moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
curl/lib/socks.c

1034 lines
32 KiB
C
Raw Permalink Normal View History

standard curl source code headers
2006-09-23 15:09:39 -04:00
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
* Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
standard curl source code headers
2006-09-23 15:09:39 -04:00
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
curl.se: new home Closes #6172
2020-11-04 08:02:01 -05:00
* are also available at https://curl.se/docs/copyright.html.
standard curl source code headers
2006-09-23 15:09:39 -04:00
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-06 13:06:49 -05:00
#include "curl_setup.h"
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
SOCKS: truly disable it if CURL_DISABLE_PROXY is defined Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 Patch by: Marcel Raad
2012-09-06 14:51:30 -04:00
#if !defined(CURL_DISABLE_PROXY)
Compiler warning fix
2006-09-24 19:55:53 -04:00
Include some possible dependencies of arpa/inet.h
2007-02-21 13:05:38 -05:00
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
Include network byte order conversion macros on Minix.
2007-02-20 12:31:20 -05:00
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
Compiler warning fix
2006-09-24 19:55:53 -04:00
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03 20:50:28 -05:00
#include "urldata.h"
#include "sendf.h"
#include "select.h"
#include "connect.h"
#include "timeval.h"
#include "socks.h"
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#include "multiif.h" /* for getsock macros */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: Fix destination host shown on SOCKS5 error Prior to this change when a server returned a socks5 connect error then curl would parse the destination address:port from that data and show it to the user as the destination: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved) * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) That's incorrect because the address:port included in the connect error is actually a bind address:port (typically unused) and not the destination address:port. This fix changes curl to show the destination information that curl sent to the server instead: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved) * Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to google.com:99 (remotely resolved) * Can't complete SOCKS5 connection to google.com:99. (1) curl: (7) Can't complete SOCKS5 connection to google.com:99. (1) Ref: https://tools.ietf.org/html/rfc1928#section-6 Closes https://github.com/curl/curl/pull/4394
2019-09-21 03:39:21 -04:00
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03 20:50:28 -05:00
#include "memdebug.h"
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/*
* Helper read-from-socket functions. Does the same as Curl_read() but it
* blocks until all bytes amount of buffersize will be read. No more, no less.
*
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
* This is STUPID BLOCKING behavior. Only used by the SOCKS GSSAPI functions.
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
*/
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
int Curl_blockread_all(struct Curl_easy *data, /* transfer */
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
curl_socket_t sockfd, /* read from this socket */
char *buf, /* store read data here */
ssize_t buffersize, /* max amount to read */
SOCKS: fix the connect timeout The connect timeout logic when using SOCKS was done wrong Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html Reported by: "Spoon Man"
2011-08-08 05:10:17 -04:00
ssize_t *n) /* amount bytes read */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
{
source: fix two 'nread' may be used uninitialized warnings Both seem to be false positives but we don't like warnings. Closes #3646
2019-03-05 03:37:53 -05:00
ssize_t nread = 0;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
ssize_t allread = 0;
int result;
*n = 0;
Fix compiler warning: conditional expression is constant
2010-02-02 11:25:07 -05:00
for(;;) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
socks: Fix blocking timeout logic - Document in Curl_timeleft's comment block that returning 0 signals no timeout (ie there's infinite time left). - Fix SOCKS' Curl_blockread_all for the case when no timeout was set. Prior to this change if the timeout had a value of 0 and that was passed to SOCKET_READABLE it would return right away instead of blocking. That was likely because it was not well understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms but actually means no timeout. Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360 Closes https://github.com/curl/curl/pull/5220
2020-04-11 23:19:55 -04:00
if(timeout_ms < 0) {
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/* we already got the timeout */
sendrecv: split the I/O handling into private handler Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently.
2010-05-07 09:05:34 -04:00
result = CURLE_OPERATION_TIMEDOUT;
Compiler warning fix
2006-10-26 22:18:29 -04:00
break;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
select: make Curl_socket_check take timediff_t timeout Coverity found CID 1461718: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "timeout_ms > 9223372036854775807L" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". Closes #5240
2020-04-15 04:27:20 -04:00
if(!timeout_ms)
timeouts: move ms timeouts to timediff_t from int and long Now that all functions in select.[ch] take timediff_t instead of the limited int or long, we can remove type conversions and related preprocessor checks to silence compiler warnings. Avoiding conversions from time_t was already done in 842f73de. Based upon #5262 Supersedes #5214, #5220 and #5221 Follow up to #5343 and #5479 Closes #5490
2020-06-01 02:49:20 -04:00
timeout_ms = TIMEDIFF_T_MAX;
select: make Curl_socket_check take timediff_t timeout Coverity found CID 1461718: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "timeout_ms > 9223372036854775807L" is always false regardless of the values of its operands. This occurs as the logical second operand of "||". Closes #5240
2020-04-15 04:27:20 -04:00
if(SOCKET_READABLE(sockfd, timeout_ms) <= 0) {
Compiler warning fix
2006-10-26 22:18:29 -04:00
result = ~CURLE_OK;
break;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
- Made the SOCKS code use the new Curl_read_plain() function to fix the bug Markus Moeller reported: http://curl.haxx.se/mail/archive-2008-09/0016.html - recv() errors other than those equal to EAGAIN now cause proper CURLE_RECV_ERROR to get returned. This made test case 160 fail so I've now disabled it until we can figure out another way to exercise that logic.
2008-09-22 19:12:00 -04:00
result = Curl_read_plain(sockfd, buf, buffersize, &nread);
sendrecv: split the I/O handling into private handler Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently.
