Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/lib/secure-streams/protocols/ss-mqtt.c

533 lines
15 KiB
C
Raw Normal View History

client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
/*
* libwebsockets - small server side websockets and web server implementation
*
mqtt: Setting the CONNECTED state only when SUBACK is received Setting the CONNECTED state only when SUBACK is received if the stream has defined a subscription topic. This is to avoid SS from sending out SUBSCRIBE right after CONNACK, even when the connection is not valid.
2021-03-22 11:58:28 -07:00
* Copyright (C) 2019 - 2021 Andy Green <andy@warmcat.com>
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
#include <private-lib-core.h>
static int
secstream_mqtt(struct lws *wsi, enum lws_callback_reasons reason, void *user,
void *in, size_t len)
{
lws_ss_handle_t *h = (lws_ss_handle_t *)lws_get_opaque_user_data(wsi);
lws_mqtt_publish_param_t mqpp, *pmqpp;
uint8_t buf[LWS_PRE + 1400];
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
lws_ss_state_return_t r;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
size_t buflen;
ss: formalize user cb retcodes It's not safe to destroy objects inside a callback from a parent that still has references to the object. Formalize what the user code can indicate by its return code from the callback functions and provide the implementations at the parents. - LWSSSSRET_OK: no action, OK - LWSSSSRET_DISCONNECT_ME: disconnect the underlying connection - LWSSSSRET_DESTROY_ME: destroy the ss object - LWSSSSRET_TX_DONT_SEND: for tx, give up the tx opportunity since nothing to send
2020-06-01 07:33:37 +01:00
int f = 0;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
switch (reason) {
/* because we are protocols[0] ... */
case LWS_CALLBACK_CLIENT_CONNECTION_ERROR:
lwsl_info("%s: CLIENT_CONNECTION_ERROR: %s\n", __func__,
in ? (char *)in : "(null)");
if (!h)
break;
ss: sspc: add conmon performance telemetry This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure Streams, it works the same with direct onward connections or via the proxy. You can mark streamtypes with a "perf": true policy attribute... this causes the onward connections on those streamtypes to collect information about the connection performance, and the unsorted DNS results. Streams with that policy attribute receive extra data in their rx callback, with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the performance of the onward connection taken from CONMON data, in a JSON representation. Streams without the "perf" attribute set never receive this extra rx. The received JSON is based on the CONMON struct info and looks like {"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]} A new minimal example minimal-secure-streams-perf is added that collects this data on an HTTP GET from warmcat.com, and is built with a -client version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates via the ss proxy and produces the same result at the client.
2021-03-31 13:20:34 +01:00
conmon: only build if WITH_CONMON
2021-08-03 15:25:39 +08:00
#if defined(LWS_WITH_CONMON)
ss: sspc: add conmon performance telemetry This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure Streams, it works the same with direct onward connections or via the proxy. You can mark streamtypes with a "perf": true policy attribute... this causes the onward connections on those streamtypes to collect information about the connection performance, and the unsorted DNS results. Streams with that policy attribute receive extra data in their rx callback, with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the performance of the onward connection taken from CONMON data, in a JSON representation. Streams without the "perf" attribute set never receive this extra rx. The received JSON is based on the CONMON struct info and looks like {"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]} A new minimal example minimal-secure-streams-perf is added that collects this data on an HTTP GET from warmcat.com, and is built with a -client version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates via the ss proxy and produces the same result at the client.
2021-03-31 13:20:34 +01:00
lws_conmon_ss_json(h);
conmon: only build if WITH_CONMON
2021-08-03 15:25:39 +08:00
#endif
ss: sspc: add conmon performance telemetry This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure Streams, it works the same with direct onward connections or via the proxy. You can mark streamtypes with a "perf": true policy attribute... this causes the onward connections on those streamtypes to collect information about the connection performance, and the unsorted DNS results. Streams with that policy attribute receive extra data in their rx callback, with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the performance of the onward connection taken from CONMON data, in a JSON representation. Streams without the "perf" attribute set never receive this extra rx. The received JSON is based on the CONMON struct info and looks like {"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]} A new minimal example minimal-secure-streams-perf is added that collects this data on an HTTP GET from warmcat.com, and is built with a -client version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates via the ss proxy and produces the same result at the client.
