/src/libvncserver/src/libvncserver/websockets.c
Line | Count | Source |
1 | | /* |
2 | | * websockets.c - deal with WebSockets clients. |
3 | | * |
4 | | * This code should be independent of any changes in the RFB protocol. It is |
5 | | * an additional handshake and framing of normal sockets: |
6 | | * http://www.whatwg.org/specs/web-socket-protocol/ |
7 | | * |
8 | | */ |
9 | | |
10 | | /* |
11 | | * Copyright (C) 2010 Joel Martin |
12 | | * |
13 | | * This is free software; you can redistribute it and/or modify |
14 | | * it under the terms of the GNU General Public License as published by |
15 | | * the Free Software Foundation; either version 2 of the License, or |
16 | | * (at your option) any later version. |
17 | | * |
18 | | * This software is distributed in the hope that it will be useful, |
19 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
20 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
21 | | * GNU General Public License for more details. |
22 | | * |
23 | | * You should have received a copy of the GNU General Public License |
24 | | * along with this software; if not, write to the Free Software |
25 | | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
26 | | * USA. |
27 | | */ |
28 | | |
29 | | #ifdef __STRICT_ANSI__ |
30 | | #define _BSD_SOURCE |
31 | | #endif |
32 | | |
33 | | #include <rfb/rfb.h> |
34 | | /* errno */ |
35 | | #include <errno.h> |
36 | | |
37 | | #ifdef LIBVNCSERVER_HAVE_SYS_TYPES_H |
38 | | #include <sys/types.h> |
39 | | #endif |
40 | | |
41 | | #include <string.h> |
42 | | #if LIBVNCSERVER_UNISTD_H |
43 | | #include <unistd.h> |
44 | | #endif |
45 | | #include "rfb/rfbconfig.h" |
46 | | #include "rfbssl.h" |
47 | | #include "crypto.h" |
48 | | #include "ws_decode.h" |
49 | | #include "base64.h" |
50 | | |
51 | | #if 0 |
52 | | #include <sys/syscall.h> |
53 | | static int gettid() { |
54 | | return (int)syscall(SYS_gettid); |
55 | | } |
56 | | #endif |
57 | | |
58 | | /* |
59 | | * draft-ietf-hybi-thewebsocketprotocol-10 |
60 | | * 5.2.2. Sending the Server's Opening Handshake |
61 | | */ |
62 | 0 | #define GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11" |
63 | | |
64 | 0 | #define SERVER_HANDSHAKE_HYBI "HTTP/1.1 101 Switching Protocols\r\n\ |
65 | 0 | Upgrade: websocket\r\n\ |
66 | 0 | Connection: Upgrade\r\n\ |
67 | 0 | Sec-WebSocket-Accept: %s\r\n\ |
68 | 0 | Sec-WebSocket-Protocol: %s\r\n\ |
69 | 0 | \r\n" |
70 | | |
71 | 0 | #define SERVER_HANDSHAKE_HYBI_NO_PROTOCOL "HTTP/1.1 101 Switching Protocols\r\n\ |
72 | 0 | Upgrade: websocket\r\n\ |
73 | 0 | Connection: Upgrade\r\n\ |
74 | 0 | Sec-WebSocket-Accept: %s\r\n\ |
75 | 0 | \r\n" |
76 | | |
77 | 0 | #define WEBSOCKETS_CLIENT_CONNECT_WAIT_MS 100 |
