2 This file is part of GNUnet.
3 Copyright (C) 2012-2018 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * @author Martin Schanzenbach
20 * @author Christian Grothoff
21 * @file src/gns/gnunet-gns-proxy.c
22 * @brief HTTP(S) proxy that rewrites URIs and fakes certificats to make GNS work
23 * with legacy browsers
26 * - double-check queueing logic
29 #include <microhttpd.h>
31 #include <curl/curl.h>
32 #elif HAVE_GNURL_CURL_H
33 #include <gnurl/curl.h>
35 #include <gnutls/gnutls.h>
36 #include <gnutls/x509.h>
37 #include <gnutls/abstract.h>
38 #include <gnutls/crypto.h>
40 #include <gnutls/dane.h>
43 #include "gnunet_util_lib.h"
44 #include "gnunet_gns_service.h"
45 #include "gnunet_identity_service.h"
51 * Default Socks5 listen port.
53 #define GNUNET_GNS_PROXY_PORT 7777
56 * Maximum supported length for a URI.
57 * Should die. @deprecated
59 #define MAX_HTTP_URI_LENGTH 2048
62 * Maximum number of DANE records we support
63 * per domain name (and port and protocol).
68 * Size of the buffer for the data upload / download. Must be
69 * enough for curl, thus CURL_MAX_WRITE_SIZE is needed here (16k).
71 #define IO_BUFFERSIZE CURL_MAX_WRITE_SIZE
74 * Size of the read/write buffers for Socks. Uses
75 * 256 bytes for the hostname (at most), plus a few
76 * bytes overhead for the messages.
78 #define SOCKS_BUFFERSIZE (256 + 32)
81 * Port for plaintext HTTP.
88 #define HTTPS_PORT 443
91 * Largest allowed size for a PEM certificate.
93 #define MAX_PEM_SIZE (10 * 1024)
96 * After how long do we clean up unused MHD TLS instances?
98 #define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
101 * After how long do we clean up Socks5 handles that failed to show any activity
102 * with their respective MHD instance?
104 #define HTTP_HANDSHAKE_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 15)
110 * @param level log level
111 * @param fun name of curl_easy-function that gave the error
112 * @param rc return code from curl
114 #define LOG_CURL_EASY(level,fun,rc) \
116 _("%s failed at %s:%d: `%s'\n"), \
120 curl_easy_strerror (rc))
123 /* *************** Socks protocol definitions (move to TUN?) ****************** */
126 * Which SOCKS version do we speak?
128 #define SOCKS_VERSION_5 0x05
131 * Flag to set for 'no authentication'.
133 #define SOCKS_AUTH_NONE 0
137 * Commands in Socks5.
142 * Establish TCP/IP stream.
144 SOCKS5_CMD_TCP_STREAM = 1,
147 * Establish TCP port binding.
149 SOCKS5_CMD_TCP_PORT = 2,
152 * Establish UDP port binding.
154 SOCKS5_CMD_UDP_PORT = 3
159 * Address types in Socks5.
161 enum Socks5AddressType
171 SOCKS5_AT_DOMAINNAME = 3,
182 * Status codes in Socks5 response.
184 enum Socks5StatusCode
186 SOCKS5_STATUS_REQUEST_GRANTED = 0,
187 SOCKS5_STATUS_GENERAL_FAILURE = 1,
188 SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE = 2,
189 SOCKS5_STATUS_NETWORK_UNREACHABLE = 3,
190 SOCKS5_STATUS_HOST_UNREACHABLE = 4,
191 SOCKS5_STATUS_CONNECTION_REFUSED_BY_HOST = 5,
192 SOCKS5_STATUS_TTL_EXPIRED = 6,
193 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED = 7,
194 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED = 8
199 * Client hello in Socks5 protocol.
201 struct Socks5ClientHelloMessage
204 * Should be #SOCKS_VERSION_5.
209 * How many authentication methods does the client support.
211 uint8_t num_auth_methods;
213 /* followed by supported authentication methods, 1 byte per method */
219 * Server hello in Socks5 protocol.
221 struct Socks5ServerHelloMessage
224 * Should be #SOCKS_VERSION_5.
229 * Chosen authentication method, for us always #SOCKS_AUTH_NONE,
230 * which skips the authentication step.
237 * Client socks request in Socks5 protocol.
239 struct Socks5ClientRequestMessage
242 * Should be #SOCKS_VERSION_5.
247 * Command code, we only uspport #SOCKS5_CMD_TCP_STREAM.
252 * Reserved, always zero.
257 * Address type, an `enum Socks5AddressType`.
262 * Followed by either an ip4/ipv6 address or a domain name with a
263 * length field (uint8_t) in front (depending on @e addr_type).
264 * followed by port number in network byte order (uint16_t).
270 * Server response to client requests in Socks5 protocol.
272 struct Socks5ServerResponseMessage
275 * Should be #SOCKS_VERSION_5.
280 * Status code, an `enum Socks5StatusCode`
290 * Address type, an `enum Socks5AddressType`.
295 * Followed by either an ip4/ipv6 address or a domain name with a
296 * length field (uint8_t) in front (depending on @e addr_type).
297 * followed by port number in network byte order (uint16_t).
304 /* *********************** Datastructures for HTTP handling ****************** */
307 * A structure for CA cert/key
314 gnutls_x509_crt_t cert;
319 gnutls_x509_privkey_t key;
324 * Structure for GNS certificates
326 struct ProxyGNSCertificate
329 * The certificate as PEM
331 char cert[MAX_PEM_SIZE];
334 * The private key as PEM
336 char key[MAX_PEM_SIZE];
342 * A structure for all running Httpds
349 struct MhdHttpList *prev;
354 struct MhdHttpList *next;
357 * the domain name to server (only important for TLS)
364 struct MHD_Daemon *daemon;
367 * Optional proxy certificate used
369 struct ProxyGNSCertificate *proxy_cert;
374 struct GNUNET_SCHEDULER_Task *httpd_task;
377 * is this an ssl daemon?
384 /* ***************** Datastructures for Socks handling **************** */
393 * We're waiting to get the client hello.
398 * We're waiting to get the initial request.
403 * We are currently resolving the destination.
408 * We're in transfer mode.
410 SOCKS5_DATA_TRANSFER,
413 * Finish writing the write buffer, then clean up.
415 SOCKS5_WRITE_THEN_CLEANUP,
418 * Socket has been passed to MHD, do not close it anymore.
420 SOCKS5_SOCKET_WITH_MHD,
423 * We've started receiving upload data from MHD.
425 SOCKS5_SOCKET_UPLOAD_STARTED,
428 * We've finished receiving upload data from MHD.
430 SOCKS5_SOCKET_UPLOAD_DONE,
433 * We've finished uploading data via CURL and can now download.
435 SOCKS5_SOCKET_DOWNLOAD_STARTED,
438 * We've finished receiving download data from cURL.
440 SOCKS5_SOCKET_DOWNLOAD_DONE
447 struct HttpResponseHeader
452 struct HttpResponseHeader *next;
457 struct HttpResponseHeader *prev;
471 * A structure for socks requests
479 struct Socks5Request *next;
484 struct Socks5Request *prev;
489 struct GNUNET_NETWORK_Handle *sock;
492 * Handle to GNS lookup, during #SOCKS5_RESOLVING phase.
494 struct GNUNET_GNS_LookupWithTldRequest *gns_lookup;
497 * Client socket read task
499 struct GNUNET_SCHEDULER_Task *rtask;
502 * Client socket write task
504 struct GNUNET_SCHEDULER_Task *wtask;
509 struct GNUNET_SCHEDULER_Task *timeout_task;
514 char rbuf[SOCKS_BUFFERSIZE];
519 char wbuf[SOCKS_BUFFERSIZE];
522 * Buffer we use for moving data between MHD and curl (in both directions).
524 char io_buf[IO_BUFFERSIZE];
527 * MHD HTTP instance handling this request, NULL for none.
529 struct MhdHttpList *hd;
532 * MHD connection for this request.
534 struct MHD_Connection *con;
537 * MHD response object for this request.
539 struct MHD_Response *response;
542 * the domain name to server (only important for TLS)
547 * DNS Legacy Host Name as given by GNS, NULL if not given.
552 * Payload of the DANE records encountered.
554 char *dane_data[MAX_DANES + 1];
567 * HTTP request headers for the curl request.
569 struct curl_slist *headers;
572 * DNS->IP mappings resolved through GNS
574 struct curl_slist *hosts;
577 * HTTP response code to give to MHD for the response.
579 unsigned int response_code;
582 * Number of bytes in @e dane_data.
584 int dane_data_len[MAX_DANES + 1];
587 * Number of entries used in @e dane_data_len
590 unsigned int num_danes;
593 * Number of bytes already in read buffer
598 * Number of bytes already in write buffer
603 * Number of bytes already in the IO buffer.
608 * Once known, what's the target address for the connection?
610 struct sockaddr_storage destination_address;
615 enum SocksPhase state;
618 * Desired destination port.
623 * Headers from response
625 struct HttpResponseHeader *header_head;
628 * Headers from response
630 struct HttpResponseHeader *header_tail;
633 * X.509 Certificate status
638 * Was the hostname resolved via GNS?
643 * Did we suspend MHD processing?
648 * Did we pause CURL processing?
655 /* *********************** Globals **************************** */
659 * The port the proxy is running on (default 7777)
661 static uint16_t port = GNUNET_GNS_PROXY_PORT;
664 * The CA file (pem) to use for the proxy CA
666 static char *cafile_opt;
669 * The listen socket of the proxy for IPv4
671 static struct GNUNET_NETWORK_Handle *lsock4;
674 * The listen socket of the proxy for IPv6
676 static struct GNUNET_NETWORK_Handle *lsock6;
679 * The listen task ID for IPv4
681 static struct GNUNET_SCHEDULER_Task * ltask4;
684 * The listen task ID for IPv6
686 static struct GNUNET_SCHEDULER_Task * ltask6;
689 * The cURL download task (curl multi API).
691 static struct GNUNET_SCHEDULER_Task * curl_download_task;
694 * The cURL multi handle
696 static CURLM *curl_multi;
699 * Handle to the GNS service
701 static struct GNUNET_GNS_Handle *gns_handle;
706 static int disable_v6;
709 * DLL for http/https daemons
711 static struct MhdHttpList *mhd_httpd_head;
714 * DLL for http/https daemons
716 static struct MhdHttpList *mhd_httpd_tail;
719 * Daemon for HTTP (we have one per X.509 certificate, and then one for
720 * all HTTP connections; this is the one for HTTP, not HTTPS).
