2011-03-26 20:27:08 +00:00
|
|
|
#!/usr/bin/env python
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
'''
|
|
|
|
Python WebSocket library with support for "wss://" encryption.
|
2011-05-18 17:09:10 +01:00
|
|
|
Copyright 2011 Joel Martin
|
2010-07-17 18:05:58 +01:00
|
|
|
Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3)
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2011-05-02 04:17:04 +01:00
|
|
|
Supports following protocol versions:
|
2013-03-04 08:38:29 +00:00
|
|
|
- http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07
|
2011-08-04 17:09:12 +01:00
|
|
|
- http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
|
2013-03-04 08:38:29 +00:00
|
|
|
- http://tools.ietf.org/html/rfc6455
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
You can make a cert/key with openssl using:
|
|
|
|
openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
|
|
|
|
as taken from http://docs.python.org/dev/library/ssl.html#certificates
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
2011-09-29 22:08:28 +01:00
|
|
|
import os, sys, time, errno, signal, socket, traceback, select
|
2011-10-06 15:37:09 +01:00
|
|
|
import array, struct
|
2010-05-06 16:32:07 +01:00
|
|
|
from base64 import b64encode, b64decode
|
2011-05-18 17:09:10 +01:00
|
|
|
|
|
|
|
# Imports that vary by python version
|
2011-10-06 15:37:09 +01:00
|
|
|
|
|
|
|
# python 3.0 differences
|
2011-05-18 17:09:10 +01:00
|
|
|
if sys.hexversion > 0x3000000:
|
|
|
|
b2s = lambda buf: buf.decode('latin_1')
|
|
|
|
s2b = lambda s: s.encode('latin_1')
|
2011-09-29 22:08:28 +01:00
|
|
|
s2a = lambda s: s
|
2011-05-18 17:09:10 +01:00
|
|
|
else:
|
2011-10-06 15:37:09 +01:00
|
|
|
b2s = lambda buf: buf # No-op
|
|
|
|
s2b = lambda s: s # No-op
|
2011-09-29 22:08:28 +01:00
|
|
|
s2a = lambda s: [ord(c) for c in s]
|
2011-10-06 15:37:09 +01:00
|
|
|
try: from io import StringIO
|
|
|
|
except: from cStringIO import StringIO
|
|
|
|
try: from http.server import SimpleHTTPRequestHandler
|
|
|
|
except: from SimpleHTTPServer import SimpleHTTPRequestHandler
|
|
|
|
|
|
|
|
# python 2.6 differences
|
2013-03-04 08:38:29 +00:00
|
|
|
try: from hashlib import sha1
|
|
|
|
except: from sha import sha as sha1
|
2011-10-06 15:37:09 +01:00
|
|
|
|
|
|
|
# python 2.5 differences
|
|
|
|
try:
|
|
|
|
from struct import pack, unpack_from
|
|
|
|
except:
|
|
|
|
from struct import pack
|
|
|
|
def unpack_from(fmt, buf, offset=0):
|
2011-10-06 11:25:37 +01:00
|
|
|
slice = buffer(buf, offset, struct.calcsize(fmt))
|
|
|
|
return struct.unpack(fmt, slice)
|
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
# Degraded functionality if these imports are missing
|
2013-04-19 23:14:20 +01:00
|
|
|
for mod, msg in [('numpy', 'HyBi protocol will be slower'),
|
|
|
|
('ssl', 'TLS/SSL/wss is disabled'),
|
|
|
|
('multiprocessing', 'Multi-Processing is disabled'),
|
|
|
|
('resource', 'daemonizing is disabled')]:
|
2011-05-18 21:52:39 +01:00
|
|
|
try:
|
|
|
|
globals()[mod] = __import__(mod)
|
|
|
|
except ImportError:
|
|
|
|
globals()[mod] = None
|
2013-04-19 23:14:20 +01:00
|
|
|
print("WARNING: no '%s' module, %s" % (mod, msg))
|
2011-10-06 15:37:09 +01:00
|
|
|
if multiprocessing and sys.platform == 'win32':
|
|
|
|
# make sockets pickle-able/inheritable
|
|
|
|
import multiprocessing.reduction
|
2011-05-18 17:09:10 +01:00
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2011-01-13 00:09:54 +00:00
|
|
|
class WebSocketServer(object):
|
2011-01-08 21:29:01 +00:00
|
|
|
"""
|
|
|
|
WebSockets server class.
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
Must be sub-classed with new_client method definition.
|
2011-01-08 21:29:01 +00:00
|
|
|
"""
|
|
|
|
|
2011-05-02 04:17:04 +01:00
|
|
|
buffer_size = 65536
|
|
|
|
|
|
|
|
server_handshake_hybi = """HTTP/1.1 101 Switching Protocols\r
|
|
|
|
Upgrade: websocket\r
|
|
|
|
Connection: Upgrade\r
|
|
|
|
Sec-WebSocket-Accept: %s\r
|
|
|
|
"""
|
|
|
|
|
|
|
|
GUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
policy_response = """<cross-domain-policy><allow-access-from domain="*" to-ports="*" /></cross-domain-policy>\n"""
|
|
|
|
|
2012-04-25 19:44:01 +01:00
|
|
|
# An exception before the WebSocket connection was established
|
2011-01-08 21:29:01 +00:00
|
|
|
class EClose(Exception):
|
|
|
|
pass
|
|
|
|
|
2012-04-25 19:44:01 +01:00
|
|
|
# An exception while the WebSocket client was connected
|
|
|
|
class CClose(Exception):
|
|
|
|
pass
|
|
|
|
|
2013-05-31 20:21:01 +01:00
|
|
|
class Terminate(Exception):
|
|
|
|
pass
|
|
|
|
|
2011-06-27 10:01:01 +01:00
|
|
|
def __init__(self, listen_host='', listen_port=None, source_is_ipv6=False,
|
2011-01-08 21:29:01 +00:00
|
|
|
verbose=False, cert='', key='', ssl_only=None,
|
2013-06-24 14:09:01 +01:00
|
|
|
daemon=False, record='', web='', file_only=False, no_parent=False,
|
2012-08-31 15:24:09 +01:00
|
|
|
run_once=False, timeout=0, idle_timeout=0):
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
# settings
|
2011-06-27 10:01:01 +01:00
|
|
|
self.verbose = verbose
|
|
|
|
self.listen_host = listen_host
|
|
|
|
self.listen_port = listen_port
|
2012-06-26 12:57:50 +01:00
|
|
|
self.prefer_ipv6 = source_is_ipv6
|
2011-06-27 10:01:01 +01:00
|
|
|
self.ssl_only = ssl_only
|
|
|
|
self.daemon = daemon
|
2011-09-22 21:52:02 +01:00
