1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2019 - 2020 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 *
24 * This is the glue that wires up h1 to Secure Streams.
25 */
26
27 #include <private-lib-core.h>
28
29 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
30 static int
ss_http_multipart_parser(lws_ss_handle_t * h,void * in,size_t len)31 ss_http_multipart_parser(lws_ss_handle_t *h, void *in, size_t len)
32 {
33 uint8_t *q = (uint8_t *)in;
34 int pending_issue = 0, n = 0;
35
36 /* let's stick it in the boundary state machine first */
37 while (n < (int)len) {
38 if (h->u.http.boundary_seq != h->u.http.boundary_len) {
39 if (q[n] == h->u.http.boundary[h->u.http.boundary_seq])
40 h->u.http.boundary_seq++;
41 else {
42 h->u.http.boundary_seq = 0;
43 h->u.http.boundary_dashes = 0;
44 h->u.http.boundary_post = 0;
45 }
46 goto around;
47 }
48
49 /*
50 * We already matched the boundary string, now we're
51 * looking if there's a -- afterwards
52 */
53 if (h->u.http.boundary_dashes < 2) {
54 if (q[n] == '-') {
55 h->u.http.boundary_dashes++;
56 goto around;
57 }
58 /* there was no final -- ... */
59 }
60
61 if (h->u.http.boundary_dashes == 2) {
62 /*
63 * It's an EOM boundary: issue pending + multipart EOP
64 */
65 lwsl_debug("%s: seen EOP, n %d pi %d\n",
66 __func__, n, pending_issue);
67 /*
68 * It's possible we already started the decode before
69 * the end of the last packet. Then there is no
70 * remainder to send.
71 */
72 if (n >= pending_issue + h->u.http.boundary_len +
73 (h->u.http.any ? 2 : 0) + 1)
74 h->info.rx(ss_to_userobj(h),
75 &q[pending_issue],
76 n - pending_issue -
77 h->u.http.boundary_len - 1 -
78 (h->u.http.any ? 2 : 0) /* crlf */,
79 (!h->u.http.som ? LWSSS_FLAG_SOM : 0) |
80 LWSSS_FLAG_EOM | LWSSS_FLAG_RELATED_END);
81
82 /*
83 * Peer may not END_STREAM us
84 */
85 return 0;
86 //return -1;
87 }
88
89 /* how about --boundaryCRLF */
90
91 if (h->u.http.boundary_post < 2) {
92 if ((!h->u.http.boundary_post && q[n] == '\x0d') ||
93 (h->u.http.boundary_post && q[n] == '\x0a')) {
94 h->u.http.boundary_post++;
95 goto around;
96 }
97 /* there was no final CRLF ... it's wrong */
98
99 return -1;
100 }
101 if (h->u.http.boundary_post != 2)
102 goto around;
103
104 /*
105 * We have a starting "--boundaryCRLF" or intermediate
106 * "CRLF--boundaryCRLF" boundary
107 */
108 lwsl_debug("%s: b_post = 2 (pi %d)\n", __func__, pending_issue);
109 h->u.http.boundary_seq = 0;
110 h->u.http.boundary_post = 0;
111
112 if (n >= pending_issue && (h->u.http.any || !h->u.http.som)) {
113 /* Intermediate... do the EOM */
114 lwsl_debug("%s: seen interm EOP n %d pi %d\n", __func__,
115 n, pending_issue);
116 /*
117 * It's possible we already started the decode before
118 * the end of the last packet. Then there is no
119 * remainder to send.
