2 proxy.c -- Proxy handling functions.
3 Copyright (C) 2015-2017 Guus Sliepen <guus@tinc-vpn.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 #include "connection.h"
30 proxytype_t proxytype;
36 static void update_address_ipv4(connection_t *c, void *address, void *port) {
37 sockaddrfree(&c->address);
38 memset(&c->address, 0, sizeof(c->address));
39 c->address.sa.sa_family = AF_INET;
42 memcpy(&c->address.in.sin_addr, address, sizeof(ipv4_t));
46 memcpy(&c->address.in.sin_port, port, sizeof(uint16_t));
49 // OpenSSH -D returns all zero address, set it to 0.0.0.1 to prevent spamming ourselves.
50 if(!memcmp(&c->address.in.sin_addr, "\0\0\0\0", 4)) {
51 memcpy(&c->address.in.sin_addr, "\0\0\0\01", 4);
55 static void update_address_ipv6(connection_t *c, void *address, void *port) {
56 sockaddrfree(&c->address);
57 memset(&c->address, 0, sizeof(c->address));
58 c->address.sa.sa_family = AF_INET6;
61 memcpy(&c->address.in6.sin6_addr, address, sizeof(ipv6_t));
65 memcpy(&c->address.in6.sin6_port, port, sizeof(uint16_t));
68 // OpenSSH -D returns all zero address, set it to 0100:: to prevent spamming ourselves.
69 if(!memcmp(&c->address.in6.sin6_addr, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16)) {
70 memcpy(&c->address.in6.sin6_addr, "\01\0\0\0\0\0\0\0", 8);
74 bool send_proxyrequest(connection_t *c) {
77 if(c->address.sa.sa_family != AF_INET) {
78 logger(LOG_ERR, "Can only connect to numeric IPv4 addresses through a SOCKS 4 proxy!");
83 if(c->address.sa.sa_family != AF_INET && c->address.sa.sa_family != AF_UNKNOWN) {
84 logger(LOG_ERR, "Can only connect to IPv4 addresses or hostnames through a SOCKS 4a proxy!");
91 len += strlen(proxyuser);
94 if(c->address.sa.sa_family == AF_UNKNOWN) {
95 len += 1 + strlen(c->address.unknown.address);
102 if(c->address.sa.sa_family == AF_INET) {
103 memcpy(s4req + 2, &c->address.in.sin_port, 2);
104 memcpy(s4req + 4, &c->address.in.sin_addr, 4);
106 uint16_t port = htons(atoi(c->address.unknown.port));
107 memcpy(s4req + 2, &port, 2);
108 memcpy(s4req + 4, "\0\0\0\1", 4);
109 strcpy(s4req + (9 + (proxyuser ? strlen(proxyuser) : 0)), c->address.unknown.address);
113 strcpy(s4req + 8, proxyuser);
118 s4req[sizeof(s4req) - 1] = 0;
119 c->allow_request = PROXY;
120 return send_meta(c, s4req, sizeof(s4req));
126 if(c->address.sa.sa_family == AF_INET) {
128 } else if(c->address.sa.sa_family == AF_INET6) {
130 } else if(c->address.sa.sa_family == AF_UNKNOWN) {
131 len += 1 + strlen(c->address.unknown.address);
133 logger(LOG_ERR, "Address family %x not supported for SOCKS 5 proxies!", c->address.sa.sa_family);
138 len += 3 + strlen(proxyuser) + strlen(proxypass);
149 s5req[i++] = strlen(proxyuser);
150 strcpy(s5req + i, proxyuser);
151 i += strlen(proxyuser);
152 s5req[i++] = strlen(proxypass);
153 strcpy(s5req + i, proxypass);
154 i += strlen(proxypass);
163 if(c->address.sa.sa_family == AF_INET) {
165 memcpy(s5req + i, &c->address.in.sin_addr, 4);
167 memcpy(s5req + i, &c->address.in.sin_port, 2);
169 } else if(c->address.sa.sa_family == AF_INET6) {
171 memcpy(s5req + i, &c->address.in6.sin6_addr, 16);
173 memcpy(s5req + i, &c->address.in6.sin6_port, 2);
175 } else if(c->address.sa.sa_family == AF_UNKNOWN) {
177 int len = strlen(c->address.unknown.address);
179 memcpy(s5req + i, c->address.unknown.address, len);
181 uint16_t port = htons(atoi(c->address.unknown.port));
182 memcpy(s5req + i, &port, 2);
185 logger(LOG_ERR, "Unknown address family while trying to connect to SOCKS5 proxy");
193 c->allow_request = PROXY;
194 return send_meta(c, s5req, sizeof(s5req));
201 sockaddr2str(&c->address, &host, &port);
202 send_request(c, "CONNECT %s:%s HTTP/1.1\r\n\r", host, port);
205 c->allow_request = PROXY;
213 logger(LOG_ERR, "Unknown proxy type");
218 int receive_proxy_meta(connection_t *c, int start, int lenin) {
226 if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
227 if(c->address.sa.sa_family == AF_UNKNOWN) {
228 update_address_ipv4(c, c->buffer + 4, c->buffer + 2);
231 ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
232 c->allow_request = ID;
233 c->status.proxy_passed = true;
237 logger(LOG_ERR, "Proxy request rejected");
246 if(c->buffer[0] != 0x05 || c->buffer[1] == (char)0xff) {
247 logger(LOG_ERR, "Proxy authentication method rejected");
253 if(c->buffer[1] == 0x02) {
258 if(c->buffer[2] != 0x05 || c->buffer[3] != 0x00) {
259 logger(LOG_ERR, "Proxy username/password rejected");
266 if(c->buflen - offset < 7) {
270 if(c->buffer[offset] != 0x05 || c->buffer[offset + 1] != 0x00) {
271 logger(LOG_ERR, "Proxy request rejected");
275 int replen = offset + 6;
277 switch(c->buffer[offset + 3]) {
279 if(c->address.sa.sa_family == AF_UNKNOWN) {
280 update_address_ipv4(c, c->buffer + offset + 4, c->buffer + offset + 8);
286 case 0x03: // Hostname
287 if(c->address.sa.sa_family == AF_UNKNOWN) {
288 update_address_ipv4(c, "\0\0\0\1", "\0\0");
291 replen += ((uint8_t *)c->buffer)[offset + 4];
295 if(c->address.sa.sa_family == AF_UNKNOWN) {
296 update_address_ipv6(c, c->buffer + offset + 4, c->buffer + offset + 20);
303 logger(LOG_ERR, "Proxy reply malformed");
307 if(c->buflen < replen) {
310 ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Proxy request granted");
311 c->allow_request = ID;
312 c->status.proxy_passed = true;
318 char *p = memchr(c->buffer, '\n', c->buflen);
320 if(!p || p - c->buffer >= c->buflen) {
324 while((p = memchr(p + 1, '\n', c->buflen - (p + 1 - c->buffer)))) {
325 if(p > c->buffer + 3 && !memcmp(p - 3, "\r\n\r\n", 4)) {
338 if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
339 if(!strncmp(c->buffer + 9, "200", 3)) {
340 if(c->address.sa.sa_family == AF_UNKNOWN) {
341 update_address_ipv4(c, "\0\0\0\1", "\0\0");
344 logger(LOG_DEBUG, "Proxy request granted");
345 replen = p + 1 - c->buffer;
346 c->allow_request = ID;
347 c->status.proxy_passed = true;
351 p = memchr(c->buffer, '\n', c->buflen);
353 logger(LOG_ERR, "Proxy request rejected: %s", c->buffer + 9);
357 logger(LOG_ERR, "Proxy reply malformed");
projects / tinc / blob