Přemysl Eric Janouch
1639235a48
For this, we needed a wire protocol. After surveying available options, it was decided to implement an XDR-like protocol code generator in portable AWK. It now has two backends, per each of: - xF, the X11 frontend, is in C, and is meant to be the primary user interface in the future. - xP, the web frontend, relies on a protocol proxy written in Go, and is meant for use on-the-go (no pun intended). They are very much work-in-progress proofs of concept right now, and the relay protocol is certain to change.
1097 lines
29 KiB
C
1097 lines
29 KiB
C
/*
|
|
* common.c: common functionality
|
|
*
|
|
* Copyright (c) 2014 - 2022, Přemysl Eric Janouch <p@janouch.name>
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
*
|
|
*/
|
|
|
|
#define LIBERTY_WANT_SSL
|
|
#define LIBERTY_WANT_ASYNC
|
|
#define LIBERTY_WANT_POLLER
|
|
#define LIBERTY_WANT_PROTO_IRC
|
|
|
|
#ifdef WANT_SYSLOG_LOGGING
|
|
#define print_fatal_data ((void *) LOG_ERR)
|
|
#define print_error_data ((void *) LOG_ERR)
|
|
#define print_warning_data ((void *) LOG_WARNING)
|
|
#define print_status_data ((void *) LOG_INFO)
|
|
#define print_debug_data ((void *) LOG_DEBUG)
|
|
#endif // WANT_SYSLOG_LOGGING
|
|
|
|
#include "liberty/liberty.c"
|
|
#include <arpa/inet.h>
|
|
#include <netinet/tcp.h>
|
|
|
|
static void
|
|
init_openssl (void)
|
|
{
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
|
|
SSL_library_init ();
|
|
// XXX: this list is probably not complete
|
|
atexit (EVP_cleanup);
|
|
SSL_load_error_strings ();
|
|
atexit (ERR_free_strings);
|
|
#else
|
|
// Cleanup is done automatically via atexit()
|
|
OPENSSL_init_ssl (0, NULL);
|
|
#endif
|
|
}
|
|
|
|
static char *
|
|
gai_reconstruct_address (struct addrinfo *ai)
|
|
{
|
|
char host[NI_MAXHOST] = {}, port[NI_MAXSERV] = {};
|
|
int err = getnameinfo (ai->ai_addr, ai->ai_addrlen,
|
|
host, sizeof host, port, sizeof port,
|
|
NI_NUMERICHOST | NI_NUMERICSERV);
|
|
if (err)
|
|
{
|
|
print_debug ("%s: %s", "getnameinfo", gai_strerror (err));
|
|
return xstrdup ("?");
|
|
}
|
|
return format_host_port_pair (host, port);
|
|
}
|
|
|
|
static bool
|
|
accept_error_is_transient (int err)
|
|
{
|
|
// OS kernels may return a wide range of unforeseeable errors.
|
|
// Assuming that they're either transient or caused by
|
|
// a connection that we've just extracted from the queue.
|
|
switch (err)
|
|
{
|
|
case EBADF:
|
|
case EINVAL:
|
|
case ENOTSOCK:
|
|
case EOPNOTSUPP:
|
|
return false;
|
|
default:
|
|
return true;
|
|
}
|
|
}
|
|
|
|
/// Destructively tokenize an address into a host part, and a port part.
|
|
/// The port is only overwritten if that part is found, allowing for defaults.
|
|
static const char *
|
|
tokenize_host_port (char *address, const char **port)
|
|
{
|
|
// Unwrap IPv6 addresses in format_host_port_pair() format.
|
|
char *rbracket = strchr (address, ']');
|
|
if (*address == '[' && rbracket)
|
|
{
|
|
if (rbracket[1] == ':')
|
|
{
|
|
*port = rbracket + 2;
|
|
return *rbracket = 0, address + 1;
|
|
}
|
|
if (!rbracket[1])
|
|
return *rbracket = 0, address + 1;
|
|
}
|
|
|
|
char *colon = strchr (address, ':');
|
|
if (colon)
|
|
{
|
|
*port = colon + 1;
|
|
return *colon = 0, address;
|
|
}
|
|
return address;
|
|
}
|
|
|
|
// --- To be moved to liberty --------------------------------------------------
|
|
|
|
// FIXME: in xssl_get_error() we rely on error reasons never being NULL (i.e.,
|
|
// all loaded), which isn't very robust.
|
|
// TODO: check all places where this is used and see if we couldn't gain better
|
|
// information by piecing together some other subset of data from the error
|
|
// stack. Most often, this is used in an error_set() context, which would
|
|
// allow us to allocate memory instead of returning static strings.
