metadata(struct lws_ss_handle *h, const char *name)
|
|
|
|
|
{
|
2020-10-04 07:27:22 +01:00
|
|
|
int n;
|
2020-03-26 06:48:34 +00:00
|
|
|
|
2021-08-10 06:35:59 +01:00
|
|
|
lws_service_assert_loop_thread(h->context, h->tsi);
|
|
|
|
|
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
for (n = 0; n < h->policy->metadata_count; n++)
|
|
|
|
|
if (!strcmp(name, h->metadata[n].name))
|
|
|
|
|
return &h->metadata[n];
|
2020-03-26 06:48:34 +00:00
|
|
|
|
ss: rx metadata
At the moment you can define and set per-stream metadata at the client,
which will be string-substituted and if configured in the policy, set in
related outgoing protocol specific content like h1 headers.
This patch extends the metadata concept to also check incoming protocol-
specific content like h1 headers and where it matches the binding in the
streamtype's metadata entry, make it available to the client by name, via
a new lws_ss_get_metadata() api.
Currently warmcat.com has additional headers for
server: lwsws (well-known header name)
test-custom-header: hello (custom header name)
minimal-secure-streams test is updated to try to recover these both
in direct and -client (via proxy) versions. The corresponding metadata
part of the "mintest" stream policy from warmcat.com is
{
"srv": "server:"
}, {
"test": "test-custom-header:"
},
If built direct, or at the proxy, the stream has access to the static
policy metadata definitions and can store the rx metadata in the stream
metadata allocation, with heap-allocated a value. For client side that
talks to a proxy, only the proxy knows the policy, and it returns rx
metadata inside the serialized link to the client, which stores it on
the heap attached to the stream.
In addition an optimization for mapping static policy metadata definitions
to individual stream handle metadata is changed to match by name.
2020-09-10 06:43:43 +01:00
|
|
|
return NULL;
|
2020-03-26 06:48:34 +00:00
|
|
|
}
|
|
|
|
|
|
2021-06-10 00:08:37 -07:00
|
|
|
#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
|
|
|
|
|
lws_ss_metadata_t *
|
|
|
|
|
lws_ss_get_handle_instant_metadata(struct lws_ss_handle *h, const char *name)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *imd = h->instant_metadata;
|
|
|
|
|
|
|
|
|
|
while (imd) {
|
|
|
|
|
if (!strcmp(name, imd->name))
|
|
|
|
|
return imd;
|
|
|
|
|
imd = imd->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
lws_ss_metadata_t *
|
|
|
|
|
lws_ss_policy_metadata(const lws_ss_policy_t *p, const char *name)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *pmd = p->metadata;
|
|
|
|
|
|
|
|
|
|
while (pmd) {
|
|
|
|
|
if (pmd->name && !strcmp(name, pmd->name))
|
|
|
|
|
return pmd;
|
|
|
|
|
pmd = pmd->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lws_ss_metadata_t *
|
|
|
|
|
lws_ss_policy_metadata_index(const lws_ss_policy_t *p, size_t index)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_metadata_t *pmd = p->metadata;
|
|
|
|
|
|
|
|
|
|
while (pmd) {
|
|
|
|
|
if (pmd->length == index)
|
|
|
|
|
return pmd;
|
|
|
|
|
pmd = pmd->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
|
2020-06-01 07:33:37 +01:00
|
|
|
static int
|
|
|
|
|
fe_lws_ss_destroy(struct lws_dll2 *d, void *user)
|
|
|
|
|
{
|
|
|
|
|
lws_ss_handle_t *h = lws_container_of(d, lws_ss_handle_t, list);
|
|
|
|
|
|
|
|
|
|
lws_ss_destroy(&h);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Dynamic policy: we want to one-time create the vhost for the policy and the
|
|
|
|
|
* trust store behind it.
