1
/***************************************************************************
3
* Project ___| | | | _ \| |
5
* | (__| |_| | _ <| |___
6
* \___|\___/|_| \_\_____|
8
* Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
10
* This software is licensed as described in the file COPYING, which
11
* you should have received as part of this distribution. The terms
12
* are also available at http://curl.haxx.se/docs/copyright.html.
14
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
* copies of the Software, and permit persons to whom the Software is
16
* furnished to do so, under the terms of the COPYING file.
18
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
* KIND, either express or implied.
21
* $Id: socks.c,v 1.12 2007-03-30 19:59:15 bagder Exp $
22
***************************************************************************/
34
#ifdef HAVE_SYS_SOCKET_H
35
#include <sys/socket.h>
37
#ifdef HAVE_NETINET_IN_H
38
#include <netinet/in.h>
40
#ifdef HAVE_ARPA_INET_H
41
#include <arpa/inet.h>
52
/* The last #include file should be: */
56
* Helper read-from-socket functions. Does the same as Curl_read() but it
57
* blocks until all bytes amount of buffersize will be read. No more, no less.
59
* This is STUPID BLOCKING behaviour which we frown upon, but right now this
62
static int blockread_all(struct connectdata *conn, /* connection data */
63
curl_socket_t sockfd, /* read from this socket */
64
char *buf, /* store read data here */
65
ssize_t buffersize, /* max amount to read */
66
ssize_t *n, /* amount bytes read */
67
long conn_timeout) /* timeout for data wait
79
/* calculating how long connection is establishing */
80
conntime = Curl_tvdiff(tvnow, conn->created);
81
if(conntime > conn_timeout) {
82
/* we already got the timeout */
86
if(Curl_socket_ready(sockfd, CURL_SOCKET_BAD,
87
(int)(conn_timeout - conntime)) <= 0) {
91
result = Curl_read(conn, sockfd, buf, buffersize, &nread);
95
if(buffersize == nread) {
109
* This function logs in to a SOCKS4 proxy and sends the specifics to the final
110
* destination server.
113
* http://socks.permeo.com/protocol/socks4.protocol
116
* Nonsupport "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
117
* Nonsupport "Identification Protocol (RFC1413)"
119
CURLcode Curl_SOCKS4(const char *proxy_name,
123
struct connectdata *conn)
125
unsigned char socksreq[262]; /* room for SOCKS4 request incl. user id */
128
curl_socket_t sock = conn->sock[sockindex];
130
struct SessionHandle *data = conn->data;
133
if(data->set.timeout && data->set.connecttimeout) {
134
if (data->set.timeout < data->set.connecttimeout)
135
timeout = data->set.timeout;
137
timeout = data->set.connecttimeout;
139
else if(data->set.timeout)
140
timeout = data->set.timeout;
141
else if(data->set.connecttimeout)
142
timeout = data->set.connecttimeout;
144
timeout = DEFAULT_CONNECT_TIMEOUT;
146
Curl_nonblock(sock, FALSE);
149
* Compose socks4 request
153
* +----+----+----+----+----+----+----+----+----+----+....+----+
154
* | VN | CD | DSTPORT | DSTIP | USERID |NULL|
155
* +----+----+----+----+----+----+----+----+----+----+....+----+
156
* # of bytes: 1 1 2 4 variable 1
159
socksreq[0] = 4; /* version (SOCKS4) */
160
socksreq[1] = 1; /* connect */
161
*((unsigned short*)&socksreq[2]) = htons((unsigned short)remote_port);
165
struct Curl_dns_entry *dns;
166
Curl_addrinfo *hp=NULL;
169
rc = Curl_resolv(conn, hostname, remote_port, &dns);
171
if(rc == CURLRESOLV_ERROR)
172
return CURLE_COULDNT_RESOLVE_PROXY;
174
if(rc == CURLRESOLV_PENDING)
175
/* this requires that we're in "wait for resolve" state */
176
rc = Curl_wait_for_resolv(conn, &dns);
179
* We cannot use 'hostent' as a struct that Curl_resolv() returns. It
180
* returns a Curl_addrinfo pointer that may not always look the same.
186
unsigned short ip[4];
187
Curl_printable_address(hp, buf, sizeof(buf));
189
if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
190
&ip[0], &ip[1], &ip[2], &ip[3])) {
192
socksreq[4] = (unsigned char)ip[0];
193
socksreq[5] = (unsigned char)ip[1];
194
socksreq[6] = (unsigned char)ip[2];
195
socksreq[7] = (unsigned char)ip[3];
198
hp = NULL; /* fail! */
200
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
204
failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
206
return CURLE_COULDNT_RESOLVE_HOST;
211
* This is currently not supporting "Identification Protocol (RFC1413)".
