hedgewars: comparison gameServer2/src/server/network.rs

equal deleted inserted replaced

-:4664da990556
+:c8fd12db6215
 extern crate slab;
 use std::{
-io, io::{Error, ErrorKind, Write},
+io, io::{Error, ErrorKind, Read, Write},
 net::{SocketAddr, IpAddr, Ipv4Addr},
 collections::HashSet,
 mem::{swap, replace}
 };
 };
 use super::{
 server::{HWServer},
 coretypes::ClientId
 };
+#[cfg(feature = "tls-connections")]
+use openssl::{
+ssl::{
+SslMethod, SslContext, Ssl, SslContextBuilder,
+SslVerifyMode, SslFiletype, SslOptions,
+SslStreamBuilder, HandshakeError, MidHandshakeSslStream, SslStream
+},
+error::ErrorStack
+};
 const MAX_BYTES_PER_READ: usize = 2048;
 #[derive(Hash, Eq, PartialEq, Copy, Clone)]
 pub enum NetworkClientState {
 Closed,
 }
 type NetworkResult<T> = io::Result<(T, NetworkClientState)>;
+#[cfg(not(feature = "tls-connections"))]
+pub enum ClientSocket {
+Plain(TcpStream)
+}
+#[cfg(feature = "tls-connections")]
+pub enum ClientSocket {
+SslHandshake(Option<MidHandshakeSslStream<TcpStream>>),
+SslStream(SslStream<TcpStream>)
+}
+impl ClientSocket {
+fn inner(&self) -> &TcpStream {
+#[cfg(not(feature = "tls-connections"))]
+match self {
+ClientSocket::Plain(stream) => stream,
+}
+#[cfg(feature = "tls-connections")]
+match self {
+ClientSocket::SslHandshake(Some(builder)) => builder.get_ref(),
+ClientSocket::SslHandshake(None) => unreachable!(),
+ClientSocket::SslStream(ssl_stream) => ssl_stream.get_ref()
+}
+}
+}
 pub struct NetworkClient {
 id: ClientId,
-socket: TcpStream,
+socket: ClientSocket,
 peer_addr: SocketAddr,
 decoder: ProtocolDecoder,
 buf_out: netbuf::Buf
 }
 impl NetworkClient {
-pub fn new(id: ClientId, socket: TcpStream, peer_addr: SocketAddr) -> NetworkClient {
+pub fn new(id: ClientId, socket: ClientSocket, peer_addr: SocketAddr) -> NetworkClient {
 NetworkClient {
 id, socket, peer_addr,
 decoder: ProtocolDecoder::new(),
 buf_out: netbuf::Buf::new()
 }
 }
-pub fn read_messages(&mut self) -> NetworkResult<Vec<HWProtocolMessage>> {
+fn read_impl<R: Read>(decoder: &mut ProtocolDecoder, source: &mut R,
+id: ClientId, addr: &SocketAddr) -> NetworkResult<Vec<HWProtocolMessage>> {
 let mut bytes_read = 0;
 let result = loop {
-match self.decoder.read_from(&mut self.socket) {
+match decoder.read_from(source) {
 Ok(bytes) => {
-debug!("Client {}: read {} bytes", self.id, bytes);
+debug!("Client {}: read {} bytes", id, bytes);
 bytes_read += bytes;
 if bytes == 0 {
 let result = if bytes_read == 0 {
-info!("EOF for client {} ({})", self.id, self.peer_addr);
+info!("EOF for client {} ({})", id, addr);
 (Vec::new(), NetworkClientState::Closed)
 } else {
-(self.decoder.extract_messages(), NetworkClientState::NeedsRead)
+(decoder.extract_messages(), NetworkClientState::NeedsRead)
 };
 break Ok(result);
 }
 else if bytes_read >= MAX_BYTES_PER_READ {
-break Ok((self.decoder.extract_messages(), NetworkClientState::NeedsRead))
+break Ok((decoder.extract_messages(), NetworkClientState::NeedsRead))
 }
 }
 Err(ref error) if error.kind() == ErrorKind::WouldBlock => {
 let messages =  if bytes_read == 0 {
 Vec::new()
 } else {
-self.decoder.extract_messages()
+decoder.extract_messages()
 };
 break Ok((messages, NetworkClientState::Idle));
 }
 Err(error) =>
 break Err(error)
 }
 };
-self.decoder.sweep();
+decoder.sweep();
 result
 }
