1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25 #include <private-lib-core.h>
26
27 #ifndef min
28 #define min(a, b) ((a) < (b) ? (a) : (b))
29 #endif
30
31
32 /*
33 * We have to take care about parsing because the headers may be split
34 * into multiple fragments. They may contain unknown headers with arbitrary
35 * argument lengths. So, we parse using a single-character at a time state
36 * machine that is completely independent of packet size.
37 *
38 * Returns <0 for error or length of chars consumed from buf (up to len)
39 */
40
41 int
lws_read_h1(struct lws * wsi,unsigned char * buf,lws_filepos_t len)42 lws_read_h1(struct lws *wsi, unsigned char *buf, lws_filepos_t len)
43 {
44 unsigned char *last_char, *oldbuf = buf;
45 lws_filepos_t body_chunk_len;
46 size_t n;
47
48 lwsl_debug("%s: h1 path: wsi state 0x%x\n", __func__, lwsi_state(wsi));
49
50 switch (lwsi_state(wsi)) {
51
52 case LRS_ISSUING_FILE:
53 return 0;
54
55 case LRS_ESTABLISHED:
56
57 if (lwsi_role_ws(wsi))
58 goto ws_mode;
59
60 if (lwsi_role_client(wsi))
61 break;
62
63 wsi->hdr_parsing_completed = 0;
64
65 /* fallthru */
66
67 case LRS_HEADERS:
68 if (!wsi->http.ah) {
69 lwsl_err("%s: LRS_HEADERS: NULL ah\n", __func__);
70 assert(0);
71 }
72 lwsl_parser("issuing %d bytes to parser\n", (int)len);
73 #if defined(LWS_ROLE_WS) && defined(LWS_WITH_CLIENT)
74 if (lws_ws_handshake_client(wsi, &buf, (size_t)len))
75 goto bail;
76 #endif
77 last_char = buf;
78 if (lws_handshake_server(wsi, &buf, (size_t)len))
79 /* Handshake indicates this session is done. */
80 goto bail;
81
82 /* we might have transitioned to RAW */
83 if (wsi->role_ops == &role_ops_raw_skt
84 #if defined(LWS_ROLE_RAW_FILE)
85 ||
86 wsi->role_ops == &role_ops_raw_file
87 #endif
88 )
89 /* we gave the read buffer to RAW handler already */
90 goto read_ok;
91
92 /*
93 * It's possible that we've exhausted our data already, or
94 * rx flow control has stopped us dealing with this early,
95 * but lws_handshake_server doesn't update len for us.
96 * Figure out how much was read, so that we can proceed
97 * appropriately:
98 */
99 len -= (unsigned int)lws_ptr_diff(buf, last_char);
100
101 if (!wsi->hdr_parsing_completed)
102 /* More header content on the way */
103 goto read_ok;
104
105 switch (lwsi_state(wsi)) {
106 case LRS_ESTABLISHED:
107 case LRS_HEADERS:
108 goto read_ok;
109 case LRS_ISSUING_FILE:
110 goto read_ok;
111 case LRS_DISCARD_BODY:
112 case LRS_BODY:
113 wsi->http.rx_content_remain =
114 wsi->http.rx_content_length;
115 if (wsi->http.rx_content_remain)
116 goto http_postbody;
117
118 /* there is no POST content */
119 goto postbody_completion;
120 default:
121 break;
122 }
123 break;
124
125 case LRS_DISCARD_BODY:
126 case LRS_BODY:
127 http_postbody:
128 lwsl_info("%s: http post body: cl set %d, remain %d, len %d\n", __func__,
129 (int)wsi->http.content_length_given,
130 (int)wsi->http.rx_content_remain, (int)len);
131
132 if (wsi->http.content_length_given && !wsi->http.rx_content_remain)
133 goto postbody_completion;
134
135 while (len && (!wsi->http.content_length_given || wsi->http.rx_content_remain)) {
136 /* Copy as much as possible, up to the limit of:
137 * what we have in the read buffer (len)
138 * remaining portion of the POST body (content_remain)
139 */
140 if (wsi->http.content_length_given)
141 body_chunk_len = min(wsi->http.rx_content_remain, len);
142 else
143 body_chunk_len = len;
144 wsi->http.rx_content_remain -= body_chunk_len;
145 // len -= body_chunk_len;
146 #ifdef LWS_WITH_CGI
147 if (wsi->http.cgi) {
148 struct lws_cgi_args args;
149
150 args.ch = LWS_STDIN;
151 args.stdwsi = &wsi->http.cgi->lsp->stdwsi[0];
152 args.data = buf;
153 args.len = (int)(unsigned int)body_chunk_len;
154
155 /* returns how much used */
156 n = (unsigned int)user_callback_handle_rxflow(
157 wsi->a.protocol->callback,
158 wsi, LWS_CALLBACK_CGI_STDIN_DATA,
159 wsi->user_space,
160 (void *)&args, 0);
161 if ((int)n < 0)
162 goto bail;
163 } else {
164 #endif
165 if (lwsi_state(wsi) != LRS_DISCARD_BODY) {