|
|
static const char *
|
|
xerr_describe_error (void)
|
|
{
|
|
unsigned long err = ERR_get_error ();
|
|
if (!err)
|
|
return "undefined error";
|
|
|
|
const char *reason = ERR_reason_error_string (err);
|
|
do
|
|
// Not thread-safe, not a concern right now--need a buffer
|
|
print_debug ("%s", ERR_error_string (err, NULL));
|
|
while ((err = ERR_get_error ()));
|
|
|
|
if (!reason)
|
|
return "cannot retrieve error description";
|
|
return reason;
|
|
}
|
|
|
|
static struct str
|
|
str_from_cstr (const char *cstr)
|
|
{
|
|
struct str self;
|
|
self.alloc = (self.len = strlen (cstr)) + 1;
|
|
self.str = memcpy (xmalloc (self.alloc), cstr, self.alloc);
|
|
return self;
|
|
}
|
|
|
|
static ssize_t
|
|
strv_find (const struct strv *v, const char *s)
|
|
{
|
|
for (size_t i = 0; i < v->len; i++)
|
|
if (!strcmp (v->vector[i], s))
|
|
return i;
|
|
return -1;
|
|
}
|
|
|
|
static time_t
|
|
unixtime_msec (long *msec)
|
|
{
|
|
#ifdef _POSIX_TIMERS
|
|
struct timespec tp;
|
|
hard_assert (clock_gettime (CLOCK_REALTIME, &tp) != -1);
|
|
*msec = tp.tv_nsec / 1000000;
|
|
#else // ! _POSIX_TIMERS
|
|
struct timeval tp;
|
|
hard_assert (gettimeofday (&tp, NULL) != -1);
|
|
*msec = tp.tv_usec / 1000;
|
|
#endif // ! _POSIX_TIMERS
|
|
return tp.tv_sec;
|
|
}
|
|
|
|
// --- Logging -----------------------------------------------------------------
|
|
|
|
static void
|
|
log_message_syslog (void *user_data, const char *quote, const char *fmt,
|
|
va_list ap)
|
|
{
|
|
int prio = (int) (intptr_t) user_data;
|
|
|
|
va_list va;
|
|
va_copy (va, ap);
|
|
int size = vsnprintf (NULL, 0, fmt, va);
|
|
va_end (va);
|
|
if (size < 0)
|
|
return;
|
|
|
|
char buf[size + 1];
|
|
if (vsnprintf (buf, sizeof buf, fmt, ap) >= 0)
|
|
syslog (prio, "%s%s", quote, buf);
|
|
}
|
|
|
|
// --- SOCKS 5/4a --------------------------------------------------------------
|
|
|
|
// Asynchronous SOCKS connector. Adds more stuff on top of the regular one.
|
|
|
|
// Note that the `username' is used differently in SOCKS 4a and 5. In the
|
|
// former version, it is the username that you can get ident'ed against.
|
|
// In the latter version, it forms a pair with the password field and doesn't
|
|
// need to be an actual user on your machine.
|
|
|
|
struct socks_addr
|
|
{
|
|
enum socks_addr_type
|
|
{
|
|
SOCKS_IPV4 = 1, ///< IPv4 address
|
|
SOCKS_DOMAIN = 3, ///< Domain name to be resolved
|
|
SOCKS_IPV6 = 4 ///< IPv6 address
|
|
}
|
|
type; ///< The type of this address
|
|
union
|
|
{
|
|
uint8_t ipv4[4]; ///< IPv4 address, network octet order
|
|
char *domain; ///< Domain name
|
|
uint8_t ipv6[16]; ///< IPv6 address, network octet order
|
|
}
|
|
data; ///< The address itself
|
|
};
|
|
|
|
static void
|
|
socks_addr_free (struct socks_addr *self)
|
|
{
|
|
if (self->type == SOCKS_DOMAIN)
|
|
free (self->data.domain);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
struct socks_target
|
|
{
|
|
LIST_HEADER (struct socks_target)
|
|
|
|
char *address_str; ///< Target address as a string
|
|
struct socks_addr address; ///< Target address
|
|
uint16_t port; ///< Target service port
|
|
};
|
|
|
|
enum socks_protocol
|
|
{
|
|
SOCKS_5, ///< SOCKS5
|
|
SOCKS_4A, ///< SOCKS4A
|
|
SOCKS_MAX ///< End of protocol
|
|
};
|
|
|
|
static inline const char *
|
|
socks_protocol_to_string (enum socks_protocol self)
|
|
{
|
|
switch (self)
|
|
{
|
|
case SOCKS_5: return "SOCKS5";
|
|
case SOCKS_4A: return "SOCKS4A";
|
|
default: return NULL;
|
|
}
|
|
}
|
|
|
|
struct socks_connector
|
|
{
|
|
struct connector *connector; ///< Proxy server iterator (effectively)
|
|
enum socks_protocol protocol_iter; ///< Protocol iterator
|
|
struct socks_target *targets_iter; ///< Targets iterator
|
|
|
|
// Negotiation:
|
|
|
|
struct poller_timer timeout; ///< Timeout timer
|
|
|
|
int socket_fd; ///< Current socket file descriptor
|
|
struct poller_fd socket_event; ///< Socket can be read from/written to
|
|
