libwebsockets
Lightweight C library for HTML5 websockets
lws-context-vhost.h
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  */
24 
39 
40 /*
41  * NOTE: These public enums are part of the abi. If you want to add one,
42  * add it at where specified so existing users are unaffected.
43  */
44 
45 
46 #define LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT ((1ll << 1) | \
47  (1ll << 12))
51 #define LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME (1ll << 2)
53 #define LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT ((1ll << 3) | \
54  (1ll << 12))
61 #define LWS_SERVER_OPTION_LIBEV (1ll << 4)
63 #define LWS_SERVER_OPTION_DISABLE_IPV6 (1ll << 5)
65 #define LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS (1ll << 6)
68 #define LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED (1ll << 7)
70 #define LWS_SERVER_OPTION_VALIDATE_UTF8 (1ll << 8)
72 #define LWS_SERVER_OPTION_SSL_ECDH ((1ll << 9) | \
73  (1ll << 12))
75 #define LWS_SERVER_OPTION_LIBUV (1ll << 10)
77 #define LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS ((1ll << 11) |\
78  (1ll << 12))
88 #define LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT (1ll << 12)
90 #define LWS_SERVER_OPTION_EXPLICIT_VHOSTS (1ll << 13)
93 #define LWS_SERVER_OPTION_UNIX_SOCK (1ll << 14)
95 #define LWS_SERVER_OPTION_STS (1ll << 15)
98 #define LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY (1ll << 16)
100 #define LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE (1ll << 17)
102 #define LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN (1ll << 18)
108 #define LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN (1ll << 19)
115 #define LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */ (1ll << 20)
116 #define LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 20)
129 #define LWS_SERVER_OPTION_LIBEVENT (1ll << 21)
132 #define LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */ (1ll << 22)
133 #define LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 22)
146 #define LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE (1ll << 23)
152 #define LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX (1ll << 24)
159 #define LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT (1ll << 25)
164 #define LWS_SERVER_OPTION_IGNORE_MISSING_CERT (1ll << 26)
170 #define LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK (1ll << 27)
181 #define LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE (1ll << 28)
198 #define LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER (1ll << 29)
206 #define LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND (1ll << 30)
211 #define LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW (1ll << 31)
215 #define LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL (1ll << 32)
221 #define LWS_SERVER_OPTION_GLIB (1ll << 33)
224 #define LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE (1ll << 34)
229 #define LWS_SERVER_OPTION_NO_LWS_SYSTEM_STATES (1ll << 35)
233 #define LWS_SERVER_OPTION_SS_PROXY (1ll << 36)
236 #define LWS_SERVER_OPTION_SDEVENT (1ll << 37)
239 #define LWS_SERVER_OPTION_ULOOP (1ll << 38)
242 #define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE (1ll << 39)
246  /****** add new things just above ---^ ******/
247 
248 
249 #define lws_check_opt(c, f) ((((uint64_t)c) & ((uint64_t)f)) == ((uint64_t)f))
250 
251 struct lws_plat_file_ops;
252 struct lws_ss_policy;
253 struct lws_ss_plugin;
254 struct lws_metric_policy;
255 
256 typedef int (*lws_context_ready_cb_t)(struct lws_context *context);
257 
258 typedef int (*lws_peer_limits_notify_t)(struct lws_context *ctx,