166 lwsl_info("%s: HTTP_BODY %d\n", __func__, (int)body_chunk_len);
167 n = (unsigned int)wsi->a.protocol->callback(wsi,
168 LWS_CALLBACK_HTTP_BODY, wsi->user_space,
169 buf, (size_t)body_chunk_len);
170 if (n)
171 goto bail;
172 }
173 n = (size_t)body_chunk_len;
174 #ifdef LWS_WITH_CGI
175 }
176 #endif
177 lwsl_info("%s: advancing buf by %d\n", __func__, (int)n);
178 buf += n;
179
180 #if defined(LWS_ROLE_H2)
181 if (lwsi_role_h2(wsi) && !wsi->http.content_length_given) {
182 struct lws *w = lws_get_network_wsi(wsi);
183
184 if (w)
185 lwsl_info("%s: h2: nwsi h2 flags %d\n", __func__,
186 w->h2.h2n ? w->h2.h2n->flags: -1);
187
188 if (w && w->h2.h2n && !(w->h2.h2n->flags & 1)) {
189 lwsl_info("%s: h2, no cl, not END_STREAM, continuing\n", __func__);
190 lws_set_timeout(wsi,
191 PENDING_TIMEOUT_HTTP_CONTENT,
192 (int)wsi->a.context->timeout_secs);
193 break;
194 }
195 goto postbody_completion;
196 }
197 #endif
198
199 if (wsi->http.rx_content_remain) {
200 lws_set_timeout(wsi,
201 PENDING_TIMEOUT_HTTP_CONTENT,
202 (int)wsi->a.context->timeout_secs);
203 break;
204 }
205 /* he sent all the content in time */
206 postbody_completion:
207 #ifdef LWS_WITH_CGI
208 /*
209 * If we're running a cgi, we can't let him off the
210 * hook just because he sent his POST data
211 */
212 if (wsi->http.cgi)
213 lws_set_timeout(wsi, PENDING_TIMEOUT_CGI,
214 (int)wsi->a.context->timeout_secs);
215 else
216 #endif
217 lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0);
218 #ifdef LWS_WITH_CGI
219 if (!wsi->http.cgi)
220 #endif
221 {
222 #if defined(LWS_WITH_SERVER)
223 if (lwsi_state(wsi) == LRS_DISCARD_BODY) {
224 /*
225 * repeat the transaction completed
226 * that got us into this state, having
227 * consumed the pending body now
228 */
229
230 if (lws_http_transaction_completed(wsi))
231 goto bail;
232 break;
233 }
234 #endif
235 lwsl_info("HTTP_BODY_COMPLETION: %s (%s)\n",
236 lws_wsi_tag(wsi), wsi->a.protocol->name);
237
238 n = (unsigned int)wsi->a.protocol->callback(wsi,
239 LWS_CALLBACK_HTTP_BODY_COMPLETION,
240 wsi->user_space, NULL, 0);
241 if (n) {
242 lwsl_info("%s: bailing after BODY_COMPLETION\n", __func__);
243 goto bail;
244 }
245
246 if (wsi->mux_substream)
247 lwsi_set_state(wsi, LRS_ESTABLISHED);
248 }
249
250 break;
251 }
252 break;
253
254 case LRS_RETURNED_CLOSE:
255 case LRS_AWAITING_CLOSE_ACK:
256 case LRS_WAITING_TO_SEND_CLOSE:
257 case LRS_SHUTDOWN:
258
259 ws_mode:
260 #if defined(LWS_WITH_CLIENT) && defined(LWS_ROLE_WS)
261 // lwsl_notice("%s: ws_mode\n", __func__);
262 if (lws_ws_handshake_client(wsi, &buf, (size_t)len))
263 goto bail;
264 #endif
265 #if defined(LWS_ROLE_WS)
266 if (lwsi_role_ws(wsi) && lwsi_role_server(wsi) &&
267 /*
268 * for h2 we are on the swsi
269 */
270 lws_parse_ws(wsi, &buf, (size_t)len) < 0) {
271 lwsl_info("%s: lws_parse_ws bailed\n", __func__);
272 goto bail;
273 }
274 #endif
275 // lwsl_notice("%s: ws_mode: buf moved on by %d\n", __func__,
276 // lws_ptr_diff(buf, oldbuf));
277 break;
278
279 case LRS_DEFERRING_ACTION:
280 lwsl_notice("%s: LRS_DEFERRING_ACTION\n", __func__);
281 break;
282
283 case LRS_SSL_ACK_PENDING:
284 break;
285
286 case LRS_FLUSHING_BEFORE_CLOSE:
287 break;
288
289 case LRS_DEAD_SOCKET:
290 lwsl_err("%s: Unhandled state LRS_DEAD_SOCKET\n", __func__);
291 goto bail;
292 // assert(0);
293 /* fallthru */
294
295 default:
296 lwsl_err("%s: Unhandled state %d\n", __func__, lwsi_state(wsi));
297 assert(0);
298 goto bail;
299 }
300
301 read_ok:
302 /* Nothing more to do for now */
303 // lwsl_info("%s: %p: read_ok, used %ld (len %d, state %d)\n", __func__,
304 // wsi, (long)(buf - oldbuf), (int)len, wsi->state);
305
306 return lws_ptr_diff(buf, oldbuf);
307
308 bail:
309 /*
310 * h2 / h2-ws calls us recursively in
311 *
312 * lws_read_h1()->
313 * lws_h2_parser()->
314 * lws_read_h1()
315 *
316 * pattern, having stripped the h2 framing in the middle.
317 *
318 * When taking down the whole connection, make sure that only the
319 * outer lws_read() does the wsi close.