2010-05-07 09:05:34 -04:00
if(CURLE_AGAIN == result)
continue;
Improve code readbility ... by removing the else branch after a return, break or continue. Closes #1310
2017-03-10 08:28:37 -05:00
if(result)
Compiler warning fix
2006-10-26 22:18:29 -04:00
break;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
if(buffersize == nread) {
allread += nread;
*n = allread;
Compiler warning fix
2006-10-26 22:18:29 -04:00
result = CURLE_OK;
break;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
if we read zero bytes from the proxy, the connection is broken and we need to bail out
2007-06-05 09:42:23 -04:00
if(!nread) {
result = ~CURLE_OK;
break;
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
buffersize -= nread;
buf += nread;
allread += nread;
Fix compiler warning: conditional expression is constant
2010-02-02 11:25:07 -05:00
}
Compiler warning fix
2006-10-26 22:18:29 -04:00
return result;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#endif
#ifndef DEBUGBUILD
#define sxstate(x,y) socksstate(x,y)
#else
#define sxstate(x,y) socksstate(x,y, __LINE__)
#endif
/* always use this function to change state, to make debugging easier */
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
static void socksstate(struct Curl_easy *data,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
enum connect_t state
#ifdef DEBUGBUILD
, int lineno
#endif
)
{
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
struct connectdata *conn = data->conn;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
enum connect_t oldstate = conn->cnnct.state;
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
/* synced with the state list in urldata.h */
static const char * const statename[] = {
"INIT",
"SOCKS_INIT",
"SOCKS_SEND",
"SOCKS_READ_INIT",
"SOCKS_READ",
"GSSAPI_INIT",
"AUTH_INIT",
"AUTH_SEND",
"AUTH_READ",
"REQ_INIT",
"RESOLVING",
"RESOLVED",
"RESOLVE_REMOTE",
"REQ_SEND",
"REQ_SENDING",
"REQ_READ",
"REQ_READ_MORE",
"DONE"
};
#endif
if(oldstate == state)
/* don't bother when the new state is the same as the old state */
return;
conn->cnnct.state = state;
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
infof(data,
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
"SXSTATE: %s => %s conn %p; line %d",
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
statename[oldstate], statename[conn->cnnct.state], conn,
lineno);
#endif
}
int Curl_SOCKS_getsock(struct connectdata *conn, curl_socket_t *sock,
int sockindex)
{
int rc = 0;
sock[0] = conn->sock[sockindex];
switch(conn->cnnct.state) {
case CONNECT_RESOLVING:
case CONNECT_SOCKS_READ:
case CONNECT_AUTH_READ:
case CONNECT_REQ_READ:
case CONNECT_REQ_READ_MORE:
rc = GETSOCK_READSOCK(0);
break;
default:
rc = GETSOCK_WRITESOCK(0);
break;
}
return rc;
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/*
* This function logs in to a SOCKS4 proxy and sends the specifics to the final
* destination server.
*
* Reference :
URL and mailmap updates, remove an obsolete directory [ci skip] Closes https://github.com/curl/curl/pull/3031
2018-09-22 03:58:05 -04:00
* https://www.openssh.com/txt/socks4.protocol
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
*
* Note :
Richard Atterer brought a patch that added support for SOCKS4a proxies, which is an inofficial PROXY4 variant that sends the hostname to the proxy instead of the resolved address (which is already supported by SOCKS5). --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can now be set to CURLPROXY_SOCKS4A as well.
2008-01-02 16:40:11 -05:00
* Set protocol4a=true for "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
* Nonsupport "Identification Protocol (RFC1413)"
*/
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
CURLproxycode Curl_SOCKS4(const char *proxy_user,
const char *hostname,
int remote_port,
int sockindex,
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
struct Curl_easy *data,
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
bool *done)
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
{
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
struct connectdata *conn = data->conn;
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
const bool protocol4a =
(conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE;
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
unsigned char *socksreq = (unsigned char *)data->state.buffer;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
CURLcode result;
curl_socket_t sockfd = conn->sock[sockindex];
struct connstate *sx = &conn->cnnct;
struct Curl_dns_entry *dns = NULL;
ssize_t actualread;
ssize_t written;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
/* make sure that the buffer is at least 600 bytes */
DEBUGASSERT(READBUFFER_MIN >= 600);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(!SOCKS_STATE(sx->state) && !*done)
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_SOCKS_INIT);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
switch(sx->state) {
case CONNECT_SOCKS_INIT:
socks4: fix host resolve regression 1. The socks4 state machine was broken in the host resolving phase 2. The code now insists on IPv4-only when using SOCKS4 as the protocol only supports that. Regression from #4907 and 4a4b63d, shipped in 7.69.0 Reported-by: amishmm on github Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594 Closes #5061
2020-03-08 12:24:50 -04:00
/* SOCKS4 can only do IPv4, insist! */
conn->ip_version = CURL_IPRESOLVE_V4;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(conn->bits.httpproxy)
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS4%s: connecting to HTTP proxy %s port %d",
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
protocol4a ? "a" : "", hostname, remote_port);
FTP: make the data connection work when going through proxy This is a regression since the switch to always-multi internally c43127414d89c. Test 1316 was modified since we now clearly call the Curl_client_write() function when doing the LIST transfer part and then the handler->protocol says FTP and ftpc.transfertype is 'A' which implies text converting even though that the response is initially a HTTP CONNECT response in this case.