120 */
121 if (n >= pending_issue + h->u.http.boundary_len +
122 (h->u.http.any ? 2 : 0))
123 h->info.rx(ss_to_userobj(h), &q[pending_issue],
124 n - pending_issue -
125 h->u.http.boundary_len -
126 (h->u.http.any ? 2 /* crlf */ : 0),
127 (!h->u.http.som ? LWSSS_FLAG_SOM : 0) |
128 LWSSS_FLAG_EOM);
129 }
130
131 /* Next message starts after this boundary */
132
133 pending_issue = n;
134 h->u.http.som = 0;
135
136 around:
137 n++;
138 }
139
140 if (pending_issue != n) {
141 h->info.rx(ss_to_userobj(h), &q[pending_issue], n - pending_issue,
142 (!h->u.http.som ? LWSSS_FLAG_SOM : 0));
143 h->u.http.any = 1;
144 h->u.http.som = 1;
145 }
146
147 return 0;
148 }
149 #endif
150
151 static const uint8_t blob_idx[] = {
152 LWS_SYSBLOB_TYPE_AUTH,
153 LWS_SYSBLOB_TYPE_DEVICE_SERIAL,
154 LWS_SYSBLOB_TYPE_DEVICE_FW_VERSION,
155 LWS_SYSBLOB_TYPE_DEVICE_TYPE,
156 };
157
158 int
secstream_h1(struct lws * wsi,enum lws_callback_reasons reason,void * user,void * in,size_t len)159 secstream_h1(struct lws *wsi, enum lws_callback_reasons reason, void *user,
160 void *in, size_t len)
161 {
162 lws_ss_handle_t *h = (lws_ss_handle_t *)lws_get_opaque_user_data(wsi);
163 uint8_t buf[LWS_PRE + 1520], *p = &buf[LWS_PRE],
164 *end = &buf[sizeof(buf) - 1];
165 int f = 0, m, status;
166 size_t buflen;
167
168 switch (reason) {
169
170 /* because we are protocols[0] ... */
171 case LWS_CALLBACK_CLIENT_CONNECTION_ERROR:
172 assert(h);
173 assert(h->policy);
174 lwsl_info("%s: h: %p, %s CLIENT_CONNECTION_ERROR: %s\n", __func__,
175 h, h->policy->streamtype, in ? (char *)in : "(null)");
176 lws_ss_event_helper(h, LWSSSCS_UNREACHABLE);
177 h->wsi = NULL;
178 lws_ss_backoff(h);
179 break;
180
181 case LWS_CALLBACK_CLOSED_CLIENT_HTTP:
182 if (!h)
183 break;
184 lwsl_info("%s: h: %p, %s LWS_CALLBACK_CLOSED_CLIENT_HTTP\n",
185 __func__, h,
186 h->policy ? h->policy->streamtype : "no policy");
187 h->wsi = NULL;
188 //bad = status != 200;
189 //lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */
190 if (h->policy && !(h->policy->flags & LWSSSPOLF_OPPORTUNISTIC) &&
191 !h->txn_ok && !wsi->context->being_destroyed)
192 lws_ss_backoff(h);
193 if (lws_ss_event_helper(h, LWSSSCS_DISCONNECTED))
194 lws_ss_destroy(&h);
195 break;
196
197
198 case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP:
199 status = lws_http_client_http_response(wsi);
200 lwsl_info("%s: LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: %d\n", __func__, status);
201 // if (!status)
202 /* it's just telling use we connected / joined the nwsi */
203 // break;
204 h->u.http.good_respcode = (status >= 200 && status < 300);
205 // lwsl_err("%s: good resp %d %d\n", __func__, status, h->u.http.good_respcode);
206
207 if (h->u.http.good_respcode)
208 lwsl_info("%s: Connected streamtype %s, %d\n", __func__,
209 h->policy->streamtype, status);
210 else
211 lwsl_warn("%s: Connected streamtype %s, BAD %d\n", __func__,
212 h->policy->streamtype, status);
213
214 h->hanging_som = 0;
215
216 h->retry = 0;
217 h->seqstate = SSSEQ_CONNECTED;
218 lws_ss_set_timeout_us(h, LWS_SET_TIMER_USEC_CANCEL);
219 lws_ss_event_helper(h, LWSSSCS_CONNECTED);
220
221 /*
222 * Since it's an http transaction we initiated... this is
