Major Update

CHANGELOG.md

@@ -6,6 +6,6 @@ All notable changes to this project will be documented in this file.
 
 - Initial release.
 
-## 0.0.25
+## 0.0.28
 
-- Improved make system.
+- Cleanup and update of libs.

Dockerfile

@@ -2,11 +2,11 @@ FROM debian:stable-slim
 ARG MAINTAINER
 MAINTAINER ${MAINTAINER}
 
-RUN echo 'export http_proxy=$(ip route show default | cut -d' ' -f3):3142' >> /etc/profile
+RUN echo 'export http_proxy=$(ip route list exact 0.0.0.0/0 | head -1 | cut -d" " -f3):3142' >> /etc/profile
 
 ARG BUILDDEPS
 RUN apt-get update && \
     apt-get --yes upgrade && \
     apt-get --yes install ${BUILDDEPS}
 
-ENTRYPOINT ["/bin/bash", "-c", "#(noop)"]
+ENTRYPOINT ["/bin/sh", "-c", "#(noop)"]

Dockerfile.heredoc

@@ -1,18 +0,0 @@
-FROM debian:stable-slim
-MAINTAINER Drone CI/CD
-
-ARG HTTP_PROXY
-RUN echo '\
-      Acquire::http  { Proxy "'${HTTP_PROXY}'"; } \n\
-      Acquire::https { Proxy "https://"; }; \n\
-'   >> /etc/apt/apt.conf.d/01-proxy
-
-RUN ls -l /etc/apt/apt.conf.d/01-proxy
-RUN cat /etc/apt/apt.conf.d/01-proxy
-
-ARG BUILDDEPS
-RUN apt-get update && \
-    apt-get --yes upgrade && \
-    apt-get --yes install ${BUILDDEPS}
-
-ENTRYPOINT ["/bin/bash", "-c"]

Makefile

@@ -1,11 +1,11 @@
-TARGETS := all dist clean
+TARGETS := all
 
 #SUBDIRS := $(wildcard */.)
 SUBDIRS = src src/contrib
 
 SUBDIRGOALS := all
 
-SUBDIRSCLEAN=$(addsuffix clean,$(SUBDIRS))
+SUBDIRSCLEAN=$(addsuffix -clean,$(SUBDIRS))
 
 
 
@@ -14,7 +14,10 @@ all: $(SUBDIRS) dist
 $(TARGETS): $(SUBDIRS)
 
 $(SUBDIRS):
-	$(MAKE) -C $@
+	$(MAKE) -C $@ $(SUBDIRGOALS)
+
+%-clean: %
+	$(MAKE) -C $< clean
 
 dist:
 	mkdir -p dist/opt/radangel
@@ -30,13 +33,10 @@ dist:
 	mkdir -p dist/etc/nginx/sites-available
 	cp -p config/nginx*.conf dist/etc/nginx/sites-available/
 
-%clean: %
-	$(MAKE) -C $< clean
-
-cleanproj:
+dist-clean:
 	rm -rf dist
 
-clean: $(SUBDIRSCLEAN) cleanproj
+clean: $(SUBDIRSCLEAN) dist-clean
 
 .PHONY: $(TARGETS) $(SUBDIRS)
 

config/nginx-datasrc-location.conf

@@ -1,31 +0,0 @@
-    ## <DATASRC> ##
-
-    location /data/hist.tsv {
-        alias /tmp/stats.tsv;
-    }
-
-    location /data/stream.tsv { 
-        alias /tmp/event.tsv;
-    }
-
-    location /data/stream.ws {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade         $http_upgrade;
-        proxy_set_header Connection      "upgrade";
-
-        proxy_set_header Host            $host; # $http_host;
-        proxy_set_header X-Real-IP       $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-NginX-Proxy   true;
-
-        proxy_read_timeout 3600;
-        proxy_buffering off;
-        tcp_nodelay on;
-
-        error_page 502 = /data/stream.tsv; # serve http for non-ws clients
-
-        proxy_pass http://127.0.0.1:5800/websockify;
-    }
-
-    ## </DATASRC> ##
-

config/nginx-default-datasrc-location.conf

@@ -0,0 +1,123 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+	# pass PHP scripts to FastCGI server
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php-fpm (or other unix sockets):
+	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+	#	# With php-cgi (or other tcp sockets):
+	#	fastcgi_pass 127.0.0.1:9000;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+    ## <DATASRC> ##
+
+    location /data/hist.tsv {
+        alias /tmp/stats.tsv;
+    }
+
+    location /data/stream.tsv { 
+        alias /tmp/event.tsv;
+    }
+
+    location /data/stream.ws {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade         $http_upgrade;
+        proxy_set_header Connection      "upgrade";
+
+        proxy_set_header Host            $host; # $http_host;
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-NginX-Proxy   true;
+
+        proxy_read_timeout 3600;
+        proxy_buffering off;
+        tcp_nodelay on;
+
+        error_page 502 = /data/stream.tsv; # serve http for non-ws clients
+
+        proxy_pass http://127.0.0.1:5800/websockify;
+    }
+
+    ## </DATASRC> ##
+
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#	listen 80;
+#	listen [::]:80;
+#
+#	server_name example.com;
+#
+#	root /var/www/example.com;
+#	index index.html;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}