2013-10-26 14:19:27 -04:00
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS4 communication to %s:%d", hostname, remote_port);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/*
* Compose socks4 request
*
* Request format
*
* +----+----+----+----+----+----+----+----+----+----+....+----+
* | VN | CD | DSTPORT | DSTIP | USERID |NULL|
* +----+----+----+----+----+----+----+----+----+----+....+----+
* # of bytes: 1 1 2 4 variable 1
*/
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
socksreq[0] = 4; /* version (SOCKS4) */
socksreq[1] = 1; /* connect */
socksreq[2] = (unsigned char)((remote_port >> 8) & 0xff); /* PORT MSB */
socksreq[3] = (unsigned char)(remote_port & 0xff); /* PORT LSB */
/* DNS resolve only for SOCKS4, not SOCKS4a */
if(!protocol4a) {
enum resolve_t rc =
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
Curl_resolv(data, hostname, remote_port, FALSE, &dns);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(rc == CURLRESOLV_ERROR)
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RESOLVE_HOST;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
else if(rc == CURLRESOLV_PENDING) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_RESOLVING);
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS4 non-blocking resolve of %s", hostname);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_RESOLVED);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_RESOLVED;
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* socks4a doesn't resolve anything locally */
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_INIT);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_REQ_INIT;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
case CONNECT_RESOLVING:
/* check if we have the name resolved by now */
hostip/proxy: remove conn->data use Closes #6513
2021-01-24 17:41:58 -05:00
dns = Curl_fetch_addr(data, hostname, (int)conn->port);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(dns) {
#ifdef CURLRES_ASYNCH
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
data->state.async.dns = dns;
data->state.async.done = TRUE;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#endif
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "Hostname '%s' was found", hostname);
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_RESOLVED);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
else {
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
result = Curl_resolv_check(data, &dns);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
if(!dns) {
if(result)
return CURLPX_RESOLVE_HOST;
return CURLPX_OK;
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
/* FALLTHROUGH */
CONNECT_RESOLVED:
case CONNECT_RESOLVED: {
source cleanup: remove all custom typedef structs - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
2020-05-13 18:05:04 -04:00
struct Curl_addrinfo *hp = NULL;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/*
* We cannot use 'hostent' as a struct that Curl_resolv() returns. It
* returns a Curl_addrinfo pointer that may not always look the same.
*/
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
if(dns) {
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
hp = dns->addr;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
/* scan for the first IPv4 address */
while(hp && (hp->ai_family != AF_INET))
hp = hp->ai_next;
if(hp) {
socks.c: align SOCKS4 connection sequence with SOCKS5 Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
2016-08-20 15:12:34 -04:00
struct sockaddr_in *saddr_in;
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
char buf[64];
Curl_printable_address(hp, buf, sizeof(buf));
socks.c: align SOCKS4 connection sequence with SOCKS5 Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
2016-08-20 15:12:34 -04:00
checksrc: white space edits to comply to stricter checksrc
2016-11-23 02:30:18 -05:00
saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr;
socksreq[4] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[0];
socksreq[5] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[1];
socksreq[6] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[2];
socksreq[7] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[3];
socks.c: align SOCKS4 connection sequence with SOCKS5 Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
2016-08-20 15:12:34 -04:00
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS4 connect to IPv4 %s (locally resolved)", buf);
FTP: make the data connection work when going through proxy This is a regression since the switch to always-multi internally c43127414d89c. Test 1316 was modified since we now clearly call the Curl_client_write() function when doing the LIST transfer part and then the handler->protocol says FTP and ftpc.transfertype is 'A' which implies text converting even though that the response is initially a HTTP CONNECT response in this case.
2013-10-26 14:19:27 -04:00
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
}
else
failf(data, "SOCKS4 connection to %s not supported", hostname);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
else
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
- Robson Braga Araujo made passive FTP transfers work with SOCKS (both 4 and 5).
2007-02-19 06:53:54 -05:00
hostname);
socks4: scan for the IPv4 address in resolve results Follow-up to 84d2839740 which changed the resolving to always resolve both address families, but since SOCKS4 only supports IPv4 it should scan for and use the first available IPv4 address. Reported-by: shithappens2016 on github Fixes #7345 Closes #7346
2021-07-05 07:28:26 -04:00
if(!hp)
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RESOLVE_HOST;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
CONNECT_REQ_INIT:
case CONNECT_REQ_INIT:
/*
* This is currently not supporting "Identification Protocol (RFC1413)".
