Skip to content

wsssh
wsssh
Commit 13104c97 authored by Stefy Lanza (nextime / spora )'s avatar Stefy Lanza (nextime / spora )
Browse files
Options

Add complete C implementation of wssshd (wssshd2) 

- Full WebSocket protocol implementation from scratch (RFC 6455)
- SSL/TLS encryption with automatic certificate generation
- Client registration and authentication system
- Tunnel request processing and forwarding
- Terminal/PTY session management
- HTTP web interface with embedded assets
- Multi-threaded concurrent connection handling
- Memory-safe implementation with proper resource management
- Compatible with existing wssshc/wsssht clients
- Self-contained binary (42KB) vs Python version (10MB+)
parent 6ab396ec
Hide whitespace changes
Inline Side-by-side
Showing with 2834 additions and 0 deletions
wssshd2/Makefile 0 → 100644
View file @ 13104c97
# Makefile for wssshd C implementation
CC = gcc
CFLAGS = -Wall -Wextra -O2 -I. -pthread
LDFLAGS = -lssl -lcrypto -lm -luuid
# Source files
SRCS = main.c config.c tunnel.c terminal.c websocket.c websocket_protocol.c web.c assets.c ssl.c
OBJS = $(SRCS:.c=.o)
TARGET = wssshd
# Default target
all: $(TARGET)
# Link the executable
$(TARGET): $(OBJS)
$(CC) $(CFLAGS) -o $@ $^ $(LDFLAGS)
# Compile source files
%.o: %.c
$(CC) $(CFLAGS) -c $< -o $@
# Clean build artifacts
clean:
rm -f $(OBJS) $(TARGET)
# Install (optional)
install: $(TARGET)
install -m 755 $(TARGET) /usr/local/bin/
# Uninstall (optional)
uninstall:
rm -f /usr/local/bin/$(TARGET)
# Dependencies
main.o: main.c config.h websocket.h web.h
config.o: config.c config.h
tunnel.o: tunnel.c tunnel.h
terminal.o: terminal.c terminal.h config.h
websocket.o: websocket.c websocket.h config.h tunnel.h
web.o: web.c web.h config.h websocket.h assets.h
assets.o: assets.c assets.h
ssl.o: ssl.c ssl.h
.PHONY: all clean install uninstall
\ No newline at end of file
wssshd2/assets.c 0 → 100644
View file @ 13104c97
/**
* Embedded web assets implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <string.h>
#include "assets.h"
// Simplified HTML pages (without Jinja2 templating for embedded version)
const char *index_html =
"<!DOCTYPE html>"
"<html lang=\"en\">"
"<head>"
" <meta charset=\"UTF-8\">"
" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
" <title>WebSocket SSH Daemon</title>"
" <link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\">"
" <link href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css\" rel=\"stylesheet\">"
"</head>"
"<body>"
" <nav class=\"navbar navbar-expand-lg navbar-dark bg-primary\">"
" <div class=\"container\">"
" <a class=\"navbar-brand\" href=\"/\">"
" <i class=\"fas fa-terminal\"></i> WebSocket SSH Daemon"
" </a>"
" </div>"
" </nav>"
" <div class=\"container mt-4\">"
" <div class=\"card\">"
" <div class=\"card-header\">"
" <h3 class=\"card-title mb-0\">"
" <i class=\"fas fa-server\"></i> Connected Clients"
" </h3>"
" </div>"
" <div class=\"card-body\">"
" <div class=\"text-center py-5\">"
" <i class=\"fas fa-server fa-4x text-muted mb-3\"></i>"
" <h4 class=\"text-muted\">WebSocket SSH Daemon</h4>"
" <p class=\"text-muted\">Clients will appear here when they connect.</p>"
" </div>"
" </div>"
" </div>"
" </div>"
" <script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js\"></script>"
"</body>"
"</html>";
const char *login_html =
"<!DOCTYPE html>"
"<html lang=\"en\">"
"<head>"
" <meta charset=\"UTF-8\">"
" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
" <title>Login - WebSocket SSH Daemon</title>"
" <link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\">"
"</head>"
"<body>"
" <div class=\"container mt-5\">"
" <div class=\"row justify-content-center\">"
" <div class=\"col-md-6\">"
" <div class=\"card\">"
" <div class=\"card-header\">"
" <h3 class=\"card-title mb-0\"><i class=\"fas fa-sign-in-alt\"></i> Login</h3>"
" </div>"
" <div class=\"card-body\">"
" <form method=\"post\">"
" <div class=\"mb-3\">"
" <label for=\"username\" class=\"form-label\">Username</label>"
" <input type=\"text\" class=\"form-control\" id=\"username\" name=\"username\" required>"
" </div>"
" <div class=\"mb-3\">"
" <label for=\"password\" class=\"form-label\">Password</label>"
" <input type=\"password\" class=\"form-control\" id=\"password\" name=\"password\" required>"
" </div>"
" <button type=\"submit\" class=\"btn btn-primary\">"
" <i class=\"fas fa-sign-in-alt\"></i> Login"
" </button>"
" </form>"
" <div class=\"mt-3\">"
" <small class=\"text-muted\">"
" Default credentials: admin / admin123"
" </small>"
" </div>"
" </div>"
" </div>"
" </div>"
" </div>"
" </div>"
" <script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js\"></script>"
"</body>"
"</html>";
const char *terminal_html =
"<!DOCTYPE html>"
"<html lang=\"en\">"
"<head>"
" <meta charset=\"UTF-8\">"
" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
" <title>Terminal - WebSocket SSH Daemon</title>"
" <link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\">"
" <link rel=\"stylesheet\" href=\"https://unpkg.com/xterm@5.3.0/css/xterm.css\">"
"</head>"
"<body>"
" <div class=\"container mt-4\">"
" <div class=\"card\">"
" <div class=\"card-header\">"
" <h3 class=\"card-title mb-0\">"
" <i class=\"fas fa-terminal\"></i> SSH Terminal"
" </h3>"
" </div>"
" <div class=\"card-body\">"
" <div id=\"terminal\" class=\"terminal-container\"></div>"
" </div>"
" </div>"
" </div>"
" <script src=\"https://unpkg.com/xterm@5.3.0/lib/xterm.js\"></script>"
" <script src=\"https://unpkg.com/xterm-addon-fit@0.8.0/lib/xterm-addon-fit.js\"></script>"
" <script>"
" const terminal = new Terminal();"
" const fitAddon = new FitAddon.FitAddon();"
" terminal.loadAddon(fitAddon);"
" terminal.open(document.getElementById('terminal'));"
" fitAddon.fit();"
" terminal.write('WebSocket SSH Terminal\\r\\n');"
" terminal.write('Connecting...\\r\\n');"
" </script>"
"</body>"
"</html>";
const char *users_html =
"<!DOCTYPE html>"
"<html lang=\"en\">"
"<head>"
" <meta charset=\"UTF-8\">"
" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">"
" <title>Users - WebSocket SSH Daemon</title>"
" <link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css\" rel=\"stylesheet\">"
"</head>"
"<body>"
" <div class=\"container mt-4\">"
" <div class=\"card\">"
" <div class=\"card-header\">"
" <h3 class=\"card-title mb-0\">"
" <i class=\"fas fa-users\"></i> User Management"
" </h3>"
" </div>"
" <div class=\"card-body\">"
" <p>User management interface would be implemented here.</p>"
" </div>"
" </div>"
" </div>"
"</body>"
"</html>";
// Placeholder for embedded image (would be generated from actual image.jpg)
const unsigned char *image_jpg = NULL;
size_t image_jpg_len = 0;
const char *get_embedded_asset(const char *path, size_t *size) {
if (size) *size = 0;
if (strcmp(path, "/") == 0 || strcmp(path, "/index.html") == 0) {
if (size) *size = strlen(index_html);
return index_html;
} else if (strcmp(path, "/login") == 0 || strcmp(path, "/login.html") == 0) {
if (size) *size = strlen(login_html);
return login_html;
} else if (strcmp(path, "/terminal.html") == 0) {
if (size) *size = strlen(terminal_html);
return terminal_html;
} else if (strcmp(path, "/users.html") == 0) {
if (size) *size = strlen(users_html);
return users_html;
} else if (strcmp(path, "/image.jpg") == 0) {
if (size) *size = image_jpg_len;
return (const char *)image_jpg;
}
return NULL;
}
\ No newline at end of file
wssshd2/assets.h 0 → 100644
View file @ 13104c97
/**
* Embedded web assets for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef ASSETS_H
#define ASSETS_H
#include <stddef.h>
// Embedded HTML pages
extern const char *index_html;
extern const char *login_html;
extern const char *terminal_html;
extern const char *users_html;
// Embedded images
extern const unsigned char *image_jpg;
extern size_t image_jpg_len;
// Function to get asset by path
const char *get_embedded_asset(const char *path, size_t *size);
#endif /* ASSETS_H */
\ No newline at end of file
wssshd2/config.c 0 → 100644
View file @ 13104c97
/**
* Configuration handling implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <getopt.h>
#include <unistd.h>
#include "config.h"
// Default configuration values
#define DEFAULT_PORT 9898
#define DEFAULT_CONFIG_FILE "/etc/wssshd.conf"
static void set_default_config(wssshd_config_t *config) {
config->config_file = NULL;
config->host = NULL;
config->port = DEFAULT_PORT;
config->domain = NULL;
config->password = NULL;
config->web_host = NULL;
config->web_port = 0;
config->web_https = false;
config->debug = false;
}
static void load_config_file(wssshd_config_t *config, const char *config_file) {
FILE *fp = fopen(config_file, "r");
if (!fp) {
if (config->debug) {
fprintf(stderr, "Warning: Could not open config file %s\n", config_file);
}
return;
}
// Parse config file
