D:/opendownloadmanager/ODM-1.x/InetFile/cURL

00001 /***************************************************************************
00002  *                                  _   _ ____  _
00003  *  Project                     ___| | | |  _ \| |
00004  *                             / __| | | | |_) | |
00005  *                            | (__| |_| |  _ <| |___
00006  *                             \___|\___/|_| \_\_____|
00007  *
00008  * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
00009  *
00010  * This software is licensed as described in the file COPYING, which
00011  * you should have received as part of this distribution. The terms
00012  * are also available at http://curl.haxx.se/docs/copyright.html.
00013  *
00014  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
00015  * copies of the Software, and permit persons to whom the Software is
00016  * furnished to do so, under the terms of the COPYING file.
00017  *
00018  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
00019  * KIND, either express or implied.
00020  *
00021  * $Id: socks.c,v 1.14 2007-06-05 13:42:23 bagder Exp $
00022  ***************************************************************************/
00023 
00024 #include "setup.h"
00025 
00026 #include <string.h>
00027 
00028 #ifdef NEED_MALLOC_H
00029 #include <malloc.h>
00030 #endif
00031 #ifdef HAVE_STDLIB_H
00032 #include <stdlib.h>
00033 #endif
00034 #ifdef HAVE_SYS_SOCKET_H
00035 #include <sys/socket.h>
00036 #endif
00037 #ifdef HAVE_NETINET_IN_H
00038 #include <netinet/in.h>
00039 #endif
00040 #ifdef HAVE_ARPA_INET_H
00041 #include <arpa/inet.h>
00042 #endif
00043 
00044 #include "urldata.h"
00045 #include "sendf.h"
00046 #include "strequal.h"
00047 #include "select.h"
00048 #include "connect.h"
00049 #include "timeval.h"
00050 #include "socks.h"
00051 
00052 /* The last #include file should be: */
00053 #include "memdebug.h"
00054 
00055 /*
00056  * Helper read-from-socket functions. Does the same as Curl_read() but it
00057  * blocks until all bytes amount of buffersize will be read. No more, no less.
00058  *
00059  * This is STUPID BLOCKING behaviour which we frown upon, but right now this
00060  * is what we have...
00061  */
00062 static int blockread_all(struct connectdata *conn, /* connection data */
00063                          curl_socket_t sockfd,     /* read from this socket */
00064                          char *buf,                /* store read data here */
00065                          ssize_t buffersize,       /* max amount to read */
00066                          ssize_t *n,               /* amount bytes read */
00067                          long conn_timeout)        /* timeout for data wait
00068                                                       relative to
00069                                                       conn->created */
00070 {
00071   ssize_t nread;
00072   ssize_t allread = 0;
00073   int result;
00074   struct timeval tvnow;
00075   long conntime;
00076   *n = 0;
00077   do {
00078     tvnow = Curl_tvnow();
00079     /* calculating how long connection is establishing */
00080     conntime = Curl_tvdiff(tvnow, conn->created);
00081     if(conntime > conn_timeout) {
00082       /* we already got the timeout */
00083       result = ~CURLE_OK;
00084       break;
00085     }
00086     if(Curl_socket_ready(sockfd, CURL_SOCKET_BAD,
00087                    (int)(conn_timeout - conntime)) <= 0) {
00088       result = ~CURLE_OK;
00089       break;
00090     }
00091     result = Curl_read(conn, sockfd, buf, buffersize, &nread);
00092     if(result)
00093       break;
00094 
00095     if(buffersize == nread) {
00096       allread += nread;
00097       *n = allread;
00098       result = CURLE_OK;
00099       break;
00100     }
00101     if(!nread) {
00102       result = ~CURLE_OK;
00103       break;
00104     }
00105 
00106     buffersize -= nread;
00107     buf += nread;
00108     allread += nread;
00109   } while(1);
00110   return result;
00111 }
00112 
00113 /*
00114 * This function logs in to a SOCKS4 proxy and sends the specifics to the final
00115 * destination server.
