mirror of
https://github.com/moparisthebest/curl
synced 2024-11-16 22:45:03 -05:00
91386937ff
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
586 lines
18 KiB
C
586 lines
18 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
* $Id$
|
|
***************************************************************************/
|
|
|
|
#include "setup.h"
|
|
|
|
#include <string.h>
|
|
|
|
#ifdef NEED_MALLOC_H
|
|
#include <malloc.h>
|
|
#endif
|
|
#ifdef HAVE_STDLIB_H
|
|
#include <stdlib.h>
|
|
#endif
|
|
|
|
#include "urldata.h"
|
|
#include "sendf.h"
|
|
#include "strequal.h"
|
|
#include "select.h"
|
|
#include "connect.h"
|
|
#include "timeval.h"
|
|
#include "socks.h"
|
|
|
|
/* The last #include file should be: */
|
|
#include "memdebug.h"
|
|
|
|
/*
|
|
* Helper read-from-socket functions. Does the same as Curl_read() but it
|
|
* blocks until all bytes amount of buffersize will be read. No more, no less.
|
|
*
|
|
* This is STUPID BLOCKING behaviour which we frown upon, but right now this
|
|
* is what we have...
|
|
*/
|
|
static int blockread_all(struct connectdata *conn, /* connection data */
|
|
curl_socket_t sockfd, /* read from this socket */
|
|
char *buf, /* store read data here */
|
|
ssize_t buffersize, /* max amount to read */
|
|
ssize_t *n, /* amount bytes read */
|
|
long conn_timeout) /* timeout for data wait
|
|
relative to
|
|
conn->created */
|
|
{
|
|
ssize_t nread;
|
|
ssize_t allread = 0;
|
|
int result;
|
|
struct timeval tvnow;
|
|
long conntime;
|
|
*n = 0;
|
|
do {
|
|
tvnow = Curl_tvnow();
|
|
/* calculating how long connection is establishing */
|
|
conntime = Curl_tvdiff(tvnow, conn->created);
|
|
if(conntime > conn_timeout) {
|
|
/* we already got the timeout */
|
|
result = ~CURLE_OK;
|
|
break;
|
|
}
|
|
if(Curl_select(sockfd, CURL_SOCKET_BAD,
|
|
(int)(conn_timeout - conntime)) <= 0) {
|
|
result = ~CURLE_OK;
|
|
break;
|
|
}
|
|
result = Curl_read(conn, sockfd, buf, buffersize, &nread);
|
|
if(result)
|
|
break;
|
|
|
|
if(buffersize == nread) {
|
|
allread += nread;
|
|
*n = allread;
|
|
result = CURLE_OK;
|
|
break;
|
|
}
|
|
buffersize -= nread;
|
|
buf += nread;
|
|
allread += nread;
|
|
} while(1);
|
|
return result;
|
|
}
|
|
|
|
/*
|
|
* This function logs in to a SOCKS4 proxy and sends the specifics to the final
|
|
* destination server.
|
|
*
|
|
* Reference :
|
|
* http://socks.permeo.com/protocol/socks4.protocol
|
|
*
|
|
* Note :
|
|
* Nonsupport "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
|
|
* Nonsupport "Identification Protocol (RFC1413)"
|
|
*/
|
|
CURLcode Curl_SOCKS4(const char *proxy_name,
|
|
struct connectdata *conn)
|
|
{
|
|
unsigned char socksreq[262]; /* room for SOCKS4 request incl. user id */
|
|
int result;
|
|
CURLcode code;
|
|
curl_socket_t sock = conn->sock[FIRSTSOCKET];
|
|
long timeout;
|
|
struct SessionHandle *data = conn->data;
|
|
|
|
/* get timeout */
|
|
if(data->set.timeout && data->set.connecttimeout) {
|
|
if (data->set.timeout < data->set.connecttimeout)
|
|
timeout = data->set.timeout;
|
|
else
|
|
timeout = data->set.connecttimeout;
|
|
}
|
|
else if(data->set.timeout)
|
|
timeout = data->set.timeout;
|
|
else if(data->set.connecttimeout)
|
|
timeout = data->set.connecttimeout;
|
|
else
|
|
timeout = DEFAULT_CONNECT_TIMEOUT;
|
|
|
|
Curl_nonblock(sock, FALSE);
|
|
|
|
/*
|
|
* Compose socks4 request
|
|
*
|
|
* Request format
|
|
*
|
|
* +----+----+----+----+----+----+----+----+----+----+....+----+
|
|
* | VN | CD | DSTPORT | DSTIP | USERID |NULL|
|
|
* +----+----+----+----+----+----+----+----+----+----+....+----+
|
|
* # of bytes: 1 1 2 4 variable 1
|
|
*/
|
|
|
|
socksreq[0] = 4; /* version (SOCKS4) */
|
|
socksreq[1] = 1; /* connect */
|
|
*((unsigned short*)&socksreq[2]) = htons(conn->remote_port);
|
|
|
|
/* DNS resolve */
|
|
{
|
|
struct Curl_dns_entry *dns;
|
|
Curl_addrinfo *hp=NULL;
|
|
int rc;
|
|
|
|
rc = Curl_resolv(conn, conn->host.name, (int)conn->remote_port, &dns);
|
|
|
|
if(rc == CURLRESOLV_ERROR)
|
|
return CURLE_COULDNT_RESOLVE_PROXY;
|
|
|
|
if(rc == CURLRESOLV_PENDING)
|
|
/* this requires that we're in "wait for resolve" state */
|
|
rc = Curl_wait_for_resolv(conn, &dns);
|
|
|
|
/*
|
|
* We cannot use 'hostent' as a struct that Curl_resolv() returns. It
|
|
* returns a Curl_addrinfo pointer that may not always look the same.