draft.drone.yml

@@ -1,61 +0,0 @@
-kind: pipeline
-name: default
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-- name: build
-  image: debian:stable-slim
-  privileged: false
-  environment:
-    BUILDDEPS: build-essential libc6-dev libhidapi-dev libssl-dev   
-    MAKEFLAGS: -j 4
-    MAKEDIRS: src          src/contrib
-    BINARIES: src/radangel src/contrib/websockify
-  commands:
-    - | 
-      cat >> /etc/apt/apt.conf.d/01-proxy <<-EOF
-        Acquire::http  { Proxy "http://172.17.0.1:3142"; }
-        Acquire::https { Proxy "https://"; };
-      EOF
-    - apt-get update && apt-get --yes upgrade
-    - apt-get --yes install $BUILDDEPS
-    - export MAKEFLAGS
-    - for DIR in $MAKEDIRS; do make -C $DIR ; done
-    - ls -l  $BINARIES && md5sum $BINARIES
-  when:
-    branch:
-    - master
-    event:
-    - push
-    - tag
-
-- name: release
-  image: plugins/gitea-release
-  depends_on: 
-    - build
-  settings:
-    api_key:
-      from_secret: gitea-release
-    base_url: https://git.unino.de
-    files:
-      - src/radangel
-      - src/contrib/websockify
-    file_exists: overwrite
-    checksum:
-      - md5
-      - sha1
-      - sha256
-      - sha512
-      - adler32
-      - crc32
-    draft: true
-    prerelease: true
-    note: CHANGELOG.md
-    title: Release
-    insecure: false
-  when:
-    branch: master
-    event: tag

drone.yml

@@ -15,8 +15,6 @@ clone:
 steps:
 
 
-
-
 #http://plugins.drone.io/drone-plugins/drone-docker/
 #https://github.com/drone-plugins/drone-docker
 - name: prepare
@@ -32,19 +30,16 @@ steps:
       from_secret: reg-user
     password:
       from_secret: reg-pass
-    repo: reg.unino.de/library/debian-devel
+    repo: reg.unino.de/develop/debian-${DRONE_REPO_NAME}:stable-slim
     #mirror: registry.hub.docker.com/library/busybox
-
-    bip: 172.17.0.1/24
+    #bip: 172.17.0.1/24
     context: /drone
     #custom_dns: 127.0.0.11
     storage_driver: overlay2 # aufs, overlay or vfs
-
     #debug: true
     #launch_debug: true
     #target: production # build target from dockerfile, e.g. production, debug
     dockerfile: Dockerfile
-
     auto_tag: false
     auto_tag_suffix: linux-amd64
     force_tag: true
@@ -55,11 +50,8 @@ steps:
       - BUILDDEPS=build-essential libc6-dev libhidapi-dev libssl-dev zip
 
 
-
-
-
 - name: build
-  image: reg.unino.de/library/debian-devel:latest
+  image: reg.unino.de/develop/debian-${DRONE_REPO_NAME}:stable-slim
   when:
     event: [ push, tag ]
   depends_on: [ prepare ]
@@ -84,6 +76,7 @@ steps:
       find release -type f -exec md5sum '{}' \;
     - printf '\n\n\n======= BUILD FINISHED. =======\n\n\n'
 
+
 # http://plugins.drone.io/drone-plugins/drone-gpgsign/
 # https://github.com/drone-plugins/drone-gpgsign
 - name: sign
@@ -103,6 +96,7 @@ steps:
     excludes:
       - release/*.asc
 
+
 # http://plugins.drone.io/drone-plugins/drone-gitea-release/
 # https://github.com/drone-plugins/drone-gitea-release
 - name: release

html/js/get.sh

@@ -22,4 +22,4 @@ wget 'https://github.com/gka/chroma.js/raw/master/chroma.min.js'
 #wget 'https://tonejs.github.io/build/Tone.min.js'
 
 # nginx gzip_static on;
-for F in *.js ; do cat $F | gzip -9 > $F.gz ; done
+#for F in *.js ; do cat $F | gzip -9 > $F.gz ; done

src/contrib/Makefile

@@ -3,12 +3,11 @@ CFLAGS += -fPIC
 
 all: $(TARGETS)
 
