Annotation of embedaddon/curl/tests/server/socksd.c, revision 1.1
1.1 ! misho 1: /***************************************************************************
! 2: * _ _ ____ _
! 3: * Project ___| | | | _ \| |
! 4: * / __| | | | |_) | |
! 5: * | (__| |_| | _ <| |___
! 6: * \___|\___/|_| \_\_____|
! 7: *
! 8: * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: *
! 10: * This software is licensed as described in the file COPYING, which
! 11: * you should have received as part of this distribution. The terms
! 12: * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: *
! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: * copies of the Software, and permit persons to whom the Software is
! 16: * furnished to do so, under the terms of the COPYING file.
! 17: *
! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: * KIND, either express or implied.
! 20: *
! 21: ***************************************************************************/
! 22: #include "server_setup.h"
! 23: #include <stdlib.h>
! 24:
! 25: /* Function
! 26: *
! 27: * Accepts a TCP connection on a custom port (IPv4 or IPv6). Connects to a
! 28: * given addr + port backend (that is NOT extracted form the client's
! 29: * request). The backend server default to connect to can be set with
! 30: * --backend and --backendport.
! 31: *
! 32: * Read commands from FILE (set with --config). The commands control how to
! 33: * act and is reset to defaults each client TCP connect.
! 34: *
! 35: * Config file keywords:
! 36: *
! 37: * "version [number: 5]" - requires the communication to use this version.
! 38: * "nmethods_min [number: 1]" - the minimum numberf NMETHODS the client must
! 39: * state
! 40: * "nmethods_max [number: 3]" - the minimum numberf NMETHODS the client must
! 41: * state
! 42: * "user [string]" - the user name that must match (if method is 2)
! 43: * "password [string]" - the password that must match (if method is 2)
! 44: * "backend [IPv4]" - numerical IPv4 address of backend to connect to
! 45: * "backendport [number:0]" - TCP port of backend to connect to. 0 means use
! 46: the client's specified port number.
! 47: * "method [number: 0]" - connect method to respond with:
! 48: * 0 - no auth
! 49: * 1 - GSSAPI (not supported)
! 50: * 2 - user + password
! 51: * "response [number]" - the decimal number to repsond to a connect
! 52: * SOCKS5: 0 is OK, SOCKS4: 90 is ok
! 53: *
! 54: */
! 55:
! 56: /* based on sockfilt.c */
! 57:
! 58: #ifdef HAVE_SIGNAL_H
! 59: #include <signal.h>
! 60: #endif
! 61: #ifdef HAVE_NETINET_IN_H
! 62: #include <netinet/in.h>
! 63: #endif
! 64: #ifdef HAVE_NETINET_IN6_H
! 65: #include <netinet/in6.h>
! 66: #endif
! 67: #ifdef HAVE_ARPA_INET_H
! 68: #include <arpa/inet.h>
! 69: #endif
! 70: #ifdef HAVE_NETDB_H
! 71: #include <netdb.h>
! 72: #endif
! 73:
! 74: #define ENABLE_CURLX_PRINTF
! 75: /* make the curlx header define all printf() functions to use the curlx_*
! 76: versions instead */
! 77: #include "curlx.h" /* from the private lib dir */
! 78: #include "getpart.h"
! 79: #include "inet_pton.h"
! 80: #include "util.h"
! 81: #include "server_sockaddr.h"
! 82: #include "warnless.h"
! 83:
! 84: /* include memdebug.h last */
! 85: #include "memdebug.h"
! 86:
! 87: #ifdef USE_WINSOCK
! 88: #undef EINTR
! 89: #define EINTR 4 /* errno.h value */
! 90: #undef EAGAIN
! 91: #define EAGAIN 11 /* errno.h value */
! 92: #undef ENOMEM
! 93: #define ENOMEM 12 /* errno.h value */
! 94: #undef EINVAL
! 95: #define EINVAL 22 /* errno.h value */
! 96: #endif
! 97:
! 98: #define DEFAULT_PORT 8905
! 99:
! 100: #ifndef DEFAULT_LOGFILE
! 101: #define DEFAULT_LOGFILE "log/socksd.log"
! 102: #endif
! 103:
! 104: #ifndef DEFAULT_CONFIG
! 105: #define DEFAULT_CONFIG "socksd.config"
! 106: #endif
! 107:
! 108: static const char *backendaddr = "127.0.0.1";
! 109: static unsigned short backendport = 0; /* default is use client's */
! 110:
! 111: struct configurable {
