/*
* libwebsockets - small server side websockets and web server implementation
*
* Copyright (C) 2010 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation:
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
#include "private-libwebsockets.h"
#ifdef LWS_OPENSSL_SUPPORT
SSL_CTX *ssl_ctx;
int use_ssl;
#endif
extern int
libwebsocket_read(struct libwebsocket *wsi, unsigned char * buf, size_t len);
/* document the generic callback (it's a fake prototype under this) */
/**
* callback() - User server actions
* @wsi: Opaque websocket instance pointer
* @reason: The reason for the call
* @user: Pointer to per-session user data allocated by library
* @in: Pointer used for some callback reasons
* @len: Length set for some callback reasons
*
* This callback is the way the user controls what is served. All the
* protocol detail is hidden and handled by the library.
*
* For each connection / session there is user data allocated that is
* pointed to by "user". You set the size of this user data area when
* the library is initialized with libwebsocket_create_server.
*
* You get an opportunity to initialize user data when called back with
* LWS_CALLBACK_ESTABLISHED reason.
*
* LWS_CALLBACK_ESTABLISHED: after successful websocket handshake
*
* LWS_CALLBACK_CLOSED: when the websocket session ends
*
* LWS_CALLBACK_SEND: opportunity to send to client (you would use
* libwebsocket_write() taking care about the
* special buffer requirements
* LWS_CALLBACK_RECEIVE: data has appeared for the server, it can be
* found at *in and is len bytes long
*
* LWS_CALLBACK_HTTP: an http request has come from a client that is not
* asking to upgrade the connection to a websocket
* one. This is a chance to serve http content,
* for example, to send a script to the client
* which will then open the websockets connection.
* @in points to the URI path requested and
* libwebsockets_serve_http_file() makes it very
* simple to send back a file to the client.
*/
extern int callback(struct libwebsocket * wsi,
enum libwebsocket_callback_reasons reason, void * user,
void *in, size_t len);
void
libwebsocket_close_and_free_session(struct libwebsocket *wsi)
{
int n = wsi->state;
wsi->state = WSI_STATE_DEAD_SOCKET;
if (wsi->protocol->callback && n == WSI_STATE_ESTABLISHED)
wsi->protocol->callback(wsi, LWS_CALLBACK_CLOSED,
wsi->user_space, NULL, 0);
for (n = 0; n < WSI_TOKEN_COUNT; n++)
if (wsi->utf8_token[n].token)
free(wsi->utf8_token[n].token);
// fprintf(stderr, "closing fd=%d\n", wsi->sock);
#ifdef LWS_OPENSSL_SUPPORT
if (use_ssl) {
n = SSL_get_fd(wsi->ssl);
SSL_shutdown(wsi->ssl);
close(n);
SSL_free(wsi->ssl);
} else {
#endif
shutdown(wsi->sock, SHUT_RDWR);
close(wsi->sock);
#ifdef LWS_OPENSSL_SUPPORT
}
#endif
if (wsi->user_space)
free(wsi->user_space);
free(wsi);
}
/**
* libwebsocket_create_server() - Create the listening websockets server
* @port: Port to listen on
* @protocols: Array of structures listing supported protocols and a protocol-
* specific callback for each one. The list is ended with an
* entry that has a NULL callback pointer.
* @ssl_cert_filepath: If libwebsockets was compiled to use ssl, and you want
* to listen using SSL, set to the filepath to fetch the
* server cert from, otherwise NULL for unencrypted
* @ssl_private_key_filepath: filepath to private key if wanting SSL mode,
* else ignored
* @gid: group id to change to after setting listen socket, or -1.
* @uid: user id to change to after setting listen socket, or -1.
*
* This function creates the listening socket and takes care
* of all initialization in one step.
*
* It does not return since it sits in a service loop and operates via the
* callbacks given in @protocol. User code should fork before calling
* libwebsocket_create_server() if it wants to do other things in
* parallel other than serve websockets.
*
* The protocol callback functions are called for a handful of events
* including http requests coming in, websocket connections becoming
* established, and data arriving; it's also called periodically to allow
* async transmission.
*
* HTTP requests are sent always to the FIRST protocol in @protocol, since
* at that time websocket protocol has not been negotiated. Other
* protocols after the first one never see any HTTP callack activity.
*
* The server created is a simple http server by default; part of the
* websocket standard is upgrading this http connection to a websocket one.
*
* This allows the same server to provide files like scripts and favicon /
* images or whatever over http and dynamic data over websockets all in
* one place; they're all handled in the user callback.
