/* * libwebsockets - small server side websockets and web server implementation * * Copyright (C) 2010 Andy Green * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation: * version 2.1 of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301 USA */ #include "private-libwebsockets.h" #ifdef LWS_OPENSSL_SUPPORT SSL_CTX *ssl_ctx; int use_ssl; #endif extern int libwebsocket_read(struct libwebsocket *wsi, unsigned char * buf, size_t len); /* document the generic callback (it's a fake prototype under this) */ /** * callback() - User server actions * @wsi: Opaque websocket instance pointer * @reason: The reason for the call * @user: Pointer to per-session user data allocated by library * @in: Pointer used for some callback reasons * @len: Length set for some callback reasons * * This callback is the way the user controls what is served. All the * protocol detail is hidden and handled by the library. * * For each connection / session there is user data allocated that is * pointed to by "user". You set the size of this user data area when * the library is initialized with libwebsocket_create_server. * * You get an opportunity to initialize user data when called back with * LWS_CALLBACK_ESTABLISHED reason. * * LWS_CALLBACK_ESTABLISHED: after successful websocket handshake * * LWS_CALLBACK_CLOSED: when the websocket session ends * * LWS_CALLBACK_SEND: opportunity to send to client (you would use * libwebsocket_write() taking care about the * special buffer requirements * LWS_CALLBACK_RECEIVE: data has appeared for the server, it can be * found at *in and is len bytes long * * LWS_CALLBACK_HTTP: an http request has come from a client that is not * asking to upgrade the connection to a websocket * one. This is a chance to serve http content, * for example, to send a script to the client * which will then open the websockets connection. * @in points to the URI path requested and * libwebsockets_serve_http_file() makes it very * simple to send back a file to the client. */ extern int callback(struct libwebsocket * wsi, enum libwebsocket_callback_reasons reason, void * user, void *in, size_t len); void libwebsocket_close_and_free_session(struct libwebsocket *wsi) { int n = wsi->state; wsi->state = WSI_STATE_DEAD_SOCKET; if (wsi->protocol->callback && n == WSI_STATE_ESTABLISHED) wsi->protocol->callback(wsi, LWS_CALLBACK_CLOSED, wsi->user_space, NULL, 0); for (n = 0; n < WSI_TOKEN_COUNT; n++) if (wsi->utf8_token[n].token) free(wsi->utf8_token[n].token); // fprintf(stderr, "closing fd=%d\n", wsi->sock); #ifdef LWS_OPENSSL_SUPPORT if (use_ssl) { n = SSL_get_fd(wsi->ssl); SSL_shutdown(wsi->ssl); close(n); SSL_free(wsi->ssl); } else { #endif shutdown(wsi->sock, SHUT_RDWR); close(wsi->sock); #ifdef LWS_OPENSSL_SUPPORT } #endif if (wsi->user_space) free(wsi->user_space); free(wsi); } /** * libwebsocket_create_server() - Create the listening websockets server * @port: Port to listen on * @protocols: Array of structures listing supported protocols and a protocol- * specific callback for each one. The list is ended with an * entry that has a NULL callback pointer. * @ssl_cert_filepath: If libwebsockets was compiled to use ssl, and you want * to listen using SSL, set to the filepath to fetch the * server cert from, otherwise NULL for unencrypted * @ssl_private_key_filepath: filepath to private key if wanting SSL mode, * else ignored * @gid: group id to change to after setting listen socket, or -1. * @uid: user id to change to after setting listen socket, or -1. * * This function creates the listening socket and takes care * of all initialization in one step. * * It does not return since it sits in a service loop and operates via the * callbacks given in @protocol. User code should fork before calling * libwebsocket_create_server() if it wants to do other things in * parallel other than serve websockets. * * The protocol callback functions are called for a handful of events * including http requests coming in, websocket connections becoming * established, and data arriving; it's also called periodically to allow * async transmission. * * HTTP requests are sent always to the FIRST protocol in @protocol, since * at that time websocket protocol has not been negotiated. Other * protocols after the first one never see any HTTP callack activity. * * The server created is a simple http server by default; part of the * websocket standard is upgrading this http connection to a websocket one. * * This allows the same server to provide files like scripts and favicon / * images or whatever over http and dynamic data over websockets all in * one place; they're all handled in the user callback. */ int libwebsocket_create_server(int port, const struct libwebsocket_protocols *protocols, const char * ssl_cert_filepath, const char * ssl_private_key_filepath, int gid, int uid) { int n; int client; int sockfd; int fd; unsigned int clilen; struct sockaddr_in serv_addr, cli_addr; struct libwebsocket *wsi[MAX_CLIENTS + 1]; struct pollfd fds[MAX_CLIENTS + 1]; int fds_count = 0; unsigned char buf[1024]; int opt = 1; #ifdef LWS_OPENSSL_SUPPORT SSL_METHOD *method; char ssl_err_buf[512]; use_ssl = ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL; if (use_ssl) fprintf(stderr, " Compiled with SSL support, using it\n"); else fprintf(stderr, " Compiled with SSL support, not using it\n"); #else if (ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL) { fprintf(stderr, " Not compiled for OpenSSl support!\n"); return -1; } fprintf(stderr, " Compiled without SSL support, serving unencrypted\n"); #endif #ifdef LWS_OPENSSL_SUPPORT if (use_ssl) { SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); // Firefox insists on SSLv23 not SSLv3 // Konq disables SSLv2 by default now, SSLv23 works method = SSLv23_server_method(); // create server instance if (!method) { fprintf(stderr, "problem creating ssl method: %s\n", ERR_error_string(ERR_get_error(), ssl_err_buf)); return -1; } ssl_ctx = SSL_CTX_new(method); /* create context */ if (!ssl_ctx) { printf("problem creating ssl context: %s\n", ERR_error_string(ERR_get_error(), ssl_err_buf)); return -1; } /* set the local certificate from CertFile */ n = SSL_CTX_use_certificate_file(ssl_ctx, ssl_cert_filepath, SSL_FILETYPE_PEM); if (n != 1) { fprintf(stderr, "problem getting cert '%s': %s\n", ssl_cert_filepath, ERR_error_string(ERR_get_error(), ssl_err_buf)); return -1; } /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(ssl_ctx, ssl_private_key_filepath, SSL_FILETYPE_PEM) != 1) { fprintf(stderr, "ssl problem getting key '%s': %s\n", ssl_private_key_filepath, ERR_error_string(ERR_get_error(), ssl_err_buf)); return (-1); } /* verify private key */ if (!SSL_CTX_check_private_key(ssl_ctx)) { fprintf(stderr, "Private SSL key doesn't match cert\n"); return (-1); } /* SSL is happy and has a cert it's content with */ } #endif sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { fprintf(stderr, "ERROR opening socket"); return -1; } /* allow us to restart even if old sockets in TIME_WAIT */ setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; serv_addr.sin_port = htons(port); n = bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)); if (n < 0) { fprintf(stderr, "ERROR on binding to port %d (%d %d)\n", port, n, errno); return -1; } /* drop any root privs for this process */ if (gid != -1) if (setgid(gid)) fprintf(stderr, "setgid: %s\n", strerror(errno)); if (uid != -1) if (setuid(uid)) fprintf(stderr, "setuid: %s\n", strerror(errno)); /* * sit there listening for connects, accept and service connections * in a poll loop, without any forking */ listen(sockfd, 5); fprintf(stderr, " Listening on port %d\n", port); fds[0].fd = sockfd; fds_count = 1; fds[0].events = POLLIN; while (1) { n = poll(fds, fds_count, 50); if (n < 0 || fds[0].revents & (POLLERR | POLLHUP)) { fprintf(stderr, "Listen Socket dead\n"); goto