! 112: unsigned char version; /* initial version byte in the request must match
! 113: this */
! 114: unsigned char nmethods_min; /* minimum number of nmethods to expect */
! 115: unsigned char nmethods_max; /* maximum number of nmethods to expect */
! 116: unsigned char responseversion;
! 117: unsigned char responsemethod;
! 118: unsigned char reqcmd;
! 119: unsigned char connectrep;
! 120: unsigned short port; /* backend port */
! 121: char addr[32]; /* backend IPv4 numerical */
! 122: char user[256];
! 123: char password[256];
! 124: };
! 125:
! 126: #define CONFIG_VERSION 5
! 127: #define CONFIG_NMETHODS_MIN 1 /* unauth, gssapi, auth */
! 128: #define CONFIG_NMETHODS_MAX 3
! 129: #define CONFIG_RESPONSEVERSION CONFIG_VERSION
! 130: #define CONFIG_RESPONSEMETHOD 0 /* no auth */
! 131: #define CONFIG_REQCMD 1 /* CONNECT */
! 132: #define CONFIG_PORT backendport
! 133: #define CONFIG_ADDR backendaddr
! 134: #define CONFIG_CONNECTREP 0
! 135:
! 136: static struct configurable config;
! 137:
! 138: const char *serverlogfile = DEFAULT_LOGFILE;
! 139: static const char *configfile = DEFAULT_CONFIG;
! 140:
! 141: #ifdef ENABLE_IPV6
! 142: static bool use_ipv6 = FALSE;
! 143: #endif
! 144: static const char *ipv_inuse = "IPv4";
! 145: static unsigned short port = DEFAULT_PORT;
! 146:
! 147: static void resetdefaults(void)
! 148: {
! 149: logmsg("Reset to defaults");
! 150: config.version = CONFIG_VERSION;
! 151: config.nmethods_min = CONFIG_NMETHODS_MIN;
! 152: config.nmethods_max = CONFIG_NMETHODS_MAX;
! 153: config.responseversion = CONFIG_RESPONSEVERSION;
! 154: config.responsemethod = CONFIG_RESPONSEMETHOD;
! 155: config.reqcmd = CONFIG_REQCMD;
! 156: config.connectrep = CONFIG_CONNECTREP;
! 157: config.port = CONFIG_PORT;
! 158: strcpy(config.addr, CONFIG_ADDR);
! 159: strcpy(config.user, "user");
! 160: strcpy(config.password, "password");
! 161: }
! 162:
! 163: static unsigned char byteval(char *value)
! 164: {
! 165: unsigned long num = strtoul(value, NULL, 10);
! 166: return num & 0xff;
! 167: }
! 168:
! 169: static unsigned short shortval(char *value)
! 170: {
! 171: unsigned long num = strtoul(value, NULL, 10);
! 172: return num & 0xffff;
! 173: }
! 174:
! 175: static void getconfig(void)
! 176: {
! 177: FILE *fp = fopen(configfile, FOPEN_READTEXT);
! 178: resetdefaults();
! 179: if(fp) {
! 180: char buffer[512];
! 181: logmsg("parse config file");
! 182: while(fgets(buffer, sizeof(buffer), fp)) {
! 183: char key[32];
! 184: char value[32];
! 185: if(2 == sscanf(buffer, "%31s %31s", key, value)) {
! 186: if(!strcmp(key, "version")) {
! 187: config.version = byteval(value);
! 188: logmsg("version [%d] set", config.version);
! 189: }
! 190: else if(!strcmp(key, "nmethods_min")) {
! 191: config.nmethods_min = byteval(value);
! 192: logmsg("nmethods_min [%d] set", config.nmethods_min);
! 193: }
! 194: else if(!strcmp(key, "nmethods_max")) {
! 195: config.nmethods_max = byteval(value);
! 196: logmsg("nmethods_max [%d] set", config.nmethods_max);
! 197: }
! 198: else if(!strcmp(key, "backend")) {
! 199: strcpy(config.addr, value);
! 200: logmsg("backend [%s] set", config.addr);
! 201: }
! 202: else if(!strcmp(key, "backendport")) {
! 203: config.port = shortval(value);
! 204: logmsg("backendport [%d] set", config.port);
! 205: }
! 206: else if(!strcmp(key, "user")) {
! 207: strcpy(config.user, value);
! 208: logmsg("user [%s] set", config.user);
! 209: }
! 210: else if(!strcmp(key, "password")) {
! 211: strcpy(config.password, value);
! 212: logmsg("password [%s] set", config.password);
! 213: }
! 214: /* Methods:
! 215: o X'00' NO AUTHENTICATION REQUIRED
! 216: o X'01' GSSAPI
! 217: o X'02' USERNAME/PASSWORD
! 218: */
! 219: else if(!strcmp(key, "method")) {
! 220: config.responsemethod = byteval(value);
! 221: logmsg("method [%d] set", config.responsemethod);
! 222: }
! 223: else if(!strcmp(key, "response")) {
! 224: config.connectrep = byteval(value);
! 225: logmsg("response [%d] set", config.connectrep);
! 226: }
