incremental
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
index 3a92218..40ade75 100644
--- a/src/token_authorization_middleware.cpp
+++ b/src/token_authorization_middleware.cpp
@@ -4,16 +4,14 @@
#include <token_authorization_middleware.hpp>
-namespace crow {
-std::string TokenAuthorizationMiddleware::context::get_cookie(const std::string& key) {
- if (cookie_sessions.count(key)) return cookie_sessions[key];
- return {};
-}
+#include <base64.hpp>
-void TokenAuthorizationMiddleware::context::set_cookie(const std::string& key, const std::string& value) { cookies_to_push_to_client.emplace(key, value); }
+namespace crow {
+
+using random_bytes_engine = std::independent_bits_engine<std::default_random_engine, CHAR_BIT, unsigned char>;
+
void TokenAuthorizationMiddleware::before_handle(crow::request& req, response& res, context& ctx) {
- return;
auto return_unauthorized = [&req, &res]() {
res.code = 401;
@@ -21,32 +19,73 @@
};
if (req.url == "/" || boost::starts_with(req.url, "/static/")){
//TODO this is total hackery to allow the login page to work before the user
- // is authenticated. Also, it will be quite slow for all pages.
+ // is authenticated. Also, it will be quite slow for all pages instead of
+ // a one time hit for the whitelist entries.
// Ideally, this should be done in the url router handler, with tagged routes
// for the whitelist entries.
return;
}
- //TODO this
+
if (req.url == "/login") {
- }
- // Check for an authorization header, reject if not present
- if (req.headers.count("Authorization") != 1) {
- return_unauthorized();
- return;
- }
+ if (req.method != HTTPMethod::POST){
+ return_unauthorized();
+ return;
+ } else {
+ auto login_credentials = crow::json::load(req.body);
+ if (!login_credentials){
+ return_unauthorized();
+ return;
+ }
+ auto username = login_credentials["username"].s();
+ auto password = login_credentials["password"].s();
- std::string auth_header = req.get_header_value("Authorization");
- // If the user is attempting any kind of auth other than token, reject
- if (!boost::starts_with(auth_header, "Token ")) {
- return_unauthorized();
- return;
+ if (username == "dude" && password == "dude"){
+ std::random_device rand;
+ random_bytes_engine rbe;
+ std::string token('a', 20);
+ std::generate(begin(token), end(token), std::ref(rbe));
+ std::string encoded_token;
+ base64::base64_encode(token, encoded_token);
+ ctx.auth_token = encoded_token;
+ this->auth_token2 = encoded_token;
+
+ } else {
+ return_unauthorized();
+ return;
+ }
+ }
+
+ } else if (req.url == "/logout") {
+ this->auth_token2 = "";
+ } else { // Normal, non login, non static file request
+ // Check to make sure we're logged in
+ if (this->auth_token2.empty()){
+ return_unauthorized();
+ return;
+ }
+ // Check for an authorization header, reject if not present
+ if (req.headers.count("Authorization") != 1) {
+ return_unauthorized();
+ return;
+ }
+
+ std::string auth_header = req.get_header_value("Authorization");
+ // If the user is attempting any kind of auth other than token, reject
+ if (!boost::starts_with(auth_header, "Token ")) {
+ return_unauthorized();
+ return;
+ }
+
+ //todo, use span here instead of constructing a new string