struct str read_buffer; ///< Read buffer
|
|
struct str write_buffer; ///< Write buffer
|
|
|
|
bool done; ///< Tunnel succesfully established
|
|
uint8_t bound_address_len; ///< Length of domain name
|
|
size_t data_needed; ///< How much data "on_data" needs
|
|
|
|
/// Process incoming data if there's enough of it available
|
|
bool (*on_data) (struct socks_connector *, struct msg_unpacker *);
|
|
|
|
// Configuration:
|
|
|
|
char *hostname; ///< SOCKS server hostname
|
|
char *service; ///< SOCKS server service name or port
|
|
|
|
char *username; ///< Username for authentication
|
|
char *password; ///< Password for authentication
|
|
|
|
struct socks_target *targets; ///< Targets
|
|
struct socks_target *targets_tail; ///< Tail of targets
|
|
|
|
void *user_data; ///< User data for callbacks
|
|
|
|
// Additional results:
|
|
|
|
struct socks_addr bound_address; ///< Bound address at the server
|
|
uint16_t bound_port; ///< Bound port at the server
|
|
|
|
// You may destroy the connector object in these two main callbacks:
|
|
|
|
/// Connection has been successfully established
|
|
void (*on_connected) (void *user_data, int socket, const char *hostname);
|
|
/// Failed to establish a connection to either target
|
|
void (*on_failure) (void *user_data);
|
|
|
|
// Optional:
|
|
|
|
/// Connecting to a new address
|
|
void (*on_connecting) (void *user_data,
|
|
const char *address, const char *via, const char *version);
|
|
/// Connecting to the last address has failed
|
|
void (*on_error) (void *user_data, const char *error);
|
|
};
|
|
|
|
// I've tried to make the actual protocol handlers as simple as possible
|
|
|
|
#define SOCKS_FAIL(...) \
|
|
BLOCK_START \
|
|
char *error = xstrdup_printf (__VA_ARGS__); \
|
|
if (self->on_error) \
|
|
self->on_error (self->user_data, error); \
|
|
free (error); \
|
|
return false; \
|
|
BLOCK_END
|
|
|
|
#define SOCKS_DATA_CB(name) static bool name \
|
|
(struct socks_connector *self, struct msg_unpacker *unpacker)
|
|
|
|
#define SOCKS_GO(name, data_needed_) \
|
|
self->on_data = name; \
|
|
self->data_needed = data_needed_; \
|
|
return true
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
SOCKS_DATA_CB (socks_4a_finish)
|
|
{
|
|
uint8_t null, status;
|
|
hard_assert (msg_unpacker_u8 (unpacker, &null));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &status));
|
|
|
|
if (null != 0)
|
|
SOCKS_FAIL ("protocol error");
|
|
|
|
switch (status)
|
|
{
|
|
case 90:
|
|
self->done = true;
|
|
return false;
|
|
case 91:
|
|
SOCKS_FAIL ("request rejected or failed");
|
|
case 92:
|
|
SOCKS_FAIL ("%s: %s", "request rejected",
|
|
"SOCKS server cannot connect to identd on the client");
|
|
case 93:
|
|
SOCKS_FAIL ("%s: %s", "request rejected",
|
|
"identd reports different user-id");
|
|
default:
|
|
SOCKS_FAIL ("protocol error");
|
|
}
|
|
}
|
|
|
|
static bool
|
|
socks_4a_start (struct socks_connector *self)
|
|
{
|
|
struct socks_target *target = self->targets_iter;
|
|
const void *dest_ipv4 = "\x00\x00\x00\x01";
|
|
const char *dest_domain = NULL;
|
|
|
|
char buf[INET6_ADDRSTRLEN];
|
|
switch (target->address.type)
|
|
{
|
|
case SOCKS_IPV4:
|
|
dest_ipv4 = target->address.data.ipv4;
|
|
break;
|
|
case SOCKS_IPV6:
|
|
// About the best thing we can do, not sure if it works anywhere at all
|
|
if (!inet_ntop (AF_INET6, &target->address.data.ipv6, buf, sizeof buf))
|
|
SOCKS_FAIL ("%s: %s", "inet_ntop", strerror (errno));
|
|
dest_domain = buf;
|
|
break;
|
|
case SOCKS_DOMAIN:
|
|
dest_domain = target->address.data.domain;
|
|
}
|
|
|
|
struct str *wb = &self->write_buffer;
|
|
str_pack_u8 (wb, 4); // version
|
|
str_pack_u8 (wb, 1); // connect
|
|
|
|
str_pack_u16 (wb, target->port); // port
|
|
str_append_data (wb, dest_ipv4, 4); // destination address
|
|
|
|
if (self->username)
|
|
str_append (wb, self->username);
|
|
str_append_c (wb, '\0');
|
|
|
|
if (dest_domain)
|
|
{
|
|
str_append (wb, dest_domain);
