25
|
1 #include "connwrap.h" |
|
2 |
|
3 #include <netdb.h> |
|
4 #include <string.h> |
|
5 #include <netinet/in.h> |
|
6 #include <errno.h> |
|
7 #include <arpa/inet.h> |
|
8 #include <fcntl.h> |
|
9 #include <sys/time.h> |
112
|
10 #include <unistd.h> |
25
|
11 |
|
12 #define PROXY_TIMEOUT 10 |
|
13 // HTTP proxy timeout in seconds (for the CONNECT method) |
|
14 |
|
15 #ifdef HAVE_OPENSSL |
|
16 |
|
17 #define OPENSSL_NO_KRB5 1 |
|
18 #include <openssl/ssl.h> |
|
19 #include <openssl/err.h> |
|
20 |
|
21 #elif HAVE_GNUTLS |
|
22 |
|
23 #include <gnutls/openssl.h> |
|
24 #define HAVE_OPENSSL |
|
25 |
|
26 #endif |
|
27 |
|
28 static int in_http_connect = 0; |
|
29 |
|
30 #ifdef HAVE_OPENSSL |
|
31 |
|
32 static SSL_CTX *ctx = 0; |
|
33 |
|
34 typedef struct { int fd; SSL *ssl; } sslsock; |
|
35 |
|
36 static sslsock *socks = 0; |
|
37 static int sockcount = 0; |
|
38 |
|
39 static sslsock *getsock(int fd) { |
|
40 int i; |
|
41 |
|
42 for(i = 0; i < sockcount; i++) |
|
43 if(socks[i].fd == fd) |
|
44 return &socks[i]; |
|
45 |
|
46 return 0; |
|
47 } |
|
48 |
|
49 static sslsock *addsock(int fd) { |
|
50 sslsock *p; |
|
51 socks = (sslsock *) realloc(socks, sizeof(sslsock)*++sockcount); |
|
52 |
|
53 p = &socks[sockcount-1]; |
|
54 |
|
55 if(!ctx) { |
|
56 SSL_library_init(); |
|
57 SSL_load_error_strings(); |
|
58 |
|
59 #ifdef HAVE_SSLEAY |
|
60 SSLeay_add_all_algorithms(); |
|
61 #else |
|
62 OpenSSL_add_all_algorithms(); |
|
63 #endif |
|
64 |
|
65 ctx = SSL_CTX_new(SSLv23_method()); |
|
66 } |
|
67 |
|
68 p->ssl = SSL_new(ctx); |
|
69 SSL_set_fd(p->ssl, p->fd = fd); |
|
70 |
|
71 return p; |
|
72 } |
|
73 |
|
74 static void delsock(int fd) { |
|
75 int i, nsockcount; |
|
76 sslsock *nsocks; |
|
77 |
|
78 nsockcount = 0; |
|
79 nsocks = (sslsock *) malloc(sizeof(sslsock)*(sockcount-1)); |
|
80 |
|
81 for(i = 0; i < sockcount; i++) { |
|
82 if(socks[i].fd != fd) { |
|
83 nsocks[nsockcount++] = socks[i]; |
|
84 } else { |
|
85 SSL_free(socks[i].ssl); |
|
86 } |
|
87 } |
|
88 |
|
89 free(socks); |
|
90 |
|
91 socks = nsocks; |
|
92 sockcount = nsockcount; |
|
93 } |
|
94 |
|
95 #endif |
|
96 |
|
97 static char *bindaddr = 0, *proxyhost = 0, *proxyuser = 0, *proxypass = 0; |
|
98 static int proxyport = 3128; |
|
99 static int proxy_ssl = 0; |
|
100 |
|
101 #define SOCKOUT(s) write(sockfd, s, strlen(s)) |
|
102 |
|
103 int cw_http_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen) { |
|
104 int err, pos, fl; |
|
105 struct hostent *server; |
|
106 struct sockaddr_in paddr; |
|
107 char buf[512]; |
|
108 fd_set rfds; |
|
109 |
|
110 err = 0; |
|
111 in_http_connect = 1; |
|
112 |
|
113 if(!(server = gethostbyname(proxyhost))) { |
|
114 errno = h_errno; |
|
115 err = -1; |
|
116 } |
|
117 |
|
118 if(!err) { |
|
119 memset(&paddr, 0, sizeof(paddr)); |
|