78 | 0 | #define WEBSOCKETS_CLIENT_SEND_WAIT_MS 100 |
79 | 0 | #define WEBSOCKETS_MAX_HANDSHAKE_LEN 4096 |
80 | | |
81 | | #if defined(__linux__) && defined(NEED_TIMEVAL) |
82 | | struct timeval |
83 | | { |
84 | | long int tv_sec,tv_usec; |
85 | | } |
86 | | ; |
87 | | #endif |
88 | | |
89 | | static rfbBool webSocketsHandshake(rfbClientPtr cl, char *scheme); |
90 | | |
91 | | static int webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst); |
92 | | |
93 | | static int ws_read(void *cl, char *buf, size_t len); |
94 | | |
95 | | |
96 | | static int |
97 | 0 | min (int a, int b) { |
98 | 0 | return a < b ? a : b; |
99 | 0 | } |
100 | | |
101 | | static void webSocketsGenSha1Key(char *target, int size, char *key) |
102 | 0 | { |
103 | 0 | unsigned char hash[SHA1_HASH_SIZE]; |
104 | 0 | char tmp[strlen(key) + sizeof(GUID) - 1]; |
105 | 0 | memcpy(tmp, key, strlen(key)); |
106 | 0 | memcpy(tmp + strlen(key), GUID, sizeof(GUID) - 1); |
107 | 0 | hash_sha1(hash, tmp, sizeof(tmp)); |
108 | 0 | if (-1 == rfbBase64NtoP(hash, sizeof(hash), target, size)) |
109 | 0 | rfbErr("rfbBase64NtoP failed\n"); |
110 | 0 | } |
111 | | |
112 | | /* |
113 | | * rfbWebSocketsHandshake is called to handle new WebSockets connections |
114 | | */ |
115 | | |
116 | | rfbBool |
117 | | webSocketsCheck (rfbClientPtr cl) |
118 | 0 | { |
119 | 0 | char bbuf[4], *scheme; |
120 | 0 | int ret; |
121 | |
|
122 | 0 | ret = rfbPeekExactTimeout(cl, bbuf, 4, |
123 | 0 | WEBSOCKETS_CLIENT_CONNECT_WAIT_MS); |
124 | 0 | if ((ret < 0) && (errno == ETIMEDOUT)) { |
125 | 0 | rfbLog("Normal socket connection\n"); |
126 | 0 | return TRUE; |
127 | 0 | } else if (ret <= 0) { |
128 | 0 | rfbErr("webSocketsHandshake: unknown connection error\n"); |
129 | 0 | return FALSE; |
130 | 0 | } |
131 | | |
132 | 0 | if (strncmp(bbuf, "RFB ", 4) == 0) { |
133 | 0 | rfbLog("Normal socket connection\n"); |
134 | 0 | return TRUE; |
135 | 0 | } else if (strncmp(bbuf, "\x16", 1) == 0 || strncmp(bbuf, "\x80", 1) == 0) { |
136 | 0 | rfbLog("Got TLS/SSL WebSockets connection\n"); |
137 | 0 | if (-1 == rfbssl_init(cl)) { |
138 | 0 | rfbErr("webSocketsHandshake: rfbssl_init failed\n"); |
139 | 0 | return FALSE; |
140 | 0 | } |
141 | 0 | ret = rfbPeekExactTimeout(cl, bbuf, 4, WEBSOCKETS_CLIENT_CONNECT_WAIT_MS); |
142 | 0 | scheme = "wss"; |
143 | 0 | } else { |
144 | 0 | scheme = "ws"; |
145 | 0 | } |
146 | | |
147 | 0 | if (strncmp(bbuf, "GET ", 4) != 0) { |
148 | 0 | rfbErr("webSocketsHandshake: invalid client header\n"); |
149 | 0 | return FALSE; |
150 | 0 | } |
151 | | |
152 | 0 | rfbLog("Got '%s' WebSockets handshake\n", scheme); |
153 | |
|
154 | 0 | if (!webSocketsHandshake(cl, scheme)) { |
155 | 0 | return FALSE; |
156 | 0 | } |