320 */
321 if (!wsi->outer_will_close)
322 lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS,
323 "lws_read_h1 bail");
324
325 return -1;
326 }
327 #if defined(LWS_WITH_SERVER)
328 static int
lws_h1_server_socket_service(struct lws * wsi,struct lws_pollfd * pollfd)329 lws_h1_server_socket_service(struct lws *wsi, struct lws_pollfd *pollfd)
330 {
331 struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
332 struct lws_tokens ebuf;
333 int n, buffered;
334
335 if (lwsi_state(wsi) == LRS_DEFERRING_ACTION)
336 goto try_pollout;
337
338 /* any incoming data ready? */
339
340 if (!(pollfd->revents & pollfd->events & LWS_POLLIN))
341 goto try_pollout;
342
343 /*
344 * If we previously just did POLLIN when IN and OUT were signaled
345 * (because POLLIN processing may have used up the POLLOUT), don't let
346 * that happen twice in a row... next time we see the situation favour
347 * POLLOUT
348 */
349
350 if (wsi->favoured_pollin &&
351 (pollfd->revents & pollfd->events & LWS_POLLOUT)) {
352 // lwsl_notice("favouring pollout\n");
353 wsi->favoured_pollin = 0;
354 goto try_pollout;
355 }
356
357 /*
358 * We haven't processed that the tunnel is set up yet, so
359 * defer reading
360 */
361
362 if (lwsi_state(wsi) == LRS_SSL_ACK_PENDING)
363 return LWS_HPI_RET_HANDLED;
364
365 /* these states imply we MUST have an ah attached */
366
367 if ((lwsi_state(wsi) == LRS_ESTABLISHED ||
368 lwsi_state(wsi) == LRS_ISSUING_FILE ||
369 lwsi_state(wsi) == LRS_HEADERS ||
370 lwsi_state(wsi) == LRS_DOING_TRANSACTION || /* at least, SSE */
371 lwsi_state(wsi) == LRS_DISCARD_BODY ||
372 lwsi_state(wsi) == LRS_BODY)) {
373
374 if (!wsi->http.ah && lws_header_table_attach(wsi, 0)) {
375 lwsl_info("%s: %s: ah not available\n", __func__,
376 lws_wsi_tag(wsi));
377 goto try_pollout;
378 }
379
380 /*
381 * We got here because there was specifically POLLIN...
382 * regardless of our buflist state, we need to get it,
383 * and either use it, or append to the buflist and use
384 * buflist head material.
385 *
386 * We will not notice a connection close until the buflist is
387 * exhausted and we tried to do a read of some kind.
388 */
389
390 ebuf.token = NULL;
391 ebuf.len = 0;
392 buffered = lws_buflist_aware_read(pt, wsi, &ebuf, 0, __func__);
393 switch (ebuf.len) {
394 case 0:
395 lwsl_info("%s: read 0 len a\n", __func__);
396 wsi->seen_zero_length_recv = 1;
397 if (lws_change_pollfd(wsi, LWS_POLLIN, 0))
398 goto fail;
399 #if !defined(LWS_WITHOUT_EXTENSIONS)
400 /*
401 * autobahn requires us to win the race between close
402 * and draining the extensions
403 */
404 if (wsi->ws &&
405 (wsi->ws->rx_draining_ext ||
406 wsi->ws->tx_draining_ext))
407 goto try_pollout;
408 #endif
409 /*
410 * normally, we respond to close with logically closing
411 * our side immediately
412 */
413 goto fail;
414
415 case LWS_SSL_CAPABLE_ERROR:
416 goto fail;
417 case LWS_SSL_CAPABLE_MORE_SERVICE:
418 goto try_pollout;
419 }
420
421 /* just ignore incoming if waiting for close */
422 if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE) {
423 lwsl_notice("%s: just ignoring\n", __func__);
424 goto try_pollout;
425 }
426
427 if (lwsi_state(wsi) == LRS_ISSUING_FILE) {
428 // lwsl_notice("stashing: wsi %p: bd %d\n", wsi, buffered);
429 if (lws_buflist_aware_finished_consuming(wsi, &ebuf, 0,
430 buffered, __func__))
431 return LWS_HPI_RET_PLEASE_CLOSE_ME;
432
433 goto try_pollout;
434 }
435
436 /*
437 * Otherwise give it to whoever wants it according to the
438 * connection state
439 */
440 #if defined(LWS_ROLE_H2)
441 if (lwsi_role_h2(wsi) && lwsi_state(wsi) != LRS_BODY)
442 n = lws_read_h2(wsi, ebuf.token, (unsigned int)ebuf.len);
443 else
444 #endif
445 n = lws_read_h1(wsi, ebuf.token, (unsigned int)ebuf.len);
446 if (n < 0) /* we closed wsi */
447 return LWS_HPI_RET_WSI_ALREADY_DIED;
448
449 // lwsl_notice("%s: consumed %d\n", __func__, n);
450
451 if (lws_buflist_aware_finished_consuming(wsi, &ebuf, n,
452 buffered, __func__))
453 return LWS_HPI_RET_PLEASE_CLOSE_ME;
454
455 /*
456 * during the parsing our role changed to something non-http,
457 * so the ah has no further meaning
458 */
459
460 if (wsi->http.ah &&
461 !lwsi_role_h1(wsi) &&
462 !lwsi_role_h2(wsi) &&
463 !lwsi_role_cgi(wsi))
464 lws_header_table_detach(wsi, 0);
465
466 /*
467 * He may have used up the writability above, if we will defer
468 * POLLOUT processing in favour of POLLIN, note it