722 static struct MhdHttpList *httpd;
725 * DLL of active socks requests.
727 static struct Socks5Request *s5r_head;
730 * DLL of active socks requests.
732 static struct Socks5Request *s5r_tail;
735 * The CA for X.509 certificate generation
737 static struct ProxyCA proxy_ca;
740 * Response we return on cURL failures.
742 static struct MHD_Response *curl_failure_response;
747 static const struct GNUNET_CONFIGURATION_Handle *cfg;
750 /* ************************* Global helpers ********************* */
754 * Run MHD now, we have extra data ready for the callback.
756 * @param hd the daemon to run now.
759 run_mhd_now (struct MhdHttpList *hd);
763 * Clean up s5r handles.
765 * @param s5r the handle to destroy
768 cleanup_s5r (struct Socks5Request *s5r)
770 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
771 "Cleaning up socks request\n");
772 if (NULL != s5r->curl)
774 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
775 "Cleaning up cURL handle\n");
776 curl_multi_remove_handle (curl_multi,
778 curl_easy_cleanup (s5r->curl);
783 s5r->suspended = GNUNET_NO;
784 MHD_resume_connection (s5r->con);
786 curl_slist_free_all (s5r->headers);
787 if (NULL != s5r->hosts)
789 curl_slist_free_all (s5r->hosts);
791 if ( (NULL != s5r->response) &&
792 (curl_failure_response != s5r->response) )
794 MHD_destroy_response (s5r->response);
795 s5r->response = NULL;
797 if (NULL != s5r->rtask)
799 GNUNET_SCHEDULER_cancel (s5r->rtask);
802 if (NULL != s5r->timeout_task)
804 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
805 s5r->timeout_task = NULL;
807 if (NULL != s5r->wtask)
809 GNUNET_SCHEDULER_cancel (s5r->wtask);
812 if (NULL != s5r->gns_lookup)
814 GNUNET_GNS_lookup_with_tld_cancel (s5r->gns_lookup);
815 s5r->gns_lookup = NULL;
817 if (NULL != s5r->sock)
819 if (SOCKS5_SOCKET_WITH_MHD <= s5r->state)
820 GNUNET_NETWORK_socket_free_memory_only_ (s5r->sock);
822 GNUNET_NETWORK_socket_close (s5r->sock);
825 GNUNET_CONTAINER_DLL_remove (s5r_head,
828 GNUNET_free_non_null (s5r->domain);
829 GNUNET_free_non_null (s5r->leho);
830 GNUNET_free_non_null (s5r->url);
831 for (unsigned int i=0;i<s5r->num_danes;i++)
832 GNUNET_free (s5r->dane_data[i]);
837 /* ************************* HTTP handling with cURL *********************** */
840 curl_download_prepare ();
844 * Callback for MHD response generation. This function is called from
845 * MHD whenever MHD expects to get data back. Copies data from the
846 * io_buf, if available.
848 * @param cls closure with our `struct Socks5Request`
849 * @param pos in buffer
850 * @param buf where to copy data
851 * @param max available space in @a buf
852 * @return number of bytes written to @a buf
855 mhd_content_cb (void *cls,
860 struct Socks5Request *s5r = cls;
861 size_t bytes_to_copy;
863 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
864 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
866 /* we're still not done with the upload, do not yet
867 start the download, the IO buffer is still full
869 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
870 "Pausing MHD download %s%s, not yet ready for download\n",
873 return 0; /* not yet ready for data download */
875 bytes_to_copy = GNUNET_MIN (max,
877 if ( (0 == bytes_to_copy) &&
878 (SOCKS5_SOCKET_DOWNLOAD_DONE != s5r->state) )
880 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
881 "Pausing MHD download %s%s, no data available\n",
884 if (NULL != s5r->curl)
886 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
887 "Continuing CURL interaction for %s%s\n",
890 if (GNUNET_YES == s5r->curl_paused)
892 s5r->curl_paused = GNUNET_NO;
893 curl_easy_pause (s5r->curl,
896 curl_download_prepare ();
898 if (GNUNET_NO == s5r->suspended)
900 MHD_suspend_connection (s5r->con);
901 s5r->suspended = GNUNET_YES;
903 return 0; /* more data later */
905 if ( (0 == bytes_to_copy) &&
906 (SOCKS5_SOCKET_DOWNLOAD_DONE == s5r->state) )
908 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
909 "Completed MHD download %s%s\n",
912 return MHD_CONTENT_READER_END_OF_STREAM;
914 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
915 "Writing %llu/%llu bytes to %s%s\n",
916 (unsigned long long) bytes_to_copy,
917 (unsigned long long) s5r->io_len,
923 memmove (s5r->io_buf,
924 &s5r->io_buf[bytes_to_copy],
925 s5r->io_len - bytes_to_copy);
926 s5r->io_len -= bytes_to_copy;
927 if ( (NULL != s5r->curl) &&
928 (GNUNET_YES == s5r->curl_paused) )
930 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
931 "Continuing CURL interaction for %s%s\n",
934 s5r->curl_paused = GNUNET_NO;
935 curl_easy_pause (s5r->curl,
938 return bytes_to_copy;
943 * Check that the website has presented us with a valid X.509 certificate.
944 * The certificate must either match the domain name or the LEHO name
945 * (or, if available, the TLSA record).
947 * @param s5r request to check for.
948 * @return #GNUNET_OK if the certificate is valid
951 check_ssl_certificate (struct Socks5Request *s5r)
953 unsigned int cert_list_size;
954 const gnutls_datum_t *chainp;
955 const struct curl_tlssessioninfo *tlsinfo;
956 char certdn[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 3];
958 gnutls_x509_crt_t x509_cert;
962 s5r->ssl_checked = GNUNET_YES;
963 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
964 "Checking X.509 certificate\n");
966 curl_easy_getinfo (s5r->curl,
967 CURLINFO_TLS_SESSION,
968 (struct curl_slist **) &tlsinfo))
969 return GNUNET_SYSERR;
970 if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
972 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
973 _("Unsupported CURL TLS backend %d\n"),
975 return GNUNET_SYSERR;
977 chainp = gnutls_certificate_get_peers (tlsinfo->internals,
980 (0 == cert_list_size) )
981 return GNUNET_SYSERR;
983 size = sizeof (certdn);
984 /* initialize an X.509 certificate structure. */
985 gnutls_x509_crt_init (&x509_cert);
986 gnutls_x509_crt_import (x509_cert,
988 GNUTLS_X509_FMT_DER);
990 if (0 != (rc = gnutls_x509_crt_get_dn_by_oid (x509_cert,
991 GNUTLS_OID_X520_COMMON_NAME,
992 0, /* the first and only one */
993 0 /* no DER encoding */,
997 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
998 _("Failed to fetch CN from cert: %s\n"),
999 gnutls_strerror(rc));
1000 gnutls_x509_crt_deinit (x509_cert);
1001 return GNUNET_SYSERR;
1003 /* check for TLSA/DANE records */
1004 #if HAVE_GNUTLS_DANE
1005 if (0 != s5r->num_danes)
1007 dane_state_t dane_state;
1008 dane_query_t dane_query;
1009 unsigned int verify;
1011 /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */
1012 if (0 != (rc = dane_state_init (&dane_state,
1013 #ifdef DANE_F_IGNORE_DNSSEC
1014 DANE_F_IGNORE_DNSSEC |
1016 DANE_F_IGNORE_LOCAL_RESOLVER)))
1018 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1019 _("Failed to initialize DANE: %s\n"),
1021 gnutls_x509_crt_deinit (x509_cert);
1022 return GNUNET_SYSERR;
1024 s5r->dane_data[s5r->num_danes] = NULL;
1025 s5r->dane_data_len[s5r->num_danes] = 0;
1026 if (0 != (rc = dane_raw_tlsa (dane_state,
1033 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1034 _("Failed to parse DANE record: %s\n"),
1036 dane_state_deinit (dane_state);
1037 gnutls_x509_crt_deinit (x509_cert);
1038 return GNUNET_SYSERR;
1040 if (0 != (rc = dane_verify_crt_raw (dane_state,
1043 gnutls_certificate_type_get (tlsinfo->internals),
1048 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1049 _("Failed to verify TLS connection using DANE: %s\n"),
1051 dane_query_deinit (dane_query);
1052 dane_state_deinit (dane_state);
1053 gnutls_x509_crt_deinit (x509_cert);
1054 return GNUNET_SYSERR;
1058 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1059 _("Failed DANE verification failed with GnuTLS verify status code: %u\n"),
1061 dane_query_deinit (dane_query);
1062 dane_state_deinit (dane_state);
1063 gnutls_x509_crt_deinit (x509_cert);
1064 return GNUNET_SYSERR;
1066 dane_query_deinit (dane_query);
1067 dane_state_deinit (dane_state);
1073 /* try LEHO or ordinary domain name X509 verification */
1075 if (NULL != s5r->leho)
1079 if (0 == (rc = gnutls_x509_crt_check_hostname (x509_cert,
1082 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1083 _("TLS certificate subject name (%s) does not match `%s': %d\n"),
1087 gnutls_x509_crt_deinit (x509_cert);
1088 return GNUNET_SYSERR;
1093 /* we did not even have the domain name!? */
1095 return GNUNET_SYSERR;
1098 gnutls_x509_crt_deinit (x509_cert);
1104 * We're getting an HTTP response header from cURL. Convert it to the
1105 * MHD response headers. Mostly copies the headers, but makes special
1106 * adjustments to "Set-Cookie" and "Location" headers as those may need
1107 * to be changed from the LEHO to the domain the browser expects.
1109 * @param buffer curl buffer with a single line of header data; not 0-terminated!