-websockify: websockify.o websocket.o base64.o
+websockify: websockify.o websocket.o
 	$(CC) $(LDFLAGS) $^ -lssl -lcrypto -o $@
 
 websocket.o: websocket.c websocket.h
 websockify.o: websockify.c websocket.h
-base64.o: base64.c
 
 clean:
 	rm -f websockify *.o

src/contrib/base64.c

@@ -1,313 +0,0 @@
-/*
- * Copyright (c) 1996-1999 by Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Portions Copyright (c) 1995 by International Business Machines, Inc.
- *
- * International Business Machines, Inc. (hereinafter called IBM) grants
- * permission under its copyrights to use, copy, modify, and distribute this
- * Software with or without fee, provided that the above copyright notice and
- * all paragraphs of this notice appear in all copies, and that the name of IBM
- * not be used in connection with the marketing of any product incorporating
- * the Software or modifications thereof, without specific, written prior
- * permission.
- *
- * To the extent it has a right to do so, IBM grants an immunity from suit
- * under its patents, if any, for the use, sale or manufacture of products to
- * the extent that such products are used for performing Domain Name System
- * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
- * granted for any product per se or for any other function of any product.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-#if !defined(LINT) && !defined(CODECENTER)
-static const char rcsid[] = "$BINDId: base64.c,v 8.7 1999/10/13 16:39:33 vixie Exp $";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
-
-#include <ctype.h>
-#include <resolv.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define Assert(Cond) if (!(Cond)) abort()
-
-static const char Base64[] =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-static const char Pad64 = '=';
-
-/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
-   The following encoding technique is taken from RFC 1521 by Borenstein
-   and Freed.  It is reproduced here in a slightly edited form for
-   convenience.
-
-   A 65-character subset of US-ASCII is used, enabling 6 bits to be
-   represented per printable character. (The extra 65th character, "=",
-   is used to signify a special processing function.)
-
-   The encoding process represents 24-bit groups of input bits as output
-   strings of 4 encoded characters. Proceeding from left to right, a
-   24-bit input group is formed by concatenating 3 8-bit input groups.
-   These 24 bits are then treated as 4 concatenated 6-bit groups, each
-   of which is translated into a single digit in the base64 alphabet.
-
-   Each 6-bit group is used as an index into an array of 64 printable
-   characters. The character referenced by the index is placed in the
-   output string.
-
-                         Table 1: The Base64 Alphabet
-
-      Value Encoding  Value Encoding  Value Encoding  Value Encoding
-          0 A            17 R            34 i            51 z
-          1 B            18 S            35 j            52 0
-          2 C            19 T            36 k            53 1
-          3 D            20 U            37 l            54 2
-          4 E            21 V            38 m            55 3
-          5 F            22 W            39 n            56 4
-          6 G            23 X            40 o            57 5
-          7 H            24 Y            41 p            58 6
-          8 I            25 Z            42 q            59 7
-          9 J            26 a            43 r            60 8
-         10 K            27 b            44 s            61 9
-         11 L            28 c            45 t            62 +
-         12 M            29 d            46 u            63 /
-         13 N            30 e            47 v
-         14 O            31 f            48 w         (pad) =
-         15 P            32 g            49 x
-         16 Q            33 h            50 y
-
-   Special processing is performed if fewer than 24 bits are available
-   at the end of the data being encoded.  A full encoding quantum is
-   always completed at the end of a quantity.  When fewer than 24 input
-   bits are available in an input group, zero bits are added (on the
-   right) to form an integral number of 6-bit groups.  Padding at the
-   end of the data is performed using the '=' character.
-
-   Since all base64 input is an integral number of octets, only the
-         -------------------------------------------------
-   following cases can arise:
-
-       (1) the final quantum of encoding input is an integral
-           multiple of 24 bits; here, the final unit of encoded
-	   output will be an integral multiple of 4 characters
-	   with no "=" padding,
-       (2) the final quantum of encoding input is exactly 8 bits;
-           here, the final unit of encoded output will be two
-	   characters followed by two "=" padding characters, or
-       (3) the final quantum of encoding input is exactly 16 bits;
-           here, the final unit of encoded output will be three
-	   characters followed by one "=" padding character.
-   */
-
-int