469 */
470
471 if (pollfd->revents & LWS_POLLOUT)
472 wsi->favoured_pollin = 1;
473
474 return LWS_HPI_RET_HANDLED;
475 }
476
477 /*
478 * He may have used up the writability above, if we will defer POLLOUT
479 * processing in favour of POLLIN, note it
480 */
481
482 if (pollfd->revents & LWS_POLLOUT)
483 wsi->favoured_pollin = 1;
484
485 try_pollout:
486
487 /* this handles POLLOUT for http serving fragments */
488
489 if (!(pollfd->revents & LWS_POLLOUT))
490 return LWS_HPI_RET_HANDLED;
491
492 /* one shot */
493 if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) {
494 lwsl_notice("%s a\n", __func__);
495 goto fail;
496 }
497
498 /* clear back-to-back write detection */
499 wsi->could_have_pending = 0;
500
501 if (lwsi_state(wsi) == LRS_DEFERRING_ACTION) {
502 lwsl_debug("%s: LRS_DEFERRING_ACTION now writable\n", __func__);
503
504 lwsi_set_state(wsi, LRS_ESTABLISHED);
505 if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) {
506 lwsl_info("failed at set pollfd\n");
507 goto fail;
508 }
509 }
510
511 if (!wsi->hdr_parsing_completed)
512 return LWS_HPI_RET_HANDLED;
513
514 if (lwsi_state(wsi) != LRS_ISSUING_FILE) {
515
516 if (lws_has_buffered_out(wsi)) {
517 //lwsl_notice("%s: completing partial\n", __func__);
518 if (lws_issue_raw(wsi, NULL, 0) < 0) {
519 lwsl_info("%s signalling to close\n", __func__);
520 goto fail;
521 }
522 return LWS_HPI_RET_HANDLED;
523 }
524
525 n = user_callback_handle_rxflow(wsi->a.protocol->callback, wsi,
526 LWS_CALLBACK_HTTP_WRITEABLE,
527 wsi->user_space, NULL, 0);
528 if (n < 0) {
529 lwsl_info("writeable_fail\n");
530 goto fail;
531 }
532
533 return LWS_HPI_RET_HANDLED;
534 }
535
536 #if defined(LWS_WITH_FILE_OPS)
537
538 /* >0 == completion, <0 == error
539 *
540 * We'll get a LWS_CALLBACK_HTTP_FILE_COMPLETION callback when
541 * it's done. That's the case even if we just completed the
542 * send, so wait for that.
543 */
544 n = lws_serve_http_file_fragment(wsi);
545 if (n < 0)
546 goto fail;
547 #endif
548
549 return LWS_HPI_RET_HANDLED;
550
551
552 fail:
553 lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS,
554 "server socket svc fail");
555
556 return LWS_HPI_RET_WSI_ALREADY_DIED;
557 }
558 #endif
559
560 static int
rops_handle_POLLIN_h1(struct lws_context_per_thread * pt,struct lws * wsi,struct lws_pollfd * pollfd)561 rops_handle_POLLIN_h1(struct lws_context_per_thread *pt, struct lws *wsi,
562 struct lws_pollfd *pollfd)
563 {
564 if (lwsi_state(wsi) == LRS_IDLING) {
565 uint8_t buf[1];
566 int rlen;
567
568 /*
569 * h1 staggered spins here in IDLING if we don't close it.
570 * It shows POLLIN but the tls connection returns ERROR if
571 * you try to read it.
572 */
573
574 // lwsl_notice("%s: %p: wsistate 0x%x %s, revents 0x%x\n",
575 // __func__, wsi, wsi->wsistate, wsi->role_ops->name,
576 // pollfd->revents);
577
578 rlen = lws_ssl_capable_read(wsi, buf, sizeof(buf));
579 if (rlen == LWS_SSL_CAPABLE_ERROR)
580 return LWS_HPI_RET_PLEASE_CLOSE_ME;
581 }
582
583 #ifdef LWS_WITH_CGI
584 if (wsi->http.cgi && (pollfd->revents & LWS_POLLOUT)) {
585 if (lws_handle_POLLOUT_event(wsi, pollfd))
586 return LWS_HPI_RET_PLEASE_CLOSE_ME;
587
588 return LWS_HPI_RET_HANDLED;
589 }
590 #endif
591
592 /* Priority 2: pre- compression transform */
593
594 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
595 if (wsi->http.comp_ctx.buflist_comp ||
596 wsi->http.comp_ctx.may_have_more) {
597 enum lws_write_protocol wp = LWS_WRITE_HTTP;
598
599 lwsl_info("%s: completing comp partial (buflist_comp %p, may %d)\n",
600 __func__, wsi->http.comp_ctx.buflist_comp,
601 wsi->http.comp_ctx.may_have_more
602 );
603
604 if (lws_rops_fidx(wsi->role_ops, LWS_ROPS_write_role_protocol) &&
605 lws_rops_func_fidx(wsi->role_ops, LWS_ROPS_write_role_protocol).
606 write_role_protocol(wsi, NULL, 0, &wp) < 0) {
607 lwsl_info("%s signalling to close\n", __func__);
608 return LWS_HPI_RET_PLEASE_CLOSE_ME;
609 }
610 lws_callback_on_writable(wsi);
611
612 if (!wsi->http.comp_ctx.buflist_comp &&
613 !wsi->http.comp_ctx.may_have_more &&
614 wsi->http.deferred_transaction_completed) {
615 wsi->http.deferred_transaction_completed = 0;
616 if (lws_http_transaction_completed(wsi))
617 return LWS_HPI_RET_PLEASE_CLOSE_ME;
618 }
619
620 return LWS_HPI_RET_HANDLED;
621 }
622 #endif
623
624 if (lws_is_flowcontrolled(wsi))
625 /* We cannot deal with any kind of new RX because we are
626 * RX-flowcontrolled.