1110 * @param size curl blocksize
1111 * @param nmemb curl blocknumber
1112 * @param cls our `struct Socks5Request *`
1113 * @return size of processed bytes
1116 curl_check_hdr (void *buffer,
1121 struct Socks5Request *s5r = cls;
1122 struct HttpResponseHeader *header;
1123 size_t bytes = size * nmemb;
1125 const char *hdr_type;
1126 const char *cookie_domain;
1128 char *new_cookie_hdr;
1131 size_t delta_cdomain;
1135 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1136 "Receiving HTTP response header from CURL\n");
1137 /* first, check TLS certificate */
1138 if ( (GNUNET_YES != s5r->ssl_checked) &&
1139 (HTTPS_PORT == s5r->port))
1141 if (GNUNET_OK != check_ssl_certificate (s5r))
1144 ndup = GNUNET_strndup (buffer,
1146 hdr_type = strtok (ndup,
1148 if (NULL == hdr_type)
1153 hdr_val = strtok (NULL,
1155 if (NULL == hdr_val)
1160 if (' ' == *hdr_val)
1163 /* custom logic for certain header types */
1164 new_cookie_hdr = NULL;
1165 if ( (NULL != s5r->leho) &&
1166 (0 == strcasecmp (hdr_type,
1167 MHD_HTTP_HEADER_SET_COOKIE)) )
1170 new_cookie_hdr = GNUNET_malloc (strlen (hdr_val) +
1171 strlen (s5r->domain) + 1);
1173 domain_matched = GNUNET_NO; /* make sure we match domain at most once */
1174 for (tok = strtok (hdr_val, ";"); NULL != tok; tok = strtok (NULL, ";"))
1176 if ( (0 == strncasecmp (tok,
1178 strlen (" domain"))) &&
1179 (GNUNET_NO == domain_matched) )
1181 domain_matched = GNUNET_YES;
1182 cookie_domain = tok + strlen (" domain") + 1;
1183 if (strlen (cookie_domain) < strlen (s5r->leho))
1185 delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
1186 if (0 == strcasecmp (cookie_domain,
1187 s5r->leho + delta_cdomain))
1189 offset += sprintf (new_cookie_hdr + offset,
1195 else if (0 == strcmp (cookie_domain,
1198 offset += sprintf (new_cookie_hdr + offset,
1203 else if ( ('.' == cookie_domain[0]) &&
1204 (0 == strcmp (&cookie_domain[1],
1207 offset += sprintf (new_cookie_hdr + offset,
1212 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
1213 _("Cookie domain `%s' supplied by server is invalid\n"),
1216 GNUNET_memcpy (new_cookie_hdr + offset,
1219 offset += strlen (tok);
1220 new_cookie_hdr[offset++] = ';';
1222 hdr_val = new_cookie_hdr;
1225 new_location = NULL;
1226 if (0 == strcasecmp (MHD_HTTP_HEADER_TRANSFER_ENCODING,
1229 /* Ignore transfer encoding, set automatically by MHD if required */
1232 if ((0 == strcasecmp (MHD_HTTP_HEADER_LOCATION,
1237 GNUNET_asprintf (&leho_host,
1238 (HTTPS_PORT != s5r->port)
1242 if (0 == strncmp (leho_host,
1244 strlen (leho_host)))
1246 GNUNET_asprintf (&new_location,
1248 (HTTPS_PORT != s5r->port)
1252 hdr_val + strlen (leho_host));
1253 hdr_val = new_location;
1255 GNUNET_free (leho_host);
1257 if (0 == strcasecmp (MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
1262 GNUNET_asprintf (&leho_host,
1263 (HTTPS_PORT != s5r->port)
1267 if (0 == strncmp (leho_host,
1269 strlen (leho_host)))
1271 GNUNET_asprintf (&new_location,
1273 (HTTPS_PORT != s5r->port)
1277 hdr_val = new_location;
1279 GNUNET_free (leho_host);
1282 /* MHD does not allow certain characters in values, remove those */
1283 if (NULL != (tok = strchr (hdr_val, '\n')))
1285 if (NULL != (tok = strchr (hdr_val, '\r')))
1287 if (NULL != (tok = strchr (hdr_val, '\t')))
1289 if (0 != strlen (hdr_val)) /* Rely in MHD to set those */
1291 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1292 "Adding header %s: %s to MHD response\n",
1295 header = GNUNET_new (struct HttpResponseHeader);
1296 header->type = GNUNET_strdup (hdr_type);
1297 header->value = GNUNET_strdup (hdr_val);
1298 GNUNET_CONTAINER_DLL_insert (s5r->header_head,
1304 GNUNET_free_non_null (new_cookie_hdr);
1305 GNUNET_free_non_null (new_location);
1311 * Create an MHD response object in @a s5r matching the
1312 * information we got from curl.
1314 * @param s5r the request for which we convert the response
1315 * @return #GNUNET_OK on success, #GNUNET_SYSERR if response was
1316 * already initialized before
1319 create_mhd_response_from_s5r (struct Socks5Request *s5r)
1322 double content_length;
1324 if (NULL != s5r->response)
1326 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1327 "Response already set!\n");
1328 return GNUNET_SYSERR;
1331 GNUNET_break (CURLE_OK ==
1332 curl_easy_getinfo (s5r->curl,
1333 CURLINFO_RESPONSE_CODE,
1335 GNUNET_break (CURLE_OK ==
1336 curl_easy_getinfo (s5r->curl,
1337 CURLINFO_CONTENT_LENGTH_DOWNLOAD,
1339 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1340 "Creating MHD response with code %d and size %d for %s%s\n",
1342 (int) content_length,
1345 s5r->response_code = resp_code;
1346 s5r->response = MHD_create_response_from_callback ((-1 == content_length)
1353 for (struct HttpResponseHeader *header = s5r->header_head;
1355 header = header->next)
1357 GNUNET_break (MHD_YES ==
1358 MHD_add_response_header (s5r->response,
1363 /* force connection to be closed after each request, as we
1364 do not support HTTP pipelining (yet, FIXME!) */
1365 /*GNUNET_break (MHD_YES ==
1366 MHD_add_response_header (s5r->response,
1367 MHD_HTTP_HEADER_CONNECTION,
1369 MHD_resume_connection (s5r->con);
1370 s5r->suspended = GNUNET_NO;
1376 * Handle response payload data from cURL. Copies it into our `io_buf` to make
1377 * it available to MHD.
1379 * @param ptr pointer to the data
1380 * @param size number of blocks of data
1381 * @param nmemb blocksize
1382 * @param ctx our `struct Socks5Request *`
1383 * @return number of bytes handled
1386 curl_download_cb (void *ptr,
1391 struct Socks5Request *s5r = ctx;
1392 size_t total = size * nmemb;
1394 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1395 "Receiving %ux%u bytes for `%s%s' from cURL\n",
1396 (unsigned int) size,
1397 (unsigned int) nmemb,
1400 if (NULL == s5r->response)
1401 GNUNET_assert (GNUNET_OK ==
1402 create_mhd_response_from_s5r (s5r));
1404 if ( (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state) ||
1405 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1407 /* we're still not done with the upload, do not yet
1408 start the download, the IO buffer is still full
1409 with upload data. */
1410 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1411 "Pausing CURL download `%s%s', waiting for UPLOAD to finish\n",
1414 s5r->curl_paused = GNUNET_YES;
1415 return CURL_WRITEFUNC_PAUSE; /* not yet ready for data download */
1417 if (sizeof (s5r->io_buf) - s5r->io_len < total)
1419 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1420 "Pausing CURL `%s%s' download, not enough space %llu %llu %llu\n",
1423 (unsigned long long) sizeof (s5r->io_buf),
1424 (unsigned long long) s5r->io_len,
1425 (unsigned long long) total);
1426 s5r->curl_paused = GNUNET_YES;
1427 return CURL_WRITEFUNC_PAUSE; /* not enough space */
1429 GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
1432 s5r->io_len += total;
1433 if (GNUNET_YES == s5r->suspended)
1435 MHD_resume_connection (s5r->con);
1436 s5r->suspended = GNUNET_NO;
1438 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1439 "Received %llu bytes of payload via cURL from %s\n",
1440 (unsigned long long) total,
1442 if (s5r->io_len == total)
1443 run_mhd_now (s5r->hd);
1449 * cURL callback for uploaded (PUT/POST) data. Copies it into our `io_buf`
1450 * to make it available to MHD.
1452 * @param buf where to write the data
1453 * @param size number of bytes per member
1454 * @param nmemb number of members available in @a buf
1455 * @param cls our `struct Socks5Request` that generated the data
1456 * @return number of bytes copied to @a buf
1459 curl_upload_cb (void *buf,
1464 struct Socks5Request *s5r = cls;
1465 size_t len = size * nmemb;
1468 if ( (0 == s5r->io_len) &&
1469 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1471 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1472 "Pausing CURL UPLOAD %s%s, need more data\n",
1475 return CURL_READFUNC_PAUSE;
1477 if ( (0 == s5r->io_len) &&
1478 (SOCKS5_SOCKET_UPLOAD_DONE == s5r->state) )
1480 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
1481 if (GNUNET_YES == s5r->curl_paused)
1483 s5r->curl_paused = GNUNET_NO;
1484 curl_easy_pause (s5r->curl,
1487 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1488 "Completed CURL UPLOAD %s%s\n",
1491 return 0; /* upload finished, can now download */
1493 if ( (SOCKS5_SOCKET_UPLOAD_STARTED != s5r->state) &&
1494 (SOCKS5_SOCKET_UPLOAD_DONE != s5r->state) )
1497 return CURL_READFUNC_ABORT;
1499 to_copy = GNUNET_MIN (s5r->io_len,
1504 memmove (s5r->io_buf,
1505 &s5r->io_buf[to_copy],
1506 s5r->io_len - to_copy);
1507 s5r->io_len -= to_copy;
1508 if (s5r->io_len + to_copy == sizeof (s5r->io_buf))
1509 run_mhd_now (s5r->hd); /* got more space for upload now */
1514 /* ************************** main loop of cURL interaction ****************** */
1518 * Task that is run when we are ready to receive more data
1521 * @param cls closure
1524 curl_task_download (void *cls);
1528 * Ask cURL for the select() sets and schedule cURL operations.