223 * proof of connection validity
224 */
225 lws_validity_confirmed(wsi);
226
227 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
228
229 if (lws_hdr_copy(wsi, (char *)buf, sizeof(buf),
230 WSI_TOKEN_HTTP_CONTENT_TYPE) > 0 &&
231 /* multipart/form-data;
232 * boundary=----WebKitFormBoundarycc7YgAPEIHvgE9Bf */
233
234 (!strncmp((char *)buf, "multipart/form-data", 19) ||
235 !strncmp((char *)buf, "multipart/related", 17))) {
236 struct lws_tokenize ts;
237 lws_tokenize_elem e;
238
239 // puts((const char *)buf);
240
241 memset(&ts, 0, sizeof(ts));
242 ts.start = (char *)buf;
243 ts.len = strlen(ts.start);
244 ts.flags = LWS_TOKENIZE_F_RFC7230_DELIMS |
245 LWS_TOKENIZE_F_SLASH_NONTERM |
246 LWS_TOKENIZE_F_MINUS_NONTERM;
247
248 h->u.http.boundary[0] = '\0';
249 do {
250 e = lws_tokenize(&ts);
251 if (e == LWS_TOKZE_TOKEN_NAME_EQUALS &&
252 !strncmp(ts.token, "boundary", 8) &&
253 ts.token_len == 8) {
254 e = lws_tokenize(&ts);
255 if (e != LWS_TOKZE_TOKEN)
256 goto malformed;
257 h->u.http.boundary[0] = '\x0d';
258 h->u.http.boundary[1] = '\x0a';
259 h->u.http.boundary[2] = '-';
260 h->u.http.boundary[3] = '-';
261 lws_strnncpy(h->u.http.boundary + 4,
262 ts.token, ts.token_len,
263 sizeof(h->u.http.boundary) - 4);
264 h->u.http.boundary_len = ts.token_len + 4;
265 h->u.http.boundary_seq = 2;
266 h->u.http.boundary_dashes = 0;
267 }
268 } while (e > 0);
269 lwsl_info("%s: multipart boundary '%s' len %d\n", __func__,
270 h->u.http.boundary, h->u.http.boundary_len);
271
272 /* inform the ss that a related message group begins */
273
274 if (h->u.http.boundary[0])
275 h->info.rx(ss_to_userobj(h), NULL, 0,
276 LWSSS_FLAG_RELATED_START);
277
278 // lws_header_table_detach(wsi, 0);
279 }
280 break;
281 malformed:
282 lwsl_notice("%s: malformed multipart header\n", __func__);
283 return -1;
284 #else
285 break;
286 #endif
287
288 case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER:
289 if (h->writeable_len)
290 wsi->http.writeable_len = h->writeable_len;
291
292 {
293 uint8_t **p = (uint8_t **)in, *end = (*p) + len,
294 *oin = *(uint8_t **)in;
295
296 /*
297 * blob-based headers
298 */
299
300 for (m = 0; m < _LWSSS_HBI_COUNT; m++) {
301 int o = 0, n;
302
303 if (!h->policy->u.http.blob_header[m])
304 continue;
305
306 if (m == LWSSS_HBI_AUTH &&
307 h->policy->u.http.auth_preamble)
308 o = lws_snprintf((char *)buf, sizeof(buf), "%s",
309 h->policy->u.http.auth_preamble);
310
311 if (o > (int)sizeof(buf) - 2)
312 return -1;
313
314 buflen = sizeof(buf) - o - 2;
315 n = lws_system_blob_get(
316 lws_system_get_blob(wsi->context, blob_idx[m], 0),
317 buf + o, &buflen, 0);
318 if (n < 0)
319 return -1;
320
321 buf[o + buflen] = '\0';
322 lwsl_debug("%s: adding blob %d: %s\n", __func__, m, buf);
323
324 if (lws_add_http_header_by_name(wsi,
325 (uint8_t *)h->policy->u.http.blob_header[m],
326 buf, buflen + o, p, end))
327 return -1;
328 }
329
330 /*
331 * metadata-based headers
332 */
333
334 for (m = 0; m < h->policy->metadata_count; m++) {
335 lws_ss_metadata_t *polmd;
336
337 /* has to have a header string listed */
338 if (!h->metadata[m].value)
339 continue;
340
341 polmd = lws_ss_policy_metadata_index(h->policy, m);