+ if (auth_header.substr(6) != this->auth_token2){
+ return_unauthorized();
+ return;
+ }
}
}
void TokenAuthorizationMiddleware::after_handle(request& /*req*/, response& res, context& ctx) {
- for (auto& cookie : ctx.cookies_to_push_to_client) {
- res.add_header("Set-Cookie", cookie.first + "=" + cookie.second);
- }
+
}
-}
\ No newline at end of file
+}
diff --git a/src/webserver_main.cpp b/src/webserver_main.cpp
index b89c2a6..c5c3eed 100644
--- a/src/webserver_main.cpp
+++ b/src/webserver_main.cpp
@@ -1,10 +1,9 @@
-#include "crow/ci_map.h"
-#include "crow/http_parser_merged.h"
-#include "crow/query_string.h"
#include "crow/app.h"
+#include "crow/ci_map.h"
#include "crow/common.h"
#include "crow/dumb_timer_queue.h"
#include "crow/http_connection.h"
+#include "crow/http_parser_merged.h"
#include "crow/http_request.h"
#include "crow/http_response.h"
#include "crow/http_server.h"
@@ -14,6 +13,7 @@
#include "crow/middleware_context.h"
#include "crow/mustache.h"
#include "crow/parser.h"
+#include "crow/query_string.h"
#include "crow/routing.h"
#include "crow/settings.h"
#include "crow/socket_adaptors.h"
@@ -25,88 +25,172 @@
#include "webassets.hpp"
#include <iostream>
+#include <memory>
#include <string>
#include "ssl_key_handler.hpp"
+#include <boost/endian/arithmetic.hpp>
+
+#include <boost/asio.hpp>
+
+#include <unordered_set>
#include <webassets.hpp>
-crow::ssl_context_t get_ssl_context(std::string ssl_pem_file){
- crow::ssl_context_t m_ssl_context{boost::asio::ssl::context::sslv23};
- m_ssl_context.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::no_sslv3 |
- boost::asio::ssl::context::single_dh_use | boost::asio::ssl::context::no_tlsv1 | boost::asio::ssl::context::no_tlsv1_1);
+static const std::string rfb_3_3_version_string = "RFB 003.003\n";
+static const std::string rfb_3_7_version_string = "RFB 003.007\n";
+static const std::string rfb_3_8_version_string = "RFB 003.008\n";
- // m_ssl_context.set_verify_mode(boost::asio::ssl::verify_peer);
- m_ssl_context.use_certificate_file(ssl_pem_file, boost::asio::ssl::context::pem);
- m_ssl_context.use_private_key_file(ssl_pem_file, boost::asio::ssl::context::pem);
+enum class RfbAuthScheme : uint8_t { connection_failed = 0, no_authentication = 1, vnc_authentication = 2 };
- // Set up EC curves to auto (boost asio doesn't have a method for this)
- // There is a pull request to add this. Once this is included in an asio drop, use the right way
- // http://stackoverflow.com/questions/18929049/boost-asio-with-ecdsa-certificate-issue
- if (SSL_CTX_set_ecdh_auto(m_ssl_context.native_handle(), 1) != 1) {
- CROW_LOG_ERROR << "Error setting tmp ecdh list\n";
+struct pixel_format_struct {
+ boost::endian::big_uint8_t bits_per_pixel;
+ boost::endian::big_uint8_t depth;
+ boost::endian::big_uint8_t is_big_endian;
+ boost::endian::big_uint8_t is_true_color;
+ boost::endian::big_uint16_t red_max;
+ boost::endian::big_uint16_t green_max;
+ boost::endian::big_uint16_t blue_max;
+ boost::endian::big_uint8_t red_shift;
+ boost::endian::big_uint8_t green_shift;
+ boost::endian::big_uint8_t blue_shift;
+ boost::endian::big_uint8_t pad1;
+ boost::endian::big_uint8_t pad2;
+ boost::endian::big_uint8_t pad3;
+};
+
+struct server_initialization_message {