2021-03-31 13:20:34 +01:00
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = lws_ss_event_helper(h, LWSSSCS_UNREACHABLE);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
h->wsi = NULL;
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
if (h->u.mqtt.heap_baggage) {
lws_free(h->u.mqtt.heap_baggage);
h->u.mqtt.heap_baggage = NULL;
}
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
if (r == LWSSSSRET_DESTROY_ME)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = lws_ss_backoff(h);
if (r != LWSSSSRET_OK)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
break;
case LWS_CALLBACK_MQTT_CLIENT_CLOSED:
if (!h)
break;
ss: add timeout
2020-06-30 16:42:37 +01:00
lws_sul_cancel(&h->sul_timeout);
conmon: only build if WITH_CONMON
2021-08-03 15:25:39 +08:00
#if defined(LWS_WITH_CONMON)
ss: sspc: add conmon performance telemetry This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure Streams, it works the same with direct onward connections or via the proxy. You can mark streamtypes with a "perf": true policy attribute... this causes the onward connections on those streamtypes to collect information about the connection performance, and the unsorted DNS results. Streams with that policy attribute receive extra data in their rx callback, with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the performance of the onward connection taken from CONMON data, in a JSON representation. Streams without the "perf" attribute set never receive this extra rx. The received JSON is based on the CONMON struct info and looks like {"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]} A new minimal example minimal-secure-streams-perf is added that collects this data on an HTTP GET from warmcat.com, and is built with a -client version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates via the ss proxy and produces the same result at the client.
2021-03-31 13:20:34 +01:00
lws_conmon_ss_json(h);
conmon: only build if WITH_CONMON
2021-08-03 15:25:39 +08:00
#endif
ss: mqtt: Avoid CONNECTING to DISCONNECTED transition Check previous states with 'ss_dangling_connected'. If it did not visit CONNECTED, transit to UNREACHABLE instead of DISCONNECTED.
2021-04-13 08:23:13 -07:00
if (h->ss_dangling_connected)
r = lws_ss_event_helper(h, LWSSSCS_DISCONNECTED);
else
r = lws_ss_event_helper(h, LWSSSCS_UNREACHABLE);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
if (h->wsi)
lws_set_opaque_user_data(h->wsi, NULL);
h->wsi = NULL;
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
if (h->u.mqtt.heap_baggage) {
lws_free(h->u.mqtt.heap_baggage);
h->u.mqtt.heap_baggage = NULL;
}
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
if (r)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
if (h->policy && !(h->policy->flags & LWSSSPOLF_OPPORTUNISTIC) &&
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
!h->txn_ok && !wsi->a.context->being_destroyed) {
r = lws_ss_backoff(h);
if (r != LWSSSSRET_OK)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
break;
case LWS_CALLBACK_MQTT_CLIENT_ESTABLISHED:
/*
* Make sure the handle wsi points to the stream wsi not the
* original nwsi, in the case it was migrated
*/
h->wsi = wsi;
h->retry = 0;
h->seqstate = SSSEQ_CONNECTED;
mqtt: Setting the CONNECTED state only when SUBACK is received Setting the CONNECTED state only when SUBACK is received if the stream has defined a subscription topic. This is to avoid SS from sending out SUBSCRIBE right after CONNACK, even when the connection is not valid.
2021-03-22 11:58:28 -07:00
/*
* If a subscribe is pending on the stream, then make
* sure the SUBSCRIBE is done before signaling the
* user application.