|
|
str_append_c (wb, '\0');
|
|
}
|
|
|
|
SOCKS_GO (socks_4a_finish, 8);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
SOCKS_DATA_CB (socks_5_request_port)
|
|
{
|
|
hard_assert (msg_unpacker_u16 (unpacker, &self->bound_port));
|
|
self->done = true;
|
|
return false;
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_request_ipv4)
|
|
{
|
|
memcpy (self->bound_address.data.ipv4, unpacker->data, unpacker->len);
|
|
SOCKS_GO (socks_5_request_port, 2);
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_request_ipv6)
|
|
{
|
|
memcpy (self->bound_address.data.ipv6, unpacker->data, unpacker->len);
|
|
SOCKS_GO (socks_5_request_port, 2);
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_request_domain_data)
|
|
{
|
|
self->bound_address.data.domain = xstrndup (unpacker->data, unpacker->len);
|
|
SOCKS_GO (socks_5_request_port, 2);
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_request_domain)
|
|
{
|
|
hard_assert (msg_unpacker_u8 (unpacker, &self->bound_address_len));
|
|
SOCKS_GO (socks_5_request_domain_data, self->bound_address_len);
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_request_finish)
|
|
{
|
|
uint8_t version, status, reserved, type;
|
|
hard_assert (msg_unpacker_u8 (unpacker, &version));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &status));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &reserved));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &type));
|
|
|
|
if (version != 0x05)
|
|
SOCKS_FAIL ("protocol error");
|
|
|
|
switch (status)
|
|
{
|
|
case 0x00:
|
|
break;
|
|
case 0x01: SOCKS_FAIL ("general SOCKS server failure");
|
|
case 0x02: SOCKS_FAIL ("connection not allowed by ruleset");
|
|
case 0x03: SOCKS_FAIL ("network unreachable");
|
|
case 0x04: SOCKS_FAIL ("host unreachable");
|
|
case 0x05: SOCKS_FAIL ("connection refused");
|
|
case 0x06: SOCKS_FAIL ("TTL expired");
|
|
case 0x07: SOCKS_FAIL ("command not supported");
|
|
case 0x08: SOCKS_FAIL ("address type not supported");
|
|
default: SOCKS_FAIL ("protocol error");
|
|
}
|
|
|
|
switch ((self->bound_address.type = type))
|
|
{
|
|
case SOCKS_IPV4:
|
|
SOCKS_GO (socks_5_request_ipv4, sizeof self->bound_address.data.ipv4);
|
|
case SOCKS_IPV6:
|
|
SOCKS_GO (socks_5_request_ipv6, sizeof self->bound_address.data.ipv6);
|
|
case SOCKS_DOMAIN:
|
|
SOCKS_GO (socks_5_request_domain, 1);
|
|
default:
|
|
SOCKS_FAIL ("protocol error");
|
|
}
|
|
}
|
|
|
|
static bool
|
|
socks_5_request_start (struct socks_connector *self)
|
|
{
|
|
struct socks_target *target = self->targets_iter;
|
|
struct str *wb = &self->write_buffer;
|
|
str_pack_u8 (wb, 0x05); // version
|
|
str_pack_u8 (wb, 0x01); // connect
|
|
str_pack_u8 (wb, 0x00); // reserved
|
|
str_pack_u8 (wb, target->address.type);
|
|
|
|
switch (target->address.type)
|
|
{
|
|
case SOCKS_IPV4:
|
|
str_append_data (wb,
|
|
target->address.data.ipv4, sizeof target->address.data.ipv4);
|
|
break;
|
|
case SOCKS_DOMAIN:
|
|
{
|
|
size_t dlen = strlen (target->address.data.domain);
|
|
if (dlen > 255)
|
|
dlen = 255;
|
|
|
|
str_pack_u8 (wb, dlen);
|
|
str_append_data (wb, target->address.data.domain, dlen);
|
|
break;
|
|
}
|
|
case SOCKS_IPV6:
|
|
str_append_data (wb,
|
|
target->address.data.ipv6, sizeof target->address.data.ipv6);
|
|
break;
|
|
}
|
|
str_pack_u16 (wb, target->port);
|
|
|
|
SOCKS_GO (socks_5_request_finish, 4);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
SOCKS_DATA_CB (socks_5_userpass_finish)
|
|
{
|
|
uint8_t version, status;
|
|
hard_assert (msg_unpacker_u8 (unpacker, &version));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &status));
|
|
|
|
if (version != 0x01)
|
|
SOCKS_FAIL ("protocol error");
|
|
if (status != 0x00)
|
|
SOCKS_FAIL ("authentication failure");
|
|
|
|
return socks_5_request_start (self);
|
|
}
|
|
|
|
static bool
|
|
socks_5_userpass_start (struct socks_connector *self)
|
|
{
|
|
size_t ulen = strlen (self->username);
|
|
