2010-05-06 16:32:07 +01:00
|
|
|
#!/usr/bin/python
|
|
|
|
|
|
|
|
'''
|
|
|
|
Python WebSocket library with support for "wss://" encryption.
|
2010-07-17 18:05:58 +01:00
|
|
|
Copyright 2010 Joel Martin
|
|
|
|
Licensed under LGPL version 3 (see docs/LICENSE.LGPL-3)
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
You can make a cert/key with openssl using:
|
|
|
|
openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
|
|
|
|
as taken from http://docs.python.org/dev/library/ssl.html#certificates
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
2010-06-24 23:04:57 +01:00
|
|
|
import sys, socket, ssl, struct, traceback
|
2010-06-17 22:06:18 +01:00
|
|
|
import os, resource, errno, signal # daemonizing
|
2010-05-06 16:32:07 +01:00
|
|
|
from base64 import b64encode, b64decode
|
2010-06-24 23:04:57 +01:00
|
|
|
from hashlib import md5
|
2010-08-04 20:18:55 +01:00
|
|
|
from urlparse import urlsplit, parse_qsl
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2010-06-17 22:06:18 +01:00
|
|
|
settings = {
|
|
|
|
'listen_host' : '',
|
|
|
|
'listen_port' : None,
|
|
|
|
'handler' : None,
|
|
|
|
'cert' : None,
|
|
|
|
'ssl_only' : False,
|
|
|
|
'daemon' : True,
|
|
|
|
'record' : None, }
|
|
|
|
client_settings = {
|
2010-07-01 18:13:17 +01:00
|
|
|
'b64encode' : False, }
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
server_handshake = """HTTP/1.1 101 Web Socket Protocol Handshake\r
|
|
|
|
Upgrade: WebSocket\r
|
|
|
|
Connection: Upgrade\r
|
2010-06-24 23:04:57 +01:00
|
|
|
%sWebSocket-Origin: %s\r
|
|
|
|
%sWebSocket-Location: %s://%s%s\r
|
|
|
|
%sWebSocket-Protocol: sample\r
|
2010-05-06 16:32:07 +01:00
|
|
|
\r
|
2010-06-24 23:04:57 +01:00
|
|
|
%s"""
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
policy_response = """<cross-domain-policy><allow-access-from domain="*" to-ports="*" /></cross-domain-policy>\n"""
|
|
|
|
|
|
|
|
def traffic(token="."):
|
|
|
|
sys.stdout.write(token)
|
|
|
|
sys.stdout.flush()
|
|
|
|
|
2010-07-01 02:39:41 +01:00
|
|
|
def encode(buf):
|
|
|
|
if client_settings['b64encode']:
|
|
|
|
buf = b64encode(buf)
|
|
|
|
else:
|
|
|
|
# Modified UTF-8 encode
|
|
|
|
buf = buf.decode('latin-1').encode('utf-8').replace("\x00", "\xc4\x80")
|
|
|
|
|
2010-07-01 18:13:17 +01:00
|
|
|
return "\x00%s\xff" % buf
|
2010-07-01 02:39:41 +01:00
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
def decode(buf):
|
|
|
|
""" Parse out WebSocket packets. """
|
|
|
|
if buf.count('\xff') > 1:
|
2010-06-17 22:06:18 +01:00
|
|
|
if client_settings['b64encode']:
|
2010-05-28 21:39:38 +01:00
|
|
|
return [b64decode(d[1:]) for d in buf.split('\xff')]
|
|
|
|
else:
|
|
|
|
# Modified UTF-8 decode
|
|
|
|
return [d[1:].replace("\xc4\x80", "\x00").decode('utf-8').encode('latin-1') for d in buf.split('\xff')]
|
2010-05-06 16:32:07 +01:00
|
|
|
else:
|
2010-06-17 22:06:18 +01:00
|
|
|
if client_settings['b64encode']:
|
2010-05-28 21:39:38 +01:00
|
|
|
return [b64decode(buf[1:-1])]
|
|
|
|
else:
|
|
|
|
return [buf[1:-1].replace("\xc4\x80", "\x00").decode('utf-8').encode('latin-1')]
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2010-07-01 02:39:41 +01:00
|
|
|
def parse_handshake(handshake):