*/
if (h->policy->u.mqtt.subscribe &&
!wsi->mqtt->done_subscribe) {
lws_callback_on_writable(wsi);
break;
}
sul: multiple timer domains Adapt the pt sul owner list to be an array, and define two different lists, one that acts like before and is the default for existing users, and another that has the ability to cooperate with systemwide suspend to restrict the interval spent suspended so that it will wake in time for the earliest thing on this wake-suspend sul list. Clean the api a bit and add lws_sul_cancel() that only needs the sul as the argument. Add a flag for client creation info to indicate that this client connection is important enough that, eg, validity checking it to detect silently dead connections should go on the wake-suspend sul list. That flag is exposed in secure streams policy so it can be added to a streamtype with "swake_validity": true Deprecate out the old vhost timer stuff that predates sul. Add a flag LWS_WITH_DEPRECATED_THINGS in cmake so users can get it back temporarily before it will be removed in a v4.2. Adapt all remaining in-tree users of it to use explicit suls.
2020-05-28 12:48:17 +01:00
lws_sul_cancel(&h->sul);
lws_metrics There are a few build options that are trying to keep and report various statistics - DETAILED_LATENCY - SERVER_STATUS - WITH_STATS remove all those and establish a generic rplacement, lws_metrics. lws_metrics makes its stats available via an lws_system ops function pointer that the user code can set. Openmetrics export is supported, for, eg, prometheus scraping.
2021-01-06 15:08:22 +00:00
#if defined(LWS_WITH_SYS_METRICS)
/*
* If any hanging caliper measurement, dump it, and free any tags
*/
lws_metrics_caliper_report_hist(h->cal_txn, (struct lws *)NULL);
#endif
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = lws_ss_event_helper(h, LWSSSCS_CONNECTED);
if (r != LWSSSSRET_OK)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
if (h->policy->u.mqtt.topic)
lws_callback_on_writable(wsi);
break;
case LWS_CALLBACK_MQTT_CLIENT_RX:
// lwsl_user("LWS_CALLBACK_CLIENT_RECEIVE: read %d\n", (int)len);
ss: allow NULL cbs Some streamtypes do not pass or receive payload meaningfully. Allow them to just leave their related cb NULL. Ditto for state, although I'm not sure how useful such a streamtype can be.
2020-06-01 07:17:48 +01:00
if (!h || !h->info.rx)
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0;
pmqpp = (lws_mqtt_publish_param_t *)in;
f = 0;
if (!pmqpp->payload_pos)
f |= LWSSS_FLAG_SOM;
if (pmqpp->payload_pos + len == pmqpp->payload_len)
f |= LWSSS_FLAG_EOM;
h->subseq = 1;
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = h->info.rx(ss_to_userobj(h), (const uint8_t *)pmqpp->payload,
len, f);
if (r != LWSSSSRET_OK)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0; /* don't passthru */
case LWS_CALLBACK_MQTT_SUBSCRIBED:
mqtt: Setting the CONNECTED state only when SUBACK is received Setting the CONNECTED state only when SUBACK is received if the stream has defined a subscription topic. This is to avoid SS from sending out SUBSCRIBE right after CONNACK, even when the connection is not valid.
2021-03-22 11:58:28 -07:00
/*
* Stream demanded a subscribe while connecting, once
* done notify CONNECTED event to the application.
*/
if (wsi->mqtt->done_subscribe == 0) {
lws_sul_cancel(&h->sul);
r = lws_ss_event_helper(h, LWSSSCS_CONNECTED);
if (r != LWSSSSRET_OK)
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r,
wsi, &h);
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
wsi->mqtt->done_subscribe = 1;
lws_callback_on_writable(wsi);
break;
case LWS_CALLBACK_MQTT_ACK:
ss: add timeout
2020-06-30 16:42:37 +01:00
lws_sul_cancel(&h->sul_timeout);
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = lws_ss_event_helper(h, LWSSSCS_QOS_ACK_REMOTE);
if (r != LWSSSSRET_OK)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
break;
case LWS_CALLBACK_MQTT_CLIENT_WRITEABLE:
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
{
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
size_t used_in, used_out, topic_limit;
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
lws_strexp_t exp;
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
char *expbuf;
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
ss: allow NULL cbs Some streamtypes do not pass or receive payload meaningfully. Allow them to just leave their related cb NULL. Ditto for state, although I'm not sure how useful such a streamtype can be.