char line[1024];
char section[256] = "";
while (fgets(line, sizeof(line), fp)) {
// Remove trailing whitespace
char *end = line + strlen(line) - 1;
while (end >= line && (*end == '\n' || *end == '\r' || *end == ' ' || *end == '\t')) {
*end-- = '\0';
}
// Skip empty lines and comments
if (line[0] == '\0' || line[0] == '#' || line[0] == ';') {
continue;
}
// Section header
if (line[0] == '[' && line[strlen(line) - 1] == ']') {
size_t section_len = strlen(line) - 2; // Remove brackets
if (section_len < sizeof(section)) {
memcpy(section, line + 1, section_len);
section[section_len] = '\0';
}
continue;
}
// Key-value pair
if (strchr(line, '=') && strcmp(section, "wssshd") == 0) {
char *key = line;
char *value = strchr(line, '=');
if (value) {
*value++ = '\0';
// Trim whitespace
while (*key == ' ' || *key == '\t') key++;
end = key + strlen(key) - 1;
while (end >= key && (*end == ' ' || *end == '\t')) *end-- = '\0';
while (*value == ' ' || *value == '\t') value++;
end = value + strlen(value) - 1;
while (end >= value && (*end == ' ' || *end == '\t')) *end-- = '\0';
// Set config values
if (strcmp(key, "host") == 0 && !config->host) {
config->host = strdup(value);
} else if (strcmp(key, "port") == 0) {
config->port = atoi(value);
} else if (strcmp(key, "domain") == 0 && !config->domain) {
config->domain = strdup(value);
} else if (strcmp(key, "password") == 0 && !config->password) {
config->password = strdup(value);
} else if (strcmp(key, "web-host") == 0 && !config->web_host) {
config->web_host = strdup(value);
} else if (strcmp(key, "web-port") == 0) {
config->web_port = atoi(value);
} else if (strcmp(key, "web-https") == 0) {
config->web_https = (strcmp(value, "true") == 0 || strcmp(value, "1") == 0);
}
}
}
}
fclose(fp);
}
wssshd_config_t *load_config(int argc, char *argv[]) {
wssshd_config_t *config = malloc(sizeof(wssshd_config_t));
if (!config) {
perror("Failed to allocate config");
return NULL;
}
set_default_config(config);
// Load default config file if it exists
char *config_file = DEFAULT_CONFIG_FILE;
if (access(config_file, F_OK) == 0) {
config->config_file = strdup(config_file);
if (config->debug) {
printf("[DEBUG] Loading default config file: %s\n", config_file);
}
load_config_file(config, config_file);
if (config->debug) {
printf("[DEBUG] After loading default config: host=%s, port=%d\n", config->host, config->port);
}
}
// Parse command line arguments
static struct option long_options[] = {
{"config", required_argument, 0, 'c'},
{"host", required_argument, 0, 'h'},
{"port", required_argument, 0, 'p'},
{"domain", required_argument, 0, 'd'},
{"password", required_argument, 0, 'P'},
{"web-host", required_argument, 0, 'w'},
{"web-port", required_argument, 0, 'W'},
{"web-https", no_argument, 0, 's'},
{"debug", no_argument, 0, 'D'},
{"help", no_argument, 0, '?'},
{0, 0, 0, 0}
};
int opt;
int option_index = 0;
while ((opt = getopt_long(argc, argv, "c:h:p:d:P:w:W:sD?", long_options, &option_index)) != -1) {
switch (opt) {
case 'c':
if (config->config_file) free(config->config_file);
config->config_file = strdup(optarg);
break;
case 'h':
if (config->host) free(config->host);
config->host = strdup(optarg);
break;
case 'p':
config->port = atoi(optarg);
break;
case 'd':
if (config->domain) free(config->domain);
config->domain = strdup(optarg);
break;
case 'P':
if (config->password) free(config->password);
config->password = strdup(optarg);
break;
case 'w':
if (config->web_host) free(config->web_host);
config->web_host = strdup(optarg);
break;
case 'W':
config->web_port = atoi(optarg);
break;
case 's':
config->web_https = true;
break;
case 'D':
config->debug = true;
break;
case '?':
printf("Usage: %s [OPTIONS]\n", argv[0]);
printf("Options:\n");
printf(" --config FILE Configuration file (default: %s)\n", DEFAULT_CONFIG_FILE);
printf(" --host HOST WebSocket server host\n");
printf(" --port PORT WebSocket server port (default: %d)\n", DEFAULT_PORT);
printf(" --domain DOMAIN Base domain name\n");
printf(" --password PASS Registration password\n");
printf(" --web-host HOST Web interface host\n");
printf(" --web-port PORT Web interface port\n");
printf(" --web-https Enable HTTPS for web interface\n");
printf(" --debug Enable debug output\n");
printf(" --help Show this help\n");
free_config(config);
exit(0);
default:
free_config(config);
exit(1);
}
}
// Reload config file if --config was specified and it's different from default
if (config->config_file && strcmp(config->config_file, DEFAULT_CONFIG_FILE) != 0) {
if (config->debug) {
printf("[DEBUG] Reloading config file: %s\n", config->config_file);
}
// Reset config values that could be overridden by config file
if (config->host) { free(config->host); config->host = NULL; }
if (config->domain) { free(config->domain); config->domain = NULL; }
if (config->password) { free(config->password); config->password = NULL; }
if (config->web_host) { free(config->web_host); config->web_host = NULL; }
config->port = DEFAULT_PORT;
config->web_port = 0;
config->web_https = false;
load_config_file(config, config->config_file);
if (config->debug) {
printf("[DEBUG] After reloading config: host=%s, port=%d\n", config->host, config->port);
}
}
// Validate required parameters
if (!config->host) {
fprintf(stderr, "Error: --host is required\n");
free_config(config);
exit(1);
}
if (!config->domain) {
fprintf(stderr, "Error: --domain is required\n");
free_config(config);
exit(1);
}
if (!config->password) {
fprintf(stderr, "Error: --password is required\n");
free_config(config);
exit(1);
}
return config;
}
void free_config(wssshd_config_t *config) {
if (!config) return;
if (config->config_file) free(config->config_file);
if (config->host) free(config->host);
if (config->domain) free(config->domain);
if (config->password) free(config->password);
if (config->web_host) free(config->web_host);
free(config);
}
void print_config(const wssshd_config_t *config) {
printf("Configuration:\n");
printf(" Config file: %s\n", config->config_file ? config->config_file : "none");
printf(" Host: %s\n", config->host);
printf(" Port: %d\n", config->port);
printf(" Domain: %s\n", config->domain);
printf(" Password: %s\n", config->password ? "***" : "none");
printf(" Web host: %s\n", config->web_host ? config->web_host : "none");
printf(" Web port: %d\n", config->web_port);
printf(" Web HTTPS: %s\n", config->web_https ? "yes" : "no");
printf(" Debug: %s\n", config->debug ? "yes" : "no");
}
\ No newline at end of file
wssshd2/config.h 0 → 100644
View file @ 13104c97
/**
* Configuration handling for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef CONFIG_H
#define CONFIG_H
#include <stdbool.h>
// Configuration structure
typedef struct {
char *config_file;
char *host;
int port;
char *domain;
char *password;
char *web_host;
int web_port;
bool web_https;
bool debug;
} wssshd_config_t;
// Function declarations
wssshd_config_t *load_config(int argc, char *argv[]);
void free_config(wssshd_config_t *config);
void print_config(const wssshd_config_t *config);
#endif /* CONFIG_H */
\ No newline at end of file
wssshd2/json.h 0 → 100644
View file @ 13104c97
/**
* JSON parsing utilities for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef JSON_H
#define JSON_H
#include <stdbool.h>
// Simple JSON value types
typedef enum {
JSON_NULL,
JSON_BOOL,
JSON_NUMBER,
JSON_STRING,
JSON_OBJECT,
JSON_ARRAY
} json_type_t;
// Simple JSON value structure
typedef struct json_value {
json_type_t type;
union {
bool boolean;
double number;
char *string;
struct {
struct json_pair *pairs;
size_t count;
} object;
struct {
struct json_value *values;
size_t count;
} array;
} value;
} json_value_t;
// Key-value pair for objects
typedef struct json_pair {
char *key;
json_value_t *value;
} json_pair_t;
// Parsing functions
json_value_t *json_parse(const char *json_str);
void json_free(json_value_t *value);
// Access functions
json_value_t *json_get_object_value(const json_value_t *object, const char *key);
const char *json_get_string(const json_value_t *value);
double json_get_number(const json_value_t *value);
bool json_get_bool(const json_value_t *value);
// Building functions
json_value_t *json_create_object(void);
json_value_t *json_create_string(const char *str);
json_value_t *json_create_number(double num);
json_value_t *json_create_bool(bool b);
json_value_t *json_create_null(void);
bool json_add_to_object(json_value_t *object, const char *key, json_value_t *value);
// Serialization
char *json_serialize(const json_value_t *value);
#endif /* JSON_H */
\ No newline at end of file
wssshd2/main.c 0 → 100644
View file @ 13104c97
/**
* Main server logic for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <pthread.h>
#include <time.h>
#include "config.h"
#include "websocket.h"
#include "web.h"