157 | | /* Start WebSockets framing */ |
158 | 0 | return TRUE; |
159 | 0 | } |
160 | | |
161 | | static rfbBool |
162 | | webSocketsHandshake(rfbClientPtr cl, char *scheme) |
163 | 0 | { |
164 | 0 | char *buf, *response, *line; |
165 | 0 | int n, linestart = 0, len = 0, llen, base64 = FALSE; |
166 | 0 | char *path = NULL, *host = NULL, *origin = NULL, *protocol = NULL; |
167 | 0 | char *key1 = NULL, *key2 = NULL; |
168 | 0 | char *sec_ws_origin = NULL; |
169 | 0 | char *sec_ws_key = NULL; |
170 | 0 | char sec_ws_version = 0; |
171 | 0 | ws_ctx_t *wsctx = NULL; |
172 | |
|
173 | 0 | buf = (char *) malloc(WEBSOCKETS_MAX_HANDSHAKE_LEN); |
174 | 0 | if (!buf) { |
175 | 0 | rfbLogPerror("webSocketsHandshake: malloc"); |
176 | 0 | return FALSE; |
177 | 0 | } |
178 | 0 | response = (char *) malloc(WEBSOCKETS_MAX_HANDSHAKE_LEN); |
179 | 0 | if (!response) { |
180 | 0 | free(buf); |
181 | 0 | rfbLogPerror("webSocketsHandshake: malloc"); |
182 | 0 | return FALSE; |
183 | 0 | } |
184 | | |
185 | 0 | while (len < WEBSOCKETS_MAX_HANDSHAKE_LEN-1) { |
186 | 0 | if ((n = rfbReadExactTimeout(cl, buf+len, 1, |
187 | 0 | WEBSOCKETS_CLIENT_SEND_WAIT_MS)) <= 0) { |
188 | 0 | if ((n < 0) && (errno == ETIMEDOUT)) { |
189 | 0 | break; |
190 | 0 | } |
191 | 0 | if (n == 0) { |
192 | 0 | rfbLog("webSocketsHandshake: client gone\n"); |
193 | 0 | } |
194 | 0 | else { |
195 | 0 | rfbLogPerror("webSocketsHandshake: read"); |
196 | 0 | } |
197 | |
|
198 | 0 | free(response); |
199 | 0 | free(buf); |
200 | 0 | return FALSE; |
201 | 0 | } |
202 | | |
203 | 0 | len += 1; |
204 | 0 | llen = len - linestart; |
205 | 0 | if (((llen >= 2)) && (buf[len-1] == '\n')) { |
206 | 0 | line = buf+linestart; |
207 | 0 | if ((llen == 2) && (strncmp("\r\n", line, 2) == 0)) { |
208 | 0 | if (key1 && key2 && len+8 < WEBSOCKETS_MAX_HANDSHAKE_LEN) { |
209 | 0 | if ((n = rfbReadExact(cl, buf+len, 8)) <= 0) { |
210 | 0 | if ((n < 0) && (errno == ETIMEDOUT)) { |
211 | 0 | break; |
212 | 0 | } |
213 | 0 | if (n == 0) |
214 | 0 | rfbLog("webSocketsHandshake: client gone\n"); |
215 | 0 | else |
216 | 0 | rfbLogPerror("webSocketsHandshake: read"); |
217 | 0 | free(response); |
218 | 0 | free(buf); |
219 | 0 | return FALSE; |
220 | 0 | } |
221 | 0 | len += 8; |
222 | 0 | } else { |
223 | 0 | buf[len] = '\0'; |
224 | 0 | } |
225 | 0 | break; |
226 | 0 | } else if ((llen >= 16) && ((strncmp("GET ", line, min(llen,4))) == 0)) { |
227 | | /* 16 = 4 ("GET ") + 1 ("/.*") + 11 (" HTTP/1.1\r\n") */ |
228 | 0 | path = line+4; |
229 | 0 | buf[len-11] = '\0'; /* Trim trailing " HTTP/1.1\r\n" */ |
230 | 0 | cl->wspath = strdup(path); |
231 | | /* rfbLog("Got path: %s\n", path); */ |
232 | 0 | } else if ((strncasecmp("host: ", line, min(llen,6))) == 0) { |
