25
|
1 #include "connwrap.h"
|
|
2
|
|
3 #include <netdb.h>
|
|
4 #include <string.h>
|
|
5 #include <netinet/in.h>
|
|
6 #include <errno.h>
|
|
7 #include <arpa/inet.h>
|
|
8 #include <fcntl.h>
|
|
9 #include <sys/time.h>
|
112
|
10 #include <unistd.h>
|
25
|
11
|
|
12 #define PROXY_TIMEOUT 10
|
|
13 // HTTP proxy timeout in seconds (for the CONNECT method)
|
|
14
|
|
15 #ifdef HAVE_OPENSSL
|
|
16
|
|
17 #define OPENSSL_NO_KRB5 1
|
|
18 #include <openssl/ssl.h>
|
|
19 #include <openssl/err.h>
|
|
20
|
134
|
21 #else
|
|
22 # ifdef HAVE_GNUTLS
|
|
23 # include <gnutls/openssl.h>
|
|
24 # define HAVE_OPENSSL
|
|
25 # endif
|
25
|
26 #endif
|
|
27
|
|
28 static int in_http_connect = 0;
|
|
29
|
|
30 #ifdef HAVE_OPENSSL
|
|
31
|
|
32 static SSL_CTX *ctx = 0;
|
|
33
|
|
34 typedef struct { int fd; SSL *ssl; } sslsock;
|
|
35
|
|
36 static sslsock *socks = 0;
|
|
37 static int sockcount = 0;
|
|
38
|
|
39 static sslsock *getsock(int fd) {
|
|
40 int i;
|
|
41
|
|
42 for(i = 0; i < sockcount; i++)
|
|
43 if(socks[i].fd == fd)
|
|
44 return &socks[i];
|
|
45
|
|
46 return 0;
|
|
47 }
|
|
48
|
|
49 static sslsock *addsock(int fd) {
|
|
50 sslsock *p;
|
|
51 socks = (sslsock *) realloc(socks, sizeof(sslsock)*++sockcount);
|
|
52
|
|
53 p = &socks[sockcount-1];
|
|
54
|
|
55 if(!ctx) {
|
|
56 SSL_library_init();
|
|
57 SSL_load_error_strings();
|
|
58
|
|
59 #ifdef HAVE_SSLEAY
|
|
60 SSLeay_add_all_algorithms();
|
|
61 #else
|
|
62 OpenSSL_add_all_algorithms();
|
|
63 #endif
|
|
64
|
134
|
65 //ctx = SSL_CTX_new(SSLv23_method());
|
|
66 ctx = SSL_CTX_new(SSLv23_client_method());
|
25
|
67 }
|
|
68
|
|
69 p->ssl = SSL_new(ctx);
|
|
70 SSL_set_fd(p->ssl, p->fd = fd);
|
|
71
|
|
72 return p;
|
|
73 }
|
|
74
|
|
75 static void delsock(int fd) {
|
|
76 int i, nsockcount;
|
|
77 sslsock *nsocks;
|
|
78
|
|
79 nsockcount = 0;
|
|
80 nsocks = (sslsock *) malloc(sizeof(sslsock)*(sockcount-1));
|
|
81
|
|
82 for(i = 0; i < sockcount; i++) {
|
|
83 if(socks[i].fd != fd) {
|
|
84 nsocks[nsockcount++] = socks[i];
|
|
85 } else {
|
|
86 SSL_free(socks[i].ssl);
|
|
87 }
|
|
88 }
|
|
89
|
|
90 free(socks);
|
|
91
|
|
92 socks = nsocks;
|
|
93 sockcount = nsockcount;
|
|
94 }
|
|
95
|
|
96 #endif
|
|
97
|
|
98 static char *bindaddr = 0, *proxyhost = 0, *proxyuser = 0, *proxypass = 0;
|
|
99 static int proxyport = 3128;
|
|
100 static int proxy_ssl = 0;
|
|
101
|
|
102 #define SOCKOUT(s) write(sockfd, s, strlen(s))
|
|
103
|
|
104 int cw_http_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen) {
|
|
105 int err, pos, fl;
|
|
106 struct hostent *server;
|
|
107 struct sockaddr_in paddr;
|
|
108 char buf[512];
|
|
109 fd_set rfds;
|
|
110
|
|
111 err = 0;
|
|
112 in_http_connect = 1;
|
|
113
|
|
114 if(!(server = gethostbyname(proxyhost))) {
|
|
115 errno = h_errno;
|
|
116 err = -1;
|
|
117 }
|
|
118
|
|
119 if(!err) {