00116 *
00117 * Reference :
00118 *   http://socks.permeo.com/protocol/socks4.protocol
00119 *
00120 * Note :
00121 *   Nonsupport "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
00122 *   Nonsupport "Identification Protocol (RFC1413)"
00123 */
00124 CURLcode Curl_SOCKS4(const char *proxy_name,
00125                      char *hostname,
00126                      int remote_port,
00127                      int sockindex,
00128                      struct connectdata *conn)
00129 {
00130   unsigned char socksreq[262]; /* room for SOCKS4 request incl. user id */
00131   int result;
00132   CURLcode code;
00133   curl_socket_t sock = conn->sock[sockindex];
00134   long timeout;
00135   struct SessionHandle *data = conn->data;
00136 
00137   /* get timeout */
00138   if(data->set.timeout && data->set.connecttimeout) {
00139     if (data->set.timeout < data->set.connecttimeout)
00140       timeout = data->set.timeout;
00141     else
00142       timeout = data->set.connecttimeout;
00143   }
00144   else if(data->set.timeout)
00145     timeout = data->set.timeout;
00146   else if(data->set.connecttimeout)
00147     timeout = data->set.connecttimeout;
00148   else
00149     timeout = DEFAULT_CONNECT_TIMEOUT;
00150 
00151   Curl_nonblock(sock, FALSE);
00152 
00153   /*
00154    * Compose socks4 request
00155    *
00156    * Request format
00157    *
00158    *     +----+----+----+----+----+----+----+----+----+----+....+----+
00159    *     | VN | CD | DSTPORT |      DSTIP        | USERID       |NULL|
00160    *     +----+----+----+----+----+----+----+----+----+----+....+----+
00161    * # of bytes:  1    1      2              4           variable       1
00162    */
00163 
00164   socksreq[0] = 4; /* version (SOCKS4) */
00165   socksreq[1] = 1; /* connect */
00166   *((unsigned short*)&socksreq[2]) = htons((unsigned short)remote_port);
00167 
00168   /* DNS resolve */
00169   {
00170     struct Curl_dns_entry *dns;
00171     Curl_addrinfo *hp=NULL;
00172     int rc;
00173 
00174     rc = Curl_resolv(conn, hostname, remote_port, &dns);
00175 
00176     if(rc == CURLRESOLV_ERROR)
00177       return CURLE_COULDNT_RESOLVE_PROXY;
00178 
00179     if(rc == CURLRESOLV_PENDING)
00180       /* this requires that we're in "wait for resolve" state */
00181       rc = Curl_wait_for_resolv(conn, &dns);
00182 
00183     /*
00184      * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
00185      * returns a Curl_addrinfo pointer that may not always look the same.
00186      */
00187     if(dns)
00188       hp=dns->addr;
00189     if (hp) {
00190       char buf[64];
00191       unsigned short ip[4];
00192       Curl_printable_address(hp, buf, sizeof(buf));
00193 
00194       if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
00195                       &ip[0], &ip[1], &ip[2], &ip[3])) {
00196         /* Set DSTIP */
00197         socksreq[4] = (unsigned char)ip[0];
00198         socksreq[5] = (unsigned char)ip[1];
00199         socksreq[6] = (unsigned char)ip[2];
00200         socksreq[7] = (unsigned char)ip[3];
00201       }
00202       else
00203         hp = NULL; /* fail! */
00204 
00205       Curl_resolv_unlock(data, dns); /* not used anymore from now on */
00206 
00207     }
00208     if(!hp) {
00209       failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
00210             hostname);
00211       return CURLE_COULDNT_RESOLVE_HOST;
00212     }
00213   }
00214 
00215   /*
00216    * This is currently not supporting "Identification Protocol (RFC1413)".