342
343 assert(polmd);
344 /* has to have a value */
345 if (polmd->value && ((uint8_t *)polmd->value)[0]) {
346 if (lws_add_http_header_by_name(wsi,
347 polmd->value,
348 h->metadata[m].value,
349 h->metadata[m].length, p, end))
350 return -1;
351 }
352 }
353
354 /*
355 * Content-length on POST if we have the length information
356 */
357
358 if (!strcmp(h->policy->u.http.method, "POST") &&
359 wsi->http.writeable_len) {
360 if (!(h->policy->flags &
361 LWSSSPOLF_HTTP_NO_CONTENT_LENGTH)) {
362 int n = lws_snprintf((char *)buf, 20, "%u",
363 (unsigned int)wsi->http.writeable_len);
364 if (lws_add_http_header_by_token(wsi,
365 WSI_TOKEN_HTTP_CONTENT_LENGTH,
366 buf, n, p, end))
367 return -1;
368 }
369 lws_client_http_body_pending(wsi, 1);
370 }
371
372 (void)oin;
373 // if (*p != oin)
374 // lwsl_hexdump_notice(oin, lws_ptr_diff(*p, oin));
375
376 }
377
378 break;
379
380 /* chunks of chunked content, with header removed */
381 case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ:
382 lwsl_debug("%s: RECEIVE_CLIENT_HTTP_READ: read %d\n",
383 __func__, (int)len);
384 if (!h)
385 return 0;
386
387 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
388 if (h->u.http.boundary[0])
389 return ss_http_multipart_parser(h, in, len);
390 #endif
391
392 if (!h->subseq) {
393 f |= LWSSS_FLAG_SOM;
394 h->hanging_som = 1;
395 h->subseq = 1;
396 }
397
398 // lwsl_notice("%s: HTTP_READ: client side sent len %d fl 0x%x\n",
399 // __func__, (int)len, (int)f);
400
401 h->info.rx(ss_to_userobj(h), (const uint8_t *)in, len, f);
402
403 return 0; /* don't passthru */
404
405 /* uninterpreted http content */
406 case LWS_CALLBACK_RECEIVE_CLIENT_HTTP:
407 {
408 char *px = (char *)buf + LWS_PRE; /* guarantees LWS_PRE */
409 int lenx = sizeof(buf) - LWS_PRE;
410
411 if (lws_http_client_read(wsi, &px, &lenx) < 0)
412 return -1;
413 }
414 lws_set_timeout(wsi, 99, 30);
415
416 return 0; /* don't passthru */
417
418 case LWS_CALLBACK_COMPLETED_CLIENT_HTTP:
419 lwsl_debug("%s: LWS_CALLBACK_COMPLETED_CLIENT_HTTP\n", __func__);
420 if (h->hanging_som)
421 h->info.rx(ss_to_userobj(h), NULL, 0, LWSSS_FLAG_EOM);
422
423 wsi->http.writeable_len = h->writeable_len = 0;
424
425 if (h->u.http.good_respcode)
426 lws_ss_event_helper(h, LWSSSCS_QOS_ACK_REMOTE);
427 else
428 lws_ss_event_helper(h, LWSSSCS_QOS_NACK_REMOTE);
429
430 h->wsi = NULL;
431 h->txn_ok = 1;
432 //bad = status != 200;
433 lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */
434 break;
435
436 case LWS_CALLBACK_CLIENT_HTTP_WRITEABLE:
437 lwsl_info("%s: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE\n", __func__);
438 if (!h)
439 return 0;
440
441 if (!h->rideshare)
442 h->rideshare = h->policy;
443
444 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
445 if (!h->inside_msg && h->rideshare->u.http.multipart_name)
446 lws_client_http_multipart(wsi,
447 h->rideshare->u.http.multipart_name,
448 h->rideshare->u.http.multipart_filename,
449 h->rideshare->u.http.multipart_content_type,
450 (char **)&p, (char *)end);
451
452 buflen = lws_ptr_diff(end, p);
453 if (h->policy->u.http.multipart_name)
454 buflen -= 24; /* allow space for end of multipart */
455
456 #endif
457