|
|
|
|
|
*
|
|
|
|
|
* Static policy: We want to make use of a trust store / vhost from the policy and add to its
|
|
|
|
|
* ss-refcount.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct lws_vhost *
|
|
|
|
|
lws_ss_policy_ref_trust_store(struct lws_context *context,
|
|
|
|
|
const lws_ss_policy_t *pol, char doref)
|
|
|
|
|
{
|
|
|
|
|
struct lws_context_creation_info i;
|
|
|
|
|
struct lws_vhost *v;
|
|
|
|
|
int n;
|
|
|
|
|
|
|
|
|
|
memset(&i, 0, sizeof(i));
|
|
|
|
|
|
2020-07-27 10:03:12 +01:00
|
|
|
if (!pol->trust.store) {
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
v = lws_get_vhost_by_name(context, "_ss_default");
|
|
|
|
|
if (!v) {
|
|
|
|
|
/* corner case... there's no trust store used */
|
|
|
|
|
i.options = context->options;
|
|
|
|
|
i.vhost_name = "_ss_default";
|
|
|
|
|
i.port = CONTEXT_PORT_NO_LISTEN;
|
|
|
|
|
v = lws_create_vhost(context, &i);
|
|
|
|
|
if (!v) {
|
|
|
|
|
lwsl_err("%s: failed to create vhost %s\n",
|
|
|
|
|
__func__, i.vhost_name);
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
goto accepted;
|
|
|
|
|
}
|
2020-07-27 10:03:12 +01:00
|
|
|
v = lws_get_vhost_by_name(context, pol->trust.store->name);
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
if (v) {
|
2020-08-03 15:56:38 +01:00
|
|
|
lwsl_debug("%s: vh already exists\n", __func__);
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
goto accepted;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
i.options = context->options;
|
2020-07-27 10:03:12 +01:00
|
|
|
i.vhost_name = pol->trust.store->name;
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
lwsl_debug("%s: %s\n", __func__, i.vhost_name);
|
|
|
|
|
#if defined(LWS_WITH_TLS) && defined(LWS_WITH_CLIENT)
|
2020-07-27 10:03:12 +01:00
|
|
|
i.client_ssl_ca_mem = pol->trust.store->ssx509[0]->ca_der;
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
i.client_ssl_ca_mem_len = (unsigned int)
|
2020-07-27 10:03:12 +01:00
|
|
|
pol->trust.store->ssx509[0]->ca_der_len;
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
#endif
|
|
|
|
|
i.port = CONTEXT_PORT_NO_LISTEN;
|
2020-08-26 11:05:41 +01:00
|
|
|
lwsl_info("%s: %s trust store initial '%s'\n", __func__,
|
2020-07-27 10:03:12 +01:00
|
|
|
i.vhost_name, pol->trust.store->ssx509[0]->vhost_name);
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
|
|
|
|
|
v = lws_create_vhost(context, &i);
|
|
|
|
|
if (!v) {
|
|
|
|
|
lwsl_err("%s: failed to create vhost %s\n",
|
|
|
|
|
__func__, i.vhost_name);
|
|
|
|
|
return NULL;
|
|
|
|
|
} else
|
|
|
|
|
v->from_ss_policy = 1;
|
|
|
|
|
|
2020-07-27 10:03:12 +01:00
|
|
|
for (n = 1; v && n < pol->trust.store->count; n++) {
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
lwsl_info("%s: add '%s' to trust store\n", __func__,
|
2020-07-27 10:03:12 +01:00
|
|
|
pol->trust.store->ssx509[n]->vhost_name);
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
#if defined(LWS_WITH_TLS)
|
|
|
|
|
if (lws_tls_client_vhost_extra_cert_mem(v,
|
2020-07-27 10:03:12 +01:00
|
|
|
pol->trust.store->ssx509[n]->ca_der,
|
|
|
|
|
pol->trust.store->ssx509[n]->ca_der_len)) {
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
lwsl_err("%s: add extra cert failed\n",
|
|
|
|
|
__func__);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accepted:
|
2021-10-21 14:44:33 +01:00
|
|
|
#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
if (doref)
|
|
|
|
|
v->ss_refcount++;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return v;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-21 14:44:33 +01:00
|
|
|
#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) || defined(LWS_WITH_SECURE_STREAMS_CPP)
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
int
|
|
|
|
|
lws_ss_policy_unref_trust_store(struct lws_context *context,
|
|
|
|
|
const lws_ss_policy_t *pol)
|
|
|
|
|
{
|
|
|
|
|
struct lws_vhost *v;
|
|
|
|
|
const char *name = "_ss_default";
|
|
|
|
|
|
2020-07-27 10:03:12 +01:00
|
|
|
if (pol->trust.store)
|
|
|
|
|
name = pol->trust.store->name;