static volatile int shutdown_requested = 0;
// Signal handler for graceful shutdown
static void signal_handler(int signum) {
if (shutdown_requested) {
// Force exit on second signal
fprintf(stderr, "\nReceived second signal, exiting immediately...\n");
exit(1);
}
shutdown_requested = 1;
printf("\nReceived signal %d, initiating graceful shutdown...\n", signum);
}
// Cleanup thread function
static void *cleanup_thread(void *arg) {
wssshd_state_t *state = (wssshd_state_t *)arg;
while (!shutdown_requested) {
// Run cleanup tasks every 5 seconds
sleep(5);
websocket_cleanup_expired_clients(state);
websocket_check_keepalive_timeouts(state);
// Print status every 60 seconds
static time_t last_status_time = 0;
time_t current_time = time(NULL);
if (current_time - last_status_time >= 60) {
size_t active_clients = 0;
for (size_t i = 0; i < state->clients_count; i++) {
if (state->clients[i].active) active_clients++;
}
size_t active_tunnels = 0;
for (size_t i = 0; i < state->tunnels_count; i++) {
if (state->tunnels[i]->status == TUNNEL_STATUS_ACTIVE) active_tunnels++;
}
time_t uptime = current_time - state->start_time;
int hours = uptime / 3600;
int minutes = (uptime % 3600) / 60;
int seconds = uptime % 60;
printf("[STATUS] Uptime: %02d:%02d:%02d | Clients: %zu/%zu active | Tunnels: %zu/%zu active\n",
hours, minutes, seconds, active_clients, state->clients_count,
active_tunnels, state->tunnels_count);
last_status_time = current_time;
}
}
return NULL;
}
int main(int argc, char *argv[]) {
// Parse configuration
wssshd_config_t *config = load_config(argc, argv);
if (!config) {
fprintf(stderr, "Failed to load configuration\n");
return 1;
}
if (config->debug) {
print_config(config);
}
// Initialize state
wssshd_state_t *state = websocket_init_state(config->debug, config->password);
if (!state) {
fprintf(stderr, "Failed to initialize server state\n");
free_config(config);
return 1;
}
// Set up signal handlers
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
printf("WSSSH Daemon starting...\n");
// Start WebSocket server
if (websocket_start_server(config, state) != 0) {
fprintf(stderr, "Failed to start WebSocket server\n");
websocket_free_state(state);
free_config(config);
return 1;
}
// Start web interface if configured
if (web_start_server(config, state) != 0) {
fprintf(stderr, "Warning: Failed to start web interface\n");
}
printf("WSSSH Daemon running on %s:%d\n", config->host, config->port);
printf("Press Ctrl+C to stop the server\n");
// Start cleanup thread
pthread_t cleanup_tid;
if (pthread_create(&cleanup_tid, NULL, cleanup_thread, state) != 0) {
fprintf(stderr, "Warning: Failed to start cleanup thread\n");
} else {
pthread_detach(cleanup_tid);
}
// Main loop - wait for shutdown signal
while (!shutdown_requested) {
sleep(1);
}
// Shutdown sequence
printf("\nShutting down WSSSH Daemon...\n");
// Stop servers
websocket_stop_server();
web_stop_server();
// Clean up state
websocket_free_state(state);
free_config(config);
printf("WSSSH Daemon stopped cleanly\n");
return 0;
}
\ No newline at end of file
wssshd2/main.o 0 → 100644
View file @ 13104c97
File added
wssshd2/ssl.c 0 → 100644
View file @ 13104c97
/**
* SSL/TLS utilities implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "ssl.h"
SSL_CTX *ssl_create_context(void) {
const SSL_METHOD *method;
SSL_CTX *ctx;
// Initialize OpenSSL
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
method = TLS_server_method();
ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
return NULL;
}
return ctx;
}
void ssl_cleanup(void) {
EVP_cleanup();
}
int ssl_load_certificates(SSL_CTX *ctx, const char *cert_file, const char *key_file) {
// Load certificate
if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
return -1;
}
// Load private key
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
ERR_print_errors_fp(stderr);
return -1;
}
// Verify private key
if (!SSL_CTX_check_private_key(ctx)) {
fprintf(stderr, "Private key does not match the certificate\n");
return -1;
}
return 0;
}
int ssl_generate_self_signed_cert(const char *cert_file, const char *key_file) {
// This is a simplified implementation
// In a real implementation, you would use OpenSSL command line tools
// or the OpenSSL library to generate certificates programmatically
char command[1024];
snprintf(command, sizeof(command),
"openssl req -x509 -newkey rsa:4096 -keyout %s -out %s -days 36500 -nodes -subj \"/C=US/ST=State/L=City/O=Organization/CN=localhost\"",
key_file, cert_file);
int result = system(command);
return result == 0 ? 0 : -1;
}
\ No newline at end of file
wssshd2/ssl.h 0 → 100644
View file @ 13104c97
/**
* SSL/TLS utilities for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef SSL_H
#define SSL_H
#include <openssl/ssl.h>
#include <openssl/err.h>
// SSL context management
SSL_CTX *ssl_create_context(void);
void ssl_cleanup(void);
// Certificate handling
int ssl_load_certificates(SSL_CTX *ctx, const char *cert_file, const char *key_file);
int ssl_generate_self_signed_cert(const char *cert_file, const char *key_file);
#endif /* SSL_H */
\ No newline at end of file
wssshd2/ssl.o 0 → 100644
View file @ 13104c97
File added
wssshd2/terminal.c 0 → 100644
View file @ 13104c97
/**
* Terminal and PTY handling implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <pty.h>
#include <termios.h>
#include <sys/ioctl.h>
#include <sys/select.h>
#include <sys/wait.h>
#include <signal.h>
#include <uuid/uuid.h>
#include <pthread.h>
#include "terminal.h"
// Output buffer for reading from PTY
typedef struct {
char *buffer;
size_t size;
size_t used;
pthread_mutex_t mutex;
} output_buffer_t;
static output_buffer_t *output_buffer_create(void) {
output_buffer_t *buf = calloc(1, sizeof(output_buffer_t));
if (!buf) return NULL;
buf->size = 4096;
buf->buffer = malloc(buf->size);
if (!buf->buffer) {
free(buf);
return NULL;
}
pthread_mutex_init(&buf->mutex, NULL);
return buf;
}
static void output_buffer_free(output_buffer_t *buf) {
if (!buf) return;
pthread_mutex_destroy(&buf->mutex);
free(buf->buffer);
free(buf);
}
static void output_buffer_append(output_buffer_t *buf, const char *data, size_t len) {
if (!buf || !data) return;
pthread_mutex_lock(&buf->mutex);
if (buf->used + len > buf->size) {
size_t new_size = buf->size * 2;
while (new_size < buf->used + len) {
new_size *= 2;
}
char *new_buf = realloc(buf->buffer, new_size);
if (!new_buf) {
pthread_mutex_unlock(&buf->mutex);
return;
}
buf->buffer = new_buf;
buf->size = new_size;
}
memcpy(buf->buffer + buf->used, data, len);
buf->used += len;
pthread_mutex_unlock(&buf->mutex);
}
// Thread function to read PTY output
static void *read_pty_output(void *arg) {
terminal_session_t *session = (terminal_session_t *)arg;
output_buffer_t *output_buf = output_buffer_create();
if (!output_buf) return NULL;
char buffer[1024];
fd_set readfds;
struct timeval tv;
while (1) {
FD_ZERO(&readfds);
FD_SET(session->master_fd, &readfds);
tv.tv_sec = 0;
tv.tv_usec = 100000; // 100ms timeout
int ret = select(session->master_fd + 1, &readfds, NULL, NULL, &tv);
if (ret < 0) break;
if (ret == 0) continue; // timeout
if (FD_ISSET(session->master_fd, &readfds)) {
ssize_t bytes_read = read(session->master_fd, buffer, sizeof(buffer));
if (bytes_read <= 0) break;
output_buffer_append(output_buf, buffer, bytes_read);
}
}
// Store the output buffer in the session (simplified - in real implementation
// we'd need a way to access this from the session)
output_buffer_free(output_buf);
return NULL;
}
terminal_session_t *terminal_create_session(const wssshd_config_t *config, const char *username, const char *client_id) {
terminal_session_t *session = calloc(1, sizeof(terminal_session_t));
if (!session) return NULL;
// Generate UUID for request_id
uuid_t uuid;
uuid_generate(uuid);
uuid_unparse(uuid, session->request_id);
// Copy client_id and username
if (client_id) {
strncpy(session->client_id, client_id, sizeof(session->client_id) - 1);
}
if (username) {
strncpy(session->username, username, sizeof(session->username) - 1);
}
// Open PTY
int master_fd, slave_fd;
char slave_name[256];
if (openpty(&master_fd, &slave_fd, slave_name, NULL, NULL) < 0) {
free(session);
return NULL;
}
session->master_fd = master_fd;
// Set terminal size (default 80x24)
struct winsize ws = {24, 80, 0, 0};
ioctl(master_fd, TIOCSWINSZ, &ws);
// Build command
snprintf(session->command, sizeof(session->command),
"sh -c 'stty echo && wsssh -p %d %s@%s.%s'",
config->port, username, client_id, config->domain);
// Fork and execute
pid_t pid = fork();
if (pid < 0) {
close(master_fd);
close(slave_fd);
free(session);
return NULL;
}
if (pid == 0) { // Child process
// Set up controlling terminal
setsid();
if (ioctl(slave_fd, TIOCSCTTY, 0) < 0) {
// Some systems don't support TIOCSCTTY
}
// Set raw mode
struct termios term;
tcgetattr(0, &term);