2020-06-01 07:17:48 +01:00
if (!h || !h->info.tx)
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0;
lws_lifecycle This adds some new objects and helpers for keeping and logging info on grouped allocations, a group is, eg, SS handles or client wsis. Allocated objects get a context-unique "tag" string intended to replace %p / wsi pointers etc. Pointers quickly become confusing when allocations are freed and reused, the tag string won't repeat until you produce 2^64 objects in a context. In addition the tag string documents the object group, with prefixes like "wsi-" or "vh-" and contain object-specific additional information like the vhost name, address / port or the role of the wsi. At creation time the lws code can use a format string and args to add whatever group-specific info makes sense, eg, a wsi bound to a secure stream can also append the guid of the secure stream, it's copied into the new object tag and so is still available cleanly after the stream is destroyed if the wsi outlives it.
2020-12-25 05:54:19 +00:00
lwsl_notice("%s: %s: WRITEABLE\n", __func__, lws_ss_tag(h));
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
if (h->seqstate != SSSEQ_CONNECTED) {
lwsl_warn("%s: seqstate %d\n", __func__, h->seqstate);
break;
}
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
if (h->policy->u.mqtt.aws_iot)
topic_limit = LWS_MQTT_MAX_AWSIOT_TOPICLEN;
else
topic_limit = LWS_MQTT_MAX_TOPICLEN;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
if (h->policy->u.mqtt.subscribe &&
!wsi->mqtt->done_subscribe) {
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata,
NULL, topic_limit);
/*
* Expand with no output first to calculate the size of
* expanded string then, allocate new buffer and expand
* again with the buffer
*/
if (lws_strexp_expand(&exp, h->policy->u.mqtt.subscribe,
strlen(h->policy->u.mqtt.subscribe),
&used_in, &used_out) != LSTRX_DONE) {
lwsl_err("%s, failed to expand MQTT subscribe"
" topic with no output\n", __func__);
return 1;
}
expbuf = lws_malloc(used_out + 1, __func__);
if (!expbuf) {
lwsl_err("%s, failed to allocate MQTT subscribe"
"topic", __func__);
return 1;
}
lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata,
expbuf, used_out);
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
if (lws_strexp_expand(&exp, h->policy->u.mqtt.subscribe,
strlen(h->policy->u.mqtt.subscribe),
mqtt: wildcard topic and topic to 256 chars Adding supports to MQTT wildcard support, topic to 256 chars, incorrect topic validation.
2021-03-22 12:38:08 -07:00
&used_in, &used_out) != LSTRX_DONE) {
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lwsl_err("%s, failed to expand MQTT subscribe topic\n",
mqtt: wildcard topic and topic to 256 chars Adding supports to MQTT wildcard support, topic to 256 chars, incorrect topic validation.
2021-03-22 12:38:08 -07:00
__func__);
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_free(expbuf);
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
return 1;
mqtt: wildcard topic and topic to 256 chars Adding supports to MQTT wildcard support, topic to 256 chars, incorrect topic validation.
2021-03-22 12:38:08 -07:00
}
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
lwsl_notice("%s, expbuf - %s\n", __func__, expbuf);
h->u.mqtt.sub_top.name = expbuf;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
/*
* The policy says to subscribe to something, and we
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
* haven't done it yet. Do it using the pre-prepared
* string-substituted version of the policy string.