120 paddr.sin_family = AF_INET; |
|
121 memcpy(&paddr.sin_addr.s_addr, *server->h_addr_list, server->h_length); |
|
122 paddr.sin_port = htons(proxyport); |
|
123 |
|
124 fl = fcntl(sockfd, F_GETFL); |
|
125 fcntl(sockfd, F_SETFL, fl & ~O_NONBLOCK); |
|
126 |
|
127 buf[0] = 0; |
|
128 |
|
129 err = cw_connect(sockfd, (struct sockaddr *) &paddr, sizeof(paddr), proxy_ssl); |
|
130 } |
|
131 |
|
132 errno = ECONNREFUSED; |
|
133 |
|
134 if(!err) { |
|
135 struct sockaddr_in *sin = (struct sockaddr_in *) serv_addr; |
|
136 char *ip = inet_ntoa(sin->sin_addr), c; |
|
137 struct timeval tv; |
|
138 |
|
139 sprintf(buf, "%d", ntohs(sin->sin_port)); |
|
140 SOCKOUT("CONNECT "); |
|
141 SOCKOUT(ip); |
|
142 SOCKOUT(":"); |
|
143 SOCKOUT(buf); |
|
144 SOCKOUT(" HTTP/1.0\r\n"); |
|
145 |
|
146 if(proxyuser) { |
|
147 char *b; |
|
148 SOCKOUT("Proxy-Authorization: Basic "); |
|
149 |
|
150 sprintf(buf, "%s:%s", proxyuser, proxypass); |
|
151 b = cw_base64_encode(buf); |
|
152 SOCKOUT(b); |
|
153 free(b); |
|
154 |
|
155 SOCKOUT("\r\n"); |
|
156 } |
|
157 |
|
158 SOCKOUT("\r\n"); |
|
159 |
|
160 buf[0] = 0; |
|
161 |
|
162 while(err != -1) { |
|
163 FD_ZERO(&rfds); |
|
164 FD_SET(sockfd, &rfds); |
|
165 |
|
166 tv.tv_sec = PROXY_TIMEOUT; |
|
167 tv.tv_usec = 0; |
|
168 |
|
169 err = select(sockfd+1, &rfds, 0, 0, &tv); |
|
170 |
|
171 if(err < 1) err = -1; |
|
172 |
|
173 if(err != -1 && FD_ISSET(sockfd, &rfds)) { |
|
174 err = read(sockfd, &c, 1); |
|
175 if(!err) err = -1; |
|
176 |
|
177 if(err != -1) { |
|
178 pos = strlen(buf); |
|
179 buf[pos] = c; |
|
180 buf[pos+1] = 0; |
|
181 |
|
182 if(strlen(buf) > 4) |
|
183 if(!strcmp(buf+strlen(buf)-4, "\r\n\r\n")) |
|
184 break; |
|
185 } |
|
186 } |
|
187 } |
|
188 } |
|
189 |
|
190 if(err != -1 && strlen(buf)) { |
|
191 char *p = strstr(buf, " "); |
|
192 |
|
193 err = -1; |
|
194 |
|
195 if(p) |
|
196 if(atoi(++p) == 200) |
|
197 err = 0; |
|
198 |
|
199 fcntl(sockfd, F_SETFL, fl); |
|
200 if(fl & O_NONBLOCK) { |
|
201 errno = EINPROGRESS; |
|
202 err = -1; |
|
203 } |
|
204 } |
|
205 |
|
206 in_http_connect = 0; |
|
207 |
|
208 return err; |
|
209 } |
|
210 |
|
211 int cw_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen, int ssl) { |
|
212 int rc; |
|
213 struct sockaddr_in ba; |
|
214 |
|
215 if(bindaddr) |
|
216 if(strlen(bindaddr)) { |
|
217 #ifdef HAVE_INET_ATON |
|
218 struct in_addr addr; |
|
219 rc = inet_aton(bindaddr, &addr); |
|
220 ba.sin_addr.s_addr = addr.s_addr; |
|
221 #else |
|
222 rc = inet_pton(AF_INET, bindaddr, &ba); |
|
223 #endif |
|
224 |
|
225 if(rc) { |
|
226 ba.sin_port = 0; |
|
227 rc = bind(sockfd, (struct sockaddr *) &ba, sizeof(ba)); |
|
228 } else { |
|
229 rc = -1; |
|
230 } |
|
231 |
|
232 if(rc) return rc; |
|
233 } |
|
234 |
|
235 if(proxyhost && !in_http_connect) rc = cw_http_connect(sockfd, serv_addr, addrlen); |
