From f10d40d3303d792be4a73a6ae3e5830d8dcfbe6a Mon Sep 17 00:00:00 2001 From: mom040267 Date: Fri, 2 Jan 2015 06:26:09 +0000 Subject: [PATCH] working on https --- src/apps/relay/mainrelay.c | 4 +- src/apps/relay/mainrelay.h | 10 --- src/apps/relay/netengine.c | 1 + src/apps/relay/turncli.c | 122 +++++++++++++++++++++++++++--------- src/apps/relay/turncli.h | 9 +-- src/server/ns_turn_server.c | 18 +++++- src/server/ns_turn_server.h | 3 + 7 files changed, 118 insertions(+), 49 deletions(-) diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index ad00eba..2662955 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -122,9 +122,7 @@ LOW_DEFAULT_PORTS_BOUNDARY,HIGH_DEFAULT_PORTS_BOUNDARY,0,0,0,"", ///////////// Users DB ////////////// { (TURN_USERDB_TYPE)0, {"\0"}, {0,NULL,NULL, {NULL,0}} }, ///////////// CPUs ////////////////// -DEFAULT_CPUS_NUMBER, -///////////// HTTPS Admin Server //// -1,DEFAULT_HTTPS_ADMIN_PORT,DEFAULT_HTTPS_ADMIN_ADDR,"123" +DEFAULT_CPUS_NUMBER }; //////////////// OpenSSL Init ////////////////////// diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index bdffed9..be020ac 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -102,9 +102,6 @@ extern "C" { #define DEFAULT_CPUS_NUMBER (2) -#define DEFAULT_HTTPS_ADMIN_PORT (4433) -#define DEFAULT_HTTPS_ADMIN_ADDR ("0.0.0.0") - /////////// TYPES /////////////////////////////////// enum _DH_KEY_SIZE { @@ -313,13 +310,6 @@ typedef struct _turn_params_ { unsigned long cpus; -/////// HTTPS Admin server ////// - - int use_https_admin_server; - int https_admin_server_port; - char https_admin_server_addr[129]; - char https_admin_server_pwd[129]; - } turn_params_t; extern turn_params_t turn_params; diff --git a/src/apps/relay/netengine.c b/src/apps/relay/netengine.c index 7bd1d60..e74d786 100644 --- a/src/apps/relay/netengine.c +++ b/src/apps/relay/netengine.c @@ -1649,6 +1649,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int &turn_params.secure_stun, turn_params.shatype, &turn_params.mobility, turn_params.server_relay, send_turn_session_info, + send_https_socket, allocate_bps, turn_params.oauth, turn_params.oauth_server_name); diff --git a/src/apps/relay/turncli.c b/src/apps/relay/turncli.c index 9eb3e51..c88b509 100644 --- a/src/apps/relay/turncli.c +++ b/src/apps/relay/turncli.c @@ -1217,38 +1217,16 @@ static void cliserver_input_handler(struct evconnlistener *l, evutil_socket_t fd void setup_cli_thread(void) { - ns_bzero(&cliserver,sizeof(cliserver)); cliserver.event_base = turn_event_base_new(); + super_memory_t* sm = new_super_memory_region(); + cliserver.e = create_ioa_engine(sm, cliserver.event_base, turn_params.listener.tp, turn_params.relay_ifname, turn_params.relays_number, turn_params.relay_addrs, + turn_params.default_relays, turn_params.verbose + #if !defined(TURN_NO_HIREDIS) + ,turn_params.redis_statsdb + #endif + ); TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"IO method (cli thread): %s\n",event_base_get_method(cliserver.event_base)); - if (turn_params.use_https_admin_server - && turn_params.https_admin_server_pwd[0]) { - -#if TLSv1_2_SUPPORTED - if (turn_params.tls_ctx_v1_2) { - cliserver.ctx = turn_params.tls_ctx_v1_2; - } -#endif - -#if TLSv1_1_SUPPORTED - if (!cliserver.ctx && turn_params.tls_ctx_v1_1) { - cliserver.ctx = turn_params.tls_ctx_v1_1; - } -#endif - - if (!cliserver.ctx && turn_params.tls_ctx_v1_0) { - cliserver.ctx = turn_params.tls_ctx_v1_0; - } - - if (!cliserver.ctx && turn_params.tls_ctx_ssl23) { - cliserver.ctx = turn_params.tls_ctx_ssl23; - } - } - - if(!cliserver.ctx) { - turn_params.use_https_admin_server = 0; - } - { struct bufferevent *pair[2]; @@ -1261,6 +1239,18 @@ void setup_cli_thread(void) bufferevent_enable(cliserver.in_buf, EV_READ); } + { + struct bufferevent *pair[2]; + + bufferevent_pair_new(cliserver.event_base, TURN_BUFFEREVENTS_OPTIONS, pair); + + cliserver.https_in_buf = pair[0]; + cliserver.https_out_buf = pair[1]; + + bufferevent_setcb(cliserver.https_in_buf, https_cli_server_receive_message, NULL, NULL, &cliserver); + bufferevent_enable(cliserver.https_in_buf, EV_READ); + } + if(!cli_addr_set) { if(make_ioa_addr((const u08bits*)CLI_DEFAULT_IP,0,&cli_addr)<0) { TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,"Cannot set cli address %s\n",CLI_DEFAULT_IP); @@ -1365,8 +1355,80 @@ int send_turn_session_info(struct turn_session_info* tsi) /////////// HTTPS ///////////// -//https://github.com/ppelleti/https-example +static void write_https_echo(ioa_socket_handle s) +{ + if(s && !ioa_socket_tobeclosed(s)) { + SOCKET_APP_TYPE sat = get_ioa_socket_app_type(s); + if(sat == HTTPS_CLIENT_SOCKET) { + ioa_network_buffer_handle nbh_http = ioa_network_buffer_allocate(s->e); + size_t len_http = ioa_network_buffer_get_size(nbh_http); + u08bits *data = ioa_network_buffer_data(nbh_http); + char data_http[1025]; + char content_http[1025]; + const char* title = "HTTPS TURN Server"; + snprintf(content_http,sizeof(content_http)-1,"\r\n\r\n \r\n %s\r\n \r\n \r\n %s\r\n \r\n\r\n",title,title); + snprintf(data_http,sizeof(data_http)-1,"HTTP/1.1 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: %d\r\n\r\n%s",TURN_SOFTWARE,(int)strlen(content_http),content_http); + len_http = strlen(data_http); + ns_bcopy(data_http,data,len_http); + ioa_network_buffer_set_size(nbh_http,len_http); + send_data_from_ioa_socket_nbh(s, NULL, nbh_http, TTL_IGNORE, TOS_IGNORE); + } + } +} +static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh) { + //TODO + + if(turn_params.verbose) { + if(nbh) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: HTTPS connection input: %s\n", __FUNCTION__, (char*)ioa_network_buffer_data(nbh)); + } else { + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: HTTPS connection initial input\n", __FUNCTION__); + } + } + + write_https_echo(s); +} + +static void https_input_handler(ioa_socket_handle s, int event_type, ioa_net_data *data, void *arg, int can_resume) { + + UNUSED_ARG(arg); + UNUSED_ARG(s); + UNUSED_ARG(event_type); + UNUSED_ARG(can_resume); + + handle_https(s,data->nbh); + + ioa_network_buffer_delete(cliserver.e, data->nbh); + data->nbh = NULL; +} + +void https_cli_server_receive_message(struct bufferevent *bev, void *ptr) +{ + UNUSED_ARG(ptr); + + ioa_socket_handle s= NULL; + int n = 0; + struct evbuffer *input = bufferevent_get_input(bev); + + while ((n = evbuffer_remove(input, &s, sizeof(s))) > 0) { + if (n != sizeof(s)) { + fprintf(stderr,"%s: Weird HTTPS CLI buffer error: size=%d\n",__FUNCTION__,n); + continue; + } + + register_callback_on_ioa_socket(cliserver.e, s, IOA_EV_READ, https_input_handler, NULL, 0); + + handle_https(s,NULL); + } +} + +void send_https_socket(ioa_socket_handle s) { + struct evbuffer *output = bufferevent_get_output(cliserver.https_out_buf); + if(output) { + evbuffer_add(output,&s,sizeof(s)); + } +} /////////////////////////////// diff --git a/src/apps/relay/turncli.h b/src/apps/relay/turncli.h index 8ca61b1..aef0e0c 100644 --- a/src/apps/relay/turncli.h +++ b/src/apps/relay/turncli.h @@ -38,7 +38,6 @@ #include #include -#include #include "ns_turn_utils.h" #include "ns_turn_maps.h" @@ -55,15 +54,15 @@ extern "C" { struct cli_server { evutil_socket_t listen_fd; struct event_base* event_base; + ioa_engine_handle e; int verbose; struct evconnlistener *l; struct bufferevent *in_buf; struct bufferevent *out_buf; + struct bufferevent *https_in_buf; + struct bufferevent *https_out_buf; ur_map *sessions; pthread_t thr; - //// HTTPS interface //// - SSL_CTX *ctx; - struct evhttp *https; }; /////////////////////////////////////////// @@ -90,8 +89,10 @@ extern int cli_max_output_sessions; void setup_cli_thread(void); void cli_server_receive_message(struct bufferevent *bev, void *ptr); +void https_cli_server_receive_message(struct bufferevent *bev, void *ptr); int send_turn_session_info(struct turn_session_info* tsi); +void send_https_socket(ioa_socket_handle s); //////////////////////////////////////////// diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c index 0823c32..abf2909 100644 --- a/src/server/ns_turn_server.c +++ b/src/server/ns_turn_server.c @@ -4164,6 +4164,8 @@ static void client_to_be_allocated_timeout_handler(ioa_engine_handle e, if(!s || ioa_socket_tobeclosed(s)) { to_close = 1; + } else if(get_ioa_socket_app_type(s) == HTTPS_CLIENT_SOCKET) { + ; } else { ioa_socket_handle rs4 = ss->alloc.relay_sessions[ALLOC_IPV4_INDEX].s; ioa_socket_handle rs6 = ss->alloc.relay_sessions[ALLOC_IPV6_INDEX].s; @@ -4437,7 +4439,7 @@ static int read_client_connection(turn_turnserver *server, SOCKET_APP_TYPE sat = get_ioa_socket_app_type(ss->client_socket); int is_padding_mandatory = ((st == TCP_SOCKET)||(st==TLS_SOCKET)||(st==TENTATIVE_TCP_SOCKET)); - if((sat == HTTP_CLIENT_SOCKET)||(sat == HTTPS_CLIENT_SOCKET)) { + if(sat == HTTP_CLIENT_SOCKET) { if(server->verbose) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: HTTP connection input: %s\n", __FUNCTION__, (char*)ioa_network_buffer_data(in_buffer->nbh)); @@ -4445,6 +4447,10 @@ static int read_client_connection(turn_turnserver *server, handle_http(ss->client_socket); + } else if(sat == HTTPS_CLIENT_SOCKET) { + + //??? + } else if (stun_is_channel_message_str(ioa_network_buffer_data(in_buffer->nbh), &blen, &chnum, @@ -4538,13 +4544,19 @@ static int read_client_connection(turn_turnserver *server, proto = "HTTPS"; set_ioa_socket_app_type(ss->client_socket,HTTPS_CLIENT_SOCKET); TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s (%s %s) request: %s\n", __FUNCTION__, proto, get_ioa_socket_cipher(ss->client_socket), get_ioa_socket_ssl_method(ss->client_socket), (char*)ioa_network_buffer_data(in_buffer->nbh)); + if(server->send_https_socket) { + ioa_socket_handle new_s = detach_ioa_socket(ss->client_socket); + if(new_s) { + server->send_https_socket(new_s); + } + } } else { set_ioa_socket_app_type(ss->client_socket,HTTP_CLIENT_SOCKET); if(server->verbose) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "%s: %s request: %s\n", __FUNCTION__, proto, (char*)ioa_network_buffer_data(in_buffer->nbh)); } + handle_http(ss->client_socket); } - handle_http(ss->client_socket); return 0; } } @@ -4799,6 +4811,7 @@ void init_turn_server(turn_turnserver* server, send_socket_to_relay_cb send_socket_to_relay, vintp secure_stun, SHATYPE shatype, vintp mobility, int server_relay, send_turn_session_info_cb send_turn_session_info, + send_https_socket_cb send_https_socket, allocate_bps_cb allocate_bps_func, int oauth, const char* oauth_server_name) { @@ -4824,6 +4837,7 @@ void init_turn_server(turn_turnserver* server, server->mobility = mobility; server->server_relay = server_relay; server->send_turn_session_info = send_turn_session_info; + server->send_https_socket = send_https_socket; server->oauth = oauth; if(oauth) server->oauth_server_name = oauth_server_name; diff --git a/src/server/ns_turn_server.h b/src/server/ns_turn_server.h index 3506e61..7538080 100644 --- a/src/server/ns_turn_server.h +++ b/src/server/ns_turn_server.h @@ -96,6 +96,7 @@ typedef int (*check_new_allocation_quota_cb)(u08bits *username, int oauth, u08bi typedef void (*release_allocation_quota_cb)(u08bits *username, int oauth, u08bits *realm); typedef int (*send_socket_to_relay_cb)(turnserver_id id, u64bits cid, stun_tid *tid, ioa_socket_handle s, int message_integrity, MESSAGE_TO_RELAY_TYPE rmt, ioa_net_data *nd, int can_resume); typedef int (*send_turn_session_info_cb)(struct turn_session_info *tsi); +typedef void (*send_https_socket_cb)(ioa_socket_handle s); typedef band_limit_t (*allocate_bps_cb)(band_limit_t bps, int positive); @@ -131,6 +132,7 @@ struct _turn_turnserver { vintp no_loopback_peers; vintp no_multicast_peers; send_turn_session_info_cb send_turn_session_info; + send_https_socket_cb send_https_socket; /* RFC 6062 ==>> */ vintp no_udp_relay; @@ -199,6 +201,7 @@ void init_turn_server(turn_turnserver* server, vintp mobility, int server_relay, send_turn_session_info_cb send_turn_session_info, + send_https_socket_cb send_https_socket, allocate_bps_cb allocate_bps_func, int oauth, const char* oauth_server_name);