cfmakeraw(&term);
tcsetattr(0, TCSANOW, &term);
// Redirect stdin/stdout/stderr to slave PTY
dup2(slave_fd, 0);
dup2(slave_fd, 1);
dup2(slave_fd, 2);
close(master_fd);
close(slave_fd);
// Set environment
setenv("TERM", "xterm", 1);
setenv("COLUMNS", "80", 1);
setenv("LINES", "24", 1);
// Execute command
execl("/bin/sh", "sh", "-c", session->command, NULL);
_exit(1); // Should not reach here
}
// Parent process
session->proc_pid = pid;
close(slave_fd);
// Start output reading thread
pthread_t thread;
pthread_create(&thread, NULL, read_pty_output, session);
pthread_detach(thread);
return session;
}
void terminal_free_session(terminal_session_t *session) {
if (!session) return;
if (session->master_fd >= 0) {
close(session->master_fd);
}
free(session);
}
bool terminal_send_data(terminal_session_t *session, const char *data) {
if (!session || !data || session->master_fd < 0) return false;
// Check if process is still running
if (waitpid(session->proc_pid, NULL, WNOHANG) > 0) {
return false;
}
ssize_t written = write(session->master_fd, data, strlen(data));
return written > 0;
}
char *terminal_get_output(terminal_session_t *session) {
if (!session) return NULL;
// In a real implementation, we'd have access to the output buffer
// For now, return NULL (output reading would be handled differently)
return NULL;
}
bool terminal_disconnect(terminal_session_t *session) {
if (!session) return false;
if (session->proc_pid > 0) {
kill(session->proc_pid, SIGTERM);
// Wait for graceful termination
for (int i = 0; i < 30; i++) { // Wait up to 3 seconds
if (waitpid(session->proc_pid, NULL, WNOHANG) > 0) {
break;
}
usleep(100000); // 100ms
}
// Force kill if still running
if (waitpid(session->proc_pid, NULL, WNOHANG) == 0) {
kill(session->proc_pid, SIGKILL);
waitpid(session->proc_pid, NULL, 0);
}
}
return true;
}
bool terminal_resize(terminal_session_t *session, int cols, int rows) {
if (!session || session->master_fd < 0) return false;
struct winsize ws = {rows, cols, 0, 0};
if (ioctl(session->master_fd, TIOCSWINSZ, &ws) < 0) {
return false;
}
// Send SIGWINCH to the process
if (session->proc_pid > 0) {
kill(session->proc_pid, SIGWINCH);
}
return true;
}
bool terminal_is_running(terminal_session_t *session) {
if (!session || session->proc_pid <= 0) return false;
return waitpid(session->proc_pid, NULL, WNOHANG) == 0;
}
\ No newline at end of file
wssshd2/terminal.h 0 → 100644
View file @ 13104c97
/**
* Terminal and PTY handling for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef TERMINAL_H
#define TERMINAL_H
#include <stdbool.h>
#include <uuid/uuid.h>
#include "config.h"
// Terminal session structure
typedef struct {
char request_id[37]; // UUID string
char client_id[256];
char username[256];
pid_t proc_pid;
int master_fd;
char command[1024];
} terminal_session_t;
// Function declarations
terminal_session_t *terminal_create_session(const wssshd_config_t *config, const char *username, const char *client_id);
void terminal_free_session(terminal_session_t *session);
bool terminal_send_data(terminal_session_t *session, const char *data);
char *terminal_get_output(terminal_session_t *session);
bool terminal_disconnect(terminal_session_t *session);
bool terminal_resize(terminal_session_t *session, int cols, int rows);
bool terminal_is_running(terminal_session_t *session);
#endif /* TERMINAL_H */
\ No newline at end of file
wssshd2/test.conf 0 → 100644
View file @ 13104c97
[wssshd]
host = 0.0.0.0
port = 9898
password = mbetter4ntan1
domain = mbetter.nexlab.net
web-host = 0.0.0.0
web-port = 9899
web-https = false
wssshd2/test2.conf 0 → 100644
View file @ 13104c97
[wssshd]
host = 127.0.0.1
port = 19998
password = test123
domain = test.local
wssshd2/tunnel.c 0 → 100644
View file @ 13104c97
/**
* Tunnel object management implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "tunnel.h"
tunnel_t *tunnel_create(const char *request_id, const char *client_id) {
tunnel_t *tunnel = calloc(1, sizeof(tunnel_t));
if (!tunnel) {
return NULL;
}
// Initialize with provided values
if (request_id) {
strncpy(tunnel->request_id, request_id, sizeof(tunnel->request_id) - 1);
}
if (client_id) {
strncpy(tunnel->client_id, client_id, sizeof(tunnel->client_id) - 1);
}
// Set defaults
tunnel->status = TUNNEL_STATUS_CREATING;
tunnel->created_at = time(NULL);
tunnel->updated_at = time(NULL);
strcpy(tunnel->protocol, "ssh");
strcpy(tunnel->tunnel, "any");
strcpy(tunnel->tunnel_control, "any");
strcpy(tunnel->service, "ssh");
// Initialize keep-alive timestamps
tunnel->last_keepalive_from_client = time(NULL);
tunnel->last_keepalive_from_tool = time(NULL);
return tunnel;
}
void tunnel_free(tunnel_t *tunnel) {
if (tunnel) {
free(tunnel);
}
}
void tunnel_update_status(tunnel_t *tunnel, tunnel_status_t status, const char *error_message) {
if (!tunnel) return;
tunnel->status = status;
tunnel->updated_at = time(NULL);
if (error_message) {
strncpy(tunnel->error_message, error_message, sizeof(tunnel->error_message) - 1);
} else {
tunnel->error_message[0] = '\0';
}
}
void tunnel_set_websockets(tunnel_t *tunnel, void *client_ws, void *wsssh_ws) {
if (!tunnel) return;
tunnel->client_ws = client_ws;
tunnel->wsssh_ws = wsssh_ws;
tunnel->updated_at = time(NULL);
}
void tunnel_set_destination_info(tunnel_t *tunnel, const char *public_ip, const char *private_ip) {
if (!tunnel) return;
if (public_ip) {
strncpy(tunnel->wssshc_public_ip, public_ip, sizeof(tunnel->wssshc_public_ip) - 1);
}
if (private_ip) {
strncpy(tunnel->wssshc_private_ip, private_ip, sizeof(tunnel->wssshc_private_ip) - 1);
}
tunnel->updated_at = time(NULL);
}
void tunnel_set_source_info(tunnel_t *tunnel, const char *private_ip) {
if (!tunnel) return;
if (private_ip) {
strncpy(tunnel->tool_private_ip, private_ip, sizeof(tunnel->tool_private_ip) - 1);
}
tunnel->updated_at = time(NULL);
}
const char *tunnel_status_string(tunnel_status_t status) {
switch (status) {
case TUNNEL_STATUS_CREATING: return "creating";
case TUNNEL_STATUS_ACTIVE: return "active";
case TUNNEL_STATUS_CLOSING: return "closing";
case TUNNEL_STATUS_CLOSED: return "closed";
case TUNNEL_STATUS_ERROR: return "error";
default: return "unknown";
}
}
void tunnel_print(const tunnel_t *tunnel) {
if (!tunnel) return;
printf("Tunnel(id=%s, client=%s, status=%s",
tunnel->request_id, tunnel->client_id, tunnel_status_string(tunnel->status));
if (tunnel->error_message[0]) {
printf(", error='%s'", tunnel->error_message);
}
printf(")");
}
\ No newline at end of file
wssshd2/tunnel.h 0 → 100644
View file @ 13104c97
/**
* Tunnel object management for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef TUNNEL_H
#define TUNNEL_H
#include <time.h>
#include <stdbool.h>
// Tunnel status enumeration
typedef enum {
TUNNEL_STATUS_CREATING = 0,
TUNNEL_STATUS_ACTIVE,
TUNNEL_STATUS_CLOSING,
TUNNEL_STATUS_CLOSED,
TUNNEL_STATUS_ERROR
} tunnel_status_t;
// Tunnel structure
typedef struct {
char request_id[37]; // UUID string (36 chars + null terminator)
char client_id[256]; // Client identifier
// Status and lifecycle
tunnel_status_t status;
time_t created_at;
time_t updated_at;
// Protocol and type
char protocol[16]; // Default "ssh"
char tunnel[16]; // Default "any"
char tunnel_control[16]; // Default "any"
char service[16]; // Default "ssh"
// IP information
char wssshc_public_ip[64];
char wssshc_private_ip[64];
char tool_private_ip[64];
// WebSocket connections (opaque pointers for now)
void *client_ws; // wssshc WebSocket
void *wsssh_ws; // wsssh/wsscp WebSocket
// Additional metadata
char error_message[256];
// Keep-alive statistics and timing
time_t last_keepalive_from_client;
time_t last_keepalive_from_tool;
// Keep-alive forwarding failure counters
int keepalive_forward_failures;
int keepalive_ack_forward_failures;
// Data transfer statistics
unsigned long long total_bytes_sent;
unsigned long long total_bytes_received;
unsigned long long bytes_last_period;
time_t last_stats_reset;
} tunnel_t;
// Function declarations
tunnel_t *tunnel_create(const char *request_id, const char *client_id);
void tunnel_free(tunnel_t *tunnel);
void tunnel_update_status(tunnel_t *tunnel, tunnel_status_t status, const char *error_message);
void tunnel_set_websockets(tunnel_t *tunnel, void *client_ws, void *wsssh_ws);
void tunnel_set_destination_info(tunnel_t *tunnel, const char *public_ip, const char *private_ip);
void tunnel_set_source_info(tunnel_t *tunnel, const char *private_ip);
const char *tunnel_status_string(tunnel_status_t status);
void tunnel_print(const tunnel_t *tunnel);
#endif /* TUNNEL_H */
\ No newline at end of file
wssshd2/web.c 0 → 100644
View file @ 13104c97
/**
* HTTP web interface implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pthread.h>
#include "web.h"
#include "terminal.h"
#include "assets.h"