|
|
|
self.run_once = run_once
|
|
|
|
self.timeout = timeout
|
2012-08-31 15:24:09 +01:00
|
|
|
self.idle_timeout = idle_timeout
|
2012-05-22 15:09:07 +01:00
|
|
|
|
2011-09-22 21:52:02 +01:00
|
|
|
self.launch_time = time.time()
|
|
|
|
self.ws_connection = False
|
2011-06-27 10:01:01 +01:00
|
|
|
self.handler_id = 1
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2013-06-24 14:09:01 +01:00
|
|
|
self.file_only = file_only
|
|
|
|
self.no_parent = no_parent
|
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
# Make paths settings absolute
|
|
|
|
self.cert = os.path.abspath(cert)
|
|
|
|
self.key = self.web = self.record = ''
|
|
|
|
if key:
|
|
|
|
self.key = os.path.abspath(key)
|
|
|
|
if web:
|
|
|
|
self.web = os.path.abspath(web)
|
|
|
|
if record:
|
|
|
|
self.record = os.path.abspath(record)
|
|
|
|
|
|
|
|
if self.web:
|
|
|
|
os.chdir(self.web)
|
|
|
|
|
2011-05-18 21:52:39 +01:00
|
|
|
# Sanity checks
|
2011-06-27 17:49:01 +01:00
|
|
|
if not ssl and self.ssl_only:
|
2011-05-18 21:52:39 +01:00
|
|
|
raise Exception("No 'ssl' module and SSL-only specified")
|
|
|
|
if self.daemon and not resource:
|
|
|
|
raise Exception("Module 'resource' required to daemonize")
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2011-05-18 21:52:39 +01:00
|
|
|
# Show configuration
|
2011-05-18 17:09:10 +01:00
|
|
|
print("WebSocket server settings:")
|
|
|
|
print(" - Listen on %s:%s" % (
|
|
|
|
self.listen_host, self.listen_port))
|
|
|
|
print(" - Flash security policy server")
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
if self.web:
|
2011-07-14 21:55:26 +01:00
|
|
|
print(" - Web server. Web root: %s" % self.web)
|
2011-05-18 17:09:10 +01:00
|
|
|
if ssl:
|
|
|
|
if os.path.exists(self.cert):
|
|
|
|
print(" - SSL/TLS support")
|
|
|
|
if self.ssl_only:
|
|
|
|
print(" - Deny non-SSL/TLS connections")
|
|
|
|
else:
|
|
|
|
print(" - No SSL/TLS support (no cert file)")
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
else:
|
2011-05-18 17:09:10 +01:00
|
|
|
print(" - No SSL/TLS support (no 'ssl' module)")
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
if self.daemon:
|
2011-05-18 17:09:10 +01:00
|
|
|
print(" - Backgrounding (daemon)")
|
2011-06-26 19:55:52 +01:00
|
|
|
if self.record:
|
|
|
|
print(" - Recording to '%s.*'" % self.record)
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
#
|
|
|
|
# WebSocketServer static methods
|
|
|
|
#
|
2011-07-07 21:13:02 +01:00
|
|
|
|
2011-06-29 09:19:52 +01:00
|
|
|
@staticmethod
|
2012-05-28 12:09:07 +01:00
|
|
|
def socket(host, port=None, connect=False, prefer_ipv6=False, unix_socket=None, use_ssl=False):
|
2011-07-09 19:34:53 +01:00
|
|
|
""" Resolve a host (and optional port) to an IPv4 or IPv6
|
|
|
|
address. Create a socket. Bind to it if listen is set,
|
|
|
|
otherwise connect to it. Return the socket.
|
2011-06-29 09:19:52 +01:00
|
|
|
"""
|
2011-07-09 19:34:53 +01:00
|
|
|
flags = 0
|
|
|
|
if host == '':
|
|
|
|
host = None
|
2012-05-22 15:09:07 +01:00
|
|
|
if connect and not (port or unix_socket):
|
2011-07-09 19:34:53 +01:00
|
|
|
raise Exception("Connect mode requires a port")
|
2012-05-23 15:20:08 +01:00
|
|
|
if use_ssl and not ssl:
|
|
|
|
raise Exception("SSL socket requested but Python SSL module not loaded.");
|
|
|
|
if not connect and use_ssl:
|
|
|
|
raise Exception("SSL only supported in connect mode (for now)")
|
2011-07-09 19:34:53 +01:00
|
|
|
if not connect:
|
|
|
|
flags = flags | socket.AI_PASSIVE
|
2012-05-22 15:09:07 +01:00
|
|
|
|
|
|
|
if not unix_socket:
|
|
|
|
addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM,
|
|
|
|
socket.IPPROTO_TCP, flags)
|
|
|
|
if not addrs:
|
2012-05-28 12:09:07 +01:00
|
|
|
raise Exception("Could not resolve host '%s'" % host)
|
2012-05-22 15:09:07 +01:00
|
|
|
addrs.sort(key=lambda x: x[0])
|
|
|
|
if prefer_ipv6:
|
|
|
|
addrs.reverse()
|
|
|
|
sock = socket.socket(addrs[0][0], addrs[0][1])
|
|
|
|
if connect:
|
|
|
|
sock.connect(addrs[0][4])
|
2012-05-28 12:09:07 +01:00
|
|
|
if use_ssl:
|
|
|
|
sock = ssl.wrap_socket(sock)
|
2012-05-22 15:09:07 +01:00
|
|
|
else:
|
|
|
|
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
|
|
|
sock.bind(addrs[0][4])
|
|
|
|
sock.listen(100)
|
|
|
|
else:
|
|
|
|
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
|
|
|
sock.connect(unix_socket)
|
|
|
|
|
2011-07-09 19:34:53 +01:00
|
|
|
return sock
|
2011-06-29 09:19:52 +01:00
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
@staticmethod
|
2011-04-30 22:34:56 +01:00
|
|
|
def daemonize(keepfd=None, chdir='/'):
|
2011-01-08 21:29:01 +00:00
|
|
|
os.umask(0)
|
2011-04-30 22:34:56 +01:00
|
|
|
if chdir:
|
|
|
|
os.chdir(chdir)
|
2011-01-08 21:29:01 +00:00
|
|
|
else:
|
|
|
|
os.chdir('/')
|
|
|
|
os.setgid(os.getgid()) # relinquish elevations
|
|
|
|
os.setuid(os.getuid()) # relinquish elevations
|
|
|
|
|
|
|
|
# Double fork to daemonize
|
|
|
|
if os.fork() > 0: os._exit(0) # Parent exits
|
|
|
|
os.setsid() # Obtain new process group
|
|
|
|
if os.fork() > 0: os._exit(0) # Parent exits
|
|
|
|
|
|
|
|
# Signal handling
|
2013-05-31 20:07:32 +01:00
|
|
|
signal.signal(signal.SIGTERM, signal.SIG_IGN)
|
2011-01-08 21:29:01 +00:00
|
|
|
signal.signal(signal.SIGINT, signal.SIG_IGN)
|
|
|
|
|
|
|
|
# Close open files
|
|
|