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
|
|
|
|
|
v = lws_get_vhost_by_name(context, name);
|
|
|
|
|
if (!v || !v->from_ss_policy)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
assert(v->ss_refcount);
|
|
|
|
|
|
|
|
|
|
v->ss_refcount--;
|
|
|
|
|
if (!v->ss_refcount) {
|
|
|
|
|
lwsl_notice("%s: destroying vh %s\n", __func__, name);
|
|
|
|
|
lws_vhost_destroy(v);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2020-06-01 07:33:37 +01:00
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
int
|
|
|
|
|
lws_ss_policy_set(struct lws_context *context, const char *name)
|
|
|
|
|
{
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
int ret = 0;
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
|
|
|
|
|
struct policy_cb_args *args = (struct policy_cb_args *)context->pol_args;
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
const lws_ss_policy_t *pol;
|
|
|
|
|
struct lws_vhost *v;
|
2020-03-26 06:48:34 +00:00
|
|
|
lws_ss_x509_t *x;
|
|
|
|
|
char buf[16];
|
|
|
|
|
int m;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Parsing seems to have succeeded, and we're going to use the new
|
|
|
|
|
* policy that's laid out in args->ac
|
|
|
|
|
*/
|
|
|
|
|
|
2021-09-22 06:11:19 +01:00
|
|
|
if (!args)
|
|
|
|
|
return 1;
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
lejp_destruct(&args->jctx);
|
|
|
|
|
|
|
|
|
|
if (context->ac_policy) {
|
2020-06-01 07:33:37 +01:00
|
|
|
int n;
|
|
|
|
|
|
2021-01-06 15:08:22 +00:00
|
|
|
#if defined(LWS_WITH_SYS_METRICS)
|
|
|
|
|
lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1,
|
|
|
|
|
context->owner_mtr_dynpol.head) {
|
|
|
|
|
lws_metric_policy_dyn_t *dm =
|
|
|
|
|
lws_container_of(d, lws_metric_policy_dyn_t, list);
|
|
|
|
|
|
|
|
|
|
lws_metric_policy_dyn_destroy(dm, 1); /* keep */
|
|
|
|
|
|
|
|
|
|
} lws_end_foreach_dll_safe(d, d1);
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-06-01 07:33:37 +01:00
|
|
|
/*
|
|
|
|
|
* any existing ss created with the old policy have to go away
|
|
|
|
|
* now, since they point to the shortly-to-be-destroyed old
|
|
|
|
|
* policy
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
for (n = 0; n < context->count_threads; n++) {
|
|
|
|
|
struct lws_context_per_thread *pt = &context->pt[n];
|
|
|
|
|
|
|
|
|
|
lws_dll2_foreach_safe(&pt->ss_owner, NULL, fe_lws_ss_destroy);
|
|
|
|
|
}
|
2020-03-26 06:48:34 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* So this is a bit fun-filled, we already had a policy in
|
|
|
|
|
* force, perhaps it was the default policy that's just good for
|
|
|
|
|
* fetching the real policy, and we're doing that now.
|
|
|
|
|
*
|
|
|
|
|
* We can destroy all the policy-related direct allocations
|
|
|
|
|
* easily because they're cleanly in a single lwsac...
|
|
|
|
|
*/
|
|
|
|
|
lwsac_free(&context->ac_policy);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ...but when we did the trust stores, we created vhosts for
|
|
|
|
|
* each. We need to destroy those now too, and recreate new
|
|
|
|
|
* ones from the new policy, perhaps with different X.509s.
|
2021-01-22 09:11:22 +00:00
|
|
|
*
|
|
|
|
|
* Vhost destruction is inherently async, it can't be destroyed
|
|
|
|
|
* until all of the wsi bound to it have closed, and, eg, libuv
|
|
|
|
|
* means their closure is deferred until a later go around the
|
|
|
|
|
* event loop. SMP means we also have to wait for all the pts
|
|
|
|
|
* to close their wsis that are bound on the vhost too.
|
|
|
|
|
*
|
|
|
|
|
* This marks the vhost as being destroyed so new things won't
|
|
|
|
|
* use it, and starts the close of all wsi on this pt that are
|
|
|
|
|
* bound to the wsi, and deals with the listen socket if any.
|
|
|
|
|
* "being-destroyed" vhosts can't be found using get_vhost_by_
|
|
|
|
|
* name(), so if a new vhost of the same name exists that isn't
|
|
|
|
|
* being destroyed that will be the one found.
|
|
|
|
|
*
|
|
|
|
|
* When the number of wsi bound to the vhost gets to zero a
|
|
|
|
|
* short time later, the vhost is actually destroyed.