|
|
120 memset(&paddr, 0, sizeof(paddr));
|
|
121 paddr.sin_family = AF_INET;
|
|
122 memcpy(&paddr.sin_addr.s_addr, *server->h_addr_list, server->h_length);
|
|
123 paddr.sin_port = htons(proxyport);
|
|
124
|
|
125 fl = fcntl(sockfd, F_GETFL);
|
|
126 fcntl(sockfd, F_SETFL, fl & ~O_NONBLOCK);
|
|
127
|
|
128 buf[0] = 0;
|
|
129
|
|
130 err = cw_connect(sockfd, (struct sockaddr *) &paddr, sizeof(paddr), proxy_ssl);
|
|
131 }
|
|
132
|
|
133 errno = ECONNREFUSED;
|
|
134
|
|
135 if(!err) {
|
|
136 struct sockaddr_in *sin = (struct sockaddr_in *) serv_addr;
|
|
137 char *ip = inet_ntoa(sin->sin_addr), c;
|
|
138 struct timeval tv;
|
|
139
|
|
140 sprintf(buf, "%d", ntohs(sin->sin_port));
|
|
141 SOCKOUT("CONNECT ");
|
|
142 SOCKOUT(ip);
|
|
143 SOCKOUT(":");
|
|
144 SOCKOUT(buf);
|
|
145 SOCKOUT(" HTTP/1.0\r\n");
|
|
146
|
|
147 if(proxyuser) {
|
|
148 char *b;
|
|
149 SOCKOUT("Proxy-Authorization: Basic ");
|
|
150
|
|
151 sprintf(buf, "%s:%s", proxyuser, proxypass);
|
|
152 b = cw_base64_encode(buf);
|
|
153 SOCKOUT(b);
|
|
154 free(b);
|
|
155
|
|
156 SOCKOUT("\r\n");
|
|
157 }
|
|
158
|
|
159 SOCKOUT("\r\n");
|
|
160
|
|
161 buf[0] = 0;
|
|
162
|
|
163 while(err != -1) {
|
|
164 FD_ZERO(&rfds);
|
|
165 FD_SET(sockfd, &rfds);
|
|
166
|
|
167 tv.tv_sec = PROXY_TIMEOUT;
|
|
168 tv.tv_usec = 0;
|
|
169
|
|
170 err = select(sockfd+1, &rfds, 0, 0, &tv);
|
|
171
|
|
172 if(err < 1) err = -1;
|
|
173
|
|
174 if(err != -1 && FD_ISSET(sockfd, &rfds)) {
|
|
175 err = read(sockfd, &c, 1);
|
|
176 if(!err) err = -1;
|
|
177
|
|
178 if(err != -1) {
|
|
179 pos = strlen(buf);
|
|
180 buf[pos] = c;
|
|
181 buf[pos+1] = 0;
|
|
182
|
|
183 if(strlen(buf) > 4)
|
|
184 if(!strcmp(buf+strlen(buf)-4, "\r\n\r\n"))
|
|
185 break;
|
|
186 }
|
|
187 }
|
|
188 }
|
|
189 }
|
|
190
|
|
191 if(err != -1 && strlen(buf)) {
|
|
192 char *p = strstr(buf, " ");
|
|
193
|
|
194 err = -1;
|
|
195
|
|
196 if(p)
|
|
197 if(atoi(++p) == 200)
|
|
198 err = 0;
|
|
199
|
|
200 fcntl(sockfd, F_SETFL, fl);
|
|
201 if(fl & O_NONBLOCK) {
|
|
202 errno = EINPROGRESS;
|
|
203 err = -1;
|
|
204 }
|
|
205 }
|
|
206
|
|
207 in_http_connect = 0;
|
|
208
|
|
209 return err;
|
|
210 }
|
|
211
|
|
212 int cw_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen, int ssl) {
|
|
213 int rc;
|
|
214 struct sockaddr_in ba;
|
|
215
|
|
216 if(bindaddr)
|
|
217 if(strlen(bindaddr)) {
|
|
218 #ifdef HAVE_INET_ATON
|
|
219 struct in_addr addr;
|
|
220 rc = inet_aton(bindaddr, &addr);
|
|
221 ba.sin_addr.s_addr = addr.s_addr;
|
|
222 #else
|
|
223 rc = inet_pton(AF_INET, bindaddr, &ba);
|
|
224 #endif
|
|
225
|
|
226 if(rc) {
|
|
227 ba.sin_port = 0;
|
|
228 rc = bind(sockfd, (struct sockaddr *) &ba, sizeof(ba));
|
|
229 } else {
|
|
230 rc = -1;
|
|
231 }
|
|
232
|
|
233 if(rc) return rc;
|
|
234 }
|
|
235
|
|