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
*/
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
lwsl_notice("%s: subscribing %s\n", __func__,
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
h->u.mqtt.sub_top.name);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
h->u.mqtt.sub_top.qos = h->policy->u.mqtt.qos;
memset(&h->u.mqtt.sub_info, 0, sizeof(h->u.mqtt.sub_info));
h->u.mqtt.sub_info.num_topics = 1;
h->u.mqtt.sub_info.topic = &h->u.mqtt.sub_top;
if (lws_mqtt_client_send_subcribe(wsi, &h->u.mqtt.sub_info)) {
lwsl_notice("%s: unable to subscribe", __func__);
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_free(expbuf);
h->u.mqtt.sub_top.name = NULL;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return -1;
}
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_free(expbuf);
h->u.mqtt.sub_top.name = NULL;
mqtt: Setting the CONNECTED state only when SUBACK is received Setting the CONNECTED state only when SUBACK is received if the stream has defined a subscription topic. This is to avoid SS from sending out SUBSCRIBE right after CONNACK, even when the connection is not valid.
2021-03-22 11:58:28 -07:00
/* Expect a SUBACK */
if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) {
lwsl_err("%s: Unable to set LWS_POLLIN\n", __func__);
return -1;
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0;
}
buflen = sizeof(buf) - LWS_PRE;
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
r = h->info.tx(ss_to_userobj(h), h->txord++, buf + LWS_PRE,
&buflen, &f);
if (r == LWSSSSRET_TX_DONT_SEND)
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0;
ss: improve callback return consistency Formalize the LWSSSSRET_ enums into a type "lws_ss_state_return_t" returned by the rx, tx and state callbacks, and some private helpers lws_ss_backoff() and lws_ss_event_helper(). Remove LWSSSSRET_SS_HANDLE_DESTROYED concept... the two helpers that could have destroyed the ss and returned that, now return LWSSSSRET_DESTROY_ME to the caller to perform or pass up to their caller instead. Handle helper returns in all the ss protocols and update the rx / tx calls to have their returns from rx / tx / event helper and ss backoff all handled by unified code.
2020-08-26 11:05:41 +01:00
if (r < 0)
ss: client_connect and request_tx also return dispositions Since client_connect and request_tx can be called from code that expects the ss handle to be in scope, these calls can't deal with destroying the ss handle and must pass the lws_ss_state_return_t disposition back to the caller to handle.
2020-12-22 15:56:41 +00:00
return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
memset(&mqpp, 0, sizeof(mqpp));
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
/* this is the string-substituted h->policy->u.mqtt.topic */
mqpp.topic = (char *)h->u.mqtt.topic_qos.name;
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_strexp_init(&exp, h, lws_ss_exp_cb_metadata, NULL,
topic_limit);
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
if (lws_strexp_expand(&exp, h->policy->u.mqtt.topic,
strlen(h->policy->u.mqtt.topic),
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
&used_in, &used_out) != LSTRX_DONE) {
lwsl_err("%s, failed to expand MQTT publish"
" topic with no output\n", __func__);
return 1;
}
expbuf = lws_malloc(used_out + 1, __func__);
if (!expbuf) {
lwsl_err("%s, failed to allocate MQTT publish topic",
__func__);
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
return 1;
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
}
lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata, expbuf,
used_out);
if (lws_strexp_expand(&exp, h->policy->u.mqtt.topic,
strlen(h->policy->u.mqtt.topic), &used_in,
&used_out) != LSTRX_DONE) {
lws_free(expbuf);
return 1;
}
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
lwsl_notice("%s, expbuf - %s\n", __func__, expbuf);
mqpp.topic = (char *)expbuf;
type comparisons: fixes This is a huge patch that should be a global NOP. For unix type platforms it enables -Wconversion to issue warnings (-> error) for all automatic casts that seem less than ideal but are normally concealed by the toolchain. This is things like passing an int to a size_t argument. Once enabled, I went through all args on my default build (which build most things) and tried to make the removed default cast explicit. With that approach it neither change nor bloat the code, since it compiles to whatever it was doing before, just with the casts made explicit... in a few cases I changed some length args from int to size_t but largely left the causes alone. From now on, new code that is relying on less than ideal casting will complain and nudge me to improve it by warnings.