+ boost::endian::big_uint16_t framebuffer_width;
+ boost::endian::big_uint16_t framebuffer_height;
+ pixel_format_struct pixel_format;
+ boost::endian::big_uint32_t name_length;
+};
+
+enum class client_to_server_message_type : uint8_t {
+ set_pixel_format = 0,
+ fix_color_map_entries = 1,
+ set_encodings = 2,
+ framebuffer_update_request = 3,
+ key_event = 4,
+ pointer_event = 5,
+ client_cut_text = 6
+};
+
+struct set_pixel_format_message {
+ boost::endian::big_uint8_t pad1;
+ boost::endian::big_uint8_t pad2;
+ boost::endian::big_uint8_t pad3;
+ pixel_format_struct pixel_format;
+};
+
+struct frame_buffer_update_request_message {
+ boost::endian::big_uint8_t incremental;
+ boost::endian::big_uint16_t x_position;
+ boost::endian::big_uint16_t y_position;
+ boost::endian::big_uint16_t width;
+ boost::endian::big_uint16_t height;
+};
+
+struct key_event_message {
+ boost::endian::big_uint8_t down_flag;
+ boost::endian::big_uint8_t pad1;
+ boost::endian::big_uint8_t pad2;
+ boost::endian::big_uint32_t key;
+};
+
+struct pointer_event_message {
+ boost::endian::big_uint8_t button_mask;
+ boost::endian::big_uint16_t x_position;
+ boost::endian::big_uint16_t y_position;
+};
+
+struct client_cut_text_message {
+ std::vector<uint8_t> data;
+};
+
+enum class encoding_type : uint32_t {
+ raw = 0x00,
+ copy_rectangle = 0x01,
+ rising_rectangle = 0x02,
+ corre = 0x04,
+ hextile = 0x05,
+ zlib = 0x06,
+ tight = 0x07,
+ zlibhex = 0x08,
+ ultra = 0x09,
+ zrle = 0x10,
+ zywrle = 0x011,
+ cache_enable = 0xFFFF0001,
+ xor_enable = 0xFFFF0006,
+ server_state_ultranvc = 0xFFFF8000,
+ enable_keep_alive = 0xFFFF8001,
+ enableftp_protocol_version = 0xFFFF8002,
+ tight_compress_level_0 = 0xFFFFFF00,
+ tight_compress_level_9 = 0xFFFFFF09,
+ x_cursor = 0xFFFFFF10,
+ rich_cursor = 0xFFFFFF11,
+ pointer_pos = 0xFFFFFF18,
+ last_rect = 0xFFFFFF20,
+ new_framebuffer_size = 0xFFFFFF21,
+ tight_quality_level_0 = 0xFFFFFFE0,
+ tight_quality_level_9 = 0xFFFFFFE9
+};
+
+struct framebuffer_rectangle {
+ boost::endian::big_uint16_t x;
+ boost::endian::big_uint16_t y;
+ boost::endian::big_uint16_t width;
+ boost::endian::big_uint16_t height;
+ boost::endian::big_uint32_t encoding;
+ std::vector<uint8_t> data;
+};
+
+struct framebuffer_update_message {
+ boost::endian::big_uint8_t message_type;
+
+ std::vector<framebuffer_rectangle> rectangles;
+};
+
+std::string serialize(const framebuffer_update_message& msg) {
+ // calculate the size of the needed vector for serialization
+ size_t vector_size = 4;
+ for (const auto& rect : msg.rectangles) {
+ vector_size += 12 + rect.data.size();
}
- // From mozilla "compatibility"
- std::string ciphers =
- //"ECDHE-ECDSA-CHACHA20-POLY1305:"
- //"ECDHE-RSA-CHACHA20-POLY1305:"
- //"ECDHE-ECDSA-AES128-GCM-SHA256:"
- //"ECDHE-RSA-AES128-GCM-SHA256:"
- //"ECDHE-ECDSA-AES256-GCM-SHA384:"
- //"ECDHE-RSA-AES256-GCM-SHA384:"
- //"DHE-RSA-AES128-GCM-SHA256:"
- //"DHE-RSA-AES256-GCM-SHA384:"
- //"ECDHE-ECDSA-AES128-SHA256:"
- //"ECDHE-RSA-AES128-SHA256:"
- //"ECDHE-ECDSA-AES128-SHA:"
- //"ECDHE-RSA-AES256-SHA384:"
- //"ECDHE-RSA-AES128-SHA:"
- //"ECDHE-ECDSA-AES256-SHA384:"
- //"ECDHE-ECDSA-AES256-SHA:"
- //"ECDHE-RSA-AES256-SHA:"
- //"DHE-RSA-AES128-SHA256:"
- //"DHE-RSA-AES128-SHA:"