if (ulen > 255)
|
|
ulen = 255;
|
|
|
|
size_t plen = strlen (self->password);
|
|
if (plen > 255)
|
|
plen = 255;
|
|
|
|
struct str *wb = &self->write_buffer;
|
|
str_pack_u8 (wb, 0x01); // version
|
|
str_pack_u8 (wb, ulen); // username length
|
|
str_append_data (wb, self->username, ulen);
|
|
str_pack_u8 (wb, plen); // password length
|
|
str_append_data (wb, self->password, plen);
|
|
|
|
SOCKS_GO (socks_5_userpass_finish, 2);
|
|
}
|
|
|
|
SOCKS_DATA_CB (socks_5_auth_finish)
|
|
{
|
|
uint8_t version, method;
|
|
hard_assert (msg_unpacker_u8 (unpacker, &version));
|
|
hard_assert (msg_unpacker_u8 (unpacker, &method));
|
|
|
|
if (version != 0x05)
|
|
SOCKS_FAIL ("protocol error");
|
|
|
|
bool can_auth = self->username && self->password;
|
|
|
|
switch (method)
|
|
{
|
|
case 0x02:
|
|
if (!can_auth)
|
|
SOCKS_FAIL ("protocol error");
|
|
|
|
return socks_5_userpass_start (self);
|
|
case 0x00:
|
|
return socks_5_request_start (self);
|
|
case 0xFF:
|
|
SOCKS_FAIL ("no acceptable authentication methods");
|
|
default:
|
|
SOCKS_FAIL ("protocol error");
|
|
}
|
|
}
|
|
|
|
static bool
|
|
socks_5_auth_start (struct socks_connector *self)
|
|
{
|
|
bool can_auth = self->username && self->password;
|
|
|
|
struct str *wb = &self->write_buffer;
|
|
str_pack_u8 (wb, 0x05); // version
|
|
str_pack_u8 (wb, 1 + can_auth); // number of authentication methods
|
|
str_pack_u8 (wb, 0x00); // no authentication required
|
|
if (can_auth)
|
|
str_pack_u8 (wb, 0x02); // username/password
|
|
|
|
SOCKS_GO (socks_5_auth_finish, 2);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
static void socks_connector_start (struct socks_connector *self);
|
|
|
|
static void
|
|
socks_connector_destroy_connector (struct socks_connector *self)
|
|
{
|
|
if (self->connector)
|
|
{
|
|
connector_free (self->connector);
|
|
free (self->connector);
|
|
self->connector = NULL;
|
|
}
|
|
}
|
|
|
|
static void
|
|
socks_connector_cancel_events (struct socks_connector *self)
|
|
{
|
|
// Before calling the final callbacks, we should cancel events that
|
|
// could potentially fire; caller should destroy us immediately, though
|
|
poller_fd_reset (&self->socket_event);
|
|
poller_timer_reset (&self->timeout);
|
|
}
|
|
|
|
static void
|
|
socks_connector_fail (struct socks_connector *self)
|
|
{
|
|
socks_connector_cancel_events (self);
|
|
self->on_failure (self->user_data);
|
|
}
|
|
|
|
static bool
|
|
socks_connector_step_iterators (struct socks_connector *self)
|
|
{
|
|
// At the lowest level we iterate over all addresses for the SOCKS server
|
|
// and just try to connect; this is done automatically by the connector
|
|
|
|
// Then we iterate over available protocols
|
|
if (++self->protocol_iter != SOCKS_MAX)
|
|
return true;
|
|
|
|
// At the highest level we iterate over possible targets
|
|
self->protocol_iter = 0;
|
|
if (self->targets_iter && (self->targets_iter = self->targets_iter->next))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static void
|
|
socks_connector_step (struct socks_connector *self)
|
|
{
|
|
if (self->socket_fd != -1)
|
|
{
|
|
poller_fd_reset (&self->socket_event);
|
|
xclose (self->socket_fd);
|
|
self->socket_fd = -1;
|
|
}
|
|
|
|
socks_connector_destroy_connector (self);
|
|
if (socks_connector_step_iterators (self))
|
|
socks_connector_start (self);
|
|
else
|
|
socks_connector_fail (self);
|
|
}
|
|
|
|
static void
|
|
socks_connector_on_timeout (struct socks_connector *self)
|
|
{
|
|
if (self->on_error)
|
|
self->on_error (self->user_data, "timeout");
|
|
|
|
socks_connector_destroy_connector (self);
|
|
socks_connector_fail (self);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
static void
|
|
socks_connector_on_connected
|
|
(void *user_data, int socket_fd, const char *hostname)
|
|
{
|
|
set_blocking (socket_fd, false);
|
|
(void) hostname;
|
|
|
|
struct socks_connector *self = user_data;
|
|
self->socket_fd = socket_fd;
|
|