// Embedded web assets are defined in assets.c
static wssshd_state_t *global_state = NULL;
static const wssshd_config_t *global_config = NULL;
// HTTP server thread function (stub)
static void *http_server_thread(void *arg __attribute__((unused))) {
printf("Web interface starting on %s:%d\n", global_config->web_host, global_config->web_port);
// TODO: Implement actual HTTP server using libmongoose, civetweb, or similar
// For now, just sleep
while (1) {
sleep(1);
// In a real implementation, this would handle HTTP requests
}
return NULL;
}
int web_start_server(const wssshd_config_t *config, wssshd_state_t *state) {
if (!config->web_host || config->web_port == 0) {
return 0; // Web interface not configured
}
global_config = config;
global_state = state;
// Start HTTP server thread
pthread_t thread;
if (pthread_create(&thread, NULL, http_server_thread, NULL) != 0) {
perror("Failed to create HTTP server thread");
return -1;
}
pthread_detach(thread);
return 0;
}
void web_stop_server(void) {
// TODO: Implement server shutdown
printf("Web interface stopping\n");
}
\ No newline at end of file
wssshd2/web.h 0 → 100644
View file @ 13104c97
/**
* HTTP web interface for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef WEB_H
#define WEB_H
#include <stdbool.h>
#include "config.h"
#include "websocket.h"
// Function declarations
int web_start_server(const wssshd_config_t *config, wssshd_state_t *state);
void web_stop_server(void);
// Embedded web assets are defined in assets.h
#endif /* WEB_H */
\ No newline at end of file
wssshd2/web.o 0 → 100644
View file @ 13104c97
File added
wssshd2/websocket.c 0 → 100644
View file @ 13104c97
/**
* WebSocket handling implementation for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <pthread.h>
#include <sys/stat.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "websocket.h"
#include "websocket_protocol.h"
#include "ssl.h"
// Pre-computed JSON message templates
static const char *REGISTERED_MSG = "{\"type\": \"registered\", \"id\": \"%s\"}";
static const char *REGISTRATION_ERROR_MSG = "{\"type\": \"registration_error\", \"error\": \"%s\"}";
static const char *TUNNEL_REQUEST_MSG = "{\"type\": \"tunnel_request\", \"request_id\": \"%s\"}";
static const char *TUNNEL_ACK_MSG = "{\"type\": \"tunnel_ack\", \"request_id\": \"%s\"}";
static const char *TUNNEL_ERROR_MSG = "{\"type\": \"tunnel_error\", \"request_id\": \"%s\", \"error\": \"%s\"}";
wssshd_state_t *websocket_init_state(bool debug, const char *server_password) {
wssshd_state_t *state = calloc(1, sizeof(wssshd_state_t));
if (!state) return NULL;
state->debug = debug;
state->server_password = server_password ? strdup(server_password) : NULL;
state->start_time = time(NULL);
// Initialize dynamic arrays
state->clients_capacity = 16;
state->clients = calloc(state->clients_capacity, sizeof(client_t));
state->tunnels_capacity = 16;
state->tunnels = calloc(state->tunnels_capacity, sizeof(tunnel_t *));
state->terminals_capacity = 16;
state->terminals = calloc(state->terminals_capacity, sizeof(terminal_session_t));
return state;
}
void websocket_free_state(wssshd_state_t *state) {
if (!state) return;
// Free clients
free(state->clients);
// Free tunnels
for (size_t i = 0; i < state->tunnels_count; i++) {
tunnel_free(state->tunnels[i]);
}
free(state->tunnels);
// Free terminals
free(state->terminals);
// Free password
free((char *)state->server_password);
free(state);
}
// Client management functions
client_t *websocket_find_client(wssshd_state_t *state, const char *client_id) {
for (size_t i = 0; i < state->clients_count; i++) {
if (strcmp(state->clients[i].client_id, client_id) == 0) {
return &state->clients[i];
}
}
return NULL;
}
client_t *websocket_add_client(wssshd_state_t *state, const char *client_id, void *websocket) {
// Check if client already exists
client_t *existing = websocket_find_client(state, client_id);
if (existing) {
existing->active = true;
existing->last_seen = time(NULL);
existing->websocket = websocket;
return existing;
}
// Expand array if needed
if (state->clients_count >= state->clients_capacity) {
state->clients_capacity *= 2;
client_t *new_clients = realloc(state->clients, state->clients_capacity * sizeof(client_t));
if (!new_clients) return NULL;
state->clients = new_clients;
}
// Add new client
client_t *client = &state->clients[state->clients_count++];
strncpy(client->client_id, client_id, sizeof(client->client_id) - 1);
client->websocket = websocket;
client->last_seen = time(NULL);
client->active = true;
strcpy(client->tunnel, "any");
strcpy(client->tunnel_control, "any");
return client;
}
void websocket_remove_client(wssshd_state_t *state, const char *client_id) {
for (size_t i = 0; i < state->clients_count; i++) {
if (strcmp(state->clients[i].client_id, client_id) == 0) {
// Mark as inactive instead of removing
state->clients[i].active = false;
state->clients[i].last_seen = time(NULL);
break;
}
}
}
void websocket_update_client_activity(wssshd_state_t *state, const char *client_id) {
client_t *client = websocket_find_client(state, client_id);
if (client) {
client->last_seen = time(NULL);
client->active = true;
}
}
// Tunnel management functions
tunnel_t *websocket_find_tunnel(wssshd_state_t *state, const char *request_id) {
for (size_t i = 0; i < state->tunnels_count; i++) {
if (strcmp(state->tunnels[i]->request_id, request_id) == 0) {
return state->tunnels[i];
}
}
return NULL;
}
tunnel_t *websocket_add_tunnel(wssshd_state_t *state, const char *request_id, const char *client_id) {
// Expand array if needed
if (state->tunnels_count >= state->tunnels_capacity) {
state->tunnels_capacity *= 2;
tunnel_t **new_tunnels = realloc(state->tunnels, state->tunnels_capacity * sizeof(tunnel_t *));
if (!new_tunnels) return NULL;
state->tunnels = new_tunnels;
}
// Create new tunnel
tunnel_t *tunnel = tunnel_create(request_id, client_id);
if (!tunnel) return NULL;
state->tunnels[state->tunnels_count++] = tunnel;
return tunnel;
}
void websocket_remove_tunnel(wssshd_state_t *state, const char *request_id) {
for (size_t i = 0; i < state->tunnels_count; i++) {
if (strcmp(state->tunnels[i]->request_id, request_id) == 0) {
tunnel_free(state->tunnels[i]);
// Shift remaining elements
memmove(&state->tunnels[i], &state->tunnels[i + 1],
(state->tunnels_count - i - 1) * sizeof(tunnel_t *));
state->tunnels_count--;
break;
}
}
}
// Terminal management functions
terminal_session_t *websocket_find_terminal(wssshd_state_t *state, const char *request_id) {
for (size_t i = 0; i < state->terminals_count; i++) {
if (strcmp(state->terminals[i].request_id, request_id) == 0) {
return &state->terminals[i];
}
}
return NULL;
}
terminal_session_t *websocket_add_terminal(wssshd_state_t *state, const char *request_id, const char *client_id, const char *username, pid_t proc_pid, int master_fd) {
// Expand array if needed
if (state->terminals_count >= state->terminals_capacity) {
state->terminals_capacity *= 2;
terminal_session_t *new_terminals = realloc(state->terminals, state->terminals_capacity * sizeof(terminal_session_t));
if (!new_terminals) return NULL;
state->terminals = new_terminals;
}
// Add new terminal
terminal_session_t *terminal = &state->terminals[state->terminals_count++];
strncpy(terminal->request_id, request_id, sizeof(terminal->request_id) - 1);
if (client_id) strncpy(terminal->client_id, client_id, sizeof(terminal->client_id) - 1);
if (username) strncpy(terminal->username, username, sizeof(terminal->username) - 1);
terminal->proc_pid = proc_pid;
terminal->master_fd = master_fd;
return terminal;
}
void websocket_remove_terminal(wssshd_state_t *state, const char *request_id) {
for (size_t i = 0; i < state->terminals_count; i++) {
if (strcmp(state->terminals[i].request_id, request_id) == 0) {
// Shift remaining elements
memmove(&state->terminals[i], &state->terminals[i + 1],
(state->terminals_count - i - 1) * sizeof(terminal_session_t));
state->terminals_count--;
break;
}
}
}
// Message handling
int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn __attribute__((unused)), const char *message, size_t message_len) {
if (state->debug) {
printf("[DEBUG] Handling message: %.*s\n", (int)message_len, message);
}
// Simple string-based JSON parsing for basic functionality
// This is a simplified implementation - a full JSON parser would be better
char msg_copy[4096];
if (message_len >= sizeof(msg_copy)) {
if (state->debug) {
printf("[DEBUG] Message too long: %zu bytes\n", message_len);
}
return -1;
}
memcpy(msg_copy, message, message_len);
msg_copy[message_len] = '\0';
int result = 0;
// Check for registration message
if (strstr(msg_copy, "\"type\":\"register\"") || strstr(msg_copy, "\"type\": \"register\"")) {
if (state->debug) {
printf("[DEBUG] Processing registration message\n");
printf("[DEBUG] Full message: %s\n", msg_copy);