- //"DHE-RSA-AES256-SHA256:"
- //"DHE-RSA-AES256-SHA:"
- //"ECDHE-ECDSA-DES-CBC3-SHA:"
- //"ECDHE-RSA-DES-CBC3-SHA:"
- //"EDH-RSA-DES-CBC3-SHA:"
- "AES128-GCM-SHA256:"
- "AES256-GCM-SHA384:"
- "AES128-SHA256:"
- "AES256-SHA256:"
- "AES128-SHA:"
- "AES256-SHA:"
- "DES-CBC3-SHA:"
- "!DSS";
+ std::string serialized(vector_size, 0);
- // From mozilla "modern"
- std::string modern_ciphers =
- "ECDHE-ECDSA-AES256-GCM-SHA384:"
- "ECDHE-RSA-AES256-GCM-SHA384:"
- "ECDHE-ECDSA-CHACHA20-POLY1305:"
- "ECDHE-RSA-CHACHA20-POLY1305:"
- "ECDHE-ECDSA-AES128-GCM-SHA256:"
- "ECDHE-RSA-AES128-GCM-SHA256:"
- "ECDHE-ECDSA-AES256-SHA384:"
- "ECDHE-RSA-AES256-SHA384:"
- "ECDHE-ECDSA-AES128-SHA256:"
- "ECDHE-RSA-AES128-SHA256";
+ size_t i = 0;
+ serialized[i++] = 0; // Type
+ serialized[i++] = 0; // Pad byte
+ boost::endian::big_uint16_t number_of_rectangles;
+ std::memcpy(&serialized[i], &number_of_rectangles, sizeof(number_of_rectangles));
+ i += sizeof(number_of_rectangles);
- if (SSL_CTX_set_cipher_list(m_ssl_context.native_handle(), ciphers.c_str()) != 1) {
- CROW_LOG_ERROR << "Error setting cipher list\n";
+ for (const auto& rect : msg.rectangles) {
+ // copy the first part of the struct
+ size_t buffer_size = sizeof(framebuffer_rectangle) - sizeof(std::vector<uint8_t>);
+ std::memcpy(&serialized[i], &rect, buffer_size);
+ i += buffer_size;
+
+ std::memcpy(&serialized[i], rect.data.data(), rect.data.size());
+ i += rect.data.size();
}
- return m_ssl_context;
+
+ return serialized;
}
+enum class VncState { UNSTARTED, AWAITING_CLIENT_VERSION, AWAITING_CLIENT_AUTH_METHOD, AWAITING_CLIENT_INIT_MESSAGE, MAIN_LOOP };
+
+class connection_metadata {
+ public:
+ connection_metadata(void) : vnc_state(VncState::AWAITING_CLIENT_VERSION){};
+
+ VncState vnc_state;
+};
int main(int argc, char** argv) {
auto worker(g3::LogWorker::createLogWorker());
- //TODO rotating logger isn't working super well
- //auto logger = worker->addSink(std::make_unique<LogRotate>("webserverlog", "/tmp/"),
- // &LogRotate::save);
-
auto handle = worker->addDefaultLogger(argv[0], "/tmp/");
g3::initializeLogging(worker.get());
auto sink_handle = worker->addSink(std::make_unique<crow::ColorCoutSink>(), &crow::ColorCoutSink::ReceiveLogMessage);
@@ -114,17 +198,11 @@
std::string ssl_pem_file("server.pem");
ensuressl::ensure_openssl_key_present_and_valid(ssl_pem_file);
- //crow::App<crow::TokenAuthorizationMiddleware> app;
crow::App<crow::TokenAuthorizationMiddleware> app;
crow::webassets::request_routes(app);
crow::logger::setLogLevel(crow::LogLevel::INFO);
- auto rules = app.get_rules();
- for (auto& rule : rules) {
- LOG(DEBUG) << "Static route: " << rule;
- }
-
CROW_ROUTE(app, "/routes")
([&app]() {
crow::json::wvalue routes;
@@ -133,5 +211,209 @@
return routes;
});
- app.port(18080).ssl(std::move(get_ssl_context(ssl_pem_file))).run();
+ CROW_ROUTE(app, "/login")
+ .methods("POST"_method)([&](const crow::request& req) {
+ auto auth_token = app.get_context<crow::TokenAuthorizationMiddleware>(req).auth_token;
+ crow::json::wvalue x;
+ x["token"] = auth_token;
+
+ return x;
+ });
+
+ CROW_ROUTE(app, "/logout")
+ .methods("GET"_method, "POST"_method)([]() {
+ // Do nothing. Credentials have already been cleared by middleware.