fatal; } if (n == 0) /* poll timeout */ goto poll_out; if (fds[0].revents & POLLIN) { /* listen socket got an unencrypted connection... */ clilen = sizeof(cli_addr); fd = accept(sockfd, (struct sockaddr *)&cli_addr, &clilen); if (fd < 0) { fprintf(stderr, "ERROR on accept"); continue; } if (fds_count >= MAX_CLIENTS) { fprintf(stderr, "too busy"); close(fd); continue; } wsi[fds_count] = malloc(sizeof(struct libwebsocket)); if (!wsi[fds_count]) return -1; #ifdef LWS_OPENSSL_SUPPORT if (use_ssl) { wsi[fds_count]->ssl = SSL_new(ssl_ctx); if (wsi[fds_count]->ssl == NULL) { fprintf(stderr, "SSL_new failed: %s\n", ERR_error_string(SSL_get_error( wsi[fds_count]->ssl, 0), NULL)); free(wsi[fds_count]); continue; } SSL_set_fd(wsi[fds_count]->ssl, fd); n = SSL_accept(wsi[fds_count]->ssl); if (n != 1) { /* * browsers seem to probe with various * ssl params which fail then retry * and succeed */ debug("SSL_accept failed skt %u: %s\n", fd, ERR_error_string(SSL_get_error( wsi[fds_count]->ssl, n), NULL)); SSL_free(wsi[fds_count]->ssl); free(wsi[fds_count]); continue; } debug("accepted new SSL conn " "port %u on fd=%d SSL ver %s\n", ntohs(cli_addr.sin_port), fd, SSL_get_version(wsi[fds_count]->ssl)); } else #endif debug("accepted new conn port %u on fd=%d\n", ntohs(cli_addr.sin_port), fd); /* intialize the instance struct */ wsi[fds_count]->sock = fd; wsi[fds_count]->state = WSI_STATE_HTTP; wsi[fds_count]->name_buffer_pos = 0; for (n = 0; n < WSI_TOKEN_COUNT; n++) { wsi[fds_count]->utf8_token[n].token = NULL; wsi[fds_count]->utf8_token[n].token_len = 0; } /* * these can only be set once the protocol is known * we set an unestablished connection's protocol pointer * to the start of the supported list, so it can look * for matching ones during the handshake */ wsi[fds_count]->protocol = protocols; wsi[fds_count]->user_space = NULL; /* * Default protocol is 76 * After 76, there's a header specified to inform which * draft the client wants, when that's seen we modify * the individual connection's spec revision accordingly */ wsi[fds_count]->ietf_spec_revision = 76; fds[fds_count].events = POLLIN; fds[fds_count++].fd = fd; /* * make sure NO events are seen yet on this new socket * (otherwise we inherit old fds[client].revents from * previous socket there and die mysteriously! ) */ fds[client].revents = 0; } /* check for activity on client sockets */ for (client = 1; client < fds_count; client++) { /* handle session socket closed */ if (fds[client].revents & (POLLERR | POLLHUP)) { debug("Session Socket %d %p (fd=%d) dead\n", client, wsi[client], fds[client]); libwebsocket_close_and_free_session( wsi[client]); goto nuke_this; } /* any incoming data ready? */ if (!(fds[client].revents & POLLIN)) continue; #ifdef LWS_OPENSSL_SUPPORT if (use_ssl) n = SSL_read(wsi[client]->ssl, buf, sizeof buf); else #endif n = recv(fds[client].fd, buf, sizeof(buf), 0); if (n < 0) { fprintf(stderr, "Socket read returned %d\n", n); continue; } if (!n) { // fprintf(stderr, "POLLIN with 0 len waiting\n"); libwebsocket_close_and_free_session( wsi[client]); goto nuke_this; } /* service incoming data */ if (libwebsocket_read(wsi[client], buf, n) >= 0) continue; /* * it closed and nuked wsi[client], so remove the * socket handle and wsi from our service list */ nuke_this: debug("nuking wsi %p, fsd_count = %d\n", wsi[client], fds_count - 1); fds_count--; for (n = client; n < fds_count; n++) { fds[n] = fds[n + 1]; wsi[n] = wsi[n + 1]; } break; } poll_out: for (client = 1; client < fds_count; client++) { if (wsi[client]->state != WSI_STATE_ESTABLISHED) continue; wsi[client]->protocol->callback(wsi[client], LWS_CALLBACK_SEND, wsi[client]->user_space, NULL, 0); } continue; } fatal: /* listening socket */ close(fds[0].fd); for (client = 1; client < fds_count; client++) libwebsocket_close_and_free_session(wsi[client]); #ifdef LWS_OPENSSL_SUPPORT SSL_CTX_free(ssl_ctx); #endif kill(0, SIGTERM); return 0; }