627 */
628 return LWS_HPI_RET_HANDLED;
629
630 #if defined(LWS_WITH_SERVER)
631 if (!lwsi_role_client(wsi)) {
632 int n;
633
634 lwsl_debug("%s: %s: wsistate 0x%x\n", __func__, lws_wsi_tag(wsi),
635 (unsigned int)wsi->wsistate);
636
637 if (pollfd->revents & LWS_POLLHUP &&
638 !lws_buflist_total_len(&wsi->buflist))
639 return LWS_HPI_RET_PLEASE_CLOSE_ME;
640
641 n = lws_h1_server_socket_service(wsi, pollfd);
642 if (n != LWS_HPI_RET_HANDLED)
643 return n;
644 if (lwsi_state(wsi) != LRS_SSL_INIT)
645 if (lws_server_socket_service_ssl(wsi,
646 LWS_SOCK_INVALID,
647 !!(pollfd->revents & LWS_POLLIN)))
648 return LWS_HPI_RET_PLEASE_CLOSE_ME;
649
650 return LWS_HPI_RET_HANDLED;
651 }
652 #endif
653
654 #if defined(LWS_WITH_CLIENT)
655 if ((pollfd->revents & LWS_POLLIN) &&
656 wsi->hdr_parsing_completed && !wsi->told_user_closed) {
657
658 /*
659 * In SSL mode we get POLLIN notification about
660 * encrypted data in.
661 *
662 * But that is not necessarily related to decrypted
663 * data out becoming available; in may need to perform
664 * other in or out before that happens.
665 *
666 * simply mark ourselves as having readable data
667 * and turn off our POLLIN
668 */
669 wsi->client_rx_avail = 1;
670 if (lws_change_pollfd(wsi, LWS_POLLIN, 0))
671 return LWS_HPI_RET_PLEASE_CLOSE_ME;
672
673 //lwsl_notice("calling back %s\n", wsi->a.protocol->name);
674
675 /* let user code know, he'll usually ask for writeable
676 * callback and drain / re-enable it there
677 */
678 if (user_callback_handle_rxflow(wsi->a.protocol->callback, wsi,
679 LWS_CALLBACK_RECEIVE_CLIENT_HTTP,
680 wsi->user_space, NULL, 0)) {
681 lwsl_info("RECEIVE_CLIENT_HTTP closed it\n");
682 return LWS_HPI_RET_PLEASE_CLOSE_ME;
683 }
684
685 return LWS_HPI_RET_HANDLED;
686 }
687 #endif
688
689 // if (lwsi_state(wsi) == LRS_ESTABLISHED)
690 // return LWS_HPI_RET_HANDLED;
691
692 #if defined(LWS_WITH_CLIENT)
693 if ((pollfd->revents & LWS_POLLOUT) &&
694 lws_handle_POLLOUT_event(wsi, pollfd)) {
695 lwsl_debug("POLLOUT event closed it\n");
696 return LWS_HPI_RET_PLEASE_CLOSE_ME;
697 }
698
699 if (lws_http_client_socket_service(wsi, pollfd))
700 return LWS_HPI_RET_WSI_ALREADY_DIED;
701 #endif
702
703 if (lwsi_state(wsi) == LRS_WAITING_CONNECT &&
704 (pollfd->revents & LWS_POLLHUP))
705 return LWS_HPI_RET_PLEASE_CLOSE_ME;
706
707 return LWS_HPI_RET_HANDLED;
708 }
709
710 static int
rops_handle_POLLOUT_h1(struct lws * wsi)711 rops_handle_POLLOUT_h1(struct lws *wsi)
712 {
713
714
715 if (lwsi_state(wsi) == LRS_ISSUE_HTTP_BODY ||
716 lwsi_state(wsi) == LRS_WAITING_SERVER_REPLY) {
717 #if defined(LWS_WITH_HTTP_PROXY)
718 if (wsi->http.proxy_clientside) {
719 unsigned char *buf, prebuf[LWS_PRE + 1024];
720 size_t len = lws_buflist_next_segment_len(
721 &wsi->parent->http.buflist_post_body, &buf);
722 int n;
723
724 if (len > sizeof(prebuf) - LWS_PRE)
725 len = sizeof(prebuf) - LWS_PRE;
726
727 if (len) {
728 memcpy(prebuf + LWS_PRE, buf, len);
729
730 lwsl_debug("%s: %s: proxying body %d %d %d %d %d\n",
731 __func__, lws_wsi_tag(wsi), (int)len,
732 (int)wsi->http.tx_content_length,
733 (int)wsi->http.tx_content_remain,
734 (int)wsi->http.rx_content_length,
735 (int)wsi->http.rx_content_remain
736 );
737
738 n = lws_write(wsi, prebuf + LWS_PRE, len, LWS_WRITE_HTTP);
739 if (n < 0) {
740 lwsl_err("%s: PROXY_BODY: write %d failed\n",
741 __func__, (int)len);
742 return LWS_HP_RET_BAIL_DIE;
743 }
744
745 lws_buflist_use_segment(&wsi->parent->http.buflist_post_body, len);
746
747 }
748
749 if (wsi->parent->http.buflist_post_body) {
750 lws_callback_on_writable(wsi);
751 return LWS_HP_RET_DROP_POLLOUT;
752 }
753
754 lwsl_wsi_err(wsi, "nothing to send");
755 #if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
756 /* prepare ourselves to do the parsing */
757 wsi->http.ah->parser_state = WSI_TOKEN_NAME_PART;
758 wsi->http.ah->lextable_pos = 0;
759 #if defined(LWS_WITH_CUSTOM_HEADERS)
760 wsi->http.ah->unk_pos = 0;
761 #endif
762 #endif
763 lwsi_set_state(wsi, LRS_WAITING_SERVER_REPLY);
764 lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE,
765 (int)wsi->a.context->timeout_secs);
766
767 return LWS_HP_RET_DROP_POLLOUT;
768 }
769 #endif
770 return LWS_HP_RET_USER_SERVICE;
771 }
772
773 if (lwsi_role_client(wsi))