1531 curl_download_prepare ()
1538 struct GNUNET_NETWORK_FDSet *grs;
1539 struct GNUNET_NETWORK_FDSet *gws;
1541 struct GNUNET_TIME_Relative rtime;
1543 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1544 "Scheduling CURL interaction\n");
1545 if (NULL != curl_download_task)
1547 GNUNET_SCHEDULER_cancel (curl_download_task);
1548 curl_download_task = NULL;
1554 if (CURLM_OK != (mret = curl_multi_fdset (curl_multi,
1560 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1561 "%s failed at %s:%d: `%s'\n",
1562 "curl_multi_fdset", __FILE__, __LINE__,
1563 curl_multi_strerror (mret));
1567 GNUNET_break (CURLM_OK ==
1568 curl_multi_timeout (curl_multi,
1571 rtime = GNUNET_TIME_UNIT_FOREVER_REL;
1573 rtime = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS,
1577 grs = GNUNET_NETWORK_fdset_create ();
1578 gws = GNUNET_NETWORK_fdset_create ();
1579 GNUNET_NETWORK_fdset_copy_native (grs,
1582 GNUNET_NETWORK_fdset_copy_native (gws,
1585 curl_download_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
1589 &curl_task_download,
1591 GNUNET_NETWORK_fdset_destroy (gws);
1592 GNUNET_NETWORK_fdset_destroy (grs);
1596 curl_download_task = GNUNET_SCHEDULER_add_delayed (rtime,
1597 &curl_task_download,
1604 * Task that is run when we are ready to receive more data from curl.
1606 * @param cls closure, NULL
1609 curl_task_download (void *cls)
1613 struct CURLMsg *msg;
1615 struct Socks5Request *s5r;
1617 curl_download_task = NULL;
1618 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1619 "Running CURL interaction\n");
1623 mret = curl_multi_perform (curl_multi,
1625 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1626 "Checking CURL multi status: %d\n",
1628 while (NULL != (msg = curl_multi_info_read (curl_multi,
1631 GNUNET_break (CURLE_OK ==
1632 curl_easy_getinfo (msg->easy_handle,
1643 /* documentation says this is not used */
1647 switch (msg->data.result)
1650 case CURLE_GOT_NOTHING:
1651 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1652 "CURL download %s%s completed.\n",
1655 if (NULL == s5r->response)
1657 GNUNET_assert (GNUNET_OK ==
1658 create_mhd_response_from_s5r (s5r));
1660 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1661 if (GNUNET_YES == s5r->suspended)
1663 MHD_resume_connection (s5r->con);
1664 s5r->suspended = GNUNET_NO;
1666 run_mhd_now (s5r->hd);
1669 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1670 "Download curl %s%s failed: %s\n",
1673 curl_easy_strerror (msg->data.result));
1674 /* FIXME: indicate error somehow? close MHD connection badly as well? */
1675 s5r->state = SOCKS5_SOCKET_DOWNLOAD_DONE;
1676 if (GNUNET_YES == s5r->suspended)
1678 MHD_resume_connection (s5r->con);
1679 s5r->suspended = GNUNET_NO;
1681 run_mhd_now (s5r->hd);
1684 if (NULL == s5r->response)
1685 s5r->response = curl_failure_response;
1688 /* documentation says this is not used */
1692 /* unexpected status code */
1697 } while (mret == CURLM_CALL_MULTI_PERFORM);
1698 if (CURLM_OK != mret)
1699 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1700 "%s failed at %s:%d: `%s'\n",
1701 "curl_multi_perform", __FILE__, __LINE__,
1702 curl_multi_strerror (mret));
1705 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1706 "Suspending cURL multi loop, no more events pending\n");
1707 if (NULL != curl_download_task)
1709 GNUNET_SCHEDULER_cancel (curl_download_task);
1710 curl_download_task = NULL;
1712 return; /* nothing more in progress */
1714 curl_download_prepare ();
1718 /* ********************************* MHD response generation ******************* */
1722 * Read HTTP request header field from the request. Copies the fields
1723 * over to the 'headers' that will be given to curl. However, 'Host'
1724 * is substituted with the LEHO if present. We also change the
1725 * 'Connection' header value to "close" as the proxy does not support
1728 * @param cls our `struct Socks5Request`
1729 * @param kind value kind
1730 * @param key field key
1731 * @param value field value
1732 * @return #MHD_YES to continue to iterate
1735 con_val_iter (void *cls,
1736 enum MHD_ValueKind kind,
1740 struct Socks5Request *s5r = cls;
1743 if ( (0 == strcasecmp (MHD_HTTP_HEADER_HOST,
1745 (NULL != s5r->leho) )
1747 GNUNET_asprintf (&hdr,
1751 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1752 "Adding HEADER `%s' to HTTP request\n",
1754 s5r->headers = curl_slist_append (s5r->headers,
1762 * Main MHD callback for handling requests.
1765 * @param con MHD connection handle
1766 * @param url the url in the request
1767 * @param meth the HTTP method used ("GET", "PUT", etc.)
1768 * @param ver the HTTP version string (i.e. "HTTP/1.1")
1769 * @param upload_data the data being uploaded (excluding HEADERS,
1770 * for a POST that fits into memory and that is encoded
1771 * with a supported encoding, the POST data will NOT be
1772 * given in upload_data and is instead available as
1773 * part of MHD_get_connection_values; very large POST
1774 * data *will* be made available incrementally in
1776 * @param upload_data_size set initially to the size of the
1777 * @a upload_data provided; the method must update this
1778 * value to the number of bytes NOT processed;
1779 * @param con_cls pointer to location where we store the `struct Request`
1780 * @return #MHD_YES if the connection was handled successfully,
1781 * #MHD_NO if the socket must be closed due to a serious
1782 * error while handling the request
1785 create_response (void *cls,
1786 struct MHD_Connection *con,
1790 const char *upload_data,
1791 size_t *upload_data_size,
1794 struct Socks5Request *s5r = *con_cls;
1796 char ipstring[INET6_ADDRSTRLEN];
1797 char ipaddr[INET6_ADDRSTRLEN + 2];
1798 const struct sockaddr *sa;
1799 const struct sockaddr_in *s4;
1800 const struct sockaddr_in6 *s6;
1810 /* Fresh connection. */
1811 if (SOCKS5_SOCKET_WITH_MHD == s5r->state)
1813 /* first time here, initialize curl handle */
1816 sa = (const struct sockaddr *) &s5r->destination_address;
1817 switch (sa->sa_family)
1820 s4 = (const struct sockaddr_in *) &s5r->destination_address;
1821 if (NULL == inet_ntop (AF_INET,
1829 GNUNET_snprintf (ipaddr,
1833 port = ntohs (s4->sin_port);
1836 s6 = (const struct sockaddr_in6 *) &s5r->destination_address;
1837 if (NULL == inet_ntop (AF_INET6,
1845 GNUNET_snprintf (ipaddr,
1849 port = ntohs (s6->sin6_port);
1860 if (NULL == s5r->curl)
1861 s5r->curl = curl_easy_init ();
1862 if (NULL == s5r->curl)
1863 return MHD_queue_response (con,
1864 MHD_HTTP_INTERNAL_SERVER_ERROR,
1865 curl_failure_response);
1866 curl_easy_setopt (s5r->curl,
1867 CURLOPT_HEADERFUNCTION,
1869 curl_easy_setopt (s5r->curl,
1872 curl_easy_setopt (s5r->curl,
1873 CURLOPT_FOLLOWLOCATION,
1876 curl_easy_setopt (s5r->curl,
1879 curl_easy_setopt (s5r->curl,
1880 CURLOPT_CONNECTTIMEOUT,
1882 curl_easy_setopt (s5r->curl,
1885 curl_easy_setopt (s5r->curl,
1888 curl_easy_setopt (s5r->curl,
1889 CURLOPT_HTTP_CONTENT_DECODING,
1891 curl_easy_setopt (s5r->curl,
1894 curl_easy_setopt (s5r->curl,
1897 curl_easy_setopt (s5r->curl,
1901 * Pre-populate cache to resolve Hostname.