00217    */
00218   socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
00219   if (proxy_name)
00220     strlcat((char*)socksreq + 8, proxy_name, sizeof(socksreq) - 8);
00221 
00222   /*
00223    * Make connection
00224    */
00225   {
00226     ssize_t actualread;
00227     ssize_t written;
00228     int packetsize = 9 +
00229       (int)strlen((char*)socksreq + 8); /* size including NUL */
00230 
00231     /* Send request */
00232     code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
00233     if ((code != CURLE_OK) || (written != packetsize)) {
00234       failf(data, "Failed to send SOCKS4 connect request.");
00235       return CURLE_COULDNT_CONNECT;
00236     }
00237 
00238     packetsize = 8; /* receive data size */
00239 
00240     /* Receive response */
00241     result = blockread_all(conn, sock, (char *)socksreq, packetsize,
00242                            &actualread, timeout);
00243     if ((result != CURLE_OK) || (actualread != packetsize)) {
00244       failf(data, "Failed to receive SOCKS4 connect request ack.");
00245       return CURLE_COULDNT_CONNECT;
00246     }
00247 
00248     /*
00249      * Response format
00250      *
00251      *     +----+----+----+----+----+----+----+----+
00252      *     | VN | CD | DSTPORT |      DSTIP        |
00253      *     +----+----+----+----+----+----+----+----+
00254      * # of bytes:  1    1      2              4
00255      *
00256      * VN is the version of the reply code and should be 0. CD is the result
00257      * code with one of the following values:
00258      *
00259      * 90: request granted
00260      * 91: request rejected or failed
00261      * 92: request rejected because SOCKS server cannot connect to
00262      *     identd on the client
00263      * 93: request rejected because the client program and identd
00264      *     report different user-ids
00265      */
00266 
00267     /* wrong version ? */
00268     if (socksreq[0] != 0) {
00269       failf(data,
00270             "SOCKS4 reply has wrong version, version should be 4.");
00271       return CURLE_COULDNT_CONNECT;
00272     }
00273 
00274     /* Result */
00275     switch(socksreq[1])
00276     {
00277     case 90:
00278       infof(data, "SOCKS4 request granted.\n");
00279       break;
00280     case 91:
00281       failf(data,
00282             "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
00283             ", request rejected or failed.",
00284             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
00285             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
00286             (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
00287             socksreq[1]);
00288       return CURLE_COULDNT_CONNECT;
00289     case 92:
00290       failf(data,
00291             "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
00292             ", request rejected because SOCKS server cannot connect to "
00293             "identd on the client.",
00294             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
00295             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
00296             (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
00297             socksreq[1]);
00298       return CURLE_COULDNT_CONNECT;
00299     case 93:
00300       failf(data,
00301             "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
00302             ", request rejected because the client program and identd "
00303             "report different user-ids.",
00304             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
00305             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
00306             (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
00307             socksreq[1]);
00308       return CURLE_COULDNT_CONNECT;
00309     default:
00310       failf(data,
00311             "Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
00312             ", Unknown.",
00313             (unsigned char)socksreq[4], (unsigned char)socksreq[5],
00314             (unsigned char)socksreq[6], (unsigned char)socksreq[7],
00315             (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
00316             socksreq[1]);
00317       return CURLE_COULDNT_CONNECT;
00318     }
00319   }
00320 
00321   Curl_nonblock(sock, TRUE);
00322 
00323   return CURLE_OK; /* Proxy was successful! */
00324 }
00325 
00326 /*
00327  * This function logs in to a SOCKS5 proxy and sends the specifics to the final
00328  * destination server.
00329  */
00330 CURLcode Curl_SOCKS5(const char *proxy_name,
00331                      const char *proxy_password,
00332                      char *hostname,
00333                      int remote_port,
00334                      int sockindex,
00335                      struct connectdata *conn)
00336 {
00337   /*
00338     According to the RFC1928, section "6.  Replies". This is what a SOCK5
00339     replies:
00340 