-ws_b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize) {
-	size_t datalength = 0;
-	u_char input[3];
-	u_char output[4];
-	size_t i;
-
-	while (2 < srclength) {
-		input[0] = *src++;
-		input[1] = *src++;
-		input[2] = *src++;
-		srclength -= 3;
-
-		output[0] = input[0] >> 2;
-		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
-		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
-		output[3] = input[2] & 0x3f;
-		Assert(output[0] < 64);
-		Assert(output[1] < 64);
-		Assert(output[2] < 64);
-		Assert(output[3] < 64);
-
-		if (datalength + 4 > targsize)
-			return (-1);
-		target[datalength++] = Base64[output[0]];
-		target[datalength++] = Base64[output[1]];
-		target[datalength++] = Base64[output[2]];
-		target[datalength++] = Base64[output[3]];
-	}
-
-	/* Now we worry about padding. */
-	if (0 != srclength) {
-		/* Get what's left. */
-		input[0] = input[1] = input[2] = '\0';
-		for (i = 0; i < srclength; i++)
-			input[i] = *src++;
-
-		output[0] = input[0] >> 2;
-		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
-		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
-		Assert(output[0] < 64);
-		Assert(output[1] < 64);
-		Assert(output[2] < 64);
-
-		if (datalength + 4 > targsize)
-			return (-1);
-		target[datalength++] = Base64[output[0]];
-		target[datalength++] = Base64[output[1]];
-		if (srclength == 1)
-			target[datalength++] = Pad64;
-		else
-			target[datalength++] = Base64[output[2]];
-		target[datalength++] = Pad64;
-	}
-	if (datalength >= targsize)
-		return (-1);
-	target[datalength] = '\0';	/* Returned value doesn't count \0. */
-	return (datalength);
-}
-//libresolv_hidden_def (b64_ntop)
-
-/* skips all whitespace anywhere.
-   converts characters, four at a time, starting at (or after)
-   src from base - 64 numbers into three 8 bit bytes in the target area.
-   it returns the number of data bytes stored at the target, or -1 on error.
- */
-
-int
-ws_b64_pton(char const *src, u_char *target, size_t targsize) {
-	int tarindex, state, ch;
-	char *pos;
-
-	state = 0;
-	tarindex = 0;
-
-	while ((ch = *src++) != '\0') {
-		if (isspace(ch))	/* Skip whitespace anywhere. */
-			continue;
-
-		if (ch == Pad64)
-			break;
-
-		pos = strchr(Base64, ch);
-		if (pos == 0) 		/* A non-base64 character. */
-			return (-1);
-
-		switch (state) {
-		case 0:
-			if (target) {
-				if ((size_t)tarindex >= targsize)
-					return (-1);
-				target[tarindex] = (pos - Base64) << 2;
-			}
-			state = 1;
-			break;
-		case 1:
-			if (target) {
-				if ((size_t)tarindex + 1 >= targsize)
-					return (-1);
-				target[tarindex]   |=  (pos - Base64) >> 4;
-				target[tarindex+1]  = ((pos - Base64) & 0x0f)
-							<< 4 ;
-			}
-			tarindex++;
-			state = 2;
-			break;
-		case 2:
-			if (target) {
-				if ((size_t)tarindex + 1 >= targsize)
-					return (-1);
-				target[tarindex]   |=  (pos - Base64) >> 2;
-				target[tarindex+1]  = ((pos - Base64) & 0x03)
-							<< 6;
-			}
-			tarindex++;
-			state = 3;
-			break;
-		case 3:
-			if (target) {
-				if ((size_t)tarindex >= targsize)
-					return (-1);
-				target[tarindex] |= (pos - Base64);
-			}
-			tarindex++;
-			state = 0;
-			break;
-		default:
-			abort();
-		}
-	}
-
-	/*
-	 * We are done decoding Base-64 chars.  Let's see if we ended
-	 * on a byte boundary, and/or with erroneous trailing characters.
-	 */
-
-	if (ch == Pad64) {		/* We got a pad char. */
-		ch = *src++;		/* Skip it, get next. */
-		switch (state) {
-		case 0:		/* Invalid = in first position */
-		case 1:		/* Invalid = in second position */
-			return (-1);
-
-		case 2:		/* Valid, means one byte of info */
-			/* Skip any number of spaces. */
-			for ((void)NULL; ch != '\0'; ch = *src++)
-				if (!isspace(ch))
-					break;
-			/* Make sure there is another trailing = sign. */
-			if (ch != Pad64)
-				return (-1);
-			ch = *src++;		/* Skip the = */
-			/* Fall through to "single trailing =" case. */
-			/* FALLTHROUGH */
-
-		case 3:		/* Valid, means two bytes of info */
-			/*
-			 * We know this char is an =.  Is there anything but
-			 * whitespace after it?
-			 */
-			for ((void)NULL; ch != '\0'; ch = *src++)
-				if (!isspace(ch))
-					return (-1);
-
-			/*
-			 * Now make sure for cases 2 and 3 that the "extra"
-			 * bits that slopped past the last full byte were
-			 * zeros.  If we don't check them, they become a
-			 * subliminal channel.
-			 */
-			if (target && target[tarindex] != 0)
-				return (-1);
-		}
-	} else {
-		/*
-		 * We ended by seeing the end of the string.  Make sure we
-		 * have no partial bytes lying around.
-		 */
-		if (state != 0)
-			return (-1);
-	}
-
-	return (tarindex);
-}

src/contrib/websocket.c

@@ -11,7 +11,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <strings.h>
+#include <string.h>
 #include <sys/types.h> 
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -22,13 +22,11 @@
 #include <fcntl.h>  // daemonizing
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include <openssl/bio.h> /* base64 encode/decode */
 #include <openssl/md5.h> /* md5 hash */
 #include <openssl/sha.h> /* sha1 hash */
 #include "websocket.h"
 
