libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-secure-streams-policy.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2019 - 2021 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 *
24 * included from libwebsockets.h
25 */
26
27typedef int (*plugin_auth_status_cb)(struct lws_ss_handle *ss, int status);
28
53
54/* the public, const metrics policy definition */
55
56typedef struct lws_metric_policy {
57 /* order of first two mandated by JSON policy parsing scope union */
58 const struct lws_metric_policy *next;
59 const char *name;
60
61 const char *report;
62
64 uint64_t us_schedule;
66
72
73typedef struct lws_ss_x509 {
75 const char *vhost_name;
76 const uint8_t *ca_der;
77 size_t ca_der_len;
80
81enum {
90 LWSSSPOLF_TLS = (1 << 4),
118 LWSSSPOLF_SERVER = (1 << 15),
124
133 LWSSSPOLF_PERF = (1 << 22),
141
142};
143
151
152enum {
158
159
164
165 _LWSSS_HBI_COUNT /* always last */
166};
167
168/*
169 * This does for both the static policy metadata entry, and the runtime metadata
170 * handling object.
171 */
172
173typedef struct lws_ss_metadata {
175 const char *name;
177 size_t length;
178
179 uint8_t value_length; /* only valid if set by policy */
180 uint8_t value_is_http_token; /* valid if set by policy */
181#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
182 uint8_t name_on_lws_heap:1; /* proxy metatadata does this */
183#endif
184 uint8_t value_on_lws_heap:1; /* proxy + rx metadata does this */
185#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)
186 uint8_t pending_onward:1;
187#endif
189
190typedef struct lws_ss_http_respmap {
191 uint16_t resp; /* the http response code */
192 uint16_t state; /* low 16-bits of associated state */
194
195/*
196 * This is a mapping between an auth streamtype and a name and other information
197 * that can be independently instantiated. Other streamtypes can indicate they
198 * require this authentication on their connection.
199 */
200
201typedef struct lws_ss_auth {
203 const char *name;
204
205 const char *type;
206 const char *streamtype;
209
223typedef struct lws_ss_policy {
225 const char *streamtype;
226
227 const char *endpoint;
231 const char *payload_fmt;
232 const char *socks5_proxy;
233 lws_ss_metadata_t *metadata; /* linked-list of metadata */
234 const lws_metric_policy_t *metrics; /* linked-list of metric policies */
235 const lws_ss_auth_t *auth; /* NULL or auth object we bind to */
236
237#if defined(LWS_WITH_SERVER)
238 const struct lws_protocol_vhost_options *pvo;
239#endif
240
241 /* protocol-specific connection policy details */
242
243 union {
244
245#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) || defined(LWS_ROLE_WS)
246
247 /* details for http-related protocols... */
248
249 struct {
250
251 /* common to all http-related protocols */
252
253 const char *method;
254 const char *url;
255
256 const char *multipart_name;
257 const char *multipart_filename;
258 const char *multipart_content_type;
259
260 const char *blob_header[_LWSSS_HBI_COUNT];
261 const char *auth_preamble;
262
263 const lws_ss_http_respmap_t *respmap;
264
265 union {
266// struct { /* LWSSSP_H1 */
267// } h1;
268// struct { /* LWSSSP_H2 */
269// } h2;
270 struct { /* LWSSSP_WS */
271 const char *subprotocol;
272 uint8_t binary;
273 /* false = TEXT, true = BINARY */
274 } ws;
275 } u;
276
277 uint16_t resp_expect;
278 uint8_t count_respmap;
279 uint8_t fail_redirect:1;
280 } http;
281
282#endif
283
284#if defined(LWS_ROLE_MQTT)
285
286 struct {
287 const char *topic; /* stream sends on this topic */
288 const char *subscribe; /* stream subscribes to this topic */
289
290 const char *will_topic;
291 const char *will_message;
292
293 const char *birth_topic;
294 const char *birth_message;
295
296 uint16_t keep_alive;
297 uint8_t qos;
298 uint8_t clean_start;
299 uint8_t will_qos;
300 uint8_t will_retain;
301 uint8_t birth_qos;
302 uint8_t birth_retain;
303 uint8_t aws_iot;
304 uint8_t retain;
305
306 } mqtt;
307
308#endif
309
310 /* details for non-http related protocols... */
311 } u;
312
313#if defined(LWS_WITH_SECURE_STREAMS_AUTH_SIGV4)
314 /* directly point to the metadata name, no need to expand */
315 const char *aws_region;
316 const char *aws_service;
317#endif
318 /*
319 * We're either a client connection policy that wants a trust store,
320 * or we're a server policy that wants a mem cert and key... Hold
321 * these mutually-exclusive things in a union.