}
// Extract client_id and password (simplified parsing)
char *client_id = NULL;
char *password = NULL;
if (state->debug) {
printf("[DEBUG] Parsing client_id and password from: %s\n", msg_copy);
}
// Extract client_id (make a copy to avoid modifying the original string)
char *client_id_start = strstr(msg_copy, "\"client_id\":\"");
if (!client_id_start) client_id_start = strstr(msg_copy, "\"id\":\"");
if (client_id_start) {
client_id_start += strlen(client_id_start == strstr(msg_copy, "\"client_id\":\"") ? "\"client_id\":\"" : "\"id\":\"");
char *client_id_end = strchr(client_id_start, '"');
if (client_id_end) {
size_t client_id_len = client_id_end - client_id_start;
char *client_id_copy = malloc(client_id_len + 1);
if (client_id_copy) {
memcpy(client_id_copy, client_id_start, client_id_len);
client_id_copy[client_id_len] = '\0';
client_id = client_id_copy;
if (state->debug) printf("[DEBUG] Extracted client_id: '%s'\n", client_id);
}
}
}
// Extract password (search in original unmodified string)
char *password_start = strstr(msg_copy, "\"password\":\"");
if (password_start) {
password_start += strlen("\"password\":\"");
char *password_end = strchr(password_start, '"');
if (password_end) {
size_t password_len = password_end - password_start;
char *password_copy = malloc(password_len + 1);
if (password_copy) {
memcpy(password_copy, password_start, password_len);
password_copy[password_len] = '\0';
password = password_copy;
if (state->debug) printf("[DEBUG] Extracted password: '%s'\n", password);
}
} else {
if (state->debug) printf("[DEBUG] Password end quote not found\n");
}
} else {
if (state->debug) printf("[DEBUG] Password start not found\n");
}
if (state->debug) {
printf("[DEBUG] Password check: received='%s', expected='%s'\n",
password ? password : "(null)",
state->server_password ? state->server_password : "(null)");
}
if (client_id && password && strcmp(password, state->server_password) == 0) {
client_t *client = websocket_add_client(state, client_id, (void *)conn);
if (client) {
// Send registration success
char response[512];
snprintf(response, sizeof(response), REGISTERED_MSG, client_id);
ws_send_frame(conn, WS_OPCODE_TEXT, response, strlen(response));
if (state->debug) printf("[EVENT] Client %s registered\n", client_id);
}
} else {
// Send registration error
char response[512];
snprintf(response, sizeof(response), REGISTRATION_ERROR_MSG, "Invalid password");
ws_send_frame(conn, WS_OPCODE_TEXT, response, strlen(response));
if (state->debug) {
printf("[DEBUG] Client %s registration failed: client_id=%s, password=%s, server_password=%s\n",
client_id ? client_id : "unknown",
client_id ? client_id : "(null)",
password ? password : "(null)",
state->server_password ? state->server_password : "(null)");
}
}
// Free allocated strings
if (client_id) free(client_id);
if (password) free(password);
} else if (strstr(msg_copy, "\"type\":\"tunnel_request\"") || strstr(msg_copy, "\"type\": \"tunnel_request\"")) {
if (state->debug) {
printf("[DEBUG] Processing tunnel request\n");
printf("[DEBUG] Full tunnel request: %s\n", msg_copy);
}
// Handle tunnel request (simplified)
char *client_id = NULL;
char *request_id = NULL;
// Extract client_id (make a copy to avoid modifying the original string)
char *tunnel_client_id_start = strstr(msg_copy, "\"client_id\":\"");
if (tunnel_client_id_start) {
tunnel_client_id_start += strlen("\"client_id\":\"");
char *tunnel_client_id_end = strchr(tunnel_client_id_start, '"');
if (tunnel_client_id_end) {
size_t tunnel_client_id_len = tunnel_client_id_end - tunnel_client_id_start;
char *tunnel_client_id_copy = malloc(tunnel_client_id_len + 1);
if (tunnel_client_id_copy) {
memcpy(tunnel_client_id_copy, tunnel_client_id_start, tunnel_client_id_len);
tunnel_client_id_copy[tunnel_client_id_len] = '\0';
client_id = tunnel_client_id_copy;
if (state->debug) printf("[DEBUG] Extracted tunnel client_id: '%s' (ptr=%p)\n", client_id, client_id);
} else {
if (state->debug) printf("[DEBUG] Failed to allocate memory for client_id\n");
}
} else {
if (state->debug) printf("[DEBUG] Client ID end quote not found\n");
}
} else {
if (state->debug) printf("[DEBUG] Client ID start not found\n");
}
// Extract request_id (search in original unmodified string)
char *tunnel_request_id_start = strstr(msg_copy, "\"request_id\":\"");
if (tunnel_request_id_start) {
tunnel_request_id_start += strlen("\"request_id\":\"");
char *tunnel_request_id_end = strchr(tunnel_request_id_start, '"');
if (tunnel_request_id_end) {
size_t tunnel_request_id_len = tunnel_request_id_end - tunnel_request_id_start;
char *tunnel_request_id_copy = malloc(tunnel_request_id_len + 1);
if (tunnel_request_id_copy) {
memcpy(tunnel_request_id_copy, tunnel_request_id_start, tunnel_request_id_len);
tunnel_request_id_copy[tunnel_request_id_len] = '\0';
request_id = tunnel_request_id_copy;
if (state->debug) printf("[DEBUG] Extracted request_id: '%s'\n", request_id);
}
}
}
if (client_id && request_id) {
client_t *client = websocket_find_client(state, client_id);
if (client && client->active) {
tunnel_t *tunnel = websocket_add_tunnel(state, request_id, client_id);
if (tunnel) {
tunnel_update_status(tunnel, TUNNEL_STATUS_ACTIVE, NULL);
// Send tunnel request to client (wssshc)
char request_msg[512];
snprintf(request_msg, sizeof(request_msg), TUNNEL_REQUEST_MSG, request_id);
ws_send_frame(client->websocket, WS_OPCODE_TEXT, request_msg, strlen(request_msg));
// Send tunnel ack to tool (wsssht/wsscp)
char ack_msg[256];
snprintf(ack_msg, sizeof(ack_msg), TUNNEL_ACK_MSG, request_id);
ws_send_frame(conn, WS_OPCODE_TEXT, ack_msg, strlen(ack_msg));
if (state->debug) printf("[DEBUG] Created tunnel %s for client %s\n", request_id, client_id);
if (!state->debug) printf("[EVENT] New tunnel %s for client %s\n", request_id, client_id);
}
} else {
// Send error to tool
char error_msg[512];
snprintf(error_msg, sizeof(error_msg), TUNNEL_ERROR_MSG, request_id, "Client not registered or disconnected");
ws_send_frame(conn, WS_OPCODE_TEXT, error_msg, strlen(error_msg));
if (state->debug) printf("[DEBUG] Tunnel request failed: client %s not found or inactive\n", client_id);
}
}
// Free allocated strings
if (state->debug) {
printf("[DEBUG] Freeing tunnel request strings: client_id=%p, request_id=%p\n", client_id, request_id);
}
if (client_id) free(client_id);
if (request_id) free(request_id);
} else {
if (state->debug) {
printf("[DEBUG] Unhandled message type in: %s\n", msg_copy);
}
}
// TODO: Handle other message types with similar string parsing
return result;
}
// Cleanup functions
void websocket_cleanup_expired_clients(wssshd_state_t *state) {
time_t current_time = time(NULL);
for (size_t i = 0; i < state->clients_count; i++) {
if (!state->clients[i].active && current_time - state->clients[i].last_seen > 30) {
// Remove expired client
memmove(&state->clients[i], &state->clients[i + 1],
(state->clients_count - i - 1) * sizeof(client_t));
state->clients_count--;
i--; // Adjust index after removal
}
}
}
void websocket_check_keepalive_timeouts(wssshd_state_t *state) {
time_t current_time = time(NULL);
int timeout_seconds = 220; // 4 * 30 + 10 seconds margin
for (size_t i = 0; i < state->tunnels_count; i++) {
tunnel_t *tunnel = state->tunnels[i];
if (tunnel->status == TUNNEL_STATUS_ACTIVE) {
bool client_timeout = current_time - tunnel->last_keepalive_from_client > timeout_seconds;
bool tool_timeout = current_time - tunnel->last_keepalive_from_tool > timeout_seconds;
if (client_timeout || tool_timeout) {
const char *timeout_reason = client_timeout && tool_timeout ? "both endpoints" :
client_timeout ? "client (wssshc) endpoint" : "tool (wsssht/wsscp) endpoint";
if (state->debug) {
printf("[DEBUG] Keep-alive timeout for tunnel %s from %s\n", tunnel->request_id, timeout_reason);
}
tunnel_update_status(tunnel, TUNNEL_STATUS_ERROR, "Keep-alive timeout");
// TODO: Send close messages and clean up
}
}
}
}
// Thread arguments structure
typedef struct {
ws_connection_t *conn;
wssshd_state_t *state;
} client_thread_args_t;
// Global server state
static int server_sock = -1;
static SSL_CTX *ssl_ctx = NULL;
static volatile int server_running = 0;
// Client connection thread
static void *client_handler_thread(void *arg) {
client_thread_args_t *args = (client_thread_args_t *)arg;
ws_connection_t *conn = args->conn;
wssshd_state_t *state = args->state;
free(args); // Free the args structure
// Perform WebSocket handshake
if (!ws_perform_handshake(conn)) {
ws_connection_free(conn);
return NULL;
}
printf("WebSocket connection established\n");
// Handle WebSocket messages
while (server_running && conn->state == WS_STATE_OPEN) {
uint8_t opcode;
void *data;
size_t len;
if (ws_receive_frame(conn, &opcode, &data, &len)) {
if (state->debug) {