236 if(proxyhost && !in_http_connect) rc = cw_http_connect(sockfd, serv_addr, addrlen);
|
|
237 else rc = connect(sockfd, serv_addr, addrlen);
|
|
238
|
|
239 #ifdef HAVE_OPENSSL
|
|
240 if(ssl && !rc) {
|
|
241 sslsock *p = addsock(sockfd);
|
|
242 if(SSL_connect(p->ssl) != 1)
|
|
243 return -1;
|
|
244 }
|
|
245 #endif
|
|
246
|
|
247 return rc;
|
|
248 }
|
|
249
|
|
250 int cw_nb_connect(int sockfd, const struct sockaddr *serv_addr, int addrlen, int ssl, int *state) {
|
|
251 int rc = 0;
|
|
252 struct sockaddr_in ba;
|
|
253
|
|
254 if(bindaddr)
|
|
255 if(strlen(bindaddr)) {
|
|
256 #ifdef HAVE_INET_ATON
|
|
257 struct in_addr addr;
|
|
258 rc = inet_aton(bindaddr, &addr);
|
|
259 ba.sin_addr.s_addr = addr.s_addr;
|
|
260 #else
|
|
261 rc = inet_pton(AF_INET, bindaddr, &ba);
|
|
262 #endif
|
|
263
|
|
264 if(rc) {
|
|
265 ba.sin_port = 0;
|
|
266 rc = bind(sockfd, (struct sockaddr *) &ba, sizeof(ba));
|
|
267 } else {
|
|
268 rc = -1;
|
|
269 }
|
|
270
|
|
271 if(rc) return rc;
|
|
272 }
|
|
273
|
|
274 #ifdef HAVE_OPENSSL
|
|
275 if(ssl) {
|
|
276 if ( !(*state & CW_CONNECT_WANT_SOMETHING))
|
|
277 rc = cw_connect(sockfd, serv_addr, addrlen, 0);
|
|
278 else{ /* check if the socket is connected correctly */
|
|
279 int optlen = sizeof(int), optval;
|
|
280 if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) || optval)
|
|
281 return -1;
|
|
282 }
|
|
283
|
|
284 if(!rc) {
|
|
285 sslsock *p;
|
|
286 if (*state & CW_CONNECT_SSL)
|
|
287 p = getsock(sockfd);
|
|
288 else
|
|
289 p = addsock(sockfd);
|
|
290
|
|
291 rc = SSL_connect(p->ssl);
|
|
292 switch(rc){
|
|
293 case 1:
|
|
294 *state = 0;
|
|
295 return 0;
|
|
296 case 0:
|
|
297 return -1;
|
|
298 default:
|
|
299 switch (SSL_get_error(p->ssl, rc)){
|
|
300 case SSL_ERROR_WANT_READ:
|
|
301 *state = CW_CONNECT_SSL | CW_CONNECT_WANT_READ;
|
|
302 return 0;
|
|
303 case SSL_ERROR_WANT_WRITE:
|
|
304 *state = CW_CONNECT_SSL | CW_CONNECT_WANT_WRITE;
|
|
305 return 0;
|
|
306 default:
|
|
307 return -1;
|
|
308 }
|
|
309 }
|
|
310 }
|
|
311 else{ /* catch EINPROGRESS error from the connect call */
|
|
312 if (errno == EINPROGRESS){
|
|
313 *state = CW_CONNECT_STARTED | CW_CONNECT_WANT_WRITE;
|
|
314 return 0;
|
|
315 }
|
|
316 }
|
|
317
|
|
318 return rc;
|
|
319 }
|
|
320 #endif
|
|
321 if ( !(*state & CW_CONNECT_WANT_SOMETHING))
|
|
322 rc = connect(sockfd, serv_addr, addrlen);
|
|
323 else{ /* check if the socket is connected correctly */
|
|
324 int optlen = sizeof(int), optval;
|
|
325 if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) || optval)
|
|
326 return -1;
|
|
327 *state = 0;
|
|
328 return 0;
|
|
329 }
|
|
330 if (rc)
|
|
331 if (errno == EINPROGRESS){
|
|
332 *state = CW_CONNECT_STARTED | CW_CONNECT_WANT_WRITE;
|
|
333 return 0;
|
|
334 }
|
|
335 return rc;
|
|
336 }
|
|
337
|
|
338 int cw_accept(int s, struct sockaddr *addr, int *addrlen, int ssl) {