|
|
*/
|
|
if(dns)
|
|
hp=dns->addr;
|
|
if (hp) {
|
|
char buf[64];
|
|
unsigned short ip[4];
|
|
Curl_printable_address(hp, buf, sizeof(buf));
|
|
|
|
if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
|
|
&ip[0], &ip[1], &ip[2], &ip[3])) {
|
|
/* Set DSTIP */
|
|
socksreq[4] = (unsigned char)ip[0];
|
|
socksreq[5] = (unsigned char)ip[1];
|
|
socksreq[6] = (unsigned char)ip[2];
|
|
socksreq[7] = (unsigned char)ip[3];
|
|
}
|
|
else
|
|
hp = NULL; /* fail! */
|
|
|
|
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
|
|
|
|
}
|
|
if(!hp) {
|
|
failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
|
|
conn->host.name);
|
|
return CURLE_COULDNT_RESOLVE_HOST;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* This is currently not supporting "Identification Protocol (RFC1413)".
|
|
*/
|
|
socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
|
|
if (proxy_name)
|
|
strlcat((char*)socksreq + 8, proxy_name, sizeof(socksreq) - 8);
|
|
|
|
/*
|
|
* Make connection
|
|
*/
|
|
{
|
|
ssize_t actualread;
|
|
ssize_t written;
|
|
int packetsize = 9 +
|
|
(int)strlen((char*)socksreq + 8); /* size including NUL */
|
|
|
|
/* Send request */
|
|
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
|
|
if ((code != CURLE_OK) || (written != packetsize)) {
|
|
failf(data, "Failed to send SOCKS4 connect request.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
packetsize = 8; /* receive data size */
|
|
|
|
/* Receive response */
|
|
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
|
|
&actualread, timeout);
|
|
if ((result != CURLE_OK) || (actualread != packetsize)) {
|
|
failf(data, "Failed to receive SOCKS4 connect request ack.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
/*
|
|
* Response format
|
|
*
|
|
* +----+----+----+----+----+----+----+----+
|
|
* | VN | CD | DSTPORT | DSTIP |
|
|
* +----+----+----+----+----+----+----+----+
|
|
* # of bytes: 1 1 2 4
|
|
*
|
|
* VN is the version of the reply code and should be 0. CD is the result
|
|
* code with one of the following values:
|
|
*
|
|
* 90: request granted
|
|
* 91: request rejected or failed
|
|
* 92: request rejected because SOCKS server cannot connect to
|
|
* identd on the client
|
|
* 93: request rejected because the client program and identd
|
|
* report different user-ids
|
|
*/
|
|
|
|
/* wrong version ? */
|
|
if (socksreq[0] != 0) {
|
|
failf(data,
|
|
"SOCKS4 reply has wrong version, version should be 4.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
/* Result */
|
|
switch(socksreq[1])
|
|
{
|
|
case 90:
|
|
infof(data, "SOCKS4 request granted.\n");
|
|
break;
|
|
case 91:
|
|
failf(data,
|
|
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
|
|
", request rejected or failed.",
|
|
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
|
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
|
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
|
socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
case 92:
|
|
failf(data,
|
|
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
|
|
", request rejected because SOCKS server cannot connect to "
|
|
"identd on the client.",
|
|
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
|
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
|
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
|
socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
case 93:
|
|
failf(data,
|
|
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
|
|
", request rejected because the client program and identd "
|
|
"report different user-ids.",
|
|
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
|
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
|
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
|
socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
default:
|
|
failf(data,
|
|
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
|
|
", Unknown.",
|
|
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
|
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
|
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
|
socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
}
|
|
|
|
Curl_nonblock(sock, TRUE);
|
|
|
|
return CURLE_OK; /* Proxy was successful! */
|
|
}
|
|
|
|
/*
|
|
* This function logs in to a SOCKS5 proxy and sends the specifics to the final
|
|
* destination server.