322 */
323
324 union {
328 struct {
329 const lws_ss_x509_t *cert;
331 const lws_ss_x509_t *key;
333 } server;
335
337
338 int32_t txc;
339 int32_t txc_peer;
340
344
348
352
354
359 uint8_t priority; /* 0 = normal, 6 = max normal,
360 * 7 = network management */
362
363#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
364
365/*
366 * These only exist / have meaning if there's a dynamic JSON policy enabled
367 */
368
370lws_ss_policy_parse_begin(struct lws_context *context, int overlay);
371
373lws_ss_policy_parse_abandon(struct lws_context *context);
374
376lws_ss_policy_parse(struct lws_context *context, const uint8_t *buf, size_t len);
377
379lws_ss_policy_overlay(struct lws_context *context, const char *overlay);
380
381/*
382 * You almost certainly don't want these, they return the first policy or auth
383 * object in a linked-list of objects created by lws_ss_policy_parse above,
384 * they are exported to generate static policy with
385 */
387lws_ss_policy_get(struct lws_context *context);
388
390lws_ss_auth_get(struct lws_context *context);
391
392#endif
unsigned short uint16_t
unsigned int uint32_t
#define LWS_EXTERN
unsigned char uint8_t
#define LWS_VISIBLE
struct lws_retry_bo lws_retry_bo_t
struct lws_ss_x509 * next
struct lws_ss_metadata * next
struct lws_ss_http_respmap lws_ss_http_respmap_t
LWS_VISIBLE LWS_EXTERN int lws_ss_policy_overlay(struct lws_context *context, const char *overlay)
union lws_ss_policy::@205263316062375117242051172104141270333353025223 trust
const lws_ss_x509_t * ssx509[6]
const lws_metric_policy_t * metrics
lws_ss_metadata_t * metadata
struct lws_ss_policy lws_ss_policy_t
const lws_ss_x509_t * key
struct lws_ss_trust_store * next
LWS_VISIBLE LWS_EXTERN int lws_ss_policy_parse_abandon(struct lws_context *context)
struct lws_ss_trust_store lws_ss_trust_store_t
struct lws_ss_x509 lws_ss_x509_t
struct lws_ss_auth * next
const char * rideshare_streamtype
LWS_VISIBLE LWS_EXTERN const lws_ss_auth_t * lws_ss_auth_get(struct lws_context *context)
const lws_ss_trust_store_t * store
struct lws_ss_auth lws_ss_auth_t
LWS_VISIBLE LWS_EXTERN int lws_ss_policy_parse_begin(struct lws_context *context, int overlay)
@ LWSSSPOLF_HTTP_CACHE_COOKIES
@ LWSSSPOLF_OPPORTUNISTIC
@ LWSSSPOLF_ATTR_HIGH_RELIABILITY
@ LWSSSPOLF_H2_QUIRK_UNCLEAN_HPACK_STATE
@ LWSSSPOLF_WAKE_SUSPEND__VALIDITY
@ LWSSSPOLF_ALLOW_REDIRECTS
@ LWSSSPOLF_ATTR_LOW_LATENCY
@ LWSSSPOLF_AUTH_BEARER
@ LWSSSPOLF_QUIRK_NGHTTP2_END_STREAM
@ LWSSSPOLF_HTTP_MULTIPART_IN
@ LWSSSPOLF_ATTR_LOW_COST
@ LWSSSPOLF_HTTP_X_WWW_FORM_URLENCODED
@ LWSSSPOLF_HTTP_NO_CONTENT_LENGTH
@ LWSSSPOLF_HTTP_MULTIPART
@ LWSSSPOLF_PRIORITIZE_READS
@ LWSSSPOLF_DIRECT_PROTO_STR
@ LWSSSPOLF_H2_QUIRK_OVERFLOWS_TXCR
@ LWSSSPOLF_ATTR_HIGH_THROUGHPUT
const lws_retry_bo_t * retry_bo
int(* plugin_auth_status_cb)(struct lws_ss_handle *ss, int status)
const lws_ss_auth_t * auth
const lws_ss_x509_t * cert
struct lws_ss_metadata lws_ss_metadata_t
LWS_VISIBLE LWS_EXTERN const lws_ss_policy_t * lws_ss_policy_get(struct lws_context *context)
const uint8_t * ca_der
struct lws_ss_policy * next
struct lws_metric_policy lws_metric_policy_t
LWS_VISIBLE LWS_EXTERN int lws_ss_policy_parse(struct lws_context *context, const uint8_t *buf, size_t len)
const struct lws_metric_policy * next
union lws_ss_policy::@240225143042301163031025331247104245060336112111 u