2 proxy.c -- Proxy handling functions.
3 Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "connection.h"
30 proxytype_t proxytype;
36 static void update_address_ipv4(connection_t *c, void *address, void *port) {
37 sockaddrfree(&c->address);
38 memset(&c->address, 0, sizeof(c->address));
39 c->address.sa.sa_family = AF_INET;
42 memcpy(&c->address.in.sin_addr, address, sizeof(ipv4_t));
46 memcpy(&c->address.in.sin_port, port, sizeof(uint16_t));
49 // OpenSSH -D returns all zero address, set it to 0.0.0.1 to prevent spamming ourselves.
50 if(!memcmp(&c->address.in.sin_addr, "\0\0\0\0", 4)) {
51 memcpy(&c->address.in.sin_addr, "\0\0\0\01", 4);
55 static void update_address_ipv6(connection_t *c, void *address, void *port) {
56 sockaddrfree(&c->address);
57 memset(&c->address, 0, sizeof(c->address));
58 c->address.sa.sa_family = AF_INET6;
61 memcpy(&c->address.in6.sin6_addr, address, sizeof(ipv6_t));
65 memcpy(&c->address.in6.sin6_port, port, sizeof(uint16_t));
68 // OpenSSH -D returns all zero address, set it to 0100:: to prevent spamming ourselves.
69 if(!memcmp(&c->address.in6.sin6_addr, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16)) {
70 memcpy(&c->address.in6.sin6_addr, "\01\0\0\0\0\0\0\0", 8);
74 bool send_proxyrequest(connection_t *c) {
77 if(c->address.sa.sa_family != AF_INET) {
78 logger(LOG_ERR, "Can only connect to numeric IPv4 addresses through a SOCKS 4 proxy!");
84 if(c->address.sa.sa_family != AF_INET && c->address.sa.sa_family != AF_UNKNOWN) {
85 logger(LOG_ERR, "Can only connect to IPv4 addresses or hostnames through a SOCKS 4a proxy!");
92 len += strlen(proxyuser);
95 if(c->address.sa.sa_family == AF_UNKNOWN) {
96 len += 1 + strlen(c->address.unknown.address);
103 if(c->address.sa.sa_family == AF_INET) {
104 memcpy(s4req + 2, &c->address.in.sin_port, 2);
105 memcpy(s4req + 4, &c->address.in.sin_addr, 4);
107 uint16_t port = htons(atoi(c->address.unknown.port));
108 memcpy(s4req + 2, &port, 2);
109 memcpy(s4req + 4, "\0\0\0\1", 4);
110 strcpy(s4req + (9 + (proxyuser ? strlen(proxyuser) : 0)), c->address.unknown.address);
114 strcpy(s4req + 8, proxyuser);
119 s4req[sizeof(s4req) - 1] = 0;
120 c->allow_request = PROXY;
121 return send_meta(c, s4req, sizeof(s4req));
127 if(c->address.sa.sa_family == AF_INET) {
129 } else if(c->address.sa.sa_family == AF_INET6) {
131 } else if(c->address.sa.sa_family == AF_UNKNOWN) {
132 len += 1 + strlen(c->address.unknown.address);
134 logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
139 len += 3 + strlen(proxyuser) + strlen(proxypass);
150 s5req[i++] = strlen(proxyuser);
151 strcpy(s5req + i, proxyuser);
152 i += strlen(proxyuser);
153 s5req[i++] = strlen(proxypass);
154 strcpy(s5req + i, proxypass);
155 i += strlen(proxypass);
164 if(c->address.sa.sa_family == AF_INET) {
166 memcpy(s5req + i, &c->address.in.sin_addr, 4);
168 memcpy(s5req + i, &c->address.in.sin_port, 2);
170 } else if(c->address.sa.sa_family == AF_INET6) {
172 memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
174 memcpy(s5req + i, &c->address.in6.sin6_port, 2);
176 } else if(c->address.sa.sa_family == AF_UNKNOWN) {
178 int len = strlen(c->address.unknown.address);
180 memcpy(s5req + i, c->address.unknown.address, len);
182 uint16_t port = htons(atoi(c->address.unknown.port));
183 memcpy(s5req + i, &port, 2);
186 logger(LOG_ERR, "Unknown address family while trying to connect to SOCKS5 proxy");
194 c->allow_request = PROXY;
195 return send_meta(c, s5req, sizeof(s5req));
202 sockaddr2str(&c->address, &host, &port);
203 send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
206 c->allow_request = PROXY;
214 logger(LOG_ERR, "Unknown proxy type");
219 int receive_proxy_meta(connection_t *c) {
227 if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
228 if(c->address.sa.sa_family == AF_UNKNOWN) {
229 update_address_ipv4(c, c->buffer + 4, c->buffer + 2);
232 ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
233 c->allow_request = ID;
234 c->status.proxy_passed = true;
238 logger(LOG_ERR, "Proxy request rejected");
247 if(c->buffer[0] != 0x05 || c->buffer[1] == (char)0xff) {
248 logger(LOG_ERR, "Proxy authentication method rejected");
254 if(c->buffer[1] == 0x02) {
259 if(c->buffer[2] != 0x05 || c->buffer[3] != 0x00) {
260 logger(LOG_ERR, "Proxy username/password rejected");
267 if(c->buflen - offset < 7) {
271 if(c->buffer[offset] != 0x05 || c->buffer[offset + 1] != 0x00) {
272 logger(LOG_ERR, "Proxy request rejected");
276 int replen = offset + 6;
278 switch(c->buffer[offset + 3]) {
280 if(c->address.sa.sa_family == AF_UNKNOWN) {
281 update_address_ipv4(c, c->buffer + offset + 4, c->buffer + offset + 8);
287 case 0x03: // Hostname
288 if(c->address.sa.sa_family == AF_UNKNOWN) {
289 update_address_ipv4(c, "\0\0\0\1", "\0\0");
292 replen += ((uint8_t *)c->buffer)[offset + 4];
296 if(c->address.sa.sa_family == AF_UNKNOWN) {
297 update_address_ipv6(c, c->buffer + offset + 4, c->buffer + offset + 20);
304 logger(LOG_ERR, "Proxy reply malformed");
308 if(c->buflen < replen) {
311 ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
312 c->allow_request = ID;
313 c->status.proxy_passed = true;
319 char *p = memchr(c->buffer, '\n', c->buflen);
321 if(!p || p - c->buffer >= c->buflen) {
325 while((p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)))) {
326 if(p > c->buffer + 3 && !memcmp(p - 3, "\r\n\r\n", 4)) {
339 if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
340 if(!strncmp(c->buffer + 9, "200", 3)) {
341 if(c->address.sa.sa_family == AF_UNKNOWN) {
342 update_address_ipv4(c, "\0\0\0\1", "\0\0");
345 logger(LOG_DEBUG, "Proxy request granted");
346 replen = p + 1 - c->buffer;
347 c->allow_request = ID;
348 c->status.proxy_passed = true;
352 p = memchr(c->buffer, '\n', c->buflen);
354 logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9);
358 logger(LOG_ERR, "Proxy reply malformed");
projects / tinc / blob