|
2020-03-26 06:48:34 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
v = context->vhost_list;
|
|
|
|
|
while (v) {
|
|
|
|
|
if (v->from_ss_policy) {
|
|
|
|
|
struct lws_vhost *vh = v->vhost_next;
|
2020-12-25 05:54:19 +00:00
|
|
|
lwsl_debug("%s: destroying %s\n", __func__, lws_vh_tag(v));
|
2020-03-26 06:48:34 +00:00
|
|
|
lws_vhost_destroy(v);
|
|
|
|
|
v = vh;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
v = v->vhost_next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
context->pss_policies = args->heads[LTY_POLICY].p;
|
|
|
|
|
context->ac_policy = args->ac;
|
|
|
|
|
|
|
|
|
|
lws_humanize(buf, sizeof(buf), lwsac_total_alloc(args->ac),
|
|
|
|
|
humanize_schema_si_bytes);
|
|
|
|
|
if (lwsac_total_alloc(args->ac))
|
|
|
|
|
m = (int)((lwsac_total_overhead(args->ac) * 100) /
|
|
|
|
|
lwsac_total_alloc(args->ac));
|
|
|
|
|
else
|
|
|
|
|
m = 0;
|
|
|
|
|
|
2020-09-29 16:52:32 +01:00
|
|
|
(void)m;
|
2020-05-14 21:28:48 +01:00
|
|
|
lwsl_info("%s: %s, pad %d%c: %s\n", __func__, buf, m, '%', name);
|
2020-03-26 06:48:34 +00:00
|
|
|
|
|
|
|
|
/* Create vhosts for each type of trust store */
|
|
|
|
|
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
/*
|
|
|
|
|
* We get called from context creation... instantiates
|
|
|
|
|
* vhosts with client tls contexts set up for each unique CA.
|
|
|
|
|
*
|
2020-07-27 10:03:12 +01:00
|
|
|
* We create the vhosts by walking streamtype list and create vhosts
|
|
|
|
|
* using trust store name if it's a client connection that doesn't
|
|
|
|
|
* already exist.
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
*/
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
pol = context->pss_policies;
|
|
|
|
|
while (pol) {
|
2020-07-27 10:03:12 +01:00
|
|
|
if (!(pol->flags & LWSSSPOLF_SERVER)) {
|
|
|
|
|
v = lws_ss_policy_ref_trust_store(context, pol,
|
ss: static policy: dynamic vhost instantiation
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.
However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.
This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.
If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.
Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection. The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time. It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.
NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-20 07:28:28 +01:00
|
|
|
0 /* no refcount inc */);
|
2020-07-27 10:03:12 +01:00
|
|
|
if (!v)
|
|
|
|
|
ret = 1;
|
|
|
|
|
}
|
2020-03-26 06:48:34 +00:00
|
|
|
|
|
|
|
|
pol = pol->next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if defined(LWS_WITH_SOCKS5)
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ... we need to go through every vhost updating its understanding of
|
|
|
|
|
* which socks5 proxy to use...
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
v = context->vhost_list;
|
|
|
|
|
while (v) {
|
|
|
|
|
lws_set_socks(v, args->socks5_proxy);
|
|
|
|
|
v = v->vhost_next;
|
|
|
|
|
}
|
|
|
|
|
if (context->vhost_system)
|
|
|
|
|
lws_set_socks(context->vhost_system, args->socks5_proxy);
|
|
|
|
|
|
|
|
|
|
if (args->socks5_proxy)
|
|
|
|
|
lwsl_notice("%s: global socks5 proxy: %s\n", __func__,
|
|
|
|
|
args->socks5_proxy);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* For dynamic policy case, now we processed the x.509 CAs, we can free
|
|
|
|
|
* all of our originals. For static policy, they're in .rodata, nothing
|
|
|
|
|
* to free.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
x = args->heads[LTY_X509].x;
|
|
|
|
|
while (x) {
|
|
|
|
|
/*
|
2020-07-27 10:03:12 +01:00
|
|
|
* Free all the client DER buffers now they have been parsed
|
|
|
|
|
* into tls library X.509 objects
|
2020-03-26 06:48:34 +00:00
|
|
|
*/
|
2020-07-27 10:03:12 +01:00
|
|
|
if (!x->keep) { /* used for server */
|
|
|
|
|
lws_free((void *)x->ca_der);
|
|
|
|
|
x->ca_der = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
x = x->next;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-06 15:08:22 +00:00
|
|
|
context->last_policy = time(NULL);
|
|
|
|
|
#if defined(LWS_WITH_SYS_METRICS)
|
|
|
|
|
if (context->pss_policies)
|
|
|
|
|
((lws_ss_policy_t *)context->pss_policies)->metrics =
|
|
|
|
|
args->heads[LTY_METRICS].m;
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
/* and we can discard the parsing args object now, invalidating args */
|
|
|
|
|
|
|
|
|
|
lws_free_set_NULL(context->pol_args);
|
|
|
|
|
#endif
|
|
|
|
|
|
2021-01-06 15:08:22 +00:00
|
|
|
#if defined(LWS_WITH_SYS_METRICS)
|
|
|
|
|
lws_metric_rebind_policies(context);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(LWS_WITH_SYS_SMD)
|
|
|
|
|
(void)lws_smd_msg_printf(context, LWSSMDCL_SYSTEM_STATE,
|
|
|
|
|
"{\"policy\":\"updated\",\"ts\":%lu}",
|
|
|
|
|
(long)context->last_policy);
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-03-26 06:48:34 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|