233 | 0 | host = line+6; |
234 | 0 | buf[len-2] = '\0'; |
235 | | /* rfbLog("Got host: %s\n", host); */ |
236 | 0 | } else if ((strncasecmp("origin: ", line, min(llen,8))) == 0) { |
237 | 0 | origin = line+8; |
238 | 0 | buf[len-2] = '\0'; |
239 | | /* rfbLog("Got origin: %s\n", origin); */ |
240 | 0 | } else if ((strncasecmp("sec-websocket-key1: ", line, min(llen,20))) == 0) { |
241 | 0 | key1 = line+20; |
242 | 0 | buf[len-2] = '\0'; |
243 | | /* rfbLog("Got key1: %s\n", key1); */ |
244 | 0 | } else if ((strncasecmp("sec-websocket-key2: ", line, min(llen,20))) == 0) { |
245 | 0 | key2 = line+20; |
246 | 0 | buf[len-2] = '\0'; |
247 | | /* rfbLog("Got key2: %s\n", key2); */ |
248 | | /* HyBI */ |
249 | |
|
250 | 0 | } else if ((strncasecmp("sec-websocket-protocol: ", line, min(llen,24))) == 0) { |
251 | 0 | protocol = line+24; |
252 | 0 | buf[len-2] = '\0'; |
253 | 0 | rfbLog("Got protocol: %s\n", protocol); |
254 | 0 | } else if ((strncasecmp("sec-websocket-origin: ", line, min(llen,22))) == 0) { |
255 | 0 | sec_ws_origin = line+22; |
256 | 0 | buf[len-2] = '\0'; |
257 | 0 | } else if ((strncasecmp("sec-websocket-key: ", line, min(llen,19))) == 0) { |
258 | 0 | sec_ws_key = line+19; |
259 | 0 | buf[len-2] = '\0'; |
260 | 0 | } else if ((strncasecmp("sec-websocket-version: ", line, min(llen,23))) == 0) { |
261 | 0 | sec_ws_version = strtol(line+23, NULL, 10); |
262 | 0 | buf[len-2] = '\0'; |
263 | 0 | } |
264 | | |
265 | 0 | linestart = len; |
266 | 0 | } |
267 | 0 | } |
268 | | |
269 | | /* older hixie handshake, this could be removed if |
270 | | * a final standard is established -- removed now */ |
271 | 0 | if (!sec_ws_version) { |
272 | 0 | rfbErr("Hixie no longer supported\n"); |
273 | 0 | free(response); |
274 | 0 | free(buf); |
275 | 0 | return FALSE; |
276 | 0 | } |
277 | | |
278 | 0 | if (!sec_ws_key) { |
279 | 0 | rfbErr("webSocketsHandshake: sec-websocket-key is missing\n"); |
280 | 0 | free(response); |
281 | 0 | free(buf); |
282 | 0 | return FALSE; |
283 | 0 | } |
284 | | |
285 | 0 | if (!(path && host && (origin || sec_ws_origin))) { |
286 | 0 | rfbErr("webSocketsHandshake: incomplete client handshake\n"); |
287 | 0 | free(response); |
288 | 0 | free(buf); |
289 | 0 | return FALSE; |
290 | 0 | } |
291 | | |
292 | 0 | if ((protocol) && (strstr(protocol, "base64"))) { |
293 | 0 | rfbLog(" - webSocketsHandshake: using base64 encoding\n"); |
294 | 0 | base64 = TRUE; |
295 | 0 | protocol = "base64"; |
296 | 0 | } else { |
297 | 0 | rfbLog(" - webSocketsHandshake: using binary/raw encoding\n"); |
298 | 0 | if ((protocol) && (strstr(protocol, "binary"))) { |
299 | 0 | protocol = "binary"; |
300 | 0 | } else { |
301 | 0 | protocol = ""; |
302 | 0 | } |