|
|
*/
|
|
CURLcode Curl_SOCKS5(const char *proxy_name,
|
|
const char *proxy_password,
|
|
struct connectdata *conn)
|
|
{
|
|
/*
|
|
According to the RFC1928, section "6. Replies". This is what a SOCK5
|
|
replies:
|
|
|
|
+----+-----+-------+------+----------+----------+
|
|
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
|
|
+----+-----+-------+------+----------+----------+
|
|
| 1 | 1 | X'00' | 1 | Variable | 2 |
|
|
+----+-----+-------+------+----------+----------+
|
|
|
|
Where:
|
|
|
|
o VER protocol version: X'05'
|
|
o REP Reply field:
|
|
o X'00' succeeded
|
|
*/
|
|
|
|
unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
|
|
ssize_t actualread;
|
|
ssize_t written;
|
|
int result;
|
|
CURLcode code;
|
|
curl_socket_t sock = conn->sock[FIRSTSOCKET];
|
|
struct SessionHandle *data = conn->data;
|
|
long timeout;
|
|
|
|
/* get timeout */
|
|
if(data->set.timeout && data->set.connecttimeout) {
|
|
if (data->set.timeout < data->set.connecttimeout)
|
|
timeout = data->set.timeout*1000;
|
|
else
|
|
timeout = data->set.connecttimeout*1000;
|
|
}
|
|
else if(data->set.timeout)
|
|
timeout = data->set.timeout*1000;
|
|
else if(data->set.connecttimeout)
|
|
timeout = data->set.connecttimeout*1000;
|
|
else
|
|
timeout = DEFAULT_CONNECT_TIMEOUT;
|
|
|
|
Curl_nonblock(sock, TRUE);
|
|
|
|
/* wait until socket gets connected */
|
|
result = Curl_select(CURL_SOCKET_BAD, sock, (int)timeout);
|
|
|
|
if(-1 == result) {
|
|
failf(conn->data, "SOCKS5: no connection here");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
else if(0 == result) {
|
|
failf(conn->data, "SOCKS5: connection timeout");
|
|
return CURLE_OPERATION_TIMEDOUT;
|
|
}
|
|
|
|
if(result & CSELECT_ERR) {
|
|
failf(conn->data, "SOCKS5: error occured during connection");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
socksreq[0] = 5; /* version */
|
|
socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
|
|
socksreq[2] = 0; /* no authentication */
|
|
socksreq[3] = 2; /* username/password */
|
|
|
|
Curl_nonblock(sock, FALSE);
|
|
|
|
code = Curl_write(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
|
|
&written);
|
|
if ((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
|
|
failf(data, "Unable to send initial SOCKS5 request.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
Curl_nonblock(sock, TRUE);
|
|
|
|
result = Curl_select(sock, CURL_SOCKET_BAD, (int)timeout);
|
|
|
|
if(-1 == result) {
|
|
failf(conn->data, "SOCKS5 nothing to read");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
else if(0 == result) {
|
|
failf(conn->data, "SOCKS5 read timeout");
|
|
return CURLE_OPERATION_TIMEDOUT;
|
|
}
|
|
|
|
if(result & CSELECT_ERR) {
|
|
failf(conn->data, "SOCKS5 read error occured");
|
|
return CURLE_RECV_ERROR;
|
|
}
|
|
|
|
Curl_nonblock(sock, FALSE);
|
|
|
|
result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread, timeout);
|
|
if ((result != CURLE_OK) || (actualread != 2)) {
|
|
failf(data, "Unable to receive initial SOCKS5 response.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
if (socksreq[0] != 5) {
|
|
failf(data, "Received invalid version in initial SOCKS5 response.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
if (socksreq[1] == 0) {
|
|
/* Nothing to do, no authentication needed */
|
|
;
|
|
}
|
|
else if (socksreq[1] == 2) {
|
|
/* Needs user name and password */
|
|
size_t userlen, pwlen;
|
|
int len;
|
|
if(proxy_name && proxy_password) {
|
|
userlen = strlen(proxy_name);
|
|
pwlen = proxy_password?strlen(proxy_password):0;
|
|
}
|
|
else {
|
|
userlen = 0;
|
|
pwlen = 0;
|
|
}
|
|
|
|
/* username/password request looks like
|
|
* +----+------+----------+------+----------+
|
|
* |VER | ULEN | UNAME | PLEN | PASSWD |
|
|
* +----+------+----------+------+----------+
|
|
* | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
|
|
* +----+------+----------+------+----------+
|
|
*/
|
|
len = 0;
|
|
socksreq[len++] = 1; /* username/pw subnegotiation version */
|
|
socksreq[len++] = (char) userlen;
|
|
memcpy(socksreq + len, proxy_name, (int) userlen);
|
|
len += userlen;
|
|