! 227: }
! 228: }
! 229: fclose(fp);
! 230: }
! 231: }
! 232:
! 233: static void loghex(unsigned char *buffer, ssize_t len)
! 234: {
! 235: char data[1200];
! 236: ssize_t i;
! 237: unsigned char *ptr = buffer;
! 238: char *optr = data;
! 239: ssize_t width = 0;
! 240: int left = sizeof(data);
! 241:
! 242: for(i = 0; i<len && (left >= 0); i++) {
! 243: msnprintf(optr, left, "%02x", ptr[i]);
! 244: width += 2;
! 245: optr += 2;
! 246: left -= 2;
! 247: }
! 248: if(width)
! 249: logmsg("'%s'", data);
! 250: }
! 251:
! 252: /* RFC 1928, SOCKS5 byte index */
! 253: #define SOCKS5_VERSION 0
! 254: #define SOCKS5_NMETHODS 1 /* number of methods that is listed */
! 255:
! 256: /* in the request: */
! 257: #define SOCKS5_REQCMD 1
! 258: #define SOCKS5_RESERVED 2
! 259: #define SOCKS5_ATYP 3
! 260: #define SOCKS5_DSTADDR 4
! 261:
! 262: /* connect response */
! 263: #define SOCKS5_REP 1
! 264: #define SOCKS5_BNDADDR 4
! 265:
! 266: /* auth request */
! 267: #define SOCKS5_ULEN 1
! 268: #define SOCKS5_UNAME 2
! 269:
! 270: #define SOCKS4_CD 1
! 271: #define SOCKS4_DSTPORT 2
! 272:
! 273: /* connect to a given IPv4 address, not the one asked for */
! 274: static curl_socket_t socksconnect(unsigned short connectport,
! 275: const char *connectaddr)
! 276: {
! 277: int rc;
! 278: srvr_sockaddr_union_t me;
! 279: curl_socket_t sock = socket(AF_INET, SOCK_STREAM, 0);
! 280: if(sock == CURL_SOCKET_BAD)
! 281: return CURL_SOCKET_BAD;
! 282: memset(&me.sa4, 0, sizeof(me.sa4));
! 283: me.sa4.sin_family = AF_INET;
! 284: me.sa4.sin_port = htons(connectport);
! 285: me.sa4.sin_addr.s_addr = INADDR_ANY;
! 286: Curl_inet_pton(AF_INET, connectaddr, &me.sa4.sin_addr);
! 287:
! 288: rc = connect(sock, &me.sa, sizeof(me.sa4));
! 289:
! 290: if(rc) {
! 291: int error = SOCKERRNO;
! 292: logmsg("Error connecting to %s:%hu: (%d) %s",
! 293: connectaddr, connectport, error, strerror(error));
! 294: return CURL_SOCKET_BAD;
! 295: }
! 296: logmsg("Connected fine to %s:%d", connectaddr, connectport);
! 297: return sock;
! 298: }
! 299:
! 300: static curl_socket_t socks4(curl_socket_t fd,
! 301: unsigned char *buffer,
! 302: ssize_t rc)
! 303: {
! 304: unsigned char response[256 + 16];
! 305: curl_socket_t connfd;
! 306: unsigned char cd;
! 307: unsigned short s4port;
! 308:
! 309: if(buffer[SOCKS4_CD] != 1) {
! 310: logmsg("SOCKS4 CD is not 1: %d", buffer[SOCKS4_CD]);
! 311: return CURL_SOCKET_BAD;
! 312: }
! 313: if(rc < 9) {
! 314: logmsg("SOCKS4 connect message too short: %d", rc);
! 315: return CURL_SOCKET_BAD;
! 316: }
! 317: if(!config.port)
! 318: s4port = (unsigned short)((buffer[SOCKS4_DSTPORT]<<8) |
! 319: (buffer[SOCKS4_DSTPORT + 1]));
! 320: else
! 321: s4port = config.port;
! 322:
! 323: connfd = socksconnect(s4port, config.addr);
! 324: if(connfd == CURL_SOCKET_BAD) {
! 325: /* failed */
! 326: cd = 91;
! 327: }
! 328: else {
! 329: /* success */
! 330: cd = 90;
! 331: }
! 332: response[0] = 0; /* reply version 0 */
! 333: response[1] = cd; /* result */
! 334: /* copy port and address from connect request */
! 335: memcpy(&response[2], &buffer[SOCKS4_DSTPORT], 6);
! 336: rc = (send)(fd, (char *)response, 8, 0);
! 337: if(rc != 8) {
! 338: logmsg("Sending SOCKS4 response failed!");
! 339: return CURL_SOCKET_BAD;
! 340: }
! 341: logmsg("Sent %d bytes", rc);
! 342: loghex(response, rc);
! 343:
! 344: if(cd == 90)
! 345: /* now do the transfer */
! 346: return connfd;
! 347:
! 348: if(connfd != CURL_SOCKET_BAD)
! 349: sclose(connfd);
! 350:
! 351: return CURL_SOCKET_BAD;
! 352: }
! 353:
! 354: static curl_socket_t sockit(curl_socket_t fd)
! 355: {
! 356: unsigned char buffer[256 + 16];
! 357: unsigned char response[256 + 16];
! 358: ssize_t rc;
! 359: unsigned char len;
! 360: unsigned char type;
! 361: unsigned char rep = 0;
! 362: unsigned char *address;
! 363: unsigned short socksport;
! 364: curl_socket_t connfd = CURL_SOCKET_BAD;
! 365: unsigned short s5port;
! 366:
! 367: getconfig();
! 368:
