libwebsockets
Lightweight C library for HTML5 websockets
lws-secure-streams-policy.h
1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2019 - 2020 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  *
24  * included from libwebsockets.h
25  */
26 
27 typedef int (*plugin_auth_status_cb)(struct lws_ss_handle *ss, int status);
28 
54 #if defined(LWS_WITH_SSPLUGINS)
55 typedef struct lws_ss_plugin {
56  struct lws_ss_plugin *next;
57  const char *name;
58  size_t alloc;
60  int (*create)(struct lws_ss_handle *ss, void *info,
61  plugin_auth_status_cb status);
67  int (*destroy)(struct lws_ss_handle *ss);
71  int (*munge)(struct lws_ss_handle *ss, char *path,
72  size_t path_len);
77 } lws_ss_plugin_t;
78 #endif
79 
80 typedef struct lws_ss_x509 {
81  struct lws_ss_x509 *next;
82  const char *vhost_name;
83  const uint8_t *ca_der;
84  size_t ca_der_len;
85  uint8_t keep:1;
86 } lws_ss_x509_t;
87 
88 enum {
89  LWSSSPOLF_OPPORTUNISTIC = (1 << 0),
91  LWSSSPOLF_NAILED_UP = (1 << 1),
93  LWSSSPOLF_URGENT_TX = (1 << 2),
95  LWSSSPOLF_URGENT_RX = (1 << 3),
97  LWSSSPOLF_TLS = (1 << 4),
99  LWSSSPOLF_LONG_POLL = (1 << 5),
101  LWSSSPOLF_AUTH_BEARER = (1 << 6),
103  LWSSSPOLF_HTTP_NO_CONTENT_LENGTH = (1 << 7),
105  LWSSSPOLF_QUIRK_NGHTTP2_END_STREAM = (1 << 8),
107  LWSSSPOLF_H2_QUIRK_OVERFLOWS_TXCR = (1 << 9),
109  LWSSSPOLF_H2_QUIRK_UNCLEAN_HPACK_STATE = (1 << 10),
111  LWSSSPOLF_HTTP_MULTIPART = (1 << 11),
117  LWSSSPOLF_HTTP_X_WWW_FORM_URLENCODED = (1 << 12),
119  LWSSSPOLF_LOCAL_SINK = (1 << 13),
121  LWSSSPOLF_WAKE_SUSPEND__VALIDITY = (1 << 14),
125  LWSSSPOLF_SERVER = (1 << 15),
127  LWSSSPOLF_ALLOW_REDIRECTS = (1 << 16),
129  LWSSSPOLF_HTTP_MULTIPART_IN = (1 << 17),
131 };
132 
133 typedef struct lws_ss_trust_store {
134  struct lws_ss_trust_store *next;
135  const char *name;
136 
137  const lws_ss_x509_t *ssx509[6];
138  int count;
139 } lws_ss_trust_store_t;
140 
141 enum {
142  LWSSSP_H1,
143  LWSSSP_H2,
144  LWSSSP_WS,
145  LWSSSP_MQTT,
146  LWSSSP_RAW,
147 
148 
149  LWSSS_HBI_AUTH = 0,
150  LWSSS_HBI_DSN,
151  LWSSS_HBI_FWV,
152  LWSSS_HBI_TYPE,
153 
154  _LWSSS_HBI_COUNT /* always last */
155 };
156 
157 typedef struct lws_ss_metadata {
158  struct lws_ss_metadata *next;
159  const char *name;
160  void *value;
161  size_t length;
162 
163  uint8_t value_on_lws_heap; /* proxy does this */
164 } lws_ss_metadata_t;
165 
166 
180 typedef struct lws_ss_policy {
181  struct lws_ss_policy *next;
182  const char *streamtype;
184  const char *endpoint;
185  const char *rideshare_streamtype;
188  const char *payload_fmt;
189  const char *socks5_proxy;
190  lws_ss_metadata_t *metadata; /* linked-list of metadata */
191 
192  /* protocol-specific connection policy details */
193 
194  union {
195 
196 #if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) || defined(LWS_ROLE_WS)
197 
198  /* details for http-related protocols... */
199 
200  struct {
201 
202  /* common to all http-related protocols */
203 
204  const char *method;
205  const char *url;
206 
207  const char *multipart_name;
208  const char *multipart_filename;
209  const char *multipart_content_type;
210 
211  const char *blob_header[_LWSSS_HBI_COUNT];
212  const char *auth_preamble;
213 
214  union {
215 // struct { /* LWSSSP_H1 */
216 // } h1;
217 // struct { /* LWSSSP_H2 */
218 // } h2;
219  struct { /* LWSSSP_WS */
220  const char *subprotocol;
221  uint8_t binary;
222  /* false = TEXT, true = BINARY */
223  } ws;
224  } u;
225 
226  uint16_t resp_expect;
227  uint8_t fail_redirect:1;
228  } http;
229 
230 #endif
231 
232 #if defined(LWS_ROLE_MQTT)
233 
234  struct {
235  const char *topic; /* stream sends on this topic */
236  const char *subscribe; /* stream subscribes to this topic */
237 
238  const char *will_topic;
239  const char *will_message;
240 
241  uint16_t keep_alive;
242  uint8_t qos;
243  uint8_t clean_start;
244  uint8_t will_qos;
245  uint8_t will_retain;
246 
247  } mqtt;
248 
249 #endif
250 
251  /* details for non-http related protocols... */
252  } u;
253 
254 #if defined(LWS_WITH_SSPLUGINS)
255  const
256  struct lws_ss_plugin *plugins[2];
257  const void *plugins_info[2];
258 #endif
259 
260  /*
261  * We're either a client connection policy that wants a trust store,
262  * or we're a server policy that wants a mem cert and key... Hold
263  * these mutually-exclusive things in a union.
