change LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION user param usage

Also audit the bail_nuke_ah usage as Daniel Griscom suggested.

Signed-off-by: Andy Green <andy.green@linaro.org>

changelog

@@ -31,6 +31,12 @@ User api additions
  - there's a new, optional callback LWS_CALLBACK_CLOSED_HTTP which gets
 	called when an HTTP protocol socket closes
 
+ - for LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION callback, the user_space alloc
+	has already been done before the callback happens.  That means we can
+	use the user parameter to the callback to contain the user pointer, and
+	move the protocol name to the "in" parameter.  The docs for this
+	callback are also updated to reflect how to check headers in there.
+
 
 User api changes
 ----------------

lib/handshake.c

@@ -152,7 +152,7 @@ libwebsocket_read(struct libwebsocket_context *context,
 
 			if (n) {
 				lwsl_info("LWS_CALLBACK_HTTP closing\n");
-				goto bail;
+				goto bail; /* struct ah ptr already nuked */
 			}
 
 			return 0;
@@ -196,6 +196,10 @@ libwebsocket_read(struct libwebsocket_context *context,
 			}
 		}
 
+		/* allocate wsi->user storage */
+		if (libwebsocket_ensure_user_space(wsi))
+				goto bail_nuke_ah;
+
 		/*
 		 * Give the user code a chance to study the request and
 		 * have the opportunity to deny it
@@ -203,10 +207,10 @@ libwebsocket_read(struct libwebsocket_context *context,
 
 		if ((wsi->protocol->callback)(wsi->protocol->owning_server, wsi,
 				LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION,
-				lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL),
-								     NULL, 0)) {
+				wsi->user_space,
+			      lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL), 0)) {
 			lwsl_warn("User code denied connection\n");
-			goto bail;
+			goto bail_nuke_ah;
 		}
 
 
@@ -220,17 +224,17 @@ libwebsocket_read(struct libwebsocket_context *context,
 			lwsl_parser("lws_parse calling handshake_04\n");
 			if (handshake_0405(context, wsi)) {
 				lwsl_info("hs0405 has failed the connection\n");
-				goto bail;
+				goto bail_nuke_ah;
 			}
 			break;
 
 		default:
 			lwsl_warn("Unknown client spec version %d\n",
 						       wsi->ietf_spec_revision);
-			goto bail;
+			goto bail_nuke_ah;
 		}
 
-		/* drop the header info */
+		/* drop the header info -- no bail_nuke_ah after this */
 
 		if (wsi->u.hdr.ah)
 			free(wsi->u.hdr.ah);

lib/libwebsockets.h

@@ -480,11 +480,14 @@ struct libwebsocket_extension;
  *	LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION: called when the handshake has
  *		been received and parsed from the client, but the response is
  *		not sent yet.  Return non-zero to disallow the connection.
- *		@user is a pointer to an array of struct lws_tokens, you can
- *		use the header enums lws_token_indexes from libwebsockets.h
- *		to check for and read the supported header presence and
- *		content before deciding to allow the handshake to proceed or
- *		to kill the connection.
+ *		@user is a pointer to the connection user space allocation,
+ *		@in is the requested protocol name
+ *		In your handler you can use the public APIs
+ *		lws_hdr_total_length() / lws_hdr_copy() to access all of the
+ *		headers using the header enums lws_token_indexes from
+ *		libwebsockets.h to check for and read the supported header
+ *		presence and content before deciding to allow the handshake
+ *		to proceed or to kill the connection.
  *
  *	LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS: if configured for
  *		including OpenSSL support, this callback allows your user code