From 63eb24dd8e5eb1ff712b7f4657847e6e7c0aa307 Mon Sep 17 00:00:00 2001 From: max Date: Tue, 8 Nov 2022 15:43:57 +0100 Subject: Add option to listen to unix socket --- websockify/websocketproxy.py | 20 ++++++++- websockify/websockifyserver.py | 92 +++++++++++++++++++++++++++--------------- 2 files changed, 78 insertions(+), 34 deletions(-) diff --git a/websockify/websocketproxy.py b/websockify/websocketproxy.py index 09d7882..03463f2 100644 --- a/websockify/websocketproxy.py +++ b/websockify/websocketproxy.py @@ -11,7 +11,7 @@ as taken from http://docs.python.org/dev/library/ssl.html#certificates ''' -import signal, socket, optparse, time, os, sys, subprocess, logging, errno, ssl +import signal, socket, optparse, time, os, sys, subprocess, logging, errno, ssl, stat from socketserver import ThreadingMixIn from http.server import HTTPServer @@ -112,7 +112,9 @@ Traffic Legend: self.server.target_host, self.server.target_port, e) raise self.CClose(1011, "Failed to connect to downstream server") - self.request.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) + # Option unavailable when listening to unix socket + if not self.server.unix_listen: + self.request.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) if not self.server.wrap_cmd and not self.server.unix_target: tsock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1) @@ -467,6 +469,10 @@ def websockify_init(): parser.add_option("--ssl-ciphers", action="store", help="list of ciphers allowed for connection. For a list of " "supported ciphers run `openssl ciphers`") + parser.add_option("--unix-listen", + help="listen to unix socket", metavar="FILE", default=None) + parser.add_option("--unix-listen-mode", default=None, + help="specify mode for unix socket (defaults to 0600)") parser.add_option("--unix-target", help="connect to unix socket target", metavar="FILE") parser.add_option("--inetd", @@ -617,6 +623,16 @@ def websockify_init(): if opts.inetd: opts.listen_fd = sys.stdin.fileno() + elif opts.unix_listen: + if opts.unix_listen_mode: + try: + # Parse octal notation (like 750) + opts.unix_listen_mode = int(opts.unix_listen_mode, 8) + except ValueError: + parser.error("Error parsing listen unix socket mode") + else: + # Default to 0600 (Owner Read/Write) + opts.unix_listen_mode = stat.S_IREAD | stat.S_IWRITE else: if len(args) < 1: parser.error("Too few arguments") diff --git a/websockify/websockifyserver.py b/websockify/websockifyserver.py index 0199e42..b97f5bc 100644 --- a/websockify/websockifyserver.py +++ b/websockify/websockifyserver.py @@ -325,37 +325,40 @@ class WebSockifyServer(): file_only=False, run_once=False, timeout=0, idle_timeout=0, traffic=False, tcp_keepalive=True, tcp_keepcnt=None, tcp_keepidle=None, - tcp_keepintvl=None, ssl_ciphers=None, ssl_options=0): + tcp_keepintvl=None, ssl_ciphers=None, ssl_options=0, + unix_listen=None, unix_listen_mode=None): # settings self.RequestHandlerClass = RequestHandlerClass - self.verbose = verbose - self.listen_fd = listen_fd - self.listen_host = listen_host - self.listen_port = listen_port - self.prefer_ipv6 = source_is_ipv6 - self.ssl_only = ssl_only - self.ssl_ciphers = ssl_ciphers - self.ssl_options = ssl_options - self.verify_client = verify_client - self.daemon = daemon - self.run_once = run_once - self.timeout = timeout - self.idle_timeout = idle_timeout - self.traffic = traffic - self.file_only = file_only - self.web_auth = web_auth - - self.launch_time = time.time() - self.ws_connection = False - self.handler_id = 1 - self.terminating = False - - self.logger = self.get_logger() - self.tcp_keepalive = tcp_keepalive - self.tcp_keepcnt = tcp_keepcnt - self.tcp_keepidle = tcp_keepidle - self.tcp_keepintvl = tcp_keepintvl + self.verbose = verbose + self.listen_fd = listen_fd + self.unix_listen = unix_listen + self.unix_listen_mode = unix_listen_mode + self.listen_host = listen_host + self.listen_port = listen_port + self.prefer_ipv6 = source_is_ipv6 + self.ssl_only = ssl_only + self.ssl_ciphers = ssl_ciphers + self.ssl_options = ssl_options + self.verify_client = verify_client + self.daemon = daemon + self.run_once = run_once + self.timeout = timeout + self.idle_timeout = idle_timeout + self.traffic = traffic + self.file_only = file_only + self.web_auth = web_auth + + self.launch_time = time.time() + self.ws_connection = False + self.handler_id = 1 + self.terminating = False + + self.logger = self.get_logger() + self.tcp_keepalive = tcp_keepalive + self.tcp_keepcnt = tcp_keepcnt + self.tcp_keepidle = tcp_keepidle + self.tcp_keepintvl = tcp_keepintvl # keyfile path must be None if not specified self.key = None @@ -387,6 +390,8 @@ class WebSockifyServer(): self.msg("WebSocket server settings:") if self.listen_fd != None: self.msg(" - Listen for inetd connections") + elif self.unix_listen != None: + self.msg(" - Listen on unix socket %s", self.unix_listen) else: self.msg(" - Listen on %s:%s", self.listen_host, self.listen_port) @@ -421,8 +426,9 @@ class WebSockifyServer(): @staticmethod def socket(host, port=None, connect=False, prefer_ipv6=False, - unix_socket=None, use_ssl=False, tcp_keepalive=True, - tcp_keepcnt=None, tcp_keepidle=None, tcp_keepintvl=None): + unix_socket=None, unix_socket_mode=None, unix_socket_listen=False, + use_ssl=False, tcp_keepalive=True, tcp_keepcnt=None, + tcp_keepidle=None, tcp_keepintvl=None): """ Resolve a host (and optional port) to an IPv4 or IPv6 address. Create a socket. Bind to it if listen is set, otherwise connect to it. Return the socket. @@ -470,8 +476,22 @@ class WebSockifyServer(): sock.bind(addrs[0][4]) sock.listen(100) else: - sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - sock.connect(unix_socket) + if unix_socket_listen: + # Make sure the socket does not already exist + try: + os.unlink(unix_socket) + except FileNotFoundError: + pass + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + oldmask = os.umask(0o777 ^ unix_socket_mode) + try: + sock.bind(unix_socket) + finally: + os.umask(oldmask) + sock.listen(100) + else: + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + sock.connect(unix_socket) return sock @@ -700,6 +720,11 @@ class WebSockifyServer(): if self.listen_fd != None: lsock = socket.fromfd(self.listen_fd, socket.AF_INET, socket.SOCK_STREAM) + elif self.unix_listen != None: + lsock = self.socket(host=None, + unix_socket=self.unix_listen, + unix_socket_mode=self.unix_listen_mode, + unix_socket_listen=True) else: lsock = self.socket(self.listen_host, self.listen_port, False, self.prefer_ipv6, @@ -766,6 +791,9 @@ class WebSockifyServer(): ready = select.select([lsock], [], [], 1)[0] if lsock in ready: startsock, address = lsock.accept() + # Unix Socket will not report address (empty string), but address[0] is logged a bunch + if self.unix_listen != None: + address = [ self.unix_listen ] else: continue except self.Terminate: -- cgit v1.2.1