1902 * This is necessary as the DNS name in the CURLOPT_URL is used
1903 * for SNI http://de.wikipedia.org/wiki/Server_Name_Indication
1905 if (NULL != s5r->leho)
1909 GNUNET_asprintf (&curl_hosts,
1914 s5r->hosts = curl_slist_append (NULL,
1916 curl_easy_setopt (s5r->curl,
1919 GNUNET_free (curl_hosts);
1923 GNUNET_asprintf (&curlurl,
1924 (HTTPS_PORT != s5r->port)
1926 : "https://%s:%d%s",
1935 GNUNET_asprintf (&curlurl,
1936 (HTTPS_PORT != s5r->port)
1938 : "https://%s:%d%s",
1943 curl_easy_setopt (s5r->curl,
1946 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1947 "Launching %s CURL interaction, fetching `%s'\n",
1948 (s5r->is_gns) ? "GNS" : "DNS",
1950 GNUNET_free (curlurl);
1951 if (0 == strcasecmp (meth,
1952 MHD_HTTP_METHOD_PUT))
1954 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
1955 curl_easy_setopt (s5r->curl,
1958 curl_easy_setopt (s5r->curl,
1959 CURLOPT_WRITEFUNCTION,
1961 curl_easy_setopt (s5r->curl,
1964 GNUNET_assert (CURLE_OK ==
1965 curl_easy_setopt (s5r->curl,
1966 CURLOPT_READFUNCTION,
1968 curl_easy_setopt (s5r->curl,
1973 long upload_size = 0;
1975 us = MHD_lookup_connection_value (con,
1977 MHD_HTTP_HEADER_CONTENT_LENGTH);
1978 if ( (1 == sscanf (us,
1981 (upload_size >= 0) )
1983 curl_easy_setopt (s5r->curl,
1989 else if (0 == strcasecmp (meth, MHD_HTTP_METHOD_POST))
1991 s5r->state = SOCKS5_SOCKET_UPLOAD_STARTED;
1992 curl_easy_setopt (s5r->curl,
1995 curl_easy_setopt (s5r->curl,
1996 CURLOPT_WRITEFUNCTION,
1998 curl_easy_setopt (s5r->curl,
2001 curl_easy_setopt (s5r->curl,
2002 CURLOPT_READFUNCTION,
2004 curl_easy_setopt (s5r->curl,
2011 us = MHD_lookup_connection_value (con,
2013 MHD_HTTP_HEADER_CONTENT_LENGTH);
2014 if ( (NULL != us) &&
2018 (upload_size >= 0) )
2020 curl_easy_setopt (s5r->curl,
2024 curl_easy_setopt (s5r->curl,
2030 else if (0 == strcasecmp (meth,
2031 MHD_HTTP_METHOD_HEAD))
2033 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2034 curl_easy_setopt (s5r->curl,
2038 else if (0 == strcasecmp (meth,
2039 MHD_HTTP_METHOD_OPTIONS))
2041 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2042 curl_easy_setopt (s5r->curl,
2043 CURLOPT_CUSTOMREQUEST,
2045 curl_easy_setopt (s5r->curl,
2046 CURLOPT_WRITEFUNCTION,
2048 curl_easy_setopt (s5r->curl,
2053 else if (0 == strcasecmp (meth,
2054 MHD_HTTP_METHOD_GET))
2056 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2057 curl_easy_setopt (s5r->curl,
2060 curl_easy_setopt (s5r->curl,
2061 CURLOPT_WRITEFUNCTION,
2063 curl_easy_setopt (s5r->curl,
2067 else if (0 == strcasecmp (meth,
2068 MHD_HTTP_METHOD_DELETE))
2070 s5r->state = SOCKS5_SOCKET_DOWNLOAD_STARTED;
2071 curl_easy_setopt (s5r->curl,
2072 CURLOPT_CUSTOMREQUEST,
2074 curl_easy_setopt (s5r->curl,
2075 CURLOPT_WRITEFUNCTION,
2077 curl_easy_setopt (s5r->curl,
2083 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2084 _("Unsupported HTTP method `%s'\n"),
2086 curl_easy_cleanup (s5r->curl);
2091 if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_0))
2093 curl_easy_setopt (s5r->curl,
2094 CURLOPT_HTTP_VERSION,
2095 CURL_HTTP_VERSION_1_0);
2097 else if (0 == strcasecmp (ver, MHD_HTTP_VERSION_1_1))
2099 curl_easy_setopt (s5r->curl,
2100 CURLOPT_HTTP_VERSION,
2101 CURL_HTTP_VERSION_1_1);
2105 curl_easy_setopt (s5r->curl,
2106 CURLOPT_HTTP_VERSION,
2107 CURL_HTTP_VERSION_NONE);
2110 if (HTTPS_PORT == s5r->port)
2112 curl_easy_setopt (s5r->curl,
2115 if (NULL != s5r->dane_data)
2116 curl_easy_setopt (s5r->curl,
2117 CURLOPT_SSL_VERIFYPEER,
2120 curl_easy_setopt (s5r->curl,
2121 CURLOPT_SSL_VERIFYPEER,
2123 /* Disable cURL checking the hostname, as we will check ourselves
2124 as only we have the domain name or the LEHO or the DANE record */
2125 curl_easy_setopt (s5r->curl,
2126 CURLOPT_SSL_VERIFYHOST,
2131 curl_easy_setopt (s5r->curl,
2137 curl_multi_add_handle (curl_multi,
2141 curl_easy_cleanup (s5r->curl);
2145 MHD_get_connection_values (con,
2149 curl_easy_setopt (s5r->curl,
2152 curl_download_prepare ();
2156 /* continuing to process request */
2157 if (0 != *upload_data_size)
2159 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2160 "Processing %u bytes UPLOAD\n",
2161 (unsigned int) *upload_data_size);
2163 /* FIXME: This must be set or a header with Transfer-Encoding: chunked. Else
2164 * upload callback is not called!
2166 curl_easy_setopt (s5r->curl,
2167 CURLOPT_POSTFIELDSIZE,
2170 left = GNUNET_MIN (*upload_data_size,
2171 sizeof (s5r->io_buf) - s5r->io_len);
2172 GNUNET_memcpy (&s5r->io_buf[s5r->io_len],
2175 s5r->io_len += left;
2176 *upload_data_size -= left;
2177 GNUNET_assert (NULL != s5r->curl);
2178 if (GNUNET_YES == s5r->curl_paused)
2180 s5r->curl_paused = GNUNET_NO;
2181 curl_easy_pause (s5r->curl,
2186 if (SOCKS5_SOCKET_UPLOAD_STARTED == s5r->state)
2188 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2189 "Finished processing UPLOAD\n");
2190 s5r->state = SOCKS5_SOCKET_UPLOAD_DONE;
2192 if (NULL == s5r->response)
2194 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2195 "Waiting for HTTP response for %s%s...\n",
2198 MHD_suspend_connection (con);
2199 s5r->suspended = GNUNET_YES;
2202 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2203 "Queueing response for %s%s with MHD\n",
2206 run_mhd_now (s5r->hd);
2207 return MHD_queue_response (con,
2213 /* ******************** MHD HTTP setup and event loop ******************** */
2217 * Function called when MHD decides that we are done with a request.
2220 * @param connection connection handle
2221 * @param con_cls value as set by the last call to
2222 * the MHD_AccessHandlerCallback, should be our `struct Socks5Request *`
2223 * @param toe reason for request termination (ignored)
2226 mhd_completed_cb (void *cls,
2227 struct MHD_Connection *connection,
2229 enum MHD_RequestTerminationCode toe)
2231 struct Socks5Request *s5r = *con_cls;
2235 if (MHD_REQUEST_TERMINATED_COMPLETED_OK != toe)
2236 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
2237 "MHD encountered error handling request: %d\n",
2239 if (NULL != s5r->curl)
2241 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2242 "Removing cURL handle (MHD interaction complete)\n");
2243 curl_multi_remove_handle (curl_multi,
2245 curl_slist_free_all (s5r->headers);
2246 s5r->headers = NULL;
2247 curl_easy_reset (s5r->curl);
2251 curl_download_prepare ();
2253 if ( (NULL != s5r->response) &&
2254 (curl_failure_response != s5r->response) )
2255 MHD_destroy_response (s5r->response);
2256 for (struct HttpResponseHeader *header = s5r->header_head;
2258 header = s5r->header_head)
2260 GNUNET_CONTAINER_DLL_remove (s5r->header_head,
2263 GNUNET_free (header->type);
2264 GNUNET_free (header->value);
2265 GNUNET_free (header);
2267 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2268 "Finished request for %s\n",
2270 GNUNET_free (s5r->url);
2271 s5r->state = SOCKS5_SOCKET_WITH_MHD;
2273 s5r->response = NULL;
2279 * Function called when MHD connection is opened or closed.
2282 * @param connection connection handle
2283 * @param con_cls value as set by the last call to
2284 * the MHD_AccessHandlerCallback, should be our `struct Socks5Request *`
2285 * @param toe connection notification type
2288 mhd_connection_cb (void *cls,
2289 struct MHD_Connection *connection,
2291 enum MHD_ConnectionNotificationCode cnc)
2293 struct Socks5Request *s5r;
2294 const union MHD_ConnectionInfo *ci;
2299 case MHD_CONNECTION_NOTIFY_STARTED:
2300 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Connection started...\n");
2301 ci = MHD_get_connection_info (connection,
2302 MHD_CONNECTION_INFO_CONNECTION_FD);
2308 sock = ci->connect_fd;
2309 for (s5r = s5r_head; NULL != s5r; s5r = s5r->next)
2311 if (GNUNET_NETWORK_get_fd (s5r->sock) == sock)
2313 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2314 "Context set...\n");
2315 s5r->ssl_checked = GNUNET_NO;
2321 case MHD_CONNECTION_NOTIFY_CLOSED:
2322 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2323 "Connection closed... cleaning up\n");
2327 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2328 "Connection stale!\n");
2332 curl_download_prepare ();
2341 * Function called when MHD first processes an incoming connection.
2342 * Gives us the respective URI information.
2344 * We use this to associate the `struct MHD_Connection` with our
2345 * internal `struct Socks5Request` data structure (by checking
2346 * for matching sockets).
2348 * @param cls the HTTP server handle (a `struct MhdHttpList`)
2349 * @param url the URL that is being requested
2350 * @param connection MHD connection object for the request
2351 * @return the `struct Socks5Request` that this @a connection is for
2354 mhd_log_callback (void *cls,
2356 struct MHD_Connection *connection)
2358 struct Socks5Request *s5r;
2359 const union MHD_ConnectionInfo *ci;
2361 ci = MHD_get_connection_info (connection,
2362 MHD_CONNECTION_INFO_SOCKET_CONTEXT);
2363 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Processing %s\n", url);
2369 s5r = ci->socket_context;
2370 if (NULL != s5r->url)
2375 s5r->url = GNUNET_strdup (url);
2376 if (NULL != s5r->timeout_task)
2378 GNUNET_SCHEDULER_cancel (s5r->timeout_task);
2379 s5r->timeout_task = NULL;
2381 GNUNET_assert (s5r->state == SOCKS5_SOCKET_WITH_MHD);
2387 * Kill the given MHD daemon.
2389 * @param hd daemon to stop
2392 kill_httpd (struct MhdHttpList *hd)
2394 GNUNET_CONTAINER_DLL_remove (mhd_httpd_head,
2397 GNUNET_free_non_null (hd->domain);
2398 MHD_stop_daemon (hd->daemon);
2399 if (NULL != hd->httpd_task)
2401 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2402 hd->httpd_task = NULL;
2404 GNUNET_free_non_null (hd->proxy_cert);
2412 * Task run whenever HTTP server is idle for too long. Kill it.
2414 * @param cls the `struct MhdHttpList *`
2417 kill_httpd_task (void *cls)
2419 struct MhdHttpList *hd = cls;
2421 hd->httpd_task = NULL;
2427 * Task run whenever HTTP server operations are pending.
2429 * @param cls the `struct MhdHttpList *` of the daemon that is being run
2432 do_httpd (void *cls);
2436 * Schedule MHD. This function should be called initially when an
2437 * MHD is first getting its client socket, and will then automatically
2438 * always be called later whenever there is work to be done.