! 369: rc = recv(fd, (char *)buffer, sizeof(buffer), 0);
! 370:
! 371: logmsg("READ %d bytes", rc);
! 372: loghex(buffer, rc);
! 373:
! 374: if(buffer[SOCKS5_VERSION] == 4)
! 375: return socks4(fd, buffer, rc);
! 376:
! 377: if(buffer[SOCKS5_VERSION] != config.version) {
! 378: logmsg("VERSION byte not %d", config.version);
! 379: return CURL_SOCKET_BAD;
! 380: }
! 381: if((buffer[SOCKS5_NMETHODS] < config.nmethods_min) ||
! 382: (buffer[SOCKS5_NMETHODS] > config.nmethods_max)) {
! 383: logmsg("NMETHODS byte not within %d - %d ",
! 384: config.nmethods_min, config.nmethods_max);
! 385: return CURL_SOCKET_BAD;
! 386: }
! 387: /* after NMETHODS follows that many bytes listing the methods the client
! 388: says it supports */
! 389: if(rc != (buffer[SOCKS5_NMETHODS] + 2)) {
! 390: logmsg("Expected %d bytes, got %d", buffer[SOCKS5_NMETHODS] + 2, rc);
! 391: return CURL_SOCKET_BAD;
! 392: }
! 393: logmsg("Incoming request deemed fine!");
! 394:
! 395: /* respond with two bytes: VERSION + METHOD */
! 396: response[0] = config.responseversion;
! 397: response[1] = config.responsemethod;
! 398: rc = (send)(fd, (char *)response, 2, 0);
! 399: if(rc != 2) {
! 400: logmsg("Sending response failed!");
! 401: return CURL_SOCKET_BAD;
! 402: }
! 403: logmsg("Sent %d bytes", rc);
! 404: loghex(response, rc);
! 405:
! 406: /* expect the request or auth */
! 407: rc = recv(fd, (char *)buffer, sizeof(buffer), 0);
! 408:
! 409: logmsg("READ %d bytes", rc);
! 410: loghex(buffer, rc);
! 411:
! 412: if(config.responsemethod == 2) {
! 413: /* RFC 1929 authentication
! 414: +----+------+----------+------+----------+
! 415: |VER | ULEN | UNAME | PLEN | PASSWD |
! 416: +----+------+----------+------+----------+
! 417: | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
! 418: +----+------+----------+------+----------+
! 419: */
! 420: unsigned char ulen;
! 421: unsigned char plen;
! 422: bool login = TRUE;
! 423: if(rc < 5) {
! 424: logmsg("Too short auth input: %d", rc);
! 425: return CURL_SOCKET_BAD;
! 426: }
! 427: if(buffer[SOCKS5_VERSION] != 1) {
! 428: logmsg("Auth VERSION byte not 1, got %d", buffer[SOCKS5_VERSION]);
! 429: return CURL_SOCKET_BAD;
! 430: }
! 431: ulen = buffer[SOCKS5_ULEN];
! 432: if(rc < 4 + ulen) {
! 433: logmsg("Too short packet for username: %d", rc);
! 434: return CURL_SOCKET_BAD;
! 435: }
! 436: plen = buffer[SOCKS5_ULEN + ulen + 1];
! 437: if(rc < 3 + ulen + plen) {
! 438: logmsg("Too short packet for ulen %d plen %d: %d", ulen, plen, rc);
! 439: return CURL_SOCKET_BAD;
! 440: }
! 441: if((ulen != strlen(config.user)) ||
! 442: (plen != strlen(config.password)) ||
! 443: memcmp(&buffer[SOCKS5_UNAME], config.user, ulen) ||
! 444: memcmp(&buffer[SOCKS5_UNAME + ulen + 1], config.password, plen)) {
! 445: /* no match! */
! 446: logmsg("mismatched credentials!");
! 447: login = FALSE;
! 448: }
! 449: response[0] = 1;
! 450: response[1] = login ? 0 : 1;
! 451: rc = (send)(fd, (char *)response, 2, 0);
! 452: if(rc != 2) {
! 453: logmsg("Sending auth response failed!");
! 454: return CURL_SOCKET_BAD;
! 455: }
! 456: logmsg("Sent %d bytes", rc);
! 457: loghex(response, rc);
! 458: if(!login)
! 459: return CURL_SOCKET_BAD;
! 460:
! 461: /* expect the request */
! 462: rc = recv(fd, (char *)buffer, sizeof(buffer), 0);
! 463:
! 464: logmsg("READ %d bytes", rc);
! 465: loghex(buffer, rc);
! 466: }
! 467: if(rc < 6) {
! 468: logmsg("Too short for request: %d", rc);
! 469: return CURL_SOCKET_BAD;
! 470: }
! 471:
! 472: if(buffer[SOCKS5_VERSION] != config.version) {
! 473: logmsg("Request VERSION byte not %d", config.version);
! 474: return CURL_SOCKET_BAD;
! 475: }
! 476: /* 1 == CONNECT */
! 477: if(buffer[SOCKS5_REQCMD] != config.reqcmd) {
! 478: logmsg("Request COMMAND byte not %d", config.reqcmd);
! 479: return CURL_SOCKET_BAD;
! 480: }
! 481: /* reserved, should be zero */
! 482: if(buffer[SOCKS5_RESERVED] != 0) {
! 483: logmsg("Request COMMAND byte not %d", config.reqcmd);
! 484: return CURL_SOCKET_BAD;