+ return 200;
+ });
+
+ CROW_ROUTE(app, "/systeminfo")
+ ([]() {
+
+ crow::json::wvalue j;
+ j["device_id"] = 0x7B;
+ j["device_provides_sdrs"] = true;
+ j["device_revision"] = true;
+ j["device_available"] = true;
+ j["firmware_revision"] = "0.68";
+
+ j["ipmi_revision"] = "2.0";
+ j["supports_chassis_device"] = true;
+ j["supports_bridge"] = true;
+ j["supports_ipmb_event_generator"] = true;
+ j["supports_ipmb_event_receiver"] = true;
+ j["supports_fru_inventory_device"] = true;
+ j["supports_sel_device"] = true;
+ j["supports_sdr_repository_device"] = true;
+ j["supports_sensor_device"] = true;
+
+ j["firmware_aux_revision"] = "0.60.foobar";
+
+ return j;
+ });
+
+ typedef std::vector<connection_metadata> meta_list;
+ meta_list connection_states(10);
+
+ connection_metadata meta;
+
+ CROW_ROUTE(app, "/kvmws")
+ .websocket()
+ .onopen([&](crow::websocket::connection& conn) {
+ meta.vnc_state = VncState::AWAITING_CLIENT_VERSION;
+ conn.send_binary(rfb_3_8_version_string);
+ })
+ .onclose([&](crow::websocket::connection& conn, const std::string& reason) {
+
+ })
+ .onmessage([&](crow::websocket::connection& conn, const std::string& data, bool is_binary) {
+ switch (meta.vnc_state) {
+ case VncState::AWAITING_CLIENT_VERSION: {
+ std::cout << "Client sent: " << data;
+ if (data == rfb_3_8_version_string || data == rfb_3_7_version_string) {
+ std::string auth_types{1, (uint8_t)RfbAuthScheme::no_authentication};
+ conn.send_binary(auth_types);
+ meta.vnc_state = VncState::AWAITING_CLIENT_AUTH_METHOD;
+ } else if (data == rfb_3_3_version_string) {
+ // TODO(ed)
+ } else {
+ // TODO(ed)
+ }
+ } break;
+ case VncState::AWAITING_CLIENT_AUTH_METHOD: {
+ std::string security_result{{0, 0, 0, 0}};
+ if (data[0] == (uint8_t)RfbAuthScheme::no_authentication) {
+ meta.vnc_state = VncState::AWAITING_CLIENT_INIT_MESSAGE;
+ } else {
+ // Mark auth as failed
+ security_result[3] = 1;
+ meta.vnc_state = VncState::UNSTARTED;
+ }
+ conn.send_binary(security_result);
+ } break;
+ case VncState::AWAITING_CLIENT_INIT_MESSAGE: {
+ // Now send the server initialization
+ server_initialization_message server_init_msg;
+ server_init_msg.framebuffer_width = 640;
+ server_init_msg.framebuffer_height = 480;
+ server_init_msg.pixel_format.bits_per_pixel = 32;
+ server_init_msg.pixel_format.is_big_endian = 0;
+ server_init_msg.pixel_format.is_true_color = 1;
+ server_init_msg.pixel_format.red_max = 255;
+ server_init_msg.pixel_format.green_max = 255;
+ server_init_msg.pixel_format.blue_max = 255;
+ server_init_msg.pixel_format.red_shift = 16;
+ server_init_msg.pixel_format.green_shift = 8;
+ server_init_msg.pixel_format.blue_shift = 0;
+ server_init_msg.name_length = 0;
+ std::cout << "size: " << sizeof(server_init_msg);
+ // TODO(ed) this is ugly. Crow should really have a span type interface
+ // to avoid the copy, but alas, today it does not.