213
socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
215
strlcat((char*)socksreq + 8, proxy_name, sizeof(socksreq) - 8);
224
(int)strlen((char*)socksreq + 8); /* size including NUL */
227
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
228
if ((code != CURLE_OK) || (written != packetsize)) {
229
failf(data, "Failed to send SOCKS4 connect request.");
230
return CURLE_COULDNT_CONNECT;
233
packetsize = 8; /* receive data size */
235
/* Receive response */
236
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
237
&actualread, timeout);
238
if ((result != CURLE_OK) || (actualread != packetsize)) {
239
failf(data, "Failed to receive SOCKS4 connect request ack.");
240
return CURLE_COULDNT_CONNECT;
246
* +----+----+----+----+----+----+----+----+
247
* | VN | CD | DSTPORT | DSTIP |
248
* +----+----+----+----+----+----+----+----+
249
* # of bytes: 1 1 2 4
251
* VN is the version of the reply code and should be 0. CD is the result
252
* code with one of the following values:
254
* 90: request granted
255
* 91: request rejected or failed
256
* 92: request rejected because SOCKS server cannot connect to
257
* identd on the client
258
* 93: request rejected because the client program and identd
259
* report different user-ids
262
/* wrong version ? */
263
if (socksreq[0] != 0) {
265
"SOCKS4 reply has wrong version, version should be 4.");
266
return CURLE_COULDNT_CONNECT;
273
infof(data, "SOCKS4 request granted.\n");
277
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
278
", request rejected or failed.",
279
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
280
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
281
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
283
return CURLE_COULDNT_CONNECT;
286
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
287
", request rejected because SOCKS server cannot connect to "
288
"identd on the client.",
289
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
290
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
291
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
293
return CURLE_COULDNT_CONNECT;
296
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
297
", request rejected because the client program and identd "
298
"report different user-ids.",
299
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
300
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
301
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
303
return CURLE_COULDNT_CONNECT;
306
"Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d)"
308
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
309
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
310
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
312
return CURLE_COULDNT_CONNECT;
316
Curl_nonblock(sock, TRUE);
318
return CURLE_OK; /* Proxy was successful! */
322
* This function logs in to a SOCKS5 proxy and sends the specifics to the final
323
* destination server.
325
CURLcode Curl_SOCKS5(const char *proxy_name,
326
const char *proxy_password,
330
struct connectdata *conn)
333
According to the RFC1928, section "6. Replies". This is what a SOCK5
336
+----+-----+-------+------+----------+----------+
337
|VER | REP | RSV | ATYP | BND.ADDR | BND.PORT |
338
+----+-----+-------+------+----------+----------+
339
| 1 | 1 | X'00' | 1 | Variable | 2 |
340
+----+-----+-------+------+----------+----------+
344
o VER protocol version: X'05'
349
unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
354
curl_socket_t sock = conn->sock[sockindex];
355
struct SessionHandle *data = conn->data;
359
if(data->set.timeout && data->set.connecttimeout) {
360
if (data->set.timeout < data->set.connecttimeout)
361
timeout = data->set.timeout;
363
timeout = data->set.connecttimeout;
365
else if(data->set.timeout)
366
timeout = data->set.timeout;
367
else if(data->set.connecttimeout)
368
timeout = data->set.connecttimeout;
370
timeout = DEFAULT_CONNECT_TIMEOUT;
372
Curl_nonblock(sock, TRUE);
374
/* wait until socket gets connected */
375
result = Curl_socket_ready(CURL_SOCKET_BAD, sock, (int)timeout);
378
failf(conn->data, "SOCKS5: no connection here");
379
return CURLE_COULDNT_CONNECT;
381
else if(0 == result) {
382
failf(conn->data, "SOCKS5: connection timeout");
383
return CURLE_OPERATION_TIMEDOUT;
386
if(result & CSELECT_ERR) {
387
failf(conn->data, "SOCKS5: error occured during connection");
388
return CURLE_COULDNT_CONNECT;
391
socksreq[0] = 5; /* version */
392
socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
393
socksreq[2] = 0; /* no authentication */
394
socksreq[3] = 2; /* username/password */
396
Curl_nonblock(sock, FALSE);
398
code = Curl_write(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
400
if ((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
401
failf(data, "Unable to send initial SOCKS5 request.");
402
return CURLE_COULDNT_CONNECT;
405
Curl_nonblock(sock, TRUE);
407
result = Curl_socket_ready(sock, CURL_SOCKET_BAD, (int)timeout);
410
failf(conn->data, "SOCKS5 nothing to read");
411
return CURLE_COULDNT_CONNECT;
413
else if(0 == result) {
414