264  */
265 
266  union {
267  const lws_ss_trust_store_t *store;
270  struct {
271  const lws_ss_x509_t *cert;
273  const lws_ss_x509_t *key;
275  } server;
276  } trust;
277 
278  const lws_retry_bo_t *retry_bo;
280  uint32_t timeout_ms;
282  uint32_t flags;
284  uint16_t port;
286  uint8_t metadata_count;
287  uint8_t protocol;
288  uint8_t client_cert;
290 } lws_ss_policy_t;
291 
292 #if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
293 
294 /*
295  * These only exist / have meaning if there's a dynamic JSON policy enabled
296  */
297 
298 LWS_VISIBLE LWS_EXTERN int
299 lws_ss_policy_parse_begin(struct lws_context *context, int overlay);
300 
301 LWS_VISIBLE LWS_EXTERN int
302 lws_ss_policy_parse_abandon(struct lws_context *context);
303 
304 LWS_VISIBLE LWS_EXTERN int
305 lws_ss_policy_parse(struct lws_context *context, const uint8_t *buf, size_t len);
306 
307 LWS_VISIBLE LWS_EXTERN int
308 lws_ss_policy_overlay(struct lws_context *context, const char *overlay);
309 
310 /*
311  * You almost certainly don't want this, it returns the first policy object
312  * in a linked-list of objects created by lws_ss_policy_parse above
313  */
314 LWS_VISIBLE LWS_EXTERN const lws_ss_policy_t *
315 lws_ss_policy_get(struct lws_context *context);
316 
317 #endif
lws_retry_bo
Definition: lws-retry.h:25
lws_ss_metadata
Definition: lws-secure-streams-policy.h:157
lws_ss_policy
Definition: lws-secure-streams-policy.h:180
lws_ss_policy::flags
uint32_t flags
Definition: lws-secure-streams-policy.h:282
lws_ss_policy::metadata_count
uint8_t metadata_count
Definition: lws-secure-streams-policy.h:286
lws_ss_policy::timeout_ms
uint32_t timeout_ms
Definition: lws-secure-streams-policy.h:280
lws_ss_policy::cert
const lws_ss_x509_t * cert
Definition: lws-secure-streams-policy.h:271
lws_ss_policy::streamtype
const char * streamtype
Definition: lws-secure-streams-policy.h:182
lws_ss_policy::rideshare_streamtype
const char * rideshare_streamtype
Definition: lws-secure-streams-policy.h:185
lws_ss_policy::client_cert
uint8_t client_cert
Definition: lws-secure-streams-policy.h:288
lws_ss_policy::endpoint
const char * endpoint
Definition: lws-secure-streams-policy.h:184
lws_ss_policy::store
const lws_ss_trust_store_t * store
Definition: lws-secure-streams-policy.h:267
lws_ss_policy::retry_bo
const lws_retry_bo_t * retry_bo
Definition: lws-secure-streams-policy.h:278
lws_ss_policy::port
uint16_t port
Definition: lws-secure-streams-policy.h:284
lws_ss_policy::protocol
uint8_t protocol
Definition: lws-secure-streams-policy.h:287
lws_ss_policy::key
const lws_ss_x509_t * key
Definition: lws-secure-streams-policy.h:273
lws_ss_trust_store
Definition: lws-secure-streams-policy.h:133
lws_ss_x509
Definition: lws-secure-streams-policy.h:80
lws_ss_x509::keep
uint8_t keep
Definition: lws-secure-streams-policy.h:85
lws_ss_x509::ca_der_len
size_t ca_der_len
Definition: lws-secure-streams-policy.h:84
lws_ss_x509::ca_der
const uint8_t * ca_der
Definition: lws-secure-streams-policy.h:83
lws_ss_x509::vhost_name
const char * vhost_name
Definition: lws-secure-streams-policy.h:82