-int ws_b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize);
-int ws_b64_pton(char const *src, u_char *target, size_t targsize);
-
 /*
  * Global state
  *
@@ -159,7 +157,8 @@ ws_ctx_t *ws_socket_ssl(ws_ctx_t *ctx, int socket, char * certfile, char * keyfi
 
     }
 
-    ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
+    //ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
+    ctx->ssl_ctx = SSL_CTX_new(TLS_server_method());
     if (ctx->ssl_ctx == NULL) {
         ERR_print_errors_fp(stderr);
         fatal("Failed to configure SSL context");
@@ -171,8 +170,7 @@ ws_ctx_t *ws_socket_ssl(ws_ctx_t *ctx, int socket, char * certfile, char * keyfi
         fatal(msg);
     }
 
-    if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, certfile,
-                                     SSL_FILETYPE_PEM) <= 0) {
+    if (SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx, certfile) <= 0) {
         sprintf(msg, "Unable to load certificate file %s\n", certfile);
         fatal(msg);
     }
@@ -211,6 +209,72 @@ void ws_socket_free(ws_ctx_t *ctx) {
     }
 }
 
+int ws_b64_ntop(const unsigned char const * src, size_t srclen, char * dst, size_t dstlen) {
+    int len = 0;
+    int total_len = 0;
+
+    BIO *buff, *b64f;
+    BUF_MEM *ptr;
+
+    b64f = BIO_new(BIO_f_base64());
+    buff = BIO_new(BIO_s_mem());
+    buff = BIO_push(b64f, buff);
+
+    BIO_set_flags(buff, BIO_FLAGS_BASE64_NO_NL);
+    BIO_set_close(buff, BIO_CLOSE);
+    do {
+        len = BIO_write(buff, src + total_len, srclen - total_len);
+        if (len > 0)
+            total_len += len;
+    } while (len && BIO_should_retry(buff));
+
+    BIO_flush(buff);
+
+    BIO_get_mem_ptr(buff, &ptr);
+    len = ptr->length;
+
+    memcpy(dst, ptr->data, dstlen < len ? dstlen : len);
+    dst[dstlen < len ? dstlen : len] = '\0';
+
+    BIO_free_all(buff);
+
+    if (dstlen < len)
+        return -1;
+
+    return len;
+}
+
+int ws_b64_pton(const char const * src, unsigned char * dst, size_t dstlen) {
+    int len = 0;
+    int total_len = 0;
+    int pending = 0;
+
+    BIO *buff, *b64f;
+
+    b64f = BIO_new(BIO_f_base64());
+    buff = BIO_new_mem_buf(src, -1);
+    buff = BIO_push(b64f, buff);
+
+    BIO_set_flags(buff, BIO_FLAGS_BASE64_NO_NL);
+    BIO_set_close(buff, BIO_CLOSE);
+    do {
+        len = BIO_read(buff, dst + total_len, dstlen - total_len);
+        if (len > 0)
+            total_len += len;
+    } while (len && BIO_should_retry(buff));
+
+    dst[total_len] = '\0';
+
+    pending = BIO_ctrl_pending(buff);
+
+    BIO_free_all(buff);
+
+    if (pending)
+        return -1;
+
+    return len;
+}
+
 /* ------------------------------------------------------- */
 
 
@@ -272,7 +336,7 @@ int decode_hixie(char *src, size_t srclength,
 int encode_hybi(u_char const *src, size_t srclength,
                 char *target, size_t targsize, unsigned int opcode)
 {
-    unsigned long long b64_sz, len_offset = 1, payload_offset = 2;
+    unsigned long long payload_offset = 2;
     int len = 0;
 
     if (opcode != OPCODE_TEXT && opcode != OPCODE_BINARY) {
@@ -666,22 +730,20 @@ ws_ctx_t *do_handshake(int sock) {
 
     headers = ws_ctx->headers;
 
