/* * A WebSocket to TCP socket proxy with support for "wss://" encryption. * Copyright 2010 Joel Martin * Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3) * * You can make a cert/key with openssl using: * openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem * as taken from http://docs.python.org/dev/library/ssl.html#certificates */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "websocket.h" /* char USAGE[] = "Usage: [options] " \ "[source_addr:]source_port target_addr:target_port\n\n" \ " --verbose|-v verbose messages and per frame traffic\n" \ " --daemon|-D become a daemon (background process)\n" \ " --run-once handle a single WebSocket connection and exit\n" \ " --cert CERT SSL certificate file\n" \ " --key KEY SSL key file (if separate from cert)\n" \ " --ssl-only disallow non-encrypted connections"; */ extern int pipe_error; extern settings_t settings; static void do_proxy(ws_ctx_t *ws_ctx, int target) { fd_set rlist, wlist, elist; struct timeval tv; int maxfd, client = ws_ctx->sockfd; unsigned int opcode, left, ret; unsigned int tout_start, tout_end, cout_start, cout_end; unsigned int tin_start, tin_end; ssize_t len, bytes; tout_start = tout_end = cout_start = cout_end = tin_start = tin_end = 0; maxfd = client > target ? client+1 : target+1; while (1) { tv.tv_sec = 1; tv.tv_usec = 0; FD_ZERO(&rlist); FD_ZERO(&wlist); FD_ZERO(&elist); FD_SET(client, &elist); FD_SET(target, &elist); if (tout_end == tout_start) { // Nothing queued for target, so read from client FD_SET(client, &rlist); } else { // Data queued for target, so write to it FD_SET(target, &wlist); } if (cout_end == cout_start) { // Nothing queued for client, so read from target FD_SET(target, &rlist); } else { // Data queued for client, so write to it FD_SET(client, &wlist); } do { ret = select(maxfd, &rlist, &wlist, &elist, &tv); } while (ret == -1 && errno == EINTR); if (pipe_error) { break; } if (FD_ISSET(target, &elist)) { handler_emsg("target exception\n"); break; } if (FD_ISSET(client, &elist)) { handler_emsg("client exception\n"); break; } if (ret == -1) { handler_emsg("select(): %s\n", strerror(errno)); break; } else if (ret == 0) { //handler_emsg("select timeout\n"); continue; } if (FD_ISSET(target, &wlist)) { len = tout_end-tout_start; bytes = send(target, ws_ctx->tout_buf + tout_start, len, 0); if (pipe_error) { break; } if (bytes < 0) { handler_emsg("target connection error: %s\n", strerror(errno)); break; } tout_start += bytes; if (tout_start >= tout_end) { tout_start = tout_end = 0; traffic(">"); } else { traffic(">."); } } if (FD_ISSET(client, &wlist)) { len = cout_end-cout_start; bytes = ws_send(ws_ctx, ws_ctx->cout_buf + cout_start, len); if (pipe_error) { break; } if (len < 3) { handler_emsg("len: %d, bytes: %d: %d\n", (int) len, (int) bytes, (int) *(ws_ctx->cout_buf + cout_start)); } cout_start += bytes; if (cout_start >= cout_end) { cout_start = cout_end = 0; traffic("<"); } else { traffic("<."); } } if (FD_ISSET(target, &rlist)) { bytes = recv(target, ws_ctx->cin_buf, DBUFSIZE , 0); if (pipe_error) { break; } if (bytes <= 0) { handler_emsg("target closed connection\n"); break; } cout_start = 0; if (ws_ctx->hybi) { cout_end = encode_hybi(ws_ctx->cin_buf, bytes, ws_ctx->cout_buf, BUFSIZE, ws_ctx->opcode); } else { cout_end = encode_hixie(ws_ctx->cin_buf, bytes, ws_ctx->cout_buf, BUFSIZE); } /* printf("encoded: "); for (i=0; i< cout_end; i++) { printf("%u,", (unsigned char) *(ws_ctx->cout_buf+i)); } printf("\n"); */ if (cout_end < 0) { handler_emsg("encoding error\n"); break; } traffic("{"); } if (FD_ISSET(client, &rlist)) { bytes = ws_recv(ws_ctx, ws_ctx->tin_buf + tin_end, BUFSIZE-1); if (pipe_error) { break; } if (bytes <= 0) { handler_emsg("client closed connection\n"); break; } tin_end += bytes; /* printf("before decode: "); for (i=0; i< bytes; i++) { printf("%u,", (unsigned char) *(ws_ctx->tin_buf+i)); } printf("\n"); */ if (ws_ctx->hybi) { len = decode_hybi(ws_ctx->tin_buf + tin_start, tin_end-tin_start, ws_ctx->tout_buf, BUFSIZE-1, &opcode, &left); } else { len = decode_hixie(ws_ctx->tin_buf + tin_start, tin_end-tin_start, ws_ctx->tout_buf, BUFSIZE-1, &opcode, &left); } if (opcode == 8) { handler_msg("client sent orderly close frame\n"); break; } /* printf("decoded: "); for (i=0; i< len; i++) { printf("%u,", (unsigned char) *(ws_ctx->tout_buf+i)); } printf("\n"); */ if (len < 0) { handler_emsg("decoding error\n"); break; } if (left) { tin_start = tin_end - left; //printf("partial frame from client"); } else { tin_start = 0; tin_end = 0; } traffic("}"); tout_start = 0; tout_end = len; } } } void proxy_handler(ws_ctx_t *ws_ctx) { struct sockaddr_un addr; addr.sun_family = AF_UNIX; strcpy(addr.sun_path, ".KasmVNCSock"); addr.sun_path[0] = '\0'; struct sockaddr_un myaddr; myaddr.sun_family = AF_UNIX; sprintf(myaddr.sun_path, ".%s@%s", ws_ctx->user, ws_ctx->ip); myaddr.sun_path[0] = '\0'; int tsock = socket(AF_UNIX, SOCK_STREAM, 0); bind(tsock, (struct sockaddr *) &myaddr, sizeof(struct sockaddr_un)); handler_msg("connecting to VNC target\n"); if (connect(tsock, (struct sockaddr *) &addr, sizeof(sa_family_t) + sizeof(".KasmVNCSock")) < 0) { handler_emsg("Could not connect to target: %s\n", strerror(errno)); return; } do_proxy(ws_ctx, tsock); shutdown(tsock, SHUT_RDWR); close(tsock); } #if 0 int main(int argc, char *argv[]) { int fd, c, option_index = 0; static int ssl_only = 0, daemon = 0, run_once = 0, verbose = 0; char *found; static struct option long_options[] = { {"verbose", no_argument, &verbose, 'v'}, {"ssl-only", no_argument, &ssl_only, 1 }, {"daemon", no_argument, &daemon, 'D'}, /* ---- */ {"run-once", no_argument, 0, 'r'}, {"cert", required_argument, 0, 'c'}, {"key", required_argument, 0, 'k'}, {0, 0, 0, 0} }; settings.cert = realpath("self.pem", NULL); if (!settings.cert) { /* Make sure it's always set to something */ settings.cert = "self.pem"; } settings.key = ""; while (1) { c = getopt_long (argc, argv, "vDrc:k:", long_options, &option_index); /* Detect the end */ if (c == -1) { break; } switch (c) { case 0: break; // ignore case 1: break; // ignore case 'v': verbose = 1; break; case 'D': daemon = 1; break; case 'r': run_once = 1; break; case 'c': settings.cert = realpath(optarg, NULL); if (! settings.cert) { usage("No cert file at %s\n", optarg); } break; case 'k': settings.key = realpath(optarg, NULL); if (! settings.key) { usage("No key file at %s\n", optarg); } break; default: usage(""); } } settings.verbose = verbose; settings.ssl_only = ssl_only; settings.daemon = daemon; settings.run_once = run_once; if ((argc-optind) != 2) { usage("Invalid number of arguments\n"); } found = strstr(argv[optind], ":"); if (found) { memcpy(settings.listen_host, argv[optind], found-argv[optind]); settings.listen_port = strtol(found+1, NULL, 10); } else { settings.listen_host[0] = '\0'; settings.listen_port = strtol(argv[optind], NULL, 10); } optind++; if (settings.listen_port == 0) { usage("Could not parse listen_port\n"); } found = strstr(argv[optind], ":"); if (found) { memcpy(target_host, argv[optind], found-argv[optind]); target_port = strtol(found+1, NULL, 10); } else { usage("Target argument must be host:port\n"); } if (target_port == 0) { usage("Could not parse target port\n"); } if (ssl_only) { if (access(settings.cert, R_OK) != 0) { usage("SSL only and cert file '%s' not found\n", settings.cert); } } else if (access(settings.cert, R_OK) != 0) { fprintf(stderr, "Warning: '%s' not found\n", settings.cert); } //printf(" verbose: %d\n", settings.verbose); //printf(" ssl_only: %d\n", settings.ssl_only); //printf(" daemon: %d\n", settings.daemon); //printf(" run_once: %d\n", settings.run_once); //printf(" cert: %s\n", settings.cert); //printf(" key: %s\n", settings.key); settings.handler = proxy_handler; start_server(); } #endif