|
|
|
|
ret = {}
|
|
|
|
req_lines = handshake.split("\r\n")
|
|
|
|
if not req_lines[0].startswith("GET "):
|
|
|
|
raise Exception("Invalid handshake: no GET request line")
|
|
|
|
ret['path'] = req_lines[0].split(" ")[1]
|
|
|
|
for line in req_lines[1:]:
|
|
|
|
if line == "": break
|
2010-08-04 20:18:55 +01:00
|
|
|
var, val = line.split(": ")
|
2010-07-01 02:39:41 +01:00
|
|
|
ret[var] = val
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2010-07-01 02:39:41 +01:00
|
|
|
if req_lines[-2] == "":
|
|
|
|
ret['key3'] = req_lines[-1]
|
|
|
|
|
|
|
|
return ret
|
|
|
|
|
|
|
|
def gen_md5(keys):
|
|
|
|
key1 = keys['Sec-WebSocket-Key1']
|
|
|
|
key2 = keys['Sec-WebSocket-Key2']
|
|
|
|
key3 = keys['key3']
|
|
|
|
spaces1 = key1.count(" ")
|
|
|
|
spaces2 = key2.count(" ")
|
|
|
|
num1 = int("".join([c for c in key1 if c.isdigit()])) / spaces1
|
|
|
|
num2 = int("".join([c for c in key2 if c.isdigit()])) / spaces2
|
|
|
|
|
|
|
|
return md5(struct.pack('>II8s', num1, num2, key3)).digest()
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
|
2010-06-17 22:06:18 +01:00
|
|
|
def do_handshake(sock):
|
2010-07-01 18:13:17 +01:00
|
|
|
global client_settings
|
2010-06-17 22:06:18 +01:00
|
|
|
|
|
|
|
client_settings['b64encode'] = False
|
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
# Peek, but don't read the data
|
|
|
|
handshake = sock.recv(1024, socket.MSG_PEEK)
|
|
|
|
#print "Handshake [%s]" % repr(handshake)
|
2010-07-01 02:39:41 +01:00
|
|
|
if handshake == "":
|
|
|
|
print "Ignoring empty handshake"
|
|
|
|
sock.close()
|
|
|
|
return False
|
|
|
|
elif handshake.startswith("<policy-file-request/>"):
|
2010-05-06 16:32:07 +01:00
|
|
|
handshake = sock.recv(1024)
|
|
|
|
print "Sending flash policy response"
|
|
|
|
sock.send(policy_response)
|
|
|
|
sock.close()
|
|
|
|
return False
|
|
|
|
elif handshake.startswith("\x16"):
|
|
|
|
retsock = ssl.wrap_socket(
|
|
|
|
sock,
|
|
|
|
server_side=True,
|
2010-06-17 22:06:18 +01:00
|
|
|
certfile=settings['cert'],
|
2010-05-06 16:32:07 +01:00
|
|
|
ssl_version=ssl.PROTOCOL_TLSv1)
|
|
|
|
scheme = "wss"
|
2010-06-17 22:06:18 +01:00
|
|
|
print " using SSL/TLS"
|
|
|
|
elif settings['ssl_only']:
|
2010-06-16 19:58:00 +01:00
|
|
|
print "Non-SSL connection disallowed"
|
|
|
|
sock.close()
|
|
|
|
return False
|
2010-05-06 16:32:07 +01:00
|
|
|
else:
|
|
|
|
retsock = sock
|
|
|
|
scheme = "ws"
|
2010-06-17 22:06:18 +01:00
|
|
|
print " using plain (not SSL) socket"
|
2010-05-06 16:32:07 +01:00
|
|
|
handshake = retsock.recv(4096)
|
2010-06-25 00:45:30 +01:00
|
|
|
#print "handshake: " + repr(handshake)
|
2010-06-24 23:04:57 +01:00
|
|
|
h = parse_handshake(handshake)
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2010-06-17 22:06:18 +01:00
|
|
|
# Parse client settings from the GET path
|
2010-08-04 20:18:55 +01:00
|
|
|
cvars = parse_qsl(urlsplit(h['path'])[3], True)
|
|
|
|
for name, val in cvars:
|
2010-07-01 18:13:17 +01:00
|
|
|
if name not in ['b64encode']: continue
|
2010-06-17 22:06:18 +01:00
|
|
|
value = val and val or True
|
|
|
|
client_settings[name] = value
|
|
|
|
print " %s=%s" % (name, value)
|
2010-05-06 16:32:07 +01:00
