diff --git a/CMakeLists.txt b/CMakeLists.txt index 817dec9e3..f6ecef70b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,6 +56,8 @@ option(LWS_WITH_FTS "Full Text Search support" OFF) option(LWS_WITH_SYS_ASYNC_DNS "Nonblocking internal IPv4 + IPv6 DNS resolver" OFF) option(LWS_WITH_SYS_NTPCLIENT "Build in tiny ntpclient good for tls date validation and run via lws_system" OFF) option(LWS_WITH_SYS_DHCP_CLIENT "Build in tiny DHCP client" OFF) +option(LWS_WITH_HTTP_BASIC_AUTH "Support Basic Auth" ON) + # # TLS library options... all except mbedTLS are basically OpenSSL variants. # diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in index 2719640da..6a39e3ac1 100644 --- a/cmake/lws_config.h.in +++ b/cmake/lws_config.h.in @@ -120,6 +120,7 @@ #cmakedefine LWS_WITH_GLIB #cmakedefine LWS_WITH_GTK #cmakedefine LWS_WITH_HTTP2 +#cmakedefine LWS_WITH_HTTP_BASIC_AUTH #cmakedefine LWS_WITH_HTTP_BROTLI #cmakedefine LWS_WITH_HTTP_PROXY #cmakedefine LWS_WITH_HTTP_STREAM_COMPRESSION diff --git a/lib/core/context.c b/lib/core/context.c index 507387ba7..9ad693937 100644 --- a/lib/core/context.c +++ b/lib/core/context.c @@ -1,7 +1,7 @@ /* * libwebsockets - small server side websockets and web server implementation * - * Copyright (C) 2010 - 2019 Andy Green + * Copyright (C) 2010 - 2020 Andy Green * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to diff --git a/lib/roles/http/client/client-handshake.c b/lib/roles/http/client/client-handshake.c index 5ec8bac29..ab4fd9d98 100644 --- a/lib/roles/http/client/client-handshake.c +++ b/lib/roles/http/client/client-handshake.c @@ -99,10 +99,12 @@ lws_client_connect_4_established(struct lws *wsi, struct lws *wsi_piggyback, "User-agent: lws\x0d\x0a", cpa, wsi->ocport, cpa, wsi->ocport); +#if defined(LWS_WITH_HTTP_BASIC_AUTH) if (wsi->vhost->proxy_basic_auth_token[0]) plen += lws_snprintf((char *)pt->serv_buf + plen, 256, "Proxy-authorization: basic %s\x0d\x0a", wsi->vhost->proxy_basic_auth_token); +#endif plen += lws_snprintf((char *)pt->serv_buf + plen, 5, "\x0d\x0a"); diff --git a/lib/roles/http/client/client-http.c b/lib/roles/http/client/client-http.c index e158901fa..c7bce2a93 100644 --- a/lib/roles/http/client/client-http.c +++ b/lib/roles/http/client/client-http.c @@ -89,6 +89,8 @@ lws_client_socket_service(struct lws *wsi, struct lws_pollfd *pollfd) break; #endif +#if defined(LWS_CLIENT_HTTP_PROXYING) && (defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)) + case LRS_WAITING_PROXY_REPLY: /* handle proxy hung up on us */ @@ -131,6 +133,8 @@ lws_client_socket_service(struct lws *wsi, struct lws_pollfd *pollfd) /* fallthru */ +#endif + case LRS_H1C_ISSUE_HANDSHAKE: /* @@ -1109,6 +1113,7 @@ lws_generate_client_handshake(struct lws *wsi, char *pkt) } #if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) +#if defined(LWS_WITH_HTTP_BASIC_AUTH) int lws_http_basic_auth_gen(const char *user, const char *pw, char *buf, size_t len) @@ -1131,6 +1136,8 @@ lws_http_basic_auth_gen(const char *user, const char *pw, char *buf, size_t len) return 0; } +#endif + int lws_http_client_read(struct lws *wsi, char **buf, int *len) { diff --git a/lib/roles/http/server/lejp-conf.c b/lib/roles/http/server/lejp-conf.c index e3819407e..7f1a1e066 100644 --- a/lib/roles/http/server/lejp-conf.c +++ b/lib/roles/http/server/lejp-conf.c @@ -671,7 +671,9 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) a->m.cache_intermediaries = arg_to_bool(ctx->buf);; return 0; case LEJPVP_MOUNT_BASIC_AUTH: +#if defined(LWS_WITH_HTTP_BASIC_AUTH) a->m.basic_auth_login_file = a->p; +#endif break; case LEJPVP_CGI_TIMEOUT: a->m.cgi_timeout = atoi(ctx->buf); diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c index 432d17dc1..6b531ef3e 100644 --- a/lib/roles/http/server/server.c +++ b/lib/roles/http/server/server.c @@ -800,7 +800,7 @@ lws_find_mount(struct lws *wsi, const char *uri_ptr, int uri_len) } #endif -#if !defined(LWS_PLAT_FREERTOS) && defined(LWS_WITH_FILE_OPS) +#if defined(LWS_WITH_HTTP_BASIC_AUTH) && !defined(LWS_PLAT_FREERTOS) && defined(LWS_WITH_FILE_OPS) static int lws_find_string_in_file(const char *filename, const char *string, int stringlen) { @@ -846,6 +846,8 @@ lws_find_string_in_file(const char *filename, const char *string, int stringlen) } #endif +#if defined(LWS_WITH_HTTP_BASIC_AUTH) + int lws_unauthorised_basic_auth(struct lws *wsi) { @@ -881,6 +883,8 @@ lws_unauthorised_basic_auth(struct lws *wsi) } +#endif + int lws_clean_url(char *p) { if (p[0] == 'h' && p[1] == 't' && p[2] == 't' && p[3] == 'p') { @@ -953,6 +957,8 @@ lws_http_get_uri_and_method(struct lws *wsi, char **puri_ptr, int *puri_len) return -1; } +#if defined(LWS_WITH_HTTP_BASIC_AUTH) + enum lws_check_basic_auth_results lws_check_basic_auth(struct lws *wsi, const char *basic_auth_login_file, unsigned int auth_mode) @@ -1043,6 +1049,8 @@ lws_check_basic_auth(struct lws *wsi, const char *basic_auth_login_file, #endif } +#endif + #if defined(LWS_WITH_HTTP_PROXY) /* * Set up an onward http proxy connection according to the mount this @@ -1514,6 +1522,8 @@ lws_http_action(struct lws *wsi) if (ha) return n; +#if defined(LWS_WITH_HTTP_BASIC_AUTH) + /* basic auth? */ switch (lws_check_basic_auth(wsi, hit->basic_auth_login_file, @@ -1526,6 +1536,7 @@ lws_http_action(struct lws *wsi) lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); return lws_http_transaction_completed(wsi); } +#endif #if defined(LWS_WITH_HTTP_PROXY) /* diff --git a/lib/roles/ws/server-ws.c b/lib/roles/ws/server-ws.c index 36011547f..6fc4d1409 100644 --- a/lib/roles/ws/server-ws.c +++ b/lib/roles/ws/server-ws.c @@ -255,9 +255,11 @@ int lws_process_ws_upgrade2(struct lws *wsi) { struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; +#if defined(LWS_WITH_HTTP_BASIC_AUTH) const struct lws_protocol_vhost_options *pvos = NULL; const char *ws_prot_basic_auth = NULL; + /* * Allow basic auth a look-in now we bound the wsi to the protocol. * @@ -282,6 +284,7 @@ lws_process_ws_upgrade2(struct lws *wsi) return lws_http_transaction_completed(wsi); } } +#endif /* * We are upgrading to ws, so http/1.1 + h2 and keepalive + pipelined diff --git a/lib/tls/mbedtls/wrapper/library/ssl_methods.c b/lib/tls/mbedtls/wrapper/library/ssl_methods.c index 000236084..56e2c12c3 100644 --- a/lib/tls/mbedtls/wrapper/library/ssl_methods.c +++ b/lib/tls/mbedtls/wrapper/library/ssl_methods.c @@ -34,24 +34,28 @@ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); +#if 0 IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method); IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); +#endif /** * TLS or SSL server method collection */ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); - IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method); +#if 0 +IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); + IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); +#endif /** * TLS or SSL method collection @@ -60,11 +64,13 @@ IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); +#if 0 IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); +#endif /** * @brief get X509 object method diff --git a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c b/minimal-examples/http-client/minimal-http-client/minimal-http-client.c index 3b8535924..c88027a44 100644 --- a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c +++ b/minimal-examples/http-client/minimal-http-client/minimal-http-client.c @@ -59,6 +59,8 @@ callback_http(struct lws *wsi, enum lws_callback_reasons reason, #endif break; +#if defined(LWS_WITH_HTTP_BASIC_AUTH) + /* you only need this if you need to do Basic Auth */ case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: { @@ -76,6 +78,7 @@ callback_http(struct lws *wsi, enum lws_callback_reasons reason, break; } +#endif /* chunks of chunked content, with header removed */ case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt index 28fdb5790..b3e921ff3 100644 --- a/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt +++ b/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt @@ -65,6 +65,7 @@ ENDMACRO() set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITH_SERVER 1 requirements) +require_lws_config(LWS_WITH_HTTP_BASIC_AUTH 1 requirements) if (requirements) add_executable(${SAMP} ${SRCS}) diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt index af98f2a88..416576cbb 100644 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt +++ b/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt @@ -70,6 +70,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_ROLE_WS 1 requirements) require_lws_config(LWS_WITH_SERVER 1 requirements) +require_lws_config(LWS_WITH_HTTP_BASIC_AUTH 1 requirements) if (requirements) add_executable(${SAMP} ${SRCS})