-    if (strstr(headers->protocols, "binary")) {
-      ws_ctx->opcode = OPCODE_BINARY;
-      response_protocol = "binary";
-    } else if (strstr(headers->protocols, "base64")) {
+    response_protocol = strtok(headers->protocols, ",");
+    if (!response_protocol || !strlen(response_protocol)) {
+        ws_ctx->opcode = OPCODE_BINARY;
+        response_protocol = "null";
+    } else if (!strcmp(response_protocol, "base64")) {
       ws_ctx->opcode = OPCODE_TEXT;
-      response_protocol = "base64";
     } else {
-      handler_emsg("Invalid protocol '%s', expecting 'binary' or 'base64'\n",
-          headers->protocols);
-      return NULL;
+        ws_ctx->opcode = OPCODE_BINARY;
     }
 
     if (ws_ctx->hybi > 0) {
         handler_msg("using protocol HyBi/IETF 6455 %d\n", ws_ctx->hybi);
         gen_sha1(headers, sha1);
-        sprintf(response, SERVER_HANDSHAKE_HYBI, sha1, response_protocol);
+        snprintf(response, sizeof(response), SERVER_HANDSHAKE_HYBI, sha1, response_protocol);
     } else {
         if (ws_ctx->hixie == 76) {
             handler_msg("using protocol Hixie 76\n");
@@ -692,8 +754,8 @@ ws_ctx_t *do_handshake(int sock) {
             trailer[0] = '\0';
             pre = "";
         }
-        sprintf(response, SERVER_HANDSHAKE_HIXIE, pre, headers->origin, pre, scheme,
-                headers->host, headers->path, pre, "base64", trailer);
+        snprintf(response, sizeof(response), SERVER_HANDSHAKE_HIXIE, pre, headers->origin,
+                 pre, scheme, headers->host, headers->path, pre, "base64", trailer);
     }
     
     //handler_msg("response: %s\n", response);
@@ -704,16 +766,9 @@ ws_ctx_t *do_handshake(int sock) {
 
 void signal_handler(int sig) {
     switch (sig) {
-        case SIGHUP:
-            if (settings.whitelist != NULL) {
-              load_whitelist();
-            }
-            break;
+        case SIGHUP: break; // ignore for now
         case SIGPIPE: pipe_error = 1; break; // handle inline
-        case SIGTERM:
-            remove(settings.pid);
-            exit(0);
-            break;
+        case SIGTERM: exit(0); break;
     }
 }
 
@@ -732,17 +787,7 @@ void daemonize(int keepfd) {
     setsid();                // Obtain new process group
     pid = fork();
     if (pid<0) { fatal("fork error"); }
-    if (pid>0) {
-      // parent exits
-      FILE *pidf = fopen(settings.pid, "w");
-      if (pidf) {
-        fprintf(pidf, "%d", pid);
-        fclose(pidf);
-      } else {
-        fprintf(stderr, "Could not write daemon PID file '%s': %s\n", settings.pid, strerror(errno));
-      }
-      exit(0);
-    }
+    if (pid>0) { exit(0); }  // parent exits
 
     /* Signal handling */
     signal(SIGHUP, signal_handler);   // catch HUP
@@ -847,6 +892,7 @@ void start_server() {
             break;   // Child process exits
         } else {         // parent process
             settings.handler_id += 1;
+            close(csock);
         }
     }
     if (pid == 0) {

src/contrib/websocket.h

@@ -66,12 +66,11 @@ typedef struct {
     int ssl_only;
     int daemon;
     int run_once;
-    char *whitelist;
-    char *pattern;
-    char *pid;
 } settings_t;
 
 
+int resolve_host(struct in_addr *sin_addr, const char *hostname);
+
 ssize_t ws_recv(ws_ctx_t *ctx, void *buf, size_t len);
 
 ssize_t ws_send(ws_ctx_t *ctx, const void *buf, size_t len);
@@ -89,21 +88,17 @@ ssize_t ws_send(ws_ctx_t *ctx, const void *buf, size_t len);
 #define handler_msg(...) gen_handler_msg(stdout, __VA_ARGS__);
 #define handler_emsg(...) gen_handler_msg(stderr, __VA_ARGS__);
 
-/* forward declarations */
 void traffic(const char * token);
-int encode_hybi(u_char const *src, size_t srclength,
-                char *target, size_t targsize, unsigned int opcode);
+
 int encode_hixie(u_char const *src, size_t srclength,
                  char *target, size_t targsize);
-int decode_hybi(unsigned char *src, size_t srclength,
-                u_char *target, size_t targsize,
-                unsigned int *opcode, unsigned int *left);
 int decode_hixie(char *src, size_t srclength,
                  u_char *target, size_t targsize,
                  unsigned int *opcode, unsigned int *left);
-int resolve_host(struct in_addr *sin_addr, const char *hostname);
-void start_server();
-
-
-int load_whitelist();
+int encode_hybi(u_char const *src, size_t srclength,
+                char *target, size_t targsize, unsigned int opcode);
+int decode_hybi(unsigned char *src, size_t srclength,
+                u_char *target, size_t targsize,
+                unsigned int *opcode, unsigned int *left);
 
+void start_server();

src/contrib/websockify.c

@@ -11,6 +11,7 @@
 #include <errno.h>
 #include <limits.h>
 #include <getopt.h>
+#include <string.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netdb.h>
@@ -18,15 +19,8 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/stat.h>
-#include <signal.h>
 #include "websocket.h"
 