259  lws_sockfd_type sockfd,
260  lws_sockaddr46 *sa46);
261 
272 #if defined(LWS_WITH_NETWORK)
273  const char *iface;
280  const struct lws_protocols *protocols;
286 #if defined(LWS_ROLE_WS)
287  const struct lws_extension *extensions;
290 #endif
291 #if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
292  const struct lws_token_limits *token_limits;
295  const char *http_proxy_address;
299  const struct lws_protocol_vhost_options *headers;
303  const struct lws_protocol_vhost_options *reject_service_keywords;
310  const struct lws_protocol_vhost_options *pvo;
313  const char *log_filepath;
316  const struct lws_http_mount *mounts;
318  const char *server_string;
322  const char *error_document_404;
326  int port;
336  unsigned int http_proxy_port;
338  unsigned int max_http_header_data2;
343  unsigned int max_http_header_pool2;
349  int keepalive_timeout;
353  uint32_t http2_settings[7];
360  unsigned short max_http_header_data;
363  unsigned short max_http_header_pool;
371 #endif
372 
373 #if defined(LWS_WITH_TLS)
374  const char *ssl_private_key_password;
379  const char *ssl_cert_filepath;
391  const char *ssl_private_key_filepath;
405  const char *ssl_ca_filepath;
414  const char *ssl_cipher_list;
424  const char *ecdh_curve;
427  const char *tls1_3_plus_cipher_list;
435  const void *server_ssl_cert_mem;
439  const void *server_ssl_private_key_mem;
444  const void *server_ssl_ca_mem;
449  long ssl_options_set;
451  long ssl_options_clear;
453  int simultaneous_ssl_restriction;
456  int ssl_info_event_mask;
462  unsigned int server_ssl_cert_mem_len;
465  unsigned int server_ssl_private_key_mem_len;
467  unsigned int server_ssl_ca_mem_len;
470  const char *alpn;
479 #if defined(LWS_WITH_CLIENT)
480  const char *client_ssl_private_key_password;
483  const char *client_ssl_cert_filepath;
486  const void *client_ssl_cert_mem;
489  unsigned int client_ssl_cert_mem_len;
492  const char *client_ssl_private_key_filepath;
498  const void *client_ssl_key_mem;
501  const char *client_ssl_ca_filepath;
503  const void *client_ssl_ca_mem;
507  const char *client_ssl_cipher_list;
511  const char *client_tls_1_3_plus_cipher_list;
518  long ssl_client_options_set;
520  long ssl_client_options_clear;
524  unsigned int client_ssl_ca_mem_len;
527  unsigned int client_ssl_key_mem_len;
531 #endif
532 
533 #if !defined(LWS_WITH_MBEDTLS)
534  SSL_CTX *provided_client_ssl_ctx;
539 #endif
540 #endif
541 
542  int ka_time;
545  int ka_probes;
549  int ka_interval;
552  unsigned int timeout_secs;
557  unsigned int connect_timeout_secs;
561  int bind_iface;
572  unsigned int timeout_secs_ah_idle;
575 #endif /* WITH_NETWORK */
576 
577 #if defined(LWS_WITH_TLS_SESSIONS)
578  uint32_t tls_session_timeout;
581  uint32_t tls_session_cache_max;
584 #endif
585 
586  gid_t gid;
589  uid_t uid;
592  uint64_t options;
594  void *user;
603  unsigned int count_threads;
605  unsigned int fd_limit_per_thread;
621  const char *vhost_name;
625 #if defined(LWS_WITH_PLUGINS)
626  const char * const *plugin_dirs;
629 #endif
639  unsigned int pt_serv_buf_size;
645 #if defined(LWS_WITH_FILE_OPS)
646  const struct lws_plat_file_ops *fops;
653 #endif
654 
655 #if defined(LWS_WITH_SOCKS5)
656  const char *socks_proxy_address;
660  unsigned int socks_proxy_port;
664 #endif
665 
666 #if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
667  cap_value_t caps[4];
674  char count_caps;
677 #endif
692  void (*signal_cb)(void *event_lib_handle, int signum);
698  struct lws_context **pcontext;
704  void (*finalize)(struct lws_vhost *vh, void *arg);