303 | 0 | } |
304 | | |
305 | | /* |
306 | | * Generate the WebSockets server response based on the the headers sent |
307 | | * by the client. |
308 | | */ |
309 | 0 | char accept[B64LEN(SHA1_HASH_SIZE) + 1]; |
310 | 0 | rfbLog(" - WebSockets client version hybi-%02d\n", sec_ws_version); |
311 | 0 | webSocketsGenSha1Key(accept, sizeof(accept), sec_ws_key); |
312 | |
|
313 | 0 | if(strlen(protocol) > 0) { |
314 | 0 | len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, |
315 | 0 | SERVER_HANDSHAKE_HYBI, accept, protocol); |
316 | 0 | } else { |
317 | 0 | len = snprintf(response, WEBSOCKETS_MAX_HANDSHAKE_LEN, |
318 | 0 | SERVER_HANDSHAKE_HYBI_NO_PROTOCOL, accept); |
319 | 0 | } |
320 | |
|
321 | 0 | if (rfbWriteExact(cl, response, len) < 0) { |
322 | 0 | rfbErr("webSocketsHandshake: failed sending WebSockets response\n"); |
323 | 0 | free(response); |
324 | 0 | free(buf); |
325 | 0 | return FALSE; |
326 | 0 | } |
327 | | /* rfbLog("webSocketsHandshake: %s\n", response); */ |
328 | 0 | free(response); |
329 | 0 | free(buf); |
330 | |
|
331 | 0 | wsctx = calloc(1, sizeof(ws_ctx_t)); |
332 | 0 | if (!wsctx) { |
333 | 0 | rfbErr("webSocketsHandshake: could not allocate memory for context\n"); |
334 | 0 | return FALSE; |
335 | 0 | } |
336 | 0 | wsctx->encode = webSocketsEncodeHybi; |
337 | 0 | wsctx->decode = webSocketsDecodeHybi; |
338 | 0 | wsctx->ctxInfo.readFunc = ws_read; |
339 | 0 | wsctx->base64 = base64; |
340 | 0 | hybiDecodeCleanupComplete(wsctx); |
341 | 0 | cl->wsctx = (wsCtx *)wsctx; |
342 | 0 | return TRUE; |
343 | 0 | } |
344 | | |
345 | | static int |
346 | | ws_read(void *ctxPtr, char *buf, size_t len) |
347 | 0 | { |
348 | 0 | int n; |
349 | 0 | rfbClientPtr cl = ctxPtr; |
350 | 0 | if (cl->sslctx) { |
351 | 0 | n = rfbssl_read(cl, buf, len); |
352 | 0 | } else { |
353 | 0 | n = read(cl->sock, buf, len); |
354 | 0 | } |
355 | 0 | return n; |
356 | 0 | } |
357 | | |
358 | | static int |
359 | | webSocketsEncodeHybi(rfbClientPtr cl, const char *src, int len, char **dst) |
360 | 0 | { |
361 | 0 | int blen, ret = -1, sz = 0; |
362 | 0 | unsigned char opcode = '\0'; /* TODO: option! */ |
363 | 0 | ws_header_t *header; |
364 | 0 | ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; |
365 | | |
366 | | |
367 | | /* Optional opcode: |
368 | | * 0x0 - continuation |
369 | | * 0x1 - text frame (base64 encode buf) |
370 | | * 0x2 - binary frame (use raw buf) |
371 | | * 0x8 - connection close |
372 | | * 0x9 - ping |
373 | | * 0xA - pong |
374 | | **/ |
375 | 0 | if (!len) { |
376 | | /* nothing to encode */ |
377 | 0 | return 0; |
378 | 0 | } |
379 | 0 | if (len > UPDATE_BUF_SIZE) { |
380 | 0 | rfbErr("%s: Data length %d larger than maximum of %d bytes\n", __func__, len, UPDATE_BUF_SIZE); |