*/
socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
if(proxy_user) {
size_t plen = strlen(proxy_user);
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
if(plen >= (size_t)data->set.buffer_size - 8) {
failf: remove newline from formatting strings ... as failf adds one itself. Also: add an assert() to failf() that triggers on a newline in the format string! Closes #6365
2020-12-23 17:41:13 -05:00
failf(data, "Too long SOCKS proxy user name, can't use!");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_LONG_USER;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
/* copy the proxy name WITH trailing zero */
memcpy(socksreq + 8, proxy_user, plen + 1);
strlcat: remove function This function was only used twice, both in places where performance isn't crucial (socks + if2ip). Removing the use of this function removes the need to have our private version for systems without it == reduced amount of code. Also, in the SOCKS case it is clearly better to fail gracefully rather than to truncate the results. This work was triggered by a bug report on the strcal prototype in strequal.h. strlcat was added in commit db70cd28 in February 2001! Bug: http://curl.haxx.se/bug/view.cgi?id=1192 Reported by: Jeremy Huddleston
2013-02-13 07:18:43 -05:00
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/*
* Make connection
*/
{
socks: use size_t for size variable Use the unsigned type (size_t) in the arithmetic of pointers. In this context, the signed type (ssize_t) is used unnecessarily. Authored-by: ihsinme on github Closes #5654
2020-07-05 08:19:25 -04:00
size_t packetsize = 9 +
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
strlen((char *)socksreq + 8); /* size including NUL */
/* If SOCKS4a, set special invalid IP address 0.0.0.x */
if(protocol4a) {
socks: use size_t for size variable Use the unsigned type (size_t) in the arithmetic of pointers. In this context, the signed type (ssize_t) is used unnecessarily. Authored-by: ihsinme on github Closes #5654
2020-07-05 08:19:25 -04:00
size_t hostnamelen = 0;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
socksreq[4] = 0;
socksreq[5] = 0;
socksreq[6] = 0;
socksreq[7] = 1;
/* append hostname */
socks: use size_t for size variable Use the unsigned type (size_t) in the arithmetic of pointers. In this context, the signed type (ssize_t) is used unnecessarily. Authored-by: ihsinme on github Closes #5654
2020-07-05 08:19:25 -04:00
hostnamelen = strlen(hostname) + 1; /* length including NUL */
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(hostnamelen <= 255)
strcpy((char *)socksreq + packetsize, hostname);
else {
failf(data, "SOCKS4: too long host name");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_LONG_HOSTNAME;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
packetsize += hostnamelen;
}
sx->outp = socksreq;
sx->outstanding = packetsize;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_SENDING);
Richard Atterer brought a patch that added support for SOCKS4a proxies, which is an inofficial PROXY4 variant that sends the hostname to the proxy instead of the resolved address (which is already supported by SOCKS5). --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can now be set to CURLPROXY_SOCKS4A as well.
2008-01-02 16:40:11 -05:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_REQ_SENDING:
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/* Send request */
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
result = Curl_write_plain(data, sockfd, (char *)sx->outp,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding, &written);
if(result && (CURLE_AGAIN != result)) {
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
failf(data, "Failed to send SOCKS4 connect request.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_SEND_CONNECT;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(written != sx->outstanding) {
/* not done, remain in state */
sx->outstanding -= written;
sx->outp += written;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
Richard Atterer brought a patch that added support for SOCKS4a proxies, which is an inofficial PROXY4 variant that sends the hostname to the proxy instead of the resolved address (which is already supported by SOCKS5). --socks4a is the curl command line option for it and CURLOPT_PROXYTYPE can now be set to CURLPROXY_SOCKS4A as well.
2008-01-02 16:40:11 -05:00
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* done sending! */
sx->outstanding = 8; /* receive data size */
sx->outp = socksreq;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_SOCKS_READ);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_SOCKS_READ:
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/* Receive response */
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
result = Curl_read_plain(sockfd, (char *)sx->outp,
sx->outstanding, &actualread);
if(result && (CURLE_AGAIN != result)) {
failf(data, "SOCKS4: Failed receiving connect request ack: %s",
curl_easy_strerror(result));
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RECV_CONNECT;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
else if(!result && !actualread) {
/* connection closed */
failf(data, "connection to proxy closed");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_CLOSED;
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
else if(actualread != sx->outstanding) {
/* remain in reading state */
sx->outstanding -= actualread;
sx->outp += actualread;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_DONE);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
break;
default: /* lots of unused states in SOCKS4 */
break;
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/*
* Response format
*
* +----+----+----+----+----+----+----+----+
* | VN | CD | DSTPORT | DSTIP |
* +----+----+----+----+----+----+----+----+
* # of bytes: 1 1 2 4
*
* VN is the version of the reply code and should be 0. CD is the result
* code with one of the following values:
*
* 90: request granted
* 91: request rejected or failed
* 92: request rejected because SOCKS server cannot connect to
* identd on the client
* 93: request rejected because the client program and identd
* report different user-ids
*/
/* wrong version ? */
tidy-up: make conditional checks more consistent ... remove '== NULL' and '!= 0' Closes #6912
2021-04-19 04:46:11 -04:00
if(socksreq[0]) {
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
failf(data,
"SOCKS4 reply has wrong version, version should be 0.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_BAD_VERSION;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* Result */
switch(socksreq[1]) {
case 90:
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS4%s request granted.", protocol4a?"a":"");
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
break;
case 91:
failf(data,
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
", request rejected or failed.",
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
socksreq[4], socksreq[5], socksreq[6], socksreq[7],
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
(((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
(unsigned char)socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_REQUEST_FAILED;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
case 92:
failf(data,
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
", request rejected because SOCKS server cannot connect to "
"identd on the client.",
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
socksreq[4], socksreq[5], socksreq[6], socksreq[7],
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
(((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
(unsigned char)socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_IDENTD;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
case 93:
failf(data,
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
", request rejected because the client program and identd "
"report different user-ids.",
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
socksreq[4], socksreq[5], socksreq[6], socksreq[7],
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
(((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
(unsigned char)socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_IDENTD_DIFFER;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
default:
failf(data,
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
", Unknown.",
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
socksreq[4], socksreq[5], socksreq[6], socksreq[7],
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
(((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
(unsigned char)socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_UNKNOWN_FAIL;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
*done = TRUE;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK; /* Proxy was successful! */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
/*
* This function logs in to a SOCKS5 proxy and sends the specifics to the final
* destination server.