-pub fn flush(&mut self) -> NetworkResult<()> {
+pub fn read(&mut self) -> NetworkResult<Vec<HWProtocolMessage>> {
+#[cfg(not(feature = "tls-connections"))]
+match self.socket {
+ClientSocket::Plain(ref mut stream) =>
+NetworkClient::read_impl(&mut self.decoder, stream, self.id, &self.peer_addr),
+}
+#[cfg(feature = "tls-connections")]
+match self.socket {
+ClientSocket::SslHandshake(ref mut handshake_opt) => {
+let mut handshake = std::mem::replace(handshake_opt, None).unwrap();
+match handshake.handshake() {
+Ok(stream) => {
+debug!("TLS handshake with {} ({}) completed", self.id, self.peer_addr);
+self.socket = ClientSocket::SslStream(stream);
+Ok((Vec::new(), NetworkClientState::Idle))
+}
+Err(HandshakeError::WouldBlock(new_handshake)) => {
+*handshake_opt = Some(new_handshake);
+Ok((Vec::new(), NetworkClientState::Idle))
+}
+Err(e) => {
+debug!("TLS handshake with {} ({}) failed", self.id, self.peer_addr);
+Err(Error::new(ErrorKind::Other, "Connection failure"))
+}
+}
+},
+ClientSocket::SslStream(ref mut stream) =>
+NetworkClient::read_impl(&mut self.decoder, stream, self.id, &self.peer_addr)
+}
+}
+fn write_impl<W: Write>(buf_out: &mut netbuf::Buf, destination: &mut W) -> NetworkResult<()> {
 let result = loop {
-match self.buf_out.write_to(&mut self.socket) {
+match buf_out.write_to(destination) {
-Ok(bytes) if self.buf_out.is_empty() || bytes == 0 =>
+Ok(bytes) if buf_out.is_empty() || bytes == 0 =>
 break Ok(((), NetworkClientState::Idle)),
 Ok(_) => (),
 Err(ref error) if error.kind() == ErrorKind::Interrupted
 || error.kind() == ErrorKind::WouldBlock => {
 break Ok(((), NetworkClientState::NeedsWrite));
 },
 Err(error) =>
 break Err(error)
 }
 };
-self.socket.flush()?;
+result
+}
+pub fn write(&mut self) -> NetworkResult<()> {
+let result = {
+#[cfg(not(feature = "tls-connections"))]
+match self.socket {
+ClientSocket::Plain(ref mut stream) =>
+NetworkClient::write_impl(&mut self.buf_out, stream)
+}
+#[cfg(feature = "tls-connections")] {
+match self.socket {
+ClientSocket::SslHandshake(_) =>
+Ok(((), NetworkClientState::Idle)),
+ClientSocket::SslStream(ref mut stream) =>
+NetworkClient::write_impl(&mut self.buf_out, stream)
+}
+}
+};
+self.socket.inner().flush()?;
 result
 }
 pub fn send_raw_msg(&mut self, msg: &[u8]) {
 self.buf_out.write_all(msg).unwrap();
 }
 pub fn send_msg(&mut self, msg: &HWServerMessage) {
 self.send_string(&msg.to_raw_protocol());
 }
+}
+#[cfg(feature = "tls-connections")]
+struct ServerSsl {
+context: SslContext
 }
 pub struct NetworkLayer {
 listener: TcpListener,
 server: HWServer,
 clients: Slab<NetworkClient>,
 pending: HashSet<(ClientId, NetworkClientState)>,
-pending_cache: Vec<(ClientId, NetworkClientState)>
+pending_cache: Vec<(ClientId, NetworkClientState)>,
+#[cfg(feature = "tls-connections")]
+ssl: ServerSsl
 }
 impl NetworkLayer {
 pub fn new(listener: TcpListener, clients_limit: usize, rooms_limit: usize) -> NetworkLayer {
 let server = HWServer::new(clients_limit, rooms_limit);
 let clients = Slab::with_capacity(clients_limit);
 let pending = HashSet::with_capacity(2 * clients_limit);
 let pending_cache = Vec::with_capacity(2 * clients_limit);
-NetworkLayer {listener, server, clients, pending, pending_cache}
+NetworkLayer {
+listener, server, clients, pending, pending_cache,
+#[cfg(feature = "tls-connections")]