381 | 0 | return -1; |
382 | 0 | } |
383 | | |
384 | 0 | header = (ws_header_t *)wsctx->codeBufEncode; |
385 | |
|
386 | 0 | if (wsctx->base64) { |
387 | 0 | opcode = WS_OPCODE_TEXT_FRAME; |
388 | | /* calculate the resulting size */ |
389 | 0 | blen = B64LEN(len); |
390 | 0 | } else { |
391 | 0 | opcode = WS_OPCODE_BINARY_FRAME; |
392 | 0 | blen = len; |
393 | 0 | } |
394 | |
|
395 | 0 | header->b0 = 0x80 | (opcode & 0x0f); |
396 | 0 | if (blen <= 125) { |
397 | 0 | header->b1 = (uint8_t)blen; |
398 | 0 | sz = 2; |
399 | 0 | } else if (blen <= 65536) { |
400 | 0 | header->b1 = 0x7e; |
401 | 0 | header->u.s16.l16 = WS_HTON16((uint16_t)blen); |
402 | 0 | sz = 4; |
403 | 0 | } else { |
404 | 0 | header->b1 = 0x7f; |
405 | 0 | header->u.s64.l64 = WS_HTON64(blen); |
406 | 0 | sz = 10; |
407 | 0 | } |
408 | |
|
409 | 0 | if (wsctx->base64) { |
410 | 0 | if (-1 == (ret = rfbBase64NtoP((unsigned char *)src, len, wsctx->codeBufEncode + sz, sizeof(wsctx->codeBufEncode) - sz))) { |
411 | 0 | rfbErr("%s: Base 64 encode failed\n", __func__); |
412 | 0 | } else { |
413 | 0 | if (ret != blen) |
414 | 0 | rfbErr("%s: Base 64 encode; something weird happened\n", __func__); |
415 | 0 | ret += sz; |
416 | 0 | } |
417 | 0 | } else { |
418 | 0 | memcpy(wsctx->codeBufEncode + sz, src, len); |
419 | 0 | ret = sz + len; |
420 | 0 | } |
421 | |
|
422 | 0 | *dst = wsctx->codeBufEncode; |
423 | |
|
424 | 0 | return ret; |
425 | 0 | } |
426 | | |
427 | | int |
428 | | webSocketsEncode(rfbClientPtr cl, const char *src, int len, char **dst) |
429 | 0 | { |
430 | 0 | return webSocketsEncodeHybi(cl, src, len, dst); |
431 | 0 | } |
432 | | |
433 | | int |
434 | | webSocketsDecode(rfbClientPtr cl, char *dst, int len) |
435 | 0 | { |
436 | 0 | ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; |
437 | 0 | wsctx->ctxInfo.ctxPtr = cl; |
438 | 0 | return webSocketsDecodeHybi(wsctx, dst, len); |
439 | 0 | } |
440 | | |
441 | | /** |
442 | | * This is a stub function that was once used for Hixie-encoding. |
443 | | * We keep it for API compatibility. |
444 | | */ |
445 | | rfbBool |
446 | | webSocketCheckDisconnect(rfbClientPtr cl) |
447 | 0 | { |
448 | 0 | return FALSE; |
449 | 0 | } |
450 | | |
451 | | |
452 | | /* returns TRUE if there is data waiting to be read in our internal buffer |
453 | | * or if is there any pending data in the buffer of the SSL implementation |
454 | | */ |
455 | | rfbBool |
456 | | webSocketsHasDataInBuffer(rfbClientPtr cl) |
457 | 0 | { |
458 | 0 | ws_ctx_t *wsctx = (ws_ctx_t *)cl->wsctx; |
459 | |
|
460 | 0 | if (wsctx && wsctx->readlen) |
461 | 0 | return TRUE; |
462 | | |
463 | 0 | return (cl->sslctx && rfbssl_pending(cl) > 0); |
464 | 0 | } |