|
236 else rc = connect(sockfd, serv_addr, addrlen); |
|
237 |
|
238 #ifdef HAVE_OPENSSL |
|
239 if(ssl && !rc) { |
|
240 sslsock *p = addsock(sockfd); |
|
241 if(SSL_connect(p->ssl) != 1) |
|
242 return -1; |
|
243 } |
|
244 #endif |
|
245 |
|
246 return rc; |
|
247 } |
|
248 |
|
249 int cw_nb_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen, int ssl, int *state) { |
|
250 int rc = 0; |
|
251 struct sockaddr_in ba; |
|
252 |
|
253 if(bindaddr) |
|
254 if(strlen(bindaddr)) { |
|
255 #ifdef HAVE_INET_ATON |
|
256 struct in_addr addr; |
|
257 rc = inet_aton(bindaddr, &addr); |
|
258 ba.sin_addr.s_addr = addr.s_addr; |
|
259 #else |
|
260 rc = inet_pton(AF_INET, bindaddr, &ba); |
|
261 #endif |
|
262 |
|
263 if(rc) { |
|
264 ba.sin_port = 0; |
|
265 rc = bind(sockfd, (struct sockaddr *) &ba, sizeof(ba)); |
|
266 } else { |
|
267 rc = -1; |
|
268 } |
|
269 |
|
270 if(rc) return rc; |
|
271 } |
|
272 |
|
273 #ifdef HAVE_OPENSSL |
|
274 if(ssl) { |
|
275 if ( !(*state & CW_CONNECT_WANT_SOMETHING)) |
|
276 rc = cw_connect(sockfd, serv_addr, addrlen, 0); |
|
277 else{ /* check if the socket is connected correctly */ |
|
278 int optlen = sizeof(int), optval; |
|
279 if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) || optval) |
|
280 return -1; |
|
281 } |
|
282 |
|
283 if(!rc) { |
|
284 sslsock *p; |
|
285 if (*state & CW_CONNECT_SSL) |
|
286 p = getsock(sockfd); |
|
287 else |
|
288 p = addsock(sockfd); |
|
289 |
|
290 rc = SSL_connect(p->ssl); |
|
291 switch(rc){ |
|
292 case 1: |
|
293 *state = 0; |
|
294 return 0; |
|
295 case 0: |
|
296 return -1; |
|
297 default: |
|
298 switch (SSL_get_error(p->ssl, rc)){ |
|
299 case SSL_ERROR_WANT_READ: |
|
300 *state = CW_CONNECT_SSL | CW_CONNECT_WANT_READ; |
|
301 return 0; |
|
302 case SSL_ERROR_WANT_WRITE: |
|
303 *state = CW_CONNECT_SSL | CW_CONNECT_WANT_WRITE; |
|
304 return 0; |
|
305 default: |
|
306 return -1; |
|
307 } |
|
308 } |
|
309 } |
|
310 else{ /* catch EINPROGRESS error from the connect call */ |
|
311 if (errno == EINPROGRESS){ |
|
312 *state = CW_CONNECT_STARTED | CW_CONNECT_WANT_WRITE; |
|
313 return 0; |
|
314 } |
|
315 } |
|
316 |
|
317 return rc; |
|
318 } |
|
319 #endif |
|
320 if ( !(*state & CW_CONNECT_WANT_SOMETHING)) |
|
321 rc = connect(sockfd, serv_addr, addrlen); |
|
322 else{ /* check if the socket is connected correctly */ |
|
323 int optlen = sizeof(int), optval; |
|
324 if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) || optval) |
|
325 return -1; |
|
326 *state = 0; |
|
327 return 0; |
|
328 } |
|
329 if (rc) |
|
330 if (errno == EINPROGRESS){ |
|
331 *state = CW_CONNECT_STARTED | CW_CONNECT_WANT_WRITE; |
|
332 return 0; |
|
333 } |
|
334 return rc; |
|
335 } |
|
336 |
|
337 int cw_accept(int s, struct sockaddr *addr, int *addrlen, int ssl) { |