774 return LWS_HP_RET_USER_SERVICE;
775
776 return LWS_HP_RET_BAIL_OK;
777 }
778
779 static int
rops_write_role_protocol_h1(struct lws * wsi,unsigned char * buf,size_t len,enum lws_write_protocol * wp)780 rops_write_role_protocol_h1(struct lws *wsi, unsigned char *buf, size_t len,
781 enum lws_write_protocol *wp)
782 {
783 size_t olen = len;
784 int n;
785
786 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
787 if (wsi->http.lcs && (((*wp) & 0x1f) == LWS_WRITE_HTTP_FINAL ||
788 ((*wp) & 0x1f) == LWS_WRITE_HTTP)) {
789 unsigned char mtubuf[1500 + LWS_PRE +
790 LWS_HTTP_CHUNK_HDR_MAX_SIZE +
791 LWS_HTTP_CHUNK_TRL_MAX_SIZE],
792 *out = mtubuf + LWS_PRE +
793 LWS_HTTP_CHUNK_HDR_MAX_SIZE;
794 size_t o = sizeof(mtubuf) - LWS_PRE -
795 LWS_HTTP_CHUNK_HDR_MAX_SIZE -
796 LWS_HTTP_CHUNK_TRL_MAX_SIZE;
797
798 n = lws_http_compression_transform(wsi, buf, len, wp, &out, &o);
799 if (n)
800 return n;
801
802 lwsl_info("%s: %s: transformed %d bytes to %d "
803 "(wp 0x%x, more %d)\n", __func__,
804 lws_wsi_tag(wsi), (int)len,
805 (int)o, (int)*wp, wsi->http.comp_ctx.may_have_more);
806
807 if (!o)
808 return (int)olen;
809
810 if (wsi->http.comp_ctx.chunking) {
811 char c[LWS_HTTP_CHUNK_HDR_MAX_SIZE + 2];
812 /*
813 * this only needs dealing with on http/1.1 to allow
814 * pipelining
815 */
816 n = lws_snprintf(c, sizeof(c), "%X\x0d\x0a", (int)o);
817 lwsl_info("%s: chunk (%d) %s", __func__, (int)o, c);
818 out -= n;
819 o += (unsigned int)n;
820 memcpy(out, c, (unsigned int)n);
821 out[o++] = '\x0d';
822 out[o++] = '\x0a';
823
824 if (((*wp) & 0x1f) == LWS_WRITE_HTTP_FINAL) {
825 lwsl_info("%s: final chunk\n", __func__);
826 out[o++] = '0';
827 out[o++] = '\x0d';
828 out[o++] = '\x0a';
829 out[o++] = '\x0d';
830 out[o++] = '\x0a';
831 }
832 }
833
834 buf = out;
835 len = o;
836 }
837 #endif
838
839 n = lws_issue_raw(wsi, (unsigned char *)buf, len);
840 if (n < 0)
841 return n;
842
843 /* hide there may have been compression */
844
845 return (int)olen;
846 }
847
848 static int
rops_alpn_negotiated_h1(struct lws * wsi,const char * alpn)849 rops_alpn_negotiated_h1(struct lws *wsi, const char *alpn)
850 {
851 lwsl_debug("%s: client %d\n", __func__, lwsi_role_client(wsi));
852 #if defined(LWS_WITH_CLIENT)
853 if (lwsi_role_client(wsi)) {
854 /*
855 * If alpn asserts it is http/1.1, server support for KA is
856 * mandatory.
857 *
858 * Knowing this lets us proceed with sending pipelined headers
859 * before we received the first response headers.
860 */
861 wsi->keepalive_active = 1;
862 }
863 #endif
864
865 return 0;
866 }
867
868 static int
rops_destroy_role_h1(struct lws * wsi)869 rops_destroy_role_h1(struct lws *wsi)
870 {
871 struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
872 struct allocated_headers *ah;
873
874 /* we may not have an ah, but may be on the waiting list... */
875 lwsl_info("%s: ah det due to close\n", __func__);
876 __lws_header_table_detach(wsi, 0);
877
878 ah = pt->http.ah_list;
879
880 while (ah) {
881 if (ah->in_use && ah->wsi == wsi) {
882 lwsl_err("%s: ah leak: wsi %s\n", __func__,
883 lws_wsi_tag(wsi));
884 ah->in_use = 0;
885 ah->wsi = NULL;
886 pt->http.ah_count_in_use--;
887 break;
888 }
889 ah = ah->next;
890 }
891
892 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
893 lws_http_compression_destroy(wsi);
894 #endif
895
896 #ifdef LWS_ROLE_WS
897 lws_free_set_NULL(wsi->ws);
898 #endif
899 return 0;
900 }
901
902 #if defined(LWS_WITH_SERVER)
903
904 static int
rops_adoption_bind_h1(struct lws * wsi,int type,const char * vh_prot_name)905 rops_adoption_bind_h1(struct lws *wsi, int type, const char *vh_prot_name)
906 {
907 if (!(type & LWS_ADOPT_HTTP))
908 return 0; /* no match */
909
910 if (type & _LWS_ADOPT_FINISH && !lwsi_role_http(wsi))
911 return 0;
912
913 if (type & _LWS_ADOPT_FINISH) {
914 if (!lws_header_table_attach(wsi, 0))
915 lwsl_debug("Attached ah immediately\n");
916 else
917 lwsl_info("%s: waiting for ah\n", __func__);
918
919 return 1;
920 }
921
922 #if defined(LWS_WITH_SERVER) && defined(LWS_WITH_SECURE_STREAMS)
923 if (wsi->a.vhost->ss_handle &&
924 wsi->a.vhost->ss_handle->policy->protocol == LWSSSP_RAW) {
925 lws_role_transition(wsi, LWSIFR_SERVER, (type & LWS_ADOPT_ALLOW_SSL) ?