|
|
339 #ifdef HAVE_OPENSSL
|
|
340 int rc;
|
|
341
|
|
342 if(ssl) {
|
|
343 rc = accept(s, addr, addrlen);
|
|
344
|
|
345 if(!rc) {
|
|
346 sslsock *p = addsock(s);
|
|
347 if(SSL_accept(p->ssl) != 1)
|
|
348 return -1;
|
|
349
|
|
350 }
|
|
351
|
|
352 return rc;
|
|
353 }
|
|
354 #endif
|
|
355 return accept(s, addr, addrlen);
|
|
356 }
|
|
357
|
|
358 int cw_write(int fd, const void *buf, int count, int ssl) {
|
|
359 #ifdef HAVE_OPENSSL
|
|
360 sslsock *p;
|
|
361
|
|
362 if(ssl)
|
|
363 if(p = getsock(fd))
|
|
364 return SSL_write(p->ssl, buf, count);
|
|
365 #endif
|
|
366 return write(fd, buf, count);
|
|
367 }
|
|
368
|
|
369 int cw_read(int fd, void *buf, int count, int ssl) {
|
|
370 #ifdef HAVE_OPENSSL
|
|
371 sslsock *p;
|
|
372
|
|
373 if(ssl)
|
|
374 if(p = getsock(fd))
|
|
375 return SSL_read(p->ssl, buf, count);
|
|
376 #endif
|
|
377 return read(fd, buf, count);
|
|
378 }
|
|
379
|
|
380 int cw_close(int fd) {
|
|
381 #ifdef HAVE_OPENSSL
|
|
382 delsock(fd);
|
|
383 #endif
|
|
384 close(fd);
|
|
385 }
|
|
386
|
|
387 #define FREEVAR(v) if(v) free(v), v = 0;
|
|
388
|
|
389 void cw_setbind(const char *abindaddr) {
|
|
390 FREEVAR(bindaddr);
|
|
391 bindaddr = strdup(abindaddr);
|
|
392 }
|
|
393
|
|
394 void cw_setproxy(const char *aproxyhost, int aproxyport, const char *aproxyuser, const char *aproxypass) {
|
|
395 FREEVAR(proxyhost);
|
|
396 FREEVAR(proxyuser);
|
|
397 FREEVAR(proxypass);
|
|
398
|
|
399 if(aproxyhost && strlen(aproxyhost)) proxyhost = strdup(aproxyhost);
|
|
400 if(aproxyuser && strlen(aproxyuser)) proxyuser = strdup(aproxyuser);
|
|
401 if(aproxypass && strlen(aproxypass)) proxypass = strdup(aproxypass);
|
|
402 proxyport = aproxyport;
|
|
403 }
|
|
404
|
|
405 char *cw_base64_encode(const char *in) {
|
|
406 static char base64digits[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._";
|
|
407
|
|
408 int j = 0;
|
|
409 int inlen = strlen(in);
|
|
410 char *out = (char *) malloc(inlen*4+1), c;
|
|
411
|
|
412 for(out[0] = 0; inlen >= 3; inlen -= 3) {
|
|
413 strncat(out, &base64digits[ in[j] >> 2 ], 1);
|
|
414 strncat(out, &base64digits[ ((in[j] << 4) & 0x30) | (in[j+1] >> 4) ], 1);
|
|
415 strncat(out, &base64digits[ ((in[j+1] << 2) & 0x3c) | (in[j+2] >> 6) ], 1);
|
|
416 strncat(out, &base64digits[ in[j+2] & 0x3f ], 1);
|
|
417 j += 3;
|
|
418 }
|
|
419
|
|
420 if(inlen > 0) {
|
|
421 unsigned char fragment;
|
|
422
|
|
423 strncat(out, &base64digits[in[j] >> 2], 1);
|
|
424 fragment = (in[j] << 4) & 0x30;
|
|
425
|
|
426 if(inlen > 1)
|
|
427 fragment |= in[j+1] >> 4;
|
|
428
|
|
429 strncat(out, &base64digits[fragment], 1);
|
|
430
|
|
431 c = (inlen < 2) ? '-' : base64digits[ (in[j+1] << 2) & 0x3c ];
|
|
432 strncat(out, &c, 1);
|
|
433 c = '-';
|
|
434 strncat(out, &c, 1);
|
|
435 }
|
|
436
|
|
437 return out;
|
|
438 }
|