713  const char *listen_accept_role;
722  const struct lws_protocols **pprotocols;
733  const char *username;
735  const char *groupname;
737  const char *unix_socket_perms;
748 #if defined(LWS_WITH_SYS_STATE)
749  lws_state_notify_link_t * const *register_notifier_list;
753 #endif
754 #if defined(LWS_WITH_SECURE_STREAMS)
755 #if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
756  const struct lws_ss_policy *pss_policies;
758 #else
759  const char *pss_policies_json;
766 #endif
767  const struct lws_ss_plugin **pss_plugins;
770  const char *ss_proxy_bind;
775  const char *ss_proxy_address;
777  uint16_t ss_proxy_port; /* 0 = if connecting to ss proxy, do it via a
778  * Unix Domain Socket, "+@proxy.ss.lws" if ss_proxy_bind is NULL else
779  * the socket path given in ss_proxy_bind (start it with a + or +@);
780  * nonzero means connect via a tcp socket to the tcp address in
781  * ss_proxy_bind and the given port */
782 #endif
783 
788 #if defined(LWS_WITH_PEER_LIMITS)
789  lws_peer_limits_notify_t pl_notify_cb;
796  unsigned short ip_limit_ah;
804  unsigned short ip_limit_wsi;
812 #endif /* PEER_LIMITS */
813 
814 #if defined(LWS_WITH_SYS_FAULT_INJECTION)
815  lws_fi_ctx_t fic;
822 #endif
823 
824 #if defined(LWS_WITH_SYS_SMD)
825  lws_smd_notification_cb_t early_smd_cb;
832  void *early_smd_opaque;
833  lws_smd_class_t early_smd_class_filter;
834  lws_usec_t smd_ttl_us;
839  uint16_t smd_queue_depth;
842 #endif
843 
844 #if defined(LWS_WITH_SYS_METRICS)
845  const struct lws_metric_policy *metrics_policies;
847  const char *metrics_prefix;
854 #endif
855 
856  /* Add new things just above here ---^
857  * This is part of the ABI, don't needlessly break compatibility
858  *
859  * The below is to ensure later library versions with new
860  * members added above will see 0 (default) even if the app
861  * was not built against the newer headers.
862  */
863 
864  void *_unused[2];
865 };
866 
901 LWS_VISIBLE LWS_EXTERN struct lws_context *
903 
904 
913 LWS_VISIBLE LWS_EXTERN void
914 lws_context_destroy(struct lws_context *context);
915 
916 typedef int (*lws_reload_func)(void);
917 
940 LWS_VISIBLE LWS_EXTERN void
941 lws_context_deprecate(struct lws_context *context, lws_reload_func cb);
942 
943 LWS_VISIBLE LWS_EXTERN int
944 lws_context_is_deprecated(struct lws_context *context);
945 
963 LWS_VISIBLE LWS_EXTERN int
964 lws_set_proxy(struct lws_vhost *vhost, const char *proxy);
965 
983 LWS_VISIBLE LWS_EXTERN int
984 lws_set_socks(struct lws_vhost *vhost, const char *socks);
985 
986 struct lws_vhost;
987 
997 LWS_VISIBLE LWS_EXTERN struct lws_vhost *
998 lws_create_vhost(struct lws_context *context,
999  const struct lws_context_creation_info *info);
1000 
1019 LWS_VISIBLE LWS_EXTERN void
1020 lws_vhost_destroy(struct lws_vhost *vh);
1021 
1036 LWS_VISIBLE LWS_EXTERN int
1038  char **config_strings, int *len);
1039 
1055 LWS_VISIBLE LWS_EXTERN int
1056 lwsws_get_config_vhosts(struct lws_context *context,
1057  struct lws_context_creation_info *info, const char *d,
1058  char **config_strings, int *len);
1059 
1065 LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1066 lws_get_vhost(struct lws *wsi);
1067 
1073 LWS_VISIBLE LWS_EXTERN const char *
1074 lws_get_vhost_name(struct lws_vhost *vhost);
1075 
1084 LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1085 lws_get_vhost_by_name(struct lws_context *context, const char *name);
1086 
1092 LWS_VISIBLE LWS_EXTERN int
1093 lws_get_vhost_port(struct lws_vhost *vhost);
1094 
1100 LWS_VISIBLE LWS_EXTERN void *
1101 lws_get_vhost_user(struct lws_vhost *vhost);
1102 