*/
int libwebsocket_create_server(int port,
const struct libwebsocket_protocols *protocols,
const char * ssl_cert_filepath,
const char * ssl_private_key_filepath,
int gid, int uid)
{
int n;
int client;
int sockfd;
int fd;
unsigned int clilen;
struct sockaddr_in serv_addr, cli_addr;
struct libwebsocket *wsi[MAX_CLIENTS + 1];
struct pollfd fds[MAX_CLIENTS + 1];
int fds_count = 0;
unsigned char buf[1024];
int opt = 1;
#ifdef LWS_OPENSSL_SUPPORT
const SSL_METHOD *method;
char ssl_err_buf[512];
use_ssl = ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL;
if (use_ssl)
fprintf(stderr, " Compiled with SSL support, using it\n");
else
fprintf(stderr, " Compiled with SSL support, not using it\n");
#else
if (ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL) {
fprintf(stderr, " Not compiled for OpenSSl support!\n");
return -1;
}
fprintf(stderr, " Compiled without SSL support, serving unencrypted\n");
#endif
#ifdef LWS_OPENSSL_SUPPORT
if (use_ssl) {
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
// Firefox insists on SSLv23 not SSLv3
// Konq disables SSLv2 by default now, SSLv23 works
method = SSLv23_server_method(); // create server instance
if (!method) {
fprintf(stderr, "problem creating ssl method: %s\n",
ERR_error_string(ERR_get_error(), ssl_err_buf));
return -1;
}
ssl_ctx = SSL_CTX_new(method); /* create context */
if (!ssl_ctx) {
printf("problem creating ssl context: %s\n",
ERR_error_string(ERR_get_error(), ssl_err_buf));
return -1;
}
/* set the local certificate from CertFile */
n = SSL_CTX_use_certificate_file(ssl_ctx,
ssl_cert_filepath, SSL_FILETYPE_PEM);
if (n != 1) {
fprintf(stderr, "problem getting cert '%s': %s\n",
ssl_cert_filepath,
ERR_error_string(ERR_get_error(), ssl_err_buf));
return -1;
}
/* set the private key from KeyFile */
if (SSL_CTX_use_PrivateKey_file(ssl_ctx,
ssl_private_key_filepath,
SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, "ssl problem getting key '%s': %s\n",
ssl_private_key_filepath,
ERR_error_string(ERR_get_error(), ssl_err_buf));
return (-1);
}
/* verify private key */
if (!SSL_CTX_check_private_key(ssl_ctx)) {
fprintf(stderr, "Private SSL key doesn't match cert\n");
return (-1);
}
/* SSL is happy and has a cert it's content with */
}
#endif
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
fprintf(stderr, "ERROR opening socket");
return -1;
}
/* allow us to restart even if old sockets in TIME_WAIT */
setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = INADDR_ANY;
serv_addr.sin_port = htons(port);
n = bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
if (n < 0) {
fprintf(stderr, "ERROR on binding to port %d (%d %d)\n", port, n,
errno);
return -1;
}
/* drop any root privs for this process */
if (gid != -1)
if (setgid(gid))
fprintf(stderr, "setgid: %s\n", strerror(errno));
if (uid != -1)
if (setuid(uid))
fprintf(stderr, "setuid: %s\n", strerror(errno));
/*
* sit there listening for connects, accept and service connections
* in a poll loop, without any forking
*/
listen(sockfd, 5);
fprintf(stderr, " Listening on port %d\n", port);
fds[0].fd = sockfd;
fds_count = 1;
fds[0].events = POLLIN;
while (1) {
n = poll(fds, fds_count, 50);
if (n < 0 || fds[0].revents & (POLLERR | POLLHUP)) {
fprintf(stderr, "Listen Socket dead\n");
goto fatal;
}
if (n == 0) /* poll timeout */
goto poll_out;
if (fds[0].revents & POLLIN) {
/* listen socket got an unencrypted connection... */
clilen = sizeof(cli_addr);
fd = accept(sockfd,
(struct sockaddr *)&cli_addr,
&clilen);
if (fd < 0) {
fprintf(stderr, "ERROR on accept");
continue;
}
if (fds_count >= MAX_CLIENTS) {