failf(conn->data, "SOCKS5 read timeout");
415
return CURLE_OPERATION_TIMEDOUT;
418
if(result & CSELECT_ERR) {
419
failf(conn->data, "SOCKS5 read error occured");
420
return CURLE_RECV_ERROR;
423
Curl_nonblock(sock, FALSE);
425
result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread, timeout);
426
if ((result != CURLE_OK) || (actualread != 2)) {
427
failf(data, "Unable to receive initial SOCKS5 response.");
428
return CURLE_COULDNT_CONNECT;
431
if (socksreq[0] != 5) {
432
failf(data, "Received invalid version in initial SOCKS5 response.");
433
return CURLE_COULDNT_CONNECT;
435
if (socksreq[1] == 0) {
436
/* Nothing to do, no authentication needed */
439
else if (socksreq[1] == 2) {
440
/* Needs user name and password */
441
size_t userlen, pwlen;
443
if(proxy_name && proxy_password) {
444
userlen = strlen(proxy_name);
445
pwlen = strlen(proxy_password);
452
/* username/password request looks like
453
* +----+------+----------+------+----------+
454
* |VER | ULEN | UNAME | PLEN | PASSWD |
455
* +----+------+----------+------+----------+
456
* | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
457
* +----+------+----------+------+----------+
460
socksreq[len++] = 1; /* username/pw subnegotiation version */
461
socksreq[len++] = (char) userlen;
462
memcpy(socksreq + len, proxy_name, (int) userlen);
464
socksreq[len++] = (char) pwlen;
465
memcpy(socksreq + len, proxy_password, (int) pwlen);
468
code = Curl_write(conn, sock, (char *)socksreq, len, &written);
469
if ((code != CURLE_OK) || (len != written)) {
470
failf(data, "Failed to send SOCKS5 sub-negotiation request.");
471
return CURLE_COULDNT_CONNECT;
474
result=blockread_all(conn, sock, (char *)socksreq, 2, &actualread,
476
if ((result != CURLE_OK) || (actualread != 2)) {
477
failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
478
return CURLE_COULDNT_CONNECT;
481
/* ignore the first (VER) byte */
482
if (socksreq[1] != 0) { /* status */
483
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
484
socksreq[0], socksreq[1]);
485
return CURLE_COULDNT_CONNECT;
488
/* Everything is good so far, user was authenticated! */
492
if (socksreq[1] == 1) {
494
"SOCKS5 GSSAPI per-message authentication is not supported.");
495
return CURLE_COULDNT_CONNECT;
497
else if (socksreq[1] == 255) {
498
if (!proxy_name || !*proxy_name) {
500
"No authentication method was acceptable. (It is quite likely"
501
" that the SOCKS5 server wanted a username/password, since none"
502
" was supplied to the server on this connection.)");
505
failf(data, "No authentication method was acceptable.");
507
return CURLE_COULDNT_CONNECT;
511
"Undocumented SOCKS5 mode attempted to be used by server.");
512
return CURLE_COULDNT_CONNECT;
516
/* Authentication is complete, now specify destination to the proxy */
517
socksreq[0] = 5; /* version (SOCKS5) */
518
socksreq[1] = 1; /* connect */
519
socksreq[2] = 0; /* must be zero */
520
socksreq[3] = 1; /* IPv4 = 1 */
523
struct Curl_dns_entry *dns;
524
Curl_addrinfo *hp=NULL;
525
int rc = Curl_resolv(conn, hostname, remote_port, &dns);
527
if(rc == CURLRESOLV_ERROR)
528
return CURLE_COULDNT_RESOLVE_HOST;
530
if(rc == CURLRESOLV_PENDING)
531
/* this requires that we're in "wait for resolve" state */
532
rc = Curl_wait_for_resolv(conn, &dns);
535
* We cannot use 'hostent' as a struct that Curl_resolv() returns. It
536
* returns a Curl_addrinfo pointer that may not always look the same.
542
unsigned short ip[4];
543
Curl_printable_address(hp, buf, sizeof(buf));
545
if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
546
&ip[0], &ip[1], &ip[2], &ip[3])) {
547
socksreq[4] = (unsigned char)ip[0];
548
socksreq[5] = (unsigned char)ip[1];
549
socksreq[6] = (unsigned char)ip[2];
550
socksreq[7] = (unsigned char)ip[3];
553
hp = NULL; /* fail! */
555
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
558
failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.",
560
return CURLE_COULDNT_RESOLVE_HOST;
564
*((unsigned short*)&socksreq[8]) = htons((unsigned short)remote_port);
567
const int packetsize = 10;
569
code = Curl_write(conn, sock, (char *)socksreq, packetsize, &written);
570
if ((code != CURLE_OK) || (written != packetsize)) {
571
failf(data, "Failed to send SOCKS5 connect request.");
572
return CURLE_COULDNT_CONNECT;
575
result = blockread_all(conn, sock, (char *)socksreq, packetsize,
576
&actualread, timeout);
577
if ((result != CURLE_OK) || (actualread != packetsize)) {
578
failf(data, "Failed to receive SOCKS5 connect request ack.");
579
return CURLE_COULDNT_CONNECT;
582
if (socksreq[0] != 5) { /* version */
584
"SOCKS5 reply has wrong version, version should be 5.");
585
return CURLE_COULDNT_CONNECT;
587
if (socksreq[1] != 0) { /* Anything besides 0 is an error */
589
"Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
590
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
591
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
592
(unsigned int)ntohs(*(unsigned short*)(&socksreq[8])),
594
return CURLE_COULDNT_CONNECT;
598
Curl_nonblock(sock, TRUE);
599
return CURLE_OK; /* Proxy was successful! */