|
maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
|
|
|
|
if maxfd == resource.RLIM_INFINITY: maxfd = 256
|
|
|
|
for fd in reversed(range(maxfd)):
|
|
|
|
try:
|
|
|
|
if fd != keepfd:
|
|
|
|
os.close(fd)
|
2011-05-18 17:09:10 +01:00
|
|
|
except OSError:
|
|
|
|
_, exc, _ = sys.exc_info()
|
2011-01-08 21:29:01 +00:00
|
|
|
if exc.errno != errno.EBADF: raise
|
|
|
|
|
|
|
|
# Redirect I/O to /dev/null
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stdin.fileno())
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stdout.fileno())
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stderr.fileno())
|
|
|
|
|
2011-09-29 22:08:28 +01:00
|
|
|
@staticmethod
|
2012-10-17 17:54:59 +01:00
|
|
|
def unmask(buf, hlen, plen):
|
|
|
|
pstart = hlen + 4
|
|
|
|
pend = pstart + plen
|
2011-09-29 22:08:28 +01:00
|
|
|
if numpy:
|
|
|
|
b = c = s2b('')
|
2012-10-17 17:54:59 +01:00
|
|
|
if plen >= 4:
|
2011-09-29 22:08:28 +01:00
|
|
|
mask = numpy.frombuffer(buf, dtype=numpy.dtype('<u4'),
|
2012-10-17 17:54:59 +01:00
|
|
|
offset=hlen, count=1)
|
2011-09-29 22:08:28 +01:00
|
|
|
data = numpy.frombuffer(buf, dtype=numpy.dtype('<u4'),
|
2012-10-17 17:54:59 +01:00
|
|
|
offset=pstart, count=int(plen / 4))
|
2011-09-29 22:08:28 +01:00
|
|
|
#b = numpy.bitwise_xor(data, mask).data
|
|
|
|
b = numpy.bitwise_xor(data, mask).tostring()
|
|
|
|
|
2012-10-17 17:54:59 +01:00
|
|
|
if plen % 4:
|
2011-09-29 22:08:28 +01:00
|
|
|
#print("Partial unmask")
|
|
|
|
mask = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
|
2012-10-17 17:54:59 +01:00
|
|
|
offset=hlen, count=(plen % 4))
|
2011-09-29 22:08:28 +01:00
|
|
|
data = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
|
2012-10-17 17:54:59 +01:00
|
|
|
offset=pend - (plen % 4),
|
|
|
|
count=(plen % 4))
|
2011-09-29 22:08:28 +01:00
|
|
|
c = numpy.bitwise_xor(data, mask).tostring()
|
|
|
|
return b + c
|
|
|
|
else:
|
|
|
|
# Slower fallback
|
2012-10-17 17:54:59 +01:00
|
|
|
mask = buf[hlen:hlen+4]
|
2011-09-29 22:08:28 +01:00
|
|
|
data = array.array('B')
|
2012-10-17 17:54:59 +01:00
|
|
|
mask = s2a(mask)
|
2011-09-29 22:08:28 +01:00
|
|
|
data.fromstring(buf[pstart:pend])
|
|
|
|
for i in range(len(data)):
|
|
|
|
data[i] ^= mask[i % 4]
|
|
|
|
return data.tostring()
|
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
@staticmethod
|
2011-05-02 04:17:04 +01:00
|
|
|
def encode_hybi(buf, opcode, base64=False):
|
|
|
|
""" Encode a HyBi style WebSocket frame.
|
|
|
|
Optional opcode:
|
|
|
|
0x0 - continuation
|
|
|
|
0x1 - text frame (base64 encode buf)
|
|
|
|
0x2 - binary frame (use raw buf)
|
|
|
|
0x8 - connection close
|
|
|
|
0x9 - ping
|
|
|
|
0xA - pong
|
|
|
|
"""
|
|
|
|
if base64:
|
|
|
|
buf = b64encode(buf)
|
|
|
|
|
|
|
|
b1 = 0x80 | (opcode & 0x0f) # FIN + opcode
|
|
|
|
payload_len = len(buf)
|
|
|
|
if payload_len <= 125:
|
2011-10-06 15:37:09 +01:00
|
|
|
header = pack('>BB', b1, payload_len)
|
2011-08-31 18:40:00 +01:00
|
|
|
elif payload_len > 125 and payload_len < 65536:
|
2011-10-06 15:37:09 +01:00
|
|
|
header = pack('>BBH', b1, 126, payload_len)
|
2011-05-02 04:17:04 +01:00
|
|
|
elif payload_len >= 65536:
|
2011-10-06 15:37:09 +01:00
|
|
|
header = pack('>BBQ', b1, 127, payload_len)
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
#print("Encoded: %s" % repr(header + buf))
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
return header + buf, len(header), 0
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2011-05-02 04:17:04 +01:00
|
|
|
def decode_hybi(buf, base64=False):
|
|
|
|
""" Decode HyBi style WebSocket packets.
|
|
|
|
Returns:
|
2011-05-02 22:50:17 +01:00
|
|
|
{'fin' : 0_or_1,
|
|
|
|
'opcode' : number,
|
2012-10-17 17:54:59 +01:00
|
|
|
'masked' : boolean,
|
2011-06-26 19:55:52 +01:00
|
|
|
'hlen' : header_bytes_number,
|
2011-05-02 22:50:17 +01:00
|
|
|
'length' : payload_bytes_number,
|
|
|
|
'payload' : decoded_buffer,
|
|
|
|
'left' : bytes_left_number,
|
|
|
|
'close_code' : number,
|
|
|
|
'close_reason' : string}
|
2011-05-02 04:17:04 +01:00
|
|
|
"""
|
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
f = {'fin' : 0,
|
|
|
|
'opcode' : 0,
|
2012-10-17 17:54:59 +01:00
|
|
|
'masked' : False,
|
2011-06-26 19:55:52 +01:00
|
|
|
'hlen' : 2,
|
|
|
|
'length' : 0,
|
|
|
|
'payload' : None,
|
|
|
|
'left' : 0,
|
2012-04-25 19:44:01 +01:00
|
|
|
'close_code' : 1000,
|
|
|
|
'close_reason' : ''}
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
blen = len(buf)
|
2011-06-26 19:55:52 +01:00
|
|
|
f['left'] = blen
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
if blen < f['hlen']:
|
|
|
|
return f # Incomplete frame header
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-10-06 15:37:09 +01:00
|
|
|
b1, b2 = unpack_from(">BB", buf)
|
2011-06-26 19:55:52 +01:00
|
|
|
f['opcode'] = b1 & 0x0f
|
|
|
|
f['fin'] = (b1 & 0x80) >> 7
|
2012-10-17 17:54:59 +01:00
|
|
|
f['masked'] = (b2 & 0x80) >> 7
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
f['length'] = b2 & 0x7f
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
if f['length'] == 126:
|
|
|
|
f['hlen'] = 4
|
|
|
|
if blen < f['hlen']:
|
|
|
|
return f # Incomplete frame header
|
2011-10-06 15:37:09 +01:00
|
|
|
(f['length'],) = unpack_from('>xxH', buf)
|
2011-06-26 19:55:52 +01:00
|
|
|
elif f['length'] == 127:
|
|
|
|
f['hlen'] = 10
|
|
|
|
if blen < f['hlen']:
|
|
|
|
return f # Incomplete frame header
|
2011-10-06 15:37:09 +01:00
|
|
|
(f['length'],) = unpack_from('>xxQ', buf)
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2012-10-17 17:54:59 +01:00
|
|
|
full_len = f['hlen'] + f['masked'] * 4 + f['length']
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
if blen < full_len: # Incomplete frame
|
2011-06-26 19:55:52 +01:00
|
|
|
return f # Incomplete frame header
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
# Number of bytes that are part of the next frame(s)
|
2011-06-26 19:55:52 +01:00
|
|
|
f['left'] = blen - full_len
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
# Process 1 frame
|
2012-10-17 17:54:59 +01:00
|
|
|
if f['masked']:
|
2011-05-02 04:17:04 +01:00
|
|
|
# unmask payload
|
2012-10-17 17:54:59 +01:00
|
|
|
f['payload'] = WebSocketServer.unmask(buf, f['hlen'],
|
|
|
|
f['length'])
|
2011-01-08 21:29:01 +00:00
|
|
|
else:
|
2011-05-18 17:09:10 +01:00
|
|
|
print("Unmasked frame: %s" % repr(buf))
|
2012-10-17 17:54:59 +01:00
|
|
|
f['payload'] = buf[(f['hlen'] + f['masked'] * 4):full_len]
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
if base64 and f['opcode'] in [1, 2]:
|
2011-05-02 04:17:04 +01:00
|
|
|
try:
|
2011-06-26 19:55:52 +01:00
|
|
|
f['payload'] = b64decode(f['payload'])
|
2011-05-02 04:17:04 +01:00
|
|
|
except:
|
2011-05-18 17:09:10 +01:00
|
|
|
print("Exception while b64decoding buffer: %s" %
|
|
|
|
repr(buf))
|
2011-05-02 04:17:04 +01:00
|
|
|
raise
|
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
if f['opcode'] == 0x08:
|
|
|
|
if f['length'] >= 2:
|
2012-05-11 04:00:27 +01:00
|
|
|
f['close_code'] = unpack_from(">H", f['payload'])[0]
|
2011-06-26 19:55:52 +01:00
|
|
|
if f['length'] > 3:
|
|
|
|
f['close_reason'] = f['payload'][2:]
|
2011-05-02 22:50:17 +01:00
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
return f
|
2011-05-02 04:17:04 +01:00
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# WebSocketServer logging/output functions
|
|
|
|
#
|
|
|
|
|
|
|
|
def traffic(self, token="."):
|
|
|
|
""" Show traffic flow in verbose mode. """
|
|
|
|
if self.verbose and not self.daemon:
|
|
|
|
sys.stdout.write(token)
|
|
|
|
sys.stdout.flush()
|
|
|
|
|
|
|
|
def msg(self, msg):
|
|
|
|
""" Output message with handler_id prefix. """
|
|
|
|
if not self.daemon:
|
2011-05-18 17:09:10 +01:00
|
|
|
print("% 3d: %s" % (self.handler_id, msg))
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
def vmsg(self, msg):
|
|
|
|
""" Same as msg() but only if verbose. """
|
|
|
|
if self.verbose:
|
|
|
|
self.msg(msg)
|
|
|
|
|
|
|
|
#
|
|
|
|
# Main WebSocketServer methods
|
|
|
|
#
|
2011-05-02 04:17:04 +01:00
|
|
|
def send_frames(self, bufs=None):
|
|
|
|
""" Encode and send WebSocket frames. Any frames already
|
|
|
|
queued will be sent first. If buf is not set then only queued
|
|
|
|
frames will be sent. Returns the number of pending frames that
|
|
|
|
could not be fully sent. If returned pending frames is greater
|
|
|
|
than 0, then the caller should call again when the socket is
|
|
|
|
ready. """
|
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
tdelta = int(time.time()*1000) - self.start_time
|
|
|
|
|
2011-05-02 04:17:04 +01:00
|
|
|
if bufs:
|
|
|
|
for buf in bufs:
|
2013-03-04 08:38:29 +00:00
|
|
|
if self.base64:
|
|
|
|
encbuf, lenhead, lentail = self.encode_hybi(buf, opcode=1, base64=True)
|
2011-05-02 04:17:04 +01:00
|
|
|
else:
|
2013-03-04 08:38:29 +00:00
|
|
|
encbuf, lenhead, lentail = self.encode_hybi(buf, opcode=2, base64=False)
|
2011-06-26 19:55:52 +01:00
|
|
|
|
|
|
|
if self.rec:
|
|
|
|
self.rec.write("%s,\n" %
|
|
|
|
repr("{%s{" % tdelta
|
2012-10-17 17:54:59 +01:00
|
|
|
+ encbuf[lenhead:len(encbuf)-lentail]))
|
2011-06-26 19:55:52 +01:00
|
|
|
|
|
|
|
self.send_parts.append(encbuf)
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
while self.send_parts:
|
|
|
|
# Send pending frames
|
|
|
|
buf = self.send_parts.pop(0)
|
|
|
|
sent = self.client.send(buf)
|
|
|
|
|
|
|
|
if sent == len(buf):
|
|
|
|
self.traffic("<")
|
|
|
|
else:
|
|
|
|
self.traffic("<.")
|
|
|
|
self.send_parts.insert(0, buf[sent:])
|
|
|
|
break
|
|
|
|
|
|
|
|
return len(self.send_parts)
|
|
|
|
|
|
|
|
def recv_frames(self):
|
|
|
|
""" Receive and decode WebSocket frames.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
(bufs_list, closed_string)
|
|
|
|
"""
|
|
|
|
|
|
|
|
closed = False
|
|
|
|
bufs = []
|
2011-06-26 19:55:52 +01:00
|
|
|
tdelta = int(time.time()*1000) - self.start_time
|
2011-05-02 04:17:04 +01:00
|
|
|
|
|
|
|
buf = self.client.recv(self.buffer_size)
|
|
|
|
if len(buf) == 0:
|
2012-04-25 19:44:01 +01:00
|
|
|
closed = {'code': 1000, 'reason': "Client closed abruptly"}
|
2011-05-02 04:17:04 +01:00
|
|
|
return bufs, closed
|
|
|
|
|
|
|
|
if self.recv_part:
|
|
|
|
# Add partially received frames to current read buffer
|
|
|
|
buf = self.recv_part + buf
|
|
|
|
self.recv_part = None
|
|
|
|
|
|
|
|
while buf:
|
2013-03-04 08:38:29 +00:00
|
|
|
frame = self.decode_hybi(buf, base64=self.base64)
|
|
|
|
#print("Received buf: %s, frame: %s" % (repr(buf), frame))
|
|
|
|
|
|
|
|
if frame['payload'] == None:
|
|
|
|
# Incomplete/partial frame
|
|
|
|
self.traffic("}.")