00341         +----+-----+-------+------+----------+----------+
00342         |VER | REP |  RSV  | ATYP | BND.ADDR | BND.PORT |
00343         +----+-----+-------+------+----------+----------+
00344         | 1  |  1  | X'00' |  1   | Variable |    2     |
00345         +----+-----+-------+------+----------+----------+
00346 
00347     Where:
00348 
00349     o  VER    protocol version: X'05'
00350     o  REP    Reply field:
00351     o  X'00' succeeded
00352   */
00353 
00354   unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
00355   ssize_t actualread;
00356   ssize_t written;
00357   int result;
00358   CURLcode code;
00359   curl_socket_t sock = conn->sock[sockindex];
00360   struct SessionHandle *data = conn->data;
00361   long timeout;
00362 
00363   /* get timeout */
00364   if(data->set.timeout && data->set.connecttimeout) {
00365     if (data->set.timeout < data->set.connecttimeout)
00366       timeout = data->set.timeout;
00367     else
00368       timeout = data->set.connecttimeout;
00369   }
00370   else if(data->set.timeout)
00371     timeout = data->set.timeout;
00372   else if(data->set.connecttimeout)
00373     timeout = data->set.connecttimeout;
00374   else
00375     timeout = DEFAULT_CONNECT_TIMEOUT;
00376 
00377   Curl_nonblock(sock, TRUE);
00378 
00379   /* wait until socket gets connected */
00380   result = Curl_socket_ready(CURL_SOCKET_BAD, sock, (int)timeout);
00381 
00382   if(-1 == result) {
00383     failf(conn->data, "SOCKS5: no connection here");
00384     return CURLE_COULDNT_CONNECT;
00385   }
00386   else if(0 == result) {
00387     failf(conn->data, "SOCKS5: connection timeout");
00388     return CURLE_OPERATION_TIMEDOUT;
00389   }
00390 
00391   if(result & CURL_CSELECT_ERR) {
00392     failf(conn->data, "SOCKS5: error occured during connection");
00393     return CURLE_COULDNT_CONNECT;
00394   }
00395 
00396   socksreq[0] = 5; /* version */
00397   socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
00398   socksreq[2] = 0; /* no authentication */
00399   socksreq[3] = 2; /* username/password */
00400 
00401   Curl_nonblock(sock, FALSE);
00402 
00403   code = Curl_write(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
00404                       &written);
00405   if ((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
00406     failf(data, "Unable to send initial SOCKS5 request.");
00407     return CURLE_COULDNT_CONNECT;
00408   }
00409 
00410   Curl_nonblock(sock, TRUE);
00411 
00412   result = Curl_socket_ready(sock, CURL_SOCKET_BAD, (int)timeout);
00413 
00414   if(-1 == result) {
00415     failf(conn->data, "SOCKS5 nothing to read");
00416     return CURLE_COULDNT_CONNECT;
00417   }
00418   else if(0 == result) {
00419     failf(conn->data, "SOCKS5 read timeout");
00420     return CURLE_OPERATION_TIMEDOUT;
00421   }
00422 
00423   if(result & CURL_CSELECT_ERR) {
00424     failf(conn->data, "SOCKS5 read error occured");
00425     return CURLE_RECV_ERROR;
00426   }
00427 
00428   Curl_nonblock(sock, FALSE);
00429 
00430   result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread, timeout);
00431   if ((result != CURLE_OK) || (actualread != 2)) {
00432     failf(data, "Unable to receive initial SOCKS5 response.");
00433     return CURLE_COULDNT_CONNECT;
00434   }
00435 
00436   if (socksreq[0] != 5) {
00437     failf(data, "Received invalid version in initial SOCKS5 response.");
00438     return CURLE_COULDNT_CONNECT;
00439   }
00440   if (socksreq[1] == 0) {
00441     /* Nothing to do, no authentication needed */
00442     ;
00443   }
00444   else if (socksreq[1] == 2) {
00445     /* Needs user name and password */
00446     size_t userlen, pwlen;
00447     int len;
00448     if(proxy_name && proxy_password) {
00449       userlen = strlen(proxy_name);
00450       pwlen = strlen(proxy_password);
00451     }
00452     else {
00453       userlen = 0;
00454       pwlen = 0;
00455     }
00456 
00457     /*   username/password request looks like
00458      * +----+------+----------+------+----------+
00459      * |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
00460      * +----+------+----------+------+----------+
00461      * | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
00462      * +----+------+----------+------+----------+
00463      */
00464     len = 0;
00465     socksreq[len++] = 1;    /* username/pw subnegotiation version */
00466     socksreq[len++] = (char) userlen;
00467     memcpy(socksreq + len, proxy_name, (int) userlen);
00468     len += userlen;
00469     socksreq[len++] = (char) pwlen;
00470     memcpy(socksreq + len, proxy_password, (int) pwlen);
00471     len += pwlen;
00472 
00473     code = Curl_write(conn, sock, (char *)socksreq, len, &written);
00474     if ((code != CURLE_OK) || (len != written)) {
00475       failf(data, "Failed to send SOCKS5 sub-negotiation request.");
00476       return CURLE_COULDNT_CONNECT;
00477     }
00478 