self->socket_event.fd = socket_fd;
|
|
poller_fd_set (&self->socket_event, POLLIN | POLLOUT);
|
|
str_reset (&self->read_buffer);
|
|
str_reset (&self->write_buffer);
|
|
|
|
if (!(self->protocol_iter == SOCKS_5 && socks_5_auth_start (self))
|
|
&& !(self->protocol_iter == SOCKS_4A && socks_4a_start (self)))
|
|
socks_connector_fail (self);
|
|
}
|
|
|
|
static void
|
|
socks_connector_on_failure (void *user_data)
|
|
{
|
|
struct socks_connector *self = user_data;
|
|
// TODO: skip SOCKS server on connection failure
|
|
socks_connector_step (self);
|
|
}
|
|
|
|
static void
|
|
socks_connector_on_connecting (void *user_data, const char *via)
|
|
{
|
|
struct socks_connector *self = user_data;
|
|
if (!self->on_connecting)
|
|
return;
|
|
|
|
struct socks_target *target = self->targets_iter;
|
|
char *port = xstrdup_printf ("%u", target->port);
|
|
char *address = format_host_port_pair (target->address_str, port);
|
|
free (port);
|
|
self->on_connecting (self->user_data, address, via,
|
|
socks_protocol_to_string (self->protocol_iter));
|
|
free (address);
|
|
}
|
|
|
|
static void
|
|
socks_connector_on_error (void *user_data, const char *error)
|
|
{
|
|
struct socks_connector *self = user_data;
|
|
// TODO: skip protocol on protocol failure
|
|
if (self->on_error)
|
|
self->on_error (self->user_data, error);
|
|
}
|
|
|
|
static void
|
|
socks_connector_start (struct socks_connector *self)
|
|
{
|
|
hard_assert (!self->connector);
|
|
|
|
struct connector *connector =
|
|
self->connector = xcalloc (1, sizeof *connector);
|
|
connector_init (connector, self->socket_event.poller);
|
|
|
|
connector->user_data = self;
|
|
connector->on_connected = socks_connector_on_connected;
|
|
connector->on_connecting = socks_connector_on_connecting;
|
|
connector->on_error = socks_connector_on_error;
|
|
connector->on_failure = socks_connector_on_failure;
|
|
|
|
connector_add_target (connector, self->hostname, self->service);
|
|
poller_timer_set (&self->timeout, 60 * 1000);
|
|
self->done = false;
|
|
|
|
self->bound_port = 0;
|
|
socks_addr_free (&self->bound_address);
|
|
memset (&self->bound_address, 0, sizeof self->bound_address);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
static bool
|
|
socks_try_fill_read_buffer (struct socks_connector *self, size_t n)
|
|
{
|
|
ssize_t remains = (ssize_t) n - (ssize_t) self->read_buffer.len;
|
|
if (remains <= 0)
|
|
return true;
|
|
|
|
ssize_t received;
|
|
str_reserve (&self->read_buffer, remains);
|
|
do
|
|
received = recv (self->socket_fd,
|
|
self->read_buffer.str + self->read_buffer.len, remains, 0);
|
|
while ((received == -1) && errno == EINTR);
|
|
|
|
if (received == 0)
|
|
SOCKS_FAIL ("%s: %s", "protocol error", "unexpected EOF");
|
|
if (received == -1 && errno != EAGAIN)
|
|
SOCKS_FAIL ("%s: %s", "recv", strerror (errno));
|
|
if (received > 0)
|
|
self->read_buffer.len += received;
|
|
return true;
|
|
}
|
|
|
|
static bool
|
|
socks_call_on_data (struct socks_connector *self)
|
|
{
|
|
size_t to_consume = self->data_needed;
|
|
if (!socks_try_fill_read_buffer (self, to_consume))
|
|
return false;
|
|
if (self->read_buffer.len < to_consume)
|
|
return true;
|
|
|
|
struct msg_unpacker unpacker =
|
|
msg_unpacker_make (self->read_buffer.str, self->read_buffer.len);
|
|
bool result = self->on_data (self, &unpacker);
|
|
str_remove_slice (&self->read_buffer, 0, to_consume);
|
|
return result;
|
|
}
|
|
|
|
static bool
|
|
socks_try_flush_write_buffer (struct socks_connector *self)
|
|
{
|
|
struct str *wb = &self->write_buffer;
|
|
ssize_t n_written;
|
|
|
|
while (wb->len)
|
|
{
|
|
n_written = send (self->socket_fd, wb->str, wb->len, 0);
|
|
if (n_written >= 0)
|
|
{
|
|
str_remove_slice (wb, 0, n_written);
|
|
continue;
|
|
}
|
|
|
|
if (errno == EAGAIN)
|
|
break;
|
|
if (errno == EINTR)
|
|
continue;
|
|
|
|
SOCKS_FAIL ("%s: %s", "send", strerror (errno));
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static void