2440 * @param hd the daemon to schedule
2443 schedule_httpd (struct MhdHttpList *hd)
2448 struct GNUNET_NETWORK_FDSet *wrs;
2449 struct GNUNET_NETWORK_FDSet *wws;
2452 MHD_UNSIGNED_LONG_LONG timeout;
2453 struct GNUNET_TIME_Relative tv;
2460 MHD_get_fdset (hd->daemon,
2469 haveto = MHD_get_timeout (hd->daemon,
2471 if (MHD_YES == haveto)
2472 tv.rel_value_us = (uint64_t) timeout * 1000LL;
2474 tv = GNUNET_TIME_UNIT_FOREVER_REL;
2477 wrs = GNUNET_NETWORK_fdset_create ();
2478 wws = GNUNET_NETWORK_fdset_create ();
2479 GNUNET_NETWORK_fdset_copy_native (wrs, &rs, max + 1);
2480 GNUNET_NETWORK_fdset_copy_native (wws, &ws, max + 1);
2487 if (NULL != hd->httpd_task)
2489 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2490 hd->httpd_task = NULL;
2492 if ( (MHD_YES != haveto) &&
2496 /* daemon is idle, kill after timeout */
2497 hd->httpd_task = GNUNET_SCHEDULER_add_delayed (MHD_CACHE_TIMEOUT,
2504 GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
2509 GNUNET_NETWORK_fdset_destroy (wrs);
2511 GNUNET_NETWORK_fdset_destroy (wws);
2516 * Task run whenever HTTP server operations are pending.
2518 * @param cls the `struct MhdHttpList` of the daemon that is being run
2521 do_httpd (void *cls)
2523 struct MhdHttpList *hd = cls;
2525 hd->httpd_task = NULL;
2526 MHD_run (hd->daemon);
2527 schedule_httpd (hd);
2532 * Run MHD now, we have extra data ready for the callback.
2534 * @param hd the daemon to run now.
2537 run_mhd_now (struct MhdHttpList *hd)
2539 if (NULL != hd->httpd_task)
2540 GNUNET_SCHEDULER_cancel (hd->httpd_task);
2541 hd->httpd_task = GNUNET_SCHEDULER_add_now (&do_httpd,
2547 * Read file in filename
2549 * @param filename file to read
2550 * @param size pointer where filesize is stored
2551 * @return NULL on error
2554 load_file (const char* filename,
2561 GNUNET_DISK_file_size (filename,
2566 if (fsize > MAX_PEM_SIZE)
2568 *size = (unsigned int) fsize;
2569 buffer = GNUNET_malloc (*size);
2571 GNUNET_DISK_fn_read (filename,
2575 GNUNET_free (buffer);
2583 * Load PEM key from file
2585 * @param key where to store the data
2586 * @param keyfile path to the PEM file
2587 * @return #GNUNET_OK on success
2590 load_key_from_file (gnutls_x509_privkey_t key,
2591 const char* keyfile)
2593 gnutls_datum_t key_data;
2596 key_data.data = load_file (keyfile,
2598 if (NULL == key_data.data)
2599 return GNUNET_SYSERR;
2600 ret = gnutls_x509_privkey_import (key, &key_data,
2601 GNUTLS_X509_FMT_PEM);
2602 if (GNUTLS_E_SUCCESS != ret)
2604 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2605 _("Unable to import private key from file `%s'\n"),
2608 GNUNET_free_non_null (key_data.data);
2609 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2614 * Load cert from file
2616 * @param crt struct to store data in
2617 * @param certfile path to pem file
2618 * @return #GNUNET_OK on success
2621 load_cert_from_file (gnutls_x509_crt_t crt,
2622 const char* certfile)
2624 gnutls_datum_t cert_data;
2627 cert_data.data = load_file (certfile,
2629 if (NULL == cert_data.data)
2630 return GNUNET_SYSERR;
2631 ret = gnutls_x509_crt_import (crt,
2633 GNUTLS_X509_FMT_PEM);
2634 if (GNUTLS_E_SUCCESS != ret)
2636 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2637 _("Unable to import certificate from `%s'\n"),
2640 GNUNET_free_non_null (cert_data.data);
2641 return (GNUTLS_E_SUCCESS != ret) ? GNUNET_SYSERR : GNUNET_OK;
2646 * Generate new certificate for specific name
2648 * @param name the subject name to generate a cert for
2649 * @return a struct holding the PEM data, NULL on error
2651 static struct ProxyGNSCertificate *
2652 generate_gns_certificate (const char *name)
2654 unsigned int serial;
2655 size_t key_buf_size;
2656 size_t cert_buf_size;
2657 gnutls_x509_crt_t request;
2660 struct ProxyGNSCertificate *pgc;
2662 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2663 "Generating x.509 certificate for `%s'\n",
2665 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
2666 GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request, proxy_ca.key));
2667 pgc = GNUNET_new (struct ProxyGNSCertificate);
2668 gnutls_x509_crt_set_dn_by_oid (request,
2669 GNUTLS_OID_X520_COUNTRY_NAME,
2673 gnutls_x509_crt_set_dn_by_oid (request,
2674 GNUTLS_OID_X520_ORGANIZATION_NAME,
2677 strlen ("GNU Name System"));
2678 gnutls_x509_crt_set_dn_by_oid (request,
2679 GNUTLS_OID_X520_COMMON_NAME,
2683 gnutls_x509_crt_set_subject_alternative_name (request,
2686 GNUNET_break (GNUTLS_E_SUCCESS ==
2687 gnutls_x509_crt_set_version (request,
2689 gnutls_rnd (GNUTLS_RND_NONCE,
2692 gnutls_x509_crt_set_serial (request,
2695 etime = time (NULL);
2696 tm_data = localtime (&etime);
2698 etime = mktime(tm_data);
2699 gnutls_x509_crt_set_activation_time (request,
2702 etime = mktime (tm_data);
2703 gnutls_x509_crt_set_expiration_time (request,
2705 gnutls_x509_crt_sign2 (request,
2710 key_buf_size = sizeof (pgc->key);
2711 cert_buf_size = sizeof (pgc->cert);
2712 gnutls_x509_crt_export (request,
2713 GNUTLS_X509_FMT_PEM,
2716 gnutls_x509_privkey_export (proxy_ca.key,
2717 GNUTLS_X509_FMT_PEM,
2720 gnutls_x509_crt_deinit (request);
2726 * Function called by MHD with errors, suppresses them all.
2728 * @param cls closure
2729 * @param fm format string (`printf()`-style)
2730 * @param ap arguments to @a fm
2733 mhd_error_log_callback (void *cls,
2742 * Lookup (or create) an TLS MHD instance for a particular domain.
2744 * @param domain the domain the TLS daemon has to serve
2745 * @return NULL on error
2747 static struct MhdHttpList *
2748 lookup_ssl_httpd (const char* domain)
2750 struct MhdHttpList *hd;
2751 struct ProxyGNSCertificate *pgc;
2758 for (hd = mhd_httpd_head; NULL != hd; hd = hd->next)
2759 if ( (NULL != hd->domain) &&
2760 (0 == strcmp (hd->domain, domain)) )
2762 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2763 "Starting fresh MHD HTTPS instance for domain `%s'\n",
2765 pgc = generate_gns_certificate (domain);
2766 hd = GNUNET_new (struct MhdHttpList);
2767 hd->is_ssl = GNUNET_YES;
2768 hd->domain = GNUNET_strdup (domain);
2769 hd->proxy_cert = pgc;
2770 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_SSL | MHD_USE_NO_LISTEN_SOCKET | MHD_ALLOW_SUSPEND_RESUME,
2773 &create_response, hd,
2774 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
2775 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
2776 MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL,
2777 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
2778 MHD_OPTION_EXTERNAL_LOGGER, &mhd_error_log_callback, NULL,
2779 MHD_OPTION_HTTPS_MEM_KEY, pgc->key,
2780 MHD_OPTION_HTTPS_MEM_CERT, pgc->cert,
2782 if (NULL == hd->daemon)
2788 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head,
2796 * Task run when a Socks5Request somehow fails to be associated with
2797 * an MHD connection (i.e. because the client never speaks HTTP after
2798 * the SOCKS5 handshake). Clean up.
2800 * @param cls the `struct Socks5Request *`
2803 timeout_s5r_handshake (void *cls)
2805 struct Socks5Request *s5r = cls;
2807 s5r->timeout_task = NULL;
2813 * We're done with the Socks5 protocol, now we need to pass the
2814 * connection data through to the final destination, either
2815 * direct (if the protocol might not be HTTP), or via MHD
2816 * (if the port looks like it should be HTTP).
2818 * @param s5r socks request that has reached the final stage
2821 setup_data_transfer (struct Socks5Request *s5r)
2823 struct MhdHttpList *hd;
2825 const struct sockaddr *addr;
2832 GNUNET_asprintf (&domain,
2835 hd = lookup_ssl_httpd (domain);
2838 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2839 _("Failed to start HTTPS server for `%s'\n"),
2842 GNUNET_free (domain);
2849 GNUNET_assert (NULL != httpd);
2853 fd = GNUNET_NETWORK_get_fd (s5r->sock);
2854 addr = GNUNET_NETWORK_get_addr (s5r->sock);
2855 len = GNUNET_NETWORK_get_addrlen (s5r->sock);
2856 s5r->state = SOCKS5_SOCKET_WITH_MHD;
2858 MHD_add_connection (hd->daemon,
2863 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
2864 _("Failed to pass client to MHD\n"));
2866 GNUNET_free_non_null (domain);
2870 schedule_httpd (hd);
2871 s5r->timeout_task = GNUNET_SCHEDULER_add_delayed (HTTP_HANDSHAKE_TIMEOUT,
2872 &timeout_s5r_handshake,
2874 GNUNET_free_non_null (domain);
2878 /* ********************* SOCKS handling ************************* */
2882 * Write data from buffer to socks5 client, then continue with state machine.
2884 * @param cls the closure with the `struct Socks5Request`
2887 do_write (void *cls)
2889 struct Socks5Request *s5r = cls;
2893 len = GNUNET_NETWORK_socket_send (s5r->sock,
2898 /* write error: connection closed, shutdown, etc.; just clean up */
2899 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
2906 s5r->wbuf_len - len);
2907 s5r->wbuf_len -= len;
2908 if (s5r->wbuf_len > 0)
2910 /* not done writing */
2912 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2918 /* we're done writing, continue with state machine! */
2925 case SOCKS5_REQUEST:
2926 GNUNET_assert (NULL != s5r->rtask);
2928 case SOCKS5_DATA_TRANSFER:
2929 setup_data_transfer (s5r);
2931 case SOCKS5_WRITE_THEN_CLEANUP:
2942 * Return a server response message indicating a failure to the client.