fprintf(stderr, "too busy");
close(fd);
continue;
}
wsi[fds_count] = malloc(sizeof(struct libwebsocket));
if (!wsi[fds_count])
return -1;
#ifdef LWS_OPENSSL_SUPPORT
if (use_ssl) {
wsi[fds_count]->ssl = SSL_new(ssl_ctx);
if (wsi[fds_count]->ssl == NULL) {
fprintf(stderr, "SSL_new failed: %s\n",
ERR_error_string(SSL_get_error(
wsi[fds_count]->ssl, 0), NULL));
free(wsi[fds_count]);
continue;
}
SSL_set_fd(wsi[fds_count]->ssl, fd);
n = SSL_accept(wsi[fds_count]->ssl);
if (n != 1) {
/*
* browsers seem to probe with various
* ssl params which fail then retry
* and succeed
*/
debug("SSL_accept failed skt %u: %s\n",
fd,
ERR_error_string(SSL_get_error(
wsi[fds_count]->ssl, n), NULL));
SSL_free(wsi[fds_count]->ssl);
free(wsi[fds_count]);
continue;
}
debug("accepted new SSL conn "
"port %u on fd=%d SSL ver %s\n",
ntohs(cli_addr.sin_port), fd,
SSL_get_version(wsi[fds_count]->ssl));
} else
#endif
debug("accepted new conn port %u on fd=%d\n",
ntohs(cli_addr.sin_port), fd);
/* intialize the instance struct */
wsi[fds_count]->sock = fd;
wsi[fds_count]->state = WSI_STATE_HTTP;
wsi[fds_count]->name_buffer_pos = 0;
for (n = 0; n < WSI_TOKEN_COUNT; n++) {
wsi[fds_count]->utf8_token[n].token = NULL;
wsi[fds_count]->utf8_token[n].token_len = 0;
}
/*
* these can only be set once the protocol is known
* we set an unestablished connection's protocol pointer
* to the start of the supported list, so it can look
* for matching ones during the handshake
*/
wsi[fds_count]->protocol = protocols;
wsi[fds_count]->user_space = NULL;
/*
* Default protocol is 76
* After 76, there's a header specified to inform which
* draft the client wants, when that's seen we modify
* the individual connection's spec revision accordingly
*/
wsi[fds_count]->ietf_spec_revision = 76;
fds[fds_count].events = POLLIN;
fds[fds_count++].fd = fd;
/*
* make sure NO events are seen yet on this new socket
* (otherwise we inherit old fds[client].revents from
* previous socket there and die mysteriously! )
*/
fds[client].revents = 0;
}
/* check for activity on client sockets */
for (client = 1; client < fds_count; client++) {
/* handle session socket closed */
if (fds[client].revents & (POLLERR | POLLHUP)) {
debug("Session Socket %d %p (fd=%d) dead\n",
client, wsi[client], fds[client]);
libwebsocket_close_and_free_session(
wsi[client]);
goto nuke_this;
}
/* any incoming data ready? */
if (!(fds[client].revents & POLLIN))
continue;
#ifdef LWS_OPENSSL_SUPPORT
if (use_ssl)
n = SSL_read(wsi[client]->ssl, buf, sizeof buf);
else
#endif
n = recv(fds[client].fd, buf, sizeof(buf), 0);
if (n < 0) {
fprintf(stderr, "Socket read returned %d\n", n);
continue;
}
if (!n) {
// fprintf(stderr, "POLLIN with 0 len waiting\n");
libwebsocket_close_and_free_session(
wsi[client]);
goto nuke_this;
}
/* service incoming data */
if (libwebsocket_read(wsi[client], buf, n) >= 0)
continue;
/*
* it closed and nuked wsi[client], so remove the
* socket handle and wsi from our service list
*/
nuke_this:
debug("nuking wsi %p, fsd_count = %d\n",
wsi[client], fds_count - 1);
fds_count--;
for (n = client; n < fds_count; n++) {
fds[n] = fds[n + 1];
wsi[n] = wsi[n + 1];
}
break;
}
poll_out:
for (client = 1; client < fds_count; client++) {
if (wsi[client]->state != WSI_STATE_ESTABLISHED)
continue;
wsi[client]->protocol->callback(wsi[client],
LWS_CALLBACK_SEND,
wsi[client]->user_space,
NULL, 0);
}
continue;
}
fatal:
/* listening socket */
close(fds[0].fd);
for (client = 1; client < fds_count; client++)
libwebsocket_close_and_free_session(wsi[client]);
#ifdef LWS_OPENSSL_SUPPORT
SSL_CTX_free(ssl_ctx);
#endif
kill(0, SIGTERM);
return 0;
}