|
|
socks_connector_on_ready
|
|
(const struct pollfd *pfd, struct socks_connector *self)
|
|
{
|
|
(void) pfd;
|
|
|
|
if (socks_call_on_data (self) && socks_try_flush_write_buffer (self))
|
|
{
|
|
poller_fd_set (&self->socket_event,
|
|
self->write_buffer.len ? (POLLIN | POLLOUT) : POLLIN);
|
|
}
|
|
else if (self->done)
|
|
{
|
|
socks_connector_cancel_events (self);
|
|
|
|
int fd = self->socket_fd;
|
|
self->socket_fd = -1;
|
|
|
|
struct socks_target *target = self->targets_iter;
|
|
set_blocking (fd, true);
|
|
self->on_connected (self->user_data, fd, target->address_str);
|
|
}
|
|
else
|
|
// We've failed this target, let's try to move on
|
|
socks_connector_step (self);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
static void
|
|
socks_connector_init (struct socks_connector *self, struct poller *poller)
|
|
{
|
|
memset (self, 0, sizeof *self);
|
|
|
|
self->socket_event = poller_fd_make (poller, (self->socket_fd = -1));
|
|
self->socket_event.dispatcher = (poller_fd_fn) socks_connector_on_ready;
|
|
self->socket_event.user_data = self;
|
|
|
|
self->timeout = poller_timer_make (poller);
|
|
self->timeout.dispatcher = (poller_timer_fn) socks_connector_on_timeout;
|
|
self->timeout.user_data = self;
|
|
|
|
self->read_buffer = str_make ();
|
|
self->write_buffer = str_make ();
|
|
}
|
|
|
|
static void
|
|
socks_connector_free (struct socks_connector *self)
|
|
{
|
|
socks_connector_destroy_connector (self);
|
|
socks_connector_cancel_events (self);
|
|
|
|
if (self->socket_fd != -1)
|
|
xclose (self->socket_fd);
|
|
|
|
str_free (&self->read_buffer);
|
|
str_free (&self->write_buffer);
|
|
|
|
free (self->hostname);
|
|
free (self->service);
|
|
free (self->username);
|
|
free (self->password);
|
|
|
|
LIST_FOR_EACH (struct socks_target, iter, self->targets)
|
|
{
|
|
socks_addr_free (&iter->address);
|
|
free (iter->address_str);
|
|
free (iter);
|
|
}
|
|
|
|
socks_addr_free (&self->bound_address);
|
|
}
|
|
|
|
static bool
|
|
socks_connector_add_target (struct socks_connector *self,
|
|
const char *host, const char *service, struct error **e)
|
|
{
|
|
unsigned long port;
|
|
const struct servent *serv;
|
|
if ((serv = getservbyname (service, "tcp")))
|
|
port = (uint16_t) ntohs (serv->s_port);
|
|
else if (!xstrtoul (&port, service, 10) || !port || port > UINT16_MAX)
|
|
{
|
|
error_set (e, "invalid port number");
|
|
return false;
|
|
}
|
|
|
|
struct socks_target *target = xcalloc (1, sizeof *target);
|
|
if (inet_pton (AF_INET, host, &target->address.data.ipv4) == 1)
|
|
target->address.type = SOCKS_IPV4;
|
|
else if (inet_pton (AF_INET6, host, &target->address.data.ipv6) == 1)
|
|
target->address.type = SOCKS_IPV6;
|
|
else
|
|
{
|
|
target->address.type = SOCKS_DOMAIN;
|
|
target->address.data.domain = xstrdup (host);
|
|
}
|
|
|
|
target->port = port;
|
|
target->address_str = xstrdup (host);
|
|
LIST_APPEND_WITH_TAIL (self->targets, self->targets_tail, target);
|
|
return true;
|
|
}
|
|
|
|
static void
|
|
socks_connector_run (struct socks_connector *self,
|
|
const char *host, const char *service,
|
|
const char *username, const char *password)
|
|
{
|
|
hard_assert (self->targets);
|
|
hard_assert (host && service);
|
|
|
|
self->hostname = xstrdup (host);
|
|
self->service = xstrdup (service);
|
|
|
|
if (username) self->username = xstrdup (username);
|
|
if (password) self->password = xstrdup (password);
|
|
|
|
self->targets_iter = self->targets;
|
|
self->protocol_iter = 0;
|
|
// XXX: this can fail immediately from an error creating the connector
|
|
socks_connector_start (self);
|
|
}
|
|
|
|
// --- CTCP decoding -----------------------------------------------------------
|
|
|
|
#define CTCP_M_QUOTE '\020'
|
|
#define CTCP_X_DELIM '\001'
|
|
#define CTCP_X_QUOTE '\\'
|
|
|
|
struct ctcp_chunk
|
|
{
|
|
LIST_HEADER (struct ctcp_chunk)
|
|
|
|
bool is_extended; ///< Is this a tagged extended message?