! 485: }
! 486: /* ATYP:
! 487: o IP V4 address: X'01'
! 488: o DOMAINNAME: X'03'
! 489: o IP V6 address: X'04'
! 490: */
! 491: type = buffer[SOCKS5_ATYP];
! 492: address = &buffer[SOCKS5_DSTADDR];
! 493: switch(type) {
! 494: case 1:
! 495: /* 4 bytes IPv4 address */
! 496: len = 4;
! 497: break;
! 498: case 3:
! 499: /* The first octet of the address field contains the number of octets of
! 500: name that follow */
! 501: len = buffer[SOCKS5_DSTADDR];
! 502: len++;
! 503: break;
! 504: case 4:
! 505: /* 16 bytes IPv6 address */
! 506: len = 16;
! 507: break;
! 508: default:
! 509: logmsg("Unknown ATYP %d", type);
! 510: return CURL_SOCKET_BAD;
! 511: }
! 512: if(rc < (4 + len + 2)) {
! 513: logmsg("Request too short: %d, expected %d", rc, 4 + len + 2);
! 514: return CURL_SOCKET_BAD;
! 515: }
! 516:
! 517: if(!config.port) {
! 518: unsigned char *portp = &buffer[SOCKS5_DSTADDR + len];
! 519: s5port = (unsigned short)((portp[0]<<8) | (portp[1]));
! 520: }
! 521: else
! 522: s5port = config.port;
! 523:
! 524: if(!config.connectrep)
! 525: connfd = socksconnect(s5port, config.addr);
! 526:
! 527: if(connfd == CURL_SOCKET_BAD) {
! 528: /* failed */
! 529: rep = 1;
! 530: }
! 531: else {
! 532: rep = config.connectrep;
! 533: }
! 534:
! 535: /* */
! 536: response[SOCKS5_VERSION] = config.responseversion;
! 537:
! 538: /*
! 539: o REP Reply field:
! 540: o X'00' succeeded
! 541: o X'01' general SOCKS server failure
! 542: o X'02' connection not allowed by ruleset
! 543: o X'03' Network unreachable
! 544: o X'04' Host unreachable
! 545: o X'05' Connection refused
! 546: o X'06' TTL expired
! 547: o X'07' Command not supported
! 548: o X'08' Address type not supported
! 549: o X'09' to X'FF' unassigned
! 550: */
! 551: response[SOCKS5_REP] = rep;
! 552: response[SOCKS5_RESERVED] = 0; /* must be zero */
! 553: response[SOCKS5_ATYP] = type; /* address type */
! 554:
! 555: /* mirror back the original addr + port */
! 556:
! 557: /* address or hostname */
! 558: memcpy(&response[SOCKS5_BNDADDR], address, len);
! 559:
! 560: /* port number */
! 561: memcpy(&response[SOCKS5_BNDADDR + len],
! 562: &buffer[SOCKS5_DSTADDR + len], sizeof(socksport));
! 563:
! 564: rc = (send)(fd, (char *)response, len + 6, 0);
! 565: if(rc != (len + 6)) {
! 566: logmsg("Sending connect response failed!");
! 567: return CURL_SOCKET_BAD;
! 568: }
! 569: logmsg("Sent %d bytes", rc);
! 570: loghex(response, rc);
! 571:
! 572: if(!rep)
! 573: return connfd;
! 574:
! 575: if(connfd != CURL_SOCKET_BAD)
! 576: sclose(connfd);
! 577:
! 578: return CURL_SOCKET_BAD;
! 579: }
! 580:
! 581: struct perclient {
! 582: size_t fromremote;
! 583: size_t fromclient;
! 584: curl_socket_t remotefd;
! 585: curl_socket_t clientfd;
! 586: bool used;
! 587: };
! 588:
! 589: /* return non-zero when transfer is done */
! 590: static int tunnel(struct perclient *cp, fd_set *fds)
! 591: {
! 592: ssize_t nread;
! 593: ssize_t nwrite;
! 594: char buffer[512];
! 595: if(FD_ISSET(cp->clientfd, fds)) {
! 596: /* read from client, send to remote */
! 597: nread = recv(cp->clientfd, buffer, sizeof(buffer), 0);
! 598: if(nread > 0) {
! 599: nwrite = send(cp->remotefd, (char *)buffer,
! 600: (SEND_TYPE_ARG3)nread, 0);
! 601: if(nwrite != nread)
! 602: return 1;
! 603: cp->fromclient += nwrite;
! 604: }
! 605: else
! 606: return 1;
! 607: }
! 608: if(FD_ISSET(cp->remotefd, fds)) {
! 609: /* read from remote, send to client */
! 610: nread = recv(cp->remotefd, buffer, sizeof(buffer), 0);
! 611: if(nread > 0) {
! 612: nwrite = send(cp->clientfd, (char *)buffer,
! 613: (SEND_TYPE_ARG3)nread, 0);
! 614: if(nwrite != nread)
! 615: return 1;
! 616: cp->fromremote += nwrite;
! 617: }
! 618: else
! 619: return 1;
! 620: }
! 621: return 0;
! 622: }
! 623:
! 624: /*
! 625: sockfdp is a pointer to an established stream or CURL_SOCKET_BAD
! 626:
! 627: if sockfd is CURL_SOCKET_BAD, listendfd is a listening socket we must
! 628: accept()
! 629: */