2020-12-12 06:21:40 +00:00
mqpp.topic_len = (uint16_t)strlen(mqpp.topic);
mqpp.packet_id = (uint16_t)(h->txord - 1);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
mqpp.payload = buf + LWS_PRE;
if (h->writeable_len)
type comparisons: fixes This is a huge patch that should be a global NOP. For unix type platforms it enables -Wconversion to issue warnings (-> error) for all automatic casts that seem less than ideal but are normally concealed by the toolchain. This is things like passing an int to a size_t argument. Once enabled, I went through all args on my default build (which build most things) and tried to make the removed default cast explicit. With that approach it neither change nor bloat the code, since it compiles to whatever it was doing before, just with the casts made explicit... in a few cases I changed some length args from int to size_t but largely left the causes alone. From now on, new code that is relying on less than ideal casting will complain and nudge me to improve it by warnings.
2020-12-12 06:21:40 +00:00
mqpp.payload_len = (uint32_t)h->writeable_len;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
else
type comparisons: fixes This is a huge patch that should be a global NOP. For unix type platforms it enables -Wconversion to issue warnings (-> error) for all automatic casts that seem less than ideal but are normally concealed by the toolchain. This is things like passing an int to a size_t argument. Once enabled, I went through all args on my default build (which build most things) and tried to make the removed default cast explicit. With that approach it neither change nor bloat the code, since it compiles to whatever it was doing before, just with the casts made explicit... in a few cases I changed some length args from int to size_t but largely left the causes alone. From now on, new code that is relying on less than ideal casting will complain and nudge me to improve it by warnings.
2020-12-12 06:21:40 +00:00
mqpp.payload_len = (uint32_t)buflen;
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
lwsl_notice("%s: payload len %d\n", __func__,
(int)mqpp.payload_len);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
mqpp.qos = h->policy->u.mqtt.qos;
if (lws_mqtt_client_send_publish(wsi, &mqpp,
type comparisons: fixes This is a huge patch that should be a global NOP. For unix type platforms it enables -Wconversion to issue warnings (-> error) for all automatic casts that seem less than ideal but are normally concealed by the toolchain. This is things like passing an int to a size_t argument. Once enabled, I went through all args on my default build (which build most things) and tried to make the removed default cast explicit. With that approach it neither change nor bloat the code, since it compiles to whatever it was doing before, just with the casts made explicit... in a few cases I changed some length args from int to size_t but largely left the causes alone. From now on, new code that is relying on less than ideal casting will complain and nudge me to improve it by warnings.
2020-12-12 06:21:40 +00:00
(const char *)buf + LWS_PRE,
(uint32_t)buflen,
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
f & LWSSS_FLAG_EOM)) {
lwsl_notice("%s: failed to publish\n", __func__);
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_free(expbuf);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return -1;
}
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
lws_free(expbuf);
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
return 0;
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
default:
break;
}
return lws_callback_http_dummy(wsi, reason, user, in, len);
}
const struct lws_protocols protocol_secstream_mqtt = {
"lws-secstream-mqtt",
secstream_mqtt,
0,
0,
};
/*
* Munge connect info according to protocol-specific considerations... this
* usually means interpreting aux in a protocol-specific way and using the
* pieces at connection setup time, eg, http url pieces.
*
* len bytes of buf can be used for things with scope until after the actual
* connect.