00479     result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread,
00480                          timeout);
00481     if ((result != CURLE_OK) || (actualread != 2)) {
00482       failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
00483       return CURLE_COULDNT_CONNECT;
00484     }
00485 
00486     /* ignore the first (VER) byte */
00487     if (socksreq[1] != 0) { /* status */
00488       failf(data, "User was rejected by the SOCKS5 server (%d %d).",
00489             socksreq[0], socksreq[1]);
00490       return CURLE_COULDNT_CONNECT;
00491     }
00492 
00493     /* Everything is good so far, user was authenticated! */
00494   }
00495   else {
00496     /* error */
00497     if (socksreq[1] == 1) {
00498       failf(data,
00499             "SOCKS5 GSSAPI per-message authentication is not supported.");
00500       return CURLE_COULDNT_CONNECT;
00501     }
00502     else if (socksreq[1] == 255) {
00503       if (!proxy_name || !*proxy_name) {
00504         failf(data,
00505               "No authentication method was acceptable. (It is quite likely"
00506               " that the SOCKS5 server wanted a username/password, since none"
00507               " was supplied to the server on this connection.)");
00508       }
00509       else {
00510         failf(data, "No authentication method was acceptable.");
00511       }
00512       return CURLE_COULDNT_CONNECT;
00513     }
00514     else {
00515       failf(data,
00516             "Undocumented SOCKS5 mode attempted to be used by server.");
00517       return CURLE_COULDNT_CONNECT;
00518     }
00519   }
00520 
00521   /* Authentication is complete, now specify destination to the proxy */
00522   socksreq[0] = 5; /* version (SOCKS5) */
00523   socksreq[1] = 1; /* connect */
00524   socksreq[2] = 0; /* must be zero */
00525   socksreq[3] = 1; /* IPv4 = 1 */
00526 
00527   {
00528     struct Curl_dns_entry *dns;
00529     Curl_addrinfo *hp=NULL;
00530     int rc = Curl_resolv(conn, hostname, remote_port, &dns);
00531 
00532     if(rc == CURLRESOLV_ERROR)
00533       return CURLE_COULDNT_RESOLVE_HOST;
00534 
00535     if(rc == CURLRESOLV_PENDING)
00536       /* this requires that we're in "wait for resolve" state */
00537       rc = Curl_wait_for_resolv(conn, &dns);
00538 
00539     /*
00540      * We cannot use 'hostent' as a struct that Curl_resolv() returns.  It
00541      * returns a Curl_addrinfo pointer that may not always look the same.
00542      */
00543     if(dns)
00544       hp=dns->addr;
00545     if (hp) {
00546       char buf[64];
00547       unsigned short ip[4];
00548       Curl_printable_address(hp, buf, sizeof(buf));
00549 
00550       if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
00551                       &ip[0], &ip[1], &ip[2], &ip[3])) {
00552         socksreq[4] = (unsigned char)ip[0];
00553         socksreq[5] = (unsigned char)ip[1];
00554         socksreq[6] = (unsigned char)ip[2];
00555         socksreq[7] = (unsigned char)ip[3];
00556       }
00557       else
00558         hp = NULL; /* fail! */
00559 
00560       Curl_resolv_unlock(data, dns); /* not used anymore from now on */
00561     }
00562     if(!hp) {
00563       failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
00564             hostname);
00565       return CURLE_COULDNT_RESOLVE_HOST;
00566     }
00567   }
00568 
00569   *((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
00570 
00571   {
00572     const int packetsize = 10;
00573 
00574     code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
00575     if ((code != CURLE_OK) || (written != packetsize)) {
00576       failf(data, "Failed to send SOCKS5 connect request.");
00577       return CURLE_COULDNT_CONNECT;
00578     }
00579 
00580     result = blockread_all(conn, sock, (char *)socksreq, packetsize,
00581                            &actualread, timeout);
00582     if ((result != CURLE_OK) || (actualread != packetsize)) {
00583       failf(data, "Failed to receive SOCKS5 connect request ack.");
00584       return CURLE_COULDNT_CONNECT;
00585     }
00586 
00587     if (socksreq[0] != 5) { /* version */
00588       failf(data,
00589             "SOCKS5 reply has wrong version, version should be 5.");
00590       return CURLE_COULDNT_CONNECT;
00591     }
00592     if (socksreq[1] != 0) { /* Anything besides 0 is an error */
00593         failf(data,
00594               "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
00595               (unsigned char)socksreq[4], (unsigned char)socksreq[5],
00596               (unsigned char)socksreq[6], (unsigned char)socksreq[7],
00597               (unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
00598               socksreq[1]);
00599         return CURLE_COULDNT_CONNECT;
00600     }
00601   }
00602 
00603   Curl_nonblock(sock, TRUE);
00604   return CURLE_OK; /* Proxy was successful! */
00605 }
D:/opendownloadmanager/ODM-1.x/InetFile/cURL_lib/socks.c