|
|
bool is_partial; ///< Unterminated extended message
|
|
struct str tag; ///< The tag, if any
|
|
struct str text; ///< Message contents
|
|
};
|
|
|
|
static struct ctcp_chunk *
|
|
ctcp_chunk_new (void)
|
|
{
|
|
struct ctcp_chunk *self = xcalloc (1, sizeof *self);
|
|
self->tag = str_make ();
|
|
self->text = str_make ();
|
|
return self;
|
|
}
|
|
|
|
static void
|
|
ctcp_chunk_destroy (struct ctcp_chunk *self)
|
|
{
|
|
str_free (&self->tag);
|
|
str_free (&self->text);
|
|
free (self);
|
|
}
|
|
|
|
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
static void
|
|
ctcp_low_level_decode (const char *message, struct str *output)
|
|
{
|
|
bool escape = false;
|
|
for (const char *p = message; *p; p++)
|
|
{
|
|
if (escape)
|
|
{
|
|
switch (*p)
|
|
{
|
|
case '0': str_append_c (output, '\0'); break;
|
|
case 'r': str_append_c (output, '\r'); break;
|
|
case 'n': str_append_c (output, '\n'); break;
|
|
default: str_append_c (output, *p);
|
|
}
|
|
escape = false;
|
|
}
|
|
else if (*p == CTCP_M_QUOTE)
|
|
escape = true;
|
|
else
|
|
str_append_c (output, *p);
|
|
}
|
|
}
|
|
|
|
static void
|
|
ctcp_intra_decode (const char *chunk, size_t len, struct str *output)
|
|
{
|
|
bool escape = false;
|
|
for (size_t i = 0; i < len; i++)
|
|
{
|
|
char c = chunk[i];
|
|
if (escape)
|
|
{
|
|
if (c == 'a')
|
|
str_append_c (output, CTCP_X_DELIM);
|
|
else
|
|
str_append_c (output, c);
|
|
escape = false;
|
|
}
|
|
else if (c == CTCP_X_QUOTE)
|
|
escape = true;
|
|
else
|
|
str_append_c (output, c);
|
|
}
|
|
}
|
|
|
|
// According to the original CTCP specification we should use
|
|
// ctcp_intra_decode() on all parts, however no one seems to use that
|
|
// and it breaks normal text with backslashes
|
|
#ifndef SUPPORT_CTCP_X_QUOTES
|
|
#define ctcp_intra_decode(s, len, output) str_append_data (output, s, len)
|
|
#endif
|
|
|
|
static void
|
|
ctcp_parse_tagged (const char *chunk, size_t len, struct ctcp_chunk *output)
|
|
{
|
|
// We may search for the space before doing the higher level decoding,
|
|
// as it doesn't concern space characters at all
|
|
size_t tag_end = len;
|
|
for (size_t i = 0; i < len; i++)
|
|
if (chunk[i] == ' ')
|
|
{
|
|
tag_end = i;
|
|
break;
|
|
}
|
|
|
|
output->is_extended = true;
|
|
ctcp_intra_decode (chunk, tag_end, &output->tag);
|
|
if (tag_end++ != len)
|
|
ctcp_intra_decode (chunk + tag_end, len - tag_end, &output->text);
|
|
}
|
|
|
|
static struct ctcp_chunk *
|
|
ctcp_parse (const char *message)
|
|
{
|
|
struct str m = str_make ();
|
|
ctcp_low_level_decode (message, &m);
|
|
|
|
struct ctcp_chunk *result = NULL, *result_tail = NULL;
|
|
|
|
size_t start = 0;
|
|
bool in_ctcp = false;
|
|
for (size_t i = 0; i < m.len; i++)
|
|
{
|
|
char c = m.str[i];
|
|
if (c != CTCP_X_DELIM)
|
|
continue;
|
|
|
|
// Remember the current state
|
|
size_t my_start = start;
|
|
bool my_is_ctcp = in_ctcp;
|
|
|
|
start = i + 1;
|
|
in_ctcp = !in_ctcp;
|
|
|
|
// Skip empty chunks
|
|
if (my_start == i)
|
|
continue;
|
|
|
|
struct ctcp_chunk *chunk = ctcp_chunk_new ();
|
|
if (my_is_ctcp)
|
|
ctcp_parse_tagged (m.str + my_start, i - my_start, chunk);
|
|
else
|
|
ctcp_intra_decode (m.str + my_start, i - my_start, &chunk->text);
|
|
LIST_APPEND_WITH_TAIL (result, result_tail, chunk);
|
|
}
|
|
|
|
// Finish the last part. Unended tagged chunks are marked as such.
|
|
if (start != m.len)
|
|
{
|
|
struct ctcp_chunk *chunk = ctcp_chunk_new ();
|
|
if (in_ctcp)
|
|
{
|
|
ctcp_parse_tagged (m.str + start, m.len - start, chunk);
|
|
chunk->is_partial = true;
|
|
}
|
|
else
|
|
ctcp_intra_decode (m.str + start, m.len - start, &chunk->text);
|
|
LIST_APPEND_WITH_TAIL (result, result_tail, chunk);
|
|
}
|
|
|
|
str_free (&m);
|
|
return result;
|
|
}
|
|
|
|
static void
|
|
ctcp_destroy (struct ctcp_chunk *list)
|
|
{
|
|
LIST_FOR_EACH (struct ctcp_chunk, iter, list)
|
|
ctcp_chunk_destroy (iter);
|
|
}
|