*
* For ws, protocol aux is <url path>;<ws subprotocol name>
*/
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
enum {
SSCMM_STRSUB_WILL_TOPIC,
SSCMM_STRSUB_WILL_MESSAGE,
SSCMM_STRSUB_SUBSCRIBE,
SSCMM_STRSUB_TOPIC
};
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
static int
secstream_connect_munge_mqtt(lws_ss_handle_t *h, char *buf, size_t len,
struct lws_client_connect_info *i,
union lws_ss_contemp *ct)
{
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
const char *sources[4] = {
/* we're going to string-substitute these before use */
h->policy->u.mqtt.will_topic,
h->policy->u.mqtt.will_message,
h->policy->u.mqtt.subscribe,
h->policy->u.mqtt.topic
};
size_t used_in, olen[4] = { 0, 0, 0, 0 }, tot = 0;
lws_strexp_t exp;
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
char *ps[4];
uint8_t *p = NULL;
int n = -1;
size_t blen;
lws_system_blob_t *b = NULL;
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
memset(&ct->ccp, 0, sizeof(ct->ccp));
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
b = lws_system_get_blob(i->context,
LWS_SYSBLOB_TYPE_MQTT_CLIENT_ID, 0);
/* If LWS_SYSBLOB_TYPE_MQTT_CLIENT_ID is set */
if (b && (blen = lws_system_blob_get_size(b))) {
if (blen > LWS_MQTT_MAX_CIDLEN) {
lwsl_err("%s - Client ID too long.\n",
__func__);
return -1;
}
p = (uint8_t *)lws_zalloc(blen+1, __func__);
n = lws_system_blob_get(b, p, &blen, 0);
if (n) {
ct->ccp.client_id = NULL;
} else {
ct->ccp.client_id = (const char *)p;
lwsl_notice("%s - Client ID = %s\n",
__func__, ct->ccp.client_id);
}
} else {
/* Default (Random) client ID */
ct->ccp.client_id = NULL;
}
b = lws_system_get_blob(i->context,
LWS_SYSBLOB_TYPE_MQTT_USERNAME, 0);
/* If LWS_SYSBLOB_TYPE_MQTT_USERNAME is set */
if (b && (blen = lws_system_blob_get_size(b))) {
p = (uint8_t *)lws_zalloc(blen+1, __func__);
n = lws_system_blob_get(b, p, &blen, 0);
if (n) {
ct->ccp.username = NULL;
} else {
ct->ccp.username = (const char *)p;
lwsl_notice("%s - Username ID = %s\n",
__func__, ct->ccp.username);
}
}
b = lws_system_get_blob(i->context,
LWS_SYSBLOB_TYPE_MQTT_PASSWORD, 0);
/* If LWS_SYSBLOB_TYPE_MQTT_PASSWORD is set */
if (b && (blen = lws_system_blob_get_size(b))) {
p = (uint8_t *)lws_zalloc(blen+1, __func__);
n = lws_system_blob_get(b, p, &blen, 0);
if (n) {
ct->ccp.password = NULL;
} else {
ct->ccp.password = (const char *)p;
lwsl_notice("%s - Password ID = %s\n",
__func__, ct->ccp.password);
}
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
ss: mqtt: add will and other sundries to policy Replace the hacked-in constants with policy entries for sundry MQTT features, and add to the policy readme.
2020-03-02 15:23:59 +00:00
ct->ccp.keep_alive = h->policy->u.mqtt.keep_alive;
ct->ccp.clean_start = h->policy->u.mqtt.clean_start;
ct->ccp.will_param.qos = h->policy->u.mqtt.will_qos;
ct->ccp.will_param.retain = h->policy->u.mqtt.will_retain;
mqtt: topic validation for different mqtt servers AWS IoT enforces limits topic level and length. If 'aws_iot' is set on the policy, the topic limits will be enforced for AWS IoT.
2021-03-29 07:46:14 -07:00
ct->ccp.aws_iot = h->policy->u.mqtt.aws_iot;
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
h->u.mqtt.topic_qos.qos = h->policy->u.mqtt.qos;
/*
* We're going to string-substitute several of these parameters, which
* have unknown, possibly large size. And, as their usage is deferred
* inside the asynchronous lifetime of the MQTT connection, they need
* to live on the heap.
*
* Notice these allocations at h->u.mqtt.heap_baggage belong to the
* underlying MQTT stream lifetime, not the logical SS lifetime, and
* are destroyed if present at connection error or close of the
* underlying connection.