458 if (h->info.tx(ss_to_userobj(h), h->txord++, p, &buflen, &f)) {
459 /* don't want to send anything */
460 lwsl_debug("%s: dont want to write\n", __func__);
461 return 0;
462 }
463
464 lwsl_info("%s: WRITEABLE: user tx says len %d fl 0x%x\n",
465 __func__, (int)buflen, (int)f);
466
467 p += buflen;
468
469 if (f & LWSSS_FLAG_EOM) {
470 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
471 /* end of rideshares */
472 if (!h->rideshare->rideshare_streamtype) {
473 lws_client_http_body_pending(wsi, 0);
474 if (h->rideshare->u.http.multipart_name)
475 lws_client_http_multipart(wsi, NULL, NULL, NULL,
476 (char **)&p, (char *)end);
477 } else {
478 #endif
479 h->rideshare = lws_ss_policy_lookup(wsi->context,
480 h->rideshare->rideshare_streamtype);
481 lws_callback_on_writable(wsi);
482 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
483 }
484 #endif
485
486 h->inside_msg = 0;
487 } else {
488 /* otherwise we can spin with zero length writes */
489 if (!f && !lws_ptr_diff(p, buf + LWS_PRE))
490 break;
491 h->inside_msg = 1;
492 lws_callback_on_writable(wsi);
493 }
494
495 lwsl_info("%s: lws_write %d %d\n", __func__,
496 lws_ptr_diff(p, buf + LWS_PRE), f);
497
498 if (lws_write(wsi, buf + LWS_PRE, lws_ptr_diff(p, buf + LWS_PRE),
499 LWS_WRITE_HTTP) != (int)lws_ptr_diff(p, buf + LWS_PRE)) {
500 lwsl_err("%s: write failed\n", __func__);
501 return -1;
502 }
503
504 lws_set_timeout(wsi, 0, 0);
505 break;
506
507 default:
508 break;
509 }
510
511 return lws_callback_http_dummy(wsi, reason, user, in, len);
512 }
513
514 const struct lws_protocols protocol_secstream_h1 = {
515 "lws-secstream-h1",
516 secstream_h1,
517 0,
518 0,
519 };
520
521 /*
522 * Munge connect info according to protocol-specific considerations... this
523 * usually means interpreting aux in a protocol-specific way and using the
524 * pieces at connection setup time, eg, http url pieces.
525 *
526 * len bytes of buf can be used for things with scope until after the actual
527 * connect.
528 */
529
530 static int
secstream_connect_munge_h1(lws_ss_handle_t * h,char * buf,size_t len,struct lws_client_connect_info * i,union lws_ss_contemp * ct)531 secstream_connect_munge_h1(lws_ss_handle_t *h, char *buf, size_t len,
532 struct lws_client_connect_info *i,
533 union lws_ss_contemp *ct)
534 {
535 size_t used_in, used_out;
536 lws_strexp_t exp;
537
538 if (!h->policy->u.http.url)
539 return 0;
540
541 #if !defined(LWS_PLAT_FREERTOS) || defined(LWS_ROLE_H2)
542 if (h->policy->flags & LWSSSPOLF_HTTP_MULTIPART)
543 i->ssl_connection |= LCCSCF_HTTP_MULTIPART_MIME;
544
545 if (h->policy->flags & LWSSSPOLF_HTTP_X_WWW_FORM_URLENCODED)
546 i->ssl_connection |= LCCSCF_HTTP_X_WWW_FORM_URLENCODED;
547 #endif
548
549 /* protocol aux is the path part */
550
551 i->path = buf;
552 buf[0] = '/';
553
554 lws_strexp_init(&exp, (void *)h, lws_ss_exp_cb_metadata, buf + 1, len - 1);
555
556 if (lws_strexp_expand(&exp, h->policy->u.http.url,
557 strlen(h->policy->u.http.url),
558 &used_in, &used_out) != LSTRX_DONE)
559 return 1;
560
561 return 0;
562 }
563
564
565 const struct ss_pcols ss_pcol_h1 = {
566 "h1",
567 "http/1.1",
568 "lws-secstream-h1",
569 secstream_connect_munge_h1,
570 NULL
571 };
572