printf("[DEBUG] Received WebSocket frame: opcode=%d, len=%zu\n", opcode, len);
}
if (opcode == WS_OPCODE_TEXT && len > 0) {
// Handle text message
char *message = (char *)data;
message[len] = '\0'; // Null terminate
if (state->debug) {
printf("[DEBUG] Received message: %s\n", message);
}
websocket_handle_message(state, conn, message, len);
} else if (opcode == WS_OPCODE_CLOSE) {
// Handle close frame
if (state->debug) {
printf("[DEBUG] Received close frame\n");
}
conn->state = WS_STATE_CLOSED;
} else if (opcode == WS_OPCODE_PING) {
// Respond with pong
if (state->debug) {
printf("[DEBUG] Received ping, sending pong\n");
}
ws_send_frame(conn, WS_OPCODE_PONG, data, len);
} else {
if (state->debug) {
printf("[DEBUG] Received unhandled opcode: %d\n", opcode);
}
}
free(data);
} else {
// Connection error
if (state->debug) {
printf("[DEBUG] WebSocket frame receive failed\n");
}
break;
}
}
printf("WebSocket connection closed\n");
ws_connection_free(conn);
return NULL;
}
// WebSocket server functions
int websocket_start_server(const wssshd_config_t *config, wssshd_state_t *state) {
printf("Starting WebSocket server on %s:%d\n", config->host, config->port);
// Create TCP socket
server_sock = socket(AF_INET, SOCK_STREAM, 0);
if (server_sock < 0) {
perror("Failed to create socket");
return -1;
}
// Set socket options
int opt = 1;
setsockopt(server_sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
// Bind to address
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(config->port);
if (inet_pton(AF_INET, config->host, &addr.sin_addr) <= 0) {
perror("Invalid address");
close(server_sock);
return -1;
}
if (bind(server_sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
perror("Bind failed");
close(server_sock);
return -1;
}
// Listen
if (listen(server_sock, 10) < 0) {
perror("Listen failed");
close(server_sock);
return -1;
}
// Initialize SSL
printf("Creating SSL context...\n");
ssl_ctx = ssl_create_context();
if (!ssl_ctx) {
fprintf(stderr, "Failed to create SSL context\n");
close(server_sock);
return -1;
}
printf("SSL context created successfully\n");
// Load or generate certificates
char cert_file[256], key_file[256];
// Try system location first, then fall back to local directory
snprintf(cert_file, sizeof(cert_file), "/etc/wssshd/cert.pem");
snprintf(key_file, sizeof(key_file), "/etc/wssshd/key.pem");
// If system location doesn't exist and we can't write there, use local directory
if (access(cert_file, F_OK) != 0) {
char local_dir[256];
snprintf(local_dir, sizeof(local_dir), "./certs");
mkdir(local_dir, 0755); // Create directory if it doesn't exist
snprintf(cert_file, sizeof(cert_file), "./certs/cert.pem");
snprintf(key_file, sizeof(key_file), "./certs/key.pem");
}
printf("Using certificates: %s, %s\n", cert_file, key_file);
if (access(cert_file, F_OK) != 0 || access(key_file, F_OK) != 0) {
printf("Generating self-signed certificate...\n");
if (ssl_generate_self_signed_cert(cert_file, key_file) != 0) {
fprintf(stderr, "Failed to generate certificate\n");
SSL_CTX_free(ssl_ctx);
close(server_sock);
return -1;
}
printf("Certificate generated successfully\n");
}
printf("Loading certificates...\n");
if (ssl_load_certificates(ssl_ctx, cert_file, key_file) != 0) {
fprintf(stderr, "Failed to load certificates\n");
SSL_CTX_free(ssl_ctx);
close(server_sock);
return -1;
}
printf("Certificates loaded successfully\n");
printf("WebSocket server listening on %s:%d\n", config->host, config->port);
server_running = 1;
printf("Entering accept loop...\n");
// Accept connections in a loop
while (server_running) {
printf("Waiting for connections...\n");
struct sockaddr_in client_addr;
socklen_t client_len = sizeof(client_addr);
int client_sock = accept(server_sock, (struct sockaddr *)&client_addr, &client_len);
if (client_sock < 0) {
if (server_running) perror("Accept failed");
continue;
}
// Create SSL connection
SSL *ssl = SSL_new(ssl_ctx);
if (!ssl) {
close(client_sock);
continue;
}
SSL_set_fd(ssl, client_sock);
if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
SSL_free(ssl);
close(client_sock);
continue;
}
// Create WebSocket connection
ws_connection_t *conn = ws_connection_create(ssl, client_sock);
if (!conn) {
SSL_free(ssl);
close(client_sock);
continue;
}
// Start client handler thread
client_thread_args_t *thread_args = malloc(sizeof(client_thread_args_t));
if (!thread_args) {
fprintf(stderr, "Failed to allocate thread args\n");
ws_connection_free(conn);
continue;
}
thread_args->conn = conn;
thread_args->state = state;
pthread_t thread;
if (pthread_create(&thread, NULL, client_handler_thread, thread_args) != 0) {
fprintf(stderr, "Failed to create client handler thread\n");
free(thread_args);
ws_connection_free(conn);
continue;
}
pthread_detach(thread);
}
return 0;
}
void websocket_stop_server(void) {
server_running = 0;
if (server_sock >= 0) {
close(server_sock);
server_sock = -1;
}
if (ssl_ctx) {
SSL_CTX_free(ssl_ctx);
ssl_ctx = NULL;
}
printf("WebSocket server stopped\n");
}
\ No newline at end of file
wssshd2/websocket.h 0 → 100644
View file @ 13104c97
/**
* WebSocket handling for wssshd
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef WEBSOCKET_H
#define WEBSOCKET_H
#include <stdbool.h>
#include <time.h>
#include "config.h"
#include "tunnel.h"
#include "terminal.h"
#include "websocket_protocol.h"
// Client information
typedef struct {
char client_id[256];
void *websocket; // WebSocket connection handle
time_t last_seen;
bool active;
char tunnel[16];
char tunnel_control[16];
char wssshd_private_ip[64];
} client_t;
// Terminal session (defined in terminal.h)
// Global state
typedef struct {
client_t *clients;
size_t clients_count;
size_t clients_capacity;
tunnel_t **tunnels;
size_t tunnels_count;
size_t tunnels_capacity;
terminal_session_t *terminals;
size_t terminals_count;
size_t terminals_capacity;
bool debug;
const char *server_password;
time_t start_time;
} wssshd_state_t;
// Function declarations
wssshd_state_t *websocket_init_state(bool debug, const char *server_password);
void websocket_free_state(wssshd_state_t *state);
// Client management
client_t *websocket_find_client(wssshd_state_t *state, const char *client_id);
client_t *websocket_add_client(wssshd_state_t *state, const char *client_id, void *websocket);
void websocket_remove_client(wssshd_state_t *state, const char *client_id);
void websocket_update_client_activity(wssshd_state_t *state, const char *client_id);
// Tunnel management
tunnel_t *websocket_find_tunnel(wssshd_state_t *state, const char *request_id);
tunnel_t *websocket_add_tunnel(wssshd_state_t *state, const char *request_id, const char *client_id);
void websocket_remove_tunnel(wssshd_state_t *state, const char *request_id);
// Terminal management
terminal_session_t *websocket_find_terminal(wssshd_state_t *state, const char *request_id);
terminal_session_t *websocket_add_terminal(wssshd_state_t *state, const char *request_id, const char *client_id, const char *username, pid_t proc_pid, int master_fd);
void websocket_remove_terminal(wssshd_state_t *state, const char *request_id);
// Message handling
int websocket_handle_message(wssshd_state_t *state, ws_connection_t *conn, const char *message, size_t message_len);
// Cleanup functions
void websocket_cleanup_expired_clients(wssshd_state_t *state);
void websocket_check_keepalive_timeouts(wssshd_state_t *state);
// WebSocket server functions (to be implemented with libwebsockets or similar)
int websocket_start_server(const wssshd_config_t *config, wssshd_state_t *state);
void websocket_stop_server(void);
#endif /* WEBSOCKET_H */
\ No newline at end of file
wssshd2/websocket_protocol.c 0 → 100644
View file @ 13104c97
/**
* WebSocket protocol implementation from scratch
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <openssl/sha.h>
#include <openssl/ssl.h>
#include "websocket_protocol.h"
// Base64 encoding table
static const char base64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
ws_connection_t *ws_connection_create(SSL *ssl, int sock_fd) {
ws_connection_t *conn = calloc(1, sizeof(ws_connection_t));
if (!conn) return NULL;
conn->ssl = ssl;
conn->sock_fd = sock_fd;
conn->state = WS_STATE_CONNECTING;
conn->recv_buffer_size = 4096;
conn->recv_buffer = malloc(conn->recv_buffer_size);
if (!conn->recv_buffer) {
free(conn);
return NULL;
}
return conn;
}
void ws_connection_free(ws_connection_t *conn) {
if (!conn) return;
free(conn->recv_buffer);
free(conn);
}
// SHA-1 implementation (using OpenSSL)
void sha1(const unsigned char *data, size_t len, unsigned char *hash) {
SHA1(data, len, hash);
}
// Base64 encoding
char *base64_encode(const unsigned char *data, size_t len) {
size_t out_len = ((len + 2) / 3) * 4 + 1;
char *out = malloc(out_len);
if (!out) return NULL;
size_t i, j;