-
-
-
-
-
-
 char traffic_legend[] = "\n\
 Traffic Legend:\n\
     }  - Client receive\n\
@@ -40,30 +34,22 @@ Traffic Legend:\n\
 ";
 
 char USAGE[] = "Usage: [options] " \
-               "[source_addr:]source_port target_addr{:target_port}\n\n" \
-               "  --verbose|-v         verbose messages and per frame traffic\n" \
-               "  --daemon|-D          become a daemon (background process)\n" \
-               "  --run-once           handle a single WebSocket connection and exit\n" \
-               "  --cert CERT          SSL certificate file\n" \
-               "  --key KEY            SSL key file (if separate from cert)\n" \
-               "  --ssl-only           disallow non-encrypted connections\n" \
-               "  --whitelist|-w LIST  new-line separated target port whitelist file\n" \
-               "                       (target_port is not required only with this option)\n" \
-               "  --pattern|-P         target port request pattern. Default: '/%d'\n" \
-               "  --pid|-p             desired path of pid file. Default: '/var/run/websockify.pid'";
+               "[source_addr:]source_port target_addr:target_port\n\n" \
+               "  --verbose|-v       verbose messages and per frame traffic\n" \
+               "  --daemon|-D        become a daemon (background process)\n" \
+               "  --run-once         handle a single WebSocket connection and exit\n" \
+               "  --cert CERT        SSL certificate file\n" \
+               "  --key KEY          SSL key file (if separate from cert)\n" \
+               "  --ssl-only         disallow non-encrypted connections";
 
 #define usage(fmt, args...) \
-    do { \
-        fprintf(stderr, "%s\n\n", USAGE); \
-        fprintf(stderr, fmt , ## args); \
-        exit(1); \
-    } while(0)
+    fprintf(stderr, "%s\n\n", USAGE); \
+    fprintf(stderr, fmt , ## args); \
+    exit(1);
 
 char target_host[256];
 int target_port;
-int *target_ports;
 
-//extern pipe_error;
 extern int pipe_error;
 extern settings_t settings;
 
@@ -253,27 +239,6 @@ void proxy_handler(ws_ctx_t *ws_ctx) {
     int tsock = 0;
     struct sockaddr_in taddr;
 
-    if (target_ports != NULL) {
-        if (sscanf(ws_ctx->headers->path, settings.pattern, &target_port) != 1) {
-        handler_emsg("Could not match pattern '%s' to request path '%s'\n",
-                     settings.pattern, ws_ctx->headers->path);
-        return;
-        }
-        int *p;
-        int found = 0;
-        for (p = target_ports; *p; p++) {
-            if (*p == target_port) {
-                found = 1;
-                break;
-            }
-        }
-        if (!found) {
-            handler_emsg("Rejecting connection to non-whitelisted port: '%d'\n",
-                         target_port);
-            return;
-        }
-    }
-
     handler_msg("connecting to: %s:%d\n", target_host, target_port);
 
     tsock = socket(AF_INET, SOCK_STREAM, 0);
@@ -309,77 +274,19 @@ void proxy_handler(ws_ctx_t *ws_ctx) {
     close(tsock);
 }
 