|
|
|
|
if frame['left'] > 0:
|
|
|
|
self.recv_part = buf[-frame['left']:]
|
|
|
|
break
|
2011-05-02 04:17:04 +01:00
|
|
|
else:
|
2013-03-04 08:38:29 +00:00
|
|
|
if frame['opcode'] == 0x8: # connection close
|
|
|
|
closed = {'code': frame['close_code'],
|
|
|
|
'reason': frame['close_reason']}
|
2011-05-02 04:17:04 +01:00
|
|
|
break
|
|
|
|
|
|
|
|
self.traffic("}")
|
|
|
|
|
2011-06-26 19:55:52 +01:00
|
|
|
if self.rec:
|
|
|
|
start = frame['hlen']
|
|
|
|
end = frame['hlen'] + frame['length']
|
2012-10-17 17:54:59 +01:00
|
|
|
if frame['masked']:
|
|
|
|
recbuf = WebSocketServer.unmask(buf, frame['hlen'],
|
|
|
|
frame['length'])
|
|
|
|
else:
|
|
|
|
recbuf = buf[frame['hlen']:frame['hlen'] +
|
|
|
|
frame['length']]
|
2011-06-26 19:55:52 +01:00
|
|
|
self.rec.write("%s,\n" %
|
2012-10-17 17:54:59 +01:00
|
|
|
repr("}%s}" % tdelta + recbuf))
|
2011-06-26 19:55:52 +01:00
|
|
|
|
|
|
|
|
2011-05-02 04:17:04 +01:00
|
|
|
bufs.append(frame['payload'])
|
|
|
|
|
|
|
|
if frame['left']:
|
|
|
|
buf = buf[-frame['left']:]
|
|
|
|
else:
|
|
|
|
buf = ''
|
|
|
|
|
|
|
|
return bufs, closed
|
|
|
|
|
2012-04-25 19:44:01 +01:00
|
|
|
def send_close(self, code=1000, reason=''):
|
2011-05-02 04:17:04 +01:00
|
|
|
""" Send a WebSocket orderly close frame. """
|
|
|
|
|
2013-03-04 08:38:29 +00:00
|
|
|
msg = pack(">H%ds" % len(reason), code, reason)
|
|
|
|
buf, h, t = self.encode_hybi(msg, opcode=0x08, base64=False)
|
|
|
|
self.client.send(buf)
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2012-07-13 19:09:32 +01:00
|
|
|
def do_websocket_handshake(self, headers, path):
|
|
|
|
h = self.headers = headers
|
|
|
|
self.path = path
|
|
|
|
|
|
|
|
prot = 'WebSocket-Protocol'
|
|
|
|
protocols = h.get('Sec-'+prot, h.get(prot, '')).split(',')
|
|
|
|
|
|
|
|
ver = h.get('Sec-WebSocket-Version')
|
|
|
|
if ver:
|
|
|
|
# HyBi/IETF version of the protocol
|
|
|
|
|
|
|
|
# HyBi-07 report version 7
|
|
|
|
# HyBi-08 - HyBi-12 report version 8
|
|
|
|
# HyBi-13 reports version 13
|
|
|
|
if ver in ['7', '8', '13']:
|
|
|
|
self.version = "hybi-%02d" % int(ver)
|
|
|
|
else:
|
|
|
|
raise self.EClose('Unsupported protocol version %s' % ver)
|
|
|
|
|
|
|
|
key = h['Sec-WebSocket-Key']
|
|
|
|
|
|
|
|
# Choose binary if client supports it
|
|
|
|
if 'binary' in protocols:
|
|
|
|
self.base64 = False
|
|
|
|
elif 'base64' in protocols:
|
|
|
|
self.base64 = True
|
|
|
|
else:
|
|
|
|
raise self.EClose("Client must support 'binary' or 'base64' protocol")
|
|
|
|
|
|
|
|
# Generate the hash value for the accept header
|
|
|
|
accept = b64encode(sha1(s2b(key + self.GUID)).digest())
|
|
|
|
|
|
|
|
response = self.server_handshake_hybi % b2s(accept)
|
|
|
|
if self.base64:
|
|
|
|
response += "Sec-WebSocket-Protocol: base64\r\n"
|
|
|
|
else:
|
|
|
|
response += "Sec-WebSocket-Protocol: binary\r\n"
|
|
|
|
response += "\r\n"
|
|
|
|
|
|
|
|
else:
|
2013-03-04 08:38:29 +00:00
|
|
|
raise self.EClose("Missing Sec-WebSocket-Version header. Hixie protocols not supported.")
|
2012-07-13 19:09:32 +01:00
|
|
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
def do_handshake(self, sock, address):
|
|
|
|
"""
|
|
|
|
do_handshake does the following:
|
|
|
|
- Peek at the first few bytes from the socket.
|
|
|
|
- If the connection is Flash policy request then answer it,
|
|
|
|
close the socket and return.
|
|
|
|
- If the connection is an HTTPS/SSL/TLS connection then SSL
|
|
|
|
wrap the socket.
|
|
|
|
- Read from the (possibly wrapped) socket.
|
|
|
|
- If we have received a HTTP GET request and the webserver
|
|
|
|
functionality is enabled, answer it, close the socket and
|
|
|
|
return.
|
|
|
|
- Assume we have a WebSockets connection, parse the client
|
|
|
|
handshake data.
|
|
|
|
- Send a WebSockets handshake server response.
|
|
|
|
- Return the socket for this WebSocket client.
|
|
|
|
"""
|
|
|
|
stype = ""
|
2011-01-13 18:22:22 +00:00
|
|
|
ready = select.select([sock], [], [], 3)[0]
|
2012-05-22 15:09:07 +01:00
|
|
|
|
|
|
|
|
2011-01-13 18:22:22 +00:00
|
|
|
if not ready:
|
|
|
|
raise self.EClose("ignoring socket not ready")
|
|
|
|
# Peek, but do not read the data so that we have a opportunity
|
|
|
|
# to SSL wrap the socket first
|
2011-01-08 21:29:01 +00:00
|
|
|
handshake = sock.recv(1024, socket.MSG_PEEK)
|
2011-05-02 04:17:04 +01:00
|
|
|
#self.msg("Handshake [%s]" % handshake)
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
if handshake == "":
|
|
|
|
raise self.EClose("ignoring empty handshake")
|
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
elif handshake.startswith(s2b("<policy-file-request/>")):
|
2011-01-08 21:29:01 +00:00
|
|
|
# Answer Flash policy request
|
|
|
|
handshake = sock.recv(1024)
|
2011-05-18 17:09:10 +01:00
|
|
|
sock.send(s2b(self.policy_response))
|
2011-01-08 21:29:01 +00:00
|
|
|
raise self.EClose("Sending flash policy response")
|
|
|
|
|
2011-12-15 21:35:11 +00:00
|
|
|
elif handshake[0] in ("\x16", "\x80", 22, 128):
|
2011-01-08 21:29:01 +00:00
|
|
|
# SSL wrap the connection
|
2011-05-18 17:09:10 +01:00
|
|
|
if not ssl:
|
|
|
|
raise self.EClose("SSL connection but no 'ssl' module")
|
2011-01-08 21:29:01 +00:00
|
|
|
if not os.path.exists(self.cert):
|
|
|
|
raise self.EClose("SSL connection but '%s' not found"
|
|
|
|
% self.cert)
|
2011-06-27 17:49:01 +01:00
|
|
|
retsock = None
|
2011-01-08 21:29:01 +00:00
|
|
|
try:
|
|
|
|
retsock = ssl.wrap_socket(
|
|
|
|
sock,
|
|
|
|
server_side=True,
|
|
|
|
certfile=self.cert,
|
|
|
|
keyfile=self.key)
|
2011-05-18 17:09:10 +01:00
|
|
|
except ssl.SSLError:
|
|
|
|
_, x, _ = sys.exc_info()
|
2011-01-08 21:29:01 +00:00
|
|
|
if x.args[0] == ssl.SSL_ERROR_EOF:
|
2012-02-20 22:34:30 +00:00
|
|
|
if len(x.args) > 1:
|
|
|
|
raise self.EClose(x.args[1])
|
|
|
|
else:
|
|
|
|
raise self.EClose("Got SSL_ERROR_EOF")
|
2011-01-08 21:29:01 +00:00
|
|
|
else:
|
|
|
|
raise
|
|
|
|
|
2012-08-14 21:12:48 +01:00
|
|
|
self.scheme = "wss"
|
2011-01-08 21:29:01 +00:00
|
|
|
stype = "SSL/TLS (wss://)"
|
|
|
|
|
|
|
|
elif self.ssl_only:
|
|
|
|
raise self.EClose("non-SSL connection received but disallowed")
|
|
|
|
|
|
|
|
else:
|
|
|
|
retsock = sock