|
338 #ifdef HAVE_OPENSSL |
|
339 int rc; |
|
340 |
|
341 if(ssl) { |
|
342 rc = accept(s, addr, addrlen); |
|
343 |
|
344 if(!rc) { |
|
345 sslsock *p = addsock(s); |
|
346 if(SSL_accept(p->ssl) != 1) |
|
347 return -1; |
|
348 |
|
349 } |
|
350 |
|
351 return rc; |
|
352 } |
|
353 #endif |
|
354 return accept(s, addr, addrlen); |
|
355 } |
|
356 |
|
357 int cw_write(int fd, const void *buf, int count, int ssl) { |
|
358 #ifdef HAVE_OPENSSL |
|
359 sslsock *p; |
|
360 |
|
361 if(ssl) |
|
362 if(p = getsock(fd)) |
|
363 return SSL_write(p->ssl, buf, count); |
|
364 #endif |
|
365 return write(fd, buf, count); |
|
366 } |
|
367 |
|
368 int cw_read(int fd, void *buf, int count, int ssl) { |
|
369 #ifdef HAVE_OPENSSL |
|
370 sslsock *p; |
|
371 |
|
372 if(ssl) |
|
373 if(p = getsock(fd)) |
|
374 return SSL_read(p->ssl, buf, count); |
|
375 #endif |
|
376 return read(fd, buf, count); |
|
377 } |
|
378 |
|
379 int cw_close(int fd) { |
|
380 #ifdef HAVE_OPENSSL |
|
381 delsock(fd); |
|
382 #endif |
|
383 close(fd); |
|
384 } |
|
385 |
|
386 #define FREEVAR(v) if(v) free(v), v = 0; |
|
387 |
|
388 void cw_setbind(const char *abindaddr) { |
|
389 FREEVAR(bindaddr); |
|
390 bindaddr = strdup(abindaddr); |
|
391 } |
|
392 |
|
393 void cw_setproxy(const char *aproxyhost, int aproxyport, const char *aproxyuser, const char *aproxypass) { |
|
394 FREEVAR(proxyhost); |
|
395 FREEVAR(proxyuser); |
|
396 FREEVAR(proxypass); |
|
397 |
|
398 if(aproxyhost && strlen(aproxyhost)) proxyhost = strdup(aproxyhost); |
|
399 if(aproxyuser && strlen(aproxyuser)) proxyuser = strdup(aproxyuser); |
|
400 if(aproxypass && strlen(aproxypass)) proxypass = strdup(aproxypass); |
|
401 proxyport = aproxyport; |
|
402 } |
|
403 |
|
404 char *cw_base64_encode(const char *in) { |
|
405 static char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._"; |
|
406 |
|
407 int j = 0; |
|
408 int inlen = strlen(in); |
|
409 char *out = (char *) malloc(inlen*4+1), c; |
|
410 |
|
411 for(out[0] = 0; inlen >= 3; inlen -= 3) { |
|
412 strncat(out, &base64digits[ in[j] >> 2 ], 1); |
|
413 strncat(out, &base64digits[ ((in[j] << 4) & 0x30) | (in[j+1] >> 4) ], 1); |
|
414 strncat(out, &base64digits[ ((in[j+1] << 2) & 0x3c) | (in[j+2] >> 6) ], 1); |
|
415 strncat(out, &base64digits[ in[j+2] & 0x3f ], 1); |
|
416 j += 3; |
|
417 } |
|
418 |
|
419 if(inlen > 0) { |
|
420 unsigned char fragment; |
|
421 |
|
422 strncat(out, &base64digits[in[j] >> 2], 1); |
|
423 fragment = (in[j] << 4) & 0x30; |
|
424 |
|
425 if(inlen > 1) |
|
426 fragment |= in[j+1] >> 4; |
|
427 |
|
428 strncat(out, &base64digits[fragment], 1); |
|
429 |
|
430 c = (inlen < 2) ? '-' : base64digits[ (in[j+1] << 2) & 0x3c ]; |
|
431 strncat(out, &c, 1); |
|
432 c = '-'; |
|
433 strncat(out, &c, 1); |
|
434 } |
|
435 |
|
436 return out; |
|
437 } |