socksreq[len++] = (char) pwlen;
|
|
memcpy(socksreq + len, proxy_password, (int) pwlen);
|
|
len += pwlen;
|
|
|
|
code = Curl_write(conn, sock, (char *)socksreq, len, &written);
|
|
if ((code != CURLE_OK) || (len != written)) {
|
|
failf(data, "Failed to send SOCKS5 sub-negotiation request.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread,
|
|
timeout);
|
|
if ((result != CURLE_OK) || (actualread != 2)) {
|
|
failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
/* ignore the first (VER) byte */
|
|
if (socksreq[1] != 0) { /* status */
|
|
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
|
|
socksreq[0], socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
/* Everything is good so far, user was authenticated! */
|
|
}
|
|
else {
|
|
/* error */
|
|
if (socksreq[1] == 1) {
|
|
failf(data,
|
|
"SOCKS5 GSSAPI per-message authentication is not supported.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
else if (socksreq[1] == 255) {
|
|
if (!proxy_name || !*proxy_name) {
|
|
failf(data,
|
|
"No authentication method was acceptable. (It is quite likely"
|
|
" that the SOCKS5 server wanted a username/password, since none"
|
|
" was supplied to the server on this connection.)");
|
|
}
|
|
else {
|
|
failf(data, "No authentication method was acceptable.");
|
|
}
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
else {
|
|
failf(data,
|
|
"Undocumented SOCKS5 mode attempted to be used by server.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
}
|
|
|
|
/* Authentication is complete, now specify destination to the proxy */
|
|
socksreq[0] = 5; /* version (SOCKS5) */
|
|
socksreq[1] = 1; /* connect */
|
|
socksreq[2] = 0; /* must be zero */
|
|
socksreq[3] = 1; /* IPv4 = 1 */
|
|
|
|
{
|
|
struct Curl_dns_entry *dns;
|
|
Curl_addrinfo *hp=NULL;
|
|
int rc = Curl_resolv(conn, conn->host.name, (int)conn->remote_port, &dns);
|
|
|
|
if(rc == CURLRESOLV_ERROR)
|
|
return CURLE_COULDNT_RESOLVE_HOST;
|
|
|
|
if(rc == CURLRESOLV_PENDING)
|
|
/* this requires that we're in "wait for resolve" state */
|
|
rc = Curl_wait_for_resolv(conn, &dns);
|
|
|
|
/*
|
|
* We cannot use 'hostent' as a struct that Curl_resolv() returns. It
|
|
* returns a Curl_addrinfo pointer that may not always look the same.
|
|
*/
|
|
if(dns)
|
|
hp=dns->addr;
|
|
if (hp) {
|
|
char buf[64];
|
|
unsigned short ip[4];
|
|
Curl_printable_address(hp, buf, sizeof(buf));
|
|
|
|
if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
|
|
&ip[0], &ip[1], &ip[2], &ip[3])) {
|
|
socksreq[4] = (unsigned char)ip[0];
|
|
socksreq[5] = (unsigned char)ip[1];
|
|
socksreq[6] = (unsigned char)ip[2];
|
|
socksreq[7] = (unsigned char)ip[3];
|
|
}
|
|
else
|
|
hp = NULL; /* fail! */
|
|
|
|
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
|
|
}
|
|
if(!hp) {
|
|
failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
|
|
conn->host.name);
|
|
return CURLE_COULDNT_RESOLVE_HOST;
|
|
}
|
|
}
|
|
|
|
*((unsigned short*)&socksreq[8]) = htons(conn->remote_port);
|
|
|
|
{
|
|
const int packetsize = 10;
|
|
|
|
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
|
|
if ((code != CURLE_OK) || (written != packetsize)) {
|
|
failf(data, "Failed to send SOCKS5 connect request.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
|
|
&actualread, timeout);
|
|
if ((result != CURLE_OK) || (actualread != packetsize)) {
|
|
failf(data, "Failed to receive SOCKS5 connect request ack.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
|
|
if (socksreq[0] != 5) { /* version */
|
|
failf(data,
|
|
"SOCKS5 reply has wrong version, version should be 5.");
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
if (socksreq[1] != 0) { /* Anything besides 0 is an error */
|
|
failf(data,
|
|
"Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
|
|
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
|
|
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
|
|
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
|
|
socksreq[1]);
|
|
return CURLE_COULDNT_CONNECT;
|
|
}
|
|
}
|
|
|
|
Curl_nonblock(sock, TRUE);
|
|
return CURLE_OK; /* Proxy was successful! */
|
|
}
|