+ssl: NetworkLayer::create_ssl_context()
+}
+}
+#[cfg(feature = "tls-connections")]
+fn create_ssl_context() -> ServerSsl {
+let mut builder = SslContextBuilder::new(SslMethod::tls()).unwrap();
+builder.set_verify(SslVerifyMode::NONE);
+builder.set_read_ahead(true);
+builder.set_certificate_file("ssl/cert.pem", SslFiletype::PEM).unwrap();
+builder.set_private_key_file("ssl/key.pem", SslFiletype::PEM).unwrap();
+builder.set_options(SslOptions::NO_COMPRESSION);
+builder.set_cipher_list("DEFAULT:!LOW:!RC4:!EXP").unwrap();
+ServerSsl { context: builder.build() }
 }
 pub fn register_server(&self, poll: &Poll) -> io::Result<()> {
 poll.register(&self.listener, utils::SERVER, Ready::readable(),
 PollOpt::edge())
 }
 fn deregister_client(&mut self, poll: &Poll, id: ClientId) {
 let mut client_exists = false;
 if let Some(ref client) = self.clients.get(id) {
-poll.deregister(&client.socket)
+poll.deregister(client.socket.inner())
 .expect("could not deregister socket");
 info!("client {} ({}) removed", client.id, client.peer_addr);
 client_exists = true;
 }
 if client_exists {
 self.clients.remove(id);
 }
 }
-fn register_client(&mut self, poll: &Poll, id: ClientId, client_socket: TcpStream, addr: SocketAddr) {
+fn register_client(&mut self, poll: &Poll, id: ClientId, client_socket: ClientSocket, addr: SocketAddr) {
-poll.register(&client_socket, Token(id),
+poll.register(client_socket.inner(), Token(id),
 Ready::readable() | Ready::writable(),
 PollOpt::edge())
 .expect("could not register socket with event loop");
 let entry = self.clients.vacant_entry();
 }
 }
 }
 }
+fn create_client_socket(&self, socket: TcpStream) -> io::Result<ClientSocket> {
+#[cfg(not(feature = "tls-connections"))] {
+Ok(ClientSocket::Plain(socket))
+}
+#[cfg(feature = "tls-connections")] {
+let ssl = Ssl::new(&self.ssl.context).unwrap();
+let mut builder = SslStreamBuilder::new(ssl, socket);
+builder.set_accept_state();
+match builder.handshake() {
+Ok(stream) =>
+Ok(ClientSocket::SslStream(stream)),
+Err(HandshakeError::WouldBlock(stream)) =>
+Ok(ClientSocket::SslHandshake(Some(stream))),
+Err(e) => {
+debug!("OpenSSL handshake failed: {}", e);
+Err(Error::new(ErrorKind::Other, "Connection failure"))
+}
+}
+}
+}
 pub fn accept_client(&mut self, poll: &Poll) -> io::Result<()> {
 let (client_socket, addr) = self.listener.accept()?;
 info!("Connected: {}", addr);
 let client_id = self.server.add_client();
-self.register_client(poll, client_id, client_socket, addr);
+self.register_client(poll, client_id, self.create_client_socket(client_socket)?, addr);
 self.flush_server_messages();
 Ok(())
 }
 pub fn client_readable(&mut self, poll: &Poll,
 client_id: ClientId) -> io::Result<()> {
 let messages =
 if let Some(ref mut client) = self.clients.get_mut(client_id) {
-client.read_messages()
+client.read()
 } else {
 warn!("invalid readable client: {}", client_id);
 Ok((Vec::new(), NetworkClientState::Idle))
 };
 pub fn client_writable(&mut self, poll: &Poll,
 client_id: ClientId) -> io::Result<()> {
 let result =
 if let Some(ref mut client) = self.clients.get_mut(client_id) {
-client.flush()
+client.write()
 } else {
 warn!("invalid writable client: {}", client_id);
 Ok(((), NetworkClientState::Idle))
 };

changeset 13799	c8fd12db6215
parent 13666	09f4a30e50cc
child 13802	24fe56d3c6a2