mirror of
https://github.com/kasmtech/KasmVNC.git
synced 2024-11-25 09:33:50 +01:00
93e47e5d54
* Copy-paste bug in SSE2 scaling to under 0.5x * Better handling of websocket frames * KASM-1912 websocket crash, scaling bug Co-authored-by: Lauri Kasanen <cand@gmx.com> Co-authored-by: matt <matt@kasmweb.com>
380 lines
12 KiB
C
380 lines
12 KiB
C
/*
|
|
* A WebSocket to TCP socket proxy with support for "wss://" encryption.
|
|
* Copyright 2010 Joel Martin
|
|
* Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3)
|
|
*
|
|
* You can make a cert/key with openssl using:
|
|
* openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
|
|
* as taken from http://docs.python.org/dev/library/ssl.html#certificates
|
|
*/
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <limits.h>
|
|
#include <getopt.h>
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/un.h>
|
|
#include <netinet/in.h>
|
|
#include <netdb.h>
|
|
#include <sys/select.h>
|
|
#include <fcntl.h>
|
|
#include <unistd.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/time.h>
|
|
#include <sys/types.h>
|
|
#include "websocket.h"
|
|
|
|
/*
|
|
char USAGE[] = "Usage: [options] " \
|
|
"[source_addr:]source_port target_addr:target_port\n\n" \
|
|
" --verbose|-v verbose messages and per frame traffic\n" \
|
|
" --daemon|-D become a daemon (background process)\n" \
|
|
" --run-once handle a single WebSocket connection and exit\n" \
|
|
" --cert CERT SSL certificate file\n" \
|
|
" --key KEY SSL key file (if separate from cert)\n" \
|
|
" --ssl-only disallow non-encrypted connections";
|
|
*/
|
|
|
|
extern int pipe_error;
|
|
extern settings_t settings;
|
|
|
|
static void do_proxy(ws_ctx_t *ws_ctx, int target) {
|
|
fd_set rlist, wlist, elist;
|
|
struct timeval tv;
|
|
int maxfd, client = ws_ctx->sockfd;
|
|
unsigned int opcode, left, ret;
|
|
unsigned int tout_start, tout_end, cout_start, cout_end;
|
|
unsigned int tin_end;
|
|
ssize_t len, bytes;
|
|
|
|
tout_start = tout_end = cout_start = cout_end =
|
|
tin_end = 0;
|
|
maxfd = client > target ? client+1 : target+1;
|
|
|
|
while (1) {
|
|
tv.tv_sec = 1;
|
|
tv.tv_usec = 0;
|
|
|
|
FD_ZERO(&rlist);
|
|
FD_ZERO(&wlist);
|
|
FD_ZERO(&elist);
|
|
|
|
FD_SET(client, &elist);
|
|
FD_SET(target, &elist);
|
|
|
|
if (tout_end == tout_start) {
|
|
// Nothing queued for target, so read from client
|
|
FD_SET(client, &rlist);
|
|
} else {
|
|
// Data queued for target, so write to it
|
|
FD_SET(target, &wlist);
|
|
}
|
|
if (cout_end == cout_start) {
|
|
// Nothing queued for client, so read from target
|
|
FD_SET(target, &rlist);
|
|
} else {
|
|
// Data queued for client, so write to it
|
|
FD_SET(client, &wlist);
|
|
}
|
|
|
|
do {
|
|
ret = select(maxfd, &rlist, &wlist, &elist, &tv);
|
|
} while (ret == -1 && errno == EINTR);
|
|
if (pipe_error) { break; }
|
|
|
|
if (FD_ISSET(target, &elist)) {
|
|
handler_emsg("target exception\n");
|
|
break;
|
|
}
|
|
if (FD_ISSET(client, &elist)) {
|
|
handler_emsg("client exception\n");
|
|
break;
|
|
}
|
|
|
|
if (ret == -1) {
|
|
handler_emsg("select(): %s\n", strerror(errno));
|
|
break;
|
|
} else if (ret == 0) {
|
|
//handler_emsg("select timeout\n");
|
|
continue;
|
|
}
|
|
|
|
if (FD_ISSET(target, &wlist)) {
|
|
len = tout_end-tout_start;
|
|
bytes = send(target, ws_ctx->tout_buf + tout_start, len, 0);
|
|
if (pipe_error) { break; }
|
|
if (bytes < 0) {
|
|
handler_emsg("target connection error: %s\n",
|
|
strerror(errno));
|
|
break;
|
|
}
|
|
tout_start += bytes;
|
|
if (tout_start >= tout_end) {
|
|
tout_start = tout_end = 0;
|
|
traffic(">");
|
|
} else {
|
|
traffic(">.");
|
|
}
|
|
}
|
|
|
|
if (FD_ISSET(client, &wlist)) {
|
|
len = cout_end-cout_start;
|
|
bytes = ws_send(ws_ctx, ws_ctx->cout_buf + cout_start, len);
|
|
if (pipe_error) { break; }
|
|
if (len < 3) {
|
|
handler_emsg("len: %d, bytes: %d: %d\n",
|
|
(int) len, (int) bytes,
|
|
(int) *(ws_ctx->cout_buf + cout_start));
|
|
}
|
|
cout_start += bytes;
|
|
if (cout_start >= cout_end) {
|
|
cout_start = cout_end = 0;
|
|
traffic("<");
|
|
} else {
|
|
traffic("<.");
|
|
}
|
|
}
|
|
|
|
if (FD_ISSET(target, &rlist)) {
|
|
bytes = recv(target, ws_ctx->cin_buf, DBUFSIZE , 0);
|
|
if (pipe_error) { break; }
|
|
if (bytes <= 0) {
|
|
handler_emsg("target closed connection\n");
|
|
break;
|
|
}
|
|
cout_start = 0;
|
|
if (ws_ctx->hybi) {
|
|
cout_end = encode_hybi(ws_ctx->cin_buf, bytes,
|
|
ws_ctx->cout_buf, BUFSIZE, ws_ctx->opcode);
|
|
} else {
|
|
cout_end = encode_hixie(ws_ctx->cin_buf, bytes,
|
|
ws_ctx->cout_buf, BUFSIZE);
|
|
}
|
|
/*
|
|
printf("encoded: ");
|
|
for (i=0; i< cout_end; i++) {
|
|
printf("%u,", (unsigned char) *(ws_ctx->cout_buf+i));
|
|
}
|
|
printf("\n");
|
|
*/
|
|
if (cout_end < 0) {
|
|
handler_emsg("encoding error\n");
|
|
break;
|
|
}
|
|
traffic("{");
|
|
}
|
|
|
|
if (FD_ISSET(client, &rlist)) {
|
|
bytes = ws_recv(ws_ctx, ws_ctx->tin_buf + tin_end, BUFSIZE-1-tin_end);
|
|
if (pipe_error) { break; }
|
|
if (bytes <= 0) {
|
|
handler_emsg("client closed connection\n");
|
|
break;
|
|
}
|
|
tin_end += bytes;
|
|
/*
|
|
printf("before decode: ");
|
|
for (i=0; i< bytes; i++) {
|
|
printf("%u,", (unsigned char) *(ws_ctx->tin_buf+i));
|
|
}
|
|
printf("\n");
|
|
*/
|
|
if (ws_ctx->hybi) {
|
|
len = decode_hybi(ws_ctx->tin_buf,
|
|
tin_end,
|
|
ws_ctx->tout_buf, BUFSIZE-1,
|
|
&opcode, &left);
|
|
} else {
|
|
len = decode_hixie(ws_ctx->tin_buf,
|
|
tin_end,
|
|
ws_ctx->tout_buf, BUFSIZE-1,
|
|
&opcode, &left);
|
|
}
|
|
|
|
if (opcode == 8) {
|
|
handler_msg("client sent orderly close frame\n");
|
|
break;
|
|
}
|
|
|
|
/*
|
|
printf("decoded: ");
|
|
for (i=0; i< len; i++) {
|
|
printf("%u,", (unsigned char) *(ws_ctx->tout_buf+i));
|
|
}
|
|
printf("\n");
|
|
*/
|
|
if (len < 0) {
|
|
handler_emsg("decoding error\n");
|
|
break;
|
|
}
|
|
if (left) {
|
|
const unsigned tin_start = tin_end - left;
|
|
//handler_emsg("partial frame from client, %u left, start %u end %u, lens %lu %lu\n",
|
|
// left, tin_start, tin_end, bytes, len);
|
|
memmove(ws_ctx->tin_buf, ws_ctx->tin_buf + tin_start, left);
|
|
tin_end = left;
|
|
} else {
|
|
//handler_emsg("handled %lu/%lu bytes\n", bytes, len);
|
|
tin_end = 0;
|
|
}
|
|
|
|
traffic("}");
|
|
tout_start = 0;
|
|
tout_end = len;
|
|
}
|
|
}
|
|
}
|
|
|
|
void proxy_handler(ws_ctx_t *ws_ctx) {
|
|
|
|
char sockname[32];
|
|
sprintf(sockname, ".KasmVNCSock%u", getpid());
|
|
|
|
struct sockaddr_un addr;
|
|
addr.sun_family = AF_UNIX;
|
|
strcpy(addr.sun_path, sockname);
|
|
addr.sun_path[0] = '\0';
|
|
|
|
struct timeval tv;
|
|
gettimeofday(&tv, NULL);
|
|
|
|
struct sockaddr_un myaddr;
|
|
myaddr.sun_family = AF_UNIX;
|
|
sprintf(myaddr.sun_path, ".%s@%s_%lu.%lu", ws_ctx->user, ws_ctx->ip,
|
|
tv.tv_sec, tv.tv_usec);
|
|
myaddr.sun_path[0] = '\0';
|
|
|
|
int tsock = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
bind(tsock, (struct sockaddr *) &myaddr, sizeof(struct sockaddr_un));
|
|
|
|
handler_msg("connecting to VNC target\n");
|
|
|
|
if (connect(tsock, (struct sockaddr *) &addr,
|
|
sizeof(sa_family_t) + strlen(sockname)) < 0) {
|
|
|
|
handler_emsg("Could not connect to target: %s\n",
|
|
strerror(errno));
|
|
return;
|
|
}
|
|
|
|
do_proxy(ws_ctx, tsock);
|
|
|
|
shutdown(tsock, SHUT_RDWR);
|
|
close(tsock);
|
|
}
|
|
|
|
#if 0
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int fd, c, option_index = 0;
|
|
static int ssl_only = 0, daemon = 0, run_once = 0, verbose = 0;
|
|
char *found;
|
|
static struct option long_options[] = {
|
|
{"verbose", no_argument, &verbose, 'v'},
|
|
{"ssl-only", no_argument, &ssl_only, 1 },
|
|
{"daemon", no_argument, &daemon, 'D'},
|
|
/* ---- */
|
|
{"run-once", no_argument, 0, 'r'},
|
|
{"cert", required_argument, 0, 'c'},
|
|
{"key", required_argument, 0, 'k'},
|
|
{0, 0, 0, 0}
|
|
};
|
|
|
|
settings.cert = realpath("self.pem", NULL);
|
|
if (!settings.cert) {
|
|
/* Make sure it's always set to something */
|
|
settings.cert = "self.pem";
|
|
}
|
|
settings.key = "";
|
|
|
|
while (1) {
|
|
c = getopt_long (argc, argv, "vDrc:k:",
|
|
long_options, &option_index);
|
|
|
|
/* Detect the end */
|
|
if (c == -1) { break; }
|
|
|
|
switch (c) {
|
|
case 0:
|
|
break; // ignore
|
|
case 1:
|
|
break; // ignore
|
|
case 'v':
|
|
verbose = 1;
|
|
break;
|
|
case 'D':
|
|
daemon = 1;
|
|
break;
|
|
case 'r':
|
|
run_once = 1;
|
|
break;
|
|
case 'c':
|
|
settings.cert = realpath(optarg, NULL);
|
|
if (! settings.cert) {
|
|
usage("No cert file at %s\n", optarg);
|
|
}
|
|
break;
|
|
case 'k':
|
|
settings.key = realpath(optarg, NULL);
|
|
if (! settings.key) {
|
|
usage("No key file at %s\n", optarg);
|
|
}
|
|
break;
|
|
default:
|
|
usage("");
|
|
}
|
|
}
|
|
settings.verbose = verbose;
|
|
settings.ssl_only = ssl_only;
|
|
settings.daemon = daemon;
|
|
settings.run_once = run_once;
|
|
|
|
if ((argc-optind) != 2) {
|
|
usage("Invalid number of arguments\n");
|
|
}
|
|
|
|
found = strstr(argv[optind], ":");
|
|
if (found) {
|
|
memcpy(settings.listen_host, argv[optind], found-argv[optind]);
|
|
settings.listen_port = strtol(found+1, NULL, 10);
|
|
} else {
|
|
settings.listen_host[0] = '\0';
|
|
settings.listen_port = strtol(argv[optind], NULL, 10);
|
|
}
|
|
optind++;
|
|
if (settings.listen_port == 0) {
|
|
usage("Could not parse listen_port\n");
|
|
}
|
|
|
|
found = strstr(argv[optind], ":");
|
|
if (found) {
|
|
memcpy(target_host, argv[optind], found-argv[optind]);
|
|
target_port = strtol(found+1, NULL, 10);
|
|
} else {
|
|
usage("Target argument must be host:port\n");
|
|
}
|
|
if (target_port == 0) {
|
|
usage("Could not parse target port\n");
|
|
}
|
|
|
|
if (ssl_only) {
|
|
if (access(settings.cert, R_OK) != 0) {
|
|
usage("SSL only and cert file '%s' not found\n", settings.cert);
|
|
}
|
|
} else if (access(settings.cert, R_OK) != 0) {
|
|
fprintf(stderr, "Warning: '%s' not found\n", settings.cert);
|
|
}
|
|
|
|
//printf(" verbose: %d\n", settings.verbose);
|
|
//printf(" ssl_only: %d\n", settings.ssl_only);
|
|
//printf(" daemon: %d\n", settings.daemon);
|
|
//printf(" run_once: %d\n", settings.run_once);
|
|
//printf(" cert: %s\n", settings.cert);
|
|
//printf(" key: %s\n", settings.key);
|
|
|
|
settings.handler = proxy_handler;
|
|
start_server();
|
|
|
|
}
|
|
#endif
|