1108 LWS_VISIBLE LWS_EXTERN const char *
1109 lws_get_vhost_iface(struct lws_vhost *vhost);
1110 
1118 LWS_VISIBLE LWS_EXTERN int
1119 lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len);
1120 
1131 LWS_VISIBLE LWS_EXTERN int
1132 lws_json_dump_context(const struct lws_context *context, char *buf, int len,
1133  int hide_vhosts);
1134 
1143 LWS_VISIBLE LWS_EXTERN void *
1144 lws_vhost_user(struct lws_vhost *vhost);
1145 
1155 LWS_VISIBLE LWS_EXTERN void *
1156 lws_context_user(struct lws_context *context);
1157 
1158 LWS_VISIBLE LWS_EXTERN const char *
1159 lws_vh_tag(struct lws_vhost *vh);
1160 
1176 LWS_VISIBLE LWS_EXTERN int
1177 lws_context_is_being_destroyed(struct lws_context *context);
1178 
1185 
1194  const char *name;
1195  const char *value;
1196 };
1197 
1210 };
1211 
1218  LWSAUTHM_BASIC_AUTH_CALLBACK = 1 << 28
1219 };
1220 
1222 #define AUTH_MODE_MASK 0xF0000000
1223 
1231  const char *mountpoint;
1233  const char *origin;
1235  const char *def;
1237  const char *protocol;
1253  unsigned int auth_mask;
1256  unsigned int cache_reusable:1;
1257  unsigned int cache_revalidate:1;
1258  unsigned int cache_intermediaries:1;
1260  unsigned char origin_protocol;
1261  unsigned char mountpoint_len;
1266  /* Add new things just above here ---^
1267  * This is part of the ABI, don't needlessly break compatibility
1268  *
1269  * The below is to ensure later library versions with new
1270  * members added above will see 0 (default) even if the app
1271  * was not built against the newer headers.
1272  */
1273 
1274  void *_unused[2];
1275 };
1276 
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost(struct lws *wsi)
LWS_VISIBLE LWS_EXTERN void lws_context_deprecate(struct lws_context *context, lws_reload_func cb)
LWS_VISIBLE LWS_EXTERN int lws_json_dump_context(const struct lws_context *context, char *buf, int len, int hide_vhosts)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_vhosts(struct lws_context *context, struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_name(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void * lws_get_vhost_user(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost_by_name(struct lws_context *context, const char *name)
LWS_VISIBLE LWS_EXTERN int lws_set_proxy(struct lws_vhost *vhost, const char *proxy)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_iface(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void lws_context_destroy(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN int lws_set_socks(struct lws_vhost *vhost, const char *socks)
LWS_VISIBLE LWS_EXTERN struct lws_context * lws_create_context(const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN int lws_get_vhost_port(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_create_vhost(struct lws_context *context, const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void lws_vhost_destroy(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN void * lws_vhost_user(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void * lws_context_user(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_context_is_being_destroyed(struct lws_context *context)
lws_mount_protocols
Definition: lws-context-vhost.h:1202
lws_authentication_mode
Definition: lws-context-vhost.h:1216
@ LWSMPRO_CGI
Definition: lws-context-vhost.h:1206
@ LWSMPRO_HTTP
Definition: lws-context-vhost.h:1203
@ LWSMPRO_FILE
Definition: lws-context-vhost.h:1205
@ LWSMPRO_REDIR_HTTPS
Definition: lws-context-vhost.h:1208
@ LWSMPRO_CALLBACK
Definition: lws-context-vhost.h:1209
@ LWSMPRO_REDIR_HTTP
Definition: lws-context-vhost.h:1207
@ LWSMPRO_HTTPS