! 630: static bool incoming(curl_socket_t listenfd)
! 631: {
! 632: fd_set fds_read;
! 633: fd_set fds_write;
! 634: fd_set fds_err;
! 635: int clients = 0; /* connected clients */
! 636: struct perclient c[2];
! 637:
! 638: memset(c, 0, sizeof(c));
! 639: if(got_exit_signal) {
! 640: logmsg("signalled to die, exiting...");
! 641: return FALSE;
! 642: }
! 643:
! 644: #ifdef HAVE_GETPPID
! 645: /* As a last resort, quit if socks5 process becomes orphan. */
! 646: if(getppid() <= 1) {
! 647: logmsg("process becomes orphan, exiting");
! 648: return FALSE;
! 649: }
! 650: #endif
! 651:
! 652: do {
! 653: int i;
! 654: ssize_t rc;
! 655: int error = 0;
! 656: curl_socket_t sockfd = listenfd;
! 657: int maxfd = (int)sockfd;
! 658:
! 659: FD_ZERO(&fds_read);
! 660: FD_ZERO(&fds_write);
! 661: FD_ZERO(&fds_err);
! 662:
! 663: /* there's always a socket to wait for */
! 664: FD_SET(sockfd, &fds_read);
! 665:
! 666: for(i = 0; i < 2; i++) {
! 667: if(c[i].used) {
! 668: curl_socket_t fd = c[i].clientfd;
! 669: FD_SET(fd, &fds_read);
! 670: if((int)fd > maxfd)
! 671: maxfd = (int)fd;
! 672: fd = c[i].remotefd;
! 673: FD_SET(fd, &fds_read);
! 674: if((int)fd > maxfd)
! 675: maxfd = (int)fd;
! 676: }
! 677: }
! 678:
! 679: do {
! 680: /* select() blocking behavior call on blocking descriptors please */
! 681: rc = select(maxfd + 1, &fds_read, &fds_write, &fds_err, NULL);
! 682: if(got_exit_signal) {
! 683: logmsg("signalled to die, exiting...");
! 684: return FALSE;
! 685: }
! 686: } while((rc == -1) && ((error = errno) == EINTR));
! 687:
! 688: if(rc < 0) {
! 689: logmsg("select() failed with error: (%d) %s",
! 690: error, strerror(error));
! 691: return FALSE;
! 692: }
! 693:
! 694: if((clients < 2) && FD_ISSET(sockfd, &fds_read)) {
! 695: curl_socket_t newfd = accept(sockfd, NULL, NULL);
! 696: if(CURL_SOCKET_BAD == newfd) {
! 697: error = SOCKERRNO;
! 698: logmsg("accept(%d, NULL, NULL) failed with error: (%d) %s",
! 699: sockfd, error, strerror(error));
! 700: }
! 701: else {
! 702: curl_socket_t remotefd;
! 703: logmsg("====> Client connect, fd %d. Read config from %s",
! 704: newfd, configfile);
! 705: remotefd = sockit(newfd); /* SOCKS until done */
! 706: if(remotefd == CURL_SOCKET_BAD) {
! 707: logmsg("====> Client disconnect");
! 708: sclose(newfd);
! 709: }
! 710: else {
! 711: struct perclient *cp = &c[0];
! 712: logmsg("====> Tunnel transfer");
! 713:
! 714: if(c[0].used)
! 715: cp = &c[1];
! 716: cp->fromremote = 0;
! 717: cp->fromclient = 0;
! 718: cp->clientfd = newfd;
! 719: cp->remotefd = remotefd;
! 720: cp->used = TRUE;
! 721: clients++;
! 722: }
! 723:
! 724: }
! 725: }
! 726: for(i = 0; i < 2; i++) {
! 727: struct perclient *cp = &c[i];
! 728: if(cp->used) {
! 729: if(tunnel(cp, &fds_read)) {
! 730: logmsg("SOCKS transfer completed. Bytes: < %zu > %zu",
! 731: cp->fromremote, cp->fromclient);
! 732: sclose(cp->clientfd);
! 733: sclose(cp->remotefd);
! 734: cp->used = FALSE;
! 735: clients--;
! 736: }
! 737: }
! 738: }
! 739: } while(clients);
! 740:
! 741: return TRUE;
! 742: }
! 743:
! 744: static curl_socket_t sockdaemon(curl_socket_t sock,
! 745: unsigned short *listenport)
! 746: {
! 747: /* passive daemon style */
! 748: srvr_sockaddr_union_t listener;
! 749: int flag;
! 750: int rc;
! 751: int totdelay = 0;
! 752: int maxretr = 10;
! 753: int delay = 20;
! 754: int attempt = 0;
! 755: int error = 0;
! 756:
! 757: do {
! 758: attempt++;
! 759: flag = 1;
! 760: rc = setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
! 761: (void *)&flag, sizeof(flag));
! 762: if(rc) {
! 763: error = SOCKERRNO;
! 764: logmsg("setsockopt(SO_REUSEADDR) failed with error: (%d) %s",
! 765: error, strerror(error));
! 766: if(maxretr) {
! 767: rc = wait_ms(delay);
! 768: if(rc) {
! 769: /* should not happen */
! 770: error = errno;
! 771: logmsg("wait_ms() failed with error: (%d) %s",
! 772: error, strerror(error));
! 773: sclose(sock);
! 774: return CURL_SOCKET_BAD;
! 775: }