*/
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
CURLproxycode Curl_SOCKS5(const char *proxy_user,
const char *proxy_password,
const char *hostname,
int remote_port,
int sockindex,
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
struct Curl_easy *data,
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
bool *done)
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
{
/*
According to the RFC1928, section "6. Replies". This is what a SOCK5
replies:
+----+-----+-------+------+----------+----------+
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
+----+-----+-------+------+----------+----------+
| 1 | 1 | X'00' | 1 | Variable | 2 |
+----+-----+-------+------+----------+----------+
Where:
o VER protocol version: X'05'
o REP Reply field:
o X'00' succeeded
*/
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
struct connectdata *conn = data->conn;
socks: use the download buffer instead The SOCKS code now uses the generic download buffer for temporary storage during the connection procedure, instead of having its own private 600 byte buffer that adds to the connectdata struct size. This works fine because this point the buffer is allocated but is not use for download yet since the connection hasn't completed. This reduces the connection struct size by 22% on a 64bit arch! The SOCKS buffer needs to be at least 600 bytes, and the download buffer is guaranteed to never be smaller than 1000 bytes. Closes #6491
2021-01-19 09:30:59 -05:00
unsigned char *socksreq = (unsigned char *)data->state.buffer;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
char dest[256] = "unknown"; /* printable hostname:port */
socks: deduplicate the code for auth request
2017-03-08 06:16:01 -05:00
int idx;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
ssize_t actualread;
ssize_t written;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
CURLcode result;
curl_socket_t sockfd = conn->sock[sockindex];
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
bool socks5_resolve_local =
(conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
2008-01-04 18:01:00 -05:00
const size_t hostname_len = strlen(hostname);
lib/socks.c: Merged two size variables into one
2012-10-04 15:27:46 -04:00
ssize_t len = 0;
CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454
2017-04-27 09:18:49 -04:00
const unsigned long auth = data->set.socks5auth;
bool allow_gssapi = FALSE;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
struct connstate *sx = &conn->cnnct;
struct Curl_dns_entry *dns = NULL;
if(!SOCKS_STATE(sx->state) && !*done)
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_SOCKS_INIT);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
switch(sx->state) {
case CONNECT_SOCKS_INIT:
if(conn->bits.httpproxy)
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5: connecting to HTTP proxy %s port %d",
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
hostname, remote_port);
/* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
if(!socks5_resolve_local && hostname_len > 255) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
infof(data, "SOCKS5: server resolving disabled for hostnames of "
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
"length > 255 [actual len=%zu]", hostname_len);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
socks5_resolve_local = TRUE;
}
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
2008-01-04 18:01:00 -05:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
infof(data,
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
"warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %lu",
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
auth);
if(!(auth & CURLAUTH_BASIC))
/* disable username/password auth */
proxy_user = NULL;
CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454
2017-04-27 09:18:49 -04:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(auth & CURLAUTH_GSSAPI)
allow_gssapi = TRUE;
CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy auth If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454
2017-04-27 09:18:49 -04:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
idx = 0;
socksreq[idx++] = 5; /* version */
idx++; /* number of authentication methods */
socksreq[idx++] = 0; /* no authentication */
if(allow_gssapi)
socksreq[idx++] = 1; /* GSS-API */
if(proxy_user)
socksreq[idx++] = 2; /* username/password */
/* write the number of authentication methods */
socksreq[1] = (unsigned char) (idx - 2);
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
result = Curl_write_plain(data, sockfd, (char *)socksreq, idx, &written);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(result && (CURLE_AGAIN != result)) {
failf(data, "Unable to send initial SOCKS5 request.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_SEND_CONNECT;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
if(written != idx) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_SOCKS_SEND);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding = idx - written;
sx->outp = &socksreq[written];
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_SOCKS_READ);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_SOCKS_READ_INIT;
case CONNECT_SOCKS_SEND:
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
result = Curl_write_plain(data, sockfd, (char *)sx->outp,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding, &written);
if(result && (CURLE_AGAIN != result)) {
failf(data, "Unable to send initial SOCKS5 request.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_SEND_CONNECT;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
if(written != sx->outstanding) {
/* not done, remain in state */
sx->outstanding -= written;
sx->outp += written;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
/* FALLTHROUGH */
CONNECT_SOCKS_READ_INIT:
case CONNECT_SOCKS_READ_INIT:
sx->outstanding = 2; /* expect two bytes */
sx->outp = socksreq; /* store it here */
/* FALLTHROUGH */
case CONNECT_SOCKS_READ:
result = Curl_read_plain(sockfd, (char *)sx->outp,
sx->outstanding, &actualread);
if(result && (CURLE_AGAIN != result)) {
failf(data, "Unable to receive initial SOCKS5 response.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RECV_CONNECT;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
else if(!result && !actualread) {
/* connection closed */
failf(data, "Connection to proxy closed");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_CLOSED;
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
else if(actualread != sx->outstanding) {
/* remain in reading state */
sx->outstanding -= actualread;
sx->outp += actualread;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
else if(socksreq[0] != 5) {
failf(data, "Received invalid version in initial SOCKS5 response.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_BAD_VERSION;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
else if(socksreq[1] == 0) {
/* DONE! No authentication needed. Send request. */
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_INIT);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_REQ_INIT;
}
else if(socksreq[1] == 2) {
/* regular name + password authentication */
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_AUTH_INIT);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_AUTH_INIT;
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
else if(allow_gssapi && (socksreq[1] == 1)) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_GSSAPI_INIT);
result = Curl_SOCKS5_gssapi_negotiate(sockindex, data);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(result) {
failf(data, "Unable to negotiate SOCKS5 GSS-API context.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_GSSAPI;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
}
#endif
else {
/* error */
if(!allow_gssapi && (socksreq[1] == 1)) {
failf(data,
"SOCKS5 GSSAPI per-message authentication is not supported.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_GSSAPI_PERMSG;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
else if(socksreq[1] == 255) {
failf(data, "No authentication method was acceptable.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_NO_AUTH;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
}
socks: remove unreachable breaks in socks.c and mime.c Closes #5537
2020-06-08 02:42:25 -04:00
failf(data,
"Undocumented SOCKS5 mode attempted to be used by server.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_UNKNOWN_MODE;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
case CONNECT_GSSAPI_INIT:
/* GSSAPI stuff done non-blocking */
break;
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
default: /* do nothing! */
break;
CONNECT_AUTH_INIT:
case CONNECT_AUTH_INIT: {
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/* Needs user name and password */
socks: use proxy_user instead of proxy_name ... to make it obvious what the data is used for
2017-03-08 06:21:09 -05:00
size_t proxy_user_len, proxy_password_len;
if(proxy_user && proxy_password) {
proxy_user_len = strlen(proxy_user);
lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04 14:17:49 -04:00
proxy_password_len = strlen(proxy_password);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
else {
socks: use proxy_user instead of proxy_name ... to make it obvious what the data is used for
2017-03-08 06:21:09 -05:00
proxy_user_len = 0;
lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04 14:17:49 -04:00
proxy_password_len = 0;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
/* username/password request looks like
* +----+------+----------+------+----------+
* |VER | ULEN | UNAME | PLEN | PASSWD |
* +----+------+----------+------+----------+
* | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
* +----+------+----------+------+----------+
*/
len = 0;
socksreq[len++] = 1; /* username/pw subnegotiation version */
socks: use proxy_user instead of proxy_name ... to make it obvious what the data is used for
2017-03-08 06:21:09 -05:00
socksreq[len++] = (unsigned char) proxy_user_len;
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
if(proxy_user && proxy_user_len) {
/* the length must fit in a single byte */
if(proxy_user_len >= 255) {
failf(data, "Excessive user name length for proxy auth");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_LONG_USER;
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
}
socks: use proxy_user instead of proxy_name ... to make it obvious what the data is used for
2017-03-08 06:21:09 -05:00
memcpy(socksreq + len, proxy_user, proxy_user_len);
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
}
socks: use proxy_user instead of proxy_name ... to make it obvious what the data is used for
2017-03-08 06:21:09 -05:00
len += proxy_user_len;
lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04 14:17:49 -04:00
socksreq[len++] = (unsigned char) proxy_password_len;
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
if(proxy_password && proxy_password_len) {
/* the length must fit in a single byte */
if(proxy_password_len > 255) {
failf(data, "Excessive password length for proxy auth");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_LONG_PASSWD;
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
}
lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04 14:17:49 -04:00
memcpy(socksreq + len, proxy_password, proxy_password_len);
socks5: user name and passwords must be shorter than 256 bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-05 16:50:22 -04:00
}
lib/socks.c: Avoid type conversions where possible Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04 14:17:49 -04:00
len += proxy_password_len;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_AUTH_SEND);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding = len;
sx->outp = socksreq;
}
/* FALLTHROUGH */
case CONNECT_AUTH_SEND:
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
result = Curl_write_plain(data, sockfd, (char *)sx->outp,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding, &written);
if(result && (CURLE_AGAIN != result)) {
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
failf(data, "Failed to send SOCKS5 sub-negotiation request.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_SEND_AUTH;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(sx->outstanding != written) {
/* remain in state */
sx->outstanding -= written;
sx->outp += written;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
sx->outp = socksreq;
sx->outstanding = 2;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_AUTH_READ);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_AUTH_READ:
result = Curl_read_plain(sockfd, (char *)sx->outp,
sx->outstanding, &actualread);
if(result && (CURLE_AGAIN != result)) {
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RECV_AUTH;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
else if(!result && !actualread) {
/* connection closed */
failf(data, "connection to proxy closed");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_CLOSED;
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
}
else if(actualread != sx->outstanding) {
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* remain in state */
sx->outstanding -= actualread;
sx->outp += actualread;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
/* ignore the first (VER) byte */
tidy-up: make conditional checks more consistent ... remove '== NULL' and '!= 0' Closes #6912
2021-04-19 04:46:11 -04:00
else if(socksreq[1]) { /* status */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
socksreq[0], socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_USER_REJECTED;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
/* Everything is good so far, user was authenticated! */
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_INIT);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
CONNECT_REQ_INIT:
case CONNECT_REQ_INIT:
if(socks5_resolve_local) {
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
enum resolve_t rc = Curl_resolv(data, hostname, remote_port,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
FALSE, &dns);
if(rc == CURLRESOLV_ERROR)
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RESOLVE_HOST;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(rc == CURLRESOLV_PENDING) {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_RESOLVING);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_RESOLVED);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_RESOLVED;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
goto CONNECT_RESOLVE_REMOTE;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
case CONNECT_RESOLVING:
/* check if we have the name resolved by now */
hostip/proxy: remove conn->data use Closes #6513
2021-01-24 17:41:58 -05:00
dns = Curl_fetch_addr(data, hostname, remote_port);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(dns) {
#ifdef CURLRES_ASYNCH
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
data->state.async.dns = dns;
data->state.async.done = TRUE;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#endif
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5: hostname '%s' found", hostname);
SOCKS5: when name resolves fail return immediately This makes the code flow more obvious and reacts on the return code properly, even if the code acted the same way before.
2010-04-16 16:58:04 -04:00
}
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(!dns) {
hostip: remove conn->data from resolver functions This also moves the 'async' struct from the connectdata struct into the Curl_easy struct, which seems like a better home for it. Closes #6497
2021-01-20 04:15:43 -05:00
result = Curl_resolv_check(data, &dns);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
if(!dns) {
if(result)
return CURLPX_RESOLVE_HOST;
return CURLPX_OK;
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
/* FALLTHROUGH */
CONNECT_RESOLVED:
case CONNECT_RESOLVED: {
source cleanup: remove all custom typedef structs - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
2020-05-13 18:05:04 -04:00
struct Curl_addrinfo *hp = NULL;
hostip: make Curl_printable_address not return anything It was not used much anyway and instead we let it store a blank buffer in case of failure. Reported-by: MonocleAI Fixes #5411 Closes #5418
2020-05-18 12:41:20 -04:00
size_t destlen;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
if(dns)
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
hp = dns->addr;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(!hp) {
failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
hostname);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RESOLVE_HOST;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
socks.c: use Curl_printable_address in SOCKS5 connection sequence Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
2016-08-20 15:14:46 -04:00
hostip: make Curl_printable_address not return anything It was not used much anyway and instead we let it store a blank buffer in case of failure. Reported-by: MonocleAI Fixes #5411 Closes #5418
2020-05-18 12:41:20 -04:00
Curl_printable_address(hp, dest, sizeof(dest));
destlen = strlen(dest);
msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port);
socks.c: use Curl_printable_address in SOCKS5 connection sequence Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
2016-08-20 15:14:46 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
len = 0;
socksreq[len++] = 5; /* version (SOCKS5) */
socksreq[len++] = 1; /* connect */
socksreq[len++] = 0; /* must be zero */
if(hp->ai_family == AF_INET) {
int i;
struct sockaddr_in *saddr_in;
socksreq[len++] = 1; /* ATYP: IPv4 = 1 */
saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr;
for(i = 0; i < 4; i++) {
socksreq[len++] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[i];
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)", dest);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
#ifdef ENABLE_IPV6
else if(hp->ai_family == AF_INET6) {
int i;
struct sockaddr_in6 *saddr_in6;
socksreq[len++] = 4; /* ATYP: IPv6 = 4 */
saddr_in6 = (struct sockaddr_in6 *)(void *)hp->ai_addr;
for(i = 0; i < 16; i++) {
socksreq[len++] =
((unsigned char *)&saddr_in6->sin6_addr.s6_addr)[i];
socks.c: use Curl_printable_address in SOCKS5 connection sequence Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
2016-08-20 15:14:46 -04:00
}
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)", dest);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
#endif
else {
hp = NULL; /* fail! */
failf: remove newline from formatting strings ... as failf adds one itself. Also: add an assert() to failf() that triggers on a newline in the format string! Closes #6365
2020-12-23 17:41:13 -05:00
failf(data, "SOCKS5 connection to %s not supported", dest);
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
goto CONNECT_REQ_SEND;
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
CONNECT_RESOLVE_REMOTE:
case CONNECT_RESOLVE_REMOTE:
/* Authentication is complete, now specify destination to the proxy */
len = 0;
socksreq[len++] = 5; /* version (SOCKS5) */
socksreq[len++] = 1; /* connect */
socksreq[len++] = 0; /* must be zero */
if(!socks5_resolve_local) {
socksreq[len++] = 3; /* ATYP: domain name = 3 */
socksreq[len++] = (char) hostname_len; /* one byte address length */
memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
len += hostname_len;
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5 connect to %s:%d (remotely resolved)",
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
hostname, remote_port);
}
/* FALLTHROUGH */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
CONNECT_REQ_SEND:
case CONNECT_REQ_SEND:
/* PORT MSB */
socksreq[len++] = (unsigned char)((remote_port >> 8) & 0xff);
/* PORT LSB */
socksreq[len++] = (unsigned char)(remote_port & 0xff);
socks.c: Added support for IPv6 connections through SOCKSv5 proxy
2012-09-10 06:44:37 -04:00
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(conn->socks5_gssapi_enctype) {
failf(data, "SOCKS5 GSS-API protection not yet implemented.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_GSSAPI_PROTECTION;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outp = socksreq;
sx->outstanding = len;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_SENDING);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_REQ_SENDING:
lib: pass in 'struct Curl_easy *' to most functions ... in most cases instead of 'struct connectdata *' but in some cases in addition to. - We mostly operate on transfers and not connections. - We need the transfer handle to log, store data and more. Everything in libcurl is driven by a transfer (the CURL * in the public API). - This work clarifies and separates the transfers from the connections better. - We should avoid "conn->data". Since individual connections can be used by many transfers when multiplexing, making sure that conn->data points to the current and correct transfer at all times is difficult and has been notoriously error-prone over the years. The goal is to ultimately remove the conn->data pointer for this reason. Closes #6425
2021-01-08 11:58:15 -05:00
result = Curl_write_plain(data, sockfd, (char *)sx->outp,
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding, &written);
if(result && (CURLE_AGAIN != result)) {
failf(data, "Failed to send SOCKS5 connect request.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_SEND_REQUEST;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
if(sx->outstanding != written) {
/* remain in state */
sx->outstanding -= written;
sx->outp += written;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(conn->socks5_gssapi_enctype) {
failf(data, "SOCKS5 GSS-API protection not yet implemented.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_GSSAPI_PROTECTION;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
sx->outstanding = 10; /* minimum packet size is 10 */
sx->outp = socksreq;
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_READ);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_REQ_READ:
result = Curl_read_plain(sockfd, (char *)sx->outp,
sx->outstanding, &actualread);
if(result && (CURLE_AGAIN != result)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RECV_REQACK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
else if(!result && !actualread) {
/* connection closed */
failf(data, "connection to proxy closed");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_CLOSED;
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
}
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
else if(actualread != sx->outstanding) {
/* remain in state */
sx->outstanding -= actualread;
sx->outp += actualread;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
2008-01-04 18:01:00 -05:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(socksreq[0] != 5) { /* version */
failf(data,
"SOCKS5 reply has wrong version, version should be 5.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_BAD_VERSION;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
tidy-up: make conditional checks more consistent ... remove '== NULL' and '!= 0' Closes #6912
2021-04-19 04:46:11 -04:00
else if(socksreq[1]) { /* Anything besides 0 is an error */
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
CURLproxycode rc = CURLPX_REPLY_UNASSIGNED;
int code = socksreq[1];
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
failf(data, "Can't complete SOCKS5 connection to %s. (%d)",
hostname, (unsigned char)socksreq[1]);
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
if(code < 9) {
/* RFC 1928 section 6 lists: */
static const CURLproxycode lookup[] = {
CURLPX_OK,
CURLPX_REPLY_GENERAL_SERVER_FAILURE,
CURLPX_REPLY_NOT_ALLOWED,
CURLPX_REPLY_NETWORK_UNREACHABLE,
CURLPX_REPLY_HOST_UNREACHABLE,
CURLPX_REPLY_CONNECTION_REFUSED,
CURLPX_REPLY_TTL_EXPIRED,
CURLPX_REPLY_COMMAND_NOT_SUPPORTED,
CURLPX_REPLY_ADDRESS_TYPE_NOT_SUPPORTED,
};
rc = lookup[code];
}
return rc;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
2008-01-04 18:01:00 -05:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* Fix: in general, returned BND.ADDR is variable length parameter by RFC
1928, so the reply packet should be read until the end to avoid errors
at subsequent protocol level.
+----+-----+-------+------+----------+----------+
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
+----+-----+-------+------+----------+----------+
| 1 | 1 | X'00' | 1 | Variable | 2 |
+----+-----+-------+------+----------+----------+
ATYP:
o IP v4 address: X'01', BND.ADDR = 4 byte
o domain name: X'03', BND.ADDR = [ 1 byte length, string ]
o IP v6 address: X'04', BND.ADDR = 16 byte
*/
/* Calculate real packet size */
if(socksreq[3] == 3) {
/* domain name */
int addrlen = (int) socksreq[4];
len = 5 + addrlen + 2;
}
else if(socksreq[3] == 4) {
/* IPv6 */
len = 4 + 16 + 2;
}
socks: fix expected length of SOCKS5 reply Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the reply ATYP is X'01'. This resulted in erroneously expecting more bytes when the request length is greater than the reply length (e.g., when remotely resolving the hostname). Closes #5527
2020-06-05 13:36:11 -04:00
else if(socksreq[3] == 1) {
len = 4 + 4 + 2;
}
else {
failf(data, "SOCKS5 reply has wrong address type.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_BAD_ADDRESS_TYPE;
socks: fix expected length of SOCKS5 reply Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the reply ATYP is X'01'. This resulted in erroneously expecting more bytes when the request length is greater than the reply length (e.g., when remotely resolving the hostname). Closes #5527
2020-06-05 13:36:11 -04:00
}
Based on Maxim Perenesenko's patch, we now do SOCKS5 operations and let the proxy do the host name resolving and only if --socks5ip (or CURLOPT_SOCKS5_RESOLVE_LOCAL) is used we resolve the host name locally and pass on the IP address only to the proxy.
2008-01-04 18:01:00 -05:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* At this point we already read first 10 bytes */
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(!conn->socks5_gssapi_enctype) {
/* decrypt_gssapi_blockread already read the whole packet */
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
if(len > 10) {
sx->outstanding = len - 10; /* get the rest */
sx->outp = &socksreq[10];
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_REQ_READ_MORE);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
else {
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_DONE);
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
break;
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
}
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
- Markus Moeller introduced two new options to libcurl: CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-28 16:33:58 -05:00
#endif
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* FALLTHROUGH */
case CONNECT_REQ_READ_MORE:
result = Curl_read_plain(sockfd, (char *)sx->outp,
sx->outstanding, &actualread);
if(result && (CURLE_AGAIN != result)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_RECV_ADDRESS;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
else if(!result && !actualread) {
/* connection closed */
failf(data, "connection to proxy closed");
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_CLOSED;
socks: detect connection close during handshake The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08 08:05:22 -04:00
}
else if(actualread != sx->outstanding) {
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
/* remain in state */
sx->outstanding -= actualread;
sx->outp += actualread;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK;
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
}
lib: more conn->data cleanups Closes #6479
2021-01-18 05:56:50 -05:00
sxstate(data, CONNECT_DONE);
socks.c: Move error output after reading the whole response packet First commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14 11:01:13 -04:00
}
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
2021-07-06 11:05:17 -04:00
infof(data, "SOCKS5 request granted.");
socks.c: Move error output after reading the whole response packet First commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14 11:01:13 -04:00
socks: make the connect phase non-blocking Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-14 10:16:54 -05:00
*done = TRUE;
CURLE_PROXY: new error code Failures clearly returned from a (SOCKS) proxy now causes this return code. Previously the situation was not very clear as what would be returned and when. In addition: when this error code is returned, an application can use CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then returns a value from the new 'CURLproxycode' enum. Closes #5770
2020-08-24 02:39:29 -04:00
return CURLPX_OK; /* Proxy was successful! */
Dmitriy Sergeyev provided a patch that made the SOCKS[45] code work better as it now will read the full data sent from servers. The SOCKS-related code was also moved to the new lib/socks.c source file.
2006-09-23 15:07:20 -04:00
}
- Daniel Egger provided a patch that allows you to disable proxy support in libcurl to somewhat reduce the size of the binary. Run configure --disable-proxy.
2008-09-29 17:46:04 -04:00
#endif /* CURL_DISABLE_PROXY */