GUACAMOLE-623: Merge fix build against older libwebsockets.

This commit is contained in:
Nick Couchman 2018-09-27 04:36:15 -04:00
commit b0be808036
3 changed files with 71 additions and 6 deletions

View File

@ -1198,14 +1198,40 @@ then
have_libwebsockets=no]) have_libwebsockets=no])
fi fi
# Check for client-specific closed event, which must be used in favor of the
# generic closed event if libwebsockets is recent enough to provide this
if test "x$with_websockets" != "xno" if test "x$with_websockets" != "xno"
then then
# Check for client-specific closed event, which must be used in favor of
# the generic closed event if libwebsockets is recent enough to provide
# this
AC_CHECK_DECL([LWS_CALLBACK_CLIENT_CLOSED], AC_CHECK_DECL([LWS_CALLBACK_CLIENT_CLOSED],
[AC_DEFINE([HAVE_LWS_CALLBACK_CLIENT_CLOSED],, [AC_DEFINE([HAVE_LWS_CALLBACK_CLIENT_CLOSED],,
[Whether LWS_CALLBACK_CLIENT_CLOSED is defined])],, [Whether LWS_CALLBACK_CLIENT_CLOSED is defined])],,
[#include <libwebsockets.h>]) [#include <libwebsockets.h>])
# Older versions of libwebsockets may not define a flag for requesting
# global initialization of OpenSSL, instead performing that initialization
# by default
AC_CHECK_DECL([LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT],
[AC_DEFINE([HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT],,
[Whether LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT is defined])],,
[#include <libwebsockets.h>])
# Older versions of libwebsockets do not define special macros for SSL
# connection flags, instead relying on documented integer values
AC_CHECK_DECL([LCCSCF_USE_SSL],
[AC_DEFINE([HAVE_LCCSCF_USE_SSL],,
[Whether LCCSCF_USE_SSL is defined])],,
[#include <libwebsockets.h>])
# Older versions of libwebsockets do not define a dummy callback which
# must be invoked after the main event callback is invoked; the main event
# callback must instead manually return zero
AC_CHECK_DECL([lws_callback_http_dummy],
[AC_DEFINE([HAVE_LWS_CALLBACK_HTTP_DUMMY],,
[Whether lws_callback_http_dummy() is defined])],,
[#include <libwebsockets.h>])
fi fi
AM_CONDITIONAL([ENABLE_WEBSOCKETS], AM_CONDITIONAL([ENABLE_WEBSOCKETS],

View File

@ -66,8 +66,13 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
guac_client* client = guac_kubernetes_lws_current_client; guac_client* client = guac_kubernetes_lws_current_client;
/* Do not handle any further events if connection is closing */ /* Do not handle any further events if connection is closing */
if (client->state != GUAC_CLIENT_RUNNING) if (client->state != GUAC_CLIENT_RUNNING) {
#ifdef HAVE_LWS_CALLBACK_HTTP_DUMMY
return lws_callback_http_dummy(wsi, reason, user, in, length); return lws_callback_http_dummy(wsi, reason, user, in, length);
#else
return 0;
#endif
}
switch (reason) { switch (reason) {
@ -115,6 +120,7 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
#endif #endif
/* Connection closed */ /* Connection closed */
case LWS_CALLBACK_WSI_DESTROY:
case LWS_CALLBACK_CLOSED: case LWS_CALLBACK_CLOSED:
guac_client_stop(client); guac_client_stop(client);
guac_client_log(client, GUAC_LOG_DEBUG, "WebSocket connection to " guac_client_log(client, GUAC_LOG_DEBUG, "WebSocket connection to "
@ -127,7 +133,11 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
} }
#ifdef HAVE_LWS_CALLBACK_HTTP_DUMMY
return lws_callback_http_dummy(wsi, reason, user, in, length); return lws_callback_http_dummy(wsi, reason, user, in, length);
#else
return 0;
#endif
} }
@ -259,7 +269,6 @@ void* guac_kubernetes_client_thread(void* data) {
.origin = settings->hostname, .origin = settings->hostname,
.port = settings->port, .port = settings->port,
.protocol = GUAC_KUBERNETES_LWS_PROTOCOL, .protocol = GUAC_KUBERNETES_LWS_PROTOCOL,
.pwsi = &kubernetes_client->wsi,
.userdata = client .userdata = client
}; };
@ -268,9 +277,15 @@ void* guac_kubernetes_client_thread(void* data) {
* do our own validation - libwebsockets does not validate properly if * do our own validation - libwebsockets does not validate properly if
* IP addresses are used. */ * IP addresses are used. */
if (settings->use_ssl) { if (settings->use_ssl) {
#ifdef HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT
context_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; context_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
#endif
#ifdef HAVE_LCCSCF_USE_SSL
connection_info.ssl_connection = LCCSCF_USE_SSL connection_info.ssl_connection = LCCSCF_USE_SSL
| LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK; | LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
#else
connection_info.ssl_connection = 2; /* SSL + no hostname check */
#endif
} }
/* Create libwebsockets context */ /* Create libwebsockets context */

View File

@ -110,6 +110,27 @@ static EVP_PKEY* guac_kubernetes_read_key(char* pem) {
} }
/**
* OpenSSL certificate verification callback which universally accepts all
* certificates without performing any verification at all.
*
* @param x509_ctx
* The current context of the certificate verification process. This
* parameter is ignored by this particular implementation of the callback.
*
* @param arg
* The arbitrary value passed to SSL_CTX_set_cert_verify_callback(). This
* parameter is ignored by this particular implementation of the callback.
*
* @return
* Strictly 0 if certificate verification fails, 1 if the certificate is
* verified. No other values are legal return values for this callback as
* documented by OpenSSL.
*/
static int guac_kubernetes_assume_cert_ok(X509_STORE_CTX* x509_ctx, void* arg) {
return 1;
}
void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) { void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) {
guac_kubernetes_client* kubernetes_client = guac_kubernetes_client* kubernetes_client =
@ -118,8 +139,11 @@ void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) {
guac_kubernetes_settings* settings = kubernetes_client->settings; guac_kubernetes_settings* settings = kubernetes_client->settings;
/* Bypass certificate checks if requested */ /* Bypass certificate checks if requested */
if (settings->ignore_cert) if (settings->ignore_cert) {
SSL_CTX_set_verify(context, SSL_VERIFY_NONE, NULL); SSL_CTX_set_verify(context, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_cert_verify_callback(context,
guac_kubernetes_assume_cert_ok, NULL);
}
/* Otherwise use the given CA certificate to validate (if any) */ /* Otherwise use the given CA certificate to validate (if any) */
else if (settings->ca_cert != NULL) { else if (settings->ca_cert != NULL) {