! 776: if(got_exit_signal) {
! 777: logmsg("signalled to die, exiting...");
! 778: sclose(sock);
! 779: return CURL_SOCKET_BAD;
! 780: }
! 781: totdelay += delay;
! 782: delay *= 2; /* double the sleep for next attempt */
! 783: }
! 784: }
! 785: } while(rc && maxretr--);
! 786:
! 787: if(rc) {
! 788: logmsg("setsockopt(SO_REUSEADDR) failed %d times in %d ms. Error: (%d) %s",
! 789: attempt, totdelay, error, strerror(error));
! 790: logmsg("Continuing anyway...");
! 791: }
! 792:
! 793: /* When the specified listener port is zero, it is actually a
! 794: request to let the system choose a non-zero available port. */
! 795:
! 796: #ifdef ENABLE_IPV6
! 797: if(!use_ipv6) {
! 798: #endif
! 799: memset(&listener.sa4, 0, sizeof(listener.sa4));
! 800: listener.sa4.sin_family = AF_INET;
! 801: listener.sa4.sin_addr.s_addr = INADDR_ANY;
! 802: listener.sa4.sin_port = htons(*listenport);
! 803: rc = bind(sock, &listener.sa, sizeof(listener.sa4));
! 804: #ifdef ENABLE_IPV6
! 805: }
! 806: else {
! 807: memset(&listener.sa6, 0, sizeof(listener.sa6));
! 808: listener.sa6.sin6_family = AF_INET6;
! 809: listener.sa6.sin6_addr = in6addr_any;
! 810: listener.sa6.sin6_port = htons(*listenport);
! 811: rc = bind(sock, &listener.sa, sizeof(listener.sa6));
! 812: }
! 813: #endif /* ENABLE_IPV6 */
! 814: if(rc) {
! 815: error = SOCKERRNO;
! 816: logmsg("Error binding socket on port %hu: (%d) %s",
! 817: *listenport, error, strerror(error));
! 818: sclose(sock);
! 819: return CURL_SOCKET_BAD;
! 820: }
! 821:
! 822: if(!*listenport) {
! 823: /* The system was supposed to choose a port number, figure out which
! 824: port we actually got and update the listener port value with it. */
! 825: curl_socklen_t la_size;
! 826: srvr_sockaddr_union_t localaddr;
! 827: #ifdef ENABLE_IPV6
! 828: if(!use_ipv6)
! 829: #endif
! 830: la_size = sizeof(localaddr.sa4);
! 831: #ifdef ENABLE_IPV6
! 832: else
! 833: la_size = sizeof(localaddr.sa6);
! 834: #endif
! 835: memset(&localaddr.sa, 0, (size_t)la_size);
! 836: if(getsockname(sock, &localaddr.sa, &la_size) < 0) {
! 837: error = SOCKERRNO;
! 838: logmsg("getsockname() failed with error: (%d) %s",
! 839: error, strerror(error));
! 840: sclose(sock);
! 841: return CURL_SOCKET_BAD;
! 842: }
! 843: switch(localaddr.sa.sa_family) {
! 844: case AF_INET:
! 845: *listenport = ntohs(localaddr.sa4.sin_port);
! 846: break;
! 847: #ifdef ENABLE_IPV6
! 848: case AF_INET6:
! 849: *listenport = ntohs(localaddr.sa6.sin6_port);
! 850: break;
! 851: #endif
! 852: default:
! 853: break;
! 854: }
! 855: if(!*listenport) {
! 856: /* Real failure, listener port shall not be zero beyond this point. */
! 857: logmsg("Apparently getsockname() succeeded, with listener port zero.");
! 858: logmsg("A valid reason for this failure is a binary built without");
! 859: logmsg("proper network library linkage. This might not be the only");
! 860: logmsg("reason, but double check it before anything else.");
! 861: sclose(sock);
! 862: return CURL_SOCKET_BAD;
! 863: }
! 864: }
! 865:
! 866: /* start accepting connections */
! 867: rc = listen(sock, 5);
! 868: if(0 != rc) {
! 869: error = SOCKERRNO;
! 870: logmsg("listen(%d, 5) failed with error: (%d) %s",
! 871: sock, error, strerror(error));
! 872: sclose(sock);
! 873: return CURL_SOCKET_BAD;
! 874: }
! 875:
! 876: return sock;
! 877: }
! 878:
! 879:
! 880: int main(int argc, char *argv[])
! 881: {
! 882: curl_socket_t sock = CURL_SOCKET_BAD;
! 883: curl_socket_t msgsock = CURL_SOCKET_BAD;
! 884: int wrotepidfile = 0;
! 885: const char *pidname = ".socksd.pid";
! 886: const char *portfile = NULL;
! 887: bool juggle_again;
! 888: int error;
! 889: int arg = 1;
! 890:
! 891: while(argc>arg) {
! 892: if(!strcmp("--version", argv[arg])) {
! 893: printf("socksd IPv4%s\n",
! 894: #ifdef ENABLE_IPV6
! 895: "/IPv6"
! 896: #else
! 897: ""
! 898: #endif
! 899: );
! 900: return 0;
! 901: }
! 902: else if(!strcmp("--pidfile", argv[arg])) {
! 903: arg++;
! 904: if(argc>arg)