|
2012-08-14 21:12:48 +01:00
|
|
|
self.scheme = "ws"
|
2011-01-08 21:29:01 +00:00
|
|
|
stype = "Plain non-SSL (ws://)"
|
|
|
|
|
2013-06-24 14:09:01 +01:00
|
|
|
wsh = WSRequestHandler(retsock, address, not self.web,
|
|
|
|
self.file_only, self.no_parent)
|
2011-05-17 18:08:30 +01:00
|
|
|
if wsh.last_code == 101:
|
|
|
|
# Continue on to handle WebSocket upgrade
|
|
|
|
pass
|
|
|
|
elif wsh.last_code == 405:
|
|
|
|
raise self.EClose("Normal web request received but disallowed")
|
|
|
|
elif wsh.last_code < 200 or wsh.last_code >= 300:
|
|
|
|
raise self.EClose(wsh.last_message)
|
|
|
|
elif self.verbose:
|
|
|
|
raise self.EClose(wsh.last_message)
|
|
|
|
else:
|
|
|
|
raise self.EClose("")
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2012-07-13 19:09:32 +01:00
|
|
|
response = self.do_websocket_handshake(wsh.headers, wsh.path)
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2011-05-02 04:17:04 +01:00
|
|
|
self.msg("%s: %s WebSocket connection" % (address[0], stype))
|
|
|
|
self.msg("%s: Version %s, base64: '%s'" % (address[0],
|
|
|
|
self.version, self.base64))
|
2011-09-29 22:08:28 +01:00
|
|
|
if self.path != '/':
|
|
|
|
self.msg("%s: Path: '%s'" % (address[0], self.path))
|
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
# Send server WebSockets handshake response
|
2011-05-02 04:17:04 +01:00
|
|
|
#self.msg("sending response [%s]" % response)
|
2011-05-18 17:09:10 +01:00
|
|
|
retsock.send(s2b(response))
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
# Return the WebSockets socket which may be SSL wrapped
|
|
|
|
return retsock
|
|
|
|
|
|
|
|
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
#
|
|
|
|
# Events that can/should be overridden in sub-classes
|
|
|
|
#
|
|
|
|
def started(self):
|
|
|
|
""" Called after WebSockets startup """
|
|
|
|
self.vmsg("WebSockets server started")
|
|
|
|
|
|
|
|
def poll(self):
|
|
|
|
""" Run periodically while waiting for connections. """
|
2011-01-19 21:25:44 +00:00
|
|
|
#self.vmsg("Running poll()")
|
|
|
|
pass
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
|
2013-05-31 20:21:01 +01:00
|
|
|
def terminate(self):
|
|
|
|
raise self.Terminate()
|
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
def fallback_SIGCHLD(self, sig, stack):
|
|
|
|
# Reap zombies when using os.fork() (python 2.4)
|
2011-01-31 16:34:42 +00:00
|
|
|
self.vmsg("Got SIGCHLD, reaping zombies")
|
2011-02-01 16:46:28 +00:00
|
|
|
try:
|
|
|
|
result = os.waitpid(-1, os.WNOHANG)
|
|
|
|
while result[0]:
|
|
|
|
self.vmsg("Reaped child process %s" % result[0])
|
|
|
|
result = os.waitpid(-1, os.WNOHANG)
|
|
|
|
except (OSError):
|
|
|
|
pass
|
2011-01-31 16:34:42 +00:00
|
|
|
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
def do_SIGINT(self, sig, stack):
|
|
|
|
self.msg("Got SIGINT, exiting")
|
2013-05-31 20:21:01 +01:00
|
|
|
self.terminate()
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
|
2013-05-31 20:07:32 +01:00
|
|
|
def do_SIGTERM(self, sig, stack):
|
|
|
|
self.msg("Got SIGTERM, exiting")
|
2013-05-31 20:21:01 +01:00
|
|
|
self.terminate()
|
2013-05-31 20:07:32 +01:00
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
def top_new_client(self, startsock, address):
|
|
|
|
""" Do something with a WebSockets client connection. """
|
|
|
|
# Initialize per client settings
|
|
|
|
self.send_parts = []
|
|
|
|
self.recv_part = None
|
|
|
|
self.base64 = False
|
2011-06-26 19:55:52 +01:00
|
|
|
self.rec = None
|
|
|
|
self.start_time = int(time.time()*1000)
|
2011-05-18 17:09:10 +01:00
|
|
|
|
2012-05-22 15:49:00 +01:00
|
|
|
# handler process
|
2011-05-18 17:09:10 +01:00
|
|
|
try:
|
|
|
|
try:
|
|
|
|
self.client = self.do_handshake(startsock, address)
|
2011-06-26 19:55:52 +01:00
|
|
|
|
|
|
|
if self.record:
|
|
|
|
# Record raw frame data as JavaScript array
|
|
|
|
fname = "%s.%s" % (self.record,
|
|
|
|
self.handler_id)
|
|
|
|
self.msg("opening record file: %s" % fname)
|
|
|
|
self.rec = open(fname, 'w+')
|
2012-10-17 17:54:59 +01:00
|
|
|
encoding = "binary"
|
|
|
|
if self.base64: encoding = "base64"
|
|
|
|
self.rec.write("var VNC_frame_encoding = '%s';\n"
|
|
|
|
% encoding)
|
2011-06-26 19:55:52 +01:00
|
|
|
self.rec.write("var VNC_frame_data = [\n")
|
|
|
|
|
2011-09-22 21:52:02 +01:00
|
|
|
self.ws_connection = True
|
2011-05-18 17:09:10 +01:00
|
|
|
self.new_client()
|
2013-10-15 17:03:33 +01:00
|
|
|
except self.CClose:
|
2012-04-25 19:44:01 +01:00
|
|
|
# Close the client
|
|
|
|
_, exc, _ = sys.exc_info()
|
|
|
|
if self.client:
|
|
|
|
self.send_close(exc.args[0], exc.args[1])
|
2011-05-18 17:09:10 +01:00
|
|
|
except self.EClose:
|
|
|
|
_, exc, _ = sys.exc_info()
|
|
|
|
# Connection was not a WebSockets connection
|
|
|
|
if exc.args[0]:
|
|
|
|
self.msg("%s: %s" % (address[0], exc.args[0]))
|
2013-05-31 20:21:01 +01:00
|
|
|
except WebSocketServer.Terminate:
|
|
|
|
raise
|
2011-05-18 17:09:10 +01:00
|
|
|
except Exception:
|
|
|
|
_, exc, _ = sys.exc_info()
|
|
|
|
self.msg("handler exception: %s" % str(exc))
|
|
|
|
if self.verbose:
|
|
|
|
self.msg(traceback.format_exc())
|
|
|
|
finally:
|
2011-06-26 19:55:52 +01:00
|
|
|
if self.rec:
|
2012-10-17 17:54:59 +01:00
|
|
|
self.rec.write("'EOF'];\n")
|
2011-06-26 19:55:52 +01:00
|
|
|
self.rec.close()
|
|
|
|
|
2011-05-18 17:09:10 +01:00
|
|
|
if self.client and self.client != startsock:
|
2012-04-25 19:44:01 +01:00
|
|
|
# Close the SSL wrapped socket
|
|
|
|
# Original socket closed by caller
|
2011-05-18 17:09:10 +01:00
|
|
|
self.client.close()
|
|
|
|
|
|
|
|
def new_client(self):
|
2011-01-08 21:29:01 +00:00
|
|
|
""" Do something with a WebSockets client connection. """
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
raise("WebSocketServer.new_client() must be overloaded")
|
2011-01-08 21:29:01 +00:00
|
|
|
|
|
|
|
def start_server(self):
|
|
|
|
"""
|
|
|
|
Daemonize if requested. Listen for for connections. Run
|
|
|
|
do_handshake() method for each connection. If the connection
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
is a WebSockets client then call new_client() method (which must
|
|
|
|
be overridden) for each new client connection.