*
*
* First, compute the length of each without producing strsubst output,
* and keep a running total.
*/
for (n = 0; n < (int)LWS_ARRAY_SIZE(sources); n++) {
lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata,
NULL, (size_t)-1);
if (lws_strexp_expand(&exp, sources[n], strlen(sources[n]),
&used_in, &olen[n]) != LSTRX_DONE) {
lwsl_err("%s: failed to subsitute %s\n", __func__,
sources[n]);
return 1;
}
tot += olen[n] + 1;
}
/*
* Then, allocate enough space on the heap for the total of the
* substituted results
*/
h->u.mqtt.heap_baggage = lws_malloc(tot, __func__);
if (!h->u.mqtt.heap_baggage)
return 1;
/*
* Finally, issue the subsitutions one after the other into the single
* allocated result buffer and prepare pointers into them
*/
p = h->u.mqtt.heap_baggage;
for (n = 0; n < (int)LWS_ARRAY_SIZE(sources); n++) {
lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata,
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
(char *)p, (size_t)-1);
mqtt: handle NULL mqtt publish metadata
2021-07-08 10:11:09 +01:00
if (!sources[n]) {
ps[n] = NULL;
continue;
}
mqtt: lws_system blobs for password username
2020-11-17 16:29:48 +00:00
ps[n] = (char *)p;
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
if (lws_strexp_expand(&exp, sources[n], strlen(sources[n]),
&used_in, &olen[n]) != LSTRX_DONE)
return 1;
p += olen[n] + 1;
}
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
/*
* Point the guys who want the substituted content at the substituted
* strings
*/
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
ss-mqtt: additional strexp in MQTT policy elements Allow usage of ${metadata} string substitution in more policy elements for MQTT: - associated subscription topic in policy - associated publish topic in policy - associated will topic in policy - associated will message in policy Tested against lws-minimal-mqtt-client-multi / mosquitto
2020-06-15 15:02:52 +01:00
ct->ccp.will_param.topic = ps[SSCMM_STRSUB_WILL_TOPIC];
ct->ccp.will_param.message = ps[SSCMM_STRSUB_WILL_MESSAGE];
h->u.mqtt.subscribe_to = ps[SSCMM_STRSUB_SUBSCRIBE];
h->u.mqtt.subscribe_to_len = olen[SSCMM_STRSUB_SUBSCRIBE];
h->u.mqtt.topic_qos.name = ps[SSCMM_STRSUB_TOPIC];
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
i->method = "MQTT";
i->mqtt_cp = &ct->ccp;
i->alpn = "x-amzn-mqtt-ca";
/* share connections where possible */
i->ssl_connection |= LCCSCF_PIPELINE;
return 0;
}
const struct ss_pcols ss_pcol_mqtt = {
"MQTT",
"x-amzn-mqtt-ca", //"mqtt/3.1.1",
ss: server: h1, h2, ws basic support Add initial support for defining servers using Secure Streams policy and api semantics. Serving h1, h2 and ws should be functional, the new minimal example shows a combined http + SS server with an incrementing ws message shown in the browser over tls, in around 200 lines of user code. NOP out anything to do with plugins, they're not currently used. Update the docs correspondingly.
2020-07-27 10:03:12 +01:00
&protocol_secstream_mqtt,
client: secure streams Secure Streams is an optional layer on top of lws that separates policy like endpoint selection and tls cert validation into a device JSON policy document. Code that wants to open a client connection just specifies a streamtype name, and no longer deals with details like the endpoint, the protocol (!) or anything else other than payloads and optionally generic metadata; the JSON policy contains all the details for each streamtype. h1, h2, ws and mqtt client connections are supported. Logical secure streams outlive any particular connection and supports "nailed-up" connectivity regardless of underlying connection stability.
2020-02-29 12:37:24 +00:00
secstream_connect_munge_mqtt
};
Reference in a new issue Copy permalink