for (i = 0, j = 0; i < len; i += 3, j += 4) {
uint32_t triple = (i < len ? data[i] : 0) << 16 |
(i + 1 < len ? data[i + 1] : 0) << 8 |
(i + 2 < len ? data[i + 2] : 0);
out[j] = base64_table[(triple >> 18) & 0x3F];
out[j + 1] = base64_table[(triple >> 12) & 0x3F];
out[j + 2] = base64_table[(triple >> 6) & 0x3F];
out[j + 3] = base64_table[triple & 0x3F];
}
// Add padding
if (len % 3 == 1) {
out[j - 2] = '=';
out[j - 1] = '=';
} else if (len % 3 == 2) {
out[j - 1] = '=';
}
out[j] = '\0';
return out;
}
// Compute WebSocket accept key
char *ws_compute_accept_key(const char *key) {
if (!key) return NULL;
// Concatenate key with magic string
char combined[256];
snprintf(combined, sizeof(combined), "%s%s", key, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11");
// SHA-1 hash
unsigned char hash[SHA_DIGEST_LENGTH];
sha1((unsigned char *)combined, strlen(combined), hash);
// Base64 encode
return base64_encode(hash, SHA_DIGEST_LENGTH);
}
// Mask/unmask data
void ws_mask_data(uint8_t *data, size_t len, const uint8_t *mask) {
for (size_t i = 0; i < len; i++) {
data[i] ^= mask[i % 4];
}
}
void ws_unmask_data(uint8_t *data, size_t len, const uint8_t *mask) {
// Same as masking
ws_mask_data(data, len, mask);
}
// Parse WebSocket frame header
static bool ws_parse_frame_header(const uint8_t *buffer, size_t len, ws_frame_header_t *header) {
if (len < 2) return false;
header->fin = (buffer[0] & 0x80) != 0;
header->rsv1 = (buffer[0] & 0x40) != 0;
header->rsv2 = (buffer[0] & 0x20) != 0;
header->rsv3 = (buffer[0] & 0x10) != 0;
header->opcode = buffer[0] & 0x0F;
header->masked = (buffer[1] & 0x80) != 0;
uint8_t payload_len = buffer[1] & 0x7F;
size_t header_len = 2;
if (payload_len == 126) {
if (len < 4) return false;
header->payload_len = (buffer[2] << 8) | buffer[3];
header_len = 4;
} else if (payload_len == 127) {
if (len < 10) return false;
header->payload_len = 0;
for (int i = 0; i < 8; i++) {
header->payload_len = (header->payload_len << 8) | buffer[2 + i];
}
header_len = 10;
} else {
header->payload_len = payload_len;
}
if (header->masked) {
if (len < header_len + 4) return false;
memcpy(header->masking_key, buffer + header_len, 4);
header_len += 4;
}
return true;
}
// Perform WebSocket handshake
bool ws_perform_handshake(ws_connection_t *conn) {
// Read HTTP request
char buffer[4096];
int bytes_read = SSL_read(conn->ssl, buffer, sizeof(buffer) - 1);
if (bytes_read <= 0) return false;
buffer[bytes_read] = '\0';
// Parse HTTP headers
char *sec_websocket_key = NULL;
char *line = strtok(buffer, "\r\n");
bool is_websocket_upgrade = false;
while (line) {
if (strncasecmp(line, "GET ", 4) == 0) {
// Check for WebSocket upgrade
if (strstr(line, "HTTP/1.1") && strstr(line, "/")) {
is_websocket_upgrade = true;
}
} else if (strncasecmp(line, "Sec-WebSocket-Key: ", 19) == 0) {
sec_websocket_key = line + 19;
// Trim whitespace
while (*sec_websocket_key == ' ') sec_websocket_key++;
} else if (strncasecmp(line, "Upgrade: websocket", 18) == 0) {
is_websocket_upgrade = true;
}
line = strtok(NULL, "\r\n");
}
if (!is_websocket_upgrade || !sec_websocket_key) {
return false;
}
// Compute accept key
char *accept_key = ws_compute_accept_key(sec_websocket_key);
if (!accept_key) return false;
// Send handshake response
char response[512];
snprintf(response, sizeof(response),
"HTTP/1.1 101 Switching Protocols\r\n"
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
"Sec-WebSocket-Accept: %s\r\n"
"\r\n", accept_key);
free(accept_key);
int bytes_written = SSL_write(conn->ssl, response, strlen(response));
if (bytes_written <= 0) return false;
conn->state = WS_STATE_OPEN;
return true;
}
// Send WebSocket frame
bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size_t len) {
if (conn->state != WS_STATE_OPEN) {
printf("[DEBUG] ws_send_frame: Connection not in OPEN state\n");
return false;
}
uint8_t frame[14 + len]; // Max header size + data
size_t frame_len = 0;
// Frame header
frame[0] = 0x80 | opcode; // FIN bit set
frame_len = 2;
if (len < 126) {
frame[1] = len;
} else if (len < 65536) {
frame[1] = 126;
frame[2] = (len >> 8) & 0xFF;
frame[3] = len & 0xFF;
frame_len = 4;
} else {
frame[1] = 127;
// Only support 32-bit lengths for simplicity
frame[2] = frame[3] = frame[4] = frame[5] = 0;
frame[6] = (len >> 24) & 0xFF;
frame[7] = (len >> 16) & 0xFF;
frame[8] = (len >> 8) & 0xFF;
frame[9] = len & 0xFF;
frame_len = 10;
}
// Copy data
if (len > 0) {
memcpy(frame + frame_len, data, len);
frame_len += len;
}
printf("[DEBUG] ws_send_frame: Sending frame with opcode=%d, len=%zu, frame_len=%zu\n", opcode, len, frame_len);
// Send frame
int bytes_written = SSL_write(conn->ssl, frame, frame_len);
printf("[DEBUG] ws_send_frame: SSL_write returned %d (expected %zu)\n", bytes_written, frame_len);
return bytes_written == (int)frame_len;
}
// Receive WebSocket frame
bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_t *len) {
if (conn->state != WS_STATE_OPEN) return false;
// Read frame header (minimum 2 bytes)
uint8_t header[14];
int bytes_read = SSL_read(conn->ssl, header, 2);
if (bytes_read <= 0) {
int ssl_error = SSL_get_error(conn->ssl, bytes_read);
printf("[DEBUG] ws_receive_frame: SSL_read failed, bytes_read=%d, ssl_error=%d\n", bytes_read, ssl_error);
return false;
}
if (bytes_read != 2) {
printf("[DEBUG] ws_receive_frame: Expected 2 header bytes, got %d\n", bytes_read);
return false;
}
printf("[DEBUG] ws_receive_frame: Header bytes: 0x%02x 0x%02x\n", header[0], header[1]);
// Determine header size needed
bool masked = (header[1] & 0x80) != 0;
uint8_t payload_len_indicator = header[1] & 0x7F;
size_t header_size = 2;
if (payload_len_indicator == 126) {
header_size = 4;
} else if (payload_len_indicator == 127) {
header_size = 10;
}
if (masked) {
header_size += 4;
}
// Read additional header bytes if needed
if (header_size > 2) {
bytes_read = SSL_read(conn->ssl, header + 2, header_size - 2);
if (bytes_read != (int)(header_size - 2)) {
printf("[DEBUG] ws_receive_frame: Failed to read extended header, expected %zu bytes, got %d\n", header_size - 2, bytes_read);
return false;
}
}
ws_frame_header_t frame_header;
if (!ws_parse_frame_header(header, header_size, &frame_header)) {
printf("[DEBUG] ws_receive_frame: Failed to parse complete frame header\n");
return false;
}
// Allocate buffer for payload
*data = malloc(frame_header.payload_len);
if (!*data) return false;
// Read payload
if (frame_header.payload_len > 0) {
bytes_read = SSL_read(conn->ssl, *data, frame_header.payload_len);
if (bytes_read != (int)frame_header.payload_len) {
free(*data);
return false;
}
// Unmask if needed
if (frame_header.masked) {
ws_unmask_data(*data, frame_header.payload_len, frame_header.masking_key);
}
}
*opcode = frame_header.opcode;
*len = frame_header.payload_len;
return true;
}
\ No newline at end of file
wssshd2/websocket_protocol.h 0 → 100644
View file @ 13104c97
/**
* WebSocket protocol implementation from scratch
*
* Copyright (C) 2024 Stefy Lanza <stefy@nexlab.net> and SexHack.me
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
#ifndef WEBSOCKET_PROTOCOL_H
#define WEBSOCKET_PROTOCOL_H
#include <stdint.h>
#include <stdbool.h>
#include <openssl/ssl.h>
// WebSocket frame opcodes
#define WS_OPCODE_CONTINUATION 0x0
#define WS_OPCODE_TEXT 0x1
#define WS_OPCODE_BINARY 0x2
#define WS_OPCODE_CLOSE 0x8
#define WS_OPCODE_PING 0x9
#define WS_OPCODE_PONG 0xA
// WebSocket frame header
typedef struct {
bool fin;
bool rsv1;
bool rsv2;
bool rsv3;
uint8_t opcode;
bool masked;
uint64_t payload_len;
uint8_t masking_key[4];
} ws_frame_header_t;
// WebSocket connection state
typedef enum {
WS_STATE_CONNECTING,
WS_STATE_OPEN,
WS_STATE_CLOSING,
WS_STATE_CLOSED
} ws_state_t;
// WebSocket connection
typedef struct {
SSL *ssl;
int sock_fd;
ws_state_t state;
char *recv_buffer;
size_t recv_buffer_size;
size_t recv_buffer_used;
} ws_connection_t;
// Function declarations
ws_connection_t *ws_connection_create(SSL *ssl, int sock_fd);
void ws_connection_free(ws_connection_t *conn);
// HTTP/WebSocket handshake
bool ws_perform_handshake(ws_connection_t *conn);
// Frame operations
bool ws_send_frame(ws_connection_t *conn, uint8_t opcode, const void *data, size_t len);
bool ws_receive_frame(ws_connection_t *conn, uint8_t *opcode, void **data, size_t *len);
// Utility functions
char *ws_compute_accept_key(const char *key);
void ws_mask_data(uint8_t *data, size_t len, const uint8_t *mask);
void ws_unmask_data(uint8_t *data, size_t len, const uint8_t *mask);
// Base64 and SHA-1 utilities
char *base64_encode(const unsigned char *data, size_t len);
void sha1(const unsigned char *data, size_t len, unsigned char *hash);
#endif /* WEBSOCKET_PROTOCOL_H */
\ No newline at end of file
wssshd2/wssshd 0 → 100755
View file @ 13104c97
File added
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment