From 1033e1d4c84629b42ba09365203297ef23aba3ea Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Thu, 31 Dec 2020 14:56:43 +0000
Subject: [PATCH] sspc: ssv1: pass client PID into proxy for tagging

Let's have the client processes pass in their pid, and tag the related proxy SS
with that pid, so we can see on whose behalf the proxy is acting.
---
 include/libwebsockets/lws-secure-streams.h      |  9 +++++++--
 lib/secure-streams/private-lib-secure-streams.h |  1 +
 lib/secure-streams/secure-streams-client.c      |  7 ++++---
 lib/secure-streams/secure-streams-serialize.c   | 17 +++++++++++++++++
 lib/secure-streams/secure-streams.c             |  5 +++--
 5 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/include/libwebsockets/lws-secure-streams.h b/include/libwebsockets/lws-secure-streams.h
index 22c1111ce..884d21373 100644
--- a/include/libwebsockets/lws-secure-streams.h
+++ b/include/libwebsockets/lws-secure-streams.h
@@ -64,8 +64,9 @@
  *   -  0: LWSSS_SER_TXPRE_STREAMTYPE
  *   -  1: 2-byte MSB-first rest-of-frame length
  *   -  3: 1-byte Client SSS protocol version (introduced in SSSv1)
- *   -  4: 4-byte MSB-first initial tx credit
- *   -  8: the streamtype name with no NUL
+ *   -  4: 4-byte Client PID (introduced in SSSv1)
+ *   -  8: 4-byte MSB-first initial tx credit
+ *   - 12: the streamtype name with no NUL
  *
  * - Proxied tx
  *
@@ -363,6 +364,10 @@ typedef struct lws_ss_info {
 	 * In the special case of _lws_smd streamtype, this is used to indicate
 	 * the connection's rx class mask.
 	 * */
+	uint32_t	client_pid;
+	/**< used in proxy / serialization case to hold the client pid this
+	 * proxied connection is to be tagged with
+	 */
 	uint8_t		flags;
 	uint8_t		sss_protocol_version;
 	/**< used in proxy / serialization case to hold the SS serialization
diff --git a/lib/secure-streams/private-lib-secure-streams.h b/lib/secure-streams/private-lib-secure-streams.h
index 9df8a0471..4823c62e2 100644
--- a/lib/secure-streams/private-lib-secure-streams.h
+++ b/lib/secure-streams/private-lib-secure-streams.h
@@ -218,6 +218,7 @@ struct lws_ss_serialization_parser {
 
 	uint32_t		usd_phandling;
 	uint32_t		flags;
+	uint32_t		client_pid;
 	int32_t			temp32;
 
 	int32_t			txcr_out;
diff --git a/lib/secure-streams/secure-streams-client.c b/lib/secure-streams/secure-streams-client.c
index 456ddf0dc..475f53ebb 100644
--- a/lib/secure-streams/secure-streams-client.c
+++ b/lib/secure-streams/secure-streams-client.c
@@ -248,15 +248,16 @@ callback_sspc_client(struct lws *wsi, enum lws_callback_reasons reason,
 			 * We are negotating the opening of a particular
 			 * streamtype
 			 */
-			n = (int)strlen(h->ssi.streamtype) + 5;
+			n = (int)strlen(h->ssi.streamtype) + 1 + 4 + 4;
 
 			s[0] = LWSSS_SER_TXPRE_STREAMTYPE;
 			lws_ser_wu16be(&s[1], (uint16_t)n);
 			/* SSSv1: add protocol version byte (initially 1) */
 			s[3] = (uint8_t)LWS_SSS_CLIENT_PROTOCOL_VERSION;
-			lws_ser_wu32be(&s[4], (uint32_t)h->txc.peer_tx_cr_est);
+			lws_ser_wu32be(&s[4], (uint32_t)getpid());
+			lws_ser_wu32be(&s[8], (uint32_t)h->txc.peer_tx_cr_est);
 			//h->txcr_out = txc;
-			lws_strncpy((char *)&s[8], h->ssi.streamtype, sizeof(s) - 8);
+			lws_strncpy((char *)&s[12], h->ssi.streamtype, sizeof(s) - 12);
 			n += 3;
 			h->state = LPCSCLI_WAITING_CREATE_RESULT;
 
diff --git a/lib/secure-streams/secure-streams-serialize.c b/lib/secure-streams/secure-streams-serialize.c
index 7909531e7..af8682c80 100644
--- a/lib/secure-streams/secure-streams-serialize.c
+++ b/lib/secure-streams/secure-streams-serialize.c
@@ -69,6 +69,7 @@ typedef enum {
 
 	RPAR_STREAMTYPE,
 	RPAR_INIT_PROVERS,
+	RPAR_INIT_PID,
 	RPAR_INITTXC0,
 
 	RPAR_TXCR0,
@@ -803,6 +804,20 @@ payload_ff:
 			if (!--par->rem)
 				goto hangup;
 			par->ctr = 0;
+			par->ps = RPAR_INIT_PID;
+			break;
+
+
+		case RPAR_INIT_PID:
+			if (!--par->rem)
+				goto hangup;
+
+			par->temp32 = (par->temp32 << 8) | *cp++;
+			if (++par->ctr < 4)
+				break;
+
+			par->client_pid = (uint32_t)par->temp32;
+			par->ctr = 0;
 			par->ps = RPAR_INITTXC0;
 			break;
 
@@ -1127,6 +1142,8 @@ payload_ff:
 
 			ssi->flags |= LWSSSINFLAGS_PROXIED;
 			ssi->sss_protocol_version = par->protocol_version;
+			ssi->client_pid = par->client_pid;
+
 			if (lws_ss_create(context, 0, ssi, parconn, pss,
 					  NULL, NULL)) {
 				/*
diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c
index 796413b7b..b39007164 100644
--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@@ -619,9 +619,10 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 		return 2;
 
 	if (ssi->sss_protocol_version)
-		__lws_lc_tag(&context->lcg[LWSLCG_WSI_SS_CLIENT], &h->lc, "%s|v%u",
+		__lws_lc_tag(&context->lcg[LWSLCG_WSI_SS_CLIENT], &h->lc, "%s|v%u|%u",
 			     ssi->streamtype ? ssi->streamtype : "nostreamtype",
-			     (unsigned int)ssi->sss_protocol_version);
+			     (unsigned int)ssi->sss_protocol_version,
+			     (unsigned int)ssi->client_pid);
 	else
 		__lws_lc_tag(&context->lcg[LWSLCG_WSI_SS_CLIENT], &h->lc, "%s",
 				ssi->streamtype ? ssi->streamtype : "nostreamtype");