2944 * @param s5r request to return failure code for
2945 * @param sc status code to return
2948 signal_socks_failure (struct Socks5Request *s5r,
2949 enum Socks5StatusCode sc)
2951 struct Socks5ServerResponseMessage *s_resp;
2953 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
2954 memset (s_resp, 0, sizeof (struct Socks5ServerResponseMessage));
2955 s_resp->version = SOCKS_VERSION_5;
2957 s5r->state = SOCKS5_WRITE_THEN_CLEANUP;
2958 if (NULL != s5r->wtask)
2960 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2967 * Return a server response message indicating success.
2969 * @param s5r request to return success status message for
2972 signal_socks_success (struct Socks5Request *s5r)
2974 struct Socks5ServerResponseMessage *s_resp;
2976 s_resp = (struct Socks5ServerResponseMessage *) &s5r->wbuf[s5r->wbuf_len];
2977 s_resp->version = SOCKS_VERSION_5;
2978 s_resp->reply = SOCKS5_STATUS_REQUEST_GRANTED;
2979 s_resp->reserved = 0;
2980 s_resp->addr_type = SOCKS5_AT_IPV4;
2981 /* zero out IPv4 address and port */
2984 sizeof (struct in_addr) + sizeof (uint16_t));
2985 s5r->wbuf_len += sizeof (struct Socks5ServerResponseMessage) +
2986 sizeof (struct in_addr) + sizeof (uint16_t);
2987 if (NULL == s5r->wtask)
2989 GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
2996 * Process GNS results for target domain.
2998 * @param cls the `struct Socks5Request *`
2999 * @param tld #GNUNET_YES if this was a GNS TLD.
3000 * @param rd_count number of records returned
3001 * @param rd record data
3004 handle_gns_result (void *cls,
3007 const struct GNUNET_GNSRECORD_Data *rd)
3009 struct Socks5Request *s5r = cls;
3010 const struct GNUNET_GNSRECORD_Data *r;
3013 s5r->gns_lookup = NULL;
3016 for (uint32_t i=0;i<rd_count;i++)
3019 switch (r->record_type)
3021 case GNUNET_DNSPARSER_TYPE_A:
3023 struct sockaddr_in *in;
3025 if (sizeof (struct in_addr) != r->data_size)
3027 GNUNET_break_op (0);
3030 if (GNUNET_YES == got_ip)
3033 GNUNET_NETWORK_test_pf (PF_INET))
3035 got_ip = GNUNET_YES;
3036 in = (struct sockaddr_in *) &s5r->destination_address;
3037 in->sin_family = AF_INET;
3038 GNUNET_memcpy (&in->sin_addr,
3041 in->sin_port = htons (s5r->port);
3042 #if HAVE_SOCKADDR_IN_SIN_LEN
3043 in->sin_len = sizeof (*in);
3047 case GNUNET_DNSPARSER_TYPE_AAAA:
3049 struct sockaddr_in6 *in;
3051 if (sizeof (struct in6_addr) != r->data_size)
3053 GNUNET_break_op (0);
3056 if (GNUNET_YES == got_ip)
3058 if (GNUNET_YES == disable_v6)
3061 GNUNET_NETWORK_test_pf (PF_INET6))
3063 /* FIXME: allow user to disable IPv6 per configuration option... */
3064 got_ip = GNUNET_YES;
3065 in = (struct sockaddr_in6 *) &s5r->destination_address;
3066 in->sin6_family = AF_INET6;
3067 GNUNET_memcpy (&in->sin6_addr,
3070 in->sin6_port = htons (s5r->port);
3071 #if HAVE_SOCKADDR_IN_SIN_LEN
3072 in->sin6_len = sizeof (*in);
3076 case GNUNET_GNSRECORD_TYPE_VPN:
3077 GNUNET_break (0); /* should have been translated within GNS */
3079 case GNUNET_GNSRECORD_TYPE_LEHO:
3080 GNUNET_free_non_null (s5r->leho);
3081 s5r->leho = GNUNET_strndup (r->data,
3084 case GNUNET_GNSRECORD_TYPE_BOX:
3086 const struct GNUNET_GNSRECORD_BoxRecord *box;
3088 if (r->data_size < sizeof (struct GNUNET_GNSRECORD_BoxRecord))
3090 GNUNET_break_op (0);
3094 if ( (ntohl (box->record_type) != GNUNET_DNSPARSER_TYPE_TLSA) ||
3095 (ntohs (box->protocol) != IPPROTO_TCP) ||
3096 (ntohs (box->service) != s5r->port) )
3097 break; /* BOX record does not apply */
3098 if (s5r->num_danes >= MAX_DANES)
3100 GNUNET_break (0); /* MAX_DANES too small */
3103 s5r->dane_data_len[s5r->num_danes]
3104 = r->data_size - sizeof (struct GNUNET_GNSRECORD_BoxRecord);
3105 s5r->dane_data[s5r->num_danes]
3106 = GNUNET_memdup (&box[1],
3107 s5r->dane_data_len[s5r->num_danes]);
3116 if ( (GNUNET_YES != got_ip) &&
3117 (GNUNET_YES == tld) )
3119 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3120 "Name resolution failed to yield useful IP address.\n");
3121 signal_socks_failure (s5r,
3122 SOCKS5_STATUS_GENERAL_FAILURE);
3125 s5r->state = SOCKS5_DATA_TRANSFER;
3126 signal_socks_success (s5r);
3131 * Remove the first @a len bytes from the beginning of the read buffer.
3133 * @param s5r the handle clear the read buffer for
3134 * @param len number of bytes in read buffer to advance
3137 clear_from_s5r_rbuf (struct Socks5Request *s5r,
3140 GNUNET_assert (len <= s5r->rbuf_len);
3143 s5r->rbuf_len - len);
3144 s5r->rbuf_len -= len;
3149 * Read data from incoming Socks5 connection
3151 * @param cls the closure with the `struct Socks5Request`
3154 do_s5r_read (void *cls)
3156 struct Socks5Request *s5r = cls;
3157 const struct Socks5ClientHelloMessage *c_hello;
3158 struct Socks5ServerHelloMessage *s_hello;
3159 const struct Socks5ClientRequestMessage *c_req;
3162 const struct GNUNET_SCHEDULER_TaskContext *tc;
3165 tc = GNUNET_SCHEDULER_get_task_context ();
3166 if ( (NULL != tc->read_ready) &&
3167 (GNUNET_NETWORK_fdset_isset (tc->read_ready,
3170 rlen = GNUNET_NETWORK_socket_recv (s5r->sock,
3171 &s5r->rbuf[s5r->rbuf_len],
3172 sizeof (s5r->rbuf) - s5r->rbuf_len);
3175 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3176 "socks5 client disconnected.\n");
3180 s5r->rbuf_len += rlen;
3182 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3185 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3186 "Processing %zu bytes of socks data in state %d\n",
3192 c_hello = (const struct Socks5ClientHelloMessage*) &s5r->rbuf;
3193 if ( (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage)) ||
3194 (s5r->rbuf_len < sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods) )
3195 return; /* need more data */
3196 if (SOCKS_VERSION_5 != c_hello->version)
3198 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3199 _("Unsupported socks version %d\n"),
3200 (int) c_hello->version);
3204 clear_from_s5r_rbuf (s5r,
3205 sizeof (struct Socks5ClientHelloMessage) + c_hello->num_auth_methods);
3206 GNUNET_assert (0 == s5r->wbuf_len);
3207 s_hello = (struct Socks5ServerHelloMessage *) &s5r->wbuf;
3208 s5r->wbuf_len = sizeof (struct Socks5ServerHelloMessage);
3209 s_hello->version = SOCKS_VERSION_5;
3210 s_hello->auth_method = SOCKS_AUTH_NONE;
3211 GNUNET_assert (NULL == s5r->wtask);
3212 s5r->wtask = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
3215 s5r->state = SOCKS5_REQUEST;
3217 case SOCKS5_REQUEST:
3218 c_req = (const struct Socks5ClientRequestMessage *) &s5r->rbuf;
3219 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage))
3221 switch (c_req->command)
3223 case SOCKS5_CMD_TCP_STREAM:
3227 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3228 _("Unsupported socks command %d\n"),
3229 (int) c_req->command);
3230 signal_socks_failure (s5r,
3231 SOCKS5_STATUS_COMMAND_NOT_SUPPORTED);
3234 switch (c_req->addr_type)
3236 case SOCKS5_AT_IPV4:
3238 const struct in_addr *v4 = (const struct in_addr *) &c_req[1];
3239 const uint16_t *port = (const uint16_t *) &v4[1];
3240 struct sockaddr_in *in;
3242 s5r->port = ntohs (*port);
3243 alen = sizeof (struct in_addr);
3244 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3245 alen + sizeof (uint16_t))
3246 return; /* need more data */
3247 in = (struct sockaddr_in *) &s5r->destination_address;
3248 in->sin_family = AF_INET;
3250 in->sin_port = *port;
3251 #if HAVE_SOCKADDR_IN_SIN_LEN
3252 in->sin_len = sizeof (*in);
3254 s5r->state = SOCKS5_DATA_TRANSFER;
3257 case SOCKS5_AT_IPV6:
3259 const struct in6_addr *v6 = (const struct in6_addr *) &c_req[1];
3260 const uint16_t *port = (const uint16_t *) &v6[1];
3261 struct sockaddr_in6 *in;
3263 s5r->port = ntohs (*port);
3264 alen = sizeof (struct in6_addr);
3265 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3266 alen + sizeof (uint16_t))
3267 return; /* need more data */
3268 in = (struct sockaddr_in6 *) &s5r->destination_address;
3269 in->sin6_family = AF_INET6;
3270 in->sin6_addr = *v6;
3271 in->sin6_port = *port;
3272 #if HAVE_SOCKADDR_IN_SIN_LEN
3273 in->sin6_len = sizeof (*in);
3275 s5r->state = SOCKS5_DATA_TRANSFER;
3278 case SOCKS5_AT_DOMAINNAME:
3280 const uint8_t *dom_len;
3281 const char *dom_name;
3282 const uint16_t *port;
3284 dom_len = (const uint8_t *) &c_req[1];
3285 alen = *dom_len + 1;
3286 if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
3287 alen + sizeof (uint16_t))
3288 return; /* need more data */
3289 dom_name = (const char *) &dom_len[1];
3290 port = (const uint16_t*) &dom_name[*dom_len];
3291 s5r->domain = GNUNET_strndup (dom_name,