|
2011-01-08 21:29:01 +00:00
|
|
|
"""
|
2012-06-26 12:57:50 +01:00
|
|
|
lsock = self.socket(self.listen_host, self.listen_port, False, self.prefer_ipv6)
|
2011-07-07 17:45:19 +01:00
|
|
|
|
2011-01-08 21:29:01 +00:00
|
|
|
if self.daemon:
|
2011-04-30 22:34:56 +01:00
|
|
|
self.daemonize(keepfd=lsock.fileno(), chdir=self.web)
|
2011-01-08 21:29:01 +00:00
|
|
|
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
self.started() # Some things need to happen after daemonizing
|
|
|
|
|
2013-05-31 20:07:32 +01:00
|
|
|
# Allow override of signals
|
2013-10-14 19:13:11 +01:00
|
|
|
original_signals = {
|
|
|
|
signal.SIGINT: signal.getsignal(signal.SIGINT),
|
|
|
|
signal.SIGTERM: signal.getsignal(signal.SIGTERM),
|
|
|
|
signal.SIGCHLD: signal.getsignal(signal.SIGCHLD),
|
|
|
|
}
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
signal.signal(signal.SIGINT, self.do_SIGINT)
|
2013-05-31 20:07:32 +01:00
|
|
|
signal.signal(signal.SIGTERM, self.do_SIGTERM)
|
2013-09-20 19:12:35 +01:00
|
|
|
signal.signal(signal.SIGCHLD, self.fallback_SIGCHLD)
|
2011-01-08 21:29:01 +00:00
|
|
|
|
2012-08-31 16:55:24 +01:00
|
|
|
last_active_time = self.launch_time
|
2013-10-14 19:13:11 +01:00
|
|
|
try:
|
|
|
|
while True:
|
wsproxy, wstelnet: wrap command, WS telnet client.
wswrapper:
Getting the wswrapper.c LD_PRELOAD model working has turned out to
involve too many dark corners of the glibc/POSIX file descriptor
space. I realized that 95% of what I want can be accomplished by
adding a "wrap command" mode to wsproxy.
The code is still there for now, but consider it experimental at
best. Minor fix to dup2 and add dup and dup3 logging.
wsproxy Wrap Command:
In wsproxy wrap command mode, a command line is specified instead
of a target address and port. wsproxy then uses a much simpler
LD_PRELOAD library, rebind.so, to move intercept any bind() system
calls made by the program. If the bind() call is for the wsproxy
listen port number then the real bind() system call is issued for
an alternate (free high) port on loopback/localhost. wsproxy then
forwards from the listen address/port to the moved port.
The --wrap-mode argument takes three options that determine the
behavior of wsproxy when the wrapped command returns an exit code
(exit or daemonizing): ignore, exit, respawn.
For example, this runs vncserver on turns port 5901 into
a WebSockets port (rebind.so must be built first):
./utils/wsproxy.py --wrap-mode=ignore 5901 -- vncserver :1
The vncserver command backgrounds itself so the wrap mode is set
to "ignore" so that wsproxy keeps running even after it receives
an exit code from vncserver.
wstelnet:
To demonstrate the wrap command mode, I added WebSockets telnet
client.
For example, this runs telnetd (krb5-telnetd) on turns port 2023
into a WebSockets port (using "respawn" mode since telnetd exits
after each connection closes):
sudo ./utils/wsproxy.py --wrap-mode=respawn 2023 -- telnetd -debug 2023
Then the utils/wstelnet.html page can be used to connect to the
telnetd server on port 2023. The telnet client includes VT100.js
(from http://code.google.com/p/sshconsole) which handles the
terminal emulation and rendering.
rebind:
The rebind LD_PRELOAD library is used by wsproxy in wrap command
mode to intercept bind() system calls and move the port to
a different port on loopback/localhost. The rebind.so library can
be built by running make in the utils directory.
The rebind library can be used separately from wsproxy by setting
the REBIND_OLD_PORT and REBIND_NEW_PORT environment variables
prior to executing a command. For example:
export export REBIND_PORT_OLD="23"
export export REBIND_PORT_NEW="65023"
LD_PRELOAD=./rebind.so telnetd -debug 23
Alternately, the rebind script does the same thing:
rebind 23 65023 telnetd -debug 23
Other changes/notes:
- wsproxy no longer daemonizes by default. Remove -f/--foreground
option and add -D/--deamon option.
- When wsproxy is used to wrap a command in "respawn" mode, the
command will not be respawn more often than 3 times within 10
seconds.
- Move getKeysym routine out of Canvas object so that it can be called
directly.