926 LRS_SSL_INIT : LRS_ESTABLISHED, &role_ops_raw_skt);
927 return 1;
928 }
929 #endif
930
931 /* If Non-TLS and HTTP2 prior knowledge is enabled, skip to clear text HTTP2 */
932
933 #if defined(LWS_WITH_HTTP2)
934 if ((!(type & LWS_ADOPT_ALLOW_SSL)) && (wsi->a.vhost->options & LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE)) {
935 lwsl_info("http/2 prior knowledge\n");
936 lws_metrics_tag_wsi_add(wsi, "upg", "h2_prior");
937 lws_role_call_alpn_negotiated(wsi, "h2");
938 }
939 else
940 #endif
941 lws_role_transition(wsi, LWSIFR_SERVER, (type & LWS_ADOPT_ALLOW_SSL) ?
942 LRS_SSL_INIT : LRS_HEADERS, &role_ops_h1);
943
944 /*
945 * Otherwise, we have to bind to h1 as a default even when we're actually going to
946 * replace it as an h2 bind later. So don't take this seriously if the
947 * default is disabled (ws upgrade caees properly about it)
948 */
949
950 if (!vh_prot_name && wsi->a.vhost->default_protocol_index <
951 wsi->a.vhost->count_protocols)
952 wsi->a.protocol = &wsi->a.vhost->protocols[
953 wsi->a.vhost->default_protocol_index];
954 else
955 wsi->a.protocol = &wsi->a.vhost->protocols[0];
956
957 /* the transport is accepted... give him time to negotiate */
958 lws_set_timeout(wsi, PENDING_TIMEOUT_ESTABLISH_WITH_SERVER,
959 (int)wsi->a.context->timeout_secs);
960
961 return 1; /* bound */
962 }
963
964 #endif
965
966 #if defined(LWS_WITH_CLIENT)
967
968 static const char * const http_methods[] = {
969 "GET", "POST", "OPTIONS", "HEAD", "PUT", "PATCH", "DELETE", "CONNECT"
970 };
971
972 static int
rops_client_bind_h1(struct lws * wsi,const struct lws_client_connect_info * i)973 rops_client_bind_h1(struct lws *wsi, const struct lws_client_connect_info *i)
974 {
975 int n;
976
977 if (!i) {
978 /* we are finalizing an already-selected role */
979
980 /*
981 * If we stay in http, assuming there wasn't already-set
982 * external user_space, since we know our initial protocol
983 * we can assign the user space now, otherwise do it after the
984 * ws subprotocol negotiated
985 */
986 if (!wsi->user_space && wsi->stash->cis[CIS_METHOD])
987 if (lws_ensure_user_space(wsi))
988 return 1;
989
990 /*
991 * For ws, default to http/1.1 only. If i->alpn had been set
992 * though, defer to whatever he has set in there (eg, "h2").
993 *
994 * The problem is he has to commit to h2 before he can find
995 * out if the server has the SETTINGS for ws-over-h2 enabled;
996 * if not then ws is not possible on that connection. So we
997 * only try h2 if he assertively said to use h2 alpn, otherwise
998 * ws implies alpn restriction to h1.
999 */
1000 if (!wsi->stash->cis[CIS_METHOD] && !wsi->stash->cis[CIS_ALPN])
1001 wsi->stash->cis[CIS_ALPN] = "http/1.1";
1002
1003 /* if we went on the ah waiting list, it's ok, we can wait.
1004 *
1005 * When we do get the ah, now or later, he will end up at
1006 * lws_http_client_connect_via_info2().
1007 */
1008 if (lws_header_table_attach(wsi, 0)
1009 #if defined(LWS_WITH_CLIENT)
1010 < 0)
1011 /*
1012 * if we failed here, the connection is already closed
1013 * and freed.
1014 */
1015 return -1;
1016 #else
1017 )
1018 return 0;
1019 #endif
1020
1021 return 0;
1022 }
1023
1024 /*
1025 * Clients that want to be h1, h2, or ws all start out as h1
1026 * (we don't yet know if the server supports h2 or ws), unless their
1027 * alpn is only "h2"
1028 */
1029
1030 // if (i->alpn && !strcmp(i->alpn, "h2"))
1031 // return 0; /* we are h1, he only wants h2 */
1032
1033 if (!i->method) { /* websockets */
1034 #if defined(LWS_ROLE_WS)
1035 if (lws_create_client_ws_object(i, wsi))
1036 goto fail_wsi;
1037
1038 goto bind_h1;
1039 #else
1040 lwsl_err("%s: ws role not configured\n", __func__);
1041
1042 goto fail_wsi;
1043 #endif
1044 }
1045
1046 /* if a recognized http method, bind to it */
1047
1048 for (n = 0; n < (int)LWS_ARRAY_SIZE(http_methods); n++)
1049 if (!strcmp(i->method, http_methods[n]))
1050 goto bind_h1;
1051
1052 /* other roles may bind to it */
1053
1054 return 0; /* no match */
1055
1056 bind_h1:
1057 /* assert the mode and union status (hdr) clearly */
1058 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_UNCONNECTED, &role_ops_h1);
1059
1060 return 1; /* matched */
1061
1062 fail_wsi:
1063 return -1;
1064 }
1065 #endif
1066
1067 static int
rops_close_kill_connection_h1(struct lws * wsi,enum lws_close_status reason)1068 rops_close_kill_connection_h1(struct lws *wsi, enum lws_close_status reason)
1069 {
1070 #if defined(LWS_WITH_HTTP_PROXY)
1071 if (!wsi->http.proxy_clientside)
1072 return 0;
1073
1074 wsi->http.proxy_clientside = 0;
1075
1076 if (user_callback_handle_rxflow(wsi->a.protocol->callback, wsi,
1077 LWS_CALLBACK_COMPLETED_CLIENT_HTTP,
1078 wsi->user_space, NULL, 0))
1079 return 0;
1080 #endif
1081 return 0;
1082 }
1083
1084 int
rops_pt_init_destroy_h1(struct lws_context * context,const struct lws_context_creation_info * info,struct lws_context_per_thread * pt,int destroy)1085 rops_pt_init_destroy_h1(struct lws_context *context,
1086 const struct lws_context_creation_info *info,
1087 struct lws_context_per_thread *pt, int destroy)
1088 {
1089 /*
1090 * We only want to do this once... we will do it if no h2 support
1091 * otherwise let h2 ops do it.