3293 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3294 "Requested connection is to http%s://%s:%d\n",
3295 (HTTPS_PORT == s5r->port) ? "s" : "",
3298 s5r->state = SOCKS5_RESOLVING;
3299 s5r->port = ntohs (*port);
3300 s5r->gns_lookup = GNUNET_GNS_lookup_with_tld (gns_handle,
3302 GNUNET_DNSPARSER_TYPE_A,
3303 GNUNET_NO /* only cached */,
3309 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3310 _("Unsupported socks address type %d\n"),
3311 (int) c_req->addr_type);
3312 signal_socks_failure (s5r,
3313 SOCKS5_STATUS_ADDRESS_TYPE_NOT_SUPPORTED);
3316 clear_from_s5r_rbuf (s5r,
3317 sizeof (struct Socks5ClientRequestMessage) +
3318 alen + sizeof (uint16_t));
3319 if (0 != s5r->rbuf_len)
3321 /* read more bytes than healthy, why did the client send more!? */
3322 GNUNET_break_op (0);
3323 signal_socks_failure (s5r,
3324 SOCKS5_STATUS_GENERAL_FAILURE);
3327 if (SOCKS5_DATA_TRANSFER == s5r->state)
3329 /* if we are not waiting for GNS resolution, signal success */
3330 signal_socks_success (s5r);
3332 /* We are done reading right now */
3333 GNUNET_SCHEDULER_cancel (s5r->rtask);
3336 case SOCKS5_RESOLVING:
3339 case SOCKS5_DATA_TRANSFER:
3350 * Accept new incoming connections
3352 * @param cls the closure with the lsock4 or lsock6
3353 * @param tc the scheduler context
3356 do_accept (void *cls)
3358 struct GNUNET_NETWORK_Handle *lsock = cls;
3359 struct GNUNET_NETWORK_Handle *s;
3360 struct Socks5Request *s5r;
3362 GNUNET_assert (NULL != lsock);
3363 if (lsock == lsock4)
3364 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3368 else if (lsock == lsock6)
3369 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3375 s = GNUNET_NETWORK_socket_accept (lsock,
3380 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3384 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3385 "Got an inbound connection, waiting for data\n");
3386 s5r = GNUNET_new (struct Socks5Request);
3387 GNUNET_CONTAINER_DLL_insert (s5r_head,
3391 s5r->state = SOCKS5_INIT;
3392 s5r->rtask = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3399 /* ******************* General / main code ********************* */
3403 * Task run on shutdown
3405 * @param cls closure
3408 do_shutdown (void *cls)
3410 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
3411 "Shutting down...\n");
3412 /* MHD requires resuming before destroying the daemons */
3413 for (struct Socks5Request *s5r = s5r_head;
3419 s5r->suspended = GNUNET_NO;
3420 MHD_resume_connection (s5r->con);
3423 while (NULL != mhd_httpd_head)
3424 kill_httpd (mhd_httpd_head);
3425 while (NULL != s5r_head)
3426 cleanup_s5r (s5r_head);
3429 GNUNET_NETWORK_socket_close (lsock4);
3434 GNUNET_NETWORK_socket_close (lsock6);
3437 if (NULL != curl_multi)
3439 curl_multi_cleanup (curl_multi);
3442 if (NULL != gns_handle)
3444 GNUNET_GNS_disconnect (gns_handle);
3447 if (NULL != curl_download_task)
3449 GNUNET_SCHEDULER_cancel (curl_download_task);
3450 curl_download_task = NULL;
3454 GNUNET_SCHEDULER_cancel (ltask4);
3459 GNUNET_SCHEDULER_cancel (ltask6);
3462 gnutls_x509_crt_deinit (proxy_ca.cert);
3463 gnutls_x509_privkey_deinit (proxy_ca.key);
3464 gnutls_global_deinit ();
3469 * Create an IPv4 listen socket bound to our port.
3471 * @return NULL on error
3473 static struct GNUNET_NETWORK_Handle *
3476 struct GNUNET_NETWORK_Handle *ls;
3477 struct sockaddr_in sa4;
3480 memset (&sa4, 0, sizeof (sa4));
3481 sa4.sin_family = AF_INET;
3482 sa4.sin_port = htons (port);
3483 #if HAVE_SOCKADDR_IN_SIN_LEN
3484 sa4.sin_len = sizeof (sa4);
3486 ls = GNUNET_NETWORK_socket_create (AF_INET,
3492 GNUNET_NETWORK_socket_bind (ls,
3493 (const struct sockaddr *) &sa4,
3497 GNUNET_NETWORK_socket_close (ls);
3506 * Create an IPv6 listen socket bound to our port.
3508 * @return NULL on error
3510 static struct GNUNET_NETWORK_Handle *
3513 struct GNUNET_NETWORK_Handle *ls;
3514 struct sockaddr_in6 sa6;
3517 memset (&sa6, 0, sizeof (sa6));
3518 sa6.sin6_family = AF_INET6;
3519 sa6.sin6_port = htons (port);
3520 #if HAVE_SOCKADDR_IN_SIN_LEN
3521 sa6.sin6_len = sizeof (sa6);
3523 ls = GNUNET_NETWORK_socket_create (AF_INET6,
3529 GNUNET_NETWORK_socket_bind (ls,
3530 (const struct sockaddr *) &sa6,
3534 GNUNET_NETWORK_socket_close (ls);
3543 * Main function that will be run
3545 * @param cls closure
3546 * @param args remaining command-line arguments
3547 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
3548 * @param c configuration
3553 const char *cfgfile,
3554 const struct GNUNET_CONFIGURATION_Handle *c)
3556 char* cafile_cfg = NULL;
3558 struct MhdHttpList *hd;
3562 if (NULL == (curl_multi = curl_multi_init ()))
3564 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3565 "Failed to create cURL multi handle!\n");
3568 cafile = cafile_opt;
3572 GNUNET_CONFIGURATION_get_value_filename (cfg,
3577 GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
3582 cafile = cafile_cfg;
3584 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3585 "Using `%s' as CA\n",
3588 gnutls_global_init ();
3589 gnutls_x509_crt_init (&proxy_ca.cert);
3590 gnutls_x509_privkey_init (&proxy_ca.key);
3593 load_cert_from_file (proxy_ca.cert,
3596 load_key_from_file (proxy_ca.key,
3599 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3600 _("Failed to load X.509 key and certificate from `%s'\n"),
3602 gnutls_x509_crt_deinit (proxy_ca.cert);
3603 gnutls_x509_privkey_deinit (proxy_ca.key);
3604 gnutls_global_deinit ();
3605 GNUNET_free_non_null (cafile_cfg);
3608 GNUNET_free_non_null (cafile_cfg);
3609 if (NULL == (gns_handle = GNUNET_GNS_connect (cfg)))
3611 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3612 "Unable to connect to GNS!\n");
3613 gnutls_x509_crt_deinit (proxy_ca.cert);
3614 gnutls_x509_privkey_deinit (proxy_ca.key);
3615 gnutls_global_deinit ();
3618 GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
3621 /* Open listen socket for socks proxy */
3622 lsock6 = bind_v6 ();
3625 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3631 GNUNET_NETWORK_socket_listen (lsock6,
3634 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3636 GNUNET_NETWORK_socket_close (lsock6);
3641 ltask6 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3647 lsock4 = bind_v4 ();
3650 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3656 GNUNET_NETWORK_socket_listen (lsock4,
3659 GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
3661 GNUNET_NETWORK_socket_close (lsock4);
3666 ltask4 = GNUNET_SCHEDULER_add_read_net (GNUNET_TIME_UNIT_FOREVER_REL,
3672 if ( (NULL == lsock4) &&
3675 GNUNET_SCHEDULER_shutdown ();
3678 if (0 != curl_global_init (CURL_GLOBAL_WIN32))
3680 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
3681 "cURL global init failed!\n");
3682 GNUNET_SCHEDULER_shutdown ();
3685 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
3686 "Proxy listens on port %u\n",
3687 (unsigned int) port);
3689 /* start MHD daemon for HTTP */
3690 hd = GNUNET_new (struct MhdHttpList);
3691 hd->daemon = MHD_start_daemon (MHD_USE_DEBUG | MHD_USE_NO_LISTEN_SOCKET | MHD_ALLOW_SUSPEND_RESUME,
3694 &create_response, hd,
3695 MHD_OPTION_CONNECTION_TIMEOUT, (unsigned int) 16,
3696 MHD_OPTION_NOTIFY_COMPLETED, &mhd_completed_cb, NULL,
3697 MHD_OPTION_NOTIFY_CONNECTION, &mhd_connection_cb, NULL,
3698 MHD_OPTION_URI_LOG_CALLBACK, &mhd_log_callback, NULL,
3700 if (NULL == hd->daemon)
3703 GNUNET_SCHEDULER_shutdown ();
3707 GNUNET_CONTAINER_DLL_insert (mhd_httpd_head,
3714 * The main function for gnunet-gns-proxy.
3716 * @param argc number of arguments from the command line
3717 * @param argv command line arguments
3718 * @return 0 ok, 1 on error
3724 struct GNUNET_GETOPT_CommandLineOption options[] = {
3725 GNUNET_GETOPT_option_uint16 ('p',
3728 gettext_noop ("listen on specified port (default: 7777)"),
3730 GNUNET_GETOPT_option_string ('a',
3733 gettext_noop ("pem file to use as CA"),
3735 GNUNET_GETOPT_option_flag ('6',
3737 gettext_noop ("disable use of IPv6"),
3740 GNUNET_GETOPT_OPTION_END
3742 static const char* page =
3743 "<html><head><title>gnunet-gns-proxy</title>"
3744 "</head><body>cURL fail</body></html>";
3748 GNUNET_STRINGS_get_utf8_args (argc, argv,
3751 GNUNET_log_setup ("gnunet-gns-proxy",
3754 curl_failure_response
3755 = MHD_create_response_from_buffer (strlen (page),
3757 MHD_RESPMEM_PERSISTENT);
3761 GNUNET_PROGRAM_run (argc, argv,
3763 _("GNUnet GNS proxy"),
3765 &run, NULL)) ? 0 : 1;
3766 MHD_destroy_response (curl_failure_response);
3767 GNUNET_free_non_null ((char *) argv);
3771 /* end of gnunet-gns-proxy.c */