|
|
|
|
2010-06-24 23:04:57 +01:00
|
|
|
if h.get('key3'):
|
|
|
|
trailer = gen_md5(h)
|
|
|
|
pre = "Sec-"
|
2010-07-01 02:39:41 +01:00
|
|
|
print " using protocol version 76"
|
2010-06-24 23:04:57 +01:00
|
|
|
else:
|
|
|
|
trailer = ""
|
|
|
|
pre = ""
|
2010-07-01 02:39:41 +01:00
|
|
|
print " using protocol version 75"
|
2010-06-24 23:04:57 +01:00
|
|
|
|
|
|
|
response = server_handshake % (pre, h['Origin'], pre, scheme,
|
|
|
|
h['Host'], h['path'], pre, trailer)
|
|
|
|
|
2010-06-25 00:45:30 +01:00
|
|
|
#print "sending response:", repr(response)
|
2010-06-24 23:04:57 +01:00
|
|
|
retsock.send(response)
|
2010-05-06 16:32:07 +01:00
|
|
|
return retsock
|
|
|
|
|
2010-07-17 18:05:58 +01:00
|
|
|
def daemonize(keepfd=None):
|
2010-06-17 22:06:18 +01:00
|
|
|
os.umask(0)
|
|
|
|
os.chdir('/')
|
|
|
|
os.setgid(os.getgid()) # relinquish elevations
|
|
|
|
os.setuid(os.getuid()) # relinquish elevations
|
|
|
|
|
|
|
|
# Double fork to daemonize
|
|
|
|
if os.fork() > 0: os._exit(0) # Parent exits
|
|
|
|
os.setsid() # Obtain new process group
|
|
|
|
if os.fork() > 0: os._exit(0) # Parent exits
|
|
|
|
|
|
|
|
# Signal handling
|
|
|
|
def terminate(a,b): os._exit(0)
|
|
|
|
signal.signal(signal.SIGTERM, terminate)
|
|
|
|
signal.signal(signal.SIGINT, signal.SIG_IGN)
|
|
|
|
|
|
|
|
# Close open files
|
|
|
|
maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
|
|
|
|
if maxfd == resource.RLIM_INFINITY: maxfd = 256
|
|
|
|
for fd in reversed(range(maxfd)):
|
|
|
|
try:
|
2010-07-17 18:05:58 +01:00
|
|
|
if fd != keepfd:
|
|
|
|
os.close(fd)
|
|
|
|
else:
|
|
|
|
print "Keeping fd: %d" % fd
|
2010-06-17 22:06:18 +01:00
|
|
|
except OSError, exc:
|
|
|
|
if exc.errno != errno.EBADF: raise
|
|
|
|
|
|
|
|
# Redirect I/O to /dev/null
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stdin.fileno())
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stdout.fileno())
|
|
|
|
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stderr.fileno())
|
|
|
|
|
|
|
|
|
|
|
|
def start_server():
|
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
|
lsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
2010-06-17 22:06:18 +01:00
|
|
|
lsock.bind((settings['listen_host'], settings['listen_port']))
|
2010-05-06 16:32:07 +01:00
|
|
|
lsock.listen(100)
|
2010-07-17 18:05:58 +01:00
|
|
|
|
|
|
|
if settings['daemon']: daemonize(keepfd=lsock.fileno())
|
|
|
|
|
2010-05-06 16:32:07 +01:00
|
|
|
while True:
|
|
|
|
try:
|
2010-06-17 22:06:18 +01:00
|
|
|
csock = startsock = None
|
|
|
|
print 'waiting for connection on port %s' % settings['listen_port']
|
2010-05-06 16:32:07 +01:00
|
|
|
startsock, address = lsock.accept()
|
|
|
|
print 'Got client connection from %s' % address[0]
|
2010-06-17 22:06:18 +01:00
|
|
|
csock = do_handshake(startsock)
|
2010-05-06 16:32:07 +01:00
|
|
|
if not csock: continue
|
|
|
|
|
2010-06-17 22:06:18 +01:00
|
|
|
settings['handler'](csock)
|
2010-05-06 16:32:07 +01:00
|
|
|
|
|
|
|
except Exception:
|
|
|
|
print "Ignoring exception:"
|
|
|
|
print traceback.format_exc()
|
|
|
|
if csock: csock.close()
|
2010-06-17 22:06:18 +01:00
|
|
|
if startsock and startsock != csock: startsock.close()
|