-int load_whitelist() {
-  printf("loading port whitelist '%s'\n", settings.whitelist);
-  FILE *whitelist = fopen(settings.whitelist, "r");
-  if (whitelist == NULL) {
-    fprintf(stderr, "Error opening whitelist file '%s':\n\t%s\n",
-          settings.whitelist, strerror(errno));
-    return -1;
-  }
-
-  const int tplen_grow = 512;
-  int tplen = tplen_grow, tpcount = 0;
-  target_ports = (int*)malloc(tplen*sizeof(int));
-  if (target_ports == NULL) {
-    fprintf(stderr, "Whitelist port malloc error");
-    return -2;
-  }
-
-  char *line = NULL;
-  ssize_t n = 0, nread = 0;
-  while ((nread = getline(&line, &n, whitelist)) > 0) {
-      if (line[0] == '\n') continue;
-      line[nread-1] = '\x00';
-      long int port = strtol(line, NULL, 10);
-      if (port < 1 || port > 65535) {
-          fprintf(stderr,
-            "Whitelist port '%s' is not between valid range 1 and 65535", line);
-          return -3;
-      }
-      tpcount++;
-      if (tpcount >= tplen) {
-          tplen += tplen_grow;
-          target_ports = (int*)realloc(target_ports, tplen*sizeof(int));
-          if (target_ports == NULL) {
-              fprintf(stderr, "Whitelist port realloc error");
-              return -2;
-          }
-      }
-      target_ports[tpcount-1] = port;
-  }
-  if (line != NULL) free(line);
-
-  if (tpcount == 0) {
-      fprintf(stderr, "0 ports read from whitelist file '%s'\n",
-                      settings.whitelist);
-      return -4;
-  }
-
-  target_ports = (int*)realloc(target_ports, (tpcount + 1)*sizeof(int));
-  if (target_ports == NULL) {
-      fprintf(stderr, "Whitelist port realloc error");
-      return -2;
-  }
-  target_ports[tpcount] = 0;
-  return 0;
-}
-
 int main(int argc, char *argv[])
 {
     int fd, c, option_index = 0;
+    static int ssl_only = 0, daemon = 0, run_once = 0, verbose = 0;
     char *found;
     static struct option long_options[] = {
-        {"verbose",   no_argument,       0,                 'v'},
-        {"ssl-only",  no_argument,       &settings.ssl_only, 1 },
-        {"daemon",    no_argument,       0,                 'D'},
+        {"verbose",    no_argument,       &verbose,    'v'},
+        {"ssl-only",   no_argument,       &ssl_only,    1 },
+        {"daemon",     no_argument,       &daemon,     'D'},
         /* ---- */
-        {"run-once",  no_argument,       0,                 'r'},
-        {"cert",      required_argument, 0,                 'c'},
-        {"key",       required_argument, 0,                 'k'},
-        {"whitelist", required_argument, 0,                 'w'},
-        {"pattern",   required_argument, 0,                 'P'},
-        {"pid",       required_argument, 0,                 'p'},
+        {"run-once",   no_argument,       0,           'r'},
+        {"cert",       required_argument, 0,           'c'},
+        {"key",        required_argument, 0,           'k'},
         {0, 0, 0, 0}
     };
 
@@ -389,15 +296,13 @@ int main(int argc, char *argv[])
         settings.cert = "self.pem";
     }
     settings.key = "";
-    settings.pattern = "/%d";
-    settings.pid = "/var/run/websockify.pid";
 
     while (1) {
-        c = getopt_long (argc, argv, "vDrc:k:w:p:P:",
+        c = getopt_long (argc, argv, "vDrc:k:",
                          long_options, &option_index);
 
         /* Detect the end */
-        if (c == -1) break;
+        if (c == -1) { break; }
 
         switch (c) {
             case 0:
@@ -405,13 +310,13 @@ int main(int argc, char *argv[])
             case 1:
                 break; // ignore
             case 'v':
-                settings.verbose = 1;
+                verbose = 1;
                 break;
             case 'D':
-                settings.daemon = 1;
+                daemon = 1;
                 break;
             case 'r':
-                settings.run_once = 1;
+                run_once = 1;
                 break;
             case 'c':
                 settings.cert = realpath(optarg, NULL);
@@ -425,22 +330,14 @@ int main(int argc, char *argv[])
                     usage("No key file at %s\n", optarg);
                 }
                 break;
-            case 'w':
-                settings.whitelist = realpath(optarg, NULL);
-                if (! settings.whitelist) {
-                    usage("No whitelist file at %s\n", optarg);
-                }
-                break;
-            case 'P':
-                settings.pattern = optarg;
-                break;
-            case 'p':
-                settings.pid = optarg;
-                break;
             default:
-                usage(" ");
+                usage("\n");
         }
     }
+    settings.verbose      = verbose;
+    settings.ssl_only     = ssl_only;
+    settings.daemon       = daemon;
+    settings.run_once     = run_once;
 
     if ((argc-optind) != 2) {
         usage("Invalid number of arguments\n");
@@ -460,25 +357,17 @@ int main(int argc, char *argv[])
     }
 
     found = strstr(argv[optind], ":");
-    if (found && settings.whitelist == NULL) {
+    if (found) {
         memcpy(target_host, argv[optind], found-argv[optind]);
         target_port = strtol(found+1, NULL, 10);
-        target_ports = NULL;
-    } else if (!found && settings.whitelist != NULL) {
-        if (load_whitelist()) {
-          usage("Whitelist error.");
-        }
-        memcpy(target_host, argv[optind], strlen(argv[optind]));
-        target_port = -1;
-
     } else {
-        usage("Target argument must be host:port or provide host and a port whitelist\n");
+        usage("Target argument must be host:port\n");
     }
     if (target_port == 0) {
         usage("Could not parse target port\n");
     }
 
-    if (settings.ssl_only) {
+    if (ssl_only) {
         if (access(settings.cert, R_OK) != 0) {
             usage("SSL only and cert file '%s' not found\n", settings.cert);
         }
@@ -493,7 +382,7 @@ int main(int argc, char *argv[])
     //printf("  cert: %s\n",      settings.cert);
     //printf("  key: %s\n",       settings.key);
 
-    settings.handler = proxy_handler;
+    settings.handler = proxy_handler; 
     start_server();
 
 }