! 905: pidname = argv[arg++];
! 906: }
! 907: else if(!strcmp("--portfile", argv[arg])) {
! 908: arg++;
! 909: if(argc>arg)
! 910: portfile = argv[arg++];
! 911: }
! 912: else if(!strcmp("--config", argv[arg])) {
! 913: arg++;
! 914: if(argc>arg)
! 915: configfile = argv[arg++];
! 916: }
! 917: else if(!strcmp("--backend", argv[arg])) {
! 918: arg++;
! 919: if(argc>arg)
! 920: backendaddr = argv[arg++];
! 921: }
! 922: else if(!strcmp("--backendport", argv[arg])) {
! 923: arg++;
! 924: if(argc>arg)
! 925: backendport = (unsigned short)atoi(argv[arg++]);
! 926: }
! 927: else if(!strcmp("--logfile", argv[arg])) {
! 928: arg++;
! 929: if(argc>arg)
! 930: serverlogfile = argv[arg++];
! 931: }
! 932: else if(!strcmp("--ipv6", argv[arg])) {
! 933: #ifdef ENABLE_IPV6
! 934: ipv_inuse = "IPv6";
! 935: use_ipv6 = TRUE;
! 936: #endif
! 937: arg++;
! 938: }
! 939: else if(!strcmp("--ipv4", argv[arg])) {
! 940: /* for completeness, we support this option as well */
! 941: #ifdef ENABLE_IPV6
! 942: ipv_inuse = "IPv4";
! 943: use_ipv6 = FALSE;
! 944: #endif
! 945: arg++;
! 946: }
! 947: else if(!strcmp("--port", argv[arg])) {
! 948: arg++;
! 949: if(argc>arg) {
! 950: char *endptr;
! 951: unsigned long ulnum = strtoul(argv[arg], &endptr, 10);
! 952: port = curlx_ultous(ulnum);
! 953: arg++;
! 954: }
! 955: }
! 956: else {
! 957: puts("Usage: socksd [option]\n"
! 958: " --backend [ipv4 addr]\n"
! 959: " --backendport [TCP port]\n"
! 960: " --config [file]\n"
! 961: " --version\n"
! 962: " --logfile [file]\n"
! 963: " --pidfile [file]\n"
! 964: " --portfile [file]\n"
! 965: " --ipv4\n"
! 966: " --ipv6\n"
! 967: " --bindonly\n"
! 968: " --port [port]\n");
! 969: return 0;
! 970: }
! 971: }
! 972:
! 973: #ifdef WIN32
! 974: win32_init();
! 975: atexit(win32_cleanup);
! 976:
! 977: setmode(fileno(stdin), O_BINARY);
! 978: setmode(fileno(stdout), O_BINARY);
! 979: setmode(fileno(stderr), O_BINARY);
! 980: #endif
! 981:
! 982: install_signal_handlers(false);
! 983:
! 984: #ifdef ENABLE_IPV6
! 985: if(!use_ipv6)
! 986: #endif
! 987: sock = socket(AF_INET, SOCK_STREAM, 0);
! 988: #ifdef ENABLE_IPV6
! 989: else
! 990: sock = socket(AF_INET6, SOCK_STREAM, 0);
! 991: #endif
! 992:
! 993: if(CURL_SOCKET_BAD == sock) {
! 994: error = SOCKERRNO;
! 995: logmsg("Error creating socket: (%d) %s",
! 996: error, strerror(error));
! 997: goto socks5_cleanup;
! 998: }
! 999:
! 1000: {
! 1001: /* passive daemon style */
! 1002: sock = sockdaemon(sock, &port);
! 1003: if(CURL_SOCKET_BAD == sock) {
! 1004: goto socks5_cleanup;
! 1005: }
! 1006: msgsock = CURL_SOCKET_BAD; /* no stream socket yet */
! 1007: }
! 1008:
! 1009: logmsg("Running %s version", ipv_inuse);
! 1010: logmsg("Listening on port %hu", port);
! 1011:
! 1012: wrotepidfile = write_pidfile(pidname);
! 1013: if(!wrotepidfile) {
! 1014: goto socks5_cleanup;
! 1015: }
! 1016:
! 1017: if(portfile) {
! 1018: wrotepidfile = write_portfile(portfile, port);
! 1019: if(!wrotepidfile) {
! 1020: goto socks5_cleanup;
! 1021: }
! 1022: }
! 1023:
! 1024: do {
! 1025: juggle_again = incoming(sock);
! 1026: } while(juggle_again);
! 1027:
! 1028: socks5_cleanup:
! 1029:
! 1030: if((msgsock != sock) && (msgsock != CURL_SOCKET_BAD))
! 1031: sclose(msgsock);
! 1032:
! 1033: if(sock != CURL_SOCKET_BAD)
! 1034: sclose(sock);
! 1035:
! 1036: if(wrotepidfile)
! 1037: unlink(pidname);
! 1038:
! 1039: restore_signal_handlers(false);
! 1040:
! 1041: if(got_exit_signal) {
! 1042: logmsg("============> socksd exits with signal (%d)", exit_signal);
! 1043: /*
! 1044: * To properly set the return status of the process we
! 1045: * must raise the same signal SIGINT or SIGTERM that we
! 1046: * caught and let the old handler take care of it.
! 1047: */
! 1048: raise(exit_signal);
! 1049: }
! 1050:
! 1051: logmsg("============> socksd quits");
! 1052: return 0;
! 1053: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to socksd.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / tests / server