Definition: lws-context-vhost.h:1204
@ LWSAUTHM_BASIC_AUTH_CALLBACK
Definition: lws-context-vhost.h:1218
@ LWSAUTHM_DEFAULT
Definition: lws-context-vhost.h:1217
Definition: lws-context-vhost.h:271
void ** foreign_loops
Definition: lws-context-vhost.h:678
void * user
Definition: lws-context-vhost.h:594
const lws_system_ops_t * system_ops
Definition: lws-context-vhost.h:741
void(* finalize)(struct lws_vhost *vh, void *arg)
Definition: lws-context-vhost.h:704
gid_t gid
Definition: lws-context-vhost.h:586
unsigned int fd_limit_per_thread
Definition: lws-context-vhost.h:605
const char * listen_accept_protocol
Definition: lws-context-vhost.h:718
const struct lws_protocols ** pprotocols
Definition: lws-context-vhost.h:722
uid_t uid
Definition: lws-context-vhost.h:589
struct lws_context ** pcontext
Definition: lws-context-vhost.h:698
unsigned int pt_serv_buf_size
Definition: lws-context-vhost.h:639
const char * listen_accept_role
Definition: lws-context-vhost.h:713
const char * username
Definition: lws-context-vhost.h:733
const char * groupname
Definition: lws-context-vhost.h:735
const lws_retry_bo_t * retry_and_idle_policy
Definition: lws-context-vhost.h:744
uint64_t options
Definition: lws-context-vhost.h:592
void * external_baggage_free_on_destroy
Definition: lws-context-vhost.h:630
const char * unix_socket_perms
Definition: lws-context-vhost.h:737
int rlimit_nofile
Definition: lws-context-vhost.h:784
const char * vhost_name
Definition: lws-context-vhost.h:621
void * finalize_arg
Definition: lws-context-vhost.h:709
void * _unused[2]
Definition: lws-context-vhost.h:864
void(* signal_cb)(void *event_lib_handle, int signum)
Definition: lws-context-vhost.h:692
unsigned int count_threads
Definition: lws-context-vhost.h:603
Definition: lws-ws-ext.h:139
Definition: lws-context-vhost.h:1228
const struct lws_http_mount * mount_next
Definition: lws-context-vhost.h:1229
const char * protocol
Definition: lws-context-vhost.h:1237
const struct lws_protocol_vhost_options * interpret
Definition: lws-context-vhost.h:1246
const char * origin
Definition: lws-context-vhost.h:1233
const char * basic_auth_login_file
Definition: lws-context-vhost.h:1263
int cache_max_age
Definition: lws-context-vhost.h:1251
const struct lws_protocol_vhost_options * extra_mimetypes
Definition: lws-context-vhost.h:1244
int cgi_timeout
Definition: lws-context-vhost.h:1249
unsigned int auth_mask
Definition: lws-context-vhost.h:1253
unsigned char origin_protocol
Definition: lws-context-vhost.h:1260
void * _unused[2]
Definition: lws-context-vhost.h:1274
unsigned int cache_reusable
Definition: lws-context-vhost.h:1256
const char * mountpoint
Definition: lws-context-vhost.h:1231
unsigned int cache_intermediaries
Definition: lws-context-vhost.h:1258
unsigned char mountpoint_len
Definition: lws-context-vhost.h:1261
unsigned int cache_revalidate
Definition: lws-context-vhost.h:1257
const struct lws_protocol_vhost_options * cgienv
Definition: lws-context-vhost.h:1240
const char * def
Definition: lws-context-vhost.h:1235
Definition: lws-secure-streams-policy.h:82
Definition: lws-vfs.h:95
Definition: lws-context-vhost.h:1191
const char * value
Definition: lws-context-vhost.h:1195
const struct lws_protocol_vhost_options * next
Definition: lws-context-vhost.h:1192
const char * name
Definition: lws-context-vhost.h:1194
const struct lws_protocol_vhost_options * options
Definition: lws-context-vhost.h:1193
Definition: lws-protocols-plugins.h:44
Definition: lws-retry.h:25
Definition: lws-secure-streams-policy.h:239
Definition: lws-system.h:157
Definition: lws-http.h:369
Definition: lws-adopt.h:86