2011-01-12 19:15:11 +00:00
|
|
|
try:
|
2011-01-13 00:09:54 +00:00
|
|
|
try:
|
2013-10-14 19:13:11 +01:00
|
|
|
self.client = None
|
|
|
|
startsock = None
|
|
|
|
pid = err = 0
|
|
|
|
child_count = 0
|
|
|
|
|
|
|
|
if multiprocessing:
|
|
|
|
# Collect zombie child processes
|
|
|
|
child_count = len(multiprocessing.active_children())
|
|
|
|
|
|
|
|
time_elapsed = time.time() - self.launch_time
|
|
|
|
if self.timeout and time_elapsed > self.timeout:
|
|
|
|
self.msg('listener exit due to --timeout %s'
|
|
|
|
% self.timeout)
|
|
|
|
break
|
2011-01-13 00:09:54 +00:00
|
|
|
|
2013-10-14 19:13:11 +01:00
|
|
|
if self.idle_timeout:
|
|
|
|
idle_time = 0
|
|
|
|
if child_count == 0:
|
|
|
|
idle_time = time.time() - last_active_time
|
|
|
|
else:
|
|
|
|
idle_time = 0
|
|
|
|
last_active_time = time.time()
|
|
|
|
|
|
|
|
if idle_time > self.idle_timeout and child_count == 0:
|
|
|
|
self.msg('listener exit due to --idle-timeout %s'
|
|
|
|
% self.idle_timeout)
|
|
|
|
break
|
|
|
|
|
|
|
|
try:
|
|
|
|
self.poll()
|
|
|
|
|
|
|
|
ready = select.select([lsock], [], [], 1)[0]
|
|
|
|
if lsock in ready:
|
|
|
|
startsock, address = lsock.accept()
|
|
|
|
else:
|
|
|
|
continue
|
2013-05-31 20:21:01 +01:00
|
|
|
except self.Terminate:
|
|
|
|
raise
|
2013-10-14 19:13:11 +01:00
|
|
|
except Exception:
|
|
|
|
_, exc, _ = sys.exc_info()
|
|
|
|
if hasattr(exc, 'errno'):
|
|
|
|
err = exc.errno
|
|
|
|
elif hasattr(exc, 'args'):
|
|
|
|
err = exc.args[0]
|
|
|
|
else:
|
|
|
|
err = exc[0]
|
|
|
|
if err == errno.EINTR:
|
|
|
|
self.vmsg("Ignoring interrupted syscall")
|
|
|
|
continue
|
|
|
|
else:
|
|
|
|
raise
|
|
|
|
|
|
|
|
if self.run_once:
|
|
|
|
# Run in same process if run_once
|
|
|
|
self.top_new_client(startsock, address)
|
|
|
|
if self.ws_connection :
|
|
|
|
self.msg('%s: exiting due to --run-once'
|
|
|
|
% address[0])
|
|
|
|
break
|
|
|
|
elif multiprocessing:
|
|
|
|
self.vmsg('%s: new handler Process' % address[0])
|
|
|
|
p = multiprocessing.Process(
|
|
|
|
target=self.top_new_client,
|
|
|
|
args=(startsock, address))
|
|
|
|
p.start()
|
|
|
|
# child will not return
|
2011-01-13 00:09:54 +00:00
|
|
|
else:
|
2013-10-14 19:13:11 +01:00
|
|
|
# python 2.4
|
|
|
|
self.vmsg('%s: forking handler' % address[0])
|
|
|
|
pid = os.fork()
|
|
|
|
if pid == 0:
|
|
|
|
# child handler process
|
|
|
|
self.top_new_client(startsock, address)
|
|
|
|
break # child process exits
|
|
|
|
|
|
|
|
# parent process
|
|
|
|
self.handler_id += 1
|
|
|
|
|
2013-05-31 20:21:01 +01:00
|
|
|
except (self.Terminate, SystemExit, KeyboardInterrupt):
|
2013-10-14 19:13:11 +01:00
|
|
|
_, exc, _ = sys.exc_info()
|
2013-05-31 20:21:01 +01:00
|
|
|
print("In exit")
|
2013-10-14 19:13:11 +01:00
|
|
|
break
|
2011-05-18 17:09:10 +01:00
|
|
|
except Exception:
|
|
|
|
_, exc, _ = sys.exc_info()
|
2013-10-14 19:13:11 +01:00
|
|
|
self.msg("handler exception: %s" % str(exc))
|
|
|
|
if self.verbose:
|
|
|
|
self.msg(traceback.format_exc())
|
|
|
|
|
|
|
|
finally:
|
|
|
|
if startsock:
|
|
|
|
startsock.close()
|
|
|
|
finally:
|
|
|
|
# Close listen port
|
|
|
|
self.vmsg("Closing socket listening at %s:%s"
|
|
|
|
% (self.listen_host, self.listen_port))
|
|
|
|
lsock.close()
|
|
|
|
|
|
|
|
# Restore signals
|
|
|
|
for sig, func in original_signals.items():
|
|
|
|
signal.signal(sig, func)
|
2012-10-31 17:04:16 +00:00
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2011-05-17 18:08:30 +01:00
|
|
|
# HTTP handler with WebSocket upgrade support
|
|
|
|
class WSRequestHandler(SimpleHTTPRequestHandler):
|
2013-06-24 14:09:01 +01:00
|
|
|
def __init__(self, req, addr, only_upgrade=False, file_only=False,
|
|
|
|
no_parent=False):
|
2011-05-17 18:08:30 +01:00
|
|
|
self.only_upgrade = only_upgrade # only allow upgrades
|
2013-06-24 14:09:01 +01:00
|
|
|
self.webroot = os.path.realpath(".")
|
|
|
|
self.file_only = file_only
|
|
|
|
self.no_parent = no_parent
|
2011-01-07 00:26:54 +00:00
|
|
|
SimpleHTTPRequestHandler.__init__(self, req, addr, object())
|
|
|
|
|
2011-05-17 18:08:30 +01:00
|
|
|
def do_GET(self):
|
2013-06-24 14:09:01 +01:00
|
|
|
abspath = os.path.realpath("." + (self.path.split('?')[0]))
|
2011-05-18 17:09:10 +01:00
|
|
|
if (self.headers.get('upgrade') and
|
2011-05-17 18:08:30 +01:00
|
|
|
self.headers.get('upgrade').lower() == 'websocket'):
|
|
|
|
|
|
|
|
# Just indicate that an WebSocket upgrade is needed
|
|
|
|
self.last_code = 101
|
|
|
|
self.last_message = "101 Switching Protocols"
|
|
|
|
elif self.only_upgrade:
|
|
|
|
# Normal web request responses are disabled
|
|
|
|
self.last_code = 405
|
|
|
|
self.last_message = "405 Method Not Allowed"
|
2013-06-24 14:09:01 +01:00
|
|
|
elif self.file_only and not os.path.isfile(abspath):
|
|
|
|
self.send_response(404, "No such file")
|
|
|
|
elif self.no_parent and not abspath.startswith(self.webroot):
|
|
|
|
self.send_response(403, "Hidden resources")
|
2011-05-17 18:08:30 +01:00
|
|
|
else:
|
|
|
|
SimpleHTTPRequestHandler.do_GET(self)
|
2011-01-07 00:26:54 +00:00
|
|
|
|
|
|
|
def send_response(self, code, message=None):
|
|
|
|
# Save the status code
|
|
|
|
self.last_code = code
|
|
|
|
SimpleHTTPRequestHandler.send_response(self, code, message)
|
|
|
|
|
|
|
|
def log_message(self, f, *args):
|
|
|
|
# Save instead of printing
|
|
|
|
self.last_message = f % args
|