+ std::string s(reinterpret_cast<char*>(&server_init_msg), sizeof(server_init_msg));
+ LOG(DEBUG) << "s.size() " << s.size();
+ conn.send_binary(s);
+ meta.vnc_state = VncState::MAIN_LOOP;
+ } break;
+ case VncState::MAIN_LOOP: {
+ if (data.size() >= sizeof(client_to_server_message_type)) {
+ auto type = static_cast<client_to_server_message_type>(data[0]);
+ std::cout << "Got type " << (uint32_t)type << "\n";
+ switch (type) {
+ case client_to_server_message_type::set_pixel_format: {
+ } break;
+
+ case client_to_server_message_type::fix_color_map_entries: {
+ } break;
+ case client_to_server_message_type::set_encodings: {
+ } break;
+ case client_to_server_message_type::framebuffer_update_request: {
+ // Make sure the buffer is long enough to handle what we're about to do
+ if (data.size() >= sizeof(frame_buffer_update_request_message) + sizeof(client_to_server_message_type)) {
+ auto msg = reinterpret_cast<const frame_buffer_update_request_message*>(data.data() + sizeof(client_to_server_message_type));
+
+ std::cout << "framebuffer_update_request_message\n";
+ std::cout << " incremental=" << msg->incremental << "\n";
+ std::cout << " x=" << msg->x_position;
+ std::cout << " y=" << msg->y_position << "\n";
+ std::cout << " width=" << msg->width;
+ std::cout << " height=" << msg->height << "\n";
+
+ framebuffer_update_message buffer_update_message;
+
+ // If the viewer is requesting a full update, force write of all
+ // pixels
+
+ framebuffer_rectangle this_rect;
+ this_rect.x = msg->x_position;
+ this_rect.y = msg->y_position;
+ this_rect.width = msg->width;
+ this_rect.height = msg->height;
+ this_rect.encoding = static_cast<uint8_t>(encoding_type::raw);
+
+ this_rect.data.reserve(this_rect.width * this_rect.height * 4);
+
+ for (unsigned int x_index = 0; x_index < this_rect.width; x_index++) {
+ for (unsigned int y_index = 0; y_index < this_rect.height; y_index++) {
+ this_rect.data.push_back(static_cast<uint8_t>(0)); // Blue
+ this_rect.data.push_back(static_cast<uint8_t>(0)); // Green
+ this_rect.data.push_back(static_cast<uint8_t>(x_index * 0xFF / msg->width)); // RED
+ this_rect.data.push_back(static_cast<uint8_t>(0)); // UNUSED
+ }
+ }
+
+ buffer_update_message.rectangles.push_back(std::move(this_rect));
+ auto serialized = serialize(buffer_update_message);
+
+ conn.send_binary(serialized);
+ }
+
+ }
+
+ break;
+
+ case client_to_server_message_type::key_event: {
+ } break;
+
+ case client_to_server_message_type::pointer_event: {
+ } break;
+
+ case client_to_server_message_type::client_cut_text: {
+ } break;
+
+ default:
+ break;
+ }
+ }
+
+ } break;
+ case VncState::UNSTARTED:
+ // Error? TODO
+ break;
+ }
+
+ });
+
+ CROW_ROUTE(app, "/ipmiws")
+ .websocket()
+ .onopen([&](crow::websocket::connection& conn) {
+
+ })
+ .onclose([&](crow::websocket::connection& conn, const std::string& reason) {
+
+ })
+ .onmessage([&](crow::websocket::connection& conn, const std::string& data, bool is_binary) {
+ boost::asio::io_service io_service;
+ boost::asio::ip::udp::udp::socket socket(io_service, boost::asio::ip::udp::endpoint(boost::asio::ip::udp::v4(), 0));
+ boost::asio::ip::udp::resolver resolver(io_service);
+ boost::asio::ip::udp::resolver::query query(boost::asio::ip::udp::v4(), "10.243.48.31", "623");
+ boost::asio::ip::udp::resolver::iterator iter = resolver.resolve(query);
+ socket.send_to(boost::asio::buffer(data), *iter);
+ });
+
+ auto rules = app.get_rules();
+ for (auto& rule : rules) {
+ LOG(DEBUG) << "Static route: " << rule;
+ }
+
+ // app.port(18080).ssl(std::move(get_ssl_context(ssl_pem_file))).concurrency(4).run();
+ app.port(18080).concurrency(4).run();
}