1092 */
1093 #if !defined(LWS_ROLE_H2) && defined(LWS_WITH_SERVER)
1094 if (!destroy) {
1095
1096 pt->sul_ah_lifecheck.cb = lws_sul_http_ah_lifecheck;
1097
1098 __lws_sul_insert_us(&pt->pt_sul_owner[LWSSULLI_MISS_IF_SUSPENDED],
1099 &pt->sul_ah_lifecheck, 30 * LWS_US_PER_SEC);
1100 } else
1101 lws_dll2_remove(&pt->sul_ah_lifecheck.list);
1102 #endif
1103
1104 return 0;
1105 }
1106
1107 static const lws_rops_t rops_table_h1[] = {
1108 /* 1 */ { .pt_init_destroy = rops_pt_init_destroy_h1 },
1109 /* 2 */ { .handle_POLLIN = rops_handle_POLLIN_h1 },
1110 /* 3 */ { .handle_POLLOUT = rops_handle_POLLOUT_h1 },
1111 /* 4 */ { .write_role_protocol = rops_write_role_protocol_h1 },
1112 /* 5 */ { .alpn_negotiated = rops_alpn_negotiated_h1 },
1113 /* 6 */ { .close_kill_connection = rops_close_kill_connection_h1 },
1114 /* 7 */ { .destroy_role = rops_destroy_role_h1 },
1115 #if defined(LWS_WITH_SERVER)
1116 /* 8 */ { .adoption_bind = rops_adoption_bind_h1 },
1117 #endif
1118 #if defined(LWS_WITH_CLIENT)
1119 /* 8 if client and no server */
1120 /* 9 */ { .client_bind = rops_client_bind_h1 },
1121 #endif
1122 };
1123
1124 const struct lws_role_ops role_ops_h1 = {
1125 /* role name */ "h1",
1126 /* alpn id */ "http/1.1",
1127 /* rops_table */ rops_table_h1,
1128 /* rops_idx */ {
1129 /* LWS_ROPS_check_upgrades */
1130 /* LWS_ROPS_pt_init_destroy */ 0x01,
1131 /* LWS_ROPS_init_vhost */
1132 /* LWS_ROPS_destroy_vhost */ 0x00,
1133 /* LWS_ROPS_service_flag_pending */
1134 /* LWS_ROPS_handle_POLLIN */ 0x02,
1135 /* LWS_ROPS_handle_POLLOUT */
1136 /* LWS_ROPS_perform_user_POLLOUT */ 0x30,
1137 /* LWS_ROPS_callback_on_writable */
1138 /* LWS_ROPS_tx_credit */ 0x00,
1139 /* LWS_ROPS_write_role_protocol */
1140 /* LWS_ROPS_encapsulation_parent */ 0x40,
1141 /* LWS_ROPS_alpn_negotiated */
1142 /* LWS_ROPS_close_via_role_protocol */ 0x50,
1143 /* LWS_ROPS_close_role */
1144 /* LWS_ROPS_close_kill_connection */ 0x06,
1145 /* LWS_ROPS_destroy_role */
1146 #if defined(LWS_WITH_SERVER)
1147 /* LWS_ROPS_adoption_bind */ 0x78,
1148 #else
1149 /* LWS_ROPS_adoption_bind */ 0x70,
1150 #endif
1151 /* LWS_ROPS_client_bind */
1152 #if defined(LWS_WITH_CLIENT)
1153 #if defined(LWS_WITH_SERVER)
1154 /* LWS_ROPS_issue_keepalive */ 0x90,
1155 #else
1156 /* LWS_ROPS_issue_keepalive */ 0x80,
1157 #endif
1158 #else
1159 /* LWS_ROPS_issue_keepalive */ 0x00,
1160 #endif
1161 },
1162 /* adoption_cb clnt, srv */ { LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED,
1163 LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED },
1164 /* rx_cb clnt, srv */ { LWS_CALLBACK_RECEIVE_CLIENT_HTTP,
1165 0 /* may be POST, etc */ },
1166 /* writeable cb clnt, srv */ { LWS_CALLBACK_CLIENT_HTTP_WRITEABLE,
1167 LWS_CALLBACK_HTTP_WRITEABLE },
1168 /* close cb clnt, srv */ { LWS_CALLBACK_CLOSED_CLIENT_HTTP,
1169 LWS_CALLBACK_CLOSED_HTTP },
1170 /* protocol_bind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL,
1171 LWS_CALLBACK_HTTP_BIND_PROTOCOL },
1172 /* protocol_unbind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL,
1173 LWS_CALLBACK_HTTP_DROP_PROTOCOL },
1174 /* file_handle */ 0,
1175 };
1176